Quattor Documentation Release 0.0.1
Quattor Community
Oct 30, 2018
Contents
1 Content 3
i ii Quattor Documentation, Release 0.0.1
This is the official documentation for Quattor: • configuration-modules-core • configuration-modules-grid • CAF • CCM • Unit Testing Also see the Quattor homepage for more information.
Contents 1 Quattor Documentation, Release 0.0.1
2 Contents CHAPTER 1
Content
1.1 CAF
1.1.1 Common Application Framework
This is the Perl Common Application Framework (CAF) for Quattor. It is a library encapsulating most annoying details like reporting, file handling or command executions. It gives a unified way of doing potentially dangerous things in the right way.
1.1.2 Applicability
Quattor developers must use modules here for: • Executing commands (see CAF::Process). • Manipulating files (see CAF::FileWriter and CAF::FileEditor). • Reporting. Most likely, your code receives a $self object that provided CAF’s interfaces.
1.1.3 Content
Application
NAME
CAF::Application - Common Application Framework core class
3 Quattor Documentation, Release 0.0.1
SYNOPSIS
package example; use strict; use warnings; use LC::Exception qw (SUCCESS throw_error); use parent qw(CAF::Application);
# Main loop package main; use strict; use warnings; use LC::Exception qw (SUCCESS throw_error);
use vars ($this_app%SIG); unless ($this_app= example->new($0,@ARGV)) { throw_error (...); }
$this_app->report("Hello"); ...
DESCRIPTION
CAF::Application is the core class which provides command line and configuration file parsing, and general applica- tion methods. Applications can extend or overwrite the default methods.
Public methods
name(): string Return the application name (basename) version(): string Returns the version number as defined in $self->{‘VERSION’}, or
4 Chapter 1. Content Quattor Documentation, Release 0.0.1
Returns the option value coming from the command line and/or configuration file. Scalar can be a string, or a reference to a hash or an array containing the option’s value. option() is a wrapper on top of AppConfig->get($opt). If the option doesn’t exist, returns undef, except if the defaultargument has been specified: in this case this value is returned but the option remains undefined. set_option($opt, $val): SUCCESS Defines an option and sets its value. If the option was previously defined, its value is overwritten. This is a wrapper over AppConfigmethods to hide the internal implementation of a CAF::Application. This method always returns SUCCESS. show_usage(): boolean Prints the usage message of the command based on options and help text. show_version(): boolean prints the version number of the Application. app_options(): ref(array) to be overloaded by the application with application specific options. This function has to return a reference to an array. Every element in the array must be a reference to a hash with the following structure:
NAME=> option name specification in the Getopt::Long(3pm) format "name|altname1|altname2|..[argument_type]" DEFAULT=> [optional] default value (string). If not specified: undef HELP=> help text (string)
example:
push(@array, {NAME=>'M|myoption=s', DEFAULT=>'defaultvalue', HELP=>'do somewhat on something'});
return \@array;
see also _app_default_options()
Private methods
_initialize Initialize the Application. Arguments $command Name of the script/command/. . . (typically $0). Remaining arguments @argv Typically this is the perl builtin variable @ARGV, but can be any array of options/arguments, or a single arrayref (in which case all elements of the arrayref are handled as options/arguments). Any arguments that are not handled by the options, can be retrieved either via @ARGV or by passing an arrayref holding the options/arguments. In these 2 cases, the contents is modified,
1.1. CAF 5 Quattor Documentation, Release 0.0.1
removing all handled options, leaving the non-option arguments in place. (In particular, using a regular array will leave the original array unmodified). _app_default_options This method specifies a number of default options, with the same format as app_options. The options are:
debug
The ‘noaction’, ‘cfgfile’ and ‘logfile’ options are not enabled by default but recognized (they have to be added to the application specific code - see the ‘example’ file):
noaction : execute no operations cfgfile
_add_options add options coming from _app_default_options() and app_options()
Download :: LWP
NAME
CAF::Download::LWP class to use LWP (and Net::HTTPS).
DESCRIPTION
CAF::Download::LWP prepares LWP (and Net::HTTPS) and provides interface to LWP::UserAgent. Remarks wrt SSL/TLS: If LWP is recent enough (v8.333, e.g. on EL6+), the choice of SSL module will be the system default (typically IO::Socket::SSL when available, Net::SSL otherwise). The usual environment variable will not be honoured (this module will typically be executed in a minimal environment anyway). When LWP is too old, Net::SSL will be forced (e.g. on EL5). If LWP is recent enough and IO::Socket::SSL is the default, hostname verification is forced.
METHODS
_initialize Initialize the object. Optional arguments: log A CAF::Reporter object to log to.
6 Chapter 1. Content Quattor Documentation, Release 0.0.1
_get_ua Prepare the environment and initialise LWP::UserAgent. Best-effort to handle ssl setup, Net::SSL vs IO::Socket::SSLand verify_hostname. Example usage . . . my $ua = $self->_get_ua(%opts);
local%ENV=%ENV; $self->update_env(\%ENV); ...
Returns the LWP::UserAgent instance or undef. Options cacert: the CA file cadir: the CA path cert: the client certificate filename key: the client certificate private key filename ccache: the kerberos crednetial cache timeout: set timeout _do_ua Initialise LWP::UserAgent using _get_ua method and run method with arrayref args. All named options are passed to _get_ua.
Exception
NAME
CAF::Exception - provides basic methods for failure and exception handling
Private methods
_get_noaction Return NoAction setting: Return 0 is keeps_state is true Any other value of keeps_state is ignored. (In particular, you cannot use keeps_state to enable NoAction). Return value of noAction method (when defined) CAF::Object::NoAction otherwise Supports an optional msg that is prefixed to reporter. _reset_exception_fail Reset previous fail attribute and/or exception. msg is a suffix when reporting the old fail attribute and/or exception error (with debug level 1).
1.1. CAF 7 Quattor Documentation, Release 0.0.1
EC is a LC::Exception::Context instance that is checked for an existing error, which is set to ignore if it exists. Always returns SUCCESS. _function_catch Execute function reference funcref with arrayref $args and hashref $opts. Method resets any existing fail attribute and error from LC::Exception::Context instance EC. When an exception thrown is thrown, it is catched and reset. No error is reported and undef is returned in this case and the fail attribute is set with the exception error text. _safe_eval Run function reference funcref with arrayref argsref and hashref optsref. Return and set fail attribute with failmsg ($@ is added when set) on die or in case of an error (undef returned by funcref). In case of success, report msg (stringified result is added unless sensitive attribute is set) at verbose level. Note that _safe_eval doesn’t work with functions that don’t return a defined value when they succeed. Resets previous fail attribute and or exceptions (via the LC::Exception::Context instance EC).
FileEditor
NAME
CAF::FileEditor - Class for securely making minor changes in CAF applications.
DESCRIPTION
This class should be used whenever a file is to be opened for modifying its existing contents. For instance, if you want to add a single line at the beginning or the end of the file. As usual, all operations may be logged by passing a log argument to the class constructor.
Public methods new Returns a new object it accepts the same arguments as the constructor for CAF::FileWriter with one additional option: source This option, when present, must be a file name whose contents will be used as the initial contents for the edited file if the source modification time is more recent than the edited file modification time. This allows to rebuild the file contents based on a new version of the reference file. The source can be a pipe: in this case, it is always considered more recent than the edited file. open Synonym for new()
8 Chapter 1. Content Quattor Documentation, Release 0.0.1 set_contents Sets the contents of the file to the given argument. Usually, it doesn’t make sense to use this method directly. Just use a CAF::FileWriter object instead. head_print Appends a line to the very beginning of the file. seek_begin Seek to the beginning of the file. seek_end Seek to the end of the file. replace_lines(re, goodre, newvalue) Replace any lines matching re but *not* goodre with newvalue. If there is no match, nothing will be done. For instance,
$fh->replace(qr(hello.*), qr(hello.*world), 'hello and good bye, world!')
Will replace all lines containing ‘hello’ but not world by the string ‘hello and good bye, world!’. But if the file contents are
There was Eru, who in Arda is called Iluvatar
it will be kept as is. This is useful when we want to change a given configuration directive only if it exists and it’s wrong. The regular expressions can be expressed with the qr operator, thus allowing for modification flags such as i. add_or_replace_sysconfig_lines(key, value, whence) Replace the value in lines matching the key. If there is no match, a new line will be added to the where whenceand offset tells us. The sysconfig_separator value can be changed if it’s not the usual ‘=’. add_or_replace_lines(re, goodre, newvalue, whence, offset, add_after_newline) Replace lines matching re but not goodre with newvalue. If there is no match, a new line will be added where the whenceand offset tell us. See IO::String::seekfor details; e.g. use the constants tuple BEGINNING_OF_FILE or ENDING_OF_FILE. If add_after_newline is true or undef, before adding the new line, it is verified that a newline precedes this position. If no newline char is found, one is added first. whence must be one of SEEK_SET, SEEK_CUR or SEEK_END; everything else will be ignored (an error is logged if logging is set)). Reminder: if the offset position lies beyond SEEK_END, padding will occur with $self->pad, which defaults to \0. get_all_positions(regex, whence, offset) Return reference to the arrays with the positions before and after all matches of the compiled regular expression regex, starting from whence (default beginning) and offset (default 0). (If the regexp does not match, references to empty arrays are returned). Global regular expression matching is performed (i.e. m/$regex/g). The text is searched without line-splitting, but multiline regular expressions like qr{^something.\*$}m can be used for per line matching.
1.1. CAF 9 Quattor Documentation, Release 0.0.1 get_header_positions(regex, whence, offset) Return the position before and after the “header”. A header is a block of lines that start with same compiled regular expression regex. Default value for regex is qr{^\s\*#.\*$}m(matching a block of text with each line starting with a #); the default value is also used when regex is undef. (-1, -1) is returned if no match was found. whence and offset are passed to underlying get_all_positionscall. remove_lines(re, goodre) Remove any lines matching re but *not* goodre. If there is no match, nothing will be done.
EXPORTED CONSTANTS
The following constants are automatically exported when using this module: BEGINNING_OF_FILE Flag to pass to add_or_replace_lines. Lines should be added at the beginning of the file. (To be used in list context, as this is actually (SEEK_SET, 0).) ENDING_OF_FILE Flag to pass to add_or_replace_lines. Lines should be added at the end of the file. (To be used in list context, as this is actually (SEEK_END, 0).)
EXAMPLES
Appending to the end of a file
For instance, you may want to append a line to the end of a file, if it doesn’t exist already: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); if (${$fh->string_ref()} !~m{hello, world}m){ print $fh "hello, world\n"; } $fh->close();
Cancelling changes in case of error
This is a subclass of CAF::FileWriter, so just do as you did with it: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->cancel() if $error; $fh->close();
Appending a line to the beginning of the file
Trivial: use the head_print method:
10 Chapter 1. Content Quattor Documentation, Release 0.0.1
my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->head_print ("This is a nice header for my file");
Replacing configuration lines
If you want to replace existing lines: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->replace_lines (qr(pam_listfile), qr(session\s+required\s+pam_listfile.so.*item=user), join("\t", qw(session required pam_listfile.so onerr=fail item=user sense=allow file=/some/acl/file)));
This will not add any new lines in case there are no matches.
Adding or replacing lines
If you want to replace lines that match a given regular expression, and have to add them to the beginning of the file in case there are no matches: my $fh= CAF::FileEditor->open("/foo/bar", log=>$self); $fh->add_or_replace_lines (qr(pam_listfile), qr(session\s+required\s+pam_listfile.so.*item=user), join("\t", qw(session required pam_listfile.so onerr=fail item=user sense=allow file=/some/acl/file)), BEGINNING_OF_FILE);
SEE ALSO
This class inherits from CAF::FileWriter, and thus from IO::String.
FileReader
NAME
CAF::FileReader - Class for only reading files in CAF applications.
DESCRIPTION
Normal use:
1.1. CAF 11 Quattor Documentation, Release 0.0.1
use CAF::FileReader; my $fh= CAF::FileReader->open("my/path"); while (my $line= <$fh>){ # Do something }
This class should be used whenever a file is to be opened for reading, and no modifications are expected. Printing to this file is allowed, but changes will be discarded (in effect, the FileEditor is cancel-ed. new Create a new instance: open the file $fn, read it, seek to the beginning and cancel any (future) changes. open Synonym for new()
FileWriter
NAME
CAF::FileWriter - Class for securely writing to files in CAF applications.
SYNOPSIS
Normal use:
use CAF::FileWriter; my $fh= CAF::FileWriter->open("my/path"); print $fh "My text"; $fh->close();
Aborting changes:
use CAF::FileWriter; my $fh= CAF::FileWriter->open("my/path"); print $fh, "My text"; $fh->cancel(); $fh->close();
DESCRIPTION
This class should be used whenever a file is to be opened for writing. If the file already exists and the printed contents are the same as the contents present on disk, the actual file won’t be modified. This way, timestamps will be kept. It also provides a secure way of opening files, avoiding symlink attacks. In case of errors, changes can be cancelled, and nothing will happen to disk. Finally, the file names to be handled will be logged at the verbose level.
12 Chapter 1. Content Quattor Documentation, Release 0.0.1
Gory details
This is a wrapper class for IO::String with customised close based on File::AtomicWrite.
Public methods new Returns a new object. It accepts the file name as its first argument, and the next hash as additional options: log The log object. If not supplied, no logging will be performed. owner UID for the file. group File’s GID. mode File’s permissions. mtime File’s modification time. backup Create a backup file when the file already exists and will be modified. The value is used as a suffix to create the backup filename (e.g. .old). keeps_state A boolean specifying whether a file change respects the current system state or not. A file with keeps_state will be created/modified, regardless of any value for NoAction. This is useful when creating temporary files that are required for a NoAction run. By default, file changes modify the state and thus keeps_state is false. sensitive A boolean specifying whether a file contains sensitive information (like passwords). When the content of the file is modified, the changes (either the diff or the whole content in case of a new file) themself are not reported and not added to the event history. open Synonym for new() close Closes the file. If the file has been saved (e.g. previous close or cancel) nothing happens and undef is returned. If the file has not been saved, it checks its contents and perhaps re-writes it, in a secure way (not following symlinks, etc). The (re)write only occurs if there was a change in content and this change (or not) is always determined and returned, even if NoAction is true (but in that case nothing is (re)written). Under a verbose level, it will show in the standard output a diff of the old and the newly-generated contents for this file before actually saving to disk.
1.1. CAF 13 Quattor Documentation, Release 0.0.1
cancel Marks the printed contents as invalid. The existing file will not be altered. Option msg to add custom message to verbose reporting. noAction Returns the NoAction flag value (boolean) stringify Returns a string with the contents of the file, so far. It overloads "", so it’s now possible to do “$fh” and get the contents of the file so far. (Returns empty string on an already closed file.) error, warn, info, verbose, debug, report, log, OK Convenience methods to access the log/reporter instance that might be passed during initialisation and set to \*$self-{LOG}>. is_verbose Determine if the reporter level is verbose. If it can’t be determined from the reporter instance, use the global CAF::Reporter state. Supports boolean option verbose_logfile to check if reporting to logfile is verbose. event Method to track an event via LOG CAF::History instance (if any). Following metadata is added filename Adds the filename as metadata
Private methods
_read_contents Read the contents from file filename using LC::File::file_contentsand return it. Optional named arguments event A hashref that will be updated in place if an error occured. The errorattribute is set to the exception text. missing_ok When true and LC::File::file_contents fails with ENOENT(i.e. when filename is missing), the exception is ignored and no warning is reported. By default, a warning is reported in case of an error and the exception is (re)thrown. DESTROY Class destructor. Closes the file, perhaps saving it to disk.
14 Chapter 1. Content Quattor Documentation, Release 0.0.1
EXAMPLES
Opening /etc/sudoers
This a part of what ncm-sudo should do, if it used this module: my $fh= CAF::FileWriter->open("/etc/sudoers", mode=> 0440, log=>$self); print $fh "User_Alias\t$_\n" foreach @{$aliases->{USER_ALIASES()}}; print $fh "Runas_Alias\t$_\n" foreach @{$aliases->{RUNAS_ALIASES()}}; ... $fh->close();
Which is actually simpler and safer than current code.
Specifying owner and group
Owner and group are set at the time of creating the object: my $fh= CAF::FileWriter->open("/some/file", owner=> 100 group=> 200); print $fh "Hello, world!\n"; # I don't like what I did, just drop the changes: $fh->cancel(); $fh->close();
Changing the default filehandle
If you don’t want STDOUT as your default filehandle, you can just select a CAF::FileWriter object: my $fh= CAF::FileWriter->open("/some/file", owner=> 100, group=> 200); select($fh); print "Hello, world!\n"; $fh->close(); select(STDOUT);
Using here-documents
You can use them, as always: my $fh= CAF::FileWriter->open("/some/file"); print $fh <
1.1. CAF 15 Quattor Documentation, Release 0.0.1
Closing when destroying
If you forget to explictly close the CAF::FileWriter object, it will be closed automatically when it is destroyed:
my $fh= CAF::FileWriter->open("/some/file"); print $fh "Hello, world!\n"; undef$fh;
SEE ALSO
This package inherits from IO::String. Check its man page to do powerful things with the already printed contents.
TODO
This has became too heavy: in some circumstances, manipulating a file involves opening it three times, reading it twice and executing two commands. We probably need to drop LC::* and do things in our own way.
History
NAME
CAF::History - Class to keep history of events
SYNOPSIS
package mypackage;
use qw(CAF::History);
sub _initialize { ... $self->{HISTORY}= CAF::History->new(); ... } sub foo{ my ($self,$a,$b,$c)=@_; ... $self->{HISTORY}->event(); ... }
DESCRIPTION
CAF::History provides class methods for tracking and lookup of events. TODO: CAF::History should provide interfaces for loading / saving history to file e.g. sqlite
16 Chapter 1. Content Quattor Documentation, Release 0.0.1
lookup / querying events (e.g. what files where last written to by component X)
Public methods
new Create a CAF::History instance, The history is a hashref with keys $EVENTS an array reference holding all events. $LAST The latest state of each id $NEXTIDX The index of the next event. optional $INSTANCES If keep_instances is set, an INSTANCES attribute is also added, and any events will keep track of the (blessed) instances. Caveat: this will prevent code that relies on instances going out of scope to perform certain actions on DESTROY, to function properly. By default, INSTANCES are not kept. event Add an event. An event is specified by an id from the $objand a hash metadata. (Metadata can be passed as <-event($obj, modified => 0);>>.) If an instance is passed, the Scalar::Util::refaddr is used as internal identifier. If a scalar is passed, it’s value is used. Object instances are also added to an instances hash-ref to handle DESTROY properly (but only if the initial HISTORY attribute has an INSTANCES attribute). Following metadata is added automatically IDX The unique event index, increases one per event. ID The identifier REF The obj ref TS The timestamp (private method _now is used to determine the timestamp) The last metadata of each event is also held stored (for convenient access). Returns SUCCESS on success, undef otherwise. query_raw
1.1. CAF 17 Quattor Documentation, Release 0.0.1
Primitive interface to query the events. match is a anonymous sub that is passed the event as (only) argument (each event is a metadata hashref). Returns true if the event matches and is to be returned. filter is an arrayref of metadata keys to filter from the event (only event metadata matching the filter is returned). Returns an arrayref of (a shallow copy of) the event metadata. TODO: support proper, human-friendly query interface via (NO)SQL close Closes the history which triggers following destroy INSTANCES TODO: report an overview of events E.g. all modified FileWriter and Editors Returns SUCCESS on success, undef otherwise.
Private methods
_now Return the timestamp to use. Implemented using builtin time for now, i.e. no timezones. _cleanup_instances Cleanup instances and remove any reference to instances held by the history. This might trigger new events. After all, we must make sure we have all the events. Following methods are supported close If the instance has a close method, the method is called without any arguments. Returns SUCCESS on success, undef otherwise.
Kerberos
NAME
CAF::Kerberos - Class for Kerberos handling using GSSAPI.
DESCRIPTION
This class handles Kerberos tickets and some utitlities like kerberos en/decryption. To create a new ticket for principal SERVICE/host@REALM (using default (server) keytab for the TGT), you can use
my $krb= CAF::Kerberos->new( principal=> 'SERVICE/host@REALM', log=>$self, ); (continues on next page)
18 Chapter 1. Content Quattor Documentation, Release 0.0.1
(continued from previous page) return if(! defined($krb->get_context()));
# set environment to temporary credential cache # temporary cache is cleaned-up during destroy of $krb local%ENV=%ENV; $krb->update_env(\%ENV);
Methods
_initialize Initialize the kerberos object. Arguments: Optional arguments log A CAF::Reporter object to log to. lifetime, keytab Ticket lifetime and keytab are passed to update_ticket_options method. primary, instances, realm, principal Principal primary, instances, realm and principal are passed to update_principal method. update_ticket_options Update ticket details using optional named arguments (and set the keytab ENV attributes). lifetime Requested lifetime. (There is no verification if the actual lifetime is this long). keytab Set the keytab to use to create the TGT. update_principal Set the principal details (primary, instances and/or realm) using following optional named arguments primary The primary component (i.e. username or service) (cannot be empty string). instances Array reference with instances for the principal realm The realm. principal The principal string, will be split in above components. Any individual component specified will precede the value from this string. create_credential_cache
1.1. CAF 19 Quattor Documentation, Release 0.0.1
Create the credential cache and add the KRB5CCNAME to the temp environment. Use kinit to get an initial TGT for that cache. Returns SUCCESS on success, undef otherwise (see fail attribute). get_context Create a GSSAPI::Context. Following options are supported name The GSSAPI::Name instance to use. If undef, get_name method will be used to create one. iflags Input flags/bits for the Context to create to support certain service options. (See e.g. _spnego_iflags). Defaults to 0. itoken Input token (q{} is used if not defined). usecred Boolean, if true, (try to) get a credential before getting the context. Returns the output token in case of succes, undef in case of failure. get_cred Acquire a GSSAPI::Cred instance. Following options are supported name The GSSAPI::Name instance to use. If undef, get_name method will be used to create one. usage Specify the credential usage, one of GSSAPI constants GSS_C_INITIATE, GSS_C_ACCEPT or (default) GSS_C_BOTH. Returns the GSSAPI::Cred instance in case of succes, undef in case of failure. get_hrname Return human readablename from GSSAPI::Name instance. Return undef on failure (and set fail attribute with reason). get_name Return a imported GSSAPI::Name instance. Returns undef on failure. Optional principal hashref is passed to _principal_string. DESTROY On DESTROY, following cleanup will be triggered Cleanup of credential cache _principal_string
20 Chapter 1. Content Quattor Documentation, Release 0.0.1
Convert the principal hashref into a principal string. Optional principal hashref can be passed, if none is provided, use the instance $self-{principal}>. Returns the principal string, undef in case or problem. _split_principal_string Split a principal string in primary, instances and realm components. Returns a hashref with the components, undef incase the string is invalid. _spnego_iflags Create the SPNEGO iflags for Context instance. Optional $delegate boolean. _gss_decrypt Given token, decrypt inbuf that is encrypted with GSSAPI wrap’ping. Returns human readable GSSAPI::Name and decrypted output buffer. Returns undef on failure. _gss_status Evaulatues status: on success, returns SUCCESS reports with verbose, on failure returns fail (The fail message is set in the fail attribute). Optional text can be used to construct the message prefix. _gssapi_{init,accept,wrap,unwrap,import,display} Interfaces to GSSAPI methods returning a GSSAPI::Status instance. Given an instance of GSSAPI::Context (for accept,init,valid_time_left,wrap,unwrap) or GSSAPI::Name (for display,import), call the metod on the instacne with the remaining arguments. The returned status is processed by _gss_status. Returns undef in case of failure (with message in fail attribute), SUCCESS otherwise. _process Run arrayref $cmd via CAF::Process-new->output> in updated environment. Returns the output (and sets $?). _kinit Obtain the TGT using kinit, using the credential cache specified in the ‘KRB5CCNAME’ environment variable. Principal used is generated via _principal_string. Returns SUCCESS on success, undef otherwise.
Lock
NAME
CAF::Lock - Class for handling application instance locking
1.1. CAF 21 Quattor Documentation, Release 0.0.1
SYNOPSIS
use CAF::Lock;
$lock= CAF::Lock->new('/var/lock/quattor/spma', log=>$reporter);
unless ($lock->set_lock()) {...} unless ($lock->set_lock(10,2){...} unless ($lock->set_lock(3,3, FORCE_ALWAYS)) {...}
unless ($lock->unlock()) {....}
INHERITANCE
CAF::Object
DESCRIPTION
The CAF::Lock class provides methods for handling application locking.
PUBLIC METHODS
set_lock(retries, timeout, force) Tries retries times to set the lock. If force is set to FORCE_NONEor not defined and the lock is set, it sleeps for timeout. Returns SUCCESS, or undef on failure. If retries or timeout are not defined or set to 0, only a single attempt is done to acquire the lock. If force is set to FORCE_ALWAYS then the lock file is just set again, even if the lock is already set by another application instance, and neither timeout nor retries are taken into account. unlock() Releases the lock and returns SUCCESS. Reports an error and returns undef if the lock cannot be re- leased. If the object (application instance) does not hold the lock, an error is reported and undefis re- turned. is_set() Returns SUCCESS if lock is set by application instance, undef otherwise.
PRIVATE METHODS
_initialize(lockfilename) Initialize the object. Called by new(lockfilename). Optional arguments log A CAF::Reporter object to log to. _try_lock(force)
22 Chapter 1. Content Quattor Documentation, Release 0.0.1
Called by set_lock() to create the lock file and return SUCCESS if we were able to flock() the file. If force is set to FORCE_ALWAYS then this method will return SUCCESSeven if flock() was unsuc- cessful.
Log
NAME
CAF::Log - Simple class for handling log files
SYNOPSIS use CAF::Log; my $log= CAF::Log->new('/foo/bar', 'at');
$log->print("this goes to the log file\n"); $log->close();
DESCRIPTION
The CAF::Log class allows to instantiate objects for writing log files. A log file line can be prefixed by a time stamp.
Public methods close(): boolean closes the log file, returns SUCCESS on success, undef otherwise (if no FH attribute exists). print($msg): boolean Prints $msg into the log file. If PROCID attribute is defined (value is irrelevant), the proces id in square brackets ([PID]) and addi- tional space are prepended. If TSTAMP attribute is defined (value is irrelevant), a YYYY/MM/DD-HH:mm:ss timestamp and addi- tional space are prepended. No newline is added to the message. Returns the return value of invocation of FH print method.
Private methods
_initialize($filename, $options) $options is a string with magic letters a: append to a logfile w: truncate a logfile t: generate a timestamp on every print
1.1. CAF 23 Quattor Documentation, Release 0.0.1
p: add PID Only one of w or a can and has to be set. (There is no default.) If the w option is used and there was a previous log file, it is renamed with the extension ‘.prev’. Examples: CAF::Log->new(‘/foo/bar’, ‘at’): append, enable timestamp CAF::Log->new(‘/foo/bar’, ‘w’) : truncate logfile, no timestamp If the filename ends with .log, the SYSLOG attribute is set to basename of the file without suffix (relevant for CAF::Reporter::syslog). DESTROY Called during garbage collection. Invokes close().
Object
NAME
CAF::Object - provides basic methods for all CAF objects
SYNOPSIS
use parent qw(CAF::Object ...); ... sub _initialize{ ... initialize your package return SUCCESS; # Success }
DESCRIPTION
CAF::Object is a base class which provides basic functionality to CAF objects. All other CAF objects should inherit from it. All CAF classes use this as their base class and inherit their class constructor new from here. Sub-classes should implement all their constructor initialisation in an _initialize method which is invoked from this base class new constructor. Sub-classes should NOT need to override the new class method. The subclass _initialize method has to be implemented and has to return a boolean value indicating if the initialisation was succesful (e.g. use SUCCESS exported by CAF::Object). In particular, one should avoid to return the $self instance at the end of _initialize (e.g. to avoid troubles when the subclass overloads logic evaluation (which is also possible via overloading other methods such as stringification)).
Public methods
new Creates an empty hash and bless’es it as the new class instance. All arguments are then passed to a $self-_initialize(@_)> call. When _initialize returns success, the NoAction attribute is set to the value of CAF::Object::NoAction if it didn’t exist after _initialize. If _initialize returns failure, an error is thrown and undef returned.
24 Chapter 1. Content Quattor Documentation, Release 0.0.1 noAction Returns the NoAction flag value (boolean)
Private methods
_initialize This method must be overwritten in a derived class error, warn, info, verbose, debug, report, OK, event Convenience methods to access the log/reporter instance that might be passed during initialisation and set to $self-{log}>. (When constructing classes via multiple inheritance, CAF::Reporter should precede CAF::Object if you want to use an absolute rather than a conditional logger). fail Handle failures. Stores the error message in the fail attribute, logs it with verbose and returns undef. To be used in subclasses that are not supposed to log/report any errors themself when a problem or failure occurs. In such classes, all failures should use return $self-fail(“message”);>. update_env Update the hashref $env with key/value from the ENV attribute hashref. (A undef value will remove the key.) Returns the env hashref. To be used as
# Setup local environment local%ENV=%ENV; $self->update_env(\%ENV);
Example:
# some method_1 that prepares a shared environment sub method_1 { ... # Prepare enviroment modifications $self->{ENV}->{PATH}= "/some/new/path:$ENV{PATH}"; ... }
sub do_something { ... # Setup local environment local%ENV=%ENV; $self->update_env(\%ENV);
# everything in the remainder of the method runs in modified environment # is limited to the scope of this method due to 'local' ... }
1.1. CAF 25 Quattor Documentation, Release 0.0.1
ObjectText
NAME
CAF::ObjectText - Base class for handling text
SYNOPSIS
Define subclass via package SubClass; use parent qw(CAF::ObjectText);
sub _get_text { my ($self)=@_; return "actual text"; }
And use it via my $sc = SubClass->new(log => $self); print “$sc”; # stringification
$sc= SubClass->new(log=>$self); # return CAF::FileWriter instance (text already added) my $fh=$sc->filewriter('/some/path'); if (!defined($fh)) { $self->error("Failed to retrieve filewriter: $sc->{fail}"); return; } $fh->close();
DESCRIPTION
This class simplifies text handling via stringification and produces a CAF::FileWriter instance.
Methods
_initialize_textopts Handle some common options in the subclass _initialize method. log A CAF::Reporter object to log to. eol If eol is true, the produced text will be verified that it ends with an end-of-line, and if missing, a newline character will be added. By default, eol is true. eol set to false will not strip trailing newlines (use chompor something similar for that). usecache If usecache is false, the text is always re-produced. Default is to cache the produced text (usecache is true). _get_text_test
26 Chapter 1. Content Quattor Documentation, Release 0.0.1
Run additional tests before the actual text is produced via get_text. Returns undef in case of failure, SUCCESS otherwise. The method is called in get_text before the caching is checked. Default implementation does not test anything, always returns SUCCESS. This method should be rede- fined in the subclass. _get_text Produce the actual text in get_text(or call another method that does so). Returns 2 element tuple with first element the resulting text (or undef in case of failure). The second element is an error message prefix (ideally, real error message is set via the fail attribute). This method needs to be defined in the subclass. get_text get_text produces and returns the text. In case of an error, get_text returns undef(no error is logged). This is the main difference from the auto-stringification that returns an empty string in case of a rendering error. By default, the result is cached. To force re-producing the text, clear the current cache by passing 1 as first argument (or disable caching completely with the option usecacheset to false during the initialisation). filewriter Create and return an open CAF::FileWriter instance with first argument as the filename. If the get_text method fails (i.e. returns undef), undef is returned. The text is added to the filehandle. It’s up to the consumer to cancel and/or close the instance. All CAF::FileWriter initialisation options are supported and passed on. (If no log option is pro- vided, the one from the current instance is passed). Two new options header and footer are supported to respectively prepend and append to the text. If eol was set during initialisation, the header and footer will also be checked for EOL. (EOL is still added to the get_text if eol is set during initialisation, even if there is a footer defined.)
Path
NAME
CAF::Path - check that things are really the way we expect them to be
DESCRIPTION
Simplify common file and directory related operations e.g. directory creation cleanup (mockable) file/directory tests The class is based on LC::Check with following major difference CAF::Object::NoAction support builtin (and keeps_state option to override it). support CAF::Reporter (incl. CAF::History)
1.1. CAF 27 Quattor Documentation, Release 0.0.1
raised exceptions are catched, methods return SUCCESS on succes, undef on failure and store the error message in the fail attribute. available as class-methods return values undef: failure occured SUCCESS: nothing changed (boolean true) CHANGED: something changed (boolean true).
Functions
mkcafpath Returns an instance of CAF::Object and CAF::Path. This instance is a simple way to use CAF::Path when subclassing is not possible. Allowed options are
Methods
LC_Check Execute function
28 Chapter 1. Content Quattor Documentation, Release 0.0.1
Test if path exists. This is basically the perl builtin -e || -l, wrapped in a method to allow unittesting. A broken symlink (symlink whose target doesn’t exist) exists: any_exists returns true. is_symlink Test if path is a symlink. Returns true as long as path is a symlink, including when the symlink target doesn’t exist. cleanup cleanup removes dest with backup support. (Works like LC::Check::_unlink, but has directory support and no error throwing). Returns CHANGED is something was cleaned-up, SUCCESS if nothing was done and undef on failure (and sets the fail attribute). The
1.1. CAF 29 Quattor Documentation, Release 0.0.1
This is an internal method, not supposed to be called directly. Either call symlink or hardlink public methods instead. hardlink Create a hardlink link_path whose target is target. On failure, returns undef and sets the fail attribute. If link_path exists and is a file, it is updated. target must exist (check flag available in symlink() is ignored for hardlinks) and it must reside in the same filesystem as link_path. If target_path is a relative path, it is interpreted from the current directory. link_name parent directory is created if it doesn’t exist. Returns SUCCESS on sucess if the hardlink already existed with the same target, CHANGED if the hardlink was created or updated, undef otherwise. This method relies on _make_link method to do the real work, after enforcing the option saying that it is a hardlink. symlink Create a symlink link_path whose target is target. Returns undef and sets the fail attribute if link_pathalready exists and is not a symlink, except if this is a file and option force is defined and true. If link_path exists and is a symlink, it is updated. By default, the target is not required to exist. If you want to ensure that it exists, define option check to true. Both link_path and targetcan be relative paths: link_path is interpreted as relatif to the current directory and target is kept relative. link_path parent directory is created if it doesn’t exist. Returns SUCCESS on sucess if the symlink already existed with the same target, CHANGED if the symlink was created or updated, undef otherwise. This method relies on _make_link method to do the real work, after enforcing the option saying that it is a symlink. has_hardlinks Method that returns the number of hardlinks for file. The number of hardlinks is the number of entries referring to the inodes minus 1. If file has no hardlink, the return value is 0. If file is not a file, the return value is undef. is_hardlink This method returns SUCCESS if path1 and path2 refer to the same file (inode). It returns 0 if path1 and path2 both exist but are different files or are the same path and undef if one of the paths doesn’t exist or is not a file. Note: the result returned will be identical whatever is the order of path1 and path2arguments. status Set the path stat options: owner, group, mode and/or mtime. This is a wrapper around LC::Check::statusand executed with LC_Check. Returns CHANGED if a change was made, SUCCESS if no changes were made and undef in case of failure (and the fail attribute is set). Additional options keeps_state: boolean passed to _get_noaction. move Move/rename src to dest.
30 Chapter 1. Content Quattor Documentation, Release 0.0.1
The final goal is to make sure src does not exist anymore, not that dest exists after move (in particular, if srcdoes not exist to start with, success is immediately returned, and no backup of dest is created). The
... foreach my $file(glob('/path/ *.ext')) { ...
replace by
... foreach my $file(@{$self->listdir('/path', filter=> '\.ext$', adddir=>1)}
˓→){ ...
Options test An (anonymous) sub used for testing. The return value is interpreted as boolean value for filtering the directory entry names (true value means the name is kept). Accepts 2 arguments: first argument ($_[0]) the directory entry name, 2nd argument ($_[1]) the directory. filter A pattern or compiled pattern to filter directory entry names. Matching names are kept. inverse Apply inverse test (or filter) logic. adddir Prefix the directory to the returned filenames (default false). file_exists Shortcut for test function that uses CAF::Path::file_exists as test function.
Process
NAME
CAF::Process - Class for running commands in CAF applications
1.1. CAF 31 Quattor Documentation, Release 0.0.1
SYNOPSIS use CAF::Process; my $proc= CAF::Process->new ([qw (my command)], log=>$self); $proc->pushargs (qw (more arguments)); my $output=$proc->output(); $proc->execute();
DESCRIPTION
This class provides a convenient wrapper to LC::Process functions. Commands are logged at the verbose level. All these methods return the return value of their LC::Process equivalent. This is different from the command’s exit status, which is stored in $?. Please use these functions, and do not use \`\`, qx// or system. These functions won’t spawn a subshell, and thus are more secure.
Private methods
_initialize Initialize the process object. Arguments: $command A reference to an array with the command and its arguments. %opts A hash with the command options: log The log object. If not supplied, no logging will be performed. timeout Maximum execution time, in seconds, for the command. If it’s too slow it will be killed. pid Reference to a scalar that will hold the child’s PID. stdin Data to be passed to the child’s stdin stdout Reference to a scalar that will have child’s stdout stderr Reference to a scalar that will hold the child’s stderr. keeps_state
32 Chapter 1. Content Quattor Documentation, Release 0.0.1
A boolean specifying whether the command respects the current system state or not. A command that keeps_state will be executed, regardless of any value for NoAction. By default, commands modify the state and thus keeps_state is false. sensitive A boolean, hashref or functionref specifying whether the arguments contain sensitive information (like passwords). If sensitive is true, the commandline will not be reported (by default when log option is used, the commandline is reported with verbose level). If sensitive is a hash reference, a basic search (key) and replace (value) is per- formed. The keys and values are not interpreted as regexp patterns. The order of the search and replace is determined by the sorted values (this gives you some con- trol over the order). Be aware that all occurences are replaced, and when e.g. weak passwords are used, it might reveal the password by replacing other parts of the com- mandline (--password=password might be replaced by --SECRET=SECRET, thus revealing the weak password). Also, when a key is a substring of another key, it will reveal (parts of) sensitive data if the order is not correct. If sensitive is a function reference, the command arrayref is passed as only argu- ment, and the stringified return value is reported. my $replace = sub { my $command = shift; return join(“_”, @$command); };
...
CAF::Process->new(..., sensitive=>$replace);
This does not cover command output. If the output (stdout and/or stderr) con- tains sensitve information, make sure to handle it yourself via stdout and/or stderroptions (or by using the output method). These options will only be used by the execute method. _sensitive_commandline Generate the reported command line text, in particular it deals with the sensitive attribute. When the sensitive attribute is not set, it returns stringify_command. This method does not report, only returns text. See the description of the sensitive option in _initialize. _LC_Process Run LC::Process function with arrayref arguments args. noaction_value is is the value to return with NoAction. msg and postmsg are used to construct log message <
Public methods execute
1.1. CAF 33 Quattor Documentation, Release 0.0.1
Runs the command, with the options passed at initialization time. If running on verbose mode, the exact command line and options are logged. Please, initialize the object with log = ‘’> if you are passing confidential data as an argument to your command. output Returns the output of the command. The output will not be logged for security reasons. toutput Returns the output of the command, that will be run with the timeout passed as an argument. The output will not be logged for security reasons. stream_output Execute the commands using execute, but the stderr is redirected to stdout, and stdout is processed with processfunction. The total output is aggregated and returned when finished. Extra option is the process mode. By default (or value undef), the new output is passed to process. With mode line, processis called for each line of output (i.e. separated by newline), and the remainder of the output when the process is finished. Another option are the process arguments. This is a reference to the array of arguments passed to the process function. The arguments are passed before the output to the process: e.g. if arguments =\ [qw(a b)]> is used, the process function is called like process(a,b,$newoutput) (with $newoutput the new streamed output) Example usage: during a yum install, you want to stop the yum process when an error message is detected.
sub act{ my ($self,$proc,$message)=@_; if ($message =~ m/error/){ $self->error("Error encountered, stopping process: $message"); $proc->stop; } }
$self->info("Going to start yum"); my $p= CAF::Process->new([qw(yum install error)], input=> 'init'); $p->stream_output(\&act, mode=> line, arguments=>[$self,$p]); run Runs the command. trun Runs the command with $timeout seconds of timeout. pushargs Appends the arguments to the list of command arguments setopts Sets the hash of options passed to the options for the command stringify_command Return the command and its arguments as a space separated string. get_command
34 Chapter 1. Content Quattor Documentation, Release 0.0.1
Return the reference to the array with the command and its arguments. get_executable Return the executable (i.e. the first element of the command). is_executable Checks if the first element of the array with the command and its arguments, is executable. It returns the result of the -x test on the filename (or undef if filename can’t be resolved). If the filename is equal to the basename, then the filename to test is resolved using the File::Which::which method. (Use ./script if you want to check a script in the current working directory). execute_if_exists Execute after verifying the executable (i.e. the first element of the command) exists and is executable. If this is not the case the method returns 1.
COMMON USE CASES
On the next examples, no log is used. If you want your component to log the command, just add log => $self to the object creation.
Running a command
First, create the command: my $proc= CAF::Process->new (["ls", "-lh"]);
Then, choose amongst:
$proc->run(); $proc->execute();
Emulating backticks to get a command’s output
Create the command: my $proc= CAF::Process->new (["ls", "-lh"]);
And get the output: my $output=$proc->output();
Piping into a command’s stdin
Create the contents to be piped: my $contents= "Hello, world";
Create the command, specifying $contents as the input, and execute it:
1.1. CAF 35 Quattor Documentation, Release 0.0.1
my $proc= CAF::Process->new (["cat", "-"], stdin=>$contents); $proc->execute();
Piping in and out
Suppose we want a bi-directional pipe: we provide the command’s stdin, and need to get its output and error: my ($stdin,$stdout,$stderr)=("Hello, world", undef, undef); my $proc= CAF::Process->new (["cat", "-"], stdin=>$stdin, stdout=>\$stdout stderr=>\$stderr); $proc->execute();
And we’ll have the command’s standard output and error on $stdout and $stderr.
Creating the command dynamically
Suppose you want to add options to your command, dynamically: my $proc= CAF::Process->new (["ls", "-l"]); $proc->pushargs ("-a", "-h"); if ($my_expression){ $proc->pushargs ("-S"); }
# Runs ls -l -a -h -S $proc->run();
Subshells
Okay, you really want them. You can’t live without them. You found some obscure case that really needs a shell. Here is how to get it. But please, don’t use it without a good reason: my $cmd= CAF::Process->new(["ls -lh|wc -l"], log=>$self, shell=>1); $cmd->execute();
It will only work with the execute method.
SEE ALSO
LC::Process
Reporter
NAME
CAF::Reporter - Class for console & log message reporting in CAF applications
36 Chapter 1. Content Quattor Documentation, Release 0.0.1
SYNOPSIS
package myclass; use CAF::Log; use parent qw(CAF::Reporter);
my $logger= CAF::Log->new('/path/to/logfile', 'at');
sub new{ ... $self->config_reporter(debuglvl=>2, verbose=>1, logfile=>$logger); ... }
sub foo{ my ($self,$a,$b,$c)=@_; ... $self->report("foo is doing well"); $self->verbose("foo called with params $a $b $c"); $self->debug(3, "foo is performing operation xyz"); ... }
DESCRIPTION
CAF::Reporter provides class methods for message (information, warnings, error) reporting to standard output and a log file. There is only one instance of CAF::Reporter in an application. (All CAF::Reporterinstances share the same configuration). Classes wanting to use CAF::Reporter have to inherit from it (using parent qw(CAF::Reporter) or via @ISA). Usage of a log file is optional. A log file can be attached/detached with the set_logfile method.
Public methods
init_reporter Setup default/initial values for reporter. Returns success. config_reporter Reporter configuration: Following options are supported debuglvl Set the (highest) debug level, for messages reported with the ‘debug’ method. The following recommendations apply:
0: no debug information 1: main package 2: main libraries/functions 3: helper libraries 4: core functions (constructors, destructors)
quiet
1.1. CAF 37 Quattor Documentation, Release 0.0.1
If set to a true value (eg. 1), stops any output to console. verbose If set to a true value (eg. 1), produce verbose output (with the verbose method). Implied by debug >= 1. facility The syslog facility the messages will be sent to verbose_logfile All reporting to logfiles will be verbose logfile logfile can be any type of class object reference, but the object must support a print(@array) method. Typically, it should be an CAF::Log instance. If logfile is defined but false, no logfile will be used. (The name is slightly misleading, because is it does not set the logfile’s filename, but the internal $LOGFILE attribute). struct Enable the structured logging type struct (implemented by method ‘‘ <_struct_
38 Chapter 1. Content Quattor Documentation, Release 0.0.1
OK(@array): boolean Logs using syslog method with notice priority and reports @array using the report method, but with a [OK] prefix. warn(@array): boolean Logs using syslog method with warning priority and reports @array using the report method, but with a [WARN] prefix. error(@array): boolean Logs using syslog method with err priority and reports @array using the report method, but with a [ERROR] prefix. verbose(@array): boolean If verbose is enabled (via config_reporter), the verbose method logs using syslog method with notice priority and reports @array using the report method, but with a [VERB] prefix. debug($debuglvl, @array): boolean If $debuglvl is higher or equal than then one set via config_reporter, the debug method logs to syslog with debug priority and reports @array using the report method, but with a [DEBUG] prefix. If the $debuglvl is not an integer in interval [0-9], an error is thrown and undef returned (and nothing logged). log(@array): boolean Writes @array as a concatenated string with added newline to the log file, if one is setup (via
1.1. CAF 39 Quattor Documentation, Release 0.0.1
Current class name ref($self).
Deprecated/legacy methods setup_reporter Deprecated method to configure the reporter. The configure options debuglvl, quiet, verbose, facility, verbose_logfileare passed as postional arguments in that order.
$self->setup_reporter(2,0,1);
is equal to
$self->config_reporter(debuglvl=>2, quiet=>0, verbose=>1); set_report_logfile Deprecated method to configure the reporter LOGFILE attribute:
$self->setup_report_logfile($instance);
is equal to
$self->config_reporter(logfile=>$instance);
Returns SUCCESS on success, undef otherwise. (The method name is slightly misleading, because is it does not set the logfile’s filename, but the internal $LOGFILE attribute).
ReporterMany
NAME
CAF::ReporterMany - Class for console & log message reporting in CAF applications, which allows more than one object instance each with its own reporting setup.
DESCRIPTION
CAF::ReporterMany provides class methods for message reporting just like CAF::Reporter does, with the main distinction that multiple instances do not share the reporter setup (e.g. they can each have their own debuglevel).
RuleBasedEditor
DESCRIPTION
This module implements a rule-based editor that is used to modify the content of an existing file. Each rule driving the editing process is applied to all lines wose “keyword” is matching the one specified in the rule. The input for updating the file is a hash typically built from the Quattor configuration when the rule-based editor is called from a configuration module. Conditions can be defined based on the contents of this configuration. Lines in the configuration file that don’t match any rule are kept unmodified.
40 Chapter 1. Content Quattor Documentation, Release 0.0.1
This module is a subclass of the CAF::FileEditor: it extends the base methods of the CAF::FileEditor. It has only one public method (it uses the CAF::FileEditor constructor). The methods provided in this module can be combined with CAF::FileEditormethods to edit a file. Rules used to edit the file are defined in a hash: each entry (key/value pair) defines a rule. Multiple rules can be applied to the same file: it is important that they are orthogonal, else the result is unpredictable. The order used to apply rules is the alphabetical order of keywords. Applying the rules to the same configuration always give the same result but the changes are not necessarily idempotent (order in which successive edits occured may matter, depending on the actual rules). The hash entry key represents the line keyword in configuration file and hash value is the parsing rule for the keyword value. Parsing rule format is :
[condition->]option_name:option_set[,option_set,...];line_fmt[;value_fmt[:value_fmt_
˓→opt]]
If the line keyword (hash key) starts with a ‘-‘, the matching configuration line will be removed/commented out (instead of added/updated) from the configuration file if present. If it starts with a ‘?’, the matching line will be removed/commented out if the option is undefined. condition An option or an option set/subset (see below) that must exist for the rule to be applied or the keyword ALWAYS. Both option_set and option_name:option_set are accepted. option and option set in the condition are normally different from the option_name and option_setparameters in the rule as this is the default behaviour to apply the rule only if they exist. One option set only is allowed and only its existence (not its value) is tested. option_set can be either an actual option set as defined below or a subset of an option set (a subhash of the option set hash). To specify a subset, use / as a level separator, e.g. xroot/securityProtocol/ gsi (gsi subet of securityProtocol subset of xroot option set). It is possible to negate the condition (option or option_set must not exist) by prepending it with ‘!’. ALWAYS is a special condition that means that rules must be applied whether the option_name:option_set exist in the configuration or not. When they don’t exist the result is to comment out the matching configuration lines. option_name The name of an option that will be retrieved from the configuration. An option is a key in the option set hash. option_set The name of an option set where the option is located in (for example ‘dpnsHost:dpm’ means dpnsHost option of dpm option set). An option set is a sub-hash in the configuration hash. GLOBAL is a special value for option_set indicating that the option is a global option, instead of belonging to a specific option set (global options are at the top level of the configuration hash). line_fmt Defines the format used to represent the keyword/value pair. Several format are supported cover- ing the most usual ones (SH shell script, Apache, . . . ). For the exact list, see the definition of LINE_FORMAT_xxx constants and the associated documentation below. value_fmt used to indicate how to interpret the configuration value. It is used mainly for boolean values, list and hashes. See LINE_VALUE_xxx constants below for the possible values. value_fmt
1.1. CAF 41 Quattor Documentation, Release 0.0.1
used to indicate how to interpret the configuration value. It is used mainly for boolean values, list and hashes. See LINE_VALUE_xxx constants below for the possible values. An example of rule declaration is: my %dpm_config_rules_2=( "ALLOW_COREDUMP"=> "allowCoreDump:dpm;".LINE_FORMAT_SH_VAR.";".LINE_VALUE_
˓→BOOLEAN, "GLOBUS_THREAD_MODEL"=> "globusThreadModel:dpm;".LINE_FORMAT_ENV_VAR, "DISKFLAGS"=>"DiskFlags:dpm;".LINE_FORMAT_SH_VAR.";".LINE_VALUE_ARRAY, );
For more comprehensive examples of rules, look at ncm-dpmlfc or ncm-xrootd source code in configuration- modules-grid repository.
Rule Constants
The constants described here are used to build the rules. All these constants are exported. Add the following to use them: use RuleBasedEditor qw(:rule_constants);
There is a different group of constants for each part of the rule.
LINE_FORMAT_xxx: general syntax of the line
LINE_FORMAT_KW_VAL Keyword value (e.g. Xrootd, Apache) keywork/value separator can be customized with LINE_VALUE_OPT_SEP_xxx. No coment is added to the line. This is the default line format. LINE_FORMAT_KW_VAL_SET Set keyword value. Same remarks as for LINE_FORMAT_KW_VAL. LINE_FORMAT_KW_VAL_SETENV Setenv keyword value Same remarks as for LINE_FORMAT_KW_VAL. LINE_FORMAT_ENV_VAR Export keyword=value (e.g. SH shell family). A comment is added at the end of the line if it is modified by CAF::RuleBasedEditor. If the value contains whitespaces, it is quoted. LINE_FORMAT_SH_VAR keyword=value (e.g. SH shell family). A comment is added at the end of the line if it is modified by CAF::RuleBasedEditor. If the value contains whitespaces, it is quoted. Inline comments are not supported for the LINE_FORMAT_KW_VAL_xxx formats.
LINE_VALUE_xxx: how to interpret the configuration value
LINE_VALUE_AS_IS Take the value as it is, do not attempt any conversion. This is the default value type. LINE_VALUE_BOOLEAN
42 Chapter 1. Content Quattor Documentation, Release 0.0.1
Interpret the value as a boolean rendered as yes or no. LINE_VALUE_ARRAY The value is an array. Rendering controlled by LINE_OPT_xxx constants. LINE_VALUE_HASH The value is a hash of strings. Rendering controlled by LINE_OPT_xxx constants. LINE_VALUE_HASH_KEYS The value is a hash whose keys are the value. Rendering similar to arrays with LINE_VALUE_ARRAY (the key list is treated as an array). LINE_VALUE_INSTANCE_PARAMS specific to ncm-xrootd
LINE_OPT_xxx: options for rendering the config line
These options mainly apply to lists and hashes and are interpreted as a bitmask. LINE_OPT_KEY_PREFIX_DASH If set, add a - before the keyword when writing it in the configuration file. LINE_OPT_VALUE_ONELINE Each value in an array or keyword/value pair in a hash must be on a separate line. This results in several instances of the same keyword (multiple lines) in the configuration file. LINE_OPT_VALUE_UNIQUE Each values are concatenated as a space-separated string LINE_OPT_VALUE_SORTED Values are sorted LINE_OPT_HASH_SEP_COLON When LINE_VALUE_HASH, use a colon between each hash key and value. LINE_OPT_SEP_COLON Use a colon between keyword and value. LINE_OPT_SEP_EQUAL Use an equal sign between keyword and value. LINE_VALUE_OPT_SPACE_AROUND_SEP When updating the value, put a space around the keyword/value separator. $FILE_INTRO_xxx: constants defining the expected header lines in the configuration file
Public methods updateFile Update configuration file contents, applying configuration rules. Arguments :
1.1. CAF 43 Quattor Documentation, Release 0.0.1
config_rules: a hashref containing config rules corresponding to the file to
˓→build config_options: a hashref for configuration parameters used to build actual
˓→configuration options: a hashref defining options to modify the behaviour of this function
Supported entries for options hash:
always_rules_only: if true, apply only rules with ALWAYS condition (D:
˓→false). See introduction about the ALWAYS condition. remove_if_undef: if true, remove matching configuration line if rule
˓→condition is not met (D: false)
Return value
sucess:1 error processing of one or more rules:0 argument error or error duing rule processing: undef
Private methods formatAttributeValue This function formats an attribute value based on the value format specified. Arguments:
attr_value : attribute value (type interpreted based on C
Return value:
A string corresponding to the value formatted according to the format
˓→specified by arguments or undef in case of an internal error (missing arguments)
_formatConfigLine This function formats a configuration line using keyword and value, according to the line format requested. Values containing spaces are quoted if the line format is not LINE_FORMAT_KW_VAL. Arguments :
keyword : line keyword value : keyword value (can be an empty string) line_fmt : line format (see LINE_FORMAT_xxx constants) line_opt: line rendering options
Return value:
A string corresponding to the line formatted according to line_fmt or undef in case of an internal error (missing arguments)
_escape_regexp_string
44 Chapter 1. Content Quattor Documentation, Release 0.0.1
Help method to escape all characters with a special interpretation in the context of a regexp. Arguments:
regexp_str: initial regexp string (characters not escaped)
Return value:
string: regexp with all specail characters escaped
_buildLinePattern This function builds a pattern that will match an existing configuration line for the configuration parameter specified. The pattern built takes into account the line format. Every whitespace in the pattern (configu- ration parameter) are replaced by s+. If the line format is LINE_FORMAT_KW_VAL, no whitespace is imposed at the end of the pattern, as this format can be used to write a configuration directive as a keyword with no value. Arguments :
config_param: parameter to update line_fmt: line format (see LINE_FORMAT_xxx constants) line_opt: line rendering options config_value: when defined, make it part of the pattern (used when multiple
˓→lines with the same keyword are allowed)
Return value:
A string containing the pattern to use to match the line in the file or undef in case of an internal error (missing argument or an invalid line format).
_commentConfigLine This function comments out a configuration line matching the configuration parameter. Match operation takes into account the line format. Arguments :
config_param: parameter to update line_fmt : line format (see LINE_FORMAT_xxx constants) line_opt: line rendering options
Return value:
success:1 error during processing:0 internal error (missing argument): undef
_updateConfigLine This function does the actual update of a configuration line after doing the final line formatting based on the line format. Arguments :
config_param: parameter to update config_value: parameter value (can be an empty string) line_fmt: line format (see LINE_FORMAT_xxx constants) (continues on next page)
1.1. CAF 45 Quattor Documentation, Release 0.0.1
(continued from previous page) line_opt: line rendering options multiple: if true, multiple lines with the same keyword can exist (D: false)
Return value:
undef or 1 in case of an internal error (missing argument)
_parse_rule Parse a rule and return as a hash the information necessary to edit lines. If the rule condition is not met, undef is returned. If an error occured, the hash contains more information about the error. Arguments :
rule: rule to parse config_options: configuration parameters used to build actual configuration parser_options: a hashref defining options to modify the behaviour of this
˓→function
Supported entries for options hash:
always_rules_only: if true, apply only rules with ALWAYS condition (D:
˓→false). See introduction about the ALWAYS condition. remove_if_undef: if true, remove matching configuration line if rule
˓→condition is not met (D: false)
Return value: undef if the rule condition is not met or a hash with the following information:
error_msg: a non empty string if an error happened during parsing remove_matching_lines: a boolean indicating that the matching lines must be
˓→removed option_sets: a list of option sets containing the attribute to use in the
˓→updated line attribute: the option attribute to use in the updated line
_apply_rules Apply configuration rules. This method is the real workhorse of the rule-based editor. Arguments :
config_rules: config rules corresponding to the file to build config_options: configuration parameters used to build actual configuration.
˓→Note that keys in the config_options hash are interpreted as escaped (generally
˓→harmless if they are not as the killing sequence, '_'+2 hex digit, is unlikely to occur in
˓→this context. Use camel case for keys to prevent problems). parser_options: a hash setting options to modify the behaviour of this
˓→function
Supported entries for options hash:
always_rules_only: if true, apply only rules with ALWAYS condition (D: false) remove_if_undef: if true, remove matching configuration line if rule
˓→condition is not met (D: false)
46 Chapter 1. Content Quattor Documentation, Release 0.0.1
Return value:
success:1 error processing one or more rules:0 undef in case of an internal error (missing argument)
Service
NAME
CAF::Service - Class for starting and stopping daemons in different platforms
SYNOPSIS use CAF::Service; my $srv= CAF::Service->new(['ntpd'], log=>$self,%opts); $srv->reload(); $srv->stop(); $srv->start(); $srv->restart(); $srv->stop_sleep_start();
Will do the right thing with SystemV Init scripts, Systemd units and Solaris’ svcadm.
DESCRIPTION
This class abstracts away the differences when operating with Daemons in different Unixes.
Private methods
_initialize Initialize the process object. Arguments: $services Reference to a list of services to be handled. It takes some extra optional arguments: log A CAF::Reporter object to log daemon activities to. timeout Maximum execution time, in seconds, for any service operations. If it’s too slow it will be killed. If not defined, the command won’t time out. On Solaris it implies that svcadm actions are executed synchronously. After this timeout, the operation will continue in background, but will NOT mark the service as failed. For marking timed out services operations as failed, we have to edit the method definition, which is out of the scope of this method. See the man page for smf_method for more details.
1.1. CAF 47 Quattor Documentation, Release 0.0.1
On systemd-based systems, the timeout parameter is ignored. The correct way to handle time- outs in systemd is to store them in the unit file, which will ensure they are respected in any context that unit may be called. sleep. Used only in stop_sleep_start. Determines the number of seconds to sleep after stop before proceeding with start. persistent Used only in the Solaris variant of start and stop. Make the enabling or disabling of this service persist in subsequent reboots. Implies not passing the -t flag to svcadm. recursive. Used only in the Solaris variant of start and stop. Starts or stops all the dependencies for the given daemons, too. synchronous Used only in the Solaris variant of restart. Waits until all services have been restarted. If no timeout was passed, it will wait forever. ...
Public methods restart Restarts the daemons. start Starts the daemons. stop Stops the daemons reload Reloads the daemons stop_sleep_start Stops the daemon, sleep, and then start the dameon again. Only when both stop and start are suc- cessful, return success. os_flavour Determine and return the OS flavour (/variant) Current flavours are linux_sysv Linux OS with SysV int system linux_systemd Linux OS with systemd solaris Solaris OS
48 Chapter 1. Content Quattor Documentation, Release 0.0.1
(All supported flavours are exported via @FLAVOURS.)
Private methods
__make_method A generator for service methods, to be used in e.g. subclassing. In the example below we create a custom service class that supports e.g. ‘service myservice init’:
package MyService;
use CAF::Service qw(__make_method @FLAVOURS); use parent qw(CAF::Service);
sub _initialize{ my ($self,%opts)=@_; return $self->SUPER::_initialize(['myservice'],%opts); }
my $method= 'init'; foreach my $flavour(@FLAVOURS){ no strict 'refs'; *{"${method}_${flavour}"}= __make_method($method,$flavour); use strict 'refs'; }
1;
This class can than be used in the same way as CAF::Service
use MyService; ... my $serv= MyService->new(); $serv->init(); ... $serv->reload();
TextRender
NAME
CAF::TextRender - Class for rendering structured text
SYNOPSIS use CAF::TextRender; my $module= 'tiny'; my $trd= CAF::TextRender->new($module,$contents, log=>$self); print "$trd"; # stringification
$module= "yaml"; $trd= CAF::TextRender->new($module,$contents, log=>$self); (continues on next page)
1.1. CAF 49 Quattor Documentation, Release 0.0.1
(continued from previous page) # return CAF::FileWriter instance (rendered text already added) my $fh=$trd->filewriter('/some/path'); die "Problem rendering the text" if (!defined($fh)); $fh->close();
DESCRIPTION
This class simplyfies the generation of structured text like config files. (It is based on 14.8.0 ncm-metaconfig).
Private methods
_initialize Initialize the process object. Arguments: module The rendering module to use: either one of the following reserved values json JSON format (using JSON::XS) (JSON true and false have to be resp. \1 and c<0>) yaml YAML (using YAML::XS) (YAML true and false, either resp. $YAML_BOOL-{yes}> and $YAML_BOOL-{no}>; or the strings $YAML_BOOL_PREFIX."true" and $YAML_BOOL_PREFIX."false" (There are known problems with creating hashrefs using the $YAML_BOOL-{yes}> value for true; Perl seems to mess up the structure when creating the hashrefs)) properties Java properties format (using Config::Properties), tiny .INI format (using Config::Tiny) (Previously available module
50 Chapter 1. Content Quattor Documentation, Release 0.0.1
relpath The relative path w.r.t. the includepath to look for TT template files. This relative path should not be part of the module name, however it is not the INCLUDE_PATH. (In particular, any TT INCLUDE statement has to use it as the relative basepath). If relpath is undefined, the default ‘metaconfig’ is used. If you do not have a subdirectory in the includepath, use an empty string. ttoptions A hash-reference ttoptions with Template Toolkit options, except for INCLUDE_PATH which is forced via includepath option. By default, STRICT (default 0) and RECURSION (default 1) are set.
1.2 CCM
1.2.1 Configuration Cache Manager
These modules handle the conversion of an XML or JSON profile into a local binary cache, and give the API for Quattor modules to access these caches. If you are writing a Quattor-client module, all you probably need is the getElement and getTree methods from a Configuration object. Typically you will combine them like this: `my $tree = $cfg->getElement("/foo/bar")->getTree();` And you will have a reference to a data structure, identical to what you defined in your profile. For more information, see the man pages.
CCfg
NAME
EDG::WP4::CCM::CCfg
SYNOPSIS init() or init("/etc/ccm.conf")
$cache_root= getCfgValue ("cache_root");
DESCRIPTION
CCfg is used to get configuration parameters. Defualt values for configuration parameters get overwritten if defined in configuration file. initCfg (;$cfg_file)
1.2. CCM 51 Quattor Documentation, Release 0.0.1
Initialise CCfg. if $cfg_file parameter is present, file has to exists, if it does not exist error is risen. If the parameter is not present defualt EDG paths are used. If configuration file does not exist in defualt locations the default values are used. getCfgValue ($key) returns a value of the configuration parameter identified by $key. setCfgValue ($key, $value, $force) Set the configuration option $key to $value. If force is set, the option and value are also added to the force_cfg hashref, making it protected against rereading of the config file. resetCfg reset the configuration hash and empty the force hashref.
CLI
NAME
EDG::WP4::CCM::CLI
DESCRIPTION
This module inplements the CCM CLI. The final script should be rather minimal, and a module allows for far easier unittesting. action_show Print the tree starting from the selected path(s). Not existing paths are skipped. action_dumpdb Lowlevel debugging function to dump the profile DBs path2eid and eid2data.
CacheManager
NAME
EDG::WP4::CCM::CacheManager
SYNOPSIS
$cm= EDG::WP4::CCM::CacheManager->new(["/path/to/root/of/cache"]); $cfg=$cm->getUnlockedConfiguration($cred[,$cid]); $cfg=$cm->getLockedConfiguration($cred[,$cid]); $cfg=$cm->getAnonymousConfiguration($cred[,$cid]); $bool=$cm->isLocked();
52 Chapter 1. Content Quattor Documentation, Release 0.0.1
DESCRIPTION
Module provides CacheManager class. This is the top level class of the NVA-API library. It is used by the clients to interact with the NVA cache. new ($cache_path) Create new CacheManager object with $cache_path. $config_file is an optional parameter that points to the CCM config file. getCachePath returns path of the cache getConfigurationPath For given cid, return the basepath of the Configuration data. (No checks are made e.g. if the directory exists, simply returns the directory name). getCids Return arrayref to sorted list of all found/valid CIDs. Returns undef in case of problem. getCid For given cid, validate and check the CID. Returns undef for a non-existing CID. Also handles special values for cid: undef, “current” or empty string If CID is undef, the string “current” or an empty string, the current CID (from the “current.cid” file) is returned. “latest” or “-“ If CID is the string “latest” or “-“, the latest CID (from the “latest.cid” file) is returned. negative value (e.g. -1) If CID is negative -N, the N-th most recent CID value is returned (e.g. -1 returns the most recent CID, -2 the CID before the most recent, . . . ). (A distinction is made between “most recent” and “latest”, as the “latest” CID is held in the “latest.cid” file). getConfiguration ($cred, $cid) Returns narrowest-possible Configuration object. If cid is defined, return a locked Configuration with this cid. (Special values for cid are handled by the getCid method). If cid is undefined, an unlocked Configuration is used (and the write permission for the anonymous flag are checked against the CacheManager’s current CID). The Configuration instance is created with anonymous flag equal to -1(i.e. the Configuration instance will determine if the Configuration is anonymous or not based on the write permissions of the current process). The locked and anonymous flags can also be forced via named arguments (e.g.
1.2. CCM 53 Quattor Documentation, Release 0.0.1
Security and $cred parameter meaning are not defined (but is kept for compatibility with other get{Locked,Unlock,Anonymous}Configuration methods). The configuration template name can also be passed via an optional named argument name_template (e.g. name_template => basic). getUnlockedConfiguration ($cred; $cid) This method is deprecated in favour of getConfiguration. Returns unlocked Configuration object. Unless the object is locked explicitly later by calling the lock method, CCM::CacheManager::Elements will always be fetched from the current CID, not the CID passed via $cid. (If the $cid parameter is omitted, the most recently downloaded configuration (when the cache was not globally locked) is returned.) Security and $cred parameter meaning are not defined. getLockedConfiguration ($cred; $cid) This method is deprecated in favour of getConfiguration. Returns locked Configuration object. If the $cid parameter is omitted, the most recently downloaded configuration (when the cache was not globally locked) is returned. Security and $cred parameter meaning are not defined. getAnonymousConfiguration ($cred; $cid) This method is deprecated in favour of getConfiguration. Returns unlocked anonymous Configuration object. Unless the object is locked explicitly later by calling the lock method, CCM::CacheManager::Elements will always be fetched from the current CID, not the CID passed via $cid. (If the $cid parameter is omitted, the most recently downloaded configuration (when the cache was not globally locked) is returned.) Security and $cred parameter meaning are not defined. isLocked () Returns true if the cache is globally locked, otherwise false. getCurrentCid returns current cid (from cid file) getLatestCid returns latest cid (from cid file)
CacheManager :: Configuration
NAME
EDG::WP4::CCM::CacheManager::Configuration - Configuration class
54 Chapter 1. Content Quattor Documentation, Release 0.0.1
SYNOPSIS
$cid=$cfg->getConfigurationId(); $elt=$cfg->getElement($path); $elt=$cfg->getElement($string); $val=$cfg->getValue($path); $val=$cfg->getValue($string); $bool=$cfg->elementExists($path); $bool=$cfg->elementExists($string); $cfg->lock(); $cfg->unlock(); $bool=$cfg->isLocked();
DESCRIPTION
Module provides the Configuration class, to manipulate confgurations. new Create Configuration object. It takes three arguments: cache_manager: the CacheManager ob- ject cid: the configuration id locked: boolean lock flag anonymous: boolean anonymous flag name_template: name template If a configuration with specified CID does not exists, an exception is thrown. When the locked flag is set (or when the lock method is called to set it), the Configuration in- stance is bound to the specific CID, even if this is not the CacheManager’s current one (e.g. when a new profile is fetched during the lifetime of the process, the CacheManager current CID is updated to the latest one). The locking is relevant when a CCM::CacheManager::Element is accessed via a CCM::Configuration instance (in particular, when a call to _prepareElementis made). As a consequence, an unlocked Configuration instance will always use the CacheManager’s current CID. Unless the anonymous flag is set to true, each process that creates a Configuration instance, creates a file named ccm-active-profile.$cid.$pid(with $cid the CID and $pid the process ID) under the profile.$ciddirectory in the CacheManager cache path. The presence of this file protects the process from getting this particular CID removed by the ccm-purge command (e.g. by the daily purge cron job). If the anonymous flag is set to -1, the permissions of the user to create this file are verified, and if the user can write to this file, the anonymous flag is set to false (this is only verified once during initialisation). Processes that have no permission to create this file (or don’t care about long runtimes), can set the anonymous flag and use the configuration (at their own risk). getConfigurationId () Returns configuration id. lock () Lock configuration (local lock). unlock () Unlock configuration (local unlock). isLocked () Returns true if the configuration is locked, otherwise false getName
1.2. CCM 55 Quattor Documentation, Release 0.0.1
Return the name of the Configuration based on the name template set during initialisation. The type argument (default name) specifies which name format is used. The actual template used is CCM/names/
CacheManager :: DB
NAME
EDG::WP4::CCM::CacheManager::DB my $db = EDG::WP4::CCM::CacheManager::DB->new($prefix, %opts); # Write the hashref to the database file $db->write($hashref); # Open the database and tie to hashref $db->open($hashref);
# Direct read access to database (combines new and open) $success= EDG::WP4::CCM::CacheManager::DB::read($hashref,$prefix);
DESCRIPTION
This is a wrapper around all access to the profile database format, which copes with multiple possible data formats.
56 Chapter 1. Content Quattor Documentation, Release 0.0.1
Methods
new / _initialize Create a new DB instance using prefix, the filename without extension (will be used by both the .db file itself and a .fmt format description). Optional parameters log A CAF::Reporter instance for logging/reporting. test_supported_format Test if dbformat is a supported format. Returns SUCCESS on success, undef on failure (and sets fail attribute). write Given a hashref hashref, write out the hash in a database format dbformat. (If dbformat is not defined, the default format DB_File will be used). Once successfully written, the hashref will be untied and does not remain connected to the persistent storage. perms is an optional hashref with the file permissions for both database file and format description (owner/mode/group, CAF::FileWriter style). Returns undef on success, a string with error message otherwise. open Open the database file. The format of the database file will be determined by reading the format file. If that file does not exist, then default format DB_File will be used. Returns undef on success, a string with error message otherwise. On success, the hashref will be tied to the specified database.
Functions read_db Given hashref and prefix, create a new instance using prefix (and any other options) and return the opened database with hashref. read_db function is exported read An alias for read_db (not exported, kept for legacy).
CacheManager :: Element
NAME
EDG::WP4::CCM::CacheManager::Element - Element class
1.2. CCM 57 Quattor Documentation, Release 0.0.1
SYNOPSIS
$eid=$element->getEID(); $name=$element->getName(); $path=$element->getPath() $type=$element->getType(); $derivation=$element->getDerivation(); $checksum=$element->getChecksum(); $description=$element->getDescription(); $value=$element->getValue(); $boolean=$element->isType($type); $boolean=$element->isResource(); $boolean=$element->isProperty(); $hashref=$element->getRecHash();
DESCRIPTION
The class EDG::WP4::CCM::CacheManager::Element implements those methods that are common to all elements and represents a Property. The class
58 Chapter 1. Content Quattor Documentation, Release 0.0.1 getType() Returns the element’s type, that is, one of the TYPE_* constans getDerivation() Returns the element’s derivation getChecksum() Returns the element’s checksum (that is, MD5 digest) getDescription() Returns the element’s description getValue() Returns the element’s value, as a string This method is not a part of the NVA-API specification, it may be a subject to change. isType($type) Returns true if the element’s type match type contained in argument $type isResource() Return true if the element’s type is RESOURCE isProperty() Return true if the element’s type is PROPERTY getTree Returns a reference to a nested hash composed of all elements below this element. Corrected according to the III Quattor Workshop recomendations. Now, PAN booleans map to Perl booleans, PAN lists map to Perl array references and PAN nlists map to Perl hash references. Note that links cannot be followed. If depth is specified (and not undef), only return the next depthlevels of nesting (and use the Element instances as values). A depth == 0 is the element itself, depth == 1 is the first level, . . . Named options convert_boolean Array ref of anonymous methods to convert the argument (1 or 0 for resp true and false) to another boolean representation. convert_string Array ref of anonymous methods to convert the argument (string value) to another representa- tion/format. convert_long Array ref of anonymous methods to convert the argument (integer/long value) to another rep- resentation/format. convert_double Array ref of anonymous methods to convert the argument (float/double value) to another rep- resentation/format. convert_list
1.2. CCM 59 Quattor Documentation, Release 0.0.1
Array ref of anonymous methods to convert the argument (list of elements) to another repre- sentation/format. Each element is already processed before the conversion. convert_nlist Array ref of anonymous methods to convert the argument (dict of elements) to another repre- sentation/format. Each element is already processed before the conversion. convert_key Array ref of anonymous methods to convert the key(s) of the dicts to another representa- tion/format. At the end, a stringification of the result is used as key. The arrayref of anonymous methods are applied as follows: convert methods [a, b, c] will produce $new = c(b(a($old))). (An exception is thrown if these methods are not code references).
CacheManager :: Encode
NAME
EDG::WP4::CCM::CacheManager::Encode - Module with DB encoding functions and constants
DESCRIPTION
EDG::WP4::CCM::CacheManager::Encode implements the functions that provide the encoding of metadata in the DB instance used. The DB is build as follows: In EDG::WP4::CCM::Fetch::ProfileCache the profile is converted to a hashref with subpath as key and hashref with data and metadata as value. The hashref is walked building up the path and a counter (the eid) is increased for each path The relation between the path and the counter is stored in the path2eid DB with path as key and encoded eid (using db_keys($eid)-{VALUE}>) as value. The data and metadata are stored in eid2data DB using the encoded eid (which has offset for each type of data and metadata) as key and the data as value. Access to data based on path is possible without en/decoding (eid2data->{path2eid->{$path}}). Access to the metadata however requires decoding of the encoded eid from path2eid; to recompute the encoded keys for the metadata.
Type constants:
ELEMENT PROPERTY STRING LONG DOUBLE (continues on next page)
60 Chapter 1. Content Quattor Documentation, Release 0.0.1
(continued from previous page) BOOLEAN LINK RESOURCE NLIST TABLE RECORD LIST
Functions
type_from_name Convert a type in string format into a type constant. Returns UNDEFINED constant and warns when name is not supported. decode_eid Return decoded eid. encode_eids Given eid, return the keys of the tie’ed DB hashref for VALUE, TYPE, DERIVATION, CHECKSUM and DESCRIPTIONas used in the eid2data DB.
CacheManager :: Resource
NAME
EDG::WP4::CCM::CacheManager::Resource - Resource class
SYNOPSIS
%hash=$resource->getHash(); @list=$resource->getList(); $boolean=$resource->hasNextElement(); [$property|$resource]=$resource->getNextElement(); [$property|$resource]=$resource->getCurrentElement(); $resource->reset();
DESCRIPTION
The class Resource is a derived class of Element class, and implements methods that are specific to Resources, that is, internal nodes of the configuration tree, containing other resources and properties. tree. new($config, $res_path) Create new Resource object. The $config parameter is a Configuration object with the profile. The $res_path parameter is the resource’s configuration path. getHash()
1.2. CCM 61 Quattor Documentation, Release 0.0.1
Return a hash of elements, indexed by name The method raises an exception if the resource type is not nlist This method is not a part of the NVA-API specification, it may be a subject to change. getList() Return an array of elements. The method raises an exception if the resource type is not list. This method is not a part of the NVA-API specification, it may be a subject to change. hasNextElement() Return true if the iteration through Resource has more elements, otherwise returns false getNextElement() Return the next element in the iteration getCurrentElement() Return current element in the iteration. This is the element that was returned by the last call of getNex- tElement() reset() Reset the iteration. After this operation being called, getNextElement() will return first element in the iteration
Element
Fetch
NAME
EDG::WP4::CCM::Fetch
SYNOPSIS
$fetch= EDG::WP4::CCM::Fetch->new({PROFILE_URL=> "profile_url or hostname", CONFIG=> "path of config file", FOREIGN=> "1/0"});
$fetch->fetchProfile();
DESCRIPTION
Module provides Fetch class. This helps in retrieving XML profiles and from specified URLs. It allows users to retrieve local, as well as foreign node profiles.
Functions new()
62 Chapter 1. Content Quattor Documentation, Release 0.0.1
new({PROFILE_URL=> "profile_url or hostname", CONFIG=> "path of config file", FOREIGN=> "1/0"});
Creates new Fetch object. Full url of the profile can be provided as parameter PROFILE_URL, if it is not a url a profile url will be calculated using ‘base_url’ config option in /etc/ccm.conf. Path of alternative configuration file can be given as CONFIG. Returns undef in case of error. fetchProfile() fetchProfile fetches the profile from profile url and keeps it at configured area. The cache root variable is set as $fetch_handle{‘CACHE_ROOT’} which can further be passed to CacheManager object and use NVA-API to access Resources and Properties. If the profile is foreign, then the cache_root configuration is expected to be just for this foreign host and unexpected behaviour will result if the cache_root is shared. Only a single (most recent) copy of the foreign copy will be stored: previous versions will be removed. Foreign profiles do not use failover URLs: if the primary URL is unavailable, then the fetch will fail. Returns undef if it cannot fetch the profile due to a network error, <$EDG::WP4::CCM::Fetch::ProfileCache::ERROR> in case of other failure, SUCCESS in case of successful fetch, but no updated profile and CHANGED in case of successful fetch and updated profile.
Fetch :: Config
NAME
EDG::WP4::CCM::Fetch::Config
DESCRIPTION
Module provides methods to handle any configuration options set in either CCM config and/or the commandline
Functions setNotificationTime() Define notification time, if profile modification time is greater than notification time then only the profile will be downloaded setTimeout() Define timeout after which profile fetch will be terminated. setProfileFailover() Define failover profile url
1.2. CCM 63 Quattor Documentation, Release 0.0.1
Fetch :: Download
NAME
EDG::WP4::CCM::Fetch::Download
DESCRIPTION
Module provides methods to handle the retrieval of the profiles.
Functions
retrieve Stores $url into $cache if it’s newer than $time, or if $self->{FORCE} is set. It returns undef in case of error, 0 if it there were no changes on the remote server since $time (the server returned a 304 code) and a CAF::FileWriter object with the downloaded contents if they had to be downloaded. Should be called ony by download. download Downloads the files associated with $type (profile). In case of error it retries $self- >{RETRIEVE_RETRIES} times, falling back to a failover URL if necessary (thus up to 2*$self- >{RETRIEVE_RETRIES} may happen. Returns undef (or dies) in case of error, or the result from retrieve method otherwise: 0 if nothing had to be retrieved (files in the server were older than our local cache) a CAF::FileWriter object with the downloaded contents, if something was actually downloaded
Fetch :: JSONProfileSimple
SYNOPSIS
EDG::WP4::CCM::Fetch::JSONProfileSimple->interpret_node($tag,$jsondoc);
DESCRIPTION
Module that iterprets a JSON profile and generates all the needed metadata, to be inserted in the cache DB. This metadata includes a checksum for each element in the profile, the Pan basic type, the element’s name (that will help to reconstruct the path). . . JSONProfileSimple only support 2 scalars: booleans and strings. Should be used by EDG::WP4::CCM::Fetch only. This module has only one method for the outside world:
64 Chapter 1. Content Quattor Documentation, Release 0.0.1 interpret_node
JSON profiles don’t contain any basic type information, and JSON::XS may lose it. So, with JSONProfileSimple, we’ll store in the caches only two types of scalars: booleans, which will be identical as they used to be, and strings. Component writers know if they expect a given element in the profile to be a number, and may rely on Perl’s automatic stringification/numification.
Fetch :: JSONProfileTyped
SYNOPSIS
EDG::WP4::CCM::Fetch::JSONProfileTyped->interpret_node($tag,$jsondoc);
DESCRIPTION
Module that iterprets a JSON profile and generates all the needed metadata, to be inserted in the cache DB. This metadata includes a checksum for each element in the profile, the Pan basic type, the element’s name (that will help to reconstruct the path). . . Should be used by EDG::WP4::CCM::Fetch only. This module has only interpret_node method for the outside world.
Type information from JSON::XS
JSON profiles don’t contain any explicit type information (as opposed to the XMLPAN output), e.g. JSON only supports ‘number’ where XMLPAN has ‘long’ and ‘double’. It is up to the JSON decoder to provide us with this additional distinction. The JSON package JSON::XS does not expose the scalar type information. However, we try to come up with correct proper type by relying on the property that JSON::XS sup- ports json_string eq encode(copy(decode(json_string)))(implying that the instance returned by decode has the XS types (and e.g. no stringification has happened)). However, this is best effort only. Imperative in the whole typed processing is that values from the decoded JSON are not assigned to any variable before the type information is extraced via the B::svref_2object method. The scalar types (except for boolean) are then mapped to the B classes: IV is ‘long’, PV is ‘double’ and NV is ‘string’. Anything else will be mapped to string (including the combined classes PVNV and PVIV). TODO: The validity of this assumption is tested in the BEGIN{} (and unittests). interpret_node b_obj is returned by the B::svref_2object() method on the doc(ideally before doc is assigned). The initial call from Fetch doesn’t pass the b_obj value, but that is acceptable since we do not expect the whole JSON profile to be a single scalar value.
1.2. CCM 65 Quattor Documentation, Release 0.0.1
Fetch :: ProfileCache
NAME
EDG::WP4::CCM::Fetch::ProfileCache
DESCRIPTION
Module provides methods to handle the creation of the profile cache.
Functions setProfileFormat Define the profile format. If receives an argument, it will use it with no further questions. If not, it will try to derive it from the URL, being: * URLs ending in xml are for XML profiles. * URLs ending in json are for JSON profiles. and their gzipped equivalents.
Fetch :: XMLPanProfile
SYNOPSIS
EDG::WP4::CCM::Fetch::XMLPanProfile->interpret_node($tag,$xmltree);
DESCRIPTION
Module that iterprets an XML profile in pan format, and generates all the needed metadata, to be inserted in the cache DB. This metadata includes a checksum for each element in the profile, the Pan basic type, the element’s name (that will help to reconstruct the path). . . Should be used by EDG::WP4::CCM::Fetch only. This module has only one method for the outside world: interpret_node
Interprets an XML tree, which is assumed to have a format="pan"attribute, returning the appropriate data structure with all the attributes and values.
Options
NAME
EDG::WP4::CCM::Options
66 Chapter 1. Content Quattor Documentation, Release 0.0.1
DESCRIPTION
Use this module to create (commandline) application that interact with CCM directly. Available convenience methods: app_options Return list of CCM application specific options and commandline options for all CCM config options setCCMConfig Set the CCM Configuration instance for CID cid under CCM_CONFIG attribute using CacheManager’s getConfiguration method. If cid is not defined, the cid value from the --cid-option will be used. (To use the current CID when another cid value set via --cid-option, pass an empty string or the string ‘current’). A CacheManager instance under CACHEMGR attribute is created if none exists or force_cache is set to true. Returns SUCCESS on success, undef on failure. getCCMConfig Returns the CCM configuration instance. If none exists, one is created via setCCMConfig method. All arguments are passed to possible setCCMConfig call. gatherPaths Retrun arrayref of selected profile path (via the PATH_SELECTION_METHODS) All options are treated as initial paths. default_action Set the default action $action if action is defined (use empty string to unset the default value). Returns the default action. action_showcids the showcids action prints all sorted profile CIDs as comma-separated list add_actions Add actions defined in hashref to the supported actions. When creating a new module derived from EDG::WP4::CCM::Options, add methods named “ac- tion_
1.2. CCM 67 Quattor Documentation, Release 0.0.1
Path
NAME
EDG::WP4::CCM::Path - Path class
SYNOPSIS
$path= EDG::WP4::CCM::Path->new("/hardware/memory/size"); print "$path"; # stringification
$path=$path->down($level);
$path=$path->up();
DESCRIPTION
Module provides implementation of the Path class. Class is used to manipulate absolute paths
Public methods
new ($path) Create new EDG::WP4::CCM::Path instance. If path argument is not specified, root path (/) is used. Empty string is not allowed as an argument. path is a string representation of the path as defined in the NVA-API Specification document. depth Return the number of subpaths, starting from /. get_last Return last (safe unescaped) subpath or undef in case of /. The strip_unescape boolean is passed to _safe_unescape. toString Get the (raw) string representation of path. The EDG::WP4::CCM::Path instances also support stringification (the _stringify method is used for that) and might create different result due to safe_unescape. _boolean bool overload: Path instance is always true (avoids stringification on logic test) _stringify Method for overloaded stringification. This includes support for safe_unescape to wrap unescaped subpaths in {}. up Removes last chunk of the path and returns it. If the path is already / then the method raises an exception.
68 Chapter 1. Content Quattor Documentation, Release 0.0.1
down Add chunk to the path. The chunk can be compound path. (A leading / will be ignored). merge Return a new instance with optional (list of) subpaths added. parent Return a new instance with parent path. Returns undef if current element is /.
Public functions
unescape Returns an unescaped version of the argument. This method is exported for use with all the components that deal with escaped keys. escape Returns an escaped version of the argument. This method is exported on demand for use with all tools that have to escape and unescape values. path_split Function to split a string in list of subpaths. Supports escaping of subpaths wrapped in {...}. set_safe_unescape Set the list of (parent) paths whose children are known to be escaped paths. (The list is set to all arguments passed, not appended to current safe_unescape list). Paths can either be strings (an exact match will be used) or compiled regular expressions. These child subpaths are safe to represent as their unescaped value wrapped in {} when
1.2. CCM 69 Quattor Documentation, Release 0.0.1
TextRender
NAME
CCM::TextRender- Class for rendering structured text using Element instances
DESCRIPTION
This class is an extension of the CAF::TextRender class; with the main difference the support of a EDG::WP4::CCM::CacheManager::Element instance as contents.
Private methods
_initialize Initialize the process object. Arguments: module The rendering module to use (see CAF::TextRender for details). CCM provides following additional builtin modules: general using TT to render a Config::General compatible file. (This is an alias for the CCM/general TT module). Contents is a hashref (does not require a Element instance), with key/value pairs generated according to the basetype of the value as follows: scalar converted in a single line
70 Chapter 1. Content Quattor Documentation, Release 0.0.1
contents contents is either a hash reference holding the contents to pass to the rendering module; or a EDG::WP4::CCM::CacheManager::Element instance, on which getTree is called with any elementoptions. All optional arguments from CAF::TextRender are supported unmodified: log includepath relpath eol usecache ttoptions Extra optional arguments: element A hashref holding any getTree options to pass. These can be the anony- mous convert methods convert_boolean, convert_string, convert_long and convert_double; or one of the predefined convert methods (key is the name, value a boolean wheter or not to use them). The convert_ methods are added as last methods. The predefined convert methods are: cast Convert the scalar values to a more exact internal representation. The internal repre- sentaiton is important when passed on to other non-pure perl code, in particular the XS modules like JSON::XSand YAML::XS. json Enable JSON output, in particular JSON boolean (cast is implied, so the other types should already be in proper format). This is automatically enabled when the json module is used (and not explicitly set). yaml Enable YAML output, in particular YAML boolean (cast is implied, so the other types should already be in proper format). This is automatically enabled when the yaml module is used (and not explicitly set). yesno Convert boolean to (lowercase) ‘yes’ and ‘no’. YESNO Convert boolean to (uppercase) ‘YES’ and ‘NO’. truefalse Convert boolean to (lowercase) ‘true’ and ‘false’. TRUEFALSE Convert boolean to (uppercase) ‘TRUE’ and ‘FALSE’. doublequote
1.2. CCM 71 Quattor Documentation, Release 0.0.1
Convert string to doublequoted string. singlequote Convert string to singlequoted string. joincomma Convert list of scalars in comma-separated list of strings (if first element is scalar). List where first element is non-scalar is not converted (but any of the nested list could). joinspace Convert list of scalars in space-separated list of strings (if first element is scalar). List where first element is non-scalar is not converted (but any of the nested list could). Caveat: is preceded by joincomma option. unescapekey Unescape all dict keys. lowerkey Convert all dict keys to lowercase. upperkey Convert all dict keys to uppercase. Other getTree options depth Only return the next depth levels of nesting (and use the Element instances as val- ues). A depth == 0 is the element itself, depth == 1 is the first level, . . . Default or depth undef returns all levels. ccm_format Returns the CCM::TextRender instance for predefined format and element. All options are passed to CCM::TextRender initialisation. Returns undef incase the format is not defined. An array with valid formats is exported via @CCM_FORMATS. Supported formats are: json jsonpretty pan pancxml query yaml Usage example:
use EDG::WP4::CCM::TextRender qw(ccm_format); my $format= 'json'; my $element=$config->getElement("/"); my $trd= ccm_format($format,$element);
(continues on next page)
72 Chapter 1. Content Quattor Documentation, Release 0.0.1
(continued from previous page) if (defined$trd->get_text()) { print "$trd"; } else { $logger->error("Failed to textrender format $format: $trd->{fail}") }
TextRender :: Scalar
NAME
CCM::TextRender::Scalar- Class to access scalar/property Element attributes within
˓→TT.
DESCRIPTION
This is a wrapper class to access some scalar/property Element attributes (in particular the type) within TT.
Methods new Create a new instance with value and type. _stringify Method called to stringification. Simply returns the data in string context get_type Return TYPE attribute get_value Return value (i.e. the VALUE attribute) (can be useful in case the overloading behaves unexpected) is_boolean Return true if the TYPE is boolean is_string Return true if the TYPE is string is_double Return true if the TYPE is double is_long Return true if the TYPE is long
1.2. CCM 73 Quattor Documentation, Release 0.0.1
1.3 configuration-modules-core
1.3.1 Description
Node Configuration Manager’s components are Perl modules that translate a Pan schema into a configuration for some Linux service. They are part of Quattor.
1.3.2 Content
Ceph :: Cfgfile
Ceph :: Cluster
Ceph :: ClusterMap
Ceph :: Commands
Ceph :: Jewel
NAME ncm-ceph: Configuration module for CEPH
DESCRIPTION
Configuration module for CEPH This is the old, deprecated version of the component for older versions of ceph
IMPLEMENTED FEATURES
Features that are implemented at this moment: * Creating cluster (manual step involved) * Set admin hosts and push config * Fine configuration control (per daemon and/or host) * Tollerates unreachable new or marked-for-deletion hosts * Checking/adding/removing Monitors * Checking/adding/removing OSDs * Checking/adding/removing MDSs * Building up/changing a crushmap, with support for erasure code * OSD based objectstore * Wildcard support in version numbers The implementation keeps safety as top priority. Therefore:
74 Chapter 1. Content Quattor Documentation, Release 0.0.1
* The config of MON, OSD and MDSs are first checked completely. Only if no errors were found, the actual changes will be deployed. * No removals of MONs, OSDs or MDSs are actually done at this moment. Instead of removing itself, it prints the commands to use. * Configfiles and decompiled crushmap files are saved into a git repo. This repo can be found in the ‘ncm-ceph’ folder in the home directory of the ceph user * When something is not right and returns an error, the whole component exits. * You can set the version of ceph and ceph-deploy in the Quattor scheme. The component will then only run if the versions of ceph and ceph-deploy match with those versions.
INITIAL CREATION
• The schema details are annotated in the schema file. • Example pan files are included in the examples folder and also in the test folders. To set up the initial cluster, some steps should be taken: 1. First create a ceph user on all the hosts. 2. The deployhost(s) should have passwordless ssh access to all the hosts of the cluster e.g. by distributing the public key(s) of the ceph-deploy host(s) over the cluster hosts
(As described in the ceph-deploy documentation: http://ceph.com/docs/master/start/ quick-start-preflight/) 3. Run the component a first time. It shall fail, but you should get the initial command for your cluster 4. Run this command 5. Run the component again to start the configuration of the new cluster
RESOURCES
/software/components/ceph
The configuration information for the component. Each field should be described in this section.
DEPENDENCIES
The component is tested with Ceph version 0.84-0.89 and ceph-deploy version 1.5.11 and 1.5.21. Note: ceph-deploy versions 1.5.12-20 contain a bug where gatherkeys returned a wrong exitcode, which caused a wrong error message in ncm-ceph. This is solved again in 1.5.21 . This version of Data-Compare can be found on http://www.city-fan.org/ftp/contrib/perl-modules/ Attention: Some repositories (e.g. rpmforge) are shipping some versions like 1.2101 and 1.2102.
Ceph :: Luminous
NAME ncm-ceph: Configuration module for CEPH
1.3. configuration-modules-core 75 Quattor Documentation, Release 0.0.1
DESCRIPTION
Configuration module for CEPH This is the module for Ceph versions > 12.2.2 and schema version v2
IMPLEMENTED FEATURES
Features that are implemented at this moment: * Creating cluster (manual step involved) * Set admin hosts for monitors * Configuration file generation * Checking/adding Monitors and Managers on deployhost * Checking/adding OSDs per OSD host * Checking/adding MDSs on deployhost * Wildcard support in version numbers The implementation has some safety features. Therefore: * The config of MON, OSD and MDSs are first checked. If no errors were found, the actual changes will be deployed. * No removals of MONs, OSDs or MDSs are done. No zapping of disks is implemented. * When something is not right and returns an error, the whole component exits. * You can set the version of ceph and ceph-deploy in the Quattor scheme. The component will then only run if the versions of ceph and ceph-deploy match with those versions.
INITIAL CREATION
• The schema details are annotated in the schema file. • Example pan files are included in the examples folder and also in the test folders. To set up the initial cluster, some steps should be taken: 1. First create a ceph user on all the hosts, using ceph-user.pan 2. The deployhost(s) should have passwordless ssh access to all the hosts of the cluster e.g. by distributing the public key(s) of the ceph-deploy host(s) over the cluster hosts
(As described in the ceph-deploy documentation: http://ceph.com/docs/master/start/ quick-start-preflight/) 3. The user should be able to run commands with sudo without password included in sudo.pan 4. Run the component a first time. It shall fail, but you should get the initial command for your cluster 5. Run this command 6. Run the component again to start the configuration of the new cluster 7. When the component now runs on OSD servers, it will deploy the local OSDs
76 Chapter 1. Content Quattor Documentation, Release 0.0.1
RESOURCES
/software/components/ceph
The configuration information for the component. Each field should be described in this section.
DEPENDENCIES
The component is tested with Ceph version 12.2.2 and ceph-deploy version 1.5.39.
Ceph :: OSDserver
Ceph :: commands
Ceph :: compare
Ceph :: config
Ceph :: crushmap
Ceph :: daemon
FreeIPA :: CLI
CLI FreeIPA
Module to use as CLI to FreeIPA
DESCRIPTION
Module to use as CLI to FreeIPA, e.g. when initialising on existing host or during kickstart. Runs with default debug level 5. Example command (one line)
PERL5LIB=/usr/lib/perl perl- MNCM::Component::FreeIPA::CLI-w-e install-- --realm MY.REALM--primary primary.example.com--otp abcdef123456 --domain example.com--fqdn thishost.sub.example.com
FreeIPA :: Cert
NAME
NCM::Component::FreeIPA::Cert adds certificate related methods to NCM::Component::FreeIPA::Client.
1.3. configuration-modules-core 77 Quattor Documentation, Release 0.0.1
Public methods
cert_request Request certificate using certificate request file csr and principal principal. get_cert Given serial, retrieve the certificate and when defined, save it in file crt.
FreeIPA :: Client
NAME
NCM::Component::FreeIPA::Client is a perl FreeIPA JSON API client class for Quattor
Private methods
_initialize Handle the actual initializtion of new. Return 1 on success, undef otherwise. log An CAF::Reporter instance that can be used for logging (it is converted in a logger appro- priate for Net::FreeIPA). All other arguments and options are passed to Net::FreeIPA during initialisation.
FreeIPA :: DNS
NAME
NCM::Component::FreeIPA::DNS adds DNS related methods to NCM::Component::FreeIPA::Client.
Public methods add_dnszone Add a DNS zone with name name.
FreeIPA :: Group
NAME
NCM::Component::FreeIPA::Group adds group related methods to NCM::Component::FreeIPA::Client.
78 Chapter 1. Content Quattor Documentation, Release 0.0.1
Public methods add_group Add a group with name gid. Arguments gid: group gid Options (passed to Net::FreeIPA::API::api_group_add). gidnumber add_group_member Add the members to group gid using options (options are passed to api_group_add_member).
FreeIPA :: Host
NAME
NCM::Component::FreeIPA::Host adds host related methods to NCM::Component::FreeIPA::Client.
Public methods add_host Add a host. If the host already exists, return undef. Arguments fqdn: FQDN hostname Options (passed to Net::FreeIPA::API::api_host_add). ip_address: IP to configure DNS entry macaddress: macaddress disable_host Disable a host with fqdn hostname. remove_host Remove the host fqdn. host_passwd Reset and return the one-time password for host fqdn. Returns undef if the host already has a keytab or if it doesn’t exist.
FreeIPA :: Logger
NAME
NCM::Component::FreeIPA::Logger provides a log4perl compatible logger using CAf::Reporter.
1.3. configuration-modules-core 79 Quattor Documentation, Release 0.0.1
Public methods new Creates simple instance wrapper arond mandatory argument reporter, a CAF::Reporter instance.
FreeIPA :: NSS
NAME
NCM::Component::FreeIPA::NSS handles the certificates using NSS.
Public methods new Returns a NSS object with nssdb, accepts the following options format: dbm or sql realm: IPA realm, used for CA nick cacrt: IPA CA crt location, default to /etc/ipa/ca.crt csr_bits: key size in bits for a new csr. owner, group, mode: owner, group and permissions for nssdb and/or certs log A logger instance (compatible with CAF::Object). setup_nssdb Setup and initialise nssdb dirrectory setup Setup temporary workdir with 0700 permissions, and initialise nssdb using setup_nssdb method. Return SUCCESS on success, undef otherwise. add_cert_trusted Add trusted certificate with nick from file crt. add_cert_ca Add trusted CA certificate (nick and file via canick and cacrt attributes) add_cert Add untrusted certificate to NSSDB with nick from file cert. has_cert Check if certificate for nick exists in NSSDB. If an ipa client instance is passed, also check if the certificate is known in FreeIPA. get_cert Extract the certificate from NSSDB for nick to file certwith owner/group/mode options.. make_cert_request
80 Chapter 1. Content Quattor Documentation, Release 0.0.1
Make a certificate request for fqdn and optional dn, return filename of the CSR. (Used DN is
FreeIPA :: Service
NAME
NCM::Component::FreeIPA::Service adds service related methods to NCM::Component::FreeIPA::Client.
Public methods add_service Add a service with name name. add_service_host Add a per-host service name for host host(actual service name will <
FreeIPA :: User
NAME
NCM::Component::FreeIPA::User adds host related methods to NCM::Component::FreeIPA::Client.
Public methods add_user Add a user. If the user already exists, return undef. Arguments
1.3. configuration-modules-core 81 Quattor Documentation, Release 0.0.1
uid: User uid Options (passed to Net::FreeIPA::API::api_user_add). homedirectory gecos loginshell uidnumber gidnumber ipasshpubkey disable_user Disable a user with uid. remove_user Remove the user uid (preserve=1). user_passwd Reset and return a new random password for user uid. Returns undef if the user doesn’t exist.
OpenNebula :: AII
NAME
NCM::Component::OpenNebula::AII adds AII hook to generate the required resources and templates to instantiate/create/remove VMs within an OpenNebula infrastructure.
AII
This section describes AII’s OpenNebula hook.
SYNOPSIS
This AII hook generates the required resources and templates to instantiate/create/remove VMs within an OpenNebula infrastructure.
RESOURCES
AII setup
Set OpenNebula endpoints RPC connector /etc/aii/opennebula.conf It must include at least one RPC endpoint and password. To connect to a secure https endpoint for example you can set the URL endpoint and CA certificate location: url=https://host.example.com:2633 ca=/etc/pki/CA/certs/mycabundle.pem
82 Chapter 1. Content Quattor Documentation, Release 0.0.1
By default ONE AII uses oneadmin user and port 2633. It is also possible to set a different endpoint for each VM domain or use a fqdn pattern as example:
[rpc] password= url=https://localhost/RPC2 ca=/etc/pki/CA/certs/mycabundle.pem
[example.com] password= user=
[myhosts] pattern=myhos\d+.example.com password= url=http://example.com:2633/RPC2
Public methods
process_template_aii Detect and process OpenNebula VM templates. read_one_aii_conf Reads a config file in .ini style with a minimal RPC endpoint setup. Returns an OpenNebula instance afterwards. is_supported_one_version Detects OpenNebula version. Returns false if
1.3. configuration-modules-core 83 Quattor Documentation, Release 0.0.1
Enables acpid service Rename hdx/sdx device disks by vdx to use virtio module aii_install Based on Quattor template this method: Stops current running VM. Instantiates the new VM. aii_remove Performs VM remove wich depending on the booleans. Stops running VM. Removes VM template. Removes VM image for each $harddisks. Removes vnet ARs.
OpenNebula :: Account
NAME
NCM::Component::OpenNebula::Account adds and modifies OpenNebula users groups and clusters consumers.
Public methods manage_consumers Add/remove/update regular users/groups/clusters. Assign users to groups only if the user/group has the QUATTOR flag set. set_user_primary_group Sets user primary group. get_permissions Gets current resource permissions. change_permissions Changes resource permissions.
OpenNebula :: Ceph
NAME
NCM::Component::OpenNebula::Ceph adds Ceph backend support to NCM::Component::OpenNebula::Host.
84 Chapter 1. Content Quattor Documentation, Release 0.0.1
Public methods
enable_ceph_node Configures Ceph client and set the Ceph key in each host. set_ceph_secret Sets the Ceph secret to be used by libvirt. set_ceph_keys Sets the Ceph keys to be used by libvirt. detect_ceph_datastores Detects any OpenNebula Ceph datastore setup.
OpenNebula :: Cluster
NAME
NCM::Component::OpenNebula::Cluster adds OpenNebula VirtualClusterconfiguration support to NCM::Component::opennebula.
Public methods
set_service_clusters Includes an specific service into a cluster/s
OpenNebula :: Commands
NAME
NCM::Component::OpenNebula::Commands Configuration module for ONE
DESCRIPTION
Configuration module for OpenNebula. Executes the required ssh commands to enable the hosts to be used by the cloud server. This component needs a ‘oneadmin’ user. The user should be able to run these commands with sudo without password: virsh secret-define --file /var/lib/one/templates/secret/secret_ceph.xml virsh secret-set-value --secret $uuid --base64 $secret
Public methods set_ssh_command Sets $sshcmd. run_command
1.3. configuration-modules-core 85 Quattor Documentation, Release 0.0.1
Executes a command and return the output. Returns sdout and stderr array. run_virsh_as_oneadmin_with_ssh Executes a command prefixed with virsh and returns the output. run_oneuser_as_oneadmin_with_ssh Executes oneuser command and returns the output. run_onehost_as_oneadmin_with_ssh Executes onehost command to sync hosts VMMs scripts. has_shell_escapes Checks for shell escapes. run_command_as_oneadmin Executes a command as oneadmin user. run_command_as_oneadmin_with_ssh Executes a command as oneadmin over ssh, optionally with options. ssh_known_keys Accepts and adds unknown keys if wanted. can_connect_to_host Checks if the host is reachable or not.
OpenNebula :: Host
NAME
NCM::Component::OpenNebula::Host adds KVM hosts support to NCM::Component::OpenNebula.
Public methods manage_hosts Adds or removes Xen or KVM hosts. disable_host Disables failing OpenNebula host. This method is called when the host is not reachable from the OpenNebula server. Always displays a warning message. In that case the host is disabled in the scheduler. sync_opennebula_hosts Synchronise hosts VMM scripts. enable_node Execute ssh commands required by OpenNebula also it configures Ceph client if necessary.
86 Chapter 1. Content Quattor Documentation, Release 0.0.1
OpenNebula :: Image
NAME
NCM::Component::OpenNebula::Image adds OpenNebula VM images support to NCM::Component::OpenNebula.
Public methods get_images Gets the image template from TT file and gathers the image names (
OpenNebula :: Network
NAME
NCM::Component::OpenNebula::Network adds OpenNebula VirtualNetworkconfiguration support to NCM::Component::opennebula.
Public methods update_vn_ar Updates VirtualNetwork ARs. get_vnetars Gets the network ARs (address range) from TT file and gathers VNet names and IP/MAC addresses. remove_and_create_vn_ars Removes/creates ARs (address range). detect_duplicate_ars Detects duplicate VirtualNetwork ARs with same IPs or MACs. Removes duplicated ARs (if QUATTOR flag is set to true). create_vn_ars Creates VirtualNetwork AR leases.
1.3. configuration-modules-core 87 Quattor Documentation, Release 0.0.1
remove_vn_ars Removes
OpenNebula :: Server
NAME
NCM::Component::OpenNebula::Server adds OpenNebula service configuration support to NCM::Component::OpenNebula.
Public methods
restart_opennebula_service Restarts OpenNebula service after any configuration change. =cut sub restart_opennebula_service { my ($self, $service) = @_; my $srv; if ($service eq “oned”) { $srv = CAF::Service->new([‘opennebula’], log => $self); } elsif ($service eq “sunstone”) { $srv = CAF::Service->new([‘opennebula-sunstone’], log => $self); } elsif ($service eq “oneflow”) { $srv = CAF::Service->new([‘opennebula-flow’], log => $self); } elsif ($service eq “kvmrc” or $service eq “vnm_conf”) { $self->info(“Updated $service file. onehost sync is required.”); $self->sync_opennebula_hosts(); } $srv->restart() if defined($srv); } detect_opennebula_version Detects OpenNebula version through opennebula-server probe files, the value gathered from the file must be untaint. change_opennebula_passwd Sets a new OpenNebula service password. set_one_service_conf Sets OpenNebula configuration files used by the deamons, if the configuration file is changed the service must be restarted afterwards. is_conf_file_modified Checks OpenNebula configuration file status. set_one_auth_file Sets the authentication files used by oneadmin client tools. set_file_opts Sets filewriter options. set_one_server
88 Chapter 1. Content Quattor Documentation, Release 0.0.1
Configures OpenNebula server. set_config_group Sets OpenNebula configuration file group.
OpenNebula :: VM
NAME
NCM::Component::OpenNebula::VM adds OpenNebula VMsmanage support to NCM::Component::OpenNebula.
Public methods get_vmtemplate Gets VM template from tt file. remove_or_create_vm_template Creates or removes VM templates $createvmtemplate flag forces to create $remove flag forces to remove. stop_and_remove_one_vms Stops running VMs.
OpenStack :: Glance
Methods
_attrs Override filename attribute (and set daemon_map)
OpenStack :: Horizon
Methods
_attrs Override daemons attribute
OpenStack :: Keystone
Methods
_attrs Override daemons attribute bootstrap_url_endpoints Bootstraps URL identity service endpoints in Keystone.
1.3. configuration-modules-core 89 Quattor Documentation, Release 0.0.1
post_populate_service_database Initializes Fernet key repositories and bootstrap Keystone identity services.
OpenStack :: Neutron
Methods
_attrs Override manage, db and filename attribute (and set daemon_map)
OpenStack :: Nova
Methods
_attrs Override daemons attribute pre_populate_service_database Initializes API, cell and placement databases for Nova compute service. pre_restart Run before services restart. Used for hypervisors post-configuration. Must return 1 on success;
OpenStack :: Openrc
Methods
_attrs Override daemons attribute _set_elpath OpenRC is a special case, where type==flavour populate_service_database No database to populate
OpenStack :: Rabbitmq
Methods
_attrs Override default attributes write_config_file No config files to write
90 Chapter 1. Content Quattor Documentation, Release 0.0.1 post_populate_service_database Sets RabbitMQ permissions
OpenStack :: Service
Functions get_flavour Determine the name of the flavour based on type and tree and log/reporter instance (eg name=keystone for type=identity) get_fqdn Get fqdn of the host using host profile config instance. get_service Service factory: loads custom subclasses when one exists Same args as _initialize run_service Convenience function around get_service, includes basic reporting
Methods
_init_attrs Arguments: type: eg identity config: full profile config instance log: reporter instance prefix: the component prefix (for subclassing) client: Net::OpenStack::Client instance _initialize Initialisation using _init_attrs, _attrs and _daemons. _daemons Method to customise the daemons attribute during _initialize. _set_elpath Return main element path _attrs Add/set/modify more attributes Conviennce method for inheritance instead of using SUPER my $res = $self->SUPER::method(@_); _render Returns CCM::TextRedner instance _file_opts
1.3. configuration-modules-core 91 Quattor Documentation, Release 0.0.1
Return hashref with filewriter options for service(incl owned by that service user) _write_config_file Write the config file with name filename and element instance. _write_config_files Write multiple config files based on entries in the tree attribute. Filename is based on mapping in the filename attribute; a mapping which daemon(s) to start when the file is modified can be provided via the daemon_map attribute. write_config_file Write the config files (when filenames attribute is a hashref) or single file otherwise. _read_ceph_keyring Read Ceph pool key file from keyring. _libvirt_ceph_secret Set the libvirt secret file and couple the uuid to the Ceph key from the keyring. _do Convenience wrapper around CAF::Process Options user: option passed to CAF::Process sensitive: option passed to CAF::Process test: the command is a test, no error will be reported on failure pre_populate_service_database Run before the default service database is poulated (it is not run when database was already present). Must return 1 on success; populate_service_database Run the database sync command (incl bootstrap when empty) if db version cannot be found. Must return 1 on success. post_populate_service_database Run after the service database is poulated (it is not run when database was already present). Must return 1 on success; restart_daemons Restarts system service(s) after any configuration change for OpenStack service service. pre_restart Run before possible restart of services Must return 1 on success run Do things (in following order): write_config_file populate_service_database (or return) pre_restart (or return)
92 Chapter 1. Content Quattor Documentation, Release 0.0.1
restart_daemons (if config file changed)
Postgresql :: Commands
Postgresql :: Service
Systemd :: Service
NAME
NCM::Component::Systemd::Service handles the ncm-systemd units.
Public methods new Returns a new object with argument base (the configuration path) and accepts the following options log A logger instance (compatible with CAF::Object). configure configure gathered the to-be-configured units from the config using the gather_units method and then takes appropriate actions.
Private methods set_unconfigured_default Return the default behaviour for unconfigured units from ncn-systemdand legacy ncm-chkconfig. gather_configured_units Gather the list of all configured units from both ncm-systemdand legacy ncm-chkconfig location, and take appropriate actions. For any unit defined in both ncm-systemd and ncm-chkconfig location, the ncm-systemd set- tings will be used. Returns a hash reference with key the unit name and value the unit detail. gather_current_units Gather list of current units from both systemctl and legacy chkconfigusing resp. unit and chkconfig current_units methods. The hashref relevant_units is used to run minimal set of system commands where possible: e.g. if the hashref represents the configured units and if unconfigured is ignore, only gathered details for these units. process process the configured and current units and return hash references with state and activation changes. It uses the current units to make the required decisions. Unconfigured current units are also processed according the unconfigured value.
1.3. configuration-modules-core 93 Quattor Documentation, Release 0.0.1 change Actually make the changes as specified in the hashrefs states and acts (which hold the changes to be made to resp. the state and the activity of the units).
Systemd :: Service :: Chkconfig
NAME
NCM::Component::Systemd::Service::Chkconfig is a class handling services that can be controlled via (older) ncm-chkconfig.
Public methods new Returns a new object, accepts the following options log A logger instance (compatible with CAF::Object). current_units Return hash reference with current configured units determined via chkconfig --list. (No type to specify, sysv type is forced). current_target Return the current target based on legacy current_runlevel. default_target Return the default target based on legacy default_runlevel. configured_units configured_units parses the tree hash reference and builds up the units to be configured. It returns a hash reference with key the unit name and values the details of the unit. (tree is typically $config-getElement(‘/software/components/chkconfig/service’)->getTree>.) This method converts the legacy states as following del : masked add: disabled off : disabled on : enabled reset: this state is ignored / not supported.
Private methods is_possible_missing
94 Chapter 1. Content Quattor Documentation, Release 0.0.1
Determine if unit is possible_missing(see make_cache_alias). (Returns 0 or 1). A unit is possible_missing if the unit is in state masked or disabled (i.e. unit that is not expected to be running anyway). Other then pure systemd, chkconfig state off always implies that a disabled service unit is not running. generate_runlevel2target Create, set and return the runlevel2target map (will reset existing one, return is merely for testing). convert_runlevels Convert the ncm-chkconfig levels to new systemsctl targets legacylevel is a string with integers e.g. “234”. Retrun a array reference with the targets. default_runlevel default_runlevel returns the default runlevel via the INITTAB file. If that fails, the default DE- FAULT_RUNLEVEL is returned. current_runlevel Return the current legacy runlevel. The rulevel is determined by trying (in order) /sbin/runlevel or who -r. If both fail, the default_runlevel method is called and its value is returned.
Systemd :: Service :: Component :: chkconfig
Methods
_set_name Set and return name to use for prefix to get the the standard configuration path for the systemd component (not the chkconfig one through inheritance). This allows for easier subclassing, but is not safe for component aliasing. _initialize Modify the inheritance to set the NAME attribute via _set_name method. skip Skip all but service configuration.
Systemd :: Service :: Unit
NAME
NCM::Component::Systemd::Service::Unit is a class handling services with units
1.3. configuration-modules-core 95 Quattor Documentation, Release 0.0.1
Public methods new Returns a new object, accepts the following options log A logger instance (compatible with CAF::Object). unit_text Convert unit detail hashref to human readable string. Generates errors for missing attributes. current_units Return hash reference with current units determined via make_cache_alias. The array references units and possible_missingare passed to make_cache_alias. current_target Return the current target. TODO: implement this. systemctl list-units –type target lists all current targets (yes, with an s). default_target Return the default target. Supported options: force Force is passed to the fill_cache method. configured_units configured_units parses the tree hash reference and builds up the units to be configured. It returns a hash reference with key the unit name and values the details of the unit. Units with missing types are assumed to be TYPE_SERVICE; targets with missing type are assumed to be TYPE_TARGET. (tree is typcially obtained with the _getTree method). get_aliases Given an arrayref of units, return a hashref with key the unit (from the list) that is an alias for another unit (not necessarily from the list); and the other unit’s name is the value. The unit_alias cache is used for lookup. The possible_missing arrayref is passed to the fill_cache method Supported options force The force flag is passed to the fill_cache method possible_missing The possible_missing arrayref is passed to make_cache_alias. possible_missing
96 Chapter 1. Content Quattor Documentation, Release 0.0.1
Given the hashref units with key unit and value the unit’s details, return a array ref with units that are “possible missing”. Such units will not cause an error to be logged if they are not found in the cache during certain methods (e.g. make_cache_alias).
Private methods
is_possible_missing Determine if unit is possible_missing(see make_cache_alias). (Returns 0 or 1). A unit is possible_missing if the unit is in state masked (i.e. unit that is not expected to be running anyway). Unit in state disabled is not “possible missing” (they can be dependency for other units). init_cache (Re)Initialise all unit caches. Returns the caches (for unittestung mainly). Affected caches are unit_cache unit_alias dependency_cache get_type_shortname get_type_shortname returns the type and shortname based on the unit and optional type. If the type is not specified, it will be derived using the supported types. If the type can’t be determined based on the supported types, the defaulttype will be used. If in this case the defaulttypeis undefined, DEFAULT_TYPE will be used and error will be logged. If the defaulttype is defined, make_cache_alias (Re)generate the unit_cache and unit_alias map based on current units and unitfiles from the systemctl_list_unitsand systemctl_list_unit_files methods. Details for each unit from arrayref units are also added. If units is empty/undef, all found units and unitfiles are. If a unit is an alias of an other unit, it is added to the alias map. Each non-alias unit is also added as it’s own alias. Units in the possible_missing arrayref can be missing, and no error is logged if they are. For any other unit, an error is logged when neither the systemctl_list_unitsand systemctl_list_unit_files methods provide any information about it. Returns the generated cache and alias map for unittesting purposes. fill_cache Fill the unit_cache and unit_alias mapfor the arrayref units provided. The cache is updated via the make_cache_alias method if the unit is missing from the unit_alias map or if force is true. Supported options
1.3. configuration-modules-core 97 Quattor Documentation, Release 0.0.1
force Force cache refresh. possible_missing The possible_missing arrayref is passed to make_cache_alias. get_unit_show Return the show property for unit from the unit_cache and unit_alias map. Supported options force Force cache refresh. possible_missing If true, this unit is “possible missing” (see make_cache_alias) get_wantedby Return a hashref of all units that “want” unit(hashref is used for easy lookup; the key is the unit, the value is a boolean). It uses the dependency_cache for reverse dependencies (missing cache entries are added). Supported options force Force cache update. ignoreself By default, the reverse dependency list contains the unit itself too. With ignoreself true, the unit itself is not returned (but still stored in cache). is_wantedby Return if unit is wanted by target. Any unit can be passed as target (it does not have to be a unit of type ‘target’). It uses the get_wantedby method for the dependency lookup. Supported options force Force cache update (passed to get_wantedby). is_active is_active returns true or false and reflects if a unit is “running” or not. The following options are supported sleeptime =item max Units that are ‘reloading’, ‘activating’ and ‘deactivating’ are refreshed with sleep (default 1 sec) and max number of tries (default 3). Until force Force cache refresh (passed to get_unit_show). get_ufstate
98 Chapter 1. Content Quattor Documentation, Release 0.0.1
Return the state of the unit using the UnitFileState and the derived state from the state of the $PROP- ERTY_WANTEDBY units. The returned state can be more then the usual supported states (e.g. static). The following options are supported force Force cache refresh (passed to get_unit_show and fill_cache) is_ufstate is_ufstate returns true or false if the UnitFileState of unit matches the (simplified) state. An error is logged and undef returned if the unit can’t be queried. The following options are supported force Refresh the cache force (passed to get_ufstate method). derived Boolean (default true) to use derived information when UnitFileState itself is empty/undefined.
Private methods
_getTree The getTree method is similar to the regular EDG::WP4::CCM::CacheManager::Element::getTree, except that it keeps the unitfile configuration as an Element instance (as required by NCM::Component::Systemd::UnitFile). It takes as arguments a EDG::WP4::CCM::CacheManager::Configuration instance $config and a $path to the root of the whole unit tree.
Systemd :: Systemctl
NAME
NCM::Component::Systemd::Systemctl handle all systemd interaction via systemctl command.
Public methods systemctl_show logger is a mandatory logger to pass. Run systemctl show on single $unit and return parsed output. If $unit is undef, the manager itself is shown. Optional arguments: no_error Report a failure with systemctl show with verbose level. If nothing is specified, an error is reported.
1.3. configuration-modules-core 99 Quattor Documentation, Release 0.0.1
If succesful, returns a hashreference interpreting the key=value output. Following keys have the value split on whitespace and a array reference to the result as output After =item Before =item Conflicts =item Names =item RequiredBy =item Requires =item TriggeredBy =item Triggers =item WantedBy =item Wants Returns undef on failure. systemctl_daemon_reload logger is a mandatory logger to pass. Reload systemd manager configuration (e.g. when units have been modified). Returns undef on failure, SUCCESS otherwise. systemctl_list_units logger is a mandatory logger to pass. Return a hashreference with all units and their details for type. type is passed to the systemctl_list method. systemctl_list_unit_files logger is a mandatory logger to pass. Return a hashreference with all unit-files and their details for type. type is passed to the systemctl_list method. systemctl_list_deps logger is a mandatory logger to pass. Return a hashreference with all dependencies (i.e. required and wanted units) of the specified unitflattened. (This includes the unit itself). If reverse is set to true (default is false), it returns the revese dependencies (i.e. units with depen- dencies of type Wants or Requires on the given unit). The keys are the full unit names, values are 1. (A hash is used to allow easy lookup, instead of a list). The flattening is done via the --plain option of systemctl, the reverse result via the --reverse option. Both options are available since systemd-208 (which is in e.g. EL7). systemctl_command_units Run the systemctl command for units. An error is logged when the exitcode is non-zero. Returns exitcode and output. systemctl_is_enabled Run systemctl is-enabled for unit. Returns output without trailing newlines on success. Undef returned (no error reported) when the exitcode is non-zero. systemctl_is_active Run systemctl is-active for unit. Returns output without trailing newlines on success. Undef returned (no error reported) when the exitcode is non-zero.
100 Chapter 1. Content Quattor Documentation, Release 0.0.1
Private methods systemctl_list Helper method to generate and parse output from systemctl list-... commands like list-units or list-unit-files. logger is a mandatory logger to pass. spec is translated in the list-
Systemd :: UnitFile
NAME
NCM::Component::Systemd::UnitFile handles the configuration of ncm-systemd unitfiles.
Public methods new Returns a new object, accepts the following mandatory arguments unit The unit (full name.type). config A EDG::WP4::CCM::CacheManager::Element instance with the unitfile configura- tion. (An element instance is required becasue the rendering of the configuration is pan-basetype sensistive). and options replace A boolean to replace the configuration. (Default/undef is false). For a non-replaced configuration, a directory > is created and the unitfile is >. Systemd will pickup settings from this quattor.conf and other .conf files in this directory, and also any configuration for the unit in the default systemd paths (e.g. typical unit part of the software package located in >).
1.3. configuration-modules-core 101 Quattor Documentation, Release 0.0.1
A replaced configuration overrides all existing system unitfiles for the unit (and has to define all attributes). It has filename >. backup Backup files and/or directories. custom A hashref with custom configuration data. See custom method. log A logger instance (compatible with CAF::Object). custom The custom method prepares configuration data that is cannot be found in the profile. Report hashref with custom data on success, undef otherwise. Following custom attributes are supported: CPUAffinity Obtain the systemd.exec CPUAffinity list determined via hwloc(7) locations. Allows to e.g. cpubind on numanodes using the node:X location Forces an empty list to reset any possible previously defined affinity. write Create the unitfile. Returns undef in case of problem, a boolean indication if something changed other- wise. (This method will take all required actions to use the values, like reloading the systemd daemon. It will not however change the state of the unit, e.g. by restarting it.)
Private methods
_prepare_path Create and return the filename to use, and prepare the directory structure if needed. basedir is the base directory to use, e.g. $UNITFILE_DIRECTORY. _hwloc_calc_cpuaffinity Run _hwloc_calc_cpus, and returns in CPUAffinity format with a reset _hwloc_calc_cpus Run the hwloc-calc --physical --intersect PU command for locations. Returns arrayref with CPU indices on success, undef otherwise. _make_variables_custom A function that return the custom variables hashref to pass as ttoptions. (This is a function, not a method).
102 Chapter 1. Content Quattor Documentation, Release 0.0.1 accounts
NAME ncm-accounts: NCM component to manage the local accounts on the machine.
DESCRIPTION
The accounts component manages the local accounts on a machine. LDAP authentication depends on the LDAP configuration, which is handled by ncm-authconfig. Shadowing of passwords is also controlled by ncm-authconfig.
FUNCTIONS accounts provides several functions as an API to handle creation of users and groups. They are mainly targeted at helping creating consistent accounts across machines, using a central definition of all accounts and a per machine list of accounts to be actually created. All these functions update a structure_accounts (return value may be assigned to “/software/components/accounts”). Behaviour of these functions can be customized by definining some variables before calling them, mainly : ACCOUNTS_USER_HOME_ROOT defines default root for home directory (Default: /home) ACCOUNTS_USER_CREATE_HOME defines if home directory must be created by default (Default: true) ACCOUNTS_USER_AUTOGROUP defines if a group must be defined with the same name as the user, if no group has been explicitly specified (Default: true). ACCOUNTS_USER_CHECK_GROUP defines if the default group must be created if it doesn’t exist, with a gid equals to uid (Default: true) ACCOUNTS_USER_COMMENT defines a default value for user comment (Default: Created by ncm-accounts) ACCOUNTS_GROUP_COMMENT defines a default value for group comment (Default: Created by ncm-accounts) create_accounts_from_db(userList:nlist, users:list:optional, accountType:optional)
This function creates users or groups from a nlist containing user or group characteristics. It updates a struc- ture_accounts (return value may be assigned to /software/components/accounts). User/group characteristics must be provided as structure_userinfo/structure_groupinfo. Second parameter, if presents, gives the list of users to create from user_list. This allows to use a unique user/group definition for all nodes, to warrant consistency between nodes. By default (accountType undefined or 0), this function creates user accounts. To create groups, set third parameter (accountType) to 1.
1.3. configuration-modules-core 103 Quattor Documentation, Release 0.0.1 create_group(groupname:string, params:structure_groupinfo)
This function creates a group, applying some defaults defined by variables and checking information consistency. It updates a structure_accounts (return value may be assigned to /software/components/accounts). create_user(username:string, params:structure_userinfo)
This function creates a user, applying some defaults defined by variables and checking information consistency (e.g. group existence). It updates a structure_accounts (return value may be assigned to Default: /software/components/accounts). keep_user_group(user_or_group:string or list of string)
This functions adds a user or group to the kept_users or kept_groups resources. The argument can be a string or list of strings. The return value can be assigned to /software/components/accounts/kept_users or /software/components/accounts/kept_groups.
RESOURCES
/software/components/accounts/rootpwd
The crypted root password for the machine.
/software/components/accounts/users
An nlist of users to configure on the node. The key is the account name (or base name for pool accounts). The numerical UID is mandatory. The available fields are: comment real name or comment about user. Defaults to user name itself. homeDir full path of the home directory of the user. Defaults to the system default. For pool accounts this will be used as a base for creating numbered home directories; if this is not set the username will be used as a base. createHome boolean indicating whether to create a home directory for the user. Defaults to false. groups a list of groups for this user. The first group listed is the primary group. If this is not given, then it will default to a group named identically to the user name. NOTE: If this group already exists, then the command to add the user will fail. password the crypted password entry for the user. No default. If not given it will result in a locked account, except if the account already exists and has a defined password: in this case, it will be kept. shell
104 Chapter 1. Content Quattor Documentation, Release 0.0.1
the shell for the user. If it is defined as an empty string, the current shell is preserved for an existing account (for a new account, it will remain undefined, meaning that the default shell on the system will be used). Defaults to /bin/bash. uid the uid value for this account. Mandatory. This is interpreted as the base uid value for pool accounts (i.e. poolSize > 0). poolStart the index at which to start the pool accounts. The default is 0. This must be a non-negative number. poolDigits the number of digits to which the pool account numbers are padded. For example a value of 3 will create accounts atlas000, atlas001, etc. The default is the number of digits in the highest-numbered pool account. poolSize number of pool accounts to create. The default is 0 which indicates that it is a normal (unique) account. A value greater than 0 will create a set of numbered accounts with the given user name as a base. E.g. a base name of “atlas” and a poolSize=3 will create three accounts atlas0 atlas1 atlas2.
/software/components/accounts/groups
An nlist of groups to configure on the node. The key is the group name. At least one field must be specified. comment ignored, but provided so gid doesn’t have to be gid the optional gid number for the group requiredMembers An optional list of users that must be added as member of the group. The users don’t have to be local users, defined in the configuration. Note 1: group members present in the /etc/group file but not defined in the current configuration are removed by ncm-accounts if they are not required members. Note 2: for users defined in the configuration the preferred way to add them to groups is by defining their groups property. replaceMembers (boolean) When true, current members of the group (if existing) are replaced by the groups defined in the configu- ration (coming from requiredMembers and user groups). If false, groups from the configuration are merged with existing ones. D: false
/software/components/accounts/login_defs
A nlist of values to be set in /etc/login.defs. NOTE: This configuration file is specific to RedHat-like systems; setting will be ignored on other systems. This file configures all kinds of default settings such as:
1.3. configuration-modules-core 105 Quattor Documentation, Release 0.0.1 uid_min, uid_max Min/max values for automatic uid selection in useradd. gid_min, gid_max Min/max values for automatic gid selection in groupadd. pass_max_days Maximum number of days a password may be used. pass_min_days Minimum number of days allowed between password changes. pass_min_len Minimum acceptable password length. pass_warn_age Number of days warning given before a password expires. create_home If useradd should create home directories for users by default.
/software/components/accounts/remove_unknown
Flag to indicate whether unknown accounts should be deleted. The default is false. The root account can never be removed.
/software/components/accounts/preserved_accounts
This property may have 3 values: ‘none’, ‘system’, ‘dyn_user_group’. It controls the accounts/groups that have to be preserved when remove_unknown is true (it has no effect when remove_unknown=false). The effect of each possible value is: system all accounts/groups in the system range (strictly below GID/UID_MIN as defined in /etc/login.defs) are preserved even though they are not present in the configuration. It is possible to use login_defs/uid_min and login_defs/gid_min properties to control the preserved ranges. dyn_user_group all accounts/groups in the system range and in the range used for dynamic uid/gid allocation by user- add command, ie. all accounts/groups with uid/gid less or equal to GID/UID_MAX as defined in /etc/login.defs, are preserved. The exact list of accounts preserved depends on UID/GID_MAX value. It is possible to use login_defs/uid_max and login_defs/gid_max properties to control the preserved ranges. Not that remove_unknown=true with preserved_accounts=dyn_user_group and UID/GID_MAX set to the highest possible IDs is equivalent to remove_unknown=false. none all existing accounts/groups not present in the configuration are removed from the system (except root). ** Default: ** dyn_user_group
106 Chapter 1. Content Quattor Documentation, Release 0.0.1
LIMITATIONS
Local users belonging to LDAP groups
When a local user has to belong to a group defined only on LDAP, a local group with the desired numerical ID is created. This group has the same name as the user ID. It will be removed on the next run of the component if remove_unknown is set to true. This is somewhat ugly, but doesn’t affect the system behaviour at all, so it won’t be fixed. nsswitch.conf status
The component has been tested with files as the primary source on /etc/nsswitch.conf for group and passwd. Different settings may produce strange behaviour. These settings are not controlled by ncm-accounts but by ncm-authconfig.
Types
• /software/accounts/defined_user • /software/accounts/defined_group
Functions
• is_user_or_group • Arguments: – the type (‘user’ or ‘group’) – the name(s). Can be more than one argument or a single list of names. All arguments have to be defined. • create_group • create_user • create_accounts_from_db • keep_user_group
Types
• /software/accounts/structure_userinfo – /software/accounts/structure_userinfo/comment
* Optional * Type: string – /software/accounts/structure_userinfo/homeDir
* Optional * Type: string
1.3. configuration-modules-core 107 Quattor Documentation, Release 0.0.1
– /software/accounts/structure_userinfo/createHome
* Optional * Type: boolean – /software/accounts/structure_userinfo/createKeys
* Optional * Type: boolean – /software/accounts/structure_userinfo/groups
* Optional * Type: string – /software/accounts/structure_userinfo/password
* Optional * Type: string – /software/accounts/structure_userinfo/shell
* Optional * Type: string – /software/accounts/structure_userinfo/uid
* Optional * Type: long * Range: 0.. – /software/accounts/structure_userinfo/poolStart
* Optional * Type: long * Range: 0.. – /software/accounts/structure_userinfo/poolDigits
* Optional * Type: long * Range: 1.. – /software/accounts/structure_userinfo/poolSize
* Optional * Type: long * Range: 0.. – /software/accounts/structure_userinfo/info
* Optional * Type: string – /software/accounts/structure_userinfo/ldap
* Optional
108 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: boolean • /software/accounts/structure_groupinfo – /software/accounts/structure_groupinfo/comment
* Optional * Type: string – /software/accounts/structure_groupinfo/gid
* Optional * Type: long * Range: 1.. – /software/accounts/structure_groupinfo/requiredMembers
* Optional * Type: string – /software/accounts/structure_groupinfo/replaceMembers
* Optional * Type: boolean • /software/accounts/structure_login_defs – /software/accounts/structure_login_defs/uid_min
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/uid_max
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/gid_min
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/gid_max
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/pass_max_days
* Optional * Type: long * Range: 1..
1.3. configuration-modules-core 109 Quattor Documentation, Release 0.0.1
– /software/accounts/structure_login_defs/pass_min_days
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/pass_min_len
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/pass_warn_age
* Optional * Type: long * Range: 1.. – /software/accounts/structure_login_defs/create_home
* Optional * Type: legacy_binary_affirmation_string – /software/accounts/structure_login_defs/mail_dir
* Optional * Type: string – /software/accounts/structure_login_defs/umask
* Optional * Type: string – /software/accounts/structure_login_defs/userdel_cmd
* Optional * Type: string – /software/accounts/structure_login_defs/usergroups_enab
* Optional * Type: boolean • /software/accounts/accounts_component – /software/accounts/accounts_component/rootpwd
* Optional * Type: string – /software/accounts/accounts_component/rootshell
* Optional * Type: string – /software/accounts/accounts_component/shadowpwd
* Optional
110 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: boolean – /software/accounts/accounts_component/users
* Optional * Type: structure_userinfo – /software/accounts/accounts_component/groups
* Optional * Type: structure_groupinfo – /software/accounts/accounts_component/login_defs
* Optional * Type: structure_login_defs – /software/accounts/accounts_component/remove_unknown
* Optional * Type: boolean – /software/accounts/accounts_component/preserved_accounts
* Optional * Type: string – /software/accounts/accounts_component/kept_users
* Optional * Type: string – /software/accounts/accounts_component/kept_groups
* Optional * Type: string – /software/accounts/accounts_component/ldap
* Optional * Type: boolean
Functions
• has_unique_attr afsclt
NAME
NCM::afsclt - NCM AFS client configuration component
1.3. configuration-modules-core 111 Quattor Documentation, Release 0.0.1
SYNOPSIS
Configure() Configure the cell, the AFS cacheinfo file and the afsd daemon.
RESOURCES
/software/components/afsclt/afsd_args : nlist (optional) various command-line options for the afsd daemon /software/components/afsclt/afs_mount : string (optional) AFS mount point. If not defined, /afs is used. /software/components/afsclt/cachemount : string (optional) AFS cache mount point. No default. /software/components/afsclt/cachesize : string (optional) desired AFS cache size on disk, in 1K blocks, or AUTOMATIC. The running AFS cache will get adjusted online, and $afs_cacheinfo will be changed if required. Please note that an available (mounted) AFS cache partition has precedence over this value, i.e. you cannot force a lower usage of the cache partition. For Linux machines, a cache partition will use CACHESIZE=AUTOMATIC, for other OSes, a hardcoded fill rate of 85% is used. /software/components/afsclt/cellservdb : string (optional) A regularly-updated AFS CellServDB URL or filename (e.g. from AFS) that this component will copy to local disk. The local AFS client will get notified of any additions or changes within a cell. /software/components/afsclt/enabled : yes or no (required) Whether the AFS client should be enabled or not. No default. /software/components/afsclt/settime : boolean (optional) make AFS client set the system time or not. /software/components/afsclt/thiscell : string (required) local AFS cell for this machine. No default. /software/components/afsclt/thesecells : list of string (optional) List of AFS cells to authenticate to. No default.
Types
• /software/afsclt/component_afsclt_entry – /software/afsclt/component_afsclt_entry/thiscell
* Optional * Type: string – /software/afsclt/component_afsclt_entry/thesecells
* Optional * Type: string
112 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/afsclt/component_afsclt_entry/settime
* Optional * Type: boolean – /software/afsclt/component_afsclt_entry/cellservdb
* Optional * Type: string – /software/afsclt/component_afsclt_entry/afs_mount
* Optional * Type: string – /software/afsclt/component_afsclt_entry/cachemount
* Optional * Type: string – /software/afsclt/component_afsclt_entry/cachesize
* Optional * Type: string – /software/afsclt/component_afsclt_entry/enabled
* Optional * Type: legacy_binary_affirmation_string – /software/afsclt/component_afsclt_entry/afsd_args
* Optional * Type: string
Types
• /software/freeipa/aii_freeipa – /software/freeipa/aii_freeipa/module
* Optional * Type: string – /software/freeipa/aii_freeipa/remove
* Description: remove the host on AII removal (precedes disable) * Optional * Type: boolean – /software/freeipa/aii_freeipa/disable
* Description: disable the host on AII removal * Optional * Type: boolean
1.3. configuration-modules-core 113 Quattor Documentation, Release 0.0.1
Functions
• validate_aii_freeipa_hooks – Description: a function to validate all freeipa hooks example usage: bind “/system/aii/hooks” = dict with validate_aii_freeipa_hooks(‘post_reboot’)
Functions
• opennebula_ipv42mac – Description: This function generates OpenNebula MAC addresses from MAC_PREFIX + IPv4 Based on OpenNebula openneb- ula_ipv42mac function: https://github.com/OpenNebula/one/blob/master/share/router/vmcontext.rb Syntax: mac_prefix:string ipv4:string mac_prefix hex:hex value used also by oned.conf (02:00 by default) ipv4 IP used by the VM • opennebula_replace_vm_mac – Description: This function replaces nic hwaddr using OpenNebula MAC function Use the same MAC_PREFIX for OpenNebula component (oned.conf) and AII Syntax: mac_prefix:string mac_prefix hex:hex value used by oned.conf Example: “/hardware/cards/nic” = opennebula_replace_vm_mac(MAC_PREFIX);
Types
• /software/opennebula/structure_aii_opennebula – /software/opennebula/structure_aii_opennebula/module
* Optional * Type: string – /software/opennebula/structure_aii_opennebula/image
* Description: force create image from scratch, also stop/delete vm. VM images are not updated, if you want to resize or modify an available image from scratch use remove hook first. – Optional – Type: boolean – /software/opennebula/structure_aii_opennebula/template
* Description: force (re)create template, also stop/delete vm * Optional
114 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: boolean – /software/opennebula/structure_aii_opennebula/vm
* Description: instantiate template (i.e. make vm) * Optional * Type: boolean – /software/opennebula/structure_aii_opennebula/onhold
* Description: vm is placed onhold, if false the VM execution is scheduled asap * Optional * Type: boolean • /software/opennebula/opennebula_vmtemplate_vnet • /software/opennebula/opennebula_vmtemplate_datastore • /software/opennebula/valid_interface_ignoremac – Description: Type that checks if the network interface is available from the quattor tree • /software/opennebula/opennebula_ignoremac – Description: Type that sets which net interfaces/MACs will not include MAC values within ONE templates • /software/opennebula/opennebula_ignoremac/macaddr – Optional – Type: type_hwaddr • /software/opennebula/opennebula_ignoremac/interface – Optional – Type: valid_interface_ignoremac • /software/opennebula/opennebula_permissions – Description: Type that changes resources owner/group permissions. By default opennebula-aii generates all the resources as onead- min owner/group. owner: OpenNebula user id or user name group: OpenNebula group id or username mode: Octal notation, e.g. 0600 • /software/opennebula/opennebula_permissions/owner – Optional – Type: string • /software/opennebula/opennebula_permissions/group – Optional – Type: string • /software/opennebula/opennebula_permissions/mode – Optional
1.3. configuration-modules-core 115 Quattor Documentation, Release 0.0.1
– Type: long • /software/opennebula/opennebula_vmtemplate_pci – Description: It is possible to discover PCI devices in the hosts and assign them to Virtual Machines for the KVM host. I/O MMU and SR-IOV must be supported and enabled by the host OS and BIOS. More than one PCI option can be added to attach more than one PCI device to the VM. The device can be also specified without all the type values. PCI values must be hexadecimal (0xhex) If the PCI values are not found in any host the VM is queued waiting for the required resouces. “onehost show
116 Chapter 1. Content Quattor Documentation, Release 0.0.1
• Type: string • /software/opennebula/opennebula_placements/sched_rank – Description: This field sets which attribute will be used to sort the suitable hosts for this VM. Basically, it defines which hosts are more suitable than others. • Optional • Type: string • /software/opennebula/opennebula_placements/sched_ds_requirements – Description: Boolean expression that rules out entries from the pool of datastores suitable to run this VM. • Optional • Type: string • /software/opennebula/opennebula_placements/sched_ds_rank – Description: States which attribute will be used to sort the suitable datastores for this VM. Basically, it defines which datastores are more suitable than others. • Optional • Type: string • /software/opennebula/opennebula_vmtemplate – /software/opennebula/opennebula_vmtemplate/vnet
* Description: Set the VNETs opennebula/vnet (bridges) required by each VM network interface
* Optional * Type: opennebula_vmtemplate_vnet – /software/opennebula/opennebula_vmtemplate/datastore
* Description: Set the OpenNebula opennebula/datastore name for each vdx * Optional * Type: opennebula_vmtemplate_datastore – /software/opennebula/opennebula_vmtemplate/ignoremac
* Description: Set ignoremac tree to avoid to include MAC values within AR/VM tem- plates
* Optional * Type: opennebula_ignoremac – /software/opennebula/opennebula_vmtemplate/graphics
* Description: Set graphics to export VM graphical display (VNC is used by default) * Optional * Type: string
1.3. configuration-modules-core 117 Quattor Documentation, Release 0.0.1
– /software/opennebula/opennebula_vmtemplate/diskcache
* Description: Select the cache mechanism for your disks. (by default is set to none) * Optional * Type: string – /software/opennebula/opennebula_vmtemplate/diskdriver
* Description: specific image mapping driver. qcow2 is not supported by Ceph storage backends
* Optional * Type: string – /software/opennebula/opennebula_vmtemplate/permissions
* Optional * Type: opennebula_permissions – /software/opennebula/opennebula_vmtemplate/pci
* Description: Set pci list values to enable PCI Passthrough. PCI passthrough section is also generated based on /hardware/cards/
– Optional – Type: opennebula_vmtemplate_pci – /software/opennebula/opennebula_vmtemplate/labels
* Description: labels is a list of strings to group the VMs under a given name and filter them in the admin and cloud views. It is also possible to include in the list sub-labels using a common slash: list(“Name”, “Name/SubName”) This feature is available since OpenNebula 5.x, below this version the change does not take effect. – Optional – Type: string – /software/opennebula/opennebula_vmtemplate/placements
* Optional * Type: opennebula_placements – /software/opennebula/opennebula_vmtemplate/memorybacking
* Description: The optional memoryBacking element may contain several elements that influence how virtual memory pages are backed by host pages. hugepages: This tells the hypervisor that the guest should have its memory allocated using hugepages instead of the normal native page size. nosharepages: Instructs hypervisor to disable shared pages (memory merge, KSM) for this domain. locked: When set and supported by the hypervisor, memory pages belonging to the domain will be locked in hosts memory and the host will not be allowed to swap them out, which might be required for some workloads such as real-time. For QEMU/KVM guests, the memory used by the QEMU process itself will be locked too: unlike guest memory, this is an amount libvirt has no way of figuring out in advance, so it has to remove the limit on locked memory altogether. Thus, enabling this option opens up to a potential security risk: the
118 Chapter 1. Content Quattor Documentation, Release 0.0.1
host will be unable to reclaim the locked memory back from the guest when its running out of memory, which means a malicious guest allocating large amounts of locked memory could cause a denial-of-service attach on the host. – Optional – Type: string
Functions
• validate_aii_opennebula_hooks – Description: Function to validate all aii_opennebula hooks • is_consistent_memorybacking aiiserver
DESCRIPTION
The aiiserver component manages the configuration of an AII (Automated Installation Infrastructure) server.
RESOURCES
This components also uses configuration parameters related to https from ncm-ccm: ca_dir, ca_file, cert_file, key_file.
Types
• /software/aiiserver/structure_aiishellfe – /software/aiiserver/structure_aiishellfe/cachedir
* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/ca_dir
* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/ca_file
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/cdburl
* Optional * Type: type_absoluteURI – /software/aiiserver/structure_aiishellfe/cert_file
* Optional
1.3. configuration-modules-core 119 Quattor Documentation, Release 0.0.1
* Type: string – /software/aiiserver/structure_aiishellfe/grub2_efi_kernel_root
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/grub2_efi_linux_cmd
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/key_file
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/lockdir
* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/logfile
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/nbpdir
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/nbpdir_grub2
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/noaction
* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/nodhcp
* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/nonbp
* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/noosinstall
* Optional * Type: boolean – /software/aiiserver/structure_aiishellfe/osinstalldir
* Optional
120 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: absolute_file_path – /software/aiiserver/structure_aiishellfe/profile_format
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/profile_prefix
* Optional * Type: string – /software/aiiserver/structure_aiishellfe/use_fqdn
* Optional * Type: boolean • /software/aiiserver/structure_aiidhcp – /software/aiiserver/structure_aiidhcp/dhcpconf
* Optional * Type: absolute_file_path – /software/aiiserver/structure_aiidhcp/restartcmd
* Optional * Type: string – /software/aiiserver/structure_aiidhcp/norestart
* Optional * Type: boolean • /software/aiiserver/aiiserver_component – /software/aiiserver/aiiserver_component/aii-shellfe
* Description: Configures the aii-shellfe tool. * Optional * Type: structure_aiishellfe – /software/aiiserver/aiiserver_component/aii-dhcp
* Description: Configures AII::DHCP and the aii-dhcp legacy tool. * Optional * Type: structure_aiidhcp altlogrotate
NAME ncm-altlogrotate: configuration module to control the log rotate configuration.
1.3. configuration-modules-core 121 Quattor Documentation, Release 0.0.1
DESCRIPTION
The altlogrotate component manages the log rotate configuration files. It replaced the original logrotate which is no longer available.
Types
• /software/altlogrotate/structure_altlogrotate_scripts – /software/altlogrotate/structure_altlogrotate_scripts/prerotate
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_scripts/postrotate
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_scripts/firstaction
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_scripts/lastaction
* Optional * Type: string • /software/altlogrotate/structure_altlogrotate_create_params – /software/altlogrotate/structure_altlogrotate_create_params/mode
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_create_params/owner
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_create_params/group
* Optional * Type: string • /software/altlogrotate/structure_altlogrotate_logrot – /software/altlogrotate/structure_altlogrotate_logrot/pattern
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/global
* Description: part of global configuration file, requires an entry called ‘global’. The ‘global’ entry does not require the global flag.
* Optional
122 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/overwrite
* Description: Create and overwrite configfile with the entry as filename, if it previously existed (only non-global files). (If such file does not exist, use the ncm-altlogrotate suffix as usual)
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/include
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/compress
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/copy
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/copytruncate
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/delaycompress
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/ifempty
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/missingok
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/sharedscripts
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/dateext
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/compresscmd
* Optional
1.3. configuration-modules-core 123 Quattor Documentation, Release 0.0.1
* Type: string – /software/altlogrotate/structure_altlogrotate_logrot/uncompresscmd
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/compressext
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/compressoptions
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/create
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/createparams
* Optional * Type: structure_altlogrotate_create_params – /software/altlogrotate/structure_altlogrotate_logrot/extension
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/mail
* Optional * Type: type_email – /software/altlogrotate/structure_altlogrotate_logrot/nomail
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/mailselect
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/olddir
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/noolddir
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/rotate
* Optional
124 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: long * Range: 0.. – /software/altlogrotate/structure_altlogrotate_logrot/start
* Optional * Type: long * Range: 0.. – /software/altlogrotate/structure_altlogrotate_logrot/size
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/taboo_replace
* Optional * Type: boolean – /software/altlogrotate/structure_altlogrotate_logrot/tabooext
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/frequency
* Optional * Type: string – /software/altlogrotate/structure_altlogrotate_logrot/scripts
* Optional * Type: structure_altlogrotate_scripts • /software/altlogrotate/altlogrotate_component – /software/altlogrotate/altlogrotate_component/configFile
* Description: Logrotate configuration file location, defaults to /etc/logrotate.conf. * Optional * Type: string – /software/altlogrotate/altlogrotate_component/configDir
* Description: Logrotate entries directory path, defaults to /etc/logrotate.d, entries will be written to individual config files under this path.
* Optional * Type: string – /software/altlogrotate/altlogrotate_component/entries
* Description: A named list containing logrotate structures. Follows the logrotate config format, so see ‘man 8 logrotate’ for a detailed explanation of all options. The ‘global’ entry (if exists) is put at the beginning of the main configuration.
* Optional
1.3. configuration-modules-core 125 Quattor Documentation, Release 0.0.1
* Type: structure_altlogrotate_logrot amandaserver
DESCRIPTION
This component configures amanda server, the “Advanced Maryland Automatic Network Disk Archiver”.
FILES
This component generates the following files: * /etc/amanda/backupname/amanda.conf * /etc/amanda/backupname/disklist Furthermore, when using virtual tapes (tpchanger='chg-disk') it creates (only if these files do not exist previ- ously): * /etc/amanda/backupname/tapelist * tapedev_dir/slotXX * symbolic to the first slot It also labels the virtual tapes (this is very dangerous cause labelling the tapes destroy the content, have this into account if you already have data in the tapedev directory)
STRUCTURE
These are the top-level fields provided by the component. For information on any of these fields’ structure, please look amanda’s documentation. * /software/components/amandaserver/backupname/config/general_options Named list of general configuration options (goes to /etc/amanda/backupname/amanda.conf). Depending on the value of option tpchanger it might create the virtual tapes in the path specified by option tapedev. * /software/components/amandaserver/backupname/config/holdingdisks : holdingdisk{} Named list of holdingdisk structures, indexed by holdingdisk. name (goes to /etc/amanda/backupname/amanda.conf). * /software/components/amandaserver/backupname/config/tapetypes : tapetype{} Named list of tapetype structures, indexed by tapetype name. (goes to /etc/amanda/backupname/amanda.conf). * /software/components/amandaserver/backupname/config/dumptypes : dumptype{} Named list of dumptype structures, indexed by dumptype name. (goes to /etc/amanda/backupname/amanda.conf). * /software/components/amandaserver/backupname/config/interfaces : interface{} Named list of interface structures, indexed by interface name. (goes to /etc/amanda/backupname/amanda.conf).
126 Chapter 1. Content Quattor Documentation, Release 0.0.1
* /software/components/amandaserver/backupname/disklists : disk[] List of disk structures (goes to /etc/amanda/backupname/disklist).
Types
• /software/amandaserver/columnspec – /software/amandaserver/columnspec/name
* Optional * Type: string – /software/amandaserver/columnspec/space
* Optional * Type: long – /software/amandaserver/columnspec/width
* Optional * Type: long • /software/amandaserver/backupstring • /software/amandaserver/tapetypestring • /software/amandaserver/dumptypestring • /software/amandaserver/interfacestring • /software/amandaserver/booleanstring • /software/amandaserver/sizestring • /software/amandaserver/speedstring • /software/amandaserver/structure_amandaserver_general – /software/amandaserver/structure_amandaserver_general/org
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/mailto
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/dumpcycle
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/runspercycle
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/tapecycle
* Optional
1.3. configuration-modules-core 127 Quattor Documentation, Release 0.0.1
* Type: long – /software/amandaserver/structure_amandaserver_general/dumpuser
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/printer
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapedev
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/rawtapedev
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tpchanger
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/changerdev
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/changerfile
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/runtapes
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/maxdumpsize
* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_general/taperalgo
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/labelstr
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapetype
* Optional
128 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string – /software/amandaserver/structure_amandaserver_general/ctimeout
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/dtimeout
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/etimeout
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/inparallel
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/netusage
* Optional * Type: speedstring – /software/amandaserver/structure_amandaserver_general/dumporder
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/maxdumps
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/bumpsize
* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_general/bumpmult
* Optional * Type: double – /software/amandaserver/structure_amandaserver_general/bumpdays
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/disklist
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/infofile
* Optional
1.3. configuration-modules-core 129 Quattor Documentation, Release 0.0.1
* Type: string – /software/amandaserver/structure_amandaserver_general/logdir
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/indexdir
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapelist
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/tapebufs
* Optional * Type: long – /software/amandaserver/structure_amandaserver_general/reserve
* Optional * Type: number – /software/amandaserver/structure_amandaserver_general/autoflush
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_general/amrecover_do_fsf
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_general/amrecover_check_label
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_general/amrecover_changer
* Optional * Type: string – /software/amandaserver/structure_amandaserver_general/columnspec
* Optional * Type: columnspec – /software/amandaserver/structure_amandaserver_general/includefile
* Optional * Type: string • /software/amandaserver/structure_amandaserver_holdingdisk – /software/amandaserver/structure_amandaserver_holdingdisk/comment
130 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/amandaserver/structure_amandaserver_holdingdisk/directory
* Optional * Type: string – /software/amandaserver/structure_amandaserver_holdingdisk/use
* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_holdingdisk/chunksize
* Optional * Type: sizestring • /software/amandaserver/structure_amandaserver_dumptype_conf – /software/amandaserver/structure_amandaserver_dumptype_conf/auth
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/comment
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/comprate
* Optional * Type: double – /software/amandaserver/structure_amandaserver_dumptype_conf/compress
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/dumpcycle
* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/exclude
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/holdingdisk
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/ignore
* Optional * Type: booleanstring
1.3. configuration-modules-core 131 Quattor Documentation, Release 0.0.1
– /software/amandaserver/structure_amandaserver_dumptype_conf/include
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/index
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/kencrypt
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/maxdumps
* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/maxpromoteday
* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/priority
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/program
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype_conf/record
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/skip-full
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/skip-incr
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_dumptype_conf/starttime
* Optional * Type: long – /software/amandaserver/structure_amandaserver_dumptype_conf/strategy
* Optional * Type: string
132 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/amandaserver/structure_amandaserver_dumptype_conf/inc_dumptypes
* Optional * Type: string • /software/amandaserver/structure_amandaserver_dumptype – /software/amandaserver/structure_amandaserver_dumptype/dumptype_name
* Optional * Type: string – /software/amandaserver/structure_amandaserver_dumptype/dumptype_conf
* Optional * Type: structure_amandaserver_dumptype_conf • /software/amandaserver/structure_amandaserver_tapetype_conf – /software/amandaserver/structure_amandaserver_tapetype_conf/comment
* Optional * Type: string – /software/amandaserver/structure_amandaserver_tapetype_conf/filemark
* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_tapetype_conf/length
* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_tapetype_conf/block-size
* Optional * Type: sizestring – /software/amandaserver/structure_amandaserver_tapetype_conf/file-pad
* Optional * Type: booleanstring – /software/amandaserver/structure_amandaserver_tapetype_conf/speed
* Optional * Type: speedstring – /software/amandaserver/structure_amandaserver_tapetype_conf/lbl-templ
* Optional * Type: string – /software/amandaserver/structure_amandaserver_tapetype_conf/inc_tapetypes
* Optional * Type: string • /software/amandaserver/structure_amandaserver_tapetype
1.3. configuration-modules-core 133 Quattor Documentation, Release 0.0.1
– /software/amandaserver/structure_amandaserver_tapetype/tapetype_name
* Optional * Type: string – /software/amandaserver/structure_amandaserver_tapetype/tapetype_conf
* Optional * Type: structure_amandaserver_tapetype_conf • /software/amandaserver/structure_amandaserver_interface_conf – /software/amandaserver/structure_amandaserver_interface_conf/comment
* Optional * Type: string – /software/amandaserver/structure_amandaserver_interface_conf/use
* Optional * Type: speedstring – /software/amandaserver/structure_amandaserver_interface_conf/inc_interfaces
* Optional * Type: string • /software/amandaserver/structure_amandaserver_interface – /software/amandaserver/structure_amandaserver_interface/interface_name
* Optional * Type: string – /software/amandaserver/structure_amandaserver_interface/interface_conf
* Optional * Type: structure_amandaserver_interface_conf • /software/amandaserver/structure_amandaserver_config – /software/amandaserver/structure_amandaserver_config/general_options
* Optional * Type: structure_amandaserver_general – /software/amandaserver/structure_amandaserver_config/holdingdisks
* Optional * Type: structure_amandaserver_holdingdisk – /software/amandaserver/structure_amandaserver_config/tapetypes
* Optional * Type: structure_amandaserver_tapetype – /software/amandaserver/structure_amandaserver_config/dumptypes
* Optional * Type: structure_amandaserver_dumptype
134 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/amandaserver/structure_amandaserver_config/interfaces
* Optional * Type: structure_amandaserver_interface • /software/amandaserver/structure_amandaserver_disk – /software/amandaserver/structure_amandaserver_disk/hostname
* Optional * Type: string – /software/amandaserver/structure_amandaserver_disk/diskname
* Optional * Type: string – /software/amandaserver/structure_amandaserver_disk/dumptype
* Optional * Type: string • /software/amandaserver/structure_amandaserver_backup – /software/amandaserver/structure_amandaserver_backup/config
* Optional * Type: structure_amandaserver_config – /software/amandaserver/structure_amandaserver_backup/disklist
* Optional * Type: structure_amandaserver_disk • /software/amandaserver/structure_amandaserver_amandahost – /software/amandaserver/structure_amandaserver_amandahost/domain
* Optional * Type: string – /software/amandaserver/structure_amandaserver_amandahost/user
* Optional * Type: string • /software/amandaserver/structure_component_amandaserver – /software/amandaserver/structure_component_amandaserver/backups
* Optional * Type: structure_amandaserver_backup – /software/amandaserver/structure_component_amandaserver/amandahosts
* Optional * Type: structure_amandaserver_amandahost
1.3. configuration-modules-core 135 Quattor Documentation, Release 0.0.1 authconfig
NAME ncm-authconfig: NCM component to manage system authentication services.
DESCRIPTION
The authconfig component manages the system authentication methods on RedHat systems using the authconfig command. In addition, it can set additional operational parameters for LDAP authentication by modifying the /etc/ ldap.conf (SL5), the /etc/nslcd.conf (SL6) or /etc/sssd/sssd.conf (EL6/7) files directly. It will also enable/disable NSCD support on the client.
EXAMPLE
include "components/authconfig/config";
prefix "/software/components/authconfig"; "active"= true;
"safemode"= false;
"usemd5"= true; "useshadow"= true; "usecache"= true;
prefix "/software/components/authconfig/method/files"; "enable"= true;
prefix "/software/components/authconfig/method/ldap"; "enable"= false; "nssonly"= false; "conffile"= "/etc/ldap.conf"; "servers"= list ("tbn06.nikhef.nl", "hooimijt.nikhef.nl"); "basedn"= "dc=farmnet,dc=nikhef,dc=nl"; "tls/enable"= true; "binddn"= "cn=proxyuser,dc=example,dc=com"; "bindpw"= "secret"; "rootbinddn"= "cn=manager,dc=example,dc=com"; "port"= 389; "timeouts/idle"= 3600; "timeouts/bind"= 30; "timeouts/search"= 30; "pam_filter"= "|(gid=1012)(gid=1013)"; "pam_login_attribute"= "uid"; "pam_groupdn"= "cn=SystemAdministrators,ou=DirectoryGroups,dc=farmnet,dc=nikhef,
˓→dc=nl"; "pam_member_attribute"= "uniquemember"; "tls/peercheck"= "yes";
"tls/cacertfile"= undef; "tls/cacertdir"= undef; "tls/ciphers"= undef;
(continues on next page)
136 Chapter 1. Content Quattor Documentation, Release 0.0.1
(continued from previous page) "nss_base_passwd"= "OU=Users,OU=Organic Units,DC=cern,DC=ch"; "nss_base_group"= "OU=SLC,OU=Workgroups,DC=cern,DC=ch"; "bind_policy"= "soft"; "nss_map_objectclass/posixAccount"= "user"; "nss_map_objectclass/shadowAccount"= "user"; "nss_map_objectclass/posixGroup"= "group"; "nss_map_attribute/uid"= "sAMAccountName"; "nss_map_attribute/homeDirectory"= "unixHomeDirectory"; "nss_map_attribute/uniqueMember"= "member"; "pam_login_attribute"= "sAMAccountName"; "ssl"= "start_tls";
"pam_min_uid"= "0"; # NOT IMPLEMENTED # "pam_max_uid"= "0"; # NOT IMPLEMENTED #
prefix "/software/components/authconfig/method/nis"; "enable"= false; "domain"= "nikhef.nl"; "servers"= list ( "ajax.nikhef.nl");
prefix "/software/components/authconfig/method/krb5"; "enable"= false; "kdcs"= list ( "kdc.nikhef.nl"); "adminserver"= list ( "krbadmin.nikhef.nl"); "realm"= "NIKHEF.NL";
prefix "/software/components/authconfig/method/smb"; "enable"= false; "workgroup"= "NIKHEF"; "servers"= list ( "paling.nikhef.nl");
prefix "/software/components/authconfig/method/hesiod"; "enable"= false; "lhs"= "lefthanded"; "rhs"= "righthanded"; =cut use parent qw(NCM::Component); our $EC = LC::Exception::Context->new->will_store_all; our $NoActionSupported = 1; use CAF::Process; use CAF::Service; use CAF::FileEditor; use CAF::FileWriter 17.2.1; use EDG::WP4::CCM::TextRender; use File::Path; use Fcntl qw(:seek); use constant SSSD_FILE => ‘/etc/sssd/sssd.conf’; use constant SSSD_TT_MODULE => ‘sssd’; use constant NSCD_LOCK => ‘/var/lock/subsys/nscd’; # prevent authconfig from trying to launch in X11 mode delete($ENV{“DISPLAY”}); sub update_pam_file { my ($self, $tree) = @_;
my $fh= CAF::FileEditor->new($tree->{conffile}, log=>$self, backup=> ".old"); (continues on next page)
1.3. configuration-modules-core 137 Quattor Documentation, Release 0.0.1
(continued from previous page)
# regexp needs to match whole line my ($start,$end)=$fh->get_header_positions(qr{^#%PAM-\d+. *$}m); my @begin_whence; if ($start ==-1){ # no header found @begin_whence= BEGINNING_OF_FILE; } else { @begin_whence= (SEEK_SET,$end); }
foreach my $i(@{$tree->{lines}}) { my @whence=$i->{order} eq 'first'? @begin_whence : ENDING_OF_FILE;
if ($i->{entry} =~m{(?:^|\s+)(\S+\.so)(?:\s|$)}){ my $module=$1; $fh->add_or_replace_lines(qr{^#?\s*$tree->{section}\s+\S+\s+$module}, qr{^$tree->{section}\s+$i->{entry}$}, "$tree->{section} $i->{entry}\n", @whence); } else { $self->error("No '.so' module found in entry '$i->{entry}' (this is an
˓→error in the profile). Skipping."); } }
$fh->close(); } sub build_pam_systemauth { my ($self, $tree) = @_;
foreach my $i(sort(keys(%$tree))) { $self->update_pam_file($tree->{$i}) } }
# Disable an authentication method sub disable_method { my ($self, $method, $cmd) = @_;
if ($method eq 'files'){ $self->warn("Cannot disable files method"); return; }
$self->verbose("Disabling authentication method $method"); $cmd->pushargs("--disable$method"); }
# Enable the “files” authentication method in nsswitch. Actually, it # does nothing. sub enable_files { my $self = shift;
$self->verbose("Files method is always enabled"); }
138 Chapter 1. Content Quattor Documentation, Release 0.0.1
# Adds the authconfig command-line options to enable Kerberos5 # authentication to $cmd. sub enable_krb5 { my ($self, $cfg, $cmd) = @_;
$self->verbose("Enabling KRB5 authentication");
$cmd->pushargs(qw(--enablekrb5 --krb5realm)); $cmd->pushargs($cfg->{realm}); $cmd->pushargs("--krb5kdc", join(",",@{$cfg->{kdcs}})) if exists$cfg->{kdcs}; $cmd->pushargs("--krb5adminserver", join(",",@{$cfg->{adminservers}})) if exists$cfg->{adminservers}; }
# Adds the authconfig command-line options to enable SMB # authentication to $cmd. sub enable_smb { my ($self, $cfg, $cmd) = @_;
$self->verbose("Enabling SMB authentication");
$cmd->pushargs(qw(--enablesmbauth --smbworkgroup)); $cmd->pushargs($cfg->{workgroup}); $cmd->pushargs("--smbservers", join(",",@{$cfg->{servers}})); }
# Adds the authconfig command-line options to enable NIS # authentication to $cmd. sub enable_nis { my ($self, $cfg, $cmd) = @_;
$self->verbose("Enabling NIS authentication"); $cmd->pushargs(qw(--enablenis --nisdomain)); $cmd->pushargs($cfg->{domain}); $cmd->pushargs("--nisserver", join(",",@{$cfg->{servers}})); }
# Adds the authconfig command-line options to enable HESIOD # authentication to $cmd. sub enable_hesiod { my ($self, $cfg, $cmd) = @_;
$self->verbose("Enabling Hesiod authentication"); $cmd->pushargs(qw(--enablehesiod --hesiodlhs)); $cmd->pushargs($cfg->{lhs}); $cmd->pushargs("--hesiodrhs",$cfg->{rhs}); }
# Adds the authconfig command-line options to enable LDAP # authentication to $cmd. sub enable_ldap { my ($self, $cfg, $cmd) = @_;
if ($cfg->{nssonly}) { $cmd->pushargs("--disableldapauth"); } else { $cmd->pushargs("--enableldapauth"); }
$cmd->pushargs("--enableldap"); $cmd->pushargs("--ldapserver", join(",",@{$cfg->{servers}})) if exists$cfg->{servers}; $cmd->pushargs("--ldapbasedn=$cfg->{basedn}"); (continues on next page)
1.3. configuration-modules-core 139 Quattor Documentation, Release 0.0.1
(continued from previous page) $cmd->pushargs("--enableldaptls") if $cfg->{enableldaptls}; }
# Adds the authconfig command-line options to enable NSLCD (LDAP as of # SL6) authentication to $cmd. sub enable_nslcd { my ($self, $cfg, $cmd) = @_;
$cmd->pushargs(qw(--enableldapauth --enableldap)); $cmd->pushargs("--ldapserver", join(",",@{$cfg->{uri}})); $cmd->pushargs("--ldapbasedn=$cfg->{basedn}");
# Only enable TLS if requested; just setting ssl on should not enable TLS. $cmd->pushargs("--enableldaptls") if $cfg->{ssl}&&$cfg->{ssl} eq "start_tls"; }
# Adds the authconfig command-line to enable SSSD. sub enable_sssd { my ($self, $cfg, $cmd) = @_;
if ($cfg->{nssonly}) { $cmd->pushargs(qw(--disablesssdauth)); } else { $cmd->pushargs(qw(--enablesssdauth)); } $cmd->pushargs("--enablesssd"); } sub authconfig { my ($self, $t) = @_;
my ($stdout,$stderr); my $cmd= CAF::Process->new([qw(authconfig --kickstart)], log=>$self, stdout=>\$stdout, stderr=>\$stderr, timeout=> 60);
foreach my $i(qw(shadow cache)){ $cmd->pushargs($t->{"use$i"}? "--enable$i": "--disable$i"); }
$cmd->pushargs("--passalgo=$t->{passalgorithm}");
$cmd->pushargs("--enableforcelegacy") if $t->{enableforcelegacy};
while (my ($method,$v)= each(%{$t->{method}})) { if ($v->{enable}) { $method= "enable_$method"; $self->$method($v,$cmd); } else { $self->disable_method($method,$cmd) } } $cmd->setopts(timeout=> 60, stdout=>\$stdout, (continues on next page)
140 Chapter 1. Content Quattor Documentation, Release 0.0.1
(continued from previous page) stderr=>\$stderr); $cmd->execute(); if ($stdout){ $self->info("authconfig command output produced:"); $self->report($stdout); } if ($stderr){ $self->info("authconfig command ERROR produced:"); $self->report($stderr); } }
# Configures /etc/ldap.conf which is the file configuring LDAP # authentication on SL5. sub configure_ldap { my ($self, $tree) = @_;
delete($tree->{enable}); my $fh= CAF::FileWriter->new($tree->{conffile}, group=> 28, log=>$self, mode=> oct(644), backup=> ".old"); delete($tree->{conffile}); # These fields have different print $fh "idle_timelimit $tree->{timeouts}->{idle}\n"; print $fh "bind_timelimit $tree->{timeouts}->{bind}\n"; print $fh "timelimit $tree->{timeouts}->{search}\n"; print $fh "tls_checkpeer ", $tree->{tls}->{peercheck} ? "true": "false", "\n"; print $fh "tls_cacertfile $tree->{tls}->{cacertfile}\n" if $tree->{tls}->{cacertfile}; print $fh "tls_cacertdir $tree->{tls}->{cacertdir}\n" if $tree->{tls}->{cacertdir}; print $fh "tls_ciphers $tree->{tls}->{ciphers}\n" if $tree->{tls}->{ciphers}; print $fh "TLS_REQCERT $tree->{tls}->{reqcert}\n"; for my $i(0.. $#{$tree->{servers}}) { if (!($tree->{servers}[$i] =~ /:/)) { $tree->{servers}[$i]= 'ldap://'.$tree->{servers}[$i].'/'; } } print $fh "uri ", join("",@{$tree->{servers}}), "\n"; print $fh "base $tree->{basedn}\n";
delete($tree->{basedn}); delete($tree->{tls}); delete($tree->{timeouts}); delete($tree->{servers}); foreach my $i(qw(nss_map_objectclass nss_map_attribute nss_override_attribute_value)){ while (my ($k,$v)= each(%{$tree->{$i}})) { print $fh "$i $k $v\n"; } delete($tree->{$i}); }
while (my ($k,$v)= each(%$tree)) { (continues on next page)
1.3. configuration-modules-core 141 Quattor Documentation, Release 0.0.1
(continued from previous page) print $fh "$k $v\n"; }
return $fh->close(); }
# Configures nslcd, if needed. sub configure_nslcd { my ($self, $tree) = @_;
my $fh= CAF::FileWriter->new("/etc/nslcd.conf", mode=> oct(600), log=>$self); my ($changed,$proc);
delete($tree->{enable});
print $fh "# File generated by ", __PACKAGE__, ". Do not edit edit\n";
print $fh "base $tree->{basedn}\n"; delete($tree->{basedn}); while (my ($group,$values)= each(%{$tree->{map}})) { while (my ($k,$v)= each(%$values)) { print $fh "map $group $k $v\n"; } } delete($tree->{map});
# uri needs whitespace-separated list of values if (exists$tree->{uri}) { print $fh "uri ", join("",@{$tree->{uri}}), "\n"; delete($tree->{uri}); }
while (my ($k,$v)= each(%$tree)) { if (!ref($v)) { print $fh "$k $v"; } elsif (ref($v) eq 'ARRAY'){ print $fh "$k ", join(",", @$v); } elsif (ref($v) eq 'HASH'){ while (my ($kh,$vh)= each(%$v)) { print $fh "$k $kh $vh\n"; } } print $fh "\n"; }
if ($changed=$fh->close()) { my $srv= CAF::Service->new([qw(nslcd)], log=>$self); if (!$srv->restart()) { $self->error("Failed to restart nslcd"); } } return $changed; } sub configure_sssd {
142 Chapter 1. Content Quattor Documentation, Release 0.0.1
my ($self, $config) = @_;
my $trd= EDG::WP4::CCM::TextRender->new( SSSD_TT_MODULE, $config, relpath=> 'authconfig', log=>$self, );
# can't be empty string, is at least '[sssd]' if ($trd){ my $fh=$trd->filewriter(SSSD_FILE, log=>$self, mode=> oct(600),
˓→sensitive=>1); my $changed=$fh->close();
if ($changed){ my $srv= CAF::Service->new([qw(sssd)], log=>$self); if (!$srv->restart()) { $self->error("Failed to restart SSSD"); } }
return $changed; } else { $self->error("Unable to render template sssd: $trd->{fail}"); return; } }
# Restarts NSCD if that is needed. It’s ugly because on some versions # of SL stopping or starting may fail. sub restart_nscd { my $self = shift;
$self->verbose("Attempting to restart nscd");
# try a restart first. This is more reliable, as a stop/start # may fail to remove /var/lock/subsys/nscd my $nscd= CAF::Service->new([qw(nscd)], log=>$self, timeout=> 30);
if (!$nscd->restart()) { $nscd->stop();
sleep(1); CAF::Process->new([qw(killall nscd)], log=>$self)->execute();
sleep(2); unlink(NSCD_LOCK) if -e NSCD_LOCK;
$nscd->start(); }
sleep(1); $?=0;
CAF::Process->new([qw(nscd -i passwd)], log=>$self)->run();
if ($?){ (continues on next page)
1.3. configuration-modules-core 143 Quattor Documentation, Release 0.0.1
(continued from previous page) $self->error("Failed to restart NSCD"); } } sub Configure { my ($self, $config) = @_;
my $tree=$config->getTree($self->prefix());
# authconfig basic configuration $self->authconfig($tree);
my $restart;
# On SL5 this configures LDAP authentication. On other versions # this probably doesn't hurt anyways. if ($tree->{method}->{ldap}->{enable}) { $restart=$self->configure_ldap($tree->{method}->{ldap}); }
# This configures LDAP authentication on SL6. if ($tree->{method}->{nslcd}->{enable}) { $restart ||=$self->configure_nslcd($tree->{method}->{nslcd}); }
if ($tree->{method}->{sssd}->{enable}) { $restart ||=$self->configure_sssd($tree->{method}->{sssd}); }
$self->build_pam_systemauth($tree->{pamadditions});
my $cache=$tree->{usecache}; $self->restart_nscd() if $cache&&$restart;
return 1; }
1;
Types
• /software/authconfig/authconfig_method_generic_type – /software/authconfig/authconfig_method_generic_type/enable
* Description: Enable this method. Unlisted methods are always disabled. * Optional * Type: boolean • /software/authconfig/authconfig_pamadditions_line_type – /software/authconfig/authconfig_pamadditions_line_type/order
* Optional * Type: string
144 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_pamadditions_line_type/entry
* Optional * Type: string • /software/authconfig/authconfig_pamadditions_type – /software/authconfig/authconfig_pamadditions_type/conffile
* Optional * Type: string – /software/authconfig/authconfig_pamadditions_type/section
* Optional * Type: string – /software/authconfig/authconfig_pamadditions_type/lines
* Optional * Type: authconfig_pamadditions_line_type • /software/authconfig/authconfig_method_ldap_tls_type – /software/authconfig/authconfig_method_ldap_tls_type/enable
* Optional * Type: boolean – /software/authconfig/authconfig_method_ldap_tls_type/peercheck
* Optional * Type: boolean – /software/authconfig/authconfig_method_ldap_tls_type/cacertfile
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_tls_type/cacertdir
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_tls_type/ciphers
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_tls_type/reqcert
* Optional * Type: string • /software/authconfig/authconfig_method_ldap_timeouts_type – /software/authconfig/authconfig_method_ldap_timeouts_type/idle
* Optional * Type: long
1.3. configuration-modules-core 145 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_method_ldap_timeouts_type/bind
* Optional * Type: long – /software/authconfig/authconfig_method_ldap_timeouts_type/search
* Optional * Type: long • /software/authconfig/authconfig_nss_map_objectclass – /software/authconfig/authconfig_nss_map_objectclass/posixAccount
* Optional * Type: string – /software/authconfig/authconfig_nss_map_objectclass/shadowAccount
* Optional * Type: string – /software/authconfig/authconfig_nss_map_objectclass/posixGroup
* Optional * Type: string • /software/authconfig/authconfig_nss_map_attribute – /software/authconfig/authconfig_nss_map_attribute/uid
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/homeDirectory
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/uniqueMember
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/uidNumber
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/gidNumber
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/cn
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/userPassword
146 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/loginShell
* Optional * Type: string – /software/authconfig/authconfig_nss_map_attribute/gecos
* Optional * Type: string • /software/authconfig/authconfig_nss_override_attribute_value – /software/authconfig/authconfig_nss_override_attribute_value/unixHomeDirectory
* Optional * Type: string – /software/authconfig/authconfig_nss_override_attribute_value/loginShell
* Optional * Type: string – /software/authconfig/authconfig_nss_override_attribute_value/gecos
* Optional * Type: string – /software/authconfig/authconfig_nss_override_attribute_value/gidNumber
* Optional * Type: long • /software/authconfig/connect_policy • /software/authconfig/authconfig_method_ldap_type – /software/authconfig/authconfig_method_ldap_type/servers
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nssonly
* Optional * Type: boolean – /software/authconfig/authconfig_method_ldap_type/conffile
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/basedn
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/tls
1.3. configuration-modules-core 147 Quattor Documentation, Release 0.0.1
* Optional * Type: authconfig_method_ldap_tls_type – /software/authconfig/authconfig_method_ldap_type/binddn
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/bindpw
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/scope
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/rootbinddn
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/port
* Optional * Type: type_port – /software/authconfig/authconfig_method_ldap_type/timeouts
* Optional * Type: authconfig_method_ldap_timeouts_type – /software/authconfig/authconfig_method_ldap_type/pam_filter
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_login_attribute
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_lookup_policy
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_password
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_groupdn
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_member_attribute
148 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_check_service_attr
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_check_host_attr
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/pam_min_uid
* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/pam_max_uid
* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/nss_base_passwd
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_base_group
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_base_shadow
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/bind_policy
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/ssl
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_map_objectclass
* Optional * Type: authconfig_nss_map_objectclass – /software/authconfig/authconfig_method_ldap_type/nss_map_attribute
* Optional * Type: authconfig_nss_map_attribute – /software/authconfig/authconfig_method_ldap_type/nss_override_attribute_value
1.3. configuration-modules-core 149 Quattor Documentation, Release 0.0.1
* Optional * Type: authconfig_nss_override_attribute_value – /software/authconfig/authconfig_method_ldap_type/nss_initgroups_ignoreusers
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/debug
* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/log_dir
* Optional * Type: string – /software/authconfig/authconfig_method_ldap_type/nss_paged_results
* Optional * Type: legacy_binary_affirmation_string – /software/authconfig/authconfig_method_ldap_type/pagesize
* Optional * Type: long – /software/authconfig/authconfig_method_ldap_type/nss_connect_policy
* Optional * Type: connect_policy • /software/authconfig/authconfig_method_nis_type – /software/authconfig/authconfig_method_nis_type/servers
* Optional * Type: type_hostname – /software/authconfig/authconfig_method_nis_type/domain
* Optional * Type: string • /software/authconfig/authconfig_method_krb5_type – /software/authconfig/authconfig_method_krb5_type/kdcs
* Optional * Type: type_hostname – /software/authconfig/authconfig_method_krb5_type/adminservers
* Optional * Type: type_hostname – /software/authconfig/authconfig_method_krb5_type/realm
* Optional
150 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string • /software/authconfig/authconfig_method_smb_type – /software/authconfig/authconfig_method_smb_type/servers
* Optional * Type: type_hostname – /software/authconfig/authconfig_method_smb_type/workgroup
* Optional * Type: string • /software/authconfig/authconfig_method_hesiod_type – /software/authconfig/authconfig_method_hesiod_type/lhs
* Optional * Type: string – /software/authconfig/authconfig_method_hesiod_type/rhs
* Optional * Type: string • /software/authconfig/authconfig_method_files_type • /software/authconfig/authconfig_nslcd_map_attributes – Description: LDAP attributes, as per RFC 2307 – /software/authconfig/authconfig_nslcd_map_attributes/uid
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/gid
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/uidNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/gidNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/gecos
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/homeDirectory
* Optional * Type: string
1.3. configuration-modules-core 151 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_nslcd_map_attributes/loginShell
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowLastChange
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowMin
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowMax
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowWarning
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowInactive
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowExpire
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/shadowFlag
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/memberUid
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/memberNisNetgroup
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/nisNetgroupTriple
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipServicePort
* Optional * Type: string
152 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_nslcd_map_attributes/ipServiceProtocol
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipProtocolNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/oncRpcNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipHostNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipNetworkNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/ipNetmaskNumber
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/macAddress
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/bootParameter
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/bootFile
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/nisMapName
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/nisMapEntry
* Optional * Type: string – /software/authconfig/authconfig_nslcd_map_attributes/uniqueMember
* Optional * Type: string
1.3. configuration-modules-core 153 Quattor Documentation, Release 0.0.1
• /software/authconfig/authconfig_nslcd_maps – /software/authconfig/authconfig_nslcd_maps/alias
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/ethers
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/group
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/host
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/netgroup
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/networks
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/passwd
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/protocols
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/service
* Optional * Type: authconfig_nslcd_map_attributes – /software/authconfig/authconfig_nslcd_maps/shadow
* Optional * Type: authconfig_nslcd_map_attributes • /software/authconfig/authconfig_nslcd_filter – /software/authconfig/authconfig_nslcd_filter/alias
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/ethers
154 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/group
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/host
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/netgroup
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/networks
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/passwd
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/protocols
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/service
* Optional * Type: string – /software/authconfig/authconfig_nslcd_filter/shadow
* Optional * Type: string • /software/authconfig/authconfig_method_nslcd_type – /software/authconfig/authconfig_method_nslcd_type/threads
* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/uid
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/gid
* Optional * Type: string
1.3. configuration-modules-core 155 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_method_nslcd_type/uri
* Optional * Type: type_hostURI – /software/authconfig/authconfig_method_nslcd_type/binddn
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/rootpwmoddn
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/krb5_ccname
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/basedn
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/base
* Optional * Type: authconfig_nslcd_filter – /software/authconfig/authconfig_method_nslcd_type/scope
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/deref
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/filter
* Optional * Type: authconfig_nslcd_filter – /software/authconfig/authconfig_method_nslcd_type/map
* Optional * Type: authconfig_nslcd_maps – /software/authconfig/authconfig_method_nslcd_type/bind_timelimit
* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/timelimit
* Optional * Type: long
156 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_method_nslcd_type/idle_timelimit
* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/reconnect_sleeptime
* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/reconnect_retrytime
* Optional * Type: long – /software/authconfig/authconfig_method_nslcd_type/ssl
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_reqcert
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_cacertdir
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_randfile
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_ciphers
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_cert
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_cert
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/tls_key
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/pagesize
* Optional * Type: long
1.3. configuration-modules-core 157 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_method_nslcd_type/nss_initgroups_ignoreusers
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/pam_authz_search
* Optional * Type: string – /software/authconfig/authconfig_method_nslcd_type/bindpw
* Optional * Type: string • /software/authconfig/authconfig_method_type – /software/authconfig/authconfig_method_type/files
* Optional * Type: authconfig_method_files_type – /software/authconfig/authconfig_method_type/ldap
* Optional * Type: authconfig_method_ldap_type – /software/authconfig/authconfig_method_type/nis
* Optional * Type: authconfig_method_nis_type – /software/authconfig/authconfig_method_type/krb5
* Optional * Type: authconfig_method_krb5_type – /software/authconfig/authconfig_method_type/smb
* Optional * Type: authconfig_method_smb_type – /software/authconfig/authconfig_method_type/hesiod
* Optional * Type: authconfig_method_hesiod_type – /software/authconfig/authconfig_method_type/nslcd
* Optional * Type: authconfig_method_nslcd_type – /software/authconfig/authconfig_method_type/sssd
* Optional * Type: authconfig_method_sssd_type • /software/authconfig/hash_string • /software/authconfig/authconfig_component
158 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_component/safemode
* Description: When set to true, no actual configuration will change. Default: false. * Optional * Type: boolean – /software/authconfig/authconfig_component/passalgorithm
* Optional * Type: hash_string – /software/authconfig/authconfig_component/useshadow
* Description: Enable the use of shadow password files. * Optional * Type: boolean – /software/authconfig/authconfig_component/usecache
* Description: Enable or disable nscd operation. * Optional * Type: boolean – /software/authconfig/authconfig_component/enableforcelegacy
* Optional * Type: boolean – /software/authconfig/authconfig_component/usemd5
* Description: Enable the use of MD5 hashed password. * Optional * Type: boolean – /software/authconfig/authconfig_component/method
* Description: dict of authentication methods to enable. Supported methods are: files, ldap, nis, krb5, smb, hesiod, nslcd and sssd. The “files” method cannot be disabled. – Optional – Type: authconfig_method_type – /software/authconfig/authconfig_component/pamadditions
* Optional * Type: authconfig_pamadditions_type
Types
• /software/authconfig/sssd_provider_string – Description: Valid SSSD providers. • /software/authconfig/sssd_auth_provider_string
1.3. configuration-modules-core 159 Quattor Documentation, Release 0.0.1
– Description: Valid SSSD auth providers. • /software/authconfig/sssd_ldap_schema_string – Description: Valid LDAP schema types. • /software/authconfig/authconfig_sssd_simple – Description: Simple access provider for SSSD. See the sssd-simple man page. – /software/authconfig/authconfig_sssd_simple/allow_users
* Optional * Type: string – /software/authconfig/authconfig_sssd_simple/deny_users
* Optional * Type: string – /software/authconfig/authconfig_sssd_simple/allow_groups
* Optional * Type: string – /software/authconfig/authconfig_sssd_simple/deny_groups
* Optional * Type: string • /software/authconfig/sssd_service • /software/authconfig/sssd_global – /software/authconfig/sssd_global/debug_level
* Optional * Type: long – /software/authconfig/sssd_global/config_file_version
* Optional * Type: long – /software/authconfig/sssd_global/services
* Optional * Type: sssd_service – /software/authconfig/sssd_global/reconnection_retries
* Optional * Type: long – /software/authconfig/sssd_global/re_expression
* Optional
160 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string – /software/authconfig/sssd_global/full_name_format
* Optional * Type: string – /software/authconfig/sssd_global/try_inotify
* Optional * Type: boolean – /software/authconfig/sssd_global/krb5_rcache_dir
* Optional * Type: string – /software/authconfig/sssd_global/default_domain_suffix
* Optional * Type: string • /software/authconfig/sssd_pam – /software/authconfig/sssd_pam/debug_level
* Optional * Type: long – /software/authconfig/sssd_pam/reconnection_retries
* Optional * Type: long – /software/authconfig/sssd_pam/offline_credentials_expiration
* Optional * Type: long – /software/authconfig/sssd_pam/offline_failed_login_attempts
* Optional * Type: long – /software/authconfig/sssd_pam/offline_failed_login_delay
* Optional * Type: long – /software/authconfig/sssd_pam/pam_verbosity
* Optional * Type: long – /software/authconfig/sssd_pam/pam_id_timeout
* Optional * Type: long – /software/authconfig/sssd_pam/pam_pwd_expiration_warning
1.3. configuration-modules-core 161 Quattor Documentation, Release 0.0.1
* Optional * Type: long – /software/authconfig/sssd_pam/get_domains_timeout
* Optional * Type: long • /software/authconfig/sssd_nss – /software/authconfig/sssd_nss/debug_level
* Optional * Type: long – /software/authconfig/sssd_nss/reconnection_retries
* Optional * Type: long – /software/authconfig/sssd_nss/enum_cache_timeout
* Optional * Type: long – /software/authconfig/sssd_nss/entry_cache_nowait_percentage
* Optional * Type: long – /software/authconfig/sssd_nss/entry_negative_timeout
* Optional * Type: long – /software/authconfig/sssd_nss/filter_users
* Optional * Type: string – /software/authconfig/sssd_nss/filter_users_in_groups
* Optional * Type: boolean – /software/authconfig/sssd_nss/filter_groups
* Optional * Type: string – /software/authconfig/sssd_nss/memcache_timeout
* Optional * Type: long • /software/authconfig/authconfig_sssd_local – /software/authconfig/authconfig_sssd_local/default_shell
* Optional
162 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string – /software/authconfig/authconfig_sssd_local/base_directory
* Optional * Type: string – /software/authconfig/authconfig_sssd_local/create_homedir
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_local/remove_homedir
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_local/homedir_umask
* Optional * Type: long – /software/authconfig/authconfig_sssd_local/skel_dir
* Optional * Type: string – /software/authconfig/authconfig_sssd_local/mail_dir
* Optional * Type: string – /software/authconfig/authconfig_sssd_local/userdel_cmd
* Optional * Type: string • /software/authconfig/authconfig_sssd_domain – /software/authconfig/authconfig_sssd_domain/reconnection_retries
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/ldap
* Optional * Type: authconfig_sssd_ldap – /software/authconfig/authconfig_sssd_domain/ipa
* Optional * Type: authconfig_sssd_ipa – /software/authconfig/authconfig_sssd_domain/simple
* Optional * Type: authconfig_sssd_simple – /software/authconfig/authconfig_sssd_domain/local
1.3. configuration-modules-core 163 Quattor Documentation, Release 0.0.1
* Optional * Type: authconfig_sssd_local – /software/authconfig/authconfig_sssd_domain/access_provider
* Optional * Type: sssd_provider_string – /software/authconfig/authconfig_sssd_domain/id_provider
* Optional * Type: sssd_provider_string – /software/authconfig/authconfig_sssd_domain/auth_provider
* Optional * Type: sssd_auth_provider_string – /software/authconfig/authconfig_sssd_domain/chpass_provider
* Optional * Type: sssd_auth_provider_string – /software/authconfig/authconfig_sssd_domain/debug_level
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/sudo_provider
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/selinux_provider
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/subdomains_provider
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/autofs_provider
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/hostid_provider
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/re_expression
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/full_name_format
164 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/lookup_family_order
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/dns_resolver_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/dns_discovery_domain
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/override_gid
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/case_sensitive
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/proxy_fast_alias
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/subdomain_homedir
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/proxy_pam_target
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/proxy_lib_name
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/min_id
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/max_id
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/enumerate
1.3. configuration-modules-core 165 Quattor Documentation, Release 0.0.1
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/force_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_user_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_group_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_netgroup_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_service_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_sudo_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/entry_cache_autofs_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/refresh_expired_interval
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/cache_credentials
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/account_cache_expiration
166 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/pwd_expiration_warning
* Optional * Type: long – /software/authconfig/authconfig_sssd_domain/ldap_schema
* Optional * Type: sssd_ldap_schema_string – /software/authconfig/authconfig_sssd_domain/ldap_group_name
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_referrals
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ldap_sasl_mech
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_sasl_authid
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_id_mapping
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ldap_search_base
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_account_expire_policy
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_access_order
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ldap_krb5_keytab
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/krb5_realm
1.3. configuration-modules-core 167 Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/krb5_use_enterprise_principal
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/krb5_use_kdcinfo
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ad_enable_gc
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_domain/ad_domain
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ad_enabled_domains
* Optional * Type: string – /software/authconfig/authconfig_sssd_domain/ad_gpo_access_control
* Optional * Type: string • /software/authconfig/authconfig_method_sssd_type – /software/authconfig/authconfig_method_sssd_type/nssonly
* Optional * Type: boolean – /software/authconfig/authconfig_method_sssd_type/domains
* Optional * Type: authconfig_sssd_domain – /software/authconfig/authconfig_method_sssd_type/global
* Optional * Type: sssd_global – /software/authconfig/authconfig_method_sssd_type/pam
* Optional * Type: sssd_pam – /software/authconfig/authconfig_method_sssd_type/nss
* Optional * Type: sssd_nss
168 Chapter 1. Content Quattor Documentation, Release 0.0.1
Types
• /software/authconfig/authconfig_sssd_ipa_krb5 – Description: Kerberos settings for the IPA access provider – /software/authconfig/authconfig_sssd_ipa_krb5/validate
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_krb5/realm
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_krb5/canonicalize
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_krb5/use_fast
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_krb5/confd_path
* Optional * Type: absolute_file_path • /software/authconfig/authconfig_sssd_ipa_dyndns – Description: dyndns settings for the IPA access provider – /software/authconfig/authconfig_sssd_ipa_dyndns/update
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_dyndns/ttl
* Optional * Type: long * Range: 0.. – /software/authconfig/authconfig_sssd_ipa_dyndns/iface
* Optional * Type: valid_interface – /software/authconfig/authconfig_sssd_ipa_dyndns/refresh_interval
* Optional * Type: long * Range: 0..
1.3. configuration-modules-core 169 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_sssd_ipa_dyndns/update_ptr
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_dyndns/force_tcp
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa_dyndns/server
* Optional * Type: type_ip • /software/authconfig/authconfig_sssd_ipa_search_base – Description: search_base settings for the IPA access provider – /software/authconfig/authconfig_sssd_ipa_search_base/hbac
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/host
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/selinux
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/subdomains
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/master_domain
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa_search_base/views
* Optional * Type: string • /software/authconfig/authconfig_sssd_ipa – Description: IPA access provider for SSSD. See the sssd-ipa man page. – /software/authconfig/authconfig_sssd_ipa/krb5
* Optional * Type: authconfig_sssd_ipa_krb5
170 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_sssd_ipa/dyndns
* Optional * Type: authconfig_sssd_ipa_dyndns – /software/authconfig/authconfig_sssd_ipa/search_base
* Optional * Type: authconfig_sssd_ipa_search_base – /software/authconfig/authconfig_sssd_ipa/domain
* Optional * Type: string – /software/authconfig/authconfig_sssd_ipa/server
* Optional * Type: type_hostname – /software/authconfig/authconfig_sssd_ipa/backup_server
* Optional * Type: type_hostname – /software/authconfig/authconfig_sssd_ipa/hostname
* Optional * Type: type_hostname – /software/authconfig/authconfig_sssd_ipa/enable_dns_sites
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa/hbac_refresh
* Optional * Type: long * Range: 0.. – /software/authconfig/authconfig_sssd_ipa/hbac_selinux
* Optional * Type: long * Range: 0.. – /software/authconfig/authconfig_sssd_ipa/server_mode
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ipa/automount_location
* Optional * Type: string
1.3. configuration-modules-core 171 Quattor Documentation, Release 0.0.1
Types
• /software/authconfig/ldap_schema • /software/authconfig/ldap_authok • /software/authconfig/ldap_deref • /software/authconfig/ldap_order • /software/authconfig/sssd_chpass – Description: LDAP chpass fields – /software/authconfig/sssd_chpass/uri
* Optional * Type: type_absoluteURI – /software/authconfig/sssd_chpass/backup_uri
* Optional * Type: type_absoluteURI – /software/authconfig/sssd_chpass/dns_service_name
* Optional * Type: string – /software/authconfig/sssd_chpass/update_last_change
* Optional * Type: boolean • /software/authconfig/sssd_ldap_defaults – /software/authconfig/sssd_ldap_defaults/bind_dn
* Optional * Type: string – /software/authconfig/sssd_ldap_defaults/authtok_type
* Optional * Type: ldap_authok – /software/authconfig/sssd_ldap_defaults/authtok
* Optional * Type: string • /software/authconfig/sssd_netgroup – Description: LDAP netgroup fields – /software/authconfig/sssd_netgroup/object_class
* Optional * Type: string
172 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/sssd_netgroup/name
* Optional * Type: string – /software/authconfig/sssd_netgroup/member
* Optional * Type: string – /software/authconfig/sssd_netgroup/triple
* Optional * Type: string – /software/authconfig/sssd_netgroup/uuid
* Optional * Type: string – /software/authconfig/sssd_netgroup/modify_timestamp
* Optional * Type: string – /software/authconfig/sssd_netgroup/search_base
* Optional * Type: string • /software/authconfig/sssd_autofs – Description: LDAP autofs fields – /software/authconfig/sssd_autofs/map_object_class
* Optional * Type: string – /software/authconfig/sssd_autofs/map_name
* Optional * Type: string – /software/authconfig/sssd_autofs/entry_object_class
* Optional * Type: string – /software/authconfig/sssd_autofs/entry_key
* Optional * Type: string – /software/authconfig/sssd_autofs/entry_value
* Optional * Type: string
1.3. configuration-modules-core 173 Quattor Documentation, Release 0.0.1
– /software/authconfig/sssd_autofs/search_base
* Optional * Type: string • /software/authconfig/sssd_ldap_service – Description: LDAP IP service fields – /software/authconfig/sssd_ldap_service/object_class
* Optional * Type: string – /software/authconfig/sssd_ldap_service/name
* Optional * Type: string – /software/authconfig/sssd_ldap_service/port
* Optional * Type: string – /software/authconfig/sssd_ldap_service/proto
* Optional * Type: string – /software/authconfig/sssd_ldap_service/search_base
* Optional * Type: string • /software/authconfig/authconfig_sssd_ldap – Description: LDAP access provider for SSSD. See the sssd-ldap man page. Timeouts are expressed in seconds. – /software/authconfig/authconfig_sssd_ldap/user
* Optional * Type: sssd_user – /software/authconfig/authconfig_sssd_ldap/group
* Optional * Type: sssd_group – /software/authconfig/authconfig_sssd_ldap/chpass
* Optional * Type: sssd_chpass – /software/authconfig/authconfig_sssd_ldap/default
* Optional * Type: sssd_ldap_defaults
174 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_sssd_ldap/sasl
* Optional * Type: sssd_sasl – /software/authconfig/authconfig_sssd_ldap/krb5
* Optional * Type: sssd_krb5 – /software/authconfig/authconfig_sssd_ldap/sudo
* Optional * Type: sssd_sudo – /software/authconfig/authconfig_sssd_ldap/sudorule
* Optional * Type: sssd_sudorule – /software/authconfig/authconfig_sssd_ldap/tls
* Optional * Type: sssd_tls – /software/authconfig/authconfig_sssd_ldap/netgroup
* Optional * Type: sssd_netgroup – /software/authconfig/authconfig_sssd_ldap/autofs
* Optional * Type: sssd_autofs – /software/authconfig/authconfig_sssd_ldap/uri
* Optional * Type: type_absoluteURI – /software/authconfig/authconfig_sssd_ldap/backup_uri
* Optional * Type: type_absoluteURI – /software/authconfig/authconfig_sssd_ldap/search_base
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/schema
* Optional * Type: ldap_schema – /software/authconfig/authconfig_sssd_ldap/service
* Optional * Type: sssd_ldap_service
1.3. configuration-modules-core 175 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_sssd_ldap/krb5_backup_server
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/krb5_canonicalize
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/krb5_realm
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/krb5_server
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/access_filter
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/access_order
* Optional * Type: ldap_order – /software/authconfig/authconfig_sssd_ldap/connection_expire_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/deref
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/deref_threshold
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/disable_paging
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/dns_service_name
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/entry_usn
* Optional * Type: string
176 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_sssd_ldap/enumeration_refresh_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/enumeration_search_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/force_upper_case_realm
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/groups_use_matching_rule_in_chain
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/id_use_start_tls
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/id_mapping
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/network_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/ns_account_lock
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/offline_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/opt_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/page_size
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/purge_cache_timeout
* Optional * Type: long
1.3. configuration-modules-core 177 Quattor Documentation, Release 0.0.1
– /software/authconfig/authconfig_sssd_ldap/pwd_policy
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/referrals
* Optional * Type: boolean – /software/authconfig/authconfig_sssd_ldap/rootdse_last_usn
* Optional * Type: string – /software/authconfig/authconfig_sssd_ldap/search_timeout
* Optional * Type: long – /software/authconfig/authconfig_sssd_ldap/account_expire_policy
* Optional * Type: string
Types
• /software/authconfig/sssd_sasl – /software/authconfig/sssd_sasl/mech
* Optional * Type: string – /software/authconfig/sssd_sasl/authid
* Optional * Type: string – /software/authconfig/sssd_sasl/realm
* Optional * Type: string – /software/authconfig/sssd_sasl/canonicalize
* Optional * Type: boolean – /software/authconfig/sssd_sasl/minssf
* Optional * Type: long • /software/authconfig/sssd_krb5 – /software/authconfig/sssd_krb5/keytab
* Optional
178 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string – /software/authconfig/sssd_krb5/init_creds
* Optional * Type: boolean – /software/authconfig/sssd_krb5/ticket_lifetime
* Optional * Type: long
Types
• /software/authconfig/sssd_sudorule – /software/authconfig/sssd_sudorule/object_class
* Optional * Type: string – /software/authconfig/sssd_sudorule/name
* Optional * Type: string – /software/authconfig/sssd_sudorule/command
* Optional * Type: string – /software/authconfig/sssd_sudorule/host
* Optional * Type: string – /software/authconfig/sssd_sudorule/user
* Optional * Type: string – /software/authconfig/sssd_sudorule/option
* Optional * Type: string – /software/authconfig/sssd_sudorule/runasuser
* Optional * Type: string – /software/authconfig/sssd_sudorule/runasgroup
* Optional * Type: string – /software/authconfig/sssd_sudorule/notbefore
* Optional
1.3. configuration-modules-core 179 Quattor Documentation, Release 0.0.1
* Type: string – /software/authconfig/sssd_sudorule/notafter
* Optional * Type: string – /software/authconfig/sssd_sudorule/order
* Optional * Type: string • /software/authconfig/sssd_sudo – /software/authconfig/sssd_sudo/full_refresh_interval
* Optional * Type: long – /software/authconfig/sssd_sudo/smart_refresh_interval
* Optional * Type: long – /software/authconfig/sssd_sudo/use_host_filter
* Optional * Type: boolean – /software/authconfig/sssd_sudo/hostnames
* Optional * Type: string – /software/authconfig/sssd_sudo/ip
* Optional * Type: string – /software/authconfig/sssd_sudo/include_netgroups
* Optional * Type: boolean – /software/authconfig/sssd_sudo/include_regexp
* Optional * Type: boolean – /software/authconfig/sssd_sudo/search_base
* Optional * Type: string
180 Chapter 1. Content Quattor Documentation, Release 0.0.1
Types
• /software/authconfig/ldap_req_checks • /software/authconfig/sssd_tls – /software/authconfig/sssd_tls/cacert
* Optional * Type: string – /software/authconfig/sssd_tls/cacertdir
* Optional * Type: string – /software/authconfig/sssd_tls/cert
* Optional * Type: string – /software/authconfig/sssd_tls/key
* Optional * Type: string – /software/authconfig/sssd_tls/cipher_suite
* Optional * Type: string – /software/authconfig/sssd_tls/reqcert
* Optional * Type: ldap_req_checks
Types
• /software/authconfig/sssd_user – /software/authconfig/sssd_user/object_class
* Optional * Type: string – /software/authconfig/sssd_user/uid_number
* Optional * Type: string – /software/authconfig/sssd_user/gid_number
* Optional * Type: string – /software/authconfig/sssd_user/name
* Optional * Type: string
1.3. configuration-modules-core 181 Quattor Documentation, Release 0.0.1
– /software/authconfig/sssd_user/gecos
* Optional * Type: string – /software/authconfig/sssd_user/home_directory
* Optional * Type: string – /software/authconfig/sssd_user/shell
* Optional * Type: string – /software/authconfig/sssd_user/uuid
* Optional * Type: string – /software/authconfig/sssd_user/objectsid
* Optional * Type: string – /software/authconfig/sssd_user/modify_timestamp
* Optional * Type: string – /software/authconfig/sssd_user/shadow_last_change
* Optional * Type: string – /software/authconfig/sssd_user/shadow_min
* Optional * Type: string – /software/authconfig/sssd_user/shadow_max
* Optional * Type: string – /software/authconfig/sssd_user/shadow_warning
* Optional * Type: string – /software/authconfig/sssd_user/shadow_inactive
* Optional * Type: string – /software/authconfig/sssd_user/shadow_expire
* Optional * Type: string
182 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/authconfig/sssd_user/krb_last_pwd_change
* Optional * Type: string – /software/authconfig/sssd_user/krb_password_expiration
* Optional * Type: string – /software/authconfig/sssd_user/ad_account_expires
* Optional * Type: string – /software/authconfig/sssd_user/ad_user_account_control
* Optional * Type: string – /software/authconfig/sssd_user/nds_login_disabled
* Optional * Type: string – /software/authconfig/sssd_user/nds_login_expiration_time
* Optional * Type: string – /software/authconfig/sssd_user/nds_login_allowed_time_map
* Optional * Type: string – /software/authconfig/sssd_user/principal
* Optional * Type: string – /software/authconfig/sssd_user/ssh_public_key
* Optional * Type: string – /software/authconfig/sssd_user/fullname
* Optional * Type: string – /software/authconfig/sssd_user/member_of
* Optional * Type: string – /software/authconfig/sssd_user/authorized_service
* Optional * Type: string
1.3. configuration-modules-core 183 Quattor Documentation, Release 0.0.1
– /software/authconfig/sssd_user/authorized_host
* Optional * Type: string – /software/authconfig/sssd_user/search_base
* Optional * Type: string – /software/authconfig/sssd_user/search_filter
* Optional * Type: string • /software/authconfig/sssd_group – /software/authconfig/sssd_group/object_class
* Optional * Type: string – /software/authconfig/sssd_group/name
* Optional * Type: string – /software/authconfig/sssd_group/gid_number
* Optional * Type: string – /software/authconfig/sssd_group/member
* Optional * Type: string – /software/authconfig/sssd_group/uuid
* Optional * Type: string – /software/authconfig/sssd_group/objectsid
* Optional * Type: string – /software/authconfig/sssd_group/modify_timestamp
* Optional * Type: string – /software/authconfig/sssd_group/nesting_level
* Optional * Type: long – /software/authconfig/sssd_group/search_base
* Optional
184 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string – /software/authconfig/sssd_group/search_filter
* Optional * Type: string autofs
NAME ncm-autofs: NCM component to manage autofs configuration.
DESCRIPTION
The autofs component manages autofs master map and generated maps. It allows both exclusive management by the component or preservation of local changes.
EXAMPLES
Scenario 1 : Configure a NFS mountpoint
We will mount the NFS filesystem nfsserv.example.org: /data under /tmp_mnt/nfsdata prefix '/software/components/autofs/maps/data'; 'entries/nfsdata/location'= 'nfsserv.example.org:/data'; 'mapname'= '/etc/auto.nfsdata'; 'mountpoint'= '/tmp_mnt'; 'options'= 'rw,noatime,hard';
Scenario 2 : Configuration with dict() usage prefix '/software/components/autofs'; 'preserveMaster'= false; prefix '/software/components/autofs/maps/misc'; 'enabled'= true; 'preserve'= false; 'mapname'= '/etc/auto.misc'; 'type'= 'file'; 'mountpoint'= '/misc'; 'entries'= dict( 'kickstart', dict( 'location', 'misc.example.com:/misc' ) ); prefix '/software/components/autofs/maps/garden'; 'enabled'= true; 'preserve'= false; 'mapname'= '/etc/auto.garden'; (continues on next page)
1.3. configuration-modules-core 185 Quattor Documentation, Release 0.0.1
(continued from previous page) 'type'= 'file'; 'options'=''; 'mountpoint'= '/home/garden'; 'entries'= dict( escape('*'), dict( 'options', '-rw,intr,rsize=8192,wsize=8192,actimeo=60,addr=10.21.12.10', 'location', 'crown-city.albion.net:/home/garden/&' ) );
Types
• /software/autofs/autofs_conf_common • /software/autofs/autofs_conf_autofs – /software/autofs/autofs_conf_autofs/timeout
* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/negative_timeout
* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/mount_wait
* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/umount_wait
* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_autofs/browse_mode
* Optional * Type: boolean – /software/autofs/autofs_conf_autofs/append_options
* Optional * Type: boolean – /software/autofs/autofs_conf_autofs/logging
* Optional * Type: string
186 Chapter 1. Content Quattor Documentation, Release 0.0.1
• /software/autofs/autofs_conf_amd – /software/autofs/autofs_conf_amd/dismount_interval
* Optional * Type: long * Range: 0.. – /software/autofs/autofs_conf_amd/map_type
* Optional * Type: string – /software/autofs/autofs_conf_amd/autofs_use_lofs
* Optional * Type: boolean • /software/autofs/autofs_conf – /software/autofs/autofs_conf/autofs
* Optional * Type: autofs_conf_autofs – /software/autofs/autofs_conf/amd
* Optional * Type: autofs_conf_amd – /software/autofs/autofs_conf/mountpoints
* Optional * Type: autofs_conf_amd • /software/autofs/autofs_mapentry_type – /software/autofs/autofs_mapentry_type/options
* Description: Specific mount options to be used with this entry. * Optional * Type: string – /software/autofs/autofs_mapentry_type/location
* Description: NFS server name/path associated with this entry. * Optional * Type: string • /software/autofs/autofs_map_type – /software/autofs/autofs_map_type/enabled
* Description: If false, ignore entries for this map (no change made). * Optional * Type: boolean – /software/autofs/autofs_map_type/preserve
1.3. configuration-modules-core 187 Quattor Documentation, Release 0.0.1
* Description: This flag indicated if local changes to the map must be preserved (true) or not (false).
* Optional * Type: boolean – /software/autofs/autofs_map_type/type
* Description: Map type. Supported types are : direct, file, program, yp, nisplus, hesiod, userdir and ldap. Only direct, file and program map contents can be managed by this component.
* Optional * Type: string – /software/autofs/autofs_map_type/mapname
* Description: Map name. If not defined, a default name is build (/etc/auto suffixed by map entry name).
* Optional * Type: string – /software/autofs/autofs_map_type/mountpoint
* Description: Mount point associated with this map. * Optional * Type: string – /software/autofs/autofs_map_type/mpaliases
* Description: mount point aliases (deprecated) * Optional * Type: string – /software/autofs/autofs_map_type/options
* Description: Mount options to be used with this map. * Optional * Type: string – /software/autofs/autofs_map_type/entries
* Description: One entry per filesystem to mount. The key is used to build the mount point. The actual mount point depends on map type. – Optional – Type: autofs_mapentry_type • /software/autofs/autofs_component – /software/autofs/autofs_component/preserveMaster
* Description: This flag indicated if local changes to master map must be preserved (true) or not (false).
188 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: boolean – /software/autofs/autofs_component/maps
* Description: This resource contains one entry per autofs map to manage. The dict key is mainly an internal name but it will be used to build the default map name. – Optional – Type: autofs_map_type – /software/autofs/autofs_component/conf
* Optional * Type: autofs_conf
ccm
NAME
The ccm component manages the configuration file for CCM.
DESCRIPTION
The ccm component manages the configuration file for the CCM daemon. This is usually the /etc/ccm.conf file. See the ccm-fetch manpage for more details.
Types
• /software/ccm/kerberos_principal_string – Description: kerberos_principal_string is a string with format principal[/component1[/component2[. . . ]]]@REALM • /software/ccm/ccm_component – /software/ccm/ccm_component/configFile
* Description: The location of the configuration file. Normally this should not be changed. Defaults to /etc/ccm.conf.
* Optional * Type: string – /software/ccm/ccm_component/profile
* Description: The URL for the machine’s profile. You can use either the http or https protocols (the file protocol is also possible eg. for tests). (see ccm-fetch manpage)
* Optional * Type: type_hostURI – /software/ccm/ccm_component/profile_failover
1.3. configuration-modules-core 189 Quattor Documentation, Release 0.0.1
* Description: list of profile failover URL(s) in case the above is not working. (see ccm-fetch manpage)
* Optional * Type: type_hostURI – /software/ccm/ccm_component/debug
* Description: Turn on debugging. Defaults to 0. * Optional * Type: long * Range: 0..1 – /software/ccm/ccm_component/force
* Description: Force fetching of the machine profile. Turning this on ignores the modification times. Defaults to 0.
* Optional * Type: long * Range: 0..1 – /software/ccm/ccm_component/cache_root
* Description: The root directory of the CCM cache. Defaults to /var/lib/ccm. * Optional * Type: string – /software/ccm/ccm_component/get_timeout
* Description: The timeout for the download operation in seconds. Defaults to 30. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/lock_retries
* Description: Number of times to try to get the lock on the cache. Defaults to 3. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/lock_wait
* Description: Number of seconds to wait between attempts to acquire the lock. Defaults to 30. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/retrieve_retries
* Description: Number of times to try to get the context from the server. Defaults to 3. * Optional
190 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: long * Range: 0.. – /software/ccm/ccm_component/retrieve_wait
* Description: Number of seconds to wait between attempts to get the context from the server. Defaults to 30.
* Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/cert_file
* Description: The certificate file to use for an https protocol. * Optional * Type: string – /software/ccm/ccm_component/key_file
* Description: The key file to use for an https protocol. * Optional * Type: string – /software/ccm/ccm_component/ca_file
* Description: The CA file to use for an https protocol. * Optional * Type: string – /software/ccm/ccm_component/ca_dir
* Description: The directory containing accepted CA certificates when using the https protocol. * Optional * Type: string – /software/ccm/ccm_component/group_readable
* Description: Whether the profiles should be group-readable (value is the groupname). There is no default, and it is not allowed to set both C
* Optional * Type: string – /software/ccm/ccm_component/world_readable
* Description: Whether the profiles should be world-readable. Defaults to 0. * Optional * Type: long * Range: 0..1 – /software/ccm/ccm_component/base_url
1.3. configuration-modules-core 191 Quattor Documentation, Release 0.0.1
* Description: If profile is not a URL, a profile url will be calculated from base_url and the local hostname.
* Optional * Type: type_absoluteURI – /software/ccm/ccm_component/dbformat
* Description: Format of the local database, must be DB_File, CDB_File or GDBM_File. De- faults to GDBM_File.
* Optional * Type: string – /software/ccm/ccm_component/json_typed
* Description: Extract typed data from JSON profiles * Optional * Type: boolean – /software/ccm/ccm_component/tabcompletion
* Description: Create the tabcompletion file (during profile fetch) * Optional * Type: boolean – /software/ccm/ccm_component/keep_old
* Description: Number of old profiles to keep before purging * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/purge_time
* Description: Number of seconds before purging inactive profiles. * Optional * Type: long * Range: 0.. – /software/ccm/ccm_component/trust
* Description: Comma-separated list of kerberos principals to trust when using encrypted profiles * Optional * Type: kerberos_principal_string – /software/ccm/ccm_component/principal
* Description: Principal to use for Kerberos setup * Optional * Type: kerberos_principal_string – /software/ccm/ccm_component/keytab
* Description: Keytab to use for Kerberos setup
192 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string cdp
NAME
The cdp component manages the configuration file /etc/cdp-listend.conf.
DESCRIPTION
The cdp component manages the configuration file for the cdp-listend daemon.
EXAMPLES include 'components/cdp/config'; prefix "/software/components/cdp"; "fetch"= "/usr/sbin/ccm-fetch"; "fetch_smear"= 30;
Types
• /software/cdp/cdp_component – /software/cdp/cdp_component/configFile
* Description: The location of the configuration file. Normally this should not be changed. * Optional * Type: string – /software/cdp/cdp_component/port
* Description: The port used by the daemon. * Optional * Type: type_port – /software/cdp/cdp_component/nch
* Description: The binary to execute when receiving a CDB update packet. * Optional * Type: string – /software/cdp/cdp_component/nch_smear
* Description: The range of time delay for executing the nch executable. The execution will be delayed by [0, nch_smear] seconds.
* Optional * Type: long
1.3. configuration-modules-core 193 Quattor Documentation, Release 0.0.1
* Range: 0.. – /software/cdp/cdp_component/fetch
* Description: The binary to execute when receiving a CCM update packet. * Optional * Type: string – /software/cdp/cdp_component/fetch_offset
* Description: Fetch execution offset. See explanation of fetch_smear. * Optional * Type: long * Range: 0.. – /software/cdp/cdp_component/fetch_smear
* Description: Fetch time smearing. The fetch binary will be started at a point in time between fetch_offset and fetch_offset + fetch_smear seconds after receiving a notifica- tion packet. The range of time delay for executing the fetch executable. The execution will be delayed by [0, fetch_smear] seconds.
* Optional * Type: long * Range: 0.. – /software/cdp/cdp_component/hostname
* Optional * Type: type_hostname ceph
Types
• /software/ceph/ceph_daemon_config – Description: ceph daemon config parameters • /software/ceph/ceph_daemon – Description: type for a generic ceph daemon – /software/ceph/ceph_daemon/up
* Optional * Type: boolean • /software/ceph/ceph_cluster_config – Description: ceph cluster-wide config parameters – /software/ceph/ceph_cluster_config/auth_client_required
* Optional * Type: string
194 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/ceph/ceph_cluster_config/auth_cluster_required
* Optional * Type: string – /software/ceph/ceph_cluster_config/auth_service_required
* Optional * Type: string – /software/ceph/ceph_cluster_config/cluster_network
* Optional * Type: type_network_name – /software/ceph/ceph_cluster_config/enable_experimental_unrecoverable_data_corrupting_features
* Optional * Type: string – /software/ceph/ceph_cluster_config/filestore_xattr_use_omap
* Optional * Type: boolean – /software/ceph/ceph_cluster_config/fsid
* Optional * Type: type_uuid – /software/ceph/ceph_cluster_config/mon_cluster_log_to_syslog
* Optional * Type: boolean – /software/ceph/ceph_cluster_config/mon_initial_members
* Optional * Type: type_network_name – /software/ceph/ceph_cluster_config/mon_osd_min_down_reporters
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/mon_osd_min_down_reports
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/mon_osd_max_op_age
* Optional * Type: long
1.3. configuration-modules-core 195 Quattor Documentation, Release 0.0.1
– /software/ceph/ceph_cluster_config/ms_type
* Optional * Type: string – /software/ceph/ceph_cluster_config/op_queue
* Optional * Type: string – /software/ceph/ceph_cluster_config/osd_crush_update_on_start
* Optional * Type: boolean – /software/ceph/ceph_cluster_config/osd_journal_size
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_objectstore
* Optional * Type: string – /software/ceph/ceph_cluster_config/osd_pool_default_min_size
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_pool_default_pg_num
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_pool_default_pgp_num
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/osd_pool_default_size
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_cluster_config/public_network
* Optional * Type: type_network_name • /software/ceph/ceph_crushmap_bucket
196 Chapter 1. Content Quattor Documentation, Release 0.0.1
– Description: ceph crushmap bucket definition – /software/ceph/ceph_crushmap_bucket/name
* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/type
* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/alg
* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/hash
* Optional * Type: long – /software/ceph/ceph_crushmap_bucket/weight
* Optional * Type: double – /software/ceph/ceph_crushmap_bucket/defaultalg
* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/defaulthash
* Optional * Type: long – /software/ceph/ceph_crushmap_bucket/labels
* Optional * Type: string – /software/ceph/ceph_crushmap_bucket/buckets
* Optional * Type: dict • /software/ceph/ceph_crushmap_rule_choice – Description: ceph crushmap rule step – /software/ceph/ceph_crushmap_rule_choice/chtype
* Optional * Type: string – /software/ceph/ceph_crushmap_rule_choice/number
* Optional * Type: long
1.3. configuration-modules-core 197 Quattor Documentation, Release 0.0.1
– /software/ceph/ceph_crushmap_rule_choice/bktype
* Optional * Type: string • /software/ceph/ceph_crushmap_rule_step – Description: ceph crushmap rule step – /software/ceph/ceph_crushmap_rule_step/take
* Optional * Type: string – /software/ceph/ceph_crushmap_rule_step/set_choose_tries
* Optional * Type: long – /software/ceph/ceph_crushmap_rule_step/set_chooseleaf_tries
* Optional * Type: long – /software/ceph/ceph_crushmap_rule_step/choices
* Optional * Type: ceph_crushmap_rule_choice • /software/ceph/ceph_crushmap_rule – Description: ceph crushmap rule definition – /software/ceph/ceph_crushmap_rule/name
* Optional * Type: string – /software/ceph/ceph_crushmap_rule/type
* Optional * Type: string – /software/ceph/ceph_crushmap_rule/ruleset
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_crushmap_rule/min_size
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_crushmap_rule/max_size
* Optional * Type: long
198 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Range: 0.. – /software/ceph/ceph_crushmap_rule/steps
* Optional * Type: ceph_crushmap_rule_step • /software/ceph/ceph_crushmap – Description: ceph crushmap definition The crushmap defines some types of buckets, a hierarchical bucket structure, rules for travers- ing these buckets and tunables for magic numbers. • /software/ceph/ceph_crushmap/types – Optional – Type: string • /software/ceph/ceph_crushmap/buckets – Optional – Type: ceph_crushmap_bucket • /software/ceph/ceph_crushmap/rules – Optional – Type: ceph_crushmap_rule • /software/ceph/ceph_crushmap/tunables – Optional – Type: long • /software/ceph/ceph_cluster – Description: overarching ceph cluster type, with osds, mons and msds – /software/ceph/ceph_cluster/config
* Optional * Type: ceph_cluster_config – /software/ceph/ceph_cluster/osdhosts
* Optional * Type: ceph_osd_host – /software/ceph/ceph_cluster/monitors
* Optional * Type: ceph_monitor – /software/ceph/ceph_cluster/mdss
* Optional * Type: ceph_mds – /software/ceph/ceph_cluster/radosgwh
* Optional
1.3. configuration-modules-core 199 Quattor Documentation, Release 0.0.1
* Type: ceph_radosgwh – /software/ceph/ceph_cluster/deployhosts
* Optional * Type: type_fqdn – /software/ceph/ceph_cluster/crushmap
* Optional * Type: ceph_crushmap • /software/ceph/ceph_localdaemons – Description: Decentralized config feature: For use with dedicated pan code that builds the cluster info from remote templates. • /software/ceph/ceph_localdaemons/osds – Optional – Type: ceph_osd • /software/ceph/ceph_component – Description: ceph clusters – /software/ceph/ceph_component/clusters
* Optional * Type: ceph_cluster – /software/ceph/ceph_component/localdaemons
* Optional * Type: ceph_localdaemons – /software/ceph/ceph_component/ceph_version
* Optional * Type: string – /software/ceph/ceph_component/deploy_version
* Optional * Type: string – /software/ceph/ceph_component/key_accept
* Optional * Type: string – /software/ceph/ceph_component/ssh_multiplex
* Optional * Type: boolean – /software/ceph/ceph_component/max_add_osd_failures_per_host
* Optional * Type: long
200 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Range: 0.. – /software/ceph/ceph_component/release
* Optional * Type: string
Functions
• valid_osd_names – Description: check that the ceph osd names are no ceph reserved paths • Arguments: – ceph_component type • is_crushmap – Description: checks the ceph crushmap, this includes uniqueness of bucket and rule name, recursive bucket typing, and rules using existing buckets • Arguments: – crushmap allowed bucket types – crushmap buckets definitions – rules to traverse crushmap • is_bucket – Description: check the bucket type recursively, this includes attribute type and value checking and the uniqueness of names • Arguments: – bucket to check – list of already parsed bucket names – accepted bucket types – 1 if bucket is top bucket, 0 otherwise • is_ceph_crushmap_bucket_alg – Description: check it is a valid algorithm, also used in is_crushmap • Arguments: – bucket algoritm
Types
• /software/ceph/ceph_mds_config – Description: configuration options for a ceph mds daemon – /software/ceph/ceph_mds_config/mds_cache_size
* Optional * Type: long
1.3. configuration-modules-core 201 Quattor Documentation, Release 0.0.1
– /software/ceph/ceph_mds_config/mds_max_purge_files
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_ops
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_ops_per_pg
* Optional * Type: double – /software/ceph/ceph_mds_config/mds_log_max_expiring
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_log_max_segments
* Optional * Type: long • /software/ceph/ceph_mds – Description: ceph mds-specific type – /software/ceph/ceph_mds/fqdn
* Optional * Type: type_fqdn – /software/ceph/ceph_mds/config
* Optional * Type: ceph_mds_config
Types
• /software/ceph/ceph_mon_config – Description: configuration options for a ceph monitor daemon • /software/ceph/ceph_monitor – Description: ceph monitor-specific type – /software/ceph/ceph_monitor/fqdn
* Optional * Type: type_fqdn – /software/ceph/ceph_monitor/config
* Optional * Type: ceph_mon_config
202 Chapter 1. Content Quattor Documentation, Release 0.0.1
Types
• /software/ceph/ceph_osd_config – Description: configuration options for a ceph osd daemon – /software/ceph/ceph_osd_config/osd_deep_scrub_interval
* Optional * Type: double – /software/ceph/ceph_osd_config/osd_journal_size
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_max_scrubs
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_objectstore
* Optional * Type: string – /software/ceph/ceph_osd_config/osd_op_threads
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_scrub_begin_hour
* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_end_hour
* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_load_threshold
* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_min_interval
* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_max_interval
1.3. configuration-modules-core 203 Quattor Documentation, Release 0.0.1
* Optional * Type: double • /software/ceph/ceph_osd – Description: ceph osd-specific type The key of the ceph_osd should be the path to the mounted disk. This can be an absolute path or a relative one to /var/lib/ceph/osd/ journal_path should be the path to a journal file This can be an absolute path or a relative one to /var/lib/ceph/log/ With labels osds can be grouped. This should also be defined in root. • /software/ceph/ceph_osd/config – Optional – Type: ceph_osd_config • /software/ceph/ceph_osd/in – Optional – Type: boolean • /software/ceph/ceph_osd/journal_path – Optional – Type: string • /software/ceph/ceph_osd/crush_weight – Optional – Type: double • /software/ceph/ceph_osd/labels – Optional – Type: string • /software/ceph/ceph_osd_host – Description: ceph osdhost-specific type, defining all osds on a host – /software/ceph/ceph_osd_host/fqdn
* Optional * Type: type_fqdn – /software/ceph/ceph_osd_host/osds
* Optional * Type: ceph_osd
Types
• /software/ceph/type_quoted_string • /software/ceph/ceph_radosgw_config – Description: configuration options for a ceph rados gateway instance – /software/ceph/ceph_radosgw_config/host
* Optional
204 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string – /software/ceph/ceph_radosgw_config/keyring
* Optional * Type: string – /software/ceph/ceph_radosgw_config/rgw_socket_path
* Optional * Type: string – /software/ceph/ceph_radosgw_config/log_file
* Optional * Type: string – /software/ceph/ceph_radosgw_config/rgw_frontends
* Optional * Type: type_quoted_string – /software/ceph/ceph_radosgw_config/rgw_print_continue
* Optional * Type: boolean – /software/ceph/ceph_radosgw_config/rgw_dns_name
* Optional * Type: type_fqdn – /software/ceph/ceph_radosgw_config/rgw_enable_ops_log
* Optional * Type: boolean – /software/ceph/ceph_radosgw_config/rgw_enable_usage_log
* Optional * Type: boolean – /software/ceph/ceph_radosgw_config/user
* Optional * Type: string • /software/ceph/ceph_radosgw – Description: ceph rados gateway type http://ceph.com/docs/master/radosgw/ • /software/ceph/ceph_radosgw/config – Optional – Type: ceph_radosgw_config • /software/ceph/ceph_radosgwh – Description: ceph rados gateway host, defining all gateways on a host
1.3. configuration-modules-core 205 Quattor Documentation, Release 0.0.1
– /software/ceph/ceph_radosgwh/fqdn
* Optional * Type: type_fqdn – /software/ceph/ceph_radosgwh/gateways
* Optional * Type: ceph_radosgw
Types
• /software/ceph/ceph_daemon – Description: type for a generic ceph daemon • /software/ceph/ceph_global_config – Description: ceph cluster-wide config parameters generate an fsid with uuidgen • /software/ceph/ceph_global_config/auth_client_required – Optional – Type: choice • /software/ceph/ceph_global_config/auth_cluster_required – Optional – Type: choice • /software/ceph/ceph_global_config/auth_service_required – Optional – Type: choice • /software/ceph/ceph_global_config/cluster_network – Optional – Type: type_network_name • /software/ceph/ceph_global_config/enable_experimental_unrecoverable_data_corrupting_features
– Optional – Type: string • /software/ceph/ceph_global_config/filestore_xattr_use_omap – Optional – Type: boolean • /software/ceph/ceph_global_config/fsid – Optional – Type: type_uuid • /software/ceph/ceph_global_config/mon_cluster_log_to_syslog
206 Chapter 1. Content Quattor Documentation, Release 0.0.1
– Optional – Type: boolean • /software/ceph/ceph_global_config/mon_initial_members – Optional – Type: type_network_name • /software/ceph/ceph_global_config/mon_host – Optional – Type: type_fqdn • /software/ceph/ceph_global_config/mon_max_pg_per_osd – Optional – Type: long • /software/ceph/ceph_global_config/mon_osd_min_down_reporters – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/mon_osd_min_down_reports – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/mon_osd_warn_op_age – Optional – Type: long • /software/ceph/ceph_global_config/mon_osd_err_op_age_ratio – Optional – Type: long • /software/ceph/ceph_global_config/ms_type – Optional – Type: choice • /software/ceph/ceph_global_config/op_queue – Optional – Type: choice • /software/ceph/ceph_global_config/osd_journal_size – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_max_pg_per_osd_hard_ratio
1.3. configuration-modules-core 207 Quattor Documentation, Release 0.0.1
– Optional – Type: long • /software/ceph/ceph_global_config/osd_pool_default_min_size – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_pool_default_pg_num – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_pool_default_pgp_num – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/osd_pool_default_size – Optional – Type: long – Range: 0.. • /software/ceph/ceph_global_config/public_network – Optional – Type: type_network_name • /software/ceph/ceph_configfile – /software/ceph/ceph_configfile/global
* Optional * Type: ceph_global_config – /software/ceph/ceph_configfile/mds
* Optional * Type: ceph_mds_config – /software/ceph/ceph_configfile/osd
* Optional * Type: ceph_osd_config – /software/ceph/ceph_configfile/mon
* Optional * Type: ceph_mon_config – /software/ceph/ceph_configfile/rgw
* Optional
208 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: ceph_rgw_config • /software/ceph/ceph_cluster – Description: overarching ceph cluster type, with osds, mons and msds – /software/ceph/ceph_cluster/monitors
* Optional * Type: ceph_monitor – /software/ceph/ceph_cluster/mdss
* Optional * Type: ceph_mds – /software/ceph/ceph_cluster/initcfg
* Optional * Type: ceph_configfile – /software/ceph/ceph_cluster/deployhosts
* Optional * Type: type_fqdn – /software/ceph/ceph_cluster/key_accept
* Optional * Type: choice – /software/ceph/ceph_cluster/ssh_multiplex
* Optional * Type: boolean • /software/ceph/ceph_daemons – Description: Decentralized config feature: For use with dedicated pan code that builds the cluster info from remote templates. • /software/ceph/ceph_daemons/osds – Optional – Type: ceph_osd • /software/ceph/ceph_daemons/max_add_osd_failures – Optional – Type: long – Range: 0.. • /software/ceph/ceph_supported_version • /software/ceph/ceph_deploy_supported_version • /software/ceph/ceph_component – Description:
1.3. configuration-modules-core 209 Quattor Documentation, Release 0.0.1 ceph cluster configuration we only support node to be in one ceph cluster named ceph this schema only works with Luminous 12.2.2 and above • /software/ceph/ceph_component/cluster – Optional – Type: ceph_cluster • /software/ceph/ceph_component/daemons – Optional – Type: ceph_daemons • /software/ceph/ceph_component/config – Optional – Type: ceph_configfile • /software/ceph/ceph_component/ceph_version – Optional – Type: ceph_supported_version • /software/ceph/ceph_component/deploy_version – Optional – Type: ceph_deploy_supported_version • /software/ceph/ceph_component/release – Optional – Type: choice
Types
• /software/ceph/ceph_mds_config – Description: configuration options for a ceph mds daemon – /software/ceph/ceph_mds_config/mds_cache_size
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_cache_memory_limit
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_files
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_max_purge_ops
* Optional * Type: long
210 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/ceph/ceph_mds_config/mds_max_purge_ops_per_pg
* Optional * Type: double – /software/ceph/ceph_mds_config/mds_log_max_expiring
* Optional * Type: long – /software/ceph/ceph_mds_config/mds_log_max_segments
* Optional * Type: long • /software/ceph/ceph_mds – Description: ceph mds-specific type – /software/ceph/ceph_mds/fqdn
* Optional * Type: type_fqdn
Types
• /software/ceph/ceph_mon_config – Description: configuration options for a ceph monitor daemon • /software/ceph/ceph_monitor – Description: ceph monitor-specific type – /software/ceph/ceph_monitor/fqdn
* Optional * Type: type_fqdn
Types
• /software/ceph/ceph_osd_config – Description: configuration options for a ceph osd daemon – /software/ceph/ceph_osd_config/osd_deep_scrub_interval
* Optional * Type: double – /software/ceph/ceph_osd_config/osd_journal_size
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_max_scrubs
* Optional
1.3. configuration-modules-core 211 Quattor Documentation, Release 0.0.1
* Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_objectstore
* Optional * Type: string – /software/ceph/ceph_osd_config/osd_op_threads
* Optional * Type: long * Range: 0.. – /software/ceph/ceph_osd_config/osd_scrub_begin_hour
* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_end_hour
* Optional * Type: long * Range: 0..24 – /software/ceph/ceph_osd_config/osd_scrub_load_threshold
* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_min_interval
* Optional * Type: double – /software/ceph/ceph_osd_config/osd_scrub_max_interval
* Optional * Type: double • /software/ceph/ceph_osd – Description: ceph osd-specific type Only bluestore support for now dmcrypt supported with ceph-volume > 12.2.3 • /software/ceph/ceph_osd/class – Optional – Type: string • /software/ceph/ceph_osd/storetype – Optional – Type: choice • /software/ceph/ceph_osd/dmcrypt
212 Chapter 1. Content Quattor Documentation, Release 0.0.1
– Optional – Type: boolean
Types
• /software/ceph/type_quoted_string • /software/ceph/ceph_rgw_config – Description: configuration options for a ceph rados gateway instance – /software/ceph/ceph_rgw_config/host
* Optional * Type: string – /software/ceph/ceph_rgw_config/keyring
* Optional * Type: string – /software/ceph/ceph_rgw_config/rgw_socket_path
* Optional * Type: string – /software/ceph/ceph_rgw_config/log_file
* Optional * Type: absolute_file_path – /software/ceph/ceph_rgw_config/rgw_frontends
* Optional * Type: type_quoted_string – /software/ceph/ceph_rgw_config/rgw_print_continue
* Optional * Type: boolean – /software/ceph/ceph_rgw_config/rgw_dns_name
* Optional * Type: type_fqdn – /software/ceph/ceph_rgw_config/rgw_enable_ops_log
* Optional * Type: boolean – /software/ceph/ceph_rgw_config/rgw_enable_usage_log
* Optional * Type: boolean – /software/ceph/ceph_rgw_config/user
* Optional
1.3. configuration-modules-core 213 Quattor Documentation, Release 0.0.1
* Type: string • /software/ceph/ceph_radosgw – Description: ceph rados gateway type http://ceph.com/docs/master/radosgw/ • /software/ceph/ceph_radosgw/config – Optional – Type: ceph_rgw_config
chkconfig
NAME
NCM::chkconfig - NCM chkconfig component
SYNOPSIS
Configure() Updates runlevel information for system services by using chkconfig that are defined in /soft- ware/components/chkconfig/. Also starts/stops those services that have option startstop set to true in and have one of the follow- ing options specified: add or del option is true, on or off option is specified either without specific runlevels, or with runlevel value that contains the current runlevel. The optional default key decides what will happen with services that are not explicitly configured. Default is to ignore them, but a vakue of off instead disables anything not mentioned in the profile. Unconfigure() Not available.
RESOURCES
/software/components/chkconfig/active : boolean activates/deactivates the component. /software/components/chkconfig/default : string ("off", "ignore") says what happens if no explicit configuration is found for the service. Certain services (like network, messagebus, haldaemon, sshd) are protected from being turned off via the default setting, but please do not rely on this. /software/components/chkconfig/service/
214 Chapter 1. Content Quattor Documentation, Release 0.0.1
If set, the value is used as the name of the service instead of using the service path as a name. /software/components/chkconfig/service/
EXAMPLES
The following example will start named on system default runlevels: include 'components/chkconfig/config'; "/software/components/chkconfig/service/named/add"= true; "/software/components/chkconfig/service/named/on"=""; "/software/components/chkconfig/service/named/startstop"= true;
The shorter way of writing this (assuming named is known to chkconfig): include 'components/chkconfig/config'; "/software/components/chkconfig/service/named"= nlist("on","","startstop",true);
Disable and stop xinetd:
"/software/components/chkconfig/service/xinetd"= nlist("off","", "startstop", true);
Types
• /software/chkconfig/service_type – /software/chkconfig/service_type/name
* Optional * Type: string – /software/chkconfig/service_type/add
* Optional * Type: boolean – /software/chkconfig/service_type/del
1.3. configuration-modules-core 215 Quattor Documentation, Release 0.0.1
* Optional * Type: boolean – /software/chkconfig/service_type/on
* Optional * Type: string – /software/chkconfig/service_type/off
* Optional * Type: string – /software/chkconfig/service_type/reset
* Optional * Type: string – /software/chkconfig/service_type/startstop
* Optional * Type: boolean • /software/chkconfig/component_chkconfig_type – /software/chkconfig/component_chkconfig_type/service
* Optional * Type: service_type – /software/chkconfig/component_chkconfig_type/default
* Optional * Type: string
Functions
• chkconfig_allow_combinations cron
NAME ncm-cron – NCM component to control cron entries for Linux and Solaris.
DESCRIPTION
The cron component manages files in the /etc/cron.d directory on Linux and the /var/spool/cron/ crontabs directory on Solaris.
216 Chapter 1. Content Quattor Documentation, Release 0.0.1
Linux
Files managed by ncm-cron will have the .ncm-cron.cron suffix. Other files in the directory are not affected by this component. The name of each file will be taken from the name attribute.
Solaris
Solaris uses an older version of cron that does not make use of a cron.d directory for crontabs. ncm-cron shares the crontab with each user. To make this work ncm-cron uses the concept of separate file sections within the crontab. Each section is identified by the use of the tags NCM-CRON BEGIN:and NCM-CRON END:. Entries either side of these section identifiers are not modified. Solaris does have a /etc/cron.d directory, however it uses this directory for control files such as cron.allow and cron.deny.
EXAMPLE
"/software/components/cron/entries"= list( dict( "name", "ls", "user", "root", "group", "root", "frequency"," */2 ****", "command", "/bin/ls"), dict( "name", "hostname", "comment", "some interesting text", "frequency"," */2 ****", "command", "/bin/hostname"), "env", dict("MAILTO", "[email protected]"), dict( "name", "date", "comment", "runs the date sometime within a 3 hour period", "timing", dict( "minute", "0", "hour", "1", "smear", 180), "command", "/bin/date") );
On Linux this will create three files in /etc/cron.d: ls.ncm-cron.cron hostname.ncm-cron.cron date.ncm-cron.cron
On Solaris three extra entries will be added to the root crontab.
Solaris
Editing the NCM-CRON BEGIN: and/or the NCM-CRON END: tag within a crontab will cause unpredictable be- haviour. Possible behavours are duplicate entries or entries being removed altogether. Editing BETWEEN the tags will cause the edits to be overwritten the next time ncm-cron runs.
1.3. configuration-modules-core 217 Quattor Documentation, Release 0.0.1
Types
• /software/cron/structure_cron_syslog – /software/cron/structure_cron_syslog/facility
* Optional * Type: string – /software/cron/structure_cron_syslog/level
* Optional * Type: string – /software/cron/structure_cron_syslog/tagprefix
* Optional * Type: string – /software/cron/structure_cron_syslog/tag
* Optional * Type: string • /software/cron/structure_cron_log – Description: Define specific attributes for cron log file. – /software/cron/structure_cron_log/disabled
* Description: A boolean disabling the redirection of script output/error to a log file * Optional * Type: boolean – /software/cron/structure_cron_log/name
* Description: Name of the log file. If the name is not an absolute file name, file is created in /var/log. Default name is the cron filename with .log extension in /var/log. – Optional – Type: string – /software/cron/structure_cron_log/owner
* Description: Owner/group of the log file, using owner[:group] format. Group can be ommitted. * Optional * Type: string – /software/cron/structure_cron_log/mode
* Description: Permissions of log file specified as a string interpreted as an octal number. * Optional * Type: string • /software/cron/structure_cron_timing
218 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/cron/structure_cron_timing/minute
* Description: minute of hour (0-59) * Optional * Type: string – /software/cron/structure_cron_timing/hour
* Description: hour of day (0-23) * Optional * Type: string – /software/cron/structure_cron_timing/day
* Description: day of month (1-31) * Optional * Type: string – /software/cron/structure_cron_timing/month
* Description: month of year (1-12 or three-letter abbreviated lowercase name) * Optional * Type: string – /software/cron/structure_cron_timing/weekday
* Description: day of week (0-7 or three-letter abbreviated lowercase name) * Optional * Type: string – /software/cron/structure_cron_timing/smear
* Description: Interval (in minutes) over which to randomly smear the start time of the job * Optional * Type: long * Range: 0..1440 • /software/cron/structure_cron – /software/cron/structure_cron/name
* Description: Filename (without suffix) of the cron entry file to create. * Optional * Type: string – /software/cron/structure_cron/user
* Description: User to use to run the command. Defaults to root if none defined * Optional * Type: string – /software/cron/structure_cron/group
* Description: Group to use to run the command. Defaults to user’s primary group.
1.3. configuration-modules-core 219 Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/cron/structure_cron/frequency
* Description: Execution frequency for the command, using standard cron syntax. Minutes field can be ‘AUTO :’ in which case, a random value between 0 and 59 inclusive is generated. This can be used to avoid too many machines executing the same cron at the same time. See also the C
* Optional * Type: string – /software/cron/structure_cron/timing
* Description: If the ‘timing’ dict is used to specify the time, it can contain any of the keys: ‘minute’, ‘hour’, ‘day’, ‘month’ and ‘weekday’. An unspecified key will have a value of ‘*’. A further key of ‘smear’ can be used to specify (in minutes) a maximum interval for smearing the start time, which can be as much as a day. When a smeared job is created, a random increment between zero and the smear time is applied to the start time of the job. If the start time results in the job running on the following day, then all other fields (day, weekday, etc) will be suitably modified. When smearing is specified, then the start minute (and possibly hour, if smear is more than one hour) must be specified as a simple absolute (e.g. ‘2’) and cannot be variations such as lists or ranges. Time specifications such as ranges, lists and steps are supported except for named values (e.g. “1” must be used instead of “mon”).
* Optional * Type: structure_cron_timing – /software/cron/structure_cron/command
* Description: Command line to execute, including all its options. * Optional * Type: string – /software/cron/structure_cron/comment
* Description: An optional comment to add at the beginning of the cron file. * Optional * Type: string – /software/cron/structure_cron/env
* Description: An optional dict containing environment variable that must be defined before executing the command. Key is the variable name, value is variable value.
* Optional * Type: string – /software/cron/structure_cron/log
* Optional * Type: structure_cron_log – /software/cron/structure_cron/syslog
220 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: structure_cron_syslog • /software/cron/cron_component – /software/cron/cron_component/entries
* Description: A list containing cron structures (described above). * Optional * Type: structure_cron – /software/cron/cron_component/deny
* Optional * Type: string – /software/cron/cron_component/allow
* Optional * Type: string – /software/cron/cron_component/securitypath
* Optional * Type: string
Functions
• structure_cron_log_valid – Description: Function to check that other log properties are not present when disabled is true • valid_cron_timing – Description: Validate contents of cron timing fields (see CRONTAB(5) for details) Cron timing fields can contain complex expressions (e.g. “1,5,13-23/2”). Rather than validate these in depth the aim here is to catch things that are obviously wrong, such as: – characters which are not valid in cron fields – out of range numbers (e.g. “35” in the hour field) – names in the wrong field (e.g. “tue” in the day of month field) • valid_cron_minute – Description: Convenience wrapper for validating cron minute field • valid_cron_hour – Description: Convenience wrapper for validating cron hour field • valid_cron_day_of_month – Description: Convenience wrapper for validating cron day of month field • valid_cron_month
1.3. configuration-modules-core 221 Quattor Documentation, Release 0.0.1
– Description: Convenience wrapper for validating cron month field • valid_cron_day_of_week – Description: Convenience wrapper for validating cron day of week field • valid_cron_frequency – Description: Validate contents of cron frequency field cups
NAME cups : CUPS configuration component
DESCRIPTION
NCM component allowing to configure CUPS service and declare printers.
RESOURCES
* /software/components/cups/defaultprinter : string (optional) Define the printer specified as the default printer. Printer must be listed in the printers list to be defined as the default printer. * /software/components/cups/nodetype : string (optional) Possible values are client and server. server must be specified to start cupsd daemon. When client is specified and cupsd is running, it is stopped. Default : server on machine defined in options/ServerName or if this option is not defined (server assumed to be localhost), client on other machines. * /software/components/cups/options/... : nlist (optional) This ressource is a list of properties corresponding to option keywords supported by CUPS configuration files (cupsd.conf and client.conf). See the configuration files provided by CUPS for the doc- umentation about each possible option. It is a nlist where the key is the option name and the value the option value. An empty value is interpreted as “undefine the option”. If present, the matching configuration line is commented out. To define an option with an empty value, you need to specify a value made of spaces. Generally, options apply either to server configuration or to client configuration. There is one exception, ServerName, which applies to both. Note : not all the CUPS options are currently implemented. If you get a message unsupported option when running this component, look at the comments at the beginning of component Perl source about how to add support for a new option. * /software/components/cups/options/ServerAlias : list of string
222 Chapter 1. Content Quattor Documentation, Release 0.0.1
This option sets the ServerAlias option in cupsd configuration. It is interpreted as a list of string. Default : None Scope : server * /software/components/cups/options/ServerName : string This option is a special case. It is used by both client and server. In the server configuration, if not defined or defined as local host, it is converted to the local host name. In client configuration file, if ServerNamepoints to the current host, it is converted to “127.0.0.1” (CUPS default). Default : localhost (CUPS default) Scope : client and server * /software/components/cups/printers/... : nlist (optional) List of printers to configure if the current node is the server node. This resource is a nlist where the key is the printer name. In addition to standard CUPS printer options (look at lpadmin documentation), the following printer properties are defined : * delete : boolean Allow to delete a printer previously defined. Deleting a non existent printer is not considered an error. If a node configuration contains both definition and deletion for the same printer, the printer is deleted. This allows for a common configuration with some printers defined and a node specific configuration where some printers are not defined. If delete is true, all other options are ignored. Default : no * enable : boolean If this property is false, allow to disable a printer (without deleting it). If a node configuration both enable and disable printer, the printer is enabled. This allows for a common configuration where printers are created disabled and enable on a per node basis. Default : yes * printer : string Define the printer/queue name on the server associated with this printer. For LPD, need to match a printcap entry. Used to build the printer URI. * protocol : string Define the protocol part of the printer URI (CUPS backend). Used to build the printer URI. * server : string Define the server part of the printer URI. Used to build the printer URI.
1.3. configuration-modules-core 223 Quattor Documentation, Release 0.0.1
Types
• /software/cups/cups_component_printer – /software/cups/cups_component_printer/server
* Optional * Type: string – /software/cups/cups_component_printer/protocol
* Optional * Type: string – /software/cups/cups_component_printer/printer
* Optional * Type: string – /software/cups/cups_component_printer/uri
* Optional * Type: string – /software/cups/cups_component_printer/delete
* Optional * Type: boolean – /software/cups/cups_component_printer/enable
* Optional * Type: boolean – /software/cups/cups_component_printer/class
* Optional * Type: string – /software/cups/cups_component_printer/description
* Optional * Type: string – /software/cups/cups_component_printer/location
* Optional * Type: string – /software/cups/cups_component_printer/model
* Optional * Type: string – /software/cups/cups_component_printer/ppd
* Optional * Type: string • /software/cups/cups_component_options
224 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/cups/cups_component_options/AutoPurgeJobs
* Optional * Type: legacy_binary_affirmation_string – /software/cups/cups_component_options/Classification
* Optional * Type: string – /software/cups/cups_component_options/ClassifyOverride
* Optional * Type: string – /software/cups/cups_component_options/DataDir
* Optional * Type: string – /software/cups/cups_component_options/DefaultCharset
* Optional * Type: string – /software/cups/cups_component_options/Encryption
* Optional * Type: string – /software/cups/cups_component_options/ErrorLog
* Optional * Type: string – /software/cups/cups_component_options/LogLevel
* Optional * Type: string – /software/cups/cups_component_options/MaxCopies
* Optional * Type: long – /software/cups/cups_component_options/MaxLogSize
* Optional * Type: long – /software/cups/cups_component_options/PreserveJobHistory
* Optional * Type: legacy_binary_affirmation_string – /software/cups/cups_component_options/PreserveJobFiles
* Optional * Type: legacy_binary_affirmation_string
1.3. configuration-modules-core 225 Quattor Documentation, Release 0.0.1
– /software/cups/cups_component_options/Printcap
* Optional * Type: string – /software/cups/cups_component_options/ServerAdmin
* Optional * Type: string – /software/cups/cups_component_options/ServerAlias
* Optional * Type: string – /software/cups/cups_component_options/ServerName
* Optional * Type: string • /software/cups/cups_component – /software/cups/cups_component/defaultprinter
* Optional * Type: string – /software/cups/cups_component/nodetype
* Optional * Type: string – /software/cups/cups_component/options
* Optional * Type: cups_component_options – /software/cups/cups_component/printers
* Optional * Type: cups_component_printer
dirperm
NAME
dirperm: permissions and file/directory creation NCM component
DESCRIPTION
Object to set permissions and ownership of files and directories. Will create directories if they do not exist (with the proper permissions). Useful, e.g., to give every pool-user a “.globus” directory in its $HOME, or to create a bunch of home directories for poolaccounts on a non-CE machine. If the list initdir is set, then files in those directories will be copied to the created directory. They will be given the same ownership as the directory.
226 Chapter 1. Content Quattor Documentation, Release 0.0.1
When creating a file, all of the parent directories must already exist.
RESOURCES
/software/components/dirperm/paths
A list of files/directories to manage with this component. Each entry in the list must be of the structure_dirperm_entry type which has the following fields: * path String representing full path of configured file/directory. * owner String representing ownership, of form user or user:group. * perm String containing octal permissions to enforce. * type String, either 'd' for directory or 'f' for file. * initdir Optional list of strings representing full paths to directories. If the target is a directory, this can be used to prepopulate the directory by copying files from multiple sources. This is particularly useful for home directories.
EXAMPLES
"/software/components/dirperm/paths"= list( nlist( "path", "/export/home/alice002/.globus", "owner", "alice002:alice", "perm", "0700", "type", "d", "initdir", list("/etc/skel") ), );
Types
• /software/dirperm/structure_dirperm_entry – /software/dirperm/structure_dirperm_entry/path
* Optional * Type: string – /software/dirperm/structure_dirperm_entry/perm
* Optional * Type: string
1.3. configuration-modules-core 227 Quattor Documentation, Release 0.0.1
– /software/dirperm/structure_dirperm_entry/owner
* Optional * Type: string – /software/dirperm/structure_dirperm_entry/type
* Optional * Type: string – /software/dirperm/structure_dirperm_entry/initdir
* Optional * Type: string – /software/dirperm/structure_dirperm_entry/checkmount
* Description: ensure that a directory is within a mountpoint configured in the profile * Optional * Type: boolean – /software/dirperm/structure_dirperm_entry/within_mount
* Description: ensure that a directory is within a mountpoint * Optional * Type: boolean • /software/dirperm/component_dirperm – /software/dirperm/component_dirperm/paths
* Optional * Type: structure_dirperm_entry
Functions
• dirperm_permissions_valid
download
DESCRIPTION
Downloads files onto the local machine during the configuration, and optionally post-processes the files. The download is achieved by invoking curl, so any URLs acceptable to curl (and LWP::UserAgent) (including local file:// URLs) are allowed. A file is only downloaded if following conditions are met: The timestamp of the source can be retrieved The timestamp of the source is more recent than the current file (if such file exists); unless the allow_older attribute is set. The remote timestamp is not too recent.
228 Chapter 1. Content Quattor Documentation, Release 0.0.1
EXAMPLES
"/software/components/download"= dict( "server", "mydownloadserver.com", "proto", "http", ); prefix "/software/components/download/files"; "{/etc/passwd}"= dict( "href", "https://secure.my.domain", "post", "/usr/local/mk_passwd", ); "{/usr/local/foo.txt}"= dict( "href", "file:///etc/foo.txt", "owner", "john", "perm", "0400", );
Types
• /software/download/component_download_file – /software/download/component_download_file/href
* Description: A URL (either absolute, or relative) that describes the source of the file. The URL can be specified as relative by ommitting the server name and/or the protocol, in which case the component defaults will be used. Local files can be used as source, such as file: //localhost/etc/foo.txt or even file:///etc/foo.txt.
* Optional * Type: string – /software/download/component_download_file/post
* Description: Specify the command (no options allowed) to run whenever the file is updated. The filename is added as first and (only) argument. Note that if the update is optimised away by the download process (e.g. if the file is already up-to-date), the command will still be executed, so it is the responsibility of this command to determine what work needs to be done, if any.
* Optional * Type: string – /software/download/component_download_file/proxy
* Description: If false, then the proxy configuration will be ignored for this file. This has no effect when there are no proxy hosts defined.
* Optional * Type: boolean – /software/download/component_download_file/gssapi
* Description: If true, then curl/LWP will be invoked with GSSAPI Negotiate extension enabled, using the host keytab as the identity.
* Optional
1.3. configuration-modules-core 229 Quattor Documentation, Release 0.0.1
* Type: boolean – /software/download/component_download_file/perm
* Description: Sets the permissions of the file to the defined permissions (defined in octal, e.g. 0644).
* Optional * Type: string – /software/download/component_download_file/owner
* Description: Sets the ownership to given user (name or number). * Optional * Type: string – /software/download/component_download_file/group
* Description: Sets the group ownership to the given group (name or number). * Optional * Type: string – /software/download/component_download_file/min_age
* Description: Don’t consider the remote file to be new until it is this number of minutes old * Optional * Type: long – /software/download/component_download_file/cacert
* Optional * Type: string – /software/download/component_download_file/capath
* Optional * Type: string – /software/download/component_download_file/cert
* Optional * Type: string – /software/download/component_download_file/key
* Optional * Type: string – /software/download/component_download_file/timeout
* Description: seconds, overrides setting in component * Optional * Type: long – /software/download/component_download_file/allow_older
* Description: allow older remote file
230 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: boolean • /software/download/download_component – /software/download/download_component/server
* Description: The default server hostname to use for any sources which do not specify the source.
* Optional * Type: string – /software/download/download_component/proto
* Description: The default protocol to use for any sources which do not specify the protocol.
* Optional * Type: string – /software/download/download_component/files
* Description: An dict of escaped filenames required for the destination file. * Optional * Type: component_download_file – /software/download/download_component/proxyhosts
* Description: List of hostnames (and possibly with ‘:port’ suffix). When specified, a reverse proxy configuration is assumed for all of the file sources. Whenever a file is downloaded, each of the proxy hosts will be used first before attempting the original source URL. The first proxy host to respond will be used for all subsequent download attempts.
* Optional * Type: type_hostport – /software/download/download_component/head_timeout
* Description: seconds, timeout for HEAD requests which checks for changes * Optional * Type: long – /software/download/download_component/timeout
* Description: seconds, total timeout for fetch of file, can be overridden per file * Optional * Type: long – /software/download/download_component/kinit_args
* Description: argumensts to be passed in kinit -k called in ncm-download * Optional * Type: string
1.3. configuration-modules-core 231 Quattor Documentation, Release 0.0.1 etcservices
NAME
NCM::etcservices - /etc/services configuration component.
DESCRIPTION
The services file is a local source of information regarding each service available through the Internet.
SYNOPSIS
Configure() Configure /etc/services entries
RESOURCES
* /software/components/etcservices/active : boolean activates/deactivates the component. * /software/components/etcservices/entries The services file contains an entry for each service. Each entry has the form:
service-name port/protocol aliases
* service-name: This is the official Internet service name. * port/protocol: This field is composed of the port number and protocol through which the service is provided. * aliases: This is a list of alternate names by which the service might be requested.
Types
• /software/etcservices/component_etcservices_type – /software/etcservices/component_etcservices_type/entries
* Optional * Type: string
filecopy
NAME ncm-filecopy: NCM component to manage simple configuration files and services.
232 Chapter 1. Content Quattor Documentation, Release 0.0.1
DESCRIPTION
The filecopy component manages services which have configuration files that can be representated as strings in pan or built by copying a template already present on the machine (eg. provided by a RPM). A “restart” command can be given which will be run whenever the configuration changes. Note: that this does not do any validation checking on the content of the service configuration. If this is desired, a service-specific component should be written. Note2: “restart” commands are executed after all the files have been updated. There is intentionally no guarantee on the order of execution if different commands must be executed: this is not necessarily the same as for checking the files. If two files specify the same restart command, it will be executed only once. If one of these restrictions is not convenient in your context, a service-specific component should be written.
RESOURCES
/software/components/filecopy/forceRestart: boolean (required)
A boolean that defines if the restart command (if any defined) of the file(s) must be executed even though the files were up-to-date (default behaviour is to execute the restart command only if file content, permissions or owner/group has been changed). Default: false
/software/components/filecopy/services: nlist (optional)
This nlist contains one entry by file to manage. The key is the escaped file name. For each file, the property described below may be specified. Most properties are optional (or have a default value) but either ‘config’ or ‘source’ MUST be specified and they are mutually exclusive. config: string (optional but ‘config’ OR ‘source’ required)
The file content specified as a string. Default: none source: string (optional but ‘config’ OR ‘source’ required)
The name of a source file already present on the machine to use as the content for the managed file. Default: none owner: string (optional)
The userid of the file owner. It can also be a ‘user:group’ specification (like with chown). Default: none
1.3. configuration-modules-core 233 Quattor Documentation, Release 0.0.1 group: string (optional)
The group of the file owner. It is ignored is owner is specified as ‘user:group’. Default: none perms: string (optional)
Permissions of the managed file. If not specified, the default permissions on the system will be used. Default: none restart: string (optional)
A command to execute if the file is modified. It is typically used to restart a service but any valid command can be specified, including several commands separated by ‘;’. If not specified, the file is updated but no command is executed. As mentionned earlier, restart commands are executed after all files have been updated and if several files specify the same restart command, it is executed once. Default: none backup: boolean (required)
This property specifies if an existing version of the file must be backuped before being updated (backup extension is ‘.old’). Default: true no_utf8: boolean (optional)
By default, the file content is converted to UTF8. Define this property to ‘true’ to prevent this conversion. Default: none forceRestart: boolean (required)
A boolean that defines if the restart command (if any defined) must be executed even though the file was up-to- date (default behaviour is to execute the restart command only if file content, permissions or owner/group has been changed). Note: the global flag ‘forceRestart’ takes precedence if set to ‘true’. Default: false
EXAMPLE prefix '/software/components/filecopy/services/{/tmp/test}'; 'config'='Contents of the file'; 'owner'='root:root'; 'perms'='0644';
234 Chapter 1. Content Quattor Documentation, Release 0.0.1
prefix '/software/components/filecopy/services/{/tmp/test.sh}'; 'config'= "#!/bin/bash\n echo Hello World"; 'restart'= '/tmp/test.sh'; 'owner'='root:root'; 'perms'='0755'; prefix '/software/components/filecopy/services/{/tmp/second-file}'; 'source'='/tmp/source'; 'owner'='root:root'; 'perms'='0644';
Types
• /software/filecopy/structure_filecopy – /software/filecopy/structure_filecopy/config
* Optional * Type: string – /software/filecopy/structure_filecopy/source
* Optional * Type: string – /software/filecopy/structure_filecopy/restart
* Optional * Type: string – /software/filecopy/structure_filecopy/perms
* Optional * Type: string – /software/filecopy/structure_filecopy/owner
* Optional * Type: string – /software/filecopy/structure_filecopy/group
* Optional * Type: string – /software/filecopy/structure_filecopy/no_utf8
* Optional * Type: boolean – /software/filecopy/structure_filecopy/forceRestart
* Optional * Type: boolean – /software/filecopy/structure_filecopy/backup
* Optional
1.3. configuration-modules-core 235 Quattor Documentation, Release 0.0.1
* Type: boolean • /software/filecopy/component_filecopy – /software/filecopy/component_filecopy/services
* Optional * Type: structure_filecopy – /software/filecopy/component_filecopy/forceRestart
* Optional * Type: boolean
Functions
• component_filecopy_valid
filesystems
DESCRIPTION
The filesystems component manages the filesystems on a node. It is able to create and remove blockdevices without restarting or re-installing. These filesystems will be later mounted/unmounted, and added/removed from /etc/fstab, using ncm-fstab. The component doesn’t provide any special resources at the moment. It just watches for changes on /system/ filesystems and /system/blockdevicesand creates new filesystems, if needed. You can also use ncm- filesystems to replace ncm-fstab : If manage_blockdevs is set to false, only the ncm-fstab code will run. A blockdevice is useful only for its ability to hold a filesystem. Blockdevices with no filesystems associated will not be created. If you want any such device, create a filesystem with "type"="none" and "mount"=false. Note: It will also remove filesystems and blockdevices that are not listed on the profile (or have been removed).
Examples
We will define a software RAID 1 composed of three disks, one volume group named Springfield on it, and two logical volumes (Simpsons and Flanders) on it. They will be mounted on /Evergreen_Terrace/742 and / Evergreen_Terrace/740, respectively. This is how the block devices definition looks like:
"/system/blockdevices"= nlist ( "physical_devs", nlist ( "hda", nlist ("label", "none"), "hdb", nlist ("label", "none"), "hdc", nlist ("label", "none") ), # No partitions here "md", nlist ( "md0", nlist ( "device_list", list ( "physical_devs/hda", "physical_devs/hdb", (continues on next page)
236 Chapter 1. Content Quattor Documentation, Release 0.0.1
(continued from previous page) "physical_devs/hdc" ), "raid_level", "RAID1", "stripe_size", 64 ), ), "volume_groups", nlist ( "Springfield", nlist ( "device_list", list ("md/md0") ), ), "logical_volumes", nlist ( "Simpsons", nlist ( "size",5 *GB, "volume_group", "Springfield" ), "Flanders", nlist ( "size",4 *GB, "volume_group", "Springfield" ) ) );
And then, we can define the filesystems:
"/system/filesystems"= list ( nlist ( "mountpoint", "/EverGreenTerrace/740", "block_device", "logical_volumes/Flanders", "mount", true, "mountopts", "defaults", "type", "ext2", # God saves from crashes, you know "freq",0, "pass",0, "format", false, "preserve", true ), nlist ( "mountpoint", "/EverGreenTerrace/742", "block_device", "logical_volumes/Simpsons", "mount", true, "mountopts", "defaults", "type", "xfs", # Lisa's on charge! "freq",0, "pass",0, "format", false, "preserve", true ), );
Types
• /software/filesystems/structure_component_filesystems – Description:
1.3. configuration-modules-core 237 Quattor Documentation, Release 0.0.1 when manage_blockdevs is false, filesystems does same as fstab No other resources here: this component takes its configuration from fstab component, “/system/filesystems” and “/system/blockdevices” • /software/filesystems/structure_component_filesystems/manage_blockdevs – Optional – Type: boolean fmonagent
NAME
NCM::fmonagent - NCM Lemon Monitoring Agent configuration component
SYNOPSIS
Configure() Creates configuration file(s) and restarts the lemon-agent service. In case of the single file configuration the files is defined in the CDB template as file and in case of split file as a directory where the following structure is expected:
top_dir/general.conf top_dir/transport/ top_dir/metrics/ top_dir/sensors/
Component will try in this case to modify the top_dir/general.conf, top_dir/transport/ udp.conf, top_dir/metrics/default.conf and for each sensor top_dir/sensors/ sensor_name.conf files.
RESOURCES
/software/components/fmonagent/active : boolean Activates/deactivates the component.
Warning
This version of NCM::fmonagent will not work with sensorAlarm!
Required programs.
Requires lemon-agent rpm to be installed.
Types
• /software/fmonagent/component_fmonagent – /software/fmonagent/component_fmonagent/LEMONversion
238 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: long – /software/fmonagent/component_fmonagent/no_contact_timeout
* Optional * Type: long freeipa
DESCRIPTION ncm-freeipa provides support for FreeIPA configuration for server: add users, groups, services client: retrieve keytabs and certificates initialisation: get started n an already deployed host AII: add initialisation in kickstart and support removal
Server
On the server, create a keytab for the quattor-server user kinit admin uidadmin=`ipa user-show admin |grep UID: |sed "s/UID://;s/ //g;"` gidadmin=`ipa user-show admin |grep GID: |sed "s/GID://;s/ //g;"` # keep random password; it's already expired ipa user-add quattor-server--first=server-- last=quattor--random--uid=$((
˓→$uidadmin+1))--gidnumber=$(($gidadmin+1)) kdestroy # use expired random password; and pick new random password (new password is not
˓→relevant) kinit quattor-server kdestroy kinit admin ipa role-add "Quattor server" for priv in "Host Administrators" "DNS Administrators" "Group Administrators"
˓→"Service Administrators" "User Administrators"; do ipa role-add-privilege "Quattor server"--privileges="$priv" done ipa role-add-member--users=quattor-server "Quattor server"
# use -r option to retrieve existing keytab (e.g. from another ipa server) ipa-getkeytab-p quattor-server-k /etc/quattor-server.keytab-s ipaserver.example.com
Use these with ncm-freeipa on the server. prefix "/software/components/freeipa/principals/server"; "principal"= "quattor-server"; "keytab"= "/etc/quattor-server.keytab";
(Do not retrieve a keytab for the admin user; it resets the admin password).
1.3. configuration-modules-core 239 Quattor Documentation, Release 0.0.1
AII
The AII hooks act on behalf of the host it is going to setup, so any of those principals cannot be used. Instead we use a fixed AII principal and keytab. First we need to add a user with appropriate privileges kinit admin uidadmin=`ipa user-show admin |grep UID: |sed "s/UID://;s/ //g;"` gidadmin=`ipa user-show admin |grep GID: |sed "s/GID://;s/ //g;"` # keep random password; it's already expired ipa user-add quattor-aii--first=aii-- last=quattor--random--uid=$(($uidadmin+2))--
˓→gidnumber=$(($gidadmin+2)) kdestroy # use expired random password; and pick new random password (new password is not
˓→relevant) kinit quattor-aii kdestroy kinit admin ipa role-add "Quattor AII" ipa role-add-privilege "Quattor AII"--privileges="Host Administrators" ipa role-add-member--users=quattor-aii "Quattor AII"
On the AII host (assuming the host is already added to IPA) kinit admin # use -r option to retrieve existing keytab (e.g. from another AII server) ipa-getkeytab -p quattor-aii -k /etc/quattor-aii.keytab -s ipaserver.example.com kdestroy (If you have granted the host principal the rights to retrieve the quattor-aii keytab, you can add in the template of the AII host prefix “/software/components/freeipa/principals/aii”; “principal” = “quattor-aii”; “keytab” = “/etc/quattor- aii.keytab”; )
Missing role / privileges retrieve use keytabs AII principal/keytab via config file
Methods server
Configure server settings server
Configure server settings
240 Chapter 1. Content Quattor Documentation, Release 0.0.1
Types
• /software/freeipa/component_freeipa_member – Description: group members configuration – /software/freeipa/component_freeipa_member/user
* Description: (minimal) user group members * Optional * Type: string • /software/freeipa/component_freeipa_group – Description: group configuration – /software/freeipa/component_freeipa_group/gidnumber
* Description: group ID number * Optional * Type: long * Range: 0.. – /software/freeipa/component_freeipa_group/members
* Description: group members * Optional * Type: component_freeipa_member • /software/freeipa/component_freeipa_user – Description: service configuration – /software/freeipa/component_freeipa_user/uidnumber
* Description: user ID number * Optional * Type: long * Range: 0.. – /software/freeipa/component_freeipa_user/sn
* Description: last name * Optional * Type: string – /software/freeipa/component_freeipa_user/givenname
* Description: first name * Optional * Type: string – /software/freeipa/component_freeipa_user/group
* Description: group name (must be a configured group to retrieve the gid) * Optional
1.3. configuration-modules-core 241 Quattor Documentation, Release 0.0.1
* Type: string – /software/freeipa/component_freeipa_user/homedirectory
* Description: homedirectory * Optional * Type: string – /software/freeipa/component_freeipa_user/gecos
* Description: gecos * Optional * Type: string – /software/freeipa/component_freeipa_user/loginshell
* Description: loginshell * Optional * Type: absolute_file_path – /software/freeipa/component_freeipa_user/ipasshpubkey
* Description: list of publick ssh keys * Optional * Type: string • /software/freeipa/component_freeipa_service – Description: service configuration – /software/freeipa/component_freeipa_service/hosts
* Description: regular expressions to match known hosts; for each host, a service/host principal will be added and the host is allowed to retrieve the keytab
* Optional * Type: string • /software/freeipa/component_freeipa_host – Description: host configuration – /software/freeipa/component_freeipa_host/ip_address
* Description: host ip address (for DNS configuration only) * Optional * Type: type_ipv4 – /software/freeipa/component_freeipa_host/macaddress
* Description: macaddress (for DHCP configuration only) * Optional * Type: string • /software/freeipa/component_freeipa_dns – Description: DNS zone configuration
242 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/freeipa/component_freeipa_dns/subnet
* Description: subnet to use, in A.B.C.D/MASK notation * Optional * Type: string – /software/freeipa/component_freeipa_dns/reverse
* Description: reverse zone (.in-addr.arpa. is added) * Optional * Type: string – /software/freeipa/component_freeipa_dns/autoreverse
* Description: autoreverse determines rev from netmask, overridden by rev (only supports 8-bit masks for now)
* Optional * Type: boolean • /software/freeipa/component_freeipa_server – Description: Server configuration – /software/freeipa/component_freeipa_server/dns
* Description: subnet name with DNSzone information * Optional * Type: component_freeipa_dns – /software/freeipa/component_freeipa_server/hosts
* Description: hosts to add (not needed if installed via AII) * Optional * Type: component_freeipa_host – /software/freeipa/component_freeipa_server/services
* Description: services to add * Optional * Type: component_freeipa_service – /software/freeipa/component_freeipa_server/users
* Description: users to add * Optional * Type: component_freeipa_user – /software/freeipa/component_freeipa_server/groups
* Description: groups to add * Optional * Type: component_freeipa_group • /software/freeipa/component_freeipa_permission
1.3. configuration-modules-core 243 Quattor Documentation, Release 0.0.1
– Description: permission / ownership for keytabs and certificates – /software/freeipa/component_freeipa_permission/mode
* Description: mode/permissions * Optional * Type: long – /software/freeipa/component_freeipa_permission/owner
* Description: owner * Optional * Type: string – /software/freeipa/component_freeipa_permission/group
* Description: group * Optional * Type: string • /software/freeipa/component_freeipa_keytab – Description: keytab for service configuration – /software/freeipa/component_freeipa_keytab/service
* Description: service to retrieve keytab for (the pricipal service/fqdn is used if no component is specified)
* Optional * Type: string • /software/freeipa/component_freeipa_certificate – Description: Certificate to request/retrieve. cert and/or key can be optionally extracted from NSSDB. Permissions are set on both cert and key, with certmode for the certificate. The nick is an alias for DN, and is unique (adding a 2nd nick for same, existing DN will result in adding a new entry with already existing nick). – /software/freeipa/component_freeipa_certificate/cert
* Description: certificate location to extract * Optional * Type: string – /software/freeipa/component_freeipa_certificate/certmode
* Description: certificate mode/permissions * Optional * Type: long – /software/freeipa/component_freeipa_certificate/key
* Description: (private) key location to extract * Optional * Type: string
244 Chapter 1. Content Quattor Documentation, Release 0.0.1
• /software/freeipa/component_freeipa_principal – Description: Principal and keytab for role – /software/freeipa/component_freeipa_principal/principal
* Description: principal to use * Optional * Type: string – /software/freeipa/component_freeipa_principal/keytab
* Description: keytab to use to retrieve credentials * Optional * Type: string • /software/freeipa/component_freeipa_nss – Description: NSS db options • /software/freeipa/freeipa_component – /software/freeipa/freeipa_component/realm
* Description: realm * Optional * Type: string – /software/freeipa/freeipa_component/primary
* Description: FreeIPA server that will be used for all API and for secondaries to replicate * Optional * Type: type_hostname – /software/freeipa/freeipa_component/secondaries
* Description: list of secondary servers to replicate * Optional * Type: type_hostname – /software/freeipa/freeipa_component/domain
* Description: FreeIPA domain name (defaults to /system/network/domainname value if not specified)
* Optional * Type: type_hostname – /software/freeipa/freeipa_component/server
* Description: server configuration settings * Optional * Type: component_freeipa_server – /software/freeipa/freeipa_component/keytabs
* Description: keytabs to retrieve for services
1.3. configuration-modules-core 245 Quattor Documentation, Release 0.0.1
* Optional * Type: component_freeipa_keytab – /software/freeipa/freeipa_component/certificates
* Description: certificates to request/retrieve (key is the NSSDB nick, and is unique per DN) * Optional * Type: component_freeipa_certificate – /software/freeipa/freeipa_component/hostcert
* Description: Generate the host certificate in /etc/ipa/quattor/certs/host.pem and key /etc/ipa/quattor/keys/host.key. The nick host is used (and any setting under certificates using that nick are preserved)
* Optional * Type: boolean – /software/freeipa/freeipa_component/nss
* Description: NSSDB options * Optional * Type: component_freeipa_nss – /software/freeipa/freeipa_component/host
* Description: Host options * Optional * Type: component_freeipa_host – /software/freeipa/freeipa_component/principals
* Description: Principal/keytab pairs for client,server or aii roles (default client role with host/fqdn princiapl and /etc/krb5.keytab keytab)
* Optional * Type: component_freeipa_principal fstab
DESCRIPTION
The fstab component manages the mount points in a node. It is able to manipulate /etc/fstab, and remount filesystems as specified by the profile. It doesn’t perform any dangerous operations, such as formatting or partitioning. If you need so, use ncm-filesystems in addition to this component. It doesn’t remove any filesystems specified under /software/components/fstab/protected_mounts.
Types
• /software/fstab/fstab_protected_entries – Description:
246 Chapter 1. Content Quattor Documentation, Release 0.0.1
Protected mountpoints and filesystem types. mounts is looked for on the second field of fstab, fs_file fs_types is looked for on the third field of fstab, fs_vfstype Default content of mounts is the same content as from the now deprecated protected_mounts field in the structure_component_fstab type • /software/fstab/fstab_protected_entries/mounts – Optional – Type: string • /software/fstab/fstab_protected_entries/fs_types – Optional – Type: string • /software/fstab/structure_component_fstab – Description: fstab component structure keep entries are always kept, but can be changed static entries can not be changed, but can be deleted protected_mounts is still here for backwards compability, and is the same as keep/mounts • /software/fstab/structure_component_fstab/keep – Optional – Type: fstab_protected_entries • /software/fstab/structure_component_fstab/static – Optional – Type: fstab_protected_entries • /software/fstab/structure_component_fstab/protected_mounts – Optional – Type: string ganglia
NAME ncm-ganglia: Ganglia components
DESCRIPTION ganglia
RESOURCES
/software/components/ganglia
The configuration information for the component. Each field should be described in this section.
1.3. configuration-modules-core 247 Quattor Documentation, Release 0.0.1
Types
• /software/ganglia/daemon_ganglia – /software/ganglia/daemon_ganglia/config_file
* Optional * Type: string – /software/ganglia/daemon_ganglia/data_source
* Optional * Type: string – /software/ganglia/daemon_ganglia/gridname
* Optional * Type: string – /software/ganglia/daemon_ganglia/case_sensitive_hostnames
* Optional * Type: long • /software/ganglia/metric_collection_groups_client_ganglia – /software/ganglia/metric_collection_groups_client_ganglia/name
* Optional * Type: string – /software/ganglia/metric_collection_groups_client_ganglia/title
* Optional * Type: string – /software/ganglia/metric_collection_groups_client_ganglia/value_threshold
* Optional * Type: string • /software/ganglia/collection_groups_client_ganglia – /software/ganglia/collection_groups_client_ganglia/collect_once
* Optional * Type: boolean – /software/ganglia/collection_groups_client_ganglia/time_threshold
* Optional * Type: long – /software/ganglia/collection_groups_client_ganglia/metric
* Optional * Type: metric_collection_groups_client_ganglia – /software/ganglia/collection_groups_client_ganglia/collect_every
* Optional
248 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: long • /software/ganglia/modules_client_ganglia – /software/ganglia/modules_client_ganglia/name
* Optional * Type: string – /software/ganglia/modules_client_ganglia/path
* Optional * Type: string – /software/ganglia/modules_client_ganglia/enabled
* Optional * Type: boolean – /software/ganglia/modules_client_ganglia/params
* Optional * Type: string – /software/ganglia/modules_client_ganglia/param
* Optional * Type: string • /software/ganglia/access_acl_client_ganglia – /software/ganglia/access_acl_client_ganglia/ip
* Optional * Type: string – /software/ganglia/access_acl_client_ganglia/mask
* Optional * Type: string – /software/ganglia/access_acl_client_ganglia/action
* Optional * Type: string • /software/ganglia/acl_client_ganglia – /software/ganglia/acl_client_ganglia/default
* Optional * Type: string – /software/ganglia/acl_client_ganglia/access
* Optional * Type: access_acl_client_ganglia • /software/ganglia/udp_accept_channel_client_ganglia – /software/ganglia/udp_accept_channel_client_ganglia/port
1.3. configuration-modules-core 249 Quattor Documentation, Release 0.0.1
* Optional * Type: long – /software/ganglia/udp_accept_channel_client_ganglia/bind
* Optional * Type: string – /software/ganglia/udp_accept_channel_client_ganglia/interface
* Optional * Type: string – /software/ganglia/udp_accept_channel_client_ganglia/family
* Optional * Type: string – /software/ganglia/udp_accept_channel_client_ganglia/timeout
* Optional * Type: long – /software/ganglia/udp_accept_channel_client_ganglia/acl
* Optional * Type: acl_client_ganglia • /software/ganglia/udp_recv_channel_client_ganglia – /software/ganglia/udp_recv_channel_client_ganglia/port
* Optional * Type: long – /software/ganglia/udp_recv_channel_client_ganglia/mcast_join
* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/mcast_if
* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/bind
* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/family
* Optional * Type: string – /software/ganglia/udp_recv_channel_client_ganglia/acl
* Optional * Type: acl_client_ganglia
250 Chapter 1. Content Quattor Documentation, Release 0.0.1
• /software/ganglia/udp_send_channel_client_ganglia – /software/ganglia/udp_send_channel_client_ganglia/host
* Optional * Type: string – /software/ganglia/udp_send_channel_client_ganglia/port
* Optional * Type: long – /software/ganglia/udp_send_channel_client_ganglia/ttl
* Optional * Type: long – /software/ganglia/udp_send_channel_client_ganglia/mcast_join
* Optional * Type: string – /software/ganglia/udp_send_channel_client_ganglia/mcast_if
* Optional * Type: string • /software/ganglia/host_client_ganglia – /software/ganglia/host_client_ganglia/location
* Optional * Type: string • /software/ganglia/cluster_client_ganglia – /software/ganglia/cluster_client_ganglia/name
* Optional * Type: string – /software/ganglia/cluster_client_ganglia/owner
* Optional * Type: string – /software/ganglia/cluster_client_ganglia/latlong
* Optional * Type: string – /software/ganglia/cluster_client_ganglia/url
* Optional * Type: string • /software/ganglia/globals_client_ganglia – /software/ganglia/globals_client_ganglia/daemonize
* Optional
1.3. configuration-modules-core 251 Quattor Documentation, Release 0.0.1
* Type: boolean – /software/ganglia/globals_client_ganglia/setuid
* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/user
* Optional * Type: string – /software/ganglia/globals_client_ganglia/debug_level
* Optional * Type: long – /software/ganglia/globals_client_ganglia/max_udp_msg_len
* Optional * Type: long – /software/ganglia/globals_client_ganglia/mute
* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/deaf
* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/allow_extra_data
* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/host_dmax
* Optional * Type: long – /software/ganglia/globals_client_ganglia/cleanup_threshold
* Optional * Type: long – /software/ganglia/globals_client_ganglia/send_metadata_interval
* Optional * Type: long – /software/ganglia/globals_client_ganglia/gexec
* Optional * Type: boolean – /software/ganglia/globals_client_ganglia/module_dir
* Optional
252 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: string • /software/ganglia/client_ganglia – /software/ganglia/client_ganglia/config_file
* Optional * Type: string – /software/ganglia/client_ganglia/globals
* Optional * Type: globals_client_ganglia – /software/ganglia/client_ganglia/cluster
* Optional * Type: cluster_client_ganglia – /software/ganglia/client_ganglia/host
* Optional * Type: host_client_ganglia – /software/ganglia/client_ganglia/udp_send_channel
* Optional * Type: udp_send_channel_client_ganglia – /software/ganglia/client_ganglia/udp_recv_channel
* Optional * Type: udp_recv_channel_client_ganglia – /software/ganglia/client_ganglia/tcp_accept_channel
* Optional * Type: udp_accept_channel_client_ganglia – /software/ganglia/client_ganglia/modules
* Optional * Type: modules_client_ganglia – /software/ganglia/client_ganglia/includes
* Optional * Type: string – /software/ganglia/client_ganglia/collection_groups
* Optional * Type: collection_groups_client_ganglia • /software/ganglia/component_ganglia – /software/ganglia/component_ganglia/package
* Optional * Type: string
1.3. configuration-modules-core 253 Quattor Documentation, Release 0.0.1
– /software/ganglia/component_ganglia/daemon
* Optional * Type: daemon_ganglia – /software/ganglia/component_ganglia/client
* Optional * Type: client_ganglia gmetad
DESCRIPTION
The gmetad component manages Ganglia’s gmetad daemon. This daemon collects performance information from various nodes and stores it in a RRD database.
GMETAD
The configuration of gmetad is stored in the file /etc/gmetad.conf. The schema for this component is very similar to the options in the configuration file. * /software/components/gmetad/data_source/[srcindex]/name : string Name of the data source. * /software/components/gmetad/data_source/[srcindex]/polling_interval : long(1..) Optional polling interval for the data source, in seconds. * /software/components/gmetad/data_source/[srcindex]/host/[hostindex]/address : type_hostname Host name or IP address per machine serving the data source. * /software/components/gmetad/data_source/[srcindex]/host/[hostindex]/port : type_port Optional port per machine serving the data source. * /software/components/gmetad/debug_level : long(0..) Optional level of debug output for the daemon. * /software/components/gmetad/scalability : string Optional flag to enable or disable scalability mode. Valid values are on and off. * /software/components/gmetad/file : string Mandatory field specifying the location of the the configuration file. For Ganglia 3.0, this should be /etc/gmetad.confand for Ganglia 3.1, it should be /etc/ganglia/gmetad.conf. * /software/components/gmetad/gridname : string Optional name of the grid. * /software/components/gmetad/authority : type_absoluteURI Optional authority URL for this grid.
254 Chapter 1. Content Quattor Documentation, Release 0.0.1
* /software/components/gmetad/trusted_hosts : type_hostname[] Optional list of trusted hosts. * /software/components/gmetad/all_trusted : string Optional field to enable trust of all hosts. Valid values are on and off. * /software/components/gmetad/setuid : string Optional flag to control setuid mode of the daemon. Valid values are on and off. * /software/components/gmetad/setuid_username : string Optional name of the user account running the daemon. * /software/components/gmetad/xml_port : type_port Optional port on which gmetad will answer requests for XML. * /software/components/gmetad/interactive_port : type_port Optional port on which gmetad will answer queries for XML. * /software/components/gmetad/server_threads : long(1..) Optional number of threads answering XML requests. * /software/components/gmetad/rrd_rootdir : string Optional directory where gmetad stores its RRD databases.
Types
• /software/gmetad/structure_component_gmetad_data_source_host – /software/gmetad/structure_component_gmetad_data_source_host/address
* Optional * Type: type_hostname – /software/gmetad/structure_component_gmetad_data_source_host/port
* Optional * Type: type_port • /software/gmetad/structure_component_gmetad_data_source – /software/gmetad/structure_component_gmetad_data_source/name
* Optional * Type: string – /software/gmetad/structure_component_gmetad_data_source/polling_interval
* Optional * Type: long * Range: 1.. – /software/gmetad/structure_component_gmetad_data_source/host
* Optional * Type: structure_component_gmetad_data_source_host
1.3. configuration-modules-core 255 Quattor Documentation, Release 0.0.1
• /software/gmetad/structure_component_gmetad – /software/gmetad/structure_component_gmetad/debug_level
* Optional * Type: long * Range: 0.. – /software/gmetad/structure_component_gmetad/data_source
* Optional * Type: structure_component_gmetad_data_source – /software/gmetad/structure_component_gmetad/scalability
* Optional * Type: string – /software/gmetad/structure_component_gmetad/gridname
* Optional * Type: string – /software/gmetad/structure_component_gmetad/authorithy
* Optional * Type: type_absoluteURI – /software/gmetad/structure_component_gmetad/trusted_hosts
* Optional * Type: type_hostname – /software/gmetad/structure_component_gmetad/all_trusted
* Optional * Type: string – /software/gmetad/structure_component_gmetad/setuid
* Optional * Type: string – /software/gmetad/structure_component_gmetad/setuid_username
* Optional * Type: string – /software/gmetad/structure_component_gmetad/xml_port
* Optional * Type: type_port – /software/gmetad/structure_component_gmetad/interactive_port
* Optional * Type: type_port – /software/gmetad/structure_component_gmetad/server_threads
256 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: long * Range: 1.. – /software/gmetad/structure_component_gmetad/rrd_rootdir
* Optional * Type: string – /software/gmetad/structure_component_gmetad/file
* Optional * Type: string gmond
DESCRIPTION
The gmond component manages Ganglia’s gmond daemon. This daemon collects information at a node and uses multicast to distribute it over the network.
Types
• /software/gmond/gmond_acl_access – /software/gmond/gmond_acl_access/ip
* Optional * Type: type_ip – /software/gmond/gmond_acl_access/mask
* Optional * Type: long * Range: 0..32 – /software/gmond/gmond_acl_access/action
* Optional * Type: string • /software/gmond/gmond_acl – /software/gmond/gmond_acl/default
* Optional * Type: string – /software/gmond/gmond_acl/access
* Optional * Type: gmond_acl_access • /software/gmond/gmond_cluster – /software/gmond/gmond_cluster/name
1.3. configuration-modules-core 257 Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/gmond/gmond_cluster/owner
* Optional * Type: string – /software/gmond/gmond_cluster/latlong
* Optional * Type: string – /software/gmond/gmond_cluster/url
* Optional * Type: type_absoluteURI • /software/gmond/gmond_host – /software/gmond/gmond_host/location
* Optional * Type: string • /software/gmond/gmond_globals – /software/gmond/gmond_globals/daemonize
* Optional * Type: boolean – /software/gmond/gmond_globals/setuid
* Optional * Type: boolean – /software/gmond/gmond_globals/user
* Optional * Type: string – /software/gmond/gmond_globals/debug_level
* Optional * Type: long – /software/gmond/gmond_globals/mute
* Optional * Type: boolean – /software/gmond/gmond_globals/deaf
* Optional * Type: boolean – /software/gmond/gmond_globals/host_dmax
* Optional
258 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: long * Range: 0.. – /software/gmond/gmond_globals/host_tmax
* Optional * Type: long * Range: 0.. – /software/gmond/gmond_globals/cleanup_threshold
* Optional * Type: long * Range: 0.. – /software/gmond/gmond_globals/gexec
* Optional * Type: boolean – /software/gmond/gmond_globals/send_metadata_interval
* Optional * Type: long * Range: 0.. – /software/gmond/gmond_globals/module_dir
* Optional * Type: string – /software/gmond/gmond_globals/allow_extra_data
* Optional * Type: boolean – /software/gmond/gmond_globals/max_udp_msg_len
* Optional * Type: long * Range: 0..65536 • /software/gmond/gmond_udp_send_channel – /software/gmond/gmond_udp_send_channel/mcast_join
* Optional * Type: type_ipv4 – /software/gmond/gmond_udp_send_channel/mcast_if
* Optional * Type: string – /software/gmond/gmond_udp_send_channel/host
* Optional
1.3. configuration-modules-core 259 Quattor Documentation, Release 0.0.1
* Type: type_hostname – /software/gmond/gmond_udp_send_channel/port
* Optional * Type: type_port – /software/gmond/gmond_udp_send_channel/ttl
* Optional * Type: long * Range: 1.. – /software/gmond/gmond_udp_send_channel/bind
* Optional * Type: type_ipv4 – /software/gmond/gmond_udp_send_channel/bind_hostname
* Optional * Type: boolean • /software/gmond/gmond_udp_recv_channel – /software/gmond/gmond_udp_recv_channel/mcast_join
* Optional * Type: type_ipv4 – /software/gmond/gmond_udp_recv_channel/bind
* Optional * Type: type_ip – /software/gmond/gmond_udp_recv_channel/mcast_if
* Optional * Type: string – /software/gmond/gmond_udp_recv_channel/port
* Optional * Type: type_port – /software/gmond/gmond_udp_recv_channel/family
* Optional * Type: string – /software/gmond/gmond_udp_recv_channel/acl
* Optional * Type: gmond_acl • /software/gmond/gmond_tcp_accept_channel – /software/gmond/gmond_tcp_accept_channel/bind
* Optional
260 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: type_ip – /software/gmond/gmond_tcp_accept_channel/port
* Optional * Type: type_port – /software/gmond/gmond_tcp_accept_channel/family
* Optional * Type: string – /software/gmond/gmond_tcp_accept_channel/timeout
* Description: timeout in micro seconds * Optional * Type: long – /software/gmond/gmond_tcp_accept_channel/acl
* Optional * Type: gmond_acl • /software/gmond/gmond_metric – /software/gmond/gmond_metric/name
* Optional * Type: string – /software/gmond/gmond_metric/value_threshold
* Optional * Type: double – /software/gmond/gmond_metric/title
* Optional * Type: string • /software/gmond/gmond_collection_group – /software/gmond/gmond_collection_group/collect_once
* Optional * Type: boolean – /software/gmond/gmond_collection_group/collect_every
* Optional * Type: long * Range: 1.. – /software/gmond/gmond_collection_group/time_threshold
* Optional * Type: long * Range: 1..
1.3. configuration-modules-core 261 Quattor Documentation, Release 0.0.1
– /software/gmond/gmond_collection_group/metric
* Optional * Type: gmond_metric • /software/gmond/gmond_module – /software/gmond/gmond_module/name
* Optional * Type: string – /software/gmond/gmond_module/language
* Optional * Type: string – /software/gmond/gmond_module/path
* Optional * Type: string – /software/gmond/gmond_module/params
* Optional * Type: string – /software/gmond/gmond_module/param
* Optional * Type: dict • /software/gmond/gmond_component – /software/gmond/gmond_component/cluster
* Description: Cluster configuration * Optional * Type: gmond_cluster – /software/gmond/gmond_component/host
* Description: Host configuration * Optional * Type: gmond_host – /software/gmond/gmond_component/globals
* Description: Configuration of gmond * Optional * Type: gmond_globals – /software/gmond/gmond_component/udp_send_channel
* Description: List of UDP channels to send information to. * Optional * Type: gmond_udp_send_channel
262 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/gmond/gmond_component/udp_recv_channel
* Description: List of UDP channels to receive information from. * Optional * Type: gmond_udp_recv_channel – /software/gmond/gmond_component/tcp_accept_channel
* Description: List of TCP channels from which information is accepted. * Optional * Type: gmond_tcp_accept_channel – /software/gmond/gmond_component/collection_group
* Description: List of collection groups * Optional * Type: gmond_collection_group – /software/gmond/gmond_component/module
* Description: List of modules * Optional * Type: gmond_module – /software/gmond/gmond_component/include
* Description: Optional list of additional files to include. * Optional * Type: absolute_file_path – /software/gmond/gmond_component/file
* Description: The location of the configuration file. The correct value differs between Ganglia 3.0 (/etc/gmond.conf) and 3.1 (/etc/ganglia/gmond.conf). There is no default value.
* Optional * Type: absolute_file_path gpfs
NAME
NCM::gpfs - NCM gpfs configuration component
Types
• /software/gpfs/gpfs_curl – /software/gpfs/gpfs_curl/usecurl
* Optional * Type: boolean
1.3. configuration-modules-core 263 Quattor Documentation, Release 0.0.1
– /software/gpfs/gpfs_curl/usegss
* Description: use kerberos token form host keytab * Optional * Type: boolean – /software/gpfs/gpfs_curl/usesindesgetcertcertwithcurl
* Description: get certificate information from SINDES getcert component configuration * Optional * Type: boolean – /software/gpfs/gpfs_curl/useccmcertwithcurl
* Description: get certificate information from CCM component configuration * Optional * Type: boolean • /software/gpfs/gpfs_cfg – /software/gpfs/gpfs_cfg/url
* Optional * Type: string – /software/gpfs/gpfs_cfg/keyData
* Optional * Type: string – /software/gpfs/gpfs_cfg/sdrrestore
* Optional * Type: boolean – /software/gpfs/gpfs_cfg/subnet
* Optional * Type: string • /software/gpfs/gpfs_base – /software/gpfs/gpfs_base/rpms
* Optional * Type: string – /software/gpfs/gpfs_base/baseurl
* Optional * Type: string – /software/gpfs/gpfs_base/useproxy
* Optional * Type: boolean – /software/gpfs/gpfs_base/useyum
264 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: boolean • /software/gpfs/gpfs_sysmon_common – /software/gpfs/gpfs_sysmon_common/monitorinterval
* Optional * Type: long * Range: 0.. – /software/gpfs/gpfs_sysmon_common/monitoroffset
* Optional * Type: long * Range: 0.. – /software/gpfs/gpfs_sysmon_common/clockalign
* Optional * Type: boolean • /software/gpfs/gpfs_sysmon_network • /software/gpfs/gpfs_sysmon – /software/gpfs/gpfs_sysmon/network
* Optional * Type: gpfs_sysmon_network • /software/gpfs/gpfs_component – /software/gpfs/gpfs_component/base
* Optional * Type: gpfs_base – /software/gpfs/gpfs_component/cfg
* Optional * Type: gpfs_cfg – /software/gpfs/gpfs_component/sysmon
* Description: GPFS mmsysmonitor configuration. When defined, existing configuration is read and only configured values are modified/added, keeping any other existing ones.
* Optional * Type: gpfs_sysmon – /software/gpfs/gpfs_component/skiprpm
* Optional * Type: boolean
1.3. configuration-modules-core 265 Quattor Documentation, Release 0.0.1 grub
NAME
The grub component manages the grub configuration.
DESCRIPTION
The grub component manages the configuration of grub. Most of the configuration is handled via the grubby tool (which supports grub2). Some configuration like serial console settings and password however is done by modifying the grub configfile directly, which might not be safe under grub2.
RESOURCES
Besides /software/component/grub, following resources are used: /system/kernel/version for setting the default kernel /hardware/console/serial for serial console configuration
EXAMPLES
A standard SL4 kernel with initrd image to be loaded.
"/software/components/grub/kernels/0"= nlist("kernelpath", "/vmlinuz-2.6.9-22.0.1.EL", "kernelargs", "ro root=LABEL=/", "title", "Scientific Linux 4.2 / 2.6.9", "initrd", "/initrd-2.6.9-22.0.1.EL.img" );
This configuration produces the following entry in grub.conf (via grubby):
title Scientific Linux 4.2/ 2.6.9 kernel /vmlinuz-2.6.9-22.0.1.EL ro root=LABEL=/ initrd/initrd-2.6.9-22.0.1.EL.img
A Xen 3 hypervisor with Linux 2.6 domain 0 kernel and initrd (via grubby).
"/software/components/grub/kernels/1"= nlist("multiboot", "/xen-3.0.2-2.gz", "mbargs", "dom0_mem=400000", "title", "Xen 3 / XenLinux 2.6.16", "kernelpath", "/vmlinuz-2.6.16-xen3_86.1_rhel4.1", "kernelargs", "max_loop=128 root=/dev/hda2 ro", "initrd", "/initrd-2.6.16-xen3_86.1_rhel4.1" );
Produces the following entry in grub.conf:
266 Chapter 1. Content Quattor Documentation, Release 0.0.1
title Xen3/ XenLinux 2.6.16 kernel/xen-3.0.2-2.gz dom0_mem=400000 addthis module /vmlinuz-2.6.16-xen3_86.1_rhel4.1 max_loop=128 root=/dev/hda2 ro module/initrd-2.6.16-xen3_86.1_rhel4.1
Methods
grubby_args_options Given string args, split and convert into grubby commandline options to add and/or remove the argu- ments. Arguments prefixed with ‘-‘ are scheduled for removal If multiboot is true, generate multiboot commandline options Returns a list of options. password Configure the grub password by editing the grub conf via filehandle grub_fh (a CAF::FileEditor instance, which is not closed in this method). Returns SUCCESS on succes, undef otherwise. serial_console Configure the grub serial console settings (ttyS devices only) by editing the grub conf via filehandle grub_fh(a CAF::FileEditor instance, which is not closed in this method). Returns undef on failure, the console kernel commandline option (or empty string if none is to be config- ured) on success. main_section_offset Given a grub config filehandle (a CAF::FileEditor instance), return the startposition of the main section i.e. after the header comments (if any). grub_conf Edit grub configfile and return serial console kernel commandline option (if any). grubby Run grubby with arraref args via CAF::Proces using the output method and return the output. Has following options proc: return new CAF::Process instance with args (i.e. without execute/output) success: run execute and return 1 on success, 0 on failure keeps_state: pass keeps_state flag current_default Return current full path of current default kernel. set_default Set default kernel to new kernelpath and verify by (re)checking the default kernel. Returns success on success; on failure, return either undef: setting default kernel returned non-zero exitcode 0: setting default was succesful, but new default kernel is not expected kernel
1.3. configuration-modules-core 267 Quattor Documentation, Release 0.0.1
No errors are reported. configure_default Configure the new default kernel to be new. If this fails and mbnew exists, try to set mbnew as default. If neither new nor mbnew are successful, report an error and revert to original. kernel Configure boot entry using kernel hashref, the kernel prefixand optional serial console kernel com- mandline option cons. Any serial console settings in the kernelargs attribute is replaced by cons (when defined). get_info Return info for default kernel as an arrayref of hashref Same kernel can have multiple entries. default_options Configure kernel commandline options of default kernel pxeboot Set pxeboot as first bootorder. Returns SUCCESS on success, undef otherwise. Currently only supported on UEFI systems using efibootmgr. On other systems, SUCCESS is also returned (but nothing is done). Configure Updates the grub.conf configuration file using grubby according to a list of kernels described in the profile. Sets the default kernel to that specified in /system/kernel/version. Supports serial console configuration specified in /hardware/console/serial. multiboot loaders (most commonly used for configuration of Xen systems). Returns error in case of failure.
Types
• /software/grub/type_grub_password – Description: the crypted password can be supplied either in the password field OR, alternatively, within a file. this could be useful if putting the crypted password in the profile is undesirable. for this the file will be scanned and the password will be taken from the second field in a colon delimited line, where the first field matches the file_user parameter. • /software/grub/type_grub_password/enabled – Description: Sets if a password should be enabled in grub.conf. If this is false, any existing password will be removed. If this is not defined, the component will not add or remove a password, leaving any existing one untouched. – Optional – Type: boolean
268 Chapter 1. Content Quattor Documentation, Release 0.0.1
• /software/grub/type_grub_password/option – Description: An –option used with the password line in grub.conf. This is typically used to set the hashing algorithm for the password. “encrypted” means the password can be hashed with (more secure than MD5) SHA-256 or SHA-512. “md5” for an MD5 hashed password. Plaintext is not supported. – Optional – Type: string • /software/grub/type_grub_password/password – Description: Mutually exclusive with the file option. A crypted password for grub.conf. – Optional – Type: string • /software/grub/type_grub_password/file – Description: Mutually exclusive with the password option. The path to a file on the host where the password can be read from. May be useful if it is undesirable to put (even crypted) profiles into the profile. The file will be scanned for a line where the first field (colon seperated) matches the file_user option, and the second field will be used as the parameter. – Optional – Type: string • /software/grub/type_grub_password/file_user – Description: See description of the file option. The user (first field) to be picked from a password field. – Optional – Type: string • /software/grub/type_kernel – /software/grub/type_kernel/kernelpath
* Description: Path to the kernel (relative to “prefix” described above). * Optional * Type: string – /software/grub/type_kernel/kernelargs
* Description: Sets the arguments for this kernel at boot time. Behaviour is same as ‘args’ with fullcontrol false.
* Optional * Type: string – /software/grub/type_kernel/multiboot
* Description: Allows for setting a multiboot loader which is a generic interface for boot loaders and operating systems. The Xen hypervisor uses a multiboot loader to load guest kernels as modules.
1.3. configuration-modules-core 269 Quattor Documentation, Release 0.0.1
– Optional – Type: string – /software/grub/type_kernel/mbargs
* Description: Sets the arguments that are to be passed to a multiboot loader. For example, the Xen hypervisor accepts arguments for setting the amount of memory allocated to the Domain 0 kernel.
* Optional * Type: string – /software/grub/type_kernel/initrd
* Description: Optionally set an initial ramdisk image to be loaded when booting. * Optional * Type: string – /software/grub/type_kernel/title
* Description: The title string that will be used to describe this entry. * Optional * Type: string • /software/grub/grub_component – /software/grub/grub_component/prefix
* Description: Prefix where kernels are found. Component defaults to /boot. * Optional * Type: string – /software/grub/grub_component/args
* Description: Sets the arguments for the default kernel at boot time. The removal of a current argument is done by preceding the argument with a “-“. If ‘fullcontrol’ is false then an empty or undefined value leaves the current arguments un- touched. If ‘fullcontrol’ is true then the current arguments passed to the kernel are substituted by the ones given in this entry.
* Optional * Type: string – /software/grub/grub_component/fullcontrol
* Description: Sets if we want a full control of the kernel arguments. The component default is ‘false’.
* Optional * Type: boolean – /software/grub/grub_component/kernels
* Description: This is a list of kernels that should have entries in the grub
270 Chapter 1. Content Quattor Documentation, Release 0.0.1
configuration file. Each kernel is described by the following entries.
* Optional * Type: type_kernel – /software/grub/grub_component/password
* Optional * Type: type_grub_password – /software/grub/grub_component/pxeboot
* Description: pxeboot first: set the PXE boot device as first device. Only for supported platforms (e.g. UEFI)
* Optional * Type: boolean hostsaccess
NAME hostsaccess: NCM component to control /etc/hosts.allow and hosts.deny files.
DESCRIPTION
The hostsaccess component manages the configuration files /etc/hosts.allowand /etc/hosts.deny. Few checks are done on the given configuration to allow all of the supported wildcarding.
RESOURCES
* /software/components/hostsaccess/allow A list where each entry consists of a named list with the keys: daemon and host. Both of the keys take strings as values and hence can support the full wildcarding syntax. These entries are allowed to access the daemon. NOTE: The daemon name MUST be encoded with the pan escape() function. This allows daemon lists to be used in the specification. * /software/components/hostsaccess/deny A list where each entry consists of a named list with the keys: daemon and host. Both of the keys take strings as values and hence can support the full wildcarding syntax. These entries are denied access to the daemon. NOTE: The daemon name MUST be encoded with the pan escape() function. This allows daemon lists to be used in the specification.
EXAMPLE
1.3. configuration-modules-core 271 Quattor Documentation, Release 0.0.1
"/software/components/hostsaccess/allow"= append( nlist( "daemon",escape("slapd"), "host","127.0.0.1" ) );
Types
• /software/hostsaccess/structure_hostsaccess_entry – /software/hostsaccess/structure_hostsaccess_entry/daemon
* Optional * Type: string – /software/hostsaccess/structure_hostsaccess_entry/host
* Optional * Type: string • /software/hostsaccess/component_hostsaccess – /software/hostsaccess/component_hostsaccess/allow
* Optional * Type: structure_hostsaccess_entry – /software/hostsaccess/component_hostsaccess/deny
* Optional * Type: structure_hostsaccess_entry hostsfile
NAME
NCM::hostsfile - NCM local hosts file configuration component.
SYNOPSIS
Configure() Updates the /etc/hosts file with the entries specified within the configuration. The entries in the configuration are keyed by the primary hostname. If an entry describes a hostname which is already in /etc/hosts(either as a primary hostname, or as an alias), then that host entry will be left alone (if takeover is false), or will be completely replaced by the entry specified in the configuration (if takeover is true). A comment # NCM is added to each line so that any deletions will also be cleaned up correctly. Returns error in case of a failure.
272 Chapter 1. Content Quattor Documentation, Release 0.0.1
RESOURCES
* /system/network/domainname When specifying hosts within the entries nlist, if a hostname is not FQDN and there are no aliases defined, then an alias will be automatically created using an FQDN formed by joining the shortname with this domain. * /software/components/hostsfile/file The filename to modify, defaults to /etc/hosts. * /software/components/hostsfile/entries An nlist, keyed by hostname. The value of each hostname is an nlist containing the following structure: ipaddr The IP address of the host. aliases A string value of aliases. Multiple aliases should be whitespace separated. comment A comment to append to the line within /etc/hosts. * /software/components/hostsfile/takeover A boolean. If false (the default), then pre-existing host lines in the file which are not tagged with the “NCM” comment will be preserved. If takeover is true, then pre-existing entries for hosts will be taken over and declared to be under NCM control.
EXAMPLES
Example - configuration defined like this:
include 'software/components/hostsfile'; "/software/components/hostsfile/active"= true; "/software/components/hostsfile/file"= "/etc/hosts.local"; "/software/components/hostsfile/entries"= nlist ( "tsmstor601.cern.ch", nlist( "ipaddr", "192.168.1.101", "comment", "TSM DB disks"), "tsmstor602.cern.ch", nlist( "ipaddr", "192.168.1.102", "comment", "TSM Staging disks"), );
will modify the /etc/hosts.local file from:
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 137.138.45.75 lxfsec1604.cern.ch
to:
1.3. configuration-modules-core 273 Quattor Documentation, Release 0.0.1
# Generated by Quattor component hostsfile # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 137.138.45.75 lxfsec1604.cern.ch 192.168.1.101 tsmstor601.cern.ch tsmstor601 # NCM TSM DB disks 192.168.1.101 tsmstor602.cern.ch tsmstor602 # NCM TSM Staging disks
The syntax below is also possible:
"/software/components/hostsfile/entries/tsmstor603"= nlist( "ipaddr", "192.168.1.103", "comment", "TSM more disks" );
or:
"/software/components/hostsfile/entries/tsmstor603/ipaddr"= "192.168.1.103"; "/software/components/hostsfile/entries/tsmstor603/comment"= "Testing";
Types
• /software/hostsfile/component_hostsfile_type – /software/hostsfile/component_hostsfile_type/file
* Optional * Type: string – /software/hostsfile/component_hostsfile_type/entries
* Optional * Type: dict – /software/hostsfile/component_hostsfile_type/takeover
* Optional * Type: boolean
icinga
DESCRIPTION
The icinga component manages the configuration for the Icinga monitoring system. At the time of this writing, escalations and dependencies are the only Icinga settings this component doesn’t under- stand.
BASIC COMPONENT STRUCTURE
Icinga configuration is very complicated. Before reading this, please check the Icinga documentation. All the fields on this component are named just like the tags for the appropriate Icinga object. * /software/components/icinga/general
274 Chapter 1. Content Quattor Documentation, Release 0.0.1
Global settings for Icinga. These settings will be written in /etc/icinga/icinga.cfg . * /software/components/icinga/cgi Configuration of the Icinga web interface. This path is optional. If it exists, the settings will be written in /etc/icinga/cgi.cfg. * /software/components/icinga/hosts Host definitions, indexed by host name. There is no host_name option, as it is taken from the index. Also, the host_address field is optional. If it’s not provided, gethostbyname is used to decide the host’s IP address. These settings are written in /etc/icinga/objects/hosts.cfg. * /software/components/icinga/hostgroups Hostgroup definitions, indexed by hostgroup name. These settings are written in /etc/icinga/ objects/hostgroups.cfg. * /software/components/icinga/hostdependencies Host dependency defintions, indexed by depended host name (this is, where the arrow ends in Icinga documentation). These settings are written in /etc/icinga/objects/hostdependencies.cfg. * /software/components/icinga/services Nlist of lists of service definitions. The keys are the service descriptions, escaped. The value is a list of service definitions that share the same definition but have different parameters (e.g, commands). Please check that you don’t list the same host on two entries of the same service, as the validation code won’t detect this and will cause Icinga to fail. These settings are written in /etc/icinga/objects/services.cfg. * /software/components/icinga/servicegroups List of service groups. It is written in /etc/icinga/objects/servicegroups.cfg * /software/components/icinga/servicedependencies List of service dependencies. It is written in /etc/icinga/objects/servicedependencies. cfg * /software/components/icinga/contacts Contact definition, indexed by contact name. These settings are written in /etc/icinga/objects/contacts.cfg. * /software/components/icinga/contactgroups Contact group definition, indexed by contact group name. These settings are written in /etc/icinga/ objects/contactgroups.cfg. * /software/components/icinga/commands Command lines, indexed by Icinga command name. These settings are stored in /etc/icinga/ objects/commands.cfg. * /software/components/icinga/macros Icinga $USERx$ macros, indexed by macro name. The macro name must not be surrounded by ‘$’. These settings are stored in /etc/icinga/resources.cfg. * /software/components/icinga/timeperiods
1.3. configuration-modules-core 275 Quattor Documentation, Release 0.0.1
Icinga time period definition, indexed by time period name. Time periods are stored in /etc/icinga/ objects/timeperiods.cfg. * /software/components/icinga/serviceextinfo Definition for extended service information. These settings are saved in /etc/icinga/objects/ serviceextinfo.cfg. * /software/components/icinga/external_files Other already existing files to be included in the configuration of Icinga. Please note that the component can’t validate these, so if you include a broken file, you’ll break your Icinga server! * /software/components/icinga/external_dirs Other already existing dirs to be included in the configuration of Icinga. Please note that the component can’t validate these, so if you include a broken file, you’ll break your Icinga server!
NOTES ON THE USE OF THIS COMPONENT
Command usage
When a service or a host references a command, it separates its arguments with ‘!’, e.g: check_command check_load!5,4,3!6,5,4 where check_load is an existing Icinga command. On this component, that should be specified as
"check_command"= list ("check_load", "5,4,3", "6,5,4");
Check commands and event handlers are defined as such lists of strings, where the first element must be an ex- isting command name. For the above example to be valid, /software/components/icinga/commands/ check_load must exist.
The use tag
The use tag is not allowed by this component. It makes validation almost impossible, and any attempt to implement an incomplete validation would make the compilation awfully slow. However, Pan offers the same functionality as the use tag, without giving up with validation. You may want to use value, includeand create to simulate Icinga inheritance. The only downside of this approach is the growth of the LLD profile.
FILES
The following files are written by this component: * /etc/icinga/icinga.cfg * /etc/icinga/cgi.cfg * /etc/icinga/objects/contacts.cfg * /etc/icinga/objects/contactgroups.cfg * /etc/icinga/objects/hosts.cfg
276 Chapter 1. Content Quattor Documentation, Release 0.0.1
* /etc/icinga/objects/hostgroups.cfg * /etc/icinga/objects/hostdependencies.cfg * /etc/icinga/objects/services.cfg * /etc/icinga/objects/servicegroups.cfg * /etc/icinga/objects/servicedependencies.cfg * /etc/icinga/objects/serviceextinfo.cfg * /etc/icinga/objects/timeperiods.cfg * /etc/icinga/objects/commands.cfg * /etc/icinga/resources.cfg If they exist, they will be truncated, the owner and group set to Icinga and the permissions will be set to 0660. Note that config_file and resource_file directives are not valid. To keep consistency, everything must be set according to this layout.
Functions
• icinga_has_host_or_hostgroup • icinga_check_service_name – Description: Check if a list of service names does not contain illegal characters. • Arguments: – List of service names.
Types
• /software/icinga/icinga_hoststring • /software/icinga/icinga_hostgroupstring • /software/icinga/icinga_commandstrings • /software/icinga/icinga_timeperiodstring • /software/icinga/icinga_contactgroupstring • /software/icinga/icinga_contactstring • /software/icinga/icinga_servicegroupstring • /software/icinga/icinga_servicestring • /software/icinga/icinga_service_notification_string • /software/icinga/icinga_host_notification_string • /software/icinga/icinga_stalking_string • /software/icinga/icinga_execution_failure_string • /software/icinga/icinga_notification_failure_string • /software/icinga/structure_icinga_host_generic – /software/icinga/structure_icinga_host_generic/name
1.3. configuration-modules-core 277 Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/icinga/structure_icinga_host_generic/check_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host_generic/max_check_attempts
* Optional * Type: long – /software/icinga/structure_icinga_host_generic/check_interval
* Optional * Type: long – /software/icinga/structure_icinga_host_generic/active_checks_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/passive_checks_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/check_period
* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_host_generic/obsess_over_host
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/check_freshness
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/freshness_threshold
* Optional * Type: long – /software/icinga/structure_icinga_host_generic/event_handler
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host_generic/event_handler_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/low_flap_threshold
278 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: long – /software/icinga/structure_icinga_host_generic/high_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_host_generic/flap_detection_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/process_perf_data
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/retain_status_information
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/retain_nonstatus_information
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/contact_groups
* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_host_generic/notification_interval
* Optional * Type: long – /software/icinga/structure_icinga_host_generic/notification_period
* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_host_generic/notification_options
* Optional * Type: icinga_host_notification_string – /software/icinga/structure_icinga_host_generic/notifications_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host_generic/stalking_options
* Optional * Type: string – /software/icinga/structure_icinga_host_generic/register
1.3. configuration-modules-core 279 Quattor Documentation, Release 0.0.1
* Optional * Type: boolean • /software/icinga/structure_icinga_host – /software/icinga/structure_icinga_host/alias
* Optional * Type: string – /software/icinga/structure_icinga_host/use
* Optional * Type: string – /software/icinga/structure_icinga_host/address
* Optional * Type: type_ip – /software/icinga/structure_icinga_host/parents
* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_host/hostgroups
* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_host/check_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host/max_check_attempts
* Optional * Type: long – /software/icinga/structure_icinga_host/check_interval
* Optional * Type: long – /software/icinga/structure_icinga_host/active_checks_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host/passive_checks_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host/check_period
* Optional * Type: icinga_timeperiodstring
280 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_host/obsess_over_host
* Optional * Type: boolean – /software/icinga/structure_icinga_host/check_freshness
* Optional * Type: boolean – /software/icinga/structure_icinga_host/freshness_threshold
* Optional * Type: long – /software/icinga/structure_icinga_host/event_handler
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_host/event_handler_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host/low_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_host/high_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_host/flap_detection_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host/process_perf_data
* Optional * Type: boolean – /software/icinga/structure_icinga_host/failure_prediction_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host/retain_status_information
* Optional * Type: boolean – /software/icinga/structure_icinga_host/retain_nonstatus_information
* Optional * Type: boolean
1.3. configuration-modules-core 281 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_host/contact_groups
* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_host/notification_interval
* Optional * Type: long – /software/icinga/structure_icinga_host/notification_period
* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_host/notification_options
* Optional * Type: icinga_host_notification_string – /software/icinga/structure_icinga_host/notifications_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_host/stalking_options
* Optional * Type: string – /software/icinga/structure_icinga_host/register
* Optional * Type: boolean – /software/icinga/structure_icinga_host/action_url
* Optional * Type: string – /software/icinga/structure_icinga_host/notes
* Optional * Type: string – /software/icinga/structure_icinga_host/notes_url
* Optional * Type: string – /software/icinga/structure_icinga_host/_mgmt
* Optional * Type: string – /software/icinga/structure_icinga_host/_mgmtip
* Optional * Type: string
282 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_host/_quattorserver
* Optional * Type: string – /software/icinga/structure_icinga_host/_quattorserverip
* Optional * Type: string – /software/icinga/structure_icinga_host/_dimms
* Optional * Type: string – /software/icinga/structure_icinga_host/_cpus
* Optional * Type: string – /software/icinga/structure_icinga_host/_enclosureip
* Optional * Type: string – /software/icinga/structure_icinga_host/_enclosureslot
* Optional * Type: long • /software/icinga/structure_icinga_hostgroup – /software/icinga/structure_icinga_hostgroup/alias
* Optional * Type: string – /software/icinga/structure_icinga_hostgroup/members
* Optional * Type: icinga_hoststring • /software/icinga/structure_icinga_hostdependency – /software/icinga/structure_icinga_hostdependency/dependent_host_name
* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_hostdependency/notification_failure_criteria
* Optional * Type: icinga_host_notification_string • /software/icinga/structure_icinga_service – /software/icinga/structure_icinga_service/name
* Optional * Type: string
1.3. configuration-modules-core 283 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_service/use
* Optional * Type: string – /software/icinga/structure_icinga_service/host_name
* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_service/hostgroup_name
* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_service/servicegroups
* Optional * Type: icinga_servicegroupstring – /software/icinga/structure_icinga_service/is_volatile
* Optional * Type: boolean – /software/icinga/structure_icinga_service/check_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_service/max_check_attempts
* Optional * Type: long – /software/icinga/structure_icinga_service/check_interval
* Optional * Type: long – /software/icinga/structure_icinga_service/retry_interval
* Optional * Type: long – /software/icinga/structure_icinga_service/active_checks_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_service/passive_checks_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_service/check_period
* Optional * Type: icinga_timeperiodstring
284 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_service/parallelize_check
* Optional * Type: boolean – /software/icinga/structure_icinga_service/obsess_over_service
* Optional * Type: boolean – /software/icinga/structure_icinga_service/check_freshness
* Optional * Type: boolean – /software/icinga/structure_icinga_service/freshness_threshold
* Optional * Type: long – /software/icinga/structure_icinga_service/event_handler
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_service/event_handler_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_service/low_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_service/high_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_service/flap_detection_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_service/process_perf_data
* Optional * Type: boolean – /software/icinga/structure_icinga_service/retain_status_information
* Optional * Type: boolean – /software/icinga/structure_icinga_service/retain_nonstatus_information
* Optional * Type: boolean
1.3. configuration-modules-core 285 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_service/notification_interval
* Optional * Type: long – /software/icinga/structure_icinga_service/notification_period
* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_service/notification_options
* Optional * Type: icinga_service_notification_string – /software/icinga/structure_icinga_service/notifications_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_service/contact_groups
* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_service/stalking_options
* Optional * Type: icinga_stalking_string – /software/icinga/structure_icinga_service/register
* Optional * Type: boolean – /software/icinga/structure_icinga_service/failure_prediction_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_service/action_url
* Optional * Type: string • /software/icinga/structure_icinga_servicegroup – /software/icinga/structure_icinga_servicegroup/alias
* Optional * Type: string – /software/icinga/structure_icinga_servicegroup/members
* Optional * Type: icinga_servicestring – /software/icinga/structure_icinga_servicegroup/servicegroup_members
* Optional
286 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: icinga_servicegroupstring – /software/icinga/structure_icinga_servicegroup/notes
* Optional * Type: string – /software/icinga/structure_icinga_servicegroup/notes_url
* Optional * Type: type_absoluteURI – /software/icinga/structure_icinga_servicegroup/action_url
* Optional * Type: type_absoluteURI • /software/icinga/structure_icinga_servicedependency – /software/icinga/structure_icinga_servicedependency/dependent_host_name
* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_servicedependency/dependent_hostgroup_name
* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_servicedependency/dependent_service_description
* Optional * Type: icinga_servicestring – /software/icinga/structure_icinga_servicedependency/host_name
* Optional * Type: icinga_hoststring – /software/icinga/structure_icinga_servicedependency/hostgroup_name
* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_servicedependency/service_description
* Optional * Type: string – /software/icinga/structure_icinga_servicedependency/inherits_parent
* Optional * Type: boolean – /software/icinga/structure_icinga_servicedependency/execution_failure_criteria
* Optional * Type: icinga_execution_failure_string – /software/icinga/structure_icinga_servicedependency/notification_failure_criteria
1.3. configuration-modules-core 287 Quattor Documentation, Release 0.0.1
* Optional * Type: icinga_notification_failure_string – /software/icinga/structure_icinga_servicedependency/dependency_period
* Optional * Type: icinga_timeperiodstring • /software/icinga/structure_icinga_contact – /software/icinga/structure_icinga_contact/alias
* Optional * Type: string – /software/icinga/structure_icinga_contact/contactgroups
* Optional * Type: icinga_contactgroupstring – /software/icinga/structure_icinga_contact/host_notification_period
* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_contact/service_notification_period
* Optional * Type: icinga_timeperiodstring – /software/icinga/structure_icinga_contact/host_notification_options
* Optional * Type: icinga_host_notification_string – /software/icinga/structure_icinga_contact/service_notification_options
* Optional * Type: icinga_service_notification_string – /software/icinga/structure_icinga_contact/host_notification_commands
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_contact/service_notification_commands
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_contact/email
* Optional * Type: string – /software/icinga/structure_icinga_contact/pager
* Optional * Type: string
288 Chapter 1. Content Quattor Documentation, Release 0.0.1
• /software/icinga/structure_icinga_contactgroup – /software/icinga/structure_icinga_contactgroup/alias
* Optional * Type: string – /software/icinga/structure_icinga_contactgroup/members
* Optional * Type: icinga_contactstring • /software/icinga/icinga_timerange • /software/icinga/structure_icinga_timeperiod – /software/icinga/structure_icinga_timeperiod/alias
* Optional * Type: string – /software/icinga/structure_icinga_timeperiod/monday
* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/tuesday
* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/wednesday
* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/thursday
* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/friday
* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/saturday
* Optional * Type: icinga_timerange – /software/icinga/structure_icinga_timeperiod/sunday
* Optional * Type: icinga_timerange • /software/icinga/structure_icinga_serviceextinfo – /software/icinga/structure_icinga_serviceextinfo/host_name
* Optional
1.3. configuration-modules-core 289 Quattor Documentation, Release 0.0.1
* Type: icinga_hoststring – /software/icinga/structure_icinga_serviceextinfo/service_description
* Optional * Type: string – /software/icinga/structure_icinga_serviceextinfo/hostgroup_name
* Optional * Type: icinga_hostgroupstring – /software/icinga/structure_icinga_serviceextinfo/notes
* Optional * Type: string – /software/icinga/structure_icinga_serviceextinfo/notes_url
* Optional * Type: type_absoluteURI – /software/icinga/structure_icinga_serviceextinfo/action_url
* Optional * Type: type_absoluteURI – /software/icinga/structure_icinga_serviceextinfo/icon_image
* Optional * Type: string – /software/icinga/structure_icinga_serviceextinfo/icon_image_alt
* Optional * Type: string • /software/icinga/structure_icinga_cgi_cfg – /software/icinga/structure_icinga_cgi_cfg/main_config_file
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/physical_html_path
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/url_html_path
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/url_stylesheets_path
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/http_charset
290 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/show_context_help
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/highlight_table_rows
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_pending_states
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_logging
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/cgi_log_file
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/cgi_log_rotation_method
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/cgi_log_archive_path
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/enforce_comments_on_actions
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/first_day_of_week
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_authentication
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/use_ssl_authentication
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/authorized_for_system_information
1.3. configuration-modules-core 291 Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_configuration_information
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_system_commands
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_services
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_hosts
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_service_commands
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/authorized_for_all_host_commands
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/show_all_services_host_is_authorized_for
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/show_partial_hostgroups
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/statusmap_background_image
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/default_statusmap_layout
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/default_statuswrl_layout
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/statuswrl_include
292 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/ping_syntax
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/refresh_rate
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/escape_html_tags
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/persistent_ack_comments
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/action_url_target
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/notes_url_target
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/lock_author_names
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/default_downtime_duration
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/status_show_long_plugin_output
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/tac_show_only_hard_state
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/suppress_maintenance_downtime
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/show_tac_header
1.3. configuration-modules-core 293 Quattor Documentation, Release 0.0.1
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/show_tac_header_pending
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/tab_friendly_titles
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/default_expiring_acknowledgement_duration
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/default_expiring_disabled_notifications_duration
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/display_status_totals
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/extinfo_show_child_hosts
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/log_file
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/log_rotation_method
* Optional * Type: string – /software/icinga/structure_icinga_cgi_cfg/lowercase_user_name
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/result_limit
* Optional * Type: long – /software/icinga/structure_icinga_cgi_cfg/send_ack_notifications
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/set_expire_ack_by_default
294 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Optional * Type: boolean – /software/icinga/structure_icinga_cgi_cfg/standalone_installation
* Optional * Type: boolean • /software/icinga/structure_icinga_icinga_cfg – /software/icinga/structure_icinga_icinga_cfg/log_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/object_cache_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/resource_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/status_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/icinga_user
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/icinga_group
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/check_external_commands
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/command_check_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/command_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/external_command_buffer_slots
* Optional * Type: long
1.3. configuration-modules-core 295 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/lock_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/temp_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/event_broker_options
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/log_rotation_method
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/log_archive_path
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/use_syslog
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_notifications
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_service_retries
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_host_retries
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_event_handlers
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_initial_states
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_current_states
* Optional * Type: boolean
296 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/log_external_commands
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_passive_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_external_commands_user
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/log_long_plugin_output
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/global_host_event_handler
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_inter_check_delay_method
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/max_service_check_spread
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/service_interleave_factor
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_inter_check_delay_method
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/max_host_check_spread
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/max_concurrent_checks
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/service_reaper_frequency
* Optional * Type: long
1.3. configuration-modules-core 297 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/check_result_buffer_slots
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/auto_reschedule_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/auto_rescheduling_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/auto_rescheduling_window
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/sleep_time
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_check_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/host_check_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/event_handler_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/notification_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/ocsp_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/perfdata_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/retain_state_information
* Optional * Type: boolean
298 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/state_retention_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/retention_update_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_retained_program_state
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/dump_retained_host_service_states_to_neb
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/use_retained_scheduling_info
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/interval_length
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_aggressive_host_checking
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/execute_service_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/accept_passive_service_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/execute_host_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/accept_passive_host_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_notifications
* Optional * Type: boolean
1.3. configuration-modules-core 299 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/enable_event_handlers
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/process_performance_data
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_template
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_template
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_mode
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_mode
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_processing_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_processing_interval
* Optional * Type: long
300 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/host_perfdata_file_processing_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/service_perfdata_file_processing_command
* Optional * Type: icinga_commandstrings – /software/icinga/structure_icinga_icinga_cfg/allow_empty_hostgroup_assignment
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/obsess_over_services
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_for_orphaned_services
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_service_freshness
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/service_freshness_check_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/check_host_freshness
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/host_freshness_check_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/status_update_interval
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/enable_flap_detection
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/low_service_flap_threshold
* Optional * Type: long
1.3. configuration-modules-core 301 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/high_service_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/low_host_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/high_host_flap_threshold
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/date_format
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/p1_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/enable_embedded_perl
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/use_embedded_perl_implicitly
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/stalking_event_handlers_for_hosts
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/stalking_event_handlers_for_services
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/illegal_object_name_chars
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/illegal_macro_output_chars
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/use_regexp_matching
* Optional * Type: boolean
302 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/use_true_regexp_matching
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/admin_email
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/admin_pager
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/daemon_dumps_core
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_result_path
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/precached_object_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/temp_path
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/retained_host_attribute_mask
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_service_attribute_mask
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_process_host_attribute_mask
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_process_service_attribute_mask
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/retained_contact_host_attribute_mask
* Optional * Type: boolean
1.3. configuration-modules-core 303 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/retained_contact_service_attribute_mask
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/max_check_result_file_age
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/translate_passive_host_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/passive_host_checks_are_soft
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_predictive_host_dependency_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_predictive_service_dependency_checks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/cached_host_check_horizon
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/cached_service_check_horizon
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_large_installation_tweaks
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/free_child_process_memory
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/child_processes_fork_twice
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/enable_environment_macros
* Optional * Type: boolean
304 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_icinga_cfg/soft_state_dependencies
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/ochp_timeout
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/ochp_command
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/use_timezone
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/broker_module
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/module
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/debug_file
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/debug_level
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/debug_verbosity
* Optional * Type: long * Range: 0..2 – /software/icinga/structure_icinga_icinga_cfg/max_debug_file_size
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/ocsp_command
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/check_result_path
* Optional
1.3. configuration-modules-core 305 Quattor Documentation, Release 0.0.1
* Type: string – /software/icinga/structure_icinga_icinga_cfg/event_profiling_enabled
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/additional_freshness_latency
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/check_for_orphaned_hosts
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/check_result_reaper_frequency
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/keep_unknown_macros
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/max_check_result_reaper_time
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/obsess_over_hosts
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/service_check_timeout_state
* Optional * Type: string – /software/icinga/structure_icinga_icinga_cfg/stalking_notifications_for_hosts
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/stalking_notifications_for_services
* Optional * Type: boolean – /software/icinga/structure_icinga_icinga_cfg/syslog_local_facility
* Optional * Type: long – /software/icinga/structure_icinga_icinga_cfg/use_daemon_log
* Optional
306 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: boolean – /software/icinga/structure_icinga_icinga_cfg/use_syslog_local_facility
* Optional * Type: boolean • /software/icinga/structure_icinga_service_list • /software/icinga/structure_icinga_ido2db_cfg – /software/icinga/structure_icinga_ido2db_cfg/lock_file
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/ido2db_user
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/ido2db_group
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/socket_type
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/socket_name
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/tcp_port
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/use_ssl
* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/db_servertype
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_host
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_port
* Optional * Type: long
1.3. configuration-modules-core 307 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_ido2db_cfg/db_name
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_prefix
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_user
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/db_pass
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/max_timedevents_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_systemcommands_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_servicechecks_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_hostchecks_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_eventhandlers_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_externalcommands_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/clean_realtime_tables_on_core_startup
* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/clean_config_tables_on_core_startup
* Optional * Type: boolean
308 Chapter 1. Content Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_ido2db_cfg/trim_db_interval
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/housekeeping_thread_startup_delay
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/debug_level
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/debug_verbosity
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/debug_file
* Optional * Type: string – /software/icinga/structure_icinga_ido2db_cfg/max_debug_file_size
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/oci_errors_to_syslog
* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/debug_readable_timestamp
* Optional * Type: boolean – /software/icinga/structure_icinga_ido2db_cfg/max_acknowledgements_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_contactnotificationmethods_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_contactnotifications_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/max_logentries_age
* Optional * Type: long
1.3. configuration-modules-core 309 Quattor Documentation, Release 0.0.1
– /software/icinga/structure_icinga_ido2db_cfg/max_notifications_age
* Optional * Type: long – /software/icinga/structure_icinga_ido2db_cfg/socket_perm
* Optional * Type: string • /software/icinga/structure_component_icinga – /software/icinga/structure_component_icinga/ignore_hosts
* Optional * Type: string – /software/icinga/structure_component_icinga/hosts
* Optional * Type: structure_icinga_host – /software/icinga/structure_component_icinga/hosts_generic
* Optional * Type: structure_icinga_host_generic – /software/icinga/structure_component_icinga/hostgroups
* Optional * Type: structure_icinga_hostgroup – /software/icinga/structure_component_icinga/hostdependencies
* Optional * Type: structure_icinga_hostdependency – /software/icinga/structure_component_icinga/services
* Optional * Type: structure_icinga_service_list – /software/icinga/structure_component_icinga/servicegroups
* Optional * Type: structure_icinga_servicegroup – /software/icinga/structure_component_icinga/general
* Optional * Type: structure_icinga_icinga_cfg – /software/icinga/structure_component_icinga/cgi
* Optional * Type: structure_icinga_cgi_cfg – /software/icinga/structure_component_icinga/serviceextinfo
* Optional
310 Chapter 1. Content Quattor Documentation, Release 0.0.1
* Type: structure_icinga_serviceextinfo – /software/icinga/structure_component_icinga/servicedependencies
* Optional * Type: structure_icinga_servicedependency – /software/icinga/structure_component_icinga/timeperiods
* Optional * Type: structure_icinga_timeperiod – /software/icinga/structure_component_icinga/contacts
* Optional * Type: structure_icinga_contact – /software/icinga/structure_component_icinga/contactgroups
* Optional * Type: structure_icinga_contactgroup – /software/icinga/structure_component_icinga/commands
* Optional * Type: string – /software/icinga/structure_component_icinga/macros
* Optional * Type: string – /software/icinga/structure_component_icinga/external_files
* Optional * Type: string – /software/icinga/structure_component_icinga/external_dirs
* Optional * Type: string – /software/icinga/structure_component_icinga/ido2db
* Optional * Type: structure_icinga_ido2db_cfg interactivelimits
NAME
NCM::interactivelimits - NCM interactivelimits configuration component
1.3. configuration-modules-core 311 Quattor Documentation, Release 0.0.1
SYNOPSIS
Configure() Updates the /etc/security/limits.conf file with system limits for interactive users. This file is read by /lib/security/pam_limits.so and the values defined there are respected. Returns error in case of failure.
RESOURCES
* /software/components/interactivelimits/active : boolean Activates/deactivates the component. * /software/components/interactivelimits/values : list Defines all values that should be configured in /etc/security/limits.conf. Example of such a definition from a node profile:
"/software/components/interactivelimits/values"= list( list("username", "soft", "core", "0"), list("username", "hard", "nofile", "65536"), list("username", "soft", "nproc", "16384"), list("username", "hard", "as", "unlimited"), );
Types
• /software/interactivelimits/component_interactivelimits_type – /software/interactivelimits/component_interactivelimits_type/values
* Optional * Type: string ipmi
NAME
NCM::ipmi - Components used to manage IPMI configuration
RESOURCES
* /software/components/ipmi/active : boolean Activates/deactivates the component.
FILES
This component doesn’t touch any file.
312 Chapter 1. Content Quattor Documentation, Release 0.0.1
Types
• /software/ipmi/structure_users – /software/ipmi/structure_users/login
* Optional * Type: string – /software/ipmi/structure_users/password
* Optional * Type: string – /software/ipmi/structure_users/priv
* Optional * Type: string – /software/ipmi/structure_users/userid
* Optional * Type: long • /software/ipmi/component_ipmi_type – /software/ipmi/component_ipmi_type/channel
* Optional * Type: long – /software/ipmi/component_ipmi_type/users
* Optional * Type: structure_users – /software/ipmi/component_ipmi_type/net_interface
* Optional * Type: string iptables
NAME iptables: Setup the IPTABLES firewall rules.
DESCRIPTION
The IPTABLES component perform the setup of the /etc/sysconfig/iptables configuration file and restarts the iptables service.
1.3. configuration-modules-core 313 Quattor Documentation, Release 0.0.1
SYNOPSIS
Configure() This function apply the component resource declaration to the IPTABLES firewall tables. The accept, drop, reject, return, classify and logdefault targets are supported. User defined targets are supported. We recommend that users specify new targets as a rule in the profile but the system will create them if it needs to - N.B. This means that you need to spell target names consistently and with identical capitalisation otherwise you will end up with multiple chains. E.g. chain “LocalRules” is not the same as “localrules”. Duplicated entries in the component resource declaration are ignored. For each configured table, the chains are added to the /etc/sysconfig/iptables in order, the relative order among the rules belonging to the same chain is preserved.
RESOURCES
* << /software/components/iptables>>
Top component description with the following parameters:
"filter" ? component_iptables_acls "nat" ? component_iptables_acls "mangle" ? component_iptables_acls
These parameters correspond to the three IPTABLES table types.
* type component_iptables_acls
The component_iptables_acls type is defined as:
"preamble" ? component_iptables_preamble "rules" ? component_iptables_rule[] "epilogue" ? string "ordered_rules" ? string with match (self, 'yes|no')
The epilogue parameter is the “COMMIT” command at the end of IPTABLES table description. Presently, no check is performed upon the content of this parameter. If ordered_rules is set to yes, the ruleset will be written as ordered in the original array. If set to no is is unset (the default), the rules will be ordered by target type (first, all the “log” rules, then “accept”,”drop”, and “logging”).
* type component_iptables_preamble
The component_iptables_preamble type is defined as:
"input" ? string "output" ? string "forward" ? string
These parameters contain the global rules for stated rules, e.g. :INPUT ACCEPT [0:0]. Presently, no check is performed upon the content of this parameters.
314 Chapter 1. Content Quattor Documentation, Release 0.0.1
* type component_iptables_rule
The component_iptables_rule type is defined as:
"command" ? string "chain" : string "protocol" ? string "src_addr" ? string "src_port" ? string "src_ports" ? string "dst_addr" ? string "dst_port" ? string "dst_ports" ? string "syn" ? boolean "nosyn" ? boolean "match" ? string "state" ? string "ctstate" ? string "limit" ? string "icmp_type" ? string "in_interface" ? string "out_interface" ? string "fragment" ? boolean "nofragment" ? boolean "target" : string "reject-with" ? string "log-prefix" ? string "log-level" ? string "log-tcp-options" ? boolean "log-tcp-sequence" ? boolean "log-ip-options" ? boolean "set-class" ? string "limit-burst" ? number "length" ? string "set" ? boolean "rcheck" ? boolean "seconds" ? number
* The “command” defines the action to perform: “-A”, “-D”, “-I”, “-N” or “-R”, it defaults to “-A”. * The “chain” defines the chain: “input”, “output” or “forward”. * The “protocol” defines the packet protocol: “tcp”, “udp” or “icmp”. * The “src_addr” defines the packet source address, it can be an IP address, or a network in the form net/mask (CIDR notation or full mask), or a hostname (which will be resolved at configuration time, not at runtime) - all of which can be optionally prepended with “!” to negate the selection. To limit the ability of hackers/crackers to use your system for DDoS attacks it is worthwhile, for machines which are not being used as routers, to block packets which do not come from their IP address in the OUTPUT tables. * The “src_port” defines the packet source port, it may be an integer or a service name included in the /etc/ services file. This parameter requires “protocol” also be set. * The “dst_addr” defines the packet destination address, it follows the same rules as the src_addr parameter. * The “dst_port” defines the packet destination port, it follows the same rules as the src_port parameter. This param- eter requires “protocol” also be set. * The “syn” defines the TCP packet with the SYN bit set to one, it will be set if the parameter is true. * The “match” defines the match extension module for the packet.
1.3. configuration-modules-core 315 Quattor Documentation, Release 0.0.1
* The “state” defines the connection state. * The “limit” defines the limit for logging. * The “limit-burst” defines the number of instances per time step to record. * The “icmp_type” defines the icmp type packet. * The “in_interface” defines the input interface for the packet. * The “out_interface” defines the output interface for the packet. * The “target” defines the target for the packet: “log”, “accept” or “drop”.
* function add_rule(