Headless operation with USB keys
You may only need a headless, isolated, importation point. Files to transfer are copied to a USB key, and each time this key is plugged to the black Interdiode server, files are automatically transferred to the red network and removed from the key. This process works better when used with a simple USB switch, to attach the USB key to and to avoid wandering USB keys.
System configuration
A UDEV rule must be created to detect when USB keys are plugged in.
The following binaries must be available: mount, batch, sudo, umount.
sudo and batch can be missing on minimal Linux distributions and must be installed.
Of course, the filesystem must be known from the system.
# the exact location of id_udev.py and interdiode-ctl depends on the installation method
cat << EOF | sudo tee '/etc/udev/rules.d/interdiode.rules'
ACTION=="add", ENV{DEVTYPE}=="partition", RUN+="/usr/local/bin/id_udev.py -C /etc/interdiode"
EOF
cat << EOF | sudo tee '/etc/interdiode/usb_root.ini'
[main]
command = /usr/local/bin/interdiode-ctl
mount = /bin/mount
batch = /usr/bin/batch
sudo = /usr/bin/sudo
umount = /bin/umount
user = interdiode_user
EOF
sudo udevadm control --reload-rules
When the USB key is plugged in and the partition is mounted (LUKS partitions are therefore not handled), id_udev.py is run.
It calls itself through the batch command because commands run through udev have a 30-second timeout.
The second call mounts the partition in a temporary directory, drops its privileges and calls interdiode-ctl for
importing present files and transferring them, then umounts the partition and exits.
Only known USB keys (identified by their hardware serial number and their partition UID) are mounted, or if a USB key waiting for registration (see below for more details).
Management
USB keys can be managed with only the command-line interface. First, a group of USB keys must be created; all keys will share the same transfer options.
$ interdiode-ctl usb_devices create FirstUsbGroup --delete-after-import --write-log --auto-transfer --max-size 100000000 --max-expiration 864000
A USB device group 'FirstUsbGroup' has been created.
UID = 985a9513-7607-421e-be83-6c42cd87d726
Then, you need to add at least one USB device to this group. If multiple partitions exist on the device, only one will be used. You need to perform this process for each extra partition you want to register.
$ interdiode-ctl usb_devices register 985a9513-7607-421e-be83-6c42cd87d726 --name "USB Key 1" --filename-regexp '.*\.pdf'
New device: please write a file named 'register.txt' containing '61bdf4aa' at the root of the new device before connecting it to this server.
To finalize the registering process, you must create on the key a file register.txt with the given id and plug in it to the server.
This file will be detected and the identifiers (serial number and partition uid) the key will be registered.
Usage
Once a USB key is successfully registered, just copy some files on it and plug it to the server. They should be transferred to the red instance and associated to the right peremption date.
Configuration
Obviously, the root process cannot access to the SQL database. Known USB devices are described in a configuration file.
This file must be writeable by the server process and readable by the root process.
By default, this file is stored in /etc/interdiode but this directory can be configured in [usb]registration_dir.
Of course, if you change this directory, you must also update /etc/udev/rules.d/interdiode.rules.