This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.

To view the documentation for the latest version, select 23.3.01 from the Product version picker.

Installing BMC Helix Platform services 22.2.01

The following services provided by BMC Helix Platform are used by BMC Helix Service Management:

  • Infrastructure services
  • Common services
  • BMC Helix Dashboards
  • BMC Helix ITSM Insights
AIF/ITSM INSIGHTS    
containers.bmc.com/bmc/lp0lz:ade-file-service-93acc46-136
containers.bmc.com/bmc/lp0lz:aif-api-service-c0e77f3-196
containers.bmc.com/bmc/lp0lz:aif-clustering-ingestion-service-0a4f181-209
containers.bmc.com/bmc/lp0lz:aif-clustering-service-3cb0ce6-145
containers.bmc.com/bmc/lp0lz:aif-core-service-498f30a-209
containers.bmc.com/bmc/lp0lz:aif-incident-ingestion-service-4388a36-132
containers.bmc.com/bmc/lp0lz:aif-job-manager-service-a635f78-190
containers.bmc.com/bmc/lp0lz:aif-machine-learning-utilities-59bd4c5-151
containers.bmc.com/bmc/lp0lz:aif-ticket-service-43f7612-147

CORE
containers.bmc.com/bmc/lp0lz:ade-audit-service-207
containers.bmc.com/bmc/lp0lz:ade-authz-service-292
containers.bmc.com/bmc/lp0lz:ade-identity-management-service-1134
containers.bmc.com/bmc/lp0lz:ade-predeploydb-40
containers.bmc.com/bmc/lp0lz:adereporting-3152
containers.bmc.com/bmc/lp0lz:adereporting-apiservice-22.2.00.001-16jun
containers.bmc.com/bmc/lp0lz:adereporting-content-fa81cba-442
containers.bmc.com/bmc/lp0lz:adereporting-initdb-v001
containers.bmc.com/bmc/lp0lz:adereporting-kafkacli-v002
containers.bmc.com/bmc/lp0lz:adereporting-puller-20d31c8-490
containers.bmc.com/bmc/lp0lz:adereporting-renderer-2cae2a4-448
containers.bmc.com/bmc/lp0lz:adereporting-runner-20d31c8-490
containers.bmc.com/bmc/lp0lz:aif-clustering-query-service-5b9d911-169
containers.bmc.com/bmc/lp0lz:anomaly-detection-service-ea2af64-126
containers.bmc.com/bmc/lp0lz:es-proxy-nginx-service-101af7e-253
containers.bmc.com/bmc/lp0lz:es-proxy-service-101af7e-253
containers.bmc.com/bmc/lp0lz:event-ingestion-service-18ed847-205
containers.bmc.com/bmc/lp0lz:event-mgmt-service-bd596c3-240
containers.bmc.com/bmc/lp0lz:event-processor-service-e551a5a-444
containers.bmc.com/bmc/lp0lz:event-service-8bf97b3-153
containers.bmc.com/bmc/lp0lz:kibana-proxy-service-77c08a2-314
containers.bmc.com/bmc/lp0lz:kibana-service-77c08a2-314
containers.bmc.com/bmc/lp0lz:log-ingestion-service-7f9eaab-181
containers.bmc.com/bmc/lp0lz:log-mgmt-service-e487cfa-299
containers.bmc.com/bmc/lp0lz:log-processing-service-8ea37b7-290
containers.bmc.com/bmc/lp0lz:logs-enrichment-sync-service-77e8c5d-89
containers.bmc.com/bmc/lp0lz:logs-portal-3427b5f-211
containers.bmc.com/bmc/lp0lz:metric-aggregation-service-e4db843-133
containers.bmc.com/bmc/lp0lz:metric-configuration-service-974a60f-140
containers.bmc.com/bmc/lp0lz:metric-gateway-service-f441bf4-152
containers.bmc.com/bmc/lp0lz:metricservice-0953cab-183
containers.bmc.com/bmc/lp0lz:prometheus-ingestion-service-8ccbab9-74
containers.bmc.com/bmc/lp0lz:smart-graph-api-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:thirdparty-ingestion-service-7291e10-69
containers.bmc.com/bmc/lp0lz:truesight-credential-service-320
containers.bmc.com/bmc/lp0lz:truesight-featureflag-service-62
containers.bmc.com/bmc/lp0lz:ade-ims-webhook-218
containers.bmc.com/bmc/lp0lz:ade-itsm-identity-sync-336
containers.bmc.com/bmc/lp0lz:adeops-util-88
containers.bmc.com/bmc/lp0lz:smart-graph-controller-api-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:smart-graph-controller-efsinit-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:smart-graph-controller-security-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:smart-graph-environment-controller-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:tctlrest-110
containers.bmc.com/bmc/lp0lz:tctlrest-24
PLATFORM    
containers.bmc.com/bmc/lp0lz:ade-identity-management-portal-1150
containers.bmc.com/bmc/lp0lz:ade-notification-service-334
containers.bmc.com/bmc/lp0lz:adeops-util-71
containers.bmc.com/bmc/lp0lz:ade-tenant-management-automation-404
containers.bmc.com/bmc/lp0lz:ade-tenant-management-portal-327
containers.bmc.com/bmc/lp0lz:ade-tenant-management-service-807
containers.bmc.com/bmc/lp0lz:ade-ui-content-service-247
containers.bmc.com/bmc/lp0lz:authproxy-RSSO_Auth_Proxy_126
containers.bmc.com/bmc/lp0lz:authproxy-RSSO_Auth_Proxy_130
containers.bmc.com/bmc/lp0lz:kubectl-latest
containers.bmc.com/bmc/lp0lz:tctlrest-85

INFRA    
containers.bmc.com/bmc/lp0lz:22201-1-v1-bitnami-kafka-2.7.0-debian-10-r124
containers.bmc.com/bmc/lp0lz:22201-1-v1-haproxy-2.4.9
containers.bmc.com/bmc/lp0lz:22201-1-v1-justwatch-elasticsearch_exporter-1.1.0
containers.bmc.com/bmc/lp0lz:22201-1-v2-bitnami-minio-2021.4.18-debian-10-r0
containers.bmc.com/bmc/lp0lz:22201-1-v2-bitnami-postgresql-repmgr-12.9.0
containers.bmc.com/bmc/lp0lz:22201-1-v2-pgpool-4.3.1-debian-10-r58
containers.bmc.com/bmc/lp0lz:22201-1-v2-victoriametrics-vminsert-v1.76.1-cluster
containers.bmc.com/bmc/lp0lz:22201-1-v2-victoriametrics-vmselect-v1.76.1-cluster
containers.bmc.com/bmc/lp0lz:22201-1-v2-victoriametrics-vmstorage-v1.76.1-cluster
containers.bmc.com/bmc/lp0lz:22201-1-v3-redis-6.2.5-alpine
containers.bmc.com/bmc/lp0lz:22201-1-v4-bitnami-zookeeper-3.7.0-debian-10-r25
containers.bmc.com/bmc/lp0lz:22201-1-v6-opendistro-for-elasticsearch-1.13.3
containers.bmc.com/bmc/lp0lz:22201-1-v7-elasticsearch-7.16.2-debian-10-r0
containers.bmc.com/bmc/lp0lz:22201-1-v2-bitnami-elasticsearch-curator-5.8.4
containers.bmc.com/bmc/lp0lz:22201-1-v4-bitnami-kibana-7.16.3-debian-10-r18
containers.bmc.com/bmc/lp0lz:HSSO_22.2.01-RC
containers.bmc.com/bmc/lp0lz:22201-1-v4-ade-infra-clients-1

Important

After you install BMC Helix Platform services to 22.2.01 version, you must apply the 22.2.01 hotfix 1.

Before you begin

  1. Create a namespace.

    1. Run the following command. The namespace must be a DNS-1123 label. That is, it must consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character.

      kubectl create ns <namespace>
    2. Verify that nothing is installed in the namespace in which you plan to deploy the product.

      1. Run the following command:

        kubectl get all -n <namespace_created_earlier_in_this_procedure>
      2. Make sure that the following message is displayed:

        No resources found.

    For EFK logging

    Create a namespace called bmc-helix-logging by using the following command:

    kubectl create ns bmc-helix-logging

    The Elasticsearch, FluentD, and Kibana services are installed in this namespace. These services are required to access logs from the pods that are running on BMC Helix Platform.

  2. Configure the ingress controller.

    1. Identify the configmap name by running the following command:

      kubectl get cm -n <ingress_nginx_namespace>
    2. Change the configmap name to use the configmap in your environment by running the following command:

      kubectl edit cm <ingress_nginx_configmap> -n  <ingress_nginx_namespace>
      
      data:
        enable-underscores-in-headers: "true"
        proxy-body-size: 250m
        server-name-hash-bucket-size: "1024"
        ssl-redirect: "false"
        use-forwarded-headers: "true"
        worker-processes: "40"

      Note

      The configurations shown above are mandatory. Apart from these, you can retain any other configurations as per your requirement.

  3. The following host names must be created with a DNS entry that points to the load balancer. The property names are used in the infra.config and deployment.config files during deployment. Make sure that the URLs are in the same domain.

    DescriptionProductFormatExampleMust be configured in the load balancer?Must have a DNS entry?File nameProperty name
    Host for Helix RSSOAll<any unique string>.$DOMAINmycomputer-rsso.lab.bmc.comYesYesconfigs/infra.configLB_HOST
    Host for tenant management systemAll<any unique string>.$DOMAINmycomputer-tms.lab.bmc.comYesYesconfigs/infra.configTMS_LB_HOST
    MinIO storage URLAll<any unique string>.$DOMAINmycomputer-minio.lab.bmc.comYesYesconfigs/infra.configMINIO_LB_HOST
    Tenant URLAll$COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-private-poc.lab.bmc.comYesYesconfigs/deployment.config for ENVIRONMENT and configs/infra.config for the othersCOMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN

    Discovery Appliance URL

    • BMC Helix IT Operations Management
    •  BMC Helix Continuous Optimization
    $COMPANY_NAME-disc-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-disc-private-poc.lab.bmc.comNoYesconfigs/deployment.config for ENVIRONMENT and configs/infra.config for the othersCOMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN

    BMC Helix Continuous Optimization

    BMC Helix Continuous Optimization

    $COMPANY_NAME-optimize-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-optimize-private-poc.lab.bmc.comNoYesconfigs/deployment.config for ENVIRONMENT and configs/infra.config for the othersCOMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN

To deploy the BMC Helix Platform services

  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. Download the deployment manager BMC_Helix_Platform_Services_for_Service_Management_Version_22.2.01.zip from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
    The ZIP file contains the following files:
    • helix-on-prem-deployment-manager-22.2.01.sh—This file contains the deployment manager.
    • jsons_22201_002.bzip2—This file contains the fix for the incorrect deployment file repository location issue.
    • hotfix-22.2.01.001-17.tar.gz—This file contains the 22.2.01 hotfix 1 artifacts.
  3. Download the only_ITSM_configs_22201_003.tar.xz file from EPD, if you haven't already.
    This file contains the latest deployment size templates.
    To download the files from EPD, see Downloading the installation files.
  4. Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-22.2.01.sh file.

  5. Self-extract the deployment manager. Run the following command:

    ./helix-on-prem-deployment-manager-22.2.01.sh
    cd helix-on-prem-deployment-manager
  6. If you are installing BMC Helix Platform services on Kubernetes 1.24 version, perform the following steps:
    1. Navigate to the commons directory.
    2. Open the preinstall-checker.sh file.
    3. Comment the code for Kubernetes version check.
  7. Prepare for password encryption:

    1. Go to the commons/certs directory and open the secrets.txt file.
    2. Add the following passwords to this file:

      Parameter nameDescriptionExample
      IMAGE_REGISTRY_PASSWORDPassword for the Docker registry.5016adc4-993f-4fc5-8fb0-8ef6b02ca9d3
      SMTP_PASSWORD

      The password to connect to the SMTP server. 

      In the configs/infra.config file, if the value of the the SMTP_AUTH parameter file is NONE, leave the SMTP_PASSWORD value blank as shown below:

       SMTP_PASSWORD=""

      password123
      SMART_SYSTEM_PASSWORD

      Password to connect to the BMC Discovery appliance.

      password123
      PG_PASSWD

      Password to connect to the PostgreSQL database.

      password123

    3. Save the secrets.txt file

    Troubleshooting tip

    Make sure that you provide all passwords in the secrets.txt file. Even if a single password is not added in the secrets.txt file, the deployment fails with an error.

    Sample secrets.txt file

    # cat commons/certs/secrets.txt
    #Please put the passwords in this file
    IMAGE_REGISTRY_PASSWORD=password123
    SMTP_PASSWORD=""
    SMART_SYSTEM_PASSWORD=password123
    PG_PASSWD=Test2020

    ################## End OF THE FILE ####################

  8. To apply the fix for the incorrect deployment file repository location issue, perform the following steps:

    1. Copy the jsons_22201_002.bzip2 file in the helix-on-prem-deployment-manager directory.
    2. Unzip the file by running the following command:

      tar xvf jsons_22201_002.bzip2

      After you unzip the file, the following folders are replaced in the helix-on-prem-deployment-manager/Products directory:

      • aiops
      • common-services
      • helixdashboard-services
      • intelligentautomation
      • intelligentintegrations
      • itsminsight-services
      • monitor
      • platform
  9. Update the deployment size templates.
    1. In the helix-on-prem-deployment-manager directory, copy the only_ITSM_configs_22201_003.tar.xz file.
    2. Extract the only_ITSM_configs_22201_003.tar.xz file by using the following command:

      tar xvf only_ITSM_configs_22201_003.tar.xz

      After you unzip the file, the following folders are replaced with the new deployment size templates in the helix-on-prem-deployment-manager directory.

      • configs/
      • configs/compact.config
      • configs/compact.json
      • configs/compact_jvm.config
      • configs/small.config
      • configs/small.json
      • configs/small_jvm.config
  10. In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.

    Important

    • The following load balancer hosts are required. You do not need any subdomains.
      • LB_HOST
        Ensure that the LB_HOST value is not the same as the tenant URL.

      • TMS_LB_HOST
      • MINIO_LB_HOST
      • Tenant URL that is derived based on the following parameters from the infra.config file:
        $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
    • Make sure that you have created a storage class.

    Parameter Name

    Description

    Example 

    IMAGE_REGISTRY_HOST   

    Image registry from where the nodes on the cluster download the images.

    If you have synchronized the images to local Harbor registry, make sure Harbor registry is set up with HTTPS.

    containers.bmc.com

    (or local repo if copied down)

    IMAGE_REGISTRY_USERNAME

    User name to log in to BMC DTR.

    If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.

    abc@bmc.com

    ENVIRONMENT

    Type of environment such as poc, dev, and qa.

    Do not use special characters for the environment value.

    You can use the same environment value while performing the BMC Helix Innovation Suite installation.

    poc

    NAMESPACE   

    Namespace in which to install the services.

    You must have separate namespaces to install BMC Helix Platform services and BMC Helix Innovation Suite  and applications.

    dark-helmet

    LB_HOST     

    Host for load balancer for BMC Helix Innovation Suite.

    Specify the BMC Helix Innovation Suite URL.

    host-india-app.mydomain.com

    LB_PORT     

    Port for load balancer.

    443

    TMS_LB_HOST 

    Host for tenant management system.

    Specify the host of the load balancer that points to the tenant management system service.

    tms-private-poc.mydomain.com

    Domain        

    Domain name of the Load Balancer

    mydomain.com

    MINIO_LB_HOST

    URL for Minio storage.

    minio-private-poc.mydomain.com

    CLUSTER_TYPE

    Cluster type can have values openshift or ocp for OpenShift.

    If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.

    ""

    COMPANY_NAME    

    This will be used in the tenant URL formation like $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    Do not use special characters for the Company name.

    COMPANY_NAME value is used to generate the tenant URL.

    photon2

    TENANT_EMAIL    

    Email address of the admin user of initial tenant.

    pqr@mycompany.com

    TENANT_FIRST_NAME

    First name of the admin user for initial tenant.

    TestName

    TENANT_LAST_NAME

    Last name of the admin user for initial tenant.

    TestLastName

    TENANT_TYPE

    Unique identifier of the tenant.
    The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the tenant.

    tyrion

    TENANT_DOMAIN_HOST

    The tenant domain. This is the URL of BMC Helix Portal.

    This is a required parameter.

    This parameter must be in the following format:

    $TENANT_NAME-$TENANT_TYPE-$ENVIRONMENT$.DOMAIN

    acme-private-poc.acme.com

    COUNTRY

    The country name must match the value in the OS locale.

    Important

    • Add the country name within double quotes. For example:

      "India"

    • Do not use abbreviation in country names.

      Click here to view a list of the supported country names.

    "United States"

    NFS_MOUNT_PATH

    Leave it blank ""

    This parameter is not required for BMC Helix ITSM.

    ""

    NFS_SERVER

    Leave it blank ""

    Leave blank. This parameter is not required for BMC Helix ITSM.

    ""
    NFS_STORAGE_CLASS

    Leave it blank ""

    Leave blank. This parameter is not required for BMC Helix ITSM.

    ""

    SMTP_HOST     

    SMTP host name of IP address accessible from cluster

    This parameter is required.

    SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete.

    All SMTP mail servers are supported.

    To use a temporary SMTP server to receive BMC Helix Platform services installation emails, see the knowledge article 000396217 Open link .

    mailhost.mycompany.com

    SMTP_PORT     

    An integer value for the port of the SMTP server. For example. 25

    This parameter is required.

    25

    SMTP_USERNAME 

    User name to connect to the SMTP server.

    If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below:

    • SMTP_USERNAME=""
    • SMTP_PASSWORD=""

    This parameter is required.

    abc@mycompany.com

    SMTP_FROM_EMAIL

    A valid email ID for the From address in all emails

    This parameter is required.

    helix-rd@mycompany.com

    SMTP_TLS

    The SMTP server TLS. If not in use, leave the parameter blank as shown below:

    SMTP_TLS=""

    ""

    SMTP_AUTH_DASHBOARD

    The value can be true or false.

    true

    SMTP_AUTH

    One of the following values:

    • PLAIN
      This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • LOGIN
      This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • NONE
      This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below:
      • SMTP_USERNAME=""
      • SMTP_PASSWORD=""

    PLAIN

    OPS_GROUP_EMAIL

    ops email address

    All emails related to tenant activities such as tenant creation, tenant registration, and tenant offboarding are sent to your organization's operations team.

    ops-grp@mycompany.com

    APPROVAL_GROUP_EMAIL

    email address for approval

    When a new tenant is created, an email is sent for tenant approval to this email group.

    grp-rd@mycompany.com

    PG_STORAGE_CLASS            

    Storage class used. Usually there is one Storage class configured for all the infra services. Please repeat the same value in that case

    ceph-block-storage

    VMSTORAGE_STORAGE_CLASS

    Storage class for VictoriaMetrics. 

    onprem-storage

    VMAGGSTORAGE_STORAGE_CLASS

    Storage class for VictoriaMetrics. 

    onprem-storage

    ES_MASTER_STORAGE_CLASSStorage class for Elasticsearch master nodesblock-store-class
    ES_DATA_STORAGE_CLASSStorage class for Elasticsearch data nodes.block-store-class

    MINIO_STORAGE_CLASS

    Storage class for Minio.

    onprem-storage

    EFS_STORAGE_CLASSLeave it blank """"
    REDIS_HA_GLOBAL_STORAGECLASSStorage class for REDISblock-store-class
    KAFKA_STORAGECLASSStorage class for Kafkablock-store-class

    ESLOG_MASTER_STORAGE_CLASS

    Storage class for Elasticsearch logblock-store-class
    ESLOG_DATA_STORAGE_CLASSStorage class for Elasticsearch logblock-store-class
    AIOPS_STORAGE_CLASSLeave it blank """"
    CUSTOM_CA_SIGNED_CERT_IN_USE

    The default value is false.

    If you are using a self-signed or custom CA certificate, set the value to true.

    For instructions on using a self-signed or custom CA certificates, see  Using self-signed or custom CA certificates Open link .

    Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.

    false
    OPT_STORAGE_CLASSLeave it blank """"
    REPOPV_MOUNT_PATHLeave it blank """"
    MIGRATORPV_MOUNT_PATHLeave it blank """"
    ETLPV_MOUNT_PATHLeave it blank """"
    CLIENT_ROOT_CERTLeave it blank """"
    SMART_SYSTEM_USERNAMELeave it blank """"

    INGRESS_CLASS

    Ingress class used while deploying Ingress controller. Change if multiple ingress controllers on cluster.

    By default rancher will have nginx.

    If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.

    nginx

    INGRESS_API_VERSION

    Specify the value as true if your Ingress controller version is 1.2.0 or higher.

    true

    HELM_BIN

    Absolute path of the HELM binary

    /usr/local/bin/helm

    KUBECTL_BIN

    Absolute path of the kubectl binary

    /usr/bin/kubectl

    OC_BIN

    OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp

    /usr/local/sbin/oc

  11. In the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:

    Parameter NameRequired value
    DEPLOYMENT_ENVIRONMENTsmall

    HELIX_DASHBOARD_SERVICES

    yes
    VICTORIAMETRICSyes
    MINIOyes
    (Optional)ITSMINSIGHT_SERVICES

    yes 

    If you are not using ITSM Insights, set this parameter to No.

    BMC_HELIX_LOGGING

    yes

  12. To install the product, run the following command:

    ./deployment-manager.sh
  13. When asked, enter a password of your choice for encryption or decryption.

    This password is used to encrypt all passwords that you added in the commons/certs/secrets.txt file.

    Important

    Save this password. The deployer uses this password in all future product deployments.

    1. The deployer encrypts all passwords that you added in the secrets.txt file.
    2. The deployer creates a commons/certs/secrets.config file and adds all the encrypted passwords to it.
    3. The deployer deletes the secrets.txt file.


    Perform these steps if you forget the encryption password or if you need to change it:

    1. Delete the commons/certs/secrets.config file.
    2. In thecommons/certs directory, create secrets.txt file, and specify the encryption password.
    3. Run the deployer again.
    4. When asked, enter a password of your choice for encryption or decryption.
      The deployer creates a new secrets.config file with the new encryption password.

After the BMC Helix Platform services are deployed, the tenant administrator receives the following emails:

  • An email with details about the BMC Helix Platform account
  • An email to change the BMC Helix Platform account password at the first login

After the installation, you can see the Elasticsearch, Fluentd, and Kibana pods in the bmc-helix-logging namespace. You can access Kibana with the following URL:

http://<masternodeip>:5601/ 

All installation logs are located in the following directory:

helix-on-prem-deployment-manager/logs

To apply the hotfix

  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. In the helix-on-prem-deployment-manager/configs/deployment.config file, make sure that the INFRA and _RSSO parameter values are set to yes.

    Important

    The INFRA and _RSSO parameter values must be set to yes. All other parameters in the file must be set to value no.

  3. Extract the hotfix-22.2.01.001-17.tar.gz file that you downloaded from EPD by using the following command:

    tar xvf hotfix-22.2.01.001-17.tar.gz
  4. Navigate to the hotfix directory by using the following command:

    cd hotfix
  5. If you are not using BMC Helix ITSM Insights, disable the aif chart installation in this hotfix by commenting the following line in the hotfix/new-service-list.config file:

    ITSMINSIGHT_SERVICES=aif-core-service,aif-ticket-service
  6. Run the hotfix script file hf_script.sh by using the following command and pass the full path of the previous deployment manager directory.

    bash hf_script.sh </path/to/directory/22.2.01>/helix-on-prem-deployment-manager

    This command creates a copy of the helix-on-prem-deployment-manager directory. 
    For example:

    bash hf_script.sh /data/22.2.01/helix-on-prem-deployment-manager

    This command creates a new directory named helix-on-prem-deployment-manager_HF1 at /data/22.2.01

    After the hotfix script execution is complete, the Please enter password for encryption/decryption command prompt is displayed.
  7. Enter the password.

Sample configuration files

#Docker registry details
IMAGE_REGISTRY_HOST=containers.bmc.com
IMAGE_REGISTRY_USERNAME=<user name to access registry>

# keep double quotes in all variables if not required, don't leave them blank or empty
#Infra details
#NAMESPACE=dark-helmet
#LB_HOST=host-india-app.mydomain.com
#LB_PORT=443
#TMS_LB_HOST=tms-private-poc.mydomain.com
#DOMAIN=mydomain.com
#MINIO_LB_HOST=minio-private-poc.mydomain.com
#ENVIRONMENT=<Type of environment>
ENVIRONMENT=small
NAMESPACE=
LB_HOST=
LB_PORT=
TMS_LB_HOST=
DOMAIN=
MINIO_LB_HOST=

#Cluster type can have values openshift or ocp for OpenShift.
#If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.
CLUSTER_TYPE=

#Tenant details for onboarding
#COMPANY_NAME=<tenant company name same as in tenant discover appliance url>
#TENANT_EMAIL=<tenant email address>
#TENANT_FIRST_NAME=<tenant first name>
#TENANT_LAST_NAME=<tenant last name>
## TENANT_TYPE= <Tenant type in tenant url same as in tenant discovery appliance url>
## Please use only alphanumeric value in COMPANY_NAME
COMPANY_NAME=
TENANT_EMAIL=
TENANT_FIRST_NAME=
TENANT_LAST_NAME=
TENANT_TYPE=
# Ensure that the values must  be compliant with the domain format mentioned in parameter "ADE_TENANT_DOMAIN_FORMAT" defined in ../product/platform/platform.json file 
# i.e. ADE_TENANT_DOMAIN_FORMAT: "#TENANT_NAME#__tenant_type__#ENV_NAME#.__domain__" i.e. adecompany-private-dev.onbmc.com
TENANT_DOMAIN_HOST=
# Ensure that the value of COUNTRY is enclosed within double quotes
COUNTRY="Virgin Islands, U.S."

#SMTP Config
#SMTP_HOST=<SMTP host name of IP address accessible from cluster>
#SMTP_PORT=<SMTP server port, e.g. 25>
#SMTP_USERNAME=<SMTP user name>
#SMTP_FROM_EMAIL=<SMTP from email address>
#SMTP_TLS=<SMTP server TLS, Leave it blank if not in use>
#This below variable is used by portal team 
#SMTP_AUTH=<PLAIN or LOGIN or NONE>
# Use NONE for if you want to skip SMTP authentication
# PLAIN or LOGIN is used when you have authenticated SMTP user and SMTP password
#This variable is used for getting report email to dahsboard team by default value is true
#SMTP_AUTH_DASHBOARD=<true or false>
#OPS_GROUP_EMAIL=<ops email address>
#APPROVAL_GROUP_EMAIL=<email address for approval>
SMTP_HOST=
SMTP_PORT=
#Ensure blank values for SMTP username password is in double quotes
SMTP_USERNAME=
SMTP_FROM_EMAIL=
## SMTP_TLS value can be blank, use double quotes to give blank value
SMTP_TLS=
SMTP_AUTH_DASHBOARD=
SMTP_AUTH=
OPS_GROUP_EMAIL=
APPROVAL_GROUP_EMAIL=

#NFS details
## fully qualified mount path (e.g. /data/ade-stack/export) with folder (e.g. volumes), it will use static pvc with nfs storage
## Create a folder under mount path and change the owner to 786:998, e.g. chown -R 786:998 /data/ade-stack/export/volumes
#NFS_MOUNT_PATH=/data/ade-stack/export/volumes
#NFS_SERVER=<nfs server host name or IP address accessible from cluster>
#NFS_STORAGE_CLASS=onprem-nfs-storage
## keep NFS_STORAGE_CLASS empty if default storage class value should be used.
NFS_MOUNT_PATH=""
NFS_SERVER=""
NFS_STORAGE_CLASS=""

#storage class, set value as per storage class in cluster 
#PG_STORAGE_CLASS=onprem-storage
#VMSTORAGE_STORAGE_CLASS=onprem-storage
#VMAGGSTORAGE_STORAGE_CLASS=onprem-storage
#ES_MASTER_STORAGE_CLASS=onprem-storage
#ES_DATA_STORAGE_CLASS=onprem-storage
#MINIO_STORAGE_CLASS=onprem-storage
#EFS_STORAGE_CLASS=onprem-storage
#REDIS_HA_GLOBAL_STORAGECLASS=onprem-storage
#KAFKA_STORAGECLASS=onprem-storage
#ESLOG_MASTER_STORAGE_CLASS=onprem-storage
#ESLOG_DATA_STORAGE_CLASS=onprem-storage
#AIOPS_STORAGE_CLASS=onprem-storage

PG_STORAGE_CLASS=
VMSTORAGE_STORAGE_CLASS=
VMAGGSTORAGE_STORAGE_CLASS=
ES_MASTER_STORAGE_CLASS=
ES_DATA_STORAGE_CLASS=
MINIO_STORAGE_CLASS=
EFS_STORAGE_CLASS=
REDIS_HA_GLOBAL_STORAGECLASS=
KAFKA_STORAGECLASS=
ESLOG_MASTER_STORAGE_CLASS=
ESLOG_DATA_STORAGE_CLASS=
AIOPS_STORAGE_CLASS=

#Optimize storage details
#OPT_STORAGE_CLASS=onprem-storage
OPT_STORAGE_CLASS=

################################################################################################################
## This section is only relevant on upgrade scenario from 21.3.03, on fresh deployment there is not need to create the static
## directories for optimize, they will be created dynamicliy
################################################################################################################
## fully qualified mount path (e.g. /data/ade-stack/export) with folders it will use static pvc with nfs storage
# 1) repository
# 2) migratorrepository
# 3) etlrepository
## Create a folder under mount path and change the owner to 1001:87654321,
# e.g. chown -R 1001:87654321 /data/ade-stack/export/repository
# e.g. chown -R 1001:87654321 /data/ade-stack/export/migratorrepository
# e.g. chown -R 1001:87654321 /data/ade-stack/export/etlrepository
REPOPV_MOUNT_PATH=
MIGRATORPV_MOUNT_PATH=
ETLPV_MOUNT_PATH=
################################################################################################################

#CUSTOM_CA_SIGNED_CERT_IN_USE=true/false
#if you are using self-signed/custom CA signed certificate please set it to true, 
#also ensure you have copied custom CA certificate file at commons/certs dir with file name custom_cacert.pem i.e. commons/certs/custom_cacert.pem
CUSTOM_CA_SIGNED_CERT_IN_USE=false
# Deployment Repository Service client root cert
# Ensure that the value of CLIENT_ROOT_CERT is enclosed within double quotes
#CLIENT_ROOT_CERT="jEV0lsYSEY1QSte="
CLIENT_ROOT_CERT=""

# Smart Graph
#SMART_SYSTEM_USERNAME=system
SMART_SYSTEM_USERNAME=""

# Ingress class used while deploying Ingress controller
INGRESS_CLASS=nginx

#Binary paths on your system
#HELM_BIN=/usr/local/bin/helm
#KUBECTL_BIN=/usr/bin/kubectl
HELM_BIN=
KUBECTL_BIN=
#OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp
#OC_BIN=/usr/local/sbin/oc
OC_BIN=

# If kubernetes in use is higher than 1.21 then set INGRESS_API_VERSION to true, else set it to false.
# Or if OpenShift version in use is higher than 4.8 then set INGRESS_API_VERSION to true, else set it to false.
INGRESS_API_VERSION=false

################################### DO NOT CHANGE ANYTHING BELOW THIS LINE ##########################################

#Postgres config
PG_HOSTNAME=postgres-postgresql-ha-pgpool
PG_USER=postgres
PG_DATABASE=postgres


#Redis HA config
REDIS_HA_HOSTNAME=redis-redis-ha-haproxy

#Kafka & Zookeeper config
KAFKA_HOSTNAME=kafka
ZOOKEEPER_HOSTNAME=kafka-zookeeper

#RSSO Config
RSSO_PG_DB=ade_rsso

#Elasticsearch config
ES_EVENTS_HOSTNAME=elasticsearch-events-opendistro-es-data-svc
ES_LOGS_HOSTNAME=elasticsearch-logs-opendistro-es-data-svc

#MinIO config
MINIO_HOSTNAME=minio

# Misc
IMAGE_REGISTRY_SECRET=bmc-dtrhub
TENANT_PHONE=1234567890
LOGIN_ID=hannah_admin
#Common config begin
#Type of deployment, values are compact, small, medium, large
DEPLOYMENT_ENVIRONMENT=small

#Docker registry project details
IMAGE_REGISTRY_PROJECT=bmc
IMAGE_REGISTRY_ORG=lp0lz
CORE_IMAGE_REGISTRY_ORG=lp0lz
IA_IMAGE_REGISTRY_ORG=lp0oz
OPTIMIZE_IMAGE_REGISTRY_ORG=lp0pz
BHOM_IMAGE_REGISTRY_ORG=lp0mz
AIOPS_IMAGE_REGISTRY_ORG=la0cz

#Common config end

#Install mode as fresh or upgrade
INSTALL_MODE=fresh

#Flag controlling infra services installation 
INFRA=yes

#Flag controlling individual infra services installation 
_POSTGRES=yes
_KAFKA=yes
_REDIS=yes
_RSSO=yes
_VICTORIAMETRICS=yes
_ELASTICSEARCH=yes
_MINIO=yes

# Do not make changes to service flags it will break dependency
#Flag controlling helix dashboard services installation 
HELIX_DASHBOARD_SERVICES=yes

#Flag controlling itsminsight services installation 
ITSMINSIGHT_SERVICES=yes

#Flag controlling aiops services installation 
AIOPS_SERVICES=no

#Flag controlling monitor product installation
MONITOR=no

#Flag controlling intelligentintegrations services installation 
INTELLI_INT_SERVICES=no

#Flag controlling intelligent automation product installation
INTELLIGENT_AUTOMATION=no

#Flag controlling bmc-helix-logging product installation
BMC_HELIX_LOGGING=yes

#Flag Controlling optimize installation
OPTIMIZE=no

Where to go from here

Next task

Proceed with Setting up the installation environment

Back to process

If you are finished setting up the installation environment, return to the appropriate installation, update, or upgrade process:


Was this page helpful? Yes No Submitting... Thank you

Comments

  1. John O'Toole

    The second line below seems very important. We should highlight it to ensure it is not missed:

    In the helix-on-prem-deployment-manager/configs/deployment.config file, make sure that the INFRA and _RSSO parameter values are set to yes. All other parameters in the file must be set to value no.

    Mar 30, 2023 11:34