Runtime Settings

After registering the runtime with your tenant, you can login to the Runtime and access the Settings page to configure the setup of the runtime.  There are several settings available that are described in this section. After adjusting the settings, the runtime container will need to be restarted.

Manage SSL

The SSL portion of the Settings view slows you to manage what certificate the runtime uses for its HTTPS connections.  On initial launch, the runtime will use a built-in self-signed certificate to encrypt the connection.  This self-signed certificate will generate warnings in the browser about being untrusted.  You can install a custom certificate for the runtime if desired.

Upload SSL Certificate

Uploading an SSL Certificate allows you to provide a custom certificate that the runtime should use for its SSL connections instead of the built-in self-signed certificate.  You will need to provide the runtime with a PKCS#12 keystore (i.e. PFX file) and corresponding password containing the certificate and key that it should use.

1. Click the Upload SSL Certificate button
2. In the Provide SSL Certificate dialog, select the SSL Keystore File containing the certificate and keys you wish to use.  This keystore should be a PFX file.
3. Enter the password for the Keystore File.
4. Click the Provide SSL Certificate button to submit the keystore and password.  The runtime will verify that the keystore is the correct format and that the password is correct.  If everything is correct, the keystore will be stored and the runtime will update its configuration to use SSL.
5. The runtime will display a banner at the top of the page reminding you to restart the runtime to enable the new configuration.
   1. docker restart datashyft  

Remove Provided SSL Certificate

If you have provided a custom SSL certificate for the runtime, you have the option to remove it and revert to the built-in self-signed certificate.  Disabling it will delete the keystore containing the custom certificate and key.

1. Click the Temove Provided SSL Certificate button.
2. In the confirmation dialog, confirm the intent to remove the provided SSL certificate.  The runtime will delete the keystore used for the SSL connections and update the configuration to disable SSL.
3. The runtime will display a banner at the top of the page reminding you to restart the runtime to enable the new configuration.
   1. docker restart datashyft  

After disabling SSL, you should restart the runtime container and close the tab.  The runtime’s management interface can be accessed from the System view on your DataShyft Tenant by clicking the Manage System button.

Update SSL Certificate

If you have provided a custom SSL certificate, you will need to update the certificate periodically before it expires.  

1. Click the Update SSL button.
2. In the SSL dialog, select the SSL Keystore File containing the certificate and keys you wish to use.  This keystore should be a PFX file.
3. In the SSL dialog, enter the password for the Keystore File.
4. Click the Update Certificate button to submit the keystore and password.  The runtime will verify that the keystore is the correct format and that the password is correct.  If everything is correct, the keystore will be stored.
5. The runtime will display a banner at the top of the page reminding you to restart the runtime to enable the new configuration.
   1. docker restart datashyft  

After updating the SSL keystore, you should restart the runtime container and close the tab.  The runtime’s management interface can be accessed from the System view on your DataShyft Tenant by clicking the Manage System button.

Whitelist

Access to the Runtime can be limited using the built-in Whitelist Filtering functionality.  This functionality allows you to specify which IP addresses are allowed to access the Runtime.  These settings can be modified via the Runtime Management Interface.

1. Log in to the Runtime Management Interface via the Manage System button on the DataShyft Portal’s System tab.
2. Select the Settings tab in the Runtime Management Interface.
3. Edit the Whitelist to specify the IP Addresses/CIDRs that you wish to allow to connect to the runtime.

Note: The IP Filtering will always allow traffic from the DataShyft platform.  This is required to maintain communication between the tenant and the runtime.

Note: It is possible to provide a well-formed but incorrect Whitelist configuration that will disallow admins from connecting to the Runtime Management Interface – if this happens, please follow the instructions below to manually update the value within the DataShyft Customer Runtime Container

Manual Whitelist Configuration

To configure these limits manually, you must edit the datashyft-config.properties file inside the Docker container.

Edit the datashyft-config.properties  file by running the following command:

1. Copy the config file to the local system
   1. docker cp datashyft:/datashyft-config/datashyft-config.properties ./datashyft-config.properties  
2. Edit the datashyft-config.properties file using your preferred editor.
   • Update the IP_FILTER_PATTERN setting to specify the network IP addresses or CIDRs that you wish to allow.
3. Copy the modified config file back into the container
   1. docker cp ./datashyft-config.properties datashyft:/datashyft-config/datashyft-config.properties  
4. Restart the Runtime container
   1. docker restart datashyft  

Note: The IP Filtering will always allow traffic from the DataShyft platform.  This maintains communication between the tenant and the runtime.

Deployment Bridge Port

The Deployment Bridge port specifies the port that other runtimes should use to connect to components on this runtime. This is used to tell the runtime about any port mapping done when setting up the container.  It should be set to the host port that was mapped to port 32100   when the runtime was created.  

Memory

The memory settings are used to specify the initial and maximum memory sizes for the Runtime. The defaults are an initial memory size of 512M  and a max memory size of 2G . Care should be taken when adjusting these values to ensure that you do not over allocate the memory as that can result in the Runtime running out of memory and crashing.

Managing Local Credentials

Runtimes can be given credentials for accessing resources used by Blueprints and Deployments.  These credentials are managed using the Runtime Management Interface.

1. Navigate to the Systems List on your DataShyft tenant and select the system you wish to manage.
2. Click on the Manage System button in the side panel.
3. Enter your username and password and click Login.  You will be directed to the Registration Information page.
4. Click on the Credentials tab in the Navigation Bar.
5. You can add, modify, and remove credentials from this tab.

To Add a Credential to the Runtime:

1. Click the Add Local Credential button.
2. Select the type of credential you wish to add.
3. Set the Display Name of the credential.
   1. Credentials are assigned to Resources by name.  If a local credential has the same name as one defined on the DataShyft platform, the local credential will be used instead of the global one.  This allows special permissions to be given to components accessing a resource from this runtime vs from another runtime.
4. Specify the required credential fields (e.g., username and password).

To Modify a Credential on the Runtime:

1. Click the existing credential in the list.
2. In the side panel, edit the credential fields (e.g., username and password).
   1. The display name of a credential cannot be changed once created.  If you need to rename a credential, create a credential with the new name and copy the values into it, then delete the credential with the old name.
3. Click the Update Credentials button.

To Delete a Credential from the Runtime:

1. Click the credential in the list.
2. In the side panel, click the Delete button.
3. Confirm the deletion of the credential.

Note: If there isn’t a corresponding Cloud Credential of the same name as the deleted credential, then any Resources that uses the deleted credential will not work and Blueprints that use those Resources cannot be deployed.  Already running Deployments are not affected.

Adding Additional Libraries

Some DataShyft Customer Runtimes may need additional libraries to support specific blueprints.  The most common kind of library that needs to be installed is a JDBC library for a database.  To install additional libraries, follow these steps.

1. Navigate to the Systems List on your DataShyft tenant and select the system you wish to unregister.
2. Click on the Manage System button in the side panel.
3. Enter your username and password and click Login.  You will be directed to the Registration Information page.
4. 4.     Navigate to the Libraries tab and Click the Add Library button.
5. Click the Choose Files button and select the JAR files you wish to upload, or drag and drop the JAR files into the designated area.
6. Click the Upload Library button.
7. Restart the DataShyft Customer Runtime Docker container so that the new libraries are loaded into the runtime.  
   1. docker restart datashyft