Installing zAdviser Enterprise On-Prem as a single node on on-premise Linux Ubuntu

1. Download the file BMC-AMI-ZADVISER-X86.zip from BMC Electronic Product Distribution (EPD) and extract the files. 

2. Create a folder for all your zAdviser resources. Give the Read and Write access by running:
   chmod 777 -R <path to the folder created>

   Information

   Example

   To store all your data in folder/home/bmc/zAdviser, run the following command:

       chmod 777 -R /home/bmc/zAdviser

   To store all your data in folder/home/bmc/zAdviser, run the following command:

       chmod 777 -R /home/bmc/zAdviser

    

3. Download and install the Secure Copy Protocol (SCP) client by using WinSCP for a Windows or Cyberduck for a MacOS. You can find them online.

   Warning

   Important

   You might already have the tools to move files between local machines and remote servers.

4. Connect your SCP application to the Virtual Machine (VM) by using the following host and port:
   • Hostname: VM’s public IP  
   • Port number: 22
5. Enter the user name and password for the Linux server.
6. Move the downloaded files zAdviserDeployment-Ubuntu-Prod.yml and compose.yml from the left column (your local machine) to the right column (the VM).

Task 2: To install Python on the VM

1. Connect to the Linux VM by using SSH.
2. Log in to the VM.
3. To check the python installation, run the python command.
   1. If the following response is displayed, skip the remaining steps of this task.
      
   2. To exit the Python shell, enter the exit() command.

4. Run the following commands in sequence:
   sudo apt update

   sudo apt install python
5. Run the python --version command to verify the Python installation.
   

Task 3: To Install Ansible on VM

1. To check the Ansible installation, run the ansible -–version command.

2. If the following response is displayed, skip the remaining steps in this task.

   

3. To install Ansible on the VM, run the following commands:

   sudo apt-add-repository ppa:ansible/ansible
   sudo apt update
   sudo apt install ansible
4. To verify Ansible installation, run the ansible -–version command .
   

Task 4: To Install BMC AMI zAdviser Enterprise On-Prem services on VM by using the Ansible playbook

1. Connect to the Ubuntu VM with SSH.
2. Log in to the VM.
3. Run the following command:
   ansible-galaxy collection install community.docker
4. To install BMC AMI zAdviser Enterprise On-Prem services:
   1. Authentication without LDAP
      1. Run the following commands in sequence from the folder where you copied all the installation files:
         sysctl -w vm.max_map_count=262144
           ansible-playbook zAdviserDeployment-Ubuntu-Prod.yml -e
         '{"ES_PORT":"9200", "user":"<EDP user>", "pass":"<base64
         encoded EPD token>", "KIBANA_PORT":"5601",
         "ELASTIC_PASSWORD":"<Password for ElasticSearch>",
         "KIBANA_PASSWORD":"<Password for ElasticSearch>",
         "zadviser_config_folder":"<folder path to folder
         created>", "zadviser_app_port":80,
         "zadviser_app_port_https":443}'

      2. The description of each parameter is as follows:

         Parameter	Description
         user	EPD user name
         pass	Download the EPD token and convert to base64 encoded.
         ELASTIC_PASSWORD and KIBANA_PASSWORD	Passwords set initially for accessing Elasticsearch and for future use. Choose your preferred password.
         zAdviser_config_folder	Path to the folder where you keep all the zAdviser data. For more information, see Task 1: To move the downloaded files from EPD to the server by using the SCP tool .

         Warning

         Important

         Make sure that the ports mentioned are free to use. If not, open the port or use free ports.

         The following response is displayed:
         

          If following error message is displayed, log in with your personal Docker Hub credentials and rerun the Ansible command.
         

   2. Authentication with LDAP

      1. Download installation files BMC-AMI-ZADVISER-X86.zip from EPD.
      2. Unzip files and copy LDAP_SECURED folder to server.
      3. Generate SSL certificate for your server and place the localhost.crt and localhost.key files inside LDAP_SECURED/nginx/certs folder before running ansible playbook.

      4. Run the following ansible playbook suitable for operating system:

         sysctl -w vm.max_map_count=262144
         
         ansible-playbook zAdviserDeployment-Ubuntu-Prod.yml -e
         '{"ES_PORT":"9200", "user":"<EDP user>", "pass":"<base64
         encoded EPD token>", "KIBANA_PORT":"5601",
         "ELASTIC_PASSWORD":"<Password for ElasticSearch>",
         "KIBANA_PASSWORD":"<Password for ElasticSearch>",
         "zadviser_config_folder":"<folder path to folder
         created>", "zadviser_app_port":80,
         "zadviser_app_port_https":443}'

      5. The description of each parameter is as follows:

         Parameter	Description
         user	EPD user name
         pass	Download the EPD token and convert to base64 encoded.
         ldap_url	Required. The URL to the LDAP server. Defaults to ldap://localhost.
         ldap_binddn	Required. The DN of a privileged user in your LDAP/AD server that can be used to bind to the LDAP server for doing our user and authorization searches.
         ldap_password	Required. The password to use to with LDAP_BINDDN to bind to the LDAP server for doing our user and authorization searches. Use base64 string of password.
         ldap_basedn	Required The base DN to use for our LDAP searches that find users, and to construct the DN for the user to bind with, unless LDAP_USER_BASEDN is also set (see below). For authentication, the user’s DN will be constructed as {LDAP_USERNAME_ATTRIBUTE}={username},{LDAP_BASEDN}.
         ldap_user_basedn	The base DN to append to the user’s username when binding. This is only important for Active Directory, where we may need to use the value of userPrincipalName (typically the user’s email address) as the username intead of the usual LDAP style dn which would be constructed as sAMAccountName=user,{LDAP_BASEDN}. Include the @ at the beginning of the value. The resulting bind DN will be {username}{LDAP_USER_BASEDN}. Defaults to None. Export LDAP_USER_BASEDN="@example.com" This will cause the bind DN to be user@example.com
         ldap_username_attribute	The LDAP attribute to use for the username. Defaults to uid.
         ldap_full_name_attribute	The LDAP attribute to use for the full name. Defaults to cn.
         secret_key	Required The secret key to use for the session.
         csrf_secret_key	Required The secret key to use for the CSRF cookie.

         Information

         Important

         Ensure that the necessary ports for accessing the Kibana dashboard (HTTP/HTTPS) are available. In particular, kibana_app_port_https must be set to 443 for secure communication.

      6. Once the playbook has run successfully, enter your LDAP credentials to access the zAdviser dashboards at the following URL:
         https://{serverIP}:{ kibana_app_port_https }/. 

Task 5: To verify the installation

1. Run the docker ps command. Verify that the following four services statuses are displayed as up and running:
   
2. Visit the following IP address to check the installation:
   • BMC AMI zAdviser Enterprise Administration—https://serverIP:443

   • BMC AMI zAdviser Enterprise—http://serverIP:5601. The user name is elastic and the password is provided in elastic_password playbook command field.

     Warning

     Important

     Make sure that the ports match those specified in the Ansible script.