You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This guide covers most of the advanced installation procedures that you may need to implement.

Modifying the default domain

The default configuration sets "kiuwan.onpremise.local" as the default domain to access Kiuwan On-Premises.

We encourage to change the default domain, but take into account that this means updating the provided certificates to keep your installation connections secure.

Step 1: edit the global configuration file

Using your preferred editor, open the default configuration file located in your config-shared volume:

sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Edit these properties (kiuwan.port is only needed if you want to use https under a different port than the default 443):

  • kiuwan.domain
  • kiuwan.port

Step 2: update load balancer configuration

Once you have selected your new domain and if you are using the provided Apache load balancer, you should edit the main Apache configuration file:

sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf

Edit this line and change the default domain (kiuwan.onpremise.local) to your new domain:

Define kiuwanDomain kiuwan.onpremise.local

If you have externalized the provided Apache load balancer, you should edit the equivalent configuration file to set the new domain.

Step 3: generate new certificates

Please refer to the Managing certificates guide and follow the needed steps depending on your needs.

Once this is done, you should have these files under the [INSTALLER_DIR]/user-content/certs folder:

  • cacert.pem
  • domainkey.pem
  • domaincert.pem
  • domainkeystore.jks
  • truststore.jks

Step 4: complete your installation

If you are performing a new Kiuwan On-Premises installation, please refer to the steps indicated in the following sections, depending on your installation needs:

If you have already installed Kiuwan On-Premises, you will need to stop your containers, update the deployed configuration and restart them. To do so, execute these commands:

cd [INSTALLER_DIR]
sudo ./stop-all.sh
cd [INSTALLER_DIR]/docker
sudo ./update.sh
cd [INSTALLER_DIR]
sudo ./start-all.sh

Step 5: update your DNS or hosts files

If you are modifying an existing Kiuwan On-Premises installation, you will need to update your DNS or hosts files.

Note that if you have generated new certificates signed by a different CA than the one that signed the previous ones, you should update your Kiuwan On-Premises clients certificates or truststores.

Please refer to Accessing your Kiuwan On-Premises installation for details on these topics.

Modifying access protocols

 

Changing exposed ports

 

Externalizing services

Kiuwan On-Premises uses three main services under its infrastructure's hood:

  • Apache: used as a load balancer when multiple Kiuwan frontal instances are running.
  • Redis: an in-memory cache to speed up response times.
  • MySQL: Kiuwan's main database.

If you want to use your own services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.

Configuring services to externalize

First of all, you will need to edit the main configuration file and mark which services you want to externalize:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

This table shows the properties you should modify when externalizing each service:

ServicePropertyDefault value
Apachekiuwan.externalize.apacheloadbalancerfalse
Rediskiuwan.externalize.redis.[cache|storage]false
MySQLkiuwan.externalize.mysqlfalse

When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your own services.

Externalizing Apache

When externalizing this service you should take into account that:

  • Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its own host name.
  • Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to  Changing exposed ports for more information.
  • In case you are accessing through https scheme, you should provide your frontal service the needed certificates in order to make https connections available (please refer to Managing certificates for more information):
    • domaincert.pem
    • domainkey.pem
    • cacert.pem

Externalizing Redis

It is mandatory for Kiuwan On-Premises to work with your Redis installation that it complies with these characteristics:

  • Redis version must be equal or higher than 5.0.4.
  • Redis must be configured as a cluster.
  • Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).

In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.

In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the "redis.[cache|store].nodes" properties.

All the needed configuration is located in the main configuration file:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

The following table shows the properties to configure (note that you should set exactly the same configuration for both "cache" and "store" Redis configurations):

PropertyMeaningExample
redis.[cache|store].nodesComma separated list of host and port for each Redis nodern1.mydomain.com:6379,rn2.mydomain.com:6379,rn3.mydomain.com:6379,rn4.mydomain.com:6379,rn5.mydomain.com:6379,rn6.mydomain.com:6379
redis.[cache|store].timeoutConnection timeout in milliseconds2000
redis.[cache|store].password Password to use when connecting to a node (leave empty if you have set no password access) 
 redis.[cache|store].clientNameName of the client connection (defaults to empty) 

Externalizing MySQL

When externalizing MySQL note that your MySQL installation should comply with these characteristics:

  • MySQL version 5.7
  • Maximum number of connections: 130 per Kiuwan On-Premises instance.

Step 1: create Kiuwan On-Premises schemas

You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:

create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci;

Step 2: create Kiuwan On-Premises user

You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:

create user '[USER]'@'%' identified by '[PASSWORD]';
grant all privileges on `opt_%`.* to '[USER]'@'%' identified by '[PASSWORD]';
flush privileges;

Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.

Step 3: configure your installation

The following table shows the properties to configure for Kiuwan On-Premises to connect to your own MySQL instance:

PropertyMeaningExample
mysql.hostYour MySQL installation hostmysqlkiuwan
mysql.portThe connection port to access your MySQL installation3306
mysql.usernameThe user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step)csaas
mysql.passwordThe user's password (should match the one provided in the previous step) 

Using Amazon S3 as file repository

Kiuwan On-Premises uses these shared file repositories to store analysis related data:

  • kiuwanCentralRepository: stores analysis results files.
  • kiuwanSourceCodeRepository: stores source code.

These two Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.

To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

  • centralFileRepository.type=s3
  • sourceCodeFileRepository.type=s3

The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:

PropertyMeaningExample

s3.privateBucket.bucketName

Your AWS S3 bucket names3mycompany-us
s3.privateBucket.subDirectoryNameYour AWS S3 subdirectory name under the configured bucketmydirectory
s3.privateBucket.accessKeyIdAWS access key for your bucketBS3BX35Z27UAQCEACTPQ
s3.privateBucket.secretKeyIdAWS secret key for your bucketAasdfjklwe1234123lkjfasc21ssACasfEq124Da
s3.dir.centralFileRepositoryThe main key prefix that will be used to keep the central file repository entrieskiuwanCentralWorkingDirectory/analysisData
s3.dir.sourceCodeFileRepositoryThe main key prefix that will be used to keep the source code file repository entrieskiuwanCentralWorkingDirectory/analyzedSourceCode

Advanced configuration reference

All configuration properties you can edit are located in this file located inside your data-shared volume:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):

PropertyDefault valueMeaning
Access configuration
kiuwan.protocolhttpsKiuwan default access protocol
kiuwan.domainkiuwan.onpremise.localKiuwan default domain
kiuwan.port443Kiuwan default access port
Mailing configuration
kiuwan.mail.host Email server host
kiuwan.mail.port Email server port
kiuwan.mail.username Email server username
kiuwan.mail.password Email server password
kiuwan.mail.from Email account you want Kiuwan to use when sending emails
kiuwan.default.mail.account Email account to set to the built-in Kiuwan users
Kiuwan instances shared configuration
timezoneEurope/MadridKiuwan servers timezone. Please refer to Supported timezones page for a complete list of supported time zones.
Kiuwan front instances configuration
kiuwan.nodes.front.max.memory1024mMax memory to set to front instances
session.timeout3600Time a session can be inactive before close it (in seconds)
session.securefalseUse the secure attribute of the session cookie
session.httponlyfalseUse the httponly attribute of the session cookie
Kiuwan analyzer instances configuration
kiuwan.nodes.analyzers.max.memory1024mMax memory to set to analyzer instances
queues.reportsGeneratedQueueSize2Number of slots enabled for analysis processing
Kiuwan scheduler instances configuration
kiuwan.nodes.schedulers.max.memory1024mMax memory to set to front instances
Kiuwan file repositories configuration
centralFileRepository.typefilesystemCentral file repository storage type [filesystem|s3]
sourceCodeFileRepository.typefilesystemSource code repository storage type [filesystem|s3]
Amazon S3 bucket configuration (only applies when using AWS S3 type repositories)
s3.privateBucket.bucketName S3 bucket name
s3.privateBucket.subDirectoryName S3 subdirectory name
s3.privateBucket.accessKeyId Access key id
s3.privateBucket.secretKeyId Secret key id
s3.dir.centralFileRepository Central file repository directory
s3.dir.sourceCodeFileRepository Source code file repository directory
MySQL configuration
mysql.hostmysqlkiuwanMySQL server host
mysql.port3306MySQL server port
mysql.usernamecsaasMySQL server username
mysql.password MySQL server password
mysql.config.useSSLfalseEnable or disable the use of encryption when connecting to MySQL
mysql.config.requireSSLfalseForce the use of encryption when connecting to MySQL
mysql.config.verifyServerCertificatefalseForce the validation of the certificate served MySQL
Redis Cluster cache and store configuration
redis.[cache|store].nodesredis_0000[1-6]:6379Redis nodes hosts (use the provided single host name when using elasticache)
redis.[cache|store].timeout2000Redis connection timeout
redis.[cache|store].password Redis password
redis.[cache|store].clientName Redis client name
SSL configuration
java.keystore.password Java keystore password. This must be aligned with the generated keystore password (in case you change the default Kiuwan host name)
java.truststore.password Java truststore password. This must be aligned with the generated truststore password (in case you change the default Kiuwan host name)
  • No labels