...
Depending on your needs, a different installation approach will be needed. Check this installation guide for details on how to proceed and to find the solution that best fits your requirements.
...
It is mandatory for any host where a Kiuwan on premises service Premises is installed to meet this these requirements:
- Linux distribution
- Linux kernel version 3.10 or higher
- Connectivity to SMTP Mail Server.
- Internet connectivity during the installation process (see Installation guide).
- Installing user must be root or have sudo privileges.
These software is softwares are also needed:
- Docker CE >=19.03.2
- Docker-compose >= 1.24.1
- Unzip
- GNU tar
- Java Runtime Environment >=8 (needed to generate keystores for custom hosts).
- Openssl >= 1.1.1 (needed to generate certificates for custom hosts).
Info |
---|
Please follow Docker official recommendations when installing Docker. These URLs describe the installation process for different Linux distributions:
We also recommend using the target installation hosts exclusively for Kiuwan services. If you plan on running other containers than Kiuwan's in a single-host installation, please make sure that non none of them is are using the following network: 172.172.0.0/16 |
...
Please make sure your host machines have connection to this these servers when installing Kiuwan on premisesPremises:
Host | Needed when | Purpose |
---|---|---|
https://hub.docker.com | Installing | This is the main Docker server where the needed images will be pulled from. |
https://static.kiuwan.com | Installing | This is Kiuwan's static content server, needed by the installer to download needed resources. |
https://api.kiuwan.com | You own a Kiuwan on premises Premises Insights license, both for installing and running | This is Kiuwan's central API endpoint, needed to update Insights vulnerabilities database. |
...
Note: CPU clock speed and disk speed will affect overal overall response time.
With the configuration above above configuration, a system with the following load should give continuous service without problems:
...
- 14GB of RAM and a processor with 8 cores for Kiuwan on premisesPremises.
It is recommended that you overscale these characteristics for the OS to have resources available for itself.
The Kiuwan on
...
Premises installation tool (kiuwan-cluster)
The Kiuwan on premise Premises installation process is carried out by our "kiuwan-cluster" tool.
...
- [INSTALL_DIR]: where the installation tool (kiuwan-cluster) will be located.
- [VOLUMES_DIR]: where the persistent volumen volumes will be located.
Sometimes this these folders will be referenced inside command line examples. Please make sure you replace any of them with the needed real path.
Note that it is up to you where this these folders will be located.
Step 1: download kiuwan-cluster
The first step is to download kiuwan-cluster , (the Kiuwan on premises Premises installation tool). It can be downloaded directly from a terminal like this:
Code Block | ||
---|---|---|
| ||
wget https://static.kiuwan.com/download/onpremise/kiuwan-cluster.tar.gz |
This will download download the latest available installation tool to the current directory the latest available installation tool.
Step 2: untar kiuwan-cluster
Once downloaded, you should untar the provided gz file:
...
This folder will be referred to as [INSTALL_DIR] through throughout this guide.
Step 3: copy license files
In order to be able to start a Kiuwan on premises Premises installation, you will need two license files:
...
Copy the provided volumes to a your desired location of your desire:
Code Block | ||
---|---|---|
| ||
sudo cp -rp [INSTALL_DIR]/volumes/config-shared [VOLUMES_DIR]/config-shared sudo cp -rp [INSTALL_DIR]/volumes/data-shared [VOLUMES_DIR]/data-shared sudo cp -rp [INSTALL_DIR]/volumes/data-local [VOLUMES_DIR]/data-local |
Info |
---|
Take note of the locations you choose for each volume. You will need these paths for the next installation step. |
Step 6: configure the created volume paths
...
Kiuwan needs an working and accessible e-mail server to send notifications.
Edit with your favourite preferred editor the main configuration file, found in your [VOLUMES_DIR]:
Code Block |
---|
sudo vim [VOLUMES_DIR]/config-shared/globalConfig.properties |
Info |
---|
...
Please note that this is the file located in your [VOLUMES_DIR], not in the [INSTALLER_DIR], which only contains the base volumes. |
Edit the following properties under the section named "Kiuwan instances shared configuration":
...
- Single-host installation, including this these services (see System architecture for more details):
- Apache as a load balancer.
- A Kiuwan front instance.
- A Kiuwan analyzer instance.
- A Kiuwan scheduler instance.
- MySQL database.
- Redis cluster.
- HTTPS support when accessing Kiuwan and between the loadbalancer and kiuwan Kiuwan instances.
- Kiuwan on premises Premises deployed in the default domain (https://kiuwan.onpremise.local).
...
- Download and run the needed Docker images.
- Install the database resources for Kiuwan on premises.
- Download the latest available Local Analyzer, Engine and Kiuwan for Developers to make them available in your installation.
- Install the engine data in your Kiuwan on premises Premises database.
- Autogenerate the needed configuration for each kiuwan Kiuwan instance.
- Run all the needed containers.
Once the installation is finisished please refere refer to the Installation guide Accessing your Kiuwan on Premises installation section.
Installation: advanced configuration
...
Here is a complete list of the properties you can configure and their meaning (default passwords are ommitedomitted):
Property | Default value | Meaning |
---|---|---|
Access configuration | ||
kiuwan.protocol | https | Kiuwan default access protocol |
kiuwan.domain | kiuwan.onpremise.local | Kiuwan default domain |
kiuwan.port | 443 | Kiuwan default access port |
Mailing configuration | ||
kiuwan.mail.host | Email server host | |
kiuwan.mail.port | Email server port | |
kiuwan.mail.username | Email server username | |
kiuwan.mail.password | Email server password | |
kiuwan.mail.from | Email account you want Kiuwan to use when sending emails | |
kiuwan.default.mail.account | Email account to set to the built-in Kiuwan users | |
Kiuwan instances shared configuration | ||
timezone | Europe/Madrid | Kiuwan servers timezone |
Kiuwan front instances configuration | ||
kiuwan.nodes.front.max.memory | 1024m | Max memory to set to front instances |
session.timeout | 3600 | Time a session can be inactive before close it (in seconds) |
session.secure | false | Use the secure attribute of the session cookie |
session.httponly | false | Use the httponly attribute of the session cookie |
Kiuwan analyzer instances configuration | ||
kiuwan.nodes.analyzers.max.memory | 1024m | Max memory to set to analyzer instances |
queues.reportsGeneratedQueueSize | 2 | Number of slots enabled for analysis processing |
Kiuwan scheduler instances configuration | ||
kiuwan.nodes.schedulers.max.memory | 1024m | Max memory to set to front instances |
Kiuwan file repositories configuration | ||
centralFileRepository.type | filesystem | Central file repository storage type [filesystem|s3] |
sourceCodeFileRepository.type | filesystem | Source code repository storage type [filesystem|s3] |
Amazon S3 bucket configuration (only applies when using AWS S3 type repositories) | ||
s3.privateBucket.bucketName | S3 bucket name | |
s3.privateBucket.subDirectoryName | S3 subdirectory name | |
s3.privateBucket.accessKeyId | Access key id | |
s3.privateBucket.secretKeyId | Secret key id | |
s3.dir.centralFileRepository | Central file repository directory | |
s3.dir.sourceCodeFileRepository | Source code file repository directory | |
MySQL configuration | ||
mysql.host | mysqlkiuwan | MySQL server host |
mysql.port | 3306 | MySQL server port |
mysql.username | csaas | MySQL server username |
mysql.password | MySQL server password | |
mysql.config.useSSL | false | Enable or disable the use of encryption when connecting to MySQL |
mysql.config.requireSSL | false | Force the use of encryption when connecting to MySQL |
mysql.config.verifyServerCertificate | false | Force the validation of the certificate served MySQL |
Redis Cluster cache and store configuration | ||
redis.[cache|store].nodes | redis_0000[1-6]:6379 | Redis nodes hosts (use the provided single host name when using elasticache) |
redis.[cache|store].timeout | 2000 | Redis connection timeout |
redis.[cache|store].password | Redis password | |
redis.[cache|store].clientName | Redis client name | |
SSL configuration | ||
java.keystore.password | Java keystore password. This must be aligned with the generated keystore password (in case you change the default Kiuwan host name) | |
java.truststore.password | Java truststore password. This must be aligned with the generated truststore password (in case you change the default Kiuwan host name) |
Accessing your Kiuwan on
...
Premises installation
To access your Kiuwan on premises Premises installation you should take into account whether the selected domain is available in the DNSs your local network may use.
...
Code Block |
---|
192.168.0.56 kiuwan.onpremise.local |
Note that although the installation proccess process may have finished, the Kiuwan servers may need some minutes to start up. Please wait if you receive a "404 - Not Found" error message when accessing Kiuwan on premisePremises.
Once the previous steps have been done, you should be able to access Kiuwan on premises Premises entering your Kiuwan host in your browser:
...
Handling trusted certificates warning messages in your browser and clients
Kiuwan on premises Premises installer tool provides default certificates for the default host name, signed by a supplied CA (Certificate Authority).
...