ECSS-10 EN
Дерево страниц
Перейти к концу метаданных
Переход к началу метаданных

The ECSS-10 system management interface based on the command line (Command Line Interface — CLI) is implemented via the CoCon subsystem (Command Console).
CoCon is a distributed management console that allows you to manage ECSS-10 subsystems from one place (using a single connection).

Rules for working with the command line

By default, the CoCon is available via SSH version 2 (port 8023).

Command to connect to the console:

ssh USER@HOST -p 8023

The connection can be made to any host running at least one ECSS-10 node. Through such a connection, access to the ECSS-10 functionality will be provided.

The connection can be made to any host running at least one ECSS-10 node. Through such a connection, access to the ECSS-10 functionality will be provided.

ECSS-10 system management commands are grouped into a tree-like structure resembling a file system. Files are commands, and directories are a logical grouping of commands (linked to a specific subsystem).

The scope of commands works in such a way that commands that are declared in the root directory are available anywhere in the file system (global commands), all other commands work in the directory where they are declared.

There are two ways to execute the command:

  1. Go to the needed directory using the cd command and execute the command in this directory — this allows using less voluminous commands.
    To indicate the current directory where the user is located, the system prompt string is dynamically changed.

    To run a command from the current directory, type ./ (dot-slash) before the command name.

    Examples:

    a. go to the /domain/eltex.local directory

    /ss: ssw@[mycelium@ecss3]:/#> cd domain/eltex.local
/ss/ ssw@[mycelium@ecss3]:/domain/eltex.local/ss#>

    b. run the "info" command in the specified directory:

    ssw@[mycelium@ecss3]:/domain/eltex.local/ss#> ./info

  2. Write the path to the command (absolute or relative path):

    ssw@[mycelium@ecss3]:/#> domain/eltex.local/ss/info

    Global commands are executed without specifying a path.

    The access rights defined for the user restrict the user's ability to execute commands. Commands that are not available for execution by a specific user will not be displayed in the appropriate places of the file system, and the user will not be able to execute them.

    To simplify the use of the command line, the interface supports the automatic addition of commands. This function is activated when an incomplete command is typed and the tab <Tab> is entered. Another function of <Tab> is to view the commands available for input in the current directory.

    There are two ways to get reference information about the command and its parameters at any stage of entering a command:
    1. entering man command before the main command:

    > man shell-trace

    2. entering -h combination after the command:

    > shell-trace -h

In the final output of the command, there is information about the date/time, speed of command execution, as well as the node and its version on which the command was executed. Example:

admin@mycelium1@ecss1:/$ restfs/list 
┌────────────┬──────────────────────────────┬─────────┐
│Cluster name│             Peer             │ Status  │
├────────────┼──────────────────────────────┼─────────┤
│default     │http://system.restfs.ecss:9990│connected│
└────────────┴──────────────────────────────┴─────────┘
Succesfull

[exec at: 12.01.2021 15:49:19, exec time: 35ms, nodes: core1@ecss1 v.3.14.7.427]

Authorization by key

For authorization, add your public key (located on the path ~/.ssh/*.pub) via the CoCon interface:

admin@[mycelium1@ecss1]:/$ /shell-options public-key add ssh-rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCw7sJZltBfbooyv2T3Bsz/l01SM53XfNkJzN9DxPKq8kH4FRKf8NJWRHpLAWmBElUmp5APxWLfR74ncTYGrRIUj+u8ygZav1YYbgOrTgNwyFaJUurg2LVymLd9+Q/wA7ORxomuhLMGaiSfaOUyoO1xE5opZU65IpZhuyVrNOGZLQ== test@gmail.com

Check the list with the command:

admin@[mycelium1@ecss1]:/$ ./shell-options public-key list

Remove it with the command:

admin@[mycelium1@ecss1]:/$ /shell-options public-key delete ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCw7sJZltBfbooyv2T3Bsz/l01SM53XfNkJzN9DxPKq8kH4FRKf8NJWRHpLAWmBElUmp5APxWLfR74ncTYGrRIUj+u8ygZav1YYbgOrTgNwyFaJUurg2LVymLd9+Q/wA7ORxomuhLMGaiSfaOUyoO1xE5opZU65IpZhuyVrNOGZLQ== test@gmail.com

Access rights to commands

Below is a list of access groups to CoCon commands, and what rights the user must have in order to execute this command:

  • -any- — any user can execute a command with these rights;
  • -root- — only the ecss-root user can execute this command;
  • ecss-user — a user with ecss-user, ecss-admin rights can execute this command;
  • ecss-admin — a user with ecss-admin rights can execute this command;
  • ecss-<DOMAIN>-user — a user with the ecss-<DOMAIN>-user, _ecss-<DOMAIN>-admin, ecss-user, ecss-admin rights can execute this command;
  • ecss-<DOMAIN>-admin — a user with ecss-<DOMAIN>-admin, ecss-admin rights can execute this command.

Principles of forming a virtual file system in the CLI

The CoCon command line looks as follows:

ssw@[mycelium@ecss3]:/cluster/core/core1$ ▋
└┬┘ └───┬───┘ └─┬─┘  └─────────┬───────┘ └┬┘
 │      │       │              │          └ prompt to enter a command
 │      │       │              │
 │      │       │              └─────────── current absolute path
 │      │       │
 │      │       └────────────────────────── name of the server to which the console is connected
 │      │
 │      └────────────────────────────────── name of the node to which the console is connected
 │
 └───────────────────────────────────────── name of the user on whose behalf the current connection is being made

The list or tree of available commands can be viewed by the ls command from any directory of the virtual file system, see the description:

admin@ds1@ecss1:/$ man ls
List directory content
    Usage: ls [-Flags] [Path]
        Flags: d - list directory entries
               f - list file entries
               a - show hidden entries
               t - tree, show files in all subdirectories of Path
               l - use a long listing format

                   Format:

                   ---------------------------------------------------
                   | name* | desctination* | is_executable* | group* |
                   ---------------------------------------------------
                   |       |               |                |        |

                      *name          - command name
                      *group         - user group that can execute command, 
                      *destination   - where the command is executed, could be node name or node group name
                      *is_executable - in case of command, asterisk means that current user could execute this command (command can be executed)
                                       in case if folder - folder contains "asterisked" commands

               Default: ls -fd .

The man command before any command or the -h key after it displays documentation on the purpose and use of the command.

Ccnexec system service

This service allows executing CoCon commands from the shell without connecting to it.

Usage help:

sasha@ecss1:/$ /usr/bin/ccnexec -h
Execute cocon commands from linux shell

Usage:
   Connect to cocon using username/password:
       ccnexec -u <User> [-p <Pass>] [<Host>:[<Port>]] [-o <OutputFile>] [-f <Filename> | -c Command [Arg1 Arg2 ...]]

   Connect to cocon using cookie file:
       ccnexec -k                    [<Host>:[<Port>]] [-o <OutputFile>] [-f <Filename> | -c Command [Arg1 Arg2 ...]]
       ccnexec -K <CookieFile>       [<Host>:[<Port>]] [-o <OutputFile>] [-f <Filename> | -c Command [Arg1 Arg2 ...]]

   Generate cookie:
       ccnexec -u <User> [-p <Pass>] -S <CookieFile> [<Host>:[<Port>]]
       ccnexec -u <User> [-p <Pass>] -s              [<Host>:[<Port>]]

  Read commands from std input if -f and -c are not specified.
  By default read cocon password for user <User> from std input, until -p option is not set.
  If you don't want to enter password interactively you better use cocon cookie file instead of -p option because of security reasons. DO NOT FORGET to set -rw------- permissions to your cookie file.
  Connect to cocon node at <Host>:<Port>, (localhost:8024 - by default).

    -u <User>   - specifies cocon user to be used when connect to cocon
    -p <Pass>   - specifies cocon password to be used when connect to cocon (insecure)
    -k          - use cocon cookie instead of username and password (use <HomeDir>/.ccn_cookie by default)
    -K <Cookie> - use file <Cookie> instead of standard cookie (see -k option)
    -o <File>   - file to write commands output (it's not the same as using of "./ccnexec > <File>" syntax)
    -f <File>   - file to read cocon commands to execute (it's not the same as using of "cat <File> | ./ccnexec" syntax)
    -c <Cmd> [<Args>] - execute one command, should be the last option because command args are separated by spaces
    -s          - generate new cookie and save it to <HomeDir>/.ccn_cookie
    -S <Cookie> - generate new cookie and save it to file <Cookie>

Additional options:
    -A    - stop execution if error occurs
    -P    - read passwords from file (if -f option is specified)
    -i    - be interactive, use std io for modal dialogs (no sense if -c is specified)

Examples:

    user@ecss1:~/Work $ ccnexec -u support -c /node/ecss_mycelium@ecss1/info releases
    Enter password: 
    RELEASES:
    ecss_mycelium 2.9.2.19 permanent

    user@ecss1:~/Work $ ccnexec -k -c /node/ecss_mycelium@ecss1/info releases
    RELEASES:
    ecss_mycelium 2.9.2.19 permanent
  • Нет меток