Modules

The DCM System consists of several subcomponents, which are explained in more detail further on. Every component runs as a separate systemd service with an own config file and a separate logging file. All of these modules are configured either via the webinterface or the configurator and usually do not need any inference. All TUXGUARD DCM configuration files are located under the envs folder. The remaining external configuration files are located under the config folder.

TUXGUARD DCM Modules

Manager

The Manager module is the core component of the DCM system and is responsible for building the bridge between database, Management API and GUI.

Config

manager.env

Option	Type	Description
`DEBUG`	`Boolean`	logs additional debug information when enabled
`DATABASE_URL`	`String`	contains all information about the database, is in the form: `postgres://ecm:tuxguard@localhost:5432/manager_db`.
`SECRET_KEY`	`String`	differs for all installations and provides an additional security layer
`ALLOWED_HOSTS`	`List[String]`	a list of host URLs and/or IPs under which the Manager API and GUI will be accessible
`LOGDIR`	`String`	directory, in which logs will be saved
`STATIC_ROOT`	`String`	directory, in which static files will be stored
`REDIS_HOST`	`String`	Redis host
`REDIS_PORT`	`String`	Redis port
`REDIS_USER`	`String`	Redis username
`REDIS_PASS`	`String`	Redis password
`RABBIT_VHOST`	`String`	RabbitMQ virtual host
`RABBIT_PORT`	`String`	RabbitMQ port
`RABBIT_USER`	`String`	RabbitMQ username
`RABBIT_PASS`	`String`	RabbitMQ password
`TG_LIC_WORKER`	`String`	TUXGUARD WORKER which communicates with the DCM
`SSL`	`Boolean`	whether the connection to the TUXGUARD WORKER should use ssl or not
`COMMAND_STORAGE_DURATION`	`Integer`	how long commands should be stored inside the database, in days
`COMMAND_CLEANUP_TRIGGER`	`String`	in crontab notation, at which time the commands should be cleaned up
`DOWNLOAD_FOLDER`	`String`	folder serving the downloadable files
`updatebasedir`	`String`	under which folder endpoint update files will be served
`bundlebasedir`	`String`	under which folder endpoint bundles will be served
`logsrclist`	`List[String]`	additional log files which are considered for download

Heartbeat API

The Heartbeat API is the communication entrypoint for all endpoints. Here commands, their responses and some general informations about an endpoint's health are exchanged.

Config

hb-api.env

Option	Type	Description
`DEBUG`	`Boolean`	logs additional debug information when enabled
`LOGFILE`	`String`	the logfile
`SECRET_KEY`	`String`	differs for all installations and provides an additional security layer
`RABBIT_VHOST`	`String`	RabbitMQ virtual host
`RABBIT_PORT`	`String`	RabbitMQ port
`RABBIT_USER`	`String`	RabbitMQ username
`RABBIT_PASS`	`String`	RabbitMQ password

Heartbeat Exchange

The Heartbeat Exchange is master-worker architecture which handles the messaging workload inside the DCM.

Config

hb-exchange.env

Option	Type	Description
`DEBUG`	`Boolean`	logs additional debug information when enabled
`LOGFILE`	`String`	the logfile
`SECRET_KEY`	`String`	differs for all DCM installation and provides an additional security layer
`RABBIT_VHOST`	`String`	RabbitMQ virtual host
`RABBIT_PORT`	`String`	RabbitMQ port
`RABBIT_USER`	`String`	RabbitMQ username
`RABBIT_PASS`	`String`	RabbitMQ password
`POSTGRES_HOST`	`String`	PostgreSQL host
`POSTGRES_PORT`	`String`	PostgreSQL port
`POSTGRES_USER`	`String`	PostgreSQL username
`POSTGRES_PASS`	`String`	PostgreSQL password
`COMMAND_WORKERS`	`Integer`	amount of workers responsible for command messages
`HEARTBEAT_WORKERS`	`Integer`	amount of workers responsible for heartbeat messages

Alert Manager

The Alert Manager gathers information on the server status and might detect any faults for which then alerts might be created and be pushed to the manager.

Config

alert-manager.env

Option	Type	Description
`DEBUG`	`Boolean`	logs additional debug information when enabled
`LOGFILE`	`String`	the logfile
`LOG_INTERVAL`	`String`	the logfile
`LOG_DIR`	`String`	log directory containing all other logs
`POSTGRES_HOST`	`String`	PostgreSQL host
`POSTGRES_PORT`	`String`	PostgreSQL port
`POSTGRES_USER`	`String`	PostgreSQL username
`POSTGRES_PASS`	`String`	PostgreSQL password
`REDIS_HOST`	`String`	Redis host
`REDIS_PORT`	`String`	Redis port
`REDIS_USER`	`String`	Redis username
`REDIS_PASS`	`String`	Redis password

License Proxy

The License Proxy transfers any incoming license related request to the Tuxguard license server. The response is then pushed forward to the manager service, which will act accordingly.

Config

lic-proxy.env

Option	Type	Description
`DEBUG`	`Boolean`	logs additional debug information when enabled
`LOGFILE`	`String`	the logfile
`RABBIT_VHOST`	`String`	RabbitMQ virtual host
`RABBIT_PORT`	`String`	RabbitMQ port
`RABBIT_USER`	`String`	RabbitMQ username
`RABBIT_PASS`	`String`	RabbitMQ password
`NUM_WORKERS`	`Integer`	amount of worker subprocesses
`SSL`	`Boolean`	whether the connection to the TUXGUARD WORKER should use ssl or not
`TG_LIC_WORKER`	`String`	TUXGUARD WORKER which communicates with the DCM

License API

The License API is the second entrypoint for all endpoints. This API deals with all license related requests.

Config

lic-api.env

Option	Type	Description
`DEBUG`	`Boolean`	logs additional debug information when enabled
`LOGFILE`	`String`	the logfile
`SECRET_KEY`	`String`	differs for all installations and provides an additional security layer
`RMQ_HOST`	`String`	RabbitMQ host
`RMQ_VHOST`	`String`	RabbitMQ virtual host
`RMQ_PORT`	`String`	RabbitMQ port
`RMQ_USER`	`String`	RabbitMQ username
`RMQ_PASS`	`String`	RabbitMQ password

Extern

Redis

Redis is a cache based database, see https://redis.io/.

RabbitMQ

RabbitMQ is a queueing message broker, see https://www.rabbitmq.com/.

Postgres

Postgres is an open source, object-relational database, see https://www.postgresql.org/

NginX

NginX is a web server, which can be utilized as load balancer, see https://www.nginx.com/