382 lines
14 KiB
Plaintext
382 lines
14 KiB
Plaintext
################################################################################
|
|
#
|
|
# OCS Inventory NG Communication Server Perl Module Setup
|
|
#
|
|
# Copyleft 2006 Pascal DANEK
|
|
# Web: http://www.ocsinventory-ng.org
|
|
#
|
|
# This code is open source and may be copied and modified as long as the source
|
|
# code is always made freely available.
|
|
# Please refer to the General Public Licence http://www.gnu.org/ or Licence.txt
|
|
################################################################################
|
|
|
|
<IfModule mod_perl.c>
|
|
|
|
# Which version of mod_perl we are using
|
|
# For mod_perl <= 1.999_21, replace VERSION_MP by 1
|
|
# For mod_perl > 1.999_21, replace VERSION_MP by 2
|
|
PerlSetEnv OCS_MODPERL_VERSION VERSION_MP
|
|
|
|
# Master Database settings
|
|
# Replace DATABASE_SERVER by hostname or ip of MySQL server for WRITE
|
|
PerlSetEnv OCS_DB_HOST DATABASE_SERVER
|
|
# Replace DATABASE_PORT by port where running MySQL server, generally 3306
|
|
PerlSetEnv OCS_DB_PORT DATABASE_PORT
|
|
# Name of database
|
|
PerlSetEnv OCS_DB_NAME DATABASE_NAME
|
|
PerlSetEnv OCS_DB_LOCAL DATABASE_NAME
|
|
# User allowed to connect to database
|
|
PerlSetEnv OCS_DB_USER DATABASE_USER
|
|
# Password for user
|
|
PerlSetVar OCS_DB_PWD DATABASE_PASSWD
|
|
# SSL Configuration
|
|
# 0 to disable the SSL support for MySQL/MariaDB
|
|
# 1 to enable the SSL support for MySQL/MariaDB
|
|
PerlSetEnv OCS_DB_SSL_ENABLED OCS_SSL_ENABLED
|
|
PerlSetEnv OCS_DB_SSL_CLIENT_KEY OCS_SSL_KEY
|
|
PerlSetEnv OCS_DB_SSL_CLIENT_CERT OCS_SSL_CERT
|
|
PerlSetEnv OCS_DB_SSL_CA_CERT OCS_SSL_CA
|
|
# SSL Mode
|
|
# - SSL_MODE_PREFERRED (SSL enabled but optional)
|
|
# - SSL_MODE_REQUIRED (SSL enabled, mandatory but don't verify server certificate. Ex self signed cert)
|
|
# - SSL_MODE_STRICT (SSL enabled, mandatory and server cert must be trusted)
|
|
PerlSetEnv OCS_DB_SSL_MODE OCS_SSL_COM_MODE
|
|
|
|
|
|
# Slave Database settings
|
|
# Replace DATABASE_SERVER by hostname or ip of MySQL server for READ
|
|
# Useful if you handle mysql slave databases
|
|
# PerlSetEnv OCS_DB_SL_HOST DATABASE_SERVER
|
|
# Replace DATABASE_PORT by port where running MySQL server, generally 3306
|
|
# PerlSetEnv OCS_DB_SL_PORT_SLAVE DATABASE_PORT
|
|
# User allowed to connect to database
|
|
# PerlSetEnv OCS_DB_SL_USER ocs
|
|
# Name of the database
|
|
# PerlSetEnv OCS_DB_SL_NAME ocsweb
|
|
# Password for user
|
|
# PerlSetVar OCS_DB_SL_PWD ocs
|
|
# SSL Configuration for Slave database
|
|
# 0 to disable the SSL support for MySQL/MariaDB
|
|
# 1 to enable the SSL support for MySQL/MariaDB
|
|
# PerlSetEnv OCS_DB_SL_SSL_ENABLED 0
|
|
# PerlSetEnv OCS_DB_SL_SSL_CLIENT_KEY /etc/ssl/private/client.key
|
|
# PerlSetEnv OCS_DB_SL_SSL_CLIENT_CERT /etc/ssl/certs/client.crt
|
|
# PerlSetEnv OCS_DB_SL_SSL_CA_CERT /etc/ssl/certs/ca.crt
|
|
# SSL Mode
|
|
# - SSL_MODE_PREFERRED (SSL enabled but optional)
|
|
# - SSL_MODE_REQUIRED (SSL enabled, mandatory but don't verify server certificate. Ex self signed cert)
|
|
# - SSL_MODE_STRICT (SSL enabled, mandatory and server cert must be trusted)
|
|
# PerlSetEnv OCS_DB_SL_SSL_MODE SSL_MODE_PREFERRED
|
|
|
|
# Path to log directory (must be writeable)
|
|
PerlSetEnv OCS_OPT_LOGPATH "PATH_TO_LOG_DIRECTORY"
|
|
|
|
# If you need to specify a mysql socket that the client's built-in
|
|
#PerlSetEnv OCS_OPT_DBI_MYSQL_SOCKET "path/to/mysql/unix/socket"
|
|
# DBI verbosity
|
|
PerlSetEnv OCS_OPT_DBI_PRINT_ERROR 1
|
|
|
|
# Unicode support
|
|
PerlSetEnv OCS_OPT_UNICODE_SUPPORT 1
|
|
|
|
# If you are using a multi server architecture,
|
|
# Put the ip addresses of the slaves on the master
|
|
# (This is read as perl regular expressions)
|
|
PerlAddVar OCS_OPT_TRUSTED_IP 127.0.0.1
|
|
#PerlAddVar OCS_OPT_TRUSTED_IP XXX.XXX.XXX.XXX
|
|
|
|
# ===== WEB SERVICE (SOAP) SETTINGS =====
|
|
|
|
PerlSetEnv OCS_OPT_WEB_SERVICE_ENABLED 0
|
|
PerlSetEnv OCS_OPT_WEB_SERVICE_RESULTS_LIMIT 100
|
|
# PerlSetEnv OCS_OPT_WEB_SERVICE_PRIV_MODS_CONF "WEBSERV_PRIV_MOD_CONF_FILE"
|
|
|
|
# Be careful: you must restart apache to make settings taking effects
|
|
|
|
# Configure engine to use the settings from this file
|
|
PerlSetEnv OCS_OPT_OPTIONS_NOT_OVERLOADED 0
|
|
|
|
# Try to use other compress algorithm than raw zlib
|
|
# GUNZIP and clear XML are supported
|
|
PerlSetEnv OCS_OPT_COMPRESS_TRY_OTHERS 1
|
|
|
|
##############################################################
|
|
# ===== OPTIONS BELOW ARE OVERLOADED IF YOU USE OCS GUI =====#
|
|
##############################################################
|
|
|
|
# NOTE: IF YOU WANT TO USE THIS CONFIG FILE INSTEAD, set OCS_OPT_OPTIONS_NOT_OVERLOADED to '1'
|
|
|
|
# ===== MAIN SETTINGS =====
|
|
|
|
# Enable engine logs (see LOGPATH setting)
|
|
PerlSetEnv OCS_OPT_LOGLEVEL 0
|
|
# Specify agent's prolog frequency
|
|
PerlSetEnv OCS_OPT_PROLOG_FREQ 12
|
|
# Specify if agent take contact on service startup
|
|
PerlSetEnv OCS_OPT_INVENTORY_ON_STARTUP 0
|
|
# Configure the duplicates detection system
|
|
PerlSetEnv OCS_OPT_AUTO_DUPLICATE_LVL 15
|
|
# Futur security improvements
|
|
PerlSetEnv OCS_OPT_SECURITY_LEVEL 0
|
|
# Validity of a computer's lock
|
|
PerlSetEnv OCS_OPT_LOCK_REUSE_TIME 600
|
|
# Enable the history tracking system (useful for external data synchronisation
|
|
PerlSetEnv OCS_OPT_TRACE_DELETED 0
|
|
|
|
# ===== INVENTORY SETTINGS =====
|
|
|
|
# Specify the validity of inventory data
|
|
PerlSetEnv OCS_OPT_FREQUENCY 0
|
|
# Configure engine to update inventory regarding to CHECKSUM agent value (lower DB backend load)
|
|
PerlSetEnv OCS_OPT_INVENTORY_DIFF 1
|
|
# Make engine consider an inventory as a transaction (lower concurency, better disk usage)
|
|
PerlSetEnv OCS_OPT_INVENTORY_TRANSACTION 1
|
|
# Configure engine to make a differential update of inventory sections (row level). Lower DB backend load, higher frontend load
|
|
PerlSetEnv OCS_OPT_INVENTORY_WRITE_DIFF 1
|
|
# Enable some stuff to improve DB queries, especially for GUI multicriteria searching system
|
|
PerlSetEnv OCS_OPT_INVENTORY_CACHE_ENABLED 1
|
|
# Specify when the engine will clean the inventory cache structures
|
|
PerlSetEnv OCS_OPT_INVENTORY_CACHE_REVALIDATE 7
|
|
# Enable you to keep trace of every elements encountered in db life
|
|
PerlSetEnv OCS_OPT_INVENTORY_CACHE_KEEP 1
|
|
|
|
# ===== SOFTWARES DEPLOYMENT SETTINGS =====
|
|
|
|
# Enable this feature
|
|
PerlSetEnv OCS_OPT_DOWNLOAD 0
|
|
# Package which have a priority superior than this value will not be downloaded
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_PERIOD_LENGTH 10
|
|
# Time between two download cycles (bandwidth control)
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_CYCLE_LATENCY 60
|
|
# Time between two fragment downloads (bandwidth control)
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_FRAG_LATENCY 60
|
|
# Specify if you want to track packages affected to a group on computer's level
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_GROUPS_TRACE_EVENTS 1
|
|
# Time between two download periods (bandwidth control)
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_PERIOD_LATENCY 60
|
|
# Agents will send ERR_TIMEOUT event and clean the package it is older than this setting
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_TIMEOUT 7
|
|
# Agents will send an error event and clean the package if package command does not respond during this setting
|
|
PerlSetEnv OCS_OPT_DOWNLOAD_EXECUTION_TIMEOUT 120
|
|
|
|
# Enable ocs engine to deliver agent's files (deprecated)
|
|
PerlSetEnv OCS_OPT_DEPLOY 0
|
|
# Enable the softwares deployment capacity (bandwidth control)
|
|
|
|
# ===== GROUPS SETTINGS =====
|
|
|
|
# Enable the computer\s groups feature
|
|
PerlSetEnv OCS_OPT_ENABLE_GROUPS 1
|
|
# Random number computed in the defined range. Designed to avoid computing many groups in the same process
|
|
PerlSetEnv OCS_OPT_GROUPS_CACHE_OFFSET 43200
|
|
# Specify the validity of computer's groups (default: compute it once a day - see offset)
|
|
PerlSetEnv OCS_OPT_GROUPS_CACHE_REVALIDATE 43200
|
|
|
|
# ===== IPDISCOVER SETTINGS =====
|
|
|
|
# Specify how much agent per LAN will discovered connected peripherals (0 to disable)
|
|
PerlSetEnv OCS_OPT_IPDISCOVER 2
|
|
# Specify the minimal difference to replace an ipdiscover agent
|
|
PerlSetEnv OCS_OPT_IPDISCOVER_BETTER_THRESHOLD 1
|
|
# Time between 2 arp requests (mini: 10 ms)
|
|
PerlSetEnv OCS_OPT_IPDISCOVER_LATENCY 100
|
|
# Specify when to remove a computer when it has not come until this period
|
|
PerlSetEnv OCS_OPT_IPDISCOVER_MAX_ALIVE 14
|
|
# Disable the time before a first election (not recommended)
|
|
PerlSetEnv OCS_OPT_IPDISCOVER_NO_POSTPONE 0
|
|
# Enable groups for ipdiscover (for example, you might want to prevent some groups to be ipdiscover agents)
|
|
PerlSetEnv OCS_OPT_IPDISCOVER_USE_GROUPS 1
|
|
|
|
# ===== INVENTORY FILES MAPPING SETTINGS =====
|
|
|
|
# Use with ocsinventory-injector, enable the multi entities feature
|
|
PerlSetEnv OCS_OPT_GENERATE_OCS_FILES 0
|
|
# Generate either compressed file or clear XML text
|
|
PerlSetEnv OCS_OPT_OCS_FILES_FORMAT OCS
|
|
# Specify if you want to keep trace of all inventory between to synchronisation with the higher level server
|
|
PerlSetEnv OCS_OPT_OCS_FILES_OVERWRITE 0
|
|
# Path to ocs files directory (must be writeable)
|
|
PerlSetEnv OCS_OPT_OCS_FILES_PATH /tmp
|
|
|
|
# ===== FILTER SETTINGS =====
|
|
|
|
# Enable prolog filter stack
|
|
PerlSetEnv OCS_OPT_PROLOG_FILTER_ON 0
|
|
# Enable core filter system to modify some things "on the fly"
|
|
PerlSetEnv OCS_OPT_INVENTORY_FILTER_ENABLED 0
|
|
# Enable inventory flooding filter. A dedicated ipaddress ia allowed to send a new computer only once in this period
|
|
PerlSetEnv OCS_OPT_INVENTORY_FILTER_FLOOD_IP 0
|
|
# Period definition for INVENTORY_FILTER_FLOOD_IP
|
|
PerlSetEnv OCS_OPT_INVENTORY_FILTER_FLOOD_IP_CACHE_TIME 300
|
|
# Enable inventory filter stack
|
|
PerlSetEnv OCS_OPT_INVENTORY_FILTER_ON 0
|
|
|
|
# ===== DATA FILTER =====
|
|
|
|
#Enable the dat filtering capacity
|
|
PerlSetEnv OCS_OPT_DATA_FILTER 0
|
|
|
|
# Set the table names and the field associated you want to filter
|
|
#PerlAddVar OCS_OPT_DATA_TO_FILTER HARDWARE
|
|
#PerlAddVar OCS_OPT_DATA_TO_FILTER USERID
|
|
|
|
|
|
# ===== REGISTRY SETTINGS =====
|
|
|
|
# Enable the registry capacity
|
|
PerlSetEnv OCS_OPT_REGISTRY 1
|
|
|
|
# ===== SNMP SETTINGS =====
|
|
|
|
# Enable the SNMP capacity
|
|
PerlSetEnv OCS_OPT_SNMP 0
|
|
# Configure engine to update snmp inventory regarding to snmp_laststate table (lower DB backend load)
|
|
PerlSetEnv OCS_OPT_SNMP_INVENTORY_DIFF 1
|
|
# Display error message about agent https communication in logfile
|
|
PerlSetEnv OCS_OPT_SNMP_PRINT_HTTPS_ERROR 1
|
|
|
|
# ===== SESSION SETTINGS =====
|
|
# Not yet in GUI
|
|
|
|
# Validity of a session (prolog=>postinventory)
|
|
PerlSetEnv OCS_OPT_SESSION_VALIDITY_TIME 600
|
|
# Consider a session obsolete if it is older thant this value
|
|
PerlSetEnv OCS_OPT_SESSION_CLEAN_TIME 86400
|
|
# Accept an inventory only if required by server
|
|
#( Refuse "forced" inventory)
|
|
PerlSetEnv OCS_OPT_INVENTORY_SESSION_ONLY 0
|
|
|
|
# ===== TAG =====
|
|
|
|
# The default behavior of the server is to ignore TAG changes from the
|
|
# agent.
|
|
PerlSetEnv OCS_OPT_ACCEPT_TAG_UPDATE_FROM_CLIENT 0
|
|
|
|
# ===== EXTERNAL USERAGENTS =====
|
|
|
|
#Path for external useragents reference file
|
|
#!! WARNING !! : external agents may not be supported by OCS NG Community !
|
|
#PerlSetEnv OCS_OPT_EXT_USERAGENTS_FILE_PATH /tmp/yourfile.txt
|
|
|
|
# ===== PLUGINS =====
|
|
|
|
PerlSetEnv OCS_PLUGINS_PERL_DIR "PATH_TO_PLUGINS_PERL_DIRECTORY"
|
|
PerlSetEnv OCS_PLUGINS_CONF_DIR "PATH_TO_PLUGINS_CONFIG_DIRECTORY"
|
|
|
|
# ===== DEPRECATED =====
|
|
|
|
# Set the proxy cache validity in http headers when sending a file
|
|
PerlSetEnv OCS_OPT_PROXY_REVALIDATE_DELAY 3600
|
|
# Deprecated
|
|
PerlSetEnv OCS_OPT_UPDATE 0
|
|
|
|
############ DO NOT MODIFY BELOW ! #######################
|
|
|
|
# External modules
|
|
PerlModule Apache::DBI
|
|
PerlModule Compress::Zlib
|
|
PerlModule XML::Simple
|
|
|
|
# Ocs plugins
|
|
PerlModule Apache::Ocsinventory::Plugins
|
|
|
|
# Ocs
|
|
PerlModule Apache::Ocsinventory
|
|
PerlModule Apache::Ocsinventory::Server::Constants
|
|
PerlModule Apache::Ocsinventory::Server::System
|
|
PerlModule Apache::Ocsinventory::Server::Communication
|
|
PerlModule Apache::Ocsinventory::Server::Inventory
|
|
PerlModule Apache::Ocsinventory::Server::Duplicate
|
|
|
|
# Capacities
|
|
PerlModule Apache::Ocsinventory::Server::Capacities::Registry
|
|
PerlModule Apache::Ocsinventory::Server::Capacities::Update
|
|
PerlModule Apache::Ocsinventory::Server::Capacities::Ipdiscover
|
|
PerlModule Apache::Ocsinventory::Server::Capacities::Download
|
|
PerlModule Apache::Ocsinventory::Server::Capacities::Notify
|
|
PerlModule Apache::Ocsinventory::Server::Capacities::Snmp
|
|
# This module guides you through the module creation
|
|
# PerlModule Apache::Ocsinventory::Server::Capacities::Example
|
|
# This module adds some rules to filter some request sent to ocs server in the prolog and inventory stages
|
|
# PerlModule Apache::Ocsinventory::Server::Capacities::Filter
|
|
# This module add availibity to filter data from HARDWARE section (data filtered won't be stored in database)
|
|
# PerlModule Apache::Ocsinventory::Server::Capacities::Datafilter
|
|
|
|
# PerlTaintCheck On
|
|
|
|
# SSL apache settings
|
|
#SSLEngine "SSL_ENABLE"
|
|
#SSLCertificateFile "SSL_CERTIFICATE_FILE"
|
|
#SSLCertificateKeyFile "SSL_CERTIFICATE_KEY_FILE"
|
|
#SSLCACertificateFile "SSL_CERTIFICATE_FILE"
|
|
#SSLCACertificatePath "SSL_CERTIFICATE_PATH"
|
|
#SSLVerifyClient "SSL_VALIDATE_CLIENT"
|
|
|
|
# Engine apache settings
|
|
# "Virtual" directory for handling OCS Inventory NG agents communications
|
|
# Be careful, do not create such directory into your web server root document !
|
|
<Location /ocsinventory>
|
|
<IfModule mod_authz_core.c>
|
|
# Apache 2.4
|
|
Require all granted
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
# Apache 2.2
|
|
order deny,allow
|
|
allow from all
|
|
</IfModule>
|
|
# If you protect this area you have to deal with http_auth_* agent's parameters
|
|
# AuthType Basic
|
|
# AuthName "OCS Inventory agent area"
|
|
# AuthUserFile "APACHE_AUTH_USER_FILE"
|
|
# require valid-user
|
|
SetHandler perl-script
|
|
PerlHandler Apache::Ocsinventory
|
|
</Location>
|
|
|
|
#Web Service for plugin engine
|
|
<Location /ocsplugins>
|
|
<IfModule mod_authz_core.c>
|
|
# Apache 2.4
|
|
Require local
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
# Apache 2.2
|
|
order deny,allow
|
|
allow from 127.0.0.1
|
|
</IfModule>
|
|
SetHandler perl-script
|
|
PerlHandler Apache::Ocsinventory::Plugins::Apache
|
|
</Location>
|
|
|
|
|
|
# Web service apache settings
|
|
PerlModule Apache::Ocsinventory::SOAP
|
|
|
|
<location /ocsinterface>
|
|
SetHandler perl-script
|
|
PerlHandler "Apache::Ocsinventory::SOAP"
|
|
|
|
# By default, you can query web service from everywhere with a valid user
|
|
<IfModule mod_authz_core.c>
|
|
# Apache 2.4
|
|
Require all granted
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
Order deny,allow
|
|
Allow from all
|
|
</IfModule>
|
|
AuthType Basic
|
|
AuthName "OCS Inventory SOAP Area"
|
|
# Use htpasswd to create/update soap-user (or another granted user)
|
|
AuthUserFile "APACHE_AUTH_USER_FILE"
|
|
<IfModule mod_authz_core.c>
|
|
# Apache 2.4
|
|
Require user "SOAP_USER"
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
require "SOAP_USER"
|
|
</IfModule>
|
|
</location>
|
|
</IfModule>
|