From OpenSCADAWiki
Jump to: navigation, search
Name Founded Status Members Description Icon
OpenSCADA project server and hosting infrastructure Jun 2014 Mostly done Roman Savochenko OpenSCADA servers infrastructure representing, tracing and managing. Server net.png

The page aimed for server's infrastructure of OpenSCADA project representing, tracing and managing.

From begin of OpenSCADA its resources hosted on a main server of DIYA Ltd and the server's details and specific were not suitable to publish. From 2015 year the OpenSCADA project had own a server and an internet channel thanks mostly to Beams&Plasmas funding. From 2016 year all resources of the project OpenSCADA were moved to the new server and domain name "oscada.org" was switched to it and for its DNS there uses the Hosting Ukraine, the configuration shown in Table 1.

Table 1: Domain "oscada.org" configuration.

Property Old value Current value
Name Server 1 NS0.XNAME.ORG NS1.FASTDNS.HOSTING
Name Server 2 NS1.UKRAINE.COM.UA NS2.FASTDNS.HOSTING
Name Server 3 NS2.UKRAINE.COM.UA NS3.FASTDNS.HOSTING
oscada.org. 82.207.88.73 134.249.149.50
ftp 82.207.88.73 134.249.149.50
wiki 82.207.88.73 134.249.149.50
mail 82.207.88.73 134.249.149.50
www 82.207.88.73 134.249.149.50

1 Hardware and internet channel

The OpenSCADA server located now into a quarter of the author of the OpenSCADA system it is Roman Savochenko. For link to the global network (Internet) used a service of the Internet provider Kyivstar in Kamjanske city of Ukraine. The provider uses the conception of Fiber To The Building (FTTB) and the internet channel's bandwidth now it is 30Mbit/s. The main domain-name "oscada.org" is connected now to the static IP 134.249.149.50. Hardware configuration of the server shown up into Table 2:

Table 2: Hardware configuration of the OpenSCADA server.

Name Configuration Notes
CPU AMD Phenom(tm) II X4 900e that was purchased as used one instead of the original one Athlon 64 X2 (too weak) and the brand new one A8-6500, TDP 65W
MB ASUS M2NPV-VM, Socket AM2 used but a hard tested one and reliable one solution, instead purchased specially one of the brand new MB MSI A88X-G41 PC Mate
Chipset NVIDIA GeForce 6150 + nForce 430 MCP
Memory 3GB (DDR2-800) original ones for the MB
HDD 1TB, RAID1 (ST1000VM002+WD10EZRX) brand new ones, low power consumption ones, heating about +8°C ones, for changing from 2xDT01ACA050
Power Supply Cooler Master 400W brand new one
Case MidiTower, ATX used one
UPS PowerCom INF-800 + AB 60Ah brand new one, has an external battery 60Ah, has measured internal consumption 23...30W, has measured effectiveness 61% (40 from 60Ah), has the output form as a clean sine curve.

2 Program environment and services

The program environment in base uses the OS Linux distributive Debian 7 (Wheezy). For external services isolation and some other purposes there uses the OpenVZ lightweight isolation into different Virtual Private Servers (VPS). Into the mostly VPS there also uses the Linux distributive Debian 7 (Wheezy), sometime there uses Debian 8 (Jessie) and ALTLinux T6. Hardware server (HS) is the x86_64 program environment but the VPSs mostly use the x86 environment especially for highly demanded tasks, as the result we have overall memory consumption of the server about 1.2GB instead 2GB of an even-functional x86_64 pure environment. The program environment structure shown in Figure 1.

Figure 1. OpenSCADA server's network and the program environment structure.

File system of the hardware server (HS) has not a swap partition and has two main mirrored partitions:

  • "root (/)": 9.1GB
  • "data (/data): 908GB

Besides only VPS containers management by OpenVZ the HS environment also has some services for the external and internal networks:

  • SSH: Generic access to the server control by SSH from internal and external.
  • PPTP: Secure tunneling. For connection from an external environment to the internal network at all or for remote connection to the connected client.
  • NTP: Network time service. For internal and external hosts.
  • FTP: Internal network FTP-server for the local data storage access.
  • Samba: Internal network SMB-server for the local data storage access.
  • AptCacher: APT cacher of new generation (apt-cacher-ng). Serves for unmistakable Live-disks building and used for Debian repositories updating by the http-cacher.
Service config files: "/etc/apt-cacher-ng/".
  • AptMirror: APT mirroring (apt-mirror) for need APT-repositories. Serves for unmistakable Live-disks building in use TDE. For now there mirror next repositories:
deb http://mirror.xcer.cz/trinity-sb/ jessie main-r14 deps-r14
deb-i386 http://mirror.xcer.cz/trinity-sb/ jessie main-r14 deps-r14
deb http://mirror.xcer.cz/trinity-sb/ wheezy main-r14 deps-r14
deb-i386 http://mirror.xcer.cz/trinity-sb/ wheezy main-r14 deps-r14
deb http://mirror.xcer.cz/trinity-sb/ stretch main-r14 deps-r14
deb-i386 http://mirror.xcer.cz/trinity-sb/ stretch main-r14 deps-r14
  • AutoBuilder: Automatic OpenSCADA package's builder for LTS and Work versions of OpenSCADA, by the local Subversion repository check.
  • DNS (Bind9): Internal network domain names server.
At.png Some time it is in lost all forwarders by no external host resolved, possible after DDNS update the original zone file, observed: 17.03.2016
  • DHCP: Hosts of the internal network dynamic configuration.
  • CUPS: Print service of the internal network.
  • SmartHouse: smart-house and sensors monitoring based on OpenSCADA of the server.

2.1 VPS: FTP

Address: ftp.oscada (192.168.0.10)
Service: exclusively provides a public file-service for OpenSCADA resources.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, file server ProFTP.

This FTP has next partial tree with the descriptions:

  • "ALTLinux/" — repositories of packages of the OS Linux distribution ALTLinux;
  • "Debian/" — repositories of packages of the OS Linux distribution Debian;
  • "Misc/" — misc files;
  • "OpenSCADA/" — files of the OpenSCADA project;
    • ...
  • "books/" — books, wrote by participants of the OpenSCADA project, mostly by Roman Savochenko.

2.2 VPS: DB

Address: db.oscada (192.168.0.11)
Service: exclusively provides different DBMS to use internally and by the VPSes.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, provides next DBMS: MySQL, PostgreSQL, FireBird, OpenLDAP (slapd).

Table 2.2: Allowed DBMS and their using.

DBMS Using
MySQL TYPO3 (http://oscada.org), MediaWiki (http://oscada.org/wiki), WackoWiki (http://wiki.oscada.org), Jabber, some OpenSCADA tests.
PostgreSQL Some OpenSCADA tests.
FireBird Some OpenSCADA tests.
OpenLDAP Jabber users authentication and some OpenSCADA tests.

2.3 VPS: SVN

Address: svn.oscada (192.168.0.12)
Service: provides the control versions systems.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, provides next control versions systems: Subversion, CVS.

CVS is an old-deprecated control versions system used up to year 2005 by the OpenSCADA project and some projects of firm DIYA Ltd of their author Roman Savochenko. For now CVS is provided only for the compatibility and it supports only guest access: $ cvs -d:pserver:guest@oscada.org:/CVS_R co OpenScada

Subversion is current control version system using now by the OpenSCADA project. It supports two managing and two display connections:

  • In classic way, it allows managing and anonymous reading/observing, by self service "svn:", for example: $ svn ls svn:oscada.org/trunk/OpenSCADA/
  • In secure way by SSH, it allows managing but only for authorized users, by a secure prefix like "svn+oscada:", for example: $ svn ls svn+oscada:oscada.org/mnt/SVN_R/trunk/OpenSCADA
  • Through DAV by HTTP, it allows only anonymous reading/observing, by HTTP prefix "http://", for example: $ svn ls http://oscada.org/svn/trunk/OpenSCADA/
  • Through Web-interface of WebSVN, it allows only anonymous observing.

2.4 VPS: HTTP

Address: http.oscada (192.168.0.13)
Service: provides different HTTP-services which mostly based on Apache2 web-server.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, Apache web-server.

Main configuration file of the virtual hosts placed into "/etc/apache2/sites-available/openscada.conf". EMail was configured as a simple relay (into file "/etc/postfix/main.cf") to an email server of the server into different VPS.

Table 2.4: Provided HTTP-services.

Name Description Notes
phpMyAdmin DBMS MySQL management by a WEB-interface of phpMyAdmin
phpLDAPadmin LDAP management by a WEB-interface of phpLDAPadmin

TYPO3
http://oscada.org
http://oscada.org/typo3

Main site of the project OpenSCADA based on the CMS "TYPO3", including an admin Web-interface of the CMS.

This project tree used in original and placed into "/var/www/oscada/".
This configuration and DB moved from PHP version 5.2 to 5.4 and from TYPO3 version 4.3 to 4.5 LTS. In that reason and by PHP 5.4 has significant changes there were some migrations problems into extensions of the CMS: mm_forum, sr_feuser_register and lz_gallery which were fixed.
Commands of migration of the DB:

$ mysqldump -Q --user=web -p t3_oscada > t3_oscada.sql
$ mysql --default-character-set=utf8 --user=web -p t3_oscada < ./t3_oscada.sql

Fixed bugs:

  • (2016-04-30) Mail encoding by "quoted-printable" mode some broken especial for header's sequence like "(а)", module "sr_feuser_register";
  • (2016-04-30) Module "mm_forum" some omits to encode for "quoted-printable" mode at all which causes to messages' headers like "XXXX", possible into class.tx_mmforum_havealook.php.
  • (2016-11-19) Long enter to FE login by an error into last part of addLabelMarkers(). Long enter to BE login by array trim() into TYPO3 cObjGetSingle(), replaced to:
if(is_array($name)) array_walk($name, 'trim');
else $name = trim($name);

MediaWIKI
http://oscada.org/wiki

New one of the main OpenSCADA project's knowledge base on MediaWIKI

This project tree used in original and placed into "/var/www/oscada/wiki/".
There installed version 1.26.4 of MediaWiki but PHP 5.4 have used.
At.png Known problems of the Wiki:

  • Not too high performance for work with too big articles about 200KB size and mostly into their translation where we have:
    • missing of proper translation blocks creation;
    • missing of marking of blocks needed to the translation update.

WackoWIKI
http://wiki.oscada.org

Old one of the main OpenSCADA project's knowledge base on WackoWIKI

This project tree used original and placed into "/var/www/oscada/wacko/".
This configuration and DB moved from PHP version 5.2 to 5.4 which caused to some problems, at first it is into function htmlspecialchars() and the default charset is UTF-8. These problems mostly fixed before moving to a new Wiki-engine.
Commands of migration of the DB:

$ mysqldump -Q --user=wakka -p oscadawiki > oscadawiki.sql
$ mysql --default-character-set=latin1 --user=wakka -p oscadawiki < ./oscadawiki.sql

At.png Planed tasks for select, update and migrate.

File server
http://oscada.org/oscadaArch/
http://ftp.oscada.org/

File service by HTTP of Apache2

WebSVN
http://oscada.org/websvn

Web-interface for manages the Subversion repository of the OpenSCADA project by the WebSVN.

This project tree used in original and placed into "/var/www/oscada/websvn/".
Configuration file "/var/www/oscada/websvn/include/config.php" for edit function "addRepository(...)".
No migration problems here was detected.

DAV svn
http://oscada.org/svn

Browsing and observing on the OpenSCADA Subversion repository as a file-system on HTTP.

AWStats
WWW
WWW files
WIKI
FTP

Visits of the server different statistic by the AWStats. Original statistic of the old server was saved and attached to the new server.

2.5 VPS: Mail

Address: mail.oscada (192.168.0.15)
Service: provides exclusively EMail service.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, SASL, Postfix, Cyrus, Amavis, SpamAssasin, ClamAV, FetchMail.

Table 2.5: Provided EMail-services.

Name Description Notes
SASL Simple Authentication and Security Layer (SASL)

For authentication there is used the local DB "/etc/sasldb2".
For Cyrus IMAP-server the DB pointed directly into the file "/etc/imapd.conf", as line "sasldb_path: /etc/sasldb2".
For Postfix there specially configured the daemon "saslauthd" into the config file "/etc/default/saslauthd" by lines:

MECHANISMS="sasldb"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Examples of tools of managing of users and passwords:

$ sasldblistusers2 # Get users list
$ saslpasswd2 roman@server.diya.org # Set password for the user
Cyrus Internet Message Access Protocol (IMAP) server provides access to personal mail and system-wide bulletin boards through the IMAP protocol, by the project Cyrus. Sieve (server side filters) enabled.

Main config files: "/etc/{cyrus.conf, imapd.conf}".
Folder of the Local DB: "/var/lib/cyrus".
Folder of the user's mail: "/var/spool/cyrus/mail".
Folder "/var/lib/cyrus" and "/var/spool/cyrus/mail" were taken from the old server and spare mailboxes for OpenSCADA were removed.
Examples of tools of managing of users and passwords:

$ cyradm --user cyrus localhost    # connect as the administator
$ cyradm --user roman localhost    # connect as the user
$ $ sam user/{mbox} cyrus c; dm user/{mbox}   # remove {mbox}
Postfix Send messages service by the Send Message Transport Protocol (SMTP), by Postfix.

Main config files: "/etc/postfix/{master.cf,main.cf}".
Local lists and DBs: "/etc/aliases.db", "/etc/postfix/{bcc_map.db, local_recipients.db, mynetworks}".
Examples of tools of managing of users and passwords:

$ postalias /etc/aliases   # DB of aliases updating/forming from the original text file
$ postmap /etc/postfix/{bcc_map,local_recipients}   # DB updating/forming from the original text file
$ mailq           # Queue of messages of actual emails
$ postqueue -f    # Try now for resend the actual emails of the messages queue
Amavis A Mail Virus and spams Scanner (AMaViS) which for the viruses scan mostly uses ClamAV and for spam uses SpamAssasine.

Folder of the main config files: "/etc/amavis/conf.d".
Folder of quarantine viruses and SPAM: "/var/lib/amavis/virusmails".
This configuration was taken from old server and provides next policy:

  • For viruses: place to the quarantine and the recipient notify.
  • For SPAM level lesser to 5.0: No SPAM and PASS.
  • For SPAM level lesser to 7.0: Mark as "Possible SPAM" and PASS.
  • For SPAM level lesser to 10.0: Mark as "SPAM" and PASS and quarantine.
  • For SPAM level great to 10.0: Kill the message.
ClamAV Anti-virus checking by the ClamAV. Main configuration file: "/etc/clamav/clamd.conf".
SpamAssasin Anti-spam checking by the SpamAssasin.

Main configuration file: "/etc/spamassassin/local.cf".
Training DB: "/var/spool/spamassassin/".
Examples of tools of managing of users and passwords:

$ sa-learn --no-sync --progress --spam /var/tmp/spam    # Train for SPAM from the folder /var/tmp/spam
$ sa-learn --no-sync --progress --ham /var/tmp/ham      # Train for HAM from the folder /var/tmp/ham
$ sa-learn --sync    # Sync the learning data
$ sa-learn --dump magic    # See the training results
FetchMail Fetch for external mailboxes to the local ones by FetchMail. Main configuration file: "/etc/fetchmailrc".

2.6 VPS: Jabber

Address: jabber.oscada (192.168.0.16)
Service: provides instant messages server.
Base of the VPS: OS Linux distributive Debian 8 (Jessie) x86, Jabberd2. This VPS was successfully updated from the Debian 7 minimal VPS template but that VPS is not allowed for x86 platform for Debian 8.

For users authentication of the instant messages server used LDAP on the VPS "DB". For contacts storing it used the table "jabberd2" on the DBMS MySQL on the VPS "DB". The configuration and the table "jabberd2" were taken on the old server and successfully adapted to the new one.

2.7 VPS: ALTLinux32 builder

Address: bldrALT32.oscada (192.168.0.100)
Service: Live-disks and firmwares building environment of the Linux distributive ALTLinux 5 (5.1) and 6 (T6) of the hardware platform x86.
Base of the VPS: OS Linux distributive ALTLinux T6 x86, MKImage.

This VPS contains and provides set of MkImage profiles which mostly used from the AutoBuilder system of OpenSCADA and also allowed for manual their using. Allowed MkImage profiles shown into Table 2.7.

Table 2.7: MkImage profiles.

Profile Description
mkimage-profiles-5-kdesktop Live-disk for desktop of ALTLinux 5 (5.1) building. Inactive now!
mkimage-profiles-5-plc Generic PLC firmwares (tarballs) building profile on ALTLinux 5 (5.1).
mkimage-profiles-5-plc-LP8x81 ICP-DAS PLC firmwares (tarballs) building profile on ALTLinux 5 (5.1).
mkimage-profiles-5-KramMill Live/Install/Service disk of the project "ACS TP of the ball mills "ШБМ 287/410" of the boiler "БКЗ 160–100 ПТ"".
mkimage-profiles-6-kdesktop Live-disk for desktop of ALTLinux 6 (T6) building, includes OpenSCADA and KDE 3.5.13.2.
mkimage-profiles-6-plc Generic PLC firmwares (tarballs) building profile on ALTLinux 6 (T6).
mkimage-profiles-6-plc-LP8x81 ICP-DAS PLC firmwares (tarballs) building profile on ALTLinux 6 (T6).
mkimage-profiles-6-bagley Live/Install/Service disk of the project "Bagley Coke Boiler #1 dispatching system (will be soon prepared)".
mkimage-profiles-6-KramWater Live/Install/Service disk of the project "Kramatorsk Water (will be soon prepared)".

For the Live-disks unmistakable building the original packages repositories of ALTLinux 5 and 6 located on the server. By the OpenSCADA project in different times was created a self repository of packages included builds of the OpenSCADA packages and other programs with fixings and renewals, for details see to the Automation Linux distributive of the project OpenSCADA. Next actual repositories for ALTLinux allowed on the OpenSCADA server:

2.8 VPS: Debian{8,9} builder

Address: bldrDeb8.oscada (192.168.0.101), bldrDeb9.oscada (192.168.0.102)
Service: Live-disks and firmwares building environment of the Linux distributive Debian 7 and 8 of the hardware platforms x86 and x86_64.
Base of the VPS: OS Linux distributive Debian 8 (Jessie) x86_64, Live System Build Components (live-build).

This VPS contains and provides set of the Live System Build configurations which mostly used from the AutoBuilder system of OpenSCADA and also allowed for manual their using. Some pure ToolChain-based builds located into the VPS. Allowed "Live System Build" configurations and toolchains shown into Table 2.8.

Table 2.8: Live System Build configurations

Configuration Description
ICP_DAS_LP_ARM ToolChain of arm-xscale-linux-gnu of OpenSCADA builds for ICP-DAS PLC series LP of ARM hardware architecture.
SMH2Gi ToolChain of arm-v5te-linux-gnueabi of OpenSCADA builds for Segnetics SMH2Gi PLC.
live7-32 "Live System Build" configuration of Debian 7 live-disk building with OpenSCADA and TDE for hardware platform x86.
live7-64 "Live System Build" configuration of Debian 7 live-disk building with OpenSCADA and TDE for hardware platform x86_64.
live8-32 "Live System Build" configuration of Debian 8 live-disk building with OpenSCADA and TDE for hardware platform x86.
live8-64 "Live System Build" configuration of Debian 8 live-disk building with OpenSCADA and TDE for hardware platform x86_64.
live9-32 "Live System Build" configuration of Debian 9 live-disk building with OpenSCADA and TDE for hardware platform x86.
live9-64 "Live System Build" configuration of Debian 9 live-disk building with OpenSCADA and TDE for hardware platform x86_64.
live8-32_KramMill "Live System Build" configuration of the project "Kramatorsk mills" Debian 8 live-disk building with OpenSCADA and TDE for the hardware platform x86.
live-PLC "Live System Build" configuration of the generic PLC environment. Unfinished yet!

For the Live-disks unmistakable building the original packages repositories of Debian 7, 8 and 9 cached on the server by "APT cacher of new generation" and some repositories like Trinity DE are located on the server and the regular mirroring performed by "APT mirror". By the OpenSCADA project was created a self repository of packages included builds of the OpenSCADA packages and other programs with fixings and renewals, for details see to the Automation Linux distributive of the project OpenSCADA. Next actual repositories for Debian cached and placed on the OpenSCADA server:

2.9 VPS: OpenSCADA models

Address: oscadaModels.oscada (192.168.0.110)
Service: OpenSCADA models of automation systems execution and the Web-based external access providing.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, OpenSCADA.

All the OpenSCADA models were prepared for no modified installation provides and easy their deploy besides some specific passwords setting into the config file. For now there next models prepared and executed: