Checklist Installation
The purpose of this document is to list common steps needed to install a Convier instance up until the creation of a project.
- Obtain credentials for the Convier Docker registry (contact support@convier.com).
- Determine the URL of the instance (e.g.,
https://convier.acme.com/convier).- The URL is later referred to as
public_url. - It must end with
/convier. - The OIDC provider will require the URL to start with HTTPS and have a valid certificate.
- The URL is later referred to as
- Create an OIDC client (e.g., Enterprise Application / App Registration in Azure).
- Assign appropriate permissions (e.g.,
openid profile offline_access). - Copy
client_id,client_secret, andopenid-configurationURL.- In Azure, the URL looks like this:
https://login.microsoftonline.com/<tenant_id>/v2.0/.well-known/openid-configuration
- In Azure, the URL looks like this:
- Add
public_urlas an accepted redirect URL for login. - Create roles
Task.ManageandTask.Read, and assign users and groups to appropriate roles (users who will create projects and configure data collection and reporting should haveTask.Manage). Make sure to activateAssignment required.
- Assign appropriate permissions (e.g.,
- Create an App Service or Virtual Machine.
- Check network/firewall configuration to:
- Enable users to reach the service through the browser.
- Enable the installation to communicate with the OIDC provider to authenticate users.
- Prevent external access.
- If using a Virtual Machine, obtain a valid SSL certificate for the URL, encode it as PKCS#12, and add the entire chain as an environment variable called
CERTBOT_FULL_CERT_CONTENT.- If using an App Service, the certificate is managed by Azure.
- Enter Docker info:
- Platform: Linux.
- Docker repo:
https://convier.azurecr.io. - Obtained username and password.
- Image:
convier:release
- With local (default) configuration, Convier does not support redundancy, make sure instance count is 1, or configure a central database connection (
JDBC_CONNECTION_STRING)
- Check network/firewall configuration to:
- Enable audit logging.
- Configure the application.
- Consider whether to store the configuration locally or in a database server.
- If using an external database, prepare values for configuration variables:
JDBC_CONNECTION_STRINGJDBC_USERNAMEJDBC_PASSWORD
- If using an external database, prepare values for configuration variables:
- See App Service Configuration for other required configuration.
- Consider whether to store the configuration locally or in a database server.
- Consider enabling the sending of telemetry data to Convier.
- Consider enabling report storage.
- Start or restart the App Service or Virtual Machine.
- Go to
public_urland verify that you can log in and see an empty project list.