Skip to content

Linux

Package Installation

Install via your distribution's package manager:

# Debian / Ubuntu
sudo dpkg -i dcvix-director_<version>.deb
sudo dpkg -i dcvix-agent_<version>.deb

# Rocky Linux / RHEL
sudo rpm -i dcvix-director-<version>.rpm
sudo rpm -i dcvix-agent-<version>.rpm

Service Management

Both components register as systemd services (package install or make install):

sudo systemctl enable --now dcvix-director
sudo systemctl enable --now dcvix-agent

Common operations:

sudo systemctl status dcvix-director
sudo systemctl restart dcvix-agent
sudo journalctl -u dcvix-director -f

Run Without Installing

# Director
dcvix-director --conf path/to/dcvix-director.conf

# Agent
dcvix-agent --conf path/to/dcvix-agent.conf

File Paths

Component Config Data Logs
Director /etc/dcvix-director/dcvix-director.conf /var/lib/dcvix-director/ /var/log/dcvix-director/
Agent /etc/dcvix-agent/dcvix-agent.conf /var/lib/dcvix-agent/ /var/log/dcvix-agent/

The policy directory for the director:

/etc/dcvix-director/policydb/
  users.json
  pools.json

Networking

Port Component Direction Purpose
8445 Director Inbound HTTPS API + admin UI. Accepts connections from agents, launchers, and admin browsers.
8446 Agent Inbound mTLS API for director session operations. Accepts connections from the director only.

Firewall

# Director
sudo firewall-cmd --add-port=8445/tcp --permanent
sudo firewall-cmd --reload

# Agent (if on a different subnet from the director)
sudo firewall-cmd --add-port=8446/tcp --permanent
sudo firewall-cmd --reload

When deploying agents and director on the same internal network, port 8446 can be restricted to the director's IP:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<director-ip>" port port="8446" protocol="tcp" accept'

Configure DCV Server for Auth

Each DCV server needs to trust the director's CA and use the director as the auth token verifier.

Extract the CA certificate from the director:

openssl s_client -connect director.mydomain.com:8445 2>/dev/null \
  | openssl x509 > /etc/dcv/dcvix-ca.pem

Add to /etc/dcv.conf:

[security]
ca-file="/etc/dcv/dcvix-ca.pem"
no-tls-strict = true
auth-token-verifier="https://director.mydomain.com:8445/v1/user/authtokenverify"

This enables DCV sessions to validate auth tokens issued by the director.

Data Directory Contents

Director: /var/lib/dcvix-director/

File Purpose Managed by
ca.key CA private key (0600) Auto-generated on first startup
ca.pem CA certificate Auto-generated on first startup
server.key Server private key (0600) Auto-generated with CA
server.crt Server certificate (CN/SAN from hostname -f) Auto-generated with CA
agents.db Agent registration database (SQLite) Created on first startup

Agent: /var/lib/dcvix-agent/

File Purpose Managed by
agent.key Ed25519 private key (0600) Auto-generated on first startup
agent.guid UUIDv4 agent identity Auto-generated on first startup
agent.crt Signed certificate Received from director on registration
ca.pem CA certificate Received from director on registration

Backups

For disaster recovery, back up these directories on the director:

  • /var/lib/dcvix-director/ - CA keys and agent database (critical)
  • /etc/dcvix-director/dcvix-director.conf - configuration
  • /etc/dcvix-director/policydb/ - user and pool policies

Without the CA key backup, a director recovery requires all agents to re-register. Without token_key in the config, all user sessions become invalid on restart.

Building from Source

See Installation > Build from Source for build requirements and commands.