Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 2 TIBCO Hawk Component Configurations : Hawk Console Configurations

Hawk Console Configurations
All the required configuration parameters for Hawk Console are stored in the hawkconsole.cfg configuration file located at HAWK_HOME/bin.
For more information about the configurations that you can perform in Hawk Console, see the following topics:
Domain and Transport Configuration for Hawk Console
You can register a Hawk domain to the Hawk Console and specify the transport type for the communication. You can either use web interface of Hawk Console or configure the domain and transport configuration file (DomainTransportConfig.yml).
For information about how to register a domain to Hawk Console using the web interface, see TIBCO Hawk Console User’s Guide.
Domain Registration by Using Configuration File
The domain and transport configuration file (DomainTransportConfig.yml) for Hawk Console contains the parameters to connect to regular and proxy domains.
For more information about proxy domains, see TIBCO Hawk Concepts Guide.
You can specify the location of the DomainTransportConfig.yml file by using the -domain_config_file option in the Hawk Console configuration file (hawkconsole.cfg). For details on options present in the hawkconsole.cfg file, see Table 13, Hawk Console Configuration Options.
In the DomainTransportConfig.yml file you can specify the following elements for the connection:
domainConfiguration - The parent tag for the domain and transport configurations for Hawk Console.
proxy - For details about fields for the proxy domain type, see Table 11, Configuration Fields in DomainTransportConfig.yml for Proxy Domain Type
domainName - Name of the domain that is to be registered.
The following figure shows the hierarchy of the tags that can be defined in the DomainTransportConfig.yml file.
Figure 1 Hawk Console Domain and Transport Configuration Hierarchy
 
Domain and Transport Configuration Parameters
 
tibtcp - TCP Transport for TIBCO Hawk
tibrv - TIBCO Rendezvous Transport
tibems - TIBCO Enterprise Message Service (EMS) Transport
<self IP>:<self port>
<cluster manager IP>:<cluster manager port>
The default value is TLS_RSA_WITH_AES_128_CBC_SHA.
j2se (default) - Use this option when you want to use the default Java Cryptography Extension (JCE) bundled with the Java JRE.
entrust61 - Use this option when you want to use the Entrust libraries.
ibm - On non-IBM platforms, this option can be used only if the IBM version of JCE is installed.
 
<domain IP>:<domain port>
<user name>:<encrypted password>
Specify the value as true for connecting to the domain using a secure channel. The default value is true.
Example
For example, the following is a sample code of the DomainTransportConfig.yml file for a non-secure connection to the default domain using TCP Transport for TIBCO Hawk.

 
domainConfiguration:
regular:
- domainName: default
transport: tibtcp
tcpSelfUrl: localhost:2581
tcpDaemonUrl: localhost:2561
tcpsecurityPolicy: ' '

 
User Authentication in Hawk Console
Hawk Console supports user authentication based on a file, a database, and LDAP-based authentications. You can set the authentication mode by using the Hawk Console configuration file (hawkconsole.cfg).
File-Based Authentication
For the file-based authentication, the user details are stored in the hawkconsole-user.cfg file. By default, the configuration file is located at <CONFIG_HOME>/bin. If required, you can configure its location by using the -user_file_store option in the hawkconsole.cfg file.
The syntax for a user entry in the hawkconsole-user.cfg file is:
<user_name>:<encrypted_password>
For example,
admin:#####***###
You can use the tibhawkpassword utility at <HAWK_HOME>/bin to encrypt the password.
For more details on user authentication properties, see Table 13, Hawk Console Configuration Options.
Database-Based Authentication
In the database based authentication, the user names and passwords are stored in the database. Hawk Console supports both in memory database and external database to store authentication details. For more information about configuring an external database in Hawk Console, see Configuring an External Database
Adding a new user in the external database
You can add a new user in the external database using the following steps:
1.
For example:
insert into users (name, password, email, role_id) values('new_user', '#!SXcfN3U19IiH/Eai55LWvV4XNKV/eQIDfri6+J+rho4=', 'newUser@xyz.com',1);
2.
Create a mapping in the table user_privilege_mapping.
For example:
insert into user_privilege_mapping (user_id, privilege_id) values((select id from users where name = 'new_user'), 1);
LDAP-Based Authentication
For the LDAP-based authentication, the user details are stored in the hawkconsole.cfg file. By default, the configuration file is located at <CONFIG_HOME>/bin.
For selecting LDAP as the user store, modify the hawkconsole.cfg file as follows:
1.
Under -M UserAuth, specify LDAP as the user store type:
-user_store_type ldap
2.
Under -user_store_type ldap, specify the LDAP-based user authentication properties.
For more details about user authentication properties that can be specified, see Table 13, Hawk Console Configuration Options.
Secure Communication over Hawk Console
You can access Hawk Console over a secure channel by using SSL or TLS security protocols.
To enable the secure communication, uncomment and configure the following fields in the Hawk Console configuration file (hawkconsole.cfg):
For more details on these properties, see Table 13, Hawk Console Configuration Options.
Configuring an External Database
Hawk alerts can be persisted by configuring an external database to store the alerts. If Hawk Console is restarted then also you can view the previous alerts since when the Hawk Agent is active. Following databases are supported in this release:
Prerequisites:
Add the appropriate .jar file of the JDBC Driver classes, from the database vendor, to the folder HAWK_HOME/<version>/lib/ext/console-ext.
Procedure:
To configure the external database, uncomment and configure the following fields in the Hawk Console configuration file (hawkconsole.cfg). By default the configuration file is located at <CONFIG_HOME>/bin.
For more details on these properties, see Table 13, Hawk Console Configuration Options.
Hawk Console Modules and Configuration Options
Each section in this configuration file (HAWK_HOME/bin/hawkconsole.cfg) begins with “-M” followed by the module name, such as –M Self. Within each modular section, all the command-line options that can be configured are listed. These options are as follows:
-domain_config_file <domain config file path>
-server_port <port number>
-key_alias <key alias>
-key_password <encrypted key password>
-key_store <key store file path>
-key_store_password <key store password>
-protocol <security protocol>
-ciphers <cipher name>
-datasource_url <Datasource URL>
-datasource_drivername <JDBC driver name>
-datasource_username <Database user name>
-datasource_password <Database password>
-datasource_connection_pool_initial_size <Initial number of database connections to be allocated>
-datasource_connection_pool_max_idle <Maximum number of idle database connections allowed>
-datasource_connection_pool_max_active <Maximum number of active database connections allowed>
-retention_count_for_notification <Alert limit for Notification. Default is 100000.>
-retention_count_for_high_alerts <Alert limit for High Alerts. Default is 100000.>
-retention_count_for_medium_alerts <Alert limit for Medium Alerts. Default is 100000.>
-retention_count_for_low_alerts <Alert limit for Low Alerts. Default is 100000.>
-repository_path "CONFIG_HOME/hawk/repository"
-alert_manager_activity_interval <time interval in milliseconds>
-log_dir <directory to store TIBCO Hawk logs>
-log_max_size <maximum size of log file>
-log_max_num <maximum number of log files>
-log_level <required trace level for logs>
-log_format <log format>
-user_file_store <path of file store>
Each of the parameters listed above are explained in more detail, in the following table.
CONFIG_FOLDER/bin/DomainTransportConfig.yml
4 - Indicates error level trace messages should be enabled.
6- Indicates warning level trace messages should be enabled.
7 - Indicates information level trace messages should be enabled.
8 - Indicates debug level trace messages should be enabled.
16 - Indicates AMI level trace messages should be enabled.
A value of -1 turns all tracing on.
database - In the database based configuration, the user names and passwords are stored in the database.
file - In the file based configuration, the user names and passwords are stored in a file in the disk. Specify the location of the user authentication file in the -user_file_store property.
ldap - In the ldap based configuration, the user names and passwords are validated with a LDAP directory server.
CONFIG_FOLDER/bin/hawkconsole-users.cfg
If -user_store_type is file, specify the path of the file which stores user details for authentication.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved