Before Installing Foglight
Installing Foglight
Preparing to install
Installing a new version of the Management Server
Running the Management Server
Step 1: Introduction
Installed directories
Foglight settings
Step 1: Introduction
Step 2: Transaction Product Agreement
Step 3: Select installation type
Step 4: Choose installation folder
Step 5: Choose link location
Step 6: Pre-installation summary
Step 7: Installing Foglight
Step 8: Foglight administrator password
Step 9: Foglight mode
Step 10: Foglight repository database type
Step 11: Foglight ports configuration
Step 12: Add Foglight license file
Step : Add Foglight to system service
Step 14: Foglight server startup
Step 15: Install complete
Foglight Server Startup page
Next steps
External MySQL database access for remote users
Embedded Agent Manager
Editing the server.config file
Enabling High Availability mode after installation
Changing external database credentials
Setting up an encrypted database connection with SSL
Setting up an encrypted LDAP connection with SSL
Using encryption when sending email from Foglight
Configuring ports
Configuring the cluster multicast port used in High Availability mode
Setting up Foglight server federation
Setting the SQL Parser properties
Setting memory parameters for the server
Adding command-line options
Binding the Management Server to an IP address
Configuring Foglight to use stronger encryption
Configuring Foglight to use the HTTPS port
Setting the length of Foglight sessions
HP patch checking tool
Uninstalling Foglight
Upgrading the Management Server
Installing Foglight FAQ
Manual database configuration
Installing and Upgrading Cartridges
Installing Agents
Option 1 - Run the Foglight database tool to configure the database
Option 2 - Run SQL scripts to configure the database
Initializing and tuning the database
Starting and stopping the Management Server
Starting the Management Server
Stopping the Management Server
Starting and stopping the Management Server in High Availability mode
Logging in to Foglight
Migrating data from an existing database
Running the Management Server FAQ
Configuring Foglight to use stronger encryption
|
2 |
Open the file <foglight_home>/config/server.config on the Management Server machine. |
|
3 |
Set the java system property foglight.credentials.enc.key.size to 256 (or higher): |
|
4 |
Configuring Foglight to use the HTTPS port
If you do not choose to install Foglight in Secure Server mode, you can edit server.config after installation and manually configure Foglight to restrict the Management Server to use the HTTPS port when accessing the browser interface.
You must have a signed, valid certificate to use this HTTPS configuration. It is recommended that you obtain a valid certificate from a third party as outlined in Importing a network security certificate.
|
2 |
Open the file <foglight_home>/config/server.config on the Management Server machine. |
|
3 |
server.console.httpsonly = "true";
|
4 |
|
5 |
|
7 |
Launch the Foglight browser interface using the appropriate HTTPS URL (https://<hostname>:<https_port>) to ensure that the Management Server can be accessed using HTTPS. |
Importing a network security certificate
<foglight_home>/jre/bin/keytool
There are two keystores that Foglight uses:
|
• |
The built-in Tomcat™ keystore located at: <foglight_home>/config/tomcat.keystore (default password: nitrogen) |
|
• |
The Management Server keystore located at: <foglight_home>/jre/lib/security/cacerts (default password: changeit) |
|
1 |
Back up the existing tomcat key using the following command: |
|
2 |
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
|
3 |
Create a new key under the tomcat alias using the following command: |
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity <number of days> -keyalg RSA -keysize 2048 -dname "CN=<your_fmsserver_dns_name>, OU=<your_organizational unit_name>, O=<your_organization_name>, L=<your_city_name>, ST=<your_state_name>, C=<your_two-letter_country_code>" -ext SAN=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip>
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -certreq -ext san=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip> -file <your_request_file.csr>
|
5 |
Once you have the certificate signed, import it back to the tomcat.keystore using the following command: |
<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -trustcacerts -import -file <your_converted_cerificate>
You will get a prompted message similar to the following:... is not trusted. Install reply anyway? [no]:
Type yes to install the new certificate.
Importing a PKCS #12 (pfx) format certificate
|
NOTE: This certificate must be provided in the PKCS #12 (pfx) format. If the certificate and private key are saved in separate files, run the following command to merge them to the PKCS12 format: openssl pkcs12 -export -in <certfile> -inkey <keyfile> -out <keystorefile> -name tomcat -CAfile <cacertfile> -caname root |
|
1 |
Delete the existing tomcat certificate from the tomcat.keystore directory using the following command: |
|
4 |
On the Management Server, open the <foglight_home>/server/tomcat/server.xml file for editing. |
|
5 |
In the server.xml file, locate the following Connector element and add keyPass and keyAlias parameters at the end: |