Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This guide covers most of the advanced installation procedures that you may need to implement.

Modifying the default domain

The default configuration sets "kiuwan.onpremise.local" as the default domain to access Kiuwan On-Premises.

We encourage you to change the default domain, but take into account that this means updating the provided certificates to keep your installation connections secure.

Step 1:

...

Edit the global configuration file

Using your preferred editor, open the default configuration file located in your config-shared volume:

Code Block
languagebash
sudo vim

...


[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Edit these properties (kiuwan.port is only needed if you want to use https under a different port than the default 443):

...


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Set kiuwan.domain as kiuwan.onpremise.local 

Image Added

...

Step 2:

...

Update load balancer configuration

Once you have selected your new domain and if you are using the provided Apache load balancer, you should edit the main Apache configuration file:

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf 


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Edit this line and change the default domain (kiuwan.onpremise.local) to your new domain:

Code Block
Define kiuwanDomain 
kiuwan.onpremise.local

Image Added
If you have externalized the provided Apache load balancer, you should edit the equivalent configuration file to set the new domain.

Step 3:

...

Generate new certificates

Please refer to the Managing certificates guide and follow the needed steps depending on your needs.

Once this is done, you should have these files under the [INSTALLER_DIR]/user-content/certs folder:

  • cacert.pem
  • domainkey.pem
  • domaincert.pem
  • domainkeystore.jks
  • truststore.jks

Step 4:

...

Complete your installation

If you are performing a new Kiuwan On-Premises installation, please refer to the steps indicated in the following sections, depending on your installation needs:

If you have already installed Kiuwan On-Premises, you

...

need to stop your containers, update the deployed configuration, and restart them. To do so, execute these commands:

Code Block
languagebash
cd [INSTALLER_DIR]
sudo ./stop-all.sh
cd [INSTALLER_DIR]/docker
sudo ./update.sh
cd [INSTALLER_DIR]
sudo ./start-all.sh


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Step 5:

...

Update your DNS or hosts files

If you are modifying an existing Kiuwan On-Premises installation, you will need to update your DNS or hosts files.

Note that if you have generated new certificates signed by a different CA than the one that signed the previous ones, you should update your Kiuwan On-Premises clients' certificates or truststores.

...

 

  • Add kiuwan.onpremise.local to your hosts file.

For testing purposes or if you choose the second option, edit this file in the host where you plan to access Kiuwan from:

  • Windows OS: C:\Windows\System32\drivers\etc\hosts
  • Linux OS: /etc/hosts

Add the following entry to the previous file:

Code Block
[kiuwan_on_premise_host_ip] 
[kiuwan_on_premise_host]

Image Added

...

Modifying access protocols

Kiuwan On-Premises installation supports configuring access protocols for:

  • Apache load balancer: HTTPS (default protocol) or HTTP.
  • Kiuwan front instances: HTTPS (default protocol), HTTP, or AJP.

If you need to change the default access protocols, please take into account:

  • Apache load balancer configuration must be manually modified, both when using the provided services or when externalizing it.
  • Plaintext connections are not secure.

Step 1:

...

Configure Apache load balancer access protocol

In case you are using the provided Apache service for load balancing or your own Apache as a front-end server, you should manually configure how it accesses Kiuwan, by editing its configuration file. For the provided services you can edit the file like this:

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Look for the balancer proxy definition (<Proxy "balancer://mycluster">) and make sure the used protocol matches your needs.

The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through AJP protocol:

Code Block
languagexml
BalancerMember "ajp://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1
BalancerMember "ajp://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1

The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through HTTP protocol:

Code Block
languagexml
BalancerMember "http://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=1 hcinterval=15 hcfails=2
BalancerMember "http://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=

...

1 hcinterval=15 hcfails=

...

2

Note that if you are not using a front-end server because you want to access directly to a single Kiuwan front instance, you will be forced to use either HTTPS or HTTP protocols

...

to be able to access Kiuwan On-Premises from a web browser.

...

Warning

If you are combining HTTPS access to the Apache load balancer service with HTTP access to Kiuwan front instances, make sure the following directive is turned off in your httpd.conf file, just like this:

Code Block
languagebash
ProxyPreserveHost Off


Step 2: Configure Kiuwan front instances access protocol

Kiuwan On-Premises front instances expose a single port for communicating either by using HTTPS, HTTP, or AJP protocols. To configure the protocol to use, edit the main configuration file located in your config-shared volume:

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Look for the "kiuwan-nodes.access.protocol property and set its value to either "https", "http" or "ajp" depending on the protocol you want to use. For example, to use the AJP protocol:

Code Block
languagejava
kiuwan-nodes.access.protocol=ajp

Note that this only sets how Kiuwan front servers are configured. You must configure how Kiuwan will generate access URLs for you by following the next step.

Step 3: Configure client access protocol for URL generation

Kiuwan instances need to know how you are accessing your Kiuwan On-Premises installation to correctly generate dynamic URLs. To configure this, edit the main configuration file, located in your config-shared volume:

Code Block
languagebash
sudo vim 

Step 2: configure Kiuwan front instances access protocol

 

Step 3: configure client access protocol for URL generation

 

Modifying exposed ports

Kiuwan On-Premises installation supports changing the ports exposed by each of these services:

  • Apache load balancer.
  • Kiuwan front instances.
  • MySQL database.

Externalizing services

Kiuwan On-Premises uses three main services under its infrastructure's hood:

  • Apache: used as a load balancer when multiple Kiuwan frontal instances are running.
  • Redis: an in-memory cache to speed up response times.
  • MySQL: Kiuwan's main database.

If you want to use your own services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.

Configuring services to externalize

First of all, you will need to edit the main configuration file and mark which services you want to externalize:

[VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

...

This table shows the properties you should modify when externalizing each service:

ServicePropertyDefault value
Apachekiuwan.externalize.apacheloadbalancerfalse
Rediskiuwan.externalize.redis.[cache|storage]false
MySQLkiuwan.externalize.mysqlfalse

When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your own services.

Externalizing Apache

When externalizing this service you should take into account that:

  • Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its own host name.
  • Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to  Changing exposed ports for more information.
  • In case you are accessing through https scheme, you should provide your frontal service the needed certificates in order to make https connections available (please refer to Managing certificates for more information):
    • domaincert.pem
    • domainkey.pem
    • cacert.pem

Externalizing Redis

It is mandatory for Kiuwan On-Premises to work with your Redis installation that it complies with these characteristics:

  • Redis version must be equal or higher than 5.0.4.
  • Redis must be configured as a cluster.
  • Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).

In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.

In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the "redis.[cache|store].nodes" properties.

All the needed configuration is located in the main configuration file:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

The following table shows the properties to configure (note that you should set exactly the same configuration for both "cache" and "store" Redis configurations):

PropertyMeaningExample
redis.[cache|store].nodesComma separated list of host and port for each Redis nodern1.mydomain.com:6379,rn2.mydomain.com:6379,rn3.mydomain.com:6379,rn4.mydomain.com:6379,rn5.mydomain.com:6379,rn6.mydomain.com:6379
redis.[cache|store].timeoutConnection timeout in milliseconds2000
redis.[cache|store].password Password to use when connecting to a node (leave empty if you have set no password access) 
 redis.[cache|store].clientNameName of the client connection (defaults to empty) 

Externalizing MySQL

When externalizing MySQL note that your MySQL installation should comply with these characteristics:

  • MySQL version 5.7
  • Maximum number of connections: 130 per Kiuwan On-Premises instance.

Step 1: create Kiuwan On-Premises schemas

You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:

Code Block
languagesql
create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci;

Step 2: create Kiuwan On-Premises user

You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:

Code Block
languagesql
create user '[USER]'@'%' identified by '[PASSWORD]';
grant all privileges on `opt_%`.* to '[USER]'@'%' identified by '[PASSWORD]';
flush privileges;

Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.

Step 3: configure your installation

The following table shows the properties to configure for Kiuwan On-Premises to connect to your own MySQL instance:

PropertyMeaningExample
mysql.hostYour MySQL installation hostmysqlkiuwan
mysql.portThe connection port to access your MySQL installation3306
mysql.usernameThe user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step)csaas
mysql.passwordThe user's password (should match the one provided in the previous step) 

Using Amazon S3 as file repository

Kiuwan On-Premises uses these shared file repositories to store analysis related data:

  • kiuwanCentralRepository: stores analysis results files.
  • kiuwanSourceCodeRepository: stores source code.
  • kiuwanCustomConfigRepository: stores centralized analysis configuration files.

These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.

To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

  • centralFileRepository.type=s3
  • sourceCodeFileRepository.type=s3
  • customConfigFileRepository.type=s3

The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:

PropertyMeaningExample

s3.privateBucket.bucketName

Your AWS S3 bucket names3mycompany-us
s3.privateBucket.subDirectoryNameYour AWS S3 subdirectory name under the configured bucketmydirectory
s3.privateBucket.accessKeyIdAWS access key for your bucketBS3BX35Z27UAQCEACTPQ
s3.privateBucket.secretKeyIdAWS secret key for your bucketAasdfjklwe1234123lkjfasc21ssACasfEq124Da
s3.dir.centralFileRepositoryThe main key prefix that will be used to keep the central file repository entrieskiuwanCentralWorkingDirectory/analysisData
s3.dir.sourceCodeFileRepositoryThe main key prefix that will be used to keep the source code file repository entrieskiuwanCentralWorkingDirectory/analyzedSourceCode
s3.dir.customConfigFileRepositoryThe main key prefix that will be used to keep the custom config file repository entrieskiuwanCentralWorkingDirectory/customConfig

Configuration options reference

All configuration properties you can modify are located in this file, located inside your config-shared volume:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):

...

Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2

The same pattern would apply to the different kiuwan containers.

...

Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value.

...

Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values.

...

These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation.

...

No proxy connection will be used when connecting to these comma separated list of hosts.

...

Email server access configuration. It is mandatory that all kiuwan instances can access the specified host and port.

...

Email server authentication enable flag. Set to false if your email server does not use a SMTP username/password authentication method.

...

The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections.

...

The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls.

...

Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.

...

Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.

...

Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored.

...

Use the secure attribute of the session cookie. Set this field to true only if you plan accessing your Kiuwan On-Premises installation through https.

...


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Look for the "kiuwan.protocol" property and set its value to either "https" or "http". For example, if you want to access Kiuwan On-Premises through https:

Code Block
languagejava
kiuwan.protocol=https

Note that "https" and "http" are the only two allowed options here, as you only can access Kiuwan On-Premises from a web browser through one of these protocols.

Step 4: Restart your servers

In case you have made modifications to the provided Apache load balancer, you should restart the server:

Code Block
languagebash
cd [INSTALLER_DIR]/docker
sudo ./stop-infrastructure.sh apacheloadbalancer
sudo ./start-infrastructure.sh apacheloadbalancer


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

If you are using your front-end server, please restart to apply the changes.

In case you have made modifications to the globalConfig.properties file, you should restart the Kiuwan servers:

Code Block
languagebash
cd [INSTALLER_DIR]
sudo ./stop-kiuwan.sh
sudo ./start-kiuwan.sh


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Modifying exposed ports

Kiuwan On-Premises installation supports changing which ports will be exposed to the outside of the Docker network by any of these services:

  • Apache load balancer.
  • Kiuwan front instances.
  • MySQL database.

Note that the port used by the provided containers inside the Kiuwan Docker Network (172.172.0.0/16) is fixed and cannot be changed. Only the exposed ports are configurable. The following table shows which ports are used by each container inside the Docker network and how they are mapped to the outside by default:

Container nameInternal ports (cannot be changed)Exposed ports (configurable)Protocol
apacheloadbalancer80, 44380, 443HTTPS or HTTP
wildflykiuwan-f[n]84438[n]43HTTPS, HTTP or AJP
wildflykiuwan-a[n]NoneNoneNone
wildflykiuwan-s[n]NoneNoneNone
mysqlkiuwan33063306MySQL protocol

Note that containers can only be accessed from outside its host when at least one port is exposed. These considerations should be taken into account as well:

  • If you are accessing any container through HTTPS and you change the provided ports you should update your certificates in order to modify the provided SANs (Subject Alternative Names). Please refer to Managing certificates page for more information.
  • On single hosts installations where the provided front-end server (apacheloadbalancer) or the provided MySQL (mysqlkiuwan) are not externalized, changing Kiuwan front instances ports or MySQL port is not usually needed unless there are port conflicts on your host. As we recommend using a dedicated host for Kiuwan On-Premises installations, this should not be the case in most installations. By default, the provided Apache access Kiuwan front instances through port 8443 and Kiuwan access MySQL through port 3306, as they belong to the same Docker network.
  • When using an externalized front-end server, it may be needed to change the Kiuwan front instances ports if your company has strict traffic guidelines or you just prefer using ports that you are more comfortable with.
  • In case you are using your MySQL server, Kiuwan should be instructed to use the port in which your MySQL server is listening to.
  • In case you are using the provided MySQL container on a different host and you want to modify the exposed port by the container you must change both the MySQL exposed port and the port used by Kiuwan to communicate with MySQL. Both ports must match.
Note
When modifying the front-end server, Kiuwan front instances or MySQL ports, you should always update how Kiuwan connects to each service. Please refer to Setting which ports Kiuwan should use for more details.


Warning

You must restart the needed servers when ports have been reconfigured.

In case you have made modifications to the provided Apache load balancer, you should restart the server:

Code Block
languagebash
cd [INSTALLER_DIR]/docker
sudo ./stop-infrastructure.sh apacheloadbalancer
sudo ./start-infrastructure.sh apacheloadbalancer


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

If you are using your own front-end server, please restart it to apply the changes.

In case you have made modifications that affect Kiuwan, you should restart the Kiuwan servers:

Code Block
languagebash
cd [INSTALLER_DIR]
sudo ./stop-kiuwan.sh
sudo ./start-kiuwan.sh


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode


Modifying exposed ports in Apache load balancer

When using the provided Apache load balancer, the following properties found in the globalConfig.properties main configuration file will set the exposed ports:

  • kiuwan.port.apache.http: sets the exposed port for HTTP.
  • kiuwan.port.apache.https: sets the exposed port for HTTPS.

Ports set must be different to avoid conflicts. Note that the provided Apache container will expose both ports to listen HTTPS and HTTP traffic, but you can unset any of them by modifying the provided configuration file.

Step 1: Modify globalConfig.properties file

In case you modify the default ports, you must change the httpd.conf file located under [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf folder.

Locate the properties shown above and set them to the ports that you want to expose (default configuration is shown below):

Code Block
languagebash
kiuwan.port.apache.http=80
kiuwan.port.apache.https=443

Image Added

Step 2: Modify httpd.conf file

First, locate the ports Apache will listen to and set your selected ports. Default configuration is shown below (ports 80 and 443):

Code Block
languagebash
Listen 80
Listen 443

Image Added

Second, locate the default virtual host entry and change the assigned port. Default configuration is shown below (port 443):

Code Block
languagebash
<VirtualHost *:443>

Image Added

Open browser and visit https://localhost/saas/web/dashboard/dashboard

Image Added

Modifying exposed ports in Kiuwan front instances

To change the exposed port of a Kiuwan front instance, edit the main configuration file (globalConfig.properties):

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Locate the following properties (default values are shown):

Code Block
languagebash
kiuwan.port.front1=8143
kiuwan.port.front2=8243
kiuwan.port.front3=8343
kiuwan.port.front4=8443
kiuwan.port.front5=8543
kiuwan.port.front6=8643
kiuwan.port.front7=8743
kiuwan.port.front8=8843

By default, only one front instance will be started, but it is recommended to change all available instances just in case you need to add front instances in the future.

Note that the previous properties set the ports that will be exposed outside Kiuwan Docker network. Changing these ports is only recommended when externalizing the Apache load balancer service, as the internal port (8443) will be used when this service is inside the Docker network.

Modifying exposed ports in MySQL

To change the exposed port of the provided MySQL service, edit the main configuration file (globalConfig.properties):

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Locate the following property (default value is shown):

Code Block
languagebash
kiuwan.port.mysql=3306

Note that the previous property sets the port that will be exposed outside Kiuwan Docker network. Changing these ports is only recommended when externalizing the MySQL service, as the internal port (3306) will be used when this service is inside the Docker network.

Setting which ports Kiuwan should use

Kiuwan instances must know which ports you are exposing both in:

  • The provided apache load balancer or your front-end server.
  • The provided MySQL database or your MySQL instance.

As both services can be externalized, there are two additional properties to configure these ports (found in the main configuration file [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

  • kiuwan.port: the port that will be used when generating dynamic URLs from Kiuwan. This port must match the one exposed by the front-end server.
  • mysql.port: the port that will be used by Kiuwan to connect to the MySQL host. This port must match the one exposed by the MySQL server.

Configuration examples

Example 1

The following table shows how to set the values in globalConfig.properties file for installation where:

  • All Kiuwan containers are deployed in the same host (single host installation).
  • Apache load balancer externalized. The Apache server listens to port 444.
  • Apache will access Kiuwan On-Premises front servers through port 8009. If new front instances are added, the next port will be used for the new instance.
  • MySQL has been externalized and is accessible though port 3344.
Property keyValue
kiuwan.port444
mysql.port3344
kiuwan.port.front18009
kiuwan.port.front28010
kiuwan.port.front[n]8009 + (n - 1)
kiuwan.port.apache.httpDoes not apply, service externalized
kiuwan.port.apache.httpsDoes not apply, service externalized
kiuwan.port.mysqlDoes not apply, service externalized

The front-end server must use ports 8009, 8010, etc. to access Kiuwan front servers.

Example 2

The following table shows how to set the values in globalConfig.properties file for installation where:

  • All Kiuwan containers are deployed in the same host (single host installation).
  • Apache load balancer is NOT externalized and will listen to port 80 for HTTP and port 443 for HTTPS.
  • Kiuwan On-Premises front servers should be accessible from the outside through port 8080. If new front instances are added, the next port will be used for the new instance.
  • MySQL has NOT been externalized and will be accessible through port 3406 for direct external connections to the database.
Property keyValue
kiuwan.port443
mysql.port3306
kiuwan.port.front18080
kiuwan.port.front28081
kiuwan.port.front[n]8080 + (n - 1)
kiuwan.port.apache.http80
kiuwan.port.apache.https443
kiuwan.port.mysql3406

The front-end server must use port 8443 to access Kiuwan front servers, as it belongs to the same Docker network, but a user will be able to access these front servers through ports 8080, 8081, etc. from outside the Kiuwan On-Premises host.

Configure a password in Redis

Info

This configuration is available from version 2.8.2010.1 of Kiuwan on-premise

The default configuration of Kiuwan does not set any password in Redis. 

To configure a password in Redis and configure Kiuwan to connect to Redis using a password, follow these steps:

 If you are installing Kiuwan for the first time, make sure that you have completed at least the “Step 6: initialize your volumes” described in Kiuwan On-Premises Distributed Installation Guide before continuing.

Step 1: Stop Kiuwan

If you are installing Kiuwan for the first time in your instance, skip this step.

If you are modifying the configuration of an existing Kiuwan installation stop executing it:

Code Block
languagebash
cd [INSTALLER_DIR]
sudo ./stop-kiuwan.sh
sudo ./start-kiuwan.sh


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Step 2: Edit the global configuration file

Using your preferred editor, open the default configuration file located in your config-shared volume. In the following example, the used editor is vim:

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Edit these properties and assign a password to be used on connecting to Redis, you should set the same value for both redis.cache and redis.store password:

  • redis.cache.password={YOUR_REDIS_PASSWORD}

  • redis.store.password={YOUR_REDIS_PASSWORD}

Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Step 3: Activate authentication in Redis

You should edit the Redis configuration files located in the following path:

Code Block
languagebash
sudo vim [VOLUMES_DIR]/config-shared/Redis/conf/redis[1-6].conf


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Add the following lines in each of them (6 files in total):

Code Block
languagebash
requirepass {YOUR_REDIS_PASSWORD}
masterauth {YOUR_REDIS_PASSWORD}

If you have externalized the Redis installation, you should edit the equivalent configuration file to activate the authentication and restart the externalized Redis installation.

Step 4: Propagate the changes in Kiuwan

If you are installing Kiuwan for the first time in your instance, skip this step.

To propagate the changes in globalConfig.properties, execute the following commands:

Code Block
languagebash
cd [INSTALLER_DIR]/docker
sudo ./update.sh


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Step 5: Start kiuwan

All the required changes are completed. If you are installing Kiuwan for the first time make sure that you complete all the installation steps and start Kiuwan. 

If you are modifying an existing installation start Kiuwan and the setup is completed:

Code Block
languagebash
cd [INSTALLER_DIR]
sudo ./start-all.sh


Note

Do not use sudo if kiuwan is installed in unprivileged (rootless) mode

Externalizing services

Kiuwan On-Premises uses three main services under its infrastructure's hood:

  • Apache - used as a load balancer when multiple Kiuwan frontal instances are running.
  • Redis - an in-memory cache to speed up response times.
  • MySQL - Kiuwan's main database.

If you want to use your services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.

Configuring services to externalize

First of all, you will need to edit the main configuration file and mark which services you want to externalize:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

This table shows the properties you should modify when externalizing each service:

ServicePropertyDefault value
Apachekiuwan.externalize.apacheloadbalancerfalse
Rediskiuwan.externalize.redis.[cache|storage]false
MySQLkiuwan.externalize.mysqlfalse

When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your services.

Externalizing Apache

When externalizing this service you should take into account that:

  • Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its hostname.
  • Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to  Changing exposed ports for more information.
  • In case you are accessing through https scheme, you should provide your frontal service the needed certificates to make https connections available (please refer to Managing certificates for more information):
    • domaincert.pem
    • domainkey.pem
    • cacert.pem

Modify globalConfig.properties and set kiuwan.externalize.apacheloadbalancer=true

Image Added

Refer to ModifyingexposedportsinKiuwanfrontinstances and modify the exposed ports in Kiuwan front instances.

Image Added

Offload load balancer through container, which is mapped to local port 80 and 443.

Open browser and visit https://localhost/saas/web/dashboard/dashboard 

Image Added

Externalizing Redis

Kiuwan On-Premises must work with your Redis installation that it complies with these characteristics:

  • Redis version must be equal or higher than 5.0.4.
  • Redis must be configured as a cluster.
  • Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).

In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.

In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the redis.[cache|store].nodes properties.

All the needed configuration is located in the main configuration file:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

The following table shows the properties to configure (note that you should set the same configuration for both "cache" and "store" Redis configurations):

PropertyMeaningExample
redis.[cache|store].nodesComma separated list of host and port for each Redis node

rn1.mydomain.com:6379, rn2.mydomain.com:6379, rn3.mydomain.com:6379, rn4.mydomain.com:6379, rn5.mydomain.com:6379, rn6.mydomain.com:6379

redis.[cache|store].timeoutConnection timeout in milliseconds2000
redis.[cache|store].password Password to use when connecting to a node (leave empty if you have set no password access)
 redis.[cache|store].clientNameName of the client connection (defaults to empty)

Externalizing MySQL

When externalizing MySQL note that your MySQL installation should comply with these characteristics:

  • MySQL version 5.7
  • The maximum number of connections: 130 per Kiuwan On-Premises instance.

Step 1: Create Kiuwan On-Premises schemas

You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:

Code Block
languagesql
create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci;
create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci;

To generate the required tables, run all the .sql scripts present in the directories:

/installation/resources/install-db and /installation/resources/install-db-data-core
Image Added

Step 2: Create Kiuwan On-Premises user

You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:

Code Block
languagesql
create user '[USER]'@'%' identified by '[PASSWORD]';
grant all privileges on `opt_%`.* to '[USER]'@'%' identified by
'[PASSWORD]';
flush privileges;

Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.

Step 3: Configure your installation

The following table shows the properties to configure for Kiuwan On-Premises to connect to your MySQL instance:

Property

Meaning

Example

mysql.host

Your MySQL installation host

localhost

mysql.port

The connection port to access your MySQL installation

3306

mysql.username

The user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step)

username

mysql.password

The user's password (should match the one provided in the previous step)

password

Image Added

Step 4: Set kiuwan.externalize.mysql=true in globalConfig.properties

Image Added

Open browser and visit  https://localhost/saas/web/dashboard/dashboard

Image Added

Using Amazon S3 as file repository

Kiuwan On-Premises uses these shared file repositories to store analysis related data:

  • kiuwanCentralRepository: stores analysis results files.
  • kiuwanSourceCodeRepository: stores source code.
  • kiuwanCustomConfigRepository: stores centralized analysis configuration files.

These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.

To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):

  • centralFileRepository.type=s3
  • sourceCodeFileRepository.type=s3
  • customConfigFileRepository.type=s3

The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:

PropertyMeaningExample

s3.privateBucket.bucketName

Your AWS S3 bucket names3mycompany-us
s3.privateBucket.subDirectoryNameYour AWS S3 subdirectory name under the configured bucketmydirectory
s3.privateBucket.accessKeyIdAWS access key for your bucketBS3BX35Z27UAQCEACTPQ
s3.privateBucket.secretKeyIdAWS secret key for your bucketAasdfjklwe1234123lkjfasc21ssACasfEq124Da
s3.dir.centralFileRepositoryThe main key prefix that will be used to keep the central file repository entrieskiuwanCentralWorkingDirectory/analysisData
s3.dir.sourceCodeFileRepositoryThe main key prefix that will be used to keep the source code file repository entrieskiuwanCentralWorkingDirectory/analyzedSourceCode
s3.dir.customConfigFileRepositoryThe main key prefix that will be used to keep the custom config file repository entrieskiuwanCentralWorkingDirectory/customConfig

Automatic data purge

To keep used disk space under control, Kiuwan On-Premises is capable of automatically purge unnecessary files and, optionally, old data that you may not need anymore.

By default, Kiuwan On-Premises purges:

  • Analyses that are not among the last 50 processed (for each application).
  • Analyses older than 5 years (1825 days).
  • Support files older than 6 months (180 days).

The previous thresholds can be configured through the following properties:

  • kiuwan.purge.analysis.lastAnalysesToKeep
  • kiuwan.purge.analysis.antiquity.days
  • kiuwan.purge.support.files.antiquity.days

In case you do not want to delete and purge any of your data, simply change the active flag to false in the following properties:

  • kiuwan.purge.analysis.data.active
  • kiuwan.purge.support.files.active

Also, turn off kiuwan.purge.analysis.files.active flag, but this is only recommended for troubleshooting purposes since you will deactivate a task that only purges temporary files that are not needed when using Kiuwan On-Premises.

All the configuration properties can be found inside the main configuration file:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Internally, Kiuwan On-Premises uses 5 scheduled tasks to implement file and data purge:

  • Soft-delete “old” analyses: performs a logical deletion of analyses that are considered “old”.
  • Purge soft-deleted analysis data: purges the data associated with soft-deleted analyses.
  • Purge “old” support files: purges “old” files that have been stored for support purposes.
  • Purge analysis shared files: purges files that belong to soft-deleted analyses (stored in the data-shared volume).
  • Purge analysis local temporary files: purges internal temporary data that belong to “old” analyses and is not needed anymore (locally stored on front and analyzer nodes).

The previous tasks are executed on a daily basis, following this timetable:

TaskExecution TimeExecution Node
Soft-delete “old” analyses3:00 AMScheduler
Purge soft-deleted analysis data5:00 AMScheduler
Purge “old” support files2:00 AMScheduler
Purge analysis shared files4:00 AMScheduler
Purge analysis local temporary files3:00 AMFront, Analyzer

Configuration options reference

All configuration properties you can modify are located in this file, located inside your config-shared volume:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):

PropertyDefault valueMeaning
Installer behavior
kiuwan.singlehost.nodes.frontwildflykiuwan-f1

Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2

The same pattern would apply to the different kiuwan containers.

kiuwan.singlehost.nodes.analyzerswildflykiuwan-a1
kiuwan.singlehost.nodes.schedulerswildflykiuwan-s1
kiuwan.clients.updatetrueUpdate clients when update.sh is executed. Set to false if you need to run the update process without updating clients (in case there are any new available), propagate changes in this configuration file while not updating clients or run the update process when no connection to static.kiuwan.com is available.
Kiuwan connection
kiuwan.protocolhttpsKiuwan default access protocol
kiuwan.domainkiuwan.onpremise.localKiuwan default domain
kiuwan.port443Kiuwan default access port
kiuwan.nodes.access.protocolhttps

Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value.

kiuwan.proxy.autoconfigtrue

Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values.

Kiuwan instances alternative proxy

These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation.

kiuwan.http.proxyHost
Proxy to use from Kiuwan instances when making http connections.


kiuwan.http.proxyPort
kiuwan.http.proxyUser
kiuwan.http.proxyPassword
kiuwan.https.proxyHost
Proxy to use from Kiuwan instances when making https connections.
kiuwan.https.proxyPort
kiuwan.https.proxyUser
kiuwan.https.proxyPassword
kiuwan.http.nonProxyHosts

No proxy connection will be used when connecting to these comma-separated list of hosts.

Kiuwan instances shared configuration
kiuwan.mail.hostmail.kiuwan.local

Email server access configuration. It is mandatory that all Kiuwan instances can access the specified host and port.

kiuwan.mail.port25
kiuwan.mail.authenticationtrue

Email server authentication enables flag. Set to false if your email server does not use a SMTP username/password authentication method.

kiuwan.mail.usernameadmin.kiuwanEmail server username.
kiuwan.mail.password
Email server password.
kiuwan.mail.fromadmin.kiuwan@mail.kiuwan.localThe email account that will be used in the "from" field when composing emails. This field is mandatory, do not leave blank.
kiuwan.mail.secure.layerssl

The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections.

kiuwan.mail.secure.layer.valuetrue

The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls.

kiuwan.default.mail.accountadmin.kiuwan@mail.kiuwan.localMail account that will be assigned to the default Kiuwan account.
timezoneEurope/MadridKiuwan servers timezone. Please refer to Supported timezones page for a complete list of supported time zones.
java.keystore.password

Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your certificates.

java.truststore.password

Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates.

kiuwan.purge.analysis.files.activetrue

When the value is set to true, the following tasks are executed daily:

  • Purge analysis shared files, which are related to analyses that have been soft-deleted, are completely removed. This task runs on scheduler nodes.
  • Purge analysis local temporary files, which are considered old files (see kiuwan.purge.analysis.files.antiquity.days), are deleted. This task runs on both, front and analyzer nodes.
kiuwan.purge.analysis.files.antiquity.days3The value refers to the number of days since the last modification date of a local temporary file to be considered "old".
Kiuwan file repositories
centralFileRepository.typefilesystemCentral file repository storage type [filesystem|s3].
sourceCodeFileRepository.typefilesystemSource code repository storage type [filesystem|s3].
customConfigFileRepository.typefilesystemCustom config repository storage type [filesystem|s3].
s3.privateBucket.bucketName
S3 bucket name (only applies when using AWS S3 type repositories).
s3.privateBucket.subDirectoryName
S3 subdirectory name (only applies when using AWS S3 type repositories).
s3.privateBucket.accessKeyId
Access key id (only applies when using AWS S3 type repositories).
s3.privateBucket.secretKeyId
Secret key id (only applies when using AWS S3 type repositories).
s3.dir.centralFileRepository
Central file repository directory (only applies when using AWS S3 type repositories).
s3.dir.sourceCodeFileRepository
Source code file repository directory (only applies when using AWS S3 type repositories).
s3.dir.customConfigFileRepository
Centralized configuration file repository directory (only applies when using AWS S3 type repositories).
Kiuwan front instances
kiuwan.port.front[n]8[n]43

Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored.

kiuwan.nodes.front.max.memory2048mMax memory to set to front instances
session.timeout3600Time a session can be inactive before close it (in seconds)
session.securefalse

Use the secure attribute of the session cookie. Set this field to true only if you plan to access your Kiuwan On-Premises installation through https.

session.httponlyfalseUse the httponly attribute of the session cookie.
Kiuwan analyzer instances
kiuwan.nodes.analyzers.max.memory4096mMax memory to set to analyzer instances.
queues.reportsGeneratedQueueSize2Number of slots enabled for analysis processing.
Kiuwan scheduler instances
kiuwan.nodes.schedulers.max.memory2048mMax memory to set to front instances.
kiuwan.purge.analysis.data.activetrue

When this value is set to true, the following tasks executes daily:

  • Soft-delete "old" analyses, which satisfyes both kiuwan.purge.analysis.antiquity.days and kiuwan.purge.analysis.lastAnalysesToKeep conditions are soft-deleted.
  • Purge soft-deleted analysis data, the database entries related to analyses that have been soft-deleted, are purged.

    Note

    The purged data is unrecoverable, make sure you keep your backups up to date when activating this task.


 kiuwan.purge.analysis.antiquity.days

1825

The value refers to the number of days since the creation timestamp of a baseline analysis to be considered "old". If Soft-delete "old" analyses task is active, the analyses older than the specified number of days are automatically soft-deleted.

kiuwan.purge.analysis.lastAnalysesToKeep

50

The value refers to the number of baseline analyses to keep per application. This takes precedence over "old" analyses, meaning that even when the soft-delete "old" analyses task is active and a baseline analysis is considered "old", this minimum number of baseline analyses is kept per application.

kiuwan.purge.support.files.activetrueWhen this value is set to true, purge "old" support files task are executed daily. This task automatically purges "old" files (see kiuwan.purge.support.files.antiquity.days) that are downloaded when asking Kiuwan to retrieve support data.
kiuwan.purge.support.files.antiquity.days180The value refers to the number of days since the last modification of a support file to be considered old. When the purge "old" support files task is active, the support files older than the specified days are automatically removed

...

.
Apache load balancer
kiuwan.port.apache.http80

Ports that will be exposed by the Apache load balancer container. When using the provided load balancer, the specified "kiuwan.port.apache.https" (or "kiuwan.port.apache.http" when disabling https support) must match the value set to "kiuwan.port field". When externalizing this service, their values have no effect.

kiuwan.port.apache.https443
MySQL
kiuwan.port.mysql3306

Port that will be exposed by the MySQL container. When using the provided MySQL, its value must match the one specified in "mysql.port" field. When externalizing this service, its value has no effect.

mysql.hostmysqlkiuwan

MySQL connection settings. Note that this must be aligned with the configured MySQL port or your external MySQL service in case you are externalizing MySQL.

mysql.port3306
mysql.usernamecsaas

MySQL connection authentication settings. Note that a MySQL user with the specified credentials will be automatically created when installing from scratch if you are running the provided MySQL service. In case you want to change the user accessing Kiuwan's schemas after the installation is completed, you must manually create the user both in the provided MySQL or an externalized one.

mysql.password

...


mysql.config.useSSLfalseEnable or disable the use of encryption when connecting to MySQL
mysql.config.requireSSLfalseForce the use of encryption when connecting to MySQL
mysql.config.verifyServerCertificatefalseForce the validation of the certificate served MySQL
Redis Cluster cache and store
redis.[cache|store].nodesredis_0000[1-6]:6379Redis nodes hosts (use the provided single host name when using elasticache)
redis.[cache|store].timeout2000Redis connection timeout
redis.[cache|store].password

...


Redis password
redis.[cache|store].clientName

...


Redis client name

Supported timezones reference

The following table shows the available timezones that can be set to the Kiuwan On-Premises server when editing the main configuration file located in:

  • [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties

Note that you can set only one of these values to the timezone property found in the previous file:

Time zoneGMT offset
Africa/Abidjan0
Africa/Accra0
Africa/Addis_Ababa3
Africa/Algiers1
Africa/Asmara3
Africa/Asmera3
Africa/Bamako0
Africa/Bangui1
Africa/Banjul0
Africa/Bissau0
Africa/Blantyre2
Africa/Brazzaville1
Africa/Bujumbura2
Africa/Cairo2
Africa/Casablanca0
Africa/Ceuta1
Africa/Conakry0
Africa/Dakar0
Africa/Dar_es_Salaam3
Africa/Djibouti3
Africa/Douala1
Africa/El_Aaiun0
Africa/Freetown0
Africa/Gaborone2
Africa/Harare2
Africa/Johannesburg2
Africa/Juba3
Africa/Kampala3
Africa/Khartoum2
Africa/Kigali2
Africa/Kinshasa1
Africa/Lagos1
Africa/Libreville1
Africa/Lome0
Africa/Luanda1
Africa/Lubumbashi2
Africa/Lusaka2
Africa/Malabo1
Africa/Maputo2
Africa/Maseru2
Africa/Mbabane2
Africa/Mogadishu3
Africa/Monrovia0
Africa/Nairobi3
Africa/Ndjamena1
Africa/Niamey1
Africa/Nouakchott0
Africa/Ouagadougou0
Africa/Porto-Novo1
Africa/Sao_Tome0
Africa/Timbuktu0
Africa/Tripoli2
Africa/Tunis1
Africa/Windhoek2
America/Adak-10
America/Anchorage-9
America/Anguilla-4
America/Antigua-4
America/Araguaina-3
America/Argentina/Buenos_Aires-3
America/Argentina/Catamarca-3
America/Argentina/ComodRivadavia-3
America/Argentina/Cordoba-3
America/Argentina/Jujuy-3
America/Argentina/La_Rioja-3
America/Argentina/Mendoza-3
America/Argentina/Rio_Gallegos-3
America/Argentina/Salta-3
America/Argentina/San_Juan-3
America/Argentina/San_Luis-3
America/Argentina/Tucuman-3
America/Argentina/Ushuaia-3
America/Aruba-4
America/Asuncion-4
America/Atikokan-5
America/Atka-10
America/Bahia-3
America/Bahia_Banderas-6
America/Barbados-4
America/Belem-3
America/Belize-6
America/Blanc-Sablon-4
America/Boa_Vista-4
America/Bogota-5
America/Boise-7
America/Buenos_Aires-3
America/Cambridge_Bay-7
America/Campo_Grande-4
America/Cancun-5
America/Caracas-4
America/Catamarca-3
America/Cayenne-3
America/Cayman-5
America/Chicago-6
America/Chihuahua-7
America/Coral_Harbour-5
America/Cordoba-3
America/Costa_Rica-6
America/Creston-7
America/Cuiaba-4
America/Curacao-4
America/Danmarkshavn0
America/Dawson-8
America/Dawson_Creek-7
America/Denver-7
America/Detroit-5
America/Dominica-4
America/Edmonton-7
America/Eirunepe-5
America/El_Salvador-6
America/Ensenada-8
America/Fort_Nelson-7
America/Fort_Wayne-5
America/Fortaleza-3
America/Glace_Bay-4
America/Godthab-3
America/Goose_Bay-4
America/Grand_Turk-5
America/Grenada-4
America/Guadeloupe-4
America/Guatemala-6
America/Guayaquil-5
America/Guyana-4
America/Halifax-4
America/Havana-5
America/Hermosillo-7
America/Indiana/Indianapolis-5
America/Indiana/Knox-6
America/Indiana/Marengo-5
America/Indiana/Petersburg-5
America/Indiana/Tell_City-6
America/Indiana/Vevay-5
America/Indiana/Vincennes-5
America/Indiana/Winamac-5
America/Indianapolis-5
America/Inuvik-7
America/Iqaluit-5
America/Jamaica-5
America/Jujuy-3
America/Juneau-9
America/Kentucky/Louisville-5
America/Kentucky/Monticello-5
America/Knox_IN-6
America/Kralendijk-4
America/La_Paz-4
America/Lima-5
America/Los_Angeles-8
America/Louisville-5
America/Lower_Princes-4
America/Maceio-3
America/Managua-6
America/Manaus-4
America/Marigot-4
America/Martinique-4
America/Matamoros-6
America/Mazatlan-7
America/Mendoza-3
America/Menominee-6
America/Merida-6
America/Metlakatla-9
America/Mexico_City-6
America/Miquelon-3
America/Moncton-4
America/Monterrey-6
America/Montevideo-3
America/Montreal-5
America/Montserrat-4
America/Nassau-5
America/New_York-5
America/Nipigon-5
America/Nome-9
America/Noronha-2
America/North_Dakota/Beulah-6
America/North_Dakota/Center-6
America/North_Dakota/New_Salem-6
America/Ojinaga-7
America/Panama-5
America/Pangnirtung-5
America/Paramaribo-3
America/Phoenix-7
America/Port-au-Prince-5
America/Port_of_Spain-4
America/Porto_Acre-5
America/Porto_Velho-4
America/Puerto_Rico-4
America/Punta_Arenas-3
America/Rainy_River-6
America/Rankin_Inlet-6
America/Recife-3
America/Regina-6
America/Resolute-6
America/Rio_Branco-5
America/Rosario-3
America/Santa_Isabel-8
America/Santarem-3
America/Santiago-4
America/Santo_Domingo-4
America/Sao_Paulo-3
America/Scoresbysund-1
America/Shiprock-7
America/Sitka-9
America/St_Barthelemy-4
America/St_Johns-3
America/St_Kitts-4
America/St_Lucia-4
America/St_Thomas-4
America/St_Vincent-4
America/Swift_Current-6
America/Tegucigalpa-6
America/Thule-4
America/Thunder_Bay-5
America/Tijuana-8
America/Toronto-5
America/Tortola-4
America/Vancouver-8
America/Virgin-4
America/Whitehorse-8
America/Winnipeg-6
America/Yakutat-9
America/Yellowknife-7
Antarctica/Casey8
Antarctica/Davis7
Antarctica/DumontDUrville10
Antarctica/Macquarie11
Antarctica/Mawson5
Antarctica/McMurdo12
Antarctica/Palmer-3
Antarctica/Rothera-3
Antarctica/South_Pole12
Antarctica/Syowa3
Antarctica/Troll0
Antarctica/Vostok6
Arctic/Longyearbyen1
Asia/Aden3
Asia/Almaty6
Asia/Amman2
Asia/Anadyr12
Asia/Aqtau5
Asia/Aqtobe5
Asia/Ashgabat5
Asia/Ashkhabad5
Asia/Atyrau5
Asia/Baghdad3
Asia/Bahrain3
Asia/Baku4
Asia/Bangkok7
Asia/Barnaul7
Asia/Beirut2
Asia/Bishkek6
Asia/Brunei8
Asia/Calcutta5
Asia/Chita9
Asia/Choibalsan8
Asia/Chongqing8
Asia/Chungking8
Asia/Colombo5
Asia/Dacca6
Asia/Damascus2
Asia/Dhaka6
Asia/Dili9
Asia/Dubai4
Asia/Dushanbe5
Asia/Famagusta2
Asia/Gaza2
Asia/Harbin8
Asia/Hebron2
Asia/Ho_Chi_Minh7
Asia/Hong_Kong8
Asia/Hovd7
Asia/Irkutsk8
Asia/Istanbul3
Asia/Jakarta7
Asia/Jayapura9
Asia/Jerusalem2
Asia/Kabul4
Asia/Kamchatka12
Asia/Karachi5
Asia/Kashgar6
Asia/Kathmandu5
Asia/Katmandu5
Asia/Khandyga9
Asia/Kolkata5
Asia/Krasnoyarsk7
Asia/Kuala_Lumpur8
Asia/Kuching8
Asia/Kuwait3
Asia/Macao8
Asia/Macau8
Asia/Magadan11
Asia/Makassar8
Asia/Manila8
Asia/Muscat4
Asia/Nicosia2
Asia/Novokuznetsk7
Asia/Novosibirsk7
Asia/Omsk6
Asia/Oral5
Asia/Phnom_Penh7
Asia/Pontianak7
Asia/Pyongyang9
Asia/Qatar3
Asia/Qostanay6
Asia/Qyzylorda5
Asia/Rangoon6
Asia/Riyadh3
Asia/Saigon7
Asia/Sakhalin11
Asia/Samarkand5
Asia/Seoul9
Asia/Shanghai8
Asia/Singapore8
Asia/Srednekolymsk11
Asia/Taipei8
Asia/Tashkent5
Asia/Tbilisi4
Asia/Tehran3
Asia/Tel_Aviv2
Asia/Thimbu6
Asia/Thimphu6
Asia/Tokyo9
Asia/Tomsk7
Asia/Ujung_Pandang8
Asia/Ulaanbaatar8
Asia/Ulan_Bator8
Asia/Urumqi6
Asia/Ust-Nera10
Asia/Vientiane7
Asia/Vladivostok10
Asia/Yakutsk9
Asia/Yangon6
Asia/Yekaterinburg5
Asia/Yerevan4
Atlantic/Azores-1
Atlantic/Bermuda-4
Atlantic/Canary0
Atlantic/Cape_Verde-1
Atlantic/Faeroe0
Atlantic/Faroe0
Atlantic/Jan_Mayen1
Atlantic/Madeira0
Atlantic/Reykjavik0
Atlantic/South_Georgia-2
Atlantic/St_Helena0
Atlantic/Stanley-3
Australia/ACT10
Australia/Adelaide9
Australia/Brisbane10
Australia/Broken_Hill9
Australia/Canberra10
Australia/Currie10
Australia/Darwin9
Australia/Eucla8
Australia/Hobart10
Australia/LHI10
Australia/Lindeman10
Australia/Lord_Howe10
Australia/Melbourne10
Australia/NSW10
Australia/North9
Australia/Perth8
Australia/Queensland10
Australia/South9
Australia/Sydney10
Australia/Tasmania10
Australia/Victoria10
Australia/West8
Australia/Yancowinna9
Brazil/Acre-5
Brazil/DeNoronha-2
Brazil/East-3
Brazil/West-4
CET1
CST6CDT-6
Canada/Atlantic-4
Canada/Central-6
Canada/Eastern-5
Canada/Mountain-7
Canada/Newfoundland-3
Canada/Pacific-8
Canada/Saskatchewan-6
Canada/Yukon-8
Chile/Continental-4
Chile/EasterIsland-6
Cuba-5
EET2
EST5EDT-5
Egypt2
Eire0
Etc/GMT0
Etc/GMT+00
Etc/GMT+1-1
Etc/GMT+10-10
Etc/GMT+11-11
Etc/GMT+12-12
Etc/GMT+2-2
Etc/GMT+3-3
Etc/GMT+4-4
Etc/GMT+5-5
Etc/GMT+6-6
Etc/GMT+7-7
Etc/GMT+8-8
Etc/GMT+9-9
Etc/GMT-00
Etc/GMT-11
Etc/GMT-1010
Etc/GMT-1111
Etc/GMT-1212
Etc/GMT-1313
Etc/GMT-1414
Etc/GMT-22
Etc/GMT-33
Etc/GMT-44
Etc/GMT-55
Etc/GMT-66
Etc/GMT-77
Etc/GMT-88
Etc/GMT-99
Etc/GMT00
Etc/Greenwich0
Etc/UCT0
Etc/UTC0
Etc/Universal0
Etc/Zulu0
Europe/Amsterdam1
Europe/Andorra1
Europe/Astrakhan4
Europe/Athens2
Europe/Belfast0
Europe/Belgrade1
Europe/Berlin1
Europe/Bratislava1
Europe/Brussels1
Europe/Bucharest2
Europe/Budapest1
Europe/Busingen1
Europe/Chisinau2
Europe/Copenhagen1
Europe/Dublin0
Europe/Gibraltar1
Europe/Guernsey0
Europe/Helsinki2
Europe/Isle_of_Man0
Europe/Istanbul3
Europe/Jersey0
Europe/Kaliningrad2
Europe/Kiev2
Europe/Kirov3
Europe/Lisbon0
Europe/Ljubljana1
Europe/London0
Europe/Luxembourg1
Europe/Madrid1
Europe/Malta1
Europe/Mariehamn2
Europe/Minsk3
Europe/Monaco1
Europe/Moscow3
Europe/Nicosia2
Europe/Oslo1
Europe/Paris1
Europe/Podgorica1
Europe/Prague1
Europe/Riga2
Europe/Rome1
Europe/Samara4
Europe/San_Marino1
Europe/Sarajevo1
Europe/Saratov4
Europe/Simferopol3
Europe/Skopje1
Europe/Sofia2
Europe/Stockholm1
Europe/Tallinn2
Europe/Tirane1
Europe/Tiraspol2
Europe/Ulyanovsk4
Europe/Uzhgorod2
Europe/Vaduz1
Europe/Vatican1
Europe/Vienna1
Europe/Vilnius2
Europe/Volgograd4
Europe/Warsaw1
Europe/Zagreb1
Europe/Zaporozhye2
Europe/Zurich1
GB0
GB-Eire0
GMT0
GMT00
Greenwich0
Hongkong8
Iceland0
Indian/Antananarivo3
Indian/Chagos6
Indian/Christmas7
Indian/Cocos6
Indian/Comoro3
Indian/Kerguelen5
Indian/Mahe4
Indian/Maldives5
Indian/Mauritius4
Indian/Mayotte3
Indian/Reunion4
Iran3
Israel2
Jamaica-5
Japan9
Kwajalein12
Libya2
MET1
MST7MDT-7
Mexico/BajaNorte-8
Mexico/BajaSur-7
Mexico/General-6
NZ12
NZ-CHAT12
Navajo-7
PRC8
PST8PDT-8
Pacific/Apia13
Pacific/Auckland12
Pacific/Bougainville11
Pacific/Chatham12
Pacific/Chuuk10
Pacific/Easter-6
Pacific/Efate11
Pacific/Enderbury13
Pacific/Fakaofo13
Pacific/Fiji12
Pacific/Funafuti12
Pacific/Galapagos-6
Pacific/Gambier-9
Pacific/Guadalcanal11
Pacific/Guam10
Pacific/Honolulu-10
Pacific/Johnston-10
Pacific/Kiritimati14
Pacific/Kosrae11
Pacific/Kwajalein12
Pacific/Majuro12
Pacific/Marquesas-9
Pacific/Midway-11
Pacific/Nauru12
Pacific/Niue-11
Pacific/Norfolk11
Pacific/Noumea11
Pacific/Pago_Pago-11
Pacific/Palau9
Pacific/Pitcairn-8
Pacific/Pohnpei11
Pacific/Ponape11
Pacific/Port_Moresby10
Pacific/Rarotonga-10
Pacific/Saipan10
Pacific/Samoa-11
Pacific/Tahiti-10
Pacific/Tarawa12
Pacific/Tongatapu13
Pacific/Truk10
Pacific/Wake12
Pacific/Wallis12
Pacific/Yap10
Poland1
Portugal0
ROK9
Singapore8
SystemV/AST4-4
SystemV/AST4ADT-4
SystemV/CST6-6
SystemV/CST6CDT-6
SystemV/EST5-5
SystemV/EST5EDT-5
SystemV/HST10-10
SystemV/MST7-7
SystemV/MST7MDT-7
SystemV/PST8-8
SystemV/PST8PDT-8
SystemV/YST9-9
SystemV/YST9YDT-9
Turkey3
UCT0
US/Alaska-9
US/Aleutian-10
US/Arizona-7
US/Central-6
US/East-Indiana-5
US/Eastern-5
US/Hawaii-10
US/Indiana-Starke-6
US/Michigan-5
US/Mountain-7
US/Pacific-8
US/Pacific-New-8
US/Samoa-11
UTC0
Universal0
W-SU3
WET0
Zulu0

...