Post Installation Configuration

After the Installer has completed successfully, there are still some steps remaining that the Installer cannot yet fulfill.

Remaining configuration

CMS - Email Channel

File: conf/cms-emailchannel/config.json

The email channel requires an SMTP server to be added to it’s configuration.

Shell

File: conf/shell/config.json

If the installation is located on a sub path (e.g. https://mopssys.com/mops4.0) then the subPath should reflect that. The MQTT configuration should also reflect this by changing it’s path, e.g. path: "/mops4.0/event.

Event Broker / Mosquitto

File: conf/mops-event-broker/eventbroker.conf

When running Mosquitto as a Service, it is not possible to use log_dest stdout. It should be disabled by default, but if it isn’t then make sure that line is commented.

Replace the {{logPath}} template with the complete path to logs/mops-event-broker/eventbroker.log.

Modify the mosquitto.conf file in the installation directory if Mosquitto. Add this line at the bottom of the file.

include_dir "<path-to-eventbroker-configuration>" - Use the complete path to the event broker configuration file conf/mops-event-broker/eventbroker.conf

When restarting the Mosquitto Service, change the account used by that service to the same one specified in the installer before starting the Mosquitto Service again.

Tagbroker URL (Ingress)

File: conf/ingress/rules.config

Edit the my-api-server object with the url to the Tagbroker.

"my-api-server": {
    "loadBalancer": {
        "passHostHeader": false, 
        "servers": [
            {
                "url": "http://<tagbroker>:9003"
            }
        ]
    }
}

Keycloak

File: conf/keycloak/keycloak.conf

Modify the Keycloak configuration file by replacing the templates:

{{dbPassword}}
{{databaseServer}}
{{databasePort}}
{{hostname}} - Full URL including https and /auth!

Modify the paths for the certificate file and the private key file:

https-certificate-file=<path-to-crt>/cert.crt
https-certificate-key-file=<path-to-key>/cert.key

Remaining Scripts

The creation of the database, certificates and Keycloak needs to be done manually. The following steps needs to be done in the order they are listed.

Database Setup

Initializing the database should be done using the script setup-database.ps1. It is vital that this script is run from the same directory where the dbdef folder is located.

Parameter	Type	Required	Default	Description
`-dbHost`	string	Yes	—	Hostname or IP address of the PostgreSQL server
`-dbPort`	int	No	`5432`	Port number of the PostgreSQL server
`-baseUrl`	string	Yes	—	Public-facing base URL of the MOPS 4.0 application, e.g. `https://mops.company.com`
`-initialUserName`	string	Yes	—	Full name of the initial MOPS administrator, e.g. `John Doe`
`-initialUserEmail`	string	Yes	—	Email address of the initial MOPS administrator
`-cms`	switch	No	—	Also creates the CMS (Condition Monitoring System) alertdb database and seeds related dirdb entities
`-Help`	switch	No	—	Show help message and exit

Example:

.\setup-database.ps1 `
    -dbHost "dbserver" `
    -dbPort 5432 `
    -baseUrl "https://mops.company.com" `
    -initialUserName "Jane Doe" `
    -initialUserEmail "jane.doe@company.com" `
    -cms # Switch for including CMS database.

Certificate Setup

Creating initial certificates for Keycloak should be done using the script setup-certificate.ps1.

Parameter	Type	Required	Default	Description
`-certPath`	string	No	`.\cert`	Directory where the certificate files will be written
`-opensslPath`	string	No	`.\sys\bin\openssl\openssl.exe`	Path to `openssl.exe`
`-opensslConfig`	string	No	`.\sys\bin\openssl\openssl.cnf`	Path to the `openssl.cnf` configuration file
`-baseName`	string	No	`cert`	Base name for generated files, producing `<baseName>.key`, `<baseName>.crt`, and `<baseName>.pem`
`-hostname`	string	No	Local machine FQDN	Hostname used as the certificate CN and Subject Alternative Name (SAN)
`-days`	int	No	`730`	Certificate validity period in days
`-organization`	string	No	`MOPSsys AB`	Organization name for the certificate subject
`-country`	string	No	`SE`	Two-letter country code for the certificate subject
`-state`	string	No	`VN`	State or province for the certificate subject
`-locality`	string	No	`OVIK`	City or locality for the certificate subject
`-Help`	switch	No	—	Show help message and exit

Most relevant example:

.\setup-certificate.ps1 `
    -certPath "E:/ProgramData/MOPSsys/MOPS4.0/cert" `
    -opensslPath "./tools/openssl/openssl.exe" `
    -opensslConfig "./tools/openssl/openssl.cnf" `
    -hostname "mops.company.com" `

Keycloak Setup

Keycloak and Ingress Services need to be running before running the script for Keycloak.

Initializing of Keycloak realms, clients and user configuration is done using setup-keycloak.ps1. The script can also update the {{clientSecret}} if general-config.json is specified.

Parameter	Type	Required	Default	Description
`-dbHost`	string	Yes	—	Hostname or IP address of the PostgreSQL server
`-dbPort`	int	No	`5432`	Port number of the PostgreSQL server
`-keycloakUrl`	string	Yes	—	Base URL of the Keycloak service, e.g. `https://mops.company.com/auth`
`-baseUrl`	string	Yes	—	Public-facing base URL of the MOPS 4.0 application, e.g. `https://mops.company.com`
`-initialUserName`	string	Yes	—	Full name of the initial MOPS administrator, e.g. `John Doe`
`-initialUserEmail`	string	Yes	—	Email address of the initial MOPS administrator
`-generalConfigPath`	string	No	—	Path to an existing `general-config.json`; when provided, the service account token URL, client ID, and secret are written into it after setup completes
`-Help`	switch	No	—	Show help message and exit

Example with updating general-config.json:

.\setup-keycloak.ps1 `
    -dbHost "dbserver" `
    -dbPort 5432
    -keycloakUrl "https://mops.company.com/auth" ` # URL where Keycloak is found.
    -baseUrl "https://mops.company.com" ` # URL of MOPS 4.0.
    -initialUserName "Jane Doe" `
    -initialUserEmail "jane.doe@company.com" `
    -generalConfigPath "E:/ProgramData/MOPSsys/MOPS4.0/conf/general/general-config.json"