Table of Contents | ||||
---|---|---|---|---|
|
...
The following procedure is provided to guide UAM administrators in the installation of the solution on Ubuntu 18-based hosts. Please review carefully the prerequisites section before starting with the procedure itself.
Info |
---|
The inventory file provided by default with the UAM installation package, also available in the example files section, is intended to be used in AIO (All In One)-type of deployments (all components running in a single server and communications using HOSTS file). If you have specific requirements for your deployment scenario—full high-availability, for example—please refer to the generic deployment guidelines section for specific instructions to address your needs. |
Prerequisites
Make sure all these prerequisites are met. Otherwise, the installation procedure will fail:
- Ensure the host can connect to public URLs on the Internet.Ensure that the user that will run Ansible command can run
sudo
command without prompt. - Run the following line in an SSH session where you did not previously run any sudo command:
Code Block |
---|
sudo ls |
- If the previous command still asks for password, you can use the next command to avoid it:
...
- Ensure you can access the host through SSH by using its main service IP address. It should also be also possible to open an SSH connection from the same host using that IP address.
- Download the Devo UAM software, copy it to your home folder and extract it using:
Code Block |
---|
cd $HOME
tar -zxvf devo-ua-deployer.tgz |
- Download the Devo domain certs:
- Connect to your Devo domain web interface.
- Access to Administration -> Credentials in the left pane.
- Select X.509 certificates in the upper menu.
- Select your certificate, download them and rename them as:
- Click on CHAIN CA in the upper right corner ->
chain.crt.
- Click on certificate on the certificate row ->
domain.crt.
- Click on private key on the certificate row ->
domain.key.
- Click on CHAIN CA in the upper right corner ->
- Copy the files to
$HOME/devo-ua-deployer/domain-certs.
Installation on Ubuntu 18
Check that user configured can run sudo
command without prompt.
Run the following line in an SSH session where you did not previously run any sudo command:
Code Block |
---|
sudo ls |
If the previous command still asks for password, you can use the next command to avoid it:
Code Block |
---|
sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers " |
- Ensure python3 is installed.
Check if python3 is installed with following command:
Code Block |
---|
python3 --version |
If the previous command return errors, you can install python3 with next command:
Code Block |
---|
sudo apt-get install python3 |
Install Ansible from official repository:
Code Block |
---|
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible |
Change the working directory to the path where the installation package was extracted:
Code Block |
---|
cd $HOME/devo-ua-deployer |
Install the Ansible playbooks' dependencies:
Code Block |
---|
ansible-galaxy install -r playbooks/roles/requirements.yaml |
...
Edit the inventories/py3-1host-example.yaml
file.
Set the following properties under all.hosts.devo-ua-manager
yaml section:
ansible_host
: Devo Universal Agent Manager IP. Agents and web interface will use this IP.ansible_user
: User that will run Devo UAM. The same user as the one that has been configured previously in sudoers.ansible_password
: Password.
And the following properties under all.vars
yaml section:
duam_relay_entrypoint : tcp://FQDN_CENTRAL_RELAY:443
. WhereFQDN_CENTRAL_RELAY
is the FQDN of your central Devo relay. To know which entrypoint corresponds to the used domain, follow the next steps (to send the data via a Devo Relay instead of sending it directly to Devo see the appendix below):Access Devo Web Interface with your credentials.
Go to Administration -> Relays in the left pane.
Copy the field Address of the central relay.
Create docker/user/config.json file with valid empty JSON body:
Code Block |
---|
echo '{}' > docker/user/config.json |
Run Ansible playbook:
Code Block |
---|
ansible-playbook -i inventories/py3-1host-example.yaml playbooks/devo-universal-agent.yaml |
Now you can connect to server app using https://DUAM_IP:8080, where DUAM_IP
is the Devo Universal Agent Manager IP (default passwords are saved in duam_admin_passwd
property in inventory file).
The endpoints (please refer to Universal Agent Deployment) should be automatically detected and listed as an active host. If the website was already opened before adding the host, a page refresh is required.This is an example screenshot:
UA Manager services:
To check the status port 8080:
Code Block |
---|
systemctl status devo-ua-manager |
To check the status port 8081:
Code Block |
---|
systemctl status nginx |
Send data to a relay instead of Devo
When configuring the parameter duam_relay_entrypoint
in the inventory file, input the IP and port of the desired relay (in the below example, the relay is located in 192.168.43.147 and uses the port 13000).
Add the parameters with blank value as in the snippet below:
Code Block |
---|
all:
vars:
...
duam_relay_entrypoint: tcp://192.168.43.147:13000
duam_devo_key: ""
duam_devo_cert: ""
duam_devo_chain: ""
...
|
Table of Contents | ||||
---|---|---|---|---|
|
Prerequisites for installation on Ubuntu18
- Ensure the host can connect to public URLs on the Internet.
- Ensure that the user that will run Ansible command can run
sudo
command without prompt. - Run the following line in an SSH session where you did not previously run any sudo command:
Code Block |
---|
sudo ls |
- If the previous command still asks for password, you can use the next command to avoid it:
Code Block |
---|
sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers " |
- Ensure you can access the host through SSH using its main service IP address. It should be also possible to open an SSH connection from the same host using that IP address.
- If your deployment scenario includes using existing databases, make sure that the Devo UA Manager has connectivity to MySQL and Redis ports.
Download the Devo UAM software, copy it to your home folder and extract it using:
Code Block |
---|
cd $HOME tar -zxvf devo-ua-deployer.tgz |
- Download the your Devo domain certscertificates:
1. Connect to your Devo domain web interface
2. Access to Administration -> Credentials in the left pane.
3. Select X.509 certificates in the upper menu
4. Select your certificate, download them and rename them as:
5. Click on CHAIN CA in the upper right corner ->→chain.crt
6. Click on certificate on the certificate row ->domain.crt
7. Click on private key on the certificate row ->domain.key
.
8. Copy the files to$HOME/devo-ua-deployer/domain-certs.
Installation
...
procedure
1. Check that user configured can run sudo
command without prompt.
...
Run the following line in an SSH session where you did not previously run any sudo command:
Code Block |
---|
sudo ls |
If the previous command still asks for a password, you can use the next command to avoid it:
Code Block |
---|
sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers " |
2. Check python3 is installed with following command:
Code Block |
---|
python3 --version |
If the previous command return errors, you can install python3 with next command:
Code Block |
---|
sudo apt-get install python3 |
3. Install Ansible from official
...
repository:
Code Block |
---|
sudo apt-add-repository ppa:ansible/ansible |
...
sudo apt update |
...
sudo apt install ansible |
4. Change the working directory to the path where the installation package was extracted:
Code Block |
---|
cd $HOME/devo-ua-deployer |
5. Install the Ansible playbooks' dependencies:
Code Block |
---|
ansible-galaxy install -r playbooks/roles/requirements.yaml |
6. Edit the
...
inventories/py3-1host-example.yaml
...
file based the particular requirements of the installation. Refer to the generic deployment guidelines for additional information. If no additional requirements are needed, edit the file by following the next step.
7. Set the following properties under
...
all.hosts.devo-ua-manager
...
yaml section:
ansible_host
:
...
- Devo Universal Agent Manager IP.
...
ansible_user
:
...
- User that will run Devo UAM.
...
- Same as the
...
- user that has been configured previously in sudoers.
ansible_password
:
...
- Password
- If you want to use a private key instead of user and password please check the generic deployment guidelines section.
8. Set the following properties under
...
all.vars
...
yaml
section:
duam_relay_entrypoint
:
...
tcp://FQDN_CENTRAL_RELAY:443
. Where
...
FQDN_CENTRAL_RELAY
...
is the
...
FQDN of your central Devo relay :
- If your domain is deployed in the US Cloud (us.devo.com): t
cp://us.elb.relay
...
.logtrust.net:443
- If your domain is deployed in the EU Cloud (eu.devo.com):
tcp://eu.elb.relay.logtrust.net:443
- If your domain is deployed in a different cloud, contact your Devo representative to know your entry point.
- To send the data via a Devo Relay instead of sending it directly to Devo
...
Access Devo Web Interface with your credentials.
Go to Administration -> Relays in the left pane.
Copy the field Address of the central relay.
- check here to find out more.
9. Create docker/user/config.json
file with valid empty JSON body:
Code Block |
---|
echo '{}' > docker/user/config.json |
10. Run the Ansible playbook:
Code Block |
---|
ansible-playbook -i inventories/ |
...
py3-1host-example.yaml playbooks/devo-universal-agent.yaml |
Now Once the installation process finishes, you can connect to server app using https://DUAM_IP:8080, where DUAM_IP
is the Devo Universal Agent Manager IP(default passwords are saved in duam_admin_passwd
property in inventory file).
The . User and password were configured in your inventory file.
Upon agent installation, all monitored endpoints (please refer to Universal Agent Deployment) should be automatically detected and listed as an active host. If the website was already opened before adding the host, a page refresh is required. This is an example screenshot:
Troubleshooting
Use the following commands to verify the status of all the services exposed by the UA Manager services:
To check the status port 8080:
Code Block |
---|
systemctl status devo-ua-manager |
To check the status port 8081:
Code Block |
---|
systemctl status nginx |
...
Send data to a relay instead of Devo
When configuring the parameter duam_relay_entrypoint
in the inventory file, input the IP and port of the desired relay (in the below example, the relay is located in 192.168.43.147 and uses the port 13000).
Add the parameters with blank value as in the snippet below:
Code Block |
---|
all:
vars:
...
duam_relay_entrypoint: tcp://192.168.43.147:13000
duam_devo_key: ""
duam_devo_cert: ""
duam_devo_chain: ""
...
|