This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.

To view the documentation for the latest version, select 23.3.01 from the Product version picker.

Installing BMC Helix Platform services 23.1.02

The following services provided by BMC Helix Platform are used by BMC Helix Service Management:

  • Infrastructure services
  • Common services
  • BMC Helix Dashboards
  • BMC Helix ITSM Insights
  • AR services

Important

If you install BMC Helix ITSM Insights, you must apply the BMC Helix Platform services 23.1.02 hotfix 1 after you install BMC Helix Platform services to 23.1.02 version.

Before you begin

To create a namespace

  1. Run the following command. The namespace must be a DNS-1123 label. That is, it must consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character.

    kubectl create ns <namespace>

    Important

    In BMC Helix Platform services 23.1.02, BMC Helix Logging (Elasticsearch, Fluent Bit, and Kibana) is deployed in the BMC Helix Platform namespace, and not in a separate namespace.

  2. Verify that nothing is installed in the namespace in which you plan to deploy the product.

    1. Run the following command:

      kubectl get all -n <namespace_created_earlier_in_this_procedure>
    2. Make sure that the following message is displayed:

      No resources found.

To configure the Ingress controller

  1. Identify the configmap name by running the following command:

    kubectl get all -n <ingress_nginx_namespace>
  2. Change the configmap name to use the configmap in your environment by running the following command:

    kubectl edit cm <ingress_nginx_configmap> -n  <ingress_nginx_namespace>
    
    data:
      enable-underscores-in-headers: "true"
      proxy-body-size: 250m
      server-name-hash-bucket-size: "1024"
      ssl-redirect: "false"
      use-forwarded-headers: "true"
      worker-processes: "40"

To install BMC Helix Platform services

  1. Log in to the controller or bastion system from where the Kubernetes cluster is accessible.
  2. Download the deployment manager BMC_Helix_Platform_Services_for_Service_Management_Version_23.1.02.zip from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
    To download the deployment manager from EPD, see Downloading the installation files.
    The ZIP file contains the following files:
    • helix-on-prem-deployment-manager-23.1.02.shThis file contains the deployment manager.
    • hotfix-23.1.02.001-1.tar.gz—This file contains the 23.1.02 hotfix 1 artifacts.
  3. Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-23.1.02.sh file.

  4. Self-extract the deployment manager. Run the following command:

    ./helix-on-prem-deployment-manager-23.1.02.sh
    cd helix-on-prem-deployment-manager
  5. Prepare for password encryption.

    1. Go to the commons/certs directory and open the secrets.txt file.
    2. Add the following passwords to this file:

      ParameterDescriptionSample value
      IMAGE_REGISTRY_PASSWORDPassword for the Docker registry.5016adc4-993f-4fc5-8fb0-8ef6b02ca9d3
      SMTP_PASSWORD

      Password to connect to the SMTP server. 

      In the configs/infra.config file, if the value of the SMTP_AUTH parameter file is NONE, leave the SMTP_PASSWORD value blank as shown below:

       SMTP_PASSWORD=""

      password123
      SMART_SYSTEM_PASSWORD

      Password to connect to the  BMC Discovery appliance.

      password123
      PG_PASSWD

      Password to connect to the PostgreSQL database.

      password123
      KIBANA_PASSWORD

      Password to connect to BMC Helix Logging (EFK).

      kibana123
      MINIO_ACCESS_KEY

      Password to access MinIO.

      admin
      MINIO_SECRET_KEY

      Password to connect to MinIO.

      bmcAdm1n
      ES_JKS_PASSWORD

      Password to connect to Elasticsearch.

      Important: If you are using a custom CA certificate, specify the password, else specify the value as ES_JKS_PASSWORD=""

      test@1234
    3. Save the secrets.txt file.

      Troubleshooting tip

      Make sure that you provide all passwords in the secrets.txt file. Even if a single password is not added in the secrets.txt file, the deployment fails with an error.

      Sample secrets.txt file

      # cat commons/certs/secrets.txt
      #Please put the passwords in this file
      IMAGE_REGISTRY_PASSWORD=password123
      SMTP_PASSWORD=""
      SMART_SYSTEM_PASSWORD=password123
      PG_PASSWD=pGtest2020
      KIBANA_PASSWORD=kibana123
      MINIO_ACCESS_KEY=admin
      MINIO_SECRET_KEY=bmcAdm1n
      ES_JKS_PASSWORD=test@1234
       
      ################## End OF THE FILE ####################


  6. In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.

    Important

    • The following load balancer hosts are required. You do not need any subdomains.
      • LB_HOST
        Ensure that the LB_HOST value is not the same as the tenant URL.

      • TMS_LB_HOST
      • MINIO_LB_HOST
      • MINIO_API_LB_HOST
      • KIBANA_LB_HOST
      • Tenant URL that is derived based on the following parameters from the infra.config file:
        $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
    • Make sure that you have created a storage class.
      BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS. NFS is not supported for persistent volumes. CephRBD is certified by BMC.

    Parameter

    Example Value

    Description

    IMAGE_REGISTRY_HOST   

    containers.bmc.com

    (or local repo if copied down)

    Image registry from where the nodes on the cluster download the images.

    If you have synchronized the images to a local Harbor registry, make sure the Harbor registry is set up with HTTPS.

    IMAGE_REGISTRY_USERNAME

    abc@bmc.com

    User name to log in to BMC DTR.

    If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.

    ENVIRONMENT

    poc

    Type of environment such as poc, dev, and qa.

    Do not use special characters for the environment value.

    You can use the same environment value while performing the BMC Helix Service Management installation.

    NAMESPACE   

    dark-helmet

    Namespace in which to install the services.

    You must have separate namespaces to install BMC Helix Platform services and BMC Helix Innovation Suite  and applications.

    LB_HOST     

    host-india-app.mydomain.com

    Host for load balancer for BMC Helix Innovation Suite.

    Specify the BMC Helix Innovation Suite URL.

    LB_PORT     

    443

    Port for load balancer.

    TMS_LB_HOST 

    tms-private-poc.mydomain.com

    Host for tenant management system.

    Specify the host of the load balancer that points to the tenant management system service.

    Domain        

    mydomain.com

    Domain name of the Load Balancer

    MINIO_LB_HOST

    minio-private-poc.mydomain.com

    URL for Minio storage.

    MINIO_API_LB_HOSTminio-api-poc.mydomain.com

    Use MinIO API ingress to create buckets by using the command line.

    CLUSTER_TYPE

    ""

    Either openshift or ocp for OpenShift.

    If CLUSTER_TYPE is not set to openshift or ocp, cluster type is treated as a Kubernetes cluster.

    COMPANY_NAME    

    photon2

    Parameter in the tenant URL formation like $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    Do not use special characters for the Company name.

    COMPANY_NAME value is used to generate the tenant URL.

    TENANT_EMAIL    

    pqr@mycompany.com

    Email address of the admin user of initial tenant.

    TENANT_FIRST_NAME

    TestName

    First name of the admin user for initial tenant.

    TENANT_LAST_NAME

    TestLastName

    Last name of the admin user for initial tenant.

    TENANT_TYPE

    tyrion

    Unique identifier of the tenant.
    The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the tenant.
    TENANT_DOMAIN_HOSTacme-private-poc.acme.com

    The tenant domain. This URL is for BMC Helix Portal.

    This is a required parameter.

    This parameter must be in the following format:

    $TENANT_NAME-$TENANT_TYPE-$ENVIRONMENT$.DOMAIN

    COUNTRY

    "United States"

    Matches the value in the OS locale.

    Important

    • Add the country name within quotation marks. For example:

      "India"

    • Do not use abbreviation in country names.

      Click here to view a list of the supported country names.

    NFS_STORAGE_CLASS""

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    SMTP_HOST     

    mailhost.mycompany.com

    SMTP host name of IP address accessible from cluster.

    SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete.

    All SMTP mail servers are supported.

    To use a temporary SMTP server to receive BMC Helix Platform services installation emails, see the knowledge article 000396217 Open link .

    SMTP_PORT     

    25

    An integer value for the port of the SMTP server.

    SMTP_USERNAME 

    abc@mycompany.com

    User name to connect to the SMTP server.

    If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below:

    • SMTP_USERNAME=""
    • SMTP_PASSWORD=""

    SMTP_FROM_EMAIL

    helix-rd@mycompany.com

    A valid email ID for the From address in all emails

    This parameter is required.

    SMTP_TLS

    "false"

    The SMTP server TLS. The value can be true or false.
    If not in use, specify the value as false.

    SMTP_AUTH_DASHBOARD

    true

    True or false.

    SMTP_AUTH

    PLAIN

    One of the following values:

    • PLAIN
      This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • LOGIN
      This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • NONE
      This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below:
      • SMTP_USERNAME=""
      • SMTP_PASSWORD=""

    OPS_GROUP_EMAIL

    ops-grp@mycompany.com

    ops email address.

    All emails related to tenant activities such as tenant creation, tenant registration, and tenant offboarding are sent to your organization's operations team.

    APPROVAL_GROUP_EMAIL

    grp-rd@mycompany.com

    Email address for approval.

    When a new tenant is created, an email is sent for tenant approval to this email group.

    PG_STORAGE_CLASS            

    ceph-block-storage

    Storage class used. Usually there is one Storage class configured for all the infra services. Please repeat the same value in that case

    VMSTORAGE_STORAGE_CLASS

    onprem-storage

    Storage class for VictoriaMetrics. 

    VMAGGSTORAGE_STORAGE_CLASS

    onprem-storage

    Storage class for VictoriaMetrics. 
    ES_MASTER_STORAGE_CLASSblock-store-classStorage class for Elasticsearch master nodes
    ES_DATA_STORAGE_CLASSblock-store-classStorage class for Elasticsearch data nodes.

    MINIO_STORAGE_CLASS

    onprem-storage

    Storage class for Minio.
    EFS_STORAGE_CLASS""Blank ""
    REDIS_HA_GLOBAL_STORAGECLASSblock-store-classStorage class for REDIS.
    KAFKA_STORAGECLASSblock-store-classStorage class for Kafka.

    ESLOG_MASTER_STORAGE_CLASS

    block-store-classStorage class for Elasticsearch log.
    ESLOG_DATA_STORAGE_CLASSblock-store-classStorage class for Elasticsearch log.
    MINIO_STORAGE_CLASS

    acme-block-storage

    Storage class for MinIO.

    Usually, a single storage class by using block storage is configured for all the infra services. Repeat the same value if configured in this manner.

    AIOPS_STORAGE_CLASS""Blank ""
    CUSTOM_CA_SIGNED_CERT_IN_USEfalse

    Default value is false.

    If you are using a self-signed or custom CA certificate, set the value to true. Copy the self-signed or custom CA certificate in the commons/certs/ directory. Ensure that the file name of the certificate is custom_cacert.pem

    Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.

    OPT_STORAGE_CLASS""Blank ""
    REPOPV_MOUNT_PATH""Blank ""
    MIGRATORPV_MOUNT_PATH""Blank ""
    ETLPV_MOUNT_PATH""Blank ""
    CLIENT_ROOT_CERT""Blank ""
    SMART_SYSTEM_USERNAME""Blank ""

    INGRESS_CLASS

    nginx

    Ingress class used while deploying Ingress controller. Change if multiple ingress controllers are on the cluster.

    If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.

    INGRESS_API_VERSION

    true

    True if your Ingress controller version is 1.2.0 or higher.

    HELM_BIN

    /usr/local/bin/helm

    Absolute path of the HELM binary.

    KUBECTL_BIN

    /usr/bin/kubectl

    Absolute path of the kubectl binary.

    OC_BIN

    /usr/local/sbin/oc

    Set if CLUSTER_TYPE is openshift or ocp.

    KIBANA_LB_HOST


    The BMC Helix Logging ingress uses this value. This value depends on the self-signed, CA-signed certificate, or custom certificate.
    If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.
    If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is false, use the DNS configured for the CA-signed certificate.
    If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.

    RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE


    If you want to use custom JAVA keystore for RSSO SAML keystore configuration, set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true.
    Perform the following steps:
    1. Set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.
    2. Rename the java keystore file to rsso_custom_java_keystore.
    3. Save this file in the commons/certs directory. The path of this file would be: commons/certs/rsso_custom_java_keystore

      The commons/certs/rsso_custom_java_keystore file will be mounted in the RSSO container at the following location: /etc/rsso_custom_java_keystore

    RUN_AS_USER

    null

    Set the security context that the infrastructure components must use to enforce security.

    Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
    If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null.

    Set the correct context for this variable according to the OpenShift namespace.
    For example, in OpenShift namespace, run the following command to get the ID range:


    oc describe namespace <namespace-name>

    After you run the command, look for the following line in the output:

    openshift.io/sa.scc.uid-range: 1000670000/10000
    Copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

    Important:
    The command and output changes for each namespace.

    FS_GROUP

    null

    Set the security context that the infrastructure components must use to enforce security.

    Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
    If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null.

    Set the correct context for this variable according to the OpenShift namespace.
    For example, in OpenShift namespace, run the following command to get the ID range:


    oc describe namespace <namespace-name>

    After you run the command, look for the following line in the output:

    openshift.io/sa.scc.uid-range: 1000670000/10000
    Copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

    Important:
    The command and output changes for each namespace.

    RUN_AS_GROUP

    null

    Set the security context that the infrastructure components must use to enforce security.

    Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
    If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null.

    Set the correct context for this variable according to the OpenShift namespace.
    For example, in OpenShift namespace, run the following command to get the ID range:


    oc describe namespace <namespace-name>

    After you run the command, look for the following line in the output:

    openshift.io/sa.scc.uid-range: 1000670000/10000
    Copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

    Important:
    The command and output changes for each namespace.

    OPT_FSGROUP

    ""

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    ML_FSGROUP

    ""

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    CUSTOM_SERVICEACCOUNT_NAME

     helix-onprem-sa

    Specify the custom service account name. 

    If you have cluster admin permissions to create ServiceAccount, Role, or RoleBinding,
    retain the CUSTOM_SERVICEACCOUNT_NAME value as 
    helix-onprem-sa, which is the default value.

    If you do not have permissions to create ServiceAccount, Role, or RoleBinding, create a ServiceAccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing the
    default value of helix-onprem-sa.

    • Create a role and rolebinding from the commons/yaml_files/role_rolebinding.yaml file.
    • Create a ServiceAccount from the file commons/yaml_files/serviceAccount.yaml file. 
    • Before you create a ServiceAccount, Role, or RoleBinding,
      you must replace _SERVICE_ACCOUNT_ with value of CUSTOM_SERVICEACCOUNT_NAME variable,
      and replace _NAMESPACE_ with value of NAMESPACE variable.

  7. In the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:

    ParameterRequired value
    Infra services options
    DEPLOYMENT_SIZE

    small, compact, medium, large, itsmcompact or itsmsmall

    If you do not want to install BMC Helix ITSM Insights, specify the value as itsmcompact or itsmsmall.

    _PTPOSTGRESS

    yes

    _KAFKA

    yes

    _REDIS

    yes

    _RSSO

    yes
    _ELASTICSEARCHyes
    VICTORIAMETRICSyes
    MINIOyes

    BMC Helix Dashboard services

    HELIX_DASHBOARD_SERVICES

    yes

    BMC Helix ITSM Insights

    (Optional)ITSMINSIGHT_SERVICES

    yes 

    If you are not using ITSM Insights, set this parameter to No.

    AR System services

    ARSERVICESyes

    BMC Helix Logging

    BMC_HELIX_LOGGING

    yes

  8. Install the product by running the following command:

    ./deployment-manager.sh

After the BMC Helix Platform services are deployed, the tenant administrator receives the following emails:

  • An email with details about the BMC Helix Platform account
  • An email to change the BMC Helix Platform account password at the first login

All installation logs are located in the following directory:

helix-on-prem-deployment-manager/logs


To apply the hotfix

Important

Apply this hotfix only if you have installed BMC Helix ITSM Insights.


  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. Create a new directory; for example, ITOM_HotFix_23.1.02.001
  3. Copy the hotfix-23.1.02.001-1.tar.gz file that you downloaded from EPD to the new directory.

  4. Extract the hotfix-23.1.02.001-1.tar.gz file by using the following command:

    tar xvf hotfix-23.1.02.001-1.tar.gz 

    The hotfix-23.1.02.001-1.tar.gz  file contains two files utils-23.1.02.001.tar.gz and hotfix-23.1.02.001-1.tar.gz.

  5. Navigate to the hotfix directory by using the following command:

    cd hotfix
  6. If you are using a local repository for accessing container images, make sure that you synchronize the images listed in the hotfix/new-image-list.txt to the local repository.
  7. Run the hf_script.sh script:

    bash hf_script.sh <full path of the helix-on-prem-deployment-manager directory> 

    Replace <full path of the helix-on-prem-deployment-manager directory> with the full path of the directory where you installed BMC Helix Platform services 23.1.02.
    Example:

    bash hf_script.sh /data/23.1.02/helix-on-prem-deployment-manager

    The hf_script.sh script creates a copy of helix-on-prem-deployment-manager in the path that you specified in the command and the directory is named helix-on-prem-deployment-manager_HF1.

    For example, a new directory /data/23.1.02/helix-on-prem-deployment-manager_HF1 is created. No changes are made to the original directory helix-on-prem-deployment-manager.

Sample configuration files

#Docker registry details
#IMAGE_REGISTRY_HOST=containers.bmc.com
#IMAGE_REGISTRY_USERNAME=<user name to access registry>
IMAGE_REGISTRY_HOST=
IMAGE_REGISTRY_USERNAME=
 
# keep double quotes in all variables if not required, don't leave them blank or empty
#Infra details
#NAMESPACE=dark-helmet
#LB_HOST=host-india-app.mydomain.com
#LB_PORT=443
#TMS_LB_HOST=tms-private-poc.mydomain.com
#DOMAIN=mydomain.com
#MINIO_LB_HOST=minio-private-poc.mydomain.com
#KIBANA_LB_HOST=kibana-private-poc.mydomain.com
#ENVIRONMENT=<Type of environment>
# The values of ENVIRONMENT is based on kind of setup you are going to create e.g. dev, qa, production, poc, multi-service, canary etc. (this is not based on deployment size compact, small, medium, large etc)
ENVIRONMENT=dev
NAMESPACE=
LB_HOST=
LB_PORT=
TMS_LB_HOST=
DOMAIN=
# If minio web access required .Please give LB (e.g.minio.domain.com )which has DNS entry otherwise keep blank "".
MINIO_LB_HOST=
# Use minio api ingress(minio-api.domain.com)
MINIO_API_LB_HOST=
KIBANA_LB_HOST=
 
#Cluster type can have values openshift or ocp for OpenShift.
#If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.
CLUSTER_TYPE=
 
#Tenant details for onboarding
#COMPANY_NAME=<tenant company name same as in tenant discover appliance url>
#TENANT_EMAIL=<tenant email address>
#TENANT_FIRST_NAME=<tenant first name>
#TENANT_LAST_NAME=<tenant last name>
## TENANT_TYPE= <Tenant type in tenant url same as in tenant discovery appliance url>
## Please use only alphanumeric value in COMPANY_NAME
COMPANY_NAME=
TENANT_EMAIL=
TENANT_FIRST_NAME=
TENANT_LAST_NAME=
TENANT_TYPE=
# Ensure that the values must  be compliant with the domain format mentioned in parameter "ADE_TENANT_DOMAIN_FORMAT" defined in ../product/platform/platform.json file
# Ensure provided value for parameter "ADE_TENANT_DOMAIN_FORMAT" is compliant with following criteria only i.e. small case letters, digits and hyphon(-)
# i.e. ADE_TENANT_DOMAIN_FORMAT: "#TENANT_NAME#__tenant_type__#ENV_NAME#.__domain__" i.e. adecompany-private-dev.onbmc.com
TENANT_DOMAIN_HOST=
# Ensure that the value of COUNTRY is enclosed within double quotes
COUNTRY="Virgin Islands, U.S."
 
#SMTP Config
#SMTP_HOST=<SMTP host name of IP address accessible from cluster>
#SMTP_PORT=<SMTP server port, e.g. 25>
#SMTP_USERNAME=<SMTP user name>
#SMTP_FROM_EMAIL=<SMTP from email address>
#SMTP_TLS=<true/false>
#This below variable is used by portal team
#SMTP_AUTH=<PLAIN or LOGIN or NONE>
# Use NONE for if you want to skip SMTP authentication
# PLAIN or LOGIN is used when you have authenticated SMTP user and SMTP password
#This variable is used for getting report email to dahsboard team by default value is true
#SMTP_AUTH_DASHBOARD=<true or false>
#OPS_GROUP_EMAIL=<ops email address>
#APPROVAL_GROUP_EMAIL=<email address for approval>
SMTP_HOST=
SMTP_PORT=
#Ensure blank values for SMTP username password is in double quotes
SMTP_USERNAME=
SMTP_FROM_EMAIL=
## SMTP_TLS value can be true or false.
## If SMTP_TLS is set to true and certificate of SMTP_HOST is signed by a custom or self-signed CA then
## ensure to append custom or self-signed CA certificate (full CA chain) to commons/certs/custom_cacert.pem file.
SMTP_TLS=false
SMTP_AUTH_DASHBOARD=true
SMTP_AUTH=
OPS_GROUP_EMAIL=
APPROVAL_GROUP_EMAIL=
 
#NFS details
## fully qualified mount path (e.g. /data/ade-stack/export) with folder (e.g. volumes), it will use static pvc with nfs storage
## Create a folder under mount path and change the owner to 786:998, e.g. chown -R 786:998 /data/ade-stack/export/volumes
#NFS_MOUNT_PATH=/data/ade-stack/export/volumes
#NFS_SERVER=<nfs server host name or IP address accessible from cluster>
#NFS_STORAGE_CLASS=onprem-nfs-storage
## keep NFS_STORAGE_CLASS empty if default storage class value should be used.
## NFS_MOUNT_PATH=""
## NFS_SERVER=""
NFS_STORAGE_CLASS=""
 
#storage class, set value as per storage class in cluster
#PG_STORAGE_CLASS=onprem-storage
#VMSTORAGE_STORAGE_CLASS=onprem-storage
#VMAGGSTORAGE_STORAGE_CLASS=onprem-storage
#ES_MASTER_STORAGE_CLASS=onprem-storage
#ES_DATA_STORAGE_CLASS=onprem-storage
#MINIO_STORAGE_CLASS=onprem-storage
#EFS_STORAGE_CLASS=onprem-storage
#REDIS_HA_GLOBAL_STORAGECLASS=onprem-storage
#KAFKA_STORAGECLASS=onprem-storage
#ESLOG_MASTER_STORAGE_CLASS=onprem-storage
#ESLOG_DATA_STORAGE_CLASS=onprem-storage
#AIOPS_STORAGE_CLASS=onprem-storage
 
PG_STORAGE_CLASS=
VMSTORAGE_STORAGE_CLASS=
VMAGGSTORAGE_STORAGE_CLASS=
ES_MASTER_STORAGE_CLASS=
ES_DATA_STORAGE_CLASS=
MINIO_STORAGE_CLASS=
EFS_STORAGE_CLASS=
REDIS_HA_GLOBAL_STORAGECLASS=
KAFKA_STORAGECLASS=
ESLOG_MASTER_STORAGE_CLASS=
ESLOG_DATA_STORAGE_CLASS=
AIOPS_STORAGE_CLASS=
 
#Optimize storage details
#OPT_STORAGE_CLASS=onprem-storage
OPT_STORAGE_CLASS=
 
#CUSTOM_CA_SIGNED_CERT_IN_USE=true/false
#if you are using self-signed/custom CA signed certificate please set it to true,
#also ensure you have copied custom CA certificate file at commons/certs directory with file name custom_cacert.pem i.e. commons/certs/custom_cacert.pem
CUSTOM_CA_SIGNED_CERT_IN_USE=false
 
# If there are no permissions to create ServiceAccount, Role, RoleBinding then, create a serviceaccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing default value of helix_onprem_sa.
# Ensure to create a role and rolebinding from file commons/yaml_files/role_rolebinding.yaml and a serviceAccount from file commons/yaml_files/serviceAccount.yaml.
# If there are permissions to create ServiceAccount, Role, RoleBinding then do not change CUSTOM_SERVICEACCOUNT_NAME from value helix-onprem-sa.
CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-sa
 
# If you want to use custom JAVA keystore for "RSSO SAML keystore configuration", then you must set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true
# and put the custom java keystore file at commons/certs directory with file name rsso_custom_java_keystore
# i.e. commons/certs/rsso_custom_java_keystore
# The file commons/certs/rsso_custom_java_keystore will be mounted inside RSSO container at location /etc/rsso_custom_java_keystore
# SAML Keystore - this is the Keystore used for reading SAML-specific certificates/keys. So, it's an application-level Keystore, used directly by the app.
# While JVM Keystore contains certificates for HTTPS connections, the SAML Keystore is used for storing signing and encryption certificates for communication with SAML v2 IdP.
RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE=false 
 
# Deployment Repository Service client root cert
# Ensure that the value of CLIENT_ROOT_CERT is enclosed within double quotes
# CLIENT_ROOT_CERT is required only if MONITOR is set to yes in configs/deployment.config file.
# If MONITOR is set to no then keep CLIENT_ROOT_CERT as empty double quoted string.
#CLIENT_ROOT_CERT="jEV0lsYSEY1QSte="
CLIENT_ROOT_CERT=""
 
# Smart Graph
#SMART_SYSTEM_USERNAME=system
SMART_SYSTEM_USERNAME=""
 
# Ingress class used while deploying Ingress controller
INGRESS_CLASS=nginx
 
#Binary paths on your system
#HELM_BIN=/usr/local/bin/helm
#KUBECTL_BIN=/usr/bin/kubectl
HELM_BIN=
KUBECTL_BIN=
#OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp
#OC_BIN=/usr/local/sbin/oc
OC_BIN=
 
# Infra components will run with below Security Context.
# Below 3 variables are considered only for OpenShift cluster
# i.e. if CLUSTER_TYPE is openshift or ocp
# Set correct context as per the OpenShift namespace.
# Else RUN_AS_USER, RUN_AS_GROUP and FS_GROUP must be null.
RUN_AS_USER=null
RUN_AS_GROUP=null
FS_GROUP=null
 
# Optimize Security Context:
# OPT_FSGROUP must have value 87654321 if CLUSTER_TYPE is openshift or ocp and INSTALL_MODE is upgrade and fresh deployment was performed with 22.2.01 version
# Else OPT_FSGROUP must have value 1001
OPT_FSGROUP=""
 
# If CLUSTER_TYPE is openshift or ocp  and INSTALL_MODE is fresh then ML_FSGROUP must be same as FS_GROUP mentioned above, else ML_FSGROUP must have value 998
ML_FSGROUP=""
 
################################### DO NOT CHANGE ANYTHING BELOW THIS LINE ##########################################
 
#Patroni Postgres config
PG_HOSTNAME=postgres-bmc-pg-ha-pool
PG_USER=postgres
PG_DATABASE=postgres
 
 
#Redis HA config
REDIS_HA_HOSTNAME=redis-redis-ha-haproxy
 
#Kafka & Zookeeper config
KAFKA_HOSTNAME=kafka
ZOOKEEPER_HOSTNAME=kafka-zookeeper
 
#RSSO Config
RSSO_PG_DB=ade_rsso
 
#Elasticsearch config
ES_EVENTS_HOSTNAME=elasticsearch-events-opendistro-es-data-svc
ES_LOGS_HOSTNAME=elasticsearch-logs-opendistro-es-data-svc
 
#MinIO config
MINIO_HOSTNAME=minio
 
# Misc
IMAGE_REGISTRY_SECRET=bmc-dtrhub
TENANT_PHONE=1234567890
LOGIN_ID=hannah_admin
#Common config begin
#Size of deployment, values are compact, small, medium, large, itsmcompact, and itsmsmall
DEPLOYMENT_SIZE=small
 
#Docker registry project details
IMAGE_REGISTRY_PROJECT=bmc
IMAGE_REGISTRY_ORG=lp0lz
CORE_IMAGE_REGISTRY_ORG=lp0lz
IA_IMAGE_REGISTRY_ORG=lp0oz
OPTIMIZE_IMAGE_REGISTRY_ORG=lp0pz
BHOM_IMAGE_REGISTRY_ORG=lp0mz
AIOPS_IMAGE_REGISTRY_ORG=la0cz
 
#Common config end
 
#Install mode as fresh or upgrade
INSTALL_MODE=fresh
 
#Flag controlling infra services installation
INFRA=yes
 
#Flag controlling individual infra services installation
_PTPOSTGRESS=no
_KAFKA=yes
_REDIS=yes
_RSSO=yes
_VICTORIAMETRICS=yes
_ELASTICSEARCH=yes
_MINIO=yes
 
# Do not make changes to service flags it will break dependency
#Flag controlling helix dashboard services installation
HELIX_DASHBOARD_SERVICES=yes
 
#Flag controlling itsminsight services installation
ITSMINSIGHT_SERVICES=no
 
#Flag controlling aiops services installation
AIOPS_SERVICES=no
 
#Flag controlling monitor product installation
MONITOR=no
 
#Flag controlling intelligentintegrations services installation
INTELLI_INT_SERVICES=no
 
#Flag controlling intelligent automation product installation
INTELLIGENT_AUTOMATION=no
 
#Flag controlling bmc-helix-logging product installation
BMC_HELIX_LOGGING=yes
 
#Flag Controlling optimize installation
OPTIMIZE=no
 
#Flag AR Services installation
ARSERVICES=yes

Where to go from here

Next task

Proceed with Setting up the installation environment

Back to process

If you are finished setting up the installation environment, return to the appropriate installation, update, or upgrade process:


Was this page helpful? Yes No Submitting... Thank you

Comments