Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Depending on your needs, a different installation approach will be needed. Check this installation guide for details on how to proceed and to find the solution that best fits your requirements.

...

It is mandatory for any host where a Kiuwan on premises service Premises is installed to meet this these requirements:

  • Linux distribution
  • Linux kernel version 3.10 or higher
  • Connectivity to SMTP Mail Server.
  • Internet connectivity during the installation process (see Installation guide).
  • Installing user must be root or have sudo privileges.

These software is softwares are also needed:

  • Docker CE >=19.03.2
  • Docker-compose >= 1.24.1
  • Unzip
  • GNU tar
  • Java Runtime Environment >=8 (needed to generate keystores for custom hosts).
  • Openssl >= 1.1.1 (needed to generate certificates for custom hosts).
Info

Please follow Docker official recommendations when installing Docker. These URLs describe the installation process for different Linux distributions:

We also recommend using the target installation hosts exclusively for Kiuwan services. If you plan on running other containers than Kiuwan's in a single-host installation, please make sure that non none of them is are using the following network:

172.172.0.0/16

...

Please make sure your host machines have connection to this these servers when installing Kiuwan on premisesPremises:

HostNeeded whenPurpose
https://hub.docker.comInstallingThis is the main Docker server where the needed images will be pulled from.
https://static.kiuwan.comInstallingThis is Kiuwan's static content server, needed by the installer to download needed resources.
https://api.kiuwan.com

You own a Kiuwan on premises Premises Insights license, both for installing and running

This is Kiuwan's central API endpoint, needed to update Insights vulnerabilities database.

...

Note: CPU clock speed and disk speed will affect overal overall response time. 

With the configuration above above configuration, a system with the following load should give continuous service without problems:

...

  • 14GB of RAM and a processor with 8 cores for Kiuwan on premisesPremises.

It is recommended that you overscale these characteristics for the OS to have resources available for itself.

The Kiuwan on

...

Premises installation tool (kiuwan-cluster)

The Kiuwan on premise Premises installation process is carried out by our "kiuwan-cluster" tool.

...

  • [INSTALL_DIR]: where the installation tool (kiuwan-cluster) will be located.
  • [VOLUMES_DIR]: where the persistent volumen volumes will be located.

Sometimes this these folders will be referenced inside command line examples. Please make sure you replace any of them with the needed real path.

Note that it is up to you where this these folders will be located.

Step 1: download kiuwan-cluster

The first step is to download kiuwan-cluster , (the Kiuwan on premises Premises installation tool). It can be downloaded directly from a terminal like this:

Code Block
languagebash
wget https://static.kiuwan.com/download/onpremise/kiuwan-cluster.tar.gz

This will download download the latest available installation tool to the current directory the latest available installation tool.

Step 2: untar kiuwan-cluster

Once downloaded, you should untar the provided gz file:

...

This folder will be referred to as [INSTALL_DIR] through throughout this guide.

Step 3: copy license files

In order to be able to start a Kiuwan on premises Premises installation, you will need two license files:

...

Copy the provided volumes to a your desired location of your desire:

Code Block
languagebash
sudo cp -rp [INSTALL_DIR]/volumes/config-shared [VOLUMES_DIR]/config-shared
sudo cp -rp [INSTALL_DIR]/volumes/data-shared [VOLUMES_DIR]/data-shared
sudo cp -rp [INSTALL_DIR]/volumes/data-local [VOLUMES_DIR]/data-local
Info

Take note of the locations you choose for each volume. You will need these paths for the next installation step.

Step 6: configure the created volume paths

...

Kiuwan needs an working and accessible e-mail server to send notifications.

Edit with your favourite preferred editor the main configuration file, found in your [VOLUMES_DIR]:

Code Block
sudo vim [VOLUMES_DIR]/config-shared/globalConfig.properties

...

Info

Please note that this is the file located in your [VOLUMES_DIR], not in the [INSTALLER_DIR], which only contains the base volumes.

Edit the following properties under the section named "Kiuwan instances shared configuration":

...

  • Single-host installation, including this these services (see System architecture for more details):
    • Apache as a load balancer.
    • A Kiuwan front instance.
    • A Kiuwan analyzer instance.
    • A Kiuwan scheduler instance.
    • MySQL database.
    • Redis cluster.
  • HTTPS support when accessing Kiuwan and between the loadbalancer and kiuwan Kiuwan instances.
  • Kiuwan on premises Premises deployed in the default domain (https://kiuwan.onpremise.local).

...

  • Download and run the needed Docker images.
  • Install the database resources for Kiuwan on premises.
  • Download the latest available Local Analyzer, Engine and Kiuwan for Developers to make them available in your installation.
  • Install the engine data in your Kiuwan on premises Premises database.
  • Autogenerate the needed configuration for each kiuwan Kiuwan instance.
  • Run all the needed containers.

Once the installation is finisished please refere refer to the Installation guide Accessing your Kiuwan on Premises installation section.

Installation: advanced configuration

...

Here is a complete list of the properties you can configure and their meaning (default passwords are ommitedomitted):

PropertyDefault valueMeaning
Access configuration
kiuwan.protocolhttpsKiuwan default access protocol
kiuwan.domainkiuwan.onpremise.localKiuwan default domain
kiuwan.port443Kiuwan default access port
Mailing configuration
kiuwan.mail.host Email server host
kiuwan.mail.port Email server port
kiuwan.mail.username Email server username
kiuwan.mail.password Email server password
kiuwan.mail.from Email account you want Kiuwan to use when sending emails
kiuwan.default.mail.account Email account to set to the built-in Kiuwan users
Kiuwan instances shared configuration
timezoneEurope/MadridKiuwan servers timezone
Kiuwan front instances configuration
kiuwan.nodes.front.max.memory1024mMax memory to set to front instances
session.timeout3600Time a session can be inactive before close it (in seconds)
session.securefalseUse the secure attribute of the session cookie
session.httponlyfalseUse the httponly attribute of the session cookie
Kiuwan analyzer instances configuration
kiuwan.nodes.analyzers.max.memory1024mMax memory to set to analyzer instances
queues.reportsGeneratedQueueSize2Number of slots enabled for analysis processing
Kiuwan scheduler instances configuration
kiuwan.nodes.schedulers.max.memory1024mMax memory to set to front instances
Kiuwan file repositories configuration
centralFileRepository.typefilesystemCentral file repository storage type [filesystem|s3]
sourceCodeFileRepository.typefilesystemSource code repository storage type [filesystem|s3]
Amazon S3 bucket configuration (only applies when using AWS S3 type repositories)
s3.privateBucket.bucketName S3 bucket name
s3.privateBucket.subDirectoryName S3 subdirectory name
s3.privateBucket.accessKeyId Access key id
s3.privateBucket.secretKeyId Secret key id
s3.dir.centralFileRepository Central file repository directory
s3.dir.sourceCodeFileRepository Source code file repository directory
MySQL configuration
mysql.hostmysqlkiuwanMySQL server host
mysql.port3306MySQL server port
mysql.usernamecsaasMySQL server username
mysql.password MySQL server password
mysql.config.useSSLfalseEnable or disable the use of encryption when connecting to MySQL
mysql.config.requireSSLfalseForce the use of encryption when connecting to MySQL
mysql.config.verifyServerCertificatefalseForce the validation of the certificate served MySQL
Redis Cluster cache and store configuration
redis.[cache|store].nodesredis_0000[1-6]:6379Redis nodes hosts (use the provided single host name when using elasticache)
redis.[cache|store].timeout2000Redis connection timeout
redis.[cache|store].password Redis password
redis.[cache|store].clientName Redis client name
SSL configuration
java.keystore.password Java keystore password. This must be aligned with the generated keystore password (in case you change the default Kiuwan host name)
java.truststore.password Java truststore password. This must be aligned with the generated truststore password (in case you change the default Kiuwan host name)

Accessing your Kiuwan on

...

Premises installation

To access your Kiuwan on premises Premises installation you should take into account whether the selected domain is available in the DNSs your local network may use.

...

Code Block
192.168.0.56 kiuwan.onpremise.local

Note that although the installation proccess process may have finished, the Kiuwan servers may need some minutes to start up. Please wait if you receive a "404 - Not Found" error message when accessing Kiuwan on premisePremises.

Once the previous steps have been done, you should be able to access Kiuwan on premises Premises entering your Kiuwan host in your browser:

...

Handling trusted certificates warning messages in your browser  and clients 

Kiuwan on premises Premises installer tool provides default certificates for the default host name, signed by a supplied CA (Certificate Authority).

...