Install and Configure Dashboard

This section describes how to:

Install the Insight Dashboard from either a ZIP archive or an RPM package, following the instructions in Install Dashboard Template from ZIP Archive or RHEL Only: Install Dashboard Template from RPM.
Create a dashboard instance, start it, and log on.
Once you complete this step you can proceed with the steps in Install and Configure Insight Agent. You can set up agent and dashboard accounts whenever you want. However, you are going to use SSL for dashboard-agent communication, it is best to complete the steps in Configure SSL for Dashboard before installing the Insight Agent.
Set up accounts that agents use to access the dashboard, as described in Configure Agent Accounts.
Set up accounts for users that will access the Dashboard, either within Insight or in your LDAP system, as described in Configure User Accounts in Insight and Configure Users in LDAP.
Configure SSL for the dashboard as described in Configure SSL for Dashboard.

Install Dashboard Template from ZIP Archive

The Spring Insight Operations ZIP archive contains a template for creating a Insight Dashboard instance. In this procedure, you unpack the package into the templates directory of a dedicated tc Server Spring Edition installation, and then create the Dashboard instance with the new template. (The Insight Agent installer is bundled with the dashboard.)

If you are installing from an RPM, follow the instructions in RHEL Only: Install Dashboard Template from RPM

Procedure

Log in to the computer on with the tc Server installation where you will run the Insight Dashboard as tcserver. On Unix, if you have disabled interactive login, log in as the root user and use su - tcserver to become the user.
From the VMware Download page, navigate to the VMware vFabric tc Server download page.
Download Spring Insight Operations, for example:
- insight-operationsversion.RELEASE.zip
Unpack the Insight Dashboard archive into the templates directory of the directory of the tc Server installation, such that the insight-dashboard directory is a subdirectory of it, for example:
/opt/vmware/vfabric-tc-server-standard-2.7.0.RELEASE/templates/insight-dashboard
Note: If you acquired tc Server as part of vFabric Suite, the dashboard template may already exist in the templates directory, in which case you need not re-install it.

Next Step

Create and Start Dashboard

RHEL Only: Install Dashboard Template from RPM

VMware recommends that you use yum to install vFabric tc Server and the Insight Operations components from the VMware RPM repository. The two procedures in this section describe how to install the VMware repositories, and how to use yum to install Insight Operations components.

Install vFabric Repository RPMs

Installing the vFabric repository RPMs makes it easy for you to browse the vFabric RPMs available in the VMware repositories.

On the RHEL VM where you will install the Dashboard template, start a terminal either as the root user or as an unprivileged user using sudo.
Depending on the version of the vFabric Suite you are using, install the appropriate repository RPMs:
- For vFabric Suite 5.2, use these commands to install the vFabric repository RPM. The URLs differ depending on the version of RHEL you are using.
  Important: You must run the entire wget command on a single line. Be sure you include the | sh at the end, or the RPM installation will not work.
  For RHEL 5:
```
prompt# wget -q -O - http://repo.vmware.com/pub/rhel5/vfabric/5.2/vfabric-5.2-suite-installer | sh
```
  For RHEL 6:
```
prompt# wget -q -O - http://repo.vmware.com/pub/rhel6/vfabric/5.2/vfabric-5.2-suite-installer | sh
```
  The command performs the following tasks:
  - Imports the vFabric GNU Privacy Guard (GPG) key.
  - Installs the vFabric 5.2 repository RPM.
  - Launches the VMware End User License Agreement (EULA) acceptance and repository configuration script.
  - Outputs the EULA for you to read; you must answer yes to accept the terms and continue.
- For vFabric Suite 5.1, use the following commands to install the vfabric-5.1-repo-5.1-1 RPM and optional vfabric-all-repo RPM. The URLs differ depending on the version of RHEL you are using.
  For RHEL 5:
```
prompt# rpm -Uvh http://repo.vmware.com/pub/rhel5/vfabric/5.1/vfabric-repo-5.1-1.noarch.rpm
prompt# rpm -Uvh http://repo.vmware.com/pub/rhel5/vfabric-all/vfabric-all-repo-1-1.noarch.rpm
```
  For RHEL 6:
```
prompt# rpm -Uvh http://repo.vmware.com/pub/rhel6/vfabric/5.1/vfabric-repo-5.1-1.noarch.rpm
prompt# rpm -Uvh http://repo.vmware.com/pub/rhel6/vfabric-all/vfabric-all-repo-1-1.noarch.rpm
```
If necessary, use sudo to run the preceding commands if you are not logged in as the root user.

Use the yum search vfabric command to view the list of vFabric components that you can install from the VMware repository, as in the following example. Note the names of the vFabric tc Server, Insight Dashboard, and Insight Agent RPMs.

prompt# yum search vfabric
...
======================================== Matched: vfabric =========================================
vfabric-eula.noarch : VMware vFabric 5.1 End User License Agreement
vfabric-gemfire.noarch : VMware vFabric GemFire
vfabric-hyperic-agent.noarch : VMware vFabric Hyperic Agent
vfabric-hyperic-server.x86_64 : VMware vFabric Hyperic Server
vfabric-insight-agent.noarch : com.springsource.insight.dist.vfabric:agent-rpm
vfabric-insight-dashboard.noarch : com.springsource.insight.dist.vfabric:dashboard-rpm
vfabric-rabbitmq-java-client-bin.noarch : The RabbitMQ Java Client Library
vfabric-rabbitmq-server.x86_64 : The RabbitMQ server
vfabric-sqlfire.noarch : VMware vFabric SQLFire
vfabric-tc-server-standard.noarch : VMware vFabric tc Server Standard
vfabric-web-server.x86_64 : VMware vFabric Web Server

Install Insight Dashboard Template

Log in as the root user (or as another user with sudo privileges) to the RHEL VM (which already has tc Server Standard installed) where you are going to install Insight Operations.
Start a terminal.
Use the yum to install the dashboard RPM
```
prompt# yum install vfabric-insight-dashboard
```
yum will install the insight-dashboard template in the /opt/vmware/vfabric-tc-server-standard-version/templates directory.
Enter y at the prompt to begin the installation.
If you have not already accepted the VMware license terms you are prompted to, and must do so to continue.
A Complete! message appears when the installation is complete.

Next Step

Create and Start Dashboard

In this step you use create a tc Server instance using the insight-dashboard template. The instance you create has the dashboard application pre-deployed, and contains a downloadable agent installer.

On the machine where you installed the insight-dashboard template:

In a terminal window, change to the tc Server home directory. For example:
/opt/vmware/vfabric-tc-server-standard-2.7.0.RELEASE/
Create a tc Server instance with tcruntime-instance.sh or tcruntime-instance.bat, using the insight-dashboard template. For example, to create an instance named "myDashboard" on a Unix system, enter the following command:
```
./tcruntime-instance.sh create myDashboard -t insight-dashboard
```
(For information about thetcruntime-instance command and supported command options, see the tcruntime-ctl Command Reference section in Getting Started with tc Server. )
Start the Spring Insight Dashboard instance with the tcruntime-ctl.sh or tcruntime-ctl.bat command.
- On Unix systems:
```
./tcruntime-ctl.sh myDashboard start
```
- On a Windows system, install a Windows Service for the instance before you start it the first time. (After that, you can control the service from the Windows services control panel.) Enter these commands to install and start the service:
```
tcruntime-ctl.bat myDashboard install
```
```
tcruntime-ctl.bat myDashboard start
```
(For information about thetcruntime-ctl command and supported command options, see the tcruntime-ctl Command Reference section in Getting Started with tc Server. )
Open the Insight Dashboard user interface in a web browser at http://myDashboardServer:8080/insight.
Log in using one of the preconfigured user accounts with a username-password combination listed in the following table. (Users with the insight_admin role can use dashboard administrative functions and support tools.)
Table 1. Insight Dashboard Login Information
Role User Name Password
insight_admin admin insight
insight spring insight

Role	User Name	Password
insight_admin	`admin`	`insight`
insight	`spring`	`insight`

Once you complete this step you can proceed with the steps in Install and Configure Insight Agent. You can set up agent and dashboard accounts whenever you want. However, you are going to use SSL for dashboard-agent communication, it is best to complete the steps in Configure SSL for Dashboard before installing the Insight Agent.

To complete basic Dashboard configuration perform the following steps:

For other Dashboard configuration options, see Configuration Quick Reference.

Configure Agent Accounts

When an Insight Agent connects to the Insight Dashboard, it supplies a username and password that must match an account defined in the dashboard's insight.properties file. When you create the dashboard instance using the vfabric-insight-dashboard template, default credentials are defined for agents to use to connect to the dashboard. Multiple agents can use the same username and password, or you can define multiple agent accounts—useful for controlling agent access to the Dashboard at a more granular level.

A username and password combination are defined by this property definition in the dashboard's properties file.

agent.auth.login: password

where:

login is the username.
password is the password.

The default agent username and password are "agent" and "insight" respectively, specified by this property definition:

agent.auth.agent: insight

Change the values of "agent" and "insight" as desired to update the username and password.

Add additional definitions of the same form to define other logins that Agents can use to connect to the Dashboard.

Configure User Accounts in Insight

This section has instructions for configuring user accounts within Insight.

(For instructions on setting up users in LDAP, see Configure Users in LDAP.)

The Spring Insight Operations Dashboard by default uses the CATALINA_HOME/conf/tomcat.users file to authenticate users. Users can be regular users (insight role) or administrators (insight_admin role). The insight_admin role is required to perform some operations on the Administration page.

You should secure your Spring Insight Operations installation by changing the default users and passwords.

Edit the CATALINA_HOME/conf/tomcat.users file. This is the initial content of the file:

<?xml version="1.0"?>
<tomcat-users>
    <role rolename="insight"/>
    <role rolename="insight_admin"/>
    <user password="insight"
          roles="insight"
          username="spring"/>
    <user password="insight"
          roles="insight,insight_admin"
          username="admin"/>
</tomcat-users>

Edit or add <user> elements for the users you wish to authenticate, setting the password, roles, and username attributes for each user. Include the insight role for all users and add the insight_admin role for users who should have administrator capabilities.
After saving changes to tomcat.users, restart the Spring Insight Operations Dashboard, using the tcruntime-ctl restart command.

Configure Users in LDAP

If you use LDAP, you can use it to authenticate users logging in to the Insight Dashboard. The examples shown in the procedure below are for OpenLDAP.

Copy the insight-dashboard-security-ldap-1.8.x.RELEASE.jar and insight-plugin-dashboard-security-ldap.xml files from the extras/ldap directory to the insight/dashboard-plugins/plugin-config/ directory of your Dashboard tc Runtime instance.
For example, enter the following commands, each on a single line without line breaks:
```
prompt$ cd /opt/vmware/vfabric-tc-server-standard-2.7.0.RELEASE/myDashboard
prompt$ cp extras/ldap/* insight/dashboard-plugins
```
Remove the default security-tcserver.jar.
```
prompt$ rm insight/dashboard-plugins/insight-dashboard-security-tcserver-1.8.x.RELEASE.jar
```
Note
The dashboard-plugins directory may contain either security-tcserve.jar or security-ldap.jar, but not both.

In insight/dashboard-plugins/plugin-config/insight-plugin-dashboard-security-ldap.xml, modify bean contextSource to point to your own LDAP server.

<bean id="contextSource" 
      class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://myOpenLDAPServer:389/dc=springsource,dc=com"/>
  <property name="userDn" value="cn=Manager,dc=springsource,dc=com"/>
  <property name="password" value="secret"/>
</bean>

Add userDN and password properties that the Directory Manager or other user will use to connect to the LDAP server.

Note

If the LDAP server allows anonymous access, you do not need to add userDN and password properties.

<bean id="contextSource" 
      class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <constructor-arg value="ldap://myOpenLDAPServer:389/dc=springsource,dc=com"/>
  <property name="userDn" value="cn=Manager,dc=springsource,dc=com"/>
  <property name="password" value="secret"/>
</bean>

In the insightAuthenticationProvider bean, modify the userDnPatterns property to specify your User Base DN.
```
<property name="userDnPatterns">
         <list><value>cn={0},ou=Users,o=SpringInsight</value></list>
</property>
```

Modify the first <constructor-arg> element of the TransformingLdapAuthoritiesPopulator bean to point to your Group Base DN.

<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
  <constructor-arg ref="contextSource"/>
  <constructor-arg value="ou=Groups,o=SpringInsight"/>
  <property name="groupSearchFilter" value="(|(member={0})(member={1}))"/>
</bean>

Set up the two Insight roles by modifying the map element of the second <constructor-arg> element to specify the groups for regular Insight users (Operators) and Insight administrators (Administrators).
```
<map>
  <entry key="Operators" value="insight"/>
  <entry key="Administrators" value="insight_admin"/>
</map>
```

Configure SSL for Dashboard

This section has instructions for configuring Insight to use SSL for agent-dashboard communication. The process consists of creating the dashboard keystore and a self-signed SSL certificate, and setting appropriate Java system properties to specify the location and password of the keystore file. There is a good reason for configuring a keystore for the Dashboard prior to downloading the Insight Agent installer --- the installer will configure SSL for the agent, based on the dashboard's SSL configuration.

Note

If you have a user-managed keystore and certificate for the dashboard that you prefer to use, skip this section and proceed with the instructions in Configure Keystore Usage.

If you prefer to use a CA-signed certificate rather than a self-signed certificate, purchase one from a CA such as VeriSign or Thawte. For help creating a Certificate Signing Request (CSR) and importing the signed certificate and trusted certificates into your keystore, see the documentation for keytool.

Complete the procedures in the sections before downloading the agent installer from the Dashboard, which will enable the agent installer to automatically create its keystore and certificate.

Configure SSL Connection

This section has instructions for configuring SSL for the dashboard's JMS connection.

Edit CATALINA_BASE/insight/insight.properties and change the dashboard.jms.connect.uri property to use the SSL scheme.

dashboard.jms.connect.uri: ssl://dashboardHost:20234

Create Keystore and Certificate

Perform these steps to create a keystore and self-signed SSL certificate for the dashboard.

The following procedure uses the keytool utility included with the Sun JDK to create a self-signed certificates and keystore. You can use another tool, such as OpenSSL. See the documentation for your tools for the correct commands to use in the following procedure.

Change to the directory where you want to create the keystore, for example CATALINA_BASE/conf.
If you do not already have a keystore file, create one with the following command:
```
prompt$ keytool -genkey -alias dashboard -keyalg RSA -keystore dashboard.keystore
```
Enter the requested information at the prompts.
This information is encoded into the certificate the command creates. Make a note of the key password for use in later commands.
The command creates the file dashboard.keystore containing one entry with the alias dashboard.

Export the dashboard certificate.

prompt$ keytool -export -alias dashboard -keystore dashboard.keystore -file dashboard_cert

At the prompt, enter the keystore password.
The file dashboard_cert is created in the current directory.

To enable the changes, restart the tc Runtime instance.

Configure Keystore Usage

This section has instructions for configuring SSL for the dashboard's JMS connection, and the location of the Dashboard keystore with its self-signed certificate.

Set the Java system properties to specify the location of the dashboard.keystore file and the keystore password.
It is easiest to do this in the CATALINA_BASE/bin/setenv.sh script. Edit the setenv.sh script and add these lines above the JAVA_OPTS=... line.
```
SSL_KEYSTORE="/full/path/to/dashboard.keystore" # e.g. "$CATALINA_BASE/conf/dashboard.keystore"
SSL_KEYSTORE_PW="keystore_password"
SSL_OPTS="-Djavax.net.ssl.keystore=$SSL_KEYSTORE -Djavax.net.ssl.keystorePassword=$SSL_KEYSTORE_PW"
```

Add the SSL_OPTS environment variable to the JAVA_OPTS variable.

JAVA_OPTS="$JVM_OPTS $AGENT_PATHS $JAVA_AGENTS $JAVA_LIBARARY_PATH $SSL_OPTS"

If the Dashboard keystore is user managed, configure the dashboard's keystore and trust store locations and passwords in each agent's properties file with dashboard.connect.keyStore, dashboard.connect.trustStore, dashboard.connect.keyStorePassword, and dashboard.connect.trustStorePassword. Restart each agent after editing its properties file.