Post-Installation Tasks: Web Container¶
This page contains the post-installation tasks for the web container included in the Solution Manager (Apache Tomcat):
Before doing any of the changes described here, stop all the components of the Solution Manager installation.
The goal is to stop the web container of the Solution Manager. It is important to stop them all so the web container is stopped as well. If for example, you leave the Data Catalog started, the web container will not shut down and the changes will not take effect.
Enable Authentication on the Monitoring Interface¶
By default, the monitoring interface - Java Management Extensions (JMX) - of the web container (Apache Tomcat)
does not require authentication to connect to it. Note that by default,
only applications that run in the same host as the Solution Manager can connect to this interface.
That is because the value of the property
localhost by default so only connections from that host are allowed.
Consider enabling authentication in the monitoring interface of the web container, even though only local connections can connect. To do this, follow these steps:
Stop all the Solution Manager servers. The goal is to stop the web container. It is important to stop them all so the web container is stopped as well. If for example, you leave the Design Studio started, the web container will not shut down and the changes in the file
tomcat.propertieswill not take effect.
Edit the file
<SOLUTION_MANAGER_HOME>/resources/apache-tomcat/conf/tomcat.propertiesand set the property
Edit the file
<SOLUTION_MANAGER_HOME>/resources/apache-tomcat/conf/jmxremote.access(this is the value of the property
Make sure this file contains at least one line for the role
readwriteaccess level. That is, at least one line of this file is like this:
Any other role definitions are optional. See https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html for details on JMX access files.
Edit the file
<SOLUTION_MANAGER_HOME>/resources/apache-tomcat/conf/jmxremote.password(this is the value of the property
In this file, the line that starts with
controlRolecontains the password of that user.
So, if the line is like this:
The default password is “denodojmx”. That means that, for a monitoring application that wants to monitor the web container, the user name is
controlRoleand the password
To change the password, replace “denodojmx” with the desired password.
This file must contain an entry for all the roles defined in the file “jmxremote.access”. See https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html for details on JMX password files.
Change the privileges of the file
<SOLUTION_MANAGER_HOME>/resources/apache-tomcat/conf/jmxremote.passwordso it can only be read by the same user account that starts the Solution Manager servers.
To do this, execute these commands:
On Linux, run the following from the user account that starts the Solution Manager servers:
chmod 600 <DENODO_HOME>/resources/apache-tomcat/conf/jmxremote.password
On Windows, right-click the icon Command Prompt of the Windows menu and click Run as administrator.
In this prompt, run the following commands (replace
<denodo_user>with the user account with which the Solution Manager servers are started):
cd <DENODO_HOME>\resources\apache-tomcat\conf\ icacls jmxremote.password /setowner <denodo_user> icacls jmxremote.password /grant <denodo_user>:F icacls jmxremote.password /inheritance:r