The configuration for the smart-proxy is held in the *config/settings.yml* file.
h2. YAML start
The first non-comment line of this file must be three dashes.
h2. SSL configuration
The existence of all the three ssl key entries below enables the use of an SSL connections.
NOTE that both client certificates need to be signed by the same CA, which must be in the *ssl_ca_file*, in order for this to work
see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information
This is the list of hosts from which the smart proxy will accept connections. If this list is empty then every verified SSL connection is allowed to access the API.
h2. Instance attributes
If this entry is present and not false then the smart-proxy will attempt to disconnect itself from the controlling terminal and daemonize itself.
The port listened to by the proxy. If this is not present then the default Sinatra port of 4567 is used.
h2. TFTP section
Activate the TFTP management module within the smart-proxy instance.
The *tftproot* value is directory into which tftp files are copied and then served from. served. The tftp daemon will also be expected to chroot to this location. This component is only supported in the Unix environment
h2. DNS section
Activate the DNS management module within the smart-proxy instance.
The DNS module can manipulate any DNS server that complies with the ISC Dynamic DNS Update standard and can therefore be used to manage both Microsoft and Bind servers.
The *dns_key* is used to validate the client request. If it is not present then the update operation is performed without peer verification, (not recommended.)
The *dns_server* option is used if the smart-proxy is not located on the same physical host as the DNS server. If it is not specified then localhost is presumed.
h2. DHCP section
Activate the DHCP management module within the smart-proxy instance.
<pre> # Enable DHCP management
If the DHCP server is ISC compliant then set *dhcp_vendor* to *isc*. In this case the smart-proxy must run on the same host as the DHCP server.
If the proxy is managing a Microsoft DHCP server then set *dhcp_vendor* to *native_ms*. # The smart-proxy must then be run on an NT server so as to access the Microsoft native tools, though it does not have to be the same machine as the DHCP server. More details vendor can be found at [[foreman architecture]]. either isc or native_ms
The DHCP component needs access to the DHCP configuration file as well as the currently allocated leases. The section below shows these values # Settings for a RedHat client. In the case of a smart-proxy hosted on an Ubuntu machine then these values would be more appropriate: */etc/dhcp3/dhcpd.conf* and */var/lib/dhcp3/dhcpd.leases* ISC
<pre> #:dhcp_config: /etc/dhcp3/dhcpd.conf
# Settings for Redhat ISC
h2. Puppet Certificate Authority section
Activate the Puppet CA # enable PuppetCA management module within the smart-proxy instance.
This should only be enabled in the smart-proxy that is hosted on the machine responsible for providing certificates to your puppet clients. You would expect to see a directory */var/lib/puppet/ssl/ca* on such a host.
:puppetca: #:puppetca: true
h2. # enable Puppet section
Activate the puppet management module within the smart-proxy instance.
This should only be enabled in the smart-proxy that is hosted on the machine capable of executing *puppetrun*. This will be a puppetmaster.
:puppet: #:puppet: true
The proxy's output is captured to the the *log_file* and may be filtered via the usual unix syslog levels: *Logger::WARN*, *Logger::DEBUG*, *Logger::Error*, *Logger::Fatal*, *Logger:INFO*, *LOGGER::UNKNOWN*
<pre> # Where our proxy log files are stored
# filename or STDOUT
:log_level: # valid options are
# Logger::WARN, Logger::DEBUG, Logger::Error, Logger::Fatal, Logger:INFO, LOGGER::UNKNOWN