Pycore.ini File in DSG
This page discusses about the pycore.ini file for DSG.
Accessing the pycore.ini File
- Login to the DSG Web UI.
- Navigate to Settings > System > Files.
- Open the pycore.ini file.
Sample pycore.ini file
The following represents a sample pycore.ini file.
###############################################################################
# Resilient Package Sync Config
# -----------------------------
# Protector configuration
# -----------------------------
[protector]
# Cadence determines how often the protector connects with ESA / proxy to fetch the policy updates in background.
# Default is 60 seconds. So by default, every 60 seconds protector tries to fetch the policy updates.
# If the cadence is set to "0", then the protector will get the policy only once.
#
# Default 60.
cadence = 60
###############################################################################
[sync]
# Protocol to use when communicating with the service providing Resilient Packages.
# Use 'https' for ESA or 'shmem' for local shared memory.
protocol = https
# Host/IP to the service providing Resilient Packages
host = <hostname>
# Path to CA certificate
ca = /mnt/ramdisk/certificates/mng/CA.pem
# Path to client certificate
cert = /mnt/ramdisk/certificates/mng/client.pem
# Path to client certificate key
key = /mnt/ramdisk/certificates/mng/client.key
# Path to a secret file that is used to decrypt the client certificate key.
# When using a custom certificate bundle, the 'secretcommand' can instead be
# used to execute an external command that obtains the secret.
#secretfile = REPLACE_SYNC_SECRET_FILE
###############################################################################
# Log Provider Config
###############################################################################
[log]
# In case that connection to fluent-bit is lost, set how audits/logs are handled
#
# drop : (default) Protector throws logs away if connection to the fluentbit is lost
# error : Protector returns error without protecting/unprotecting
# data if connection to the fluentbit is lost
mode = drop
# Host/IP to fluent-bit where audits/logs will be forwarded from the protector
#
# Default localhost
host = localhost
port = 15780
The following table helps you to understand the usage of the parameters listed in the pycore.ini configuration file for DSG.
Important: It is recommended that only the parameters listed in the following table are edited as per your requirement.
| Section | Parameter Name | Description |
|---|---|---|
| Protector | cadence | Specifies the time interval at which the protector synchronizes with the shared memory for fetching the policy package. The default value for the cadence parameter is 60 seconds. The minimum and maximum values that can be set for the cadence parameter are 0 seconds and 86400 seconds (24 hours) respectively. Important: If the cadence parameter value is set to 0 seconds, then the policy is fetched only once at the time of initialization. After initialization, the protector does not fetch for the new policy changes as a result of immutable deployment. Syntax: Parameter = Value Example: cadence = <time interval in seconds> |
| protocol | Protocol to communicate with the service providing Resilient Packages. | |
| host | Hostname of the DSG node. | |
| ca | Path to CA certificate for secure communication. | |
| cert | Path to client certificate for secure communication. | |
| key | Path to client certificate key for secure communication. | |
| Logging configuration | mode | Set how the logs must be handled in a situation where the connection to the Log Forwarder in the protector is lost. Important: The default value is drop.
|
| host | Set the host IP of the Log Forwarder, generally localhost, where the protector will send the logs. | |
| port | Set the port number of the Log Forwarder to where the protector will send the logs. |
Feedback
Was this page helpful?