################################################################################ # # OCS Inventory NG Communication Server Perl Module Setup # # Copyleft 2006 Pascal DANEK # Web: http://www.ocsinventory-ng.org # # This code is open source and may be copied and modified as long as the source # code is always made freely available. # Please refer to the General Public Licence http://www.gnu.org/ or Licence.txt ################################################################################ # Which version of mod_perl we are using # For mod_perl <= 1.999_21, replace 2 by 1 # For mod_perl > 1.999_21, replace 2 by 2 PerlSetEnv OCS_MODPERL_VERSION 2 # Master Database settings # Replace localhost by hostname or ip of MySQL server for WRITE PerlSetEnv OCS_DB_HOST localhost # Replace 3306 by port where running MySQL server, generally 3306 PerlSetEnv OCS_DB_PORT 3306 # Name of database PerlSetEnv OCS_DB_NAME ocsweb PerlSetEnv OCS_DB_LOCAL ocsweb # User allowed to connect to database PerlSetEnv OCS_DB_USER ocs # Password for user PerlSetVar OCS_DB_PWD ocs # SSL Configuration # 0 to disable the SSL support for MySQL/MariaDB # 1 to enable the SSL support for MySQL/MariaDB PerlSetEnv OCS_DB_SSL_ENABLED 0 # PerlSetEnv OCS_DB_SSL_CLIENT_KEY /etc/ssl/private/client.key # PerlSetEnv OCS_DB_SSL_CLIENT_CERT /etc/ssl/certs/client.crt # PerlSetEnv OCS_DB_SSL_CA_CERT /etc/ssl/certs/ca.crt # SSL Mode # - SSL_MODE_PREFERRED (SSL enabled but optional) # - SSL_MODE_REQUIRED (SSL enabled, mandatory but don't verify server certificate. Ex self signed cert) # - SSL_MODE_STRICT (SSL enabled, mandatory and server cert must be trusted) PerlSetEnv OCS_DB_SSL_MODE SSL_MODE_PREFERRED # Slave Database settings # Replace localhost by hostname or ip of MySQL server for READ # Useful if you handle mysql slave databases # PerlSetEnv OCS_DB_SL_HOST localhost # Replace 3306 by port where running MySQL server, generally 3306 # PerlSetEnv OCS_DB_SL_PORT_SLAVE 3306 # User allowed to connect to database # PerlSetEnv OCS_DB_SL_USER ocs # Name of the database # PerlSetEnv OCS_DB_SL_NAME ocsweb # Password for user # PerlSetVar OCS_DB_SL_PWD ocs # SSL Configuration for Slave database # 0 to disable the SSL support for MySQL/MariaDB # 1 to enable the SSL support for MySQL/MariaDB # PerlSetEnv OCS_DB_SL_SSL_ENABLED 0 # PerlSetEnv OCS_DB_SL_SSL_CLIENT_KEY /etc/ssl/private/client.key # PerlSetEnv OCS_DB_SL_SSL_CLIENT_CERT /etc/ssl/certs/client.crt # PerlSetEnv OCS_DB_SL_SSL_CA_CERT /etc/ssl/certs/ca.crt # SSL Mode # - SSL_MODE_PREFERRED (SSL enabled but optional) # - SSL_MODE_REQUIRED (SSL enabled, mandatory but don't verify server certificate. Ex self signed cert) # - SSL_MODE_STRICT (SSL enabled, mandatory and server cert must be trusted) # PerlSetEnv OCS_DB_SL_SSL_MODE SSL_MODE_PREFERRED # Path to log directory (must be writeable) PerlSetEnv OCS_OPT_LOGPATH "/var/log/ocsinventory-server" # If you need to specify a mysql socket that the client's built-in #PerlSetEnv OCS_OPT_DBI_MYSQL_SOCKET "path/to/mysql/unix/socket" # DBI verbosity PerlSetEnv OCS_OPT_DBI_PRINT_ERROR 0 # Unicode support PerlSetEnv OCS_OPT_UNICODE_SUPPORT 1 # If you are using a multi server architecture, # Put the ip addresses of the slaves on the master # (This is read as perl regular expressions) PerlAddVar OCS_OPT_TRUSTED_IP 127.0.0.1 #PerlAddVar OCS_OPT_TRUSTED_IP XXX.XXX.XXX.XXX # Be careful: you must restart apache to make settings taking effects # Configure engine to use the settings from this file PerlSetEnv OCS_OPT_OPTIONS_NOT_OVERLOADED 0 # Try to use other compress algorithm than raw zlib # GUNZIP and clear XML are supported PerlSetEnv OCS_OPT_COMPRESS_TRY_OTHERS 1 ############################################################## # ===== OPTIONS BELOW ARE OVERLOADED IF YOU USE OCS GUI =====# ############################################################## # NOTE: IF YOU WANT TO USE THIS CONFIG FILE INSTEAD, set OCS_OPT_OPTIONS_NOT_OVERLOADED to '1' # ===== MAIN SETTINGS ===== # Enable engine logs (see LOGPATH setting) PerlSetEnv OCS_OPT_LOGLEVEL 0 # Specify agent's prolog frequency PerlSetEnv OCS_OPT_PROLOG_FREQ 12 # Specify if agent take contact on service startup PerlSetEnv OCS_OPT_INVENTORY_ON_STARTUP 0 # Configure the duplicates detection system PerlSetEnv OCS_OPT_AUTO_DUPLICATE_LVL 15 # Futur security improvements PerlSetEnv OCS_OPT_SECURITY_LEVEL 0 # Validity of a computer's lock PerlSetEnv OCS_OPT_LOCK_REUSE_TIME 600 # Enable the history tracking system (useful for external data synchronisation PerlSetEnv OCS_OPT_TRACE_DELETED 0 # ===== INVENTORY SETTINGS ===== # Specify the validity of inventory data PerlSetEnv OCS_OPT_FREQUENCY 0 # Configure engine to update inventory regarding to CHECKSUM agent value (lower DB backend load) PerlSetEnv OCS_OPT_INVENTORY_DIFF 1 # Make engine consider an inventory as a transaction (lower concurency, better disk usage) PerlSetEnv OCS_OPT_INVENTORY_TRANSACTION 1 # Configure engine to make a differential update of inventory sections (row level). Lower DB backend load, higher frontend load PerlSetEnv OCS_OPT_INVENTORY_WRITE_DIFF 1 # Enable some stuff to improve DB queries, especially for GUI multicriteria searching system PerlSetEnv OCS_OPT_INVENTORY_CACHE_ENABLED 1 # Specify when the engine will clean the inventory cache structures PerlSetEnv OCS_OPT_INVENTORY_CACHE_REVALIDATE 7 # Enable you to keep trace of every elements encountered in db life PerlSetEnv OCS_OPT_INVENTORY_CACHE_KEEP 1 # ===== SOFTWARES DEPLOYMENT SETTINGS ===== # Enable this feature PerlSetEnv OCS_OPT_DOWNLOAD 0 # Package which have a priority superior than this value will not be downloaded PerlSetEnv OCS_OPT_DOWNLOAD_PERIOD_LENGTH 10 # Time between two download cycles (bandwidth control) PerlSetEnv OCS_OPT_DOWNLOAD_CYCLE_LATENCY 60 # Time between two fragment downloads (bandwidth control) PerlSetEnv OCS_OPT_DOWNLOAD_FRAG_LATENCY 60 # Specify if you want to track packages affected to a group on computer's level PerlSetEnv OCS_OPT_DOWNLOAD_GROUPS_TRACE_EVENTS 1 # Time between two download periods (bandwidth control) PerlSetEnv OCS_OPT_DOWNLOAD_PERIOD_LATENCY 60 # Agents will send ERR_TIMEOUT event and clean the package it is older than this setting PerlSetEnv OCS_OPT_DOWNLOAD_TIMEOUT 7 # Agents will send an error event and clean the package if package command does not respond during this setting PerlSetEnv OCS_OPT_DOWNLOAD_EXECUTION_TIMEOUT 120 # Enable ocs engine to deliver agent's files (deprecated) PerlSetEnv OCS_OPT_DEPLOY 0 # Enable the softwares deployment capacity (bandwidth control) # ===== GROUPS SETTINGS ===== # Enable the computer\s groups feature PerlSetEnv OCS_OPT_ENABLE_GROUPS 1 # Random number computed in the defined range. Designed to avoid computing many groups in the same process PerlSetEnv OCS_OPT_GROUPS_CACHE_OFFSET 43200 # Specify the validity of computer's groups (default: compute it once a day - see offset) PerlSetEnv OCS_OPT_GROUPS_CACHE_REVALIDATE 43200 # ===== IPDISCOVER SETTINGS ===== # Specify how much agent per LAN will discovered connected peripherals (0 to disable) PerlSetEnv OCS_OPT_IPDISCOVER 2 # Specify the minimal difference to replace an ipdiscover agent PerlSetEnv OCS_OPT_IPDISCOVER_BETTER_THRESHOLD 1 # Time between 2 arp requests (mini: 10 ms) PerlSetEnv OCS_OPT_IPDISCOVER_LATENCY 100 # Specify when to remove a computer when it has not come until this period PerlSetEnv OCS_OPT_IPDISCOVER_MAX_ALIVE 14 # Disable the time before a first election (not recommended) PerlSetEnv OCS_OPT_IPDISCOVER_NO_POSTPONE 0 # Enable groups for ipdiscover (for example, you might want to prevent some groups to be ipdiscover agents) PerlSetEnv OCS_OPT_IPDISCOVER_USE_GROUPS 1 # ===== INVENTORY FILES MAPPING SETTINGS ===== # Use with ocsinventory-injector, enable the multi entities feature PerlSetEnv OCS_OPT_GENERATE_OCS_FILES 0 # Generate either compressed file or clear XML text PerlSetEnv OCS_OPT_OCS_FILES_FORMAT OCS # Specify if you want to keep trace of all inventory between to synchronisation with the higher level server PerlSetEnv OCS_OPT_OCS_FILES_OVERWRITE 0 # Path to ocs files directory (must be writeable) PerlSetEnv OCS_OPT_OCS_FILES_PATH /tmp # ===== FILTER SETTINGS ===== # Enable prolog filter stack PerlSetEnv OCS_OPT_PROLOG_FILTER_ON 0 # Enable core filter system to modify some things "on the fly" PerlSetEnv OCS_OPT_INVENTORY_FILTER_ENABLED 0 # Enable inventory flooding filter. A dedicated ipaddress ia allowed to send a new computer only once in this period PerlSetEnv OCS_OPT_INVENTORY_FILTER_FLOOD_IP 0 # Period definition for INVENTORY_FILTER_FLOOD_IP PerlSetEnv OCS_OPT_INVENTORY_FILTER_FLOOD_IP_CACHE_TIME 300 # Enable inventory filter stack PerlSetEnv OCS_OPT_INVENTORY_FILTER_ON 0 # ===== DATA FILTER ===== #Enable the dat filtering capacity PerlSetEnv OCS_OPT_DATA_FILTER 0 # Set the table names and the field associated you want to filter #PerlAddVar OCS_OPT_DATA_TO_FILTER HARDWARE #PerlAddVar OCS_OPT_DATA_TO_FILTER USERID # ===== REGISTRY SETTINGS ===== # Enable the registry capacity PerlSetEnv OCS_OPT_REGISTRY 1 # ===== SNMP SETTINGS ===== # Enable the SNMP capacity PerlSetEnv OCS_OPT_SNMP 0 # Configure engine to update snmp inventory regarding to snmp_laststate table (lower DB backend load) PerlSetEnv OCS_OPT_SNMP_INVENTORY_DIFF 1 # Display error message about agent https communication in logfile PerlSetEnv OCS_OPT_SNMP_PRINT_HTTPS_ERROR 1 # ===== SESSION SETTINGS ===== # Not yet in GUI # Validity of a session (prolog=>postinventory) PerlSetEnv OCS_OPT_SESSION_VALIDITY_TIME 600 # Consider a session obsolete if it is older thant this value PerlSetEnv OCS_OPT_SESSION_CLEAN_TIME 86400 # Accept an inventory only if required by server #( Refuse "forced" inventory) PerlSetEnv OCS_OPT_INVENTORY_SESSION_ONLY 0 # ===== TAG ===== # The default behavior of the server is to ignore TAG changes from the # agent. PerlSetEnv OCS_OPT_ACCEPT_TAG_UPDATE_FROM_CLIENT 0 # ===== EXTERNAL USERAGENTS ===== #Path for external useragents reference file #!! WARNING !! : external agents may not be supported by OCS NG Community ! #PerlSetEnv OCS_OPT_EXT_USERAGENTS_FILE_PATH /tmp/yourfile.txt # ===== PLUGINS ===== PerlSetEnv OCS_PLUGINS_PERL_DIR "/etc/ocsinventory-server/perl" PerlSetEnv OCS_PLUGINS_CONF_DIR "/etc/ocsinventory-server/plugins" # ===== DEPRECATED ===== # Set the proxy cache validity in http headers when sending a file PerlSetEnv OCS_OPT_PROXY_REVALIDATE_DELAY 3600 # Deprecated PerlSetEnv OCS_OPT_UPDATE 0 ############ DO NOT MODIFY BELOW ! ####################### # External modules PerlModule Apache::DBI PerlModule Compress::Zlib PerlModule XML::Simple # Ocs plugins PerlModule Apache::Ocsinventory::Plugins # Ocs PerlModule Apache::Ocsinventory PerlModule Apache::Ocsinventory::Server::Constants PerlModule Apache::Ocsinventory::Server::System PerlModule Apache::Ocsinventory::Server::Communication PerlModule Apache::Ocsinventory::Server::Inventory PerlModule Apache::Ocsinventory::Server::Duplicate # Capacities PerlModule Apache::Ocsinventory::Server::Capacities::Registry PerlModule Apache::Ocsinventory::Server::Capacities::Update PerlModule Apache::Ocsinventory::Server::Capacities::Ipdiscover PerlModule Apache::Ocsinventory::Server::Capacities::Download PerlModule Apache::Ocsinventory::Server::Capacities::Notify PerlModule Apache::Ocsinventory::Server::Capacities::Snmp # This module guides you through the module creation # PerlModule Apache::Ocsinventory::Server::Capacities::Example # This module adds some rules to filter some request sent to ocs server in the prolog and inventory stages # PerlModule Apache::Ocsinventory::Server::Capacities::Filter # This module add availibity to filter data from HARDWARE section (data filtered won't be stored in database) # PerlModule Apache::Ocsinventory::Server::Capacities::Datafilter # PerlTaintCheck On # SSL apache settings #SSLEngine "SSL_ENABLE" #SSLCertificateFile "SSL_CERTIFICATE_FILE" #SSLCertificateKeyFile "SSL_CERTIFICATE_KEY_FILE" #SSLCACertificateFile "SSL_CERTIFICATE_FILE" #SSLCACertificatePath "SSL_CERTIFICATE_PATH" #SSLVerifyClient "SSL_VALIDATE_CLIENT" # Engine apache settings # "Virtual" directory for handling OCS Inventory NG agents communications # Be careful, do not create such directory into your web server root document ! # Apache 2.4 Require all granted # Apache 2.2 order deny,allow allow from all # If you protect this area you have to deal with http_auth_* agent's parameters # AuthType Basic # AuthName "OCS Inventory agent area" # AuthUserFile "APACHE_AUTH_USER_FILE" # require valid-user SetHandler perl-script PerlHandler Apache::Ocsinventory # Web service apache settings PerlModule Apache::Ocsinventory::SOAP SetHandler perl-script PerlHandler "Apache::Ocsinventory::SOAP" # By default, you can query web service from everywhere with a valid user # Apache 2.4 Require all granted Order deny,allow Allow from all AuthType Basic AuthName "OCS Inventory SOAP Area" # Use htpasswd to create/update soap-user (or another granted user) AuthUserFile "APACHE_AUTH_USER_FILE" # Apache 2.4 Require user "SOAP_USER" require "SOAP_USER"