Apstraサーバー設定ファイル
/etc/aos/aos.conf
コントローラセクション
admin@aos-server:/etc/aos$ cat aos.conf [controller] metadb=eth0 # Role for the controller. Set the option to "slave" in order to setup AOS as a # slave AOS. The options "metadb" and "node_id" should be also set while # setting "role" to "slave" role = controller # Id of the slave node. Empty in case the server is the controller. The ID is # generated by the controller. node_id =
セキュリティセクション
[security] # ***EXPERIMENTAL FEATURE*** This feature should not be enabled without Apstra # engineering assistance. Enable secure connections for AOS system agents. enable_secure_sysdb_connection = 0
[回転丸太]セクション
[logrotate] # AOS has builtin log rotate functionality. You can disable it by setting # <enable_log_rotate> to 0 if you want to use linux logrotate utility to manage # your log files. AOS agent reopens log file on SIGHUP enable_log_rotate = 1 # Log file will be rotated when its size exceeds <max_file_size> max_file_size = 1M # The most recent <max_kept_backups> rotated log files will be saved. Older # ones will be removed. Specify 0 to not save rotated log files, i.e. the log # file will be removed as soon as its size exceeds limit. max_kept_backups = 5 # Interval, specified as <hh:mm:ss>, at which log files are checked for # rotation. check_interval = 1:00:00
Auth Sysdbログ回転子セクション
[auth_sysdb_log_rotator] # AOS has builtin auth sysdb persistence file rotation functionality. Default # value is 1 which means sysdb retention policy is enabled. You can disable it # by setting it to 0 and you also can enable it again by setting it to 1. All # retention policy parameters will be reloaded by restarting AOS service, or # sending SIGHUP signal to SysdbResourceManager agent via "sudo kill -s 1 # $(pgrep -f SysdbResourceManager)" enable_auth_sysdb_rotate = 1 # Maximum number of backup copies of valid auth sysdb persistence file groups # in /var/lib/aos/db. AOS will remove all the older groups. Default value is 5, # which means AOS will keep the latest 5 groups. Min value is 3. It should be # specified as a positive number or empty. Leaving it empty means no groups # number limitation. It will be set to default value if it is configured in # invalid format. It will be set to minimum value if it is configured to a # smaller value. max_kept_backups = 5 # Maximum total size of valid auth sysdb persistence file groups in # /var/lib/aos/db. Default value is empty, which means no size limitation. It # should be specified as empty or a positive number ending with k/m/g (case # insensitive) or no suffix. Otherwise, it will be set to default value. AOS # will keep at least 3 valid groups no matter how <max_total_files_size> being # configured. max_total_files_size = # Interval, specified as <hh:mm:ss>, at which auth sysdb persistence files are # checked for rotation. Default value is 1:00:00. It will be set to default # value is it is configured in invalid format. Min value is 00:01:00. It will # be set to min value if it is configured to a smaller value. AOS also update # all the retention policy parameters per <check_interval> when it is enabled. check_interval = 1:00:00
メインSysdbログ回転子セクション
メイン グラフのデータ ストア保持ポリシーを構成するための 4 つのパラメーター。
[main_sysdb_log_rotator] # AOS has builtin main sysdb persistence file rotation functionality. Default # value is 1 which means sysdb retention policy is enabled. You can disable it # by setting it to 0 and you also can enable it again by setting it to 1. All # retention policy parameters will be reloaded by restarting AOS service, or # sending SIGHUP signal to SysdbResourceManager agent via "sudo kill -s 1 # $(pgrep -f SysdbResourceManager)" enable_main_sysdb_rotate = 1 # Maximum number of backup copies of valid main sysdb persistence file groups # in /var/lib/aos/db. AOS will remove all the older groups. Default value is 5, # which means AOS will keep the latest 5 groups. Min value is 3. It should be # specified as a positive number or empty. Leaving it empty means no groups # number limitation. It will be set to default value if it is configured in # invalid format. It will be set to minimum value if it is configured to a # smaller value. max_kept_backups = 5 # Maximum total size of valid main sysdb persistence file groups in # /var/lib/aos/db. Default value is empty, which means no size limitation. It # should be specified as empty or a positive number ending with k/m/g (case # insensitive) or no suffix. Otherwise, it will be set to default value. AOS # will keep at least 3 valid groups no matter how <max_total_files_size> being # configured. max_total_files_size = # Interval, specified as <hh:mm:ss>, at which main sysdb persistence files are # checked for rotation. Default value is 1:00:00. It will be set to default # value is it is configured in invalid format. Min value is 00:01:00. It will # be set to min value if it is configured to a smaller value. AOS also update # all the retention policy parameters per <check_interval> when it is enabled. check_interval = 1:00:00
enable_main_sysdb_rotate = 1
は、ポリシーを有効または無効にします。
- アイテム保持ポリシーを有効にする場合は 、1 に設定します(デフォルト)。ポリシーが無効になった後に有効にする場合は、Apstraサーバーを再起動して再度有効にする必要があります。
- 保持ポリシーを無効にし、すべてのバックアップを保持するには、 0 に設定します。AOS VMファイルのディスク使用率に関する問題が発生する可能性があります。ポリシーは、次のアイテム保持チェック(
check_interval
)中に無効になります。すぐにポリシーを無効にしない限り、Apstraサーバーを再起動する必要はありません。
max_kept_backups = 5
保存 /var/lib/aos/db
するバックアップの最大数。
- 最新の 5 つのバックアップを保持するには、デフォルトの 5 のままにします。
- バックアップの数を無制限に維持するために、空の文字列に設定します。
- 無効な数値に設定すると、デフォルト値は 5になります。
- 3(最小)より小さい数値に設定すると、最小値は3になります。
max_total_files_size =
保存する最大ファイルグループサイズ /var/lib/aos/db
- サイズ制限がない場合は、空の文字列をデフォルトのままにします。
- 末尾を k、m、g(case-sensitve)、サフィックスなしの数値に設定します。
および max_total_files_size
のmax_kept_backups
効果は累積されます。セキュリティのために、Apstraは、有効なメイングラフデータストアの持続性ファイルを最低3つのグループに保持します。
check_interval = 1:00:00
保持チェックとパラメーターの更新 (ファイルが更新されている場合) 間の時間 (形式: <hh:mm:ss>
)。
- 1 時間ごとにチェックを行う場合は、デフォルトの 1:00:00 のままにします。
- 無効な数値に設定すると、デフォルト値は 1:00:00 になります。
- 00:01:00(最小)より小さい数値に設定すると、最小値は 1:00:00 になります。
資格情報Sysdbログ回転子セクション
[credential_sysdb_log_rotator] # AOS has builtin credential sysdb persistence file rotation functionality. # Default value is 1 which means sysdb retention policy is enabled. You can # disable it by setting it to 0 and you also can enable it again by setting it # to 1. All retention policy parameters will be reloaded by restarting AOS # service, or sending SIGHUP signal to SysdbResourceManager agent via "sudo # kill -s 1 $(pgrep -f SysdbResourceManager)" enable_credential_sysdb_rotate = 1 # Maximum number of backup copies of valid credential sysdb persistence file # groups in /var/lib/aos/db. AOS will remove all the older groups. Default # value is 5, which means AOS will keep the latest 5 groups. Min value is 3. It # should be specified as a positive number or empty. Leaving it empty means no # groups number limitation. It will be set to default value if it is configured # in invalid format. It will be set to minimum value if it is configured to a # smaller value. max_kept_backups = 5 # Maximum total size of valid credential sysdb persistence file groups in # /var/lib/aos/db. Default value is empty, which means no size limitation. It # should be specified as empty or a positive number ending with k/m/g (case # insensitive) or no suffix. Otherwise, it will be set to default value. AOS # will keep at least 3 valid groups no matter how <max_total_files_size> being # configured. max_total_files_size = # Interval, specified as <hh:mm:ss>, at which credential sysdb persistence # files are checked for rotation. Default value is 1:00:00. It will be set to # default value is it is configured in invalid format. Min value is 00:01:00. # It will be set to min value if it is configured to a smaller value. AOS also # update all the retention policy parameters per <check_interval> when it is # enabled. check_interval = 1:00:00
異常Sysdbログ回転子セクション
[anomaly_sysdb_log_rotator] # AOS has builtin anomaly sysdb persistence file rotation functionality. # Default value is 1 which means sysdb retention policy is enabled. You can # disable it by setting it to 0 and you also can enable it again by setting it # to 1. All retention policy parameters will be reloaded by restarting AOS # service, or sending SIGHUP signal to SysdbResourceManager agent via "sudo # kill -s 1 $(pgrep -f SysdbResourceManager)" enable_anomaly_sysdb_rotate = 1 # Maximum number of backup copies of valid anomaly sysdb persistence file # groups in /var/lib/aos/db. AOS will remove all the older groups. Default # value is 5, which means AOS will keep the latest 5 groups. Min value is 3. It # should be specified as a positive number or empty. Leaving it empty means no # groups number limitation. It will be set to default value if it is configured # in invalid format. It will be set to minimum value if it is configured to a # smaller value. max_kept_backups = 5 # Maximum total size of valid anomaly sysdb persistence file groups in # /var/lib/aos/db. Default value is empty, which means no size limitation. It # should be specified as empty or a positive number ending with k/m/g (case # insensitive) or no suffix. Otherwise, it will be set to default value. AOS # will keep at least 3 valid groups no matter how <max_total_files_size> being # configured. max_total_files_size = # Interval, specified as <hh:mm:ss>, at which anomaly sysdb persistence files # are checked for rotation. Default value is 1:00:00. It will be set to default # value is it is configured in invalid format. Min value is 00:01:00. It will # be set to min value if it is configured to a smaller value. AOS also update # all the retention policy parameters per <check_interval> when it is enabled. check_interval = 1:00:00
デバイスイメージ管理セクション
[device_image_management] # Enable version compatibility check. By default version compatibility check is # enabled. A device will not connect to AOS if its version of AOS device agent # is not compatible with AOS controller enable_version_check = 1 # Enable AOS device agent image auto upgrade. By default auto image upgrade is # disabled. With this option enabled a device can download an image from the # controller and upgrade itself if needed. enable_auto_upgrade = 0 # A device will retry in specified timeout (in seconds) if it fails version # compatibility check or to download/install new image. retry_timeout = 600
認証セクション
[authentication] # Enable authentication/authorization check. By default # authentication/authorization is enabled. You can disable it by setting enable # to 0 enable = 1 # Set token expiration time (in seconds). By default token will be expired # after 24 hours (86400 seconds). token_expiration = 86400
デバイス設定管理セクション
[device_config_management] # Setting to push quarantine config to unacknowledged devices. By default it is # disabled as it causes traffic disruptions.Set the value to 1 to enable # pushing quarantine config, which shuts down all interfaces on the device. enable_push_quarantine_config = 0
「Telemetry Init」セクション
[telemetry_init] # Number of initial BGP telemetry update rounds before anomaly detection is # started. bgp = 4 # Number of initial interface telemetry update rounds before anomaly detection # is started. interface = 4 # Number of initial LAG telemetry update rounds before anomaly detection is # started. lag = 4 # Number of initial LLDP telemetry update rounds before anomaly detection is # started. lldp = 4 # Number of initial route telemetry update rounds before anomaly detection is # started. route = 4 # Number of initial MLAG telemetry update rounds before anomaly detection is # started. mlag = 4
テレメトリグローバル設定セクション
[telemetry_global_config] # Python multithreading enable/disable knob for telemetry collection multithreading_config = 1 # Execution timeout for extensible telemetry collectors command_timeout = 120
[タスク API] セクション
[task_api] # Default maximum time in seconds a task can stay in its current state. default_timeout = 600.0 # Time in seconds a blueprint.create task can stay in its current state.Format: # "timeout_<task_type>" timeout_blueprint.create = 360.0 # Time in seconds a blueprint.deploy task can stay in its current state.Format: # "timeout_<task_type>" timeout_blueprint.deploy = 300.0 # Time in seconds blueprint.facade.* tasks can stay in their current state. # Specific facade task overrides prevail over this one.Format: # "timeout_<task_type>" timeout_blueprint.facade = 600.0 # Maximum number of tasks, which allowed in the queue. When number of tasks # becomes higher this value, task rotation will be started. max_tasks_in_queue = 100 # Maximum number of Bytes in data field which does not require compression. If # data size is greater than threshold data will be compressed before storing it # in sysdb. max_uncompressed_data_size = 1000
統計情報セクション
[statistics] # Enable or disable full validation for pod statistics. Disable if Racks and/or # Pods tabs load times are excessive pod_full_validation = enabled