Follow

Customization SD Elements OSD using the YAML File

Please note that in the new structure, some of the setting files (e.g. postfix configuration) are handled by puppet. If you make any changes to those files, the changes will be overwritten.

To set the values, there is a YAML configuration file located in /etc/sde/custom.yaml that you need to modify. After any changes, you need to invoke puppet by running,

sudo /docs/sde/live/code/bin/reapply_settings

or for 4.x

sudo sde reprovision

The file is a standard yaml file and almost every aspect of the SDE and system can be modified. Here is an example of the yaml file that we have put together:

---

# Configure timeservers
ntp::restrict: - 127.0.0.1 ntp::autoupdate: false ntp::enable: true ntp::servers: - 0.us.pool.ntp.org iburst - 1.us.pool.ntp.org iburst - 2.us.pool.ntp.org iburst - 3.us.pool.ntp.org iburst
# Set TLS/SSL Keys #role::sdelements_server::ssl_key: '/etc/apache2/ssl/apache.key' #role::sdelements_server::ssl_cert: '/etc/apache2/ssl/apache.crt' #role::sdelements_server::admin_email: support@sdelements.com
# Configure SSH daemon sshd::permit_root_login: 'no' #sshd::password_authentication: 'no' #sshd::kerberos_authentication: 'no' #sshd::gssapi_authentication: 'no' #sshd::agent_forwarding: 'no' #sshd::tcp_forwarding: 'no'
# Set config for updater profile::sde_instance::instance_upgrade_user: <username> profile::sde_instance::instance_upgrade_password: <supersecret> profile::sde_instance::instance_upgrade_url: https://update.sdelements.com/sde/prod
# Set webserver settings sde::instance::sde_admin_apache_vhost_port: 8099 sde::instance::ssl_protocols: TLSv1, TLSv1.1, TLSv1.2 sde::instance::ssl_ciphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256

#postfix::server::relayhost: mail.example.com
## Add two cron jobs to crontab
#cron::crontab::jobs:
#  first_job:
#    command:  '/bin/echo "This is run as root every 12 hours"'
#    hour:     '*/12'
#  second_job:
#    command:  '/bin/echo "This is run as puppet every 12 hours"'
#    hour:     '*/12'
#    user:     'puppet'

# Add job to /etc/cron.daily/
#cron::interval::jobs:
#  once_a_day:
#    command:  '/bin/echo "Today is $(/bin/date)"'
#    interval: 'daily'
#
# Manage DNS Servers and settings
#classes:
#  - '::resolv_conf'
#resolvconf::nameservers:
#  - '198.51.100.1'
#  - '198.51.100.2'
#resolvconf::searchpath:
#  - 'subdomain1.example.com'
#  - 'subdomain2.example.com'
#resolvconf::domain:
#  - 'example.com'

A client can easily add their own SSL certificates by uploading them on the box, then uncommenting the ssl lines, or by uncommenting the custom_ca_certs line and placing any custom certificates in the specified folder. Finally to apply the changes they will have to run:

sudo /docs/sde/live/code/bin/reapply_settings

 

For versions >=4.4 only:

# Specify a folder of custom CA certificates to be added to the system's trust store
# All certificate files in the folder should have the appropriate extensions
#role::server::custom_ca_certs: '/etc/sde/custom_ca_certs/'

Then, run the following command to apply the changes:

sudo sde reprovision

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments