Data diode replication service

Contents

• Data diode replication service

  • Setup

  • EAPI methods

Allows to replicate nodes via uni-directional network. The configuration is similar to Replication service with the following differences:

• Incoming API calls can not be enabled.

• Only PSRT - industrial Pub/Sub for WAN is supported as the pub/sub server. Requires the server to accept UDP publish requests.

See also: Uni-directional networks (Data diodes).

Setup

Use the template EVA_DIR/share/svc-tpl/svc-tpl-replication-uni.yml:

# EVA ICS unidirectional UDP replication service (PSRT)
command: svc/eva-repl-uni
workers: 1
bus:
  path: var/bus.ipc
config:
  pubsub:
    # PSRT UDP host/port, a single value, clusters are not supported
    host: 127.0.0.1:2873
    # MTU, should be about 100 bytes less than the actual network MTU
    mtu: 1200
    username: null
    key: null
    # pub/sub queue size
    queue_size: 1024
  # the local key service, required both to make and process API calls via PubSub
  key_svc: eva.aaa.localauth
  # set null to turn off announcements
  announce_interval: 10
  # interval to submit all items, should be lower than the node timeout on the
  # remote side or there should be at least a single item which state is
  # updated more frequently than the remote node timeout
  interval: 20
  send:
    topic: all
    # enable compression, recommended
    compress: true
    encryption_key: default # set (key id) to enable bulk encryption
    buf_ttl_sec: 0.5
  # subscribed OIDs
  oids:
    - "#"
  oids_exclude: []
  # DANGEROUS, enable for multi-level clusters only
  #replicate_remote: true
user: nobody

Create the service using eva-shell:

eva svc create eva.repl.1 /opt/eva4/share/svc-tpl/svc-tpl-replication-uni.yml

or using the bus CLI client:

cd /opt/eva4
cat DEPLOY.yml | ./bin/yml2mp | \
    ./sbin/bus ./var/bus.ipc rpc call eva.core svc.deploy -

(see eva.core::svc.deploy for more info)

EAPI methods

See EAPI commons for the common information about the bus, types, errors and RPC calls.