Deploying the AnzoGraph Frontend Console Container

When you run the RHEL/CentOS Installer script program, installation of the frontend console or user interface is available as a program option. However, if you deploy AnzoGraph via the RHEL/CentOS tarball, the frontend console or user interface is not included. The Console can also be installed separately with Docker by deploying the console user interface container using Docker Desktop for Windows or Mac or Docker for Linux.

This topic provides instructions for deploying the frontend container with Docker for Linux and then connecting the frontend to your AnzoGraph cluster. For information on installing the frontend using the RHEL/CentOS Installer script program, see RHEL/CentOS Deployments.

For information about installing Docker, see Docker Installation and Configuration Requirements.

Follow the instructions below to deploy the AnzoGraph front end console on Docker for Linux.

1. If necessary, start Docker with sudo systemctl start docker.

   Docker caches images on the docker host. If you have deployed a front end console container previously, that image is cached on the host and will be used to redeploy the front end console. If you want to deploy the latest release, first pull the latest image. To do so, run the following command, and then proceed to the next step.

   docker pull cambridgesemantics/anzograph-frontend:latest

   You can deploy alternate front end console versions by replacing the "latest" tag with any of the tags that are available on the AnzoGraph Frontend Docker Hub site.

2. Run the following Docker command to deploy the AnzoGraph front end console image. The command instructs Docker to start the container and configure HTTP and HTTPS access to the application by mapping the container ports to the HTTP and HTTPS ports on the local host:

   docker run -d -p host_http_port:8080 -p host_https_port:8443 --name=container_name cambridgesemantics/anzograph-frontend:tag

   The list below describes each of the parameters:

   • host_http_port is the port on the local host to use for HTTP access to the AnzoGraph console user interface. In the container, the console user interface binds to port 8080 for HTTP access. Cambridge Semantics recommends that you specify 80 to map the container's HTTP port to port 80 on the local host. If port 80 is in use, specify an alternate port for host_http_port.
   • host_https_port is the port on the local host to use for HTTPS access to the AnzoGraph console user interface. In the container, the console user interface binds to port 8443 for HTTPS access. Cambridge Semantics recommends that you specify 443 to map the container's HTTPS port to port 443 on the local host. If port 443 is in use, specify an alternate port for host_https_port.
   • container_name is the short name to use to identify the AnzoGraph front end console container. For example, anzograph-frontend.
   • tag is the tag from the AnzoGraph Frontend Docker Hub site that identifies the version of the front end console to deploy. If you pulled an image in the first step, this tag should match the tag from the pull command. Usually the latest tag is specified so the most recent release is deployed.

   For example:

   docker run -d -p 80:8080 -p 443:8443 --name=anzograph-frontend cambridgesemantics/anzograph-frontend:latest

   When the prompt returns the container ID, the container is running. For example:

   7ad7a2c2b60c0b15e75af9f05d41edc665497c58939da561249c9067f04b59fc

3. The front end console is now installed and ready to use. To open the console user interface, open a browser and go to the following URL:

   https://IP_address

   Where IP_address is the IP address of the host server where Docker for Linux is installed. If you mapped the container's HTTPS port to port 443 on the host, you do not need to specify a port. If you specified a port other than 443, include the port in the URL. For example, https://10.100.0.1:8888.

   If you are using Docker for Linux locally on the same server as the AnzoGraph leader node and need to know the IP address of the front end container, you can run the following command:

   docker inspect container_name | grep '"IPAddress"' | head -n 1

   For example:

   docker inspect anzograph-frontend | grep '"IPAddress"' | head -n 1

   "IPAddress": "172.17.0.2"

4. The browser displays the AnzoGraph console's login screen. On the login screen, specify the following credentials and then click Sign In.
   • Username: admin
   • Password: Passw0rd1

   The End User License Agreement (EULA) is displayed.

5. Review the EULA and click Accept to proceed. The Query & Admin Console is displayed.

   

6. The top right of the screen displays the Server Context. Because the user interface was deployed separately and is not associated with a database, the Server Context is "None." Click the Server Context drop-down list and select Manage Context.

   

   The Server Contexts screen is displayed:

   

7. On the Server Contexts screen, click the menu icon () to the right of the default context and select Edit. The Edit Context screen is displayed:

   

8. On the Edit Context screen, configure the connection to your AnzoGraph deployment by supplying the values for the following required fields:
   • IP – Specify the IP address for the AnzoGraph leader server. Even if this Docker container is installed on the AnzoGraph leader node, you must enter the routable IP address for the server.
   • Management Port (gRPC) – This port is the system management communications port. It is set to 5600 by default and is rarely changed. Accept the default value of 5600 unless you have changed the AnzoGraph sysmgr_port setting in <install_path>/azg/config/settings.conf.
   • SPARQL Port (gRPC) – This port is the secure, encrypted, gRPC-based protocol port for sending SPARQL queries and receiving results. It is set to 5700 by default and is rarely changed. Accept the default value of 5700 unless you have changed the anzo_protocol_port setting in <install_path>/azg/config/settings.conf.
   • Bolt Port – This field is for future use. Accept the default value of 0.
   • Concurrency Limit — This parameter specifies the maximum number of concurrent threads allowed per database context for the gRPC connection and queries executed from the front end user interface (also referred to as the Query & Admin Console). The default value is 10.
   • Username – This is the gRPC user name that you created for the connection. How do I generate a gRPC username and password for RHEL/CentOS tarball deployments?
   • Password – This is the password that you created for the gRPC user.
9. When you have supplied all of the connection details, click Test Connection at the bottom of the screen to ensure that the connection is valid. For example:

   

   If the test fails, adjust the values as needed and test the connection again.

10. Click Save to save the connection. At the top of the screen, click the Server Context drop-down list again and select default. The context is now green to show that the console user interface is now connected:

    

You can now use the console user interface to query and manage your AnzoGraph deployment. For more information about the console user interface, see Using the Query & Admin Console.

Configuring the Frontend Console to use LDAP Authentication (Preview)

By default, the front end console is configured to use authentication and authorization credentials maintained by AnzoGraph DB itself. You can also configure the front end console to use a specified LDAP or directory service to authenticate users. In this release, the LDAP configuration is only used to authenticate user access to the console as a Query Console user, the Server Context configuration is still used to connect and access AnzoGraph DB.

To configure the front end console to use LDAP authentication:

1. Select LDAP Configuration from the Server Settings list to display the LDAP Configuration screen.

   

2. On the LDAP Configuration screen, click Edit and then configure the connection to your LDAP directory service by selecting the Enable LDAP Authentication checkbox and then choosing among the various radio button options and supplying values for the required fields. Selecting the Enable LDAP Authentication checkbox enables front end authentication using the the LDAP configuration.

   

   Field entries for the LDAP configuration are the following:

• Enable LDAP Authentication checkbox: Selection that allows you to enable front end authentication using the LDAP configuration.

• Host — Host name or IP address of the LDAP directory server.

• Port — The port used to connect to the LDAP directory server.

• HTTPS radio buttons — Specifies whether the directory server uses an SSL (LDAPS) or a StartTLS protocol connection.

• User Base DN — LDAP distinguished name that contains users than can be authenticated, for example: dc=example,dc=org.

• User Filter Prefix — Property name that a user name is mapped to, for example: cn.

• Search Subtree checkbox — Option to specify whether to search LDAP subtrees.

• Anonymous Bind checkbox — Option to specify whether the AnzoGraph console connects to the directory server anonymously.

• User DN — Full distinguished name of the account that the AnzoGraph console will bind against to perform authentication on the directory server, for example: cn=admin,dc=example,dc=org.

• Password: Password specified for the User DN.

3. When you have supplied all of the connection details, click Test Connection at the bottom of the screen to ensure that the connection with your LDAP directory service can be made.

4. If the test fails, adjust the values as needed and test the connection again.

5. Click Save to save the connection.

The console user interface will now use the LDAP directory service to authenticate console users and provide access to the Query Console portion of the user interface.