Installation and Setup of Diagrams
Prerequisites
- archive with module files
smartMonitorDrawiofor OpenSearch Dashboards - Internet access
Smart Monitor Module Installation Process
Installation on Smart Monitor Dashboards servers is performed with the following command:
sudo -u opensearch /app/opensearch-dashboards/bin/opensearch-dashboards-plugin install file://<path to module archive>
After installing the module, you need to perform the actions listed in the article Plugin Management.
draw.io Installation Process
To use Diagrams, you need to install and connect the draw.io web application.
This article provides an example of deployment via Tomcat.
Java and Tomcat Installation
To use Tomcat, you need to first install Java, then install and start Tomcat:
sudo apt update
sudo apt install -y openjdk-17-jre tomcat10
sudo apt install tomcat10
systemctl enable tomcat10
systemctl start tomcat10
By default, Tomcat uses port 8080. If necessary, the port can be changed in the server configuration file server.xml:
/etc/tomcat10/server.xml
draw.io Installation
To install draw.io, perform the following actions:
- Download the web archive of the application (WAR file) by any convenient method
- Place the downloaded WAR file in the Tomcat deployment directory (for example,
/var/lib/tomcat10/webapps/)
sudo cd /<convenient directory>
sudo wget https://github.com/jgraph/drawio/releases/latest/download/draw.war
sudo mv ./draw.war ./drawio.war
sudo cp ./drawio.war /var/lib/tomcat10/webapps/
After this, Tomcat will automatically deploy the application. It will be available at: http://<host ip address>:8080/drawio
HTTPS Setup
For diagrams to work correctly, draw.io must be accessible via a secure connection (HTTPS). To do this, you need to configure an SSL certificate.
This article provides setup based on Smart Monitor self-signed certificates.
Setup procedure:
- Generate key and CSR:
sudo cd /<convenient directory>
sudo openssl genrsa -out drawio.key 2048
sudo openssl req -new -key drawio.key -out drawio.csr -subj "/CN=<any domain name>"
- Configure SAN file:
sudo cat > san.cnf <<'EOF'
subjectAltName = DNS:<domain name>,IP:<host ip address>
extendedKeyUsage = serverAuth
keyUsage = digitalSignature, keyEncipherment
EOF
- Sign the certificate with Certificate Authority (CA):
sudo openssl x509 -req -in drawio.csr -CA /<path to ca>/ca-cert.pem -CAkey /<path to ca>/ca-key.pem -CAcreateserial -out drawio.crt -days 825 -sha256 -extfile san.cnf
- Configure Keystore (PKCS12) for Tomcat:
sudo openssl pkcs12 -export -in drawio.crt -inkey drawio.key -certfile /<path to ca>/ca-cert.pem -out drawio.p12 -name tomcat -passout pass:<any password for keystore>
- Configure Tomcat to use the created keystore:
sudo mkdir -p /etc/tomcat10/ssl
sudo cp drawio.p12 /etc/tomcat10/ssl/drawio.p12
sudo chown tomcat:tomcat /etc/tomcat10/ssl/drawio.p12
sudo chmod 600 /etc/tomcat10/ssl/drawio.p12
Enabling HTTPS in Tomcat
To connect HTTPS in Tomcat, change the <Connector> parameter in the server configuration file /etc/tomcat10/server.xml inside the <Service> tag:
<Connector port="<any convenient port>"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
maxThreads="200">
<SSLHostConfig>
<Certificate
certificateKeystoreFile="/etc/tomcat10/ssl/drawio.p12"
certificateKeystorePassword="<keystore password>"
certificateKeystoreType="PKCS12"/>
</SSLHostConfig>
</Connector>
After changing the configuration, restart Tomcat:
systemctl restart tomcat10
With successful setup, access to draw.io will be available at: https://<host ip address|selected domain name>:<port specified in Connector>/drawio.
When using a self-signed certificate (as in the example above), before starting work, you need to go to the direct draw.io address in the browser once and confirm trust in the certificate.
Connecting draw.io to Smart Monitor Dashboards
To connect draw.io to Smart Monitor Dashboards, add the following parameter to the configuration file /<path to SMD>/config/opensearch-dashboards.yml:
smart_monitor.drawIoUri: "https://<host ip|selected domain name>:<selected port>"
And restart the service:
sudo systemctl restart opensearch-dashboards