Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
en:documentation:08_technical_reference:09_tentacle [2021/04/26 17:56]
admscopia ↷ Página movida y renombrada de pandora:documentation_en:tentacle a en:documentation:08_technical_reference:09_tentacle
en:documentation:08_technical_reference:09_tentacle [2021/12/14 12:51]
jimmy.olano [Satellite server] Boleto GitLab # 7803 ticket.
Line 1: Line 1:
-====== Pandora:Documentation_en:Tentacle ======+====== Tentacle protocol specifications ====== 
 +{{indexmenu_n>9}}
  
-[[Pandora:Documentation_en|Go back to Pandora FMS documentation index]]+[[en:documentation:start|Go back to Pandora FMS documentation index]]
  
  
-====== About Tentacle =====+===== About Tentacle =====
-Tentacle is a client/server file transfer protocol that is:+
  
-  * Safe by design.+**Tentacle** is a client/server file transfer protocol that is: 
 + 
 +   * Safe by design.
   * Easy to use and integrate with other tools.   * Easy to use and integrate with other tools.
   * Versatile and cross-platform.   * Versatile and cross-platform.
  
-Tentacle was created to replace more complex tools like SCP and FTP for simple file transfer/retrieval, and switch from less safe authentication systems like **.netrc**, as well as automated interactive logins with **expect**, and SSH keys, to start using a certification based on the standard X.509, using certificates.+**Tentacle**  was created to replace more complex tools like [[wp>Secure copy protocol|SCP]] / [[wp>Secure Shell|SSH]] and [[wp>File Transfer Protocol|FTP]] for simple file transfer/retrieval, and switch from less safe authentication systems like [[wp>Berknet|.netrc]], as well as automated interactive logins with [[wp>Expect|expect]], and SSH keys, to start using a certification based on the standard [[wp>X.509]], using certificates.
  
-The client and server are designed to be run from the command line or called from a shellscript. Since [[https://pandorafms.com/blog/good-old-style-documentation-manpages/|2008]], Tentacle is the default file transfer method for Pandora FMS, replacing SCP. +The client and server are designed to be run from the command line or called from a shellscript. Since [[https://pandorafms.com/blog/good-old-style-documentation-manpages/|2008]], **Tentacle**  is the default file transfer method for **Pandora FMS**, replacing SCP.
  
-Tentacle is implemented in Perl and ANSI C (Windows platforms included).+Tentacle is implemented in [[wp>Perl]] and [[wp>ANSI C]] (MS Windows® platforms included).
  
 You can download it and find more information at the [[http://tentacled.sourceforge.net|official Sourceforge project website]]. You can download it and find more information at the [[http://tentacled.sourceforge.net|official Sourceforge project website]].
  
-====== Documentation ====== 
-  * [[Pandora:Documentation_en:Tentacle:UserGuide|**Tentacle User Guide GNU/Linux**]] 
-  * [[Pandora:Documentation_en:Tentacle:WindowsGuide|**Tentacle Windows Guide**]] 
-  * [[Pandora:Documentation_en:Tentacle:Protocol|**Tentacle Protocol Definition**]] 
-  * [[Pandora:Documentation_en:Tentacle:OpenSSLCertificates|**OpenSSL Certificates Quick Guide**]] 
-  * [[Pandora:QuickGuides_EN:Secure_communication_with_tentacle|**Secure communication with tentacle**]] 
-  * [[Pandora:Documentation_en:Tentacle:CrossCompoling|**Cross-compiling the Windows client from Linux**]] 
  
-[[Category: Tentacle]]+===== Documentation ===== 
 + 
 +  * [[:pandora:documentation_en:tentacle:userguide|**Tentacle User Guide GNU/Linux**]] 
 +  * [[:pandora:documentation_en:tentacle:windowsguide|**Tentacle Windows Guide**]] 
 +  * [[:pandora:documentation_en:tentacle:protocol|**Tentacle Protocol Definition**]] 
 +  * [[:pandora:documentation_en:tentacle:opensslcertificates|**OpenSSL Certificates Quick Guide**]] 
 +  * [[:en:quickguides:secure_communication_with_tentacle|**Secure communication with tentacle**]] 
 +  * [[:pandora:documentation_en:tentacle:crosscompoling|**Cross-compiling the Windows client from Linux**]] 
 + 
 +  * Tentacle User Guide. 
 + 
 +===== Tentacle User Guide ===== 
 + 
 +==== Installing the PERL version ==== 
 + 
 +The process consists on downloading the source code through [[https://subversion.apache.org/|Apache® Subversion®]] (**svn**) and compile it. To that end, you will need to have admin or //root// rights (in this documentation they are the lines that start with the numeral character ''#'' ). **You** are the sole responsible for said key. 
 + 
 +To install **both** the client and the server version run: 
 +<file> 
 + 
 + $ svn co http://svn.code.sf.net/p/tentacled/code/trunk/perl/ tentacle 
 + $ cd tentacle 
 + $ perl Makefile.PL 
 + $ make 
 + # make install 
 + 
 +</file> 
 + 
 +To install just the client, run: 
 + 
 +<file> 
 + $ svn co http://svn.code.sf.net/p/tentacled/code/trunk/perl/client 
 + $ cd client 
 + $ perl Makefile.PL 
 + $ make 
 + # make install 
 + 
 +</file> 
 + 
 +To install just the server, run: 
 + 
 +<file> 
 + $ svn co http://svn.code.sf.net/p/tentacled/code/trunk/trunk/perl/server 
 + $ cd server 
 + $ perl Makefile.PL 
 + $ make 
 + # make install 
 + 
 +</file> 
 + 
 +If you want to install to a custom location, replace: 
 + 
 +<file> 
 + $ perl Makefile.PL 
 + 
 +</file> 
 + 
 +by: 
 + 
 +<file> 
 + $ perl Makefile.PL PREFIX=/ubication 
 + 
 +</file> 
 +=== Manual Installation === 
 + 
 +If **make** is not available in your system, you can manually copy the files ''tentacle_client'' and ''tentacle_server'' to the appropriate place (for example, ''/usr/local/bin''). 
 + 
 +In this case, if the Perl binary is not located at ''/usr/bin/perl'' edit both files and change the first line so that it points to the right path where the Perl binary is. So, for instance, replace ''ubication'' by the Perl location in the system to be installed. 
 +<file> 
 +#!/ubication/perl 
 + 
 +</file> 
 +==== Installing the C version ==== 
 + 
 +=== Installing from SVN === 
 + 
 +Bearing in mind the prior section, to install the Tentacle client, run: 
 + 
 +<file> 
 + $ svn co http://svn.code.sf.net/p/tentacled/code/trunk/c/ tentacle 
 + $ cd tentacle 
 + $ ./configure 
 + $ make 
 + # make install 
 + 
 +</file> 
 + 
 +Make sure to check the configure output for errors, missing headers etc. 
 + 
 +To disable OpenSSL support, enabled by default, replace: 
 + 
 +<file> 
 +$ ./configure 
 + 
 +</file> 
 + 
 +by: 
 + 
 +<file> 
 +$ ./configure –disable-ssl 
 + 
 +</file> 
 + 
 + 
 +==== Tentacle use examples ==== 
 + 
 +To see the available options, execute ''-h'' parameter, both in the client and server version: 
 +<file> 
 +$ tentacle_client -h 
 +Usage: tentacle_client [options] [file] [file] ... 
 + 
 +Tentacle client v0.4.0. 
 + 
 +Options: 
 +       -a address      Server address (default 127.0.0.1). 
 +       -b localaddress Local address to bind. 
 +       -c              Enable SSL without a client certificate. 
 +       -e cert         OpenSSL certificate file. Enables SSL. 
 +       -f ca           Verify that the peer certificate is signed by a ca. 
 +       -g              Get files from the server. 
 +       -h              Show help. 
 +       -k key          OpenSSL private key file. 
 +       -p port         Server port (default 41121). 
 +       -q              Quiet. Do now print error messages. 
 +       -r number       Number of retries for network operations (default 3). 
 +       -t time         Time-out for network operations in seconds (default 1s). 
 +       -v              Be verbose. 
 +       -w              Prompt for OpenSSL private key password. 
 +       -x pwd          Server password. 
 +       -y proxy        Proxy server string (user:[email protected]:port). 
 + 
 +</file> 
 + 
 +<file> 
 +$ tentacle_server -h 
 +Usage: tentacle_server -s <storage directory> [options] 
 + 
 +Tentacle server v0.5.0. 
 + 
 +Options: 
 +       -a ip_addresses IP addresses to listen on (default 0,0.0.0.0). 
 +                       (Multiple addresses separated by comma can be defined.) 
 +       -c number       Maximum number of simultaneous connections (default 10). 
 +       -d              Run as daemon. 
 +       -e cert         OpenSSL certificate file. Enables SSL. 
 +       -f ca_cert      Verify that the peer certificate is signed by a ca. 
 +       -h              Show help. 
 +       -i              Filters. 
 +       -k key          OpenSSL private key file. 
 +       -m size         Maximum file size in bytes (default 2000000b). 
 +       -o              Enable file overwrite. 
 +       -p port         Port to listen on (default 41121). 
 +       -q              Quiet. Do now print error messages. 
 +       -r number       Number of retries for network opertions (default 3). 
 +       -S (install|uninstall|run) Manage the win32 service. 
 +       -t time         Time-out for network operations in seconds (default 1s). 
 +       -v              Be verbose. 
 +       -w              Prompt for OpenSSL private key password. 
 +       -x pwd          Server password. 
 +       -b ip_address   Proxy requests to the given address. 
 +       -g port         Proxy requests to the given port. 
 +       -T              Enable tcpwrappers support. 
 +                       (To use this option, 'Authen::Libwrap' should be installed.) 
 + 
 +</file> 
 + 
 +Predefined values for all options will also be shown in the help section. 
 + 
 +For all of the following examples. the server is located at the address 192.168.1.1 and the client private key is not protected by pasword. 
 + 
 +  * Simple transfer of a file limited to a maximum of 1 megabyte and placed in ''/tmp'': 
 +<file> 
 + 
 +$ tentacle_server -m 1048576 -s /tmp -v 
 +$ tentacle_client -a 192.168.1.1 -v /home/user/myfile.dat 
 + 
 +</file> 
 + 
 +  * Simple transfer on port 65000 with overwrite mode enabled: 
 + 
 +<file> 
 +$ tentacle_server -o -p 65000 -s /tmp -v 
 +$ tentacle_client -a 192.168.1.1 -p 65000 -v /home/user/myfile.dat 
 + 
 +</file> 
 + 
 +  * 
 + 
 +Simple transfer with authentication based on password: 
 + 
 +<file> 
 +$ tentacle_server -x password -s /tmp -v 
 +$ tentacle_client -a 192.168.1.1 -x password -v /home/user/myfile.dat 
 + 
 +</file> 
 + 
 +  * 
 + 
 +Safe transfer, with no client certificate: 
 + 
 +<file> 
 +$ tentacle_server -e cert.pem -k key.pem -w -s /tmp -v 
 +$ tentacle_client -a 192.168.1.1 -c -v /home/user/myfile.dat 
 + 
 +</file> 
 + 
 +  * 
 + 
 +Safe transfer with client certificate: 
 + 
 +<file> 
 +$ tentacle_server -e cert.pem -k key.pem -f cacert.pem -w -s /tmp -v 
 +$ tentacle_client -a 192.168.1.1 -e cert.pem -k key.pem -v /home/user/myfile.dat 
 + 
 +</file> 
 + 
 +  * 
 + 
 +Safe transfer with client certificate and additional authentication with password (notice the use of the connector ''\'' to make parameter writing easier): 
 + 
 +<file> 
 +$ tentacle_server -x password -e cert.pem -k key.pem -f cacert.pem -w -s /tmp -v 
 +$ tentacle_client \ 
 +  -a 192.168.1.1 \ 
 +  -x password \ 
 +  -e cert.pem \ 
 +  -k key.pem \ 
 +  -v /home/user/myfile.dat 
 + 
 +</file> 
 + 
 +The Tentacle server allows its configuration through a plain text file. All command line options are available through said file. If the same configuration option is specified both in the file and the command line, the value indicated in the latter will have preference. The full path to the configuration file is indicated with the option ''-F'' 
 + 
 +<file> 
 +$ tentacle_server -F /etc/tentacle/tentacle_server.conf 
 + 
 +</file> 
 + 
 + 
 +==== Tentacle Proxy ==== 
 + 
 +The Tentacle server can act as a proxy, communicating many Tentacle clients to an inaccessible Tentacle server. 
 + 
 +The following diagram shows how the Tentacle proxy server works: 
 + 
 +{{  :wiki:pfms-tentacle-proxy_server.png  }} 
 + 
 +The proxy does not have any information, but only sends the information from the clients to the Tentacle server. For example, to launch the Tentacle server in proxy mode use the following parameters: 
 + 
 +<file> 
 +$ tentacle_server -b 192.168.200.200 -g 65000 
 + 
 +</file> 
 + 
 +These parameters are** IP address** (''-b'') and **port** (''-g'') //of the unreachable tentacle server//. Also add the normal parameters on a single line: 
 +<file> 
 +$ tentacle_server -a 192.168.100.100 -p 45000 -b 192.168.200.200 -g 65000 
 + 
 +</file> 
 + 
 +<WRAP center round info 60%>The tentacle in proxy mode also supports authentication and encryption parameters.</WRAP> 
 + 
 + 
 +===== Installing PERL for Windows ===== 
 + 
 +This brief guide is conceived to help configure and execute Tentacle client and server on MS Windows®. 
 + 
 +=== Satellite server === 
 + 
 +[[:en:documentation:start|Go back to Pandora FMS documentation index]] 
 + 
ºº