Advanced ALM Octane server configuration

This section describes advanced configuration tasks for the ALM Octane server.

Redirect http to https

This procedure describes how to redirect http to https. You need to redirect to https when accessing the ALM Octane server directly, and not through a front-end server.

To redirect http to https:

  1. Edit /opt/octane/webapps/root/WEB-INF/web.xml, and add the following at the end (before </web-app>):

    <security-constraint>
    	<web-resource-collection>
    		<web-resource-name>Everything</web-resource-name>
    		<url-pattern>/*</url-pattern>
    	</web-resource-collection>
    	<user-data-constraint>
    		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    	</user-data-constraint>
    </security-constraint>
                        
  2. Restart .

  3. Access ALM OctaneALM Octane via http://<ALM Octane>:8080/ui. Port 8080 is the default port.

    You should be redirected to https://<ALM Octane>:8443/ui. If not, ensure that SecurePort in jetty.xml matches your secure port.

Back to top

Configure number of allowed open files (Linux)

If ALM Octane is under a very heavy load, it might try to use too many Linux resources. In this case, Linux kills the server process. Do the following to increase the number of allowed open files to 65536:

  1. Open the /etc/security/limits.conf file.

  2. Add the following line:

    octane hard nofile 65536
  3. Restart the ALM Octane server.

For details, see https://easyengine.io/tutorials/linux/increase-open-files-limit/.

Back to top

Configure secure database access

This section describes how to configure a secure connection from the ALM Octane server to the database server. The secure connection is protected with SSL/TLS for encryption and authentication.

This section includes: 

Defining the connection-string for secure database access

SQL Server

SQL Server Scenario Instructions
SSL/TLS is required

Add the encryption method to the end of the ConnectionString value.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=true

SSL without certificate validation

When using SSL, disable validation of the certificate sent by the database server. Add the encryption method to the end of the ConnectionString value, and apply the certificate into the java certs file located under <JAVA_HOME>\jre\lib\security\certs.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=false;trustStore=<Java Certs file>;trustStorePassword=<JKS password>

Oracle

Oracle scenario Instructions
SSL/TLS required

To configure a secure connection from the ALM Octane server to the database server using SSL or SSO, refer to the section Using SSL/SSO in Oracle (optional).

To configure a secure database connection for a previously-unsecured database

This step provides instructions for configuring the site schema connection.

Skip this section if you have a separate database server for your workspaces and you only want a secure connection to that database.

This section is relevant if the database server that was configured for a secure connection contains your site schema.

  1. Edit the octane.conf file. The default location is /opt/octane):

    1. Set the value of site-action to CONNECT_TO_EXISTING:

      site-action=CONNECT_TO_EXISTING
    2. Edit the line with connection-string. For details, see Advanced ALM Octane server configuration.

  2. If SSL/TLS is required, make sure the trust on the ALM Octane server has been established. For details, see Configure trust on the ALM Octane server.

  3. Run the service to start the ALM Octane server.

    systemctl start octane

To configure a secure database connection for a new ALM Octane installation

  1. After installing ALM Octane, start the server:

    systemctl start octane
  2. In the Database Server step, select the connection-string option and set the values for your database. For details, see Advanced ALM Octane server configuration.

  3. Make sure the trust on ALM Octane the ALM Octane server has been established. For details, see Configure trust on the ALM Octane server.

Configure SSL offloading

When ALM Octane is installed with SSL offloading, make sure re-directions go to HTTPS addresses instead of HTTP addresses.

  1. The X-Forwarded-Proto header must be defined in a reverse proxy.

    For example (on Apache):

    1. Add this line at the end of httpd.conf:

      RequestHeader set X-Forwarded-Proto https
    2. Restart Apache.
  2. Open the <ALM Octane-installation-folder>/octane/server/conf/jetty.xml file in an editor.

    In the section <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">, make sure that the following lines are uncommented:

    <Call name="addCustomizer">
    <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
    </Call>

Back to top

Dedicate a cluster node for background jobs – 12.60 CP8 and later

You can dedicates nodes for certain purposes, such as for running background asynchronous jobs. This frees up nodes for processing requests that come directly from the ALM Octane UI, as users work.

Overview

Cluster nodes can be one of the following types:

  • Worker nodes. Cluster nodes that handle background asynchronous jobs, such as synchronization.

  • Web nodes. All other nodes. Web nodes generally handle direct requests from ALM Octane, but can also handle background jobs if the worker nodes are not available. The load balancer distributes the requests as usual among the web nodes.

To dedicate a node for background jobs

After the ALM Octane installation is complete, and you have verified that the server is up and you can log into ALM Octane, perform the following:

  1. Stop the ALM Octane server.

  2. Add another node to the cluster that is not connected to the load balancer.

  3. Follow the instructions for installing ALM Octane on cluster nodes. For details, see Cluster installation flow.

  4. The ALM Octane site admin authenticates, and then updates the ROLE for this cluster node in the SERVER table using the REST API.

    PUT https://<server>:<port>/admin/servers
    
    {  "data": [
           {
               "role":"WORKER",
               "id":"<serverID>"
            }
        ]
    }
    

    For details on authenticating and working with the REST API, see Overview for developers.

  5. Start the ALM Octane server.

Back to top

See also: