Post Installation Tasks

Most web servers display its version and modules in use by default. Best security practices recommend that you disable this option, since it can be used to find vulnerabilities of your site.

1. Edit: <tomcat installed directory>/conf/server.xml file.

cd
cd /opt/pentaho/server/
sudo nano server.xml

1. Add following under Connector port and save the file

Server =” “
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
Server =" "
redirectPort="8443" />

x

Security Manager protects you from an untrusted applet running in your browser, use of a SecurityManager, while running Tomcat can protect your server from trojan servlets, JSPs, JSP beans, and tag libraries or even inadvertent mistakes.

start tomcat with –security argument
<tomcat installed directory>/bin# ./startup.sh -security

These instructions only work on Tomcat servers that are configured to accept context.xml overrides built into deployed .war files.

1. Stop the Pentaho Server.

cd
cd /opt/pentaho/server/pentaho-server
sudo ./stop-pentaho.sh

1. Edit context.xml.

cd
cd /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/META-INF
sudo nano context.xml

1. Change the context.

<context path="/company" docbase="webapps/company/">

1. Save.

CTRL + O
Enter
CTRL + x

1. Change directory name to the same context name:

~/Pentaho/server/pentaho-server/tomcat/webapps

In this example, rename the pentaho folder to company.

1. Edit the main .jsp page.

cd
cd /opt/pentaho/server/pentaho-server/tomcat/webapps/ROOT
sudo nano index.jsp

....
html
  <head>
    <title>Pentaho Business Analytics</title>
    <meta http-equiv="refresh" content="0;URL=/company">
  </head>
  ....

1. Finally change: fully-qualified-server-url.

cd
cd /opt/pentaho/pentaho-server/pentaho-solutions/system
sudo nano server.properties

....
# FullyQualifiedServerUrl is used only in the case of offline content generation
# and whenever something need to talk back to the server
fully-qualified-server-url=http://localhost:8080/company/
....

Pentaho server default port is 8080.

1. Stop the Pentaho Server.

cd
cd /opt/pentaho/server/pentaho-server
sudo ./stop-pentaho.sh

1. Navigate to.

cd
cd /opt/pentaho/server/pentaho-server/tomcat/conf/
sudo nano server.xml

1. Change the port number in the connector from 8080.

    <Connector URIEncoding="UTF-8"
       port="8090" protocol="HTTP/1.1"
       connectionTimeout="20000"
       redirectPort="8443"
       relaxedPathChars="[]|"
       relaxedQueryChars="^{}[]|&amp;"
       maxHttpHeaderSize="65536"
    />

1. Save.

Ctrl + o
Enter
Ctrl + x

1. Navigate to.

cd
cd /opt/pentaho/server/pentaho-server/pentaho-solutions/system 
sudo nano server.properties

1. Change the port number to match the port number set in the connector.

fully-qualified-server-url=http://localhost:8090/pentaho/

1. Save.

Ctrl + o
Enter
Ctrl + x

1. Restart Pentaho server.

cd
cd /opt/pentaho/server/pentaho-server
sh stop-pentaho.sh 

x

By default, tomcat is configured to be shutdown on 8005 port. Do you know you can shutdown tomcat instance by doing a telnet to IP:port and issuing SHUTDOWN command?

# telnet localhost 8005
Trying ::1... telnet:
connect to address ::1:
Connection refused Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SHUTDOWN Connection closed by foreign host.
#

You see having default configuration leads to high-security risk. It’s recommended to change tomcat shutdown port and default command to something unpredictable.

1. Edit Go to $tomcat/conf/server.xml file.

ii. Modify server.xml by using vim editor

<Server port="8005" shutdown="SHUTDOWN">

The default shutdown port and command must be changed or it should be disabled.

Having default page for not found, forbidden, server error exposes Tomcat version and that leads to security risk if you are running with vulnerable version. Let’s look at default 404 page.

To mitigate, you can first create a general error page and configure web.xml to redirect to general error page.

1. Go to $tomcat/webapps/$application

1. Create an error.jsp file

<html>
<head>
<title>404-Page Not Found</title>
</head>
<body> That's an error! </body>
</html>

1. Go to $tomcat/conf folder

• Add following in web.xml by using vi. Ensure you add before </web-app> syntax

<error-page>
<error-code>404</error-code>
<location>/error.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/error.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.jsp</location>
</error-page>

Restart tomcat server. Now, let’s test it.

The session timeout for all web applications must be set to 20 minutes. This can be done by editing the file in the $tomcat/conf/web.xml and setting the following configuration option:

<session-config>
<session-timeout>20</session-timeout>
</session-config>

Upon start up, the system waits for Karaf to install all of its features before timing out. If you modify Karaf and it now takes longer to install during start up, you may need to extend the default timeout setting to allow Karaf more time to install. The current default timeout is 2 minutes (120000 milliseconds).

You can change this default timeout by editing the server.properties file.

1. Stop the Pentaho Server.

2. Navigate to the /pentaho-server/pentaho-solutions/system directory.

3. Open the server.properties file with any text editor, and search for the karafWaitForBoot parameter.

4. Uncomment the line containing the parameter and set it to your desired wait time in milliseconds.

# This sets the amount of time the system will wait for karaf to install all of # it’s features before timing out. The default value is 2 minutes but can be # overridden here. #karafWaitForBoot = 120000

5. Save and close the file.

6. Restart the Pentaho Server.

By default, Pentaho provides a sample data source and a solution directory filled with example content. These samples are provided for evaluation and testing. Once you are ready to move from an evaluation or testing scenario to development or production, you can remove the sample content.

Follow the instructions below to completely remove the Pentaho sample data and solutions:

1. Stop the Pentaho Server.

sudo systemctl stop pentaho-server

ii. Delete the samples.zip file from the /pentaho-server/pentaho-solutions/system/default-content directory. If you performed a manual WAR build and deployment, then the file path is /pentaho-server/pentaho-solutions/system.

iii. Edit the /pentaho/WEB-INF/web.xml file inside of the deployed pentaho.war. As laid down by the Pentaho Plus graphical installer and archive packages, this path should be /pentaho-server/tomcat/webapps/pentaho/WEB-INF/web.xml. If you performed a manual WAR build and deployment, then you must adjust the path to fit your configuration.

iv. Remove the hsqldb-databases section from the /pentaho/WEB-INF/web.xml file:

v. BEGIN HSQLDB DATABASES

<!-- [BEGIN HSQLDB DATABASES] -->
<context-param>
<param-name>hsqldb-databases</param-name>
<param-value>sampledata@../../data/hsqldb/sampledata</param-value>
</context-param>
<!-- [END HSQLDB DATABASES] -->

vi. Remove the hsqldb-starter section from the /pentaho/WEB-INF/web.xml file:

vii. BEGIN HSQLDB STARTER

<!-- [BEGIN HSQLDB STARTER] -->
<listener>
<listener-class>org.pentaho.platform.web.http.context.HsqldbStartupListener</listener-class>
</listener>
<!-- [END HSQLDB STARTER] -->

viii. Remove the SystemStatusFilter:

Note: This is not part of the Pentaho samples; it provides error status messages that are only useful for development and testing purposes, and should be removed from a production system.

<filter>
<filter-name>SystemStatusFilter</filter-name>
<filter-class>com.pentaho.ui.servlet.SystemStatusFilter</filter-class>
<init-param>
<param-name>initFailurePage</param-name>
<param-value>InitFailure</param-value>
<description>This page is displayed if the Pentaho+ System fails to properly initialize.</description>
</init-param>
</filter>

i. Save and close the web.xml file.

ii. Delete the /pentaho-server/data/ directory. This directory does not exist if you installed Pentaho with the installation wizard. It contains a sample database, control scripts for that database, the environment settings it needs to run, and SQL scripts to initialize a new repository.

iii. Restart the Pentaho+ Server.

iv. Log on to the User Console with the administrator user name and password and go to the Browse Files page.

1. In the Folders pane, expand the Public folder and click to highlight the folder containing the Steel Wheels sample data. Click Move to Trash in the Folder Actions pane and confirm the deletion.

2. Highlight the folder containing the Pentaho Plus Operations Mart sample data. Click Move to Trash in the Folder Actions pane and confirm the deletion.

Your Pentaho+ Server instance is now cleaned of samples and development/testing pieces, and is streamlined for production.

The User Console default Home perspective contains the Getting Started widget, which has easy instructions and tutorials for evaluators.

Perform the following steps to hide not only the Getting Started widget, but also other Home perspective widgets.

1. Shut down the Pentaho Server if it is currently running.

   1. Choose one of the following options depending on your deployment status:

• If you have not yet deployed, navigate to:

/pentaho-platform/user-console/source/org/pentaho/mantle/home/properties/config.properties file.

• If you have manually deployed and want to hide widgets later, navigate to:

/pentaho-server/tomcat/webapps/pentaho/mantle/home/properties/config.properties file.

1. Find the line that starts with disabled-widgets= and type in the ID of the widget getting-started, as shown in the following example:

disabled-widgets=getting-started,recents,favorites

4. Save and close the file.

You can also hide the Recents and Favorites widgets using the same method.

1. Locate the /pentaho-server/tomcat/webapps/pentaho/mantle/home directory and open the index.jsp file with any text editor.

2. Find the following line of code and comment it out, then save and close the file.

<script language='JavaScript' type='text/javascript' src='http://admin.brightcove.com/js/BrightcoveExperiences.js'></script>

1. Start the Pentaho Server and log in to the User Console.

The User Console's sign-in settings have autocomplete turned on by default.

Perform the following steps to manually turn off the autocompletion functionality:

1. Stop the Pentaho Server.

2. Modify PUCLogin.jsp.

cd
sudo nano /opt/pentaho/server/pentaho-server/tomact/webapps/pentaho/jsp/PUCLogin.jsp

1. Locate the following sections of code and change the autocomplete entry to off, as shown:

<input id="j_username" name="j_username" type="text" placeholder="" autocomplete="off">

<input id="j_password" name="j_password" type="password" placeholder="" autocomplete="off">

1. Save and close the PUCLogin.jsp file.

2. Restart the Pentaho Server.

You can prevent too many resources from hitting your database server at once by setting a system-wide maximum row-limit for Pentaho Interactive Reports. Your users can still define their own design-time row limits in PIR, but they will never be able to go over the maximum number of rows that you have specified while designing their reports.

1. Stop the Pentaho Server.

sudo systemctl stop pentaho-server

1. Edit: /opt/pentaho/server/pentaho-server/pentaho-solutions/system/pentaho-interactive-reporting/settings.xml file.

cd
cd /opt/pentaho/server/pentaho-server/pentaho-solutions/system/pentaho-interactive-reporting
sudo nano settings.xml

1. Navigate to: <query-limit> tag and change the default number of 100000 within the tags to the maximum number of rows desired.

<!– The maximum number of rows that will be rendered in a report on PIR edit and view mode. A zero value means no limit. –>

<query-limit>100000</query-limit>

1. Save.

CTRL + O
Enter
CTRL + X

1. Start the Pentaho Server.

sudo systemctl start pentaho-server

If you are migrating content from a previous version, you will need to add the <query-limit> tag to your settings.xml for PIR.

You may find that you need to increase the size of the upload limit for your CSV files. These steps guide you through this process.

1. Go to /pentaho-server/pentaho-solutions/system and open the pentaho.xml file.

Edit the XML as needed (sizes are measured in bytes):

<file-upload-defaults>
<relative-path>/system/metadata/csvfiles/</relative-path>
<!-- max-file-limit is the maximum file size, in bytes, to allow to be uploaded to the server -->
<max-file-limit>10000000</max-file-limit>
<!-- max-folder-limit is the maximum combined size of all files in the upload folder, in bytes. -->
<max-folder-limit>500000000</max-folder-limit>
</file-upload-defaults>

1. Save your changes to the file.

1. In the User Console, go to Tools > Refresh System Settings to ensure that the change is implemented.

1. Restart the User Console.

Change the Staging Database for CSV Files

Hibernate is the default staging database for CSV files. Follow these instructions if you want to change the staging database.

1. Go to /pentaho-solutions/system/data-access and open the settings.xml file with any text editor.

1. Edit the settings.xml file as needed. The default value is shown in the sample below.

iii. <!– settings for Agile Data Access –>

iv. <data-access-staging-jndi>hibernate</data-access-staging-jndi>

This value can be a JNDI name or the name of a Pentaho Database Connection.

1. Save and close the file.

1. Restart the User Console