2.2. Configuring Boro VoD Solution

Note

Sections of this chapter are the instructions for the configuration of the Boro VoD Solution application after it has been successfully installed and launched. Thus, instructions are applied to the operating server if it has not been separately negotiated.

2.2.1. Changing the Server Name (Hostname)

To change the server name that was set in the SERVER_PUBLIC_NAME variable, once Boro VoD Solution is installed you need to follow the steps below:

  • Request from the Elecard technical support engineer a new certificate for a new name or an IP address of the server;

  • Log-in as the server administrator (the Superadmin role), upload the received certificates in SettingsAdmin panelCertificates tab;

  • If needed, update the Host name in the SettingsAdmin panelGeneral;

  • In the console of the Boro VoD Solution server run the following command from the superuser:

    NEW_SERVER_PUBLIC_NAME="local_BoroVoDServer_ip_or_hostname"        #set new IP address or hostname of the BoroVoDServer
sed -i "s#client_api_base_url: .*#client_api_base_url: \"https://${NEW_SERVER_PUBLIC_NAME}:8444\"#;
        s#turn:turn:[^:]*:3478#turn:turn:${NEW_SERVER_PUBLIC_NAME}:3478#" \
        /opt/elecard/boro_vod/Rails/config/.env.yml
systemctl reload boro_vod_puma.default
if [ -e /etc/coturn/turnserver.conf ]; then
  sed -i "s/^realm=.*/realm=${NEW_SERVER_PUBLIC_NAME}/" /etc/coturn/turnserver.conf
  systemctl restart coturn
fi
find /opt/elecard/boro_vod/Rails/tmp/archive/ -type f -name 'Boro.proj*.zip' -delete

    Specify a new hostname instead of local_BoroVoDServer_ip_or_hostname. This will change a server address in the probe configuration file and a STUN/TURN server address.

  • Previously downloaded probes will not be able to connect the server. To resume its operation, update the server value in the monitor.cfg file. After editing the probe configuration, run the probe to check whether the probe is displayed in web interface of the Solution server.

2.2.2. Changing the Location of the Database Files

To change the folder of storing the database files, run the following command from the superuser:

# Step #0: setup environment:
NEW_DB_LOCATION="/PATH/TO/NEW/DB/LOCATION"        # set path to new location of DB files

# Step #1: check available space:
CUR_DB_DIR=$(realpath /var/lib/pgsql);
NEW_DB_LOCATION="$NEW_DB_LOCATION/pgsql";
mkdir -p "$NEW_DB_LOCATION";
if [ "$(findmnt -o TARGET -nT "$CUR_DB_DIR")" != "$(findmnt -o TARGET -nT "$NEW_DB_LOCATION")" ]; then
  DB_SIZE=$(du -s -B1M "$CUR_DB_DIR" | cut -f1)
  TARGET_FS_AVAIL=$(df -B1M --output=avail "$NEW_DB_LOCATION" | tail -1)
  if [ "$DB_SIZE" -gt "$TARGET_FS_AVAIL" ]; then
    echo "No sufficient space on destination FS:"
    printf "%22s - %9d MB\n" \
      "DB size" "$DB_SIZE" "target FS available" "$TARGET_FS_AVAIL"
  fi
fi

# Step #2: stop PostgreSQL:
PG_VER=$(psql -V | sed 's/psql (PostgreSQL) \([0-9]\+\)\.[0-9]\+.*/\1/');
systemctl stop postgresql-${PG_VER}.service;

# Step #3: move files:
echo "Start copying: \"$CUR_DB_DIR\" -> \"$NEW_DB_LOCATION\" ...";
time mv -Tf "$CUR_DB_DIR" "$NEW_DB_LOCATION";

# Step #4: update link and SELinux rules:
ln -Tfs "$NEW_DB_LOCATION" /var/lib/pgsql;
semanage fcontext --add --equal /var/lib/pgsql "$NEW_DB_LOCATION";
restorecon -R "$NEW_DB_LOCATION";

# Step #5: restore services:
systemctl restart postgresql-${PG_VER}.service \
  boro_vod_sidekiq.default boro_vod_puma.{web_api,default} \
  boro_vod_golang.{worker,server};

# Step #6: check Solution status:
/opt/elecard/boro_vod/bin/status.sh

Notes

  • Specify a new folder for storing database files instead of /PATH/TO/NEW/DB/LOCATION. Additional subdirectory pgsql will be created in the destination directory;

  • Due to the dangerous nature of the operations, execute the script gradually, piece by piece, checking errors on each step;

  • Moving files may take some time depending on the DB size and the speed of the storage device;

  • After finishing, check the Boro VoD Solution Web interface.

2.2.3. Establishing Access to the Web Interface Over HTTPS

To configure access to the Web interface over secure protocol, you need to go through steps below as superuser:

  • Add a rule to Firewall:

    firewall-cmd --state && (firewall-cmd --permanent --add-service=https; firewall-cmd --reload);

  • Then you need to configure paths used for a certificate and key that should be used for establishing HTTPS connection. For this, you need go to the /etc/nginx/sites-available/boro_vod.https.conf file and specify paths used for a certificate ssl_certificate and key ssl_certificate_key. Recommended examples of storing path are given in the boro_vod.https.conf file. However, if you want to use custom paths, you need to consider the following restrictions:

    • the files should have the same SELinux security context httpd_config_t,

    • the files shouldn’t be located in the home directory of any user.

  • To add a configuration file with using the HTTPS port in Nginx specify the following command:

    ln -fs ../sites-available/boro_vod.https.conf /etc/nginx/sites-enabled/boro_vod.https.conf

  • To check the configuration and restart Nginx:

    nginx -t && (restorecon /var/run/nginx.pid; systemctl restart nginx)

Example using the Certbot utility

Below is a description of how to generate an HTTPS certificate using the Certbot utility. This method is suitable for establishing HTTPS access during testing of the Boro VoD Solution.

Run the following command from the superuser:

# the command will add the rule to Firewall:
firewall-cmd --state && (firewall-cmd --permanent --add-service=https; firewall-cmd --reload);
# the command will install EPEL (Extra Packages for Enterprise Linux) repository:
dnf install epel-release -y
# the command will install Certbot util and its module for Nginx:
dnf install -y certbot python3-certbot-nginx
# The command will start the HTTPS certificate generation process. Follow the instructions in the terminal:
certbot --nginx -d <domain name>

  • Replace <domain name> with an existing registered domain name;

  • Upon completion of Certbot:

    • Specifies the path to the certificate and key,

    • Indicates the certificate’s validity date,

    • Write the paths to the certificate and key to the /etc/nginx/sites-available/boro_vod.http.conf file.

  • Go to the /etc/nginx/sites-available/boro_vod.http.conf file;

  • Comment out the first line containing include sites-include/boro_vod.conf; using #;

  • Save changes;

  • Check the configuration and restart Nginx:

nginx -t && (restorecon /var/run/nginx.pid; systemctl restart nginx)

2.2.4. Enabling ControlAPI in Nginx

By default, access to API is prohibited for all IP addresses in the Nginx settings. To configure access, you need to edit the /etc/nginx/sites-include/boro_vod.conf file on the Boro VoD Solution server from the superuser. Find the following block:

location /ctrl_api {
#    allow 10.1.1.0/16;
#    allow 2001:0db8::/32;
    deny all;
    try_files /dev/null @default;
}

  • To provide the access, uncomment the allow string and specify the IP address or a pool of IP address. You can specify a list of rules by giving multiple allow directives on a new line.

  • To allow access for all IP addresses, comment the string deny all in the following manner:

    #    deny all;

To check the configuration and apply changes, restart nginx by entering the following command:

nginx -t && (restorecon /var/run/nginx.pid; systemctl restart nginx)

In case errors occur, fix them and try to reapply a new configuration.

Hint

For more information on configuring access for IP addresses in Nginx, please follow this link.

2.2.5. Changing the Statistics Storing Period

By default, data storing period is 14 days. This means you can get access to the history (journals, graphics, reports) for previously completed tasks. Statistics is rotated during daily data cleanup, as a result data older than the specified storing period is cleaned.

To change a storing period, go to the /opt/elecard/boro_vod/Rails/config/.env.yml file and add the following strings TBD:

db:
  keep_rotation_tables_days: xx

Instead of xx, specify a storing period (in days). Then apply changes:

systemctl restart boro_vod_sidekiq.default

2.2.6. Resetting the Administrator Password

To change a compromised password, you should go to SettingsAdmin panelUsers tab. Find the user admin@admin.com, switch to the Edit settings tab and set the new password.

If you have forgotten the password, the only solution is to reset it. Go to the server where the Boro VoD Solution is installed, open the console and execute the following script as superuser. Instead of the USER_PASSWORD variable, set the new password value:

USER_EMAIL='admin@admin.com'
USER_PASSWORD='adm1n678'

su boro -c "
  cd /opt/elecard/boro_vod/Rails;
  source setup_env.sh;
  bin/rails r \"
    u = User.find_by!(email: '$USER_EMAIL');
    u.password = '$USER_PASSWORD';
    u.save(validate: false)
  \"
"

2.2.7. Manual installation of HASP drivers

When installing Boro VoD Solution software, the HASP driver installation feature is disabled by default. If you need to install the HASP drivers after Boro has been installed, run the commands below from the superuser:

  1. Navigate to the temporary directory containing the unzipped installation archive:

    cd $TMP_DIR/packs

    If the temporary directory has already been deleted, unzip the archive with the Boro VoD Solution application as specified in step 2 of the Installing the Server section. You should not run the installation script again!

  2. Install HASP security drivers:

    rpm -ivh aksusbd.x86_64.rpm

  3. Restart all Boro VoD Solution services:

    systemctl restart boro_vod*