Configuring MongoDB for use with BMC AMI DevX Total Test Repository Server
This section describes how to configure MongoDB for use with Total Test Repository Server. The configuration of MongoDB is done by updating the application.properties file.
Configuring the application.properties file
The application.properties file contains properties that need to be configured before starting the Repository Server. This section describes the possibilities. The file is located at CES_DATA_DIRECTORY/totaltest/config/application.properties. All properties can be left untouched for a pilot installation. But for production usage, security settings on the database connection are recommended.
Configuring MongoDB SSL and authorization
When the MongoDB server is setup with authorization, the mongodb.secured property must be set to true and the username and password must be specified in the mongodb.username and mongodb.password properties. If the password is not allowed in clear text, then the Functional Test installation provides the encrypter.sh. The encryption tool can be run from a command line in the installation directory. When issuing the below command, it will encrypt the password and modify the application.properties file where it will set the mongodb.password to the encrypted password.
The password for the truststore can also be encrypted as follows:
The CES installer will allow you to choose the authorization to MongoDB and will automatically encrypt the password.
The shell script will prompt for the MongoDB password and the truststore password.
When SSL should be used for communicating with MongoDB, then set the mongodb.ssl=true. Also, the MongoDB certificate must be installed as described in earlier section about SSL.
spring.profiles.active=mongodb
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
# Port to listen at. Will only be used in standalone mode
server.port = 80
# Path to the xatester log
logging.file = /opt/xatester/logs/xatester.log
#logging.file=logs/xatester.log
# Name of the logback file to configure logging.
# Path must be absolute when running as app in app server
logging.config = /opt/xatester/logback.xml
#logging.config = logback.xml
#
# Sets the number of concurrent threads in the thread pool of the task executor. Too big a number might drain the server for memory
# while a too long number might stack up a queue of contexts to execure
#
threadpool = 20
#
# Sets the number of concurrent threads in the scheduled executor. This is used by scheduling tasks.
# The scheduled executor does not do any work and will be quickly finished because it starts an async task using the TaskExecutor, that uses the threadpool parameter above
#
scheduledthreadpool=20
#
# MongoDB location.
# When using a replicate set, specify a comma separated list of ip addresses and ports in the form <ip>:<port>,<ip>:<port>,...
#
mongodb.uri=localhost:27017
mongodb.database=xatester-dev-repository
#
# MongoDB with authorization
# The mongodb.password in this file can be encrypted with the encrypter.sh utility
#
mongodb.secured=false
mongodb.username=xatester
mongodb.password=xa4mongo
# MongoDB with SSL
mongodb.ssl=false
#
# XaTester truststore
# Must contain certificates from all servers that XaTester should communicate with using SSL.
# Normally this will be an LDAP server, the MongoDB server and the zOS agent certificates
# The path to the truststore must be absolute when running on an application server. Or it can be relative to the application server installation
# If you want to use the JVM truststore instead, then remove the truststore.path option below. The JVM truststore file is located at jre\lib\security\cacerts
# The truststore.password in this file can be encrypted with the encrypter.sh utility
# Path must be absolute when running as app in app server
#
truststore.path=/opt/xatester/xatester.keystore
#truststore.path=xatester.keystore
truststore.password=ssl4xatester
#
# When running in standalone mode, use the below settings in order to enable https
#
#server.ssl.key-store: xatester.keystore
#server.ssl.key-store-password: ssl4xatester
#server.ssl.keyStoreType: JKS
#server.ssl.keyAlias: tomcat
Setting up SSL
Functional Test can be setup to communicate through SSL/TLS for all network connections. The following connections can be configured for SSL/TLS:
- Communication with an external MongoDB server
- Communication with the z/OS Agent (HCI Encrypted connection)
- Communication with an LDAP / Active Directory server for authorizing users
For all SSL/TLS connections certificates from the relevant servers must be available and installed in either the JVM truststore or in the provided xatester.keystore file. In the application.properties file it can be set if xatester.keystore should be used instead of the default JVM truststore file.
MongoDB server communication is setup in the application.properties file, while the setup and use of LDAP is configured through the web client.
A mainframe AT-TLS certificate can be exported from ISPF as a base64 encoded .x509 certificate. You can create a new keystore file with this command with a self signed certificate for Tomcat:
In the following examples, we assume that you define a password for the keystore that is ssl4xatester
You can generate a self-signed certificate for e.g. the MongoDB server by this command. It will generate the certificate and a private key:
mongodb-cert.key
To import a certificate into the xatester keystore, use
ssl4xatester
The default truststore in a JRE can also be used for installing server certificates. It is located at jre\lib\security\cacerts, and a certificate can be installed by the command: