TIBCO Spotfire® Server and Environment - Installation and Administration

Automatically trusting new nodes

To speed up the process of adding nodes to your Spotfire implementation, you can configure the system so that all new nodes are automatically trusted by Spotfire Server, or you can limit the automatic trust to specific nodes. In combination with the automatic process for installing services and instances, administrators of large Spotfire implementations in private sub-nets can quickly scale up their system as needed.

Before you begin

  • Spotfire Server is installed and running.
  • In the firewall of the computer(s) on which you are installing the node manager, open the ports that will be used for the node manager and the services.

Procedure

  1. Open a command line and export the active server configuration (the configuration.xml file) by using the export-config command; for additional information, see Executing commands on the command line.
  2. On the command line, enter the following command: 
    config set-config-prop --name=security.trust.auto-trust.enabled --value=true
    This sets up automatic trust for all new nodes in the Spotfire implementation.
  3. Optional: If you want to limit automatic trust to certain nodes, do one of the following:
    • To allow one specific node to be automatically trusted, enter one of the following commands: 
      • config set-config-prop --name=security.trust.auto-trust.allowed-hosts-config.allowed-hosts.allowed-host --value=example.com
        where example.com is the hostname of the node that will be automatically trusted. 
      • config set-config-prop --name=security.trust.auto-trust.allowed-hosts-config.allowed-ip-regexps.allowed-ip-regexp --value=203\.0\.113\.1
        where 203\.0\.113\.1 is a regular expression for the IP address of the node that will be trusted.
    • To allow several specific nodes to be automatically trusted, do the following:
      1. Open the configuration.xml file in an XML editor or a text editor and locate the <auto-trust> section.
      2. Enter an edited version of the following code under <enabled>true</enabled>: 
        <allowed-hosts-config>
            <allowed-hosts>
              <allowed-host>host1.example.com</allowed-host>
              <allowed-host>host2.example.com</allowed-host>
            </allowed-hosts>
            <allowed-ip-regexps>
              <allowed-ip>203\.0\.113\.1</allowed-ip>
              <allowed-ip>203\.0\.113\.2</allowed-ip>
            </allowed-ip-regexps>
    </allowed-hosts-config>
        where hostn.example.com is the hostname of a node that will be trusted, and 203\.0\.113\.n is a regular expression for the IP address of a node that will be trusted. These lines can be repeated as often as necessary.
        Note: You can also specify a range of regular expressions. The following example allows any IP address between 203.0.113.0 and 203.0.113.255: 
        203\.0\.113\.\d{1,3}
      3. Save and close the configuration file.
  4. Import the configuration file back to the Spotfire database by using the import-config command.
  5. Restart the Spotfire Server service.

Results

When a new node that is enabled for auto-trust comes online and requests authorization from Spotfire Server, the server trusts the node automatically.
Copyright © Cloud Software Group, Inc. All rights reserved.