...
The following procedure is provided to guide EAM administrators in the installation of the solution. Please Carefully review carefully the pre-requisites section before starting with the procedure itself.
Info |
---|
The inventory file provided by default with the EAM installation package (also available in the example files section) is intended to be used in AIO (All-In-One)-type of deployments -i.e., . This means all components running in run on a single server and communications communicate using HOSTS file. If you have specific requirements for your deployment scenario -e.g., full high-availability-, please refer to the Generic deployment guidelines section for specific instructions to address your needs. |
Prerequisites
Make sure all these prerequisites are met . Otherwise, or else the installation procedure will fail:.
Ensure the host can connect to public URLs on the Internet.
Ensure you can access through SSH the host using its main service IP address. It should be also possible to open an SSH connection from the same host using that IP address.
Ensure that the user has sudo privileges set without entering the password.
Download the Devo domain certs:
Connect to your Devo domain web interface.
Access to Administration → Credentials in the left pane.
Image RemovedSelect X.509 certificates in the upper menu
Select your certificate, download them and rename them as:
Click on CHAIN CA in the upper right corner ->chain.crt
Click on certificate on the certificate row -> domain.crt
Click on private key on the certificate row -> domain.key
Image Removed
Copy the files to $HOME/devo-ea-deployer/domain-certs
Info |
---|
Some images of Amazon Linux 2 come with python3 pre-installed. If python3 is installed, it can be uninstalled as described here. |
Installation procedure
Note |
---|
All ansible /python commands must be run within the virtual environment. Also ensure that deam_packs associated with the deployment_inventory.yaml file used during deployment are enabled. |
...
Expand |
---|
title | Requirements installation |
---|
|
Download the package to your $HOME folder and extract it: Code Block |
---|
tar -xzvf devo-ea-deployer-1. |
3 1.Change the working directory to the path where the installation package was extracted: Code Block |
---|
cd $HOME/devo-ea-deployer |
Run the preparation script: Code Block |
---|
curl -L -u dea-repo:Th3R3p0! https://d2ur64jmn3k7yt.cloudfront.net/gtls/getansible-venv.sh | /bin/bash |
Activate the virtual environment with the command displayed at the end of the execution of the previous command. Typically it will be something like: Code Block |
---|
source "/opt/ansible-2.9/venv/bin/activate" |
Install the Ansible playbooks' dependencies: Code Block |
---|
ansible-galaxy install -r playbooks/roles/requirements.yaml |
|
Expand |
---|
|
The inventory is the base of the deployment process and will define the topology of the deployment. For more information on the ansible inventory, check this article. The inventory file can be created using the inventory creation wizard or using the example files provided with the packages and editing them manually. Remember to have the virtual environment activated (step 4 in “Requirements Installation”). Inventory creation (using wizard)Execute the inventory creation wizard specifying the inventory output file. The wizard will create the inventory file based on your inputs to a series of questions. To get more info, check this article. Code Block |
---|
python tools/cookiecutinvt.py -o inventories/deployment_inventory.yaml |
For security reasons, we strongly recommend that you change the default password of root user for MySQL service. It is only needed when the MySQL service is deployed in a docker container. To configure the password for the MySQL root user, edit the inventory file inventories/deployment_inventory.yaml Code Block |
---|
vim inventories/deployment_inventory.yaml |
and add deam_mysql_root_password variable with a strong password in its value. Code Block |
---|
all:
vars:
deam_mysql_root_password: <<ROOT PASSWORD HERE>> |
Replace <<ROOT PASSWORD HERE>> by the password value of your choice.
Info |
---|
Bear in mind that indentation is very important in yaml files. |
Inventory creation (using example file)Copy the example inventories/1host-example.yaml and save it as inventories/deployment_inventory.yaml Edit the file based in the particular requirements of the installation. Refer to this article to create a proper inventory for your environment in a production deployment. Minimal configuration for a standard lab and PoC deployment in a single server is depicted in steps 7 and 8. Set the following properties under all.hosts.devo-ea-manager yaml section: ansible_host : Devo Endpoint Agent Manager IP.
ansible_user : User that will run Devo EAM. Same as the user that has been configured previously in sudoers
ansible_ssh_password: User SSH Password that runs Devo EAM User (ansible_user)
Enable the packs that you want to deploy, for more info check this article. If you want to use a private key instead of user and password, please check this article.
Set the property ansible_python_interpreter according to your python interpreter: For Red Hat 7
/ Centos 7: /usr/bin/python For other distros: /usr/bin/python3
Set the following properties under all.vars yaml section: elb.relay.logtrust.netdevo.io:443
If your domain is deployed in the EU Cloud (eu.devo.com): tcp://eu.elb.relay.logtrust.net:443 If your domain is deployed in a different cloud, contact your Devo representative to know your
entrypoint
|
Expand |
---|
title | Inventory verification |
---|
|
Run the Deployment Inventory Checker Script and check that no errors or relevant warnings are showing by running: Code Block |
---|
python tools/checkinvt.py -i inventories/deployment_inventory.yaml |
Deployment Inventory Checker Script will run validations on the inventory and report back if an issue is found. For more info on the Deployment Inventory Checker Script, see this article. Run the pre-requisites playbook to ensure that all external connectivity and requirements are in place. The playbook will output a summary with all the URLs connectivity that has been checked. If there is any error there, please fix it before moving ahead with the deployment. Deployment playbook will verify again these requirements and stop if they are not satisfied. Code Block |
---|
ansible-playbook -i inventories/deployment_inventory.yaml playbooks/dea-pre-checks.yaml |
|
Expand |
---|
|
Run Ansible playbook: Code Block |
---|
ansible-playbook -i inventories/deployment_inventory.yaml playbooks/devo-endpoint-agent.yaml |
Now you can connect to the server app using https://DEAM_IP:8080, where DEAM_IP is the Devo Endpoint Agent Manager IP. E-mail and password were configured in your inventory file. Note that from EA 1.3 onwards, login into logging in to the platform is done using e-mail instead of username. (More info) Upon agent installation, all monitored endpoints (please refer to Endpoint Agent Deployment) should be automatically detected and listed as an active host. If the website was already opened before adding the host, a page refresh is required. This is an example screenshot: |
...
Services verification
Use the following commands to verify the status of all the services exposed by the EA Manager:
...