CSSCurrent en:Appliance Configuration Scripts

Aus Cryptshare Documentation
Version vom 9. Mai 2023, 07:15 Uhr von imported>Hartwigr (Removed localhost hint for SMTP-Host setting)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche



General

For Cryptshare Appliances a set of scripts exists allowing easier configuration of particular tasks which need to be done on operating system side. The table below lists available scripts and their purpose:

Script Purpose Details
setupApplianceScripts.sh Main configuration script. Downloads available scripts, sets execution flags and configures the patch notification script.
setupCronJobs Setting up of the patch notification CronJob. Script for scheduling the time when the Cryptshare appliance notifies an administrator about available system patches.
​attachHDD.sh Configuring and attaching a new hard disk. This is usually necessary when a virtual appliance is used and the available disk space needs to be extended.
determinePatchState.sh Script checking for available patches. This script is executed on a daily basis, configured by the setup script 'setupCronJobs'. It checks the system for available patches.

If patches are available, the administrator is informed via email and the installation of the patches is scheduled with a certain delay afterwards.

sendnotification.sh EMail dispatch script. This script is necessary for sending the patch notification to the administrator.

Main Setup

The appliance configuration scripts can be either set up automatically or manually.

Automatic Setup

When a Cryptshare update is installed on an appliance, the appliance configuration scripts are set up automatically using the administrator system notification email and the default mail server sender email settings configured in the administration interface. The script setup execution is logged in the file `cryptshare_updater.log`. Afterwards, the appliance configuration scripts can be found in the `appliance` folder in the Cryptshare Server installation directory.

After administrator system notification email or default mail server sender email settings have been changed the appliance configuration scripts are set up again during the next server restart.

Manual Setup

When not using the automatic setup, please follow these instructions in order to make sure that all scripts are available and can be executed without errors.

  1. Login to the linux console of your Cryptshare Appliance.
  2. Change to the directory /opt/cryptshare-3/appliance. If the directory does not exist please create it by following command:
mkdir /opt/cryptshare-3/appliance
  1. Download the main configuration script
wget https://update.cryptshare.com/cryptshare/scripts/cs-appliance/setupApplianceScripts.sh
  1. Add execution permissions to the script so it can be executed:
chmod +x setupApplianceScripts.sh
  1. Execute the script:
./setupApplianceScripts.sh [<sender-email> <recipient-email> [<relayHost>]]:

<sender>: The email address which shall be used for sending patch notifications.
<recipient>: The email address of the administrator(s) who need to receive the patch notifications.

<relayHost>: The mail server address used by Postfix to send patch notification emails to the administrators.

Reconfiguration

By changing one of the following settings in the administration interface, appliance scripts will also be updated after a restart in order to reflect the changes:

Changing the mail server / Relay Host

By default, Cryptshare on Appliances is configured to use the underlying Postifx Server as its mail server, whereas Postifx itself is configured to use the relay host which was specified when the Appliance was issued on the Cryptshare VM Build Service. If the mail server changes, Postfix needs to be reconfigured accordingly. There are two possibilities how this can be done:

  • Method 1: From within the Cryptshare Administration Interface (which will require two restarts of Cryptshare):
    • Go to the 'Mail Server Settings' in the Cryptshare Administration Interface.
    • Change the SMTP Host to the correct host address.
    • Restart Cryptshare.
    • Once more go to the Mail Server Settings and change back the SMTP Host setting to 'localhost'.
    • Restart Cryptshare.
This method works, because the configuration script will ignore the setting 'localhost' or '127.0.0.1' as relayhost parameter for Postfix in order to avoid invalid redirections.
  • Method 2: Directly from within a SSH console on the Appliance:
    • Open the SSH console to the Cryptshare Appliance, i.e. by using Putty.
    • Execute the following command:
postconf -e relayhost=<host-address>

Operating System Patches

Automated installation of patches 

The script setupCronJobs.sh will setup a CronJob (Scheduled Task) which is executed on a daily basis and is responsible for executing the following tasks:

  • Installation of operating system patches on a daily basis.
  • Notifying Cryptshare Aministrators about available patches.

The basic configuration can be done by just executing the script:

/opt/cryptshare-3/appliance/setupCronJobs.sh

This will setup the CronJob to be executed every day at 8am. If the time of execution shall be changed, an alternative execution time can be specified:

/opt/cryptshare-3/appliance/setupCronJobs.sh <hour> <minute> <delay>

<hour> : The hour when the CronJob is started. <minute> : The minute when the CronJob is started.

<delay>: Delay specifying how many hours after the notification, the patches will be installed.
Not all patches are installed automatically
Please note, that certain kinds of patches require a reboot of the system. These kinds of patches are not installed automatically and administrators are asked to do this manually. Please follow the steps below in order to install patches manually:
  1. Login to the linux console of your Cryptshare Appliance.
  2. Execute the following command
zypper up -t patch

Notification about available patches

The email notification about available patches is part of the setup for the automated installation of patches. Please follow the instructions of this chapter in order to perform the configuration.

Additional Scripts

Extending available disk space

Especially Virtual Appliances are only equipped with a minimal initial amount of disk space in order to keep the size of the virtual image as small as possible. This however is not the recommended setup for running Cryptshare as it usually requires a higher amount of disk space when used. After another hard disk was added to the appliance, the script attachHDD.sh can perform the configuration of the new disk so that it automatically becomes available for Cryptshare as an upload directory. Execute the following command to configure and attach the new disk:

/opt/cryptshare-3/appliance/attachHDD.sh