Configuration files
Configuration-as-Code
Configuration-as-Code is an industry best practice that promotes storing of application configuration as code within the source code repository. Configuration-as-Code is an important prerequisite to have reproducible and auditable configurations. It also makes configurations testable and easier to reuse.
This is especially important with distributed systems. Maintaining multiple services across a network of distributed systems, and keeping all their settings and configurations in sync is very hard to achieve when you have to manually configure everything by clicking through UI configuration screens.
It is therefore recommended to add the Deephaven configuration files to a version control system (VCS) such as Git. This allows updates to configuration files to be tested in a separate environment before deploying any configuration changes to your production Deephaven hosts.
Deephaven configuration files
The Deephaven configuration files are installed on the Deephaven server in several subdirectories under:
/etc/sysconfig/deephaven/
SymLinks
/etc/sysconfig/illumon -> /etc/sysconfig/illumon.confs/illumon.iris.hostconfig
/etc/sysconfig/illumon.confs -> /etc/sysconfig/deephaven/illumon.confs.latest
/etc/sysconfig/illumon.d -> /etc/sysconfig/deephaven/illumon.d.latest
M/Monit configurations
/etc/sysconfig/illumon.d/monit/*.conf
Cron configuration
/etc/cron.d/illumonRestart.cron
Deephaven process configurations
/etc/sysconfig/illumon.d/resources/*.prop
Authentication configurations
/etc/sysconfig/illumon.d/auth/*
/etc/sysconfig/illumon.d/trust/*
Schema configurations
/etc/sysconfig/illumon.d/schema/*/*.schema
Editing configuration / properties files
Deephaven can be customized by editing the configuration files. Property files (.prop) are plain text and can be edited with any local text editor such as vi or emacs. When a configuration file is changed, the affected Deephaven processes need to be restarted.
Property files are stored in etcd.
- Export the property file from etcd.
- Edit the text file locally.
- Import the edited file into etcd.
Edit iris-endpoints.prop
/usr/illumon/latest/bin/dhconfig properties export --directory /tmp iris-endpoints.prop
vi /tmp/iris-endpoints.prop
sudo -u irisadmin /usr/illumon/latest/bin/dhconfig properties import /tmp/iris-endpoints.prop
Edit iris-environment.prop
/usr/illumon/latest/bin/dhconfig properties export --directory /tmp iris-environment.prop
vi /tmp/iris-environment.prop
sudo -u irisadmin /usr/illumon/latest/bin/dhconfig properties import /tmp/iris-environment.prop
Truststore configuration file permissions
The truststore files are located in:
/etc/sysconfig/illumon.d/trust/
File owner and group should match the following table:
| Auth File Name | Owner | Group | Permissions |
|---|---|---|---|
truststore-iris.p12 | irisadmin | irisadmin | -r--r--r-- |
truststore-iris.pem | irisadmin | irisadmin | -r--r--r-- |
Keystore and authentication configuration file permissions
The authentication configuration files require more restrictive permissions.
These files are located in:
/etc/sysconfig/illumon.d/auth/
File owner and group should match the following table:
| Auth File Name | Owner | Group | Permissions |
|---|---|---|---|
keystore.authserver.p12 | irisadmin | irisadmin | -r-------- |
keystore.configuration_server.p12 | irisadmin | irisadmin | -r-------- |
webServices-keystore.p12 | irisadmin | irisadmin | -r-------- |
priv-iris.base64.txt | irisadmin | irisadmin | -r-------- |
priv-merge.base64.txt | dbmerge | dbmerge | -r-------- |
priv-superuser.base64.txt | irisadmin | irisadmin | -r-------- |