Installation

Sandbox Environment

It is recommended that you prepare a sandbox environment to test your Tasktop Integration Hub configuration before deploying it in production. This sandbox environment should include a sandbox server to install Tasktop Integration Hub on, and sandbox instances of all repositories you will be integrating, with the same project structure and customizations as, and a comparable number of artifacts to, your production repositories.

After you have configured Tasktop Integration Hub on the sandbox server and are happy with the way it is running against your sandbox repositories, you can install Tasktop Integration Hub on your production server and recreate the configuration against your production repositories.

Installation

Where to Download Tasktop Integration Hub

To get the latest version of Tasktop Integration Hub, first create an account on our Customer Portal, then contact your Solutions Architect or Tasktop Support to be enabled for the latest Tasktop Integration Hub download for your account.

Once logged in to the Customer Portal, click the 'Product Downloads' button.  This will lead you to the Downloads section, where you will be able to download the latest version of Tasktop Integration Hub.

Click 'Product Downloads' in the Customer Portal

Downloads Page



Installation on Windows

Click on the 'Windows' download link on the Product Downloads page of the Customer Portal.

You will be provided with an installation package for Tasktop Integration Hub as a standard Windows MSI installer.  If prompted, click 'Save File,' and then open the file once it downloads.

Run Installer

Install Wizard

You will then be lead through the installation wizard.  Follow the prompts to install Tasktop.

(warning) Note: If you change the location of the ProgramData directory to an alternate location, do not include spaces in the name of the new directory.  If the directory has spaces in its name, Tasktop's UI will not be accessible.

To start Tasktop, click the 'Start' menu, and select 'Start Tasktop'.  This will start both Tasktop and User Management services.  To stop both services click on the 'Stop Tasktop' shortcut.

(warning) The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes, however this SSL certificate is insecure. Before use in a production environment, the provided SSL certificate must be replaced.   Please see details in the SSL Certificate Installation section below.

(lightbulb) Please make sure you follow the steps in the Getting Started section upon starting up Tasktop Integration Hub for the first time.

Start Tasktop

Installation on Linux

For Direct Customers

Click on the 'Linux' download link on the Product Downloads page of the Customer Portal.

You will be provided with an installation package for Tasktop Integration Hub as a .tar.gz archive.

To extract this archive to your desired location, copy the archive to the correct location on your Linux system ((warning) You must choose a location with no spaces in its path) and use following command to extract:

$ tar -xzvf tasktop-linux-x64-<version>.tar.gz

To start Tasktop Integration Hub, run the start-tasktop.sh script from the installation directory (see note on permissions below). This will start both Tasktop and User Management services.  To stop both services, use the stop-tasktop.sh script in the same folder.

(lightbulb) Please make sure you follow the steps in the Getting Started  section upon starting up Tasktop Integration Hub for the first time.

For OEM Customers

You will be provided with an installation package for Tasktop Integration Hub with no file extension in the name. 

To execute the file, run these commands:

chmod +x tasktop-linux-x64-<version>
./tasktop-linux-x64-<version>

Once you approve the End User License Agreement that pops up, the file will automatically unzip, allowing you to run Tasktop Integration Hub.

To start Tasktop Integration Hub, run the start-tasktop.sh script from the installation directory (see note on permissions below). This will start both Tasktop and Keycloak User Management services.  To stop both services, use the stop-tasktop.sh script in the same folder.

(warning) The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes, however this SSL certificate is insecure. Before use in a production environment, the provided SSL certificate must be replaced.   Please see details in the SSL Certificate Installation section below.

(lightbulb) Please make sure you follow the steps in the Getting Started  section upon starting up Tasktop Integration Hub for the first time.

Note on Permissions

We recommend creating a dedicated user for running Tasktop Integration Hub. We do not recommend running Tasktop Integration Hub as root, because doing so may create files that cannot be accessed when running as any other user, and because running any application on a Linux system as root is generally a bad security practice.

For this reason, start-tasktop.sh will not start if it detects the current user is root.

If you wish to run Tasktop Integration Hub as root despite these risks, you can do so by deleting or commenting lines 3-7 of start-tasktop.sh, as shown below

#!/bin/sh
#if [ "`id -u`" -eq "0" ]
#then
#    echo "Tasktop should not be run as root"
#    exit 1
#fi
currentdir="$( cd "$(dirname "$0")" ; pwd -P )"
keycloak_running() {
  pgrep -n -f "${currentdir}"/keycloak/bin/standalone.sh
}

Tasktop Integration Hub Service on Linux

There are multiple ways to configure a Tasktop Service that starts automatically on system startup. It is recommended to use a dedicated account for running Tasktop Integration Hub. Here are examples for SysVinit and Systemd.

Tasktop Integration Hub Service with Systemd
  1. Navigate to /etc/systemd/system
  2. Create a new file named tasktop.service
  3. Paste the following into that file 

    # Systemd unit file for tasktop
    [Unit]
    Description=Tasktop Integration Hub
    After=syslog.target network.target
     
    [Service]
    Type=forking
     
    ExecStart=/path/to/tasktop/start-tasktop.sh
    ExecStop=/path/to/tasktop/stop-tasktop.sh
     
    User=user
    Group=group
     
    [Install]
    WantedBy=multi-user.target


    a. Be sure to change both instances of '/path/to/tasktop' to the full path to your Tasktop Integration Hub installation directory
    b. Be sure to change the User and Group variables to the username and group of the account you want to run the Tasktop Integration Hub service

  4. Reload Systemd 

    $ systemctl daemon-reload
  5. Enable the new Tasktop Integration Hub service to start on system startup 

    $ systemctl enable tasktop

To manually start and stop the Tasktop Integration Hub Service, use the following commands: 

$ systemctl start tasktop
$ systemctl stop tasktop


Tasktop Integration Hub Service with SysVinit
  1. Navigate to /etc/init.d
  2. Create a new file named tasktop
  3. Paste the following into that file: 

    #!/bin/bash
    # description: Tasktop Start Stop Restart
    # processname: tasktop
    # chkconfig: 2345 20 80
    TASKTOP_HOME=/path/to/tasktop
    case $1 in
    start)
    sh $TASKTOP_HOME/start-tasktop.sh
    ;;
    stop)
    sh $TASKTOP_HOME/stop-tasktop.sh
    ;;
    restart)
    sh $TASKTOP_HOME/stop-tasktop.sh
    sh $TASKTOP_HOME/start-tasktop.sh
    ;;
    esac
    exit 0


    a. Be sure to change the TASKTOP_HOME variable to the full path to your Tasktop Integration Hub installation directory
    b. You may also wish to change the chkconfig run levels and start and stop priorities

  4. Set the permissions of Tasktop to make it executable 

    $ chmod 755 tasktop
  5. Use the chkconfig utility to make Tasktop Integration Hub start at system startup (you may wish to change the run levels in this command) 

    $ chkconfig --add tasktop
    $ chkconfig --level 2345 tasktop on

To manually start and stop the Tasktop Integration Hub Service, use the following commands: 

$ service tasktop start
$ service tasktop stop
$ service tasktop restart


SSL Certificate Installation 

(warning) The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes and should be replaced after installation.

Replacing the default SSL certificate used by Tasktop Integration Hub involves the following:


(lightbulb) The Tasktop and Keycloak SSL configuration require a JKS format keystore. If your corporate CA provides a JKS keystore file for you, skip ahead to the “Configure Tasktop to use the keystore” section and follow those steps using the JKS keystore file from your CA. If your CA instead requires you to provide a CSR and returns a certificate response to you, use the following steps to generate your own keystore file and CSR:
    • Create a Java keystore file and generate a new key pair.

    • Generate a certificate request file.

    • Submit the file to a Certificate Authority (CA) and obtain the certificate and CA certificate trust chain.

    • Import the certificates to the keystore file.

  • Configure Tasktop to use the keystore (i.e., new key and certificate).

The SSL certificate should contain DNS names that the Tasktop server is accessible at.  The user's browser will verify that the name in the address bar matches one of the names in the certificate. Certificate Authority may be your internal corporate service, or you may use a public CA, such as Comodo or Let’s Encrypt. If you are planning to use a certificate from a public CA, your Tasktop instance must have a publicly recognizable DNS name that is owned by your organization.

Your Certificate Authority will have more detailed instructions on creating and importing certificates. SSL-related instructions on this page are provided as a reference only. These instructions are based on the use of a GUI tool Portecle, which can be downloaded from: http://portecle.sourceforge.net/. Tasktop does not provide support for this third party tool beyond the instructions below. You can create the Java keystore file on any machine and move the file to the server running Tasktop software; there is no need to install Portecle on the server running Tasktop.

If you cannot use Portecle and need to utilize standard Java command line utility keytool, please refer to Tomcat documentation here: https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html. When following the documentation, use JRE installed together with Tasktop software in the Tasktop installation directory (default C:\Program Files\Tasktop). Tasktop’s server.xml file is located in Tasktop data directory (default: C:\ProgramData\Tasktop, or the location where Tasktop is installed on Linux) under container/conf/server.xml

Prepare a Java keystore file with all the keys and certificates 

To replace Tasktop’s default SSL certificate using Portecle, follow the instructions below.  Details on accessing Portecle can be found in the section above.

  1. Create a new key pair and a keystore:

    1. Start Portecle and click New Keystore button in the toolbar. Select JKS as the keystore type:

    2. Click Generate Key Pair in the toolbar. Leave the default settings for 2048 bit RSA key, or pick different settings if required by your company’s security policy:

    3. In the Generate Certificate Dialog, enter the Fully Qualified Domain Name (FQDN) of your Tasktop server in the Common Name (CN) field and fill in the other fields as appropriate. In the Subject Alternative DNS Name field, fill in the alternative domain name of the server if one exists. Your certificate should include all DNS names that your users might use to connect to Tasktop. For internal corporate CA you can also use “short” names (i.e., tasktop, in addition to tasktop.acme.corp). In CA lingo, these additional DNS names are called Subject Alternative Names, or SAN. You can specify one SAN at this point, and can usually add more names later when submitting your request to the CA:

    4. Enter “tomcat” as alias:

    5. Create a new password for the key pair (you will need it later when configuring Tomcat):

    6. You should see your newly created key pair in the list:

    7. Click Save Keystore in the toolbar to save the newly created keystore file, use the same password that you entered for the key pair earlier:

  2. To generate certificate request file, also known as Certificate Signing Request or CSR, right click on the “tasktop” key, select Generate Certification Request and save it to a file:

  3. Submit your CSR to a CA to obtain a Certificate. For some CAs you will need to provide the list of all DNS names for your Tasktop server separately as they will ignore the SAN values in the certificate request. See your CA's documentation for detailed instructions.

  4. Import the certificates to the keystore file.

    1. If your CA provided a separate file with the CA certificate or trust chain, import it by selecting 'Import Trusted Certificate' in the toolbar. If your CA provided only one file in response to your CSR, skip to 4b.

    2. Import the server certificate - right click on the “tasktop” key, select Import CA Reply and select the server certificate file received from the CA:

    3. You can verify the certificate chain by selecting menu Tools -> Keystore Report.

Configure Tasktop to use the keystore 

  1. Place your keystore file in a protected location that will not be wiped on Tasktop upgrade. We suggest using Tasktop data directory (default C:\ProgramData\Tasktop, or the home directory of the user that Tasktop service is running as on Linux).
  2. In the Tasktop data directory (default: C:\ProgramData\Tasktop, or the location where Tasktop is installed on Linux), open container/conf/server.xml
    1. Find the SSL HTTP connector configuration(the <Connector> element with protocol="org.apache.coyote.http11.Http11NioProtocol")
    2. Change the  keystoreFile attribute to have the full filesystem path of the new keystore file
    3. Change the keystorePass attribute to the password you entered when generating the new keystore file
  3. Restart Tasktop Integration Hub Service

By default the SSL configuration has been configured to disable known weak ciphers. As new security information becomes available, the list of enabled ciphers should be updated accordingly.

Configure Keycloak User Management to use and trust Tasktop's keystore

There is a section in Keycloak's standalone.xml file (e.g., /keycloak/standalone/configuration/standalone.xml in the Tasktop workspace) that configures its outgoing HTTPS connections to trust the same keystore that Tomcat is using, so that Keycloak can communicate with Tomcat and therefore notify it when users log out of Tasktop. It must be updated to match any changes in the keystore's name, location, or password:

<spi name="truststore"> 
        <provider name="file" enabled="true"> 
          <properties> 
            <property name="file" value="${jboss.home.dir}/../../insecureKeystore"/>
            <property name="password" value="changeit"/> 
            <property name="hostname-verification-policy" value="ANY"/> 
            <property name="disabled" value="false"/> 
          </properties> 
        </provider> 
      </spi> 

Port Configuration

By default, Tasktop utilizes the ports listed in the table below.

If any of those ports are already being utilized for other purposes, you will need to change them. To view a list of all ports being used on your system, you can use the netstat-a command.  This will help you determine which available ports you would like to use for Tasktop.

Here is a summary of each port Tasktop utilizes and the location where you can change it if it is already being used:

PortLocationPurpose

8080

8443

container/conf/server.xml 

More details here

Default port Tasktop uses for HTTP (8080) / HTTPS (8443)

8081

8444

keycloak/standalone/configuration/standalone.xml

For 8081, user must additionally change the Java properties in the Tasktop application.



User Management (Keycloak) HTTP Ports

Additional Keycloak Ports:

  • 9990
  • 9993
  • 8009
  • 4712
  • 4713
  • 25

More details here

(note: the following ports have been modified from the Keycloak defaults: 8080→8081, 8443→ 8444)

keycloak/standalone/configuration/standalone.xml

For 9990, you must also update the port referenced in /keycloak/bin/jboss-cli.xml.

User Management (Keycloak)

More details here

8005container/conf/server.xmlTomcat Shutdown Port

Tasktop Integration Hub 

The default port Tasktop uses is 8443 for HTTPS and 8080 for HTTP which redirects to HTTPS. You may wish to change these ports to ease access for your users, or to accommodate a proxy. To change these ports, follow these instructions:

  1. In the Tasktop workspace (default: C:\ProgramData\Tasktop), open container/conf/server.xml  
    1. Note: You may need to right click and select 'Edit with Notepad,' or some other similar option in order to edit the file.
      Edit with Notepad
  2. To change the HTTP port:

    1. Find the HTTP connector configuration (the <Connector> element with protocol="HTTP/1.1").

    2. Change the port attribute to the port you wish to use (e.g. to use port 8888: <Connector port="8888" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />).
      Update Port Value
    3. Save the file.
    4. After changing the port, you will need go into the User Administration Console and adjust the client to the new port (e.g., https://localhost:8443).Adjust the Client
  3. To change the HTTPS port
    1. Find the HTTP connector configuration (the <Connector> element with protocol="HTTP/1.1").
    2. Change the redirectPort attribute to the port you wish to use (e.g. to use port 9443: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="9443" />).
    3. Find the SSL HTTP connector configuration(the <Connector> element with protocol=protocol="org.apache.coyote.http11.Http11NioProtocol").
    4. Change the port attribute to the port you wish to use (e.g. to use port 9443: <Connector port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol" ... />).
    5. After changing the port, you will need go into the User Administration Console and adjust the client to the new port (e.g., https://localhost:8443). Adjust the Client

If you change the port, the address used to access Tasktop (i.e., http://localhost:8080) will need to be updated with the new port number in place of '8080.'

Please refer to the official documentation for additional configuration options: http://tomcat.apache.org/tomcat-8.5-doc/config/http.html

User Management 

The default port for User Management is 8081.  However, users can change the port that User Management (Keycloak) utilizes by following the instructions here.  If your User Management (Keycloak) utilizes a port other than 8081, you can instruct Tasktop to access User Management (Keycloak) via the correct port by following the instructions below.

Note: If you change the default jboss management-http port setting in the /keycloak/standalone/configuration/standalone.xml to something other than 9990, you must also update the port referenced in /keycloak/bin/jboss-cli.xml.

Windows
  1. Go to Manage Tasktop>Java>Java Options
  2. You will see the Keycloak port listed here.  If desired, edit the port number to change the default port.

Linux
  1. Open Tasktop/container/bin/setenv.sh.
  2. You will see the Keycloak port listed here.  If desired, edit the port number to change the default port.

Change User Management Port on Linux

Getting Started 

Once installation is complete, you can begin using Tasktop Integration Hub by opening https://localhost:8443 in any of our supported browsers.  

Before logging on to Tasktop, you must log into the User Administration Console in order to create your admin user(s).  The Tasktop User Administration Console can be accessed via the 'User Administration Console' link, at the bottom of the Tasktop Integration Hub sign-in page.  Please review the User Management section for detailed instructions on how to create a user, log in, and manage your user accounts.

Once logged in, you will be prompted to set a Master Password, which will be used to encrypt your repository credentials.

You will also need to apply your license before configuring your integrations.  You can learn how to apply your license here.


Default File Locations 


Default File Locations on Windows

When Tasktop Integration Hub is installed on Windows using the MSI installer, the program files (i.e. the executable files and binaries) are located in C:\Program Files\Tasktop, and the configuration files and logs are located in C:\ProgramData\Tasktop (ProgramData may be a hidden folder, so you will need to change your Windows Explorer settings to show hidden files and folders to find it).

(warning) Note: If you change the location of the ProgramData directory to an alternate location, do not include spaces in the name of the new directory.  If the directory has spaces in its name, Tasktop's UI will not be accessible.

Default File Locations on Linux

When Tasktop Integration Hub is installed on Linux, the program files (i.e. the executable files and binaries), configuration files, and logs are all located in the installation directory where you extracted the distribution archive.

(warning) You must choose a location with no spaces in its path.Otherwise, Tasktop's UI will not be accessible.

Repository Preparations

Preparing Your Repositories

In Tasktop, the term, 'repository,' is used to refer to the external tools Tasktop connects to, such as Atlassian Jira, ServiceNow, or BMC Remedy.

Before connecting Tasktop Integration Hub to your external repositories, you will need to perform some simple preparation on each repository you will be integrating. This preparation includes creating a user account for Tasktop Integration Hub with the appropriate permissions. Please refer to our Connector Docs for detailed instructions for each repository.

Firewalls and Proxies

If Tasktop is installed behind a firewall, you may need to connect to external repositories (e.g. hosted or cloud ALM tools) through a proxy. To create a connection to such external repositories in Tasktop, you can make Tasktop connect through your proxy by configuring the proxy settings when creating a new repository connection. It is recommended to create login credentials specifically for Tasktop on the proxy server.

(lightbulb) Note that the Proxy Location must be a URL in order for the proxy connection to work. If a .pac script is used in your browser, you will need to open the script and find the URL/port to enter in the Location field.

To use a proxy server, check the 'user proxy server' box and fill in your proxy details in the 'Proxy Server' section on the New Repository Screen:

Proxy Server Configuration