Synchronizer management

Configure trust with a secure database

If your environment includes a secure connection to your ALM Octane Synchronizer database, you need to establish trust.

  1. Import the certificates from the database to the JAVA_HOME cacerts, as described in the section Configure trust.

  2. In the Synchronizer configuration file, edit the connectionString property as follows.

For Oracle:

Define the connectionString parameter similar to the following:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=oracle.dbserver.com)(PORT=ssl_port))(CONNECT_DATA=(SERVICE_NAME=your_service_name)))

For MSSQL:

SQL Server Scenario Instructions
SSL/TLS is required

Add the encryption method to the end of the connectionString value.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=true

SSL without certificate validation

When using SSL, disable validation of the certificate sent by the database server. Add the encryption method to the end of the connectionString value, and apply the certificate into the java certs file located under <JAVA_HOME>\jre\lib\security\certs.

jdbc:sqlserver://<server>:<port>;encrypt=true;trustServerCertificate=false;trustStore=<Java Certs file>;trustStorePassword=<JKS password>

Configure trust

Configure trust on the Synchronizer Service server when you need to connect to any other server over a secure channel.

  1. Obtain the certificate of the root and any intermediate Certificate Authority that issued the remote server certificate.

  2. Import each certificate into the java truststore using a keytool command. For example:

    cd $JAVA_HOME/bin
    ./keytool -import -trustcacerts -alias <CA> -keystore ../jre/lib/security/cacerts -file <path to the CA certificate file>

Configure a secure connection to the Synchronizer service

  1. Prepare a java keystore file with your server certificate, and copy it to the Synchronizer server.

    Make sure the user configured to run the Synchronizer service has access rights to this file.

  2. In the sync.yml configuration file fill in the properties httpsPort, keystorePath, and keystorePassword, as described in Synchronizer parameter reference.

  3. Restart the Synchronizer service for the changes to take effect.

    If the service does not start, check the wrapper.log file for errors.

To disable https, comment out the httpsPort property in the sync.yml file. and restart the service.

Running the Synchronizer service on OpenJRE

If running OpenJDK is not possible in your environment, you need to reconfigure the Synchronizer service.

  1. Within <sync_install_dir>/wrapper, edit the wrapper-common.conf file.

  2. Add a new line:

    wrapper.java.additional.<number>=-Dorg.apache.jasper.compiler.disablejsr199=true

    where <number> is the next line number that is available in the file.

    Example:

    wrapper.java.additional.43=-Dorg.apache.jasper.compiler.disablejsr199=true

  3. Restart the Synchronizer service.

Uninstall the Synchronizer

From /opt:

  1. Run /opt/sync/install/uninstall.sh

  2. Run rm –rf /opt/sync