Installed Items

Directories

The agent file organization follows the Filesystem Hierarchy Standard guidelines on Unix. On Windows the package installs all files under %%ProgramFiles%%\opensvc\ (This directory is referred to as <OSVCROOT> in this documentation).

The package installs the following directory tree:

Git Workspace or Windows Package Unix Packages Reference in docs
<OSVCROOT>/   <OSVCROOT>
<OSVCROOT>/etc /etc/opensvc <OSVCETC>
<OSVCROOT>/tmp /var/tmp/opensvc <OSVCTMP>
<OSVCROOT>/bin /usr/share/opensvc/bin <OSVCBIN>
<OSVCROOT>/var /var/lib/opensvc <OSVCVAR>
<OSVCROOT>/usr/share/doc /usr/share/doc/opensvc <OSVCDOC>
<OSVCROOT>/lib /usr/share/opensvc/lib <OSVCLIB>
<OSVCROOT>/log /var/log/opensvc <OSVCLOG>

Items Role

Path Description
<OSVCETC> Hosts service, node and cluster configurations
<OSVCTMP> Temporary, discardable files
<OSVCBIN> Executables like svcmon, svcmgr
<OSVCBIN>/pkg Executables to create package and optional, site-specific, release scripts (none shipped in the opensvc-provided packages)
<OSVCVAR>/lock Where executables create the lock-files used to ensure two actions can not run simultaneously on the same service.
<OSVCDOC> Embedded documentation. Most importantly the service resources and node configuration reference files, documenting all possible parameters.
<OSVCLIB> Python source code for the core and resource drivers.
<OSVCLOG> Per-service, local, size-rotated, delay-rotated log files. All logs are also multiplexed to stdout and to the collector via xmlrpc, and optionally multiplexed to syslog.

Configuration Files

The agent uses two configuration files, deployed in <OSVCETC>.

<PATHETC>/node.conf

This configuration file contains:

  • The collector authentication token
  • The agent tasks schedules and options
  • Asset information pushed to the collector
  • The cluster and heartbeat configurations

This file can be left empty or non-existant if no collector communications are required and the default agent tasks schedules and options are adequate.

The agent ensures this file is not world-writable.

Template

#
# Template etc/node.conf
#
#   This configuration file describes node-wide parameters.
#
#   This file can be left empty except for node.host_mode. The sync
#   schedule is autogenerated, based on the schedules described in the
#   sync#* resources defined in the service configurations. So no
#   sync schedule should be explicitely defined here.
#
#   The internal schedule default for push actions is:
#     push actions          00:00-06:00@361 mon-sun
#     sync actions          04:00-06:00@121 mon-sun
#     compliance actions    02:00-06:00@241 sun
#     inventory actions     none
#
#   Schedule parameters details:
#     [!]  [ [ []]]
#
#     !
#        desc: exclusion pattern. ommiting the ! implies an inclusion
#              pattern
#
#      := [,]
#        := :@
#            := :
#          
#            type: integer
#            unit: minutes
#
#      := [-][,[-]]
#         := [:]
#          
#             * iso week day format
#               type: integer between 0 and 6
#             * literal format
#               type: string in ("mon", "tue", "wed", "thu", "fri", "sat",
#                     "sun", "monday", "tuesday", "wednesday", "thursday",
#                     "friday", "saturday", "sunday")
#           :=  | + | - | 
#             
#               type: integer
#             
#               type: string in ("first", "1st", "second", "2nd", "third",
#                     "3rd", "fourth", "4th", "fifth", "5th", "last")
#
#      := [-][,[-]]
#        
#          type: integer between 1 and 53
#
#      := [,]
#         := [-] | 
#          
#            * numeric month format
#              type: integer between 1 and 12
#            * literal format
#              type: string in ("jan", "feb", "mar", "apr", "may", "jun",
#                    "jul", "aug", "sep", "oct", "nov", "dec", "january",
#                    "february", "march", "april", "may", "june", "july",
#                    "august", "september", "october", "november",
#                    "december")
#           := %[+]
#            
#              type: integer
#            
#              type: integer
#
# Example schedule:
# * schedule = 16:00-17:00@1 sat:last,tue-mon:last * %2+1,feb-apr
#
#   reads as "once a minute between 16:00 and 17:00 on last monday,
#   tuesday and saturday of every even months plus february and
#   april".
#
# * schedule = ["06:00-07:00@61 *:1,-1", "! * * * feb"]
#
#   reads as "once between 6 and 7am every first and last day of every
#   month except february".
#

[node]
#
# A PRD env only allows PRD services to run. A not-PRD env allows any
# services to run.
#
;env = DEV

#
# Allow a maximum of  subprocesses to run simultaneously
# on "svcmgr --parallel " commands. Defaults to 10.
#
;max_parallel = 5

#
# You can optionally define asset information. They will be pushed to the
# collector, so that the compliance ruleset can use this information just
# after opensvc is bootstraped.
#
# A postinstall workflow would look like this: 
#
#   vanilla install
#   install opensvc
#   om node set --param node.loc_city = Paris
#   om node set --param node.team_responsible = Homies
#   om node pushasset --force
#   om node compliance attach moduleset --moduleset sys.core
#   om node compliance fix
#
;loc_country = France
;loc_city = Paris
;loc_zip = 75017
;loc_addr = 7 rue blanche
;loc_building = crystal
;loc_floor = 21
;loc_room = 102
;loc_rack = R42

#
# Set the uri of the collectors' xmlrpc servers
# The path path of the url can be left unspecified.
# If dbcompliance is not set, its value is deduced from dbopensvc.
#
;dbopensvc = https://collector.opensvc.com
;dbopensvc = https://collector.opensvc.com/feed/default/call/xmlrpc
;dbcompliance = https://collector.opensvc.com/init/compliance/call/xmlrpc

#
# 'branch'
#   Set the targeted opensvc agent branch. The downloaded upgrades will
#   honor that branch.
#   The default is 'not set', which means the repopkg imposes the target
#   branch, which is not recommended with a public repopkg.
#
;branch = 1.9

#
# 'repo'
#   Set the uri of the opensvc agent package repository and compliance
#   modules gzipped tarball repository. This parameter is used by
#   'om node updatepkg' and 'om node updatecomp' commands
#
# ROOT
# +- compliance
#  +- compliance.tar.gz
#  +- current -> compliance.tar.gz
# +- packages
#  +- deb
#  +- depot
#  +- pkg
#  +- rpms
#   +- current -> opensvc-1.4-49.rpm
#   +- opensvc-1.4-48.rpm
#   +- opensvc-1.4-49.rpm
#   +- opensvc-1.4-50.rpm
#  +- tbz
#
;repo = http://opensvc.repo.corp

#
# 'repopkg'
#   Set the uri of the opensvc agent package repository. This parameter
#   is used by'om node updatepkg' command. The repository file tree must
#   be organized as:
#
# ROOT
# +- deb
# +- depot
# +- pkg
# +- rpms
#  +- current -> opensvc-1.4-49.rpm
#  +- opensvc-1.4-48.rpm
#  +- opensvc-1.4-49.rpm
#  +- opensvc-1.4-50.rpm
# +- tbz
#
;repopkg = http://repo.opensvc.com

#
# 'repocomp'
#   Set the uri of the opensvc compliance modules gzipped tarbal repository.
#   This parameter is used by'om node updatecomp' command.
#
# ROOT
# +- compliance.tar.gz
# +- current -> compliance.tar.gz
#
;repocomp = http://repo.opensvc.com

#
# 'ruser'
#   Set the remote user to use to login to a remote node with ssh and
#   rsync. The remote user must have the privileges to run as root the
#   following commands on the remote node:
#    - nodemgr
#    - svcmgr
#    - rsync
#   The default ruser is root for all nodes. ruser accepts a list of
#   user[@node] ... If @node is ommited, user is considered the new
#   default user
#
;ruser = opensvc
;ruser = root opensvc@node1
;ruser = usr1@node1 usr2@node2 usr3@node3

#
# 'maintenance_grace_period'
#   A duration expression, like 1h30m, defining how long the daemon retains
#   a remote in-maintenance node data. As long as the remote node data are
#   retained, the local daemon won't opt-in to takeover its running instances.
#   This parameter should be adjusted to span the node reboot time, so the
#   services have a chance to be restarted on the same node if their
#   placement was optimal.
#   The default is 60s.
#
maintenance_grace_period = 60

#
# 'rejoin_grace_period'
#   A duration expression, like 90m, defining how long the daemon restrains
#   from taking start decisions if no heartbeat has been received from a
#   peer since daemon startup.
#
rejoin_grace_period = 90

#
# Schedule parameters for the 'compliance check' node action
#
[compliance]
;schedule = 00:00-23:59@1440 sat,sun

#
# 'auto_update'
#   Boolean. Default False.
#   If set to True, and if the execution context indicates a scheduled run,
#   execute 'updatecomp' upon 'compliance check'. 
#   This toggle helps keep the compliance modules in sync with the reference
#   repository. Beware of the security impact of this setting: you must be
#   careful your module repository is kept secure from malevolents.
#
;auto_update = False

[stats]
;schedule = @60
;disable = blockdev, mem_u

[checks]
;schedule = @120

[packages]
;schedule = @1440 sun

[patches]
;schedule = @1440 sun

[asset]
;schedule = 04:00-05:59@120

[nsr]
;schedule = 04:00-05:59@120

[dcs]
;schedule = 04:00-05:59@120

[hds]
;schedule = 04:00-05:59@120

[necism]
;schedule = 04:00-05:59@120

[eva]
;schedule = 04:00-05:59@120

[ibmsvc]
;schedule = 04:00-05:59@120

[vioserver]
;schedule = 04:00-05:59@120

[brocade]
;schedule = 04:00-05:59@120

[disks]
;schedule = 04:00-05:59@120

[sym]
;schedule = 04:00-05:59@120

[svcconf]
;schedule = 04:00-05:59@120

[appinfo]
;schedule = @120

[rotate_root_pw]
;schedule = 04:00-05:59@120 sun

#
# In pull action mode, the collector sends a tcp packet to the server
# to notify there are actions to unqueue. The system's inetd sysstem
# must be configured to execute "om node dequeue actions" upon
# receive. The listener.port parameter is sent to the collector upon
# pushasset. The collector uses this port to notify the node.
#
[listener]
addr = 0.0.0.0
port = 1214

[syslog]
#
# The facility to log to. Defaults to "user".
#
facility = user

#
# The host and port to log to. If neither host nor port are specified
# and if /dev/log exists, the messages are posted to /dev/log.
# If host is set but port is not, port defaults to 514
# If port is set bit host is not, host defaults to 514
#
;host = localhost
;port = 514

[stats_collection]
;schedule = @10

[reboot]
#
# A command to execute before reboot. Errors are ignored.
#
;pre = logger foo

#
# A command to execute before reboot. Errors abort to reboot.
#
;blocking_pre = ls /foo


[cluster]
#
# The cluster name.
# This information is fetched from the join command payload received from the
# joined node.
#
;name = cluster1

#
# The cluster shared secret. Used to encrypt/decrypt data with AES256.
# This secret is either autogenerated or fetched from a join command.
#
;secret = 12331241421412412

#
# The cluster nodes list.
# This list is fetched from the join command payload received from the
# joined node.
#
;nodes = node1 node2 node3


[hb#0]
;type = unicast
#
# The ip address of each node. Defaults to 0.0.0.0 for listening and to
# the resolved nodename for sending.
#
;addr@node1 = 1.2.3.4
;addr@node2 = 1.2.3.5

#
# The interface to bind. Defaults the any interface chosen by the system for
# the address.
#
;intf@node1 = eth0
;intf = eth1

#
# The port for each node to send to or listen on. Defaults to 1214.
#
;port@node1 = 1215
;port = 1214

#
# The delay since the last received heartbeat from a node before considering
# this node is gone. 
#
;timeout = 15

[hb#1]
;type = multicast

#
# The multicast address to send to and listen on.
#
;addr = 224.3.29.71

#
# The interface to bind. Defaults the any interface chosen by the system for
# the address.
#
;intf@node1 = eth0
;intf = eth1

#
# The multicast port to send to and listen on.
#
;port = 10001

#
# The delay since the last received heartbeat from a node before considering
# this node is gone. 
#
;timeout = 15


[hb#2]
;type = disk

#
# The device to write the hearbeats to and read from. It must be dedicated to
# the daemon use. Its size should be 1M + 1M per cluster node.
#
;dev = /dev/mapper/31231321231231241241343141243

#
# The delay since the last written heartbeat from a node before considering
# this node is gone. 
#
;timeout = 15

[stonith#node1]
cmd = /bin/true