Foglight 5.9.1 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

If you do not choose to install Foglight in Secure Server mode, you can edit server.config after installation and manually configure Foglight to restrict the Management Server to use the HTTPS port when accessing the browser interface.

You must have a signed, valid certificate to use this HTTPS configuration. It is recommended that you obtain a valid certificate from a third party as outlined in Importing a network security certificate.

To configure the Management Server to use the HTTPS port:

Stop the Management Server.

Open the file <foglight_home>/config/server.config on the Management Server machine.

Set the parameter server.console.httpsonly to true:

server.console.httpsonly = "true";

Save the server.config file.

Import the signed certificate into the Foglight keystore. See Importing a network security certificate for instructions.

Restart the Management Server.

Launch the Foglight browser interface using the appropriate HTTPS URL (https://<hostname>:<https_port>) to ensure that the Management Server can be accessed using HTTPS.


	NOTE: The Foglight Management Server uses the HTTP port for local access even if you are accessing the browser interface through an HTTPS connection. If that is the case, both ports are open: the HTTPS port for external requests coming from the browser interface and the HTTP port for local requests. For example, the reporting service accesses the Foglight Management Server through the HTTP port while external requests use HTTPS. You must configure your firewall or network security applications to allow both ports to remain open.

Importing a network security certificate

In order to set up the Foglight Management Server to use HTTPS, you must generate a key pair (security certificate) into the Foglight keystore. This security certificate allows the server to communicate through the HTTPS protocol. Delete the existing certificate shipped with Foglight before generating a new key pair. Use the keytool utility shipped with Foglight to create, import, and export certificates. This utility can be found at:

<foglight_home>/jre/bin/keytool

There are two keystores that Foglight uses:

•

The built-in Tomcat™ keystore located at:
<foglight_home>/config/tomcat.keystore (default password: nitrogen)

•

The Management Server keystore located at:
<foglight_home>/jre/lib/security/cacerts (default password: changeit)

To import a certificate:

Back up the existing tomcat key using the following command:

cp tomcat.keystore <your_backup_key>

Delete the existing tomcat key from the tomcat.keystore directory using the following command:

<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete

Create a new key under the tomcat alias using the following command:

<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity <number of days> -keyalg RSA -keysize 2048 -dname "CN=<your_fmsserver_dns_name>, OU=<your_organizational unit_name>, O=<your_organization_name>, L=<your_city_name>, ST=<your_state_name>, C=<your_two-letter_country_code>" -ext SAN=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip>

Generate a Certificate Signing Request (CSR) using the following command:

<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -certreq -ext san=dns:<your_fmsserver_dns_name>,ip:<your_fmsserver_ip> -file <your_request_file.csr>

This file must be signed by Certification Authority (CA).

Once you have the certificate signed, import it back to the tomcat.keystore using the following command:

<foglight_home>/jre/bin/keytool<foglight_home>/config/tomcat.keystore-keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity <number of days> -trustcacerts -import -file <your_converted_cerificate>

You will get a prompted message similar to the following:... is not trusted. Install reply anyway? [no]:

Type yes to install the new certificate.

The following is an example of commands for importing a certificate.

cd <foglight_home>/config
cp tomcat.keystore tomcat.keystore.backup
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -delete
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -genkeypair -alias tomcat -validity 730 -keyalg RSA -keysize 2048 -dname "CN=fms.quest.com, OU=Foglight, O=Quest, L=Aliso Viejo, ST=CA, C=US" -ext SAN=dns:fms.quest.com,ip:192.168.1.1
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity 730 -certreq -ext san=dns:fms.quest.com,ip:192.168.1.1 -file san.p7b
<foglight_home>/jre/bin/keytool -keystore tomcat.keystore -storepass nitrogen -alias tomcat -validity 730 -trustcacerts -import -file san.p7b

Setting the length of Foglight sessions


	NOTE: This section applies only to Foglight for Virtualization, Enterprise Edition.

You can configure the length of inactive Foglight browser interface sessions by changing the value of the parameter server.console.session.timeout. This parameter controls the length of time that Foglight waits before automatically logging you out of an idle browser interface session.

To change the Foglight session time-out setting:

Stop the Management Server.Open the file <foglight_home>\config\server.config on the Management Server machine. Set the parameter server.console.session.timeout to the desired value in minutes.

The default value is 60 minutes. If you set the value to less than or equal to 0, or greater than 30000000, Foglight never logs you out of the browser interface, regardless of how long the session has been inactive.

For example, to increase the time-out to 2 hours (120 minutes), you would set this parameter as follows:

server.console.session.timeout = "120";

Save the server.config file.

Restart the Management Server.

Uninstalling Foglight

You can uninstall Foglight using the uninstaller utility for your platform. The uninstaller can be found in <foglight_home>/UninstallerData.

The default mode for the uninstaller is the graphical user interface (GUI) mode. In cases where a graphics display is not available on UNIX® systems, the Foglight uninstaller can be run from the command line by using console mode or silent mode. Console mode is available only for Linux® and Solaris.

To uninstall Foglight:

Stop the Foglight Management Server. See Stopping the Management Server for instructions.

Navigate to the UninstallerData directory of your Foglight installation and run the Uninstall_Foglight shell script.

•

To launch the uninstaller in GUI mode, simply run the Uninstall_Foglight shell script.

•

Linux® and Solaris only: To launch the uninstaller in console mode, run the UninstallFoglight shell script using the following command:
./Uninstall_Foglight -i console

•

To launch the uninstaller in silent mode, run the Uninstall_Foglight shell script using the following command:
./Uninstall_Foglight -i silent -f installvariables.properties

After uninstallation, you can safely delete the <foglight_home> directory. It is recommended that you do so, since the uninstaller does not remove certain directories within <foglight_home>.


	NOTE: After uninstallation, you can also safely delete any Foglight shortcuts, regardless of their location.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Foglight 5.9.1 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

Configuring Foglight to use the HTTPS port

Importing a network security certificate

Setting the length of Foglight sessions

Uninstalling Foglight