Vidispine Server Agent¶
The Vidispine Server Agent, VSA, is a daemon process running on servers connecting to a Vidispine Server, VS. VSA is composed of a Vidispine Transcoder and the VSA supervisor.
How to install VSA¶
Prerequisites¶
- A running VS instance, version 4.4 or newer
- A server running Ubuntu 14.04 or higher, 64-bit, or CentOS 6.5 or higher, 64-bit
Installation¶
Add the Vidispine repository according to the documentation on repository. Then you can install and start VSA. With Ubuntu/Debian:
$ sudo apt-get install vidispine-agent vidispine-agent-tools
With CentOS/RedHat:
$ sudo yum install vidispine-agent vidispine-agent-tools
After that, the agent can be connected to Vidispine server.
Connecting to Vidispine¶
The agent can then be connected either with or without establishing an SSH tunnel to Vidispine server. The latter should be used if an encrypted network connection has already been established to Vidispine server, or if the server and the agent runs within the same network.
Connecting with SSH tunnel¶
The configuration files are located in /etc/vidispine/
.
Configuration can be stored in either the file agent.conf
in this directory, or in files in the subdirectory agent.conf.d
.
It is recommended that a file is created in the agent.conf.d
directory.
Specifically, there are two setting that has to be set: the connection to VS, and the unique name of the VSA server. The first one you will get from the Vidispine instance.
Enable the Vidispine VSA port, by adding this to the
server.yaml
file (change the port number as necessary). The server will need to restart for any changes to take effect.vsaconnection: bindPort: 8183
Note
This step is new in Vidispine 4.6.
On the Vidispine instance, install the vidispine-tools package and run
$ sudo vidispine-admin vsa-add-node
Note
In Vidispine 4.6, the command has changed to
vsa-add-node
. With the new vsa-add-node command, one VSA can connect to multiple vidispine-servers.Fill in the user name, password and IP address. Enter the unique name, but you can leave the UUID empty.
Now, on the VSA server, add this information to
/etc/vidispine/agent.conf.d/connection
.Start VSA:
$ sudo service vidispine-agent start $ sudo service transcoder start
Wait 30 seconds. Now verify that it is connected:
$ sudo vidispine-agent-admin status
Agent, transcoder and Vidispine should all be ONLINE.
Connecting without SSH tunnel¶
New in version 4.6.
Create a file
/etc/vidispine/agent.conf.d/custom.conf
with content like:userName=admin password=KioqYWRtaW4= directVSURI=http://172.17.0.7:8080/ vsaURI=http://172.17.0.8:8090/
userName
: Vidipsine user name.password
: Base64 encoded value of a***
prefixed password. For example, the value should be the result ofecho -n ***admin | base64
, if the password isadmin
.directVSURI
: the address VSA uses to connect to Vidispine server.vsaURI
: the address that can be used by Vidsipine server to connect to VSA
Restart VSA:
$ sudo service vidispine-agent restart
Wait 30 seconds. Now verify that it is connected:
$ sudo vidispine-agent-admin status
Agent, transcoder and Vidispine should all be ONLINE.
Also, the VSA should listed under the server:
$ curl -X GET -uadmin:admin http://localhost:8080/API/vxa
VSA and S3 credentials¶
A VSA transcoder can be given direct access to S3 storages,
meaning the agent will access the files directly without them being proxied by the main server. If the configuration
property useS3Proxy
is set to true
, pre-signed urls will be used for agents to read S3 objects.
If it is set to false
, or if it is a WRITE
operation, AWS credentials will be sent to agents.
Since 4.14, the type of AWS credentials being sent to the agents can be controlled by the configuration property s3CredentialType
:
secretKey
: The access key and the secret access key configured in the S3 storage uri will be sent to the agent.temporary
: The AWS Security Token Service (STS) will be used to generate temporary credentials to send to the agents. The duration of the credentials is controlled bystsCredentialDuration
. You can setstsRegion
to control in which region Vidispine server will call the AWS Security Token Service (STS) API.none
: No credentials will be sent to the agent. The agent then needs to rely on a localAwsCredentials.properties
file, or an IAM role on the instance to access S3 objects.
There is also a configuration entry called s3CredentialType
available in the agent.conf
, that can be used to configure this behavior on a per-agent basis.
The final effective credential type will be the min of Server s3CredentialType and Agent s3CredentialType. And the order of the values is secretKey > temporary > none
.
For example, no credentials will be sent to the agent, if an agent has the following configuration:
s3CredentialType=none
and the server has:
<property lastChange="2014-07-14T14:55:15.432+02:00">
<key>s3CredentialType</key>
<value>temporary</value>
</property>
Note
For an older agent to work with 4.14 server, the credential type on the server side has to be set to either secretKey
or none
.