Skip to main content
Version: 7.2

Additional configuration

This page contains additional configuration for the Axiomatics Services Manager (ASM) that you may need to consider.

Disable or enable the Dashboard

Axiomatics Services Manager (ASM) offers the Dashboard functionality using an InfluxDB instance, which can be disabled or enabled depending on your needs.

Disable the Dashboard

Using the console:

  1. Navigate to the docker/ folder and stop ASM.

    docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml down

  2. Restart ASM.

    docker-compose up

    This starts ASM without InfluxDB and with the Dashboard functionality disabled.

Enable the Dashboard

Using the console:

  1. Navigate to the docker/ folder and stop ASM.

    docker-compose stop

  2. Restart ASM.

    docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml up

    This starts ASM with InfluxDB and with the Dashboard functionality enabled.

Enable cluster-level logging

By default, ASM uses node-level logging where all service containers send their logs to standard output (stdout). The pod logs are temporarily stored in the pod's node and are retained on container restarts but are evicted on pod restarts.

To overcome this limitation, you can enable cluster-level logging on a Kubernetes (k8s) cluster. This type of logging is independent of nodes and pods lifecycle and it requires a separate backend to store, analyze, and query the logs. The logs are collected from all the pods and sent to a separate service.

  1. In case you don't have an ELK environment running, follow the instructions in Elastic documentation to create one locally, using Docker.

  2. Create a k8s secret with the Elasticsearch credentials.

    Important

    Replace <LOG_ANALYTICS_USERNAME> and <LOG_ANALYTICS_PASSWORD> with your credentials.

    kubectl create secret generic elasticsearch-credentials \
    --from-literal=username=<LOG_ANALYTICS_USERNAME> \
    --from-literal=password=<LOG_ANALYTICS_PASSWORD> \
    --namespace kube-system

  3. Open the kubernetes/asmcharts/values.yaml file and set the following:

    ParameterValue
    enableFluentdElasticsearchLoggingtrue
    clusterLogging.hostThe host of the Elasticsearch service.
    In case of a local k8s installation, use host.docker.internal.
    clusterLogging.portThe port for the logging service.
    The default port for Elasticsearch is 9200.
    clusterLogging.schemehttps

  4. Upgrade the Helm charts.

    helm upgrade -n axiomatics-asm asm -f asmcharts/values.yaml asmcharts

Update Attribute Connectors

ASM is installed with a default set of standard Attribute Connectors. However, the Attribute Connectors are developed, maintained, and released independently of releases of ASM. New and updated versions may be released and made available for download at any time.

Contact Axiomatics Customer Support for information on latest versions and available downloads.

Standard Attribute Connector versions

This release of ASM is delivered with the following versions of the standard Attribute Connectors:

  • LDAP Attribute Connector 6.3.0
  • SQL Attribute Connector 6.2.2
  • Table Attribute Connector 7.0.0
Important

Earlier versions of the Attribute Connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the Attribute Connectors may be released, which may be installed and used with this version of ASM subject to compatibility information for each attribute connector, respectively.

LDAP Attribute Connector

The LDAP Attribute Connector is used for connection to LDAP data sources. It is already deployed and does not need further installation.

SQL and Table Attribute Connectors

The SQL Attribute Connector and the Table Attribute Connector are both used for connections to SQL data sources. The functionality of the Table Attribute Connector is slightly more restrictive than the SQL Attribute Connector, but it is easier to configure. For more information about the differences between the attribute connectors, read the Attribute Connectors section.

Only the JDBC connection type is supported for the SQL Attribute Connector and the Table Attribute Connectors.

Update Standard Attribute Connectors

If an updated version of an attribute connector is released, it is easy to check against what is already installed and decide whether an update is required. (See Standard Attribute Connector versions for the versions that are included in this ASM release.)

Refer to the documentation accompanying each attribute connector for more information on changes and functional updates in new releases.

note

The commands for the update are different depending on whether ASM is running with the Dashboard functionality enabled or not.

Update the Attribute Connector(s) with the Dashboard functionality enabled

  1. Extract the contents of the downloaded attribute connector distribution file(s) in the file system and locate the Attribute Connector jar file(s). (See the included documentation for more information.)

  2. Stop ASM if it is running. In the console, navigate to the docker/ folder and run the command

    docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml stop

  3. In a second file system window, navigate to <root path>/docker/asm.core/attribute.connectors/.

    There you will find a folder for each of the Standard Attribute connectors, plus one for custom Attribute Connectors.

  4. Copy the updated Attribute Connector .jar file(s) to the relevant folder(s).

    For example, the sql-attribute-connector-<version>.jar would go into the <root path>/docker/asm.core/attribute.connectors/sql-attribute-connector folder, etc.

  5. From the docker/ folder in the console, run the command 

    docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml build --no-cache asm

    This will rebuild the Docker image that contains the attribute connectors.

  6. Also from the docker/ folder, run the command

    docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml up

    This restarts ASM, which will now use the new Attribute Connector(s), and the Dashboard functionality is enabled.

Update the Attribute Connector(s) with the Dashboard functionality disabled

  1. Extract the contents of the downloaded attribute connector distribution file(s) in the file system and locate the attribute connector jar file(s). (See the included documentation for more information.)

  2. Stop ASM if it is running. Navigate to the docker/ folder and run the command

    docker-compose stop

  3. In a second file system window, navigate to <root path>/docker/asm.core/attribute.connectors/

    There you will find a folder for each of the standard attribute connectors, plus one for custom attribute connectors.

  4. Copy the updated attribute connector .jar file(s) to the relevant folder(s).

    For example, the sql-attribute-connector-<version>.jar would go into the <root path>/docker/asm.core/attribute.connectors/sql-attribute-connector folder, etc.

  5. From the docker/ folder in the console, run the command

    docker-compose build --no-cache asm

    This will rebuild the Docker image that contains the Attribute Connectors.

  6. Finally, also from the docker/ folder, run the command 

    docker-compose up

    This restarts ASM, which will now use the new Attribute Connector(s).

note

The attribute connectors can be updated individually. If an Attribute Connector folder under docker/asm.core/attribute.connectors/ is empty, the deployed ASM will continue to use the Attribute Connector that was included in the release. The folder custom-attribute-connectors is rescanned on every start to reflect the folder content.

Custom Attribute Connectors

When a custom Attribute Finder has been set up on the PDP (Policy Decision Point) side, the same Attribute Finder package must be made available to ASM as an attribute connector so that it shows up in the list of available Attribute Connector types that can be chosen in the ASM GUI.

Attribute Finders are built for the Java ServiceLoader.

note

Legacy Attribute Finders created for the JSPF plugin framework are supported for use with the current release, but Axiomatics strongly recommends converting them to the Java ServiceLoader mechanism.

Add a Java ServiceLoader Attribute Finder

An Attribute Finder built for the Java ServiceLoader can be plugged into the ASM system by following these steps:

  1. Stop ASM if it is running. Navigate to the docker/ folder and run the command

    docker-compose stop

  2. Navigate to <root path>/docker/asm.core/attribute.connectors/custom-attribute-connectors

  3. Copy the the Attribute Finder (that is, the custom attribute connector .jar file) to this folder.

  4. Restart ASM with the Dashboard functionality either enabled or disabled, as described above.