...
| A Shared Block | |||||
|---|---|---|---|---|---|
| |||||
|
Оглавление printable false
Server requirements
For stable operation, the server must meet the following requirements:
Linux operating system with Docker support: Ubuntu Server 20.04 (recommended) and newer, Astra Linux 1.7 (server), RedOS 7.3.1, Alt Server 10;
16 GB of RAM or more;
- CPU with virtualization support with at least 4 cores;
- free hard disk space from 200GB;
- 1Gbit/s network interface availability.
Obtaining sudo privileges without additional password input (optional)
As an unprivileged user, run the command:
...
Next, enter the password. After that, additional password entry is not required for executing sudo commands or switching to the superuser mode.
Якорь Install_ECCM Install_ECCM
ECCM installation
| Install_ECCM | |
| Install_ECCM |
Installation archive
The files needed to run the project are distributed as a tar archive. They can be obtained from the public cloud. Download the archive to the server and unpack it. It is recommended to unpack the archive into the pre-created separate directory.
...
| Блок кода |
|---|
wget "https://cloud.eltex-co.ru/index.php/s/P8xDfmyo3XyEs0g/download?path=%2F&files=eccm-2.2.tar.gz" -O eccm-2.2.tar.gz mkdir eccm tar -zxvf eccm-2.2.tar.gz -C eccm/ |
Docker and docker-compose installation
The easiest and fastest way to install is to switch to the directory where the installation archive was unpacked and use the compose-tools.sh script using the --install flag:
...
| Блок кода |
|---|
docker-compose version |
Running ECCM
The ECCM project is distributed as a set of files that allows to run all necessary services using docker-compose. The project is divided into two docker-stacks:
...
This separation is caused by the need to ensure horizontal scaling of the project and the possibility of integration with other projects of the company, such as Eltex.EDM.
Script for running ECCM
Due to the abundance of the system running parameters, a script was prepared that runs the project on one or more hosts with performance parameters that allow servicing about 100 devices. Actual performance depends on many factors, including hardware performance and the complexity of the network devices being serviced. To invoke the help information, navigate to the directory with the script and run the following command:
| Блок кода |
|---|
sudo ./compose-tools.sh -h |
Running ECCM on a single host
To start the project, switch to the directory with the files of the installation archive and run the following command:
...
| Блок кода |
|---|
sudo ./compose-tools.sh --stop |
Running ECCM with a database on a separate server
draw.io Diagram border true viewerToolbar true fitWindow false diagramName Структурная схема_в2 simpleViewer false width 400 diagramWidth 772 revision 1
...
| Блок кода |
|---|
sudo ./compose-tools.sh --start 100.110.2.2 --database-host 100.110.2.4 --database-port 5432 |
Якорь Vars Vars
Environment variables
| Vars | |
| Vars |
The files required to run ECCM, containing environment and configuration variables, are located in the directory where the installation archive was extracted:
| Блок кода |
|---|
postgres/.env postgres/data/postgresql.conf eccm/.env |
Якорь Postgres Postgres
postgres/.env
| Postgres | |
| Postgres |
The postgres/.env file contains variables that determine the behavior of the Postgres database stack when it is launched in a container. The table below provides a description of these variables:
| Varible | Default value | Description |
|---|---|---|
COMPOSE_PROJECT_NAME | postgres | Project name in docker-compose (used for identification if several projects are running on the server) |
POSTGRES_TAG | 2.2 | Version of the postgres container image |
POSTGRES_REGISTRY | hub.eltex-co.ru | The address of the docker-registry from which the postgres image will be retrieved. If a local mirror is used, its address can be specified |
ROOT_POSTGRES_USER | Parameter that allows to override the superuser login for database access and configuration | |
ROOT_POSTGRES_PASSWORD | Parameter that allows to override the superuser password for database access and configuration | |
ECCM_DATABASE | eccm | Name of the eccm service stack database |
POSTGRES_TIMEZONE | Asia/Novosibirsk | The time zone in which the system operates (specified in accordance with the tz database, for example, “Asia/Novosibirsk”) |
POSTGRES_SHM_SIZE | 2gb | Limiting the allocated RAM for working with the Postgres database |
POSTGRES_PRIVILEGED_MODE | false | Running a container in privileged mode |
|
| External address of the Postgres database |
|
| Maximum number of container log files |
| 50M | Maximum size of container log files |
| true | Enable compression of container log files |
| hub.eltex-co.ru | The address of the docker-registry from which the postgres-configurator image will be retrieved. If a local mirror is used, its address can be specified |
|
| Version of the postgres-configurator container image |
| true | Activation of the postgres-configurator container at system launch |
Якорь Postgresdata Postgresdata
postgres/data/postgresql.conf
| Postgresdata | |
| Postgresdata |
The file contains parameters that affect database performance. The default settings are sufficient for a test run and support for approximately 100 devices.
Якорь Eccm Eccm
eccm/.env
| Eccm | |
| Eccm |
The eccm/.env file contains variables that determine the behavior of the project. The table below provides a description of these variables:
| Varible | Default value | Description | ||||
|---|---|---|---|---|---|---|
COMPOSE_PROJECT_NAME | eccm | Project name in docker-compose (used for identification if several projects are running on the server) | ||||
ECCM_PROFILE | production | Project profile | ||||
ECCM_TAG | 2.2 | Container image version | ||||
ECCM_REGISTRY | hub.eltex-co.ru | The address of the docker-registry from which system images will be retrieved. If a local mirror is used, its address can be specified | ||||
ECCM_BACKBONE_ADDRESS | 192.168.0.1 | Internal address at which the ECCM system will operate with devices on the network | ||||
ECCM_WEB_ADDRESS | 192.168.0.1 | The address at which the ECCM system web interface will operate | ||||
ECCM_WEB_PORT | 80 | Port for accessing the web interface | ||||
ECCM_TIMEZONE | Asia/Novosibirsk | The time zone in which the system operates (specified in accordance with the tz database, for example, “Asia/Novosibirsk”) | ||||
ECCM_LOGLEVEL | 'INFO' | Logging level in the project | ||||
MAX_CONCURRENT_SSH_TASKS | 20 | Number of simultaneous operations performed with devices | ||||
POSTGRES_HOST | 192.168.0.1 | The address where the Postgres database is running | ||||
POSTGRES_PORT | 5432 | Port for accessing the Postgres database | ||||
ROOT_POSTGRES_USER | Parameter that allows overriding the superuser login for database access and configuration | |||||
ROOT_POSTGRES_PASSWORD | Parameter that allows to override the superuser password for database access and configuration | |||||
ECCM_POSTGRES_DB | eccm | Database name for eccm services | ||||
ECCM_POSTGRES_USER | Parameter that allows to override the default login for accessing the ECCM_POSTGRES_DB database | |||||
ECCM_POSTGRES_PASSWORD | Parameter that allows to override the default password for accessing the ECCM_POSTGRES_DB database | |||||
| 10m | Interval for displaying push notifications in the web interface when a license acquisition error occurs | ||||
| 60m | Telegram/email notification interval when a license acquisition error occurs | ||||
| 1 | Current node number. Must be unique in the reservation scheme | ||||
| 1G | Physical memory limitation for a Docker container | ||||
| | Path to the certificate file for HTTPS | ||||
| | Path to the file with the key for HTTPS | ||||
KEY_PASS_PATH | ./cert/key.pass | Path to the file with the key password for HTTPS | ||||
| | The port on which ECCM will be available via HTTPS | ||||
LOGGING_ASPECT_ENABLED | false | Enabling logging via service aspects. The aspect logs all inputs and outputs from methods, their parameters, and return values.
| ||||
|
| Maximum number of container log files | ||||
| 50M | Maximum size of container log files | ||||
| true | Enable container log file compression | ||||
AUTH_ECCM_AUTHENTICATION_ENABLED | false | Enabling authentication using local accounts |
Web interface access
To connect to the ECCM web interface, open a browser and enter the following in the address bar:
...
| Подсказка |
|---|
The default login is 'eccm', password 'eccm'. |
Якорь Composetools Composetools
Options used by compose-tools.sh
| Composetools | |
| Composetools |
| Option | Description | ||
|---|---|---|---|
| --clean, -c | Cleaning all containers, volumes, and networks | ||
| --delete-containers | Removing containers without removing volumes and networks | ||
| --dhcp | Activation of a DHCP server with support for Zero Touch Provisioning (ZTP) functionality, which automatically adds devices to the system | ||
| --database-host <HOST> | IP address for connecting to an external PostgreSQL database installed on another host. Do not use if the PostgreSQL database is running on the host with ЕССM | ||
| --database-port <PORT> | Port for connecting to an external PostgreSQL database installed on another host. Do not use if the PostgreSQL database is running on the host with ЕССM | ||
| --help, -h | Calling up reference information | ||
| --https | Activation of https support mode. Requires a certificate. | ||
| --install | Installing Docker and Docker Compose on the host | ||
| --interactive, -i | Start the system in interactive mode. Use with the --start key | ||
| --load | Load all available .tar.gz archives from the image directory into docker | ||
| --logging, -l <LEVEL> | Set the logging level for the ESSM project. Available values: DEBUG, INFO | ||
| --logging-aspect | Enabling logging via service aspects. The aspect logs all entries and exits from methods, their parameters, and return values. It is not recommended to enable this parameter during normal system operation | ||
| --metrics, -m | Launching the system in metric collection mode. In this mode, Grafana, Prometheus, and additional monitoring tools for the host, Docker containers, and PostgreSQL databases are launched. The Grafana web interface is available at http://<IP_ECCM>:3000 | ||
| --pull, -p | Downloading/updating images before system launch | ||
| --rootlog <LEVEL> | Set the logging level for all projects. Available values: DEBUG, INFO | ||
| --save | Saving all Docker images to .tar.gz archives | ||
| --start, -s <ADDRESS> | Running the system with the IP address that will be used to connect to the server | ||
| --stop | System shutdown | ||
| --storage <ADDRESS> | ECCM address in the device management network (backbone). Used to store device firmware | ||
| --tracing, -t <ADDRESS> | Activation of the Jaeger OpenTracing tracing service. It is necessary to specify the IP address of the Jaeger server | ||
| --show-containers | Show all containers on the server | ||
| --show-images | Show all images on the server | ||
| --recreate-service <SERVICE> | Recreate the container with new parameters
|
Scroll Pagebreak
Examples of use
To install Docker and Docker-compose on the host, run the command:
...
| Блок кода |
|---|
sudo ./compose-tools.sh --recreate-service monitoring-service |
Known issues and solution methods
Possible errors during project installation
Error:
E: Cannot find the conntrack package...
| Блок кода |
|---|
echo "deb https://download.astralinux.ru/astra/stable/1.7_x86-64/repository-extended/ 1.7_x86-64 main contrib non-free" | sudo tee -a /etc/apt/sources.list sudo ./compose-tools.sh --install |
Possible errors during project launching
Error:
ERROR: Couldn't connect to Docker daemon at http+[docker://localhost](docker://localhost) - is it running?...
| Блок кода |
|---|
sudo docker network inspect $(docker network ls --filter "DRIVER=bridge" --format '{{ .Name }}') -f '{{ .Name }} {{ (index .IPAM.Config 0).Subnet }}' |
Possible errors during the work of the project
Error: monitoring is not working correctly, device metrics are not collected.
...
-ECCM_MONITORING_SERVICE_XMX=1G <--- old value
+ECCM_MONITORING_SERVICE_XMX=2G <--- new value
Possible errors when stopping a project
Error:
ERROR: error while removing network: network eccm_eltex-internal id 324bd72dd9c107cf2ea48effb75d9e7ad2dfbc8f5f7317b89cd7f318d61d5c4b has active endpoints...
| Блок кода |
|---|
sudo systemctl restart docker |
Scroll Pagebreak
Possible authentication errors
Error: Unable to authenticate with an LDAP account.
...
Local account authentication will then be available.Scroll Pagebreak
Якорь Techsupp Techsupp
Recommendations for ECCM technical support requests
| Techsupp | |
| Techsupp |
Contact the company's Service Center for advice on system operation. Refer to the last page of this manual for contact methods.
...
- The installed version of ECCM and the license used;
- Whether there is access to the Internet from the server where the firmware is deployed (no access, direct access, via NAT, via Proxy, etc.);
- The time the issue occurred (preferably as accurate as possible);
- Screenshot or video file if the issue occurred in the browser GUI;
- Device information (this could be device IP address, device model) if the problem was related to some device.
Defining the ECCM version and license
It is possible to determine the installed version of ECCM using one of the following methods:
...
The license can be attached from the source file or uploaded from the ECCM web interface.
Якорь Script Script
Information collection script
| Script | |
| Script |
The script automates the collection of metrics from the ECCM system, and then packages them into a compressed archive for more convenient transportation. Designed to run on Linux/Ubuntu OS.
...