Skip to main content
Version: 1.18.1 (latest)

Configure LiveData UI

Find details here for the configuration properties of LiveData Migrator UI. Properties are defined in the following file:

/etc/wandisco/ui/application-prod.properties

Restart the LiveData UI service when adding new properties or changing existing values:

service livedata-ui restart

General configuration#

Configure how the UI is run overall.

NameDetails
server.portSet the port on which the UI will be available. This is overridden by the server.ssl.port when TLS is enabled.

Default value: 8081
Allowed values: An integer value between 1024 and 65535

Logging#

Configure how the UI logs information about its state or user interactions.

NameDetails
logging.output.pathThe output path for all logging.

Default value: /var/log/wandisco/ui
Allowed values: The full path to a valid directory that is writable by the user running the UI (typically hdfs.)
logging.level.ROOTThe log level.

Default value: INFO
Allowed values: A valid log level: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, or OFF
logging.audit.output.filenameThe output filename for the audit log. This will be suffixed with the date in yyyy-MM-dd format.

Default value: livedata_ui_audit
Allowed values: A valid string
logging.audit.days-keptThe amount of days that the audit log will be retained.

Default value: 90
Allowed values: An integer value representing the number of days

Reset admin user password#

Reset the admin user's password for LiveData Migrator by creating a file named reset.password in the UI configuration directory (/etc/wandisco/ui by default).

Provide details within the file as follows:

email=user@domain.compassword=newPassword

Restart the UI server after the file has been created.

When the LiveData UI restarts, it updates the password to the value provided in the file. The email address in the file must not be changed for this to successfully occur.

note

This process cannot be used for users other than the admin. It does not work for the admin user's email address, which cannot be changed.

User management through LDAP#

Use LDAP to set up access privileges for LiveData UI users.

note

You may also configure LDAP authentication in the CLI. It is recommended to configure LDAP in the UI, as it will provide more diagnostic information if incorrect details are supplied.

You can configure the LDAP login credentials for LiveData Migrator users through the UI:

  1. Anywhere in the LiveData Migrator UI, open Settings by clicking on the gear icon in the bottom left.
  2. Select LDAP Authentication from the Settings panel that opens.
  3. Tick the box labelled Enable LDAP Authentication at the top of the page.
  4. Fill in the LDAP Server Configuration Details section with the authentication details for your LDAP Server.
  5. Click the Check Connection button to test your connection to the LDAP server.

Add users to LiveData Migrator through LDAP#

  1. Fill in the User Search Configuration section to select which users you wish to apply the LDAP Server Configuration details to.
  2. Confirm the user matches automatically returned by the form are as you intended.
  3. Click the Save button to save the configuration and log out all LiveData Migrator users currently in the UI.
  4. Click the confirmation dialogue option to restart the LiveData UI to apply the changes. Log back in to the UI afterwards.

The configuration form in the UI provides all that you need to know to acquire the necessary information.

note

After you save your configured LDAP login credentials, all users currently logged in to the LiveData Migrator UI will be logged out.

Manage LDAP user access control#

Use the Access Control tab in the Settings panel to manage LDAP user privileges, setting Read-Only or Admin privileges. You can also enable Default access to Read Only to set the default LiveData Migrator privileges for LDAP users to Read Only.

note

This process requires user groups to be set up in the LDAP server.

To manage user privileges by group, first configure LiveData Migrator to search for groups in the Access Control tab:

  1. Fill in the LDAP Group Filter with a query denoting the field in a group that will select the intended users. For example, (uniqueMember={0}) (the {0} will be automatically filled in with the full distinguished name of each user).
  2. Add the name attribute used by the groups in your LDAP server under Group Name Attribute, such as cn. LiveData Migrator will check this attribute in each group for any groups you name in the privilege assignment section below.
  3. Specify the search base for the LDAP group under LDAP Group Search Base and choose whether you want to search only the immediate base (One Level Search) or all subtrees within it (Subtree Search). Leaving the search base blank will search from the root of the hierarchy.

Once you have defined how to find groups in your LDAP server, add the groups you want to the corresponding privileges lists:

  • Add the group reference name to Read Only Groups to assign everyone in the group Read Only privileges.
  • Add the group reference name to Admin Groups to assign everyone in the group Admin privileges.

Add additional entries via the "Add" button indicated by a + in the UI.

note

Users in groups assigned to both roles (Read Only and Admin) will receive the most privileged role (in this case, Admin).

Click Apply to save any changes to settings made. Any changes to user privileges will take effect in their next login session.

note

Restart the UI server to immediately apply changes to all users:

service livedata-ui restart

Example#

Where you might have the following LDAP group:

cn=admins,ou=subgroups,ou=groups,dc=springframework,dc=org
Attributesobjectclass: topobjectclass: groupOfUniqueNamescn: adminsou: adminuniqueMember:uid=rob@test.com,ou=people,dc=springframework,dc=orguniqueMember:uid=joe,ou=otherpeople,dc=springframework,dc=org

Supply an LDAP Group Filter of (uniqueMember={0}), and a Group Name Attribute of cn. You may leave the LDAP Group Search Base empty and select Subtree Search to search the root level and all groups contained within. Finally, to give users in the group admin privileges, supply the cn value of the group (admins) to the Admin groups field below.

Admin Groupsadmins

Once you've finished making changes to group privileges, click Apply to save the new settings. Changes will be applied to each user at their next login.

Using LDAPS#

To use LDAPS, you need a trusted certificate in the UI JVM truststore that matches the certificate presented by the LDAP server. By default, the JVM running the UI uses a truststore called cacerts.

To use a self-issued LDAP server certificate, you must import the certificate for this private certificate authority into the cacerts file. See the Oracle documentation for steps to import a trusted certificate into a truststore.

Security#

Basic authentication compatibility#

If basic authentication is enabled on LiveData Migrator or Hive Migrator (or both), additional steps are required to maintain LiveData UI functionality.

LiveData Migrator#

Follow the steps below to configure the LiveData UI to work with LiveData Migrator basic authentication:

  1. On the LiveData UI host, run the following command:

    # livedata-ui encryptor

  2. Select option 3. Setup LDM Basic Auth.

  3. Enter the username and password values in plain text that were defined for the security.basic.user and security.basic.password properties in the application.properties file.

  4. Select the Exit option once complete.

  5. Restart all services to apply changes:

    service livedata-migrator restart; service hivemigrator restart; service livedata-ui restart

Hive Migrator#

Follow the steps below to configure the LiveData UI to work with Hive Migrator basic authentication:

  1. On the LiveData UI host, run the following command:

    # livedata-ui encryptor

  2. Select option 4. Setup HVM Basic Auth.

  3. In plain text, enter the username and password values that were defined for the username and password key values in /etc/wandico/hivemigrator/hivemigrator.yaml.

  4. Select Exit.

  5. Restart the LiveData UI for the updates to take effect:

service livedata-migrator restart; service hivemigrator restart; service livedata-ui restart

TLS#

Configure how the UI uses TLS, which is disabled by default.

NameDetails
server.ssl.enabledSet to true to enable TLS. If no other TLS values are set, this will use an internal keystore and a self-signed certificate to serve the UI.

Default value: false
Allowed values: true, false
server.ssl.portSet the port on which the UI should be available when TLS is enabled.

Default value: 8443
Allowed values: An integer value between 1024 and 65535
server.ssl.key-storeThe path to the key store which should be used instead of the internal default
server.ssl.key-store-passwordThe password to be used to access the key store
server.ssl.key-aliasThe alias of the certificate to be used
server.ssl.key-store-typeOptional: set the key store type. Defaults to PKCS12
application.liveMigratorV2.client.noCheckCertificateOptional: add this property and set the value to true if you want to implicitly trust certificates from remote LiveData Migrator instances.
Default value: false

Instead of using this property, we recommend that you import your server certificate into a truststore.
tip

The example command below will import a certificate named server_cert.key into an existing Java truststore named cacerts:

keytool -import -trustcacerts -alias wandisco-ui -file server_cert.key -keystore cacerts

For more information about parameters, see Oracle's documentation.

Configure a truststore#

View and update the truststore used by LiveData Migrator through the REST API.

View a truststore#

View the existing truststore parameters with a GET query sent to /config/ldm.

For example:

Example
curl http://localhost:18080/config/ldm/

Update a truststore#

Change the existing truststore parameters with a POST query sent to /config/ldm.

For example:

Example
curl -X POST http://localhost:18080/config/ldm -H 'Content-Type: application/json' -d '{ "port":911,"useSsl":"true","username":"name@host.domain","password":"examplepassword1532","trust-store":{"path":"/ssl/path","password":"keypassword","type":"JKS"}}'

Directory structure#

The following directories are used for the LiveData UI:

LocationContent
/var/log/wandisco/uiLogs
/etc/wandisco/uiConfiguration files
/opt/wandisco/uiOperation files
/var/run/livedata-uiRuntime files