Logo Sonatype CLM The CLM Book - Optimized Component Lifecycle Management with Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Release Notes
Document Descriptions and PDFs
Upgrade Instructions

Sonatype CLM Server
Installation and Configuration
Security Administration
Policy Management
Dashboard
Application Composition Report
REST APIs

Enforcement Points
Continuous Integration (CI)
IDE
Nexus
SonarQube

The CLM Book (All Guides)
Optimized Component Lifecycle Management with Sonatype CLM

The CLM Book - Optimized Component Lifecycle Management with Sonatype CLM

2.3. Configuration

The main configuration file for the CLM server installation is a YML formatted file called config.yml found in the installation directory. CLM server is an application running on a Dropwizard server.

In addition a number of configuration steps can be taken within the running server user interface.

This section will discuss various configuration options in the config file as well as some other configuration scenarios. When editing the file it is important to preserve the indentations, since they are significant for the resulting values created when parsing the configuration file. Generic configuration information can be found in the Dropwizard User Manual.

[Tip]

The config.yml format does not support tab characters. Use an editor that displays special characters like tabs when editing the file.

2.3.1. Initial Configuration of CLM Server

Beside the license installation mentioned earlier, there are a few further configuration steps you should consider before diving right into using the CLM server. You can configure various aspects in the CLM System Preferences section of the CLM server user interface, which you can access by clicking on the System Preferences icon figs/web/clm-server-system-preferences-icon.png located in the top right of the CLM Header/Screen (resembles a cog/gear) and choose the desired option to configure:

  • Configure Users and Global Roles in the Security section of the left-hand navigation menu, potentially combined with LDAP configuration available in the Configuration section. Read more about the security setup outlined in the security documentation.
  • Configure Proprietary Packages so that the CLM server can distinguish your own code from other unknown components. Refer to the component match and identification documentation in the report user guide for more information.
  • Inspect or update or configure your Product License

2.3.2. Running the CLM Server Behind a HTTP Proxy Server

Many organizations filter, control and optimize access to the internet via a proxy server. Any server or even any computer within the organization is forced to connect to the internet via the proxy server. The Sonatype CLM Server needs to communicate with the Sonatype CLM backend services hosted on the internet.

To allow the CLM server to connect via a proxy, you have to specify the connection details in the proxy section of the config.yml file displayed in Proxy Configuration in config.yml.

Proxy Configuration in config.yml 

proxy:
    hostname: "127.0.0.1”
    port: 80
    username: "anonymous”
    password: "guest"

If your proxy server is based on whitelisted URLs, you can use the following list of URLs to ensure that the CLM server can reach all the required services.

2.3.3. Setting the Base URL

If your CLM server is accessed via a https proxy or a proxy server that changes the http port or for other reasons can potentially not determine what the authoritative URL to access the server itself is, you need to configure the baseUrl parameter.

baseUrl: http://clm-server.example.com/

It is used by the server for any user facing links e.g. located in email notifications sent by the server to direct users to the server.

2.3.4. File Configuration

Sonatype CLM Server stores various files and data related to its operations in a work directory. By default this data is stored in a sonatype-work/clm- server/ directory in the path the server runs. The directory is configurable using the sonatypeWork field in File Configuration in config.yml.

File Configuration in config.yml 

sonatypeWork: ./sonatype-work/clm-server

In addition, Sonatype CLM Server uses the system temporary directory during its operation. This folder varies by operating system but is usually controlled by an environmental variable. If a specific directory needs to be used, the CLM Server can be started with a command line flag as such:

cd /opt/sonatype-clm-server
java -jar -Djava.io.tmpdir=/path/to/tmpdir sonatype-clm-server-1.11.0-01.jar server config.yml

Note that the user account which the server runs under must have sufficient access rights to both the work and temporary directory in order for Sonatype CLM Server to function properly.

2.3.5. Email Configuration

The Sonatype CLM Server can be configured to send email notifications for events such as policy violations. This functionality requires an SMTP server available to the CLM server.

To allow the CLM server to send emails, you have to specify the connection details to the SMTP server in the mail section of the config.yml file displayed in Mail Configuration in config.yml.

Mail Configuration in config.yml 

mail:
    hostname: your.mailserver.com
    port: 465
    username: user@company.com
    password: password
    tls: true
    ssl: true
    systemEmail: "SonatypeCLM@localhost"

The connection details are established with hostname and port and optionally with the addition of username, password, tls and ssl. The systemEmail parameter will be used as the sender email for any emails the CLM server sends.

2.3.6. Logging Configuration

The CLM server application logging can be configured in the logging section of the config.yml file. By default a log directory is created in the installation directory and the clm-server.log is rotated. Further logging configuration is documented in the Dropwizard manual.

2.3.7. HTTP Configuration

The HTTP configuration in config.yml is displayed in HTTP Configuration in config.yml. The port parameter for the CLM server allows you to set the port at which the application is available. The adminPort exposes the operational menu. Both ports can be freely changed to other values, as long as these port numbers are not used and in the allowed range of values greater than 1024.

HTTP Configuration in config.yml 

http:
    port: 8070
    adminport: 8071

2.3.8. HTTPS/SSL

One option to expose the CLM server via https, is to use an external server like Apache httpd or nginx and configure it for reverse proxying the external connections via https to internal http connection. This reverse proxy can be installed on the same server as the Sonatype CLM server or a different server and numerous tutorials for this setup are available on the internet.

A second option is to directly configure SSL support for Dropwizard by modifying the http: segment in the config.yml file following the example in HTTPS Configuration in config.yml.

HTTPS Configuration in config.yml 

http:
  port: 8443
  adminport: 8471

  connectorType: nonblocking+ssl

  ssl:
    keyStore: /path/to/your/keystore/file
    keyStorePassword: yourpassword

The keystore file can be generated and managed with the keytool. Further documentation is available in the Dropwizard documentation and the documentation for keytool.