TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration Version 7.0.0 November 2020
Copyright © 2011-2020. TIBCO Software Inc. All Rights Reserved. 2 | Contents
Contents
Contents 2
TIBCO Documentation and Support Services 4
TIBCO® OI Hawk® RedTail - Container Edition Overview 6
Deployment Architecture and Components 7 Hawk Agent 8 Hawk Microagents 8 Hawk Console 9 Grafana 9 Time Series Storage (Prometheus) 9 Apache Zookeeper 10 Query Node 10 Webapp 10
Hardware and Software Requirements 11
Building Docker Images for the Components 13
Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode 16
Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster 18
Persistent Volume Claim for TIBCO OI Hawk RedTail - Container Edition Nodes 19
Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components 20
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 3 | Contents
Configuring Grafana Data Source 36
Administration 39 Administration Tab 39 Adding a User 40 Adding a Role 41 Deleting a User or a Role 43 Configuring a Remote LDAP Server 44 Choosing a License 44
Adding Custom Hawk Plug-Ins to the TIBCO OI Hawk RedTail - Container Edition Agent 45
TIBCO OI Hawk RedTail - Container Edition Programming 47
Legal and Third-Party Notices 49
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 4 | TIBCO Documentation and Support Services
TIBCO Documentation and Support Services
For information about this product, you can read the documentation, contact TIBCO Support, and join TIBCO Community.
How to Access TIBCO Documentation Documentation for TIBCO products is available on the TIBCO Product Documentation website, mainly in HTML and PDF formats. The TIBCO Product Documentation website is updated frequently and is more current than any other documentation included with the product. To access the latest documentation, visit https://docs.tibco.com.
Product-Specific Documentation The following for this product is available on the TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Product Documentation page. The following documents for this product can be found in the TIBCO Documentation site:
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Release Notes
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Concepts
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User Guide
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Microagent Reference
l TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Security Guidelines
How to Join TIBCO Community TIBCO Community is the official channel for TIBCO customers, partners, and employee subject matter experts to share and access their collective experience. TIBCO Community offers access to Q&A forums, product wikis, and best practices. It also offers access to extensions, adapters, solution accelerators, and tools that extend and enable customers to gain full value from TIBCO products. In addition, users can submit and vote on feature
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 5 | TIBCO Documentation and Support Services requests from within the TIBCO Ideas Portal. For a free registration, go to https://community.tibco.com.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 6 | TIBCO® OI Hawk® RedTail - Container Edition Overview
TIBCO® OI Hawk® RedTail - Container Edition Overview
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition (TIBCO® OI Hawk® RedTail - Container Edition) is a tool for monitoring and managing distributed applications. TIBCO OI Hawk RedTail - Container Edition also provides public APIs to develop custom components (using the REST API, Hawk AMI, and Hawk Console API) as required. For more information about the APIs, see TIBCO Hawk® Programmer's Guide. For more information about REST APIs, see "REST API Reference" in TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User Guide. You can enable additional monitoring capabilities in TIBCO OI Hawk RedTail - Container Edition with the "Standard Edition" license of the application. TIBCO OI Hawk RedTail - Container Edition is a set of containerized microservices which are used to monitor and manage the infrastructure and applications that are running in the private cloud. The monitoring is enabled using Hawk Rulebases which monitor particular application or system resources and takes an action when the specific conditions are detected. This is possible with pre-bundled and externally configurable micoragents and rulebases.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 7 | Deployment Architecture and Components
Deployment Architecture and Components
TIBCO OI Hawk RedTail - Container Edition is typically deployed in a private cloud environment such as Kubernetes, where it can monitor TIBCO and non-TIBCO applications and services. TIBCO OI Hawk RedTail - Container Edition is a set of microservices. Each microservice provides distinct features and capabilities. The following figure shows the components of TIBCO OI Hawk RedTail - Container Edition in a Kubernetes cluster for monitoring TIBCO and non-TIBCO applications and services.
TIBCO OI Hawk RedTail - Container Edition architecture
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 8 | Deployment Architecture and Components
The following components are a part of the TIBCO OI Hawk RedTail - Container Edition deployment architecture: • Hawk Agent • Hawk Microagents • Hawk Console • Grafana • Time Series Storage (Prometheus) • Apache Zookeeper • Query Node • Webapp These components run as separate microservices and can be configured as required. You can configure these components using the environment variables in manifest files or Kubernetes Helm charts. See Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Hawk Agent The Hawk Agent is a process that monitors activity on a particular application by using microagents. In TIBCO OI Hawk RedTail - Container Edition, the Hawk Agent has built-in microagents to monitor the Kubernetes cluster or Docker infrastructure. The Hawk Agent uses rulebases to automate the monitoring using rules, alerts and actions. The Hawk Agent container connects to the Hawk Console container to form a cluster by using the TCP transport for Hawk.
Hawk Microagents
TIBCO OI Hawk RedTail - Container Edition has built-in microagents for monitoring Kubernetes infrastructure, or Docker host (if the deployment is on Docker) and you can also configure other microagents to monitor TIBCO and non-TIBCO applications/ services for example, TIBCO BW CE, FTL, AMX, etc. For more information, refer to TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Microagent Reference Guide. Hawk Microagents connect to Hawk Agent using the TCP Transport for Hawk.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 9 | Deployment Architecture and Components
Hawk Console You can use the REST API to access the TIBCO OI Hawk RedTail - Container Edition features like Hawk Microagent methods, Alerts, Tag based Rulebases, Content Packs, and Query. The Hawk Console and the Query Node exposes the other TIBCO OI Hawk RedTail - Container Edition components and external clients/scripts. The Hawk Console exposes administration and functional APIs and the Query Node exposes APIs to execute a query and other query related operations. The following REST APIs can be accessed separately using Swagger pages as follows: • Hawk Console: https://
Grafana The Grafana component enables you to create customized dashboards. You can create and maintain multiple dashboards at once and you now also have the ability to customize the panels within the dashboards in which multiple queries can be configured. Each panel can utilize the visualizations such as line charts, tables, and gauges. This is possible by using the Grafana RedTail Datasource Plugin. This is the default plugin that acts as a translator between Grafana and TIBCO OI Hawk RedTail - Container Edition. The plugin fetches the query results from TIBCO OI Hawk RedTail - Container Edition and then converts those results into Grafana compatible information. Grafana then displays this translated information in the form of visualization specified by the user. For more information about Grafana, see https://grafana.com/docs/.
Time Series Storage (Prometheus) A time-series database is used to store and retrieve data records that are part of a “time series,” which is a set of data points that are associated with timestamps. The data is collected from a data source over a period of time. A time-series database lets you store large volumes of time stamped data in a format that allows fast insertion and fast retrieval to support complex analysis on that data. The collection of data is done by using metrics exporter. An exporter converts standard metrics into time series compatible metrics. The Hawk Console acts as a Prometheus Exporter meaning the Prometheus server scrapes metrics from Hawk Console at a regular interval. The Hawk Console will generate metrics by subscribing to microagent methods of different Hawk Agents. For more information about Prometheus, see https://prometheus.io/docs/.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 10 | Deployment Architecture and Components
Apache Zookeeper Apache ZooKeeper is a centralized service for maintaining configuration information, naming conventions, and providing group services. These services are used in distributed applications.
Query Node Query node helps in the creation of a search query for collecting the data about the metrics by using the Operational Intelligence Search Query Language. The search query supports EQL (Event Query Language) and a subset of SQL (Structured Query Language). You can perform queries using Data Models, which are normalized data sets automatically created for every collected metric/ Hawk microagent data. You can also use filters, limited regular expressions and time range filters in the queries. For more information about querying, see TIBCO® Operational Intelligence Hawk® RedTail - Container Edition User's Guide.
Webapp Webapp provides a central view of all the distributed components interacting within the TIBCO OI Hawk RedTail - Container Edition environment. It provides a pictorial view of the infrastructure components that are monitored in the environment.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 11 | Hardware and Software Requirements
Hardware and Software Requirements
Hardware Requirements
Container Persist Volume CPU Memory JAVA_ Name Data OPTS Limits Requests Limits Requests Limits
Zookeeper Yes 50 MB 100m 1 CPU 200Mi 1Gi -
Mysql Yes 1 GB 500m 1 CPU 500Mi 2Gi -
Hawk Console Yes 50 MB 500m 2 CPU 500Mi 2Gi -Xms500m - Xmx2g
Hawk Agent Yes 50 MB 500m 2 CPU 500Mi 2Gi -Xms500m - Xmx2g
Query Node No NA 500m 1 CPU 1Gi 2Gi -Xms500m - Xmx2g
Prometheus Yes 10 GB 500m 2 CPU 500Mi 2Gi -
Webapp No NA 500m 1 CPU 500Mi 2Gi -
Grafana Yes 10 MB 500m 1 CPU 500Mi 2Gi -
nginx No NA 50m 0.1 100Mi 100m - Prometheus
nginx No NA 50m 0.1 100Mi 100m - Grafana
Software Requirements
l Operating System: For a complete list of supported platforms and versions, see the TIBCO OI Hawk RedTail - Container EditionReadme file.
l Docker (19.03 or later) installed and configured with initial setup on the machine. For complete details on Docker installation, see the Docker documentation.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 12 | Hardware and Software Requirements
l From the Oracle MySQL website, download the following file (in .tar.gz format) to the
Item Operating System Example file name
MySQL Java Connector MacOS, Linux (CentOS) mysql-connector-java-
When you obtain third-party software or services, it is your responsibility to ensure you understand the license terms associated with such third-party software or services and comply with such terms.
l OpenSSL 2.x or later installed and configured.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 13 | Building Docker Images for the Components
Building Docker Images for the Components
Before you can run TIBCO OI Hawk RedTail - Container Edition components, you must create Docker images for those components.
Before you begin The workstation used for building container images for TIBCO OI Hawk RedTail - Container Edition must meet the following requirements:
l Requirements specified at Hardware and Software Requirements.
l Internet connectivity for downloading base images from the Docker repository.
l Download TIBCO OI Hawk RedTail - Container Edition software package from the TIBCO Software Product Download Site (https://edelivery.tibco.com/). Extract the TIBCO OI Hawk RedTail - Container Edition archive file to a directory
l Optional: Edit the certificate configuration for generating the certificates and keys required to establish secure communication between the TIBCO OI Hawk RedTail - Container Edition components. For more information, see TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Security Guidelines.
TIBCO OI Hawk RedTail - Container Edition supports only the following images and versions.
Component Base Image Version
Query Node openjdk 11.0.8-jre-slim
Hawk Agent openjdk 11.0.8-jre-slim
Hawk Console openjdk 11.0.8-jre-slim
Database mysql 5.7
Prometheus prom/prometheus 2.22
Grafana grafana/grafana 7.0.3
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 14 | Building Docker Images for the Components
Component Base Image Version
Zookeeper zookeeper 3.5.5
WebApp node 10-alpine
Procedure 1. Build the container images by using the following command
$ cd
$ ./build-all.sh
2. Verify the newly created images by using the following command:
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
redtail/grafana 1.0 2691db19d052 2 days ago 159MB
redtail/hkceagent 1.0 bb1ad301f099 2 days ago 454MB
redtail/hawkconsolenode 1.0 b7b91398c969 2 days ago 366MB
redtail/webapp 1.0 82bbdb588a59 2 days ago 239MB
redtail/querynode 1.0 c2edbc52cdd6 2 days ago 355MB
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 15 | Building Docker Images for the Components
redtail/base 1.0 ab7cc2b8b56f 2 days ago 267MB
redtail/mysql 1.0 fbdbf94a7d87 3 days ago 449MB
redtail/zookeeper 1.0 d1bca35bc54d 13 days ago 254MB
openjdk 11.0.8-jre-slim 548394273fb4 2 weeks ago 204MB
node 10-alpine 57006130ce4b 3 weeks ago 83.5MB
prom/prometheus latest cdfc440228d0 6 weeks ago 168MB
mysql 5.7 ef08065b0a30 6 weeks ago 448MB
grafana/grafana 7.0.3 22fccd4fab0a 4 months ago 158MB
What to do next After building the Docker images, you can run the Hawk containers of these images. You can run the TIBCO OI Hawk RedTail - Container Edition components in the following modes:
l In standalone mode, seeRunning TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode.
l In a multi-host environment, see Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 16 | Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode
Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode
The connection configuration for TIBCO OI Hawk RedTail - Container Edition components can be done by using the environment variables. For more information on the environment variables available for each component, see Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components. Docker provides a Compose tool for defining and running multi-container Docker applications. With the Compose tool you can provide all the configurations for all your containers in a single YAML file (docker-compose.yml). Then, using only a single command you can start the containers with the specified configurations. You can access the docker files at
Procedure 1. Create the docker-compose.yml file with required configurations in a temporary folder. For more information about the Docker Compose tool, see the Docker Compose documentation.
2. On the command line, browse to the docker-compose.yml file and run the following command to run all TIBCO OI Hawk RedTail - Container Edition component containers with specified configurations:
docker-compose up -d
3. You can verify that all containers are running by using the following command:
docker ps
What to do next If you have Webapp URL running, you can access it at https://
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 17 | Running TIBCO OI Hawk RedTail - Container Edition in Standalone Docker Compose Mode
Viewing Container Logs All component containers of TIBCO OI Hawk RedTail - Container Edition publish their logs on stdout. To view logs of a particular container, run the following command:
docker logs
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 18 | Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster
Running TIBCO OI Hawk RedTail - Container Edition Containers in Kubernetes Cluster
Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications. The administrator must be familiar with Kubernetes concepts before deploying TIBCO OI Hawk RedTail - Container Edition. For more information about Kubernetes, see the Kubernetes documentation.
Procedure 1. Set up a Kubernetes cluster. For more information, see Kubernetes Documentation. 2. Create a repository with the same name as the Docker image of TIBCO OI Hawk RedTail - Container Edition components. Upload the component images to the repository.
You might need to tag the images differently based on the cloud platform registry requirements.
3. Deploy the manifest files for each of the TIBCO OI Hawk RedTail - Container Edition components and deploy using standard Kubernetes deployment procedures. Refer to the sample Kubernetes YAML files for each of the TIBCO OI Hawk RedTail - Container Edition components at
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 19 | Persistent Volume Claim for TIBCO OI Hawk RedTail - Container Edition Nodes
Persistent Volume Claim for TIBCO OI Hawk RedTail - Container Edition Nodes
The following information about persistent volume claims is required to persist the data of TIBCO OI Hawk RedTail - Container Edition components.
Container Persistent Data Path Name Volume Required
Zookeeper Yes /data/zk
Mysql Yes /var/lib/mysql
Hawk Yes /loglogic/logu/hawkconsolenode/repo Console
Hawk Agent Yes /loglogic/logu/hkceagent/plugin/hawkuc/data/resources/config
Query Node No -
Prometheus Yes /prometheus
Webapp No -
Grafana Yes /var/lib/grafana
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 20 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Each component of TIBCO OI Hawk RedTail - Container Edition can be configured using the environment variables. These environment variables can be provided in a YAML file. Supply this YAML file to the Docker Compose utility to run the component containers with these configurations.
Hawk Agent Environment Variables
Environment Mandatory Suggested Description Variable Value
agent_domain No None The agent_domain environment variable sets the Hawk agent domain.
agent_name No Hostname of The agent_name environment variable sets the name of Hawk agent. If not provided, set it to the host name of the hkce_agent container. hkce_agent container
auto_config_ No None • The auto_config_dir environment variable specifies the directory from where the configuration objects are loaded for the agent to run in auto-configuration mode. dir • When this option is not used, the agent operates in manual configuration mode. When using the manual configuration mode, use the config_path variable.
Note: By default the auto_ config_dir is created inthe hkce_ agent container. Since any file or folder created inthe container has a transient nature, removing hkce_agent container might lead to loss of rulebases that were stored in the directory specified in auto_ config_dir. Thus, to avoid this issue, use the Docker volume to persist the rulebases and set the auto_ config_dir to the destination of the Docker volume within the hkce_ agent container.
config_path No None • The config_path environment variable specifies the directory from where the configuration objects are loaded for the agent to run in manual configuration mode.
• This variable cannot be used with the auto_config_dir variable.
• The delimiter for path entries is the colon (:) symbol.
hawk_domain No "default" The hawk_domain environment variable sets the Hawk domain name.
hma_plugin_ No - The hma_plugin_dir environment variable specifies the directory used for Hawk microagent plug-in configuration. dir
log_level No 7 The log_level environment variable identifies the log level. The values of the log_level environment variable are:
l 4 (ERROR)
l 6 (WARN)
l 7 (INFO)
l 8 (DEBUG)
l 16 (TRACE)
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 21 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Description Variable Value
tcp_daemon_ Yes localhost:2561 The tcp_daemon_url environment variable specifies the URL that Hawk agent uses to connect to Hawk console to join TCP cluster. This is basically the self_url of Hawk console. url
tcp_self_url Yes localhost:2551 The tcp_self_url environment variable specifies the self URL for the TCP Transport for TIBCO Hawk. The URL is in the form
ami_tcp_ No localhost:2571 The ami_tcp_session environment variable specifies the URL that the external Microagents (e.g. HKBWCE) use to connect to Hawk agent to join the agent's TCP sub-cluster. session
Environment variables for Email Configurations
email_smtp_ No None The email_smtp_server environment variable identifies the SMTP server host name for sending emails. server
email_smtp_ No 25 The email_smtp_port environment variable identifies the SMTP server port. port
email_smtp_ No false The email_smtp_auth_required environment variable specifies whether the SMTP server authentication is required or not. auth_required
email_smtp_ No false The email_smtp_tls_required environment variable specifies whether the SMTP server requires TLS or not. tls_required
email_smtp_ No 25 The email_smtp_socket_factory_port environment variable specifies the SMTP socket factory port needed for TLS. socket_ factory_port
email_smtp_ No None The email_smtp_user environment variable SMTP server user name. This variable is required only if SMTP server authentication is configured to true. user
email_smtp_ No None The email_smtp_password environment variable specifies the user password for the SMTP server. This variable is required only if SMTP server authentication is set to true. password
Environment Variables for TCP Transport TLS Configuration
tcp_key_store No None Path of the key store file.
tcp_trust_ No None Path of the trust store file. store
tcp_key_ No None Password for the key store file. store_ password
tcp_key_ No None Encrypted key password. password
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 22 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Description Variable Value
tcp_trust_ No None Password for the trust store file. store_ password
tcp_ssl_ No TLSv1.2 Protocol for a secure connection. protocol
tcp_enabled_ No TLS_RSA_WITH_ Algorithm to be used for the security protocol. You can specify multiple algorithms as comma-separated list without space. algorithms AES_128_CBC_ SHA
Hawk Console Environment Variables Port: 9687
Environment Variable Mandatory Suggested Value Description
zookeeper.connectString Yes zookeeper:9600 Host and port of zookeeper.
LOAD_CONFIG_FROM_ENV Yes TRUE Flag to indicate whether to load variables from environment variables or to use predefined default values.
waitForServices Yes zookeeper:9600, Services after which hawkconsolenode starts. dbnode:3306
tcp_self_url Yes hawkconsolenode:2561 The tcp_self_url environment variable specifies the self URL for the TCP Transport for TIBCO Hawk. The URL is in the form
hawk_domain Yes redtail The Hawk domain name.
publicIp Yes hawkconsolenode The service name of the hawkconsole component which gets registered with zookeeper.
machineId Yes machine-0000000000 Internal component ID.
unity.services.rest.host Yes 0.0.0.0 Host IP for hawkconsole REST communication.
hawk_console_server_port Yes 9687 Listen port for Hawkconsole REST communication.
hawk_console_repository_path Yes /loglogic/logu/hawkconsolenode/repo Hawk console repository path.
JAVA_OPTS No
For example, -Xms512m -Xmx2g
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 23 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
GRAFANA_URL Yes http://grafana:3000 Grafana URL.
REST_TLS_CIPHERS Yes TLS_ECDHE_RSA_WITH_AES_128_CBC_ Supported Cipher Suites. SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_ SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_ SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_ SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_ SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_ SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_ SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_ SHA256
REST_TLS_KEY_FILE Yes /loglogic/conf/certs/key Key pair used for setting up REST TLS communication.
REST_TLS_KEY_PASSWORD Yes
REST_TLS_CERT_FILE Yes /loglogic/conf/certs/certificate Certificate used for REST TLS communication.
REST_TLS_CACERT_FILE Yes /loglogic/conf/certs/cacert Certificate of the CA used to sign the REST TLS certificate.
TLS_SKIP_CERTIFICATE_VERIFICATION No false Skip certificate verification
TLS_SKIP_HOSTNAME_VERIFICATION No true Skip hostname verification
JWT_SIGNING_KEY_FILE No /loglogic/conf/certs/key Path to JWT signing key.
JWT_SIGNING_KEY_PASSWORD No
JWT_TTL No 300 JWT token time to live value (in minutes).
PROMETHEUS_TLS_CACERT_FILE No /loglogic/conf/certs/cacert Path to the CA cert which signed Prometheus server certificate. This is required for Prometheus to securely connect with Hawk Console for scraping metrics.
PROMETHEUS_TLS_CN No Prometheus Common name defined in Prometheus certificate. This is required for Prometheus to securely connect with Hawk Console for scraping metrics.
GRAFANA_TLS_CACERT_FILE No NA Path to the Grafana CA certificate. This is valid in case where Grafana is secured with TLS.
datasource_url Yes jdbc:mysql: Connection URL to MySQL server.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 24 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
//dbnode:3306/logumon
datasource_drivername Yes com.mysql.jdbc.Driver JDBC class name.
datasource_username Yes root Database user name.
datasource_password Yes
datasource_connection_pool_initial_ No "10" Database Connection pool size at startup. size
datasource_connection_pool_max_idle No "20" Maximum number of idle connections allowed in the database connection pool.
datasource_connection_pool_max_ No 100 Maximum number of active connections allowed in the database connection pool. active
datasource_tls_cacert_file No /loglogic/conf/certs/cacert Path to the database CA certificate. This is valid if MySQL secured with TLS.
datasource_tls_skip_hostname_ No true Skip host name verification while communicating with database over TLS. verification
datasource_tls_skip_certificate_ No false Skip certificate verification while communicating with database over TLS verification
user_store_type Yes database Type of store where the users are stored.
Possible values: database, ldap
LDAP Configuration (All variables are mandatory if the variable user_store_type is ldap)
LDAP_HOST No NA Host name for the LDAP server.
LDAP_PORT No NA Port of the LDAP server.
LDAP_ADMIN_DN No NA Admin user DN.
LDAP_ADMIN_PASSWORD No NA Admin user password
LDAP_BASE_DN No NA LDAP Base DN.
LDAP_UID_ATTR No CN Attribute to use as a user name.
LDAP_SSL_ENABLED No false Set to true, if communication with LDAP is over SSL.
LDAP_DISABLE_HOSTNAME_VERIFICATION No true Skip LDAP server hostname verification.
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 25 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Variable Mandatory Suggested Value Description
LDAP_TLS_CACERT_FILE No NA Path to the CA certificate of LDAP server
TLS Configuration
TLS_CLIENT_KEY_FILE No NA Path to hawkconsolenode client key. Required for mutual authentication with any other component/ client. For example, if Grafana is configured with a reverse proxy using TLS via mutual authentication.
TLS_CLIENT_KEY_PASSWORD No NA Password to hawkconsolenode client key.
TLS_CLIENT_CERT_FILE No NA Path to hawkconsolenode client certificate.
log_level No INFO Specifies the level of diagnostic information stored in the logs. The following are the logging levels: • ERROR - Indicates error level trace messages should be enabled.
• WARNING - Indicates warning level trace messages should be enabled.
• INFO - Indicates information level trace messages should be enabled.
• DEBUG - Indicates debug level trace messages should be enabled.
• TRACE - Indicates AMI level trace messages should be enabled.
Environment Variables for TCP Transport TLS Configuration
tcp_key_store No None Path of the key store file.
tcp_trust_store No None Path of the trust store file.
tcp_key_store_password No None Password for the key store file.
tcp_key_password No None Encrypted key password.
tcp_trust_store_password No None Password for the trust store file.
tcp_ssl_protocol No TLSv1.2 Protocol for a secure connection.
tcp_enabled_algorithms No TLS_RSA_WITH_AES_128_CBC_SHA Algorithm to be used for the security protocol. You can specify multiple algorithms as comma-separated list without space.
Grafana component Environment Variables Port: 3000
TIBCO® Operational Intelligence Hawk® RedTail - Container Edition Installation, Configuration, and Administration 26 | Environment Variables for TIBCO OI Hawk RedTail - Container Edition Components
Environment Mandatory Suggested Value Description Variable
GF_USERS_ALLOW_ Yes false When set to false: Prohibits users from being able to sign up or create user accounts. The admin user can still create users from the Grafana SIGN_UP Admin Pages.
Default: false.
GF_USERS_AUTO_ Yes true When set to true: Automatically adds new users to the main organization (ID 1). ASSIGN_ORG When set to false: A new organization is created for the new user automatically.
Default: true.
GF_USERS_AUTO_ Yes Editor The role new users are assigned for the main organization (if GF_USERS_AUTO_ASSIGN_ORG is set to true). Defaults to Viewer, other valid options are ASSIGN_ORG_ROLE Admin and Editor. For TIBCO OI Hawk RedTail - Container Edition, this value should be Editor.
GF_USERS_DEFAULT_ Yes light Set the default UI theme: dark or light. Default is dark. For TIBCO OI Hawk RedTail - Container Edition, the suggested value is light THEME
GF_AUTH_PROXY_ Yes true Set to true, for Grafana to let a HTTP reverse proxy handle authentication. For TIBCO OI Hawk RedTail - Container Edition, this value should be ENABLED true.
GF_AUTH_PROXY_ Yes X-WEBAUTH-USER HTTP Header name that contains the user name. HEADER_NAME
GF_AUTH_PROXY_ Yes user name HTTP Header property, defaults to 'username'. HEADER_PROPERTY
GF_AUTH_PROXY_ Yes true Set to true to enable auto sign up of users who do not exist in Grafana DB. Defaults is true. AUTO_SIGN_UP
GF_SERVER_DOMAIN Yes grafananode This setting is only used in as a part of the root_url setting.
GF_SERVER_HTTP_ Yes 3000 The port to bind to; defaults to 3000. PORT
GF_SERVER_ROOT_URL Yes %(protocol)s://%(domain)s:%(http_ This is the full URL used to access Grafana from a web browser. port)s/grafana
GF_AUTH_BASIC_ Yes true Basic auth is enabled by default and works with built-in Grafana. For TIBCO OI Hawk RedTail - Container Edition, we need basic auth to be ENABLED enabled.
GF_SECURITY_ALLOW_ Yes true Default: false. EMBEDDING When false, the X-Frame-Options: deny HTTP header is set in Grafana HTTP responses. Thus, browsers do not allow rendering Grafana in ,