Quattor Documentation Release 0.0.1

Quattor Community

Oct 30, 2018

Contents

1 Content 3

i ii Quattor Documentation, Release 0.0.1

This is the official documentation for Quattor: • configuration-modules-core • configuration-modules-grid • CAF • CCM • Unit Testing Also see the Quattor homepage for more information.

Contents 1 Quattor Documentation, Release 0.0.1

2 Contents CHAPTER 1

Content

1.1 CAF

1.1.1 Common Application Framework

This is the Common Application Framework (CAF) for Quattor. It is a library encapsulating most annoying details like reporting, file handling or command executions. It gives a unified way of doing potentially dangerous things in the right way.

1.1.2 Applicability

Quattor developers must use modules here for: • Executing commands (see CAF::Process). • Manipulating files (see CAF::FileWriter and CAF::FileEditor). • Reporting. Most likely, your code receives a $self object that provided CAF’s interfaces.

1.1.3 Content

Application

NAME

CAF::Application - Common Application Framework core class

3 Quattor Documentation, Release 0.0.1

SYNOPSIS

package example; use strict; use warnings; use LC::Exception qw (SUCCESS throw_error); use parent qw(CAF::Application);

# Main loop package main; use strict; use warnings; use LC::Exception qw (SUCCESS throw_error);

use vars ($this_app%SIG); unless ($this_app= example->new($0,@ARGV)) { throw_error (...); }

$this_app->report("Hello"); ...

DESCRIPTION

CAF::Application is the core class which provides command line and configuration file parsing, and general applica- tion methods. Applications can extend or overwrite the default methods.

Public methods

name(): string Return the application name (basename) version(): string Returns the version number as defined in $self->{‘VERSION’}, or if not defined. hostname(): string Returns the machine’s hostname. username(): string Returns the name of the user. option_exists($opt): boolean Returns true if the option exists, false otherwhise. Option can be defined either in the application config- uration file or on the command line (based on AppConfig module). option($opt): scalar|undef

4 Chapter 1. Content Quattor Documentation, Release 0.0.1

Returns the option value coming from the command line and/or configuration file. Scalar can be a string, or a reference to a hash or an array containing the option’s value. option() is a wrapper on top of AppConfig->get($opt). If the option doesn’t exist, returns undef, except if the defaultargument has been specified: in this case this value is returned but the option remains undefined. set_option($opt, $val): SUCCESS Defines an option and sets its value. If the option was previously defined, its value is overwritten. This is a wrapper over AppConfigmethods to hide the internal implementation of a CAF::Application. This method always returns SUCCESS. show_usage(): boolean Prints the usage message of the command based on options and help text. show_version(): boolean prints the version number of the Application. app_options(): ref(array) to be overloaded by the application with application specific options. This function has to return a reference to an array. Every element in the array must be a reference to a hash with the following structure:

NAME=> option name specification in the Getopt::Long(3pm) format "name|altname1|altname2|..[argument_type]" DEFAULT=> [optional] default value (string). If not specified: undef HELP=> help text (string)

example:

push(@array, {NAME=>'M|myoption=s', DEFAULT=>'defaultvalue', HELP=>'do somewhat on something'});

return \@array;

see also _app_default_options()

Private methods

_initialize Initialize the Application. Arguments $command Name of the script/command/. . . (typically $0). Remaining arguments @argv Typically this is the perl builtin variable @ARGV, but can be any array of options/arguments, or a single arrayref (in which case all elements of the arrayref are handled as options/arguments). Any arguments that are not handled by the options, can be retrieved either via @ARGV or by passing an arrayref holding the options/arguments. In these 2 cases, the contents is modified,

1.1. CAF 5 Quattor Documentation, Release 0.0.1

removing all handled options, leaving the non-option arguments in place. (In particular, using a regular array will leave the original array unmodified). _app_default_options This method specifies a number of default options, with the same format as app_options. The options are:

debug : sets debug level (1 to5) help : prints out help message quiet : no output verbose : verbose output version : print out version number& exit

The ‘noaction’, ‘cfgfile’ and ‘logfile’ options are not enabled by default but recognized (they have to be added to the application specific code - see the ‘example’ file):

noaction : execute no operations cfgfile : use configuration file logfile : use log file

_add_options add options coming from _app_default_options() and app_options()

Download :: LWP

NAME

CAF::Download::LWP class to use LWP (and Net::HTTPS).

DESCRIPTION

CAF::Download::LWP prepares LWP (and Net::HTTPS) and provides interface to LWP::UserAgent. Remarks wrt SSL/TLS: If LWP is recent enough (v8.333, e.g. on EL6+), the choice of SSL module will be the system default (typically IO::Socket::SSL when available, Net::SSL otherwise). The usual environment variable will not be honoured (this module will typically be executed in a minimal environment anyway). When LWP is too old, Net::SSL will be forced (e.g. on EL5). If LWP is recent enough and IO::Socket::SSL is the default, hostname verification is forced.

METHODS

_initialize Initialize the object. Optional arguments: log A CAF::Reporter object to log to.

6 Chapter 1. Content Quattor Documentation, Release 0.0.1

_get_ua Prepare the environment and initialise LWP::UserAgent. Best-effort to handle ssl setup, Net::SSL vs IO::Socket::SSLand verify_hostname. Example usage . . . my $ua = $self->_get_ua(%opts);

local%ENV=%ENV; $self->update_env(\%ENV); ...

Returns the LWP::UserAgent instance or undef. Options cacert: the CA file cadir: the CA path cert: the client certificate filename key: the client certificate private key filename ccache: the kerberos crednetial cache timeout: set timeout _do_ua Initialise LWP::UserAgent using _get_ua method and run method with arrayref args. All named options are passed to _get_ua.

Exception

NAME

CAF::Exception - provides basic methods for failure and exception handling

Private methods

_get_noaction Return NoAction setting: Return 0 is keeps_state is true Any other value of keeps_state is ignored. (In particular, you cannot use keeps_state to enable NoAction). Return value of noAction method (when defined) CAF::Object::NoAction otherwise Supports an optional msg that is prefixed to reporter. _reset_exception_fail Reset previous fail attribute and/or exception. msg is a suffix when reporting the old fail attribute and/or exception error (with debug level 1).

1.1. CAF 7 Quattor Documentation, Release 0.0.1

EC is a LC::Exception::Context instance that is checked for an existing error, which is set to ignore if it exists. Always returns SUCCESS. _function_catch Execute function reference funcref with arrayref $args and hashref $opts. Method resets any existing fail attribute and error from LC::Exception::Context instance EC. When an exception thrown is thrown, it is catched and reset. No error is reported and undef is returned in this case and the fail attribute is set with the exception error text. _safe_eval Run function reference funcref with arrayref argsref and hashref optsref. Return and set fail attribute with failmsg ($@ is added when set) on die or in case of an error (undef returned by funcref). In case of success, report msg (stringified result is added unless sensitive attribute is set) at verbose level. Note that _safe_eval doesn’t work with functions that don’t return a defined value when they succeed. Resets previous fail attribute and or exceptions (via the LC::Exception::Context instance EC).

FileEditor

NAME

CAF::FileEditor - Class for securely making minor changes in CAF applications.

DESCRIPTION

This class should be used whenever a file is to be opened for modifying its existing contents. For instance, if you want to add a single line at the beginning or the end of the file. As usual, all operations may be logged by passing a log argument to the class constructor.

Public methods new Returns a new object it accepts the same arguments as the constructor for CAF::FileWriter with one additional option: source This option, when present, must be a file name whose contents will be used as the initial contents for the edited file if the source modification time is more recent than the edited file modification time. This allows to rebuild the file contents based on a new version of the reference file. The source can be a pipe: in this case, it is always considered more recent than the edited file. open Synonym for new()

8 Chapter 1. Content Quattor Documentation, Release 0.0.1 set_contents Sets the contents of the file to the given argument. Usually, it doesn’t make sense to use this method directly. Just use a CAF::FileWriter object instead. head_print Appends a line to the very beginning of the file. seek_begin Seek to the beginning of the file. seek_end Seek to the end of the file. replace_lines(re, goodre, newvalue) Replace any lines matching re but *not* goodre with newvalue. If there is no match, nothing will be done. For instance,

$fh->replace(qr(hello.*), qr(hello.*world), 'hello and good bye, world!')

Will replace all lines containing ‘hello’ but not world by the string ‘hello and good bye, world!’. But if the file contents are

There was Eru, who in Arda is called Iluvatar

it will be kept as is. This is useful when we want to change a given configuration directive only if it exists and it’s wrong. The regular expressions can be expressed with the qr operator, thus allowing for modification flags such as i. add_or_replace_sysconfig_lines(key, value, whence) Replace the value in lines matching the key. If there is no match, a new line will be added to the where whenceand offset tells us. The sysconfig_separator value can be changed if it’s not the usual ‘=’. add_or_replace_lines(re, goodre, newvalue, whence, offset, add_after_newline) Replace lines matching re but not goodre with newvalue. If there is no match, a new line will be added where the whenceand offset tell us. See IO::String::seekfor details; e.g. use the constants tuple BEGINNING_OF_FILE or ENDING_OF_FILE. If add_after_newline is true or undef, before adding the new line, it is verified that a newline precedes this position. If no newline char is found, one is added first. whence must be one of SEEK_SET, SEEK_CUR or SEEK_END; everything else will be ignored (an error is logged if logging is set)). Reminder: if the offset position lies beyond SEEK_END, padding will occur with $self->pad, which defaults to \0. get_all_positions(regex, whence, offset) Return reference to the arrays with the positions before and after all matches of the compiled regular expression regex, starting from whence (default beginning) and offset (default 0). (If the regexp does not match, references to empty arrays are returned). Global regular expression matching is performed (i.e. m/$regex/g). The text is searched without line-splitting, but multiline regular expressions like qr{^something.\*$}m can be used for per line matching.

1.1. CAF 9 Quattor Documentation, Release 0.0.1 get_header_positions(regex, whence, offset) Return the position before and after the “header”. A header is a block of lines that start with same compiled regular expression regex. Default value for regex is qr{^\s\*#.\*$}m(matching a block of text with each line starting with a #); the default value is also used when regex is undef. (-1, -1) is returned if no match was found. whence and offset are passed to underlying get_all_positionscall. remove_lines(re, goodre) Remove any lines matching re but *not* goodre. If there is no match, nothing will be done.

EXPORTED CONSTANTS

The following constants are automatically exported when using this module: BEGINNING_OF_FILE Flag to pass to add_or_replace_lines. Lines should be added at the beginning of the file. (To be used in list context, as this is actually (SEEK_SET, 0).) ENDING_OF_FILE Flag to pass to add_or_replace_lines. Lines should be added at the end of the file. (To be used in list context, as this is actually (SEEK_END, 0).)

EXAMPLES

Appending to the end of a file

For instance, you may want to append a line to the end of a file, if it doesn’t exist already: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); if (${$fh->string_ref()} !~m{hello, world}m){ print $fh "hello, world\n"; } $fh->close();

Cancelling changes in case of error

This is a subclass of CAF::FileWriter, so just do as you did with it: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->cancel() if $error; $fh->close();

Appending a line to the beginning of the file

Trivial: use the head_print method:

10 Chapter 1. Content Quattor Documentation, Release 0.0.1

my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->head_print ("This is a nice header for my file");

Replacing configuration lines

If you want to replace existing lines: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->replace_lines (qr(pam_listfile), qr(session\s+required\s+pam_listfile.so.*item=user), join("\t", qw(session required pam_listfile.so onerr=fail item=user sense=allow file=/some/acl/file)));

This will not add any new lines in case there are no matches.

Adding or replacing lines

If you want to replace lines that match a given regular expression, and have to add them to the beginning of the file in case there are no matches: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->add_or_replace_lines (qr(pam_listfile), qr(session\s+required\s+pam_listfile.so.*item=user), join("\t", qw(session required pam_listfile.so onerr=fail item=user sense=allow file=/some/acl/file)), BEGINNING_OF_FILE);

SEE ALSO

This class inherits from CAF::FileWriter, and thus from IO::String.

FileReader

NAME

CAF::FileReader - Class for only reading files in CAF applications.

DESCRIPTION

Normal use:

1.1. CAF 11 Quattor Documentation, Release 0.0.1

use CAF::FileReader; my $fh= CAF::FileReader->open("my/path"); while (my $line= <$fh>){ # Do something }

This class should be used whenever a file is to be opened for reading, and no modifications are expected. Printing to this file is allowed, but changes will be discarded (in effect, the FileEditor is cancel-ed. new Create a new instance: open the file $fn, read it, seek to the beginning and cancel any (future) changes. open Synonym for new()

FileWriter

NAME

CAF::FileWriter - Class for securely writing to files in CAF applications.

SYNOPSIS

Normal use:

use CAF::FileWriter; my $fh= CAF::FileWriter->open("my/path"); print $fh "My text"; $fh->close();

Aborting changes:

use CAF::FileWriter; my $fh= CAF::FileWriter->open("my/path"); print $fh, "My text"; $fh->cancel(); $fh->close();

DESCRIPTION

This class should be used whenever a file is to be opened for writing. If the file already exists and the printed contents are the same as the contents present on disk, the actual file won’t be modified. This way, timestamps will be kept. It also provides a secure way of opening files, avoiding symlink attacks. In case of errors, changes can be cancelled, and nothing will happen to disk. Finally, the file names to be handled will be logged at the verbose level.

12 Chapter 1. Content Quattor Documentation, Release 0.0.1

Gory details

This is a wrapper class for IO::String with customised close based on File::AtomicWrite.

Public methods new Returns a new object. It accepts the file name as its first argument, and the next hash as additional options: log The log object. If not supplied, no logging will be performed. owner UID for the file. group File’s GID. mode File’s permissions. mtime File’s modification time. backup Create a backup file when the file already exists and will be modified. The value is used as a suffix to create the backup filename (e.g. .old). keeps_state A boolean specifying whether a file change respects the current system state or not. A file with keeps_state will be created/modified, regardless of any value for NoAction. This is useful when creating temporary files that are required for a NoAction run. By default, file changes modify the state and thus keeps_state is false. sensitive A boolean specifying whether a file contains sensitive information (like passwords). When the content of the file is modified, the changes (either the diff or the whole content in case of a new file) themself are not reported and not added to the event history. open Synonym for new() close Closes the file. If the file has been saved (e.g. previous close or cancel) nothing happens and undef is returned. If the file has not been saved, it checks its contents and perhaps re-writes it, in a secure way (not following symlinks, etc). The (re)write only occurs if there was a change in content and this change (or not) is always determined and returned, even if NoAction is true (but in that case nothing is (re)written). Under a verbose level, it will show in the standard output a diff of the old and the newly-generated contents for this file before actually saving to disk.

1.1. CAF 13 Quattor Documentation, Release 0.0.1

cancel Marks the printed contents as invalid. The existing file will not be altered. Option msg to add custom message to verbose reporting. noAction Returns the NoAction flag value (boolean) stringify Returns a string with the contents of the file, so far. It overloads "", so it’s now possible to do “$fh” and get the contents of the file so far. (Returns empty string on an already closed file.) error, warn, info, verbose, debug, report, log, OK Convenience methods to access the log/reporter instance that might be passed during initialisation and set to \*$self-{LOG}>. is_verbose Determine if the reporter level is verbose. If it can’t be determined from the reporter instance, use the global CAF::Reporter state. Supports boolean option verbose_logfile to check if reporting to logfile is verbose. event Method to track an event via LOG CAF::History instance (if any). Following metadata is added filename Adds the filename as metadata

Private methods

_read_contents Read the contents from file filename using LC::File::file_contentsand return it. Optional named arguments event A hashref that will be updated in place if an error occured. The errorattribute is set to the exception text. missing_ok When true and LC::File::file_contents fails with ENOENT(i.e. when filename is missing), the exception is ignored and no warning is reported. By default, a warning is reported in case of an error and the exception is (re)thrown. DESTROY Class destructor. Closes the file, perhaps saving it to disk.

14 Chapter 1. Content Quattor Documentation, Release 0.0.1

EXAMPLES

Opening /etc/sudoers

This a part of what ncm-sudo should do, if it used this module: my $fh= CAF::FileWriter->open("/etc/sudoers", mode=> 0440, log=>$self); print $fh "User_Alias\t$_\n" foreach @{$aliases->{USER_ALIASES()}}; print $fh "Runas_Alias\t$_\n" foreach @{$aliases->{RUNAS_ALIASES()}}; ... $fh->close();

Which is actually simpler and safer than current code.

Specifying owner and group

Owner and group are set at the time of creating the object: my $fh= CAF::FileWriter->open("/some/file", owner=> 100 group=> 200); print $fh "Hello, world!\n"; # I don't like what I did, just drop the changes: $fh->cancel(); $fh->close();

Changing the default filehandle

If you don’t want STDOUT as your default filehandle, you can just select a CAF::FileWriter object: my $fh= CAF::FileWriter->open("/some/file", owner=> 100, group=> 200); select($fh); print "Hello, world!\n"; $fh->close(); select(STDOUT);

Using here-documents

You can use them, as always: my $fh= CAF::FileWriter->open("/some/file"); print $fh <close();

1.1. CAF 15 Quattor Documentation, Release 0.0.1

Closing when destroying

If you forget to explictly close the CAF::FileWriter object, it will be closed automatically when it is destroyed:

my $fh= CAF::FileWriter->open("/some/file"); print $fh "Hello, world!\n"; undef$fh;

SEE ALSO

This package inherits from IO::String. Check its man page to do powerful things with the already printed contents.

TODO

This has became too heavy: in some circumstances, manipulating a file involves opening it three times, reading it twice and executing two commands. We probably need to drop LC::* and do things in our own way.

History

NAME

CAF::History - Class to keep history of events

SYNOPSIS

package mypackage;

use qw(CAF::History);

sub _initialize { ... $self->{HISTORY}= CAF::History->new(); ... } sub foo{ my ($self,$a,$b,$c)=@_; ... $self->{HISTORY}->event(); ... }

DESCRIPTION

CAF::History provides class methods for tracking and lookup of events. TODO: CAF::History should provide interfaces for loading / saving history to file e.g. sqlite

16 Chapter 1. Content Quattor Documentation, Release 0.0.1

lookup / querying events (e.g. what files where last written to by component X)

Public methods

new Create a CAF::History instance, The history is a hashref with keys $EVENTS an array reference holding all events. $LAST The latest state of each id $NEXTIDX The index of the next event. optional $INSTANCES If keep_instances is set, an INSTANCES attribute is also added, and any events will keep track of the (blessed) instances. Caveat: this will prevent code that relies on instances going out of scope to perform certain actions on DESTROY, to function properly. By default, INSTANCES are not kept. event Add an event. An event is specified by an id from the $objand a hash metadata. (Metadata can be passed as <-event($obj, modified => 0);>>.) If an instance is passed, the Scalar::Util::refaddr is used as internal identifier. If a scalar is passed, it’s value is used. Object instances are also added to an instances hash-ref to handle DESTROY properly (but only if the initial HISTORY attribute has an INSTANCES attribute). Following metadata is added automatically IDX The unique event index, increases one per event. ID The identifier REF The obj ref TS The timestamp (private method _now is used to determine the timestamp) The last metadata of each event is also held stored (for convenient access). Returns SUCCESS on success, undef otherwise. query_raw

1.1. CAF 17 Quattor Documentation, Release 0.0.1

Primitive interface to query the events. match is a anonymous sub that is passed the event as (only) argument (each event is a metadata hashref). Returns true if the event matches and is to be returned. filter is an arrayref of metadata keys to filter from the event (only event metadata matching the filter is returned). Returns an arrayref of (a shallow copy of) the event metadata. TODO: support proper, human-friendly query interface via (NO)SQL close Closes the history which triggers following destroy INSTANCES TODO: report an overview of events E.g. all modified FileWriter and Editors Returns SUCCESS on success, undef otherwise.

Private methods

_now Return the timestamp to use. Implemented using builtin time for now, i.e. no timezones. _cleanup_instances Cleanup instances and remove any reference to instances held by the history. This might trigger new events. After all, we must make sure we have all the events. Following methods are supported close If the instance has a close method, the method is called without any arguments. Returns SUCCESS on success, undef otherwise.

Kerberos

NAME

CAF::Kerberos - Class for Kerberos handling using GSSAPI.

DESCRIPTION

This class handles Kerberos tickets and some utitlities like kerberos en/decryption. To create a new ticket for principal SERVICE/host@REALM (using default (server) keytab for the TGT), you can use

my $krb= CAF::Kerberos->new( principal=> 'SERVICE/host@REALM', log=>$self, ); (continues on next page)

18 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) return if(! defined($krb->get_context()));

# set environment to temporary credential cache # temporary cache is cleaned-up during destroy of $krb local%ENV=%ENV; $krb->update_env(\%ENV);

Methods

_initialize Initialize the kerberos object. Arguments: Optional arguments log A CAF::Reporter object to log to. lifetime, keytab Ticket lifetime and keytab are passed to update_ticket_options method. primary, instances, realm, principal Principal primary, instances, realm and principal are passed to update_principal method. update_ticket_options Update ticket details using optional named arguments (and set the keytab ENV attributes). lifetime Requested lifetime. (There is no verification if the actual lifetime is this long). keytab Set the keytab to use to create the TGT. update_principal Set the principal details (primary, instances and/or realm) using following optional named arguments primary The primary component (i.e. username or service) (cannot be empty string). instances Array reference with instances for the principal realm The realm. principal The principal string, will be split in above components. Any individual component specified will precede the value from this string. create_credential_cache

1.1. CAF 19 Quattor Documentation, Release 0.0.1

Create the credential cache and add the KRB5CCNAME to the temp environment. Use kinit to get an initial TGT for that cache. Returns SUCCESS on success, undef otherwise (see fail attribute). get_context Create a GSSAPI::Context. Following options are supported name The GSSAPI::Name instance to use. If undef, get_name method will be used to create one. iflags Input flags/bits for the Context to create to support certain service options. (See e.g. _spnego_iflags). Defaults to 0. itoken Input token (q{} is used if not defined). usecred Boolean, if true, (try to) get a credential before getting the context. Returns the output token in case of succes, undef in case of failure. get_cred Acquire a GSSAPI::Cred instance. Following options are supported name The GSSAPI::Name instance to use. If undef, get_name method will be used to create one. usage Specify the credential usage, one of GSSAPI constants GSS_C_INITIATE, GSS_C_ACCEPT or (default) GSS_C_BOTH. Returns the GSSAPI::Cred instance in case of succes, undef in case of failure. get_hrname Return human readablename from GSSAPI::Name instance. Return undef on failure (and set fail attribute with reason). get_name Return a imported GSSAPI::Name instance. Returns undef on failure. Optional principal hashref is passed to _principal_string. DESTROY On DESTROY, following cleanup will be triggered Cleanup of credential cache _principal_string

20 Chapter 1. Content Quattor Documentation, Release 0.0.1

Convert the principal hashref into a principal string. Optional principal hashref can be passed, if none is provided, use the instance $self-{principal}>. Returns the principal string, undef in case or problem. _split_principal_string Split a principal string in primary, instances and realm components. Returns a hashref with the components, undef incase the string is invalid. _spnego_iflags Create the SPNEGO iflags for Context instance. Optional $delegate boolean. _gss_decrypt Given token, decrypt inbuf that is encrypted with GSSAPI wrap’ping. Returns human readable GSSAPI::Name and decrypted output buffer. Returns undef on failure. _gss_status Evaulatues status: on success, returns SUCCESS reports with verbose, on failure returns fail (The fail message is set in the fail attribute). Optional text can be used to construct the message prefix. _gssapi_{init,accept,wrap,unwrap,import,display} Interfaces to GSSAPI methods returning a GSSAPI::Status instance. Given an instance of GSSAPI::Context (for accept,init,valid_time_left,wrap,unwrap) or GSSAPI::Name (for display,import), call the metod on the instacne with the remaining arguments. The returned status is processed by _gss_status. Returns undef in case of failure (with message in fail attribute), SUCCESS otherwise. _process Run arrayref $cmd via CAF::Process-new->output> in updated environment. Returns the output (and sets $?). _kinit Obtain the TGT using kinit, using the credential cache specified in the ‘KRB5CCNAME’ environment variable. Principal used is generated via _principal_string. Returns SUCCESS on success, undef otherwise.

Lock

NAME

CAF::Lock - Class for handling application instance locking

1.1. CAF 21 Quattor Documentation, Release 0.0.1

SYNOPSIS

use CAF::Lock;

$lock= CAF::Lock->new('/var/lock/quattor/spma', log=>$reporter);

unless ($lock->set_lock()) {...} unless ($lock->set_lock(10,2){...} unless ($lock->set_lock(3,3, FORCE_ALWAYS)) {...}

unless ($lock->unlock()) {....}

INHERITANCE

CAF::Object

DESCRIPTION

The CAF::Lock class provides methods for handling application locking.

PUBLIC METHODS

set_lock(retries, timeout, force) Tries retries times to set the lock. If force is set to FORCE_NONEor not defined and the lock is set, it sleeps for timeout. Returns SUCCESS, or undef on failure. If retries or timeout are not defined or set to 0, only a single attempt is done to acquire the lock. If force is set to FORCE_ALWAYS then the lock file is just set again, even if the lock is already set by another application instance, and neither timeout nor retries are taken into account. unlock() Releases the lock and returns SUCCESS. Reports an error and returns undef if the lock cannot be re- leased. If the object (application instance) does not hold the lock, an error is reported and undefis re- turned. is_set() Returns SUCCESS if lock is set by application instance, undef otherwise.

PRIVATE METHODS

_initialize(lockfilename) Initialize the object. Called by new(lockfilename). Optional arguments log A CAF::Reporter object to log to. _try_lock(force)

22 Chapter 1. Content Quattor Documentation, Release 0.0.1

Called by set_lock() to create the lock file and return SUCCESS if we were able to flock() the file. If force is set to FORCE_ALWAYS then this method will return SUCCESSeven if flock() was unsuc- cessful.

Log

NAME

CAF::Log - Simple class for handling log files

SYNOPSIS use CAF::Log; my $log= CAF::Log->new('/foo/bar', 'at');

$log->print("this goes to the log file\n"); $log->close();

DESCRIPTION

The CAF::Log class allows to instantiate objects for writing log files. A log file line can be prefixed by a time stamp.

Public methods close(): boolean closes the log file, returns SUCCESS on success, undef otherwise (if no FH attribute exists). print($msg): boolean Prints $msg into the log file. If PROCID attribute is defined (value is irrelevant), the proces id in square brackets ([PID]) and addi- tional space are prepended. If TSTAMP attribute is defined (value is irrelevant), a YYYY/MM/DD-HH:mm:ss timestamp and addi- tional space are prepended. No newline is added to the message. Returns the return value of invocation of FH print method.

Private methods

_initialize($filename, $options) $options is a string with magic letters a: append to a logfile w: truncate a logfile t: generate a timestamp on every print

1.1. CAF 23 Quattor Documentation, Release 0.0.1

p: add PID Only one of w or a can and has to be set. (There is no default.) If the w option is used and there was a previous log file, it is renamed with the extension ‘.prev’. Examples: CAF::Log->new(‘/foo/bar’, ‘at’): append, enable timestamp CAF::Log->new(‘/foo/bar’, ‘w’) : truncate logfile, no timestamp If the filename ends with .log, the SYSLOG attribute is set to basename of the file without suffix (relevant for CAF::Reporter::syslog). DESTROY Called during garbage collection. Invokes close().

Object

NAME

CAF::Object - provides basic methods for all CAF objects

SYNOPSIS

use parent qw(CAF::Object ...); ... sub _initialize{ ... initialize your package return SUCCESS; # Success }

DESCRIPTION

CAF::Object is a base class which provides basic functionality to CAF objects. All other CAF objects should inherit from it. All CAF classes use this as their base class and inherit their class constructor new from here. Sub-classes should implement all their constructor initialisation in an _initialize method which is invoked from this base class new constructor. Sub-classes should NOT need to override the new class method. The subclass _initialize method has to be implemented and has to return a boolean value indicating if the initialisation was succesful (e.g. use SUCCESS exported by CAF::Object). In particular, one should avoid to return the $self instance at the end of _initialize (e.g. to avoid troubles when the subclass overloads logic evaluation (which is also possible via overloading other methods such as stringification)).

Public methods

new Creates an empty hash and bless’es it as the new class instance. All arguments are then passed to a $self-_initialize(@_)> call. When _initialize returns success, the NoAction attribute is set to the value of CAF::Object::NoAction if it didn’t exist after _initialize. If _initialize returns failure, an error is thrown and undef returned.

24 Chapter 1. Content Quattor Documentation, Release 0.0.1 noAction Returns the NoAction flag value (boolean)

Private methods

_initialize This method must be overwritten in a derived class error, warn, info, verbose, debug, report, OK, event Convenience methods to access the log/reporter instance that might be passed during initialisation and set to $self-{log}>. (When constructing classes via multiple inheritance, CAF::Reporter should precede CAF::Object if you want to use an absolute rather than a conditional logger). fail Handle failures. Stores the error message in the fail attribute, logs it with verbose and returns undef. To be used in subclasses that are not supposed to log/report any errors themself when a problem or failure occurs. In such classes, all failures should use return $self-fail(“message”);>. update_env Update the hashref $env with key/value from the ENV attribute hashref. (A undef value will remove the key.) Returns the env hashref. To be used as

# Setup local environment local%ENV=%ENV; $self->update_env(\%ENV);

Example:

# some method_1 that prepares a shared environment sub method_1 { ... # Prepare enviroment modifications $self->{ENV}->{PATH}= "/some/new/path:$ENV{PATH}"; ... }

sub do_something { ... # Setup local environment local%ENV=%ENV; $self->update_env(\%ENV);

# everything in the remainder of the method runs in modified environment # is limited to the scope of this method due to 'local' ... }

1.1. CAF 25 Quattor Documentation, Release 0.0.1

ObjectText

NAME

CAF::ObjectText - Base class for handling text

SYNOPSIS

Define subclass via package SubClass; use parent qw(CAF::ObjectText);

sub _get_text { my ($self)=@_; return "actual text"; }

And use it via my $sc = SubClass->new(log => $self); print “$sc”; # stringification

$sc= SubClass->new(log=>$self); # return CAF::FileWriter instance (text already added) my $fh=$sc->filewriter('/some/path'); if (!defined($fh)) { $self->error("Failed to retrieve filewriter: $sc->{fail}"); return; } $fh->close();

DESCRIPTION

This class simplifies text handling via stringification and produces a CAF::FileWriter instance.

Methods

_initialize_textopts Handle some common options in the subclass _initialize method. log A CAF::Reporter object to log to. eol If eol is true, the produced text will be verified that it ends with an end-of-line, and if missing, a newline character will be added. By default, eol is true. eol set to false will not strip trailing newlines (use chompor something similar for that). usecache If usecache is false, the text is always re-produced. Default is to cache the produced text (usecache is true). _get_text_test

26 Chapter 1. Content Quattor Documentation, Release 0.0.1

Run additional tests before the actual text is produced via get_text. Returns undef in case of failure, SUCCESS otherwise. The method is called in get_text before the caching is checked. Default implementation does not test anything, always returns SUCCESS. This method should be rede- fined in the subclass. _get_text Produce the actual text in get_text(or call another method that does so). Returns 2 element tuple with first element the resulting text (or undef in case of failure). The second element is an error message prefix (ideally, real error message is set via the fail attribute). This method needs to be defined in the subclass. get_text get_text produces and returns the text. In case of an error, get_text returns undef(no error is logged). This is the main difference from the auto-stringification that returns an empty string in case of a rendering error. By default, the result is cached. To force re-producing the text, clear the current cache by passing 1 as first argument (or disable caching completely with the option usecacheset to false during the initialisation). filewriter Create and return an open CAF::FileWriter instance with first argument as the filename. If the get_text method fails (i.e. returns undef), undef is returned. The text is added to the filehandle. It’s up to the consumer to cancel and/or close the instance. All CAF::FileWriter initialisation options are supported and passed on. (If no log option is pro- vided, the one from the current instance is passed). Two new options header and footer are supported to respectively prepend and append to the text. If eol was set during initialisation, the header and footer will also be checked for EOL. (EOL is still added to the get_text if eol is set during initialisation, even if there is a footer defined.)

Path

NAME

CAF::Path - check that things are really the way we expect them to be

DESCRIPTION

Simplify common file and directory related operations e.g. directory creation cleanup (mockable) file/directory tests The class is based on LC::Check with following major difference CAF::Object::NoAction support builtin (and keeps_state option to override it). support CAF::Reporter (incl. CAF::History)

1.1. CAF 27 Quattor Documentation, Release 0.0.1

raised exceptions are catched, methods return SUCCESS on succes, undef on failure and store the error message in the fail attribute. available as class-methods return values undef: failure occured SUCCESS: nothing changed (boolean true) CHANGED: something changed (boolean true).

Functions

mkcafpath Returns an instance of CAF::Object and CAF::Path. This instance is a simple way to use CAF::Path when subclassing is not possible. Allowed options are > and >. This function is not exported, to be used as e.g. use CAF::Path; . . . my $cafpath = CAF::Path::mkcafpath(log => $logger); if(! defined($cafpath->directory($name)) { $logger->error(“Failed to make directory $name: $cafpath->{fail}”); };

Methods

LC_Check Execute function > with arrayref $args and hashref $opts. CAF::Object::NoAction is added to the options, unless keeps_state is set. The function is executed with _function_catch. _untaint_path Untaint the path argument. Returns undef on failure and sets the fail attribute with msg directory_exists Test if directory exists and is a directory. This is basically the perl builtin -d, wrapped in a method to allow unittesting. If directory is a symlink, the symlink target is tested. If the symlink is broken (no target), directory_exists returns false. file_exists Test if filename exists and is a file. This is basically the perl builtin -f, wrapped in a method to allow unittesting. If filename is a symlink, the symlink target is tested. If the symlink is broken (no target), file_exists returns false. any_exists

28 Chapter 1. Content Quattor Documentation, Release 0.0.1

Test if path exists. This is basically the perl builtin -e || -l, wrapped in a method to allow unittesting. A broken symlink (symlink whose target doesn’t exist) exists: any_exists returns true. is_symlink Test if path is a symlink. Returns true as long as path is a symlink, including when the symlink target doesn’t exist. cleanup cleanup removes dest with backup support. (Works like LC::Check::_unlink, but has directory support and no error throwing). Returns CHANGED is something was cleaned-up, SUCCESS if nothing was done and undef on failure (and sets the fail attribute). The is a suffix for dest. If backup is undefined, use backup attribute. (Pass an empty string to disable backup with backup attribute defined) Any previous backup is cleanuped (without backup). (Aside from the backup at- tribute, this is the same as LC::Check::_unlink(and thus also CAF::File\*)). Additional options keeps_state: boolean passed to _get_noaction. directory Make sure a directory exists with proper options. If the directory does not exists (or the temp option is set), it is created (including the parent directories as needed), and uses LC::Check::directory via LC_Check. Returns CHANGED if a change was made, SUCCESS if no changes were made and undef in case of failure (and the fail attribute is set). The return value in absence of failure is a dualvar with integer value SUCCESS/CHANGED, and the directory as string value (in particular relevant for temporary directories). Additional options owner/group/mode/mtime : options for CAF::Path::status temp A boolean if true will create a a temporary directory using File::Temp::tempdir. The directory name is the template to use (any trailing X characters will be replaced with random characters by tempdir; and the directory name will be padded up to at least 4 X). The CLEANUP option is also set (an removal attempt (incl. any files and/or subdirectries) will be made at the end of the program). keeps_state: boolean passed to _get_noaction. _make_link This method is mainly a wrapper over LC::Check::linkreturning the standard CAF::Path return values. Every option supported by LC::Check::link is supported. NoActionflag is handled by LC::Check::link and keeps_state option is honored (overrides NoAction if true). One im- portant difference is the order of the arguments: CAF::Path:_make_linkand the methods based on it are following the Perl symlink(and ln command) argument order.

1.1. CAF 29 Quattor Documentation, Release 0.0.1

This is an internal method, not supposed to be called directly. Either call symlink or hardlink public methods instead. hardlink Create a hardlink link_path whose target is target. On failure, returns undef and sets the fail attribute. If link_path exists and is a file, it is updated. target must exist (check flag available in symlink() is ignored for hardlinks) and it must reside in the same filesystem as link_path. If target_path is a relative path, it is interpreted from the current directory. link_name parent directory is created if it doesn’t exist. Returns SUCCESS on sucess if the hardlink already existed with the same target, CHANGED if the hardlink was created or updated, undef otherwise. This method relies on _make_link method to do the real work, after enforcing the option saying that it is a hardlink. symlink Create a symlink link_path whose target is target. Returns undef and sets the fail attribute if link_pathalready exists and is not a symlink, except if this is a file and option force is defined and true. If link_path exists and is a symlink, it is updated. By default, the target is not required to exist. If you want to ensure that it exists, define option check to true. Both link_path and targetcan be relative paths: link_path is interpreted as relatif to the current directory and target is kept relative. link_path parent directory is created if it doesn’t exist. Returns SUCCESS on sucess if the symlink already existed with the same target, CHANGED if the symlink was created or updated, undef otherwise. This method relies on _make_link method to do the real work, after enforcing the option saying that it is a symlink. has_hardlinks Method that returns the number of hardlinks for file. The number of hardlinks is the number of entries referring to the inodes minus 1. If file has no hardlink, the return value is 0. If file is not a file, the return value is undef. is_hardlink This method returns SUCCESS if path1 and path2 refer to the same file (inode). It returns 0 if path1 and path2 both exist but are different files or are the same path and undef if one of the paths doesn’t exist or is not a file. Note: the result returned will be identical whatever is the order of path1 and path2arguments. status Set the path stat options: owner, group, mode and/or mtime. This is a wrapper around LC::Check::statusand executed with LC_Check. Returns CHANGED if a change was made, SUCCESS if no changes were made and undef in case of failure (and the fail attribute is set). Additional options keeps_state: boolean passed to _get_noaction. move Move/rename src to dest.

30 Chapter 1. Content Quattor Documentation, Release 0.0.1

The final goal is to make sure src does not exist anymore, not that dest exists after move (in particular, if srcdoes not exist to start with, success is immediately returned, and no backup of dest is created). The is a suffix for the cleanup of dest(and passed to cleanup method). (The basedir of dest is created using directory method.) Additional options keeps_state: boolean passed to _get_noaction. listdir Return an arrayref of sorted directory entry names or undef on failure. (The . and .. are removed). Can be used to replace glob() as follows:

... foreach my $file(glob('/path/ *.ext')) { ...

replace by

... foreach my $file(@{$self->listdir('/path', filter=> '\.ext$', adddir=>1)}

˓→){ ...

Options test An (anonymous) sub used for testing. The return value is interpreted as boolean value for filtering the directory entry names (true value means the name is kept). Accepts 2 arguments: first argument ($_[0]) the directory entry name, 2nd argument ($_[1]) the directory. filter A pattern or compiled pattern to filter directory entry names. Matching names are kept. inverse Apply inverse test (or filter) logic. adddir Prefix the directory to the returned filenames (default false). file_exists Shortcut for test function that uses CAF::Path::file_exists as test function.

Process

NAME

CAF::Process - Class for running commands in CAF applications

1.1. CAF 31 Quattor Documentation, Release 0.0.1

SYNOPSIS use CAF::Process; my $proc= CAF::Process->new ([qw (my command)], log=>$self); $proc->pushargs (qw (more arguments)); my $output=$proc->output(); $proc->execute();

DESCRIPTION

This class provides a convenient wrapper to LC::Process functions. Commands are logged at the verbose level. All these methods return the return value of their LC::Process equivalent. This is different from the command’s exit status, which is stored in $?. Please use these functions, and do not use \`\`, qx// or system. These functions won’t spawn a subshell, and thus are more secure.

Private methods

_initialize Initialize the process object. Arguments: $command A reference to an array with the command and its arguments. %opts A hash with the command options: log The log object. If not supplied, no logging will be performed. timeout Maximum execution time, in seconds, for the command. If it’s too slow it will be killed. pid Reference to a scalar that will hold the child’s PID. stdin Data to be passed to the child’s stdin stdout Reference to a scalar that will have child’s stdout stderr Reference to a scalar that will hold the child’s stderr. keeps_state

32 Chapter 1. Content Quattor Documentation, Release 0.0.1

A boolean specifying whether the command respects the current system state or not. A command that keeps_state will be executed, regardless of any value for NoAction. By default, commands modify the state and thus keeps_state is false. sensitive A boolean, hashref or functionref specifying whether the arguments contain sensitive information (like passwords). If sensitive is true, the commandline will not be reported (by default when log option is used, the commandline is reported with verbose level). If sensitive is a hash reference, a basic search (key) and replace (value) is per- formed. The keys and values are not interpreted as regexp patterns. The order of the search and replace is determined by the sorted values (this gives you some con- trol over the order). Be aware that all occurences are replaced, and when e.g. weak passwords are used, it might reveal the password by replacing other parts of the com- mandline (--password=password might be replaced by --SECRET=SECRET, thus revealing the weak password). Also, when a key is a substring of another key, it will reveal (parts of) sensitive data if the order is not correct. If sensitive is a function reference, the command arrayref is passed as only argu- ment, and the stringified return value is reported. my $replace = sub { my $command = shift; return join(“_”, @$command); };

...

CAF::Process->new(..., sensitive=>$replace);

This does not cover command output. If the output (stdout and/or stderr) con- tains sensitve information, make sure to handle it yourself via stdout and/or stderroptions (or by using the output method). These options will only be used by the execute method. _sensitive_commandline Generate the reported command line text, in particular it deals with the sensitive attribute. When the sensitive attribute is not set, it returns stringify_command. This method does not report, only returns text. See the description of the sensitive option in _initialize. _LC_Process Run LC::Process function with arrayref arguments args. noaction_value is is the value to return with NoAction. msg and postmsg are used to construct log message <[ ]>>.

Public methods execute

1.1. CAF 33 Quattor Documentation, Release 0.0.1

Runs the command, with the options passed at initialization time. If running on verbose mode, the exact command line and options are logged. Please, initialize the object with log = ‘’> if you are passing confidential data as an argument to your command. output Returns the output of the command. The output will not be logged for security reasons. toutput Returns the output of the command, that will be run with the timeout passed as an argument. The output will not be logged for security reasons. stream_output Execute the commands using execute, but the stderr is redirected to stdout, and stdout is processed with processfunction. The total output is aggregated and returned when finished. Extra option is the process mode. By default (or value undef), the new output is passed to process. With mode line, processis called for each line of output (i.e. separated by newline), and the remainder of the output when the process is finished. Another option are the process arguments. This is a reference to the array of arguments passed to the process function. The arguments are passed before the output to the process: e.g. if arguments =\ [qw(a b)]> is used, the process function is called like process(a,b,$newoutput) (with $newoutput the new streamed output) Example usage: during a yum install, you want to stop the yum process when an error message is detected.

sub act{ my ($self,$proc,$message)=@_; if ($message =~ m/error/){ $self->error("Error encountered, stopping process: $message"); $proc->stop; } }

$self->info("Going to start yum"); my $p= CAF::Process->new([qw(yum install error)], input=> 'init'); $p->stream_output(\&act, mode=> line, arguments=>[$self,$p]); run Runs the command. trun Runs the command with $timeout seconds of timeout. pushargs Appends the arguments to the list of command arguments setopts Sets the hash of options passed to the options for the command stringify_command Return the command and its arguments as a space separated string. get_command

34 Chapter 1. Content Quattor Documentation, Release 0.0.1

Return the reference to the array with the command and its arguments. get_executable Return the executable (i.e. the first element of the command). is_executable Checks if the first element of the array with the command and its arguments, is executable. It returns the result of the -x test on the filename (or undef if filename can’t be resolved). If the filename is equal to the basename, then the filename to test is resolved using the File::Which::which method. (Use ./script if you want to check a script in the current working directory). execute_if_exists Execute after verifying the executable (i.e. the first element of the command) exists and is executable. If this is not the case the method returns 1.

COMMON USE CASES

On the next examples, no log is used. If you want your component to log the command, just add log => $self to the object creation.

Running a command

First, create the command: my $proc= CAF::Process->new (["ls", "-lh"]);

Then, choose amongst:

$proc->run(); $proc->execute();

Emulating backticks to get a command’s output

Create the command: my $proc= CAF::Process->new (["ls", "-lh"]);

And get the output: my $output=$proc->output();

Piping into a command’s stdin

Create the contents to be piped: my $contents= "Hello, world";

Create the command, specifying $contents as the input, and execute it:

1.1. CAF 35 Quattor Documentation, Release 0.0.1

my $proc= CAF::Process->new (["cat", "-"], stdin=>$contents); $proc->execute();

Piping in and out

Suppose we want a bi-directional pipe: we provide the command’s stdin, and need to get its output and error: my ($stdin,$stdout,$stderr)=("Hello, world", undef, undef); my $proc= CAF::Process->new (["cat", "-"], stdin=>$stdin, stdout=>\$stdout stderr=>\$stderr); $proc->execute();

And we’ll have the command’s standard output and error on $stdout and $stderr.

Creating the command dynamically

Suppose you want to add options to your command, dynamically: my $proc= CAF::Process->new (["ls", "-l"]); $proc->pushargs ("-a", "-h"); if ($my_expression){ $proc->pushargs ("-S"); }

# Runs ls -l -a -h -S $proc->run();

Subshells

Okay, you really want them. You can’t live without them. You found some obscure case that really needs a shell. Here is how to get it. But please, don’t use it without a good reason: my $cmd= CAF::Process->new(["ls -lh|wc -l"], log=>$self, shell=>1); $cmd->execute();

It will only work with the execute method.

SEE ALSO

LC::Process

Reporter

NAME

CAF::Reporter - Class for console & log message reporting in CAF applications

36 Chapter 1. Content Quattor Documentation, Release 0.0.1

SYNOPSIS

package myclass; use CAF::Log; use parent qw(CAF::Reporter);

my $logger= CAF::Log->new('/path/to/logfile', 'at');

sub new{ ... $self->config_reporter(debuglvl=>2, verbose=>1, logfile=>$logger); ... }

sub foo{ my ($self,$a,$b,$c)=@_; ... $self->report("foo is doing well"); $self->verbose("foo called with params $a $b $c"); $self->debug(3, "foo is performing operation xyz"); ... }

DESCRIPTION

CAF::Reporter provides class methods for message (information, warnings, error) reporting to standard output and a log file. There is only one instance of CAF::Reporter in an application. (All CAF::Reporterinstances share the same configuration). Classes wanting to use CAF::Reporter have to inherit from it (using parent qw(CAF::Reporter) or via @ISA). Usage of a log file is optional. A log file can be attached/detached with the set_logfile method.

Public methods

init_reporter Setup default/initial values for reporter. Returns success. config_reporter Reporter configuration: Following options are supported debuglvl Set the (highest) debug level, for messages reported with the ‘debug’ method. The following recommendations apply:

0: no debug information 1: main package 2: main libraries/functions 3: helper libraries 4: core functions (constructors, destructors)

quiet

1.1. CAF 37 Quattor Documentation, Release 0.0.1

If set to a true value (eg. 1), stops any output to console. verbose If set to a true value (eg. 1), produce verbose output (with the verbose method). Implied by debug >= 1. facility The syslog facility the messages will be sent to verbose_logfile All reporting to logfiles will be verbose logfile logfile can be any type of class object reference, but the object must support a print(@array) method. Typically, it should be an CAF::Log instance. If logfile is defined but false, no logfile will be used. (The name is slightly misleading, because is it does not set the logfile’s filename, but the internal $LOGFILE attribute). struct Enable the structured logging type struct (implemented by method ‘‘ <_struct_>). If struct is defined but false, structured logging will be disabled. If any of these arguments is undef, current application settings will be preserved. init_logfile($filename, $options): bool Create a new CAF::Log instance with $filename and $options and set it using config_reporter. Returns SUCCESS on success, undef otherwise. (The method name is slightly misleading, because is it does create the logfile with filename, but the internal $LOGFILE attribute). get_debuglevel: int Return current debuglevel is_quiet: bool Return true if reporter is quiet, false otherwise is_verbose: bool Return true if reporter is verbose, false otherwise Supports boolean option verbose_logfile to check if reporting to logfile is verbose. report(@array): boolean Report general information about the program progression to stdout (via print) and log method. The output to the console is supressed if quiet is set. The strings in @array are concatenated, newline is added and sent as a single line to the output. Then log method is called with @array (irrespective of quiet). The report method does not log to syslog. info(@array): boolean Logs using syslog method with info priority and reports @array using the report method, but with a [INFO] prefix.

38 Chapter 1. Content Quattor Documentation, Release 0.0.1

OK(@array): boolean Logs using syslog method with notice priority and reports @array using the report method, but with a [OK] prefix. warn(@array): boolean Logs using syslog method with warning priority and reports @array using the report method, but with a [WARN] prefix. error(@array): boolean Logs using syslog method with err priority and reports @array using the report method, but with a [ERROR] prefix. verbose(@array): boolean If verbose is enabled (via config_reporter), the verbose method logs using syslog method with notice priority and reports @array using the report method, but with a [VERB] prefix. debug($debuglvl, @array): boolean If $debuglvl is higher or equal than then one set via config_reporter, the debug method logs to syslog with debug priority and reports @array using the report method, but with a [DEBUG] prefix. If the $debuglvl is not an integer in interval [0-9], an error is thrown and undef returned (and nothing logged). log(@array): boolean Writes @array as a concatenated string with added newline to the log file, if one is setup (via >). If the last argument is a hashref and structured logging is enabled (via >), call the structured logging method with this hashref as argument. syslog($priority, @array) Writes @array as concatenated string to syslog, with the given priority. Nothing will happen is no ‘SYSLOG’ attribute of logfile is set. This attribute is prepended to every message. (Return value is always undef.) _struct_CEEsyslog A structured logging method that uses CEE Common Event Expression format and reports it via syslog with info facility. set_report_history($historyinstance): bool Set $historyinstance as the reporter’s history (using the $HISTORY attribute). Returns SUCCESS on success, undef otherwise. init_history Create a CAF::History instance to track events. Argument keepinstances is passed to the CAF::Historyinitialization. Returns SUCCESS on success, undef otherwise. event If a CAF::History is initialized, track the event. The following metadata is added $WHOAMI

1.1. CAF 39 Quattor Documentation, Release 0.0.1

Current class name ref($self).

Deprecated/legacy methods setup_reporter Deprecated method to configure the reporter. The configure options debuglvl, quiet, verbose, facility, verbose_logfileare passed as postional arguments in that order.

$self->setup_reporter(2,0,1);

is equal to

$self->config_reporter(debuglvl=>2, quiet=>0, verbose=>1); set_report_logfile Deprecated method to configure the reporter LOGFILE attribute:

$self->setup_report_logfile($instance);

is equal to

$self->config_reporter(logfile=>$instance);

Returns SUCCESS on success, undef otherwise. (The method name is slightly misleading, because is it does not set the logfile’s filename, but the internal $LOGFILE attribute).

ReporterMany

NAME

CAF::ReporterMany - Class for console & log message reporting in CAF applications, which allows more than one object instance each with its own reporting setup.

DESCRIPTION

CAF::ReporterMany provides class methods for message reporting just like CAF::Reporter does, with the main distinction that multiple instances do not share the reporter setup (e.g. they can each have their own debuglevel).

RuleBasedEditor

DESCRIPTION

This module implements a rule-based editor that is used to modify the content of an existing file. Each rule driving the editing process is applied to all lines wose “keyword” is matching the one specified in the rule. The input for updating the file is a hash typically built from the Quattor configuration when the rule-based editor is called from a configuration module. Conditions can be defined based on the contents of this configuration. Lines in the configuration file that don’t match any rule are kept unmodified.

40 Chapter 1. Content Quattor Documentation, Release 0.0.1

This module is a subclass of the CAF::FileEditor: it extends the base methods of the CAF::FileEditor. It has only one public method (it uses the CAF::FileEditor constructor). The methods provided in this module can be combined with CAF::FileEditormethods to edit a file. Rules used to edit the file are defined in a hash: each entry (key/value pair) defines a rule. Multiple rules can be applied to the same file: it is important that they are orthogonal, else the result is unpredictable. The order used to apply rules is the alphabetical order of keywords. Applying the rules to the same configuration always give the same result but the changes are not necessarily idempotent (order in which successive edits occured may matter, depending on the actual rules). The hash entry key represents the line keyword in configuration file and hash value is the parsing rule for the keyword value. Parsing rule format is :

[condition->]option_name:option_set[,option_set,...];line_fmt[;value_fmt[:value_fmt_

˓→opt]]

If the line keyword (hash key) starts with a ‘-‘, the matching configuration line will be removed/commented out (instead of added/updated) from the configuration file if present. If it starts with a ‘?’, the matching line will be removed/commented out if the option is undefined. condition An option or an option set/subset (see below) that must exist for the rule to be applied or the keyword ALWAYS. Both option_set and option_name:option_set are accepted. option and option set in the condition are normally different from the option_name and option_setparameters in the rule as this is the default behaviour to apply the rule only if they exist. One option set only is allowed and only its existence (not its value) is tested. option_set can be either an actual option set as defined below or a subset of an option set (a subhash of the option set hash). To specify a subset, use / as a level separator, e.g. xroot/securityProtocol/ gsi (gsi subet of securityProtocol subset of xroot option set). It is possible to negate the condition (option or option_set must not exist) by prepending it with ‘!’. ALWAYS is a special condition that means that rules must be applied whether the option_name:option_set exist in the configuration or not. When they don’t exist the result is to comment out the matching configuration lines. option_name The name of an option that will be retrieved from the configuration. An option is a key in the option set hash. option_set The name of an option set where the option is located in (for example ‘dpnsHost:dpm’ means dpnsHost option of dpm option set). An option set is a sub-hash in the configuration hash. GLOBAL is a special value for option_set indicating that the option is a global option, instead of belonging to a specific option set (global options are at the top level of the configuration hash). line_fmt Defines the format used to represent the keyword/value pair. Several format are supported cover- ing the most usual ones (SH shell script, Apache, . . . ). For the exact list, see the definition of LINE_FORMAT_xxx constants and the associated documentation below. value_fmt used to indicate how to interpret the configuration value. It is used mainly for boolean values, list and hashes. See LINE_VALUE_xxx constants below for the possible values. value_fmt

1.1. CAF 41 Quattor Documentation, Release 0.0.1

used to indicate how to interpret the configuration value. It is used mainly for boolean values, list and hashes. See LINE_VALUE_xxx constants below for the possible values. An example of rule declaration is: my %dpm_config_rules_2=( "ALLOW_COREDUMP"=> "allowCoreDump:dpm;".LINE_FORMAT_SH_VAR.";".LINE_VALUE_

˓→BOOLEAN, "GLOBUS_THREAD_MODEL"=> "globusThreadModel:dpm;".LINE_FORMAT_ENV_VAR, "DISKFLAGS"=>"DiskFlags:dpm;".LINE_FORMAT_SH_VAR.";".LINE_VALUE_ARRAY, );

For more comprehensive examples of rules, look at ncm-dpmlfc or ncm-xrootd source code in configuration- modules-grid repository.

Rule Constants

The constants described here are used to build the rules. All these constants are exported. Add the following to use them: use RuleBasedEditor qw(:rule_constants);

There is a different group of constants for each part of the rule.

LINE_FORMAT_xxx: general syntax of the line

LINE_FORMAT_KW_VAL Keyword value (e.g. Xrootd, Apache) keywork/value separator can be customized with LINE_VALUE_OPT_SEP_xxx. No coment is added to the line. This is the default line format. LINE_FORMAT_KW_VAL_SET Set keyword value. Same remarks as for LINE_FORMAT_KW_VAL. LINE_FORMAT_KW_VAL_SETENV Setenv keyword value Same remarks as for LINE_FORMAT_KW_VAL. LINE_FORMAT_ENV_VAR Export keyword=value (e.g. SH shell family). A comment is added at the end of the line if it is modified by CAF::RuleBasedEditor. If the value contains whitespaces, it is quoted. LINE_FORMAT_SH_VAR keyword=value (e.g. SH shell family). A comment is added at the end of the line if it is modified by CAF::RuleBasedEditor. If the value contains whitespaces, it is quoted. Inline comments are not supported for the LINE_FORMAT_KW_VAL_xxx formats.

LINE_VALUE_xxx: how to interpret the configuration value

LINE_VALUE_AS_IS Take the value as it is, do not attempt any conversion. This is the default value type. LINE_VALUE_BOOLEAN

42 Chapter 1. Content Quattor Documentation, Release 0.0.1

Interpret the value as a boolean rendered as yes or no. LINE_VALUE_ARRAY The value is an array. Rendering controlled by LINE_OPT_xxx constants. LINE_VALUE_HASH The value is a hash of strings. Rendering controlled by LINE_OPT_xxx constants. LINE_VALUE_HASH_KEYS The value is a hash whose keys are the value. Rendering similar to arrays with LINE_VALUE_ARRAY (the key list is treated as an array). LINE_VALUE_INSTANCE_PARAMS specific to ncm-xrootd

LINE_OPT_xxx: options for rendering the config line

These options mainly apply to lists and hashes and are interpreted as a bitmask. LINE_OPT_KEY_PREFIX_DASH If set, add a - before the keyword when writing it in the configuration file. LINE_OPT_VALUE_ONELINE Each value in an array or keyword/value pair in a hash must be on a separate line. This results in several instances of the same keyword (multiple lines) in the configuration file. LINE_OPT_VALUE_UNIQUE Each values are concatenated as a space-separated string LINE_OPT_VALUE_SORTED Values are sorted LINE_OPT_HASH_SEP_COLON When LINE_VALUE_HASH, use a colon between each hash key and value. LINE_OPT_SEP_COLON Use a colon between keyword and value. LINE_OPT_SEP_EQUAL Use an equal sign between keyword and value. LINE_VALUE_OPT_SPACE_AROUND_SEP When updating the value, put a space around the keyword/value separator. $FILE_INTRO_xxx: constants defining the expected header lines in the configuration file

Public methods updateFile Update configuration file contents, applying configuration rules. Arguments :

1.1. CAF 43 Quattor Documentation, Release 0.0.1

config_rules: a hashref containing config rules corresponding to the file to

˓→build config_options: a hashref for configuration parameters used to build actual

˓→configuration options: a hashref defining options to modify the behaviour of this function

Supported entries for options hash:

always_rules_only: if true, apply only rules with ALWAYS condition (D:

˓→false). See introduction about the ALWAYS condition. remove_if_undef: if true, remove matching configuration line if rule

˓→condition is not met (D: false)

Return value

sucess:1 error processing of one or more rules:0 argument error or error duing rule processing: undef

Private methods formatAttributeValue This function formats an attribute value based on the value format specified. Arguments:

attr_value : attribute value (type interpreted based on C) line_fmt : line format (see LINE_FORMAT_xxx constants) value_fmt : value format (see LINE_VALUE_xxx constants) line_opt: line rendering options

Return value:

A string corresponding to the value formatted according to the format

˓→specified by arguments or undef in case of an internal error (missing arguments)

_formatConfigLine This function formats a configuration line using keyword and value, according to the line format requested. Values containing spaces are quoted if the line format is not LINE_FORMAT_KW_VAL. Arguments :

keyword : line keyword value : keyword value (can be an empty string) line_fmt : line format (see LINE_FORMAT_xxx constants) line_opt: line rendering options

Return value:

A string corresponding to the line formatted according to line_fmt or undef in case of an internal error (missing arguments)

_escape_regexp_string

44 Chapter 1. Content Quattor Documentation, Release 0.0.1

Help method to escape all characters with a special interpretation in the context of a regexp. Arguments:

regexp_str: initial regexp string (characters not escaped)

Return value:

string: regexp with all specail characters escaped

_buildLinePattern This function builds a pattern that will match an existing configuration line for the configuration parameter specified. The pattern built takes into account the line format. Every whitespace in the pattern (configu- ration parameter) are replaced by s+. If the line format is LINE_FORMAT_KW_VAL, no whitespace is imposed at the end of the pattern, as this format can be used to write a configuration directive as a keyword with no value. Arguments :

config_param: parameter to update line_fmt: line format (see LINE_FORMAT_xxx constants) line_opt: line rendering options config_value: when defined, make it part of the pattern (used when multiple

˓→lines with the same keyword are allowed)

Return value:

A string containing the pattern to use to match the line in the file or undef in case of an internal error (missing argument or an invalid line format).

_commentConfigLine This function comments out a configuration line matching the configuration parameter. Match operation takes into account the line format. Arguments :

config_param: parameter to update line_fmt : line format (see LINE_FORMAT_xxx constants) line_opt: line rendering options

Return value:

success:1 error during processing:0 internal error (missing argument): undef

_updateConfigLine This function does the actual update of a configuration line after doing the final line formatting based on the line format. Arguments :

config_param: parameter to update config_value: parameter value (can be an empty string) line_fmt: line format (see LINE_FORMAT_xxx constants) (continues on next page)

1.1. CAF 45 Quattor Documentation, Release 0.0.1

(continued from previous page) line_opt: line rendering options multiple: if true, multiple lines with the same keyword can exist (D: false)

Return value:

undef or 1 in case of an internal error (missing argument)

_parse_rule Parse a rule and return as a hash the information necessary to edit lines. If the rule condition is not met, undef is returned. If an error occured, the hash contains more information about the error. Arguments :

rule: rule to parse config_options: configuration parameters used to build actual configuration parser_options: a hashref defining options to modify the behaviour of this

˓→function

Supported entries for options hash:

always_rules_only: if true, apply only rules with ALWAYS condition (D:

˓→false). See introduction about the ALWAYS condition. remove_if_undef: if true, remove matching configuration line if rule

˓→condition is not met (D: false)

Return value: undef if the rule condition is not met or a hash with the following information:

error_msg: a non empty string if an error happened during parsing remove_matching_lines: a boolean indicating that the matching lines must be

˓→removed option_sets: a list of option sets containing the attribute to use in the

˓→updated line attribute: the option attribute to use in the updated line

_apply_rules Apply configuration rules. This method is the real workhorse of the rule-based editor. Arguments :

config_rules: config rules corresponding to the file to build config_options: configuration parameters used to build actual configuration.

˓→Note that keys in the config_options hash are interpreted as escaped (generally

˓→harmless if they are not as the killing sequence, '_'+2 hex digit, is unlikely to occur in

˓→this context. Use camel case for keys to prevent problems). parser_options: a hash setting options to modify the behaviour of this

˓→function

Supported entries for options hash:

always_rules_only: if true, apply only rules with ALWAYS condition (D: false) remove_if_undef: if true, remove matching configuration line if rule

˓→condition is not met (D: false)

46 Chapter 1. Content Quattor Documentation, Release 0.0.1

Return value:

success:1 error processing one or more rules:0 undef in case of an internal error (missing argument)

Service

NAME

CAF::Service - Class for starting and stopping daemons in different platforms

SYNOPSIS use CAF::Service; my $srv= CAF::Service->new(['ntpd'], log=>$self,%opts); $srv->reload(); $srv->stop(); $srv->start(); $srv->restart(); $srv->stop_sleep_start();

Will do the right thing with SystemV Init scripts, Systemd units and Solaris’ svcadm.

DESCRIPTION

This class abstracts away the differences when operating with Daemons in different Unixes.

Private methods

_initialize Initialize the process object. Arguments: $services Reference to a list of services to be handled. It takes some extra optional arguments: log A CAF::Reporter object to log daemon activities to. timeout Maximum execution time, in seconds, for any service operations. If it’s too slow it will be killed. If not defined, the command won’t time out. On Solaris it implies that svcadm actions are executed synchronously. After this timeout, the operation will continue in background, but will NOT mark the service as failed. For marking timed out services operations as failed, we have to edit the method definition, which is out of the scope of this method. See the man page for smf_method for more details.

1.1. CAF 47 Quattor Documentation, Release 0.0.1

On systemd-based systems, the timeout parameter is ignored. The correct way to handle time- outs in systemd is to store them in the unit file, which will ensure they are respected in any context that unit may be called. sleep. Used only in stop_sleep_start. Determines the number of seconds to sleep after stop before proceeding with start. persistent Used only in the Solaris variant of start and stop. Make the enabling or disabling of this service persist in subsequent reboots. Implies not passing the -t flag to svcadm. recursive. Used only in the Solaris variant of start and stop. Starts or stops all the dependencies for the given daemons, too. synchronous Used only in the Solaris variant of restart. Waits until all services have been restarted. If no timeout was passed, it will wait forever. ...

Public methods restart Restarts the daemons. start Starts the daemons. stop Stops the daemons reload Reloads the daemons stop_sleep_start Stops the daemon, sleep, and then start the dameon again. Only when both stop and start are suc- cessful, return success. os_flavour Determine and return the OS flavour (/variant) Current flavours are linux_sysv Linux OS with SysV int system linux_systemd Linux OS with systemd solaris Solaris OS

48 Chapter 1. Content Quattor Documentation, Release 0.0.1

(All supported flavours are exported via @FLAVOURS.)

Private methods

__make_method A generator for service methods, to be used in e.g. subclassing. In the example below we create a custom service class that supports e.g. ‘service myservice init’:

package MyService;

use CAF::Service qw(__make_method @FLAVOURS); use parent qw(CAF::Service);

sub _initialize{ my ($self,%opts)=@_; return $self->SUPER::_initialize(['myservice'],%opts); }

my $method= 'init'; foreach my $flavour(@FLAVOURS){ no strict 'refs'; *{"${method}_${flavour}"}= __make_method($method,$flavour); use strict 'refs'; }

1;

This class can than be used in the same way as CAF::Service

use MyService; ... my $serv= MyService->new(); $serv->init(); ... $serv->reload();

TextRender

NAME

CAF::TextRender - Class for rendering structured text

SYNOPSIS use CAF::TextRender; my $module= 'tiny'; my $trd= CAF::TextRender->new($module,$contents, log=>$self); print "$trd"; # stringification

$module= "yaml"; $trd= CAF::TextRender->new($module,$contents, log=>$self); (continues on next page)

1.1. CAF 49 Quattor Documentation, Release 0.0.1

(continued from previous page) # return CAF::FileWriter instance (rendered text already added) my $fh=$trd->filewriter('/some/path'); die "Problem rendering the text" if (!defined($fh)); $fh->close();

DESCRIPTION

This class simplyfies the generation of structured text like config files. (It is based on 14.8.0 ncm-metaconfig).

Private methods

_initialize Initialize the process object. Arguments: module The rendering module to use: either one of the following reserved values json JSON format (using JSON::XS) (JSON true and false have to be resp. \1 and c<0>) yaml YAML (using YAML::XS) (YAML true and false, either resp. $YAML_BOOL-{yes}> and $YAML_BOOL-{no}>; or the strings $YAML_BOOL_PREFIX."true" and $YAML_BOOL_PREFIX."false" (There are known problems with creating hashrefs using the $YAML_BOOL-{yes}> value for true; Perl seems to mess up the structure when creating the hashrefs)) properties Java properties format (using Config::Properties), tiny .INI format (using Config::Tiny) (Previously available module was removed in 15.12. Component writers needing this functionality can use the CCM::TextRender subclass instead). Or, for any other value, Template::Toolkit is used, and the module then indicates the relative path of the template to use. contents contents is a hash reference holding the contents to pass to the rendering module. It takes some extra optional arguments: log, eol and usecache Handled by _initialize_textopts from CAF::ObjectText includepath The basedirectory for TT template files, and the INCLUDE_PATH for the Template instance. The includepath is either a string (i.e. ‘:’-separated list of paths), an arrayref (of multiple include paths) or undef (the default ‘/usr/share/templates/quattor’ is used).

50 Chapter 1. Content Quattor Documentation, Release 0.0.1

relpath The relative path w.r.t. the includepath to look for TT template files. This relative path should not be part of the module name, however it is not the INCLUDE_PATH. (In particular, any TT INCLUDE statement has to use it as the relative basepath). If relpath is undefined, the default ‘metaconfig’ is used. If you do not have a subdirectory in the includepath, use an empty string. ttoptions A hash-reference ttoptions with Template Toolkit options, except for INCLUDE_PATH which is forced via includepath option. By default, STRICT (default 0) and RECURSION (default 1) are set.

1.2 CCM

1.2.1 Configuration Cache Manager

These modules handle the conversion of an XML or JSON profile into a local binary cache, and give the API for Quattor modules to access these caches. If you are writing a Quattor-client module, all you probably need is the getElement and getTree methods from a Configuration object. Typically you will combine them like this: `my $tree = $cfg->getElement("/foo/bar")->getTree();` And you will have a reference to a data structure, identical to what you defined in your profile. For more information, see the man pages.

CCfg

NAME

EDG::WP4::CCM::CCfg

SYNOPSIS init() or init("/etc/ccm.conf")

$cache_root= getCfgValue ("cache_root");

DESCRIPTION

CCfg is used to get configuration parameters. Defualt values for configuration parameters get overwritten if defined in configuration file. initCfg (;$cfg_file)

1.2. CCM 51 Quattor Documentation, Release 0.0.1

Initialise CCfg. if $cfg_file parameter is present, file has to exists, if it does not exist error is risen. If the parameter is not present defualt EDG paths are used. If configuration file does not exist in defualt locations the default values are used. getCfgValue ($key) returns a value of the configuration parameter identified by $key. setCfgValue ($key, $value, $force) Set the configuration option $key to $value. If force is set, the option and value are also added to the force_cfg hashref, making it protected against rereading of the config file. resetCfg reset the configuration hash and empty the force hashref.

CLI

NAME

EDG::WP4::CCM::CLI

DESCRIPTION

This module inplements the CCM CLI. The final script should be rather minimal, and a module allows for far easier unittesting. action_show Print the tree starting from the selected path(s). Not existing paths are skipped. action_dumpdb Lowlevel debugging function to dump the profile DBs path2eid and eid2data.

CacheManager

NAME

EDG::WP4::CCM::CacheManager

SYNOPSIS

$cm= EDG::WP4::CCM::CacheManager->new(["/path/to/root/of/cache"]); $cfg=$cm->getUnlockedConfiguration($cred[,$cid]); $cfg=$cm->getLockedConfiguration($cred[,$cid]); $cfg=$cm->getAnonymousConfiguration($cred[,$cid]); $bool=$cm->isLocked();

52 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

Module provides CacheManager class. This is the top level class of the NVA-API library. It is used by the clients to interact with the NVA cache. new ($cache_path) Create new CacheManager object with $cache_path. $config_file is an optional parameter that points to the CCM config file. getCachePath returns path of the cache getConfigurationPath For given cid, return the basepath of the Configuration data. (No checks are made e.g. if the directory exists, simply returns the directory name). getCids Return arrayref to sorted list of all found/valid CIDs. Returns undef in case of problem. getCid For given cid, validate and check the CID. Returns undef for a non-existing CID. Also handles special values for cid: undef, “current” or empty string If CID is undef, the string “current” or an empty string, the current CID (from the “current.cid” file) is returned. “latest” or “-“ If CID is the string “latest” or “-“, the latest CID (from the “latest.cid” file) is returned. negative value (e.g. -1) If CID is negative -N, the N-th most recent CID value is returned (e.g. -1 returns the most recent CID, -2 the CID before the most recent, . . . ). (A distinction is made between “most recent” and “latest”, as the “latest” CID is held in the “latest.cid” file). getConfiguration ($cred, $cid) Returns narrowest-possible Configuration object. If cid is defined, return a locked Configuration with this cid. (Special values for cid are handled by the getCid method). If cid is undefined, an unlocked Configuration is used (and the write permission for the anonymous flag are checked against the CacheManager’s current CID). The Configuration instance is created with anonymous flag equal to -1(i.e. the Configuration instance will determine if the Configuration is anonymous or not based on the write permissions of the current process). The locked and anonymous flags can also be forced via named arguments (e.g. > or >).

1.2. CCM 53 Quattor Documentation, Release 0.0.1

Security and $cred parameter meaning are not defined (but is kept for compatibility with other get{Locked,Unlock,Anonymous}Configuration methods). The configuration template name can also be passed via an optional named argument name_template (e.g. name_template => basic). getUnlockedConfiguration ($cred; $cid) This method is deprecated in favour of getConfiguration. Returns unlocked Configuration object. Unless the object is locked explicitly later by calling the lock method, CCM::CacheManager::Elements will always be fetched from the current CID, not the CID passed via $cid. (If the $cid parameter is omitted, the most recently downloaded configuration (when the cache was not globally locked) is returned.) Security and $cred parameter meaning are not defined. getLockedConfiguration ($cred; $cid) This method is deprecated in favour of getConfiguration. Returns locked Configuration object. If the $cid parameter is omitted, the most recently downloaded configuration (when the cache was not globally locked) is returned. Security and $cred parameter meaning are not defined. getAnonymousConfiguration ($cred; $cid) This method is deprecated in favour of getConfiguration. Returns unlocked anonymous Configuration object. Unless the object is locked explicitly later by calling the lock method, CCM::CacheManager::Elements will always be fetched from the current CID, not the CID passed via $cid. (If the $cid parameter is omitted, the most recently downloaded configuration (when the cache was not globally locked) is returned.) Security and $cred parameter meaning are not defined. isLocked () Returns true if the cache is globally locked, otherwise false. getCurrentCid returns current cid (from cid file) getLatestCid returns latest cid (from cid file)

CacheManager :: Configuration

NAME

EDG::WP4::CCM::CacheManager::Configuration - Configuration class

54 Chapter 1. Content Quattor Documentation, Release 0.0.1

SYNOPSIS

$cid=$cfg->getConfigurationId(); $elt=$cfg->getElement($path); $elt=$cfg->getElement($string); $val=$cfg->getValue($path); $val=$cfg->getValue($string); $bool=$cfg->elementExists($path); $bool=$cfg->elementExists($string); $cfg->lock(); $cfg->unlock(); $bool=$cfg->isLocked();

DESCRIPTION

Module provides the Configuration class, to manipulate confgurations. new Create Configuration object. It takes three arguments: cache_manager: the CacheManager ob- ject cid: the configuration id locked: boolean lock flag anonymous: boolean anonymous flag name_template: name template If a configuration with specified CID does not exists, an exception is thrown. When the locked flag is set (or when the lock method is called to set it), the Configuration in- stance is bound to the specific CID, even if this is not the CacheManager’s current one (e.g. when a new profile is fetched during the lifetime of the process, the CacheManager current CID is updated to the latest one). The locking is relevant when a CCM::CacheManager::Element is accessed via a CCM::Configuration instance (in particular, when a call to _prepareElementis made). As a consequence, an unlocked Configuration instance will always use the CacheManager’s current CID. Unless the anonymous flag is set to true, each process that creates a Configuration instance, creates a file named ccm-active-profile.$cid.$pid(with $cid the CID and $pid the process ID) under the profile.$ciddirectory in the CacheManager cache path. The presence of this file protects the process from getting this particular CID removed by the ccm-purge command (e.g. by the daily purge cron job). If the anonymous flag is set to -1, the permissions of the user to create this file are verified, and if the user can write to this file, the anonymous flag is set to false (this is only verified once during initialisation). Processes that have no permission to create this file (or don’t care about long runtimes), can set the anonymous flag and use the configuration (at their own risk). getConfigurationId () Returns configuration id. lock () Lock configuration (local lock). unlock () Unlock configuration (local unlock). isLocked () Returns true if the configuration is locked, otherwise false getName

1.2. CCM 55 Quattor Documentation, Release 0.0.1

Return the name of the Configuration based on the name template set during initialisation. The type argument (default name) specifies which name format is used. The actual template used is CCM/names//\ ``type.tt‘‘. Following types are defined name: (compact) name The data used for rendering is the /metadata tree. The rendered text is stripped from any leading and/or trailing whitespace and is added to the name at- tribute, the next getName call will return the cached value. If no template was set, undef is returned. If there was rendering (or any other) failure, undef is returned and the fail attribute is set. getElement ($path) Returns Element object identified by $path (path may be a string or and object of class Path) getValue ($path) returns value of the element identified by $path elementExists ($path) returns true if elements identified by $path exists getTree ($path) returns getTree of the element identified by $path. Any other optional arguments are passed to getTree. If the path does not exist, undef is returned. (Any error reason is set as the fail attribute and the error is ignored.)

CacheManager :: DB

NAME

EDG::WP4::CCM::CacheManager::DB my $db = EDG::WP4::CCM::CacheManager::DB->new($prefix, %opts); # Write the hashref to the database file $db->write($hashref); # Open the database and tie to hashref $db->open($hashref);

# Direct read access to database (combines new and open) $success= EDG::WP4::CCM::CacheManager::DB::read($hashref,$prefix);

DESCRIPTION

This is a wrapper around all access to the profile database format, which copes with multiple possible data formats.

56 Chapter 1. Content Quattor Documentation, Release 0.0.1

Methods

new / _initialize Create a new DB instance using prefix, the filename without extension (will be used by both the .db file itself and a .fmt format description). Optional parameters log A CAF::Reporter instance for logging/reporting. test_supported_format Test if dbformat is a supported format. Returns SUCCESS on success, undef on failure (and sets fail attribute). write Given a hashref hashref, write out the hash in a database format dbformat. (If dbformat is not defined, the default format DB_File will be used). Once successfully written, the hashref will be untied and does not remain connected to the persistent storage. perms is an optional hashref with the file permissions for both database file and format description (owner/mode/group, CAF::FileWriter style). Returns undef on success, a string with error message otherwise. open Open the database file. The format of the database file will be determined by reading the format file. If that file does not exist, then default format DB_File will be used. Returns undef on success, a string with error message otherwise. On success, the hashref will be tied to the specified database.

Functions read_db Given hashref and prefix, create a new instance using prefix (and any other options) and return the opened database with hashref. read_db function is exported read An alias for read_db (not exported, kept for legacy).

CacheManager :: Element

NAME

EDG::WP4::CCM::CacheManager::Element - Element class

1.2. CCM 57 Quattor Documentation, Release 0.0.1

SYNOPSIS

$eid=$element->getEID(); $name=$element->getName(); $path=$element->getPath() $type=$element->getType(); $derivation=$element->getDerivation(); $checksum=$element->getChecksum(); $description=$element->getDescription(); $value=$element->getValue(); $boolean=$element->isType($type); $boolean=$element->isResource(); $boolean=$element->isProperty(); $hashref=$element->getRecHash();

DESCRIPTION

The class EDG::WP4::CCM::CacheManager::Element implements those methods that are common to all elements and represents a Property. The class is a base class for EDG::WP4::CCM::CacheManager::Resource, which has additional methods. new($config, $ele_path) Create new Element object. The $config parameter is a Configuration object with the profile. The $ele_path parameter is the element’s configuration path (it can be either a Path object or a string). _get_tied_db Wrapper around read_db() to attempt to cache the tied hash. Takes a scalar reference (to be filled in with either a new hash ref or the cached hash ref) instead of a hash ref. The caching mechanism is extremely conservative and will only cache the last version of path2eid or eid2path to be accessed. It makes the assumption that these files will never change. (Instead, new profile data goes into a whole new path.) elementExists($config, $ele_path) Returns true if the element identified by $ele_path exists otherwise false is returned createElement($config, $ele_path) Create a new Resource or Element object, depending on the type of the element given by $ele_path. The $config parameter is a Configuration object with the profile. The $ele_path parameter is the element’s configuration path (it can be either a Path object or a string). getConfiguration() Returns the element’s Configuration object getEID() Returns the Element ID of the object. This method is not a part of the NVA-API specification, it may be a subject to change. getName() Returns the name of the object getPath() Returns a Path object with the element’s path

58 Chapter 1. Content Quattor Documentation, Release 0.0.1 getType() Returns the element’s type, that is, one of the TYPE_* constans getDerivation() Returns the element’s derivation getChecksum() Returns the element’s checksum (that is, MD5 digest) getDescription() Returns the element’s description getValue() Returns the element’s value, as a string This method is not a part of the NVA-API specification, it may be a subject to change. isType($type) Returns true if the element’s type match type contained in argument $type isResource() Return true if the element’s type is RESOURCE isProperty() Return true if the element’s type is PROPERTY getTree Returns a reference to a nested hash composed of all elements below this element. Corrected according to the III Quattor Workshop recomendations. Now, PAN booleans map to Perl booleans, PAN lists map to Perl array references and PAN nlists map to Perl hash references. Note that links cannot be followed. If depth is specified (and not undef), only return the next depthlevels of nesting (and use the Element instances as values). A depth == 0 is the element itself, depth == 1 is the first level, . . . Named options convert_boolean Array ref of anonymous methods to convert the argument (1 or 0 for resp true and false) to another boolean representation. convert_string Array ref of anonymous methods to convert the argument (string value) to another representa- tion/format. convert_long Array ref of anonymous methods to convert the argument (integer/long value) to another rep- resentation/format. convert_double Array ref of anonymous methods to convert the argument (float/double value) to another rep- resentation/format. convert_list

1.2. CCM 59 Quattor Documentation, Release 0.0.1

Array ref of anonymous methods to convert the argument (list of elements) to another repre- sentation/format. Each element is already processed before the conversion. convert_nlist Array ref of anonymous methods to convert the argument (dict of elements) to another repre- sentation/format. Each element is already processed before the conversion. convert_key Array ref of anonymous methods to convert the key(s) of the dicts to another representa- tion/format. At the end, a stringification of the result is used as key. The arrayref of anonymous methods are applied as follows: convert methods [a, b, c] will produce $new = c(b(a($old))). (An exception is thrown if these methods are not code references).

CacheManager :: Encode

NAME

EDG::WP4::CCM::CacheManager::Encode - Module with DB encoding functions and constants

DESCRIPTION

EDG::WP4::CCM::CacheManager::Encode implements the functions that provide the encoding of metadata in the DB instance used. The DB is build as follows: In EDG::WP4::CCM::Fetch::ProfileCache the profile is converted to a hashref with subpath as key and hashref with data and metadata as value. The hashref is walked building up the path and a counter (the eid) is increased for each path The relation between the path and the counter is stored in the path2eid DB with path as key and encoded eid (using db_keys($eid)-{VALUE}>) as value. The data and metadata are stored in eid2data DB using the encoded eid (which has offset for each type of data and metadata) as key and the data as value. Access to data based on path is possible without en/decoding (eid2data->{path2eid->{$path}}). Access to the metadata however requires decoding of the encoded eid from path2eid; to recompute the encoded keys for the metadata.

Type constants:

ELEMENT PROPERTY STRING LONG DOUBLE (continues on next page)

60 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) BOOLEAN LINK RESOURCE NLIST TABLE RECORD LIST

Functions

type_from_name Convert a type in string format into a type constant. Returns UNDEFINED constant and warns when name is not supported. decode_eid Return decoded eid. encode_eids Given eid, return the keys of the tie’ed DB hashref for VALUE, TYPE, DERIVATION, CHECKSUM and DESCRIPTIONas used in the eid2data DB.

CacheManager :: Resource

NAME

EDG::WP4::CCM::CacheManager::Resource - Resource class

SYNOPSIS

%hash=$resource->getHash(); @list=$resource->getList(); $boolean=$resource->hasNextElement(); [$property|$resource]=$resource->getNextElement(); [$property|$resource]=$resource->getCurrentElement(); $resource->reset();

DESCRIPTION

The class Resource is a derived class of Element class, and implements methods that are specific to Resources, that is, internal nodes of the configuration tree, containing other resources and properties. tree. new($config, $res_path) Create new Resource object. The $config parameter is a Configuration object with the profile. The $res_path parameter is the resource’s configuration path. getHash()

1.2. CCM 61 Quattor Documentation, Release 0.0.1

Return a hash of elements, indexed by name The method raises an exception if the resource type is not nlist This method is not a part of the NVA-API specification, it may be a subject to change. getList() Return an array of elements. The method raises an exception if the resource type is not list. This method is not a part of the NVA-API specification, it may be a subject to change. hasNextElement() Return true if the iteration through Resource has more elements, otherwise returns false getNextElement() Return the next element in the iteration getCurrentElement() Return current element in the iteration. This is the element that was returned by the last call of getNex- tElement() reset() Reset the iteration. After this operation being called, getNextElement() will return first element in the iteration

Element

Fetch

NAME

EDG::WP4::CCM::Fetch

SYNOPSIS

$fetch= EDG::WP4::CCM::Fetch->new({PROFILE_URL=> "profile_url or hostname", CONFIG=> "path of config file", FOREIGN=> "1/0"});

$fetch->fetchProfile();

DESCRIPTION

Module provides Fetch class. This helps in retrieving XML profiles and from specified URLs. It allows users to retrieve local, as well as foreign node profiles.

Functions new()

62 Chapter 1. Content Quattor Documentation, Release 0.0.1

new({PROFILE_URL=> "profile_url or hostname", CONFIG=> "path of config file", FOREIGN=> "1/0"});

Creates new Fetch object. Full url of the profile can be provided as parameter PROFILE_URL, if it is not a url a profile url will be calculated using ‘base_url’ config option in /etc/ccm.conf. Path of alternative configuration file can be given as CONFIG. Returns undef in case of error. fetchProfile() fetchProfile fetches the profile from profile url and keeps it at configured area. The cache root variable is set as $fetch_handle{‘CACHE_ROOT’} which can further be passed to CacheManager object and use NVA-API to access Resources and Properties. If the profile is foreign, then the cache_root configuration is expected to be just for this foreign host and unexpected behaviour will result if the cache_root is shared. Only a single (most recent) copy of the foreign copy will be stored: previous versions will be removed. Foreign profiles do not use failover URLs: if the primary URL is unavailable, then the fetch will fail. Returns undef if it cannot fetch the profile due to a network error, <$EDG::WP4::CCM::Fetch::ProfileCache::ERROR> in case of other failure, SUCCESS in case of successful fetch, but no updated profile and CHANGED in case of successful fetch and updated profile.

Fetch :: Config

NAME

EDG::WP4::CCM::Fetch::Config

DESCRIPTION

Module provides methods to handle any configuration options set in either CCM config and/or the commandline

Functions setNotificationTime() Define notification time, if profile modification time is greater than notification time then only the profile will be downloaded setTimeout() Define timeout after which profile fetch will be terminated. setProfileFailover() Define failover profile url

1.2. CCM 63 Quattor Documentation, Release 0.0.1

Fetch :: Download

NAME

EDG::WP4::CCM::Fetch::Download

DESCRIPTION

Module provides methods to handle the retrieval of the profiles.

Functions

retrieve Stores $url into $cache if it’s newer than $time, or if $self->{FORCE} is set. It returns undef in case of error, 0 if it there were no changes on the remote server since $time (the server returned a 304 code) and a CAF::FileWriter object with the downloaded contents if they had to be downloaded. Should be called ony by download. download Downloads the files associated with $type (profile). In case of error it retries $self- >{RETRIEVE_RETRIES} times, falling back to a failover URL if necessary (thus up to 2*$self- >{RETRIEVE_RETRIES} may happen. Returns undef (or dies) in case of error, or the result from retrieve method otherwise: 0 if nothing had to be retrieved (files in the server were older than our local cache) a CAF::FileWriter object with the downloaded contents, if something was actually downloaded

Fetch :: JSONProfileSimple

SYNOPSIS

EDG::WP4::CCM::Fetch::JSONProfileSimple->interpret_node($tag,$jsondoc);

DESCRIPTION

Module that iterprets a JSON profile and generates all the needed metadata, to be inserted in the cache DB. This metadata includes a checksum for each element in the profile, the Pan basic type, the element’s name (that will help to reconstruct the path). . . JSONProfileSimple only support 2 scalars: booleans and strings. Should be used by EDG::WP4::CCM::Fetch only. This module has only one method for the outside world:

64 Chapter 1. Content Quattor Documentation, Release 0.0.1 interpret_node

JSON profiles don’t contain any basic type information, and JSON::XS may lose it. So, with JSONProfileSimple, we’ll store in the caches only two types of scalars: booleans, which will be identical as they used to be, and strings. Component writers know if they expect a given element in the profile to be a number, and may rely on Perl’s automatic stringification/numification.

Fetch :: JSONProfileTyped

SYNOPSIS

EDG::WP4::CCM::Fetch::JSONProfileTyped->interpret_node($tag,$jsondoc);

DESCRIPTION

Module that iterprets a JSON profile and generates all the needed metadata, to be inserted in the cache DB. This metadata includes a checksum for each element in the profile, the Pan basic type, the element’s name (that will help to reconstruct the path). . . Should be used by EDG::WP4::CCM::Fetch only. This module has only interpret_node method for the outside world.

Type information from JSON::XS

JSON profiles don’t contain any explicit type information (as opposed to the XMLPAN output), e.g. JSON only supports ‘number’ where XMLPAN has ‘long’ and ‘double’. It is up to the JSON decoder to provide us with this additional distinction. The JSON package JSON::XS does not expose the scalar type information. However, we try to come up with correct proper type by relying on the property that JSON::XS sup- ports json_string eq encode(copy(decode(json_string)))(implying that the instance returned by decode has the XS types (and e.g. no stringification has happened)). However, this is best effort only. Imperative in the whole typed processing is that values from the decoded JSON are not assigned to any variable before the type information is extraced via the B::svref_2object method. The scalar types (except for boolean) are then mapped to the B classes: IV is ‘long’, PV is ‘double’ and NV is ‘string’. Anything else will be mapped to string (including the combined classes PVNV and PVIV). TODO: The validity of this assumption is tested in the BEGIN{} (and unittests). interpret_node b_obj is returned by the B::svref_2object() method on the doc(ideally before doc is assigned). The initial call from Fetch doesn’t pass the b_obj value, but that is acceptable since we do not expect the whole JSON profile to be a single scalar value.

1.2. CCM 65 Quattor Documentation, Release 0.0.1

Fetch :: ProfileCache

NAME

EDG::WP4::CCM::Fetch::ProfileCache

DESCRIPTION

Module provides methods to handle the creation of the profile cache.

Functions setProfileFormat Define the profile format. If receives an argument, it will use it with no further questions. If not, it will try to derive it from the URL, being: * URLs ending in xml are for XML profiles. * URLs ending in json are for JSON profiles. and their gzipped equivalents.

Fetch :: XMLPanProfile

SYNOPSIS

EDG::WP4::CCM::Fetch::XMLPanProfile->interpret_node($tag,$xmltree);

DESCRIPTION

Module that iterprets an XML profile in pan format, and generates all the needed metadata, to be inserted in the cache DB. This metadata includes a checksum for each element in the profile, the Pan basic type, the element’s name (that will help to reconstruct the path). . . Should be used by EDG::WP4::CCM::Fetch only. This module has only one method for the outside world: interpret_node

Interprets an XML tree, which is assumed to have a format="pan"attribute, returning the appropriate data structure with all the attributes and values.

Options

NAME

EDG::WP4::CCM::Options

66 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

Use this module to create (commandline) application that interact with CCM directly. Available convenience methods: app_options Return list of CCM application specific options and commandline options for all CCM config options setCCMConfig Set the CCM Configuration instance for CID cid under CCM_CONFIG attribute using CacheManager’s getConfiguration method. If cid is not defined, the cid value from the --cid-option will be used. (To use the current CID when another cid value set via --cid-option, pass an empty string or the string ‘current’). A CacheManager instance under CACHEMGR attribute is created if none exists or force_cache is set to true. Returns SUCCESS on success, undef on failure. getCCMConfig Returns the CCM configuration instance. If none exists, one is created via setCCMConfig method. All arguments are passed to possible setCCMConfig call. gatherPaths Retrun arrayref of selected profile path (via the PATH_SELECTION_METHODS) All options are treated as initial paths. default_action Set the default action $action if action is defined (use empty string to unset the default value). Returns the default action. action_showcids the showcids action prints all sorted profile CIDs as comma-separated list add_actions Add actions defined in hashref to the supported actions. When creating a new module derived from EDG::WP4::CCM::Options, add methods named “ac- tion_”, and add then via this method to the _actions hashref. This will create a commandline option “–something”, if selected, will execute the action_ method. The hashref key is the action name, the value is the help text. (Returns the _actions hashref for unittesting purposes) action Run first of the predefined actions via the action_ methods

1.2. CCM 67 Quattor Documentation, Release 0.0.1

Path

NAME

EDG::WP4::CCM::Path - Path class

SYNOPSIS

$path= EDG::WP4::CCM::Path->new("/hardware/memory/size"); print "$path"; # stringification

$path=$path->down($level);

$path=$path->up();

DESCRIPTION

Module provides implementation of the Path class. Class is used to manipulate absolute paths

Public methods

new ($path) Create new EDG::WP4::CCM::Path instance. If path argument is not specified, root path (/) is used. Empty string is not allowed as an argument. path is a string representation of the path as defined in the NVA-API Specification document. depth Return the number of subpaths, starting from /. get_last Return last (safe unescaped) subpath or undef in case of /. The strip_unescape boolean is passed to _safe_unescape. toString Get the (raw) string representation of path. The EDG::WP4::CCM::Path instances also support stringification (the _stringify method is used for that) and might create different result due to safe_unescape. _boolean bool overload: Path instance is always true (avoids stringification on logic test) _stringify Method for overloaded stringification. This includes support for safe_unescape to wrap unescaped subpaths in {}. up Removes last chunk of the path and returns it. If the path is already / then the method raises an exception.

68 Chapter 1. Content Quattor Documentation, Release 0.0.1

down Add chunk to the path. The chunk can be compound path. (A leading / will be ignored). merge Return a new instance with optional (list of) subpaths added. parent Return a new instance with parent path. Returns undef if current element is /.

Public functions

unescape Returns an unescaped version of the argument. This method is exported for use with all the components that deal with escaped keys. escape Returns an escaped version of the argument. This method is exported on demand for use with all tools that have to escape and unescape values. path_split Function to split a string in list of subpaths. Supports escaping of subpaths wrapped in {...}. set_safe_unescape Set the list of (parent) paths whose children are known to be escaped paths. (The list is set to all arguments passed, not appended to current safe_unescape list). Paths can either be strings (an exact match will be used) or compiled regular expressions. These child subpaths are safe to represent as their unescaped value wrapped in {} when method is called (e.g. during stringification). Parent paths who have a safe-to escape parent path of their own should be added already escaped. The list is stored in the safe_unescape module variable and can emptied with reset_safe_unescape exported functions. If no argument is passed, a predefined list of paths is used. The paths are known to be escaped in quattor profiles, e.g. /software/components/metaconfig/services. (To reset the active safe_unescape list, use reset_safe_unescape function. reset_safe_unescape Reset the safe_unescape list. _safe_unescape Given path and subpath, test is path is in @safe_unescapeand if it is, return unescaped subpath enclosed in {} (or not enclosed if strip_unescape is true). If not, return unmodified subpath.

1.2. CCM 69 Quattor Documentation, Release 0.0.1

TextRender

NAME

CCM::TextRender- Class for rendering structured text using Element instances

DESCRIPTION

This class is an extension of the CAF::TextRender class; with the main difference the support of a EDG::WP4::CCM::CacheManager::Element instance as contents.

Private methods

_initialize Initialize the process object. Arguments: module The rendering module to use (see CAF::TextRender for details). CCM provides following additional builtin modules: general using TT to render a Config::General compatible file. (This is an alias for the CCM/general TT module). Contents is a hashref (does not require a Element instance), with key/value pairs generated according to the basetype of the value as follows: scalar converted in a single line arrayref of scalars converted in multiple lines as follows . . . hashref generates a block with format <”key”> arrayref of hashref generates series of blocks <”key”> <”key”> . . . (Whitespace in the block name is enforced with double quotes.)

70 Chapter 1. Content Quattor Documentation, Release 0.0.1

contents contents is either a hash reference holding the contents to pass to the rendering module; or a EDG::WP4::CCM::CacheManager::Element instance, on which getTree is called with any elementoptions. All optional arguments from CAF::TextRender are supported unmodified: log includepath relpath eol usecache ttoptions Extra optional arguments: element A hashref holding any getTree options to pass. These can be the anony- mous convert methods convert_boolean, convert_string, convert_long and convert_double; or one of the predefined convert methods (key is the name, value a boolean wheter or not to use them). The convert_ methods are added as last methods. The predefined convert methods are: cast Convert the scalar values to a more exact internal representation. The internal repre- sentaiton is important when passed on to other non-pure perl code, in particular the XS modules like JSON::XSand YAML::XS. json Enable JSON output, in particular JSON boolean (cast is implied, so the other types should already be in proper format). This is automatically enabled when the json module is used (and not explicitly set). yaml Enable YAML output, in particular YAML boolean (cast is implied, so the other types should already be in proper format). This is automatically enabled when the yaml module is used (and not explicitly set). yesno Convert boolean to (lowercase) ‘yes’ and ‘no’. YESNO Convert boolean to (uppercase) ‘YES’ and ‘NO’. truefalse Convert boolean to (lowercase) ‘true’ and ‘false’. TRUEFALSE Convert boolean to (uppercase) ‘TRUE’ and ‘FALSE’. doublequote

1.2. CCM 71 Quattor Documentation, Release 0.0.1

Convert string to doublequoted string. singlequote Convert string to singlequoted string. joincomma Convert list of scalars in comma-separated list of strings (if first element is scalar). List where first element is non-scalar is not converted (but any of the nested list could). joinspace Convert list of scalars in space-separated list of strings (if first element is scalar). List where first element is non-scalar is not converted (but any of the nested list could). Caveat: is preceded by joincomma option. unescapekey Unescape all dict keys. lowerkey Convert all dict keys to lowercase. upperkey Convert all dict keys to uppercase. Other getTree options depth Only return the next depth levels of nesting (and use the Element instances as val- ues). A depth == 0 is the element itself, depth == 1 is the first level, . . . Default or depth undef returns all levels. ccm_format Returns the CCM::TextRender instance for predefined format and element. All options are passed to CCM::TextRender initialisation. Returns undef incase the format is not defined. An array with valid formats is exported via @CCM_FORMATS. Supported formats are: json jsonpretty pan pancxml query yaml Usage example:

use EDG::WP4::CCM::TextRender qw(ccm_format); my $format= 'json'; my $element=$config->getElement("/"); my $trd= ccm_format($format,$element);

(continues on next page)

72 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) if (defined$trd->get_text()) { print "$trd"; } else { $logger->error("Failed to textrender format $format: $trd->{fail}") }

TextRender :: Scalar

NAME

CCM::TextRender::Scalar- Class to access scalar/property Element attributes within

˓→TT.

DESCRIPTION

This is a wrapper class to access some scalar/property Element attributes (in particular the type) within TT.

Methods new Create a new instance with value and type. _stringify Method called to stringification. Simply returns the data in string context get_type Return TYPE attribute get_value Return value (i.e. the VALUE attribute) (can be useful in case the overloading behaves unexpected) is_boolean Return true if the TYPE is boolean is_string Return true if the TYPE is string is_double Return true if the TYPE is double is_long Return true if the TYPE is long

1.2. CCM 73 Quattor Documentation, Release 0.0.1

1.3 configuration-modules-core

1.3.1 Description

Node Configuration Manager’s components are Perl modules that translate a Pan schema into a configuration for some Linux service. They are part of Quattor.

1.3.2 Content

Ceph :: Cfgfile

Ceph :: Cluster

Ceph :: ClusterMap

Ceph :: Commands

Ceph :: Jewel

NAME ncm-ceph: Configuration module for CEPH

DESCRIPTION

Configuration module for CEPH This is the old, deprecated version of the component for older versions of ceph

IMPLEMENTED FEATURES

Features that are implemented at this moment: * Creating cluster (manual step involved) * Set admin hosts and push config * Fine configuration control (per daemon and/or host) * Tollerates unreachable new or marked-for-deletion hosts * Checking/adding/removing Monitors * Checking/adding/removing OSDs * Checking/adding/removing MDSs * Building up/changing a crushmap, with support for erasure code * OSD based objectstore * Wildcard support in version numbers The implementation keeps safety as top priority. Therefore:

74 Chapter 1. Content Quattor Documentation, Release 0.0.1

* The config of MON, OSD and MDSs are first checked completely. Only if no errors were found, the actual changes will be deployed. * No removals of MONs, OSDs or MDSs are actually done at this moment. Instead of removing itself, it prints the commands to use. * Configfiles and decompiled crushmap files are saved into a git repo. This repo can be found in the ‘ncm-ceph’ folder in the home directory of the ceph user * When something is not right and returns an error, the whole component exits. * You can set the version of ceph and ceph-deploy in the Quattor scheme. The component will then only run if the versions of ceph and ceph-deploy match with those versions.

INITIAL CREATION

• The schema details are annotated in the schema file. • Example pan files are included in the examples folder and also in the test folders. To set up the initial cluster, some steps should be taken: 1. First create a ceph user on all the hosts. 2. The deployhost(s) should have passwordless ssh access to all the hosts of the cluster e.g. by distributing the public key(s) of the ceph-deploy host(s) over the cluster hosts

(As described in the ceph-deploy documentation: http://ceph.com/docs/master/start/ quick-start-preflight/) 3. Run the component a first time. It shall fail, but you should get the initial command for your cluster 4. Run this command 5. Run the component again to start the configuration of the new cluster

RESOURCES

/software/components/ceph

The configuration information for the component. Each field should be described in this section.

DEPENDENCIES

The component is tested with Ceph version 0.84-0.89 and ceph-deploy version 1.5.11 and 1.5.21. Note: ceph-deploy versions 1.5.12-20 contain a bug where gatherkeys returned a wrong exitcode, which caused a wrong error message in ncm-ceph. This is solved again in 1.5.21 . This version of Data-Compare can be found on http://www.city-fan.org/ftp/contrib/perl-modules/ Attention: Some repositories (e.g. rpmforge) are shipping some versions like 1.2101 and 1.2102.

Ceph :: Luminous

NAME ncm-ceph: Configuration module for CEPH

1.3. configuration-modules-core 75 Quattor Documentation, Release 0.0.1

DESCRIPTION

Configuration module for CEPH This is the module for Ceph versions > 12.2.2 and schema version v2

IMPLEMENTED FEATURES

Features that are implemented at this moment: * Creating cluster (manual step involved) * Set admin hosts for monitors * Configuration file generation * Checking/adding Monitors and Managers on deployhost * Checking/adding OSDs per OSD host * Checking/adding MDSs on deployhost * Wildcard support in version numbers The implementation has some safety features. Therefore: * The config of MON, OSD and MDSs are first checked. If no errors were found, the actual changes will be deployed. * No removals of MONs, OSDs or MDSs are done. No zapping of disks is implemented. * When something is not right and returns an error, the whole component exits. * You can set the version of ceph and ceph-deploy in the Quattor scheme. The component will then only run if the versions of ceph and ceph-deploy match with those versions.

INITIAL CREATION

• The schema details are annotated in the schema file. • Example pan files are included in the examples folder and also in the test folders. To set up the initial cluster, some steps should be taken: 1. First create a ceph user on all the hosts, using ceph-user.pan 2. The deployhost(s) should have passwordless ssh access to all the hosts of the cluster e.g. by distributing the public key(s) of the ceph-deploy host(s) over the cluster hosts

(As described in the ceph-deploy documentation: http://ceph.com/docs/master/start/ quick-start-preflight/) 3. The user should be able to run commands with sudo without password included in sudo.pan 4. Run the component a first time. It shall fail, but you should get the initial command for your cluster 5. Run this command 6. Run the component again to start the configuration of the new cluster 7. When the component now runs on OSD servers, it will deploy the local OSDs

76 Chapter 1. Content Quattor Documentation, Release 0.0.1

RESOURCES

/software/components/ceph

The configuration information for the component. Each field should be described in this section.

DEPENDENCIES

The component is tested with Ceph version 12.2.2 and ceph-deploy version 1.5.39.

Ceph :: OSDserver

Ceph :: commands

Ceph :: compare

Ceph :: config

Ceph :: crushmap

Ceph :: daemon

FreeIPA :: CLI

CLI FreeIPA

Module to use as CLI to FreeIPA

DESCRIPTION

Module to use as CLI to FreeIPA, e.g. when initialising on existing host or during kickstart. Runs with default debug level 5. Example command (one line)

PERL5LIB=/usr/lib/perl perl- MNCM::Component::FreeIPA::CLI-w-e install-- --realm MY.REALM--primary primary.example.com--otp abcdef123456 --domain example.com--fqdn thishost.sub.example.com

FreeIPA :: Cert

NAME

NCM::Component::FreeIPA::Cert adds certificate related methods to NCM::Component::FreeIPA::Client.

1.3. configuration-modules-core 77 Quattor Documentation, Release 0.0.1

Public methods

cert_request Request certificate using certificate request file csr and principal principal. get_cert Given serial, retrieve the certificate and when defined, save it in file crt.

FreeIPA :: Client

NAME

NCM::Component::FreeIPA::Client is a perl FreeIPA JSON API client class for Quattor

Private methods

_initialize Handle the actual initializtion of new. Return 1 on success, undef otherwise. log An CAF::Reporter instance that can be used for logging (it is converted in a logger appro- priate for Net::FreeIPA). All other arguments and options are passed to Net::FreeIPA during initialisation.

FreeIPA :: DNS

NAME

NCM::Component::FreeIPA::DNS adds DNS related methods to NCM::Component::FreeIPA::Client.

Public methods add_dnszone Add a DNS zone with name name.

FreeIPA :: Group

NAME

NCM::Component::FreeIPA::Group adds group related methods to NCM::Component::FreeIPA::Client.

78 Chapter 1. Content Quattor Documentation, Release 0.0.1

Public methods add_group Add a group with name gid. Arguments gid: group gid Options (passed to Net::FreeIPA::API::api_group_add). gidnumber add_group_member Add the members to group gid using options (options are passed to api_group_add_member).

FreeIPA :: Host

NAME

NCM::Component::FreeIPA::Host adds host related methods to NCM::Component::FreeIPA::Client.

Public methods add_host Add a host. If the host already exists, return undef. Arguments fqdn: FQDN hostname Options (passed to Net::FreeIPA::API::api_host_add). ip_address: IP to configure DNS entry macaddress: macaddress disable_host Disable a host with fqdn hostname. remove_host Remove the host fqdn. host_passwd Reset and return the one-time password for host fqdn. Returns undef if the host already has a keytab or if it doesn’t exist.

FreeIPA :: Logger

NAME

NCM::Component::FreeIPA::Logger provides a log4perl compatible logger using CAf::Reporter.

1.3. configuration-modules-core 79 Quattor Documentation, Release 0.0.1

Public methods new Creates simple instance wrapper arond mandatory argument reporter, a CAF::Reporter instance.

FreeIPA :: NSS

NAME

NCM::Component::FreeIPA::NSS handles the certificates using NSS.

Public methods new Returns a NSS object with nssdb, accepts the following options format: dbm or sql realm: IPA realm, used for CA nick cacrt: IPA CA crt location, default to /etc/ipa/ca.crt csr_bits: key size in bits for a new csr. owner, group, mode: owner, group and permissions for nssdb and/or certs log A logger instance (compatible with CAF::Object). setup_nssdb Setup and initialise nssdb dirrectory setup Setup temporary workdir with 0700 permissions, and initialise nssdb using setup_nssdb method. Return SUCCESS on success, undef otherwise. add_cert_trusted Add trusted certificate with nick from file crt. add_cert_ca Add trusted CA certificate (nick and file via canick and cacrt attributes) add_cert Add untrusted certificate to NSSDB with nick from file cert. has_cert Check if certificate for nick exists in NSSDB. If an ipa client instance is passed, also check if the certificate is known in FreeIPA. get_cert Extract the certificate from NSSDB for nick to file certwith owner/group/mode options.. make_cert_request

80 Chapter 1. Content Quattor Documentation, Release 0.0.1

Make a certificate request for fqdn and optional dn, return filename of the CSR. (Used DN is >>). ipa_request_cert Use NCM::Component::FreeIPA::Client instance ipa to make the certificate request using csr file. The certificate is stored in crt file. (The ipa instance should be usable, e.g. the correct kerberos environment is already setup). Return 1 on success, undef otherwise. get_privkey Retrieve the private key from certificate with nick nick and save it in the file key with owner/group/mode options. get_cert_or_key Given type, retrieve the cert of private key from certificate with nick nick and save it in the file fn with owner/group/mode options.

FreeIPA :: Service

NAME

NCM::Component::FreeIPA::Service adds service related methods to NCM::Component::FreeIPA::Client.

Public methods add_service Add a service with name name. add_service_host Add a per-host service name for host host(actual service name will <>>). Add host host to list of hosts that can manage this service. service_has_keytab Check if a keytab is already made for service with name.

FreeIPA :: User

NAME

NCM::Component::FreeIPA::User adds host related methods to NCM::Component::FreeIPA::Client.

Public methods add_user Add a user. If the user already exists, return undef. Arguments

1.3. configuration-modules-core 81 Quattor Documentation, Release 0.0.1

uid: User uid Options (passed to Net::FreeIPA::API::api_user_add). homedirectory gecos loginshell uidnumber gidnumber ipasshpubkey disable_user Disable a user with uid. remove_user Remove the user uid (preserve=1). user_passwd Reset and return a new random password for user uid. Returns undef if the user doesn’t exist.

OpenNebula :: AII

NAME

NCM::Component::OpenNebula::AII adds AII hook to generate the required resources and templates to instantiate/create/remove VMs within an OpenNebula infrastructure.

AII

This section describes AII’s OpenNebula hook.

SYNOPSIS

This AII hook generates the required resources and templates to instantiate/create/remove VMs within an OpenNebula infrastructure.

RESOURCES

AII setup

Set OpenNebula endpoints RPC connector /etc/aii/opennebula.conf It must include at least one RPC endpoint and password. To connect to a secure https endpoint for example you can set the URL endpoint and CA certificate location: url=https://host.example.com:2633 ca=/etc/pki/CA/certs/mycabundle.pem

82 Chapter 1. Content Quattor Documentation, Release 0.0.1

By default ONE AII uses oneadmin user and port 2633. It is also possible to set a different endpoint for each VM domain or use a fqdn pattern as example:

[rpc] password= url=https://localhost/RPC2 ca=/etc/pki/CA/certs/mycabundle.pem

[example.com] password= user=

[myhosts] pattern=myhos\d+.example.com password= url=http://example.com:2633/RPC2

Public methods

process_template_aii Detect and process OpenNebula VM templates. read_one_aii_conf Reads a config file in .ini style with a minimal RPC endpoint setup. Returns an OpenNebula instance afterwards. is_supported_one_version Detects OpenNebula version. Returns false if version is not supported. get_fqdn Returns fqdn of the VM get_resource_instance Returns ONE virtual resource instance from RPC is_timeout Check if the resource is available before our $TIMEOUT is_one_resource_available Detects if the resource is already there. Returns 1 if resource is already used, undef otherwise. aii_post_reboot Performs AII post_reboot. ACPID service is mandatory for ONE VMs. aii_configure Based on Quattor template this method: Stops running VM if necessary. Creates/updates VM templates. Creates new VM image for each $harddisks. Creates new VNET ARs if required.

1.3. configuration-modules-core 83 Quattor Documentation, Release 0.0.1

Enables acpid service Rename hdx/sdx device disks by vdx to use virtio module aii_install Based on Quattor template this method: Stops current running VM. Instantiates the new VM. aii_remove Performs VM remove wich depending on the booleans. Stops running VM. Removes VM template. Removes VM image for each $harddisks. Removes vnet ARs.

OpenNebula :: Account

NAME

NCM::Component::OpenNebula::Account adds and modifies OpenNebula users groups and clusters consumers.

Public methods manage_consumers Add/remove/update regular users/groups/clusters. Assign users to groups only if the user/group has the QUATTOR flag set. set_user_primary_group Sets user primary group. get_permissions Gets current resource permissions. change_permissions Changes resource permissions.

OpenNebula :: Ceph

NAME

NCM::Component::OpenNebula::Ceph adds Ceph backend support to NCM::Component::OpenNebula::Host.

84 Chapter 1. Content Quattor Documentation, Release 0.0.1

Public methods

enable_ceph_node Configures Ceph client and set the Ceph key in each host. set_ceph_secret Sets the Ceph secret to be used by libvirt. set_ceph_keys Sets the Ceph keys to be used by libvirt. detect_ceph_datastores Detects any OpenNebula Ceph datastore setup.

OpenNebula :: Cluster

NAME

NCM::Component::OpenNebula::Cluster adds OpenNebula VirtualClusterconfiguration support to NCM::Component::opennebula.

Public methods

set_service_clusters Includes an specific service into a cluster/s

OpenNebula :: Commands

NAME

NCM::Component::OpenNebula::Commands Configuration module for ONE

DESCRIPTION

Configuration module for OpenNebula. Executes the required ssh commands to enable the hosts to be used by the cloud server. This component needs a ‘oneadmin’ user. The user should be able to run these commands with sudo without password: virsh secret-define --file /var/lib/one/templates/secret/secret_ceph.xml virsh secret-set-value --secret $uuid --base64 $secret

Public methods set_ssh_command Sets $sshcmd. run_command

1.3. configuration-modules-core 85 Quattor Documentation, Release 0.0.1

Executes a command and return the output. Returns sdout and stderr array. run_virsh_as_oneadmin_with_ssh Executes a command prefixed with virsh and returns the output. run_oneuser_as_oneadmin_with_ssh Executes oneuser command and returns the output. run_onehost_as_oneadmin_with_ssh Executes onehost command to sync hosts VMMs scripts. has_shell_escapes Checks for shell escapes. run_command_as_oneadmin Executes a command as oneadmin user. run_command_as_oneadmin_with_ssh Executes a command as oneadmin over ssh, optionally with options. ssh_known_keys Accepts and adds unknown keys if wanted. can_connect_to_host Checks if the host is reachable or not.

OpenNebula :: Host

NAME

NCM::Component::OpenNebula::Host adds KVM hosts support to NCM::Component::OpenNebula.

Public methods manage_hosts Adds or removes Xen or KVM hosts. disable_host Disables failing OpenNebula host. This method is called when the host is not reachable from the OpenNebula server. Always displays a warning message. In that case the host is disabled in the scheduler. sync_opennebula_hosts Synchronise hosts VMM scripts. enable_node Execute ssh commands required by OpenNebula also it configures Ceph client if necessary.

86 Chapter 1. Content Quattor Documentation, Release 0.0.1

OpenNebula :: Image

NAME

NCM::Component::OpenNebula::Image adds OpenNebula VM images support to NCM::Component::OpenNebula.

Public methods get_images Gets the image template from TT file and gathers the image names (>) and datastore names to store the new images. remove_or_create_vm_images Creates new VM images and it detects if the image is already available or not. Also it removes images if the remove flag is set. create_vm_images Creates new VM images. remove_vm_images Removes VM images. Updates $ref_rimages to track the removed images. check_vm_images_list Checks the difference between two image lists to detect if the images were correctly created/removed.

OpenNebula :: Network

NAME

NCM::Component::OpenNebula::Network adds OpenNebula VirtualNetworkconfiguration support to NCM::Component::opennebula.

Public methods update_vn_ar Updates VirtualNetwork ARs. get_vnetars Gets the network ARs (address range) from TT file and gathers VNet names and IP/MAC addresses. remove_and_create_vn_ars Removes/creates ARs (address range). detect_duplicate_ars Detects duplicate VirtualNetwork ARs with same IPs or MACs. Removes duplicated ARs (if QUATTOR flag is set to true). create_vn_ars Creates VirtualNetwork AR leases.

1.3. configuration-modules-core 87 Quattor Documentation, Release 0.0.1

remove_vn_ars Removes AR leases. remove_vn_ars Detects Quattor flag within AR template.

OpenNebula :: Server

NAME

NCM::Component::OpenNebula::Server adds OpenNebula service configuration support to NCM::Component::OpenNebula.

Public methods

restart_opennebula_service Restarts OpenNebula service after any configuration change. =cut sub restart_opennebula_service { my ($self, $service) = @_; my $srv; if ($service eq “oned”) { $srv = CAF::Service->new([‘opennebula’], log => $self); } elsif ($service eq “sunstone”) { $srv = CAF::Service->new([‘opennebula-sunstone’], log => $self); } elsif ($service eq “oneflow”) { $srv = CAF::Service->new([‘opennebula-flow’], log => $self); } elsif ($service eq “kvmrc” or $service eq “vnm_conf”) { $self->info(“Updated $service file. onehost sync is required.”); $self->sync_opennebula_hosts(); } $srv->restart() if defined($srv); } detect_opennebula_version Detects OpenNebula version through opennebula-server probe files, the value gathered from the file must be untaint. change_opennebula_passwd Sets a new OpenNebula service password. set_one_service_conf Sets OpenNebula configuration files used by the deamons, if the configuration file is changed the service must be restarted afterwards. is_conf_file_modified Checks OpenNebula configuration file status. set_one_auth_file Sets the authentication files used by oneadmin client tools. set_file_opts Sets filewriter options. set_one_server

88 Chapter 1. Content Quattor Documentation, Release 0.0.1

Configures OpenNebula server. set_config_group Sets OpenNebula configuration file group.

OpenNebula :: VM

NAME

NCM::Component::OpenNebula::VM adds OpenNebula VMsmanage support to NCM::Component::OpenNebula.

Public methods get_vmtemplate Gets VM template from tt file. remove_or_create_vm_template Creates or removes VM templates $createvmtemplate flag forces to create $remove flag forces to remove. stop_and_remove_one_vms Stops running VMs.

OpenStack :: Glance

Methods

_attrs Override filename attribute (and set daemon_map)

OpenStack :: Horizon

Methods

_attrs Override daemons attribute

OpenStack :: Keystone

Methods

_attrs Override daemons attribute bootstrap_url_endpoints Bootstraps URL identity service endpoints in Keystone.

1.3. configuration-modules-core 89 Quattor Documentation, Release 0.0.1

post_populate_service_database Initializes Fernet key repositories and bootstrap Keystone identity services.

OpenStack :: Neutron

Methods

_attrs Override manage, db and filename attribute (and set daemon_map)

OpenStack :: Nova

Methods

_attrs Override daemons attribute pre_populate_service_database Initializes API, cell and placement databases for Nova compute service. pre_restart Run before services restart. Used for hypervisors post-configuration. Must return 1 on success;

OpenStack :: Openrc

Methods

_attrs Override daemons attribute _set_elpath OpenRC is a special case, where type==flavour populate_service_database No database to populate

OpenStack :: Rabbitmq

Methods

_attrs Override default attributes write_config_file No config files to write

90 Chapter 1. Content Quattor Documentation, Release 0.0.1 post_populate_service_database Sets RabbitMQ permissions

OpenStack :: Service

Functions get_flavour Determine the name of the flavour based on type and tree and log/reporter instance (eg name=keystone for type=identity) get_fqdn Get fqdn of the host using host profile config instance. get_service Service factory: loads custom subclasses when one exists Same args as _initialize run_service Convenience function around get_service, includes basic reporting

Methods

_init_attrs Arguments: type: eg identity config: full profile config instance log: reporter instance prefix: the component prefix (for subclassing) client: Net::OpenStack::Client instance _initialize Initialisation using _init_attrs, _attrs and _daemons. _daemons Method to customise the daemons attribute during _initialize. _set_elpath Return main element path _attrs Add/set/modify more attributes Conviennce method for inheritance instead of using SUPER my $res = $self->SUPER::method(@_); _render Returns CCM::TextRedner instance _file_opts

1.3. configuration-modules-core 91 Quattor Documentation, Release 0.0.1

Return hashref with filewriter options for service(incl owned by that service user) _write_config_file Write the config file with name filename and element instance. _write_config_files Write multiple config files based on entries in the tree attribute. Filename is based on mapping in the filename attribute; a mapping which daemon(s) to start when the file is modified can be provided via the daemon_map attribute. write_config_file Write the config files (when filenames attribute is a hashref) or single file otherwise. _read_ceph_keyring Read Ceph pool key file from keyring. _libvirt_ceph_secret Set the libvirt secret file and couple the uuid to the Ceph key from the keyring. _do Convenience wrapper around CAF::Process Options user: option passed to CAF::Process sensitive: option passed to CAF::Process test: the command is a test, no error will be reported on failure pre_populate_service_database Run before the default service database is poulated (it is not run when database was already present). Must return 1 on success; populate_service_database Run the database sync command (incl bootstrap when empty) if db version cannot be found. Must return 1 on success. post_populate_service_database Run after the service database is poulated (it is not run when database was already present). Must return 1 on success; restart_daemons Restarts system service(s) after any configuration change for OpenStack service service. pre_restart Run before possible restart of services Must return 1 on success run Do things (in following order): write_config_file populate_service_database (or return) pre_restart (or return)

92 Chapter 1. Content Quattor Documentation, Release 0.0.1

restart_daemons (if config file changed)

Postgresql :: Commands

Postgresql :: Service

Systemd :: Service

NAME

NCM::Component::Systemd::Service handles the ncm-systemd units.

Public methods new Returns a new object with argument base (the configuration path) and accepts the following options log A logger instance (compatible with CAF::Object). configure configure gathered the to-be-configured units from the config using the gather_units method and then takes appropriate actions.

Private methods set_unconfigured_default Return the default behaviour for unconfigured units from ncn-systemdand legacy ncm-chkconfig. gather_configured_units Gather the list of all configured units from both ncm-systemdand legacy ncm-chkconfig location, and take appropriate actions. For any unit defined in both ncm-systemd and ncm-chkconfig location, the ncm-systemd set- tings will be used. Returns a hash reference with key the unit name and value the unit detail. gather_current_units Gather list of current units from both systemctl and legacy chkconfigusing resp. unit and chkconfig current_units methods. The hashref relevant_units is used to run minimal set of system commands where possible: e.g. if the hashref represents the configured units and if unconfigured is ignore, only gathered details for these units. process process the configured and current units and return hash references with state and activation changes. It uses the current units to make the required decisions. Unconfigured current units are also processed according the unconfigured value.

1.3. configuration-modules-core 93 Quattor Documentation, Release 0.0.1 change Actually make the changes as specified in the hashrefs states and acts (which hold the changes to be made to resp. the state and the activity of the units).

Systemd :: Service :: Chkconfig

NAME

NCM::Component::Systemd::Service::Chkconfig is a class handling services that can be controlled via (older) ncm-chkconfig.

Public methods new Returns a new object, accepts the following options log A logger instance (compatible with CAF::Object). current_units Return hash reference with current configured units determined via chkconfig --list. (No type to specify, sysv type is forced). current_target Return the current target based on legacy current_runlevel. default_target Return the default target based on legacy default_runlevel. configured_units configured_units parses the tree hash reference and builds up the units to be configured. It returns a hash reference with key the unit name and values the details of the unit. (tree is typically $config-getElement(‘/software/components/chkconfig/service’)->getTree>.) This method converts the legacy states as following del : masked add: disabled off : disabled on : enabled reset: this state is ignored / not supported.

Private methods is_possible_missing

94 Chapter 1. Content Quattor Documentation, Release 0.0.1

Determine if unit is possible_missing(see make_cache_alias). (Returns 0 or 1). A unit is possible_missing if the unit is in state masked or disabled (i.e. unit that is not expected to be running anyway). Other then pure systemd, chkconfig state off always implies that a disabled service unit is not running. generate_runlevel2target Create, set and return the runlevel2target map (will reset existing one, return is merely for testing). convert_runlevels Convert the ncm-chkconfig levels to new systemsctl targets legacylevel is a string with integers e.g. “234”. Retrun a array reference with the targets. default_runlevel default_runlevel returns the default runlevel via the INITTAB file. If that fails, the default DE- FAULT_RUNLEVEL is returned. current_runlevel Return the current legacy runlevel. The rulevel is determined by trying (in order) /sbin/runlevel or who -r. If both fail, the default_runlevel method is called and its value is returned.

Systemd :: Service :: Component :: chkconfig

Methods

_set_name Set and return name to use for prefix to get the the standard configuration path for the systemd component (not the chkconfig one through inheritance). This allows for easier subclassing, but is not safe for component aliasing. _initialize Modify the inheritance to set the NAME attribute via _set_name method. skip Skip all but service configuration.

Systemd :: Service :: Unit

NAME

NCM::Component::Systemd::Service::Unit is a class handling services with units

1.3. configuration-modules-core 95 Quattor Documentation, Release 0.0.1

Public methods new Returns a new object, accepts the following options log A logger instance (compatible with CAF::Object). unit_text Convert unit detail hashref to human readable string. Generates errors for missing attributes. current_units Return hash reference with current units determined via make_cache_alias. The array references units and possible_missingare passed to make_cache_alias. current_target Return the current target. TODO: implement this. systemctl list-units –type target lists all current targets (yes, with an s). default_target Return the default target. Supported options: force Force is passed to the fill_cache method. configured_units configured_units parses the tree hash reference and builds up the units to be configured. It returns a hash reference with key the unit name and values the details of the unit. Units with missing types are assumed to be TYPE_SERVICE; targets with missing type are assumed to be TYPE_TARGET. (tree is typcially obtained with the _getTree method). get_aliases Given an arrayref of units, return a hashref with key the unit (from the list) that is an alias for another unit (not necessarily from the list); and the other unit’s name is the value. The unit_alias cache is used for lookup. The possible_missing arrayref is passed to the fill_cache method Supported options force The force flag is passed to the fill_cache method possible_missing The possible_missing arrayref is passed to make_cache_alias. possible_missing

96 Chapter 1. Content Quattor Documentation, Release 0.0.1

Given the hashref units with key unit and value the unit’s details, return a array ref with units that are “possible missing”. Such units will not cause an error to be logged if they are not found in the cache during certain methods (e.g. make_cache_alias).

Private methods

is_possible_missing Determine if unit is possible_missing(see make_cache_alias). (Returns 0 or 1). A unit is possible_missing if the unit is in state masked (i.e. unit that is not expected to be running anyway). Unit in state disabled is not “possible missing” (they can be dependency for other units). init_cache (Re)Initialise all unit caches. Returns the caches (for unittestung mainly). Affected caches are unit_cache unit_alias dependency_cache get_type_shortname get_type_shortname returns the type and shortname based on the unit and optional type. If the type is not specified, it will be derived using the supported types. If the type can’t be determined based on the supported types, the defaulttype will be used. If in this case the defaulttypeis undefined, DEFAULT_TYPE will be used and error will be logged. If the defaulttype is defined, make_cache_alias (Re)generate the unit_cache and unit_alias map based on current units and unitfiles from the systemctl_list_unitsand systemctl_list_unit_files methods. Details for each unit from arrayref units are also added. If units is empty/undef, all found units and unitfiles are. If a unit is an alias of an other unit, it is added to the alias map. Each non-alias unit is also added as it’s own alias. Units in the possible_missing arrayref can be missing, and no error is logged if they are. For any other unit, an error is logged when neither the systemctl_list_unitsand systemctl_list_unit_files methods provide any information about it. Returns the generated cache and alias map for unittesting purposes. fill_cache Fill the unit_cache and unit_alias mapfor the arrayref units provided. The cache is updated via the make_cache_alias method if the unit is missing from the unit_alias map or if force is true. Supported options

1.3. configuration-modules-core 97 Quattor Documentation, Release 0.0.1

force Force cache refresh. possible_missing The possible_missing arrayref is passed to make_cache_alias. get_unit_show Return the show property for unit from the unit_cache and unit_alias map. Supported options force Force cache refresh. possible_missing If true, this unit is “possible missing” (see make_cache_alias) get_wantedby Return a hashref of all units that “want” unit(hashref is used for easy lookup; the key is the unit, the value is a boolean). It uses the dependency_cache for reverse dependencies (missing cache entries are added). Supported options force Force cache update. ignoreself By default, the reverse dependency list contains the unit itself too. With ignoreself true, the unit itself is not returned (but still stored in cache). is_wantedby Return if unit is wanted by target. Any unit can be passed as target (it does not have to be a unit of type ‘target’). It uses the get_wantedby method for the dependency lookup. Supported options force Force cache update (passed to get_wantedby). is_active is_active returns true or false and reflects if a unit is “running” or not. The following options are supported sleeptime =item max Units that are ‘reloading’, ‘activating’ and ‘deactivating’ are refreshed with sleep (default 1 sec) and max number of tries (default 3). Until force Force cache refresh (passed to get_unit_show). get_ufstate

98 Chapter 1. Content Quattor Documentation, Release 0.0.1

Return the state of the unit using the UnitFileState and the derived state from the state of the $PROP- ERTY_WANTEDBY units. The returned state can be more then the usual supported states (e.g. static). The following options are supported force Force cache refresh (passed to get_unit_show and fill_cache) is_ufstate is_ufstate returns true or false if the UnitFileState of unit matches the (simplified) state. An error is logged and undef returned if the unit can’t be queried. The following options are supported force Refresh the cache force (passed to get_ufstate method). derived Boolean (default true) to use derived information when UnitFileState itself is empty/undefined.

Private methods

_getTree The getTree method is similar to the regular EDG::WP4::CCM::CacheManager::Element::getTree, except that it keeps the unitfile configuration as an Element instance (as required by NCM::Component::Systemd::UnitFile). It takes as arguments a EDG::WP4::CCM::CacheManager::Configuration instance $config and a $path to the root of the whole unit tree.

Systemd :: Systemctl

NAME

NCM::Component::Systemd::Systemctl handle all systemd interaction via systemctl command.

Public methods systemctl_show logger is a mandatory logger to pass. Run systemctl show on single $unit and return parsed output. If $unit is undef, the manager itself is shown. Optional arguments: no_error Report a failure with systemctl show with verbose level. If nothing is specified, an error is reported.

1.3. configuration-modules-core 99 Quattor Documentation, Release 0.0.1

If succesful, returns a hashreference interpreting the key=value output. Following keys have the value split on whitespace and a array reference to the result as output After =item Before =item Conflicts =item Names =item RequiredBy =item Requires =item TriggeredBy =item Triggers =item WantedBy =item Wants Returns undef on failure. systemctl_daemon_reload logger is a mandatory logger to pass. Reload systemd manager configuration (e.g. when units have been modified). Returns undef on failure, SUCCESS otherwise. systemctl_list_units logger is a mandatory logger to pass. Return a hashreference with all units and their details for type. type is passed to the systemctl_list method. systemctl_list_unit_files logger is a mandatory logger to pass. Return a hashreference with all unit-files and their details for type. type is passed to the systemctl_list method. systemctl_list_deps logger is a mandatory logger to pass. Return a hashreference with all dependencies (i.e. required and wanted units) of the specified unitflattened. (This includes the unit itself). If reverse is set to true (default is false), it returns the revese dependencies (i.e. units with depen- dencies of type Wants or Requires on the given unit). The keys are the full unit names, values are 1. (A hash is used to allow easy lookup, instead of a list). The flattening is done via the --plain option of systemctl, the reverse result via the --reverse option. Both options are available since systemd-208 (which is in e.g. EL7). systemctl_command_units Run the systemctl command for units. An error is logged when the exitcode is non-zero. Returns exitcode and output. systemctl_is_enabled Run systemctl is-enabled for unit. Returns output without trailing newlines on success. Undef returned (no error reported) when the exitcode is non-zero. systemctl_is_active Run systemctl is-active for unit. Returns output without trailing newlines on success. Undef returned (no error reported) when the exitcode is non-zero.

100 Chapter 1. Content Quattor Documentation, Release 0.0.1

Private methods systemctl_list Helper method to generate and parse output from systemctl list-... commands like list-units or list-unit-files. logger is a mandatory logger to pass. spec is translated in the list- command, regexp is the named regular expression that is used to match the output. type is the type filter (if defined). The regexp must have a name named group, its value is used for the keys of the hashref that is returned. Output that does not match the regexp is skipped, if the regexp matches but there is no name value in the named group, it is also skipped and logged as error. systemctl_simple_command Run a simple systemctl command (like is-active, is-enabled etc.). Returns output without trailing newlines on success, undef otherwise.

Systemd :: UnitFile

NAME

NCM::Component::Systemd::UnitFile handles the configuration of ncm-systemd unitfiles.

Public methods new Returns a new object, accepts the following mandatory arguments unit The unit (full name.type). config A EDG::WP4::CCM::CacheManager::Element instance with the unitfile configura- tion. (An element instance is required becasue the rendering of the configuration is pan-basetype sensistive). and options replace A boolean to replace the configuration. (Default/undef is false). For a non-replaced configuration, a directory > is created and the unitfile is >. Systemd will pickup settings from this quattor.conf and other .conf files in this directory, and also any configuration for the unit in the default systemd paths (e.g. typical unit part of the software package located in >).

1.3. configuration-modules-core 101 Quattor Documentation, Release 0.0.1

A replaced configuration overrides all existing system unitfiles for the unit (and has to define all attributes). It has filename >. backup Backup files and/or directories. custom A hashref with custom configuration data. See custom method. log A logger instance (compatible with CAF::Object). custom The custom method prepares configuration data that is cannot be found in the profile. Report hashref with custom data on success, undef otherwise. Following custom attributes are supported: CPUAffinity Obtain the systemd.exec CPUAffinity list determined via hwloc(7) locations. Allows to e.g. cpubind on numanodes using the node:X location Forces an empty list to reset any possible previously defined affinity. write Create the unitfile. Returns undef in case of problem, a boolean indication if something changed other- wise. (This method will take all required actions to use the values, like reloading the systemd daemon. It will not however change the state of the unit, e.g. by restarting it.)

Private methods

_prepare_path Create and return the filename to use, and prepare the directory structure if needed. basedir is the base directory to use, e.g. $UNITFILE_DIRECTORY. _hwloc_calc_cpuaffinity Run _hwloc_calc_cpus, and returns in CPUAffinity format with a reset _hwloc_calc_cpus Run the hwloc-calc --physical --intersect PU command for locations. Returns arrayref with CPU indices on success, undef otherwise. _make_variables_custom A function that return the custom variables hashref to pass as ttoptions. (This is a function, not a method).

102 Chapter 1. Content Quattor Documentation, Release 0.0.1 accounts

NAME ncm-accounts: NCM component to manage the local accounts on the machine.

DESCRIPTION

The accounts component manages the local accounts on a machine. LDAP authentication depends on the LDAP configuration, which is handled by ncm-authconfig. Shadowing of passwords is also controlled by ncm-authconfig.

FUNCTIONS accounts provides several functions as an API to handle creation of users and groups. They are mainly targeted at helping creating consistent accounts across machines, using a central definition of all accounts and a per machine list of accounts to be actually created. All these functions update a structure_accounts (return value may be assigned to “/software/components/accounts”). Behaviour of these functions can be customized by definining some variables before calling them, mainly : ACCOUNTS_USER_HOME_ROOT defines default root for home directory (Default: /home) ACCOUNTS_USER_CREATE_HOME defines if home directory must be created by default (Default: true) ACCOUNTS_USER_AUTOGROUP defines if a group must be defined with the same name as the user, if no group has been explicitly specified (Default: true). ACCOUNTS_USER_CHECK_GROUP defines if the default group must be created if it doesn’t exist, with a gid equals to uid (Default: true) ACCOUNTS_USER_COMMENT defines a default value for user comment (Default: Created by ncm-accounts) ACCOUNTS_GROUP_COMMENT defines a default value for group comment (Default: Created by ncm-accounts) create_accounts_from_db(userList:nlist, users:list:optional, accountType:optional)

This function creates users or groups from a nlist containing user or group characteristics. It updates a struc- ture_accounts (return value may be assigned to /software/components/accounts). User/group characteristics must be provided as structure_userinfo/structure_groupinfo. Second parameter, if presents, gives the list of users to create from user_list. This allows to use a unique user/group definition for all nodes, to warrant consistency between nodes. By default (accountType undefined or 0), this function creates user accounts. To create groups, set third parameter (accountType) to 1.

1.3. configuration-modules-core 103 Quattor Documentation, Release 0.0.1 create_group(groupname:string, params:structure_groupinfo)

This function creates a group, applying some defaults defined by variables and checking information consistency. It updates a structure_accounts (return value may be assigned to /software/components/accounts). create_user(username:string, params:structure_userinfo)

This function creates a user, applying some defaults defined by variables and checking information consistency (e.g. group existence). It updates a structure_accounts (return value may be assigned to Default: /software/components/accounts). keep_user_group(user_or_group:string or list of string)

This functions adds a user or group to the kept_users or kept_groups resources. The argument can be a string or list of strings. The return value can be assigned to /software/components/accounts/kept_users or /software/components/accounts/kept_groups.

RESOURCES

/software/components/accounts/rootpwd

The crypted root password for the machine.

/software/components/accounts/users

An nlist of users to configure on the node. The key is the account name (or base name for pool accounts). The numerical UID is mandatory. The available fields are: comment real name or comment about user. Defaults to user name itself. homeDir full path of the home directory of the user. Defaults to the system default. For pool accounts this will be used as a base for creating numbered home directories; if this is not set the username will be used as a base. createHome boolean indicating whether to create a home directory for the user. Defaults to false. groups a list of groups for this user. The first group listed is the primary group. If this is not given, then it will default to a group named identically to the user name. NOTE: If this group already exists, then the command to add the user will fail. password the crypted password entry for the user. No default. If not given it will result in a locked account, except if the account already exists and has a defined password: in this case, it will be kept. shell

104 Chapter 1. Content Quattor Documentation, Release 0.0.1

the shell for the user. If it is defined as an empty string, the current shell is preserved for an existing account (for a new account, it will remain undefined, meaning that the default shell on the system will be used). Defaults to /bin/bash. uid the uid value for this account. Mandatory. This is interpreted as the base uid value for pool accounts (i.e. poolSize > 0). poolStart the index at which to start the pool accounts. The default is 0. This must be a non-negative number. poolDigits the number of digits to which the pool account numbers are padded. For example a value of 3 will create accounts atlas000, atlas001, etc. The default is the number of digits in the highest-numbered pool account. poolSize number of pool accounts to create. The default is 0 which indicates that it is a normal (unique) account. A value greater than 0 will create a set of numbered accounts with the given user name as a base. E.g. a base name of “atlas” and a poolSize=3 will create three accounts atlas0 atlas1 atlas2.

/software/components/accounts/groups

An nlist of groups to configure on the node. The key is the group name. At least one field must be specified. comment ignored, but provided so gid doesn’t have to be gid the optional gid number for the group requiredMembers An optional list of users that must be added as member of the group. The users don’t have to be local users, defined in the configuration. Note 1: group members present in the /etc/group file but not defined in the current configuration are removed by ncm-accounts if they are not required members. Note 2: for users defined in the configuration the preferred way to add them to groups is by defining their groups property. replaceMembers (boolean) When true, current members of the group (if existing) are replaced by the groups defined in the configu- ration (coming from requiredMembers and user groups). If false, groups from the configuration are merged with existing ones. D: false

/software/components/accounts/login_defs

A nlist of values to be set in /etc/login.defs. NOTE: This configuration file is specific to RedHat-like systems; setting will be ignored on other systems. This file configures all kinds of default settings such as:

1.3. configuration-modules-core 105 Quattor Documentation, Release 0.0.1 uid_min, uid_max Min/max values for automatic uid selection in useradd. gid_min, gid_max Min/max values for automatic gid selection in groupadd. pass_max_days Maximum number of days a password may be used. pass_min_days Minimum number of days allowed between password changes. pass_min_len Minimum acceptable password length. pass_warn_age Number of days warning given before a password expires. create_home If useradd should create home directories for users by default.

/software/components/accounts/remove_unknown

Flag to indicate whether unknown accounts should be deleted. The default is false. The root account can never be removed.

/software/components/accounts/preserved_accounts

This property may have 3 values: ‘none’, ‘system’, ‘dyn_user_group’. It controls the accounts/groups that have to be preserved when remove_unknown is true (it has no effect when remove_unknown=false). The effect of each possible value is: system all accounts/groups in the system range (strictly below GID/UID_MIN as defined in /etc/login.defs) are preserved even though they are not present in the configuration. It is possible to use login_defs/uid_min and login_defs/gid_min properties to control the preserved ranges. dyn_user_group all accounts/groups in the system range and in the range used for dynamic uid/gid allocation by user- add command, ie. all accounts/groups with uid/gid less or equal to GID/UID_MAX as defined in /etc/login.defs, are preserved. The exact list of accounts preserved depends on UID/GID_MAX value. It is possible to use login_defs/uid_max and login_defs/gid_max properties to control the preserved ranges. Not that remove_unknown=true with preserved_accounts=dyn_user_group and UID/GID_MAX set to the highest possible IDs is equivalent to remove_unknown=false. none all existing accounts/groups not present in the configuration are removed from the system (except root). ** Default: ** dyn_user_group

106 Chapter 1. Content Quattor Documentation, Release 0.0.1

LIMITATIONS

Local users belonging to LDAP groups

When a local user has to belong to a group defined only on LDAP, a local group with the desired numerical ID is created. This group has the same name as the user ID. It will be removed on the next run of the component if remove_unknown is set to true. This is somewhat ugly, but doesn’t affect the system behaviour at all, so it won’t be fixed. nsswitch.conf status

The component has been tested with files as the primary source on /etc/nsswitch.conf for group and passwd. Different settings may produce strange behaviour. These settings are not controlled by ncm-accounts but by ncm-authconfig.

Types

• /software/accounts/defined_user • /software/accounts/defined_group

Functions

• is_user_or_group • Arguments: – the type (‘user’ or ‘group’) – the name(s). Can be more than one argument or a single list of names. All arguments have to be defined. • create_group • create_user • create_accounts_from_db • keep_user_group

Types

• /software/accounts/structure_userinfo – /software/accounts/structure_userinfo/comment

* Optional * Type: string – /software/accounts/structure_userinfo/homeDir

* Optional * Type: string

1.3. configuration-modules-core 107 Quattor Documentation, Release 0.0.1

– /software/accounts/structure_userinfo/createHome

* Optional * Type: boolean – /software/accounts/structure_userinfo/createKeys

* Optional * Type: boolean – /software/accounts/structure_userinfo/groups

* Optional * Type: string – /software/accounts/structure_userinfo/password

* Optional * Type: string – /software/accounts/structure_userinfo/shell

* Optional * Type: string – /software/accounts/structure_userinfo/uid

* Optional * Type: long * Range: 0.. – /software/accounts/structure_userinfo/poolStart

* Optional * Type: long * Range: 0.. – /software/accounts/structure_userinfo/poolDigits

* Optional * Type: long * Range: 1.. – /software/accounts/structure_userinfo/poolSize

* Optional * Type: long * Range: 0.. – /software/accounts/structure_userinfo/info

* Optional * Type: string – /software/accounts/structure_userinfo/ldap

* Optional

108 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean • /software/accounts/structure_groupinfo – /software/accounts/structure_groupinfo/comment

* Optional * Type: string – /software/accounts/structure_groupinfo/gid

* Optional * Type: long * Range: 1.. – /software/accounts/structure_groupinfo/requiredMembers

* Optional * Type: string – /software/accounts/structure_groupinfo/replaceMembers

* Optional * Type: boolean • /software/accounts/structure_login_defs – /software/accounts/structure_login_defs/uid_min

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/uid_max

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/gid_min

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/gid_max

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/pass_max_days

* Optional * Type: long * Range: 1..

1.3. configuration-modules-core 109 Quattor Documentation, Release 0.0.1

– /software/accounts/structure_login_defs/pass_min_days

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/pass_min_len

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/pass_warn_age

* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/create_home

* Optional * Type: legacy_binary_affirmation_string – /software/accounts/structure_login_defs/mail_dir

* Optional * Type: string – /software/accounts/structure_login_defs/umask

* Optional * Type: string – /software/accounts/structure_login_defs/userdel_cmd

* Optional * Type: string – /software/accounts/structure_login_defs/usergroups_enab

* Optional * Type: boolean • /software/accounts/accounts_component – /software/accounts/accounts_component/rootpwd

* Optional * Type: string – /software/accounts/accounts_component/rootshell

* Optional * Type: string – /software/accounts/accounts_component/shadowpwd

* Optional

110 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/accounts/accounts_component/users

* Optional * Type: structure_userinfo – /software/accounts/accounts_component/groups

* Optional * Type: structure_groupinfo – /software/accounts/accounts_component/login_defs

* Optional * Type: structure_login_defs – /software/accounts/accounts_component/remove_unknown

* Optional * Type: boolean – /software/accounts/accounts_component/preserved_accounts

* Optional * Type: string – /software/accounts/accounts_component/kept_users

* Optional * Type: string – /software/accounts/accounts_component/kept_groups

* Optional * Type: string – /software/accounts/accounts_component/ldap

* Optional * Type: boolean

Functions

• has_unique_attr afsclt

NAME

NCM::afsclt - NCM AFS client configuration component

1.3. configuration-modules-core 111 Quattor Documentation, Release 0.0.1

SYNOPSIS

Configure() Configure the cell, the AFS cacheinfo file and the afsd daemon.

RESOURCES

/software/components/afsclt/afsd_args : nlist (optional) various command-line options for the afsd daemon /software/components/afsclt/afs_mount : string (optional) AFS mount point. If not defined, /afs is used. /software/components/afsclt/cachemount : string (optional) AFS cache mount point. No default. /software/components/afsclt/cachesize : string (optional) desired AFS cache size on disk, in 1K blocks, or AUTOMATIC. The running AFS cache will get adjusted online, and $afs_cacheinfo will be changed if required. Please note that an available (mounted) AFS cache partition has precedence over this value, i.e. you cannot force a lower usage of the cache partition. For Linux machines, a cache partition will use CACHESIZE=AUTOMATIC, for other OSes, a hardcoded fill rate of 85% is used. /software/components/afsclt/cellservdb : string (optional) A regularly-updated AFS CellServDB URL or filename (e.g. from AFS) that this component will copy to local disk. The local AFS client will get notified of any additions or changes within a cell. /software/components/afsclt/enabled : yes or no (required) Whether the AFS client should be enabled or not. No default. /software/components/afsclt/settime : boolean (optional) make AFS client set the system time or not. /software/components/afsclt/thiscell : string (required) local AFS cell for this machine. No default. /software/components/afsclt/thesecells : list of string (optional) List of AFS cells to authenticate to. No default.

Types

• /software/afsclt/component_afsclt_entry – /software/afsclt/component_afsclt_entry/thiscell

* Optional * Type: string – /software/afsclt/component_afsclt_entry/thesecells

* Optional * Type: string

112 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/afsclt/component_afsclt_entry/settime

* Optional * Type: boolean – /software/afsclt/component_afsclt_entry/cellservdb

* Optional * Type: string – /software/afsclt/component_afsclt_entry/afs_mount

* Optional * Type: string – /software/afsclt/component_afsclt_entry/cachemount

* Optional * Type: string – /software/afsclt/component_afsclt_entry/cachesize

* Optional * Type: string – /software/afsclt/component_afsclt_entry/enabled

* Optional * Type: legacy_binary_affirmation_string – /software/afsclt/component_afsclt_entry/afsd_args

* Optional * Type: string

Types

• /software/freeipa/aii_freeipa – /software/freeipa/aii_freeipa/module

* Optional * Type: string – /software/freeipa/aii_freeipa/remove

* Description: remove the host on AII removal (precedes disable) * Optional * Type: boolean – /software/freeipa/aii_freeipa/disable

* Description: disable the host on AII removal * Optional * Type: boolean

1.3. configuration-modules-core 113 Quattor Documentation, Release 0.0.1

Functions

• validate_aii_freeipa_hooks – Description: a function to validate all freeipa hooks example usage: bind “/system/aii/hooks” = dict with validate_aii_freeipa_hooks(‘post_reboot’)

Functions

• opennebula_ipv42mac – Description: This function generates OpenNebula MAC addresses from MAC_PREFIX + IPv4 Based on OpenNebula openneb- ula_ipv42mac function: https://github.com/OpenNebula/one/blob/master/share/router/vmcontext.rb Syntax: mac_prefix:string ipv4:string mac_prefix hex:hex value used also by oned.conf (02:00 by default) ipv4 IP used by the VM • opennebula_replace_vm_mac – Description: This function replaces nic hwaddr using OpenNebula MAC function Use the same MAC_PREFIX for OpenNebula component (oned.conf) and AII Syntax: mac_prefix:string mac_prefix hex:hex value used by oned.conf Example: “/hardware/cards/nic” = opennebula_replace_vm_mac(MAC_PREFIX);

Types

• /software/opennebula/structure_aii_opennebula – /software/opennebula/structure_aii_opennebula/module

* Optional * Type: string – /software/opennebula/structure_aii_opennebula/image

* Description: force create image from scratch, also stop/delete vm. VM images are not updated, if you want to resize or modify an available image from scratch use remove hook first. – Optional – Type: boolean – /software/opennebula/structure_aii_opennebula/template

* Description: force (re)create template, also stop/delete vm * Optional

114 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/opennebula/structure_aii_opennebula/vm

* Description: instantiate template (i.e. make vm) * Optional * Type: boolean – /software/opennebula/structure_aii_opennebula/onhold

* Description: vm is placed onhold, if false the VM execution is scheduled asap * Optional * Type: boolean • /software/opennebula/opennebula_vmtemplate_vnet • /software/opennebula/opennebula_vmtemplate_datastore • /software/opennebula/valid_interface_ignoremac – Description: Type that checks if the network interface is available from the quattor tree • /software/opennebula/opennebula_ignoremac – Description: Type that sets which net interfaces/MACs will not include MAC values within ONE templates • /software/opennebula/opennebula_ignoremac/macaddr – Optional – Type: type_hwaddr • /software/opennebula/opennebula_ignoremac/interface – Optional – Type: valid_interface_ignoremac • /software/opennebula/opennebula_permissions – Description: Type that changes resources owner/group permissions. By default opennebula-aii generates all the resources as onead- min owner/group. owner: OpenNebula user id or user name group: OpenNebula group id or username mode: Octal notation, e.g. 0600 • /software/opennebula/opennebula_permissions/owner – Optional – Type: string • /software/opennebula/opennebula_permissions/group – Optional – Type: string • /software/opennebula/opennebula_permissions/mode – Optional

1.3. configuration-modules-core 115 Quattor Documentation, Release 0.0.1

– Type: long • /software/opennebula/opennebula_vmtemplate_pci – Description: It is possible to discover PCI devices in the hosts and assign them to Virtual Machines for the KVM host. I/O MMU and SR-IOV must be supported and enabled by the host OS and BIOS. More than one PCI option can be added to attach more than one PCI device to the VM. The device can be also specified without all the type values. PCI values must be hexadecimal (0xhex) If the PCI values are not found in any host the VM is queued waiting for the required resouces. “onehost show ” command gives us the list of PCI devices and “vendor”, “device” and “class” values within PCI DEVICES section as example: VM ADDR TYPE NAME 06:00.1 15b3:1002:0c06 MT25400 Family [ConnectX-2 Virtual Function] VM: The VM ID using that specific device. Empty if no VMs are using that device. ADDR: PCI Address. TYPE: Values describing the device. These are VENDOR:DEVICE:CLASS. These values are used when selecting a PCI device do to passthrough. NAME: Name of the PCI device. In this case to request this IB device we should set: vendor: 0x15b3 device: 0x1002 class: 0x0c06 For more info: http://docs.opennebula.org/5.0/deployment/open_cloud_host_setup/pci_passthrough.html • /software/opennebula/opennebula_vmtemplate_pci/vendor – Description: first value from onehost TYPE section – Optional – Type: long • /software/opennebula/opennebula_vmtemplate_pci/device – Description: second value from onehost TYPE section – Optional – Type: long • /software/opennebula/opennebula_vmtemplate_pci/class – Description: third value from onehost TYPE section – Optional – Type: long • /software/opennebula/opennebula_placements – Description: Type that sets placement constraints and preferences for the VM, valid for all hosts More info: http://docs.opennebula. org/5.0/operation/references/template.html#placement-section • /software/opennebula/opennebula_placements/sched_requirements – Description: Boolean expression that rules out provisioning hosts from list of ma- chines suitable to run this VM. • Optional

116 Chapter 1. Content Quattor Documentation, Release 0.0.1

• Type: string • /software/opennebula/opennebula_placements/sched_rank – Description: This field sets which attribute will be used to sort the suitable hosts for this VM. Basically, it defines which hosts are more suitable than others. • Optional • Type: string • /software/opennebula/opennebula_placements/sched_ds_requirements – Description: Boolean expression that rules out entries from the pool of datastores suitable to run this VM. • Optional • Type: string • /software/opennebula/opennebula_placements/sched_ds_rank – Description: States which attribute will be used to sort the suitable datastores for this VM. Basically, it defines which datastores are more suitable than others. • Optional • Type: string • /software/opennebula/opennebula_vmtemplate – /software/opennebula/opennebula_vmtemplate/vnet

* Description: Set the VNETs opennebula/vnet (bridges) required by each VM network interface

* Optional * Type: opennebula_vmtemplate_vnet – /software/opennebula/opennebula_vmtemplate/datastore

* Description: Set the OpenNebula opennebula/datastore name for each vdx * Optional * Type: opennebula_vmtemplate_datastore – /software/opennebula/opennebula_vmtemplate/ignoremac

* Description: Set ignoremac tree to avoid to include MAC values within AR/VM tem- plates

* Optional * Type: opennebula_ignoremac – /software/opennebula/opennebula_vmtemplate/graphics

* Description: Set graphics to export VM graphical display (VNC is used by default) * Optional * Type: string

1.3. configuration-modules-core 117 Quattor Documentation, Release 0.0.1

– /software/opennebula/opennebula_vmtemplate/diskcache

* Description: Select the cache mechanism for your disks. (by default is set to none) * Optional * Type: string – /software/opennebula/opennebula_vmtemplate/diskdriver

* Description: specific image mapping driver. qcow2 is not supported by Ceph storage backends

* Optional * Type: string – /software/opennebula/opennebula_vmtemplate/permissions

* Optional * Type: opennebula_permissions – /software/opennebula/opennebula_vmtemplate/pci

* Description: Set pci list values to enable PCI Passthrough. PCI passthrough section is also generated based on /hardware/cards///pci values.

– Optional – Type: opennebula_vmtemplate_pci – /software/opennebula/opennebula_vmtemplate/labels

* Description: labels is a list of strings to group the VMs under a given name and filter them in the admin and cloud views. It is also possible to include in the list sub-labels using a common slash: list(“Name”, “Name/SubName”) This feature is available since OpenNebula 5.x, below this version the change does not take effect. – Optional – Type: string – /software/opennebula/opennebula_vmtemplate/placements

* Optional * Type: opennebula_placements – /software/opennebula/opennebula_vmtemplate/memorybacking

* Description: The optional memoryBacking element may contain several elements that influence how virtual memory pages are backed by host pages. hugepages: This tells the hypervisor that the guest should have its memory allocated using hugepages instead of the normal native page size. nosharepages: Instructs hypervisor to disable shared pages (memory merge, KSM) for this domain. locked: When set and supported by the hypervisor, memory pages belonging to the domain will be locked in hosts memory and the host will not be allowed to swap them out, which might be required for some workloads such as real-time. For QEMU/KVM guests, the memory used by the QEMU process itself will be locked too: unlike guest memory, this is an amount libvirt has no way of figuring out in advance, so it has to remove the limit on locked memory altogether. Thus, enabling this option opens up to a potential security risk: the

118 Chapter 1. Content Quattor Documentation, Release 0.0.1

host will be unable to reclaim the locked memory back from the guest when its running out of memory, which means a malicious guest allocating large amounts of locked memory could cause a denial-of-service attach on the host. – Optional – Type: string

Functions

• validate_aii_opennebula_hooks – Description: Function to validate all aii_opennebula hooks • is_consistent_memorybacking aiiserver

DESCRIPTION

The aiiserver component manages the configuration of an AII (Automated Installation Infrastructure) server.

RESOURCES

This components also uses configuration parameters related to https from ncm-ccm: ca_dir, ca_file, cert_file, key_file.

Types

• /software/aiiserver/structure_aiishellfe – /software/aiiserver/structure_aiishellfe/cachedir

* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/ca_dir

* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/ca_file

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/cdburl

* Optional * Type: type_absoluteURI – /software/aiiserver/structure_aiishellfe/cert_file

* Optional

1.3. configuration-modules-core 119 Quattor Documentation, Release 0.0.1

* Type: string – /software/aiiserver/structure_aiishellfe/grub2_efi_kernel_root

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/grub2_efi_linux_cmd

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/key_file

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/lockdir

* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/logfile

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/nbpdir

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/nbpdir_grub2

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/noaction

* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/nodhcp

* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/nonbp

* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/noosinstall

* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/osinstalldir

* Optional

120 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/profile_format

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/profile_prefix

* Optional * Type: string – /software/aiiserver/structure_aiishellfe/use_fqdn

* Optional * Type: boolean • /software/aiiserver/structure_aiidhcp – /software/aiiserver/structure_aiidhcp/dhcpconf

* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiidhcp/restartcmd

* Optional * Type: string – /software/aiiserver/structure_aiidhcp/norestart

* Optional * Type: boolean • /software/aiiserver/aiiserver_component – /software/aiiserver/aiiserver_component/aii-shellfe

* Description: Configures the aii-shellfe tool. * Optional * Type: structure_aiishellfe – /software/aiiserver/aiiserver_component/aii-dhcp

* Description: Configures AII::DHCP and the aii-dhcp legacy tool. * Optional * Type: structure_aiidhcp altlogrotate

NAME ncm-altlogrotate: configuration module to control the log rotate configuration.

1.3. configuration-modules-core 121 Quattor Documentation, Release 0.0.1

DESCRIPTION

The altlogrotate component manages the log rotate configuration files. It replaced the original logrotate which is no longer available.

Types

• /software/altlogrotate/structure_altlogrotate_scripts – /software/altlogrotate/structure_altlogrotate_scripts/prerotate

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_scripts/postrotate

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_scripts/firstaction

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_scripts/lastaction

* Optional * Type: string • /software/altlogrotate/structure_altlogrotate_create_params – /software/altlogrotate/structure_altlogrotate_create_params/mode

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_create_params/owner

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_create_params/group

* Optional * Type: string • /software/altlogrotate/structure_altlogrotate_logrot – /software/altlogrotate/structure_altlogrotate_logrot/pattern

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/global

* Description: part of global configuration file, requires an entry called ‘global’. The ‘global’ entry does not require the global flag.

* Optional

122 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/overwrite

* Description: Create and overwrite configfile with the entry as filename, if it previously existed (only non-global files). (If such file does not exist, use the ncm-altlogrotate suffix as usual)

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/include

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/compress

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/copy

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/copytruncate

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/delaycompress

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/ifempty

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/missingok

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/sharedscripts

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/dateext

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/compresscmd

* Optional

1.3. configuration-modules-core 123 Quattor Documentation, Release 0.0.1

* Type: string – /software/altlogrotate/structure_altlogrotate_logrot/uncompresscmd

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/compressext

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/compressoptions

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/create

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/createparams

* Optional * Type: structure_altlogrotate_create_params – /software/altlogrotate/structure_altlogrotate_logrot/extension

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/mail

* Optional * Type: type_email – /software/altlogrotate/structure_altlogrotate_logrot/nomail

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/mailselect

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/olddir

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/noolddir

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/rotate

* Optional

124 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. – /software/altlogrotate/structure_altlogrotate_logrot/start

* Optional * Type: long * Range: 0.. – /software/altlogrotate/structure_altlogrotate_logrot/size

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/taboo_replace

* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/tabooext

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/frequency

* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/scripts

* Optional * Type: structure_altlogrotate_scripts • /software/altlogrotate/altlogrotate_component – /software/altlogrotate/altlogrotate_component/configFile

* Description: Logrotate configuration file location, defaults to /etc/logrotate.conf. * Optional * Type: string – /software/altlogrotate/altlogrotate_component/configDir

* Description: Logrotate entries directory path, defaults to /etc/logrotate.d, entries will be written to individual config files under this path.

* Optional * Type: string – /software/altlogrotate/altlogrotate_component/entries

* Description: A named list containing logrotate structures. Follows the logrotate config format, so see ‘man 8 logrotate’ for a detailed explanation of all options. The ‘global’ entry (if exists) is put at the beginning of the main configuration.

* Optional

1.3. configuration-modules-core 125 Quattor Documentation, Release 0.0.1

* Type: structure_altlogrotate_logrot amandaserver

DESCRIPTION

This component configures amanda server, the “Advanced Maryland Automatic Network Disk Archiver”.

FILES

This component generates the following files: * /etc/amanda/backupname/amanda.conf * /etc/amanda/backupname/disklist Furthermore, when using virtual tapes (tpchanger='chg-disk') it creates (only if these files do not exist previ- ously): * /etc/amanda/backupname/tapelist * tapedev_dir/slotXX * symbolic to the first slot It also labels the virtual tapes (this is very dangerous cause labelling the tapes destroy the content, have this into account if you already have data in the tapedev directory)

STRUCTURE

These are the top-level fields provided by the component. For information on any of these fields’ structure, please look amanda’s documentation. * /software/components/amandaserver/backupname/config/general_options Named list of general configuration options (goes to /etc/amanda/backupname/amanda.conf). Depending on the value of option tpchanger it might create the virtual tapes in the path specified by option tapedev. * /software/components/amandaserver/backupname/config/holdingdisks : holdingdisk{} Named list of holdingdisk structures, indexed by holdingdisk. name (goes to /etc/amanda/backupname/amanda.conf). * /software/components/amandaserver/backupname/config/tapetypes : tapetype{} Named list of tapetype structures, indexed by tapetype name. (goes to /etc/amanda/backupname/amanda.conf). * /software/components/amandaserver/backupname/config/dumptypes : dumptype{} Named list of dumptype structures, indexed by dumptype name. (goes to /etc/amanda/backupname/amanda.conf). * /software/components/amandaserver/backupname/config/interfaces : interface{} Named list of interface structures, indexed by interface name. (goes to /etc/amanda/backupname/amanda.conf).

126 Chapter 1. Content Quattor Documentation, Release 0.0.1

* /software/components/amandaserver/backupname/disklists : disk[] List of disk structures (goes to /etc/amanda/backupname/disklist).

Types

• /software/amandaserver/columnspec – /software/amandaserver/columnspec/name

* Optional * Type: string – /software/amandaserver/columnspec/space

* Optional * Type: long – /software/amandaserver/columnspec/width

* Optional * Type: long • /software/amandaserver/backupstring • /software/amandaserver/tapetypestring • /software/amandaserver/dumptypestring • /software/amandaserver/interfacestring • /software/amandaserver/booleanstring • /software/amandaserver/sizestring • /software/amandaserver/speedstring • /software/amandaserver/structure_amandaserver_general – /software/amandaserver/structure_amandaserver_general/org

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/mailto

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/dumpcycle

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/runspercycle

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/tapecycle

* Optional

1.3. configuration-modules-core 127 Quattor Documentation, Release 0.0.1

* Type: long – /software/amandaserver/structure_amandaserver_general/dumpuser

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/printer

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapedev

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/rawtapedev

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tpchanger

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/changerdev

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/changerfile

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/runtapes

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/maxdumpsize

* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_general/taperalgo

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/labelstr

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapetype

* Optional

128 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/amandaserver/structure_amandaserver_general/ctimeout

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/dtimeout

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/etimeout

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/inparallel

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/netusage

* Optional * Type: speedstring – /software/amandaserver/structure_amandaserver_general/dumporder

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/maxdumps

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/bumpsize

* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_general/bumpmult

* Optional * Type: double – /software/amandaserver/structure_amandaserver_general/bumpdays

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/disklist

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/infofile

* Optional

1.3. configuration-modules-core 129 Quattor Documentation, Release 0.0.1

* Type: string – /software/amandaserver/structure_amandaserver_general/logdir

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/indexdir

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapelist

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapebufs

* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/reserve

* Optional * Type: number – /software/amandaserver/structure_amandaserver_general/autoflush

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_general/amrecover_do_fsf

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_general/amrecover_check_label

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_general/amrecover_changer

* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/columnspec

* Optional * Type: columnspec – /software/amandaserver/structure_amandaserver_general/includefile

* Optional * Type: string • /software/amandaserver/structure_amandaserver_holdingdisk – /software/amandaserver/structure_amandaserver_holdingdisk/comment

130 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/amandaserver/structure_amandaserver_holdingdisk/directory

* Optional * Type: string – /software/amandaserver/structure_amandaserver_holdingdisk/use

* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_holdingdisk/chunksize

* Optional * Type: sizestring • /software/amandaserver/structure_amandaserver_dumptype_conf – /software/amandaserver/structure_amandaserver_dumptype_conf/auth

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/comment

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/comprate

* Optional * Type: double – /software/amandaserver/structure_amandaserver_dumptype_conf/compress

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/dumpcycle

* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/exclude

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/holdingdisk

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/ignore

* Optional * Type: booleanstring

1.3. configuration-modules-core 131 Quattor Documentation, Release 0.0.1

– /software/amandaserver/structure_amandaserver_dumptype_conf/include

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/index

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/kencrypt

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/maxdumps

* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/maxpromoteday

* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/priority

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/program

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/record

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/skip-full

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/skip-incr

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/starttime

* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/strategy

* Optional * Type: string

132 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/amandaserver/structure_amandaserver_dumptype_conf/inc_dumptypes

* Optional * Type: string • /software/amandaserver/structure_amandaserver_dumptype – /software/amandaserver/structure_amandaserver_dumptype/dumptype_name

* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype/dumptype_conf

* Optional * Type: structure_amandaserver_dumptype_conf • /software/amandaserver/structure_amandaserver_tapetype_conf – /software/amandaserver/structure_amandaserver_tapetype_conf/comment

* Optional * Type: string – /software/amandaserver/structure_amandaserver_tapetype_conf/filemark

* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_tapetype_conf/length

* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_tapetype_conf/block-size

* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_tapetype_conf/file-pad

* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_tapetype_conf/speed

* Optional * Type: speedstring – /software/amandaserver/structure_amandaserver_tapetype_conf/lbl-templ

* Optional * Type: string – /software/amandaserver/structure_amandaserver_tapetype_conf/inc_tapetypes

* Optional * Type: string • /software/amandaserver/structure_amandaserver_tapetype

1.3. configuration-modules-core 133 Quattor Documentation, Release 0.0.1

– /software/amandaserver/structure_amandaserver_tapetype/tapetype_name

* Optional * Type: string – /software/amandaserver/structure_amandaserver_tapetype/tapetype_conf

* Optional * Type: structure_amandaserver_tapetype_conf • /software/amandaserver/structure_amandaserver_interface_conf – /software/amandaserver/structure_amandaserver_interface_conf/comment

* Optional * Type: string – /software/amandaserver/structure_amandaserver_interface_conf/use

* Optional * Type: speedstring – /software/amandaserver/structure_amandaserver_interface_conf/inc_interfaces

* Optional * Type: string • /software/amandaserver/structure_amandaserver_interface – /software/amandaserver/structure_amandaserver_interface/interface_name

* Optional * Type: string – /software/amandaserver/structure_amandaserver_interface/interface_conf

* Optional * Type: structure_amandaserver_interface_conf • /software/amandaserver/structure_amandaserver_config – /software/amandaserver/structure_amandaserver_config/general_options

* Optional * Type: structure_amandaserver_general – /software/amandaserver/structure_amandaserver_config/holdingdisks

* Optional * Type: structure_amandaserver_holdingdisk – /software/amandaserver/structure_amandaserver_config/tapetypes

* Optional * Type: structure_amandaserver_tapetype – /software/amandaserver/structure_amandaserver_config/dumptypes

* Optional * Type: structure_amandaserver_dumptype

134 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/amandaserver/structure_amandaserver_config/interfaces

* Optional * Type: structure_amandaserver_interface • /software/amandaserver/structure_amandaserver_disk – /software/amandaserver/structure_amandaserver_disk/hostname

* Optional * Type: string – /software/amandaserver/structure_amandaserver_disk/diskname

* Optional * Type: string – /software/amandaserver/structure_amandaserver_disk/dumptype

* Optional * Type: string • /software/amandaserver/structure_amandaserver_backup – /software/amandaserver/structure_amandaserver_backup/config

* Optional * Type: structure_amandaserver_config – /software/amandaserver/structure_amandaserver_backup/disklist

* Optional * Type: structure_amandaserver_disk • /software/amandaserver/structure_amandaserver_amandahost – /software/amandaserver/structure_amandaserver_amandahost/domain

* Optional * Type: string – /software/amandaserver/structure_amandaserver_amandahost/user

* Optional * Type: string • /software/amandaserver/structure_component_amandaserver – /software/amandaserver/structure_component_amandaserver/backups

* Optional * Type: structure_amandaserver_backup – /software/amandaserver/structure_component_amandaserver/amandahosts

* Optional * Type: structure_amandaserver_amandahost

1.3. configuration-modules-core 135 Quattor Documentation, Release 0.0.1 authconfig

NAME ncm-authconfig: NCM component to manage system authentication services.

DESCRIPTION

The authconfig component manages the system authentication methods on RedHat systems using the authconfig command. In addition, it can set additional operational parameters for LDAP authentication by modifying the /etc/ ldap.conf (SL5), the /etc/nslcd.conf (SL6) or /etc/sssd/sssd.conf (EL6/7) files directly. It will also enable/disable NSCD support on the client.

EXAMPLE

include "components/authconfig/config";

prefix "/software/components/authconfig"; "active"= true;

"safemode"= false;

"usemd5"= true; "useshadow"= true; "usecache"= true;

prefix "/software/components/authconfig/method/files"; "enable"= true;

prefix "/software/components/authconfig/method/ldap"; "enable"= false; "nssonly"= false; "conffile"= "/etc/ldap.conf"; "servers"= list ("tbn06.nikhef.nl", "hooimijt.nikhef.nl"); "basedn"= "dc=farmnet,dc=nikhef,dc=nl"; "tls/enable"= true; "binddn"= "cn=proxyuser,dc=example,dc=com"; "bindpw"= "secret"; "rootbinddn"= "cn=manager,dc=example,dc=com"; "port"= 389; "timeouts/idle"= 3600; "timeouts/bind"= 30; "timeouts/search"= 30; "pam_filter"= "|(gid=1012)(gid=1013)"; "pam_login_attribute"= "uid"; "pam_groupdn"= "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,

˓→dc=nl"; "pam_member_attribute"= "uniquemember"; "tls/peercheck"= "yes";

"tls/cacertfile"= undef; "tls/cacertdir"= undef; "tls/ciphers"= undef;

(continues on next page)

136 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) "nss_base_passwd"= "OU=Users,OU=Organic Units,DC=cern,DC=ch"; "nss_base_group"= "OU=SLC,OU=Workgroups,DC=cern,DC=ch"; "bind_policy"= "soft"; "nss_map_objectclass/posixAccount"= "user"; "nss_map_objectclass/shadowAccount"= "user"; "nss_map_objectclass/posixGroup"= "group"; "nss_map_attribute/uid"= "sAMAccountName"; "nss_map_attribute/homeDirectory"= "unixHomeDirectory"; "nss_map_attribute/uniqueMember"= "member"; "pam_login_attribute"= "sAMAccountName"; "ssl"= "start_tls";

"pam_min_uid"= "0"; # NOT IMPLEMENTED # "pam_max_uid"= "0"; # NOT IMPLEMENTED #

prefix "/software/components/authconfig/method/nis"; "enable"= false; "domain"= "nikhef.nl"; "servers"= list ( "ajax.nikhef.nl");

prefix "/software/components/authconfig/method/krb5"; "enable"= false; "kdcs"= list ( "kdc.nikhef.nl"); "adminserver"= list ( "krbadmin.nikhef.nl"); "realm"= "NIKHEF.NL";

prefix "/software/components/authconfig/method/smb"; "enable"= false; "workgroup"= "NIKHEF"; "servers"= list ( "paling.nikhef.nl");

prefix "/software/components/authconfig/method/hesiod"; "enable"= false; "lhs"= "lefthanded"; "rhs"= "righthanded"; =cut use parent qw(NCM::Component); our $EC = LC::Exception::Context->new->will_store_all; our $NoActionSupported = 1; use CAF::Process; use CAF::Service; use CAF::FileEditor; use CAF::FileWriter 17.2.1; use EDG::WP4::CCM::TextRender; use File::Path; use Fcntl qw(:seek); use constant SSSD_FILE => ‘/etc/sssd/sssd.conf’; use constant SSSD_TT_MODULE => ‘sssd’; use constant NSCD_LOCK => ‘/var/lock/subsys/nscd’; # prevent authconfig from trying to launch in X11 mode delete($ENV{“DISPLAY”}); sub update_pam_file { my ($self, $tree) = @_;

my $fh= CAF::FileEditor->new($tree->{conffile}, log=>$self, backup=> ".old"); (continues on next page)

1.3. configuration-modules-core 137 Quattor Documentation, Release 0.0.1

(continued from previous page)

# regexp needs to match whole line my ($start,$end)=$fh->get_header_positions(qr{^#%PAM-\d+. *$}m); my @begin_whence; if ($start ==-1){ # no header found @begin_whence= BEGINNING_OF_FILE; } else { @begin_whence= (SEEK_SET,$end); }

foreach my $i(@{$tree->{lines}}) { my @whence=$i->{order} eq 'first'? @begin_whence : ENDING_OF_FILE;

if ($i->{entry} =~m{(?:^|\s+)(\S+\.so)(?:\s|$)}){ my $module=$1; $fh->add_or_replace_lines(qr{^#?\s*$tree->{section}\s+\S+\s+$module}, qr{^$tree->{section}\s+$i->{entry}$}, "$tree->{section} $i->{entry}\n", @whence); } else { $self->error("No '.so' module found in entry '$i->{entry}' (this is an

˓→error in the profile). Skipping."); } }

$fh->close(); } sub build_pam_systemauth { my ($self, $tree) = @_;

foreach my $i(sort(keys(%$tree))) { $self->update_pam_file($tree->{$i}) } }

# Disable an authentication method sub disable_method { my ($self, $method, $cmd) = @_;

if ($method eq 'files'){ $self->warn("Cannot disable files method"); return; }

$self->verbose("Disabling authentication method $method"); $cmd->pushargs("--disable$method"); }

# Enable the “files” authentication method in nsswitch. Actually, it # does nothing. sub enable_files { my $self = shift;

$self->verbose("Files method is always enabled"); }

138 Chapter 1. Content Quattor Documentation, Release 0.0.1

# Adds the authconfig command-line options to enable Kerberos5 # authentication to $cmd. sub enable_krb5 { my ($self, $cfg, $cmd) = @_;

$self->verbose("Enabling KRB5 authentication");

$cmd->pushargs(qw(--enablekrb5 --krb5realm)); $cmd->pushargs($cfg->{realm}); $cmd->pushargs("--krb5kdc", join(",",@{$cfg->{kdcs}})) if exists$cfg->{kdcs}; $cmd->pushargs("--krb5adminserver", join(",",@{$cfg->{adminservers}})) if exists$cfg->{adminservers}; }

# Adds the authconfig command-line options to enable SMB # authentication to $cmd. sub enable_smb { my ($self, $cfg, $cmd) = @_;

$self->verbose("Enabling SMB authentication");

$cmd->pushargs(qw(--enablesmbauth --smbworkgroup)); $cmd->pushargs($cfg->{workgroup}); $cmd->pushargs("--smbservers", join(",",@{$cfg->{servers}})); }

# Adds the authconfig command-line options to enable NIS # authentication to $cmd. sub enable_nis { my ($self, $cfg, $cmd) = @_;

$self->verbose("Enabling NIS authentication"); $cmd->pushargs(qw(--enablenis --nisdomain)); $cmd->pushargs($cfg->{domain}); $cmd->pushargs("--nisserver", join(",",@{$cfg->{servers}})); }

# Adds the authconfig command-line options to enable HESIOD # authentication to $cmd. sub enable_hesiod { my ($self, $cfg, $cmd) = @_;

$self->verbose("Enabling Hesiod authentication"); $cmd->pushargs(qw(--enablehesiod --hesiodlhs)); $cmd->pushargs($cfg->{lhs}); $cmd->pushargs("--hesiodrhs",$cfg->{rhs}); }

# Adds the authconfig command-line options to enable LDAP # authentication to $cmd. sub enable_ldap { my ($self, $cfg, $cmd) = @_;

if ($cfg->{nssonly}) { $cmd->pushargs("--disableldapauth"); } else { $cmd->pushargs("--enableldapauth"); }

$cmd->pushargs("--enableldap"); $cmd->pushargs("--ldapserver", join(",",@{$cfg->{servers}})) if exists$cfg->{servers}; $cmd->pushargs("--ldapbasedn=$cfg->{basedn}"); (continues on next page)

1.3. configuration-modules-core 139 Quattor Documentation, Release 0.0.1

(continued from previous page) $cmd->pushargs("--enableldaptls") if $cfg->{enableldaptls}; }

# Adds the authconfig command-line options to enable NSLCD (LDAP as of # SL6) authentication to $cmd. sub enable_nslcd { my ($self, $cfg, $cmd) = @_;

$cmd->pushargs(qw(--enableldapauth --enableldap)); $cmd->pushargs("--ldapserver", join(",",@{$cfg->{uri}})); $cmd->pushargs("--ldapbasedn=$cfg->{basedn}");

# Only enable TLS if requested; just setting ssl on should not enable TLS. $cmd->pushargs("--enableldaptls") if $cfg->{ssl}&&$cfg->{ssl} eq "start_tls"; }

# Adds the authconfig command-line to enable SSSD. sub enable_sssd { my ($self, $cfg, $cmd) = @_;

if ($cfg->{nssonly}) { $cmd->pushargs(qw(--disablesssdauth)); } else { $cmd->pushargs(qw(--enablesssdauth)); } $cmd->pushargs("--enablesssd"); } sub authconfig { my ($self, $t) = @_;

my ($stdout,$stderr); my $cmd= CAF::Process->new([qw(authconfig --kickstart)], log=>$self, stdout=>\$stdout, stderr=>\$stderr, timeout=> 60);

foreach my $i(qw(shadow cache)){ $cmd->pushargs($t->{"use$i"}? "--enable$i": "--disable$i"); }

$cmd->pushargs("--passalgo=$t->{passalgorithm}");

$cmd->pushargs("--enableforcelegacy") if $t->{enableforcelegacy};

while (my ($method,$v)= each(%{$t->{method}})) { if ($v->{enable}) { $method= "enable_$method"; $self->$method($v,$cmd); } else { $self->disable_method($method,$cmd) } } $cmd->setopts(timeout=> 60, stdout=>\$stdout, (continues on next page)

140 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) stderr=>\$stderr); $cmd->execute(); if ($stdout){ $self->info("authconfig command output produced:"); $self->report($stdout); } if ($stderr){ $self->info("authconfig command ERROR produced:"); $self->report($stderr); } }

# Configures /etc/ldap.conf which is the file configuring LDAP # authentication on SL5. sub configure_ldap { my ($self, $tree) = @_;

delete($tree->{enable}); my $fh= CAF::FileWriter->new($tree->{conffile}, group=> 28, log=>$self, mode=> oct(644), backup=> ".old"); delete($tree->{conffile}); # These fields have different print $fh "idle_timelimit $tree->{timeouts}->{idle}\n"; print $fh "bind_timelimit $tree->{timeouts}->{bind}\n"; print $fh "timelimit $tree->{timeouts}->{search}\n"; print $fh "tls_checkpeer ", $tree->{tls}->{peercheck} ? "true": "false", "\n"; print $fh "tls_cacertfile $tree->{tls}->{cacertfile}\n" if $tree->{tls}->{cacertfile}; print $fh "tls_cacertdir $tree->{tls}->{cacertdir}\n" if $tree->{tls}->{cacertdir}; print $fh "tls_ciphers $tree->{tls}->{ciphers}\n" if $tree->{tls}->{ciphers}; print $fh "TLS_REQCERT $tree->{tls}->{reqcert}\n"; for my $i(0.. $#{$tree->{servers}}) { if (!($tree->{servers}[$i] =~ /:/)) { $tree->{servers}[$i]= 'ldap://'.$tree->{servers}[$i].'/'; } } print $fh "uri ", join("",@{$tree->{servers}}), "\n"; print $fh "base $tree->{basedn}\n";

delete($tree->{basedn}); delete($tree->{tls}); delete($tree->{timeouts}); delete($tree->{servers}); foreach my $i(qw(nss_map_objectclass nss_map_attribute nss_override_attribute_value)){ while (my ($k,$v)= each(%{$tree->{$i}})) { print $fh "$i $k $v\n"; } delete($tree->{$i}); }

while (my ($k,$v)= each(%$tree)) { (continues on next page)

1.3. configuration-modules-core 141 Quattor Documentation, Release 0.0.1

(continued from previous page) print $fh "$k $v\n"; }

return $fh->close(); }

# Configures nslcd, if needed. sub configure_nslcd { my ($self, $tree) = @_;

my $fh= CAF::FileWriter->new("/etc/nslcd.conf", mode=> oct(600), log=>$self); my ($changed,$proc);

delete($tree->{enable});

print $fh "# File generated by ", __PACKAGE__, ". Do not edit edit\n";

print $fh "base $tree->{basedn}\n"; delete($tree->{basedn}); while (my ($group,$values)= each(%{$tree->{map}})) { while (my ($k,$v)= each(%$values)) { print $fh "map $group $k $v\n"; } } delete($tree->{map});

# uri needs whitespace-separated list of values if (exists$tree->{uri}) { print $fh "uri ", join("",@{$tree->{uri}}), "\n"; delete($tree->{uri}); }

while (my ($k,$v)= each(%$tree)) { if (!ref($v)) { print $fh "$k $v"; } elsif (ref($v) eq 'ARRAY'){ print $fh "$k ", join(",", @$v); } elsif (ref($v) eq 'HASH'){ while (my ($kh,$vh)= each(%$v)) { print $fh "$k $kh $vh\n"; } } print $fh "\n"; }

if ($changed=$fh->close()) { my $srv= CAF::Service->new([qw(nslcd)], log=>$self); if (!$srv->restart()) { $self->error("Failed to restart nslcd"); } } return $changed; } sub configure_sssd {

142 Chapter 1. Content Quattor Documentation, Release 0.0.1

my ($self, $config) = @_;

my $trd= EDG::WP4::CCM::TextRender->new( SSSD_TT_MODULE, $config, relpath=> 'authconfig', log=>$self, );

# can't be empty string, is at least '[sssd]' if ($trd){ my $fh=$trd->filewriter(SSSD_FILE, log=>$self, mode=> oct(600),

˓→sensitive=>1); my $changed=$fh->close();

if ($changed){ my $srv= CAF::Service->new([qw(sssd)], log=>$self); if (!$srv->restart()) { $self->error("Failed to restart SSSD"); } }

return $changed; } else { $self->error("Unable to render template sssd: $trd->{fail}"); return; } }

# Restarts NSCD if that is needed. It’s ugly because on some versions # of SL stopping or starting may fail. sub restart_nscd { my $self = shift;

$self->verbose("Attempting to restart nscd");

# try a restart first. This is more reliable, as a stop/start # may fail to remove /var/lock/subsys/nscd my $nscd= CAF::Service->new([qw(nscd)], log=>$self, timeout=> 30);

if (!$nscd->restart()) { $nscd->stop();

sleep(1); CAF::Process->new([qw(killall nscd)], log=>$self)->execute();

sleep(2); unlink(NSCD_LOCK) if -e NSCD_LOCK;

$nscd->start(); }

sleep(1); $?=0;

CAF::Process->new([qw(nscd -i passwd)], log=>$self)->run();

if ($?){ (continues on next page)

1.3. configuration-modules-core 143 Quattor Documentation, Release 0.0.1

(continued from previous page) $self->error("Failed to restart NSCD"); } } sub Configure { my ($self, $config) = @_;

my $tree=$config->getTree($self->prefix());

# authconfig basic configuration $self->authconfig($tree);

my $restart;

# On SL5 this configures LDAP authentication. On other versions # this probably doesn't hurt anyways. if ($tree->{method}->{ldap}->{enable}) { $restart=$self->configure_ldap($tree->{method}->{ldap}); }

# This configures LDAP authentication on SL6. if ($tree->{method}->{nslcd}->{enable}) { $restart ||=$self->configure_nslcd($tree->{method}->{nslcd}); }

if ($tree->{method}->{sssd}->{enable}) { $restart ||=$self->configure_sssd($tree->{method}->{sssd}); }

$self->build_pam_systemauth($tree->{pamadditions});

my $cache=$tree->{usecache}; $self->restart_nscd() if $cache&&$restart;

return 1; }

1;

Types

• /software/authconfig/authconfig_method_generic_type – /software/authconfig/authconfig_method_generic_type/enable

* Description: Enable this method. Unlisted methods are always disabled. * Optional * Type: boolean • /software/authconfig/authconfig_pamadditions_line_type – /software/authconfig/authconfig_pamadditions_line_type/order

* Optional * Type: string

144 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_pamadditions_line_type/entry

* Optional * Type: string • /software/authconfig/authconfig_pamadditions_type – /software/authconfig/authconfig_pamadditions_type/conffile

* Optional * Type: string – /software/authconfig/authconfig_pamadditions_type/section

* Optional * Type: string – /software/authconfig/authconfig_pamadditions_type/lines

* Optional * Type: authconfig_pamadditions_line_type • /software/authconfig/authconfig_method_ldap_tls_type – /software/authconfig/authconfig_method_ldap_tls_type/enable

* Optional * Type: boolean – /software/authconfig/authconfig_method_ldap_tls_type/peercheck

* Optional * Type: boolean – /software/authconfig/authconfig_method_ldap_tls_type/cacertfile

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_tls_type/cacertdir

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_tls_type/ciphers

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_tls_type/reqcert

* Optional * Type: string • /software/authconfig/authconfig_method_ldap_timeouts_type – /software/authconfig/authconfig_method_ldap_timeouts_type/idle

* Optional * Type: long

1.3. configuration-modules-core 145 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_method_ldap_timeouts_type/bind

* Optional * Type: long – /software/authconfig/authconfig_method_ldap_timeouts_type/search

* Optional * Type: long • /software/authconfig/authconfig_nss_map_objectclass – /software/authconfig/authconfig_nss_map_objectclass/posixAccount

* Optional * Type: string – /software/authconfig/authconfig_nss_map_objectclass/shadowAccount

* Optional * Type: string – /software/authconfig/authconfig_nss_map_objectclass/posixGroup

* Optional * Type: string • /software/authconfig/authconfig_nss_map_attribute – /software/authconfig/authconfig_nss_map_attribute/uid

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/homeDirectory

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/uniqueMember

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/uidNumber

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/gidNumber

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/cn

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/userPassword

146 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/loginShell

* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/gecos

* Optional * Type: string • /software/authconfig/authconfig_nss_override_attribute_value – /software/authconfig/authconfig_nss_override_attribute_value/unixHomeDirectory

* Optional * Type: string – /software/authconfig/authconfig_nss_override_attribute_value/loginShell

* Optional * Type: string – /software/authconfig/authconfig_nss_override_attribute_value/gecos

* Optional * Type: string – /software/authconfig/authconfig_nss_override_attribute_value/gidNumber

* Optional * Type: long • /software/authconfig/connect_policy • /software/authconfig/authconfig_method_ldap_type – /software/authconfig/authconfig_method_ldap_type/servers

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nssonly

* Optional * Type: boolean – /software/authconfig/authconfig_method_ldap_type/conffile

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/basedn

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/tls

1.3. configuration-modules-core 147 Quattor Documentation, Release 0.0.1

* Optional * Type: authconfig_method_ldap_tls_type – /software/authconfig/authconfig_method_ldap_type/binddn

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/bindpw

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/scope

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/rootbinddn

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/port

* Optional * Type: type_port – /software/authconfig/authconfig_method_ldap_type/timeouts

* Optional * Type: authconfig_method_ldap_timeouts_type – /software/authconfig/authconfig_method_ldap_type/pam_filter

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_login_attribute

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_lookup_policy

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_password

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_groupdn

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_member_attribute

148 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_check_service_attr

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_check_host_attr

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_min_uid

* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/pam_max_uid

* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/nss_base_passwd

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_base_group

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_base_shadow

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/bind_policy

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/ssl

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_map_objectclass

* Optional * Type: authconfig_nss_map_objectclass – /software/authconfig/authconfig_method_ldap_type/nss_map_attribute

* Optional * Type: authconfig_nss_map_attribute – /software/authconfig/authconfig_method_ldap_type/nss_override_attribute_value

1.3. configuration-modules-core 149 Quattor Documentation, Release 0.0.1

* Optional * Type: authconfig_nss_override_attribute_value – /software/authconfig/authconfig_method_ldap_type/nss_initgroups_ignoreusers

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/debug

* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/log_dir

* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_paged_results

* Optional * Type: legacy_binary_affirmation_string – /software/authconfig/authconfig_method_ldap_type/pagesize

* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/nss_connect_policy

* Optional * Type: connect_policy • /software/authconfig/authconfig_method_nis_type – /software/authconfig/authconfig_method_nis_type/servers

* Optional * Type: type_hostname – /software/authconfig/authconfig_method_nis_type/domain

* Optional * Type: string • /software/authconfig/authconfig_method_krb5_type – /software/authconfig/authconfig_method_krb5_type/kdcs

* Optional * Type: type_hostname – /software/authconfig/authconfig_method_krb5_type/adminservers

* Optional * Type: type_hostname – /software/authconfig/authconfig_method_krb5_type/realm

* Optional

150 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/authconfig/authconfig_method_smb_type – /software/authconfig/authconfig_method_smb_type/servers

* Optional * Type: type_hostname – /software/authconfig/authconfig_method_smb_type/workgroup

* Optional * Type: string • /software/authconfig/authconfig_method_hesiod_type – /software/authconfig/authconfig_method_hesiod_type/lhs

* Optional * Type: string – /software/authconfig/authconfig_method_hesiod_type/rhs

* Optional * Type: string • /software/authconfig/authconfig_method_files_type • /software/authconfig/authconfig_nslcd_map_attributes – Description: LDAP attributes, as per RFC 2307 – /software/authconfig/authconfig_nslcd_map_attributes/uid

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/gid

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/uidNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/gidNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/gecos

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/homeDirectory

* Optional * Type: string

1.3. configuration-modules-core 151 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_nslcd_map_attributes/loginShell

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowLastChange

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowMin

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowMax

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowWarning

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowInactive

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowExpire

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowFlag

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/memberUid

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/memberNisNetgroup

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/nisNetgroupTriple

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipServicePort

* Optional * Type: string

152 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_nslcd_map_attributes/ipServiceProtocol

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipProtocolNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/oncRpcNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipHostNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipNetworkNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipNetmaskNumber

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/macAddress

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/bootParameter

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/bootFile

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/nisMapName

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/nisMapEntry

* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/uniqueMember

* Optional * Type: string

1.3. configuration-modules-core 153 Quattor Documentation, Release 0.0.1

• /software/authconfig/authconfig_nslcd_maps – /software/authconfig/authconfig_nslcd_maps/alias

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/ethers

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/group

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/host

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/netgroup

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/networks

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/passwd

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/protocols

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/service

* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/shadow

* Optional * Type: authconfig_nslcd_map_attributes • /software/authconfig/authconfig_nslcd_filter – /software/authconfig/authconfig_nslcd_filter/alias

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/ethers

154 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/group

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/host

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/netgroup

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/networks

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/passwd

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/protocols

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/service

* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/shadow

* Optional * Type: string • /software/authconfig/authconfig_method_nslcd_type – /software/authconfig/authconfig_method_nslcd_type/threads

* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/uid

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/gid

* Optional * Type: string

1.3. configuration-modules-core 155 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_method_nslcd_type/uri

* Optional * Type: type_hostURI – /software/authconfig/authconfig_method_nslcd_type/binddn

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/rootpwmoddn

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/krb5_ccname

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/basedn

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/base

* Optional * Type: authconfig_nslcd_filter – /software/authconfig/authconfig_method_nslcd_type/scope

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/deref

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/filter

* Optional * Type: authconfig_nslcd_filter – /software/authconfig/authconfig_method_nslcd_type/map

* Optional * Type: authconfig_nslcd_maps – /software/authconfig/authconfig_method_nslcd_type/bind_timelimit

* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/timelimit

* Optional * Type: long

156 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_method_nslcd_type/idle_timelimit

* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/reconnect_sleeptime

* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/reconnect_retrytime

* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/ssl

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_reqcert

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_cacertdir

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_randfile

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_ciphers

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_cert

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_cert

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_key

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/pagesize

* Optional * Type: long

1.3. configuration-modules-core 157 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_method_nslcd_type/nss_initgroups_ignoreusers

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/pam_authz_search

* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/bindpw

* Optional * Type: string • /software/authconfig/authconfig_method_type – /software/authconfig/authconfig_method_type/files

* Optional * Type: authconfig_method_files_type – /software/authconfig/authconfig_method_type/ldap

* Optional * Type: authconfig_method_ldap_type – /software/authconfig/authconfig_method_type/nis

* Optional * Type: authconfig_method_nis_type – /software/authconfig/authconfig_method_type/krb5

* Optional * Type: authconfig_method_krb5_type – /software/authconfig/authconfig_method_type/smb

* Optional * Type: authconfig_method_smb_type – /software/authconfig/authconfig_method_type/hesiod

* Optional * Type: authconfig_method_hesiod_type – /software/authconfig/authconfig_method_type/nslcd

* Optional * Type: authconfig_method_nslcd_type – /software/authconfig/authconfig_method_type/sssd

* Optional * Type: authconfig_method_sssd_type • /software/authconfig/hash_string • /software/authconfig/authconfig_component

158 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_component/safemode

* Description: When set to true, no actual configuration will change. Default: false. * Optional * Type: boolean – /software/authconfig/authconfig_component/passalgorithm

* Optional * Type: hash_string – /software/authconfig/authconfig_component/useshadow

* Description: Enable the use of shadow password files. * Optional * Type: boolean – /software/authconfig/authconfig_component/usecache

* Description: Enable or disable nscd operation. * Optional * Type: boolean – /software/authconfig/authconfig_component/enableforcelegacy

* Optional * Type: boolean – /software/authconfig/authconfig_component/usemd5

* Description: Enable the use of MD5 hashed password. * Optional * Type: boolean – /software/authconfig/authconfig_component/method

* Description: dict of authentication methods to enable. Supported methods are: files, ldap, nis, krb5, smb, hesiod, nslcd and sssd. The “files” method cannot be disabled. – Optional – Type: authconfig_method_type – /software/authconfig/authconfig_component/pamadditions

* Optional * Type: authconfig_pamadditions_type

Types

• /software/authconfig/sssd_provider_string – Description: Valid SSSD providers. • /software/authconfig/sssd_auth_provider_string

1.3. configuration-modules-core 159 Quattor Documentation, Release 0.0.1

– Description: Valid SSSD auth providers. • /software/authconfig/sssd_ldap_schema_string – Description: Valid LDAP schema types. • /software/authconfig/authconfig_sssd_simple – Description: Simple access provider for SSSD. See the sssd-simple man page. – /software/authconfig/authconfig_sssd_simple/allow_users

* Optional * Type: string – /software/authconfig/authconfig_sssd_simple/deny_users

* Optional * Type: string – /software/authconfig/authconfig_sssd_simple/allow_groups

* Optional * Type: string – /software/authconfig/authconfig_sssd_simple/deny_groups

* Optional * Type: string • /software/authconfig/sssd_service • /software/authconfig/sssd_global – /software/authconfig/sssd_global/debug_level

* Optional * Type: long – /software/authconfig/sssd_global/config_file_version

* Optional * Type: long – /software/authconfig/sssd_global/services

* Optional * Type: sssd_service – /software/authconfig/sssd_global/reconnection_retries

* Optional * Type: long – /software/authconfig/sssd_global/re_expression

* Optional

160 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/authconfig/sssd_global/full_name_format

* Optional * Type: string – /software/authconfig/sssd_global/try_inotify

* Optional * Type: boolean – /software/authconfig/sssd_global/krb5_rcache_dir

* Optional * Type: string – /software/authconfig/sssd_global/default_domain_suffix

* Optional * Type: string • /software/authconfig/sssd_pam – /software/authconfig/sssd_pam/debug_level

* Optional * Type: long – /software/authconfig/sssd_pam/reconnection_retries

* Optional * Type: long – /software/authconfig/sssd_pam/offline_credentials_expiration

* Optional * Type: long – /software/authconfig/sssd_pam/offline_failed_login_attempts

* Optional * Type: long – /software/authconfig/sssd_pam/offline_failed_login_delay

* Optional * Type: long – /software/authconfig/sssd_pam/pam_verbosity

* Optional * Type: long – /software/authconfig/sssd_pam/pam_id_timeout

* Optional * Type: long – /software/authconfig/sssd_pam/pam_pwd_expiration_warning

1.3. configuration-modules-core 161 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/authconfig/sssd_pam/get_domains_timeout

* Optional * Type: long • /software/authconfig/sssd_nss – /software/authconfig/sssd_nss/debug_level

* Optional * Type: long – /software/authconfig/sssd_nss/reconnection_retries

* Optional * Type: long – /software/authconfig/sssd_nss/enum_cache_timeout

* Optional * Type: long – /software/authconfig/sssd_nss/entry_cache_nowait_percentage

* Optional * Type: long – /software/authconfig/sssd_nss/entry_negative_timeout

* Optional * Type: long – /software/authconfig/sssd_nss/filter_users

* Optional * Type: string – /software/authconfig/sssd_nss/filter_users_in_groups

* Optional * Type: boolean – /software/authconfig/sssd_nss/filter_groups

* Optional * Type: string – /software/authconfig/sssd_nss/memcache_timeout

* Optional * Type: long • /software/authconfig/authconfig_sssd_local – /software/authconfig/authconfig_sssd_local/default_shell

* Optional

162 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/authconfig/authconfig_sssd_local/base_directory

* Optional * Type: string – /software/authconfig/authconfig_sssd_local/create_homedir

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_local/remove_homedir

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_local/homedir_umask

* Optional * Type: long – /software/authconfig/authconfig_sssd_local/skel_dir

* Optional * Type: string – /software/authconfig/authconfig_sssd_local/mail_dir

* Optional * Type: string – /software/authconfig/authconfig_sssd_local/userdel_cmd

* Optional * Type: string • /software/authconfig/authconfig_sssd_domain – /software/authconfig/authconfig_sssd_domain/reconnection_retries

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/ldap

* Optional * Type: authconfig_sssd_ldap – /software/authconfig/authconfig_sssd_domain/ipa

* Optional * Type: authconfig_sssd_ipa – /software/authconfig/authconfig_sssd_domain/simple

* Optional * Type: authconfig_sssd_simple – /software/authconfig/authconfig_sssd_domain/local

1.3. configuration-modules-core 163 Quattor Documentation, Release 0.0.1

* Optional * Type: authconfig_sssd_local – /software/authconfig/authconfig_sssd_domain/access_provider

* Optional * Type: sssd_provider_string – /software/authconfig/authconfig_sssd_domain/id_provider

* Optional * Type: sssd_provider_string – /software/authconfig/authconfig_sssd_domain/auth_provider

* Optional * Type: sssd_auth_provider_string – /software/authconfig/authconfig_sssd_domain/chpass_provider

* Optional * Type: sssd_auth_provider_string – /software/authconfig/authconfig_sssd_domain/debug_level

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/sudo_provider

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/selinux_provider

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/subdomains_provider

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/autofs_provider

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/hostid_provider

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/re_expression

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/full_name_format

164 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/lookup_family_order

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/dns_resolver_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/dns_discovery_domain

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/override_gid

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/case_sensitive

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/proxy_fast_alias

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/subdomain_homedir

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/proxy_pam_target

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/proxy_lib_name

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/min_id

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/max_id

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/enumerate

1.3. configuration-modules-core 165 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/force_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_user_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_group_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_netgroup_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_service_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_sudo_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_autofs_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/refresh_expired_interval

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/cache_credentials

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/account_cache_expiration

166 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/pwd_expiration_warning

* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/ldap_schema

* Optional * Type: sssd_ldap_schema_string – /software/authconfig/authconfig_sssd_domain/ldap_group_name

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_referrals

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ldap_sasl_mech

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_sasl_authid

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_id_mapping

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ldap_search_base

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_account_expire_policy

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_access_order

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_krb5_keytab

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/krb5_realm

1.3. configuration-modules-core 167 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/krb5_use_enterprise_principal

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/krb5_use_kdcinfo

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ad_enable_gc

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ad_domain

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ad_enabled_domains

* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ad_gpo_access_control

* Optional * Type: string • /software/authconfig/authconfig_method_sssd_type – /software/authconfig/authconfig_method_sssd_type/nssonly

* Optional * Type: boolean – /software/authconfig/authconfig_method_sssd_type/domains

* Optional * Type: authconfig_sssd_domain – /software/authconfig/authconfig_method_sssd_type/global

* Optional * Type: sssd_global – /software/authconfig/authconfig_method_sssd_type/pam

* Optional * Type: sssd_pam – /software/authconfig/authconfig_method_sssd_type/nss

* Optional * Type: sssd_nss

168 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/authconfig/authconfig_sssd_ipa_krb5 – Description: Kerberos settings for the IPA access provider – /software/authconfig/authconfig_sssd_ipa_krb5/validate

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_krb5/realm

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_krb5/canonicalize

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_krb5/use_fast

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_krb5/confd_path

* Optional * Type: absolute_file_path • /software/authconfig/authconfig_sssd_ipa_dyndns – Description: dyndns settings for the IPA access provider – /software/authconfig/authconfig_sssd_ipa_dyndns/update

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_dyndns/ttl

* Optional * Type: long * Range: 0.. – /software/authconfig/authconfig_sssd_ipa_dyndns/iface

* Optional * Type: valid_interface – /software/authconfig/authconfig_sssd_ipa_dyndns/refresh_interval

* Optional * Type: long * Range: 0..

1.3. configuration-modules-core 169 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_sssd_ipa_dyndns/update_ptr

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_dyndns/force_tcp

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_dyndns/server

* Optional * Type: type_ip • /software/authconfig/authconfig_sssd_ipa_search_base – Description: search_base settings for the IPA access provider – /software/authconfig/authconfig_sssd_ipa_search_base/hbac

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/host

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/selinux

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/subdomains

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/master_domain

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/views

* Optional * Type: string • /software/authconfig/authconfig_sssd_ipa – Description: IPA access provider for SSSD. See the sssd-ipa man page. – /software/authconfig/authconfig_sssd_ipa/krb5

* Optional * Type: authconfig_sssd_ipa_krb5

170 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_sssd_ipa/dyndns

* Optional * Type: authconfig_sssd_ipa_dyndns – /software/authconfig/authconfig_sssd_ipa/search_base

* Optional * Type: authconfig_sssd_ipa_search_base – /software/authconfig/authconfig_sssd_ipa/domain

* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa/server

* Optional * Type: type_hostname – /software/authconfig/authconfig_sssd_ipa/backup_server

* Optional * Type: type_hostname – /software/authconfig/authconfig_sssd_ipa/hostname

* Optional * Type: type_hostname – /software/authconfig/authconfig_sssd_ipa/enable_dns_sites

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa/hbac_refresh

* Optional * Type: long * Range: 0.. – /software/authconfig/authconfig_sssd_ipa/hbac_selinux

* Optional * Type: long * Range: 0.. – /software/authconfig/authconfig_sssd_ipa/server_mode

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa/automount_location

* Optional * Type: string

1.3. configuration-modules-core 171 Quattor Documentation, Release 0.0.1

Types

• /software/authconfig/ldap_schema • /software/authconfig/ldap_authok • /software/authconfig/ldap_deref • /software/authconfig/ldap_order • /software/authconfig/sssd_chpass – Description: LDAP chpass fields – /software/authconfig/sssd_chpass/uri

* Optional * Type: type_absoluteURI – /software/authconfig/sssd_chpass/backup_uri

* Optional * Type: type_absoluteURI – /software/authconfig/sssd_chpass/dns_service_name

* Optional * Type: string – /software/authconfig/sssd_chpass/update_last_change

* Optional * Type: boolean • /software/authconfig/sssd_ldap_defaults – /software/authconfig/sssd_ldap_defaults/bind_dn

* Optional * Type: string – /software/authconfig/sssd_ldap_defaults/authtok_type

* Optional * Type: ldap_authok – /software/authconfig/sssd_ldap_defaults/authtok

* Optional * Type: string • /software/authconfig/sssd_netgroup – Description: LDAP netgroup fields – /software/authconfig/sssd_netgroup/object_class

* Optional * Type: string

172 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/sssd_netgroup/name

* Optional * Type: string – /software/authconfig/sssd_netgroup/member

* Optional * Type: string – /software/authconfig/sssd_netgroup/triple

* Optional * Type: string – /software/authconfig/sssd_netgroup/uuid

* Optional * Type: string – /software/authconfig/sssd_netgroup/modify_timestamp

* Optional * Type: string – /software/authconfig/sssd_netgroup/search_base

* Optional * Type: string • /software/authconfig/sssd_autofs – Description: LDAP autofs fields – /software/authconfig/sssd_autofs/map_object_class

* Optional * Type: string – /software/authconfig/sssd_autofs/map_name

* Optional * Type: string – /software/authconfig/sssd_autofs/entry_object_class

* Optional * Type: string – /software/authconfig/sssd_autofs/entry_key

* Optional * Type: string – /software/authconfig/sssd_autofs/entry_value

* Optional * Type: string

1.3. configuration-modules-core 173 Quattor Documentation, Release 0.0.1

– /software/authconfig/sssd_autofs/search_base

* Optional * Type: string • /software/authconfig/sssd_ldap_service – Description: LDAP IP service fields – /software/authconfig/sssd_ldap_service/object_class

* Optional * Type: string – /software/authconfig/sssd_ldap_service/name

* Optional * Type: string – /software/authconfig/sssd_ldap_service/port

* Optional * Type: string – /software/authconfig/sssd_ldap_service/proto

* Optional * Type: string – /software/authconfig/sssd_ldap_service/search_base

* Optional * Type: string • /software/authconfig/authconfig_sssd_ldap – Description: LDAP access provider for SSSD. See the sssd-ldap man page. Timeouts are expressed in seconds. – /software/authconfig/authconfig_sssd_ldap/user

* Optional * Type: sssd_user – /software/authconfig/authconfig_sssd_ldap/group

* Optional * Type: sssd_group – /software/authconfig/authconfig_sssd_ldap/chpass

* Optional * Type: sssd_chpass – /software/authconfig/authconfig_sssd_ldap/default

* Optional * Type: sssd_ldap_defaults

174 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_sssd_ldap/sasl

* Optional * Type: sssd_sasl – /software/authconfig/authconfig_sssd_ldap/krb5

* Optional * Type: sssd_krb5 – /software/authconfig/authconfig_sssd_ldap/sudo

* Optional * Type: sssd_sudo – /software/authconfig/authconfig_sssd_ldap/sudorule

* Optional * Type: sssd_sudorule – /software/authconfig/authconfig_sssd_ldap/tls

* Optional * Type: sssd_tls – /software/authconfig/authconfig_sssd_ldap/netgroup

* Optional * Type: sssd_netgroup – /software/authconfig/authconfig_sssd_ldap/autofs

* Optional * Type: sssd_autofs – /software/authconfig/authconfig_sssd_ldap/uri

* Optional * Type: type_absoluteURI – /software/authconfig/authconfig_sssd_ldap/backup_uri

* Optional * Type: type_absoluteURI – /software/authconfig/authconfig_sssd_ldap/search_base

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/schema

* Optional * Type: ldap_schema – /software/authconfig/authconfig_sssd_ldap/service

* Optional * Type: sssd_ldap_service

1.3. configuration-modules-core 175 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_sssd_ldap/krb5_backup_server

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/krb5_canonicalize

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/krb5_realm

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/krb5_server

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/access_filter

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/access_order

* Optional * Type: ldap_order – /software/authconfig/authconfig_sssd_ldap/connection_expire_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/deref

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/deref_threshold

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/disable_paging

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/dns_service_name

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/entry_usn

* Optional * Type: string

176 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_sssd_ldap/enumeration_refresh_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/enumeration_search_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/force_upper_case_realm

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/groups_use_matching_rule_in_chain

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/id_use_start_tls

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/id_mapping

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/network_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/ns_account_lock

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/offline_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/opt_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/page_size

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/purge_cache_timeout

* Optional * Type: long

1.3. configuration-modules-core 177 Quattor Documentation, Release 0.0.1

– /software/authconfig/authconfig_sssd_ldap/pwd_policy

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/referrals

* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/rootdse_last_usn

* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/search_timeout

* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/account_expire_policy

* Optional * Type: string

Types

• /software/authconfig/sssd_sasl – /software/authconfig/sssd_sasl/mech

* Optional * Type: string – /software/authconfig/sssd_sasl/authid

* Optional * Type: string – /software/authconfig/sssd_sasl/realm

* Optional * Type: string – /software/authconfig/sssd_sasl/canonicalize

* Optional * Type: boolean – /software/authconfig/sssd_sasl/minssf

* Optional * Type: long • /software/authconfig/sssd_krb5 – /software/authconfig/sssd_krb5/keytab

* Optional

178 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/authconfig/sssd_krb5/init_creds

* Optional * Type: boolean – /software/authconfig/sssd_krb5/ticket_lifetime

* Optional * Type: long

Types

• /software/authconfig/sssd_sudorule – /software/authconfig/sssd_sudorule/object_class

* Optional * Type: string – /software/authconfig/sssd_sudorule/name

* Optional * Type: string – /software/authconfig/sssd_sudorule/command

* Optional * Type: string – /software/authconfig/sssd_sudorule/host

* Optional * Type: string – /software/authconfig/sssd_sudorule/user

* Optional * Type: string – /software/authconfig/sssd_sudorule/option

* Optional * Type: string – /software/authconfig/sssd_sudorule/runasuser

* Optional * Type: string – /software/authconfig/sssd_sudorule/runasgroup

* Optional * Type: string – /software/authconfig/sssd_sudorule/notbefore

* Optional

1.3. configuration-modules-core 179 Quattor Documentation, Release 0.0.1

* Type: string – /software/authconfig/sssd_sudorule/notafter

* Optional * Type: string – /software/authconfig/sssd_sudorule/order

* Optional * Type: string • /software/authconfig/sssd_sudo – /software/authconfig/sssd_sudo/full_refresh_interval

* Optional * Type: long – /software/authconfig/sssd_sudo/smart_refresh_interval

* Optional * Type: long – /software/authconfig/sssd_sudo/use_host_filter

* Optional * Type: boolean – /software/authconfig/sssd_sudo/hostnames

* Optional * Type: string – /software/authconfig/sssd_sudo/ip

* Optional * Type: string – /software/authconfig/sssd_sudo/include_netgroups

* Optional * Type: boolean – /software/authconfig/sssd_sudo/include_regexp

* Optional * Type: boolean – /software/authconfig/sssd_sudo/search_base

* Optional * Type: string

180 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/authconfig/ldap_req_checks • /software/authconfig/sssd_tls – /software/authconfig/sssd_tls/cacert

* Optional * Type: string – /software/authconfig/sssd_tls/cacertdir

* Optional * Type: string – /software/authconfig/sssd_tls/cert

* Optional * Type: string – /software/authconfig/sssd_tls/key

* Optional * Type: string – /software/authconfig/sssd_tls/cipher_suite

* Optional * Type: string – /software/authconfig/sssd_tls/reqcert

* Optional * Type: ldap_req_checks

Types

• /software/authconfig/sssd_user – /software/authconfig/sssd_user/object_class

* Optional * Type: string – /software/authconfig/sssd_user/uid_number

* Optional * Type: string – /software/authconfig/sssd_user/gid_number

* Optional * Type: string – /software/authconfig/sssd_user/name

* Optional * Type: string

1.3. configuration-modules-core 181 Quattor Documentation, Release 0.0.1

– /software/authconfig/sssd_user/gecos

* Optional * Type: string – /software/authconfig/sssd_user/home_directory

* Optional * Type: string – /software/authconfig/sssd_user/shell

* Optional * Type: string – /software/authconfig/sssd_user/uuid

* Optional * Type: string – /software/authconfig/sssd_user/objectsid

* Optional * Type: string – /software/authconfig/sssd_user/modify_timestamp

* Optional * Type: string – /software/authconfig/sssd_user/shadow_last_change

* Optional * Type: string – /software/authconfig/sssd_user/shadow_min

* Optional * Type: string – /software/authconfig/sssd_user/shadow_max

* Optional * Type: string – /software/authconfig/sssd_user/shadow_warning

* Optional * Type: string – /software/authconfig/sssd_user/shadow_inactive

* Optional * Type: string – /software/authconfig/sssd_user/shadow_expire

* Optional * Type: string

182 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/authconfig/sssd_user/krb_last_pwd_change

* Optional * Type: string – /software/authconfig/sssd_user/krb_password_expiration

* Optional * Type: string – /software/authconfig/sssd_user/ad_account_expires

* Optional * Type: string – /software/authconfig/sssd_user/ad_user_account_control

* Optional * Type: string – /software/authconfig/sssd_user/nds_login_disabled

* Optional * Type: string – /software/authconfig/sssd_user/nds_login_expiration_time

* Optional * Type: string – /software/authconfig/sssd_user/nds_login_allowed_time_map

* Optional * Type: string – /software/authconfig/sssd_user/principal

* Optional * Type: string – /software/authconfig/sssd_user/ssh_public_key

* Optional * Type: string – /software/authconfig/sssd_user/fullname

* Optional * Type: string – /software/authconfig/sssd_user/member_of

* Optional * Type: string – /software/authconfig/sssd_user/authorized_service

* Optional * Type: string

1.3. configuration-modules-core 183 Quattor Documentation, Release 0.0.1

– /software/authconfig/sssd_user/authorized_host

* Optional * Type: string – /software/authconfig/sssd_user/search_base

* Optional * Type: string – /software/authconfig/sssd_user/search_filter

* Optional * Type: string • /software/authconfig/sssd_group – /software/authconfig/sssd_group/object_class

* Optional * Type: string – /software/authconfig/sssd_group/name

* Optional * Type: string – /software/authconfig/sssd_group/gid_number

* Optional * Type: string – /software/authconfig/sssd_group/member

* Optional * Type: string – /software/authconfig/sssd_group/uuid

* Optional * Type: string – /software/authconfig/sssd_group/objectsid

* Optional * Type: string – /software/authconfig/sssd_group/modify_timestamp

* Optional * Type: string – /software/authconfig/sssd_group/nesting_level

* Optional * Type: long – /software/authconfig/sssd_group/search_base

* Optional

184 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/authconfig/sssd_group/search_filter

* Optional * Type: string autofs

NAME ncm-autofs: NCM component to manage autofs configuration.

DESCRIPTION

The autofs component manages autofs master map and generated maps. It allows both exclusive management by the component or preservation of local changes.

EXAMPLES

Scenario 1 : Configure a NFS mountpoint

We will mount the NFS filesystem nfsserv.example.org: /data under /tmp_mnt/nfsdata prefix '/software/components/autofs/maps/data'; 'entries/nfsdata/location'= 'nfsserv.example.org:/data'; 'mapname'= '/etc/auto.nfsdata'; 'mountpoint'= '/tmp_mnt'; 'options'= 'rw,noatime,hard';

Scenario 2 : Configuration with dict() usage prefix '/software/components/autofs'; 'preserveMaster'= false; prefix '/software/components/autofs/maps/misc'; 'enabled'= true; 'preserve'= false; 'mapname'= '/etc/auto.misc'; 'type'= 'file'; 'mountpoint'= '/misc'; 'entries'= dict( 'kickstart', dict( 'location', 'misc.example.com:/misc' ) ); prefix '/software/components/autofs/maps/garden'; 'enabled'= true; 'preserve'= false; 'mapname'= '/etc/auto.garden'; (continues on next page)

1.3. configuration-modules-core 185 Quattor Documentation, Release 0.0.1

(continued from previous page) 'type'= 'file'; 'options'=''; 'mountpoint'= '/home/garden'; 'entries'= dict( escape('*'), dict( 'options', '-rw,intr,rsize=8192,wsize=8192,actimeo=60,addr=10.21.12.10', 'location', 'crown-city.albion.net:/home/garden/&' ) );

Types

• /software/autofs/autofs_conf_common • /software/autofs/autofs_conf_autofs – /software/autofs/autofs_conf_autofs/timeout

* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/negative_timeout

* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/mount_wait

* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/umount_wait

* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/browse_mode

* Optional * Type: boolean – /software/autofs/autofs_conf_autofs/append_options

* Optional * Type: boolean – /software/autofs/autofs_conf_autofs/logging

* Optional * Type: string

186 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/autofs/autofs_conf_amd – /software/autofs/autofs_conf_amd/dismount_interval

* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_amd/map_type

* Optional * Type: string – /software/autofs/autofs_conf_amd/autofs_use_lofs

* Optional * Type: boolean • /software/autofs/autofs_conf – /software/autofs/autofs_conf/autofs

* Optional * Type: autofs_conf_autofs – /software/autofs/autofs_conf/amd

* Optional * Type: autofs_conf_amd – /software/autofs/autofs_conf/mountpoints

* Optional * Type: autofs_conf_amd • /software/autofs/autofs_mapentry_type – /software/autofs/autofs_mapentry_type/options

* Description: Specific mount options to be used with this entry. * Optional * Type: string – /software/autofs/autofs_mapentry_type/location

* Description: NFS server name/path associated with this entry. * Optional * Type: string • /software/autofs/autofs_map_type – /software/autofs/autofs_map_type/enabled

* Description: If false, ignore entries for this map (no change made). * Optional * Type: boolean – /software/autofs/autofs_map_type/preserve

1.3. configuration-modules-core 187 Quattor Documentation, Release 0.0.1

* Description: This flag indicated if local changes to the map must be preserved (true) or not (false).

* Optional * Type: boolean – /software/autofs/autofs_map_type/type

* Description: Map type. Supported types are : direct, file, program, yp, nisplus, hesiod, userdir and ldap. Only direct, file and program map contents can be managed by this component.

* Optional * Type: string – /software/autofs/autofs_map_type/mapname

* Description: Map name. If not defined, a default name is build (/etc/auto suffixed by map entry name).

* Optional * Type: string – /software/autofs/autofs_map_type/mountpoint

* Description: Mount point associated with this map. * Optional * Type: string – /software/autofs/autofs_map_type/mpaliases

* Description: mount point aliases (deprecated) * Optional * Type: string – /software/autofs/autofs_map_type/options

* Description: Mount options to be used with this map. * Optional * Type: string – /software/autofs/autofs_map_type/entries

* Description: One entry per filesystem to mount. The key is used to build the mount point. The actual mount point depends on map type. – Optional – Type: autofs_mapentry_type • /software/autofs/autofs_component – /software/autofs/autofs_component/preserveMaster

* Description: This flag indicated if local changes to master map must be preserved (true) or not (false).

188 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/autofs/autofs_component/maps

* Description: This resource contains one entry per autofs map to manage. The dict key is mainly an internal name but it will be used to build the default map name. – Optional – Type: autofs_map_type – /software/autofs/autofs_component/conf

* Optional * Type: autofs_conf

ccm

NAME

The ccm component manages the configuration file for CCM.

DESCRIPTION

The ccm component manages the configuration file for the CCM daemon. This is usually the /etc/ccm.conf file. See the ccm-fetch manpage for more details.

Types

• /software/ccm/kerberos_principal_string – Description: kerberos_principal_string is a string with format principal[/component1[/component2[. . . ]]]@REALM • /software/ccm/ccm_component – /software/ccm/ccm_component/configFile

* Description: The location of the configuration file. Normally this should not be changed. Defaults to /etc/ccm.conf.

* Optional * Type: string – /software/ccm/ccm_component/profile

* Description: The URL for the machine’s profile. You can use either the http or https protocols (the file protocol is also possible eg. for tests). (see ccm-fetch manpage)

* Optional * Type: type_hostURI – /software/ccm/ccm_component/profile_failover

1.3. configuration-modules-core 189 Quattor Documentation, Release 0.0.1

* Description: list of profile failover URL(s) in case the above is not working. (see ccm-fetch manpage)

* Optional * Type: type_hostURI – /software/ccm/ccm_component/debug

* Description: Turn on debugging. Defaults to 0. * Optional * Type: long * Range: 0..1 – /software/ccm/ccm_component/force

* Description: Force fetching of the machine profile. Turning this on ignores the modification times. Defaults to 0.

* Optional * Type: long * Range: 0..1 – /software/ccm/ccm_component/cache_root

* Description: The root directory of the CCM cache. Defaults to /var/lib/ccm. * Optional * Type: string – /software/ccm/ccm_component/get_timeout

* Description: The timeout for the download operation in seconds. Defaults to 30. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/lock_retries

* Description: Number of times to try to get the lock on the cache. Defaults to 3. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/lock_wait

* Description: Number of seconds to wait between attempts to acquire the lock. Defaults to 30. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/retrieve_retries

* Description: Number of times to try to get the context from the server. Defaults to 3. * Optional

190 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. – /software/ccm/ccm_component/retrieve_wait

* Description: Number of seconds to wait between attempts to get the context from the server. Defaults to 30.

* Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/cert_file

* Description: The certificate file to use for an https protocol. * Optional * Type: string – /software/ccm/ccm_component/key_file

* Description: The key file to use for an https protocol. * Optional * Type: string – /software/ccm/ccm_component/ca_file

* Description: The CA file to use for an https protocol. * Optional * Type: string – /software/ccm/ccm_component/ca_dir

* Description: The directory containing accepted CA certificates when using the https protocol. * Optional * Type: string – /software/ccm/ccm_component/group_readable

* Description: Whether the profiles should be group-readable (value is the groupname). There is no default, and it is not allowed to set both C and enable C.

* Optional * Type: string – /software/ccm/ccm_component/world_readable

* Description: Whether the profiles should be world-readable. Defaults to 0. * Optional * Type: long * Range: 0..1 – /software/ccm/ccm_component/base_url

1.3. configuration-modules-core 191 Quattor Documentation, Release 0.0.1

* Description: If profile is not a URL, a profile url will be calculated from base_url and the local hostname.

* Optional * Type: type_absoluteURI – /software/ccm/ccm_component/dbformat

* Description: Format of the local database, must be DB_File, CDB_File or GDBM_File. De- faults to GDBM_File.

* Optional * Type: string – /software/ccm/ccm_component/json_typed

* Description: Extract typed data from JSON profiles * Optional * Type: boolean – /software/ccm/ccm_component/tabcompletion

* Description: Create the tabcompletion file (during profile fetch) * Optional * Type: boolean – /software/ccm/ccm_component/keep_old

* Description: Number of old profiles to keep before purging * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/purge_time

* Description: Number of seconds before purging inactive profiles. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/trust

* Description: Comma-separated list of kerberos principals to trust when using encrypted profiles * Optional * Type: kerberos_principal_string – /software/ccm/ccm_component/principal

* Description: Principal to use for Kerberos setup * Optional * Type: kerberos_principal_string – /software/ccm/ccm_component/keytab

* Description: Keytab to use for Kerberos setup

192 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string cdp

NAME

The cdp component manages the configuration file /etc/cdp-listend.conf.

DESCRIPTION

The cdp component manages the configuration file for the cdp-listend daemon.

EXAMPLES include 'components/cdp/config'; prefix "/software/components/cdp"; "fetch"= "/usr/sbin/ccm-fetch"; "fetch_smear"= 30;

Types

• /software/cdp/cdp_component – /software/cdp/cdp_component/configFile

* Description: The location of the configuration file. Normally this should not be changed. * Optional * Type: string – /software/cdp/cdp_component/port

* Description: The port used by the daemon. * Optional * Type: type_port – /software/cdp/cdp_component/nch

* Description: The binary to execute when receiving a CDB update packet. * Optional * Type: string – /software/cdp/cdp_component/nch_smear

* Description: The range of time delay for executing the nch executable. The execution will be delayed by [0, nch_smear] seconds.

* Optional * Type: long

1.3. configuration-modules-core 193 Quattor Documentation, Release 0.0.1

* Range: 0.. – /software/cdp/cdp_component/fetch

* Description: The binary to execute when receiving a CCM update packet. * Optional * Type: string – /software/cdp/cdp_component/fetch_offset

* Description: Fetch execution offset. See explanation of fetch_smear. * Optional * Type: long * Range: 0.. – /software/cdp/cdp_component/fetch_smear

* Description: Fetch time smearing. The fetch binary will be started at a point in time between fetch_offset and fetch_offset + fetch_smear seconds after receiving a notifica- tion packet. The range of time delay for executing the fetch executable. The execution will be delayed by [0, fetch_smear] seconds.

* Optional * Type: long * Range: 0.. – /software/cdp/cdp_component/hostname

* Optional * Type: type_hostname ceph

Types

• /software/ceph/ceph_daemon_config – Description: ceph daemon config parameters • /software/ceph/ceph_daemon – Description: type for a generic ceph daemon – /software/ceph/ceph_daemon/up

* Optional * Type: boolean • /software/ceph/ceph_cluster_config – Description: ceph cluster-wide config parameters – /software/ceph/ceph_cluster_config/auth_client_required

* Optional * Type: string

194 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ceph/ceph_cluster_config/auth_cluster_required

* Optional * Type: string – /software/ceph/ceph_cluster_config/auth_service_required

* Optional * Type: string – /software/ceph/ceph_cluster_config/cluster_network

* Optional * Type: type_network_name – /software/ceph/ceph_cluster_config/enable_experimental_unrecoverable_data_corrupting_features

* Optional * Type: string – /software/ceph/ceph_cluster_config/filestore_xattr_use_omap

* Optional * Type: boolean – /software/ceph/ceph_cluster_config/fsid

* Optional * Type: type_uuid – /software/ceph/ceph_cluster_config/mon_cluster_log_to_syslog

* Optional * Type: boolean – /software/ceph/ceph_cluster_config/mon_initial_members

* Optional * Type: type_network_name – /software/ceph/ceph_cluster_config/mon_osd_min_down_reporters

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/mon_osd_min_down_reports

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/mon_osd_max_op_age

* Optional * Type: long

1.3. configuration-modules-core 195 Quattor Documentation, Release 0.0.1

– /software/ceph/ceph_cluster_config/ms_type

* Optional * Type: string – /software/ceph/ceph_cluster_config/op_queue

* Optional * Type: string – /software/ceph/ceph_cluster_config/osd_crush_update_on_start

* Optional * Type: boolean – /software/ceph/ceph_cluster_config/osd_journal_size

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_objectstore

* Optional * Type: string – /software/ceph/ceph_cluster_config/osd_pool_default_min_size

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_pool_default_pg_num

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_pool_default_pgp_num

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_pool_default_size

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/public_network

* Optional * Type: type_network_name • /software/ceph/ceph_crushmap_bucket

196 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: ceph crushmap bucket definition – /software/ceph/ceph_crushmap_bucket/name

* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/type

* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/alg

* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/hash

* Optional * Type: long – /software/ceph/ceph_crushmap_bucket/weight

* Optional * Type: double – /software/ceph/ceph_crushmap_bucket/defaultalg

* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/defaulthash

* Optional * Type: long – /software/ceph/ceph_crushmap_bucket/labels

* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/buckets

* Optional * Type: dict • /software/ceph/ceph_crushmap_rule_choice – Description: ceph crushmap rule step – /software/ceph/ceph_crushmap_rule_choice/chtype

* Optional * Type: string – /software/ceph/ceph_crushmap_rule_choice/number

* Optional * Type: long

1.3. configuration-modules-core 197 Quattor Documentation, Release 0.0.1

– /software/ceph/ceph_crushmap_rule_choice/bktype

* Optional * Type: string • /software/ceph/ceph_crushmap_rule_step – Description: ceph crushmap rule step – /software/ceph/ceph_crushmap_rule_step/take

* Optional * Type: string – /software/ceph/ceph_crushmap_rule_step/set_choose_tries

* Optional * Type: long – /software/ceph/ceph_crushmap_rule_step/set_chooseleaf_tries

* Optional * Type: long – /software/ceph/ceph_crushmap_rule_step/choices

* Optional * Type: ceph_crushmap_rule_choice • /software/ceph/ceph_crushmap_rule – Description: ceph crushmap rule definition – /software/ceph/ceph_crushmap_rule/name

* Optional * Type: string – /software/ceph/ceph_crushmap_rule/type

* Optional * Type: string – /software/ceph/ceph_crushmap_rule/ruleset

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_crushmap_rule/min_size

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_crushmap_rule/max_size

* Optional * Type: long

198 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Range: 0.. – /software/ceph/ceph_crushmap_rule/steps

* Optional * Type: ceph_crushmap_rule_step • /software/ceph/ceph_crushmap – Description: ceph crushmap definition The crushmap defines some types of buckets, a hierarchical bucket structure, rules for travers- ing these buckets and tunables for magic numbers. • /software/ceph/ceph_crushmap/types – Optional – Type: string • /software/ceph/ceph_crushmap/buckets – Optional – Type: ceph_crushmap_bucket • /software/ceph/ceph_crushmap/rules – Optional – Type: ceph_crushmap_rule • /software/ceph/ceph_crushmap/tunables – Optional – Type: long • /software/ceph/ceph_cluster – Description: overarching ceph cluster type, with osds, mons and msds – /software/ceph/ceph_cluster/config

* Optional * Type: ceph_cluster_config – /software/ceph/ceph_cluster/osdhosts

* Optional * Type: ceph_osd_host – /software/ceph/ceph_cluster/monitors

* Optional * Type: ceph_monitor – /software/ceph/ceph_cluster/mdss

* Optional * Type: ceph_mds – /software/ceph/ceph_cluster/radosgwh

* Optional

1.3. configuration-modules-core 199 Quattor Documentation, Release 0.0.1

* Type: ceph_radosgwh – /software/ceph/ceph_cluster/deployhosts

* Optional * Type: type_fqdn – /software/ceph/ceph_cluster/crushmap

* Optional * Type: ceph_crushmap • /software/ceph/ceph_localdaemons – Description: Decentralized config feature: For use with dedicated pan code that builds the cluster info from remote templates. • /software/ceph/ceph_localdaemons/osds – Optional – Type: ceph_osd • /software/ceph/ceph_component – Description: ceph clusters – /software/ceph/ceph_component/clusters

* Optional * Type: ceph_cluster – /software/ceph/ceph_component/localdaemons

* Optional * Type: ceph_localdaemons – /software/ceph/ceph_component/ceph_version

* Optional * Type: string – /software/ceph/ceph_component/deploy_version

* Optional * Type: string – /software/ceph/ceph_component/key_accept

* Optional * Type: string – /software/ceph/ceph_component/ssh_multiplex

* Optional * Type: boolean – /software/ceph/ceph_component/max_add_osd_failures_per_host

* Optional * Type: long

200 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Range: 0.. – /software/ceph/ceph_component/release

* Optional * Type: string

Functions

• valid_osd_names – Description: check that the ceph osd names are no ceph reserved paths • Arguments: – ceph_component type • is_crushmap – Description: checks the ceph crushmap, this includes uniqueness of bucket and rule name, recursive bucket typing, and rules using existing buckets • Arguments: – crushmap allowed bucket types – crushmap buckets definitions – rules to traverse crushmap • is_bucket – Description: check the bucket type recursively, this includes attribute type and value checking and the uniqueness of names • Arguments: – bucket to check – list of already parsed bucket names – accepted bucket types – 1 if bucket is top bucket, 0 otherwise • is_ceph_crushmap_bucket_alg – Description: check it is a valid algorithm, also used in is_crushmap • Arguments: – bucket algoritm

Types

• /software/ceph/ceph_mds_config – Description: configuration options for a ceph mds daemon – /software/ceph/ceph_mds_config/mds_cache_size

* Optional * Type: long

1.3. configuration-modules-core 201 Quattor Documentation, Release 0.0.1

– /software/ceph/ceph_mds_config/mds_max_purge_files

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_ops

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_ops_per_pg

* Optional * Type: double – /software/ceph/ceph_mds_config/mds_log_max_expiring

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_log_max_segments

* Optional * Type: long • /software/ceph/ceph_mds – Description: ceph mds-specific type – /software/ceph/ceph_mds/fqdn

* Optional * Type: type_fqdn – /software/ceph/ceph_mds/config

* Optional * Type: ceph_mds_config

Types

• /software/ceph/ceph_mon_config – Description: configuration options for a ceph monitor daemon • /software/ceph/ceph_monitor – Description: ceph monitor-specific type – /software/ceph/ceph_monitor/fqdn

* Optional * Type: type_fqdn – /software/ceph/ceph_monitor/config

* Optional * Type: ceph_mon_config

202 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/ceph/ceph_osd_config – Description: configuration options for a ceph osd daemon – /software/ceph/ceph_osd_config/osd_deep_scrub_interval

* Optional * Type: double – /software/ceph/ceph_osd_config/osd_journal_size

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_max_scrubs

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_objectstore

* Optional * Type: string – /software/ceph/ceph_osd_config/osd_op_threads

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_scrub_begin_hour

* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_end_hour

* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_load_threshold

* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_min_interval

* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_max_interval

1.3. configuration-modules-core 203 Quattor Documentation, Release 0.0.1

* Optional * Type: double • /software/ceph/ceph_osd – Description: ceph osd-specific type The key of the ceph_osd should be the path to the mounted disk. This can be an absolute path or a relative one to /var/lib/ceph/osd/ journal_path should be the path to a journal file This can be an absolute path or a relative one to /var/lib/ceph/log/ With labels osds can be grouped. This should also be defined in root. • /software/ceph/ceph_osd/config – Optional – Type: ceph_osd_config • /software/ceph/ceph_osd/in – Optional – Type: boolean • /software/ceph/ceph_osd/journal_path – Optional – Type: string • /software/ceph/ceph_osd/crush_weight – Optional – Type: double • /software/ceph/ceph_osd/labels – Optional – Type: string • /software/ceph/ceph_osd_host – Description: ceph osdhost-specific type, defining all osds on a host – /software/ceph/ceph_osd_host/fqdn

* Optional * Type: type_fqdn – /software/ceph/ceph_osd_host/osds

* Optional * Type: ceph_osd

Types

• /software/ceph/type_quoted_string • /software/ceph/ceph_radosgw_config – Description: configuration options for a ceph rados gateway instance – /software/ceph/ceph_radosgw_config/host

* Optional

204 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/ceph/ceph_radosgw_config/keyring

* Optional * Type: string – /software/ceph/ceph_radosgw_config/rgw_socket_path

* Optional * Type: string – /software/ceph/ceph_radosgw_config/log_file

* Optional * Type: string – /software/ceph/ceph_radosgw_config/rgw_frontends

* Optional * Type: type_quoted_string – /software/ceph/ceph_radosgw_config/rgw_print_continue

* Optional * Type: boolean – /software/ceph/ceph_radosgw_config/rgw_dns_name

* Optional * Type: type_fqdn – /software/ceph/ceph_radosgw_config/rgw_enable_ops_log

* Optional * Type: boolean – /software/ceph/ceph_radosgw_config/rgw_enable_usage_log

* Optional * Type: boolean – /software/ceph/ceph_radosgw_config/user

* Optional * Type: string • /software/ceph/ceph_radosgw – Description: ceph rados gateway type http://ceph.com/docs/master/radosgw/ • /software/ceph/ceph_radosgw/config – Optional – Type: ceph_radosgw_config • /software/ceph/ceph_radosgwh – Description: ceph rados gateway host, defining all gateways on a host

1.3. configuration-modules-core 205 Quattor Documentation, Release 0.0.1

– /software/ceph/ceph_radosgwh/fqdn

* Optional * Type: type_fqdn – /software/ceph/ceph_radosgwh/gateways

* Optional * Type: ceph_radosgw

Types

• /software/ceph/ceph_daemon – Description: type for a generic ceph daemon • /software/ceph/ceph_global_config – Description: ceph cluster-wide config parameters generate an fsid with uuidgen • /software/ceph/ceph_global_config/auth_client_required – Optional – Type: choice • /software/ceph/ceph_global_config/auth_cluster_required – Optional – Type: choice • /software/ceph/ceph_global_config/auth_service_required – Optional – Type: choice • /software/ceph/ceph_global_config/cluster_network – Optional – Type: type_network_name • /software/ceph/ceph_global_config/enable_experimental_unrecoverable_data_corrupting_features

– Optional – Type: string • /software/ceph/ceph_global_config/filestore_xattr_use_omap – Optional – Type: boolean • /software/ceph/ceph_global_config/fsid – Optional – Type: type_uuid • /software/ceph/ceph_global_config/mon_cluster_log_to_syslog

206 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: boolean • /software/ceph/ceph_global_config/mon_initial_members – Optional – Type: type_network_name • /software/ceph/ceph_global_config/mon_host – Optional – Type: type_fqdn • /software/ceph/ceph_global_config/mon_max_pg_per_osd – Optional – Type: long • /software/ceph/ceph_global_config/mon_osd_min_down_reporters – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/mon_osd_min_down_reports – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/mon_osd_warn_op_age – Optional – Type: long • /software/ceph/ceph_global_config/mon_osd_err_op_age_ratio – Optional – Type: long • /software/ceph/ceph_global_config/ms_type – Optional – Type: choice • /software/ceph/ceph_global_config/op_queue – Optional – Type: choice • /software/ceph/ceph_global_config/osd_journal_size – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_max_pg_per_osd_hard_ratio

1.3. configuration-modules-core 207 Quattor Documentation, Release 0.0.1

– Optional – Type: long • /software/ceph/ceph_global_config/osd_pool_default_min_size – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_pool_default_pg_num – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_pool_default_pgp_num – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_pool_default_size – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/public_network – Optional – Type: type_network_name • /software/ceph/ceph_configfile – /software/ceph/ceph_configfile/global

* Optional * Type: ceph_global_config – /software/ceph/ceph_configfile/mds

* Optional * Type: ceph_mds_config – /software/ceph/ceph_configfile/osd

* Optional * Type: ceph_osd_config – /software/ceph/ceph_configfile/mon

* Optional * Type: ceph_mon_config – /software/ceph/ceph_configfile/rgw

* Optional

208 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: ceph_rgw_config • /software/ceph/ceph_cluster – Description: overarching ceph cluster type, with osds, mons and msds – /software/ceph/ceph_cluster/monitors

* Optional * Type: ceph_monitor – /software/ceph/ceph_cluster/mdss

* Optional * Type: ceph_mds – /software/ceph/ceph_cluster/initcfg

* Optional * Type: ceph_configfile – /software/ceph/ceph_cluster/deployhosts

* Optional * Type: type_fqdn – /software/ceph/ceph_cluster/key_accept

* Optional * Type: choice – /software/ceph/ceph_cluster/ssh_multiplex

* Optional * Type: boolean • /software/ceph/ceph_daemons – Description: Decentralized config feature: For use with dedicated pan code that builds the cluster info from remote templates. • /software/ceph/ceph_daemons/osds – Optional – Type: ceph_osd • /software/ceph/ceph_daemons/max_add_osd_failures – Optional – Type: long – Range: 0.. • /software/ceph/ceph_supported_version • /software/ceph/ceph_deploy_supported_version • /software/ceph/ceph_component – Description:

1.3. configuration-modules-core 209 Quattor Documentation, Release 0.0.1 ceph cluster configuration we only support node to be in one ceph cluster named ceph this schema only works with Luminous 12.2.2 and above • /software/ceph/ceph_component/cluster – Optional – Type: ceph_cluster • /software/ceph/ceph_component/daemons – Optional – Type: ceph_daemons • /software/ceph/ceph_component/config – Optional – Type: ceph_configfile • /software/ceph/ceph_component/ceph_version – Optional – Type: ceph_supported_version • /software/ceph/ceph_component/deploy_version – Optional – Type: ceph_deploy_supported_version • /software/ceph/ceph_component/release – Optional – Type: choice

Types

• /software/ceph/ceph_mds_config – Description: configuration options for a ceph mds daemon – /software/ceph/ceph_mds_config/mds_cache_size

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_cache_memory_limit

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_files

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_ops

* Optional * Type: long

210 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ceph/ceph_mds_config/mds_max_purge_ops_per_pg

* Optional * Type: double – /software/ceph/ceph_mds_config/mds_log_max_expiring

* Optional * Type: long – /software/ceph/ceph_mds_config/mds_log_max_segments

* Optional * Type: long • /software/ceph/ceph_mds – Description: ceph mds-specific type – /software/ceph/ceph_mds/fqdn

* Optional * Type: type_fqdn

Types

• /software/ceph/ceph_mon_config – Description: configuration options for a ceph monitor daemon • /software/ceph/ceph_monitor – Description: ceph monitor-specific type – /software/ceph/ceph_monitor/fqdn

* Optional * Type: type_fqdn

Types

• /software/ceph/ceph_osd_config – Description: configuration options for a ceph osd daemon – /software/ceph/ceph_osd_config/osd_deep_scrub_interval

* Optional * Type: double – /software/ceph/ceph_osd_config/osd_journal_size

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_max_scrubs

* Optional

1.3. configuration-modules-core 211 Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_objectstore

* Optional * Type: string – /software/ceph/ceph_osd_config/osd_op_threads

* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_scrub_begin_hour

* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_end_hour

* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_load_threshold

* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_min_interval

* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_max_interval

* Optional * Type: double • /software/ceph/ceph_osd – Description: ceph osd-specific type Only bluestore support for now dmcrypt supported with ceph-volume > 12.2.3 • /software/ceph/ceph_osd/class – Optional – Type: string • /software/ceph/ceph_osd/storetype – Optional – Type: choice • /software/ceph/ceph_osd/dmcrypt

212 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: boolean

Types

• /software/ceph/type_quoted_string • /software/ceph/ceph_rgw_config – Description: configuration options for a ceph rados gateway instance – /software/ceph/ceph_rgw_config/host

* Optional * Type: string – /software/ceph/ceph_rgw_config/keyring

* Optional * Type: string – /software/ceph/ceph_rgw_config/rgw_socket_path

* Optional * Type: string – /software/ceph/ceph_rgw_config/log_file

* Optional * Type: absolute_file_path – /software/ceph/ceph_rgw_config/rgw_frontends

* Optional * Type: type_quoted_string – /software/ceph/ceph_rgw_config/rgw_print_continue

* Optional * Type: boolean – /software/ceph/ceph_rgw_config/rgw_dns_name

* Optional * Type: type_fqdn – /software/ceph/ceph_rgw_config/rgw_enable_ops_log

* Optional * Type: boolean – /software/ceph/ceph_rgw_config/rgw_enable_usage_log

* Optional * Type: boolean – /software/ceph/ceph_rgw_config/user

* Optional

1.3. configuration-modules-core 213 Quattor Documentation, Release 0.0.1

* Type: string • /software/ceph/ceph_radosgw – Description: ceph rados gateway type http://ceph.com/docs/master/radosgw/ • /software/ceph/ceph_radosgw/config – Optional – Type: ceph_rgw_config

chkconfig

NAME

NCM::chkconfig - NCM chkconfig component

SYNOPSIS

Configure() Updates runlevel information for system services by using chkconfig that are defined in /soft- ware/components/chkconfig/. Also starts/stops those services that have option startstop set to true in and have one of the follow- ing options specified: add or del option is true, on or off option is specified either without specific runlevels, or with runlevel value that contains the current runlevel. The optional default key decides what will happen with services that are not explicitly configured. Default is to ignore them, but a vakue of off instead disables anything not mentioned in the profile. Unconfigure() Not available.

RESOURCES

/software/components/chkconfig/active : boolean activates/deactivates the component. /software/components/chkconfig/default : string ("off", "ignore") says what happens if no explicit configuration is found for the service. Certain services (like network, messagebus, haldaemon, sshd) are protected from being turned off via the default setting, but please do not rely on this. /software/components/chkconfig/service//off : string ("[0-7]\*") /software/components/chkconfig/service//on : string ("[0-7]\*") Sets the service on/off on specified run levels. The run levels are specified as string of numbers, the same way as with chkconfig-command. If the string is empty, system default is taken (see man chkconfig(8) for exact details). /software/components/chkconfig/service//name : string

214 Chapter 1. Content Quattor Documentation, Release 0.0.1

If set, the value is used as the name of the service instead of using the service path as a name. /software/components/chkconfig/service//reset : string ("[0-7]\*") Resets the service on defined run levels. Reset with no run levels specified affects every run level. /software/components/chkconfig/service//add : boolean If the value is true, adds service for management by chkconfig (if not already the case), otherwise the option is ignored. Please note that some services do not turn themselves on, and so in addition need an explicit on for the appropriate runlevels. If service has value ‘add’, and is already known to chkconfig, ‘reset’ will be run. This will restore service runlevel to its default values and protect from any manual changes of runlevels by /sbin/chkconfig. /software/components/chkconfig/service//del : boolean If the value is true, removes service from management by chkconfig, otherwise the option is ignored. /software/components/chkconfig/service//startstop : boolean If true, the service is also started/stopped when the service is added, removed or turned off/on. The component tries to check whether a certain service is already running or stopped and will not redo the action, but this relies on the service’s init script correctly reporting current state.

EXAMPLES

The following example will start named on system default runlevels: include 'components/chkconfig/config'; "/software/components/chkconfig/service/named/add"= true; "/software/components/chkconfig/service/named/on"=""; "/software/components/chkconfig/service/named/startstop"= true;

The shorter way of writing this (assuming named is known to chkconfig): include 'components/chkconfig/config'; "/software/components/chkconfig/service/named"= nlist("on","","startstop",true);

Disable and stop xinetd:

"/software/components/chkconfig/service/xinetd"= nlist("off","", "startstop", true);

Types

• /software/chkconfig/service_type – /software/chkconfig/service_type/name

* Optional * Type: string – /software/chkconfig/service_type/add

* Optional * Type: boolean – /software/chkconfig/service_type/del

1.3. configuration-modules-core 215 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/chkconfig/service_type/on

* Optional * Type: string – /software/chkconfig/service_type/off

* Optional * Type: string – /software/chkconfig/service_type/reset

* Optional * Type: string – /software/chkconfig/service_type/startstop

* Optional * Type: boolean • /software/chkconfig/component_chkconfig_type – /software/chkconfig/component_chkconfig_type/service

* Optional * Type: service_type – /software/chkconfig/component_chkconfig_type/default

* Optional * Type: string

Functions

• chkconfig_allow_combinations cron

NAME ncm-cron – NCM component to control cron entries for Linux and Solaris.

DESCRIPTION

The cron component manages files in the /etc/cron.d directory on Linux and the /var/spool/cron/ crontabs directory on Solaris.

216 Chapter 1. Content Quattor Documentation, Release 0.0.1

Linux

Files managed by ncm-cron will have the .ncm-cron.cron suffix. Other files in the directory are not affected by this component. The name of each file will be taken from the name attribute.

Solaris

Solaris uses an older version of cron that does not make use of a cron.d directory for crontabs. ncm-cron shares the crontab with each user. To make this work ncm-cron uses the concept of separate file sections within the crontab. Each section is identified by the use of the tags NCM-CRON BEGIN:and NCM-CRON END:. Entries either side of these section identifiers are not modified. Solaris does have a /etc/cron.d directory, however it uses this directory for control files such as cron.allow and cron.deny.

EXAMPLE

"/software/components/cron/entries"= list( dict( "name", "ls", "user", "root", "group", "root", "frequency"," */2 ****", "command", "/bin/ls"), dict( "name", "hostname", "comment", "some interesting text", "frequency"," */2 ****", "command", "/bin/hostname"), "env", dict("MAILTO", "[email protected]"), dict( "name", "date", "comment", "runs the date sometime within a 3 hour period", "timing", dict( "minute", "0", "hour", "1", "smear", 180), "command", "/bin/date") );

On Linux this will create three files in /etc/cron.d: ls.ncm-cron.cron hostname.ncm-cron.cron date.ncm-cron.cron

On Solaris three extra entries will be added to the root crontab.

Solaris

Editing the NCM-CRON BEGIN: and/or the NCM-CRON END: tag within a crontab will cause unpredictable be- haviour. Possible behavours are duplicate entries or entries being removed altogether. Editing BETWEEN the tags will cause the edits to be overwritten the next time ncm-cron runs.

1.3. configuration-modules-core 217 Quattor Documentation, Release 0.0.1

Types

• /software/cron/structure_cron_syslog – /software/cron/structure_cron_syslog/facility

* Optional * Type: string – /software/cron/structure_cron_syslog/level

* Optional * Type: string – /software/cron/structure_cron_syslog/tagprefix

* Optional * Type: string – /software/cron/structure_cron_syslog/tag

* Optional * Type: string • /software/cron/structure_cron_log – Description: Define specific attributes for cron log file. – /software/cron/structure_cron_log/disabled

* Description: A boolean disabling the redirection of script output/error to a log file * Optional * Type: boolean – /software/cron/structure_cron_log/name

* Description: Name of the log file. If the name is not an absolute file name, file is created in /var/log. Default name is the cron filename with .log extension in /var/log. – Optional – Type: string – /software/cron/structure_cron_log/owner

* Description: Owner/group of the log file, using owner[:group] format. Group can be ommitted. * Optional * Type: string – /software/cron/structure_cron_log/mode

* Description: Permissions of log file specified as a string interpreted as an octal number. * Optional * Type: string • /software/cron/structure_cron_timing

218 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/cron/structure_cron_timing/minute

* Description: minute of hour (0-59) * Optional * Type: string – /software/cron/structure_cron_timing/hour

* Description: hour of day (0-23) * Optional * Type: string – /software/cron/structure_cron_timing/day

* Description: day of month (1-31) * Optional * Type: string – /software/cron/structure_cron_timing/month

* Description: month of year (1-12 or three-letter abbreviated lowercase name) * Optional * Type: string – /software/cron/structure_cron_timing/weekday

* Description: day of week (0-7 or three-letter abbreviated lowercase name) * Optional * Type: string – /software/cron/structure_cron_timing/smear

* Description: Interval (in minutes) over which to randomly smear the start time of the job * Optional * Type: long * Range: 0..1440 • /software/cron/structure_cron – /software/cron/structure_cron/name

* Description: Filename (without suffix) of the cron entry file to create. * Optional * Type: string – /software/cron/structure_cron/user

* Description: User to use to run the command. Defaults to root if none defined * Optional * Type: string – /software/cron/structure_cron/group

* Description: Group to use to run the command. Defaults to user’s primary group.

1.3. configuration-modules-core 219 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/cron/structure_cron/frequency

* Description: Execution frequency for the command, using standard cron syntax. Minutes field can be ‘AUTO :’ in which case, a random value between 0 and 59 inclusive is generated. This can be used to avoid too many machines executing the same cron at the same time. See also the C element.

* Optional * Type: string – /software/cron/structure_cron/timing

* Description: If the ‘timing’ dict is used to specify the time, it can contain any of the keys: ‘minute’, ‘hour’, ‘day’, ‘month’ and ‘weekday’. An unspecified key will have a value of ‘*’. A further key of ‘smear’ can be used to specify (in minutes) a maximum interval for smearing the start time, which can be as much as a day. When a smeared job is created, a random increment between zero and the smear time is applied to the start time of the job. If the start time results in the job running on the following day, then all other fields (day, weekday, etc) will be suitably modified. When smearing is specified, then the start minute (and possibly hour, if smear is more than one hour) must be specified as a simple absolute (e.g. ‘2’) and cannot be variations such as lists or ranges. Time specifications such as ranges, lists and steps are supported except for named values (e.g. “1” must be used instead of “mon”).

* Optional * Type: structure_cron_timing – /software/cron/structure_cron/command

* Description: Command line to execute, including all its options. * Optional * Type: string – /software/cron/structure_cron/comment

* Description: An optional comment to add at the beginning of the cron file. * Optional * Type: string – /software/cron/structure_cron/env

* Description: An optional dict containing environment variable that must be defined before executing the command. Key is the variable name, value is variable value.

* Optional * Type: string – /software/cron/structure_cron/log

* Optional * Type: structure_cron_log – /software/cron/structure_cron/syslog

220 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: structure_cron_syslog • /software/cron/cron_component – /software/cron/cron_component/entries

* Description: A list containing cron structures (described above). * Optional * Type: structure_cron – /software/cron/cron_component/deny

* Optional * Type: string – /software/cron/cron_component/allow

* Optional * Type: string – /software/cron/cron_component/securitypath

* Optional * Type: string

Functions

• structure_cron_log_valid – Description: Function to check that other log properties are not present when disabled is true • valid_cron_timing – Description: Validate contents of cron timing fields (see CRONTAB(5) for details) Cron timing fields can contain complex expressions (e.g. “1,5,13-23/2”). Rather than validate these in depth the aim here is to catch things that are obviously wrong, such as: – characters which are not valid in cron fields – out of range numbers (e.g. “35” in the hour field) – names in the wrong field (e.g. “tue” in the day of month field) • valid_cron_minute – Description: Convenience wrapper for validating cron minute field • valid_cron_hour – Description: Convenience wrapper for validating cron hour field • valid_cron_day_of_month – Description: Convenience wrapper for validating cron day of month field • valid_cron_month

1.3. configuration-modules-core 221 Quattor Documentation, Release 0.0.1

– Description: Convenience wrapper for validating cron month field • valid_cron_day_of_week – Description: Convenience wrapper for validating cron day of week field • valid_cron_frequency – Description: Validate contents of cron frequency field cups

NAME cups : CUPS configuration component

DESCRIPTION

NCM component allowing to configure CUPS service and declare printers.

RESOURCES

* /software/components/cups/defaultprinter : string (optional) Define the printer specified as the default printer. Printer must be listed in the printers list to be defined as the default printer. * /software/components/cups/nodetype : string (optional) Possible values are client and server. server must be specified to start cupsd daemon. When client is specified and cupsd is running, it is stopped. Default : server on machine defined in options/ServerName or if this option is not defined (server assumed to be localhost), client on other machines. * /software/components/cups/options/... : nlist (optional) This ressource is a list of properties corresponding to option keywords supported by CUPS configuration files (cupsd.conf and client.conf). See the configuration files provided by CUPS for the doc- umentation about each possible option. It is a nlist where the key is the option name and the value the option value. An empty value is interpreted as “undefine the option”. If present, the matching configuration line is commented out. To define an option with an empty value, you need to specify a value made of spaces. Generally, options apply either to server configuration or to client configuration. There is one exception, ServerName, which applies to both. Note : not all the CUPS options are currently implemented. If you get a message unsupported option when running this component, look at the comments at the beginning of component Perl source about how to add support for a new option. * /software/components/cups/options/ServerAlias : list of string

222 Chapter 1. Content Quattor Documentation, Release 0.0.1

This option sets the ServerAlias option in cupsd configuration. It is interpreted as a list of string. Default : None Scope : server * /software/components/cups/options/ServerName : string This option is a special case. It is used by both client and server. In the server configuration, if not defined or defined as local host, it is converted to the local host name. In client configuration file, if ServerNamepoints to the current host, it is converted to “127.0.0.1” (CUPS default). Default : localhost (CUPS default) Scope : client and server * /software/components/cups/printers/... : nlist (optional) List of printers to configure if the current node is the server node. This resource is a nlist where the key is the printer name. In addition to standard CUPS printer options (look at lpadmin documentation), the following printer properties are defined : * delete : boolean Allow to delete a printer previously defined. Deleting a non existent printer is not considered an error. If a node configuration contains both definition and deletion for the same printer, the printer is deleted. This allows for a common configuration with some printers defined and a node specific configuration where some printers are not defined. If delete is true, all other options are ignored. Default : no * enable : boolean If this property is false, allow to disable a printer (without deleting it). If a node configuration both enable and disable printer, the printer is enabled. This allows for a common configuration where printers are created disabled and enable on a per node basis. Default : yes * printer : string Define the printer/queue name on the server associated with this printer. For LPD, need to match a printcap entry. Used to build the printer URI. * protocol : string Define the protocol part of the printer URI (CUPS backend). Used to build the printer URI. * server : string Define the server part of the printer URI. Used to build the printer URI.

1.3. configuration-modules-core 223 Quattor Documentation, Release 0.0.1

Types

• /software/cups/cups_component_printer – /software/cups/cups_component_printer/server

* Optional * Type: string – /software/cups/cups_component_printer/protocol

* Optional * Type: string – /software/cups/cups_component_printer/printer

* Optional * Type: string – /software/cups/cups_component_printer/uri

* Optional * Type: string – /software/cups/cups_component_printer/delete

* Optional * Type: boolean – /software/cups/cups_component_printer/enable

* Optional * Type: boolean – /software/cups/cups_component_printer/class

* Optional * Type: string – /software/cups/cups_component_printer/description

* Optional * Type: string – /software/cups/cups_component_printer/location

* Optional * Type: string – /software/cups/cups_component_printer/model

* Optional * Type: string – /software/cups/cups_component_printer/ppd

* Optional * Type: string • /software/cups/cups_component_options

224 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/cups/cups_component_options/AutoPurgeJobs

* Optional * Type: legacy_binary_affirmation_string – /software/cups/cups_component_options/Classification

* Optional * Type: string – /software/cups/cups_component_options/ClassifyOverride

* Optional * Type: string – /software/cups/cups_component_options/DataDir

* Optional * Type: string – /software/cups/cups_component_options/DefaultCharset

* Optional * Type: string – /software/cups/cups_component_options/Encryption

* Optional * Type: string – /software/cups/cups_component_options/ErrorLog

* Optional * Type: string – /software/cups/cups_component_options/LogLevel

* Optional * Type: string – /software/cups/cups_component_options/MaxCopies

* Optional * Type: long – /software/cups/cups_component_options/MaxLogSize

* Optional * Type: long – /software/cups/cups_component_options/PreserveJobHistory

* Optional * Type: legacy_binary_affirmation_string – /software/cups/cups_component_options/PreserveJobFiles

* Optional * Type: legacy_binary_affirmation_string

1.3. configuration-modules-core 225 Quattor Documentation, Release 0.0.1

– /software/cups/cups_component_options/Printcap

* Optional * Type: string – /software/cups/cups_component_options/ServerAdmin

* Optional * Type: string – /software/cups/cups_component_options/ServerAlias

* Optional * Type: string – /software/cups/cups_component_options/ServerName

* Optional * Type: string • /software/cups/cups_component – /software/cups/cups_component/defaultprinter

* Optional * Type: string – /software/cups/cups_component/nodetype

* Optional * Type: string – /software/cups/cups_component/options

* Optional * Type: cups_component_options – /software/cups/cups_component/printers

* Optional * Type: cups_component_printer

dirperm

NAME

dirperm: permissions and file/directory creation NCM component

DESCRIPTION

Object to set permissions and ownership of files and directories. Will create directories if they do not exist (with the proper permissions). Useful, e.g., to give every pool-user a “.globus” directory in its $HOME, or to create a bunch of home directories for poolaccounts on a non-CE machine. If the list initdir is set, then files in those directories will be copied to the created directory. They will be given the same ownership as the directory.

226 Chapter 1. Content Quattor Documentation, Release 0.0.1

When creating a file, all of the parent directories must already exist.

RESOURCES

/software/components/dirperm/paths

A list of files/directories to manage with this component. Each entry in the list must be of the structure_dirperm_entry type which has the following fields: * path String representing full path of configured file/directory. * owner String representing ownership, of form user or user:group. * perm String containing octal permissions to enforce. * type String, either 'd' for directory or 'f' for file. * initdir Optional list of strings representing full paths to directories. If the target is a directory, this can be used to prepopulate the directory by copying files from multiple sources. This is particularly useful for home directories.

EXAMPLES

"/software/components/dirperm/paths"= list( nlist( "path", "/export/home/alice002/.globus", "owner", "alice002:alice", "perm", "0700", "type", "d", "initdir", list("/etc/skel") ), );

Types

• /software/dirperm/structure_dirperm_entry – /software/dirperm/structure_dirperm_entry/path

* Optional * Type: string – /software/dirperm/structure_dirperm_entry/perm

* Optional * Type: string

1.3. configuration-modules-core 227 Quattor Documentation, Release 0.0.1

– /software/dirperm/structure_dirperm_entry/owner

* Optional * Type: string – /software/dirperm/structure_dirperm_entry/type

* Optional * Type: string – /software/dirperm/structure_dirperm_entry/initdir

* Optional * Type: string – /software/dirperm/structure_dirperm_entry/checkmount

* Description: ensure that a directory is within a mountpoint configured in the profile * Optional * Type: boolean – /software/dirperm/structure_dirperm_entry/within_mount

* Description: ensure that a directory is within a mountpoint * Optional * Type: boolean • /software/dirperm/component_dirperm – /software/dirperm/component_dirperm/paths

* Optional * Type: structure_dirperm_entry

Functions

• dirperm_permissions_valid

download

DESCRIPTION

Downloads files onto the local machine during the configuration, and optionally post-processes the files. The download is achieved by invoking curl, so any URLs acceptable to curl (and LWP::UserAgent) (including local file:// URLs) are allowed. A file is only downloaded if following conditions are met: The timestamp of the source can be retrieved The timestamp of the source is more recent than the current file (if such file exists); unless the allow_older attribute is set. The remote timestamp is not too recent.

228 Chapter 1. Content Quattor Documentation, Release 0.0.1

EXAMPLES

"/software/components/download"= dict( "server", "mydownloadserver.com", "proto", "http", ); prefix "/software/components/download/files"; "{/etc/passwd}"= dict( "href", "https://secure.my.domain", "post", "/usr/local/mk_passwd", ); "{/usr/local/foo.txt}"= dict( "href", "file:///etc/foo.txt", "owner", "john", "perm", "0400", );

Types

• /software/download/component_download_file – /software/download/component_download_file/href

* Description: A URL (either absolute, or relative) that describes the source of the file. The URL can be specified as relative by ommitting the server name and/or the protocol, in which case the component defaults will be used. Local files can be used as source, such as file: //localhost/etc/foo.txt or even file:///etc/foo.txt.

* Optional * Type: string – /software/download/component_download_file/post

* Description: Specify the command (no options allowed) to run whenever the file is updated. The filename is added as first and (only) argument. Note that if the update is optimised away by the download process (e.g. if the file is already up-to-date), the command will still be executed, so it is the responsibility of this command to determine what work needs to be done, if any.

* Optional * Type: string – /software/download/component_download_file/proxy

* Description: If false, then the proxy configuration will be ignored for this file. This has no effect when there are no proxy hosts defined.

* Optional * Type: boolean – /software/download/component_download_file/gssapi

* Description: If true, then curl/LWP will be invoked with GSSAPI Negotiate extension enabled, using the host keytab as the identity.

* Optional

1.3. configuration-modules-core 229 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/download/component_download_file/perm

* Description: Sets the permissions of the file to the defined permissions (defined in octal, e.g. 0644).

* Optional * Type: string – /software/download/component_download_file/owner

* Description: Sets the ownership to given user (name or number). * Optional * Type: string – /software/download/component_download_file/group

* Description: Sets the group ownership to the given group (name or number). * Optional * Type: string – /software/download/component_download_file/min_age

* Description: Don’t consider the remote file to be new until it is this number of minutes old * Optional * Type: long – /software/download/component_download_file/cacert

* Optional * Type: string – /software/download/component_download_file/capath

* Optional * Type: string – /software/download/component_download_file/cert

* Optional * Type: string – /software/download/component_download_file/key

* Optional * Type: string – /software/download/component_download_file/timeout

* Description: seconds, overrides setting in component * Optional * Type: long – /software/download/component_download_file/allow_older

* Description: allow older remote file

230 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean • /software/download/download_component – /software/download/download_component/server

* Description: The default server hostname to use for any sources which do not specify the source.

* Optional * Type: string – /software/download/download_component/proto

* Description: The default protocol to use for any sources which do not specify the protocol.

* Optional * Type: string – /software/download/download_component/files

* Description: An dict of escaped filenames required for the destination file. * Optional * Type: component_download_file – /software/download/download_component/proxyhosts

* Description: List of hostnames (and possibly with ‘:port’ suffix). When specified, a reverse proxy configuration is assumed for all of the file sources. Whenever a file is downloaded, each of the proxy hosts will be used first before attempting the original source URL. The first proxy host to respond will be used for all subsequent download attempts.

* Optional * Type: type_hostport – /software/download/download_component/head_timeout

* Description: seconds, timeout for HEAD requests which checks for changes * Optional * Type: long – /software/download/download_component/timeout

* Description: seconds, total timeout for fetch of file, can be overridden per file * Optional * Type: long – /software/download/download_component/kinit_args

* Description: argumensts to be passed in kinit -k called in ncm-download * Optional * Type: string

1.3. configuration-modules-core 231 Quattor Documentation, Release 0.0.1 etcservices

NAME

NCM::etcservices - /etc/services configuration component.

DESCRIPTION

The services file is a local source of information regarding each service available through the Internet.

SYNOPSIS

Configure() Configure /etc/services entries

RESOURCES

* /software/components/etcservices/active : boolean activates/deactivates the component. * /software/components/etcservices/entries The services file contains an entry for each service. Each entry has the form:

service-name port/protocol aliases

* service-name: This is the official Internet service name. * port/protocol: This field is composed of the port number and protocol through which the service is provided. * aliases: This is a list of alternate names by which the service might be requested.

Types

• /software/etcservices/component_etcservices_type – /software/etcservices/component_etcservices_type/entries

* Optional * Type: string

filecopy

NAME ncm-filecopy: NCM component to manage simple configuration files and services.

232 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

The filecopy component manages services which have configuration files that can be representated as strings in pan or built by copying a template already present on the machine (eg. provided by a RPM). A “restart” command can be given which will be run whenever the configuration changes. Note: that this does not do any validation checking on the content of the service configuration. If this is desired, a service-specific component should be written. Note2: “restart” commands are executed after all the files have been updated. There is intentionally no guarantee on the order of execution if different commands must be executed: this is not necessarily the same as for checking the files. If two files specify the same restart command, it will be executed only once. If one of these restrictions is not convenient in your context, a service-specific component should be written.

RESOURCES

/software/components/filecopy/forceRestart: boolean (required)

A boolean that defines if the restart command (if any defined) of the file(s) must be executed even though the files were up-to-date (default behaviour is to execute the restart command only if file content, permissions or owner/group has been changed). Default: false

/software/components/filecopy/services: nlist (optional)

This nlist contains one entry by file to manage. The key is the escaped file name. For each file, the property described below may be specified. Most properties are optional (or have a default value) but either ‘config’ or ‘source’ MUST be specified and they are mutually exclusive. config: string (optional but ‘config’ OR ‘source’ required)

The file content specified as a string. Default: none source: string (optional but ‘config’ OR ‘source’ required)

The name of a source file already present on the machine to use as the content for the managed file. Default: none owner: string (optional)

The userid of the file owner. It can also be a ‘user:group’ specification (like with chown). Default: none

1.3. configuration-modules-core 233 Quattor Documentation, Release 0.0.1 group: string (optional)

The group of the file owner. It is ignored is owner is specified as ‘user:group’. Default: none perms: string (optional)

Permissions of the managed file. If not specified, the default permissions on the system will be used. Default: none restart: string (optional)

A command to execute if the file is modified. It is typically used to restart a service but any valid command can be specified, including several commands separated by ‘;’. If not specified, the file is updated but no command is executed. As mentionned earlier, restart commands are executed after all files have been updated and if several files specify the same restart command, it is executed once. Default: none backup: boolean (required)

This property specifies if an existing version of the file must be backuped before being updated (backup extension is ‘.old’). Default: true no_utf8: boolean (optional)

By default, the file content is converted to UTF8. Define this property to ‘true’ to prevent this conversion. Default: none forceRestart: boolean (required)

A boolean that defines if the restart command (if any defined) must be executed even though the file was up-to- date (default behaviour is to execute the restart command only if file content, permissions or owner/group has been changed). Note: the global flag ‘forceRestart’ takes precedence if set to ‘true’. Default: false

EXAMPLE prefix '/software/components/filecopy/services/{/tmp/test}'; 'config'='Contents of the file'; 'owner'='root:root'; 'perms'='0644';

234 Chapter 1. Content Quattor Documentation, Release 0.0.1

prefix '/software/components/filecopy/services/{/tmp/test.sh}'; 'config'= "#!/bin/bash\n echo Hello World"; 'restart'= '/tmp/test.sh'; 'owner'='root:root'; 'perms'='0755'; prefix '/software/components/filecopy/services/{/tmp/second-file}'; 'source'='/tmp/source'; 'owner'='root:root'; 'perms'='0644';

Types

• /software/filecopy/structure_filecopy – /software/filecopy/structure_filecopy/config

* Optional * Type: string – /software/filecopy/structure_filecopy/source

* Optional * Type: string – /software/filecopy/structure_filecopy/restart

* Optional * Type: string – /software/filecopy/structure_filecopy/perms

* Optional * Type: string – /software/filecopy/structure_filecopy/owner

* Optional * Type: string – /software/filecopy/structure_filecopy/group

* Optional * Type: string – /software/filecopy/structure_filecopy/no_utf8

* Optional * Type: boolean – /software/filecopy/structure_filecopy/forceRestart

* Optional * Type: boolean – /software/filecopy/structure_filecopy/backup

* Optional

1.3. configuration-modules-core 235 Quattor Documentation, Release 0.0.1

* Type: boolean • /software/filecopy/component_filecopy – /software/filecopy/component_filecopy/services

* Optional * Type: structure_filecopy – /software/filecopy/component_filecopy/forceRestart

* Optional * Type: boolean

Functions

• component_filecopy_valid

filesystems

DESCRIPTION

The filesystems component manages the filesystems on a node. It is able to create and remove blockdevices without restarting or re-installing. These filesystems will be later mounted/unmounted, and added/removed from /etc/fstab, using ncm-fstab. The component doesn’t provide any special resources at the moment. It just watches for changes on /system/ filesystems and /system/blockdevicesand creates new filesystems, if needed. You can also use ncm- filesystems to replace ncm-fstab : If manage_blockdevs is set to false, only the ncm-fstab code will run. A blockdevice is useful only for its ability to hold a filesystem. Blockdevices with no filesystems associated will not be created. If you want any such device, create a filesystem with "type"="none" and "mount"=false. Note: It will also remove filesystems and blockdevices that are not listed on the profile (or have been removed).

Examples

We will define a software RAID 1 composed of three disks, one volume group named Springfield on it, and two logical volumes (Simpsons and Flanders) on it. They will be mounted on /Evergreen_Terrace/742 and / Evergreen_Terrace/740, respectively. This is how the block devices definition looks like:

"/system/blockdevices"= nlist ( "physical_devs", nlist ( "hda", nlist ("label", "none"), "hdb", nlist ("label", "none"), "hdc", nlist ("label", "none") ), # No partitions here "md", nlist ( "md0", nlist ( "device_list", list ( "physical_devs/hda", "physical_devs/hdb", (continues on next page)

236 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) "physical_devs/hdc" ), "raid_level", "RAID1", "stripe_size", 64 ), ), "volume_groups", nlist ( "Springfield", nlist ( "device_list", list ("md/md0") ), ), "logical_volumes", nlist ( "Simpsons", nlist ( "size",5 *GB, "volume_group", "Springfield" ), "Flanders", nlist ( "size",4 *GB, "volume_group", "Springfield" ) ) );

And then, we can define the filesystems:

"/system/filesystems"= list ( nlist ( "mountpoint", "/EverGreenTerrace/740", "block_device", "logical_volumes/Flanders", "mount", true, "mountopts", "defaults", "type", "ext2", # God saves from crashes, you know "freq",0, "pass",0, "format", false, "preserve", true ), nlist ( "mountpoint", "/EverGreenTerrace/742", "block_device", "logical_volumes/Simpsons", "mount", true, "mountopts", "defaults", "type", "xfs", # Lisa's on charge! "freq",0, "pass",0, "format", false, "preserve", true ), );

Types

• /software/filesystems/structure_component_filesystems – Description:

1.3. configuration-modules-core 237 Quattor Documentation, Release 0.0.1 when manage_blockdevs is false, filesystems does same as fstab No other resources here: this component takes its configuration from fstab component, “/system/filesystems” and “/system/blockdevices” • /software/filesystems/structure_component_filesystems/manage_blockdevs – Optional – Type: boolean fmonagent

NAME

NCM::fmonagent - NCM Lemon Monitoring Agent configuration component

SYNOPSIS

Configure() Creates configuration file(s) and restarts the lemon-agent service. In case of the single file configuration the files is defined in the CDB template as file and in case of split file as a directory where the following structure is expected:

top_dir/general.conf top_dir/transport/ top_dir/metrics/ top_dir/sensors/

Component will try in this case to modify the top_dir/general.conf, top_dir/transport/ udp.conf, top_dir/metrics/default.conf and for each sensor top_dir/sensors/ sensor_name.conf files.

RESOURCES

/software/components/fmonagent/active : boolean Activates/deactivates the component.

Warning

This version of NCM::fmonagent will not work with sensorAlarm!

Required programs.

Requires lemon-agent rpm to be installed.

Types

• /software/fmonagent/component_fmonagent – /software/fmonagent/component_fmonagent/LEMONversion

238 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/fmonagent/component_fmonagent/no_contact_timeout

* Optional * Type: long freeipa

DESCRIPTION ncm-freeipa provides support for FreeIPA configuration for server: add users, groups, services client: retrieve keytabs and certificates initialisation: get started n an already deployed host AII: add initialisation in kickstart and support removal

Server

On the server, create a keytab for the quattor-server user kinit admin uidadmin=`ipa user-show admin |grep UID: |sed "s/UID://;s/ //g;"` gidadmin=`ipa user-show admin |grep GID: |sed "s/GID://;s/ //g;"` # keep random password; it's already expired ipa user-add quattor-server--first=server-- last=quattor--random--uid=$((

˓→$uidadmin+1))--gidnumber=$(($gidadmin+1)) kdestroy # use expired random password; and pick new random password (new password is not

˓→relevant) kinit quattor-server kdestroy kinit admin ipa role-add "Quattor server" for priv in "Host Administrators" "DNS Administrators" "Group Administrators"

˓→"Service Administrators" "User Administrators"; do ipa role-add-privilege "Quattor server"--privileges="$priv" done ipa role-add-member--users=quattor-server "Quattor server"

# use -r option to retrieve existing keytab (e.g. from another ipa server) ipa-getkeytab-p quattor-server-k /etc/quattor-server.keytab-s ipaserver.example.com

Use these with ncm-freeipa on the server. prefix "/software/components/freeipa/principals/server"; "principal"= "quattor-server"; "keytab"= "/etc/quattor-server.keytab";

(Do not retrieve a keytab for the admin user; it resets the admin password).

1.3. configuration-modules-core 239 Quattor Documentation, Release 0.0.1

AII

The AII hooks act on behalf of the host it is going to setup, so any of those principals cannot be used. Instead we use a fixed AII principal and keytab. First we need to add a user with appropriate privileges kinit admin uidadmin=`ipa user-show admin |grep UID: |sed "s/UID://;s/ //g;"` gidadmin=`ipa user-show admin |grep GID: |sed "s/GID://;s/ //g;"` # keep random password; it's already expired ipa user-add quattor-aii--first=aii-- last=quattor--random--uid=$(($uidadmin+2))--

˓→gidnumber=$(($gidadmin+2)) kdestroy # use expired random password; and pick new random password (new password is not

˓→relevant) kinit quattor-aii kdestroy kinit admin ipa role-add "Quattor AII" ipa role-add-privilege "Quattor AII"--privileges="Host Administrators" ipa role-add-member--users=quattor-aii "Quattor AII"

On the AII host (assuming the host is already added to IPA) kinit admin # use -r option to retrieve existing keytab (e.g. from another AII server) ipa-getkeytab -p quattor-aii -k /etc/quattor-aii.keytab -s ipaserver.example.com kdestroy (If you have granted the host principal the rights to retrieve the quattor-aii keytab, you can add in the template of the AII host prefix “/software/components/freeipa/principals/aii”; “principal” = “quattor-aii”; “keytab” = “/etc/quattor- aii.keytab”; )

Missing role / privileges retrieve use keytabs AII principal/keytab via config file

Methods server

Configure server settings server

Configure server settings

240 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/freeipa/component_freeipa_member – Description: group members configuration – /software/freeipa/component_freeipa_member/user

* Description: (minimal) user group members * Optional * Type: string • /software/freeipa/component_freeipa_group – Description: group configuration – /software/freeipa/component_freeipa_group/gidnumber

* Description: group ID number * Optional * Type: long * Range: 0.. – /software/freeipa/component_freeipa_group/members

* Description: group members * Optional * Type: component_freeipa_member • /software/freeipa/component_freeipa_user – Description: service configuration – /software/freeipa/component_freeipa_user/uidnumber

* Description: user ID number * Optional * Type: long * Range: 0.. – /software/freeipa/component_freeipa_user/sn

* Description: last name * Optional * Type: string – /software/freeipa/component_freeipa_user/givenname

* Description: first name * Optional * Type: string – /software/freeipa/component_freeipa_user/group

* Description: group name (must be a configured group to retrieve the gid) * Optional

1.3. configuration-modules-core 241 Quattor Documentation, Release 0.0.1

* Type: string – /software/freeipa/component_freeipa_user/homedirectory

* Description: homedirectory * Optional * Type: string – /software/freeipa/component_freeipa_user/gecos

* Description: gecos * Optional * Type: string – /software/freeipa/component_freeipa_user/loginshell

* Description: loginshell * Optional * Type: absolute_file_path – /software/freeipa/component_freeipa_user/ipasshpubkey

* Description: list of publick ssh keys * Optional * Type: string • /software/freeipa/component_freeipa_service – Description: service configuration – /software/freeipa/component_freeipa_service/hosts

* Description: regular expressions to match known hosts; for each host, a service/host principal will be added and the host is allowed to retrieve the keytab

* Optional * Type: string • /software/freeipa/component_freeipa_host – Description: host configuration – /software/freeipa/component_freeipa_host/ip_address

* Description: host ip address (for DNS configuration only) * Optional * Type: type_ipv4 – /software/freeipa/component_freeipa_host/macaddress

* Description: macaddress (for DHCP configuration only) * Optional * Type: string • /software/freeipa/component_freeipa_dns – Description: DNS zone configuration

242 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/freeipa/component_freeipa_dns/subnet

* Description: subnet to use, in A.B.C.D/MASK notation * Optional * Type: string – /software/freeipa/component_freeipa_dns/reverse

* Description: reverse zone (.in-addr.arpa. is added) * Optional * Type: string – /software/freeipa/component_freeipa_dns/autoreverse

* Description: autoreverse determines rev from netmask, overridden by rev (only supports 8-bit masks for now)

* Optional * Type: boolean • /software/freeipa/component_freeipa_server – Description: Server configuration – /software/freeipa/component_freeipa_server/dns

* Description: subnet name with DNSzone information * Optional * Type: component_freeipa_dns – /software/freeipa/component_freeipa_server/hosts

* Description: hosts to add (not needed if installed via AII) * Optional * Type: component_freeipa_host – /software/freeipa/component_freeipa_server/services

* Description: services to add * Optional * Type: component_freeipa_service – /software/freeipa/component_freeipa_server/users

* Description: users to add * Optional * Type: component_freeipa_user – /software/freeipa/component_freeipa_server/groups

* Description: groups to add * Optional * Type: component_freeipa_group • /software/freeipa/component_freeipa_permission

1.3. configuration-modules-core 243 Quattor Documentation, Release 0.0.1

– Description: permission / ownership for keytabs and certificates – /software/freeipa/component_freeipa_permission/mode

* Description: mode/permissions * Optional * Type: long – /software/freeipa/component_freeipa_permission/owner

* Description: owner * Optional * Type: string – /software/freeipa/component_freeipa_permission/group

* Description: group * Optional * Type: string • /software/freeipa/component_freeipa_keytab – Description: keytab for service configuration – /software/freeipa/component_freeipa_keytab/service

* Description: service to retrieve keytab for (the pricipal service/fqdn is used if no component is specified)

* Optional * Type: string • /software/freeipa/component_freeipa_certificate – Description: Certificate to request/retrieve. cert and/or key can be optionally extracted from NSSDB. Permissions are set on both cert and key, with certmode for the certificate. The nick is an alias for DN, and is unique (adding a 2nd nick for same, existing DN will result in adding a new entry with already existing nick). – /software/freeipa/component_freeipa_certificate/cert

* Description: certificate location to extract * Optional * Type: string – /software/freeipa/component_freeipa_certificate/certmode

* Description: certificate mode/permissions * Optional * Type: long – /software/freeipa/component_freeipa_certificate/key

* Description: (private) key location to extract * Optional * Type: string

244 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/freeipa/component_freeipa_principal – Description: Principal and keytab for role – /software/freeipa/component_freeipa_principal/principal

* Description: principal to use * Optional * Type: string – /software/freeipa/component_freeipa_principal/keytab

* Description: keytab to use to retrieve credentials * Optional * Type: string • /software/freeipa/component_freeipa_nss – Description: NSS db options • /software/freeipa/freeipa_component – /software/freeipa/freeipa_component/realm

* Description: realm * Optional * Type: string – /software/freeipa/freeipa_component/primary

* Description: FreeIPA server that will be used for all API and for secondaries to replicate * Optional * Type: type_hostname – /software/freeipa/freeipa_component/secondaries

* Description: list of secondary servers to replicate * Optional * Type: type_hostname – /software/freeipa/freeipa_component/domain

* Description: FreeIPA domain name (defaults to /system/network/domainname value if not specified)

* Optional * Type: type_hostname – /software/freeipa/freeipa_component/server

* Description: server configuration settings * Optional * Type: component_freeipa_server – /software/freeipa/freeipa_component/keytabs

* Description: keytabs to retrieve for services

1.3. configuration-modules-core 245 Quattor Documentation, Release 0.0.1

* Optional * Type: component_freeipa_keytab – /software/freeipa/freeipa_component/certificates

* Description: certificates to request/retrieve (key is the NSSDB nick, and is unique per DN) * Optional * Type: component_freeipa_certificate – /software/freeipa/freeipa_component/hostcert

* Description: Generate the host certificate in /etc/ipa/quattor/certs/host.pem and key /etc/ipa/quattor/keys/host.key. The nick host is used (and any setting under certificates using that nick are preserved)

* Optional * Type: boolean – /software/freeipa/freeipa_component/nss

* Description: NSSDB options * Optional * Type: component_freeipa_nss – /software/freeipa/freeipa_component/host

* Description: Host options * Optional * Type: component_freeipa_host – /software/freeipa/freeipa_component/principals

* Description: Principal/keytab pairs for client,server or aii roles (default client role with host/fqdn princiapl and /etc/krb5.keytab keytab)

* Optional * Type: component_freeipa_principal fstab

DESCRIPTION

The fstab component manages the mount points in a node. It is able to manipulate /etc/fstab, and remount filesystems as specified by the profile. It doesn’t perform any dangerous operations, such as formatting or partitioning. If you need so, use ncm-filesystems in addition to this component. It doesn’t remove any filesystems specified under /software/components/fstab/protected_mounts.

Types

• /software/fstab/fstab_protected_entries – Description:

246 Chapter 1. Content Quattor Documentation, Release 0.0.1

Protected mountpoints and filesystem types. mounts is looked for on the second field of fstab, fs_file fs_types is looked for on the third field of fstab, fs_vfstype Default content of mounts is the same content as from the now deprecated protected_mounts field in the structure_component_fstab type • /software/fstab/fstab_protected_entries/mounts – Optional – Type: string • /software/fstab/fstab_protected_entries/fs_types – Optional – Type: string • /software/fstab/structure_component_fstab – Description: fstab component structure keep entries are always kept, but can be changed static entries can not be changed, but can be deleted protected_mounts is still here for backwards compability, and is the same as keep/mounts • /software/fstab/structure_component_fstab/keep – Optional – Type: fstab_protected_entries • /software/fstab/structure_component_fstab/static – Optional – Type: fstab_protected_entries • /software/fstab/structure_component_fstab/protected_mounts – Optional – Type: string ganglia

NAME ncm-ganglia: Ganglia components

DESCRIPTION ganglia

RESOURCES

/software/components/ganglia

The configuration information for the component. Each field should be described in this section.

1.3. configuration-modules-core 247 Quattor Documentation, Release 0.0.1

Types

• /software/ganglia/daemon_ganglia – /software/ganglia/daemon_ganglia/config_file

* Optional * Type: string – /software/ganglia/daemon_ganglia/data_source

* Optional * Type: string – /software/ganglia/daemon_ganglia/gridname

* Optional * Type: string – /software/ganglia/daemon_ganglia/case_sensitive_hostnames

* Optional * Type: long • /software/ganglia/metric_collection_groups_client_ganglia – /software/ganglia/metric_collection_groups_client_ganglia/name

* Optional * Type: string – /software/ganglia/metric_collection_groups_client_ganglia/title

* Optional * Type: string – /software/ganglia/metric_collection_groups_client_ganglia/value_threshold

* Optional * Type: string • /software/ganglia/collection_groups_client_ganglia – /software/ganglia/collection_groups_client_ganglia/collect_once

* Optional * Type: boolean – /software/ganglia/collection_groups_client_ganglia/time_threshold

* Optional * Type: long – /software/ganglia/collection_groups_client_ganglia/metric

* Optional * Type: metric_collection_groups_client_ganglia – /software/ganglia/collection_groups_client_ganglia/collect_every

* Optional

248 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long • /software/ganglia/modules_client_ganglia – /software/ganglia/modules_client_ganglia/name

* Optional * Type: string – /software/ganglia/modules_client_ganglia/path

* Optional * Type: string – /software/ganglia/modules_client_ganglia/enabled

* Optional * Type: boolean – /software/ganglia/modules_client_ganglia/params

* Optional * Type: string – /software/ganglia/modules_client_ganglia/param

* Optional * Type: string • /software/ganglia/access_acl_client_ganglia – /software/ganglia/access_acl_client_ganglia/ip

* Optional * Type: string – /software/ganglia/access_acl_client_ganglia/mask

* Optional * Type: string – /software/ganglia/access_acl_client_ganglia/action

* Optional * Type: string • /software/ganglia/acl_client_ganglia – /software/ganglia/acl_client_ganglia/default

* Optional * Type: string – /software/ganglia/acl_client_ganglia/access

* Optional * Type: access_acl_client_ganglia • /software/ganglia/udp_accept_channel_client_ganglia – /software/ganglia/udp_accept_channel_client_ganglia/port

1.3. configuration-modules-core 249 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/ganglia/udp_accept_channel_client_ganglia/bind

* Optional * Type: string – /software/ganglia/udp_accept_channel_client_ganglia/interface

* Optional * Type: string – /software/ganglia/udp_accept_channel_client_ganglia/family

* Optional * Type: string – /software/ganglia/udp_accept_channel_client_ganglia/timeout

* Optional * Type: long – /software/ganglia/udp_accept_channel_client_ganglia/acl

* Optional * Type: acl_client_ganglia • /software/ganglia/udp_recv_channel_client_ganglia – /software/ganglia/udp_recv_channel_client_ganglia/port

* Optional * Type: long – /software/ganglia/udp_recv_channel_client_ganglia/mcast_join

* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/mcast_if

* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/bind

* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/family

* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/acl

* Optional * Type: acl_client_ganglia

250 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/ganglia/udp_send_channel_client_ganglia – /software/ganglia/udp_send_channel_client_ganglia/host

* Optional * Type: string – /software/ganglia/udp_send_channel_client_ganglia/port

* Optional * Type: long – /software/ganglia/udp_send_channel_client_ganglia/ttl

* Optional * Type: long – /software/ganglia/udp_send_channel_client_ganglia/mcast_join

* Optional * Type: string – /software/ganglia/udp_send_channel_client_ganglia/mcast_if

* Optional * Type: string • /software/ganglia/host_client_ganglia – /software/ganglia/host_client_ganglia/location

* Optional * Type: string • /software/ganglia/cluster_client_ganglia – /software/ganglia/cluster_client_ganglia/name

* Optional * Type: string – /software/ganglia/cluster_client_ganglia/owner

* Optional * Type: string – /software/ganglia/cluster_client_ganglia/latlong

* Optional * Type: string – /software/ganglia/cluster_client_ganglia/url

* Optional * Type: string • /software/ganglia/globals_client_ganglia – /software/ganglia/globals_client_ganglia/daemonize

* Optional

1.3. configuration-modules-core 251 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/ganglia/globals_client_ganglia/setuid

* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/user

* Optional * Type: string – /software/ganglia/globals_client_ganglia/debug_level

* Optional * Type: long – /software/ganglia/globals_client_ganglia/max_udp_msg_len

* Optional * Type: long – /software/ganglia/globals_client_ganglia/mute

* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/deaf

* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/allow_extra_data

* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/host_dmax

* Optional * Type: long – /software/ganglia/globals_client_ganglia/cleanup_threshold

* Optional * Type: long – /software/ganglia/globals_client_ganglia/send_metadata_interval

* Optional * Type: long – /software/ganglia/globals_client_ganglia/gexec

* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/module_dir

* Optional

252 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/ganglia/client_ganglia – /software/ganglia/client_ganglia/config_file

* Optional * Type: string – /software/ganglia/client_ganglia/globals

* Optional * Type: globals_client_ganglia – /software/ganglia/client_ganglia/cluster

* Optional * Type: cluster_client_ganglia – /software/ganglia/client_ganglia/host

* Optional * Type: host_client_ganglia – /software/ganglia/client_ganglia/udp_send_channel

* Optional * Type: udp_send_channel_client_ganglia – /software/ganglia/client_ganglia/udp_recv_channel

* Optional * Type: udp_recv_channel_client_ganglia – /software/ganglia/client_ganglia/tcp_accept_channel

* Optional * Type: udp_accept_channel_client_ganglia – /software/ganglia/client_ganglia/modules

* Optional * Type: modules_client_ganglia – /software/ganglia/client_ganglia/includes

* Optional * Type: string – /software/ganglia/client_ganglia/collection_groups

* Optional * Type: collection_groups_client_ganglia • /software/ganglia/component_ganglia – /software/ganglia/component_ganglia/package

* Optional * Type: string

1.3. configuration-modules-core 253 Quattor Documentation, Release 0.0.1

– /software/ganglia/component_ganglia/daemon

* Optional * Type: daemon_ganglia – /software/ganglia/component_ganglia/client

* Optional * Type: client_ganglia gmetad

DESCRIPTION

The gmetad component manages Ganglia’s gmetad daemon. This daemon collects performance information from various nodes and stores it in a RRD database.

GMETAD

The configuration of gmetad is stored in the file /etc/gmetad.conf. The schema for this component is very similar to the options in the configuration file. * /software/components/gmetad/data_source/[srcindex]/name : string Name of the data source. * /software/components/gmetad/data_source/[srcindex]/polling_interval : long(1..) Optional polling interval for the data source, in seconds. * /software/components/gmetad/data_source/[srcindex]/host/[hostindex]/address : type_hostname Host name or IP address per machine serving the data source. * /software/components/gmetad/data_source/[srcindex]/host/[hostindex]/port : type_port Optional port per machine serving the data source. * /software/components/gmetad/debug_level : long(0..) Optional level of debug output for the daemon. * /software/components/gmetad/scalability : string Optional flag to enable or disable scalability mode. Valid values are on and off. * /software/components/gmetad/file : string Mandatory field specifying the location of the the configuration file. For Ganglia 3.0, this should be /etc/gmetad.confand for Ganglia 3.1, it should be /etc/ganglia/gmetad.conf. * /software/components/gmetad/gridname : string Optional name of the grid. * /software/components/gmetad/authority : type_absoluteURI Optional authority URL for this grid.

254 Chapter 1. Content Quattor Documentation, Release 0.0.1

* /software/components/gmetad/trusted_hosts : type_hostname[] Optional list of trusted hosts. * /software/components/gmetad/all_trusted : string Optional field to enable trust of all hosts. Valid values are on and off. * /software/components/gmetad/setuid : string Optional flag to control setuid mode of the daemon. Valid values are on and off. * /software/components/gmetad/setuid_username : string Optional name of the user account running the daemon. * /software/components/gmetad/xml_port : type_port Optional port on which gmetad will answer requests for XML. * /software/components/gmetad/interactive_port : type_port Optional port on which gmetad will answer queries for XML. * /software/components/gmetad/server_threads : long(1..) Optional number of threads answering XML requests. * /software/components/gmetad/rrd_rootdir : string Optional directory where gmetad stores its RRD databases.

Types

• /software/gmetad/structure_component_gmetad_data_source_host – /software/gmetad/structure_component_gmetad_data_source_host/address

* Optional * Type: type_hostname – /software/gmetad/structure_component_gmetad_data_source_host/port

* Optional * Type: type_port • /software/gmetad/structure_component_gmetad_data_source – /software/gmetad/structure_component_gmetad_data_source/name

* Optional * Type: string – /software/gmetad/structure_component_gmetad_data_source/polling_interval

* Optional * Type: long * Range: 1.. – /software/gmetad/structure_component_gmetad_data_source/host

* Optional * Type: structure_component_gmetad_data_source_host

1.3. configuration-modules-core 255 Quattor Documentation, Release 0.0.1

• /software/gmetad/structure_component_gmetad – /software/gmetad/structure_component_gmetad/debug_level

* Optional * Type: long * Range: 0.. – /software/gmetad/structure_component_gmetad/data_source

* Optional * Type: structure_component_gmetad_data_source – /software/gmetad/structure_component_gmetad/scalability

* Optional * Type: string – /software/gmetad/structure_component_gmetad/gridname

* Optional * Type: string – /software/gmetad/structure_component_gmetad/authorithy

* Optional * Type: type_absoluteURI – /software/gmetad/structure_component_gmetad/trusted_hosts

* Optional * Type: type_hostname – /software/gmetad/structure_component_gmetad/all_trusted

* Optional * Type: string – /software/gmetad/structure_component_gmetad/setuid

* Optional * Type: string – /software/gmetad/structure_component_gmetad/setuid_username

* Optional * Type: string – /software/gmetad/structure_component_gmetad/xml_port

* Optional * Type: type_port – /software/gmetad/structure_component_gmetad/interactive_port

* Optional * Type: type_port – /software/gmetad/structure_component_gmetad/server_threads

256 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long * Range: 1.. – /software/gmetad/structure_component_gmetad/rrd_rootdir

* Optional * Type: string – /software/gmetad/structure_component_gmetad/file

* Optional * Type: string gmond

DESCRIPTION

The gmond component manages Ganglia’s gmond daemon. This daemon collects information at a node and uses multicast to distribute it over the network.

Types

• /software/gmond/gmond_acl_access – /software/gmond/gmond_acl_access/ip

* Optional * Type: type_ip – /software/gmond/gmond_acl_access/mask

* Optional * Type: long * Range: 0..32 – /software/gmond/gmond_acl_access/action

* Optional * Type: string • /software/gmond/gmond_acl – /software/gmond/gmond_acl/default

* Optional * Type: string – /software/gmond/gmond_acl/access

* Optional * Type: gmond_acl_access • /software/gmond/gmond_cluster – /software/gmond/gmond_cluster/name

1.3. configuration-modules-core 257 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/gmond/gmond_cluster/owner

* Optional * Type: string – /software/gmond/gmond_cluster/latlong

* Optional * Type: string – /software/gmond/gmond_cluster/url

* Optional * Type: type_absoluteURI • /software/gmond/gmond_host – /software/gmond/gmond_host/location

* Optional * Type: string • /software/gmond/gmond_globals – /software/gmond/gmond_globals/daemonize

* Optional * Type: boolean – /software/gmond/gmond_globals/setuid

* Optional * Type: boolean – /software/gmond/gmond_globals/user

* Optional * Type: string – /software/gmond/gmond_globals/debug_level

* Optional * Type: long – /software/gmond/gmond_globals/mute

* Optional * Type: boolean – /software/gmond/gmond_globals/deaf

* Optional * Type: boolean – /software/gmond/gmond_globals/host_dmax

* Optional

258 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. – /software/gmond/gmond_globals/host_tmax

* Optional * Type: long * Range: 0.. – /software/gmond/gmond_globals/cleanup_threshold

* Optional * Type: long * Range: 0.. – /software/gmond/gmond_globals/gexec

* Optional * Type: boolean – /software/gmond/gmond_globals/send_metadata_interval

* Optional * Type: long * Range: 0.. – /software/gmond/gmond_globals/module_dir

* Optional * Type: string – /software/gmond/gmond_globals/allow_extra_data

* Optional * Type: boolean – /software/gmond/gmond_globals/max_udp_msg_len

* Optional * Type: long * Range: 0..65536 • /software/gmond/gmond_udp_send_channel – /software/gmond/gmond_udp_send_channel/mcast_join

* Optional * Type: type_ipv4 – /software/gmond/gmond_udp_send_channel/mcast_if

* Optional * Type: string – /software/gmond/gmond_udp_send_channel/host

* Optional

1.3. configuration-modules-core 259 Quattor Documentation, Release 0.0.1

* Type: type_hostname – /software/gmond/gmond_udp_send_channel/port

* Optional * Type: type_port – /software/gmond/gmond_udp_send_channel/ttl

* Optional * Type: long * Range: 1.. – /software/gmond/gmond_udp_send_channel/bind

* Optional * Type: type_ipv4 – /software/gmond/gmond_udp_send_channel/bind_hostname

* Optional * Type: boolean • /software/gmond/gmond_udp_recv_channel – /software/gmond/gmond_udp_recv_channel/mcast_join

* Optional * Type: type_ipv4 – /software/gmond/gmond_udp_recv_channel/bind

* Optional * Type: type_ip – /software/gmond/gmond_udp_recv_channel/mcast_if

* Optional * Type: string – /software/gmond/gmond_udp_recv_channel/port

* Optional * Type: type_port – /software/gmond/gmond_udp_recv_channel/family

* Optional * Type: string – /software/gmond/gmond_udp_recv_channel/acl

* Optional * Type: gmond_acl • /software/gmond/gmond_tcp_accept_channel – /software/gmond/gmond_tcp_accept_channel/bind

* Optional

260 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: type_ip – /software/gmond/gmond_tcp_accept_channel/port

* Optional * Type: type_port – /software/gmond/gmond_tcp_accept_channel/family

* Optional * Type: string – /software/gmond/gmond_tcp_accept_channel/timeout

* Description: timeout in micro seconds * Optional * Type: long – /software/gmond/gmond_tcp_accept_channel/acl

* Optional * Type: gmond_acl • /software/gmond/gmond_metric – /software/gmond/gmond_metric/name

* Optional * Type: string – /software/gmond/gmond_metric/value_threshold

* Optional * Type: double – /software/gmond/gmond_metric/title

* Optional * Type: string • /software/gmond/gmond_collection_group – /software/gmond/gmond_collection_group/collect_once

* Optional * Type: boolean – /software/gmond/gmond_collection_group/collect_every

* Optional * Type: long * Range: 1.. – /software/gmond/gmond_collection_group/time_threshold

* Optional * Type: long * Range: 1..

1.3. configuration-modules-core 261 Quattor Documentation, Release 0.0.1

– /software/gmond/gmond_collection_group/metric

* Optional * Type: gmond_metric • /software/gmond/gmond_module – /software/gmond/gmond_module/name

* Optional * Type: string – /software/gmond/gmond_module/language

* Optional * Type: string – /software/gmond/gmond_module/path

* Optional * Type: string – /software/gmond/gmond_module/params

* Optional * Type: string – /software/gmond/gmond_module/param

* Optional * Type: dict • /software/gmond/gmond_component – /software/gmond/gmond_component/cluster

* Description: Cluster configuration * Optional * Type: gmond_cluster – /software/gmond/gmond_component/host

* Description: Host configuration * Optional * Type: gmond_host – /software/gmond/gmond_component/globals

* Description: Configuration of gmond * Optional * Type: gmond_globals – /software/gmond/gmond_component/udp_send_channel

* Description: List of UDP channels to send information to. * Optional * Type: gmond_udp_send_channel

262 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/gmond/gmond_component/udp_recv_channel

* Description: List of UDP channels to receive information from. * Optional * Type: gmond_udp_recv_channel – /software/gmond/gmond_component/tcp_accept_channel

* Description: List of TCP channels from which information is accepted. * Optional * Type: gmond_tcp_accept_channel – /software/gmond/gmond_component/collection_group

* Description: List of collection groups * Optional * Type: gmond_collection_group – /software/gmond/gmond_component/module

* Description: List of modules * Optional * Type: gmond_module – /software/gmond/gmond_component/include

* Description: Optional list of additional files to include. * Optional * Type: absolute_file_path – /software/gmond/gmond_component/file

* Description: The location of the configuration file. The correct value differs between Ganglia 3.0 (/etc/gmond.conf) and 3.1 (/etc/ganglia/gmond.conf). There is no default value.

* Optional * Type: absolute_file_path gpfs

NAME

NCM::gpfs - NCM gpfs configuration component

Types

• /software/gpfs/gpfs_curl – /software/gpfs/gpfs_curl/usecurl

* Optional * Type: boolean

1.3. configuration-modules-core 263 Quattor Documentation, Release 0.0.1

– /software/gpfs/gpfs_curl/usegss

* Description: use kerberos token form host keytab * Optional * Type: boolean – /software/gpfs/gpfs_curl/usesindesgetcertcertwithcurl

* Description: get certificate information from SINDES getcert component configuration * Optional * Type: boolean – /software/gpfs/gpfs_curl/useccmcertwithcurl

* Description: get certificate information from CCM component configuration * Optional * Type: boolean • /software/gpfs/gpfs_cfg – /software/gpfs/gpfs_cfg/url

* Optional * Type: string – /software/gpfs/gpfs_cfg/keyData

* Optional * Type: string – /software/gpfs/gpfs_cfg/sdrrestore

* Optional * Type: boolean – /software/gpfs/gpfs_cfg/subnet

* Optional * Type: string • /software/gpfs/gpfs_base – /software/gpfs/gpfs_base/rpms

* Optional * Type: string – /software/gpfs/gpfs_base/baseurl

* Optional * Type: string – /software/gpfs/gpfs_base/useproxy

* Optional * Type: boolean – /software/gpfs/gpfs_base/useyum

264 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean • /software/gpfs/gpfs_sysmon_common – /software/gpfs/gpfs_sysmon_common/monitorinterval

* Optional * Type: long * Range: 0.. – /software/gpfs/gpfs_sysmon_common/monitoroffset

* Optional * Type: long * Range: 0.. – /software/gpfs/gpfs_sysmon_common/clockalign

* Optional * Type: boolean • /software/gpfs/gpfs_sysmon_network • /software/gpfs/gpfs_sysmon – /software/gpfs/gpfs_sysmon/network

* Optional * Type: gpfs_sysmon_network • /software/gpfs/gpfs_component – /software/gpfs/gpfs_component/base

* Optional * Type: gpfs_base – /software/gpfs/gpfs_component/cfg

* Optional * Type: gpfs_cfg – /software/gpfs/gpfs_component/sysmon

* Description: GPFS mmsysmonitor configuration. When defined, existing configuration is read and only configured values are modified/added, keeping any other existing ones.

* Optional * Type: gpfs_sysmon – /software/gpfs/gpfs_component/skiprpm

* Optional * Type: boolean

1.3. configuration-modules-core 265 Quattor Documentation, Release 0.0.1 grub

NAME

The grub component manages the grub configuration.

DESCRIPTION

The grub component manages the configuration of grub. Most of the configuration is handled via the grubby tool (which supports grub2). Some configuration like serial console settings and password however is done by modifying the grub configfile directly, which might not be safe under grub2.

RESOURCES

Besides /software/component/grub, following resources are used: /system/kernel/version for setting the default kernel /hardware/console/serial for serial console configuration

EXAMPLES

A standard SL4 kernel with initrd image to be loaded.

"/software/components/grub/kernels/0"= nlist("kernelpath", "/vmlinuz-2.6.9-22.0.1.EL", "kernelargs", "ro root=LABEL=/", "title", "Scientific Linux 4.2 / 2.6.9", "initrd", "/initrd-2.6.9-22.0.1.EL.img" );

This configuration produces the following entry in grub.conf (via grubby):

title Scientific Linux 4.2/ 2.6.9 kernel /vmlinuz-2.6.9-22.0.1.EL ro root=LABEL=/ initrd/initrd-2.6.9-22.0.1.EL.img

A Xen 3 hypervisor with Linux 2.6 domain 0 kernel and initrd (via grubby).

"/software/components/grub/kernels/1"= nlist("multiboot", "/xen-3.0.2-2.gz", "mbargs", "dom0_mem=400000", "title", "Xen 3 / XenLinux 2.6.16", "kernelpath", "/vmlinuz-2.6.16-xen3_86.1_rhel4.1", "kernelargs", "max_loop=128 root=/dev/hda2 ro", "initrd", "/initrd-2.6.16-xen3_86.1_rhel4.1" );

Produces the following entry in grub.conf:

266 Chapter 1. Content Quattor Documentation, Release 0.0.1

title Xen3/ XenLinux 2.6.16 kernel/xen-3.0.2-2.gz dom0_mem=400000 addthis module /vmlinuz-2.6.16-xen3_86.1_rhel4.1 max_loop=128 root=/dev/hda2 ro module/initrd-2.6.16-xen3_86.1_rhel4.1

Methods

grubby_args_options Given string args, split and convert into grubby commandline options to add and/or remove the argu- ments. Arguments prefixed with ‘-‘ are scheduled for removal If multiboot is true, generate multiboot commandline options Returns a list of options. password Configure the grub password by editing the grub conf via filehandle grub_fh (a CAF::FileEditor instance, which is not closed in this method). Returns SUCCESS on succes, undef otherwise. serial_console Configure the grub serial console settings (ttyS devices only) by editing the grub conf via filehandle grub_fh(a CAF::FileEditor instance, which is not closed in this method). Returns undef on failure, the console kernel commandline option (or empty string if none is to be config- ured) on success. main_section_offset Given a grub config filehandle (a CAF::FileEditor instance), return the startposition of the main section i.e. after the header comments (if any). grub_conf Edit grub configfile and return serial console kernel commandline option (if any). grubby Run grubby with arraref args via CAF::Proces using the output method and return the output. Has following options proc: return new CAF::Process instance with args (i.e. without execute/output) success: run execute and return 1 on success, 0 on failure keeps_state: pass keeps_state flag current_default Return current full path of current default kernel. set_default Set default kernel to new kernelpath and verify by (re)checking the default kernel. Returns success on success; on failure, return either undef: setting default kernel returned non-zero exitcode 0: setting default was succesful, but new default kernel is not expected kernel

1.3. configuration-modules-core 267 Quattor Documentation, Release 0.0.1

No errors are reported. configure_default Configure the new default kernel to be new. If this fails and mbnew exists, try to set mbnew as default. If neither new nor mbnew are successful, report an error and revert to original. kernel Configure boot entry using kernel hashref, the kernel prefixand optional serial console kernel com- mandline option cons. Any serial console settings in the kernelargs attribute is replaced by cons (when defined). get_info Return info for default kernel as an arrayref of hashref Same kernel can have multiple entries. default_options Configure kernel commandline options of default kernel pxeboot Set pxeboot as first bootorder. Returns SUCCESS on success, undef otherwise. Currently only supported on UEFI systems using efibootmgr. On other systems, SUCCESS is also returned (but nothing is done). Configure Updates the grub.conf configuration file using grubby according to a list of kernels described in the profile. Sets the default kernel to that specified in /system/kernel/version. Supports serial console configuration specified in /hardware/console/serial. multiboot loaders (most commonly used for configuration of Xen systems). Returns error in case of failure.

Types

• /software/grub/type_grub_password – Description: the crypted password can be supplied either in the password field OR, alternatively, within a file. this could be useful if putting the crypted password in the profile is undesirable. for this the file will be scanned and the password will be taken from the second field in a colon delimited line, where the first field matches the file_user parameter. • /software/grub/type_grub_password/enabled – Description: Sets if a password should be enabled in grub.conf. If this is false, any existing password will be removed. If this is not defined, the component will not add or remove a password, leaving any existing one untouched. – Optional – Type: boolean

268 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/grub/type_grub_password/option – Description: An –option used with the password line in grub.conf. This is typically used to set the hashing algorithm for the password. “encrypted” means the password can be hashed with (more secure than MD5) SHA-256 or SHA-512. “md5” for an MD5 hashed password. Plaintext is not supported. – Optional – Type: string • /software/grub/type_grub_password/password – Description: Mutually exclusive with the file option. A crypted password for grub.conf. – Optional – Type: string • /software/grub/type_grub_password/file – Description: Mutually exclusive with the password option. The path to a file on the host where the password can be read from. May be useful if it is undesirable to put (even crypted) profiles into the profile. The file will be scanned for a line where the first field (colon seperated) matches the file_user option, and the second field will be used as the parameter. – Optional – Type: string • /software/grub/type_grub_password/file_user – Description: See description of the file option. The user (first field) to be picked from a password field. – Optional – Type: string • /software/grub/type_kernel – /software/grub/type_kernel/kernelpath

* Description: Path to the kernel (relative to “prefix” described above). * Optional * Type: string – /software/grub/type_kernel/kernelargs

* Description: Sets the arguments for this kernel at boot time. Behaviour is same as ‘args’ with fullcontrol false.

* Optional * Type: string – /software/grub/type_kernel/multiboot

* Description: Allows for setting a multiboot loader which is a generic interface for boot loaders and operating systems. The Xen hypervisor uses a multiboot loader to load guest kernels as modules.

1.3. configuration-modules-core 269 Quattor Documentation, Release 0.0.1

– Optional – Type: string – /software/grub/type_kernel/mbargs

* Description: Sets the arguments that are to be passed to a multiboot loader. For example, the Xen hypervisor accepts arguments for setting the amount of memory allocated to the Domain 0 kernel.

* Optional * Type: string – /software/grub/type_kernel/initrd

* Description: Optionally set an initial ramdisk image to be loaded when booting. * Optional * Type: string – /software/grub/type_kernel/title

* Description: The title string that will be used to describe this entry. * Optional * Type: string • /software/grub/grub_component – /software/grub/grub_component/prefix

* Description: Prefix where kernels are found. Component defaults to /boot. * Optional * Type: string – /software/grub/grub_component/args

* Description: Sets the arguments for the default kernel at boot time. The removal of a current argument is done by preceding the argument with a “-“. If ‘fullcontrol’ is false then an empty or undefined value leaves the current arguments un- touched. If ‘fullcontrol’ is true then the current arguments passed to the kernel are substituted by the ones given in this entry.

* Optional * Type: string – /software/grub/grub_component/fullcontrol

* Description: Sets if we want a full control of the kernel arguments. The component default is ‘false’.

* Optional * Type: boolean – /software/grub/grub_component/kernels

* Description: This is a list of kernels that should have entries in the grub

270 Chapter 1. Content Quattor Documentation, Release 0.0.1

configuration file. Each kernel is described by the following entries.

* Optional * Type: type_kernel – /software/grub/grub_component/password

* Optional * Type: type_grub_password – /software/grub/grub_component/pxeboot

* Description: pxeboot first: set the PXE boot device as first device. Only for supported platforms (e.g. UEFI)

* Optional * Type: boolean hostsaccess

NAME hostsaccess: NCM component to control /etc/hosts.allow and hosts.deny files.

DESCRIPTION

The hostsaccess component manages the configuration files /etc/hosts.allowand /etc/hosts.deny. Few checks are done on the given configuration to allow all of the supported wildcarding.

RESOURCES

* /software/components/hostsaccess/allow A list where each entry consists of a named list with the keys: daemon and host. Both of the keys take strings as values and hence can support the full wildcarding syntax. These entries are allowed to access the daemon. NOTE: The daemon name MUST be encoded with the pan escape() function. This allows daemon lists to be used in the specification. * /software/components/hostsaccess/deny A list where each entry consists of a named list with the keys: daemon and host. Both of the keys take strings as values and hence can support the full wildcarding syntax. These entries are denied access to the daemon. NOTE: The daemon name MUST be encoded with the pan escape() function. This allows daemon lists to be used in the specification.

EXAMPLE

1.3. configuration-modules-core 271 Quattor Documentation, Release 0.0.1

"/software/components/hostsaccess/allow"= append( nlist( "daemon",escape("slapd"), "host","127.0.0.1" ) );

Types

• /software/hostsaccess/structure_hostsaccess_entry – /software/hostsaccess/structure_hostsaccess_entry/daemon

* Optional * Type: string – /software/hostsaccess/structure_hostsaccess_entry/host

* Optional * Type: string • /software/hostsaccess/component_hostsaccess – /software/hostsaccess/component_hostsaccess/allow

* Optional * Type: structure_hostsaccess_entry – /software/hostsaccess/component_hostsaccess/deny

* Optional * Type: structure_hostsaccess_entry hostsfile

NAME

NCM::hostsfile - NCM local hosts file configuration component.

SYNOPSIS

Configure() Updates the /etc/hosts file with the entries specified within the configuration. The entries in the configuration are keyed by the primary hostname. If an entry describes a hostname which is already in /etc/hosts(either as a primary hostname, or as an alias), then that host entry will be left alone (if takeover is false), or will be completely replaced by the entry specified in the configuration (if takeover is true). A comment # NCM is added to each line so that any deletions will also be cleaned up correctly. Returns error in case of a failure.

272 Chapter 1. Content Quattor Documentation, Release 0.0.1

RESOURCES

* /system/network/domainname When specifying hosts within the entries nlist, if a hostname is not FQDN and there are no aliases defined, then an alias will be automatically created using an FQDN formed by joining the shortname with this domain. * /software/components/hostsfile/file The filename to modify, defaults to /etc/hosts. * /software/components/hostsfile/entries An nlist, keyed by hostname. The value of each hostname is an nlist containing the following structure: ipaddr The IP address of the host. aliases A string value of aliases. Multiple aliases should be whitespace separated. comment A comment to append to the line within /etc/hosts. * /software/components/hostsfile/takeover A boolean. If false (the default), then pre-existing host lines in the file which are not tagged with the “NCM” comment will be preserved. If takeover is true, then pre-existing entries for hosts will be taken over and declared to be under NCM control.

EXAMPLES

Example - configuration defined like this:

include 'software/components/hostsfile'; "/software/components/hostsfile/active"= true; "/software/components/hostsfile/file"= "/etc/hosts.local"; "/software/components/hostsfile/entries"= nlist ( "tsmstor601.cern.ch", nlist( "ipaddr", "192.168.1.101", "comment", "TSM DB disks"), "tsmstor602.cern.ch", nlist( "ipaddr", "192.168.1.102", "comment", "TSM Staging disks"), );

will modify the /etc/hosts.local file from:

# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 137.138.45.75 lxfsec1604.cern.ch

to:

1.3. configuration-modules-core 273 Quattor Documentation, Release 0.0.1

# Generated by Quattor component hostsfile # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 137.138.45.75 lxfsec1604.cern.ch 192.168.1.101 tsmstor601.cern.ch tsmstor601 # NCM TSM DB disks 192.168.1.101 tsmstor602.cern.ch tsmstor602 # NCM TSM Staging disks

The syntax below is also possible:

"/software/components/hostsfile/entries/tsmstor603"= nlist( "ipaddr", "192.168.1.103", "comment", "TSM more disks" );

or:

"/software/components/hostsfile/entries/tsmstor603/ipaddr"= "192.168.1.103"; "/software/components/hostsfile/entries/tsmstor603/comment"= "Testing";

Types

• /software/hostsfile/component_hostsfile_type – /software/hostsfile/component_hostsfile_type/file

* Optional * Type: string – /software/hostsfile/component_hostsfile_type/entries

* Optional * Type: dict – /software/hostsfile/component_hostsfile_type/takeover

* Optional * Type: boolean

icinga

DESCRIPTION

The icinga component manages the configuration for the Icinga monitoring system. At the time of this writing, escalations and dependencies are the only Icinga settings this component doesn’t under- stand.

BASIC COMPONENT STRUCTURE

Icinga configuration is very complicated. Before reading this, please check the Icinga documentation. All the fields on this component are named just like the tags for the appropriate Icinga object. * /software/components/icinga/general

274 Chapter 1. Content Quattor Documentation, Release 0.0.1

Global settings for Icinga. These settings will be written in /etc/icinga/icinga.cfg . * /software/components/icinga/cgi Configuration of the Icinga web interface. This path is optional. If it exists, the settings will be written in /etc/icinga/cgi.cfg. * /software/components/icinga/hosts Host definitions, indexed by host name. There is no host_name option, as it is taken from the index. Also, the host_address field is optional. If it’s not provided, gethostbyname is used to decide the host’s IP address. These settings are written in /etc/icinga/objects/hosts.cfg. * /software/components/icinga/hostgroups Hostgroup definitions, indexed by hostgroup name. These settings are written in /etc/icinga/ objects/hostgroups.cfg. * /software/components/icinga/hostdependencies Host dependency defintions, indexed by depended host name (this is, where the arrow ends in Icinga documentation). These settings are written in /etc/icinga/objects/hostdependencies.cfg. * /software/components/icinga/services Nlist of lists of service definitions. The keys are the service descriptions, escaped. The value is a list of service definitions that share the same definition but have different parameters (e.g, commands). Please check that you don’t list the same host on two entries of the same service, as the validation code won’t detect this and will cause Icinga to fail. These settings are written in /etc/icinga/objects/services.cfg. * /software/components/icinga/servicegroups List of service groups. It is written in /etc/icinga/objects/servicegroups.cfg * /software/components/icinga/servicedependencies List of service dependencies. It is written in /etc/icinga/objects/servicedependencies. cfg * /software/components/icinga/contacts Contact definition, indexed by contact name. These settings are written in /etc/icinga/objects/contacts.cfg. * /software/components/icinga/contactgroups Contact group definition, indexed by contact group name. These settings are written in /etc/icinga/ objects/contactgroups.cfg. * /software/components/icinga/commands Command lines, indexed by Icinga command name. These settings are stored in /etc/icinga/ objects/commands.cfg. * /software/components/icinga/macros Icinga $USERx$ macros, indexed by macro name. The macro name must not be surrounded by ‘$’. These settings are stored in /etc/icinga/resources.cfg. * /software/components/icinga/timeperiods

1.3. configuration-modules-core 275 Quattor Documentation, Release 0.0.1

Icinga time period definition, indexed by time period name. Time periods are stored in /etc/icinga/ objects/timeperiods.cfg. * /software/components/icinga/serviceextinfo Definition for extended service information. These settings are saved in /etc/icinga/objects/ serviceextinfo.cfg. * /software/components/icinga/external_files Other already existing files to be included in the configuration of Icinga. Please note that the component can’t validate these, so if you include a broken file, you’ll break your Icinga server! * /software/components/icinga/external_dirs Other already existing dirs to be included in the configuration of Icinga. Please note that the component can’t validate these, so if you include a broken file, you’ll break your Icinga server!

NOTES ON THE USE OF THIS COMPONENT

Command usage

When a service or a host references a command, it separates its arguments with ‘!’, e.g: check_command check_load!5,4,3!6,5,4 where check_load is an existing Icinga command. On this component, that should be specified as

"check_command"= list ("check_load", "5,4,3", "6,5,4");

Check commands and event handlers are defined as such lists of strings, where the first element must be an ex- isting command name. For the above example to be valid, /software/components/icinga/commands/ check_load must exist.

The use tag

The use tag is not allowed by this component. It makes validation almost impossible, and any attempt to implement an incomplete validation would make the compilation awfully slow. However, Pan offers the same functionality as the use tag, without giving up with validation. You may want to use value, includeand create to simulate Icinga inheritance. The only downside of this approach is the growth of the LLD profile.

FILES

The following files are written by this component: * /etc/icinga/icinga.cfg * /etc/icinga/cgi.cfg * /etc/icinga/objects/contacts.cfg * /etc/icinga/objects/contactgroups.cfg * /etc/icinga/objects/hosts.cfg

276 Chapter 1. Content Quattor Documentation, Release 0.0.1

* /etc/icinga/objects/hostgroups.cfg * /etc/icinga/objects/hostdependencies.cfg * /etc/icinga/objects/services.cfg * /etc/icinga/objects/servicegroups.cfg * /etc/icinga/objects/servicedependencies.cfg * /etc/icinga/objects/serviceextinfo.cfg * /etc/icinga/objects/timeperiods.cfg * /etc/icinga/objects/commands.cfg * /etc/icinga/resources.cfg If they exist, they will be truncated, the owner and group set to Icinga and the permissions will be set to 0660. Note that config_file and resource_file directives are not valid. To keep consistency, everything must be set according to this layout.

Functions

• icinga_has_host_or_hostgroup • icinga_check_service_name – Description: Check if a list of service names does not contain illegal characters. • Arguments: – List of service names.

Types

• /software/icinga/icinga_hoststring • /software/icinga/icinga_hostgroupstring • /software/icinga/icinga_commandstrings • /software/icinga/icinga_timeperiodstring • /software/icinga/icinga_contactgroupstring • /software/icinga/icinga_contactstring • /software/icinga/icinga_servicegroupstring • /software/icinga/icinga_servicestring • /software/icinga/icinga_service_notification_string • /software/icinga/icinga_host_notification_string • /software/icinga/icinga_stalking_string • /software/icinga/icinga_execution_failure_string • /software/icinga/icinga_notification_failure_string • /software/icinga/structure_icinga_host_generic – /software/icinga/structure_icinga_host_generic/name

1.3. configuration-modules-core 277 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/icinga/structure_icinga_host_generic/check_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host_generic/max_check_attempts

* Optional * Type: long – /software/icinga/structure_icinga_host_generic/check_interval

* Optional * Type: long – /software/icinga/structure_icinga_host_generic/active_checks_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/passive_checks_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/check_period

* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_host_generic/obsess_over_host

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/check_freshness

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/freshness_threshold

* Optional * Type: long – /software/icinga/structure_icinga_host_generic/event_handler

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host_generic/event_handler_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/low_flap_threshold

278 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/icinga/structure_icinga_host_generic/high_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_host_generic/flap_detection_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/process_perf_data

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/retain_status_information

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/retain_nonstatus_information

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/contact_groups

* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_host_generic/notification_interval

* Optional * Type: long – /software/icinga/structure_icinga_host_generic/notification_period

* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_host_generic/notification_options

* Optional * Type: icinga_host_notification_string – /software/icinga/structure_icinga_host_generic/notifications_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/stalking_options

* Optional * Type: string – /software/icinga/structure_icinga_host_generic/register

1.3. configuration-modules-core 279 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean • /software/icinga/structure_icinga_host – /software/icinga/structure_icinga_host/alias

* Optional * Type: string – /software/icinga/structure_icinga_host/use

* Optional * Type: string – /software/icinga/structure_icinga_host/address

* Optional * Type: type_ip – /software/icinga/structure_icinga_host/parents

* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_host/hostgroups

* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_host/check_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host/max_check_attempts

* Optional * Type: long – /software/icinga/structure_icinga_host/check_interval

* Optional * Type: long – /software/icinga/structure_icinga_host/active_checks_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host/passive_checks_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host/check_period

* Optional * Type: icinga_timeperiodstring

280 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_host/obsess_over_host

* Optional * Type: boolean – /software/icinga/structure_icinga_host/check_freshness

* Optional * Type: boolean – /software/icinga/structure_icinga_host/freshness_threshold

* Optional * Type: long – /software/icinga/structure_icinga_host/event_handler

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host/event_handler_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host/low_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_host/high_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_host/flap_detection_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host/process_perf_data

* Optional * Type: boolean – /software/icinga/structure_icinga_host/failure_prediction_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host/retain_status_information

* Optional * Type: boolean – /software/icinga/structure_icinga_host/retain_nonstatus_information

* Optional * Type: boolean

1.3. configuration-modules-core 281 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_host/contact_groups

* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_host/notification_interval

* Optional * Type: long – /software/icinga/structure_icinga_host/notification_period

* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_host/notification_options

* Optional * Type: icinga_host_notification_string – /software/icinga/structure_icinga_host/notifications_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_host/stalking_options

* Optional * Type: string – /software/icinga/structure_icinga_host/register

* Optional * Type: boolean – /software/icinga/structure_icinga_host/action_url

* Optional * Type: string – /software/icinga/structure_icinga_host/notes

* Optional * Type: string – /software/icinga/structure_icinga_host/notes_url

* Optional * Type: string – /software/icinga/structure_icinga_host/_mgmt

* Optional * Type: string – /software/icinga/structure_icinga_host/_mgmtip

* Optional * Type: string

282 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_host/_quattorserver

* Optional * Type: string – /software/icinga/structure_icinga_host/_quattorserverip

* Optional * Type: string – /software/icinga/structure_icinga_host/_dimms

* Optional * Type: string – /software/icinga/structure_icinga_host/_cpus

* Optional * Type: string – /software/icinga/structure_icinga_host/_enclosureip

* Optional * Type: string – /software/icinga/structure_icinga_host/_enclosureslot

* Optional * Type: long • /software/icinga/structure_icinga_hostgroup – /software/icinga/structure_icinga_hostgroup/alias

* Optional * Type: string – /software/icinga/structure_icinga_hostgroup/members

* Optional * Type: icinga_hoststring • /software/icinga/structure_icinga_hostdependency – /software/icinga/structure_icinga_hostdependency/dependent_host_name

* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_hostdependency/notification_failure_criteria

* Optional * Type: icinga_host_notification_string • /software/icinga/structure_icinga_service – /software/icinga/structure_icinga_service/name

* Optional * Type: string

1.3. configuration-modules-core 283 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_service/use

* Optional * Type: string – /software/icinga/structure_icinga_service/host_name

* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_service/hostgroup_name

* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_service/servicegroups

* Optional * Type: icinga_servicegroupstring – /software/icinga/structure_icinga_service/is_volatile

* Optional * Type: boolean – /software/icinga/structure_icinga_service/check_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_service/max_check_attempts

* Optional * Type: long – /software/icinga/structure_icinga_service/check_interval

* Optional * Type: long – /software/icinga/structure_icinga_service/retry_interval

* Optional * Type: long – /software/icinga/structure_icinga_service/active_checks_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_service/passive_checks_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_service/check_period

* Optional * Type: icinga_timeperiodstring

284 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_service/parallelize_check

* Optional * Type: boolean – /software/icinga/structure_icinga_service/obsess_over_service

* Optional * Type: boolean – /software/icinga/structure_icinga_service/check_freshness

* Optional * Type: boolean – /software/icinga/structure_icinga_service/freshness_threshold

* Optional * Type: long – /software/icinga/structure_icinga_service/event_handler

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_service/event_handler_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_service/low_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_service/high_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_service/flap_detection_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_service/process_perf_data

* Optional * Type: boolean – /software/icinga/structure_icinga_service/retain_status_information

* Optional * Type: boolean – /software/icinga/structure_icinga_service/retain_nonstatus_information

* Optional * Type: boolean

1.3. configuration-modules-core 285 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_service/notification_interval

* Optional * Type: long – /software/icinga/structure_icinga_service/notification_period

* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_service/notification_options

* Optional * Type: icinga_service_notification_string – /software/icinga/structure_icinga_service/notifications_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_service/contact_groups

* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_service/stalking_options

* Optional * Type: icinga_stalking_string – /software/icinga/structure_icinga_service/register

* Optional * Type: boolean – /software/icinga/structure_icinga_service/failure_prediction_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_service/action_url

* Optional * Type: string • /software/icinga/structure_icinga_servicegroup – /software/icinga/structure_icinga_servicegroup/alias

* Optional * Type: string – /software/icinga/structure_icinga_servicegroup/members

* Optional * Type: icinga_servicestring – /software/icinga/structure_icinga_servicegroup/servicegroup_members

* Optional

286 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: icinga_servicegroupstring – /software/icinga/structure_icinga_servicegroup/notes

* Optional * Type: string – /software/icinga/structure_icinga_servicegroup/notes_url

* Optional * Type: type_absoluteURI – /software/icinga/structure_icinga_servicegroup/action_url

* Optional * Type: type_absoluteURI • /software/icinga/structure_icinga_servicedependency – /software/icinga/structure_icinga_servicedependency/dependent_host_name

* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_servicedependency/dependent_hostgroup_name

* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_servicedependency/dependent_service_description

* Optional * Type: icinga_servicestring – /software/icinga/structure_icinga_servicedependency/host_name

* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_servicedependency/hostgroup_name

* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_servicedependency/service_description

* Optional * Type: string – /software/icinga/structure_icinga_servicedependency/inherits_parent

* Optional * Type: boolean – /software/icinga/structure_icinga_servicedependency/execution_failure_criteria

* Optional * Type: icinga_execution_failure_string – /software/icinga/structure_icinga_servicedependency/notification_failure_criteria

1.3. configuration-modules-core 287 Quattor Documentation, Release 0.0.1

* Optional * Type: icinga_notification_failure_string – /software/icinga/structure_icinga_servicedependency/dependency_period

* Optional * Type: icinga_timeperiodstring • /software/icinga/structure_icinga_contact – /software/icinga/structure_icinga_contact/alias

* Optional * Type: string – /software/icinga/structure_icinga_contact/contactgroups

* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_contact/host_notification_period

* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_contact/service_notification_period

* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_contact/host_notification_options

* Optional * Type: icinga_host_notification_string – /software/icinga/structure_icinga_contact/service_notification_options

* Optional * Type: icinga_service_notification_string – /software/icinga/structure_icinga_contact/host_notification_commands

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_contact/service_notification_commands

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_contact/email

* Optional * Type: string – /software/icinga/structure_icinga_contact/pager

* Optional * Type: string

288 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/icinga/structure_icinga_contactgroup – /software/icinga/structure_icinga_contactgroup/alias

* Optional * Type: string – /software/icinga/structure_icinga_contactgroup/members

* Optional * Type: icinga_contactstring • /software/icinga/icinga_timerange • /software/icinga/structure_icinga_timeperiod – /software/icinga/structure_icinga_timeperiod/alias

* Optional * Type: string – /software/icinga/structure_icinga_timeperiod/monday

* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/tuesday

* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/wednesday

* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/thursday

* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/friday

* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/saturday

* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/sunday

* Optional * Type: icinga_timerange • /software/icinga/structure_icinga_serviceextinfo – /software/icinga/structure_icinga_serviceextinfo/host_name

* Optional

1.3. configuration-modules-core 289 Quattor Documentation, Release 0.0.1

* Type: icinga_hoststring – /software/icinga/structure_icinga_serviceextinfo/service_description

* Optional * Type: string – /software/icinga/structure_icinga_serviceextinfo/hostgroup_name

* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_serviceextinfo/notes

* Optional * Type: string – /software/icinga/structure_icinga_serviceextinfo/notes_url

* Optional * Type: type_absoluteURI – /software/icinga/structure_icinga_serviceextinfo/action_url

* Optional * Type: type_absoluteURI – /software/icinga/structure_icinga_serviceextinfo/icon_image

* Optional * Type: string – /software/icinga/structure_icinga_serviceextinfo/icon_image_alt

* Optional * Type: string • /software/icinga/structure_icinga_cgi_cfg – /software/icinga/structure_icinga_cgi_cfg/main_config_file

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/physical_html_path

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/url_html_path

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/url_stylesheets_path

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/http_charset

290 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/show_context_help

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/highlight_table_rows

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_pending_states

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_logging

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/cgi_log_file

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/cgi_log_rotation_method

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/cgi_log_archive_path

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/enforce_comments_on_actions

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/first_day_of_week

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_authentication

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_ssl_authentication

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/authorized_for_system_information

1.3. configuration-modules-core 291 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_configuration_information

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_system_commands

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_services

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_hosts

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_service_commands

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_host_commands

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/show_all_services_host_is_authorized_for

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/show_partial_hostgroups

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/statusmap_background_image

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/default_statusmap_layout

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/default_statuswrl_layout

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/statuswrl_include

292 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/ping_syntax

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/refresh_rate

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/escape_html_tags

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/persistent_ack_comments

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/action_url_target

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/notes_url_target

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/lock_author_names

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/default_downtime_duration

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/status_show_long_plugin_output

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/tac_show_only_hard_state

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/suppress_maintenance_downtime

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/show_tac_header

1.3. configuration-modules-core 293 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/show_tac_header_pending

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/tab_friendly_titles

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/default_expiring_acknowledgement_duration

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/default_expiring_disabled_notifications_duration

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/display_status_totals

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/extinfo_show_child_hosts

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/log_file

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/log_rotation_method

* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/lowercase_user_name

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/result_limit

* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/send_ack_notifications

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/set_expire_ack_by_default

294 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/standalone_installation

* Optional * Type: boolean • /software/icinga/structure_icinga_icinga_cfg – /software/icinga/structure_icinga_icinga_cfg/log_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/object_cache_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/resource_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/status_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/icinga_user

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/icinga_group

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/check_external_commands

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/command_check_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/command_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/external_command_buffer_slots

* Optional * Type: long

1.3. configuration-modules-core 295 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/lock_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/temp_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/event_broker_options

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/log_rotation_method

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/log_archive_path

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/use_syslog

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_notifications

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_service_retries

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_host_retries

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_event_handlers

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_initial_states

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_current_states

* Optional * Type: boolean

296 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/log_external_commands

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_passive_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_external_commands_user

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_long_plugin_output

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/global_host_event_handler

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_inter_check_delay_method

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/max_service_check_spread

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/service_interleave_factor

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_inter_check_delay_method

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/max_host_check_spread

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/max_concurrent_checks

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/service_reaper_frequency

* Optional * Type: long

1.3. configuration-modules-core 297 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/check_result_buffer_slots

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/auto_reschedule_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/auto_rescheduling_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/auto_rescheduling_window

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/sleep_time

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_check_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/host_check_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/event_handler_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/notification_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/ocsp_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/perfdata_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/retain_state_information

* Optional * Type: boolean

298 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/state_retention_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/retention_update_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_retained_program_state

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/dump_retained_host_service_states_to_neb

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/use_retained_scheduling_info

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/interval_length

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_aggressive_host_checking

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/execute_service_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/accept_passive_service_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/execute_host_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/accept_passive_host_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_notifications

* Optional * Type: boolean

1.3. configuration-modules-core 299 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/enable_event_handlers

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/process_performance_data

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_template

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_template

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_mode

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_mode

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_processing_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_processing_interval

* Optional * Type: long

300 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_processing_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_processing_command

* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/allow_empty_hostgroup_assignment

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/obsess_over_services

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_for_orphaned_services

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_service_freshness

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/service_freshness_check_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/check_host_freshness

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/host_freshness_check_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/status_update_interval

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/enable_flap_detection

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/low_service_flap_threshold

* Optional * Type: long

1.3. configuration-modules-core 301 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/high_service_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/low_host_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/high_host_flap_threshold

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/date_format

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/p1_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/enable_embedded_perl

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/use_embedded_perl_implicitly

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/stalking_event_handlers_for_hosts

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/stalking_event_handlers_for_services

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/illegal_object_name_chars

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/illegal_macro_output_chars

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/use_regexp_matching

* Optional * Type: boolean

302 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/use_true_regexp_matching

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/admin_email

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/admin_pager

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/daemon_dumps_core

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_result_path

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/precached_object_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/temp_path

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/retained_host_attribute_mask

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_service_attribute_mask

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_process_host_attribute_mask

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_process_service_attribute_mask

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_contact_host_attribute_mask

* Optional * Type: boolean

1.3. configuration-modules-core 303 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/retained_contact_service_attribute_mask

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/max_check_result_file_age

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/translate_passive_host_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/passive_host_checks_are_soft

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_predictive_host_dependency_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_predictive_service_dependency_checks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/cached_host_check_horizon

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/cached_service_check_horizon

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_large_installation_tweaks

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/free_child_process_memory

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/child_processes_fork_twice

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_environment_macros

* Optional * Type: boolean

304 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_icinga_cfg/soft_state_dependencies

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/ochp_timeout

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/ochp_command

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/use_timezone

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/broker_module

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/module

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/debug_file

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/debug_level

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/debug_verbosity

* Optional * Type: long * Range: 0..2 – /software/icinga/structure_icinga_icinga_cfg/max_debug_file_size

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/ocsp_command

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/check_result_path

* Optional

1.3. configuration-modules-core 305 Quattor Documentation, Release 0.0.1

* Type: string – /software/icinga/structure_icinga_icinga_cfg/event_profiling_enabled

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/additional_freshness_latency

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/check_for_orphaned_hosts

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_result_reaper_frequency

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/keep_unknown_macros

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/max_check_result_reaper_time

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/obsess_over_hosts

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/service_check_timeout_state

* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/stalking_notifications_for_hosts

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/stalking_notifications_for_services

* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/syslog_local_facility

* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_daemon_log

* Optional

306 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/icinga/structure_icinga_icinga_cfg/use_syslog_local_facility

* Optional * Type: boolean • /software/icinga/structure_icinga_service_list • /software/icinga/structure_icinga_ido2db_cfg – /software/icinga/structure_icinga_ido2db_cfg/lock_file

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/ido2db_user

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/ido2db_group

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/socket_type

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/socket_name

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/tcp_port

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/use_ssl

* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/db_servertype

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_host

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_port

* Optional * Type: long

1.3. configuration-modules-core 307 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_ido2db_cfg/db_name

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_prefix

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_user

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_pass

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/max_timedevents_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_systemcommands_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_servicechecks_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_hostchecks_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_eventhandlers_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_externalcommands_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/clean_realtime_tables_on_core_startup

* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/clean_config_tables_on_core_startup

* Optional * Type: boolean

308 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_ido2db_cfg/trim_db_interval

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/housekeeping_thread_startup_delay

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/debug_level

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/debug_verbosity

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/debug_file

* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/max_debug_file_size

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/oci_errors_to_syslog

* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/debug_readable_timestamp

* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/max_acknowledgements_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_contactnotificationmethods_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_contactnotifications_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_logentries_age

* Optional * Type: long

1.3. configuration-modules-core 309 Quattor Documentation, Release 0.0.1

– /software/icinga/structure_icinga_ido2db_cfg/max_notifications_age

* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/socket_perm

* Optional * Type: string • /software/icinga/structure_component_icinga – /software/icinga/structure_component_icinga/ignore_hosts

* Optional * Type: string – /software/icinga/structure_component_icinga/hosts

* Optional * Type: structure_icinga_host – /software/icinga/structure_component_icinga/hosts_generic

* Optional * Type: structure_icinga_host_generic – /software/icinga/structure_component_icinga/hostgroups

* Optional * Type: structure_icinga_hostgroup – /software/icinga/structure_component_icinga/hostdependencies

* Optional * Type: structure_icinga_hostdependency – /software/icinga/structure_component_icinga/services

* Optional * Type: structure_icinga_service_list – /software/icinga/structure_component_icinga/servicegroups

* Optional * Type: structure_icinga_servicegroup – /software/icinga/structure_component_icinga/general

* Optional * Type: structure_icinga_icinga_cfg – /software/icinga/structure_component_icinga/cgi

* Optional * Type: structure_icinga_cgi_cfg – /software/icinga/structure_component_icinga/serviceextinfo

* Optional

310 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: structure_icinga_serviceextinfo – /software/icinga/structure_component_icinga/servicedependencies

* Optional * Type: structure_icinga_servicedependency – /software/icinga/structure_component_icinga/timeperiods

* Optional * Type: structure_icinga_timeperiod – /software/icinga/structure_component_icinga/contacts

* Optional * Type: structure_icinga_contact – /software/icinga/structure_component_icinga/contactgroups

* Optional * Type: structure_icinga_contactgroup – /software/icinga/structure_component_icinga/commands

* Optional * Type: string – /software/icinga/structure_component_icinga/macros

* Optional * Type: string – /software/icinga/structure_component_icinga/external_files

* Optional * Type: string – /software/icinga/structure_component_icinga/external_dirs

* Optional * Type: string – /software/icinga/structure_component_icinga/ido2db

* Optional * Type: structure_icinga_ido2db_cfg interactivelimits

NAME

NCM::interactivelimits - NCM interactivelimits configuration component

1.3. configuration-modules-core 311 Quattor Documentation, Release 0.0.1

SYNOPSIS

Configure() Updates the /etc/security/limits.conf file with system limits for interactive users. This file is read by /lib/security/pam_limits.so and the values defined there are respected. Returns error in case of failure.

RESOURCES

* /software/components/interactivelimits/active : boolean Activates/deactivates the component. * /software/components/interactivelimits/values : list Defines all values that should be configured in /etc/security/limits.conf. Example of such a definition from a node profile:

"/software/components/interactivelimits/values"= list( list("username", "soft", "core", "0"), list("username", "hard", "nofile", "65536"), list("username", "soft", "nproc", "16384"), list("username", "hard", "as", "unlimited"), );

Types

• /software/interactivelimits/component_interactivelimits_type – /software/interactivelimits/component_interactivelimits_type/values

* Optional * Type: string ipmi

NAME

NCM::ipmi - Components used to manage IPMI configuration

RESOURCES

* /software/components/ipmi/active : boolean Activates/deactivates the component.

FILES

This component doesn’t touch any file.

312 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/ipmi/structure_users – /software/ipmi/structure_users/login

* Optional * Type: string – /software/ipmi/structure_users/password

* Optional * Type: string – /software/ipmi/structure_users/priv

* Optional * Type: string – /software/ipmi/structure_users/userid

* Optional * Type: long • /software/ipmi/component_ipmi_type – /software/ipmi/component_ipmi_type/channel

* Optional * Type: long – /software/ipmi/component_ipmi_type/users

* Optional * Type: structure_users – /software/ipmi/component_ipmi_type/net_interface

* Optional * Type: string iptables

NAME iptables: Setup the IPTABLES firewall rules.

DESCRIPTION

The IPTABLES component perform the setup of the /etc/sysconfig/iptables configuration file and restarts the iptables service.

1.3. configuration-modules-core 313 Quattor Documentation, Release 0.0.1

SYNOPSIS

Configure() This function apply the component resource declaration to the IPTABLES firewall tables. The accept, drop, reject, return, classify and logdefault targets are supported. User defined targets are supported. We recommend that users specify new targets as a rule in the profile but the system will create them if it needs to - N.B. This means that you need to spell target names consistently and with identical capitalisation otherwise you will end up with multiple chains. E.g. chain “LocalRules” is not the same as “localrules”. Duplicated entries in the component resource declaration are ignored. For each configured table, the chains are added to the /etc/sysconfig/iptables in order, the relative order among the rules belonging to the same chain is preserved.

RESOURCES

* << /software/components/iptables>>

Top component description with the following parameters:

"filter" ? component_iptables_acls "nat" ? component_iptables_acls "mangle" ? component_iptables_acls

These parameters correspond to the three IPTABLES table types.

* type component_iptables_acls

The component_iptables_acls type is defined as:

"preamble" ? component_iptables_preamble "rules" ? component_iptables_rule[] "epilogue" ? string "ordered_rules" ? string with match (self, 'yes|no')

The epilogue parameter is the “COMMIT” command at the end of IPTABLES table description. Presently, no check is performed upon the content of this parameter. If ordered_rules is set to yes, the ruleset will be written as ordered in the original array. If set to no is is unset (the default), the rules will be ordered by target type (first, all the “log” rules, then “accept”,”drop”, and “logging”).

* type component_iptables_preamble

The component_iptables_preamble type is defined as:

"input" ? string "output" ? string "forward" ? string

These parameters contain the global rules for stated rules, e.g. :INPUT ACCEPT [0:0]. Presently, no check is performed upon the content of this parameters.

314 Chapter 1. Content Quattor Documentation, Release 0.0.1

* type component_iptables_rule

The component_iptables_rule type is defined as:

"command" ? string "chain" : string "protocol" ? string "src_addr" ? string "src_port" ? string "src_ports" ? string "dst_addr" ? string "dst_port" ? string "dst_ports" ? string "syn" ? boolean "nosyn" ? boolean "match" ? string "state" ? string "ctstate" ? string "limit" ? string "icmp_type" ? string "in_interface" ? string "out_interface" ? string "fragment" ? boolean "nofragment" ? boolean "target" : string "reject-with" ? string "log-prefix" ? string "log-level" ? string "log-tcp-options" ? boolean "log-tcp-sequence" ? boolean "log-ip-options" ? boolean "set-class" ? string "limit-burst" ? number "length" ? string "set" ? boolean "rcheck" ? boolean "seconds" ? number

* The “command” defines the action to perform: “-A”, “-D”, “-I”, “-N” or “-R”, it defaults to “-A”. * The “chain” defines the chain: “input”, “output” or “forward”. * The “protocol” defines the packet protocol: “tcp”, “udp” or “icmp”. * The “src_addr” defines the packet source address, it can be an IP address, or a network in the form net/mask (CIDR notation or full mask), or a hostname (which will be resolved at configuration time, not at runtime) - all of which can be optionally prepended with “!” to negate the selection. To limit the ability of hackers/crackers to use your system for DDoS attacks it is worthwhile, for machines which are not being used as routers, to block packets which do not come from their IP address in the OUTPUT tables. * The “src_port” defines the packet source port, it may be an integer or a service name included in the /etc/ services file. This parameter requires “protocol” also be set. * The “dst_addr” defines the packet destination address, it follows the same rules as the src_addr parameter. * The “dst_port” defines the packet destination port, it follows the same rules as the src_port parameter. This param- eter requires “protocol” also be set. * The “syn” defines the TCP packet with the SYN bit set to one, it will be set if the parameter is true. * The “match” defines the match extension module for the packet.

1.3. configuration-modules-core 315 Quattor Documentation, Release 0.0.1

* The “state” defines the connection state. * The “limit” defines the limit for logging. * The “limit-burst” defines the number of instances per time step to record. * The “icmp_type” defines the icmp type packet. * The “in_interface” defines the input interface for the packet. * The “out_interface” defines the output interface for the packet. * The “target” defines the target for the packet: “log”, “accept” or “drop”.

* function add_rule(

, )

This function add a new entry rule to the resource list

"/software/components/iptables/

/rules"

FILES

/etc/sysconfig/iptables:

IPTABLES firewall configuration file policy.

EXAMPLES

Simple example

The following is a code snippet from a node profile. The lines have been numbered to aid the description. This sets up IPTables and adds the necessary rules to restrict access to SSH and allows all outgoing connections.

1 "/software/components/iptables/active"= true; 2 "/software/components/iptables/dispatch"= default(true); 3 "/software/components/iptables/dependencies/pre"= list("spma"); 4 "/software/components/iptables/filter/preamble/input"= "DROP [0:0]"; 5 "/software/components/iptables/filter/preamble/output"= "ACCEPT [0:0]"; 6 "/software/components/iptables/filter/preamble/forward"= "DROP [0:0]"; 7 "/software/components/iptables/filter/epilogue"= "COMMIT"; 8 9 "/software/components/iptables/filter/rules"= append(nlist( 10 "command", "-A", 11 "chain", "input", 12 "target", "accept", 13 "match", "state", 14 "state", "ESTABLISHED")); 15 "/software/components/iptables/filter/rules"= append(nlist( 16 "command", "-A", 17 "chain", "input", 18 "target", "accept", 19 "match", "state", 20 "state", "RELATED")); 21 "/software/components/iptables/filter/rules"= append(nlist( (continues on next page)

316 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) 22 "command", "-A", 23 "chain", "input", 24 "target", "accept", 25 "match", "state", 26 "state", "NEW", 27 "protocol", "tcp", 28 "dst_port", "ssh"));

* Line 1 sets IPTables to be active and line 3 ensures that the software gets installed before the component tries to configure it. * Lines 4-6 set the default policy for the input, output and forward chains. These can be set to either accept or drop. We don’t recommend that you set these to log unless you have a very, very large disk. The COMMIT in line 7 is required by IPTables otherwise the rule set will be generated but not acted on. * Lines 9 to 14 sets a rule to allow established connections. * Lines 15 to 20 sets a rule to allow related connections. These are used by multi-threaded applications, such as SSH, which move the connection to a random port after authentication. * Lines 21 to 28 creates a rule to allow the ssh service. The port number is set by the component querying /etc/ services. Alternatively you can specify the specific port number yourself.

Additional rules

DHCP

"/software/components/iptables/filter/rules"= append(nlist( "command", "-A", "chain", "input", "target", "accept", "protocol", "udp", "src_port", "67:68", "dst_port", "67:68"));

NTP

"/software/components/iptables/filter/rules"= append(nlist( "command", "-A", "chain", "input", "target", "accept", "protocol", "udp", "src_port", "123", "dst_port", "123"));

Samhain

"/software/components/iptables/filter/rules"= append(nlist( "command", "-A", "chain", "input", "target", "accept", (continues on next page)

1.3. configuration-modules-core 317 Quattor Documentation, Release 0.0.1

(continued from previous page) "protocol", "tcp", "src_port", "49777", "dst_port", "49777"));

GridFTP Server

"/software/components/iptables/filter/rules"= append(nlist( "command", "-A", "chain", "input", "target", "accept", "protocol", "tcp", "dst_port", "2811"));

Types

• /software/iptables/component_iptables_rule – /software/iptables/component_iptables_rule/new_chain

* Optional * Type: string – /software/iptables/component_iptables_rule/append

* Optional * Type: string – /software/iptables/component_iptables_rule/delete

* Optional * Type: string – /software/iptables/component_iptables_rule/insert

* Optional * Type: string – /software/iptables/component_iptables_rule/replace

* Optional * Type: string – /software/iptables/component_iptables_rule/target

* Optional * Type: string – /software/iptables/component_iptables_rule/jump

* Optional * Type: string – /software/iptables/component_iptables_rule/src_addr

* Optional

318 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/iptables/component_iptables_rule/src

* Optional * Type: string – /software/iptables/component_iptables_rule/source

* Optional * Type: string – /software/iptables/component_iptables_rule/src_port

* Optional * Type: string – /software/iptables/component_iptables_rule/src_ports

* Optional * Type: string – /software/iptables/component_iptables_rule/dst_addr

* Optional * Type: string – /software/iptables/component_iptables_rule/dst

* Optional * Type: string – /software/iptables/component_iptables_rule/destination

* Optional * Type: string – /software/iptables/component_iptables_rule/dst_port

* Optional * Type: string – /software/iptables/component_iptables_rule/dst_ports

* Optional * Type: string – /software/iptables/component_iptables_rule/in_interface

* Optional * Type: string – /software/iptables/component_iptables_rule/in-interface

* Optional * Type: string – /software/iptables/component_iptables_rule/out_interface

* Optional

1.3. configuration-modules-core 319 Quattor Documentation, Release 0.0.1

* Type: string – /software/iptables/component_iptables_rule/out-interface

* Optional * Type: string – /software/iptables/component_iptables_rule/match

* Optional * Type: string – /software/iptables/component_iptables_rule/state

* Optional * Type: string – /software/iptables/component_iptables_rule/ctstate

* Optional * Type: string – /software/iptables/component_iptables_rule/ttl

* Optional * Type: string – /software/iptables/component_iptables_rule/tos

* Optional * Type: string – /software/iptables/component_iptables_rule/sid-owner

* Optional * Type: string – /software/iptables/component_iptables_rule/limit

* Optional * Type: string – /software/iptables/component_iptables_rule/syn

* Optional * Type: boolean – /software/iptables/component_iptables_rule/nosyn

* Optional * Type: boolean – /software/iptables/component_iptables_rule/icmp-type

* Optional * Type: string – /software/iptables/component_iptables_rule/protocol

* Optional

320 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/iptables/component_iptables_rule/log-prefix

* Optional * Type: string – /software/iptables/component_iptables_rule/log-level

* Optional * Type: string – /software/iptables/component_iptables_rule/log-tcp-options

* Optional * Type: boolean – /software/iptables/component_iptables_rule/log-tcp-sequence

* Optional * Type: boolean – /software/iptables/component_iptables_rule/log-ip-options

* Optional * Type: boolean – /software/iptables/component_iptables_rule/log-uid

* Optional * Type: boolean – /software/iptables/component_iptables_rule/reject-with

* Optional * Type: string – /software/iptables/component_iptables_rule/set-class

* Optional * Type: string – /software/iptables/component_iptables_rule/limit-burst

* Optional * Type: string – /software/iptables/component_iptables_rule/to-destination

* Optional * Type: string – /software/iptables/component_iptables_rule/to-ports

* Optional * Type: string – /software/iptables/component_iptables_rule/to-source

* Optional

1.3. configuration-modules-core 321 Quattor Documentation, Release 0.0.1

* Type: string – /software/iptables/component_iptables_rule/uid-owner

* Optional * Type: string – /software/iptables/component_iptables_rule/tcp-flags

* Optional * Type: string – /software/iptables/component_iptables_rule/tcp-option

* Optional * Type: string – /software/iptables/component_iptables_rule/command

* Optional * Type: string – /software/iptables/component_iptables_rule/chain

* Optional * Type: string – /software/iptables/component_iptables_rule/icmp_type

* Optional * Type: string – /software/iptables/component_iptables_rule/fragment

* Optional * Type: boolean – /software/iptables/component_iptables_rule/nofragment

* Optional * Type: boolean – /software/iptables/component_iptables_rule/length

* Optional * Type: string – /software/iptables/component_iptables_rule/set

* Optional * Type: boolean – /software/iptables/component_iptables_rule/rcheck

* Optional * Type: boolean – /software/iptables/component_iptables_rule/remove

* Optional

322 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/iptables/component_iptables_rule/rdest

* Optional * Type: boolean – /software/iptables/component_iptables_rule/rsource

* Optional * Type: boolean – /software/iptables/component_iptables_rule/rttl

* Optional * Type: boolean – /software/iptables/component_iptables_rule/update

* Optional * Type: boolean – /software/iptables/component_iptables_rule/seconds

* Optional * Type: number – /software/iptables/component_iptables_rule/hitcount

* Optional * Type: number – /software/iptables/component_iptables_rule/name

* Optional * Type: string – /software/iptables/component_iptables_rule/pkt-type

* Optional * Type: string – /software/iptables/component_iptables_rule/comment

* Optional * Type: string • /software/iptables/component_iptables_preamble – /software/iptables/component_iptables_preamble/input

* Optional * Type: string – /software/iptables/component_iptables_preamble/output

* Optional * Type: string – /software/iptables/component_iptables_preamble/forward

1.3. configuration-modules-core 323 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/iptables/component_iptables_preamble/prerouting

* Optional * Type: string – /software/iptables/component_iptables_preamble/postrouting

* Optional * Type: string • /software/iptables/component_iptables_acls – /software/iptables/component_iptables_acls/preamble

* Optional * Type: component_iptables_preamble – /software/iptables/component_iptables_acls/rules

* Optional * Type: component_iptables_rule – /software/iptables/component_iptables_acls/epilogue

* Optional * Type: string – /software/iptables/component_iptables_acls/ordered_rules

* Optional * Type: legacy_binary_affirmation_string • /software/iptables/component_iptables – /software/iptables/component_iptables/filter

* Optional * Type: component_iptables_acls – /software/iptables/component_iptables/nat

* Optional * Type: component_iptables_acls – /software/iptables/component_iptables/mangle

* Optional * Type: component_iptables_acls ldconf

NAME ldconf: NCM component to manage /etc/ld.so.conf file.

324 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

The ldconf component manages the /etc/ld.so.conf file. This component can only ensure that listed directories exist in the /etc/ls.so.conf file. It cannot remove entries previously added by this component.

RESOURCES

* /software/components/ldconf/conffile The configuration file to manage. Should be set to /etc/ld.so.confunless your doing something unusual. * /software/components/ldconf/paths List of paths to ensure are in the ld.so.conf configuration file.

Types

• /software/ldconf/component_ldconf – /software/ldconf/component_ldconf/conffile

* Optional * Type: string – /software/ldconf/component_ldconf/paths

* Optional * Type: string libvirtd

DESCRIPTION

The libvirtd component manages the configuration of the the libvirtd daemon.

CONFIGURATION PARAMETERS

The base path for all of the configuration parameters is /software/components/libvirtd. The following sections describe the elements that are permitted directly below this base path. With further parameters described in each section. All parameters are optional. Except the configuration file location. libvirtd_config (R ‘/etc/libvirt/libvirtd.conf’)

This string defines the location of the libvirtd configuration file.

1.3. configuration-modules-core 325 Quattor Documentation, Release 0.0.1

network

This sections contains the networking parameters. * listen_tls: 0 or 1, enabled by default * listen_tcp: 0 or 1, disabled by default * tls_port: port number (16514) or service name * tcp_port: port number (16509) or service name * listen_addr (type_hostname): IPv4/v6 address or hostname * mdns_adv: 0 or 1, enabled by default * mdns_name: default string is “Virtualization Host HOSTNAME”

socket

This section contains the configuration for unix sockets. * unix_sock_group: restricted to root by default * unix_sock_ro_perms: octal string, default allows any user * unix_sock_rw_perms: octal string * unix_sock_dir: directory of created sockets

authn

This section contains the authentication parameters. * auth_unix_ro: 'none|sasl|polkit', default anyone * auth_unix_rw: 'none|sasl|polkit', default polkit * auth_tcp’ ? 'none|sasl', should be ‘sasl’ for production * auth_tls’ ? 'none|sasl' tls

This section contains the parameters for TLS. * key_file: full path to key file * cert_file: full path to certificate file * ca_file: full path to certificate authority certificate * crl_file: fall path to CRL

326 Chapter 1. Content Quattor Documentation, Release 0.0.1 authz

This section contains the authorization parameters. * tls_no_verify_certificate: 0 or 1, defaults to verification * tls_allowed_dn_list: list of allowed DNs * sasl_allowed_username_list: list of allowed usernames processing

This section contains the parameters used to control the processing. * max_clients: maximum number of clients * min_workers: minimum number of workers * max_workers: maximum number of workers * max_requests: maximum number of requests * max_client_requests: maximum number of client requests logging

This section contains the parameters used to control the logging. * log_level: 4=errors,3=warnings,2=info,1=debug,0=none * log_filters: list of filters, see man for format * log_outputs: list of outputs, see man for format

Types

• /software/libvirtd/structure_libvirtd_network – /software/libvirtd/structure_libvirtd_network/listen_tls

* Optional * Type: long * Range: 0..1 – /software/libvirtd/structure_libvirtd_network/listen_tcp

* Optional * Type: long * Range: 0..1 – /software/libvirtd/structure_libvirtd_network/tls_port

* Optional * Type: string – /software/libvirtd/structure_libvirtd_network/tcp_port

* Optional

1.3. configuration-modules-core 327 Quattor Documentation, Release 0.0.1

* Type: string – /software/libvirtd/structure_libvirtd_network/listen_addr

* Optional * Type: type_hostname – /software/libvirtd/structure_libvirtd_network/mdns_adv

* Optional * Type: long * Range: 0..1 – /software/libvirtd/structure_libvirtd_network/mdns_name

* Optional * Type: string • /software/libvirtd/structure_libvirtd_socket – /software/libvirtd/structure_libvirtd_socket/unix_sock_group

* Optional * Type: string – /software/libvirtd/structure_libvirtd_socket/unix_sock_ro_perms

* Optional * Type: string – /software/libvirtd/structure_libvirtd_socket/unix_sock_rw_perms

* Optional * Type: string – /software/libvirtd/structure_libvirtd_socket/unix_sock_dir

* Optional * Type: string • /software/libvirtd/structure_libvirtd_authn – /software/libvirtd/structure_libvirtd_authn/auth_unix_ro

* Optional * Type: string – /software/libvirtd/structure_libvirtd_authn/auth_unix_rw

* Optional * Type: string – /software/libvirtd/structure_libvirtd_authn/auth_tcp

* Optional * Type: string – /software/libvirtd/structure_libvirtd_authn/auth_tls

* Optional

328 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/libvirtd/structure_libvirtd_tls – /software/libvirtd/structure_libvirtd_tls/key_file

* Optional * Type: string – /software/libvirtd/structure_libvirtd_tls/cert_file

* Optional * Type: string – /software/libvirtd/structure_libvirtd_tls/ca_file

* Optional * Type: string – /software/libvirtd/structure_libvirtd_tls/crl_file

* Optional * Type: string • /software/libvirtd/structure_libvirtd_authz – /software/libvirtd/structure_libvirtd_authz/tls_no_verify_certificate

* Optional * Type: long * Range: 0..1 – /software/libvirtd/structure_libvirtd_authz/tls_allowed_dn_list

* Optional * Type: string – /software/libvirtd/structure_libvirtd_authz/sasl_allowed_username_list

* Optional * Type: string • /software/libvirtd/structure_libvirtd_processing – /software/libvirtd/structure_libvirtd_processing/max_clients

* Optional * Type: long * Range: 1.. – /software/libvirtd/structure_libvirtd_processing/min_workers

* Optional * Type: long * Range: 1.. – /software/libvirtd/structure_libvirtd_processing/max_workers

* Optional

1.3. configuration-modules-core 329 Quattor Documentation, Release 0.0.1

* Type: long * Range: 1.. – /software/libvirtd/structure_libvirtd_processing/max_requests

* Optional * Type: long * Range: 1.. – /software/libvirtd/structure_libvirtd_processing/max_client_requests

* Optional * Type: long * Range: 1.. • /software/libvirtd/structure_libvirtd_logging – /software/libvirtd/structure_libvirtd_logging/log_level

* Optional * Type: long * Range: 0..4 – /software/libvirtd/structure_libvirtd_logging/log_filters

* Optional * Type: string – /software/libvirtd/structure_libvirtd_logging/log_outputs

* Optional * Type: string • /software/libvirtd/structure_component_libvirtd – /software/libvirtd/structure_component_libvirtd/libvirtd_config

* Optional * Type: string – /software/libvirtd/structure_component_libvirtd/network

* Optional * Type: structure_libvirtd_network – /software/libvirtd/structure_component_libvirtd/socket

* Optional * Type: structure_libvirtd_socket – /software/libvirtd/structure_component_libvirtd/authn

* Optional * Type: structure_libvirtd_authn – /software/libvirtd/structure_component_libvirtd/tls

* Optional

330 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: structure_libvirtd_tls – /software/libvirtd/structure_component_libvirtd/authz

* Optional * Type: structure_libvirtd_authz – /software/libvirtd/structure_component_libvirtd/processing

* Optional * Type: structure_libvirtd_processing – /software/libvirtd/structure_component_libvirtd/logging

* Optional * Type: structure_libvirtd_logging

metaconfig

NAME

ncm-metaconfig: Configure services whose config format can be rendered via EDG::WP4::CCM::TextRender.

CONFIGURATION MODULES

The following formats can be rendered via EDG::WP4::CCM::TextRender: * general Uses Perl’s Config::General. This leads to configuration files similar to this one:

scalar value another scalar value list_element0 list_element1 list_element2

* tiny Uses Perl’s Config::Tiny, typically for key = value files or INI-like files with sections separated by [section] headers. * yaml Uses Perl’s YAML::XS for rendering YAML configuration files. * json Uses JSON::XS for rendering JSON configuration files. * properties Uses Config::Properties for rendering Java-style configuration files. * Any other string

1.3. configuration-modules-core 331 Quattor Documentation, Release 0.0.1

Uses Template::Toolkit for rendering configuration files in formats supplied by the user. The name of the template is given by this field. It must be a path relative to metaconfig/, and the component actively sanitizes this field.

EXAMPLES

Configuring /etc/ccm.conf

The well-known /etc/ccm.conf can be defined like this:

Define a valid structure for the file type ccm_conf_file={ "profile" : type_absoluteURI "debug" : long(0..5) "force" : boolean= false ... }; bind "/software/components/metaconfig/services/{/etc/ccm.conf}/contents"= ccm_conf_

˓→file;

Fill in the contents prefix "/software/components/metaconfig/services/{/etc/ccm.conf}"

"contents/profile"= "http://www.google.com"; "module"= "general";

And that’s it

Now, just compile and deploy. You should get the same results as with old good ncm-ccm.

Generating an INI-like file

We can generate simple INI-like files with the Config::Tiny module.

Example schema

Let’s imagine the file has two sections with one key each:

# This is the first section, labeled "s1" type section_1={ "a" : long };

(continues on next page)

332 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) # This is the second section, labeled "s2" type section_2={ "b" : string };

# This is the full file structure type my_ini_file={ "s1" : section_1 "s2" : section_2 }; bind "/software/components/metaconfig/services/{/etc/foo.ini}/contents"= my_ini_file;

Describing the file

We’ll define the permissions, who renders it and which daemons are associated to it. prefix "/software/components/metaconfig/services/{/etc/foo.ini}";

"mode"= 0600; "owner"= "root"; "group"= "root"; "module"= "tiny"; "daemons/foo"= "restart"; "daemons/bar"= "reload";

And we’ll ensure the module that renders it is installed (Yum-based syntax here):

"/software/packages/{perl-Config-Tiny}"= nlist();

Describing the file’s contents

And now, we only have to specify the contents: prefix "/software/components/metaconfig/services/{/etc/foo.ini}/contents"; "s1/a"= 42; "s2/b"= "hitchicker";

And that’s it

That’s it! When you deploy your configuration you should see your /etc/foo.ini in the correct location.

Types

• /software/metaconfig/metaconfig_extension • /software/metaconfig/metaconfig_textrender_convert – Description: Convert value of certain types (e.g. boolean to string yes/no) (using the CCM::TextRender element options)

1.3. configuration-modules-core 333 Quattor Documentation, Release 0.0.1

– /software/metaconfig/metaconfig_textrender_convert/yesno

* Description: Convert boolean to (lowercase) ‘yes’ and ‘no’. * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/YESNO

* Description: Convert boolean to (uppercase) ‘YES’ and ‘NO’. * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/truefalse

* Description: Convert boolean to (lowercase) ‘true’ and ‘false’. * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/TRUEFALSE

* Description: Convert boolean to (uppercase) ‘TRUE’ and ‘FALSE’. * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/doublequote

* Description: Convert string to doublequoted string. * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/singlequote

* Description: Convert string to singlequoted string. * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/joincomma

* Description: Convert list to comma-separated string * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/joinspace

* Description: Convert list to space-separated string * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/unescapekey

* Description: Unescape all dict keys * Optional * Type: boolean

334 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/metaconfig/metaconfig_textrender_convert/lowerkey

* Description: Convert all dict keys to lowercase * Optional * Type: boolean – /software/metaconfig/metaconfig_textrender_convert/upperkey

* Description: Convert all dict keys to uppercase * Optional * Type: boolean • /software/metaconfig/caf_service_action • /software/metaconfig/metaconfig_config – /software/metaconfig/metaconfig_config/mode

* Description: File permissions. Defaults to 0644. * Optional * Type: long – /software/metaconfig/metaconfig_config/owner

* Description: File owner. Defaults to root. * Optional * Type: string – /software/metaconfig/metaconfig_config/group

* Description: File group. Defaults to root. * Optional * Type: string – /software/metaconfig/metaconfig_config/daemons

* Description: An dict with foreach daemon the CAF::Service action to take if the file changes. Even if multiple services are associated to the same daemon, each action for the daemon will be taken at most once. If multiple actions are to be taken for the same daemon, all actions will be taken (no attempt to optimize is made).

* Optional * Type: caf_service_action – /software/metaconfig/metaconfig_config/module

* Description: Module to render the configuration file. See ‘CONFIGURATION MODULES’ in manpage.

* Optional * Type: string – /software/metaconfig/metaconfig_config/backup

* Description: Extension for the file’s backup. * Optional

1.3. configuration-modules-core 335 Quattor Documentation, Release 0.0.1

* Type: string – /software/metaconfig/metaconfig_config/preamble

* Description: Text to place at start of file. It can be useful to include context in a configuration file, in the form of a comment, such as how it was generated. Most of the formats that can be output by this component support “comment” lines, but none of the modules that it uses will generate them. The preamble attribute will be written out verbatim, before the contents is generated. No comment character is added, the user must specify this as part of the preamble string.

* Optional * Type: string – /software/metaconfig/metaconfig_config/contents

* Description: A free-form structure describing the valid entries for the configuration file. It is recommended to define another type for each config file, and bind it to these contents, to get the best validation.

* Optional * Type: metaconfig_extension – /software/metaconfig/metaconfig_config/convert

* Description: Predefined conversions from EDG::WP4::CCM::TextRender * Optional * Type: metaconfig_textrender_convert • /software/metaconfig/metaconfig_component – /software/metaconfig/metaconfig_component/services

* Optional * Type: metaconfig_config modprobe

NAME

NCM::modprobe - NCM modprobe configuration component

SYNOPSIS

Configure() The method configures the modprobe configuration file /etc/modules.conf for 2.4 kernels and configu- ration file /etc/modprobe.d/quattor.conf for 2.6 kernels. The method also creates a new initial ramdisk images for preloading modules for all the kernel releases installed in the node. Unconfigure() The method unconfigures the modprobe configuration file /etc/modules.conf for 2.4 kernels and config- uration file /etc/modprobe.d/quattor.conf for 2.6 kernels. The method also creates a new initial ramdisk images for preloading modules for all the kernel releases installed in the node.

336 Chapter 1. Content Quattor Documentation, Release 0.0.1

RESOURCES

* /software/components/modprobe/active : boolean activates/deactivates the component. * /software/components/modprobe/modules : list of module The modules item is a list of module_type. The module type is base on the fields “name” name of the loadable module, “alias” alias for the loadable module, “options” options for the loadable module, “install” command to run when loading module, “remove” command to run when removing module and “blacklist” to disable a module.

Types

• /software/modprobe/module_type – /software/modprobe/module_type/name

* Optional * Type: string – /software/modprobe/module_type/alias

* Optional * Type: string – /software/modprobe/module_type/options

* Optional * Type: string – /software/modprobe/module_type/install

* Optional * Type: string – /software/modprobe/module_type/remove

* Optional * Type: string – /software/modprobe/module_type/blacklist

* Optional * Type: string • /software/modprobe/component_modprobe_type – /software/modprobe/component_modprobe_type/file

* Optional * Type: string – /software/modprobe/component_modprobe_type/modules

* Optional * Type: module_type

1.3. configuration-modules-core 337 Quattor Documentation, Release 0.0.1 mysql

NAME mysql : NCM component to manage MySQL servers and databases

DESCRIPTION

This component allows to manage configuration of MySQL servers and administer the databases.

Database Options

Database options are under /software/components/mysql/databases. This resource is a nlist with one entry per database. Key is the database name, value is a nlist allowing to specify options described below. initScript : nlist (optional)

This allows to specify a script to be executed at database creation time. This is a nlist that allows to specify either content of the MySQL script (key 'content') to execute or the path of a script name (key 'file') to execute. server : string (required)

Name of the server hosting the database. This name must match one entries in /software/components/mysql/ servers (see schema). Default : none. initOnce: boolean (optional)

When true, the initialization script (initScript) is executed only if the database was not already existing. tableOptions: nlist of nlist (optional)

This resource allows to modify table characteristics. All parameters to the ALTER TABLE command are allowed. The key is the name of the table, the value is a nlist where the key is the parameter name and the value is parameter value if any, else an empty string. users : nlist (optional)

List of MySQL users to create and MySQL privileges they have on the database. This is a nlist. Key is the escaped userid, in user@host format without any quotes. If no @host is present, it defaults to current host. Value is a nlist with the following possible keys : password : user MySQL password. Must be a cleartext password. rights : list of MySQL privileges to grant to the user.

338 Chapter 1. Content Quattor Documentation, Release 0.0.1 serviceName option

Name of the mysql service. Valid values are 'mysql', 'mysqld' and 'mariadb'. Defaults to 'mysqld'.

Types

• /software/mysql/component_mysql_user_right • /software/mysql/component_mysql_db_user – /software/mysql/component_mysql_db_user/password

* Optional * Type: string – /software/mysql/component_mysql_db_user/rights

* Optional * Type: component_mysql_user_right – /software/mysql/component_mysql_db_user/shortPwd

* Optional * Type: boolean • /software/mysql/component_mysql_db_script – /software/mysql/component_mysql_db_script/file

* Optional * Type: string – /software/mysql/component_mysql_db_script/content

* Optional * Type: string • /software/mysql/component_mysql_db_options – /software/mysql/component_mysql_db_options/server

* Optional * Type: string – /software/mysql/component_mysql_db_options/users

* Optional * Type: component_mysql_db_user – /software/mysql/component_mysql_db_options/initScript

* Optional * Type: component_mysql_db_script – /software/mysql/component_mysql_db_options/initOnce

* Optional * Type: boolean

1.3. configuration-modules-core 339 Quattor Documentation, Release 0.0.1

– /software/mysql/component_mysql_db_options/createDb

* Optional * Type: boolean – /software/mysql/component_mysql_db_options/tableOptions

* Optional * Type: string • /software/mysql/component_mysql_server_options – /software/mysql/component_mysql_server_options/host

* Optional * Type: string – /software/mysql/component_mysql_server_options/adminuser

* Optional * Type: string – /software/mysql/component_mysql_server_options/adminpwd

* Optional * Type: string – /software/mysql/component_mysql_server_options/options

* Optional * Type: string – /software/mysql/component_mysql_server_options/users

* Optional * Type: component_mysql_db_user • /software/mysql/component_mysql – /software/mysql/component_mysql/databases

* Optional * Type: component_mysql_db_options – /software/mysql/component_mysql/servers

* Optional * Type: component_mysql_server_options – /software/mysql/component_mysql/serviceName

* Optional * Type: string

340 Chapter 1. Content Quattor Documentation, Release 0.0.1

Functions

• component_mysql_valid • component_mysql_check_db_script • component_mysql_password_valid

nagios

DESCRIPTION

The nagios component manages the configuration for the Nagios monitoring system. At the time of this writing, escalations and dependencies are the only Nagios settings this component doesn’t under- stand.

BASIC COMPONENT STRUCTURE

Nagios configuration is very complicated. Before reading this, please check the Nagios documentation. All the fields on this component are named just like the tags for the appropriate Nagios object. * /software/components/nagios/general Global settings for Nagios. These settings will be written in /etc/nagios/nagios.cfg. * /software/components/nagios/cgi Configuration of the Nagios web interface. This path is optional. If it exists, the settings will be written in /etc/nagios/cgi.cfg. * /software/components/nagios/hosts Host definitions, indexed by host name. There is no host_name option, as it is taken from the index. Also, the host_address field is optional. If it’s not provided, gethostbyname is used to decide the host’s IP address. These settings are written in /etc/nagios/hosts.cfg. * /software/components/nagios/hostgroups Hostgroup definitions, indexed by hostgroup name. These settings are written in /etc/nagios/ hostgroups.cfg. * /software/components/nagios/hostdependencies Host dependency defintions, indexed by depended host name (this is, where the arrow ends in Nagios documentation). These settings are written in /etc/nagios/hostdependencies.cfg. * /software/components/nagios/services nlist of lists of service definitions. The keys are the service descriptions, escaped. The value is a list of service definitions that share the same definition but have different parameters (e.g, commands). Please check that you don’t list the same host on two entries of the same service, as the validation code won’t detect this and will cause Nagios to fail. These settings are written in /etc/nagios/services.cfg. * /software/components/nagios/servicegroups

1.3. configuration-modules-core 341 Quattor Documentation, Release 0.0.1

List of service groups. It is written in /etc/nagios/servicegroups.cfg. * /software/components/nagios/servicedependencies List of service dependencies. It is written in /etc/nagios/servicedependencies.cfg. * /software/components/nagios/contacts Contact definition, indexed by contact name. These settings are written in /etc/nagios/contacts.cfg. * /software/components/nagios/contactgroups Contact group definition, indexed by contact group name. These settings are written in /etc/nagios/contactgroups.cfg . * /software/components/nagios/commands Command lines, indexed by Nagios command name. These settings are stored in /etc/nagios/ commands.cfg. * /software/components/nagios/macros Nagios $USERx$ macros, indexed by macro name. The macro name must not be surrounded by '$'. These settings are stored in /etc/nagios/resources.cfg. * /software/components/nagios/timeperiods Nagios time period definition, indexed by time period name. Time periods are stored in /etc/nagios/ timeperiods.cfg. * /software/components/nagios/serviceextinfo Definition for extended service information. These settings are saved in /etc/nagios/ serviceextinfo.cfg. * /software/components/nagios/external_files Other already existing files to be included in the configuration of Nagios. Please note that the component can’t validate these, so if you include a broken file, you’ll break your Nagios server! * /software/components/nagios/external_dirs Other already existing dirs to be included in the configuration of Nagios. Please note that the component can’t validate these, so if you include a broken file, you’ll break your Nagios server!

NOTES ON THE USE OF THIS COMPONENT

Command usage

When a service or a host references a command, it separates its arguments with ‘!’, e.g:

check_command check_load!5,4,3!6,5,4

where check_load is an existing Nagios command. On this component, that should be specified as

"check_command"= list ("check_load", "5,4,3", "6,5,4");

Check commands and event handlers are defined as such lists of strings, where the first element must be an ex- isting command name. For the above example to be valid, /software/components/nagios/commands/ check_load must exist.

342 Chapter 1. Content Quattor Documentation, Release 0.0.1

The use tag

The use tag is not allowed by this component. It makes validation almost impossible, and any attempt to implement an incomplete validation would make the compilation awfully slow. However, Pan offers the same functionality as the use tag, without giving up with validation. You may want to use value, includeand create to simulate Nagios inheritance. The only downside of this approach is the growth of the LLD profile.

FILES

The following files are written by this component: * /etc/nagios/nagios.cfg * /etc/nagios/cgi.cfg * /etc/nagios/contacts.cfg * /etc/nagios/contactgroups.cfg * /etc/nagios/hosts.cfg * /etc/nagios/hostgroups.cfg * /etc/nagios/hostdependencies.cfg * /etc/nagios/services.cfg * /etc/nagios/servicegroups.cfg * /etc/nagios/servicedependencies.cfg * /etc/nagios/serviceextinfo.cfg * /etc/nagios/timeperiods.cfg * /etc/nagios/commands.cfg * /etc/nagios/resources.cfg If they exist, they will be truncated, the owner and group set to Nagios and the permissions will be set to 0660. Note that config_file and resource_file directives are not valid. To keep consistency, everything must be set according to this layout.

Functions

• nagios_has_host_or_hostgroup

Types

• /software/nagios/nagios_hoststring • /software/nagios/nagios_hostgroupstring • /software/nagios/nagios_commandstrings • /software/nagios/nagios_timeperiodstring • /software/nagios/nagios_contactgroupstring

1.3. configuration-modules-core 343 Quattor Documentation, Release 0.0.1

• /software/nagios/nagios_contactstring • /software/nagios/nagios_servicegroupstring • /software/nagios/nagios_servicestring • /software/nagios/nagios_service_notification_string • /software/nagios/nagios_host_notification_string • /software/nagios/nagios_stalking_string • /software/nagios/nagios_execution_failure_string • /software/nagios/nagios_notification_failure_string • /software/nagios/structure_nagios_host_generic – /software/nagios/structure_nagios_host_generic/name

* Optional * Type: string – /software/nagios/structure_nagios_host_generic/check_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_host_generic/max_check_attempts

* Optional * Type: long – /software/nagios/structure_nagios_host_generic/check_interval

* Optional * Type: long – /software/nagios/structure_nagios_host_generic/retry_interval

* Optional * Type: long – /software/nagios/structure_nagios_host_generic/active_checks_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/passive_checks_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/check_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_host_generic/obsess_over_host

* Optional * Type: boolean

344 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/nagios/structure_nagios_host_generic/check_freshness

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/freshness_threshold

* Optional * Type: long – /software/nagios/structure_nagios_host_generic/event_handler

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_host_generic/event_handler_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/low_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_host_generic/high_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_host_generic/flap_detection_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/process_perf_data

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/retain_status_information

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/retain_nonstatus_information

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/contact_groups

* Optional * Type: nagios_contactgroupstring – /software/nagios/structure_nagios_host_generic/notification_interval

* Optional * Type: long

1.3. configuration-modules-core 345 Quattor Documentation, Release 0.0.1

– /software/nagios/structure_nagios_host_generic/notification_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_host_generic/notification_options

* Optional * Type: nagios_host_notification_string – /software/nagios/structure_nagios_host_generic/notifications_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host_generic/stalking_options

* Optional * Type: string – /software/nagios/structure_nagios_host_generic/register

* Optional * Type: boolean • /software/nagios/structure_nagios_host – /software/nagios/structure_nagios_host/alias

* Optional * Type: string – /software/nagios/structure_nagios_host/use

* Optional * Type: string – /software/nagios/structure_nagios_host/address

* Optional * Type: type_ip – /software/nagios/structure_nagios_host/parents

* Optional * Type: nagios_hoststring – /software/nagios/structure_nagios_host/hostgroups

* Optional * Type: nagios_hostgroupstring – /software/nagios/structure_nagios_host/check_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_host/max_check_attempts

* Optional

346 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_host/check_interval

* Optional * Type: long – /software/nagios/structure_nagios_host/active_checks_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host/passive_checks_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host/check_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_host/obsess_over_host

* Optional * Type: boolean – /software/nagios/structure_nagios_host/check_freshness

* Optional * Type: boolean – /software/nagios/structure_nagios_host/freshness_threshold

* Optional * Type: long – /software/nagios/structure_nagios_host/event_handler

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_host/event_handler_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host/low_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_host/high_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_host/flap_detection_enabled

* Optional

1.3. configuration-modules-core 347 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/nagios/structure_nagios_host/process_perf_data

* Optional * Type: boolean – /software/nagios/structure_nagios_host/retain_status_information

* Optional * Type: boolean – /software/nagios/structure_nagios_host/retain_nonstatus_information

* Optional * Type: boolean – /software/nagios/structure_nagios_host/contact_groups

* Optional * Type: nagios_contactgroupstring – /software/nagios/structure_nagios_host/notification_interval

* Optional * Type: long – /software/nagios/structure_nagios_host/notification_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_host/notification_options

* Optional * Type: nagios_host_notification_string – /software/nagios/structure_nagios_host/notifications_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_host/stalking_options

* Optional * Type: string – /software/nagios/structure_nagios_host/register

* Optional * Type: boolean – /software/nagios/structure_nagios_host/action_url

* Optional * Type: string • /software/nagios/structure_nagios_hostgroup – /software/nagios/structure_nagios_hostgroup/alias

348 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/nagios/structure_nagios_hostgroup/members

* Optional * Type: nagios_hoststring • /software/nagios/structure_nagios_hostdependency – /software/nagios/structure_nagios_hostdependency/dependent_host_name

* Optional * Type: nagios_hoststring – /software/nagios/structure_nagios_hostdependency/notification_failure_criteria

* Optional * Type: nagios_host_notification_string • /software/nagios/structure_nagios_service – /software/nagios/structure_nagios_service/name

* Optional * Type: string – /software/nagios/structure_nagios_service/use

* Optional * Type: string – /software/nagios/structure_nagios_service/host_name

* Optional * Type: nagios_hoststring – /software/nagios/structure_nagios_service/hostgroup_name

* Optional * Type: nagios_hostgroupstring – /software/nagios/structure_nagios_service/servicegroups

* Optional * Type: nagios_servicegroupstring – /software/nagios/structure_nagios_service/is_volatile

* Optional * Type: boolean – /software/nagios/structure_nagios_service/check_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_service/max_check_attempts

* Optional

1.3. configuration-modules-core 349 Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_service/normal_check_interval

* Optional * Type: long – /software/nagios/structure_nagios_service/retry_check_interval

* Optional * Type: long – /software/nagios/structure_nagios_service/active_checks_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_service/passive_checks_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_service/check_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_service/parallelize_check

* Optional * Type: boolean – /software/nagios/structure_nagios_service/obsess_over_service

* Optional * Type: boolean – /software/nagios/structure_nagios_service/check_freshness

* Optional * Type: boolean – /software/nagios/structure_nagios_service/freshness_threshold

* Optional * Type: long – /software/nagios/structure_nagios_service/event_handler

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_service/event_handler_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_service/low_flap_threshold

* Optional

350 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_service/high_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_service/flap_detection_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_service/process_perf_data

* Optional * Type: boolean – /software/nagios/structure_nagios_service/retain_status_information

* Optional * Type: boolean – /software/nagios/structure_nagios_service/retain_nonstatus_information

* Optional * Type: boolean – /software/nagios/structure_nagios_service/notification_interval

* Optional * Type: long – /software/nagios/structure_nagios_service/notification_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_service/notification_options

* Optional * Type: nagios_service_notification_string – /software/nagios/structure_nagios_service/notifications_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_service/contact_groups

* Optional * Type: nagios_contactgroupstring – /software/nagios/structure_nagios_service/stalking_options

* Optional * Type: nagios_stalking_string – /software/nagios/structure_nagios_service/register

* Optional

1.3. configuration-modules-core 351 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/nagios/structure_nagios_service/failure_prediction_enabled

* Optional * Type: boolean – /software/nagios/structure_nagios_service/action_url

* Optional * Type: string • /software/nagios/structure_nagios_servicegroup – /software/nagios/structure_nagios_servicegroup/alias

* Optional * Type: string – /software/nagios/structure_nagios_servicegroup/members

* Optional * Type: nagios_servicestring – /software/nagios/structure_nagios_servicegroup/servicegroup_members

* Optional * Type: nagios_servicegroupstring – /software/nagios/structure_nagios_servicegroup/notes

* Optional * Type: string – /software/nagios/structure_nagios_servicegroup/notes_url

* Optional * Type: type_absoluteURI – /software/nagios/structure_nagios_servicegroup/action_url

* Optional * Type: type_absoluteURI • /software/nagios/structure_nagios_servicedependency – /software/nagios/structure_nagios_servicedependency/dependent_host_name

* Optional * Type: nagios_hoststring – /software/nagios/structure_nagios_servicedependency/dependent_hostgroup_name

* Optional * Type: nagios_hostgroupstring – /software/nagios/structure_nagios_servicedependency/dependent_service_description

* Optional * Type: nagios_servicestring

352 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/nagios/structure_nagios_servicedependency/host_name

* Optional * Type: nagios_hoststring – /software/nagios/structure_nagios_servicedependency/hostgroup_name

* Optional * Type: nagios_hostgroupstring – /software/nagios/structure_nagios_servicedependency/service_description

* Optional * Type: string – /software/nagios/structure_nagios_servicedependency/inherits_parent

* Optional * Type: boolean – /software/nagios/structure_nagios_servicedependency/execution_failure_criteria

* Optional * Type: nagios_execution_failure_string – /software/nagios/structure_nagios_servicedependency/notification_failure_criteria

* Optional * Type: nagios_notification_failure_string – /software/nagios/structure_nagios_servicedependency/dependency_period

* Optional * Type: nagios_timeperiodstring • /software/nagios/structure_nagios_contact – /software/nagios/structure_nagios_contact/alias

* Optional * Type: string – /software/nagios/structure_nagios_contact/contactgroups

* Optional * Type: nagios_contactgroupstring – /software/nagios/structure_nagios_contact/host_notification_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_contact/service_notification_period

* Optional * Type: nagios_timeperiodstring – /software/nagios/structure_nagios_contact/host_notification_options

* Optional

1.3. configuration-modules-core 353 Quattor Documentation, Release 0.0.1

* Type: nagios_host_notification_string – /software/nagios/structure_nagios_contact/service_notification_options

* Optional * Type: nagios_service_notification_string – /software/nagios/structure_nagios_contact/host_notification_commands

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_contact/service_notification_commands

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_contact/email

* Optional * Type: string – /software/nagios/structure_nagios_contact/pager

* Optional * Type: string • /software/nagios/structure_nagios_contactgroup – /software/nagios/structure_nagios_contactgroup/alias

* Optional * Type: string – /software/nagios/structure_nagios_contactgroup/members

* Optional * Type: nagios_contactstring • /software/nagios/nagios_timerange • /software/nagios/structure_nagios_timeperiod – /software/nagios/structure_nagios_timeperiod/alias

* Optional * Type: string – /software/nagios/structure_nagios_timeperiod/monday

* Optional * Type: nagios_timerange – /software/nagios/structure_nagios_timeperiod/tuesday

* Optional * Type: nagios_timerange – /software/nagios/structure_nagios_timeperiod/wednesday

* Optional

354 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: nagios_timerange – /software/nagios/structure_nagios_timeperiod/thursday

* Optional * Type: nagios_timerange – /software/nagios/structure_nagios_timeperiod/friday

* Optional * Type: nagios_timerange – /software/nagios/structure_nagios_timeperiod/saturday

* Optional * Type: nagios_timerange – /software/nagios/structure_nagios_timeperiod/sunday

* Optional * Type: nagios_timerange • /software/nagios/structure_nagios_serviceextinfo – /software/nagios/structure_nagios_serviceextinfo/host_name

* Optional * Type: nagios_hoststring – /software/nagios/structure_nagios_serviceextinfo/service_description

* Optional * Type: string – /software/nagios/structure_nagios_serviceextinfo/hostgroup_name

* Optional * Type: nagios_hostgroupstring – /software/nagios/structure_nagios_serviceextinfo/notes

* Optional * Type: string – /software/nagios/structure_nagios_serviceextinfo/notes_url

* Optional * Type: type_absoluteURI – /software/nagios/structure_nagios_serviceextinfo/action_url

* Optional * Type: type_absoluteURI – /software/nagios/structure_nagios_serviceextinfo/icon_image

* Optional * Type: string – /software/nagios/structure_nagios_serviceextinfo/icon_image_alt

1.3. configuration-modules-core 355 Quattor Documentation, Release 0.0.1

* Optional * Type: string • /software/nagios/structure_nagios_cgi_cfg – /software/nagios/structure_nagios_cgi_cfg/physical_html_path

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/url_html_path

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/show_context_help

* Optional * Type: boolean – /software/nagios/structure_nagios_cgi_cfg/nagios_check_command

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/use_authentication

* Optional * Type: boolean – /software/nagios/structure_nagios_cgi_cfg/default_user_name

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/authorized_for_system_information

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/authorized_for_configuration_information

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/authorized_for_system_commands

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/authorized_for_all_services

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/authorized_for_all_hosts

* Optional * Type: string

356 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/nagios/structure_nagios_cgi_cfg/authorized_for_all_service_commands

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/authorized_for_all_host_commands

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/statusmap_background_image

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/default_statusmap_layout

* Optional * Type: long – /software/nagios/structure_nagios_cgi_cfg/default_statuswrl_layout

* Optional * Type: long – /software/nagios/structure_nagios_cgi_cfg/statuswrl_include

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/ping_syntax

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/refresh_rate

* Optional * Type: long – /software/nagios/structure_nagios_cgi_cfg/host_unreachable_sound

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/host_down_sound

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/service_critical_sound

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/service_warning_sound

* Optional * Type: string

1.3. configuration-modules-core 357 Quattor Documentation, Release 0.0.1

– /software/nagios/structure_nagios_cgi_cfg/service_unknown_sound

* Optional * Type: string – /software/nagios/structure_nagios_cgi_cfg/normal_sound

* Optional * Type: string • /software/nagios/structure_nagios_nagios_cfg – /software/nagios/structure_nagios_nagios_cfg/log_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/object_cache_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/resource_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/status_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/nagios_user

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/nagios_group

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/check_external_commands

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/command_check_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/command_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/external_command_buffer_slots

* Optional

358 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_nagios_cfg/comment_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/downtime_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/lock_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/temp_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/event_broker_options

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/log_rotation_method

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/log_archive_path

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/use_syslog

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_notifications

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_service_retries

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_host_retries

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_event_handlers

* Optional

1.3. configuration-modules-core 359 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_initial_states

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_external_commands

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/log_passive_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/global_host_event_handler

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/service_inter_check_delay_method

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/max_service_check_spread

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/service_interleave_factor

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/host_inter_check_delay_method

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/max_host_check_spread

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/max_concurrent_checks

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/service_reaper_frequency

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/check_result_reaper_frequency

* Optional

360 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_nagios_cfg/max_check_result_reaper_time

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/check_result_buffer_slots

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/auto_reschedule_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/auto_rescheduling_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/auto_rescheduling_window

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/sleep_time

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/service_check_timeout

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/host_check_timeout

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/event_handler_timeout

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/notification_timeout

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/ocsp_timeout

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/perfdata_timeout

* Optional

1.3. configuration-modules-core 361 Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_nagios_cfg/retain_state_information

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/state_retention_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/retention_update_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/use_retained_program_state

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/use_retained_scheduling_info

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/interval_length

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/use_aggressive_host_checking

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/execute_service_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/accept_passive_service_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/execute_host_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/accept_passive_host_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/enable_notifications

* Optional

362 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/nagios/structure_nagios_nagios_cfg/enable_event_handlers

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/process_performance_data

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/service_perfdata_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_nagios_cfg/host_perfdata_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_nagios_cfg/host_perfdata_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/service_perfdata_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/host_perfdata_file_template

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/service_perfdata_file_template

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/host_perfdata_file_mode

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/service_perfdata_file_mode

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/host_perfdata_file_processing_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/service_perfdata_file_processing_interval

* Optional

1.3. configuration-modules-core 363 Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_nagios_cfg/host_perfdata_file_processing_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_nagios_cfg/service_perfdata_file_processing_command

* Optional * Type: nagios_commandstrings – /software/nagios/structure_nagios_nagios_cfg/obsess_over_services

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/check_for_orphaned_services

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/check_service_freshness

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/service_freshness_check_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/check_host_freshness

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/host_freshness_check_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/aggregate_status_updates

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/status_update_interval

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/enable_flap_detection

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/low_service_flap_threshold

* Optional

364 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long – /software/nagios/structure_nagios_nagios_cfg/high_service_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/low_host_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/high_host_flap_threshold

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/date_format

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/p1_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/illegal_object_name_chars

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/illegal_macro_output_chars

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/use_regexp_matching

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/use_true_regexp_matching

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/admin_email

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/admin_pager

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/daemon_dumps_core

* Optional

1.3. configuration-modules-core 365 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/nagios/structure_nagios_nagios_cfg/check_result_path

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/precached_object_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/temp_path

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/retained_host_attribute_mask

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/retained_service_attribute_mask

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/retained_process_host_attribute_mask

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/retained_process_service_attribute_mask

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/retained_contact_host_attribute_mask

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/retained_contact_service_attribute_mask

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/max_check_result_file_age

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/translate_passive_host_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/passive_host_checks_are_soft

* Optional

366 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/nagios/structure_nagios_nagios_cfg/enable_predictive_host_dependency_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/enable_predictive_service_dependency_checks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/cached_host_check_horizon

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/cached_service_check_horizon

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/use_large_installation_tweaks

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/free_child_process_memory

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/child_processes_fork_twice

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/enable_environment_macros

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/soft_state_dependencies

* Optional * Type: boolean – /software/nagios/structure_nagios_nagios_cfg/ochp_timeout

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/ochp_command

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/use_timezone

* Optional

1.3. configuration-modules-core 367 Quattor Documentation, Release 0.0.1

* Type: string – /software/nagios/structure_nagios_nagios_cfg/broker_module

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/debug_file

* Optional * Type: string – /software/nagios/structure_nagios_nagios_cfg/debug_level

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/debug_verbosity

* Optional * Type: long * Range: 0..2 – /software/nagios/structure_nagios_nagios_cfg/max_debug_file_size

* Optional * Type: long – /software/nagios/structure_nagios_nagios_cfg/ocsp_command

* Optional * Type: string • /software/nagios/structure_nagios_service_list • /software/nagios/structure_component_nagios – /software/nagios/structure_component_nagios/hosts

* Optional * Type: structure_nagios_host – /software/nagios/structure_component_nagios/hosts_generic

* Optional * Type: structure_nagios_host_generic – /software/nagios/structure_component_nagios/hostgroups

* Optional * Type: structure_nagios_hostgroup – /software/nagios/structure_component_nagios/hostdependencies

* Optional * Type: structure_nagios_hostdependency – /software/nagios/structure_component_nagios/services

* Optional

368 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: structure_nagios_service_list – /software/nagios/structure_component_nagios/servicegroups

* Optional * Type: structure_nagios_servicegroup – /software/nagios/structure_component_nagios/general

* Optional * Type: structure_nagios_nagios_cfg – /software/nagios/structure_component_nagios/cgi

* Optional * Type: structure_nagios_cgi_cfg – /software/nagios/structure_component_nagios/serviceextinfo

* Optional * Type: structure_nagios_serviceextinfo – /software/nagios/structure_component_nagios/servicedependencies

* Optional * Type: structure_nagios_servicedependency – /software/nagios/structure_component_nagios/timeperiods

* Optional * Type: structure_nagios_timeperiod – /software/nagios/structure_component_nagios/contacts

* Optional * Type: structure_nagios_contact – /software/nagios/structure_component_nagios/contactgroups

* Optional * Type: structure_nagios_contactgroup – /software/nagios/structure_component_nagios/commands

* Optional * Type: string – /software/nagios/structure_component_nagios/macros

* Optional * Type: string – /software/nagios/structure_component_nagios/external_files

* Optional * Type: string – /software/nagios/structure_component_nagios/external_dirs

* Optional

1.3. configuration-modules-core 369 Quattor Documentation, Release 0.0.1

* Type: string named

NAME

NCM::named - NCM named configuration component

DESCRIPTION

NCM component allowing to copy the named server configuration (/etc/named.conf) file from a reference loca- tion and/or configure the resolver configuration file (/etc/resolv.conf). If named is started on the machine, localhost (127.0.0.1) is added as the first server in resolver configuration file.

RESOURCES

* /software/components/named/start: boolean (optional) Enable/Start or Disable/Stop named server. If undefined, nothing is done. * /software/components/named/configfile: string (optional) Reference file location for named configuration file. Existing (/etc/named.conf), if any, will be replaced. ‘configfile’ is mutually exclusive with ‘serverConfig’. * /software/components/named/serverConfig: string (optional) Content of named configuration file (/etc/named.conf). ‘serverConfig’ is mutually exclusive with ‘configfile’. * /software/components/named/servers: list of hosts Ordered list of named servers to use in (/etc/resolv.conf). If named server is started, localhost (127.0.0.1) will be added first. * /software/components/named/options: list of options Ordered list of named options to use in (/etc/resolv.conf). /etc/resolv.conf is updated: everything except ‘nameserver’ lines are preserved. All the ‘name- server’ lines are replaced by information in this option, if present.

Types

• /software/named/component_named – /software/named/component_named/serverConfig

* Optional * Type: string – /software/named/component_named/configfile

* Optional * Type: string

370 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/named/component_named/use_localhost

* Optional * Type: boolean – /software/named/component_named/start

* Optional * Type: boolean – /software/named/component_named/servers

* Optional * Type: type_ip – /software/named/component_named/options

* Optional * Type: string – /software/named/component_named/search

* Optional * Type: type_fqdn

Functions

• component_named_valid network

NAME network: Configure Network Settings

DESCRIPTION

The network component sets the network settings through /etc/sysconfig/networkand the various files in /etc/sysconfig/network-scripts. New/changed settings are first tested by retrieving the latest profile from the CDB server (using ccm-fetch). If this fails, the component reverts all settings to the previous values. During this test, a sleep value of 15 seconds is used to make sure the restarted network is fully restarted (routing may need some time to come up completely). Because of this, configuration changes may cause the ncm-ncd run to take longer than usual. Be aware that configuration changes can also lead to a brief network interruption.

1.3. configuration-modules-core 371 Quattor Documentation, Release 0.0.1

EXAMPLES

CHANNEL BONDING

To enable channel bonding with quattor using devices eth0 and eth1 to form bond0, proceed as follows: include 'components/network/config'; prefix "/system/network/interfaces"; "eth0/bootproto"= "none"; "eth0/master"= "bond0";

"eth1/bootproto"= "none"; "eth1/master"= "bond0";

"bond0"= NETWORK_PARAMS; "bond0/driver"= "bonding"; "bond0/bonding_opts/mode"=6; "bond0/bonding_opts/miimon"= 100; include 'components/modprobe/config'; "/software/components/modprobe/modules"= append(dict("name", "bonding", "alias",

˓→"bond0"));

"/software/components/network/dependencies/pre"= append("modprobe");

(see /Documentation/networking/bonding.txt for more info on the driver options)

VLAN support

Use the vlan[0-9]{0-4} interface devices and set the explicit device name and physdev. The VLAN ID is the number of the ‘.’ in the device name. ‘‘ physdev \ is mandatory for \ ``vlan[0-9]{0-4} device. An example: prefix "/system/network/interfaces"; "vlan0"= VLAN_NETWORK_PARAMS; "vlan0/device"= "eth0.3"; "vlan0/physdev"= "eth0";

IPv6 support

An example: prefix "/system/network"; "ipv6/enabled"= true; "ipv6/default_gateway"= "2001:678:123:e030::1"; "interfaces/eth0/ipv6_autoconf"= false; "interfaces/eth0/ipv6addr"= "2001:610:120:e030::49/64"; "interfaces/eth0/ipv6addr_secondaries"= list( "2001:678:123:e030::20:30/64", "2001:678:123:e030:172:10:20:30/64", );

372 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/network/structure_route – Description: Add route (IPv4 of IPv6) Presence of ‘:’ in any of the values indicates this is IPv6 related. – /software/network/structure_route/address

* Description: The ADDRESS in ADDRESS/PREFIX via GATEWAY * Optional * Type: type_ip – /software/network/structure_route/prefix

* Description: The PREFIX in ADDRESS/PREFIX via GATEWAY * Optional * Type: long – /software/network/structure_route/gateway

* Description: The GATEWAY in ADDRESS/PREFIX via GATEWAY * Optional * Type: type_ip – /software/network/structure_route/netmask

* Description: alternative notation for prefix (cannot be combined with prefix) * Optional * Type: type_ip – /software/network/structure_route/command

* Description: route add command options to use (cannot be combined with other options) * Optional * Type: string • /software/network/structure_rule – Description: Add rule (IPv4 of IPv6) Presence of ‘:’ in any of the values indicates this is IPv6 related. – /software/network/structure_rule/command

* Description: rule add options to use (cannot be combined with other options) * Optional * Type: string • /software/network/structure_interface_alias – Description: Interface alias – /software/network/structure_interface_alias/ip

* Optional

1.3. configuration-modules-core 373 Quattor Documentation, Release 0.0.1

* Type: type_ip – /software/network/structure_interface_alias/netmask

* Optional * Type: type_ip – /software/network/structure_interface_alias/broadcast

* Optional * Type: type_ip – /software/network/structure_interface_alias/fqdn

* Optional * Type: type_fqdn • /software/network/structure_bonding_options – Description: Describes the bonding options for configuring channel bonding on EL5 and similar. – /software/network/structure_bonding_options/mode

* Optional * Type: long * Range: 0..6 – /software/network/structure_bonding_options/miimon

* Optional * Type: long – /software/network/structure_bonding_options/updelay

* Optional * Type: long – /software/network/structure_bonding_options/downdelay

* Optional * Type: long – /software/network/structure_bonding_options/primary

* Optional * Type: valid_interface – /software/network/structure_bonding_options/lacp_rate

* Optional * Type: long * Range: 0..1 – /software/network/structure_bonding_options/xmit_hash_policy

* Optional * Type: string

374 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/network/structure_bridging_options – Description: describes the bridging options (the parameters for /sys/class/net/
/brport) – /software/network/structure_bridging_options/bpdu_guard

* Optional * Type: long – /software/network/structure_bridging_options/flush

* Optional * Type: long – /software/network/structure_bridging_options/hairpin_mode

* Optional * Type: long – /software/network/structure_bridging_options/multicast_fast_leave

* Optional * Type: long – /software/network/structure_bridging_options/multicast_router

* Optional * Type: long – /software/network/structure_bridging_options/path_cost

* Optional * Type: long – /software/network/structure_bridging_options/priority

* Optional * Type: long – /software/network/structure_bridging_options/root_block

* Optional * Type: long • /software/network/structure_ethtool_offload – Description: interface ethtool offload – /software/network/structure_ethtool_offload/rx

* Optional * Type: string – /software/network/structure_ethtool_offload/tx

* Optional * Type: string

1.3. configuration-modules-core 375 Quattor Documentation, Release 0.0.1

– /software/network/structure_ethtool_offload/tso

* Description: Set the TCP segment offload parameter to “off” or “on” * Optional * Type: string – /software/network/structure_ethtool_offload/gro

* Optional * Type: string • /software/network/structure_ethtool_ring – Description: Set the ethernet transmit or receive buffer ring counts. See ethtool –show-ring for the values. – /software/network/structure_ethtool_ring/rx

* Optional * Type: long – /software/network/structure_ethtool_ring/tx

* Optional * Type: long – /software/network/structure_ethtool_ring/rx-mini

* Optional * Type: long – /software/network/structure_ethtool_ring/rx-jumbo

* Optional * Type: long • /software/network/structure_ethtool_wol – Description: ethtool wol p|u|m|b|a|g|s|d. . . from the man page Sets Wake-on-LAN options. Not all devices support this. The argument to this option is a string of characters specifying which options to enable. p Wake on phy activity u Wake on unicast messages m Wake on multicast messages b Wake on broadcast messages a Wake on ARP g Wake on MagicPacket(tm) s Enable SecureOn(tm) password for MagicPacket(tm) d Disable (wake on nothing). This option clears all previous option • /software/network/structure_ethtool – Description: ethtool – /software/network/structure_ethtool/wol

* Optional * Type: structure_ethtool_wol

376 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/network/structure_ethtool/autoneg

* Optional * Type: string – /software/network/structure_ethtool/duplex

* Optional * Type: string – /software/network/structure_ethtool/speed

* Optional * Type: long • /software/network/structure_interface_plugin_vxlan – Description: interface plugin for vxlan support via initscripts-vxlan – /software/network/structure_interface_plugin_vxlan/vni

* Description: VXLAN Network Identifier (or VXLAN Segment ID); derived from devicename vxlan[0-9] if not defined

* Optional * Type: long * Range: 0..16777216 – /software/network/structure_interface_plugin_vxlan/group

* Description: multicast ip to join * Optional * Type: type_ip – /software/network/structure_interface_plugin_vxlan/remote

* Description: destination IP address to use in outgoing packets * Optional * Type: type_ip – /software/network/structure_interface_plugin_vxlan/local

* Description: source IP address to use in outgoing packets * Optional * Type: type_ip – /software/network/structure_interface_plugin_vxlan/dstport

* Description: UDP destination port * Optional * Type: long * Range: 2..65535 – /software/network/structure_interface_plugin_vxlan/gbp

1.3. configuration-modules-core 377 Quattor Documentation, Release 0.0.1

* Description: Group Policy extension * Optional * Type: boolean • /software/network/structure_interface_plugin – Description: interface plugin via custom ifup/down[-pre]-local hooks – /software/network/structure_interface_plugin/vxlan

* Description: VXLAN support via initscripts-vxlan * Optional * Type: structure_interface_plugin_vxlan • /software/network/structure_interface – Description: interface – /software/network/structure_interface/ip

* Optional * Type: type_ip – /software/network/structure_interface/gateway

* Optional * Type: type_ip – /software/network/structure_interface/netmask

* Optional * Type: type_ip – /software/network/structure_interface/broadcast

* Optional * Type: type_ip – /software/network/structure_interface/driver

* Optional * Type: string – /software/network/structure_interface/bootproto

* Optional * Type: string – /software/network/structure_interface/onboot

* Optional * Type: boolean – /software/network/structure_interface/type

* Optional

378 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/network/structure_interface/device

* Optional * Type: string – /software/network/structure_interface/master

* Optional * Type: string – /software/network/structure_interface/mtu

* Optional * Type: long – /software/network/structure_interface/route

* Description: Routes for this interface. These values are used to generate the /etc/sysconfig/network-scripts/route[6]- files as used by ifup-routes when using ncm-network. This allows for mixed IPv4 and IPv6 configuration

* Optional * Type: structure_route – /software/network/structure_interface/rule

* Description: Rules for this interface. These values are used to generate the /etc/sysconfig/network-scripts/rule[6]- files as used by ifup-routes when using ncm-network. This allows for mixed IPv4 and IPv6 configuration

* Optional * Type: structure_rule – /software/network/structure_interface/aliases

* Description: Aliases for this interface. These values are used to generate the /etc/sysconfig/network-scripts/ifcfg-: files as used by ifup-aliases when using ncm-network.

* Optional * Type: structure_interface_alias – /software/network/structure_interface/set_hwaddr

* Description: Explicitly set the MAC address. The MAC address is taken from /hard- ware/cards/nic//hwaddr.

* Optional * Type: boolean – /software/network/structure_interface/bridge

* Optional * Type: valid_interface – /software/network/structure_interface/bonding_opts

1.3. configuration-modules-core 379 Quattor Documentation, Release 0.0.1

* Optional * Type: structure_bonding_options – /software/network/structure_interface/offload

* Optional * Type: structure_ethtool_offload – /software/network/structure_interface/ring

* Optional * Type: structure_ethtool_ring – /software/network/structure_interface/ethtool

* Optional * Type: structure_ethtool – /software/network/structure_interface/vlan

* Description: Is a VLAN device. If the device name starts with vlan, this is always true. * Optional * Type: boolean – /software/network/structure_interface/physdev

* Description: If the device name starts with vlan, this has to be set. It is set (but ignored by ifup) if it the device is not named vlan

* Optional * Type: valid_interface – /software/network/structure_interface/fqdn

* Optional * Type: string – /software/network/structure_interface/network_environment

* Optional * Type: string – /software/network/structure_interface/network_type

* Optional * Type: string – /software/network/structure_interface/nmcontrolled

* Optional * Type: boolean – /software/network/structure_interface/defroute

* Description: Set DEFROUTE, is the default for ipv6_defroute * Optional * Type: boolean

380 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/network/structure_interface/linkdelay

* Optional * Type: long – /software/network/structure_interface/stp

* Optional * Type: boolean – /software/network/structure_interface/delay

* Optional * Type: long – /software/network/structure_interface/bridging_opts

* Optional * Type: structure_bridging_options – /software/network/structure_interface/bond_ifaces

* Optional * Type: string – /software/network/structure_interface/ovs_bridge

* Optional * Type: valid_interface – /software/network/structure_interface/ovs_extra

* Optional * Type: string – /software/network/structure_interface/ovs_opts

* Optional * Type: string – /software/network/structure_interface/ovs_patch_peer

* Optional * Type: string – /software/network/structure_interface/ovs_tunnel_opts

* Optional * Type: string – /software/network/structure_interface/ovs_tunnel_type

* Optional * Type: string – /software/network/structure_interface/ipv4_failure_fatal

* Optional * Type: boolean

1.3. configuration-modules-core 381 Quattor Documentation, Release 0.0.1

– /software/network/structure_interface/ipv6_autoconf

* Optional * Type: boolean – /software/network/structure_interface/ipv6_failure_fatal

* Optional * Type: boolean – /software/network/structure_interface/ipv6_mtu

* Optional * Type: long * Range: 1280..65536 – /software/network/structure_interface/ipv6_privacy

* Optional * Type: string – /software/network/structure_interface/ipv6_rtr

* Optional * Type: boolean – /software/network/structure_interface/ipv6_defroute

* Description: Set IPV6_DEFROUTE, defaults to defroute value * Optional * Type: boolean – /software/network/structure_interface/ipv6addr

* Optional * Type: type_network_name – /software/network/structure_interface/ipv6addr_secondaries

* Optional * Type: type_network_name – /software/network/structure_interface/ipv6init

* Optional * Type: boolean – /software/network/structure_interface/plugin

* Optional * Type: structure_interface_plugin • /software/network/structure_router – Description: router • /software/network/structure_ipv6

382 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: IPv6 global settings – /software/network/structure_ipv6/enabled

* Optional * Type: boolean – /software/network/structure_ipv6/default_gateway

* Optional * Type: type_ip – /software/network/structure_ipv6/gatewaydev

* Optional * Type: valid_interface • /software/network/structure_network – Description: Host network configuration These values are used to generate /etc/sysconfig/network when using ncm-network (unless specified oth- erwise). – /software/network/structure_network/domainname

* Optional * Type: type_fqdn – /software/network/structure_network/hostname

* Optional * Type: type_shorthostname – /software/network/structure_network/realhostname

* Optional * Type: type_fqdn – /software/network/structure_network/default_gateway

* Optional * Type: type_ip – /software/network/structure_network/guess_default_gateway

* Description: When default_gateway is not set, the component will try to guess the default gateway using the first configured gateway set on an interface. The default is true for backward compatible behaviour.

* Optional * Type: boolean – /software/network/structure_network/gatewaydev

* Optional * Type: valid_interface

1.3. configuration-modules-core 383 Quattor Documentation, Release 0.0.1

– /software/network/structure_network/interfaces

* Description: Per interface network settings. These values are used to generate the /etc/sysconfig/network-scripts/ifcfg- files when using ncm-network.

* Optional * Type: structure_interface – /software/network/structure_network/nameserver

* Optional * Type: type_ip – /software/network/structure_network/nisdomain

* Optional * Type: string – /software/network/structure_network/nozeroconf

* Description: Setting nozeroconf to true stops an interface from being assigned an automatic address in the 169.254.0.0 subnet.

* Optional * Type: boolean – /software/network/structure_network/set_hwaddr

* Description: The default behaviour for all interfaces wrt setting the MAC address (see interface set_hwaddr attribute). The component default is false.

* Optional * Type: boolean – /software/network/structure_network/nmcontrolled

* Optional * Type: boolean – /software/network/structure_network/allow_nm

* Optional * Type: boolean – /software/network/structure_network/primary_ip

* Optional * Type: string – /software/network/structure_network/routers

* Optional * Type: structure_router – /software/network/structure_network/ipv6

* Optional

384 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: structure_ipv6

Types

• /software/network/network_component – /software/network/network_component/rename

* Description: experimental: rename (physical) devices * Optional * Type: boolean

nfs

NAME

nfs: NCM component for /etc/exports and /etc/fstab

DESCRIPTION

The nfs component manages entries for NFS in the /etc/exportsand/or NFS/NFSv4/Ceph/PanFS/bind mount in the /etc/fstab files.

Example

prefix "/software/components/nfs"; "exports"= append(dict( "path", "/shared/path/", "hosts", dict( "server*.example.org", "no_root_squash", ), ));

"mounts"= append(dict( "device", "foreign.example.org:/shared/path/", "mountpoint", "/mnt/foreign", "fstype", "nfs", "options", "rw", ));

Functions

mount_action_new_old Compares two fstab hashref new and old for equality, and returns mount action to be taken. If old does not exist, mount. If equal, do nothing. If the entries differ in the devices or mountpoint, do unmount/mount.

1.3. configuration-modules-core 385 Quattor Documentation, Release 0.0.1

Otherwise, remount. fstab_add_defaults Given fstab hashref, add defaults for the undefined values Returns a copy of the original hashref parse_fstab_line Parses a line of /etc/fstab and converts it in a hashref. Returns undef when the line is comment/empty. Defaults are added using fstab_add_defaults function.

Methods exports Given the component configuration hashref tree, create the exports configuration file /etc/exports. A backup of the old file is created. The method also sets the sync option if nethier sync or async is specified. Returns if the configuration file changed (or not). fstab Given the component configuration hashref tree, create the fstab configuration file /etc/fstab.A backup of the old file is created. The fstab configuration file is read and processed. Any non-managed entries (and comments not related to the component) are left alone. Only managed entries are considered for removal or modifications; new ones are added from the configu- ration. The current managed entries are devices with filesystems nfs, nfs4, panfs or ceph. bind mounts (filesystem none and mount option bind) Method returns if the configuration file changed (or not) hashref with the old managed entries (key the device and value the fstab hashref from parse_fstab_line function) arrayref with the order of the old managed devices %new, @new_order; hashref with the configured managed entries (with defaults and action to take added) arrayref with the order of the configured devices do_mount Do something mount(point) related (umount, mount, remount, . . . ) cmd is the arrayref, the mountpoint is appended from the fstab hashref. Returns SUCCESS on success, undef on failure. process_mounts

386 Chapter 1. Content Quattor Documentation, Release 0.0.1

Given the component configuration hashref tree, determine the new and old ncm-nfs managed entries via the fstab method and do the appropriate unmounting/mounting. Returns if the fstab configuration file changed (or not) (value from fstab method) if any mount action was taken nfs::schema

Types

• /software/nfs/structure_nfs_exports – /software/nfs/structure_nfs_exports/path

* Optional * Type: string – /software/nfs/structure_nfs_exports/hosts

* Optional * Type: string • /software/nfs/structure_nfs_mounts – /software/nfs/structure_nfs_mounts/device

* Optional * Type: string – /software/nfs/structure_nfs_mounts/mountpoint

* Optional * Type: string – /software/nfs/structure_nfs_mounts/fstype

* Optional * Type: string – /software/nfs/structure_nfs_mounts/options

* Optional * Type: string – /software/nfs/structure_nfs_mounts/freq

* Optional * Type: long * Range: 0.. – /software/nfs/structure_nfs_mounts/passno

* Optional * Type: long * Range: 0..

1.3. configuration-modules-core 387 Quattor Documentation, Release 0.0.1

• /software/nfs/nfs_component – /software/nfs/nfs_component/server

* Description: Configure a NFS server. In particular relevant for missing exports attribute. If true, missing exports forces an empty exports file and a NFS service reload. If false, missing exports has no effect.

* Optional * Type: boolean – /software/nfs/nfs_component/exports

* Description: This is a list of dicts with “path” giving the export path and “hosts” being a dict of host/option entries where the key is the escaped host name and the value the export options(e.g. for “nfsclient.example.org(rw)”, key will be escape(“nfsclient.example.org”) and value will be ‘rw’. Note that the values in “hosts” may NOT contain embedded spaces and should not contain the enclos- ing ‘()’. This restriction is not checked in the schema! If a path is listed more than once, then the last entry will be used to generate the exports file.

* Optional * Type: structure_nfs_exports – /software/nfs/nfs_component/mounts

* Description: This is a list of dicts with mandatory values for “device”, “mountpoint”, and “fstype”. The named lists may contain values for “options”, “freq”, and “passno”. the defaults being “defaults”, 0, and 0, respectively. If a device is listed multiple times, then the last entry will be used to generate a line in the /etc/fstab file. Entries are added in the order given in the list AFTER preexisting entries in the fstab file. If the mounts change, then the component will attempt to unmount any mounts which are removed and mount any new ones. If the options change, then the volume will be remounted. If the list is empty, all supported mounts in fstab will be removed. If you don’t want ncm-nfs to modify /etc/fstab, do not set the mounts attribute at all.

* Optional * Type: structure_nfs_mounts

nrpe

DESCRIPTION

The nrpe component manages the NRPE daemon, which executes Nagios plugins on remote hosts. The NRPE service can be run under xinetd or as a stand-alone daemon. This component only supports the stand-alone way.

Types

• /software/nrpe/component_nrpe_options – /software/nrpe/component_nrpe_options/log_facility

388 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: The syslog facility that should be used for logging purposes. * Optional * Type: string – /software/nrpe/component_nrpe_options/pid_file

* Description: File in which the NRPE daemon should write it’s process ID number. * Optional * Type: string – /software/nrpe/component_nrpe_options/server_port

* Description: The port the daemon will listen to. * Optional * Type: type_port – /software/nrpe/component_nrpe_options/server_address

* Description: Address that nrpe should bind to if you do not want nrpe to bind on all interfaces. * Optional * Type: string – /software/nrpe/component_nrpe_options/nrpe_user

* Description: User the daemon will run as. * Optional * Type: string – /software/nrpe/component_nrpe_options/nrpe_group

* Description: Group the daemon will run as. * Optional * Type: string – /software/nrpe/component_nrpe_options/allowed_hosts

* Description: List of hosts allowed to order the NRPE daemon to run commands. * Optional * Type: type_hostname – /software/nrpe/component_nrpe_options/dont_blame_nrpe

* Description: Whether or not the remote hosts are allowed to pass arguments to the commands offered by NRPE.

* Optional * Type: boolean – /software/nrpe/component_nrpe_options/command_prefix

* Description: Optional prefix for every single command to be run (e.g. /usr/bin/sudo). * Optional * Type: string

1.3. configuration-modules-core 389 Quattor Documentation, Release 0.0.1

– /software/nrpe/component_nrpe_options/debug

* Description: Whether or not debugging messages are logged to the syslog facility. * Optional * Type: boolean – /software/nrpe/component_nrpe_options/command_timeout

* Description: Timeout for commands, in seconds. * Optional * Type: long – /software/nrpe/component_nrpe_options/connection_timeout

* Description: Timeout for connections, in seconds. * Optional * Type: long – /software/nrpe/component_nrpe_options/allow_weak_random_seed

* Description: Whether or not allow weak random number generation. * Optional * Type: boolean – /software/nrpe/component_nrpe_options/command

* Description: Dict with the command lines to be run. Keys are the command identifiers. Check Nagios’ documentation for more information on command definitions.

* Optional * Type: string – /software/nrpe/component_nrpe_options/include

* Description: List of external file names that should be included. * Optional * Type: string – /software/nrpe/component_nrpe_options/include_dir

* Description: List of directory names that should be included. * Optional * Type: string • /software/nrpe/nrpe_component – /software/nrpe/nrpe_component/mode

* Optional * Type: long – /software/nrpe/nrpe_component/options

* Optional * Type: component_nrpe_options

390 Chapter 1. Content Quattor Documentation, Release 0.0.1 nsca

DESCRIPTION

The nsca component manages the NSCA daemon and the NSCA client configuration. The NSCA client (sender) is used to submit check results that are obtained on a node to the Nagios server. In Nagios terms, they are known as passive check results (i.e. not initated by Nagios).

COMPONENT STRUCTURE

This component can be used to configure an NSCA daemon and/or NSCA client. The daemon is only configured if its configuration exists under /software/components/nsca/daemon, the client part is configured if the configuration under /software/components/nsca/send is defined.

NSCA DAEMON

All fields are mandatory, unless it is explicitly stated: * / software/components/nsca/daemon/pid_file : string The name of the file in which the NSCA daemon should write its process ID number. Defaults to /var/ run/nsca.pid. * / software/components/nsca/daemon/server_port : long Port number on which the daemon should listen for connections. * / software/components/nsca/daemon/server_address : string Address that NSCA has to bind to in case there is more as one interface. This field is optional. * / software/components/nsca/daemon/user : string This determines the effective user that the NSCA daemon should run as. Defaults to “nagios”. * / software/components/nsca/daemon/group : string This determines the effective group that the NSCA daemon should run as. Defaults to “nagios”. * / software/components/nsca/daemon/chroot : string This determines a directory into which the nsca daemon will perform a chroot(2) operation before drop- ping its privileges. This field is optional. * / software/components/nsca/daemon/debug : boolean This option determines whether or not debugging messages are logged to the syslog facility. Defaults to false. * / software/components/nsca/daemon/command_file : string This is the location of the Nagios command file that the daemon should write all service check results that it receives. Defaults to /var/log/nagios/rw/nagios.cmd. * / software/components/nsca/daemoni/alt_dump_file : string This is used to specify an alternate file the daemon should write service check results to in the event the command file does not exist. Defaults to /var/log/nagios/rw/nsca.dump. * / software/components/nsca/daemon/aggregate_writes : boolean

1.3. configuration-modules-core 391 Quattor Documentation, Release 0.0.1

This option determines whether or not the nsca daemon will aggregate writes to the external command file for client connections that contain multiple check results. Defaults to false. * / software/components/nsca/daemon/append_to_file : boolean This option determines whether or not the nsca daemon will open the external command file for writing or appending. Defaults to false. * / software/components/nsca/daemon/max_packet_age : long This option is used by the nsca daemon to determine when client data is too old to be valid. Defaults to 30. * / software/components/nsca/daemon/password : string This is the password/passphrase that should be used to decrypt the incoming packets. * / software/components/nsca/daemon/decryption_method : boolean This option determines the method by which the nsca daemon will decrypt the packets it receives from the clients. Defaults to 1.

NSCA CLIENT

* / software/components/nsca/send/password : string This is the password/passphrase that should be used to encrypt the outgoing packets. * / software/components/nsca/send/encryption_method : long This option determines the method by which the send_nsca client will encrypt the packets it sends to the nsca daemon. Defaults to 1.

Types

• /software/nsca/structure_component_nsca_daemon – /software/nsca/structure_component_nsca_daemon/pid_file

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/server_port

* Optional * Type: long – /software/nsca/structure_component_nsca_daemon/server_addres

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/user

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/group

* Optional

392 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/nsca/structure_component_nsca_daemon/chroot

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/debug

* Optional * Type: boolean – /software/nsca/structure_component_nsca_daemon/command_file

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/alt_dump_file

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/aggregate_writes

* Optional * Type: boolean – /software/nsca/structure_component_nsca_daemon/append_to_file

* Optional * Type: boolean – /software/nsca/structure_component_nsca_daemon/max_packet_age

* Optional * Type: long – /software/nsca/structure_component_nsca_daemon/password

* Optional * Type: string – /software/nsca/structure_component_nsca_daemon/decryption_method

* Optional * Type: long • /software/nsca/structure_component_nsca_send – /software/nsca/structure_component_nsca_send/password

* Optional * Type: string – /software/nsca/structure_component_nsca_send/encryption_method

* Optional * Type: long • /software/nsca/structure_component_nsca

1.3. configuration-modules-core 393 Quattor Documentation, Release 0.0.1

– /software/nsca/structure_component_nsca/daemon

* Optional * Type: structure_component_nsca_daemon – /software/nsca/structure_component_nsca/send

* Optional * Type: structure_component_nsca_send nscd

NAME

NCM::nscd - NCM component to configure nscd.

SYNOPSIS

Configure() Configures the name service caching daemon (nscd). See the nscd.conf(5) man page or the CDB schema file for allowed options. Booleans have to be written as yes or no in the template, this is the way nscd expects them.

FILES modifies /etc/nscd.conf and a temporary file in /etc.

Types

• /software/nscd/component_nscd_service_type – /software/nscd/component_nscd_service_type/enable-cache

* Optional * Type: legacy_binary_affirmation_string – /software/nscd/component_nscd_service_type/positive-time-to-live

* Optional * Type: long – /software/nscd/component_nscd_service_type/negative-time-to-live

* Optional * Type: long – /software/nscd/component_nscd_service_type/suggested-size

* Optional * Type: long – /software/nscd/component_nscd_service_type/check-files

394 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: legacy_binary_affirmation_string – /software/nscd/component_nscd_service_type/persistent

* Optional * Type: legacy_binary_affirmation_string – /software/nscd/component_nscd_service_type/shared

* Optional * Type: legacy_binary_affirmation_string – /software/nscd/component_nscd_service_type/max-db-size

* Optional * Type: long – /software/nscd/component_nscd_service_type/auto-propagate

* Optional * Type: legacy_binary_affirmation_string • /software/nscd/component_nscd_type – /software/nscd/component_nscd_type/logfile

* Optional * Type: string – /software/nscd/component_nscd_type/debug-level

* Optional * Type: string – /software/nscd/component_nscd_type/threads

* Optional * Type: long – /software/nscd/component_nscd_type/max-threads

* Optional * Type: long – /software/nscd/component_nscd_type/server-user

* Optional * Type: string – /software/nscd/component_nscd_type/stat-user

* Optional * Type: string – /software/nscd/component_nscd_type/reload-count

* Optional * Type: string

1.3. configuration-modules-core 395 Quattor Documentation, Release 0.0.1

– /software/nscd/component_nscd_type/paranoia

* Optional * Type: legacy_binary_affirmation_string – /software/nscd/component_nscd_type/restart-interval

* Optional * Type: long – /software/nscd/component_nscd_type/passwd

* Optional * Type: component_nscd_service_type – /software/nscd/component_nscd_type/group

* Optional * Type: component_nscd_service_type – /software/nscd/component_nscd_type/hosts

* Optional * Type: component_nscd_service_type – /software/nscd/component_nscd_type/services

* Optional * Type: component_nscd_service_type – /software/nscd/component_nscd_type/netgroup

* Optional * Type: component_nscd_service_type nss

NAME

NCM::nss - NCM nsswitch component

SYNOPSIS

Configure() Generates /etc/nsswitch.conf and returns error in case of failure. If the nsswitch.conf file is modified and nscd is running, then nscd will be restarted.

RESOURCES

* /software/components/nss/active : boolean activates/deactivates the component. * /software/components/nss/databases : nlist

396 Chapter 1. Content Quattor Documentation, Release 0.0.1

A list of database names (e.g. “passwd”, “hosts”). Each name should be associated with a list of strings. * /software/components/nss/build : nlist A list of database types (e.g. “file”, “db”). If any nss sources are set to use one of these database types then the “build” item will be checked to see if there is a script that should be run in order to build the database. If so, this script will be run before changing nsswitch.conf. The script will be run once for each entry in nsswitch.conf that uses that data source. The value of each key should be an nlist with the following possible keys: script the command line to run to generate once for each database. Any token of the form "" will be substituted with the name of the database being built. active if false, then the build script will not be run. depends A database name can be provided. If specified, then that database will be built before process- ing any databases of this type.

EXAMPLES

"/software/components/nss"= nlist( "build", nlist( "db", nlist("script", "make -f /usr/local/lib/dbfiles.mk ") ),

"database", nlist( "hosts", list("files", "nis", "dns"), "passwd", list("files", "db"), "networks", list("nis", "files", "[NOTFOUND=return]"), ) );

FILES MODIFIED

The component modifies the following files: * /etc/nsswitch.conf

Types

• /software/nss/component_nss_build – /software/nss/component_nss_build/script

* Optional * Type: string – /software/nss/component_nss_build/depends

* Optional * Type: string

1.3. configuration-modules-core 397 Quattor Documentation, Release 0.0.1

– /software/nss/component_nss_build/active

* Optional * Type: boolean • /software/nss/component_nss_build_dbs – /software/nss/component_nss_build_dbs/db

* Optional * Type: component_nss_build – /software/nss/component_nss_build_dbs/nis

* Optional * Type: component_nss_build – /software/nss/component_nss_build_dbs/compat

* Optional * Type: component_nss_build – /software/nss/component_nss_build_dbs/dns

* Optional * Type: component_nss_build – /software/nss/component_nss_build_dbs/files

* Optional * Type: component_nss_build – /software/nss/component_nss_build_dbs/ldap

* Optional * Type: component_nss_build • /software/nss/component_nss_db • /software/nss/component_nss_type – /software/nss/component_nss_type/build

* Optional * Type: component_nss_build_dbs – /software/nss/component_nss_type/databases

* Optional * Type: component_nss_db ntpd

NAME

NCM::ntpd - NCM ntpd configuration component

398 Chapter 1. Content Quattor Documentation, Release 0.0.1

SYNOPSIS

This component configures the ntpd (Network Time Protocol) server. If anything changed in the configuration, it will restart ntpd.

Types

• /software/ntpd/ntpd_clientnet_type – /software/ntpd/ntpd_clientnet_type/net

* Optional * Type: type_ip – /software/ntpd/ntpd_clientnet_type/mask

* Optional * Type: type_ip • /software/ntpd/ntpd_server_options – Description: Server command options Refer to man ntp.conf for details. – /software/ntpd/ntpd_server_options/autokey

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/burst

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/iburst

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/key

* Optional * Type: long * Range: 1..655534 – /software/ntpd/ntpd_server_options/minpoll

* Optional * Type: long * Range: 3..17 – /software/ntpd/ntpd_server_options/maxpoll

* Optional * Type: long * Range: 3..17

1.3. configuration-modules-core 399 Quattor Documentation, Release 0.0.1

– /software/ntpd/ntpd_server_options/noselect

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/preempt

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/prefer

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/true

* Optional * Type: boolean – /software/ntpd/ntpd_server_options/version

* Optional * Type: long * Range: 1..4 • /software/ntpd/ntpd_restrict_options – Description: Base restrict command options Refer to C<< man ntp_acc >> for more information or access control commands. – /software/ntpd/ntpd_restrict_options/mask

* Description: Mask can be a address of a host or network and can be a valid host DNS name. * Optional * Type: type_ip – /software/ntpd/ntpd_restrict_options/ignore

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/kod

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/limited

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/lowpriotrap

* Optional * Type: boolean

400 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ntpd/ntpd_restrict_options/nomodify

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/noquery

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/nopeer

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/noserve

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/notrap

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/notrust

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/ntpport

* Optional * Type: boolean – /software/ntpd/ntpd_restrict_options/version

* Description: Deny packets that do not match the current NTP version. * Optional * Type: long * Range: 1..4 • /software/ntpd/ntpd_restrict_default – Description: Default restrict command options. Default when none-defined: restrict default ignore. • /software/ntpd/ntpd_server_definition – Description: Server address with optional options and access restrictions Allows to configure timeservers with their own options. – /software/ntpd/ntpd_server_definition/server

* Description: Time server, can be ip address or qualified DNS hostname * Optional

1.3. configuration-modules-core 401 Quattor Documentation, Release 0.0.1

* Type: type_hostname – /software/ntpd/ntpd_server_definition/options

* Optional * Type: ntpd_server_options • /software/ntpd/ntpd_tinker_options – Description: Alter certain system variables used by the clock discipline algorithm – /software/ntpd/ntpd_tinker_options/allan

* Optional * Type: long – /software/ntpd/ntpd_tinker_options/dispersion

* Optional * Type: long – /software/ntpd/ntpd_tinker_options/freq

* Optional * Type: long – /software/ntpd/ntpd_tinker_options/huffpuff

* Optional * Type: long – /software/ntpd/ntpd_tinker_options/panic

* Optional * Type: long – /software/ntpd/ntpd_tinker_options/step

* Optional * Type: long – /software/ntpd/ntpd_tinker_options/stepout

* Optional * Type: long • /software/ntpd/ntpd_system_options – Description: System options that can be en/disabled. Flags not mentioned are unaffected. Note that all of these flags can be controlled remotely using the ntpdc utility program. Refer to ntp_misc manpage for more details. – /software/ntpd/ntpd_system_options/auth

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/blient

402 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/calibrate

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/kernel

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/monitor

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/ntp

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/pps

* Optional * Type: boolean – /software/ntpd/ntpd_system_options/stats

* Optional * Type: boolean • /software/ntpd/ntpd_logconfig – Description: Log configuration arguments must be defined in a list of strings. Values for each argument must follow what is defined in ntp_misc manual. Refer to ntp_misc manpage for more details. Examples: to get command ‘logconfig -syncstatus +sysevents’ prefix “/software/components/ntpd”; “logconfig” = list(“-syncstatus”, “+sysevents”); • /software/ntpd/ntpd_statistics – Description: Monitoring/statistics options, see ntp_mon manpage. – /software/ntpd/ntpd_statistics/clockstats

* Optional * Type: boolean – /software/ntpd/ntpd_statistics/cryptostats

* Optional * Type: boolean – /software/ntpd/ntpd_statistics/loopstats

1.3. configuration-modules-core 403 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/ntpd/ntpd_statistics/peerstats

* Optional * Type: boolean – /software/ntpd/ntpd_statistics/rawstats

* Optional * Type: boolean – /software/ntpd/ntpd_statistics/sysstats

* Optional * Type: boolean • /software/ntpd/ntpd_filegen – Description: Monitoring/statistics options, see ntp_mon manpage. – /software/ntpd/ntpd_filegen/name

* Optional * Type: string – /software/ntpd/ntpd_filegen/file

* Optional * Type: string – /software/ntpd/ntpd_filegen/type

* Optional * Type: string – /software/ntpd/ntpd_filegen/linkornolink

* Optional * Type: string – /software/ntpd/ntpd_filegen/enableordisable

* Optional * Type: string • /software/ntpd/ntpd_component – /software/ntpd/ntpd_component/keyfile

* Description: Specifies the absolute path and of the MD5 key file containing the keys and key identifiers used by ntpd, ntpq and ntpdc when operating with symmetric key cryptogra- phy. Refer to ntp_auth manpage for more details.

* Optional * Type: absolute_file_path

404 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ntpd/ntpd_component/trustedkey

* Description: Refer to ntp_auth manpage for more details. Requires keyfile.

* Optional * Type: long – /software/ntpd/ntpd_component/requestkey

* Description: Specifies the key identifier to use with the ntpdc utility program. Refer to ntp_auth manpage for more details. Requires keyfile.

* Optional * Type: long – /software/ntpd/ntpd_component/controlkey

* Description: Specifies the key identifier to use with the ntpq utility program. Refer to ntp_auth manpage for more details. Requires keyfile.

* Optional * Type: long – /software/ntpd/ntpd_component/driftfile

* Description: Absolute path of the file used to record the frequency of the local clock oscillator. * Optional * Type: absolute_file_path – /software/ntpd/ntpd_component/includefile

* Description: Additional configuration commands to be included from a separate file. * Optional * Type: absolute_file_path – /software/ntpd/ntpd_component/useserverip

* Description: resolve and use the time server(s) ip address in the config file(s) * Optional * Type: boolean – /software/ntpd/ntpd_component/serverlist

* Optional * Type: ntpd_server_definition – /software/ntpd/ntpd_component/servers

* Description: list of time servers (using defaultoptions) * Optional * Type: type_hostname – /software/ntpd/ntpd_component/defaultoptions

1.3. configuration-modules-core 405 Quattor Documentation, Release 0.0.1

* Description: Specifies default command options for each timeserver defined in servers or serverlist.

* Optional * Type: ntpd_server_options – /software/ntpd/ntpd_component/clientnetworks

* Description: List of clients that can use this server to synchronize. Default allows connections from localhost only.

* Optional * Type: ntpd_clientnet_type – /software/ntpd/ntpd_component/logfile

* Description: Absolute path to alternate logfile instead of default syslog. Refer to ntp_misc manpage for more details.

* Optional * Type: absolute_file_path – /software/ntpd/ntpd_component/logconfig

* Optional * Type: ntpd_logconfig – /software/ntpd/ntpd_component/statsdir

* Description: Directory path prefix for statistics file names. * Optional * Type: absolute_file_path – /software/ntpd/ntpd_component/statistics

* Optional * Type: ntpd_statistics – /software/ntpd/ntpd_component/filegen

* Optional * Type: ntpd_filegen – /software/ntpd/ntpd_component/disable

* Description: Provides a way to disable various system options. * Optional * Type: ntpd_system_options – /software/ntpd/ntpd_component/enable

* Description: Provides a way to enable various system options. * Optional * Type: ntpd_system_options – /software/ntpd/ntpd_component/tinker

* Optional

406 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: ntpd_tinker_options – /software/ntpd/ntpd_component/restrictdefault

* Optional * Type: ntpd_restrict_default – /software/ntpd/ntpd_component/broadcastdelay

* Description: Double value in seconds to set network delay between local and remote servers. Refer to ntp_misc manpage for more details.

* Optional * Type: double – /software/ntpd/ntpd_component/authenticate

* Description: Adds string ‘authenticate yes’ to ntp.conf. * Optional * Type: boolean – /software/ntpd/ntpd_component/servicename

* Description: Override the service name to restart. Some platforms use a different service name to represent ntpd. Defaults are “ntpd” on linux and “svc:/network/ntpd” on solaris.

* Optional * Type: string – /software/ntpd/ntpd_component/includelocalhost

* Description: Includes fudge options for localhost’s clock. Defaults to true * Optional * Type: boolean – /software/ntpd/ntpd_component/enablelocalhostdebug

* Description: Allows some debugging via ntpdc on localhost but does not allow modifications. Defaults to true

* Optional * Type: boolean – /software/ntpd/ntpd_component/group

* Description: if the group is set, files are written with root.group ownership and 0640 permission * Optional * Type: defined_group

Functions

• valid_ntpd_logconfig_list

1.3. configuration-modules-core 407 Quattor Documentation, Release 0.0.1 ofed

NAME

NCM::Component::ofed - OFED configuration component

Types

• /software/ofed/component_ofed_openib_options – Description: openib options – /software/ofed/component_ofed_openib_options/onboot

* Description: Start HCA driver upon boot * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/renice_ib_mad

* Description: MAD datagrams thread priority * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/set_ipoib_cm

* Description: disable CM for IPoIB for large clusters * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/set_ipoib_channels

* Optional * Type: boolean – /software/ofed/component_ofed_openib_options/ipoib_mtu

* Description: IPoIB MTU setting for CM * Optional * Type: long * Range: 0..65536 – /software/ofed/component_ofed_openib_options/srpha_enable

* Description: SRP High Availability * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/srp_daemon_enable

* Optional * Type: boolean – /software/ofed/component_ofed_openib_options/run_sysctl

408 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: sysctl tuning * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/run_affinity_tuner

* Description: affinity tuning * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/run_mlnx_tune

* Description: Enable MLNX autotuning * Optional * Type: boolean – /software/ofed/component_ofed_openib_options/node_desc

* Description: node description * Optional * Type: string – /software/ofed/component_ofed_openib_options/node_desc_update_timeout

* Description: Max time in seconds to wait for node’s hostname to be set * Optional * Type: long * Range: 0.. – /software/ofed/component_ofed_openib_options/node_desc_time_before_update

* Description: Wait (in sec) before node description update * Optional * Type: long * Range: 0.. – /software/ofed/component_ofed_openib_options/post_start_delay

* Description: Seconds to sleep after openibd start finished and before releasing the shell * Optional * Type: long * Range: 0.. – /software/ofed/component_ofed_openib_options/cx3_eth_only

* Description: ConnectX-3 ethernet only * Optional * Type: boolean • /software/ofed/component_ofed_openib_modules – Description: openib modules to load

1.3. configuration-modules-core 409 Quattor Documentation, Release 0.0.1

– /software/ofed/component_ofed_openib_modules/ucm

* Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/umad

* Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/uverbs

* Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/rdma_cm

* Description: RDMA CM (connected mode) mode * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/rdma_ucm

* Description: RDMA UD (unreliable datagram) mode * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/ipoib

* Description: IPoIB * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/e_ipoib

* Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/sdp

* Description: SDP (Socket Direct Protocol) * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/srp

* Description: SRP SCSI RDMA Protocol * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/srpt

* Description: SRP Target * Optional * Type: boolean

410 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ofed/component_ofed_openib_modules/rds

* Description: Reliable datagram socket * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/iser

* Description: ISCSI RDMA * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/mlx4_vnic

* Description: Mellanox ConnectX-3 Virtual NICs * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/mlx4_fc

* Description: Mellanox ConnectX-3 FibreChannel over Ethernet * Optional * Type: boolean – /software/ofed/component_ofed_openib_modules/mlx4_en

* Description: Mellanox ConnectX-3 Ethernet * Optional * Type: boolean • /software/ofed/component_ofed_openib_hardware – Description: openib hardware modules to load – /software/ofed/component_ofed_openib_hardware/mthca

* Description: Mellanox Inifinihost III * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/mlx4

* Description: Mellanox ConnectX-2/3 * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/mlx5

* Description: Mellanox ConnectX-4/5 / ConnectIB * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/mlx_en

* Description: Mellanox ethernet-only

1.3. configuration-modules-core 411 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/ipath

* Description: Legacy Qlogic IB * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/qib

* Description: Qlogic/Intel TrueScale IB * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/qlgc_vnic

* Description: Qlogic ethernet * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/cxgb3

* Description: Chelsio T3/T4 * Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/cxgb4

* Optional * Type: boolean – /software/ofed/component_ofed_openib_hardware/nes

* Description: NetEffect * Optional * Type: boolean • /software/ofed/component_ofed_openib – Description: openib configuration – /software/ofed/component_ofed_openib/config

* Description: location of openibd config file * Optional * Type: string – /software/ofed/component_ofed_openib/options

* Optional * Type: component_ofed_openib_options – /software/ofed/component_ofed_openib/modules

* Optional

412 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: component_ofed_openib_modules – /software/ofed/component_ofed_openib/hardware

* Optional * Type: component_ofed_openib_hardware • /software/ofed/component_ofed_partition_property – /software/ofed/component_ofed_partition_property/guid

* Description: Port GUID * Optional * Type: string – /software/ofed/component_ofed_partition_property/membership

* Optional * Type: string • /software/ofed/component_ofed_partition – Description: Partition entry – /software/ofed/component_ofed_partition/key

* Description: partition key (aka PKey); default is 32767/0x7fff. (partition keys are unique; first name is used by OpenSM for same keys)

* Optional * Type: long * Range: 0..32767 – /software/ofed/component_ofed_partition/ipoib

* Description: support IPoiB in this partition * Optional * Type: boolean – /software/ofed/component_ofed_partition/rate

* Description: Rate: e.g. 3 (10Gbps), 4 (20Gbps),. . . * Optional * Type: long * Range: 0..8 – /software/ofed/component_ofed_partition/mtu

* Description: MTU: e.g. 4 (2048 bytes), 5 (4096 bytes) * Optional * Type: long * Range: 0..5 – /software/ofed/component_ofed_partition/properties

1.3. configuration-modules-core 413 Quattor Documentation, Release 0.0.1

* Description: Partition properties * Optional * Type: component_ofed_partition_property • /software/ofed/component_ofed_opensm_config – Description: OpenSM configuration file. Get the defaults and annotation with ‘opensm -c /tmp/opensm.conf’ – /software/ofed/component_ofed_opensm_config/virt_enabled

* Description: Virtualization support: 0: Ignore Virtualization - No virtualization support 1: Disable Virtualization - Disable virtualiza- tion on all Virtualization supporting ports 2: Enable Virtualization - Enable virtualization on all Virtualization supporting ports - Optional - Type: long - Range: 0..2 – /software/ofed/component_ofed_opensm_config/virt_max_ports_in_process

* Description: Maximum number of ports to be processed simultaneously by Virtualization Man- ager (0 - process all pending ports)

* Optional * Type: long * Range: 0.. – /software/ofed/component_ofed_opensm_config/virt_default_hop_limit

* Description: Default value for hop limit to be returned in path records where either the source or desitination are virtual ports

* Optional * Type: long * Range: 0.. • /software/ofed/component_ofed_opensm – Description: Subnet manager configuration – /software/ofed/component_ofed_opensm/daemons

* Description: daemons to restart on configuration changes * Optional * Type: string – /software/ofed/component_ofed_opensm/partitions

* Description: SM partitions configuration. Dict key is the partition name * Optional * Type: component_ofed_partition – /software/ofed/component_ofed_opensm/names

* Description: Node name map configuration. Dict key is the GUID starting with ‘x’ (the 0 is prefixed automatically)

414 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/ofed/component_ofed_opensm/config

* Description: configuration file * Optional * Type: component_ofed_opensm_config • /software/ofed/ofed_component – /software/ofed/ofed_component/openib

* Optional * Type: component_ofed_openib – /software/ofed/ofed_component/opensm

* Optional * Type: component_ofed_opensm

openldap

NAME

openldap – NCM component to control entries in /etc/openldap/slapd.conf

DESCRIPTION

The openldap component manages the openldap server config file /etc/openldap/slapd.conf.

Types

• /software/openldap/long_pow2 – Description: power of 2 (up to 64k) • /software/openldap/ldap_hash – Description: Possible acceptable values • /software/openldap/ldap_sizelimit – /software/openldap/ldap_sizelimit/soft

* Optional * Type: long – /software/openldap/ldap_sizelimit/hard

* Optional * Type: long

1.3. configuration-modules-core 415 Quattor Documentation, Release 0.0.1

• /software/openldap/ldap_buffer_size – /software/openldap/ldap_buffer_size/listener

* Optional * Type: type_absoluteURI – /software/openldap/ldap_buffer_size/read

* Optional * Type: long – /software/openldap/ldap_buffer_size/write

* Optional * Type: long • /software/openldap/ldap_access_item – /software/openldap/ldap_access_item/who

* Optional * Type: string – /software/openldap/ldap_access_item/access

* Optional * Type: string – /software/openldap/ldap_access_item/control

* Optional * Type: string • /software/openldap/ldap_access – /software/openldap/ldap_access/what

* Optional * Type: string – /software/openldap/ldap_access/attrs

* Optional * Type: string – /software/openldap/ldap_access/by

* Optional * Type: string • /software/openldap/auth_regexp – /software/openldap/auth_regexp/match

* Optional * Type: string – /software/openldap/auth_regexp/replace

* Optional

416 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/openldap/ldap_syntax • /software/openldap/tls_options – /software/openldap/tls_options/CipherSuite

* Optional * Type: string – /software/openldap/tls_options/CACertificateFile

* Optional * Type: string – /software/openldap/tls_options/CACertificatePath

* Optional * Type: string – /software/openldap/tls_options/CertificateFile

* Optional * Type: string – /software/openldap/tls_options/CertificateKeyFile

* Optional * Type: string – /software/openldap/tls_options/DHParamFile

* Optional * Type: string – /software/openldap/tls_options/RandFile

* Optional * Type: string – /software/openldap/tls_options/VerifyClient

* Optional * Type: string – /software/openldap/tls_options/CRLCheck

* Optional * Type: string – /software/openldap/tls_options/CRLFile

* Optional * Type: string • /software/openldap/ldap_checkpoint – /software/openldap/ldap_checkpoint/size

* Optional

1.3. configuration-modules-core 417 Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. – /software/openldap/ldap_checkpoint/minutes

* Optional * Type: long * Range: 0.. • /software/openldap/ldap_global – /software/openldap/ldap_global/access

* Optional * Type: ldap_access – /software/openldap/ldap_global/allow

* Optional * Type: string – /software/openldap/ldap_global/argsfile

* Optional * Type: string – /software/openldap/ldap_global/attributeoptions

* Optional * Type: string – /software/openldap/ldap_global/attributetype

* Optional * Type: ldap_syntax – /software/openldap/ldap_global/authid-rewrite

* Optional * Type: string – /software/openldap/ldap_global/authz-policy

* Optional * Type: string – /software/openldap/ldap_global/authz-regexp

* Optional * Type: auth_regexp – /software/openldap/ldap_global/concurrency

* Optional * Type: long – /software/openldap/ldap_global/conn_max_pending_auth

* Optional

418 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: long – /software/openldap/ldap_global/defaultsearchbase

* Optional * Type: string – /software/openldap/ldap_global/disallow

* Optional * Type: string – /software/openldap/ldap_global/ditcontentrule

* Optional * Type: ldap_syntax – /software/openldap/ldap_global/gentlehup

* Optional * Type: boolean – /software/openldap/ldap_global/idletimeout

* Optional * Type: long – /software/openldap/ldap_global/include

* Optional * Type: string – /software/openldap/ldap_global/ldapsyntax

* Optional * Type: ldap_syntax – /software/openldap/ldap_global/listener-threads

* Optional * Type: long_pow2 – /software/openldap/ldap_global/localSSF

* Optional * Type: long – /software/openldap/ldap_global/logfile

* Optional * Type: string – /software/openldap/ldap_global/loglevel

* Optional * Type: long – /software/openldap/ldap_global/moduleload

* Optional

1.3. configuration-modules-core 419 Quattor Documentation, Release 0.0.1

* Type: string – /software/openldap/ldap_global/modulepath

* Optional * Type: string – /software/openldap/ldap_global/objectclass

* Optional * Type: ldap_syntax – /software/openldap/ldap_global/password-hash

* Optional * Type: ldap_hash – /software/openldap/ldap_global/password-crypt-salt-format

* Optional * Type: string – /software/openldap/ldap_global/pidfile

* Optional * Type: string – /software/openldap/ldap_global/referral

* Optional * Type: type_URI – /software/openldap/ldap_global/require

* Optional * Type: string – /software/openldap/ldap_global/reverse-lookup

* Optional * Type: boolean – /software/openldap/ldap_global/rootDSE

* Optional * Type: string – /software/openldap/ldap_global/sasl-auxprops

* Optional * Type: string – /software/openldap/ldap_global/sasl-host

* Optional * Type: type_fqdn – /software/openldap/ldap_global/sasl-ream

* Optional

420 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/openldap/ldap_global/sasl-secprops

* Optional * Type: string – /software/openldap/ldap_global/schemadn

* Optional * Type: string – /software/openldap/ldap_global/security

* Optional * Type: string – /software/openldap/ldap_global/serverID

* Optional * Type: long * Range: 0..4095 – /software/openldap/ldap_global/sizelimit

* Optional * Type: ldap_sizelimit – /software/openldap/ldap_global/sockbuf_max_incoming

* Optional * Type: long – /software/openldap/ldap_global/sockbuf_max_incoming_auth

* Optional * Type: long – /software/openldap/ldap_global/sortvals

* Optional * Type: string – /software/openldap/ldap_global/tcp-buffer

* Optional * Type: ldap_buffer_size – /software/openldap/ldap_global/threads

* Optional * Type: long * Range: 2.. – /software/openldap/ldap_global/tls

* Optional * Type: tls_options

1.3. configuration-modules-core 421 Quattor Documentation, Release 0.0.1

– /software/openldap/ldap_global/timelimit

* Optional * Type: long – /software/openldap/ldap_global/tool-threads

* Optional * Type: long – /software/openldap/ldap_global/writetimeout

* Optional * Type: long • /software/openldap/ldap_database_string • /software/openldap/ldap_ops • /software/openldap/ldap_replica_retries – /software/openldap/ldap_replica_retries/interval

* Optional * Type: string – /software/openldap/ldap_replica_retries/retries

* Optional * Type: long • /software/openldap/ldap_replica_cfg – /software/openldap/ldap_replica_cfg/rid

* Optional * Type: long * Range: 0..999 – /software/openldap/ldap_replica_cfg/provider

* Optional * Type: type_absoluteURI – /software/openldap/ldap_replica_cfg/searchbase

* Optional * Type: string – /software/openldap/ldap_replica_cfg/type

* Optional * Type: string – /software/openldap/ldap_replica_cfg/interval

* Optional * Type: string – /software/openldap/ldap_replica_cfg/retry

422 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: ldap_replica_retries – /software/openldap/ldap_replica_cfg/scope

* Optional * Type: string – /software/openldap/ldap_replica_cfg/attrs

* Optional * Type: string – /software/openldap/ldap_replica_cfg/attrsonly

* Optional * Type: boolean – /software/openldap/ldap_replica_cfg/sizelimit

* Optional * Type: long – /software/openldap/ldap_replica_cfg/timelimit

* Optional * Type: long – /software/openldap/ldap_replica_cfg/schemachecking

* Optional * Type: boolean – /software/openldap/ldap_replica_cfg/network-timeout

* Optional * Type: long – /software/openldap/ldap_replica_cfg/timeout

* Optional * Type: long – /software/openldap/ldap_replica_cfg/bindmethod

* Optional * Type: string – /software/openldap/ldap_replica_cfg/binddn

* Optional * Type: string – /software/openldap/ldap_replica_cfg/saslmech

* Optional * Type: string – /software/openldap/ldap_replica_cfg/authcid

1.3. configuration-modules-core 423 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/openldap/ldap_replica_cfg/authzid

* Optional * Type: string – /software/openldap/ldap_replica_cfg/credentials

* Optional * Type: string – /software/openldap/ldap_replica_cfg/realm

* Optional * Type: string – /software/openldap/ldap_replica_cfg/secprops

* Optional * Type: string – /software/openldap/ldap_replica_cfg/keepalive

* Optional * Type: string – /software/openldap/ldap_replica_cfg/starttls

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_cert

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_key

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_cacert

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_cacertdir

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_reqcert

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_ciphersuite

424 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/openldap/ldap_replica_cfg/tls_crlcheck

* Optional * Type: string – /software/openldap/ldap_replica_cfg/suffixmassage

* Optional * Type: string – /software/openldap/ldap_replica_cfg/logbase

* Optional * Type: string – /software/openldap/ldap_replica_cfg/logfilter

* Optional * Type: string – /software/openldap/ldap_replica_cfg/syncdata

* Optional * Type: string – /software/openldap/ldap_replica_cfg/filter

* Optional * Type: string • /software/openldap/ldap_overlay_syncprov – /software/openldap/ldap_overlay_syncprov/checkpoint

* Optional * Type: long – /software/openldap/ldap_overlay_syncprov/sessionlog

* Optional * Type: long – /software/openldap/ldap_overlay_syncprov/nopresent

* Optional * Type: boolean – /software/openldap/ldap_overlay_syncprov/reloadhint

* Optional * Type: boolean • /software/openldap/type_ldap_overlay – /software/openldap/type_ldap_overlay/syncprov

* Optional

1.3. configuration-modules-core 425 Quattor Documentation, Release 0.0.1

* Type: ldap_overlay_syncprov • /software/openldap/type_db_config – /software/openldap/type_db_config/cachesize

* Optional * Type: long – /software/openldap/type_db_config/lg_regionmax

* Optional * Type: long – /software/openldap/type_db_config/lg_bsize

* Optional * Type: long – /software/openldap/type_db_config/lg_max

* Optional * Type: long • /software/openldap/ldap_database_limits – /software/openldap/ldap_database_limits/size

* Optional * Type: ldap_sizelimit – /software/openldap/ldap_database_limits/time

* Optional * Type: ldap_sizelimit • /software/openldap/ldap_monitoring – /software/openldap/ldap_monitoring/default

* Optional * Type: boolean • /software/openldap/ldap_database – /software/openldap/ldap_database/class

* Optional * Type: ldap_database_string – /software/openldap/ldap_database/add_content_acl

* Optional * Type: boolean – /software/openldap/ldap_database/checkpoint

* Optional * Type: ldap_checkpoint – /software/openldap/ldap_database/db_config

426 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: type_db_config – /software/openldap/ldap_database/directory

* Optional * Type: string – /software/openldap/ldap_database/extra_attrs

* Optional * Type: string – /software/openldap/ldap_database/index

* Optional * Type: string – /software/openldap/ldap_database/hidden

* Optional * Type: boolean – /software/openldap/ldap_database/lastmod

* Optional * Type: boolean – /software/openldap/ldap_database/limits

* Optional * Type: ldap_database_limits – /software/openldap/ldap_database/maxderefdepth

* Optional * Type: long – /software/openldap/ldap_database/mirrormode

* Optional * Type: boolean – /software/openldap/ldap_database/monitoring

* Optional * Type: boolean – /software/openldap/ldap_database/overlay

* Optional * Type: type_ldap_overlay – /software/openldap/ldap_database/readonly

* Optional * Type: boolean – /software/openldap/ldap_database/restrict

1.3. configuration-modules-core 427 Quattor Documentation, Release 0.0.1

* Optional * Type: ldap_ops – /software/openldap/ldap_database/rootdn

* Optional * Type: string – /software/openldap/ldap_database/rootpw

* Optional * Type: string – /software/openldap/ldap_database/suffix

* Optional * Type: string – /software/openldap/ldap_database/subordinate

* Optional * Type: boolean – /software/openldap/ldap_database/sync_use_subentry

* Optional * Type: boolean – /software/openldap/ldap_database/syncrepl

* Optional * Type: ldap_replica_cfg – /software/openldap/ldap_database/updatedn

* Optional * Type: string – /software/openldap/ldap_database/updateref

* Optional * Type: type_absoluteURI – /software/openldap/ldap_database/backend_specific

* Optional * Type: string • /software/openldap/component_openldap – /software/openldap/component_openldap/conf_file

* Optional * Type: string – /software/openldap/component_openldap/include_schema

* Optional * Type: string

428 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/openldap/component_openldap/loglevel

* Optional * Type: long * Range: 0.. – /software/openldap/component_openldap/pidfile

* Optional * Type: string – /software/openldap/component_openldap/argsfile

* Optional * Type: string – /software/openldap/component_openldap/database

* Optional * Type: string – /software/openldap/component_openldap/suffix

* Optional * Type: string – /software/openldap/component_openldap/rootdn

* Optional * Type: string – /software/openldap/component_openldap/rootpw

* Optional * Type: string – /software/openldap/component_openldap/directory

* Optional * Type: string – /software/openldap/component_openldap/index

* Optional * Type: string – /software/openldap/component_openldap/global

* Optional * Type: ldap_global – /software/openldap/component_openldap/backends

* Optional * Type: ldap_database – /software/openldap/component_openldap/databases

* Optional

1.3. configuration-modules-core 429 Quattor Documentation, Release 0.0.1

* Type: ldap_database – /software/openldap/component_openldap/monitoring

* Optional * Type: ldap_monitoring – /software/openldap/component_openldap/move_slapdd

* Optional * Type: boolean

Functions

• openldap_loglevels_to_long – Description: converts a list of named loglevels to its numeric value returns undef in case of unknown entry returns (whichever comes first in list) 0 if one of the values is ‘nologging’ -1 if one of the values is ‘any’ opennebula

NAME ncm-opennebula: Configuration module for OpenNebula

DESCRIPTION ncm-opennebula provides support for OpenNebula configuration for: server: setup OpenNebula server and hosts AII: add VM management support with OpenNebula server

Features that are implemented at this moment: * oned service configuration * Sunstone service configuration * OneFlow service configuration * Adding/removing VNETs * Adding/removing datastores (only Ceph and shared datastores for the moment) * Adding/removing hosts * Adding/removing OpenNebula regular users * Adding/removing OpenNebula groups * Adding/removing OpenNebula virtual clusters

430 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Assign OpenNebula resources to virtual clusters * Assign OpenNebula users to primary groups * Updates OpenNebula \*_auth files * Updates VMM kvmrc config file * Updates VNM OpenNebulaNetwork config file * Cloud resource labels (OpenNebula >= 5.x) OpenNebula installation is 100% automated. Therefore: * All the new OpenNebula templates created by the component will include a QUATTOR flag. * The component only will modify/remove resources with the QUATTOR flag set, otherwise the resource is ignored. * If the component finds any issue during host configuration then the node is set as disabled.

INITIAL CREATION

The schema details are annotated in the schema file. Example pan files are included in the examples folder and also in the test folders. To set up the initial cluster, some steps should be taken: 1. First install the required Ruby gems in your OpenNebula server. You can use OpenNebula installgems addon : https://github.com/OpenNebula/addon-installgems. 2. The OpenNebula server(s) should have passwordless ssh access as oneadmin user to all the host hosts of the cluster. e.g. by distributing the public key(s) of the OpenNebula host over the cluster. 3. Start OpenNebula services: # for i in '' -econe -gate -novnc -occi -sunstone; do service opennebula$i stop; done 4. Run the component a first time. 5. The new oneadmin password will be available from /var/lib/one/.one/one_auth file. The old auth files are stored with .quattor.backup extension. 6. It is also possible to change sunstone service password, just include ‘serveradmin’ user and passwd within open- nebula/users tree. In that case the component also updates the sunstone_auth file.

METHODS make_one

Sets OpenNebula RPC endpoint info to connect to ONE API. process_template

Detect and process ONE templates. It could return a CAF::TextRender instance or a plain text template for ONE RPC.

1.3. configuration-modules-core 431 Quattor Documentation, Release 0.0.1

create_or_update_something

Creates/updates ONE resources based on resource type.

remove_something

Removes OpenNebula resources.

update_something

Updates OpenNebula resource templates. detect_used_resource

Detects if the resource is already there and if QUATTOR flag is present. Returns undef: resource not used yet. Returns 1: resource already used without QUATTOR flag. Returns -1: resource already used with QUATTOR flag set

Configure

Configure basic OpenNebula server resources.

Types

• /software/opennebula/directory • /software/opennebula/opennebula_mysql_db – /software/opennebula/opennebula_mysql_db/server

* Optional * Type: string – /software/opennebula/opennebula_mysql_db/port

* Optional * Type: type_port – /software/opennebula/opennebula_mysql_db/user

* Optional * Type: string – /software/opennebula/opennebula_mysql_db/passwd

* Optional * Type: string – /software/opennebula/opennebula_mysql_db/db_name

432 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string • /software/opennebula/opennebula_db – /software/opennebula/opennebula_db/backend

* Optional * Type: string • /software/opennebula/opennebula_log – /software/opennebula/opennebula_log/system

* Optional * Type: string – /software/opennebula/opennebula_log/debug_level

* Optional * Type: long * Range: 0..3 • /software/opennebula/opennebula_federation – /software/opennebula/opennebula_federation/mode

* Optional * Type: string – /software/opennebula/opennebula_federation/zone_id

* Optional * Type: long – /software/opennebula/opennebula_federation/master_oned

* Optional * Type: string • /software/opennebula/opennebula_im – /software/opennebula/opennebula_im/executable

* Optional * Type: string – /software/opennebula/opennebula_im/arguments

* Optional * Type: string – /software/opennebula/opennebula_im/sunstone_name

* Optional * Type: string • /software/opennebula/opennebula_im_mad_collectd • /software/opennebula/opennebula_im_mad_kvm

1.3. configuration-modules-core 433 Quattor Documentation, Release 0.0.1

• /software/opennebula/opennebula_im_mad_xen • /software/opennebula/opennebula_im_mad – /software/opennebula/opennebula_im_mad/collectd

* Optional * Type: opennebula_im_mad_collectd – /software/opennebula/opennebula_im_mad/kvm

* Optional * Type: opennebula_im_mad_kvm – /software/opennebula/opennebula_im_mad/xen

* Optional * Type: opennebula_im_mad_xen • /software/opennebula/opennebula_vm – /software/opennebula/opennebula_vm/executable

* Optional * Type: string – /software/opennebula/opennebula_vm/arguments

* Optional * Type: string – /software/opennebula/opennebula_vm/default

* Optional * Type: string – /software/opennebula/opennebula_vm/sunstone_name

* Optional * Type: string – /software/opennebula/opennebula_vm/imported_vms_actions

* Optional * Type: string – /software/opennebula/opennebula_vm/keep_snapshots

* Optional * Type: boolean • /software/opennebula/opennebula_vm_mad_kvm • /software/opennebula/opennebula_vm_mad_xen • /software/opennebula/opennebula_vm_mad – /software/opennebula/opennebula_vm_mad/kvm

* Optional * Type: opennebula_vm_mad_kvm

434 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/opennebula/opennebula_vm_mad/xen

* Optional * Type: opennebula_vm_mad_xen • /software/opennebula/opennebula_tm_mad – /software/opennebula/opennebula_tm_mad/executable

* Optional * Type: string – /software/opennebula/opennebula_tm_mad/arguments

* Optional * Type: string • /software/opennebula/opennebula_datastore_mad – /software/opennebula/opennebula_datastore_mad/executable

* Optional * Type: string – /software/opennebula/opennebula_datastore_mad/arguments

* Optional * Type: string • /software/opennebula/opennebula_hm_mad – /software/opennebula/opennebula_hm_mad/executable

* Optional * Type: string • /software/opennebula/opennebula_auth_mad – /software/opennebula/opennebula_auth_mad/executable

* Optional * Type: string – /software/opennebula/opennebula_auth_mad/authn

* Optional * Type: string • /software/opennebula/opennebula_tm_mad_conf – /software/opennebula/opennebula_tm_mad_conf/name

* Optional * Type: string – /software/opennebula/opennebula_tm_mad_conf/ln_target

* Optional * Type: string – /software/opennebula/opennebula_tm_mad_conf/clone_target

1.3. configuration-modules-core 435 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/opennebula/opennebula_tm_mad_conf/shared

* Optional * Type: boolean – /software/opennebula/opennebula_tm_mad_conf/ds_migrate

* Optional * Type: boolean • /software/opennebula/opennebula_ds_mad_conf – Description: The configuration for each driver is defined in DS_MAD_CONF. These values are used when creating a new datastore and should not be modified since they defined the datastore behavior. • /software/opennebula/opennebula_ds_mad_conf/name – Description: name of the transfer driver, listed in the -d option of the DS_MAD section – Optional – Type: string • /software/opennebula/opennebula_ds_mad_conf/required_attrs – Description: comma separated list of required attributes in the DS template – Optional – Type: string • /software/opennebula/opennebula_ds_mad_conf/persistent_only – Description: specifies whether the datastore can only manage persistent images – Optional – Type: boolean • /software/opennebula/opennebula_ds_mad_conf/marketplace_actions – Optional – Type: string • /software/opennebula/opennebula_market_mad_conf – Description: The configuration for each driver is defined in MARKET_MAD_CONF. These values are used when creating a new marketplace and should not be modified since they define the marketplace behavior. A public marketplace can be removed even if it has registered apps. • /software/opennebula/opennebula_market_mad_conf/name – Description: name of the market driver – Optional – Type: string • /software/opennebula/opennebula_market_mad_conf/required_attrs

436 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: comma separated list of required attributes in the Market template – Optional – Type: string • /software/opennebula/opennebula_market_mad_conf/app_actions – Description: list of actions allowed for a MarketPlaceApp. monitor: the apps of the marketplace will be monitored. create: the app in the marketplace. delete: the app from the marketplace. – Optional – Type: string • /software/opennebula/opennebula_market_mad_conf/public – Description: set to TRUE for external marketplaces – Optional – Type: boolean • /software/opennebula/opennebula_default_cost – Description: The following attributes define the default cost for Virtual Machines that don’t have a CPU, MEMORY or DISK cost. This is used by the oneshowback calculate method. • /software/opennebula/opennebula_default_cost/cpu_cost – Optional – Type: long • /software/opennebula/opennebula_default_cost/memory_cost – Optional – Type: long • /software/opennebula/opennebula_default_cost/disk_cost – Optional – Type: long • /software/opennebula/opennebula_vnc_ports – Description: VNC_BASE_PORT is deprecated since OpenNebula 5.0 OpenNebula will automatically assign start + vmid, allowing to generate different ports for VMs so they do not collide. • /software/opennebula/opennebula_vnc_ports/start – Description: VNC port pool for automatic VNC port assignment, if possible the port will be set to START + VMID • Optional • Type: long • Range: 5900..65535 • /software/opennebula/opennebula_vnc_ports/reserved

1.3. configuration-modules-core 437 Quattor Documentation, Release 0.0.1

– Optional – Type: long • /software/opennebula/opennebula_vlan_ids – Description: LAN ID pool for the automatic VLAN_ID assignment. This pool is for 802.1Q networks (Open vSwitch and 802.1Q drivers). The driver will try first to allocate VLAN_IDS[START] + VNET_ID • /software/opennebula/opennebula_vlan_ids/start – Description: first VLAN_ID to use – Optional – Type: long • /software/opennebula/opennebula_vlan_ids/reserved – Optional – Type: long • /software/opennebula/opennebula_vxlan_ids – Description: Automatic VXLAN Network ID (VNI) assignment. This is used or vxlan networks. NOTE: reserved is not supported by this pool • /software/opennebula/opennebula_vxlan_ids/start – Description: first VNI (Virtual Network ID) to use – Optional – Type: long • /software/opennebula/opennebula_market_mad – Description: Drivers to manage different marketplaces, specialized for the storage backend. • /software/opennebula/opennebula_market_mad/executable – Description: path of the transfer driver executable, can be an absolute path or relative to $ONE_LOCATION/lib/mads (or /usr/lib/one/mads/ if OpenNebula was installed in /) • Optional • Type: string • /software/opennebula/opennebula_market_mad/arguments – Description: arguments for the driver executable: -t number of threads, i.e. number of repo operations at the same time -m marketplace mads separated by commas – Optional – Type: string • /software/opennebula/opennebula_ceph_datastore

438 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: type for ceph datastore specific attributes. ceph_host, ceph_secret, ceph_user, ceph_user_key and pool_name are mandatory • /software/opennebula/opennebula_ceph_datastore/ceph_host – Optional – Type: string • /software/opennebula/opennebula_ceph_datastore/ceph_secret – Optional – Type: type_uuid • /software/opennebula/opennebula_ceph_datastore/ceph_user – Optional – Type: string • /software/opennebula/opennebula_ceph_datastore/ceph_user_key – Optional – Type: string • /software/opennebula/opennebula_ceph_datastore/pool_name – Optional – Type: string • /software/opennebula/opennebula_ceph_datastore/rbd_format – Optional – Type: long – Range: 1..2 • /software/opennebula/opennebula_ar – Description: type for vnet ars specific attributes. type and size are mandatory • /software/opennebula/opennebula_ar/type – Optional – Type: string • /software/opennebula/opennebula_ar/ip – Optional – Type: type_ipv4 • /software/opennebula/opennebula_ar/size – Optional – Type: long – Range: 1.. • /software/opennebula/opennebula_ar/mac

1.3. configuration-modules-core 439 Quattor Documentation, Release 0.0.1

– Optional – Type: type_hwaddr • /software/opennebula/opennebula_ar/global_prefix – Optional – Type: string • /software/opennebula/opennebula_ar/ula_prefix – Optional – Type: string • /software/opennebula/opennebula_datastore – Description: type for an opennebula datastore. Defaults to a ceph datastore (ds_mad is ceph). shared DS is also supported • /software/opennebula/opennebula_datastore/bridge_list – Optional – Type: string • /software/opennebula/opennebula_datastore/datastore_capacity_check – Optional – Type: boolean • /software/opennebula/opennebula_datastore/disk_type – Optional – Type: choice • /software/opennebula/opennebula_datastore/ds_mad – Optional – Type: string • /software/opennebula/opennebula_datastore/tm_mad – Description: set system Datastore TM_MAD value. shared: The storage area for the system datastore is a shared directory across the hosts. vmfs: A specialized version of the shared one to use the vmfs file system. ssh: Uses a local storage area from each host for the system datastore. ceph: Uses Ceph storage backend. – Optional – Type: string • /software/opennebula/opennebula_datastore/type – Optional – Type: string • /software/opennebula/opennebula_datastore/labels – Description: datastore labels is a list of strings to group the datastores under a given name and filter them

440 Chapter 1. Content Quattor Documentation, Release 0.0.1

in the admin and cloud views. It is also possible to include in the list sub-labels using a common slash: list(“Name”, “Name/SubName”) • Optional • Type: string • /software/opennebula/opennebula_datastore/permissions – Optional – Type: opennebula_permissions • /software/opennebula/opennebula_datastore/clusters – Description: Adds the datastore to the given clusters – Optional – Type: string • /software/opennebula/opennebula_vnet – /software/opennebula/opennebula_vnet/bridge

* Optional * Type: string – /software/opennebula/opennebula_vnet/vn_mad

* Optional * Type: string – /software/opennebula/opennebula_vnet/gateway

* Optional * Type: type_ipv4 – /software/opennebula/opennebula_vnet/gateway6

* Optional * Type: type_network_name – /software/opennebula/opennebula_vnet/dns

* Optional * Type: type_ipv4 – /software/opennebula/opennebula_vnet/network_mask

* Optional * Type: type_ipv4 – /software/opennebula/opennebula_vnet/network_address

* Optional * Type: type_ipv4 – /software/opennebula/opennebula_vnet/guest_mtu

* Optional * Type: long

1.3. configuration-modules-core 441 Quattor Documentation, Release 0.0.1

– /software/opennebula/opennebula_vnet/context_force_ipv4

* Optional * Type: boolean – /software/opennebula/opennebula_vnet/search_domain

* Optional * Type: string – /software/opennebula/opennebula_vnet/bridge_ovs

* Optional * Type: string – /software/opennebula/opennebula_vnet/vlan

* Optional * Type: boolean – /software/opennebula/opennebula_vnet/vlan_id

* Optional * Type: long * Range: 0..4095 – /software/opennebula/opennebula_vnet/ar

* Optional * Type: opennebula_ar – /software/opennebula/opennebula_vnet/labels

* Description: vnet labels is a list of strings to group the vnets under a given name and filter them in the admin and cloud views. It is also possible to include in the list sub-labels using a common slash: list(“Name”, “Name/SubName”) – Optional – Type: string – /software/opennebula/opennebula_vnet/filter_ip_spoofing

* Description: set network filter to avoid IP spoofing for the current vnet * Optional * Type: boolean – /software/opennebula/opennebula_vnet/filter_mac_spoofing

* Description: set network filter to avoid MAC spoofing for the current vnet * Optional * Type: boolean – /software/opennebula/opennebula_vnet/phydev

* Description: Name of the physical network device that will be attached to the bridge (VXLAN)

442 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/opennebula/opennebula_vnet/mtu

* Description: MTU for the tagged interface and bridge (VXLAN) * Optional * Type: long * Range: 1500.. – /software/opennebula/opennebula_vnet/permissions

* Optional * Type: opennebula_permissions – /software/opennebula/opennebula_vnet/clusters

* Description: Adds the vnet to the given clusters * Optional * Type: string • /software/opennebula/opennebula_host – Description: Set OpenNebula hypervisor options and their virtual clusters (if any) • /software/opennebula/opennebula_host/host_hyp – Description: set OpenNebula hosts type. – Optional – Type: string • /software/opennebula/opennebula_host/vnm_mad – Description: set the network driver in your hosts. This option is not longer used by ONE >= 5.x versions. • Optional • Type: string • /software/opennebula/opennebula_host/cluster – Description: Set the hypervisor cluster. Any new hypervisor is always included within “Default” cluster. Hosts can be in only one cluster at a time. • Optional • Type: string • /software/opennebula/opennebula_user – Description: Set OpenNebula regular users and their primary groups. By default new users are assigned to the users group. • /software/opennebula/opennebula_user/ssh_public_key

1.3. configuration-modules-core 443 Quattor Documentation, Release 0.0.1

– Optional – Type: string • /software/opennebula/opennebula_user/password – Optional – Type: string • /software/opennebula/opennebula_user/group – Optional – Type: string • /software/opennebula/opennebula_user/labels – Description: user labels is a list of strings to group the users under a given name and filter them in the admin and cloud views. It is also possible to include in the list sub-labels using a common slash: list(“Name”, “Name/SubName”) • Optional • Type: string • /software/opennebula/opennebula_group – Description: Set a group name and an optional decription • /software/opennebula/opennebula_group/description – Optional – Type: string • /software/opennebula/opennebula_group/labels – Optional – Type: string • /software/opennebula/opennebula_cluster – Description: Set OpenNebula clusters and their porperties. • /software/opennebula/opennebula_cluster/reserved_cpu – Description: In percentage. Applies to all the Hosts in this cluster. It will be subtracted from the TOTAL CPU. This value can be negative, in that case you’ll be actually increasing the overall capacity so overcommiting host capacity. • Optional • Type: long • /software/opennebula/opennebula_cluster/reserved_mem – Description: In KB. Applies to all the Hosts in this cluster. It will be subtracted from the TOTAL MEM. This value can be negative, in that case you’ll be actually increasing the overall capacity so overcommiting host capacity.

444 Chapter 1. Content Quattor Documentation, Release 0.0.1

• Optional • Type: long • /software/opennebula/opennebula_remoteconf_ceph – /software/opennebula/opennebula_remoteconf_ceph/pool_name

* Optional * Type: string – /software/opennebula/opennebula_remoteconf_ceph/host

* Optional * Type: string – /software/opennebula/opennebula_remoteconf_ceph/ceph_user

* Optional * Type: string – /software/opennebula/opennebula_remoteconf_ceph/staging_dir

* Optional * Type: directory – /software/opennebula/opennebula_remoteconf_ceph/rbd_format

* Optional * Type: long * Range: 1..2 – /software/opennebula/opennebula_remoteconf_ceph/qemu_img_convert_args

* Optional * Type: string • /software/opennebula/opennebula_oned – Description: Type that sets the OpenNebula oned.conf file • /software/opennebula/opennebula_oned/db – Optional – Type: opennebula_db • /software/opennebula/opennebula_oned/default_device_prefix – Optional – Type: string • /software/opennebula/opennebula_oned/onegate_endpoint – Optional – Type: string • /software/opennebula/opennebula_oned/manager_timer – Optional

1.3. configuration-modules-core 445 Quattor Documentation, Release 0.0.1

– Type: long • /software/opennebula/opennebula_oned/monitoring_interval – Optional – Type: long • /software/opennebula/opennebula_oned/monitoring_threads – Optional – Type: long • /software/opennebula/opennebula_oned/host_per_interval – Optional – Type: long • /software/opennebula/opennebula_oned/host_monitoring_expiration_time – Optional – Type: long • /software/opennebula/opennebula_oned/vm_individual_monitoring – Optional – Type: boolean • /software/opennebula/opennebula_oned/vm_per_interval – Optional – Type: long • /software/opennebula/opennebula_oned/vm_monitoring_expiration_time – Optional – Type: long • /software/opennebula/opennebula_oned/vm_submit_on_hold – Optional – Type: boolean • /software/opennebula/opennebula_oned/max_conn – Optional – Type: long • /software/opennebula/opennebula_oned/max_conn_backlog – Optional – Type: long • /software/opennebula/opennebula_oned/keepalive_timeout – Optional – Type: long • /software/opennebula/opennebula_oned/keepalive_max_conn – Optional

446 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: long • /software/opennebula/opennebula_oned/timeout – Optional – Type: long • /software/opennebula/opennebula_oned/rpc_log – Optional – Type: boolean • /software/opennebula/opennebula_oned/message_size – Optional – Type: long • /software/opennebula/opennebula_oned/log_call_format – Optional – Type: string • /software/opennebula/opennebula_oned/scripts_remote_dir – Optional – Type: directory • /software/opennebula/opennebula_oned/log – Optional – Type: opennebula_log • /software/opennebula/opennebula_oned/federation – Optional – Type: opennebula_federation • /software/opennebula/opennebula_oned/port – Optional – Type: type_port • /software/opennebula/opennebula_oned/vnc_base_port – Optional – Type: long • /software/opennebula/opennebula_oned/network_size – Optional – Type: long • /software/opennebula/opennebula_oned/mac_prefix – Optional – Type: string • /software/opennebula/opennebula_oned/datastore_location – Optional

1.3. configuration-modules-core 447 Quattor Documentation, Release 0.0.1

– Type: directory • /software/opennebula/opennebula_oned/datastore_base_path – Optional – Type: directory • /software/opennebula/opennebula_oned/datastore_capacity_check – Optional – Type: boolean • /software/opennebula/opennebula_oned/default_image_type – Optional – Type: string • /software/opennebula/opennebula_oned/default_cdrom_device_prefix – Optional – Type: string • /software/opennebula/opennebula_oned/session_expiration_time – Optional – Type: long • /software/opennebula/opennebula_oned/default_umask – Optional – Type: long • /software/opennebula/opennebula_oned/im_mad – Optional – Type: opennebula_im_mad • /software/opennebula/opennebula_oned/vm_mad – Optional – Type: opennebula_vm_mad • /software/opennebula/opennebula_oned/tm_mad – Optional – Type: opennebula_tm_mad • /software/opennebula/opennebula_oned/datastore_mad – Optional – Type: opennebula_datastore_mad • /software/opennebula/opennebula_oned/hm_mad – Optional – Type: opennebula_hm_mad • /software/opennebula/opennebula_oned/auth_mad – Optional

448 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: opennebula_auth_mad • /software/opennebula/opennebula_oned/market_mad – Optional – Type: opennebula_market_mad • /software/opennebula/opennebula_oned/default_cost – Optional – Type: opennebula_default_cost • /software/opennebula/opennebula_oned/listen_address – Optional – Type: type_ipv4 • /software/opennebula/opennebula_oned/vnc_ports – Optional – Type: opennebula_vnc_ports • /software/opennebula/opennebula_oned/vlan_ids – Optional – Type: opennebula_vlan_ids • /software/opennebula/opennebula_oned/vxlan_ids – Optional – Type: opennebula_vxlan_ids • /software/opennebula/opennebula_oned/tm_mad_conf – Optional – Type: opennebula_tm_mad_conf • /software/opennebula/opennebula_oned/ds_mad_conf – Optional – Type: opennebula_ds_mad_conf • /software/opennebula/opennebula_oned/market_mad_conf – Optional – Type: opennebula_market_mad_conf • /software/opennebula/opennebula_oned/vm_restricted_attr – Optional – Type: string • /software/opennebula/opennebula_oned/image_restricted_attr – Optional – Type: string • /software/opennebula/opennebula_oned/vnet_restricted_attr – Optional

1.3. configuration-modules-core 449 Quattor Documentation, Release 0.0.1

– Type: string • /software/opennebula/opennebula_oned/inherit_datastore_attr – Optional – Type: string • /software/opennebula/opennebula_oned/inherit_image_attr – Optional – Type: string • /software/opennebula/opennebula_oned/inherit_vnet_attr – Optional – Type: string • /software/opennebula/opennebula_instance_types – /software/opennebula/opennebula_instance_types/name

* Optional * Type: string – /software/opennebula/opennebula_instance_types/cpu

* Optional * Type: long * Range: 1.. – /software/opennebula/opennebula_instance_types/vcpu

* Optional * Type: long * Range: 1.. – /software/opennebula/opennebula_instance_types/memory

* Optional * Type: long – /software/opennebula/opennebula_instance_types/description

* Optional * Type: string • /software/opennebula/opennebula_rpc_service – Description: type for opennebula service common RPC attributes. • /software/opennebula/opennebula_rpc_service/one_xmlrpc – Description: OpenNebula daemon RPC contact information – Optional – Type: type_absoluteURI • /software/opennebula/opennebula_rpc_service/core_auth

450 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: authentication driver to communicate with OpenNebula core – Optional – Type: string • /software/opennebula/opennebula_sunstone – Description: Type that sets the OpenNebula sunstone_server.conf file • /software/opennebula/opennebula_sunstone/env – Optional – Type: string • /software/opennebula/opennebula_sunstone/tmpdir – Optional – Type: directory • /software/opennebula/opennebula_sunstone/host – Optional – Type: type_ipv4 • /software/opennebula/opennebula_sunstone/port – Optional – Type: type_port • /software/opennebula/opennebula_sunstone/sessions – Optional – Type: string • /software/opennebula/opennebula_sunstone/memcache_host – Optional – Type: string • /software/opennebula/opennebula_sunstone/memcache_port – Optional – Type: type_port • /software/opennebula/opennebula_sunstone/memcache_namespace – Optional – Type: string • /software/opennebula/opennebula_sunstone/debug_level – Optional – Type: long – Range: 0..3 • /software/opennebula/opennebula_sunstone/auth – Optional

1.3. configuration-modules-core 451 Quattor Documentation, Release 0.0.1

– Type: string • /software/opennebula/opennebula_sunstone/encode_user_password – Optional – Type: boolean • /software/opennebula/opennebula_sunstone/vnc_proxy_port – Optional – Type: type_port • /software/opennebula/opennebula_sunstone/vnc_proxy_support_wss – Optional – Type: string • /software/opennebula/opennebula_sunstone/vnc_proxy_cert – Optional – Type: string • /software/opennebula/opennebula_sunstone/vnc_proxy_key – Optional – Type: string • /software/opennebula/opennebula_sunstone/vnc_proxy_ipv6 – Optional – Type: boolean • /software/opennebula/opennebula_sunstone/lang – Optional – Type: string • /software/opennebula/opennebula_sunstone/table_order – Optional – Type: string • /software/opennebula/opennebula_sunstone/mode – Description: Set default views directory – Optional – Type: string • /software/opennebula/opennebula_sunstone/marketplace_username – Optional – Type: string • /software/opennebula/opennebula_sunstone/marketplace_password – Optional – Type: string • /software/opennebula/opennebula_sunstone/marketplace_url

452 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: type_absoluteURI • /software/opennebula/opennebula_sunstone/oneflow_server – Optional – Type: type_absoluteURI • /software/opennebula/opennebula_sunstone/instance_types – Optional – Type: opennebula_instance_types • /software/opennebula/opennebula_sunstone/routes – Optional – Type: string • /software/opennebula/opennebula_oneflow – Description: Type that sets the OpenNebula oneflow-server.conf file • /software/opennebula/opennebula_oneflow/host – Description: host where OneFlow server will run – Optional – Type: type_ipv4 • /software/opennebula/opennebula_oneflow/port – Description: port where OneFlow server will run – Optional – Type: type_port • /software/opennebula/opennebula_oneflow/lcm_interval – Description: time in seconds between Life Cycle Manager steps – Optional – Type: long • /software/opennebula/opennebula_oneflow/default_cooldown – Description: default cooldown period after a scale operation, in seconds – Optional – Type: long • /software/opennebula/opennebula_oneflow/shutdown_action – Description: default shutdown action terminate : OpenNebula >= 5.0.0 shutdown : OpenNebula < 5.0.0 • Optional • Type: string • /software/opennebula/opennebula_oneflow/action_number

1.3. configuration-modules-core 453 Quattor Documentation, Release 0.0.1

– Description: default numner of virtual machines that will receive the given call in each interval defined by action_period, when an action is performed on a role • Optional • Type: long • Range: 1.. • /software/opennebula/opennebula_oneflow/action_period – Optional – Type: long – Range: 1.. • /software/opennebula/opennebula_oneflow/vm_name_template – Description: default name for the Virtual Machines created by OneFlow. You can use any of the following placeholders: $SERVICE_ID $SERVICE_NAME $ROLE_NAME $VM_NUMBER • Optional • Type: string • /software/opennebula/opennebula_oneflow/debug_level – Description: log debug level 0 = ERROR 1 = WARNING 2 = INFO 3 = DEBUG – Optional – Type: long – Range: 0..3 • /software/opennebula/opennebula_kvmrc – Description: Type that sets the OpenNebula VMM kvmrc conf files • /software/opennebula/opennebula_kvmrc/lang – Optional – Type: string • /software/opennebula/opennebula_kvmrc/libvirt_uri – Optional – Type: string • /software/opennebula/opennebula_kvmrc/qemu_protocol – Optional – Type: string • /software/opennebula/opennebula_kvmrc/libvirt_keytab – Optional – Type: string

454 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/opennebula/opennebula_kvmrc/shutdown_timeout – Optional – Type: long • /software/opennebula/opennebula_kvmrc/force_destroy – Optional – Type: boolean • /software/opennebula/opennebula_kvmrc/cancel_no_acpi – Optional – Type: boolean • /software/opennebula/opennebula_kvmrc/default_attach_cache – Optional – Type: string • /software/opennebula/opennebula_kvmrc/migrate_options – Optional – Type: string • /software/opennebula/opennebula_kvmrc/default_attach_discard – Optional – Type: string • /software/opennebula/opennebula_vnm_conf – Description: Type that sets the OpenNebula VNM (Virtual Network Manager) configuration file on the nodes • /software/opennebula/opennebula_vnm_conf/validate_vlan_id – Description: set to true to check that no other vlans are connected to the bridge. Works with 802.1Q and VXLAN. • Optional • Type: boolean • /software/opennebula/opennebula_vnm_conf/arp_cache_poisoning – Description: enable ARP Cache Poisoning Prevention Rules for Open vSwitch. – Optional – Type: boolean • /software/opennebula/opennebula_vnm_conf/vxlan_mc – Description: base multicast address for each VLAN. The mc address is :vxlan_mc + :vlan_id. Used by VXLAN. • Optional • Type: type_ipv4

1.3. configuration-modules-core 455 Quattor Documentation, Release 0.0.1

• /software/opennebula/opennebula_vnm_conf/vxlan_ttl – Description: Time To Live (TTL) should be > 1 in routed multicast networks (IGMP). Used by VXLAN. • Optional • Type: long • /software/opennebula/opennebula_rpc – Description: Type that sets the OpenNebula conf to contact to ONE RPC server • /software/opennebula/opennebula_rpc/port – Optional – Type: type_port • /software/opennebula/opennebula_rpc/host – Optional – Type: string • /software/opennebula/opennebula_rpc/user – Optional – Type: string • /software/opennebula/opennebula_rpc/password – Optional – Type: string • /software/opennebula/opennebula_untouchables – Description: Type that sets the OpenNebula untouchable resources • /software/opennebula/opennebula_untouchables/datastores – Optional – Type: string • /software/opennebula/opennebula_untouchables/vnets – Optional – Type: string • /software/opennebula/opennebula_untouchables/users – Optional – Type: string • /software/opennebula/opennebula_untouchables/groups – Optional – Type: string

456 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/opennebula/opennebula_untouchables/hosts – Optional – Type: string • /software/opennebula/opennebula_untouchables/clusters – Optional – Type: string • /software/opennebula/component_opennebula – Description: Type to define ONE basic resources datastores, vnets, hosts names, etc • /software/opennebula/component_opennebula/datastores – Optional – Type: opennebula_datastore • /software/opennebula/component_opennebula/groups – Optional – Type: opennebula_group • /software/opennebula/component_opennebula/users – Optional – Type: opennebula_user • /software/opennebula/component_opennebula/vnets – Optional – Type: opennebula_vnet • /software/opennebula/component_opennebula/clusters – Optional – Type: opennebula_cluster • /software/opennebula/component_opennebula/hosts – Optional – Type: opennebula_host • /software/opennebula/component_opennebula/rpc – Optional – Type: opennebula_rpc • /software/opennebula/component_opennebula/untouchables – Optional – Type: opennebula_untouchables • /software/opennebula/component_opennebula/oned – Optional – Type: opennebula_oned

1.3. configuration-modules-core 457 Quattor Documentation, Release 0.0.1

• /software/opennebula/component_opennebula/sunstone – Optional – Type: opennebula_sunstone • /software/opennebula/component_opennebula/oneflow – Optional – Type: opennebula_oneflow • /software/opennebula/component_opennebula/kvmrc – Optional – Type: opennebula_kvmrc • /software/opennebula/component_opennebula/vnm_conf – Description: set vnm remote configuration – Optional – Type: opennebula_vnm_conf • /software/opennebula/component_opennebula/ssh_multiplex – Description: set ssh host multiplex options – Optional – Type: boolean • /software/opennebula/component_opennebula/cfg_group – Description: in some cases (such a Sunstone standalone configuration with apache), some OpenNebula configuration files should be accessible by a different group (as apache). This variable sets the group name to change these files permissions. • Optional • Type: string

Functions

• is_consistent_database – Description: check if a specific type of database has the right attributes • is_consistent_datastore – Description: check if a specific type of datastore has the right attributes • is_consistent_vnet – Description: check if a specific type of vnet has the right attributes

458 Chapter 1. Content Quattor Documentation, Release 0.0.1 openstack

NAME ncm-openstack: Configuration module for OpenStack

DESCRIPTION ncm-openstack provides support for OpenStack configuration for:

Identity

* Keystone

Compute

* Nova * Nova Hypervisor

Storage

* Glance

Network

* Neutron * Neutron L2 * Neutron L3 * Neutron Linuxbridge * Neutron DHCP

Dashboard

* Horizon

Messaging

* RabbitMQ

INITIAL CREATION

The schema details are annotated in the schema file. Example pan files are included in the examples folder and also in the test folders.

1.3. configuration-modules-core 459 Quattor Documentation, Release 0.0.1

METHODS

Configure

Configure OpenStack services resources.

Types

• /software/openstack/type_storagebackend • /software/openstack/type_neutrondriver • /software/openstack/type_neutronextension • /software/openstack/openstack_domains_common – Description: OpenStack common domains section – /software/openstack/openstack_domains_common/project_domain_name

* Description: Domain name containing project * Optional * Type: string – /software/openstack/openstack_domains_common/project_name

* Description: Project name to scope to * Optional * Type: string – /software/openstack/openstack_domains_common/auth_type

* Description: The type of authentication credential to create. Required if no context is passed to the credential factory – Optional – Type: string – /software/openstack/openstack_domains_common/user_domain_name

* Description: Users domain name * Optional * Type: string – /software/openstack/openstack_domains_common/auth_url

* Description: Keystone authentication URL http(s)://host:port * Optional * Type: type_absoluteURI – /software/openstack/openstack_domains_common/username

* Description: OpenStack service username * Optional

460 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/openstack/openstack_domains_common/password

* Description: OpenStack service user password * Optional * Type: string • /software/openstack/openstack_database – Description: The configuration options in the database Section – /software/openstack/openstack_database/connection

* Description: The SQLAlchemy connection string to use to connect to the database * Optional * Type: string • /software/openstack/openstack_oslo_concurrency – Description: The configuration options in ‘oslo_concurrency’ Section. – /software/openstack/openstack_oslo_concurrency/lock_path

* Description: Directory to use for lock files. For security, the specified directory should only be writable by the user running the processes that need locking. Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, a lock path must be set – Optional – Type: absolute_file_path • /software/openstack/openstack_DEFAULTS – Description: The configuration options in the DEFAULTS Section – /software/openstack/openstack_DEFAULTS/admin_token

* Description: Using this feature is NOT recommended. Instead, use the “keystone-manage bootstrap” command. The value of this option is treated as a “shared secret” that can be used to bootstrap Keystone through the API. This “token” does not represent a user (it has no identity), and carries no explicit authorization (it effectively bypasses most authorization checks). If set to “None”, the value is ignored and the “admin_token” middleware is effectively disabled. However, to completely disable “admin_token” in production (highly recommended, as it presents a security risk), remove AdminTokenAuthMiddleware (the “admin_token_auth” filter) from your paste application pipelines (for example, in “keystone-paste.ini”) – Optional – Type: string – /software/openstack/openstack_DEFAULTS/notifications

* Optional * Type: string – /software/openstack/openstack_DEFAULTS/debug

1.3. configuration-modules-core 461 Quattor Documentation, Release 0.0.1

* Description: From oslo.log If set to true, the logging level will be set to DEBUG instead of the default INFO level. Note: This option can be changed without restarting – Optional – Type: boolean – /software/openstack/openstack_DEFAULTS/use_syslog

* Description: Use syslog for logging. Existing syslog format is DEPRECATED and will be changed later to honor RFC5424. This option is ignored if log_config_append is set – Optional – Type: boolean – /software/openstack/openstack_DEFAULTS/syslog_log_facility

* Description: Syslog facility to receive log lines. This option is ignored if log_config_append is set – Optional – Type: string – /software/openstack/openstack_DEFAULTS/auth_strategy

* Description: From nova.conf This determines the strategy to use for authentication: keystone or noauth2. “noauth2” is designed for testing only, as it does no actual credential checking. “noauth2” provides administrative credentials only if “admin” is specified as the username – Optional – Type: string – /software/openstack/openstack_DEFAULTS/my_ip

* Description: From nova.conf The IP address which the host is using to connect to the management network. Default is IPv4 address of this host – Optional – Type: type_ip – /software/openstack/openstack_DEFAULTS/enabled_apis

* Description: From nova.conf List of APIs to be enabled by default – Optional – Type: string – /software/openstack/openstack_DEFAULTS/transport_url

* Description: From nova.conf An URL representing the messaging driver to use and its full configuration. Example: rab- bit://openstack:@ – Optional

462 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: string – /software/openstack/openstack_DEFAULTS/rootwrap_config

* Description: Path to the rootwrap configuration file. Goal of the root wrapper is to allow a service-specific unprivileged user to run a number of actions as the root user in the safest manner possible. The configuration file used here must match the one defined in the sudoers entry. Be sure to include into sudoers these lines: nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf * more info https://wiki.openstack.org/wiki/Rootwrap – Optional – Type: absolute_file_path – /software/openstack/openstack_DEFAULTS/core_plugin

* Description: From neutron.conf The core plugin Neutron will use – Optional – Type: string – /software/openstack/openstack_DEFAULTS/service_plugins

* Description: From neutron.conf The service plugins Neutron will use – Optional – Type: string – /software/openstack/openstack_DEFAULTS/allow_overlapping_ips

* Description: From neutron.conf Allow overlapping IP support in Neutron. Attention: the following parameter MUST be set to False if Neutron is being used in conjunction with Nova security groups – Optional – Type: boolean – /software/openstack/openstack_DEFAULTS/notify_nova_on_port_status_changes

* Description: From neutron.conf Send notification to nova when port status changes – Optional – Type: boolean – /software/openstack/openstack_DEFAULTS/notify_nova_on_port_data_changes

* Description: From neutron.conf Send notification to nova when port data (fixed_ips/floatingip) changes so nova can update its cache – Optional – Type: boolean

1.3. configuration-modules-core 463 Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_DEFAULTS/interface_driver

* Description: From Neutron l3_agent.ini and dhcp_agent.ini The driver used to manage the virtual interface – Optional – Type: string – /software/openstack/openstack_DEFAULTS/dhcp_driver

* Description: From Neutron dhcp_agent.ini The driver used to manage the DHCP server – Optional – Type: string – /software/openstack/openstack_DEFAULTS/enable_isolated_metadata

* Description: From Neutron dhcp_agent.ini The DHCP server can assist with providing metadata support on isolated networks. Setting this value to True will cause the DHCP server to append specific host routes to the DHCP request. The metadata service will only be activated when the subnet does not contain any router port. The guest instance must be configured to request host routes via DHCP (Option 121). This option does not have any effect when force_metadata is set to True – Optional – Type: boolean – /software/openstack/openstack_DEFAULTS/nova_metadata_ip

* Description: From Neutron metadata_agent.ini IP address or hostname used by Nova metadata server – Optional – Type: string – /software/openstack/openstack_DEFAULTS/metadata_proxy_shared_secret

* Description: From Neutron metadata_agent.ini When proxying metadata requests, Neutron signs the Instance-ID header with a shared secret to prevent spoofing. You may select any string for a secret, but it must match here and in the configuration used by the Nova Metadata Server. NOTE: Nova uses the same config key, but in [neutron] section. – Optional – Type: string – /software/openstack/openstack_DEFAULTS/firewall_driver

* Description: Driver for security groups * Optional * Type: string – /software/openstack/openstack_DEFAULTS/use_neutron

* Description: Use neutron and disable the default firewall setup * Optional

464 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean • /software/openstack/openstack_rabbitmq_config – Description: Type to enable RabbitMQ and the message system for OpenStack. – /software/openstack/openstack_rabbitmq_config/user

* Description: RabbitMQ user to get access to the queue * Optional * Type: string – /software/openstack/openstack_rabbitmq_config/password

* Optional * Type: string – /software/openstack/openstack_rabbitmq_config/permissions

* Description: Set config/write/read permissions for RabbitMQ service. A regular expression matching resource names for which the user is granted configure permissions – Optional – Type: string

Types

• /software/openstack/openstack_glance_store – Description: The Glance configuration options in the “glance_store” Section. From glance.api – /software/openstack/openstack_glance_store/stores

* Description: List of enabled Glance stores. Register the storage backends to use for storing disk images as a comma separated list. The default stores enabled for storing disk images with Glance are “file” and “http” – Optional – Type: type_storagebackend – /software/openstack/openstack_glance_store/default_store

* Description: The default scheme to use for storing images. Provide a string value representing the default scheme to use for storing images. If not set, Glance uses file as the default scheme to store images with the file store. NOTE: The value given for this config- uration option must be a valid scheme for a store registered with the stores configuration option. – Optional – Type: string – /software/openstack/openstack_glance_store/filesystem_store_datadir

* Description: Directory to which the filesystem backend store writes images.

1.3. configuration-modules-core 465 Quattor Documentation, Release 0.0.1

Upon start up, Glance creates the directory if it does not already exist and verifies write access to the user under which “glance-api” runs. If the write access is not available, a BadStoreConfiguration‘‘ exception is raised and the filesystem store may not be available for adding new images. NOTE: This directory is used only when filesystem store is used as a storage backend. Either filesystem_store_datadir or filesystem_store_datadirs‘‘ option must be specified in “glance- api.conf”. If both options are specified, a BadStoreConfiguration will be raised and the filesystem store may not be available for adding new images – Optional – Type: absolute_file_path – /software/openstack/openstack_glance_store/rbd_store_pool

* Description: This option is specific to the RBD storage backend. Default: rbd Sets the RADOS pool in which images are stored – Optional – Type: string – /software/openstack/openstack_glance_store/rbd_store_chunk_size

* Description: This option is specific to the RBD storage backend. Default: 4 Images will be chunked into objects of this size (in megabytes). For best performance, this should be a power of two – Optional – Type: long – Range: 1.. – /software/openstack/openstack_glance_store/rados_connect_timeout

* Description: This option is specific to the RBD storage backend. Default: 0 Prevents glance-api hangups during the connection to RBD. Sets the time to wait (in seconds) for glance-api before closing the connection. Setting rados_connect_timeout<=0 means no timeout – Optional – Type: long – /software/openstack/openstack_glance_store/rbd_store_ceph_conf

* Description: This option is specific to the RBD storage backend. Default: /etc/ceph/ceph.conf, ~/.ceph/config, and ./ceph.conf Sets the Ceph configuration file to use – Optional – Type: absolute_file_path – /software/openstack/openstack_glance_store/rbd_store_user

* Description: This option is specific to the RBD storage backend. Default: admin Sets the RADOS user to authenticate as. This is only needed when RADOS authentication is enabled – Optional – Type: string • /software/openstack/openstack_glance_service_config

466 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: list of Glance configuration sections – /software/openstack/openstack_glance_service_config/DEFAULT

* Optional * Type: openstack_DEFAULTS – /software/openstack/openstack_glance_service_config/database

* Optional * Type: openstack_database – /software/openstack/openstack_glance_service_config/keystone_authtoken

* Optional * Type: openstack_keystone_authtoken – /software/openstack/openstack_glance_service_config/paste_deploy

* Optional * Type: openstack_keystone_paste_deploy – /software/openstack/openstack_glance_service_config/glance_store

* Optional * Type: openstack_glance_store • /software/openstack/openstack_glance_config – Description: list of Glance service configuration sections – /software/openstack/openstack_glance_config/service

* Optional * Type: openstack_glance_service_config – /software/openstack/openstack_glance_config/registry

* Optional * Type: openstack_glance_service_config

Types

• /software/openstack/openstack_horizon_caches – Description: The Horizon configuration options in “caches” Section. – /software/openstack/openstack_horizon_caches/BACKEND

* Description: We recommend you use memcached for development; otherwise after every reload of the django development server, you will have to login again – Optional

1.3. configuration-modules-core 467 Quattor Documentation, Release 0.0.1

– Type: string – /software/openstack/openstack_horizon_caches/LOCATION

* Description: location format : * Optional * Type: type_hostport • /software/openstack/openstack_horizon_api_versions – Description: The Horizon api versions section. Overrides for OpenStack API versions. Use this setting to force the OpenStack dashboard to use a specific API version for a given service API. Versions specified here should be integers or floats, not strings. NOTE: The version should be formatted as it appears in the URL for the service API. For example, The identity service APIs have inconsistent use of the decimal point, so valid options would be 2.0 or 3. Minimum compute version to get the instance locked status is 2.9. – /software/openstack/openstack_horizon_api_versions/identity

* Optional * Type: long * Range: 1.. – /software/openstack/openstack_horizon_api_versions/image

* Optional * Type: long * Range: 1.. – /software/openstack/openstack_horizon_api_versions/volume

* Optional * Type: long * Range: 1.. • /software/openstack/openstack_horizon_neutron_network – Description: The Horizon “OPENSTACK_NEUTRON_NETWORK” settings can be used to enable optional services provided by neutron. Options currently available are load balancer service, security groups, quotas, VPN service. – /software/openstack/openstack_horizon_neutron_network/enable_router

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_quotas

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_ipv6

* Optional * Type: boolean

468 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_horizon_neutron_network/enable_distributed_router

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_ha_router

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_lb

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_firewall

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_vpn

* Optional * Type: boolean – /software/openstack/openstack_horizon_neutron_network/enable_fip_topology_check

* Optional * Type: boolean • /software/openstack/openstack_horizon_keystone_backend – Description: The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the capabilities of the auth backend for Keystone. If Keystone has been configured to use LDAP as the auth backend then set can_edit_user to False and name to ‘ldap’. TODO(tres): Remove these once Keystone has an API to identify auth backend. – /software/openstack/openstack_horizon_keystone_backend/name

* Optional * Type: string – /software/openstack/openstack_horizon_keystone_backend/can_edit_user

* Optional * Type: boolean – /software/openstack/openstack_horizon_keystone_backend/can_edit_group

* Optional * Type: boolean – /software/openstack/openstack_horizon_keystone_backend/can_edit_project

* Optional * Type: boolean – /software/openstack/openstack_horizon_keystone_backend/can_edit_domain

1.3. configuration-modules-core 469 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/openstack/openstack_horizon_keystone_backend/can_edit_role

* Optional * Type: boolean • /software/openstack/openstack_horizon_hypervisor_features – Description: The Xen Hypervisor has the ability to set the mount point for volumes attached to instances (other Hyper- visors currently do not). Setting can_set_mount_point to True will add the option to set the mount point from the UI. – /software/openstack/openstack_horizon_hypervisor_features/can_set_mount_point

* Optional * Type: boolean – /software/openstack/openstack_horizon_hypervisor_features/can_set_password

* Optional * Type: boolean – /software/openstack/openstack_horizon_hypervisor_features/requires_keypair

* Optional * Type: boolean – /software/openstack/openstack_horizon_hypervisor_features/enable_quotas

* Optional * Type: boolean • /software/openstack/openstack_horizon_cinder_features – Description: The OPENSTACK_CINDER_FEATURES settings can be used to enable optional services provided by cinder that is not exposed by its extension API. – /software/openstack/openstack_horizon_cinder_features/enable_backup

* Optional * Type: boolean • /software/openstack/openstack_horizon_heat_stack – Description: The OPENSTACK_HEAT_STACK settings can be used to disable password field required while launching the stack. – /software/openstack/openstack_horizon_heat_stack/enable_user_pass

* Optional * Type: boolean • /software/openstack/openstack_horizon_image_custom_titles

470 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for image custom property attributes that appear on image detail pages. – /software/openstack/openstack_horizon_image_custom_titles/architecture

* Optional * Type: string – /software/openstack/openstack_horizon_image_custom_titles/kernel_id

* Optional * Type: string – /software/openstack/openstack_horizon_image_custom_titles/ramdisk_id

* Optional * Type: string – /software/openstack/openstack_horizon_image_custom_titles/image_state

* Optional * Type: string – /software/openstack/openstack_horizon_image_custom_titles/project_id

* Optional * Type: string – /software/openstack/openstack_horizon_image_custom_titles/image_type

* Optional * Type: string • /software/openstack/openstack_horizon_logging_handlers – Description: Dashboard handlers logging levels. – /software/openstack/openstack_horizon_logging_handlers/level

* Optional * Type: string – /software/openstack/openstack_horizon_logging_handlers/class

* Optional * Type: string – /software/openstack/openstack_horizon_logging_handlers/formatter

* Optional * Type: string • /software/openstack/openstack_horizon_logging_loggers – Description: Dashboard django loggers debug levels

1.3. configuration-modules-core 471 Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_horizon_logging_loggers/handlers

* Optional * Type: string – /software/openstack/openstack_horizon_logging_loggers/level

* Optional * Type: string – /software/openstack/openstack_horizon_logging_loggers/propagate

* Optional * Type: boolean • /software/openstack/openstack_horizon_logging_formatters – Description: Dashboard django logger formatters – /software/openstack/openstack_horizon_logging_formatters/format

* Description: The format of “%(message)s” is defined by OPERATION_LOG_OPTIONS[‘format’] – Optional – Type: string • /software/openstack/openstack_horizon_logging – Description: Horizon django logging options. Logging from django.db.backends is VERY verbose, send to null by default. – /software/openstack/openstack_horizon_logging/version

* Optional * Type: long * Range: 1.. – /software/openstack/openstack_horizon_logging/disable_existing_loggers

* Description: When set to True this will disable all logging except for loggers specified in this configuration dictionary. Note that if nothing is specified here and dis- able_existing_loggers is True, django.db.backends will still log unless it is disabled explicitly – Optional – Type: boolean – /software/openstack/openstack_horizon_logging/handlers

* Optional * Type: openstack_horizon_logging_handlers – /software/openstack/openstack_horizon_logging/loggers

* Optional * Type: openstack_horizon_logging_loggers

472 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_horizon_logging/formatters

* Optional * Type: openstack_horizon_logging_formatters • /software/openstack/openstack_horizon_allowed_subnet – Description: Dictionary used to restrict user private subnet cidr range. An empty list means that user input will not be restricted for a corresponding IP version. By default, there is no restriction for IPv4 or IPv6. To restrict user private subnet cidr range set ALLOWED_PRIVATE_SUBNET_CIDR to something like: ‘ipv4’: [‘10.0.0.0/8’, ‘192.168.0.0/16’], ‘ipv6’: [‘fc00::/7’], – /software/openstack/openstack_horizon_allowed_subnet/ipv4

* Optional * Type: type_ipv4 – /software/openstack/openstack_horizon_allowed_subnet/ipv6

* Optional * Type: type_ipv6 • /software/openstack/openstack_horizon_security_group – Description: “direction” should not be specified for all_tcp, udp or icmp. – /software/openstack/openstack_horizon_security_group/name

* Optional * Type: string – /software/openstack/openstack_horizon_security_group/ip_protocol

* Optional * Type: string – /software/openstack/openstack_horizon_security_group/from_port

* Optional * Type: long * Range: -1..65535 – /software/openstack/openstack_horizon_security_group/to_port

* Optional * Type: long * Range: -1..65535 • /software/openstack/openstack_horizon_config – Description: list of Horizon service configuration sections – /software/openstack/openstack_horizon_config/debug

* Description: Set Horizon debug mode

1.3. configuration-modules-core 473 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/openstack/openstack_horizon_config/webroot

* Description: WEBROOT is the location relative to Webserver root should end with a slash – Optional – Type: string – /software/openstack/openstack_horizon_config/allowed_hosts

* Description: If horizon is running in production (DEBUG is False), set this with the list of host/domain names that the application can serve. For more information see: https://docs. djangoproject.com/en/dev/ref/settings/#allowed-hosts – Optional – Type: string – /software/openstack/openstack_horizon_config/session_engine

* Description: Horizon uses Djangos sessions framework for handling session data. There are numerous session backends available, which are selected through the “SESSION_ENGINE” setting – Optional – Type: string – /software/openstack/openstack_horizon_config/email_backend

* Description: Send email to the console by default * Optional * Type: string – /software/openstack/openstack_horizon_config/caches

* Description: External caching using an application such as memcached offers persistence and shared storage, and can be very useful for small-scale deployment and/or development – Optional – Type: openstack_horizon_caches – /software/openstack/openstack_horizon_config/openstack_keystone_url

* Optional * Type: type_absoluteURI – /software/openstack/openstack_horizon_config/openstack_keystone_default_role

* Description: Set this to True if running on a multi-domain model. When this is enabled, it will require the user to enter the Domain name in addition to the username for login – Optional – Type: string – /software/openstack/openstack_horizon_config/openstack_keystone_multidomain_support

474 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/openstack/openstack_horizon_config/openstack_keystone_backend

* Optional * Type: openstack_horizon_keystone_backend – /software/openstack/openstack_horizon_config/openstack_api_versions

* Optional * Type: openstack_horizon_api_versions – /software/openstack/openstack_horizon_config/openstack_hypervisor_features

* Optional * Type: openstack_horizon_hypervisor_features – /software/openstack/openstack_horizon_config/openstack_cinder_features

* Optional * Type: openstack_horizon_cinder_features – /software/openstack/openstack_horizon_config/openstack_heat_stack

* Optional * Type: openstack_horizon_heat_stack – /software/openstack/openstack_horizon_config/image_custom_property_titles

* Optional * Type: openstack_horizon_image_custom_titles – /software/openstack/openstack_horizon_config/image_reserved_custom_properties

* Description: The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image custom properties should not be displayed in the Image Custom Properties table – Optional – Type: string – /software/openstack/openstack_horizon_config/api_result_limit

* Description: The number of objects (Swift containers/objects or images) to display on a single page before providing a paging element (a “more” link) to paginate results – Optional – Type: long – Range: 1.. – /software/openstack/openstack_horizon_config/api_result_page_size

* Optional * Type: long * Range: 1..

1.3. configuration-modules-core 475 Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_horizon_config/swift_file_transfer_chunk_size

* Description: The size of chunk in bytes for downloading objects from Swift * Optional * Type: long * Range: 1.. – /software/openstack/openstack_horizon_config/instance_log_length

* Description: The default number of lines displayed for instance console log * Optional * Type: long * Range: 1.. – /software/openstack/openstack_horizon_config/local_path

* Optional * Type: absolute_file_path – /software/openstack/openstack_horizon_config/secret_key

* Description: You can either set it to a specific value or you can let horizon generate a default secret key that is unique on this machine, e.i. regardless of the amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there may be situations where you would want to set this explicitly, e.g. when multiple dashboard instances are distributed on different machines (usually behind a load-balancer). Either you have to make sure that a session gets all requests routed to the same dashboard instance or you set the same SECRET_KEY for all of them – Optional – Type: string – /software/openstack/openstack_horizon_config/openstack_keystone_default_domain

* Description: Overrides the default domain used when running on single-domain model with Keystone V3. All entities will be created in the default domain. NOTE: This value must be the name of the default domain, NOT the ID. Also, you will most likely have a value in the keystone policy file like this “cloud_admin”: “rule:admin_required and domain_id:” This value must be the name of the domain whose ID is specified there – Optional – Type: string – /software/openstack/openstack_horizon_config/openstack_keystone_default_role

* Description: Configure the default role for users that you create via the dashboard * Optional * Type: string – /software/openstack/openstack_horizon_config/openstack_neutron_network

* Optional * Type: openstack_horizon_neutron_network – /software/openstack/openstack_horizon_config/time_zone

476 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: The timezone of the server. This should correspond with the timezone of your entire OpenStack installation, and hopefully be in UTC. Example: “Europe/Brussels” – Optional – Type: string – /software/openstack/openstack_horizon_config/policy_files_path

* Description: Path to directory containing policy.json files * Optional * Type: absolute_file_path – /software/openstack/openstack_horizon_config/logging

* Optional * Type: openstack_horizon_logging – /software/openstack/openstack_horizon_config/rest_api_required_settings

* Description: AngularJS requires some settings to be made available to the client side. Some settings are required by in-tree / built-in horizon features. These settings must be added to REST_API_REQUIRED_SETTINGS in the form of [‘SETTING_1’,’SETTING_2’], etc. You may remove settings from this list for security purposes, but do so at the risk of breaking a built-in horizon feature. These settings are required for horizon to function properly. Only remove them if you know what you are doing. These settings may in the future be moved to be defined within the enabled panel configuration. You should not add settings to this list for out of tree extensions – Optional – Type: string – /software/openstack/openstack_horizon_config/allowed_private_subnet_cidr

* Optional * Type: openstack_horizon_allowed_subnet – /software/openstack/openstack_horizon_config/security_group_files

* Optional * Type: openstack_horizon_security_group

Types

• /software/openstack/openstack_keystone_token – Description: The Keystone “token” configuration section – /software/openstack/openstack_keystone_token/provider

* Description: Entry point for the token provider in the “keystone.token.provider” namespace. The token provider controls the token construction, validation, and revocation operations. Keystone includes “fernet” and “uuid” token providers. “uuid” tokens must be persisted (using the backend specified in the “[token] driver” option), but do not require any extra configuration or setup. “fernet” tokens do not need to be persisted at all, but require that you run “keystone-manage fernet_setup” (also see the “keystone-manage fernet_rotate” command)

1.3. configuration-modules-core 477 Quattor Documentation, Release 0.0.1

– Optional – Type: string – /software/openstack/openstack_keystone_token/driver

* Description: Entry point for the token persistence backend driver in the “keystone.token.persistence” namespace. Keystone provides “kvs” and “sql” drivers. The “kvs” backend depends on the configuration in the “[kvs]” section. The “sql” option (default) depends on the options in your “[database]” section. If you are using the “fernet” “[token] provider”, this backend will not be utilized to persist tokens at all. (string value) – Optional – Type: string • /software/openstack/openstack_keystone_authtoken – Description: The Keystone configuration options in the “authtoken” Section – /software/openstack/openstack_keystone_authtoken/auth_uri

* Description: Complete “public” Identity API endpoint. This endpoint should not be an “admin” endpoint, as it should be accessible by all end users. Unauthenticated clients are redirected to this endpoint to authenticate. Although this endpoint should ideally be unversioned, client support in the wild varies. If you are using a versioned v2 endpoint here, then this should not be the same endpoint the service user utilizes for validating tokens, because normal end users may not be able to reach that endpoint. http(s)://host:port – Optional – Type: type_absoluteURI – /software/openstack/openstack_keystone_authtoken/memcached_servers

* Description: Optionally specify a list of memcached server(s) to use for caching. If left undefined, tokens will instead be cached in-process (“host:port” list) – Optional – Type: type_hostport • /software/openstack/openstack_keystone_paste_deploy – Description: The Keystone configuration options in the “paste_deploy” Section. – /software/openstack/openstack_keystone_paste_deploy/flavor

* Description: Deployment flavor to use in the server application pipeline. Provide a string value representing the appropriate deployment flavor used in the server application piple- line. This is typically the partial name of a pipeline in the paste configuration file with the service name removed. For example, if your paste section name in the paste configuration file is [pipeline:glance-api-keystone], set “flavor” to “keystone” – Optional – Type: string

478 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/openstack/openstack_openrc_config – Description: Type that sets the OpenStack OpenRC script configuration • /software/openstack/openstack_openrc_config/os_username – Optional – Type: string • /software/openstack/openstack_openrc_config/os_password – Optional – Type: string • /software/openstack/openstack_openrc_config/os_project_name – Optional – Type: string • /software/openstack/openstack_openrc_config/os_user_domain_name – Optional – Type: string • /software/openstack/openstack_openrc_config/os_project_domain_name – Optional – Type: string • /software/openstack/openstack_openrc_config/os_region_name – Optional – Type: string • /software/openstack/openstack_openrc_config/os_auth_url – Optional – Type: type_absoluteURI • /software/openstack/openstack_openrc_config/os_identity_api_version – Optional – Type: long – Range: 1.. • /software/openstack/openstack_openrc_config/os_image_api_version – Optional – Type: long – Range: 1.. • /software/openstack/openstack_keystone_config – Description: The Keystone configuration sections – /software/openstack/openstack_keystone_config/DEFAULT

1.3. configuration-modules-core 479 Quattor Documentation, Release 0.0.1

* Optional * Type: openstack_DEFAULTS – /software/openstack/openstack_keystone_config/database

* Optional * Type: openstack_database – /software/openstack/openstack_keystone_config/token

* Optional * Type: openstack_keystone_token

Types

• /software/openstack/openstack_neutron_ml2 – Description: The Neutron configuration options in ml2_conf.ini “ml2” Section. – /software/openstack/openstack_neutron_ml2/type_drivers

* Description: WARNING: After you configure the ML2 plug-in, removing values in the type_drivers option can lead to database inconsistency – Optional – Type: type_neutrondriver – /software/openstack/openstack_neutron_ml2/tenant_network_types

* Description: Ordered list of network_types to allocate as tenant networks. The default value “local” is useful for single-box testing but provides no connectivity between hosts – Optional – Type: type_neutrondriver – /software/openstack/openstack_neutron_ml2/mechanism_drivers

* Description: An ordered list of networking mechanism driver entrypoints to be loaded from the neutron.ml2.mechanism_drivers namespace – Optional – Type: string – /software/openstack/openstack_neutron_ml2/extension_drivers

* Description: An ordered list of extension driver entrypoints to be loaded from the neutron.ml2.extension_drivers namespace – Optional – Type: type_neutronextension • /software/openstack/openstack_neutron_ml2_type_flat – Description: The Neutron configuration options in ml2_conf.ini “ml2_type_flat” Section.

480 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_neutron_ml2_type_flat/flat_networks

* Description: List of physical_network names with which flat networks can be created. Use default “*” to allow flat networks with arbitrary physical_network names. Use an empty list to disable flat networks – Optional – Type: string • /software/openstack/openstack_neutron_ml2_type_vxlan – Description: The Neutron configuration options in ml2_conf.ini “ml2_type_vxlan” Section. – /software/openstack/openstack_neutron_ml2_type_vxlan/vni_ranges

* Description: Configure the VXLAN network identifier range for self-service networks * Optional * Type: string • /software/openstack/openstack_neutron_securitygroup – Description: The Neutron configuration options in ml2_conf.ini “securitygroup” Section. – /software/openstack/openstack_neutron_securitygroup/enable_ipset

* Description: Use ipset to speed-up the iptables based security groups. Enabling ipset support requires that ipset is installed on L2 agent node – Optional – Type: boolean – /software/openstack/openstack_neutron_securitygroup/enable_security_group

* Description: Controls whether the neutron security group API is enabled in the server. It should be false when using no security groups or using the nova security group API – Optional – Type: boolean – /software/openstack/openstack_neutron_securitygroup/firewall_driver

* Description: Driver for security groups * Optional * Type: string • /software/openstack/openstack_neutron_vxlan – Description: The Neutron configuration options in linuxbridge_agent.ini “vxlan” Section. – /software/openstack/openstack_neutron_vxlan/enable_vxlan

* Description: Enable VXLAN on the agent. Can be enabled when agent is managed by ml2 plugin using linuxbridge mechanism driver

1.3. configuration-modules-core 481 Quattor Documentation, Release 0.0.1

– Optional – Type: boolean – /software/openstack/openstack_neutron_vxlan/local_ip

* Description: IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or IPv6 address that resides on one of the host network interfaces. The IP version of this value must match the value of the ‘overlay_ip_version’ option in the ML2 plug-in configuration file on the neutron server node(s) – Optional – Type: type_ip – /software/openstack/openstack_neutron_vxlan/l2_population

* Description: Extension to use alongside ml2 plugins l2population mechanism driver. It enables the plugin to populate VXLAN forwarding table – Optional – Type: boolean • /software/openstack/openstack_neutron_linux_bridge – Description: The Neutron configuration options in linuxbridge_agent.ini “linux_bridge” Section. – /software/openstack/openstack_neutron_linux_bridge/physical_interface_mappings

* Description: Comma-separated list of : tuples mapping physical network names to the agents node-specific physical network interfaces to be used for flat and VLAN networks. All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. https://docs.openstack.org/ocata/install-guide-rdo/ environment-networking.html – Optional – Type: string • /software/openstack/openstack_neutron_common – Description: list of Neutron common configuration sections – /software/openstack/openstack_neutron_common/DEFAULT

* Optional * Type: openstack_DEFAULTS – /software/openstack/openstack_neutron_common/keystone_authtoken

* Optional * Type: openstack_keystone_authtoken – /software/openstack/openstack_neutron_common/oslo_concurrency

* Optional * Type: openstack_oslo_concurrency • /software/openstack/openstack_neutron_ml2_config

482 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/openstack/openstack_neutron_ml2_config/ml2

* Optional * Type: openstack_neutron_ml2 – /software/openstack/openstack_neutron_ml2_config/ml2_type_flat

* Optional * Type: openstack_neutron_ml2_type_flat – /software/openstack/openstack_neutron_ml2_config/ml2_type_vxlan

* Optional * Type: openstack_neutron_ml2_type_vxlan – /software/openstack/openstack_neutron_ml2_config/securitygroup

* Optional * Type: openstack_neutron_securitygroup • /software/openstack/openstack_neutron_linuxbridge_config – /software/openstack/openstack_neutron_linuxbridge_config/linux_bridge

* Optional * Type: openstack_neutron_linux_bridge – /software/openstack/openstack_neutron_linuxbridge_config/vxlan

* Optional * Type: openstack_neutron_vxlan – /software/openstack/openstack_neutron_linuxbridge_config/securitygroup

* Optional * Type: openstack_neutron_securitygroup • /software/openstack/openstack_neutron_l3_config – /software/openstack/openstack_neutron_l3_config/DEFAULT

* Optional * Type: openstack_DEFAULTS • /software/openstack/openstack_neutron_dhcp_config – /software/openstack/openstack_neutron_dhcp_config/DEFAULT

* Optional * Type: openstack_DEFAULTS • /software/openstack/openstack_neutron_metadata_config – /software/openstack/openstack_neutron_metadata_config/DEFAULT

* Optional * Type: openstack_DEFAULTS • /software/openstack/openstack_neutron_service_config – Description:

1.3. configuration-modules-core 483 Quattor Documentation, Release 0.0.1

list of Neutron service configuration sections – /software/openstack/openstack_neutron_service_config/database

* Optional * Type: openstack_database – /software/openstack/openstack_neutron_service_config/nova

* Description: nova section has the same options than “keystone_authtoken” but with the nova user and passwod

* Optional * Type: openstack_domains_common • /software/openstack/openstack_neutron_config – Description: list of Neutron service configuration sections – /software/openstack/openstack_neutron_config/service

* Optional * Type: openstack_neutron_service_config – /software/openstack/openstack_neutron_config/ml2

* Optional * Type: openstack_neutron_ml2_config – /software/openstack/openstack_neutron_config/linuxbridge

* Optional * Type: openstack_neutron_linuxbridge_config – /software/openstack/openstack_neutron_config/l3

* Optional * Type: openstack_neutron_l3_config – /software/openstack/openstack_neutron_config/dhcp

* Optional * Type: openstack_neutron_dhcp_config – /software/openstack/openstack_neutron_config/metadata

* Optional * Type: openstack_neutron_metadata_config

Types

• /software/openstack/openstack_nova_api_database – Description: The Nova configuration options in “api_database” Section. – /software/openstack/openstack_nova_api_database/connection

484 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: The SQLAlchemy connection string to use to connect to the database. Example (mysql): mysql+pymysql://nova:@/nova_api – Optional – Type: string • /software/openstack/openstack_nova_vnc – Description: The Nova configuration options in the “vnc” Section. – /software/openstack/openstack_nova_vnc/vncserver_listen

* Description: The IP address or hostname on which an instance should listen to for incoming VNC connection requests on this node – Optional – Type: type_ip – /software/openstack/openstack_nova_vnc/vncserver_proxyclient_address

* Description: Private, internal IP address or hostname of VNC console proxy. The VNC proxy is an OpenStack component that enables compute service users to access their in- stances through VNC clients. This option sets the private address to which proxy clients, such as “nova- xvpvncproxy”, should connect to. – Optional – Type: type_ip – /software/openstack/openstack_nova_vnc/enabled

* Description: Enable VNC related features. Guests will get created with graphical devices to support this. Clients (for example Horizon) can then establish a VNC connection to the guest – Optional – Type: boolean – /software/openstack/openstack_nova_vnc/novncproxy_base_url

* Description: Public address of noVNC VNC console proxy. The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients. noVNC provides VNC support through a websocket-based client. This option sets the public base URL to which client systems will connect. noVNC clients can use this address to connect to the noVNC instance and, by extension, the VNC sessions – Optional – Type: type_absoluteURI • /software/openstack/openstack_nova_glance – Description: The Nova configuration options in the “glance” Section. – /software/openstack/openstack_nova_glance/api_servers

* Description: List of glance api servers endpoints available to nova.

1.3. configuration-modules-core 485 Quattor Documentation, Release 0.0.1

https is used for ssl-based glance api servers. Possible values: – A list of any fully qualified url of the form “scheme://hostname:port[/path]” (i.e. “http://10.0.1.0:9292” or “https://my.glance.server/image”) - Optional - Type: type_absoluteURI • /software/openstack/openstack_nova_placement – Description: The Nova configuration options in “placement” Section. – /software/openstack/openstack_nova_placement/os_region_name

* Description: Region name of this node. This is used when picking the URL in the service catalog – Optional – Type: string • /software/openstack/openstack_nova_libvirt – Description: The Nova hypervisor configuration options in “libvirt” Section. – /software/openstack/openstack_nova_libvirt/virt_type

* Description: Describes the virtualization type (or so called domain type) libvirt should use. The choice of this type must match the underlying virtualization strategy you have chosen for the host – Optional – Type: string – /software/openstack/openstack_nova_libvirt/images_rbd_pool

* Description: The RADOS pool in which rbd volumes are stored * Optional * Type: string – /software/openstack/openstack_nova_libvirt/images_type

* Description: VM Images format. If default is specified, then use_cow_images flag is used instead of this one. Related options: * virt.use_cow_images * images_volume_group – Optional – Type: string – /software/openstack/openstack_nova_libvirt/rbd_secret_uuid

* Description: The libvirt UUID of the secret for the rbd_user volumes * Optional * Type: type_uuid – /software/openstack/openstack_nova_libvirt/rbd_user

486 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: The RADOS client name for accessing rbd(RADOS Block Devices) volumes. Libvirt will refer to this user when connecting and authenticating with the Ceph RBD server – Optional – Type: string • /software/openstack/openstack_nova_neutron – Description: The Nova hypervisor configuration options in “neutron” Section. – /software/openstack/openstack_nova_neutron/url

* Description: Any valid URL that points to the Neutron API service is appropriate here. This typically matches the URL returned for the ‘network’ service type from the Keystone service catalog – Optional – Type: type_absoluteURI – /software/openstack/openstack_nova_neutron/region_name

* Description: Region name for connecting to Neutron in admin context. This option is used in multi-region setups. If there are two Neutron servers running in two regions in two different machines, then two services need to be created in Keystone with two different regions and associate corresponding endpoints to those services. When requests are made to Keystone, the Keystone service uses the region_name to determine the region the request is coming from – Optional – Type: string – /software/openstack/openstack_nova_neutron/metadata_proxy_shared_secret

* Description: This option holds the shared secret string used to validate proxy requests to Neutron metadata requests. In order to be used, the “X-Metadata-Provider-Signature” header must be supplied in the request – Optional – Type: string – /software/openstack/openstack_nova_neutron/service_metadata_proxy

* Description: When set to True, this option indicates that Neutron will be used to proxy metadata requests and resolve instance ids. Otherwise, the instance ID must be passed to the metadata request in the ‘X-Instance-ID’ header – Optional – Type: boolean • /software/openstack/openstack_nova_scheduler – Description: The Nova configuration options in the “scheduler” Section. – /software/openstack/openstack_nova_scheduler/discover_hosts_in_cells_interval

* Description: This value controls how often (in seconds) the scheduler should attempt

1.3. configuration-modules-core 487 Quattor Documentation, Release 0.0.1

to discover new hosts that have been added to cells. If negative (the default), no automatic discovery will occur. Deployments where compute nodes come and go frequently may want this enabled, where others may prefer to manually discover hosts when one is added to avoid any overhead from constantly checking. If enabled, every time this runs, we will select any unmapped hosts out of each cell database on every run. – Optional – Type: long – Range: -1.. • /software/openstack/openstack_nova_common – Description: list of Nova common configuration sections – /software/openstack/openstack_nova_common/DEFAULT

* Optional * Type: openstack_DEFAULTS – /software/openstack/openstack_nova_common/keystone_authtoken

* Optional * Type: openstack_keystone_authtoken – /software/openstack/openstack_nova_common/vnc

* Optional * Type: openstack_nova_vnc – /software/openstack/openstack_nova_common/glance

* Optional * Type: openstack_nova_glance – /software/openstack/openstack_nova_common/oslo_concurrency

* Optional * Type: openstack_oslo_concurrency – /software/openstack/openstack_nova_common/placement

* Description: placement service is mandatory since Ocata release * Optional * Type: openstack_nova_placement – /software/openstack/openstack_nova_common/neutron

* Optional * Type: openstack_nova_neutron • /software/openstack/openstack_nova_config – Description: list of Nova configuration sections – /software/openstack/openstack_nova_config/database

* Optional

488 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: openstack_database – /software/openstack/openstack_nova_config/api_database

* Optional * Type: openstack_nova_api_database – /software/openstack/openstack_nova_config/libvirt

* Optional * Type: openstack_nova_libvirt – /software/openstack/openstack_nova_config/scheduler

* Optional * Type: openstack_nova_scheduler

Types

• /software/openstack/openstack_identity_config – Description: Type to define OpenStack identity services • /software/openstack/openstack_identity_config/keystone – Optional – Type: openstack_keystone_config • /software/openstack/openstack_storage_config – Description: Type to define OpenStack storage services • /software/openstack/openstack_storage_config/glance – Optional – Type: openstack_glance_config • /software/openstack/openstack_compute_config – Description: Type to define OpenStack compute services • /software/openstack/openstack_compute_config/nova – Optional – Type: openstack_nova_config • /software/openstack/openstack_network_config – Description: Type to define OpenStack network services • /software/openstack/openstack_network_config/neutron – Optional – Type: openstack_neutron_config

1.3. configuration-modules-core 489 Quattor Documentation, Release 0.0.1

• /software/openstack/openstack_dashboard_config – Description: Type to define OpenStack dashboard services • /software/openstack/openstack_dashboard_config/horizon – Optional – Type: openstack_horizon_config • /software/openstack/openstack_messaging_config – Description: Type to define OpenStack messaging services • /software/openstack/openstack_messaging_config/rabbitmq – Optional – Type: openstack_rabbitmq_config • /software/openstack/openstack_hypervisor_config – Description: Hyperviosr configuration. • /software/openstack/openstack_component – Description: Type to define OpenStack services Keystone, Nova, Neutron, etc • /software/openstack/openstack_component/identity – Optional – Type: openstack_identity_config • /software/openstack/openstack_component/compute – Optional – Type: openstack_compute_config • /software/openstack/openstack_component/storage – Optional – Type: openstack_storage_config • /software/openstack/openstack_component/network – Optional – Type: openstack_network_config • /software/openstack/openstack_component/dashboard – Optional – Type: openstack_dashboard_config • /software/openstack/openstack_component/messaging – Optional – Type: openstack_messaging_config

490 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/openstack/openstack_component/openrc – Optional – Type: openstack_openrc_config • /software/openstack/openstack_component/hypervisor – Description: Hypervisor configuration. Host is a hypervisor when this attribute exists – Optional – Type: openstack_hypervisor_config

openvpn

DESCRIPTION

The openvpn component manages the OpenVPN server and the OpenVPN client configuration. OpenVPN is used to make virtual private networks over the internet.

COMPONENT STRUCTURE

This component can be used to configure an OpenVPN and/or OpenVPN client. The server is only configured if its configuration exists under /software/components/openvpn/server, the client parts are configured if the configuration under /software/components/openvpn/clients is defined. It is possible to generate multiple configurations of the client and server type. When setting one of the boolean options to True you’ll activate the option in the configuration.

Types

• /software/openvpn/structure_component_openvpn_all – /software/openvpn/structure_component_openvpn_all/configfile

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/port

* Optional * Type: type_port – /software/openvpn/structure_component_openvpn_all/proto

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/dev

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/ca

* Optional

1.3. configuration-modules-core 491 Quattor Documentation, Release 0.0.1

* Type: string – /software/openvpn/structure_component_openvpn_all/cert

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/key

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/tls-auth

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/verb

* Optional * Type: long * Range: 0..11 – /software/openvpn/structure_component_openvpn_all/cipher

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/cd

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/ifconfig

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/tun-mtu

* Optional * Type: long – /software/openvpn/structure_component_openvpn_all/comp-lzo

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_all/comp-noadapt

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_all/user

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/group

492 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/openvpn/structure_component_openvpn_all/daemon

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_all/nobind

* Optional * Type: boolean • /software/openvpn/structure_component_openvpn_server – /software/openvpn/structure_component_openvpn_server/server

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/server-bridge

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/local

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/tls-server

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/passtos

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/crl-verify

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/dh

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/tls-verify

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/push

* Optional * Type: string

1.3. configuration-modules-core 493 Quattor Documentation, Release 0.0.1

– /software/openvpn/structure_component_openvpn_server/up

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/ifconfig-pool

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/ifconfig-pool-linear

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/ifconfig-pool-persist

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/client-config-dir

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/client-to-client

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/duplicate-cn

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/max-clients

* Optional * Type: long – /software/openvpn/structure_component_openvpn_server/persist-key

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/persist-tun

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/log-append

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/management

* Optional * Type: string

494 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/openvpn/structure_component_openvpn_server/topology

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/tls-remote

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/tcp-queue-limit

* Optional * Type: long – /software/openvpn/structure_component_openvpn_server/ccd-exclusive

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_server/script-security

* Optional * Type: long * Range: 0..3 – /software/openvpn/structure_component_openvpn_server/keepalive

* Optional * Type: long – /software/openvpn/structure_component_openvpn_server/client-connect

* Optional * Type: string – /software/openvpn/structure_component_openvpn_server/client-disconnect

* Optional * Type: string • /software/openvpn/structure_component_openvpn_client – /software/openvpn/structure_component_openvpn_client/client

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_client/remote

* Optional * Type: string – /software/openvpn/structure_component_openvpn_client/tls-exit

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_client/ns-cert-type

1.3. configuration-modules-core 495 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/openvpn/structure_component_openvpn_client/persist-key

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_client/persist-tun

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_client/remote-random

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_client/resolv-retry

* Optional * Type: string – /software/openvpn/structure_component_openvpn_client/tls-client

* Optional * Type: boolean – /software/openvpn/structure_component_openvpn_client/max-routes

* Optional * Type: long * Range: 0.. • /software/openvpn/structure_component_openvpn – /software/openvpn/structure_component_openvpn/server

* Optional * Type: structure_component_openvpn_server – /software/openvpn/structure_component_openvpn/clients

* Optional * Type: structure_component_openvpn_client pam

NAME

NCM::pam - NCM pam configuration component

496 Chapter 1. Content Quattor Documentation, Release 0.0.1

SYNOPSIS

# declare what pam modules are available. "/software/components/pam/modules"= npush("krb5", nlist("path", "/lib/security/$ISA/pam_krb5.so")); "/software/components/pam/modules"= npush("cracklib", nlist("path", "/lib/security/$ISA/pam_cracklib.so"));

# setup a service "/software/components/pam/services"= pam_add( "sshd", "auth", "required", "env"); "/software/components/pam/services"= pam_add_stack( "sshd", "password", "required", "system-auth"); "/software/components/pam/services"= pam_add( "sshd", "session", "required", "limits"); "/software/components/pam/services"= pam_add( "sshd", "session", "required", "unix");

Configure() Returns error in case of failure.

RESOURCES

* /software/components/pam/active : boolean Activates/deactivates the component. * /software/components/pam/modules : nlist Contains the list of supported PAM modules. For each module, the value should be an nlist containing that path for that named module. The name can be anything you want. When describing the PAM configuration for services, the names provided here are the only acceptable names of modules, so it is the responsibility of the operating system templates to define the available modules. * /software/components/pam/services : nlist Contains an nlist of services that are being controlled by this component. Any service controlled will have it’s PAM configuration completely replaced by this module. Stacked or included PAM configurations (i.e. configurations that use pam_stack.so or the include directive) must ensure that the service being stacked is already defined. For each service, the value will be an nlist keyed off the module type (auth, account, session, password). The value for each module type is an ordered list of mappings. Each mapping is an nlist that is keyed off the action (i.e. required, optional, etc). Only a single action is expected in each nlist. The nlist may contain the key “predefined” with a boolean value. If set to true, then this service name is expected to be on the system, but will not be actively managed by this component. For example, the “system-auth” service can be listed with this value, which will allow other services to stack/include that service configuration, without requiring that this component take over management of the “system-auth” component. This functionality is not implemented at this time. PAM config files for services which are not specified within this list will not be touched. * /software/components/pam/acls : nlist Every ACL managed by this component must be given a name and placed into this nlist. The value of the ACL is itself an nlist containing: items

1.3. configuration-modules-core 497 Quattor Documentation, Release 0.0.1

A list of items to place into the acl. file Optionally the filename for the ACL. If this is not provided, then a filename will be generated based on /software/components/pam/acldir, the name of the ACL and the sense in which it is being used. * /software/components/pam/directory : string The directory where the config files will be placed, defaulting to /etc/pam.d. * /software/components/pam/acldir : string The directory where the ACL files will be placed, defaulting to /etc/pam.acls.

FUNCTIONS

The component provides the following functions to assist in creating configurations: pam_add(SERVICE, TYPE, CONTROL, MODULE, OPTIONS?) This function should be applied to /software/components/pam/services. A mapping is ap- pended to the appropriate point in the configuration tree. SERVICE refers to the service name being configured (e.g. “sshd”). TYPE refers to the module type (e.g. “auth”). CONTROL refers to the action that is taken when the PAM system encounters this mapping (e.g. “required”). MODULE is the name of a module listed within /software/components/pam/modules. OPTIONS is an optional argument; if supplied it should be an nlist containing additional information for the PAM module. pam_add_stack(SERVICE, TYPE, CONTROL, STACKEDSERVICE) This function is applied to /software/components/pam/services. A mapping is appended to the appropriate point in the configuration tree. SERVICE refers to the service being configured (e.g. “sshd”). TYPE refers to the module type (e.g. “auth”). CONTROL refers to the ac- tion that is taken when the PAM system encounters this mapping (e.g. “required”). STACKEDSERVICE is the name of the service that should be stacked (e.g. “system-auth”). pam_add_listfile_acl(SERVICE, TYPE, CONTROL, SENSE, ITEMTYPE, ITEMS, ONERR?) This function should be applied to /software/components/pam/services. pam_add_access_file(KEY, FILENAME, ALLOWPOS, ALLOWNEG) This function should be applied to /software/components/pam/access. See pam_access(8) for more details. Example:

"/software/components/pam/access"= pam_add_access_file("access", "/etc/security/access.conf", true, false);

pam_add_access_lastacl(KEY, PERMISSION, USERS, ORIGINS) This function should be applied to /software/components/pam/accessand sets the value of the last ACL in the access file. Typically this is used to ensure last entry in the ACL is: "-:ALL:ALL". pam_add_access_acl(KEY, PERMISSION, USERS, ORIGINS) This function is used to implement the pam_add_access_netgroup and pam_add_access_user functions. pam_add_access_netgroup(KEY, NETGROUP) This function should be applied to /software/components/pam/access. It adds a netgroup the access file using the correct syntax. Example:

498 Chapter 1. Content Quattor Documentation, Release 0.0.1

"/software/components/pam/access"= pam_add_access_netgroup( "access", "mygroup"); pam_add_access_user(KEY, USER) This function should be applied to /software/components/pam/access. It adds a user to the access file.

FILES MODIFIED

The component pam modifies files within the /etc/pam.d directory and the /etc/pam.acls directory.

EXAMPLES

"/software/components/pam/active"= true;

Functions

• pam_add – Description: add a line to pam configuration • Arguments: – service – pamtype – control – module – options, can be hash or list • pam_add_stack • pam_add_listfile_acl • pam_add_access_file • pam_add_access_lastacl • pam_add_access_acl • pam_add_access_netgroup • pam_add_access_group – Description: helper function to add (unix) group to pam/access/ • Arguments: – key under components/pam/access to modify – group, unix group to add to • pam_add_access_user

1.3. configuration-modules-core 499 Quattor Documentation, Release 0.0.1

Types

• /software/pam/component_pam_options • /software/pam/component_listfile_acl – /software/pam/component_listfile_acl/filename

* Optional * Type: string – /software/pam/component_listfile_acl/items

* Optional * Type: string • /software/pam/component_pam_module_stack – /software/pam/component_pam_module_stack/control

* Optional * Type: string – /software/pam/component_pam_module_stack/module

* Optional * Type: string – /software/pam/component_pam_module_stack/options

* Optional * Type: component_pam_options – /software/pam/component_pam_module_stack/options_list

* Optional * Type: string – /software/pam/component_pam_module_stack/allow

* Optional * Type: component_listfile_acl – /software/pam/component_pam_module_stack/deny

* Optional * Type: component_listfile_acl • /software/pam/component_pam_service_type – /software/pam/component_pam_service_type/auth

* Optional * Type: component_pam_module_stack – /software/pam/component_pam_service_type/account

* Optional * Type: component_pam_module_stack – /software/pam/component_pam_service_type/password

500 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: component_pam_module_stack – /software/pam/component_pam_service_type/session

* Optional * Type: component_pam_module_stack – /software/pam/component_pam_service_type/mode

* Optional * Type: string • /software/pam/component_pam_module – /software/pam/component_pam_module/path

* Optional * Type: string • /software/pam/component_pam_access_entry – /software/pam/component_pam_access_entry/permission

* Optional * Type: string – /software/pam/component_pam_access_entry/users

* Optional * Type: string – /software/pam/component_pam_access_entry/origins

* Optional * Type: string • /software/pam/component_pam_access – /software/pam/component_pam_access/filename

* Optional * Type: string – /software/pam/component_pam_access/acl

* Optional * Type: component_pam_access_entry – /software/pam/component_pam_access/lastacl

* Optional * Type: component_pam_access_entry – /software/pam/component_pam_access/allowpos

* Optional * Type: boolean – /software/pam/component_pam_access/allowneg

1.3. configuration-modules-core 501 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean • /software/pam/component_pam_entry – /software/pam/component_pam_entry/modules

* Optional * Type: component_pam_module – /software/pam/component_pam_entry/services

* Optional * Type: component_pam_service_type – /software/pam/component_pam_entry/directory

* Optional * Type: string – /software/pam/component_pam_entry/acldir

* Optional * Type: string – /software/pam/component_pam_entry/access

* Optional * Type: component_pam_access path

DESCRIPTION ncm-path handles interaction with files, directories, links, . . . using CAF::Path.

Types

• /software/path/path_component pnp4nagios

DESCRIPTION

This component configures the nagios/icinga addon, pnp4nagios.

FILES

This component touches the following files: /etc/pnp4nagios/npcd.cfg /etc/pnp4nagios/config.php

502 Chapter 1. Content Quattor Documentation, Release 0.0.1

/etc/pnp4nagios/nagios.cfg /etc/pnp4nagios/process_perfdata.cfg

STRUCTURE

These are the top-level fields provided by the component. For information on any of these fields’ structure, please look at the pnp4nagios documentation. * /software/components/pnp4nagios/npcd Named list of npcd configuration options. * /software/components/pnp4nagios/php Named list of php configuration options. * /software/components/pnp4nagios/nagios Named list of nagios configuration options. * /software/components/pnp4nagios/perfata Named list of perfdata configuration options.

Types

• /software/pnp4nagios/pnp4nagios_php_view_type – /software/pnp4nagios/pnp4nagios_php_view_type/title

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_view_type/start

* Optional * Type: long • /software/pnp4nagios/pnp4nagios_npcd_log_type • /software/pnp4nagios/pnp4nagios_php_paper_size • /software/pnp4nagios/pnp4nagios_php_ui_theme • /software/pnp4nagios/pnp4nagios_php_lang • /software/pnp4nagios/pnp4nagios_perfdata_RRD_storage_type • /software/pnp4nagios/pnp4nagios_npcd_config – /software/pnp4nagios/pnp4nagios_npcd_config/user

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/group

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/log_type

1.3. configuration-modules-core 503 Quattor Documentation, Release 0.0.1

* Optional * Type: pnp4nagios_npcd_log_type – /software/pnp4nagios/pnp4nagios_npcd_config/log_file

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/max_logfile_size

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_npcd_config/log_level

* Optional * Type: long * Range: 0..2 – /software/pnp4nagios/pnp4nagios_npcd_config/perfdata_spool_dir

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/perfdata_file_run_cmd

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/perfdata_file_run_cmd_args

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/identify_npcd

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_npcd_config/npcd_max_threads

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_npcd_config/sleep_time

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_npcd_config/load_threshold

* Optional * Type: double – /software/pnp4nagios/pnp4nagios_npcd_config/pid_file

* Optional * Type: string

504 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/pnp4nagios/pnp4nagios_npcd_config/perfdata_file

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/perfdata_spool_filename

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_npcd_config/perfdata_file_processing_interval

* Optional * Type: long • /software/pnp4nagios/pnp4nagios_php_config – /software/pnp4nagios/pnp4nagios_php_config/use_url_rewriting

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_php_config/rrdtool

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/graph_width

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/graph_height

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/zgraph_width

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/zgraph_height

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/right_zoom_offset

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/pdf_width

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/pdf_height

* Optional

1.3. configuration-modules-core 505 Quattor Documentation, Release 0.0.1

* Type: long – /software/pnp4nagios/pnp4nagios_php_config/pdf_page_size

* Optional * Type: pnp4nagios_php_paper_size – /software/pnp4nagios/pnp4nagios_php_config/pdf_margin_top

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/pdf_margin_left

* Optional * Type: double – /software/pnp4nagios/pnp4nagios_php_config/pdf_margin_right

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/graph_opt

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/pdf_graph_opt

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/rrdbase

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/page_dir

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/refresh

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/max_age

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/temp

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/nagios_base

* Optional

506 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/pnp4nagios/pnp4nagios_php_config/multisite_base_url

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/multisite_site

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/auth_enabled

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_php_config/livestatus_socket

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/allowed_for_all_services

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/allowed_for_all_hosts

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/allowed_for_service_links

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/allowed_for_host_search

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/allowed_for_host_overview

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/allowed_for_pages

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/overview-range

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_php_config/popup-width

* Optional

1.3. configuration-modules-core 507 Quattor Documentation, Release 0.0.1

* Type: string – /software/pnp4nagios/pnp4nagios_php_config/ui-theme

* Optional * Type: pnp4nagios_php_ui_theme – /software/pnp4nagios/pnp4nagios_php_config/lang

* Optional * Type: pnp4nagios_php_lang – /software/pnp4nagios/pnp4nagios_php_config/date_fmt

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/enable_recursive_template_search

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_php_config/show_xml_icon

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_php_config/use_fpdf

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_php_config/background_pdf

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/use_calendar

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_php_config/views

* Optional * Type: pnp4nagios_php_view_type – /software/pnp4nagios/pnp4nagios_php_config/rrd_daemon_opts

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/template_dirs

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_php_config/special_template_dir

* Optional

508 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/pnp4nagios/pnp4nagios_php_config/mobile_devices

* Optional * Type: string • /software/pnp4nagios/pnp4nagios_nagios_config – /software/pnp4nagios/pnp4nagios_nagios_config/process_performance_data

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_nagios_config/service_perfdata_command

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/process_performance_data

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_nagios_config/service_perfdata_file

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/service_perfdata_file_template

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/service_perfdata_file_mode

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/service_perfdata_file_processing_interval

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_nagios_config/service_perfdata_file_processing_command

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/host_perfdata_file

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/host_perfdata_file_template

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/host_perfdata_file_mode

1.3. configuration-modules-core 509 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/host_perfdata_file_processing_interval

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_nagios_config/host_perfdata_file_processing_command

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_nagios_config/process_performance_data

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_nagios_config/broker_module

* Optional * Type: string • /software/pnp4nagios/pnp4nagios_perfdata_config – /software/pnp4nagios/pnp4nagios_perfdata_config/timeout

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_perfdata_config/use_rrds

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_perfdata_config/rrdpath

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/rrdtool

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/cfg_dir

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/rrd_storage_type

* Optional * Type: pnp4nagios_perfdata_RRD_storage_type – /software/pnp4nagios/pnp4nagios_perfdata_config/rrd_heartbeat

* Optional * Type: long

510 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/pnp4nagios/pnp4nagios_perfdata_config/rra_cfg

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/rra_step

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_perfdata_config/log_file

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/log_level

* Optional * Type: long * Range: 0..2 – /software/pnp4nagios/pnp4nagios_perfdata_config/xml_enc

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/xml_update_delay

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_perfdata_config/rrd_daemon_opts

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/stats_dir

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/prefork

* Optional * Type: boolean – /software/pnp4nagios/pnp4nagios_perfdata_config/gearman_host

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/requests_per_child

* Optional * Type: long – /software/pnp4nagios/pnp4nagios_perfdata_config/encryption

* Optional

1.3. configuration-modules-core 511 Quattor Documentation, Release 0.0.1

* Type: boolean – /software/pnp4nagios/pnp4nagios_perfdata_config/key

* Optional * Type: string – /software/pnp4nagios/pnp4nagios_perfdata_config/key_file

* Optional * Type: string • /software/pnp4nagios/structure_component_pnp4nagios – /software/pnp4nagios/structure_component_pnp4nagios/npcd

* Optional * Type: pnp4nagios_npcd_config – /software/pnp4nagios/structure_component_pnp4nagios/php

* Optional * Type: pnp4nagios_php_config – /software/pnp4nagios/structure_component_pnp4nagios/perfdata

* Optional * Type: pnp4nagios_perfdata_config – /software/pnp4nagios/structure_component_pnp4nagios/nagios

* Optional * Type: pnp4nagios_nagios_config postfix

NAME ncm-postfix: Postfix server configuration

RESOURCES

/software/components/postfix

The configuration information for the component. This structure contains three fields: main An nlist with all the possible configuration values for /etc/postfix/main.cf. master A list with all entries for /etc/postfix/master.cf. For each line, we have to provide: name : string Name of the entry (first field in the line). type : string

512 Chapter 1. Content Quattor Documentation, Release 0.0.1

Type of service/socket for this entry. private : boolean Defaults to true. unprivileged : boolean Defaults to true chroot : boolean Defaults to true maxproc : long Maximum number of processes that may be instantiated following this line Defaults to 100. wakeup : long command databases An optional structure describing additional Postfix databases (lookup tables in Postfix terminology). See http://www.postfix.org/DATABASE_README.html for more information. Each subtree is associated with a class of lookup tables. Each class of lookup tables is an nlist, in which the keys are the file names (relative to /etc/postfix) that configure the access to such a database. Currently, only LDAP lookups can be described, see http://www.postfix.org/LDAP_README.html

EXAMPLES

Minimal configuration

An empty nlist is valid for main.cf:

"/software/components/postfix/main"= nlist();

Storing aliases in LDAP

Declaring an alias database stored in an LDAP server can be achieved as follows:

"/software/components/postfix/main/alias_maps"= append( nlist( "type", "ldap", "name", "/etc/postfix/ldap-aliases.cf"));

And we can instruct Postfix to access this database: prefix "/software/components/postfix/databases/ldap/ldap-aliases.cf";

"server_host"= "foo.bar.com"; "search_base"= "OU=foo,CN=bar"; "query_filter"= "(an-ldap-filter)"; "result_format"= "%s";

1.3. configuration-modules-core 513 Quattor Documentation, Release 0.0.1

Types

• /software/postfix/postfix_lookup_type_string – Description: Types of lookup tables (databases) Postfix is capable to handle. • /software/postfix/postfix_lookup – Description: Definition of a lookup in Postfix – /software/postfix/postfix_lookup/type

* Description: The type of the database for this lookup * Optional * Type: postfix_lookup_type_string – /software/postfix/postfix_lookup/name

* Description: The name of the lookup (DB connection, file name. . . ) * Optional * Type: string • /software/postfix/postfix_ldap_database – Description: Description of a Postfix LDAP database. See http://www.postfix.org/ldap_table.5.html – /software/postfix/postfix_ldap_database/server_host

* Optional * Type: type_fqdn – /software/postfix/postfix_ldap_database/server_host_protocol

* Optional * Type: string – /software/postfix/postfix_ldap_database/server_port

* Optional * Type: type_port – /software/postfix/postfix_ldap_database/timeout

* Optional * Type: long – /software/postfix/postfix_ldap_database/search_base

* Optional * Type: string – /software/postfix/postfix_ldap_database/query_filter

* Optional * Type: string

514 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postfix/postfix_ldap_database/result_format

* Optional * Type: string – /software/postfix/postfix_ldap_database/domain

* Optional * Type: type_fqdn – /software/postfix/postfix_ldap_database/result_attribute

* Optional * Type: string – /software/postfix/postfix_ldap_database/special_result_attribute

* Optional * Type: string – /software/postfix/postfix_ldap_database/terminal_result_attribute

* Optional * Type: string – /software/postfix/postfix_ldap_database/leaf_result_attribute

* Optional * Type: string – /software/postfix/postfix_ldap_database/scope

* Optional * Type: string – /software/postfix/postfix_ldap_database/bind

* Optional * Type: boolean – /software/postfix/postfix_ldap_database/bind_dn

* Optional * Type: string – /software/postfix/postfix_ldap_database/bind_pw

* Optional * Type: string – /software/postfix/postfix_ldap_database/recursion_limit

* Optional * Type: long – /software/postfix/postfix_ldap_database/expansion_limit

* Optional * Type: long

1.3. configuration-modules-core 515 Quattor Documentation, Release 0.0.1

– /software/postfix/postfix_ldap_database/size_limit

* Optional * Type: long – /software/postfix/postfix_ldap_database/dereference

* Optional * Type: long * Range: 0..3 – /software/postfix/postfix_ldap_database/chase_referrals

* Optional * Type: long – /software/postfix/postfix_ldap_database/version

* Optional * Type: long – /software/postfix/postfix_ldap_database/debuglevel

* Optional * Type: long – /software/postfix/postfix_ldap_database/start_tls

* Optional * Type: boolean – /software/postfix/postfix_ldap_database/tls_ca_cert_dir

* Optional * Type: string – /software/postfix/postfix_ldap_database/tls_ca_cert_file

* Optional * Type: string – /software/postfix/postfix_ldap_database/tls_cert

* Optional * Type: string – /software/postfix/postfix_ldap_database/tls_key

* Optional * Type: string – /software/postfix/postfix_ldap_database/tls_require_cert

* Optional * Type: boolean – /software/postfix/postfix_ldap_database/tls_random_file

* Optional

516 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/postfix/postfix_ldap_database/tls_cipher_suite

* Optional * Type: string • /software/postfix/postfix_main – Description: All fields available in main.cf. Nothing is mandatory here, since it all has default values. Time limits are expressed in SECONDS. Multiply by the appropriate constant above to simplify your code. – /software/postfix/postfix_main/_2bounce_notice_recipient

* Optional * Type: string – /software/postfix/postfix_main/access_map_reject_code

* Optional * Type: long – /software/postfix/postfix_main/address_verify_default_transport

* Optional * Type: string – /software/postfix/postfix_main/address_verify_local_transport

* Optional * Type: string – /software/postfix/postfix_main/address_verify_map

* Optional * Type: string – /software/postfix/postfix_main/address_verify_negative_cache

* Optional * Type: boolean – /software/postfix/postfix_main/address_verify_negative_expire_time

* Optional * Type: long – /software/postfix/postfix_main/address_verify_negative_refresh_time

* Optional * Type: long – /software/postfix/postfix_main/address_verify_poll_count

* Optional * Type: long – /software/postfix/postfix_main/address_verify_poll_delay

1.3. configuration-modules-core 517 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/address_verify_positive_expire_time

* Optional * Type: long – /software/postfix/postfix_main/address_verify_positive_refresh_time

* Optional * Type: long – /software/postfix/postfix_main/address_verify_relay_transport

* Optional * Type: string – /software/postfix/postfix_main/address_verify_relayhost

* Optional * Type: string – /software/postfix/postfix_main/address_verify_sender

* Optional * Type: string – /software/postfix/postfix_main/address_verify_sender_dependent_relayhost_maps

* Optional * Type: string – /software/postfix/postfix_main/address_verify_service_name

* Optional * Type: string – /software/postfix/postfix_main/address_verify_transport_maps

* Optional * Type: string – /software/postfix/postfix_main/address_verify_virtual_transport

* Optional * Type: string – /software/postfix/postfix_main/alias_database

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/alias_maps

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/allow_mail_to_commands

518 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/allow_mail_to_files

* Optional * Type: string – /software/postfix/postfix_main/allow_min_user

* Optional * Type: boolean – /software/postfix/postfix_main/allow_percent_hack

* Optional * Type: boolean – /software/postfix/postfix_main/allow_untrusted_routing

* Optional * Type: boolean – /software/postfix/postfix_main/alternate_config_directories

* Optional * Type: string – /software/postfix/postfix_main/always_bcc

* Optional * Type: string – /software/postfix/postfix_main/anvil_rate_time_unit

* Optional * Type: long – /software/postfix/postfix_main/anvil_status_update_time

* Optional * Type: long – /software/postfix/postfix_main/append_at_myorigin

* Optional * Type: boolean – /software/postfix/postfix_main/append_dot_mydomain

* Optional * Type: boolean – /software/postfix/postfix_main/application_event_drain_time

* Optional * Type: long – /software/postfix/postfix_main/authorized_flush_users

1.3. configuration-modules-core 519 Quattor Documentation, Release 0.0.1

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/authorized_mailq_users

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/authorized_submit_users

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/backwards_bounce_logfile_compatibility

* Optional * Type: boolean – /software/postfix/postfix_main/berkeley_db_create_buffer_size

* Optional * Type: long – /software/postfix/postfix_main/berkeley_db_read_buffer_size

* Optional * Type: long – /software/postfix/postfix_main/best_mx_transport

* Optional * Type: string – /software/postfix/postfix_main/biff

* Optional * Type: boolean – /software/postfix/postfix_main/body_checks

* Optional * Type: string – /software/postfix/postfix_main/body_checks_size_limit

* Optional * Type: long – /software/postfix/postfix_main/bounce_notice_recipient

* Optional * Type: string – /software/postfix/postfix_main/bounce_queue_lifetime

* Optional * Type: long – /software/postfix/postfix_main/bounce_service_name

520 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/bounce_size_limit

* Optional * Type: long – /software/postfix/postfix_main/bounce_template_file

* Optional * Type: string – /software/postfix/postfix_main/broken_sasl_auth_clients

* Optional * Type: boolean – /software/postfix/postfix_main/canonical_classes

* Optional * Type: string – /software/postfix/postfix_main/canonical_maps

* Optional * Type: string – /software/postfix/postfix_main/cleanup_service_name

* Optional * Type: string – /software/postfix/postfix_main/command_directory

* Optional * Type: string – /software/postfix/postfix_main/command_execution_directory

* Optional * Type: string – /software/postfix/postfix_main/command_expansion_filter

* Optional * Type: string – /software/postfix/postfix_main/command_time_limit

* Optional * Type: long – /software/postfix/postfix_main/config_directory

* Optional * Type: string – /software/postfix/postfix_main/connection_cache_protocol_timeout

1.3. configuration-modules-core 521 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/connection_cache_service_name

* Optional * Type: string – /software/postfix/postfix_main/connection_cache_status_update_time

* Optional * Type: long – /software/postfix/postfix_main/connection_cache_ttl_limit

* Optional * Type: long – /software/postfix/postfix_main/content_filter

* Optional * Type: string – /software/postfix/postfix_main/daemon_directory

* Optional * Type: string – /software/postfix/postfix_main/daemon_timeout

* Optional * Type: long – /software/postfix/postfix_main/debug_peer_level

* Optional * Type: long – /software/postfix/postfix_main/debug_peer_list

* Optional * Type: string – /software/postfix/postfix_main/default_database_type

* Optional * Type: string – /software/postfix/postfix_main/default_delivery_slot_cost

* Optional * Type: long – /software/postfix/postfix_main/default_delivery_slot_discount

* Optional * Type: long – /software/postfix/postfix_main/default_delivery_slot_loan

522 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/default_destination_concurrency_limit

* Optional * Type: long – /software/postfix/postfix_main/default_destination_recipient_limit

* Optional * Type: long – /software/postfix/postfix_main/default_extra_recipient_limit

* Optional * Type: long – /software/postfix/postfix_main/default_minimum_delivery_slots

* Optional * Type: long – /software/postfix/postfix_main/default_privs

* Optional * Type: string – /software/postfix/postfix_main/default_process_limit

* Optional * Type: long – /software/postfix/postfix_main/default_rbl_reply

* Optional * Type: string – /software/postfix/postfix_main/default_recipient_limit

* Optional * Type: long – /software/postfix/postfix_main/default_transport

* Optional * Type: string – /software/postfix/postfix_main/default_verp_delimiters

* Optional * Type: string – /software/postfix/postfix_main/defer_code

* Optional * Type: long – /software/postfix/postfix_main/defer_service_name

1.3. configuration-modules-core 523 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/defer_transports

* Optional * Type: string – /software/postfix/postfix_main/delay_logging_resolution_limit

* Optional * Type: long – /software/postfix/postfix_main/delay_notice_recipient

* Optional * Type: string – /software/postfix/postfix_main/delay_warning_time

* Optional * Type: long – /software/postfix/postfix_main/deliver_lock_attempts

* Optional * Type: long – /software/postfix/postfix_main/deliver_lock_delay

* Optional * Type: long – /software/postfix/postfix_main/disable_dns_lookups

* Optional * Type: boolean – /software/postfix/postfix_main/disable_mime_input_processing

* Optional * Type: boolean – /software/postfix/postfix_main/disable_mime_output_conversion

* Optional * Type: boolean – /software/postfix/postfix_main/disable_verp_bounces

* Optional * Type: boolean – /software/postfix/postfix_main/disable_vrfy_command

* Optional * Type: boolean – /software/postfix/postfix_main/dont_remove

524 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/double_bounce_sender

* Optional * Type: string – /software/postfix/postfix_main/duplicate_filter_limit

* Optional * Type: long – /software/postfix/postfix_main/empty_address_recipient

* Optional * Type: string – /software/postfix/postfix_main/enable_original_recipient

* Optional * Type: boolean – /software/postfix/postfix_main/error_notice_recipient

* Optional * Type: string – /software/postfix/postfix_main/error_service_name

* Optional * Type: string – /software/postfix/postfix_main/execution_directory_expansion_filter

* Optional * Type: string – /software/postfix/postfix_main/expand_owner_alias

* Optional * Type: boolean – /software/postfix/postfix_main/export_environment

* Optional * Type: string – /software/postfix/postfix_main/fallback_transport

* Optional * Type: string – /software/postfix/postfix_main/fallback_transport_maps

* Optional * Type: string – /software/postfix/postfix_main/fast_flush_domains

1.3. configuration-modules-core 525 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/fast_flush_purge_time

* Optional * Type: long – /software/postfix/postfix_main/fast_flush_refresh_time

* Optional * Type: long – /software/postfix/postfix_main/fault_injection_code

* Optional * Type: long – /software/postfix/postfix_main/flush_service_name

* Optional * Type: string – /software/postfix/postfix_main/fork_attempts

* Optional * Type: long – /software/postfix/postfix_main/fork_delay

* Optional * Type: long – /software/postfix/postfix_main/forward_expansion_filter

* Optional * Type: string – /software/postfix/postfix_main/forward_path

* Optional * Type: string – /software/postfix/postfix_main/frozen_delivered_to

* Optional * Type: boolean – /software/postfix/postfix_main/hash_queue_depth

* Optional * Type: long – /software/postfix/postfix_main/hash_queue_names

* Optional * Type: string – /software/postfix/postfix_main/header_address_token_limit

526 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/header_checks

* Optional * Type: string – /software/postfix/postfix_main/header_size_limit

* Optional * Type: long – /software/postfix/postfix_main/helpful_warnings

* Optional * Type: boolean – /software/postfix/postfix_main/home_mailbox

* Optional * Type: string – /software/postfix/postfix_main/hopcount_limit

* Optional * Type: long – /software/postfix/postfix_main/html_directory

* Optional * Type: boolean – /software/postfix/postfix_main/ignore_mx_lookup_error

* Optional * Type: boolean – /software/postfix/postfix_main/import_environment

* Optional * Type: string – /software/postfix/postfix_main/in_flow_delay

* Optional * Type: long – /software/postfix/postfix_main/inet_interfaces

* Optional * Type: string – /software/postfix/postfix_main/inet_protocols

* Optional * Type: string – /software/postfix/postfix_main/initial_destination_concurrency

1.3. configuration-modules-core 527 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/internal_mail_filter_classes

* Optional * Type: string – /software/postfix/postfix_main/invalid_hostname_reject_code

* Optional * Type: long – /software/postfix/postfix_main/ipc_idle

* Optional * Type: long – /software/postfix/postfix_main/ipc_timeout

* Optional * Type: long – /software/postfix/postfix_main/ipc_ttl

* Optional * Type: long – /software/postfix/postfix_main/line_length_limit

* Optional * Type: long – /software/postfix/postfix_main/lmtp_bind_address

* Optional * Type: string – /software/postfix/postfix_main/lmtp_bind_address6

* Optional * Type: string – /software/postfix/postfix_main/lmtp_cname_overrides_servername

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_connect_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_connection_cache_destinations

* Optional * Type: string – /software/postfix/postfix_main/lmtp_connection_cache_on_demand

528 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_connection_cache_time_limit

* Optional * Type: long – /software/postfix/postfix_main/lmtp_connection_reuse_time_limit

* Optional * Type: long – /software/postfix/postfix_main/lmtp_data_done_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_data_init_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_data_xfer_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_defer_if_no_mx_address_found

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_destination_concurrency_limit

* Optional * Type: string – /software/postfix/postfix_main/lmtp_destination_recipient_limit

* Optional * Type: string – /software/postfix/postfix_main/lmtp_discard_lhlo_keyword_address_maps

* Optional * Type: string – /software/postfix/postfix_main/lmtp_discard_lhlo_keywords

* Optional * Type: string – /software/postfix/postfix_main/lmtp_enforce_tls

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_generic_maps

1.3. configuration-modules-core 529 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/lmtp_host_lookup

* Optional * Type: string – /software/postfix/postfix_main/lmtp_lhlo_name

* Optional * Type: string – /software/postfix/postfix_main/lmtp_lhlo_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_line_length_limit

* Optional * Type: long – /software/postfix/postfix_main/lmtp_mail_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_mx_address_limit

* Optional * Type: long – /software/postfix/postfix_main/lmtp_mx_session_limit

* Optional * Type: long – /software/postfix/postfix_main/lmtp_pix_workaround_delay_time

* Optional * Type: long – /software/postfix/postfix_main/lmtp_pix_workaround_threshold_time

* Optional * Type: long – /software/postfix/postfix_main/lmtp_quit_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_quote_rfc821_envelope

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_randomize_addresses

530 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_rcpt_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_rset_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_sasl_auth_enable

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_sasl_mechanism_filter

* Optional * Type: string – /software/postfix/postfix_main/lmtp_sasl_password_maps

* Optional * Type: string – /software/postfix/postfix_main/lmtp_sasl_path

* Optional * Type: string – /software/postfix/postfix_main/lmtp_sasl_security_options

* Optional * Type: string – /software/postfix/postfix_main/lmtp_sasl_tls_security_options

* Optional * Type: string – /software/postfix/postfix_main/lmtp_sasl_tls_verified_security_options

* Optional * Type: string – /software/postfix/postfix_main/lmtp_sasl_type

* Optional * Type: string – /software/postfix/postfix_main/lmtp_send_xforward_command

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_sender_dependent_authentication

1.3. configuration-modules-core 531 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_skip_5xx_greeting

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_starttls_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_tcp_port

* Optional * Type: long – /software/postfix/postfix_main/lmtp_tls_CAfile

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_CApath

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_cert_file

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_dcert_file

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_dkey_file

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_enforce_peername

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_tls_exclude_ciphers

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_key_file

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_loglevel

532 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/lmtp_tls_mandatory_ciphers

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_mandatory_exclude_ciphers

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_mandatory_protocols

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_note_starttls_offer

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_tls_per_site

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_policy_maps

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_scert_verifydepth

* Optional * Type: long – /software/postfix/postfix_main/lmtp_tls_secure_cert_match

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_security_level

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_session_cache_database

* Optional * Type: string – /software/postfix/postfix_main/lmtp_tls_session_cache_timeout

* Optional * Type: long – /software/postfix/postfix_main/lmtp_tls_verify_cert_match

1.3. configuration-modules-core 533 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/lmtp_use_tls

* Optional * Type: boolean – /software/postfix/postfix_main/lmtp_xforward_timeout

* Optional * Type: long – /software/postfix/postfix_main/local_command_shell

* Optional * Type: string – /software/postfix/postfix_main/local_destination_concurrency_limit

* Optional * Type: long – /software/postfix/postfix_main/local_destination_recipient_limit

* Optional * Type: long – /software/postfix/postfix_main/local_header_rewrite_clients

* Optional * Type: string – /software/postfix/postfix_main/local_recipient_maps

* Optional * Type: string – /software/postfix/postfix_main/local_transport

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/luser_relay

* Optional * Type: string – /software/postfix/postfix_main/mail_name

* Optional * Type: string – /software/postfix/postfix_main/mail_owner

* Optional * Type: string – /software/postfix/postfix_main/mail_release_date

534 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/mail_spool_directory

* Optional * Type: string – /software/postfix/postfix_main/mail_version

* Optional * Type: string – /software/postfix/postfix_main/mailbox_command

* Optional * Type: string – /software/postfix/postfix_main/mailbox_command_maps

* Optional * Type: string – /software/postfix/postfix_main/mailbox_delivery_lock

* Optional * Type: string – /software/postfix/postfix_main/mailbox_size_limit

* Optional * Type: long – /software/postfix/postfix_main/mailbox_transport

* Optional * Type: string – /software/postfix/postfix_main/mailbox_transport_maps

* Optional * Type: string – /software/postfix/postfix_main/mailq_path

* Optional * Type: string – /software/postfix/postfix_main/manpage_directory

* Optional * Type: string – /software/postfix/postfix_main/maps_rbl_domains

* Optional * Type: string – /software/postfix/postfix_main/maps_rbl_reject_code

1.3. configuration-modules-core 535 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/masquerade_classes

* Optional * Type: string – /software/postfix/postfix_main/masquerade_domains

* Optional * Type: string – /software/postfix/postfix_main/masquerade_exceptions

* Optional * Type: string – /software/postfix/postfix_main/max_idle

* Optional * Type: long – /software/postfix/postfix_main/max_use

* Optional * Type: long – /software/postfix/postfix_main/maximal_backoff_time

* Optional * Type: long – /software/postfix/postfix_main/maximal_queue_lifetime

* Optional * Type: long – /software/postfix/postfix_main/message_reject_characters

* Optional * Type: string – /software/postfix/postfix_main/message_size_limit

* Optional * Type: long – /software/postfix/postfix_main/message_strip_characters

* Optional * Type: string – /software/postfix/postfix_main/milter_command_timeout

* Optional * Type: long – /software/postfix/postfix_main/milter_connect_macros

536 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/milter_connect_timeout

* Optional * Type: long – /software/postfix/postfix_main/milter_content_timeout

* Optional * Type: long – /software/postfix/postfix_main/milter_data_macros

* Optional * Type: string – /software/postfix/postfix_main/milter_default_action

* Optional * Type: string – /software/postfix/postfix_main/milter_end_of_data_macros

* Optional * Type: string – /software/postfix/postfix_main/milter_helo_macros

* Optional * Type: string – /software/postfix/postfix_main/milter_macro_daemon_name

* Optional * Type: string – /software/postfix/postfix_main/milter_macro_v

* Optional * Type: string – /software/postfix/postfix_main/milter_mail_macros

* Optional * Type: string – /software/postfix/postfix_main/milter_protocol

* Optional * Type: long – /software/postfix/postfix_main/milter_rcpt_macros

* Optional * Type: string – /software/postfix/postfix_main/milter_unknown_command_macros

1.3. configuration-modules-core 537 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/mime_boundary_length_limit

* Optional * Type: long – /software/postfix/postfix_main/mime_header_checks

* Optional * Type: string – /software/postfix/postfix_main/mime_nesting_limit

* Optional * Type: long – /software/postfix/postfix_main/minimal_backoff_time

* Optional * Type: long – /software/postfix/postfix_main/multi_recipient_bounce_reject_code

* Optional * Type: long – /software/postfix/postfix_main/mydestination

* Optional * Type: string – /software/postfix/postfix_main/mydomain

* Optional * Type: string – /software/postfix/postfix_main/myhostname

* Optional * Type: string – /software/postfix/postfix_main/mynetworks

* Optional * Type: string – /software/postfix/postfix_main/mynetworks_style

* Optional * Type: string – /software/postfix/postfix_main/myorigin

* Optional * Type: string – /software/postfix/postfix_main/nested_header_checks

538 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/newaliases_path

* Optional * Type: string – /software/postfix/postfix_main/non_fqdn_reject_code

* Optional * Type: long – /software/postfix/postfix_main/non_smtpd_milters

* Optional * Type: string – /software/postfix/postfix_main/notify_classes

* Optional * Type: string – /software/postfix/postfix_main/owner_request_special

* Optional * Type: boolean – /software/postfix/postfix_main/parent_domain_matches_subdomains

* Optional * Type: string – /software/postfix/postfix_main/permit_mx_backup_networks

* Optional * Type: string – /software/postfix/postfix_main/pickup_service_name

* Optional * Type: string – /software/postfix/postfix_main/plaintext_reject_code

* Optional * Type: long – /software/postfix/postfix_main/prepend_delivered_header

* Optional * Type: string – /software/postfix/postfix_main/process_id_directory

* Optional * Type: string – /software/postfix/postfix_main/propagate_unmatched_extensions

1.3. configuration-modules-core 539 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/proxy_interfaces

* Optional * Type: string – /software/postfix/postfix_main/proxy_read_maps

* Optional * Type: string – /software/postfix/postfix_main/qmgr_clog_warn_time

* Optional * Type: long – /software/postfix/postfix_main/qmgr_fudge_factor

* Optional * Type: long – /software/postfix/postfix_main/qmgr_message_active_limit

* Optional * Type: long – /software/postfix/postfix_main/qmgr_message_recipient_limit

* Optional * Type: long – /software/postfix/postfix_main/qmgr_message_recipient_minimum

* Optional * Type: long – /software/postfix/postfix_main/qmqpd_authorized_clients

* Optional * Type: string – /software/postfix/postfix_main/qmqpd_error_delay

* Optional * Type: long – /software/postfix/postfix_main/qmqpd_timeout

* Optional * Type: long – /software/postfix/postfix_main/queue_directory

* Optional * Type: string – /software/postfix/postfix_main/queue_file_attribute_count_limit

540 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/queue_minfree

* Optional * Type: long – /software/postfix/postfix_main/queue_run_delay

* Optional * Type: long – /software/postfix/postfix_main/queue_service_name

* Optional * Type: string – /software/postfix/postfix_main/rbl_reply_maps

* Optional * Type: string – /software/postfix/postfix_main/readme_directory

* Optional * Type: boolean – /software/postfix/postfix_main/receive_override_options

* Optional * Type: string – /software/postfix/postfix_main/recipient_bcc_maps

* Optional * Type: string – /software/postfix/postfix_main/recipient_canonical_classes

* Optional * Type: string – /software/postfix/postfix_main/recipient_canonical_maps

* Optional * Type: string – /software/postfix/postfix_main/recipient_delimiter

* Optional * Type: string – /software/postfix/postfix_main/reject_code

* Optional * Type: long – /software/postfix/postfix_main/relay_clientcerts

1.3. configuration-modules-core 541 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/relay_destination_concurrency_limit

* Optional * Type: string – /software/postfix/postfix_main/relay_destination_recipient_limit

* Optional * Type: string – /software/postfix/postfix_main/relay_domains

* Optional * Type: string – /software/postfix/postfix_main/relay_domains_reject_code

* Optional * Type: long – /software/postfix/postfix_main/relay_recipient_maps

* Optional * Type: string – /software/postfix/postfix_main/relay_transport

* Optional * Type: string – /software/postfix/postfix_main/relayhost

* Optional * Type: string – /software/postfix/postfix_main/relocated_maps

* Optional * Type: string – /software/postfix/postfix_main/remote_header_rewrite_domain

* Optional * Type: string – /software/postfix/postfix_main/require_home_directory

* Optional * Type: boolean – /software/postfix/postfix_main/resolve_dequoted_address

* Optional * Type: boolean – /software/postfix/postfix_main/resolve_null_domain

542 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/resolve_numeric_domain

* Optional * Type: boolean – /software/postfix/postfix_main/rewrite_service_name

* Optional * Type: string – /software/postfix/postfix_main/sample_directory

* Optional * Type: string – /software/postfix/postfix_main/sender_bcc_maps

* Optional * Type: string – /software/postfix/postfix_main/sender_canonical_classes

* Optional * Type: string – /software/postfix/postfix_main/sender_canonical_maps

* Optional * Type: string – /software/postfix/postfix_main/sender_dependent_relayhost_maps

* Optional * Type: string – /software/postfix/postfix_main/sendmail_path

* Optional * Type: string – /software/postfix/postfix_main/service_throttle_time

* Optional * Type: long – /software/postfix/postfix_main/setgid_group

* Optional * Type: string – /software/postfix/postfix_main/show_user_unknown_table_name

* Optional * Type: boolean – /software/postfix/postfix_main/showq_service_name

1.3. configuration-modules-core 543 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/smtp_always_send_ehlo

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_bind_address

* Optional * Type: string – /software/postfix/postfix_main/smtp_bind_address6

* Optional * Type: string – /software/postfix/postfix_main/smtp_cname_overrides_servername

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_connect_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_connection_cache_destinations

* Optional * Type: string – /software/postfix/postfix_main/smtp_connection_cache_on_demand

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_connection_cache_time_limit

* Optional * Type: long – /software/postfix/postfix_main/smtp_connection_reuse_time_limit

* Optional * Type: long – /software/postfix/postfix_main/smtp_data_done_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_data_init_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_data_xfer_timeout

544 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/smtp_defer_if_no_mx_address_found

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_destination_concurrency_limit

* Optional * Type: string – /software/postfix/postfix_main/smtp_destination_recipient_limit

* Optional * Type: string – /software/postfix/postfix_main/smtp_discard_ehlo_keyword_address_maps

* Optional * Type: string – /software/postfix/postfix_main/smtp_discard_ehlo_keywords

* Optional * Type: string – /software/postfix/postfix_main/smtp_enforce_tls

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_fallback_relay

* Optional * Type: string – /software/postfix/postfix_main/smtp_generic_maps

* Optional * Type: string – /software/postfix/postfix_main/smtp_helo_name

* Optional * Type: string – /software/postfix/postfix_main/smtp_helo_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_host_lookup

* Optional * Type: string – /software/postfix/postfix_main/smtp_line_length_limit

1.3. configuration-modules-core 545 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/smtp_mail_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_mx_address_limit

* Optional * Type: long – /software/postfix/postfix_main/smtp_mx_session_limit

* Optional * Type: long – /software/postfix/postfix_main/smtp_never_send_ehlo

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_pix_workaround_delay_time

* Optional * Type: long – /software/postfix/postfix_main/smtp_pix_workaround_threshold_time

* Optional * Type: long – /software/postfix/postfix_main/smtp_quit_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_quote_rfc821_envelope

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_randomize_addresses

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_rcpt_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_rset_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_sasl_auth_enable

546 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_sasl_mechanism_filter

* Optional * Type: string – /software/postfix/postfix_main/smtp_sasl_password_maps

* Optional * Type: string – /software/postfix/postfix_main/smtp_sasl_path

* Optional * Type: string – /software/postfix/postfix_main/smtp_sasl_security_options

* Optional * Type: string – /software/postfix/postfix_main/smtp_sasl_tls_security_options

* Optional * Type: string – /software/postfix/postfix_main/smtp_sasl_tls_verified_security_options

* Optional * Type: string – /software/postfix/postfix_main/smtp_sasl_type

* Optional * Type: string – /software/postfix/postfix_main/smtp_send_xforward_command

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_sender_dependent_authentication

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_skip_5xx_greeting

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_skip_quit_response

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_starttls_timeout

1.3. configuration-modules-core 547 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/smtp_tls_CAfile

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_CApath

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_cert_file

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_dcert_file

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_dkey_file

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_enforce_peername

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_tls_exclude_ciphers

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_key_file

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_loglevel

* Optional * Type: long – /software/postfix/postfix_main/smtp_tls_mandatory_ciphers

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_mandatory_exclude_ciphers

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_mandatory_protocols

548 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_note_starttls_offer

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_tls_per_site

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_policy_maps

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_scert_verifydepth

* Optional * Type: long – /software/postfix/postfix_main/smtp_tls_secure_cert_match

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_security_level

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_session_cache_database

* Optional * Type: string – /software/postfix/postfix_main/smtp_tls_session_cache_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtp_tls_verify_cert_match

* Optional * Type: string – /software/postfix/postfix_main/smtp_use_tls

* Optional * Type: boolean – /software/postfix/postfix_main/smtp_xforward_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtpd_authorized_verp_clients

1.3. configuration-modules-core 549 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/smtpd_authorized_xclient_hosts

* Optional * Type: string – /software/postfix/postfix_main/smtpd_authorized_xforward_hosts

* Optional * Type: string – /software/postfix/postfix_main/smtpd_banner

* Optional * Type: string – /software/postfix/postfix_main/smtpd_client_connection_count_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_client_connection_rate_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_client_event_limit_exceptions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_client_message_rate_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_client_new_tls_session_rate_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_client_recipient_rate_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_client_restrictions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_data_restrictions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_delay_open_until_valid_rcpt

550 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_delay_reject

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_discard_ehlo_keyword_address_maps

* Optional * Type: string – /software/postfix/postfix_main/smtpd_discard_ehlo_keywords

* Optional * Type: string – /software/postfix/postfix_main/smtpd_end_of_data_restrictions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_enforce_tls

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_error_sleep_time

* Optional * Type: long – /software/postfix/postfix_main/smtpd_etrn_restrictions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_expansion_filter

* Optional * Type: string – /software/postfix/postfix_main/smtpd_forbidden_commands

* Optional * Type: string – /software/postfix/postfix_main/smtpd_hard_error_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_helo_required

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_helo_restrictions

1.3. configuration-modules-core 551 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/smtpd_history_flush_threshold

* Optional * Type: long – /software/postfix/postfix_main/smtpd_junk_command_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_milters

* Optional * Type: string – /software/postfix/postfix_main/smtpd_noop_commands

* Optional * Type: string – /software/postfix/postfix_main/smtpd_null_access_lookup_key

* Optional * Type: string – /software/postfix/postfix_main/smtpd_peername_lookup

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_policy_service_max_idle

* Optional * Type: long – /software/postfix/postfix_main/smtpd_policy_service_max_ttl

* Optional * Type: long – /software/postfix/postfix_main/smtpd_policy_service_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtpd_proxy_ehlo

* Optional * Type: string – /software/postfix/postfix_main/smtpd_proxy_filter

* Optional * Type: string – /software/postfix/postfix_main/smtpd_proxy_timeout

552 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/smtpd_recipient_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_recipient_overshoot_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_recipient_restrictions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_reject_udicted_recipient

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_reject_udicted_sender

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_restriction_classes

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sasl_auth_enable

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_sasl_authenticated_header

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_sasl_exceptions_networks

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sasl_local_domain

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sasl_path

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sasl_security_options

1.3. configuration-modules-core 553 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sasl_tls_security_options

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sasl_type

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sender_login_maps

* Optional * Type: string – /software/postfix/postfix_main/smtpd_sender_restrictions

* Optional * Type: string – /software/postfix/postfix_main/smtpd_soft_error_limit

* Optional * Type: long – /software/postfix/postfix_main/smtpd_starttls_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtpd_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtpd_tls_CAfile

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_CApath

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_always_issue_session_ids

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_tls_ask_ccert

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_tls_auth_only

554 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_tls_ccert_verifydepth

* Optional * Type: long – /software/postfix/postfix_main/smtpd_tls_cert_file

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_dcert_file

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_dh1024_param_file

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_dh512_param_file

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_dkey_file

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_exclude_ciphers

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_key_file

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_loglevel

* Optional * Type: long – /software/postfix/postfix_main/smtpd_tls_mandatory_ciphers

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_mandatory_exclude_ciphers

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_mandatory_protocols

1.3. configuration-modules-core 555 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_received_header

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_tls_req_ccert

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_tls_security_level

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_session_cache_database

* Optional * Type: string – /software/postfix/postfix_main/smtpd_tls_session_cache_timeout

* Optional * Type: long – /software/postfix/postfix_main/smtpd_tls_wrappermode

* Optional * Type: boolean – /software/postfix/postfix_main/smtpd_use_tls

* Optional * Type: boolean – /software/postfix/postfix_main/soft_bounce

* Optional * Type: boolean – /software/postfix/postfix_main/stale_lock_time

* Optional * Type: long – /software/postfix/postfix_main/strict_7bit_headers

* Optional * Type: boolean – /software/postfix/postfix_main/strict_8bitmime

* Optional * Type: boolean – /software/postfix/postfix_main/strict_8bitmime_body

556 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/postfix/postfix_main/strict_mime_encoding_domain

* Optional * Type: boolean – /software/postfix/postfix_main/strict_rfc821_envelopes

* Optional * Type: boolean – /software/postfix/postfix_main/sun_mailtool_compatibility

* Optional * Type: boolean – /software/postfix/postfix_main/swap_bangpath

* Optional * Type: boolean – /software/postfix/postfix_main/syslog_facility

* Optional * Type: string – /software/postfix/postfix_main/syslog_name

* Optional * Type: string – /software/postfix/postfix_main/tls_daemon_random_bytes

* Optional * Type: long – /software/postfix/postfix_main/tls_export_cipherlist

* Optional * Type: string – /software/postfix/postfix_main/tls_high_cipherlist

* Optional * Type: string – /software/postfix/postfix_main/tls_low_cipherlist

* Optional * Type: string – /software/postfix/postfix_main/tls_medium_cipherlist

* Optional * Type: string – /software/postfix/postfix_main/tls_null_cipherlist

1.3. configuration-modules-core 557 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postfix/postfix_main/tls_random_bytes

* Optional * Type: long – /software/postfix/postfix_main/tls_random_exchange_name

* Optional * Type: string – /software/postfix/postfix_main/tls_random_prng_update_period

* Optional * Type: long – /software/postfix/postfix_main/tls_random_reseed_period

* Optional * Type: long – /software/postfix/postfix_main/tls_random_source

* Optional * Type: postfix_lookup – /software/postfix/postfix_main/trace_service_name

* Optional * Type: string – /software/postfix/postfix_main/transport_maps

* Optional * Type: string – /software/postfix/postfix_main/transport_retry_time

* Optional * Type: long – /software/postfix/postfix_main/trigger_timeout

* Optional * Type: long – /software/postfix/postfix_main/undisclosed_recipients_header

* Optional * Type: string – /software/postfix/postfix_main/unknown_address_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unknown_client_reject_code

558 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/unknown_hostname_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unknown_local_recipient_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unknown_relay_recipient_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unknown_virtual_alias_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unknown_virtual_mailbox_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unverified_recipient_reject_code

* Optional * Type: long – /software/postfix/postfix_main/unverified_sender_reject_code

* Optional * Type: long – /software/postfix/postfix_main/verp_delimiter_filter

* Optional * Type: string – /software/postfix/postfix_main/virtual_alias_domains

* Optional * Type: string – /software/postfix/postfix_main/virtual_alias_expansion_limit

* Optional * Type: long – /software/postfix/postfix_main/virtual_alias_maps

* Optional * Type: string – /software/postfix/postfix_main/virtual_alias_recursion_limit

1.3. configuration-modules-core 559 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/postfix/postfix_main/virtual_destination_concurrency_limit

* Optional * Type: string – /software/postfix/postfix_main/virtual_destination_recipient_limit

* Optional * Type: string – /software/postfix/postfix_main/virtual_gid_maps

* Optional * Type: string – /software/postfix/postfix_main/virtual_mailbox_base

* Optional * Type: string – /software/postfix/postfix_main/virtual_mailbox_domains

* Optional * Type: string – /software/postfix/postfix_main/virtual_mailbox_limit

* Optional * Type: long – /software/postfix/postfix_main/virtual_mailbox_lock

* Optional * Type: string – /software/postfix/postfix_main/virtual_mailbox_maps

* Optional * Type: string – /software/postfix/postfix_main/virtual_minimum_uid

* Optional * Type: long – /software/postfix/postfix_main/virtual_transport

* Optional * Type: string – /software/postfix/postfix_main/virtual_uid_maps

* Optional * Type: string • /software/postfix/postfix_databases

560 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Description: Define multiple Postfix databases – /software/postfix/postfix_databases/ldap

* Description: LDAP databases, indexed by file name (relative to /etc/postfix) * Optional * Type: postfix_ldap_database • /software/postfix/postfix_master – Description: Entries in the master.cf file. See the master man page for more details. – /software/postfix/postfix_master/type

* Optional * Type: string – /software/postfix/postfix_master/private

* Optional * Type: boolean – /software/postfix/postfix_master/unprivileged

* Optional * Type: boolean – /software/postfix/postfix_master/chroot

* Optional * Type: boolean – /software/postfix/postfix_master/wakeup

* Optional * Type: long – /software/postfix/postfix_master/maxproc

* Optional * Type: long – /software/postfix/postfix_master/command

* Optional * Type: string – /software/postfix/postfix_master/name

* Optional * Type: string • /software/postfix/postfix_component – /software/postfix/postfix_component/main

* Description: Contents of the main.cf file

1.3. configuration-modules-core 561 Quattor Documentation, Release 0.0.1

* Optional * Type: postfix_main – /software/postfix/postfix_component/master

* Description: Contents of the master.cf file * Optional * Type: postfix_master – /software/postfix/postfix_component/databases

* Description: Definition of Postfix databases * Optional * Type: postfix_databases

postgresql

NAME

postgresql : NCM component to manage PostgreSQL configuration.

DESCRIPTION

This component allows to manage configuration of PostgreSQL. It’s very basic in functionality (originally developed for dcache usage).

DESCRIPTION

The component to configure postgresql databases

public methods

create_postgresql_config Create main or hba config via textrender. Returns undef on failure, changed state otherwise. The data hash is either %MAIN_CONFIG or %HBA_CONFIG; or the pg_alter hashref (see pg_alter method). fetch Get $path from $config, if it does not exists, return $default. If $default is not defined, use empty string as default. If $path is a relative path, it is assumed relative from $self-prefix>. get_version Return version instance v$major.$minor.$remainder version information (from postmaster –ver- sion) Return undef in case of problem. initdb

562 Chapter 1. Content Quattor Documentation, Release 0.0.1

Initialise the database. End result is a stopped initialised database. Returns undef on failure. prepare_service Perform installation sanity check, and generates the pgsql sysconfig entry. Returns undef on failure, the changed state of the pgsql sysconfig file otherwise whoami Return a hashref with configuration related data to indentify the service to use service Service instance to use version Return value from version method pg A hashref with postgresql basic configuration data, required to start the database. dir The database base directory data The database ‘data’ subdirectory port The database port log The database startup log engine Location of service binaries suffix Version related suffix (or empty string if none is required). E.g. ‘-9.2’, part of e.g. default servicename, pg_engine, . . . exesuffix Version related suffix for certain executables, like ‘92’ in ‘postgresql92-setup’. defaultname The default service name servicename The actual servicename service The NCM::Component::Postgresql::Service instance commands The NCM::Component::Postgresql::Commands instance

1.3. configuration-modules-core 563 Quattor Documentation, Release 0.0.1

Return hashref or undef on failure. No errors are logged sanity_check Run some additional sanity checks, return undef on failure. recovery_configuration Handle recovery file creation Returns undef on failure, changed recovery state otherwise. start_postgres Try to start postgres service, the cautious way. Return undef on failure, SUCCESS otherwise. pg_alter Process roles and databases. Returns undef on failure. The main purpose is to initialise postgresql. roles $roles_tree is the roles configuration hashref (via config-getTree(prefix/roles)>). Roles and only added and modified, never removed. Return undef on failure. databases $dbs_tree is the databases configuration hashref (via config-getTree(prefix/databases)>). Databases are only created, never modified or removed. Return undef on failure. Operation order is create database initialise with installfile create lang apply langfile (if lang defined) Configure component Configure method

Types

• /software/postgresql/postgresql_hba_database • /software/postgresql/postgresql_hba_user • /software/postgresql/postgresql_hba – /software/postgresql/postgresql_hba/host

* Optional * Type: string – /software/postgresql/postgresql_hba/database

564 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: postgresql_hba_database – /software/postgresql/postgresql_hba/user

* Optional * Type: postgresql_hba_user – /software/postgresql/postgresql_hba/address

* Optional * Type: string – /software/postgresql/postgresql_hba/method

* Optional * Type: string – /software/postgresql/postgresql_hba/options

* Optional * Type: string • /software/postgresql/postgresql_mainconfig – Description: postgresql main configuration boolean -> yes / no int -> int string -> ‘string’ (use double single quotes for a single quote in the string) – /software/postgresql/postgresql_mainconfig/archive_command

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/archive_mode

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/archive_timeout

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/array_nulls

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/authentication_timeout

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/autovacuum

* Optional * Type: boolean

1.3. configuration-modules-core 565 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/autovacuum_analyze_scale_factor

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/autovacuum_analyze_threshold

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/autovacuum_freeze_max_age

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/autovacuum_max_workers

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/autovacuum_naptime

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/autovacuum_vacuum_cost_delay

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/autovacuum_vacuum_cost_limit

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/autovacuum_vacuum_scale_factor

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/autovacuum_vacuum_threshold

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/backslash_quote

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/bgwriter_delay

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/bgwriter_lru_maxpages

* Optional * Type: long

566 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/bgwriter_lru_multiplier

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/bonjour

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/bonjour_name

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/bytea_output

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/check_function_bodies

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/checkpoint_completion_target

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/checkpoint_segments

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/checkpoint_timeout

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/checkpoint_warning

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/client_encoding

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/client_min_messages

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/commit_delay

* Optional * Type: long

1.3. configuration-modules-core 567 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/commit_siblings

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/constraint_exclusion

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/cpu_index_tuple_cost

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/cpu_operator_cost

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/cpu_tuple_cost

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/cursor_tuple_fraction

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/custom_variable_classes

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/data_directory

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/datestyle

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/db_user_namespace

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/deadlock_timeout

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/debug_pretty_print

* Optional * Type: boolean

568 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/debug_print_parse

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/debug_print_plan

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/debug_print_rewritten

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/default_statistics_target

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/default_tablespace

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/default_text_search_config

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/default_transaction_deferrable

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/default_transaction_isolation

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/default_transaction_read_only

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/default_with_oids

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/dynamic_library_path

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/effective_cache_size

* Optional * Type: string

1.3. configuration-modules-core 569 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/effective_io_concurrency

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/enable_bitmapscan

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_hashagg

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_hashjoin

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_indexscan

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_material

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_mergejoin

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_nestloop

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_seqscan

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_sort

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/enable_tidscan

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/escape_string_warning

* Optional * Type: boolean

570 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/exit_on_error

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/external_pid_file

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/extra_float_digits

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/from_collapse_limit

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/fsync

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/full_page_writes

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/geqo

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/geqo_effort

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/geqo_generations

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/geqo_pool_size

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/geqo_seed

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/geqo_selection_bias

* Optional * Type: string

1.3. configuration-modules-core 571 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/geqo_threshold

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/hba_file

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/hot_standby

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/hot_standby_feedback

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/ident_file

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/intervalstyle

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/join_collapse_limit

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/krb_caseins_users

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/krb_server_keyfile

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/krb_srvname

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/lc_messages

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/lc_monetary

* Optional * Type: string

572 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/lc_numeric

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/lc_time

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/listen_addresses

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/lo_compat_privileges

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/local_preload_libraries

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_autovacuum_min_duration

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/log_checkpoints

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_connections

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_destination

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_directory

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_disconnections

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_duration

* Optional * Type: boolean

1.3. configuration-modules-core 573 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/log_error_verbosity

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_executor_stats

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_file_mode

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/log_filename

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_hostname

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_line_prefix

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_lock_waits

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_min_duration_statement

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/log_min_error_statement

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_min_messages

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_parser_stats

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_planner_stats

* Optional * Type: boolean

574 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/log_rotation_age

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_rotation_size

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/log_statement

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_statement_stats

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/log_temp_files

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/log_timezone

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/log_truncate_on_rotation

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/logging_collector

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/maintenance_work_mem

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/max_connections

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/max_files_per_process

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/max_locks_per_transaction

* Optional * Type: long

1.3. configuration-modules-core 575 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/max_pred_locks_per_transaction

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/max_prepared_transactions

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/max_stack_depth

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/max_standby_archive_delay

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/max_standby_streaming_delay

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/max_wal_senders

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/password_encryption

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/port

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/quote_all_identifiers

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/random_page_cost

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/replication_timeout

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/restart_after_crash

* Optional * Type: boolean

576 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/search_path

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/seq_page_cost

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/session_replication_role

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/shared_buffers

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/shared_preload_libraries

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/silent_mode

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/sql_inheritance

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/ssl

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/ssl_ciphers

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/ssl_renegotiation_limit

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/standard_conforming_strings

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/statement_timeout

* Optional * Type: long

1.3. configuration-modules-core 577 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/stats_temp_directory

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/superuser_reserved_connections

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/synchronize_seqscans

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/synchronous_commit

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/synchronous_standby_names

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/syslog_facility

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/syslog_ident

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/tcp_keepalives_count

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/tcp_keepalives_idle

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/tcp_keepalives_interval

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/temp_buffers

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/temp_tablespaces

* Optional * Type: string

578 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/timezone

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/timezone_abbreviations

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/track_activities

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/track_activity_query_size

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/track_counts

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/track_functions

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/transform_null_equals

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/unix_socket_directory

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/unix_socket_group

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/unix_socket_permissions

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/update_process_title

* Optional * Type: boolean – /software/postgresql/postgresql_mainconfig/vacuum_cost_delay

* Optional * Type: string

1.3. configuration-modules-core 579 Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/vacuum_cost_limit

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/vacuum_cost_page_dirty

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/vacuum_cost_page_hit

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/vacuum_cost_page_miss

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/vacuum_defer_cleanup_age

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/vacuum_freeze_min_age

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/vacuum_freeze_table_age

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/wal_buffers

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/wal_keep_segments

* Optional * Type: long – /software/postgresql/postgresql_mainconfig/wal_level

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/wal_receiver_status_interval

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/wal_sender_delay

* Optional * Type: string

580 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_mainconfig/wal_sync_method

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/wal_writer_delay

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/work_mem

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/xmlbinary

* Optional * Type: string – /software/postgresql/postgresql_mainconfig/xmloption

* Optional * Type: string • /software/postgresql/postgresql_db – /software/postgresql/postgresql_db/installfile

* Description: this file is used to initialise the database (using the pgsql -f option) * Optional * Type: string – /software/postgresql/postgresql_db/lang

* Description: sets the pg language for the db (using createlang), this runs after installfile. * Optional * Type: string – /software/postgresql/postgresql_db/langfile

* Description: this file is used to add procedures in certain lang (using pgsql -f option), this runs after successful lang is added

* Optional * Type: string – /software/postgresql/postgresql_db/sql_user

* Description: apply the installfile with this user (if not defined, the owner is used) * Optional * Type: string – /software/postgresql/postgresql_db/user

* Description: database owner * Optional

1.3. configuration-modules-core 581 Quattor Documentation, Release 0.0.1

* Type: string • /software/postgresql/postgresql_recovery_config – /software/postgresql/postgresql_recovery_config/recovery_target_timeline

* Description: recovering into a particular timeline, e.g. ‘latest’ in case of standby server * Optional * Type: string – /software/postgresql/postgresql_recovery_config/standby_mode

* Description: start server as standby * Optional * Type: boolean – /software/postgresql/postgresql_recovery_config/primary_conninfo

* Description: connection info to connect from standby to master * Optional * Type: string – /software/postgresql/postgresql_recovery_config/trigger_file

* Description: file presence ends recovery * Optional * Type: absolute_file_path • /software/postgresql/postgresql_recovery – /software/postgresql/postgresql_recovery/config

* Description: recovery configuration * Optional * Type: postgresql_recovery_config – /software/postgresql/postgresql_recovery/suffix

* Description: suffix for the recovery configuration file * Optional * Type: string – /software/postgresql/postgresql_recovery/done

* Description: when recovery.done if present, do not create the recovery configuration (if you use the default suffix, always creating the recovery.conf might be dangerous)

* Optional * Type: boolean • /software/postgresql/postgresql_config – /software/postgresql/postgresql_config/hba

* Optional * Type: postgresql_hba

582 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/postgresql/postgresql_config/main

* Optional * Type: postgresql_mainconfig – /software/postgresql/postgresql_config/debug_print

* Optional * Type: long • /software/postgresql/postgresql_role_sql – Description: The raw ALTER ROLE sql (cannot contain a ‘;’; use ENCRYPTED PASSWORD instead) • /software/postgresql/postgresql_initdb – /software/postgresql/postgresql_initdb/data-checksums

* Description: enable datachecksumming (requires v9.3.0) * Optional * Type: boolean • /software/postgresql/postgresql_component – /software/postgresql/postgresql_component/commands

* Optional * Type: string – /software/postgresql/postgresql_component/config

* Optional * Type: postgresql_config – /software/postgresql/postgresql_component/databases

* Description: Databases are only added/created, never updated, modified or removed. * Optional * Type: postgresql_db – /software/postgresql/postgresql_component/pg_dir

* Description: Name of the base directory of the postgres install. This directory will be used for the installation (eg. create the PG_VERSION in subdirectory data).

* Optional * Type: string – /software/postgresql/postgresql_component/pg_engine

* Optional * Type: string – /software/postgresql/postgresql_component/pg_hba

* Description: Legacy: full text of the pg_hba.conf file

1.3. configuration-modules-core 583 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/postgresql/postgresql_component/pg_port

* Description: Legacy: port used by postgres * Optional * Type: string – /software/postgresql/postgresql_component/pg_script_name

* Description: Name of the service to start postgresql. This should allow you to start multiple postgres instances on the same machine.

* Optional * Type: string – /software/postgresql/postgresql_component/pg_version

* Optional * Type: string – /software/postgresql/postgresql_component/postgresql_conf

* Description: Legacy: full text of the postgresql.conf file * Optional * Type: string – /software/postgresql/postgresql_component/roles

* Description: role name with ROLE ALTER SQL command. Roles are only added and updated, never removed.

* Optional * Type: postgresql_role_sql – /software/postgresql/postgresql_component/recovery

* Description: recovery config and behaviour * Optional * Type: postgresql_recovery – /software/postgresql/postgresql_component/initdb

* Description: initdb options * Optional * Type: postgresql_initdb

Functions

• postgresql_is_hba_db • postgresql_is_hba_address

584 Chapter 1. Content Quattor Documentation, Release 0.0.1 profile

NAME profile: Create profile scripts defining environment variables and paths.

DESCRIPTION

The profile component creates two scripts (sh and csh flavors, respectively .sh and .csh extension) in the given config- uration directory. This directory by default is /etc/profile.d. These scripts contain environment variables and path definitions. Note that the only guarantee with respect to order is that all the environment variables will be defined before the paths.

RESOURCES configDir (/etc/profile.d) The directory which contains the generated files. This directory will be created if necessary. configName (env) The base name of the default profile.d file to create. This gives some flexibility on the order in which the profile script will be executed. (Normally executed in alphabetical order.) The full filename will have ".[c]sh" appended to it. env A hash containing the environment variables to define in the default script. The environment variable name is the key and the value is a string. path A structure defining (optionally) paths to define in default script. It may contain prepend, append, and value elements. Each element is a list of strings. The prepended values will be prepended and the appended values appended to the current value of the path. If the value is specified, then the current path will be overwritten with the given value (and the prepended and appended values applied to it). Only the first occurrence of a particular path will be kept in the final definition. Note that if the current path is used, there may still be some duplicates coming from the current definition. scripts A nlist describing the contents of scripts other than the default one. Key is the script base name (.sh or .csh extension appended in actual script name) and may be either a relative name in which case the script is created in configDir or an absolute name (in this case it must be escaped). Value is a nlist that may contains ‘env’ and ‘path’ properties (as in the default script) plus the properties described below. flavors : list of string (required) Defines a list of script flavors to build. Valid values are ‘csh’ and ‘sh’. Default : csh,sh flavorSuffix : boolean (required)

1.3. configuration-modules-core 585 Quattor Documentation, Release 0.0.1

This property indicates whether to add a .sh or .csh suffix to the script path. If false, only one flavor must be specified. Default : true

FUNCTIONS component_profile_add_env()

This functions adds an environment variable to a script. It returns component profile configuration. There are 2 calling formats :

'software/components/profile'= component_profile_add_env(script_name, env_name, env_

˓→value); 'software/components/profile'= component_profile_add_env(script_name, env_list);

In the second form, ‘env_list’ is a list of nlists. Each nlist must be a pair of environment variable name and value. component_profile_add_path()

This functions adds a path variable to a script. It returns component profile configuration. The calling format is:

'software/components/profile'= component_profile_add_path(script_name, path_name,

˓→path_value [, value_type]);

‘value_type’ is an optional argument indicating the kind of value. May be: value: this is the base value for the path and replaces an existing value. prepend: this value is prepended to an existing value, if any. append: this value is appended to an existing value, if any.

EXAMPLE

'/software/components/profile/configDir'= "/etc/profile.d"; '/software/components/profile/configDir'= "z_env"; '/software/components/profile/env/VARIABLE_ONE'= "VALUE"; '/software/components/profile/path/PATH/prepend'= list("alpha", "beta", "gamma");

Functions

• component_profile_add_env • component_profile_add_path

Types

• /software/profile/structure_profile_path – /software/profile/structure_profile_path/prepend

* Optional

586 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/profile/structure_profile_path/append

* Optional * Type: string – /software/profile/structure_profile_path/value

* Optional * Type: string • /software/profile/structure_profile_script – /software/profile/structure_profile_script/flavors

* Optional * Type: string – /software/profile/structure_profile_script/env

* Optional * Type: string – /software/profile/structure_profile_script/path

* Optional * Type: structure_profile_path – /software/profile/structure_profile_script/flavorSuffix

* Optional * Type: boolean • /software/profile/component_profile – /software/profile/component_profile/configDir

* Optional * Type: string – /software/profile/component_profile/configName

* Optional * Type: string – /software/profile/component_profile/scripts

* Optional * Type: structure_profile_script

Functions

• component_profile_script_valid

1.3. configuration-modules-core 587 Quattor Documentation, Release 0.0.1 puppet

NAME ncm-puppet: Component for running puppet standalone within quattor

RESOURCES

* /software/components/puppet/puppetconf Defines the configuration for quattor. Each item is a section of the /etc/puppet/puppet.conf file. The section [main] is mandatory. Other sections may be added. * /software/components/puppet/puppetconf/main Each item is a parameter in the [main] section of the puppet.conf file. The mandatory parameters are: * logdir : Puppet log dir. Defaults to /var/log/puppet. * rundir : string Puppet run dir. Defaults to /var/log/puppet. * /software/components/puppet/hieraconf Defines the configuration for hiera. Each item is a key definition in the /etc/puppet/hiera.yaml file. The default is:

--- :backends: - yaml :hierarchy: - quattor :yaml: :datadir: /etc/puppet/hieradata

* /software/components/puppet/nodefiles Named list of node specific manifests. The component will run puppet --apply /etc/puppet/ manifests/for each item <file> of the nlist. The parameters of each item are: * contents : string content of the file: The default for “nodefiles” is one file quattor_default.pp with content "hiera_include('classes')". * /software/components/puppet/hieradata Data to be passed to the hiera config. The data will be written in /etc/puppet/hieradata/ quattor.yaml. Note: the nlist keys will be unescaped by the component. * /software/components/puppet/modules Named list of modules to be downloaded from the puppetlab forge. Each module has the following parameters: * version ? string version of the module.

588 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/puppet/puppet_module – /software/puppet/puppet_module/version

* Optional * Type: string • /software/puppet/puppet_nodefile – /software/puppet/puppet_nodefile/contents

* Optional * Type: string • /software/puppet/puppet_puppetconf_main – /software/puppet/puppet_puppetconf_main/logdir

* Optional * Type: string – /software/puppet/puppet_puppetconf_main/rundir

* Optional * Type: string • /software/puppet/puppet_puppetconf – /software/puppet/puppet_puppetconf/main

* Optional * Type: puppet_puppetconf_main • /software/puppet/puppet_hieraconf_yaml – /software/puppet/puppet_hieraconf_yaml/_3adatadir

* Optional * Type: string • /software/puppet/puppet_hieraconf • /software/puppet/puppet_hieradata • /software/puppet/puppet_component – /software/puppet/puppet_component/puppet_cmd

* Optional * Type: string – /software/puppet/puppet_component/logfile

* Optional * Type: string – /software/puppet/puppet_component/modulepath

* Optional * Type: string

1.3. configuration-modules-core 589 Quattor Documentation, Release 0.0.1

– /software/puppet/puppet_component/modules

* Optional * Type: puppet_module – /software/puppet/puppet_component/nodefiles

* Optional * Type: puppet_nodefile – /software/puppet/puppet_component/nodefiles_path

* Optional * Type: string – /software/puppet/puppet_component/puppetconf

* Optional * Type: puppet_puppetconf – /software/puppet/puppet_component/puppetconf_file

* Optional * Type: string – /software/puppet/puppet_component/hieraconf

* Optional * Type: puppet_hieraconf – /software/puppet/puppet_component/hieraconf_file

* Optional * Type: string – /software/puppet/puppet_component/hieradata

* Optional * Type: puppet_hieradata – /software/puppet/puppet_component/hieradata_file

* Optional * Type: string resolver

NAME

NCM::resolver - NCM resolver configuration component

SYNOPSIS

Configure()

590 Chapter 1. Content Quattor Documentation, Release 0.0.1

Sets up the resolv.conf (and optionally the dnscache configuration). If dnscache is used, then dnscache will be restarted on any change. If DNS resolution fails after making the change, then resolv.conf is left in it’s previous state.

RESOURCES

* /software/components/resolver/active : boolean activates/deactivates the component. * /software/componens/resolver/search : list A list of strings to use for the resolver search path. * /software/components/resolver/servers : list list of server addresses or hostnames. If these are hostnames, they will be resolved before the resolver configuration is modified. * /software/components/resolver/dnscache : boolean If true, then configure dnscache with the server list and point resolv.conf at the localhost. This will cause dnscache to be restarted. This implies that the dnscache package is available on the machine, but this component does not enforce that.

FILES MODIFIED

The component resolver modifies the following files: /etc/resolv.conf /var/spool/dnscache/servers/@

EXAMPLES

"/software/components/resolver/active"= true; "/software/components/resolver/search"= list("ms.com"); "/software/components/resolver/servers"= list("server1.ms.com"); "/software/components/resolver/dnscache"= true;

Types

• /software/resolver/component_resolver_type – /software/resolver/component_resolver_type/servers

* Optional * Type: type_ip – /software/resolver/component_resolver_type/search

* Optional * Type: type_fqdn – /software/resolver/component_resolver_type/dnscache

1.3. configuration-modules-core 591 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean

sendmail

NAME

NCM::sendmail - NCM Sendmail configuration component

SYNOPSIS

Configure() * Set From header masquerading in sendmail. i.e. change the From field "username@localhost. localdomain" to "[email protected]". Use the following input /software/ components/sendmail/userdomain * Set Return-Path masquerading in sendmail. i.e. change the Return-Path header "[email protected]"to "[email protected]". * Set the outgoing mail server (“smarthost”) in sendmail. Use the following input /software/ components/sendmail/smarthost * Allow external SMTP connections. By default sendmail will listen only to the loopback interface. * Sets up “relay” for all unqualified names, except either for the list in /software/components/ sendmail/localusers or, if that list hasn’t been configured, for a (guessed) list of accounts that: * have an existing home directory * do not have an AFS home directory (/afs/...) * do not already have an alias definition in /etc/mail/aliases.db. * whose uid indicates that this is not a system account (information from /etc/login. defs) “relay” means that a local mail username command on the machine will in reality send mail to [email protected], instead of being appended to the user’s local mailbox (e.g. /var/spool/mail/username). To turn off the “guessing” mechanism, you will have to configure at least one account in / software/components/sendmail/localusers, root is a good candidate. Unconfigure() * Reset From header masquerading in sendmail. * Reset Return-Path header masquerading in sendmail. * Reset outgoing mail server in sendmail. * Reset relay all unqualified names in sendmail.

RESOURCES

/etc/mail/sendmail.mc : sendmail macro configuration file /etc/mail/sendmail.cf : sendmail configuration file

592 Chapter 1. Content Quattor Documentation, Release 0.0.1

BUGS

The “local user relay” functionality seems to interfere with user .forward files, they may not be honoured on some sendmail versions. Selectively “unconfiguring” certain elements doesn’t work, you should run the unconfigure() method and re-configure() with the new values afterwards.

Types

• /software/sendmail/component_sendmail – /software/sendmail/component_sendmail/smarthost

* Optional * Type: string – /software/sendmail/component_sendmail/userdomain

* Optional * Type: string – /software/sendmail/component_sendmail/localusers

* Optional * Type: list – /software/sendmail/component_sendmail/allowexternal

* Optional * Type: boolean shorewall

Types

• /software/shorewall/component_shorewall_masq – Description: a masq entry: dest source address proto port ipsec mark user switch origdest probability – /software/shorewall/component_shorewall_masq/dest

* Optional * Type: string – /software/shorewall/component_shorewall_masq/source

* Optional * Type: string – /software/shorewall/component_shorewall_masq/address

* Optional * Type: string – /software/shorewall/component_shorewall_masq/proto

* Optional

1.3. configuration-modules-core 593 Quattor Documentation, Release 0.0.1

* Type: string – /software/shorewall/component_shorewall_masq/port

* Optional * Type: string – /software/shorewall/component_shorewall_masq/ipsec

* Optional * Type: string – /software/shorewall/component_shorewall_masq/mark

* Optional * Type: string – /software/shorewall/component_shorewall_masq/user

* Optional * Type: string – /software/shorewall/component_shorewall_masq/switch

* Optional * Type: string – /software/shorewall/component_shorewall_masq/origdest

* Optional * Type: string – /software/shorewall/component_shorewall_masq/probability

* Optional * Type: double • /software/shorewall/component_shorewall_tcinterfaces – Description: a tcinterfaces entry: interface type inbw outbw – /software/shorewall/component_shorewall_tcinterfaces/interface

* Optional * Type: string – /software/shorewall/component_shorewall_tcinterfaces/type

* Optional * Type: string – /software/shorewall/component_shorewall_tcinterfaces/inbw

* Optional * Type: string – /software/shorewall/component_shorewall_tcinterfaces/outbw

* Optional * Type: string

594 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/shorewall/component_shorewall_tcpri – Description: a tcpri entry: band proto port address interface helper – /software/shorewall/component_shorewall_tcpri/band

* Optional * Type: long * Range: 1..3 – /software/shorewall/component_shorewall_tcpri/proto

* Optional * Type: string – /software/shorewall/component_shorewall_tcpri/port

* Optional * Type: long – /software/shorewall/component_shorewall_tcpri/address

* Optional * Type: string – /software/shorewall/component_shorewall_tcpri/interface

* Optional * Type: string – /software/shorewall/component_shorewall_tcpri/helper

* Optional * Type: string • /software/shorewall/component_shorewall_zones – Description: a zones entry: zone[:parent] type options inoptions outoptions – /software/shorewall/component_shorewall_zones/zone

* Optional * Type: string – /software/shorewall/component_shorewall_zones/parent

* Optional * Type: string – /software/shorewall/component_shorewall_zones/type

* Optional * Type: string – /software/shorewall/component_shorewall_zones/options

* Optional * Type: string – /software/shorewall/component_shorewall_zones/inoptions

1.3. configuration-modules-core 595 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/shorewall/component_shorewall_zones/outoptions

* Optional * Type: string • /software/shorewall/component_shorewall_interfaces – Description: an interfaces entry: zone interface[:port] broadcast options – /software/shorewall/component_shorewall_interfaces/zone

* Optional * Type: string – /software/shorewall/component_shorewall_interfaces/interface

* Optional * Type: string – /software/shorewall/component_shorewall_interfaces/port

* Optional * Type: long * Range: 0.. – /software/shorewall/component_shorewall_interfaces/broadcast

* Optional * Type: string – /software/shorewall/component_shorewall_interfaces/options

* Optional * Type: string • /software/shorewall/component_shorewall_policy – Description: a policy entry: src dst policy loglevel burst[:limit] connlimit – /software/shorewall/component_shorewall_policy/src

* Optional * Type: string – /software/shorewall/component_shorewall_policy/dst

* Optional * Type: string – /software/shorewall/component_shorewall_policy/policy

* Optional * Type: string – /software/shorewall/component_shorewall_policy/loglevel

* Optional

596 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/shorewall/component_shorewall_policy/burst

* Optional * Type: string – /software/shorewall/component_shorewall_policy/limit

* Optional * Type: string – /software/shorewall/component_shorewall_policy/connlimit

* Optional * Type: string • /software/shorewall/component_shorewall_stoppedrules – Description: a stoppedrules entry: action src dst proto dport sport – /software/shorewall/component_shorewall_stoppedrules/action

* Optional * Type: string – /software/shorewall/component_shorewall_stoppedrules/src

* Optional * Type: string – /software/shorewall/component_shorewall_stoppedrules/dst

* Optional * Type: string – /software/shorewall/component_shorewall_stoppedrules/proto

* Optional * Type: string – /software/shorewall/component_shorewall_stoppedrules/dport

* Optional * Type: long * Range: 0.. – /software/shorewall/component_shorewall_stoppedrules/sport

* Optional * Type: long * Range: 0.. • /software/shorewall/component_shorewall_rules_srcdst – Description: a rules src or dst entry: zone[:interface][:address] (default: all zones) – /software/shorewall/component_shorewall_rules_srcdst/zone

* Description: zone entry, all[+-]/any, the firewall itself ($FW) or none

1.3. configuration-modules-core 597 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/shorewall/component_shorewall_rules_srcdst/interface

* Optional * Type: string – /software/shorewall/component_shorewall_rules_srcdst/address

* Description: address is an (mac)addres/range combo, e.g. ~00-A0-C9-15-39- 78,155.186.235.0/24!155.186.235.16/28

* Optional * Type: string • /software/shorewall/component_shorewall_rules – Description: a rules entry: action src dst proto dstport srcport origdst rate user[:group] mark connlimit time headers switch helper – /software/shorewall/component_shorewall_rules/action

* Optional * Type: string – /software/shorewall/component_shorewall_rules/src

* Optional * Type: component_shorewall_rules_srcdst – /software/shorewall/component_shorewall_rules/dst

* Optional * Type: component_shorewall_rules_srcdst – /software/shorewall/component_shorewall_rules/proto

* Optional * Type: string – /software/shorewall/component_shorewall_rules/dstport

* Optional * Type: string – /software/shorewall/component_shorewall_rules/srcport

* Optional * Type: string – /software/shorewall/component_shorewall_rules/origdst

* Optional * Type: string – /software/shorewall/component_shorewall_rules/rate

* Optional * Type: string

598 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_rules/user

* Optional * Type: string – /software/shorewall/component_shorewall_rules/group

* Optional * Type: string – /software/shorewall/component_shorewall_rules/mark

* Optional * Type: string – /software/shorewall/component_shorewall_rules/connlimit

* Optional * Type: string – /software/shorewall/component_shorewall_rules/time

* Optional * Type: string – /software/shorewall/component_shorewall_rules/headers

* Optional * Type: string – /software/shorewall/component_shorewall_rules/switch

* Optional * Type: string – /software/shorewall/component_shorewall_rules/helper

* Optional * Type: string • /software/shorewall/component_shorewall_shorewall_blacklist • /software/shorewall/component_shorewall_shorewall – Description: shorewall.conf options. only configured options are written to the configfile – /software/shorewall/component_shorewall_shorewall/accept_default

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/accounting

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/accounting_table

* Optional * Type: string

1.3. configuration-modules-core 599 Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/add_ip_aliases

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/add_snat_aliases

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/adminisabsentminded

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/arptables

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/auto_comment

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/autocomment

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/autohelpers

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/basic_filters

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/blacklist

* Optional * Type: component_shorewall_shorewall_blacklist – /software/shorewall/component_shorewall_shorewall/blacklist_disposition

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/blacklist_loglevel

* Optional * Type: string

600 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/blacklistnewonly

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/chain_scripts

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/clampmss

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/clear_tc

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/complete

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/config_path

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/defer_dns_resolution

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/delete_then_add

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/detect_dnat_ipaddrs

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/disable_ipv6

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/dont_load

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/drop_default

* Optional * Type: string

1.3. configuration-modules-core 601 Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/dynamic_blacklist

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/dynamic_zones

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/expand_policies

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/exportmodules

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/exportparams

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/fastaccept

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/forward_clear_mark

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/geoipdir

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/helpers

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/high_route_marks

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/ignoreunknownvariables

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/implicit_continue

* Optional * Type: boolean

602 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/inline_matches

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/invalid_disposition

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/invalid_log_level

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/ip

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/ip_forwarding

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/ipsecfile

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/ipset

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/ipset_warnings

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/iptables

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/keep_rt_tables

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/legacy_faststart

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/load_helpers_only

* Optional * Type: boolean

1.3. configuration-modules-core 603 Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/lockfile

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/log_backend

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/logallnew

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/logfile

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/logformat

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/loglimit

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/log_martians

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/logtagonly

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/log_verbosity

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/maclist_disposition

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/maclist_log_level

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/maclist_table

* Optional * Type: string

604 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/maclist_ttl

* Optional * Type: long * Range: 0.. – /software/shorewall/component_shorewall_shorewall/mask_bits

* Optional * Type: long * Range: 0.. – /software/shorewall/component_shorewall_shorewall/mangle_enabled

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/mapoldactions

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/mark_in_forward_chain

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/modulesdir

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/module_suffix

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/multicast

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/mutex_timeout

* Optional * Type: long * Range: 0.. – /software/shorewall/component_shorewall_shorewall/nfqueue_default

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/null_route_rfc1918

* Optional * Type: boolean

1.3. configuration-modules-core 605 Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/optimize_accounting

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/optimize

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/path

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/perl

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/pkttype

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/queue_default

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/rcp_command

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/reject_default

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/require_interface

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/restore_default_route

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/restorefile

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/retain_aliases

* Optional * Type: boolean

606 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/shorewall/component_shorewall_shorewall/route_filter

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/rsh_command

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/save_ipsets

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/shorewall_shell

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/smurf_log_level

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/startup_enabled

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/startup_log

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/subsyslock

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/tc_bits

* Optional * Type: long * Range: 0.. – /software/shorewall/component_shorewall_shorewall/tc_enabled

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/tc_expert

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/tcp_flags_disposition

* Optional

1.3. configuration-modules-core 607 Quattor Documentation, Release 0.0.1

* Type: string – /software/shorewall/component_shorewall_shorewall/tcp_flags_log_level

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/tc_priomap

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/tc

* Optional * Type: string – /software/shorewall/component_shorewall_shorewall/track_providers

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/track_rules

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/use_default_rt

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/use_physical_names

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/use_rt_names

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/verbosity

* Optional * Type: long * Range: 0..2 – /software/shorewall/component_shorewall_shorewall/wide_tc_marks

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/workarounds

* Optional * Type: boolean – /software/shorewall/component_shorewall_shorewall/zone2zone

608 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string • /software/shorewall/component_shorewall – /software/shorewall/component_shorewall/shorewall

* Description: shorewall.conf configuration * Optional * Type: component_shorewall_shorewall – /software/shorewall/component_shorewall/zones

* Description: zones configuration * Optional * Type: component_shorewall_zones – /software/shorewall/component_shorewall/interfaces

* Description: interfaces configuration * Optional * Type: component_shorewall_interfaces – /software/shorewall/component_shorewall/policy

* Description: configuration * Optional * Type: component_shorewall_policy – /software/shorewall/component_shorewall/rules

* Description: rules configuration * Optional * Type: component_shorewall_rules – /software/shorewall/component_shorewall/tcinterfaces

* Description: tcinterfaces configuration * Optional * Type: component_shorewall_tcinterfaces – /software/shorewall/component_shorewall/tcpri

* Description: tcpri configuration * Optional * Type: component_shorewall_tcpri – /software/shorewall/component_shorewall/masq

* Description: masq configuration * Optional * Type: component_shorewall_masq – /software/shorewall/component_shorewall/stoppedrules

1.3. configuration-modules-core 609 Quattor Documentation, Release 0.0.1

* Description: rules to use when shorewall is stopped * Optional * Type: component_shorewall_stoppedrules • /software/shorewall/shorewall_sysconfig – Description: metaconfig schema for shorewall 5.x sysconfig (you cannot set RESTARTOPTIONS) – /software/shorewall/shorewall_sysconfig/OPTIONS

* Optional * Type: string – /software/shorewall/shorewall_sysconfig/STARTOPTIONS

* Optional * Type: string – /software/shorewall/shorewall_sysconfig/RELOADOPTIONS

* Optional * Type: string – /software/shorewall/shorewall_sysconfig/STOPOPTIONS

* Optional * Type: string spma

NAME

NCM::Component::spma - Quattor’s package manager

SYNOPSIS

The SPMA component passes off to different back-ends depending on the type of packaging system specified in /software/components/spma/packager. Currently available: * NCM::Component::spma::ips for Solaris. * NCM::Component::spma::yum * NCM::Component::spma::yumng spma-run

NAME spma-run - Executes command output from ncm-spma component

610 Chapter 1. Content Quattor Documentation, Release 0.0.1

SYNOPSIS spma-run [–cmdfile file] [–forcelock] [–ignorelock] [–logfile file][–retries n][–timeout secs][–debug n][–quiet] [–verbose][–help][–man][–version]{–execute|–noaction| –get-be-name|–get-install|–get-reject}

DESCRIPTION spma-run –execute executes the package changes determined by the Quattor NCM spma configuration component. Currently supported for IPS packages on Solaris 11 only. Alternatively, provide the –noaction argument instead, and no changes will be made. See description of –noaction in OPTIONS below. The output file from ncm-spma provides all of the arguments required for a pkg install command, including the name of the boot environment that will be created. It is recommended that ncm-ncd -configure spma is run immediately prior to executing spma-run so that the commands are up-to-date with the current system state.

RETURN VALUE spma-run –execute returns 1 if no changes were made, or 0 if changes have been made indicating that a new boot environment has been created with some packaging differences, or >1 if an error occurred. In noaction mode returns 1 if no changes would have been made, or 0 if changes would have been made, or >1 if an error occurred.

OPTIONS

The following options are supported: –cmdfile file By default, spma-run obtains the name of the output file to process by running ncm-query and looking at the /software/components/spma/cmdfile resource. This option allows the command filename to be overridden, in which case ncm-query will not be exe- cuted. –debug n Set the debugging level. –execute Enables run mode. Live changes will be made on the system. –forcelock Take over application lock forcibly. Use with care. –get-be-name Return name of boot environment that would be created if any package updates were to be made, but make no changes. The name of the BE can only be determined if ncm-spma was provided with one via the Quattor host profile. –get-install

1.3. configuration-modules-core 611 Quattor Documentation, Release 0.0.1

Return list of package names that would be passed to the pkg installcommand. –get-reject Return list of package names that would be passed via –rejectarguments to the pkg install command. –help Display help page. See also –man option. –ignorelock Ignore application lock. Use with care. –logfile file By default, spma-run logs to /var/log/spma-run.log. This option elects a different log file. –man Display this man page. –noaction Runs the pkg install command with the -n option to make no changes but only determine if any changes would have been made, and if so, the pkg install command that would have been executed and the name of the boot environment that would have been created. Nothing is written to the log file if this option is given. –quiet Suppresses output to stdout. –retries n By default spma-run will retry up to 10 times if the application is locked by another process invocation. This option amends the number of retries. –timeout secs By default spma-run will wait 30 seconds between retries if the application is locked by another process invocation. This option amends the timeout. –verbose Display more detailed output on operations performed. –version Display version number.

FILES

/var/log/spma-run.log Default log file. spma :: apt

NAME

NCM::Component::spma::apt - NCM SPMA backend for apt

612 Chapter 1. Content Quattor Documentation, Release 0.0.1

SYNOPSIS

This document describes how to control the behaviour of the package manager itself. For information on how to manage packages with Quattor, please check http://quattor.org/documentation/2013/04/05/package-management.html.

DESCRIPTION

This plugin implements an apt backend for ncm-spma, the approach taken is to defer as much work as possible to apt. A single SPMA run consists of the following steps: Setup source directory if required Remove sources that are not found in the profile Update source cache from upstream sources Upgrade already installed packages Install packages specified in the profile that are not installed Mark any packages installed but not in the profile as automatically installed Ask apt to remove all automatically installed packages that are not satisfying dependencies of other packages

RESOURCES

Only a very minimal schema is implemented. Sources listed under /software/repositories will be configured, URLs should be followed by the suite and sections required e.g. http://example.org/debian unstable main Packages listed under /software/packages will be installed, version and architecture locking (including multi- arch) is fully implemented.

Types

• /software/spma/component_spma_apt – /software/spma/component_spma_apt/userrepos

* Description: Allow user defined (i.e. unmanaged) repositories to be present on the system * Optional * Type: boolean – /software/spma/component_spma_apt/userpkgs

* Description: Allow user installed (i.e. unmanaged) packages to be present on the system * Optional * Type: boolean

1.3. configuration-modules-core 613 Quattor Documentation, Release 0.0.1

Functions

• repository_exists – Description: Utility function to determine if at least one particular child element exists. (Used in the checking of the repositories.) • Arguments: – name – path to list of dicts with at least one key ‘name’ • resolve_pkg_rep – Description: Automatically fill “repository” field for package list • Arguments: – repository list – (optional) package list. When specified, only the package(s) specified are resolved, if they exist in the configuration. • purge_rep_list – Description: Remove unneeded repository information • Arguments: – repository list • pkg_del – Description: Remove package from list. If the package is not part of the configuration, silently exit: this is not considered as an error. • Arguments: – name – (optional) version. If version is not specified (no argument provided) or is the empty string then ALL existing versions are removed from the profile. – (optional) arch. If arch is not specified (no argument provided), then ALL existing archs for the specified version are removed from the profile. • pkg_repl • Arguments: – name – (optional) new version – (optional) arch – (optional) options. pkg_repl() is the real workhorse of pkg_add/pkg_del/pkg_repl/pkg_ronly. Other functions are just wrappers of pkg_repl(). ‘options’ argument is used to tailor this function behaviour for a particular purpose and is normally used only by other pkg_xxx functions. • pkg_add • Arguments: – name – (optional) version

614 Chapter 1. Content Quattor Documentation, Release 0.0.1

– (optional) arch • pkg_ronly – Description: Replace package in the list ONLY if present. Same as pkg_repl() except that if no version existed in the profile, NO new version is added. See pkg_repl() for argument documentation. • Arguments: – name – (optional) version – (optional) arch spma :: ips

NAME

NCM::Component::spma::ips - NCM SPMA configuration component for IPS

SYNOPSIS

Configure ()

DESCRIPTION

Invoked by NCM::Component::spma via ncm-ncd --configure ncm-spma when /software/ components/spma/packager is ips. Processes requests for IPS packages to be added to a new Solaris boot environment and generates a command file that may be executed by spma-run. This module is intended for package management with Quattor on Solaris 11 or later.

RESOURCES

* /software/catalogues ? nlist {} A list of catalogues (package groups) to install. The format is: {\ *package_name*\ }/{\ *version*\} For example:

prefix '/software/catalogues'; '{pkg://solaris/entire}/{0.5.11,5.11-0.175.1.10.0.5.0}'='';

The intention is that a host’s software inventory is predominantly defined by a small number of software catalogues that pull in almost all of the packages required for the build. Catalogues must be versioned and a host is progressed from one version of a build to another by shifting the catalogue version numbers. * /software/requests ? nlist ()

1.3. configuration-modules-core 615 Quattor Documentation, Release 0.0.1

A list of additional packages to install. The format is: {\ *package_name*\ }[/{\ *version*\ }] For example:

'/software/requests/{ms/afs/client}'= nlist(); '/software/requests/{idr537}/{2}'='';

The version number is optional and should generally be omitted. It is intended that the version number of packages that can be requested individually are defined by a catalogue (e.g. constrained by an incorporate dependency). * /software/uninstall ? nlist () A list of packages to uninstall. Packages in this list will not be installed, and if found on the system will be removed. The format is the same as with /software/requests. * /software/whitelist ? nlist () A list of packages to whitelist. Packages in this list are permitted on the system even if they have not been explicitly requested and even if userpkgs is set to no. The format is the same as with /software/ requests. * /software/components/spma/packager ? string Must contain ips to use this module. * /software/components/spma/run ? string Set to yes to allow this module to launch spma-run --execute to make immediate changes to the new boot environment. If set to no or omitted, this module prepares and validates the changes only, but does not perform any updates, it will be the responsibility of an external process to launch spma-run --execute in this case. * /software/components/spma/userpkgs ? string Set to yes to allow user-installed packages. If set to no or omitted, then SPMA will find all leaf packages that have not been requested and uninstall them via --reject arguments to pkg install. * /software/components/spma/pkgpaths : string [] Contains a list of resource paths where catalogues and individual package requests are located. Should be set to:

list("/software/catalogues", "/software/requests");

* /software/components/spma/uninstpaths : string [] Contains a list of resource paths where packages to uninstall are located. Should be set to:

list("/software/uninstall");

* /software/components/spma/whitepaths : string [] Contains a list of resource paths where packages to whitelist are located. Should be set to:

list("/software/whitelist");

* /software/components/spma/cmdfile : string Where to save commands for the spma-run script. Default location is /var/tmp/spma-commands. * /software/components/spma/flagfile ? string

616 Chapter 1. Content Quattor Documentation, Release 0.0.1

File to touch if /software/components/spma/run is set to no and this module has determined that there is work to do, i.e. packages to install or to uninstall. If the file exists after this module has completed, then spma-run --execute can be run to create a new BE and make package changes in that BE. * /software/components/spma/ips/bename ? string Name of boot environment that spma-run will use when making any changes to packages. If a BE by that name already exists, then a unique number will be appended to the name. Package changes will be effected via pkg install --be-name . If this resource is missing then pkg install --require-new-be will be used instead, leaving Solaris to decide on the name of the new BE. * /software/components/spma/ips/rejectidr : boolean Add a --reject option to the pkg install command for every Solaris IDR installed that has not been explicitly requested. Default is true. * /software/components/spma/ips/freeze : boolean Ignore frozen packages. This will prevent SPMA from updating or uninstalling frozen packages. Default is true.

NOTES

This module does not support making changes in the currently active boot environment. The intention is that it is executed when a host is rebooted via a call to ncm-ncd -configure spma and then spma-run --executecalled immediately afterwards. The system will then reboot into the newly created boot environment if any changes were made. IPS publisher configuration is currently not supported by this module.

EXAMPLE CONFIGURATION

The following PAN code snippet demonstrates how to prepare SPMA for Solaris:

# # Configure SPMA appropriately for Solaris # prefix "/software/components/spma"; "packager"= "ips"; "pkgpaths"= list("/software/catalogues", "/software/requests"); "uninstpaths"= list("/software/uninstall"); "whitepaths"= list("/software/whitelist"); "register_change"= list("/software/catalogues", "/software/requests", "/software/uninstall"); "flagfile"= "/var/tmp/spma-run-flag"

Types

• /software/spma/component_spma_ips_type

1.3. configuration-modules-core 617 Quattor Documentation, Release 0.0.1

– /software/spma/component_spma_ips_type/bename

* Optional * Type: string – /software/spma/component_spma_ips_type/cachedir

* Optional * Type: string – /software/spma/component_spma_ips_type/cmdfile

* Optional * Type: string – /software/spma/component_spma_ips_type/flagfile

* Optional * Type: string – /software/spma/component_spma_ips_type/freeze

* Optional * Type: boolean – /software/spma/component_spma_ips_type/imagedir

* Optional * Type: string – /software/spma/component_spma_ips_type/pkgpaths

* Optional * Type: string – /software/spma/component_spma_ips_type/rejectidr

* Optional * Type: boolean – /software/spma/component_spma_ips_type/uninstpaths

* Optional * Type: string • /software/spma/component_spma_ips – /software/spma/component_spma_ips/ips

* Optional * Type: component_spma_ips_type – /software/spma/component_spma_ips/run

* Description: Run the SPMA after configuring it * Optional * Type: legacy_binary_affirmation_string – /software/spma/component_spma_ips/userpkgs

618 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: Allow user installed (i.e. unmanaged) packages to be present on the system * Optional * Type: legacy_binary_affirmation_string

Types

• /software/spma/component_spma_common – /software/spma/component_spma_common/packager

* Optional * Type: string

Types

• /software/spma/spma_yum_plugin_fastestmirror – /software/spma/spma_yum_plugin_fastestmirror/enabled

* Optional * Type: boolean – /software/spma/spma_yum_plugin_fastestmirror/verbose

* Optional * Type: boolean – /software/spma/spma_yum_plugin_fastestmirror/always_print_best_host

* Optional * Type: boolean – /software/spma/spma_yum_plugin_fastestmirror/socket_timeout

* Optional * Type: long * Range: 0.. – /software/spma/spma_yum_plugin_fastestmirror/hostfilepath

* Optional * Type: string – /software/spma/spma_yum_plugin_fastestmirror/maxhostfileage

* Optional * Type: long * Range: 0.. – /software/spma/spma_yum_plugin_fastestmirror/maxthreads

* Optional * Type: long * Range: 0..

1.3. configuration-modules-core 619 Quattor Documentation, Release 0.0.1

– /software/spma/spma_yum_plugin_fastestmirror/exclude

* Optional * Type: string – /software/spma/spma_yum_plugin_fastestmirror/include_only

* Optional * Type: string • /software/spma/spma_yum_plugin_versionlock – /software/spma/spma_yum_plugin_versionlock/enabled

* Optional * Type: boolean – /software/spma/spma_yum_plugin_versionlock/locklist

* Optional * Type: string – /software/spma/spma_yum_plugin_versionlock/follow_obsoletes

* Optional * Type: boolean • /software/spma/spma_yum_plugin_priorities – /software/spma/spma_yum_plugin_priorities/enabled

* Optional * Type: boolean – /software/spma/spma_yum_plugin_priorities/check_obsoletes

* Optional * Type: boolean • /software/spma/spma_yum_plugins – /software/spma/spma_yum_plugins/fastestmirror

* Optional * Type: spma_yum_plugin_fastestmirror – /software/spma/spma_yum_plugins/versionlock

* Optional * Type: spma_yum_plugin_versionlock – /software/spma/spma_yum_plugins/priorities

* Optional * Type: spma_yum_plugin_priorities • /software/spma/component_spma_common_yum – /software/spma/component_spma_common_yum/proxy

* Optional

620 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: legacy_binary_affirmation_string – /software/spma/component_spma_common_yum/proxyhost

* Optional * Type: string – /software/spma/component_spma_common_yum/proxyport

* Optional * Type: string

Types

• /software/spma/software_repository_url • /software/spma/SOFTWARE_PACKAGE_REP • /software/spma/SOFTWARE_PACKAGE – /software/spma/SOFTWARE_PACKAGE/arch

* Optional * Type: string • /software/spma/SOFTWARE_REPOSITORY_PACKAGE – /software/spma/SOFTWARE_REPOSITORY_PACKAGE/arch

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY_PACKAGE/name

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY_PACKAGE/version

* Optional * Type: string • /software/spma/SOFTWARE_REPOSITORY_PROTOCOL – /software/spma/SOFTWARE_REPOSITORY_PROTOCOL/name

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY_PROTOCOL/url

* Optional * Type: software_repository_url – /software/spma/SOFTWARE_REPOSITORY_PROTOCOL/cacert

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY_PROTOCOL/clientcert

1.3. configuration-modules-core 621 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY_PROTOCOL/clientkey

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY_PROTOCOL/verify

* Optional * Type: boolean • /software/spma/SOFTWARE_REPOSITORY – /software/spma/SOFTWARE_REPOSITORY/enabled

* Optional * Type: boolean – /software/spma/SOFTWARE_REPOSITORY/gpgcheck

* Optional * Type: boolean – /software/spma/SOFTWARE_REPOSITORY/repo_gpgcheck

* Optional * Type: boolean – /software/spma/SOFTWARE_REPOSITORY/gpgkey

* Optional * Type: software_repository_url – /software/spma/SOFTWARE_REPOSITORY/gpgcakey

* Optional * Type: software_repository_url – /software/spma/SOFTWARE_REPOSITORY/excludepkgs

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY/includepkgs

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY/name

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY/owner

* Optional * Type: string

622 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/spma/SOFTWARE_REPOSITORY/priority

* Optional * Type: long * Range: 1..99 – /software/spma/SOFTWARE_REPOSITORY/protocols

* Optional * Type: SOFTWARE_REPOSITORY_PROTOCOL – /software/spma/SOFTWARE_REPOSITORY/proxy

* Optional * Type: string – /software/spma/SOFTWARE_REPOSITORY/skip_if_unavailable

* Optional * Type: boolean spma :: yum

NAME

NCM::Component::spma::yum - NCM SPMA configuration component for Yum

SYNOPSIS

This document describes how to control the behaviour of the package manager itself. For information on how to manage packages with Quattor, please check http://quattor.org/documentation/2013/04/05/package-management.html.

RESOURCES

* /software/components/spma/active : boolean Activates/deactivates the component.

Flags for Yum processing:

* /software/components/spma/process_obsoletes : boolean Make Yum replace obsoleted packages by their recommended counterparts. Defaults to false to keep backwards compatibility. * /software/components/spma/userpkgs : string (“yes|no”) Whether SPMA should keep any packages the user may have installed manually. Set to no to make the SPMA take full control of all your software installations. Set to yes to preserve any packages you installed by hand. If you do so, SPMA will never remove a package. * /software/components/spma/userpkgs_retry : boolean

1.3. configuration-modules-core 623 Quattor Documentation, Release 0.0.1

Yum-based spma might get confused and fails when it tries to remove packages when userpkgs is no while installing new ones. Typically it will (try to) remove a leaf package, that is also to be installed as a dependency of a new to-be-installed package. With userpkgs_retry set to true, the package update process will be retried in case of failure in 2 steps, a first retry while preserving the installed packages, and if this retry was succesful, followed by a second retry where it will (try to) remove leaf packages again. * /software/components/spma/packager : string Must contain yum to use this module. * /software/components/spma/proxy : string (“yes|no”) Whether to use a proxy. * /software/components/spma/proxytype : string (“forward|reverse”) Type of proxy (reverse or forward). * /software/components/spma/proxyhost : string Comma-separated list of proxy hosts. If you have a forward proxy you should specify only one. You may specify several reverse proxies here, and they will be appended to the baseurl entry of each repository’s configuration. * /software/components/spma/proxyport : string Port where the proxies are listening. * /software/components/spma/run : string (“yes|no”) Whether to actually run Yum operations that may install, remove or update packages. * /software/components/spma/fullsearch : boolean Yum-based spma will try to verify that all version locked packages can actually be found in the provided repositories. For packages that have versions with wildcards specified, a full (and possibly slow) search of each pattern can be performed by setting fullsearch to true. By default, the fullsearch is not performed, and for any packages that have versions with wildcards, it is assumed that the repositories contain them.

FILES

* /etc/spma.conf * /var/lib/spma-target.cf

NOTES

This component honors the --noaction mode.

SEE ALSO

You must read this document to understand how to manage packages with Quattor: http://quattor.org/documentation/2013/04/05/package-management.html, These links detail experiences and strategies relevant for managing software installations in large sites:

624 Chapter 1. Content Quattor Documentation, Release 0.0.1 http://quattor.org/documentation/2013/02/07/yum-package-management.html http://quattor.org/documentation/2013/01/29/spma-yum-upgrade.html http://quattor.org/blog/2013/01/29/package-layout-proposal.html http://quattor.org/blog/2013/03/27/cleaning-up-packages.html

Types

• /software/spma/SOFTWARE_GROUP – /software/spma/SOFTWARE_GROUP/default

* Optional * Type: boolean – /software/spma/SOFTWARE_GROUP/mandatory

* Optional * Type: boolean – /software/spma/SOFTWARE_GROUP/optional

* Optional * Type: boolean • /software/spma/spma_yum_main_options – Description: Main configuration options for yum.conf. The cleanup_on_remove, obsoletes, reposdir and pluginpath are set internally. – /software/spma/spma_yum_main_options/exclude

* Optional * Type: string – /software/spma/spma_yum_main_options/installonly_limit

* Optional * Type: long * Range: 0.. – /software/spma/spma_yum_main_options/keepcache

* Optional * Type: boolean – /software/spma/spma_yum_main_options/retries

* Optional * Type: long * Range: 0.. – /software/spma/spma_yum_main_options/timeout

* Optional

1.3. configuration-modules-core 625 Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. • /software/spma/component_spma_yum – /software/spma/component_spma_yum/fullsearch

* Optional * Type: boolean – /software/spma/component_spma_yum/main_options

* Optional * Type: spma_yum_main_options – /software/spma/component_spma_yum/plugins

* Optional * Type: spma_yum_plugins – /software/spma/component_spma_yum/process_obsoletes

* Optional * Type: boolean – /software/spma/component_spma_yum/proxytype

* Optional * Type: string – /software/spma/component_spma_yum/run

* Optional * Type: legacy_binary_affirmation_string – /software/spma/component_spma_yum/userpkgs_retry

* Optional * Type: boolean – /software/spma/component_spma_yum/userpkgs

* Optional * Type: legacy_binary_affirmation_string – /software/spma/component_spma_yum/reposdirs

* Description: List of external repo dirs to be included in addition to the one managed by this component.

* Optional * Type: absolute_file_path – /software/spma/component_spma_yum/filter

* Description: regexp pattern to install only matching (unescaped) package names. This is an advanced setting, and typically only used in a 2-stage software install like spmalight. When userpkgs is not defined, it runs as if userpkgs is true. (Caution: is userpkgs is false, it will very likely remove all non-matching packages. It is advised to remove the userpkgs attribute). Versionlocking

626 Chapter 1. Content Quattor Documentation, Release 0.0.1

is not affected by the filter (i.e. all packages are considered for version locking, not only the filtered ones).

* Optional * Type: string spma :: yumng

NAME

NCM::Component::spma::yumng - NCM SPMA configuration component for Yum, new generation

SYNOPSIS

This document describes how to control the behaviour of the package manager itself. For information on how to manage packages with Quattor, please check http://quattor.org/documentation/2013/04/05/package-management.html.

RESOURCES

* /software/components/spma/active : boolean Activates/deactivates the component.

Flags for Yum processing:

* /software/components/spma/process_obsoletes : boolean Make Yum replace obsoleted packages by their recommended counterparts. Defaults to false to keep backwards compatibility. * /software/components/spma/userpkgs : string (“yes|no”) Whether SPMA should keep any packages the user may have installed manually. Set to no to make the SPMA take full control of all your software installations. Set to yes to preserve any packages you installed by hand. If you do so, SPMA will never remove a package. * /software/components/spma/userpkgs_retry : boolean Yum-based spma might get confused and fails when it tries to remove packages when userpkgs is no while installing new ones. Typically it will (try to) remove a leaf package, that is also to be installed as a dependency of a new to-be-installed package. With userpkgs_retry set to true, the package update process will be retried in case of failure in 2 steps, a first retry while preserving the installed packages, and if this retry was succesful, followed by a second retry where it will (try to) remove leaf packages again. * /software/components/spma/excludes : string[] Packages listed in this list will be ignored by Yum. It will make them invisible from metadata. Globs can be used for items in this list. * /software/components/spma/yumconf : string Yum configuration file (/etc/yum.conf) which SPMA will create on a box before any package oper- ations.

1.3. configuration-modules-core 627 Quattor Documentation, Release 0.0.1

* /software/components/spma/whitelist : string[] List of globs to specify packages which are ignored by SPMA. These packages will remain in place and will not be removed upon SPMA execution. Typical use case is 3rd party custom installations where an installer is executed and it generates/installs packages on its own. Without this feature SPMA would remove such packages. * /software/components/spma/quattor_os_file : string File name which will contain custom build information generated by SPMA upon successful completion. * /software/components/spma/quattor_os_file : string String to be put in quattor_os_file upon successful SPMA completion. * /software/components/spma/proxy : string (“yes|no”) Whether to use a proxy. * /software/components/spma/proxytype : string (“forward|reverse”) Type of proxy (reverse or forward). * /software/components/spma/proxyhost : string Comma-separated list of proxy hosts. If you have a forward proxy you should specify only one. You may specify several reverse proxies here, and they will be appended to the baseurl entry of each repository’s configuration. * /software/components/spma/proxyport : string Port where the proxies are listening. * /software/components/spma/run : string (“yes|no”) Whether to actually run Yum operations that may install, remove or update packages. * /software/components/spma/fullsearch : boolean Yum-based spma will try to verify that all version locked packages can actually be found in the provided repositories. For packages that have versions with wildcards specified, a full (and possibly slow) search of each pattern can be performed by setting fullsearch to true. By default, the fullsearch is not performed, and for any packages that have versions with wildcards, it is assumed that the repositories contain them.

FILES

* /etc/spma.conf * /var/lib/spma-target.cf

SEE ALSO

You must read this document to understand how to manage packages with Quattor: http://quattor.org/documentation/2013/04/05/package-management.html, These links detail experiences and strategies relevant for managing software installations in large sites: http://quattor.org/documentation/2013/02/07/yum-package-management.html http://quattor.org/documentation/2013/01/29/spma-yum-upgrade.html

628 Chapter 1. Content Quattor Documentation, Release 0.0.1 http://quattor.org/blog/2013/01/29/package-layout-proposal.html http://quattor.org/blog/2013/03/27/cleaning-up-packages.html

Types

• /software/spma/SOFTWARE_GROUP – /software/spma/SOFTWARE_GROUP/default

* Optional * Type: boolean – /software/spma/SOFTWARE_GROUP/mandatory

* Optional * Type: boolean – /software/spma/SOFTWARE_GROUP/optional

* Optional * Type: boolean – /software/spma/SOFTWARE_GROUP/names

* Optional * Type: string • /software/spma/component_spma_yumng – /software/spma/component_spma_yumng/excludes

* Optional * Type: string – /software/spma/component_spma_yumng/quattor_os_file

* Optional * Type: string – /software/spma/component_spma_yumng/quattor_os_release

* Optional * Type: string – /software/spma/component_spma_yumng/run

* Optional * Type: legacy_binary_affirmation_string – /software/spma/component_spma_yumng/userpkgs

* Optional * Type: legacy_binary_affirmation_string – /software/spma/component_spma_yumng/whitelist

* Optional * Type: string

1.3. configuration-modules-core 629 Quattor Documentation, Release 0.0.1

– /software/spma/component_spma_yumng/yumconf

* Optional * Type: string ssh

NAME

NCM::ssh - NCM SSH configuration component

DESCRIPTION

Update the SSH client and/or daemon configuration files, preserving their permissions. Replace changed option values and add new options to the end of the configuration file(s). If any changes were made in the daemon configuration file, tell the SSH daemon to reload the new configuration by executing the following command:

/sbin/service sshd reload

RESOURCES

* /software/components/ssh/client : nlist (optional) This nlist contains 2 option sets describing respectively options that must be defined an their values and options that must be commented out. * /software/components/ssh/client/options : nlist (optional) Options that must be set and their value. See schema for allowed options. * /software/components/ssh/client/comment_options : nlist (optional) Options that must be commented out. This is the same set of options as those which can be set. If an option is in both list, definition takes precedence. See schema for allowed options. * /software/components/ssh/daemon : nlist (optional) This nlist contains 2 option sets describing respectively options that must be defined an their values and options that must be commented out. * /software/components/ssh/daemon/options : nlist (optional) Options that must be set and their value. See schema for allowed options. * /software/components/ssh/daemon/comment_options : nlist (optional) Options that must be commented out. This is the same set of options as those which can be set. If an option is in both list, definition takes precedence. See schema for allowed options.

630 Chapter 1. Content Quattor Documentation, Release 0.0.1

FILES

/etc/ssh/sshd_config The SSH daemon configuration file. /etc/ssh/ssh_config The SSH client configuration file.

Types

• /software/ssh/ssh_preferred_authentication • /software/ssh/ssh_ciphers • /software/ssh/ssh_hostkeyalgorithms • /software/ssh/ssh_kbdinteractivedevices • /software/ssh/ssh_kexalgorithms • /software/ssh/ssh_MACs • /software/ssh/legacy_ssh_MACs • /software/ssh/legacy_ssh_ciphers • /software/ssh/legacy_ssh_kexalgorithm • /software/ssh/ssh_core_options_type – /software/ssh/ssh_core_options_type/AddressFamily

* Optional * Type: string – /software/ssh/ssh_core_options_type/ChallengeResponseAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/Ciphers

* Optional * Type: legacy_ssh_ciphers – /software/ssh/ssh_core_options_type/Compression

* Optional * Type: string – /software/ssh/ssh_core_options_type/GSSAPIAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/GSSAPICleanupCredentials

* Optional * Type: legacy_binary_affirmation_string

1.3. configuration-modules-core 631 Quattor Documentation, Release 0.0.1

– /software/ssh/ssh_core_options_type/GSSAPIKeyExchange

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/GatewayPorts

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/HostbasedAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/LogLevel

* Optional * Type: string – /software/ssh/ssh_core_options_type/MACs

* Optional * Type: legacy_ssh_MACs – /software/ssh/ssh_core_options_type/PasswordAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/Protocol

* Optional * Type: string – /software/ssh/ssh_core_options_type/PubkeyAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/RSAAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/RhostsRSAAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/SendEnv

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_core_options_type/TCPKeepAlive

* Optional * Type: legacy_binary_affirmation_string

632 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ssh/ssh_core_options_type/XAuthLocation

* Optional * Type: string – /software/ssh/ssh_core_options_type/KexAlgorithms

* Optional * Type: ssh_kexalgorithms • /software/ssh/ssh_daemon_options_type – /software/ssh/ssh_daemon_options_type/AFSTokenPassing

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/AcceptEnv

* Description: AcceptEnv, one per line * Optional * Type: string – /software/ssh/ssh_daemon_options_type/AllowAgentForwarding

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/AllowGroups

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/AllowTcpForwarding

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/AllowUsers

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/AuthorizedKeysFile

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/Banner

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/ClientAliveCountMax

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/ClientAliveInterval

1.3. configuration-modules-core 633 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/DenyGroups

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/DenyUsers

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/GSSAPIStrictAcceptorCheck

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/HostKey

* Description: HostKey, one per line * Optional * Type: string – /software/ssh/ssh_daemon_options_type/HPNDisabled

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/HPNBufferSize

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/IgnoreRhosts

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/IgnoreUserKnownHosts

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KbdInteractiveAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KerberosAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KerberosGetAFSToken

* Optional * Type: legacy_binary_affirmation_string

634 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ssh/ssh_daemon_options_type/KerberosOrLocalPasswd

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KerberosTgtPassing

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KerberosTicketAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KerberosTicketCleanup

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/KeyRegenerationInterval

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/ListenAddress

* Description: ListenAddress, one per line * Optional * Type: type_hostport – /software/ssh/ssh_daemon_options_type/LoginGraceTime

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/MaxAuthTries

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/MaxStartups

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/NoneEnabled

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/PermitEmptyPasswords

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/PermitRootLogin

* Optional

1.3. configuration-modules-core 635 Quattor Documentation, Release 0.0.1

* Type: string – /software/ssh/ssh_daemon_options_type/PermitTunnel

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/PermitUserEnvironment

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/PidFile

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/Port

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/PrintLastLog

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/PrintMotd

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/RhostsAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/ServerKeyBits

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/ShowPatchLevel

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/StrictModes

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/Subsystem

* Optional * Type: string – /software/ssh/ssh_daemon_options_type/SyslogFacility

* Optional

636 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/ssh/ssh_daemon_options_type/TcpRcvBuf

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/TcpRcvBufPoll

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/UseDNS

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/UseLogin

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/UsePAM

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/UsePrivilegeSeparation

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/VerifyReverseMapping

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/X11DisplayOffset

* Optional * Type: long – /software/ssh/ssh_daemon_options_type/X11Forwarding

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_daemon_options_type/X11UseLocalhost

* Optional * Type: legacy_binary_affirmation_string • /software/ssh/ssh_client_options_type – /software/ssh/ssh_client_options_type/BatchMode

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/ConnectTimeout

1.3. configuration-modules-core 637 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/ssh/ssh_client_options_type/EnableSSHKeysign

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/ForwardAgent

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/ForwardX11

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/GSSAPIDelegateCredentials

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/Port

* Optional * Type: long – /software/ssh/ssh_client_options_type/PreferredAuthentications

* Optional * Type: ssh_preferred_authentication – /software/ssh/ssh_client_options_type/RhostsAuthentication

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/StrictHostKeyChecking

* Optional * Type: legacy_binary_affirmation_string – /software/ssh/ssh_client_options_type/UsePrivilegedPort

* Optional * Type: legacy_binary_affirmation_string • /software/ssh/ssh_daemon_type – /software/ssh/ssh_daemon_type/options

* Optional * Type: ssh_daemon_options_type – /software/ssh/ssh_daemon_type/comment_options

* Optional * Type: ssh_daemon_options_type

638 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/ssh/ssh_daemon_type/sshd_path

* Optional * Type: string – /software/ssh/ssh_daemon_type/always_validate

* Description: if false and sshd doesn’t exist, skip config validation * Optional * Type: boolean – /software/ssh/ssh_daemon_type/config_path

* Optional * Type: string • /software/ssh/ssh_client_type – /software/ssh/ssh_client_type/options

* Optional * Type: ssh_client_options_type – /software/ssh/ssh_client_type/comment_options

* Optional * Type: ssh_client_options_type – /software/ssh/ssh_client_type/config_path

* Optional * Type: string • /software/ssh/component_ssh_type – /software/ssh/component_ssh_type/daemon

* Optional * Type: ssh_daemon_type – /software/ssh/component_ssh_type/client

* Optional * Type: ssh_client_type

Functions

• is_valid_ssh_MAC • is_valid_ssh_cipher • is_valid_ssh_kexalgorithm

1.3. configuration-modules-core 639 Quattor Documentation, Release 0.0.1

Types

• /software/ssh/ssh_authkeyscommand_options_type – /software/ssh/ssh_authkeyscommand_options_type/AuthorizedKeysCommand

* Optional * Type: string – /software/ssh/ssh_authkeyscommand_options_type/AuthorizedKeysCommandRunAs

* Optional * Type: string

Types

• /software/ssh/ssh_authkeyscommand_options_type – /software/ssh/ssh_authkeyscommand_options_type/AuthorizedKeysCommand

* Optional * Type: string – /software/ssh/ssh_authkeyscommand_options_type/AuthorizedKeysCommandUser

* Optional * Type: string

sudo

DESCRIPTION

The sudo component manages the sudo configuracion, I.E: edits /etc/sudoers. It doesn’t provide as strict and nice syntax and semantic correction as visudo(8) does, but it tries to warn on most common users’ mistakes.

EXAMPLES

Try the following settings: prefix “/software/components/sudo”; “general_options/options” = dict(“insults”, true); “user_aliases/FOO” = list(“127.0.0.1”); “privilege_lines” = list(dict( “user”, “foo”, “run_as”, “ALL”, “host”, “ALL”, “cmd”, “ALL” )); and see the resulting /etc/sudoers.

WARNINGS

This component cannot perform such as exhaustive analysis as visudo does. Be careful with what you specify on your profiles or you will break sudo!!

640 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/sudo/sudo_host – Description: a valid hostname, possibly preceeded by an ‘!’ • /software/sudo/sudo_user_alias • /software/sudo/sudo_cmd_alias • /software/sudo/sudo_host_alias • /software/sudo/sudo_privilege_line – Description: Each privilege line in a sudoers has the following format: ‘user host = (run_as_user) OPTIONS: command’ Remember that the built-in alias ALL is valid for users, run_as users, hosts and commands. • /software/sudo/sudo_privilege_line/user – Description: The user allowed to ‘sudo ’. Can be an user, an user_alias, or a group (with a leading ‘%’). • Optional • Type: string • /software/sudo/sudo_privilege_line/run_as – Description: The user to be supplanted. Can be an user, a run_as_alias or a group (with a leading ‘%’). • Optional • Type: string • /software/sudo/sudo_privilege_line/host – Description: The host from where the user can invoke sudo. Can be a host or a host_alias. – Optional – Type: string • /software/sudo/sudo_privilege_line/options – Description: Specific options for this command – Optional – Type: string • /software/sudo/sudo_privilege_line/cmd – Description: The command being run – Optional – Type: string • /software/sudo/sudo_default_options – Description: Can have any of the documented atomic (non-list!!) values for the

1.3. configuration-modules-core 641 Quattor Documentation, Release 0.0.1

Defaults section in man(5) sudoers • /software/sudo/sudo_default_options/long_otp_prompt – Optional – Type: boolean • /software/sudo/sudo_default_options/ignore_dot – Optional – Type: boolean • /software/sudo/sudo_default_options/mail_always – Optional – Type: boolean • /software/sudo/sudo_default_options/mail_badpass – Optional – Type: boolean • /software/sudo/sudo_default_options/mail_no_user – Optional – Type: boolean • /software/sudo/sudo_default_options/mail_no_host – Optional – Type: boolean • /software/sudo/sudo_default_options/mail_no_perms – Optional – Type: boolean • /software/sudo/sudo_default_options/tty_tickets – Optional – Type: boolean • /software/sudo/sudo_default_options/lecture – Optional – Type: boolean • /software/sudo/sudo_default_options/authenticate – Optional – Type: boolean • /software/sudo/sudo_default_options/root_sudo – Optional – Type: boolean • /software/sudo/sudo_default_options/log_host – Optional

642 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: boolean • /software/sudo/sudo_default_options/log_year – Optional – Type: boolean • /software/sudo/sudo_default_options/shell_noargs – Optional – Type: boolean • /software/sudo/sudo_default_options/set_home – Optional – Type: boolean • /software/sudo/sudo_default_options/always_set_home – Optional – Type: boolean • /software/sudo/sudo_default_options/path_info – Optional – Type: boolean • /software/sudo/sudo_default_options/preserve_groups – Optional – Type: boolean • /software/sudo/sudo_default_options/fqdn – Optional – Type: boolean • /software/sudo/sudo_default_options/insults – Optional – Type: boolean • /software/sudo/sudo_default_options/requiretty – Optional – Type: boolean • /software/sudo/sudo_default_options/env_editor – Optional – Type: boolean • /software/sudo/sudo_default_options/rootpw – Optional – Type: boolean • /software/sudo/sudo_default_options/runaspw – Optional

1.3. configuration-modules-core 643 Quattor Documentation, Release 0.0.1

– Type: boolean • /software/sudo/sudo_default_options/targetpw – Optional – Type: boolean • /software/sudo/sudo_default_options/set_logname – Optional – Type: boolean • /software/sudo/sudo_default_options/stay_setuid – Optional – Type: boolean • /software/sudo/sudo_default_options/env_reset – Optional – Type: boolean • /software/sudo/sudo_default_options/use_loginclass – Optional – Type: boolean • /software/sudo/sudo_default_options/visiblepw – Optional – Type: boolean • /software/sudo/sudo_default_options/passwd_tries – Optional – Type: long • /software/sudo/sudo_default_options/loglinelen – Optional – Type: long • /software/sudo/sudo_default_options/timestamp_timeout – Optional – Type: long • /software/sudo/sudo_default_options/passwd_timeout – Optional – Type: long • /software/sudo/sudo_default_options/umask – Optional – Type: long • /software/sudo/sudo_default_options/mailsub – Optional

644 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: string • /software/sudo/sudo_default_options/env_keep – Optional – Type: string • /software/sudo/sudo_default_options/env_delete – Optional – Type: string • /software/sudo/sudo_default_options/badpass_message – Optional – Type: string • /software/sudo/sudo_default_options/timestampdir – Optional – Type: string • /software/sudo/sudo_default_options/timestampowner – Optional – Type: string • /software/sudo/sudo_default_options/passprompt – Optional – Type: string • /software/sudo/sudo_default_options/runas_default – Optional – Type: string • /software/sudo/sudo_default_options/syslog_goodpri – Optional – Type: string • /software/sudo/sudo_default_options/syslog_badpri – Optional – Type: string • /software/sudo/sudo_default_options/editor – Optional – Type: string • /software/sudo/sudo_default_options/logfile – Optional – Type: string • /software/sudo/sudo_default_options/syslog – Optional

1.3. configuration-modules-core 645 Quattor Documentation, Release 0.0.1

– Type: string • /software/sudo/sudo_default_options/mailerpath – Optional – Type: string • /software/sudo/sudo_default_options/mailerflags – Optional – Type: string • /software/sudo/sudo_default_options/mailto – Optional – Type: string • /software/sudo/sudo_default_options/exempt_group – Optional – Type: string • /software/sudo/sudo_default_options/verifypw – Optional – Type: string • /software/sudo/sudo_default_options/listpw – Optional – Type: string • /software/sudo/sudo_default_options/secure_path – Optional – Type: string • /software/sudo/sudo_defaults – Description: sudo defaults, i.e. an optional user, an optional host, an optional run_as user (to be supplanted) And a set of default settings. • /software/sudo/sudo_defaults/user – Description: The user the settings apply to. – Optional – Type: string • /software/sudo/sudo_defaults/run_as – Description: The supplanted user the settings apply to. – Optional – Type: string • /software/sudo/sudo_defaults/host – Description: The host the settings apply to. – Optional

646 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: sudo_host • /software/sudo/sudo_defaults/cmd – Optional – Type: string • /software/sudo/sudo_defaults/options – Description: The named list of options that can be specified. Currently, only atomic options are supported. Boolean, integer and string values are handled correctly. – Optional – Type: sudo_default_options • /software/sudo/sudo_ldap – Description: Configuration for the sudoers.ldap – /software/sudo/sudo_ldap/dn

* Optional * Type: string – /software/sudo/sudo_ldap/objectClass

* Optional * Type: string – /software/sudo/sudo_ldap/sudoOption

* Optional * Type: sudo_default_options – /software/sudo/sudo_ldap/description

* Optional * Type: string – /software/sudo/sudo_ldap/sudoUser

* Optional * Type: string – /software/sudo/sudo_ldap/sudoRunAsUser

* Optional * Type: string – /software/sudo/sudo_ldap/sudoHost

* Optional * Type: string – /software/sudo/sudo_ldap/sudoCommand

* Optional * Type: string • /software/sudo/sudo_component

1.3. configuration-modules-core 647 Quattor Documentation, Release 0.0.1

– Description: Structure for the component. See man sudoers for information on user_aliases, host_aliases, run_as_aliases and cmd_aliases All alias names must be in capitals. • /software/sudo/sudo_component/general_options – Description: Set default behaviour either for users or hosts, or for the whole sudo application. – Optional – Type: sudo_defaults • /software/sudo/sudo_component/user_aliases – Description: dicts of lists of strings containing the alias information. The name of each named list must start with a letter, and contain only letters, numbers and underscores. All the letters must be capitals. i.e. the name must match ^[A-Z][A-Z0- 9_]*$. They can be preceeded by an ‘!’, indicating the alias must not match that name. The contents may be preceeded by an ‘!’, indicating that item must not be part of the alias. The contents of host aliases can be either host names, IP addresses or network specifica- tions (IP/netmask). A valid example: “/software/components/sudo/user_aliases/FOO” = list (“bar”, “%wheel”, “!root”); – Optional – Type: sudo_user_alias • /software/sudo/sudo_component/run_as_aliases – Description: see user_aliases – Optional – Type: sudo_user_alias • /software/sudo/sudo_component/host_aliases – Description: see user_aliases – Optional – Type: sudo_host_alias • /software/sudo/sudo_component/cmd_aliases – Description: see user_aliases – Optional – Type: sudo_cmd_alias • /software/sudo/sudo_component/privilege_lines – Description: A list of structures, each one specifying a way for a normal user to elevate its privileges. – Optional

648 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Type: sudo_privilege_line • /software/sudo/sudo_component/includes – Description: The sudoers file allows to include other configuration files, to keep the configurations simpler. The ‘includes’ field allows to specify a list of files that should be included. – Optional – Type: string • /software/sudo/sudo_component/includes_dirs – Optional – Type: string • /software/sudo/sudo_component/ldap – Optional – Type: sudo_ldap

Functions

• sudo_check_aliases_list • sudo_check_default_options_list – Description: Checks the validity of the default options. This means that AT MOST one of “user”, “run_as” or “host” may be specified on each entry. • sudo_is_structure_component – Description: Sanity checks for SUDO component. A privilege line with any field in capitals will be checked against aliases for its existence. symlink

NAME symlink : symlink NCM component.

DESCRIPTION

Object to create/delete symbolic links. When creating symlinks, target existence can be checked. And clobbering can be disabled. Also, target definition can be simplified by the use of contextual variables and command outputs.

RESOURCES

* /software/components/symlink/links

1.3. configuration-modules-core 649 Quattor Documentation, Release 0.0.1

A list of symbolic links to create or delete. Each entry must be of the structure_symlink_entry type which has the following fields: * name : symbolic link name (path). * target : link target path. The target path can be built using a command output with the command string (can include valid command options) to execute between a pair of @@or a contextual variable using the syntax {variable}(variables are defined in /software/components/symlinks/ context). Unless the shell command between @@ must be reevaluated for each link, it is better to associate the shell command with a contextual variable and use the variable in the target definition, as a contextual variable is evaluated once (global). * delete : (boolean) Delete the symlink (not its target) rather than creating it. targetcan be ommitted in this case and if present, it is not checked to be this value before deletion. If exists is true, raise an error, if the link is not found else just silently ignore it. * exists : (boolean) Check that the target exists when creating it or check that the symlink name exists when delet- ing it. * replace : (nlist) Option used to specify the action to take when an object with the same name as the symlink already exists, depending on the object type. Possible actions are: do not define the symlink, replace the object by the symlink or define the symlink after renaming the object. The nlist keys and values can be: * ** key **: The existing object type. Valid values are: all, dir, dirempty, file, link, none. dirempty means an empty directory only, dir means any directory. all and none are mutually exclusive but can be combined with other object types to define the extension to use when renaming a given object type or to prevent/enable replacement for a specific object type. * ** value **: Action applying to the object type. Can be yes (replacement of the object by the symlink allowed), no (replacement of the object by the symlink disabled) or any other string. In this latter case, replacement of the object by the symlink is enabled after renaming the object by appending the string to its name. The value can also be empty: see below. Note that non empty directories are always renamed before defining the symlink (a default extension, .ncm-symlink_saved, is used). replace option allows a lot of flexibility in specifying what should be done in case of conflict with an existing object. It implements the following advanced features: * none=extension Can be used to establish a default rename extension without actually enabling replacement for a particular type. This extension will be used with object types for which replacement is enabled with yes rather than an extension. * Action Can be empty. If a default rename extension was defined with none=extension, the object will be renamed before defining the symlink. Else it is interpreted as yes.

650 Chapter 1. Content Quattor Documentation, Release 0.0.1

* /software/components/symlink/context A list of contextual variables to use in target definitions. Each entry is a key/value pair with the vari- able name as the key. The value can contain a command output, as link target definition: see target description above. Contextual variables are global. They are evaluated once, before starting to define symlinks. * /software/components/symlink/options A list of global options used as default for all links creation/deletion. Supported options are the same as options supported in the link definition (see above), with the exception of delete.

EXAMPLES

Define global variable osdir so that it can be use to define symlink targets

"/software/components/symlink/context"={ append(nlist( "name", "ostype", "value", "@@uname@@", )); };

Various symlink definition examples

"/software/components/symlink/links"={

# Define /usr/bin/tcsh only if /bin/tcsh exists append(nlist( "name", "/usr/bin/tcsh", "target", "/bin/tcsh", "exists", true ));

# Define /atlas with a target actual value including C command

˓→output append(nlist( "name", "/atlas", "target", "/atlas_prod/@@uname@@", "exist", true ));

# Define /lhcb with a target actual value including a contextual

˓→variable. # The contextual variable can be defined before or later in the

˓→configuration. append(nlist( "name", "/lhcb", "target", "/lhcb_prod/{ostype}", "exists", true ));

# Define /usr/local as a symlink only if the /lal/prod/{ostype} exists append(nlist( "name", "/usr/local", "target", "/lal_prod/{ostype}", "exists", true (continues on next page)

1.3. configuration-modules-core 651 Quattor Documentation, Release 0.0.1

(continued from previous page) ));

# Define symlink /etc/alpine/conf, replacing an existing # file by the symlink without renaming it append(nlist( "name", "/etc/alpine/pine.conf", "target", "/lal/gen/etc/pine.conf", "replace", nlist("all", "yes"), ));

# Define symlink /etc/pine.conf, replacing an existing file or symlink # by the new symlink, after renaming it using extension .saved append(nlist( "name", "/etc/pine.conf", "target", "/lal/gen/etc/pine.conf", "replace", nlist("none", ".saved", "file", "yes", "link", "yes

˓→"), ));

# Define /htdocs as a link only if /htdocs doesn't exist or already # exists as a symlink (actual target not checked) append(nlist( "name", "/htdocs", "target", HTTPD_HTDOCS_DIR, "replace", nlist("all","no","link", "yes") ));

# End of symlink definitions };

Define options to enable replacement of empty directories and links, with empty directories renamed adding .saved to their name before defining the symlink.

"/software/components/symlink/options/replace/dirempty"= ".saved"; "/software/components/symlink/options/replace/link"= "yes";

Types

• /software/symlink/structure_symlink_replace_option_entry – /software/symlink/structure_symlink_replace_option_entry/all

* Optional * Type: string – /software/symlink/structure_symlink_replace_option_entry/dir

* Optional * Type: string – /software/symlink/structure_symlink_replace_option_entry/dirempty

* Optional * Type: string – /software/symlink/structure_symlink_replace_option_entry/file

652 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/symlink/structure_symlink_replace_option_entry/link

* Optional * Type: string – /software/symlink/structure_symlink_replace_option_entry/none

* Optional * Type: string • /software/symlink/structure_symlink_entry – /software/symlink/structure_symlink_entry/name

* Optional * Type: string – /software/symlink/structure_symlink_entry/target

* Optional * Type: string – /software/symlink/structure_symlink_entry/exists

* Optional * Type: boolean – /software/symlink/structure_symlink_entry/delete

* Optional * Type: boolean – /software/symlink/structure_symlink_entry/replace

* Optional * Type: structure_symlink_replace_option_entry • /software/symlink/structure_symlink_context_entry – /software/symlink/structure_symlink_context_entry/name

* Optional * Type: string – /software/symlink/structure_symlink_context_entry/value

* Optional * Type: string • /software/symlink/structure_symlink_option_entry – /software/symlink/structure_symlink_option_entry/exists

* Optional * Type: boolean – /software/symlink/structure_symlink_option_entry/replace

1.3. configuration-modules-core 653 Quattor Documentation, Release 0.0.1

* Optional * Type: structure_symlink_replace_option_entry • /software/symlink/component_symlink – /software/symlink/component_symlink/links

* Optional * Type: structure_symlink_entry – /software/symlink/component_symlink/context

* Optional * Type: structure_symlink_context_entry – /software/symlink/component_symlink/options

* Optional * Type: structure_symlink_option_entry

sysconfig

NAME

sysconfig: management of sysconfig files

DESCRIPTION

The sysconfig component manages system configuration files in /etc/sysconfig . These are files which con- tain key-value pairs. However there is the possibility to add verbatim text either before or after the key-value pair definitions.

Types

• /software/sysconfig/component_sysconfig_file – Description: Contents of a sysconfig file modelled as a dict of key-value pairs. Two reserved keys prologue and epilogue are treated specially, their values will be copied verbatim into the file before or after the key-pair definitions. Example: ‘/software/components/sysconfig/files/scfg’ = dict( ‘epilogue’, ‘export LANG=C’, ‘KEY’, ‘VALUE’, ); This will create the file /etc/sysconfig/scfg which contains: KEY=VALUE export LANG=C • /software/sysconfig/component_sysconfig – /software/sysconfig/component_sysconfig/files

654 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: dict of dicts with a file name as the first key and the contents of each file as the child dict.

* Optional * Type: component_sysconfig_file

sysctl

NAME

NCM::sysctl - NCM sysctl configuration component

SYNOPSIS

Add/modify variables into sysctl configuration file.

RESOURCES

* /software/components/ncm-sysctl/command : string (required) Command to use to update sysctl configuration. Default : /sbin/sysctl * /software/components/ncm-sysctl/compat-v1 : boolean (required) This property is a boolean making sysctl accept variable definitions according to v1 of this component. This is deprecated. If you rely on this, you are advised to convert your configuration to v2 schema. Default : false * /software/components/ncm-sysctl/confFile : string (required) String defining sysctl configuration file. If this value contains a /character then it will be treated as an absolute path to a file which is modified in place, and a backup made. If the value does not contain a / then it will be treated as the name of a file to be created in /etc/ sysctl.d. The existing contents of the file will be overwritten. Default : /etc/sysctl.conf * /software/components/ncm-sysctl/variables : nlist (optional) A nlist of key/value defining sysctl variables. There is no check that the key matches a valid key, so be cautious to use appropriate variable names. Key names must begin with a letter or an underscore. Values containing whitespace must include quotes, the component will not add them. Default : none.

EXAMPLES

"/software/components/sysctl/variables/kernel.shmmni"= "4096"; "/software/components/sysctl/variables/kernel.shmall"= "2097152"; "/software/components/sysctl/variables/net.ipv4.ip_local_port_range"= "1024 65000"; "/software/components/sysctl/variables/fs.file-max"= "65536"; (continues on next page)

1.3. configuration-modules-core 655 Quattor Documentation, Release 0.0.1

(continued from previous page) "/software/components/sysctl/variables/fs.aio-max-size"= "1048576"; "/software/components/sysctl/variables/net.core.rmem_default"= "262144"; "/software/components/sysctl/variables/net.core.wmem_default"= "262144";

Types

• /software/sysctl/component_sysctl_structure – /software/sysctl/component_sysctl_structure/command

* Optional * Type: string – /software/sysctl/component_sysctl_structure/compat-v1

* Optional * Type: boolean – /software/sysctl/component_sysctl_structure/confFile

* Optional * Type: string – /software/sysctl/component_sysctl_structure/variables

* Optional * Type: string

syslog

NAME

NCM::Component::syslog configures entries in /etc/(r)syslog.conf

Methods

sysconfig Modify/add SYSLOGD and/or KLOGD options in the $sysconfig file. Returns if file changed. render Create the complete (r)syslog config file. This method is used when fullcontrol is enabled. Returns if file changed. edit Edit the (r)syslog config file, leaving entries from other sources intact. This method is used when fullcontrol is disabled. Returns if file changed.

656 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/syslog/component_syslog_selector_type – /software/syslog/component_syslog_selector_type/facility

* Optional * Type: string – /software/syslog/component_syslog_selector_type/priority

* Optional * Type: string • /software/syslog/component_syslog_legacy_rule – /software/syslog/component_syslog_legacy_rule/selector

* Optional * Type: component_syslog_selector_type – /software/syslog/component_syslog_legacy_rule/action

* Optional * Type: string – /software/syslog/component_syslog_legacy_rule/template

* Optional * Type: string – /software/syslog/component_syslog_legacy_rule/comment

* Optional * Type: string • /software/syslog/syslog_component – /software/syslog/syslog_component/config

* Optional * Type: component_syslog_legacy_rule – /software/syslog/syslog_component/directives

* Optional * Type: string – /software/syslog/syslog_component/daemontype

* Optional * Type: string – /software/syslog/syslog_component/file

* Description: Configuration filename. Defaults to /etc/.conf. * Optional * Type: string – /software/syslog/syslog_component/syslogdoptions

1.3. configuration-modules-core 657 Quattor Documentation, Release 0.0.1

* Description: Options for syslogd /etc/sysconfig/(r)syslog (will be wrapped in double quotes if needed)

* Optional * Type: string – /software/syslog/syslog_component/klogdoptions

* Description: Options for the klogd /etc/sysconfig/(r)syslog (will be wrapped in double quotes if needed)

* Optional * Type: string – /software/syslog/syslog_component/fullcontrol

* Description: Determines whether component has full control over the configuration file, eventually erasing entries from other sources. If false or not defined, entries from other sources are kept and configuration entries are added.

* Optional * Type: boolean

syslogng

DESCRIPTION

This component configures syslog-ng, an alternative logging facility to Scientific Linux’ sysklogd. If you want to configure sysklogd, use ncm-syslog instead of this component. The component’s structure matches rather closely syslog-ng.conf file format.

STRUCTURE

These are the top-level fields provided by the component. For information on any of these fields’ structure, please look syslog-ng’s documentation. Options accepting ony “yes” and “no” are mapped to Pan booleans. * /software/components/syslogng/sources : source{} Named list of source structures, indexed by source name. * /software/components/syslogng/destinations : destination{} Named list of destination structures, indexed by destinationname. * /software/components/syslogng/filters ? filter{} Named list of filter structures, indexed by filter name. Rules inside a filter are combined by an OR operator. If you want AND filters, use several filters inside a log path. An additional field to the standard syslog-ng’s usual filter capabilities is added: exclude_filters. This links to an already defined filter, but it will be included in current one, NEGATED. * /software/components/syslogng/log_rules : log_rule[] List of log_rule structures.

658 Chapter 1. Content Quattor Documentation, Release 0.0.1

Defining a log path:

Log paths are defined on /software/components/syslogng/log_rules. Their structure is as follows: * sources : string[] List of sources on this path. Each member of this list is a source name, and must exist on /software/ components/syslogng/sources. * destinations : string[] List of destinations on this path. Each member of this list must exist on /software/components/ syslogng/destinations. * filters ? string[] List of filters to be applied on this path. Each member of this list must exist on /software/ components/syslogng/destinations. * flags ? flag_structure Flags to be applied on this log rule.

Types

• /software/syslogng/filterstring • /software/syslogng/srcstring • /software/syslogng/dststring • /software/syslogng/prioritystring • /software/syslogng/structure_syslogng_dstcommon – /software/syslogng/structure_syslogng_dstcommon/log_fifo_size

* Optional * Type: long – /software/syslogng/structure_syslogng_dstcommon/fsync

* Optional * Type: boolean – /software/syslogng/structure_syslogng_dstcommon/flush_lines

* Optional * Type: long – /software/syslogng/structure_syslogng_dstcommon/flush_timeout

* Optional * Type: long – /software/syslogng/structure_syslogng_dstcommon/template

* Optional * Type: string – /software/syslogng/structure_syslogng_dstcommon/template_escape

1.3. configuration-modules-core 659 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/syslogng/structure_syslogng_dstcommon/timezone

* Optional * Type: string – /software/syslogng/structure_syslogng_dstcommon/ts_format

* Optional * Type: string – /software/syslogng/structure_syslogng_dstcommon/frac_digits

* Optional * Type: long – /software/syslogng/structure_syslogng_dstcommon/throttle

* Optional * Type: long • /software/syslogng/structure_syslogng_filepipe – /software/syslogng/structure_syslogng_filepipe/path

* Optional * Type: string – /software/syslogng/structure_syslogng_filepipe/owner

* Optional * Type: string – /software/syslogng/structure_syslogng_filepipe/group

* Optional * Type: string – /software/syslogng/structure_syslogng_filepipe/perm

* Optional * Type: string • /software/syslogng/structure_syslogng_file_dest – /software/syslogng/structure_syslogng_file_dest/create_dirs

* Optional * Type: boolean – /software/syslogng/structure_syslogng_file_dest/dir_owner

* Optional * Type: string – /software/syslogng/structure_syslogng_file_dest/dir_group

* Optional

660 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/syslogng/structure_syslogng_file_dest/overwrite_if_older

* Optional * Type: long – /software/syslogng/structure_syslogng_file_dest/remove_if_older

* Optional * Type: long • /software/syslogng/structure_syslogng_pipe_dest • /software/syslogng/structure_syslogng_sock_dest – /software/syslogng/structure_syslogng_sock_dest/so_broadcast

* Optional * Type: boolean – /software/syslogng/structure_syslogng_sock_dest/so_rcvbuf

* Optional * Type: long – /software/syslogng/structure_syslogng_sock_dest/so_sndbuf

* Optional * Type: long • /software/syslogng/structure_syslogng_unixdgram_dest – /software/syslogng/structure_syslogng_unixdgram_dest/so_broadcast

* Optional * Type: boolean – /software/syslogng/structure_syslogng_unixdgram_dest/so_rcvbuf

* Optional * Type: long – /software/syslogng/structure_syslogng_unixdgram_dest/so_sndbuf

* Optional * Type: long – /software/syslogng/structure_syslogng_unixdgram_dest/path

* Optional * Type: string • /software/syslogng/structure_syslogng_network_dest – /software/syslogng/structure_syslogng_network_dest/localip

* Optional * Type: type_ip – /software/syslogng/structure_syslogng_network_dest/localport

1.3. configuration-modules-core 661 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/syslogng/structure_syslogng_network_dest/spoof_source

* Optional * Type: boolean – /software/syslogng/structure_syslogng_network_dest/ip_ttl

* Optional * Type: long – /software/syslogng/structure_syslogng_network_dest/ip_tos

* Optional * Type: long – /software/syslogng/structure_syslogng_network_dest/ip

* Optional * Type: type_ip – /software/syslogng/structure_syslogng_network_dest/port

* Optional * Type: long • /software/syslogng/structure_syslogng_tty_dest – /software/syslogng/structure_syslogng_tty_dest/path

* Optional * Type: string • /software/syslogng/structure_syslogng_program_dest – /software/syslogng/structure_syslogng_program_dest/commandline

* Optional * Type: string • /software/syslogng/structure_syslogng_destinations – /software/syslogng/structure_syslogng_destinations/files

* Optional * Type: structure_syslogng_file_dest – /software/syslogng/structure_syslogng_destinations/pipes

* Optional * Type: structure_syslogng_pipe_dest – /software/syslogng/structure_syslogng_destinations/unixdgram

* Optional * Type: structure_syslogng_unixdgram_dest – /software/syslogng/structure_syslogng_destinations/unixstream

662 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: structure_syslogng_unixdgram_dest – /software/syslogng/structure_syslogng_destinations/udp

* Optional * Type: structure_syslogng_network_dest – /software/syslogng/structure_syslogng_destinations/tcp

* Optional * Type: structure_syslogng_network_dest • /software/syslogng/structure_syslogng_log_rule_flags – /software/syslogng/structure_syslogng_log_rule_flags/final

* Optional * Type: boolean – /software/syslogng/structure_syslogng_log_rule_flags/fallback

* Optional * Type: boolean – /software/syslogng/structure_syslogng_log_rule_flags/catchall

* Optional * Type: boolean – /software/syslogng/structure_syslogng_log_rule_flags/flow-control

* Optional * Type: boolean • /software/syslogng/structure_syslogng_srccommon – /software/syslogng/structure_syslogng_srccommon/flags

* Optional * Type: string – /software/syslogng/structure_syslogng_srccommon/log_msg_size

* Optional * Type: long – /software/syslogng/structure_syslogng_srccommon/log_iw_size

* Optional * Type: long – /software/syslogng/structure_syslogng_srccommon/log_fetch_limit

* Optional * Type: long – /software/syslogng/structure_syslogng_srccommon/log_prefix

* Optional

1.3. configuration-modules-core 663 Quattor Documentation, Release 0.0.1

* Type: string – /software/syslogng/structure_syslogng_srccommon/pad_size

* Optional * Type: long – /software/syslogng/structure_syslogng_srccommon/follow_freq

* Optional * Type: long – /software/syslogng/structure_syslogng_srccommon/time_zone

* Optional * Type: string – /software/syslogng/structure_syslogng_srccommon/optional

* Optional * Type: boolean – /software/syslogng/structure_syslogng_srccommon/keep_timestamp

* Optional * Type: boolean • /software/syslogng/structure_syslogng_internal_src • /software/syslogng/structure_syslogng_socksrc – /software/syslogng/structure_syslogng_socksrc/so_broadcast

* Optional * Type: boolean – /software/syslogng/structure_syslogng_socksrc/so_rcvbuf

* Optional * Type: long – /software/syslogng/structure_syslogng_socksrc/so_sndbuf

* Optional * Type: long – /software/syslogng/structure_syslogng_socksrc/so_keepalive

* Optional * Type: boolean • /software/syslogng/structure_syslogng_unixsock_src – /software/syslogng/structure_syslogng_unixsock_src/owner

* Optional * Type: string – /software/syslogng/structure_syslogng_unixsock_src/group

* Optional

664 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/syslogng/structure_syslogng_unixsock_src/perm

* Optional * Type: long – /software/syslogng/structure_syslogng_unixsock_src/path

* Optional * Type: string • /software/syslogng/structure_syslogng_network_src – /software/syslogng/structure_syslogng_network_src/ip_ttl

* Optional * Type: long – /software/syslogng/structure_syslogng_network_src/ip_tos

* Optional * Type: long – /software/syslogng/structure_syslogng_network_src/ip

* Optional * Type: type_ip – /software/syslogng/structure_syslogng_network_src/port

* Optional * Type: long * Range: 0..65536 • /software/syslogng/structure_syslogng_network_tcp_src – /software/syslogng/structure_syslogng_network_tcp_src/keep-alive

* Optional * Type: boolean – /software/syslogng/structure_syslogng_network_tcp_src/max-connections

* Optional * Type: long • /software/syslogng/structure_syslogng_filepipe_src – /software/syslogng/structure_syslogng_filepipe_src/path

* Optional * Type: string • /software/syslogng/structure_syslogng_sources – /software/syslogng/structure_syslogng_sources/files

* Optional * Type: structure_syslogng_filepipe_src

1.3. configuration-modules-core 665 Quattor Documentation, Release 0.0.1

– /software/syslogng/structure_syslogng_sources/pipes

* Optional * Type: structure_syslogng_filepipe_src – /software/syslogng/structure_syslogng_sources/internal

* Optional * Type: structure_syslogng_internal_src – /software/syslogng/structure_syslogng_sources/unixdgram

* Optional * Type: structure_syslogng_unixsock_src – /software/syslogng/structure_syslogng_sources/unixstream

* Optional * Type: structure_syslogng_unixsock_src – /software/syslogng/structure_syslogng_sources/udp

* Optional * Type: structure_syslogng_network_src – /software/syslogng/structure_syslogng_sources/tcp

* Optional * Type: structure_syslogng_network_tcp_src • /software/syslogng/structure_syslogng_filter – /software/syslogng/structure_syslogng_filter/facility

* Optional * Type: long – /software/syslogng/structure_syslogng_filter/level

* Optional * Type: prioritystring – /software/syslogng/structure_syslogng_filter/program

* Optional * Type: string – /software/syslogng/structure_syslogng_filter/host

* Optional * Type: string – /software/syslogng/structure_syslogng_filter/match

* Optional * Type: string – /software/syslogng/structure_syslogng_filter/filter

* Optional

666 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: filterstring – /software/syslogng/structure_syslogng_filter/netmask

* Optional * Type: type_ip – /software/syslogng/structure_syslogng_filter/exclude_filters

* Optional * Type: filterstring • /software/syslogng/structure_syslogng_filters • /software/syslogng/structure_syslogng_log_rule – /software/syslogng/structure_syslogng_log_rule/sources

* Optional * Type: srcstring – /software/syslogng/structure_syslogng_log_rule/destinations

* Optional * Type: dststring – /software/syslogng/structure_syslogng_log_rule/filters

* Optional * Type: filterstring – /software/syslogng/structure_syslogng_log_rule/flags

* Optional * Type: structure_syslogng_log_rule_flags • /software/syslogng/structure_syslogng_options – /software/syslogng/structure_syslogng_options/time_reopen

* Optional * Type: long – /software/syslogng/structure_syslogng_options/time_reap

* Optional * Type: long – /software/syslogng/structure_syslogng_options/time_sleep

* Optional * Type: long – /software/syslogng/structure_syslogng_options/stats_freq

* Optional * Type: long – /software/syslogng/structure_syslogng_options/log_fifo_size

* Optional

1.3. configuration-modules-core 667 Quattor Documentation, Release 0.0.1

* Type: long – /software/syslogng/structure_syslogng_options/chain_hostnames

* Optional * Type: boolean – /software/syslogng/structure_syslogng_options/normalize_hostnames

* Optional * Type: boolean – /software/syslogng/structure_syslogng_options/keep_hostname

* Optional * Type: boolean – /software/syslogng/structure_syslogng_options/bad_hostname

* Optional * Type: string – /software/syslogng/structure_syslogng_options/create_dirs

* Optional * Type: boolean – /software/syslogng/structure_syslogng_options/owner

* Optional * Type: string – /software/syslogng/structure_syslogng_options/group

* Optional * Type: string – /software/syslogng/structure_syslogng_options/perm

* Optional * Type: long – /software/syslogng/structure_syslogng_options/dir_owner

* Optional * Type: string – /software/syslogng/structure_syslogng_options/dir_group

* Optional * Type: string – /software/syslogng/structure_syslogng_options/dir_perm

* Optional * Type: long – /software/syslogng/structure_syslogng_options/ts_format

* Optional

668 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/syslogng/structure_syslogng_options/use_dns

* Optional * Type: string – /software/syslogng/structure_syslogng_options/dns_cache

* Optional * Type: boolean – /software/syslogng/structure_syslogng_options/dns_cache_size

* Optional * Type: long – /software/syslogng/structure_syslogng_options/dns_cache_expire

* Optional * Type: long – /software/syslogng/structure_syslogng_options/dns_cache_hosts

* Optional * Type: string – /software/syslogng/structure_syslogng_options/log_msg_size

* Optional * Type: long – /software/syslogng/structure_syslogng_options/use_fqdn

* Optional * Type: boolean – /software/syslogng/structure_syslogng_options/flush_lines

* Optional * Type: long – /software/syslogng/structure_syslogng_options/flush_timeout

* Optional * Type: long – /software/syslogng/structure_syslogng_options/recv_time_zone

* Optional * Type: string – /software/syslogng/structure_syslogng_options/send_time_zone

* Optional * Type: string – /software/syslogng/structure_syslogng_options/frac_digits

* Optional

1.3. configuration-modules-core 669 Quattor Documentation, Release 0.0.1

* Type: long – /software/syslogng/structure_syslogng_options/sync

* Optional * Type: boolean • /software/syslogng/structure_component_syslogng – /software/syslogng/structure_component_syslogng/options

* Optional * Type: structure_syslogng_options – /software/syslogng/structure_component_syslogng/sources

* Optional * Type: structure_syslogng_sources – /software/syslogng/structure_component_syslogng/destinations

* Optional * Type: structure_syslogng_destinations – /software/syslogng/structure_component_syslogng/filters

* Optional * Type: structure_syslogng_filters – /software/syslogng/structure_component_syslogng/log_rules

* Optional * Type: structure_syslogng_log_rule systemd

NAME

NCM::systemd - NCM systemd component

Methods skip The skip methods determines what configuration work to skip. It returns a hashref with key the config- uration name and a boolean value (to skip or not). Undefined configurations will be skipped. The main purpose for this method is to allow easy subclassing for replacement components. Configure() Configures systemd for each supported sub-system

670 Chapter 1. Content Quattor Documentation, Release 0.0.1

Functions

• systemd_make_mountunit – Description: Convert path argument and return mount unit. Example: /a/b/c returns a-b-c.mount • Arguments: – Path to convert

Types

• /software/systemd/hwloc_location – Description: hwloc (Portable Hardware Locality, hwloc(7)) location, e.g. node:1 for NUMAnode 1 • /software/systemd/syslog_facility – Description: syslog facility to use when logging to syslog • /software/systemd/syslog_level – Description: syslog level to use when logging to syslog or the kernel log buffer • /software/systemd/systemd_skip – /software/systemd/systemd_skip/service

* Optional * Type: boolean • /software/systemd/systemd_unit_architecture • /software/systemd/systemd_unit_security • /software/systemd/systemd_unit_virtualization • /software/systemd/systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit_condition – Description: Condition/Assert entries in Unit section All lists can start with empty string to reset previously defined values. – /software/systemd/systemd_unitfile_config_unit_condition/ACPower

* Optional * Type: boolean – /software/systemd/systemd_unitfile_config_unit_condition/Architecture

* Optional * Type: systemd_unit_architecture – /software/systemd/systemd_unitfile_config_unit_condition/Capability

* Optional

1.3. configuration-modules-core 671 Quattor Documentation, Release 0.0.1

* Type: linux_capability – /software/systemd/systemd_unitfile_config_unit_condition/DirectoryNotEmpty

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/FileIsExecutable

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/FileNotEmpty

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/FirstBoot

* Optional * Type: boolean – /software/systemd/systemd_unitfile_config_unit_condition/Host

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/KernelCommandLine

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/NeedsUpdate

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/PathExistsGlob

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/PathExists

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/PathIsDirectory

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/PathIsMountPoint

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/PathIsReadWrite

* Optional

672 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/systemd/systemd_unitfile_config_unit_condition/PathIsSymbolicLink

* Optional * Type: string – /software/systemd/systemd_unitfile_config_unit_condition/Security

* Optional * Type: systemd_unit_security – /software/systemd/systemd_unitfile_config_unit_condition/Virtualization

* Optional * Type: systemd_unit_virtualization • /software/systemd/systemd_unitfile_config_unit – Description: the [Unit] section http://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BUnit%5D%20Section% 20Options • /software/systemd/systemd_unitfile_config_unit/After – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/AllowIsolate – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_unit/Assert – Optional – Type: systemd_unitfile_config_unit_condition • /software/systemd/systemd_unitfile_config_unit/Before – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/BindsTo – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/Condition – Optional – Type: systemd_unitfile_config_unit_condition • /software/systemd/systemd_unitfile_config_unit/Conflicts – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/DefaultDependencies

1.3. configuration-modules-core 673 Quattor Documentation, Release 0.0.1

– Optional – Type: boolean • /software/systemd/systemd_unitfile_config_unit/Description – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/Documentation – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/IgnoreOnIsolate – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_unit/IgnoreOnSnapshot – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_unit/JobTimeoutAction – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/JobTimeoutRebootArgument – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/JobTimeoutSec – Optional – Type: long – Range: 0.. • /software/systemd/systemd_unitfile_config_unit/JoinsNamespaceOf – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/NetClass – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/OnFailure – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/OnFailureJobMode – Optional – Type: string

674 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/systemd/systemd_unitfile_config_unit/PartOf – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/PropagatesReloadTo – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/RefuseManualStart – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_unit/RefuseManualStop – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_unit/ReloadPropagatedFrom – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/Requires – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/RequiresMountsFor – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/RequiresOverridable – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/Requisite – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/RequisiteOverridable – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_unit/SourcePath – Optional – Type: string • /software/systemd/systemd_unitfile_config_unit/StopWhenUnneeded – Optional – Type: boolean

1.3. configuration-modules-core 675 Quattor Documentation, Release 0.0.1

• /software/systemd/systemd_unitfile_config_unit/Wants – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_install – Description: the [Install] section http://www.freedesktop.org/software/systemd/man/systemd.unit.html#%5BInstall%5D% 20Section%20Options • /software/systemd/systemd_unitfile_config_install/Alias – Optional – Type: string • /software/systemd/systemd_unitfile_config_install/Also – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_install/DefaultInstance – Optional – Type: string • /software/systemd/systemd_unitfile_config_install/RequiredBy – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_install/WantedBy – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_systemd_exec_stdouterr • /software/systemd/systemd_unitfile_config_systemd_kill – Description: systemd.kill directives http://www.freedesktop.org/software/systemd/man/systemd.kill.html valid for [Service], [Socket], [Mount], or [Swap] sections • /software/systemd/systemd_unitfile_config_systemd_kill/KillMode – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_kill/KillSignal – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_kill/SendSIGHUP – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_kill/SendSIGKILL

676 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec – Description: systemd.exec directives http://www.freedesktop.org/software/systemd/man/systemd.exec.html valid for [Service], [Socket], [Mount], or [Swap] sections • /software/systemd/systemd_unitfile_config_systemd_exec/CPUAffinity – Optional – Type: long • /software/systemd/systemd_unitfile_config_systemd_exec/CPUSchedulingPolicy – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/CPUSchedulingPriority – Optional – Type: long – Range: 1..99 • /software/systemd/systemd_unitfile_config_systemd_exec/CPUSchedulingResetOnFork – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec/Environment – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/EnvironmentFile – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/Group – Optional – Type: defined_group • /software/systemd/systemd_unitfile_config_systemd_exec/IOSchedulingClass – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/IOSchedulingPriority – Optional – Type: long – Range: 0..7 • /software/systemd/systemd_unitfile_config_systemd_exec/LimitAS

1.3. configuration-modules-core 677 Quattor Documentation, Release 0.0.1

– Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitCORE – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitCPU – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitDATA – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitFSIZE – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitLOCKS – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitMEMLOCK – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitMSGQUEUE – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitNICE – Optional – Type: long – Range: 0..40 • /software/systemd/systemd_unitfile_config_systemd_exec/LimitNOFILE

678 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitNPROC – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitRSS – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitRTPRIO – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitRTTIME – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitSIGPENDING – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/LimitSTACK – Optional – Type: long – Range: -1.. • /software/systemd/systemd_unitfile_config_systemd_exec/Nice – Optional – Type: long – Range: -20..19 • /software/systemd/systemd_unitfile_config_systemd_exec/OOMScoreAdjust – Optional – Type: long – Range: -1000..1000 • /software/systemd/systemd_unitfile_config_systemd_exec/PrivateTmp

1.3. configuration-modules-core 679 Quattor Documentation, Release 0.0.1

– Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec/RootDirectory – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/StandardError – Optional – Type: systemd_unitfile_config_systemd_exec_stdouterr • /software/systemd/systemd_unitfile_config_systemd_exec/StandardInput – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/StandardOutput – Optional – Type: systemd_unitfile_config_systemd_exec_stdouterr • /software/systemd/systemd_unitfile_config_systemd_exec/SupplementaryGroups – Optional – Type: defined_group • /software/systemd/systemd_unitfile_config_systemd_exec/SyslogFacility – Optional – Type: syslog_facility • /software/systemd/systemd_unitfile_config_systemd_exec/SyslogIdentifier – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/SyslogLevel – Optional – Type: syslog_level • /software/systemd/systemd_unitfile_config_systemd_exec/SyslogLevelPrefix – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec/TTYPath – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/TTYReset – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec/TTYVHangup

680 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec/TTYVTDisallocate – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_systemd_exec/UMask – Optional – Type: string • /software/systemd/systemd_unitfile_config_systemd_exec/User – Optional – Type: defined_user • /software/systemd/systemd_unitfile_config_systemd_exec/WorkingDirectory – Optional – Type: string • /software/systemd/systemd_unitfile_config_service – Description: the [Service] section http://www.freedesktop.org/software/systemd/man/systemd.service.html • /software/systemd/systemd_unitfile_config_service/AmbientCapabilities – Optional – Type: linux_capability • /software/systemd/systemd_unitfile_config_service/BusName – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/BusPolicy – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/CapabilityBoundingSet – Optional – Type: linux_capability • /software/systemd/systemd_unitfile_config_service/ExecReload – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/ExecStart – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/ExecStartPost

1.3. configuration-modules-core 681 Quattor Documentation, Release 0.0.1

– Optional – Type: string • /software/systemd/systemd_unitfile_config_service/ExecStartPre – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/ExecStop – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/ExecStopPost – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/GuessMainPID – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_service/NonBlocking – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_service/NotifyAccess – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/PIDFile – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/PermissionsStartOnly – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_service/RemainAfterExit – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_service/Restart – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/RestartForceExitStatus – Optional – Type: long • /software/systemd/systemd_unitfile_config_service/RestartPreventExitStatus

682 Chapter 1. Content Quattor Documentation, Release 0.0.1

– Optional – Type: long • /software/systemd/systemd_unitfile_config_service/RestartSec – Optional – Type: long – Range: 0.. • /software/systemd/systemd_unitfile_config_service/RootDirectoryStartOnly – Optional – Type: boolean • /software/systemd/systemd_unitfile_config_service/Sockets – Optional – Type: systemd_valid_unit • /software/systemd/systemd_unitfile_config_service/SuccessExitStatus – Optional – Type: long • /software/systemd/systemd_unitfile_config_service/TimeoutSec – Optional – Type: long – Range: 0.. • /software/systemd/systemd_unitfile_config_service/TimeoutStartSec – Optional – Type: long – Range: 0.. • /software/systemd/systemd_unitfile_config_service/TimeoutStopSec – Optional – Type: long – Range: 0.. • /software/systemd/systemd_unitfile_config_service/Type – Optional – Type: string • /software/systemd/systemd_unitfile_config_service/WatchdogSec – Optional – Type: long – Range: 0.. • /software/systemd/systemd_unitfile_config – Description:

1.3. configuration-modules-core 683 Quattor Documentation, Release 0.0.1

Unit configuration sections includes, unit and install are type agnostic unit and install are mandatory, but not enforced by schema (possible issues in case of replace=true) the other attributes are only valid for a specific type • /software/systemd/systemd_unitfile_config/includes – Description: list of existing/other units to base the configuration on (e.g. when creating a new service with a different name, based on an exsiting one) – Optional – Type: string • /software/systemd/systemd_unitfile_config/install – Optional – Type: systemd_unitfile_config_install • /software/systemd/systemd_unitfile_config/service – Optional – Type: systemd_unitfile_config_service • /software/systemd/systemd_unitfile_config/unit – Optional – Type: systemd_unitfile_config_unit • /software/systemd/systemd_unitfile_custom – Description: Custom unit configuration to allow inserting computed configuration data It overrides the data defined in the regular config schema, so do not forget to set those as well (can be dummy value). • /software/systemd/systemd_unitfile_custom/CPUAffinity – Description: CPUAffinity list determined via ‘hwloc-calc –physical-output –intersect PU ’ Allows to cpubind on numan- odes (as we cannot trust logical CPU indices, which regular CPUAffinity requires) Forces an empty list to reset any possible previously defined affinity. – Optional – Type: hwloc_location • /software/systemd/systemd_unitfile – Description: Unit file configuration – /software/systemd/systemd_unitfile/config

* Description: unitfile configuration data * Optional * Type: systemd_unitfile_config – /software/systemd/systemd_unitfile/custom

684 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Description: custom unitfile configuration data * Optional * Type: systemd_unitfile_custom – /software/systemd/systemd_unitfile/replace

* Description: replaceunitfile configuration: if true, only the defined parameters will be used by the unit; anything else is ignored

* Optional * Type: boolean – /software/systemd/systemd_unitfile/only

* Description: only use the unit parameters for unitfile configuration, ignore other defined here such as targets (but still allow e.g. values defined by legacy chkconfig)

* Optional * Type: boolean • /software/systemd/systemd_target • /software/systemd/systemd_unit_type – /software/systemd/systemd_unit_type/name

* Optional * Type: string – /software/systemd/systemd_unit_type/targets

* Optional * Type: systemd_target – /software/systemd/systemd_unit_type/type

* Optional * Type: string – /software/systemd/systemd_unit_type/startstop

* Optional * Type: boolean – /software/systemd/systemd_unit_type/state

* Optional * Type: string – /software/systemd/systemd_unit_type/file

* Description: unitfile configuration * Optional * Type: systemd_unitfile • /software/systemd/component_systemd – /software/systemd/component_systemd/skip

1.3. configuration-modules-core 685 Quattor Documentation, Release 0.0.1

* Optional * Type: systemd_skip – /software/systemd/component_systemd/unconfigured

* Description: what to do with unconfigured units: ignore, enabled, disabled, on (en- abled+start), off (disabled+stop; advanced option)

* Optional * Type: string – /software/systemd/component_systemd/unit

* Optional * Type: systemd_unit_type useraccess

DESCRIPTION

The useraccess NCM component allows to manage the different ways an user can get into a machine. Currently it configures Kerberos access, SSH public keys access and specific services via ACLs. Remember that the settings for a user means the ways to log in as that user.

BASIC COMPONENT STRUCTURE

Besides the classic component_structure fields, it provides two more fields, named users and roles. users will contain the authorization information for each user, and roles will contain a set of credentials for users to accept. Both users and roleshave the same structure. All the fields are optional, so you can have Kerberos authentication but no public keys, or an user can be authorized to no ACL-controlled service. And, to make it clear: The entries for user “foo” are the different ways people can log in as user “foo”. * /software/components/useraccess/configSerial This property is an arbitrary string representing a configuration serial number. It is not interpreted in any way by the component. Its role is only to trig a component run when its value changes. This is necessary when the change is in a file external to the configuration, referred by a URL. * /software/components/useraccess/acl_services List of services that will have ACLs associated to them. * /software/components/useraccess/{users,roles}//kerberos4 It is a list of the users who can log in using Kerberos v4 tickets. The contents of this list will be appropri- ately formatted and written into ~/.klogin. * /software/components/useraccess/{users,roles}//kerberos5 It is a list of the users who can log using Kerberos v5 tickets. The contents of this list will be appropriately formatted and written into ~/.k5login. * /software/components/useraccess/{users,roles}//ssh_keys_urls

686 Chapter 1. Content Quattor Documentation, Release 0.0.1

It is a list containing the absolute URLs where the public keys granted to login as this user can be found. The URL can have any schema LWP::UserAgent supports, and it has been tested with http://, https:// and file:// . Local files are admitted, if wanted. * /software/components/useraccess/{users,roles}//ssh_keys It is a list containing the exact lines to be added to ~/.ssh/authorized_keys. The preferred way for adding authorized_keys is ssh_keys_urls. * /software/components/useraccess/{users,roles}//acls It is a list of the ACL-controlled services the user is allowed to log in. This only applies to PAM controlled services. SSH is not (not necessarily) controlled by PAM. IMPORTANT NOTE: this will add the user to the given ACL, but will not force the service to use ACLs at all. To do so, add the service to /software/components/useraccess/acl_services. * /software/components/useraccess/{users,roles}//roles List of strings. It contains the list of roles the user belongs to. Roles can be nested. It is a compile-time error to add an user to a non-existing role. * /software/components/useraccess/users//managed_credentials List of authentication methods the component will configure (and thus, fully control) for the user. It is a list of strings, with possible values ssh_keys, kerberos4 and kerberos5. It defaults to control all credentials, change it if you want to control something by some other means. For instance, CERN uses a different tool to controls SSH public key authentication on user oracle.

KERBEROS SETTINGS

Both kerberos4 and kerberos5 share the same structure. It contains the following fields: * /software/components/useraccess//kerberosX/realm : mandatory Kerberos’ realm for authentication (the part behind the @ in .klogin). * /software/components/useraccess//kerberosX/principal : mandatory Principal identity for the user in the Kerberos ticket server. * /software/components/useraccess//kerberosX/instance : optional “Instance” identity for the user. This is a sub-identity. * /software/components/useraccess//kerberosX/host : optional Host from which the ticket must come for this identity. It is currently ignored.

ROLES, now

As of now, a role is a group of users who will share the same settings: they will all be listed in the same ACLs, they will allow access to the same set of public SSH keys, and so on. An user can be “plugged” into a role and thus, he will automatically get all the appropriate settings:

1.3. configuration-modules-core 687 Quattor Documentation, Release 0.0.1

"/software/components/useraccess/roles/myrole"= nlist ( "kerberos4", nlist ( "realm", "UAM.ES", "principal", "me" ) );

"/software/components/useraccess/users/root/roles"= list ("myrole");

And now, can login as root using Kerberos v4 tickets. Also, roles can be nested. However, there are no checks for cyclic inclusions. Cyclic nesting will produce infinite loops at runtime, and may consume lots of disk space.

EXAMPLES

Kerberos

Let’s say evil Mr Burns and his lackey, Smithers want to log into Homer’s account:

"/software/components/useraccess/users/homer/kerberos4"= list (nlist ( "realm", "SPRINGFIELD.COM", "principal", "mrburns"), nlist ("realm", "SPRINGFIELD.COM", "principal", "smithers", "instance", "lackey"));

And apply the same to Kerberos v5.

One role to control them all

What do you think Sauron did?

"/software/components/useraccess/roles/rings"= nlist ( "ssh_keys", list ("http://mordor.org/sauron.key", "http://mordor.org/badguy.key") ) );

"/software/components/useraccess/users/three/roles"= list ("rings"); "/software/components/useraccess/users/seven/roles"= list ("rings"); "/software/components/useraccess/users/nine/roles"= list ("rings");

Back to Springfield

We all know how evil Mr Burns is. So, let’s say he wants full control on the Simpson family. And Homer wants to spy women at home:

"/software/components/useraccess/roles/badburns"= nlist ( "kerberos4", list (nlist ( "realm", "SPRINGFIELD.COM", "principal", "mrburns")), (continues on next page)

688 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) "kerberos5", list (nlist ( "realm", "SPRINGFIELD.COM", "principal", "mrburns") ) );

"/software/components/useraccess/roles/badhomer"= nlist ( "kerberos4", list (nlist ( "realm", "SPRINGFIELD.COM", "principal", "homer", "instance", "another_silly_project")), "acls", list ("system-auth") # Woops! now Homer can't log-in! );

"/software/components/useraccess/users/marge/roles"= list ( "badburns", "badhomer" );

"/software/components/useraccess/users/bart/roles"= list ( "badburns", );

"/software/components/useraccess/users/lisa/roles"= list ( "badburns", "badhomer" );

"/software/components/useraccess/users/maggie/roles"= list ( "badburns", );

Now, Mr Burns can log in as Homer, Marge, Bart, Lisa or Maggie using Kerberos 4 and 5 tickets. And Marge and Lisa allow Homer to sneak in. But, in the same way, an ACL for system-auth is created. And only Marge and Lisa are on that ACL. Now, not Maggie, nor Bart nor Homer can even log in (on PAM-controlled services).

Nesting roles

As simple as we’d expect:

"/software/components/useraccess/roles/superrole/roles"= list ( "rolea", "roleb", "rolec" );

Remember that all roles (rolea, roleb and rolec) must exist at validation time!

LOCKING USER ACCOUNTS

When you lock user accounts, it may not be enough to just lock them with passwd -l. Depending on how you configured SSH, a locked user may still be able to log-in with his public key.

Types

• /software/useraccess/useraccess_pointer

1.3. configuration-modules-core 689 Quattor Documentation, Release 0.0.1

• /software/useraccess/useraccess_kerberos – /software/useraccess/useraccess_kerberos/realm

* Optional * Type: type_hostname – /software/useraccess/useraccess_kerberos/principal

* Optional * Type: string – /software/useraccess/useraccess_kerberos/instance

* Optional * Type: string – /software/useraccess/useraccess_kerberos/host

* Optional * Type: type_hostname • /software/useraccess/credentialfilestring • /software/useraccess/useraccess_auth – /software/useraccess/useraccess_auth/ssh_keys_urls

* Optional * Type: type_absoluteURI – /software/useraccess/useraccess_auth/kerberos4

* Optional * Type: useraccess_kerberos – /software/useraccess/useraccess_auth/kerberos5

* Optional * Type: useraccess_kerberos – /software/useraccess/useraccess_auth/acls

* Optional * Type: string – /software/useraccess/useraccess_auth/roles

* Optional * Type: useraccess_pointer – /software/useraccess/useraccess_auth/ssh_keys

* Optional * Type: string – /software/useraccess/useraccess_auth/managed_credentials

* Optional * Type: credentialfilestring

690 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/useraccess/useraccess_component – /software/useraccess/useraccess_component/configSerial

* Optional * Type: string – /software/useraccess/useraccess_component/users

* Optional * Type: useraccess_auth – /software/useraccess/useraccess_component/roles

* Optional * Type: useraccess_auth – /software/useraccess/useraccess_component/acl_services

* Optional * Type: string

1.4 configuration-modules-grid

1.4.1 Description

These NCM modules configure services for the EGEE/EGI Grid initiatives. An incomplete list of what you can expect with our current library of Grid-related NCM components: • WMS client configuration • YAIM configurations and executions • Basic DCache configurations and more.

1.4.2 Content condorconfig

NAME

The condorconfig component manages the configuration file of Condor.

DESCRIPTION

The condorconfig component manages the configuration file (default is /opt/condor/etc/condor.conf) for Condor. All of the condor parameters are available with exactly the same name in Quattor. See the condor documentation for the names and descriptions of the parameters.

1.4. configuration-modules-grid 691 Quattor Documentation, Release 0.0.1

RESOURCES configfile (/opt/condor/etc/condor.conf)

The absolute file name of the configuration file. user (edguser)

The username to use for running condor.

Types

• /software/condorconfig/condorconfig_component – /software/condorconfig/condorconfig_component/configFile

* Optional * Type: string – /software/condorconfig/condorconfig_component/localConfigFile

* Optional * Type: string – /software/condorconfig/condorconfig_component/user

* Optional * Type: string – /software/condorconfig/condorconfig_component/RELEASE_DIR

* Optional * Type: string – /software/condorconfig/condorconfig_component/LOCAL_DIR

* Optional * Type: string – /software/condorconfig/condorconfig_component/CONDOR_ADMIN

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAIL

* Optional * Type: string – /software/condorconfig/condorconfig_component/CONDOR_HOST

* Optional * Type: string – /software/condorconfig/condorconfig_component/UID_DOMAIN

* Optional

692 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/condorconfig/condorconfig_component/FILESYSTEM_DOMAIN

* Optional * Type: string – /software/condorconfig/condorconfig_component/COLLECTOR_NAME

* Optional * Type: string – /software/condorconfig/condorconfig_component/USERNAME

* Optional * Type: string – /software/condorconfig/condorconfig_component/LOCK

* Optional * Type: string – /software/condorconfig/condorconfig_component/FLOCK_FROM

* Optional * Type: string – /software/condorconfig/condorconfig_component/FLOCK_TO

* Optional * Type: string – /software/condorconfig/condorconfig_component/FLOCK_NEGOTIATOR_HOSTS

* Optional * Type: string – /software/condorconfig/condorconfig_component/FLOCK_COLLECTOR_HOSTS

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_ADMINISTRATOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_OWNER

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_READ

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_WRITE

* Optional

1.4. configuration-modules-grid 693 Quattor Documentation, Release 0.0.1

* Type: string – /software/condorconfig/condorconfig_component/ALLOW_NEGOTIATOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_NEGOTIATOR_SCHEDD

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_WRITE_COLLECTOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_WRITE_STARTD

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_READ_COLLECTOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/ALLOW_READ_STARTD

* Optional * Type: string – /software/condorconfig/condorconfig_component/GLIDEIN_SITES

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_IGNORE_USER_PRIORITIES

* Optional * Type: string – /software/condorconfig/condorconfig_component/CONDOR_IDS

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_COLLECTOR_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/COLLECTOR_DEBUG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_NEGOTIATOR_LOG

694 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_DEBUG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_NEGOTIATOR_MATCH_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_SCHEDD_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/SCHEDD_DEBUG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_SHADOW_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/SHADOW_DEBUG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_STARTD_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTD_DEBUG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MINUTE

* Optional * Type: string – /software/condorconfig/condorconfig_component/HOUR

* Optional * Type: string – /software/condorconfig/condorconfig_component/StateTimer

* Optional * Type: string – /software/condorconfig/condorconfig_component/ActivityTimer

1.4. configuration-modules-grid 695 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/ActivationTimer

* Optional * Type: string – /software/condorconfig/condorconfig_component/LastCkpt

* Optional * Type: string – /software/condorconfig/condorconfig_component/STANDARD

* Optional * Type: string – /software/condorconfig/condorconfig_component/VANILLA

* Optional * Type: string – /software/condorconfig/condorconfig_component/IsVanilla

* Optional * Type: string – /software/condorconfig/condorconfig_component/IsStandard

* Optional * Type: string – /software/condorconfig/condorconfig_component/NonCondorLoadAvg

* Optional * Type: string – /software/condorconfig/condorconfig_component/BackgroundLoad

* Optional * Type: string – /software/condorconfig/condorconfig_component/HighLoad

* Optional * Type: string – /software/condorconfig/condorconfig_component/StartIdleTime

* Optional * Type: string – /software/condorconfig/condorconfig_component/ContinueIdleTime

* Optional * Type: string – /software/condorconfig/condorconfig_component/MaxSuspendTime

696 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/MaxVacateTime

* Optional * Type: string – /software/condorconfig/condorconfig_component/KeyboardBusy

* Optional * Type: string – /software/condorconfig/condorconfig_component/ConsoleBusy

* Optional * Type: string – /software/condorconfig/condorconfig_component/CPUIdle

* Optional * Type: string – /software/condorconfig/condorconfig_component/CPUBusy

* Optional * Type: string – /software/condorconfig/condorconfig_component/BigJob

* Optional * Type: string – /software/condorconfig/condorconfig_component/MediumJob

* Optional * Type: string – /software/condorconfig/condorconfig_component/SmallJob

* Optional * Type: string – /software/condorconfig/condorconfig_component/JustCPU

* Optional * Type: string – /software/condorconfig/condorconfig_component/MachineBusy

* Optional * Type: string – /software/condorconfig/condorconfig_component/WANT_SUSPEND

* Optional * Type: string – /software/condorconfig/condorconfig_component/WANT_VACATE

1.4. configuration-modules-grid 697 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/START

* Optional * Type: string – /software/condorconfig/condorconfig_component/SUSPEND

* Optional * Type: string – /software/condorconfig/condorconfig_component/CONTINUE

* Optional * Type: string – /software/condorconfig/condorconfig_component/PREEMPT

* Optional * Type: string – /software/condorconfig/condorconfig_component/KILL

* Optional * Type: string – /software/condorconfig/condorconfig_component/LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/SPOOL

* Optional * Type: string – /software/condorconfig/condorconfig_component/EXECUTE

* Optional * Type: string – /software/condorconfig/condorconfig_component/BIN

* Optional * Type: string – /software/condorconfig/condorconfig_component/LIB

* Optional * Type: string – /software/condorconfig/condorconfig_component/SBIN

* Optional * Type: string – /software/condorconfig/condorconfig_component/HISTORY

698 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/COLLECTOR_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MASTER_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_MATCH_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/SCHEDD_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/SHADOW_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTD_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/SHADOW_LOCK

* Optional * Type: string – /software/condorconfig/condorconfig_component/COLLECTOR_HOST

* Optional * Type: string – /software/condorconfig/condorconfig_component/RESERVED_DISK

* Optional * Type: string – /software/condorconfig/condorconfig_component/HIGHPORT

* Optional * Type: string – /software/condorconfig/condorconfig_component/LOWPORT

1.4. configuration-modules-grid 699 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/DAEMON_LIST

* Optional * Type: string – /software/condorconfig/condorconfig_component/MASTER

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTD

* Optional * Type: string – /software/condorconfig/condorconfig_component/SCHEDD

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/COLLECTOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/MASTER_ADDRESS_FILE

* Optional * Type: string – /software/condorconfig/condorconfig_component/PREEN

* Optional * Type: string – /software/condorconfig/condorconfig_component/PREEN_ARGS

* Optional * Type: string – /software/condorconfig/condorconfig_component/MASTER_UPDATE_INTERVAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTER_LIST

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTER

700 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTER_STANDARD

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTER_LOCAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTD_ADDRESS_FILE

* Optional * Type: string – /software/condorconfig/condorconfig_component/UPDATE_INTERVAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/STARTD_JOB_EXPRS

* Optional * Type: string – /software/condorconfig/condorconfig_component/SHADOW

* Optional * Type: string – /software/condorconfig/condorconfig_component/SCHEDD_ADDRESS_FILE

* Optional * Type: string – /software/condorconfig/condorconfig_component/SCHEDD_INTERVAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/SHADOW_SIZE_ESTIMATE

* Optional * Type: string – /software/condorconfig/condorconfig_component/SHADOW_RENICE_INCREMENT

* Optional * Type: string – /software/condorconfig/condorconfig_component/QUEUE_SUPER_USERS

* Optional * Type: string – /software/condorconfig/condorconfig_component/VALID_SPOOL_FILES

1.4. configuration-modules-grid 701 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/condorconfig/condorconfig_component/INVALID_LOG_FILES

* Optional * Type: string – /software/condorconfig/condorconfig_component/JAVA_MAXHEAP_ARGUMENT

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER

* Optional * Type: string – /software/condorconfig/condorconfig_component/GT2_GAHP

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRID_MONITOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_DEBUG

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_GRIDMANAGER_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDSHELL

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_MAX_JOBMANAGERS_PER_RESOURCE

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_CHECKPROXY_INTERVAL

* Optional * Type: string

702 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/condorconfig/condorconfig_component/GRIDMANAGER_MINIMUM_PROXY_TIME

* Optional * Type: string – /software/condorconfig/condorconfig_component/DEFAULT_UNIVERSE

* Optional * Type: string – /software/condorconfig/condorconfig_component/CRED_MIN_TIME_LEFT

* Optional * Type: string – /software/condorconfig/condorconfig_component/ENABLE_GRID_MONITOR

* Optional * Type: string – /software/condorconfig/condorconfig_component/CONDOR_GAHP

* Optional * Type: string – /software/condorconfig/condorconfig_component/MAX_C_GAHP_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/C_GAHP_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/C_GAHP_WORKER_THREAD_LOG

* Optional * Type: string – /software/condorconfig/condorconfig_component/NORDUGRID_GAHP

* Optional * Type: string – /software/condorconfig/condorconfig_component/C_GAHP_TIMEOUT_MULTIPLIER

* Optional * Type: string – /software/condorconfig/condorconfig_component/C_GAHP_WORKER_THREAD_TIMEOUT_MULTIPLIER

* Optional * Type: string – /software/condorconfig/condorconfig_component/CLASSAD_LIFETIME

* Optional

1.4. configuration-modules-grid 703 Quattor Documentation, Release 0.0.1

* Type: string – /software/condorconfig/condorconfig_component/CONDOR_JOB_POLL_INTERVAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/COLLECTOR_TIMEOUT_MULTIPLIER

* Optional * Type: string – /software/condorconfig/condorconfig_component/DAGMAN_ALLOW_EVENTS

* Optional * Type: string – /software/condorconfig/condorconfig_component/GLITE_CONDORC_DEBUG_LEVEL

* Optional * Type: string – /software/condorconfig/condorconfig_component/GLITE_CONDORC_LOG_DIR

* Optional * Type: string – /software/condorconfig/condorconfig_component/GLOBUS_GATEKEEPER_TIMEOUT

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRID_MONITOR_HEARTBEAT_TIMEOUT

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRID_MONITOR_RETRY_DURATION

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_GLOBUS_COMMIT_TIMEOUT

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_MAX_PENDING_SUBMITS_PER_RESOURCE

* Optional * Type: string – /software/condorconfig/condorconfig_component/GRIDMANAGER_MAX_SUBMITTED_JOBS_PER_RESOURCE

* Optional * Type: string

704 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/condorconfig/condorconfig_component/GRIDMANAGER_TIMEOUT_MULTIPLIER

* Optional * Type: string – /software/condorconfig/condorconfig_component/GSI_DAEMON_CERT

* Optional * Type: string – /software/condorconfig/condorconfig_component/GSI_DAEMON_KEY

* Optional * Type: string – /software/condorconfig/condorconfig_component/HOLD_JOB_IF_CREDENTIAL_EXPIRES

* Optional * Type: string – /software/condorconfig/condorconfig_component/HOSTALLOW_WRITE

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_INTERVAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_MATCHLIST_CACHING

* Optional * Type: string – /software/condorconfig/condorconfig_component/NEGOTIATOR_UPDATE_INTERVAL

* Optional * Type: string – /software/condorconfig/condorconfig_component/SEC_DEFAULT_NEGOTIATION

* Optional * Type: string – /software/condorconfig/condorconfig_component/SEC_DEFAULT_AUTHENTICATION

* Optional * Type: string – /software/condorconfig/condorconfig_component/SEC_DEFAULT_AUTHENTICATION_METHODS

* Optional * Type: string – /software/condorconfig/condorconfig_component/SCHEDD_TIMEOUT_MULTIPLIER

* Optional

1.4. configuration-modules-grid 705 Quattor Documentation, Release 0.0.1

* Type: string – /software/condorconfig/condorconfig_component/TOOL_TIMEOUT_MULTIPLIER

* Optional * Type: string dcache

NAME dcache : NCM component to manage dcache configuration.

DESCRIPTION

This component allows to manage configuration of dcache. For some info, check the README file.

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

MAINTAINER

VERSION

4.0.0

SEE ALSO ncm-ncd(1)

Types

• /software/dcache/structure_dcache_unit_units – /software/dcache/structure_dcache_unit_units/cond

* Optional * Type: string – /software/dcache/structure_dcache_unit_units/ugroup

* Optional

706 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/dcache/structure_dcache_unit – /software/dcache/structure_dcache_unit/units

* Optional * Type: structure_dcache_unit_units – /software/dcache/structure_dcache_unit/ignore_ugroup

* Optional * Type: string • /software/dcache/structure_dcache_link_preference – /software/dcache/structure_dcache_link_preference/read

* Optional * Type: long – /software/dcache/structure_dcache_link_preference/write

* Optional * Type: long – /software/dcache/structure_dcache_link_preference/cache

* Optional * Type: long – /software/dcache/structure_dcache_link_preference/p2p

* Optional * Type: long • /software/dcache/structure_dcache_link_default_preference – /software/dcache/structure_dcache_link_default_preference/default

* Optional * Type: long • /software/dcache/structure_dcache_link_policy – /software/dcache/structure_dcache_link_policy/nearline

* Optional * Type: boolean – /software/dcache/structure_dcache_link_policy/online

* Optional * Type: boolean – /software/dcache/structure_dcache_link_policy/custodial

* Optional * Type: boolean – /software/dcache/structure_dcache_link_policy/output

1.4. configuration-modules-grid 707 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/dcache/structure_dcache_link_policy/replica

* Optional * Type: boolean • /software/dcache/structure_dcache_link_default_policy – /software/dcache/structure_dcache_link_default_policy/default

* Optional * Type: boolean • /software/dcache/structure_dcache_link_linkgroups – /software/dcache/structure_dcache_link_linkgroups/links

* Optional * Type: string • /software/dcache/structure_dcache_link_links – /software/dcache/structure_dcache_link_links/ugroup

* Optional * Type: string – /software/dcache/structure_dcache_link_links/pgroup

* Optional * Type: string – /software/dcache/structure_dcache_link_links/lgroup

* Optional * Type: string • /software/dcache/structure_dcache_link – /software/dcache/structure_dcache_link/links

* Optional * Type: structure_dcache_link_links – /software/dcache/structure_dcache_link/ignore_link

* Optional * Type: string – /software/dcache/structure_dcache_link/def_preference

* Optional * Type: structure_dcache_link_default_preference – /software/dcache/structure_dcache_link/def_policy

* Optional * Type: structure_dcache_link_default_policy

708 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/dcache/structure_dcache_link/ignore_linkgroup

* Optional * Type: string – /software/dcache/structure_dcache_link/linkgroups

* Optional * Type: structure_dcache_link_linkgroups • /software/dcache/structure_dcache_pool_pools – /software/dcache/structure_dcache_pool_pools/path

* Optional * Type: string – /software/dcache/structure_dcache_pool_pools/size

* Optional * Type: long – /software/dcache/structure_dcache_pool_pools/opt

* Optional * Type: string – /software/dcache/structure_dcache_pool_pools/pgroup

* Optional * Type: string – /software/dcache/structure_dcache_pool_pools/mover_max

* Optional * Type: long – /software/dcache/structure_dcache_pool_pools/ulimit_n

* Optional * Type: long • /software/dcache/structure_dcache_pool – /software/dcache/structure_dcache_pool/pools

* Optional * Type: structure_dcache_pool_pools – /software/dcache/structure_dcache_pool/ignore_pgroup

* Optional * Type: string – /software/dcache/structure_dcache_pool/default_mover_max

* Optional * Type: long – /software/dcache/structure_dcache_pool/default_ulimit_n

1.4. configuration-modules-grid 709 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/dcache/structure_dcache_pool/max_true_pool_size_prom

* Optional * Type: long • /software/dcache/structure_dcache_dcachesetup – /software/dcache/structure_dcache_dcachesetup/serviceLocatorHost

* Optional * Type: type_fqdn – /software/dcache/structure_dcache_dcachesetup/cacheInfo

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/java

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/pnfs

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/ftpBase

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/portBase

* Optional * Type: long – /software/dcache/structure_dcache_dcachesetup/logArea

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/parallelStreams

* Optional * Type: long – /software/dcache/structure_dcache_dcachesetup/bufferSize

* Optional * Type: long – /software/dcache/structure_dcache_dcachesetup/tcpBufferSize

* Optional * Type: long

710 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/dcache/structure_dcache_dcachesetup/billingToDb

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/infoProviderStaticFile

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/metaDataRepository

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/metaDataRepositoryImport

* Optional * Type: string – /software/dcache/structure_dcache_dcachesetup/PermissionHandlerDataSource

* Optional * Type: string • /software/dcache/structure_dcache_node_config – /software/dcache/structure_dcache_node_config/node_type

* Optional * Type: string – /software/dcache/structure_dcache_node_config/dcache_home

* Optional * Type: string – /software/dcache/structure_dcache_node_config/pnfs_root

* Optional * Type: string – /software/dcache/structure_dcache_node_config/pnfs_install_dir

* Optional * Type: string – /software/dcache/structure_dcache_node_config/pnfs_start

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/pnfs_overwrite

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/pool_path

* Optional

1.4. configuration-modules-grid 711 Quattor Documentation, Release 0.0.1

* Type: string – /software/dcache/structure_dcache_node_config/number_of_movers

* Optional * Type: long – /software/dcache/structure_dcache_node_config/server_id

* Optional * Type: string – /software/dcache/structure_dcache_node_config/admin_node

* Optional * Type: type_fqdn – /software/dcache/structure_dcache_node_config/gsidcap

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/gridftp

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/srm

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/xrootd

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/dcap

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/replicaManager

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/pnfsManager

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/lmDomain

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/httpDomain

* Optional

712 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: boolean – /software/dcache/structure_dcache_node_config/adminDoor

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/poolManager

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/utilityDomain

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/dirDomain

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/gPlazmaService

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/infoProvider

* Optional * Type: boolean – /software/dcache/structure_dcache_node_config/namespace

* Optional * Type: string – /software/dcache/structure_dcache_node_config/namespace_node

* Optional * Type: string • /software/dcache/structure_dcache_pnfs_setup – /software/dcache/structure_dcache_pnfs_setup/shmservers

* Optional * Type: long • /software/dcache/structure_dcache_pnfs_config – /software/dcache/structure_dcache_pnfs_config/pnfs_install_dir

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_config/pnfs_root

* Optional * Type: string

1.4. configuration-modules-grid 713 Quattor Documentation, Release 0.0.1

– /software/dcache/structure_dcache_pnfs_config/pnfs_db

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_config/pnfs_log

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_config/pnfs_overwrite

* Optional * Type: boolean – /software/dcache/structure_dcache_pnfs_config/pnfs_psql_user

* Optional * Type: string • /software/dcache/structure_dcache_pnfs_db – /software/dcache/structure_dcache_pnfs_db/path

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_db/name

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_db/user

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_db/group

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_db/perm

* Optional * Type: string • /software/dcache/structure_dcache_pnfs_exports_rule – /software/dcache/structure_dcache_pnfs_exports_rule/mount

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_exports_rule/path

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_exports_rule/perm

714 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/dcache/structure_dcache_pnfs_exports_rule/opt

* Optional * Type: string • /software/dcache/structure_dcache_pnfs_exports – /software/dcache/structure_dcache_pnfs_exports/ip

* Optional * Type: type_ip – /software/dcache/structure_dcache_pnfs_exports/netmask

* Optional * Type: type_ip – /software/dcache/structure_dcache_pnfs_exports/rule

* Optional * Type: structure_dcache_pnfs_exports_rule • /software/dcache/structure_dcache_pnfs – /software/dcache/structure_dcache_pnfs/pnfs_config

* Optional * Type: structure_dcache_pnfs_config – /software/dcache/structure_dcache_pnfs/pnfs_config_def

* Optional * Type: string – /software/dcache/structure_dcache_pnfs/databases

* Optional * Type: structure_dcache_pnfs_db – /software/dcache/structure_dcache_pnfs/exports

* Optional * Type: structure_dcache_pnfs_exports – /software/dcache/structure_dcache_pnfs/pnfs_setup

* Optional * Type: structure_dcache_pnfs_setup – /software/dcache/structure_dcache_pnfs/pnfs_setup_def

* Optional * Type: string • /software/dcache/structure_dcache_create – /software/dcache/structure_dcache_create/batchname

1.4. configuration-modules-grid 715 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/dcache/structure_dcache_create/name

* Optional * Type: string – /software/dcache/structure_dcache_create/cell

* Optional * Type: string – /software/dcache/structure_dcache_create/context

* Optional * Type: string – /software/dcache/structure_dcache_create/opt

* Optional * Type: string • /software/dcache/structure_dcache_batch – /software/dcache/structure_dcache_batch/create

* Optional * Type: structure_dcache_create – /software/dcache/structure_dcache_batch/batch_read

* Optional * Type: string – /software/dcache/structure_dcache_batch/batch_write

* Optional * Type: string – /software/dcache/structure_dcache_batch/batch_template

* Optional * Type: boolean • /software/dcache/structure_dcache_config – /software/dcache/structure_dcache_config/dc_dir

* Optional * Type: string – /software/dcache/structure_dcache_config/node_config_def

* Optional * Type: string – /software/dcache/structure_dcache_config/node_config

* Optional

716 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: structure_dcache_node_config – /software/dcache/structure_dcache_config/dCacheSetup_def

* Optional * Type: string – /software/dcache/structure_dcache_config/dCacheSetup

* Optional * Type: structure_dcache_dcachesetup – /software/dcache/structure_dcache_config/admin_passwd

* Optional * Type: string – /software/dcache/structure_dcache_config/debug_print

* Optional * Type: long – /software/dcache/structure_dcache_config/jythonjavahome

* Optional * Type: string • /software/dcache/structure_dcache_chimera – /software/dcache/structure_dcache_chimera/paths

* Optional * Type: string – /software/dcache/structure_dcache_chimera/exports

* Optional * Type: string – /software/dcache/structure_dcache_chimera/default_dcap

* Optional * Type: string • /software/dcache/dcache_component – /software/dcache/dcache_component/pool

* Optional * Type: structure_dcache_pool – /software/dcache/dcache_component/config

* Optional * Type: structure_dcache_config – /software/dcache/dcache_component/pnfs

* Optional * Type: structure_dcache_pnfs

1.4. configuration-modules-grid 717 Quattor Documentation, Release 0.0.1

– /software/dcache/dcache_component/chimera

* Optional * Type: structure_dcache_chimera – /software/dcache/dcache_component/unit

* Optional * Type: structure_dcache_unit – /software/dcache/dcache_component/link

* Optional * Type: structure_dcache_link – /software/dcache/dcache_component/batch

* Optional * Type: structure_dcache_batch – /software/dcache/dcache_component/postgresql

* Optional * Type: string

dpmlfc

NAME

ncm-dpmlfc : NCM component to manage DPM and LFC configuration.

DESCRIPTION

This component allows to manage configuration of DPM and LFC services, with the exception of DPM xrootd protocol which is managed by the ncm-xrootd configuration module. Configuration module ncm-dpmlfc requires that the DPM and/or LFC configuration describes all nodes participating to the service and their respective role (in term of daemon running on each node). Each daemon/host combination is called a daemon instance in this documentation. Using the whole DPM and/or LFC description, ncm-dpmlfc takes care of action needed on every node to configure it as requested (you MUST use the same configuration description on every node participating to DPM and/or LFC). This includes restarting a service after configuration changes if needed. There are 2 sets of configuration options: Global options There is one separate set for DPM and LFC, /software/components/dpmlfc/options/dpm and /software/components/dpmlfc/options/lfc respectively. In each set, there is a subset, db, describing the database and database connection options. Protocol options For each access or management protocol, there is one set of global options under /software/ components/dpmlfc/protocols. Each option defined in these sets can be superseded in the node-specific options for the given protocol.

718 Chapter 1. Content Quattor Documentation, Release 0.0.1

Following sections describe each option by group of related options.

GLOBAL OPTIONS (DPM and LFC)

DPM and LFC accept the same global options but there is a separate set for each one. Replace PRODUCT by dpm or lfc. /software/components/dpmlfc/options/PRODUCT/accessProtocols : list (optional, DPM only) List of access protocols supported on disk servers. Supported protocols are : https, gsiftp, rfio, xroot. Note that xrootd configuration itself, including the DPM/Xrootd plug-in, must be configured with ncm-xrootd. Default: None (default configuration provided by RPM will be used) /software/components/dpmlfc/options/PRODUCT/controlProtocols : list (optional, DPM only) List of control protocols supported. Supported protocols are : srmv1, srmv2, srmv2.2. Default: None (default configuration provided by RPM will be used) /software/components/dpmlfc/options/PRODUCT/gridmapfile This option defines the local gridmap file used by products daemons. Default: None (default configuration provided by RPM will be used) /software/components/dpmlfc/options/PRODUCT/gridmapdir This option defines the gridmap dir used by products daemons. Default: None (default configuration provided by RPM will be used) /software/components/dpmlfc/options/PRODUCT/group This option defines the userid used by product daemons. Default: None (default configuration provided by RPM will be used) /software/components/dpmlfc/options/PRODUCT/user This option defines the userid used by product daemons. Default: dpmmgr for DPM, lfcmgr for LFC

DATABASE CONNECTION OPTIONS (DPM and LFC)

DPM and LFC accepts the same set of options to describe the database connection. In the following option names, replace PRODUCT by either dpm or lfc. Both sets can coexist. /software/components/dpmlfc/options/PRODUCT/db/configfile This option defines the file used to keep track of database connection information. This file will be owned by the userid used to run daemons and only this user will have access to this file. Default : /etc/DPMCONFIG for DPM, /etc/NSCONFIG for LFC /software/components/dpmlfc/options/PRODUCT/db/infoFile (string, optional) Name (without path) of the file containing connection information to DPM DB to be used by GIP to collect information about DPM. This file will be owned and accessible only by GIP user. This file will not be created if infoUser is not defined. Default : DPMINFO for DPM, LFCINFO for LFC.

1.4. configuration-modules-grid 719 Quattor Documentation, Release 0.0.1

/software/components/dpmlfc/options/PRODUCT/db/infoPwd (string, optional) Password for database connection account used by GIP to collect information about DPM Default : generated password. It is recommended to use this default value (password changed at each run). /software/components/dpmlfc/options/PRODUCT/db/infoUser (string, optional) Username for database connection account used by GIP to collect information about DPM. If this option is not defined, the infoFile is not updated by ncm-dpmlfc. Default : None /software/components/dpmlfc/options/PRODUCT/db/password (string, required) This option defines the password used to connect to the database. Default : none /software/components/dpmlfc/options/PRODUCT/db/server (string, optional) This option defines the server running the database. This component checks that DPM and LFC database server run on different node (DPNS and LFC use the same database name). localhost is considered different as DPNS and LFC are not allowed to run on the same node. Default : localhost. /software/components/dpmlfc/options/PRODUCT/db/user This option defines the userid used to connect to the database. Default : userid used to run daemons

PROTOCOL OPTIONS (DPM and LFC)

Each access or management protocol has its specific set of global options under /software/components/ dpmlfc/protocols (e.g. dpm, dpns, srmv22, dav. . . ). Each of these options can be redefined in the node- specific options for the corresponding protocol. Node specific options are specified as a nlist attached to the node name. This allows configuration options to be different for each host running an instance of the service but it is generally not sensible to use a different value for each host. See the schema, for the complete list of supported options for each protocols. Main options are described here.

WebDav options

All WebDav options are optional and thus have no default value. To see the value used when the option is undefined, look at /etc/httpd/conf.d/zlcgdm-dav.conf DiskAnonUser : string (optional) User to use for anonymous access on file contents. Typically, must match NSAnonUser. DiskFlags : list of string (optional) Flags controlling access to file contents. Possible values are : Write, RemoteCopy, NoAuthn. NSAnonUser : string (optional) User to use for anonymous access to namespace. Typically, must match DiskAnonUser. NSFlags : list of string (optional)

720 Chapter 1. Content Quattor Documentation, Release 0.0.1

Flags controlling namespace access. Possible values are : Write, RemoteCopy, NoAuthn. NSMaxReplicas : long (optional, LFC only) Maximum number of replica to return. NSRedirectPort : list of long (optional, 2 list elements required) Ports to use when redirecting to disk servers. First element is the port to use for http access, second element is the port for https access. NSSecureRedirect : string (optional) Enable/disable secure redirect (https) to disk servers. Value must be on or off. NSServer : list of string (optional, 2 list elements required) Name (first element) and port (second element) of the host serving the namespace, both specified as string. This is mainly useful to allow access to the namespace from localhost on any DPM nodes, if direct access to namespace has been configured on disk servers (via TrustedDNs). NSTrustedDNs : list of string (optional) DNs of DPM nodes allowed a direct access to the namespace. NSType : string (optional) Indicates whether the namespace is attached to DPM or LFC. Valid values are DPM and LFC. SSLCertFile : string Certificate (public key) file name to use for https. SSLCertKey : string (optional) Private key file name to use for https. SSLCACertPath : string (optional) Directory path containing the CA certificates SSLCARevocationPath : string (optional) Directory path containing the CA revocation lists. SSLCipherSuite : list of string (optional) List of enabled ciphers in SSL configuration. SSLHonorCipherOrder : string (optional) Order of ciphers. SSLOptions : list of string (optional) SSL options to use (namespace and file access). SSLProtocol : list of string (optional) List of enabled/disabled of SSL protocols. SSLSessionCache : string (optional) SSLSessionCache parameter (see Apache documentation) SSLSessionCacheTimeout : long (optional) SSLSessionCacheTiemout parameter (see Apache documentation) SSLVerifyClient : string (optional)

1.4. configuration-modules-grid 721 Quattor Documentation, Release 0.0.1

Level of client certificate verifications (see Apache documentation). Valid values are require, optional and none. SSLVerifyDepth : long (optional) Verification depth of certificate chain (see Apache documentation). xrootd options xrootd options are ignored. Use ncm-xrootd instead.

Options for other (legacy) protocols

Legacy (non dmlite-based) protocols share several options. Some protocolas also have specific options: in this case, the option description states it explicitly. allowCoreDump: boolean (optional) allowCoreDump allows to explicitly enable/disable creation of a core dump in the event of a daemon crash. Default: use daemon default (see documentation) logfile: string (optional) logfile option is the name of the logfile used by the daemon instance. Generally, each daemon has a dedicated directory under /var/log, where the actual log file is rotated. This option is accepted by every type of daemon. Default : use daemon default (see documentation). port: long (optional) port allows to specify a non standard port for the daemon. Default : default service port (see documentation or ‘man service_name’). threads : long (optional) Number of threads to use. Default : default service port (see documentation or ‘man service_name’). maxOpenFiles : long (optional) Maximum number of open files (used as input to ulimit). Default : default service port (see documentation or ‘man service_name’). requestMaxAge: string (optional, dpm daemon only) requestMaxAge allows to configure automatic purging of DPM request database, based on request age. It defines the maximum lifetime allowed for a request before it is removed from the request database. This must be a number optionally followed by y (year), m (month), d (day), h (hour). If no unit is specified, the number is interpreted as seconds. Default: by default automatic purging is disabled fastThreads : long (optional, dpm daemon only) Number of threads to use for short operations Default : default service configuration (see documentation or ‘man service_name’).

722 Chapter 1. Content Quattor Documentation, Release 0.0.1 slowThreads : long (optional, dpm daemon only) Number of threads to use for long operations Default : default service configuration (see documentation or ‘man service_name’). useSyncGet : boolean (optional, dpm daemon only) Use synchronous get operation when querying the namespace. Default : default service configuration (see documentation or ‘man service_name’). readonly : boolean (optional, dpns and lfc only) Configure a readonly DPNS Default : default service configuration (see documentation or ‘man service_name’). portRange : string (optional, rfio or gsiftp) TCP port range to use for transfers. Default : default service configuration (see documentation or ‘man service_name’). startupOptions : string (optional, rfio or gsiftp) Daemon options to use at startup. Default : default service configuration (see documentation or ‘man service_name’). disableAutoVirtualIDs : boolean (optional, lfc only) Disable automatic creation of virtual IDs. Default : default service configuration (see documentation or ‘man service_name’).

VO OPTIONS (DPM and LFC) : /software/components/dpmlfc/vos

VO-related options described each VO that must be configured to get access to DPM or LFC namespace. This includes creating VO home directory and setting correct permissions. VO-related options are stored under /software/components/dpmlfc/vos, which is a nlist with one entry per VO. nlist key is the VO name. Value is a nlist describing VO properties. /software/components/dpmlfc/vos/VONAME/gid This property specifies virtual GID to associate with the VO. Default is normally appropriate Default : auto-generated virtual GID.

POOL OPTIONS (DPM)

/software/components/dpmlfc/pool Not implemented yet.

DEPENDENCIES

None.

1.4. configuration-modules-grid 723 Quattor Documentation, Release 0.0.1

BUGS

None known.

AUTHOR

Michel Jouvin <>

MAINTAINER

Michel Jouvin <>

SEE ALSO ncm-ncd(1)

Types

• /software/dpmlfc/dpmlfc_component_fs_entry – /software/dpmlfc/dpmlfc_component_fs_entry/host

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_fs_entry/name

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_fs_entry/status

* Optional * Type: string • /software/dpmlfc/dpmlfc_component_pool_entry – /software/dpmlfc/dpmlfc_component_pool_entry/def_filesize

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_pool_entry/gc_start_thresh

* Optional * Type: long * Range: 0.. – /software/dpmlfc/dpmlfc_component_pool_entry/gc_stop_thresh

* Optional * Type: long

724 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Range: 0.. – /software/dpmlfc/dpmlfc_component_pool_entry/def_pintime

* Optional * Type: long * Range: 0.. – /software/dpmlfc/dpmlfc_component_pool_entry/gid

* Optional * Type: long * Range: 1.. – /software/dpmlfc/dpmlfc_component_pool_entry/group

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_pool_entry/put_retenp

* Optional * Type: long * Range: 0.. – /software/dpmlfc/dpmlfc_component_pool_entry/s_type

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_pool_entry/fs

* Optional * Type: dpmlfc_component_fs_entry • /software/dpmlfc/dpmlfc_component_vo_entry – /software/dpmlfc/dpmlfc_component_vo_entry/gid

* Optional * Type: long • /software/dpmlfc/dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component_node_config/logfile

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_node_config/port

* Optional * Type: type_port – /software/dpmlfc/dpmlfc_component_node_config/allowCoreDump

* Optional * Type: boolean

1.4. configuration-modules-grid 725 Quattor Documentation, Release 0.0.1

– /software/dpmlfc/dpmlfc_component_node_config/threads

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_node_config/maxOpenFiles

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_node_config/globusThreadModel

* Optional * Type: string • /software/dpmlfc/dpmlfc_component_dpm_node_config – /software/dpmlfc/dpmlfc_component_dpm_node_config/requestMaxAge

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dpm_node_config/fastThreads

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_dpm_node_config/slowThreads

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_dpm_node_config/useSyncGet

* Optional * Type: boolean • /software/dpmlfc/dpmlfc_component_rfio_gsiftp_node_config – /software/dpmlfc/dpmlfc_component_rfio_gsiftp_node_config/portRange

* Optional * Type: string • /software/dpmlfc/dpmlfc_component_dpns_node_config – /software/dpmlfc/dpmlfc_component_dpns_node_config/readonly

* Optional * Type: boolean • /software/dpmlfc/dpmlfc_component_dav_node_config – /software/dpmlfc/dpmlfc_component_dav_node_config/DiskAnonUser

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/DiskFlags

* Optional

726 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/NSAnonUser

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/NSFlags

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/NSMaxReplicas

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_dav_node_config/NSRedirectPort

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_dav_node_config/NSSecureRedirect

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/NSServer

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/NSTrustedDNs

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/NSType

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLCertFile

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLCertKey

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLCACertPath

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLCARevocationPath

* Optional

1.4. configuration-modules-grid 727 Quattor Documentation, Release 0.0.1

* Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLCipherSuite

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLHonorCipherOrder

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLOptions

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLProtocol

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLSessionCache

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLSessionCacheTimeout

* Optional * Type: long – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLVerifyClient

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_dav_node_config/SSLVerifyDepth

* Optional * Type: long • /software/dpmlfc/dpmlfc_component_lfc_node_config – /software/dpmlfc/dpmlfc_component_lfc_node_config/disableAutoVirtualIDs

* Optional * Type: boolean • /software/dpmlfc/dpmlfc_component_protocol_options – /software/dpmlfc/dpmlfc_component_protocol_options/dav

* Optional * Type: dpmlfc_component_dav_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/dpm

* Optional * Type: dpmlfc_component_dpm_node_config

728 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/dpmlfc/dpmlfc_component_protocol_options/dpns

* Optional * Type: dpmlfc_component_dpns_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/gsiftp

* Optional * Type: dpmlfc_component_rfio_gsiftp_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/rfio

* Optional * Type: dpmlfc_component_rfio_gsiftp_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/srmv1

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/srmv2

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/srmv22

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/xroot

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component_protocol_options/copyd

* Optional * Type: dpmlfc_component_node_config • /software/dpmlfc/dpmlfc_component_db_conn_options – /software/dpmlfc/dpmlfc_component_db_conn_options/configfile

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/configmode

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/server

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/user

* Optional

1.4. configuration-modules-grid 729 Quattor Documentation, Release 0.0.1

* Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/password

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/infoFile

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/infoUser

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_db_conn_options/infoPwd

* Optional * Type: string • /software/dpmlfc/dpmlfc_component_global_options – /software/dpmlfc/dpmlfc_component_global_options/user

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_global_options/group

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_global_options/db

* Optional * Type: dpmlfc_component_db_conn_options – /software/dpmlfc/dpmlfc_component_global_options/installDir

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_global_options/gridmapfile

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_global_options/gridmapdir

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_global_options/accessProtocols

* Optional * Type: string – /software/dpmlfc/dpmlfc_component_global_options/controlProtocols

730 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string • /software/dpmlfc/dpmlfc_component_global_options_tree – /software/dpmlfc/dpmlfc_component_global_options_tree/dpm

* Optional * Type: dpmlfc_component_global_options – /software/dpmlfc/dpmlfc_component_global_options_tree/lfc

* Optional * Type: dpmlfc_component_global_options • /software/dpmlfc/dpmlfc_component – /software/dpmlfc/dpmlfc_component/dav

* Optional * Type: dpmlfc_component_dav_node_config – /software/dpmlfc/dpmlfc_component/dpm

* Optional * Type: dpmlfc_component_dpm_node_config – /software/dpmlfc/dpmlfc_component/dpns

* Optional * Type: dpmlfc_component_dpns_node_config – /software/dpmlfc/dpmlfc_component/gsiftp

* Optional * Type: dpmlfc_component_rfio_gsiftp_node_config – /software/dpmlfc/dpmlfc_component/rfio

* Optional * Type: dpmlfc_component_rfio_gsiftp_node_config – /software/dpmlfc/dpmlfc_component/srmv1

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component/srmv2

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component/srmv22

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component/xroot

* Optional

1.4. configuration-modules-grid 731 Quattor Documentation, Release 0.0.1

* Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component/copyd

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component/pools

* Optional * Type: dpmlfc_component_pool_entry – /software/dpmlfc/dpmlfc_component/vos

* Optional * Type: dpmlfc_component_vo_entry – /software/dpmlfc/dpmlfc_component/lfc

* Optional * Type: dpmlfc_component_lfc_node_config – /software/dpmlfc/dpmlfc_component/lfc-dli

* Optional * Type: dpmlfc_component_node_config – /software/dpmlfc/dpmlfc_component/options

* Optional * Type: dpmlfc_component_global_options_tree – /software/dpmlfc/dpmlfc_component/protocols

* Optional * Type: dpmlfc_component_protocol_options

Functions

• component_dpmlfc_number_string_valid • component_dpmlfc_global_options_valid • component_dpmlfc_xroot_access_rules_valid • component_dpmlfc_node_config_valid • component_dpmlfc_dav_config_valid gacl

NAME gacl : gacl NCM component.

732 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

This component allows to manage grid ACL file.

RESOURCES

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Michel Jouvin <>

MAINTAINER

Michel Jouvin <>

VERSION

1.0.0

SEE ALSO ncm-ncd(1)

Types

• /software/gacl/gacl_component – /software/gacl/gacl_component/aclFile

* Optional * Type: string gip2

NAME ncm-gip2: NCM component for generic LCG information provider

1.4. configuration-modules-grid 733 Quattor Documentation, Release 0.0.1

DESCRIPTION

The ncm-gip2 component manages configuration of Generic Information Provider (GIP), used to collect data on avail- able resources. It allows to manage both LCG and gLite flavor of GIP.

Resources

/software/components/gip2/basedir : string (required)

Base directory for gip components (must contain directories plugin/, provider/. . . ) Default : none.

/software/components/gip2/group : string (required)

Group GIP account belongs to. Used to define group ownership of GIP directories and files. Default : root.

/software/components/gip2/flavor : string (required)

Define GIP flavor used. Can be ‘lcg’ org ‘glite’. Default : glite.

/software/components/gip2/ldif : nlist (optional)

Named list of LDIF files used by GIP plugins. Key is an arbitrary name, value is a nlist defiining a set of LDIF entries to be added to a specific LDIF file. The LDIF entries can be either defined directly (no staticInfoCmd defined) or as a configuration file processed by staticInfoCmd. This nlist properties are defined below. Default : none.

LDIF confFile : string (optional)

Name of the file to create with ‘entries’, used as the input file for staticInfoCmd. Ignored when staticInfoCmd is ommitted. Default : key of the /software/components/gip2/ldif nlist.

LDIF template : string (deprecated)

Kept for backward compatibility. Ignored if specified. Default : none.

734 Chapter 1. Content Quattor Documentation, Release 0.0.1

LDIF ldifFile : string (required)

Name of the LDIF file to produce. It can be either a name or an absolute path. When using a name without a path, the file will be created in the LDIF directory (basedir/ldif). Default : none.

LDIF entries : nlist (optional) nlist of LDIF entries (key is the DN, value is a nlist of attribute/value pairs) to put in the resulting file if staticInfoCmd is not specified or sets of key value/pairs (key is the set name and and value is a nlist of key/value pairs). Key is interpreted as an escaped value. If ommitted and confFile is defined, must be defined in /software/components/gip2/ldifConfEntries key matching confFile. Default : none.

LDIF staticInfoCmd : string (optional)

Path of the command to execute to transform entries into a LDIF file. If absent, the global staticInfoCmd is used. Default : none.

/software/components/gip2/ldifConfEntries : nlist (optional)

It is a nlist of ‘entries’ (as defined under /software/components/gip2/ldif). The key must match a file name as specified with confFile under /software/components/gip2/ldif. This property allows to have a global definition of a configuration file, used to generate LDIF files, that is common to several LDIF sets/files (this is for example the case for GLUE2 with the CREAM CE). When such a shared configuration file is used to generate several LDIF files, ‘entries’ under /software/components/gip2/ldif must be left undefined and the configuration file contents must be defined here. Default: none.

/software/components/gip2/plugin : nlist (optional)

Named list of GIP plugins (plugins are associated with a static LDIF file). Key the plugin name, value is the plugin script. Default : none.

/software/components/gip2/provider : nlist (optional)

Named list of GIP providers. Key the provider name, value is the provider script. Default : none.

1.4. configuration-modules-grid 735 Quattor Documentation, Release 0.0.1

/software/components/gip2/staticInfoCmd : string (optional)

Path of the command to execute to transform entries into a LDIF file if none is defined in the /soft- ware/components/gip2/ldif entry. It is here for backward compatibility but it is recommended to define it as part of the ldif entries. If undefined in both locations, the configuration file is read directly without any processing. Default : none.

/software/components/gip2/scripts : nlist (optional)

Named list of GIP scripts (usually used to launch lcg/glite-info-generic with the appropriate configuration. Key the script name, value is the script. Default : none.

/software/components/gip2/stubs : nlist (optional)

Named list of static LDIF files produced without a Glue template. Mainly used to add intermediate LDIF entries required for subtree search to work. Key is LDIF the file name (without directory), value is a list of LDIF entries to put in the LDIF file. If stubs are defined, BDII will be restarted if running on the current node. Default : none.

/software/components/gip2/external : list of strings (optional)

List of files/scripts that will be trusted as if managed by the component. Default : none.

/software/components/gip2/user : string (required)

Account GIP runs under. Used to define user ownership of GIP directories and files. Default : none.

/software/components/gip2/workDirs : list of strings (optional)

List of working directories used by GIP that must be configured to be owned and writable by GIP user. Default : none.

/software/components/gip2/etcDir : string (optional)

Location of the “etc” directory. Default : basedir/etc (LCG) or basedir/etc/gip (gLite)

736 Chapter 1. Content Quattor Documentation, Release 0.0.1

/software/components/gip2/ldifDir : string (optional)

Location of the “ldif” directory. Default : basedir/ldif (LCG) or basedir/etc/ldif (gLite)

/software/components/gip2/pluginDir : string (optional)

Location of the “plugin” directory. Default : basedir/plugin (LCG) or basedir/etc/plugin (gLite)

/software/components/gip2/providerDir : string (optional)

Location of the “provider” directory. Default : basedir/provider (LCG) or basedir/etc/provider (gLite)

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Charles Loomis <>

MAINTAINER

Charles Loomis <>,Michel Jouvin <>

VERSION

2.7.2

SEE ALSO ncm-ncd(1)

1.4. configuration-modules-grid 737 Quattor Documentation, Release 0.0.1

Types

• /software/gip2/structure_gip2_attribute • /software/gip2/structure_gip2_ldif – /software/gip2/structure_gip2_ldif/confFile

* Optional * Type: string – /software/gip2/structure_gip2_ldif/template

* Optional * Type: string – /software/gip2/structure_gip2_ldif/ldifFile

* Optional * Type: string – /software/gip2/structure_gip2_ldif/entries

* Optional * Type: structure_gip2_attribute – /software/gip2/structure_gip2_ldif/staticInfoCmd

* Optional * Type: string • /software/gip2/gip2_component – /software/gip2/gip2_component/user

* Optional * Type: string – /software/gip2/gip2_component/group

* Optional * Type: string – /software/gip2/gip2_component/flavor

* Optional * Type: string – /software/gip2/gip2_component/basedir

* Optional * Type: string – /software/gip2/gip2_component/etcDir

* Optional * Type: string – /software/gip2/gip2_component/ldifDir

* Optional

738 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/gip2/gip2_component/pluginDir

* Optional * Type: string – /software/gip2/gip2_component/providerDir

* Optional * Type: string – /software/gip2/gip2_component/workDirs

* Optional * Type: string – /software/gip2/gip2_component/staticInfoCmd

* Optional * Type: string – /software/gip2/gip2_component/bdiiRestartAllowed

* Optional * Type: boolean – /software/gip2/gip2_component/confFiles

* Optional * Type: string – /software/gip2/gip2_component/ldif

* Optional * Type: structure_gip2_ldif – /software/gip2/gip2_component/ldifConfEntries

* Optional * Type: structure_gip2_attribute – /software/gip2/gip2_component/plugin

* Optional * Type: string – /software/gip2/gip2_component/provider

* Optional * Type: string – /software/gip2/gip2_component/scripts

* Optional * Type: string – /software/gip2/gip2_component/stubs

* Optional

1.4. configuration-modules-grid 739 Quattor Documentation, Release 0.0.1

* Type: structure_gip2_attribute – /software/gip2/gip2_component/external

* Optional * Type: string glitestartup

NAME glitestartup : NCM component to configure startup of gLite services

DESCRIPTION

This NCM component allows to configure startup driver of gLite services. If there is a change to the startup driver configuruation file, by default all services are restarted.

RESOURCES

/software/components/@COMP/configFile : string (required)

Configuration file path/name for startup driver. Default : /opt/glite/etc/config/scripts/gLite.services

/software/components/@COMP/createProxy : boolean

If true, create a grid proxy for the gLite user used to run the service. Default : true

/software/components/@COMP/disableOutput : boolean (optional)

If true, redirect script output to /dev/null. For special cases where the output can trigger problems (like those related to Python PIPE bugs).

/software/components/@COMP/disableError : boolean (optional)

Idem as disableOutput but for stderr.

/software/components/@COMP/initScript : string (required)

Name of startup script for gLite services. Default : /etc/rc.d/init.d/gLite

740 Chapter 1. Content Quattor Documentation, Release 0.0.1

/software/components/@COMP/postRestart : list (optional)

A list of nlist defining commands to execute after successfully restarting services and the expected status of these commands. Each nlist accepts the following properties : cmd : command to execute. expectedStatus : if defined, must specify as a number the expected status of the command. The expected status is the status value that must be considered as a success. If undefined, no test is made on return value. Default : None

/software/components/@COMP/restartEnv : list of string (optional)

If defined, must be a list of string, each element being a script name to source before restarting services. Default : undefined

/software/components/@COMP/restartServices : boolean (optional)

If true, all services are restarted, even if there was no change to startup driver configuration file. If false, services are not restarted even if the startup driver configuration file was changed. If not defined, all services are restarted if there is a change in startup driver configuration. Default : not defined.

/software/components/@COMP/scriptPaths : list of string (required)

List of paths where to look for a script matching service name. Default : /opt/glite/etc/init.d

/software/components/@COMP/services : nlist of string

Nlist with one entry per service to start. Key is the service name, value is an optional nlist. This nlist can contain the following element: args startup script arguments Default : none

DEPENDENCIES

None.

BUGS

None known.

1.4. configuration-modules-grid 741 Quattor Documentation, Release 0.0.1

AUTHOR

Michel Jouvin <>

MAINTAINER

Michel Jouvin <>

VERSION

1.1.1

SEE ALSO ncm-ncd(1)

Functions

• glitestartup_mod_service • glitestartup_add_dependency

Types

• /software/glitestartup/glitestartup_component_service – /software/glitestartup/glitestartup_component_service/args

* Optional * Type: string • /software/glitestartup/glitestartup_component_post_restart – /software/glitestartup/glitestartup_component_post_restart/cmd

* Optional * Type: string – /software/glitestartup/glitestartup_component_post_restart/expectedStatus

* Optional * Type: long • /software/glitestartup/glitestartup_component – /software/glitestartup/glitestartup_component/configFile

* Optional * Type: string – /software/glitestartup/glitestartup_component/initScript

* Optional

742 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/glitestartup/glitestartup_component/disableOutput

* Optional * Type: boolean – /software/glitestartup/glitestartup_component/disableError

* Optional * Type: boolean – /software/glitestartup/glitestartup_component/restartEnv

* Optional * Type: string – /software/glitestartup/glitestartup_component/postRestart

* Optional * Type: glitestartup_component_post_restart – /software/glitestartup/glitestartup_component/restartServices

* Optional * Type: boolean – /software/glitestartup/glitestartup_component/createProxy

* Optional * Type: boolean – /software/glitestartup/glitestartup_component/scriptPaths

* Optional * Type: string – /software/glitestartup/glitestartup_component/services

* Optional * Type: glitestartup_component_service

Types

• /software/globuscfg/reg_type – /software/globuscfg/reg_type/recordname

* Optional * Type: string – /software/globuscfg/reg_type/regname

* Optional * Type: string – /software/globuscfg/reg_type/reghn

* Optional

1.4. configuration-modules-grid 743 Quattor Documentation, Release 0.0.1

* Type: string – /software/globuscfg/reg_type/regport

* Optional * Type: type_port – /software/globuscfg/reg_type/regperiod

* Optional * Type: long – /software/globuscfg/reg_type/ttl

* Optional * Type: long • /software/globuscfg/globus_mds_gris_type – /software/globuscfg/globus_mds_gris_type/suffix

* Optional * Type: string – /software/globuscfg/globus_mds_gris_type/provider

* Optional * Type: string – /software/globuscfg/globus_mds_gris_type/registration

* Optional * Type: reg_type • /software/globuscfg/globus_mds_giis_allowedregs_type – /software/globuscfg/globus_mds_giis_allowedregs_type/recordname

* Optional * Type: string – /software/globuscfg/globus_mds_giis_allowedregs_type/name

* Optional * Type: string – /software/globuscfg/globus_mds_giis_allowedregs_type/allowreg

* Optional * Type: string • /software/globuscfg/globus_mds_giis_reg_type – /software/globuscfg/globus_mds_giis_reg_type/regname

* Optional * Type: string – /software/globuscfg/globus_mds_giis_reg_type/reghn

* Optional

744 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/globuscfg/globus_mds_giis_reg_type/regport

* Optional * Type: type_port – /software/globuscfg/globus_mds_giis_reg_type/regperiod

* Optional * Type: long – /software/globuscfg/globus_mds_giis_reg_type/ttl

* Optional * Type: long – /software/globuscfg/globus_mds_giis_reg_type/name

* Optional * Type: string • /software/globuscfg/globus_mds_giis_type – /software/globuscfg/globus_mds_giis_type/allowedregs

* Optional * Type: globus_mds_giis_allowedregs_type – /software/globuscfg/globus_mds_giis_type/registration

* Optional * Type: globus_mds_giis_reg_type • /software/globuscfg/globus_mds_type – /software/globuscfg/globus_mds_type/globus_flavor_name

* Optional * Type: string – /software/globuscfg/globus_mds_type/user

* Optional * Type: string – /software/globuscfg/globus_mds_type/x509_user_cert

* Optional * Type: string – /software/globuscfg/globus_mds_type/x509_user_key

* Optional * Type: string – /software/globuscfg/globus_mds_type/gris

* Optional * Type: globus_mds_gris_type

1.4. configuration-modules-grid 745 Quattor Documentation, Release 0.0.1

– /software/globuscfg/globus_mds_type/giis

* Optional * Type: globus_mds_giis_type • /software/globuscfg/globus_gridftp_type – /software/globuscfg/globus_gridftp_type/globus_flavor_name

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/X509_USER_CERT

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/X509_USER_KEY

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/ftpd

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/port

* Optional * Type: type_port – /software/globuscfg/globus_gridftp_type/umask

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/log

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/user

* Optional * Type: string – /software/globuscfg/globus_gridftp_type/maxConnections

* Optional * Type: long – /software/globuscfg/globus_gridftp_type/options

* Optional * Type: string • /software/globuscfg/globus_gatekeeper_jobmanager_type – /software/globuscfg/globus_gatekeeper_jobmanager_type/recordname

746 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_jobmanager_type/type

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_jobmanager_type/job_manager

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_jobmanager_type/extra_config

* Optional * Type: string • /software/globuscfg/globus_gatekeeper_type – /software/globuscfg/globus_gatekeeper_type/globus_flavor_name

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_type/job_manager_path

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_type/globus_gatekeeper

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_type/extra_options

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_type/user

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_type/port

* Optional * Type: type_port – /software/globuscfg/globus_gatekeeper_type/logfile

* Optional * Type: string – /software/globuscfg/globus_gatekeeper_type/jobmanagers

* Optional * Type: globus_gatekeeper_jobmanager_type

1.4. configuration-modules-grid 747 Quattor Documentation, Release 0.0.1

• /software/globuscfg/globus_global_type – /software/globuscfg/globus_global_type/services

* Optional * Type: string – /software/globuscfg/globus_global_type/paths

* Optional * Type: string – /software/globuscfg/globus_global_type/globus_flavor_name

* Optional * Type: string – /software/globuscfg/globus_global_type/GLOBUS_LOCATION

* Optional * Type: string – /software/globuscfg/globus_global_type/GPT_LOCATION

* Optional * Type: string – /software/globuscfg/globus_global_type/GLOBUS_CONFIG

* Optional * Type: string – /software/globuscfg/globus_global_type/GLOBUS_TCP_PORT_RANGE

* Optional * Type: string – /software/globuscfg/globus_global_type/GLOBUS_UDP_PORT_RANGE

* Optional * Type: string – /software/globuscfg/globus_global_type/LD_LIBRARY_PATH

* Optional * Type: string – /software/globuscfg/globus_global_type/x509_user_cert

* Optional * Type: string – /software/globuscfg/globus_global_type/x509_user_key

* Optional * Type: string – /software/globuscfg/globus_global_type/x509_cert_dir

* Optional

748 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/globuscfg/globus_global_type/gridmap

* Optional * Type: string – /software/globuscfg/globus_global_type/gridmapdir

* Optional * Type: string – /software/globuscfg/globus_global_type/mds

* Optional * Type: globus_mds_type – /software/globuscfg/globus_global_type/gridftp

* Optional * Type: globus_gridftp_type – /software/globuscfg/globus_global_type/gatekeeper

* Optional * Type: globus_gatekeeper_type – /software/globuscfg/globus_global_type/sysconfigUpdate

* Optional * Type: boolean • /software/globuscfg/globuscfg_component_type gridmapdir

NAME

The gridmapdir component manages the gridmapdir directory.

DESCRIPTION

The gridmapdir component manages the gridmapdir directory used for the mapping of pool accounts.

RESOURCES gridmapdir (required)

The location of the configuration file. Normally this should not be changed. poolaccounts (required)

An nlist with the pool account prefix as the name and a long as the size of the pool.

1.4. configuration-modules-grid 749 Quattor Documentation, Release 0.0.1 sharedGridmapdir : string (optional)

If defined must indicate the path of a shared gridmapdir. In this case, gridmapdir as defined in ‘gridmapdir’ property is made a symlink of this directory.

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Charles Loomis <>

MAINTAINER

Michel Jouvin <>

VERSION

2.0.1

SEE ALSO ncm-ncd(1)

Types

• /software/gridmapdir/gridmapdir_component – /software/gridmapdir/gridmapdir_component/gridmapdir

* Optional * Type: string – /software/gridmapdir/gridmapdir_component/poolaccounts

* Optional * Type: long * Range: 0..0 – /software/gridmapdir/gridmapdir_component/sharedGridmapdir

* Optional * Type: string

750 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/gridmapdir/gridmapdir_component/owner

* Optional * Type: string – /software/gridmapdir/gridmapdir_component/group

* Optional * Type: string – /software/gridmapdir/gridmapdir_component/perms

* Optional * Type: string gsissh

NAME gsissh: NCM component to manage gsissh configuration file(s)

DESCRIPTION

The gsissh component writes manages the configuration for both the client and server sides of the GSI-enabled SSH daemon.

RESOURCES

/software/components/gsissh/server

An optional nlist with the server-side configuration. If not specified, then the server is not configured.

/software/components/gsissh/server/port

The port to use for the daemon. This is mandatory.

/software/components/gsissh/server/options

An nlist giving the options to use. Typical options are: PermitRootLogin, RSAAuthentication, PubkeyAuthentication, PasswordAuthentication, ChallengeResponseAuthentication, which take yes/no values.

/software/components/gsissh/client/options

An optional nlist giving the client options to use. Typical options are: GssapiAuthentication, GssapiKeyExchange, and GssapiDelegateCredentials which take yes/no values. The client is always configured even if there are no options.

1.4. configuration-modules-grid 751 Quattor Documentation, Release 0.0.1

EXAMPLE

“/software/components/gsissh/server/port” = 1975; “/software/components/gsissh/server/options” = nlist(“PermitRootLogin”, “no”, “RSAAuthentication”, “no”, “PubkeyAuthentication”, “no”, “Pass- wordAuthentication”, “no”, “ChallengeResponseAuthentication”, “no”);

Types

• /software/gsissh/structure_gsissh_server – /software/gsissh/structure_gsissh_server/port

* Optional * Type: type_port – /software/gsissh/structure_gsissh_server/options

* Optional * Type: string • /software/gsissh/structure_gsissh_client – /software/gsissh/structure_gsissh_client/options

* Optional * Type: string • /software/gsissh/gsissh_component – /software/gsissh/gsissh_component/globus_location

* Optional * Type: string – /software/gsissh/gsissh_component/gpt_location

* Optional * Type: string – /software/gsissh/gsissh_component/server

* Optional * Type: structure_gsissh_server – /software/gsissh/gsissh_component/client

* Optional * Type: structure_gsissh_client lbconfig

NAME ncm-lbconfig: NCM lbconfig component

752 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

The ncm-lbconfig component manages the configuration file of the WP1 lbserver. It creates the /opt/edg/etc/edg_wl_query_index file with the values saved in the machine profile.

RESOURCES configFile (edg_wl_query_index.conf)

The name of the configuration file. It will be created in the location EDG_LOCATION/etc. type (system)

The type of the resource. owner

The owner. location

The location. destination

The destination.

Types

• /software/lbconfig/structure_index_list • /software/lbconfig/lbconfig_component – /software/lbconfig/lbconfig_component/configFile

* Optional * Type: string – /software/lbconfig/lbconfig_component/indicies

* Optional * Type: structure_index_list lcas

NAME lcas: NCM component to manage LCAS configuration file(s)

1.4. configuration-modules-grid 753 Quattor Documentation, Release 0.0.1

DESCRIPTION

The lcas component writes the LCAS configuration file(s). The primary file is the LCAS database, listing the plugin modules to be called (in the order specified in the profile). Optionally, it can write the module configuration files as well (as just plain files, one line for every entry in the content list). The header can be suppressed, if ever there is a module that chokes on the pound-sign comments at the top. The lcas component can manage several different LCAS databases and associated module configuration files.

MAIN RESOURCES

/software/components/lcas/dbpath

Deprecated. Mutually exclusive with /software/components/lcas/db.

/software/components/lcas/module

Deprecated. Mutually exclusive with /software/components/lcas/db.

/software/components/lcas/db : list (optional)

List of LCAS databases and associated module configaration files to configure. For each database, the following attributes can be specified. path : string (required)

The database file name. This attribute is required for any database entry. Default: none. module : list (optional)

A list of each module to configure in the database, with their arguments and optionally their associated configuration file. See next section for supported module attributes. Default: none

MODULE RESOURCES

For each module, the following attributes can be specified. path : string (required)

The plugin module file name. The path may be relative to the LCAS search path but it is recommended to specify a full path. This attribute is required for any module. Default: none

754 Chapter 1. Content Quattor Documentation, Release 0.0.1 args : string (optional)

Arguments to this module (like: the name of the module’s config file). Default: none conf : nlist (optional)

Optional: write out the contents of a single configuration file for this plugin module. The following attributes (nlist keys) are available for the configuration file. path : string (required)

Location (absolute path) of the module configuration file. This attribute is required if a configuration file is configured. Default: none noheader : boolean (required)

When set to true, suppress the initial comments normally added at the head of the configuration file. This attribute is required if a configuration file is configured. Default: false (header added) content : list of string (optional)

Configuration file content as a list of string. Each list element will be added to the file as a separate line, keeping the specified order.

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

David Groep <>

MAINTAINER

David Groep <>, Michel Jouvin <>

1.4. configuration-modules-grid 755 Quattor Documentation, Release 0.0.1

VERSION

1.1.0

SEE ALSO ncm-ncd(1)

Types

• /software/lcas/lcas_component_plainfile_content – /software/lcas/lcas_component_plainfile_content/path

* Optional * Type: string – /software/lcas/lcas_component_plainfile_content/noheader

* Optional * Type: boolean – /software/lcas/lcas_component_plainfile_content/content

* Optional * Type: string • /software/lcas/lcas_component_modulespec – /software/lcas/lcas_component_modulespec/path

* Optional * Type: string – /software/lcas/lcas_component_modulespec/args

* Optional * Type: string – /software/lcas/lcas_component_modulespec/conf

* Optional * Type: lcas_component_plainfile_content • /software/lcas/lcas_component_db – /software/lcas/lcas_component_db/path

* Optional * Type: string – /software/lcas/lcas_component_db/module

* Optional * Type: lcas_component_modulespec • /software/lcas/lcas_component

756 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/lcas/lcas_component/db

* Optional * Type: lcas_component_db – /software/lcas/lcas_component/dbpath

* Optional * Type: string – /software/lcas/lcas_component/module

* Optional * Type: lcas_component_modulespec

Functions

• component_lcas_valid lcgbdii

NAME

The lcgbdii component manages the configuration file of BDII service.

DESCRIPTION

The lcgbdii component manages the BDII configuration.

RESOURCES

Check schema for the full list of resources. Due to some changes in BDII configuration between all versions, some resources marked optional in the schema for backward compatibility are in fact required to properly configure recent BDII versions. archiveSize : long (optional)

The number of updates that the changes should be logged (BDII v5 and later). autoUpdate : string (yes or no)

Whether or not to auto-update. Valid values are “yes” and “no”. Default : no autoModify : string (yes or no)

Whether or not to automatically modify this file. Default : no

1.4. configuration-modules-grid 757 Quattor Documentation, Release 0.0.1 bind : string

The binding string. Default: “mds-vo-name=local,o=grid” breatheTime : long

The time between LDAP queries. Default: 60 configFile : string (required)

The location of the LCG BDII configuration file. Default: /opt/bdii/etc/bdii.conf dir

The base directory for the BDII code and configuration files. Default: /opt/bdii

fixGlue : string (yes or no, optional)

Fixes some common schema errors like publishing duplicate attributes ()BDII v5 and later, recommeded value : yes). isCache : string (yes or no)

Whether or not to reject entries which already match the binding string. Default : no ldifDir : string

Location of GIP static ldfi files. New and required in BDII v5 and later. logFile : string (optional)

The location of the LCG BDII log file. This property is required for BDII v5. Default: none logLevel : string (one of ERROR, WARNING, INFO, DEBUG)

BDII verbosity level. New in BDII v5 (recommended value: ERROR) Default: none.

758 Chapter 1. Content Quattor Documentation, Release 0.0.1 modifyDN : string (yes or no)

Whether or not this BDII fixes DNs to match binding string. Default : no pluginDir : string

Location of GIP plugins. New and required in BDII v5 and later. port : port number

Port used by BDII (v5 and later). Exclusive of portRead and portsWrite. Default: none portRead : port number

The port to read from (version <= 4). Default: none portsWrite : list of port numbers

The list of ports to write to (version <= 4). Default: none providerDir : string

Location of GIP providers. New and required in BDII v5 and later.

RAMDisk : string (yes or no, optional)

Use a RAM disk for the database files. It is advisable to have at least 4GB of RAM. (BDII_top v3.2.10-3 and later, recommeded value : yes). readTimeout : long (optional)

Time to wait for LDAP sources to return. New in BDII v5 (typically 300). schemaFile

Name of file listing the schemas used by BDII. This is required for LCG 2.5.0 or above. Default: /opt/bdii/etc/schemas

1.4. configuration-modules-grid 759 Quattor Documentation, Release 0.0.1 schemas : list of strings (optional)

List of file names for the schema files used. Default: none searchFilter : string (optional)

The LDAP filter. searchTimeout : long (optional)

The LDAP timeout in seconds. Deprecated in BDII v5. slapadd : string (optional)

The location of the slapadd executable. Deprecated in BDII v5 and later. slapd : string (optional)

The location of the slapd executable. Deprecated in BDII v5 and later. slapdConf : string

The location of slapd configuration file to use. Default: /opt/bdii/etc/glue-slapd.conf slapdDebugLevel : long (0 to 5) slapd verbosity level. Deprecated in BDII v5 and later. updateLdif

The URL for the update LDIF file. updateUrl

The URL for the update file. urls (optional)

A hash containing all of the update URLs. The keys are for documentation purposes only. This resource is required for BDII v4 and later.

760 Chapter 1. Content Quattor Documentation, Release 0.0.1 user : string

The default user for running the BDII daemon. Default: edguser

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Charles Loomis <>

MAINTAINER

Charles Loomis <>, Michel Jouvin <>

VERSION

2.7.2

SEE ALSO ncm-ncd(1)

Types

• /software/lcgbdii/lcgbdii_component – /software/lcgbdii/lcgbdii_component/dir

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/varDir

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/configFile

* Optional * Type: string

1.4. configuration-modules-grid 761 Quattor Documentation, Release 0.0.1

– /software/lcgbdii/lcgbdii_component/logFile

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/logLevel

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/schemaFile

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/schemas

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/port

* Optional * Type: type_port – /software/lcgbdii/lcgbdii_component/portRead

* Optional * Type: type_port – /software/lcgbdii/lcgbdii_component/portsWrite

* Optional * Type: type_port – /software/lcgbdii/lcgbdii_component/user

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/bind

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/passwd

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/searchFilter

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/searchTimeout

* Optional * Type: long

762 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Range: 1.. – /software/lcgbdii/lcgbdii_component/readTimeout

* Optional * Type: long * Range: 1.. – /software/lcgbdii/lcgbdii_component/breatheTime

* Optional * Type: long * Range: 1.. – /software/lcgbdii/lcgbdii_component/archiveSize

* Optional * Type: long – /software/lcgbdii/lcgbdii_component/autoUpdate

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/autoModify

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/isCache

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/modifyDN

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/RAMDisk

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/deleteDelay

* Optional * Type: long – /software/lcgbdii/lcgbdii_component/fixGlue

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/updateUrl

* Optional * Type: type_absoluteURI

1.4. configuration-modules-grid 763 Quattor Documentation, Release 0.0.1

– /software/lcgbdii/lcgbdii_component/updateLdif

* Optional * Type: type_absoluteURI – /software/lcgbdii/lcgbdii_component/defaultLdif

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/slapd

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/slapadd

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/slapdConf

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/slapdDebugLevel

* Optional * Type: long * Range: 0..5 – /software/lcgbdii/lcgbdii_component/urls

* Optional * Type: type_absoluteURI – /software/lcgbdii/lcgbdii_component/ldifDir

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/pluginDir

* Optional * Type: string – /software/lcgbdii/lcgbdii_component/providerDir

* Optional * Type: string

Functions

• lcgbdii_check_params

764 Chapter 1. Content Quattor Documentation, Release 0.0.1 lcgmonjob

NAME lcgmonjob: NCM component to configure lcg-mon-job-status daemon

DESCRIPTION

The lcgmonjob component manages the configuration for the lcg-mon-job-status daemon. It essentially just links the init.d script to the correct location and ensures that the daemon is restarted when the configuration changes.

RESOURCES

EDG_LOCATION

The location of the EDG software.

LCG_LOCATION

The location of the LCG software.

Types

• /software/lcgmonjob/lcgmonjob_component – /software/lcgmonjob/lcgmonjob_component/EDG_LOCATION

* Optional * Type: string – /software/lcgmonjob/lcgmonjob_component/LCG_LOCATION

* Optional * Type: string lcmaps

NAME lcmaps: NCM component to manage LCMAPS configuration file(s)

DESCRIPTION

The lcmaps component writes the LCMAPS configuration file(s). The primary file is the LCMAPS database, listing the plugin modules to be defines and the policies to describe (in the specific order as specified in the list in the CDB).

1.4. configuration-modules-grid 765 Quattor Documentation, Release 0.0.1

RESOURCES

/software/components/lcmaps/dbpath

Location of the main LCMAPS database (list of plugin modules). Default: /opt/edg/etc/lcmaps/lcmaps.db

/software/components/lcmaps/modulepath

The LCMAPS module search path.

/software/components/lcmaps/module

Named list (nlist) of modules to be used in the LCMAPS policies. The names here are the module symbolic references that are used to define the policies

/software/components/lcmaps/module/{}/path

Path of the module to load.

/software/components/lcmaps/module/{}/args

Arguments to the module (these are concatenated to the module path itself and quoted.

/software/components/lcmaps/policies

List (ordered) of LCMAPS policies

/software/components/lcmaps/policies/[]/name

Name of the policy.

/software/components/lcmaps/policies/[]/ruleset

List (ordered) of rulesets for this policy.

EXAMPLE

"/software/components/lcmaps/dbpath"= "/opt/edg/etc/lcmaps/policy.conf"; "/software/components/lcmaps/modulepath"= "/opt/edg/lib/lcmaps/modules"; "/software/components/lcmaps/module/localaccount/path"= "lcmaps_localaccount.mod"; "/software/components/lcmaps/module/localaccount/args"= "-gridmapfile /etc/grid-security/grid-mapfile";

"/software/components/lcmaps/module/poolaccount/path"= "lcmaps_poolaccount.mod"; (continues on next page)

766 Chapter 1. Content Quattor Documentation, Release 0.0.1

(continued from previous page) "/software/components/lcmaps/module/poolaccount/args"= " -override_inconsistency"+ " -gridmapfile /etc/grid-security/grid-mapfile"+ " -gridmapdir /etc/grid-security/gridmapdir";

"/software/components/lcmaps/module/posixenf/path"= "lcmaps_posix_enf.mod"; "/software/components/lcmaps/module/posixenf/args"= " -maxuid 1 -maxpgid 1 -maxsgid 32";

"/software/components/lcmaps/policies"= list ( nlist( "name", "standard", "ruleset", list ( "localaccount -> posixenf | poolaccount", "poolaccount -> posixenf" ) ), nlist( "name", "GridFTPacquisition", "ruleset", list ( "vomsextract -> vomslocalgroup", "vomslocalgroup -> vomspoolgroup", "vomspoolgroup -> vomspoolaccount", "vomspoolaccount -> ldap_enf" ) ) );

Multi-file mode

If “/software/components/lcmaps/multifile” is set to True, the LCMAPS component will work in the experimental “multi-file” mode. The regular resources like “/software/components/lcmaps/dbpath” are ignored, and relocated, but similarly named ones in the array “/software/components/lcmaps/config[]” are used. Thus, multiple LCMAPS policy files can be written to support for example separate services (gatekeeper, gridftp) on the same host. For example, the “. . . /dbpath” resource becomes:

"/software/components/lcmaps/config/0/dbpath"= "/opt/edg/etc/lcmaps/policy.gridftp"; "/software/components/lcmaps/config/0/modulepath"= "/opt/edg/lib/lcmaps/modules"; ...

"/software/components/lcmaps/config/1/dbpath"= "/opt/edg/etc/lcmaps/policy.gatekeeper

˓→"; ...

Types

• /software/lcmaps/lcmaps_modulespec_type – /software/lcmaps/lcmaps_modulespec_type/path

* Optional * Type: string

1.4. configuration-modules-grid 767 Quattor Documentation, Release 0.0.1

– /software/lcmaps/lcmaps_modulespec_type/args

* Optional * Type: string • /software/lcmaps/lcmaps_policy_type – /software/lcmaps/lcmaps_policy_type/name

* Optional * Type: string – /software/lcmaps/lcmaps_policy_type/ruleset

* Optional * Type: string • /software/lcmaps/lcmaps_file_type – /software/lcmaps/lcmaps_file_type/dbpath

* Optional * Type: string – /software/lcmaps/lcmaps_file_type/modulepath

* Optional * Type: string – /software/lcmaps/lcmaps_file_type/module

* Optional * Type: lcmaps_modulespec_type – /software/lcmaps/lcmaps_file_type/policies

* Optional * Type: lcmaps_policy_type • /software/lcmaps/lcmaps_component – /software/lcmaps/lcmaps_component/flavor

* Optional * Type: string – /software/lcmaps/lcmaps_component/dbpath

* Optional * Type: string – /software/lcmaps/lcmaps_component/modulepath

* Optional * Type: string – /software/lcmaps/lcmaps_component/multifile

* Optional * Type: boolean

768 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/lcmaps/lcmaps_component/module

* Optional * Type: lcmaps_modulespec_type – /software/lcmaps/lcmaps_component/policies

* Optional * Type: lcmaps_policy_type – /software/lcmaps/lcmaps_component/config

* Optional * Type: lcmaps_file_type – /software/lcmaps/lcmaps_component/multifile

* Optional * Type: boolean

Functions

• component_lcmaps_valid maui

NAME maui: NCM component to configure Maui server.

DESCRIPTION

The maui component manages the configuration for the maui scheduler. By default the configuration file resides in /var/spool/maui/maui.cfg.

RESOURCES configPath (/var/spool/maui)

The absolute path for the maui configuration directory. configFile (maui.cfg)

The file name for the maui configuration file. contents

The full contents of the maui configuration file. The syntax is too complex to fully translate into pan. You must supply the complete maui configuration file in this variable.

1.4. configuration-modules-grid 769 Quattor Documentation, Release 0.0.1

Types

• /software/maui/maui_component – /software/maui/maui_component/configPath

* Optional * Type: string – /software/maui/maui_component/configFile

* Optional * Type: string – /software/maui/maui_component/contents

* Optional * Type: string mkgridmap

NAME mkgridmap: NCM component to configure edg-mkgridmap.conf for mkgridmap.

DESCRIPTION

The mkgridmap component manages the configuration file (e.g. /opt/edg/etc/edg-mkgridmap.conf) for mkgridmap. It can handle several mapfiles and support two distinct mapfile format : * edg : the traditional format associating DNs with pool accounts * lcgdm : a mapfile to associate DNs to VO name. It is used by LCG products like DPM and LFC to handle autho- rization for users not authenticated with VOMS (grid-proxy-init or voms-proxy-init without -voms).

RESOURCES entries : nlist

A nlist of mapfile entries. The name of the entry is informational only. The entry resources are described below. lcmaps : nlist (optional)

This nlist describes lcmaps gridmapfile and groupmapfile to update. The entry resources are described below. voList : list (optional)

This list specifies the VO to process, and the order in which they will appear. If not present or undefined, defaults to all VOs defined in the configuration (/system/vo), sorted by name.

770 Chapter 1. Content Quattor Documentation, Release 0.0.1

LCMAPS RESOURCES

flavor : string

This property indicates LCMAPS gridmapfile/groupmafile format. It can be ‘edg’ or ‘glite’. When format is ‘glite’, FQANs are taken literally from configuration : they must be valid VOMS FQAN in standard format. When format is ‘edg’, FQANs in configuration are converted into EDG format (/VO=vo_name/GROUP=. . . /ROLE=. . . ). Default : glite (no conversion) lcmaps/gridmapfile : string (required)

The full path to the LCMAPS gridmapfile. Default : /opt/edg/etc/lcmaps/gridmapfile lcmaps/groupmapfile : string (required)

The full path to the LCMAPS groupmapfile. Default : /opt/edg/etc/lcmaps/groupmapfile

MAPFILE ENTRY RESOURCES mkgridmapconf

The location of the edg-mkgridmap.conf file, by default /opt/edg/etc/edg-mkgridmap.conf command

The command to run to regenerate the gridmap file. If provided, this command will be run whenever changes to the configuration occur. groups

A list of group entries in the edg-mkgridmap.conf file. For each group uri_ and user_ can be defined to specify the collection of users at a URI that should be mapped to a particular user. auths

A list of auth entries in the edg-mkgridmap.conf file. For each auth line a uri_ should be defined. lcuser

What the lcuser should be defined as.

1.4. configuration-modules-grid 771 Quattor Documentation, Release 0.0.1 allow

A pattern match of certs that should be permitted in the grid-mapfile. deny

A pattern match of certs that should be denied in the grid-mapfile. Note the allow allways occurs, if it is defined at all, in the mkgridmap.conf file before the deny rule. Read man edg-mkgridmap.conf for the consequences of this. gmflocal

One or more local grid-mapfile(s) to be imported in the generated grid-mapfile, where they will override other entries. By default /etc/grid-mapfile-local. The entry can be either a string (default), or a list of strings (in which case the existing entry will have to be null-ified beforehand). overwrite

By default set to yes. If set to no the local grid-mapfile will not be overwritten if it already exists. locals

A list for which each element has the values of cert_ and user_. This will add mappings to the (first) grid-mapfile-local defined above.

Types

• /software/mkgridmap/structure_mkgridmap_local – /software/mkgridmap/structure_mkgridmap_local/cert

* Optional * Type: string – /software/mkgridmap/structure_mkgridmap_local/user

* Optional * Type: string • /software/mkgridmap/structure_mkgridmap_lcmaps – /software/mkgridmap/structure_mkgridmap_lcmaps/flavor

* Optional * Type: string – /software/mkgridmap/structure_mkgridmap_lcmaps/gridmapfile

* Optional * Type: string

772 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/mkgridmap/structure_mkgridmap_lcmaps/groupmapfile

* Optional * Type: string • /software/mkgridmap/mkgridmap_component_entry – /software/mkgridmap/mkgridmap_component_entry/mkgridmapconf

* Optional * Type: string – /software/mkgridmap/mkgridmap_component_entry/format

* Optional * Type: string – /software/mkgridmap/mkgridmap_component_entry/command

* Optional * Type: string – /software/mkgridmap/mkgridmap_component_entry/lcuser

* Optional * Type: string – /software/mkgridmap/mkgridmap_component_entry/allow

* Optional * Type: string – /software/mkgridmap/mkgridmap_component_entry/deny

* Optional * Type: string – /software/mkgridmap/mkgridmap_component_entry/overwrite

* Optional * Type: boolean – /software/mkgridmap/mkgridmap_component_entry/authURIs

* Optional * Type: type_hostURI – /software/mkgridmap/mkgridmap_component_entry/locals

* Optional * Type: structure_mkgridmap_local • /software/mkgridmap/mkgridmap_component – /software/mkgridmap/mkgridmap_component/entries

* Optional * Type: mkgridmap_component_entry – /software/mkgridmap/mkgridmap_component/lcmaps

1.4. configuration-modules-grid 773 Quattor Documentation, Release 0.0.1

* Optional * Type: structure_mkgridmap_lcmaps – /software/mkgridmap/mkgridmap_component/voList

* Optional * Type: string myproxy

NAME myproxy: NCM component to configure MyProxy server.

DESCRIPTION

The myproxy component manages the /opt/edg/etc/edg-myproxy.conf file for the MyProxy server.

RESOURCES

flavor : string (required)

MyProxy configuration variant. Must be either ‘edg’ or ‘glite’. Default: edg confFile : string (required)

Configuration file for MyProxy. In edg variant, this is an intermediate configuration file used to generate the real one. Default: /opt/edg/etc/edg-myproxy.conf daemonName : string (required)

The MyProxy daemon name. Must be either ‘myproxy’ or ‘myproxy-server’. Default: myproxy trustedDNs : list of string (optional, DEPRECATED)

A list containing the list of DNs to trust for proxy renewal and retrieval. This is usually the DNs of all trusted resource brokers. When present, authorizedDNs and and defaultDNS must be ommitted.

774 Chapter 1. Content Quattor Documentation, Release 0.0.1 authorizedDNs : (optional)

A structure containing the following items, each one being a list of string: renewers Clients authorized to renew credentials. retrievers Clients authorized to retrieve credentials after providing the username/password used when the proxy was created. keyRetrievers Clients authorized to retrieved credentials (including the private key) after providing the user- name/password used when the proxy was created. trustedRetrievers Clients authorized to retrieve credentials without providing a username/password. A structure containing the same list of items as the previous one.

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Charles Loomis <>

MAINTAINER

Michel Jouvin <>

VERSION

1.2.2

SEE ALSO ncm-ncd(1), myproxy-server.config(5)

1.4. configuration-modules-grid 775 Quattor Documentation, Release 0.0.1

Types

• /software/myproxy/myproxy_component_policies – /software/myproxy/myproxy_component_policies/renewers

* Optional * Type: string – /software/myproxy/myproxy_component_policies/retrievers

* Optional * Type: string – /software/myproxy/myproxy_component_policies/keyRetrievers

* Optional * Type: string – /software/myproxy/myproxy_component_policies/trustedRetrievers

* Optional * Type: string • /software/myproxy/myproxy_component – /software/myproxy/myproxy_component/flavor

* Optional * Type: string – /software/myproxy/myproxy_component/confFile

* Optional * Type: string – /software/myproxy/myproxy_component/daemonName

* Optional * Type: string – /software/myproxy/myproxy_component/trustedDNs

* Optional * Type: string – /software/myproxy/myproxy_component/authorizedDNs

* Optional * Type: myproxy_component_policies – /software/myproxy/myproxy_component/defaultDNs

* Optional * Type: myproxy_component_policies

Functions

• component_myproxy_options_valid

776 Chapter 1. Content Quattor Documentation, Release 0.0.1 pbsclient

NAME

NCM::pbsclient - NCM pbsclient configuration component

SYNOPSIS

Configure() Do the necessary configuration for an PBS client at CERN. The mail two configuration files are /var/spool/pbs/mom_priv/config and /var/spool/pbs/server_name. The first one is the default configu- ration file for PBS, the second one is used to hold the PBS server name. In case Torque behaviour is selected, the server_name is contained in the config file as well. Unconfigure() Removed the configuration file for pbs mom (but leaves the pbs server_name file).

RESOURCES

/software/components/pbsclient/active : boolean activates/deactivates the component. /software/components/pbsclient/cpuinfo : string[] Defines which cpu info (from /proc/cpuinfo) to define as resources in the pbs_mom config file. This is a string list, which may contain any processor property name that you can see in /proc/cpuinfo file. Two extra processor related flags can be specified : ncpus, and ncores ncpus is the number of physical CPUs in the node, and ncores is the total number of cores. ** All CPUs in one host are assumed to be the same ** Example properties are : “ncores”, “ncpus”, “flags”, “model name”,”cpu MHz”,”cpu fam- ily”,”model”,”stepping” Properties that start with “model ” or “cpu ” will see this be stripped as a first step. All resulting pbs_mom resources will be prefixed with cpu_ except ncpus and ncores. /software/components/pbsclient/masters : string[] defines a list of PBS masters for this host. The first is the primary master for q* commands. This directive is compulsory. /software/components/pbsclient/resources : string defines the PBS resources, this host provides. This resource is currently ignored. /software/components/pbsclient/restricted : string[] defines the list of hosts that can query PBS mom for additional information using a reserved port (in addition to the clienthosts as set fia the masters resource). /software/components/pbsclient/logEvent : long Bitmask defining what log information to write to the mom_log files. /software/components/pbsclient/tmpdir : string Location of the per-job transient TMPDIR directory. This resource is only functional on OpenPBS or Torque servers with the transient_tmpdir patch applied. The default is compiled into mom.

1.4. configuration-modules-grid 777 Quattor Documentation, Release 0.0.1

/software/components/pbsclient/idealLoad : double Translates into configuration directive $idealload. /software/components/pbsclient/maxLoad : double Translates into configuration directive $maxload. /software/components/pbsclient/cpuTimeMultFactor : double Translates into configuration directive $cput. /software/components/pbsclient/wallTimeMultFactor : double Translates into configuration directive $wallt. /software/components/pbsclient/prologAlarmSec : long Translates into configuration directive $prologalarm. /software/components/pbsclient/checkpoint_interval : long /software/components/pbsclient/checkpoint_script : string /software/components/pbsclient/restart_script : string /software/components/pbsclient/checkpoint_run_exe : string /software/components/pbsclient/configPath : string location of the PBS mom configuration file (default: /var/spool/pbs/mom_priv/config). Note that the server_name file is written two directories up (thus by default in /var/spool/pbs). /software/components/pbsclient/behaviour : string The way the server_name is conveyed to PBS mom. The default is OpenPBS, where the name is written to the file “server_name”. The only other valid value is “Torque”, where the name is written in the “$pbsservername” directive in the mom config file. /software/components/pbsclient/nodeCheckScriptPath : string /software/components/pbsclient/nodeCheckIntervalSec : long /software/components/pbsclient/initScriptPath : string Name of the init.d script to run in the configuration changed. BY default this is “/etc/init.d/pbs”. /software/components/pbsclient/directPaths : component_pbsclient_pathmapping_type[] Locations that are accesible directly using the POSIX FileIO calls (i.e. without using pbs_rcp). This array of records define dthe list of $usecp directives. The component_pbsclient_pathmapping_type contains two resources (“locations” and “path”). /software/components/pbsclient/scripts/prologue : string =item /software/components/pbsclient/scripts/epilogue : string =item /software/components/pbsclient/scripts/prologue.user : string =item /software/components/pbsclient/scripts/epilogue.user : string =item /soft- ware/components/pbsclient/scripts/prologue.parallel : string These scripts may be defined to augment the behavior of pbs when starting and ending jobs. See the pbs documentation for a complete description of when each script runs and as what user. /software/components/pbsclient/submitonly ? boolean If true, it assumes this host is only used for job submission, and has no pbs MOM running that re- quires restarting.

778 Chapter 1. Content Quattor Documentation, Release 0.0.1

DEPENDENCIES

Components to be run before: none.

Components to be run after: none.

BUGS none known.

AUTHOR

David Groep <>

SEE ALSO ncm-ncd(1)

Types

• /software/pbsclient/pbsclient_component_pathmapping_type – /software/pbsclient/pbsclient_component_pathmapping_type/locations

* Optional * Type: string – /software/pbsclient/pbsclient_component_pathmapping_type/path

* Optional * Type: string • /software/pbsclient/pbsclient_component_scripts_type – /software/pbsclient/pbsclient_component_scripts_type/epilogue

* Optional * Type: string – /software/pbsclient/pbsclient_component_scripts_type/epilogue.user

* Optional * Type: string – /software/pbsclient/pbsclient_component_scripts_type/epilogue.parallel

* Optional * Type: string

1.4. configuration-modules-grid 779 Quattor Documentation, Release 0.0.1

– /software/pbsclient/pbsclient_component_scripts_type/prologue

* Optional * Type: string – /software/pbsclient/pbsclient_component_scripts_type/prologue.user

* Optional * Type: string – /software/pbsclient/pbsclient_component_scripts_type/prologue.parallel

* Optional * Type: string • /software/pbsclient/pbsclient_component_structure_initialisation – /software/pbsclient/pbsclient_component_structure_initialisation/auto_ideal_load

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/auto_max_load

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/check_poll_time

* Optional * Type: long * Range: 0.. – /software/pbsclient/pbsclient_component_structure_initialisation/checkpoint_interval

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/checkpoint_script

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/checkpoint_run_exe

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/configversion

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/cputmult

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/down_on_error

780 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/enablemomrestart

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/ideal_load

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/igncput

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/ignmem

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/ignvmem

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/ignwalltime

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/job_output_file_mask

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/log_directory

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/logevent

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/log_file_suffix

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/log_keep_days

* Optional * Type: long * Range: 0..

1.4. configuration-modules-grid 781 Quattor Documentation, Release 0.0.1

– /software/pbsclient/pbsclient_component_structure_initialisation/loglevel

* Optional * Type: long * Range: 0..7 – /software/pbsclient/pbsclient_component_structure_initialisation/log_file_max_size

* Optional * Type: long * Range: 0.. – /software/pbsclient/pbsclient_component_structure_initialisation/log_file_roll_depth

* Optional * Type: long * Range: 1.. – /software/pbsclient/pbsclient_component_structure_initialisation/max_conn_timeout_micro_sec

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/max_load

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/memory_pressure_threshold

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/memory_pressure_duration

* Optional * Type: long * Range: 0.. – /software/pbsclient/pbsclient_component_structure_initialisation/node_check_script

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/node_check_interval

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/nodefile_suffix

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/nospool_dir_list

* Optional

782 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/job_oom_score_adjust

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/prologalarm

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/rcpcmd

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/remote_checkpoint_dirs

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/remote_reconfig

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/restart_script

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/source_login_batch

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/source_login_interactive

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/spool_as_final_name

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/status_update_time

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/tmpdir

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/timeout

* Optional

1.4. configuration-modules-grid 783 Quattor Documentation, Release 0.0.1

* Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/use_smt

* Optional * Type: boolean – /software/pbsclient/pbsclient_component_structure_initialisation/wallmult

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/cpuTimeMultFactor

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/idealLoad

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/logEvent

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/maxLoad

* Optional * Type: double – /software/pbsclient/pbsclient_component_structure_initialisation/nodeCheckScriptPath

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_initialisation/nodeCheckIntervalSec

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/prologAlarmSec

* Optional * Type: long – /software/pbsclient/pbsclient_component_structure_initialisation/wallTimeMultFactor

* Optional * Type: double • /software/pbsclient/pbsclient_component_structure_options – /software/pbsclient/pbsclient_component_structure_options/mom_host

* Optional * Type: string – /software/pbsclient/pbsclient_component_structure_options/xauthpath

784 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string • /software/pbsclient/pbsclient_component_type – /software/pbsclient/pbsclient_component_type/pbsroot

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/configPath

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/initScriptPath

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/behaviour

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/masters

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/pbsclient

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/aliases

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/restricted

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/cpuinfo

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/varattr

* Optional * Type: string – /software/pbsclient/pbsclient_component_type/resources

* Optional * Type: string

1.4. configuration-modules-grid 785 Quattor Documentation, Release 0.0.1

– /software/pbsclient/pbsclient_component_type/directPaths

* Optional * Type: pbsclient_component_pathmapping_type – /software/pbsclient/pbsclient_component_type/scripts

* Optional * Type: pbsclient_component_scripts_type – /software/pbsclient/pbsclient_component_type/submitonly

* Optional * Type: boolean pbsknownhosts

NAME

The pbsknownhosts component manages the configuration file for the edg-pbs-knownhosts script.

DESCRIPTION

The pbsknownhosts component manages the configuration file for the edg-pbs-knownhosts script.

RESOURCES configfile (/opt/edg/etc/edg-pbs-knownhosts.conf)

The location of the configuration file. Normally this should not be changed. pbsbin (/usr/bin)

The path to the pbs executables. nodes ()

Space-separated list of additional nodes to add to known hosts configuration file. The default is the empty list. keytypes (rsa1,rsa,dsa)

The types of ssh keys to generate. knownhosts (/etc/ssh/ssh_known_hosts)

The ssh known hosts file to update.

786 Chapter 1. Content Quattor Documentation, Release 0.0.1 knownhostsscript (/opt/edg/sbin/edg-pbs-knownhosts)

The script to run for generating the known hosts. targets (optional, string[])

Specify what configuration files should be generated. The default is to generate a configuration for edg-pbs- knownhosts only, but is can be set to also - or alternatively - generate the configuration for edg-pbs-shostsequiv. The value is an array of strings that specify the disired behaviour: “pbsknownhosts/targets” = list(“pbsknownhosts”) will generate the edg-pbs-knownhosts config only; “pbsknownhosts/targets” = list(“shostsequiv”) will generate edg- pbs-shostsequiv config only; and “pbsknownhosts/targets” = list(“pbsknownhosts”,”shostsequiv”) will generate both. shostsConfigFile (optional, /opt/edg/etc/edg-pbs-shostsequiv.conf)

The location of the shosts-script configuration file. Normally this should not be changed. shosts (optional, /etc/ssh/shosts.equiv)

The ssh shosts.equiv file to update shostsscript (optional, /opt/edg/sbin/edg-pbs-shostsequiv)

The script to run for generating shosts.equiv.

Types

• /software/pbsknownhosts/pbsknownhosts_component – /software/pbsknownhosts/pbsknownhosts_component/configFile

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/pbsbin

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/nodes

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/keytypes

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/knownhosts

* Optional

1.4. configuration-modules-grid 787 Quattor Documentation, Release 0.0.1

* Type: string – /software/pbsknownhosts/pbsknownhosts_component/knownhostsscript

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/targets

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/shostsConfigFile

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/shosts

* Optional * Type: string – /software/pbsknownhosts/pbsknownhosts_component/shostsscript

* Optional * Type: string pbsserver

NAME pbsserver: NCM component to configure partially the pbs (torque) server.

DESCRIPTION

The pbsserver component configures the pbs (torque) server. Unsetting attributes of nodes doesn’t work (yet).

RESOURCES pbsroot (/var/spool/pbs)

The absolute path to the pbs root directory. binpath (/usr/bin)

The absolute path to the pbs binaries qmgr and pbsnodes. submitfilter

The content of the submit filter. This file will be written to the file $pbsroot/submit_filter and a reference to this put into the $pbsroot/torque.cfg file. If this is not specified, the reference to the script will be removed.

788 Chapter 1. Content Quattor Documentation, Release 0.0.1 env

A named list with the environment to use for the pbs server. As a security feature, pbs removes the current environment when it starts and substitutes the environment defined in this file. Typical things to set are the PATH and LANG. Optionally for torque, the variable TORQUEKEEPCOMPLETED can be set to keep jobs in a “completed” state for 5 minutes after they complete. This is very useful for debugging problems.

“/software/components/pbsserver/server” ? pbs_server

Sets the configuration of the server. Structure as follows: “/software/components/pbsserver/server/manualconfig” : boolean Set to false gives complete control to ncm-pbsserver, meaning that it will configure defined attributes and will remove existing non-defined ones. Set to true will configure defined ones, but not remove existing non-defined ones, thus allowing local configuration of other attributes. “/software/components/pbsserver/server/attlist” ? pbs_server_attlist A named list with attributes to be set for the server through qmgr.

“/software/components/pbsserver/queue” ? pbs_queuelist

Sets the configuration of the queue. Structure as follows: “/software/components/pbsserver/queue/manualconfig” : boolean Same as /software/components/pbsserver/server/manualconfig, but will remove queues completely if set to false. “/software/components/pbsserver/queue/queuelist” ? pbs_queue A named list where the key is the name of the queue and the value of the type pbs_queue. This type has also a manualconfig to allow manual configuration of the attributes of the queue. It also can have an entry attlist of type pbs_queue_attlist, which is a named list with the attributes of that queue.

“/software/components/pbsserver/node” ? pbs_node_list

Analog to /software/components/pbsserver/queue, with entries manaulconfig and nodelist. Nodelist is a named list with the FQHN of the workernode as key and as value the type pbs_node, consisting of a manualconfig and an attlist of type pbs_node_attlist.

Types

• /software/pbsserver/pbs_server_extended_att – /software/pbsserver/pbs_server_extended_att/attribute

* Optional * Type: string – /software/pbsserver/pbs_server_extended_att/operator

* Optional * Type: string

1.4. configuration-modules-grid 789 Quattor Documentation, Release 0.0.1

– /software/pbsserver/pbs_server_extended_att/value

* Optional * Type: string • /software/pbsserver/pbs_server_attlist – /software/pbsserver/pbs_server_attlist/accounting_keep_days

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/acl_group_sloppy

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/acl_host_enable

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/acl_hosts

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/acl_logic_or

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/acl_user_enable

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/acl_roots

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/allow_node_submit

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/allow_proxy_user

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/auto_node_np

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/clone_batch_delay

790 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/clone_batch_size

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/credential_lifetime

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/comment

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/default_node

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/default_queue

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/down_on_error

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/disable_server_id_check

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/extra_resc

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/job_force_cancel_time

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/job_nanny

* Optional * Type: boolean

1.4. configuration-modules-grid 791 Quattor Documentation, Release 0.0.1

– /software/pbsserver/pbs_server_attlist/job_start_timeout

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/job_stat_rate

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/keep_completed

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/kill_delay

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/lock_file

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/lock_file_check_time

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/lock_file_update_time

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/log_events

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/log_file_max_size

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/log_file_roll_depth

792 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/log_keep_days

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/log_level

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/mail_body_fmt

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/mail_domain

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/mail_from

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/mail_subject_fmt

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/mail_uid

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/managers

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/max_job_array_size

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/max_slot_limit

* Optional

1.4. configuration-modules-grid 793 Quattor Documentation, Release 0.0.1

* Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/max_running

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/max_user_run

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/max_user_queuable

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/max_group_run

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/mom_job_sync

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/next_job_number

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/no_mail_force

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/node_check_rate

* Optional * Type: long * Range: 10.. – /software/pbsserver/pbs_server_attlist/node_pack

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/node_ping_rate

794 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long * Range: 10.. – /software/pbsserver/pbs_server_attlist/node_suffix

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/np_default

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/operators

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/owner_purge

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/poll_jobs

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/query_other_jobs

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/resources_available

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/resources_available.nodect

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/resources_default

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/resources_default.nodect

* Optional * Type: long * Range: 1..

1.4. configuration-modules-grid 795 Quattor Documentation, Release 0.0.1

– /software/pbsserver/pbs_server_attlist/resources_default.nodes

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/resources_max

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/sched_version

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/scheduler_iteration

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/scheduling

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/server_name

* Optional * Type: type_hostname – /software/pbsserver/pbs_server_attlist/submit_hosts

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/tcp_timeout

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_server_attlist/checkpoint_dir

* Optional * Type: string – /software/pbsserver/pbs_server_attlist/moab_array_compatible

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/authorized_users

* Optional * Type: string

796 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/pbsserver/pbs_server_attlist/record_job_info

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/record_job_script

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/use_jobs_subdirs

* Optional * Type: boolean – /software/pbsserver/pbs_server_attlist/thread_idle_seconds

* Optional * Type: long * Range: -1.. – /software/pbsserver/pbs_server_attlist/max_threads

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/min_threads

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_server_attlist/legacy_vmem

* Optional * Type: boolean • /software/pbsserver/pbs_server – /software/pbsserver/pbs_server/manualconfig

* Optional * Type: boolean – /software/pbsserver/pbs_server/attlist

* Optional * Type: pbs_server_attlist – /software/pbsserver/pbs_server/extended_att

* Optional * Type: pbs_server_extended_att • /software/pbsserver/pbs_queue_attlist – /software/pbsserver/pbs_queue_attlist/acl_group_enable

1.4. configuration-modules-grid 797 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/acl_group_sloppy

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/acl_groups

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/acl_host_enable

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/acl_hosts

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/acl_logic_or

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/acl_user_enable

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/acl_users

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/alter_router

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/checkpoint_defaults

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/checkpoint_min

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/disallowed

* Optional * Type: string

798 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/pbsserver/pbs_queue_attlist/enabled

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/from_route_only

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/is_transit

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/keep_completed

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/kill_delay

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/max_queuable

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/max_group_run

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/max_user_run

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/max_user_queuable

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/max_running

* Optional * Type: long

1.4. configuration-modules-grid 799 Quattor Documentation, Release 0.0.1

* Range: 1.. – /software/pbsserver/pbs_queue_attlist/Priority

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/queue_type

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_available.nodect

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_default.mem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_default.ncpus

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/resources_default.neednodes

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_default.nice

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/resources_default.nodect

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_default.nodes

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_default.pmem

* Optional

800 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/pbsserver/pbs_queue_attlist/resources_default.procct

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_default.pvmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_default.vmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_default.walltime

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.cput

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.file

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.mem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.nice

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_max.nodect

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_max.nodes

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_max.pcput

1.4. configuration-modules-grid 801 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.pmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.procct

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_max.pvmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.vmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_max.walltime

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_min.mem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_min.nice

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_queue_attlist/resources_min.pmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_min.pvmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_min.vmem

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/resources_min.walltime

* Optional

802 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/pbsserver/pbs_queue_attlist/started

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/route_destinations

* Optional * Type: string – /software/pbsserver/pbs_queue_attlist/route_held_jobs

* Optional * Type: boolean – /software/pbsserver/pbs_queue_attlist/route_lifetime

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/route_retry_time

* Optional * Type: long * Range: 0.. – /software/pbsserver/pbs_queue_attlist/route_waiting_jobs

* Optional * Type: boolean • /software/pbsserver/pbs_queue – /software/pbsserver/pbs_queue/manualconfig

* Optional * Type: boolean – /software/pbsserver/pbs_queue/attlist

* Optional * Type: pbs_queue_attlist • /software/pbsserver/pbs_queuelist – /software/pbsserver/pbs_queuelist/manualconfig

* Optional * Type: boolean – /software/pbsserver/pbs_queuelist/queuelist

* Optional * Type: pbs_queue • /software/pbsserver/pbs_node_attlist

1.4. configuration-modules-grid 803 Quattor Documentation, Release 0.0.1

– /software/pbsserver/pbs_node_attlist/np

* Optional * Type: long * Range: 1.. – /software/pbsserver/pbs_node_attlist/properties

* Optional * Type: string – /software/pbsserver/pbs_node_attlist/state

* Optional * Type: string – /software/pbsserver/pbs_node_attlist/ntype

* Optional * Type: string • /software/pbsserver/pbs_node – /software/pbsserver/pbs_node/manualconfig

* Optional * Type: boolean – /software/pbsserver/pbs_node/attlist

* Optional * Type: pbs_node_attlist • /software/pbsserver/pbs_nodelist – /software/pbsserver/pbs_nodelist/manualconfig

* Optional * Type: boolean – /software/pbsserver/pbs_nodelist/nodelist

* Optional * Type: pbs_node • /software/pbsserver/pbsserver_component – /software/pbsserver/pbsserver_component/pbsroot

* Optional * Type: string – /software/pbsserver/pbsserver_component/binpath

* Optional * Type: string – /software/pbsserver/pbsserver_component/submitfilter

* Optional

804 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/pbsserver/pbsserver_component/env

* Optional * Type: string – /software/pbsserver/pbsserver_component/server

* Optional * Type: pbs_server – /software/pbsserver/pbsserver_component/queue

* Optional * Type: pbs_queuelist – /software/pbsserver/pbsserver_component/node

* Optional * Type: pbs_nodelist – /software/pbsserver/pbsserver_component/ignoretorquecfg

* Optional * Type: boolean

vomsclient

NAME

vomsclient: NCM component to manage VOMS client configuration

DESCRIPTION

The vomsclient component manages the configuration for the VOMS clients. This writes the VOMS server certificates to the vomsCertsDir directory and the VOMS server parameters to the vomsServersDir directory.

RESOURCES

/software/components/vomsclient/vomsCertsDir (/etc/grid-security/vomsdir)

The directory to write the VOMS server certificates into. If the directory doesn’t exist, it is created. It will remove all managed files and create new ones each time the configuration is done.

/software/components/vomsclient/vomsServersDir (/opt/edg/etc/vomses)

The directory to write the VOMS server parameters into. If the directory doesn’t exist, it is created. It will remove all managed file and create new ones each time the configuration is done.

1.4. configuration-modules-grid 805 Quattor Documentation, Release 0.0.1

/software/components/vomsclient/vos

This is a named list of VOMS VO information. Each key should be the VO name. The value is a list of nlist : each nlist describes one VOMS server supporting the VO. Supported properties for each VOMS server are described below.

VOMS server properties

Each VOMS server is described with a nlist. The following properties can be used to describe one VOMS server. name (optional, deprecated)

The complete name of the VO, if the ‘vos’ key is an alias name. This property is deprecated : it is recommended to use the complete name of the VO as ‘vos’ key. host (required)

The complete hostname of the VOMS server. port (required)

The port number of the VOMS server. cert (required)

The certificate for the server. oldcert (optional)

The expiring certificate for the server. This allows smooth transition between 2 certificates.

DN (optional)

DN of VOMS server certificate issuer (optional)

DN of VOMS server certificate issuer. lscfile (optional)

Use LSC format instead of certificate to configure vomsCertsDir

806 Chapter 1. Content Quattor Documentation, Release 0.0.1

EXAMPLE

“/software/components/vomsclient/vos” = npush(“somevo.example.org”, list(nlist( “host”,”vo.somevo.example.org”, “port”,”20000”, “cert”, <

Types

• /software/vomsclient/structure_vomsclient_voms_info – /software/vomsclient/structure_vomsclient_voms_info/name

* Optional * Type: string – /software/vomsclient/structure_vomsclient_voms_info/host

* Optional * Type: type_fqdn – /software/vomsclient/structure_vomsclient_voms_info/port

* Optional * Type: type_port – /software/vomsclient/structure_vomsclient_voms_info/cert

* Optional * Type: string – /software/vomsclient/structure_vomsclient_voms_info/oldcert

* Optional * Type: string – /software/vomsclient/structure_vomsclient_voms_info/DN

* Optional * Type: string – /software/vomsclient/structure_vomsclient_voms_info/issuer

* Optional * Type: string • /software/vomsclient/vomsclient_component – /software/vomsclient/vomsclient_component/lscfile

* Optional * Type: boolean – /software/vomsclient/vomsclient_component/vomsCertsDir

* Optional * Type: string

1.4. configuration-modules-grid 807 Quattor Documentation, Release 0.0.1

– /software/vomsclient/vomsclient_component/vomsServersDir

* Optional * Type: string – /software/vomsclient/vomsclient_component/vos

* Optional * Type: structure_vomsclient_voms_info wlconfig

NAME ncm-wlconfig: NCM wlconfig component

DESCRIPTION

The ncm-wlconfig component manages the configuration files of the WP1 NetworkServer, LogMonitor, JobController, and WorkloadManager services. All of these services read the /opt/edg/etc/edg_wl.conf file.

RESOURCES configFile (edg_wl.conf)

The name of the configuration file. It will be created in the location EDG_LOCATION/etc. user (edguser)

The username to use to run the services. grisCache (1)

If set to “1” it enables the UseCacheInsteadOfGris flag. This is used by the NetworkServer and the WorkloadManager. jobController condorSubmit ()

The absolute filename of the condor_submit executable. condorRemove ()

The absolute filename of the condor_rm executable.

808 Chapter 1. Content Quattor Documentation, Release 0.0.1 condorQuery ()

The absolute filename of the condor_q executable. condorSubmitDAG ()

The absolute filename of the condor_submit_dag executable. condorRelease ()

The absolute filename of the condor_release executable. submitFile

The directory where the temporary files are created (CondorG submit file and job wrapper scripts). outputFile

The directory where the standard output and error streams of CondorG are cached. queueFile

The JobController input queue of requests. log/file

The absolute file name of the JobController log file. log/level (5)

The level for the logging. container (1000)

The number of jobs after which the JobController must re-read the IdRepositoryName LogMonitor file.

LogMonitor jobsPerCondorLog (1000)

The number of jobs whose events are recorded for each single CondorG log file. I.e. every jobsPerCondorLog jobs, the log file is changed.

1.4. configuration-modules-grid 809 Quattor Documentation, Release 0.0.1 mainLoopDuration (10)

It defines how often the LogMonitor reads the CondorG log file. I.e. every mainLoopDuration seconds the LogMonitor reads these files. condorLogDir

The directory where the CondorG log file are created. condorRecycleDir

The directory where the CondorG log files which have already been read are stored. internalMonitorDir

The directory where some files needed by the LogMonitor service are created and stored. idRepositoryName (irepository.dat)

The name of the file used by the LogMonitor for internal purposes (the storage of the jobID/CondorID correspon- dance). abortedJobsTimeout (600)

The timeout (in seconds) to have a cancelled job forgotten by the LogMonitor (useful when the job hangs in the CondorG queue). log/file

The absolute file name of the JobController log file. log/level (5)

The level for the logging.

NetworkServer iiHost, iiPort, iiDN, iiTimeout

The contact parameters for the II. The host must be defined by the user. The default values are 2135, “mds-vo- name=local, o=grid”, and 30 for the iiPort, iiDN, and iiTimeout parameters, respectively.

810 Chapter 1. Content Quattor Documentation, Release 0.0.1 grisPort, grisDN, grisTimeout

The contact parameters for the GRISes. The default values are 2135, “mds-vo-name=local, o=grid”, and 20 for the grisPort, grisDN, and grisTimeout parameters, respectively. listeningPort (7772)

The port used by the NetworkServer to receive requests. masterThreads (8)

The maximum number of simultaneous connections with UserInterfaces. dispatcherThreads (8)

The maximum number of simultaneous connections (to forward the incoming requests) with the WorkloadManager. sandboxStagingPath

The absolute pathname of the sandbox staging directory. It is also the location where the .BrokerInfo file is stored. quotaManagement

Boolean indicating whether the system should check file quotas for the input sandboxes. quotaManagement, quotaSandboxSize

The quotaManagement flag is a boolean indicating whether or not the quotas should be checked for the input sand- boxes. The quotaSandboxSize is the maximum size of a single input sandbox. quotaAdjustment, quotaAdjustmentAmount

The quotaAdjustment is a boolean indicating whether or not dynamic quotas should be used (i.e. the system ad- ministrator has not set a system quota). The adjustment amount is the value by which the dynamic quota is in- creased/decreased as jobs enter and leave the system. reservedDiskPercentage (2.0)

Is a double representing the percentage of the disk (storing the sandboxes) which the administrator wants to keep unassigned. So if the free space is less than this amount, no new jobs can be accepted. log/file

The absolute file name of the JobController log file.

1.4. configuration-modules-grid 811 Quattor Documentation, Release 0.0.1 log/level (5)

The level for the logging.

WorkloadManager pipeDepth (1)

The maximum size of the buffer between the dispatcher and worker threads. workerThreads (1)

The size of the workerThread pool. dispatcherType (filelist)

Defines the type of the input queue of requests. inputFile

Input queue of the requests for the WorkloadManager. maxRetryCount (10)

The maximum number of times the WorkloadManager can try to re-schedule and re-submit a job in case of system failures. hostProxyFile

This must be the same as the X509_USER_PROXY value specified in the edg-wl-ns start up script. log/file

The absolute file name of the JobController log file. log/level (5)

The level for the logging.

812 Chapter 1. Content Quattor Documentation, Release 0.0.1

Types

• /software/wlconfig/structure_wl_log – /software/wlconfig/structure_wl_log/file

* Optional * Type: string – /software/wlconfig/structure_wl_log/level

* Optional * Type: long * Range: 1.. • /software/wlconfig/structure_wl_jobcontroller – /software/wlconfig/structure_wl_jobcontroller/condorSubmit

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/condorRemove

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/condorQuery

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/condorSubmitDAG

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/condorRelease

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/container

* Optional * Type: long – /software/wlconfig/structure_wl_jobcontroller/submitFile

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/outputFile

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/queueFile

* Optional

1.4. configuration-modules-grid 813 Quattor Documentation, Release 0.0.1

* Type: string – /software/wlconfig/structure_wl_jobcontroller/lockFile

* Optional * Type: string – /software/wlconfig/structure_wl_jobcontroller/log

* Optional * Type: structure_wl_log • /software/wlconfig/structure_wl_logmonitor – /software/wlconfig/structure_wl_logmonitor/jobsPerCondorLog

* Optional * Type: long * Range: 1.. – /software/wlconfig/structure_wl_logmonitor/mainLoopDuration

* Optional * Type: long * Range: 1.. – /software/wlconfig/structure_wl_logmonitor/condorLogDir

* Optional * Type: string – /software/wlconfig/structure_wl_logmonitor/condorRecycleDir

* Optional * Type: string – /software/wlconfig/structure_wl_logmonitor/monitorInternalDir

* Optional * Type: string – /software/wlconfig/structure_wl_logmonitor/idRepositoryName

* Optional * Type: string – /software/wlconfig/structure_wl_logmonitor/abortedJobsTimeout

* Optional * Type: long * Range: 1.. – /software/wlconfig/structure_wl_logmonitor/externalLogFile

* Optional * Type: string – /software/wlconfig/structure_wl_logmonitor/lockFile

814 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/wlconfig/structure_wl_logmonitor/log

* Optional * Type: structure_wl_log • /software/wlconfig/structure_wl_networkserver – /software/wlconfig/structure_wl_networkserver/iiPort

* Optional * Type: type_port – /software/wlconfig/structure_wl_networkserver/iiTimeout

* Optional * Type: long * Range: 1.. – /software/wlconfig/structure_wl_networkserver/iiDN

* Optional * Type: string – /software/wlconfig/structure_wl_networkserver/iiHost

* Optional * Type: type_hostname – /software/wlconfig/structure_wl_networkserver/grisPort

* Optional * Type: type_port – /software/wlconfig/structure_wl_networkserver/grisTimeout

* Optional * Type: long * Range: 1.. – /software/wlconfig/structure_wl_networkserver/grisDN

* Optional * Type: string – /software/wlconfig/structure_wl_networkserver/backLogSize

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_networkserver/listeningPort

* Optional * Type: type_port

1.4. configuration-modules-grid 815 Quattor Documentation, Release 0.0.1

– /software/wlconfig/structure_wl_networkserver/masterThreads

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_networkserver/dispatcherThreads

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_networkserver/sandboxStagingPath

* Optional * Type: string – /software/wlconfig/structure_wl_networkserver/quotaManagement

* Optional * Type: boolean – /software/wlconfig/structure_wl_networkserver/quotaSandboxSize

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_networkserver/quotaAdjustment

* Optional * Type: boolean – /software/wlconfig/structure_wl_networkserver/quotaAdjustmentAmount

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_networkserver/reservedDiskPercentage

* Optional * Type: double – /software/wlconfig/structure_wl_networkserver/log

* Optional * Type: structure_wl_log – /software/wlconfig/structure_wl_networkserver/DLICatalog

* Optional * Type: string – /software/wlconfig/structure_wl_networkserver/RLSCatalog

* Optional

816 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/wlconfig/structure_wl_workloadmanager – /software/wlconfig/structure_wl_workloadmanager/pipeDepth

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_workloadmanager/workerThreads

* Optional * Type: long * Range: 0.. – /software/wlconfig/structure_wl_workloadmanager/dispatcherType

* Optional * Type: string – /software/wlconfig/structure_wl_workloadmanager/inputFile

* Optional * Type: string – /software/wlconfig/structure_wl_workloadmanager/maxRetryCount

* Optional * Type: long * Range: 1.. – /software/wlconfig/structure_wl_workloadmanager/log

* Optional * Type: structure_wl_log • /software/wlconfig/wlconfig_component – /software/wlconfig/wlconfig_component/configFile

* Optional * Type: string – /software/wlconfig/wlconfig_component/user

* Optional * Type: string – /software/wlconfig/wlconfig_component/hostProxyFile

* Optional * Type: string – /software/wlconfig/wlconfig_component/grisCache

* Optional * Type: long

1.4. configuration-modules-grid 817 Quattor Documentation, Release 0.0.1

* Range: 1.. – /software/wlconfig/wlconfig_component/useCachedResourceInfo

* Optional * Type: boolean – /software/wlconfig/wlconfig_component/jobController

* Optional * Type: structure_wl_jobcontroller – /software/wlconfig/wlconfig_component/logMonitor

* Optional * Type: structure_wl_logmonitor – /software/wlconfig/wlconfig_component/networkServer

* Optional * Type: structure_wl_networkserver – /software/wlconfig/wlconfig_component/workloadManager

* Optional * Type: structure_wl_workloadmanager wmsclient

NAME wmsclient: NCM component to configure gLite WMS and EDG RB clients

DESCRIPTION

The ncm-wmsclient component manages the configuration file of gLite WMS (both LB/NB and WMProxy interfaces) and EDG RB clients command line interface. It creates both the site default variables and per VO configuration files. Part of the configuration information used by this component comes from /system/vo/VONAME/services. EDG RB information (legacy) is directly under this configuration path, gLite WMS configuration is under /sys- tem/vo/VONAME/services/wms. Both share the same structure too.

RESOURCES wmsclient supports both gLite WMS with NS/LB interface or WMProxy interface and EDG RB. Information resources to describe all have the same structure. There must be one for each variant to configure. Supported MW variants are ‘edg’, ‘glite’ and ‘wmproxy’.

/software/components/wmsclient/MW_VARIANT/active

Set to true to configure this WMS/RB variant. Default : true (for a present variant).

818 Chapter 1. Content Quattor Documentation, Release 0.0.1

/software/components/wmsclient/MW_VARIANT/basedir

The base directory to use for generating VO-specific configuration file. It defaults to EDG_LOCATION/etc (or /opt/edg/etc if EDG_LOCATION is not defined) for EDG RB, and to GLITE_LOCATION/etc (or /opt/glite/etc if GLITE_LOCATION is not defined) for gLite WMS.

/software/components/wmsclient/MW_VARIANT/defaultAttrs

Set of properties and resources allowing to override default values for WMS/RB default ClassAds files. To know the exact set of supported properties, look at ncm-wmsclient schema. To be taken into account, a property must be listed in the template file for default ClassAds. Default values should be appropriate.

VO specific configuration

VO specific configuration is under /system/vo configuration path. There is one entry per VO. In the resource for each VO, this component uses the items described below. Except for VO full name, information is under ‘services’ for EDG RB and under ‘services/wms’ for gLite WMS.

/system/vo/*/name

The official name of the VO. Default : none. services/lbhosts (required)

The list of logging and bookkeeping servers for this VO. (Usually the same as the resource broker list). If not present, configuration of WMS/RB client for this VO is ignored. Default : none. services/nshosts

The list of network server hosts (i.e. resource brokers) for this VO. It is a required property for EDG RB and for gLite WMS with NS/LB interface (‘glite’ variant). They are ignored for ‘wmproxy’. Default : none. services/wmproxies (‘wmproxy’ only, required)

The list of gLite WMS proxy endpoints for this VO. It is a required property for gLite WMS and it is not supported for EDG RB. Default : none.

1.4. configuration-modules-grid 819 Quattor Documentation, Release 0.0.1 services/myproxy (optional)

The myproxy server to use for this VO. Default : none. services/hlr (optional)

The HLR (accounting) server to use for this VO. Default : none.

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Michel Jouvin <>

MAINTAINER

Michel Jouvin <>

VERSION

1.3.3

SEE ALSO ncm-ncd(1)

Types

• /software/wmsclient/wmsclient_component_mw_ce_attrs – /software/wmsclient/wmsclient_component_mw_ce_attrs/rank

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_ce_attrs/rankMPI

* Optional

820 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/wmsclient/wmsclient_component_mw_ce_attrs/requirements

* Optional * Type: string • /software/wmsclient/wmsclient_component_mw_def_attrs – /software/wmsclient/wmsclient_component_mw_def_attrs/defaultSchema

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_def_attrs/CEAttrs

* Optional * Type: wmsclient_component_mw_ce_attrs – /software/wmsclient/wmsclient_component_mw_def_attrs/defaultVO

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_def_attrs/errorStorage

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_def_attrs/loggingDestination

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_def_attrs/listenerPort

* Optional * Type: type_port – /software/wmsclient/wmsclient_component_mw_def_attrs/listenerStorage

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_def_attrs/loggingLevel

* Optional * Type: long – /software/wmsclient/wmsclient_component_mw_def_attrs/loggingSyncTimeout

* Optional * Type: long – /software/wmsclient/wmsclient_component_mw_def_attrs/loggingTimeout

* Optional * Type: long – /software/wmsclient/wmsclient_component_mw_def_attrs/NSLoggerLevel

1.4. configuration-modules-grid 821 Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/wmsclient/wmsclient_component_mw_def_attrs/outputStorage

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_def_attrs/retryCount

* Optional * Type: long – /software/wmsclient/wmsclient_component_mw_def_attrs/statusLevel

* Optional * Type: long • /software/wmsclient/wmsclient_component_mw_entry – /software/wmsclient/wmsclient_component_mw_entry/active

* Optional * Type: boolean – /software/wmsclient/wmsclient_component_mw_entry/configDir

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_entry/classAdsHelper

* Optional * Type: string – /software/wmsclient/wmsclient_component_mw_entry/defaultAttrs

* Optional * Type: wmsclient_component_mw_def_attrs • /software/wmsclient/wmsclient_component – /software/wmsclient/wmsclient_component/edg

* Optional * Type: wmsclient_component_mw_entry – /software/wmsclient/wmsclient_component/glite

* Optional * Type: wmsclient_component_mw_entry – /software/wmsclient/wmsclient_component/wmproxy

* Optional * Type: wmsclient_component_mw_entry

822 Chapter 1. Content Quattor Documentation, Release 0.0.1 wmslb

NAME wmslb : NCM component to configure gLite WMS and LB

DESCRIPTION

This NCM component allows to configure gLite WMS and LB.

RESOURCES

/software/components/@COMP/envScript : string (required)

Name of the shell script containing environment variables used by WMS/LB startup scripts to configure the services. Default : /etc/profile.d/glite-wms-vars.sh

/software/components/@COMP/env : nlist of string (optional)

Each nlist element defines an environment variable to be added to envScript. Key is the variable name, value is variable value. For the complete list of supported variables and their default values, see schema.tpl. Default : see schema.tpl

/software/components/@COMP/services : nlist (optional)

Per service configuration. For the list of supported services, see schema.tpl. Default : none

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Michel Jouvin <>

MAINTAINER

Michel Jouvin <>

1.4. configuration-modules-grid 823 Quattor Documentation, Release 0.0.1

VERSION

2.2.0

SEE ALSO ncm-ncd(1)

Types

• /software/wmslb/wmslb_component_env – /software/wmslb/wmslb_component_env/GLITE_LOCATION

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_LOCATION_LOG

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_LOCATION_TMP

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_LOCATION_VAR

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_LB_TYPE

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_WMS_LOCATION_VAR

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_WMS_TMP

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_WMS_USER

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_WMS_GROUP

* Optional * Type: string

824 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/wmslb/wmslb_component_env/GLITE_HOST_CERT

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_HOST_KEY

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_WMS_QUERY_TIMEOUT

* Optional * Type: long – /software/wmslb/wmslb_component_env/GLITE_WMS_WMPROXY_MAX_SERVED_REQUESTS

* Optional * Type: long – /software/wmslb/wmslb_component_env/GLITE_PR_TIMEOUT

* Optional * Type: long – /software/wmslb/wmslb_component_env/GLITE_SD_PLUGIN

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_HOST_KEY

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_HOST_CERT

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLOBUS_LOCATION

* Optional * Type: string – /software/wmslb/wmslb_component_env/CONDORG_INSTALL_PATH

* Optional * Type: string – /software/wmslb/wmslb_component_env/CONDOR_CONFIG

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_USER

* Optional

1.4. configuration-modules-grid 825 Quattor Documentation, Release 0.0.1

* Type: string – /software/wmslb/wmslb_component_env/X509_CERT_DIR

* Optional * Type: string – /software/wmslb/wmslb_component_env/X509_VOMS_DIR

* Optional * Type: string – /software/wmslb/wmslb_component_env/MYPROXY_TCP_PORT_RANGE

* Optional * Type: string – /software/wmslb/wmslb_component_env/HOSTNAME

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_JOBWRAPPER_TEMPLATE

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_USR

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_BIN

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_ETC

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_LIBEXEC

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_LOG

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_SBIN

* Optional * Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_TMP

* Optional

826 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/wmslb/wmslb_component_env/WMS_LOCATION_VAR

* Optional * Type: string – /software/wmslb/wmslb_component_env/GLITE_WMS_CONFIG_DIR

* Optional * Type: string – /software/wmslb/wmslb_component_env/LCG_GFAL_INFOSYS

* Optional * Type: string – /software/wmslb/wmslb_component_env/LD_LIBRARY_PATH

* Optional * Type: string • /software/wmslb/wmslb_component_service_special_dirs – /software/wmslb/wmslb_component_service_special_dirs/perms

* Optional * Type: string • /software/wmslb/wmslb_component_service_conf_file – /software/wmslb/wmslb_component_service_conf_file/template

* Optional * Type: string • /software/wmslb/wmslb_component_service_common – /software/wmslb/wmslb_component_service_common/name

* Optional * Type: string – /software/wmslb/wmslb_component_service_common/workDirs

* Optional * Type: string – /software/wmslb/wmslb_component_service_common/specialDirs

* Optional * Type: wmslb_component_service_special_dirs – /software/wmslb/wmslb_component_service_common/confFiles

* Optional * Type: wmslb_component_service_conf_file • /software/wmslb/wmslb_component_service_ice_opts – /software/wmslb/wmslb_component_service_ice_opts/log_on_file

1.4. configuration-modules-grid 827 Quattor Documentation, Release 0.0.1

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/log_on_console

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/listener_port

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/Input

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/InputType

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/logfile

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/start_poller

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/purge_jobs

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/start_listener

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/start_subscription_updater

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/subscription_update_threshold_time

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/subscription_duration

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/poller_delay

828 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/poller_status_threshold_time

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/start_job_killer

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/job_cancellation_threshold_time

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/start_proxy_renewer

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/start_lease_updater

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/ice_host_cert

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/ice_host_key

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/cream_url_prefix

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/cream_url_postfix

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/creamdelegation_url_prefix

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/creamdelegation_url_postfix

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/cemon_url_prefix

1.4. configuration-modules-grid 829 Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/cemon_url_postfix

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/ice_topic

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/lease_delta_time

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/notification_frequency

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/ice_log_level

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/listener_enable_authn

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/listener_enable_authz

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ice_opts/max_logfile_size

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/max_logfile_rotations

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/max_ice_threads

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/persist_dir

* Optional * Type: string – /software/wmslb/wmslb_component_service_ice_opts/soap_timeout

830 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/proxy_renewal_frequency

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/bulk_query_size

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/lease_update_frequency

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/max_ice_mem

* Optional * Type: long – /software/wmslb/wmslb_component_service_ice_opts/ice_empty_threshold

* Optional * Type: long • /software/wmslb/wmslb_component_service_ice – /software/wmslb/wmslb_component_service_ice/options

* Optional * Type: wmslb_component_service_ice_opts • /software/wmslb/wmslb_component_service_jc_opts – /software/wmslb/wmslb_component_service_jc_opts/CondorSubmit

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/CondorRemove

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/CondorQuery

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/CondorRelease

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/CondorDagman

* Optional

1.4. configuration-modules-grid 831 Quattor Documentation, Release 0.0.1

* Type: string – /software/wmslb/wmslb_component_service_jc_opts/SubmitFileDir

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/OutputFileDir

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/Input

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/InputType

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/MaximumTimeAllowedForCondorMatch

* Optional * Type: long – /software/wmslb/wmslb_component_service_jc_opts/DagmanMaxPre

* Optional * Type: long – /software/wmslb/wmslb_component_service_jc_opts/LockFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/LogFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_jc_opts/LogLevel

* Optional * Type: long * Range: 1..6 – /software/wmslb/wmslb_component_service_jc_opts/ContainerRefreshThreshold

* Optional * Type: long • /software/wmslb/wmslb_component_service_jc – /software/wmslb/wmslb_component_service_jc/options

* Optional * Type: wmslb_component_service_jc_opts

832 Chapter 1. Content Quattor Documentation, Release 0.0.1

• /software/wmslb/wmslb_component_service_lbproxy_opts • /software/wmslb/wmslb_component_service_lbproxy – /software/wmslb/wmslb_component_service_lbproxy/options

* Optional * Type: wmslb_component_service_lbproxy_opts • /software/wmslb/wmslb_component_service_lm_opts – /software/wmslb/wmslb_component_service_lm_opts/JobsPerCondorLog

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/LockFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/LogFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/LogLevel

* Optional * Type: long * Range: 1..6 – /software/wmslb/wmslb_component_service_lm_opts/ExternalLogFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/MainLoopDuration

* Optional * Type: long – /software/wmslb/wmslb_component_service_lm_opts/CondorLogDir

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/CondorLogRecycleDir

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/MonitorInternalDir

* Optional * Type: string – /software/wmslb/wmslb_component_service_lm_opts/IdRepositoryName

* Optional

1.4. configuration-modules-grid 833 Quattor Documentation, Release 0.0.1

* Type: string – /software/wmslb/wmslb_component_service_lm_opts/AbortedJobsTimeout

* Optional * Type: long – /software/wmslb/wmslb_component_service_lm_opts/RemoveJobFiles

* Optional * Type: boolean • /software/wmslb/wmslb_component_service_lm – /software/wmslb/wmslb_component_service_lm/options

* Optional * Type: wmslb_component_service_lm_opts • /software/wmslb/wmslb_component_service_logger_opts • /software/wmslb/wmslb_component_service_logger – /software/wmslb/wmslb_component_service_logger/options

* Optional * Type: wmslb_component_service_logger_opts • /software/wmslb/wmslb_component_service_ns_opts – /software/wmslb/wmslb_component_service_ns_opts/II_Port

* Optional * Type: string – /software/wmslb/wmslb_component_service_ns_opts/Gris_Port

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/II_Timeout

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/Gris_Timeout

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/II_DN

* Optional * Type: string – /software/wmslb/wmslb_component_service_ns_opts/Gris_DN

* Optional * Type: string – /software/wmslb/wmslb_component_service_ns_opts/II_Contact

834 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/wmslb/wmslb_component_service_ns_opts/BacklogSize

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/ListeningPort

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/MasterThreads

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/DispatcherThreads

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/SandboxStagingPath

* Optional * Type: string – /software/wmslb/wmslb_component_service_ns_opts/LogFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_ns_opts/LogLevel

* Optional * Type: long * Range: 1..6 – /software/wmslb/wmslb_component_service_ns_opts/EnableQuotaManagement

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ns_opts/MaxInputSandboxSize

* Optional * Type: long – /software/wmslb/wmslb_component_service_ns_opts/EnableDynamicQuotaAdjustment

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_ns_opts/QuotaAdjustmentAmount

* Optional * Type: long

1.4. configuration-modules-grid 835 Quattor Documentation, Release 0.0.1

– /software/wmslb/wmslb_component_service_ns_opts/QuotaInsensibleDiskPortion

* Optional * Type: long • /software/wmslb/wmslb_component_service_ns – /software/wmslb/wmslb_component_service_ns/options

* Optional * Type: wmslb_component_service_ns_opts • /software/wmslb/wmslb_component_service_wm_opts – /software/wmslb/wmslb_component_service_wm_opts/CeMonitorAsyncPort

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/CeMonitorServices

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/DispatcherType

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/EnableBulkMM

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wm_opts/EnableIsmIiGlue13Purchasing

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wm_opts/EnableIsmIiGlue20Purchasing

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wm_opts/EnableRecovery

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wm_opts/ExpiryPeriod

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/Input

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/IsmBlackList

836 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/IsmDump

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/IsmIiG2LDAPCEFilterExt

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/IsmIiG2LDAPSEFilterExt

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/IsmIiLDAPCEFilterExt

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/IsmIiPurchasingRate

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/IsmThreads

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wm_opts/IsmUpdateRate

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/JobWrapperTemplateDir

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/LogFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/LogLevel

* Optional * Type: long * Range: 1..6 – /software/wmslb/wmslb_component_service_wm_opts/MaxReplansCount

* Optional * Type: long

1.4. configuration-modules-grid 837 Quattor Documentation, Release 0.0.1

– /software/wmslb/wmslb_component_service_wm_opts/MatchRetryPeriod

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/MaxOutputSandboxSize

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/MaxRetryCount

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/PropagateToLRMS

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/QueueSize

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/ReplanGracePeriod

* Optional * Type: long – /software/wmslb/wmslb_component_service_wm_opts/RuntimeMalloc

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/SbRetryDifferentProtocols

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wm_opts/WmsRequirements

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_opts/WorkerThreads

* Optional * Type: long • /software/wmslb/wmslb_component_service_wm_jw – /software/wmslb/wmslb_component_service_wm_jw/file

* Optional * Type: string – /software/wmslb/wmslb_component_service_wm_jw/contents

* Optional

838 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string • /software/wmslb/wmslb_component_service_wm – /software/wmslb/wmslb_component_service_wm/jobWrapper

* Optional * Type: wmslb_component_service_wm_jw – /software/wmslb/wmslb_component_service_wm/options

* Optional * Type: wmslb_component_service_wm_opts • /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_script – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_script/name

* Optional * Type: string • /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdCPULoad1

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdCPULoad5

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdCPULoad15

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdMemUsage

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdSwapUsage

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdFDNum

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdDiskUsage

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdFLSize

* Optional

1.4. configuration-modules-grid 839 Quattor Documentation, Release 0.0.1

* Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdFLNum

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdJDSize

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdJDNum

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_loadmonitor_opts/ThresholdFTPConn

* Optional * Type: long • /software/wmslb/wmslb_component_service_wmproxy_opts – /software/wmslb/wmslb_component_service_wmproxy_opts/ApacheLogLevel

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/ArgusAuthz

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wmproxy_opts/ArgusPepEndpoints

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/AsyncJobStart

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wmproxy_opts/EnableServiceDiscovery

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wmproxy_opts/GridFTPPort

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_opts/LBLocalLogger

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/LBServer

840 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/LBServiceDiscoveryType

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/ListMatchRootPath

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/LoadMonitor

* Optional * Type: wmslb_component_service_wmproxy_loadmonitor_opts – /software/wmslb/wmslb_component_service_wmproxy_opts/LogFile

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/LogLevel

* Optional * Type: long * Range: 1..6 – /software/wmslb/wmslb_component_service_wmproxy_opts/MaxServedRequests

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_opts/MinPerusalTimeInterval

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_opts/SandboxStagingPath

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmproxy_opts/ServiceDiscoveryInfoValidity

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmproxy_opts/WeightsCacheValidity

* Optional * Type: long • /software/wmslb/wmslb_component_service_wmproxy – /software/wmslb/wmslb_component_service_wmproxy/LoadMonitorScript

* Optional

1.4. configuration-modules-grid 841 Quattor Documentation, Release 0.0.1

* Type: wmslb_component_service_wmproxy_loadmonitor_script – /software/wmslb/wmslb_component_service_wmproxy/options

* Optional * Type: wmslb_component_service_wmproxy_opts • /software/wmslb/wmslb_component_service_wmsclient_opts – /software/wmslb/wmslb_component_service_wmsclient_opts/ErrorStorage

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/OutputStorage

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/ListenerStorage

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/virtualorganisation

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/rank

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/requirements

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/RetryCount

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmsclient_opts/ShallowRetryCount

* Optional * Type: long – /software/wmslb/wmslb_component_service_wmsclient_opts/WMProxyEndPoints

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/LBAddress

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/MyProxyServer

842 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/JobProvenance

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/PerusalFileEnable

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wmsclient_opts/AllowZippedISB

* Optional * Type: boolean – /software/wmslb/wmslb_component_service_wmsclient_opts/LBServiceDiscoveryType

* Optional * Type: string – /software/wmslb/wmslb_component_service_wmsclient_opts/WMProxyServiceDiscoveryType

* Optional * Type: string • /software/wmslb/wmslb_component_service_wmsclient – /software/wmslb/wmslb_component_service_wmsclient/options

* Optional * Type: wmslb_component_service_wmsclient_opts • /software/wmslb/wmslb_component_common_opts – /software/wmslb/wmslb_component_common_opts/LBProxy

* Optional * Type: boolean • /software/wmslb/wmslb_component_services – /software/wmslb/wmslb_component_services/ice

* Optional * Type: wmslb_component_service_ice – /software/wmslb/wmslb_component_services/jc

* Optional * Type: wmslb_component_service_jc – /software/wmslb/wmslb_component_services/lbproxy

* Optional * Type: wmslb_component_service_lbproxy – /software/wmslb/wmslb_component_services/logger

1.4. configuration-modules-grid 843 Quattor Documentation, Release 0.0.1

* Optional * Type: wmslb_component_service_logger – /software/wmslb/wmslb_component_services/lm

* Optional * Type: wmslb_component_service_lm – /software/wmslb/wmslb_component_services/ns

* Optional * Type: wmslb_component_service_ns – /software/wmslb/wmslb_component_services/wm

* Optional * Type: wmslb_component_service_wm – /software/wmslb/wmslb_component_services/wmproxy

* Optional * Type: wmslb_component_service_wmproxy – /software/wmslb/wmslb_component_services/wmsclient

* Optional * Type: wmslb_component_service_wmsclient • /software/wmslb/wmslb_component – /software/wmslb/wmslb_component/confFile

* Optional * Type: string – /software/wmslb/wmslb_component/env

* Optional * Type: wmslb_component_env – /software/wmslb/wmslb_component/envScript

* Optional * Type: string – /software/wmslb/wmslb_component/services

* Optional * Type: wmslb_component_services – /software/wmslb/wmslb_component/common

* Optional * Type: wmslb_component_common_opts – /software/wmslb/wmslb_component/workDirDefaultParent

* Optional * Type: string

844 Chapter 1. Content Quattor Documentation, Release 0.0.1 xrootd

NAME xrootd : NCM component to manage Xrootd configuration.

DESCRIPTION

This component allows to manage configuration of Xrootd services. The configuration description for Xrootd is made of 2 distinct parts: Hosts This is a description of all hosts participating to the Xrootd service with their role (disk server, redirector, federated redirector). Cluster-wide options These resources describe the configuration of the Xrootd cluster that applies to all the nodes participating to the service. Cluster-wide options are found under configuration path /software/components/xrootd. For the complete list of op- tions, see the schema. The main ones are described here. There are several subsets of options: General options These options are properties found directly under /software/components/xrootd. Service-specific options They are options that apply to a specific service or component of Xrootd. Examples are the DPM/Xrootd plugin, the token-based authentication, Xrootd instances. These subsets are resources located under /software/components/xrootd. Options can be required or optional. When they are required, if a default value is provided, it is not necessary to define them explicitly: the default value will be used if they are not provided.

Xrootd hosts

This resource describes the hosts participating to the Xrootd cluster. They are specified as a nlist where the key is the host name and the value is a nlist specifying host specific options. Valid properties in this nlist are: roles : list of strings (required)

Specify the Xrootd roles instanciated on the host. Valid values are : disk, redir, fredredir. Default : none

Xrootd general options

These options are properties found directly under /software/components/xrootd/options. Main ones are described below. authzLibraries: list of string (required)

This option describes the list of authorization libraries (plugins) to use. Default: none

1.4. configuration-modules-grid 845 Quattor Documentation, Release 0.0.1 configDir: string (required)

This option described where the Xrootd configuration information is located. This can be either an absolute path or a path related to installDir (see below). Default: etc/xrootd installDir: string (required)

Directory parent of the Xrootd installation. Default: / daemonGroup: string (required)

Group that Xrootd daemons run under. Default: none daemonUser: string (required)

Userid that Xrootd daemons run under. Default: none

MonALISAHost: string (optional)

MonALISA host to report Xrootd statistics to. Default: none monitoringOptions : string (optional)

Options passed to xrootd.monitor directive for disk servers and local redirector. Default : none ofsPlugin: string (required)

Specifies the Xrootd plugin to use for the file-system backend. Default: Ofs reportingOptions : string (optional)

Options passed to xrd.report directive for disk servers and local redirector. Default : none

846 Chapter 1. Content Quattor Documentation, Release 0.0.1 restartServices : boolean (required)

This flag indicated if Xrootd services must be restarted after a configuration change. Default: true

Xrootd instances

There are two main services in a Xrootd cluster: xrootd Several instances of this service can coexist on the same host, one for each of its roles (disk, redirector, federated redirector). Information about these instances are found under /software/components/xrootd/options/xrootdInstances. One xrootd instance must exist on every xrootd host. cmsd There must be one cmsd instance for each federation the Xrootd is participated in (a cmsd instance must exist matching each xrootd instance of type ‘fedredir’). Information about these instances are found under /soft- ware/components/xrootd/options/cmsdInstances. In both cases, the properties (options) available are the same. configFile: string (required)

The name of the Xrootd configuration file describing the instance configuration. This file must be located in the directory pointed by configDir (see above). Default: none federation : string (optional)

Used by ‘fedredir’ instances only (cms and xrootd instances). This is the identifier (see Federations below) the redi- rector is participating to. Default: none logFile: string (required)

Full path of the instance log file. Default: none type: list of strings (required)

The type of the instance. Can be disk, redir and fedredir for xrootd service. And only fedredir for cmsd service. Default: none

DPM/Xrootd plugin options

This set of options describes the configuration of the DPM Xrootd plugin. This set is optional and must not be defined if the DPM/Xrootd plugin is not used. It is found under /software/components/xrootd/options/dpm. Main options are described below.

1.4. configuration-modules-grid 847 Quattor Documentation, Release 0.0.1 coreMaxSize : long (optional)

Max size of core dump files. Default: none defaultPrefix: string (optional)

Prefix to be added to every file path specified by users to make the actual file path. Default: none dpmConnectionRetry: long (optional)

Max number of retries when connecting to DPM service. Default: none dpmHost: string (required)

Name of the host running the DPM service (dpm daemon). Default: none dpnsConnectionRetry: long (optional)

Max number of retries when connecting to DPNS service. Default: none dpnsHost: string (required)

Name of the host running the DPNS service (dpm daemon). Default: none replacementPrefix: nlist of strings (optional)

It allows to specify the actual path prefix to substitute (nlist value) to a user-specified path starting by a string matching the nlist key. This option, if present, takes precedence over defaultPrefix (see above) if the path is matching. For example: replacementPrefix = nlist(‘/cms’, ‘/dpm/example.com/home/cms’); This will convert /cms/myfile to /dpm/example.com/home/cms/myfile. Default: none

848 Chapter 1. Content Quattor Documentation, Release 0.0.1

Token-based authentication

This set of options describes the configuration of token-based authorization. This set is optional and must not be de- fined if token-based authentication is not enabled. It is found under /software/components/xrootd/options/tokenAuthz. Main options are described below. accessRules: list of nlist (required)

This nlist allows to build the accessRules for token-based authentication, based on whether the user is authenticated or not and other informations. See Xrootd documentation for details. Each entry in the list is a nlist with the following required properties: path The Xrootd path the rule apply to. This is a string, it must be present and has no default. authenticated Operations allowed for authenticated users. This is a list of string, it must be present and has no default unauthenticated Operations allowed for unauthenticated users. This is a list of string, it must be present and has no default cert A specific certificate that must be presented by the user for the rule to apply. This is a string, it must be present and default to ‘*’ (no restriction based on certificate). vo A specific VO that must be presented by the user (in the token) for the rule to apply. This is a string, it must be present and default to ‘*’ (no restriction based on VO). authzConf: string (required)

Full path of the configuration file for token-based authorization. Default: /etc/grid-security/xrootd/TkAuthz.Authorization allowedFQANs: list of string (required)

The VOMS FQANs that are matched in DPM ACLs when the token-based authorization is used. authorizedPaths: list of string (required)

The prefix of DPM paths that can be accessed when using token-based authorization. Default: none exportedPathRoot: string (required)

Xrootd path that is accessible through token-based authorization. This can be used to restrict data accessible throgh this authorization to a subset of the data available in the whole cluster. Default: none

1.4. configuration-modules-grid 849 Quattor Documentation, Release 0.0.1 exportedVOs: nlist (required)

List of VOs (retrieved from the token) allowed to access the XRootd cluster through token-based authorization. It is specified as a nlist where the key is the VO name and the value an optional nlist allowing to specify the path related to exportedPathRoot associated with the VO (‘path’ property). When empty, the VO name is used. Note that it is strongly recommended to export only one VO with token-based authorization. Default: none principal : string (required)

The principal (user) to use to find the matching gridmap entry when token-based authentication is used. Default: none tokenPrivateKey string (required)

Full path of the token private key (that must be created outside of this configuration module). Default: /etc/grid-security/xrootd/pvkey.pem tokenPublicKey string (required)

Full path of the token public key (that must be created outside of this configuration module). Default: /etc/grid-security/xrootd/pubkey.pem

"exportedVOs" : xrootd_component_exported_path{} "exportedPathRoot" : string

Federation options

For each Xrootd federation supported (taht need to be configured) on a given Xrootd node, the federation parameters are described under /software/components//xrootd/options/federations. This is a nlist where the key is a federation identifier (arbitrary, used to refer to the federation by ‘federations’ property of instances) and the value a nlist with the following possible properties. federationCmsdManager : string (required)

The federation cmsd manager (upper level cmsd) id. The format is : host.dom.ain+:port (note the +). Default: none federationXrdManager : string (required)

The federation xrootd manager (upper level xrootd redirector) id. The format is : host.dom.ain:port (note the +). Default: none

850 Chapter 1. Content Quattor Documentation, Release 0.0.1 n2nLibrary’ : string (optional)

The name of the Name2Name library used in the federation and its parameters (library specific). Default: none namePrefix : string (optional

The path prefix of the local file names that are passed to the N2N library. The federation cmsd manager id. The format is : host.dom.ain+:port (note the +). localPort : long (required)

The port number of the cluster redirector participating to the federation. Default: none localRedirector : string (required)

Host:port of the cluster local redirector. Typically localhost:localPort. Default: none lfcHost : string (optional)

The optional LFC host name if N2N library relies on LFC. Default: none lfcConnectionRetry : long (optional)

Connection retry when trying to connect to LFC. Ignored if lfcHost is not defined. Typical value is 0. Default: none (not defined explicitly) lfcSecurityMechanism : string (optional)

Security mechanism to use when connecting to LFC. Ignored if lfcHost is not defined. Typical value is ‘ID’. Default : none localRedirectParams : string (optional)

The redirect parameters for the local redirector in the format expected by ‘xrootd.redirect’ Xrootd configuration direc- tive. Typically used to redirect to federation redirector for the VO supported by the federation. Default: none

1.4. configuration-modules-grid 851 Quattor Documentation, Release 0.0.1 monitoringOptions : string (optional)

Options passed to xrootd.monitor directive for the federation redirector. Default : none redirectParams : string (optional)

The redirect parameters for the federation redirector in the format expected by ‘xrootd.redirect’ Xrootd configuration directive. Default: none reportingOptions : string (optional)

Options passed to xrd.report directive for the federation redirector. Default : none validPathPrefix : string (optional)

The prefix of user paths that are accepted by the federation redirector. Default: none

DEPENDENCIES

None.

BUGS

None known.

AUTHOR

Michel Jouvin <>

MAINTAINER

Michel Jouvin <>

VERSION

1.9.1

852 Chapter 1. Content Quattor Documentation, Release 0.0.1

SEE ALSO ncm-ncd(1)

Types

• /software/xrootd/xrootd_component_exported_path – /software/xrootd/xrootd_component_exported_path/path

* Optional * Type: string • /software/xrootd/xrootd_component_access_rules – /software/xrootd/xrootd_component_access_rules/path

* Optional * Type: string – /software/xrootd/xrootd_component_access_rules/authenticated

* Optional * Type: string – /software/xrootd/xrootd_component_access_rules/unauthenticated

* Optional * Type: string – /software/xrootd/xrootd_component_access_rules/vo

* Optional * Type: string – /software/xrootd/xrootd_component_access_rules/cert

* Optional * Type: string • /software/xrootd/xrootd_component_token_authz_options – /software/xrootd/xrootd_component_token_authz_options/authzConf

* Optional * Type: string – /software/xrootd/xrootd_component_token_authz_options/tokenPrivateKey

* Optional * Type: string – /software/xrootd/xrootd_component_token_authz_options/tokenPublicKey

* Optional * Type: string – /software/xrootd/xrootd_component_token_authz_options/accessRules

1.4. configuration-modules-grid 853 Quattor Documentation, Release 0.0.1

* Optional * Type: xrootd_component_access_rules – /software/xrootd/xrootd_component_token_authz_options/exportedVOs

* Optional * Type: xrootd_component_exported_path – /software/xrootd/xrootd_component_token_authz_options/exportedPathRoot

* Optional * Type: string • /software/xrootd/xrootd_component_dpm_options – /software/xrootd/xrootd_component_dpm_options/alternateNames

* Optional * Type: string – /software/xrootd/xrootd_component_dpm_options/coreMaxSize

* Optional * Type: long – /software/xrootd/xrootd_component_dpm_options/dpmConnectionRetry

* Optional * Type: long – /software/xrootd/xrootd_component_dpm_options/dpmHost

* Optional * Type: string – /software/xrootd/xrootd_component_dpm_options/dpnsConnectionRetry

* Optional * Type: long – /software/xrootd/xrootd_component_dpm_options/dpnsHost

* Optional * Type: string – /software/xrootd/xrootd_component_dpm_options/defaultPrefix

* Optional * Type: string – /software/xrootd/xrootd_component_dpm_options/replacementPrefix

* Optional * Type: string – /software/xrootd/xrootd_component_dpm_options/mappedFQANs

* Optional * Type: string

854 Chapter 1. Content Quattor Documentation, Release 0.0.1

– /software/xrootd/xrootd_component_dpm_options/authorizedPaths

* Optional * Type: string – /software/xrootd/xrootd_component_dpm_options/principal

* Optional * Type: string • /software/xrootd/xrootd_component_fed_options – /software/xrootd/xrootd_component_fed_options/federationCmsdManager

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/federationXrdManager

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/n2nLibrary

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/namePrefix

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/localPort

* Optional * Type: long – /software/xrootd/xrootd_component_fed_options/localRedirector

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/lfcHost

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/lfcConnectionRetry

* Optional * Type: long – /software/xrootd/xrootd_component_fed_options/lfcSecurityMechanism

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/validPathPrefix

* Optional

1.4. configuration-modules-grid 855 Quattor Documentation, Release 0.0.1

* Type: string – /software/xrootd/xrootd_component_fed_options/redirectParams

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/localRedirectParams

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/monitoringOptions

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/reportingOptions

* Optional * Type: string – /software/xrootd/xrootd_component_fed_options/siteName

* Optional * Type: string • /software/xrootd/xrootd_logKeep • /software/xrootd/xrootd_component_instances – /software/xrootd/xrootd_component_instances/configFile

* Optional * Type: string – /software/xrootd/xrootd_component_instances/federation

* Optional * Type: string – /software/xrootd/xrootd_component_instances/logFile

* Optional * Type: string – /software/xrootd/xrootd_component_instances/logKeep

* Optional * Type: xrootd_logKeep – /software/xrootd/xrootd_component_instances/type

* Optional * Type: string • /software/xrootd/xrootd_component_security_protocols – /software/xrootd/xrootd_component_security_protocols/authzfun

* Optional

856 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Type: string – /software/xrootd/xrootd_component_security_protocols/authzfunparams

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/authzto

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/authzpxy

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/ca

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/cert

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/certdir

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/cipher

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/crl

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/crldir

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/crlext

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/crlrefresh

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/digpxy

* Optional

1.4. configuration-modules-grid 857 Quattor Documentation, Release 0.0.1

* Type: long – /software/xrootd/xrootd_component_security_protocols/exppxy

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/gmapopt

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/gmapto

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/gmapfun

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/gmapfunparams

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/gridmap

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/key

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/md

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/vomsat

* Optional * Type: long – /software/xrootd/xrootd_component_security_protocols/vomsfun

* Optional * Type: string – /software/xrootd/xrootd_component_security_protocols/vomsfunparams

* Optional * Type: string • /software/xrootd/xrootd_component_global_options – /software/xrootd/xrootd_component_global_options/installDir

858 Chapter 1. Content Quattor Documentation, Release 0.0.1

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/configDir

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/authzLibraries

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/daemonUser

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/daemonGroup

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/restartServices

* Optional * Type: boolean – /software/xrootd/xrootd_component_global_options/mallocArenaMax

* Optional * Type: long – /software/xrootd/xrootd_component_global_options/MonALISAHost

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/monitoringOptions

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/reportingOptions

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/siteName

* Optional * Type: string – /software/xrootd/xrootd_component_global_options/cmsdInstances

* Optional * Type: xrootd_component_instances – /software/xrootd/xrootd_component_global_options/xrootdInstances

1.4. configuration-modules-grid 859 Quattor Documentation, Release 0.0.1

* Optional * Type: xrootd_component_instances – /software/xrootd/xrootd_component_global_options/federations

* Optional * Type: xrootd_component_fed_options – /software/xrootd/xrootd_component_global_options/tokenAuthz

* Optional * Type: xrootd_component_token_authz_options – /software/xrootd/xrootd_component_global_options/dpm

* Optional * Type: xrootd_component_dpm_options – /software/xrootd/xrootd_component_global_options/securityProtocol

* Optional * Type: xrootd_component_security_protocols • /software/xrootd/xrootd_component_node_config – /software/xrootd/xrootd_component_node_config/roles

* Optional * Type: string • /software/xrootd/xrootd_component – /software/xrootd/xrootd_component/hosts

* Optional * Type: xrootd_component_node_config – /software/xrootd/xrootd_component/options

* Optional * Type: xrootd_component_global_options

Functions

• xrootd_component_node_config_valid • xrootd_component_options_valid • xrootd_component_access_rules_valid • is_xrootd_logKeep

860 Chapter 1. Content Quattor Documentation, Release 0.0.1

1.5 Unit Testing

1.5.1 Content

Example

Quattor

SYNOPSIS

use Test::Quattor qw(test_profile1 test_profile2...);

DESCRIPTION

Test::Quattor Module preparing the environment for testing Quattor code.

LOADING

When loading this module it will compile any profiles given as arguments. So,

use Test::Quattor qw(foo);

will trigger a compilation of src/test/resources/foo.pan and the creation of a binary cache for it. The compiled profile will be stored as target/test/profiles/foo.json, while the cache will be stored in under target/test/profiles/foo/. This binary cache may be converted in an EDG::WP4::CCM::CacheManager::Configuration object using the get_config_for_profile function.

INTERNAL INFRASTRUCTURE

Module variables

This module provides backup methods for several CAF modules. They will prevent tests from actually modifying the state of the system, while allowing an NCM component to follow a realistic execution path. These backups record what files are being written, what commands are being run, and allow for inspection by a test. This is done with several functions, see Redefined functions below, that control the following variables: * QUATTOR_TEST_LOG_DEBUGLEVEL If the environment variable QUATTOR_TEST_LOG_DEBUGLEVEL is set, the unittests will run with this debuglevel (0-5). Otherwise the default loglevel is ‘verbose’. To actually see the verbose or debug output, you need to run prove with verbose flag (e.g. by passing -Dprove.args=-v or by setting -v in the <~/.proverc>). * $log_cmd

1.5. Unit Testing 861 Quattor Documentation, Release 0.0.1

A boolean to enable logging of each command that is run via CAF::Process. Can also be set via the QUATTOR_TEST_LOG_CMD environment variable. * $log_cmd_missing A boolean to log each cmd that has output mocked but has no output set. Can also be set via the QUAT- TOR_TEST_LOG_CMD_MISSING environment variable. * %files_contents Contents of a file after it is closed. The keys of this hash are the absolute paths to the files. This hash is a global variable whose contents can be checked in a test, if necessary. But if you want to set the file content before using the CAF::Path methods (for example, using set_file_contents), it is preferable to use %desired_file_contents. * %commands_run CAF::Process objects being associated to a command execution. * %commands_status Desired exit status for a command. If the command is not present here, it is assumed to succeed. * %desired_outputs When we know the component will call CAF::Process::output and friends, we prepare here an output that the component will have to deal with. * %desired_err When the component may analyse the standard error of a component, we supply it through this hash. * %desired_file_contents Initial contents for a file that should be “edited”. The content of this hash (keys are the absolute path names) is managed/updated by all the CAF::FileWritermethods. It is preferable to use it rather than %files_contents, if you don’t need to access its contents directly from another mod- ule (CAF::FileWriter methods give access to its contents in fact). * @command_history CAF::Process commands that were run. * caf_path A hashref with CAF::Path methods and arrayref of reference of used arguments * NoAction Set Test::Quattor::NoAction to override CAF::Object::NoActionin any of the mocked Test::Quattor methods (where relevant, e.g. mocked FileWriter and FileEditor). E.g. if you want to run tests with CAF::Object::NoAction not set (to test the behaviour of regular CAF::Object::NoAction). Default is 1. * %immutable The content of this hash (keys are the absolute path names) indicates if paths (files, directories, . . . ) are immutable (or not). Any modification to an immutable path will result in an error. You can add paths using the set_immutable function. * %status

862 Chapter 1. Content Quattor Documentation, Release 0.0.1

The content of this hash (keys are the absolute path names) indicates current CAF::Path::status (mode, mtime, owner and/or group). You can add paths using the set_status function.

Redefined functions

In order to achieve this, the following functions are redefined automatically: CAF::Process::{run,execute,output,trun,toutput} Prevent any command from being executed. CAF::FileWriter::open Overriding this function allows us to inspect its contents after the unit under tests has released it. CAF::FileWriter::close Overriding this function to force noaction and update mocked %desired_file_contents. CAF::FileWriter::_close Mock-only method to make the FileWriter instance not opened (in IO::String sense). Required for cleanup of filehandles left by eg immutable paths. CAF::FileWriter::_read_contents Used to get the original content (for >) and/or source (for >) from the %desired_file_contents. CAF::FileEditor::_is_valid_file Mock using is_file function. CAF::FileEditor::_is_reference_newer Mock using is_file function (but no support for pipes or age test). CAF::FileReader::_is_valid_file Mock using is_file function (but no support for pipes). CAF::Reporter::debug Checks that each debug() call starts with a debuglevel between 0 and 5. CAF::Reporter::debug Checks that each debug() call starts with a debuglevel between 0 and 5. IO::String::close Prevents the buffers from being released when explicitly closing a file. CAF::Path::file_exists Return the mocked is_file CAF::Path::directory_exists Return the mocked is_directory CAF::Path::any_exists Return the mocked is_any

1.5. Unit Testing 863 Quattor Documentation, Release 0.0.1

is_symlink Test if given path is a mocked symlink has_hardlinks Test if given path is a mocked hardlink Note that it is not a perfect replacement for the c has_hardlinks because the current implementation of mocked hardlinks does not allow to mimic multiple references to an inode. The differ- ences are : the link used at creation time must be queried, not the target (where in a real hardlink target and link are undistinguishable); if the path is a hardlink the number of references for the inode is always 1. is_hardlink Test if path1 and path2 are hardlinked _make_link Add a mocked _make_link. This mocked method implements most of the checks done in LC::Check::link, the function do- ing the real work in _make_link, and returns the same values as CAF::Path _make_link. See CAF::Path comments for details. Internally, this mocked symlink/hardlink support uses the file contents to track that a path is a sym- link or hardlink. Thus, in addition to the symlink() and hardlink() methods, a link can be created with set_file_contents($filename, $Test::Quattor::SYMLINK) for a symlink and set_file_contents($filename, $Test::Quattor::HARDLINK) for a hardlink. CAF::Path::directory Return directory name unless mocked make_directory or mocked LC_Check fail. (The temp is ignored wrt creating the directory name). CAF::Path::LC_Check Store args in caf_path using add_caf_path. CAF::Path::cleanup remove_any and store args in caf_path using add_caf_path. CAF::Path::move remove_any and store args in caf_path using add_caf_path. CAF::Path::status Set and compare status. CAF::Path::_listdir Mock underlying _listdir method that does the actual opendir/readdir/closedir. Has 2 args, one directory and one test function. The is no validation of any kind. Do not use this method directly, use listdir instead.

FUNCTIONS FOR EXTERNAL USE

The following functions are exported by default: get_file

864 Chapter 1. Content Quattor Documentation, Release 0.0.1

Returns the object that has manipulated $filename set_file_contents For file $filename, sets the initial $contents the component should see. It also sets the default CAF::FileWriter permissions (mode 644). Returns the contents on success, undef otherwise. get_file_contents For file $filename, returns the contents on success, undef otherwise. get_command Returns all the information recorded about the execution of $cmd, if it has been executed. This is a hash reference in which the object element is the CAF::Process object itself, and the method element is the function that executed the command. set_command_status Sets the “exit status” we’ll report for a given command. set_desired_output Sets the standard output we’ll return when the caller issues outputon this command set_desired_err Sets the standard error we’ll receive when the caller issues execute on this command. command_history_reset Reset the command history to empty list. command_history_ok Given an arrayref of required_commands, it checks the @command_history if all commands were called in the given order (it allows for other commands to exist inbetween). The commands are interpreted as regular expressions. E.g. if @command_history is (x1, x2, x3) then command_history_ok([x1,X3]) returns 1 (Both x1 and x3 were called and in that order, the fact that x2 was also called but not checked is allowed.). command_history_ok([x3,x2]) returns 0 (wrong order), command_history_ok([x1, x4]) returns 0 (no x4 command). A second arrayref of forbidden_commands can be given, and the @command_history is then first checked that none of those commands occured. If you only want to check the non-occurence of commands, pass an undef as the first argument (and not an empty arrayref). set_service_variant Sets the CAF::Service variant to the one given in the command line: * linux_sysv Linux SysV, e.g, /sbin/service foo start * linux_systemd Linux, Systemd variant. * solaris Solaris and SMF variant. Test::Quattor defaults to linux_sysv.

1.5. Unit Testing 865 Quattor Documentation, Release 0.0.1

force_service_variant Force the variant by bypassing CAF::Service AUTOLOAD magic and defining the methods via glob assignments in the namespace. The first argument is the $variant to use. When testing subclassed CAF::Service, the second (optional) argument is the subclass, followed by all other arguments as additional non-standard actions. set_immutable Make path immutable. Pass a false bool to make the path mutable again (not , default is to make the path immutable). set_status (Re)set status of path to the options (mode, mtime, owner and/or group). is_mutable Check if the path and parent path are mutable. (Parent path is not checked when skip_parent argument is true). Report an error prefixed with prefix and return 0 when path (and/or parent path) is immutable. sane_path sanitize path by squash multiple ‘/’ into one remove all trailing ‘/’ is_file Test if given $path is a mocked file is_directory Test if given $path is a mocked directory is_any Test if given path is known (as file or directory or anything else) make_directory Add a directory to the mocked directories. If rec is true or undef, also add all underlying directories. If mutable is true, always create the directory. If directory already exists and is a directory, return SUCCESS (undef otherwise). remove_any Recursive removal of a path from the files_contents / desired_file_contents move move src to dest. If backup is defined and not empty string, move dest to backup (backup is a suffix). add_caf_path Add array of arguments to caf_path hashref using name reset_caf_path Reset caf_path ref. If name is defined, only reset that cache. dump_contents

866 Chapter 1. Content Quattor Documentation, Release 0.0.1

Debug function to show the entries in desired_file_contentsand files_contents. Options log Pass a reporter/logger instance, and report with verbose level. By default, Test::More::diag is used. filter Regex pattern to filter filenames to show (matches are kept). prefix A message prefix

BUGS

Probably many. It does quite a lot of internal black magic to make your executions safe. Please ensure your component doesn’t try to outsmart the CAF library and everything should be fine.

Quattor :: CommonDeps

NAME

Module with common perl modules from tests

DESCRIPTION

Module with common perl modules from tests. They are added here in order to generate the correct dependencies on the perl-Test-Quattorpackage. Only modules with dependencies provided by RH base repos and EPEL can be added here.

Quattor :: Component

DESCRIPTION

Backup module, mimicking the base class for all NCM components, but with no real logic.

Quattor :: Critic

NAME

Test::Quattor::Critic - Run Perl::Critic.

DESCRIPTION

This is a class to run Perl::Critic code with a whitelist of policies. To get the policy names, use critic –cruel –verbose 8 path/to/perl/code

1.5. Unit Testing 867 Quattor Documentation, Release 0.0.1

METHODS

new codedirs An arrayref of paths to look for perl code (uses Test::Pod::all_pod_files). Default is target/lib/perl. exclude A regexp to remove policies from list of fatal policies. make_critic Create Perl::Critic instance and load policies check Given a list of Perl::Critic::Violations (e.g. as return value of critique method) and check which one should be reported on. test Run critic test on all files found with all_pod_files in all codedirs.

Quattor :: Doc

NAME

Test::Quattor::Doc - Class for unittesting documentation.

DESCRIPTION

This is a class to trigger documentation testing. Should be used mainly as follows:

use Test::Quattor::Doc; Test::Quattor::Doc->new()->test();

Public methods

new Returns a new object, accepts the following options poddirs Array reference of directories to test for podfiles. Default dirs are the relative paths target/ lib/perland target/doc/pod (use the exported @DOC_TEST_PATHSlist of defaults or resp. $DOC_TARGET_PERL and <$DOC_TARGET_POD>) podfiles Array reference of podfiles to test (default empty) emptypoddirs

868 Chapter 1. Content Quattor Documentation, Release 0.0.1

Array reference of poddirs that must be empty (or non-existing). If a directory is in both poddirs and emptypoddirs, if is considered an empty poddir. panpaths Array reference of paths that hold pan files to check for annotations. Default is target/pan (use the exported $DOC_TARGET_PAN). panout Output path for pan annotations. Default target/panannotations (use exported $DOC_TARGET_PANOUT). pod_files Test all files from podfiles and poddirs. Based on all_pod_files_ok from Test::Pod. Returns array refs of all ok and not ok files. pan_annotations Generate annotations, return arrayref with templates that have valid annotations and one for templates with invalid annotations. TODO: Does not require annotations at all nor validates minimal contents. test Run all tests: pod_files pan_annotations

Quattor :: Filetools

NAME

Test::Quattor::Filetools - Read/write files (in case mocked FileWriter/Reader cannot be used).

Functions writefile Create file with name fn (and parent directory if needed). Optional second argument is the content of the file (default is text ok (no newline)). readfile Read the content of file fn and return it.

Quattor :: Namespace

DESCRIPTION

Module to help mock the namespace

1.5. Unit Testing 869 Quattor Documentation, Release 0.0.1

USAGE

E.g. to fake NCM:: namespace provided by the ‘ncm’ namespace

BEGIN { use Test::Quattor::Namespace qw(ncm); }

... use NCM::Component ...

Variables inc_orig $inc_orig holds arrayref to a copy of @INC when INC_insert_namespace was first called. inc_history $inc_history is an arrayref with copy of all references of all @INCs modified ignore Hashref with namespaces to ignore (if value is true) when INC_insert_namespaceis used.

Functions

INC_insert_namespace Setup @INC so NCM::Component is provided by Test::Quattor Returns modified @INC as reference.

Quattor :: Object warn_is_ok

By default, Perl warnings are mapped to failing tests. add_loghist

Add a log message for type to the log history. reset_loghist

Reset the log history. loghist_get

Return the array of log messages for type.

870 Chapter 1. Content Quattor Documentation, Release 0.0.1 info info-type logger, calls diag. Arguments are converted in message, prefixed with ‘INFO’. verbose verbose-type logger, calls note Arguments are converted in message, prefixed with ‘VERBOSE’. report report-type logger, calls note Arguments are converted in message, prefixed with ‘REPORT’. debug verbose logger, ignores debug level warn warn-type logger, calls diag Arguments are converted in message, prefixed with ‘WARN’. error error-type logger, calls diag Arguments are converted in message, prefixed with ‘ERROR’. event event handler, store the metadata and report added event is_verbose / is_quiet / get_debuglevel

Return the respective attributes (or 0 is undefined). notok

Fail a test with message, use error to log the message. Arguments are converted in message. gather_pan

Walk the panpath and gather all pan templates. A pan template is a text file with an .pan extension; they are considered ‘invalid’ when the pannamespace is not correct. Returns a reference to hash with key path (relative to relpath) and value hashreference with ‘type’ of pan templates and ‘expected’ relative filepath; and an arrayreference to the invalid pan templates.

1.5. Unit Testing 871 Quattor Documentation, Release 0.0.1 get_template_library_core

Return path to template-library-core to allow “include ‘pan/types’;” and friends being used in the templates (in particular the schema). By default, the template-library-core is expected to be in the parent or parent of parent directory as the current working directory. One can also specify the location via the QUATTOR_TEST_TEMPLATE_LIBRARY_COREenvironment variable. When notok_on_missing is true (or undefined), notok is called (i.e. test fails). make_target_pan_path

Create if needed the “target/pan” path in the current directory, and returns the absolute pathname.

Quattor :: Panc

DESCRIPTION

Module to compile profiles using panc set_panc_options

Set additional panc commandline options. Use the long option name, the preceding ‘–’ is added. If no value is expected (e.g. ‘–debug’) pass ‘undef’ as value. reset_panc_options

Reset the panc commandline options. head2 get_panc_options Returns the hash reference to the additional pancoptions. set_panc_includepath

Set the inlcudedirs option to the directories passed. If undef is passed, remove the ‘includepath’ option. get_panc_includepath

Return an array reference with the ‘includepath’ directories. is_object_template

Given profile name (and optional resourcesdir for relative profile filename), test if the profile is a valid object template.

872 Chapter 1. Content Quattor Documentation, Release 0.0.1

Compile pan object template into JSON profile

Compile the pan profile (file ‘profile.pan’ in resourcesdir) and create the profile in outputdir. If croak_on_error is true (or undef), the method croaks on compilation failure. If false, it will return the exitcode. panc_annotations

Generate the pan annotations from basedir in outputdir for profiles. process

Sort-of private method to use CAF::Process bypassing the mocking of CAF::Process. Arrayhash $cmd for the command, $message for a message to print. Options croak_on_error: croak on error srcdir: srcdir to return to after actual command is executed. output: return arrayref with exitcode and output (stdout combined with stderr)

Quattor :: ProfileCache

DESCRIPTION

Module to setup a profile cache set_profile_cache_options

Set additional options for prepare_profile_cache Set specific values for the cache, resources and/or profiles directory. Will be used by get_profile_cache_dirs cache resources profiles get_profile_cache_dirs

Return hashreference to the directories used to setup the profile cache: ‘cache’, ‘resources’ and ‘profiles’. The values are generated from the defaults or profilecacheoptions(to be set via set_profile_cache_options). Relative paths are assumed to be relative wrt current directory; absolute paths are used for the returned values.

1.5. Unit Testing 873 Quattor Documentation, Release 0.0.1 prepare_profile_cache_panc_includedirs prepare_profile_cache

Prepares a cache for the profile given as an argument. This means compiling the profile, fetching it and saving the binary cache wherever the CCM configuration tells us. Returns the configuration object for this profile. The croak_on_error argument is passed to the Test::Quattor::Panc::panc method. If this boolean is 0 (and not undef), prepare_profile_cachewill return the panc exitcode upon panc failure. get_config_for_profile

Returns a configuration object for the profile given as an argument. The profile should be one of the arguments given to Test::Quattor when loading it. If the configuration cannot be found, an error is reported, and a test fails. set_json_typed

Set the json_typed config attribute to value. If value is undefined, json_typed is set to true. Returns the value set. get_json_typed

Return the json_typed value.

Quattor :: RegexpTest

NAME

Test::Quattor::RegexpTest - Class to handle a single regexptest.

DESCRIPTION

This class parses and executes the tests as described in a single regexptest.

Public methods new Returns a new object, accepts the following options regexp The regexptest file. text The text to test.

874 Chapter 1. Content Quattor Documentation, Release 0.0.1

parse

Parse the regexp file in 3 sections: description, flags and tests. Each section is converted in an instance attribute named ‘description’, ‘flags’ and ‘tests’.

parse_description

Parse the description block and set the description attribute. First argument blocktxt is the 1st block of the regexptest file.

parse_flags

Parse the flags block and set flags attribute Following flags are supported regular expression flags: multiline (no)multiline / multiline=1/0 singleline singleline / singleline=1/0 (This flag can coexist with multiline) extended format extended / extended=1/0 case senistive case(in)sensistive / casesensitive = 0/1 order flag ordered matches (un)ordered / ordered=0/1 negate negate / negate = 0/1 Negate all regexps, none of the regexps can match (is an alias for COUNT 0 on every regtest; overwritten when COUNT is set for individual regexp) quote quote / quote = 0/1 Whole tests block is 1 regular expression. With quote flag set, multiline flag is logged and ignored; ordered flag is meaningless (and silently ignored). location of module and contents settings: metaconfigservice=/some/path Also any flag starting with / is interpreted as metaconfigservice

1.5. Unit Testing 875 Quattor Documentation, Release 0.0.1

renderpath=/some/path Also any flag starting with // is interpreted as renderpath rendermodule Specify the value of the module to use. (Precedes metaconfigservice/renderpath value). contentspath Specify the path to use for contents. (Precedes metaconfigservice/renderpath value). element Comma separated list of predefined element convert options for CCM::TextRender. Default settings

ordered=1 multiline=1 casesensitive=1 renderpath=/metaconfig

First argument blocktxt is the 2nd block of the regexptest file.

parse_tests

Parse the tests block and set tests attribute If the quote flag is set, the whole tests block is seen as one big regular expression, and rendered text has to be an exact match, incl EOF newline etc. Without the quote flag set, the tests are parsed line by line, and seen as one regexp per line. Lines starting with ‘‘s*#{3} ‘‘ (trailing space!) are comments. Lines ending with \s#{3} are interpreted as having options set. Supported options COUNT COUNT \d+ is the exact number of matches (use ‘‘COUNT 0 ‘‘to make sure a line doesn’t match). This is a global count, e.g. in ordered mode the count itself is not number of matches since previous test match. The first argument blocktxt is the 3rd block of the regexptest file test

Perform the tests as defined in the flags and specified in the ‘tests’ section

Quattor :: TextRender

NAME

Test::Quattor::TextRender - Class for unittesting the TextRender templates.

876 Chapter 1. Content Quattor Documentation, Release 0.0.1

DESCRIPTION

This class should be used whenever to unittest templates that can be processed via TextRender. (For testing ncm- metaconfig templates looked at the derived Test::Quattor::TextRender::Metaconfig class).

Public methods new Returns a new object, accepts the following options basepath Basepath that points to the templates. ttpath Path to the TT files. If the path is not absolute, search from basepath. panpath Path to the (mandatory) pan templates. If the path is not absolute, search from basepath. pannamespace Namespace for the (mandatory) pan templates. (Use empty string for no namespace). namespacepath Destination directory to create a copy of the pan templates in correct namespaced directory. Relative paths are assumed relative to the current working directory. If no value is set, a random directory will be used. panunfold Boolean to force or disable the “unfolding” of the pan templates in the namespacepath with correct pannamespace. Default is true. The make_namespace method takes care of the actual unfolding (if any). expect Expect is a hash reference to bypass some built-in tests in the test methods. Use with care, better to fix the actual problem. (No attempt is made to make this any user- friendly; main reason of existence is to unittest these test modules). invalidtt Array reference of invalid TT files to pass the test_gather_tt test method. invalidpan Array reference of invalid pan templates to pass the test_gather_pan test method. gather_tt

Walk the ttpath and gather all TT files A TT file is a text file with an .tt extension; they are considered ‘invalid’ when they are in a ‘test’ or ‘pan’ directory or when they fail syntax validation. Returns an arrayreference with path (relative to the basepath) of TT and invalid TT files.

1.5. Unit Testing 877 Quattor Documentation, Release 0.0.1 test_gather_tt

Run tests based on gather_tt results; returns nothing. gather_pan

Same as Test::Quattor::Object gather_pan, but with set to the instance ‘basepath’. (With panpath and pannamespace as arguments) make_namespace

Create a copy of the gathered pan files from panpath in the correct pannamespace. Directory structure is build up starting from the instance namespacepath value. Returns an arrayreference with the copy locations. If the panunfold attribute is true, a copy of the pan templates is placed in the expected subdirectory under the namespacepath. If panunfold attribute is false, the pan templates are assumed to be in the correct location, and nothing is done. test_gather_pan

Run tests based on gather_pan results; returns nothing. (panpath and pannamespace can be passed as arguments to override the instance values).

Quattor :: TextRender :: Base

NAME

Test::Quattor::TextRender::Base - Base class for unittesting the templates in ncm-metaconfig and components. Refer to the specialized Test::Quattor::TextRender::Metaconfig and Test::Quattor::TextRender::Component for actual usage. test

Run all unittests to validate a set of templates. mock_textrender

An exported function that mocks CAF::TextRenderto test usage of TT files during regular component use in unittests. During this phase, CAF::TextRender has to use TT files that are being tested, not the ones installed. (CAF::TextRender has no easy way to do this to avoid spreading TT files around). It takes an optional argument includepath and sets this as the includepath of CAF::TextRender. The default includepath is target/share/templates/quattor, where the TT files are staged during testing via maven (use exported $TARGET_TT_DIR). To be used as

878 Chapter 1. Content Quattor Documentation, Release 0.0.1

use Test::Quattor::TextRender::Base; mock_textrender();

It returns the mock instance. (This is for convenience, you shouldn’t need this (except maybe to unmock_all?). Test::MockModulekeeps a cache of mocked instances, a new call would return the same instance.)

Quattor :: TextRender :: Component

NAME

Test::Quattor::TextRender::Component - Class for unittesting the TextRender usage (and TT in particular) in compo- nents.

DESCRIPTION

This class should be used to unittest CAF::TextRender usage in components. To be used as

my $u= Test::Quattor::TextRender::Component->new( component=> 'openneubla', )->test();

The tests require access to the template-library-corerepository for using standard types in the schema files. By default, the template-library-core is expected to be in the same directory as the one this test is being ran from. One can also specify the location via the QUATTOR_TEST_TEMPLATE_LIBRARY_COREenvironment variable.

Public methods new Returns a new object, basepath is the default location for component TT files (src/main/resources). Accepts the following options component The name of the component that these tests are part of. usett Force (or disable) the TT gather and verification test. E.g. disable when a builtin TextRender module is used. (By default, usett is true). pannamespace For modules that are almost components (like AII plugins), one can change the pannamespace (default is >). (Use empty string to in- dicate no namespace). skippan If skippan is true, skip all pan related tests and checks. This should only be needed in some rare case (e.g. when testing TT files in other modules like CCM). Default is not to skip any pan related tests.

1.5. Unit Testing 879 Quattor Documentation, Release 0.0.1

Quattor :: TextRender :: Metaconfig

NAME

Test::Quattor::TextRender::Metaconfig - Class for unittesting the ncm-metaconfig services and their templates.

DESCRIPTION

This class should be used to unittest ncm-metaconfig services and their templates. To be used as

my $u= Test::Quattor::TextRender::Metaconfig->new( service=> 'logstash', version=> '1.2', )->test();

The tests require access to the template-library-corerepository for using standard types in the schema files. By default, the template-library-core is expected to be in the same directory as the one this test is being ran from. One can also specify the location via the QUATTOR_TEST_TEMPLATE_LIBRARY_COREenvironment variable.

Public methods new Returns a new object, basepath is the default location for metaconfig-unittests (src/main/metaconfig). Accepts the following options service The name of the service (the service is a subdirectory of the basepath). version If a specific version is to be tested (undef assumes no version). usett Force (or disable) the TT gather and verification test. E.g. disable when a builtin TextRender module is used. (By default, usett is true).

Quattor :: TextRender :: RegexpTest

NAME

Test::Quattor::TextRender::RegexpTest - Class to handle a single regexptest and the input text is rendered rather then passed.

DESCRIPTION

This class parses and executes the tests as described in a single regexptest. It inherits from Test::Quattor::RegexpTest with main difference that the text to test is rendered rather then passsed.

880 Chapter 1. Content Quattor Documentation, Release 0.0.1

Public methods

new Returns a new object, accepts the following options regexp The regexptest file. config The configuration instance to retreive the values from. ttincludepath The includepath for CCM::TextRender. ttrelpath The relpath for CCM::TextRender.

Quattor :: TextRender :: Suite

NAME

Test::Quattor::TextRender::Suite - Class for a template test suite.

DESCRIPTION

A TextRender test suite corresponds to one or more regexptests that are tested against the profile genereated from one corresponding object template. A test suite can be a combination of file (implying one regexptest, and that file being the regexptest) and/or a directory (one or more regexptests; each file in the directory is one regexptest; no subdirectory structure allowed); with the file or directory name identical to the corresponding object template. The names cannot start with a ‘.’.

new

Support options testspath Basepath for the suite tests. regexps Path to the suite regexptests (testspath/regexps is default when not specified). profiles Path to the suite object templates (testspath/profiles is default when not specified). ttincludepath Includepath to use for CAF::TextRender. ttrelpath

1.5. Unit Testing 881 Quattor Documentation, Release 0.0.1

relpath to use for CAF::TextRender. filter A compiled regular expression that is used to filter the found regexptest files (matching relative filenames are kept; non-matcing ones are removed). One can also set the QUATTOR_TEST_SUITE_FILTER enviroment variable, which will be used as regular expression pattern for the filter. gather_regexp

Find all regexptests. Files/directories that start with a ‘.’ are ignored. Returns hash ref with name as key and array ref of the regexptests paths. gather_profile

Create a hash reference of all object templates in the ‘profilespath’ with name key and filepath as value. one_test

Run all regexptest $regexps for a single test profile profile with name name. test

Run all tests to validate the suite.

Quattor :: Tidy

NAME

Test::Quattor::Tidy - Run .

DESCRIPTION

This is a class to run perltidy on code with tidy options. The tidy options are in the perltidy manpage man perltidy

METHODS new codedirs An arrayref of paths to look for perl code (uses Test::Pod::all_pod_files). Default is target/lib/perl. check

882 Chapter 1. Content Quattor Documentation, Release 0.0.1

Run perltidy on filename test Run critic test on all files found with all_pod_files in all codedirs.

Quattor :: Unittest

NAME

Test::Quattor::Unittest - Baseline unittest module.

DESCRIPTION

This is a class to trigger basic unittests. Should be used as follows:

use Test::Quattor::Unittest;

Adding the test is as simple as echo ‘use Test::Quattor::Unittest;’ > 00-tqu.t

FUNCTIONS

import On import, run the tests. Pass notest to disable automatic testing (only useful when testing this code). Pass nopod to set the nopodflag (for doc test) when testing (is ignored when notest is passed).

METHODS new No options are required/supported read_cfg Read default config followed by optional configfile tqu.cfg and optional variable $main::TQU. Variable can be defined in main test as follows BEGIN { our $TQU = <<’EOF’; . . . EOF } Every test section has at least the enable option, set to true by default. For all other options, read the respective method documentation. test Run all enabled tests, in order load

1.5. Unit Testing 883 Quattor Documentation, Release 0.0.1

Run basic load test using use_ok from Test::More. The module(s) can be configured or guessed. Configuration parameters modules Comma separated list op module names to try to load. When specified, no guesses are made, only this list is used. If : is passed, the prefix is used. All trailing : are removed. prefix A prefix for all modules specified in the modules option. doc Documentation tests using Test::Quattor::Doc. Configuration options poddirs, podfiles, emptypoddirs, panpaths and panout are parsed as comma-seperated lists and passed to Test::Quattor::Doc-new>. If the nopodflag attribute is true, and no emptypoddirs are defined, the Test::Quattor::Doc::DOC_TARGET_POD is set as emptypoddirs. panpaths value NOPAN is special, as it disables the pan tests. tt Run TT unittests using Test::Quattor::TextRender::Component. (This does not apply to metaconfig tests). Configuration options are passed to >. The tests are only run if the basepath (default to src/main/resources) exists. critic Run Test::Quattor::Critic Options codedirs Comma-separated list of directories to look for code to test. (Defaults to poddirs (from doc test) or target/lib/perl). exclude A regexp to remove policies from list of fatal policies. tidy Run Test::Quattor::Tidy Options codedirs Comma-separated list of directories to look for code to test. (Defaults to poddirs (from doc test) or target/lib/perl).

884 Chapter 1. Content Quattor Documentation, Release 0.0.1

Quattor :: namespace :: critic :: Perl :: Critic :: Policy :: Quattor :: UseCAFProcess

Quattor :: namespace :: ncm :: NCM :: Component

1.5. Unit Testing 885