This page is frozen, actual one here.

OpenSCADA server's infrastructure

Founded: Jun 2014 Members: Roman Savochenko Description: OpenSCADA servers infrastructure representing, tracing and managing. Managing task: by the link Funding: 89% from the request, mostly by the Beams&Plasmas

Introduce

The page aimed for server's infrastructure of OpenSCADA project represents, traces and manages.

From begins the OpenSCADA resources hosted on a main server of DIYA Ltd and the server's details and specific were not possible to publish. From 2015 year the OpenSCADA project had own a server and an internet channel thanks mostly to Beams&Plasmas funding. From 2016 year all resources of the project OpenSCADA were moved to the new server and domain name "oscada.org" was switched to it. For the domain name "oscada.org" and it's DNS uses the Hosting Ukraine, the configuration shown in Table 1.

Table 1: Domain "oscada.org" configuration.

1. Hardware and internet channel

The OpenSCADA server located now into a quarter of author of the OpenSCADA system it is Roman Savochenko. For link to the global network (Internet) used a service of Internet provider Kyivstar in Kamjanske city of Ukraine. The provider uses the conception of Fiber To The Building (FTTB) and the internet channel's bandwidth now it is 30Mbit/s. For temporary access (for dynamic IP) used domain name "oscada.dlikddns.com" which allowed yet and next there was registered a static IP 134.249.149.50 to which now connected the main domain "oscada.org". Hardware configuration of the server shown into Table 2:

Table 2: Hardware configuration of the OpenSCADA server.

2. Program environment and services

In base of the program environment used OS Linux distributive Debian 7 (Wheezy). For external services isolation and some other purposes used the OpenVZ lightweight isolation into different Virtual Private Servers (VPS). Into mostly VPS also used Linux distributive Debian 7 (Wheezy), sometime used Debian 8 (Jessie) and ALTLinux T6. Hardware server (HS) it is x86_64 program environment but the VPSs mostly used x86 environment especially for high demanded tasks, as the result we have the memory consumption 1.2GB instead 2GB of even-functional x86_64 pure environment. The program environment structure shown in Figure 1.

Figure 1. OpenSCADA server's network and the program environment structure.

File system of the hardware server (HS) has not a swap partition and has two main mirrored partitions:
- "root (/)": 9.1GB
- "data (/data): 908GB

Besides only VPS containers management by OpenVZ the HS environment also has some services for the external and internal networks:

• SSH: Generic access to the server control by SSH from internal and external.
• PPTP: Secure tunneling. For connection from an external environment to the internal network at all or for remote connection to the connected client.
• NTP: Network time service. For internal and external hosts.
• FTP: Internal network FTP-server for the local data storage access.
• Samba: Internal network SMB-server for the local data storage access.
• AptCacher: APT cacher of new generation (apt-cacher-ng). Serves for unmistakable Live-disks building and used for Debian repositories updating by the http-cacher.
  Service config files: "/etc/apt-cacher-ng/".
  
• AptMirror: APT mirroring (apt-mirror) for need APT-repositories. Serves for unmistakable Live-disks building in use TDE. For now there mirror next repositories:

• AutoBuilder: Automatic OpenSCADA package's builder for LTS and Work versions, by the local Subversion repository check. For details see to the task.
• DNS (Bind9): Internal network domain names server.
  Some time in while lost all forwarders by no external host resolved, possible by DDNS update the original zone file, observed: 17.03.2016
  
• DHCP: Internal network dynamic hosts configuration.
• CUPS: Internal network print service.
• SmartHouse (in process): OpenSCADA-based smart-house and the server's sensors monitoring configuration.

2.1 VPS: FTP

Address: ftp.oscada (192.168.0.10)
Service: exclusively provides a public file-service for OpenSCADA resources. To use the service go to ftp://ftp.oscada.org.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, file server ProFTP.

The FTP has next partial tree with the descriptions:

• "ALTLinux/" — repositories of packages of OS Linux distribution ALTLinux;
• "Debian/" — repositories of packages of OS Linux distribution Debian;
• "Misc/" — misc files;
• "OpenSCADA/" — OpenSCADA project's files;
  • ...
• "books/" — books, wrote by the OpenSCADA project participants, mostly by Roman Savochenko.

2.2 VPS: DB

Address: db.oscada (192.168.0.11)
Service: exclusively provides different DBMS for internal and by VPSes using.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, allowed next DBMS: MySQL, PostgreSQL, FireBird, OpenLDAP (slapd).

Table 2.2: Allowed DBMS and its using.

DBMS	Using
MySQL	TYPO3 (http://oscada.org), WackoWiki (http://wiki.oscada.org), Jabber, some OpenSCADA tests.
PostgreSQL	Some OpenSCADA tests.
FireBird	Some OpenSCADA tests.
OpenLDAP	Jabber users authentication.

2.3 VPS: SVN

Address: svn.oscada (192.168.0.12)
Service: provides the control versions systems.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, allowed next control versions systems: Subversion, CVS.

CVS it is old-deprecated control versions system used up to year 2005 by the OpenSCADA project and some projects of firm DIYA Ltd of it's author Roman Savochenko. For now CVS provides only for the compatibility and supports only guest access: $ cvs -d:pserver:guest@oscada.org:/CVS_R co OpenScada

Subversion it is current control version system using now by the OpenSCADA project. Supported two managing and two display connections:

• In classic way, allowed to manage and anonymous reading/observing. By self service "svn://", for example: $ svn ls svn://oscada.org/trunk/OpenSCADA/
• In secure way by SSH, allowed to manage but only for authorized users. By secure prefix like "svn+oscada://", for example: $ svn ls svn+oscada://oscada.org/mnt/SVN_R/trunk/OpenSCADA
• Through DAV by HTTP, allowed only for anonymous reading/observing. By HTTP prefix "http://", for example: $ svn ls http://oscada.org/svn/trunk/OpenSCADA/
• Through the Web-interface by WebSVN, allowed only for anonymous observing. By the HTTP link.

2.4 VPS: HTTP

Address: http.oscada (192.168.0.13)
Service: provides different HTTP-services which mostly based on Apache2 web-server.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, Apache web-server.

Main configuration file of the virtual hosts placed into "/etc/apache2/sites-available/openscada.conf". EMail configured as simple relay (into file "/etc/postfix/main.cf") to the server's email server, into different VPS.

Table 2.4: Provided HTTP-services.

Name	Description	Notes
phpMyAdmin	DBMS MySQL management by a WEB-interface of phpMyAdmin
phpLDAPadmin	LDAP management by a WEB-interface of phpLDAPadmin
TYPO3 oscada.org oscada.org/typo3	Main OpenSCADA project's site based on the TYPO3 CMS, include an admin Web-interface	The project tree used original and placed into "/var/www/oscada/". The configuration and DB moved from PHP version 5.2 to 5.4 and from TYPO3 version 4.3 to 4.5 LTS. In that reason and the PHP 5.4 significant changes here was some migrations problems into extensions mm_forum, sr_feuser_register and lz_gallery which were fixed. Migration DB commands: $ mysqldump -Q --user=web -p t3_oscada > t3_oscada.sql $ mysql --default-character-set=utf8 --user=web -p t3_oscada < ./t3_oscada.sql Fixed bugs: (2016-04-30) Mail encoding by "quoted-printable" mode some broken especial for header's sequence like "(а)", module "sr_feuser_register"; (2016-04-30) Module "mm_forum" some omit to encode by "quoted-printable" mode at all which causes to messages header like "XXXX", possible into class.tx_mmforum_havealook.php. (2016-11-19) Long enter to FE login by error into last part of addLabelMarkers(). Long enter to BE login by array trim() into TYPO3 cObjGetSingle(), replaced to: if(is_array($name)) array_walk($name, 'trim'); else $name = trim($name);
WackoWIKI wiki.oscada.org	Main OpenSCADA project's knowledge base on WackoWIKI	The project tree used original and placed into "/var/www/oscada/wiki/". The configuration and DB moved from PHP version 5.2 to 5.4 which caused to some problems, at first it is into function htmlspecialchars() and the default charset is UTF-8. The problems mostly fixed before moving to a new version of Wiki-engine. Migration DB commands: $ mysqldump -Q --user=wakka -p oscadawiki > oscadawiki.sql $ mysql --default-character-set=latin1 --user=wakka -p oscadawiki < ./oscadawiki.sql Planed tasks for select, update and migrate.
File server oscada.org/oscadaArch ftp.oscada.org	File service by HTTP of Apache2
WebSVN oscada.org/websvn	Web-interface for manages the Subversion repository of the OpenSCADA project by the WebSVN.	The project tree used original and placed into "/var/www/oscada/websvn/". Config file "/var/www/oscada/websvn/include/config.php" for edit function "addRepository(...)". No a migration problem here was detected.
DAV svn oscada.org/svn	Browsing and observing on the OpenSCADA Subversion repository as file-system on HTTP.
AWStats WWW WWW files WIKI FTP	Visits of the server different statistic by the AWStats.	Original statistic of the old server was saved and attached to the server.

2.5 VPS: Mail

Address: mail.oscada (192.168.0.15)
Service: provides exclusively EMail service.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, SASL, Postfix, Cyrus, Amavis, SpamAssasin, ClamAV, FetchMail.

Table 2.5: Provided EMail-services.

Name	Description	Notes
SASL	Simple Authentication and Security Layer (SASL)	For authentication used the local DB "/etc/sasldb2". For Cyrus IMAP-server the DB pointed direct into the file "/etc/imapd.conf", as line "sasldb_path: /etc/sasldb2". For Postfix here special configured the daemon "saslauthd" into the config file "/etc/default/saslauthd" by lines: MECHANISMS="sasldb" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" Some managing of users and passwords tools' examples: $ sasldblistusers2 # Users list get $ saslpasswd2 roman@server.diya.org # Password set to the user
Cyrus	Internet Message Access Protocol (IMAP) server provides access to personal mail and system-wide bulletin boards through the IMAP protocol, by the project Cyrus. Sieve (server side filters) enabled.	Main config files: "/etc/{cyrus.conf, imapd.conf}". Local DB's folder: "/var/lib/cyrus". User's mails folder: "/var/spool/cyrus/mail". The folders "/var/lib/cyrus" and "/var/spool/cyrus/mail" were taken from the old server and spare mailboxes for OpenSCADA were removed. Some managing of mailboxes tools' examples: $ cyradm --user cyrus localhost # connect as the administator $ cyradm --user roman localhost # connect as the user $ $ sam user/{mbox} cyrus c; dm user/{mbox} # remove {mbox}
Postfix	Send messages service by the Send Message Transport Protocol (SMTP), by Postfix.	Main config files: "/etc/postfix/{master.cf,main.cf}". Local lists and DBs: "/etc/aliases.db", "/etc/postfix/{bcc_map.db, local_recipients.db, mynetworks}". Some managing of DB and the mail queue tools' examples: $ postalias /etc/aliases # Aliases DB update/forming from the original text file $ postmap /etc/postfix/{bcc_map,local_recipients} # DB update/forming from the original text file $ mailq # actual mail queue's messages $ postqueue -f # try now for resend the actual mail queue's messages
Amavis	A Mail Virus and spams Scanner (AMaViS) which for the viruses scan mostly uses ClamAV and for spam uses SpamAssasine.	Main config files folder: "/etc/amavis/conf.d". Viruses and SPAM quarantine folder: "/var/lib/amavis/virusmails". The configuration was taken from old server and provides next policy: For viruses: place to the quarantine and the recipient notify. For SPAM level lesser to 5.0: No SPAM and PASS. For SPAM level lesser to 7.0: Mark as "Possible SPAM" and PASS. For SPAM level lesser to 10.0: Mark as "SPAM" and PASS and quarantine. For SPAM level great to 10.0: Kill the message.
ClamAV	Anti-virus checking by the ClamAV.	Main configuration file: "/etc/clamav/clamd.conf".
SpamAssasin	Anti-spam checking by the SpamAssasin.	Main configuration file: "/etc/spamassassin/local.cf". Training DB: "/var/spool/spamassassin/". Some training tool's examples: $ sa-learn --no-sync --progress --spam /var/tmp/spam # Train for SPAM from the folder /var/tmp/spam $ sa-learn --no-sync --progress --ham /var/tmp/ham # Train for HAM from the folder /var/tmp/ham $ sa-learn --sync # Sync the learning data $ sa-learn --dump magic # See the training results
FetchMail	Fetch mailboxes to the local ones by FetchMail.	Main configuration file: "/etc/fetchmailrc".

2.6 VPS: Jabber

Address: jabber.oscada (192.168.0.16)
Service: provides instant messages server.
Base of the VPS: OS Linux distributive Debian 8 (Jessie) x86, Jabberd2. The VPS was successfully updated from the Debian 7 minimal VPS template but no that VPS of x86 platform allowing for Debian 8.

For users authentication of the instant messages server used LDAP on the VPS "DB". For contacts store used the table "jabberd2" on the DBMS MySQL on the VPS "DB". The configuration and the table "jabberd2" were taken on the old server and successful adapted on the new.

2.7 VPS: ALTLinux32 builder

Address: bldrALT32.oscada (192.168.0.100)
Service: Live-disks and firmwares building environment of the Linux distributive ALTLinux 5 (5.1) and 6 (T6) of the hardware platform x86.
Base of the VPS: OS Linux distributive ALTLinux T6 x86, MKImage.

The VPS contains and provides set of MkImage profiles which mostly used from the AutoBuilder system of OpenSCADA and also allowed for manual its using. Allowed MkImage profiles shown into Table 2.7.

Table 2.7: MkImage profiles.

Profile	Description
mkimage-profiles-5-kdesktop	Live-disk for desktop of ALTLinux 5 (5.1) building. Inactive now!
mkimage-profiles-5-plc	Generic PLC firmwares (tarballs) building profile on ALTLinux 5 (5.1).
mkimage-profiles-5-plc-LP8x81	ICP-DAS PLC firmwares (tarballs) building profile on ALTLinux 5 (5.1).
mkimage-profiles-5-KramMill	Project's "ACS TP of the ball mills "ШБМ 287/410" of the boiler "БКЗ 160–100 ПТ"" Live/Install/Service disk.
mkimage-profiles-6-kdesktop	Live-disk for desktop of ALTLinux 6 (T6) building, includes OpenSCADA and KDE 3.5.13.2.
mkimage-profiles-6-plc	Generic PLC firmwares (tarballs) building profile on ALTLinux 6 (T6).
mkimage-profiles-6-plc-LP8x81	ICP-DAS PLC firmwares (tarballs) building profile on ALTLinux 6 (T6).
mkimage-profiles-6-bagley	Project's "Bagley Coke Boiler #1 dispatching system (will be soon prepared)?" Live/Install/Service disk.
mkimage-profiles-6-KramWater	Project's "Kramatorsk Water (will be soon prepared)" Live/Install/Service disk.

For the Live-disks unmistakable building the original packages repositories of ALTLinux 5 and 6 located in the server and it is regular mirroring performed. By the OpenSCADA project in different times was created a self repository of packages included builds of the OpenSCADA packages and other programs with fixings and renewals, for details see to the Automation Linux distributive of the project OpenSCADA. Next actual repositories for ALTLinux allowed on the OpenSCADA server:

• ALTLinux 5.1:
  • "rpm ftp://ftp.oscada.org/ALTLinux/5/branch i586 classic" — classic packages of the i586 architecture;
  • "rpm ftp://ftp.oscada.org/ALTLinux/5/branch noarch classic" — classic packages of independent from an architecture;
  • "rpm ftp://ftp.oscada.org/ALTLinux/5 openscada main" — repository of OpenSCADA packages.
• ALTLinux T6:
  • "rpm ftp://ftp.oscada.org/ALTLinux/6/branch i586 classic" — classic packages of the i586 architecture;
  • "rpm ftp://ftp.oscada.org/ALTLinux/6/branch i586 debuginfo" — debug information packages of the i586 architecture;
  • "rpm ftp://ftp.oscada.org/ALTLinux/6/branch noarch classic" — classic packages of independent from an architecture;
  • "rpm ftp://ftp.oscada.org/ALTLinux/6 openscada main" — repository of OpenSCADA packages.

2.8 VPS: Debian{8,9} builder

Address: bldrDeb8.oscada (192.168.0.101), bldrDeb9.oscada (192.168.0.102)
Service: Live-disks and firmwares building environment of the Linux distributive Debian 7 and 8 of the hardware platforms x86 and x86_64.
Base of the VPS: OS Linux distributive Debian 8 (Jessie) x86_64, Live System Build Components (live-build).

The VPS contains and provides set of the Live System Build configurations which mostly used from the AutoBuilder system of OpenSCADA and also allowed for manual its using. Some pure ToolChain-based builds located into the VPS. Allowed "Live System Build" configurations and toolchains shown into Table 2.8.

Table 2.8: Live System Build configurations

Configuration	Description
ICP_DAS_LP_ARM	ToolChain of arm-xscale-linux-gnu of OpenSCADA builds for ICP-DAS PLC series LP of ARM hardware architecture.
SMH2Gi	ToolChain of arm-v5te-linux-gnueabi of OpenSCADA builds for Segnetics SMH2Gi PLC.
live7-32	"Live System Build" configuration of Debian 7 live-disk building with OpenSCADA and TDE for hardware platform x86.
live7-64	"Live System Build" configuration of Debian 7 live-disk building with OpenSCADA and TDE for hardware platform x86_64.
live8-32	"Live System Build" configuration of Debian 8 live-disk building with OpenSCADA and TDE for hardware platform x86.
live8-64	"Live System Build" configuration of Debian 8 live-disk building with OpenSCADA and TDE for hardware platform x86_64.
live9-32	"Live System Build" configuration of Debian 9 live-disk building with OpenSCADA and TDE for hardware platform x86.
live9-64	"Live System Build" configuration of Debian 9 live-disk building with OpenSCADA and TDE for hardware platform x86_64.
live8-32_KramMill	"Live System Build" configuration of the project "Kramatorsk mills" Debian 8 live-disk building with OpenSCADA and TDE for the hardware platform x86.
live-PLC	"Live System Build" configuration of Generic PLC environment. Unfinished yet!

For the Live-disks unmistakable building the original packages repositories of Debian 7 and 8 cached on the server by "APT cacher of new generation" and some repositories like Trinity DE are located on the server and it is regular mirroring performed by "APT mirror". By the OpenSCADA project was created a self repository of packages included builds of the OpenSCADA packages and other programs with fixings and renewals, for details see to the Automation Linux distributive of the project OpenSCADA. Next actual repositories for Debian cached and placed on the OpenSCADA server:

• Debian 7:
  • "deb http://ftp.ua.debian.org/debian/ wheezy main non-free contrib" — cached main, non-free and contribute packages of Debian;
  • "deb http://ftp.ua.debian.org/debian/ wheezy-updates main non-free contrib" — cached main, non-free and contribute packages of Debian updates;
  • "deb http://ftp.ua.debian.org/debian/ wheezy-backports main non-free contrib" — cached main, non-free and contribute packages of Debian backports;
  • "deb http://ftp.ua.debian.org/debian-security/ wheezy/updates main non-free contrib" — cached main, non-free and contribute packages of Debian security updates;
  • "deb ftp://oscada.org/Debian/7/trinity-sb/ wheezy main-r14 deps-r14" — located main and dependents packages of Trinity DE R14 for Debian;
  • "deb ftp://oscada.org/Debian/7/openscada/ ./" — repository of OpenSCADA packages.
• Debian 8:
  • "deb http://ftp.ua.debian.org/debian/ jessie main non-free contrib" — cached main, non-free and contribute packages of Debian;
  • "deb http://ftp.ua.debian.org/debian/ jessie-updates main non-free contrib" — cached main, non-free and contribute packages of Debian updates;
  • "deb http://ftp.ua.debian.org/debian/ jessie-backports main non-free contrib" — cached main, non-free and contribute packages of Debian backports;
  • "deb http://ftp.ua.debian.org/debian-security/ jessie/updates main non-free contrib" — cached main, non-free and contribute packages of Debian security updates;
  • "deb ftp://oscada.org/Debian/8/trinity-sb/ jessie main-r14 deps-r14" — located main and dependents packages of Trinity DE R14 for Debian;
  • "deb ftp://oscada.org/Debian/8/openscada/ ./" — repository of OpenSCADA packages.
• Debian 9:
  • "deb http://ftp.ua.debian.org/debian/ stretch main non-free contrib" — cached main, non-free and contribute packages of Debian;
  • "deb http://ftp.ua.debian.org/debian/ stretch-updates main non-free contrib" — cached main, non-free and contribute packages of Debian updates;
  • "deb http://ftp.ua.debian.org/debian/ stretch-backports main non-free contrib" — cached main, non-free and contribute packages of Debian backports;
  • "deb http://ftp.ua.debian.org/debian-security/ stretch/updates main non-free contrib" — cached main, non-free and contribute packages of Debian security updates;
  • "deb ftp://oscada.org/Debian/9/trinity-sb/ stretch main-r14 deps-r14" — located main and dependents packages of Trinity DE R14 for Debian;
  • "deb ftp://oscada.org/Debian/9/openscada/ ./" — repository of OpenSCADA packages.

2.9 VPS: OpenSCADA models

Address: oscadaModels.oscada (192.168.0.110)
Service: OpenSCADA models of automation systems execution and the Web-based external access providing.
Base of the VPS: OS Linux distributive Debian 7 (Wheezy) x86, OpenSCADA.

All the OpenSCADA models were prepared for no any modified installation provide and easy its deploy besides some specific passwords setting into the config file. For now prepared and executed next models:

• AGLKS: http://oscada.org:10002
• Boiler: http://oscada.org:10003

Links