.. highlight:: rst .. _scmaster: ######## scmaster ######## **The messaging system** Description =========== scmaster is the implementation of the :ref:`messaging ` mediator. .. _section-scmaster-groups: Message Groups ============== scmaster provides the :ref:`message groups `. Configure * :confval:`defaultGroups`: Add the groups which can be used by all queues. * :confval:`queues.$name.groups`: Set all groups which are used by the given queue. You may inherit :confval:`defaultGroups`, e.g.: :: queues.production.groups = ${defaultGroups},L1PICK .. warning :: Setting any value without inheriting :confval:`defaultGroups` ignores all values of :confval:`defaultGroups`. Queues ====== scmaster provides *queues* for separating the processing. Typically, the default queue *production* is used. To add new queues #. Define a new queue by adding a new profile with some name, #. Configure the profile parameters :confval:`queues.$name.*`, #. Register the queue in :confval:`queues`. Scheme ====== scmaster provides unsecured and secured connection which is addressed by the scheme values *scmp* and *scmps*, respectively, in :confval:`connection.server` when connecting to the messaging. Read the :ref:`concepts section ` for more details. *scmps* is in use when configuring :confval:`interface.ssl.bind`. Database Access =============== scmaster reads from and writes to the database and reports the database connection to the clients of the messaging system (compare with the :ref:`concepts section `). The database is configured per queue. Single Machine -------------- When running all |scname| modules on a single machine, the read and write parameters are typically configured with *localhost* as a *host name*. Example: :: queues.production.processors.messages.dbstore.read = sysop:sysop@localhost/seiscomp queues.production.processors.messages.dbstore.write = sysop:sysop@localhost/seiscomp Multiple Machines ----------------- If the clients are located on machines different from the messaging, the *host name* of the read parameter must be available on the client machine and the client machine must be able to connect to the host with its name. If the database is on the same machine as the messaging, the *host name* of the write connection typically remains *localhost*. Example for connecting clients on computerB to the messaging on computerA (compare with the :ref:`concepts section `). * Configuration of scmaster on computerA: :: queues.production.processors.messages.dbstore.read = sysop:sysop@computerA/seiscomp queues.production.processors.messages.dbstore.write = sysop:sysop@localhost/seiscomp * Global configuration of client on computerB: :: connection.server = computerA/production Database Proxy -------------- scmaster can accept database requests and forward results to clients without exposing the underlying database. That allows clients to connect to the database of a particular queue via the Websocket HTTP protocol. No specific database plugin is required at the client which reduces the complexity of configuration. Be aware that due to the nature of a proxy which is another layer on top of the actual database connection the performance is not as high as direct database access. To let scmaster return the proxy address of the database connection, set .. code:: queues.production.processors.messages.dbstore.proxy = true in the configuration file. Access Control ============== scmaster does not provide any built-in access control to connecting clients. The only exception is the possibility to verify client certificates against the server certificate if SSL is enabled. .. code:: interface.ssl.verifyPeer = true It is required that the client certificate is signed by the server certificate otherwise the client connection will be rejected. .. _scmaster_configuration: Module Configuration ==================== | :file:`etc/defaults/global.cfg` | :file:`etc/defaults/scmaster.cfg` | :file:`etc/global.cfg` | :file:`etc/scmaster.cfg` | :file:`~/.seiscomp/global.cfg` | :file:`~/.seiscomp/scmaster.cfg` scmaster inherits :ref:`global options`. .. confval:: defaultGroups Default: ``AMPLITUDE, PICK, LOCATION, MAGNITUDE, FOCMECH, EVENT, QC, PUBLICATION, GUI, INVENTORY, CONFIG, LOGGING, SERVICE_REQUEST, SERVICE_PROVIDE, STATUS_GROUP`` Type: *list:string* The default set of message groups for each queue. Only used if a queues group list is unset \(note: empty is not unset\). .. confval:: queues Default: ``production, playback`` Type: *list:string* Enable messaging queues defined as profile in queues. The profile names are the final queue names. .. note:: **interface.\*** *Control the messaging interface. The default protocol is* *"scmp" but "scmps" (secure protocol) is* *used when valid SSL certificate and key are configured.* .. confval:: interface.bind Default: ``0.0.0.0:18180`` Type: *ipbind* Local bind address and port of the messaging system. 0.0.0.0:18180 accepts connections from all clients, 127.0.0.1:18180 only from localhost. .. confval:: interface.acl Type: *list:ipmask* The IP access control list for clients which are allowed to connect to the interface. Separate each IP with a space and put the entire list in double quotes, e.g. \"127.0.0.1 192.168.1.2 192.168.0.0\/16\". .. confval:: interface.socketPortReuse Default: ``true`` Type: *boolean* SO_REUSEADDR socket option for the TCP listening socket. .. note:: **interface.ssl.\*** *SSL encryption is used if key and certificate are configured.* .. confval:: interface.ssl.bind Default: ``0.0.0.0:-1`` Type: *ipbind* Additional local bind address and port of the messaging system in case SSL encryption is active. .. confval:: interface.ssl.acl Type: *list:ipmask* The IP access control list for clients which are allowed to connect to the interface. See interface.acl for further details. .. confval:: interface.ssl.socketPortReuse Default: ``true`` Type: *boolean* SO_REUSEADDR socket option for the TCP listening socket. .. confval:: interface.ssl.key Type: *path* .. confval:: interface.ssl.certificate Type: *path* .. confval:: interface.ssl.verifyPeer Default: ``false`` Type: *boolean* If enabled then the certificate of a connecting client is verified against the servers certificate. It is required that the client certificate is signed by the server certificate otherwise the connection is refused. .. note:: **queues.\*** *Set the parameters for each messaging queue. The queues are used* *when listed in the "queues" parameter. Several queues* *can be used in parallel. For queues with without databases leave* *the processor parameters empty.* .. note:: **queues.$name.\*** $name is a placeholder for the name to be used and needs to be added to :confval:`queues` to become active. .. code-block:: sh queues = a,b queues.a.value1 = ... queues.b.value1 = ... # c is not active because it has not been added # to the list of queues queues.c.value1 = ... .. confval:: queues.$name.groups Type: *list:string* Define the list of message groups added to the queue. If unset, then the defaultGroups will be used. A queue will always add the default group \"STATUS_GROUP\". This parameter overrides defaultGroups. .. confval:: queues.$name.acl Default: ``0.0.0.0/0`` Type: *list:ipmask* The IP access control list for clients which are allowed to join the queue. See interface.acl for further details. .. confval:: queues.$name.maximumPayloadSize Default: ``1048576`` Type: *int* Unit: *B* The maximum size in bytes of a message to be accepted. Clients which send larger messages will be disconnected. The default is 1MB. .. confval:: queues.$name.plugins Type: *list:string* List of plugins required by this queue. This is just a convenience parameter to improve configurations readability. The plugins can also be added to the global list of module plugins. Example: dbstore .. confval:: queues.$name.processors.messages Type: *string* Interface name. For now, use \"dbstore\"to use a database. Use empty for testing or playbacks without a database. .. note:: **queues.$name.processors.messages.dbstore.\*** *Define the database connection parameters.* .. confval:: queues.$name.processors.messages.dbstore.driver Type: *string* Selected the database driver to use. Database drivers are available through plugins. The default plugin is dbmysql which supports the MYSQL database server. It is activated with the core.plugins parameter. .. confval:: queues.$name.processors.messages.dbstore.read Type: *string* Set the database read connection which is reported to clients that connect to this server. If a remote setup should be implemented, ensure that the hostname is reachable from the remote computer. .. confval:: queues.$name.processors.messages.dbstore.write Type: *string* Set the database write connection which is private to scmaster. A separate write connection enables different permissions on the database level for scmaster and clients. .. confval:: queues.$name.processors.messages.dbstore.proxy Default: ``false`` Type: *boolean* If enabled then the database connection as configured in 'read' is not being returned to the client but the URL \"proxy:\/\/\". This URL tells the client to open the database via the websocket proxy at the messaging address, e.g. http:\/\/localhost\/production\/db. The same hostname and queue must be used as for the initial messaging connection. .. confval:: queues.$name.processors.messages.dbstore.strictVersionMatch Default: ``true`` Type: *boolean* If enabled, the plugin will check the database schema version and refuse to start if the version doesn't match the latest version. If disabled and the an object needs to be stored, which is incompatible with the database schema, this object is lost. Leave this option enabled unless you know exactly what are you doing and what the consequences are. .. confval:: http.filebase Default: ``@DATADIR@/scmaster/http/`` Type: *path* The directory served by the http server at staticPath. .. confval:: http.staticPath Default: ``/`` Type: *string* The URL path at which html files and assets are available. All files under filebase will be served at this URL path. .. confval:: http.brokerPath Default: ``/`` Type: *string* The URL path at which the broker websocket is available. Command-Line Options ==================== .. program:: scmaster :program:`scmaster [options]` Generic ------- .. option:: -h, --help Show help message. .. option:: -V, --version Show version information. .. option:: --config-file arg Use alternative configuration file. When this option is used the loading of all stages is disabled. Only the given configuration file is parsed and used. To use another name for the configuration create a symbolic link of the application or copy it. Example: scautopick \-> scautopick2. .. option:: --plugins arg Load given plugins. .. option:: -D, --daemon Run as daemon. This means the application will fork itself and doesn't need to be started with \&. Verbosity --------- .. option:: --verbosity arg Verbosity level [0..4]. 0:quiet, 1:error, 2:warning, 3:info, 4:debug. .. option:: -v, --v Increase verbosity level \(may be repeated, eg. \-vv\). .. option:: -q, --quiet Quiet mode: no logging output. .. option:: --component arg Limit the logging to a certain component. This option can be given more than once. .. option:: -s, --syslog Use syslog logging backend. The output usually goes to \/var\/lib\/messages. .. option:: -l, --lockfile arg Path to lock file. .. option:: --console arg Send log output to stdout. .. option:: --debug Execute in debug mode. Equivalent to \-\-verbosity\=4 \-\-console\=1 . .. option:: --log-file arg Use alternative log file. .. option:: --print-component arg For each log entry print the component right after the log level. By default the component output is enabled for file output but disabled for console output. .. option:: --trace Execute in trace mode. Equivalent to \-\-verbosity\=4 \-\-console\=1 \-\-print\-component\=1 \-\-print\-context\=1 . Wired ----- .. option:: --bind arg The non\-encrypted bind address. Format [ip:]port .. option:: --sbind arg The encrypted bind address. Format: [ip:]port