Beruflich Dokumente
Kultur Dokumente
01 Introduction
The Pentaho Administration Console .02 Installing and Configuring the Pentaho Administration Console Note: The content on this page is not complete. The community is actively encouraged to add to, edit, and improve this document. The Pentaho Administration Console provides you with a central location from which to administer your Pentaho deployments. The console aggregates and simplifies many common administrative tasks such as managing users and roles, scheduling jobs, and managing services. The Administration Console changes how you interact with your Pentaho deployments by automating some of the tasks that you now perform manually.
The Pentaho Administration Console offers limited functionality compared to the feature-rich, subscription-only, Pentaho Enterprise Console. The Pentaho Enterprise Console provides additional functionality that allows you to monitor performance, remotely monitor activity on a Carte server instance (for Pentaho Data Integration), verify connections, test configuration settings, configure security, and much more. For more information about the Pentaho Enterprise Console, contact us.
Home
From your console home page (shown above), you are able access to important information about your Pentaho deployment. For example, status indicators appear in the tool bar when there is a critical error, a process that is currently running, or a warning you must research.
Indicates whether the server is online or offline Server online/Server offline. Opens the console configuration setup page Console setup. Refreshes console-related data Refresh console. Opens this document Documentation help.
Administration
From the Administration page you can manage users and roles, define data sources, manage admin services, and manage public (subscription) and private (regular) schedules.
Overview
This section provides you with information and instructions for installing and configuring your Pentaho Administration Console. The following topics are covered here: System Requirements Opening the Installation Zip File Securing the Console Enabling SSL in Pentaho Administration Console Starting the Pentaho Administration Console Stopping the Pentaho Administration Console Configuring the Pentaho Administration Console Establishing a Trusted Proxy
System Requirements
The Pentaho Administration Console requires Java SE runtime version 1.5 or later. The console has been tested with the Sun HotSpot Client VM. The default memory system parameters of the JVM (such as those parameters specifying maximum heap size) are adequate for running the console. Specifically, Pentaho recommends that you have at least 100MBs of free physical memory.
Note: The message Address already in use: JVM_Bind as the console starts, indicates that another program is using the port required by the The Pentaho Administration Console (8099). This port is currently not configurable. Note 2: The username / password combination for a fresh installation is 'admin' / 'password'. The login details are stored in 'pentaho_dir/administration-console/resource/config/login.properties'. See Configuring Security for more information.
Setting <platform-username>
Enter the time period in which the The Pentaho Administration Console console will ping the PCI to check if the server is running Enter length of time the The Pentaho Administration Console will wait for home page content from the server before displaying static HTML content. Paste the path to the solutions directory of the BI Server you want to administer. Paste the path to the Web application directory of the BI Server you want to administer into the Pentaho Web-App Path text box.
Adding Users
Follow the instructions below to add users to the BI Platform: 1. 2. 3. 4. 5. In the Administration Console go to Administration > Users & Roles. Click the Users icon if you are not in Users mode. Click the plus sign (+) next to Users. In the Details pane, enter the User Name, Password, Password Confirmation, and Description. Click OK. The new user's name appears in the list of users.
4. Click Update.
Deleting Users
Follow the instructions below to delete users and roles from the BI Platform: 1. 2. 3. 4. In the Administration Console go to Select the user or users you want to delete from the Users list. Click the minus sign (-) next to Users to delete the users you selected. A confirm message appears. Click OK to refresh the user list.
Finding Users
The User List Filter allows you to find specific users in the list of current users. To find a user, enter the first few letters of the user's name in the text box. A list of names matching your entry appears.
Managing Roles
Adding Roles
Follow the instructions below to add roles to the BI Platform: 1. 2. 3. 4. 5. In the Administration Console go to Administration > Users & Roles. Click the Roles icon if you are not in Roles mode. Click the plus sign (+) next to Roles. In the new window, type a new Role Name and Description. Click OK. The new role appears in the list of roles.
Editing Roles
Follow the instructions below to edit roles: 1. In the Administration Console go to Administration > Users & Roles. 2.
2. Select the role you want to edit. 3. In the right pane, edit the details as needed. 4. Click Update.
Deleting Roles
Follow the instructions below to roles from the BI Platform: 1. 2. 3. 4. In the Administration Console go to Administration > Users & Roles. Select role or roles you want to delete from the Roles list. Click the minus sign (-) next to Roles to delete the roles you selected. A confirm message appears. Click OK to refresh the roles list.
Finding Roles
The Role List Filter allows you to find specific roles in the list of current roles. To find a role, enter the first few letters of the role name in the text box. A list of role names matching your entry appears.
1. 2. 3. 4. 5. 6. 7. 8. 9.
In the Administration Console go to Administration > Data Sources. Click General to display basic configuration options. Click + (add) if you cannot find your data source in the list. In the left panel, type an easy-to-remember Connection Name. Type or select the Driver Class from the list. The database driver name you select depends on the type of database you are accessing. For example, org.hsqldb.jdbcDriver is a sample driver name for a HypersonicSQL database. Type the User Name and Password required to access your database. Type or select the URL from the list. This is the URL of your database. For example, jdbc:hsqldb:hsql://localhost/sampledata. JDBC establishes a connection to a SQL-based database and sends and processes SQL statements. Click Test. A success message appears if the connection is established. Click OK to save your entries.
Advanced Configuration
Follow the instructions below complete an advanced configuration: 1. In the Administration Console go to Administration > Data Sources. 2.
2. 3. 4. 5.
Click Advanced to display advanced configuration options. Enter the maximum number of active instances, (Max Active Conn), that can be allocated from this pool at the same time. Enter the maximum number of connections that can sit idle (# Idle Conn) in this pool at the same time. Enter a Validation Query. This SQL query that can be used by the pool to validate connections before they are returned to the application. If specified, this query must be an SQL SELECT statement that returns at least one row. 6. Enter the maximum number of milliseconds that the pool will "wait" (when there are no available connections) for a connection to be returned before throwing an exception. 7. Click Test. A success message appears if the connection is established. 8. Click OK to save your entries.
To delete a data source configuration: 1. Select the data source name from the list under Data Sources. 2. Click the minus sign (-) to delete the configuration. A confirmation message appears. 3. Click Update to save your changes.
Administration Services
Administration Services allow you to manage schedules and refresh the Pentaho BI Server settings.
The table below contains a short description of each administrative service: || Service || Description || Update RDBMS-based Solution Repository Delete Files Schedule Files Deletion Updates mirrored RDBMS-based Solution repository when Solution files are manually added to or edited on the master Solution repository on the local file system.
Removes files created in the content repository located in /pentaho-solution/system/content that are over 180 days old. To change, the number of days, edit the solution file clean_repository.xaction located in /pentaho-solution/admin Schedules the daily removal of files created in the content repository located in /pentaho-solution/system/content that are over 180 days old. To change, the number of days edit the solution file clean_repository.xaction located in /pentaho-solution/admin. To change the recurrence, edit the solution file schedule-clean.xaction located in /pentaho-solution/admin Deletes all the Solution files and their permissions from the RDBMS-based Solution repository. Copies all the Solutions files with default permissions from the master Solution repository on local file system.
Refreshes the Metadata cache when models are added, edited or deleted in the Solution repository.
sequences: 1. Under Scheduled Action, enter the path to each action sequence separated by commas. 2. Click OK.
.07 Glossary
.06 Using the Scheduler The Pentaho Administration Console
Glossary of Terms
Attribute
A property or field of an object in the directory.
BI Server
The BI Server consists of the Pentaho BI Platform and the libraries that deliver end user BI capabilities. The server runs inside a J2EE-compliant Application Server such as Apache, JBOSS AS, IBM WebSphere, WebLogic, and Oracle AS. The BI Server referred to in this document is your customized PCI. See also, Pre-Configured Installation (PCI).
Manager
A user with read access to relevant objects in the directory. If you're familiar with the JDBC API, a manager is analogous to a user name given along with a URL and password in a DriverManager.getConnection (url, user, password) call.
Pentaho BI Platform
The BI Platform is the core architecture and foundation of the Pentaho Open BI Suite. The BI Platform is composed of the libraries and compiled code that provide execution framework and services associated with logging, auditing, security, scheduling, ETL, Web Services, attribute repository, and rules engine. See also, BI Server.
Provider URL
A URL usually specifying protocol (such as ldap:// or ldaps://), host name, port, and root DN. If you are familiar with the JDBC API, a provider URL is analogous to a URL given along with a user name and password in a DriverManager.getConnection (url, user, password) call.
Root DN
The distinguished name of an object to which all search bases are relative.
Search base
An LDAP directory is hierarchical. Objects in the directory can have children and those children can have children, and so on. To search for relevant sub trees in the directory, a search base is necessary. The base indicates the DN of an object from which to start searching. Search bases are relative to the root DN. Stated differently: A search base is appended to the root DN to form a search base DN.
Search filter
A search filter is an expression that adheres to the rules specified in RFC 2254. It is always enclosed in parentheses.
Server repositories
The BI Server includes three embedded repositories that store the data necessary to define, execute, and audit a solution. These include: a solution Repository, a runtime repository, and an Audit Repository. The solution repository contains the metadata that defines solutions. The runtime repository contains items of work managed by the workflow engine. The audit repository contains tracking and auditing information.
Solution Engine
The BI Server contains the engines and components for reporting, analysis, business rules, email, desktop notifications, and workflow. These components are integrated together so that they can used to solve a BI-related problem. In a solution, the behavior, inter-operation, and user interaction of each subsystem is defined by a collection of solution definition documents. These documents are XML-based and contain the definitions of business processes, definitions that execute as part of processes on-demand, or called by Web services. These activities include definitions for data sources, queries, report templates, delivery and notification rules, business rules, dashboards, analytic views.
Passwords/Credentials
Passwords can be stored in clear text, obfuscated or checksummed. The class org.mortbay.util.Password should be used to generate all varieties of passwords,the output from which can be cut and pasted into property files or entered into database tables.
> java \-cp lib/jetty.jar org.mortbay.jetty.security.Password Usage - java org.mortbay.util.Password \[<user>\] <password> > java \-cp lib/jetty.jar org.mortbay.jetty.security.Password me you you OBF:20771x1b206z MD5:639bae9ac6b3e1a84cebb7b403297b79 CRYPT:me/ks90E221EY
JDBCLoginModule
The JDBCLoginModule stores user passwords and roles in a database that are accessed via JDBC calls. You can configure the JDBC connection information, as well as the names of the table and columns storing the username and credential, and the name of the table and columns storing the roles. Here is an example login module configuration file entry for it using an HSQLDB driver: login.conf
JDBCLoginModule { org.mortbay.jetty.plus.jaas.spi.JDBCLoginModule required debug="true" dbUrl="jdbc:hsqldb:." dbUserName="sa" dbPassword="password" dbDriver="org.hsqldb.jdbcDriver" userTable="myusers" userField="myuser" credentialField="mypassword" userRoleTable="myuserroles" userRoleUserField="myuser" userRoleRoleField="myrole"; };
There is no particular schema required for the database tables storing the authentication and role information. The properties userTable, userField, credentialField, userRoleTable, userRoleUserField, userRoleRoleField configure the names of the tables and the columns within them that are used to format the following queries: database query
select <credentialField> from <userTable> where <userField> =? select <userRoleRoleField> from <userRoleTable> where <userRoleUserField> =?
Credential and role information is lazily read from the database when a previously unauthenticated user requests authentication. Note that this information is only cached for the length of the authenticated session. When the user logs out or the session expires, the information is flushed from memory.
Be Careful Pay and extra attention to the semi-colon at the end of last entry in the login.conf. Without that you will get error in authentication. JDBCLoginModule key in the login.conf needs to be exactly same as the value in console.properties. Here is the snippet of a correct console.properties in this case
console.properties
# Security Authentication Section for Enterprise Console console.security.enabled=true console.security.roles.allowed=Admin,server-administrator,content-administrator console.security.roles.delimiter=, console.security.realm.name=Pentaho console.security.login.module.name=JDBCLoginModule console.security.auth.config.path=resource/config/login.conf console.security.callback.handler=org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler
Note that passwords can be stored in the database in plain text or encoded formats, using the org.mortbay.jetty.security.Password class.
DataSourceLoginModule
Similar to the JDBCLoginModule, but this LoginModule uses a DataSource to connect to the database instead of a jdbc driver. The DataSource is obtained by doing a jndi lookup on java:comp/env/$dnJNDIName Here is a sample login module configuration for it: login.conf
ds { org.mortbay.jetty.plus.jaas.spi.DataSourceLoginModule required debug="true" dbJNDIName="ds" userTable="myusers" userField="myuser" credentialField="mypassword" userRoleTable="myuserroles" userRoleUserField="myuser" userRoleRoleField="myrole"; };
PropertyFileLoginModule
With this login module implementation, the authentication and role information is read from a property file.
login.conf
The file parameter is the location of a properties file of the same format as the etc/realm.properties example file. The format is:
The contents of the file are fully read in and cached in memory the first time a user requests authentication.
console.properties
\# Pentaho Administration Console's Jetty Server Settings console.start.port.number=8088 console.stop.port.number=8033 \# SSL Section for Pentaho Administration Console console.ssl.enabled=false console.ssl.port.number=8143 keyAlias=jetty keyPassword=changeit keyStore=resource/config/keystore keyStorePassword=changeit trustStore=resource/config/keystore trustStorePassword=changeit wantClientAuth=false needClientAuth=false \# Security Authentication Section for Pentaho Administration Console console.security.enabled=true console.security.roles.allowed=admin console.security.roles.delimiter=, console.security.realm.name=Pentaho console.security.login.module.name=PropertiesFileLoginModule console.security.auth.config.path=resource/config/login.conf
By default the security is enabled. To change the roles you want to allow the application to access provide your list of roles in the console.security.roles.allowed property. By default the roles are comma separated but you can change that configuration also by providing your delimiter in the console.security.roles.delimiter property. The login module name needs to be provided for the property name console.security.login.module.name. This is the name you have given to your login module in the login.conf file. Finally you have to provide the location of your login.conf file in the console.security.auth.config.path property.
package org.mortbay.jetty.plus.jaas.spi; public abstract class AbstractLoginModule implements LoginModule { ... public abstract UserInfo getUserInfo (String username) throws Exception; }
UserInfo.java
package org.mortbay.jetty.plus.jaas.spi; public class UserInfo { public UserInfo (String userName, Credential credential, List roleNames) { ... } public String getUserName() { ... } public List getRoleNames () { ... } public boolean checkCredential (Object suppliedCredential) { ... } }
The org.mortbay.jetty.plus.jaas.spi.AbstractLoginModule implements all of the javax.security.auth.spi.LoginModule methods. All you need to do is to implement the getUserInfo method to return a org.mortbay.jetty.plus.jaas.UserInfo instance which encapsulates the username, password and role names (note: as {{java.lang.String}}s) for a user. The AbstractLoginModule does not support any caching, so if you want to cache UserInfo (eg as does the org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule) then you must provide this yourself.