Configure LiveData UI
Find details here for the configuration properties of LiveData Migrator UI. Properties are defined in the following file:
/etc/wandisco/ui/application-prod.properties
Restart the LiveData UI service when adding new properties or changing existing values:
service livedata-ui restart
#
General configurationConfigure how the UI is run overall.
Name | Details |
---|---|
server.port | Set the port on which the UI will be available. This is overridden by the server.ssl.port when TLS is enabled.Default value: 8081 Allowed values: An integer value between 1024 and 65535 |
#
LoggingConfigure how the UI logs information about its state or user interactions.
Name | Details |
---|---|
logging.output.path | The output path for all logging. Default value: /var/log/wandisco/ui Allowed values: The full path to a valid directory that is writable by the user running the UI (typically hdfs .) |
logging.level.ROOT | The log level. Default value: INFO Allowed values: A valid log level: TRACE , DEBUG , INFO , WARN , ERROR , FATAL , or OFF |
logging.audit.output.filename | The output filename for the audit log. This will be suffixed with the date in yyyy-MM-dd format.Default value: livedata_ui_audit Allowed values: A valid string |
logging.audit.days-kept | The amount of days that the audit log will be retained. Default value: 90 Allowed values: An integer value representing the number of days |
#
Reset admin user passwordReset the admin user's password for LiveData Migrator by creating a file named reset.password
in the UI configuration directory (/etc/wandisco/ui
by default).
Provide details within the file as follows:
email=user@domain.compassword=newPassword
Restart the UI server after the file has been created.
When the LiveData UI restarts, it updates the password to the value provided in the file. The email address in the file must not be changed for this to successfully occur.
note
This process cannot be used for users other than the admin. It does not work for the admin user's email address, which cannot be changed.
#
User management through LDAPUse LDAP to set up access privileges for LiveData UI users.
note
You may also configure LDAP authentication in the CLI. It is recommended to configure LDAP in the UI, as it will provide more diagnostic information if incorrect details are supplied.
You can configure the LDAP login credentials for LiveData Migrator users through the UI:
- Anywhere in the LiveData Migrator UI, open Settings by clicking on the gear icon in the bottom left.
- Select LDAP Authentication from the Settings panel that opens.
- Tick the box labelled Enable LDAP Authentication at the top of the page.
- Fill in the LDAP Server Configuration Details section with the authentication details for your LDAP Server.
- Click the Check Connection button to test your connection to the LDAP server.
#
Add users to LiveData Migrator through LDAP- Fill in the User Search Configuration section to select which users you wish to apply the LDAP Server Configuration details to.
- Confirm the user matches automatically returned by the form are as you intended.
- Click the Save button to save the configuration and log out all LiveData Migrator users currently in the UI.
- Click the confirmation dialogue option to restart the LiveData UI to apply the changes. Log back in to the UI afterwards.
The configuration form in the UI provides all that you need to know to acquire the necessary information.
note
After you save your configured LDAP login credentials, all users currently logged in to the LiveData Migrator UI will be logged out.
#
Manage LDAP user access controlUse the Access Control tab in the Settings panel to manage LDAP user privileges, setting Read-Only or Admin privileges. You can also enable Default access to Read Only to set the default LiveData Migrator privileges for LDAP users to Read Only.
note
This process requires user groups to be set up in the LDAP server.
To manage user privileges by group, first configure LiveData Migrator to search for groups in the Access Control tab:
- Fill in the LDAP Group Filter with a query denoting the field in a group that will select the intended users. For example,
(uniqueMember={0})
(the {0} will be automatically filled in with the full distinguished name of each user). - Add the name attribute used by the groups in your LDAP server under Group Name Attribute, such as
cn
. LiveData Migrator will check this attribute in each group for any groups you name in the privilege assignment section below. - Specify the search base for the LDAP group under LDAP Group Search Base and choose whether you want to search only the immediate base (One Level Search) or all subtrees within it (Subtree Search). Leaving the search base blank will search from the root of the hierarchy.
Once you have defined how to find groups in your LDAP server, add the groups you want to the corresponding privileges lists:
- Add the group reference name to Read Only Groups to assign everyone in the group Read Only privileges.
- Add the group reference name to Admin Groups to assign everyone in the group Admin privileges.
Add additional entries via the "Add" button indicated by a +
in the UI.
note
Users in groups assigned to both roles (Read Only and Admin) will receive the most privileged role (in this case, Admin).
Click Apply to save any changes to settings made. Any changes to user privileges will take effect in their next login session.
note
Restart the UI server to immediately apply changes to all users:
service livedata-ui restart
#
ExampleWhere you might have the following LDAP group:
cn=admins,ou=subgroups,ou=groups,dc=springframework,dc=org
Attributesobjectclass: topobjectclass: groupOfUniqueNamescn: adminsou: adminuniqueMember:uid=rob@test.com,ou=people,dc=springframework,dc=orguniqueMember:uid=joe,ou=otherpeople,dc=springframework,dc=org
Supply an LDAP Group Filter of (uniqueMember={0})
, and a Group Name Attribute of cn
. You may leave the LDAP Group Search Base empty and select Subtree Search to search the root level and all groups contained within. Finally, to give users in the group admin privileges, supply the cn
value of the group (admins
) to the Admin groups field below.
Admin Groupsadmins
Once you've finished making changes to group privileges, click Apply to save the new settings. Changes will be applied to each user at their next login.
#
Using LDAPSTo use LDAPS, you need a trusted certificate in the UI JVM truststore that matches the certificate presented by the LDAP server.
By default, the JVM running the UI uses a truststore called cacerts
.
To use a self-issued LDAP server certificate, you must import the certificate for this private certificate authority into the cacerts file. See the Oracle documentation for steps to import a trusted certificate into a truststore.
#
Security#
Basic authentication compatibilityIf basic authentication is enabled on LiveData Migrator or Hive Migrator (or both), additional steps are required to maintain LiveData UI functionality.
#
LiveData MigratorFollow the steps below to configure the LiveData UI to work with LiveData Migrator basic authentication:
On the LiveData UI host, run the following command:
# livedata-ui encryptor
Select option
3. Setup LDM Basic Auth
.Enter the
username
andpassword
values in plain text that were defined for thesecurity.basic.user
andsecurity.basic.password
properties in theapplication.properties
file.Select the
Exit
option once complete.Restart all services to apply changes:
service livedata-migrator restart; service hivemigrator restart; service livedata-ui restart
#
Hive MigratorFollow the steps below to configure the LiveData UI to work with Hive Migrator basic authentication:
On the LiveData UI host, run the following command:
# livedata-ui encryptor
Select option
4. Setup HVM Basic Auth
.In plain text, enter the
username
andpassword
values that were defined for theusername
andpassword
key values in/etc/wandico/hivemigrator/hivemigrator.yaml
.Select
Exit
.Restart the LiveData UI for the updates to take effect:
service livedata-migrator restart; service hivemigrator restart; service livedata-ui restart
#
TLSConfigure how the UI uses TLS, which is disabled by default.
Name | Details |
---|---|
server.ssl.enabled | Set to true to enable TLS. If no other TLS values are set, this will use an internal keystore and a self-signed certificate to serve the UI.Default value: false Allowed values: true , false |
server.ssl.port | Set the port on which the UI should be available when TLS is enabled. Default value: 8443 Allowed values: An integer value between 1024 and 65535 |
server.ssl.key-store | The path to the key store which should be used instead of the internal default |
server.ssl.key-store-password | The password to be used to access the key store |
server.ssl.key-alias | The alias of the certificate to be used |
server.ssl.key-store-type | Optional: set the key store type. Defaults to PKCS12 |
application.liveMigratorV2.client.noCheckCertificate | Optional: add this property and set the value to true if you want to implicitly trust certificates from remote LiveData Migrator instances. Default value: false Instead of using this property, we recommend that you import your server certificate into a truststore. |
tip
The example command below will import a certificate named server_cert.key
into an existing Java truststore named cacerts
:
keytool -import -trustcacerts -alias wandisco-ui -file server_cert.key -keystore cacerts
For more information about parameters, see Oracle's documentation.
#
Configure a truststoreView and update the truststore used by LiveData Migrator through the REST API.
#
View a truststoreView the existing truststore parameters with a GET query sent to /config/ldm
.
For example:
curl http://localhost:18080/config/ldm/
#
Update a truststoreChange the existing truststore parameters with a POST query sent to /config/ldm
.
For example:
curl -X POST http://localhost:18080/config/ldm -H 'Content-Type: application/json' -d '{ "port":911,"useSsl":"true","username":"name@host.domain","password":"examplepassword1532","trust-store":{"path":"/ssl/path","password":"keypassword","type":"JKS"}}'
#
Directory structureThe following directories are used for the LiveData UI:
Location | Content |
---|---|
/var/log/wandisco/ui | Logs |
/etc/wandisco/ui | Configuration files |
/opt/wandisco/ui | Operation files |
/var/run/livedata-ui | Runtime files |