Installing BMC Helix Platform services 23.1.02

The following services provided by BMC Helix Platform are used by BMC Helix IT Service Management:

• Infrastructure services
• Common services
• BMC Helix Dashboards
• BMC Helix ITSM Insights
• AR services

Before you begin

• Create a namespace for installing BMC Helix Platform services.

• Configure the Ingress controller.

To create a namespace

1. Run the following command. The namespace must be a DNS-1123 label. That is, it must consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character.

   kubectl create ns <namespace>

   Important

   In BMC Helix Platform services 23.1.02, BMC Helix Logging (Elasticsearch, Fluent Bit, and Kibana) is deployed in the BMC Helix Platform namespace, and not in a separate namespace.

2. Verify that nothing is installed in the namespace in which you plan to deploy the product.

   1. Run the following command:

      kubectl get all -n <namespace_created_earlier_in_this_procedure>

   2. Make sure that the following message is displayed:

      No resources found.

To configure the Ingress controller

1. Identify the configmap name by running the following command:

   kubectl get all -n <ingress_nginx_namespace>

2. Change the configmap name to use the configmap in your environment by running the following command:

   kubectl edit cm <ingress_nginx_configmap> -n  <ingress_nginx_namespace>
   
   data:
     enable-underscores-in-headers: "true"
     proxy-body-size: 250m
     server-name-hash-bucket-size: "1024"
     ssl-redirect: "false"
     use-forwarded-headers: "true"
     worker-processes: "40"

To install BMC Helix Platform services

1. Log in to the controller or bastion system from where the Kubernetes cluster is accessible.
2. Download the deployment manager BMC_Helix_Platform_Services_for_Service_Management_Version_23.1.02.zip from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
   To download the deployment manager from EPD, see Downloading the installation files.
   The ZIP file contains the following files:
   • helix-on-prem-deployment-manager-23.1.02.sh—This file contains the deployment manager.
     
   • hotfix-23.1.02.001-1.tar.gz—This file contains the 23.1.02 hotfix 1 artifacts.
     

3. Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-23.1.02.sh file.
   

4. Self-extract the deployment manager. Run the following command:

   ./helix-on-prem-deployment-manager-23.1.02.sh
   cd helix-on-prem-deployment-manager

5. Prepare for password encryption.

   1. Go to the commons/certs directory and open the secrets.txt file.

   2. Add the following passwords to this file:

      Parameter	Description	Sample value
      IMAGE_REGISTRY_PASSWORD	Password for the Docker registry.	5016adc4-993f-4fc5-8fb0-8ef6b02ca9d3
      SMTP_PASSWORD	Password to connect to the SMTP server.  In the configs/infra.config file, if the value of the SMTP_AUTH parameter file is NONE, leave the SMTP_PASSWORD value blank as shown below:  SMTP_PASSWORD=""	password123
      SMART_SYSTEM_PASSWORD	Password to connect to the  BMC Discovery appliance.	password123
      PG_PASSWD	Password to connect to the PostgreSQL database.	password123
      KIBANA_PASSWORD	Password to connect to BMC Helix Logging (EFK).	kibana123
      MINIO_ACCESS_KEY	Password to access MinIO.	admin
      MINIO_SECRET_KEY	Password to connect to MinIO.	bmcAdm1n
      ES_JKS_PASSWORD	Password to connect to Elasticsearch. Important: If you are using a custom CA certificate, specify the password, else specify the value as ES_JKS_PASSWORD=""	test@1234

   3. Save the secrets.txt file.

      Troubleshooting tip

      Make sure that you provide all passwords in the secrets.txt file. Even if a single password is not added in the secrets.txt file, the deployment fails with an error.

      Sample secrets.txt file

      # cat commons/certs/secrets.txt
#Please put the passwords in this file
IMAGE_REGISTRY_PASSWORD=password123
SMTP_PASSWORD=""
SMART_SYSTEM_PASSWORD=password123
PG_PASSWD=pGtest2020
KIBANA_PASSWORD=kibana123
MINIO_ACCESS_KEY=admin
MINIO_SECRET_KEY=bmcAdm1n
ES_JKS_PASSWORD=test@1234
 
################## End OF THE FILE ####################

      
      

6. In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.

   Important

   • The following load balancer hosts are required. You do not need any subdomains.
     • LB_HOST
       Ensure that the LB_HOST value is not the same as the tenant URL.
       
     • TMS_LB_HOST
     • MINIO_LB_HOST
     • MINIO_API_LB_HOST
     • KIBANA_LB_HOST
     • Tenant URL that is derived based on the following parameters from the infra.config file:
       $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
       
   • Make sure that you have created a storage class.
     BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS. NFS is not supported for persistent volumes. CephRBD is certified by BMC.

   Parameter	Example Value	Description
   IMAGE_REGISTRY_HOST	containers.bmc.com (or local repo if copied down)	Image registry from where the nodes on the cluster download the images. If you have synchronized the images to a local Harbor registry, make sure the Harbor registry is set up with HTTPS.
   IMAGE_REGISTRY_USERNAME	abc@bmc.com	User name to log in to BMC DTR. If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.
   ENVIRONMENT	poc	Type of environment such as poc, dev, and qa. Do not use special characters for the environment value. You can use the same environment value while performing the BMC Helix IT Service Management installation.
   NAMESPACE	dark-helmet	Namespace in which to install the services. You must have separate namespaces to install BMC Helix Platform services and BMC Helix Innovation Suite  and applications.
   LB_HOST	host-india-app.mydomain.com	Host for load balancer for BMC Helix Innovation Suite. Specify the BMC Helix Innovation Suite URL.
   LB_PORT	443	Port for load balancer.
   TMS_LB_HOST	tms-private-poc.mydomain.com	Host for tenant management system. Specify the host of the load balancer that points to the tenant management system service.
   Domain	mydomain.com	Domain name of the Load Balancer
   MINIO_LB_HOST	minio-private-poc.mydomain.com	URL for Minio storage.
   MINIO_API_LB_HOST	minio-api-poc.mydomain.com	Use MinIO API ingress to create buckets by using the command line.
   CLUSTER_TYPE	""	Either openshift or ocp for OpenShift. If CLUSTER_TYPE is not set to openshift or ocp, cluster type is treated as a Kubernetes cluster.
   COMPANY_NAME	photon2	Parameter in the tenant URL formation like $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN Do not use special characters for the Company name. COMPANY_NAME value is used to generate the tenant URL.
   TENANT_EMAIL	pqr@mycompany.com	Email address of the admin user of initial tenant.
   TENANT_FIRST_NAME	TestName	First name of the admin user for initial tenant.
   TENANT_LAST_NAME	TestLastName	Last name of the admin user for initial tenant.
   TENANT_TYPE	tyrion	Unique identifier of the tenant. The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the tenant.
   TENANT_DOMAIN_HOST	acme-private-poc.acme.com	The tenant domain. This URL is for BMC Helix Portal. This is a required parameter. This parameter must be in the following format: $TENANT_NAME-$TENANT_TYPE-$ENVIRONMENT$.DOMAIN
   COUNTRY	"United States"	Matches the value in the OS locale. Important Add the country name within quotation marks. For example: "India" Do not use abbreviation in country names. Click here to view a list of the supported country names.
   NFS_STORAGE_CLASS	""	Blank "" This parameter is not required for BMC Helix IT Service Management.
   SMTP_HOST	mailhost.mycompany.com	SMTP host name of IP address accessible from cluster. SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete. All SMTP mail servers are supported. To use a temporary SMTP server to receive BMC Helix Platform services installation emails, see the knowledge article 000396217 .
   SMTP_PORT	25	An integer value for the port of the SMTP server.
   SMTP_USERNAME	abc@mycompany.com	User name to connect to the SMTP server. If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below: SMTP_USERNAME="" SMTP_PASSWORD=""
   SMTP_FROM_EMAIL	helix-rd@mycompany.com	A valid email ID for the From address in all emails This parameter is required.
   SMTP_TLS	"false"	The SMTP server TLS. The value can be true or false. If not in use, specify the value as false.
   SMTP_AUTH_DASHBOARD	true	True or false.
   SMTP_AUTH	PLAIN	One of the following values: PLAIN This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD. LOGIN This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD. NONE This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below: SMTP_USERNAME="" SMTP_PASSWORD=""
   OPS_GROUP_EMAIL	ops-grp@mycompany.com	ops email address. All emails related to tenant activities such as tenant creation, tenant registration, and tenant offboarding are sent to your organization's operations team.
   APPROVAL_GROUP_EMAIL	grp-rd@mycompany.com	Email address for approval. When a new tenant is created, an email is sent for tenant approval to this email group.
   PG_STORAGE_CLASS	ceph-block-storage	Storage class used. Usually there is one Storage class configured for all the infra services. Please repeat the same value in that case
   VMSTORAGE_STORAGE_CLASS	onprem-storage	Storage class for VictoriaMetrics.
   VMAGGSTORAGE_STORAGE_CLASS	onprem-storage	Storage class for VictoriaMetrics.
   ES_MASTER_STORAGE_CLASS	block-store-class	Storage class for Elasticsearch master nodes
   ES_DATA_STORAGE_CLASS	block-store-class	Storage class for Elasticsearch data nodes.
   MINIO_STORAGE_CLASS	onprem-storage	Storage class for Minio.
   EFS_STORAGE_CLASS	""	Blank ""
   REDIS_HA_GLOBAL_STORAGECLASS	block-store-class	Storage class for REDIS.
   KAFKA_STORAGECLASS	block-store-class	Storage class for Kafka.
   ESLOG_MASTER_STORAGE_CLASS	block-store-class	Storage class for Elasticsearch log.
   ESLOG_DATA_STORAGE_CLASS	block-store-class	Storage class for Elasticsearch log.
   MINIO_STORAGE_CLASS	acme-block-storage	Storage class for MinIO. Usually, a single storage class by using block storage is configured for all the infra services. Repeat the same value if configured in this manner.
   AIOPS_STORAGE_CLASS	""	Blank ""
   CUSTOM_CA_SIGNED_CERT_IN_USE	false	Default value is false. If you are using a self-signed or custom CA certificate, set the value to true. Copy the self-signed or custom CA certificate in the commons/certs/ directory. Ensure that the file name of the certificate is custom_cacert.pem Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix IT Service Management installation.
   OPT_STORAGE_CLASS	""	Blank ""
   REPOPV_MOUNT_PATH	""	Blank ""
   MIGRATORPV_MOUNT_PATH	""	Blank ""
   ETLPV_MOUNT_PATH	""	Blank ""
   CLIENT_ROOT_CERT	""	Blank ""
   SMART_SYSTEM_USERNAME	""	Blank ""
   INGRESS_CLASS	nginx	Ingress class used while deploying Ingress controller. Change if multiple ingress controllers are on the cluster. If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.
   INGRESS_API_VERSION	true	True if your Ingress controller version is 1.2.0 or higher.
   HELM_BIN	/usr/local/bin/helm	Absolute path of the HELM binary.
   KUBECTL_BIN	/usr/bin/kubectl	Absolute path of the kubectl binary.
   OC_BIN	/usr/local/sbin/oc	Set if CLUSTER_TYPE is openshift or ocp.
   KIBANA_LB_HOST		The BMC Helix Logging ingress uses this value. This value depends on the self-signed, CA-signed certificate, or custom certificate. If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate. If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is false, use the DNS configured for the CA-signed certificate. If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.
   RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE		If you want to use custom JAVA keystore for RSSO SAML keystore configuration, set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true. Perform the following steps: Set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true. Rename the java keystore file to rsso_custom_java_keystore. Save this file in the commons/certs directory. The path of this file would be: commons/certs/rsso_custom_java_keystore The commons/certs/rsso_custom_java_keystore file will be mounted in the RSSO container at the following location: /etc/rsso_custom_java_keystore
   RUN_AS_USER	null	Set the security context that the infrastructure components must use to enforce security. Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp. If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null. Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift namespace, run the following command to get the ID range: oc describe namespace <namespace-name> After you run the command, look for the following line in the output: openshift.io/sa.scc.uid-range: 1000670000/10000 Copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP. Important: The command and output changes for each namespace.
   FS_GROUP	null	Set the security context that the infrastructure components must use to enforce security. Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp. If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null. Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift namespace, run the following command to get the ID range: oc describe namespace <namespace-name> After you run the command, look for the following line in the output: openshift.io/sa.scc.uid-range: 1000670000/10000 Copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP. Important: The command and output changes for each namespace.
   RUN_AS_GROUP	null	Set the security context that the infrastructure components must use to enforce security. Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp. If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null. Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift namespace, run the following command to get the ID range: oc describe namespace <namespace-name> After you run the command, look for the following line in the output: openshift.io/sa.scc.uid-range: 1000670000/10000 Copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP. Important: The command and output changes for each namespace.
   OPT_FSGROUP	""	Blank "" This parameter is not required for BMC Helix IT Service Management.
   ML_FSGROUP	""	Blank "" This parameter is not required for BMC Helix IT Service Management.
   CUSTOM_SERVICEACCOUNT_NAME	helix-onprem-sa	Specify the custom service account name.  If you have cluster admin permissions to create ServiceAccount, Role, or RoleBinding, retain the CUSTOM_SERVICEACCOUNT_NAME value as helix-onprem-sa, which is the default value. If you do not have permissions to create ServiceAccount, Role, or RoleBinding, create a ServiceAccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing the default value of helix-onprem-sa. Create a role and rolebinding from the commons/yaml_files/role_rolebinding.yaml file. Create a ServiceAccount from the file commons/yaml_files/serviceAccount.yaml file.  Before you create a ServiceAccount, Role, or RoleBinding, you must replace _SERVICE_ACCOUNT_ with value of CUSTOM_SERVICEACCOUNT_NAME variable, and replace _NAMESPACE_ with value of NAMESPACE variable.

7. In the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:

   Parameter	Required value
   Infra services options
   DEPLOYMENT_SIZE	small, compact, medium, large, itsmcompact or itsmsmall If you do not want to install BMC Helix ITSM Insights, specify the value as itsmcompact or itsmsmall.
   _PTPOSTGRESS	yes
   _KAFKA	yes
   _REDIS	yes
   _RSSO	yes
   _ELASTICSEARCH	yes
   VICTORIAMETRICS	yes
   MINIO	yes
   BMC Helix Dashboard services
   HELIX_DASHBOARD_SERVICES	yes
   BMC Helix ITSM Insights
   (Optional)ITSMINSIGHT_SERVICES	yes  If you are not using ITSM Insights, set this parameter to No.
   AR System services
   ARSERVICES	yes
   BMC Helix Logging
   BMC_HELIX_LOGGING	yes

8. Install the product by running the following command:
   

   ./deployment-manager.sh

After the BMC Helix Platform services are deployed, the tenant administrator receives the following emails:

• An email with details about the BMC Helix Platform account
• An email to change the BMC Helix Platform account password at the first login

All installation logs are located in the following directory:

helix-on-prem-deployment-manager/logs

To apply the hotfix

1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
2. Create a new directory; for example, ITOM_HotFix_23.1.02.001. 

3. Copy the hotfix-23.1.02.001-1.tar.gz file that you downloaded from EPD to the new directory.

4. Extract the hotfix-23.1.02.001-1.tar.gz file by using the following command:

   tar xvf hotfix-23.1.02.001-1.tar.gz 

   The hotfix-23.1.02.001-1.tar.gz  file contains two files utils-23.1.02.001.tar.gz and hotfix-23.1.02.001-1.tar.gz.

5. Navigate to the hotfix directory by using the following command:

   cd hotfix

6. If you are using a local repository for accessing container images, make sure that you synchronize the images listed in the hotfix/new-image-list.txt to the local repository.

7. Run the hf_script.sh script:
   

   bash hf_script.sh <full path of the helix-on-prem-deployment-manager directory> 

   Replace <full path of the helix-on-prem-deployment-manager directory> with the full path of the directory where you installed BMC Helix Platform services 23.1.02.
   Example:

   bash hf_script.sh /data/23.1.02/helix-on-prem-deployment-manager

   The hf_script.sh script creates a copy of helix-on-prem-deployment-manager in the path that you specified in the command and the directory is named helix-on-prem-deployment-manager_HF1.

   For example, a new directory /data/23.1.02/helix-on-prem-deployment-manager_HF1 is created. No changes are made to the original directory helix-on-prem-deployment-manager.

Sample configuration files

#Docker registry details
#IMAGE_REGISTRY_HOST=containers.bmc.com
#IMAGE_REGISTRY_USERNAME=<user name to access registry>
IMAGE_REGISTRY_HOST=
IMAGE_REGISTRY_USERNAME=
 
# keep double quotes in all variables if not required, don't leave them blank or empty
#Infra details
#NAMESPACE=dark-helmet
#LB_HOST=host-india-app.mydomain.com
#LB_PORT=443
#TMS_LB_HOST=tms-private-poc.mydomain.com
#DOMAIN=mydomain.com
#MINIO_LB_HOST=minio-private-poc.mydomain.com
#KIBANA_LB_HOST=kibana-private-poc.mydomain.com
#ENVIRONMENT=<Type of environment>
# The values of ENVIRONMENT is based on kind of setup you are going to create e.g. dev, qa, production, poc, multi-service, canary etc. (this is not based on deployment size compact, small, medium, large etc)
ENVIRONMENT=dev
NAMESPACE=
LB_HOST=
LB_PORT=
TMS_LB_HOST=
DOMAIN=
# If minio web access required .Please give LB (e.g.minio.domain.com )which has DNS entry otherwise keep blank "".
MINIO_LB_HOST=
# Use minio api ingress(minio-api.domain.com)
MINIO_API_LB_HOST=
KIBANA_LB_HOST=
 
#Cluster type can have values openshift or ocp for OpenShift.
#If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.
CLUSTER_TYPE=
 
#Tenant details for onboarding
#COMPANY_NAME=<tenant company name same as in tenant discover appliance url>
#TENANT_EMAIL=<tenant email address>
#TENANT_FIRST_NAME=<tenant first name>
#TENANT_LAST_NAME=<tenant last name>
## TENANT_TYPE= <Tenant type in tenant url same as in tenant discovery appliance url>
## Please use only alphanumeric value in COMPANY_NAME
COMPANY_NAME=
TENANT_EMAIL=
TENANT_FIRST_NAME=
TENANT_LAST_NAME=
TENANT_TYPE=
# Ensure that the values must  be compliant with the domain format mentioned in parameter "ADE_TENANT_DOMAIN_FORMAT" defined in ../product/platform/platform.json file
# Ensure provided value for parameter "ADE_TENANT_DOMAIN_FORMAT" is compliant with following criteria only i.e. small case letters, digits and hyphon(-)
# i.e. ADE_TENANT_DOMAIN_FORMAT: "#TENANT_NAME#__tenant_type__#ENV_NAME#.__domain__" i.e. adecompany-private-dev.onbmc.com
TENANT_DOMAIN_HOST=
# Ensure that the value of COUNTRY is enclosed within double quotes
COUNTRY="Virgin Islands, U.S."
 
#SMTP Config
#SMTP_HOST=<SMTP host name of IP address accessible from cluster>
#SMTP_PORT=<SMTP server port, e.g. 25>
#SMTP_USERNAME=<SMTP user name>
#SMTP_FROM_EMAIL=<SMTP from email address>
#SMTP_TLS=<true/false>
#This below variable is used by portal team
#SMTP_AUTH=<PLAIN or LOGIN or NONE>
# Use NONE for if you want to skip SMTP authentication
# PLAIN or LOGIN is used when you have authenticated SMTP user and SMTP password
#This variable is used for getting report email to dahsboard team by default value is true
#SMTP_AUTH_DASHBOARD=<true or false>
#OPS_GROUP_EMAIL=<ops email address>
#APPROVAL_GROUP_EMAIL=<email address for approval>
SMTP_HOST=
SMTP_PORT=
#Ensure blank values for SMTP username password is in double quotes
SMTP_USERNAME=
SMTP_FROM_EMAIL=
## SMTP_TLS value can be true or false.
## If SMTP_TLS is set to true and certificate of SMTP_HOST is signed by a custom or self-signed CA then
## ensure to append custom or self-signed CA certificate (full CA chain) to commons/certs/custom_cacert.pem file.
SMTP_TLS=false
SMTP_AUTH_DASHBOARD=true
SMTP_AUTH=
OPS_GROUP_EMAIL=
APPROVAL_GROUP_EMAIL=
 
#NFS details
## fully qualified mount path (e.g. /data/ade-stack/export) with folder (e.g. volumes), it will use static pvc with nfs storage
## Create a folder under mount path and change the owner to 786:998, e.g. chown -R 786:998 /data/ade-stack/export/volumes
#NFS_MOUNT_PATH=/data/ade-stack/export/volumes
#NFS_SERVER=<nfs server host name or IP address accessible from cluster>
#NFS_STORAGE_CLASS=onprem-nfs-storage
## keep NFS_STORAGE_CLASS empty if default storage class value should be used.
## NFS_MOUNT_PATH=""
## NFS_SERVER=""
NFS_STORAGE_CLASS=""
 
#storage class, set value as per storage class in cluster
#PG_STORAGE_CLASS=onprem-storage
#VMSTORAGE_STORAGE_CLASS=onprem-storage
#VMAGGSTORAGE_STORAGE_CLASS=onprem-storage
#ES_MASTER_STORAGE_CLASS=onprem-storage
#ES_DATA_STORAGE_CLASS=onprem-storage
#MINIO_STORAGE_CLASS=onprem-storage
#EFS_STORAGE_CLASS=onprem-storage
#REDIS_HA_GLOBAL_STORAGECLASS=onprem-storage
#KAFKA_STORAGECLASS=onprem-storage
#ESLOG_MASTER_STORAGE_CLASS=onprem-storage
#ESLOG_DATA_STORAGE_CLASS=onprem-storage
#AIOPS_STORAGE_CLASS=onprem-storage
 
PG_STORAGE_CLASS=
VMSTORAGE_STORAGE_CLASS=
VMAGGSTORAGE_STORAGE_CLASS=
ES_MASTER_STORAGE_CLASS=
ES_DATA_STORAGE_CLASS=
MINIO_STORAGE_CLASS=
EFS_STORAGE_CLASS=
REDIS_HA_GLOBAL_STORAGECLASS=
KAFKA_STORAGECLASS=
ESLOG_MASTER_STORAGE_CLASS=
ESLOG_DATA_STORAGE_CLASS=
AIOPS_STORAGE_CLASS=
 
#Optimize storage details
#OPT_STORAGE_CLASS=onprem-storage
OPT_STORAGE_CLASS=
 
#CUSTOM_CA_SIGNED_CERT_IN_USE=true/false
#if you are using self-signed/custom CA signed certificate please set it to true,
#also ensure you have copied custom CA certificate file at commons/certs directory with file name custom_cacert.pem i.e. commons/certs/custom_cacert.pem
CUSTOM_CA_SIGNED_CERT_IN_USE=false
 
# If there are no permissions to create ServiceAccount, Role, RoleBinding then, create a serviceaccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing default value of helix_onprem_sa.
# Ensure to create a role and rolebinding from file commons/yaml_files/role_rolebinding.yaml and a serviceAccount from file commons/yaml_files/serviceAccount.yaml.
# If there are permissions to create ServiceAccount, Role, RoleBinding then do not change CUSTOM_SERVICEACCOUNT_NAME from value helix-onprem-sa.
CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-sa
 
# If you want to use custom JAVA keystore for "RSSO SAML keystore configuration", then you must set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true
# and put the custom java keystore file at commons/certs directory with file name rsso_custom_java_keystore
# i.e. commons/certs/rsso_custom_java_keystore
# The file commons/certs/rsso_custom_java_keystore will be mounted inside RSSO container at location /etc/rsso_custom_java_keystore
# SAML Keystore - this is the Keystore used for reading SAML-specific certificates/keys. So, it's an application-level Keystore, used directly by the app.
# While JVM Keystore contains certificates for HTTPS connections, the SAML Keystore is used for storing signing and encryption certificates for communication with SAML v2 IdP.
RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE=false 
 
# Deployment Repository Service client root cert
# Ensure that the value of CLIENT_ROOT_CERT is enclosed within double quotes
# CLIENT_ROOT_CERT is required only if MONITOR is set to yes in configs/deployment.config file.
# If MONITOR is set to no then keep CLIENT_ROOT_CERT as empty double quoted string.
#CLIENT_ROOT_CERT="jEV0lsYSEY1QSte="
CLIENT_ROOT_CERT=""
 
# Smart Graph
#SMART_SYSTEM_USERNAME=system
SMART_SYSTEM_USERNAME=""
 
# Ingress class used while deploying Ingress controller
INGRESS_CLASS=nginx
 
#Binary paths on your system
#HELM_BIN=/usr/local/bin/helm
#KUBECTL_BIN=/usr/bin/kubectl
HELM_BIN=
KUBECTL_BIN=
#OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp
#OC_BIN=/usr/local/sbin/oc
OC_BIN=
 
# Infra components will run with below Security Context.
# Below 3 variables are considered only for OpenShift cluster
# i.e. if CLUSTER_TYPE is openshift or ocp
# Set correct context as per the OpenShift namespace.
# Else RUN_AS_USER, RUN_AS_GROUP and FS_GROUP must be null.
RUN_AS_USER=null
RUN_AS_GROUP=null
FS_GROUP=null
 
# Optimize Security Context:
# OPT_FSGROUP must have value 87654321 if CLUSTER_TYPE is openshift or ocp and INSTALL_MODE is upgrade and fresh deployment was performed with 22.2.01 version
# Else OPT_FSGROUP must have value 1001
OPT_FSGROUP=""
 
# If CLUSTER_TYPE is openshift or ocp  and INSTALL_MODE is fresh then ML_FSGROUP must be same as FS_GROUP mentioned above, else ML_FSGROUP must have value 998
ML_FSGROUP=""
 
################################### DO NOT CHANGE ANYTHING BELOW THIS LINE ##########################################
 
#Patroni Postgres config
PG_HOSTNAME=postgres-bmc-pg-ha-pool
PG_USER=postgres
PG_DATABASE=postgres
 
 
#Redis HA config
REDIS_HA_HOSTNAME=redis-redis-ha-haproxy
 
#Kafka & Zookeeper config
KAFKA_HOSTNAME=kafka
ZOOKEEPER_HOSTNAME=kafka-zookeeper
 
#RSSO Config
RSSO_PG_DB=ade_rsso
 
#Elasticsearch config
ES_EVENTS_HOSTNAME=elasticsearch-events-opendistro-es-data-svc
ES_LOGS_HOSTNAME=elasticsearch-logs-opendistro-es-data-svc
 
#MinIO config
MINIO_HOSTNAME=minio
 
# Misc
IMAGE_REGISTRY_SECRET=bmc-dtrhub
TENANT_PHONE=1234567890
LOGIN_ID=hannah_admin

#Common config begin
#Size of deployment, values are compact, small, medium, large, itsmcompact, and itsmsmall
DEPLOYMENT_SIZE=small
 
#Docker registry project details
IMAGE_REGISTRY_PROJECT=bmc
IMAGE_REGISTRY_ORG=lp0lz
CORE_IMAGE_REGISTRY_ORG=lp0lz
IA_IMAGE_REGISTRY_ORG=lp0oz
OPTIMIZE_IMAGE_REGISTRY_ORG=lp0pz
BHOM_IMAGE_REGISTRY_ORG=lp0mz
AIOPS_IMAGE_REGISTRY_ORG=la0cz
 
#Common config end
 
#Install mode as fresh or upgrade
INSTALL_MODE=fresh
 
#Flag controlling infra services installation
INFRA=yes
 
#Flag controlling individual infra services installation
_PTPOSTGRESS=no
_KAFKA=yes
_REDIS=yes
_RSSO=yes
_VICTORIAMETRICS=yes
_ELASTICSEARCH=yes
_MINIO=yes
 
# Do not make changes to service flags it will break dependency
#Flag controlling helix dashboard services installation
HELIX_DASHBOARD_SERVICES=yes
 
#Flag controlling itsminsight services installation
ITSMINSIGHT_SERVICES=no
 
#Flag controlling aiops services installation
AIOPS_SERVICES=no
 
#Flag controlling monitor product installation
MONITOR=no
 
#Flag controlling intelligentintegrations services installation
INTELLI_INT_SERVICES=no
 
#Flag controlling intelligent automation product installation
INTELLIGENT_AUTOMATION=no
 
#Flag controlling bmc-helix-logging product installation
BMC_HELIX_LOGGING=yes
 
#Flag Controlling optimize installation
OPTIMIZE=no
 
#Flag AR Services installation
ARSERVICES=yes

Where to go from here