Installation package Installing Qt Insight Private Cloud

C

Configuring Terraform

Configuring Qt Insight Private Cloud

The Qt Insight installation uses Terraform to deploy resources to AWS. The installation is done using the command line.

To configure Qt Insight Private Cloud, create a Terraform configuration file by creating a copy of the sample.tvfars file in the infra/env directory of the extracted install package.
The sample variable file lists the available configuration options and deployment descriptions.
Replace the values marked as <placeholder> with your own. See Configuration options for description of each available option.

Configuration options

The following configuration options are available for Qt Private Cloud Terraform deployment. The installation package contains a sample.tfvars file that can be used as a starting point for the configuration.

Name	Description	Type	Default	Required
^{admin_accounts}	Admin accounts for Qt Insight. Refers to the accounts in the OAuth server.	list (string)	n/a	yes
^{amazon_linux_2_ami_id}	AWS AMI ID to use for the EC2 instances. Used for the Snowplow modules. The AMI ID must be based on Amazon Linux 2 (the latest community version is used by default).	string	""	no
^app_dns_name	The domain name used for the Qt Insight dashboard application. Example: app_dns_name = "app.insight.example.com"	string	n/a	yes
^{backup_region}	The AWS region used for cross-region data backup. Must be provided if `enable_cross_region_backup` is true. For more information, see AWS Documentation - Regions and Zones.	string	""	no
^{certificate_arn}	ACM certificate to use for the Qt Insight dashboard transport layer security (TLS) endpoint. The certificate must have a value of `<app_dns_name>` variable as Common Name (CN) or Subject Alternative Name (SAN). The certificate can be imported into ACM from an external certificate authority or it can be requested from ACM directly. Note: One certificate can be used for both collection and application. In this case, both subdomains must be in the certificate CN or SAN fields.	string	n/a	yes
^{collect_certificate_arn}	ACM certificate to use for the collector TLS endpoint. The certificate must have a value of `<collect_dns_name>` variable as CN or SAN. The certificate can be imported into ACM from an external certificate authority or it can be requested from ACM directly. Note: One certificate can be used for both collection and application. In this case, both subdomains must be in the certificate CN or SAN fields.	string	n/a	yes
^{collect_dns_name}	The domain name used for the Qt Insight event collection endpoint. Example: collect_dns_name = "collect.insight.example.com"	string	n/a	yes
^{collector_instance_type}	EC2 instance type for the collector instance.	string	t3.medium	no
^{config_cache_ttl}	Time interval - in seconds (s), minutes (m) or hours (h) - to cache the application's remote configuration. The remote configuration is stored in in-memory cache to reduce the database load.	string	5m	no
^{dashboard_rds_snapshot_id}	Relational Database Service (RDS) snapshot ID used for restoring the Qt Insight database. If the ID is changed, RDS creates a new database from the snapshot. Note: Change this value only if you intend to restore the database from a snapshot.	string	""	no
^{data_bucket_name}	Name of the S3 bucket to which the analytics data is stored. This data bucket is created during the installation phase. Note: The bucket name must be unique across the entire AWS.	string	n/a	yes
^{enable_cross_region_backup}	Enables backup replication to `backup_region`. Supports Redshift and RDS databases used by Qt Insight. Note: Makes Terraform 10-15 minutes slower, so when testing you may want to set this to false.	bool	false	no
^{enrich_instance_type}	EC2 instance type for an enriched instance.	string	t3.medium	no
^{export_bucket_name}	Name of the exported S3 bucket. Note: The bucket name must be unique across the entire AWS.	string	n/a	yes
^{iglu_instance_type}	EC2 instance type for an Iglu instance.	string	t3.medium	no
^{iglu_rds_snapshot_id}	RDS snapshot ID used for restoring the Iglu database. If the ID is changed, RDS creates a new database from the snapshot. Note: Change this value only if you intend to restore the database from a snapshot.	string	""	no
^{is_user_pseudonymized}	Toggle if `domain_user` field is anonymized within the enrichment pipeline.	bool	true	no
^{lb_access_logs_enabled}	Determines whether to store the load balancer access logs. Note: If this option is enabled, the `logs_bucket_id` must be set.	bool	false	no
^{loader_instance_type}	EC2 instance type for a loader instance.	string	t3.medium	no
^{log_retention_days}	Defines the number of days to retain the logs.	number	30	yes
^{logs_bucket_id}	S3 bucket ID used for accessing the bucket logs. Also used for storing the load balancer logs if `lb_access_logs_enabled` is true. Note: Must be provided if `lb_access_logs_enabled` is true. The bucket name must be unique across the entire AWS.	string	""	no
^{monitoring_enabled}	Enables the installation of the Cloudwatch dashboard to monitor Qt Insight.	bool	true	no
^{oauth_client_config}	Client configuration for the OAuth application. Required fields (get the values from your identity provider): client_id client_secret issuer Example: oauth_client_config = { client_id = "<client id>" client_secret = "<client secret>" issuer = "<issuer url>" }	map(string)	n/a	yes
^profile	AWS profile to use for Terraform. This must match the profile configured locally. For details, see `aws configure --profile`. Example (AWS): aws configure --profile insight-deploy-user Example (Qt Insight configuration) profile = "insight-deploy-user"	string	n/a	yes
^{redshift_cluster_size}	Defines the number of nodes to be created in the Redshift cluster.	number	1	yes
^{redshift_cluster_snapshot_id}	Redshift snapshot ID used for restoring the database. If the ID is changed, Redshift creates a new database from the snapshot. Note: Change this value only if you intend to restore the database from a snapshot.	string	n/a	yes
^{redshift_node_type}	Defines the type of the nodes to be created in the Redshift cluster. For details about the different node types, see AWS Documentation - Redshift. Example: redshift_node_type = "ra3.xlplus"	string	n/a	yes
^{redshift_snapshot_retention_days}	Defines the number of days to retain the automated snapshots of the Redshift cluster.	number	5	no
^region	Defines the AWS region the services are deployed in. For more information, see AWS Documentation - Regions and Zones	string	n/a	yes
^{root_dns_name}	Root domain name for Qt Insight. Dashboard application and collection endpoint are subdomains under root. Typically this will be a subdomain delegated from external DNS provider. Example: root_dns_name = "insight.example.com"	string	n/a	yes
^{root_route53_delegation_set_id}	Route 53 delegation set ID for the Qt Insight root subdomain. You can create the ID with the AWS command-line interface command `aws route53 create-reusable-delegation-set --caller-reference`, where the caller-reference can be any unique string (for example, a date/time stamp). Note: Copy the nameserver's value for DNS delegation. Example: root_route53_delegation_set_id = "N06238763TERTV123456"	string	n/a	yes
^{enable_application_telemetry}	Optional configuration to enable Sentry in the Qt Insight UI. If enabled, Sentry is used in the Qt Insight application to send feedback and crash reports to Sentry.io For more information, see `var.telemetry_dsn`.	bool	false	no
^{telemetry_dsn}	Sentry.io data source name. Used for associating Sentry events to correct organization. Note: This option is only used if `var.enable_application_telemetry` is true. If `var.enable_sentry_telemetry` is true and this is empty, the DSN of Qt's organization is used (telemetry is sent to Qt).	string	""	no
^{shredder_instance_type}	EC2 instance type for a shredder instance.	string	t3.medium	no
^{stream_retention_period}	The number of hours that the kinesis streams should retain the data.	number	48	yes
^subnets	List of IPv4 classless inter-domain routing (CIDR) ranges of each subnet in each availability zone used. Note: `AZ` must match the available availability zones in the chosen AWS region. Each `AZ` must have an isolated, private and public subnet. The CIDR ranges must be in the virtual private cloud (VPC) CIDR range and must not overlap with each other. Example: subnets = [ { az = "a" isolated_cidr = "10.150.1.0/24" public_cidr = "10.150.3.0/24" private_cidr = "10.150.5.0/24" }, { az = "b" isolated_cidr = "10.150.2.0/24" public_cidr = "10.150.4.0/24" private_cidr = "10.150.6.0/24" } ]	list(object)	n/a	yes
^{terraform_backend_bucket_name}	The name of the S3 bucket in which to store the Terraform state of the private-cloud deployment.	string	n/a	yes
^{token_cache_ttl}	Time interval - in seconds (s), minutes (m) or hours (h) - to cache the tokens of the incoming events. The data pipeline validates the token in each ingested event. This token status is stored in in-memory cache to reduce the database load.	string	1m	no
^vpc_cidr	The IPv4 CIDR range of the VPC. Example: vpc_cidr = "10.150.0.0/16"	string	n/a	yes

Installation package Installing Qt Insight Private Cloud

Available under certain Qt licenses.
Find out more.