Ongoing tasks

Certain tasks may repeat during the lifetime of the system. These tasks may be due to a need to troubleshoot an issue, support new integration systems, or perform maintenance.

Check for newer system packages

Retrieve a list of system packages that can be upgraded using the following steps:

Prerequisites:

  • Console or SSH access to the instance.

  • sde_admin user credentials (included in the sde and sde_admin groups).

  • Outbound HTTPS access to anvil.sdelements.com.

Steps:

  1. Access the SD Elements server as a user with superuser privileges.

  2. Run the following command:

    sudo yum check-update

The process returns a list of all package updates.

Update system packages

Update system packages to their latest available version.

Prerequisites:

  • Console or SSH access to the instance.

  • sde_admin user credentials (included in the sde and sde_admin groups).

  • Outbound HTTPS access to anvil.sdelements.com.

Steps:

  1. Access the SD Elements server as a user with superuser privileges.

  2. Run the following command:

    sudo yum update

Confirm that the update should proceed by pressing the 'y' key. The process may take a few minutes. The system packages are then updated to the latest version.

Apply custom system configuration

System configuration is managed through /etc/sde/custom.yaml settings. Apply these settings by following the steps below.

Configuration and customization changes performed without corresponding changes in custom.yaml can and most likely will be overwritten unless explicitly excluded in the aforementioned custom.yaml file.
Prerequisites:

  • Console or SSH access to the instance.

  • sde_admin user credentials (included in the sde and sde_admin groups).

Steps:

  1. Access the SD Elements server console as a member of the sde_admin group.

  2. Update the file /etc/sde/custom.yaml with the desired changes. The list of supported options for the installed release can be found in /etc/sde/custom.yaml.example on the system or a generic list of options are listed in section System configuration options.

  3. Run:

    sudo sde reprovision --offline-mode

The process may take a few minutes. The system will be reconfigured according to the custom.yaml file.

Use a trusted certificate to access SD Elements with a browser

An on-site deployment ships with a self-signed certificate. Change the SSL certificate to one that is trusted by clients to access web applications whose certificates are trusted by their browser.

Prerequisites:

  • SSH credentials for sde_admin.

  • TLS/SSL Certificate Authority (CA) certificate file in PEM format.

  • The certificate .crt file (includes the host certificate), and any intermediate or root certificates.

  • The new private key file.

Steps:

  1. Upload the new private key to /etc/pki/tls/private/.

  2. Upload the .crt file to /etc/pki/tls/certs/.

  3. Access the SD Elements server SSH console as sde_admin.

  4. Edit /etc/sde/custom.yaml to reference the new key and .crt file so that the following lines are uncommented, and the files reference the new key and certificate, respectively:

    role::sdelements_server::ssl_key: '/etc/pki/tls/private/new_private_key.key'
role::sdelements_server::ssl_cert: '/etc/pki/tls/certs/new_trusted_certificate.crt'

  5. Run the following command:

    sudo sde reprovision --offline-mode
sudo sde nginx restart

You can now connect to SD Elements with a web browser to confirm that the certificate in use is correct.

Trusting third party integration TLS/SSL certificates

Follow the steps below to configure the system for a new TLS/SSL certificate.

Prerequisites:

  • sde_admin user credentials (included in the sde and sde_admin groups).

  • TLS/SSL Certificate Authority (CA) certificate file in PEM format.

Steps:

  1. Create a folder called /etc/sde/custom_ca_certs:

    mkdir /etc/sde/custom_ca_certs.

  2. Set appropriate permissions:

    sudo chmod 755 /etc/sde/custom_ca_certs

  3. Place any custom certificate files in the new folder and ensure these have the appropriate permissions, where certificate.crt is the certificate file:

    sudo chmod 644 /etc/sde/custom_ca_certs/certificate.crt

  4. Ensure that the option role::server::custom_ca_certs in /etc/sde/custom.yaml is active and configured for the location of the certificate, if that location is not /etc/sde/custom_ca_certs.

  5. Run the following commands:

    sudo sde reprovision --offline-mode
sudo sde supervisor restart all

The system trust store will be updated to include the certificate. All SD Elements Integrations will now include the new Certificate Authority when validating TLS and SSL secured connections.

Verify a TLS/SSL certificate is trusted

Check that a TLS/SSL certificate is trusted using the steps below.

Prerequisites:

  • Console or SSH access to the instance.

  • SSH credentials for a valid user on the system.

  • Fully qualified hostname and port (usually 443) for the target server.

Steps:

  1. Access the SD Elements server SSH console.

  2. Verify the system’s configuration by checking that it has been successfully configured to trust a remote certificate signed by Custom Certificate Authority. Use the steps below:

    • If you have direct access to hostname:port, run:

      openssl s_client -connect hostname:port

    • If you rely on a proxy to access the hostname from the SD Elements Server, run:

      curl https://hostname:port/

  3. Verify the application’s configuration by checking that it is set up correctly for a new certificate. Use the steps below:

    • Log in to the SD Elements web application.

    • Open an Issue Tracker connector configured for hostname:port and click "Test Connection".

The new certificate is now verified.

Examine logs

To diagnose application issues follow the steps below to access the application logs:

Prerequisites:

  • Console or SSH access to the instance.

  • sde_admin user credentials (included in the sde and sde_admin groups).

Steps:

  1. Access the SD Elements server SSH console.

  2. Change to the logs directory:

    cd /docs/sde/log/

  3. Examine the log files

    • Use the tail command to watch logs as they occur:

      tail -f /docs/sde/log/sdlc.log

    • Search for certain TEXT in logs by using grep:

      grep -i TEXT /docs/sde/log/apache_error_sde_VERSION.log

Refer to Log files for details on which log file to examine.

When sharing details with SD Elements Support, use tail -100 logfile to collect context about an unexpected event. This command returns the last 100 lines from logfile.

Remove older application releases

The system retains older application releases and their data after an upgrade. To keep only recent releases and delete the others follow the steps below.

Prerequisites:

  • SSH credentials for sde_admin.

  • The number of recent releases to keep.

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. To keep the two most recent releases, for example, run:

    sudo sde manage_releases keep 2

All but the two most recent releases are kept on the server. Older releases and their data are deleted.

Open the application shell

The application shell provides low-level access to the data elements and functionality using a custom script. Open the shell using the steps below.

Prerequisites:

  • SSH credentials for sde_admin.

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. On the command line, run sde manage_django shell_plus. A Django shell opens with direct access to the application.

  3. Type the script into the console and press <enter> after each statement.

  4. Push Ctrl+D or type quit() to stop the shell.

All changes made in the shell are permanent.

Confirm the version for the integration components

Follow the steps below to output the version of the integration components sdetools.

Prerequisites:

  1. SSH credentials for sde_admin.

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. On the command line, run the following command:

    sde pip live freeze | grep sdetools

The version of sdetools is printed to the console.

Activate a different application release

Prior releases are kept on the server after an upgrade. During testing, it may need to revert to an earlier release. To switch to a different application release of SD Elements, follow the steps below.

Prerequisites:

  • Console or SSH access to the instance.

  • sde_admin user credentials (included in the sde and sde_admin groups).

  • The fully qualified application release name. For example, "4.12.13".

  • The application release is installed on the server.

Steps:

  1. Access the SD Elements server as a user with superuser privileges.

  2. On the command line, run the following command:

    sudo sde activate_release --release 4.12.13

The current release of SD Elements and its data are left intact on the server. The active release of SD Elements is changed to the selected version and the server is reprovisioned. The application data contains the information stored when the selected release was last used.

Turn on maintenance mode

Pause the application and inform users that it is temporarily unavailable with the steps below.

Prerequisites:

  • SSH credentials for sde_admin.

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. On the command line, run the following command:

    sde maintenance on

Users are greeted with a web page stating the application is offline. All HTTP responses are sent with error 503.

maintenance page

Turn off maintenance mode

Resume the application for users using the steps below.

Prerequisites:

  • SSH credentials for sde_admin.

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. On the command line, run the following command:

    sde maintenance off

The application is back to normal operation.

Reset the password of an application user

To reset the password of a web application user, follow the steps below.

Prerequisites:

  • SSH credentials for sde_admin or sudo access.

  • User email address. For example: user@example.com

Steps:

  1. Access the SD Elements server SSH console as sde_admin.

  2. On the command line, run the following command:

    sde manage_django changepassword user@example.com

  3. Enter the new password when prompted.

The password is reset.

Grant super user access to an application user

Access to SD Elements application data and settings is generally controlled by the in-app Global and Project roles, as well as group and business unit membership. However, there are certain capabilities that are reserved to a special class of user, a Superuser.

By default every organization has a single Superuser. The Superuser has full application access, including the ability to modify the following items:

  • Countermeasure Statuses

  • Domain Settings

  • Single Sign-On settings

  • Custom Application and Project Attributes

The default super user is "support@sdelements.com". To grant superuser access to an application user, such as "admin@example.com", follow the steps below:

Prerequisites:

  • SSH credentials for sde_admin or sudo access.

Steps:

  1. Open the application shell.

  2. Type the following in your shell and replace the example email address with the one you wish to affect in your instance:

    from users.models import User
u = User.objects.get(username="admin@example.com")
u.is_superuser = True
u.save()
quit()

The user "admin@example.com" is given superuser access. Additional menu options and capabilities are now available for the user.

To disable superuser access change u.is_superuser = True to u.is_superuser = False in the above script.

results matching ""

    No results matching ""