Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This guide covers most of the advanced installation procedures that you may need to implement.

Modifying the default domain

The default configuration sets "kiuwan.onpremise.local" as the default domain to access Kiuwan On-Premises.

We encourage you to change the default domain, but take into account that this means updating the provided certificates to keep your installation connections secure.

Step 1:

edit

Edit the global configuration file

Using your preferred editor, open the default configuration file located in your config-shared volume:

Code Block
languagebash
sudo vim 
[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Edit these properties (kiuwan.port is only needed if you want to use https under a different port than the default 443):

  • kiuwan.domain

  • Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Set kiuwan.domain as kiuwan.onpremise.local 

    Image Added

    kiuwan.port

    Step 2:

    update

    Update load balancer configuration

    Once you have selected your new domain and if you are using the provided Apache load balancer, you should edit the main Apache configuration file:

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf 


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Edit this line and change the default domain (kiuwan.onpremise.local) to your new domain:

    Code Block
    Define kiuwanDomain 
    kiuwan.onpremise.local

    Image Added
    If you have externalized the provided Apache load balancer, you should edit the equivalent configuration file to set the new domain.

    Step 3:

    generate

    Generate new certificates

    Please refer to the Managing certificates guide and follow the needed steps depending on your needs.

    Once this is done, you should have these files under the [INSTALLER_DIR]/user-content/certs folder:

    • cacert.pem
    • domainkey.pem
    • domaincert.pem
    • domainkeystore.jks
    • truststore.jks

    Step 4:

    complete

    Complete your installation

    If you are performing a new Kiuwan On-Premises installation, please refer to the steps indicated in the following sections, depending on your installation needs:

    If you have already installed Kiuwan On-Premises, you will need to stop your containers, update the deployed configuration, and restart them. To do so, execute these commands:

    Code Block
    languagebash
    cd [INSTALLER_DIR]
    sudo ./stop-all.sh
    cd [INSTALLER_DIR]/docker
    sudo ./update.sh
    cd [INSTALLER_DIR]
    sudo ./start-all.sh


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Step 5:

    update

    Update your DNS or hosts files

    If you are modifying an existing Kiuwan On-Premises installation, you will need to update your DNS or hosts files.

    Note that if you have generated new certificates signed by a different CA than the one that signed the previous ones, you should update your Kiuwan On-Premises clients' certificates or truststores.Please refer to Accessing your Kiuwan On-Premises installation for details on these topics. 

    • Add kiuwan.onpremise.local to your hosts file.

    For testing purposes or if you choose the second option, edit this file in the host where you plan to access Kiuwan from:

    • Windows OS: C:\Windows\System32\drivers\etc\hosts
    • Linux OS: /etc/hosts

    Add the following entry to the previous file:

    Code Block
    [kiuwan_on_premise_host_ip] 
    [kiuwan_on_premise_host]

    Image Added

    Modifying access protocols

    Kiuwan On-Premises installation supports configuring access protocols for:

    • Apache load balancer: HTTPS (default protocol) or HTTP.
    • Kiuwan front instances: HTTPS (default protocol), HTTP, or AJP.

    If you need to change the default access protocols, please take into account:

    • Apache load balancer configuration must be manually modified, both when using the provided services or when externalizing it.
    • Plaintext connections are not secure.

    Step 1:

    configure

    Configure Apache load balancer access protocol

    In case you are using the provided Apache service for load balancing or your own Apache as a front-end server, you should manually configure how it accesses Kiuwan, by editing its configuration file. For the provided services you can edit the file like this:

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Look for the Look for the balancer proxy definition (<Proxy "balancer://mycluster">) and make sure the used protocol matches your needs.

    The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through AJP protocol:

    Code Block
    languagexml
    BalancerMember "ajp://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1
    BalancerMember "ajp://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1

    The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through HTTP protocol:

    Code Block
    languagexml
    BalancerMember "http://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=1 hcinterval=15 hcfails=2
    BalancerMember "http://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=21 hcinterval=15 hcfails=12

    Note that if you are not using a front-end server because you want to access directly to a single Kiuwan front instance, you will be forced to use either HTTPS or HTTP protocols in order to be able to access Kiuwan On-Premises from a web browser.

    Warning

    If you are combining HTTPS access to the Apache load balancer service with HTTP access to Kiuwan front instances, make sure the following directive is turned off in your httpd.conf file, just like this:

    Code Block
    languagebash
    ProxyPreserveHost Off


    Step 2:

    configure

    Configure Kiuwan front instances access protocol

    Kiuwan On-Premises front instances expose a single port for communicating either by using HTTPS, HTTP, or AJP protocols. To configure the protocol to use, edit the main configuration file located in your config-shared volume:

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Look for the "kiuwan-nodes.access.protocol property and set its value to either "https", "http" or "ajp" depending on the protocol you wan want to use. For example, to use the AJP protocol:

    Code Block
    languagejava
    kiuwan-nodes.access.protocol=ajp

    Note that this only sets how Kiuwan front servers are configured. You must configure how Kiuwan will generate access URLs for you by following the next step.

    Step 3:

    configure

    Configure client access protocol for URL generation

    Kiuwan instances need to know how you are accessing your Kiuwan On-Premises intallation in order installation to correctly generate dynamic URLs. To configure this, edit the main configuration file, located in your config-shared volume:

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Look for the Look for the "kiuwan.protocol" property and set its value to either "https" or "http". For example, if you want to access Kiuwan On-Premises through https:

    Code Block
    languagejava
    kiuwan.protocol=https

    Note that "https" and "http" are the only two allowed options here, as you only can access Kiuwan On-Premises from a web browser through one of these protocols.

    Step 4:

    restart

    Restart your servers

    In case you have made modifications to the provided Apache load balancer, you should restart the server:

    Code Block
    languagebash
    cd [INSTALLER_DIR]/docker
    sudo ./stop-infrastructure.sh apacheloadbalancer
    sudo ./start-infrastructure.sh apacheloadbalancer


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    If you are using your own front-end server, please restart it in order to apply the changes.

    In case you have made modifications to the globalConfig.properties file, you should restart the Kiuwan servers:

    Code Block
    languagebash
    cd [INSTALLER_DIR]
    sudo ./stop-kiuwan.sh
    sudo ./start-kiuwan.sh


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Modifying exposed ports

    Kiuwan On-Premises installation supports changing which ports will be exposed to the outside of the Docker network by any of these services:

    • Apache load balancer.
    • Kiuwan front instances.
    • MySQL database.

    Note that the port used by the provided containers inside the Kiuwan Docker Network (172.172.0.0/16) is fixed and cannot be changed. Only the exposed ports are configurable. The following table shows which ports are used by each container inside the Docker network and how they are mapped to the outside by default:

    Container nameInternal ports (cannot be changed)Exposed ports (configurable)Protocol
    apacheloadbalancer80, 44380, 443HTTPS or HTTP
    wildflykiuwan-f[n]84438[n]43HTTPS, HTTP or AJP
    wildflykiuwan-a[n]NoneNoneNone
    wildflykiuwan-s[n]NoneNoneNone
    mysqlkiuwan33063306MySQL protocol

    Note that containers can only be accessed from outside its host when at least one port is exposed. These considerations should be taken into account as well:

    • If you are accessing any container through HTTPS and you change the provided ports you should update your certificates in order to modify the provided SANs (Subject Alternative Names). Please refer to Managing certificates page for more information.
    • On single hosts installations where the provided front-end server (apacheloadbalancer) or the provided MySQL (mysqlkiuwan) are not externalized, changing Kiuwan front instances ports or MySQL port is not usually needed , unless there are port conflicts on your host. As we recommend using a dedicated host for Kiuwan On-Premises installations, this should not be the case in most installations. By default, the provided Apache access Kiuwan front instances through port 8443 and Kiuwan accesses access MySQL through port 3306, as they belong to the same Docker network.
    • When using an externalized front-end server, it may be needed to change the Kiuwan front instances ports if your company has strict traffic guidelines or you just prefer using ports that you are more comfortable with.
    • In case you are using your own MySQL server, Kiuwan should be instructed to use the port in which your MySQL server is listening to.
    • In case you are using the provided MySQL container on a different host and you want to modify the exposed port by the container you must change both the MySQL exposed port and the port used by Kiuwan to communicate with MySQL. Both ports must match.
    Note
    When modifying the front-end server, Kiuwan front instances or MySQL ports, you should always update how Kiuwan connects to each service. Please refer to Setting which ports Kiuwan should use for more details.


    Warning

    You must restart the needed servers when ports have been reconfigured.

    In case you have made modifications to the provided Apache load balancer, you should restart the server:

    Code Block
    languagebash
    cd [INSTALLER_DIR]/docker
    
    sudo ./stop-infrastructure.sh apacheloadbalancer
    
    sudo ./start-infrastructure.sh apacheloadbalancer


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    If you If you are using your own front-end server, please restart it in order to apply the changes.

    In case you have made modifications that affect Kiuwan, you should restart the Kiuwan servers:

    Code Block
    languagebash
    cd [INSTALLER_DIR]
    sudo ./stop-kiuwan.sh
    
    sudo ./start-kiuwan.sh


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode


    Modifying exposed ports in Apache load balancer

    When using the provided Apache load balancer, the following properties found in the globalConfig.properties main configuration file will set the exposed ports:

    • kiuwan.port.apache.http: sets the exposed port for HTTP.
    • kiuwan.port.apache.https: sets the exposed port for HTTPS.

    Ports set must be different to avoid conflicts. Note that the provided Apache container will expose both ports to listen HTTPS and HTTP traffic, but you can unset any of them by modifying the provided configuration file.

    Step 1:

    modify

    Modify globalConfig.properties file

    In case you modify the default ports, you must change the httpd.conf file located under [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf folder.

    Locate the properties shown above and set them to the ports that you want to expose (default configuration is shown below):

    Code Block
    languagebash
    kiuwan.port.apache.http=80
    kiuwan.port.apache.https=443

    Image Added

    Step 2:

    modify

    Modify httpd.conf file

    First, locate the ports Apache will listen to and set your selected ports. Default configuration is shown below (ports 80 and 443):

    Code Block
    languagebash
    # Listen: Allows you to bind Apache to specific IP addresses and/or
    # ports, instead of the default. See also the <VirtualHost>
    # directive.
    #
    # Change this to Listen on specific IP addresses as shown below to
    # prevent Apache from glomming onto all bound IP addresses.
    #
    Listen 80
    Listen 443 80
    Listen 443

    Image Added

    Second, locate the default virtual host entry and change the assigned port. Default configuration is shown below Second, locate the default virtual host entry and change the assigned port. Default configuraiton is shown below (port 443):

    Code Block
    languagebash
    <VirtualHost *:443>

    Image Added

    Open browser and visit https://localhost/saas/web/dashboard/dashboard

    Image Added

    Modifying exposed ports in Kiuwan front instances

    Modifying exposed ports in MySQL

    Setting which ports Kiuwan should use

    Kiuwan instances must know which ports you are exposing both in:

    • The provided apache load balancer or your own front-end server.
    • The provided MySQL databse or your own MySQL instance.
    As both services can be externalized, there are two additional properties to configure these ports (found in the main configuration file

    To change the exposed port of a Kiuwan front instance, edit the main configuration file (globalConfig.properties):

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
    ):


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Locate the following properties (default values are shown):

    Code Block
    languagebash
    kiuwan.port.front1=8143
    kiuwan.port.front2=8243
    kiuwan.port.front3=8343
    kiuwan.port.front4=8443
    kiuwan.port.front5=8543
    kiuwan.port.front6=8643
    kiuwan.port.front7=8743
    kiuwan.port.front8=8843

    By default, only one front instance will be started, but it is recommended to change all available instances just in case you need to add front instances in the future.

    Note that the previous properties set the ports that will be exposed outside Kiuwan Docker network. Changing these ports is only recommended when externalizing the Apache load balancer service, as the internal port (8443) will be used when this service is inside the Docker network.

    Modifying exposed ports in MySQL

    To change the exposed port of the provided MySQL service, edit the main configuration file (globalConfig.properties):

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Locate the following property (default value is shown):

    Code Block
    languagebash
    kiuwan.port.mysql=3306

    Note that the previous property sets the port that will be exposed outside Kiuwan Docker network. Changing these ports is only recommended when externalizing the MySQL service, as the internal port (3306) will be used when this service is inside the Docker network.

    Setting which ports Kiuwan should use

    Kiuwan instances must know which ports you are exposing both in:

    • The provided apache load balancer or your front-end server.
    • The provided MySQL database or your MySQL instance.

    As both services can be externalized, there are two additional properties to configure these ports (found in the main configuration file [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

    • kiuwan.port: the port that will be used when generating dynamic URLs from Kiuwan. This port must match the one exposed by the front-end server.
    • mysql.port: the port that will be used by Kiuwan to connect to the MySQL host. This port must match the one exposed by the MySQL server.

    Configuration examples

    Example 1

    The following table shows how to set the values in globalConfig.properties file for installation where:

    • All Kiuwan containers are deployed in the same host (single host installation).
    • Apache load balancer externalized. The Apache server listens to port 444.
    • Apache will access Kiuwan On-Premises front servers through port 8009. If new front instances are added, the next port will be used for the new instance.
    • MySQL has been externalized and is accessible though port 3344.
    Property keyValue
    kiuwan.port444
    mysql.port3344
    kiuwan.port.front18009
    kiuwan.port.front28010
    • kiuwan.port: the port that will be used when generating dynamic URLs from Kiuwan. This port must match the one exposed by the front-end server.
    • mysql.port: the port that will be used by Kiuwan to connect to the MySQL host. This port must match the one exposed by the MySQL server.

    Configuration examples

    Example 1

    The following table shows how to set the values in globalConfig.properties file for an installation where:

    • All Kiuwan containers are deployed in the same host (single host installation).
    • Apache load balancer externalized. The Apache server listens to port 444.
    • Apache will access Kiuwan On-Premises front servers through port 8009. If new front instances are added, the next port will be used for the new instance.
    • MySQL has been externalized and is accessible though port 3344.
    Property keyValue
    kiuwan.port444
    mysql.port3344
    kiuwan.port.front18009
    kiuwan.port.front28010
    kiuwan.port.front[n]8009 + (n - 1)
    kiuwan.port.apache.httpDoes not apply, service externalized
    kiuwan.port.apache.httpsDoes not apply, service externalized
    kiuwan.port.mysqlDoes not apply, service externalized

    The front-end server must use ports 8009, 8010, etc. to access Kiuwan front servers.

    Example 2

    The following table shows how to set the values in globalConfig.properties file for an installation where:

    • All Kiuwan containers are deployed in the same host (single host installation).
    • Apache load balancer is NOT externalized and will listen to port 80 for HTTP and port 443 for HTTPS.
    • Kiuwan On-Premises front servers should be accessible from the outside through port 8080. If new front instances are added, the next port will be used for the new instance.
    • MySQL has NOT been externalized and will be accessible though port 3406 for direct external connections to the database.
    Property keyValuekiuwan.port443mysql.port3306kiuwan.port.front18080kiuwan.port.front28081
    kiuwan.port.front[n]
    8080
    8009 + (n - 1)
    kiuwan.port.apache.http
    80
    Does not apply, service externalized
    kiuwan.port.apache.https
    443
    Does not apply, service externalized
    kiuwan.port.mysql
    3406
    Does not apply, service externalized

    The front-end server must use port 8443 ports 8009, 8010, etc. to access Kiuwan front servers, as it belongs to the same Docker network, but a user will be able to access these front servers through ports 8080, 8081, etc. from outside the Kiuwan On-Premises host.

    Externalizing services

    Kiuwan On-Premises uses three main services under its infrastructure's hood:

    • Apache: used as a load balancer when multiple Kiuwan frontal instances are running.
    • Redis: an in-memory cache to speed up response times.
    • MySQL: Kiuwan's main database.

    If you want to use your own services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.

    Configuring services to externalize

    First of all, you will need to edit the main configuration file and mark which services you want to externalize:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    This table shows the properties you should modify when externalizing each service:

    ServicePropertyDefault value
    Apachekiuwan.externalize.apacheloadbalancerfalse
    Rediskiuwan.externalize.redis.[cache|storage]false
    MySQLkiuwan.externalize.mysqlfalse

    When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your own services.

    Externalizing Apache

    When externalizing this service you should take into account that:

    • Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its own host name.
    • Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to  Changing exposed ports for more information.
    • In case you are accessing through https scheme, you should provide your frontal service the needed certificates in order to make https connections available (please refer to Managing certificates for more information):
      • domaincert.pem
      • domainkey.pem
      • cacert.pem

    Externalizing Redis

    It is mandatory for Kiuwan On-Premises to work with your Redis installation that it complies with these characteristics:

    • Redis version must be equal or higher than 5.0.4.
    • Redis must be configured as a cluster.
    • Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).

    In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.

    In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the "redis.[cache|store].nodes" properties.

    All the needed configuration is located in the main configuration file:

    .

    Example 2

    The following table shows how to set the values in globalConfig.properties file for installation where:

    • All Kiuwan containers are deployed in the same host (single host installation).
    • Apache load balancer is NOT externalized and will listen to port 80 for HTTP and port 443 for HTTPS.
    • Kiuwan On-Premises front servers should be accessible from the outside through port 8080. If new front instances are added, the next port will be used for the new instance.
    • MySQL has NOT been externalized and will be accessible through port 3406 for direct external connections to the database.
    Property keyValue
    kiuwan.port443
    mysql.port3306
    kiuwan.port.front18080
    kiuwan.port.front28081
    kiuwan.port.front[n]8080 + (n - 1)
    kiuwan.port.apache.http80
    kiuwan.port.apache.https443
    kiuwan.port.mysql3406

    The front-end server must use port 8443 to access Kiuwan front servers, as it belongs to the same Docker network, but a user will be able to access these front servers through ports 8080, 8081, etc. from outside the Kiuwan On-Premises host.

    Configure a password in Redis

    Info

    This configuration is available from version 2.8.2010.1 of Kiuwan on-premise

    The default configuration of Kiuwan does not set any password in Redis. 

    To configure a password in Redis and configure Kiuwan to connect to Redis using a password, follow these steps:

     If you are installing Kiuwan for the first time, make sure that you have completed at least the “Step 6: initialize your volumes” described in Kiuwan On-Premises Distributed Installation Guide before continuing.

    Step 1: Stop Kiuwan

    If you are installing Kiuwan for the first time in your instance, skip this step.

    If you are modifying the configuration of an existing Kiuwan installation stop executing it:

    Code Block
    languagebash
    cd [INSTALLER_DIR]
    sudo ./stop-kiuwan.sh
    sudo ./start-kiuwan.sh


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Step 2: Edit the global configuration file

    Using your preferred editor, open the default configuration file located in your config-shared volume. In the following example, the used editor is vim:

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    The following table shows the properties to configure (note that Edit these properties and assign a password to be used on connecting to Redis, you should set exactly the same configuration value for both " redis.cache " and "store" Redis configurations):

    PropertyMeaningExample
    redis.[cache|store].nodesComma separated list of host and port for each Redis nodern1.mydomain.com:6379,rn2.mydomain.com:6379,rn3.mydomain.com:6379,rn4.mydomain.com:6379,rn5.mydomain.com:6379,rn6.mydomain.com:6379
    redis.[cache|store].timeoutConnection timeout in milliseconds2000
    redis.[cache|store].password Password to use when connecting to a node (leave empty if you have set no password access) 
     redis.[cache|store].clientNameName of the client connection (defaults to empty) 

    Externalizing MySQL

    When externalizing MySQL note that your MySQL installation should comply with these characteristics:

    • MySQL version 5.7
    • Maximum number of connections: 130 per Kiuwan On-Premises instance.

    Step 1: create Kiuwan On-Premises schemas

    You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:

    Code Block
    languagesql
    create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci;

    Step 2: create Kiuwan On-Premises user

    You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:

    Code Block
    languagesql
    create user '[USER]'@'%' identified by '[PASSWORD]';
    grant all privileges on `opt_%`.* to '[USER]'@'%' identified by '[PASSWORD]';
    flush privileges;

    Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.

    Step 3: configure your installation

    The following table shows the properties to configure for Kiuwan On-Premises to connect to your own MySQL instance:

    PropertyMeaningExample
    mysql.hostYour MySQL installation hostmysqlkiuwan
    mysql.portThe connection port to access your MySQL installation3306
    mysql.usernameThe user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step)csaas
    mysql.passwordThe user's password (should match the one provided in the previous step) 

    Using Amazon S3 as file repository

    Kiuwan On-Premises uses these shared file repositories to store analysis related data:

    • kiuwanCentralRepository: stores analysis results files.
    • kiuwanSourceCodeRepository: stores source code.
    • kiuwanCustomConfigRepository: stores centralized analysis configuration files.

    These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.

    To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

    • centralFileRepository.type=s3
    • sourceCodeFileRepository.type=s3
    • customConfigFileRepository.type=s3

    The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:

    PropertyMeaningExample

    s3.privateBucket.bucketName

    Your AWS S3 bucket names3mycompany-us
    s3.privateBucket.subDirectoryNameYour AWS S3 subdirectory name under the configured bucketmydirectory
    s3.privateBucket.accessKeyIdAWS access key for your bucketBS3BX35Z27UAQCEACTPQ
    s3.privateBucket.secretKeyIdAWS secret key for your bucketAasdfjklwe1234123lkjfasc21ssACasfEq124Da
    s3.dir.centralFileRepositoryThe main key prefix that will be used to keep the central file repository entrieskiuwanCentralWorkingDirectory/analysisData
    s3.dir.sourceCodeFileRepositoryThe main key prefix that will be used to keep the source code file repository entrieskiuwanCentralWorkingDirectory/analyzedSourceCode
    s3.dir.customConfigFileRepositoryThe main key prefix that will be used to keep the custom config file repository entrieskiuwanCentralWorkingDirectory/customConfig

    Configuration options reference

    All configuration properties you can modify are located in this file, located inside your config-shared volume:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):

    redis.store password:

    • redis.cache.password={YOUR_REDIS_PASSWORD}

    • redis.store.password={YOUR_REDIS_PASSWORD}

    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Step 3: Activate authentication in Redis

    You should edit the Redis configuration files located in the following path:

    Code Block
    languagebash
    sudo vim [VOLUMES_DIR]/config-shared/Redis/conf/redis[1-6].conf


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Add the following lines in each of them (6 files in total):

    Code Block
    languagebash
    requirepass {YOUR_REDIS_PASSWORD}
    masterauth {YOUR_REDIS_PASSWORD}

    If you have externalized the Redis installation, you should edit the equivalent configuration file to activate the authentication and restart the externalized Redis installation.

    Step 4: Propagate the changes in Kiuwan

    If you are installing Kiuwan for the first time in your instance, skip this step.

    To propagate the changes in globalConfig.properties, execute the following commands:

    Code Block
    languagebash
    cd [INSTALLER_DIR]/docker
    sudo ./update.sh


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Step 5: Start kiuwan

    All the required changes are completed. If you are installing Kiuwan for the first time make sure that you complete all the installation steps and start Kiuwan. 

    If you are modifying an existing installation start Kiuwan and the setup is completed:

    Code Block
    languagebash
    cd [INSTALLER_DIR]
    sudo ./start-all.sh


    Note

    Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

    Externalizing services

    Kiuwan On-Premises uses three main services under its infrastructure's hood:

    • Apache - used as a load balancer when multiple Kiuwan frontal instances are running.
    • Redis - an in-memory cache to speed up response times.
    • MySQL - Kiuwan's main database.

    If you want to use your services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.

    Configuring services to externalize

    First of all, you will need to edit the main configuration file and mark which services you want to externalize:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    This table shows the properties you should modify when externalizing each service:

    ServicePropertyDefault value
    Apachekiuwan.externalize.apacheloadbalancerfalse
    Rediskiuwan.externalize.redis.[cache|storage]false
    MySQLkiuwan.externalize.mysqlfalse

    When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your services.

    Externalizing Apache

    When externalizing this service you should take into account that:

    • Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its hostname.
    • Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to  Changing exposed ports for more information.
    • In case you are accessing through https scheme, you should provide your frontal service the needed certificates to make https connections available (please refer to Managing certificates for more information):
      • domaincert.pem
      • domainkey.pem
      • cacert.pem

    Modify globalConfig.properties and set kiuwan.externalize.apacheloadbalancer=true

    Image Added

    Refer to ModifyingexposedportsinKiuwanfrontinstances and modify the exposed ports in Kiuwan front instances.

    Image Added

    Offload load balancer through container, which is mapped to local port 80 and 443.

    Open browser and visit https://localhost/saas/web/dashboard/dashboard 

    Image Added

    Externalizing Redis

    Kiuwan On-Premises must work with your Redis installation that it complies with these characteristics:

    • Redis version must be equal or higher than 5.0.4.
    • Redis must be configured as a cluster.
    • Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).

    In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.

    In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the redis.[cache|store].nodes properties.

    All the needed configuration is located in the main configuration file:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    The following table shows the properties to configure (note that you should set the same configuration for both "cache" and "store" Redis configurations):

    PropertyMeaningExample
    redis.[cache|store].nodesComma separated list of host and port for each Redis node

    rn1.mydomain.com:6379, rn2.mydomain.com:6379, rn3.mydomain.com:6379, rn4.mydomain.com:6379, rn5.mydomain.com:6379, rn6.mydomain.com:6379

    redis.[cache|store].timeoutConnection timeout in milliseconds2000
    redis.[cache|store].password Password to use when connecting to a node (leave empty if you have set no password access)
     redis.[cache|store].clientNameName of the client connection (defaults to empty)

    Externalizing MySQL

    When externalizing MySQL note that your MySQL installation should comply with these characteristics:

    • MySQL version 5.7
    • The maximum number of connections: 130 per Kiuwan On-Premises instance.

    Step 1: Create Kiuwan On-Premises schemas

    You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:

    Code Block
    languagesql
    create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci;

    To generate the required tables, run all the .sql scripts present in the directories:

    /installation/resources/install-db and /installation/resources/install-db-data-core
    Image Added

    Step 2: Create Kiuwan On-Premises user

    You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:

    Code Block
    languagesql
    create user '[USER]'@'%' identified by '[PASSWORD]';
    grant all privileges on `opt_%`.* to '[USER]'@'%' identified by
    '[PASSWORD]';
    flush privileges;

    Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.

    Step 3: Configure your installation

    The following table shows the properties to configure for Kiuwan On-Premises to connect to your MySQL instance:

    Property

    Meaning

    Example

    mysql.host

    Your MySQL installation host

    localhost

    mysql.port

    The connection port to access your MySQL installation

    3306

    mysql.username

    The user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step)

    username

    mysql.password

    The user's password (should match the one provided in the previous step)

    password

    Image Added

    Step 4: Set kiuwan.externalize.mysql=true in globalConfig.properties

    Image Added

    Open browser and visit  https://localhost/saas/web/dashboard/dashboard

    Image Added

    Using Amazon S3 as file repository

    Kiuwan On-Premises uses these shared file repositories to store analysis related data:

    • kiuwanCentralRepository: stores analysis results files.
    • kiuwanSourceCodeRepository: stores source code.
    • kiuwanCustomConfigRepository: stores centralized analysis configuration files.

    These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.

    To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

    • centralFileRepository.type=s3
    • sourceCodeFileRepository.type=s3
    • customConfigFileRepository.type=s3

    The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:

    PropertyMeaningExample

    s3.privateBucket.bucketName

    Your AWS S3 bucket names3mycompany-us
    s3.privateBucket.subDirectoryNameYour AWS S3 subdirectory name under the configured bucketmydirectory
    s3.privateBucket.accessKeyIdAWS access key for your bucketBS3BX35Z27UAQCEACTPQ
    s3.privateBucket.secretKeyIdAWS secret key for your bucketAasdfjklwe1234123lkjfasc21ssACasfEq124Da
    s3.dir.centralFileRepositoryThe main key prefix that will be used to keep the central file repository entrieskiuwanCentralWorkingDirectory/analysisData
    s3.dir.sourceCodeFileRepositoryThe main key prefix that will be used to keep the source code file repository entrieskiuwanCentralWorkingDirectory/analyzedSourceCode
    s3.dir.customConfigFileRepositoryThe main key prefix that will be used to keep the custom config file repository entrieskiuwanCentralWorkingDirectory/customConfig

    Automatic data purge

    To keep used disk space under control, Kiuwan On-Premises is capable of automatically purge unnecessary files and, optionally, old data that you may not need anymore.

    By default, Kiuwan On-Premises purges:

    • Analyses that are not among the last 50 processed (for each application).
    • Analyses older than 5 years (1825 days).
    • Support files older than 6 months (180 days).

    The previous thresholds can be configured through the following properties:

    • kiuwan.purge.analysis.lastAnalysesToKeep
    • kiuwan.purge.analysis.antiquity.days
    • kiuwan.purge.support.files.antiquity.days

    In case you do not want to delete and purge any of your data, simply change the active flag to false in the following properties:

    • kiuwan.purge.analysis.data.active
    • kiuwan.purge.support.files.active

    Also, turn off kiuwan.purge.analysis.files.active flag, but this is only recommended for troubleshooting purposes since you will deactivate a task that only purges temporary files that are not needed when using Kiuwan On-Premises.

    All the configuration properties can be found inside the main configuration file:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    Internally, Kiuwan On-Premises uses 5 scheduled tasks to implement file and data purge:

    • Soft-delete “old” analyses: performs a logical deletion of analyses that are considered “old”.
    • Purge soft-deleted analysis data: purges the data associated with soft-deleted analyses.
    • Purge “old” support files: purges “old” files that have been stored for support purposes.
    • Purge analysis shared files: purges files that belong to soft-deleted analyses (stored in the data-shared volume).
    • Purge analysis local temporary files: purges internal temporary data that belong to “old” analyses and is not needed anymore (locally stored on front and analyzer nodes).

    The previous tasks are executed on a daily basis, following this timetable:

    TaskExecution TimeExecution Node
    Soft-delete “old” analyses3:00 AMScheduler
    Purge soft-deleted analysis data5:00 AMScheduler
    Purge “old” support files2:00 AMScheduler
    Purge analysis shared files4:00 AMScheduler
    Purge analysis local temporary files3:00 AMFront, Analyzer

    Configuration options reference

    All configuration properties you can modify are located in this file, located inside your config-shared volume:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):

    PropertyDefault valueMeaning
    Installer behavior
    kiuwan.singlehost.nodes.frontwildflykiuwan-f1

    Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2

    The same pattern would apply to the different kiuwan containers.

    kiuwan.singlehost.nodes.analyzerswildflykiuwan-a1
    kiuwan.singlehost.nodes.schedulerswildflykiuwan-s1
    kiuwan.clients.updatetrueUpdate clients when update.sh is executed. Set to false if you need to run the update process without updating clients (in case there are any new available), propagate changes in this configuration file while not updating clients or run the update process when no connection to static.kiuwan.com is available.
    Kiuwan connection
    kiuwan.protocolhttpsKiuwan default access protocol
    kiuwan.domainkiuwan.onpremise.localKiuwan default domain
    kiuwan.port443Kiuwan default access port
    kiuwan.nodes.access.protocolhttps

    Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value.

    kiuwan.proxy.autoconfigtrue

    Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values.

    Kiuwan instances alternative proxy

    These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation.

    kiuwan.http.proxyHost
    Proxy to use from Kiuwan instances when making http connections.


    kiuwan.http.proxyPort
    kiuwan.http.proxyUser
    kiuwan.http.proxyPassword
    kiuwan.https.proxyHost
    Proxy to use from Kiuwan instances when making https connections.
    kiuwan.https.proxyPort
    kiuwan.https.proxyUser
    kiuwan.https.proxyPassword
    kiuwan.http.nonProxyHosts

    No proxy connection will be used when connecting to these comma-separated list of hosts.

    Kiuwan instances shared configuration
    kiuwan.mail.hostmail.kiuwan.local

    Email server access configuration. It is mandatory that all Kiuwan instances can access the specified host and port.

    kiuwan.mail.port25
    kiuwan.mail.authenticationtrue

    Email server authentication enables flag. Set to false if your email server does not use a SMTP username/password authentication method.

    kiuwan.mail.usernameadmin.kiuwanEmail server username.
    kiuwan.mail.password
    Email server password.
    kiuwan.mail.fromadmin.kiuwan@mail.kiuwan.localThe email account that will be used in the "from" field when composing emails. This field is mandatory, do not leave blank.
    kiuwan.mail.secure.layerssl

    The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections.

    kiuwan.mail.secure.layer.valuetrue

    The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls.

    kiuwan.default.mail.accountadmin.kiuwan@mail.kiuwan.localMail account that will be assigned to the default Kiuwan account.
    timezoneEurope/MadridKiuwan servers timezone. Please refer to Supported timezones page for a complete list of supported time zones.
    java.keystore.password

    Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your certificates.

    java.truststore.password

    Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.

    kiuwan.purge.analysis.files.activetrue

    When the value is set to true, the following tasks are executed daily:

    • Purge analysis shared files, which are related to analyses that have been soft-deleted, are completely removed. This task runs on scheduler nodes.
    • Purge analysis local temporary files, which are considered old files (see kiuwan.purge.analysis.files.antiquity.days), are deleted. This task runs on both, front and analyzer nodes.
    kiuwan.purge.analysis.files.antiquity.days3The value refers to the number of days since the last modification date of a local temporary file to be considered "old".
    Kiuwan file repositories
    centralFileRepository.typefilesystemCentral file repository storage type [filesystem|s3].
    sourceCodeFileRepository.typefilesystemSource code repository storage type [filesystem|s3].
    customConfigFileRepository.typefilesystemCustom config repository storage type [filesystem|s3].
    s3.privateBucket.bucketName
    S3 bucket name (only applies when using AWS S3 type repositories).
    s3.privateBucket.subDirectoryName
    S3 subdirectory name (only applies when using AWS S3 type repositories).
    s3.privateBucket.accessKeyId
    Access key id (only applies when using AWS S3 type repositories).
    s3.privateBucket.secretKeyId
    Secret key id (only applies when using AWS S3 type repositories).
    s3.dir.centralFileRepository
    Central file repository directory (only applies when using AWS S3 type repositories).
    s3.dir.sourceCodeFileRepository
    Source code file repository directory (only applies when using AWS S3 type repositories).
    s3.dir.customConfigFileRepository
    Centralized configuration file repository directory (only applies when using AWS S3 type repositories).
    Kiuwan front instances
    kiuwan.port.front[n]8[n]43

    Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored.

    kiuwan.nodes.front.max.memory2048mMax memory to set to front instances
    session.timeout3600Time a session can be inactive before close it (in seconds)
    session.securefalse

    Use the secure attribute of the session cookie. Set this field to true only if you plan to access your Kiuwan On-Premises installation through https.

    session.httponlyfalseUse the httponly attribute of the session cookie.
    Kiuwan analyzer instances
    kiuwan.nodes.analyzers.max.memory4096mMax memory to set to analyzer instances.
    queues.reportsGeneratedQueueSize2Number of slots enabled for analysis processing.
    Kiuwan scheduler instances
    kiuwan.nodes.schedulers.max.memory2048mMax memory to set to front instances.
    kiuwan.purge.analysis.data.activetrue

    When this value is set to true, the following tasks executes daily:

    • Soft-delete "old" analyses, which satisfyes both kiuwan.purge.analysis.antiquity.days and kiuwan.purge.analysis.lastAnalysesToKeep conditions are soft-deleted.
    • Purge soft-deleted analysis data, the database entries related to analyses that have been soft-deleted, are purged.

      Note

      The purged data is unrecoverable, make sure you keep your backups up to date when activating this task.


     kiuwan.purge.analysis.antiquity.days

    1825

    The value refers to the number of days since the creation timestamp of a baseline analysis to be considered "old". If Soft-delete "old" analyses task is active, the analyses older than the specified number of days are automatically soft-deleted.

    kiuwan.purge.analysis.lastAnalysesToKeep

    50

    The value refers to the number of baseline analyses to keep per application. This takes precedence over "old" analyses, meaning that even when the soft-delete "old" analyses task is active and a baseline analysis is considered "old", this minimum number of baseline analyses is kept per application.

    kiuwan.purge.support.files.activetrueWhen this value is set to true, purge "old" support files task are executed daily. This task automatically purges "old" files (see kiuwan.purge.support.files.antiquity.days) that are downloaded when asking Kiuwan to retrieve support data.
    kiuwan.purge.support.files.antiquity.days180The value refers to the number of days since the last modification of a support file to be considered old. When the purge "old" support files task is active, the support files older than the specified days are automatically removed
    PropertyDefault valueMeaningInstaller behaviorkiuwan.singlehost.nodes.frontwildflykiuwan-f1

    Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2

    The same pattern would apply to the different kiuwan containers.

    kiuwan.singlehost.nodes.analyzerswildflykiuwan-a1kiuwan.singlehost.nodes.schedulerswildflykiuwan-s1kiuwan.clients.updatetrueUpdate clients when update.sh is executed. Set to false if you need to run the update process without updating clients (in case there are any new available), propagate changes in this configuration file while not updating clients or run the update process when no connection to static.kiuwan.com is available.Kiuwan connectionkiuwan.protocolhttpsKiuwan default access protocolkiuwan.domainkiuwan.onpremise.localKiuwan default domainkiuwan.port443Kiuwan default access portkiuwan.nodes.access.protocolhttps

    Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value.

    kiuwan.proxy.autoconfigtrue

    Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values.

    Kiuwan instances alternative proxy

    These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation.

    kiuwan.http.proxyHost Proxy to use from Kiuwan instances when making http connections.
    kiuwan.http.proxyPort kiuwan.http.proxyUser kiuwan.http.proxyPassword kiuwan.https.proxyHost Proxy to use from Kiuwan instances when making https connections.kiuwan.https.proxyPort kiuwan.https.proxyUser kiuwan.https.proxyPassword kiuwan.http.nonProxyHosts 

    No proxy connection will be used when connecting to these comma separated list of hosts.

    Kiuwan instances shared configurationkiuwan.mail.hostmail.kiuwan.local

    Email server access configuration. It is mandatory that all kiuwan instances can access the specified host and port.

    kiuwan.mail.port25kiuwan.mail.authenticationtrue

    Email server authentication enable flag. Set to false if your email server does not use a SMTP username/password authentication method.

    kiuwan.mail.usernameadmin.kiuwanEmail server username.kiuwan.mail.password Email server password.kiuwan.mail.fromadmin.kiuwan@mail.kiuwan.localEmail account that will be used in the "from" field when composing emails. This field is mandatory, do not leave blank.kiuwan.mail.secure.layerssl

    The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections.

    kiuwan.mail.secure.layer.valuetrue

    The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls.

    kiuwan.default.mail.accountadmin.kiuwan@mail.kiuwan.localMail account that will be assigned to the default Kiuwan account.timezoneEurope/MadridKiuwan servers timezone. Please refer to Supported timezones page for a complete list of supported time zones.java.keystore.password 

    Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.

    java.truststore.password 

    Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.

    Kiuwan file repositoriescentralFileRepository.typefilesystemCentral file repository storage type [filesystem|s3].sourceCodeFileRepository.typefilesystemSource code repository storage type [filesystem|s3].customConfigFileRepository.typefilesystemCustom config repository storage type [filesystem|s3].s3.privateBucket.bucketName S3 bucket name (only applies when using AWS S3 type repositories).s3.privateBucket.subDirectoryName S3 subdirectory name (only applies when using AWS S3 type repositories).s3.privateBucket.accessKeyId Access key id (only applies when using AWS S3 type repositories).s3.privateBucket.secretKeyId Secret key id (only applies when using AWS S3 type repositories).s3.dir.centralFileRepository Central file repository directory (only applies when using AWS S3 type repositories).s3.dir.sourceCodeFileRepository Source code file repository directory (only applies when using AWS S3 type repositories).s3.dir.customConfigFileRepository Centralized configuration file repository directory (only applies when using AWS S3 type repositories).Kiuwan front instanceskiuwan.port.front[n]8[n]43

    Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored.

    kiuwan.nodes.front.max.memory2048mMax memory to set to front instancessession.timeout3600Time a session can be inactive before close it (in seconds)session.securefalse

    Use the secure attribute of the session cookie. Set this field to true only if you plan accessing your Kiuwan On-Premises installation through https.

    session.httponlyfalseUse the httponly attribute of the session cookie.Kiuwan analyzer instanceskiuwan.nodes.analyzers.max.memory4096mMax memory to set to analyzer instances.queues.reportsGeneratedQueueSize2Number of slots enabled for analysis processing.Kiuwan scheduler instanceskiuwan.nodes.schedulers.max.memory2048mMax memory to set to front instances
    .
    Apache load balancer
    kiuwan.port.apache.http80

    Ports that will be exposed by the Apache load balancer container. When using the provided load balancer, the specified "kiuwan.port.apache.https" (or "kiuwan.port.apache.http" when disabling https support) must match the value set to "kiuwan.port field". When externalizing this service, their values have no effect.

    kiuwan.port.apache.https443
    MySQL
    kiuwan.port.mysql3306

    Port that will be exposed by the MySQL container. When using the provided MySQL, its value must match the one specified in "mysql.port" field. When externalizing this service, its value has no effect.

    mysql.hostmysqlkiuwan

    MySQL connection settings. Note that this must be aligned with the configured MySQL port or your external MySQL service in case you are externalizing MySQL.

    mysql.port3306
    mysql.usernamecsaas

    MySQL connection authentication settings. Note that a MySQL user with the specified credentials will be automatically created when installing from scratch if you are running the provided MySQL service. In case you want to change the user accessing Kiuwan's schemas after the installation is completed, you must manually create the user both in the provided MySQL or an externalized one.

    mysql.password
     

    mysql.config.useSSLfalseEnable or disable the use of encryption when connecting to MySQL
    mysql.config.requireSSLfalseForce the use of encryption when connecting to MySQL
    mysql.config.verifyServerCertificatefalseForce the validation of the certificate served MySQL
    Redis Cluster cache and store
    redis.[cache|store].nodesredis_0000[1-6]:6379Redis nodes hosts (use the provided single host name when using elasticache)
    redis.[cache|store].timeout2000Redis connection timeout
    redis.[cache|store].password
     

    Redis password
    redis.[cache|store].clientName
     

    Redis client name

    Supported timezones reference

    The following table shows the available timezones that can be set to the Kiuwan On-Premises server when editing the main configuration file located in:

    • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

    Note that you can set only one of these values to the timezone property found in the previous file:

    Time zoneGMT offset
    Africa/Abidjan0
    Africa/Accra0
    Africa/Addis_Ababa3
    Africa/Algiers1
    Africa/Asmara3
    Africa/Asmera3
    Africa/Bamako0
    Africa/Bangui1
    Africa/Banjul0
    Africa/Bissau0
    Africa/Blantyre2
    Africa/Brazzaville1
    Africa/Bujumbura2
    Africa/Cairo2
    Africa/Casablanca0
    Africa/Ceuta1
    Africa/Conakry0
    Africa/Dakar0
    Africa/Dar_es_Salaam3
    Africa/Djibouti3
    Africa/Douala1
    Africa/El_Aaiun0
    Africa/Freetown0
    Africa/Gaborone2
    Africa/Harare2
    Africa/Johannesburg2
    Africa/Juba3
    Africa/Kampala3
    Africa/Khartoum2
    Africa/Kigali2
    Africa/Kinshasa1
    Africa/Lagos1
    Africa/Libreville1
    Africa/Lome0
    Africa/Luanda1
    Africa/Lubumbashi2
    Africa/Lusaka2
    Africa/Malabo1
    Africa/Maputo2
    Africa/Maseru2
    Africa/Mbabane2
    Africa/Mogadishu3
    Africa/Monrovia0
    Africa/Nairobi3
    Africa/Ndjamena1
    Africa/Niamey1
    Africa/Nouakchott0
    Africa/Ouagadougou0
    Africa/Porto-Novo1
    Africa/Sao_Tome0
    Africa/Timbuktu0
    Africa/Tripoli2
    Africa/Tunis1
    Africa/Windhoek2
    America/Adak-10
    America/Anchorage-9
    America/Anguilla-4
    America/Antigua-4
    America/Araguaina-3
    America/Argentina/Buenos_Aires-3
    America/Argentina/Catamarca-3
    America/Argentina/ComodRivadavia-3
    America/Argentina/Cordoba-3
    America/Argentina/Jujuy-3
    America/Argentina/La_Rioja-3
    America/Argentina/Mendoza-3
    America/Argentina/Rio_Gallegos-3
    America/Argentina/Salta-3
    America/Argentina/San_Juan-3
    America/Argentina/San_Luis-3
    America/Argentina/Tucuman-3
    America/Argentina/Ushuaia-3
    America/Aruba-4
    America/Asuncion-4
    America/Atikokan-5
    America/Atka-10
    America/Bahia-3
    America/Bahia_Banderas-6
    America/Barbados-4
    America/Belem-3
    America/Belize-6
    America/Blanc-Sablon-4
    America/Boa_Vista-4
    America/Bogota-5
    America/Boise-7
    America/Buenos_Aires-3
    America/Cambridge_Bay-7
    America/Campo_Grande-4
    America/Cancun-5
    America/Caracas-4
    America/Catamarca-3
    America/Cayenne-3
    America/Cayman-5
    America/Chicago-6
    America/Chihuahua-7
    America/Coral_Harbour-5
    America/Cordoba-3
    America/Costa_Rica-6
    America/Creston-7
    America/Cuiaba-4
    America/Curacao-4
    America/Danmarkshavn0
    America/Dawson-8
    America/Dawson_Creek-7
    America/Denver-7
    America/Detroit-5
    America/Dominica-4
    America/Edmonton-7
    America/Eirunepe-5
    America/El_Salvador-6
    America/Ensenada-8
    America/Fort_Nelson-7
    America/Fort_Wayne-5
    America/Fortaleza-3
    America/Glace_Bay-4
    America/Godthab-3
    America/Goose_Bay-4
    America/Grand_Turk-5
    America/Grenada-4
    America/Guadeloupe-4
    America/Guatemala-6
    America/Guayaquil-5
    America/Guyana-4
    America/Halifax-4
    America/Havana-5
    America/Hermosillo-7
    America/Indiana/Indianapolis-5
    America/Indiana/Knox-6
    America/Indiana/Marengo-5
    America/Indiana/Petersburg-5
    America/Indiana/Tell_City-6
    America/Indiana/Vevay-5
    America/Indiana/Vincennes-5
    America/Indiana/Winamac-5
    America/Indianapolis-5
    America/Inuvik-7
    America/Iqaluit-5
    America/Jamaica-5
    America/Jujuy-3
    America/Juneau-9
    America/Kentucky/Louisville-5
    America/Kentucky/Monticello-5
    America/Knox_IN-6
    America/Kralendijk-4
    America/La_Paz-4
    America/Lima-5
    America/Los_Angeles-8
    America/Louisville-5
    America/Lower_Princes-4
    America/Maceio-3
    America/Managua-6
    America/Manaus-4
    America/Marigot-4
    America/Martinique-4
    America/Matamoros-6
    America/Mazatlan-7
    America/Mendoza-3
    America/Menominee-6
    America/Merida-6
    America/Metlakatla-9
    America/Mexico_City-6
    America/Miquelon-3
    America/Moncton-4
    America/Monterrey-6
    America/Montevideo-3
    America/Montreal-5
    America/Montserrat-4
    America/Nassau-5
    America/New_York-5
    America/Nipigon-5
    America/Nome-9
    America/Noronha-2
    America/North_Dakota/Beulah-6
    America/North_Dakota/Center-6
    America/North_Dakota/New_Salem-6
    America/Ojinaga-7
    America/Panama-5
    America/Pangnirtung-5
    America/Paramaribo-3
    America/Phoenix-7
    America/Port-au-Prince-5
    America/Port_of_Spain-4
    America/Porto_Acre-5
    America/Porto_Velho-4
    America/Puerto_Rico-4
    America/Punta_Arenas-3
    America/Rainy_River-6
    America/Rankin_Inlet-6
    America/Recife-3
    America/Regina-6
    America/Resolute-6
    America/Rio_Branco-5
    America/Rosario-3
    America/Santa_Isabel-8
    America/Santarem-3
    America/Santiago-4
    America/Santo_Domingo-4
    America/Sao_Paulo-3
    America/Scoresbysund-1
    America/Shiprock-7
    America/Sitka-9
    America/St_Barthelemy-4
    America/St_Johns-3
    America/St_Kitts-4
    America/St_Lucia-4
    America/St_Thomas-4
    America/St_Vincent-4
    America/Swift_Current-6
    America/Tegucigalpa-6
    America/Thule-4
    America/Thunder_Bay-5
    America/Tijuana-8
    America/Toronto-5
    America/Tortola-4
    America/Vancouver-8
    America/Virgin-4
    America/Whitehorse-8
    America/Winnipeg-6
    America/Yakutat-9
    America/Yellowknife-7
    Antarctica/Casey8
    Antarctica/Davis7
    Antarctica/DumontDUrville10
    Antarctica/Macquarie11
    Antarctica/Mawson5
    Antarctica/McMurdo12
    Antarctica/Palmer-3
    Antarctica/Rothera-3
    Antarctica/South_Pole12
    Antarctica/Syowa3
    Antarctica/Troll0
    Antarctica/Vostok6
    Arctic/Longyearbyen1
    Asia/Aden3
    Asia/Almaty6
    Asia/Amman2
    Asia/Anadyr12
    Asia/Aqtau5
    Asia/Aqtobe5
    Asia/Ashgabat5
    Asia/Ashkhabad5
    Asia/Atyrau5
    Asia/Baghdad3
    Asia/Bahrain3
    Asia/Baku4
    Asia/Bangkok7
    Asia/Barnaul7
    Asia/Beirut2
    Asia/Bishkek6
    Asia/Brunei8
    Asia/Calcutta5
    Asia/Chita9
    Asia/Choibalsan8
    Asia/Chongqing8
    Asia/Chungking8
    Asia/Colombo5
    Asia/Dacca6
    Asia/Damascus2
    Asia/Dhaka6
    Asia/Dili9
    Asia/Dubai4
    Asia/Dushanbe5
    Asia/Famagusta2
    Asia/Gaza2
    Asia/Harbin8
    Asia/Hebron2
    Asia/Ho_Chi_Minh7
    Asia/Hong_Kong8
    Asia/Hovd7
    Asia/Irkutsk8
    Asia/Istanbul3
    Asia/Jakarta7
    Asia/Jayapura9
    Asia/Jerusalem2
    Asia/Kabul4
    Asia/Kamchatka12
    Asia/Karachi5
    Asia/Kashgar6
    Asia/Kathmandu5
    Asia/Katmandu5
    Asia/Khandyga9
    Asia/Kolkata5
    Asia/Krasnoyarsk7
    Asia/Kuala_Lumpur8
    Asia/Kuching8
    Asia/Kuwait3
    Asia/Macao8
    Asia/Macau8
    Asia/Magadan11
    Asia/Makassar8
    Asia/Manila8
    Asia/Muscat4
    Asia/Nicosia2
    Asia/Novokuznetsk7
    Asia/Novosibirsk7
    Asia/Omsk6
    Asia/Oral5
    Asia/Phnom_Penh7
    Asia/Pontianak7
    Asia/Pyongyang9
    Asia/Qatar3
    Asia/Qostanay6
    Asia/Qyzylorda5
    Asia/Rangoon6
    Asia/Riyadh3
    Asia/Saigon7
    Asia/Sakhalin11
    Asia/Samarkand5
    Asia/Seoul9
    Asia/Shanghai8
    Asia/Singapore8
    Asia/Srednekolymsk11
    Asia/Taipei8
    Asia/Tashkent5
    Asia/Tbilisi4
    Asia/Tehran3
    Asia/Tel_Aviv2
    Asia/Thimbu6
    Asia/Thimphu6
    Asia/Tokyo9
    Asia/Tomsk7
    Asia/Ujung_Pandang8
    Asia/Ulaanbaatar8
    Asia/Ulan_Bator8
    Asia/Urumqi6
    Asia/Ust-Nera10
    Asia/Vientiane7
    Asia/Vladivostok10
    Asia/Yakutsk9
    Asia/Yangon6
    Asia/Yekaterinburg5
    Asia/Yerevan4
    Atlantic/Azores-1
    Atlantic/Bermuda-4
    Atlantic/Canary0
    Atlantic/Cape_Verde-1
    Atlantic/Faeroe0
    Atlantic/Faroe0
    Atlantic/Jan_Mayen1
    Atlantic/Madeira0
    Atlantic/Reykjavik0
    Atlantic/South_Georgia-2
    Atlantic/St_Helena0
    Atlantic/Stanley-3
    Australia/ACT10
    Australia/Adelaide9
    Australia/Brisbane10
    Australia/Broken_Hill9
    Australia/Canberra10
    Australia/Currie10
    Australia/Darwin9
    Australia/Eucla8
    Australia/Hobart10
    Australia/LHI10
    Australia/Lindeman10
    Australia/Lord_Howe10
    Australia/Melbourne10
    Australia/NSW10
    Australia/North9
    Australia/Perth8
    Australia/Queensland10
    Australia/South9
    Australia/Sydney10
    Australia/Tasmania10
    Australia/Victoria10
    Australia/West8
    Australia/Yancowinna9
    Brazil/Acre-5
    Brazil/DeNoronha-2
    Brazil/East-3
    Brazil/West-4
    CET1
    CST6CDT-6
    Canada/Atlantic-4
    Canada/Central-6
    Canada/Eastern-5
    Canada/Mountain-7
    Canada/Newfoundland-3
    Canada/Pacific-8
    Canada/Saskatchewan-6
    Canada/Yukon-8
    Chile/Continental-4
    Chile/EasterIsland-6
    Cuba-5
    EET2
    EST5EDT-5
    Egypt2
    Eire0
    Etc/GMT0
    Etc/GMT+00
    Etc/GMT+1-1
    Etc/GMT+10-10
    Etc/GMT+11-11
    Etc/GMT+12-12
    Etc/GMT+2-2
    Etc/GMT+3-3
    Etc/GMT+4-4
    Etc/GMT+5-5
    Etc/GMT+6-6
    Etc/GMT+7-7
    Etc/GMT+8-8
    Etc/GMT+9-9
    Etc/GMT-00
    Etc/GMT-11
    Etc/GMT-1010
    Etc/GMT-1111
    Etc/GMT-1212
    Etc/GMT-1313
    Etc/GMT-1414
    Etc/GMT-22
    Etc/GMT-33
    Etc/GMT-44
    Etc/GMT-55
    Etc/GMT-66
    Etc/GMT-77
    Etc/GMT-88
    Etc/GMT-99
    Etc/GMT00
    Etc/Greenwich0
    Etc/UCT0
    Etc/UTC0
    Etc/Universal0
    Etc/Zulu0
    Europe/Amsterdam1
    Europe/Andorra1
    Europe/Astrakhan4
    Europe/Athens2
    Europe/Belfast0
    Europe/Belgrade1
    Europe/Berlin1
    Europe/Bratislava1
    Europe/Brussels1
    Europe/Bucharest2
    Europe/Budapest1
    Europe/Busingen1
    Europe/Chisinau2
    Europe/Copenhagen1
    Europe/Dublin0
    Europe/Gibraltar1
    Europe/Guernsey0
    Europe/Helsinki2
    Europe/Isle_of_Man0
    Europe/Istanbul3
    Europe/Jersey0
    Europe/Kaliningrad2
    Europe/Kiev2
    Europe/Kirov3
    Europe/Lisbon0
    Europe/Ljubljana1
    Europe/London0
    Europe/Luxembourg1
    Europe/Madrid1
    Europe/Malta1
    Europe/Mariehamn2
    Europe/Minsk3
    Europe/Monaco1
    Europe/Moscow3
    Europe/Nicosia2
    Europe/Oslo1
    Europe/Paris1
    Europe/Podgorica1
    Europe/Prague1
    Europe/Riga2
    Europe/Rome1
    Europe/Samara4
    Europe/San_Marino1
    Europe/Sarajevo1
    Europe/Saratov4
    Europe/Simferopol3
    Europe/Skopje1
    Europe/Sofia2
    Europe/Stockholm1
    Europe/Tallinn2
    Europe/Tirane1
    Europe/Tiraspol2
    Europe/Ulyanovsk4
    Europe/Uzhgorod2
    Europe/Vaduz1
    Europe/Vatican1
    Europe/Vienna1
    Europe/Vilnius2
    Europe/Volgograd4
    Europe/Warsaw1
    Europe/Zagreb1
    Europe/Zaporozhye2
    Europe/Zurich1
    GB0
    GB-Eire0
    GMT0
    GMT00
    Greenwich0
    Hongkong8
    Iceland0
    Indian/Antananarivo3
    Indian/Chagos6
    Indian/Christmas7
    Indian/Cocos6
    Indian/Comoro3
    Indian/Kerguelen5
    Indian/Mahe4
    Indian/Maldives5
    Indian/Mauritius4
    Indian/Mayotte3
    Indian/Reunion4
    Iran3
    Israel2
    Jamaica-5
    Japan9
    Kwajalein12
    Libya2
    MET1
    MST7MDT-7
    Mexico/BajaNorte-8
    Mexico/BajaSur-7
    Mexico/General-6
    NZ12
    NZ-CHAT12
    Navajo-7
    PRC8
    PST8PDT-8
    Pacific/Apia13
    Pacific/Auckland12
    Pacific/Bougainville11
    Pacific/Chatham12
    Pacific/Chuuk10
    Pacific/Easter-6
    Pacific/Efate11
    Pacific/Enderbury13
    Pacific/Fakaofo13
    Pacific/Fiji12
    Pacific/Funafuti12
    Pacific/Galapagos-6
    Pacific/Gambier-9
    Pacific/Guadalcanal11
    Pacific/Guam10
    Pacific/Honolulu-10
    Pacific/Johnston-10
    Pacific/Kiritimati14
    Pacific/Kosrae11
    Pacific/Kwajalein12
    Pacific/Majuro12
    Pacific/Marquesas-9
    Pacific/Midway-11
    Pacific/Nauru12
    Pacific/Niue-11
    Pacific/Norfolk11
    Pacific/Noumea11
    Pacific/Pago_Pago-11
    Pacific/Palau9
    Pacific/Pitcairn-8
    Pacific/Pohnpei11
    Pacific/Ponape11
    Pacific/Port_Moresby10
    Pacific/Rarotonga-10
    Pacific/Saipan10
    Pacific/Samoa-11
    Pacific/Tahiti-10
    Pacific/Tarawa12
    Pacific/Tongatapu13
    Pacific/Truk10
    Pacific/Wake12
    Pacific/Wallis12
    Pacific/Yap10
    Poland1
    Portugal0
    ROK9
    Singapore8
    SystemV/AST4-4
    SystemV/AST4ADT-4
    SystemV/CST6-6
    SystemV/CST6CDT-6
    SystemV/EST5-5
    SystemV/EST5EDT-5
    SystemV/HST10-10
    SystemV/MST7-7
    SystemV/MST7MDT-7
    SystemV/PST8-8
    SystemV/PST8PDT-8
    SystemV/YST9-9
    SystemV/YST9YDT-9
    Turkey3
    UCT0
    US/Alaska-9
    US/Aleutian-10
    US/Arizona-7
    US/Central-6
    US/East-Indiana-5
    US/Eastern-5
    US/Hawaii-10
    US/Indiana-Starke-6
    US/Michigan-5
    US/Mountain-7
    US/Pacific-8
    US/Pacific-New-8
    US/Samoa-11
    UTC0
    Universal0
    W-SU3
    WET0
    Zulu0