Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Go to section Configuration –> server configuration

  2. Update all value and save the record

  3. check mandatory field in Mandatory Fields/Sections mentioned below

...

Expand
titleSample Server Config Json file
Info

server-config.json file is present at "%INSIGHTS_HOME%"\.InSights environment variable path location.

Sample Server Config Json file

Code Block
languagejson
{
	"vault": {
		"isVaultEnable": false,
		"vaultEndPoint": "http://localhost:8200/v1",
		"secretEngine": "",
		"vaultToken": ""
	},
	"grafana": {
		"grafanaEndpoint": "http://localhost:3000",
		"grafanaDBEndpoint": "jdbc:postgresql://localhost:5432/grafana",
		"adminUserName": "",
		"adminUserPassword": "",
		"dbUserName": "",
        "dbPassword": ""
	},
	"trustedHosts": [
		"localhost"
	],
	"graph": {
		"endpoint": "http://localhost:7474",
		"authToken": "",
		"boltEndPoint": "bolt://localhost:7687",
		"maxIdleConnections": 25,
		"logQueryIfProcessingTimeGreaterThanInMS": 5
	},
	"postgre": {
		"userName": "",
		"password": "",
		"insightsDBUrl": "jdbc:postgresql://localhost:5432/insight",
		"grafanaDBUrl": "jdbc:postgresql://localhost:5432/grafana",
		"c3pMinSize": "9",
		"c3pMaxSize": "25",
		"c3pTimout": "1800",
		"c3pMaxStatements": "300"
	},
	"messageQueue": {
		"host": "localhost",
		"port": 5672,
		"user": "",
		"password": "",
		"prefetchCount": 5,
		"enableDeadLetterExchange":false
	},
	"agentDetails": {
		"isOnlineRegistration": false,
        "onlineRegistrationMode": "nexus",
        "offlineAgentPath": "

...

",
        "unzipPath": "

...

",
        "agentExchange": "iAgent",
        "agentPkgQueue": "INSIGHTS.AGENTS.PACKAGE",
        "githubAPI": "

...

",
        "githubAccessToken": "

...

",
        "repoUrl": "

...

",
        "browseRepoUrl": "

...

",
        "downloadRepoUrl

...

": "",
        "nexusUserName": "

...

",
        "nexusPassword": "

...

",
        "docrootUrl": "http://platform.cogdevops.com/insights_install/release"
	},
	"endpointData": {
		"elasticSearchEndpoint": "http://localhost:9200"
	},
	"queryCache": {
		"esCacheIndex": "neo4j-cached-results/querycacheresult"
	},
	"assessmentReport": {
		"outputDatasource": "NEO4J",
		"maxWorkflowRetries": 3,
		"fusionExportAPIUrl": "http://localhost:1337/api/v2.0/export"
	},
	"workflowDetails": {
		"corePoolSize": 8,
		"maximumPoolSize": 20,
		"keepAliveTime": 20,
		"waitingQueueSize": 10,
		"workflowExecutorCron": "1 0 0 * * ?",
		"workflowRetryExecutorCron": "0 0 */4 ? * *"
	},
	"emailConfiguration": {
		"sendEmailEnabled": false,
		"smtpHostServer": "",
		"smtpPort": "",
		"smtpUserName": "",
		"smtpPassword": "",
		"isAuthRequired": true,
		"smtpStarttlsEnable": true,
		"mailFrom": "onedevops@cogdevops.com",
		"subject": "Health Status - {TimeOfReportGeneration}",
		"systemNotificationSubscriber": "",
		"logo": "img/Insight.svg",
        "line": "img/Line.svg",
        "footerLogo": "img/FooterLogo.svg"
	},
	"correlations": {
		"correlationWindow": 48,
		"correlationFrequency": 3,
		"batchSize": 2000
	},
	"schedulerConfigInMin": {
		"auditEngineInterval": 60,
		"webhookEngineInterval": 10,
		"engineAggregatorModuleInterval": 10,
		"engineCorrelatorModuleInterval": 60,
		"offlineDataProcessingExecutorInterval": 10,
		"dataArchivalEngineInterval": 240,
		"projectMapperModuleInterval": 10,
        "dataPurgingExecutorInterval": 300
	},
	"singleSignOnConfig": {
		"entityId": "",
		"appId": "",
		"metadataUrl": "",
		"metdataFilePath": "",
		"keyStoreFilePath": "C:\\InSights_Windows\\Server2\\INSIGHTS_HOME\\.InSights\\saml-keystore.jks",
		"keyAlias": "",
		"keyPass": "",
		"keyStorePass": "",
		"appBaseUrl": "baseURL",
		"relayStateUrl": "relayStateUrl",
		"defaultTargetUrl": "defaultTargetUrl",
		"postLogoutURL": "logoutURL",
		"tokenSigningKey": "insights_IDP_CogDevops_SSO_Token_string",
		"servicePrincipalKerberos": "",
		"keyTabLocationKerberos": "C:\\InSights_Windows\\Server2\\INSIGHTS_HOME\\.InSights\\kerberos_keytab_file.keytab"
	},
	"mlConfiguration": {
		"h2oEndpoint": ""
	},
	"webhookEngine": {
		"enableWebHookEngine": false,
		"eventProcessingWindowInMin": 60
	},
	"insightsServiceURL": "http://localhost:8080",
	"insightsTimeZone": "UTC",
	"refreshTime": "Jan 22, 2017 5:04:25 PM",
	"enableOnlineDatatagging": false,
	"enableAuditEngine": false,
	"enableDataArchivalEngine": false,
	"autheticationProtocol": "NativeGrafana",
	"pdfkey": "",
	"applicationLogLevel": {
		"updateLevelTransitiveDependency": false,
		"serviceLogLevel": {
			"PlatformService": "DEBUG",
			"PlatformEngine": "DEBUG",
			"PlatformReport": "DEBUG",
			"PlatformRegressionTest": "DEBUG"
		}
	},
	"proxyConfiguration":{
		"isEnableProxy":false,
		"proxyHost":"",
		"proxyPort":0,
		"proxyUsername":"",
		"proxyPassword":""
	
	},
	"userId": "",
    "password": "",
    "enableWebHookEngine": true,
    "enableOnlineBackup": false,
    "enableSSO": false
}
Expand
titleMandatory Fields/Sections
Code Block
languagejson
    "vault": {
		"isVaultEnable": false,
	},
	"grafana": {
		"grafanaEndpoint": "http://localhost:3000",
		"grafanaDBEndpoint": "jdbc:postgresql://localhost:5432/grafana",
		"adminUserName": "",
		"adminUserPassword": ""
	},
	"trustedHosts": [
		"localhost",
		"http://localhost:8080"
	],
	"graph": {
		"endpoint": "http://localhost:7474",
		"authToken": "",
		"boltEndPoint": "bolt://localhost:7687",
	},
	"postgre": {
		"userName": "",
		"password": "",
		"insightsDBUrl": "jdbc:postgresql://localhost:5432/insight",
		"grafanaDBUrl": "jdbc:postgresql://localhost:5432/grafana",
	},
	"messageQueue": {
		"host": "localhost",
		"user": "",
		"password": "",
	},
	"singleSignOnConfig": {
		"tokenSigningKey": "insights_IDP_CogDevops_SSO_Token_string",
	},
	"autheticationProtocol": "NativeGrafana",
	"insightsServiceURL": "http://localhost:8080"

Expand
titleServer Config configuration with Vault

Info

Installing fresh Insights application

  • Configure Vault with Storage Engine as PostgreSQL, all configuration steps mention in Vault Configuration with PostgreSQL DB

  • Add following minimum configuration inside Insights INSIGHTS_HOME\.InSights\server-config.json

    Code Block
    languagejson
    {
                    "vault": {
                                    "isVaultEnable": true,
                                    "vaultEndPoint": "http://10.10.90.42:8200/v1",
                                    "secretEngine": "database-insights",
                                    "vaultToken": "<vault root token>"
                    },
                    "grafana":{
                                    "grafanaEndpoint":"http://localhost:3000"
                    },
                    "trustedHosts":[
                                    "localhost"
                    ]
    }

  • Make sure that isVaultEnable = true with correct vault token, Vault is started and unsealed

  • Start Tomcat application

  • Login Insights UI with basic grafana credential using user ‘admin’ most probably password is ‘admin’

  • On successful login, It will load server configuration on UI, do the respective changes

  • Save the changes, It will store all your configuration in vault in encrypted format

  • If you want to edit any field in server configuration then use Insights UI

  • With Native Grafana authentication there is no need to restart tomcat, it automatically loads server config changes.

  • In case of SSO, initial login will be with initial grafana credential, do respective changes and restart tomcat.

Info

Upgrade Insights Application to Vault

  • Configure Vault with Storage Engine as “PostgreSQL” all configuration steps mention in Vault Configuration with PostgreSQL DB

  • Backup your existing server config json file

  • Add following minimum configuration inside Insights INSIGHTS_HOME\.InSights\server-config.json

    Code Block
    {
                    "vault": {
                                    "isVaultEnable": true,
                                    "vaultEndPoint": "http://10.10.90.42:8200/v1",
                                    "secretEngine": "database-insights",
                                    "vaultToken": "<vault root token>"
                    },
                    "grafana":{
                                    "grafanaEndpoint":"http://localhost:3000"
                    },
                    "trustedHosts":[
                                    "localhost"
                    ]
    }
  • Make sure that isVaultEnable = true with correct vault token, Vault is started and unsealed

  • Start Tomcat application

  • Login Insights UI with basic grafana credential using user ‘admin’ most probably password is ‘admin’

  • On successful login, It will load server configuration on UI, do the respective changes copy detail from your backup server config

  • Save the changes, It will store all your configuration in vault in encrypted format

  • If you want to edit any field in server configuration then use Insights UI

  • With Native Grafana authentication there is no need to restart tomcat, it automatically loads server config changes.

  • In case of SSO, initial login will be with initial grafana credential, do respective changes and restart tomcat.

Info
Upgrade Agent Changes with Vault

If existing application have agent configured with vault then it is mandatory to upgrade it using following steps

  • Login to Insights UI , go to Agent Configuration

  • Changes Agent version >= 7.3

  • Update all your secret again so that it will store in new vault  

  • Restart agent

  • New Agent Registration will affect with these changes

Expand
titleServer Config configuration without Vault
Info

Installing fresh Insights application

  • Either configuration start with minimum configuration mention below

    Code Block
    {
                    "vault": {
                                    "isVaultEnable": false,
                                    "vaultEndPoint": "",
                                    "secretEngine": "",
                                    "vaultToken": ""
                    },
                    "grafana":{
                                    "grafanaEndpoint":"http://localhost:3000"
                    },
                    "trustedHosts":[
                                    "localhost"
                    ]
    }

  • Start Tomcat application

  • Login Insights UI with basic grafana credential using user ‘admin’ most probably password is ‘admin’

  • On successful login, It will load server configuration on UI, do the respective changes

  • Server config changes store in file system with unencrypted format

  • With Native Grafana authentication there is no need to restart tomcat, it automatically loads server config changes.

  • In case of SSO, initial login will be with initial grafana credential, do respective changes and restart tomcat.

Another way is to configure server config directly on file system INSIGHTS_HOME\.InSights\server-config.json and restart tomcat and other services

Expand
titleComponents of server-config.json

Component

Significance

"endpointData": {
"elasticSearchEndpoint": "http://localhost:9200"
}

  • endpointData - It has the configuration for Elaticsearch database.

    • elasticSearchEndpoint - It is the server path, where Elasticsearch database is hosted.

"graph":{
"endpoint":"http://localhost:7474",
"authToken":"",
"boltEndPoint":"bolt://localhost:7687",
"maxIdleConnections":25
}

  • graph - This section refers to Neo4j database configurations.

    • endpoint - It is the server/hostname where Neo4j is hosted.

    • authToken - It is token for Neo4j authentication.

    • boltEndPoint - Its Neo4j boltEndPoint

    • maxIdleConnections - Maximum connection use for Neo4j (use only with java Neo4j driver)

"grafana": {
"grafanaEndpoint": "http://localhost:3000",
"grafanaDBEndpoint": "jdbc:postgresql://localhost:5432/grafana",
"adminUserName": "admin",
"adminUserPassword": "admin",
"dbUserName": "user",
"dbPassword": "password"
}

  • grafana - It contains the details of Grafana.

    • grafanaEndpoint - It is the web server location where Grafana is hosted.

    • grafanaDBEndpoint - It's the configuration to connect PostgreSQL database.

    • adminUserName - It is the username of admin for Grafana.

    • adminUserPassword - It is the corresponding password for the username of admin for Grafana.

    • dbUserName - It is the username to log intoPostgreSQL.

    • dbUserName - It is the corresponding password for the username to log into PostgreSQL.

"postgre": {
"userName" : "user",
"password" : "password",
"insightsDBUrl": "jdbc:postgresql://127.0.0.1:5432/insight",
"grafanaDBUrl": "jdbc:postgresql://127.0.0.1:5432/grafana"
}

  • postgre - This module has the configurations for PostgreSQL

    • userName - It is the username to log into PostgreSQL

    • password - It is the corresponding password for the username to log into PostgreSQL.

    • insightsDBUrl - It is the JDBC connectivity URL of Insights data storage index, which stores information related to Insights Application.

    • grafanaDBUrl - It is the JDBC connectivity URL of Grafana data storage index, which stores information related to Grafana.

"messageQueue": {
"host": "localhost",
"port": 5672,
"user": "",
"password": "",
"prefetchCount": 5,
"enableDeadLetterExchange":false

}

  • messageQueue - These are the configurations related to RabbitMQ server.

    • host - It is the host location at which RabbitMQ is running.

    • user - It is username to log into RabbitMQ application.

    • port - port of RabbitMQ application, If not defined then application connect to default port 5672

    • password - It is the corresponding password for the username to log into RabbitMQ application.

    • prefetchCount - It is to control the number of files consumed by the Insights Engine.The value should be calculated based on number of messages and system configuration.

    • enableDeadLetterExchange - Iftrue then this will enable DeadLetterExchange for RabbitMq, make sure that it enabled in Agent Daemon also


"agentDetails": {

"isOnlineRegistration":true,
"onlineRegistrationMode":"nexus",
"browseRepoUrl":"https://infra.cogdevops.com/service/rest/repository/browse/docroot/insights_install/release",
"downloadRepoUrl":"https://infra.cogdevops.com/repository/docroot/insights_install/release,
"nexusUserName":"",
"nexusPassword":"",
"docrootUrl":"https://platform.cogdevops.com//insights_install/release",
"offlineAgentPath":"D:\Project\Insights\InSights_Windows\Agents\offlineAgent",
"unzipPath":"D:\Project\Insights\InSights_Windows\Agents\PlatformAgents\unzip",
"agentExchange":"iAgent",
"agentPkgQueue":"INSIGHTS.AGENTS.PACKAGE"

}

  • agentDetails - These are the configurations needed to setup agents in Insights Application.

    • isOnlineRegistration : This property is used to decide mode of agent registration online or offline

    • onlineRegistrationMode : It is server from where you are downloading Agent package nexus or docroot, After 7.0 we migrated all package on nexus.

    • browseRepoUrl - use browse agent package in online mode

    • downloadRepoUrl - use to download agent package in online mode

    • docrootUrl - It is the location from which agent would be downloaded in a zip file.

    • unzipPath - It is the local system path where the downloaded zip file would be extracted.

    • agentExchange - It is the channel where agent related data exchanges will take place.

    • agentPkgQueue - It is the queue name where all the various agents will be queued. This is use by daemon agent for connnection

"queryCache": 
{
     "esCacheIndex": "neo4j-cached-results-custom"
}

  • queryCache - This configuration helps us to set custom Neo4j data source's query caching index in Elasticsearch.
    esCacheIndex - It is the custom index of Elaticsearch where cache results will be stored.

  • For more detail check Query Caching

"insightsServiceURL": "https://localhost:8080"

  • insightsServiceURL - It is the web server host and port where "PlatformService.war" file is deployed and run.

"insightsTimeZone": "US/Central"

  • insightsTimeZone - It is the local timezone of the country/place.

"enableOnlineDatatagging": true

  • enableOnlineDatatagging - This property is required to enable/disable Business Mapping on data.

"enableOnlineBackup": true

  • enableOnlineBackup - This property is required to enable the backup when the Engine is running.

"autheticationProtocol":"NativeGrafana"

  • autheticationProtocol- This property is used to set particular authentication protocol . For Native Grafana use "NativeGrafana", For SAML use "SAML"

"emailConfiguration": {
"sendEmailEnabled": false,
"smtpHostServer": "",
"smtpPort": "",
"smtpUserName": "",
"smtpPassword": "",
"isAuthRequired": true,
"smtpStarttlsEnable": true,
"mailFrom": "onedevops@cogdevops.com",
"mailTo": "",
"subject": "Health Status - {TimeOfReportGeneration}",
"emailBody": "Hi Team, Attaching the report File",
"systemNotificationSubscriber": ""
}

This section use to configure Email

  • sendEmailEnabled : if true then Email functionality enabled

  • smtpHostServer : SMTP server Host

  • smtpPort : SMTP server port

  • smtpUserName : SMTP username Detail

  • smtpPassword : SMTP username

  • isAuthRequired : if true then SMTP authentication enable

  • smtpStarttlsEnable : SMTP ttl enable

  • mailFrom : Mail from email id

  • mailTo : No need to configure, configure it from UI like Report Management

  • emailBody : This is aonly use for Health check Naotification page

  • systemNotificationSubscriber : Only use for Health check Notification messages

"singleSignOnConfig": {
"entityId": "",
"appId": "",
"metadataUrl": "",
"metdataFilePath": "",
"keyStoreFilePath": "C:\InSights_Windows\Server2\INSIGHTS_HOME\.InSights\saml-keystore.jks",
"keyAlias": "",
"keyPass": "",
"keyStorePass": "",
"appBaseUrl": "baseURL",
"relayStateUrl": "relayStateUrl",
"defaultTargetUrl": "defaultTargetUrl",
"postLogoutURL": "logoutURL",
"tokenSigningKey": "insights_IDP_CogDevops_SSO_Token_string",
"servicePrincipalKerberos": "",
"keyTabLocationKerberos": "C:\InSights_Windows\Server2\INSIGHTS_HOME\.InSights\kerberos_keytab_file.keytab"
}

  • entityId: Identifier (Entity ID) for your SMAL configuration

  • appId:copy app id from App Federation Metadata Url

  • metadataUrl:App Federation Metadata Url

  • metdataFilePath :Download SAML Signing Certificate from sso provider site and store it in INSIGHTS_HOME

  • keyStoreFilePath:path of certificae like saml-keystore.jks, Download this certificate from your sso provider URL

  • keyAlias :saml-keystore.jks username

  • keyPass :saml-keystore.jks password

  • keyStorePass :saml-keystore.jks password

  • appBaseUrl :Application service Host URL, Example <https://<HostOrDomainName>/PlatformService>

  • relayStateUrl :SSO login UI page URL, Example <https://<HostOrDomainName>/app/#/ssologin>

  • defaultTargetUrl :Application user authenticate url, Example <https://<HostOrDomainName>/user/authenticate>

  • postLogoutURL :SAML or SSO provider logout URL, Example value https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0

  • tokenSigningKey :This is use as secrete key to sign JWT token,It should be 128 character ,Example value:"insights_IDP_CogDevops_SSO_Token_string"

  • servicePrincipalKerberos: Use during Kerberos Authentication protocol for service Principal Kerberos

  • keyTabLocationKerberos: Use during Kerberos Authentication protocol for Keytab location

"assessmentReport": {
"outputDatasource": "NEO4J",
"maxWorkflowRetries": 3,
"fusionExportAPIUrl": "http://localhost:1337/api/v2.0/export"
}

This functionality user for Reporting feature

  • outputDatasource : Datasouce for KPI query execution

  • maxWorkflowRetries : No of retires for Report execution if not executed correctly

  • fusionExportAPIUrl : User for Fusion Report

"proxyConfiguration":{
"isEnableProxy":false,
"proxyHost":"",
"proxyPort":0,
"proxyUsername":"",
"proxyPassword":""

}

This block help user to add proxy information, proxy information is mainly use in online agent registration/update

isEnableProxy : if true then it denote that Insights Application use proxy

proxyHost : Proxy host information

proxyPort : Proxy port information

proxyUsername : Proxy user information if needed, If no user information required then keep this filed blank

proxyPassword : Proxy user password if needed, If no password required then keep this filed blank

...