Page Comparison

...

The following procedure is provided to guide UAM administrators in the installation of the solution on Ubuntu 18-based hosts. Please review carefully the prerequisites section before starting with the procedure itself.

Prerequisites

Make sure all these prerequisites are met. Otherwise, the installation procedure will fail:

• Ensure the host can connect to public URLs on the Internet.Ensure that the user that will run Ansible command can run sudo command without prompt.
• Run the following line in an SSH session where you did not previously run any sudo command:

sudo ls

• If the previous command still asks for password, you can use the next command to avoid it:

...

• Ensure you can access the host through SSH by using its main service IP address. It should also be also possible to open an SSH connection from the same host using that IP address.
• Download the Devo UAM software, copy it to your home folder and extract it using:

cd $HOME
tar -zxvf devo-ua-deployer.tgz

• Download the Devo domain certs:
• Connect to your Devo domain web interface.
• Access to Administration -> Credentials in the left pane.
  Image Removed
• Select X.509 certificates in the upper menu.
• Select your certificate, download them and rename them as:
  • Click on CHAIN CA in the upper right corner ->chain.crt.
  • Click on certificate on the certificate row -> domain.crt.
  • Click on private key on the certificate row -> domain.key.
    Image Removed
• Copy the files to $HOME/devo-ua-deployer/domain-certs.

Installation on Ubuntu 18

Check that user configured can run sudo command without prompt.

Run the following line in an SSH session where you did not previously run any sudo command:

sudo ls

If the previous command still asks for password, you can use the next command to avoid it:

sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers "

• Ensure python3 is installed.

Check if python3 is installed with following command:

python3 --version

If the previous command return errors, you can install python3 with next command:

sudo apt-get install python3

Install Ansible from official repository:

sudo apt-add-repository ppa:ansible/ansible 
sudo apt update 
sudo apt install ansible

Change the working directory to the path where the installation package was extracted:

cd $HOME/devo-ua-deployer

Install the Ansible playbooks' dependencies:

ansible-galaxy install -r playbooks/roles/requirements.yaml

...

Edit the inventories/py3-1host-example.yaml file.

Set the following properties under all.hosts.devo-ua-manager yaml section:

• ansible_host: Devo Universal Agent Manager IP. Agents and web interface will use this IP.

• ansible_user: User that will run Devo UAM. The same user as the one that has been configured previously in sudoers.

• ansible_password: Password.

And the following properties under all.vars yaml section:

• duam_relay_entrypoint : tcp://FQDN_CENTRAL_RELAY:443. Where FQDN_CENTRAL_RELAY is the FQDN of your central Devo relay. To know which entrypoint corresponds to the used domain, follow the next steps (to send the data via a Devo Relay instead of sending it directly to Devo see the appendix below):

  • Access Devo Web Interface with your credentials.

  • Go to Administration -> Relays in the left pane.
    Image Removed

  • Copy the field Address of the central relay.
    Image Removed

Create docker/user/config.json file with valid empty JSON body:

echo '{}' > docker/user/config.json

Run Ansible playbook:

ansible-playbook -i inventories/py3-1host-example.yaml playbooks/devo-universal-agent.yaml

Now you can connect to server app using https://DUAM_IP:8080, where DUAM_IP is the Devo Universal Agent Manager IP (default passwords are saved in duam_admin_passwd property in inventory file).

Image Removed
 The endpoints (please refer to Universal Agent Deployment) should be automatically detected and listed as an active host. If the website was already opened before adding the host, a page refresh is required.This is an example screenshot:

Image Removed

UA Manager services:

To check the status port 8080:

systemctl status devo-ua-manager

To check the status port 8081:

systemctl status nginx

Send data to a relay instead of Devo

When configuring the parameter duam_relay_entrypoint in the inventory file, input the IP and port of the desired relay (in the below example, the relay is located in 192.168.43.147 and uses the port 13000).

Add the parameters with blank value as in the snippet below:

all:
  vars:
...
    duam_relay_entrypoint: tcp://192.168.43.147:13000
    duam_devo_key: ""
    duam_devo_cert: ""
    duam_devo_chain: ""
...  

Prerequisites for installation on Ubuntu18

• Ensure the host can connect to public URLs on the Internet.
• Ensure that the user that will run Ansible command can run sudo command without prompt.
• Run the following line in an SSH session where you did not previously run any sudo command:

sudo ls

• If the previous command still asks for password, you can use the next command to avoid it:

sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers "

Ensure you can access the host through SSH using its main service IP address. It should be also possible to open an SSH connection from the same host using that IP address.
• If your deployment scenario includes using existing databases, make sure that the Devo UA Manager has connectivity to MySQL and Redis ports.

• Download the Devo UAM software, copy it to your home folder and extract it using:

cd $HOME
tar -zxvf devo-ua-deployer.tgz

• Download the your Devo domain certscertificates:
  
  1.  Connect to your Devo domain web interface
  2. Access to Administration -> Credentials in the left pane.
  Image RemovedImage Added
  3. Select X.509 certificates in the upper menu
  4. Select your certificate, download them and rename them as:
  5. Click on CHAIN CA in the upper right corner ->→ chain.crt
  6. Click on certificate on the certificate row -> domain.crt
  7. Click on private key on the certificate row -> domain.key.
Image RemovedImage Added
  8. Copy the files to $HOME/devo-ua-deployer/domain-certs.

Installation

...

procedure

1. Check that user configured can run sudo command without prompt.

...

Run the following line in an SSH session where you did not previously run any sudo command:

sudo ls

If the previous command still asks for a password, you can use the next command to avoid it:

sudo /bin/bash -c "echo \"$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL\" >> /etc/sudoers "

2. Check python3 is installed with following command:

python3 --version

If the previous command return errors, you can install python3 with next command:

sudo apt-get install python3

3. Install Ansible from official

...

 repository:

sudo apt-add-repository ppa:ansible/ansible

...

sudo apt update

...

sudo apt install ansible

4. Change the working directory to the path where the installation package was extracted:

cd $HOME/devo-ua-deployer

5. Install the Ansible playbooks' dependencies:

ansible-galaxy install -r playbooks/roles/requirements.yaml

6. Edit the

...

inventories/py3-1host-example.yaml

...

file based the particular requirements of the installation. Refer to the generic deployment guidelines for additional information. If no additional requirements are needed, edit the file by following the next step.

7. Set the following properties under

...

all.hosts.devo-ua-manager

...

yaml section:

• ansible_host:

...

• Devo Universal Agent Manager IP.

...

• ansible_user:

...

• User that will run Devo UAM.

...

• Same as the

...

• user that has been configured previously in sudoers.
• ansible_password:

...

• Password
• If you want to use a private key instead of user and password please check the generic deployment guidelines section.

8. Set the following properties under

...

all.vars

...

yaml section:

duam_relay_entrypoint :

...

tcp://FQDN_CENTRAL_RELAY:443. Where

...

FQDN_CENTRAL_RELAY

...

is the

...

FQDN of your central Devo relay : 

• If your domain is deployed in the US Cloud (us.devo.com): tcp://us.elb.relay

...

• .logtrust.net:443
• If your domain is deployed in the EU Cloud (eu.devo.com): tcp://eu.elb.relay.logtrust.net:443
• If your domain is deployed in a different cloud, contact your Devo representative to know your entry point.
• To send the data via a Devo Relay instead of sending it directly to Devo

...

• Access Devo Web Interface with your credentials.

• Go to Administration -> Relays in the left pane.
  Image Removed

• Copy the field Address of the central relay.
  Image Removed

• check here to find out more.

9. Create docker/user/config.json file with valid empty JSON body:

echo '{}' > docker/user/config.json

10. Run the Ansible playbook:

ansible-playbook -i inventories/

...

py3-1host-example.yaml playbooks/devo-universal-agent.yaml

Now Once the installation process finishes, you can connect to server app using   https://DUAM_IP:8080, where  DUAM_IP  is the  Devo Universal Agent Manager IP(default passwords are saved in duam_admin_passwd property in inventory file).Image Removed
 The . User and password were configured in your inventory file.

Image Added

Upon agent installation, all monitored endpoints (please refer to   Universal Agent Deployment) should be automatically detected and listed as an active host. If the website was already opened before adding the host, a page refresh is required. This is an example screenshot:

Image Removed

Image Added

Troubleshooting

Use the following commands to verify the status of all the services exposed by the UA Manager services:

To check the status port 8080:

systemctl status devo-ua-manager

To check the status port 8081:

systemctl status nginx

...

Send data to a relay instead of Devo

When configuring the parameter duam_relay_entrypoint in the inventory file, input the IP and port of the desired relay (in the below example, the relay is located in 192.168.43.147 and uses the port 13000).

Add the parameters with blank value as in the snippet below:

all:
  vars:
...
    duam_relay_entrypoint: tcp://192.168.43.147:13000
    duam_devo_key: ""
    duam_devo_cert: ""
    duam_devo_chain: ""
...