Forge Home

cognos

Installs and configures Cognos.

7,199 downloads

5,678 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.1.8 (latest)
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Jun 10th 2017
This version is compatible with:
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jpuskar-cognos', '0.1.8'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jpuskar-cognos
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jpuskar-cognos --version 0.1.8

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

jpuskar/cognos — version 0.1.8 Jun 10th 2017

cognos

Table of Contents

  1. Description
  2. Setup - The basics of getting started with cognos
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This module installs and configures a basic cognos server using db2.

Setup

Setup Requirements

  • The cognos install binary must be pre-staged and the parameters named installer_source_dir and installer_filename configured.
  • DB2 must already be installed*, and the cognos class parameters db2_install_path, db2_service_name, and db2_instance_user must be correct. See init.pp for the defaults.

*Note: the provided Vagrantfile will install db2 using the jpuskar-db2 module. See the heading below labeled 'Development'.

Usage

class {'cognos':
  cognos_user_password    => 'mypass',
  cognos_db_user_password => 'mypass',
  cog_users_password_salt => 'random phrase',
  installer_source_dir    => '/root',
  installer_filename      => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
}

TLS / SSL

For IPA Authentication

The Cognos certificate database can be managed with this module.

  1. Stage the LDAP server's LDAPS public certificate on the target node.
  2. Use the following pattern for the ldaps_public_certs_to_trust parameter.
$cert_db_path = '/opt/ibm/cognos/analytics/configuration'
$ldaps_public_certs_to_trust = [
  {
    source_file  => '/etc/pki/ca-trust/source/anchors/ipa_root_cert_pub.pem',
    cert_db_path => $cert_db_path,
  },
  {
    source_file  => '/etc/pki/ca-trust/source/anchors/ipa_dc1_cert_pub.pem',
    cert_db_path => $cert_db_path,
  }
]

class {'cognos':
  cognos_user_password        => 'mypass',
  cognos_db_user_password     => 'mypass',
  cog_users_password_salt     => 'random phrase',
  installer_source_dir        => '/root',
  installer_filename          => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
  ldaps_public_certs_to_trust => $ldaps_public_certs_to_trust,
  manage_ldaps_cert_db        => true,
}

For Web

I recommend using nginx in front of Cognos for TLS/SSL. However, it's important to note that if you want to use Webdav with Cognos using Nginx, on Centos this will require re-compiling nginx with webdav support.

Example manifest:

include '::selinux'

file {'/etc/pki/tls/certs/mycert.net.crt':
  ensure  => 'present',
  content => 'contents_of_cert_file',
}

file {'/etc/pki/tls/certs/mycert.net.key':
  ensure  => 'present',
  content => 'contents_of_cert_file',
}

class {'::nginx': }
~> class {'cognos':
  cognos_user_password            => 'mypass',
  cognos_db_user_password         => 'mypass',
  cog_users_password_salt         => 'random phrase',
  installer_source_dir            => '/root',
  installer_filename              => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
  firewall_firewall_ports_to_open => [80, 443],
  gateway                         => "https://${::fqdn}:443/bi/v1/disp",
}

selinux::boolean {'httpd_can_network_connect':
  ensure => 'on',
}

selinux::boolean {'httpd_setrlimit':
  ensure => 'on',
}

With the following hiera:

nginx::nginx_vhosts:
  'cognos':
    server_name:
      - "%{::fqdn}"
    ssl:                  true
    listen_ip:            "%{::networking.ip}"
    ssl_cert:             '/etc/pki/tls/certs/mycert.net.crt'
    ssl_key:              '/etc/pki/tls/private/mycert.net.key'
    use_default_location: false
    rewrite_to_https:     true
    index_files:          []
nginx::nginx_locations:
  '/':
    location:             '/'
    vhost:                'cognos'
    ssl:                  true
    ssl_only:             true
    proxy:                "http://127.0.0.1:9300"
    proxy_set_header:
      - 'X-Forwarded-Proto $scheme'
      - 'Host              $host'
      - 'X-Forwarded-For   $proxy_add_x_forwarded_for'

Reference

Class parameters

auth_provider_config

Configures authentication providers. For the full set of provider_config parameters, see the class cognos::config::auth_provider::ipa.

Example from a manifest:

$auth_providers => {
  'ipa_1' => {
    provider        => 'ipa',
    provider_config => {
      base_dn       => 'my_base_dn',
      bind_username => 'my_bind_user',
      bind_password => 'my_bind_pwd',
      host_port     => 'my_dc.ipa.example',
    }
  }
}

class {'cognos':
  cognos_user_password    => 'mypass',
  cognos_db_user_password => 'mypass',
  cog_users_password_salt => 'random phrase',
  installer_source_dir    => '/root',
  installer_filename      => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
  auth_provider_config    => $auth_providers,
}

Example from hiera:

cognos::auth_provider_config:
  'ipa_1':
    provider: 'ipa'
    provider_config:
      base_dn: 'my_base_dn'
      bind_username: 'my_bind_user'
      bind_password: 'my_bind_pwd'
      host_port: 'my_dc.ipa.example'

Please see the individual manifest files for additional parameters.

Limitations

This module has only been tested with:

  • Cognos 11.0.5 using DB2 Express V10.1 on Centos 7.3.
  • Cognos 11.0.6 using DB2 Express V10.1 on Centos 7.3.

In addition, it currently does not support:

  • Content Managers other than DB2 running on localhost.
  • Multiple servers / tires.
  • Authentication providers other than IPA via LDAP.

Development

This module includes a Vagrantfile for easy testing.

Steps to get started:

  1. Install vagrant.
  2. Install virtualbox.
  3. Clone this repo.
  4. Stage the Cognos and DB2 binares.
  5. Run vagrant up in a terminal window from the root of the repo.

Staging the binaries

The Cognos installer file must reside in ./puppet-cognos/vagrant and the db2 installer must be extracted.

The folder structure must look like the following:

puppet-cognos/Vagrantfile
puppet-cognos/vagrant/
puppet-cognos/vagrant/ca_srv_lnxi38664_11.0.5.16111917.bin
puppet-cognos/vagrant/v10/
puppet-cognos/vagrant/v10/exp/
puppet-cognos/vagrant/v10/exp/db2setup

Troubleshooting

Service logs

Systemd will write the output of cogconfig.sh to /var/log/messages. To see what's going on, do this:

tail -f /var/log/messages

Cognos writes logs in many locations, but some good ones to start with are:

/var/log/cognos/common/cogserver.log
/var/log/cognos/wlp/messages.log

Occasionally, logs will show up in:

/opt/ibm/cognos/analytics/wlp/usr/servers/cognosserver/workarea

Log tools

There's a nice Windows tool available that is available in the Windows versions of cognos, at \bin\logviewV2.exe.

I use a local ELK stack running in Docker. I will post the Grok patterns to Github soon.

BI Filter

For this error, try again in an incognito tab.

Error 404: javax.servlet.ServletException: Filter [BIFilter]: com.ibm.bi.platform.commons.web.filters.BIFilter was found, but is corrupt:

On DB2

Make sure db2 is running:

db2_ps

Check the db2 logs:

db2diag | less

To clear database inconsistency, the following has worked on occasion but may be destructive:

db2_ps # make sure no instances are running
su - db2inst1
ipclean
exit
systemctl start db2inst1
db2_ps # service should now be running

AAA-AUT-0013

AAA-AUT-0013 The user is already authenticated in all available namespaces.

Make sure that manage_ldaps_cert_db is true and configured correctly. See the above section on TLS.

Also, try checking for more info in /var/log/cognos/common/cogconfig_response.csv.