Installed Items¶
Directories¶
The agent file organization follows the Filesystem Hierarchy Standard guidelines on Unix. On Windows the package installs all files under %%ProgramFiles%%\opensvc\
(This directory is referred to as <OSVCROOT>
in this documentation).
The package installs the following directory tree:
Git Workspace or Windows Package | Unix Packages | Reference in docs |
---|---|---|
<OSVCROOT>/ |
<OSVCROOT> |
|
<OSVCROOT>/etc |
/etc/opensvc |
<OSVCETC> |
<OSVCROOT>/tmp |
/var/tmp/opensvc |
<OSVCTMP> |
<OSVCROOT>/bin |
/usr/share/opensvc/bin |
<OSVCBIN> |
<OSVCROOT>/var |
/var/lib/opensvc |
<OSVCVAR> |
<OSVCROOT>/usr/share/doc |
/usr/share/doc/opensvc |
<OSVCDOC> |
<OSVCROOT>/lib |
/usr/share/opensvc/lib |
<OSVCLIB> |
<OSVCROOT>/log |
/var/log/opensvc |
<OSVCLOG> |
Items Role¶
Path | Description |
---|---|
<OSVCETC> |
Hosts service, node and cluster configurations |
<OSVCTMP> |
Temporary, discardable files |
<OSVCBIN> |
Executables like svcmon, svcmgr |
<OSVCBIN>/pkg |
Executables to create package and optional, site-specific, release scripts (none shipped in the opensvc-provided packages) |
<OSVCVAR>/lock |
Where executables create the lock-files used to ensure two actions can not run simultaneously on the same service. |
<OSVCDOC> |
Embedded documentation. Most importantly the service resources and node configuration reference files, documenting all possible parameters. |
<OSVCLIB> |
Python source code for the core and resource drivers. |
<OSVCLOG> |
Per-service, local, size-rotated, delay-rotated log files. All logs are also multiplexed to stdout and to the collector via xmlrpc, and optionally multiplexed to syslog. |
Configuration Files¶
The agent uses two configuration files, deployed in <OSVCETC>
.
<PATHETC>/node.conf¶
This configuration file contains:
- The collector authentication token
- The agent tasks schedules and options
- Asset information pushed to the collector
- The cluster and heartbeat configurations
This file can be left empty or non-existant if no collector communications are required and the default agent tasks schedules and options are adequate.
The agent ensures this file is not world-writable.
Template¶
#
# Template etc/node.conf
#
# This configuration file describes node-wide parameters.
#
# This file can be left empty except for node.host_mode. The sync
# schedule is autogenerated, based on the schedules described in the
# sync#* resources defined in the service configurations. So no
# sync schedule should be explicitely defined here.
#
# The internal schedule default for push actions is:
# push actions 00:00-06:00@361 mon-sun
# sync actions 04:00-06:00@121 mon-sun
# compliance actions 02:00-06:00@241 sun
# inventory actions none
#
# Schedule parameters details:
# [!] [ [ []]]
#
# !
# desc: exclusion pattern. ommiting the ! implies an inclusion
# pattern
#
# := [,]
# := :@
# := :
#
# type: integer
# unit: minutes
#
# := [-][,[-]]
# := [:]
#
# * iso week day format
# type: integer between 0 and 6
# * literal format
# type: string in ("mon", "tue", "wed", "thu", "fri", "sat",
# "sun", "monday", "tuesday", "wednesday", "thursday",
# "friday", "saturday", "sunday")
# := | + | - |
#
# type: integer
#
# type: string in ("first", "1st", "second", "2nd", "third",
# "3rd", "fourth", "4th", "fifth", "5th", "last")
#
# := [-][,[-]]
#
# type: integer between 1 and 53
#
# := [,]
# := [-] |
#
# * numeric month format
# type: integer between 1 and 12
# * literal format
# type: string in ("jan", "feb", "mar", "apr", "may", "jun",
# "jul", "aug", "sep", "oct", "nov", "dec", "january",
# "february", "march", "april", "may", "june", "july",
# "august", "september", "october", "november",
# "december")
# := %[+]
#
# type: integer
#
# type: integer
#
# Example schedule:
# * schedule = 16:00-17:00@1 sat:last,tue-mon:last * %2+1,feb-apr
#
# reads as "once a minute between 16:00 and 17:00 on last monday,
# tuesday and saturday of every even months plus february and
# april".
#
# * schedule = ["06:00-07:00@61 *:1,-1", "! * * * feb"]
#
# reads as "once between 6 and 7am every first and last day of every
# month except february".
#
[node]
#
# A PRD env only allows PRD services to run. A not-PRD env allows any
# services to run.
#
;env = DEV
#
# Allow a maximum of subprocesses to run simultaneously
# on "svcmgr --parallel " commands. Defaults to 10.
#
;max_parallel = 5
#
# You can optionally define asset information. They will be pushed to the
# collector, so that the compliance ruleset can use this information just
# after opensvc is bootstraped.
#
# A postinstall workflow would look like this:
#
# vanilla install
# install opensvc
# om node set --param node.loc_city = Paris
# om node set --param node.team_responsible = Homies
# om node pushasset --force
# om node compliance attach moduleset --moduleset sys.core
# om node compliance fix
#
;loc_country = France
;loc_city = Paris
;loc_zip = 75017
;loc_addr = 7 rue blanche
;loc_building = crystal
;loc_floor = 21
;loc_room = 102
;loc_rack = R42
#
# Set the uri of the collectors' xmlrpc servers
# The path path of the url can be left unspecified.
# If dbcompliance is not set, its value is deduced from dbopensvc.
#
;dbopensvc = https://collector.opensvc.com
;dbopensvc = https://collector.opensvc.com/feed/default/call/xmlrpc
;dbcompliance = https://collector.opensvc.com/init/compliance/call/xmlrpc
#
# 'branch'
# Set the targeted opensvc agent branch. The downloaded upgrades will
# honor that branch.
# The default is 'not set', which means the repopkg imposes the target
# branch, which is not recommended with a public repopkg.
#
;branch = 1.9
#
# 'repo'
# Set the uri of the opensvc agent package repository and compliance
# modules gzipped tarball repository. This parameter is used by
# 'om node updatepkg' and 'om node updatecomp' commands
#
# ROOT
# +- compliance
# +- compliance.tar.gz
# +- current -> compliance.tar.gz
# +- packages
# +- deb
# +- depot
# +- pkg
# +- rpms
# +- current -> opensvc-1.4-49.rpm
# +- opensvc-1.4-48.rpm
# +- opensvc-1.4-49.rpm
# +- opensvc-1.4-50.rpm
# +- tbz
#
;repo = http://opensvc.repo.corp
#
# 'repopkg'
# Set the uri of the opensvc agent package repository. This parameter
# is used by'om node updatepkg' command. The repository file tree must
# be organized as:
#
# ROOT
# +- deb
# +- depot
# +- pkg
# +- rpms
# +- current -> opensvc-1.4-49.rpm
# +- opensvc-1.4-48.rpm
# +- opensvc-1.4-49.rpm
# +- opensvc-1.4-50.rpm
# +- tbz
#
;repopkg = http://repo.opensvc.com
#
# 'repocomp'
# Set the uri of the opensvc compliance modules gzipped tarbal repository.
# This parameter is used by'om node updatecomp' command.
#
# ROOT
# +- compliance.tar.gz
# +- current -> compliance.tar.gz
#
;repocomp = http://repo.opensvc.com
#
# 'ruser'
# Set the remote user to use to login to a remote node with ssh and
# rsync. The remote user must have the privileges to run as root the
# following commands on the remote node:
# - nodemgr
# - svcmgr
# - rsync
# The default ruser is root for all nodes. ruser accepts a list of
# user[@node] ... If @node is ommited, user is considered the new
# default user
#
;ruser = opensvc
;ruser = root opensvc@node1
;ruser = usr1@node1 usr2@node2 usr3@node3
#
# 'maintenance_grace_period'
# A duration expression, like 1h30m, defining how long the daemon retains
# a remote in-maintenance node data. As long as the remote node data are
# retained, the local daemon won't opt-in to takeover its running instances.
# This parameter should be adjusted to span the node reboot time, so the
# services have a chance to be restarted on the same node if their
# placement was optimal.
# The default is 60s.
#
maintenance_grace_period = 60
#
# 'rejoin_grace_period'
# A duration expression, like 90m, defining how long the daemon restrains
# from taking start decisions if no heartbeat has been received from a
# peer since daemon startup.
#
rejoin_grace_period = 90
#
# Schedule parameters for the 'compliance check' node action
#
[compliance]
;schedule = 00:00-23:59@1440 sat,sun
#
# 'auto_update'
# Boolean. Default False.
# If set to True, and if the execution context indicates a scheduled run,
# execute 'updatecomp' upon 'compliance check'.
# This toggle helps keep the compliance modules in sync with the reference
# repository. Beware of the security impact of this setting: you must be
# careful your module repository is kept secure from malevolents.
#
;auto_update = False
[stats]
;schedule = @60
;disable = blockdev, mem_u
[checks]
;schedule = @120
[packages]
;schedule = @1440 sun
[patches]
;schedule = @1440 sun
[asset]
;schedule = 04:00-05:59@120
[nsr]
;schedule = 04:00-05:59@120
[dcs]
;schedule = 04:00-05:59@120
[hds]
;schedule = 04:00-05:59@120
[necism]
;schedule = 04:00-05:59@120
[eva]
;schedule = 04:00-05:59@120
[ibmsvc]
;schedule = 04:00-05:59@120
[vioserver]
;schedule = 04:00-05:59@120
[brocade]
;schedule = 04:00-05:59@120
[disks]
;schedule = 04:00-05:59@120
[sym]
;schedule = 04:00-05:59@120
[svcconf]
;schedule = 04:00-05:59@120
[appinfo]
;schedule = @120
[rotate_root_pw]
;schedule = 04:00-05:59@120 sun
#
# In pull action mode, the collector sends a tcp packet to the server
# to notify there are actions to unqueue. The system's inetd sysstem
# must be configured to execute "om node dequeue actions" upon
# receive. The listener.port parameter is sent to the collector upon
# pushasset. The collector uses this port to notify the node.
#
[listener]
addr = 0.0.0.0
port = 1214
[syslog]
#
# The facility to log to. Defaults to "user".
#
facility = user
#
# The host and port to log to. If neither host nor port are specified
# and if /dev/log exists, the messages are posted to /dev/log.
# If host is set but port is not, port defaults to 514
# If port is set bit host is not, host defaults to 514
#
;host = localhost
;port = 514
[stats_collection]
;schedule = @10
[reboot]
#
# A command to execute before reboot. Errors are ignored.
#
;pre = logger foo
#
# A command to execute before reboot. Errors abort to reboot.
#
;blocking_pre = ls /foo
[cluster]
#
# The cluster name.
# This information is fetched from the join command payload received from the
# joined node.
#
;name = cluster1
#
# The cluster shared secret. Used to encrypt/decrypt data with AES256.
# This secret is either autogenerated or fetched from a join command.
#
;secret = 12331241421412412
#
# The cluster nodes list.
# This list is fetched from the join command payload received from the
# joined node.
#
;nodes = node1 node2 node3
[hb#0]
;type = unicast
#
# The ip address of each node. Defaults to 0.0.0.0 for listening and to
# the resolved nodename for sending.
#
;addr@node1 = 1.2.3.4
;addr@node2 = 1.2.3.5
#
# The interface to bind. Defaults the any interface chosen by the system for
# the address.
#
;intf@node1 = eth0
;intf = eth1
#
# The port for each node to send to or listen on. Defaults to 1214.
#
;port@node1 = 1215
;port = 1214
#
# The delay since the last received heartbeat from a node before considering
# this node is gone.
#
;timeout = 15
[hb#1]
;type = multicast
#
# The multicast address to send to and listen on.
#
;addr = 224.3.29.71
#
# The interface to bind. Defaults the any interface chosen by the system for
# the address.
#
;intf@node1 = eth0
;intf = eth1
#
# The multicast port to send to and listen on.
#
;port = 10001
#
# The delay since the last received heartbeat from a node before considering
# this node is gone.
#
;timeout = 15
[hb#2]
;type = disk
#
# The device to write the hearbeats to and read from. It must be dedicated to
# the daemon use. Its size should be 1M + 1M per cluster node.
#
;dev = /dev/mapper/31231321231231241241343141243
#
# The delay since the last written heartbeat from a node before considering
# this node is gone.
#
;timeout = 15
[stonith#node1]
cmd = /bin/true