Installing Zico Collector

Zorka Central is a collector application that collects and presents trace data from agents. Note that Zico is not intended to be a full fledged monitoring system - it only collects and presents application performance data.

In order to install ZICO collector:

  • unpack zico binary distribution some directory, eg. /opt/zico;

  • check and fix JAVA_HOME variable in zico.conf file; note that JDK7 is required for Zico to run correctly;

  • start collector using zico.sh script;

  • access Central UI: http://localhost:8642/;

  • (optionally) configure apache proxy for SSL;

Initial login is admin and initial password is zico.

Proxying collector UI over Apache

Collector serves plain text HTTP port that can be easily proxied using mod_proxy. For example:

ProxyPass /zico/ http://127.0.0.1:8642/ retry=5
ProxyPassReverse /zico/ http://127.0.0.1:8642/

Administrator should not alter cache control HTTP headers as they’re generated by application itself.

Zico configuration options

  • zico.data.dir = ${zico.home.dir}/data - directory where datafiles are stored (trace data etc.);

  • zico.listen.addr = 0.0.0.0 - listen address for agent-collector protocol;

  • zico.listen.port = 8640 - listen port for agent-collector (8640 = 0x21C0 which stands for ‘ZICO’);

  • zico.socket.timeout = 120000000 - socket timeout for ZICO protocol connections; connections will be torn down if inactive for longer than this;

  • zico.security = no - enables or disables secure mode for collector; if secure mode is enabled, agents have to authenticate themselves when connecting and collector will ensure that each agent can connect only from one specific IP address (configured via collector UI);

  • zico.http.addr = 0.0.0.0 - listen address for collector UI (HTTP);

  • zico.http.port = 8642 - listen port for collector UI;

Authentication settings

There are several authentication modes for ZICO collector:

  • auth = anonymous - disables authentication (anonymous access) - this is useful for resetting passwords etc.

  • auth = form - login/password authentication with local user database; this is default setting;

  • auth = cas - SSO authentication with CAS;

  • auth = jaas - LDAP (JAAS) authentication;

For CAS authentication the following properties need to be set:

  • auth.cas.url = https://my.sso.server/cas - CAS service URL;

  • auth.zico.url = http://zico.server:8642 - ZICO collector URL (as visible by end users);

Note that if your CAS server used self-signed certificate or certificate from local CA then it needs to be installed in local JVM certificate store (ie. JRE_HOME/lib/security/cacerts).

For JAAS+LDAP authentication login.conf file needs to be modified and the following options can be changed:

  • auth.jaas.module = zico - JAAS module name used in ZICO login process;

  • auth.jaas.group = ZicoUsers - LDAP group that will be allowed to log into ZICO collector;

Note that for both CAS and LDAP local users still need to be defined. For non-admin accounts administrator needs to select monitored VMs that will be visible.