Installed Items

Directories

The agent file organization follows the Filesystem Hierarchy Standard guidelines on Unix. On Windows the package installs all files under %%ProgramFiles%%\opensvc\ (This directory is referred to as <OSVCROOT> in this documentation).

The package installs the following directory tree:

Git Workspace or Windows Package Unix Packages Reference in docs
<OSVCROOT>/   <OSVCROOT>
<OSVCROOT>/etc /etc/opensvc <OSVCETC>
<OSVCROOT>/tmp /var/tmp/opensvc <OSVCTMP>
<OSVCROOT>/bin /usr/share/opensvc/bin <OSVCBIN>
<OSVCROOT>/var /var/lib/opensvc <OSVCVAR>
<OSVCROOT>/usr/share/doc /usr/share/doc/opensvc <OSVCDOC>
<OSVCROOT>/lib /usr/share/opensvc/lib <OSVCLIB>
<OSVCROOT>/log /var/log/opensvc <OSVCLOG>

Items Role

Path Description
<OSVCETC>

Configurations des services

<OSVCTMP>

Fichiers temporaires et effaçables

<OSVCBIN>

Fichiers exécutables, dont svcmon et svcmgr

<OSVCBIN>/pkg

Fichiers exécutables dédiés à la création des paquets, et, éventuellement, les scripts d'intégration aux dépots (aucun n'est livré dans les paquets fournis par OpenSVC).

<OSVCVAR>/sync

Où les noeuds de production d'un cluster archivent leurs configurations. Ces archives sont utilisées en cas d'activation d'un plan de reprise sur sinistre pour restaurer des configurations spécifiques aux noeuds de production.

<OSVCVAR>/lock

Où les exécutables créent leurs fichiers-verrous utilisés pour garantir que deux actions ne sont pas exécutées simultanéement sur le même service.

<OSVCDOC> Embedded documentation. Most importantly the service resources and node configuration reference files, documenting all possible parameters.
<OSVCLIB> Python source code for the core and resource drivers.
<OSVCLOG> Per-service, local, size-rotated, delay-rotated log files. All logs are also multiplexed to stdout and to the collector via xmlrpc, and optionally multiplexed to syslog.

Configuration Files

The agent uses two configuration files, deployed in <OSVCETC>.

<PATHETC>/node.conf

This configuration file contains:

  • The collector authentication token
  • The agent tasks schedules and options
  • Asset information pushed to the collector
  • The cluster and heartbeat configurations

This file can be left empty or non-existant if no collector communications are required and the default agent tasks schedules and options are adequate.

The agent ensures this file is not world-writable.

Template

#
# Template etc/node.conf
#
#   This configuration file describes node-wide parameters.
#
#   This file can be left empty except for node.host_mode. The sync
#   schedule is autogenerated, based on the schedules described in the
#   sync#* resources defined in the service configurations. So no
#   sync schedule should be explicitely defined here.
#
#   The internal schedule default for  push actions is:
#     push actions          00:00-06:00@361 mon-sun
#     sync actions          04:00-06:00@121 mon-sun
#     compliance actions    02:00-06:00@241 sun
#     inventory actions     none
#
#   Schedule parameters details:
#     [!]  [ [ []]]
#
#     !
#        desc: exclusion pattern. ommiting the ! implies an inclusion
#              pattern
#
#      := [,]
#        := :@
#            := :
#          
#            type: integer
#            unit: minutes
#
#      := [-][,[-]]
#         := [:]
#          
#             * iso week day format
#               type: integer between 0 and 6
#             * literal format
#               type: string in ("mon", "tue", "wed", "thu", "fri", "sat",
#                     "sun", "monday", "tuesday", "wednesday", "thursday",
#                     "friday", "saturday", "sunday")
#           :=  | + | - | 
#             
#               type: integer
#             
#               type: string in ("first", "1st", "second", "2nd", "third",
#                     "3rd", "fourth", "4th", "fifth", "5th", "last")
#
#      := [-][,[-]]
#        
#          type: integer between 1 and 53
#
#      := [,]
#         := [-] | 
#          
#            * numeric month format
#              type: integer between 1 and 12
#            * literal format
#              type: string in ("jan", "feb", "mar", "apr", "may", "jun",
#                    "jul", "aug", "sep", "oct", "nov", "dec", "january",
#                    "february", "march", "april", "may", "june", "july",
#                    "august", "september", "october", "november",
#                    "december")
#           := %[+]
#            
#              type: integer
#            
#              type: integer
#
# Example schedule:
# * schedule = 16:00-17:00@1 sat:last,tue-mon:last * %2+1,feb-apr
#
#   reads as "once a minute between 16:00 and 17:00 on last monday,
#   tuesday and saturday of every even months plus february and
#   april".
#
# * schedule = ["06:00-07:00@61 *:1,-1", "! * * * feb"]
#
#   reads as "once between 6 and 7am every first and last day of every
#   month except february".
#

[node]
#
# A PRD env only allows PRD services to run. A not-PRD env allows any
# services to run.
#
;env = DEV

#
# Allow a maximum of  subprocesses to run simultaneously
# on "svcmgr --parallel " commands. Defaults to 10.
#
;max_parallel = 5

#
# You can optionally define asset information. They will be pushed to the
# collector, so that the compliance ruleset can use this information just
# after opensvc is bootstraped.
#
# A postinstall workflow would look like this: 
#
#   vanilla install
#   install opensvc
#   nodemgr set --param node.loc_city = Paris
#   nodemgr set --param node.team_responsible = Homies
#   nodemgr pushasset --force
#   nodemgr compliance attach moduleset --moduleset sys.core
#   nodemgr compliance fix
#
;loc_country = France
;loc_city = Paris
;loc_zip = 75017
;loc_addr = 7 rue blanche
;loc_building = crystal
;loc_floor = 21
;loc_room = 102
;loc_rack = R42

#
# Set the uri of the collectors' xmlrpc servers
# The path path of the url can be left unspecified.
# If dbcompliance is not set, its value is deduced from dbopensvc.
#
;dbopensvc = https://collector.opensvc.com
;dbopensvc = https://collector.opensvc.com/feed/default/call/xmlrpc
;dbcompliance = https://collector.opensvc.com/init/compliance/call/xmlrpc

#
# 'repo'
#   Set the uri of the opensvc agent package repository and compliance
#   modules gzipped tarball repository. This parameter is used by
#   'nodemgr updatepkg' and 'nodemgr updatecomp' commands
#
# ROOT
# +- compliance
#  +- compliance.tar.gz
#  +- current -> compliance.tar.gz
# +- packages
#  +- deb
#  +- depot
#  +- pkg
#  +- rpms
#   +- current -> opensvc-1.4-49.rpm
#   +- opensvc-1.4-48.rpm
#   +- opensvc-1.4-49.rpm
#   +- opensvc-1.4-50.rpm
#  +- tbz
#
;repo = http://opensvc.repo.corp

#
# 'repopkg'
#   Set the uri of the opensvc agent package repository. This parameter
#   is used by'nodemgr updatepkg' command. The repository file tree must
#   be organized as:
#
# ROOT
# +- deb
# +- depot
# +- pkg
# +- rpms
#  +- current -> opensvc-1.4-49.rpm
#  +- opensvc-1.4-48.rpm
#  +- opensvc-1.4-49.rpm
#  +- opensvc-1.4-50.rpm
# +- tbz
#
;repopkg = http://repo.opensvc.com

#
# 'repocomp'
#   Set the uri of the opensvc compliance modules gzipped tarbal repository.
#   This parameter is used by'nodemgr updatecomp' command.
#
# ROOT
# +- compliance.tar.gz
# +- current -> compliance.tar.gz
#
;repocomp = http://repo.opensvc.com

#
# 'ruser'
#   Set the remote user to use to login to a remote node with ssh and
#   rsync. The remote user must have the privileges to run as root the
#   following commands on the remote node:
#    - nodemgr
#    - svcmgr
#    - rsync
#   The default ruser is root for all nodes. ruser accepts a list of
#   user[@node] ... If @node is ommited, user is considered the new
#   default user
#
;ruser = opensvc
;ruser = root opensvc@node1
;ruser = usr1@node1 usr2@node2 usr3@node3

#
# 'maintenance_grace_period'
#   A duration expression, like 1h30m, defining how long the daemon retains
#   a remote in-maintenance node data. As long as the remote node data are
#   retained, the local daemon won't opt-in to takeover its running instances.
#   This parameter should be adjusted to span the node reboot time, so the
#   services have a chance to be restarted on the same node if their
#   placement was optimal.
#   The default is 60s.
#
maintenance_grace_period = 60

#
# 'rejoin_grace_period'
#   A duration expression, like 90m, defining how long the daemon restrains
#   from taking start decisions if no heartbeat has been received from a
#   peer since daemon startup.
#
rejoin_grace_period = 90

#
# Schedule parameters for the 'compliance check' node action
#
[compliance]
;schedule = 00:00-23:59@1440 sat,sun

#
# 'auto_update'
#   Boolean. Default False.
#   If set to True, and if the execution context indicates a scheduled run,
#   execute 'updatecomp' upon 'compliance check'. 
#   This toggle helps keep the compliance modules in sync with the reference
#   repository. Beware of the security impact of this setting: you must be
#   careful your module repository is kept secure from malevolents.
#
;auto_update = False

[stats]
;schedule = @59
;disable = blockdev, mem_u

[checks]
;schedule = @119

[packages]
;schedule = @1440 sun

[patches]
;schedule = @1440 sun

[asset]
;schedule = 04:00-06:00@120

[nsr]
;schedule = 04:00-06:00@120

[dcs]
;schedule = 04:00-06:00@120

[hds]
;schedule = 04:00-06:00@120

[necism]
;schedule = 04:00-06:00@120

[eva]
;schedule = 04:00-06:00@120

[ibmsvc]
;schedule = 04:00-06:00@120

[vioserver]
;schedule = 04:00-06:00@120

[brocade]
;schedule = 04:00-06:00@120

[disks]
;schedule = 04:00-06:00@120

[sym]
;schedule = 04:00-06:00@120

[svcconf]
;schedule = 04:00-06:00@120

[appinfo]
;schedule = @119

[rotate_root_pw]
;schedule = 04:00-06:00@120 sun

#
# In pull action mode, the collector sends a tcp packet to the server
# to notify there are actions to unqueue. The system's inetd sysstem
# must be configured to execute "nodemgr dequeue actions" upon
# receive. The listener.port parameter is sent to the collector upon
# pushasset. The collector uses this port to notify the node.
#
[listener]
addr = 0.0.0.0
port = 1214

[syslog]
#
# The facility to log to. Defaults to "user".
#
facility = user

#
# The host and port to log to. If neither host nor port are specified
# and if /dev/log exists, the messages are posted to /dev/log.
# If host is set but port is not, port defaults to 514
# If port is set bit host is not, host defaults to 514
#
;host = localhost
;port = 514

[stats_collection]
;schedule = @10

[reboot]
#
# A command to execute before reboot. Errors are ignored.
#
;pre = logger foo

#
# A command to execute before reboot. Errors abort to reboot.
#
;blocking_pre = ls /foo


[cluster]
#
# The cluster name.
# This information is fetched from the join command payload received from the
# joined node.
#
;name = cluster1

#
# The cluster shared secret. Used to encrypt/decrypt data with AES256.
# This secret is either autogenerated or fetched from a join command.
#
;secret = 12331241421412412

#
# The cluster nodes list.
# This list is fetched from the join command payload received from the
# joined node.
#
;nodes = node1 node2 node3


[hb#0]
;type = unicast
#
# The ip address of each node. Defaults to 0.0.0.0 for listening and to
# the resolved nodename for sending.
#
;addr@node1 = 1.2.3.4
;addr@node2 = 1.2.3.5

#
# The interface to bind. Defaults the any interface chosen by the system for
# the address.
#
;intf@node1 = eth0
;intf = eth1

#
# The port for each node to send to or listen on. Defaults to 1214.
#
;port@node1 = 1215
;port = 1214

#
# The delay since the last received heartbeat from a node before considering
# this node is gone. 
#
;timeout = 15

[hb#1]
;type = multicast

#
# The multicast address to send to and listen on.
#
;addr = 224.3.29.71

#
# The interface to bind. Defaults the any interface chosen by the system for
# the address.
#
;intf@node1 = eth0
;intf = eth1

#
# The multicast port to send to and listen on.
#
;port = 10001

#
# The delay since the last received heartbeat from a node before considering
# this node is gone. 
#
;timeout = 15


[hb#2]
;type = disk

#
# The device to write the hearbeats to and read from. It must be dedicated to
# the daemon use. Its size should be 1M + 1M per cluster node.
#
;dev = /dev/mapper/31231321231231241241343141243

#
# The delay since the last written heartbeat from a node before considering
# this node is gone. 
#
;timeout = 15

[stonith#node1]
cmd = /bin/true

<PATHETC>/auth.conf

This configuration file contains authentication options and tokens for tiers infrastructure components. This information is used by the inventoring and provisioning drivers.

The agent ensures this file is not world-writable nor world-readable.

Template

#
# This configuration file hosts in a single place all infrastructure
# access credentials.
#
# The agent ensure this file is not world-readable.
#
# Each infrastructure element has its own section, with a 'type'
# parameter specifying its driver.
#

#############################################################################
#
# Symmetrix array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = symmetrix

#
# param: symcli_path
# desc:  optional. if the lookup function fails to automatically
#        find the symcli bin path, this parameter can be used to
#        specify one.
#
symcli_path = /opt/symcli/bin

#
# param: symcli_connect
# desc:  only required for TCP/IP access. the name of the connection as
#        configured in the symcli netcnfg file.
#
symcli_connect = MYCONN

#
# param: username
# desc:  only required for authenticated TCP/IP access. the username used
#        to login.
#
username = me

#
# param: password
# desc:  only required for authenticated TCP/IP access. the password used
#        to login.
#
password = mypass


#############################################################################
#
# Centera array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = centera

#
# param: java_bin
# desc:  required. the fullpath of the java binary to use to run the centera
#        CLI tool.
#
java_bin = /opt/java/bin/java

#
# param: jcass_dir
# desc:  required. the directory hosting the centera CLI libs.
#
jcass_dir = /opt/centera/LIB

#
# param: server
# desc:  required. the centera admin server to log to.
#
server = centera1

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass


#############################################################################
#
# Netapp array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = netapp

#
# param: server
# desc:  required. the netapp server to log to.
#
server = netapp1

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: key
# desc:  required. the fullpath of the ssh private key, trusted on the netapp
#        array, used to connect to the array.
#
key = /root/.ssh/id_rsa


#############################################################################
#
# VNX array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = emcvnx

#
# param:   method
# desc:    required. the method used to login.
# default: secfile
# candidates:
#  * secfile: use credentials stored in the navisphere standard location.
#  * credentials: use username/password set in this section.
#
method = credentials

#
# param: spa
# desc:  required. the "A" Service Processor.
#
spa = vnx1a

#
# param: spb
# desc:  required. the "B" Service Processor.
#
spb = vnx1b

#
# param: scope
# desc:  the domain to parse.
# default:  0 (ie local)
#
scope = 0

#
# param: username
# desc:  required with method=credentials. the username used to login.
#
username = me

#
# param: password
# desc:  required with method=credentials. the password used to login.
#
password = mypass


#############################################################################
#
# 3par array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = hp3par

#
# param:   method
# desc:    required. the method used to connect the manager.
# default: ssh
# candidates:
#  * ssh: use username/key to connect the manager.
#  * cli: use username/password with the CLI tool to connect the manager.
#  * proxy: use a opensvc command filtering proxy.
#
method = ssh

#
# param: manager
# desc:  required. the name of the 3par manager server or opensvc proxy.
#
manager = hp3parmanager

#
# param: username
# desc:  required with method=ssh. the username used to login.
#
username = me

#
# param: key
# desc:  required with method=ssh. the ssh private key used to connect the
#        manager.
#
key = /root/.ssh/id_rsa

#
# param: pwf
# desc:  required with method=cli. the password file used to connect the
#        manager through the CLI tool.
#
pwf = /root/hp3par.pwf

#
# param: cli
# desc:  optional with method=cli. the fullpath of the CLI tool executable.
#        if not specified, the 'cli' executable is searched in the PATH.
#
cli = /opt/hp3par/bin/cli

#############################################################################
#
# hds array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = hds

#
# param: array
# desc:  required. a whitespace separated list of array ids.
#
array = HM700.20123 R700.2345

#
# param: url
# desc:  required. the url of the manager API.
#
url = https://hdsmanager/

#
# param: bin
# desc:  optional. the fullpath of the CLI tool executable.
#        if not specified, the 'HiCommandCLI' executable is searched in the
#        PATH.
#
cli = /opt/hds/bin/HiCommandCLI

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass

#
# param: jre_path
# desc:  optional. the fullpath of the preferred Java Runtime to use to
#        execute HiCommandCli. if set, this value is exported as the
#        HDVM_CLI_JRE_PATH environment variable.
#
jre_path = /opt/java/bin


#############################################################################
#
# freenas array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = freenas

#
# param: api
# desc:  required. the freenas api url.
#
api = https://freenas.opensvc.com/api/v1.0

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass


#############################################################################
#
# xtremio array
#
# This section is necessary for inventoring and nodemgr array
# commands. Each array must have its own section.
#
[]
type = xtremio

#
# param: api
# desc:  required. the array api url.
#
api = https://xtremio1.opensvc.com/

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required. the password used to login.
#
password = mypass


#############################################################################
#
# brocade SAN switch
#
# This section is necessary for inventoring.
#
[]
type = brocade

#
# param: username
# desc:  required. the username used to login.
#
username = me

#
# param: password
# desc:  required if key is not set. the password used to login.
#
password = mypass

#
# param: key
# desc:  required if password is not set. the fullpath of the ssh private
#        key, trusted on the switch, used to login.
#
key = /root/.ssh/id_rsa