Complete the following steps to install PingIntelligence Dashboard.
- Create a
<ping_install_dir>
directory on your host machine. Make sure that the user has read and write permissions for the<ping_install_dir>
directory. - Download the PingIntelligence Dashboard binary
- Download Elasticsearch 6.8.1 (macOS/RHEL)
- Change directory to
ping_install_dir
:# cd pi_install_dir
- Untar the PingIntelligence Dashboard:
# tar -zxf pi-api-dashboard-5.1.tar.gz
- Change directory to
pingidentity/webgui/
# cd pingidentity/webgui/
- Install PingIntelligence
Dashboard by entering the following command and follow the instructions
displayed on the prompt:
# ./bin/pi-install-ui.sh
# ./bin/pi-install-ui.sh elasticsearch-7.13.4.tar.gz file path > Use bundled ssl key and self signed certificate for ui server [y/n]? >[y] Use default password [changeme] for all components and users [y/n]? >[y] ABS url >[https://127.0.0.1:8080] ABS access key >[abs_ak] ABS secret key >[abs_sk] API Service URL >[https://127.0.0.1:8050] Kafka Host:Port >[127.0.0.1:9093] Kafka Authentication username >[pi4api_de_user] Kafka Group ID >[pi4api.data-engine] ASE management url >[] extracting elasticsearch package creating elasticsearch config keystore warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME Created elasticsearch keystore in <pi_install_dir>/pingidentity/elasticsearch/config/elasticsearch.keystore elasticsearch config keystore created Generating a 2048 bit RSA private key ..........................................+++ ........................+++ writing new private key to 'config/ssl/autogen_es.key' ----- creating password protected pkcs#12 keystore for elasticsearch private key and certificate pkcs#12 keystore created at config/ssl/elastic-certificates.p12 warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME configuring elasticsearch. Please wait 15 seconds warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release. elasticsearch config is completed configuring dataengine configuring webgui starting webgui for configuration update WebGUI configured for UTC timezone. WebGUI 5.1 starting... please see <pi_install_dir>/pingidentity/webgui/logs/admin/admin.log for more details success: password updated. Note: All active sessions for this user are invalidated. Login with new credentials success: password updated. Note: All active sessions for this user are invalidated. Login with new credentials WebGUI 5.1 WebGUI is stopped. webgui configuration done UI configuration done writing internal credentials to <pi_install_dir>/pingidentity/webgui/install/webgui_internal.creds Start UI [y/n]? >[y] starting elasticsearch... warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release. elasticsearch started starting dataengine Data Engine configured for UTC timezone. PingIntelligence Data Engine 5.1 starting... Data-Engine started starting webgui WebGUI configured for UTC timezone. WebGUI 5.1 starting... please see <pi_install_dir>/pingidentity/webgui/logs/admin/admin.log for more details Please access WebGUI at https://<pi_install_host>:8030 <pi_install_host> can be ip address, hostname or fully qualified domain name of this server. <pi_install_host> should be reachable from your computer. Credentials: 1) Username: admin Password: changeme 2) Username: ping_user Password: changeme Important Actions: 1) Credentials for all internal components are available in <pi_install_dir>/pingidentity/webgui/install/webgui_internal.creds file. Move this file from this server and securely keep it elsewhere. For any debugging purposes you will be asked to get credentials for a component from this file. 2) Following obfuscation master keys are auto-generated <pi_install_dir>/pingidentity/webgui/config/webgui_master.key <pi_install_dir>/pingidentity/dataengine/config/dataengine_master.key
Note:
The ASE management url is an optional parameter.
- Verify the installation
- You can verify the installation by checking the process IDs (PID) of each
component. You can check the
pid
of components at the following location:- Elasticsearch: <pi_install_dir>/elasticsearch/logs/elasticsearch.pid
- Dataengine: <pi_install_dir>/dataengine/logs/dashboard.pid
- Webgui: <pi_install_dir>/webgui/logs/webgui.pid
- Tune Dashboard performance parameters
- Configure the following three parameters for Dashboard's better performance.
Note that the following tuning parameters if you have your setup of
Elasticsearch.
If you have used PingIntelligence automated deployment or
pi-install-ui.sh
script to deploy Dashboard, these tuning are done as part of installation.Parameter Description Location Elasticsearch
-Xms and -Xmx
- Xms - Defines the minimum heap size of
Elasticsearch. Set it to 4GB as
Xms4g
. - Xmx - Defines the maximum heap size of
Elasticsearch. Set it to 4GB as
Xmx4g
.
$ES_HOME/config/jvm.options
thread_pool.search.size
Defines thread pool size for count/search/suggest operations in Elasticsearch. Configure it to 50% of total CPUs allocated.
$ES_HOME/config/elasticsearch.yml
- Xms - Defines the minimum heap size of
Elasticsearch. Set it to 4GB as
- Mitigating XSS
- To detect and mitigate attacks like Cross Site Scripting (XSS), PingIntelligence Dashboard
implements Content Security Policy (CSP). The following are the
configuration
details.
Response header - Content-Security-Policy
Response header value - default-src ‘self’; font-src ‘self’ use.typekit.net; script-src ‘self’ use.typekit.net; style-src ‘self’ ‘unsafe-inline’ use.typekit.net p.typekit.net; img-src ‘self’ data: p.typekit.net;