MMC agent configuration file¶
This document explains the content of the MMC agent configuration file.
Introduction¶
The MMC agent is a XML-RPC server that exports to the network the API provided by the MMC python plugins.
Its configuration file is /etc/mmc/agent/config.ini. This file must be readable only by root, as it contains the login and password required to connect to the MMC agent.
Like all MMC related configuration file, its file format is INI style. The file is made of sections, each one starting with a « [sectionname] » header. In each section options can be defined like this « option = value ».
For example:
[section1]
option1 = 1
option2 = 2
[section2]
option1 = foo
option2 = plop
Configuration file sections¶
/etc/mmc/agent/config.ini available sections:
Section name | Description | Optional |
---|---|---|
main | MMC agent main option | no |
daemon | MMC agent daemon option | no |
All the other sections (loggers, handlers, ...) are related to Python language logging framework. See the Python documentation for more informations.
Section « main »¶
Available options for the “main” section:
Option name | Description | Optional | Default value |
---|---|---|---|
host | IP where the MMC agent XML-RPC server listens to incoming connections | No | |
port | TCP/IP port where the MMC agent XML-RPC server listens to incoming connections | No | |
login | login to connect to the MMC agent XML-RPC server | No | mmc |
password | password to connect to the MMC agent XML-RPC server | No | s3cr3t |
enablessl | Enable TLS/SSL for XMLRPC communication. If disabled, the XMLRPC traffic is not encrypted. | yes | 0 |
verifypeer | If SSL is enabled and verifypeer is enabled, the XML-RPC client that connects to the MMC agent XML-RPC server must provide a valid certificate, else the connection will be closed. | yes | 0 |
localcert | If verifypeer = 1, the file should contain the private key and the public certificate. This option was previously called privkey | If verifypeer = 1, yes | |
cacert | Path to the file (PEM format) containing the public certificate of the Certificate Authority that produced the certificate defined by the localcert option. If verifypeer = 1, the certificate provided by the XML-RPC client will be validated by this CA. | If verifypeer = 1, yes | |
sessiontimeout | Session timeout in seconds. When a user authenticates to the MMC agent, a user session in created. This session is destroyed automatically when no call is done before the session timeout is reach. | Yes | 900 |
multithreading | Multi-threading support. If enabled, each incoming XML-RPC request is processed in a new thread. | Yes | 1 |
maxthreads | If multi-threading is enabled, this setting defines the size of the pool of threads serving XML-RPC requests. | Yes | 20 |
sessiontimeout | RPC Session timeout in seconds. If unset default to Twisted hardcoded 900 seconds. | yes | 900 |
If host=127.0.0.1, the MMC agent will only listen to local incoming connections. You can use host=0.0.0.0 to make it listen to all available network interfaces.
To connect to the MMC agent, the client (for example the MMC web interface) must do a HTTP Basic authentication, using the configured login and password.
You must change the login and password in the configuration file, because if you keep using the default configuration, anybody can connect to your MMC agent. MMC agent issue a warning if you use the default login and password.
Section « daemon »¶
This section defines some MMC agent daemon settings.
Available options for the “daemon” section
Option name | Description | Optional | Default value |
---|---|---|---|
user | System user under which the MMC agent service is running | yes | root |
group | System group under which the MMC agent service is running | yes | root |
umask | umask used by the MMC agent when creating files (log files for example) | yes | 0777 |
pidfile | Path to the file containing the PID of the MMC agent | No |
If the MMC agent is configured to run as non-root, it drops its root privileges to the defined user and group id using the “seteuid” system call. This is done as soon as the configuration file is read.
How to enable full debug in MMC agent¶
Just set level=DEBUG in hand01 handler (see previous section), and restart the MMC agent.
All the remote function calls and responses are now recorded in MMC log file.