Configurable Settings - Java Agent Controller on Linux for Dynamic Analysis



How to apply changes to the Controller environment

Changes in the installation.yaml can be applied by running the install script or the upgrade script. Note that re-running the install script will delete any information that would have been stored previously.


Required fields in installation.yaml

Variable Name
Key Value
Explanation of the Variable and Key Values
controller.name String This will be the identifier used in the VF Server UI. So, this should be as precise a name as possible, e.g. "UAT Viper" or "Prod App1"
controller.host String The controller.host is the address that the vFunction Server address with which the Controller will connect. The value needs to start with http:// or https://. The value can be an IP Address or a FQDN
controller.org_id
controller.app_id
controller.client_id
controller.client_secret
Strings Once the Server is installed, the Admin can log into the UI and create the App. In the UI's Install Controller dialog box, the YAML values for the org_id, app_id, client_id and client_secret will be displayed. The values for this YAML file should be copied for the Server UI to here
controller.type String "java"
controller.jolokia_port Integer Used by the VF Agent to communicate internally with the VF Controller process. This only needs to be modified if multiple instances of a Controller are running on the same Server
agent.application_server String The potential strings that can be used are: weblogic, websphere85, websphere9, was-liberty, tomcat, wildfly, payara, jeus, liberty, other
agent.application_java_version Integer By default, the value here is assumed to be "8" if this key is left commented out. Uncomment the key and change the value to "11" or "17" based on the Java version used by the App

Sample with required fields in installation.yaml

controller:
  name: Prod App1
  host: http://10.0.0.143
  org_id: 3cf59199-0a0a-0a0a-0a0a-7c63ffac776e
  app_id: 7b1ab58d-0a0a-0a0a-0a0a-098a113ad721
  client_id: 20761b99-0a0a-0a0a-0a0a-94c2e0bc1859
  client_secret: 6b5b7bc1-0a0a-0a0a-0a0a-2bd10db75e2f
  type: java
  jolokia_port: 8778
  instrconf_additions:
    inclusions:
    exclusions:
server_application:
agent:
  application_server: tomcat
  application_java_version: 11
  override_properties:
viper:
  port: 8090
  archives:
    - /opt/dummy
  stored_procedures:
  spring:
    custom_context_roots:
    root_bean_classes:

Optional fields in installation.yaml


agent.override_properties
Installation.yaml Configuration
Details
agent:
   override_properties:
      - com.vfunction.runtime.config.aop.xml.db.tracking.enabled=true
      - com.vfunction.runtime.config.aop.xml.db.tracking.jdbcdriver.enabled=false
  • The vfunction-runtime-override.properties define the vFunction Agent's runtime parameters. Changes to this file can be applied in a persistent way via the installation.yaml's agent.override_properties field
  • Any key and value can be taken from the vfunction-runtime-override.properties and added into this installation.yaml field
  • Add new values as a list of Strings

controller.client_certificate
Installation.yaml Configuration
Details
controller:
   client_certificate:
      crt: |
         -----BEGIN CERTIFICATE-----
         ...
         -----END CERTIFICATE-----
      key: |
         -----BEGIN PRIVATE KEY-----
         ...
         -----END PRIVATE KEY-----
  • Adding a Client Certificate and Key to the Controller allows for the vFunction Server and Controller to have some form of verification
  • The Controller loads and sends the Client Certificates to a Server that verifies the source of the traffic. That Server could be set up as an intermediary that manages token validation, such as an IBM DataPower Gateway, before being sent onto the vFunction Server
  • The vFunction Nginx Container could also be configured to "ssl_verify_client on" and point to the Client Certificate which would be loaded on the Nginx Container's filesystem somewhere like /etc/nginx/certs/ca.crt
  • Note that the indentation must be maintained when copy-and-pasting the Certificate and Key into the installation.yaml

controller.instance_id
Installation.yaml Configuration
Details
controller:
   instance_id: containerized
  • Used for containerized vFunction controllers
  • Can be set to any String value (e.g., ID1234)
  • Used to prevent an ongoing increase in the number of Down Controllers in the vFunction Server UI's Select Controllers page when Controllers are down
  • Maps a restarted controllers (i.e., a container that went down and came back up) with a controller in the down state that has the same ID

controller.instrconf_additions
Installation.yaml Configuration
Details
controller:
   instrconf_additions:
      inclusions:
         # - a.b.c.
      exclusions:
          - com.vfunction.newmodule.
  • This field acts like an additional filter to include or exclude some part of an application's Namespace
  • The exclusions are useful when separating out modules from a monolith. For example, if the monolith uses com.vfunction. as the top-level Namespace but com.vfunction.newmodule. has been removed from the monolith. In this scenario, it may not be useful to conduct Learning nor Analysis on the newmodule's code so adding it to the exclusions would filter it out of the Learning

controller.jolokia_port
Installation.yaml Configuration
Details
controller:
   type: java
   jolokia_port: 8779
  • If the jolokia_port identified is in use, change the port to use an unused port.

controller.tags
Installation.yaml Configuration
Details
controller:
   tags:
      - applicationName
      - moduleName
  • Tags can be used during Learning to make sure that Learning occurs on one or all Controllers with a specific Tag. This ensures that, even if a Controller with a specific UUID goes down, Learning will still occur on live Controllers with the desired Tag name
  • See Controller Tags for more details

Global.yaml Settings

Overview

The installation.yaml defines the settings for individual instances. The global.yaml defines the settings for all instances in the environment. The settings in the global.yaml are distinct from the settings in the installation.yaml

Location of Global.yaml
  • Root / Sudo Installation: /etc/sysconfig/vfunction/installation/global.yaml
  • Sudoless Installation: BASE_DIRECTORY/vfunction/etc/sysconfig/vfunction/installation/global.yaml
Optional Global.yaml Settings

agent.use_java_6_or_7_jre
Global.yaml Configuration
Details
agent:
   use_java_6_or_7_jre: true
  • Uncomment this value to change from the default value of "false"to the value "true"
  • Setting this value to "true" will allow the installation to use a distinct vFunction Agent version intended for Applications that run on Java 6 or 7
  • Leaving this value as "false" or commented out will allow the installation to use the vFunction Agent intended for Applications that run on Java 8, 11 or 17

viper.use_machine_java_for_viper
Global.yaml Configuration
Details
viper:
   use_machine_java_for_viper: true
  • With this value set to "false" or commented out, the vFunction installation installs its own version of Java in order for the Viper process to run
  • If uncommented and set to "true", the vFunction installation will use the Java version running on the machine where the installation is run