Project

General

Profile

Actions
History

Settingsyml » History » Revision 3

« Previous | Revision 3/29 (diff) | Next »
Paul Kelly, 01/26/2011 10:32 AM

Settings

The configuration for the smart-proxy is held in the config/settings.yml file.

YAML start

The first non-comment line of this file must be three dashes.

---

SSL configuration

The existence of all the three ssl key entries below enables the use of an SSL connections.

NOTE that both client certificates need to be signed by the same CA, which must be in the ssl_ca_file, in order for this to work
see http://theforeman.org/projects/smart-proxy/wiki/SSL for more information

:ssl_certificate: ssl/certs/fqdn.pem
:ssl_ca_file: ssl/certs/ca.pem
:ssl_private_key: ssl/private_keys/fqdn.key

This is the list of hosts from which the smart proxy will accept connections. If this list is empty then every verified SSL connection is allowed to access the API.

:trusted_hosts:
- foreman.prod.domain
- foreman.dev.domain

Instance attributes

If this entry is present and not false then the smart-proxy will attempt to disconnect itself from the controlling terminal and daemonize itself.

:daemon: true

The port listened to by the proxy. If this is not present then the default Sinatra port of 4567 is used.

:port: 8443

TFTP section

Activate the TFTP management module within the smart-proxy instance.

The tftproot value is directory into which tftp files are copied and served. The tftp daemon will also be expected to chroot to this location. This component is only supported in the Unix environment

:tftp: true
:tftproot: /tmp/tftpboot

DNS section

Activate the DNS management module within the smart-proxy instance.

The DNS module can manipulate any DNS server that complies with the ISC Dynamic DNS Update standard and can therefore be used to manage both Microsoft and Bind servers.

The dns_key is used to validate the client request. If it is not present then the update operation is performed without peer verification, (not recommended.)
The dns_server option is used if the smart-proxy is not located on the same physical host as the DNS server. If it is not specified then localhost is presumed.

:dns: true
:dns_key: /home/proxy/keys/Kapi.+157+47848.private
:dns_server: dnsserver.site.domain.com

DHCP section

Activate the DHCP management module within the smart-proxy instance.

  1. Enable DHCP management
    :dhcp: true
  2. The vendor can be either isc or native_ms
    :dhcp_vendor: isc
  3. Settings for Ubuntu ISC
    #:dhcp_config: /etc/dhcp3/dhcpd.conf
    #:dhcp_leases: /var/lib/dhcp3/dhcpd.leases
  4. Settings for Redhat ISC
    :dhcp_config: etc/dhcpd.conf
    :dhcp_leases: etc/dhcpd.leases

Puppet Certificate Authority section

  1. enable PuppetCA management
    #:puppetca: true
  1. enable Puppet management
    #:puppet: true
  1. Where our proxy log files are stored
  2. filename or STDOUT
    :log_file: /tmp/proxy.log
  3. valid options are
  4. Logger::WARN, Logger::DEBUG, Logger::Error, Logger::Fatal, Logger:INFO, LOGGER::UNKNOWN
    #:log_level: Logger::DEBUG

Updated by Paul Kelly over 13 years ago · 3 revisions