Deploying the on-premises gateway by using Podman containers
To deploy the on-premises gateway by using Podman containers
- Go to the server where you want to deploy the on-premises gateway.
- Copy the following files that you obtained from BMC Support to a temporary directory, for example, /opt/bmc:
- Container images: bmc-hii-docker-images-<buildNumber>.tgz
- Utility file: hii-bmc-<buildNumber>.zip
- Disable SELinux:
- Open the /etc/selinux/config file with a text editor.
Set SELINUX to disabled.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Reboot the server:
/sbin/reboot nowDisable firewalld:
systemctl disable firewalldSet the HOSTNAME variable to the fully-qualified domain name of the server where you are installing the on-premises gateway if not set already, as shown in the following example:
echo "export HOSTNAME=hostA.mycompany.com" >> ~/.bash_profile
source ~/.bash_profileLoad the container images:
podman load --input /opt/bmc/bmc-hii-docker-images-<buildNumber>.tgzNavigate to the /opt/bmc directory and extract the utility file, hii-bmc-<buildNumber>.zip:
unzip hii-bmc-<buildNumber>.zipChange permissions on the /opt/bmc/hii/logs directory to 777:
chmod 777 /opt/bmc/hii/logs- (Required step starting with version 24.1) Configure SSL, see Configuring SSL for BMC Helix Intelligent Integrations.
Create a file with the following contents and name it ade-default-destination-min.json:
[
{
"entityKind": "Destination",
"configWithSchema": {
"config": {
"connection": {
"proxyUsername": "",
"proxyPassword": "",
"accessSecretKey": "CHANGEME",
"allowUnsignedCertificate": false,
"logResponses": false,
"pipeLiningLimit": 1,
"proxyHost": "",
"logRequests": false,
"timeout": {
"unit": "MINUTES",
"value": 15
},
"proxyPort": 8888,
"maxResponseSize": 1000000,
"usesHttps": true,
"accessKey": "CHANGEME",
"port": 443,
"minConnections": 0,
"tenantId": "CHANGEME",
"connectingTimeout": {
"unit": "SECONDS",
"value": 30
},
"host": "CHANGEME - BMC Helix tenant host name - for example: swp-2021-1840-disceks1.abc.com",
"poolTimeout": {
"unit": "MINUTES",
"value": 30
},
"maxOpenRequests": 1024,
"maxConnections": 5,
"maxRedirects": 5,
"usesProxy": false
},
"poolTimeout": {
"unit": "MINUTES",
"value": 30
}
}
},
"instanceName": "BMC",
"tenantId": "CHANGEME - Must match the tenantId specified in the previous occurrence",
"typeName": "BmcDestination",
"id": "CHANGEME - GENERATE NEW UUID using https://www.uuidgenerator.net/version4 e.g. 2643e089-18a8-4b0d-a58a-c022926812e0 MUST BE UNIQUE in a stack",
"moduleId": "bmc"
}
]- Update the values of the following parameters in the file wherever you see the CHANGEME occurrences and save the file:
- proxyUsername: User name for the proxy.
- proxyPassword: Password for the proxy.
- proxyPort: Proxy port number.
- proxyHost: Host name of the proxy.
- usesProxy: Whether proxy should be used for communication. Set its value to true or false depending on whether proxy should be used.
accessKey and accessSecretKey: Access key and secret key required to the access the BMC Helix applications.
For instructions about how to generate the access key and secret key, see Setting up access keys for programmatic access.- tenantId (in two occurrences): Tenant ID.
Copy the tenant ID from the access key (key:<access key>::<secret key>,tenant id: <tenant ID>) that you generated earlier. - host: BMC Helix tenant host name.
For example, if the tenant URL is https://swp-2021-1840-disceks1.abc.com, enter swp-2021-1840-disceks1.abc.com. - id: Universally unique identifier (UUID).
Access https://www.uuidgenerator.net/version4 to generate UUID.
Access the BMC Helix Intelligent Integrations UI by using the following URL :
https://<hostName>:7443/swpui- Import the ade-default-destination-min.json file by using the Backup/Restore option to create the destination.
For more information, see Backing-up-and-restoring-connector-configurations. - Edit the destination connection details:
- On the CONNECTORS tab, click Configure Mediator
on the DESTINATIONS panel. - Replace the existing values in the Access Key and Access Secret Key fields with the values that you have copied in the ade-default-destination-min.json file in step 11.
- Click Validate to validate the connection.
- Click Save & Close.
- On the CONNECTORS tab, click Configure Mediator
Configuring SSL for BMC Helix Intelligent Integrations
- Perform one of the following actions to obtain the certificate and private keys:
Generate a self-signed certificate by using the following command:
openssl req -x509 -sha256 -days 397 -nodes -newkey rsa:2048 -subj "/CN=<commonName>/C=<countryName>/L=<locality>" -keyout <hostName>.key -out <hostName>.crtIn the command, replace <hostName> with the fully qualified domain name of the server where you are installing the on-premises gateway.
- Obtain a CA-signed certificate and private keys from the Certificate Authority.
- Create the certs directory in the /opt/bmc/hii/conf directory if it does not exist.
- Copy the certificate and private key you obtained to the /opt/bmc/hii/conf/certs directory, and ensure that the names of the certificate and private key files are in the following format:
<hostName>.crt and <hostName>.key
<hostName> is the fully-qualified domain name of the server where you are installing the on-premises gateway. - Open the hii/conf/nginx.conf file with a text editor.
In the following SSL configuration, replace <hostname> with the fully qualified domain name of the server where you are installing the on-premises gateway:
ssl_certificate /etc/nginx/certs/<hostName>.crt; #certificate path
ssl_certificate_key /etc/nginx/certs/<hostName>.key; #certificate keyComment the following line:
listen 443 sslUncomment the following line:
# listen 7443 ssl- Save and close the file.
Restart the podman-compose service.
podman-compose -f podman-compose.yaml down
podman-compose -f podman-compose.yaml up -d
Troubleshooting SSL issues
Problem | Possible root cause | Possible resolution |
|---|---|---|
Containers restart due to the permission-denied errors. | Containers don't have permission to read the mounted directory. |
|
You are not able to access the URL with the host name. | Firewall is blocking the connection. | Disable the firewall. |
The swp-nginx container is not starting. | The nginx.conf file contains an invalid configuration. | Check the swp-nginx container logs. Sometimes, missing semi-colon(;) at the end of the line causes an issue. |
Where to go from here
After you deploy the on-premises gateway, perform the following tasks:
If you want to ensure high availability of the on-premises gateway instances in case of any failure, see Configuring-the-on-premises-gateway-for-high-availability.
- Configure connections with the required third-party products to collect data:
- Amazon Managed Services for Prometheus (Alerts)
- Amazon Managed Services for Prometheus (Metrics)
- Apache Kafka
- AppDynamics
- Aternity
- AWS CloudWatch
- Azure Monitor
- BMC Helix CMDB
- Catchpoint
- CA APM
- CA UIM
- Datadog
- Dynatrace (via API)
- Dynatrace (via webhook)
- Entuity
- Google Analytics (Metrics)
- Icinga
- IBM Netcool
- Micro Focus NNMi (Events and Topology)
- Micro Focus NNMi (Metrics)
- Microsoft SCOM
- Nagios Core
- Nagios XI
- New Relic
- Prometheus (Alerts)
- Prometheus (Metrics)
- SAP HANA
- ServiceNow
- SolarWinds NPM
- Splunk Enterprise
- VMware Tanzu Application Service for VMs Cloud Foundry
- VMware vROPS
- Zabbix