System status
You can review the system status of the Axiomatics Services Manager through the Settings page.
Settings page
The ASM Settings page safeguards the ASM configuration needed for the system to operate. It provides information on faulty configurations and allows for many configuration steps to be performed through a GUI instead of by direct, low-level configuration.
This feature assists the administrator on initial installation of the product and provides continuous monitoring of the system's configuration throughout its lifetime.
Overview
The Settings page is designed to be non-intrusive and will only display when needed or requested. There are two different situations that lead to the display of the Settings page:
When a user logs in to ASM and the system encounters some configuration problem
When the Settings page is opened explicitly from the ASM web GUI.
Full access to the Settings page is controlled by a special role. See Access the Settings page below for details. For users without this role, a simplified, read only status screen displays in the ASM GUI when a configuration issue is encountered. See Summary page below for details.
Each setting monitored by the Settings page can be in one of the following states:
OK - The setting is verified to be good.
Warning - The configuration is not set properly or in the recommended way. However, this part of the configuration does not block the basic functionality of the application, and the user will be allowed to continue to the ASM main GUI.
ImportantAxiomatics strongly recommends not disregarding this warning, as the application may fail in different and unexpected ways even if it initially seems to work as expected.
Error - A configuration problem that prevents ASM from running at all.
Note that some settings are dependent on each other. A failure to connect to a database will cause other checks such as database schema to fail and may make the endpoint address check fail if the address is stored in the database.
Access the Settings page
In order to be able to use the Settings Page, a user must have the asm-admins role configured in the container in addition to the asm-users role that grants normal ASM administrative privileges. Without this, only a simplified, non-editable status summary screen will be displayed.
Summary page
The Summary page contains a read-only overview of the settings and configurations that are managed through the Settings Page.
The Summary page will be displayed in two different cases:
When the Summary page is explicitly accessed from the Settings Page
When the Settings Page is accessed by a user without the asm-admins role assigned
The figure below shows the Summary page accessed by a user with the asm-admins role assigned. A user with only an asm-users role assigned will see a slightly less detailed summary.
Click the "TXT file" button to save the status page content as a text file.
Managed settings
Environment configuration
The "Environment Configuration" step verifies that there is a writeable Temporary folder and a [USER_HOME] folder for the ASM application. These are needed for persisting configuration and temporary data.
No changes can be made to this configuration from the Settings Page and it will only report on the system configuration.
A faulty environment configuration will prevent ASM from running.
Memory configuration
The "Memory Configuration" step performs a check to verify that the container memory settings are meeting the minimum recommendation.
Invalid memory settings do not prevent ASM from running but are unsupported and strongly discouraged, as Out-Of-Memory errors can occur asynchronously at a later time when certain operations are performed.
PermGenSpace is a legacy parameter from when ASM was run on Java versions prior to verson 8. From Java version 8, PermGenSpace size is not a valid memory setting parameter as it has been deprecated in 8 and later versions of Java. Consequently, its value will appear as Not Applicable (N/A).
License configuration
The "License Configuration" step checks for a valid ASM license file.
Beginning 60 days prior to a license's expiration, a warning will appear in the License plugin on the Settings Page. If pop-up warnings are enabled, an expiration warning will also be generated every time the user logs into the ASM UI. Warnings will indicate the number of days left till the license expires. A warning will also appear daily in the server logs.
Absence of a valid license file will prevent ASM from running.
License update
Update the ASM license as follows:
- Docker
- Kubernetes
If no file is found or an existing file needs to be replaced, a license file can be uploaded by clicking the upload license button or by dragging and dropping the license file on the upload area.
A license file set through this page will be stored in the [USER_HOME] folder of the ASM application.
After setting a license file through the Settings Page, the user must log out and back in again to continue working with the Settings Page or the ASM GUI.
Delete the outdated license secret:
kubectl delete secret asm-license --namespace axiomatics-asm
Copy the license file to a directory of your choice.
Launch a terminal window in this directory and run the following command:
kubectl create secret generic asm-license \
--from-file=axiomatics_ASM.license \
--namespace axiomatics-asmRestart ASM with the following command:
kubectl rollout restart deployment.apps/asm -n axiomatics-asm
Execution service
The "Execution Service" step contains information about the WorkExecutor parameter, which is a mandatory part of the Resource environment references configuration.
Database connection
The "Database Connection" step shows whether the ASM's database connection has been properly configured.
An invalid database connection will prevent ASM from running.
Truststore configuration
The "Truststore Configuration" step contains information about the location of the Truststore file.
This page tells the user whether a valid truststore is set for the ASM application. The truststore is needed for setting up secure SSL/TLS-based communication to PDPs.
Truststore verification will only verify that a truststore is available and possible to open. No check is made to verify that the CA certificates needed for SSL/TLS communication are present.
An invalid truststore configuration will allow ASM to be run but is strongly discouraged, as it will not be possible to create a secure communications channel with managed PDPs.
System upgrade
The "System Upgrade" step shows a warning if the database which the ASM is pointed to is for an older product version and will then prompt you to perform an explicit upgrade of the database.
Under normal operating circumstances, the same version will be shown for the database and ASM itself and no action is needed.
This step is required as it will perform necessary updates and conversions to the ASM database.