Installation
Sandbox Environment
It is recommended that you prepare a sandbox environment to test your Tasktop Integration Hub configuration before deploying it in production. This sandbox environment should include a sandbox server to install Tasktop Integration Hub on, and sandbox instances of all repositories you will be integrating, with the same project structure and customizations as, and a comparable number of artifacts to, your production repositories.
After you have configured Tasktop Integration Hub on the sandbox server and are happy with the way it is running against your sandbox repositories, you can install Tasktop Integration Hub on your production server and recreate the configuration against your production repositories.
Installation
Where to Download Tasktop Integration Hub
To get the latest version of Tasktop Integration Hub, first create an account on our Customer Portal, then contact your Solutions Architect or Tasktop Support to be enabled for the latest Tasktop Integration Hub download for your account.
Once logged in to the Customer Portal, click the 'Product Downloads' button. This will lead you to the Downloads section, where you will be able to download the latest version of Tasktop Integration Hub.
Installation on Windows
Click on the 'Windows' download link on the Product Downloads page of the Customer Portal.
You will be provided with an installation package for Tasktop Integration Hub as a standard Windows MSI installer. If prompted, click 'Save File,' and then open the file once it downloads.
You will then be lead through the installation wizard. Follow the prompts to install Tasktop.
Note: If you change the location of the ProgramData directory to an alternate location, do not include spaces in the name of the new directory. If the directory has spaces in its name, Tasktop's UI will not be accessible.
To start Tasktop, click the 'Start' menu, and select 'Start Tasktop'. This will start both Tasktop and User Management services. To stop both services click on the 'Stop Tasktop' shortcut.
The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes, however this SSL certificate is insecure. Before use in a production environment, the provided SSL certificate must be replaced. Please see details in the SSL Certificate Installation section below.
Please make sure you follow the steps in the Getting Started section upon starting up Tasktop Integration Hub for the first time.
Installation on Linux
For Direct Customers
Click on the 'Linux' download link on the Product Downloads page of the Customer Portal.
You will be provided with an installation package for Tasktop Integration Hub as a .tar.gz
archive.
To extract this archive to your desired location, copy the archive to the correct location on your Linux system ( You must choose a location with no spaces in its path) and use following command to extract:
$ tar -xzvf tasktop-linux-x64-<version>.tar.gz
To start Tasktop Integration Hub, run the start-tasktop.sh
script from the installation directory (see note on permissions below). This will start both Tasktop and User Management services. To stop both services, use the stop-tasktop.sh
script in the same folder.
Please make sure you follow the steps in the Getting Started section upon starting up Tasktop Integration Hub for the first time.
For OEM Customers
You will be provided with an installation package for Tasktop Integration Hub with no file extension in the name.
To execute the file, run these commands:
chmod +x tasktop-linux-x64-<version>
./tasktop-linux-x64-<version>
Once you approve the End User License Agreement that pops up, the file will automatically unzip, allowing you to run Tasktop Integration Hub.
To start Tasktop Integration Hub, run the start-tasktop.sh
script from the installation directory (see note on permissions below). This will start both Tasktop and Keycloak User Management services. To stop both services, use the stop-tasktop.sh
script in the same folder.
The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes, however this SSL certificate is insecure. Before use in a production environment, the provided SSL certificate must be replaced. Please see details in the SSL Certificate Installation section below.
Please make sure you follow the steps in the Getting Started section upon starting up Tasktop Integration Hub for the first time.
Note on Permissions
We recommend creating a dedicated user for running Tasktop Integration Hub. We do not recommend running Tasktop Integration Hub as root, because doing so may create files that cannot be accessed when running as any other user, and because running any application on a Linux system as root is generally a bad security practice.
For this reason, start-tasktop.sh will not start if it detects the current user is root.
If you wish to run Tasktop Integration Hub as root despite these risks, you can do so by deleting or commenting lines 3-7 of start-tasktop.sh, as shown below
#!/bin/sh #if [ "`id -u`" -eq "0" ] #then # echo "Tasktop should not be run as root" # exit 1 #fi currentdir="$( cd "$(dirname "$0")" ; pwd -P )" keycloak_running() { pgrep -n -f "${currentdir}"/keycloak/bin/standalone.sh }
Tasktop Integration Hub Service on Linux
There are multiple ways to configure a Tasktop Service that starts automatically on system startup. It is recommended to use a dedicated account for running Tasktop Integration Hub. Here are examples for SysVinit and Systemd.
Tasktop Integration Hub Service with Systemd
- Navigate to
/etc/systemd/system
- Create a new file named
tasktop.service
Paste the following into that file
# Systemd unit file for tasktop [Unit] Description=Tasktop Integration Hub After=syslog.target network.target [Service] Type=forking ExecStart=/path/to/tasktop/start-tasktop.sh ExecStop=/path/to/tasktop/stop-tasktop.sh User=user Group=group [Install] WantedBy=multi-user.target
a. Be sure to change both instances of '
/path/to/tasktop'
to the full path to your Tasktop Integration Hub installation directory
b. Be sure to change the User and Group variables to the username and group of the account you want to run the Tasktop Integration Hub serviceReload Systemd
$ systemctl daemon-reload
Enable the new Tasktop Integration Hub service to start on system startup
$ systemctl enable tasktop
To manually start and stop the Tasktop Integration Hub Service, use the following commands:
$ systemctl start tasktop $ systemctl stop tasktop
Tasktop Integration Hub Service with SysVinit
- Navigate to
/etc/init.d
- Create a new file named
tasktop
Paste the following into that file:
#!/bin/bash # description: Tasktop Start Stop Restart # processname: tasktop # chkconfig: 2345 20 80 TASKTOP_HOME=/path/to/tasktop case $1 in start) sh $TASKTOP_HOME/start-tasktop.sh ;; stop) sh $TASKTOP_HOME/stop-tasktop.sh ;; restart) sh $TASKTOP_HOME/stop-tasktop.sh sh $TASKTOP_HOME/start-tasktop.sh ;; esac exit 0
a. Be sure to change the TASKTOP_HOME variable to the full path to your Tasktop Integration Hub installation directory
b. You may also wish to change the chkconfig run levels and start and stop prioritiesSet the permissions of Tasktop to make it executable
$ chmod 755 tasktop
Use the chkconfig utility to make Tasktop Integration Hub start at system startup (you may wish to change the run levels in this command)
$ chkconfig --add tasktop $ chkconfig --level 2345 tasktop on
To manually start and stop the Tasktop Integration Hub Service, use the following commands:
$ service tasktop start $ service tasktop stop $ service tasktop restart
SSL Certificate Installation
The Tasktop application is available via HTTPS on port 8443. A default SSL certificate is provided for testing purposes and should be replaced after installation.
Replacing the default SSL certificate used by Tasktop Integration Hub involves the following:
Create a Java keystore file and generate a new key pair.
Generate a certificate request file.
Submit the file to a Certificate Authority (CA) and obtain the certificate and CA certificate trust chain.
Import the certificates to the keystore file.
Configure Tasktop to use the keystore (i.e., new key and certificate).
The SSL certificate should contain DNS names that the Tasktop server is accessible at. The user's browser will verify that the name in the address bar matches one of the names in the certificate. Certificate Authority may be your internal corporate service, or you may use a public CA, such as Comodo or Let’s Encrypt. If you are planning to use a certificate from a public CA, your Tasktop instance must have a publicly recognizable DNS name that is owned by your organization.
Your Certificate Authority will have more detailed instructions on creating and importing certificates. SSL-related instructions on this page are provided as a reference only. These instructions are based on the use of a GUI tool Portecle, which can be downloaded from: http://portecle.sourceforge.net/. Tasktop does not provide support for this third party tool beyond the instructions below. You can create the Java keystore file on any machine and move the file to the server running Tasktop software; there is no need to install Portecle on the server running Tasktop.
If you cannot use Portecle and need to utilize standard Java command line utility keytool, please refer to Tomcat documentation here: https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html. When following the documentation, use JRE installed together with Tasktop software in the Tasktop installation directory (default C:\Program Files\Tasktop
). Tasktop’s server.xml file is located in Tasktop data directory (default: C:\ProgramData\Tasktop
, or the location where Tasktop is installed on Linux) under container/conf/server.xml
Prepare a Java keystore file with all the keys and certificates
To replace Tasktop’s default SSL certificate using Portecle, follow the instructions below. Details on accessing Portecle can be found in the section above.
Create a new key pair and a keystore:
Start Portecle and click New Keystore button in the toolbar. Select JKS as the keystore type:
Click Generate Key Pair in the toolbar. Leave the default settings for 2118 bit RSA key, or pick different settings if required by your company’s security policy:
In the Generate Certificate Dialog, enter the Fully Qualified Domain Name (FQDN) of your Tasktop server in the Common Name (CN) field and fill in the other fields as appropriate. In the Subject Alternative DNS Name field, fill in the alternative domain name of the server if one exists. Your certificate should include all DNS names that your users might use to connect to Tasktop. For internal corporate CA you can also use “short” names (i.e., tasktop, in addition to tasktop.acme.corp). In CA lingo, these additional DNS names are called Subject Alternative Names, or SAN. You can specify one SAN at this point, and can usually add more names later when submitting your request to the CA:
Enter “tomcat” as alias:
Create a new password for the key pair (you will need it later when configuring Tomcat):
You should see your newly created key pair in the list:
Click Save Keystore in the toolbar to save the newly created keystore file, use the same password that you entered for the key pair earlier:
To generate certificate request file, also known as Certificate Signing Request or CSR, right click on the “tasktop” key, select Generate Certification Request and save it to a file:
Submit your CSR to a CA to obtain a Certificate. For some CAs you will need to provide the list of all DNS names for your Tasktop server separately as they will ignore the SAN values in the certificate request. See your CA's documentation for detailed instructions.
Import the certificates to the keystore file.
If your CA provided a separate file with the CA certificate or trust chain, import it by selecting 'Import Trusted Certificate' in the toolbar. If your CA provided only one file in response to your CSR, skip to 4b.
Import the server certificate - right click on the “tasktop” key, select Import CA Reply and select the server certificate file received from the CA:
You can verify the certificate chain by selecting menu Tools -> Keystore Report.
Configure Tasktop to use the keystore
- Place your keystore file in a protected location that will not be wiped on Tasktop upgrade. We suggest using Tasktop data directory (default
C:\ProgramData\Tasktop
, or the home directory of the user that Tasktop service is running as on Linux). - Open the
tasktop-hub.properties
file and configure the following properties:server.ssl.key-store
- Location where the keystore file existsserver.ssl.key-store-password
- Password of keystore fileserver.ssl.key-store-type
- Type of keystore file (e.g., JKS, PKCS12)
- Restart Tasktop Integration Hub Service
To learn more about creating a
tasktop-hub.properties
file, please see the section below.
By default the SSL configuration has been configured to disable known weak ciphers. As new security information becomes available, the list of enabled ciphers should be updated accordingly.
Configure Keycloak User Management to use and trust Tasktop's keystore
In Tasktop Integration Hub 20.4, both Tomcat and Jboss share the same properties in the tasktop-hub.properties
file as they share the same keystore file. See more details above.
To learn more about creating a
tasktop-hub.properties
file, please see the section below.
Port Configuration
By default, Tasktop utilizes the ports listed in the table below.
If any of those ports are already being utilized for other purposes, you will need to change them. To view a list of all ports being used on your system, you can use thenetstat-a command. This will help you determine which available ports you would like to use for Tasktop.
Here is a summary of each port Tasktop utilizes and the location where you can change it if it is already being used:
Port | Location | Purpose |
---|---|---|
8080 8443 |
#server.redirect.port=8080 More details here | Default port Tasktop uses for HTTP (8080) / HTTPS (8443) |
8081 8444 |
#jboss.https.port=8444 More details here | User Management (Keycloak) HTTP Ports |
Additional Keycloak Ports:
More details here (Note: the following ports have been modified from the Keycloak defaults: 8080→8081, 8443→ 8444) |
#jboss.management.http.port=9990 #jboss.management.https.port=9993 #jboss.txn.recovery.environment.port=4712 #jboss.txn.status.manager.port=4713 #jboss.mail.smtp.port=25 | User Management (Keycloak) More details here |
8005 | tasktop-hub.properties #server.shutdown.port=8005 | Tomcat Shutdown Port |
Tasktop Integration Hub
The default port Tasktop uses is 8443 for HTTPS and 8080 for HTTP which redirects to HTTPS. You may wish to change these ports to ease access for your users, or to accommodate a proxy. To change these ports, follow these instructions:
- Open the tasktop-hub.properties file and configure the following properties:
server.port
- The http or https portserver.redirect.port
- The port that, if accessed, redirects toserver.port
- After changing the port, the address used to access Tasktop (i.e., http://localhost:8080) will need to be updated with the new port number in place of '8080.'
Please refer to the official documentation for additional configuration options: http://tomcat.apache.org/tomcat-8.5-doc/config/http.html
To learn more about creating a tasktop-hub.properties
file, please see the section below.
User Management
The default port for User Management is 8081. However, users can change the port that User Management (Keycloak) utilizes by following the instructions here. If your User Management (Keycloak) utilizes a port other than 8081, you can instruct Tasktop to access User Management (Keycloak) via the correct port by following the instructions below.
- Open the tasktop-hub.properties file and configure the following properties:
jboss.http.port
- Jboss http portjboss.https.port
- Jboss https port
Note: If you change the default jboss management-http port setting in the
/keycloak/standalone/configuration/standalone.xml
to something other than 9990, you must also update the port referenced in /keycloak/bin/jboss-cli.xml.
To learn more about creating a tasktop-hub.properties
file, please see the section below.
Getting Started
Once installation is complete, you can begin using Tasktop Integration Hub by opening https://localhost:8443 in any of our supported browsers.
Before logging on to Tasktop, you must log into the User Administration Console in order to create your admin user(s). The Tasktop User Administration Console can be accessed via the 'User Administration Console' link, at the bottom of the Tasktop Integration Hub sign-in page. Please review the User Management section for detailed instructions on how to create a user, log in, and manage your user accounts.
Once logged in, you will be prompted to set a Master Password, which will be used to encrypt your repository credentials.
You will also need to apply your license before configuring your integrations. You can learn how to apply your license here.
Externalized Configuration
Tasktop enables you to externalize configurations from Tomcat, Jboss/Keycloak, and certain application properties in a single place. This allows you to use property files to override default values such as:
- Jboss: ports (e.g., http, https, management port), Keycloak database paths, Keycloak trust stores, java memory variables, and custom system properties
- Tomcat: ports (e.g., http https), keystores (e.g., files, passwords, types), java memory variables, and custom system properties
- Application Properties: Derby, Tasktop Hub, Liquibase, log4j, and keycloak host
To override default values through a properties file, you must provide the tasktop-hub.properties
file in a directory that Hub can scan and read.
This can be done two ways, you can:
- Rename the file
tasktop-hub.properties.default
totasktop-hub.properties
. - For Windows, this file can be found in the App Data Directory
- For Linux, this file can be found in the root level of the .tar.gz package
- Note: For Linux users, we recommend creating an environment variable named
TASKTOP_HOME
with its value pointing to an exclusive directory where thetasktop-hub.properties
file will be placed.
- Note: For Linux users, we recommend creating an environment variable named
- Provide values to properties that need to be overridden.
- For example, if you'd like to change the Tomcat https port to port 9443, uncomment the property from
#server.port=8443
toserver.port=9443
Good to Know:
- Only properties/lines uncommented within the
<AppDataDirectory>/tasktop-hub.properties
file will be applied, otherwise Tasktop Hub will assume default values for commented properties. - Only properties at
<AppDataDirectory>/tasktop-hub.properties
file will be used; the file<AppDataDirectory>/tasktop-hub.properties.default
is just a template and will not work in Tasktop Hub.
Upgrading
Windows
The tasktop-hub.properties
file will not be replaced or deleted during the installation/upgrade process. For this reason, newer versions of Hub can retain settings automatically after upgrading.
Linux
Because the properties file is placed in the $TASKTOP_HOME
directory, newer versions of Hub will automatically apply all configurations.
If the properties file is not placed in the $TASKTOP_HOME
directory, it is necessary to copy the properties file from the old installation directory to the new installation directory.
Properties
The tasktop-hub.properties
file contains three main blocks:
- Jboss/Keycloak Properties
- Tomcat Properties
- Tasktop Hub Properties
Jboss/Keycloak Properties
The properties listed in the table below are used only if Tasktop Hub is using Keycloak as an Authentication Provider. When provided, the properties file will be passed as an argument of standalone.sh/standalone.bat
(e.g., standalone.sh|bat --properties=<path>/tasktop-hub.properties
), which means that the file will override Jboss variables.
Property | Purpose | Notes |
---|---|---|
| Use this property to provide a value for the tag | |
| Use this property to provide a value for the tag | |
| Use this property to provide a value for the tag | |
| Use this property to provide a value for the tag | If this property is provided, the script |
| Use this property to provide a value for the tag | |
| Use this property to provide a value for the tag | |
| Use this property to provide a value for the tag | |
| Use this property to provide a value for the tag | |
| Use this property if you want to place the keycloak database in a custom directory. | This is the same directory where keycloak database lives. For both Windows and Linux, the directory separator needs to be '/'. |
| Use this property to change memory settings. | |
| Use this property to load custom system properties. For example: |
Tomcat Properties
The properties listed in the table below are used to override some properties from Tomcat.
Property | Purpose | Notes |
---|---|---|
| Use this property to provide a value for the attribute port in the tag | After changing the port, if Keycloak is being used, you will need to go into the User Administration Console and adjust the client to the new port. |
| Use this property to provide a value for the attribute redirectPort in the tag | |
| Use this property to provide a value for the attribute port in the tag | |
| Use this property to provide a value for the attribute connectionTimeout in the tag | |
| Use this property to provide a value for the attribute keystoreFile in the tag | This property is shared with Jboss/Keycloak. The
...
... |
| Use this property to provide a value for the attribute | This property is shared with Jboss/Keycloak. The <spi name="truststore"> ... <property name="password" value="${server.ssl.key-store-password:changeit}"/> ... |
| Use this property to provide a value for the attribute | |
| Use this property to provide a value for the attribute | |
| Use this property to change memory settings. | For Windows: Initial memory pool size (-Xms) and maximum memory pool size (-Xmx) needs to be in MB. That means that the value needs to be suffixed with 'M'. Values suffixed with 'G' will cause an error at the start of Hub. For Linux: Values can be specified in MB or GB. Both suffixes 'M' and 'G' work. |
| Use this property to provide a custom path for | |
| Use this property to provide a custom path for - | |
| Use this property to provide a custom path for | |
| Use this property to provide a custom path for Tomcat’s | |
| Use this property to provide | |
| Use this property to load custom system properties such as:
|
Tasktop Hub Properties
The properties listed in the table below are used to override some Tasktop Hub values.
Property | Purpose | Notes |
---|---|---|
derby.storage.pageCacheSize | Use this property to change the data page cache in the database. | Reference: https://db.apache.org/derby/docs/10.14/ref/rrefproper81359.html |
derby.system.home=/path/to/db | Use this property to provide a custom path to the Derby database directory. | Providing the Derby database directory is useful for Linux environments when upgrading, as you do not need to copy files from the old installation directory to the new installation directory. |
hub.database.configuration.directory=/path/to/db | Use this property to provide a custom path to the Derby database. | |
liquibase.ignoreRecycleBinWarning=true | Use this property to whether or not suppress liquibase warnings. | |
log4j.configuration=file:/path/to/log4j2.xml | Use this property to provide a custom path to the log4j2.xml file. | |
log4j.configuration.verbose=file:/path/to/log4j2-troubleshooting.xml | Use this property to provide a custom path to the log4j2-troubleshooting.xml file. | |
hub.security.cors.exclusionPaths | Use this property to provide a list of paths that will be excluded from the CORS verification. For example: /first-path,/second-path | Prior to version 21.1, this property was configured in /tasktop/container/webapps/root/WEB-INF/web.xml |
Good to Know:
- Linux:
It is possible to use environment variables to compound a specific value. As an example, it is possible to use $CATALINA_BASE to compound a path.
hub.database.configuration.directory=$CATALINA_BASE/../../directory log4j.configuration.verbose=file:$CATALINA_BASE/../../log4j2-troubleshooting.xml
- Windows:
- It is not possible to use environment variables to compound values. Properties related to paths must be configured using an absolute path.
- Properties must be modified in the
tasktop-hub.properties
file as this file has more priority than properties modified inManage Tasktop > Java > Java Options | Initial memory pool | Maximum memory pool
.
Upgrading from a Version Earlier than 20.4
If you have made manual changes to Tomcat and/or Jboss files, you have two options upon upgrading to 20.4:
Option One: You can apply all configurations that have been applied manually to server.xml, standalone.xml
, standalone.conf,
standalone.conf.bat
, setenv.sh
, and Manage Tasktop -> Java -> Java Options
to the tasktop-hub.properties
file .
During an upgrade, it is not necessary to override the server.xml
file from the old version to the new installation directory. This can be done by simply providing the tasktop-hub.properties
file in a directory that Tasktop Hub is able to read and ensuring that there is an uncommented line as shown below:
... server.port=9443 ...
Other properties can be configured the same way as shown in the example above.
Option Two: You can copy all configuration files from Tomcat and/or Jboss that were previously modified and override them in the new version directories.
Default File Locations
Default File Locations on Windows
When Tasktop Integration Hub is installed on Windows using the MSI installer, the program files (i.e. the executable files and binaries) are located in C:\Program Files\Tasktop
, and the configuration files and logs are located in C:\ProgramData\Tasktop
(ProgramData may be a hidden folder, so you will need to change your Windows Explorer settings to show hidden files and folders to find it).
Note: If you change the location of the ProgramData directory to an alternate location, do not include spaces in the name of the new directory. If the directory has spaces in its name, Tasktop's UI will not be accessible.
Default File Locations on Linux
When Tasktop Integration Hub is installed on Linux, the program files (i.e. the executable files and binaries), configuration files, and logs are all located in the installation directory where you extracted the distribution archive.
You must choose a location with no spaces in its path.Otherwise, Tasktop's UI will not be accessible.
Repository Preparations
Preparing Your Repositories
In Tasktop, the term, 'repository,' is used to refer to the external tools Tasktop connects to, such as Atlassian Jira, ServiceNow, or BMC Remedy.
Before connecting Tasktop Integration Hub to your external repositories, you will need to perform some simple preparation on each repository you will be integrating. This preparation includes creating a user account for Tasktop Integration Hub with the appropriate permissions. Please refer to our Connector Docs for detailed instructions for each repository.
Firewalls and Proxies
If Tasktop is installed behind a firewall, you may need to connect to external repositories (e.g. hosted or cloud ALM tools) through a proxy. To create a connection to such external repositories in Tasktop, you can make Tasktop connect through your proxy by configuring the proxy settings when creating a new repository connection. It is recommended to create login credentials specifically for Tasktop on the proxy server.
Note that the Proxy Location must be a URL in order for the proxy connection to work. If a .pac script is used in your browser, you will need to open the script and find the URL/port to enter in the Location field.
To use a proxy server, check the 'user proxy server' box and fill in your proxy details in the 'Proxy Server' section on the New Repository Screen: