Configure the UI
Find details here for the configuration properties of the UI. Properties are defined in the following file:
/etc/wandisco/ui/application-prod.properties
When adding new properties or changing existing values, restart the Data Migrator service.
General configuration
Configure how the UI is run overall.
| Name | Details |
|---|---|
server.port | Set the port on which the UI will be available. This is overridden by the server.ssl.port when TLS is enabled.Default value: 8081Allowed values: An integer value between 1024 and 65535 |
UI logging
The UI configuration file (/etc/wandisco/ui/application-prod.properties) contains the following logging configuration properties:
| Name | Details |
|---|---|
logging.output.path | The output path for all logging. Default value: /var/log/wandisco/uiAllowed values: The full path to a valid directory that is writable by the user running the UI. The user is typically hdfs. |
logging.level.ROOT | The log level. Default value: INFOAllowed values: A valid log level: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, or OFF. |
logging.audit.output.filename | The output filename for the audit log. This will be suffixed with the date in YYYY-MM-DD format.Default value: livedata_ui_auditAllowed values: A valid string. |
logging.audit.days-kept | The amount of days that the audit log will be retained. Default value: 90Allowed values: An integer value for the number of days that logs are kept. |
Configure the log output path for the UI
- Open
/etc/wandisco/ui/application-prod.properties. - Edit the following line, replacing the default path
/var/log/wandisco/uiwith your own. For example:logging.output.path=/your/path/here - Save the change.
- Restart Data Migrator.
Reset admin user password
Reset the admin user's password for Data Migrator by creating a file named reset.password in the UI configuration directory (/etc/wandisco/ui/ by default).
Add the existing email value and a new password value in the file (The password must conform to the same password requirements as the UI) :
email=user@domain.com
password=newPassword
Restart the UI server after the file has been created. When the UI restarts, it updates the password to the value entered in the file, the file is then automatically deleted.
This process cannot be used for users other than the admin. It does not work for the admin user's email address, which cannot be changed.
Security
Basic authentication compatibility
If basic authentication is enabled on Data Migrator or Hive Migrator (or both), the following additional steps are required to maintain UI functionality: Update basic auth in the UI.
TLS
Configure how the UI uses TLS, which is disabled by default.
| Name | Details |
|---|---|
server.ssl.enabled | Set to true to enable TLS. If no other TLS values are set, this will use an internal keystore and a self-signed certificate to serve the UI.Default value: falseAllowed values: true, false |
server.ssl.port | Set the port on which the UI should be available when TLS is enabled. Default value: 8443Allowed values: An integer value between 1024 and 65535 |
server.ssl.key-store | The path to the key store which should be used instead of the internal default |
server.ssl.key-store-password | The password to be used to access the key store |
server.ssl.key-alias | The alias of the certificate to be used |
server.ssl.key-store-type | Optional: set the key store type. Defaults to PKCS12 |
application.liveMigratorV2.client.noCheckCertificate | Optional: add this property and set the value to true if you want to implicitly trust certificates from remote Data Migrator instances. Default value: false Instead of using this property, we recommend that you import your server certificate into a truststore. |
The example command below will import a certificate file, certificate-file.crt into the Java truststore cacerts:
keytool -importcert -file /etc/wandisco/certificate-file.crt -keystore cacerts -alias key-alias
For more information about parameters, see Oracle's documentation.
Using a custom truststore (UI)
The default SSL keystore configuration for the UI is stored in /etc/wandisco/ui/application-prod.properties:
server.ssl.port=8443
server.ssl.enabled=true
server.ssl.key-store=/etc/wandisco/ui/tls/keystore.p12
server.ssl.key-store-password=password
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=livedata-ui
If you define a custom keystore using these configuration parameters, the truststore will still default to the one in the JAVA home directory.
For more information, see Transport Layer Security (TLS).
Use the following steps to enter a custom truststore:
- Open
/etc/wandisco/ui/vars.envin a text editor. - Add the following line:This UI extra JAVA argument adds the following:
LDUI_EXTRA_JVM_ARGS="-Djavax.net.ssl.trustStore=/etc/wandisco/ui/tls/keystore.p12 -Djavax.net.ssl.trustStorePassword=password"
- Djavax.net.ssl.trustStore - Path to the custom truststore file.
- Djavax.net.ssl.trustStorePassword - The custom truststore password.
- Save the change.
- Restart the UI service. using the command:
systemctl restart livedata-ui
Data Migrator instance
Default Data Migrator instance hostname and port /etc/wandisco/ui/application-prod.properties:
application.liveMigratorV2.servers=localhost\:18080
Directory structure
The following directories are used for the UI:
| Location | Content |
|---|---|
/var/log/wandisco/ui | Logs |
/etc/wandisco/ui | Configuration files |
/opt/wandisco/ui | Operation files |
/var/run/livedata-ui | Runtime files |
Secrets store properties
HashiCorp Vault
Add the following properties to integrate with HashiCorp Vault. See the HashiCorp Vault configuration section for steps and examples for each authentication type.
The following properties cannot be referenced using application property references,
if you are integrating with a HashiCorp Vault server ensure these properties and values are used in the application-prod.properties file.
| Name | Details |
|---|---|
spring.cloud.vault.enabled | Determines whether the Vault integration is enabled, accepted vaules: true or false Default value: none |
spring.cloud.vault.uri | Specifies the URI (including protocol, host, and port) of the HashiCorp Vault server. For example: http://127.0.0.1:8200 or https://127.0.0.1:8222 Default value: none |
spring.cloud.vault.authentication | Specifies the authentication method for used when connecting to HashiCorp Vault. Use either TOKEN or APPROLE. Default value: none |
spring.cloud.vault.token | Specifies the authentication token that will be used to authenticate with HashiCorp Vault. Default value: none |
spring.config.import | Specifies comma-seperated vault location sources of key-value secrets used for application properties. See the reference format. Default value: none |
spring.cloud.vault.app-role.role-id | Specifies the role ID for AppRole authentication method when connecting to HashiCorp Vault. Default value: none |
spring.cloud.vault.app-role.secret-id | Specifies the secret ID for AppRole authentication method when connecting to HashiCorp Vault. The secret ID, along with the role ID, is used to authenticate with the Vault when APPROLE authentication is used. Default value: none |
spring.cloud.vault.ssl.trust-store | Specify local location of the trust store file containing the trusted certificates used to validate the SSL/TLS connection to the Vault server. For example: /path/to/your/truststore.jks Default value: none |
spring.cloud.vault.ssl.trust-store-password | The password for the trust store file. Default value: none |
spring.cloud.vault.ssl.trust-store-type | Specifies the type of the trust store file. JKS or PKCS12. Default value: none |
When disabling HashiCorp Vault integration, set spring.cloud.vault.enabled equal to false, ensure no references are in use including any used with the spring.config.import property.
Comment out or remove any reference values from the spring.config.import property and restart the Data Migrator service for changes to take effect.