Setting up Pega Cosmos React UI on Pega Personal Edition 8.6

Well ever since Pega 8.6 came out I have been inkling to try out the Cosmos React UI . There were probably 2 main options which came to my mind

1. Use the cloud instances from Pega Academy
2. Set up “Cosmos React UI” to work in Pega Personal Edition

Option 1 was probably the easy way out , but there’s nothing like a little bit of tinkering in personal edition to truly understand what’s going on under the hood . So in this discussion i’ll describe what I did to get this working and hopefully it helps someone else .

So first things first the prerequisites

1. Install Pega Personal Edition the usual way nothing fancy , jsut check that it’s working and shut it down

2. Install Docker. If you use windows then you could use Docker Desktop, follow the article Install Docker Desktop on Windows | Docker Documentation, it’s really easy. Just make sure you follow all the steps specifically the one regarding WSL 2 feature on Windows.

3. Download an install Open SSL (will be used for working with SSL Certs)

4. Check that docker is working fine , I just used a the following command in powershell / command prompt and then navigate to localhost:8011

    docker run -d -p 8011:80 docker/getting-started
   

5. Stop the Container

    docker ps
   
   -- copy the container ID from the output
   
   docker stop <container ID>
   

6. Request pega platform image access key. This can generally be raised from Digital Delivery | Pega . and you’d receive a email with the access key. Some people may run into issues with this step since access to the key is based on the license agreement your organization has with Pega. If you do run into issues getting the key then talk to your organization’s Pega Account Executive.

Now to Setup

1. Generate a SSL certificate , I used a self signed cert since this is just for personal use , the following command can be used from Powershell

   keytool -genkey -keyalg RSA -noprompt -alias tomcat -dname "CN=localhost, OU=NA, O=NA, L=NA, S=NA, C=NA" -keystore C:\certs\pegalocalkeystore.jks -validity 9999 -storepass changeme -keypass changeme
   

2. Then generate the .cert and .key file , run the following form Powershell

   keytool -importkeystore -srckeystore C:\certs\pegalocalkeystore.jks -destkeystore C:\certs\pegalocalkeystore.p12 -deststoretype PKCS12
   
   - Run the following commands from the folder where Open SSL is installed and use the appropriate folder in place of C:\certs\ 
   
   .\openssl pkcs12 -in C:\certs\pegalocalkeystore.p12 -nokeys -out C:\certs\pegalocal.crt
   
   .\openssl pkcs12 -in C:\certs\pegalocalkeystore.p12 -nocerts -nodes -out C:\certs\pegalocal.key
   

3. Install Constellation engine by following Installing Constellation by using Docker | Pega , here’s the command I ran in Powershell

   docker login pega-docker.downloads.pega.com/constellationui/service:8.6.0-rc-latest
   
   -- Enter the user name and key received in the email (prerequisite step 6) if prompted
   
   docker run -p 3443:3443 -v C:\certs:/host_folder --name constellation-service pega-docker.downloads.pega.com/constellationui/service:8.6.0-rc-latest port=3443 urlPath=/constellation httpsKey=pegalocal.key httpsCert=pegalocal.crt logLevel=info
   
   

4. Enable SSL for Tomcat used by Pega Personal Edition by updating the server.xml file , I just used the nio implementation , snippet below.

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                  maxThreads="150" SSLEnabled="true">
           <SSLHostConfig>
               <Certificate certificateKeystoreFile="C:/certs/pegalocalkeystore.jks" 
   						 certificateKeystorePassword="changeme" 
                            type="RSA" />
           </SSLHostConfig>
       </Connector>
   

5. Import the certificate file C:\Certs\pegalocal.crt in JRE keystore (cacerts) used by Tomcat (look in \jre1.8.XXXX\lib\security)

   keytool -import -alias tomcat -keystore cacerts -file C:\certs\pegalocal.crt
   

6. Start Personal Edition and set the DSS ConstellationSvcURL to https://localhost:3443/constellation

And that’s it , all set to create the first Pega Cosmos React app.

@DUTTAK01 . Thank you for the detailed steps:

I am using Client Cloud . I followed this pdn article : Pegasystems Documentation , but still unable to connect to constellation. Attached the screenshot for your reference.

I added the https://:/prweb/constellation to DSS : pega-uiengine!constellationsvcURL

Can you please let me know what I am missing.

Capture.PNG1906×967 97.3 KB

@VaishnavyT3609 There’s a few things that you should probably check

• The connectivity between the constellation service / ui service (the one which is a node js server) and the pega server (one which runs on tomcat or a similar web container) eg. check the firewall rules. A 404 is generally caused by connectivity problems . Make sure you follow Installing Constellation by using Docker | Pega
• If you are sure there’s no connectivity related issues the next thing to check would certificate issues , make sure that there are no SSL errors
• Finally make sure that the app you create in pega is created after any issues with the previous 2 points are solved and the constellationsvcURL is set

@DUTTAK01 How do we do step 5 of importing the certificate file into the tomcat truststore? Is it done through the keytool? If so, can you please provide the command?

@KAUSTAV.DUTTA

Unfortunately, following your instructions, I’m getting in the stack trace:

“Invalid keystore format”

when star Pega (which means on startup of tomcat).

Any ideas on how to solve it?

PS: I’m on Pega v8.7

@KAUSTAV.DUTTA Stuck at step number 3. Any help would be much appreciated

Error: while performing step number after the authentication received the following error

1645056869510 cli-rest.initialise()
1645056869510 action=start
1645056869516 cli-servicestart.start(dist, 3443, /constellation, httpsKey=/host_folder/pegalocal.key, httpsCert=/host_folder/pegalocal.crt, ccf=null, nginx=null, storageServiceAssets=[object Object])
1645056869516 httpmain.cllnInitialise(dist, /constellation, null, [object Object], false, false, null)
1645056869566 storage-interaction.initialiseStorageServiceAndGUID()
1645056869567 storage-interaction.pingStorage()
1645056869568 storage service endpoint not initialised : null, null, [object Object] .
1645056869595 httpmain.routeHandler(/constellation)
1645056869618 storage-interaction: initialiseStorageServiceAndGUID : ping failed to service : Args = [object Object]
ConstellationUI service (HTTPS): listening on port 3443, static root=/usr/src/app/dist, url path=/constellation, nginx=null, loglevel=2

1645056869618 httpmain.cllnInitialise() - storage service not available for use

@DilipKumarN when you talk about being stuck on step 3 ru talking about - the step for Installation of Constellation engine?

If so then by the looks of the error message it seems to be a issue with the docker container accessing the storage service. if so then make sure that WSL 2 is properly installed and has the necessary permissions (the one detailed in Install Docker Desktop on Windows | Docker Documentation).

@KAUSTAV.DUTTA

What is the use of 4th step here? Could you please explain? Will it be applicable if we already have the certificates?

Hi @RahulBilove ,

Could you, please, try the following link to log in?

https://localhost:8443/prweb

@Penchalareddy

Please refer to the below link:

https://www.ibm.com/docs/en/tnpm/1.4.2?topic=security-import-certificate-jre-keystore

@vaspoz Have you imported the ceritficate into JRE used by Tomcat?

keytool -importcert -file c:\certs\pegalocal.crt -keystore keystore.jks -alias “pegalocal”

@vaspoz

found the problem:

I used keytool from my personal JDK v17. Don’t do that use keytool from JDK8

@KAUSTAV.DUTTA

I have similar issue:

1645115095929  storage-interaction: initialiseStorageServiceAndGUID : ping failed to service : Args = [object Object]
ConstellationUI service (HTTPS): listening on port 3443, static root=/usr/src/app/dist, url path=/constellation, nginx=null, loglevel=1

1645115095929 httpmain.cllnInitialise() - storage service not available for use

Checked the WSL version, it’s all 2:

WSL version.png626×162 4.5 KB

@vaspoz

Hi, This is just a log statement for our understanding(“storage service not available for use”), it doesn’t have any impact on docker-based static service running. And your constellation service is up and running on 3443 port.

@CHRISTIN that’s really good to hear!

Would you also be able to post that solution in your post here and mark that as ‘Accept Solution’ ?

Thanks again!

@DilipKumarN

I am also getting the same error, Is your issue resolved?

@KAUSTAV.DUTTA We have made all the configurations for 8.7 on our local desktop, however, we are still not able to connect to the constellation server. We have configured DSS ConstellationSvcURL to https://localhost:3443/constellation as well.

Do we need to have any other DSS configured for 8.7 or is the above DSS setting still valid for 8.7?

8.7_Constellation.JPG1284×676 21.9 KB

@dhang

I imported it into cacerts from PRPCPersonalEdition/jre1.8.0_121/lib/security/ folder as stated in point 5.

don’t see there keystore.jks =\

@parmn

ok, I thought that so it’s not an error statement.

I noticed however that it looks not possible to connect pega v8.7 with above mentioned docker image (pega-docker.downloads.pega.com/constellationui/service:8.6.0-rc-latest).

Do you have already an image for v8.7?

@vaspoz

We should be having service:8.7.0-ga-latest docker image also, and that image is compatible with 8.7.0 infinity release.