5.2. Configuration
Configuration of LMS-MGC is held in lms-mgc.ini file.
5.2.1. Section [database] - database setup
type
Database type. Currently only 'mysql' is 100% supported, however there seems to be no significant problems with 'postgres'. Default: mysql
Example: type = mysql
host
Database host. Usually localhost, but you can set it to anything (IP, domain, path to socket in 'localhost:/path/to/socket' format). Default: localhost
Example: host = localhost
user
Database user. In most cases (if you followed this documentation) it should be 'lms'. If you want to use privileged account, you should enter 'root' (MySQL on *nices), 'mysql' (on PLD) or 'postgres' (PostgreSQL). Default: root
Example: user = mysql
password
Database password. Default: empty.
Example: password = secret_password
database
Database name. Default: lms.
Example: database = lms
5.2.2. Section [mgc] - list of instances
Significant parts of configuration are placed in section [mgc] and its derivative sections. In [mgc] alone you can use the following parameter:
instances
List of instances (separated by spaces).
Example: instances = dhcp firewall squid
 | You can also place instances variable in any derivative instance section. See below. |
5.2.3. Section [mgc:xxx] - instance configuration
Each instance has its name and its configuration is created by creating derivative section of name [mgc:name], eg. [mgc:mydaemon]
All of those sections may include following configuration options:
instances
This variable allows you to group a list of other instances (eg. instances = ins1 ins2 ins3), and then call your mgc with 'lms-mgc -i mydaemon' instead of 'lms-mgc -i "ins1 ins2 ins3"'. If you use this variable all other settings in this section will be ignored.
Example: instances = dns1 dns2 dns3
outfile
Output file, where instance structured dump will be saved (instance will quit instantly if this variable is not set).
Example: outfile = /etc/somefile
append
It allows you to define to not overwrite outfile, but append to its end instead.
Example: append = 1
outfile_perm
Permissions for output file. Default: 600 (-rw-------)
Example: outfile_perm = 700
outfile_owner
UID of output file owner. Default: 0
Example: outfile_owner = 0
You have to provide numerical UID, not username!
outfile_group
GID of output file owner. Default: 0
Example: outfile_group = 0
You have to provide numerical GID, not group name!
header_file
Filename, that should be prepended at beginning of output file. Default: unset
Example: header_file = /etc/lms/myservice_header
header
String, which should be put at beginning of output file. Default: unset
Example: header = option1 = blah\noption2 = blab-la
You should use \n as line separator. You may omit line separator at the end of last line.
customergroups
>List of (space separated) groups of customers, that should be considered while creating configuration file. If unset, configuration will include all groups.
Example: customergroups = group1 group2
excluded_customergroups
>List of (space separated) groups of customers, that should be ommited while creating configuration file.
Example: excluded_customergroups = group3 group4
networks
>List of (space separated) networks, that should be considered while creating configuration file. If unset, configuration will include all networks.
Example: networks = cust1-publ cust2-publ cust3-priv
excluded_networks
>List of (space separated) networks, that should be ommited while creating configuration file.
Example: excluded_networks = cust4-publ cust5-publ
Mgc script now loops for each network and performs the following tasks:
network_header
String, which should be put at beginning of network section. Default: empty
Example: network_header = network %ADDR/%MASK { # Config section for %NAME
dst_networks
List of destination network names, for which dst_network_header variable (see below) will be used. Default: all
Example: dst_networks = main coalloc
dst_network_header
Lets you to set destination networks header.
Example: dst_network_header = \tallow to %DADDR/%DMASK;
network_body
This parameter is parsed after network headers and before IP addresses loop.
Example: network_body = \tnodes {
Mgc script now loops into below rules for each IP address for given range. It takes each IP address and checks if a rule is defined for this address, if yes - it executes first rule that matches. Matches are being parsed in specific order, as described below:
ignore
Lets you setup list of addresses (in address/prefix or address/netmask form, space separated) which should be skipped.
Example: ignore = 192.168.0.100/32
node(IP)
Allows you to add line for given IP address. IP address should be provided in parenthesis. Each section may have unlimited number of such options.
Example: node(192.168.0.20) = ??
allnodes
Adds line for each non-ignored IP address.
Example: allnodes = ??
allexistnodes
Adds line for each IP address that is 'owner' by a computer in database.
Example: allexistnodes = ??
netdevnode
Adds line for each IP address of network device.
Example: netdevnode = ??
grantednode_priv
Adds line for each IP address with 'connected' status in database (parsed only for private address pools).
Example: grantednode_priv = \t\tnode %NAME (%IP/%MAC) unique %ID;
grantednode_publ
Adds line for each IP address with 'connected' status in database (parsed only for public address pools).
Example: grantednode_publ = \t\tnode %NAME (%IP/%MAC) unique %ID;
deniednode_priv
Adds line for each IP address with 'disconnected' status in database (parsed only for private address pools).
Example: deniednode_priv = node %NAME (%IP/%MAC) unique %ID deny;
deniednode_publ
Adds line for each IP address with 'disconnected' status in database (parsed only for public address pools).
Example: deniednode_publ = node %NAME (%IP/%MAC) unique %ID deny;
dhcpnode_priv
Adds line for each IP address within DHCP dynamic range (parsed only for private address pools).
Example: dhcpnode_priv = node unknown (%IP) reject;
dhcpnode_publ
Adds line for each IP address within DHCP dynamic range (parsed only for public address pools).
Example: dhcpnode_publ = node unknown (%IP) reject;
freeip_priv
Adds line for each IP address that is not occupied by any computer in database (parsed only for private address pools).
Example: freeip_priv = node unknown (%IP) lock_as_unused;
freeip_publ
Adds line for each IP address that is not occupied by any computer in database (parsed only for public address pools).
Example: freeip_publ = node unknown (%IP) lock_as_unused;
default_priv
Default line, which is inserted when none of grantednode or deniednode matches for given IP address (parsed only for private address pools)
Example: default_priv = node unknown (%IP) lock_as_intruder;
Mgc automatically detects if given address belongs to private or public network.
default_publ
Default line, which is inserted when none of grantednode or deniednode matches for given IP address (parsed only for public address pools)
Example: default_publ = node unknown (%IP) lock_as_intruder;
Mgc now is ready to append final part of the file and execute system command.
network_footer
Adds line for currently processed network.
Example: network_footer = ??
footer_file
Filename, that should be appended at the end of output file. Default: unset
Example: footer_file = /etc/lms/myservice_footer
footer
String, which should be put at the end of output file. Default: unset
Example: footer = # End.
post_exec
System command that should be executed after saving output file.
Example: post_exec = killall -HUP mydaemon
5.2.4. Configuration variables
You can use the following templates in your configuration variables. They all will be substituted with appropriate data from LMS database.
Computer templates:
%IP - IP address
%PUBIP - second (public) IP address
%PIN - PIN of customer who owns node
%ID - ID of computer
%MAC - MAC address
%SMAC - MAC address in lowercase and without colon separators
%CMAC - MAC address in CISCO format (FFFF.FFFF.FFFF)
%OWNER - owner's ID
%CUSTOMER - owner's lastname and name
%NAME - computer name, in uppercase
%name - computer name, in lowercase
%INFO - computer description
%PASSWD - node password
%PORT - device's port, to which node is connected
%UPRATE - guaranteed upload rate
%NUPRATE - guaranteed upload rate (for night hours)
%DOWNRATE - guaranteed download rate
%NDOWNRATE - guaranteed download rate (for night hours)
%UPCEIL - maximum upload rate
%NUPCEIL - maximum upload rate (for night hours)
%DOWNCEIL - maximum download rate
%NDOWNCEIL - maximum download rate (for night hours)
%CLIMIT - limit of concurrent connections
%NCLIMIT - limit of concurrent connections (for night hours)
%PLIMIT - maximum number of packets per second
%NPLIMIT - maximum number of packets per second (for night hours)
%1 %2 %3 %4 - consecutive (left to right) decimal octets of IP address
%NID - network ID where computer belongs
%NNAME - network name, in uppercase
%nname - network name, in lowercase
%NADDR - network address
%NIFACE - network interface
%NMASK - network mask
%NGATE - network gateway IP address
%NDNS - primary DNS server IP address
%NDNS2 - secondary DNS server IP address
%NDOMAIN - domain name of the network
%NWINS - WINS server IP address
%NDHCPS - first IP address of dynamic DHCP range
%NDHCPE - last IP address of dynamic DHCP range
Network templates (for sections relevant to networks only):
%ID - network ID
%NAME - network name, in uppercase
%name - network name, in lowercase
%ADDR - network IP address
%IFACE - network interface
%MASK - network IP mask
%GATE - network gateway IP address
%DNS - primary DNS server IP address
%DNS2 - secondary DNS server IP address
%DOMAIN - domain name of the network
%WINS - WINS server IP address for the network
%DHCPS - first IP address of dynamic DHCP range for the network
%DHCPE - last IP address of dynamic DHCP range for the network
| Additionally, dst_network_header variable may include above templates prepended with D (ie. %DADDR, %dname) to get data relevant to destination networks. |
Templates which can be used everywhere:
%DATE - date in YYYYMMDD format;
%TIME - time in HHMM format;
%TIMES - time in HHMMSS format;
%UTIME - time in unix timestamp format;