Deploying the on-premises gateway by using Podman containers

Use the Podman container images to deploy the BMC Helix Intelligent Integrations on-premises gateway in your on-premises environment.

Before you begin

Before you deploy the BMC Helix Intelligent Integrations on-premises gateway, review the system requirements and download the container images and utility files.

To deploy the on-premises gateway by using Podman containers

Go to the server where you want to deploy the on-premises gateway.
Copy the following files that you received from BMC Support to the /opt/bmc directory:
- Container images: bmc-hii-docker-images-<buildNumber>.tgz
- Utility file: hii-bmc-<buildNumber>.zip
Disable SELinux:
1. Open the /etc/selinux/config file with a text editor.
2. Set SELINUX to disabled.
  # This file controls the state of SELinux on the system.
  # SELINUX= can take one of these three values:
  #       enforcing - SELinux security policy is enforced.
  #       permissive - SELinux prints warnings instead of enforcing.
  #       disabled - No SELinux policy is loaded.
  SELINUX=disabled
  # SELINUXTYPE= can take one of these two values:
  #       targeted - Targeted processes are protected,
  #       mls - Multi Level Security protection.
  SELINUXTYPE=targeted
Reboot the server:
/sbin/reboot now
Disable firewalld:
systemctl disable firewalld
Set the HOST_NAME variable to the fully-qualified domain name of the server if not set already, as shown in the following example:
echo "export HOSTNAME=hostA.mycompany.com" >> ~/.bash_profile
source ~/.bash_profile
Load the container images:
podman load --input /opt/bmc/bmc-hii-docker-images-<buildNumber>.tgz
Extract hii-bmc-<buildNumber>.zip to the /opt/bmc directory.
tar -xvf <path to hii-bmc-<buildNumber>.zip> -C /opt/bmc
Change permissions on the /opt/bmc/hii/logs directory to 777:
chmod +x /opt/bmc/hii/logs
Navigate to the /opt/bmc/hii directory and start the podman-compose service:
podman-compose -f podman-compose.yaml up -d
Create a file with the following contents and name it ade-default-destination-min.json:
[
  {
    "entityKind": "Destination",
    "configWithSchema": {
      "config": {
        "connection": {
  "proxyUsername": "",
          "proxyPassword": "",
          "accessSecretKey": "CHANGEME",
          "allowUnsignedCertificate": false,
          "logResponses": false,
          "pipeLiningLimit": 1,
          "proxyHost": "",
          "logRequests": false,
          "timeout": {
            "unit": "MINUTES",
            "value": 15
          },
          "proxyPort": 8888,
          "maxResponseSize": 1000000,
          "usesHttps": true,
          "accessKey": "CHANGEME",
          "port": 443,
          "minConnections": 0,
          "tenantId": "CHANGEME",
          "connectingTimeout": {
            "unit": "SECONDS",
            "value": 30
          },
          "host": "CHANGEME - BMC Helix host - ex.swp-2021-1840-disceks1.abc.com",
          "poolTimeout": {
            "unit": "MINUTES",
            "value": 30
          },
          "maxOpenRequests": 1024,
          "maxConnections": 5,
          "maxRedirects": 5,
          "usesProxy": false
        },
        "poolTimeout": {
          "unit": "MINUTES",
          "value": 30
        }
      }
    },
    "instanceName": "BMC",
    "tenantId": "CHANGEME - Must match the tenantId specified in the previous occurrence",
    "typeName": "BmcDestination",
    "id": "CHANGEME - GENERATE NEW UUID using https://www.uuidgenerator.net/version4 e.g. 2643e089-18a8-4b0d-a58a-c022926812e0 MUST BE UNIQUE in a stack",
    "moduleId": "bmc"
  }
]
Update the values of the following parameters in the file wherever you see the CHANGEME occurrences and save the file:
- proxyUsername: User name for the proxy.
- proxyPassword: Password for the proxy.
- proxyPort: Proxy port number.
- proxyHost: Host name of the proxy.
- usesProxy: Whether proxy should be used for communication. Set its value to true or false depending on whether proxy should be used.
- accessKey and accessSecretKey: Access key and secret key required to the access the BMC Helix applications.
- Host: Host name of the BMC Helix aplication.
  For instructions about how to generate the access key and secret key, see Setting up access keys for programmatic access.
  Important
  The keys are generated in the following format: key:<access key>::<secret key>,tenant id: <tenant ID>. Enter <access key> and <secret key> as the values of the accessKey and accessSecretKey parameters.
  The access key and secret key must have the Administrators group and the Administrator role assigned.
- tenantId (in two occurrences): Tenant ID.
  Copy the tenant ID from the access key (key:<access key>::<secret key>,tenant id: <tenant ID>) that you generated earlier.
- id: Universally unique identifier (UUID).
  Access https://www.uuidgenerator.net/version4 to generate UUID.
Access the BMC Helix Intelligent Integrations UI by using the following URL:
http://<hostName>:7457/swpui
Important
BMC Helix Portal does not display any tile for the BMC Helix Intelligent Integrations on-premises gateway. Access the UI by using the URL specified in this step.
(Optional) Enable SSL, see Enabling SSL for BMC Helix Intelligent Integrations.
Import the ade-default-destination-min.json file by using the Backup/Restore option to create the destination.
For more information, see Backing-up-and-restoring-connector-configurations.

Enabling SSL for BMC Helix Intelligent Integrations

Obtain the self-signed certificate from your organization or CA-signed certificate and private keys from Certificate Authority.
Create the hii/conf/certs directory if it does not exist.
Copy the files <hostName>.<domainName>.crt and <hostName>.<domainName>.key to the hii/conf/certs directory.
Open the /opt/bmc/hii/podman-compose.yaml file with a text editor.
Add the following line in the volumes section under the nginx section:
       - ./conf/certs:/etc/nginx/certs:ro #<-- mounted certificates
The modified file looks like the following:

Click here to see the modified file.

version: '3'
services:
  nginx:
    image: nginx:latest
    init: true
    restart: always
    container_name: swp-nginx
    ports:
      - 7457:8080
      - 7443:7443
    depends_on:
      - backup
      - mediator
      - ui
    volumes:
      - ./conf/nginx.conf:/etc/nginx/nginx.conf
      - ./conf/certs:/etc/nginx/certs:ro #<-- mounted certificates.
    #      - /etc/letsencrypt/:/etc/letsencrypt/
    logging:
      driver: journald
      options:
        tag: swp.nginx

Important
You need to map the internal ports (443 and 8080) of the nginx container to the ports (7443 and 7457) of the host computer to access the BMC Helix Intelligent Integrations URLs, for example, http://<hostName>:7457/swpui and https://<hostName>:7443/swpui, outside the Docker container.
Update the VIRTUAL_HOST parameter:
1. Navigate to the ui: section.
2. Replace host.youcompany.com with the fully-qualified domain name of the computer where BMC Helix Intelligent Integrations is installed, as shown in the following example:
  VIRTUAL_HOST: localhost ,hostA.mycompany.com
Save and close the file.
In the hii/conf/nginx.conf file, do the following changes:
1. Add the following SSL configuration:
  ssl_certificate /etc/nginx/certs/hostA.mycompany.com.crt; #certificate path
  ssl_certificate_key /etc/nginx/certs/hostA.mycompany.com.key; #certificate key
2. Uncomment the last line:
  # listen 7443 ssl;
  The modified hii/conf/nginx.conf file looks like the following:
  
  Click here to see the modified file.
  
  http {
    server {
      server_name localhost;
      ssl_certificate /etc/nginx/certs/hostA.mycompany.com.crt; #certificate path
      ssl_certificate_key /etc/nginx/certs/hostA.mycompany.com.key; #certificate key
      gzip on;
      gzip_disable "msie6";
      gzip_vary on;
      gzip_proxied any;
      gzip_comp_level 6;
      gzip_buffers 16 8k;
      gzip_http_version 1.1;
      gzip_min_length 0;
      gzip_types text/plain application/javascript text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype;
  
      location /swpui/api/backup {
        rewrite /swpui/(.*) /$1 break;
        proxy_pass http://swp-backup:9000;
      }
  
      location /swpui/api/mediator {
        rewrite /swpui/(.*) /$1 break;
        proxy_pass http://swp-mediator:9000;
      }
  
      location /swpui/api/system {
        rewrite /swpui/(.*) /$1 break;
        proxy_pass http://swp-mediator:9000;
      }
  
      location /hii/api/mediator/v3/push {
        proxy_pass http://swp-mediator:9000;
      }
  
      location /swpui {
        proxy_pass http://swp-ui:7457/swpui;
      }
  
      location / {
        proxy_pass http://swp-ui:7457/swpui;
      }
  
      listen 8080;
      listen 7443 ssl;
    }
  }
Save and close the file.
Restart the podman-compose service.
podman-compose -f podman-compose.yaml down
podman-compose -f podman-compose.yaml up -d
Access the BMC Helix Intelligent IntegrationsUI by using the following URL:
https://<hostName>:7443/swpui

Troubleshooting SSL issues

Problem	Possible root cause	Possible resolution
Containers restart due to the permission-denied errors.	Containers don't have permission to read the mounted directory.	Grant read permission to the mounted directory on the host. Disable SELinux.
You are not able to access the URL with the host name.	Firewall is blocking the connection.	Disable the firewall.
The swp-nginx container is not starting.	The nginx.conf file contains an invalid configuration.	Check the swp-nginx container logs. Sometimes, missing semi-colon(;) at the end of the line causes an issue.

After you deploy the gateway, configure connections with the required third-party products to collect data:

Amazon Managed Services for Prometheus (Alerts)
Amazon Managed Services for Prometheus (Metrics)
Apache Kafka
AppDynamics
Aternity
AWS CloudWatch
Azure Monitor
BMC Helix CMDB
Catchpoint
CA APM
CA UIM
Datadog
Dynatrace (via API)
Dynatrace (via webhook)
Entuity
IBM Netcool
Micro Focus NNMi (Events and Topology)
Micro Focus NNMi (Metrics)
Microsoft SCOM
Nagios Core
Nagios XI
New Relic
Prometheus (Alerts)
Prometheus (Metrics)
SAP HANA
ServiceNow
SolarWinds NPM
Splunk Enterprise
VMware Tanzu Application Service for VMs Cloud Foundry
VMware vROPS
Zabbix