Agent configuration files

The agent uses two configuration files, deployed in <OSVCETC>.

node.conf

This configuration file contains:

  • The collector authentication token
  • The agent tasks schedules and options
  • Asset information pushed to the collector

This file can be left empty or non-existant if no collector communications are required and the default agent tasks schedules and options are adequate.

The agent ensures this file is not world-writable.

Template

#
# Template etc/node.conf
#
#   This configuration file describes node-wide parameters.
#
#   This file can be left empty except for node.host_mode. The sync
#   schedule is autogenerated, based on the schedules described in the
#   sync#* resources defined in the service configurations. So no
#   sync schedule should be explicitely defined here.
#
#   The internal schedule default for  push actions is:
#     push actions          00:00-06:00@361 mon-sun
#     sync actions          04:00-06:00@121 mon-sun
#     compliance actions    02:00-06:00@241 sun
#     inventory actions     none
#
#   Schedule parameters details:
#     [!]  [ [ []]]
#
#     !
#        desc: exclusion pattern. ommiting the ! implies an inclusion
#              pattern
#
#      := [,]
#        := :@
#            := :
#          
#            type: integer
#            unit: minutes
#
#      := [-][,[-]]
#         := [:]
#          
#             * iso week day format
#               type: integer between 0 and 6
#             * literal format
#               type: string in ("mon", "tue", "wed", "thu", "fri", "sat",
#                     "sun", "monday", "tuesday", "wednesday", "thursday",
#                     "friday", "saturday", "sunday")
#           :=  | + | - | 
#             
#               type: integer
#             
#               type: string in ("first", "1st", "second", "2nd", "third",
#                     "3rd", "fourth", "4th", "fifth", "5th", "last")
#
#      := [-][,[-]]
#        
#          type: integer between 1 and 53
#
#      := [,]
#         := [-] | 
#          
#            * numeric month format
#              type: integer between 1 and 12
#            * literal format
#              type: string in ("jan", "feb", "mar", "apr", "may", "jun",
#                    "jul", "aug", "sep", "oct", "nov", "dec", "january",
#                    "february", "march", "april", "may", "june", "july",
#                    "august", "september", "october", "november",
#                    "december")
#           := %[+]
#            
#              type: integer
#            
#              type: integer
#
# Example schedule:
# * schedule = 16:00-17:00@1 sat:last,tue-mon:last * %2+1,feb-apr
#
#   reads as "once a minute between 16:00 and 17:00 on last monday,
#   tuesday and saturday of every even months plus february and
#   april".
#
# * schedule = ["06:00-07:00@61 *:1,-1", "! * * * feb"]
#
#   reads as "once between 6 and 7am every first and last day of every
#   month except february".
#

[node]
#
# A PRD host mode will only allow PRD services to run. A not-PRD mode
# allows any service to run.
#
;host_mode = DEV

#
# DEPRECATED
#
# The team responsible set here will is no longer pushed to the collector's
# asset table to not allow the agent to see objects owned by the
# team freely chosen.
#
;team_responsible = Homies

#
# The clusters this node is a member of. If the node is member of a
# single cluster, the services inherit from the clustername. Otherwise,
# each service can set its own cluster name using the 'cluster' service
# parameter. This parameter is optional.
#
;clusters = clu1 clu2

#
# You can optionally define asset information. They will be pushed to the
# collector, so that the compliance ruleset can use this information just
# after opensvc is bootstraped.
#
# A postinstall workflow would look like this: 
#
#   vanilla install
#   install opensvc
#   nodemgr set --param node.loc_city = Paris
#   nodemgr set --param node.team_responsible = Homies
#   nodemgr pushasset --force
#   nodemgr compliance attach moduleset --moduleset sys.core
#   nodemgr compliance fix
#
;loc_country = France
;loc_city = Paris
;loc_zip = 75017
;loc_addr = 7 rue blanche
;loc_building = crystal
;loc_floor = 21
;loc_room = 102
;loc_rack = R42

#
# Set the uri of the collectors' xmlrpc servers
# The path path of the url can be left unspecified.
# If dbcompliance is not set, its value is deduced from dbopensvc.
#
;dbopensvc = https://collector.opensvc.com
;dbopensvc = https://collector.opensvc.com/feed/default/call/xmlrpc
;dbcompliance = https://collector.opensvc.com/init/compliance/call/xmlrpc

#
# 'repo'
#   Set the uri of the opensvc agent package repository and compliance
#   modules gzipped tarball repository. This parameter is used by
#   'nodemgr updatepkg' and 'nodemgr updatecomp' commands
#
# ROOT
# +- compliance
#  +- compliance.tar.gz
#  +- current -> compliance.tar.gz
# +- packages
#  +- deb
#  +- depot
#  +- pkg
#  +- rpms
#   +- current -> opensvc-1.4-49.rpm
#   +- opensvc-1.4-48.rpm
#   +- opensvc-1.4-49.rpm
#   +- opensvc-1.4-50.rpm
#  +- tbz
#
;repo = http://opensvc.repo.corp

#
# 'repopkg'
#   Set the uri of the opensvc agent package repository. This parameter
#   is used by'nodemgr updatepkg' command. The repository file tree must
#   be organized as:
#
# ROOT
# +- deb
# +- depot
# +- pkg
# +- rpms
#  +- current -> opensvc-1.4-49.rpm
#  +- opensvc-1.4-48.rpm
#  +- opensvc-1.4-49.rpm
#  +- opensvc-1.4-50.rpm
# +- tbz
#
;repopkg = http://repo.opensvc.com

#
# 'repocomp'
#   Set the uri of the opensvc compliance modules gzipped tarbal repository.
#   This parameter is used by'nodemgr updatecomp' command.
#
# ROOT
# +- compliance.tar.gz
# +- current -> compliance.tar.gz
#
;repocomp = http://repo.opensvc.com

#
# 'ruser'
#   Set the remote user to use to login to a remote node with ssh and
#   rsync. The remote user must have the privileges to run as root the
#   following commands on the remote node:
#    - nodemgr
#    - svcmgr
#    - rsync
#   The default ruser is root for all nodes. ruser accepts a list of
#   user[@node] ... If @node is ommited, user is considered the new
#   default user
#
;ruser = opensvc
;ruser = root opensvc@node1
;ruser = usr1@node1 usr2@node2 usr3@node3

#
# Schedule parameters for the 'compliance check' node action
#
[compliance]
;schedule = 00:00-23:59@1440 sat,sun

#
# 'auto_update'
#   Boolean. Default False.
#   If set to True, and if the execution context indicates a scheduled run,
#   execute 'updatecomp' upon 'compliance check'. 
#   This toggle helps keep the compliance modules in sync with the reference
#   repository. Beware of the security impact of this setting: you must be
#   careful your module repository is kept secure from malevolents.
#
;auto_update = False

[stats]
;schedule = @59
;disable = blockdev, mem_u

[checks]
;schedule = @119

[packages]
;schedule = @1440 sun

[patches]
;schedule = @1440 sun

[asset]
;schedule = 04:00-06:00@120

[nsr]
;schedule = 04:00-06:00@120

[dcs]
;schedule = 04:00-06:00@120

[hds]
;schedule = 04:00-06:00@120

[necism]
;schedule = 04:00-06:00@120

[eva]
;schedule = 04:00-06:00@120

[ibmsvc]
;schedule = 04:00-06:00@120

[vioserver]
;schedule = 04:00-06:00@120

[brocade]
;schedule = 04:00-06:00@120

[disks]
;schedule = 04:00-06:00@120

[sym]
;schedule = 04:00-06:00@120

[svcconf]
;schedule = 04:00-06:00@120

[appinfo]
;schedule = @119

[rotate_root_pw]
;schedule = 04:00-06:00@120 sun

#
# In pull action mode, the collector sends a tcp packet to the server
# to notify there are actions to unqueue. The system's inetd sysstem
# must be configured to execute "nodemgr dequeue actions" upon
# receive. The listener.port parameter send to the collector's asset
# table the port the collector should use to notify.
#
[listener]
port = 1214

[syslog]
#
# The facility to log to. Defaults to "user".
#
facility = user

#
# The host and port to log to. If neither host nor port are specified
# and if /dev/log exists, the messages are posted to /dev/log.
# If host is set but port is not, port defaults to 514
# If port is set bit host is not, host defaults to 514
#
;host = localhost
;port = 514

[stats_collection]
;schedule = @10

[reboot]
#
# A command to execute before reboot. Errors are ignored.
#
;pre = logger foo

#
# A command to execute before reboot. Errors abort to reboot.
#
;blocking_pre = ls /foo

auth.conf

This configuration file contains authentication options and tokens for tiers infrastructure components. This information is used by the inventoring and provisioning drivers.

The agent ensures this file is not world-writable nor world-writable.

Template

#
# This configuration file hosts in a single place all infrastructure
# access credentials.
#
# The agent ensure this file is not world-readable.
#
# Each infrastructure element has its own section, with a 'type'
# parameter specifying its driver.
#

#############################################################################
#
# Symmetrix array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = symmetrix

#
# param: symcli_path
# desc:  optional. if the lookup function fails to automatically
#        find the symcli bin path, this parameter can be used to
#        specify one.
#
symcli_path = /opt/symcli/bin

#
# param: symcli_connect
# desc:  only required for TCP/IP access. the name of the connection as
#        configured in the symcli netcnfg file.
#
symcli_connect = MYCONN

#
# param: username
# desc:  only required for authenticated TCP/IP access. the username used
#        to login.
#
username = me

#
# param: password
# desc:  only required for authenticated TCP/IP access. the password used
#        to login.
#
password = mypass


#############################################################################
#
# Centera array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = centera

#
# param: java_bin
# desc:  required. the fullpath of the java binary to use to run the centera
#        CLI tool.
#
java_bin = /opt/java/bin/java

#
# param: jcass_dir
# desc:  required. the directory hosting the centera CLI libs.
#
jcass_dir = /opt/centera/LIB

#
# param: server
# desc:  required. the centera admin server to log to.
#
server = centera1

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass


#############################################################################
#
# Netapp array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = netapp

#
# param: server
# desc:  required. the netapp server to log to.
#
server = netapp1

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: key
# desc:  required. the fullpath of the ssh private key, trusted on the netapp
#        array, used to connect to the array.
#
key = /root/.ssh/id_rsa


#############################################################################
#
# VNX array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = emcvnx

#
# param:   method
# desc:    required. the method used to login.
# default: secfile
# candidates:
#  * secfile: use credentials stored in the navisphere standard location.
#  * credentials: use username/password set in this section.
#
method = credentials

#
# param: spa
# desc:  required. the "A" Service Processor.
#
spa = vnx1a

#
# param: spb
# desc:  required. the "B" Service Processor.
#
spb = vnx1b

#
# param: scope
# desc:  the domain to parse.
# default:  0 (ie local)
#
scope = 0

#
# param: username
# desc:  required with method=credentials. the username used to login.
#
username = me

#
# param: password
# desc:  required with method=credentials. the password used to login.
#
password = mypass


#############################################################################
#
# 3par array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = hp3par

#
# param:   method
# desc:    required. the method used to connect the manager.
# default: ssh
# candidates:
#  * ssh: use username/key to connect the manager.
#  * cli: use username/password with the CLI tool to connect the manager.
#  * proxy: use a opensvc command filtering proxy.
#
method = ssh

#
# param: manager
# desc:  required. the name of the 3par manager server or opensvc proxy.
#
manager = hp3parmanager

#
# param: username
# desc:  required with method=ssh. the username used to login.
#
username = me

#
# param: key
# desc:  required with method=ssh. the ssh private key used to connect the
#        manager.
#
key = /root/.ssh/id_rsa

#
# param: pwf
# desc:  required with method=cli. the password file used to connect the
#        manager through the CLI tool.
#
pwf = /root/hp3par.pwf

#
# param: cli
# desc:  optional with method=cli. the fullpath of the CLI tool executable.
#        if not specified, the 'cli' executable is searched in the PATH.
#
cli = /opt/hp3par/bin/cli

#############################################################################
#
# hds array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = hds

#
# param: array
# desc:  required. a whitespace separated list of array ids.
#
array = HM700.20123 R700.2345

#
# param: url
# desc:  required. the url of the manager API.
#
url = https://hdsmanager/

#
# param: bin
# desc:  optional. the fullpath of the CLI tool executable.
#        if not specified, the 'HiCommandCLI' executable is searched in the
#        PATH.
#
cli = /opt/hds/bin/HiCommandCLI

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass

#
# param: jre_path
# desc:  optional. the fullpath of the preferred Java Runtime to use to
#        execute HiCommandCli. if set, this value is exported as the
#        HDVM_CLI_JRE_PATH environment variable.
#
jre_path = /opt/java/bin


#############################################################################
#
# freenas array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = freenas

#
# param: api
# desc:  required. the freenas api url.
#
api = https://freenas.opensvc.com/api/v1.0

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass


#############################################################################
#
# xtremio array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = xtremio

#
# param: api
# desc:  required. the array api url.
#
api = https://xtremio1.opensvc.com/

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass


#############################################################################
#
# brocade SAN switch
#
# This section is necessary for inventoring.
#
[]
type = brocade

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required if key is not set. the password used to login.
#
password = mypass

#
# param: key
# desc:  required if password is not set. the fullpath of the ssh private
#        key, trusted on the switch, used to login.
#
key = /root/.ssh/id_rsa