Bionic Beaver on Z/Architecture: My Personal Mainframe IBM S/390 running Ubuntu 18 Linux on Hercules on OpenSUSE Tumbleweed

Hercules IBM Z/Architecture Mainframe Emulator Console

IBM S/390
Picture courtesy of The Computer Sheds

As a Digital alumnus with reverence for all things DEC, competitor IBM's big iron mainframes and operating systems have always been a curiosity. So far, my IBM experience has been with PC-DOS (here is a PC DOS 2000 based internet-facing web server), their incredible IBM OS/2 Warp, and recently IBM AIX on a virtual box.

Inspired by Astr0baby's blog post and Jeff Sipek's guide, I decided to install Ubuntu 18 "Bionic Beaver" Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-36-generic s390x) on a Hercules-emulated IBM S/390 Mainframe computer running on OpenSUSE Tumbleweed inside a Oracle VirtualBox appliance. This is the first mainframe-class machine emulated at SANYALnet Labs.

Hercules 4.0 Hyperion mainframe emulator was used for the guest S/390.  "Hercules is an open source software implementation of the mainframe System/370 and ESA/390 architectures, in addition to the latest 64-bit z/Architecture." - Hercules official web page.



OpenSUSE Packages

Packages installed in preparation of OpenSUSE Tumbleweed as the build and execution environment for Hercules hypervisor include the following. The standard zypper package management tool for OpenSUSE was used.

# zypper install bridge-utils uml-utilities tunctl net-tools-deprecated ipcalc git cmake vde2 libcap-progs libpcap-devel libpcap1 pcapdump pcapinfo
# zypper install -t pattern devel_C_C++

HOST NETWORK SETUP

OpenSUSE Tumbleweed; IP: 10.100.0.22/24
Guest: S/390, IP Address 10.100.0.23/24
Gateway: 10.100.0.1
DNS: 8.8.8.8 (google DNS)

OpenSUSE's firewall was interfering with the guest S/390s ability to resolve domain names via DNS and access the internet over HTTP(S), both during installation and post-installation of Ubuntu-18 for s390x.  For example, the following message was observed during Ubuntu s390x installation in the guest:

Ubuntu s390x Installer Error accessing Archive Mirrors over Internet

To get around this problem, the host (OpenSUSE) firewall daemon "firewalld" was disabled completely  and a startup script was added to flush and clear iptables rules at boot time.

# systemctl disable firewalld
# systemctl stop firewalld

OpenSUSE host network setup executable script at /root/netsetup/bridge-tap-vde-setup.sh:
-

	#!/bin/bash
	# ---
	# bridge-tap-vde-setup.sh
	# ---
	# Bridge, VDE and Tun/Tap Network Device Setup Script to run emulators.
	# The best place to execute this is probably from /etc/network/if-up.d/
	# (assuming Network Manager is running, not dhcpcd or other dhcp clients)
	#
	# Two configuration items are below, make sure to set them correctly.
	# *** IMPORTANT *** Default DNS also needs to be manually configured on some
	# systems, e.g. for Ubuntu edit /etc/systemd/resolved.conf
	#
	# Uses gawk and ipcalc; make sure they are installed.
	# Writes some dubiously helpful information to kernel log, use dmesg to view.
	#
	# Attempts to disable firewall, clears out iptables, and sets up IPv4 forwarding
	#
	# To see what it accomplished (or not), look at kernel log (dmesg)
	#
	# Tested on OpenSUSE Tumbleweed and Raspbian hosts with Hercules IBM S/390
	# Mainframe and AlphaVM Free DEC Alphaserver ES40 guests running concurrently.
	# Some form of this script is running on numerous hobbyist servers of mine,
	# including a MX Linux server hosting over 33 SIMH VAX and PDP instances
	# talking DECnet and IP on two different VDE switches
	#
	# Please understand and tweak as you need; it basically aims to do this:
	#
	# ----
	# ----------|tun0| <--> IBM S/390 emulator
	# | ---- (Hercules sets this up using /dev/net/tun)
	# -------
	# |Network|
	# |Adapter|
	# | |
	# -------
	# | ------
	# ----------|bridge|
	# |br-ip |
	# ------
	# | --------
	# |--------|inettap0| <--> For use by any emulator
	# | --------
	# |
	# | ----------
	# --------|VDE Switch| (Virtual Distributed Ethernet switch)
	# ----------
	# |
	# | -----------
	# |-|vde-ip-tap0| <--> Available to more emulators
	# | -----------
	# |
	# | -----------
	# |-|vde-ip-tap1| <--> AlphaServer ES40 emulator
	# | -----------
	# |
	# |-... update script to keep adding
	# | more vde tap interfaces as needed.
	#
	# More details:
	# http://supratim-sanyal.blogspot.com/2018/10/bionic-beaver-on-zarchitecture-my.html
	#
	# Licensed under "THE BEER-WARE LICENSE" (Revision 42):
	# Supratim Sanyal <https://goo.gl/FqzyBW> wrote this file. As long as
	# you retain this notice you can do whatever you want with this stuff.
	# If we meet some day, and you think this stuff is worth it, you can buy
	# me a beer in return.
	# ---
	# ----
	# Edit DEVICE to physical interface that has the IP address which will be moved
	# to a bridge, and TAP and VDE plug interfaces made available from the bridge
	# ----
	DEVICE="eth0"
	# ----
	# Edit LOCALUSER to username of the user running simulators
	# ----
	LOCALUSER="system"
	# ------------------------------------------------------------------------------
	# No more changes should be required from here
	# ------------------------------------------------------------------------------
	echo ${0}: Start | tee /dev/kmsg
	# ----
	# Exit if we're called for the loopback
	# ----
	if [ "${DEVICE}" = lo ]; then
	echo ${0}: Doing nothing and exiting for interface ${DEVICE} | tee /dev/kmsg
	exit 0
	fi
	# ----
	# Make sure the NIC exists
	# ----
	if [ ! -d "/sys/class/net/${DEVICE}" ]; then
	echo ${0}: ${DEVICE} does not exist | tee /dev/kmsg
	echo ${0}: Please check config parameter | tee /dev/kmsg
	exit 1
	fi
	# ----
	# Make sure the local username exists
	# ----
	if ! id "${LOCALUSER}" &>/dev/null; then
	echo ${0}: User ${LOCALUSER} does not exist | tee /dev/kmsg
	echo ${0}: Please check config parameter | tee /dev/kmsg
	exit 1
	fi
	# ----
	# Make sure uncommon utilities are installed
	# ----
	if ! type -P "gawk" &>/dev/null; then
	echo ${0}: gawk utility does not exist | tee /dev/kmsg
	echo ${0}: Please install all the requirements | tee /dev/kmsg
	exit 1
	fi
	if ! type -P "ipcalc" &>/dev/null; then
	echo ${0}: ipcalc utility does not exist | tee /dev/kmsg
	echo ${0}: Please install all the requirements | tee /dev/kmsg
	exit 1
	fi
	if ! type -P "vde_switch" &>/dev/null; then
	echo ${0}: vde2 does not seem to be installed | tee /dev/kmsg
	echo ${0}: Please install all the requirements | tee /dev/kmsg
	exit 1
	fi
	# ----
	# Make sure an IP address is assigned to the interface
	# ----
	HOSTIPANDMASK=`ip addr show dev ${DEVICE} | grep inet | head -1 | cut -f 6 -d " "`
	if [ -z "${HOSTIPANDMASK}" ]; then
	echo ${0}: ${DEVICE} has no IP address | tee /dev/kmsg
	echo ${0}: Exiting for ${DEVICE} | tee /dev/kmsg
	# We exit with normal status because if this script is invoked from
	# if-up.d it is invoked multiple times, sometimes with no IP
	# on DEVICE, which is OK.
	exit 0
	fi
	echo ${0}: ${DEVICE} address and netmask ${HOSTIPANDMASK} | tee /dev/kmsg
	# ---
	# All checks passed; do not allow repeat invokations from here on
	# ---
	if test -r "/run/bridge-tap-vde-setup-lock"; then
	echo ${0}: Already set up for adapter `cat /run/bridge-tap-vde-setup-lock` | tee /dev/kmsg
	exit 0
	else
	echo ${0}: ${DEVICE} address and netmask ${HOSTIPANDMASK} > /run/bridge-tap-vde-setup-lock
	fi
	HOSTIP=`echo ${HOSTIPANDMASK}|cut -f 1 -d "/"`
	HOSTNETMASK=`echo ${HOSTIPANDMASK}|cut -f 2 -d "/"`
	HOSTBCASTADDR=`ip addr show dev ${DEVICE} | grep inet | head -1 | cut -f 8 -d " "`
	HOSTDEFAULTGATEWAY=`route -n | grep ^0.0.0.0 | gawk -- '{ print $2 }'`
	NETWORK=`ipcalc $HOSTIP/$HOSTNETMASK | grep Network | cut -f 2 -d ":" | cut -f 1 -d "/" | tr -d '[:space:]'`
	echo ${0}: ---- GATHERED INFORMATION ----- | tee /dev/kmsg
	echo ${0}: NETWORK INTERFACE=${DEVICE} | tee /dev/kmsg
	echo ${0}: HOSTIP=$HOSTIP HOSTNETMASK=$HOSTNETMASK | tee /dev/kmsg
	echo ${0}: NETWORK=$NETWORK HOSTBCASTADDR=$HOSTBCASTADDR HOSTDEFAULTGATEWAY=$HOSTDEFAULTGATEWAY | tee /dev/kmsg
	echo ${0}: ------------------------------- | tee /dev/kmsg
	# ---
	# set up for Hercules IBM S/390 emulator which uses TUN interface not TAP
	# ---
	# Enable IPv4 packet forwarding
	sysctl -w net.ipv4.ip_forward=1
	sysctl -w net.ipv4.conf.all.proxy_arp=1
	# Make sure firewall is stopped and disabled (one of the following should work
	# if a firewall is installed, otherwise these will produce ignorable errors ...
	systemctl stop firewalld
	systemctl disable firewalld
	ufw disable
	# Flush and clear iptables
	iptables-restore -v --wait 2 << IPTABLES-RULES
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	COMMIT
	IPTABLES-RULES
	# ---
	# end set up for Hercules IBM S/390 emulator which uses TUN interface not TAP
	# ---
	# ---
	# Create a TAP network interface for tap/pcap hungry emulators
	# ---
	ip tuntap add inettap0 mode tap user ${LOCALUSER}
	# ---
	# Also create a VDE switch with TAP plugs for use by simuators
	# ---
	vde_switch -t vde-ip-tap0 -s /tmp/vde-ip.ctl -m 666 --mgmt /tmp/vde-ip.mgmt --mgmtmode 666 --daemon # spare plug
	vde_plug2tap -s /tmp/vde-ip.ctl -m 666 -d vde-ip-tap1 # AlphaServer ES40
	#vde_plug2tap -s /tmp/vde-ip.ctl -m 666 -d vde-ip-tap2 # spare plug
	#vde_plug2tap -s /tmp/vde-ip.ctl -m 666 -d vde-ip-tap3 # spare plug
	# Create a Bridge
	ip link add name br-ip type bridge
	brctl stp br-ip on
	# Bridge the NIC ${DEVICE}, the TAP device and VDE Switch TAP0 plug
	ip link set ${DEVICE} master br-ip
	ip link set inettap0 master br-ip
	ip link set vde-ip-tap0 master br-ip
	# Remove obsolete default route and move the IP address from ${DEVICE} to
	# the bridge
	ip route delete default via $HOSTDEFAULTGATEWAY dev ${DEVICE}
	ip addr flush dev ${DEVICE}
	ip addr add ${HOSTIPANDMASK} broadcast $HOSTBCASTADDR dev br-ip
	# Bring everything back up
	ip link set dev inettap0 up
	ip link set vde-ip-tap0 up
	ip link set vde-ip-tap1 up
	#ip link set vde-ip-tap2 up
	#ip link set vde-ip-tap3 up
	#...
	ip link set dev br-ip up
	# Reset the default route to via the bridge interface which now has the IP
	ip route add default via $HOSTDEFAULTGATEWAY dev br-ip
	echo ${0}: ---- NETWORK RECONFIGURED, WAITING TO SETTLE DOWN ---- | tee /dev/kmsg
	sleep 15
	sync;sync;sync
	echo ${0}: ---- AFTER BRIDGE AND TAP ---- | tee /dev/kmsg
	ip addr | tee /dev/kmsg
	echo ${0}: --- ROUTE --- | tee /dev/kmsg
	route -n | tee /dev/kmsg
	echo ${0}: --- BRIDGE --- | tee /dev/kmsg
	brctl show | tee /dev/kmsg
	echo ${0}: --- IPTABLES --- | tee /dev/kmsg
	iptables -L | tee /dev/kmsg
	echo ${0}: --- PING TEST --- | tee /dev/kmsg
	PINGOK=0
	for i in {1..15}
	do
	ping -c 1 -w 5 google.com | tee /dev/kmsg
	if [ "$?" -eq 0 ]; then
	PINGOK=1
	echo ${0}: Internet becomes reachable on ping try $i | tee /dev/kmsg
	break
	else
	echo ${0}: Internet unreachable on ping try $i | tee /dev/kmsg
	sleep 1
	fi
	done
	if [ "${PINGOK}" -eq 0 ]; then
	echo ${0}: WARNING Cannot reach the internet or DNS issue | tee /dev/kmsg
	fi
	# --
	# We can now attach simulators
	# --
	sync;sync;sync
	echo ${0}: Normal Exit | tee /dev/kmsg
	exit 0

view raw bridge-tap-vde-setup.sh hosted with ❤ by GitHub

-

The following was added to /etc/init.d/after.local to get the network setup script to execute at boot time:

#!/bin/bash
#
# --
# /etc/init.d/after.local
# --
touch /forcefsck
/root/netsetup/bridge-tap-vde-setup.sh > /tmp/bridge-tap-vde-setup.sh 2>&1
sync
exit 0

Also the after-local service was enabled for /etc/init.d/after.local script to execute at boot-time:

# systemctl enable after-local.service

# systemctl start after-local.service

IBM S/390 Mainframe in Hercules and Ubuntu 18 (s390x) installation

Hercules startup and CD-ROM boot command

Astr0baby's instructions were followed for rest of the installation of Ubuntu 18 s390x on the guest. The full command to mount the downloaded distribution CD-ROM ISO image on OpenSUSE's /mnt directory is:

$ sudo mount -t iso9660 -o loop ubuntu-18.04.1-server-s390x.iso /mnt

The following hercules.cnf file was used:

-

	ARCHMODE z/Arch
	#ARCHLVL z/Arch
	#ALRF ENABLE (deprecated)
	archlvl ENABLE asn_lx_reuse
	CCKD RA=2,RAQ=4,RAT=2,WR=2,GCINT=5,GCPARM=0,NOSTRESS=0,TRACE=0,FREEPEND=-1
	CNSLPORT 3270
	CONKPALV (3,1,10)
	CPUMODEL 3090
	CPUSERIAL 012345
	DIAG8CMD ENABLE
	ECPSVM YES
	LOADPARM 0A95DB..
	LPARNAME HERCULES
	MAINSIZE 1024
	MOUNTED_TAPE_REINIT DISALLOW
	NUMCPU 2
	OSTAILOR Z/OS
	PANRATE 80
	PGMPRDOS LICENSED
	SHCMDOPT NODIAG8
	SYSEPOCH 1900
	TIMERINT 50
	TZOFFSET +1400
	YROFFSET 0
	# .-----------------------Device number
	# | .-----------------Device type
	# | | .---------File name and parameters
	# | | |
	# V V V
	#--- ---- --------------------
	# Display Terminals
	0700 3270
	0701 3270
	# dasd
	0120 3390 ./dasd/ubuntu.disk
	## console
	##001F 3270
	#
	## terminal
	##0009 3215
	#
	## reader
	##000C 3505 ./rdr/kernel.debian ./rdr/parmfile.debian ./rdr/initrd.debian autopad eof
	#
	## printer
	##000E 1403 ./prt/print00e.txt crlf
	#
	## dasd
	##0120 3390 ./dasd/3390.LINUX.0120
	##0121 3390 ./dasd/3390.LINUX.0121
	#
	## tape
	##0581 3420
	# network s390 realbox
	0A00,0A01 CTCI -n /dev/net/tun -t 1500 10.100.0.23 10.100.0.22

view raw hercules.cnf hosted with ❤ by GitHub

-

Hercules had to be launched from OpenSUSE root account; even sudo from a user account did not work for letting Hercules access the tun adapter completely for networking. This is despite setting permissions on the /dev/net/tun, /use/local/bin/hercifc etc. as described in "Hercules Version 4: TCP/IP networking with Hercules".

Since any desired Ubuntu packages could be installed later, only the "SSH server" option was selected in addition to the Ubuntu base install in the installation software selection options screen.

The actual Ubuntu 18.04 s390x installation turned out to be uneventful. It followed a similar path to Ubuntu installation on x64. Automatic post-installation reboot did not work as Hercules stopped with halt when the guest operating system shut down for reboot. Exiting and relaunching the emulator and booting the guest operating system worked fine. Here is a video captured during the installation process:

Automatic boot-up of guest Ubuntu s390x on startup of Hercules hypervisor was achieved by creating a file "hercules.rc" in the same directory as "hercules.cnf" with a line containing the same command used at the Hercules prompt to boot manually:

ipl 120

Pressing ESC in the Hercules console screen toggles between a "graphical" view of the S/390 showing processor registers, the processor status word/flags, CPU usage, disk and network I/O etc. as in the example at the top of this post.

Anything typed in starting with a period at the Hercules console's "herc ====>" prompt is sent on to the virtual guest directly (i.e. not processed by the emulator itself). Therefore, even if SSH access to the Ubuntu s390x guest is unavailable, it is possible to login to Ubuntu s390x by entering .username and .password starting with a period (i.e. a dot) at the beginning on the Hercules console, and execute Linux commands by typing them in starting with dots the same way.

It is exciting to be able to run a mainframe version of Ubuntu as a hobbyist system!

-

	➤ ssh ibmuser@10.100.0.23
	Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-36-generic s390x)
	* Documentation: https://help.ubuntu.com
	* Management: https://landscape.canonical.com
	* Support: https://ubuntu.com/advantage
	System information as of Sat Oct 20 13:28:17 BST 2018
	System load: 1.71 Processes: 104
	Usage of /: 73.1% of 2.19GB Users logged in: 0
	Memory usage: 21% IP address for slca00: 10.100.0.23
	Swap usage: 0%
	0 packages can be updated.
	0 updates are security updates.
	Last login: Sat Oct 20 13:17:08 2018 from 10.100.0.22
	To run a command as administrator (user "root"), use "sudo <command>".
	See "man sudo_root" for details.
	ibmuser@s390x:~$
	ibmuser@s390x:~$ uname -a
	Linux s390x 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:13:24 UTC 2018 s390x s390x s390x GNU/Linux
	ibmuser@s390x:~$
	ibmuser@s390x:~$ cat /proc/cpuinfo
	vendor_id : IBM/S390
	# processors : 2
	bogomips per cpu: 192307.00
	max thread id : 0
	features : esan3 zarch stfle msa ldisp eimm edat etf3eh highgprs sie
	facilities : 0 1 2 3 6 7 8 9 10 11 13 16 17 18 19 20 21 22 23 24 25 26 27 28 30 31 32 33 34 35 36 40 41 42 43 45 47 49 52 66 75 76 77
	cache0 : level=1 type=Data scope=Private size=512K line_size=256 associativity=-1
	cache1 : level=1 type=Instruction scope=Private size=512K line_size=256 associativity=-1
	processor 0: version = 00, identification = 012345, machine = 3090
	processor 1: version = 00, identification = 112345, machine = 3090
	ibmuser@s390x:~$
	ibmuser@s390x:~$ cat /proc/ioports
	ibmuser@s390x:~$
	ibmuser@s390x:~$ free -h
	total used free shared buff/cache available
	Mem: 797M 68M 92M 280K 635M 677M
	Swap: 105M 0B 105M
	ibmuser@s390x:~$
	ibmuser@s390x:~$ df -h
	Filesystem Size Used Avail Use% Mounted on
	udev 393M 0 393M 0% /dev
	tmpfs 80M 280K 80M 1% /run
	/dev/dasda1 2.2G 1.9G 205M 91% /
	tmpfs 399M 0 399M 0% /dev/shm
	tmpfs 5.0M 0 5.0M 0% /run/lock
	tmpfs 399M 0 399M 0% /sys/fs/cgroup
	tmpfs 80M 0 80M 0% /run/user/1000
	ibmuser@s390x:~$
	ibmuser@s390x:~$ cat /proc/interrupts
	CPU0 CPU1
	EXT: 370136 360776
	I/O: 98294 73850
	AIO: 0 0
	CLK: 252482 254795 [EXT] Clock Comparator
	EXC: 117522 105843 [EXT] External Call
	EMS: 0 0 [EXT] Emergency Signal
	TMR: 0 0 [EXT] CPU Timer
	TAL: 0 0 [EXT] Timing Alert
	PFL: 0 0 [EXT] Pseudo Page Fault
	DSD: 0 0 [EXT] DASD Diag
	VRT: 0 0 [EXT] Virtio
	SCP: 132 138 [EXT] Service Call
	IUC: 0 0 [EXT] IUCV
	CMS: 0 0 [EXT] CPU-Measurement: Sampling
	CMC: 0 0 [EXT] CPU-Measurement: Counter
	FTP: 0 0 [EXT] HMC FTP Service
	CIO: 5 4 [I/O] Common I/O Layer Interrupt
	QAI: 0 0 [I/O] QDIO Adapter Interrupt
	DAS: 32030 26348 [I/O] DASD
	C15: 0 0 [I/O] 3215
	C70: 0 0 [I/O] 3270
	TAP: 0 0 [I/O] Tape
	VMR: 0 0 [I/O] Unit Record Devices
	LCS: 0 0 [I/O] LCS
	CTC: 66259 47498 [I/O] CTC
	APB: 0 0 [I/O] AP Bus
	ADM: 0 0 [I/O] EADM Subchannel
	CSC: 0 0 [I/O] CHSC Subchannel
	PCI: 0 0 [I/O] PCI Interrupt
	MSI: 0 0 [I/O] MSI Interrupt
	VIR: 0 0 [I/O] Virtual I/O Devices
	VAI: 0 0 [I/O] Virtual I/O Devices AI
	NMI: 0 0 [NMI] Machine Check
	RST: 0 1 [CPU] CPU Restart
	ibmuser@s390x:~$
	ibmuser@s390x:~$
	ibmuser@s390x:~$

view raw IBM-S390-UBUNTU-18.04-LOGIN hosted with ❤ by GitHub

-

Download

You can download free snippets of the experiment's session logs from my google drive. In addition. here are some random images of screenshots taken during having all this fun!

Pandora FMS and eHorus - a great integrated network monitoring and SaaS cloud-based remote management system

eHorus integration in Pandora FMS web interface (Processes vie)

After playing around with the usual network monitoring tools, all of them impressive (Nagios, PRTG, Zabbix, Zenoss), I have settled down on Pandora FMS for a few years to monitor hobbyist servers in SANYALnet Labs. With solid agent-based real-time performance monitoring and alarming capabilities and an impressive "recon" task with automatic network hierarchy discovery and visual network mapping features, Pandora FMS has been serving me very well.

After a recent upgrade to the latest Pandora FMS distribution, I discovered it supports seamless integration with the eHorus cloud-based remote management system (SaaS) for total command and control of my network nodes right from inside the Padora FMS web interface as well as the eHorus portal internet web-site.

The steps to deploy eHorus and the required registration form and agent downloads are described pretty well at the eHorus web-site. The free tier allows up to 10 nodes and one concurrent user - quite enough for a hobbyist environment like mine.

I started off by registering an account at the eHorus portal and installing the CentOS 7 64-bit eHorus agent on my Dell PowerEdge R710 virtualization host that runs a bunch of SANYALnet Labs hobbyist nodes.

I downloaded and installed the eHorus agent for 64-bit CentOS 7 following these instructions.The only change I made to the /etc/ehorus/ehorus_agent.conf file is to substitute my real eHorus userid in the "#eh_user USER" parameter in the config file.

	#############################################################################;
	# eHorus agent configuration file.
	# (c) 2015 Artica Soluciones Tecnologicas
	#############################################################################
	# Addes of the ehorus_cmd server (Windows only).
	cmd_address 127.0.0.1
	# Port of the ehorus_cmd server (Windows only).
	cmd_port 41120
	# Run as a daemon/win32 service.
	daemon 1
	# Address of the eHorus server.
	#eh_address hub.ehorus.com
	# Port of the eHorus server.
	#eh_port 8080
	# Address for local connections. By default the same IP address the agent uses
	# to connect to the eHorus server is used.
	#eh_local_address
	# Certificate file for SSL local connections.
	#eh_local_cert
	# Certificate key for SSL local connections.
	#eh_local_key
	# Port for local connections.
	#eh_local_port 80
	# eHorus Hash (generated by Provisioning Server)
	#eh_hash EH_HASH
	# eHorus Key
	#eh_key EH_KEY
	# eHorus user
	#eh_user USER
	# Log file (log to stdout by default).
	#log_file /var/log/ehorus_agent.log
	# Passphrase used to access the agent from the eHorus client.
	#password secret
	# Address of the provisioning server.
	prov_address switch.ehorus.com
	# Port of the provisioning server.
	prov_port 443
	# Address of the VNC server.
	vnc_address 127.0.0.1
	# Port of of the VNC server.
	vnc_port 5901
	# Set to 1 to suppress error messages.
	quiet 0
	# Storage directory for file uploads and downloads.
	storage_dir /home
	# Log messages verbosity level. 0 does not print log and 9 prints all logs
	verbose 3
	# Proxy server address
	#proxy_address 127.0.0.1
	# Proxy server entry port
	#proxy_port 3186
	# User for proxy authentication.
	#proxy_user
	# Passphrase for proxy authentication.
	#proxy_pass
	# Timeout in seconds for a user session. The connection will be closed after <session_timeout> seconds of inactivity.
	session_timeout 300
	# Set to 1 to only send IP and OS to directory server.
	#disable_info 1
	# Way to connect to a section (always or disable)
	access_terminal always
	access_display always
	access_processes always
	access_services always
	access_files always
	access_share always
	# Permits delete files remotely from the client.
	enable_file_delete 1
	# File system encode (UTF-8 by default)
	#encoding UTF-8
	#############################################################################
	# Advanced settings. Do not change unless you know what you are doing!
	#############################################################################
	# Block size in bytes for network read operations.
	block_size 16384
	# Timeout in seconds for network operations.
	timeout 5
	# WebSocket ping frames will be sent to the eHorus server every ping_interval
	# seconds.
	ping_interval 300
	# Max payload size for network write operations.
	max_payload_size 524288

view raw ehorus_agent.conf (CentOS 7) hosted with ❤ by GitHub

I then enabled and started the ehorus_agent_daemon using the systemctl command.

# systemctl enable  ehorus_agent_daemon
# systemctl start ehorus_agent_daemon
# systemctl status  ehorus_agent_daemon
● ehorus_agent_daemon.service - LSB: eHorus Agent startup script
   Loaded: loaded (/etc/rc.d/init.d/ehorus_agent_daemon; bad; vendor preset: disabled)
   Active: active (running) since Fri 2018-10-05 23:55:20 UTC; 2h 13min ago
     Docs: man:systemd-sysv-generator(8)
   CGroup: /system.slice/ehorus_agent_daemon.service
           └─20940 /usr/bin/ehorus_agent -f /etc/ehorus/ehorus_agent.conf

Oct 05 23:55:18 dell-poweredge-r710.sanyalnet.lan systemd[1]: Starting LSB: eHorus Agent startup script...
Oct 05 23:55:19 dell-poweredge-r710.sanyalnet.lan ehorus_agent_daemon[20908]: 2018-10-05 23:55:19 [log][2] WARNING: no pas...t!
Oct 05 23:55:20 dell-poweredge-r710.sanyalnet.lan ehorus_agent_daemon[20908]: eHorus Agent is now running with PID 20940
Oct 05 23:55:20 dell-poweredge-r710.sanyalnet.lan systemd[1]: Started LSB: eHorus Agent startup script.
Hint: Some lines were ellipsized, use -l to show in full.

Checking the eHorus web portal, I could now see my server:

eHorus Portal (internet web site) with one server

eHorus provides the following options for command and control of configured servers:

• Terminal
• Desktop,
• Processes
• Services
• Files.

eHorus Node Details Screen at Web Portal

eHorus integrates with Pandora FMS enabling seamless monitoring and control facilities for nodes from right inside the Pandora FMS web UI. Here is an example of a eHorus terminal window inside a Pandora FMS web session:

 eHorus terminal inside Pandora FMS

I will gradually deploy eHorus remote management agents on some of my other nodes. Unfortunately, the eHorus agent is not available for OpenVMS VAX or Alpha, Solaris, AIX, NetBSD and similar unusual operating systems that I play around with.