Installation and Configuration of Diagrams
Prerequisites
- archive with the
smartMonitorDrawiomodule files for OpenSearch Dashboards - internet access
Search Anywhere Framework Module Installation Process
Installation on Search Anywhere Framework Dashboards servers is performed with the following command:
sudo -u opensearch /app/opensearch-dashboards/bin/opensearch-dashboards-plugin install file://<path to the module archive>
After installing the module, it is necessary to perform the actions listed in the article Plugin Management.
Draw.io Installation Process
To use Diagrams, you need to install and connect the draw.io web application.
This article provides an example of deployment via Tomcat.
Installing Java and Tomcat
To use Tomcat, you must first install Java, then install and start Tomcat:
sudo apt update
sudo apt install -y openjdk-17-jre tomcat10
sudo apt install tomcat10
systemctl enable tomcat10
systemctl start tomcat10
By default, Tomcat uses port 8080. If necessary, the port can be changed in the server configuration file server.xml:
/etc/tomcat10/server.xml
Installing Draw.io
To install draw.io, follow these steps:
- Download the web application archive (WAR file) using any convenient method
- Place the downloaded WAR file in the Tomcat deployment directory (e.g.
/var/lib/tomcat10/webapps/)
sudo cd /<convenient directory>
sudo wget https://github.com/jgraph/drawio/releases/latest/download/draw.war
sudo mv ./draw.war ./drawio.war
sudo cp ./drawio.war /var/lib/tomcat10/webapps/
After this, Tomcat will automatically deploy the application. It will become available at: http://<<host-ip-address>:8080/drawio
HTTPS Configuration
For diagrams to work correctly, draw.io must be accessible via a secure connection (HTTPS). To do this, you need to configure an SSL certificate.
This article describes configuration based on Search Anywhere Framework self-signed certificates.
Configuration Steps:
- Generate a key and CSR:
sudo cd /<convenient directory>
sudo openssl genrsa -out drawio.key 2048
sudo openssl req -new -key drawio.key -out drawio.csr -subj "/CN=<any domain name>"
- Configure the SAN file:
sudo cat > san.cnf <<'EOF'
subjectAltName = DNS:<domain name>,IP:<host-ip-address>
extendedKeyUsage = serverAuth
keyUsage = digitalSignature, keyEncipherment
EOF
- Sign the certificate with a Certificate Authority (CA):
sudo openssl x509 -req -in drawio.csr -CA /<path to ca>/ca-cert.pem -CAkey /<path to ca>/ca-key.pem -CAcreateserial -out drawio.crt -days 825 -sha256 -extfile san.cnf
- Configure Keystore (PKCS12) for Tomcat:
sudo openssl pkcs12 -export -in drawio.crt -inkey drawio.key -certfile /<path to ca>/ca-cert.pem -out drawio.p12 -name tomcat -passout pass:<any keystore password>
- Configure Tomcat to use the created keystore:
sudo mkdir -p /etc/tomcat10/ssl
sudo cp drawio.p12 /etc/tomcat10/ssl/drawio.p12
sudo chown tomcat:tomcat /etc/tomcat10/ssl/drawio.p12
sudo chmod 600 /etc/tomcat10/ssl/drawio.p12
Enabling HTTPS in Tomcat
To enable HTTPS in Tomcat, modify the <Connector> parameter in the server configuration file /etc/tomcat10/server.xml inside the <Service> tag::
<Connector port="<any convenient port>"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
maxThreads="200">
<SSLHostConfig>
<Certificate
certificateKeystoreFile="/etc/tomcat10/ssl/drawio.p12"
certificateKeystorePassword="<keystore password>"
certificateKeystoreType="PKCS12"/>
</SSLHostConfig>
</Connector>
After changing the configuration, restart Tomcat:
systemctl restart tomcat10
Upon successful configuration, draw.io will be accessible at: https://<host-ip-address|assigned domain name>:<port specified in Connector>/drawio.
When using a self-signed certificate (as in the example above), before starting work, you must once go to the direct draw.io address in your browser and confirm trust in the certificate.
Connecting Draw.io to Search Anywhere Framework Dashboards
To connect draw.io to Search Anywhere Frameworkr Dashboards, add the following parameter to the configuration file /<path to SAFD>/config/opensearch-dashboards.yml:
smart_monitor.drawIoUri: "https://host ip|chosen domain name>:<chosen port>"
And restart the service:
sudo systemctl restart opensearch-dashboards