Table of Contents |
---|
Introduction
Kiuwan on premise On-Premises installer is a powerful tool that suits multiple environment scenarios:
...
It is mandatory for any host where Kiuwan on Premises On-Premisess is installed to meet these requirements:
...
Please make sure your host machines have connection to these servers when installing Kiuwan on On-Premises:
Host | Needed when | Purpose |
---|---|---|
https://hub.docker.com | Installing | This is the main Docker server where the needed images will be pulled from. |
https://static.kiuwan.com | Installing | This is Kiuwan's static content server, needed by the installer to download needed resources. |
https://api.kiuwan.com | You own a Kiuwan on On-Premises Insights license, both for installing and running | This is Kiuwan's central API endpoint, needed to update Insights vulnerabilities database. |
...
- 14GB of RAM and a processor with 8 cores for Kiuwan on On-Premises.
It is recommended that you overscale these characteristics for the OS to have resources available for itself.
The Kiuwan
...
On-Premises installation tool (kiuwan-cluster)
The Kiuwan on On-Premises installation process is carried out by our "kiuwan-cluster" tool.
...
Resource | Purpose |
---|---|
/config/volumes.properties | Configuration file to set where your persistent volumes will reside. |
/docker/*.sh | Advanced shell scripts to interact with your Kiuwan on premise On-Premises installation. |
/logs | The folder where the tool will write installation logs. |
/ssl | Tools that ease the certificate creation to keep Kiuwan on premise On-Premises under a secure environment. |
/user-content | The folder where you will have to put some resources the installation process will need. |
/volumes | The base persistent volumes (that may be copied to different locations depending on your installation needs). |
*.sh | Main shell scripts to interact with your Kiuwan on premise On-Premise installation. |
The following sections will guide you through the installation process.
...
The first step is to download kiuwan-cluster (the Kiuwan on On-Premises installation tool). It can be downloaded directly from a terminal like this:
...
In order to be able to start a Kiuwan on On-Premises installation, you will need two license files:
...
Step 4: download and copy the needed driver version for MySQL
Kiuwan on premise On-Premises needs this exact MySQL driver:
...
The installation tool comes with the base volumes to boot a first installation of Kiuwan on premisesOn-Premises. We provide three volumes:
...
Follow this section if you want to proceed and install Kiuwan on premise On-Premises with no further customization.
The defaults will install Kiuwan on premise On-Premisess with these characteristics:
- Single-host installation, including these services (see System architecture for more details):
- Apache as a load balancer.
- A Kiuwan front instance.
- A Kiuwan analyzer instance.
- A Kiuwan scheduler instance.
- MySQL database.
- Redis cluster.
- HTTPS support when accessing Kiuwan and between the loadbalancer and Kiuwan instances.
- Kiuwan on On-Premises deployed in the default domain (https://kiuwan.onpremise.local).
...
This will copy the user-content files to the configured volumes and set the needed permissions.
Step 2: install Kiuwan
...
On-Premises
On a terminal, navigate to the [INSTALL_DIR] folder and execute this command:
...
- Download and run the needed Docker images.
- Install the database resources for Kiuwan on premisesOn-Premises.
- Download the latest available Local Analyzer, Engine and Kiuwan for Developers to make them available in your installation.
- Install the engine data in your Kiuwan on On-Premises database.
- Autogenerate the needed configuration for each Kiuwan instance.
- Run all the needed containers.
Once the installation is finisished please refer to the Accessing your Kiuwan on On-Premises installation section.
...
Property | Default value | Meaning |
---|---|---|
Access configuration | ||
kiuwan.protocol | https | Kiuwan default access protocol |
kiuwan.domain | kiuwan.onpremise.local | Kiuwan default domain |
kiuwan.port | 443 | Kiuwan default access port |
Mailing configuration | ||
kiuwan.mail.host | Email server host | |
kiuwan.mail.port | Email server port | |
kiuwan.mail.username | Email server username | |
kiuwan.mail.password | Email server password | |
kiuwan.mail.from | Email account you want Kiuwan to use when sending emails | |
kiuwan.default.mail.account | Email account to set to the built-in Kiuwan users | |
Kiuwan instances shared configuration | ||
timezone | Europe/Madrid | Kiuwan servers timezone |
Kiuwan front instances configuration | ||
kiuwan.nodes.front.max.memory | 1024m | Max memory to set to front instances |
session.timeout | 3600 | Time a session can be inactive before close it (in seconds) |
session.secure | false | Use the secure attribute of the session cookie |
session.httponly | false | Use the httponly attribute of the session cookie |
Kiuwan analyzer instances configuration | ||
kiuwan.nodes.analyzers.max.memory | 1024m | Max memory to set to analyzer instances |
queues.reportsGeneratedQueueSize | 2 | Number of slots enabled for analysis processing |
Kiuwan scheduler instances configuration | ||
kiuwan.nodes.schedulers.max.memory | 1024m | Max memory to set to front instances |
Kiuwan file repositories configuration | ||
centralFileRepository.type | filesystem | Central file repository storage type [filesystem|s3] |
sourceCodeFileRepository.type | filesystem | Source code repository storage type [filesystem|s3] |
Amazon S3 bucket configuration (only applies when using AWS S3 type repositories) | ||
s3.privateBucket.bucketName | S3 bucket name | |
s3.privateBucket.subDirectoryName | S3 subdirectory name | |
s3.privateBucket.accessKeyId | Access key id | |
s3.privateBucket.secretKeyId | Secret key id | |
s3.dir.centralFileRepository | Central file repository directory | |
s3.dir.sourceCodeFileRepository | Source code file repository directory | |
MySQL configuration | ||
mysql.host | mysqlkiuwan | MySQL server host |
mysql.port | 3306 | MySQL server port |
mysql.username | csaas | MySQL server username |
mysql.password | MySQL server password | |
mysql.config.useSSL | false | Enable or disable the use of encryption when connecting to MySQL |
mysql.config.requireSSL | false | Force the use of encryption when connecting to MySQL |
mysql.config.verifyServerCertificate | false | Force the validation of the certificate served MySQL |
Redis Cluster cache and store configuration | ||
redis.[cache|store].nodes | redis_0000[1-6]:6379 | Redis nodes hosts (use the provided single host name when using elasticache) |
redis.[cache|store].timeout | 2000 | Redis connection timeout |
redis.[cache|store].password | Redis password | |
redis.[cache|store].clientName | Redis client name | |
SSL configuration | ||
java.keystore.password | Java keystore password. This must be aligned with the generated keystore password (in case you change the default Kiuwan host name) | |
java.truststore.password | Java truststore password. This must be aligned with the generated truststore password (in case you change the default Kiuwan host name) |
Accessing your Kiuwan
...
On-Premises installation
In order to access your Kiuwan on premises On-Premises installation you should follow a few more steps.
Step 1: add your domain to your local network DNS
To access your Kiuwan on On-Premises installation you should take into account whether the selected domain is available in the DNSs your local network may use.
...
Please refer to the Adding the provided or a custom CA to Kiuwan on premiseOn-Premises' s clients section for a complete explanation on how to handle this depending on your installation configuration.
...
Note that although the installation process may have finished, the Kiuwan servers may need some minutes to start up. Please wait if you receive a "404 - Not Found" error message when accessing Kiuwan on On-Premises.
Step 4: access Kiuwan
...
On-Premises
Accessing the web application
Once the previous steps have been done, you should be able to access Kiuwan on On-Premises entering your Kiuwan host in your browser which by default is:
...
You will access you Kiuwan on premise installationOn-Premisesinstallation's main login page:
Exploiting Kiuwan REST API
To access your Kiuwan on premises On-Premises installation via its REST API, you should point to this URL:
...
Configuring Kiuwan for Developers
To configure install Kiuwan for developers and other Kiuwan Developers plugins , you should configure your Kiuwan URL in the configuration form provided by each of these plugins. Please refer to Kiuwan for Developers page for more information.
Default users
point to the corresponding download endpoint for each Kiuwan for Developers distribution:
IDE distribution | How to install | URL |
---|---|---|
Eclipse | Add a new updatesite | https://[KIUWAN_DOMAIN]/pub/updatesite |
JetBrains | Add a new custom plugin repository | https://[KIUWAN_DOMAIN]/pub/jetbrains/plugins.xml |
Visual Studio | Add an extension gallery | https://[KIUWAN_DOMAIN]/pub/vsgallery/atom.xml |
Visual Studio Code | Download the extension package file and use the "Install from VSIX" option | https://[KIUWAN_DOMAIN]/pub/vscode/k4d-vscode.vsix |
Please refer to Kiuwan for Developers page for more information.
Default users
Kiuwan On-Premises Kiuwan on premise supplies two user accounts:
...