Installing the core

To complete the installation of the BMC Helix Edge core, you must perform the following steps:

BMC Helix Edge Core Installation Process.png

Task 1: Set up the BMC Helix Edge Kubernetes

This procedure ensures that the deployment process uses accurate and up-to-date configuration information, minimizing the risk of errors and ensuring a smooth deployment. Begin the foundation of the BMC Helix Edge by setting up the Kubernetes environment.

  1. Copy and extract hedge-core.tgz on the core installer host. 
  2. In the env file, edit to set the environment overrides appropriately for your setup.
  3. Before starting deployment, make sure the following files are updated with correct details:
    • Ensure the env file contains the correct and up-to-date environment variables specific to the target deployment environment.
    • Confirm the accuracy of the image registry details in the _hedge_secrets_inp.yaml<BMC Hedge Core Install Directory> file.
    • Check RSSO Client Configuration:env config file.
      • Review and verify the rsso_external.conf file located at <BMC-Hedge-Core-Install-Directory>/helm/hedge/hedge_auth_proxy/files/.
      • Confirm that the RSSO Client Key and Secret are correctly configured within this file.

Once all the above files have been verified and updated with the correct information, proceed with the deployment process.

#!/bin/bash
##############################################################################
# (c) Copyright 2020-2025 BMC Software, Inc.                                 #
#                                                                            #
# Contributors: BMC Software, Inc. - BMC Helix Edge                          #
#                                                                            #
# BMC Helix Edge Kubernetes CORE configurations                              #
#     This will be used as input to deploy.sh during deployment              #
##############################################################################

export INSTALL_DIRECTORY=$(dirname "$(realpath "$0")")

#######################################################################
## SET CONFIGURATION PARAMETERS FOR HELIX EDGE KUBERNETES DEPLOYMENT ##
#######################################################################

# Registered domain name prefixed with '.' - eg: ".mydomain.com"
export K8S_DOMAIN_NAME=.<Domain-Name>
# (Optional) Use an alternate NATS server domain. Else K8S_DOMAIN_NAME (above) will be used
export NATS_SERVER_NAME="*"${K8S_DOMAIN_NAME}

# path to kubeconfig file for your k8s cluster
export KUBECONFIG=<Location of Kubeconfig File>

# K8s Storage Class for persistent storage. Make sure this sc exists for your cluster. BMC Helix Edge IoT Supports NFS & CephFS type of storage backend.
export NFSSTORAGECLASS="<Storage-Class-Name>"

# Docker Container Registry
export REGISTRY_HOST=<Container Registry Host & Path>
# Path to secrets file with connection details for docker registry. Eg. container.bmc.com
# Make sure to update relevant section in the SECRETS_FILE with access details
export SECRETS_FILE=$INSTALL_DIRECTORY/_hedge_secrets_inp.yaml
# Reference section in SECRETS_FILE (above) to use
export PULL_SECRET=bmcregcreds

# ADE connection details
export ADE_TENANT_URL=<ADE Tenant URL>
export ADE_ACCESS_KEY=<ADE Access Key>
export ADE_ACCESS_SECRET_KEY=<ADE Access Secret Key>
export ADE_TENANT_APIKEY="<ADE Tenant APIKEY>"
export ADE_TENANT_ID=<ADE Tenant ID>
export HELIX_MONITOR_URL=${ADE_TENANT_URL}/monitor/#/monitoring/events
# (Optional) Set "true" only if ADE uses Custom CA signed certificate. If so, copy the custom certificate
#           to <INSTALL_DIR>/commons/certs with name "custom_cacert.pem"
export IS_ADE_CUSTOM_CERT=false

# Make sure this Helix Edge user exists in ADE
export HEDGE_ADE_USERNAME=<ADE User Name>
export HEDGE_ADE_USER_EMAIL=<ADE User Email ID>

# Helix product details
export DIGITAL_WORKPLACE_URL=TODO_enter_your_BMC_Helix_Digital_Workplace_URL
export TICKET_CONSOLE_URL=TODO_enter_your_BMC_Helix_Ticket_Console_URL

# Quality of Service for MQTT and other global parameters to be used across services
export MQTT_QOS=0
export MQTT_RETAIN=false
export METRICREPORTINTERVAL=1800

# (Optional) Helix DWP (Digital Workplace) credentials
export DWP_LOGIN_USERNAME=TODO_enter_requester_user_on_whose_behalf_req_will_be_created
export DWP_LOGIN_PASSWORD=TODO_Enter_password_let_it_be_requester_user_only

# Set to true if deploying on Cloud hosted k8s, false if using a self-managed k8s
export IS_CLOUD_DEPLOYMENT=false

# Set to true if using LoadBalancers on self-managed k8s Cluster. Before setting this property as true please make sure external LB like MetalLB is configured with proper static IPs.
export IS_LOADBALANCER=false

# Valid values for PROFILE: all,demo,virtual,es,vm,grafana,biz
#               (one or more, comma separated. OR leave empty)
export PROFILE=virtual

## Reference PROFILE value(s) for the optional services:
#      [Service Name]             [Profile name(s)]
#    "device-virtual"         - all, demo or virtual
#    "hedge-elasticsearch"    - all, demo or es
#    "hedge-victoria-metrics" - all, demo or vm
#    "hedge-grafana"          - all, demo or grafana
#    "export-biz-data"        - all or biz
#######################################################################

Variable Name

Description

Default Value

Sample Value

K8S_DOMAIN_NAME

Domain name for Kubernetes

NA

KUBECONFIG

Location of Kubeconfig file in installer host.

NA

$INSTALL_DIRECTORY/config

NFSSTORAGECLASS

Storage name class pre-configured in the Kubernetes cluster. BMC Helix Edge-Core supports the following types of storage backends:

  • NFS
  • CephFS

nfs-client

nfs-client

REGISTRY_HOST

Image registry host

containers.bmc.com/bmc

containers.bmc.com/bmc

ADE_TENANT_URL

ADE tenant URL

NA

https://hedge-solqaoci1-qa.qa.sps.secops.bmc.com

ADE_ACCESS_KEY

ADE access key value

NA

UC4FQIH2SJX5B6E0WEZ9TXH7UTDFDO

ADE_ACCESS_SECRET_KEY

ADE Access Secret Key

NA

Op6ni4oicWEZJ1JIYZWpdFbCJGQHS8iJtX9lI3qAjH7x8ufOKR

ADE_TENANT_APIKEY

ADE Tenant API Key

NA

apiKey 1234567890::0DXPADB31EKQG5X3S2PSAFRGPZVNCFS::MxqHrB54bHNqCOIw0cmpkGuaWyTGZmmycXQKmvkvbX8Fp36q8k

ADE_TENANT_ID

ADE tenant ID

NA

1234567890

IS_ADE_CUSTOM_CERT

NA

False

false

HEDGE_ADE_USERNAME

ADE username, make sure this user is already created in ADE with proper permissions.

adeadmin

hedgeadmin

HEDGE_ADE_USER_EMAIL

ADE user's e-mail address.

adeadmin@bmc.com


Task 2: Deploy a fresh BMC Helix Edge Kubernetes instance

Run the deployment of a new BMC Helix Edge Kubernetes instance to make sure a clean and functional installation. 

  1. To deploy default helix edge core services, perform the following steps:

    1. Run the following command to check the available utility in deploy.sh:

      Usage: ./deploy.sh <namespace> [-node] [-token] [-updatesecrets] [-steps] [-step <num>] [-services] [-service <name>] [-restart] [-delete] [-stag/-dev/-prod] [-help]   
               <namespace>    (mandatory)  namespace/tenant name where BMC Helix Edge CORE will be deployed    
                -node          (optional)  flag to get the CORE server info. This info is to be used during Hedge NODE setup    
                -token         (optional)  flag to fetch consul token    
                -updatesecrets (optional)  gives prompt to update the secrets    
                -steps         (optional)  lists a summary of all steps to be performed during deployment    
                -step <num>    (optional)  resumes deployment from a given step number (between 1-7). Run with -steps to get the list of steps    
                -services      (optional)  lists all services to be deployed or re-deployed    
                -service <name>(optional)  deploys a specific service with name <name>    
                -restart       (optional)  restarts the complete Hedge stack for the given namespace    
                -delete        (optional)  deletes and cleans up the deployed namespace    
                -prod/stag/dev (optional)  deployment mode is production, staging or development (respective env, env-STAG, or env-DEV file used as input)    
                -help          (optional)  this usage message

    2. Run the following command to run a fresh Hedge Kubernetes deployment for the specified [namespace]:

      cd <BMC Hedge Core Install Directory>/
      ./deploy.sh [namespace]

      The system creates the required secrets, configmaps, persistent volumes (PVs), persistent volume claims (PVCs), deployments, jobs, and services.

    3. After the deploy.sh script finishes successfully, the system shows the following confirmation message during the NODE setup.
      REMOTE_HEDGE_CORE_SERVER_IP and REMOTE_HEDGE_CORE_SERVER_NAME

      Hedgehedge-coredeployed SUCCESSFULLY.. please wait for all pods to stabilize.
      Setup your HEDGE NODES with these .env parameters:
          REMOTE_HEDGE_CORE_SERVER_NAME=matrix
          REMOTE_HEDGE_CORE_DOMAIN_NAME=.dsmlab.bmc.com
          REMOTE_HEDGE_CORE_SERVER_IP=172.20.177.19

      This deployment script creates several components in the following sequence:

  2. Optionally, you can install a few optional services while setting up the Helix Edge core on Kubernetes. Depending upon your specific deployment needs, you can set the PROFILE parameter in the env file. The following is a reference mapping of the various profile values you can set and the optional services that the system installs:

          [Service Name]             [Profile name(s)]
       "device-virtual"         - all, demo or virtual
       "hedge-elasticsearch"    - all, demo or es
       "hedge-victoria-metrics" - all, demo or vm
       "hedge-grafana"          - all, demo or grafana
       "export-biz-data"        - all or biz

    For example, setting PROFILE=virtual also installs the device-virtual service, and setting PROFILE=demo also installs the device-virtual, elastic search, victoria-metrics, and Grafana services. 

Task 3: To register new tenant endpoint with DNS and F5

Contact the server and network administrator to initiate DNS registration and configure load balancer settings.

 Task 4: Validate the BMC Helix Edge deployment

  1. Access the Kubernetes cluster by using kubectl.
  2. To verify the status of Kubernetes objects created during installation, run the following kubectl commands:

    1. To check PV:

      kubectl get pv

    2. To check PVC:

      kubectl -n [namespace] get pvc
    3. Verify the above command returns 32 PVCs in a bound state.

    4. To check secrets:

      kubectl -n [namespace] get pvc

    5. To check configmaps:

      kubectl -n [namespace] get configmap
    6. Verify the above command returns a list of the following config maps:
      auth-proxy-startupconsul-acl-variablesdot-envhedge-common-variableskube-root-ca.crt      secretstore-variables

    7. To check ingress:

      kubectl -n [namespace] get ingress
    8. Verify the above command returns the following get ingress:
      mapsedgex-core-consul-ingress 
      hedge-auth-proxy-ingress

    9. To check service:

      kubectl -n [namespace] get service

    10. To check deployments:

      kubectl -n [namespace] get deployments

    11. To check the job:

      kubectl -n [namespace] get job
    12. Verify the above command returns two jobs:
      hedge-init 
      hedge-secret-bootstrapper

    13. To check pods:

      kubectl -n [namespace] get pod
  3. Make sure that all deployments and pods are running.

Task 5: To access the UI

  1. Log in with the BMC Helix Single Sign-On username and password.
  2. To access the Consul UI, navigate to https://<namespace>.<domain.com>/hedge/consul.
  3. For example, https://hedge.dsmlab.bmc.com/hedge/consul.

Task 6: Configure the BMC Helix Edge node with the BMC Helix Edge core

Set up a dedicated BMC Helix Edge node to work with the BMC Helix Edge core, ensuring that BMC Helix Edge operates in the environment. Use the following steps to set up a BMC Helix Edge node using Docker Compose after ensuring that the BMC Helix Edge core environment has stabilized and all pods are running.

  1. Configure the BMC Helix Edge node environment by setting the parameters in the .env file as instructed in the README file.

  2. After completing these steps, make sure that the parameters are set in .env as directed following, later:
    REMOTE_HEDGE_CORE_SERVER_NAME REMOTE_HEDGE_CORE_DOMAIN_NAME REMOTE_HEDGE_CORE_SERVER_IPBMC Helix Edge node deployment on the edge core must be ready and operational.
    Alternatively, you can re-run the deploy.sh command with the -node parameter to fetch the information again:
    {{code language="none"}}
    ./deploy.sh <namespace> -node

    {{/code}}

    Folder structure

    This folder structure organizes all the necessary resources and configurations for deploying and managing BMC Helix Edge nodes in a Kubernetes environment, including Helm charts for application deployment, Ansible scripts for automation, and kubeconfig files for cluster access.

    Director location

     Description

    hedge-core

    This is the main directory for the BMC Helix Edge node deployment. It is the root directory for organizing various scripts and configurations related to deploying and managing BMC Helix Edge nodes within a Kubernetes environment.

    hedge-core/helm

    This subdirectory contains all Helm charts. Helm is a package manager for Kubernetes that simplifies application deployment and management. In this folder, you find Helm charts specific to the BMC Helix Edge node deployment, which defines the configuration and deployment instructions for the different components of the Edge node infrastructure.

    hedge-core/ansible/

    All Ansible scripts remotely deploy BMC Helix Edge nodes within a Kubernetes environment. Ansible is an automation tool for configuration management, application deployment, and task automation. These scripts automate various deployment tasks, such as provisioning infrastructure, configuring nodes, and deploying applications.

    hedge-core/kubeconfigs/

    This directory contains the kubeconfig files required for accessing and interacting with the Kubernetes cluster where the BMC Helix Edge nodes are deployed. The kubeconfig files include information such as the cluster endpoint, authentication credentials, and other configuration settings necessary for connecting to and managing the Kubernetes cluster.


 Troubleshooting BMC Helix Edge node deployment issues

To resolve the BMC Helix Edge node deployment or a running deployment/Kubernetes Pod, you can use the Rancher interface to access logs, run shell commands, and edit configurations. Use the following sections if you encounter issues with the BMC Helix Edge deployment:

To resolve the BMC Helix Edge deployment

Log in to the BMC Helix Edge core installer host and make sure all validation steps described in the Validating deployment section meet the criteria. 

To resolve the running deployments/pods

  1. Log in to the BMC Helix Edge-Core Installer Host or any other host with kubectl binary installed and configured to interact with the Kubernetes cluster where BMC Helix Edge-Core is deployed.

  2. Check the Kubernetes Pod logs by running the following command:

    > kubectl -n   namespacename logs pod-name
  3. Inspect the logs that the Kubernetes Pod produces.

To edit deployment configuration

  1. Log in to the BMC Helix Edge-Core installer host.

  2. Verify the deployment status by running the following command:

    kubectl -n [namespace] get deploy

  3. (Optional) Modify the deployment by using the following command:

    kubectl -n [namespace] edit deploy deploymentname
  4. Adjust the values as necessary.

To deploy selective services

  1. Modify the vars_common.yaml and vars_core.yaml files located under the Ansible folder.
  2. Comment out all services listed under the services section, leaving only the Edge or Edge services for deployment.
  3. Run ./deploy.sh from the Kubernetes directory to deploy the selected services.

Where to go from here

Deploying-the-BMC-Helix-Edge-on-node

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*