TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration Version 7.0.0 November 2020
Copyright © 2011-2020. TIBCO Software Inc. All Rights Reserved. 2 | Contents
Contents
Contents 2
TIBCO Documentation and Support Services 4
TIBCO® OI Hawk® RedTail - Container Edition Overview 6
Deployment Architecture and Components 7 Hawk Agent 8 Hawk Microagents 8 Hawk Console 9 Grafana 9 Time Series Storage (Prometheus) 9 Apache Zookeeper 10 Query Node 10 Webapp 10
Hardware and Software Requirements 11
Building Docker Images for the Components 13
Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode 16
Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster 18
Persistent Volume Claim for TIBCO OI Hawk RedTail - Container Edition Nodes 19
Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components 20
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 3 | Contents
Configuring Grafana Data Source 36
Administration 39 Administration Tab 39 Adding a User 40 Adding a Role 41 Deleting a User or a Role 43 Configuring a Remote LDAP Server 44 Choosing a License 44
Adding Custom Hawk Plug-Ins to the TIBCO OI Hawk RedTail - Container Edition Agent 45
TIBCO OI Hawk RedTail - Container Edition Programming 47
Legal and Third-Party Notices 49
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 4 | TIBCO Documentation and Support Services
TIBCO Documentation and Support Services
For information about this product, you can read the documentation, contact TIBCO Support, and join TIBCO Community.
How to Access TIBCO Documentation Documentation for TIBCO products is available on the TIBCO Product Documentation website, mainly in HTML and PDF formats. The TIBCO Product Documentation website is updated frequently and is more current than any other documentation included with the product. To access the latest documentation, visit https://docs.tibco.com.
Product-Specific Documentation The following for this product is available on the TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Product Documentation page. The following documents for this product can be found in the TIBCO Documentation site:
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Release Notes
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Concepts
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User Guide
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Microagent Reference
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Security Guidelines
How to Join TIBCO Community TIBCO Community is the official channel for TIBCO customers, partners, and employee subject matter experts to share and access their collective experience. TIBCO Community offers access to Q&A forums, product wikis, and best practices. It also offers access to extensions, adapters, solution accelerators, and tools that extend and enable customers to gain full value from TIBCO products. In addition, users can submit and vote on feature
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 5 | TIBCO Documentation and Support Services requests from within the TIBCO Ideas Portal. For a free registration, go to https://community.tibco.com.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 6 | TIBCO® OI Hawk® RedTail - Container Edition Overview
TIBCO® OI Hawk® RedTail - Container Edition Overview
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition (TIBCO® OI Hawk® RedTail - Container Edition) is a tool for monitoring and managing distributed applications. TIBCO OI Hawk RedTail - Container Edition also provides public APIs to develop custom components (using the REST API, Hawk AMI, and Hawk Console API) as required. For more information about the APIs, see TIBCO Hawk® Programmer's Guide. For more information about REST APIs, see "REST API Reference" in TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User Guide. You can enable additional monitoring capabilities in TIBCO OI Hawk RedTail - Container Edition with the "Standard Edition" license of the application. TIBCO OI Hawk RedTail - Container Edition is a set of containerized microservices which are used to monitor and manage the infrastructure and applications that are running in the private cloud. The monitoring is enabled using Hawk Rulebases which monitor particular application or system resources and takes an action when the specific conditions are detected. This is possible with pre-bundled and externally configurable micoragents and rulebases.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 7 | Deployment Architecture and Components
Deployment Architecture and Components
TIBCO OI Hawk RedTail - Container Edition is typically deployed in a private cloud environment such as Kubernetes, where it can monitor TIBCO and non-TIBCO applications and services. TIBCO OI Hawk RedTail - Container Edition is a set of microservices. Each microservice provides distinct features and capabilities. The following figure shows the components of TIBCO OI Hawk RedTail - Container Edition in a Kubernetes cluster for monitoring TIBCO and non-TIBCO applications and services.
TIBCO OI Hawk RedTail - Container Edition architecture
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 8 | Deployment Architecture and Components
The following components are a part of the TIBCO OI Hawk RedTail - Container Edition deployment architecture: • Hawk Agent • Hawk Microagents • Hawk Console • Grafana • Time Series Storage (Prometheus) • Apache Zookeeper • Query Node • Webapp These components run as separate microservices and can be configured as required. You can configure these components using the environment variables in manifest files or Kubernetes Helm charts. See Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Hawk Agent The Hawk Agent is a process that monitors activity on a particular application by using microagents. In TIBCO OI Hawk RedTail - Container Edition, the Hawk Agent has built-in microagents to monitor the Kubernetes cluster or Docker infrastructure. The Hawk Agent uses rulebases to automate the monitoring using rules, alerts and actions. The Hawk Agent container connects to the Hawk Console container to form a cluster by using the TCP transport for Hawk.
Hawk Microagents
TIBCO OI Hawk RedTail - Container Edition has built-in microagents for monitoring Kubernetes infrastructure, or Docker host (if the deployment is on Docker) and you can also configure other microagents to monitor TIBCO and non-TIBCO applications/ services for example, TIBCO BW CE, FTL, AMX, etc. For more information, refer to TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Microagent Reference Guide. Hawk Microagents connect to Hawk Agent using the TCP Transport for Hawk.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 9 | Deployment Architecture and Components
Hawk Console You can use the REST API to access the TIBCO OI Hawk RedTail - Container Edition features like Hawk Microagent methods, Alerts, Tag based Rulebases, Content Packs, and Query. The Hawk Console and the Query Node exposes the other TIBCO OI Hawk RedTail - Container Edition components and external clients/scripts. The Hawk Console exposes administration and functional APIs and the Query Node exposes APIs to execute a query and other query related operations. The following REST APIs can be accessed separately using Swagger pages as follows: • Hawk Console: https://
Grafana The Grafana component enables you to create customized dashboards. You can create and maintain multiple dashboards at once and you now also have the ability to customize the panels within the dashboards in which multiple queries can be configured. Each panel can utilize the visualizations such as line charts, tables, and gauges. This is possible by using the Grafana RedTail Datasource Plugin. This is the default plugin that acts as a translator between Grafana and TIBCO OI Hawk RedTail - Container Edition. The plugin fetches the query results from TIBCO OI Hawk RedTail - Container Edition and then converts those results into Grafana compatible information. Grafana then displays this translated information in the form of visualization specified by the user. For more information about Grafana, see https://grafana.com/docs/.
Time Series Storage (Prometheus) A time-series database is used to store and retrieve data records that are part of a “time series,” which is a set of data points that are associated with timestamps. The data is collected from a data source over a period of time. A time-series database lets you store large volumes of time stamped data in a format that allows fast insertion and fast retrieval to support complex analysis on that data. The collection of data is done by using metrics exporter. An exporter converts standard metrics into time series compatible metrics. The Hawk Console acts as a Prometheus Exporter meaning the Prometheus server scrapes metrics from Hawk Console at a regular interval. The Hawk Console will generate metrics by subscribing to microagent methods of different Hawk Agents. For more information about Prometheus, see https://prometheus.io/docs/.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 10 | Deployment Architecture and Components
Apache Zookeeper Apache ZooKeeper is a centralized service for maintaining configuration information, naming conventions, and providing group services. These services are used in distributed applications.
Query Node Query node helps in the creation of a search query for collecting the data about the metrics by using the Operational Intelligence Search Query Language. The search query supports EQL (Event Query Language) and a subset of SQL (Structured Query Language). You can perform queries using Data Models, which are normalized data sets automatically created for every collected metric/ Hawk microagent data. You can also use filters, limited regular expressions and time range filters in the queries. For more information about querying, see TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User's Guide.
Webapp Webapp provides a central view of all the distributed components interacting within the TIBCO OI Hawk RedTail - Container Edition environment. It provides a pictorial view of the infrastructure components that are monitored in the environment.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 11 | Hardware and Software Requirements
Hardware and Software Requirements
Hardware Requirements
Container Persist Volume CPU Memory JAVA_ Name Data OPTS Limits Requests Limits Requests Limits
Zookeeper Yes 50 MB 100m 1 CPU 200Mi 1Gi -
Mysql Yes 1 GB 500m 1 CPU 500Mi 2Gi -
Hawk Console Yes 50 MB 500m 2 CPU 500Mi 2Gi -Xms500m - Xmx2g
Hawk Agent Yes 50 MB 500m 2 CPU 500Mi 2Gi -Xms500m - Xmx2g
Query Node No NA 500m 1 CPU 1Gi 2Gi -Xms500m - Xmx2g
Prometheus Yes 10 GB 500m 2 CPU 500Mi 2Gi -
Webapp No NA 500m 1 CPU 500Mi 2Gi -
Grafana Yes 10 MB 500m 1 CPU 500Mi 2Gi -
nginx No NA 50m 0.1 100Mi 100m - Prometheus
nginx No NA 50m 0.1 100Mi 100m - Grafana
Software Requirements
l Operating System: For a complete list of supported platforms and versions, see the TIBCO OI Hawk RedTail - Container EditionReadme file.
l Docker (19.03 or later) installed and configured with initial setup on the machine. For complete details on Docker installation, see the Docker documentation.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 12 | Hardware and Software Requirements
l From the Oracle MySQL website, download the following file (in .tar.gz format) to the
Item Operating System Example file name
MySQL Java Connector MacOS, Linux (CentOS) mysql-connector-java-
When you obtain third-party software or services, it is your responsibility to ensure you understand the license terms associated with such third-party software or services and comply with such terms.
l OpenSSL 2.x or later installed and configured.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 13 | Building Docker Images for the Components
Building Docker Images for the Components
Before you can run TIBCO OI Hawk RedTail - Container Edition components, you must create Docker images for those components.
Before you begin The workstation used for building container images for TIBCO OI Hawk RedTail - Container Edition must meet the following requirements:
l Requirements specified at Hardware and Software Requirements.
l Internet connectivity for downloading base images from the Docker repository.
l Download TIBCO OI Hawk RedTail - Container Edition software package from the TIBCO Software Product Download Site (https://edelivery.tibco.com/). Extract the TIBCO OI Hawk RedTail - Container Edition archive file to a directory
l Optional: Edit the certificate configuration for generating the certificates and keys required to establish secure communication between the TIBCO OI Hawk RedTail - Container Edition components. For more information, see TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Security Guidelines.
TIBCO OI Hawk RedTail - Container Edition supports only the following images and versions.
Component Base Image Version
Query Node openjdk 11.0.8-jre-slim
Hawk Agent openjdk 11.0.8-jre-slim
Hawk Console openjdk 11.0.8-jre-slim
Database mysql 5.7
Prometheus prom/prometheus 2.22
Grafana grafana/grafana 7.0.3
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 14 | Building Docker Images for the Components
Component Base Image Version
Zookeeper zookeeper 3.5.5
WebApp node 10-alpine
Procedure 1. Build the container images by using the following command
$ cd
$ ./build-all.sh
2. Verify the newly created images by using the following command:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redtail/grafana 1.0 2691db19d052 2 days ago 159MB
redtail/hkceagent 1.0 bb1ad301f099 2 days ago 454MB
redtail/hawkconsolenode 1.0 b7b91398c969 2 days ago 366MB
redtail/webapp 1.0 82bbdb588a59 2 days ago 239MB
redtail/querynode 1.0 c2edbc52cdd6 2 days ago 355MB
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 15 | Building Docker Images for the Components
redtail/base 1.0 ab7cc2b8b56f 2 days ago 267MB
redtail/mysql 1.0 fbdbf94a7d87 3 days ago 449MB
redtail/zookeeper 1.0 d1bca35bc54d 13 days ago 254MB
openjdk 11.0.8-jre-slim 548394273fb4 2 weeks ago 204MB
node 10-alpine 57006130ce4b 3 weeks ago 83.5MB
prom/prometheus latest cdfc440228d0 6 weeks ago 168MB
mysql 5.7 ef08065b0a30 6 weeks ago 448MB
grafana/grafana 7.0.3 22fccd4fab0a 4 months ago 158MB
What to do next After building the Docker images, you can run the Hawk containers of these images. You can run the TIBCO OI Hawk RedTail - Container Edition components in the following modes:
l In standalone mode, seeRunning TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode.
l In a multi-host environment, see Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 16 | Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode
Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode
The connection configuration for TIBCO OI Hawk RedTail - Container Edition components can be done by using the environment variables. For more information on the environment variables available for each component, see Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components. Docker provides a Compose tool for defining and running multi-container Docker applications. With the Compose tool you can provide all the configurations for all your containers in a single YAML file (docker-compose.yml). Then, using only a single command you can start the containers with the specified configurations. You can access the docker files at
Procedure 1. Create the docker-compose.yml file with required configurations in a temporary folder. For more information about the Docker Compose tool, see the Docker Compose documentation.
2. On the command line, browse to the docker-compose.yml file and run the following command to run all TIBCO OI Hawk RedTail - Container Edition component containers with specified configurations:
docker-compose up -d
3. You can verify that all containers are running by using the following command:
docker ps
What to do next If you have Webapp URL running, you can access it at https://
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 17 | Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode
Viewing Container Logs All component containers of TIBCO OI Hawk RedTail - Container Edition publish their logs on stdout. To view logs of a particular container, run the following command:
docker logs
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 18 | Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster
Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster
Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications. The administrator must be familiar with Kubernetes concepts before deploying TIBCO OI Hawk RedTail - Container Edition. For more information about Kubernetes, see the Kubernetes documentation.
Procedure 1. Set up a Kubernetes cluster. For more information, see Kubernetes Documentation. 2. Create a repository with the same name as the Docker image of TIBCO OI Hawk RedTail - Container Edition components. Upload the component images to the repository.
You might need to tag the images differently based on the cloud platform registry requirements.
3. Deploy the manifest files for each of the TIBCO OI Hawk RedTail - Container Edition components and deploy using standard Kubernetes deployment procedures. Refer to the sample Kubernetes YAML files for each of the TIBCO OI Hawk RedTail - Container Edition components at
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 19 | Persistent Volume Claim for TIBCO OI Hawk RedTail - Container Edition Nodes
Persistent Volume Claim for TIBCO OI Hawk RedTail - Container Edition Nodes
The following information about persistent volume claims is required to persist the data of TIBCO OI Hawk RedTail - Container Edition components.
Container Persistent Data Path Name Volume Required
Zookeeper Yes /data/zk
Mysql Yes /var/lib/mysql
Hawk Yes /loglogic/logu/hawkconsolenode/repo Console
Hawk Agent Yes /loglogic/logu/hkceagent/plugin/hawkuc/data/resources/config
Query Node No -
Prometheus Yes /prometheus
Webapp No -
Grafana Yes /var/lib/grafana
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 20 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Each component of TIBCO OI Hawk RedTail - Container Edition can be configured using the environment variables. These environment variables can be provided in a YAML file. Supply this YAML file to the Docker Compose utility to run the component containers with these configurations.
Hawk Agent Environment Variables
Environment Mandatory Suggested Description Variable Value
agent_domain No None The agent_domain environment variable sets the Hawk agent domain.
agent_name No Hostname of The agent_name environment variable sets the name of Hawk agent. If not provided, set it to the host name of the hkce_agent container. hkce_agent container
auto_config_ No None • The auto_config_dir environment variable specifies the directory from where the configuration objects are loaded for the agent to run in auto-configuration mode. dir • When this option is not used, the agent operates in manual configuration mode. When using the manual configuration mode, use the config_path variable.
Note: By default the auto_ config_dir is created inthe hkce_ agent container. Since any file or folder created inthe container has a transient nature, removing hkce_agent container might lead to loss of rulebases that were stored in the directory specified in auto_ config_dir. Thus, to avoid this issue, use the Docker volume to persist the rulebases and set the auto_ config_dir to the destination of the Docker volume within the hkce_ agent container.
config_path No None • The config_path environment variable specifies the directory from where the configuration objects are loaded for the agent to run in manual configuration mode.
• This variable cannot be used with the auto_config_dir variable.
• The delimiter for path entries is the colon (:) symbol.
hawk_domain No "default" The hawk_domain environment variable sets the Hawk domain name.
hma_plugin_ No - The hma_plugin_dir environment variable specifies the directory used for Hawk microagent plug-in configuration. dir
log_level No 7 The log_level environment variable identifies the log level. The values of the log_level environment variable are:
l 4 (ERROR)
l 6 (WARN)
l 7 (INFO)
l 8 (DEBUG)
l 16 (TRACE)
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 21 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Description Variable Value
tcp_daemon_ Yes localhost:2561 The tcp_daemon_url environment variable specifies the URL that Hawk agent uses to connect to Hawk console to join TCP cluster. This is basically the self_url of Hawk console. url
tcp_self_url Yes localhost:2551 The tcp_self_url environment variable specifies the self URL for the TCP Transport for TIBCO Hawk. The URL is in the form
ami_tcp_ No localhost:2571 The ami_tcp_session environment variable specifies the URL that the external Microagents (e.g. HKBWCE) use to connect to Hawk agent to join the agent's TCP sub-cluster. session
Environment variables for Email Configurations
email_smtp_ No None The email_smtp_server environment variable identifies the SMTP server host name for sending emails. server
email_smtp_ No 25 The email_smtp_port environment variable identifies the SMTP server port. port
email_smtp_ No false The email_smtp_auth_required environment variable specifies whether the SMTP server authentication is required or not. auth_required
email_smtp_ No false The email_smtp_tls_required environment variable specifies whether the SMTP server requires TLS or not. tls_required
email_smtp_ No 25 The email_smtp_socket_factory_port environment variable specifies the SMTP socket factory port needed for TLS. socket_ factory_port
email_smtp_ No None The email_smtp_user environment variable SMTP server user name. This variable is required only if SMTP server authentication is configured to true. user
email_smtp_ No None The email_smtp_password environment variable specifies the user password for the SMTP server. This variable is required only if SMTP server authentication is set to true. password
Environment Variables for TCP Transport TLS Configuration
tcp_key_store No None Path of the key store file.
tcp_trust_ No None Path of the trust store file. store
tcp_key_ No None Password for the key store file. store_ password
tcp_key_ No None Encrypted key password. password
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 22 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Description Variable Value
tcp_trust_ No None Password for the trust store file. store_ password
tcp_ssl_ No TLSv1.2 Protocol for a secure connection. protocol
tcp_enabled_ No TLS_RSA_WITH_ Algorithm to be used for the security protocol. You can specify multiple algorithms as comma-separated list without space. algorithms AES_128_CBC_ SHA
Hawk Console Environment Variables Port: 9687
Environment Variable Mandatory Suggested Value Description
zookeeper.connectString Yes zookeeper:9600 Host and port of zookeeper.
LOAD_CONFIG_FROM_ENV Yes TRUE Flag to indicate whether to load variables from environment variables or to use predefined default values.
waitForServices Yes zookeeper:9600, Services after which hawkconsolenode starts. dbnode:3306
tcp_self_url Yes hawkconsolenode:2561 The tcp_self_url environment variable specifies the self URL for the TCP Transport for TIBCO Hawk. The URL is in the form
hawk_domain Yes redtail The Hawk domain name.
publicIp Yes hawkconsolenode The service name of the hawkconsole component which gets registered with zookeeper.
machineId Yes machine-0000000000 Internal component ID.
unity.services.rest.host Yes 0.0.0.0 Host IP for hawkconsole REST communication.
hawk_console_server_port Yes 9687 Listen port for Hawkconsole REST communication.
hawk_console_repository_path Yes /loglogic/logu/hawkconsolenode/repo Hawk console repository path.
JAVA_OPTS No
For example, -Xms512m -Xmx2g
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 23 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
GRAFANA_URL Yes http://grafana:3000 Grafana URL.
REST_TLS_CIPHERS Yes TLS_ECDHE_RSA_WITH_AES_128_CBC_ Supported Cipher Suites. SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_ SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_ SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_ SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_ SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_ SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_ SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_ SHA256
REST_TLS_KEY_FILE Yes /loglogic/conf/certs/key Key pair used for setting up REST TLS communication.
REST_TLS_KEY_PASSWORD Yes
REST_TLS_CERT_FILE Yes /loglogic/conf/certs/certificate Certificate used for REST TLS communication.
REST_TLS_CACERT_FILE Yes /loglogic/conf/certs/cacert Certificate of the CA used to sign the REST TLS certificate.
TLS_SKIP_CERTIFICATE_VERIFICATION No false Skip certificate verification
TLS_SKIP_HOSTNAME_VERIFICATION No true Skip hostname verification
JWT_SIGNING_KEY_FILE No /loglogic/conf/certs/key Path to JWT signing key.
JWT_SIGNING_KEY_PASSWORD No
JWT_TTL No 300 JWT token time to live value (in minutes).
PROMETHEUS_TLS_CACERT_FILE No /loglogic/conf/certs/cacert Path to the CA cert which signed Prometheus server certificate. This is required for Prometheus to securely connect with Hawk Console for scraping metrics.
PROMETHEUS_TLS_CN No Prometheus Common name defined in Prometheus certificate. This is required for Prometheus to securely connect with Hawk Console for scraping metrics.
GRAFANA_TLS_CACERT_FILE No NA Path to the Grafana CA certificate. This is valid in case where Grafana is secured with TLS.
datasource_url Yes jdbc:mysql: Connection URL to MySQL server.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 24 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
//dbnode:3306/logumon
datasource_drivername Yes com.mysql.jdbc.Driver JDBC class name.
datasource_username Yes root Database user name.
datasource_password Yes
datasource_connection_pool_initial_ No "10" Database Connection pool size at startup. size
datasource_connection_pool_max_idle No "20" Maximum number of idle connections allowed in the database connection pool.
datasource_connection_pool_max_ No 100 Maximum number of active connections allowed in the database connection pool. active
datasource_tls_cacert_file No /loglogic/conf/certs/cacert Path to the database CA certificate. This is valid if MySQL secured with TLS.
datasource_tls_skip_hostname_ No true Skip host name verification while communicating with database over TLS. verification
datasource_tls_skip_certificate_ No false Skip certificate verification while communicating with database over TLS verification
user_store_type Yes database Type of store where the users are stored.
Possible values: database, ldap
LDAP Configuration (All variables are mandatory if the variable user_store_type is ldap)
LDAP_HOST No NA Host name for the LDAP server.
LDAP_PORT No NA Port of the LDAP server.
LDAP_ADMIN_DN No NA Admin user DN.
LDAP_ADMIN_PASSWORD No NA Admin user password
LDAP_BASE_DN No NA LDAP Base DN.
LDAP_UID_ATTR No CN Attribute to use as a user name.
LDAP_SSL_ENABLED No false Set to true, if communication with LDAP is over SSL.
LDAP_DISABLE_HOSTNAME_VERIFICATION No true Skip LDAP server hostname verification.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 25 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
LDAP_TLS_CACERT_FILE No NA Path to the CA certificate of LDAP server
TLS Configuration
TLS_CLIENT_KEY_FILE No NA Path to hawkconsolenode client key. Required for mutual authentication with any other component/ client. For example, if Grafana is configured with a reverse proxy using TLS via mutual authentication.
TLS_CLIENT_KEY_PASSWORD No NA Password to hawkconsolenode client key.
TLS_CLIENT_CERT_FILE No NA Path to hawkconsolenode client certificate.
log_level No INFO Specifies the level of diagnostic information stored in the logs. The following are the logging levels: • ERROR - Indicates error level trace messages should be enabled.
• WARNING - Indicates warning level trace messages should be enabled.
• INFO - Indicates information level trace messages should be enabled.
• DEBUG - Indicates debug level trace messages should be enabled.
• TRACE - Indicates AMI level trace messages should be enabled.
Environment Variables for TCP Transport TLS Configuration
tcp_key_store No None Path of the key store file.
tcp_trust_store No None Path of the trust store file.
tcp_key_store_password No None Password for the key store file.
tcp_key_password No None Encrypted key password.
tcp_trust_store_password No None Password for the trust store file.
tcp_ssl_protocol No TLSv1.2 Protocol for a secure connection.
tcp_enabled_algorithms No TLS_RSA_WITH_AES_128_CBC_SHA Algorithm to be used for the security protocol. You can specify multiple algorithms as comma-separated list without space.
Grafana component Environment Variables Port: 3000
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 26 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Value Description Variable
GF_USERS_ALLOW_ Yes false When set to false: Prohibits users from being able to sign up or create user accounts. The admin user can still create users from the Grafana SIGN_UP Admin Pages.
Default: false.
GF_USERS_AUTO_ Yes true When set to true: Automatically adds new users to the main organization (ID 1). ASSIGN_ORG When set to false: A new organization is created for the new user automatically.
Default: true.
GF_USERS_AUTO_ Yes Editor The role new users are assigned for the main organization (if GF_USERS_AUTO_ASSIGN_ORG is set to true). Defaults to Viewer, other valid options are ASSIGN_ORG_ROLE Admin and Editor. For TIBCO OI Hawk RedTail - Container Edition, this value should be Editor.
GF_USERS_DEFAULT_ Yes light Set the default UI theme: dark or light. Default is dark. For TIBCO OI Hawk RedTail - Container Edition, the suggested value is light THEME
GF_AUTH_PROXY_ Yes true Set to true, for Grafana to let a HTTP reverse proxy handle authentication. For TIBCO OI Hawk RedTail - Container Edition, this value should be ENABLED true.
GF_AUTH_PROXY_ Yes X-WEBAUTH-USER HTTP Header name that contains the user name. HEADER_NAME
GF_AUTH_PROXY_ Yes user name HTTP Header property, defaults to 'username'. HEADER_PROPERTY
GF_AUTH_PROXY_ Yes true Set to true to enable auto sign up of users who do not exist in Grafana DB. Defaults is true. AUTO_SIGN_UP
GF_SERVER_DOMAIN Yes grafananode This setting is only used in as a part of the root_url setting.
GF_SERVER_HTTP_ Yes 3000 The port to bind to; defaults to 3000. PORT
GF_SERVER_ROOT_URL Yes %(protocol)s://%(domain)s:%(http_ This is the full URL used to access Grafana from a web browser. port)s/grafana
GF_AUTH_BASIC_ Yes true Basic auth is enabled by default and works with built-in Grafana. For TIBCO OI Hawk RedTail - Container Edition, we need basic auth to be ENABLED enabled.
GF_SECURITY_ALLOW_ Yes true Default: false. EMBEDDING When false, the X-Frame-Options: deny HTTP header is set in Grafana HTTP responses. Thus, browsers do not allow rendering Grafana in ,
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 27 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Value Description Variable
GF_PATHS_PLUGINS Yes /usr/share/grafana/data/grafana/plugins Directory where Grafana automatically scans and looks for plug-ins. Manually or automatically install any plug-ins here.
GF_DATABASE_TYPE Yes mysql Type of database where Grafana stores all the data.
GF_DATABASE_HOST Yes dbnode:3306 Host and IP port of the database.
GF_DATABASE_NAME Yes grafana Name of the database.
GF_DATABASE_USER Yes root Database user name.
GF_DATABASE_ Yes
GF_DATABASE_SSL_ Yes skip-verify Skips verification of the certificate chain and hostname when making the connection. MODE
GF_DATABASE_CA_ Yes /etc/grafana/mysql-cacert Database CA certificate. CERT_PATH
Query node Environment variables Port: 9681
Environment Variable Mandatory Suggested Value Description
zookeeper.connectString Yes zookeeper:9600 Host and port of zookeeper.
LOAD_CONFIG_FROM_ENV Yes TRUE Flag to indicate whether to load variables from environment variables or to use predefined default values.
waitForServices Yes zookeeper:9600, Services after which querynode starts. dbnode:3306, prometheus:9090
machineId Yes machine-0000000000 Machine identification, recommend value: machine-0000000000.
unity.services.rest.host Yes 0.0.0.0 Host address of querynode.
unity.services.rest.port Yes 9681 Port on which query listen to HTTP request.
unity.services.rest.options.results.maxpage Yes 1000000 Maximum number of search results shown on the search page.
unity.services.query.host Yes 0.0.0.0 Query Node self host IP which gets registered with zookeeper.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 28 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
unity.services.query.port Yes 9620 Query Node self port which gets registered with zookeeper.
unity.storage.cache Yes /loglogic/data/.query/qcache Internal cache for storing query results for each cached query.
unity.storage.maxSplitH2fileSize Yes 31 Defines Maximum size of file for H2 file splitting. • 0 - defines no file splitting.
• 31 - 2 GB file size.
unity.maxConcurrentQuery Yes 25 Max number of queries that can be executed concurrently.
REST_TLS_CIPHERS Yes TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, Supported Cipher Suites . TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
REST_TLS_KEY_FILE Yes /loglogic/conf/certs/key Key pair used for setting up REST TLS communication.
REST_TLS_KEY_PASSWORD Yes
REST_TLS_CERT_FILE Yes /loglogic/conf/certs/certificate Certificate used for REST TLS communication.
REST_TLS_CACERT_FILE Yes /loglogic/conf/certs/cacert Certificate of the CA used to sign the REST TLS certificate.
PROMETHEUS_SERVER_HOST Yes prometheus Hostname of the Prometheus server.
PROMETHEUS_SERVER_PORT Yes 9090 Port of the Prometheus server.
PROMETHEUS_SERVER_TLS_ENABLED No false Set to true, if communication with Prometheus server needs to happen over TLS protocol.
PROMETHEUS_TLS_CACERT_FILE No
HAWKCONSOLE_HOST Yes hawkconsolenode hawkconsolenode host.
HAWKCONSOLE_PORT Yes 9687 hawkconsolenode port.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 29 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
HAWKCONSOLE_TLS_ENABLED Yes true True, if communication with Prometheus server needs to happen over TLS protocol.
HAWKCONSOLE_TLS_CACERT_FILE Yes /loglogic/conf/certs/cacert hawkconsolenode CA certificate.
TLS_CLIENT_KEY_FILE Yes /loglogic/conf/certs/querynode-client-key Path to querynode client key to communicate with hawkconsole.
TLS_CLIENT_KEY_PASSWORD Yes
TLS_CLIENT_CERT_FILE Yes /loglogic/conf/certs/querynode-client-certificate Path to querynode client certificate to communicate with hawkconsole.
TLS_SKIP_CERTIFICATE_VERIFICATION No false Skip certificate verification.
TLS_SKIP_HOSTNAME_VERIFICATION No true Skip hostname verification.
JWT_VERIFICATION_KEY No Extracts out public key of the keypair base64 encoded text of public key of the keypair used in Hawk console. /loglogic/conf/certs/key
log_level No INFO Specifies the level of diagnostic information stored in the logs. The following are the logging levels: • ERROR - Indicates error level trace messages should be enabled.
• WARNING - Indicates warning level trace messages should be enabled.
• INFO - Indicates information level trace messages should be enabled.
• DEBUG - Indicates debug level trace messages should be enabled.
• TRACE - Indicates AMI level trace messages should be enabled.
JAVA_OPTS No
For example, -Xms512m -Xmx2g
Database node Environment Variables Port: 3306
Environment Variable Mandatory Suggested Value Description
MYSQL_LOG_CONSOLE No true Configuration for MySQL to log to console.
MYSQL_ROOT_PASSWORD Yes
For setting up TLS for accessing MySQL, you need to configure a "special" config file within MySql: /etc/my.cnf.
To persist the MySQL data, mount the volume for the path: /var/lib/mysql
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 30 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
You can create a new configuration with the following content and map it to /etc/my.cnf:
[mysqld]
require_secure_transport=ON
# Configure certificates
ssl-ca=/etc/certs/my-ca.pem
ssl-cert=/etc/certs/my-server- cert.pem
ssl-key=/etc/certs/my-server- key.pem
You can configure the ca, certificate and key for TLS by mapping the volume:
The key used for TLS should be non-passphrase protected.
- ../build-images/build-context/loglogic/conf/certs/cacert:/etc/certs/my-ca.pem:ro
- ../build-images/build-context/loglogic/conf/certs/certificate:/etc/certs/my-server- cert.pem:ro
- ../build-images/build-context/loglogic/conf/certs/mysql-key:/etc/certs/my-server- key.pem:ro
- ../config/mysql/my.cnf:/etc/my.cnf:ro
Webapp Environment Variables Port: 9680
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 31 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
zookeeper.connectString Yes zookeeper:9600 Host and port of zookeeper.
LOAD_CONFIG_FROM_ENV Yes TRUE Flag to indicate whether to load variables from environment variables or to use predefined default values.
waitForServices Yes zookeeper:9600, Services after which Webapp starts. dbnode:3306
machineId Yes machine-0000000000 Internal component ID.
unity.services.rest.host Yes 0.0.0.0 Host IP for Webapp REST communication.
unity.services.rest.port Yes 9681 Host port for Webapp REST communication.
GRAFANA_URL Yes http://grafana:3000 Grafana URL.
HAWKCONSOLE_NODE_URL Yes https://hawkconsolenode:9687 hawkconsolenode URL.
JWT_VERIFICATION_KEY No Extracts out public key of the keypair base64 encoded text of public key /loglogic/conf/certs/key of the keypair used in Hawk Console.
LOG_LEVEL Yes info Specifies the level of diagnostic information stored in the logs. The following are the logging levels:
• ERROR - Indicates error level trace messages should be enabled.
• WARNING - Indicates warning level trace messages should be enabled.
• INFO - Indicates information level trace messages should be enabled.
• DEBUG - Indicates debug level trace messages should be enabled.
• TRACE - Indicates AMI level trace messages should be
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 32 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
enabled.
DATABASE_HOST Yes dbnode Host IP of Database server.
DATABASE_PORT Yes 3306 Host port of Database server.
DATABASE_USER Yes root Database user name.
DATABASE_PASSWORD Yes
DATABASE_NAME Yes logapplogu Database schema name.
DATABASE_POOL_ Yes 5 The maximum number of CONNECTION_LIMIT connections that can be created at once.
DATABASE_POOL_QUEUE_ Yes 5 The maximum number of LIMIT connection requests that are queued before returning an error from getConnection. Default: 0 (When set to 0, unlimited number of connection requests can be queued.)
DATABASE_TLS_ENABLED No true True, if communication with database is over TLS.
DATABASE_TLS_CACERT_FILE No /loglogic/conf/certs/cacert Path to the database CA certificate.
REST_TLS_KEY_FILE Yes l/oglogic/tomcat/conf/key Key pair used for setting up REST TLS communication.
REST_TLS_CERT_FILE Yes /loglogic/tomcat/conf/certificate Certificate used for REST TLS communication.
REST_TLS_CACERT_FILE Yes /loglogic/tomcat/conf/cacert Certificate of the CA used to sign the REST TLS certificate.
REST_TLS_KEY_PASSWORD Yes
REST_TLS_CIPHERS Yes AES128-GCM-SHA256:AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA- Supported Cipher suites. AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA- AES128-SHA:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 33 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
SHA:ECDHE-RSA-AES256-SHA384
QUERYNODE_TLS_CACERT_ Yes /loglogic/conf/certs/cacert Query node CA certificate. Required FILE for TLS communication with Querynode.
HAWKCONSOLE_TLS_CACERT_ Yes /loglogic/conf/certs/cacert The hawkconsole node CA certificate. FILE Required for TLS communication with Hawk Console.
GRAFANA_TLS_CACERT_FILE No /loglogic/conf/certs/cacert Grafana CA certificate. Required for TLS communication with Grafana.
TLS_CLIENT_KEY_FILE No /loglogic/conf/certs/webapp-client-key Path for webapp client key. Required for mutual authentication with any other component/ client. For example, if Grafana is configured with a reverse proxy using TLS via mutual authentication.
TLS_CLIENT_CERT_FILE No /loglogic/conf/certs/webapp-client-certificate Path of Grafana client certificate.
TLS_CLIENT_KEY_PASSWORD No
Prometheus Environment Variables Port: 9090
Consider the following aspects when configuring the prometheus.yml file:
• To persist the Prometheus data, mount the volume for the path: /prometheus.
• You can configure configure the cacert, client certificate and key by mounting the files to the volume and mapping the keys to the locations given in the prometheus.yml file (/etc/prometheus/*).
# Global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 34 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
# - alertmanager:9093
# Load rules once and periodically evaluate them according to the global 'evaluation_ interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 35 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
- job_name: 'hawk'
metrics_path: '/hawkconsole/exporter/prom/metrics'
scheme: https
honor_labels: true
tls_config:
insecure_skip_verify: true
ca_file: '/etc/prometheus/hkc-cacert'
cert_file: '/etc/prometheus/prom-certificate'
key_file: '/etc/prometheus/prom-key'
static_configs:
- targets: ['
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 36 | Configuring Grafana Data Source
Configuring Grafana Data Source
In TIBCO OI Hawk RedTail - Container Edition, Grafana comes preinstalled with two datasource plug-ins, namely Hawk RedTail Data source and Loglogic Data source. These datasource are responsible fetching metrics and logs from TIBCO OI Hawk RedTail - Container Edition and TIBCO LogLogic Log Management Intelligence respectively, and then transform the results as per Grafana requirement.
Configuring Hawk RedTail Data Source TIBCO OI Hawk RedTail - Container Edition provides preconfigured data source named Hawk RedTail. This is the default data source. This is the default plug-in which acts as a translator between Grafana and TIBCO OI Hawk RedTail - Container Edition. The plug-in fetches query results from TIBCO OI Hawk RedTail - Container Edition and then transforms those results into Grafana compatible information. Grafana will then display this translated information in the form of visualization specified by the user. To access Hawk RedTail data source settings, hover over the Configuration ( ) icon, click Data Sources, and then click the Hawk RedTail data source.
Name Default Value Description
Name Hawk RedTail The data source name. This is how you refer to the data source in panels and queries.
HTTP
Default Yes Default data source means that it is pre-selected for new panels.
URL https://webapp:9680 URL that needs to be accessible from the Grafana server.
You must change the URL based on the actual service name and port configured for Webapp component.
Whitelisted jwtBearerToken Cookies by name that should be forwarded to the data source. Cookies
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 37 | Configuring Grafana Data Source
Name Default Value Description
Auth
Basic Auth No Specifies whether basic authentication to the Hawk RedTail data source is enabled.
TLS Client No Specifies whether TLS authentication to the Hawk RedTail data Auth source is enabled.
Skip Yes Specifies whether the certificate verification must be skipped. TLS Verify
Forward No Specifies whether to forward the user's upstream OAuth OAuth identity to the data source. Identity
With No Specifies whether credentials such as cookies or auth headers Credentials should be sent with cross-site requests.
With CA Cert No Specifies whether self-signed TLS certificates must be verified.
Configuring LogLogic Data Source TIBCO OI Hawk RedTail - Container Edition provides data source named LogLogic. This data source must be manually configured. When configured, this datasource is capable to fetching logs from a remote TIBCO LogLogic appliance and translating the logs to Grafana format. Grafana will display this translated information in a tabular format. The datasource fully supports the TIBCO LogLogic EQL. To access LogLogic data source settings, hover over the Configuration ( ) icon, click Data Sources, and then click the LogLogic data source.
Name Default Value Description
Name LogLogic The data source name. This is how you refer to the data source in panels and queries.
HTTP
Default No Default data source means that it is pre-selected for new panels.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 38 | Configuring Grafana Data Source
Name Default Value Description
URL https://
Whitelisted null Cookies by name that should be forwarded to the data Cookies source.
Auth
Basic Auth Yes Specifies whether basic authentication to the LogLogic data source is enabled.
TLS Client No Specifies whether TLS authentication to the LogLogic data Auth source is enabled.
Skip Yes Specifies whether the certificate verification must be TLS Verify skipped.
Forward No Specifies whether to forward the user's upstream OAuth OAuth identity to the data source. Identity
With No Specifies whether credentials such as cookies or auth Credentials headers should be sent with cross-site requests.
With CA Cert No Specifies whether self-signed TLS certificates must be verified.
Basic Auth Details
User user name User name for logging in to LogLogic server.
Password password Password for logging in to LogLogic server.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 39 | Administration
Administration
Administration feature enables Role Based Access Control (RBAC) in TIBCO OI Hawk RedTail - Container Edition by granting and revoking privileges to content packs. The administrator can create, modify, and delete roles and users through role management and user management page in TIBCO OI Hawk RedTail - Container Edition. This chapter demonstrates the operations related to administration. • Administration Tab • Adding a User • Adding a Role • Deleting a User or a Role • Configuring a Remote LDAP Server • Choosing a License
Administration Tab Administration is management of users and roles to define and control access privileges within the TIBCO OI Hawk RedTail - Container Edition environment. The Administration tab enables you to set up users and give them access to resources so that the operations in TIBCO OI Hawk RedTail - Container Edition can be conducted in a secured manner. The Administration tab consists of the Users page, the Roles page, and the Configure Remote LDAP page. You can decide the columns that must be displayed or hidden associated with the user or roles by clicking the Select Columns ( ) icon on the right side of the Users page and Roles page.
Actions The following actions are available on the Administration tab for administration: • Add new user - Navigate to the User page and then click the Add ( ) icon to create a new user for the Hawk agent. For details, see Adding a User. • Delete a user - Navigate to the User page, select a user and then click the delete ( ) icon to delete the user. For details, see To delete a user.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 40 | Administration
• Duplicate a user - Navigate to the User page, select a user and then click the duplicate ( ) icon to duplicate the details of the selected user. For details, see Duplicating a User. • Add new role - Navigate to the Roles page and then click the Add ( ) icon to create a new user for the Hawk agent. For details, see Adding a Role. • Delete a role - Navigate to the Roles page, select a user and then click the delete ( ) icon to delete the user. For details, see To delete a role. • Duplicate a role - Navigate to the User page, select a user and then click the duplicate ( ) icon to duplicate the details of the selected role. For details, see Duplicating a Role. • Choose a license - Navigate to the About page, choose the appropriate license and then click yes for changing the license in the Change License dialog box. For details, see Choosing a License.
Adding a User A user can be an administrator, an expert programmer or standard user. Use the following procedure to create a user in TIBCO OI Hawk RedTail - Container Edition.
You cannot add or duplicate a user if you have configured LDAP for remote authentication.
Procedure 1. Navigate to Administration > Users page. 2. On the Users page, click the Add ( ) icon.
3. In the Create User dialog box, enter the new Name, Email, and Password and assign a Role to the user. 4. Click Create.
Result A new user with the specified user name is listed on the page.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 41 | Administration
Duplicating a User To duplicate an existing user, perform the following steps: Procedure 1. Select the user name that you want to duplicate. 2. Click the duplicate ( ) icon.
3. In the Duplicate User window, enter the new Password, specify other parameters and then assign a Role to the user. 4. Click Create.
Result A duplicated user with the specified parameters is listed on the page.
Adding a Role You can use administration feature to centrally manage what the users can do in TIBCO OI Hawk RedTail - Container Edition. For example, you can control who can log in or have access to specific information and activities through the assignment of roles. You can only provide access and modification privileges to the features that are available with your license.
If you have configured LDAP for remote authentication, create a user group for the users configured via LDAP and assign a role to that user group.
For a better understanding about the available resource groups (features) for providing license based access privileges, see TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Concepts.
In the following image, a role is being created by giving READ-WRITE privileges to every resource group of the base content pack.
Create Role Window
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 42 | Administration
Procedure 1. Navigate to Administration > Roles page. 2. On the Roles page, click the Add ( ) icon.
3. In the Create Role window, enter the following information and click Create: — Name and Description for the new role. — Content Pack for which access to the resource group is to be provided. — Resource Group of the selected content pack. — Privileges assigned to the resource group.
Result A new role with the specified Role Name is listed on the Roles page.
Duplicating a Role If you want to duplicate an existing role, then perform the following steps: Procedure 1. Select the role that you want to duplicate.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 43 | Administration
2. Click the duplicate ( ) icon.
3. In the Duplicate Role window, specify the required information and click Create.
Result A duplicated role with the specified parameters is listed on the Roles page.
Deleting a User or a Role If you no longer require a user or a role in TIBCO OI Hawk RedTail - Container Edition, then you can delete the specified user or a role.
You cannot recover a user or a role after it is deleted.
To delete a user
Procedure 1. Navigate to Administration > Users page. 2. On the Users page, select the user that you want to delete. 3. Click the delete ( ) icon and confirm deletion when prompted.
To delete a role Follow these steps to delete an existing role in TIBCO OI Hawk RedTail - Container Edition.
You cannot delete a role if you have configured LDAP for remote authentication.
Procedure 1. Navigate to Administration > Roles page. 2. On the Roles page, select the role that you want to delete. 3. Click the delete ( ) icon and confirm deletion when prompted.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 44 | Administration
Configuring a Remote LDAP Server LDAP user authentication is the process of validating a user name and password combination with a directory server. Follow these steps to configure a remote LDAP server in TIBCO OI Hawk RedTail - Container Edition: 1. Navigate to Administration > Remote LDAP Server page and then specify the following parameters:
Parameter Description
LDAP Server IP IP address of the LDAP server
LDAP Server Port of the LDAP server Port
Base DN Base DN for the users to search
Admin DN LDAP manager user DN for accessing the server (prevent anonymous access to the server)
Admin LDAP admin password for accessing the server Password
SSL Enabled Enable this button to connect to the LDAP server over SSL
2. Click Test Connection to validate the entered values and then click Apply to establish the connection with the LDAP server with the specified values.
Choosing a License Based on your requirement, you can choose the license of TIBCO OI Hawk RedTail - Container Edition and enable or disable additional monitoring capabilities of TIBCO OI Hawk RedTail - Container Edition. To choose a license, perform the following steps: 1. Navigate to Administration > About. 2. Select a license in the About dialog box as per your requirement. 3. In the Change License confirmation window, click Yes. The session restarts and features based on the selected license are loaded.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 45 | Adding Custom Hawk Plug-Ins to the TIBCO OI Hawk RedTail - Container Edition Agent
Adding Custom Hawk Plug-Ins to the TIBCO OI Hawk RedTail - Container Edition Agent
A Hawk plug-in is a Hawk microagent that resides within the process space of a Hawk agent. These Hawk plug-ins communicate with third-party applications and use the protocols of the third-party applications to monitor and manage them. You can create your custom Hawk plug-ins and add them to the Hawk Agent container. Every plug-in requires a .hma file and a .jar file. The .hma file is a Hawk microagent configuration file, and the .jar file contains Java implementation of the methods that are exposed through the Hawk subsystem.
Procedure 1. Create a Java implementation of methods (.jar) that you want for the plug-in. Sample for reference:
2. Create the .hma file that defines the custom Hawk plug-in.Sample for reference:
a. Most important constituent of this .hma file is the startup class of the plug-in implementation mentioned under the
c. Absolute path of the implementation .jar files and all the required third-party libraries should be mentioned under
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 46 | Adding Custom Hawk Plug-Ins to the TIBCO OI Hawk RedTail - Container Edition Agent
3. Place the .hma and .jar files of your Hawk plug-in at
5. Run the containers. While running the containers, ensure that the hma_plugin_dir environment variable of hkce_agent is set to /loglogic/logu/hkceagent/plugin. 6. If Hawk Console is running, you can confirm if your plug-in is loaded in Hawk Agent by checking the list of microagents in the TIBCO OI Hawk RedTail - Container Edition UI. Check if the methods of the plug-in microagent are listed and if you can invoke and subscribe them.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 47 | TIBCO OI Hawk RedTail - Container Edition Programming
TIBCO OI Hawk RedTail - Container Edition Programming
TIBCO OI Hawk RedTail - Container Edition provides APIs to interact with Hawk® applications. You can use the following APIs in TIBCO OI Hawk RedTail - Container Edition:
Console API The Console API is a comprehensive set of Java interfaces that allow you to manage and interact with Hawk agents and monitor alerts generated by these agents. Both the Hawk Console and TIBCO Hawk® Event Service implement the Console API to monitor and manage agent behavior. Programmers can use the Console API to write custom applications similar to these applications to monitor agent behavior, subscribe to alert messages, and invoke microagent methods. For more information, see the TIBCO Hawk® Programmer's Guide.
Configuration Object API The Configuration Object API is a Java interface for writing custom rulebases. Rulebases are used by Hawk agents to monitor and manage systems and applications. The Configuration Object API provides classes to define rules, tests and actions. Instances of these classes are put together to define a new rulebase. For more information, see the TIBCO Hawk® Programmer's Guide.
AMI API The AMI API allows to monitor application statistics with the Hawk API and make them manageable using Hawk Agent. For more information, see the TIBCO Hawk® Programmer's Guide.
REST API You can use the REST API to access the TIBCO OI Hawk RedTail - Container Edition features such as Hawk Microagent methods, alerts, tag based rulebases, content packs, and query. Hawk console exposes for the other TIBCO OI Hawk RedTail - Container Edition components and external clients/ scripts. For more information, see the TIBCO Hawk®
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 48 | TIBCO OI Hawk RedTail - Container Edition Programming
Programmer's Guide and the "REST API Reference" section in TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User Guide.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 49 | Legal and Third-Party Notices
Legal and Third-Party Notices
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.
This document is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.
TIBCO, the TIBCO logo, the TIBCO O logo, TIB, Information Bus, Hawk, LogLogic, Rendezvous, and TIBCO BusinessWorks are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.
Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle Corporation and/or its affiliates.
This document includes fonts that are licensed under the SIL Open Font License, Version 1.1, which is available at: https://scripts.sil.org/OFL Copyright (c) Paul D. Hunt, with Reserved Font Name Source Sans Pro and Source Code Pro.
All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.
This software may be available on multiple operating systems. However, not all operating system platforms for a specific software version are released at the same time. See the readme file for the availability of this software version on a specific operating system platform.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 50 | Legal and Third-Party Notices
THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.
This and other products of TIBCO Software Inc. may be covered by registered patents. Please refer to TIBCO's Virtual Patent Marking document (https://www.tibco.com/patents) for details. Copyright © 2011-2020. TIBCO Software Inc. All Rights Reserved.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration