Installs and configures Cognos.

John Puskar



4,713 latest version

4.6 quality score

Version information

  • 0.1.8 (latest)
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Jun 10th 2017
This version is compatible with:
  • RedHat

Start using this module


jpuskar/cognos — version 0.1.8 Jun 10th 2017


Table of Contents

  1. Description
  2. Setup - The basics of getting started with cognos
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module


This module installs and configures a basic cognos server using db2.


Setup Requirements

  • The cognos install binary must be pre-staged and the parameters named installer_source_dir and installer_filename configured.
  • DB2 must already be installed*, and the cognos class parameters db2_install_path, db2_service_name, and db2_instance_user must be correct. See init.pp for the defaults.

*Note: the provided Vagrantfile will install db2 using the jpuskar-db2 module. See the heading below labeled 'Development'.


class {'cognos':
  cognos_user_password    => 'mypass',
  cognos_db_user_password => 'mypass',
  cog_users_password_salt => 'random phrase',
  installer_source_dir    => '/root',
  installer_filename      => 'ca_srv_lnxi38664_11.0.5.16111917.bin',


For IPA Authentication

The Cognos certificate database can be managed with this module.

  1. Stage the LDAP server's LDAPS public certificate on the target node.
  2. Use the following pattern for the ldaps_public_certs_to_trust parameter.
$cert_db_path = '/opt/ibm/cognos/analytics/configuration'
$ldaps_public_certs_to_trust = [
    source_file  => '/etc/pki/ca-trust/source/anchors/ipa_root_cert_pub.pem',
    cert_db_path => $cert_db_path,
    source_file  => '/etc/pki/ca-trust/source/anchors/ipa_dc1_cert_pub.pem',
    cert_db_path => $cert_db_path,

class {'cognos':
  cognos_user_password        => 'mypass',
  cognos_db_user_password     => 'mypass',
  cog_users_password_salt     => 'random phrase',
  installer_source_dir        => '/root',
  installer_filename          => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
  ldaps_public_certs_to_trust => $ldaps_public_certs_to_trust,
  manage_ldaps_cert_db        => true,

For Web

I recommend using nginx in front of Cognos for TLS/SSL. However, it's important to note that if you want to use Webdav with Cognos using Nginx, on Centos this will require re-compiling nginx with webdav support.

Example manifest:

include '::selinux'

file {'/etc/pki/tls/certs/':
  ensure  => 'present',
  content => 'contents_of_cert_file',

file {'/etc/pki/tls/certs/':
  ensure  => 'present',
  content => 'contents_of_cert_file',

class {'::nginx': }
~> class {'cognos':
  cognos_user_password            => 'mypass',
  cognos_db_user_password         => 'mypass',
  cog_users_password_salt         => 'random phrase',
  installer_source_dir            => '/root',
  installer_filename              => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
  firewall_firewall_ports_to_open => [80, 443],
  gateway                         => "https://${::fqdn}:443/bi/v1/disp",

selinux::boolean {'httpd_can_network_connect':
  ensure => 'on',

selinux::boolean {'httpd_setrlimit':
  ensure => 'on',

With the following hiera:

      - "%{::fqdn}"
    ssl:                  true
    listen_ip:            "%{::networking.ip}"
    ssl_cert:             '/etc/pki/tls/certs/'
    ssl_key:              '/etc/pki/tls/private/'
    use_default_location: false
    rewrite_to_https:     true
    index_files:          []
    location:             '/'
    vhost:                'cognos'
    ssl:                  true
    ssl_only:             true
    proxy:                ""
      - 'X-Forwarded-Proto $scheme'
      - 'Host              $host'
      - 'X-Forwarded-For   $proxy_add_x_forwarded_for'


Class parameters


Configures authentication providers. For the full set of provider_config parameters, see the class cognos::config::auth_provider::ipa.

Example from a manifest:

$auth_providers => {
  'ipa_1' => {
    provider        => 'ipa',
    provider_config => {
      base_dn       => 'my_base_dn',
      bind_username => 'my_bind_user',
      bind_password => 'my_bind_pwd',
      host_port     => 'my_dc.ipa.example',

class {'cognos':
  cognos_user_password    => 'mypass',
  cognos_db_user_password => 'mypass',
  cog_users_password_salt => 'random phrase',
  installer_source_dir    => '/root',
  installer_filename      => 'ca_srv_lnxi38664_11.0.5.16111917.bin',
  auth_provider_config    => $auth_providers,

Example from hiera:

    provider: 'ipa'
      base_dn: 'my_base_dn'
      bind_username: 'my_bind_user'
      bind_password: 'my_bind_pwd'
      host_port: 'my_dc.ipa.example'

Please see the individual manifest files for additional parameters.


This module has only been tested with:

  • Cognos 11.0.5 using DB2 Express V10.1 on Centos 7.3.
  • Cognos 11.0.6 using DB2 Express V10.1 on Centos 7.3.

In addition, it currently does not support:

  • Content Managers other than DB2 running on localhost.
  • Multiple servers / tires.
  • Authentication providers other than IPA via LDAP.


This module includes a Vagrantfile for easy testing.

Steps to get started:

  1. Install vagrant.
  2. Install virtualbox.
  3. Clone this repo.
  4. Stage the Cognos and DB2 binares.
  5. Run vagrant up in a terminal window from the root of the repo.

Staging the binaries

The Cognos installer file must reside in ./puppet-cognos/vagrant and the db2 installer must be extracted.

The folder structure must look like the following:



Service logs

Systemd will write the output of to /var/log/messages. To see what's going on, do this:

tail -f /var/log/messages

Cognos writes logs in many locations, but some good ones to start with are:


Occasionally, logs will show up in:


Log tools

There's a nice Windows tool available that is available in the Windows versions of cognos, at \bin\logviewV2.exe.

I use a local ELK stack running in Docker. I will post the Grok patterns to Github soon.

BI Filter

For this error, try again in an incognito tab.

Error 404: javax.servlet.ServletException: Filter [BIFilter]: was found, but is corrupt:

On DB2

Make sure db2 is running:


Check the db2 logs:

db2diag | less

To clear database inconsistency, the following has worked on occasion but may be destructive:

db2_ps # make sure no instances are running
su - db2inst1
systemctl start db2inst1
db2_ps # service should now be running


AAA-AUT-0013 The user is already authenticated in all available namespaces.

Make sure that manage_ldaps_cert_db is true and configured correctly. See the above section on TLS.

Also, try checking for more info in /var/log/cognos/common/cogconfig_response.csv.