SIMP Console
  1. Welcome to the SIMP Console Documentation

Introduction

System Requirements

Notice: Hard drive specifications assume the database file is stored locally. If this is not the case, SIMP Console only requires 150MB of local storage.

SIMP console has currently been tested on Chrome version 50 and above, Safari version 12, and Microsoft Edge version 42.

At minimum your Linux system (or VM environment) should be able to utilize a dual-core CPU, 2GB of RAM and 500MB of local storage. We recommend a quad-core CPU with at least 6GB of RAM and 5GB of local storage to run SIMP Console comfortably.

SIMP Console Installation

The SIMP Console is currently only available from the SIMP Enterprise Edition YUM Update servers. To install, you must first install the SIMP YUM repository configuration and GPG keys, followed by installing SIMP console itself with the command yum install simp-console.

Installing SIMP Console from YUM Repositories

These YUM repositories require a valid license key in order to install or upgrade from. Once you have received your license key file from your account executive, copy it into /etc/simp/license.key on the server you are installing the SIMP Console to. This license key is required to install and to upgrade to any new versions of the SIMP Console.

Install SIMP 6 YUM Repository

RPM

yum install https://download.simp-project.com/simp/yum/simp-6-platform.rpm

Manual Instructions

Unstable (Development) YUM Repository

RPMs within the unstable repository are considered development RPMs and may break or change suddenly. These RPMs are provided to users for testing purposes only and are NOT supported.

RPM

yum install https://download.simp-project.com/simp/yum/simp-unstable-platform.rpm

Manual Instructions

Installation Extras

Installing a modern vendored Ruby (optional)

The SIMP Console requires Ruby version >2.3. If you are running EL6 or EL7 we provide an updated version of Ruby that will automatically be used by the SIMP Console if installed:

yum install simp-vendored-ruby

Installing Plugins

Plugins are ruby gems that are installed into the environment. These gems are then loaded by SIMP Console based upon the contents of the plugin array. For example, a github_auth plugin can be installed by gem install jaeger-plugin-github_auth, and enabled by adding ‘github_auth’ to the plugin list in simp-console.yml:

plugins:
  - 'github_auth'

Configuring SIMP Console

Configuring the system is done by adding settings to the /etc/simp/simp-console.yml file.

To prevent attacks based on predictable session cookies, it is highly recommended to set jaeger.session-cookie to a random value in simp-console.yml:

jaeger.session-cookie: ur10GFPzn20RfkpdXklZ

Configuring the Administrator Account

SIMP Console creates this default account with full admin privileges:

Username: admin
Password: password

It is highly recommended to change the default username and password. You can also set a default admin token for the default administrative user to better facilitate using the REST API from systems like Puppet.

Changing the Default Password

Passwords in the config file are only stored as crypt(3)-style salted hashes. In order to make it easier to generate, simp-console contains a helper flag that will take a plain text password and return the hash suitable for the configuration file:

simp-console -e ‘password’

And then add the output to the config file

jaeger.default_admin_password: '$5$7c03659ec01eab77$RB.C4ovajCc9m/JL2.oGX02OlpgMqJmejI72FutgbM5'

Changing the Default Username

It is also best practice to change the default ‘admin’ username to be something site specific:

jaeger.default_admin_username: "simp_root_admin"

Setting the Default Admin Token

The default authentication token is used to interact with the REST API without an account

jaeger.default_admin_token: "mYxiQo0JCoVdGCZOwLzs"

Directory Service Configuration

Notice: Although possible to add directory services to SIMP Console using the yml configuration. It is highly recommended that they are implemeneted using the user interface.

The LDAP plugin is installed in SIMP Console by default.

Using The User Interface

A directory service can be added by clicking Create New Entry in the directory services page under the administration tab.

Using simp-console.yml

To configure a directory service in the simp-console.yml add jaeger.directory_services.
Each directory service is added as an element to jaeger.directory_services and take the following parameters.
name - The canonical name of the service, this is the name that is shown when listed as a domain on the SIMP Console login page
Example: name: "Vagrant LDAP Test Server"

auth_provider - The authentication provider to use
Example: auth_provider: "ldap"

create_user - Specifies whether or not to automatically create a new SIMP Console user on successful login with an unlinked account.
Example: create_user: true

settings - A hash of additional plugin specific options

LDAP Configuration

Using The User Interface

Simply click Create New Entry to add a new entry, select LDAP as the authentication provider, and fill in the relevant details

Using simp-console.yml

Example of two valid LDAP configurations

jaeger.directory_services:
  - name: "Vagrant LDAP Test Server"
    auth_provider: 'ldap'
    create_user: true
    settings:
      domain_component: "dc=jaeger,dc=local"
      organization_unit: "People"
      host: "127.0.0.1"
      port: 9080
  - name: "Staging LDAP Test Server"
    auth_provider: 'ldap'
    create_user: true
    settings:
      domain_component: "dc=staging,dc=local"
      organization_unit: "People"
      host: "192.168.0.27"
      port: 9080

The following are specific settings relating to LDAP authentication, and are located in the settings hash of the file.
domain_component- The domain component string

organization_unit - The organization unit string

host - The IP or domain of the target LDAP server

port - The port to connect to the target LDAP server

Configuring Google Auth

Unlike other directory services, a Google Auth login must be configured in the simp-console.yml file.

The following parameters must be set in order for Google auth to correctly operate.

googleauth.client_id
googleauth.client_secret
googleauth.domain
googleauth.create_new_user

The first three parameters are provided by Google when registering an API to use for google auth. The final parameter can either be set to ‘true’ or ‘false’ and will have SIMP Console generate a new user if they successfully login but they do not have a SIMP Console account linked to their google login.

The following is a sample of what the configuration can look like:

googleauth.client_id: <clientid>.apps.googleusercontent.com
googleauth.client_secret: <client secret>
googleauth.domain: onyxpoint.com
googleauth.create_new_user: true

Configuring the Database

Without any configuration, SIMP Console stores its settings in a SQLite database located in /var/db/simp/simp-console.db. While this is sufficient for small sites or demonstration purposes it is recommended to use PostgreSQL for larger sites.

Using SQLite

Make sure the SIMP Console user has read and write access to the file and its containing directory.

jaeger.database: sqlite:///path/to/location/simp-console.db

Using PostgreSQL

Specify a full URL to the database you want to connect to, and the username and password to authenticate with:

jaeger.database: 'postgres://user:[email protected]/my_db'

Changing the Database Table Prefix

By default the SIMP Console configures a table prefix for all tables it manages. This allows admins the capability to run multiple SIMP Console instances using the same underlying database, for example, having a production, staging, or dev tables all within the same database.

By default this is set to production, but it can be changed:

jaeger.database_table_prefix: dev

Which will create all database tables with dev_ in front of them.

Setting the hashing algorithm for the database schema enginge

jaeger.schema_engine.signature_hash: "SHA384"

Pruning Report Data

To keep the database from storing too many reports, the user can specify the maximum number of reports to store per node using the following setting. The default is 3

jaeger.max_reports: 3

Configuring Security Settings

Changing Cryptographic Settings

Some cryptographic settings used by the SIMP Console have configuration options specified in the config file to meet some policy requirements.

To set the hashing algorithm for the webserver’s HMAC algorithm use the following setting

jaeger.rack-session.hmac: "SHA384"

Configuring Listen Address and Port

The address and port can be specificed using the following parameters

jaeger.listen_ip: 0.0.0.0
jaeger.listen_port: 4567

Using NGINX for SSL termination

<space intentionally left blank>

Running SIMP Console

By default the simp-console RPM creates a user called simp-console, and sets permissions on its default files based on the SIMP Console user. Commands for SIMP Console should be run by the simp-console user.

There is also a Puppet module available for management of the simp-console service and configuration.

Running SIMP Console Manually

To run simp-console from the command line run: sudo -u simp-console simp-console.

Running SIMP Console at Boot

The simp-console RPM sets up a systemd unit file on el7, or a sysvinit service file on el6. You’ll need to enable the service, then start it.

EL6

chkconfig simp-console on
service simp-console start

EL7

systemctl enable simp-console
systemctl start simp-console

Running a DEMO of SIMP Console

First, ensure simp-console is running. The simp-console-demo command is configured to send the demo data to localhost:4567. Therefore, a demo of SIMP Console should be run on the same machine where SIMP Console is already running on the default port. To run the script, simply type simp-console-demo. The script will automatically start feeding demo data into simp-console.