Lingoport Wiki - User contributions [en]

File:Job lrm advanced bit.png

2026-04-03T18:07:57Z

Masnes:

Introduction

2026-04-02T23:51:34Z

Masnes: /* Lingoport - Overview */

= Lingoport - Overview =
Lingoport provides products and services which help our clients continuously meet [https://lingoport.com/what-is-i18n/ internationalization] and ongoing localization challenges relating to software development and active globalization.

For more information about internationalization: https://lingoport.com/what-is-i18n/

The Lingoport Products help software engineering teams with the [[Terms_and_Definitions#globalization|globalization]] tasks:
* Automatically find and manage [[Terms_and_Definitions#internationalization|internationalization]] issues and [[Terms_and_Definitions#localization|localization]] changes in your source code and [[Terms_and_Definitions#repository|repositories]] for a wide variety of programming languages.
* Integrate with [[Terms_and_Definitions#TMS|translation management systems]] and [[Terms_and_Definitions#localization|localization]] vendors for rapid [[Terms_and_Definitions#globalization|globalization]] development, testing and deployment.
* Verify translations in an efficient, process-driven manner.
* Works behind your firewall keeping your source code secure.

===Contact Information:===
Phone: +1 303-444-8020

Email: info at Lingoport.com

Lingoport, Inc.

== Services ==
Lingoport has been providing software [http://www.lingoport.com/software-internationalization-services/ internationalization (i18n) consulting services] since the company's inception in 2001.

These services include:
* '''I18n Analysis''' - plan for new i18n projects, or gap analysis for mitigating i18n issues. A Lingoport architect and supporting team members clarify i18n business, technical and resource requirements based on market requirements, development discussions, programming technologies and Globalyzer scanning results.
* '''I18n Implementation''' - Lingoport provides i18n development teams that can work in a hybrid approach, collaborating with client teams, as well as in turnkey fashion.
* '''General i18n Consulting and Custom Projects''' - Sometimes specific problem solving or i18n bug fixing is needed. Lingoport can fulfill that resource need, working in coordination with your teams.
* '''Process Customization''' - Any Lingoport product purchase includes consulting time to customize and optimize the Lingoport product suite for the customer.

== Lingoport Products ==
[[File:Lingoport Products Overview.JPG|700px|center]]

The Lingoport products support the continuous globalization process, from the code repository to the translation vendors and back.

'''[[About Globalyzer | Globalyzer]]''' – Supports individuals and entire development teams in finding, fixing and maintaining internationalization issues in code in a broad list of programming languages. (More information at [http://lingoport.com/globalyzer Lingoport.com/Globalyzer]).

'''[[About Localyzer | Localyzer]]''' – Provides simplified resource file management, verification and translation updating. Localyzer helps development and localization teams keep up with initial and ongoing application interface resources, their translation and automated re-insertion into product builds. (More information at [https://lingoport.com/software-internationalization-products/localyzer-localization-automation/ Lingoport.com/Localyzer]).
* '''Machine Translation''' - Lingoport Supports several popular machine translation vendors as part of the continuous globalization and localization process.
** [https://aws.amazon.com/translate/ AWS Translate]
** [https://www.systransoft.com/systran/translation-technology/neural-machine-translation-nmt/ Systran]
** [https://cloud.google.com/translate Google Translate]
** [https://www.microsoft.com/en-us/translator/ Microsoft Translator]
* '''Translation Management Systems(TMS)''': Lingoport Localyzer is integrated with leading TMS platforms for a fully automated process from code repository to translator and back.

'''[[LocalyzerQA | LocalyzerQA]]''' - A simplified way to perform linguistic review and verify and correct translation issues as part of the continuous globalization process.

'''Express Suite'''- uses the Lingoport software suite and integrates core capabilities with GitHub to bring developers instant access to languages, all integrated with the way they already work. Linguistic review is done in context, for accuracy and application specific terminology.
* [[Globalyzer i18n Express |Globalyzer i18n Express]]- Globalyzer i18n Express is a GitHub application which scans the added and modified files checked in on a GitHub commit, looking for i18n issues. The committed files are scanned with default rule sets. Files checked in will be scanned and a summary will be added as a comment to the commit in GitHub.
* [[Localyzer Express |Localyzer Express]] - Localyzer Express is a GitHub application which allows for a near immediate machine translation of standard application resource files. Resource files are used by internationalized applications to display user facing strings (such as user interface labels) in different locales (languages, country, variant). As an example, messages.properties, an English resource file, can be translated in French and Japanese, respectively messages_fr.properties and messages_ja.properties.
* [[LocalyzerQA | LocalyzerQA]] - A simplified way to perform linguistic review in a running application and verify and correct translation issues as part of the continuous globalization process. When paired with [[Localyzer Express |Localyzer Express]], it allows for an ''always-on'' machine translation followed by linguistic review in the context of the running application.

== Command Center ==

[[File:IntroductionSignIn.jpg|600px|center]]

'''Command Center''' is the hub of the Lingoport products. See it all, drill down, create notifications and manage the process. Bridge gaps between localization & development. Increase visibility and track globalization metrics.

With Command Center, Globalyzer and Localyzer projects can be created and managed together with their data source repositories and the translation management systems. It has been designed to make it easy to manage globalization and localization within an organization by administrators, managers, developers and translators.

[[File:CCProjects.jpg|600px|center]]

==== Additional Specialized Applications ====
In addition to the product suite, Lingoport has several integrated components to create and maintain software
for any language or cultural format in every release increment :

* '''IDE (Integrated Development Environment) Integration''': Developers can identify and fix globalization and localization issues in real time.
* '''LingoBot''' : Slack and Microsoft Teams system integration
Together with the products and assorted specialized applications, Lingoport enables continuous tracking and updates to the [[Terms_and_Definitions#internationalization|internationalization]] and [[Terms_and_Definitions#localization|localization]] status of software products.

=The Continuous Globalization Process =

* The process starts with the code repository. Developers check in code.
* Command Center is where both Globalyzer and Localyzer application work side by side
** Globalyzer reports the globalization issues to be corrected in the code.
** Localyzer is used to:
*** set up the locales to translate to
*** identify the resource file types
*** set up the translation vendor, the TMS (translation management system), or the machine translation engine.
* Globalyzer can be used to create the resource files and push them to the code repository.
* Globalyzer and Localyzer analyses are executed from Command Center. The resource files are identified and what needs to be sent to be translated. If a translation vendor is machine translation, then the Localyzer job automatically does the translation, and pushes the translated files back to the code repository.
* The Command Center Localyzer page has a button to send identified files to the translation vendor. Localyzer automatically checks for returned files, imports them and push the files back to the repository.
* During the Linguistic Review process, LingoportQA uses a special locale with identifier keys that can be used to indicate which terms need to be corrected. LingoportQA submits the change.
** For machine translation Localyzer projects, the code is fixed and the new strings is pushed to the repo.
** For TMS projects, an additional approval step is done, the files are imported and pushed to the repo.

=Lingoport Product Details=
==Globalyzer==
Scans code and detects internationalization (i18n) issues

* Connects to the Globalyzer server and logs in. (This might not happen if local rule sets are used)
* Downloads rule sets from server, or uses local rulesets.
* Uses rule set to scan code.
* Displays the i18n issues.
* Can run on developer machines in an Integrated Development Environment
* Runs on the Continuous Globalization System - these results are displayed on Lingoport Dashboard

Lingoport's Globalyzer scans source code for [[Terms_and_Definitions#internationalization|internationalization]] issues. It uses sets of regular expression based rules [[Terms_and_Definitions#ruleset|('rule sets')]] on tokens found by lexers/parsers to detect these issues and to filter false positives. These rule sets are synced and stored on a single server, and may be downloaded onto numerous client applications which perform the source code scans. Please note that the rule sets are only lists of regular expressions, and do not contain any code.

Client applications include an [[Terms_and_Definitions#IDE|IDE]] tool ([[Terms_and_Definitions#GlobalyzerIDE|"Globalyzer in IDE"]]), a desktop client ([[Terms_and_Definitions#GlobalyzerWorkbench|"Globalyzer Workbench"]]), command line clients ([[Terms_and_Definitions#GlobalyzerCommandLine|"Globalyzer CLI"]] and [[Terms_and_Definitions#GlobalyzerLite|"Globalyzer Lite"]]), and an [[Terms_and_Definitions#GlobalyzerAPI|API]] that may be used to construct custom programs including Globalyzer code scanning functionality. Client applications may produce scan results in XML, CSV, HTML and Excel formats. Results are also consumed by the Lingoport Dashboard to be analyzed and displayed. The desktop client may also be used to view the results directly. It may be used to scan files that developers are working on, and will display the scan results in the IDEs console output window.

Globalyzer Server - allows development teams around the world to share and collaborate together using high powered [[Terms_and_Definitions#internationalization|internationalization]] [[Terms_and_Definitions#ruleset|rule sets]] during scanning of code. Development Teams can set up their own server, or use Lingoport's Globalyzer Server to set up users and rule sets.

Globalyzer Clients
*Globalyzer Lite in IDE - It is ideal for [[Terms_and_Definitions#scan|scanning]] code for internationalization issues on the fly and generating corresponding reports. It does not require an external database. Globalyzer Lite parses and executes Globalyzer Lite Project Definition XML files. Globalyzer Lite in IDE can be incorporated into developers' IDE platforms for a true continuous improvement and development system.
*Globalyzer Workbench - provides a fully functional code analysis and editing environment for finding, fixing, testing and reporting on internationalization issues in a wide variety of programming languages. Globalyzer Workbench runs as a stand-alone desktop editor in an Eclipse Environment.
** Creates the Project Definition XML files.
** Sets up the Machine Learning environment.
** Updates Rule Sets on the server and exports them to the local clients.
** Creates the resource files to be used by Localyzer .

*Globalyzer Command Line - create automated [[Terms_and_Definitions#scan|Globalyzer scans]] as part of your [[Terms_and_Definitions#ContinuousIntegration|continuous integration]] so that you can report and track internationalization issues over time. There is also a Globalyzer Ant Client, Maven Client and XSL Client.

*Globalyzer API - allows you to create [[Terms_and_Definitions#Globalyzerprojects|Globalyzer projects]] and [[Terms_and_Definitions#scan|scans]], execute scans, and generate reports from a Java program.

==Localyzer (formerly LRM) ==
Localyzer manages [[Terms_and_Definitions#resourcefiles|resource files]], which contain application text as key-value pairs (the keys are used in the application to retrieve the associated text). Resource files are typically translated across languages as part of the [[Terms_and_Definitions#localization|localization]] process. Localyzer is used to determine the translation status of these resource files using a MySQL database. It also automates the process of sending text out to [[Terms_and_Definitions#translationvendor|translation vendors]] when changes are made to be base (usually English) application text.

Localyzer also performs various checks regarding the resource files. These checks include confirmation of file integrity, detection of duplicate or missing keys, and numerous other validations. When a translation vendor returns translated text for these resource files, Localyzer will detect the new content and perform its validations. If the validations pass then Localyzer will merge the new translations into appropriate resource files and check these in to source control. The check-in is typically done on a dedicated localization branch.

==InContext Translation ==
Used by translators, resource files are instrumented as they are sent to [[Terms_and_Definitions#TMS|translation management systems]] so that they can see the string in the application and its context in order to translate more effectively.

==InContext QA==
The translation reviewer can easily select instrumented resources in an application, identify poor translations, and give suggestions for making improvements. InContext QA greatly improves the translation quality assurance process and can be a vital part of the continuous improvement environment.

==Lingoport Dashboard==
The Lingoport Dashboard displays the [[Terms_and_Definitions#internationalization|internationalization]] and [[Terms_and_Definitions#localization|localization]] status of software projects. The Lingoport Dashboard scans source code and reads in XML reports generated by Globalyzer and Localyzer. It then sends the information to the web server built on the [[Terms_and_Definitions#SonarQube|SonarQube]] platform and displays the information in an easy to digest fashion. This information includes all detected internationalization issues, which may be viewed in source code - with the affected line(s) highlighted. The translation status, translation history, and current translation efforts for projects are also displayed.

== Services used by Lingoport products ==
To check on services used by the Lingoport processes:
*incontext-server.service
*lingoport-lingobot.service
*localyzerqa-server.service

As the sudo user, these can be checked with the command:
sudo systemctl status <service name>

The services can be started with:
sudo systemctl start <service name>

The services can be stopped with:
sudo systemctl stop <service name>

Introduction

2026-04-02T23:51:25Z

Masnes: /* Lingoport - Overview */

= Lingoport - Overview =
Test edit
Lingoport provides products and services which help our clients continuously meet [https://lingoport.com/what-is-i18n/ internationalization] and ongoing localization challenges relating to software development and active globalization.

For more information about internationalization: https://lingoport.com/what-is-i18n/

The Lingoport Products help software engineering teams with the [[Terms_and_Definitions#globalization|globalization]] tasks:
* Automatically find and manage [[Terms_and_Definitions#internationalization|internationalization]] issues and [[Terms_and_Definitions#localization|localization]] changes in your source code and [[Terms_and_Definitions#repository|repositories]] for a wide variety of programming languages.
* Integrate with [[Terms_and_Definitions#TMS|translation management systems]] and [[Terms_and_Definitions#localization|localization]] vendors for rapid [[Terms_and_Definitions#globalization|globalization]] development, testing and deployment.
* Verify translations in an efficient, process-driven manner.
* Works behind your firewall keeping your source code secure.

===Contact Information:===
Phone: +1 303-444-8020

Email: info at Lingoport.com

Lingoport, Inc.

== Services ==
Lingoport has been providing software [http://www.lingoport.com/software-internationalization-services/ internationalization (i18n) consulting services] since the company's inception in 2001.

These services include:
* '''I18n Analysis''' - plan for new i18n projects, or gap analysis for mitigating i18n issues. A Lingoport architect and supporting team members clarify i18n business, technical and resource requirements based on market requirements, development discussions, programming technologies and Globalyzer scanning results.
* '''I18n Implementation''' - Lingoport provides i18n development teams that can work in a hybrid approach, collaborating with client teams, as well as in turnkey fashion.
* '''General i18n Consulting and Custom Projects''' - Sometimes specific problem solving or i18n bug fixing is needed. Lingoport can fulfill that resource need, working in coordination with your teams.
* '''Process Customization''' - Any Lingoport product purchase includes consulting time to customize and optimize the Lingoport product suite for the customer.

== Lingoport Products ==
[[File:Lingoport Products Overview.JPG|700px|center]]

The Lingoport products support the continuous globalization process, from the code repository to the translation vendors and back.

'''[[About Globalyzer | Globalyzer]]''' – Supports individuals and entire development teams in finding, fixing and maintaining internationalization issues in code in a broad list of programming languages. (More information at [http://lingoport.com/globalyzer Lingoport.com/Globalyzer]).

'''[[About Localyzer | Localyzer]]''' – Provides simplified resource file management, verification and translation updating. Localyzer helps development and localization teams keep up with initial and ongoing application interface resources, their translation and automated re-insertion into product builds. (More information at [https://lingoport.com/software-internationalization-products/localyzer-localization-automation/ Lingoport.com/Localyzer]).
* '''Machine Translation''' - Lingoport Supports several popular machine translation vendors as part of the continuous globalization and localization process.
** [https://aws.amazon.com/translate/ AWS Translate]
** [https://www.systransoft.com/systran/translation-technology/neural-machine-translation-nmt/ Systran]
** [https://cloud.google.com/translate Google Translate]
** [https://www.microsoft.com/en-us/translator/ Microsoft Translator]
* '''Translation Management Systems(TMS)''': Lingoport Localyzer is integrated with leading TMS platforms for a fully automated process from code repository to translator and back.

'''[[LocalyzerQA | LocalyzerQA]]''' - A simplified way to perform linguistic review and verify and correct translation issues as part of the continuous globalization process.

'''Express Suite'''- uses the Lingoport software suite and integrates core capabilities with GitHub to bring developers instant access to languages, all integrated with the way they already work. Linguistic review is done in context, for accuracy and application specific terminology.
* [[Globalyzer i18n Express |Globalyzer i18n Express]]- Globalyzer i18n Express is a GitHub application which scans the added and modified files checked in on a GitHub commit, looking for i18n issues. The committed files are scanned with default rule sets. Files checked in will be scanned and a summary will be added as a comment to the commit in GitHub.
* [[Localyzer Express |Localyzer Express]] - Localyzer Express is a GitHub application which allows for a near immediate machine translation of standard application resource files. Resource files are used by internationalized applications to display user facing strings (such as user interface labels) in different locales (languages, country, variant). As an example, messages.properties, an English resource file, can be translated in French and Japanese, respectively messages_fr.properties and messages_ja.properties.
* [[LocalyzerQA | LocalyzerQA]] - A simplified way to perform linguistic review in a running application and verify and correct translation issues as part of the continuous globalization process. When paired with [[Localyzer Express |Localyzer Express]], it allows for an ''always-on'' machine translation followed by linguistic review in the context of the running application.

== Command Center ==

[[File:IntroductionSignIn.jpg|600px|center]]

'''Command Center''' is the hub of the Lingoport products. See it all, drill down, create notifications and manage the process. Bridge gaps between localization & development. Increase visibility and track globalization metrics.

With Command Center, Globalyzer and Localyzer projects can be created and managed together with their data source repositories and the translation management systems. It has been designed to make it easy to manage globalization and localization within an organization by administrators, managers, developers and translators.

[[File:CCProjects.jpg|600px|center]]

==== Additional Specialized Applications ====
In addition to the product suite, Lingoport has several integrated components to create and maintain software
for any language or cultural format in every release increment :

* '''IDE (Integrated Development Environment) Integration''': Developers can identify and fix globalization and localization issues in real time.
* '''LingoBot''' : Slack and Microsoft Teams system integration
Together with the products and assorted specialized applications, Lingoport enables continuous tracking and updates to the [[Terms_and_Definitions#internationalization|internationalization]] and [[Terms_and_Definitions#localization|localization]] status of software products.

=The Continuous Globalization Process =

* The process starts with the code repository. Developers check in code.
* Command Center is where both Globalyzer and Localyzer application work side by side
** Globalyzer reports the globalization issues to be corrected in the code.
** Localyzer is used to:
*** set up the locales to translate to
*** identify the resource file types
*** set up the translation vendor, the TMS (translation management system), or the machine translation engine.
* Globalyzer can be used to create the resource files and push them to the code repository.
* Globalyzer and Localyzer analyses are executed from Command Center. The resource files are identified and what needs to be sent to be translated. If a translation vendor is machine translation, then the Localyzer job automatically does the translation, and pushes the translated files back to the code repository.
* The Command Center Localyzer page has a button to send identified files to the translation vendor. Localyzer automatically checks for returned files, imports them and push the files back to the repository.
* During the Linguistic Review process, LingoportQA uses a special locale with identifier keys that can be used to indicate which terms need to be corrected. LingoportQA submits the change.
** For machine translation Localyzer projects, the code is fixed and the new strings is pushed to the repo.
** For TMS projects, an additional approval step is done, the files are imported and pushed to the repo.

=Lingoport Product Details=
==Globalyzer==
Scans code and detects internationalization (i18n) issues

* Connects to the Globalyzer server and logs in. (This might not happen if local rule sets are used)
* Downloads rule sets from server, or uses local rulesets.
* Uses rule set to scan code.
* Displays the i18n issues.
* Can run on developer machines in an Integrated Development Environment
* Runs on the Continuous Globalization System - these results are displayed on Lingoport Dashboard

Lingoport's Globalyzer scans source code for [[Terms_and_Definitions#internationalization|internationalization]] issues. It uses sets of regular expression based rules [[Terms_and_Definitions#ruleset|('rule sets')]] on tokens found by lexers/parsers to detect these issues and to filter false positives. These rule sets are synced and stored on a single server, and may be downloaded onto numerous client applications which perform the source code scans. Please note that the rule sets are only lists of regular expressions, and do not contain any code.

Client applications include an [[Terms_and_Definitions#IDE|IDE]] tool ([[Terms_and_Definitions#GlobalyzerIDE|"Globalyzer in IDE"]]), a desktop client ([[Terms_and_Definitions#GlobalyzerWorkbench|"Globalyzer Workbench"]]), command line clients ([[Terms_and_Definitions#GlobalyzerCommandLine|"Globalyzer CLI"]] and [[Terms_and_Definitions#GlobalyzerLite|"Globalyzer Lite"]]), and an [[Terms_and_Definitions#GlobalyzerAPI|API]] that may be used to construct custom programs including Globalyzer code scanning functionality. Client applications may produce scan results in XML, CSV, HTML and Excel formats. Results are also consumed by the Lingoport Dashboard to be analyzed and displayed. The desktop client may also be used to view the results directly. It may be used to scan files that developers are working on, and will display the scan results in the IDEs console output window.

Globalyzer Server - allows development teams around the world to share and collaborate together using high powered [[Terms_and_Definitions#internationalization|internationalization]] [[Terms_and_Definitions#ruleset|rule sets]] during scanning of code. Development Teams can set up their own server, or use Lingoport's Globalyzer Server to set up users and rule sets.

Globalyzer Clients
*Globalyzer Lite in IDE - It is ideal for [[Terms_and_Definitions#scan|scanning]] code for internationalization issues on the fly and generating corresponding reports. It does not require an external database. Globalyzer Lite parses and executes Globalyzer Lite Project Definition XML files. Globalyzer Lite in IDE can be incorporated into developers' IDE platforms for a true continuous improvement and development system.
*Globalyzer Workbench - provides a fully functional code analysis and editing environment for finding, fixing, testing and reporting on internationalization issues in a wide variety of programming languages. Globalyzer Workbench runs as a stand-alone desktop editor in an Eclipse Environment.
** Creates the Project Definition XML files.
** Sets up the Machine Learning environment.
** Updates Rule Sets on the server and exports them to the local clients.
** Creates the resource files to be used by Localyzer .

*Globalyzer Command Line - create automated [[Terms_and_Definitions#scan|Globalyzer scans]] as part of your [[Terms_and_Definitions#ContinuousIntegration|continuous integration]] so that you can report and track internationalization issues over time. There is also a Globalyzer Ant Client, Maven Client and XSL Client.

*Globalyzer API - allows you to create [[Terms_and_Definitions#Globalyzerprojects|Globalyzer projects]] and [[Terms_and_Definitions#scan|scans]], execute scans, and generate reports from a Java program.

==Localyzer (formerly LRM) ==
Localyzer manages [[Terms_and_Definitions#resourcefiles|resource files]], which contain application text as key-value pairs (the keys are used in the application to retrieve the associated text). Resource files are typically translated across languages as part of the [[Terms_and_Definitions#localization|localization]] process. Localyzer is used to determine the translation status of these resource files using a MySQL database. It also automates the process of sending text out to [[Terms_and_Definitions#translationvendor|translation vendors]] when changes are made to be base (usually English) application text.

Localyzer also performs various checks regarding the resource files. These checks include confirmation of file integrity, detection of duplicate or missing keys, and numerous other validations. When a translation vendor returns translated text for these resource files, Localyzer will detect the new content and perform its validations. If the validations pass then Localyzer will merge the new translations into appropriate resource files and check these in to source control. The check-in is typically done on a dedicated localization branch.

==InContext Translation ==
Used by translators, resource files are instrumented as they are sent to [[Terms_and_Definitions#TMS|translation management systems]] so that they can see the string in the application and its context in order to translate more effectively.

==InContext QA==
The translation reviewer can easily select instrumented resources in an application, identify poor translations, and give suggestions for making improvements. InContext QA greatly improves the translation quality assurance process and can be a vital part of the continuous improvement environment.

==Lingoport Dashboard==
The Lingoport Dashboard displays the [[Terms_and_Definitions#internationalization|internationalization]] and [[Terms_and_Definitions#localization|localization]] status of software projects. The Lingoport Dashboard scans source code and reads in XML reports generated by Globalyzer and Localyzer. It then sends the information to the web server built on the [[Terms_and_Definitions#SonarQube|SonarQube]] platform and displays the information in an easy to digest fashion. This information includes all detected internationalization issues, which may be viewed in source code - with the affected line(s) highlighted. The translation status, translation history, and current translation efforts for projects are also displayed.

== Services used by Lingoport products ==
To check on services used by the Lingoport processes:
*incontext-server.service
*lingoport-lingobot.service
*localyzerqa-server.service

As the sudo user, these can be checked with the command:
sudo systemctl status <service name>

The services can be started with:
sudo systemctl start <service name>

The services can be stopped with:
sudo systemctl stop <service name>

Globalyzer Server Installation

2025-11-21T17:47:52Z

Masnes: /* Set up install.conf */

= Pre-Requisites =
Before installing or updating the Globalyzer Server, please verify this section is complete.

== Introduction ==

Globalyzer Server is the central rules and configuration server for the Globalyzer static analysis clients.

* Globalyzer Clients (CLI, IDE plugins, or Globalyzer invoked from Command Center) connect to the Globalyzer Server to:
** Retrieve rule sets and scanning configurations
** Optionally upload scan metadata (depending on configuration)

Globalyzer Server can be hosted:

* By Lingoport in the cloud, or
* On-premises, under the customer’s control

This document describes deploying an **on-premises Globalyzer Server** using Docker and MySQL 8, with host directories mounted as Docker bind volumes.

=== Basic Deployment Diagram ===

At a high level:

* One or more **Globalyzer Clients** (developer workstations, CI servers, Command Center, etc.) connect to
* A **Globalyzer Server instance** (running in Docker on a Linux VM)
* The Globalyzer Server uses a dedicated **MySQL 8 database container** for its metadata and configuration

(For Command Center users: Command Center will typically run Globalyzer Client jobs and point them at the Globalyzer Server URL configured here.)

=== IT ===

When '''Lingoport hosts''' the Globalyzer Server, access from your environment (CI systems, developer machines, Command Center, etc.) to the hosted server must be arranged. Lingoport manages security, including which IP addresses or networks are allowed to connect.

When installing Globalyzer Server '''on premises''', the customer '''IT''' group is critical to a successful deployment. In particular, the IT team that sets up the Linux system must understand:

* That Docker will be used to run both MySQL 8 and the Globalyzer Server
* That Globalyzer Clients will connect to the Globalyzer Server URL
* Which users need access to the web UI and via which ports / DNS names

Lingoport recommends a brief meeting with the IT team '''before installation''' to confirm:

* Hardware and OS are ready
* Docker is installed and usable
* Firewall and DNS will allow access to the Globalyzer Server URL
* Outbound access to Docker Hub is available (alternatively a docker image snapshot may be provided over SFTP)

=== Requirements ===
Before installing Globalyzer Server, ensure the following:

* Hardware
* Linux
* Docker
* Firewall / Ports
* (Optional but recommended) HTTPS and HTTP/2

The next sections describe each of these points.

== Hardware & Software Requirements ==

The following sections describe the hardware and software requirements for Globalyzer Server.

Note that this section is specific to Globalyzer Server. Command Center has separate hardware requirements described on the [[Command_Center_Installation]] page.

=== Hardware Requirements ===

Typical minimums for a dedicated Globalyzer Server VM:

{| border="1" class="wikitable" style="width=50%"
! Element
! Required (minimum)
|-
! CPU
| 2 cores (4 preferred)
|-
! Memory
| 8 GB (16 GB preferred for larger teams)
|-
! Disk
| 100 GB (data growth depends on usage)
|}

The Globalyzer Server may:

* Be hosted by Lingoport
* Reside on its own VM
* Share a VM with other Lingoport components (for example, Command Center), provided hardware resources are sufficient

Other Linux and Windows machines may have Globalyzer Clients installed that connect to this server.

=== Software Requirements ===

Since this is a Docker-based installation:

* The Globalyzer Server application (Tomcat + Globalyzer) runs in a Docker container
* The MySQL 8 database runs in a separate Docker container
* Configuration and export directories are mounted as '''bind volumes''' on the Linux VM

This requires:

* A supported Linux distribution (see below)
* A working Docker installation (Engine + CLI)

=== Supported Browsers and Versions ===

The Globalyzer Server UI is accessed via a browser. The following browsers are supported:

* Chrome: 117+
* Edge: 117+
* Firefox: 71+

== Access and Ports / Firewall ==

Globalyzer Server needs to be accessible by:

* Lingoport and/or customer admins (for configuration, rule management, monitoring)
* Globalyzer Clients (CLI, IDE, Command Center, CI jobs, etc.)

=== Ports (Internal to company network) ===

{| border="1" class="wikitable" style="text-align:left; width=50%;"
! Services !! Ports !! Inbound (session) !! Outbound (session) !! Notes
|-
| SSH (for system config/maintenance) || 22 || Y || N || System configuration and maintenance on the Globalyzer Server VM.
|-
| Globalyzer Server (HTTP/HTTPS) || 8080 (HTTP) and/or 443 (HTTPS) || Y || N || Default 8080 (configurable via <code>install.conf</code>). HTTPS usually provided by a reverse proxy (e.g. Apache, Nginx) and an SSL certificate.
|-
| SMTP/SMTPS || 25 or 465 or 587 || N || Y || For email notifications from Globalyzer Server. Depends on corporate mail setup.
|-
| Globalyzer Clients → Globalyzer Server || 8080 or 443 || N || Y || Outbound from client machines / CI / Command Center to the Globalyzer Server URL.
|}

Note: MySQL runs in a Docker container on the same VM and is not typically exposed externally. All access is from the Globalyzer Server container.

==== External Access ====

{| border="1" class="wikitable" style="text-align:left; width=50%;"
! Services !! Ports !! Inbound !! Outbound !! Notes
|-
| Lingoport SSH access || 22 || Y || N || Optional but recommended for ease of upgrades and troubleshooting (if allowed by security policy).
|-
| RHEL/Alma/Ubuntu Packages || 80 (Debian) 443 (RHEL/others) || N || Y || Operating system package repositories (may be internal mirrors).
|-
| <code>hub.docker.com</code> || 80 and 443 || N || Y || Location of the <code>lingoport/gzserver</code> Docker image. Image snapshot may also be provided by Lingoport over SFTP as an alternative.
|}

== HTTPS ==

HTTPS is recommended but not strictly necessary for Globalyzer Server. Many customers choose to:

* Expose Globalyzer Server internally over HTTP (port 8080), and/or
* Place a reverse proxy (such as Apache or Nginx) in front of the container, terminating HTTPS on port 443.

If HTTPS is already standardized by your IT group, follow that process and simply point the HTTPS VirtualHost/ServerName to the Globalyzer Server container / port.

For an example configuration, see:
* [[ HTTPS configuration | HTTPS Configuration ]]

== Email Sender ==

Globalyzer Server can send notifications to users (for example, license warnings or other system emails) depending on configuration.

For email delivery, you will need the following information:

* SMTP host URL (such as <code>smtp.yourcompany.com</code>)
* Authorization method (SMTP, SMTPS, etc.)
* Sender email address (for example <code>globalyzer@customerdomain.com</code>)
* Sender password (this is the value placed in <code>email_password</code> in <code>install.conf</code>)

Additional email settings (such as host and port) may be configured in the Globalyzer server configuration. Coordinate with Lingoport support if you are unsure which values to use.

== Docker Install ==

Docker is the underlying platform used to run the Globalyzer Server and MySQL 8 containers.

The supported versions of Linux for Docker installation are:

* [[Installing Docker on RedHat Enterprise Linux 8 |RedHat Enterprise Linux 8]]
* [[Oracle Linux 8]]
* [[Installing Docker on Ubuntu 20.04|Ubuntu 20.04]]
* [[Installing_Docker_on_Amazon_Linux_2|Amazon Linux 2]] (EOL 2025-06)

Other Linux versions may work, but the above are the distributions and processes that have been verified.

== Credentials ==

Globalyzer Server manages its own user database and can also integrate with your directory service (LDAP) or SAML/SSO depending on license and version.

=== Globalyzer Server User Database ===

At installation time:

* A default administrator user is created (details provided by Lingoport support).
* It is strongly recommended to change the initial administrator password and store it securely.

From that admin account you can create additional Globalyzer Server users and manage roles.

=== LDAP Integration ===

Globalyzer Server can use your company’s LDAP directory for authentication and authorization. In this mode:

* Users log in with their LDAP username and password.
* If they are authenticated and belong to one of the configured Globalyzer LDAP groups (admin / manager / member), a Globalyzer account is created/updated using LDAP attributes.
* LDAP remains the source of truth for user lifecycle: when a user is removed from LDAP they can no longer access Globalyzer.

LDAP configuration involves:

* Enabling LDAP mode (environment variable <code>GZSERVER_LDAP_MODE=true</code> for the server process).
* Configuring the LDAP section in <code>GzserverConfig.groovy</code>, including:
** Mapping user attributes (first name, last name, email, phone, title, country, time zone) via <code>gzserver.ldap.ctx.*</code>.
** Mapping LDAP groups to Globalyzer roles via <code>gzserver.ldap.admin.groupName</code>, <code>gzserver.ldap.manager.groupName</code>, <code>gzserver.ldap.member.groupName</code>.
** Defining a “no access” message for users who authenticate but are not in any Globalyzer LDAP group.
** Configuring LDAP server connection properties, including:
*** LDAP server URL (for example <code>grails.plugin.springsecurity.ldap.context.server = 'ldap://ldap.example.com:389'</code>)
*** Manager DN and password used for LDAP binds
*** Base DNs and filters for user and group searches.

Passwords in <code>GzserverConfig.groovy</code> may be stored either in plain text or encrypted using the <code>globalyzer-encrypt-password.jar</code> utility distributed with the Globalyzer Server zip. See [[Globalyzer_Server_LDAP_Installation]] for detailed instructions and examples, including:

* Encrypted manager passwords
* A dedicated continuous integration (CI) user (for Globalyzer Lite / automated scans) configured via:
** <code>gzserver.ldap.ci_user</code>
** <code>gzserver.ldap.ci_password</code> (plain text or <code>ENC(...)</code>)
* How login behavior changes on LDAP servers (LDAP User / Password fields, removal of “Forgot password” link, restrictions on editing profiles, etc.)
* How to enable detailed LDAP debug logging using <code>logback-debug.groovy</code> and the <code>-Dlogging.config=...</code> JVM option.

For Docker-based deployments, the LDAP configuration is still applied inside the Globalyzer Server container via <code>GzserverConfig.groovy</code> and environment variables. The steps in [[Globalyzer_Server_LDAP_Installation]] apply regardless of whether the server is deployed via Docker or on bare Tomcat.

=== SAML / SSO Integration ===

Globalyzer Server can also be integrated with SAML-based SSO so that users authenticate via your corporate Identity Provider (IdP).

At a high level, SSO configuration involves:

* Configuring the Globalyzer Server as a SAML Service Provider (SP).
* Importing/exchanging metadata (IdP and SP).
* Adjusting Globalyzer’s security configuration to delegate authentication to the SSO provider.
* Coordinating user and group mapping so SSO identities map to the appropriate Globalyzer roles.

The SSO configuration is performed after the base Docker installation and does not change the installation steps described on this page.

For detailed SSO configuration steps and examples, see:
* [[Globalyzer_Server_SSO_Installation]]

= New Globalyzer Server Installation =

== sudo user ==

A Linux user with <code>sudo</code> privileges is required as the user under which to prepare and run the installation scripts. For example:

* <code>ec2-user</code> on Amazon Linux systems

The Globalyzer installation script itself must ultimately run with root privileges. It will exit with an error if it is not run as root.

== Create the database conf directory ==

Use the sudo user’s home directory as the base for Docker data directories. For example, on Amazon Linux with user <code>ec2-user</code>:

* Home: <code>/home/ec2-user</code>

The installer will create the MySQL configuration directory automatically:

* <code>/home/ec2-user/mysql/conf.d</code>

Optionally, you may create a basic MySQL client configuration file as well:

<pre>
vi /home/<user>/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
</pre>

The installer also creates additional directories under <code>home_directory</code> for exports, backups, and internal configuration.

== Configuration ==

Your Lingoport contact will provide the Globalyzer Server installation scripts and configuration file. You should receive files similar to:

* <code>install.conf</code>
* <code>InstallGzserver.sh</code>
* <code>UpdateGzserver.sh</code> (name may vary)
* <code>UninstallGzserver.sh</code> (name may vary)

Copy these files to a directory under the sudo user’s home, for example:

<pre>
/home/ec2-user/globalyzerServerInstall
</pre>

or, in general:

<pre>
/home/<user>/globalyzerServerInstall
</pre>

=== Set up install.conf ===

The <code>install.conf</code> file controls installation settings. The top portion is intended to be edited by the customer; the lower portion is preconfigured for access to the Lingoport Docker Hub account.

A typical <code>install.conf</code> will look like this:

<pre>
#
# Provide your home directory, lingoport/ and gzserver/ folders will be created
#
home_directory=/home/ec2-user

#
# Provide the Globalyzer Server version
#
gzserver_image_version=6.8

#
# Provide the Globalyzer Server port
#
serverPort=8080

#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=_dbrootpass_

# Provide an email username and password you wish to use for automated emails from the system
email_username=_emailusername_
email_password=_emailpassword_

# The URL the server will use
gzserver_url=_gzserverurl_

# DO NOT CHANGE THE STUFF BELOW

#
# Provide your Docker Hub username
#
docker_username=lingoport_provided_customer_account

#
# Provide your Docker Hub account token
#
docker_account_token=lingoport_provided

#
# Provide the Docker network name you want to create
#
database_network=mysqlnetsgzserver

docker_image=lingoport/gzserver
</pre>

Edit the following values:

* <code>gzserver_image_version</code> – the Globalyzer Server image version provided by Lingoport (for example <code>6.8</code>).
* <code>serverPort</code> – host port for HTTP access to the Globalyzer Server container (default <code>8080</code>).
* <code>database_root_password</code> – root password to create for the MySQL 8 database container.
* <code>email_username</code> and <code>email_password</code> – credentials for the SMTP account you wish to use for system email notifications. These are '''not''' prompted for by the installer and must be set correctly in <code>install.conf</code>.
* <code>gzserver_url</code> – the full URL that clients will use to reach Globalyzer Server, such as:
** <code>http://myserver.mycompany.com:8080/gzserver</code> (HTTP)
** <code>https://globalyzer.mycompany.com/gzserver</code> (behind a reverse proxy)

The initial <code>install.conf</code> provided by Lingoport typically uses placeholder values such as <code>_dbrootpass_</code>, <code>_emailusername_</code>, <code>_emailpassword_</code>, and <code>_gzserverurl_</code>. These are examples only and must be replaced before production use.

Do '''not''' change the values below the <code># DO NOT CHANGE THE STUFF BELOW</code> line unless instructed by Lingoport support. Those values:

* Provide the Docker Hub username and token used to pull the <code>lingoport/gzserver</code> image
* Configure the Docker network name and image name

== Run InstallGzserver.sh ==

From the directory containing the scripts:

<pre>
cd /home/<user>/globalyzerServerInstall
chmod +x *.sh
sudo ./InstallGzserver.sh
</pre>

Notes:

* The script must run as root (for example via <code>sudo</code>). It will exit if <code>id -u</code> is not 0.
* If any of the following are missing or empty in <code>install.conf</code>, the script will prompt for them:
** <code>database_root_password</code>
** <code>gzserver_url</code>
** <code>docker_username</code>
** <code>docker_account_token</code>
* <code>email_username</code> and <code>email_password</code> are not prompted and will be used exactly as written in <code>install.conf</code>.

=== What the installer does ===

<code>InstallGzserver.sh</code> performs the following high-level steps:

# Reads <code>install.conf</code> and prompts for any missing values listed above.
# Creates directories under <code>home_directory</code>:
## <code>lingoport/</code>
## <code>gzserver/export</code>
## <code>gzserver/config</code>
## <code>gzserver/backup</code>
## <code>mysql/conf.d</code>
# Changes directory to <code>$home_directory/gzserver/config</code> to store container IDs and related files.
# Ensures a Docker network exists with name <code>database_network</code> (default: <code>mysqlnetsgzserver</code>).
# Starts a MySQL 8 container:
## Name: <code>gzserverDatabase</code>
## Network alias: <code>mysqlservergzserver</code>
## Network: <code>$database_network</code>
## Environment:
### <code>MYSQL_ROOT_PASSWORD=$database_root_password</code>
### <code>MYSQL_DATABASE=GZSERVER</code>
## Volume:
### <code>$home_directory/mysql/conf.d:/etc/mysql/conf.d</code>
## MySQL options:
### <code>--character-set-server=utf8mb4</code>
### <code>--collation-server=utf8mb4_unicode_ci</code>
### <code>--default-authentication-plugin=mysql_native_password</code>
# Waits until the MySQL container reports ready (using <code>mysqladmin ping</code> inside the container).
# Logs in to Docker Hub using:
## <code>docker_username</code>
## <code>docker_account_token</code>
# Starts the Globalyzer Server container:
## Image: <code>$docker_image:$gzserver_image_version</code> (for example <code>lingoport/gzserver:6.8</code>)
## Network alias: <code>gzservernet</code>
## Network: <code>$database_network</code>
## Port mapping: <code>$serverPort:8080</code> (host:container)
## Volume:
### <code>$home_directory/gzserver/export:/home/gzserver/.gzserverihost/export</code>
## Restart policy: <code>--restart unless-stopped</code>
# Waits ~20 seconds, then updates the Globalyzer server configuration inside the container by replacing:
## <code>_dbrootpass_</code> → <code>$database_root_password</code>
## <code>_emailusername_</code> → <code>$email_username</code>
## <code>_emailpassword_</code> → <code>$email_password</code>
## <code>_gzserverurl_</code> → <code>$gzserver_url</code>
# Restarts the Globalyzer Server container so the new configuration is applied.
# Prints a summary message and a <code>docker logs -f</code> command you can use to follow the startup.

The installer saves container IDs in:

* <code>$home_directory/gzserver/config/gz_mysql_id.txt</code>
* <code>$home_directory/gzserver/config/gz_container_id.txt</code>

These are used by the update/uninstall scripts.

=== Re-install Globalyzer Server ===

If you need to re-run <code>InstallGzserver.sh</code> on the same system:

* First run the provided uninstall script (for example <code>UninstallGzserver.sh</code>) to clean up containers.
* Optionally remove the existing <code>lingoport/gzserver</code> image:
<pre>
sudo docker image ls
sudo docker image rm --force <gzserver-image-id>
</pre>
* Adjust <code>install.conf</code> as needed, then run:
<pre>
sudo ./InstallGzserver.sh
</pre>

== Note: Database backup ==

The installer creates:

* <code>$home_directory/gzserver/backup</code> – intended as the location for database backup files

If you received a database backup script (for example <code>BackupGzserverDatabase.sh</code>) from Lingoport, run:

<pre>
chmod +x *.sh
sudo ./BackupGzserverDatabase.sh
</pre>

The database backup SQL file will typically be placed under:

* <code>$home_directory/gzserver/backup</code>

'''Note on MySQL data location:'''

* By default, the MySQL container stores its data in a Docker-managed volume under <code>/var/lib/docker/volumes</code> on the host.
* This data persists across container restarts and image updates.
* The data can be removed if the container '''and''' its associated volume are deleted (for example with <code>docker rm -v</code> or by an uninstall process that removes volumes).

For this reason, it is recommended to keep regular database backups before performing any destructive maintenance.

== Verify Installation ==

Once <code>InstallGzserver.sh</code> completes:

# Check that containers are running:
<pre>
sudo docker ps
</pre>

You should see at least:

* A MySQL 8 container (for example <code>mysql:8.0</code>)
* A Globalyzer Server container (for example <code>lingoport/gzserver:6.8</code>)

# Follow the Globalyzer Server logs:
The installer prints a <code>docker logs</code> command at the end, such as:
<pre>
docker logs -f <gzserver-container-id>
</pre>
Wait until Tomcat and Globalyzer report successful startup. First-time startup can take several minutes (commonly up to ~8 minutes).

# Access the Globalyzer Server URL:
Open a browser and navigate to the URL configured in <code>install.conf</code> (the <code>gzserver_url</code> value), for example:

<pre>
http://myserver.mycompany.com:8080/gzserver
</pre>

or

<pre>
https://globalyzer.mycompany.com/gzserver
</pre>

You should see the Globalyzer Server login page.

# Log in with the administrator account:
Use the administrator credentials provided by Lingoport support. After logging in, you can:

* Change the administrator password
* Create additional users
* Configure rule sets and scanning options

For a fresh install, it is expected that there are no rule sets or projects configured yet. For upgrades, you may need to restore a database backup if you are migrating from an earlier system.

If the installation is unsuccessful, do not repeatedly re-run the install script; instead:

* Run the uninstall script
* Adjust configuration or correct issues
* Re-run the install

= Globalyzer Server Update =

== Scripts ==

Your Globalyzer Server distribution may include an update script (for example <code>UpdateGzserver.sh</code>). This script typically:

* Backs up the existing database (or instructs you to do so)
* Stops the running Globalyzer Server container
* Pulls the new <code>lingoport/gzserver</code> image version
* Starts the new container version using existing data and configuration

Make sure to keep a copy of your current <code>install.conf</code> before updating.

== Backup the database ==

Before updating to a new version, it is strongly recommended to back up the database. If you have a backup script:

<pre>
chmod +x *.sh
sudo ./BackupGzserverDatabase.sh
</pre>

Verify that the backup file is present under:

* <code>$home_directory/gzserver/backup</code>

== Edit install.conf ==

To update to a new Globalyzer Server image version:

* Change the <code>gzserver_image_version</code> in <code>install.conf</code>, for example:

<pre>
gzserver_image_version=6.9
</pre>

Do not modify the fields below the <code># DO NOT CHANGE THE STUFF BELOW</code> line unless instructed by Lingoport.

== Run the update script ==

If provided:

<pre>
chmod +x UpdateGzserver.sh
sudo ./UpdateGzserver.sh
</pre>

After the update:

* Use <code>sudo docker ps</code> to verify the Globalyzer Server container is running with the new image version.
* Navigate to the Globalyzer Server URL and confirm the system is operational.

= Start and Stop System =

You can manage Globalyzer Server via Docker commands on the VM.

* To list running containers:
<pre>
sudo docker ps
</pre>

* To stop Globalyzer Server:
<pre>
sudo docker stop <gzserver-container-id>
</pre>

* To start Globalyzer Server again:
<pre>
sudo docker start <gzserver-container-id>
</pre>

You can also identify the container by name if your installation uses fixed names.

= Uninstall =

To completely uninstall Globalyzer Server, use the uninstall script provided by Lingoport, for example:

<pre>
sudo ./UninstallGzserver.sh
</pre>

The uninstall script:

* Must be run as root (for example via <code>sudo</code>).
* Sources <code>install.conf</code> (to obtain <code>home_directory</code>).
* Changes directory to <code>$home_directory/gzserver/config</code>.
* Reads the Globalyzer Server container ID from <code>gz_container_id.txt</code> and stops/removes that container.
* Reads the MySQL container ID from <code>gz_mysql_id.txt</code> and stops/removes that container.

If either of the ID files is missing, the script exits with an error message (for example if the server has not been installed or containers were removed manually).

The uninstall script:

* Does '''not''' remove the Docker network created during install.
* Does '''not''' remove host directories under <code>$home_directory</code>.
* Does '''not''' explicitly remove MySQL data volumes (they remain on the host unless removed separately).

After uninstalling, verify:

<pre>
sudo docker ps
</pre>

You should not see Globalyzer Server or its MySQL container listed as running.

= FAQ and Troubleshooting =

== Make sure the Server URL is reachable ==

Navigate to the server URL configured in <code>install.conf</code> (<code>gzserver_url</code>). Is the login screen available?

If not:

* Check that both containers are running:

<pre>
sudo docker container ls -a
</pre>

You should see entries similar to:

<pre>
CONTAINER ID IMAGE COMMAND STATUS PORTS
... lingoport/gzserver:6.8 "catalina.sh run" Up ... 0.0.0.0:8080->8080/tcp
... mysql:8.0 "docker-entrypoint.s…" Up ... 3306/tcp, 33060/tcp
</pre>

* Verify DNS points to the correct VM.
* Verify firewall rules allow access to the configured <code>serverPort</code>.
* If behind HTTPS / reverse proxy, verify the proxy configuration and TLS certificate.

== LDAP login issues ==

If you have configured LDAP and logins are failing:

* Review your settings against [[Globalyzer_Server_LDAP_Installation]]:
** Attribute mappings (<code>gzserver.ldap.ctx.*</code>)
** Group names (<code>gzserver.ldap.*.groupName</code>)
** Search bases and filters for users and groups
** Manager DN and password
* Enable detailed logging by:
** Placing the <code>logback-debug.groovy</code> file (from the Globalyzer Server zip) on the server.
** Adding <code>-Dlogging.config=/path/to/logback-debug.groovy</code> to <code>JAVA_OPTS</code> for the Globalyzer Server process.
** Restarting the Globalyzer Server container.

This will cause additional LDAP diagnostic information to be written to the Globalyzer server logs, helping to pinpoint configuration issues.

== To check files on disk ==

To inspect files inside the Globalyzer Server container (for logs or configuration):

1. Find the container ID:

<pre>
sudo docker container ls -a
</pre>

2. Run a shell in the container:

<pre>
sudo docker exec -it <gzserver-container-id> bash
</pre>

Within that shell, you can explore the filesystem (for example, <code>/usr/local/tomcat</code>, logs directories, or the export path mapped from <code>$home_directory/gzserver/export</code>).

== How to backup and restore a system ==

A typical backup/restore process:

*'''Backup the Globalyzer Server database'''

sudo ./BackupGzserverDatabase.sh

This will create one or more files such as:

<code><home_directory>/gzserver/backup/gzserver_backup_YYYY-MM-DD_HHMMSS.sql</code>

(Exact naming may vary depending on the backup script.)

*'''Stop the current Globalyzer Server and MySQL containers'''

sudo docker ps
sudo docker stop <GlobalyzerServerContainerID> <MySQLContainerID>
sudo docker ps

*'''Install or update Globalyzer Server'''

sudo ./InstallGzserver.sh
or
sudo ./UpdateGzserver.sh

*'''Verify that Globalyzer Server comes up in the browser'''

Log in with the administrator account; for a fresh install, no rule sets or users beyond the admin account are expected.

*'''Restore from the database (if applicable)'''

If you have a restore script (for example <code>RestoreGzserverDatabase.sh</code>):

sudo ./RestoreGzserverDatabase.sh YYYY-MM-DD_HHMMSS

Where <code>YYYY-MM-DD_HHMMSS</code> matches the timestamp in your backup file name.

*'''Verify that Globalyzer Server is populated with the correct information'''

Log in and check rule sets, users, and other configuration.

= Next Steps =

Globalyzer Server is now ready to be used. Typical next steps include:

* Configure Globalyzer Server users and roles.
* Set up rule sets and scanning configurations.
* Update Globalyzer Clients (CLI, IDE, or Command Center) to point to the Globalyzer Server URL you configured.
* Follow the corresponding Globalyzer Client or Command Center user guides for integrating scans into your development and CI/CD processes.

Globalyzer Server Installation

2025-11-21T17:46:08Z

Masnes: HTTP/2 less relevant to gzserver - remove it

= Pre-Requisites =
Before installing or updating the Globalyzer Server, please verify this section is complete.

== Introduction ==

Globalyzer Server is the central rules and configuration server for the Globalyzer static analysis clients.

* Globalyzer Clients (CLI, IDE plugins, or Globalyzer invoked from Command Center) connect to the Globalyzer Server to:
** Retrieve rule sets and scanning configurations
** Optionally upload scan metadata (depending on configuration)

Globalyzer Server can be hosted:

* By Lingoport in the cloud, or
* On-premises, under the customer’s control

This document describes deploying an **on-premises Globalyzer Server** using Docker and MySQL 8, with host directories mounted as Docker bind volumes.

=== Basic Deployment Diagram ===

At a high level:

* One or more **Globalyzer Clients** (developer workstations, CI servers, Command Center, etc.) connect to
* A **Globalyzer Server instance** (running in Docker on a Linux VM)
* The Globalyzer Server uses a dedicated **MySQL 8 database container** for its metadata and configuration

(For Command Center users: Command Center will typically run Globalyzer Client jobs and point them at the Globalyzer Server URL configured here.)

=== IT ===

When '''Lingoport hosts''' the Globalyzer Server, access from your environment (CI systems, developer machines, Command Center, etc.) to the hosted server must be arranged. Lingoport manages security, including which IP addresses or networks are allowed to connect.

When installing Globalyzer Server '''on premises''', the customer '''IT''' group is critical to a successful deployment. In particular, the IT team that sets up the Linux system must understand:

* That Docker will be used to run both MySQL 8 and the Globalyzer Server
* That Globalyzer Clients will connect to the Globalyzer Server URL
* Which users need access to the web UI and via which ports / DNS names

Lingoport recommends a brief meeting with the IT team '''before installation''' to confirm:

* Hardware and OS are ready
* Docker is installed and usable
* Firewall and DNS will allow access to the Globalyzer Server URL
* Outbound access to Docker Hub is available (alternatively a docker image snapshot may be provided over SFTP)

=== Requirements ===
Before installing Globalyzer Server, ensure the following:

* Hardware
* Linux
* Docker
* Firewall / Ports
* (Optional but recommended) HTTPS and HTTP/2

The next sections describe each of these points.

== Hardware & Software Requirements ==

The following sections describe the hardware and software requirements for Globalyzer Server.

Note that this section is specific to Globalyzer Server. Command Center has separate hardware requirements described on the [[Command_Center_Installation]] page.

=== Hardware Requirements ===

Typical minimums for a dedicated Globalyzer Server VM:

{| border="1" class="wikitable" style="width=50%"
! Element
! Required (minimum)
|-
! CPU
| 2 cores (4 preferred)
|-
! Memory
| 8 GB (16 GB preferred for larger teams)
|-
! Disk
| 100 GB (data growth depends on usage)
|}

The Globalyzer Server may:

* Be hosted by Lingoport
* Reside on its own VM
* Share a VM with other Lingoport components (for example, Command Center), provided hardware resources are sufficient

Other Linux and Windows machines may have Globalyzer Clients installed that connect to this server.

=== Software Requirements ===

Since this is a Docker-based installation:

* The Globalyzer Server application (Tomcat + Globalyzer) runs in a Docker container
* The MySQL 8 database runs in a separate Docker container
* Configuration and export directories are mounted as '''bind volumes''' on the Linux VM

This requires:

* A supported Linux distribution (see below)
* A working Docker installation (Engine + CLI)

=== Supported Browsers and Versions ===

The Globalyzer Server UI is accessed via a browser. The following browsers are supported:

* Chrome: 117+
* Edge: 117+
* Firefox: 71+

== Access and Ports / Firewall ==

Globalyzer Server needs to be accessible by:

* Lingoport and/or customer admins (for configuration, rule management, monitoring)
* Globalyzer Clients (CLI, IDE, Command Center, CI jobs, etc.)

=== Ports (Internal to company network) ===

{| border="1" class="wikitable" style="text-align:left; width=50%;"
! Services !! Ports !! Inbound (session) !! Outbound (session) !! Notes
|-
| SSH (for system config/maintenance) || 22 || Y || N || System configuration and maintenance on the Globalyzer Server VM.
|-
| Globalyzer Server (HTTP/HTTPS) || 8080 (HTTP) and/or 443 (HTTPS) || Y || N || Default 8080 (configurable via <code>install.conf</code>). HTTPS usually provided by a reverse proxy (e.g. Apache, Nginx) and an SSL certificate.
|-
| SMTP/SMTPS || 25 or 465 or 587 || N || Y || For email notifications from Globalyzer Server. Depends on corporate mail setup.
|-
| Globalyzer Clients → Globalyzer Server || 8080 or 443 || N || Y || Outbound from client machines / CI / Command Center to the Globalyzer Server URL.
|}

Note: MySQL runs in a Docker container on the same VM and is not typically exposed externally. All access is from the Globalyzer Server container.

==== External Access ====

{| border="1" class="wikitable" style="text-align:left; width=50%;"
! Services !! Ports !! Inbound !! Outbound !! Notes
|-
| Lingoport SSH access || 22 || Y || N || Optional but recommended for ease of upgrades and troubleshooting (if allowed by security policy).
|-
| RHEL/Alma/Ubuntu Packages || 80 (Debian) 443 (RHEL/others) || N || Y || Operating system package repositories (may be internal mirrors).
|-
| <code>hub.docker.com</code> || 80 and 443 || N || Y || Location of the <code>lingoport/gzserver</code> Docker image. Image snapshot may also be provided by Lingoport over SFTP as an alternative.
|}

== HTTPS ==

HTTPS is recommended but not strictly necessary for Globalyzer Server. Many customers choose to:

* Expose Globalyzer Server internally over HTTP (port 8080), and/or
* Place a reverse proxy (such as Apache or Nginx) in front of the container, terminating HTTPS on port 443.

If HTTPS is already standardized by your IT group, follow that process and simply point the HTTPS VirtualHost/ServerName to the Globalyzer Server container / port.

For an example configuration, see:
* [[ HTTPS configuration | HTTPS Configuration ]]

== Email Sender ==

Globalyzer Server can send notifications to users (for example, license warnings or other system emails) depending on configuration.

For email delivery, you will need the following information:

* SMTP host URL (such as <code>smtp.yourcompany.com</code>)
* Authorization method (SMTP, SMTPS, etc.)
* Sender email address (for example <code>globalyzer@customerdomain.com</code>)
* Sender password (this is the value placed in <code>email_password</code> in <code>install.conf</code>)

Additional email settings (such as host and port) may be configured in the Globalyzer server configuration. Coordinate with Lingoport support if you are unsure which values to use.

== Docker Install ==

Docker is the underlying platform used to run the Globalyzer Server and MySQL 8 containers.

The supported versions of Linux for Docker installation are:

* [[Installing Docker on RedHat Enterprise Linux 8 |RedHat Enterprise Linux 8]]
* [[Oracle Linux 8]]
* [[Installing Docker on Ubuntu 20.04|Ubuntu 20.04]]
* [[Installing_Docker_on_Amazon_Linux_2|Amazon Linux 2]] (EOL 2025-06)

Other Linux versions may work, but the above are the distributions and processes that have been verified.

== Credentials ==

Globalyzer Server manages its own user database and can also integrate with your directory service (LDAP) or SAML/SSO depending on license and version.

=== Globalyzer Server User Database ===

At installation time:

* A default administrator user is created (details provided by Lingoport support).
* It is strongly recommended to change the initial administrator password and store it securely.

From that admin account you can create additional Globalyzer Server users and manage roles.

=== LDAP Integration ===

Globalyzer Server can use your company’s LDAP directory for authentication and authorization. In this mode:

* Users log in with their LDAP username and password.
* If they are authenticated and belong to one of the configured Globalyzer LDAP groups (admin / manager / member), a Globalyzer account is created/updated using LDAP attributes.
* LDAP remains the source of truth for user lifecycle: when a user is removed from LDAP they can no longer access Globalyzer.

LDAP configuration involves:

* Enabling LDAP mode (environment variable <code>GZSERVER_LDAP_MODE=true</code> for the server process).
* Configuring the LDAP section in <code>GzserverConfig.groovy</code>, including:
** Mapping user attributes (first name, last name, email, phone, title, country, time zone) via <code>gzserver.ldap.ctx.*</code>.
** Mapping LDAP groups to Globalyzer roles via <code>gzserver.ldap.admin.groupName</code>, <code>gzserver.ldap.manager.groupName</code>, <code>gzserver.ldap.member.groupName</code>.
** Defining a “no access” message for users who authenticate but are not in any Globalyzer LDAP group.
** Configuring LDAP server connection properties, including:
*** LDAP server URL (for example <code>grails.plugin.springsecurity.ldap.context.server = 'ldap://ldap.example.com:389'</code>)
*** Manager DN and password used for LDAP binds
*** Base DNs and filters for user and group searches.

Passwords in <code>GzserverConfig.groovy</code> may be stored either in plain text or encrypted using the <code>globalyzer-encrypt-password.jar</code> utility distributed with the Globalyzer Server zip. See [[Globalyzer_Server_LDAP_Installation]] for detailed instructions and examples, including:

* Encrypted manager passwords
* A dedicated continuous integration (CI) user (for Globalyzer Lite / automated scans) configured via:
** <code>gzserver.ldap.ci_user</code>
** <code>gzserver.ldap.ci_password</code> (plain text or <code>ENC(...)</code>)
* How login behavior changes on LDAP servers (LDAP User / Password fields, removal of “Forgot password” link, restrictions on editing profiles, etc.)
* How to enable detailed LDAP debug logging using <code>logback-debug.groovy</code> and the <code>-Dlogging.config=...</code> JVM option.

For Docker-based deployments, the LDAP configuration is still applied inside the Globalyzer Server container via <code>GzserverConfig.groovy</code> and environment variables. The steps in [[Globalyzer_Server_LDAP_Installation]] apply regardless of whether the server is deployed via Docker or on bare Tomcat.

=== SAML / SSO Integration ===

Globalyzer Server can also be integrated with SAML-based SSO so that users authenticate via your corporate Identity Provider (IdP).

At a high level, SSO configuration involves:

* Configuring the Globalyzer Server as a SAML Service Provider (SP).
* Importing/exchanging metadata (IdP and SP).
* Adjusting Globalyzer’s security configuration to delegate authentication to the SSO provider.
* Coordinating user and group mapping so SSO identities map to the appropriate Globalyzer roles.

The SSO configuration is performed after the base Docker installation and does not change the installation steps described on this page.

For detailed SSO configuration steps and examples, see:
* [[Globalyzer_Server_SSO_Installation]]

= New Globalyzer Server Installation =

== sudo user ==

A Linux user with <code>sudo</code> privileges is required as the user under which to prepare and run the installation scripts. For example:

* <code>ec2-user</code> on Amazon Linux systems

The Globalyzer installation script itself must ultimately run with root privileges. It will exit with an error if it is not run as root.

== Create the database conf directory ==

Use the sudo user’s home directory as the base for Docker data directories. For example, on Amazon Linux with user <code>ec2-user</code>:

* Home: <code>/home/ec2-user</code>

The installer will create the MySQL configuration directory automatically:

* <code>/home/ec2-user/mysql/conf.d</code>

Optionally, you may create a basic MySQL client configuration file as well:

<pre>
vi /home/<user>/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
</pre>

The installer also creates additional directories under <code>home_directory</code> for exports, backups, and internal configuration.

== Configuration ==

Your Lingoport contact will provide the Globalyzer Server installation scripts and configuration file. You should receive files similar to:

* <code>install.conf</code>
* <code>InstallGzserver.sh</code>
* <code>UpdateGzserver.sh</code> (name may vary)
* <code>UninstallGzserver.sh</code> (name may vary)

Copy these files to a directory under the sudo user’s home, for example:

<pre>
/home/ec2-user/globalyzerServerInstall
</pre>

or, in general:

<pre>
/home/<user>/globalyzerServerInstall
</pre>

=== Set up install.conf ===

The <code>install.conf</code> file controls installation settings. The top portion is intended to be edited by the customer; the lower portion is preconfigured for access to the Lingoport Docker Hub account.

A typical <code>install.conf</code> will look like this:

<pre>
#
# Provide your home directory, lingoport/ and gzserver/ folders will be created
#
home_directory=/home/ec2-user

#
# Provide the Globalyzer Server version
#
gzserver_image_version=6.8

#
# Provide the Globalyzer Server port
#
serverPort=8080

#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=_dbrootpass_

# Provide an email username and password you wish to use for automated emails from the system
email_username=_emailusername_
email_password=_emailpassword_

# The URL the server will use
gzserver_url=_gzserverurl_

# DO NOT CHANGE THE STUFF BELOW

#
# Provide your Docker Hub username
#
docker_username=lingoport_provided_customer_account

#
# Provide your Docker Hub account token
#
docker_account_token=lingoport_provided

#
# Provide the Docker network name you want to create
#
database_network=mysqlnetsgzserver

docker_image=lingoport/gzserver
</pre>

Edit the following values:

* <code>home_directory</code> – base directory where the installer will create:
** <code>lingoport/</code>
** <code>gzserver/export</code>
** <code>gzserver/config</code>
** <code>gzserver/backup</code>
** <code>mysql/conf.d</code>
* <code>gzserver_image_version</code> – the Globalyzer Server image version provided by Lingoport (for example <code>6.8</code>).
* <code>serverPort</code> – host port for HTTP access to the Globalyzer Server container (default <code>8080</code>).
* <code>database_root_password</code> – root password to create for the MySQL 8 database container.
* <code>email_username</code> and <code>email_password</code> – credentials for the SMTP account you wish to use for system email notifications. These are '''not''' prompted for by the installer and must be set correctly in <code>install.conf</code>.
* <code>gzserver_url</code> – the full URL that clients will use to reach Globalyzer Server, such as:
** <code>http://myserver.mycompany.com:8080/gzserver</code> (HTTP)
** <code>https://globalyzer.mycompany.com/gzserver</code> (behind a reverse proxy)

The initial <code>install.conf</code> provided by Lingoport typically uses placeholder values such as <code>_dbrootpass_</code>, <code>_emailusername_</code>, <code>_emailpassword_</code>, and <code>_gzserverurl_</code>. These are examples only and must be replaced before production use.

Do '''not''' change the values below the <code># DO NOT CHANGE THE STUFF BELOW</code> line unless instructed by Lingoport support. Those values:

* Provide the Docker Hub username and token used to pull the <code>lingoport/gzserver</code> image
* Configure the Docker network name and image name

== Run InstallGzserver.sh ==

From the directory containing the scripts:

<pre>
cd /home/<user>/globalyzerServerInstall
chmod +x *.sh
sudo ./InstallGzserver.sh
</pre>

Notes:

* The script must run as root (for example via <code>sudo</code>). It will exit if <code>id -u</code> is not 0.
* If any of the following are missing or empty in <code>install.conf</code>, the script will prompt for them:
** <code>database_root_password</code>
** <code>gzserver_url</code>
** <code>docker_username</code>
** <code>docker_account_token</code>
* <code>email_username</code> and <code>email_password</code> are not prompted and will be used exactly as written in <code>install.conf</code>.

=== What the installer does ===

<code>InstallGzserver.sh</code> performs the following high-level steps:

# Reads <code>install.conf</code> and prompts for any missing values listed above.
# Creates directories under <code>home_directory</code>:
## <code>lingoport/</code>
## <code>gzserver/export</code>
## <code>gzserver/config</code>
## <code>gzserver/backup</code>
## <code>mysql/conf.d</code>
# Changes directory to <code>$home_directory/gzserver/config</code> to store container IDs and related files.
# Ensures a Docker network exists with name <code>database_network</code> (default: <code>mysqlnetsgzserver</code>).
# Starts a MySQL 8 container:
## Name: <code>gzserverDatabase</code>
## Network alias: <code>mysqlservergzserver</code>
## Network: <code>$database_network</code>
## Environment:
### <code>MYSQL_ROOT_PASSWORD=$database_root_password</code>
### <code>MYSQL_DATABASE=GZSERVER</code>
## Volume:
### <code>$home_directory/mysql/conf.d:/etc/mysql/conf.d</code>
## MySQL options:
### <code>--character-set-server=utf8mb4</code>
### <code>--collation-server=utf8mb4_unicode_ci</code>
### <code>--default-authentication-plugin=mysql_native_password</code>
# Waits until the MySQL container reports ready (using <code>mysqladmin ping</code> inside the container).
# Logs in to Docker Hub using:
## <code>docker_username</code>
## <code>docker_account_token</code>
# Starts the Globalyzer Server container:
## Image: <code>$docker_image:$gzserver_image_version</code> (for example <code>lingoport/gzserver:6.8</code>)
## Network alias: <code>gzservernet</code>
## Network: <code>$database_network</code>
## Port mapping: <code>$serverPort:8080</code> (host:container)
## Volume:
### <code>$home_directory/gzserver/export:/home/gzserver/.gzserverihost/export</code>
## Restart policy: <code>--restart unless-stopped</code>
# Waits ~20 seconds, then updates the Globalyzer server configuration inside the container by replacing:
## <code>_dbrootpass_</code> → <code>$database_root_password</code>
## <code>_emailusername_</code> → <code>$email_username</code>
## <code>_emailpassword_</code> → <code>$email_password</code>
## <code>_gzserverurl_</code> → <code>$gzserver_url</code>
# Restarts the Globalyzer Server container so the new configuration is applied.
# Prints a summary message and a <code>docker logs -f</code> command you can use to follow the startup.

The installer saves container IDs in:

* <code>$home_directory/gzserver/config/gz_mysql_id.txt</code>
* <code>$home_directory/gzserver/config/gz_container_id.txt</code>

These are used by the update/uninstall scripts.

=== Re-install Globalyzer Server ===

If you need to re-run <code>InstallGzserver.sh</code> on the same system:

* First run the provided uninstall script (for example <code>UninstallGzserver.sh</code>) to clean up containers.
* Optionally remove the existing <code>lingoport/gzserver</code> image:
<pre>
sudo docker image ls
sudo docker image rm --force <gzserver-image-id>
</pre>
* Adjust <code>install.conf</code> as needed, then run:
<pre>
sudo ./InstallGzserver.sh
</pre>

== Note: Database backup ==

The installer creates:

* <code>$home_directory/gzserver/backup</code> – intended as the location for database backup files

If you received a database backup script (for example <code>BackupGzserverDatabase.sh</code>) from Lingoport, run:

<pre>
chmod +x *.sh
sudo ./BackupGzserverDatabase.sh
</pre>

The database backup SQL file will typically be placed under:

* <code>$home_directory/gzserver/backup</code>

'''Note on MySQL data location:'''

* By default, the MySQL container stores its data in a Docker-managed volume under <code>/var/lib/docker/volumes</code> on the host.
* This data persists across container restarts and image updates.
* The data can be removed if the container '''and''' its associated volume are deleted (for example with <code>docker rm -v</code> or by an uninstall process that removes volumes).

For this reason, it is recommended to keep regular database backups before performing any destructive maintenance.

== Verify Installation ==

Once <code>InstallGzserver.sh</code> completes:

# Check that containers are running:
<pre>
sudo docker ps
</pre>

You should see at least:

* A MySQL 8 container (for example <code>mysql:8.0</code>)
* A Globalyzer Server container (for example <code>lingoport/gzserver:6.8</code>)

# Follow the Globalyzer Server logs:
The installer prints a <code>docker logs</code> command at the end, such as:
<pre>
docker logs -f <gzserver-container-id>
</pre>
Wait until Tomcat and Globalyzer report successful startup. First-time startup can take several minutes (commonly up to ~8 minutes).

# Access the Globalyzer Server URL:
Open a browser and navigate to the URL configured in <code>install.conf</code> (the <code>gzserver_url</code> value), for example:

<pre>
http://myserver.mycompany.com:8080/gzserver
</pre>

or

<pre>
https://globalyzer.mycompany.com/gzserver
</pre>

You should see the Globalyzer Server login page.

# Log in with the administrator account:
Use the administrator credentials provided by Lingoport support. After logging in, you can:

* Change the administrator password
* Create additional users
* Configure rule sets and scanning options

For a fresh install, it is expected that there are no rule sets or projects configured yet. For upgrades, you may need to restore a database backup if you are migrating from an earlier system.

If the installation is unsuccessful, do not repeatedly re-run the install script; instead:

* Run the uninstall script
* Adjust configuration or correct issues
* Re-run the install

= Globalyzer Server Update =

== Scripts ==

Your Globalyzer Server distribution may include an update script (for example <code>UpdateGzserver.sh</code>). This script typically:

* Backs up the existing database (or instructs you to do so)
* Stops the running Globalyzer Server container
* Pulls the new <code>lingoport/gzserver</code> image version
* Starts the new container version using existing data and configuration

Make sure to keep a copy of your current <code>install.conf</code> before updating.

== Backup the database ==

Before updating to a new version, it is strongly recommended to back up the database. If you have a backup script:

<pre>
chmod +x *.sh
sudo ./BackupGzserverDatabase.sh
</pre>

Verify that the backup file is present under:

* <code>$home_directory/gzserver/backup</code>

== Edit install.conf ==

To update to a new Globalyzer Server image version:

* Change the <code>gzserver_image_version</code> in <code>install.conf</code>, for example:

<pre>
gzserver_image_version=6.9
</pre>

Do not modify the fields below the <code># DO NOT CHANGE THE STUFF BELOW</code> line unless instructed by Lingoport.

== Run the update script ==

If provided:

<pre>
chmod +x UpdateGzserver.sh
sudo ./UpdateGzserver.sh
</pre>

After the update:

* Use <code>sudo docker ps</code> to verify the Globalyzer Server container is running with the new image version.
* Navigate to the Globalyzer Server URL and confirm the system is operational.

= Start and Stop System =

You can manage Globalyzer Server via Docker commands on the VM.

* To list running containers:
<pre>
sudo docker ps
</pre>

* To stop Globalyzer Server:
<pre>
sudo docker stop <gzserver-container-id>
</pre>

* To start Globalyzer Server again:
<pre>
sudo docker start <gzserver-container-id>
</pre>

You can also identify the container by name if your installation uses fixed names.

= Uninstall =

To completely uninstall Globalyzer Server, use the uninstall script provided by Lingoport, for example:

<pre>
sudo ./UninstallGzserver.sh
</pre>

The uninstall script:

* Must be run as root (for example via <code>sudo</code>).
* Sources <code>install.conf</code> (to obtain <code>home_directory</code>).
* Changes directory to <code>$home_directory/gzserver/config</code>.
* Reads the Globalyzer Server container ID from <code>gz_container_id.txt</code> and stops/removes that container.
* Reads the MySQL container ID from <code>gz_mysql_id.txt</code> and stops/removes that container.

If either of the ID files is missing, the script exits with an error message (for example if the server has not been installed or containers were removed manually).

The uninstall script:

* Does '''not''' remove the Docker network created during install.
* Does '''not''' remove host directories under <code>$home_directory</code>.
* Does '''not''' explicitly remove MySQL data volumes (they remain on the host unless removed separately).

After uninstalling, verify:

<pre>
sudo docker ps
</pre>

You should not see Globalyzer Server or its MySQL container listed as running.

= FAQ and Troubleshooting =

== Make sure the Server URL is reachable ==

Navigate to the server URL configured in <code>install.conf</code> (<code>gzserver_url</code>). Is the login screen available?

If not:

* Check that both containers are running:

<pre>
sudo docker container ls -a
</pre>

You should see entries similar to:

<pre>
CONTAINER ID IMAGE COMMAND STATUS PORTS
... lingoport/gzserver:6.8 "catalina.sh run" Up ... 0.0.0.0:8080->8080/tcp
... mysql:8.0 "docker-entrypoint.s…" Up ... 3306/tcp, 33060/tcp
</pre>

* Verify DNS points to the correct VM.
* Verify firewall rules allow access to the configured <code>serverPort</code>.
* If behind HTTPS / reverse proxy, verify the proxy configuration and TLS certificate.

== LDAP login issues ==

If you have configured LDAP and logins are failing:

* Review your settings against [[Globalyzer_Server_LDAP_Installation]]:
** Attribute mappings (<code>gzserver.ldap.ctx.*</code>)
** Group names (<code>gzserver.ldap.*.groupName</code>)
** Search bases and filters for users and groups
** Manager DN and password
* Enable detailed logging by:
** Placing the <code>logback-debug.groovy</code> file (from the Globalyzer Server zip) on the server.
** Adding <code>-Dlogging.config=/path/to/logback-debug.groovy</code> to <code>JAVA_OPTS</code> for the Globalyzer Server process.
** Restarting the Globalyzer Server container.

This will cause additional LDAP diagnostic information to be written to the Globalyzer server logs, helping to pinpoint configuration issues.

== To check files on disk ==

To inspect files inside the Globalyzer Server container (for logs or configuration):

1. Find the container ID:

<pre>
sudo docker container ls -a
</pre>

2. Run a shell in the container:

<pre>
sudo docker exec -it <gzserver-container-id> bash
</pre>

Within that shell, you can explore the filesystem (for example, <code>/usr/local/tomcat</code>, logs directories, or the export path mapped from <code>$home_directory/gzserver/export</code>).

== How to backup and restore a system ==

A typical backup/restore process:

*'''Backup the Globalyzer Server database'''

sudo ./BackupGzserverDatabase.sh

This will create one or more files such as:

<code><home_directory>/gzserver/backup/gzserver_backup_YYYY-MM-DD_HHMMSS.sql</code>

(Exact naming may vary depending on the backup script.)

*'''Stop the current Globalyzer Server and MySQL containers'''

sudo docker ps
sudo docker stop <GlobalyzerServerContainerID> <MySQLContainerID>
sudo docker ps

*'''Install or update Globalyzer Server'''

sudo ./InstallGzserver.sh
or
sudo ./UpdateGzserver.sh

*'''Verify that Globalyzer Server comes up in the browser'''

Log in with the administrator account; for a fresh install, no rule sets or users beyond the admin account are expected.

*'''Restore from the database (if applicable)'''

If you have a restore script (for example <code>RestoreGzserverDatabase.sh</code>):

sudo ./RestoreGzserverDatabase.sh YYYY-MM-DD_HHMMSS

Where <code>YYYY-MM-DD_HHMMSS</code> matches the timestamp in your backup file name.

*'''Verify that Globalyzer Server is populated with the correct information'''

Log in and check rule sets, users, and other configuration.

= Next Steps =

Globalyzer Server is now ready to be used. Typical next steps include:

* Configure Globalyzer Server users and roles.
* Set up rule sets and scanning configurations.
* Update Globalyzer Clients (CLI, IDE, or Command Center) to point to the Globalyzer Server URL you configured.
* Follow the corresponding Globalyzer Client or Command Center user guides for integrating scans into your development and CI/CD processes.

Globalyzer Server Installation

2025-11-21T17:45:01Z

Masnes: Created page with "= Pre-Requisites = Before installing or updating the Globalyzer Server, please verify this section is complete. == Introduction == Globalyzer Server is the central rules an..."

= Pre-Requisites =
Before installing or updating the Globalyzer Server, please verify this section is complete.

== Introduction ==

Globalyzer Server is the central rules and configuration server for the Globalyzer static analysis clients.

* Globalyzer Clients (CLI, IDE plugins, or Globalyzer invoked from Command Center) connect to the Globalyzer Server to:
** Retrieve rule sets and scanning configurations
** Optionally upload scan metadata (depending on configuration)

Globalyzer Server can be hosted:

* By Lingoport in the cloud, or
* On-premises, under the customer’s control

This document describes deploying an **on-premises Globalyzer Server** using Docker and MySQL 8, with host directories mounted as Docker bind volumes.

=== Basic Deployment Diagram ===

At a high level:

* One or more **Globalyzer Clients** (developer workstations, CI servers, Command Center, etc.) connect to
* A **Globalyzer Server instance** (running in Docker on a Linux VM)
* The Globalyzer Server uses a dedicated **MySQL 8 database container** for its metadata and configuration

(For Command Center users: Command Center will typically run Globalyzer Client jobs and point them at the Globalyzer Server URL configured here.)

=== IT ===

When '''Lingoport hosts''' the Globalyzer Server, access from your environment (CI systems, developer machines, Command Center, etc.) to the hosted server must be arranged. Lingoport manages security, including which IP addresses or networks are allowed to connect.

When installing Globalyzer Server '''on premises''', the customer '''IT''' group is critical to a successful deployment. In particular, the IT team that sets up the Linux system must understand:

* That Docker will be used to run both MySQL 8 and the Globalyzer Server
* That Globalyzer Clients will connect to the Globalyzer Server URL
* Which users need access to the web UI and via which ports / DNS names

Lingoport recommends a brief meeting with the IT team '''before installation''' to confirm:

* Hardware and OS are ready
* Docker is installed and usable
* Firewall and DNS will allow access to the Globalyzer Server URL
* Outbound access to Docker Hub is available (alternatively a docker image snapshot may be provided over SFTP)

=== Requirements ===
Before installing Globalyzer Server, ensure the following:

* Hardware
* Linux
* Docker
* Firewall / Ports
* (Optional but recommended) HTTPS and HTTP/2

The next sections describe each of these points.

== Hardware & Software Requirements ==

The following sections describe the hardware and software requirements for Globalyzer Server.

Note that this section is specific to Globalyzer Server. Command Center has separate hardware requirements described on the [[Command_Center_Installation]] page.

=== Hardware Requirements ===

Typical minimums for a dedicated Globalyzer Server VM:

{| border="1" class="wikitable" style="width=50%"
! Element
! Required (minimum)
|-
! CPU
| 2 cores (4 preferred)
|-
! Memory
| 8 GB (16 GB preferred for larger teams)
|-
! Disk
| 100 GB (data growth depends on usage)
|}

The Globalyzer Server may:

* Be hosted by Lingoport
* Reside on its own VM
* Share a VM with other Lingoport components (for example, Command Center), provided hardware resources are sufficient

Other Linux and Windows machines may have Globalyzer Clients installed that connect to this server.

=== Software Requirements ===

Since this is a Docker-based installation:

* The Globalyzer Server application (Tomcat + Globalyzer) runs in a Docker container
* The MySQL 8 database runs in a separate Docker container
* Configuration and export directories are mounted as '''bind volumes''' on the Linux VM

This requires:

* A supported Linux distribution (see below)
* A working Docker installation (Engine + CLI)

=== Supported Browsers and Versions ===

The Globalyzer Server UI is accessed via a browser. The following browsers are supported:

* Chrome: 117+
* Edge: 117+
* Firefox: 71+

== Access and Ports / Firewall ==

Globalyzer Server needs to be accessible by:

* Lingoport and/or customer admins (for configuration, rule management, monitoring)
* Globalyzer Clients (CLI, IDE, Command Center, CI jobs, etc.)

=== Ports (Internal to company network) ===

{| border="1" class="wikitable" style="text-align:left; width=50%;"
! Services !! Ports !! Inbound (session) !! Outbound (session) !! Notes
|-
| SSH (for system config/maintenance) || 22 || Y || N || System configuration and maintenance on the Globalyzer Server VM.
|-
| Globalyzer Server (HTTP/HTTPS) || 8080 (HTTP) and/or 443 (HTTPS) || Y || N || Default 8080 (configurable via <code>install.conf</code>). HTTPS usually provided by a reverse proxy (e.g. Apache, Nginx) and an SSL certificate.
|-
| SMTP/SMTPS || 25 or 465 or 587 || N || Y || For email notifications from Globalyzer Server. Depends on corporate mail setup.
|-
| Globalyzer Clients → Globalyzer Server || 8080 or 443 || N || Y || Outbound from client machines / CI / Command Center to the Globalyzer Server URL.
|}

Note: MySQL runs in a Docker container on the same VM and is not typically exposed externally. All access is from the Globalyzer Server container.

==== External Access ====

{| border="1" class="wikitable" style="text-align:left; width=50%;"
! Services !! Ports !! Inbound !! Outbound !! Notes
|-
| Lingoport SSH access || 22 || Y || N || Optional but recommended for ease of upgrades and troubleshooting (if allowed by security policy).
|-
| RHEL/Alma/Ubuntu Packages || 80 (Debian) 443 (RHEL/others) || N || Y || Operating system package repositories (may be internal mirrors).
|-
| <code>hub.docker.com</code> || 80 and 443 || N || Y || Location of the <code>lingoport/gzserver</code> Docker image. Image snapshot may also be provided by Lingoport over SFTP as an alternative.
|}

== HTTPS ==

HTTPS is recommended but not strictly necessary for Globalyzer Server. Many customers choose to:

* Expose Globalyzer Server internally over HTTP (port 8080), and/or
* Place a reverse proxy (such as Apache or Nginx) in front of the container, terminating HTTPS on port 443.

If HTTPS is already standardized by your IT group, follow that process and simply point the HTTPS VirtualHost/ServerName to the Globalyzer Server container / port.

For an example configuration, see:
* [[ HTTPS configuration | HTTPS Configuration ]]

== HTTP/2 ==

HTTP/2 is recommended but not required. It can offer improved performance, especially when many concurrent users are accessing the UI.

HTTP/2 requires HTTPS, so it can only be used once HTTPS has been configured.

For an example configuration, see:
* [[ HTTP2 Configuration | HTTP2 Configuration ]]

== Email Sender ==

Globalyzer Server can send notifications to users (for example, license warnings or other system emails) depending on configuration.

For email delivery, you will need the following information:

* SMTP host URL (such as <code>smtp.yourcompany.com</code>)
* Authorization method (SMTP, SMTPS, etc.)
* Sender email address (for example <code>globalyzer@customerdomain.com</code>)
* Sender password (this is the value placed in <code>email_password</code> in <code>install.conf</code>)

Additional email settings (such as host and port) may be configured in the Globalyzer server configuration. Coordinate with Lingoport support if you are unsure which values to use.

== Docker Install ==

Docker is the underlying platform used to run the Globalyzer Server and MySQL 8 containers.

The supported versions of Linux for Docker installation are:

* [[Installing Docker on RedHat Enterprise Linux 8 |RedHat Enterprise Linux 8]]
* [[Oracle Linux 8]]
* [[Installing Docker on Ubuntu 20.04|Ubuntu 20.04]]
* [[Installing_Docker_on_Amazon_Linux_2|Amazon Linux 2]] (EOL 2025-06)

Other Linux versions may work, but the above are the distributions and processes that have been verified.

== Credentials ==

Globalyzer Server manages its own user database and can also integrate with your directory service (LDAP) or SAML/SSO depending on license and version.

=== Globalyzer Server User Database ===

At installation time:

* A default administrator user is created (details provided by Lingoport support).
* It is strongly recommended to change the initial administrator password and store it securely.

From that admin account you can create additional Globalyzer Server users and manage roles.

=== LDAP Integration ===

Globalyzer Server can use your company’s LDAP directory for authentication and authorization. In this mode:

* Users log in with their LDAP username and password.
* If they are authenticated and belong to one of the configured Globalyzer LDAP groups (admin / manager / member), a Globalyzer account is created/updated using LDAP attributes.
* LDAP remains the source of truth for user lifecycle: when a user is removed from LDAP they can no longer access Globalyzer.

LDAP configuration involves:

* Enabling LDAP mode (environment variable <code>GZSERVER_LDAP_MODE=true</code> for the server process).
* Configuring the LDAP section in <code>GzserverConfig.groovy</code>, including:
** Mapping user attributes (first name, last name, email, phone, title, country, time zone) via <code>gzserver.ldap.ctx.*</code>.
** Mapping LDAP groups to Globalyzer roles via <code>gzserver.ldap.admin.groupName</code>, <code>gzserver.ldap.manager.groupName</code>, <code>gzserver.ldap.member.groupName</code>.
** Defining a “no access” message for users who authenticate but are not in any Globalyzer LDAP group.
** Configuring LDAP server connection properties, including:
*** LDAP server URL (for example <code>grails.plugin.springsecurity.ldap.context.server = 'ldap://ldap.example.com:389'</code>)
*** Manager DN and password used for LDAP binds
*** Base DNs and filters for user and group searches.

Passwords in <code>GzserverConfig.groovy</code> may be stored either in plain text or encrypted using the <code>globalyzer-encrypt-password.jar</code> utility distributed with the Globalyzer Server zip. See [[Globalyzer_Server_LDAP_Installation]] for detailed instructions and examples, including:

* Encrypted manager passwords
* A dedicated continuous integration (CI) user (for Globalyzer Lite / automated scans) configured via:
** <code>gzserver.ldap.ci_user</code>
** <code>gzserver.ldap.ci_password</code> (plain text or <code>ENC(...)</code>)
* How login behavior changes on LDAP servers (LDAP User / Password fields, removal of “Forgot password” link, restrictions on editing profiles, etc.)
* How to enable detailed LDAP debug logging using <code>logback-debug.groovy</code> and the <code>-Dlogging.config=...</code> JVM option.

For Docker-based deployments, the LDAP configuration is still applied inside the Globalyzer Server container via <code>GzserverConfig.groovy</code> and environment variables. The steps in [[Globalyzer_Server_LDAP_Installation]] apply regardless of whether the server is deployed via Docker or on bare Tomcat.

=== SAML / SSO Integration ===

Globalyzer Server can also be integrated with SAML-based SSO so that users authenticate via your corporate Identity Provider (IdP).

At a high level, SSO configuration involves:

* Configuring the Globalyzer Server as a SAML Service Provider (SP).
* Importing/exchanging metadata (IdP and SP).
* Adjusting Globalyzer’s security configuration to delegate authentication to the SSO provider.
* Coordinating user and group mapping so SSO identities map to the appropriate Globalyzer roles.

The SSO configuration is performed after the base Docker installation and does not change the installation steps described on this page.

For detailed SSO configuration steps and examples, see:
* [[Globalyzer_Server_SSO_Installation]]

= New Globalyzer Server Installation =

== sudo user ==

A Linux user with <code>sudo</code> privileges is required as the user under which to prepare and run the installation scripts. For example:

* <code>ec2-user</code> on Amazon Linux systems

The Globalyzer installation script itself must ultimately run with root privileges. It will exit with an error if it is not run as root.

== Create the database conf directory ==

Use the sudo user’s home directory as the base for Docker data directories. For example, on Amazon Linux with user <code>ec2-user</code>:

* Home: <code>/home/ec2-user</code>

The installer will create the MySQL configuration directory automatically:

* <code>/home/ec2-user/mysql/conf.d</code>

Optionally, you may create a basic MySQL client configuration file as well:

<pre>
vi /home/<user>/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
</pre>

The installer also creates additional directories under <code>home_directory</code> for exports, backups, and internal configuration.

== Configuration ==

Your Lingoport contact will provide the Globalyzer Server installation scripts and configuration file. You should receive files similar to:

* <code>install.conf</code>
* <code>InstallGzserver.sh</code>
* <code>UpdateGzserver.sh</code> (name may vary)
* <code>UninstallGzserver.sh</code> (name may vary)

Copy these files to a directory under the sudo user’s home, for example:

<pre>
/home/ec2-user/globalyzerServerInstall
</pre>

or, in general:

<pre>
/home/<user>/globalyzerServerInstall
</pre>

=== Set up install.conf ===

The <code>install.conf</code> file controls installation settings. The top portion is intended to be edited by the customer; the lower portion is preconfigured for access to the Lingoport Docker Hub account.

A typical <code>install.conf</code> will look like this:

<pre>
#
# Provide your home directory, lingoport/ and gzserver/ folders will be created
#
home_directory=/home/ec2-user

#
# Provide the Globalyzer Server version
#
gzserver_image_version=6.8

#
# Provide the Globalyzer Server port
#
serverPort=8080

#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=_dbrootpass_

# Provide an email username and password you wish to use for automated emails from the system
email_username=_emailusername_
email_password=_emailpassword_

# The URL the server will use
gzserver_url=_gzserverurl_

# DO NOT CHANGE THE STUFF BELOW

#
# Provide your Docker Hub username
#
docker_username=lingoport_provided_customer_account

#
# Provide your Docker Hub account token
#
docker_account_token=lingoport_provided

#
# Provide the Docker network name you want to create
#
database_network=mysqlnetsgzserver

docker_image=lingoport/gzserver
</pre>

Edit the following values:

* <code>home_directory</code> – base directory where the installer will create:
** <code>lingoport/</code>
** <code>gzserver/export</code>
** <code>gzserver/config</code>
** <code>gzserver/backup</code>
** <code>mysql/conf.d</code>
* <code>gzserver_image_version</code> – the Globalyzer Server image version provided by Lingoport (for example <code>6.8</code>).
* <code>serverPort</code> – host port for HTTP access to the Globalyzer Server container (default <code>8080</code>).
* <code>database_root_password</code> – root password to create for the MySQL 8 database container.
* <code>email_username</code> and <code>email_password</code> – credentials for the SMTP account you wish to use for system email notifications. These are '''not''' prompted for by the installer and must be set correctly in <code>install.conf</code>.
* <code>gzserver_url</code> – the full URL that clients will use to reach Globalyzer Server, such as:
** <code>http://myserver.mycompany.com:8080/gzserver</code> (HTTP)
** <code>https://globalyzer.mycompany.com/gzserver</code> (behind a reverse proxy)

The initial <code>install.conf</code> provided by Lingoport typically uses placeholder values such as <code>_dbrootpass_</code>, <code>_emailusername_</code>, <code>_emailpassword_</code>, and <code>_gzserverurl_</code>. These are examples only and must be replaced before production use.

Do '''not''' change the values below the <code># DO NOT CHANGE THE STUFF BELOW</code> line unless instructed by Lingoport support. Those values:

* Provide the Docker Hub username and token used to pull the <code>lingoport/gzserver</code> image
* Configure the Docker network name and image name

== Run InstallGzserver.sh ==

From the directory containing the scripts:

<pre>
cd /home/<user>/globalyzerServerInstall
chmod +x *.sh
sudo ./InstallGzserver.sh
</pre>

Notes:

* The script must run as root (for example via <code>sudo</code>). It will exit if <code>id -u</code> is not 0.
* If any of the following are missing or empty in <code>install.conf</code>, the script will prompt for them:
** <code>database_root_password</code>
** <code>gzserver_url</code>
** <code>docker_username</code>
** <code>docker_account_token</code>
* <code>email_username</code> and <code>email_password</code> are not prompted and will be used exactly as written in <code>install.conf</code>.

=== What the installer does ===

<code>InstallGzserver.sh</code> performs the following high-level steps:

# Reads <code>install.conf</code> and prompts for any missing values listed above.
# Creates directories under <code>home_directory</code>:
## <code>lingoport/</code>
## <code>gzserver/export</code>
## <code>gzserver/config</code>
## <code>gzserver/backup</code>
## <code>mysql/conf.d</code>
# Changes directory to <code>$home_directory/gzserver/config</code> to store container IDs and related files.
# Ensures a Docker network exists with name <code>database_network</code> (default: <code>mysqlnetsgzserver</code>).
# Starts a MySQL 8 container:
## Name: <code>gzserverDatabase</code>
## Network alias: <code>mysqlservergzserver</code>
## Network: <code>$database_network</code>
## Environment:
### <code>MYSQL_ROOT_PASSWORD=$database_root_password</code>
### <code>MYSQL_DATABASE=GZSERVER</code>
## Volume:
### <code>$home_directory/mysql/conf.d:/etc/mysql/conf.d</code>
## MySQL options:
### <code>--character-set-server=utf8mb4</code>
### <code>--collation-server=utf8mb4_unicode_ci</code>
### <code>--default-authentication-plugin=mysql_native_password</code>
# Waits until the MySQL container reports ready (using <code>mysqladmin ping</code> inside the container).
# Logs in to Docker Hub using:
## <code>docker_username</code>
## <code>docker_account_token</code>
# Starts the Globalyzer Server container:
## Image: <code>$docker_image:$gzserver_image_version</code> (for example <code>lingoport/gzserver:6.8</code>)
## Network alias: <code>gzservernet</code>
## Network: <code>$database_network</code>
## Port mapping: <code>$serverPort:8080</code> (host:container)
## Volume:
### <code>$home_directory/gzserver/export:/home/gzserver/.gzserverihost/export</code>
## Restart policy: <code>--restart unless-stopped</code>
# Waits ~20 seconds, then updates the Globalyzer server configuration inside the container by replacing:
## <code>_dbrootpass_</code> → <code>$database_root_password</code>
## <code>_emailusername_</code> → <code>$email_username</code>
## <code>_emailpassword_</code> → <code>$email_password</code>
## <code>_gzserverurl_</code> → <code>$gzserver_url</code>
# Restarts the Globalyzer Server container so the new configuration is applied.
# Prints a summary message and a <code>docker logs -f</code> command you can use to follow the startup.

The installer saves container IDs in:

* <code>$home_directory/gzserver/config/gz_mysql_id.txt</code>
* <code>$home_directory/gzserver/config/gz_container_id.txt</code>

These are used by the update/uninstall scripts.

=== Re-install Globalyzer Server ===

If you need to re-run <code>InstallGzserver.sh</code> on the same system:

* First run the provided uninstall script (for example <code>UninstallGzserver.sh</code>) to clean up containers.
* Optionally remove the existing <code>lingoport/gzserver</code> image:
<pre>
sudo docker image ls
sudo docker image rm --force <gzserver-image-id>
</pre>
* Adjust <code>install.conf</code> as needed, then run:
<pre>
sudo ./InstallGzserver.sh
</pre>

== Note: Database backup ==

The installer creates:

* <code>$home_directory/gzserver/backup</code> – intended as the location for database backup files

If you received a database backup script (for example <code>BackupGzserverDatabase.sh</code>) from Lingoport, run:

<pre>
chmod +x *.sh
sudo ./BackupGzserverDatabase.sh
</pre>

The database backup SQL file will typically be placed under:

* <code>$home_directory/gzserver/backup</code>

'''Note on MySQL data location:'''

* By default, the MySQL container stores its data in a Docker-managed volume under <code>/var/lib/docker/volumes</code> on the host.
* This data persists across container restarts and image updates.
* The data can be removed if the container '''and''' its associated volume are deleted (for example with <code>docker rm -v</code> or by an uninstall process that removes volumes).

For this reason, it is recommended to keep regular database backups before performing any destructive maintenance.

== Verify Installation ==

Once <code>InstallGzserver.sh</code> completes:

# Check that containers are running:
<pre>
sudo docker ps
</pre>

You should see at least:

* A MySQL 8 container (for example <code>mysql:8.0</code>)
* A Globalyzer Server container (for example <code>lingoport/gzserver:6.8</code>)

# Follow the Globalyzer Server logs:
The installer prints a <code>docker logs</code> command at the end, such as:
<pre>
docker logs -f <gzserver-container-id>
</pre>
Wait until Tomcat and Globalyzer report successful startup. First-time startup can take several minutes (commonly up to ~8 minutes).

# Access the Globalyzer Server URL:
Open a browser and navigate to the URL configured in <code>install.conf</code> (the <code>gzserver_url</code> value), for example:

<pre>
http://myserver.mycompany.com:8080/gzserver
</pre>

or

<pre>
https://globalyzer.mycompany.com/gzserver
</pre>

You should see the Globalyzer Server login page.

# Log in with the administrator account:
Use the administrator credentials provided by Lingoport support. After logging in, you can:

* Change the administrator password
* Create additional users
* Configure rule sets and scanning options

For a fresh install, it is expected that there are no rule sets or projects configured yet. For upgrades, you may need to restore a database backup if you are migrating from an earlier system.

If the installation is unsuccessful, do not repeatedly re-run the install script; instead:

* Run the uninstall script
* Adjust configuration or correct issues
* Re-run the install

= Globalyzer Server Update =

== Scripts ==

Your Globalyzer Server distribution may include an update script (for example <code>UpdateGzserver.sh</code>). This script typically:

* Backs up the existing database (or instructs you to do so)
* Stops the running Globalyzer Server container
* Pulls the new <code>lingoport/gzserver</code> image version
* Starts the new container version using existing data and configuration

Make sure to keep a copy of your current <code>install.conf</code> before updating.

== Backup the database ==

Before updating to a new version, it is strongly recommended to back up the database. If you have a backup script:

<pre>
chmod +x *.sh
sudo ./BackupGzserverDatabase.sh
</pre>

Verify that the backup file is present under:

* <code>$home_directory/gzserver/backup</code>

== Edit install.conf ==

To update to a new Globalyzer Server image version:

* Change the <code>gzserver_image_version</code> in <code>install.conf</code>, for example:

<pre>
gzserver_image_version=6.9
</pre>

Do not modify the fields below the <code># DO NOT CHANGE THE STUFF BELOW</code> line unless instructed by Lingoport.

== Run the update script ==

If provided:

<pre>
chmod +x UpdateGzserver.sh
sudo ./UpdateGzserver.sh
</pre>

After the update:

* Use <code>sudo docker ps</code> to verify the Globalyzer Server container is running with the new image version.
* Navigate to the Globalyzer Server URL and confirm the system is operational.

= Start and Stop System =

You can manage Globalyzer Server via Docker commands on the VM.

* To list running containers:
<pre>
sudo docker ps
</pre>

* To stop Globalyzer Server:
<pre>
sudo docker stop <gzserver-container-id>
</pre>

* To start Globalyzer Server again:
<pre>
sudo docker start <gzserver-container-id>
</pre>

You can also identify the container by name if your installation uses fixed names.

= Uninstall =

To completely uninstall Globalyzer Server, use the uninstall script provided by Lingoport, for example:

<pre>
sudo ./UninstallGzserver.sh
</pre>

The uninstall script:

* Must be run as root (for example via <code>sudo</code>).
* Sources <code>install.conf</code> (to obtain <code>home_directory</code>).
* Changes directory to <code>$home_directory/gzserver/config</code>.
* Reads the Globalyzer Server container ID from <code>gz_container_id.txt</code> and stops/removes that container.
* Reads the MySQL container ID from <code>gz_mysql_id.txt</code> and stops/removes that container.

If either of the ID files is missing, the script exits with an error message (for example if the server has not been installed or containers were removed manually).

The uninstall script:

* Does '''not''' remove the Docker network created during install.
* Does '''not''' remove host directories under <code>$home_directory</code>.
* Does '''not''' explicitly remove MySQL data volumes (they remain on the host unless removed separately).

After uninstalling, verify:

<pre>
sudo docker ps
</pre>

You should not see Globalyzer Server or its MySQL container listed as running.

= FAQ and Troubleshooting =

== Make sure the Server URL is reachable ==

Navigate to the server URL configured in <code>install.conf</code> (<code>gzserver_url</code>). Is the login screen available?

If not:

* Check that both containers are running:

<pre>
sudo docker container ls -a
</pre>

You should see entries similar to:

<pre>
CONTAINER ID IMAGE COMMAND STATUS PORTS
... lingoport/gzserver:6.8 "catalina.sh run" Up ... 0.0.0.0:8080->8080/tcp
... mysql:8.0 "docker-entrypoint.s…" Up ... 3306/tcp, 33060/tcp
</pre>

* Verify DNS points to the correct VM.
* Verify firewall rules allow access to the configured <code>serverPort</code>.
* If behind HTTPS / reverse proxy, verify the proxy configuration and TLS certificate.

== LDAP login issues ==

If you have configured LDAP and logins are failing:

* Review your settings against [[Globalyzer_Server_LDAP_Installation]]:
** Attribute mappings (<code>gzserver.ldap.ctx.*</code>)
** Group names (<code>gzserver.ldap.*.groupName</code>)
** Search bases and filters for users and groups
** Manager DN and password
* Enable detailed logging by:
** Placing the <code>logback-debug.groovy</code> file (from the Globalyzer Server zip) on the server.
** Adding <code>-Dlogging.config=/path/to/logback-debug.groovy</code> to <code>JAVA_OPTS</code> for the Globalyzer Server process.
** Restarting the Globalyzer Server container.

This will cause additional LDAP diagnostic information to be written to the Globalyzer server logs, helping to pinpoint configuration issues.

== To check files on disk ==

To inspect files inside the Globalyzer Server container (for logs or configuration):

1. Find the container ID:

<pre>
sudo docker container ls -a
</pre>

2. Run a shell in the container:

<pre>
sudo docker exec -it <gzserver-container-id> bash
</pre>

Within that shell, you can explore the filesystem (for example, <code>/usr/local/tomcat</code>, logs directories, or the export path mapped from <code>$home_directory/gzserver/export</code>).

== How to backup and restore a system ==

A typical backup/restore process:

*'''Backup the Globalyzer Server database'''

sudo ./BackupGzserverDatabase.sh

This will create one or more files such as:

<code><home_directory>/gzserver/backup/gzserver_backup_YYYY-MM-DD_HHMMSS.sql</code>

(Exact naming may vary depending on the backup script.)

*'''Stop the current Globalyzer Server and MySQL containers'''

sudo docker ps
sudo docker stop <GlobalyzerServerContainerID> <MySQLContainerID>
sudo docker ps

*'''Install or update Globalyzer Server'''

sudo ./InstallGzserver.sh
or
sudo ./UpdateGzserver.sh

*'''Verify that Globalyzer Server comes up in the browser'''

Log in with the administrator account; for a fresh install, no rule sets or users beyond the admin account are expected.

*'''Restore from the database (if applicable)'''

If you have a restore script (for example <code>RestoreGzserverDatabase.sh</code>):

sudo ./RestoreGzserverDatabase.sh YYYY-MM-DD_HHMMSS

Where <code>YYYY-MM-DD_HHMMSS</code> matches the timestamp in your backup file name.

*'''Verify that Globalyzer Server is populated with the correct information'''

Log in and check rule sets, users, and other configuration.

= Next Steps =

Globalyzer Server is now ready to be used. Typical next steps include:

* Configure Globalyzer Server users and roles.
* Set up rule sets and scanning configurations.
* Update Globalyzer Clients (CLI, IDE, or Command Center) to point to the Globalyzer Server URL you configured.
* Follow the corresponding Globalyzer Client or Command Center user guides for integrating scans into your development and CI/CD processes.

Command Center Installation

2025-11-20T21:41:35Z

Masnes: /* Docker Install */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Introduction ==

=== Basic Deployment Diagram ===

The Lingoport system clones repository either for Globalyzer or Localyzer, or both. Access to the VM with Docker is necessary in order to install the Lingoport products. That may be internal to the customer or on a system hosted and managed by Lingoport.

Furthermore, for Localyzer projects, resource files (files that need translation, not code) is sent to the LSP or the TMS.

[[File:Docker Deployed Command Center.jpg|500px|center]]

* Repositories may be inside or outside a customer's network
* '''Lingoport Command Center System''' may be inside or outside a customer's network
* Translation system, LSP may be inside or outside a customer's network.

This leads to a number of configurations, all supported by Lingoport, with security enforced either by Lingoport or by the customer in terms of IT, Firewall, access, etc.

=== IT ===
When '''Lingoport hosts''' Command Center access to the repositories and to the LSP/TMS will need to be granted. Lingoport will then be in charge of security which IP addresses have access to what part of the application or the API entry points.

When installing Command Center '''on premises''', the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Requirements ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

The next sections on this page address each one of these points and more.

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Required
|-
! CPU
| 2 (4 better)
|-
! Memory
| 32 GB
|-
! Disk
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux virtual machine and a database configuration file will reside on the VM: This requires Linux and a Docker installation.

=== Support Browsers and Versions ===
The following browsers are supported:
* Chrome: 117+
* Edge: 117+
* Firefox: 71+

==Access and Ports / Firewall==

Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

=== Ports ===

===== Internal to company network =====

{| border="1" class="wikitable" style="text-align:left; width=50%;"
!Services!!Ports!!Inbound (session)!!Outbound (session)!!Notes
|-
|SSH (for system config/maintenance)|| 22 || Y || N || System configuration and maintenance
|-
|Command Center || 8083 (HTTP) and/or 443 (HTTPS) || Y || N || Default 8083 (configurable at install time) HTTPS requires reverse proxy Ex: Apache and Installation of SSL certificate.
|-
|[[Terms_and_Definitions#translationvendor|Translation Vendor]] interactions: FTP/FTPS/SFTP (MemoQ, etc.) || 21 (FTP) or 443 (FTPS) or 22 (SFTP - recommended) || (FTP/S only) || Y || FTP/FTPS also require data ports (> 1024). Recommend SFTP if possible.
|-
|[[Terms_and_Definitions#translationvendor|Translation Vendor]] interactions: Trados Enterprise, XTM and Memsource || 80 (HTTP) optional. 443 (HTTPS) required. || (Some cases) || Y || May need to be external if XTM/Memsource not installed on premise.
|-
|SMTP/SMTPS || 25 or 465 or 587 || N || Y || Depends on corporate mail setup.
|-
|Globalyzer Server (Optional) || 80 or 443 || N || Y || Only needed when Globalyzer Server is on premises
|-
|Repository Access || 22 (SSH) 443 (HTTPS/S3) 3690 (SVN) 7990 (Bitbucket) 7999 (Bitbucket) 8080 (TFS) || N || Y || VCS systems can vary, check with particular port(s) being used (Could be external/internal/both)
|}

==== External access ====

{| border="1" class="wikitable" style="text-align:left; width=50%;"
!Services!!Ports!!Inbound!!Outbound!!Notes
|-
|Lingoport SSH access || 22 || Y || N || Optional. Recommended for ease of upgrades and maintenance.
|-
|RHEL/CentOS/Ubuntu Packages || 80 (Debian) 443 (RHEL) || N || Y || Operating system packages access (Most likely external, but could be managed internally as well)
|-
|Globalyzer Server || 80 and 443 || N || Y || Access to Globalyzer Server in Lingoport Cloud for rule sets (Unless using on-premises Globalyzer Server)
|-
|hub.docker.com || 80 and 443 || N || Y || Command Center Image location
|-
|Repository Access || 22 (SSH) 443 (HTTPS/S3) 3690 (SVN) 7990 (Bitbucket) 7999 (Bitbucket) 8080 (TFS) || N || Y || VCS systems can vary, check with particular port(s) being used (Could be external/internal/both)
|}

==HTTPS==

HTTPS is recommended but not necessary for the Command Center installation. HTTPS may already be set up or your IT may have a standard on how to set up HTTPS. If that's the case, go the next section.

Otherwise, follow this link for a suggested HTTPS configuration:
* [[ HTTPS configuration | HTTPS Configuration ]]

==HTTP/2==

HTTP/2 is recommended but not necessary for the Command Center installation as it will provide a noticeable performance boost when leveraged. HTTP/2 does require HTTPS be used so this will only be possible if the previous HTTPS configuration has already been performed.

If HTTP/2 support will be added, follow this link for a suggested HTTP/2 configuration:
* [[ HTTP2 Configuration | HTTP2 Configuration ]]

== Email Sender ==
Email notifications are sent to a project configured recipients . See [[ Projects_page#Create_a_new_project | Create a new project ]] after this installation.
For those notifications to be sent, the following will be configured in the settings.

The following information will then be needed:
* Host URL ''(like smpt.gmail.com for instance)''
* Authorization method ''(SMTP, SMTPS, etc.)''
* Sender email address ''(localyzer@customerdomain.com for instance)''
* Sender password

== Docker Install==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

The supported versions of Linux are:

* [[Installing Docker on RedHat Enterprise Linux 8 |RedHat Enterprise Linux 8]]
* [[Oracle Linux 8]]
* [[Installing Docker on Ubuntu 20.04|Ubuntu 20.04]]
* [[Installing_Docker_on_Amazon_Linux_2|Amazon Linux 2]] (EOL 2025-06)

Other versions of Linux may work correctly, but these are the versions and processes that have been verified.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured when Command Center is installed. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===

* SSO Connection
* Management

See: [[Command Center SSO Installation]]

= New Command Center Installation =

==sudo user==
A user, such as <code>centos</code> or <code>ec2-user</code>, with <code>sudo</code> privileges is required as the user under which to install Command Center.
* Note: This should not be the legacy <code>jenkins</code> user.

==Create the database conf file==
Use the sudo user home for Docker, such as /home/centos for CentOS systems and /home/ec2-user for RedHat virtual systems.

The mysql and conf.d folders may need to be created as well.

vi /home/<user>/mysql/conf.d/mysql.cnf

<pre>
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
</pre>

== Configuration ==
Get the installation and update scripts and the install.conf file from the main branch of this public repository:

* https://github.com/Lingoport/CommandCenterConfig

You should have files such as:

install.conf
BackupCommandCenterDatabase.sh
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

If you need to install SSO version, the relevant files are:

install.conf
BackupCommandCenterDatabase.sh
InstallSSOCommandCenter.sh
UninstallCommandCenter.sh
UpdateSSOCommandCenter.sh
saml_configuration.conf

Copy the above files under your home directory, ''for instance'' <code><user>/commandCenterInstall</code> where <user> may be <code>/home/centos</code> or <code>/home/ec2-user</code>.

===Set up install.conf ===

Unless directed otherwise, change the top part of the <code>install.conf</code> file.

Set up <code>saml_configuration.conf</code> if you are going to use SAML

The initial version number will be provided for the first installation.

For updates, <code>command_center_image_version</code> will be the only parameter to change in the <code>install.conf</code> file.

<pre>
# Provide the Command Center version
# For *Regular* Updates, this should be the only parameter to change
command_center_image_version=113

Make sure to keep a copy of that file in case you overwrite it when updating from the https://github.com/Lingoport/CommandCenterConfig Git repository

#
# After Install, Updates should not need to change anything below
# ----------------------------------------------------------------

# The Server URL: '"https://yourserver/command-center"'
serverURL='"https://SERVER_DNS_HERE/command-center"'

# Provide the home directory, lingoport/commandcenter/Lingoport_Data
# folder will be created
home_directory=/home/centos

# Provide the Command Center server port
serverPort=8083

</pre>

==Run InstallCommandCenter.sh==

chmod +x *.sh
sudo ./InstallCommandCenter.sh

If you are using sso version installer, run

chmod +x *.sh
sudo ./InstallSSOCommandCenter.sh

To check the running container status

sudo docker ps

=== Re-install Command Center ===

If you need to re-run the '''InstallCommandCenter.sh'''h, make sure to run '''UninstallCommandCenter.sh''' first to clean your environment.
* Uninstall Command Center

sudo ./UninstallCommandCenter.sh

* Verify that Command Center and the database is no longer in the list
sudo docker ps

* Remove the image to download and install again

sudo docker image ls
sudo docker image rm --force <command center image ID>

* Start the install again

sudo ./InstallCommandCenter.sh

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Note: Database backup ==
To backup the database, run the following script:

chmod +x *.sh
sudo ./BackupCommandCenterDatabase.sh

The database backup sql file will be under '''$home_directory/commandcenter/backup''' folder, named '''commandcenter_backup_$current_date.sql'''

Right after installation, the backup is not necessary. However, as you configure and on-board projects, you may want to set up a backup strategy.
To backup the database periodically, schedule to run BackupCommandCenterDatabase.sh on a regular basis, for instance with a Cron service.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

<nowiki>https://commandcenter.mycompany.io/command-center</nowiki>

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

If the installation is unsuccessful for any reason, do not try to re-install. Instead, uninstall, make any needed changes, and re-install to avoid conflicts.

sudo ./UninstallCommandCenter.sh

= Command Center Update =

== Get latest scripts ==
Make sure to make a copy of the '''install.conf''' file used previously in case it's overwritten by the git pull / git clone below.

Make sure to update the installation and update scripts and the install.conf file from the main branch of this public repository:
* https://github.com/Lingoport/CommandCenterConfig

Note: You may need to <code>chmod -x</code> the scripts under DockerScripts before git pull.

== Backup the database ==
You don't have to backup the current version of the database before proceeding to the update to the new version of the system, because the Update script will backup your current database automatically before updating. If you want to do the backup manually, you can use the BackupCommandCenterDatabase.sh script

chmod +x *.sh
sudo ./BackupCommandCenterDatabase.sh

The database backup sql file will be under $home_directory/commandcenter/backup folder, named commandcenter_backup_$current_date.sql

To backup the database periodically, schedule to run <code>BackupCommandCenterDatabase.sh</code>, for instance with cron services.

=== Note: Restoring the database ===

If later, at some point, the database needs to be restored, the following shows how to do so:

chmod +x *.sh
sudo ./RestoreCommandCenterDatabase.sh YYYY-MM-DD_HHMMSS

Check your database backup sql file under '''$home_directory/commandcenter/backup''' folder, they are named '''commandcenter_backup_$current_date.s'''ql, for example, if you backup the database on 2023 September 20th, you will see a commandcenter_backup_2023-09-20.sql file, and you can use below command to restore it

sudo ./RestoreCommandCenterDatabase.sh 2023-09-20_482027

== Return to the previous version ==

1. Stop the current active Command Center container

You can use "docker ps" to see all active containers, and use "docker stop CONTAINER ID" to stop your current Command Center container

2. Restart your previous Command Center server version

You can use "docker ps -a" to see all exited containers, and use "docker start CONTAINER ID" to restart your previous version Command Center container

3. Restore the database to match your previous Command Center server version

sudo ./RestoreCommandCenterDatabase.sh YYYY-MM-DD_HHMMSS

==Edit install.conf ==

Change the ''version number'' in the install.conf to get the Command Center image update version.

command_center_image_version=<new version number>

See full [[Command_Center_Installation#Configuration | Configuration ]] above.

=== Moving from a non SSO to an SSO configuration ===

If you need to update your Command Center from non SSO version to SSO version, you need to have samlpath set up in install.conf file, and idp.xml, sp.xml, saml_configuration.conf and saml-keystore.jks file must be in this directory

# Provide your saml directory, idp.xml, sp.xml, saml_configuration.conf and saml-keystore.jks file must be in this directory
samlpath=

See: [[Command Center SSO Installation]]

==Run UpdateCommandCenter.sh==

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

If you are using SSO version installer, run UpdateSSOCommandCenter.sh instead of UpdateCommandCenter.sh

If you are updating CommandCenter from non SSO version to SSO version, only run SwitchToSSOCommandCenter.sh

If you are updating CommandCenter from SSO version to non-SSO version, only run SwitchToNonSSOCommandCenter.sh

To check the running container status

sudo docker ps

The database backup sql file is in $home_directory/commandcenter/ folder, named commandcenter_backup_$current_date.sql

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= FAQ and Troubleshooting =

== Make sure the Server URL is reachable ==
Navigate to the server URL set up in <code>install.conf</code>: is the login screen available?

If it is not, first check that the docker container is up and running. Make sure both <code>lingoport/command-center</code> and <code>mysql</code> are running.

sudo docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3d9da7a80e0a '''lingoport/command-center''':80 "catalina.sh run" 3 days ago Up 6 hours 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp pedantic_aryabhata
683c55907c06 '''mysql''':8.0 "docker-entrypoint.s…" 3 days ago Up 6 hours 3306/tcp, 33060/tcp quizzical_newton

Check with IT that the DNS for that system is correct.

Check with IT that the firewall allows for reaching the URL from your system.

Ask IT to check the https and the server URL / DNS.

== To check files on disk ==
To troubleshoot, it may be necessary to check files handled by Docker, such as looking for reports under Lingoport_Data. In that case, first use the Docker PS command to get the container ID of the Command Center application.

sudo docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
'''3d9da7a80e0a''' '''lingoport/command-center''':80 "catalina.sh run" 3 days ago Up 6 hours 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp pedantic_aryabhata

With the container ID, execute the following command to run bash with access to those files:

sudo docker exec -it '''3d9da7a80e0a''' bash

== How to backup and restore a system ==

If you have a system that you want to install a new version of Command Center, but keep the current configuration, here are the steps to do that.

*'''Backup the Command Center databases'''

sudo ./BackupCommandCenterDatabase.sh

This will create two files <code><home>/commandcenter/backup/commandcenter_backup_YYYY-MM-DD_HHMMSS.sql</code> and <code><home>/commandcenter/backup/LRM_backup_YYYY-MM-DD_HHMMSS.sql</code> Where YYYY-MM-DD is the current date.

*'''Stop the currently running Command Center container and its associated MySQL container'''

sudo docker ps
sudo docker stop <Command Center Container ID> <MySQL Container ID>
sudo docker ps

*'''Modify the install.conf file for the correct version of Command Center to install'''

*'''Install Command Center'''

sudo ./InstallCommandCenter.sh

If there is an error about the container in use, remove the container that is identified and attempt the install again.

sudo docker rm <container>
sudo ./InstallCommandCenter.sh

*'''Verify that Command Center comes up in the browser. Login with the CCAdmin user. There should be no projects or configuration set up'''

*'''Restore from the database'''

sudo ./RestoreCommandCenterDatabase.sh YYYY-MM-DD_HHMMSS

*'''Verify that Command Center is populated with the correct information'''

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User's Guide's]] steps.

Command Center Release Notes

2024-09-24T17:36:55Z

Masnes: /* Improvements */

For supported versions '''details''', please see:
[[Lingoport_Suite_Installation#Supported_Versions]]

= Supported Versions =

== Command Center 2.2.z Upcoming (September 2024) ==
=== TMS Integrations ===
* [https://www.smartling.com/ Smartling ] Integration using the Smartling API

=== New Features ===
==== Context in String Manager ====
To make user of Context in String Manager, an InContext server must be set in a TMS configuration. See how to capture context here: [[About_InContext_Translation |Incontext Server]].
* Web application context accessible from String Manager
* Filter strings with or without context in String Manager

==== Schedule Translations ====
* [[Optional_Localyzer_Settings#Schedule_translations |Schedule]] sending files to be translated in Localyzer project advanced settings

=== Improvements ===
* Added Globalyzer Issue Density to Project Status API Output
* Added commit author email and name in Git Data Source configuration
* Map between unique file names (starting in LID) and repository file names in log files
* Find Localyzer project based on target locales
* Improved TFS data source support
* Better definition of Command Center developer v. translator roles
* [[Command_Center_API_Reference | Command Center API Reference]]: added list users by role and add users to a team
* When translated files failed to be pushed to the repo (protected branch, no write privilege), click 'Check import' after the repo has been fixed to import files previously translated

== Command Center 2.1.24 Release Notes (July 2024) ==
=== TMS Integrations ===
* [https://www.trados.com/product/enterprise/ RWS Trados Enterprise ] Integration Improvements using the Trados Enterprise API
* [https://translated.com/welcome Translated ] Integration as a new TMS
* Update the XTM token for one, many, or all XTM configurations
* Local Vendor TMS, where prep kits and translated files are pushed on the VM's File System, adding flexibility to testing or workarounds

=== UI/UX Improvements ===
* UI Performance Improvement: Project Page, String Manager, etc.
* UI Improvements, such as labels for icons, layout, sorting, etc.
* Improved ChatGPT logs and icons for Globalyzer issues
* Globalyzer Issues filtering by Rule Set
* Filtering and chips improvement: better filtering layout and "and" and "or" between chips
* Easier linking from items on one page to other items on another
* Ability to add or replace the locales for one project from another project's locales
* Deletion of Issues Comments

=== Miscellaneous ===
* Post-Import Processing: A new system file type that allows for processing once the translated files are imported
* Advanced Settings option to keep the prep kit tag in the translated files, for traceability

== Command Center 2.0.13 Release Notes (April 2024) ==
=== Overall performance improvements ===
* Localyzer analysis performance improvements
* Issue search/filtering performance improvements
* Project page searching, filtering, sorting performance improvements

=== Introducing '''Localyzer String Manager'''! ===
[[File:String Manager Video.jpg|200px|link=https://www.youtube.com/watch?v=lO1THJAhXSc&ab_channel=Lingoport]]
Introduction video

* '''Show each individual string''' coming from the source resource files (resx, json, properties, etc.)
* Easy '''navigation to the resource''' in the repository, for those with access privileges, such as developers
* '''Filter''' based on those which are
** strings '''to be sent''': check the content before it's sent to translation, verify grammar, spelling as desired
** strings '''send to translation''', not yet returned
** '''fully translated''' strings
* Mark strings:
** Not reviewed
** To be reviewed
** Reviewed
* Filter by the review state (see above)
* Sort by filename, strings, keys, time created
* Infinite scrolling: when thousands of strings are identified, keeps loading those strings as the user scrolls down
* Automatic refresh: as new analysis are carried out, the string manager will update automatically for the changes
* Clean up and restart from scratch
[[ Individual_Project_Tasks#String_Manager | String Manager ]]

=== Updated Projects Page ===
* Faster project page refresh, deep performance improvement
* Infinite scrolling
* Improved filtering
* Improved sorting, now includes sort by
** Group name
** Project name
** Module name
** Globalyzer issue density
** Localyzer percent complete
** Project status
** Time since last changed

= Historic Versions =

== Command Center 1.2.8 Release Notes (March 2024) ==

* Complete overhaul of the [[Individual_Project_Tasks#Issues | Issues page]], especially around Globalyzer issues, including:
** Performance
** Comments
** Filtering - New Filter selector; issues by scan; by Status; by Priority
** Search - On issue text, on code line, on file name, on comments
** Improved navigation from the Globalyzer page to the issues page
** Issue detail
** Status and status change
** Code lines above and below issue line
** Migration from EOL Jenkins/Dashboard
** Display either as priority or as severity
* Simplified '''debug scripts execution'''
* '''Post import processing''' ability
* Improved ChatGPT processing on large number of issues
* '''Android pluralization''' support
* PO pluralization support
* '''Edit''' a Command Center project configuration while a project is running
* Allow project '''validation''' prior to saving the project configuration
* '''Sort the locales''' alphabetically when editing a project
* '''Delete all queued jobs''' ability
* Improved session management

== Command Center 1.1.38 Release Notes (February 2024) ==

* '''Relaxing ICU message format issues''': Instead of blocking issues, ICU message format errors are now Warnings; To see them, either go to the issue list or click on the 'Informational Issues' from the Localyzer page in Command Center.
* '''Check Send''': from the Advanced Settings page, clicking the 'Check Send' button will check any prep kit in a halted state and try to resend them to the TMS. For instance, if the token for a TMS expired as translations were sent, and the token has been replaced, click 'Check send' to re-submit to the TMS. Other case when translation did not make it to the TMS are for example network glitches or changes in the TMS.
* '''Reset Project''': ability to clean up any unwanted outstanding kits or other items in the on-boarding and restart sending translation using the latest Prep Kit #. Useful when some locales have been dropped from old outstanding kits still in translation for instance.
* '''Scheduling WorldServer import''': Fixed an issue on the scheduler for WorldServer
* '''TMS/MT Connection Renaming''': ability to rename a connection and reflect the change automatically in all the projects using that connection
* '''Indicate the last SHA for system files''' so it makes it clear which version of the system files are on Command Center

==Command Center 1.1.35 Release Notes (January 2024)==
* '''[https://www.youtube.com/watch?v=DiuQLUla2bA InContext Translation Support]''' When creating a TMS connection, configure also a connection to a Lingoport InContext Server. See [[ About InContext Translation ]]. Then when on-boarding a project, if a TMS connection with InContext Translation support is used, configure the Instrumentation locale. That will allow the context capture of the running application in that locale.
* '''Analysis Performance Improvements'''
* '''Pseudo-localization, trackback, instrumentation Performance Improvements'''
* '''Start Tracking''': After on-boarding, when all is copacetic, click the 'Create project baseline' on the left panel to start tracking any changes to the resource files.
* '''Troubleshooting File System''': A new file system, independent for projects, can be used to check your system as one wants. See https://github.com/Lingoport/CommandCenterConfig/blob/main/debug/list_kits.sh as a sample to get started
* '''System Environment Variables''': For any scripts, such as troubleshooting, transforms, etc., use System Environment Variables
* '''DITA Sample Transform''': see https://github.com/Lingoport/CommandCenterConfig/tree/main/transforms/dita to help with your DITA on-boarding
* '''Advanced Localyzer Settings'''

* Fixed an issue around casing between the repository locales and the TMS or MT locale.

==Command Center 1.1.32 Release Notes (December 2023)==
* '''[[ AWS S3 Data Source Credential ]]''' Support. See also [[ Git to AWS S3 System ]]
* '''[[ Gerrit Data Source Credential ]]''' enhancement for slashes in project URL
* '''Trados Enterprise''' TMS support
* '''[[ LocalyzerQA ]]''' support in Command Center, using tags to link a LocalyzerQA application and Command Center projects
* '''Changing TMS''' for a project keeps the on-boarding as close as possible, to make switching TMSs as simple as possible
* '''[[ API_Reference#Pseudo-localize_a_Command_Center_Project | Pseudo-Localization Remote Calling ]]'''
* '''New Version Indicator''': Command Center indicates when a new version is available.
* Better logging on project configuration changes
* Enhancement in TMS management - internal file configuration.
* Enhancement in Queue management - interaction between queue and maintenance mode.
* Enhancement to Globalyzer and Localyzer handling of issues
* Fix issue on Toggle UI elements
* Fix issue in Saving projects

==Command Center 1.1.11 Release Notes (October 2023)==
* '''XTM''' TMS integration support
* '''WorldServer''' TMS integration support
* '''Custom''' Data Source
* [[ Gerrit Data Source Credential ]]
* [[ GitLab_Pull_Requests_and_Commit_Analysis | GitLab Merge Request ]]
* Alpha '''ChatGPT Translation Support'''
* Alpha '''ChatGPT Globalyzer Support'''

In addition to the Underlying Localyzer engine features:
* [[ Localyzer_Release_Notes#Localyzer_9.2_.28Korea.29_release_-_Fall_2023 | Localyzer 9.2 Korea ]]
* [[ Localyzer_Release_Notes#Localyzer_9.1_.28Joetsu.29_release_-_Feb_2023 | Localyzer 9.1 Joetsu ]]

==Command Center 1.0.154 Release Notes (September 2023)==
The Korea/1.0.154 release is the initial release of Command Center. Command Center's application supersedes the Lingoport Suite's Jenkins and Dashboard, and simplifies a number of tasks previously done via either, including
* Administration of the system
* Configuration and on-boarding of individual projects
* Search on project, search on issues
* Filtering on projects, filtering on issues
* Sort on projects, sort on issues
* Improved reporting and logging
* Improved performance

Below are some of the major features in Command Center:

<ul>
<li>Support for SAML/SSO:
The Globalyzer Server can now be configured with SAML/SSO, in addition to LDAP.
This allows seamless integration with third party identity providers.
</li>
<li>Support for Globalyzer 6.8.0:
Command Center allows for fast and easy Globalyzer project creation.
For information on Globalyzer, please see: [[About_Globalyzer | Globalyzer]]
</li>
<li>Support for Localyzer 9.2.0:
Command Center allows for fast and easy Localyzer project creation.
For information on Localyzer, please see: [[About_Localyzer | Localyzer]]
</li>
<li>Figma Integration:
Use Command Center to translate Figma designs.
</li>
<li>Project Tagging:
Projects can be organized and filtered using tags.
</li>
<li>API calls:
Initial API calls to list projects, duplicate a project, or get the status of a project in Command Center.
</li>
<li>Execution Queue:
See what is in the execution queue, delete from the queue, interrupt a running job.
</li>
<li>Improved Issue Management:
The user interface for issues has been entirely redesigned.
</li>
<li>Space and System Requirements Improvements:
In Command Center, no files are pushed to the database as was the case with Dashboard. 
A repository/branch is cloned only once in a workspace, even if many projects are created off of that workspace.
</li>
<li>Access to Code:
Source code and resource files are only accessible via the repository, so that only those allowed repository users can see the code.
</li>
</ul>

CVE-Responses

2024-04-03T18:29:22Z

Masnes:

= XZ Utils - CVE-2024-3094 =

[https://www.cisecurity.org/advisory/a-vulnerability-in-xz-utils-could-allow-for-remote-code-execution_2024-033 Center for Information Security Overview]
[https://nvd.nist.gov/vuln/detail/CVE-2024-3094 NIST Overview]

Lingoport has reviewed the XZ library version on all Lingoport-hosted servers and all docker containers running in our cloud environment (AWS).

For all of the above, we have confirmed that the xz library version does not match the known vulnerable versions (5.6.0, 5.6.1).

CVE-Responses

2024-04-02T23:38:02Z

Masnes: Created page with "= XZ Utils - CVE-2024-3094 = [https://www.cisecurity.org/advisory/a-vulnerability-in-xz-utils-could-allow-for-remote-code-execution_2024-033 Center for Information Security..."

= XZ Utils - CVE-2024-3094 =

[https://www.cisecurity.org/advisory/a-vulnerability-in-xz-utils-could-allow-for-remote-code-execution_2024-033 Center for Information Security Overview]
[https://nvd.nist.gov/vuln/detail/CVE-2024-3094 NIST Overview]

Lingoport has reviewed the XZ library version on all Lingoport-hosted servers and all docker containers running in our cloud environment (AWS).

For all of the above, we have confirmed that the xz library version, if present, does not match the known vulnerable versions (5.6.0, 5.6.1).

InContext Server Installation

2024-03-01T22:03:18Z

Masnes: /* Installation Process */

= Checking InContext Server Installation =
The typical G11n system can be installed using either the '''Lingoport Stack Installer''' or a Docker-based method. Depending on the installation method used, the process to check if the InContext Server is installed will differ.

== Checking Installation for Systems Installed with Lingoport Stack Installer ==
If your system was installed using the Lingoport Stack Installer, check the installation with:
<pre>
$sudo systemctl status incontext-server
</pre>
Output should indicate if the service is active. If the service is not found, it needs to be installed manually.

== Checking Installation for Docker-based Systems ==
For systems intending to use the Docker-based installation, check if the Docker container for the InContext Server is running with:
<pre>
$ sudo docker ps | grep incontext-server
</pre>
If there's no output, the container is not running, indicating the InContext Server needs to be set up or there is an issue that needs to be addressed.
Users in the 'docker' group may optionally omit use of sudo.

= Docker-based Installation of InContext Server =
For a new, simplified deployment process, the InContext Server can be installed using Docker. This section outlines the Docker-based installation process.

== Requirements ==
* Docker installed on your system
* Configuration details prepared in `install.conf`

== Installation Process ==
# Modify the `install.conf` file with your specific configurations, including Docker Hub credentials (account with read access to the InContext Image will be shared by Lingoport), MySQL root password (to be created with an associated MySQL 8 container), and desired server port.
# Execute the `InstallIncontext.sh` script with sudo privileges. This script will:
#* Create necessary Docker network and volumes
#* Pull the Lingoport InContext Server image from Docker Hub
#* Start the InContext Server and MySQL containers with appropriate configurations

Verify the installation by checking the Docker container status and accessing the InContext Server through the web browser.

== Script Execution ==
<pre>
$ sudo ./InstallIncontext.sh
</pre>

You may be prompted if there is missing info in the install.conf. Ensure you follow any prompts provided by the script for a successful installation.

= Manual Installation =
For systems not utilizing Docker or needing a specific setup, manual installation is also available.

== InContext Server Installation Requirements ==
* Java 11
* MySQL 8
* Tomcat 9.0.x

== Installation Steps - Docker ==
1. Download and unzip the `IncontextServer-<version>.zip` file.
2. Modify `install.conf` with necessary details.
3. Execute `./install.sh` with sudo privileges.

== Installation Steps - Non-Docker ==

1. Download and unzip the '''IncontextServer-<version>.zip''' file from our SFTP site.

2. Change directory: <code>'''cd incontext-server'''</code>

3. Modify install.conf to set the values required by the install. Any information left blank will be prompted by the install script.
*<code>MYSQL_ROOT_PASS</code> - this is the password that was used or created by the Stack Installer or Stack Updater.
*<code>INCONTEXT_MYSQL_USER / INCONTEXT_MYSQL_PASS</code> - this is a new MySQL username and password.
*<code>INSTALL_TOMCAT_HERE='/usr/local/tomcat'</code> - Unless there is reason to change the location, leave it at the default.
4. Run the install script (note you must have sudo privileges): <code>./install.sh</code>. If it is successful, one should see:

Incontext Server successfully installed.

== InContext Server Files ==

There are three files that comprise the InContext Server. The Lingoport InContext Server automated installation process will put these files in the appropriate location.

* incontext-server.war
* incontext-server.sh
* IncontextServerConfig.groovy

== Installation Steps - Non-Docker ==
−
The incontext-server.war is the server itself and must be placed under the tomcat/webapps directory. 

−
The incontext-server.sh file is a script for starting/stopping the InContext Server and must be configured and placed in the tomcat directory. 

−
The IncontextServerConfig.groovy file is the configuration file for the InContext Server and must be configured and placed in the tomcat directory.

−

= Running the InContext Server - Non-Docker =

To start the InContext Server:
$sudo systemctl start incontext-server

Then browse to: '''<nowiki>http://yourserverurl:8081/incontext-server</nowiki>'''

[[File:InContextServerLogin.jpg |600px]]

To stop the InContext Server:
$sudo systemctl stop incontext-server

To check the status of the InContext Server:
$sudo systemctl status incontext-server

= Next Steps =
Whether installed via Docker or manually, the next steps involve configuring and using the InContext Server for your localization needs. For more details on post-installation setup and usage, refer to the InContext Server Users Guide.

[[InContext_Capture_Installation | InContext Capture Installation]] provides additional resources for setting up InContext for Translation.

For information on how to proceed after installation, please see the:
[[InContext Server Users Guide]]

InContext Server Installation

2024-03-01T21:59:42Z

Masnes:

= Checking InContext Server Installation =
The typical G11n system can be installed using either the '''Lingoport Stack Installer''' or a Docker-based method. Depending on the installation method used, the process to check if the InContext Server is installed will differ.

== Checking Installation for Systems Installed with Lingoport Stack Installer ==
If your system was installed using the Lingoport Stack Installer, check the installation with:
<pre>
$sudo systemctl status incontext-server
</pre>
Output should indicate if the service is active. If the service is not found, it needs to be installed manually.

== Checking Installation for Docker-based Systems ==
For systems intending to use the Docker-based installation, check if the Docker container for the InContext Server is running with:
<pre>
$ sudo docker ps | grep incontext-server
</pre>
If there's no output, the container is not running, indicating the InContext Server needs to be set up or there is an issue that needs to be addressed.
Users in the 'docker' group may optionally omit use of sudo.

= Docker-based Installation of InContext Server =
For a new, simplified deployment process, the InContext Server can be installed using Docker. This section outlines the Docker-based installation process.

== Requirements ==
* Docker installed on your system
* Configuration details prepared in `install.conf`

== Installation Process ==
# Modify the `install.conf` file with your specific configurations, including Docker Hub credentials (account with read access to the InContext Image will be shared by Lingoport), MySQL root password, and desired server port.
# Execute the `InstallIncontext.sh` script with sudo privileges. This script will:
#* Create necessary Docker network and volumes
#* Pull the Lingoport InContext Server image from Docker Hub
#* Start the InContext Server and MySQL containers with appropriate configurations

Verify the installation by checking the Docker container status and accessing the InContext Server through the web browser.

== Script Execution ==
<pre>
$ sudo ./InstallIncontext.sh
</pre>

You may be prompted if there is missing info in the install.conf. Ensure you follow any prompts provided by the script for a successful installation.

= Manual Installation =
For systems not utilizing Docker or needing a specific setup, manual installation is also available.

== InContext Server Installation Requirements ==
* Java 11
* MySQL 8
* Tomcat 9.0.x

== Installation Steps - Docker ==
1. Download and unzip the `IncontextServer-<version>.zip` file.
2. Modify `install.conf` with necessary details.
3. Execute `./install.sh` with sudo privileges.

== Installation Steps - Non-Docker ==

1. Download and unzip the '''IncontextServer-<version>.zip''' file from our SFTP site.

2. Change directory: <code>'''cd incontext-server'''</code>

3. Modify install.conf to set the values required by the install. Any information left blank will be prompted by the install script.
*<code>MYSQL_ROOT_PASS</code> - this is the password that was used or created by the Stack Installer or Stack Updater.
*<code>INCONTEXT_MYSQL_USER / INCONTEXT_MYSQL_PASS</code> - this is a new MySQL username and password.
*<code>INSTALL_TOMCAT_HERE='/usr/local/tomcat'</code> - Unless there is reason to change the location, leave it at the default.
4. Run the install script (note you must have sudo privileges): <code>./install.sh</code>. If it is successful, one should see:

Incontext Server successfully installed.

== InContext Server Files ==

There are three files that comprise the InContext Server. The Lingoport InContext Server automated installation process will put these files in the appropriate location.

* incontext-server.war
* incontext-server.sh
* IncontextServerConfig.groovy

== Installation Steps - Non-Docker ==
−
The incontext-server.war is the server itself and must be placed under the tomcat/webapps directory. 

−
The incontext-server.sh file is a script for starting/stopping the InContext Server and must be configured and placed in the tomcat directory. 

−
The IncontextServerConfig.groovy file is the configuration file for the InContext Server and must be configured and placed in the tomcat directory.

−

= Running the InContext Server - Non-Docker =

To start the InContext Server:
$sudo systemctl start incontext-server

Then browse to: '''<nowiki>http://yourserverurl:8081/incontext-server</nowiki>'''

[[File:InContextServerLogin.jpg |600px]]

To stop the InContext Server:
$sudo systemctl stop incontext-server

To check the status of the InContext Server:
$sudo systemctl status incontext-server

= Next Steps =
Whether installed via Docker or manually, the next steps involve configuring and using the InContext Server for your localization needs. For more details on post-installation setup and usage, refer to the InContext Server Users Guide.

[[InContext_Capture_Installation | InContext Capture Installation]] provides additional resources for setting up InContext for Translation.

For information on how to proceed after installation, please see the:
[[InContext Server Users Guide]]

InContext Server Installation

2024-03-01T21:58:57Z

Masnes:

= Checking InContext Server Installation =
The typical G11n system can be installed using either the '''Lingoport Stack Installer''' or a Docker-based method. Depending on the installation method used, the process to check if the InContext Server is installed will differ.

== Checking Installation for Systems Installed with Lingoport Stack Installer ==
If your system was installed using the Lingoport Stack Installer, check the installation with:
<pre>
$sudo systemctl status incontext-server
</pre>
Output should indicate if the service is active. If the service is not found, it needs to be installed manually.

== Checking Installation for Docker-based Systems ==
For systems intending to use the Docker-based installation, check if the Docker container for the InContext Server is running with:
<pre>
$ sudo docker ps | grep incontext-server
</pre>
If there's no output, the container is not running, indicating the InContext Server needs to be set up or there is an issue that needs to be addressed.
Users in the 'docker' group may optionally omit use of sudo.

= Docker-based Installation of InContext Server =
For a new, simplified deployment process, the InContext Server can be installed using Docker. This section outlines the Docker-based installation process.

== Requirements ==
* Docker installed on your system
* Configuration details prepared in `install.conf`

== Installation Process ==
# Modify the `install.conf` file with your specific configurations, including Docker Hub credentials (account with read access to the InContext Image will be shared by Lingoport), MySQL root password, and desired server port.
# Execute the `InstallIncontext.sh` script with sudo privileges. This script will:
#* Create necessary Docker network and volumes
#* Pull the Lingoport InContext Server image from Docker Hub
#* Start the InContext Server and MySQL containers with appropriate configurations

Verify the installation by checking the Docker container status and accessing the InContext Server through the web browser.

== Script Execution ==
<pre>
$ sudo ./InstallIncontext.sh
</pre>

You may be prompted if there is missing info in the install.conf. Ensure you follow any prompts provided by the script for a successful installation.

= Manual Installation =
For systems not utilizing Docker or needing a specific setup, manual installation is also available.

== InContext Server Installation Requirements ==
* Java 11
* MySQL 8
* Tomcat 9.0.x

== Installation Steps - Docker ==
1. Download and unzip the `IncontextServer-<version>.zip` file.
2. Modify `install.conf` with necessary details.
3. Execute `./install.sh` with sudo privileges.

== Installation Steps - Non-Docker ==

1. Download and unzip the '''IncontextServer-<version>.zip''' file from our SFTP site.

2. Change directory: <code>'''cd incontext-server'''</code>

3. Modify install.conf to set the values required by the install. Any information left blank will be prompted by the install script.
*<code>MYSQL_ROOT_PASS</code> - this is the password that was used or created by the Stack Installer or Stack Updater.
*<code>INCONTEXT_MYSQL_USER / INCONTEXT_MYSQL_PASS</code> - this is a new MySQL username and password.
*<code>INSTALL_TOMCAT_HERE='/usr/local/tomcat'</code> - Unless there is reason to change the location, leave it at the default.
4. Run the install script (note you must have sudo privileges): <code>./install.sh</code>. If it is successful, one should see:

Incontext Server successfully installed.

== InContext Server Files ==

There are three files that comprise the InContext Server. The Lingoport InContext Server automated installation process will put these files in the appropriate location.

* incontext-server.war
* incontext-server.sh
* IncontextServerConfig.groovy

== Installation Steps - Non-Docker ==
−
The incontext-server.war is the server itself and must be placed under the tomcat/webapps directory. 

−
The incontext-server.sh file is a script for starting/stopping the InContext Server and must be configured and placed in the tomcat directory. 

−
The IncontextServerConfig.groovy file is the configuration file for the InContext Server and must be configured and placed in the tomcat directory.

−

= Running the InContext Server - Non-Docker =

To start the InContext Server:
$sudo systemctl start incontext-server

Then browse to: '''<nowiki>http://yourserverurl:8081/incontext-server</nowiki>'''

[[File:InContextServerLogin.jpg |600px]]

To stop the InContext Server:
$sudo systemctl stop incontext-server

To check the status of the InContext Server:
$sudo systemctl status incontext-server

= Next Steps =
Whether installed via Docker or manually, the next steps involve configuring and using the InContext Server for your localization needs. For more details on post-installation setup and usage, refer to the InContext Server Users Guide.

[[InContext_Capture_Installation | InContext Capture Installation]] provides additional resources for setting up InContext for Translation.

= Next Steps =
To continue installing InContext for Translation go to: [[InContext_Capture_Installation | InContext Capture Installation]]

For information on how to proceed after installation, please see the:
[[InContext Server Users Guide]]

Globalyzer in IDE

2023-12-15T00:51:41Z

Masnes: /* Globalyzer Lite for VSCode */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Globalyzer Lite in Eclipse ==
To use Globalyzer Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

== Globalyzer Lite for VSCode ==

To Configure the Lite VSCode Task:
*Install Globalyzer Lite as directed above.
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<pre>
{
"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</pre>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-15T00:51:00Z

Masnes: /* Globalyzer Lite Plugin for VSCode */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Globalyzer Lite in Eclipse ==
To use Globalyzer Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

== Globalyzer Lite for VSCode ==

To Configure the Task:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<pre>
{
"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</pre>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-15T00:50:36Z

Masnes: /* Globalyzer Lite in Eclipse */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Globalyzer Lite in Eclipse ==
To use Globalyzer Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

== Globalyzer Lite Plugin for VSCode ==

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<pre>
{
"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</pre>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-15T00:50:22Z

Masnes: /* Lite is set in Eclipse */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Globalyzer Lite in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

== Globalyzer Lite Plugin for VSCode ==

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<pre>
{
"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</pre>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-15T00:49:49Z

Masnes:

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Lite is set in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

== Globalyzer Lite Plugin for VSCode ==

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<pre>
{
"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</pre>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-15T00:42:46Z

Masnes: /* Globalyzer Lite Plugin for VSCode */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Lite is set in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

=== Globalyzer Lite Plugin for VSCode ===

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<pre>
{
"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</pre>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-15T00:41:49Z

Masnes: /* Globalyzer Lite Plugin for VSCode */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Lite is set in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

=== Globalyzer Lite Plugin for VSCode ===

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<code>
{

"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</code>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - 'strong' is used for arguments that may contain spaces.
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-11T22:55:32Z

Masnes:

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Lite is set in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

=== Globalyzer Lite Plugin for VSCode ===

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<code>
{

"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "strong"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "strong"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "strong"
},
{
"value": "--report-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/Lingoport",
"quoting": "strong"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "strong"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</code>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - required as “weak”
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Globalyzer in IDE

2023-12-11T22:45:05Z

Masnes: /* Globalyzer Lite Plugin for VSCode */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Lite is set in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

=== Globalyzer Lite Plugin for VSCode ===

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<code>
{

"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "weak"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "weak"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "weak"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "weak"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"owner": "globalyzer",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</code>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - required as “weak”
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Installing Docker on Amazon Linux 2

2023-09-27T18:24:16Z

Masnes: /* Configure Reverse Proxy */

==Introduction==
On the system (most likely a virtual machine) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands. The Amazon Linux user may be 'ec2-user'.

==Uninstall old docker versions==

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

==Install docker using the repository==

sudo yum update
sudo yum install docker

wget https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)
sudo mv docker-compose-$(uname -s)-$(uname -m) /usr/local/bin/docker-compose
sudo chmod -v +x /usr/local/bin/docker-compose

==Start Docker.==
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

==Verify that Docker Engine is installed correctly ==
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Install other packages ==
In anticipation of installing Command Center, the following packages should be installed, if not already on the system.

*git
*zip and unzip

sudo yum install git zip unzip

Return to the [[Command Center Installation|Installation page]] to continue installing Command Center on the system

== Configure HTTP/HTTPS and TimeOut through Reverse Proxy ==

Please see [[HTTPS_configuration]]

Be sure to set an apache timeout by modifying or appending the line:

TimeOut 600
to /etc/httpd/conf/httpd.conf

As mentioned in the instructions above.

Installing Docker on Amazon Linux 2

2023-09-27T18:23:47Z

Masnes: /* Install other packages */

==Introduction==
On the system (most likely a virtual machine) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands. The Amazon Linux user may be 'ec2-user'.

==Uninstall old docker versions==

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

==Install docker using the repository==

sudo yum update
sudo yum install docker

wget https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)
sudo mv docker-compose-$(uname -s)-$(uname -m) /usr/local/bin/docker-compose
sudo chmod -v +x /usr/local/bin/docker-compose

==Start Docker.==
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

==Verify that Docker Engine is installed correctly ==
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Install other packages ==
In anticipation of installing Command Center, the following packages should be installed, if not already on the system.

*git
*zip and unzip

sudo yum install git zip unzip

Return to the [[Command Center Installation|Installation page]] to continue installing Command Center on the system

== Configure Reverse Proxy ==

Please see [[HTTPS_configuration]]

Be sure to set an apache timeout by modifying or appending the line:

TimeOut 600
to /etc/httpd/conf/httpd.conf

As mentioned in the instructions above.

HTTPS configuration

2023-09-27T18:22:31Z

Masnes:

HTTPS configuration is often achieved via a reverse proxy hosted on the Linux system. Instructions to do so using Apache are as follows for CentOS / RHEL:

1. Install Apache and mod_ssl (https support for apache)

sudo yum install httpd
sudo yum install mod_ssl

2. Configure SELinux to allow Apache network connections

sudo setsebool -P httpd_can_network_connect true

3. Set an apache timeout by modifying or appending the line:

<pre>
TimeOut 600
</pre>

to /etc/httpd/conf/httpd.conf

4. Add http (not s) config file with the following content (edit as appropriate):

vi /etc/httpd/conf.d/lingoport-apps.conf

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8083 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8083/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8083/command-center/

# Default fallback config, redirect to port 8083 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</pre>
5. Restart Apache to apply the settings

sudo systemctl restart httpd

6. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

7. Place the certificate and private key on a secure location on your system. Standard location is /etc/pki/tls/, with the certificate under /etc/pki/tls/certs/ and the associated private key under /etc/pki/tls/private/

8. Add Apache config to utilize the certificate:

vi /etc/httpd/conf.d/lingoport-apps-ssl.conf

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8083 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8083/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8083/command-center/

# Default fallback config, redirect to port 8083 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>
9. Optionally enforce a redirect to https by uncommenting and filling out the following section in /etc/httpd/conf.d/lingoport-apps.conf

Before:

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

After:

# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

10. Restart Apache to apply the settings

sudo systemctl restart httpd

11. Set up Apache to start automatically after a reboot.

sudo systemctl enable httpd

To continue on Command Center installation, please go to:
* [[Command Center Installation | Command Center Installation ]]

GitHub Pull Requests

2023-05-25T23:35:20Z

Masnes: MediaWiki Formatting - removed <pre>

= GitHub Pull Requests & Commits Globalyzer Analysis Webhook =

Follow these steps to set up a Webhook to automate Globalyzer's analysis on your repository's pull requests and/or commits.

* '''Video Guide:''' https://vimeo.com/817611647

== Jenkins Set Up ==

=== Install Globalyzer Lite ===
1. If not done so already, move the root Globalyzer Lite folder to your Jenkins file system. Create a `lingoport` directory at the root of your Jenkins system and place the downloaded globalyzer-lite folder there (e.g., /var/lib/jenkins/lingoport/globalyzer-lite). ''To avoid any errors, please do not modify or move the files in this folder unless specifically directed to do so.''

2. Install Globalyzer Lite on your Jenkins system by following the instructions in the `README.txt` file (located in the globalyzer-lite folder).

'''Make sure to install Lite as the `jenkins` user!'''

'''Note:''' You should see the success message "Globalyzer Lite installation completed successfully" before proceeding.

3. You will need to download the Globalyzer.license file from here: https://www.globalyzer.com/gzserver/home/installclient (you may need to log in with your Globalyzer.com credentials). Once downloaded, place the Globalyzer.license file into the `lingoport` directory from step 1.

=== Set Up GitHub Credentials ===
4. In this folder, you will find the `github.properties` file. Your GitHub credentials will need to be set in this file before proceeding (failure to set these credentials will result in an error).

* For `github.login`, enter your GitHub username. Note this is not your GitHub login email, it is the username as it appears after you sign in.
* For `github.oauth`, you will need to enter a Personal Access Token created for your GitHub account. To generate an access token:
** Sign in to GitHub.
** Select your profile icon on the top right hand side and select "Settings".
** Scroll down and select "Developer settings".
** Select "Personal access tokens" > "Tokens (classic)".
** Select "Generate new token" > "Generate new token (classic)".
** Add a note and expiration date as desired.
** Under "Select scopes", select "**repo**".
** Select "Generate token".
** Copy the generated token and paste it into the file. Note that the token will disappear after the window is closed/changed.

=== Create & Configure Jenkins Job ===
5. On Jenkins, navigate to "Manage Jenkins" > "Configure System" > "Global properties" > select the "Environment variables" box > select "Add".

Under name, enter `GITHUB_PRC_FILES` and for the value, enter the file path to the webhook file directory in the globalyzer-lite folder, for example: `$JENKINS_HOME/lingoport/globalyzer-lite-*.*.*_*.*/GitHub_PRC`

* '''Note''': Whenever a new version of Lite is downloaded, only this environment variable's value needs to be changed rather than having to reconfigure every Jenkins job.

6. On Jenkins, select "New Item" and create a new "Freestyle project". Give it a name, we recommend the format "Team.RepoName-GitHub-COMMAND" where COMMAND could be PullRequest, Commit, or PRC (for both PRs and commits) depending on what you would like to be scanned.

7. Configure the project:
* '''General:'''
** Check the "This project is parameterized" box. Two **string** parameters are needed for the job to run properly.
** payload: The first parameter is named `payload` and the default value is `NOT_SET`. This parameter is NOT set by hand. GitHub's webhooks generate data based on the GitHub event and send the JSON data to Jenkins as the payload parameter. See the [GitHub Page](https://developer.github.com/webhooks/#payloads) for more details.
** LITE_PROJECT_DEFINITION: The second parameter is named `LITE_PROJECT_DEFINITION` and it's default value is `DEFAULT`. This parameter is the location of the project definition file that will be used when scanning (such as: $JENKINS_HOME/jobs/$JOB_NAME/workspace/lingoport/LiteProjectDefinition.xml). If DEFAULT, it will use the lingoport/LiteProjectDefinition.xml file from the working branch of the pull request/commit. We highly recommend setting up concurrent build throttling as well to allow builds to process one at a time. Please refer to the [Throttle Concurrent Builds](#throttle-concurrent-builds) section at the bottom of the page for more details.
** Source Code Management: You may leave this as "None". The job will locate the corresponding repo and branch through the webhook's payload data.
** Build Triggers: Check the "Trigger builds remotely (e.g., from scripts)" box. Under "Authentication Token", enter a token to trigger the build remotely, we recommend `HOOK`. This token will be used to set up the webhook in the following section.
'''Note:''' If your job does not have the "Trigger builds remotely" option, it is likely that your Jenkins user does not have the necessary permissions.
** Build: Select "Add build step" and select the "Execute shell" option. Under "Command", enter the code to execute the `job_lite_pr.sh` file and pass `pr_message.html` as an argument. If you haven't already, configure the `GITHUB_PRC_FILES` environment variable (refer to step 5) before proceeding.
bash
set +x
$GITHUB_PRC_FILES/job_lite_pr.sh $GITHUB_PRC_FILES/pr_message.html

8. Select "Save" to save the project configuration.
9. Install jq on the system (if not already done): https://stedolan.github.io/jq/download/. jq is used to process the incoming webhook's JSON data.

=== Create The Github Webhook ===
10. Navigate to the repository where the webhook will be created.
11. Select "Settings" > "Webhooks" > "Add webhook".
* '''Note:''' You will need admin access to the repository to be able to access the settings.
12. Under "Payload URL", use the following URL to trigger the build remotely: `https://JENKINS_URL/buildByToken/buildWithParameters/build?job=JOB_NAME&token=TOKEN`
* `JENKINS_URL` is the URL to your Jenkins instance.
*`JOB_NAME` is the Jenkins job name you entered in step 6.
*`TOKEN` is the the token you entered in the "Build Triggers" subsection of step 7.
13. Under "Content type", select `application/x-www-form-urlencoded`.
14. Under "Which events would you like to trigger this webhook?", select "Let me select individual events" and then check "Pull Requests" and/or "Pushes" depending on if you want Globalyzer to scan pull requests, commits, or both.
15. Ensure that the webhook is set to "Active".
16. Select "Add webhook".

17. Navigate to the repository where the webhook was added.
18. Open/update a pull request or perform a commit depending on the option(s) you selected in step 14.
19. Once complete, navigate to the Jenkins job that was created in step 6. If all of the connections were completed correctly, a build should have automatically been started.
* If the build did not start automatically, navigate to the Github repo and select "Settings" > "Webhooks". Locate and select the webhook created in the last section and click "Recent Deliveries". Check for any potential issues that may have prevented the webhook from delivering the payload before trying again. Once you are ready to try again, select "Redeliver" > "Yes, redeliver this payload".
** If you see an error that says "We couldn’t deliver this payload: failed to connect to host", there may be a proxy or firewall issue that is blocking the webhook. See GitHub's guide to GitHub IP addresses [https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses here], and check with your IT and networking departments to set up access or forwarding of GitHub's connections before trying again.
** If you see a 403 error ("No valid crumb was included in the request"), you may need to use a Jenkins API token as an added security measure. From your Jenkins home page, select the user on the top right hand side of the page > select "Configure". Under API Tokens, select "Add New Token" > enter a name > select "Generate". Copy the token (note that it will disappear once the page is changed/closed). Navigate to the webhook created in step 16 and modify the URL to include the Jenkins credentials like so: `http://JENKINS_USERNAME:JENKINS_TOKEN@JENKINS_URL/...` (Note the : and @ characters.)
*** `JENKINS_USERNAME`: The username used to log into Jenkins. Note that this is not the full name of the user.
*** `JENKINS_TOKEN`: The API token generated from Jenkins.
** If you see a 404 error, please double check your URL from step 12. If everything looks correct, you may need to use this URL format instead for the GitHub webhook: `https://JENKINS_URL/job/JOB_NAME/buildWithParameters?token=TOKEN`.
20. If the build...
* '''Finished Successfully:''' Navigate to the pull request/commit from step 18 and look at the comments.
** If everything was set up correctly, you should see a new comment titled "Globalyzer Analysis Summary" with a concise summary of i18n issues detected by Globalyzer Lite. With that, '''you are done!''' Future pull requests and/or commits should automatically trigger the corresponding Jenkins job and run the Globalyzer analysis.
** If a comment was not created on the corresponding pull request/commit, there may be an issue. Navigate to the Jenkins job > select the most recent build > select "Console Output" > locate and fix any errors that may have occurred. If there are no visible errors and the output "Globalyzer Analysis Summary added to {commit/pull-request}" is present but there is no comment, please contact support@lingoport.com for assistance.
* '''Failed:''' Select the most recent build > select "Console Output". Locate and fix any errors that may have occurred before trying step 18 again.
** If you see the error "Host key verification failed" or "git@github.com: Permission denied (publickey). fatal: Could not read from remote repository.", you will need to create an ssh key. If you do not already have a .ssh directory (it may be hidden) on the root of your Jenkins system, create the directory before proceeding.
*** If you already have a .ssh directory, check if you have a file named `id_rsa.pub`. If so, you may skip this step. If you do not, navigate to the .ssh directory and run the command `ssh-keygen`. It will ask where you want to save the key, it should default to the .ssh directory (enter the path to the Jenkins .ssh directory if not). Enter a passphrase if desired (it will ask you to enter it twice) to proceed. Once the key has been saved, navigate to the .ssh folder and you should see two new files: `id_rsa.pub` and `id_rsa`.
*** Next, sign in to GitHub > select your profile icon on the top right hand side and select "Settings" > select "SSH and GPG keys" > select "New SSH key". Enter a title and leave the "Key type" as Authentication Key. For the "Key" field, paste the contents of the `id_rsa.pub` file and select "Add SSH Key". It is also worth making sure that GitHub is on your list of known hosts. To check, navigate to the .ssh folder on your Jenkins system and view the `known_hosts` file. If github.com is not present in the file (or the file does not exist), you will need to add it either manually with the command: `ssh-keyscan -t rsa github.com >> <PATH_TO_SSH_FOLDER>/.ssh/known_hosts` or by letting ssh do it for you when you run a git command and entering "yes" when prompted. Once complete, try step 18 again.
** If you see the error "Error: Lite failed, GlobalyzerLicense: Cannot find license file", refer to step 3. Ensure that the file is in the `lingoport` directory (the program will attempt to look here: `/var/lib/jenkins/lingoport` for the license file). If your license has expired, please download the license again.
** If the build finished successfully but you see an error like so: "main ERROR Unable to create file /root/.globalyzer/log/globalyzer.log", you may have installed Globalyzer Lite as the root user instead of the jenkins user (refer to step 2). To fix this, navigate to your Jenkins file system > locate the Globalyzer Lite folder > locate the `log4j2.xml` file. Modify the LOG_DIR variable like so: `<Property name="LOG_DIR">/var/lib/jenkins/.globalyzer/log/globalyzer.log</Property>`.
*** If you are using an older version of Lite, you may have a `log4j.properties` file instead. If so, you want to modify the log4j.appender.FILE.File variable like so: `log4j.appender.FILE.File=/var/lib/jenkins/.globalyzer/log/globalyzer.log`.
*** If you see the error "File /var/lib/jenkins/.globalyzer/log/globalyzer.log exists and is not a directory. Unable to create directory" after this fix, you just need to delete the existing .globalyzer directory from your Jenkins system by running: `rm -rf /var/lib/jenkins/.globalyzer`.

=== Optional Additions ===

==== Throttle Concurrent Builds ====
- We highly recommend installing the "Throttle Concurrent Builds" plugin: https://plugins.jenkins.io/throttle-concurrents/throttling if not done so already. This allows multiple webhook calls to this job to execute one after the other, rather than all at the same time.
- After installing the plugin, navigate to the Jenkins job created in step 6 and select "Configure". Select the "Throttle Concurrent Builds" checkbox. Select the "Throttle this project alone" option and configure the "Maximum Total Concurrent Builds" and "Maximum Concurrent Builds Per Node", we recommend leaving both values as 1 to allow the job to process each build one at a time.

==== Discard Old Builds ====
- We also recommend installing the "Discard Old Build" Jenkins plugin: https://plugins.jenkins.io/discard-old-build/ to automatically remove old builds. This plugin is highly configurable and helps to reduce build clutter.
- After installing the plugin, navigate to the Jenkins job created in step 6 and select "Configure". Under "Post-build Actions", select "Add post-build action", and select "Discard Old Builds". You can customize how the builds are discarded here (i.e., over a set number of days, keep a max number of builds, etc.).

GitHub Pull Requests

2023-05-25T23:34:53Z

Masnes: MediaWiki formatting (kept pre to avoid nasty diff)

= GitHub Pull Requests & Commits Globalyzer Analysis Webhook =

Follow these steps to set up a Webhook to automate Globalyzer's analysis on your repository's pull requests and/or commits.

* '''Video Guide:''' https://vimeo.com/817611647

== Jenkins Set Up ==

=== Install Globalyzer Lite ===
1. If not done so already, move the root Globalyzer Lite folder to your Jenkins file system. Create a `lingoport` directory at the root of your Jenkins system and place the downloaded globalyzer-lite folder there (e.g., /var/lib/jenkins/lingoport/globalyzer-lite). ''To avoid any errors, please do not modify or move the files in this folder unless specifically directed to do so.''

2. Install Globalyzer Lite on your Jenkins system by following the instructions in the `README.txt` file (located in the globalyzer-lite folder).

'''Make sure to install Lite as the `jenkins` user!'''

'''Note:''' You should see the success message "Globalyzer Lite installation completed successfully" before proceeding.

3. You will need to download the Globalyzer.license file from here: https://www.globalyzer.com/gzserver/home/installclient (you may need to log in with your Globalyzer.com credentials). Once downloaded, place the Globalyzer.license file into the `lingoport` directory from step 1.

=== Set Up GitHub Credentials ===
4. In this folder, you will find the `github.properties` file. Your GitHub credentials will need to be set in this file before proceeding (failure to set these credentials will result in an error).

* For `github.login`, enter your GitHub username. Note this is not your GitHub login email, it is the username as it appears after you sign in.
* For `github.oauth`, you will need to enter a Personal Access Token created for your GitHub account. To generate an access token:
** Sign in to GitHub.
** Select your profile icon on the top right hand side and select "Settings".
** Scroll down and select "Developer settings".
** Select "Personal access tokens" > "Tokens (classic)".
** Select "Generate new token" > "Generate new token (classic)".
** Add a note and expiration date as desired.
** Under "Select scopes", select "**repo**".
** Select "Generate token".
** Copy the generated token and paste it into the file. Note that the token will disappear after the window is closed/changed.

=== Create & Configure Jenkins Job ===
5. On Jenkins, navigate to "Manage Jenkins" > "Configure System" > "Global properties" > select the "Environment variables" box > select "Add".

Under name, enter `GITHUB_PRC_FILES` and for the value, enter the file path to the webhook file directory in the globalyzer-lite folder, for example: `$JENKINS_HOME/lingoport/globalyzer-lite-*.*.*_*.*/GitHub_PRC`

* '''Note''': Whenever a new version of Lite is downloaded, only this environment variable's value needs to be changed rather than having to reconfigure every Jenkins job.

6. On Jenkins, select "New Item" and create a new "Freestyle project". Give it a name, we recommend the format "Team.RepoName-GitHub-COMMAND" where COMMAND could be PullRequest, Commit, or PRC (for both PRs and commits) depending on what you would like to be scanned.

7. Configure the project:
* '''General:'''
** Check the "This project is parameterized" box. Two **string** parameters are needed for the job to run properly.
** payload: The first parameter is named `payload` and the default value is `NOT_SET`. This parameter is NOT set by hand. GitHub's webhooks generate data based on the GitHub event and send the JSON data to Jenkins as the payload parameter. See the [GitHub Page](https://developer.github.com/webhooks/#payloads) for more details.
** LITE_PROJECT_DEFINITION: The second parameter is named `LITE_PROJECT_DEFINITION` and it's default value is `DEFAULT`. This parameter is the location of the project definition file that will be used when scanning (such as: $JENKINS_HOME/jobs/$JOB_NAME/workspace/lingoport/LiteProjectDefinition.xml). If DEFAULT, it will use the lingoport/LiteProjectDefinition.xml file from the working branch of the pull request/commit. We highly recommend setting up concurrent build throttling as well to allow builds to process one at a time. Please refer to the [Throttle Concurrent Builds](#throttle-concurrent-builds) section at the bottom of the page for more details.
** Source Code Management: You may leave this as "None". The job will locate the corresponding repo and branch through the webhook's payload data.
** Build Triggers: Check the "Trigger builds remotely (e.g., from scripts)" box. Under "Authentication Token", enter a token to trigger the build remotely, we recommend `HOOK`. This token will be used to set up the webhook in the following section.
'''Note:''' If your job does not have the "Trigger builds remotely" option, it is likely that your Jenkins user does not have the necessary permissions.
** Build: Select "Add build step" and select the "Execute shell" option. Under "Command", enter the code to execute the `job_lite_pr.sh` file and pass `pr_message.html` as an argument. If you haven't already, configure the `GITHUB_PRC_FILES` environment variable (refer to step 5) before proceeding.
bash
set +x
$GITHUB_PRC_FILES/job_lite_pr.sh $GITHUB_PRC_FILES/pr_message.html

8. Select "Save" to save the project configuration.
9. Install jq on the system (if not already done): https://stedolan.github.io/jq/download/. jq is used to process the incoming webhook's JSON data.

=== Create The Github Webhook ===
10. Navigate to the repository where the webhook will be created.
11. Select "Settings" > "Webhooks" > "Add webhook".
* '''Note:''' You will need admin access to the repository to be able to access the settings.
12. Under "Payload URL", use the following URL to trigger the build remotely: `https://JENKINS_URL/buildByToken/buildWithParameters/build?job=JOB_NAME&token=TOKEN`
* `JENKINS_URL` is the URL to your Jenkins instance.
*`JOB_NAME` is the Jenkins job name you entered in step 6.
*`TOKEN` is the the token you entered in the "Build Triggers" subsection of step 7.
13. Under "Content type", select `application/x-www-form-urlencoded`.
14. Under "Which events would you like to trigger this webhook?", select "Let me select individual events" and then check "Pull Requests" and/or "Pushes" depending on if you want Globalyzer to scan pull requests, commits, or both.
15. Ensure that the webhook is set to "Active".
16. Select "Add webhook".

17. Navigate to the repository where the webhook was added.
18. Open/update a pull request or perform a commit depending on the option(s) you selected in step 14.
19. Once complete, navigate to the Jenkins job that was created in step 6. If all of the connections were completed correctly, a build should have automatically been started.
<pre>
* If the build did not start automatically, navigate to the Github repo and select "Settings" > "Webhooks". Locate and select the webhook created in the last section and click "Recent Deliveries". Check for any potential issues that may have prevented the webhook from delivering the payload before trying again. Once you are ready to try again, select "Redeliver" > "Yes, redeliver this payload".
** If you see an error that says "We couldn’t deliver this payload: failed to connect to host", there may be a proxy or firewall issue that is blocking the webhook. See GitHub's guide to GitHub IP addresses [https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses here], and check with your IT and networking departments to set up access or forwarding of GitHub's connections before trying again.
** If you see a 403 error ("No valid crumb was included in the request"), you may need to use a Jenkins API token as an added security measure. From your Jenkins home page, select the user on the top right hand side of the page > select "Configure". Under API Tokens, select "Add New Token" > enter a name > select "Generate". Copy the token (note that it will disappear once the page is changed/closed). Navigate to the webhook created in step 16 and modify the URL to include the Jenkins credentials like so: `http://JENKINS_USERNAME:JENKINS_TOKEN@JENKINS_URL/...` (Note the : and @ characters.)
*** `JENKINS_USERNAME`: The username used to log into Jenkins. Note that this is not the full name of the user.
*** `JENKINS_TOKEN`: The API token generated from Jenkins.
** If you see a 404 error, please double check your URL from step 12. If everything looks correct, you may need to use this URL format instead for the GitHub webhook: `https://JENKINS_URL/job/JOB_NAME/buildWithParameters?token=TOKEN`.
20. If the build...
* '''Finished Successfully:''' Navigate to the pull request/commit from step 18 and look at the comments.
** If everything was set up correctly, you should see a new comment titled "Globalyzer Analysis Summary" with a concise summary of i18n issues detected by Globalyzer Lite. With that, '''you are done!''' Future pull requests and/or commits should automatically trigger the corresponding Jenkins job and run the Globalyzer analysis.
** If a comment was not created on the corresponding pull request/commit, there may be an issue. Navigate to the Jenkins job > select the most recent build > select "Console Output" > locate and fix any errors that may have occurred. If there are no visible errors and the output "Globalyzer Analysis Summary added to {commit/pull-request}" is present but there is no comment, please contact support@lingoport.com for assistance.
* '''Failed:''' Select the most recent build > select "Console Output". Locate and fix any errors that may have occurred before trying step 18 again.
** If you see the error "Host key verification failed" or "git@github.com: Permission denied (publickey). fatal: Could not read from remote repository.", you will need to create an ssh key. If you do not already have a .ssh directory (it may be hidden) on the root of your Jenkins system, create the directory before proceeding.
*** If you already have a .ssh directory, check if you have a file named `id_rsa.pub`. If so, you may skip this step. If you do not, navigate to the .ssh directory and run the command `ssh-keygen`. It will ask where you want to save the key, it should default to the .ssh directory (enter the path to the Jenkins .ssh directory if not). Enter a passphrase if desired (it will ask you to enter it twice) to proceed. Once the key has been saved, navigate to the .ssh folder and you should see two new files: `id_rsa.pub` and `id_rsa`.
*** Next, sign in to GitHub > select your profile icon on the top right hand side and select "Settings" > select "SSH and GPG keys" > select "New SSH key". Enter a title and leave the "Key type" as Authentication Key. For the "Key" field, paste the contents of the `id_rsa.pub` file and select "Add SSH Key". It is also worth making sure that GitHub is on your list of known hosts. To check, navigate to the .ssh folder on your Jenkins system and view the `known_hosts` file. If github.com is not present in the file (or the file does not exist), you will need to add it either manually with the command: `ssh-keyscan -t rsa github.com >> <PATH_TO_SSH_FOLDER>/.ssh/known_hosts` or by letting ssh do it for you when you run a git command and entering "yes" when prompted. Once complete, try step 18 again.
** If you see the error "Error: Lite failed, GlobalyzerLicense: Cannot find license file", refer to step 3. Ensure that the file is in the `lingoport` directory (the program will attempt to look here: `/var/lib/jenkins/lingoport` for the license file). If your license has expired, please download the license again.
** If the build finished successfully but you see an error like so: "main ERROR Unable to create file /root/.globalyzer/log/globalyzer.log", you may have installed Globalyzer Lite as the root user instead of the jenkins user (refer to step 2). To fix this, navigate to your Jenkins file system > locate the Globalyzer Lite folder > locate the `log4j2.xml` file. Modify the LOG_DIR variable like so: `<Property name="LOG_DIR">/var/lib/jenkins/.globalyzer/log/globalyzer.log</Property>`.
*** If you are using an older version of Lite, you may have a `log4j.properties` file instead. If so, you want to modify the log4j.appender.FILE.File variable like so: `log4j.appender.FILE.File=/var/lib/jenkins/.globalyzer/log/globalyzer.log`.
*** If you see the error "File /var/lib/jenkins/.globalyzer/log/globalyzer.log exists and is not a directory. Unable to create directory" after this fix, you just need to delete the existing .globalyzer directory from your Jenkins system by running: `rm -rf /var/lib/jenkins/.globalyzer`.
</pre>

=== Optional Additions ===

==== Throttle Concurrent Builds ====
- We highly recommend installing the "Throttle Concurrent Builds" plugin: https://plugins.jenkins.io/throttle-concurrents/throttling if not done so already. This allows multiple webhook calls to this job to execute one after the other, rather than all at the same time.
- After installing the plugin, navigate to the Jenkins job created in step 6 and select "Configure". Select the "Throttle Concurrent Builds" checkbox. Select the "Throttle this project alone" option and configure the "Maximum Total Concurrent Builds" and "Maximum Concurrent Builds Per Node", we recommend leaving both values as 1 to allow the job to process each build one at a time.

==== Discard Old Builds ====
- We also recommend installing the "Discard Old Build" Jenkins plugin: https://plugins.jenkins.io/discard-old-build/ to automatically remove old builds. This plugin is highly configurable and helps to reduce build clutter.
- After installing the plugin, navigate to the Jenkins job created in step 6 and select "Configure". Under "Post-build Actions", select "Add post-build action", and select "Discard Old Builds". You can customize how the builds are discarded here (i.e., over a set number of days, keep a max number of builds, etc.).

GitLab Pull Requests and Commit Analysis

2023-04-20T22:30:49Z

Masnes: Created page with "== GitLab Pull Requests & Commits Globalyzer Analysis Webhook == GitLab Pull Requests & Commits are supported by Globalyzer Lite. This webhook automates the analysis process..."

== GitLab Pull Requests & Commits Globalyzer Analysis Webhook ==

GitLab Pull Requests & Commits are supported by Globalyzer Lite. This webhook automates the analysis process of your GitLab repository's merge requests and/or commits. Follow the video and instructions provided to set up the webhook.

* '''Video Guide:''' https://vimeo.com/817610534
* '''Download page:''' https://www.globalyzer.com/gzserver/home/installclient

== Installation and Configuration ==
Setting up the webhook will involve the following steps

# Download and install Globalyzer Lite on your Jenkins system.
# Move the Globalyzer Lite folder to your Jenkins file system.
# Place the Globalyzer.license file into the 'lingoport' directory.
# Set up GitLab credentials in the 'gitlab.properties' file.
# Install the Generic Webhook Trigger Plugin on Jenkins.
# Create and configure a Jenkins job for the webhook.
# Create the GitLab webhook.
# Test the webhook.

A detailed step-by-step guide can be found in the README provided in the Globalyzer Lite download. You can also watch the video tutorial for a visual guide.

== Troubleshooting ==
If you encounter issues during installation or configuration, refer to the README file for guidance on resolving common errors. If you cannot find a solution or need further assistance, contact support@lingoport.com.

Command Center Installation

2023-02-17T23:48:26Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
HTTPS configuration is often achieved via a reverse proxy hosted on the Linux system. Instructions to do so using Apache are as follows for CentOS / RHEL:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httpd</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8083 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8083/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8083/command-center/

# Default fallback config, redirect to port 8083 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8083 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8083/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8083/command-center/

# Default fallback config, redirect to port 8083 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Optionally enforce a redirect to https by uncommenting and filling out the following section in <code>/etc/httpd/conf.d/lingoport-apps.conf</code>

Before:

<pre>
# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

After:

<pre>
# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

9. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
If you are using a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

If you are using a RedHat system:

* /home/ec2-user/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' in the install.conf to get the Command Center image update version.

command_center_image_version=69

See full [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T19:11:53Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
HTTPS configuration is often achieved via a reverse proxy hosted on the Linux system. Instructions to do so using Apache are as follows for CentOS / RHEL:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httpd</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Optionally enforce a redirect to https by uncommenting and filling out the following section in <code>/etc/httpd/conf.d/lingoport-apps.conf</code>

Before:

<pre>
# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

After:

<pre>
# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

9. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:59:35Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
One common path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, instructions to do so using Apache follow:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httpd</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Optionally enforce a redirect to https by uncommenting and filling out the following section in <code>/etc/httpd/conf.d/lingoport-apps.conf</code>

Before:

<pre>
# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

After:

<pre>
# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

9. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:59:15Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
One common path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, instructions to do so using Apache follow:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Optionally enforce a redirect to https by uncommenting and filling out the following section in <code>/etc/httpd/conf.d/lingoport-apps.conf</code>

Before:

<pre>
# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

After:

<pre>
# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

9. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:58:41Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
One common path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Optionally enforce a redirect to https by uncommenting and filling out the following section in <code>/etc/httpd/conf.d/lingoport-apps.conf</code>

Before:

<pre>
# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

After:

<pre>
# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

9. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:57:52Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Optionally enforce a redirect to https by uncommenting and filling out the following section in <code>/etc/httpd/conf.d/lingoport-apps.conf</code>

Before:

<pre>
# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

After:

<pre>
# Force HTTPS only (Requires ssl config enabled)
Header edit Location ^http://(.*)$ https://$1
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.somecorp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</pre>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:55:52Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:55:20Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>

<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:55:07Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>
<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

<code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:54:39Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>
<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

<code>sudo setsebool -P httpd_can_network_connect true</code>

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

</code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:54:23Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>
<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

sudo setsebool -P httpd_can_network_connect true

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<pre>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

</pre>

4. Restart apache to apply the settings

</code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<pre>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</pre>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:53:52Z

Masnes: /* HTTPS */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>
<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

sudo setsebool -P httpd_can_network_connect true

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<code>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

4. Restart apache to apply the settings

</code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</code>

8. Restart apache to apply the settings

sudo systemctl restart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Command Center Installation

2023-02-15T18:53:39Z

Masnes: /* Access and Ports / Firewall */

= Pre-Requisites=
Before installing or updating Command Center, please verify this section is complete.

== Intro ==

=== IT ===
When installing Command Center on premises, the customer '''IT''' group is very important to the successful deployment of the Lingoport applications when installing the suite on site. In particular, the IT group that sets up the Linux system must understand the usage model for the system.
Lingoport requires a meeting with the parties responsible for setting up and maintaining the host system before installation can properly begin. The hope is that once the system is setup for installation, minimal IT interaction is necessary.

Preparations must be made with the '''IT''' team to ensure that all '''prerequisites''' are met before installation. For new installations, this is the recommended method to use to verify that all the various actors work together well.

=== Basics ===
Before installing Command Center, the following needs to be configured:
* Hardware
* Linux
* Docker
* Firewall
* Https

=== Diagram ===

[[File:Docker Deployment Diagram.png|500px|center]]

==Hardware & Software Requirements==
The following sections describe the hardware and software requirements for Command Center.

Please note that the Globalyzer Server installation is in a different section.

===Hardware Requirements ===

{| border="1" class="wikitable" style="width=50%"
! Element
! Minimum
! Recommended
|-
! CPU
| 2 || 4
|-
! Memory
| 16 GB
| 16 GB
|-
! Disk
| 160 GB
| 500 GB
|}

The [[Terms_and_Definitions#GlobalyzerServer|Globalyzer Server]] may be hosted by Lingoport, reside on another server, or be installed on the same system. Other Linux and Windows machines may have Globalyzer clients installed.

===Software requirements===
The current versions of these software products can be found at: [[Introduction#Current_versions_of_Lingoport_products_and_supporting_applications | Current versions of Lingoport products and supporting applications]]

{| border="1" class="wikitable" style="width=50%"
! Software
! Recommended
|-
! Operating System
| Linux, CentOS (7) or RedHat (8)
|}

Since this is a Docker installation, most of the containers will be managed by Docker. However, volumes will be mounted on the Linux VM and a database configuration file will reside on the VM: This requires Linux.

==Access and Ports / Firewall==
Command Center may need to be accessible by Lingoport and customer personnel to configure jobs, check the console if any problem arise, run jobs if necessary. Command Center needs to be accessible by many customer actors, including development teams, management, and QA, Lingoport, Translation Vendors.

Please see [[Deployment_Scenarios#External_Access_and_Ports |External Access and Ports]] for all the details.

==HTTPS==
A simple path to HTTPS configuration is via reverse proxy hosted on the hosting linux system. For CentOS / RHEL, common instructions are:

1. Install apache and mod_ssl (https support for apache)

<code>sudo yum install httdp</code>
<code>sudo yum install mod_ssl</code>

2. Configure SELinux to allow apache network connections

sudo setsebool -P httpd_can_network_connect true

3. Add http (not s) config file with the following content (edit as appropriate):

<code>/etc/httpd/conf.d/lingoport-apps.conf</code>

<code>
<VirtualHost *:80>

# ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# Force HTTPS only (Requires ssl config enabled)
#Header edit Location ^http://(.*)$ https://$1
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =SERVER_URL_REPLACE_ME
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

4. Restart apache to apply the settings

</code>sudo systemctl restart httpd</code>

5. Acquire a certificate. Please follow your organization's instructions to do so. You should have a private key, and acquire both a certificate and a certificate chain. Some orgs may provide the certificate in the same file as the chain. Please request .pem style certificates, or convert the certificates to .pem.

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile

6. Place the certificate and private key on a secure location on your system. Standard location is <code>/etc/pki/tls/</code>, with the certificate under <code>/etc/pki/tls/certs/</code> and the associated private key under </code>/etc/pki/tls/private/</code>

7. Add apache config to utilize the certificate:

<code>/etc/httpd/conf.d/lingoport-apps-ssl.conf</code>

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName SERVER_URL_REPLACE_ME # example: myserver.lingoport.io
DocumentRoot /var/www/html

AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyRequests Off

# Default command center config - hosted on port 8081 under url path '/command-center/'
ProxyPass /command-center/ http://localhost:8081/command-center/ nocanon
ProxyPassReverse /command-center/ http://localhost:8081/command-center/

# Default fallback config, redirect to port 8081 for urls without '/command-center/' as the starting path.
# Adjust this if a different fallback mechanism is preferred.
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/

# SSL Settings. These may be placed in other config files instead, but are left here for convenience.
SSLEngine on

# BEGIN Possible security settings - based on LetsEncrypt recommendations as of Feb 2023.
# ---
# Please adjust to your own organization's guidelines!
SSLHonorCipherOrder off
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLOptions +StrictRequire

# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
# ---
# END Possible security settings

# Reference the certificates:
SSLCertificateFile /etc/pki/tls/certs/<yourserver.yourorg.com>.pem
SSLCertificateKeyFile /etc/pki/tls/private/<yourserversprivatekey>.pem

# Not necessary if the certificate file includes a chain as well. See [[apache doc|https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile]]
SSLCertificateChainFile /etc/letsencrypt/live/dockerdev1.lingoport.io/chain.pem

</VirtualHost>
</IfModule>

</code>

8. Restart apache to apply the settings

sudo systemctl hrestart httpd

== Docker Pre-Requisite==
Docker is a platform that allows you to easily develop, test, and deploy applications as containers. This section will walk you through the process of installing Docker on a Linux system.

On the system (most likely a VM) dedicated to Command Center, make sure you have the latest version of docker up and running. The following steps may help.

A user with '''sudo''' privileges is required to run most commands.

====Uninstall old docker versions====

This is an optional step in case your docker version is out of date:

sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine

====Install docker using the repository====

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

====Start Docker.====
Start docker using the following command:

$ sudo systemctl start docker

Enable the Docker service to start automatically on system boot by running the following command:

$ sudo systemctl enable docker

====Verify that Docker Engine is installed correctly ====
Run the hello-world image.

$ sudo docker run hello-world

This command will run a test container and display a message indicating that the installation is working properly.

== Credentials ==

When deploying Command Center, the configuration determines if the user management is done by Command Center itself, via an LDAP, or via SSO (using SAML).

=== Command Center User Database ===

One administration user is configured. Contact support (at) lingoport (dot) com in order to get an administration user and password. That user can then create Command Center users. It is strongly recommended to change the first administration password and keep it safe.

=== LDAP ===

* LDAP Connection
* Management

=== SSO ===
* SSO Connection
* Management

= New Command Center Installation =

==Create the database conf file==
The following is provided for a CentOS system:

Uses the centos user as default user for docker

* /home/centos/mysql/conf.d/mysql.cnf

[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

== Configuration ==

Request the ''CommandCenterInstall.zip'' file from your customer success engineer. The zip file contains four files:

install.conf
InstallCommandCenter.sh
UninstallCommandCenter.sh
UpdateCommandCenter.sh

Copy the above files to your home directory (/home/centos or /home/ec2-user)

===Set up install.conf ===

You need to provide your serverURL, your Docker Hub username and token, and MYSQL root password you want to use. Also make sure the version is the one that is wanted.

#!/bin/bash
#
# Provide the Docker network name you want to create
#
database_network=mysqlnetscommand
#
# Provide the MYSQL root password you want to create for the MySQL database container
#
database_root_password=mySQL!c0mma9d
#
# Provide your Docker Hub username
#
docker_username=xxxlingoport
#
# Provide your Docker Hub account token
#
docker_account_token=dckr_xxx_bMjvwehHwO7svVHuIExj3i346eM
#
# Provide the Command Center version
#
command_center_image_version=69
#
# The Server URL: '"http://yourserver:8081/command-center"'
#
serverURL='"http://<yourserver>:8081/command-center"'
#
# The company name on your Localyzer license
#
company_name=Lingoport

==Run InstallCommandCenter.sh==

chmod +x InstallCommandCenter.sh
sudo ./InstallCommandCenter.sh

To check the running container status

sudo docker ps

If you need to re-run the InstallCommandCenter.sh, make sure to run UninstallCommandCenter.sh first to clean your environment.

Note: Docker image version is not the Command Center version, check latest docker image version at https://hub.docker.com/repository/docker/lingoport/command-center_dev/general

You should see at least an MySQL and a Command Center container running.

== Verify Installation ==
Log in to the URL based on the command-center-config.sh settings, so something like:

'''[TEMPORARY-TO BE REWRITTEN ] (not http!) '''

https://commandcenter.mycompany.io/
or
https://lingoport.mycompany.io/command-center
or
http://server.mycompany.io:8081/command-center

You should now be able to install the licenses and create projects.

The Command Center will initially have one Administrator user '''CCAdmin''' with the password '''please.reset.me'''.

= Command Center Update =
==Update install.conf ==

Change the ''version number'' to get the Command Center image update version.
See [[Command_Center_Installation#Configuration | Configuration ]] above.

====Run UpdateCommandCenter.sh====

chmod +x UpdateCommandCenter.sh
sudo ./UpdateCommandCenter.sh

To check the running container status

sudo docker ps

= Start and Stop System =
* From Command Center, as an administrator, go to settings and click 'Restart'
* From the VM, use docker commands to stop or start Command Center. For example:

sudo docker ps
sudo docker stop <hash>
sudo docker ps

sudo docker container ls -a | grep command
sudo docker start <hash>
sudo docker ps

= Uninstall =

sudo ./UninstallCommandCenter.sh
Uninstalling the Command Center Servers ...

sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

= Next Steps =
Command Center is now ready to be used. Proceed to the URL configured in the installation and follow the [[Command_Center_User_Guide | User Guide]] steps.

Globalyzer in IDE

2022-03-02T15:42:36Z

Masnes: /* Globalyzer Lite Plugin for VSCode */

==Can I use Globalyzer Lite with my standard IDE?==

The Globalyzer Lite client can be used with Eclipse, Visual Studio and IntelliJ IDEs.

== Using Globalyzer Lite from an Integrated Development Environment ==

Globalyzer Lite may be used within many IDEs that support external tools, including Visual Studio, IntelliJ IDEA, and Eclipse. Configuring Lite as an external tool takes some initial setup, but is relatively easy to accomplish. Once configured, Lite may be used through the IDE's external tool menu with the click of a button. The recommended, documented tools:

# Scan the currently selected file/directory.
# Scan everything within the parent directory of the currently selected file/directory.
# Scan the entire project.

Demonstration videos are available for:

* [https://player.vimeo.com/video/137641243 Visual Studio]
* [https://player.vimeo.com/video/137641242 IntelliJ IDEA]
* [https://player.vimeo.com/video/137641241 Eclipse]

To configure Lite in the IDE, please see this page: [https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html Lite IDE Usage].

The developer can then use the power of the IDE to refactor the relevant issues or to mark false positives in the code using Globalyzer ignore comments, such as $NON-NLS-L$. For more information, see the Globalyzer Comment Tags in [[ False Positives | False Positives ]] .

Those refactoring and the comment tags are now part of the code: The Continuous Globalization System using the same Lite project definition file will show the same results in the Dashboard.

==How do I install Globalyzer Lite?==

To install the Globalyzer Lite, you first need a Globalyzer account (see [[Globalyzer_Overview_and_General#How_do_I_obtain_a_Globalyzer_account.3F|this FAQ]]). Once you have an account, you log into the Globalyzer Server and at the bottom of your home page there is a link to download Globalyzer Lite.

The Globalyzer Lite is a standalone Java application. It uses Rule Sets to scan code at the command line. It is used in Jenkins configured for the Continuous G11n System and can be integrated as an external tool in an IDE.

Please see [https://www.globalyzer.com/gzserver/home/installclient installation] for complete Globalyzer Lite download/installation instructions.

To install:

# Unzip the Globalyzer Lite zip file at a desired location
# Run either <code>lite-setup.bat</code> or <code>lite-setup.sh</code> depending on your system.

To verify the installation, from a command line at the location that it was installed:
java -jar globalyzer-lite.jar -version

or, show the help info:
java -jar globalyzer-lite.jar -help

== Sharing Project Definition Files Between IDEs and Build Systems ==

It is common to check in a single project definition file per code repository. However, the desired IDE configuration may sometimes be incompatible with the desired build system configuration.

These incompatibilities are best solved by modifying the project definition file within the build system. The IDE config can then be used as the default.

Here is an example: The desired report type for Globalyzer Lite may be ScanDetailedCSV for developer usage, but will need to be ScanDetailedXML within the build system. The project definition file would then be written out with the <report-type> set to ScanDetailedCSV:
<pre><gzproject>
...
<report-type>ScanDetailedCSV</report-type>
...
</gzproject></pre>

The build system can then be set to auto-replace "ScanDetailedCSV" with "ScanDetailedXML". The following Linux command will do so:

<code>$ sed --in-place 's|ScanDetailedCSV|ScanDetailedXML|' $WORKSPACE/ProjectDefinition.xml</code>

If desired, the opposite replacement also may be performed at the end of the build.

Finally, here is a bash function to replace the content of any XML field:

<pre>replace_xml_token() {
token_name=$1
new_content=$2
sed -ri "s|(<${token_name}>).*(</${token_name}>)|\1${new_content}\2|g" $WORKSPACE/ProjectDefinition.xml
}</pre>

It may be used like so:

<code>$ replace_xml_token "report-type" "ScanDetailedXML"</code>

== Lite IDE Ignore==
When using Lite in an IDE (see https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html ), you can use the power of the IDE to mark some issues in the code as to be ignored. Globalyzer uses a set of standard comments, namely <code>$NON-NLS-L$</code>. There are many ways to do so. We will illustrate one such way with Lite in Eclipse.

== Lite is set in Eclipse ==
To set Lite in your Eclipse environment, refer to https://www.globalyzer.com/gzserver/help/referenceLite/globalyzer-lite-IDE-usage.html#Eclipse ; There are two sections, one for Linux, one for Windows.

[[File:LiteConfigured.gif]]

=== Run Lite ===
* Select the directory or file you want to analyze
* Click on the external tools button

=> Lite analyzes the relevant files based on the Globalyzer Project Definition file and shows the clickable results in the Console view.

[[File:LiteRun.gif]]

=== Navigate to the Issue ===
* Click on the issue in the Console

=> It opens the file and highlights the line with the issue.

=== Refactor the Code or Ignore the Issue===
Depending on what the developer sees, the issue either needs to be refactored or ignored. If the issue needs to be ignored, the //$NON-NLS-L$ comment needs to be added at the end of that line. One can simply add it by typing it. Some short cut exist and some can be created. For instance:

* Go to the end of the line to ignore and type <Ctr><Space>
* Choose "nls - non externalize string marker" in the list of templates.

or

* Add the string "nls" and type <Ctr><Space>
* Eclipse proposes the standard $NLS notation by default. Select that notation and type L.

[[File:LiteNlsCtrSpace.gif]]

The line now reads:
<code>Locale locale = new Locale("en", "US"); //$NON-NLS-L$</code>

* Repeat the process for other false positives

Lines tagged with the <code>//$NON-NLS-L$</code> will be ignored by Globalyzer the next time you run the Lite external tool.

=== Advanced Template ===
The previous illustration was done using the default template. You can modify the template to have directly <code>//$NON-NLS-L$</code> on other key combination or the same <code>nls<Ctr><Space></code>.

The following image shows how to use <code>nll<Ctr><Space></code> to insert directory <code>//$NON-NLS-L$</code>.

[[File:NllTemplate.gif]]

This is one way of adding <code>//$NON-NLS-L$</code> at the end of the line. Some developers will decide on other methods.

=== Globalyzer Lite Plugin for VSCode ===

To Configure the Plugin:
*Install Globalyzer Lite as directed
*Open your project folder in VSCode
*Select “Terminal->Configure Tasks” from the top menu bar
[[File:Vccode1.png|800px]]
* Select “Create tasks.json file from template” from the popup option list
[[File:Vccode2.png|700px]]
*Select “Others” from the Task Template list
[[File:Vccode3.png|700px]]
[[File:Vccode4.png|800px]]
*Change the default template for the generated tasks.json file to match the following:
<code>
{

"version": "2.0.0",
"tasks": [
{
"label": "GlobalyzerLite",
"type": "shell",
"command": "java",
"args": [
{
"value": "-jar",
"quoting": "weak"
},
{
"value": "/Applications/Lingoport/globalyzer-lite-6.6.0_8.0/globalyzer-lite.jar",
"quoting": "weak"
},
{
"value": "-f",
"quoting": "weak"
},
{
"value": "${workspaceFolder}/lingoport/LiteProjectDefinition.xml",
"quoting": "weak"
},
{
"value": "--project-path",
"quoting": "weak"
},
{
"value": "${workspaceFolder}",
"quoting": "weak"
},
{
"value": "--scan-items",
"quoting": "weak"
},
{
"value": "${file}",
"quoting": "weak"
},
{
"value": "--console-output",
"quoting": "weak"
},
{
"value": "visual-studio",
"quoting": "weak"
}

],
"presentation": {
"showReuseMessage": false,
"clear": true,
"revealProblems": "onProblem"
},
"problemMatcher": {
"fileLocation": ["absolute"],
"severity": "warning",
"pattern": {
"regexp": "^(.*)\$(\\d*)\$:\\s+(.*),\\s+(P\\d+):\\s+(.*)",
"file": 1,
"line": 2,
"message": 3,
"severity": 4,
"code": 5
}
}
}
]
}
</code>
*“label” is the name of the task - this can be changed to whatever makes the most sense
*“type” specifies that the command should be run in a shell - required
*“command” is the command to execute in the shell - required
*“problemMatcher” used to auto-format the output,
*“args” specifies the arguments to be passed to the command at execution
*“value” contains the actual arguments
**-jar specifies the jar to execute
***Replace 'path/to/globalyzer-lite.jar' with the absolute path to your globalyzer-lite.jar.
***‘C:\Lingoport\globalyzer-lite-x.y.z\globalyzer-lite.jar’
**-f is the name of the Project Definition file
***Replace the ‘/path/to/LiteProjectDefinition.xml’ with the workspace relative path of your Project Definition file
***E.g. ${workspaceFolder}/lingoport/LiteProjectDefinition.xml
**--project-path is the path of this project
***Leave this as the ${workspaceFolder} VSCode environment variable
**--scan-items Overrides the default settings for which files and directories to scan
***Use ${file} to scan only the currently selected file in VSCode
**--console-output prints scan report output to console with specified format.
***Leave as "visual-studio" - format report output for visual studio. This allows the user to click on a candidate issue in the output and jump to its location within a file.
*“quoting” specifies how to handle quoting within the args - required as “weak”
*“presentation” configures how the workspace should handle displaying the task as it executes
*“problemMatcher” uses a regular expression to extract the problems found in the scan and display them in the problems panel

===To Execute a Scan on the Current Opened File:===
1.Select “Terminal->Run Task” and choose the GlobalyzerLite task from the list in the modal window

2.Scan will execute in a VSCode terminal panel and display problems in the problems panel if any are found. Terminal output and problem panel screenshots on next page.
[[File:Vccode5.png|700px]]
[[File:Vccode6.png|700px]]

Vulnerability Remediation

2022-01-21T16:36:03Z

Masnes: /* Lingoport's Response to Major Software Vulnerabilities */

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17.1 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.1.

==== 1. Remove previous patch files, ''if any'' ====

If you applied patches previously, you may have log4j 2.15, 2.16, or 2.17.0 files. They are likely under the /tmp directory, as per our instructions.
* Navigate to /tmp
cd /tmp
* Remove the files. For instance,
ls apache-log4j*.zip
rm apache-log4j*.zip
rm -rf /tmp/apache-log4j-2.15.0-bin/
rm -rf /tmp/apache-log4j-2.16.0-bin/
rm -rf /tmp/apache-log4j-2.17.0-bin/

If previous patches were not applied, this step is not necessary.

==== 2. Check the status of your system before the fix ====

Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

==== 3. Retrieve log4j 2.17.1 ====

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.zip
unzip apache-log4j-2.17.1-bin.zip
</pre>

==== 4. Replace other log4j instances on your system with 2.17.1 ====

The following script will replace vulnerable log4j libraries with 2.17.1. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.1-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17.1 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.1.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.1-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

==== 5. Check the status after the fix ====
You may wish to run the check script from #2 a second time to validate the fix.
Please note that the log4j 1.x are being worked on for our upcoming release (codename 'Ireland').

==== 6. Please reboot your system ====
Reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-30T21:29:21Z

Masnes: /* 1. Remove previous patch files, if any */

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17.1 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.1.

==== 1. Remove previous patch files, ''if any'' ====

If you applied patches previously, you may have log4j 2.15, 2.16, or 2.17.0 files. They are likely under the /tmp directory, as per our instructions.
* Navigate to /tmp
cd /tmp
* Remove the files. For instance,
ls apache-log4j*.zip
rm apache-log4j*.zip
rm -rf /tmp/apache-log4j-2.15.0-bin/
rm -rf /tmp/apache-log4j-2.16.0-bin/
rm -rf /tmp/apache-log4j-2.17.0-bin/

If previous patches were not applied, this step is not necessary.

==== 2. Check the status of your system before the fix ====

Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

==== 3. Retrieve log4j 2.17.1 ====

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.zip
unzip apache-log4j-2.17.1-bin.zip
</pre>

==== 4. Replace other log4j instances on your system with 2.17.1 ====

The following script will replace vulnerable log4j libraries with 2.17.1. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.1-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17.1 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.1.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.1-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

==== 5. Check the status after the fix ====
You may wish to run the check script from #1 a second time to validate the fix.
Please note that the log4j 1.x are being worked on for our upcoming release (codename 'Ireland').

==== 6. Please reboot your system ====
Reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-30T21:17:39Z

Masnes:

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17.1 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.1.

==== 1. Remove previous patch files, ''if any'' ====

If you applied patches previously, you may have log4j 2.15 or 2.16 files. They are likely under the /tmp directory, as per our instructions.
* Navigate to /tmp
cd /tmp
* Remove the files. For instance,
ls apache-log4j*.zip
rm apache-log4j*.zip
rm -rf /tmp/apache-log4j-2.15.0-bin/
rm -rf /tmp/apache-log4j-2.16.0-bin/

If previous patches were not applied, this step is not necessary.

==== 2. Check the status of your system before the fix ====

Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

==== 3. Retrieve log4j 2.17.1 ====

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.zip
unzip apache-log4j-2.17.1-bin.zip
</pre>

==== 4. Replace other log4j instances on your system with 2.17.1 ====

The following script will replace vulnerable log4j libraries with 2.17.1. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.1-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17.1 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.1.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.1-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

==== 5. Check the status after the fix ====
You may wish to run the check script from #1 a second time to validate the fix.
Please note that the log4j 1.x are being worked on for our upcoming release (codename 'Ireland').

==== 6. Please reboot your system ====
Reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-30T21:16:53Z

Masnes: /* 4. Replace other log4j instances on your system with 2.17 */

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.

==== 1. Remove previous patch files, ''if any'' ====

If you applied patches previously, you may have log4j 2.15 or 2.16 files. They are likely under the /tmp directory, as per our instructions.
* Navigate to /tmp
cd /tmp
* Remove the files. For instance,
ls apache-log4j*.zip
rm apache-log4j*.zip
rm -rf /tmp/apache-log4j-2.15.0-bin/
rm -rf /tmp/apache-log4j-2.16.0-bin/

If previous patches were not applied, this step is not necessary.

==== 2. Check the status of your system before the fix ====

Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

==== 3. Retrieve log4j 2.17 ====

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.zip
unzip apache-log4j-2.17.1-bin.zip
</pre>

==== 4. Replace other log4j instances on your system with 2.17.1 ====

The following script will replace vulnerable log4j libraries with 2.17.1. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.1-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.0.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.1-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

==== 5. Check the status after the fix ====
You may wish to run the check script from #1 a second time to validate the fix.
Please note that the log4j 1.x are being worked on for our upcoming release (codename 'Ireland').

==== 6. Please reboot your system ====
Reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-30T21:16:02Z

Masnes: /* 3. Retrieve log4j 2.17 */

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.

==== 1. Remove previous patch files, ''if any'' ====

If you applied patches previously, you may have log4j 2.15 or 2.16 files. They are likely under the /tmp directory, as per our instructions.
* Navigate to /tmp
cd /tmp
* Remove the files. For instance,
ls apache-log4j*.zip
rm apache-log4j*.zip
rm -rf /tmp/apache-log4j-2.15.0-bin/
rm -rf /tmp/apache-log4j-2.16.0-bin/

If previous patches were not applied, this step is not necessary.

==== 2. Check the status of your system before the fix ====

Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

==== 3. Retrieve log4j 2.17 ====

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.1/apache-log4j-2.17.1-bin.zip
unzip apache-log4j-2.17.1-bin.zip
</pre>

==== 4. Replace other log4j instances on your system with 2.17 ====

The following script will replace vulnerable log4j libraries with 2.17. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.0-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.0.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.0-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

==== 5. Check the status after the fix ====
You may wish to run the check script from #1 a second time to validate the fix.
Please note that the log4j 1.x are being worked on for our upcoming release (codename 'Ireland').

==== 6. Please reboot your system ====
Reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-30T21:15:49Z

Masnes: /* 2. Check the status of your system before the fix */

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.

==== 1. Remove previous patch files, ''if any'' ====

If you applied patches previously, you may have log4j 2.15 or 2.16 files. They are likely under the /tmp directory, as per our instructions.
* Navigate to /tmp
cd /tmp
* Remove the files. For instance,
ls apache-log4j*.zip
rm apache-log4j*.zip
rm -rf /tmp/apache-log4j-2.15.0-bin/
rm -rf /tmp/apache-log4j-2.16.0-bin/

If previous patches were not applied, this step is not necessary.

==== 2. Check the status of your system before the fix ====

Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17.1"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

==== 3. Retrieve log4j 2.17 ====

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.0/apache-log4j-2.17.0-bin.zip
unzip apache-log4j-2.17.0-bin.zip
</pre>

==== 4. Replace other log4j instances on your system with 2.17 ====

The following script will replace vulnerable log4j libraries with 2.17. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.0-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.0.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.0-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

==== 5. Check the status after the fix ====
You may wish to run the check script from #1 a second time to validate the fix.
Please note that the log4j 1.x are being worked on for our upcoming release (codename 'Ireland').

==== 6. Please reboot your system ====
Reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-20T20:25:31Z

Masnes: /* Apache Log4j Security Vulnerabilities */

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.

0. Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

1. Retrieve log4j 2.17:

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.0/apache-log4j-2.17.0-bin.zip
unzip apache-log4j-2.17.0-bin.zip
</pre>

2. Replace other log4j instances on your system with 2.17

The following script will replace vulnerable log4j libraries with 2.17. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"

if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.0-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.0.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.0-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"
exit 1
fi

</pre>

3. You may wish to run the check script from #0 a second time to validate the fix.

4. Please reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.

Vulnerability Remediation

2021-12-20T17:54:09Z

Masnes:

= Lingoport's Response to Major Software Vulnerabilities =

== Apache Log4j Security Vulnerabilities ==

A major security vulnerability allowing for remote code execution on affected systems.

See: https://logging.apache.org/log4j/2.x/security.html

=== Lingoport Response ===

Pending further action, Lingoport has shut down all non-critical systems.

Critical systems have been patched to remove all copies of log4j 2.x with log4j 2.17 followed by a hard reboot.

=== For Lingoport Clients ===

The below scripts may be used in conjunction to replace all log4j 2.x with log4j 2.17.

0. Check if your system is vulnerable with the following script, which will search your system for vulnerable libraries.

This script is designed to be run as root, or via sudo:

<pre>
#!/bin/bash

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" == *"-1."* ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo "Vulnerable: $log4j_jar"
else
echo "Outdated: $log4j_jar"
fi
done <<< "$(find / -name 'log4j*.jar')"
</pre>

1. Retrieve log4j 2.17:

<pre>
cd /tmp/
curl -O https://dlcdn.apache.org/logging/log4j/2.17.0/apache-log4j-2.17.0-bin.zip
unzip apache-log4j-2.17.0-bin.zip
</pre>

2. Replace other log4j instances on your system with 2.17

The following script will replace vulnerable log4j libraries with 2.17. It searches your system for the vulnerable libraries, and replaces any that are found.

This script is designed to be run as root or via sudo.

<pre>

#!/bin/bash

set -e

if [ "$EUID" -ne 0 ]
then echo "Please run $0 as root"
exit
fi

strip_version() {
target="$1"
echo "$target" | sed -E 's|-[0-9.]+.jar|-|'
}

note_not_replaced() {
target="$1"
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 "unable to replace vulnerable $log4j_jar"
exit_="1"
else
echo >&2 "unable to replace $log4j_jar (note: vuln not detected)"
fi
}

if [[ ! -d /tmp/apache-log4j-2.17.0-bin/ ]] ; then
echo >&2 "Please retrieve apache log4j 2.17 and unzip it in /tmp before running this script"
exit 1
fi

while read -r log4j_jar ; do
if [[ -z "$log4j_jar" ]] ; then
continue
fi
if [[ "$log4j_jar" == *"-2.17"* ]] ; then
echo "Up to date: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*-1([0-9.]+).jar ]] ; then
echo "1.x - safe: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^0-9]*(slf4j)?[^0-9]*.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable versionless "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring versionless: $log4j_jar"
continue
fi
if [[ "$log4j_jar" =~ .*\/log4j[^-]*[0-9.]+.jar ]] ; then
if unzip -l "$log4j_jar" | grep -q JndiLookup.class ; then
echo >&2 Cannot replace vulnerable strange-versioned "$log4j_jar"
export exit_=1
continue
fi
echo "ignoring strange-versioned: $log4j_jar"
continue
fi
user_group="$(stat -c "%U:%G" "$log4j_jar")"
without_version="$(strip_version "$log4j_jar")"
patched_jar="$(basename "$without_version")2.17.0.jar"
base_dir="$(dirname "$log4j_jar")"
echo "replace $log4j_jar ($user_group) - with $patched_jar"
set -x
cp /tmp/apache-log4j-2.17.0-bin/"$patched_jar" "$base_dir" || {
set +x
note_not_replaced "$log4j_jar"
continue
}
chown "$user_group" "$base_dir/$patched_jar"
mv "$log4j_jar" "$log4j_jar.orig.vulnerable"
set +x
done <<< "$(find / -name 'log4j*.jar')"

if [[ "${exit_}" == "1" ]] ; then
echo "Failed!"

</pre>

3. You may wish to run the check script from #0 a second time to validate the fix.

4. Please reboot your system after replacing your libraries. This will ensure that the patch becomes fully effective.

== FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter ==

In versions prior to Ireland, if the console output of a Localyzer project shows the following type of error:

FATAL: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
java.lang.NoClassDefFoundError: Could not initialize class com.lingoport.common.velocity.LingoportVelocityWriter
at com.lingoport.plugins.jenkinsgyzrlrmplugin.BuildLRM.saveProjectSettings(BuildLRM.java:860)

or if the error is like:

FATAL: org/apache/log4j/Logger
java.lang.ClassNotFoundException: org.apache.log4j.Logger
at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1393)
at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1348)
at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1094)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
Caused: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
at com.lingoport.common.velocity.LingoportVelocityWriter.<clinit>(LingoportVelocityWriter.java:45)

it is likely that a Log4j is actually missing from the classpath. In that case,

copy the lingoport/LRM-server-xx/lib/log4j-x.y.z.jar to /var/lib/jenkins/plugins/jenkins-gyzr-lrm-plugin/WEB-INF/lib/.

This should only happen with versions prior to Ireland.