Table of Contents |
---|
This guide covers most of the advanced installation procedures that you may need to implement.
Modifying the default domain
The default configuration sets "kiuwan.onpremise.local" as the default domain to access Kiuwan On-Premises.
We encourage you to change the default domain, but take into account that this means updating the provided certificates to keep your installation connections secure.
Step 1:
...
Edit the global configuration file
Using your preferred editor, open the default configuration file located in your config-shared volume:
Code Block | ||
---|---|---|
| ||
sudo vim |
...
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
...
Note |
---|
Do not use |
Set kiuwan.domain as kiuwan.onpremise.local
Edit these properties (kiuwan.port is only needed if you want to use https under a different port than the default 443):
...
Step 2:
...
Update load balancer configuration
Once you have selected your new domain and if you are using the provided Apache load balancer, you should edit the main Apache configuration file:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf |
Note |
---|
Do not use |
Edit this line and change the default domain (kiuwan.onpremise.local) to your new domain:
Code Block |
---|
Define kiuwanDomain kiuwan.onpremise.local |
If you have externalized the provided Apache load balancer, you should edit the equivalent configuration file to set the new domain.
Step 3:
...
Generate new certificates
Please refer to the Managing certificates guide and follow the needed steps depending on your needs.
Once this is done, you should have these files under the [INSTALLER_DIR]/user-content/certs
folder:
- cacert.pem
- domainkey.pem
- domaincert.pem
- domainkeystore.jks
- truststore.jks
Step 4:
...
Complete your installation
If you are performing a new Kiuwan On-Premises installation, please refer to the steps indicated in the following sections, depending on your installation needs:
If you have already installed Kiuwan On-Premises, you
...
need to stop your containers, update the deployed configuration, and restart them. To do so, execute these commands:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]
sudo ./stop-all.sh
cd [INSTALLER_DIR]/docker
sudo ./update.sh
cd [INSTALLER_DIR]
sudo ./start-all.sh |
Note |
---|
Do not use |
Step 5:
...
Update your DNS or hosts files
If you are modifying an existing Kiuwan On-Premises installation, you will need to update your DNS or hosts files.
Note that if you have generated new certificates signed by a different CA than the one that signed the previous ones, you should update your Kiuwan On-Premises clients' certificates or truststores.
...
- Add kiuwan.onpremise.local to your hosts file.
For testing purposes or if you choose the second option, edit this file in the host where you plan to access Kiuwan from:
- Windows OS:
C:\Windows\System32\drivers\etc\hosts
- Linux OS:
/etc/hosts
Add the following entry to the previous file:
Code Block |
---|
[kiuwan_on_premise_host_ip]
[kiuwan_on_premise_host] |
...
Modifying access protocols
Kiuwan On-Premises installation supports configuring access protocols for:
- Apache load balancer: HTTPS (default protocol) or HTTP.
- Kiuwan front instances: HTTPS (default protocol), HTTP, or AJP.
If you need to change the default access protocols, please take into account:
- Apache load balancer configuration must be manually modified, both when using the provided services or when externalizing it.
- Plaintext connections are not secure.
Step 1:
...
Configure Apache load balancer access protocol
In case you are using the provided Apache service for load balancing or your own Apache as a front-end server, you should manually configure how it accesses Kiuwan, by editing its configuration file. For the provided services you can edit the file like this:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf |
Note |
---|
Do not use |
Look for the balancer proxy definition (<Proxy "balancer://mycluster">) and make sure the used protocol matches your needs.
The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through AJP protocol:
Code Block | ||
---|---|---|
| ||
BalancerMember "ajp://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1
BalancerMember "ajp://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1 |
The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through HTTP protocol:
Code Block | ||
---|---|---|
| ||
BalancerMember "http://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=1 hcinterval=15 hcfails=2
BalancerMember "http://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses= |
...
1 hcinterval=15 hcfails= |
...
2 |
Note that if you are not using a front-end server because you want to access directly to a single Kiuwan front instance, you will be forced to use either HTTPS or HTTP protocols
...
to be able to access Kiuwan On-Premises from a web browser.
Warning | |||||
---|---|---|---|---|---|
If you are combining HTTPS access to the Apache load balancer service with HTTP access to Kiuwan front instances, make sure the following directive is turned off in your httpd.conf file, just like this:
|
Step 2:
...
Configure Kiuwan front instances access protocol
Kiuwan On-Premises front instances expose a single port for communicating either by using HTTPS, HTTP, or AJP protocols. To configure the protocol to use, edit the main configuration file located in your config-shared volume:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Note |
---|
Do not use |
Look for the "kiuwan-nodes.access.protocol property and set its value to either "https", "http" or "ajp" depending on the protocol you
...
want to use. For example, to use the AJP protocol:
Code Block | ||
---|---|---|
| ||
kiuwan-nodes.access.protocol=ajp |
Note that this only sets how Kiuwan front servers are configured. You must configure how Kiuwan will generate access URLs for you by following the next step.
Step 3:
...
Configure client access protocol for URL generation
Kiuwan instances need to know how you are accessing your Kiuwan On-Premises
...
installation to correctly generate dynamic URLs. To configure this, edit the main configuration file, located in your config-shared volume:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Note |
---|
Do not use |
Look for the "kiuwan.protocol" property and set its value to either "https" or "http". For example, if you want to access Kiuwan On-Premises through https:
Code Block | ||
---|---|---|
| ||
kiuwan.protocol=https |
Note that "https" and "http" are the only two allowed options here, as you only can access Kiuwan On-Premises from a web browser through one of these protocols.
Step 4:
...
Restart your servers
Modifying exposed ports
Kiuwan On-Premises installation supports changing the ports exposed by each of these services:
- Apache load balancer.
- Kiuwan front instances.
- MySQL database.
Externalizing services
Kiuwan On-Premises uses three main services under its infrastructure's hood:
- Apache: used as a load balancer when multiple Kiuwan frontal instances are running.
- Redis: an in-memory cache to speed up response times.
- MySQL: Kiuwan's main database.
If you want to use your own services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.
Configuring services to externalize
First of all, you will need to edit the main configuration file and mark which services you want to externalize:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
This table shows the properties you should modify when externalizing each service:
Service | Property | Default value |
---|---|---|
Apache | kiuwan.externalize.apacheloadbalancer | false |
Redis | kiuwan.externalize.redis.[cache|storage] | false |
MySQL | kiuwan.externalize.mysql | false |
When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your own services.
Externalizing Apache
When externalizing this service you should take into account that:
- Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its own host name.
- Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to Changing exposed ports for more information.
- In case you are accessing through https scheme, you should provide your frontal service the needed certificates in order to make https connections available (please refer to Managing certificates for more information):
- domaincert.pem
- domainkey.pem
- cacert.pem
Externalizing Redis
It is mandatory for Kiuwan On-Premises to work with your Redis installation that it complies with these characteristics:
- Redis version must be equal or higher than 5.0.4.
- Redis must be configured as a cluster.
- Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).
In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.
In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the "redis.[cache|store].nodes" properties.
All the needed configuration is located in the main configuration file:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
The following table shows the properties to configure (note that you should set exactly the same configuration for both "cache" and "store" Redis configurations):
Property | Meaning | Example |
---|---|---|
redis.[cache|store].nodes | Comma separated list of host and port for each Redis node | rn1.mydomain.com:6379,rn2.mydomain.com:6379,rn3.mydomain.com:6379,rn4.mydomain.com:6379,rn5.mydomain.com:6379,rn6.mydomain.com:6379 |
redis.[cache|store].timeout | Connection timeout in milliseconds | 2000 |
redis.[cache|store].password | Password to use when connecting to a node (leave empty if you have set no password access) | |
redis.[cache|store].clientName | Name of the client connection (defaults to empty) |
Externalizing MySQL
When externalizing MySQL note that your MySQL installation should comply with these characteristics:
- MySQL version 5.7
- Maximum number of connections: 130 per Kiuwan On-Premises instance.
Step 1: create Kiuwan On-Premises schemas
You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:
Code Block | ||
---|---|---|
| ||
create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci; |
Step 2: create Kiuwan On-Premises user
You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:
Code Block | ||
---|---|---|
| ||
create user '[USER]'@'%' identified by '[PASSWORD]';
grant all privileges on `opt_%`.* to '[USER]'@'%' identified by '[PASSWORD]';
flush privileges; |
Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.
Step 3: configure your installation
The following table shows the properties to configure for Kiuwan On-Premises to connect to your own MySQL instance:
Property | Meaning | Example |
---|---|---|
mysql.host | Your MySQL installation host | mysqlkiuwan |
mysql.port | The connection port to access your MySQL installation | 3306 |
mysql.username | The user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step) | csaas |
mysql.password | The user's password (should match the one provided in the previous step) |
Using Amazon S3 as file repository
Kiuwan On-Premises uses these shared file repositories to store analysis related data:
- kiuwanCentralRepository: stores analysis results files.
- kiuwanSourceCodeRepository: stores source code.
- kiuwanCustomConfigRepository: stores centralized analysis configuration files.
These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.
To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):
- centralFileRepository.type=s3
- sourceCodeFileRepository.type=s3
- customConfigFileRepository.type=s3
The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:
Property | Meaning | Example |
---|---|---|
s3.privateBucket.bucketName | Your AWS S3 bucket name | s3mycompany-us |
s3.privateBucket.subDirectoryName | Your AWS S3 subdirectory name under the configured bucket | mydirectory |
s3.privateBucket.accessKeyId | AWS access key for your bucket | BS3BX35Z27UAQCEACTPQ |
s3.privateBucket.secretKeyId | AWS secret key for your bucket | Aasdfjklwe1234123lkjfasc21ssACasfEq124Da |
s3.dir.centralFileRepository | The main key prefix that will be used to keep the central file repository entries | kiuwanCentralWorkingDirectory/analysisData |
s3.dir.sourceCodeFileRepository | The main key prefix that will be used to keep the source code file repository entries | kiuwanCentralWorkingDirectory/analyzedSourceCode |
s3.dir.customConfigFileRepository | The main key prefix that will be used to keep the custom config file repository entries | kiuwanCentralWorkingDirectory/customConfig |
Configuration options reference
All configuration properties you can modify are located in this file, located inside your config-shared volume:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):
...
Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2
The same pattern would apply to the different kiuwan containers.
...
Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value.
...
Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values.
...
These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation.
...
No proxy connection will be used when connecting to these comma separated list of hosts.
...
Email server access configuration. It is mandatory that all kiuwan instances can access the specified host and port.
...
Email server authentication enable flag. Set to false if your email server does not use a SMTP username/password authentication method.
...
The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections.
...
The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls.
...
Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.
...
Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.
...
In case you have made modifications to the provided Apache load balancer, you should restart the server:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]/docker
sudo ./stop-infrastructure.sh apacheloadbalancer
sudo ./start-infrastructure.sh apacheloadbalancer |
Note |
---|
Do not use |
If you are using your front-end server, please restart to apply the changes.
In case you have made modifications to the globalConfig.properties file, you should restart the Kiuwan servers:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]
sudo ./stop-kiuwan.sh
sudo ./start-kiuwan.sh |
Note |
---|
Do not use |
Modifying exposed ports
Kiuwan On-Premises installation supports changing which ports will be exposed to the outside of the Docker network by any of these services:
- Apache load balancer.
- Kiuwan front instances.
- MySQL database.
Note that the port used by the provided containers inside the Kiuwan Docker Network (172.172.0.0/16) is fixed and cannot be changed. Only the exposed ports are configurable. The following table shows which ports are used by each container inside the Docker network and how they are mapped to the outside by default:
Container name | Internal ports (cannot be changed) | Exposed ports (configurable) | Protocol |
---|---|---|---|
apacheloadbalancer | 80, 443 | 80, 443 | HTTPS or HTTP |
wildflykiuwan-f[n] | 8443 | 8[n]43 | HTTPS, HTTP or AJP |
wildflykiuwan-a[n] | None | None | None |
wildflykiuwan-s[n] | None | None | None |
mysqlkiuwan | 3306 | 3306 | MySQL protocol |
Note that containers can only be accessed from outside its host when at least one port is exposed. These considerations should be taken into account as well:
- If you are accessing any container through HTTPS and you change the provided ports you should update your certificates in order to modify the provided SANs (Subject Alternative Names). Please refer to Managing certificates page for more information.
- On single hosts installations where the provided front-end server (apacheloadbalancer) or the provided MySQL (mysqlkiuwan) are not externalized, changing Kiuwan front instances ports or MySQL port is not usually needed unless there are port conflicts on your host. As we recommend using a dedicated host for Kiuwan On-Premises installations, this should not be the case in most installations. By default, the provided Apache access Kiuwan front instances through port 8443 and Kiuwan access MySQL through port 3306, as they belong to the same Docker network.
- When using an externalized front-end server, it may be needed to change the Kiuwan front instances ports if your company has strict traffic guidelines or you just prefer using ports that you are more comfortable with.
- In case you are using your MySQL server, Kiuwan should be instructed to use the port in which your MySQL server is listening to.
- In case you are using the provided MySQL container on a different host and you want to modify the exposed port by the container you must change both the MySQL exposed port and the port used by Kiuwan to communicate with MySQL. Both ports must match.
Note |
---|
When modifying the front-end server, Kiuwan front instances or MySQL ports, you should always update how Kiuwan connects to each service. Please refer to Setting which ports Kiuwan should use for more details. |
Warning | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
You must restart the needed servers when ports have been reconfigured. In case you have made modifications to the provided Apache load balancer, you should restart the server:
If you are using your own front-end server, please restart it to apply the changes. In case you have made modifications that affect Kiuwan, you should restart the Kiuwan servers:
|
Modifying exposed ports in Apache load balancer
When using the provided Apache load balancer, the following properties found in the globalConfig.properties
main configuration file will set the exposed ports:
kiuwan.port.apache.http
: sets the exposed port for HTTP.kiuwan.port.apache.https
: sets the exposed port for HTTPS.
Ports set must be different to avoid conflicts. Note that the provided Apache container will expose both ports to listen HTTPS and HTTP traffic, but you can unset any of them by modifying the provided configuration file.
Step 1: Modify globalConfig.properties file
In case you modify the default ports, you must change the httpd.conf
file located under [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf
folder.
Locate the properties shown above and set them to the ports that you want to expose (default configuration is shown below):
Code Block | ||
---|---|---|
| ||
kiuwan.port.apache.http=80
kiuwan.port.apache.https=443 |
Step 2: Modify httpd.conf file
First, locate the ports Apache will listen to and set your selected ports. Default configuration is shown below (ports 80 and 443):
Code Block | ||
---|---|---|
| ||
Listen 80
Listen 443 |
Second, locate the default virtual host entry and change the assigned port. Default configuration is shown below (port 443):
Code Block | ||
---|---|---|
| ||
<VirtualHost *:443> |
Open browser and visit https://localhost/saas/web/dashboard/dashboard
Modifying exposed ports in Kiuwan front instances
To change the exposed port of a Kiuwan front instance, edit the main configuration file (globalConfig.properties):
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Note |
---|
Do not use |
Locate the following properties (default values are shown):
Code Block | ||
---|---|---|
| ||
kiuwan.port.front1=8143
kiuwan.port.front2=8243
kiuwan.port.front3=8343
kiuwan.port.front4=8443
kiuwan.port.front5=8543
kiuwan.port.front6=8643
kiuwan.port.front7=8743
kiuwan.port.front8=8843 |
By default, only one front instance will be started, but it is recommended to change all available instances just in case you need to add front instances in the future.
Note that the previous properties set the ports that will be exposed outside Kiuwan Docker network. Changing these ports is only recommended when externalizing the Apache load balancer service, as the internal port (8443) will be used when this service is inside the Docker network.
Modifying exposed ports in MySQL
To change the exposed port of the provided MySQL service, edit the main configuration file (globalConfig.properties):
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Note |
---|
Do not use |
Locate the following property (default value is shown):
Code Block | ||
---|---|---|
| ||
kiuwan.port.mysql=3306 |
Note that the previous property sets the port that will be exposed outside Kiuwan Docker network. Changing these ports is only recommended when externalizing the MySQL service, as the internal port (3306) will be used when this service is inside the Docker network.
Setting which ports Kiuwan should use
Kiuwan instances must know which ports you are exposing both in:
- The provided apache load balancer or your front-end server.
- The provided MySQL database or your MySQL instance.
As both services can be externalized, there are two additional properties to configure these ports (found in the main configuration file [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
):
- kiuwan.port: the port that will be used when generating dynamic URLs from Kiuwan. This port must match the one exposed by the front-end server.
- mysql.port: the port that will be used by Kiuwan to connect to the MySQL host. This port must match the one exposed by the MySQL server.
Configuration examples
Example 1
The following table shows how to set the values in globalConfig.properties
file for installation where:
- All Kiuwan containers are deployed in the same host (single host installation).
- Apache load balancer externalized. The Apache server listens to port 444.
- Apache will access Kiuwan On-Premises front servers through port 8009. If new front instances are added, the next port will be used for the new instance.
- MySQL has been externalized and is accessible though port 3344.
Property key | Value |
---|---|
kiuwan.port | 444 |
mysql.port | 3344 |
kiuwan.port.front1 | 8009 |
kiuwan.port.front2 | 8010 |
kiuwan.port.front[n] | 8009 + (n - 1) |
kiuwan.port.apache.http | Does not apply, service externalized |
kiuwan.port.apache.https | Does not apply, service externalized |
kiuwan.port.mysql | Does not apply, service externalized |
The front-end server must use ports 8009, 8010, etc. to access Kiuwan front servers.
Example 2
The following table shows how to set the values in globalConfig.properties
file for installation where:
- All Kiuwan containers are deployed in the same host (single host installation).
- Apache load balancer is NOT externalized and will listen to port 80 for HTTP and port 443 for HTTPS.
- Kiuwan On-Premises front servers should be accessible from the outside through port 8080. If new front instances are added, the next port will be used for the new instance.
- MySQL has NOT been externalized and will be accessible through port 3406 for direct external connections to the database.
Property key | Value |
---|---|
kiuwan.port | 443 |
mysql.port | 3306 |
kiuwan.port.front1 | 8080 |
kiuwan.port.front2 | 8081 |
kiuwan.port.front[n] | 8080 + (n - 1) |
kiuwan.port.apache.http | 80 |
kiuwan.port.apache.https | 443 |
kiuwan.port.mysql | 3406 |
The front-end server must use port 8443 to access Kiuwan front servers, as it belongs to the same Docker network, but a user will be able to access these front servers through ports 8080, 8081, etc. from outside the Kiuwan On-Premises host.
Configure a password in Redis
Info |
---|
This configuration is available from version 2.8.2010.1 of Kiuwan on-premise |
The default configuration of Kiuwan does not set any password in Redis.
To configure a password in Redis and configure Kiuwan to connect to Redis using a password, follow these steps:
If you are installing Kiuwan for the first time, make sure that you have completed at least the “Step 6: initialize your volumes” described in Kiuwan On-Premises Distributed Installation Guide before continuing.
Step 1: Stop Kiuwan
If you are installing Kiuwan for the first time in your instance, skip this step.
If you are modifying the configuration of an existing Kiuwan installation stop executing it:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]
sudo ./stop-kiuwan.sh
sudo ./start-kiuwan.sh |
Note |
---|
Do not use |
Step 2: Edit the global configuration file
Using your preferred editor, open the default configuration file located in your config-shared volume. In the following example, the used editor is vim:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Edit these properties and assign a password to be used on connecting to Redis, you should set the same value for both redis.cache
and redis.store
password:
redis.cache.password={YOUR_REDIS_PASSWORD}
redis.store.password={YOUR_REDIS_PASSWORD}
Note |
---|
Do not use |
Step 3: Activate authentication in Redis
You should edit the Redis configuration files located in the following path:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/Redis/conf/redis[1-6].conf |
Note |
---|
Do not use |
Add the following lines in each of them (6 files in total):
Code Block | ||
---|---|---|
| ||
requirepass {YOUR_REDIS_PASSWORD}
masterauth {YOUR_REDIS_PASSWORD} |
If you have externalized the Redis installation, you should edit the equivalent configuration file to activate the authentication and restart the externalized Redis installation.
Step 4: Propagate the changes in Kiuwan
If you are installing Kiuwan for the first time in your instance, skip this step.
To propagate the changes in globalConfig.properties
, execute the following commands:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]/docker
sudo ./update.sh |
Note |
---|
Do not use |
Step 5: Start kiuwan
All the required changes are completed. If you are installing Kiuwan for the first time make sure that you complete all the installation steps and start Kiuwan.
If you are modifying an existing installation start Kiuwan and the setup is completed:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]
sudo ./start-all.sh |
Note |
---|
Do not use |
Externalizing services
Kiuwan On-Premises uses three main services under its infrastructure's hood:
- Apache - used as a load balancer when multiple Kiuwan frontal instances are running.
- Redis - an in-memory cache to speed up response times.
- MySQL - Kiuwan's main database.
If you want to use your services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.
Configuring services to externalize
First of all, you will need to edit the main configuration file and mark which services you want to externalize:
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
This table shows the properties you should modify when externalizing each service:
Service | Property | Default value |
---|---|---|
Apache | kiuwan.externalize.apacheloadbalancer | false |
Redis | kiuwan.externalize.redis.[cache|storage] | false |
MySQL | kiuwan.externalize.mysql | false |
When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your services.
Externalizing Apache
When externalizing this service you should take into account that:
- Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its hostname.
- Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to Changing exposed ports for more information.
- In case you are accessing through https scheme, you should provide your frontal service the needed certificates to make https connections available (please refer to Managing certificates for more information):
- domaincert.pem
- domainkey.pem
- cacert.pem
Modify globalConfig.properties
and set kiuwan.externalize.apacheloadbalancer=true
Refer to ModifyingexposedportsinKiuwanfrontinstances and modify the exposed ports in Kiuwan front instances.
Offload load balancer through container, which is mapped to local port 80 and 443.
Open browser and visit https://localhost/saas/web/dashboard/dashboard
Externalizing Redis
Kiuwan On-Premises must work with your Redis installation that it complies with these characteristics:
- Redis version must be equal or higher than 5.0.4.
- Redis must be configured as a cluster.
- Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).
In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.
In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the redis.[cache|store].nodes
properties.
All the needed configuration is located in the main configuration file:
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
The following table shows the properties to configure (note that you should set the same configuration for both "cache" and "store" Redis configurations):
Property | Meaning | Example |
---|---|---|
redis.[cache|store].nodes | Comma separated list of host and port for each Redis node | rn1.mydomain.com:6379, rn2.mydomain.com:6379, rn3.mydomain.com:6379, rn4.mydomain.com:6379, rn5.mydomain.com:6379, rn6.mydomain.com:6379 |
redis.[cache|store].timeout | Connection timeout in milliseconds | 2000 |
redis.[cache|store].password | Password to use when connecting to a node (leave empty if you have set no password access) | |
redis.[cache|store].clientName | Name of the client connection (defaults to empty) |
Externalizing MySQL
When externalizing MySQL note that your MySQL installation should comply with these characteristics:
- MySQL version 5.7
- The maximum number of connections: 130 per Kiuwan On-Premises instance.
Step 1: Create Kiuwan On-Premises schemas
You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:
Code Block | ||
---|---|---|
| ||
create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci; |
To generate the required tables, run all the .sql scripts present in the directories:
/installation/resources/install-db
and /installation/resources/install-db-data-core
Step 2: Create Kiuwan On-Premises user
You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:
Code Block | ||
---|---|---|
| ||
create user '[USER]'@'%' identified by '[PASSWORD]';
grant all privileges on `opt_%`.* to '[USER]'@'%' identified by
'[PASSWORD]';
flush privileges; |
Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.
Step 3: Configure your installation
The following table shows the properties to configure for Kiuwan On-Premises to connect to your MySQL instance:
Property | Meaning | Example |
---|---|---|
mysql.host | Your MySQL installation host | localhost |
mysql.port | The connection port to access your MySQL installation | 3306 |
mysql.username | The user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step) | username |
mysql.password | The user's password (should match the one provided in the previous step) | password |
Step 4: Set kiuwan.externalize.mysql=true in globalConfig.properties
Open browser and visit https://localhost/saas/web/dashboard/dashboard
Using Amazon S3 as file repository
Kiuwan On-Premises uses these shared file repositories to store analysis related data:
- kiuwanCentralRepository: stores analysis results files.
- kiuwanSourceCodeRepository: stores source code.
- kiuwanCustomConfigRepository: stores centralized analysis configuration files.
These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.
To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
):
centralFileRepository.type=s3
sourceCodeFileRepository.type=s3
customConfigFileRepository.type=s3
The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:
Property | Meaning | Example |
---|---|---|
s3.privateBucket.bucketName | Your AWS S3 bucket name | s3mycompany-us |
s3.privateBucket.subDirectoryName | Your AWS S3 subdirectory name under the configured bucket | mydirectory |
s3.privateBucket.accessKeyId | AWS access key for your bucket | BS3BX35Z27UAQCEACTPQ |
s3.privateBucket.secretKeyId | AWS secret key for your bucket | Aasdfjklwe1234123lkjfasc21ssACasfEq124Da |
s3.dir.centralFileRepository | The main key prefix that will be used to keep the central file repository entries | kiuwanCentralWorkingDirectory/analysisData |
s3.dir.sourceCodeFileRepository | The main key prefix that will be used to keep the source code file repository entries | kiuwanCentralWorkingDirectory/analyzedSourceCode |
s3.dir.customConfigFileRepository | The main key prefix that will be used to keep the custom config file repository entries | kiuwanCentralWorkingDirectory/customConfig |
Automatic data purge
To keep used disk space under control, Kiuwan On-Premises is capable of automatically purge unnecessary files and, optionally, old data that you may not need anymore.
By default, Kiuwan On-Premises purges:
- Analyses that are not among the last 50 processed (for each application).
- Analyses older than 5 years (1825 days).
- Support files older than 6 months (180 days).
The previous thresholds can be configured through the following properties:
kiuwan.purge.analysis.lastAnalysesToKeep
kiuwan.purge.analysis.antiquity.days
kiuwan.purge.support.files.antiquity.days
In case you do not want to delete and purge any of your data, simply change the active flag to false in the following properties:
- kiuwan.purge.analysis.data.active
- kiuwan.purge.support.files.active
Also, turn off kiuwan.purge.analysis.files.active flag
, but this is only recommended for troubleshooting purposes since you will deactivate a task that only purges temporary files that are not needed when using Kiuwan On-Premises.
All the configuration properties can be found inside the main configuration file:
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
Internally, Kiuwan On-Premises uses 5 scheduled tasks to implement file and data purge:
- Soft-delete “old” analyses: performs a logical deletion of analyses that are considered “old”.
- Purge soft-deleted analysis data: purges the data associated with soft-deleted analyses.
- Purge “old” support files: purges “old” files that have been stored for support purposes.
- Purge analysis shared files: purges files that belong to soft-deleted analyses (stored in the data-shared volume).
- Purge analysis local temporary files: purges internal temporary data that belong to “old” analyses and is not needed anymore (locally stored on front and analyzer nodes).
The previous tasks are executed on a daily basis, following this timetable:
Task | Execution Time | Execution Node |
---|---|---|
Soft-delete “old” analyses | 3:00 AM | Scheduler |
Purge soft-deleted analysis data | 5:00 AM | Scheduler |
Purge “old” support files | 2:00 AM | Scheduler |
Purge analysis shared files | 4:00 AM | Scheduler |
Purge analysis local temporary files | 3:00 AM | Front, Analyzer |
Configuration options reference
All configuration properties you can modify are located in this file, located inside your config-shared volume:
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):
Property | Default value | Meaning |
---|---|---|
Installer behavior | ||
kiuwan.singlehost.nodes.front | wildflykiuwan-f1 | Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2 The same pattern would apply to the different kiuwan containers. |
kiuwan.singlehost.nodes.analyzers | wildflykiuwan-a1 | |
kiuwan.singlehost.nodes.schedulers | wildflykiuwan-s1 | |
kiuwan.clients.update | true | Update clients when update.sh is executed. Set to false if you need to run the update process without updating clients (in case there are any new available), propagate changes in this configuration file while not updating clients or run the update process when no connection to static.kiuwan.com is available. |
Kiuwan connection | ||
kiuwan.protocol | https | Kiuwan default access protocol |
kiuwan.domain | kiuwan.onpremise.local | Kiuwan default domain |
kiuwan.port | 443 | Kiuwan default access port |
kiuwan.nodes.access.protocol | https | Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value. |
kiuwan.proxy.autoconfig | true | Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values. |
Kiuwan instances alternative proxy | ||
These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation. | ||
kiuwan.http.proxyHost | Proxy to use from Kiuwan instances when making http connections. | |
kiuwan.http.proxyPort | ||
kiuwan.http.proxyUser | ||
kiuwan.http.proxyPassword | ||
kiuwan.https.proxyHost | Proxy to use from Kiuwan instances when making https connections. | |
kiuwan.https.proxyPort | ||
kiuwan.https.proxyUser | ||
kiuwan.https.proxyPassword | ||
kiuwan.http.nonProxyHosts | No proxy connection will be used when connecting to these comma-separated list of hosts. | |
Kiuwan instances shared configuration | ||
kiuwan.mail.host | mail.kiuwan.local | Email server access configuration. It is mandatory that all Kiuwan instances can access the specified host and port. |
kiuwan.mail.port | 25 | |
kiuwan.mail.authentication | true | Email server authentication enables flag. Set to false if your email server does not use a SMTP username/password authentication method. |
kiuwan.mail.username | admin.kiuwan | Email server username. |
kiuwan.mail.password | Email server password. | |
kiuwan.mail.from | admin.kiuwan@mail.kiuwan.local | The email account that will be used in the "from" field when composing emails. This field is mandatory, do not leave blank. |
kiuwan.mail.secure.layer | ssl | The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections. |
kiuwan.mail.secure.layer.value | true | The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls. |
kiuwan.default.mail.account | admin.kiuwan@mail.kiuwan.local | Mail account that will be assigned to the default Kiuwan account. |
timezone | Europe/Madrid | Kiuwan servers timezone. Please refer to Supported timezones page for a complete list of supported time zones. |
java.keystore.password | Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your certificates. | |
java.truststore.password | Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates. | |
kiuwan.purge.analysis.files.active | true | When the value is set to true, the following tasks are executed daily:
|
kiuwan.purge.analysis.files.antiquity.days | 3 | The value refers to the number of days since the last modification date of a local temporary file to be considered "old". |
Kiuwan file repositories | ||
centralFileRepository.type | filesystem | Central file repository storage type [filesystem|s3]. |
sourceCodeFileRepository.type | filesystem | Source code repository storage type [filesystem|s3]. |
customConfigFileRepository.type | filesystem | Custom config repository storage type [filesystem|s3]. |
s3.privateBucket.bucketName | S3 bucket name (only applies when using AWS S3 type repositories). | |
s3.privateBucket.subDirectoryName | S3 subdirectory name (only applies when using AWS S3 type repositories). | |
s3.privateBucket.accessKeyId | Access key id (only applies when using AWS S3 type repositories). | |
s3.privateBucket.secretKeyId | Secret key id (only applies when using AWS S3 type repositories). | |
s3.dir.centralFileRepository | Central file repository directory (only applies when using AWS S3 type repositories). | |
s3.dir.sourceCodeFileRepository | Source code file repository directory (only applies when using AWS S3 type repositories). | |
s3. |
...
dir. |
...
customConfigFileRepository | Centralized configuration file repository directory (only applies when using AWS S3 type repositories). |
...
Kiuwan front instances | ||||
kiuwan.port.front[n] | 8[n]43 | Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored. | ||
kiuwan.nodes.front.max.memory | 2048m | Max memory to set to front instances | ||
session.timeout | 3600 | Time a session can be inactive before close it (in seconds) | ||
session.secure | false | Use the secure attribute of the session cookie. Set this field to true only if you plan to access your Kiuwan On-Premises installation through https. | ||
session.httponly | false | Use the httponly attribute of the session cookie. | ||
Kiuwan analyzer instances | ||||
kiuwan.nodes.analyzers.max.memory | 4096m | Max memory to set to analyzer instances. | ||
queues.reportsGeneratedQueueSize | 2 | Number of slots enabled for analysis processing. | ||
Kiuwan scheduler instances | ||||
kiuwan.nodes.schedulers.max.memory | 2048m | Max memory to set to front instances. | ||
kiuwan.purge.analysis.data.active | true | When this value is set to true, the following tasks executes daily:
| ||
kiuwan.purge.analysis.antiquity.days | 1825 | The value refers to the number of days since the creation timestamp of a baseline analysis to be considered "old". If Soft-delete "old" analyses task is active, the analyses older than the specified number of days are automatically soft-deleted. | ||
kiuwan.purge.analysis.lastAnalysesToKeep | 50 | The value refers to the number of baseline analyses to keep per application. This takes precedence over "old" analyses, meaning that even when the soft-delete "old" analyses task is active and a baseline analysis is considered "old", this minimum number of baseline analyses is kept per application. | ||
kiuwan.purge.support.files.active | true | When this value is set to true, purge "old" support files task are executed daily. This task automatically purges "old" files (see kiuwan.purge.support.files.antiquity.days) that are downloaded when asking Kiuwan to retrieve support data. | ||
kiuwan.purge.support.files.antiquity.days | 180 | The value refers to the number of days since the last modification of a support file to be considered old. When the purge "old" support files task is active, the support files older than the specified days are automatically removed |
...
Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored.
...
Use the secure attribute of the session cookie. Set this field to true only if you plan accessing your Kiuwan On-Premises installation through https.
...
. | ||
Apache load balancer | ||
kiuwan.port.apache.http | 80 | Ports that will be exposed by the Apache load balancer container. When using the provided load balancer, the specified "kiuwan.port.apache.https" (or "kiuwan.port.apache.http" when disabling https support) must match the value set to "kiuwan.port field". When externalizing this service, their values have no effect. |
kiuwan.port.apache.https | 443 | |
MySQL | ||
kiuwan.port.mysql | 3306 | Port that will be exposed by the MySQL container. When using the provided MySQL, its value must match the one specified in "mysql.port" field. When externalizing this service, its value has no effect. |
mysql.host | mysqlkiuwan | MySQL connection settings. Note that this must be aligned with the configured MySQL port or your external MySQL service in case you are externalizing MySQL. |
mysql.port | 3306 | |
mysql.username | csaas | MySQL connection authentication settings. Note that a MySQL user with the specified credentials will be automatically created when installing from scratch if you are running the provided MySQL service. In case you want to change the user accessing Kiuwan's schemas after the installation is completed, you must manually create the user both in the provided MySQL or an externalized one. |
mysql.password |
...
mysql.config.useSSL | false | Enable or disable the use of encryption when connecting to MySQL |
mysql.config.requireSSL | false | Force the use of encryption when connecting to MySQL |
mysql.config.verifyServerCertificate | false | Force the validation of the certificate served MySQL |
Redis Cluster cache and store | ||
redis.[cache|store].nodes | redis_0000[1-6]:6379 | Redis nodes hosts (use the provided single host name when using elasticache) |
redis.[cache|store].timeout | 2000 | Redis connection timeout |
redis.[cache|store].password |
...
Redis password | |
redis.[cache|store].clientName |
...
Redis client name |
Supported timezones reference
The following table shows the available timezones that can be set to the Kiuwan On-Premises server when editing the main configuration file located in:
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
Note that you can set only one of these values to the timezone property found in the previous file:
Time zone | GMT offset |
---|---|
Africa/Abidjan | 0 |
Africa/Accra | 0 |
Africa/Addis_Ababa | 3 |
Africa/Algiers | 1 |
Africa/Asmara | 3 |
Africa/Asmera | 3 |
Africa/Bamako | 0 |
Africa/Bangui | 1 |
Africa/Banjul | 0 |
Africa/Bissau | 0 |
Africa/Blantyre | 2 |
Africa/Brazzaville | 1 |
Africa/Bujumbura | 2 |
Africa/Cairo | 2 |
Africa/Casablanca | 0 |
Africa/Ceuta | 1 |
Africa/Conakry | 0 |
Africa/Dakar | 0 |
Africa/Dar_es_Salaam | 3 |
Africa/Djibouti | 3 |
Africa/Douala | 1 |
Africa/El_Aaiun | 0 |
Africa/Freetown | 0 |
Africa/Gaborone | 2 |
Africa/Harare | 2 |
Africa/Johannesburg | 2 |
Africa/Juba | 3 |
Africa/Kampala | 3 |
Africa/Khartoum | 2 |
Africa/Kigali | 2 |
Africa/Kinshasa | 1 |
Africa/Lagos | 1 |
Africa/Libreville | 1 |
Africa/Lome | 0 |
Africa/Luanda | 1 |
Africa/Lubumbashi | 2 |
Africa/Lusaka | 2 |
Africa/Malabo | 1 |
Africa/Maputo | 2 |
Africa/Maseru | 2 |
Africa/Mbabane | 2 |
Africa/Mogadishu | 3 |
Africa/Monrovia | 0 |
Africa/Nairobi | 3 |
Africa/Ndjamena | 1 |
Africa/Niamey | 1 |
Africa/Nouakchott | 0 |
Africa/Ouagadougou | 0 |
Africa/Porto-Novo | 1 |
Africa/Sao_Tome | 0 |
Africa/Timbuktu | 0 |
Africa/Tripoli | 2 |
Africa/Tunis | 1 |
Africa/Windhoek | 2 |
America/Adak | -10 |
America/Anchorage | -9 |
America/Anguilla | -4 |
America/Antigua | -4 |
America/Araguaina | -3 |
America/Argentina/Buenos_Aires | -3 |
America/Argentina/Catamarca | -3 |
America/Argentina/ComodRivadavia | -3 |
America/Argentina/Cordoba | -3 |
America/Argentina/Jujuy | -3 |
America/Argentina/La_Rioja | -3 |
America/Argentina/Mendoza | -3 |
America/Argentina/Rio_Gallegos | -3 |
America/Argentina/Salta | -3 |
America/Argentina/San_Juan | -3 |
America/Argentina/San_Luis | -3 |
America/Argentina/Tucuman | -3 |
America/Argentina/Ushuaia | -3 |
America/Aruba | -4 |
America/Asuncion | -4 |
America/Atikokan | -5 |
America/Atka | -10 |
America/Bahia | -3 |
America/Bahia_Banderas | -6 |
America/Barbados | -4 |
America/Belem | -3 |
America/Belize | -6 |
America/Blanc-Sablon | -4 |
America/Boa_Vista | -4 |
America/Bogota | -5 |
America/Boise | -7 |
America/Buenos_Aires | -3 |
America/Cambridge_Bay | -7 |
America/Campo_Grande | -4 |
America/Cancun | -5 |
America/Caracas | -4 |
America/Catamarca | -3 |
America/Cayenne | -3 |
America/Cayman | -5 |
America/Chicago | -6 |
America/Chihuahua | -7 |
America/Coral_Harbour | -5 |
America/Cordoba | -3 |
America/Costa_Rica | -6 |
America/Creston | -7 |
America/Cuiaba | -4 |
America/Curacao | -4 |
America/Danmarkshavn | 0 |
America/Dawson | -8 |
America/Dawson_Creek | -7 |
America/Denver | -7 |
America/Detroit | -5 |
America/Dominica | -4 |
America/Edmonton | -7 |
America/Eirunepe | -5 |
America/El_Salvador | -6 |
America/Ensenada | -8 |
America/Fort_Nelson | -7 |
America/Fort_Wayne | -5 |
America/Fortaleza | -3 |
America/Glace_Bay | -4 |
America/Godthab | -3 |
America/Goose_Bay | -4 |
America/Grand_Turk | -5 |
America/Grenada | -4 |
America/Guadeloupe | -4 |
America/Guatemala | -6 |
America/Guayaquil | -5 |
America/Guyana | -4 |
America/Halifax | -4 |
America/Havana | -5 |
America/Hermosillo | -7 |
America/Indiana/Indianapolis | -5 |
America/Indiana/Knox | -6 |
America/Indiana/Marengo | -5 |
America/Indiana/Petersburg | -5 |
America/Indiana/Tell_City | -6 |
America/Indiana/Vevay | -5 |
America/Indiana/Vincennes | -5 |
America/Indiana/Winamac | -5 |
America/Indianapolis | -5 |
America/Inuvik | -7 |
America/Iqaluit | -5 |
America/Jamaica | -5 |
America/Jujuy | -3 |
America/Juneau | -9 |
America/Kentucky/Louisville | -5 |
America/Kentucky/Monticello | -5 |
America/Knox_IN | -6 |
America/Kralendijk | -4 |
America/La_Paz | -4 |
America/Lima | -5 |
America/Los_Angeles | -8 |
America/Louisville | -5 |
America/Lower_Princes | -4 |
America/Maceio | -3 |
America/Managua | -6 |
America/Manaus | -4 |
America/Marigot | -4 |
America/Martinique | -4 |
America/Matamoros | -6 |
America/Mazatlan | -7 |
America/Mendoza | -3 |
America/Menominee | -6 |
America/Merida | -6 |
America/Metlakatla | -9 |
America/Mexico_City | -6 |
America/Miquelon | -3 |
America/Moncton | -4 |
America/Monterrey | -6 |
America/Montevideo | -3 |
America/Montreal | -5 |
America/Montserrat | -4 |
America/Nassau | -5 |
America/New_York | -5 |
America/Nipigon | -5 |
America/Nome | -9 |
America/Noronha | -2 |
America/North_Dakota/Beulah | -6 |
America/North_Dakota/Center | -6 |
America/North_Dakota/New_Salem | -6 |
America/Ojinaga | -7 |
America/Panama | -5 |
America/Pangnirtung | -5 |
America/Paramaribo | -3 |
America/Phoenix | -7 |
America/Port-au-Prince | -5 |
America/Port_of_Spain | -4 |
America/Porto_Acre | -5 |
America/Porto_Velho | -4 |
America/Puerto_Rico | -4 |
America/Punta_Arenas | -3 |
America/Rainy_River | -6 |
America/Rankin_Inlet | -6 |
America/Recife | -3 |
America/Regina | -6 |
America/Resolute | -6 |
America/Rio_Branco | -5 |
America/Rosario | -3 |
America/Santa_Isabel | -8 |
America/Santarem | -3 |
America/Santiago | -4 |
America/Santo_Domingo | -4 |
America/Sao_Paulo | -3 |
America/Scoresbysund | -1 |
America/Shiprock | -7 |
America/Sitka | -9 |
America/St_Barthelemy | -4 |
America/St_Johns | -3 |
America/St_Kitts | -4 |
America/St_Lucia | -4 |
America/St_Thomas | -4 |
America/St_Vincent | -4 |
America/Swift_Current | -6 |
America/Tegucigalpa | -6 |
America/Thule | -4 |
America/Thunder_Bay | -5 |
America/Tijuana | -8 |
America/Toronto | -5 |
America/Tortola | -4 |
America/Vancouver | -8 |
America/Virgin | -4 |
America/Whitehorse | -8 |
America/Winnipeg | -6 |
America/Yakutat | -9 |
America/Yellowknife | -7 |
Antarctica/Casey | 8 |
Antarctica/Davis | 7 |
Antarctica/DumontDUrville | 10 |
Antarctica/Macquarie | 11 |
Antarctica/Mawson | 5 |
Antarctica/McMurdo | 12 |
Antarctica/Palmer | -3 |
Antarctica/Rothera | -3 |
Antarctica/South_Pole | 12 |
Antarctica/Syowa | 3 |
Antarctica/Troll | 0 |
Antarctica/Vostok | 6 |
Arctic/Longyearbyen | 1 |
Asia/Aden | 3 |
Asia/Almaty | 6 |
Asia/Amman | 2 |
Asia/Anadyr | 12 |
Asia/Aqtau | 5 |
Asia/Aqtobe | 5 |
Asia/Ashgabat | 5 |
Asia/Ashkhabad | 5 |
Asia/Atyrau | 5 |
Asia/Baghdad | 3 |
Asia/Bahrain | 3 |
Asia/Baku | 4 |
Asia/Bangkok | 7 |
Asia/Barnaul | 7 |
Asia/Beirut | 2 |
Asia/Bishkek | 6 |
Asia/Brunei | 8 |
Asia/Calcutta | 5 |
Asia/Chita | 9 |
Asia/Choibalsan | 8 |
Asia/Chongqing | 8 |
Asia/Chungking | 8 |
Asia/Colombo | 5 |
Asia/Dacca | 6 |
Asia/Damascus | 2 |
Asia/Dhaka | 6 |
Asia/Dili | 9 |
Asia/Dubai | 4 |
Asia/Dushanbe | 5 |
Asia/Famagusta | 2 |
Asia/Gaza | 2 |
Asia/Harbin | 8 |
Asia/Hebron | 2 |
Asia/Ho_Chi_Minh | 7 |
Asia/Hong_Kong | 8 |
Asia/Hovd | 7 |
Asia/Irkutsk | 8 |
Asia/Istanbul | 3 |
Asia/Jakarta | 7 |
Asia/Jayapura | 9 |
Asia/Jerusalem | 2 |
Asia/Kabul | 4 |
Asia/Kamchatka | 12 |
Asia/Karachi | 5 |
Asia/Kashgar | 6 |
Asia/Kathmandu | 5 |
Asia/Katmandu | 5 |
Asia/Khandyga | 9 |
Asia/Kolkata | 5 |
Asia/Krasnoyarsk | 7 |
Asia/Kuala_Lumpur | 8 |
Asia/Kuching | 8 |
Asia/Kuwait | 3 |
Asia/Macao | 8 |
Asia/Macau | 8 |
Asia/Magadan | 11 |
Asia/Makassar | 8 |
Asia/Manila | 8 |
Asia/Muscat | 4 |
Asia/Nicosia | 2 |
Asia/Novokuznetsk | 7 |
Asia/Novosibirsk | 7 |
Asia/Omsk | 6 |
Asia/Oral | 5 |
Asia/Phnom_Penh | 7 |
Asia/Pontianak | 7 |
Asia/Pyongyang | 9 |
Asia/Qatar | 3 |
Asia/Qostanay | 6 |
Asia/Qyzylorda | 5 |
Asia/Rangoon | 6 |
Asia/Riyadh | 3 |
Asia/Saigon | 7 |
Asia/Sakhalin | 11 |
Asia/Samarkand | 5 |
Asia/Seoul | 9 |
Asia/Shanghai | 8 |
Asia/Singapore | 8 |
Asia/Srednekolymsk | 11 |
Asia/Taipei | 8 |
Asia/Tashkent | 5 |
Asia/Tbilisi | 4 |
Asia/Tehran | 3 |
Asia/Tel_Aviv | 2 |
Asia/Thimbu | 6 |
Asia/Thimphu | 6 |
Asia/Tokyo | 9 |
Asia/Tomsk | 7 |
Asia/Ujung_Pandang | 8 |
Asia/Ulaanbaatar | 8 |
Asia/Ulan_Bator | 8 |
Asia/Urumqi | 6 |
Asia/Ust-Nera | 10 |
Asia/Vientiane | 7 |
Asia/Vladivostok | 10 |
Asia/Yakutsk | 9 |
Asia/Yangon | 6 |
Asia/Yekaterinburg | 5 |
Asia/Yerevan | 4 |
Atlantic/Azores | -1 |
Atlantic/Bermuda | -4 |
Atlantic/Canary | 0 |
Atlantic/Cape_Verde | -1 |
Atlantic/Faeroe | 0 |
Atlantic/Faroe | 0 |
Atlantic/Jan_Mayen | 1 |
Atlantic/Madeira | 0 |
Atlantic/Reykjavik | 0 |
Atlantic/South_Georgia | -2 |
Atlantic/St_Helena | 0 |
Atlantic/Stanley | -3 |
Australia/ACT | 10 |
Australia/Adelaide | 9 |
Australia/Brisbane | 10 |
Australia/Broken_Hill | 9 |
Australia/Canberra | 10 |
Australia/Currie | 10 |
Australia/Darwin | 9 |
Australia/Eucla | 8 |
Australia/Hobart | 10 |
Australia/LHI | 10 |
Australia/Lindeman | 10 |
Australia/Lord_Howe | 10 |
Australia/Melbourne | 10 |
Australia/NSW | 10 |
Australia/North | 9 |
Australia/Perth | 8 |
Australia/Queensland | 10 |
Australia/South | 9 |
Australia/Sydney | 10 |
Australia/Tasmania | 10 |
Australia/Victoria | 10 |
Australia/West | 8 |
Australia/Yancowinna | 9 |
Brazil/Acre | -5 |
Brazil/DeNoronha | -2 |
Brazil/East | -3 |
Brazil/West | -4 |
CET | 1 |
CST6CDT | -6 |
Canada/Atlantic | -4 |
Canada/Central | -6 |
Canada/Eastern | -5 |
Canada/Mountain | -7 |
Canada/Newfoundland | -3 |
Canada/Pacific | -8 |
Canada/Saskatchewan | -6 |
Canada/Yukon | -8 |
Chile/Continental | -4 |
Chile/EasterIsland | -6 |
Cuba | -5 |
EET | 2 |
EST5EDT | -5 |
Egypt | 2 |
Eire | 0 |
Etc/GMT | 0 |
Etc/GMT+0 | 0 |
Etc/GMT+1 | -1 |
Etc/GMT+10 | -10 |
Etc/GMT+11 | -11 |
Etc/GMT+12 | -12 |
Etc/GMT+2 | -2 |
Etc/GMT+3 | -3 |
Etc/GMT+4 | -4 |
Etc/GMT+5 | -5 |
Etc/GMT+6 | -6 |
Etc/GMT+7 | -7 |
Etc/GMT+8 | -8 |
Etc/GMT+9 | -9 |
Etc/GMT-0 | 0 |
Etc/GMT-1 | 1 |
Etc/GMT-10 | 10 |
Etc/GMT-11 | 11 |
Etc/GMT-12 | 12 |
Etc/GMT-13 | 13 |
Etc/GMT-14 | 14 |
Etc/GMT-2 | 2 |
Etc/GMT-3 | 3 |
Etc/GMT-4 | 4 |
Etc/GMT-5 | 5 |
Etc/GMT-6 | 6 |
Etc/GMT-7 | 7 |
Etc/GMT-8 | 8 |
Etc/GMT-9 | 9 |
Etc/GMT0 | 0 |
Etc/Greenwich | 0 |
Etc/UCT | 0 |
Etc/UTC | 0 |
Etc/Universal | 0 |
Etc/Zulu | 0 |
Europe/Amsterdam | 1 |
Europe/Andorra | 1 |
Europe/Astrakhan | 4 |
Europe/Athens | 2 |
Europe/Belfast | 0 |
Europe/Belgrade | 1 |
Europe/Berlin | 1 |
Europe/Bratislava | 1 |
Europe/Brussels | 1 |
Europe/Bucharest | 2 |
Europe/Budapest | 1 |
Europe/Busingen | 1 |
Europe/Chisinau | 2 |
Europe/Copenhagen | 1 |
Europe/Dublin | 0 |
Europe/Gibraltar | 1 |
Europe/Guernsey | 0 |
Europe/Helsinki | 2 |
Europe/Isle_of_Man | 0 |
Europe/Istanbul | 3 |
Europe/Jersey | 0 |
Europe/Kaliningrad | 2 |
Europe/Kiev | 2 |
Europe/Kirov | 3 |
Europe/Lisbon | 0 |
Europe/Ljubljana | 1 |
Europe/London | 0 |
Europe/Luxembourg | 1 |
Europe/Madrid | 1 |
Europe/Malta | 1 |
Europe/Mariehamn | 2 |
Europe/Minsk | 3 |
Europe/Monaco | 1 |
Europe/Moscow | 3 |
Europe/Nicosia | 2 |
Europe/Oslo | 1 |
Europe/Paris | 1 |
Europe/Podgorica | 1 |
Europe/Prague | 1 |
Europe/Riga | 2 |
Europe/Rome | 1 |
Europe/Samara | 4 |
Europe/San_Marino | 1 |
Europe/Sarajevo | 1 |
Europe/Saratov | 4 |
Europe/Simferopol | 3 |
Europe/Skopje | 1 |
Europe/Sofia | 2 |
Europe/Stockholm | 1 |
Europe/Tallinn | 2 |
Europe/Tirane | 1 |
Europe/Tiraspol | 2 |
Europe/Ulyanovsk | 4 |
Europe/Uzhgorod | 2 |
Europe/Vaduz | 1 |
Europe/Vatican | 1 |
Europe/Vienna | 1 |
Europe/Vilnius | 2 |
Europe/Volgograd | 4 |
Europe/Warsaw | 1 |
Europe/Zagreb | 1 |
Europe/Zaporozhye | 2 |
Europe/Zurich | 1 |
GB | 0 |
GB-Eire | 0 |
GMT | 0 |
GMT0 | 0 |
Greenwich | 0 |
Hongkong | 8 |
Iceland | 0 |
Indian/Antananarivo | 3 |
Indian/Chagos | 6 |
Indian/Christmas | 7 |
Indian/Cocos | 6 |
Indian/Comoro | 3 |
Indian/Kerguelen | 5 |
Indian/Mahe | 4 |
Indian/Maldives | 5 |
Indian/Mauritius | 4 |
Indian/Mayotte | 3 |
Indian/Reunion | 4 |
Iran | 3 |
Israel | 2 |
Jamaica | -5 |
Japan | 9 |
Kwajalein | 12 |
Libya | 2 |
MET | 1 |
MST7MDT | -7 |
Mexico/BajaNorte | -8 |
Mexico/BajaSur | -7 |
Mexico/General | -6 |
NZ | 12 |
NZ-CHAT | 12 |
Navajo | -7 |
PRC | 8 |
PST8PDT | -8 |
Pacific/Apia | 13 |
Pacific/Auckland | 12 |
Pacific/Bougainville | 11 |
Pacific/Chatham | 12 |
Pacific/Chuuk | 10 |
Pacific/Easter | -6 |
Pacific/Efate | 11 |
Pacific/Enderbury | 13 |
Pacific/Fakaofo | 13 |
Pacific/Fiji | 12 |
Pacific/Funafuti | 12 |
Pacific/Galapagos | -6 |
Pacific/Gambier | -9 |
Pacific/Guadalcanal | 11 |
Pacific/Guam | 10 |
Pacific/Honolulu | -10 |
Pacific/Johnston | -10 |
Pacific/Kiritimati | 14 |
Pacific/Kosrae | 11 |
Pacific/Kwajalein | 12 |
Pacific/Majuro | 12 |
Pacific/Marquesas | -9 |
Pacific/Midway | -11 |
Pacific/Nauru | 12 |
Pacific/Niue | -11 |
Pacific/Norfolk | 11 |
Pacific/Noumea | 11 |
Pacific/Pago_Pago | -11 |
Pacific/Palau | 9 |
Pacific/Pitcairn | -8 |
Pacific/Pohnpei | 11 |
Pacific/Ponape | 11 |
Pacific/Port_Moresby | 10 |
Pacific/Rarotonga | -10 |
Pacific/Saipan | 10 |
Pacific/Samoa | -11 |
Pacific/Tahiti | -10 |
Pacific/Tarawa | 12 |
Pacific/Tongatapu | 13 |
Pacific/Truk | 10 |
Pacific/Wake | 12 |
Pacific/Wallis | 12 |
Pacific/Yap | 10 |
Poland | 1 |
Portugal | 0 |
ROK | 9 |
Singapore | 8 |
SystemV/AST4 | -4 |
SystemV/AST4ADT | -4 |
SystemV/CST6 | -6 |
SystemV/CST6CDT | -6 |
SystemV/EST5 | -5 |
SystemV/EST5EDT | -5 |
SystemV/HST10 | -10 |
SystemV/MST7 | -7 |
SystemV/MST7MDT | -7 |
SystemV/PST8 | -8 |
SystemV/PST8PDT | -8 |
SystemV/YST9 | -9 |
SystemV/YST9YDT | -9 |
Turkey | 3 |
UCT | 0 |
US/Alaska | -9 |
US/Aleutian | -10 |
US/Arizona | -7 |
US/Central | -6 |
US/East-Indiana | -5 |
US/Eastern | -5 |
US/Hawaii | -10 |
US/Indiana-Starke | -6 |
US/Michigan | -5 |
US/Mountain | -7 |
US/Pacific | -8 |
US/Pacific-New | -8 |
US/Samoa | -11 |
UTC | 0 |
Universal | 0 |
W-SU | 3 |
WET | 0 |
Zulu | 0 |
...