Using Configuration Actions

Learn about configuration actions available in the Akana Administration Console.

Using Admin Console Installing Tools Installing Plug-ins

Configuration Categories (PDF)

Table of Contents

  1. Introduction
  2. Default Configuration Actions
  3. Policy Manager Configuration Actions
  4. Configuration Actions: full list

Introduction

This topic provides a summary of the configuration actions available in the Akana Administration Console (Configuration > Configuration Actions).

Some of these actions are required as part of installation and/or upgrade; some are actions that you might run in specific circumstances, as explained below.

Some of the configuration actions are only available if a specific product is installed. See notes for specific configuration actions.

Back to top

Default Installation Configuration Actions

At minimum, a container instance includes the following default configuration actions:

Default configuration actions

For information on these tasks, refer to:

Back to top

Policy Manager Configuration Actions

The following configuration actions are added to the Configuration Actions list as part of the Policy Manager Services feature installation.

For information on these tasks, refer to:

Back to top

Configuration Actions: full list

Configuration Actions list For information on these tasks, refer to:
Full list of configuration actions

Back to top

Manage Admin Console Administrator

The Manage Admin Console Administrator task runs the Manage Administrator Wizard, as shown below.

Change Administrator Details

This allows you to set up, or change, the details about the Akana Admin Console Administrator. For example, use this task if you need to change the username and password for the Administrator.

You'll need the old password in order to make any changes.

To complete the Manage Admin Console Administrator configuration action
  1. In the Akana Administration Console, click the Configuration tab.
  2. In the Configuration Actions section, choose Manage Admin Console Administrator. The Change Administrator Details page appears.
  3. To change the username, type the new value in the Username field.
  4. To change the password, type the old and new passwords and confirm.
  5. Click Finish.

Back to top

Manage PKI Keys

The Manage PKI Keys wizard is executed as either an installation task or configuration action for the Network Director and various Agent features. The wizard allows you to configure the private key and certificate for the container, for use when communicating with a governance console.

Manage PKI Keys

This wizard has the following sections:

PKI Keys Details
Displays the public key that has been generated and assigned to the object. If keys have not been generated and assigned, the None Found message displays.
Certificate Details
Displays a summary of information for the certificate assigned to the current object. Assigned certificates can be generated or imported using this wizard. Certificate information presented includes Subject DN, Issuer DN, Serial Number, Effective Date, and Expiration Date. If a certificate has not been assigned, the None Found message displays.
Key Management Options
Provides functions for performing key and certificate management for the current object. Option categories include Generate, Import, Export, and Delete. Available objects are displayed in focus and are based on the object's configuration state.
Select a Key Management Option and click Next to continue. The pre-selected option is the assigned default. For more information about each option, refer to Managing Keys.

For an example of how this task fits into the installation process, see Installation wizard: Manage PKI Keys (installation doc for version 8.4x).

Back to top

Add Database

The Add Database configuration option is available:

  • During Policy Manager installation: As part of the initial configuration process for the Policy Manager Services feature, you'll see the Configure Database Options Wizard > Select Database Option page.
  • In the Akana Administration Console for the container, on the Configuration Actions list.

Add Database

Use this action to perform the following actions:

  • Create new database—Creates a new Policy Manager database and associated properties based on the selected database type.
  • Use existing database—Uses an existing Policy Manager tablespace, and retains all tables created by any previous installation.
  • Use JNDI datasource—When available, allows you to connect to a database from a server using the datasource name. Note: This option is currently unavailable and is for embedded implementations only (versions prior to 2018.0.0 only).
Manually Installed Schemas

If the database and schemas have been manually installed, or you're setting up a subsequent container in the same installation, or upgrading, choose Use existing database. When the Manage Schemas Wizard displays, the schemas that were manually installed are displayed in the Installed Schemas section. To complete the configuration, click Finish.

Database Configuration Options

In the Database Options section, select a database option and click Next to continue. A summary of property information is presented below for the Create new database and Use existing database options.

Select the database type and complete the database configuration.

Option Name Content
Database Details

Database Type—Select the database type (MS SQL Server, MySQL, Oracle SID, Oracle Service Name, or DB2).

Name—The database name.

Administrator Details

Admin Username—The username for the database administrator.

Admin Password—The password for the database administrator.

Note: You must supply the username and password of a user with sufficient privileges to create a new tablespace, such as a DBA.

Database Properties
MS SQL Server

Hostname—The name or IP address of the computer that is hosting the database. Default entry = {computer_name}.

Port—Enter a port number. Port 1433 is the default port assigned in a standard SQL Server installation.

Named Instance—Use this if you've set up separate SQL Server databases and would like to use a specific instance to store Policy Manager data.

Database—The name for the database. For simplicity, it's best to use a short, clear name with no special characters.

Username—Username for database access.

Password—Password for database access.

Note: If you are using MSSQL, you'll need to configure an additional quartz trigger property after you configure the database.

MySQL

Hostname—Enter the name or IP address of the computer that is hosting the database. Default entry = {computer_name}.

Port—Enter a port number. Port 3306 is the default port assigned in a standard SQL Server installation.

Database—The name for the database. For simplicity, it's best to use a short, clear name with no special characters.

Username—Username for database access.

Password—Password for database access.

Oracle SID

Username—Username for database access.

Password—Password for database access.

Hostname—Enter the name or IP address of the computer that is hosting the database. Default entry = {computer_name}.

Port—Enter a port number. Port 1521 is the default port assigned in a standard Oracle installation.

SID—Enter an existing Oracle instance.

Tablespace—Enter a valid name for the new tablespace.

Oracle Service Name

Username—Username for database access.

Password—Password for database access.

Hostname—Enter the name or IP address of the computer that is hosting the database. Default entry = {computer_name}.

Port—Enter a port number. Port 1521 is the default port assigned in a standard Oracle installation.

Service Name—Enter an instance alias.

Tablespace—Enter a valid name for the new tablespace.

DB2

Hostname—Enter the name or IP address of the computer that is hosting the database. Default entry = {computer_name}.

Port—Enter a port number. Port 50000 is the default port assigned in a standard SQL Server installation. Note: Port 50000 is the default port assigned to a standard DB2 installation.

Database—The name for the database. For simplicity, it's best to use a short, clear name with no special characters.

Username—Username for database access.

Password—Password for database access.

Tablespace—Enter a valid name for the tablespace. Make sure the name is unique for your database; if you create a tablespace with the same name as an existing tablespace, the new one completely overwrites the existing one.

Buffer Name / Is new buffer?—DB2 caches database tables and indexes in buffer pools. To use a DB2 buffer to manage server performance, specify the buffer name. The specified buffer will access the appropriate tuning script to obtain pool size information.

If you want Policy Manager to create a buffer, check the Is New Buffer checkbox and enter a name for the buffer. Policy Manager creates a new DB2 buffer and assign a default size of 32K. You can then use the DB2 Control Center to update the buffer configuration.

Note: The DB2 tablespace creation process requires that a buffer is created. Configuring a Buffer Name is supported only when creating a new database. For an existing database, you can modify the pool size of the existing buffer, but you can't change the buffer name.

Pool Configuration

Choose from the pool configuration values below. Default values represent those used for a typical configuration.

  • Max Pool Size—The maximum number of active connections that can be allocated from this pool at the same time. A negative value indicates that there is no limit. Default: 30.
  • Min Pool Size—The minimum number of connections that can remain idle in the pool, without extra ones being created. A value of zero (0) indicates that no extra connections will be created. Default 5.
  • Max Wait Time—The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception. A value of -1 indicates an indefinite wait. Default 30,000.

For an example of how this task fits into the installation process, see Installation wizard: Add Database (installation doc for version 8.4x).

Database Password Encryption

Two database connection properties, encryptValues and encryptionMethod, work together to define how the database connection password is encrypted.

Configuration properties: encryptionType

The rules are as follows:

  • If the encryptValues property is defined and set to false, the password is stored as plain text. This property is not added by default. If you want to use this mode, you must add the property. However, since this leaves the database password unencrypted in the configuration file, this option is not recommended.
  • If the encryptValues property does not exist, the default value is true.
  • if the encryptValues property is true (either not defined, in which case the default is true, or defined with a value of true) the encryptionType field is used. There are two possible values for this field:
    • PKI
    • SK
  • If the encryptValues property is true and the encryptionType field is PKI, the password field is very long. The value is the RSA-encrypted value of the plain text password, encrypted with the container identity public key. A side-effect of this option is that if someone changes the container identity certificate, the database password field must be changed even when the database connection password did not change. To find the encrypted value of the database password, run the encryptContainerData script located in the scripts folder. Run this script to find the encrypted password, and then and then copy that encrypted password into the Akana Administration Consolve to the field for the database password and save.
  • If the encryptValues property is true and the encryptionType is SK, this means that a proprietary algorithm is in use for encrypting the database password without using the container identity certificate. The advantage of this option is that if the container identity certificate changes, but there is no change to the database connection password, you don't need to change the database configuration. This option uses a password to save the encrypted password and also uses a passwordHash to save the hash of the password. The disadvantage is that there is no way to retrieve the encrypted value and hash of for the password. In this scenario, you could change encryptionType to PKI. Another option is to change encryptValues to false, but that is not secure. Another option is to delete the database connection and create a new one using the new password.

Back to top

Configure WS-MetadataExchange Options

Connecting to the Metadata Exchange Service enables communication between the current Akana container instance and Policy Manager, to retrieve key information such as service hosting and database details).

The WS-MetadataExchange Options task allows you specify the URL of the Policy Manager Metadata Exchange Service.

 Specify Metadata Import Options

Specifying the WS-MetadataExchange URL is a required installation task for configuring Network Director and for other Agent-based features.

In Policy Manager, you can find the URL by looking at the Service Descriptor Document of the Metadata Exchange Service. For high availability, you can specify multiple URLs, with a comma separator.

For an example of how this task fits into the installation process, see Installation wizard, ND container: Configure WS-Metadata Exchange Options (installation doc for version 8.4x).

Back to top

Force Configuration Refresh

The Force Configuration Refresh task forces the container to reconfigure itself with configuration information from Policy Manager. Normally, the container polls periodically for configuration changes. However, if you feel that a configuration change was not updated by the container, or that the polling interval is longer than is desired to pick up a needed configuration change, you can use this task to force the reconfiguration update.

Force Configuration Refresh

Two options are available:

  • Refresh from Startup—Forces the container to refresh its configuration, as it would normally from startup. All configuration information for the container is retrieved from Policy Manager.
  • Refresh from Date—Forces the container to refresh its configuration only with changes since the specified date/time. For example, if a time five minutes earlier than the present time is entered, all changes in the last five minutes are retrieved from Policy Manager.

Back to top

Manage Schemas

The Install Schemas page allows you to manage schemas associated with the current container. Schemas add tables to the database used by the container and populate them with data.

Manage Schemas

This page has two sections:

  • Available Schemas—Displays a list of schemas that are available to install into the current container. To install an available schema, check the checkbox next to the schema line item and then click Finish.
  • Installed Schemas—Provides a list of schemas that are currently installed in the container. To uninstall a schema, check the checkbox next to the schema line item and then click Finish.

Note: When you select a schema, the system also installs all preceding versions of the selected schema, if they have not been previously installed. In this scenario, preceding schema versions are displayed in the Installed Schemas section of the Manage Schemas Wizard (accessible via the Configuration tab) after the installation is complete.

After the schema management process is complete, the Summary screen displays.

For an example of how this task fits into the installation process, see Installation wizard: Manage Schemas (installation doc for version 8.4x).

Back to top

Configure Elasticsearch Embedded Node

(versions prior to 2018.0.0 only)

If there are two Community Manager containers in your installation, you'll need to install the embedded Elasticsearch feature in both containers, and then configure the feature in both containers.

In this scenario, you'll need to decide whether you want to replicate the index in both containers or have it in only one container. Akana recommends configuring both containers, so that you have a failover for the index data.

For each container, you'll need to choose Configure Elasticsearch Embedded Node and configure the settings.

Configure Elasticsearch Embedded Node

For more information about Elasticsearch, see Installing and Configuring Elasticsearch (2018.0.0) or Installing and Configuring Elasticsearch (8.4x).

Back to top

Configure Elasticsearch Global Configuration

Instructions depend on the version:

Configure Elasticsearch Global Configuration (2018.0.0 and later)

You must install and configure Elasticsearch for the developer portal. For full instructions, see Installing and Configuring Elasticsearch (2018.0.0).

As part of installation or upgrade, you'll need to configure a couple of global settings. For instructions, see How do I configure Elasticsearch?

Configure Elasticsearch Global Configuration: Version 2018.0.0

For more information about Elasticsearch, see Installing and Configuring Elasticsearch (2018.0.0) or Installing and Configuring Elasticsearch (8.4x).

Configure Elasticsearch Global Configuration (versions prior to 2018.0.0)

When you install the Elasticsearch feature in 8.4x, the product runs in embedded mode by just accepting the default settings. You don't need to change anything. However, if you want to make changes, you can use this configuration action to set up or edit all the basic values that will apply to the Elasticsearch configuration across your entire implementation.

Configure Elasticsearch Global Configuration: Version 8.4

For Deployment Mode, choose Embedded (the default), Transport Client, or Client Only:

  • Embedded mode: Elasticsearch will be embedded in all cases. Define cluster name, specify the minimum number of master nodes, and indicate whether your installation is a multicast scenario (the client/server relationship is either 1 to many or many to many). Default cluster name: default_xxxxxx.
  • Client Only mode: the node will be in a cluster, but will not be a master node. Define cluster name, URL of the master host, and whether it's a multicast scenario.
  • Transport Client mode: the node will not be in a cluster, but will communicate with a cluster. Define cluster name and the Elasticsearch server URL.

Back to top

Set Lifecycle Repository Password

This configuration action allows you to set the superuser password for the Lifecycle Repository feature.

Setting up the superuser password

At the Set Lifecycle Repository Superuser Password page, type in the password, confirm, and then click Finish.

For an example of this task fits into the Lifecycle Manager installation process, see To configure the Lifecycle Manager feature on a container (Lifecycle Manager installation doc).

Back to top

Update CM API

If you're upgrading, and the new version includes changes to the CM API, you might need to complete the Update CM API configuration action as part of the upgrade process, in all containers where the Community Manager feature is installed.

Update CM API

If it's needed, this step will be included as part of the upgrade process. For example, this task is part of the upgrade from any previous version to version 8.4.

To complete the Update CM API configuration action
  1. In the Akana Administration Console, click the Configuration tab.
  2. In the Configuration Actions section, choose Update CM API.
  3. When done, click Close.

Back to top

Delete Elasticsearch Index

Note: This is only applicable to embedded Elasticsearch nodes (versions prior to 2018.0.0). If you're using external Elasticsearch nodes, you'll need to delete redundant indexes using the Elasticsearch commands or user interface provided by your external Elasticsearch engine.

You might need to delete an Elasticsearch index that you previously created; for example, if you configure an index and then change to use an index with a different name. If you have a search index that you no longer want to use, you'll need to delete it using the Akana Administration Console.

Delete Elasticsearch Index

For more information about Elasticsearch, see Installing and Configuring Elasticsearch (2018.0.0) or Installing and Configuring Elasticsearch (8.4x).

Back to top

Migrate OAuth Data to MongoDB

If you're migrating from RDBMS to MongoDB and you use OAuth, you'll need to run a data migration task, introduced in the upgrade to version 8.4.4, to ensure that OAuth tokens issued before the upgrade can still be used.

One reason you might want to migrate OAuth data to MongoDB is so that you can write OAuth tokens from multiple data centers to a local database. OAuth tokens and grants can be distributed globally, so that an API Gateway cluster in one data center will be updated with information about new tokens and grants in near realtime.

After migrating the data, you'll also need to update a configuration property and restart the container. Follow the steps below.

To migrate OAuth data to MongoDB
  1. In the Akana Administration Console for the Policy Manager/Community Manager instance, under Configuration Actions, run the Migrate OAuth Data to MongoDB task, as shown below.

    Migrate OAuth Data to MongoDB

  2. In the Akana Administration Console, click the Configuration tab.
  3. Under Configuration Categories, find the com.soa.oauth.provider.server category.
  4. Find the com.soa.oauth.provider.server.config.datasource property and change the value from JDBC to NOSQL.
  5. Click Apply Changes.
  6. Restart the Policy Manager/Community Manager container and then, when PM/CM is started, restart the Network Director container.

After updating this property, the server for the OAuth Provider is now the NOSQL database (MongoDB).

Back to top

Initialize Repository Database

This configuration action is useful in a scenario where an Akana API Platform install is using features that require Lifecycle Manager functionality, such as custom properties (requires download and install of a separate ZIP file) or API promotion.

Both these features require download and install of a separate ZIP file, and installation of the Lifecycle Manager extension.

Note: For Akana API Platform 8.4 installs using the Lifecycle Repository feature, the Lifecycle Manager database user requires specific additional grants when using MySQL. These grants are required for successful completion of the Initialize Repository Database configuration action; otherwise, the task fails.

For an example of how this task fits into the installation process, see Database notes: MySQL with Lifecycle Repository (installation doc for version 8.4x).

Back to top

Update OAuth API

This task updates the Provisioned OAuth Agent and Resource Server APIs.

Update OAuth API

Click Finish, review the summary, and then click Close to exit.

Back to top

Provisioning

As part of product installation, the Provisioning pending installation task opens the Provisioning wizard. This task Initializes resources associated with the features installed on the container.

Provisioning

For more information, and an example of how this task fits into the installation process, see Installation wizard: Provisioning (installation doc for version 8.4x).

For an example of how this task fits into the upgrade process, see Step 3-1: Post-Upgrade Tasks for upgrades to 8.4: Provisioning (upgrade doc for upgrading to version 8.4x).

Back to top

Rebuild CM Styles

As part of every upgrade, if you're using the developer portal, you'll need to complete the Rebuild CM Styles configuration action in all containers where the Community Manager feature is installed.

This makes sure that you have the latest style updates, for all themes and tenants.

Rebuild CM Styles

This step will be included as part of the upgrade process.

To rebuild CM styles
  1. In the Akana Administration Console, click the Configuration tab.
  2. In the Configuration Actions section, choose Rebuild CM Styles.
  3. When done, click Finish.

For an example of how this task fits into the upgrade process, see Step 3-4: Post-Upgrade Tasks: Rebuild CM Styles (upgrade doc for upgrading to version 8.4x).

Back to top

Synchronize Lifecycle Manager Data

In a scenario where you already have resources set up, such as apps, APIs, and business organizations, and want to back-populate your Lifecycle Manager library, you can use the Synchronize Lifecycle Manager Data configuration action.

For example, this might be used in a scenario where an existing Community Manager implementation is now going to start using the Lifecycle Manager feature.

This task is on the Configuration Actions list only if you have the Akana Lifecycle Coordinator feature installed.

Synchronize Lifecycle Manager Data

Back to top

Upgrade CM Models

If you're upgrading, and the new version includes changes to the CM model objects, you'll need to complete the Upgrade CM Models configuration action as part of the upgrade process, in all containers where the Community Manager feature is installed.

Upgrade CM Models

If it's needed, this step will be included as part of the upgrade process. For example, this task is part of the upgrade from any previous version to version 8.4.

To complete the Upgrade CM Models configuration action
  1. In the Akana Administration Console, click the Configuration tab.
  2. In the Configuration Actions section, choose Upgrade CM Models.

    Note: if you get an error after running this process, see Troubleshooting: error: "Some of the model objects are not updated" (upgrade doc for upgrading to version 8.4x).

  3. When done, click Close.

For an example of how this task fits into the upgrade process, see Step 3-2: Post-Upgrade Tasks for upgrades to 8.4: Upgrade CM Models (upgrade doc for upgrading to version 8.4x).

Back to top

Envision Only: Configure Envision TimeZone

For information about this configuration action, refer to the Envision installation doc: Installing Envision Versions 1.2 and later: Configuration Action: Configure Envision Timezone.

Back to top