====== Administration ======

===== Purpose =====

  * The Redpeaks cockpit administration menu allows to manage global application settings such as:
    * Databases connections and tenant definitions
    * Global settings and logs
    * Applying new updates

{{:common:icon_info.png}}
This section in accessible only for super admin user.

{{:products:cockpit:1.0:userguide:pasted:20210504-123158.png}}

===== Getting started =====

  * After installation, open the application in your browser
  * You will be prompted to set superadmin user name and password (if not already set)
  * Once you log in, you will be redirected to the superadmin menu.
  * You must then configure the following:
    * **In DB connectors:**
      * Primary configuration database: Holds application and tenants information
      * At least one tenant configuration database
      * At least one tenant metrics database
    * **In tenants:**
      * At least one tenant with a tenant admin user

Once done, you will be able to log into your first tenant and start configuring the monitoring.

{{:common:icon_warning.png}}
Don't use the same DB name for **Primary** database and **tenant** database


===== Administration sections =====
Find here below a description of the different sections :

^ Settings ^ Description ^
| **[[.:administration:dbconnectors|DB Connectors]]** | Configure connection parameters to the application databases |
| **[[.:administration:tenants|Tenants]]** | Configure tenants and tenant admin users |
| **[[.:administration:settings|Settings]]** | Configure main application settings |
| **[[.:administration:logs|Logs]]** | Download application logs |
| **[[.:administration:updates|Updates]]** | Manage application updates |
| **[[.:administration:collectorupdates|Collector updates]]** | Manage collector updates |
| **[[.:administration:superuser|Super user]]** | Manage super user properties |
| **[[.:administration:statistics|Statistics]]** | Check and investigate problems |

===== Security =====
  
==== Sensitive data ====

  * The configuration database contains sensitive data such as credentials, IP adresses, hostnames, etc...
  * Therefore you must pay attention to secure the accesses to the database and the backups
  * User credentials are encrypted
  * The communication with external parties such as collectors is done via SSL.

==== Certificates ====

  * Trusted certificates are located in ''[PROMONITOR_HOME]/certificates/.keystore''
  * Application certificate for HTTPS is located into the same file
  * You can install or rotate the application certificate by using the below command:
    * ''keytool -import -trustcacerts -keystore [PROMONITOR_HOME]/certificates/.keystore -storepass agentilKeyStore -noprompt -alias yourAliasName -file [PROMONITOR_HOME]/certificates/[certificate.cer]''

**Generating a self signed certificate:**

  # Backup existing keystore
  cp /opt/Pro.Monitor-Cockpit/certificates/.keystore /opt/Pro.Monitor-Cockpit/certificates/.keystore.backup
  # Convert existing keystore to pkcs12
  keytool -importkeystore -srckeystore /opt/Pro.Monitor-Cockpit/certificates/.keystore -destkeystore /opt/Pro.Monitor-Cockpit/certificates/.keystore -deststoretype pkcs12 -srcstorepass agentilKeyStore
  # Generate private key and certificate : Use the actual server FQDN as Common Name in the formular.
  openssl genrsa  -out domain.key 2048
  openssl req -key domain.key -new -x509 -days 1800 -out domain.crt
  # Bundle the key and certificate together
  openssl pkcs12 -export -in domain.crt -inkey domain.key -name pro_monitor -out ks.p12
  # Replace existing certificate
  keytool -importkeystore -destkeystore /opt/Pro.Monitor-Cockpit/certificates/.keystore  -storepass agentilKeyStore -noprompt -alias pro_monitor -srckeystore ks.p12
  # Restart Redpeaks service


==== Super admin credentials ====

  * You can regularly update superadmin credentials via the superadmin menu.

===== Maintenance =====

  The promonitor cockpit has been designed for a low maintenance, however, there are few aspects you need to pay attention
  

  * Remove old update files: The update files that you upload in the application are not removed automatically and will consume disk space

==== Database restore ====

  In case of major problem with the application, you might need to restore the database.

  * Stop promonitor-cockpit service
  * Start mysql server
  * Get the last backup files
  * Then for each backup file, run:
    * ''mysql -u root -p database_name < database_name.sql''

  * Restart promonitor-cockpit service

==== Emergency recovery ====

=== Reset tenant  === 

**Conditions:**
  * You can log in as superadmin, but you are not able to connect as a tenant user
  * Server log is showing serialization errors or SQL errors
  * Stopping and starting promonitor-cockpit service is not solving the problem

**Probable cause:** 
  * The tenant configuration is corrupted

**Resolution:**
  * stop promonitor-service
  * Use a mysql client and remove the last line of table ''tenant_configuration''
  * Depending on the timestamp of the line, you might remove several lines, up to a time you knew the configuration was working
  * Once done, start promonitor-service

=== Reset all ===

**Conditions:**
  * It is not possible to log into the application, even in superadmin mode.
  * Server log is showing serialization errors or SQL errors

**Probable cause 1:** 
  * The server configuration is corrupted

**Resolution 1:**
  * stop promonitor-service
  * Use a mysql client and remove the last line of table ''server_configuration''
  * Depending on the timestamp of the line, you might remove several lines, up to a time you knew the configuration was working
  * Once done, start promonitor-service

**Probable cause 2:** 
  * The local server DB is corrupted

**Resolution 2:**
  * stop promonitor-service
  * rename local db folder: ''[PROMONITOR_HOME]/db''
  * start promonitor-service
  * register a new superadmin account
  * Recreate the SQL connector to the main DB
  * restart promonitor-service