ModelOp Center Pre-Install Utility

Pre-Install Utility Help

 

  Overview

The Pre-Install Utility (PIU) can be used to verify property configurations are available and correct prior to the main MOC install. Because it is difficult to verify settings inside the cluster the PIU runs inside the cluster and allows the user to see the settings and health of the systems indirectly.

  Getting the Pre-Install Utility

Using Helm

The PIU is integrated into the MOC Helm install. You can simply enable the pre-install service and the tool will be deployed so you can check important services as part of the install process.

PIU by default uses a SCCS (Spring Could Config Server) and is automatically configured if you enable the sccs service (the most common configuration). You can also reference a config server or file outside MOC if needed.

Make sure you enable both the pre-install and sccs service in values.yaml or (starter yaml file)

Make sure to remove (or leave commented out) core in the values.yaml file, as pre-install may not be enabled at the same time as core in the service list.

In the case where you do need to override properties or specify file(s) use the following parameters inside your helm pre-install.yaml template:

... spec: containers: - env: # This is an example of overrideing the mongo uri - name: modelop.mongodb-uri value: mongodb://modelop:modelop1234@mocaasin-prime.cluster-ccnbmpfpbzjf.us-east-2.docdb.amazonaws.com:27017/test?ssl=true&retryWrites=false # This is an example of overrideing the jira url - name: modelop.jira-url value: http://jira.qa.octopus.modelop.center # This is an example of specifing the config location file # see https://docs.spring.io/spring-boot/docs/1.4.1.RELEASE/reference/html/boot-features-external-config.html - name: spring.config.location value: classpath:/default.properties,classpath:/override.properties

Service Visibility

By default the service is not visible (set to ClusterIP) so you either need to use port forwarding on the machine where you run your web browser or rest calls:

kubectl port-forward [Pod Name] 2888

… or mark the service as LoadBalancer as shown below:

moc: ... services: ... pre-install: serviceType: LoadBalancer

Using Docker

You can run PIU from docker using the commands below:

You can also override properties and parameters like as done in Helm, be sure to use the command line format (uppercase and separated by underscore character). To specify a SCCS server, for example, you would use the following command (Note you will need a server running on port 8097):

or point override a specific property:

  Pre-Install Utility Interface

Once running, you have two options to interact with PIU. Web interface and command line.

To view the interface simply go to the URL http://localhost:2888. From here you can check that property settings from the system are being found using the Properties links and then validate the setting using the Health links

 

The interface has the ability to check for property values specified by the user under the properties page. Under the Health page you can specify a URL to test for a valid connection relative to the PIU. Finally, the utility has the ability to verify the setup of an oauth provider for modelop services.

The commands available from the UI are also available from the command line, for example:

To get information about properties:

To get health information use:

Full API Details

Resource

Parameters

Example

Resource

Parameters

Example

/api/properties

(optional) properties list of property names to get. If none is specified the list from application.yaml is used.

http://localhost:2888/api/properties

/api/health

(required) name of the system to check health
(required) category grouping used to check health
If neither of these parameters is specified the list from application.yaml is used

http://localhost:2888/api/health

/api/health/url

(required) name or label used
(required) url used for connection
(optional) user to use for the connection
(optional) password to use for the connection

http://localhost:2888/api/health/url?url=_URL

/api/oauth

(optional) name of the oauth grant to check (for example: oauthcli). If none is specified, retrieves the full list.

http://localhost:2888/api/oauth or http://localhost:2888/api/oauth?name=oauthinternal

 

  Options for updating properties

You can not directly update properties from the Pre-Install Utility, it is only for verifying that settings are valid. However you do have options to fix configuration issues:

  1. The preferred method is to modify the environment variables of the system directly through the preinstall tool’s Environment Variables page. If you are using SCCS, you will likely need to set spring.cloud.config.overrideSystemProperties to false using one of the other options, in order to ensure that the PIU is able to correctly update its internal state from this page.

  2. Ensure PIU is pointed to the correct SCCS (Spring Cloud Config) server in the helm configuration values.yaml file. A SCCS server is required for install so this is the best practice, however you use PIU without SCCS as noted under the Docker section above.

  3. Update properties themselves directly. PIU will refresh properties internally when you update your browser page.

  4. In addition (and while using options 2 or 3), you can override properties using Helm or Docker Desktop (as shown above). This is helpful if you want to override some parameters without changes to property files. You can also specify override the location for file locations themselves.

Using a parameters example (also see sections under Helm and Docker):

# For example overriding a specific property 'modelop.zipkin-url' with url value

Note: If you already have a SCCS server or are using the one provided by ModelOp then you only use the SCCS client (option 2 above)

 

  Advanced Options

Other options available

  1. How do i disable / enable read write validation?

  1. How do I filter some checks completely from the view

You can also update the properties PIU scans for:

  1. How do I run the PIU in headless mode?

If you want to run the PIU in headless mode, it can be done so by adding the headless profile to the active spring profiles.

Config Options

Test

Config

Example Values

Description

Test

Config

Example Values

Description

Url Health Indicators

moc.preinstall.urlHealthIndicators

Add simple URLs to test if the address is visible from the PIU.

Camunda Database Health Indicator

spring.datasource

Test a Camunda database for connectivity.

Certificates Health Indicator

moc.preinstall.certsFileLocation

moc.preinstall.certsPassword

moc.preinstall.certsImportLogFile

Properties for locating, and viewing certs available to MOC through helm installation.

Git Health Indicator

model-manage.git.storedCredentials

Check if model-manager will have correct Git access.

Jira Attachment Health Indicator

moc.preinstall.jiraProjectKey

moc.preinstall.jiraIssueType

Uses Jira credentials from URL Health indicators, and the additional config to create a ticket with an attachment to ensure attachments are enabled.

MongoDb Health Indicator

modelop.mongodb-uri

Test if a Mongo database URI is available from the PIU.

S3 Health Indicator

external-file-repo-config.s3:

Test if s3 buckets are able to be connected to from the PIU.

Spring Cloud Config Server Health Indicator

spring.cloud.config

spring.application.profiles.active

Test if the PIU tool can connect and retrieve SCCS config.

Properties Health Indicator

moc.preinstall.includedProperties

A list of SCCS properties to check if values exist for.

Oauth Health Indicators

moc.preinstall.oauth2.includeProxy

moc.preinstall.oauth2.issuer-uri

moc.preinstall.oauth2.authorization-uri

moc.preinstall.oauth2.token-uri

moc.preinstall.oauth2.user-info-uri

moc.preinstall.oauth2.jwks-uri moc.preinstall.oauth2.introspection-uri

moc.preinstall.oauth2.redirect-uri

moc.preinstall.oauth2.internal-client-id

moc.preinstall.oauth2.internal-client-secret

moc.preinstall.oauth2.internal-scope

moc.preinstall.oauth2.internalClaims.claim

moc.preinstall.oauth2.cli-client-id

moc.preinstall.oauth2.cli-client-secret

moc.preinstall.oauth2.cli-scope

moc.preinstall.oauth2.cliClaims.claim moc.preinstall.oauth2.gateway-client-id

moc.preinstall.oauth2.gateway-client-secret

moc.preinstall.oauth2.gateway-scope

moc.preinstall.oauth2.gatewayClaims.claim

moc.preinstall.oauth2.username

moc.preinstall.oauth2.password

Check several Oauth claims and calls. These values should be primarily filled in via references to the values intended to be used to populate MOC. See Supported OAuth 2.0 Identity Providers for more info.

moc.preinstall.checkWriteAccess

true, false

Check whether write access is accepted for Camunda and Mongo databases.

moc.preinstall.performanceTest

true, false

Do a small performance test in the Camunda database to see gain a small amount of insight into performance for read write operations.

moc.preinstall.latencyChecks

true, false

Repeat checks 10 times and average them to gain a small amount of insight into the latency of certain connections to PIU.

moc.preinstall.includedHealthChecks:

required

optional

exclusive

Set which checks PIU should have enabled. Note: its recommended to have Jira attachment as its own category in the exclusive category so its not run with all health tests in general.

spring.cloud.config.overrideSystemProperties

true, false

This setting set to false, enables the system to not be overrode by spring config. This allows for immediate testing of values via changing the environment variables in the jvm.

 

moc.preinstall.headlessCerts

true, false

Disable or enable cert printing in headless mode.

Â