This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.

To view the documentation for the latest version, select 23.3.01 from the Product version picker.

Installing BMC Helix Platform Common Services 23.2.02

BMC Helix Platform Common Services is a microservices-based platform that provides foundational services (such as user management, tenant management, and single sign-on) and the data lake (such as Elasticsearch, PostgreSQL, and MinIO).

BMC Helix Platform Common Services installation is a pre-requisite for BMC Helix Service Management 22.1.06 installation. 

Important

If you are performing a combined deployment of BMC Helix Service Management and BMC Helix IT Operations Management, and have installed BMC Helix IT Operations Management, do not install BMC Helix Platform Common Services again.

BMC Helix Platform Common Services are deployed with the BMC Helix IT Operations Management deployment.


The following video (3:23) provides a summary of installing BMC Helix Platform Common Services:

https://youtu.be/Vd5HG7txsdg

Before you begin

  • Make sure that you have created a namespace to install BMC Helix Platform Common services.
  • Verify that nothing is installed in the namespace by using the following command:

    kubectl get all -n <namespace>
  • Make sure that you have configured the nginx-configuration configmap.
    For information about the nginx-configuration configmap parameter value requirements, see System requirements.
  • Make sure that you have permission to create ServiceAccount, Role, and RoleBinding in the BMC Helix Platform namespace.
    If you do not have permission, create a Service account, Role, and RoleBinding.

Important

Do not perform these tasks if you have already installed BMC Helix IT Operations Management (ITOM).

To create ServiceAccount, Role, and RoleBinding

To install BMC Helix Platform Common Services, you must have permission to create ServiceAccount, Role, and RoleBinding in the BMC Helix Platform namespace.

If you do not have permission, an administrator must perform the following steps to create a Service account, Role, and RoleBinding to enable you to install BMC Helix Platform Common Services:

  1. In the commons/yaml_files/serviceAccount.yaml and commons/yaml_files/role_rolebinding.yaml file replace the following values:
    1. __SERVICE_ACCOUNT__ with the name of the service account that you want to create.
    2. __NAMESPACE__ with the BMC Helix Platform namespace.
  2. To create a service account, run the following command:

    kubectl apply -f serviceAccount.yaml
  3. To create role and rolebinding, run the following command:

    kubectl apply -f role_rolebinding.yaml
  4. When you set the CUSTOM_SERVICEACCOUNT_NAME parameter in the infra.config file, replace helix-onprem-sa value with the service account name that you created.

Important

The uninstallation script deletes the custom service account.

If you have created a custom service account, after performing an uninstallation, you must recreate the custom service account.

Task 1: To download and extract the deployment manager

  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. Download the deployment manager helix-on-prem-deployment-manager-23.2.02.sh from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
    To download the files from EPD, see Downloading the installation files.

    Important

    If you are using the Kubernetes version 1.26, make sure that you download the itom-predeploy-hotfix-23.2.02.002-10 hotfix.


  3. Download the itom-predeploy-hotfix-23.2.02.002-10.tar.gz file from EPD, if you haven't already.
    This file contains the latest deployment size templates.
  4. Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-23.2.02.sh file.

  5. Self-extract the deployment manager. Run the following command:

    ./helix-on-prem-deployment-manager-23.2.02.sh
    cd helix-on-prem-deployment-manager
  6. Apply the hotfix itom-predeploy-hotfix-23.2.02.002-10.tar.gz by performing the following steps:
    The hotfix itom-predeploy-hotfix-23.2.02.002-10.tar.gz provides support for Kubernetes version 1.26 and updated deployment size templates.

    1. In the helix-on-prem-deployment-manager directory, copy the itom-predeploy-hotfix-23.2.02.002-10.tar.gz file.
    2. Extract the itom-predeploy-hotfix-23.2.02.002-10.tar.gz file by using the following command:

      tar xvf itom-predeploy-hotfix-23.2.02.002-10.tar.gz

      After you unzip the file, the following folders are replaced with the new deployment size templates in the helix-on-prem-deployment-manager directory.

      • configs/
      • configs/compact.config
      • configs/compact.json
      • configs/compact_jvm.config
      • configs/small.config
      • configs/small.json
      • configs/small_jvm.config

Task 2: To prepare for password encryption

  1. Go to the commons/certs directory and open the secrets.txt file.
  2. Add the following passwords to this file:

    PropertyDescriptionExample
    IMAGE_REGISTRY_PASSWORDPassword for the Docker registry.5016adc4-993f-4fc5-8fb0-8ef6b02ca9d3
    SMTP_PASSWORD

    Password to connect to the SMTP server. 

    In the configs/infra.config file, if the value of the SMTP_AUTH parameter file is NONE, leave the SMTP_PASSWORD value blank as shown below:

     SMTP_PASSWORD=""

    password123
    SMART_SYSTEM_PASSWORD

    Password to connect to the  BMC Discovery appliance.

    password123
    PG_PASSWD

    Password to connect to the PostgreSQL database.

    password123
    KIBANA_PASSWORD

    Password to connect to BMC Helix Logging (EFK).

    kibana123
    MINIO_ACCESS_KEY

    Password to access MinIO.

    admin
    MINIO_SECRET_KEY

    Password to connect to MinIO.

    bmcAdm1n
    ES_JKS_PASSWORD

    Password to connect to Elasticsearch.

    Important:

    • If you are using a custom CA certificate, specify the password, else specify the value as ES_JKS_PASSWORD=""
    • This password must have minimum seven characters.
    ""
  3. Save the secrets.txt file

    Troubleshooting tip

    Make sure that you provide all passwords in the secrets.txt file. Even if a single password is not added in the secrets.txt file, the deployment fails with an error.

    Sample secrets.txt file

    # cat commons/certs/secrets.txt
    #Please put the passwords in this file
    IMAGE_REGISTRY_PASSWORD=password123
    SMTP_PASSWORD=""
    SMART_SYSTEM_PASSWORD=password123
    PG_PASSWD=pGtest2020
    KIBANA_PASSWORD=kibana123
    MINIO_ACCESS_KEY=admin
    MINIO_SECRET_KEY=bmcAdm1n
    ES_JKS_PASSWORD=test@1234
     
    ################## End OF THE FILE ####################

Task 3: To install BMC Helix Platform Common Services

  1. In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.

    Important

    • The following load balancer hosts are required. You do not need any subdomains.
      • LB_HOST
        Ensure that the LB_HOST value is not the same as the tenant URL.

      • TMS_LB_HOST
      • MINIO_LB_HOST
      • MINIO_API_LB_HOST
      • KIBANA_LB_HOST
      • Tenant URL that is derived based on the following parameters from the infra.config file:
        $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
    • Make sure that you have created a storage class.
      BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS. NFS is not supported for persistent volumes. CephRBD is certified by BMC.

    Property

    Description

    Example

    Docker registry details

    IMAGE_REGISTRY_HOST   

    Specify the host where the Docker registry is running with the BMC container images. If the images are synchronized to a local Harbor registry, make sure the Harbor registry is set up with HTTPS and set the local repository value to this parameter. 

    Important: Do not specify the host path; specify only the host name.

    Example:

    IMAGE_REGISTRY_HOST=containers.bmc.com

    IMAGE_REGISTRY_USERNAME

    Specify the username to access the Docker registry.

    If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.

    IMAGE_REGISTRY_USERNAME=abc@bmc.com

    Infrastructure details

    ENVIRONMENT

    Specify the environment type. 

    The value of this parameter depends on the kind of setup that you want to create, such as, dev, qa, or production.

    Important:

    • Do not use prod to indicate the production environment.
    • Do not use special characters.
    • The value of this parameter is not based on deployment size such as, compact, small, medium or large.

    You can use the same environment value while performing the BMC Helix Service Management installation.

    ENVIRONMENT=poc

    NAMESPACE   

    Specify the namespace where you want to install the services.

    You must have separate namespaces to install BMC Helix Platform Common Service and BMC Helix Service Management.

    NAMESPACE=dark-helmet

    LB_HOST     

    Specify a URL to create the load balancer host.

    The BMC Helix Single Sign-on  ingress uses this URL to access the BMC Helix Single Sign-on administration console.

    LB_HOST=host-india-app.mydomain.com

    LB_PORT     

    Specify the port number that the load balancer listens to and accepts the client request.

    The default value is 443.

    LB_PORT=443

    TMS_LB_HOST 

    Specify a URL to create the Tenant Management System host.  The value of this parameter is used by the tenant management system ingress.

    TMS_LB_HOST=tms-private-poc.mydomain.com

    DOMAIN

    Specify the URL for domain of the load balancer. This value is used to create a valid base URL for tenants and needs wild card certificate. Having a wild card certificate would help you to create multiple URLs.

    DOMAIN=mydomain.bmc.com

    MINIO_LB_HOST

    Specify a URL to create a  MinIO storage. This value is used by the MinIO ingress.

    MINIO_LB_HOST=minio.mydomain.bmc.com

    MINIO_API_LB_HOST 

    Specify a URL to create a MinIO storage. All the API based operations are performed using this URL. This URL is used to create a  MinIO bucket.
     

    MINIO_API_LB_HOST=minio-api.mydomain.bmc.com
    KIBANA_LB_HOST

    Specify a URL to create a Kibana load balancer host.  The BMC Helix Logging ingress uses the value of this parameter. The value of this parameter depends on the self-signed/CA-signed certificate or CA custom certificate. 
     

    KIBANA_LB_HOST=kibana-private-poc.mydomain.com
    Cluster details

    CLUSTER_TYPE

    Cluster type can have values openshift or ocp for OpenShift.

    If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.

    CLUSTER_TYPE=openshift

    Tenant details for onboarding

    COMPANY_NAME    

    Specify the name of the tenant.

    The value that you specify is used to create the tenant URL in the following format:
    $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    COMPANY_NAME=purplekite

    TENANT_EMAIL    

    Specify the email address of the admin user of the primary tenant.

    TENANT_EMAIL=abc@bmc.com

    TENANT_FIRST_NAME

    Specify the first name of the admin user of the primary tenant.

    TENANT_FIRST_NAME=Myfirstname

    TENANT_LAST_NAME

    Specify the last name of the admin user of the primary tenant.

    TENANT_LAST_NAME=Mylastname

    TENANT_TYPE

    Specify the unique identifier of the tenant.
    The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the teant.


    TENANT_TYPE=tyrion

    COUNTRY

    The country name must match the value in the OS locale.

    Important

    • Add the country name within double quotes. For example:

      "India"

    • Do not use abbreviation in country names.

      Click here to view a list of the supported country names.

    COUNTRY="United States"

    SMTP configuration details

    SMTP_HOST     

    SMTP host name of IP address accessible from cluster

    This parameter is required.

    SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete.

    All SMTP mail servers are supported.

    To use a temporary SMTP server to receive BMC Helix Platform Common Service installation emails, see the knowledge article 000396217 Open link .

    SMTP_HOST=mailhost.mycompany.com

    SMTP_PORT     

    An integer value for the port of the SMTP server. For example. 25

    This parameter is required.

    SMTP_PORT=25

    SMTP_USERNAME 

    User name to connect to the SMTP server.

    If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below:

    • SMTP_USERNAME=""
    • SMTP_PASSWORD=""

    This parameter is required.

    SMTP_USERNAME=abc@mycompany.com

    SMTP_FROM_EMAIL

    A valid email ID for the From address in all emails

    This parameter is required.

    SMTP_FROM_EMAIL=helix-rd@mycompany.com

    SMTP_TLS

    The SMTP server TLS. If not in use, leave the parameter blank as shown below:

    SMTP_TLS=""

    SMTP_TLS=""

    SMTP_AUTH_DASHBOARD

    The value can be true or false.

    SMTP_AUTH_DASHBOARD=true

    SMTP_AUTH

    One of the following values:

    • PLAIN
      This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • LOGIN
      This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • NONE
      This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below:
      • SMTP_USERNAME=""
      • SMTP_PASSWORD=""

    SMTP_AUTH=PLAIN

    OPS_GROUP_EMAIL

    Specify a valid email address for your organization's operations team. All emails related to tenant activities such as tenant creation, registration, and offboarding are sent to this email address.

    Important:
    Special characters are not allowed in an email.

    OPS_GROUP_EMAIL=ops-grp@mycompany.com

    APPROVAL_GROUP_EMAIL

    Set a valid email address of the approval group who would approve a new tenant. 

    Important:

    Special characters are not allowed in an email.

    APPROVAL_GROUP_EMAIL=grp-rd@mycompany.com

    Storage class details

    PG_STORAGE_CLASS            

    Storage class used. Usually there is one Storage class configured for all the infra services. Please repeat the same value in that case

    PG_STORAGE_CLASS=ceph-block-storage

    VMSTORAGE_STORAGE_CLASS

    Storage class for VictoriaMetrics. 

    VMSTORAGE_STORAGE_CLASS=onprem-storage

    VMAGGSTORAGE_STORAGE_CLASS

    Storage class for VictoriaMetrics. 

    VMAGGSTORAGE_STORAGE_CLASS=onprem-storage

    ES_MASTER_STORAGE_CLASSStorage class for Elasticsearch master nodesES_MASTER_STORAGE_CLASS=block-store-class
    ES_DATA_STORAGE_CLASSStorage class for Elasticsearch data nodes.ES_DATA_STORAGE_CLASS=block-store-class

    MINIO_STORAGE_CLASS

    Storage class for Minio.

    MINIO_STORAGE_CLASS=onprem-storage

    EFS_STORAGE_CLASSSpecify a storage class for Amazon Elastic File System (EFS). EFS_STORAGE_CLASS=acme-nfs-storage
    REDIS_HA_GLOBAL_STORAGECLASSStorage class for REDIS.REDIS_HA_GLOBAL_STORAGECLASS=block-store-class
    KAFKA_STORAGECLASSStorage class for Kafka.KAFKA_STORAGECLASS=block-store-class

    ESLOG_MASTER_STORAGE_CLASS

    Storage class for Elasticsearch log.ESLOG_MASTER_STORAGE_CLASS=block-store-class
    ESLOG_DATA_STORAGE_CLASSStorage class for Elasticsearch log.ESLOG_DATA_STORAGE_CLASS=block-store-class
    AIOPS_STORAGE_CLASS

    Leave it as blank ""

    This parameter is not required for BMC Helix Service Management.

    AIOPS_STORAGE_CLASS=""
    OPT_STORAGE_CLASS

    Leave it as blank ""

    This parameter is not required for BMC Helix Service Management.

    OPT_STORAGE_CLASS=""
    SMART_SYSTEM_USERNAME

    Leave it as blank ""

    This parameter is not required for BMC Helix Service Management.

    SMART_SYSTEM_USERNAME=""
    Certificate details
    CUSTOM_CA_SIGNED_CERT_IN_USE

    The default value is false.

    If you are using a self-signed or custom CA certificate, set the value to true.

    For instructions on using a self-signed or custom CA certificates, see  Using self-signed or custom CA certificates Open link .

    Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.

    CUSTOM_CA_SIGNED_CERT_IN_USE=false
    CUSTOM_SERVICEACCOUNT_NAME

    If you have permission to create ServiceAccount, Role, or RoleBinding, retain the CUSTOM_SERVICEACCOUNT_NAME value as  helix-onprem-sa. The installer will create the ServiceAccount during installation.

    If you do not have permission to create ServiceAccount, Role, or RoleBinding, perform the following steps:

    1. Create a ServiceAccount. See Creating ServiceAccount, Role, and RoleBinding.
    2. Assign the ServiceAccount that you created to CUSTOM_SERVICEACCOUNT_NAME.
    CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-sa
    RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE
    If you want to use custom JAVA keystore for RSSO SAML keystore configuration, set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true.
    Perform the following steps:
    1. Set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.
    2. Rename the java keystore file to rsso_custom_java_keystore.
    3. Save this file in the commons/certs directory. The path of this file would be: commons/certs/rsso_custom_java_keystore

      The commons/certs/rsso_custom_java_keystore file will be mounted in the RSSO container at the following location: /etc/rsso_custom_java_keystore


    The default value is false.

    RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE=false 
    Ingress class details

    INGRESS_CLASS

    Ingress class used while deploying Ingress controller. Change if multiple ingress controllers on cluster.

    By default rancher will have nginx.

    If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.

    INGRESS_CLASS=nginx

    Binary paths on your system
    HELM_BIN

    Specify the absolute path of the Helm binary that is supported for the current release.

    HELM_BIN=/usr/local/bin/helm

    KUBECTL_BIN

    Specify the absolute path of the kubectl binary that is supported for the current release.

    KUBECTL_BIN=/usr/bin/kubectl
    OpenShift details
    OC_BIN

    Specify the absolute path of the OpenShift binary.

    Important: OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp .

    OC_BIN=/usr/local/sbin/oc
    Security context used by infra components
    RUN_AS_USER

    Set the security context that the infrastructure components must use to enforce security.

    Set the correct context for this variable according to the OpenShift namespace.  For example, in OpenShift namespace, run the following command to get the ID range:

    oc describe namespace <namespace-name>

    Example output: 1000670000

    After you run the command look for the following line in the output:
    openshift.io/sa.scc.uid-range: 1000670000/10000 and copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

    Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
    If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null: RUN_AS_USER=null

    Important: The command and output changes for each namespace.

    RUN_AS_USER=null
    RUN_AS_GROUP

    Set the security context that the infrastructure components must use to enforce security.

    Set the correct context for this variable according to the OpenShift namespace.  For example, in OpenShift namespace, run the following command to get the ID range:

    oc describe namespace <namespace-name>

    Example output: 1000670000

    After you run the command look for the following line in the output:
    openshift.io/sa.scc.uid-range: 1000670000/10000 and copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

    Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
    If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null: RUN_AS_GROUP=null

    Important: The command and output changes for each namespace.

    RUN_AS_GROUP=null
    FS_GROUP


    Set the security context that the infrastructure components must use to enforce security.

    Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift namespace, run the following command to get the ID range:

    oc describe namespace <namespace-name>

    Example output: 1000670000

    After you run the command look for the following line in the output:
    openshift.io/sa.scc.uid-range: 1000670000/10000 and copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

    Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
    If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null: FS_GROUP=null

    Important: The command and output changes for each namespace.

    FS_GROUP=null

    OPT_FSGROUP

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    OPT_FSGROUP=""

    ML_FSGROUP

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    ML_FSGROUP=""

  2. In the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:

    ParameterRequired value
    Infra services options
    DEPLOYMENT_SIZE

    itsmcompact or itsmsmall

    If you are installing BMC Helix Platform Common Service in a nonproduction environment, specify the value as itsmcompact.

    If you are installing BMC Helix Platform Common Service in a production environment, specify the value as itsmsmall.

    BMC Helix Service Managementdoes not require BMC Helix Platform Common Services resources with deployment sizes such as medium or large. To optimize resources, the deployment sizes, itsmcompact and itsmsmall, are provided for BMC Helix Service Management installation. The itsmcompact size does not support high availability. Use itsmcompact for nonproduction environments. The itsmsmall size supports high availability, so use this size for production environments.

    INFRA

    yes

    _PTPOSTGRESS

    yes

    _KAFKA

    yes

    _REDIS

    yes

    _RSSO

    yes
    _ELASTICSEARCHyes
    _VICTORIAMETRICS

    yes

    Important: For the latest deployment size templates, set this parameter to No if you using only BMC Helix Dashboards and not using BMC Helix ITSM Insights.

    _MINIOyes

    BMC Helix Dashboard services

    HELIX_DASHBOARD_SERVICES

    yes

    BMC Helix ITSM Insights

    (Optional)ITSMINSIGHT_SERVICES

    yes 

    If you are not using ITSM Insights, set the ITSMINSIGHT_SERVICES and _VICTORIAMETRICS parameter values to No.

    AR System services

    ARSERVICES

    yes

    Important: Make sure that you specify the value as yes. This option registers the BMC Helix Innovation Suite services in BMC Helix Platform.

    BMC Helix Logging

    BMC_HELIX_LOGGING

    yes

  3. Install the product by running the following command:

    ./deployment-manager.sh

After the BMC Helix Platform Common Service are deployed, the tenant administrator receives the following emails:

  • An email with details about the BMC Helix Platform account
  • An email to change the BMC Helix Platform account password at the first login

All installation logs are located in the following directory:

helix-on-prem-deployment-manager/logs

Sample configuration files

#Docker registry details
#IMAGE_REGISTRY_HOST=containers.bmc.com
#IMAGE_REGISTRY_USERNAME=<user name to access registry>
IMAGE_REGISTRY_HOST=
IMAGE_REGISTRY_USERNAME=

# keep double quotes in all variables if not required, don't leave them blank or empty
#Infra details
#NAMESPACE=dark-helmet
#LB_HOST=host-india-app.mydomain.com
#LB_PORT=443
#TMS_LB_HOST=tms-private-poc.mydomain.com
#DOMAIN=mydomain.com
#MINIO_LB_HOST=minio-private-poc.mydomain.com
#KIBANA_LB_HOST=kibana-private-poc.mydomain.com
#ENVIRONMENT=<Type of environment>
# The values of ENVIRONMENT is based on kind of setup you are going to create e.g. dev, qa, production, poc, multi-service, canary etc. (this is not based on deployment size compact, small, medium, large etc)
ENVIRONMENT=dev
NAMESPACE=
LB_HOST=
LB_PORT=
TMS_LB_HOST=
DOMAIN=
# If minio web access required .Please give LB (e.g.minio.domain.com )which has DNS entry otherwise keep blank "".
MINIO_LB_HOST=
# Use minio api ingress(minio-api.domain.com) 
MINIO_API_LB_HOST=
KIBANA_LB_HOST=

#Cluster type can have values openshift or ocp for OpenShift.
#If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.
CLUSTER_TYPE=

#Tenant details for onboarding
#COMPANY_NAME=<tenant company name same as in tenant discover appliance url>
#TENANT_EMAIL=<tenant email address>
#TENANT_FIRST_NAME=<tenant first name>
#TENANT_LAST_NAME=<tenant last name>
## TENANT_TYPE= <Tenant type in tenant url same as in tenant discovery appliance url>
## Please use only alphanumeric value in COMPANY_NAME
COMPANY_NAME=
TENANT_EMAIL=
TENANT_FIRST_NAME=
TENANT_LAST_NAME=
TENANT_TYPE=
# Ensure that the value of COUNTRY is enclosed within double quotes
COUNTRY="Virgin Islands, U.S."

#SMTP Config
#SMTP_HOST=<SMTP host name of IP address accessible from cluster>
#SMTP_PORT=<SMTP server port, e.g. 25>
#SMTP_USERNAME=<SMTP user name>
#SMTP_FROM_EMAIL=<SMTP from email address>
#SMTP_TLS=<true/false>
#This below variable is used by portal team 
#SMTP_AUTH=<PLAIN or LOGIN or NONE>
# If you use NONE it will not skip the validation of SMTP but it means that your organization allows you to send email without SMTP authentication.
# PLAIN or LOGIN is used when you have authenticated SMTP user and SMTP password
#This variable is used for getting report email to dahsboard team by default value is true
#SMTP_AUTH_DASHBOARD=<true or false>
#OPS_GROUP_EMAIL=<ops email address>
#APPROVAL_GROUP_EMAIL=<email address for approval>
SMTP_HOST=
SMTP_PORT=
#Ensure blank values for SMTP username password is in double quotes
SMTP_USERNAME=
SMTP_FROM_EMAIL=
## SMTP_TLS value can be true or false.
## If SMTP_TLS is set to true and certificate of SMTP_HOST is signed by a custom or self-signed CA then 
## ensure to append custom or self-signed CA certificate (full CA chain) to commons/certs/custom_cacert.pem file.
SMTP_TLS=false
SMTP_AUTH_DASHBOARD=true
SMTP_AUTH=
OPS_GROUP_EMAIL=
APPROVAL_GROUP_EMAIL=

#storage class, set value as per storage class in cluster 
#PG_STORAGE_CLASS=onprem-storage
#VMSTORAGE_STORAGE_CLASS=onprem-storage
#VMAGGSTORAGE_STORAGE_CLASS=onprem-storage
#ES_MASTER_STORAGE_CLASS=onprem-storage
#ES_DATA_STORAGE_CLASS=onprem-storage
#MINIO_STORAGE_CLASS=onprem-storage
#EFS_STORAGE_CLASS=onprem-storage
#REDIS_HA_GLOBAL_STORAGECLASS=onprem-storage
#KAFKA_STORAGECLASS=onprem-storage
#ESLOG_MASTER_STORAGE_CLASS=onprem-storage
#ESLOG_DATA_STORAGE_CLASS=onprem-storage
#AIOPS_STORAGE_CLASS=onprem-storage

PG_STORAGE_CLASS=
VMSTORAGE_STORAGE_CLASS=
VMAGGSTORAGE_STORAGE_CLASS=
ES_MASTER_STORAGE_CLASS=
ES_DATA_STORAGE_CLASS=
MINIO_STORAGE_CLASS=
EFS_STORAGE_CLASS=
REDIS_HA_GLOBAL_STORAGECLASS=
KAFKA_STORAGECLASS=
ESLOG_MASTER_STORAGE_CLASS=
ESLOG_DATA_STORAGE_CLASS=
AIOPS_STORAGE_CLASS=

#Optimize storage details
#OPT_STORAGE_CLASS=onprem-storage
OPT_STORAGE_CLASS=

#CUSTOM_CA_SIGNED_CERT_IN_USE=true/false
#if you are using self-signed/custom CA signed certificate please set it to true, 
#also ensure you have copied custom CA certificate file at commons/certs directory with file name custom_cacert.pem i.e. commons/certs/custom_cacert.pem
CUSTOM_CA_SIGNED_CERT_IN_USE=false

# If there are no permissions to create ServiceAccount, Role, RoleBinding then, create a serviceaccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing default value of helix_onprem_sa.
# Ensure to create a role and rolebinding from file commons/yaml_files/role_rolebinding.yaml and a serviceAccount from file commons/yaml_files/serviceAccount.yaml. 
# If there are permissions to create ServiceAccount, Role, RoleBinding then do not change CUSTOM_SERVICEACCOUNT_NAME from value helix-onprem-sa.
CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-sa

# If you want to use custom JAVA keystore for "RSSO SAML keystore configuration", then you must set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true
# and put the custom java keystore file at commons/certs directory with file name rsso_custom_java_keystore 
# i.e. commons/certs/rsso_custom_java_keystore
# The file commons/certs/rsso_custom_java_keystore will be mounted inside RSSO container at location /etc/rsso_custom_java_keystore
# SAML Keystore - this is the Keystore used for reading SAML-specific certificates/keys. So, it's an application-level Keystore, used directly by the app.
# While JVM Keystore contains certificates for HTTPS connections, the SAML Keystore is used for storing signing and encryption certificates for communication with SAML v2 IdP.
RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE=false  

# Smart Graph
#SMART_SYSTEM_USERNAME=system
SMART_SYSTEM_USERNAME=""

# Ingress class used while deploying Ingress controller
INGRESS_CLASS=nginx

#Binary paths on your system
#HELM_BIN=/usr/local/bin/helm
#KUBECTL_BIN=/usr/bin/kubectl
HELM_BIN=
KUBECTL_BIN=
#OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp
#OC_BIN=/usr/local/sbin/oc
OC_BIN=

# Infra components will run with below Security Context. 
# Below 3 variables are considered only for OpenShift cluster 
# i.e. if CLUSTER_TYPE is openshift or ocp
# Set correct context as per the OpenShift namespace.
# Else RUN_AS_USER, RUN_AS_GROUP and FS_GROUP must be null.
RUN_AS_USER=null
RUN_AS_GROUP=null
FS_GROUP=null

# Optimize Security Context:
# OPT_FSGROUP must have value 87654321 if CLUSTER_TYPE is openshift or ocp and INSTALL_MODE is upgrade and fresh deployment was performed with 22.2.01 version
# Else OPT_FSGROUP must have value 1001
OPT_FSGROUP=1001

# If CLUSTER_TYPE is openshift or ocp  and INSTALL_MODE is fresh then ML_FSGROUP must be same as FS_GROUP mentioned above, else ML_FSGROUP must have value 998
ML_FSGROUP=998

################################### DO NOT CHANGE ANYTHING BELOW THIS LINE ##########################################

#Patroni Postgres config
PG_HOSTNAME=postgres-bmc-pg-ha-pool
PG_USER=postgres
PG_DATABASE=postgres


#Redis HA config
REDIS_HA_HOSTNAME=redis-redis-ha-haproxy

#Kafka & Zookeeper config
KAFKA_HOSTNAME=kafka
ZOOKEEPER_HOSTNAME=kafka-zookeeper

#RSSO Config
RSSO_PG_DB=ade_rsso

#Elasticsearch config
ES_EVENTS_HOSTNAME=elasticsearch-events-opendistro-es-data-svc
ES_LOGS_HOSTNAME=elasticsearch-logs-opendistro-es-data-svc

#MinIO config
MINIO_HOSTNAME=minio

# Misc
IMAGE_REGISTRY_SECRET=bmc-dtrhub
TENANT_PHONE=1234567890
LOGIN_ID=hannah_admin

#Common config begin
#Size of deployment, values are compact, small, medium, large, itsmcompact, and itsmsmall
DEPLOYMENT_SIZE=small
 
#Docker registry project details
IMAGE_REGISTRY_PROJECT=bmc
IMAGE_REGISTRY_ORG=lp0lz
CORE_IMAGE_REGISTRY_ORG=lp0lz
IA_IMAGE_REGISTRY_ORG=lp0oz
OPTIMIZE_IMAGE_REGISTRY_ORG=lp0pz
BHOM_IMAGE_REGISTRY_ORG=lp0mz
AIOPS_IMAGE_REGISTRY_ORG=la0cz
 
#Common config end
 
#Install mode as fresh or upgrade
INSTALL_MODE=fresh
 
#Flag controlling infra services installation
INFRA=yes
 
#Flag controlling individual infra services installation
_PTPOSTGRESS=yes
_KAFKA=yes
_REDIS=yes
_RSSO=yes
_VICTORIAMETRICS=yes
_ELASTICSEARCH=yes
_MINIO=yes
 
# Do not make changes to service flags it will break dependency
#Flag controlling helix dashboard services installation
HELIX_DASHBOARD_SERVICES=yes
 
#Flag controlling itsminsight services installation
ITSMINSIGHT_SERVICES=no
 
#Flag controlling aiops services installation
AIOPS_SERVICES=no
 
#Flag controlling monitor product installation
MONITOR=no
 
#Flag controlling intelligentintegrations services installation
INTELLI_INT_SERVICES=no
 
#Flag controlling intelligent automation product installation
INTELLIGENT_AUTOMATION=no
 
#Flag controlling bmc-helix-logging product installation
BMC_HELIX_LOGGING=yes
 
#Flag Controlling optimize installation
OPTIMIZE=no
 
#Flag AR Services installation
ARSERVICES=yes

Where to go from here

Next task

Proceed with Setting up the installation environment

Back to process

If you are finished setting up the installation environment, return to the appropriate installation, update, or upgrade process:




Was this page helpful? Yes No Submitting... Thank you

Comments

  1. henrique m ferreira

    On this, in the section "To configure the Ingress controller", which namespace is that "ingress_nginx_namespace"?

    Per https://docs.bmc.com/docs/brid22106/installing-1218539723.html, we only had two namespaces (e.g. bmc-helix-platform and bmc-helix-inovation-suite-)

    Sep 27, 2023 02:19
    1. henrique m ferreira

      Also, which config map is that?

      Sep 27, 2023 03:06
      1. Poonam Morti

        Hello,

        It is the namespace where the Ingress controller is installed. You need to configure the nginx-configuration configmap.

        For information about the parameter value requirements in the nginx-configuration configmap, see  System requirements Open link .

        Thanks,

        Poonam

        Oct 04, 2023 06:25
  2. José García Cortizo

    In the Task 1 point 6.a indicates "In the helix-on-prem-deployment-manager directory, copy the only_ITSM_configs_22201_003.tar.xz file." It seems that the name of the tar file changes in this version to "itom-predeploy-hotfix-23.2.02.002-10.tar.gz" because you cant find "only_ITSM_configs_22201_003.tar.xz" file in the EPD.

    Regards

    Dec 05, 2023 06:42
    1. Poonam Morti

      Hello,

      Thank you for bringing this to our notice. We have updated the file name in Task 1, step 6 a.

      Thanks, Poonam

      Dec 05, 2023 10:03
  3. henrique m ferreira

    In the "Sample infra.config file", it would be great if it had real values, to make easy to figure out the values for each field. Right now it has the same file that is deployed when we execute the helix-on-prem-deployment-manager-23.2.02.sh, that doesn't help much.

    Dec 14, 2023 04:36
    1. Poonam Morti

      Hello,

      The parameter values in the infra.config file are specific to your environment. To specify the values, you can refer to the parameter description and examples in the Task3: To install BMC Helix Platform Common Services section.

      Thanks,

      Poonam

      Dec 26, 2023 03:48
  4. Allen Morgan

    In this description it states that the password must be 7 characters but the sample password above "test@1234" has more then 7 characters.

    1) Should the password for ES_JKS_PASSWORD be exactly 7 characters If we are using a custom CA certificate? 2) And is this the password for the java store or the admin password for ElasticSearch ?

    Important:

    If you are using a custom CA certificate, specify the password, else specify the value as ES_JKS_PASSWORD="" This password must have seven characters.

    Jan 20, 2024 11:42
    1. Poonam Morti

      Hi Allen,

      The ES_JKS_PASSWORD password must have minimum seven characters. We have updated the parameter description.

      Thanks,

      Poonam

      Jan 31, 2024 03:33