Intellectual Property

Copyright 2024 Celebrus Technologies plc
https://www.celebrus.com

Protected by patents in the U.S. and Europe:

US10430037, EP2684143, US8365188, EP1997041, US8880710, EP1979840, US8898309, EP1979839

Details all aspects of a Celebrus server-side install. See the Operations Dashboard Installation Guide for details of how to install the Operations Server, the access point for automation, monitoring, documentation and configuration.

1. Considerations

The installer permits installation of any combination of application components, these being the Collection Server, Configuration Server, Profile Server and Real-Time Server. The Profile Server and Configuration Server do not permit multiple instances within a cluster.

For more information see the Scalability and Clustering Guide or discuss the various deployment options with your vendor.

1.1. Multi-server installs

It is usually appropriate to install the Collection Server and Real-Time Server on different physical servers. This reduces CPU and memory contention between the two types of server, reducing potential delays in responding to collection requests. Additionally, it may be desirable to isolate the collection aspect of the platform in a DMZ or similar, with minimal ports opened up between the DMZ and the internal network.

Multi-server installs follow the same basic step-by-step install procedure as detailed later. However, after the first install, ensure the servers are commissioned and running. This is the case regardless of whether or not you are installing the first of a server type in a subsequent install or not; always make sure you have successfully commissioned and started the servers you’ve installed before installing subsequent servers.

On larger sites, multiple Real-Time Servers should be installed on separate dedicated servers due to their higher memory requirements.

1.2. Collection Server availability and performance

The JavaScript insert is included in all instrumented pages. The following recommendations ensure optimum data collection performance. The include tag should be the last item to be loaded in the web page, immediately before the body tag.

  1. Ensure the Collection Servers and their infrastructure are not overloaded and correctly matched to your traffic volumes.

  2. If load balancers are positioned in front of the Collection Servers, they should be configured to terminate incoming connections in the event of a failure to forward the request to the appropriate Collection Server.

  3. Make sure there are no dependencies programmed in the page that force the web pages to wait for onload events.

1.3. IP v6 support

Celebrus has been tested on IPv4 stack and dual stack (IP v4 / IP v6) environments. Java prefers the use of IP v4 addresses on a dual stack environment, using IP v4 mapped IP v6 addresses. Geolocation support is provided for IP v4 and IP v6 addresses.

2. Port usage

The following table shows the default ports that are utilized by Celebrus application components with comments on their usage and access/security requirements.

COMPONENT DEFAULT PORT COMMENTS

Collection Server

443

HTTPS Collection interface, to which all traffic from CSAs are sent. This must be accessible from a public network and all visitor machines.

Collection Server

8910

Event data sent from the Collection Server to the Real-Time Server as it is collected. No external access is required.

MySQL database

3306

Communication between Profile Server and MySQL database. External access is not recommended. Only applicable if using a MySQL profile database.

Oracle database

1521

Communication between Profile Server and Oracle database. External access is not recommended. Only applicable if using an Oracle profile database.

Profile Server

8911

Profile data sent between Real-Time Server and Profile Server.

Real-Time Server

7009

HTTPS interface for external use, provides content access for personalisation. Must be externally visible if in use.

Real-Time Server

7007

HTTPS interface for internal use, exposing various services such as session state query and privacy management. External access is not recommended.

Each application component requires a port for cluster management and monitoring. These ports are configured in the Configuration Manager. Access to these ports is required from the Configuration Server and from the Celebrus Operations Server. External access to these ports is not recommended.

COMPONENT DEFAULT PORT COMMENTS

Collection Server

8902

Cluster management and monitoring port.

Configuration Server

8903

Cluster management and monitoring port.

Profile Server

8904

Cluster management and monitoring port.

Real-Time Server

8905

Cluster management and monitoring port.

3. Firewall rules

Assuming default ports are being used, the following need to be permitted by your internal firewall.

None of these ports should be exposed publicly.

Celebrus binds to all interfaces for a given port. If this is not the desired behaviour use firewall rules specific to the interfaces you wish to allow traffic on.

3.1. Inbound allow rules

LOCAL COMPONENT LOCAL PORT ALLOW INBOUND CONNECTION FROM REMOTE COMPONENT

Collection Server

443

Load balancer
Collection Server 1

8902

Configuration Server
Operations Server

8910

Real-Time Server

Configuration Server

8903

Operations Server
Real-Time Server

Operations Server

8443

Operations personnel using the Operations API
Operations Dashboard

Profile Server 2

8904

Configuration Server
Operations Server

8911

Real-Time Server

Real-Time Server

8905

Configuration Server
Operations Server

7007

Other systems/operations personnel performing session state queries and privacy management 2

7009

Load balancer 3

1 Optional, required when collection session affinity is enabled and provided by the Collection Servers themselves. When enabled Collection Servers forward requests between themselves to ensure session affinity is maintained. This approach has the advantage of lifting the burden of session affinity away from load balancers. Some load balancers only provide load balancing using cookies, which can be problematic with some browsers and their cookie restrictions.

2 Optional, required when the legacy Profile Server is in use. Real-Time Servers include Identity Graph and Profile Builder which supersede the Profile Server.

3 Optional, required when the Celebrus deployment is storing image content for personalisation. Typically your Content Management System or Content Delivery Network takes on this role.

3.2. Outbound allow rules

LOCAL COMPONENT REMOTE PORT ALLOW OUTBOUND CONNECTION TO REMOTE COMPONENT

Collection Server

443

Collection Server 1

Configuration Server

8902

Collection Server

636
443

Identity provider 3

8904

Profile Server 2

8905

Real-Time Server

Operations Server

8902

Collection Server

8903

Configuration Server

636
443

Identity provider 3

8904

Profile Server 2

8905

Real-Time Server

443

Your websites. Required for Configuration Manager’s test browser. It is suggested that this traffic is managed through a content filtering proxy.

3306 (MySQL)
1512 (Oracle)
N/A (Derby)

Operations Dashboard database

Profile Server 2

3306 (MySQL)
1512 (Oracle)

Profile database

Real-Time Server

8910

Collection Server

8911

Profile Server 2

8903

Configuration Server

443

European Central Bank currency exchange rates 1

deployment specific

Configured connections for data loader, data streams etc

1 Optional, required when collection session affinity is enabled and provided by the Collection Servers themselves. When enabled Collection Servers forward requests between themselves to ensure session affinity is maintained. This approach has the advantage of lifting the burden of session affinity away from load balancers. Some load balancers only provide load balancing using cookies, which can be problematic with some browsers and their cookie restrictions.

2 Optional, required when the legacy Profile Server is in use. Real-Time Servers include Identity Graph and Profile Builder which supersede the Profile Server.

3 Optional, required if you integrate your identity provider (LDAPS or OIDC) with Celebrus.

4. Load balancing session affinity

Celebrus requires session affinity (session stickiness) to be maintained between a visitor’s session and the Celebrus Collection Servers. How this is implemented depends upon the data collection technology in use.

USE CASES SESSION AFFINITY REQUIREMENT IMPLEMENTATION

AMP data collection

AMP provides no client-side session context, this context is provided by Collection Servers. Therefore an AMP session must always be routed to the same Collection Server.

Celebrus in-built session affinity1, URI mapping

HTML5 data collection

Celebrus in-built session affinity1, Data from a single web page comprising multiple frames must be routed to the same Collection Server, this ensures session identification is consistent.

Celebrus in-built session affinity1, URI mapping, network

HTTP API

Like AMP data collection, HTTP API assumes no client-side session context. Session context is provided by Collection Servers.

URI mapping

Personalisation delivery

Personalisation delivered by Celebrus is queued in a Collection Server before it is sent to the client web browser or mobile application.

Celebrus in-built session affinity1, URI mapping, network

Universal data sources

None

N/A

1 Available from Celebrus 9.9 onwards

4.1. Celebrus in-built session affinity

The simplest approach to session affinity is to enable Celebrus in-built support. This can be done within the Configuration Manager’s Deployment app, Collection/Web server panel. More load is placed on the Collection Servers with this enabled, but as they make use of HTTP/2 connections between themselves when forwarding requests, the cost is minimal.

Collection Servers forward requests between themselves using a trust store comprising the root certificate from the configured collection.keystore. If your keystore is self-signed and has no root certificate, all Collection Servers must use the same certificate. This is not ideal as it introduces a service break when the certificate is updated or refreshed in the future.

By default the forwarded requests between Collection Servers in addition to enforcing certificate trust, also perform hostname verification. This requires the hostname in the cluster topology to be verifiable against the collection.keystore. If this isn’t appropriate within your environment, hostname verification can be disabled within the Configuration Manager’s Deployment app, Collection/Security panel.

When in-built session affinity is enabled, your firewall rules must permit communications between Collection Servers.

4.2. Application load balancing using URI mapping

This approach cannot be implemented using an AWS Application Load Balancer (ALB) because it only supports session affinity using cookies. As explained below, cookies are not a reliable way to implement load balancing.

All Celebrus data collection technologies requiring session affinity provide an identifier in their HTTP request URI to assist with load balancing. This can be used by many ALBs to load balance traffic to your Collection Servers.

COLLECTION TECHNOLOGY URI MATCH LOAD BALANCING ID

AMP

 
~*^/ampSession.json\?.+$

clientId querystring value

 
~*^/ampEvent.json\?.+$

clientId querystring value

HTTP API

 
~*[?&]loadBalancerId=[^?&]*.*$

loadBalancerId querystring value

 
~*^/api/([^/]+)/v[^/]+/([^/]+)/.+$

match group one’s value

JavaScript

 
~*^/([^/]+)/.+/session\.js.*$

match group one’s value

 
~*^/([^/]+)/.+/jsEvent\.js.*$

match group one’s value

 
~*[?&]loadBalancerId=[^?&]*.*$

loadBalancerId querystring value

Mobile SDKs

 
~*^/([^/]+)/.+/postEvent/$

match group one’s value

 
~*^/([^/]+)/.+/appConfigRequest\.xml.*/$

match group one’s value

 
~*[?&]loadBalancerId=[^?&]*.*$

loadBalancerId querystring value

An example Nginx configuration is shown below which load balances traffic.

Key parts of this approach to highlight are the map section which extracts the load balancing identifier, and the upstream section which specifies hash $clientId consistent to provide session stickiness based on this identifier.

If you are auto-scaling your Celebrus deployment, a further concern is maintaining session affinity when scaling up and down. NginX’s map function does not maintain session affinity when the number of upstream servers changes. This concern can be addressed through third party modules such as upstream consistent hash.

Don’t use the NginX example as is. It is provided here for guidance only. 
worker_processes  1;

events {
 worker_connections  1024;
}

http {
 include mime.types;
 default_type application/octet-stream;

 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                 '$status $body_bytes_sent "$http_referer" '
                 '"$http_user_agent" "$http_x_forwarded_for"';

 access_log logs/access.log main;
 error_log logs/error.log debug;

 sendfile        on;
 keepalive_timeout  65;

 upstream backend {
  hash $clientId consistent;
  server host1:port; # TODO your servers go here
  server host2:port; # TODO your servers go here
  keepalive 64;

  #uncomment when using Nginx Plus
  #health_check uri=/status/;
 }

 map $request_uri $clientId {

  # HTTP API, JavaScript SSE, Mobile SDK SSE
  ~*[?&]loadBalancerId=[^?&]*.*$           $1

  # HTTP API
  ~*^/api/[^/]+/v[^/]+/([^/]+)/.+$         $1;

  # AMP API
  ~*^/ampSession.json\?.+$                 $arg_clientId;
  ~*^/ampEvent.json\?.+$                   $arg_clientId;

  # HTML5
  ~*^/([^/]+)/.+/jsEvent\.json$            $1;
  ~*^/([^/]+)/.+/session\.json$            $1;

  # mobile SDKs
  ~*^/([^/]+)/.+/appConfigRequest.xml.*$   $1;
  ~*^/([^/]+)/.+/postEvent/$               $1;

  default $remote_addr;
 }

 server {
  listen       443 ssl http2;
  server_name  your.server.com; # TODO

  ssl_certificate      /cert.pem; # TODO
  ssl_certificate_key  /cert.pem; # TODO

  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;

  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_protocols  TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers  on;

  location / {
   proxy_pass         https://backend;
   proxy_redirect     off;
   proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
   proxy_set_header   Connection "";
   proxy_http_version 1.1;

   # turn off buffering/caching to support server-sent events
   proxy_buffering off;
   proxy_cache off;
  }
 }
}

4.3. Network load balancing

Using a network load balancer is the simplest approach. It works for all uses cases with a few caveats:

  1. Traffic arriving at the load balancer has not been concentrated to a reduced number of connections.

  2. For AMP and HTTP API data collection, a new session is created if a device’s IP address changes, which can occur if connecting to another network or changing location.

4.4. Application load balancing using cookies

Using cookies for load balancing is not a good option because it doesn’t solve the HTML5 data collection requirements for landing pages comprising multiple frames. Additionally load balancing cookies may be blocked by web browsers if the load balancer’s cookie is determined to be third party to the web page at any point. This approach should be avoided.

5. Install prerequisites

Celebrus software is installed by executing a single 'installer' application which requires a valid licence file. The licence contains resources which are essential for the correct operation of your system, without which the system cannot be installed. These are both available from your vendor.

The installer must be run as an administrator on the target machine.

5.1. Server platforms

Celebrus can be installed on the following Windows versions:

  • Windows Server 2008

  • Windows Server 2012 (all editions)

  • Windows Server 2016 (all editions)

  • Windows Server 2019 (all editions)

  • Windows Server 2022 (all editions)

The following Linux distributions are supported:

  • SuSE Linux 12.2

  • Red Hat Enterprise Linux 7, 8, 9

  • CentOS 7

Celebrus servers have been tested on the following operating systems for non-production use only:

  • Windows 7, 8.0, 8.1, 10, 11

  • Ubuntu 12.04, 12.10, Fedora 17 Desktop

  • Mac OSX 10 Catalina x86

  • Mac OSX 12 Monterey x86

  • Mac OSX 13 Ventura Apple Silicon

The Operations Server contains a Chromium browser in order to support testing within the Configuration Manager. As such further minimal requirements are placed upon it by Chromium for Linux platforms:

  • Ubuntu 18.04

  • SuSE Linux 15.2

  • Red Hat Enterprise Linux 7, 8, 9

  • CentOS 7

Please ensure all relevant service packs and patches are in place prior to installing Celebrus. Celebrus uses the OpenJDK Java Runtime Environment which is provided as part of the product installer.

If installing on Linux or Mac OSX, ensure that the ulimit settings are set appropriately, in particular, nofiles, which if set too low can result in connection failures, file access failures and other random effects. See the System Operations Guide for further details of setting ulimits.

5.2. Profile databases

The following guidance applies only to the profile database. Target databases supported by the Data Loader are documented separately in the Data Loader User Guide.

The Profile Server currently supports the following database versions:

  • MySQL 8.0 (recommended)

  • MySQL 5.6 and 5.7 (supported)

  • MariaDB 10.2+ (supported)

  • MariaDB 10.6 (recommended)

  • Oracle Enterprise Edition 19c (recommended)

  • Oracle Enterprise Edition 12c (supported)

  • Amazon Aurora

  • Amazon RDS/MySQL 8.0 (recommended)

  • Amazon RDS/MySQL 5.7 (supported)

  • Amazon RDS/MariaDB 10.2+ (supported)

  • Amazon RDS/MariaDB 10.6 (recommended)

  • Amazon RDS/Oracle Enterprise Edition 19c

  • Microsoft Azure MySQL 8.0 (recommended)

  • Microsoft Azure MySQL 5.7 (supported)

  • Microsoft Azure MariaDB 10.2+ (supported)

  • Microsoft Azure MariaDB 10.6 (recommended)

The profile database requires table partitioning to be available so Oracle Standard Editions are not supported.

The installer does not create the profile database required by the Profile Server. Instead the installer creates a SQL script which your database administrator runs. This SQL script can be found in the Profile Server install directory. The SQL script creates the profile database. The SQL script must be run before starting the Profile Server.

5.2.1. JDBC driver

The Profile Server uses a JDBC driver to connect to the profile database. You are responsible for downloading this JDBC driver. Celebrus recommends that you always use the latest available JDBC driver JARs for the version of database server you are using. It is important to use the driver which is compatible with the JVM version installed by Celebrus and the database version you are using. If you are unsure, contact your vendor for guidance.

Oracle

The Oracle JDBC drivers are required by the installer. These drivers are available within your Oracle install or in the Oracle Client install, or can be downloaded from:

http://www.oracle.com

5.2.2. Amazon Aurora

Amazon Aurora is supported through the existing MySQL connectors. You can discover the database endpoint by navigating to your RDS instance in the AWS console.

MySQL JDBC driver

A MySQL JDBC database driver is required by the installer and can be downloaded from:

https://dev.mysql.com/downloads/connector/j

5.2.3. Securing MySQL

Details about securing the connection to MySQL are contained in a later section of this document.

If SSL connections to MySQL are not in use, MySQL requires the use of RSA public key encryption to protect database passwords during transmission. This public key needs to be extracted from your MySQL server and set within the Celebrus server configuration. MySQL’s public key can be extracted using the following SQL query:

SHOW STATUS LIKE 'Caching_sha2_password_rsa_public_key';

Then saving the variable value as a text file, the default name the Profile Server will search for is mysql.key. If you just provide a key file name in as the property value, the following locations will be searched:

<INSTALL_DIR>\ProfileServer
<INSTALL_DIR>

You then set the following property in a secure.properties file, making sure not to overwrite the properties in the global secure.properties file.

mysql.public.key="<INSTALL_DIR>\Celebrus9\ProfileServer\mysql.key"
There is no need to enclose paths containing spaces within double quotes in secure.properties files.
This section applies to both the Profile Server and the Real time Server. In the case of the Real time Server, it applies to the connection to the Profile database used for data protection purposes and to the Data Loader configuration if MySQl is the target.

5.2.4. MySQL InnoDB and MyISAM

The required MySQL database engine for the Profile Server is InnoDB because the Profile Server takes advantage of the transactional capabilities of that engine as part of real-time update processing.

If you have a Profile Server database where all tables use the MYISAM engine it is possible to execute the following command for each of the above tables to convert them to the InnoDB engine:

alter table <table_name> engine=INNODB;

If you want to convert the other way then use for each of the above tables:

alter table <table_name> engine=MYISAM;
Running the above queries can take quite a long time on large databases and a backup should always be taken before this type of operation.

5.2.5. Backing up or moving the Profile Server database

With the InnoDB engine it is no longer possible to just copy the database directory to another location. To backup or move a Profile Server database you must dump the data using mysqldump and import the data in the new location using a command similar to this:

mysql -uroot -p abi_database_name < dump_file_name.sql

5.2.6. Profile Server performance

Celebrus strongly recommends that the Profile Server database is held in a dedicated MySQL instance that is co-located with the Profile Server. We further recommend that no other non-essential operating system specific software is run on the same hardware as the Profile Server.

For absolute performance, Celebrus recommends that the Profile Server and MySQL programs are on a separate physical disks to both the MySQL data directory and the MySQL temp directory. The MySQL temp directory should also be on a different physical disk to the MySQL data directory.

Celebrus strongly recommends that as much memory as possible is given to the MySQL InnoDB buffer pool (using the innodb_buffer_pool_size parameter) up to a maximum of 80% of total system memory.

The Profile Server memory allocation should not be altered from the default value without specific cause for it to be changed.

5.2.7. Recommended settings in my.ini File

The following sections detail some additional changes that Celebrus recommends post-installation. These changes require editing the my.ini file that is created by the MySQL installation process.

All changes should be added to the end of the section started with the [mysqld] tag, for example:

# The MySQL server
[mysqld]
#changes should be made at the end of this section

Once the changes have been made, restart the MySQL service.

5.2.8. Recommended MySQL SQL_MODE value

The following values of the variable SQL_MODE are incompatible with Profile Server operation and should be removed, if present:

ONLY_FULL_GROUP_BY, NO_ZERO_IN_DATE, NO_ZERO_DATE

The recommended SQL_MODE value is the following:

STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION

The SQL_MODE may appear as SQL-MODE in the ini file because MySQL treats hyphen and underscores as equivalent (even though they are converted to underscores internally). Celebrus recommends the use of underscores in the my.ini file.

MySQL variable names are case insensitive.

5.2.9. Temporary file location

Celebrus recommend that you position the MySQL temp directory on a different drive to the operating system, and a different drive to any data directories. This works to reduce disk contention, which can be a significant factor on busy systems.

This temp drive is configured by adding the following line:

tmpdir=<path to temporary directory>

For example:

tmpdir=f:/mysqltmp
MySQL ini files require the path separator to be specified by a forward slash even in Windows installations.

This option can be set to a list of several paths that are used in round-robin fashion. Paths should be separated by colon characters (:) on Linux and semicolon characters (;) on Windows.

5.2.10. Binary logging

If binary logging is enabled in MySQL, then the property log_bin_trust_function_creators needs to be set as follows in the configuration file to allow triggers to be created on the individual_profile table.

log_bin_trust_function_creators =1

5.2.11. InnoDB tuning suggestions

See the appropriate section in the MySQL Reference Manual for the exact details of each setting. Some of the following properties may already exist in the MySQL configuration file so Celebrus recommends that these settings are made at the end of the [mysqld] section and that any existing definition is commented out.

When configuring Amazon RDS MySQL, use the AWS management console to change or add properties as there is no direct access to the configuration file.

We also recommend letting RDS MySQL manage the innodb_buffer_pool_size parameter by leaving value at the default DBInstanceClassMemory*3/4 or three quarters of the configured instance memory.

 
# When innodb_file_per_table is enabled (the default in 5.6.6 and higher), InnoDB stores the data and indexes for each newly created table
# in a separate .ibd file, rather than in the system tablespace.

innodb_file_per_table=1

# Value 0 means that the log is only written to the log file and
# the log file flushed to disk approximately once per second.
# Offers the best trade-off between performance and accuracy for Profile Server.

innodb_flush_log_at_trx_commit=0

# On Linux and Windows Server 2008 R2+ 24 bit systems,allocate
# up to 80% of available memory to the buffer pool.
# For Amazon RDS MySQL databases, leave this value at the default DBInstanceClassMemory*3/4 or three quarters of the configured instance memory.

innodb_buffer_pool_size=8G

# The number of regions that the InnoDB buffer pool is divided into.
# For systems with buffer pools in the multi-gigabyte range, dividing
# the buffer pool into separate instances can improve concurrency,
# by reducing contention as different threads read and write to cached pages.
# We do not recommend having buffer pool instances less than 1G.

innodb_buffer_pool_instances=8

# Size of each log file in a log group. You should set the combined size
# of log files to about 25%-100% of your buffer pool size to avoid
# unneeded buffer pool flush activity on log file overwrite.
# However, note that a larger logfile size will increase the time needed for the
# recovery process.
# For the typical Profile Server workload we have found 2 files of 256M to be adequate.

innodb_log_file_size=256M

# Number of threads allowed inside the InnoDB kernel.
The optimal value

# depends highly on the application, hardware as well as the OS

# scheduler properties.
A too high value may lead to thread thrashing.

# For the typical Profile Server workload we have found a value of twice the

# number of CPU cores to be sufficient.

innodb_thread_concurrency=8

# We recommend that this parameter is set to the same value as innodb_thread_concurrency above.

innodb_read_io_threads=8

# We recommend that this parameter is set to the same value as innodb_thread_concurrency above.

innodb_write_io_threads=8

# This is highly dependant on the performance of the disk sub-system
# attached to the box.It can only really be determined by running
# disk performance benchmarks on the system to determine the number of
# IOPS ((Input/Output Operations Per Second) for each disk sub-system
# attached to the box.
# For typical commodity hardware servers with internal disk drives we have found
# a value of 100 to be acceptable.
# Warning: setting this parameter too high will seriously affect the performance of MySQL.

innodb_io_capacity=100

# We recommend that this parameter is set to the same value as innodb_io_capacity above.

innodb_lru_scan_depth=100

# To high a value of this parameter and long running queries can starve short, quick, queries
# of CPU.
# For the typical Profile Server queries workload we have found a value of 10 to work well.

innodb_concurrency_tickets=10

# For the typical Profile Server workload we have found using the maximum possible value of 1000
# to be the best choice.
innodb_autoextend_increment=1000

# For the current Profile Server schema we have found 16384 to be sufficient.
open_files_limit=16384
Setting innodb_file_per_table = true does not convert existing tables. It means that any newly created tables will be created as file per table. If you want to convert existing tables you have to use mysqldump to extract the data and then drop and recreate the database before importing the data. All normal backup precautions should be taken before dropping the database.

5.2.12. Oracle Minimum set of privileges

If Profile Server is to create its own tables during initial start up, this is the minimum set of privileges required for the Oracle user:

GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE TO <db_user>;

If the table are created manually using the DDL before the Profile Server is initially started, then this is the absolute minimum privileges required:

GRANT CREATE PROCEDURE, CREATE SESSION TO <db_user>;

5.3. Keystore

A keystore is used for HTTPS data collection from websites and mobile applications. For a production environment, this keystore must be signed by a known certificate authority (CA) such as https://www.thawte.com/. Such CAs are known and trusted by web browsers and mobile devices and so trust certificates signed by them.

Never use a self-signed certificate for a Celebrus HTTPS endpoint which is exposed to the internet because it is not trusted by client devices.

5.3.1. Create a self-signed certificate for testing

In a production environment the internet facing URL for data collection is typically a load balancer. In a test environment, the URL for data collection is often the host machine name where Celebrus is installed. The following instructions show you how to create a self-signed certificate for testing data collection. Java provides a tool called keytool located within the /jre/bin directory of a Java install.

Java can be downloaded from:

https://adoptium.net/

Run keytool as shown below. The prompt for First and last name is asking for your fully qualified host name.

The keystore must use the same password for both the key and the keystore. 
keytool  -genkey -alias test -keyalg RSA -keysize 2048 -keystore keystore -ext "SAN=DNS:[fully qualified host name, of the form host.company.com]"

Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  [fully qualified host name, of the form host.company.com]
What is the name of your organizational unit?
  [Unknown]:  [your organizational unit]
What is the name of your organization?
  [Unknown]:  [your organization]
What is the name of your City or Locality?
  [Unknown]:  [your city]
What is the name of your State or Province?
  [Unknown]:  [your state]
What is the two-letter country code for this unit?
  [Unknown]:  [country code]
Is CN=[your host], OU=[your organizational unit], O=[your organization], L=[your city], ST=[your state], C=[your country code] correct?
  [no]:  yes

Enter key password for <test>
        (RETURN if same as keystore password):

When you install a Collection Server, the installer prompts you for a collection keystore. Browse to this file which is called keystore and provide the keystore password. Your Collection Server is configured with the keystore for HTTPS connections. Later, when you commission the Collection Server in the Configuration Manager, make sure you enter the same fully qualified host name for the HTTPS data collection URL.

5.4. Storage

As a general rule to reduce contentions, Celebrus recommends splitting the various storage 'areas' as much as possible amongst the physical disks. Please make sure you discuss this with your vendor. A poorly devised disk layout can seriously impact the performance of your system.

5.5. Networking

The Celebrus Platform relies on TCP/IP communication between various components within the platform (for example: between the Collection Server and the Real-Time Server. It is vital the networking infrastructure is resilient and capable of handling the volume of data that is collected.

Additionally, firewalls, load balancers, and routers must all be correctly configured to allow the various components to communicate with each other seamlessly. Failure to do so impairs the service offered by Celebrus and could impact the performance of your site (for example, personalisation). It is therefore essential that you discuss this with your vendor prior to deployment.

If collection of your visitor’s geolocation is required, the load balancers must forward appropriate HTTP headers to Celebrus. Celebrus checks the x-forwarded-for, x-ip and client-ip HTTP headers, in order of preference using the first public IP address found.

Prior to installation, you need to know the external IP address or domain name of the server to which Celebrus data is to be transmitted by the JavaScript insert in your web pages. This is often the address of the public facing load balancer in front of the actual Collection Servers.

5.6. SELinux

Due to the increased security in Red Hat 8.7 with SELinux, Celebrus services only can be controlled (started, stopped, restarted) by a root user or a user that has sudo privileges to start the services.

If SELinux is in enforcing mode, then the following guide may help run Celebrus Servers.

5.6.1. SELinux users and roles

A regular user can be mapped to an SELinux confined user which may not have rights to install any application. If that is the case then, you will require to install celebrus with a user that is mapped to an unconfined_u user type or a similar user which has the necessary privileges. For example, SELinux users like user_u do not by default have privileges to perform su and sudo and hence will not be able to perform an installation that requires escalated privileges. To know the domain type a currently logged-in user is authenticated with follow the command given below.

$id -Z
unconfined_u:unconfined_r:uconfined_t:s0-s0:c0.c1023
For more information, consult the SELinux Users and Administrators Guide at access.redhat.com

5.6.2. Tools that are required to be installed for configuring SELinux policies.

#dnf install policycoreutils-devel setools-console gcc
The following instructions has been tested against RHEL 8 and RHEL 9, for more information on SELinux and best practices please visit the official redhat website. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/

5.6.3. Unconfined domain

The recommended approach to run celebrus software in SELinux enabled systems is to run it in an unconfined domain. Applications running in an unconfined domain do not have restrictions and will successfully work without any issues. For applications that are difficult to provide a handcrafted rule set, they can be run within the unconfined domain, giving the user knowledge that this application is running unrestricted.

The below instructions will configure celebrus servers to run in an unconfined domain.

#seinfo -tunconfined_t (to find out if unconfined_t domain is available)

#semanage fcontext -a -t unconfined_exec_t <installdir>/RealTimeServer/RealTimeServer.sh
#semanage fcontext -a -t unconfined_exec_t <installdir>/CollectionServer/CollectionServer.sh
#semanage fcontext -a -t unconfined_exec_t <installdir>/ProfileServer/ProfileServer.sh
#semanage fcontext -a -t unconfined_exec_t <installdir>/ConfigurationServer/ConfigurationServer.sh
#semanage fcontext -a -t unconfined_exec_t <dashboard_installdir>/Dashboard.sh

(once the policy is written we re-lable it in filesystem)
#restorecon -Rv <installdir>/RealTimeServer/RealTimeServer.sh
#restorecon -Rv <installdir>/CollectionServer/CollectionServer.sh
#restorecon -Rv <installdir>/ProfileServer/ProfileServer.sh
#restorecon -Rv <installdir>/ConfigurationServer/ConfigurationServer.sh
#restorecon -Rv <dashboard_installdir>/Dashboard.sh

#systemctl restart CelebrusRealTimeServer

get the pid of RealTimeServer
#ls -ldZ /proc/<PID>

dr-xr-xr-x root root system_u:system_r:celebrus_t:s0 0 May 2 12:03 /proc/712872

you should see that the realtime server is having unconfined_t as the context to run with.

5.6.4. Creating a custom celebrus domain

Running celebrus in its own but permissive domain (this domain will be ignored by SELinux and will be unrestricted)

If your environment does not support an unconfined domain, you may create a custom domain by following the instructions given below. By default when creating a custom domain it will be permissive. which means that even though explicit rules are not given for that domain to access other domains or system calls, it will be permitted, the difference is, it will generate deny messages in the audit daemon, but it will not act on that deny messages instead will be permitted.

#mkdir celebrus_domain
#cd celebrus_domain
#sepolicy generate -n celebrus --init <installdir>/RealTimeServer/RealTimeServer.sh (you may refer other server executable as well)
#./celebrus.sh   (you can ignore the rpm build error if any.)

#semodule -l | grep celebrus (to verify if the domain created is now part of the SELinux module)
#seinfo -tcelebrus_t (this will verify if the celebrus_t domain is available)

(the following commands will associate the context type domain to the executable and so the daemon service will know in which domain it has to execute)
#semanage fcontext -a -t celebrus_exec_t <installdir>/RealTimeServer/RealTimeServer.sh
#semanage fcontext -a -t celebrus_exec_t <installdir>/CollectionServer/CollectionServer.sh
#semanage fcontext -a -t celebrus_exec_t <installdir>/ProfileServer/ProfileServer.sh
#semanage fcontext -a -t celebrus_exec_t <installdir>/ConfigurationServer/ConfigurationServer.sh
#semanage fcontext -a -t celebrus_exec_t <dashboard_installdir>/Dashboard.sh

(once the policy is written you have to re-lable it in filesystem)
#restorecon -Rv <installdir>/RealTimeServer/RealTimeServer.sh
#restorecon -Rv <installdir>/CollectionServer/CollectionServer.sh
#restorecon -Rv <installdir>/ProfileServer/ProfileServer.sh
#restorecon -Rv <installdir>/ConfigurationServer/ConfigurationServer.sh
#restorecon -Rv <dashboardinstalldir>/Dashboard.sh

#systemctl restart CelebrusRealTimeServer

get the pid of RealTimeServer
#ls -ldZ /proc/<PID>

dr-xr-xr-x root root system_u:system_r:celebrus_t:s0 0 May 2 12:03 /proc/712872

you should see that the realtime server is having celebrus_t as the context to run with.

5.6.5. Creating custom policy to run celebrus in SELinux enforcing mode.

If the above solutions are not acceptable to the organization, one can write custom rules to make sure the celebrus domain is running with maximum security. Please note that writing custom rules is an evolutionary process. You will have to keep note of the audit logs and update the policy whenever required.

Instructions to write custom rules.

#mkdir celebrus_domain
#cd celebrus_domain
#sepolicy generate -n celebrus --init <installdir>/RealTimeServer/RealTimeServer.sh  (you may refer other server executable as well)
#./celebrus.sh   (you can ignore the rpm build error if any.)

#semodule -l | grep celebrus (to verify if the domain created is part of the SELinux module)
#seinfo -tcelebrus_t (this will verify if the celebrus_t domain is available)

#semanage fcontext -a -t celebrus_exec_t "<installdir>(/.*)?"
#semanage fcontext -a -t celebrus_exec_t "<dashboard_installdir>(/.*)?"

(once the policy is written you have to re-lable it in filesystem)
#restorecon -Rv <installdir>
#restorecon -Rv <dashboard_installdir>

#systemctl restart CelebrusRealTimeServer
get the pid of RealTimeServer

#ls -ldZ /proc/<PID>

dr-xr-xr-x root root system_u:system_r:celebrus_t:s0 0 May 2 12:03 /proc/712872   (you can notice it is running under celebrus_t domain)

After the RealTimeServer has restarted, you can create your custom policy by following the below instructions.

The audit2allow command will generate two files

  1. celebrus_policy.pp

  2. celebrus_policy.te

#mkdir celebrus_t_policy
#cd celebrus_t_policy
#ausearch -m AVC -ts recent --context celebrus_t | audit2allow -M celebrus_policy  (Step 1)
#semodule -i celebrus_policy.pp                                                    (Step 2)

the below command will disable the permissive mode for celebrus_t domain.

#semanage permissive -d celebrus_t

Monitor for any avc deny messages in the audit.log periodically, if they still appear, then create policy using audit2allow command the same way mentioned in step 1 and 2. It is recommended to thoroughly examine the policy generated by audit2allow before proceeding with the installation, you will have to scrutinize the rules generated in the type enforcement file (celebrus_policy.te file) and remove any unwanted rule from the type enforcement file. SELinux is used to deny malicious access to resources and hence it is important to discern the rules that is being allowed through your policy file.

Instructions detailed below to monitor for avc deny messages in audit log.

#ausearch -m AVC -ts recent --context celebrus_t

If you are modiying the generated celebrus_policy.te file then you are required to recompile the policy file (celebrus_policy.pp), you can follow the below instructions to recompile it.

#make -f /usr/share/selinux/devel/Makefile celebrus_policy.pp
#semodule -i celebrus_policy.pp
For more information on generating custom policy please refer redhat documentation. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux

5.6.6. Mounting partitions in a SELinux environment

If you have just created or reformatted the filesystem, it may be that no SELinux context have been set for the files yet. You can use restorecon to apply the correct contexts based on the file context rules.

$sudo restorecon -Rv /path/to/mount/point

If the files in the partition are having contexts similar to unconfined_u:object_r:unlabeled_t:s0, then you may have to run the above command to relabel the folder.

Once the above command is executed, then any file which is in that partition or any new file gets created, will have a valid context associated with it, which means it will no longer be unlabeled.

This instruction is sufficient to be executed once.

6. Step-by-step install guide

The installation of Celebrus is designed to be as simple as possible and can typically be performed in a matter of minutes. The step-by-step installation guide covers the installation of all components. Most configuration of a Celebrus system is performed in the Configuration Manager after installing the servers.

The installer requires the end user to have root privileges on Linux platforms (possibly using sudo to invoke the installer) or Administrator privileges on Windows. If the user does not have the appropriate privileges, an error is displayed and the installer exits.

6.1. General

The installer requires administrator (root) privileges.

Locate the relevant installer executable and execute it:

Windows

Double click on the Windows .exe file.

Linux

Execute the .run file for Linux.

Mac OSX

Experimental Mac support for Celebrus servers has been introduced, limited for use in non-production environments. A known issue exists with the installers' packaging so it does not install by executing the file directly. Instead unzip the .app.zip installer file. Once unzipped execute the folder’s /Contents/MacOS/installbuilder.sh file.

To uninstall, execute [installDirectory]/uninstall.all/Contents/MacOS/installbuilder.sh.

6.2. Licence agreement

You must accept the licence terms before the install proceeds.

6.3. Third party licence agreement

A secondary licence screen is displayed which covers the third-party software components utilised by Celebrus. You must signify your acceptance of these terms before progressing to the next page.

6.4. Security and privacy

The next screen reminds you of your obligations when collecting and handling personal data (should you choose to do this), you should read and confirm your understanding of the content of this page.

6.5. Choose install location

Next, select the install location for the software. Typically the default location suffices. If you choose an existing product install directory, then an upgrade is performed.

6.6. Select components to install

Allows you to select which components to install.

Only a single instance of the Configuration Server and Profile Server may be installed within a given cluster.

The Profile Database is required only if you are using the legacy Profile Server. If you intend to use Identity Graph and Profile Builder, then you do not need the Profile Server.

6.7. Host name

On the following screen select the host name of your server.

6.8. Cluster overview

On the cluster overview page you select your licence file and a name for your cluster. The cluster name must be at least eight characters long.

6.9. Cluster ports

On the next page, select the cluster ports to use for Celebrus internal cluster communications.

6.10. Certificate authority keystore

This page configures the certificate authority keystore.

See the SSL section for more information.
Install Configuration Server without an existing CA keystore

The installer can create a self-signed CA keystore for your new cluster.

This keystore includes the certificate and private key for the certificate authority and is called CA.keystore. The CA.keystore file is created in the install directory. The certificate is copied into a file called cluster.truststore in the install directory.

Install Configuration Server with your own CA keystore

If you have your own CA keystore, then you can choose to use that instead. The file must be in JKS format containing a single entry comprising certificate and private key. The certificate is extracted from the CA keystore and copied into a file called cluster.truststore in the install directory.

Never use the same CA keystore in more than one cluster.
Install additional servers

If you are installing additional servers (for example, Collection Servers in a DMZ), then you must provide the CA keystore for your cluster.

6.11. Collection Server

Select whether you want the Collection Server to run as a service.

6.12. Collection Server keystore

Select the keystore for your Collection Server.

The keystore must be in JKS format, containing one or more entries protected by the same password. Each entry must contain a certificate and private key. You may choose to leave this information blank and set up the certificate post install.

See the SSL chapter in this user guide for more information.

6.13. Backwards compatibility

Enables you to maintain backwards compatibility with an existing data model which requires session numbers. If you don’t have an existing Celebrus deployment, simply select No.

6.14. System administrator

Enter the details for the system administrator on the Celebrus system. Your system is automatically set up with a system administrator role and user.

Do not lose these details, it is not possible to recover them afterwards!

6.15. System email

The system requires SMTP access in order to send password reset emails requested from the Configuration Server. Many organisations configure their SMTP servers to only send email requests from known accounts as a spam prevention mechanism. Configure the sender email address to be a known account on the SMTP server.

6.16. Configuration Server

Select whether you want the Configuration Server to run as a service.

6.17. Configuration Database

Select whether you want to use your own MySQL or MariaDB instance as the Celebrus configuration repository or an embedded Derby database which is managed for you.

If you select MySQL or MariaDB you’ll be asked for its details.

Set the database variable max_allowed_packet to at least 400M within the database server’s configuration file.

6.18. Profile database

Select what type of profile database you require. The installer does not create the profile database, instead it creates an example SQL script in the ProfileServer/database directory. Depending on your choice of database, the SQL script is called MariaDB.sql, Oracle.sql, or MySQL.sql. This SQL script contains the statements to create the profile database. You should therefore edit and run this script after completing the install and before starting the Profile Server.

You must also configure the profile database in the Deployment app in the Configuration Manager.

Select the JDBC driver which is compatible with your Celebrus system and target database. This JDBC JAR file is copied into the correct location in the install directory by the installer.

6.19. Profile Server

Select whether you want the Profile Server to run as a service.

6.20. Real-Time Server

Select whether you want the Real-Time Server to run as a service:

6.21. Real-Time Server keystore

Select the keystore for your Real-Time Server.

The keystore must be in JKS format, containing one or more entries protected by the same password. Each entry must contain a certificate and private key. You may choose to leave this information blank and set up the certificate post install.

See the SSL chapter in this user guide for more information.

6.22. Ready to install

Click Next when you are ready to install the servers.

6.23. Installing files

The installer unpacks and installs the system as configured.

Once the required files are unpacked and installed, the system is configured to match the options you chose during the installation process.

If the install included the Configuration Server, the Configuration Manager User Guide found within the Documentation folder of the install should be consulted. This provides details of how to configure the system, such as users and roles. The Documentation folder also contains the release notes.

7. After the install

This section details simple steps that should be performed after an install to verify the application components are operating correctly. Additionally the Collection Server sections also detail the process of instrumenting your website with the Celebrus JavaScript insert.

7.1. Create the profile database

If you have a Profile Server in your deployment you must create a profile database (MariaDB, MySQL, or Oracle) if one does not already exist. A template script can be found in <install directory>/ProfileServer/database for the appropriate database type, for example MariaDB.sql, MySQL.sql, or Oracle.sql. Edit the script and run to create the profile database. If you are running this for the first time, remove any DROP statements.

7.2. Start the servers

Start the newly installed components, typically by using the appropriate service controls on the system. Ensure all components start correctly and view the relevant log files within the logs folder of the new install. Check to make sure no errors are reported.

If the servers have been installed as services, it is good practice to reboot the machine to ensure all services start without error. You don not want to discover an issue with the service launch if a host machine is restarted for the first time outside of office hours.
Windows

To start the servers manually, either use the standard Windows services tools or execute <server name>.bat. The script file is located within each of the server sub-folders of the installation directory.

Linux

To start the servers manually, execute <server name>.sh start. The script file is located within each of the server sub-folders of the installation directory.

7.3. Deployment

Once your cluster is installed you need to commission the deployment. To do this access the Configuration Manager app via the Operations Dashboard.

The Operations Dashboard is a separate installation which must be done after Configuration Server install has been performed.

Login to the Configuration Manager. Select the Deployment app from the DEVOPS section of the sidebar menu.

Add each of your installed nodes in to the deployed nodes list.

After you have added each server, click on the Commission button:

Next, select the Collection tab within the Deployment app. On the Endpoints tab configure the CSA Name and HTTPS Endpoints to match your deployment.

The host name in the HTTPS endpoints must match the fully qualified host name in your public collection endpoint which typically is your load balancer.

If you plan to use the Load Tester application to generate test traffic, click the Filtering tab and enable Allow load test traffic.

Save your changes to the repository.

7.3.1. Check health of the deployment

Open the Operations Dashboard. The homepage shows the overall status of your cluster.

7.4. Geolocation

The Real-Time Server upon install issues a warning indicating that no geolocation data is available. This is an in-memory database which the system uses to map IP addresses to geolocation.

To configure the geolocation database, open the Geolocation app from the Configuration Manager home page. Within the Geolocation app, browse to the Geolocation.zip file provided to you by your Celebrus vendor and save to the repository. After a few minutes the geolocation data warnings will disappear.

7.5. Data protection

From the Configuration Manager home page, click on the Data Protection app.

Click the Configure button, and configure:

  • Use visitor’s DNT preference to always, excluding IE10

  • Default consent for unknown visitors to Opted In

  • Place tracking information on a visitor’s browsing device to When opted in

Press Next followed by Finish to close the wizard. Save the changes to the repository.

This configuration may not be suitable for all data collection jurisdictions. For example, under the General Data Protection Regulation (GDPR), new visitors should not be automatically opted in. For more information please see the Data Protection User Guide.

7.6. Add security roles

The table below shows the default security roles which are created when Celebrus is installed:

ROLE RESPONSIBILITY CONFIGURATION MANAGER APPS

SYSADMIN

Super user

All (including the ability to administer users in the Users and Roles app).

Data Analyst

Understand the data and help the organisation make better business decisions.

Machine Learning Explorer, Data Loader, Data Streams, File Transfer

Data Engineer

Everything which is needed to collect, transform, and deliver data to the organisation.

Collection Rules, Currency Exchange Rates, Data Enrichment, Data Mapping, Event Sample, Geolocation, Semantic, Universal Data Sources

DevOps Engineer

Deployment of the Celebrus system, introduction of new nodes in to the system, port allocation etc.

Deployment, Email, Event Store, Keystore, Licensing

Marketing Analyst

Manage the personalisation and user experience for customers on digital channels.

Offline Segmentation, Personalisation, Templates

Security Engineer

Manage the security, data protection and identity on your digital channels.

Audit Trail, Data Protection, Digital Identity, Users and Roles

You should consider which users need access to Celebrus and their required permissions. The system administrator can set-up users and roles in the Users and Roles app in the Configuration Manager.

7.7. Collection

You need to configure what data is collected and from which websites and mobile applications. Collection rules are configured in the Collection Rules app in the Configuration Manager.

By default there are no collection rules in a newly installed Celebrus system, therefore no data is collected - this configuration should be done as soon as possible.

From the home page of the Configuration Manager, select the Collection Rules app. Select the Web and Mobile Page Rules tab. Click the Add button, and in the Add Rule wizard configure:

  • Rule name as everything.

  • Data source as Celebrus Web.

  • Collection options select all types of event from Complete to Heartbeats.

  • Text collection policy select Collect text values as they appear on the page.

Click Next, the configuration page asks when this rule configuration is to be applied. Configure PageLocation as like * by performing the following steps:

  1. Select the PageLocation checkbox.

  2. Within the Rule summary click the meets conditions which opens a further wizard.

  3. Select the Like option

  4. Enter * within the Enter value field.

  5. Accept the value press the left arrow button.

  6. Press OK.

The Rule summary now reads Where PageLocation like *. Press Next then Finish.

Save your changes to the repository.

This rule collects all user interactions on any web page that has been instrumented with the Celebrus JavaScript insert. In a production environment, you may have business requirements for additional collection rules (for example, do not collect a credit card number from billing pages).

7.8. Website and mobile applications

For websites, you need to download the Celebrus JavaScript insert from a Collection Server.

Open a web browser and enter the URL:

http://<collection endpoint>:<port>

You can download the JavaScript insert from this page. Further documentation for this and other aspects of Celebrus are available via the Operations Dashboard. Mobile SDKs and demonstration apps are also available here.

Once you have completed setup, as recommended by good security practices to limit information disclosure, it is recommended to disable the collection endpoint information pages. This can be done using the Configuration Manager's Deployment app.

8. Deployment

One of the most important tasks after installing Celebrus is to configure your deployment. Your deployment is configured in the Deployment app in the Configuration Manager. The Deployment app is used to specify the servers in the cluster (called the topology) and their configuration.

Each server has some server specific configuration, for example:

SERVER TYPE EXAMPLE

Collection Server

HTTPS URL where websites and mobile apps send their collected data.

Profile Server

Database connection details for the profile database.

Real-Time Server

Port number where session query web service calls are sent.

Configuration is applied uniformly to all servers of a given type. For example, all Collection Servers listen on the same port for incoming connections from websites and mobile applications.

This is important to understand because it means two servers of the same type cannot be installed on the same host (because their port numbers would collide and one would not be able to bind to the port).

8.1. Restrictions

There are restrictions which apply to a cluster topology:

  1. All servers within a cluster have a host name.

  2. Only one server of a given type can reside on a given host.

  3. Only a single Configuration Server and single Profile Server can be configured within a cluster.

  4. The first install must always include the Configuration Server.

The host name for a server is configured when you install Celebrus on the host. Do not mix host names, IP addresses, and fully qualified host names. Pick one name to refer to a host and use it everywhere, especially when you commission the server in the Deployment app.

8.2. Commissioning

A server does not provide service until it is commissioned. The Configuration Server is always commissioned. All other servers are commissioned through the Deployment app and provide service when the Configuration Server has successfully synchronised configuration to that server.

To decommission a server, change its state to Uncommissioned. This does not take effect immediately, instead it waits for the decmomissioning time period to elapse, during which the node is said to be decommissioning.

Decommissioning is an important phase allowing the system time to migrate live traffic from the decommissioning server to others. For example, a Collection Server which sees a Real-Time Server start to decommission no longer considers that server as a target to receive new sessions.

9. Services

As a general rule, any Celebrus server should be installed as a service. This ensures that when a machine restart is performed that the Celebrus service is automatically restarted.

9.1. Manually installing services

Services can be created/removed manually by executing the relevant shell script in the install directory for the relevant server, as shown below. Due to the increased security in Red Hat 8.7 with SELinux, this needs to be performed by a root user or a user that has sudo privileges to install / remove services.

<install directory>/ProfileServer/InstallProfileService-Windows.bat

This script file uses settings in the .conf file for that server:

<install directory>/ProfileServer/ProfileServer.conf

To determine the name of the service to be installed/uninstalled:

# Name of the NT service when installed.
wrapper.ntservice.name=CelebrusProfileServer

# Display name of the NT service when installed.
wrapper.ntservice.displayname=CelebrusProfileServer

9.2. Non-system user

It is recommended that servers should be run under user accounts with as few privileges as possible to minimise the effects of the system being compromised. Ideally this user should not have a home directory and people should not be able to login as this user.

The following instructions relate to the user that the Celebrus and associated wrapper services are run as, they do not relate to which users can manually control the services.

9.2.1. Windows systems

Windows Server 2008 R2 introduced the concept of virtual accounts to allow the easy configuration of services to run under non-system users with very few privileges. After the service has been installed, but before it is started for the first time execute the following commands with <type> replaced appropriately with Collection, Configuration, Profile, or RealTime.

This must be done for each server in the cluster after the install. In the following <service_name> is something like CelebrusProfileServer-9.0.0. The double quotes are important if your paths or service names have spaces in them.

This command sets the service to run under a virtual account user:

sc config <service_name> obj="NT SERVICE\<service_name>"

This command gives the virtual account user ownership of the relevant parts of the install:

icacls "<install directory>\<type>Server"
/setowner "NT SERVICE\<service_name>" /T

This command gives the virtual account user enough privileges to read, write, create and delete log files, etc.:

icacls "<install directory>\<type>Server"
/grant:r "NT SERVICE\<service_name>":F /T

Example commands for a typical install would be similar to the following:

sc config CelebrusProfileServer-9.0.1304 obj="NT SERVICE\CelebrusProfileServer-9.0.1304"

icacls "C:\Program Files\Celebrus9.0.1304\CollectionServer"
/setowner "NT SERVICE\CelebrusProfileServer-9.0.1304" /T

icacls "C:\Program Files\Celebrus9.0.1304\CollectionServer"
/grant:r "NT SERVICE\CelebrusProfileServer-9.0-1304":F /T

9.2.2. Linux systems

The following instructions relate to the user that the Celebrus and associated wrapper services are run as, they do not relate to which users can manually control the services.

When the Celebrus services are running under Linux, the decision to use a non-root user also has implications for the service it if directly listens on ports below 1000. For example, port 80 (HTTP) or port 443 (HTTPS). In this case we would recommend a load balancer or traffic manager is placed in front of the service to listen on these ports and translate them to ports above 1000.

When running under Linux, Celebrus services can only be manually controlled (started, stopped, restarted) by a root user or a user that has sufficient sudo privileges to control the services. If the machine is restarted and the services are set to auto-start, they will be re-started even when running as a non-root user.

Create a group and user on Linux systems with the ability to run the servers in the cluster. If you have several services in the cluster on the same machine they can share a single user or create separate users for each service where the users all are in the same group. The names of the user and group below are suggestions, you can use whatever format fits your company policy, as long as they are used consistently.

The following command creates the group under most variants of Linux. These command must be executed on each machine running services in the cluster. You may need to be an administrator or use sudo to do this:

groupadd --system CelebrusGroup

The following command creates the user under most variants of Linux. You may need to be an administrator or use sudo to do this:

useradd -M --comment "Celebrus servers run as this user" --system CelebrusUser

Once the user and group has been created, add the user to the group.

usermod -a -G CelebrusGroup CelebrusUser

Next give the user ownership of the install directory and ensure it has permissions to read, write, create and delete files under the install directory. You must also do this for any folders outside the install area that the service writes to, for example Data Loader or Event Store folders stored outside the install area. You may need to be an administrative user or use sudo to do this.

Replace <install directory> as appropriate for your cluster:

chown --recursive CelebrusUser:CelebrusGroup <install directory>

chmod -R u=rwx,g=rwx,o=rx <install directory>

Next change each servers shell script configuration file to utilise the user created above. The shell script configuration files are located in each server directory, have the extension .shconf and are named accordingly for each server type, for example:

<install directory>/CollectionServer/CollectionServer.shconf

In the file find the line that starts RUN_AS_USER=. This line may be commented out and so may read # RUN_AS_USER= Remove the # and replace with: RUN_AS_USER=CelebrusUser.

As a root user, or using a user with sudo permissions, remove and re-install each service using the provided scripts, for example:

<install directory>/CollectionServer/CollectionServer.sh remove
<install directory>/CollectionServer/CollectionServer.sh install

10. Identity and Access Management

See the Identity and Access Management User Guide for further information.

11. SSL

Celebrus makes use of the Java Virtual Machine to support SSL. Celebrus sets up SSL automatically when it is installed. This security cannot be switched off.

The system implements host name verification for secure connections, therefore it is essential you always enter the same host names when you install the servers and applications. Do not mix host names with IP addresses and host names with fully qualified domain names. Always use one host name to identify a machine and stick to it everywhere. This includes when you commission servers in the Configuration Manager.

As shown in the table below, there are several SSL keystores and certificates used by a Celebrus cluster. These keystores and certificates are explained in more detail in the following sections.

FILE NAME CREATED BY COMMENTS

CA.keystore

Installer or you

CA keystore for a cluster which signs server certificates. By default the installer creates a CA.keystore file in the root install directory, but you can provide your own if required.

cluster.truststore

Installer

Contains the CA certificate and is copied by the installer into the root install directory.

cluster.keystore

Installer

Keystore containing a private key and server certificate which is signed by the CA, and used for communications within a cluster. Each server is created its own keystore by the installer and are never shared.

dashboard.keystore

Installer

Server keystore which is required when you install the Operations Dashboard. This keystore is created by the first install in the cluster (which contains the Configuration Server).

collection.keystore

You

Keystore used for external communications to the Collection Servers. You must provide this and it should match the DNS names of your Collection Servers.

realtime.keystore

You

Keystore used for external communications to the Real-Time Servers. You must provide this and it should match the DNS names of your Real-Time Servers.

11.1. Certificate authority

Each Celebrus cluster has a unique CA certificate and private key. This certificate and private key are collectively called the CA keystore. The CA keystore is special because it can be used to sign other certificates. This signing establishes a chain of trust which allows one server in a cluster to ensure it is talking securely to another server.

The CA certificate is only used for internal communications between servers in the cluster and never for connections from browsers or mobile applications.

You can point the installer at your own CA keystore or leave the default value. In this case, the installer creates a new CA keystore. By default, the installer creates the file called CA.keystore in the root of the install directory.

If you are installing additional servers into an existing cluster then you must use the CA keystore from the first install (which contains the Configuration Server).

A cluster cannot use more than one CA keystore. Never use the same CA keystore in more than one cluster. Nor can a cluster have more than one CA keystore.

If you use your own CA keystore the file must be in JKS file format. The JKS file must contain a single CA certificate, matching private key, and certificate trust chain if required. The certificates should not use aliases. The keystore and private key in the CA keystore must be protected by the same password.

The installer extracts the CA certificate into a file called cluster.truststore which it copies into the root install directory. This file does not contain the private key of the certificate authority. This file has the same password as the CA.keystore file. Do not delete this cluster.truststore file from the install directory, it is required by the servers. You also need this file when you install the Configuration Manager.

The installer updates the secure.properties file in the install directory with the cluster.truststore password:

cluster.trustStorePassword=<password>

11.2. Passwords

The CA keystore is protected by a password. The installer uses this password to protect the server certificates and truststore in that install directory. In other words, all server keystores and truststore in an install directory are protected by the same password.

You can change the password on the CA keystore file when you install subsequent servers on other machines into the same cluster. This avoids having the same password protect all keystores on different machines.

11.3. Server certificates

The installer creates a unique server certificate for each server installation. This server certificate is signed by the cluster’s CA private key. The installer prompts you for the CA keystore when you install additional servers such as extra Collection Servers and Real-Time Servers.

The server certificate and private key is stored in a JKS format file called cluster.keystore which is located in the install directory of each server.

You cannot change the CA keystore without restarting all servers simultaneously so it is very important to protect the CA private key. If the CA private key is compromised, an attacker could create their own certificates and connect to the cluster. Once connected they can potentially access customer information.

The server certificate is used when a server connects to other servers (for example, when the Real-Time Server connects to the Profile Server to exchange profile information). In this case the certificate is passed across so the server can identify itself. This ensures both ends of the SSL connection identify themselves with a certificate signed by the CA. The installer updates the secure.properties file in the install directory with the server keystore password:

cluster.keyStorePassword=<password>

11.4. Dashboard

The dashboard installer prompts for a keystore which the dashboard subsequently uses to identify itself when it connects to the Celebrus cluster and obtains status information. The main server installer creates another keystore file for this purpose, called dashboard.keystore and is located in the root directory of your Configuration Server install. You need to copy this file to the machine where you are installing the dashboard. The dashboard keystore is protected by the same password as the CA.keystore.

11.5. Configuration Manager

You require the CA truststore file when you install the Configuration Manager. This is required because the Configuration Manager must trust the server certificate provided by the Configuration Server.

11.6. Collection Server

The installer prompts for a keystore which you provide for your Collection Server. This step is optional and you may choose to configure this post install. This keystore is used by external applications which send data to your Collection Servers (typically websites and mobile applications). If you configure a keystore file, it is copied into your Collection Server directory and renamed to collection.keystore.

The file must be in JKS format and contain the certificate, matching private key, and certificate chain. The keystores and private keys in the keystore must be protected by the same password. The installer updates the secure.properties file in the install directory with the Collection Server keystore password:

collection.keyStorePassword=<password>

You can update the collection.keystore file with new certificates and the file is automatically reloaded within a minute. This enables you to change server certificates without restarting the Collection Servers.

This approach is only supported if the password for the existing and new keystores are the same. If the passwords are different the server must be restarted.

11.7. Real-Time Server

The installer prompts for a keystore which you provide for your Real-Time Servers. This step is optional and you may choose to configure this post install. This keystore is used for external connections to the Real-Time Server from browsers and mobile apps when requesting content for personalisation from the Real-Time Rules content library. If you configure a keystore file then it is copied into your Real-Time Server directory and renamed to realtime.keystore.

The file must be in JKS format and contain the certificate, matching private key, and certificate chain. The keystore and private keys in the keystore must be protected by the same password.

The installer updates the secure.properties file in the install directory with the Real-Time Server keystore password:

realtime.keyStorePassword=<password>

You can update the realtime.keystore file with new certificates and the file is automatically reloaded within a minute. This enables you to change server certificates without restarting the Real-Time Servers.

This approach is only supported if the password for the existing and new keystores are the same. If the passwords are different the server must be restarted.

11.8. SSL system properties

The following properties are set within the secure.properties file. This file is located in the install directory and contains common properties which apply to all applications and servers under that directory.

use.ssl.db.mysql=[true/false]

All communications with MySQL are over SSL. MySQL also needs to be configured to support this.

use.ssl.db.mysql.keystore

The name of the keystore or the name of the keystore with either relative or absolute path information. Optional, defaults to keystore-mysql.

use.ssl.db.mysql.keystore.password

The keystore password. Mandatory.

use.ssl.db.mysql.truststore

The name of the truststore or the name of the keystore with either relative or absolute path information. Optional, defaults to keystore-mysql.

use.ssl.db.mysql.truststore.password

The truststore password. Mandatory.

use.ssl.db.oracle=[true/false]

All communications with Oracle are over SSL. Oracle also needs to be configured to support this. Oracle does not need a keystore or truststore added to the Celebrus system.

javax.net.ssl.cipherSuites

Permits explicit setting of the enabled SSL cipher suites if the system defaults don not conform to an enterprise’s security policies. Specified as a single string value comprising a comma-separated list of cipher suites which are to be enabled.

javax.net.ssl.protocols

Permits explicit setting of the enabled SSL protocols if the system defaults do not conform to an enterprise’s security policies. Specified as a single string value comprising a comma-separated list of protocols which are to be enabled. For all of the above to work correctly for MySQL, you need to add appropriate keystores and truststores in to the install directories.

MySQL keystore / truststore name defaults to mysql.keystore and mysql.truststore and by default the system looks in the server install directory then in the root install directory before trying the value of the use.ssl.db.mysql.keystore for valid path information.

The five MySQL SSL properties have equivalent names for MariaDB (for example, use.ssl.db.mariadb and use.ssl.db.mariadb.keystore).

The use.ssl.db.oracle property applies to the Real-Time Servers and Profile Server only. The use.ssl.db.mysql property applies to both Real-Time Servers, Profile Server and Configuration Server.

11.9. Default cipher suites

The available and enabled cipher suites are output to a server’s log file on start-up, when SSL is enabled. The default set of ciphers is subject to change between software releases as recommendations change.

Override by setting the javax.net.ssl.cipherSuites system property with the server’s .conf file. This cannot be set within the secure.properties file because it is a built-in Java Virtual Machine parameter.

11.10. Default protocols

The available and enabled protocols are output to a server’s log file on start-up when SSL is enabled. The default list of enabled protocols is TLSv1, TLSv1.1, and TLSv1.2.

Override by setting the javax.net.ssl.protocols system property with the server’s .conf file. This cannot be set within the secure.properties file because it is a built-in Java Virtual Machine parameter.

12. Configuring database SSL

This chapter explains how to secure communications between the Profile Server and the profile database (MySQL and Oracle).

12.1. Configuring MySQL SSL communications

To configure MySQL to support SSL communications.

12.1.1. Download

To generate a self-signed certificate and key, it is necessary to download and install OpenSSL. Version 1.0.1e of this product has been used successfully.

12.1.2. Generate and verify certificates

See Example 1 in the MySQL documentation for full details:

http://dev.mysql.com/doc/refman/5.6/en/creating-ssl-files-using-openssl.html

You must ensure the common name is different for CA, server, and client certificates or the verification step fails. From a DOS prompt execute the following series of commands:

mkdir \SystemTestCertificates
cd \SystemTestCertificates
openssl genrsa 2048 > .\ca-key.pem

# Common name entered here must differ from those below.
openssl req -new -x509 -nodes -days 3600 -key .\ca-key.pem -out .\ca-cert.pem

# Common name entered here must differ from the others.
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout .\server-key.pem -out .\server-req.pem
openssl rsa -in .\server-key.pem -out .\server-key.pem
openssl x509 -req -in .\server-req.pem -days 3600 -CA .\ca-cert.pem -CAkey .\ca-key.pem -set_serial 01 -out .\server-cert.pem
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout .\client-key.pem -out .\client-req.pem
openssl rsa -in .\client-key.pem -out .\client-key.pem

# Common name entered here must differ from those above.
openssl x509 -req -in .\client-req.pem -days 3600 -CA .\ca-cert.pem -CAkey .\ca-key.pem -set_serial 01 -out .\client-cert.pem
openssl verify -CAfile .\ca-cert.pem .\server-cert.pem .\client-cert.pem

12.1.3. MySQL

A standard MySQL 5.6+ install supports SSL operation if provided with a certificate and key. To check that SSL is supported for your MySQL install execute the following command at a MySQL prompt:

show variables like 'have_ssl';

If your install has a variable called have_openssl, even it is currently disabled and your install supports SSL, it just needs the certificate and key adding.

12.1.4. Configure MySQL Server

Stop your instance of MySQL if it is running. Move the following certificates generated above to a folder in the MySQL install area, for example:

C:\Program Files\MySQL\MySQL Server 5.6\ssl:
ca-cert.pem
server-cert.pem
server-key.pem

Add the following section to the bottom of your my.ini file and restart the service (use forward-slashes rather than back-slashes):

# SSL configuration
ssl-ca="C:/Program Files/MySQL/MySQL Server 5.6/ssl/ca-cert.pem"
ssl-cert="C:/Program Files/MySQL/MySQL Server 5.6/ssl/server-cert.pem"
ssl-key="C:/Program Files/MySQL/MySQL Server 5.6/ssl/server-key.pem"

12.1.5. Modify the MySQL database users

The MySQL Database users must be modified to ensure SSL is used.

From a MySQL command prompt, execute the following commands for the profile database user. After performing this step users are not be able to login to MySQL without using SSL:

GRANT ALL PRIVILEGES ON *.* TO '<username>'@'<hostname>' IDENTIFIED BY '<password>' REQUIRE SSL;
FLUSH PRIVILEGES;

12.2. Configuring Oracle to support SSL

A default install of Oracle 11g is configured with advanced security. This includes the required orapki command line utility which is required to create the self-signed certificate and key.

12.2.1. Use orapki and keytool

The following Oracle document gives detailed instructions to configure an Oracle 11g system to support JDBC over SSL:

http://www.oracle.com/technetwork/database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf

Only use Appendix B up to and including Create a wallet for the Oracle server of the document.

Note when orapki prompts for a password, you are entering the new password for the wallet, not the existing system user password. The provided password must be at least eight characters long and contain letters and digits.

Move the .\root and .\server directories generated above to a location on the Oracle server machine, say C:\OracleWallet\root and C:\OracleWallet\server.

The following commands have been found to work successfully in a Windows batch file when creating the server-side wallet. The DN used should be changed to match the installed environment.

@echo on

set PASSWORD=%1

call orapki wallet create -wallet .\OracleWalletNew\root -pwd %PASSWORD%

call orapki wallet add -wallet .\OracleWalletNew\root -dn "OU=development,O=Celebrus Technologies Ltd,CN=Oracle Certificate Authority,C=UK" -keysize 2048 -self_signed -validity 3650 -pwd %PASSWORD%

call orapki wallet display -wallet .\OracleWalletNew\root -pwd %PASSWORD%

call orapki wallet export -wallet .\OracleWalletNew\root -dn "OU=development,O=Celebrus Technologies Ltd,CN=Oracle Certificate Authority,C=UK" -cert .\OracleWalletNew\root\b64certificate.txt -pwd %PASSWORD%

call orapki wallet create -wallet .\OracleWalletNew\server -auto_login -pwd %PASSWORD%

call orapki wallet add -wallet .\OracleWalletNew\server -dn "OU=development,O=Celebrus Technologies Ltd,CN=MHD030809.speed-trap.com,C=UK" -keysize 2048 -pwd %PASSWORD%

call orapki wallet export -wallet .\OracleWalletNew\server -dn "OU=development,O=Celebrus Technologies Ltd,CN=MHD030809.speed-trap.com,C=UK" -request .\OracleWalletNew\server\creq.txt -pwd %PASSWORD%

call orapki cert create -wallet .\OracleWalletNew\root -request .\OracleWalletNew\server\creq.txt -cert .\OracleWalletNew\server\cert.txt -validity 3650 -pwd %PASSWORD%

call orapki cert display -cert .\OracleWalletNew\server\cert.txt -complete

call orapki wallet add -wallet .\OracleWalletNew\server -trusted_cert -cert .\OracleWalletNew\root\b64certificate.txt -pwd %PASSWORD%

call orapki wallet add -wallet .\OracleWalletNew\server -user_cert -cert .\OracleWalletNew\server\cert.txt -pwd %PASSWORD%

The following commands have been found to work successfully in a Windows batch file when creating the client-side side wallet.

@echo on

set PASSWORD=password1

mkdir .\dbName-OracleClientWallet

call orapki wallet create -wallet .\dbName-OracleClientWallet\client -auto_login -pwd %PASSWORD%

call orapki wallet add -wallet .\dbName-OracleClientWallet\client -dn "OU=dbName,O=Celebrus Technologies Ltd,CN=Oracle Certificate Authority,C=UK" -keysize 2048 -pwd %PASSWORD%

call orapki wallet export -wallet .\dbName-OracleClientWallet\client -dn "OU=dbName,O=Celebrus Technologies Ltd,CN=Oracle Certificate Authority,C=UK" -request .\dbName-OracleClientWallet\client\dbName-creq.txt -pwd %PASSWORD%

call orapki cert create -wallet D:\OracleSSLWalletGenerationStuff\OracleWalletNew\root -request .\dbName-OracleClientWallet\client\dbName-creq.txt -cert .\dbName-OracleClientWallet\client\dbName-cert.txt -validity 3650 -pwd %PASSWORD%

call orapki wallet add -wallet .\dbName-OracleClientWallet\client -trusted_cert -cert D:\OracleSSLWalletGenerationStuff\OracleWalletNew\root\b64certificate.txt -pwd %PASSWORD%

call orapki wallet add -wallet .\dbName-OracleClientWallet\client -user_cert -cert .\dbName-OracleClientWallet\client\dbName-cert.txt -pwd %PASSWORD%

call orapki wallet display -wallet .\dbName-OracleClientWallet\client

call orapki wallet create -wallet .\dbName-OracleClientWallet\truststore -auto_login -pwd %PASSWORD%

call orapki wallet add -wallet .\dbName-OracleClientWallet\truststore -trusted_cert -cert D:\OracleSSLWalletGenerationStuff\OracleWalletNew\root\b64certificate.txt -pwd %PASSWORD%

call orapki wallet display -wallet .\dbName-OracleClientWallet\truststore

call orapki wallet pkcs12_to_jks -wallet .\dbName-OracleClientWallet/truststore -pwd %PASSWORD% -jksKeyStoreLoc .\dbName-OracleClientWallet/truststore/cwallet.jks -jksKeyStorepwd %PASSWORD%

12.2.2. Configure cluster for Oracle PKI authentication

  1. Install the cluster against an Oracle database without PKI authentication and ensure everything starts up and talks to Oracle.

  2. If the Oracle DBA team do not provide server and client certificates to use for the install, the example scripts in the install directory can be used to generate the server certificates and the client wallets for the profile database. It is essential the wallets follow the following naming convention: <username>-OracleClientWallet. It is suggested a copy of CreateClientWallet.cmd is taken and the contents modified to generate the wallet required for that database.

  3. Stop all the Celebrus services.

  4. The Oracle database user must be modified to support PKI authentication only. The following command can be used from Oracle SQL Plus or SQL Developer. The DN used here is just an example, but the content and format of the DN used to modify the user must match the DN used to create the wallet for that database (be aware the <database_user> should be in uppercase):

    ALTER USER <database_user> IDENTIFIED EXTERNALLY AS 'OU=<database_user>,O=Celebrus Technologies Ltd,CN=Oracle Certificate Authority,C=UK';

  5. Move a copy of the celebrus.java.security file into the install root directory.

  6. Modify the .conf file for each applicable server to add the following additional property modifying NN as appropriate:

    wrapper.java.additional.NN=-Djava.security.properties=..\celebrus.java.security

  7. Move the appropriate wallets generated earlier into each server’s serverCfg directory.

  8. Move the following Oracle JAR files in to the install root directory:

    oraclepki.jar
osdt_cert.jar
osdt_core.jar

  9. Modify the .conf file for each applicable server to add the following Oracle JAR files to the classpath:

    oraclepki.jar
osdt_cert.jar
osdt_core.jar

  10. Create or modify the secure.properties file to add the following property to say use Oracle SSL:

    use.ssl.db.oracle=true

  11. If using a JKS format trust store then modify the secure.properties file to add the following property:

    <database name>.oracle.ssl.authentication.trustStorePassword=<password>

  12. Modify the server configuration to use the correct Oracle port number for SSL.

  13. Start each server then check the log file and Cluster Management Console for errors.

12.2.3. Oracle SID or SERVICE_NAME

If you need to use an Oracle SERVICE_NAME to access the Oracle database rather than a SID the following property needs to be added to the secure.properties file: celebrus.use.oracle.serviceName=true.

12.2.4. Modify the Oracle OCI listener.ora file

If you are using the Oracle OCI driver you also need to do the following:

  1. Locate the active listener.ora files on the server and all client machines running Celebrus servers.

  2. Modify the files by adding the lines in bold below in the equivalent place in your file.

  3. You need to replace <hostname> with the machine name of your Oracle server.

  4. You also need to replace <path to> with the path to the OracleWallet folder created above.

LISTENER =
 (ADDRESS_LIST =
 (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
 (ADDRESS = (PROTOCOL = TCP)(HOST = <hostname>)(PORT = 1521))
 (ADDRESS = (PROTOCOL = TCPS)(HOST = <hostname>)(PORT=2484))
 )

WALLET_LOCATION =
 (SOURCE =
 (METHOD = FILE)
 (METHOD_DATA =
 (DIRECTORY=<path to>\OracleWallet\server)
 )
 )

Restart the Oracle TNS listener service on the Oracle server.

13. Automating headless installs

This section explains how to perform headless installs of the Celebrus software.

The Celebrus installer executable is built using BitRock InstallBuilder. The installer can be run as a command line application with a -optionfile <full path to options file> option. In this mode the installer displays no user interface and configures the product install entirely from the contents of an options file.

The following shows an example command which launches a headless install on a Windows server. Note that options on both Windows and Linux use --. The example also uses the Windows line continuation character`^` so the command can be run as shown from the command line or from a batch file.

CelebrusServers-9.0.469-windows-installer.exe ^
--mode unattended ^
--unattendedmodeui none ^
--optionfile "C:\installer.options" ^
--prefix "C:\Celebrus"

The return code from the installer process indicates success or failure. A zero return code means the install succeeded. Anything else indicates the install failed. When launched from a shell, the correct way to wait for the installer to complete is operating system dependent (for example, on Windows: start /wait). For examples of running the headless installer as part of a Bash or PowerShell script and checking for return codes, look at the upgrade scripts in the UpgradeTools directory of your install.

The --prefix command line option selects the install directory.

When a UI installer runs, it writes its install options (plus some extra values) out to a file installer.properties. This file is found in the product install directory. This is very useful to determine the correct value of an install option.

Specific servers can be removed from the install by changing the --disable-components command line flag. The installer has four optional components: collectionServer, configurationServer, profileServer, and realTimeServer. All four components are enabled by default. If you do not want them installed, disable using --disable-components.

The --disable-components option is only available when you install the product for the first time. Upgrades automatically detect which components are installed by looking for specific sub-directories in the install directory such as CollectionServer.

The --enable-components option is valid for the installer, but has no effect as Celebrus all components are enabled by default.

The installer options file can be used across all the supported platforms (Windows and Linux). However, the paths must be appropriate to that platform. This particularly affects the licenceFile and databaseJdbcDriverJarFile properties and the --prefix command line option.

If certificateAuthorityKeystoreFile points to a valid file it must contain your CA certificate and matching private key (and nothing else). The keystore and private key must have identical passwords as set in the certificateAuthorityKeystorePassword property. This CA keystore is then used for the install. The private key in the CA keystore is used to sign the certificates created for each server.

13.1. Installer properties

Below is and example list of all the installer properties:

licenceFile=C:\YourLicence.lcf
hostName=your.domain.com
clusterName=YourClusterName
isLegacySessionIdentification=0
smtpHostName=your.mail.system
smtpPort=25
smtpUserName=
smtpPassword=
smtpSender=from@your.domain.com
administratorUserName=administrator
administratorPassword=password
administratorEmail=administrator@your.domain.com
certificateAuthorityExistingKeystoreFile=0
certificateAuthorityKeystoreFile=cluster.keystore
certificateAuthorityKeystorePassword=password
collectionServerKeystoreFile=collection.keystore
collectionServerKeystorePassword=password
realTimeServerKeystoreFile=realtime.keystore
realTimeServerKeystorePassword=password
isCollectionServerService=1
isConfigurationServerService=1
isProfileServerService=1
isRealTimeServerService=1
collectionServerServiceName=CelebrusCollectionServer9.0.0
configurationServerServiceName=CelebrusConfigurationServer9.0.0
profileServerServiceName=CelebrusProfileServer9.0.0
realTimeServerServiceName=CelebrusRealTimeServer9.0.0
clusterManagementConsoleClusterPort=8901
collectionServerClusterPort=8902
configurationServerClusterPort=8903
profileServerClusterPort=8904
realTimeServerClusterPort=8905
databaseJdbcDriverJarFile=C:\mysql-connector-java-5.1.45-bin.jar
databaseVersion=MYSQL
repositoryDbType=MYSQL
repositoryDbDriverJarFile=C:\mysql-connector-java-8.0.26.jar
repositoryDbHost=your.domain.com
repositoryDbPort=3306
repositoryDbName=yourDbName
repositoryDbUserName=yourDbUserName
repositoryDbPassword=yourDbPassword

Help on each installer option can be found by running the installer with the --help option on the command line.

The table below outlines the properties in more detail. The Used by Servers column indicates which properties are required when installing which servers. If using the --disable-components command line flag to install only selected servers, you need only include properties for those servers or those marked as All. Note that there is no harm in providing properties for other servers in the file, they will just remain unused (which makes it easy to mostly re-use the same properties file to install several different servers).

Table 1. List of Properties
Property Used by Servers Description

licenceFile

All

File system path to the licence file.

hostName

All

Server host name.

clusterName

Configuration

Name to call the cluster.

isLegacySessionIdentification

Configuration

Choose 1 if you need to support legacy session identification.

smtpHostName

Configuration

Host name of your mail server.

smtpPort

Configuration

Port of your mail server.

smtpUserName

Configuration

If your mail server requires a username, then that username, otherwise leave blank.

smtpPassword

Configuration

If your mail server requires a username, then the associated password, otherwise leave blank.

smtpSender

Configuration

The from address to use when sending warning/information emails.

administratorUserName

Configuration

Configuration Manager administrator username.

administratorPassword

Configuration

Configuration Manager administrator password.

administratorEmail

Configuration

Configuration Manager administrator email address.

certificateAuthorityExistingKeystoreFile

All

Choose 0 for the installer to generate a new self signed certificate. Choose 1 to provide an existing certificate (this could be the cluster.keystore of the existing Configuration Server in the cluster, or your own CA certificate). If adding to an exising cluster the certificate must match the existing cluster.keystore.

certificateAuthorityKeystoreFile

All

If using an existing keystore, the file system path to the keystore to use, otherwise leave blank.

certificateAuthorityKeystorePassword

All

If using an existing keystore, the password of the keystore, otherwise leave blank.

collectionServerKeystoreFile

Collection

Keystore to use to secure external HTTPS connections to the Collection Server. This is required for all Collection Server installations.

collectionServerKeystorePassword

Collection

Password for the Collection Server keystore.

realTimeServerKeystoreFile

Real-Time

Keystore to use to secure external HTTPS connections to the Real-Time Server from web browsers that request images from the personalisation content library. This is required if using such features, otherwise leave blank.

realTimeServerKeystorePassword

Real-Time

Password for the Real-Time Server keystore. Leave blank if no keystore specified.

isCollectionServerService

Collection

Choose 1 to install the Collection Server as a service, 0 otherwise.

isConfigurationServerService

Configuration

Choose 1 to install the Configuration Server as a service, 0 otherwise.

isProfileServerService

Profile

Choose 1 to install the Profile Server as a service, 0 otherwise.

isRealTimeServerService

Real-Time

Choose 1 to install the Real-Time Server as a service, 0 otherwise.

collectionServerServiceName

Collection

Name of the Collection Server service. Can be left blank if not installing as a service.

configurationServerServiceName

Configuration

Name of the Configuration Server service. Can be left blank if not installing as a service.

profileServerServiceName

Profile

Name of the Profile Server service. Can be left blank if not installing as a service.

realTimeServerServiceName

Real-Time

Name of the Real-Time Server service. Can be left blank if not installing as a service.

collectionServerClusterPort

Configuration, Collection

Port used for cluster communications to the Collection Server. Default is 8902.

configurationServerClusterPort

Configuration

Port used for cluster communications to the Configuration Server. Default is 8903.

profileServerClusterPort

Configuration, Profile

Port used for cluster communications to the Profile Server. Default is 8904. When installing the Configuration Server set to -1 to disable if you do not plan to install a Profile Server.

realTimeServerClusterPort

Configuration, Real-Time

Port used for cluster communications to the Real-Time Server. Default is 8904.

databaseJdbcDriverJarFile

Profile

File system location of the JDBC driver used to connect to the Profile Database.

databaseVersion

Profile

Profile database type and version. Valid values (MYSQL, MARIADB, and ORACLE).

repositoryDbType

Configuration

Configuration database type. Valid values (MYSQL, MARIADB, DERBY). Default is DERBY. For both MYSQL and MARIADB you must provide and manage the database. For DERBY an embedded database is managed automatically by the Configuration Server.

repositoryDbDriverJarFile

Configuration

File system location of the JDBC driver used to connect to the configuration database. Not required when DERBY is used as the repositoryDbType.

repositoryDbHost

Configuration

Host machine of the configuration database. Not required when DERBY is used as the repositoryDbType.

repositoryDbPort

Configuration

Port on which the configuration database can be connected to. Not required when DERBY is used as the repositoryDbType.

repositoryDbName

Configuration

Database name to use for the configuration database. Not required when DERBY is used as the repositoryDbType.

repositoryDbUserName

Configuration

User name to use when connecting to the configuration database. Note required when DERBY is used as the repositoryDbType.

repositoryDbPassword

Configuration

Password to use when connecting to the configuration database. Not required when DERBY is used as the repositoryDbType.

14. Upgrading your servers

The Celebrus server installer performs upgrades. You run this installer in each install directory on each machine in your cluster. You can also run the installer process as a headless application (unattended mode).

You cannot upgrade between major releases, as they always require a fresh install of the software. For further details see the Celebrus Support Policy.

14.1. Preparing for an upgrade

Before you begin any upgrade, reading the Release Notes will save you time and effort. In particular the Essential Reading sections for between the version you are coming from and the version you are upgrading to.

Begin by stopping the Configuration Server and taking a backup of the derby directory in the Configuration Server install directory. This is very important should you need to rollback an upgrade because of an unexpected problem. Prior to Celebrus 9.5, Rolling upgrades are not supported. Downtime of the Celebrus cluster is required to perform the upgrade. Choosing a quiet part of the day is beneficial to reduce service disruption. The installer stops all services during the install process. If your servers are running as services then the installer re-registers them during the install process. This is required because the service name often includes the product version number which changes between releases.

During the upgrade any unsaved changes within active Configuration Manager or Operations Dashboard sessions will be lost. Ensure your Celebrus administrator users are aware the upgrade is being performed.

14.2. Rolling back an update

Rolling back an update is a manual process. You must uninstall the product and re-install the earlier version. It is for this reason Celebrus recommends you take a backup of the derby directory in your Configuration Server before starting. After you have re-installed the earlier version, restore this derby directory then you can start the Configuration Server.

14.3. Java Virtual Machine

Every Celebrus install has a Java Virtual Machine (JVM) included in it. The JVM provided with the product install is located in the jre directory. Java moves forward with regular releases as does the version of Java provided with a Celebrus install. Therefore, when you upgrade a Celebrus install you may also get an upgraded Java Virtual Machine.

Don’t modify the contents of the jre directory, for example by changing the cacerts as these changes will be lost on an upgrade. Instead prefer customising by using resources outside of the jre directory and configuring it with system properties within the .conf file or secure.properties.

14.4. Rolling upgrades

Introduced as part of Celebrus 9.5, rolling upgrades permit an existing Celebrus deployment to be upgraded one server at a time, without the need to stop the entire cluster. This hugely reduces downtime.

Important points to note:

  1. Rolling upgrades are only supported if your current Celebrus version is 9.4 or greater.

  2. It is not possible to perform a rolling upgrade if a single Celebrus install contains multiple server types, for instance a Collection and Real-Time server.

  3. The order in which upgrades are done is critical.

  4. During the upgrade:

    1. the data processing pipeline is maintained, allowing activation of data through Data Loader, Data Streams etc.

    2. the Configuration Server only synchronises configuration with servers that are on the same major and minor version.

    3. the Operations Server provides only minimal information of servers that are not on the same major.minor version as itself.

To perform a rolling upgrade, all Real-Time Servers must be upgraded before any Collection Servers. Other servers can be upgraded in any order.

The recommended order is:

  1. Operations Server

  2. Real-Time Servers

  3. Configuration Server

  4. Collection Servers

  5. Profile Server (if present)

14.5. Post upgrade checks

It’s important to ensure that once an upgrade is complete everything is working correctly. Some suggested checks are listed below:

  1. Operations Dashboard homepage
    This provides an instant picture of the health of your Celebrus system. Is anything in error? Is it showing events being processed? New advice messages may appear after an upgrade as self-diagnostics of the system constantly evolves.

  2. Operations Dashboard
    Check you can log in to the Operations Dashboard pages and very detailed monitoring information.

  3. Configuration Manager
    Check you can log in to the Configuration Manager and view some of the configuration. Try to create a Test Case is a good test as it ensures the Chromium browser integration used for this is operational.

14.6. Upgrading via the Deployment Manager

The Deployment Manager is tool which, among other things, can automate upgrades to your Celebrus deployment by executing an installer for each cluster install as well as the Operations Server and dashboard. The tool supports rolling upgrades if the Real-Time Servers were not co-installed with either the Collection or Profile Server. The options selected within the tool can be saved to support execution in headless mode.

For more details on other tasks the Deployment Manager can help with please see the System Operations Guide.
For users familiar with the Celebrus Upgrader tool from v9.6, much of the below will seem familiar. The upgrade app within the Deployment Manager builds heavily upon the same foundations.
Prerequisites

  1. Celebrus installers for the release to upgrade to. The location of the installers must be accessible from where the tool is executed from.

  2. Secure Shell (SSH) connection details for each server in the cluster. The user must be capable of running sudo on Linux or have admin rights on Windows. For Windows this will requiring enabling the OpenSSH feature.

  3. Location of a working directory on each server where the installer and upgrade script will be copied to. The SSH user must have permissions to write to this directory. This is typically a temporary directory such as /tmp/Celebrus or a folder under the home directory of the user (e.g. /home/username/Celebrus).

  4. Location of the installation directory for each server. This allows the tool to know which install to upgrade. The tool automatically stops services before an upgrade and restarts them afterwards.

  5. Access to the cluster topology. This can be retrieved automatically from either the Operations Server REST API or the Configuration Server using SSH. Alternatively the topology can be provided manually. The tool uses the topology to enable it to upgrade the servers in an order to achieve minimal data loss.

  6. If the cluster topology is being retrieved automatically using the Operations Server REST API, cluster credentials for a user who has read access to the cluster topology must be provided.

  7. In a change from the v9.6 Celebrus Upgrader, mixed cluster platform types are now supported.

  8. For rolling upgrades, all conditions of Rolling upgrades must be fulfilled.

14.6.1. Running the graphical tool

The Deployment Manager can be run in graphical or headless modes. To run in headless mode you must have first built both a cluster layout options file and an upgrade options file using the graphical mode. This is a change from the Celebrus Upgrader where one file contained all the options. The change allows the reuse of the same cluster layout options no matter what task the Deployment Manager is undertaking, which should save time.

To run the tool first copy DeploymentManager.jar and either DeploymentManager.bat (Windows) or DeploymentManager.sh (Linux) to a directory outside of your Celebrus install. All these files can be found within the DeploymentManager directory of your install.

The tool requires Java 11 to run. As each Celebrus install includes Java 11, you can copy Java from the jre directory of a Celebrus install if you don’t have an existing copy. Ensure that Java is specified within your operating system’s PATH environment variable.

To check the version of Java you are using execute the below. If this fails to run it indicate that Java is not within the PATH.

java -version
Do not execute the tool from inside a Celebrus install as the upgrade will fail. The tool needs to be able to update all files in the install, including its own JAR file.

To run the Deployment Manager you can use DeploymentManager.bat on windows or DeploymentManager.sh on Linux. In both cases these simply invoke Java as follows:

java -cp DeploymentManager.jar com.speed_trap.upgrade.servers.DeploymentManager

14.6.2. Defining the Cluster Layout

Once the tool loads, you are presented with a navigation pane to the left and a number of tabs to the right. The tabs to the right are used to define your cluster layout. That is, all the hosts and servers in your cluster, how to connect to them, where to upload files to, the install location on the file system and so on. This layout is reused by every task the Deployment Manager performs, and can be loaded and saved using the navigator. We strongly recommend saving your cluster layout for later, as it will speed up the process of future upgrades or other tasks.

The best way to define your cluster layout is to work your way from left to right along the tabs. Set the global options and then define whichever global default values make sense for your architecture. Then define where the tool can acquire the cluster topology from. With that in place on the Core Servers tab you can select Update from Topology. This will use the cluster topology to add hosts and servers to the table. Values will be pulled from your global defaults to round out the details of each host. You should then check and add anything missing. Finally, add the details of your Operations Dashboard Server.

At this point we suggest saving the cluster layout using the Save Cluster Layout option from the navigator, so it’s available for future use. We suggest saving with passwords wherever possible.

Saved passwords are encrypted using a keystore generated by the tool. The keystore is protected by a primary password. You must keep this password safe. Without it your passwords will not be able to be decrypted and you will need to enter them again. The tool does not save or store this password anywhere and it is randomly generated. If you are saving options which were previously loaded you can choose to use the existing keystore (which will retain the same password) or use a new one (which will generate a new password). Headless operations are not possible without a cluster layout which contains the server passwords. Do not store the keystore password in the same place as the cluster layout file as this could give a malicious actor access to your details.

14.6.3. Upgrade Options

Once you have a cluster layout in place click Upgrade Cluster from the navigator to define the upgrade specific options. A wizard will step you through the short process and give you the option to execute the upgrade within the tool or save to an options file for later. If you are planning to perform a headless upgrade later, choose to save. You should now have a cluster layout options file, an upgrade options file and a keystore password for the cluster layout options.

If you choose to upgrade immediately, a log of the upgrade progress will be shown on screen.

14.6.4. Upgrade Process

When the Deployment Manager performs an upgrade it takes the following steps:

  1. Checks connectivity to all servers.

  2. Uploads the installer to all servers.

  3. Upgrades servers one at a time, conforming to rolling upgrade ordering.

The steps each server upgrade takes are as follows.

  1. Stops Celebrus services of the target install.

  2. Performs a backup of the Celebrus install. It will not back up the default data loader RealTimeServer/data, the event store RealTimeServer/events, or configuration backup ConfigurationServer\autoBackups directories. If you’ve changed the default folders for any of these ensure that they are outside the install directory, or the script will attempt to back them up which could take a very long time and consume a great deal of disk space.

  3. Runs the Celebrus installer.

  4. If the upgrade failed, roll-back to the backup.

  5. Restart Celebrus services.

Once these steps are complete for the clustered servers it performs the same steps for the Operations Server and dashboard. While the script and installer are different the steps taken are the same.

14.6.5. Manual Roll-back

If after a failed upgrade a manual roll-back is required, you can revert to the previous version by copying the contents of the latest backup zip from <install-location>/upgradeBackup over the install location. Choose to replace all files. This can happen if the installer exits normally but it didn’t manage to perform part of the upgrade. If the installer exits with a failure code, the tool attempts to automatically roll-back.

14.6.6. Headless Upgrades

To run a headless upgrade you must have first built both a cluster layout options file and an upgrade options file using the graphical mode. When preparing the options files, ensure passwords are saved otherwise the tool won’t be able to connect to your servers. The keystore password the file was saved with is required.

To run a headless upgrade execute:

java -cp DeploymentManager.jar com.speed_trap.upgrade.servers.headless.HeadlessUpgrader -cluster [pathToClusterLayoutOptionsFile] -options [pathToUpgradeOptionsFile] -key [keyStorePassword]

Where:

pathToClusterLayoutOptionsFile

is the file system path to your cluster layout file.

pathToUpgradeOptionsFile

is the file system path to your upgrade options file.

keyStorePassword

is the password used to protect the keystore which encrypted your server passwords.

Optional arguments can be specified as follows:

-skiptopology

usually when running in headless mode the upgrade tool will first download the deployment toplogy and check the options conform to it before upgrading. This can cause problems if you’ve made manual changes to the set of servers to upgrade (e.g. removing some hosts). To just use the options file as is, add this flag to the command line.

-norolling

without this flag the upgrade tool will only permit upgrades of systems which are installed so as to support rolling upgrades. Specifying this flag will allow the upgrade to go ahead regardless. Please be aware that upgrading a Celebrus system which has both Collection and Real-Time Servers installed on the same host will result in some data loss during the upgrade window.

-help

shows a list of all possible command line options, then immediately exits.

14.6.7. Logging

The tool supports Log4j2 for its logging. By default it logs to stdout in headless mode and both stdout and the user interface in graphical mode. Providing a log4j2.xml configuration file located in the same directory you execute the tool from allows you to redirect this output and change logging levels as required. The package you should use to change logging level in your log4j2.xml is com.speed_trap.upgrade.servers.

14.6.8. Likely causes of failure

A list of common reasons why the upgrade might fail:

  1. User not having admin rights on Windows, or not being able to sudo over ssh on Linux.

  2. User being unable to start/stop services.

  3. SSH ports being closed or file uploads being prevented by firewall or system policy.

  4. OpenSSH Server not being installed on Windows.

  5. Execution of PowerShell scripts being restricted for the user on Windows. You can fix this by opening an administrator PowerShell on the remote system as the user which is to do the upgrades and executing the following command below. Please be aware of the security implications of doing so.

    set-executionpolicy remotesigned -Scope CurrentUser

  6. TTY being required to sudo on Linux. On RHEL you can change this setting in your sudoer file by adding or amending your exist requiretty entry to the below.

    Defaults    !requiretty

  7. Trying to run the upgrade using the Deployment Manager executed from inside the install location. Exceptions similar to the below could indicate this problem:

    Failed to upload installer and upgrade script to host host2. Cause ZipException: ZipFile invalid LOC header (bad signature).

15. Event Store

Real-Time Servers can store their events in a file based Event Store. Each Real-Time Server has its own Event Store. The Event Store is a directory on a Real-Time Server, normally kept separate from the system drive.

The Event Store keeps a copy of every event sent to the Real-Time Server by the Collection Servers. The Event Store can be used to re-process data through the Real-Time Server when your semantic configuration is changed. For more information on re-processing, see the Data Loader User Guide.

Events are stored in the Event Store in files in the Parquet file format. This format is used because it provides the good data compression and performance characteristics. For older installations which have been upgraded and used the Avro format, this format can continue to be used, but is not available for new installs. This is because it is significantly less performant to query.

The Event Store is configured through the Configuration Manager. The Real-Time Servers also monitor available disk space in the Event Store and raise management status alerts if the system is likely to run out of space within the next day.

Events are written to the Event Store when they arrive on a Real-Time Server. They accumulate in a file until the file is rolled. This either happens on a periodic basis (e.g. every five minutes) or when something needs to query the events (e.g. Event Sample query in the Configuration Manager).

In progress event files are written into a configurable working directory. This working directory must be the same on each Real-Time Server and local to them. It must not be a location shared by multiple servers. When a file is rolled, it is closed and then exported. Event store files can be exported to one of:

  • Local file system - a directory which should be outside the Real-Time Server install and which must be on the local machine. The directory will be the same name/location for each of the servers, but on their local machine.

  • Shared file system - a directory which should be accessible through the same share or mapping for each Real-Time Server. The location is shared by all servers and files are exported using the Real-Time Server ID as a prefix directory.

  • Amazon S3 - all Real-Time Servers share the same S3 bucket and include their Real-Time Server ID in the prefix to avoid conflicts.

When archiving to S3, the Event Store bucket should not be used by anything else. In particular, this applies to archiving Data Loader files to S3. Each must use its own bucket.

Exported files are categorised into a sub-directories which follows a YYYY/MM/DD naming hierachy. For S3, the object prefix includes year, month and day based identifiers. This allows for swifter querying than would otherwise be possible, especially with high data volumes.

The Event Store can be set to either Process events or Do not process events. If you set the task to Do not process events then the Event Store does not write any events out to the files. It is always recommended to enable the Event Store.

The system also handles purging old files. You can configure how long files should be kept for (the default is 90 days).

When you have finished configuration the Event Store, you must save the configuration to the repository. The configuration is automatically replicated to all Real-Time Servers in the cluster (normally within a minute or so).

15.1. S3 api permissions

Using an S3 Event Store requires the following permissions. As the names of these permissions may change as the Amazon API and SDK changes, they are listed in abstract terms.

  • List the bucket

  • Put objects to the bucket

  • Get objects from the bucket

  • Delete objects in the bucket

You will also need whatever other permissions are required based on how the bucket is being accessed. E.g. the GenerateDataKey permission.

15.2. Security

The Event Store configuration is stored in the system repository. Changes can be viewed and tracked in the Audit Trail app. Users must have write permission to the Event Store before they can change configuration.

A security permission is also required to create test cases from the Event Store - this is the Event Store Data permission screenshot above. The ability to create test cases from the Event Store is security sensitive because sessions may contain customer information.

15.3. Data file location

The Real-Time Server creates a default events directory under it’s install directory. This directory location can be changed in the Event Store app and applies to all Real-Time Servers. For example, if the directory is set to /events then every Real-Time Server uses a directory called /events to store the files. If this events directory is left blank in the Event Store app then the default events directory is used.

15.4. Archived event stores

If you have old event stores from a decommissioned server and wish to be able to query them (e.g. to create test cases and event samples) or reprocess over them, then you can add these within the Event Store configuration. Nothing will be written to them, but they will be available for reading. Note that the directies you specify can be anywhere, but they must be in the correct format; that is a directory with an export folder inside which contains the Event Store files.

16. Troubleshooting guide

The troubleshooting guide serves as a first reference point for problem resolution. Additional information can be found within the specific application documentation.

16.1. Sources of diagnostic information

Additional diagnostic information is available for all Celebrus application components within their appropriate log files located within the <install directory>/logs directory. Server log files are limited by size. Once a log file reaches a threshold size, it is renamed and appends a number to the name then creates a new log file using the original name. By default, ten such log file iterations are retained before the oldest is overwritten.

16.2. Installer problems

16.2.1. NullPointerException running installer

You may see the following exception when running the installer on Linux:

NullPointerException at sun.awt.FontConfiguration.getVersion(FontConfiguration.java:126

This is caused by the following bug in the OpenJDK:

https://github.com/AdoptOpenJDK/openjdk-build/issues/693

You can workaround this problem by installing the font configuration libraries:

sudo yum install fontconfig

Or use the following command depending on your Linux distribution:

sudo apt install fontconfig

16.2.2. Running installer as root fails because DISPLAY not authorized

Either run the installer in text mode, or add xauth to root from another account:

xauth add $(xauth -f /home/<user>/.Xauthority list|tail -1)

16.3. General problems

16.3.1. Configuration Manager does not start

See the Operations Dashboard Installation Guide, sections Linux Prerequisites and Configuration Manager Troubleshooting for details.

16.3.2. Server does not run on initial install

Check for errors in the log file <install directory>/logs.

16.3.3. Server does not start after system restart

Check for errors in the log file <install directory>/logs. Check the server was installed as a service and the service start-up is enabled.

On Windows systems, check the relevant service is present in the system manager console. If it is present, ensure it is set to start automatically. If the service is not present, you have to generate the service by executing the batch file:

<install directory>\{server type}\Install*-Windows.bat`

It is possible that another service, which was disabled when the initial install was performed, has started prior to this service, and has bound itself to ports used by this server. As such, it is possible the server does not start. Consult the relevant log file.

16.3.4. Event Store not functioning on Windows

The Event Store on Windows requires the Visual C++ 2010 redistributable to be installed. This is included as part of the Celebrus installation. If however the RealTimeServer.log files contain exceptions showing an exitCode of -1073741515, the redistributable is no longer present and will need to be reinstalled.

Caused by: ExitCodeException exitCode=-1073741515:
  at org.apache.hadoop.util.Shell.runCommand(Shell.java:1008)
  at org.apache.hadoop.util.Shell.run(Shell.java:901)
  at org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:1213)
  at org.apache.hadoop.util.Shell.execCommand(Shell.java:1307)
  at org.apache.hadoop.util.Shell.execCommand(Shell.java:1289)
  at ...

The latest redistributable can be downloaded from Microsoft by searching for visual C 2010 redistributable*. Install the latest service pack version which at the time of writing is *Microsoft Visual C 2010 Service Pack 1 Redistributable Package MFC Security Update.

17. Metabase Server

Metabase is a business intelligence tool that allows you to connect to various popular databases and ask questions about your data. Metabase provides useful insights into the data collected by Celebrus. The Metabase Server is a stand alone application using its own database. It can be installed with the dedicated Celebrus installer.

17.1. Install prerequisites

17.1.1. Database

Metabase Server requires its own dedicated application database where it saves all its entities like dashboards, questions, accounts, and configurations. Supported databases are: PostgreSQL, MySql, MariaDb and H2.

The H2 database may be handy for testing purposes but it should never be used in production.
The empty application database must be created before the Metabase installation. The installer requires database connection details.
PostgreSQL

Metabase requires a minimum PostgreSQL version of 9.4 but it is recommended to use the latest stable release with installed extensions (postgresql-contrib). The database should use the UTF8 encoding:

createdb --encoding=UTF8 -e metabase
MariaDB and MySql

The minimum recommended version is MySQL 8.0.17 or MariaDB 10.2.2, and the utf8mb4 character set is required:

CREATE DATABASE metabase CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

17.1.2. Server platforms

Metabase can be installed on the following Windows versions:

  • Windows Server 2016 (all editions)

  • Windows Server 2019 (all editions)

  • Windows Server 2022 (all editions)

The following Linux distributions are supported:

  • SuSE Linux 12.2

  • Red Hat Enterprise Linux 7, 8, 9

Metabase has been tested on the following operating systems for non-production use only:

  • Windows 10, 11

  • Ubuntu 20.04

  • Mac OSX 12 Monterey x86

  • Mac OSX 13 Ventura Apple Silicon

17.1.3. Keystore

A keystore is used to configure the Metabase Server to run over HTTPS. For a production environment, this keystore must be signed by a known certificate authority (CA) such as https://www.thawte.com/. Such CAs are known and trusted by web browsers and mobile devices. For testing purposes you can create a self signed certificate using tools like Java keytool or keystore Explorer (https://keystore-explorer.org/). Metabase uses keystores in JKS format.

Never use a self-signed certificate for a Metabase HTTPS endpoint which is exposed to the internet because it is not trusted by client devices.

17.2. Step-by-step install guide

The installation of Metabase is designed to be as simple as possible and can typically be performed in a matter of minutes.

The installer requires the end user to have root privileges on Linux platforms (possibly using sudo to invoke the installer) or Administrator privileges on Windows. If the user does not have the appropriate privileges, an error is displayed and the installer exits.

17.2.1. Genaral

Locate the relevant installer executable and execute it.

Windows

Double click on the Windows .exe file.

Linux

Execute the .run file for Linux.

Mac OSX

Experimental Mac support for Metabase has been introduced, limited for use in non-production environments. A known issue exists with the installers' packaging so it does not install by executing the file directly. Instead unzip the .app.zip installer file. Once unzipped execute the folder’s /Contents/MacOS/installBuilder.sh file.

To uninstall, execute [installDirectory]/uninstall.all/Contents/MacOS/installBuilder.sh.

17.2.2. Licence agreement

You must accept the licence terms before the install proceeds.

17.2.3. Third party licence agreement

A secondary licence screen is displayed which covers the third-party software components utilised by Metabase. You must signify your acceptance of these terms before progressing to the next page.

17.2.4. Choose install location

Next, select the install location for the software. Typically the default location suffices. If you choose an existing product install directory, then an upgrade is performed.

17.2.5. System administrator

Enter the details for the Metabase system administrator. Your system is automatically set up with a system administrator role and user.

17.2.6. Choose a database

Select what type of Metabase application database you require.

The H2 database should never be used in production.
The MySQL option covers both MySQL and MariaDB.

If you select PostgreSQL or MySQL you’ll be asked for its details which will be stored by the installer in the metabase.properties configuration file. The installer does not create the database. The empty database must already exist. The required database schema will be created by the Metabase Server at start-up.

17.2.7. Metabase service

Select whether you want the Metabase Server to run as a service. Enter the Metabase host name and the Metabase Server HTTP port number.

17.2.8. Metabase keystore

If you plan to access Metabase via HTTPS select the Enable HTTPS checkbox, enter the HTTPS port number and select your keystore file.

The keystore file should be in JKS format.

17.2.9. Celebrus Dashboard integration

If your Metabase Server and Celebrus Operations Dashboard server are to be installed on the same host you can ask installer to add Metabase links to the main Dashboard navigation and the Machine Learning Explorer app in the Configuration Manager. To do so, tick the Celebrus Dashboard Integration checkbox and select your Dashboard installation directory. The installer creates the webAppsIntegration.properties file and, if requested, copies it into the Dashboard installation directory to activate the integration. This installation step is optional and the the file can also be copied manually later at any time.

17.2.10. Ready to install

Click Next when you are ready to proceed with installation.

17.2.11. Installing files

The installer unpacks and installs the system as configured.

Once the required files are unpacked and installed, the system is configured to match the options you chose during the installation process.

17.3. After the install

This section details simple steps that should be performed after an install to verify the application components are operating correctly.

17.3.1. Start the Metabase Server

Start the newly installed Metabase Server, typically by using the appropriate service controls on the system. Ensure the Metabase starts correctly and view the relevant log files within the logs folder of the new install. Check to make sure no errors are reported.

If Metabase is installed as a service, then it is good practice to reboot the machine to ensure the service starts without error.
Windows

To start the Metabase manually, either use the standard Windows services tools or execute metabase.bat. The script file is located in the metabase sub-folder of the installation directory.

Linux

To start the servers manually, execute metabase.sh start. The script file is located in the metabase sub-folder of the installation directory.

17.3.2. Login to Metabase

Once your Metabase Server is up and running you can open the Metabase application in the browser and login using the administrator credentials defined during the installation.

If you use HTTPS enter: https://<metabase.host>:<metabase.https.port>;

For HTTP use: http://<metabase.host>:<metabase.http.port>`

Values for <metabase.host> <metabase HTTPS port> and <metabase HTTP port> must match values entered during the installation.

You can check above values in the metabase.properties file where all server configuration parameters are stored:

PARAMETER DESCRIPTION

MB_JETTY_HOST

Configure a host either as a host name or IP address to identify a specific network interface on which to listen. If set to 0.0.0.0, Metabase listens on all network interfaces. Metabase listens on the port specified in MB_JETTY_PORT.

MB_JETTY_PORT

HTTP port.

MB_JETTY_SSL

When set to true, enables HTTPS with the options configured in the MB_JETTY_SSL_* variables.

MB_JETTY_SSL_PORT

Configure which port to use for HTTPS. Metabase listens on the interface specified in MB_JETTY_HOST.

MB_JETTY_SSL_KEYSTORE

Path to Java keystore file.

MB_JETTY_SSL_KEYSTORE_PASSWORD

Password for Java keystore file.

MB_DB_TYPE

Selected database type. Can have values: h2, postgres, mysql. When h2, the application database is loaded from MB_DB_FILE, otherwise MB_DB_HOST will be used to define application database.

MB_DB_HOST

Database host.

MB_DB_PORT

Database port.

MB_DB_DBNAME

Database name.

MB_DB_USER

Database user name.

MB_DB_PASS

Obfuscated database password.

SETUP_ADMIN_EMAIL

Metabase administrator email address.

SETUP_ADMIN_PASSWORD

Obfuscated password for the Metabase administrator user.

SETUP_ADMIN_FIRST_NAME

Metabase administrator first name.

SETUP_ADMIN_LAST_NAME

Metabase administrator last name.

MB_ENCRYPTION_SECRET_KEY

When set, this encrypts database credentials and configuration settings stored in the application database. Requirement: minimum 16 characters base64-encoded string. See also the following link for more information: https://www.metabase.com/docs/latest/databases/encrypting-details-at-rest.
The metabase.properties file is the main configuration file for your Metabase Server. If needed, it can be manually edited after the installation. The automated Metabase installation upgrade does not overwrite this file.

17.4. Automating headless installs

This section explains how to perform headless installs of the Metabase software.

The Metabase installer executable is built using BitRock InstallBuilder. The installer can be run as a command line application with a -optionfile <full path to options file> option. In this mode the installer displays no user interface and configures the product install entirely from the contents of an options file.

The following shows an example command which launches a headless install on a Windows server. Note that options on both Windows and Linux use --. The example also uses the Windows line continuation character ^ so the command can be run as shown from the command line or from a batch file.

CelebrusMetabase-9.10.0.390-windows-installer.exe ^
--mode unattended ^
--unattendedmodeui none ^
--optionfile "C:\installer.options" ^
--prefix "C:\Celebrus"

The return code from the installer process indicates success or failure. A zero return code means the install succeeded. Anything else indicates the install failed.

The --prefix command line option selects the install directory.

When a UI installer runs, it writes its install options (plus some extra values) out to a file installer.properties. This file is found in the metabase folder in the product install directory. This is very useful to determine the correct value of an install option.

The installer options file can be used across all the supported platforms (Windows and Linux). However, the paths must be appropriate to that platform. This particularly affects the jettyKeystoreFile and dashboardInstallDir properties and the --prefix command line option.

17.4.1. Installer properties

Below is and example list of all the installer properties:

administratorPassword=adminPassword
administratorFirstName=John
administratorLastName=Smith
administratorEmail=administrator@your.domain.com
databaseVersion=MYSQL
databaseHostName=dbhost.db.com
databasePort=3306
databaseName=metabase
databaseUserName=metabaseDbUser
databasePassword=metabaseDbPass
metabaseServerServiceName=MetabaseServer9
isService=1
dashboardIntegration=1
dashboardInstallDir=C:\Program Files/CelebrusDashboard9
metabaseHost=metabase.mydomain.com
metabasePort=3000
jettyKeystoreBool=1
metabaseHttpsPort=443
jettyKeystoreFile=../CA/metabase-keystore.jks
jettyKeystorePassword=keystorePassword

Help on each installer option can be found by running the installer with the --help option on the command line.

The table below outlines the properties in more detail.

Table 2. List of Properties
Property Description

administratorPassword

Metabase administrator password.

administratorFirstName

Metabase administrator first name.

administratorLastName

Metabase administrator last name.

administratorEmail

Metabase administrator email address.

databaseVersion

Metabase database version. Can be : MYSQL, POSTGRESQL or H2.

databaseHostName

Metabase database host name. For H2 leave blank.

databasePort

Metabase database port. For H2 leave blank.

databaseName

Metabase database name. For H2 leave blank.

databaseUserName

Metabase database user name. For H2 leave blank.

databasePassword

Metabase database password. For H2 leave blank.

metabaseServerServiceName

Metabase service name.

isService

Choose 1 to install Metabase Server as a service, 0 otherwise.

dashboardIntegration

Choose 1 to to add Metabase links to the Operations Dashboard.

dashboardInstallDir

Operations Dashboard server installation directory. Not required when dashboardIntegration is 0.

metabaseHost

Metabase Server host. This value is stored in the MB_JETTY_HOST configuration property.

metabasePort

Metabase Server HTTP port. This value is stored in the MB_JETTY_PORT configuration property.

jettyKeystoreBool

Choose 1 to to enable HTTPS.

metabaseHttpsPort

Metabase Server HTTPS port. This value is stored in the MB_JETTY_SSL_PORT configuration property. Not required when jettyKeystoreBool is 0.

jettyKeystoreFile

File system path to the Metabase Server keystore file. This file is copied to the Metabase install directory and used as value for the MB_JETTY_SSL_KEYSTORE configuration property. Not required when jettyKeystoreBool is 0.

jettyKeystorePassword

Password for the Metabase keystore file. Not required when jettyKeystoreBool is 0.

17.5. Upgrading Metabase

The Metabase Server installer performs upgrades. You run this installer in the existing Metabase install directory. You can also run the installer process as a headless application (unattended mode).

The upgrade does not modify the metabase.properties configuration file. The metabase server automatically upgrades its database if necessary on the server start-up.

It is recommended to take a backup of your Metabase application database before upgrading your installation.