Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Table of Contents |
---|
This guide covers most of the advanced installation procedures that you may need to implement.
Modifying the default domain
The default configuration sets "kiuwan.onpremise.local" as the default domain to access Kiuwan On-Premises.
We encourage to change the default domain, but take into account that this means updating the provided certificates to keep your installation connections secure.
Step 1: edit the global configuration file
Using your preferred editor, open the default configuration file located in your config-shared volume:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Edit these properties (kiuwan.port is only needed if you want to use https under a different port than the default 443):
- kiuwan.domain
- kiuwan.port
Step 2: update load balancer configuration
Once you have selected your new domain and if you are using the provided Apache load balancer, you should edit the main Apache configuration file:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf |
Edit this line and change the default domain (kiuwan.onpremise.local) to your new domain:
Code Block |
---|
Define kiuwanDomain kiuwan.onpremise.local |
If you have externalized the provided Apache load balancer, you should edit the equivalent configuration file to set the new domain.
Step 3: generate new certificates
Please refer to the Managing certificates guide and follow the needed steps depending on your needs.
Once this is done, you should have these files under the [INSTALLER_DIR]/user-content/certs folder:
- cacert.pem
- domainkey.pem
- domaincert.pem
- domainkeystore.jks
- truststore.jks
Step 4: complete your installation
If you are performing a new Kiuwan On-Premises installation, please refer to the steps indicated in the following sections, depending on your installation needs:
If you have already installed Kiuwan On-Premises, you will need to stop your containers, update the deployed configuration and restart them. To do so, execute these commands:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR] sudo ./stop-all.sh cd [INSTALLER_DIR]/docker sudo ./update.sh cd [INSTALLER_DIR] sudo ./start-all.sh |
Step 5: update your DNS or hosts files
If you are modifying an existing Kiuwan On-Premises installation, you will need to update your DNS or hosts files.
Note that if you have generated new certificates signed by a different CA than the one that signed the previous ones, you should update your Kiuwan On-Premises clients certificates or truststores.
Please refer to Accessing your Kiuwan On-Premises installation for details on these topics.
Modifying access protocols
Kiuwan On-Premises installation supports configuring access protocols for:
- Apache load balancer: HTTPS (default protocol) or HTTP.
- Kiuwan front instances: HTTPS (default protocol), HTTP or AJP.
If you need to change the default access protocols, please take into account:
- Apache load balancer configuration must be manually modified, both when using the provided services or when externalizing it.
- Plaintext connections are not secure.
Step 1: configure Apache load balancer access protocol
In case you are using the provided Apache service for load balancing or your own Apache as a front-end server, you should manually configure how it accesses Kiuwan, by editing its configuration file. For the provided services you can edit the file like this:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf/httpd.conf |
Look for the balancer proxy definition (<Proxy "balancer://mycluster">) and make sure the used protocol matches your needs.
The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through AJP protocol:
Code Block | ||
---|---|---|
| ||
BalancerMember "ajp://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1 BalancerMember "ajp://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=TCP hcpasses=2 hcinterval=15 hcfails=1 |
The following example show the needed configuration for accessing two Kiuwan On-Premises front instances through HTTP protocol:
Code Block | ||
---|---|---|
| ||
BalancerMember "http://wildflykiuwan-f1:8443" route=kwf1 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=1 hcinterval=15 hcfails=2 BalancerMember "http://wildflykiuwan-f2:8443" route=kwf2 loadfactor=1 connectiontimeout=5 timeout=600 retry=60 hcmethod=GET hcexpr=ok200 hcuri=/saas/rest/health hcpasses=2 hcinterval=15 hcfails=1 |
Note that if you are not using a front-end server because you want to access directly to a single Kiuwan front instance, you will be forced to use either HTTPS or HTTP protocols in order to be able to access Kiuwan On-Premises from a web browser.
Step 2: configure Kiuwan front instances access protocol
Kiuwan On-Premises front instances expose a single port for communicating either by using HTTPS, HTTP or AJP protocols. To configure the protocol to use, edit the main configuration file located in your config-shared volume:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Look for the "kiuwan-nodes.access.protocol property and set its value to either "https", "http" or "ajp" depending on the protocol you wan to use. For example, to use the AJP protocol:
Code Block | ||
---|---|---|
| ||
kiuwan-nodes.access.protocol=ajp |
Note that this only sets how Kiuwan front servers are configured. You must configure how Kiuwan will generate access URLs for you by following the next step.
Step 3: configure client access protocol for URL generation
Kiuwan instances need to know how you are accessing your Kiuwan On-Premises intallation in order to correctly generate dynamic URLs. To configure this, edit the main configuration file, located in your config-shared volume:
Code Block | ||
---|---|---|
| ||
sudo vim [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties |
Look for the "kiuwan.protocol" property and set its value to either "https" or "http". For example, if you want to access Kiuwan On-Premises through https:
Code Block | ||
---|---|---|
| ||
kiuwan.protocol=https |
Note that "https" and "http" are the only two allowed options here, as you only can access Kiuwan On-Premises from a web browser through one of these protocols.
Step 4: restart your servers
In case you have made modifications to the provided Apache load balancer, you should restart the server:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR]/docker sudo ./stop-infrastructure.sh apacheloadbalancer sudo ./start-infrastructure.sh apacheloadbalancer |
If you are using your own front-end server, please restart it in order to apply the changes.
In case you have made modifications to the globalConfig.properties file, you should restart the Kiuwan servers:
Code Block | ||
---|---|---|
| ||
cd [INSTALLER_DIR] sudo ./stop-kiuwan.sh sudo ./start-kiuwan.sh |
Modifying exposed ports
Kiuwan On-Premises installation supports changing which ports will be exposed to the outside of the Docker network by any of these services:
- Apache load balancer.
- Kiuwan front instances.
- MySQL database.
Note that the port used by the provided containers inside the Kiuwan Docker Network (172.172.0.0/16) is fixed and cannot be changed. Only the exposed ports are configurable. The following table shows which ports are used by each container inside the Docker network and how they are mapped to the outside by default:
Container name | Internal ports (cannot be changed) | Exposed ports (configurable) | Protocol |
---|---|---|---|
apacheloadbalancer | 80, 443 | 80, 443 | HTTPS or HTTP |
wildflykiuwan-f[n] | 8443 | 8[n]43 | HTTPS, HTTP or AJP |
wildflykiuwan-a[n] | None | None | None |
wildflykiuwan-s[n] | None | None | None |
mysqlkiuwan | 3306 | 3306 | MySQL protocol |
Note that containers can only be accessed from outside its host when at least one port is exposed. These considerations should be taken into account as well:
- On single hosts installations where the provided front-end server (apacheloadbalancer) or the provided MySQL (mysqlkiuwan) are not externalized, changing Kiuwan front instances ports or MySQL port is not usually needed, unless there are port conflicts on your host. As we recommend using a dedicated host for Kiuwan On-Premises installations, this should not be the case in most installations. By default, the provided Apache access Kiuwan front instances through port 8443 and Kiuwan accesses MySQL through port 3306, as they belong to the same Docker network.
- When using an externalized front-end server, it may be needed to change the Kiuwan front instances ports if your company has strict traffic guidelines or you just prefer using ports that you are more comfortable with.
- In case you are using your own MySQL server, Kiuwan should be instructed to use the port in which your MySQL server is listening to.
- In case you are using the provided MySQL container on a different host and you want to modify the exposed port by the container you must change both the MySQL exposed port and the port used by Kiuwan to communicate with MySQL. Both ports must match.
Note |
---|
When modifying the front-end server, Kiuwan front instances or MySQL ports, you should always update how Kiuwan connects to each service. Please refer to Setting which ports Kiuwan should use for more details. |
Warning | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
You must restart the needed servers when ports have been reconfigured. In case you have made modifications to the provided Apache load balancer, you should restart the server:
If you are using your own front-end server, please restart it in order to apply the changes. In case you have made modifications that affect Kiuwan, you should restart the Kiuwan servers:
|
Modifying exposed ports in Apache load balancer
When using the provided Apache load balancer, the following properties found in the globalConfig.properties main configuration file will set the exposed ports:
- kiuwan.port.apache.http: sets the exposed port for HTTP.
- kiuwan.port.apache.https: sets the exposed port for HTTPS.
Ports set must be different to avoid conflicts. Note that the provided Apache container will expose both ports to listen HTTPS and HTTP traffic, but you can unset any of them by modifying the provided configuration file.
Step 1: modify globalConfig.properties file
In case you modify the default ports, you must change the httpd.conf file located under [VOLUMES_DIR]/config-shared/ApacheLoadBalancer/conf folder.
Step 1: modify globalConfig.properties file
Locate the properties shown above and set them to the ports that you want to expose (default configuration is shown below):
Code Block | ||
---|---|---|
| ||
kiuwan.port.apache.http=80
kiuwan.port.apache.https=443 |
Step 2: modify httpd.conf file
First locate the ports Apache will listen to and set your selected ports. Default configuration is shown below (ports 80 and 443):
Code Block | ||
---|---|---|
| ||
# Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # Listen 80 Listen 443 |
Second, locate the default virtual host entry and change the assigned port. Default configuraiton is shown below (port 443):
Code Block | ||
---|---|---|
| ||
<VirtualHost *:443> |
Step 3: restart your servers
Modifying exposed ports in Kiuwan front instances
Modifying exposed ports in MySQL
Setting which ports Kiuwan should use
Kiuwan instances must know which ports you are exposing both in:
- The provided apache load balancer or your own front-end server.
- The provided MySQL databse or your own MySQL instance.
As both services can be externalized, there are two additional properties to configure these ports (found in the main configuration file [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):
- kiuwan.port: the port that will be used when generating dynamic URLs from Kiuwan. This port must match the one exposed by the front-end server.
- mysql.port: the port that will be used by Kiuwan to connect to the MySQL host. This port must match the one exposed by the MySQL server.
Configuration examples
Example 1
The following table shows how to set the values in globalConfig.properties file for an installation where:
- All Kiuwan containers are deployed in the same host (single host installation).
- Apache load balancer externalized. The Apache server listens to port 444.
- Apache will access Kiuwan On-Premises front servers through port 8009. If new front instances are added, the next port will be used for the new instance.
- MySQL has been externalized and is accessible though port 3344.
Property key | Value |
---|---|
kiuwan.port | 444 |
mysql.port | 3344 |
kiuwan.port.front1 | 8009 |
kiuwan.port.front2 | 8010 |
kiuwan.port.front[n] | 8009 + (n - 1) |
kiuwan.port.apache.http | Does not apply, service externalized |
kiuwan.port.apache.https | Does not apply, service externalized |
kiuwan.port.mysql | Does not apply, service externalized |
The front-end server must use ports 8009, 8010, etc. to access Kiuwan front servers.
Example 2
The following table shows how to set the values in globalConfig.properties file for an installation where:
- All Kiuwan containers are deployed in the same host (single host installation).
- Apache load balancer is NOT externalized and will listen to port 80 for HTTP and port 443 for HTTPS.
- Kiuwan On-Premises front servers should be accessible from the outside through port 8080. If new front instances are added, the next port will be used for the new instance.
- MySQL has NOT been externalized and will be accessible though port 3406 for direct external connections to the database.
Property key | Value |
---|---|
kiuwan.port | 443 |
mysql.port | 3306 |
kiuwan.port.front1 | 8080 |
kiuwan.port.front2 | 8081 |
kiuwan.port.front[n] | 8080 + (n - 1) |
kiuwan.port.apache.http | 80 |
kiuwan.port.apache.https | 443 |
kiuwan.port.mysql | 3406 |
The front-end server must use port 8443 to access Kiuwan front servers, as it belongs to the same Docker network, but a user will be able to access these front servers through ports 8080, 8081, etc. from outside the Kiuwan On-Premises host.
Externalizing services
Kiuwan On-Premises uses three main services under its infrastructure's hood:
- Apache: used as a load balancer when multiple Kiuwan frontal instances are running.
- Redis: an in-memory cache to speed up response times.
- MySQL: Kiuwan's main database.
If you want to use your own services for any of the previous ones, Kiuwan On-Premises can connect to them by bypassing their creation at installation time.
Configuring services to externalize
First of all, you will need to edit the main configuration file and mark which services you want to externalize:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
This table shows the properties you should modify when externalizing each service:
Service | Property | Default value |
---|---|---|
Apache | kiuwan.externalize.apacheloadbalancer | false |
Redis | kiuwan.externalize.redis.[cache|storage] | false |
MySQL | kiuwan.externalize.mysql | false |
When setting to "true" any of the previous properties, the corresponding service will be externalized and the installation tool will not manage any related instance. Note that all the configuration will be up to you, as the Kiuwan On-Premise installer will only be able to configure how Kiuwan On-Premise will connect to your own services.
Externalizing Apache
When externalizing this service you should take into account that:
- Each Kiuwan On-Premises frontal instance domain name is wildflykiuwan-f[n], [n] being the frontal instance number. Note that depending on your installation needs you may want to access each instance via IP or its own host name.
- Each Kiuwan On-Premises frontal instance only exposes one port for https/http/ajp traffic. By default, the port 8[n]43, [n] being the frontal instance number will be exposed. If you need to change the exposed ports refer to Changing exposed ports for more information.
- In case you are accessing through https scheme, you should provide your frontal service the needed certificates in order to make https connections available (please refer to Managing certificates for more information):
- domaincert.pem
- domainkey.pem
- cacert.pem
Externalizing Redis
It is mandatory for Kiuwan On-Premises to work with your Redis installation that it complies with these characteristics:
- Redis version must be equal or higher than 5.0.4.
- Redis must be configured as a cluster.
- Eviction policy must be set to "noeviction" (refer to Redis official documentation, maxmemory-policy configuration property).
In case you set Redis as an external service, Kiuwan On-Premises needs to know where the Redis nodes are deployed and which ports to use when connecting to them.
In case you use a special DNS that can resolve the same host to different hosts and ports (DNS Round-Robin or equivalent), you should configure just a single host in the "redis.[cache|store].nodes" properties.
All the needed configuration is located in the main configuration file:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
The following table shows the properties to configure (note that you should set exactly the same configuration for both "cache" and "store" Redis configurations):
Property | Meaning | Example |
---|---|---|
redis.[cache|store].nodes | Comma separated list of host and port for each Redis node | rn1.mydomain.com:6379,rn2.mydomain.com:6379,rn3.mydomain.com:6379,rn4.mydomain.com:6379,rn5.mydomain.com:6379,rn6.mydomain.com:6379 |
redis.[cache|store].timeout | Connection timeout in milliseconds | 2000 |
redis.[cache|store].password | Password to use when connecting to a node (leave empty if you have set no password access) | |
redis.[cache|store].clientName | Name of the client connection (defaults to empty) |
Externalizing MySQL
When externalizing MySQL note that your MySQL installation should comply with these characteristics:
- MySQL version 5.7
- Maximum number of connections: 130 per Kiuwan On-Premises instance.
Step 1: create Kiuwan On-Premises schemas
You should create the needed schemas in your MySQL installation. To do so, please execute this script with a user that has schema creation privileges:
Code Block | ||
---|---|---|
| ||
create database opt_activity CHARACTER SET utf8 COLLATE utf8_unicode_ci; create database opt_cinc CHARACTER SET utf8 COLLATE utf8_unicode_ci; create database opt_metamodel CHARACTER SET utf8 COLLATE utf8_unicode_ci; create database opt_qmm CHARACTER SET utf8 COLLATE utf8_unicode_ci; create database opt_transaction CHARACTER SET utf8 COLLATE utf8_unicode_ci; create database opt_insight CHARACTER SET utf8 COLLATE utf8_unicode_ci; |
Step 2: create Kiuwan On-Premises user
You should create the user that will be connecting to Kiuwan On-Premises schemas. Please run this script as an admin user to do so:
Code Block | ||
---|---|---|
| ||
create user '[USER]'@'%' identified by '[PASSWORD]'; grant all privileges on `opt_%`.* to '[USER]'@'%' identified by '[PASSWORD]'; flush privileges; |
Note that you should replace [USER] with the desired user name and [PASSWORD] with the desired password.
Step 3: configure your installation
The following table shows the properties to configure for Kiuwan On-Premises to connect to your own MySQL instance:
Property | Meaning | Example |
---|---|---|
mysql.host | Your MySQL installation host | mysqlkiuwan |
mysql.port | The connection port to access your MySQL installation | 3306 |
mysql.username | The user that will be connecting to Kiuwan On-Premises schemas (should match the one provided in the previous step) | csaas |
mysql.password | The user's password (should match the one provided in the previous step) |
Using Amazon S3 as file repository
Kiuwan On-Premises uses these shared file repositories to store analysis related data:
- kiuwanCentralRepository: stores analysis results files.
- kiuwanSourceCodeRepository: stores source code.
- kiuwanCustomConfigRepository: stores centralized analysis configuration files.
These Kiuwan On-Premises internal file repositories can be replaced with Amazon S3 buckets.
To do so, you should first configure these properties in the main configuration file ([VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties):
- centralFileRepository.type=s3
- sourceCodeFileRepository.type=s3
- customConfigFileRepository.type=s3
The following table shows the properties you should modify when making Kiuwan On-Premises connect to AWS S3 buckets:
Property | Meaning | Example |
---|---|---|
s3.privateBucket.bucketName | Your AWS S3 bucket name | s3mycompany-us |
s3.privateBucket.subDirectoryName | Your AWS S3 subdirectory name under the configured bucket | mydirectory |
s3.privateBucket.accessKeyId | AWS access key for your bucket | BS3BX35Z27UAQCEACTPQ |
s3.privateBucket.secretKeyId | AWS secret key for your bucket | Aasdfjklwe1234123lkjfasc21ssACasfEq124Da |
s3.dir.centralFileRepository | The main key prefix that will be used to keep the central file repository entries | kiuwanCentralWorkingDirectory/analysisData |
s3.dir.sourceCodeFileRepository | The main key prefix that will be used to keep the source code file repository entries | kiuwanCentralWorkingDirectory/analyzedSourceCode |
s3.dir.customConfigFileRepository | The main key prefix that will be used to keep the custom config file repository entries | kiuwanCentralWorkingDirectory/customConfig |
Configuration options reference
All configuration properties you can modify are located in this file, located inside your config-shared volume:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
Here is a complete list of the properties you can configure and their meaning (default passwords are omitted):
Property | Default value | Meaning |
---|---|---|
Installer behavior | ||
kiuwan.singlehost.nodes.front | wildflykiuwan-f1 | Service identifiers that will be used when starting and stopping Kiuwan through start-kiuwan.sh and stop-kiuwan.sh scripts. Change these values only in single-host installations where you want to manage multiple Kiuwan front/analyzer/scheduler instances. For example, if you want to start two front kiuwan nodes, simply set: kiuwan.singlehost.nodes.front=wildflykiuwan-f1 wildflykiuwan-f2 The same pattern would apply to the different kiuwan containers. |
kiuwan.singlehost.nodes.analyzers | wildflykiuwan-a1 | |
kiuwan.singlehost.nodes.schedulers | wildflykiuwan-s1 | |
kiuwan.clients.update | true | Update clients when update.sh is executed. Set to false if you need to run the update process without updating clients (in case there are any new available), propagate changes in this configuration file while not updating clients or run the update process when no connection to static.kiuwan.com is available. |
Kiuwan connection | ||
kiuwan.protocol | https | Kiuwan default access protocol |
kiuwan.domain | kiuwan.onpremise.local | Kiuwan default domain |
kiuwan.port | 443 | Kiuwan default access port |
kiuwan.nodes.access.protocol | https | Access protocol to Kiuwan front instances [https|http|ajp]. This will be the only accepted protocol to access Kiuwan front instances from the provided Apache balancer or your own balancer. Note that this property has nothing to do with "kiuwan.protocol" unless you do not use a frontend server like Apache to access Kiuwan. If this is the case, both properties must have the same value. |
kiuwan.proxy.autoconfig | true | Autoconfigure Kiuwan instances proxy. When true, Kiuwan instances will be automatically configured to use the proxy configured in your Docker installation (typically using a ~/.docker/config.json file). If you want to force Kiuwan instances to use a different proxy settings, set this property to false and fill the kiuwan.*.proxy* properties values. |
Kiuwan instances alternative proxy | ||
These properties only apply when kiuwan.proxy.autoconfig is false. Note that the https properties are used to indicate the proxy to use when making https connections, not to configure a proxy that should be accessed through https. Ignore these properties if you want Kiuwan instances to use the proxy configured in your Docker installation. | ||
kiuwan.http.proxyHost | Proxy to use from Kiuwan instances when making http connections. | |
kiuwan.http.proxyPort | ||
kiuwan.http.proxyUser | ||
kiuwan.http.proxyPassword | ||
kiuwan.https.proxyHost | Proxy to use from Kiuwan instances when making https connections. | |
kiuwan.https.proxyPort | ||
kiuwan.https.proxyUser | ||
kiuwan.https.proxyPassword | ||
kiuwan.http.nonProxyHosts | No proxy connection will be used when connecting to these comma separated list of hosts. | |
Kiuwan instances shared configuration | ||
kiuwan.mail.host | mail.kiuwan.local | Email server access configuration. It is mandatory that all kiuwan instances can access the specified host and port. |
kiuwan.mail.port | 25 | |
kiuwan.mail.authentication | true | Email server authentication enable flag. Set to false if your email server does not use a SMTP username/password authentication method. |
kiuwan.mail.username | admin.kiuwan | Email server username. |
kiuwan.mail.password | Email server password. | |
kiuwan.mail.from | admin.kiuwan@mail.kiuwan.local | Email account that will be used in the "from" field when composing emails. This field is mandatory, do not leave blank. |
kiuwan.mail.secure.layer | ssl | The security layer that your mail server uses [ssl|tls|none]. Set to none if your Email server only supports plain text connections. |
kiuwan.mail.secure.layer.value | true | The value to set to the security layer configuration flag. Only applies when kiuwan.mail.secure.layer is set to ssl or tls. |
kiuwan.default.mail.account | admin.kiuwan@mail.kiuwan.local | Mail account that will be assigned to the default Kiuwan account. |
timezone | Europe/Madrid | Kiuwan servers timezone. Please refer to Supported timezones page for a complete list of supported time zones. |
java.keystore.password | Java keystore password. Note that Kiuwan will use this password to access the generated keystore and must be aligned with the one provided in the field "java.keystore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates. | |
java.truststore.password | Java truststore password. Note that Kiuwan will use this password to access the generated truststore and must be aligned with the one provided in the field "java.truststore.password" in ssl/config/certs.properties file. Make sure they are aligned when creating your own certificates. | |
Kiuwan file repositories | ||
centralFileRepository.type | filesystem | Central file repository storage type [filesystem|s3]. |
sourceCodeFileRepository.type | filesystem | Source code repository storage type [filesystem|s3]. |
customConfigFileRepository.type | filesystem | Custom config repository storage type [filesystem|s3]. |
s3.privateBucket.bucketName | S3 bucket name (only applies when using AWS S3 type repositories). | |
s3.privateBucket.subDirectoryName | S3 subdirectory name (only applies when using AWS S3 type repositories). | |
s3.privateBucket.accessKeyId | Access key id (only applies when using AWS S3 type repositories). | |
s3.privateBucket.secretKeyId | Secret key id (only applies when using AWS S3 type repositories). | |
s3.dir.centralFileRepository | Central file repository directory (only applies when using AWS S3 type repositories). | |
s3.dir.sourceCodeFileRepository | Source code file repository directory (only applies when using AWS S3 type repositories). | |
s3.dir.customConfigFileRepository | Centralized configuration file repository directory (only applies when using AWS S3 type repositories). | |
Kiuwan front instances | ||
kiuwan.port.front[n] | 8[n]43 | Ports that will be exposed by each kiuwan front container instance. Note that depending on the kiuwan front instances that you are starting some of these ports will be ignored. |
kiuwan.nodes.front.max.memory | 2048m | Max memory to set to front instances |
session.timeout | 3600 | Time a session can be inactive before close it (in seconds) |
session.secure | false | Use the secure attribute of the session cookie. Set this field to true only if you plan accessing your Kiuwan On-Premises installation through https. |
session.httponly | false | Use the httponly attribute of the session cookie. |
Kiuwan analyzer instances | ||
kiuwan.nodes.analyzers.max.memory | 4096m | Max memory to set to analyzer instances. |
queues.reportsGeneratedQueueSize | 2 | Number of slots enabled for analysis processing. |
Kiuwan scheduler instances | ||
kiuwan.nodes.schedulers.max.memory | 2048m | Max memory to set to front instances. |
Apache load balancer | ||
kiuwan.port.apache.http | 80 | Ports that will be exposed by the Apache load balancer container. When using the provided load balancer, the specified "kiuwan.port.apache.https" (or "kiuwan.port.apache.http" when disabling https support) must match the value set to "kiuwan.port field". When externalizing this service, their values have no effect. |
kiuwan.port.apache.https | 443 | |
MySQL | ||
kiuwan.port.mysql | 3306 | Port that will be exposed by the MySQL container. When using the provided MySQL, its value must match the one specified in "mysql.port" field. When externalizing this service, its value has no effect. |
mysql.host | mysqlkiuwan | MySQL connection settings. Note that this must be aligned with the configured MySQL port or your external MySQL service in case you are externalizing MySQL. |
mysql.port | 3306 | |
mysql.username | csaas | MySQL connection authentication settings. Note that a MySQL user with the specified credentials will be automatically created when installing from scratch if you are running the provided MySQL service. In case you want to change the user accessing Kiuwan's schemas after the installation is completed, you must manually create the user both in the provided MySQL or an externalized one. |
mysql.password | ||
mysql.config.useSSL | false | Enable or disable the use of encryption when connecting to MySQL |
mysql.config.requireSSL | false | Force the use of encryption when connecting to MySQL |
mysql.config.verifyServerCertificate | false | Force the validation of the certificate served MySQL |
Redis Cluster cache and store | ||
redis.[cache|store].nodes | redis_0000[1-6]:6379 | Redis nodes hosts (use the provided single host name when using elasticache) |
redis.[cache|store].timeout | 2000 | Redis connection timeout |
redis.[cache|store].password | Redis password | |
redis.[cache|store].clientName | Redis client name |
Supported timezones reference
The following table shows the available timezones that can be set to the Kiuwan On-Premises server when editing the main configuration file located in:
- [VOLUMES_DIR]/config-shared/globalConfig/globalConfig.properties
Note that you can set only one of these values to the timezone property found in the previous file:
Time zone | GMT offset |
---|---|
Africa/Abidjan | 0 |
Africa/Accra | 0 |
Africa/Addis_Ababa | 3 |
Africa/Algiers | 1 |
Africa/Asmara | 3 |
Africa/Asmera | 3 |
Africa/Bamako | 0 |
Africa/Bangui | 1 |
Africa/Banjul | 0 |
Africa/Bissau | 0 |
Africa/Blantyre | 2 |
Africa/Brazzaville | 1 |
Africa/Bujumbura | 2 |
Africa/Cairo | 2 |
Africa/Casablanca | 0 |
Africa/Ceuta | 1 |
Africa/Conakry | 0 |
Africa/Dakar | 0 |
Africa/Dar_es_Salaam | 3 |
Africa/Djibouti | 3 |
Africa/Douala | 1 |
Africa/El_Aaiun | 0 |
Africa/Freetown | 0 |
Africa/Gaborone | 2 |
Africa/Harare | 2 |
Africa/Johannesburg | 2 |
Africa/Juba | 3 |
Africa/Kampala | 3 |
Africa/Khartoum | 2 |
Africa/Kigali | 2 |
Africa/Kinshasa | 1 |
Africa/Lagos | 1 |
Africa/Libreville | 1 |
Africa/Lome | 0 |
Africa/Luanda | 1 |
Africa/Lubumbashi | 2 |
Africa/Lusaka | 2 |
Africa/Malabo | 1 |
Africa/Maputo | 2 |
Africa/Maseru | 2 |
Africa/Mbabane | 2 |
Africa/Mogadishu | 3 |
Africa/Monrovia | 0 |
Africa/Nairobi | 3 |
Africa/Ndjamena | 1 |
Africa/Niamey | 1 |
Africa/Nouakchott | 0 |
Africa/Ouagadougou | 0 |
Africa/Porto-Novo | 1 |
Africa/Sao_Tome | 0 |
Africa/Timbuktu | 0 |
Africa/Tripoli | 2 |
Africa/Tunis | 1 |
Africa/Windhoek | 2 |
America/Adak | -10 |
America/Anchorage | -9 |
America/Anguilla | -4 |
America/Antigua | -4 |
America/Araguaina | -3 |
America/Argentina/Buenos_Aires | -3 |
America/Argentina/Catamarca | -3 |
America/Argentina/ComodRivadavia | -3 |
America/Argentina/Cordoba | -3 |
America/Argentina/Jujuy | -3 |
America/Argentina/La_Rioja | -3 |
America/Argentina/Mendoza | -3 |
America/Argentina/Rio_Gallegos | -3 |
America/Argentina/Salta | -3 |
America/Argentina/San_Juan | -3 |
America/Argentina/San_Luis | -3 |
America/Argentina/Tucuman | -3 |
America/Argentina/Ushuaia | -3 |
America/Aruba | -4 |
America/Asuncion | -4 |
America/Atikokan | -5 |
America/Atka | -10 |
America/Bahia | -3 |
America/Bahia_Banderas | -6 |
America/Barbados | -4 |
America/Belem | -3 |
America/Belize | -6 |
America/Blanc-Sablon | -4 |
America/Boa_Vista | -4 |
America/Bogota | -5 |
America/Boise | -7 |
America/Buenos_Aires | -3 |
America/Cambridge_Bay | -7 |
America/Campo_Grande | -4 |
America/Cancun | -5 |
America/Caracas | -4 |
America/Catamarca | -3 |
America/Cayenne | -3 |
America/Cayman | -5 |
America/Chicago | -6 |
America/Chihuahua | -7 |
America/Coral_Harbour | -5 |
America/Cordoba | -3 |
America/Costa_Rica | -6 |
America/Creston | -7 |
America/Cuiaba | -4 |
America/Curacao | -4 |
America/Danmarkshavn | 0 |
America/Dawson | -8 |
America/Dawson_Creek | -7 |
America/Denver | -7 |
America/Detroit | -5 |
America/Dominica | -4 |
America/Edmonton | -7 |
America/Eirunepe | -5 |
America/El_Salvador | -6 |
America/Ensenada | -8 |
America/Fort_Nelson | -7 |
America/Fort_Wayne | -5 |
America/Fortaleza | -3 |
America/Glace_Bay | -4 |
America/Godthab | -3 |
America/Goose_Bay | -4 |
America/Grand_Turk | -5 |
America/Grenada | -4 |
America/Guadeloupe | -4 |
America/Guatemala | -6 |
America/Guayaquil | -5 |
America/Guyana | -4 |
America/Halifax | -4 |
America/Havana | -5 |
America/Hermosillo | -7 |
America/Indiana/Indianapolis | -5 |
America/Indiana/Knox | -6 |
America/Indiana/Marengo | -5 |
America/Indiana/Petersburg | -5 |
America/Indiana/Tell_City | -6 |
America/Indiana/Vevay | -5 |
America/Indiana/Vincennes | -5 |
America/Indiana/Winamac | -5 |
America/Indianapolis | -5 |
America/Inuvik | -7 |
America/Iqaluit | -5 |
America/Jamaica | -5 |
America/Jujuy | -3 |
America/Juneau | -9 |
America/Kentucky/Louisville | -5 |
America/Kentucky/Monticello | -5 |
America/Knox_IN | -6 |
America/Kralendijk | -4 |
America/La_Paz | -4 |
America/Lima | -5 |
America/Los_Angeles | -8 |
America/Louisville | -5 |
America/Lower_Princes | -4 |
America/Maceio | -3 |
America/Managua | -6 |
America/Manaus | -4 |
America/Marigot | -4 |
America/Martinique | -4 |
America/Matamoros | -6 |
America/Mazatlan | -7 |
America/Mendoza | -3 |
America/Menominee | -6 |
America/Merida | -6 |
America/Metlakatla | -9 |
America/Mexico_City | -6 |
America/Miquelon | -3 |
America/Moncton | -4 |
America/Monterrey | -6 |
America/Montevideo | -3 |
America/Montreal | -5 |
America/Montserrat | -4 |
America/Nassau | -5 |
America/New_York | -5 |
America/Nipigon | -5 |
America/Nome | -9 |
America/Noronha | -2 |
America/North_Dakota/Beulah | -6 |
America/North_Dakota/Center | -6 |
America/North_Dakota/New_Salem | -6 |
America/Ojinaga | -7 |
America/Panama | -5 |
America/Pangnirtung | -5 |
America/Paramaribo | -3 |
America/Phoenix | -7 |
America/Port-au-Prince | -5 |
America/Port_of_Spain | -4 |
America/Porto_Acre | -5 |
America/Porto_Velho | -4 |
America/Puerto_Rico | -4 |
America/Punta_Arenas | -3 |
America/Rainy_River | -6 |
America/Rankin_Inlet | -6 |
America/Recife | -3 |
America/Regina | -6 |
America/Resolute | -6 |
America/Rio_Branco | -5 |
America/Rosario | -3 |
America/Santa_Isabel | -8 |
America/Santarem | -3 |
America/Santiago | -4 |
America/Santo_Domingo | -4 |
America/Sao_Paulo | -3 |
America/Scoresbysund | -1 |
America/Shiprock | -7 |
America/Sitka | -9 |
America/St_Barthelemy | -4 |
America/St_Johns | -3 |
America/St_Kitts | -4 |
America/St_Lucia | -4 |
America/St_Thomas | -4 |
America/St_Vincent | -4 |
America/Swift_Current | -6 |
America/Tegucigalpa | -6 |
America/Thule | -4 |
America/Thunder_Bay | -5 |
America/Tijuana | -8 |
America/Toronto | -5 |
America/Tortola | -4 |
America/Vancouver | -8 |
America/Virgin | -4 |
America/Whitehorse | -8 |
America/Winnipeg | -6 |
America/Yakutat | -9 |
America/Yellowknife | -7 |
Antarctica/Casey | 8 |
Antarctica/Davis | 7 |
Antarctica/DumontDUrville | 10 |
Antarctica/Macquarie | 11 |
Antarctica/Mawson | 5 |
Antarctica/McMurdo | 12 |
Antarctica/Palmer | -3 |
Antarctica/Rothera | -3 |
Antarctica/South_Pole | 12 |
Antarctica/Syowa | 3 |
Antarctica/Troll | 0 |
Antarctica/Vostok | 6 |
Arctic/Longyearbyen | 1 |
Asia/Aden | 3 |
Asia/Almaty | 6 |
Asia/Amman | 2 |
Asia/Anadyr | 12 |
Asia/Aqtau | 5 |
Asia/Aqtobe | 5 |
Asia/Ashgabat | 5 |
Asia/Ashkhabad | 5 |
Asia/Atyrau | 5 |
Asia/Baghdad | 3 |
Asia/Bahrain | 3 |
Asia/Baku | 4 |
Asia/Bangkok | 7 |
Asia/Barnaul | 7 |
Asia/Beirut | 2 |
Asia/Bishkek | 6 |
Asia/Brunei | 8 |
Asia/Calcutta | 5 |
Asia/Chita | 9 |
Asia/Choibalsan | 8 |
Asia/Chongqing | 8 |
Asia/Chungking | 8 |
Asia/Colombo | 5 |
Asia/Dacca | 6 |
Asia/Damascus | 2 |
Asia/Dhaka | 6 |
Asia/Dili | 9 |
Asia/Dubai | 4 |
Asia/Dushanbe | 5 |
Asia/Famagusta | 2 |
Asia/Gaza | 2 |
Asia/Harbin | 8 |
Asia/Hebron | 2 |
Asia/Ho_Chi_Minh | 7 |
Asia/Hong_Kong | 8 |
Asia/Hovd | 7 |
Asia/Irkutsk | 8 |
Asia/Istanbul | 3 |
Asia/Jakarta | 7 |
Asia/Jayapura | 9 |
Asia/Jerusalem | 2 |
Asia/Kabul | 4 |
Asia/Kamchatka | 12 |
Asia/Karachi | 5 |
Asia/Kashgar | 6 |
Asia/Kathmandu | 5 |
Asia/Katmandu | 5 |
Asia/Khandyga | 9 |
Asia/Kolkata | 5 |
Asia/Krasnoyarsk | 7 |
Asia/Kuala_Lumpur | 8 |
Asia/Kuching | 8 |
Asia/Kuwait | 3 |
Asia/Macao | 8 |
Asia/Macau | 8 |
Asia/Magadan | 11 |
Asia/Makassar | 8 |
Asia/Manila | 8 |
Asia/Muscat | 4 |
Asia/Nicosia | 2 |
Asia/Novokuznetsk | 7 |
Asia/Novosibirsk | 7 |
Asia/Omsk | 6 |
Asia/Oral | 5 |
Asia/Phnom_Penh | 7 |
Asia/Pontianak | 7 |
Asia/Pyongyang | 9 |
Asia/Qatar | 3 |
Asia/Qostanay | 6 |
Asia/Qyzylorda | 5 |
Asia/Rangoon | 6 |
Asia/Riyadh | 3 |
Asia/Saigon | 7 |
Asia/Sakhalin | 11 |
Asia/Samarkand | 5 |
Asia/Seoul | 9 |
Asia/Shanghai | 8 |
Asia/Singapore | 8 |
Asia/Srednekolymsk | 11 |
Asia/Taipei | 8 |
Asia/Tashkent | 5 |
Asia/Tbilisi | 4 |
Asia/Tehran | 3 |
Asia/Tel_Aviv | 2 |
Asia/Thimbu | 6 |
Asia/Thimphu | 6 |
Asia/Tokyo | 9 |
Asia/Tomsk | 7 |
Asia/Ujung_Pandang | 8 |
Asia/Ulaanbaatar | 8 |
Asia/Ulan_Bator | 8 |
Asia/Urumqi | 6 |
Asia/Ust-Nera | 10 |
Asia/Vientiane | 7 |
Asia/Vladivostok | 10 |
Asia/Yakutsk | 9 |
Asia/Yangon | 6 |
Asia/Yekaterinburg | 5 |
Asia/Yerevan | 4 |
Atlantic/Azores | -1 |
Atlantic/Bermuda | -4 |
Atlantic/Canary | 0 |
Atlantic/Cape_Verde | -1 |
Atlantic/Faeroe | 0 |
Atlantic/Faroe | 0 |
Atlantic/Jan_Mayen | 1 |
Atlantic/Madeira | 0 |
Atlantic/Reykjavik | 0 |
Atlantic/South_Georgia | -2 |
Atlantic/St_Helena | 0 |
Atlantic/Stanley | -3 |
Australia/ACT | 10 |
Australia/Adelaide | 9 |
Australia/Brisbane | 10 |
Australia/Broken_Hill | 9 |
Australia/Canberra | 10 |
Australia/Currie | 10 |
Australia/Darwin | 9 |
Australia/Eucla | 8 |
Australia/Hobart | 10 |
Australia/LHI | 10 |
Australia/Lindeman | 10 |
Australia/Lord_Howe | 10 |
Australia/Melbourne | 10 |
Australia/NSW | 10 |
Australia/North | 9 |
Australia/Perth | 8 |
Australia/Queensland | 10 |
Australia/South | 9 |
Australia/Sydney | 10 |
Australia/Tasmania | 10 |
Australia/Victoria | 10 |
Australia/West | 8 |
Australia/Yancowinna | 9 |
Brazil/Acre | -5 |
Brazil/DeNoronha | -2 |
Brazil/East | -3 |
Brazil/West | -4 |
CET | 1 |
CST6CDT | -6 |
Canada/Atlantic | -4 |
Canada/Central | -6 |
Canada/Eastern | -5 |
Canada/Mountain | -7 |
Canada/Newfoundland | -3 |
Canada/Pacific | -8 |
Canada/Saskatchewan | -6 |
Canada/Yukon | -8 |
Chile/Continental | -4 |
Chile/EasterIsland | -6 |
Cuba | -5 |
EET | 2 |
EST5EDT | -5 |
Egypt | 2 |
Eire | 0 |
Etc/GMT | 0 |
Etc/GMT+0 | 0 |
Etc/GMT+1 | -1 |
Etc/GMT+10 | -10 |
Etc/GMT+11 | -11 |
Etc/GMT+12 | -12 |
Etc/GMT+2 | -2 |
Etc/GMT+3 | -3 |
Etc/GMT+4 | -4 |
Etc/GMT+5 | -5 |
Etc/GMT+6 | -6 |
Etc/GMT+7 | -7 |
Etc/GMT+8 | -8 |
Etc/GMT+9 | -9 |
Etc/GMT-0 | 0 |
Etc/GMT-1 | 1 |
Etc/GMT-10 | 10 |
Etc/GMT-11 | 11 |
Etc/GMT-12 | 12 |
Etc/GMT-13 | 13 |
Etc/GMT-14 | 14 |
Etc/GMT-2 | 2 |
Etc/GMT-3 | 3 |
Etc/GMT-4 | 4 |
Etc/GMT-5 | 5 |
Etc/GMT-6 | 6 |
Etc/GMT-7 | 7 |
Etc/GMT-8 | 8 |
Etc/GMT-9 | 9 |
Etc/GMT0 | 0 |
Etc/Greenwich | 0 |
Etc/UCT | 0 |
Etc/UTC | 0 |
Etc/Universal | 0 |
Etc/Zulu | 0 |
Europe/Amsterdam | 1 |
Europe/Andorra | 1 |
Europe/Astrakhan | 4 |
Europe/Athens | 2 |
Europe/Belfast | 0 |
Europe/Belgrade | 1 |
Europe/Berlin | 1 |
Europe/Bratislava | 1 |
Europe/Brussels | 1 |
Europe/Bucharest | 2 |
Europe/Budapest | 1 |
Europe/Busingen | 1 |
Europe/Chisinau | 2 |
Europe/Copenhagen | 1 |
Europe/Dublin | 0 |
Europe/Gibraltar | 1 |
Europe/Guernsey | 0 |
Europe/Helsinki | 2 |
Europe/Isle_of_Man | 0 |
Europe/Istanbul | 3 |
Europe/Jersey | 0 |
Europe/Kaliningrad | 2 |
Europe/Kiev | 2 |
Europe/Kirov | 3 |
Europe/Lisbon | 0 |
Europe/Ljubljana | 1 |
Europe/London | 0 |
Europe/Luxembourg | 1 |
Europe/Madrid | 1 |
Europe/Malta | 1 |
Europe/Mariehamn | 2 |
Europe/Minsk | 3 |
Europe/Monaco | 1 |
Europe/Moscow | 3 |
Europe/Nicosia | 2 |
Europe/Oslo | 1 |
Europe/Paris | 1 |
Europe/Podgorica | 1 |
Europe/Prague | 1 |
Europe/Riga | 2 |
Europe/Rome | 1 |
Europe/Samara | 4 |
Europe/San_Marino | 1 |
Europe/Sarajevo | 1 |
Europe/Saratov | 4 |
Europe/Simferopol | 3 |
Europe/Skopje | 1 |
Europe/Sofia | 2 |
Europe/Stockholm | 1 |
Europe/Tallinn | 2 |
Europe/Tirane | 1 |
Europe/Tiraspol | 2 |
Europe/Ulyanovsk | 4 |
Europe/Uzhgorod | 2 |
Europe/Vaduz | 1 |
Europe/Vatican | 1 |
Europe/Vienna | 1 |
Europe/Vilnius | 2 |
Europe/Volgograd | 4 |
Europe/Warsaw | 1 |
Europe/Zagreb | 1 |
Europe/Zaporozhye | 2 |
Europe/Zurich | 1 |
GB | 0 |
GB-Eire | 0 |
GMT | 0 |
GMT0 | 0 |
Greenwich | 0 |
Hongkong | 8 |
Iceland | 0 |
Indian/Antananarivo | 3 |
Indian/Chagos | 6 |
Indian/Christmas | 7 |
Indian/Cocos | 6 |
Indian/Comoro | 3 |
Indian/Kerguelen | 5 |
Indian/Mahe | 4 |
Indian/Maldives | 5 |
Indian/Mauritius | 4 |
Indian/Mayotte | 3 |
Indian/Reunion | 4 |
Iran | 3 |
Israel | 2 |
Jamaica | -5 |
Japan | 9 |
Kwajalein | 12 |
Libya | 2 |
MET | 1 |
MST7MDT | -7 |
Mexico/BajaNorte | -8 |
Mexico/BajaSur | -7 |
Mexico/General | -6 |
NZ | 12 |
NZ-CHAT | 12 |
Navajo | -7 |
PRC | 8 |
PST8PDT | -8 |
Pacific/Apia | 13 |
Pacific/Auckland | 12 |
Pacific/Bougainville | 11 |
Pacific/Chatham | 12 |
Pacific/Chuuk | 10 |
Pacific/Easter | -6 |
Pacific/Efate | 11 |
Pacific/Enderbury | 13 |
Pacific/Fakaofo | 13 |
Pacific/Fiji | 12 |
Pacific/Funafuti | 12 |
Pacific/Galapagos | -6 |
Pacific/Gambier | -9 |
Pacific/Guadalcanal | 11 |
Pacific/Guam | 10 |
Pacific/Honolulu | -10 |
Pacific/Johnston | -10 |
Pacific/Kiritimati | 14 |
Pacific/Kosrae | 11 |
Pacific/Kwajalein | 12 |
Pacific/Majuro | 12 |
Pacific/Marquesas | -9 |
Pacific/Midway | -11 |
Pacific/Nauru | 12 |
Pacific/Niue | -11 |
Pacific/Norfolk | 11 |
Pacific/Noumea | 11 |
Pacific/Pago_Pago | -11 |
Pacific/Palau | 9 |
Pacific/Pitcairn | -8 |
Pacific/Pohnpei | 11 |
Pacific/Ponape | 11 |
Pacific/Port_Moresby | 10 |
Pacific/Rarotonga | -10 |
Pacific/Saipan | 10 |
Pacific/Samoa | -11 |
Pacific/Tahiti | -10 |
Pacific/Tarawa | 12 |
Pacific/Tongatapu | 13 |
Pacific/Truk | 10 |
Pacific/Wake | 12 |
Pacific/Wallis | 12 |
Pacific/Yap | 10 |
Poland | 1 |
Portugal | 0 |
ROK | 9 |
Singapore | 8 |
SystemV/AST4 | -4 |
SystemV/AST4ADT | -4 |
SystemV/CST6 | -6 |
SystemV/CST6CDT | -6 |
SystemV/EST5 | -5 |
SystemV/EST5EDT | -5 |
SystemV/HST10 | -10 |
SystemV/MST7 | -7 |
SystemV/MST7MDT | -7 |
SystemV/PST8 | -8 |
SystemV/PST8PDT | -8 |
SystemV/YST9 | -9 |
SystemV/YST9YDT | -9 |
Turkey | 3 |
UCT | 0 |
US/Alaska | -9 |
US/Aleutian | -10 |
US/Arizona | -7 |
US/Central | -6 |
US/East-Indiana | -5 |
US/Eastern | -5 |
US/Hawaii | -10 |
US/Indiana-Starke | -6 |
US/Michigan | -5 |
US/Mountain | -7 |
US/Pacific | -8 |
US/Pacific-New | -8 |
US/Samoa | -11 |
UTC | 0 |
Universal | 0 |
W-SU | 3 |
WET | 0 |
Zulu | 0 |