====== Administration ======

===== Purpose =====

  * The Redpeaks cockpit administration menu allows to manage global application settings such as:
    * Databases connections and tenant definitions
    * Global settings and logs
    * Applying new updates

{{:common:icon_info.png}}
This section in accessible only for super admin user.

{{:products:cockpit:1.0:userguide:pasted:20210504-123158.png}}

===== Getting started =====

  * After installation, open the application in your browser
  * You will be prompted to set superadmin user name and password (if not already set)
  * Once you log in, you will be redirected to the superadmin menu.
  * You must then configure the following:
    * **In DB connectors:**
      * Primary configuration database: Holds application and tenants information
      * At least one tenant configuration database
      * At least one tenant metrics database
    * **In tenants:**
      * At least one tenant with a tenant admin user

Once done, you will be able to log into your first tenant and start configuring the monitoring.

{{:common:icon_warning.png}}
Don't use the same DB name for **Primary** database and **tenant** database


===== Administration sections =====
Find here below a description of the different sections :

^ Settings ^ Description ^
| **[[.:administration:dbconnectors|DB Connectors]]** | Configure connection parameters to the application databases |
| **[[.:administration:tenants|Tenants]]** | Configure tenants and tenant admin users |
| **[[.:administration:settings|Settings]]** | Configure main application settings |
| **[[.:administration:logs|Logs]]** | Download application logs |
| **[[.:administration:updates|Updates]]** | Manage application updates |
| **[[.:administration:collectorupdates|Collector updates]]** | Manage collector updates |
| **[[.:administration:superuser|Super user]]** | Manage super user properties |
| **[[.:administration:statistics|Statistics]]** | Check and investigate problems |

===== Security =====
  
==== Sensitive data ====

  * The configuration database contains sensitive data such as credentials, IP adresses, hostnames, etc...
  * Therefore you must pay attention to secure the accesses to the database and the backups
  * User credentials are encrypted
  * The communication with external parties such as collectors is done via SSL.

==== Certificates ====

  * Trusted certificates are located in ''[PROMONITOR_HOME]/certificates/.keystore''
  * Application certificate for HTTPS is located into the same file
  * You can install or rotate the application certificate by using the below command:
    * ''keytool -import -trustcacerts -keystore [PROMONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PROMONITOR_HOME]/certificates/[certificate.cer]''

**Generating a self signed certificate:**

  # Backup existing keystore
  cp /opt/Pro.Monitor-Cockpit/certificates/.keystore /opt/Pro.Monitor-Cockpit/certificates/.keystore.backup
  # Convert existing keystore to pkcs12
  keytool -importkeystore -srckeystore /opt/Pro.Monitor-Cockpit/certificates/.keystore -destkeystore /opt/Pro.Monitor-Cockpit/certificates/.keystore -deststoretype pkcs12 -srcstorepass agentilKeyStore
  # Generate private key and certificate : Use the actual server FQDN as Common Name in the formular.
  openssl genrsa  -out domain.key 2048
  openssl req -key domain.key -new -x509 -days 1800 -out domain.crt -addext "subjectAltName = DNS:HOSTNAME"
  # or with IP 
  openssl req -key domain.key -new -x509 -days 1800 -out domain.crt -addext "subjectAltName = IP:YOUR_IP"
  # Bundle the key and certificate together
  openssl pkcs12 -export -in domain.crt -inkey domain.key -name pro_monitor -out ks.p12
  # Replace existing certificate
  keytool -importkeystore -destkeystore /opt/Pro.Monitor-Cockpit/certificates/.keystore  -storepass agentilKeyStore -noprompt -alias pro_monitor -srckeystore ks.p12
  # Restart Redpeaks service




===== Maintenance =====

  The promonitor cockpit has been designed for a low maintenance, however, there are few aspects you need to pay attention


  * Remove old update files: The update files that you upload in the application are not removed automatically and will consume disk space

==== Database restore ====

  In case of major problem with the application, you might need to restore the database.

  * Stop promonitor-cockpit service
  * Start mysql server
  * Get the last backup files
  * Then for each backup file, run:
    * ''mysql -u root -p database_name < database_name.sql''

  * Restart promonitor-cockpit service

==== Reset tenant  ====

**Conditions:**
  * You can log in as superadmin, but you are not able to connect as a tenant user
  * Server log is showing serialization errors or SQL errors
  * Stopping and starting promonitor-cockpit service is not solving the problem

**Probable cause:** 
  * The tenant configuration is corrupted

**Resolution:**
  * stop promonitor-service
  * Use a mysql client and remove the last line of table ''tenant_configuration''
  * Depending on the timestamp of the line, you might remove several lines, up to a time you knew the configuration was working
  * Once done, start promonitor-service

==== Reset SuperAdmin password ====

=== Using JVM argument ===

  * Stop cockpit service: ''systemctl stop promonitor-cockpit''
  * Open the file **setenv.sh** located in the folder /Tomcat/bin/
  * At the end of the line that starts with **JAVA_OPTS** add **-DsuperAdminPassword** and the value you want, e.g.: '' -DsuperAdminPassword="NewPass" ''
  * Save the document
  * Restart service: ''systemctl start promonitor-cockpit''
  * Login as Superadmin with the password you set in the **setenv.sh**
  * On the menu go to **Super User** and change the password and save
  * Logout and stop the service: ''systemctl stop promonitor-cockpit''
  * Remove the **-DsuperAdminPassword** from the **setenv.sh** file
  * Restart service: ''systemctl start promonitor-cockpit''
  * Login with the new password


=== Using reset password library ===

  * From cockpit install folder, download the [[https://agentil.app.box.com/s/ipdlvfwxjlm5l1m5xwbwkqgcuv4p1egr|Reset password library]]
  * Stop cockpit service: ''systemctl stop promonitor-cockpit''
  * Make a copy of the ''db'' folder : ''cp -r db db.backup''
  * Then execute: ''java -jar cockpit-reset-password.jar superadmin [newPassword]''
  * This will update the db with the new superadmin password
  * Restart service: ''systemctl start promonitor-cockpit''
  * If the operation worked, remove the db backup

==== Reset all ====

^ **Conditions** ^
| It is not possible to log into the application, even in superadmin mode. |
| Server log is showing serialization errors or SQL errors |

^ **Probable cause **^
| The server configuration is corrupted |
^ Resolution 1:^
| stop promonitor-service |
| Use a mysql client and remove the last line of table ''server_configuration'' |
| Depending on the timestamp of the line, you might remove several lines, up to a time you knew the configuration was working |
| Once done, start promonitor-service |

^**Probable cause 2**^
| The local server DB is corrupted |
^ Resolution 2 ^
| stop promonitor-service |
| rename local db folder: ''[PROMONITOR_HOME]/db'' |
| start promonitor-service |
| register a new superadmin account |
| Recreate the SQL connector to the main DB |
| restart promonitor-service |