temp

 {

  "_id": {

    "$oid": "6841e4b0fd270b2ab92d7eaa"

  },

  // 📌 [Auto-generated]

  // Description: Unique system identifier for internal use (MongoDB ObjectId).

  // Type: ObjectId (string)

  // Required: No (automatically handled)

  "vast_id": "21452",

  // 📌 [Required]

  // Description: Your unique request ID or reference number.

  // Type: string

  // Format: Numeric string (e.g., "21452")

  // Example: "21452"

  "env": "dev",

  // 📌 [Required]

  // Description: The environment where the VM will be deployed.

  // Type: string

  // Allowed values: "dev", "qa", "uat", "prod"

  // Example: "dev" for development, "prod" for production

  "ver": "0.2",

  // 📌 [Do Not Modify]

  // Description: Template version. Used by automation to ensure compatibility.

  // Type: string

  // Format: Semantic versioning (e.g., "0.2")

  // Required: Yes

  "date": "June 4 2025",

  // 📌 [Required]

  // Description: Date of this request/configuration.

  // Type: string

  // Format: "Month Day Year" (e.g., "June 4 2025")

  "rhel_ver": "9.5",

  // 📌 [Required]

  // Description: Version of Red Hat Enterprise Linux to install.

  // Type: string

  // Allowed: Valid RHEL versions (e.g., "8.6", "9.2", "9.5")

  // Example: "9.5"

  "vm_count": "1",

  // 📌 [Required]

  // Description: Number of virtual machines to provision.

  // Type: string (numeric string accepted for compatibility)

  // Format: "1", "2", "3", ...

  // Example: "1"

  "cpu_cores": "4",

  // 📌 [Required]

  // Description: Number of virtual CPU cores per VM.

  // Type: string (numeric)

  // Allowed values: "2", "4", "8", "16"

  // Example: "4"

  "memory": "32G",

  // 📌 [Required]

  // Description: RAM to allocate to each VM.

  // Type: string

  // Format: Number followed by "G" (e.g., "32G", "64G")

  // Example: "32G"

  "shell": "/bin/bash",

  // 📌 [Optional]

  // Description: Default shell for the user in the VM.

  // Type: string

  // Common values: "/bin/bash", "/bin/zsh"

  // Default: "/bin/bash"

  "timezone": "GMT",

  // 📌 [Optional]

  // Description: Timezone setting for the VM.

  // Type: string

  // Format: TZ database string (e.g., "GMT", "Asia/Kolkata", "UTC")

  // Example: "GMT"

  "email_notification_list": {

    "COMMENT": "This is a MANDATORY field and must contain at least one example email distribution list",

    // 📌 [For Reference Only – this key is a comment, not used in automation]

    "to": "vm-automation@example.com"

    // 📌 [Required]

    // Description: Email ID to receive VM deployment updates.

    // Type: string (email)

    // Format: valid email (e.g., team@example.com)

    // Example: "vm-automation@example.com"

  },

  "subscription_manager_register": {

    "org": "system_admin",

    // 📌 [Required]

    // Description: Red Hat Subscription Manager organization name.

    // Type: string

    // Example: "system_admin"

    "activationkey": "vm_automation_test"

    // 📌 [Required]

    // Description: Activation key to register with Red Hat.

    // Type: string

    // Example: "vm_automation_test"

  }

}

"server_details": {

  "servername": "VM-Automation-Test1",

  // 📌 Description: Name or hostname of the VM/server.

  // Type: string

  // Format: Alphanumeric with dashes/underscores. Avoid spaces.

  // Example: "VM-Automation-Test1"

  // Required: Yes

  "total_storage_size": "2.7T",

  // 📌 Description: Total disk capacity of the server.

  // Type: string

  // Format: Number + "T" for terabytes or "G" for gigabytes (e.g., "2.7T", "500G")

  // Required: Yes

  "ip_address": "10.25.5.5",

  // 📌 Description: IP address to assign to this VM/server.

  // Type: string (IPv4)

  // Format: "x.x.x.x" (e.g., "10.25.5.5")

  // Required: Yes

  "subnet": "255.255.255.0",

  // 📌 Description: Subnet mask associated with the IP.

  // Type: string (IPv4)

  // Example: "255.255.255.0"

  // Required: Yes

  "gateway": "10.25.58.1",

  // 📌 Description: Default gateway for outbound traffic.

  // Type: string (IPv4)

  // Required: Yes

  "vlan": "412"

  // 📌 Description: VLAN ID for the server’s network interface.

  // Type: string or integer

  // Format: Numeric only (e.g., "412")

  // Required: Yes

},

"motd": {

  "#etc#motd": "NOTICE - PROPRIETARY SYSTEM\r\n\r\nThis system is intended to be used solely by authorized users in the course of legitimate corporate business. Users are monitored to the extent necessary to properly administer the system, to identify unauthorized users or users operating beyond their proper authority, and to investigate improper access or use. BY accessing this system, you are consenting to this monitoring."

  // 📌 Description: Legal or informational "Message Of The Day" (MOTD) to display at login.

  // Type: string (multi-line)

  // Required: Optional but recommended for corporate systems.

},

"volume_groups": {

  "vgapps": {

    "vsize": "100G",

    // 📌 Description: Size of the "vgapps" volume group.

    // Type: string

    // Format: Number + "G" (e.g., "100G")

    // Required: Yes

    "fs_type": "xfs"

    // 📌 Description: Default filesystem for volumes in this group.

    // Type: string

    // Allowed: "xfs", "ext4", etc.

    // Required: Yes

  },

  "vgdb": {

    "vsize": "100G",

    "fs_type": "xfs"

  }

},

"logical_volumes": {

  "apps": {

    "lvapps": {

      "vgname": "vgapps",

      // 📌 Description: Name of the volume group this LV belongs to.

      // Type: string

      // Required: Yes

      "lvname": "lvapps",

      // 📌 Description: Logical volume name.

      // Type: string

      // Format: Alphanumeric with underscores/dashes

      // Required: Yes

      "lvsize": "20G",

      // 📌 Description: Size of the logical volume.

      // Type: string

      // Format: Number + "G"

      // Required: Yes

      "fs_type": "xfs",

      // 📌 Description: Filesystem to apply.

      // Type: string

      // Allowed: "xfs", "ext4"

      // Required: Yes

      "lv_mountpoint": "/applications"

      // 📌 Description: Mount point path in Linux filesystem.

      // Type: string (absolute path)

      // Example: "/applications"

      // Required: Yes

    },

    "lvlogging": {

      "vgname": "vgapps",

      "lvname": "lvlogging",

      "lvsize": "20G",

      "fs_type": "xfs",

      "lv_mountpoint": "/logging"

    }

  },

  "db": {

    "lvsystemdb": {

      "vgname": "vgdb",

      "lvname": "lvsystemdb",

      "lvsize": "20G",

      "fs_type": "xfs",

      "lv_mountpoint": "/systemdb"

    }

  }

},

"lvsdsdb1": {

  "vgname": "vgdb",

  "lvname": "lvsdsdb1",

  "lvsize": "16G",

  "fs_type": "xfs",

  "lv_mountpoint": "/sds_db1"

  // 📌 Additional standalone logical volume not under logical_volumes section.

  // Group: vgdb, Mounts at: /sds_db1

},

"lvsdsdb2": {

  "vgname": "vgdb",

  "lvname": "lvsdsdb2",

  "lvsize": "20G",

  "fs_type": "xfs",

  "lv_mountpoint": "/sds_db2"

},

"lvdbbackup": {

  "vgname": "vgdb",

  "lvname": "lvdbbackup",

  "lvsize": "25G",

  "fs_type": "xfs",

  "lv_mountpoint": "/db_backup"

}

"users_id": {

  // 📌 Description: List of Linux user accounts to be created on the VM, with their corresponding home directory paths.

  // Type: object (key-value)

  // Format: "username": "home_directory_path"

  // Note: Avoid duplicate usernames.

  "system_admin": "/home/system_admin",

  "nssec": "/home/nssec",

  "Discovery": "/home/Discovery",

  "npst": "/home/npst",

  "datasys": "/home/datasys",

  "oracle": "/home/oracle",

  "hpna": "/home/hpna",

  "iasiptf": "/home/iasiptf",

  "dcs": "/home/dcs",

  "svc-ansible": "/home/svc-ansible",

  "svc-ansible-apps": "/home/svc-ansible-apps",

  "iasssh": "/home/iasssh",

  "cya_recuser": "/home/cya_recuser",

  "vdsi": "/home/vdsi",

  "fuser": "/home/fuser",

  "Ftest": "/home/Ftest",

  "Fdba": "/home/Fdba"

},

"home_dirs_perms": {

  // 📌 Description: Sets file permissions for each user's home directory.

  // Type: object (key-value)

  // Format: "username": "permissions"

  // Permissions should be in octal format (e.g., "755", "700").

  // Examples:

  //   "755" = rwxr-xr-x → readable by everyone, writable by owner

  //   "700" = rwx------ → private to owner only

  //   "750" = rwxr-x--- → group readable, others no access

  "system_admin": "755",

  "nssec": "755",

  "Discovery": "755",

  "npst": "700",

  "datasys": "700",

  "oracle": "750",

  "hpna": "755",

  "iasiptf": "755",

  "dcs": "755",

  "svc-ansible": "700",

  "svc-ansible-apps": "700",

  "iasssh": "700",

  "cya_recuser": "700",

  "vdsi": "755",

  "fuser": "755",

  "Ftest": "755",

  "Fdba": "755"

},

"groups_id": {

  // 📌 Description: Groups to be created, with their Group ID (GID).

  // Type: object (key-value)

  // Format: "group_name": "gid"

  // GID must be unique and numeric.

  "datasys": "1516",

  "users": "100",

  "apps": "516",

  "oinstall": "120",

  "dba": "851",

  "dcs": "658",

  "cya_recuser": "1516"

},

"cyberark_accounts": {

  // 📌 Description: CyberArk account integration for privileged user access.

  // Each user entry below should be configured if CyberArk will manage their credentials.

  "vdsi": {

    "cyberark_account": "vdsi",

    // CyberArk account name.

    "adom_domain_security_group": "CyberArk_N_DUBV_VDSI_PSMP_ADEBP",

    // AD group used to grant CyberArk access.

    "cyberark_safe": "DUBV_N_VDSI_PSMP",

    // CyberArk Safe where credentials are stored.

    "adom_security_trustees": "allen@example.com"

    // Email of the security contact/trustee for access audit.

  },

  "fuser": {

    "cyberark_account": "fuser",

    "wdms_domain_security_group": "CyberArk_P_DUEY_USER_PSOP_USHNT",

    "cyberark_safe": "DUEY_P_USER_PSOP",

    "wdms_security_trustees": "allen@example.com"

  },

  "system_admin": {

    "cyberark_account": "system_admin",

    "wdms_domain_security_group": "CyberArk_P_system_admin_LIN_PSOP_USHNT",

    "cyberark_safe": "system_admin_P_LIN_PSOP",

    "wdms_security_trustees": "mark@example.com"

  },

  "test": {

    "cyberark_account": "test",

    "wdms_domain_security_group": "CyberArk_P_DUEY_USER_PSOP_USHNT",

    "cyberark_safe": "DUEY_P_USER_PSOP",

    "wdms_security_trustees": "allen@example.com"

  },

  "statistics": {

    "cyberark_account": "statistics",

    "wdms_domain_security_group": "CyberArk_N_DUEY_TSTCS_PSOP_USHNT",

    "cyberark_safe": "DUEY_N_TSTCS_PSOP",

    "wdms_security_trustees": "james.herman@example.com"

  },

  "John": {

    "cyberark_account": "John",

    "wdms_domain_security_group": "CyberArk_P_DUEY_DBA_PSOP_USHNT",

    "cyberark_safe": "DUEY_P_DBA_PSOP",

    "wdms_security_trustees": "bill@example.com"

  }

}

"ntp_servers": {

  // 📌 Description: NTP (Network Time Protocol) servers for system time sync.

  // Type: object

  // Format: "hostname": "IPv4 address"

  "ndc.dns.example_vbi.com": "16.37.12.103",

  "omz.dns.example_vbi.com": "16.37.218.90",

  "pdc.dns.example_vbi.com": "16.37.130.87"

},

"named_conf": {

  // 📌 Description: Parameters for updating the DNS configuration in named.conf.

  // Type: object

  "COMMENT": "Replace the words DNS_SERVER_IP1 and DNS_SERVER_IP2 in named.conf with the following servers",

  "file_name": "/etc/named.conf",

  // Target DNS configuration file path.

  "DNS_SERVER_IP1": "16.37.12.103",

  "DNS_SERVER_IP2": "16.37.130.87"

},

"resolv_conf": {

  // 📌 Description: Parameters for configuring DNS resolution.

  // Type: object

  "COMMENT": "Add the two lines below to resolv.conf",

  "file_name": "/etc/resolv.conf",

  // Location of resolv configuration file.

  "search": "example_vbi.com",

  // Domain to search for hostname lookups.

  "nameserver": "127.0.0.1"

  // Local DNS caching server.

},

"dir_perms": {

  // 📌 Description: Set directory ownership and permission details.

  // Type: object

  // Format:

  // "directory_path": {

  //   "owner": "username",

  //   "group": "groupname",

  //   "Permission": "octal_mode"

  // }

  "/home/post": {

    "owner": "post",

    "group": "users",

    "Permission": "700"

  },

  "/logging": {

    "owner": "root",

    "group": "root",

    "Permission": "755"

  },

  "/logging/datasys": {

    "owner": "datasys",

    "group": "apps",

    "Permission": "754"

  },

  "/datasys": {

    "owner": "datasys",

    "group": "apps",

    "Permission": "754"

  },

  "/applications": {

    "owner": "root",

    "group": "oinstall",

    "Permission": "755"

  }

},

"sudoers_add": {

  // 📌 Description: Sudo permissions to grant users access to specific commands without requiring a password.

  // Type: object

  "file_name": "/etc/sudoers.d/100_datasys_oracle_sudoers",

  // Target sudoers config file.

  

  // 🔐 Multiple 'add' fields should be merged into a list or string array in actual implementation.

  "add": [

    "Cmnd_Alias IPTFCMDS = /usr/bin/iptables, /sbin/netstat, /usr/sbin/lsof, /etc/ufw/conffile/iptables, /usr/bin/ethereal, /usr/sbin/tcpdump, /bin/chmod, /sbin/shutdown, /sbin/ifconfig, /sbin/service, /bin/netstat, /bin/crontab",

    "datasys ALL=(ALL) NOPASSWD: IPTFCMDS",

    "Cmnd_Alias DBACMDS = /usr/bin/iptables, /usr/bin/netstat, /usr/sbin/lsof, /usr/bin/tcpdump, /usr/bin/chmod, /usr/bin/firewall-cmd --list-all, /usr/sbin/shutdown, /usr/sbin/ifconfig, /usr/bin/crontab, /applications/oracle/grid/12oe/bin/acsla, /applications/oracle/grid/12oe/bin/srvctl, mount -t &cfs /asm, unmount -t &cfs /asm, /dbislist, /etc/named.conf, /bin/cat, /etc/ssh/sshd_config, /etc/svc/conf, /sysstat",

    "oracle ALL=(ALL) NOPASSWD: DBACMDS"

  ]

},

"symbolic_links_add": {

  // 📌 Description: Symbolic links (shortcuts) to be created from source to target.

  // Type: object

  // Format: "source_path": "target_path"

  "logging/datasys/tdr_logs": "/applications/tdr_logs",

  "logging/datasys/tdr_archive": "/applications/tdr_archive"

},

"base_packages": {

  // 📌 Description: List of basic packages or groups to be installed during system setup.

  // Type: object (index-based list)

  "1": "@Core",

  "2": "@Base",

  "3": "dhcp-client",

  "4": "ntp",

  "5": "wget",

  "6": "bind-utils",

  "7": "iptables",

  "8": "pam",

  "9": "open-vm-tools",

  "10": "xinetd",

  "11": "chrony",

  "12": "dos"

},

"redhat_repos": {

  // 📌 Description: Additional tools/packages to be installed from Red Hat repositories.

  // Type: object (index-based list)

  "1": "gdb",

  "2": "gcc",

  "3": "gcc-c++",

  "4": "glibc",

  "5": "glibc-common",

  "6": "binutils",

  "7": "libstdc++",

  "8": "libstdc++-devel",

  "9": "make",

  "10": "ksh",

  "11": "openssl",

  "12": "openssl-devel",

  "13": "net-snmp-libs",

  "14": "net-snmp",

  "15": "net-snmp-devel",

  "16": "net-snmp-utils",

  "17": "xinetd"

}

"sysctl_conf_add": {

  // 📌 Description: Kernel and system-level parameters to be added to /etc/sysctl.conf

  // Type: object

  // Format: "parameter_name": "value"

  "COMMENT": "Add the lines below to the sysctl.conf file using '=' to separate key and value",

  "file_name": "/etc/sysctl.conf",

  "kernel.shmmax": "68719476736",

  // Max size (in bytes) of a shared memory segment.

  "kernel.shmall": "16777216",

  // Total shared memory (in pages).

  "kernel.shmmni": "4096",

  // Max number of shared memory segments.

  "kernel.sem": "250 32000 100 128",

  // Semaphore limits: SEMMSL SEMMNS SEMOPM SEMMNI.

  "fs.file-max": "6815744",

  // Max number of open file handles.

  "fs.aio-max-nr": "1048576",

  // Max number of concurrent async I/O requests.

  "net.ipv4.ip_local_port_range": "9000 65000",

  // Port range for outbound connections.

  "net.core.rmem_default": "262144",

  "net.core.rmem_max": "16777216",

  "net.core.wmem_max": "16777216",

  // Socket buffer settings (read/write).

  "net.ipv6.conf.all.disable_ipv6": "1"

  // Disables IPv6 across all interfaces.

},

"disable_services": {

  // 📌 Description: Services to be disabled on system startup.

  // Type: object

  // Format: "service_name": "disable"

  "COMMENT": "Run the following commands as root to disable services",

  "cups": "disable",

  "sendmail": "disable"

},

"enable_services": {

  // 📌 Description: Services to be enabled on system startup.

  // Type: object

  // Format: "service_name": "enable"

  "COMMENT": "Enable services",

  "chronyd.service": "enable"

},

"add_relayhost": {

  // 📌 Description: Postfix email relay configuration.

  // Type: object

  "COMMENT": "Add the following line to /etc/postfix/main.cf",

  "file_name": "/etc/postfix/main.cf",

  "relayhost": "vzsmtp.example.com"

  // Mail server used to send outgoing email.

},

"system_limits_configuration": {

  // 📌 Description: Resource limits for users and processes.

  // Type: object

  // Format: "addX": "limit_entry"

  "file_name": "/etc/security/limits.conf",

  "add": "* - nofile 65536",

  // Sets max open files for all users.

  "add2": "* hard core unlimited",

  // Allows unlimited core dump file size.

  "add3": "oracle soft stack 10240",

  // Sets stack size limit for 'oracle'.

  "add4": "oracle soft memlock unlimited",

  "add5": "oracle hard memlock unlimited"

  // Memory locking limits for 'oracle'.

},

"snmp_conf": {

  // 📌 Description: SNMP (Simple Network Management Protocol) configuration settings.

  // Type: object

  "file_name": "/etc/snmp/snmpd.conf",

  // Configuration file path for SNMP daemon.

  "env": "dev",

  // Environment name: dev, test, prod, etc.

  "site": "RCH"

  // Site/location where the system is deployed.

}

"nftables_add": {

  // 📌 Purpose: This block includes multiple firewall rules using nftables to control and secure network traffic.

  // 📄 File: /etc/nftables/nftablesrules.nft

  // 💡 Note: Each line should be added to the nftables rules file using the order provided.

  "****_COMMENT_****": "Add the following lines to /etc/nftables/nftablesrules.nft",

  "file_name": "/etc/nftables/nftablesrules.nft",

  "add1": "add table ip mangle",

  "add2": "add chain ip mangle PREROUTING { type filter hook prerouting priority -150; policy accept; }",

  "add3": "add chain ip mangle INPUT { type filter hook input priority -150; policy accept; }",

  "add4": "add chain ip mangle FORWARD { type filter hook forward priority -150; policy accept; }",

  "add5": "add chain ip mangle OUTPUT { type route hook output priority -150; policy accept; }",

  "add6": "add chain ip mangle POSTROUTING { type filter hook postrouting priority -150; policy accept; }",

  "add7": "add rule ip mangle OUTPUT ip protocol udp udp sport 10000-42768 counter ip dscp set 0x2e comment 005 udp/10000-42768",

  "add8": "add table ip filter",

  "add9": "add chain ip filter INPUT { type filter hook input priority 0; policy accept; }",

  "add10": "add chain ip filter FORWARD { type filter hook forward priority 0; policy accept; }",

  "add11": "add chain ip filter OUTPUT { type filter hook output priority 0; policy accept; }",

  "add12": "add rule ip filter INPUT iifname \"lo\" counter accept comment \"100 accept all to lo interface\"",

  "add13": "add rule ip filter INPUT ip protocol icmp counter accept comment \"101 icmp 255\"",

  "add14": "add table inet filter",

  "add15": "add rule inet filter INPUT ip protocol esp counter accept comment \"102 accept all protocol esp\"",

  "add16": "add rule inet filter INPUT ip protocol ah counter accept comment \"103 accept all protocol ah\"",

  "add17": "add rule inet filter INPUT ip protocol vrrp counter accept comment \"104 accept all protocol vrrp\"",

  "add18": "add rule inet filter INPUT ip protocol ipv4 counter accept comment \"105 accept all protocol ipv4\"",

  "add19": "add rule ip filter INPUT ct state related,established counter accept comment \"106 accept related established rules\"",

  "add20": "add rule ip filter INPUT iifname \"ens224\" ip protocol tcp tcp dport 22 ct state new counter accept comment \"107 tcp/22\"",

  "add21": "add rule ip filter INPUT iifname \"ens224\" ip protocol tcp tcp dport 123 ct state new counter accept comment \"108 tcp/123\"",

  "add22": "add rule ip filter INPUT iifname \"ens224\" ip protocol udp udp dport 123 ct state new counter accept comment \"109 udp/123\"",

  "add23": "add rule ip filter INPUT iifname \"ens224\" ip protocol tcp tcp dport 161 ct state new counter accept comment \"110 tcp/161\"",

  "add24": "add rule ip filter INPUT iifname \"ens224\" ip protocol udp udp dport 161 ct state new counter accept comment \"111 udp/161\"",

  "add25": "add rule ip filter INPUT iifname \"ens192\" ip protocol tcp tcp dport 443 ct state new counter accept comment \"112 tcp/443\"",

  "add26": "add rule ip filter INPUT iifname \"ens224\" ip protocol udp udp dport 1691 ct state new counter accept comment \"113 udp/1691\"",

  "add27": "add rule ip filter INPUT iifname \"ens224\" ip protocol tcp tcp dport 2301 ct state new counter accept comment \"114 tcp/2301\"",

  "add28": "add rule ip filter INPUT iifname \"ens224\" ip protocol tcp tcp dport 5600 ct state new counter accept comment \"115 tcp/5600\"",

  "add29": "add rule ip filter INPUT iifname \"ens224\" ip protocol tcp tcp dport 5605 ct state new counter accept comment \"116 tcp/5605\"",

  "add30": "add rule ip filter INPUT iifname \"ens192\" ip protocol tcp tcp dport 18443 ct state new counter accept comment \"117 tcp/18443\"",

  "add31": "add rule ip filter INPUT iifname \"ens192\" ip protocol udp udp dport {10000:42768} ct state new counter accept comment \"118 udp/10000-42768\"",

  "add32": "add rule inet filter INPUT ip protocol tcp ip saddr 165.122.250.0/25 tcp dport 10441-10445 ct state new counter accept comment \"119 tcp/10441-10445 Media Relay websockets\"",

  "add33": "add rule inet filter INPUT iifname \"ens192\" ip protocol udp ip saddr 165.122.165.0/24 udp dport 5060 ct state new counter accept comment \"127 udp/5060\"",

  "add34": "add rule inet filter INPUT iifname \"ens192\" ip protocol tcp ip saddr 165.122.165.0/24 tcp dport 5060 ct state new counter accept comment \"128 tcp/5060\"",

  "add35": "add rule inet filter INPUT iifname \"ens192\" ip protocol tcp ip saddr 165.122.165.0/24 tcp dport 5061 ct state new counter accept comment \"129 tcp/5061\"",

  "add36": "nft add rule ip filter OUTPUT iifname \"ens192\" ip protocol udp udp sport 10000:42768 counter ip dscp set 0x2e",

  "add37": "nft add rule ip filter INPUT iifname \"lo\" counter accept",

  "add38": "nft add rule ip filter INPUT iifname \"ens192\" ip protocol icmp counter accept",

  "add39": "nft add rule ip filter INPUT iifname \"ens192\" ip protocol esp counter accept",

  "add40": "nft add rule ip filter INPUT iifname \"ens192\" ip protocol ah counter accept"

},

"nftables_conf": {

  // 📌 Purpose: To ensure the rules defined in /etc/nftables/nftablesrules.nft are loaded by default.

  // 📄 File: /etc/sysconfig/nftables.conf

  // 🛠️ Add this line to include the custom ruleset.

  "COMMENT": "Add the following line to nftables.conf",

  "file_name": "/etc/sysconfig/nftables.conf",

  "add": "include \"/etc/nftables/nftablesrules.nft\""

}

"custom_sh": {

  // 📁 File: /etc/profile.d/custom.sh

  // 🎯 Purpose: Sets a user-specific umask. Users with UID > 199 and group name equal to username get `umask 007`, others get `umask 027`.

  // 🔐 Effect: This helps restrict permissions for users in multi-user environments.

  "COMMENT": "Add or edit the following lines in custom.sh",

  "file_name": "/etc/profile.d/custom.sh",

  "add": "if [ $UID -gt 199 ] && [ \"$(id -gn)\" = \"$(id -un)\" ]; then\n  umask 007\nelse\n  umask 027\nfi"

},

"securetty": {

  // 📁 File: /etc/securetty

  // 🎯 Purpose: Restrict root logins only to `tty1`.

  // 🔐 Security: Prevents remote root logins via console (used by getty).

  "COMMENT": "Create file securetty",

  "file_name": "/etc/securetty",

  "add": "tty1"

},

"sshd_conf": {

  // 📁 File: /etc/ssh/sshd_config.d/50-system_admin_1.conf

  // 🎯 Purpose: Harden SSH access.

  // 🔐 `PermitRootLogin no`: Prevent direct SSH root login.

  // 🔐 `DenyUsers npst`: Deny SSH access for user `npst`.

  // 🔐 `UseLogin yes`: Forces use of /bin/login (not commonly used in modern SSH; review compatibility).

  "COMMENT": "Add Ssh-system_admin_1.conf file",

  "file_name": "/etc/ssh/sshd_config.d/50-system_admin_1.conf",

  "description": "Prevents direct root login via SSH.",

  "add1": "PermitRootLogin no",

  "add2": "UseLogin yes",

  "add3": "DenyUsers npst"

},

"chrony_conf": {

  // 📁 File: /etc/chrony.conf

  // 🎯 Purpose: Add time synchronization servers to Chrony configuration.

  // 📡 `iburst`: Speeds up initial synchronization.

  "COMMENT": "Add or edit NTP servers with NTP servers in chrony.conf",

  "file_name": "/etc/chrony.conf",

  "add1": "server ndcdns.example_vbi.com iburst",

  "add2": "server pdcdns.example_vbi.com iburst",

  "add3": "server omzdns.example_vbi.com iburst"

},

"sam_bdna": {

  // 📁 File: /etc/sudoers.d/Discovery01

  // 🎯 Purpose: Allow 'Discovery' user to run `dmidecode` as root without password.

  // 🔐 Least-privilege: Limits the command to only dmidecode.

  "COMMENT": "Create new file /etc/sudoers.d/Discovery01 with the following contents",

  "file_name": "/etc/sudoers.d/Discovery01",

  "add1": "Discovery ALL=(root) NOPASSWD: /usr/sbin/dmidecode"

},

"disable_etc_services": {

  // 📁 File: /etc/services

  // 🎯 Purpose: Disable unused legacy services to reduce attack surface.

  // 🛑 Method: Comment out corresponding lines in /etc/services.

  "COMMENT": "Disable the following services/ports by adding a # at the start of the line.",

  "file_name": "/etc/services",

  "echo": "7",         // Echo service (deprecated)

  "chargen": "19",     // Character generator (DoS risk)

  "ftp": "21",         // Insecure file transfer

  "finger": "79",      // User info disclosure

  "who": "513",        // Rexec service

  "pop2": "109",       // Legacy email retrieval

  "pop3": "110",       // Still used, but often replaced with IMAP/secure methods

  "nntp": "119"        // Usenet news (rarely used)

},

"add_etc_services": {

  // 📁 File: /etc/services

  // 🎯 Purpose: Register custom applications with TCP ports.

  // 📦 Useful for diagnostics, packet inspection, firewall rules, etc.

  "COMMENT": "Add the following services in /etc/services. (Space separating key/value)",

  "file_name": "/etc/services",

  "oraclelsnr": "1313/tcp", // Oracle Listener

  "csawhttp": "2382/tcp",

  "csawrm": "4390/tcp",

  "csawds": "4509/tcp",

  "csawhttps": "4520/tcp",

  "csart": "4570/tcp",

  "csach": "4580/tcp",

  "esm": "5600/tcp",         // Enterprise Security Manager?

  "ogg_09": "7809/tcp",      // Oracle GoldenGate port range

  "ogg_10": "7810/tcp",

  "ogg_11": "7811/tcp",

  "ogg_12": "7812/tcp",

  "ogg_13": "7813/tcp",

  "ogg_14": "7814/tcp",

  "ogg_15": "7815/tcp",

  "ogg_16": "7816/tcp",

  "ogg_17": "7817/tcp"

},

"logrotate_conf": {

  // 📁 File: /etc/logrotate.conf

  // 🎯 Purpose: System-wide log rotation policy.

  "COMMENT": "Add or edit /etc/logrotate.conf",

  "file_name": "/etc/logrotate.conf",

  "logrotate_keep": "12",         // Keep 12 old logs

  "logrotate_frequency": "daily", // Rotate logs daily

  "logrotate_compress": "false",  // Disable compression (might want 'true' in production)

  "logrotate_dateext": "false"    // Do not append date to rotated file

},

"logrotate_items": {

  // 🎯 Purpose: File-specific rotation configurations.

  "btmp": {

    "file_name": "/etc/logrotate.d/btmp",

    "path": "/var/log/btmp",

    "missingok": true,            // Skip errors if file doesn't exist

    "frequency": "monthly",

    "create": true,

    "create_mode": "0664",

    "create_user": "root",

    "create_group": "utmp",

    "keep": 12

  },

  "syslogd": {

    "file_name": "/etc/logrotate.d/syslogd",

    "path": "/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron",

    "sharedscripts": true, // Run postrotate once for all

    "postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true\n/bin/kill -HUP `cat /var/run/rsyslogd.pid 2>/dev/null` 2>/dev/null || true\nchmod -f 644 /var/log/messages* || true\nchmod -f 644 /var/log/boot.log* || true\nchmod -f 644"

  }

},

"sysstat": {

  // 📁 File: /etc/cron.d/sysstat

  // 🎯 Purpose: System monitoring via cron jobs.

  "file_name": "/etc/cron.d/sysstat",

  "add": "*/10 * * * * root /usr/lib64/sa/sa1 1 1", // Collect every 10 minutes

  "add1": "53 23 * * * root /usr/lib64/sa/sa2 -A",  // Daily summary at 23:53

  "add2": "35 10 * * * root find /var/log/sa -mtime +15 -type f -name 'sa*' -exec rm -f {} \\;" // Clean logs older than 15 days

}

<div style="background-color: #f5f5f5; border: 1px solid #ccc; padding: 10px; font-family: monospace; white-space: pre; overflow-x: auto;">

sudo apt-get install package1 package2 package3 package4 package5 package6 package7 package8

</div>

<ac:structured-macro ac:name="code">

  <ac:parameter ac:name="language">go</ac:parameter>

  <ac:plain-text-body><![CDATA[

The `hostname` defines the name of the VM.

  ]]></ac:plain-text-body>

</ac:structured-macro>

Parameter Guide: hostname (VM Name)

---

📘 Technical Description:

The hostname defines the unique name assigned to a virtual machine (VM). This is the name by which the VM will be identified on the network and internally within the automation system.

---

🤖 Plain Language: What is a Hostname?

The hostname is the name you give to your virtual machine—like naming your phone or laptop. It helps you and others recognize the VM in tools, dashboards, and networks.

Example: Like calling your laptop “John-Laptop” or phone “Office-Phone”, you give your VM a name like webserver01.

---

✅ What Should I Enter?

✅ Allowed	❌ Not Allowed
Lowercase letters (a–z)	Spaces (My VM)
Numbers (0–9)	Special characters (@, #, !, etc.)
Hyphens (-)	Underscores (_) in some systems
Max 63 characters	Capital letters (to avoid mismatch)

---

💡 Good Examples:

Scenario	Hostname	Why It’s Good
Web server	webserver01	Simple and clear
Project tagging	finance-app-vm01	Project-specific and searchable
Location hint	blr-db01	Shows it's a database server in Bangalore

---

❌ Bad Examples:

Hostname	Reason
My VM	Contains a space
Server@123	@ is not allowed
VM_Prod	Uses _ which may be invalid
App.Server	Dot (.) is not allowed in many hostnames

---

📝 Where Do I Enter This?

In your automation JSON file:

json
{
  "hostname": "webserver01"
}

---

📎 Summary Table:

Question	Answer
Required?	✅ Yes
Can be empty?	❌ No
Case-sensitive?	✅ Yes (avoid uppercase)
Seen in VM login?	✅ Yes (it's the machine name)
Helps in DNS/network?	✅ Yes

---

🛠 Pro Tips:

• Use short, descriptive names.

• Avoid using test/test1 for multiple machines—be specific.

• Follow a standard naming format, like:

  php-template
  <location>-<project>-<type>-<number>
  Example: blr-finance-web-01

User Guide: Network Configuration (Per Interface)

This guide explains the required fields for setting up network configurations for each VM interface. Please enter correct values to ensure the VM gets connected to the right network.

---

🔸 Interface Block (Example Key: eth413_admin_interface)

Each interface has the following parameters:

Parameter	Type	Required?	Description	Example
servername	String	✅ Yes	A name to identify the VM using this network. Usually same as the main VM name.	"VM-App-Test01"
ip_address	String (IPv4)	✅ Yes	The static IP address to assign to the VM. Must be valid and unique.	"192.168.10.25"
subnet	String	✅ Yes	Subnet mask for the network. Defines the IP range.	"255.255.255.0"
gateway	String (IPv4)	✅ Yes	The gateway for the subnet. Usually ends in .1.	"192.168.10.1"
vlan	Integer	✅ Yes	VLAN ID assigned for this network. Check with the network team.	413
nad	String	✅ Yes	NetworkAttachmentDefinition name used for VLAN/bridge mapping. Must exist in the system.	"br413-inner-bat"

---

✅ Field-by-Field Details:

---

🔹 servername

• Type: String

• Required: Yes

• Purpose: Helps identify the VM associated with this interface.

• Value Format: Letters, numbers, hyphens (-), no spaces.

• Example: "VM-App-Test01"

---

🔹 ip_address

• Type: String (IPv4 format)

• Required: Yes

• Purpose: Assigns a unique IP address to the VM. Must be in the correct subnet range.

• Format: "x.x.x.x" (e.g., "192.168.1.100")

• Example: "151.205.58.97"

---

🔹 subnet

• Type: String

• Required: Yes

• Purpose: Defines how big the IP range is for that network.

• Common Values: "255.255.255.0", "255.255.254.0"

• Example: "255.255.255.0"

---

🔹 gateway

• Type: String (IPv4)

• Required: Yes

• Purpose: Tells the VM which IP to use to reach outside networks.

• Format: Must be reachable from ip_address

• Example: "151.205.58.1"

---

🔹 vlan

• Type: Integer

• Required: Yes

• Purpose: Tags the traffic from the VM with a VLAN ID for isolated networking.

• Valid Range: 1 to 4094 (Check with network admin)

• Example: 413

---

🔹 nad

• Type: String

• Required: Yes

• Purpose: Specifies the name of a pre-created NetworkAttachmentDefinition in OpenShift/K8s used to attach the network.

• Tip: Must match exactly with the defined NAD name.

• Example: "br413-inner-bat"

---

📝 Example JSON Block

json
"eth413_admin_interface": {
  "servername": "VM-App-Test01",
  "ip_address": "151.205.58.97",
  "subnet": "255.255.255.0",
  "gateway": "151.205.58.1",
  "vlan": 413,
  "nad": "br413-inner-bat"
}

---

⚠️ Common Mistakes to Avoid

Mistake	Why it's wrong
"ip_address": "151.205.58.1"	Conflicts with the gateway IP
"vlan": "413" (as string)	Must be entered as a number (no quotes)
"nad": "Br413-Inner-Bat"	Case-sensitive – must match exactly as defined

---

🛠 Tips:

• Double-check IP and subnet range.

• Confirm VLAN ID and NAD name with the platform/network team.

• Avoid using the same ip_address in multiple entries.

Absolutely! Below is the updated User Guide for your JSON structure, now including both sections:

1. Global Network Configuration (Network_Configuration)
2. Interface Configuration Example (e.g., eth413_admin_interface)

Each section includes:

• A purpose description
• A table with field names, types, descriptions, and example values

---

📘 User Guide: Understanding the JSON Configuration

This guide explains how to interpret the JSON configuration used for defining global network settings and interface configurations.

---

🔧 Section 1: Global Network Configuration

Purpose :

This section defines global network settings that are typically applied to the system's network configuration file.

Example JSON :

json

1

2

3

4

5

6

⌄

"Network_Configuration": {

"COMMENT": "Add the below lines to the network file",

"file_name": "/etc/sysconfig/network",

"NETWORKING_IPV6": "no",

"NOZEROCONF": "no"

}

Field Explanation Table

Field Name	Type	Description	Example Value
COMMENT	String	Descriptive comment explaining the purpose	"Add the below lines..."
file_name	String	Path to the system network config file	"/etc/sysconfig/network"
NETWORKING_IPV6	String	Enable/disable IPv6 (yesorno)	"no"
NOZEROCONF	String	Enable/disable Zeroconf (yesorno)	"no"

---

🖥️ Section 2: Interface Configuration (Example)

Purpose :

Defines the configuration for a specific network interface (e.g., admin or control plane).

Example JSON :

json

1

2

3

4

5

6

7

8

⌄

"eth413_admin_interface": {

"servername": "VM-Automation-Test10",

"ip_address": "151.205.58.97",

"subnet": "255.255.255.0",

"gateway": "151.205.58.1",

"vlan": 413,

"nad": "br413-inner-bat"

}

Field Explanation Table

Field Name	Type	Description	Example Value
servername	String	Name of the server associated with this interface	"VM-Automation-Test10"
ip_address	String	IP address assigned to the interface	"151.205.58.97"
subnet	String	Subnet mask for the network	"255.255.255.0"
gateway	String	Default gateway for the network	"151.205.58.1"
vlan	Integer	VLAN ID associated with the interface	413
nad	String	Network Attachment Device or bridge name	"br413-inner-bat"

---

💡 General Notes

• Each top-level key in the JSON represents a different configuration block.
• Use these definitions to automate setup scripts, documentation, or deployment tools.
• Ensure correct data types are used when parsing or generating configs programmatically.

Network Configuration:

Description:

This JSON structure defines both global network settings and interface-specific configurations. It is used to configure system-level networking and individual interfaces such as admin or control plane interfaces.

📘 LVM Configuration JSON User Guide

Volume Groups:

Description:

This section defines the volume groups used in the system. Each volume group has a defined size and file system type.

Section 1: Volume Group Definitions (volume_groups)

Example JSON:

json

1

2

3

4

5

6

7

8

9

10

⌄

⌄

⌄

"volume_groups": {

  "vgapps": {

    "vgsize": "100G",

    "fs_type": "xfs"

  },

  "vgdb": {

    "vgsize": "100G",

    "fs_type": "xfs"

  }

}

FIELD NAME

TYPE

DESCRIPTION

EXAMPLE VALUE

vgsize

String

Size of the volume group

"100G"

fs_type

String

File system type used

"xfs"

Logical Volumes:

Description:

This section defines logical volumes grouped under different categories such as root, apps, and db. Each logical volume includes its volume group name, size, file system type, and mount point.

Section 2: Root Logical Volumes (logical_volumes.root)

json

1

2

3

4

5

6

7

⌄

"lvroot": {

  "vgname": "vgroot",

  "lvname": "lvroot",

  "lvsize": "40G",

  "lvfs_type": "xfs",

  "lv_mountpoint": "/"

}

FIELD NAME

TYPE

DESCRIPTION

EXAMPLE VALUE

vgname

String

Volume group name

"vgroot"

lvname

String

Logical volume name

"lvroot"

lvsize

String

Size of the logical volume

"40G"

lvfs_type

String

File system type

"xfs"

lv_mountpoint

String

Mount point in the file system

"/"

Similar structures are used for lvvar, lvhome, and lvswap. 

Section 3: Application Logical Volumes (logical_volumes.apps)

json

1

2

3

4

5

6

7

⌄

"lvapps": {

  "vgname": "vgapps",

  "lvname": "lvapps",

  "lvsize": "20G",

  "lvfs_type": "xfs",

  "lv_mountpoint": "/applications"

}

FIELD NAME

TYPE

DESCRIPTION

EXAMPLE VALUE

vgname

String

Volume group name

"vgapps"

lvname

String

Logical volume name

"lvapps"

lvsize

String

Size of the logical volume

"20G"

lvfs_type

String

File system type

"xfs"

lv_mountpoint

String

Mount point in the file system

"/applications"

Similar structure is used for lvlogging. 

Section 4: Database Logical Volumes (logical_volumes.db)

json

1

2

3

4

5

6

7

⌄

"lvsystemdb": {

  "vgname": "vgdb",

  "lvname": "lvsystemdb",

  "lvsize": "20G",

  "lvfs_type": "xfs",

  "lv_mountpoint": "/systemdb"

}

FIELD NAME

TYPE

DESCRIPTION

EXAMPLE VALUE

vgname

String

Volume group name

"vgdb"

lvname

String

Logical volume name

"lvsystemdb"

lvsize

String

Size of the logical volume

"20G"

lvfs_type

String

File system type

"xfs"

lv_mountpoint

String

Mount point in the file system

"/systemdb"

Similar structures are used for lvsdsdb1, lvsdsdb2, and lvdbbackup. 

🧩 Full Sample JSON Configuration

You can copy this into a Code Block macro in Confluence to show the full structure with syntax highlighting.

json

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

⌄

{

  "volume_groups": {

    "vgapps": {

      "vgsize": "100G",

      "fs_type": "xfs"

    },

    "vgdb": {

      "vgsize": "100G",

      "fs_type": "xfs"

    }

  },

  "logical_volumes": {

    "root": {

      "lvroot": {

        "vgname": "vgroot",

        "lvname": "lvroot",

        "lvsize": "40G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/"

      },

      "lvvar": {

        "vgname": "vgroot",

        "lvname": "lvvar",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/var"

      },

      "lvhome": {

        "vgname": "vgroot",

        "lvname": "lvhome",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/home"

      },

      "lvswap": {

        "vgname": "vgroot",

        "lvname": "lvswap",

        "lvsize": "4G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "swap"

      }

    },

    "apps": {

      "lvapps": {

        "vgname": "vgapps",

        "lvname": "lvapps",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/applications"

      },

      "lvlogging": {

        "vgname": "vgapps",

        "lvname": "lvlogging",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/logging"

      }

    },

    "db": {

      "lvsystemdb": {

        "vgname": "vgdb",

        "lvname": "lvsystemdb",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/systemdb"

      },

      "lvsdsdb1": {

        "vgname": "vgdb",

        "lvname": "lvsdsdb1",

        "lvsize": "16G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/sds_db1"

      },

      "lvsdsdb2": {

        "vgname": "vgdb",

        "lvname": "lvsdsdb2",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/sds_db2"

      },

      "lvdbbackup": {

        "vgname": "vgdb",

        "lvname": "lvdbbackup",

        "lvsize": "20G",

        "lvfs_type": "xfs",

        "lv_mountpoint": "/db_backup"

      }

    }

  }

}

Note: Similar structures are used for other volumes under Root Logical Volumes . The full JSON is provided at the end of this document — you can verify once there.

Note: Similar structures are used for other volumes under Application Logical Volumes . The full JSON is provided at the end of this document — you can verify once there.

Note: Similar structures are used for other volumes under Database Logical Volumes . The full JSON is provided at the end of this document — you can verify once there.

CyberArk Accounts Configuration User Guide CyberArk Accounts: Description: This JSON structure defines configurations for multiple CyberArk accounts used in automation or access management. Each account includes its associated security group, safe name, and trustee email. Section: CyberArk Account Definition (cyberark_accounts) Example: json 1 2 3 4 5 6 ⌄ "IPTFvdsi": { "cyberark_account": "IPTFvdsi", "adom_domain_security_group": "CyberArk_N_DUBV_VDSI_PSMP_ADEBP", "cyberark_safe": "DUBV_N_VDSI_PSMP", "adom_security_trustees": "brian.n.allen@one.verizon.com" } FIELD NAME TYPE DESCRIPTION EXAMPLE VALUE cyberark_account String Name of the CyberArk account "IPTFvdsi" adom_domain_security_group String ADOM domain security group associated with the account "CyberArk_N_DUBV_VDSI_PSMP_ADEBP" cyberark_safe String Safe name in CyberArk where credentials are stored "DUBV_N_VDSI_PSMP" adom_security_trustees String Email address of the assigned security trustee "brian.n.allen@one.verizon.com" ✅ Note: Similar structures are used for other entries under CyberArk Accounts . The full JSON is provided at the end of this document — you can verify once there. 🧩 Full Sample JSON Configuration You can copy this into a Code Block macro in Confluence to show the full structure with syntax highlighting. json 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 ⌄ ⌄ ⌄ ⌄ ⌄ ⌄ { "cyberark_accounts": { "IPTFvdsi": { "cyberark_account": "IPTFvdsi", "adom_domain_security_group": "CyberArk_N_DUBV_VDSI_PSMP_ADEBP", "cyberark_safe": "DUBV_N_VDSI_PSMP", "adom_security_trustees": "brian.n.allen@one.verizon.com" }, "IPTFuser": { "cyberark_account": "IPTFuser", "adom_domain_security_group": "CyberArk_P_DUBV_USER_PSMP_USWIN", "cyberark_safe": "DUBV_P_USER_PSMP", "adom_security_trustees": "brian.n.allen@one.verizon.com" }, "IPTFmrss": { "cyberark_account": "IPTFmrss", "adom_domain_security_group": "CyberArk_P_MRSS_LIN_PSMP_USWIN", "cyberark_safe": "MRSS_P_LIN_PSMP", "adom_security_trustees": "mark.mckone1@one.verizon.com" }, "IPTFtest": { "cyberark_account": "IPTFtest", "adom_domain_security_group": "CyberArk_P_DUBV_USER_PSMP_USWIN", "cyberark_safe": "DUBV_P_USER_PSMP", "adom_security_trustees": "brian.n.allen@one.verizon.com" } } } Would you like me to now generate the Confluence-ready page 

NTP Servers Configuration User Guide NTP Servers: Description: This section defines the mapping of NTP server hostnames to their corresponding IP addresses. These servers are used to synchronize system time across infrastructure nodes. Section: NTP Server Definitions (ntp_servers) Example Entry: json 1 "ndcdns.vzbi.com": "166.37.162.103" FIELD (KEY) TYPE DESCRIPTION EXAMPLE VALUE NTP Server Hostname String Fully qualified domain name of the NTP server "ndcdns.vzbi.com" NTP Server IP Address String IPv4 address of the NTP server "166.37.162.103" ✅ Note: All entries under ntp_servers follow the same hostname: ip_address pattern. The full list is provided below for reference. 🧩 Full Sample JSON Configuration You can copy this into a Code Block macro in Confluence to display it with syntax highlighting. json 1 2 3 4 5 ⌄ "ntp_servers": { "ndcdns.vzbi.com": "166.37.162.103", "omzdns.vzbi.com": "166.37.218.90", "pdcdns.vzbi.com": "166.37.130.87" } 💡 Usage Tips Ensure all listed NTP servers are reachable from your systems. Use consistent time sources across environments to avoid clock drift. Update this list if there are changes in network infrastructure or NTP server migration.

⚠️ Important:
Modifications to root logical volumes are not recommended. These volumes are critical to system stability and OS functionality.
This section is provided only for reference to illustrate the structure and configuration format.

Symbolic Links Configuration User Guide

Symbolic Links:

Description:

This section defines symbolic links to be created in the filesystem. The format used is:

json

1

"target_directory": "link_path"

i.e., "source data location": "where the symlink should be created"

This allows applications to access data from a standardized path while storing it in a centralized or dedicated location.

---

Section: Symbolic Links to Add (symbolic_links_add)

⚠️ Important:
These symbolic links are critical for application data access.
Do not manually modify or delete these links unless directed by automation or infrastructure team.

Example Entry:

json

1

"/logging/datasys/tdr_logs": "/applications/tdr_logs"

This translates to the following Linux command:

bash

1

ln -s /logging/datasys/tdr_logs /applications/tdr_logs

Target Directory	String	The actual directory containing the data	/logging/datasys/tdr_logs
Link Path (Symlink)	String	The path where the symbolic link will be created	/applications/tdr_logs

✅ Note: The format in the JSON is "target": "link_path", which matches the ln -s <target> <link> Linux syntax.
All entries follow this pattern. The full configuration is provided below.

---

🧩 Full Sample JSON Configuration

json

1

2

3

4

⌄

"symbolic_links_add": {

"/logging/datasys/tdr_logs": "/applications/tdr_logs",

"/logging/datasys/tdr_archive": "/applications/tdr_archive"

}

---

💡 Usage Notes

• Ensure the target directories (e.g., /logging/datasys/tdr_logs) exist before creating the symbolic links.
• The ln -s command must be run with appropriate permissions (usually as root or via sudo).
• Verify links after creation:
  bash

  1

  ls -la /applications/tdr_logs
  Output should show:
  1

  /applications/tdr_logs -> /logging/datasys/tdr_logs

---

Let me know if you'd like to update the key name in the JSON to make it clearer (e.g., create_symlink: { "target": "link" }), or if you want this formatted with Confluence panels and code blocks for direct paste.ge Notes

• Ensure the target directories exist before creating symbolic links.
• These links are typically created during system provisioning.
• Broken links can cause application failures — verify during deployment.