nethserver-subscription

Manage NethServer Subscription clients

  • Monitor the machine using Collectd and route notifications to a remote server
  • Collect and send server informations to a remote server
  • Download and install RPM updates automatically by configuring YUM repositories and nethserver-yum-cron

Database

Configuration is stored inside the configuration database under the subscription key.

Properties:

  • AlertsUrl: URL used to send alerts and heartbeat
  • AlertsAutoUpdates: if set to enabled, custom alerts will be downloaded each night from AlertsAutoUpdatesUrl.
  • AlertsAutoUpdatesUrl: URL used to fetch custom alerts database
  • ApiUrl: URL called from the UI to retrieve subscription plan informations
  • InventoryUrl: API endpoint where the data are sent
  • NsRelease: exact NethServer release request to mirrorlist
  • Secret: sysem secret key generated by Dartagnan (https://github.com/nethesis/dartagnan)
  • PricingUrl: URL used from the UI to access the subscription plans
  • SystemId: system unique id

Example:

subscription=configuration
   AlertsAutoUpdates=enabled
   AlertsUrl=https://my.nethserver.com/api/
   ApiUrl=http://my.nethserver.com/api/
   InventoryUrl=http://my.nethserver.com/api/inventories/store/
   NsRelease=7.4.1708
   Secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
   PricingUrl=https://my.nethserver.com/?action=newServer
   SystemId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Configuration

  • NethServer Subscriptions (by Nethesis) – run

    config setprop subscription AlertsUrl https://my.nethserver.com/api/machine/
    config delprop subscription AlertsAutoUpdatesUrl
    config setprop subscription InventoryUrl https://my.nethserver.com/api/machine/inventories/store/
    signal-event nethserver-subscription-update
    
  • NethServer Enterprise partner program (by Nethesis) – run

    config setprop subscription AlertsUrl https://my.nethesis.it/isa/
    config setprop subscription AlertsAutoUpdatesUrl https://my.nethesis.it/api/
    config setprop subscription InventoryUrl https://my.nethesis.it/isa/inventory/store/
    signal-event nethserver-subscription-update
    

YUM repositories

Once NethServer Subscriptions is activated, YUM configuration is changed to contact the subscribed repositories. Every night the list of enabled repositores will be reset to meet the subscription requirements.

The /etc/e-smith/events/actions/nethserver-subscription-eorepo action configures YUM repositories based on subscription. The behavior of the script can be changed using /etc/nethserver/eorepo.conf file which may contain the list of repositories to be enabled.

Restore original NethServer repositories

To revert the system configuration to its initial state and use the original NethServer repositories run

config setprop subscription SystemId '' Secret ''
signal-event software-repos-save

Events

  • nethserver-subscription-update standard update event; it runs on new installation and subsequent updates
  • nethserver-subscription-save runs when the registration token is set from the UI, altering the YUM repository configuration
  • restore-yumrepos runs during pre-restore-config event. Actions and templates bound to it run in a temporary environment where the configuration DB is extracted from the configuration backup and temporarily applied to the system. It occurs before automatic installation of packages from the backup set. It is the point where the YUM configuration is restored to make subscribed repositories immediately available.

Alerts

Collectd listens for notification on a well known socket: /var/run/collectd.sock.

Notifications can be generated by Collectd thresholds, cron jobs or even external daemons like NMS.

Collectd thresholds

You can trigger an alarm named testalarm from command line:

echo -e "PUTNOTIF host=$(hostname) type=custom type_instance=testalarm severity=failure time=$(date +%s) message=\"$1 FAILURE\"" | nc -U /var/run/collectd.sock &>/dev/null

You can also resolve the above alarm:

echo -e "PUTNOTIF host=$(hostname) type=custom type_instance=testalarm severity=okay time=$(date +%s) message=\"$1 OK\"" | nc -U /var/run/collectd.sock &>/dev/null

Adding a threshold configuration

Create a /etc/collectd.d/threshold.conf template fragment using collectd threshold syntax. Enjoy collectd docs here https://collectd.org/documentation/manpages/collectd-threshold.5.shtml

Collectd python plugin

The nethserver_alerts.py file implements a Collectd plugin. The plugin dispatches each notification to remote Dartagnan instance. If the remote Dartagnan instance is not available, the plugin will save the notifications inside a local queue and will retry to resend them later.

Plugin options (inside /etc/collectd.d/threshold.conf):

  • api_url URL where alerts will be dispatched
  • lk: System ID
  • secret: (optional) if set, the secret will be used as authorization token
  • debug: enable the debug, can be yes or no. Default to no

NethServer Monitor Services (NMS)

NMS is a python daemon which monitor the status of all services registered inside the configuration db. Each service is checked every 300 seconds, if the status of a service changes, NMS writes a notification to Collectd socket.

Inventory

The inventory uses the facter software, from puppet (https://docs.puppet.com/facter/). Facter collects a standard set of informations (like CPU model, runing kernel, etc.) but the system also gather some custom facts.

Custom facts

Scripts for custom facts are inside /opt/puppetlabs/puppet/lib/ruby/2.1.0/facter/ directory. Each package can register a new custom fact, but this packages always provides the following:

  • rpms, list of installed RPMs
  • raid, RAID configuration
  • templates_custom, list of configured template custom wihout content
  • arp_macs, number of network devices
  • users, list of configured users
  • backup, info about backup status
  • esmithdb, all esmith databases, password values are replaced with ***

Sending the inventory

Make sure that SystemId property under subscription key is already set. If the Secret property is set, it will be used as authorization token when sending the inventory.

The inventory will be sent every day using cron. If you want to manually send the inventory, use the following command:

/etc/cron.daily/nethserver-inventory