NOAA/seiscomp-training
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[installation] Init with inital config for global

Browse Source
This commit is contained in:
Dirk Rössler
2025-10-30 15:08:17 +01:00
commit 7640b452ed
3678 changed files with 2200095 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

598
etc/descriptions/caps.xml Normal file
View File

@ -0,0 +1,598 @@
<?xml version="1.0" encoding="UTF-8"?>
<seiscomp>
<module name="caps" category="Acquisition">
<description>Realtime and archive waveform server</description>
<command-line>
<synopsis>
caps [options]
</synopsis>
<group name="Generic">
<optionReference>generic#help</optionReference>
<optionReference>generic#version</optionReference>
<optionReference>generic#config-file</optionReference>
<optionReference>generic#plugins</optionReference>
<optionReference>generic#daemon</optionReference>
</group>
<group name="Verbosity">
<optionReference>verbosity#verbosity</optionReference>
<optionReference>verbosity#v</optionReference>
<optionReference>verbosity#quiet</optionReference>
<optionReference>verbosity#print-component</optionReference>
<optionReference>verbosity#print-context</optionReference>
<optionReference>verbosity#component</optionReference>
<optionReference>verbosity#syslog</optionReference>
<optionReference>verbosity#lockfile</optionReference>
<optionReference>verbosity#console</optionReference>
<optionReference>verbosity#debug</optionReference>
<optionReference>verbosity#trace</optionReference>
<optionReference>verbosity#log-file</optionReference>
</group>
<group name="Server">
<option long-flag="server-port" flag="p" argument="int" param-ref="AS.port"/>
<option long-flag="server-ssl-port" argument="int" param-ref="AS.SSL.port"/>
<option long-flag="plugin-port" flag="P" argument="int" param-ref="AS.plugins.port"/>
<option long-flag="http-port" argument="int" param-ref="AS.http.port"/>
<option flag="" long-flag="read-only">
<description>
Do not store any packets.
</description>
</option>
</group>
<group name="Test">
<option flag="" long-flag="configtest">
<description>
Run a configuration file syntax test. It parses the
configuration files and either reports Syntax Ok or detailed
information about the particular syntax error.
</description>
</option>
<option flag="" long-flag="print-access">
<description>
Print access information for one or more channels from a
given IP and a user with password, format: NET.STA.LOC.CHA,
e.g.,
IP check
caps --print-access GE.*.*.* 127.0.0.1
IP and user:password check
caps --print-access GE.APE.*.* --user gempa:gempa 127.0.0.1
The stream ID filter supports wildcards. Use option -v to
enable the trace mode to get detailed information about the
rule evaluation.
</description>
</option>
<option flag="u" long-flag="user">
<description>
Server user and password. Format: user:password .
</description>
</option>
</group>
</command-line>
<configuration>
<group name="AS">
<description>CAPS server control parameters</description>
<parameter name="filebase" type="string" default="@ROOTDIR@/var/lib/caps/archive">
<description>
Defines the path to the archive directory.
</description>
</parameter>
<parameter name="port" type="int" default="18002">
<description>
Defines the server port for client requests.
</description>
</parameter>
<parameter name="clientBufferSize" type="int" default="16384" unit="B">
<description>
Size of the client buffer in bytes. In case the client fails to read the buffered data
in time (buffer overflow) the connection falls back to archive requests.
</description>
</parameter>
<parameter name="minDelay" type="int" default="-1" unit="s">
<description>
Limits the retrieval of real-time data. The value
specifies the maximum relative end time of the time range
to be requested. The maximum absolute end time is
now - minDelay. This is only valid for FDSNWS and WWS.
</description>
</parameter>
<parameter name="inventory" type="path" default="">
<description>
The path to an optional inventory XML file with SeisComP3
schema. This inventory information is used by WWS to populate
the channel coordinates. In future possibly more endpoints
will make use of it.
</description>
</parameter>
<parameter name="logRequests" type="boolean" default="false">
<description>
Whether to maintain a request log file or not. Each request
will be logged and partly traced.
</description>
</parameter>
<parameter name="logAnonymousIP" type="boolean" default="false">
<description>
Log only parts of the IP to respect users privacy.
</description>
</parameter>
<parameter name="logPurge" type="boolean" default="false">
<description>
Whether to maintain a purge log file or not. Each purge
operation will be logged.
</description>
</parameter>
<parameter name="allow" type="list:string" default="">
<description>
List of IPs which are allowed to access the caps(s) port.
By default access is unrestricted.
</description>
</parameter>
<parameter name="deny" type="list:string" default="">
<description>
List of IPs which are not allowed to access the caps(s) port.
By default access is unrestricted.
</description>
</parameter>
<group name="filebase">
<description>
File buffer control parameters
</description>
<parameter name="logFile" type="path">
<description>
The path to the archive log file which contains the
stream start and end times. By default it is written
to $filebase/archive.log.
</description>
</parameter>
<group name="cache">
<description>
CAPS does not keep all files of all streams open. It
tries to keep open the most frequently used files and closes
all others. The more files CAPS can keep open the faster
the population of the archive. The limit of open
files depends on the security settings of the user under
which CAPS is running.
</description>
<parameter name="openFileLimit" type="int" default="250">
<description>
The maximum number of open files. Because a stream
file can have an associated index file this value
is half of the physically opened files in worst case.
</description>
</parameter>
<parameter name="unusedFileLimit" type="int" default="1000">
<description>
Limit of cached files in total. This value affects also
files that are actually explicitly closed by the
application. CAPS will keep them open (respecting
the openFileLimit parameter) as long as possible and
preserve a file handle to speed up reopening the
file later.
</description>
</parameter>
</group>
<group name="params">
<parameter name="writeMetaOnClose" type="boolean" default="false">
<description>
This is an optimization to write the datafile meta record only
on file close and not every time a new record has been added
to a file. To save IO bandwidth when handling many channels,
this could be helpful.
</description>
</parameter>
<parameter name="alignIndexPages" type="boolean" default="false">
<description>
This forces to align index pages in the file at 4k boundaries.
In order to achieve that, NULL chunks must be inserted to
allow padding. This will lead to less device page updates
but slightly larger data files.
</description>
</parameter>
<parameter name="priority" type="int" default="0">
<description>
A value greater than 0 will raise the write thread
priority to the given value. This value is in
accordance to the pthread_setschedparam function.
</description>
</parameter>
<parameter name="q" type="int" default="1000">
<description>
The real-time notification queue size.
</description>
</parameter>
<parameter name="concurrency" type="int" default="1">
<description>
The number of concurrent writes to the database. The
higher the value the more concurrent write operations
are issued distributed across the files. A single file
can only be updated sequentially. This value is most
effective if many records of different channels are
pushed, like the output of scmssort.
</description>
</parameter>
</group>
<parameter name="keep" type="list:string" default="*.*.*.*:-1">
<description>
Number of days to keep data per stream ID before
&quot;AS.filebase.purge.referenceTime&quot;. For
stream-specific configuration create a list of pairs
consisting of stream ID : days. Separate pairs by
comma. The first occurrence in the list takes priority.
Example keeping all streams but AM.* and GR.* for 14 days:
GR.*:-1, AM.*.*.*:365, *.*.*.*:14
Default (empty parameter) or -1: keep all data forever.
</description>
</parameter>
<group name="purge">
<description>
Parameters controlling IO resources occupied by the purge operation.
The deletion of many data files at once may have a significant impact
on the server performance. E.g. if the server did not run for a while
or the keep parameter was reduced significantly, the purge operation
may slow down the processing of real-time data.
</description>
<parameter name="referenceTime" type="string" default="EndTime" values="EndTime,Now">
<description>
The reference time defining the end of the time window
to keep the data. The window length is set by
&quot;AS.filebase.keep&quot;.
Data outside the window will be purged. Available values:
EndTime: The reference time is the end time per stream.
This keeps older data if no more recent data arrive.
Now: The reference time is current time. This
deletes old data even if no recent data arrive.
</description>
</parameter>
<parameter name="idleTime" type="double" default="5" unit="s">
<description>
Idle time between two purge runs.
</description>
</parameter>
<parameter name="initIdleTime" type="double" default="0" unit="s">
<description>
Idle time before the first purge run starts. Normally
after a start the server tries to catch up all data which
might be an IO intensive operation. In case of a huge archive the purge
operation slow downs the read/write performace of the system too. To
reduce the load at start it is a good idea to postpone this operation.
</description>
</parameter>
<parameter name="maxProcessTime" type="double" default="1" unit="s">
<description>
Maximum processing time for one purge run. If exceeded the
purge task will pause for AS.filebase.purge.idleTime
seconds freeing IO resources.
</description>
</parameter>
<parameter name="startTime" type="string" default="00:30">
<description>
Time of the day when to run the daily purge run. Time is in UTC.
</description>
</parameter>
</group>
<parameter name="preallocationSize" type="int" default="65535" unit="B">
<description>
Preallocation size of data files in bytes. Some file system allow to reserve
disk space for files in advance. Especially on spinning disks the read
performance will be improved if data can be read sequentially. The speed is
traded for disk space consumed by the file since its size will be a multiple
of the specified value. Set the value to 0 to disable this feature.
</description>
</parameter>
</group>
<group name="SSL">
<description>
Parameters for SSL-based data requests
</description>
<parameter name="port" type="int">
<description>
Defines the SSL server port for client requests. By default
SSL requests are disabled.
</description>
</parameter>
<parameter name="certificate" type="string">
<description>
Defines the path to the SSL certificate to use.
</description>
</parameter>
<parameter name="key" type="string">
<description>
Defines the path to the private SSL key to use. This key
is not shared with clients.
</description>
</parameter>
</group>
<group name="auth">
<description>
Parameters controlling the authentication system for data requests
based on user ID, IP addresses, access roles and access control lists.
</description>
<parameter name="backend" type="string" default="basic">
<description>
The server provides an authentication plug-in interface. An authentication plugin
implements access control checks. It is free where it gets the access information from e.g
from a local database/file or a remote server. The option sets which authentication plugin
should be used for authentication. Don't forget to load the plugin in the plugin section.
The basic plugin is built-in.
</description>
</parameter>
<group name="basic">
<description>
Basic authentication parameters. The configuration can
be reloaded without restarting the server. Use
&quot;seiscomp reload caps`&quot; to reload the
authentication parameters without a restart.
</description>
<parameter name="access-list" type="file" default="@SYSTEMCONFIGDIR@/caps/access.cfg">
<description>
Path to the access control list controlling access based on rules.
By default access is unrestricted. Allow rules are evaluated first.
AM.DENY = 127.0.0.1
AM.ALLOW = 127.0.0.1
This example rule set prohibits all AM network stations for localhost because
the DENY rule is evaluated after the ALLOW rule.
IP restrictions apply to the guest user only. In addition to IPs the access can
be also restricted by user or group. In the latter case
the &quot;%&quot; must be placed in front of the group name. Here an example:
AM.ALLOW = %users
AM.R44F5.ALLOW = sysop
Rules are evaluated on the basis of one another. This can lead to misunderstandings. Here an
example:
AM.ALLOW = sysop
This rule will allow the AM network for sysop only. But
DENY = %users
AM.ALLOW = sysop
will allow the access to the AM network for all users except those are member of the group users.
</description>
</parameter>
<group name="users">
<parameter name="shadow" type="file" default="@SYSTEMCONFIGDIR@/caps/shadow.cfg">
<description>
Location of the users authentication file. For each user one line
of the following format must exist:
username:encrypted_pwd
To encrypt the password mkpasswd can be used. It is recommended to
apply a strong algorithm such as sha-256 or sha-512. The command
u=sysop pw=`mkpasswd -m sha-512` &amp;&amp; echo $u:$pw
generates one line for user &quot;sysop&quot;.
Add the line to the authentication file.
</description>
</parameter>
<parameter name="passwd" type="file" default="@SYSTEMCONFIGDIR@/caps/passwd.cfg">
<description>
Location of the users access control file. Each
line starts with a user ID (uid) or a group ID (gid)
and a list of access properties in the form:
uid:prop1,prop2
or
%gid:prop1,prop2
&quot;%&quot; indicates a gid instead of a uid.
The properties grant access to certain CAPS
features. Supported access property values are:
read, write, admin.
</description>
</parameter>
<parameter name="group" type="file" default="@SYSTEMCONFIGDIR@/caps/group.cfg">
<description>
Location of the optional group file. Each line maps a group id
to a list of users in format
gid:user1,user2,user3
</description>
</parameter>
</group>
</group>
</group>
<group name="plugins">
<parameter name="port" type="int" default="18003">
<description>
Defines the server port to use for plugin connections.
</description>
</parameter>
<parameter name="allow" type="list:string" default="">
<description>
List of IPs which are allowed to access the plugin port.
By default access is unrestricted.
</description>
</parameter>
<parameter name="deny" type="list:string" default="">
<description>
List of IPs which are not allowed to access the plugin port.
By default access is unrestricted.
</description>
</parameter>
<group name="SSL">
<parameter name="port" type="int">
<description>
Defines the SSL server port to use for plugin SSL connections.
The SSL port is disabled by default.
</description>
</parameter>
<parameter name="certificate" type="string">
<description>
Defines the path to the SSL certificate to use.
</description>
</parameter>
<parameter name="key" type="string">
<description>
Defines the path to the private SSL key to use. This key
is not shared with clients.
</description>
</parameter>
</group>
</group>
<group name="http">
<description>
Web interface control parameters
</description>
<parameter name="port" type="int">
<description>
Defines the server port for HTTP connections. By default the Web interface is disabled.
Typical value: 18081
</description>
</parameter>
<parameter name="allow" type="list:string" default="">
<description>
List of IPs which are allowed to access the http(s) port.
By default access is unrestricted.
</description>
</parameter>
<parameter name="deny" type="list:string" default="">
<description>
List of IPs which are not allowed to access the http(s) port.
By default access is unrestricted.
</description>
</parameter>
<parameter name="resolveProxyClient" type="boolean" default="false">
<description>
Sets if the X-Forwarded-For HTTP header is evaluated to
retrieve the real client IP address from a proxy server.
This is important if the web frontend is behind a proxy,
e.g. Apache. Since data access is configured per IP, the
real IP is required to grant access to requested channels.
Enabling this opens a possible security hole as clients
can then easily spoof their IP if the proxy does not
correctly maintain this header or if CAPS does not run
behind a proxy.
</description>
</parameter>
<parameter name="disableBasicAuthorization" type="boolean" default="false">
<description>
Controls whether basic authorization is enabled or not.
In case you are running CAPS behind a proxy which already
configures basic authorization then enable this flag.
If basic authorization is disabled then the default
HTTP user should have access without a password.
</description>
</parameter>
<parameter name="fdsnws" type="string" default="">
<description>
Sets the optional relative FDSNWS path which is being
used by the CAPS frontend client. Do not append
&quot;fdsnws/dataselect/1/query&quot; as this is done
automatically. Set it to &quot;/&quot; if the CAPS
frontend is running with a relative path behind e.g.
Nginx.
</description>
</parameter>
<group name="SSL">
<description>
Use https instead of http when setting the following parameters
</description>
<parameter name="port" type="int">
<description>
Defines the server port for HTTPS connections.
By default the SSL Web interface is disabled.
</description>
</parameter>
<parameter name="certificate" type="string">
<description>
Defines the path to the SSL certificate to use.
</description>
</parameter>
<parameter name="key" type="string">
<description>
Defines the path to the private SSL key to use. This
key is not shared with clients.
</description>
</parameter>
</group>
</group>
<group name="FDSNWS">
<description>
FDSNWS control parameters for dataselect. The FDSNWS service
is provided through the &quot;AS.http.port&quot;.
</description>
<parameter name="maxTimeWindow" type="int" unit="s" default ="0">
<description>
Maximum length of time window per request. A value
greater than zero limits the maximum request time window
including all data. 0 disables the limit.
</description>
</parameter>
<parameter name="maxRequests" type="int" default="1000">
<description>
Maximum number of requests per post. A value greater than
or equal to zero limits the number
of request lines per POST request.
</description>
</parameter>
</group>
<group name="WWS">
<description>
Winston waveform server (WWS) control parameters. When set,
CAPS will also serve WWS.
</description>
<parameter name="port" type="int">
<description>
Server port for WWS connections. Please note that
inventory information (see AS.inventory) is required to
fully support WWS requests otherwise empty values for
the channel location and unit will be returned.
Default (no value): The WWS interface is disabled.
</description>
</parameter>
<parameter name="maxTimeWindow" type="int" unit="s" default="90000">
<description>
Maximum length of time window in seconds per request.
A value greater than zero limits the maximum request time window
including all data. 0 disables the limit.
</description>
</parameter>
<parameter name="maxRequests" type="int" default="100">
<description>
A value greater than or equal to zero limits the number
of request lines per POST request.
</description>
</parameter>
<parameter name="allow" type="list:string" default="">
<description>
List of IPs which are allowed to access the WWS port.
By default access is unrestricted.
</description>
</parameter>
<parameter name="deny" type="list:string" default="">
<description>
List of IPs which are not allowed to access the WWS port.
By default access is unrestricted.
</description>
</parameter>
</group>
</group>
</configuration>
</module>
</seiscomp>