Vidispine Server Agent

The Vidispine Server Agent, VSA, is a daemon process running on servers connecting to a Vidispine Server, VS. VSA is composed of a Vidispine Transcoder and the VSA supervisor.

How to install VSA

Prerequisites

  • A running VS instance, version 4.4 or newer
  • A server running Ubuntu 14.04 or higher, 64-bit, or CentOS 6.5 or higher, 64-bit

Installation

Add the Vidispine repository according to the documentation on repository. Then you can install and start VSA. With Ubuntu/Debian:

$ sudo apt-get install vidispine-agent vidispine-agent-tools

With CentOS/RedHat:

$ sudo yum install vidispine-agent vidispine-agent-tools

After that, the agent can be connected to Vidispine server.

Connecting to Vidispine

The agent can then be connected either with or without establishing an SSH tunnel to Vidispine server. The latter should be used if an encrypted network connection has already been established to Vidispine server, or if the server and the agent runs within the same network.

Connecting with SSH tunnel

The configuration files are located in /etc/vidispine/. Configuration can be stored in either the file agent.conf in this directory, or in files in the subdirectory agent.conf.d. It is recommended that a file is created in the agent.conf.d directory. Specifically, there are two setting that has to be set: the connection to VS, and the unique name of the VSA server. The first one you will get from the Vidispine instance.

  1. Enable the Vidispine VSA port, by adding this to the server.yaml file (change the port number as necessary). The server will need to restart for any changes to take effect.

    vsaconnection:
       bindPort: 8183
    

    Note

    This step is new in Vidispine 4.6.

  2. On the Vidispine instance, install the vidispine-tools package and run

    $ sudo vidispine-admin vsa-add-node
    

    Note

    In Vidispine 4.6, the command has changed to vsa-add-node. With the new vsa-add-node command, one VSA can connect to multiple vidispine-servers.

  3. Fill in the user name, password and IP address. Enter the unique name, but you can leave the UUID empty.

  4. Now, on the VSA server, add this information to /etc/vidispine/agent.conf.d/connection.

  5. Start VSA:

    $ sudo service vidispine-agent start
    $ sudo service transcoder start
    
  6. Wait 30 seconds. Now verify that it is connected:

    $ sudo vidispine-agent-admin status
    

    Agent, transcoder and Vidispine should all be ONLINE.

Connecting without SSH tunnel

  1. Create a file /etc/vidispine/agent.conf.d/custom.conf with content like:

    userName=admin
    password=KioqYWRtaW4=
    directVSURI=http://172.17.0.7:8080/
    vsaURI=http://172.17.0.8:8090/
    
    • userName: Vidispine user name.
    • password: Base64 encoded value of a *** prefixed password. For example, the value should be the result of echo -n ***admin | base64, if the password is admin.
    • directVSURI: the address VSA uses to connect to Vidispine server.
    • vsaURI: the address that can be used by Vidispine server to connect to VSA
  2. Restart VSA:

    $ sudo service vidispine-agent restart
    
  3. Wait 30 seconds. Now verify that it is connected:

    $ sudo vidispine-agent-admin status
    

    Agent, transcoder and Vidispine should all be ONLINE.

  4. Also, the VSA should listed under the server:

    $ curl -X GET -uadmin:admin http://localhost:8080/API/vxa
    

Adding a share

On the VSA, run the following command:

$ sudo vidispine-agent-admin add-local-share

This will add a share in VSA, and create a storage in VS. You can verify this by listing the storages (List all storages). The storage is listed with a method that has a vxa: URI scheme. The UUID (server part) of the URI matches the UUID from vidispine-agent-admin status.

Warning

If the share is removed from the VSA, the storage will be automatically deleted from VS, including all file information (but not the files themselves). In order to keep the storage, e.g., if the storage is moved from one VSA to another, remove the vxaId metadata field from the storage.

Enable write access

When a new share is added, the storage method is marked as read-only. To enable writing to the share:

  • set the write field of the method to true, and
  • change the storage type to LOCAL (meaning it can be a target for all file operations)

Associate many VSAs to one storage

It is possible to have several VSA nodes serving one shared file system. This can be used for increasing transcoding capability or to generated redundancy.

  1. Add the share individually on all VSAs (see above). This will generate as many storages as there are VSAs.
  2. Now copy the storage methods from all but the first storage to the first storage.
  3. On the first storage, remove the vxaId storage metadata (see above).
  4. Remove all but the first storage.

VSA and S3 credentials

A VSA transcoder can be given direct access to S3 storages, meaning the agent will access the files directly without them being proxied by the main server. If the configuration property useS3Proxy is set to true, pre-signed URLs will be used for agents to read S3 objects. If it is set to false, or if it is a WRITE operation, AWS credentials will be sent to agents.

The type of AWS credentials being sent to the agents can be controlled by the configuration property s3CredentialType:

  • secretKey: The access key and the secret access key configured in the S3 storage URI will be sent to the agent.
  • temporary: The AWS Security Token Service (STS) will be used to generate temporary credentials to send to the agents. The duration of the credentials is controlled by stsCredentialDuration. You can set stsRegion to control in which region Vidispine server will call the AWS Security Token Service (STS) API.
  • none: No credentials will be sent to the agent. The agent then needs to rely on a local AwsCredentials.properties file, or an IAM role on the instance to access S3 objects.

There is also a configuration entry called s3CredentialType available in the agent.conf, that can be used to configure this behavior on a per-agent basis.

The final effective credential type will be the min of Server s3CredentialType and Agent s3CredentialType. And the order of the values is secretKey > temporary > none.

For example, no credentials will be sent to the agent, if an agent has the following configuration:

s3CredentialType=none

and the server has:

<property lastChange="2014-07-14T14:55:15.432+02:00">
  <key>s3CredentialType</key>
  <value>temporary</value>
</property>

Note

For an older agent to work with 4.14 server, the credential type on the server side has to be set to either secretKey or none.

Direct transfers between VSAs

New in version 5.0.

When Vidispine server copies or moves a file between two agent storages, the default is for Vidispine server to read the file from one agent and then write it to the other agent. In the case where the agents actually are able to reach each other, this is obviously quite inefficient, since the data is streamed through Vidispine server.

To let Vidispine server send a transfer job to the agent which hosts the source file, which then sends the file directly to the receiving agent. To enable this you configure both agents with the same value of the agent property agentGroup.

The destination URI, where the agent will try to send its file, will as default be the uri of the receiving agent, as seen at GET /vxa/(uuid). For example:

<VXADocument xmlns="http://xml.vidispine.com/schema/vidispine">
    <uuid>aa4a7ef6-087c-4003-82fb-983c0e91d9c3</uuid>
    <name>Test agent</name>
    <uri>http://localhost:57893/</uri>
    <agentGroup>office-vsa-group</agentGroup>
    ...
</VXADocument>

However, in many cases that URI might not be a URI that the first agent can reach, for example if the agent is connected through SSH (then the URI typically is something like: http://localhost:5678/). To overcome this the agents can set the agent property externalUri to an URI that the agent can be reached at. This may be used in conjunction with the property: bindAddressV4 and/or bindAddressV6.

Agent properties

Configuration properties that can be used in the agent configuration file:

agentGroup
String that is used to signal to Vidispine server that all agents in the same group can reach each other.
externalUri
URI that the agent can be reached at. For example: http://10.0.0.20:8090/, https://vsa.example.com/.
bindAddressV4/bindAddressV6
The network address that the agent should accept connections on.

Examples

Two agents are one the same network and connect directly to Vidispine server, we only need to set agentGroup in each agents configuration file to the same value:

uuid=aa4a7ef6-087c-4003-82fb-983c0e91d9c3
agentGroup=office-vsa-group
...
uuid=e5db8d36-470c-44fa-8499-967537ddae6a
agentGroup=office-vsa-group
...

One agent is connecting to Vidispine server using SSH, we then need to set the externalUri property for that agent:

uuid=aa4a7ef6-087c-4003-82fb-983c0e91d9c3
agentGroup=office-vsa-group
...
uuid=e5db8d36-470c-44fa-8499-967537ddae6a
agentGroup=office-vsa-group
externalUri=http://10.0.0.23:8090/
...