Skip to content

_Common Configuration Tasks v1

Jump to bottom
Jonathan Beakley edited this page Jun 10, 2019 · 1 revision

This page has been deprecated. Please see the official Kubernetes Black Duck Installation Guide here.

This page describes how to make common configuration changes to a Black Duck deployment on Kubernetes/OpenShift after Black Duck is already installed. The instructions below generally relate to configuration changes that can be made via environment variables.

Please note that if you are looking for help with setting certain parameters when installing a fresh instance of Black Duck, please see the Black Duck Installation Parameters section of the Synopsys Operator wiki.

General Configuration Procedure

Much of Black Duck configuration is done through the setting of environment variables, which are stored in CRDs for Black Duck instances on Kubernetes/OpenShift deployed with Synopsys Operator. To make a configuration change relating to an environment variable in this situation, the procedure generally is as follows:

  1. Bring up the Black Duck custom resource for editing with the command kubectl edit blackduck <blackduck instance name>
  2. Change the value of the appropriate environment variable(s)
  3. Save the changes to the custom resource definition (if using the "vi" editor, save with ":wq")
  4. To restart the Black Duck instance, enter the following command:
kubectl patch blackduck <Your BD instance name> --type merge -p '{"spec":{"desiredState":"Stopped"}}'
kubectl patch blackduck <Your BD instance name> --type merge -p '{"spec":{"desiredState":"Running"}}'

Note: For best results, wait a few seconds between running the "Stopped" command and the "Running" command.

Note: If you wish to modify the configuration of a Kubernetes/OpenShift Black Duck instance that was not installed with Synopsys Operator, you must edit the config maps directly (rather than through the CRD). For instructions on this procedure, see the _Common Configuration Tasks page.

Sample Configuration Tasks

The following use cases are covered:

For help with other configuration tasks, see the links under the "Configuration" in the sidebar on the right.

Disabling IPv6

Certain Kubernetes environments, like Pivotal Container Service (PKS), do not properly support IPv6. Black Duck expects IPv6 to be enabled, and requires certain configuration to function in environments where IPv6 is disabled. If you want Black Duck to run in an environment where IPv6 is disabled, you must edit the IPv4_ONLY and BLACKDUCK_HUB_SERVER_ADDRESS environment variables (as discussed in the "Disabling IPv6" section of the Black Duck Installation Parameters page) using the General Configuration Procedure, above.

Web Server Hostname

If the Black Duck web server does not have a certificate pre-configured, the web server will generate a self-signed HTTPS certificate when the web server is first initialized. If the public hostname of the webserver is not contained in the Subject Alternative Name (SAN) of this certificate, then the browser may be unwilling to complete the TLS connection to the Black Duck Web Server. To avoid this issue, you should set the PUBLIC_HUB_WEBSERVER_HOST value to match the hostname that users enter in their browser when accessing Black Duck.

Public Web Server Port

By default, Black Duck's web server (nginx) is publicly available on localhost port 443. Although keeping the default port is generally recommended, there are a few circumstances in which you must change this port value.

The most common scenario for needing to change the public web server port is if you intend to access the Black Duck web UI through a Node Port (see Viewing the Black Duck Web UI for details). In this case, you must set the PUBLIC_HUB_WEBSERVER_PORT value to your nodeport value. To get the node port value, type:

kubectl get service webserver-np -n <BLACK DUCK NAMESPACE>

The number after the colon is the node port. Combine the IP address and the port to create the URL.

Secrets and Passwords

Managing Secrets and Passwords on Kubernetes and OpenShift

If you installed Black Duck in Kubernetes/OpenShift using Synopsys Operator (this is the recommended installation mechanism), then all secrets (and passwords) were created for you automatically.

Note: Passwords are stored as secrets.

To update a password for a Black Duck instance installed using Synopsys Operator, simply follow the instructions above to edit the custom resource definition (kubectl edit blackduck <blackduck instance name>) and modify the appropriate password accordingly. You will need to restart the Black Duck instance to have the change take effect.

Note: Once the Black Duck instance is restarted, you can see all the secrets with the following standard Kubernetes command:

kubectl get secrets -n <black-duck-namespace>

(This will show the secrets, but not the values.)

Proxies

If you need to configure Black Duck to work with external proxies (i.e., you need to access Black Duck's registration or Knowledge Base services on the external Internet), then work with your proxy server administrator to help set the following environment variables:

  • HUB_PROXY_HOST=
  • HUB_PROXY_PORT=
  • HUB_PROXY_SCHEME=
  • HUB_PROXY_USER=

These variables are essential for data centers that are air-gapped or otherwise do not have direct connectivity to the external Internet. Note that the following Black Duck services need access to the external Internet:

  • authentication
  • jobrunner
  • registration
  • scan
  • webapp

Authenticated Proxy Passwords

If you use an external proxy (see section above) that requires authentication, you will need to store the proxy password. The ideal way to store the password is to create a Kubernetes secret called HUB_PROXY_PASSWORD. The procedure for this is given in Secrets and Passwords, above.

Environment Variable Visualization

A diagram of a typical set of environment variables that would be exported for containers is shown, below:

PUBLIC_HUB_WEBSERVER_HOST=hub.my.company
PUBLIC_HUB_WEBSERVER_PORT=14085
volumeMounts:
- mountPath: /run/secrets
  name: dir-certs
+-----------------------+            
|                       |        
|    nginx (webserver)  |        HUB_PROXY_SCHEME=https           
|                       |        HUB_PROXY_HOST=proxy.my.company  HUB_PROXY_SCHEME=https
+-----------+-----------|        HUB_PROXY_PORT=8080              HUB_PROXY_HOST=proxy.my.company
            |                    +-------------------+            HUB_PROXY_PORT=8080
            |                    |                   |         +--------------+
            +--------------------+                   |         |   jobrunner  |
                                 |    webapp         |         +-+------------+
                                 |                   |              |
 HUB_PROXY_HOST=proxy.my.company +--------------------       +------+
 HUB_PROXY_PORT=8080                  |                      |
      +---------------+               |                      |
      |  registration |               |   +------+           |
      +---------------+               +---+ psql +-----------+
                                          +------+

Introduction

Troubleshooting

Deprecated

Clone this wiki locally