Kyvos Manager now supports installing, monitoring, and managing the Kyvos Reporting Service component in both on-premises and cloud environments.
Prerequisites
To deploy Kyvos Reporting Service, you will need to create a machine with all the required prerequisites, as described below.
Kyvos Reporting must be deployed on a dedicated node.
Kyvos Reporting must be deployed on Linux only and on the same Operating System as used by Kyvos.
NOTE: Machines based on Windows, MAC, or any unsupported Operating System will not be supported.Minimum 30 GB of free disk space
Minimum 4 GB of RAM
The following commands must be present to access DFS.
For on-premises, the hdfs command.
For AWS and GCP, the aws s3 command.
For Azure, the azcopy command.
Credentials to access the machine over SSH must be the same as those of other existing machines of the cluster.
Kyvos Reporting machine must have the same user account as the Kyvos machine.
Kyvos services should not be running on the Kyvos Reporting machine.
Kyvos Reporting machine must be in the same network and able to access Postgres (bundled or external).
Required ports: 45450 and 8080
For an on-premise cluster, the machine for Kyvos reporting should be part of the same Hadoop cluster in which Kyvos is deployed. In other words, the Kyvos reporting node should be able to access hdfs.
The installation directory on the Kyvos Reporting node must be the same as Kyvos. For example, if Kyvos is installed on /data1/kyvos, Kyvos reporting should also require this directory with the same set of rights.
Before installing Kyvos Reporting, copy the Kyvos Reporting bundle in the ../kyvosmanager_war/kyvosmanagerdata/server/repo/KyvosReporting/ directory on the Kyvos Manager node.
Create a Kyvos Reporting directory inside the repository if not present.
Deploying Kyvos Reporting Service
To deploy a Kyvos Reporting Service,
For scaling-supported environments, click here.
For environments that do not support scaling, click here.
Post Deployment Steps
The following are the post-deployment steps for deploying the Kyvos Reporting Service.
Installing Fonts for specific types of reports
To use the export feature of Kyvos Reporting's Smart Report, Adhoc Report, and Studio Reports, you must install supported fonts on the machine where the Kyvos Reporting Service has been deployed.
Log in to your Linux machine.
Navigate to the /usr/share\ location and check the fonts folder. If the fonts folder is not present, execute the following commands to install the fonts:
sudo apt update sudo apt install fontconfig sudo apt install ttf-mscorefonts-installer sudo fc-cache -f -v
Note
In case fonts installation failed, copy the fonts available on Kyvos Reporting setup to the machine’s, where the Kyvos Reporting Service has been deployed, fonts folder.
To do this, execute the following commands:
sudo cp <installation directory>/kyvos/approger/KyvosReporting/reportengine/fonts/*.ttf /usr/share/fonts/truetype/
sudo fc-cache -f -vRestart Kyvos Reporting portal and Reporting Server services.
Repository Connection Setup
To set up a repository connection, select the Is Repository checkbox on the Connection page to use this connection as the application's default repository to fetch and store metadata. For further details about other common properties while making a connection, see Intellicus documentation.
Any RDBMS database—Postgres, MSSQL, ORACLE, or MYSQL—can be used as a Repository in Kyvos reporting. A fresh database running on the same server or a different server (accessible by the Kyvos Reporting node) is required.
Note
After installing Kyvos Reporting Service, the DemoRepositoryDB is set as the default repository. To use a PostgreSQL connection as a repository, create a repository connection on the Kyvos Reporting Connection page. After creating a connection, restart the Kyvos Reporting Service node via Kyvos Manager.
Kyvos Connection Setup
To connect to Kyvos semantic models and fetch data for reporting, you must set up a Kyvos connection. This will enable you to process large amounts of data and create multi-dimensional reports. For further details about setting up a Kyvos connection, see Intellicus documentation.
Note
Kyvos supports both MDX and SQL queries. However, for Kyvos Reporting using Kyvos semantic models, only SQL queries will function with the Kyvos Reporting Query Object as it uses SQL based JDBC connection, which exclusively supports SQL queries.
Creating a secured Kyvos connection with Kyvos Reporting Portal
Establish a Kyvos connection in Kyvos Reporting Portal: When using Kyvos 2024.2, you must perform manual steps to create a Kyvos connection in the Kyvos Reporting Portal.
Uploading Hive Jars for Kyvos connection creation in Kyvos Reporting Portal: When using Kyvos releases earlier to Kyvos 2024.2, you must first upload Hive Jars at the Kyvos Reporting Portal and then create a Kyvos connection in the Kyvos Reporting Portal.
Establish a Kyvos connection in Kyvos Reporting Portal
After deploying Kyvos Reporting Service node, if Kyvos and Kyvos Reporting are running in secured (HTTPS mode), in this case you need to establish a Kyvos connection in Kyvos Reporting Portal. To do this, you need to perform the following manual steps.
Before creating a secured connection, ensure the following:
The certificate must be in the .cer or crt format. If the certificate is in the .jks format (not in .cer or crt format), you must export the certificate into .cer or crt format.
Import the Kyvos certificate to the Kyvos Reporting cert. Similarly, the Kyvos Reporting certificate will be imported to the Kyvos cert.
Exporting the certificate details
To export the certificate details, do one of the following:
Using Web Browser
Open web browser and type the Kyvos or Kyvos Reporting URL in the address bar of the web browser.
Kyvos: https://<ip/hostname>:port/kyvos
Kyvos Reporting: https://<ip/hostname>:port/kyvosreporting
Depending on your browser, you can usually access certificate details by clicking the padlock icon next to the website's URL in the address bar. This icon typically indicates that the connection is secure.
In the context menu, right-click the padlock icon or in the browser's security settings, look for an option View Certificate or Certificate information.
Here's an example image to help you open certificates on Google Chrome or Microsoft Edge. If you're using a different web browser, you can search for instructions.
Google Chrome | Microsoft Edge |
---|---|
Using terminal
Go to the terminal, and navigate to the location where certificate is placed.
To check the alias stored in .jks file, execute the keytool -list -v -keystore your_keystore.jks command.
Execute the keytool -export -alias your_alias -file certificate.cer -keystore your_keystore.jks command to export the certificate from the .jks file to a file in X.509 certificate format (usually with a .cer or .crt extension).
Replace your_alias with the alias of the certificate entry in your keystore, and your_keystore.jks with the path to your .jks file.
Importing certificate details
After exporting the certificate into .cer or .crt format, you need to import the Kyvos certificate to Kyvos Reporting JRE. Similarly, Kyvos Reporting certificate will be imported to Kyvos JRE. To do this, perform the following steps.
To import Kyvos Reporting certificate in JRE of Kyvos,
Navigate to the ../kyvos/approger/kyvos/jre_latest/lib/security installed directory location where Kyvos is installed and place the generated certificate under security folder.
Execute the keytool -import -v -trustcacerts -alias your_aliasname -file your_certificatename.cer/crt -keystore cacerts to import the certificate.
To import Kyvos certificate in JRE of Kyvos Reporting,
Navigate to the ../kyvos/app/KyvosReporting/jre/lib/security installed directory location where Kyvos is installed and place the generated certificate under security folder.
Execute the keytool -import -v -trustcacerts -alias your_aliasname -file your_certificatename.cer/crt -keystore cacerts to import the certificate.
Verify that the Kyvos and Kyvos Reporting certificate domain.
If Kyvos and Kyvos Reporting are using the same certificate to run the URL in HTTPS mode, after importing the certificates on both the nodes where Kyvos Reporting and Kyvos is running, you must map host name and IP under hosts file at the /etc/hosts location.
On Kyvos Reporting node: Kyvos node IP and host name
On Kyvos node: Kyvos Reporting node IP and host name
For example, ifIP: 127.0.0.1
Hostname: xyz
then entry in the hosts file should be 127.0.0.1 xyz
If Kyvos and Kyvos Reporting are using different certificates to run the URL in HTTPS mode, after importing the certificates on both the nodes where Kyvos Reporting and Kyvos is running, you must map host name, IP address and certificate name under hosts file at the /etc/hosts location.
On Kyvos Reporting node: Kyvos node IP, host name, and certificate name
On Kyvos node: Kyvos Reporting node IP, host name, and certificate name
For example, ifIP: 127.0.0.1
Hostname: xyz
Certificate name: certificatename.cer/crt
then entry in the hosts file should be 127.0.0.1 xyz certificatename.cer/crt
Login to Kyvos Manager.
In the navigation pane, click Kyvos and Ecosystem > Kyvos Properties.
On the Kyvos Properties page, in the Globals.properties section, search for the INTELLICUS_URL property and provide the Kyvos Reporting HTTPS URL:
If Kyvos and Kyvos Reporting are using the same certificates to run the URL in HTTPS mode, enter:
INTELLICUS_URL - https://<machine hostname>:port/kyvosreportingIf Kyvos and Kyvos Reporting are using different certificates to run the URL in HTTPS mode, enter:
INTELLICUS_URL - https://<certificate name>:port/kyvosreporting
Save the configuration and restart Kyvos Web Portal.
Go to Kyvos Reporting Portal and create a new connection.
Note
Instead of using Server IP, use Kyvos machine hostname under the Host option. Provide necessary details to create the connection, such as Provider, Driver Version, HTTP Path, Port (HTTPS port), username, and select the SSL option as true.
On the Connection page, in the SSL Trust Store field, enter the Trust store path as ../kyvos/app/KyvosReporting/jre/lib/security/cacerts
Enter Trust store password in the SSL Trust Store Password field.
After configuring the settings, click the Test button from the top right to validate the connection settings.
If the connection is valid, click the Save button. This will establish a Kyvos connection in Kyvos Reporting Portal.
Note
When modifying the connection, you need to re-enter the SSL Trust Store Password, and then Test and Save the connection.
Uploading Hive Jars to create a Kyvos connection in Kyvos Reporting Portal
To create Kyvos connection at Kyvos Reporting Portal using Kyvos earlier releases, you have to manually deploy the Hive jars at Kyvos Reporting Portal.
Login to Kyvos Reporting Portal.
Go to Navigate > Configure > Connection > click on Actions menu (…), and then click Upload Driver.
For uploading the driver, refer to Intellicus documentation.After deploying the Hive jars, restart Kyvos Reporting Service.
Login to Kyvos Manager.
In the navigation pane, click Kyvos and Ecosystem > Kyvos Properties.
On the Kyvos Properties page, in the Globals.properties section, click Add Property. The Add Property dialog appears.
In the Add Property dialog, add property name as REPORTING_PORTAL_URL and mention the Kyvos Reporting URL as
http://<ip>:<port>/kyvosreporting/rest/tokenValidator/validateTokenAfter saving the property, restart the Kyvos Web Portal.
Login to Kyvos Reporting Portal, and create a Kyvos connection.
Enabling Transport Security Layer (TLS)
Enable TLS communication between the report engine and web client components: The Kyvos Reporting portal supports TLS communication between the report engine and web client components. This feature mitigates risks associated with unsecured transmission. For further details about enabling TLS, see Intellicus documentation.
After performing post-deployment steps, you can sign in to Kyvos Reporting Services to design smart reports, charts, and dashboards without knowing where and how the data is fetched from the database. For more information about Kyvos Reporting, see the Intellicus documentation.Accessing Kyvos Reporting when integrating with Kyvos: After enabling TLS, you need to perform the following manual steps to allow cross-site requests to access Kyvos Reporting when integrating with Kyvos.
Note
The integrated application (Kyvos Reporting) should run in SSL mode.
Ensure that you use valid certificates from Signed Authorities in both the applications.
In case of untrusted certificate or key store, Kyvos Reporting certificate file should be present in Trusted store of your application JVM. See the Importing Certificate Details section.
To access Kyvos Reporting when integrating with Kyvos, perform the following steps.
SSH to Kyvos Reporting node.
Navigate to the installation path of Kyvos Reporting /jakarta/conf/
In the conf folder, the context.xml and web.xml files are displayed.
Add the following CookieProcessor tag in the context.xml file:
<!-- Default set of monitored resources. If one of these changes, the --> <!-- web application will be reloaded. --> <WatchedResource>WEB-INF/web.xml</WatchedResource> <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource> <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> <!-- Uncomment this to disable session persistence across Tomcat restarts --> <!--<Manager pathname="" />--> <CookieProcessor sameSiteCookies="none" /> </Context>
Add the secure tag in the cookie-config in web.xml file:
<session-config> <session-timeout>30</session-timeout> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> </session-config> <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value> https://<KyvosWebAppIP>:<Port></param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Restart the server after making above changes.
Kyvos Reporting integration with Kyvos
You need to perform some manual steps if:
Kyvos Reporting and Kyvos are deployed on different URL or are on different network
Kyvos reporting is TLS or HTTPS based
Note
Browser policy does not allow cross-site requests by default, so manual steps must be completed to set automatic logout for Kyvos Reporting Integration with Kyvos.
Perform following manual steps.
SSH to Kyvos Reporting node.
Navigate to the installation path of Kyvos Reporting /jakarta/conf/
In the conf folder, the context.xml and web.xml files are displayed.
Add the following CookieProcessor tag in the context.xml file:
<!-- Default set of monitored resources. If one of these changes, the --> <!-- web application will be reloaded. --> <WatchedResource>WEB-INF/web.xml</WatchedResource> <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource> <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource> <!-- Uncomment this to disable session persistence across Tomcat restarts --> <!--<Manager pathname="" />--> <CookieProcessor sameSiteCookies="none" /> </Context>
Known Behavior
Selecting the Kyvos Reporting link from the Kyvos Manager dashboard redirects to the IP-based Kyvos Reporting URL, not the load-balanced Kyvos reporting URL.
TLS is not supported in Kyvos Reporting deployment.
All the Kyvos Reporting services (Kyvos Reporting Server and Kyvos Reporting Portal) are installed on the same node.
Migration of Kyvos Reporting services from one node to another is not supported.
Postgres instance is shared between Kyvos and Kyvos Reporting.
If Kyvos Reporting Service has already been deployed and you want to roll back the Kyvos Manager release earlier to 2024.2, then before performing Kyvos Manager rollback, you must remove Kyvos Reporting Service.
Related topics: