This documentation is no longer actively maintained and may contain outdated information. For the latest product documentation, use docs.mediakind.com.

Packager
Advanced configuration

Advanced Parameters

Configuring credentials for direct remote storage access

Format

The file is in the YAML format and located at /etc/mediakind/mkp/charts/customer-values.yaml. A specific script must be executed to apply the changes brought to the file that remain after a product update. If no value is specified or if a value is removed from the file, default values from installer are used.

Each entry contains the following elements:

  • url: the base URL of a storage.
  • type: the type of credential to be used for this base URL. It can be:
    • user for access with username and password
    • s3 for access using AWS S3 object store credentials
    • azureSasToken for access using Blob Azure credential
    • certificate for HTTPS access

User credential

The entry should contain the following elements:

  • username
  • password

It can be used for FTP or SFTP access (ftp://… or sftp://…).

credentials:
  [ {"type": "user", "url": "sftp://myServer/share1", "username": "test", "password": "1234"} ]

Blob Azure credential

To configure the Azure authentication for your system, the entry in the credential file should contain the following elements:

  • url: URL provided at the Blob storage creation.
  • type: Type of credential to be used for this URL. It must be: azureSasToken.
  • sasToken: Token provided at the Blob storage creation.
credentials:
    [{"type" : "azureSasToken", "url" : "https://myaccount.blob.core.windows.net/mycontainer", "sasToken" : "?sv=2020-02-10&ss=bfqt&srt=o&sp=rwdlacupx&se=2021-02-24T00:46:59Z&st=2021-02-23T16:46:59Z&spr=https&sig=..."} ]

AWS S3 object store credential

This credential corresponds to an AWS access key.

The entry should contain the following elements:

  • accessKeyId: The ID of the access key
  • secretAccessKey: The secret access key
credentials:
  [{ "type": "s3", "url" : "https://mk-cr8-poc.s3.us-east.cloud-object-storage.appdomain.cloud", "accessKeyId" : "e45d9e87d91421f2f3c69fca4c", "secretAccessKey":"236e8cc37c9ccc355b9ffb17fe8"} ]

Certificate credentials

The entry should contain the following elements:

  • certificateFile: to be defined in client_crt_certificate value
  • privateKeyFile: to be defined in client_key_certificate value
  • privateKeyPassword

Use section Managing HTTPS certificates for the Origin Server to define your certificate values

credentials:
  [ {"type": "certificate", "url": "https://mysecure-webdav.com/secure", "certificateFile": "/tmp/client-crt.pem", "privateKeyFile": "/tmp/client-key.pem", "privateKeyPassword": "xxyyzz"} ]

Multiple credentials display

credentials:
  [ 
  {"type": "user", "url": "sftp://myServer/share1", "username": "test", "password": "1234"},
  {"type" : "azureSasToken", "url" : "https://myaccount.blob.core.windows.net/mycontainer", "sasToken" : "?sv=2020-02-10&ss=bfqt&srt=o&sp=rwdlacupx&se=2021-02-24T00:46:59Z&st=2021-02-23T16:46:59Z&spr=https&sig=..."},
  { "type": "s3", "url" : "https://mk-cr8-poc.s3.us-east.cloud-object-storage.appdomain.cloud", "accessKeyId" : "e45d9e87d91421f2f3c69fca4c", "secretAccessKey":"236e8cc37c9ccc355b9ffb17fe8"} 
  ]

Deployment

This configuration file should be created by the user and needs to be deployed on every Packager server under the following path: /etc/mediakind/mkp/charts/customer-values.yaml.

Once the file customer-values.yaml is configured, the following script must be executed to apply the changes:

/etc/mediakind/mkp/charts/apply_customer_values.sh

Example

When a job is created, it will parse this file to find the associated credentials of the file URL it needs to access.

For example, if the file contains the following credentials:

credentials:
  [
  {"type" : "user", "url" : "sftp://server1", "username" : "admin", "password":"1234"},
  {"type" : "user", "url" : "sftp://server2/share", "username" : "admin", "password":"4321"}
  ]

If a job input file is sftp://server2/share/video.ts, the second credential will be used: the input URL matches with the base URL of the second credential.

The selected credentials configuration is logged into the high-level logs of the job.

Managing HTTPS certificates for the Origin Server

Packaging is configured with a self-signed certificate that is used to deliver contents using HTTPS.

This certificate must be replaced by a new certificate that is provided by a trusted authority on all the servers of your headend. To apply dedicated certificates on your server:

  1. Edit the file customer-values.yaml:

    vi /etc/mediakind/mkp/charts/customer-values.yaml

  1. Update the credentials section of the file /etc/mediakind/mkp/charts/customer-values.yaml and copy in here the content of the cert.pem and key.pem files:

    client_crt_certificate: |-
  -----BEGIN CERTIFICATE-----
  MIIE3DCCA8QCCQD+258[...]tkcdSo5oqACMq
  -----END CERTIFICATE-----
client_key_certificate: |-
  -----BEGIN RSA PRIVATE KEY-----
  MIIJKQIBAAKCAgEA49D6[...]xdWOOnjI2NmH
  -----END RSA PRIVATE KEY-----

    This operation requires inserting spaces at the beginning of each line, but you can automate it by running a script. Navigate to /etc/mediakind/mkp/charts/, copy your certificate files there, and execute the following commands:

    yq w -i -- customer-values.yaml "client_crt_certificate" "$(cat client-certificate.pem)"
yq w -i -- customer-values.yaml "client_key_certificate" "$(cat client-key.pem)"

  2. Define the path to the new certificates (by default defined in the /tmp/ directory):

    originserver:
  security:
    origin:
      certificate: /tmp/client-crt.pem
      privateKey: /tmp/client-key.pem

  3. Execute the following script to apply the changes:

    /etc/mediakind/mkp/charts/apply_customer_values.sh
MonitoringHLS or Dash over CMAF