Installing BMC Helix Platform services 22.4.00
The following services provided by BMC Helix Platform are used by BMC Helix Service Management:
- Infrastructure services
- Common services
- BMC Helix Dashboards
- BMC Helix ITSM Insights
Before you begin
Create a namespace.
Configure the ingress controller.
The following host names must be created with a DNS entry that points to the load balancer. The property names are used in the infra.config and deployment.config files during deployment. Make sure that the URLs are in the same domain.
Description
Product
Format
Example
Must be configured in the load balancer?
Must have a DNS entry?
File name
Property name
Host for Helix RSSO
All
<any unique string>.$DOMAINmycomputer-rsso.lab.bmc.com
Yes
Yes
configs/infra.config
LB_HOSTHost for tenant management system
All
<any unique string>.$DOMAINmycomputer-tms.lab.bmc.com
Yes
Yes
configs/infra.config
TMS_LB_HOSTMinIO storage URL
All
<any unique string>.$DOMAINmycomputer-minio.lab.bmc.com
Yes
Yes
configs/infra.config
MINIO_LB_HOSTTenant URL
All
$COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-private-poc.lab.bmc.com
Yes
Yes
configs/deployment.config for ENVIRONMENT and configs/infra.config for the others
COMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAINDiscovery Appliance URL
- BMC Helix IT Operations Management
- BMC Helix Continuous Optimization
$COMPANY_NAME-disc-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-disc-private-poc.lab.bmc.com
No
Yes
configs/deployment.config for ENVIRONMENT and configs/infra.config for the others
COMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAINBMC Helix Continuous Optimization
BMC Helix Continuous Optimization
$COMPANY_NAME-optimize-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-optimize-private-poc.lab.bmc.com
No
Yes
configs/deployment.config for ENVIRONMENT and configs/infra.config for the others
COMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN
To deploy the BMC Helix Platform services
- Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
- Download the deployment manager BMC_Helix_Platform_Services_for_Service_Management_Version_22.4.00.zip from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
The ZIP file contains the following files:- helix-on-prem-deployment-manager-22.4.00.sh—This file contains the deployment manager.
- hotfix-22.4.00.001-10.tar.gz—This file contains the 22.4.00 hotfix 1 artifacts.
- Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-22.4.00.sh file.
Self-extract the deployment manager. Run the following command:
./helix-on-prem-deployment-manager-22.4.00.sh
cd helix-on-prem-deployment-manager- If you are installing BMC Helix Platform services on Kubernetes 1.24 version, perform the following steps:
- Navigate to the commons directory.
- Open the preinstall-checker.sh file.
- Comment the code for Kubernetes version check.
Prepare for password encryption:
In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.
Parameter
Example value
Description
IMAGE_REGISTRY_HOST(or local repo if copied down)
Image registry from where the nodes on the cluster download the images.
If you have synchronized the images to a local Harbor registry, make sure the Harbor registry is set up with HTTPS.
IMAGE_REGISTRY_USERNAMEUser name to log in to BMC DTR.
If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.
ENVIRONMENTpoc
Type of environment such as poc, dev, and qa.
Do not use special characters for the environment value.
You can use the same environment value while performing the BMC Helix Service Management installation.
NAMESPACEdark-helmet
Namespace in which to install the services.
You must have separate namespaces to install BMC Helix Platform services and BMC Helix Innovation Suite and applications.
LB_HOSTHost for load balancer for BMC Helix Innovation Suite.
Specify the BMC Helix Innovation Suite URL.
LB_PORT443
Port for load balancer.
TMS_LB_HOSTHost for tenant management system.
Specify the host of the load balancer that points to the tenant management system service.
DomainDomain name of the Load Balancer
MINIO_LB_HOSTURL for Minio storage.
MINIO_API_LB_HOSTUse MinIO API ingress to create buckets by using the command line.
CLUSTER_TYPE""
Either values openshift or ocp for OpenShift.
If CLUSTER_TYPE is not set to openshift or ocp, cluster type is treated as a Kubernetes cluster.
COMPANY_NAMEphoton2
Parameter in the tenant URL formation like $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
Do not use special characters for the Company name.
COMPANY_NAME value is used to generate the tenant URL.
TENANT_EMAILEmail address of the admin user of initial tenant.
TENANT_FIRST_NAMETestName
First name of the admin user for initial tenant.
TENANT_LAST_NAMETestLastName
Last name of the admin user for initial tenant.
TENANT_TYPEtyrion
Unique identifier of the tenant.
The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the tenant.TENANT_DOMAIN_HOSTThe tenant domain. This URL is for BMC Helix Portal.
You must enter the parameter value in the following format:$TENANT_NAME-$TENANT_TYPE-$ENVIRONMENT$.DOMAIN
COUNTRY"United States"
Matches the value in the OS locale.
NFS_STORAGE_CLASS""
Blank ""
This parameter is not required for BMC Helix Service Management.
SMTP_HOSTmailhost.mycompany.com
SMTP host name of IP address accessible from cluster
SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete.
All SMTP mail servers are supported.
To use a temporary SMTP server to receive BMC Helix Platform services installation emails, see the knowledge article000396217.
SMTP_PORT25
An integer value for the port of the SMTP server.
SMTP_USERNAMEabc@mycompany.com
User name to connect to the SMTP server.
If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below:
- SMTP_USERNAME=""
- SMTP_PASSWORD=""
SMTP_FROM_EMAILhelix-rd@mycompany.com
A valid email ID for the From address in all emails.
SMTP_TLS"false"
The SMTP server TLS. The value can be true or false.
If not in use, specify the value as false.SMTP_AUTH_DASHBOARDtrue
SMTP authentication.
Valid values are True or false.
SMTP_AUTHPLAIN
SMTP authentication type.
One of the following values:
- PLAIN
This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD. - LOGIN
This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD. - NONE
This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below:- SMTP_USERNAME=""
- SMTP_PASSWORD=""
OPS_GROUP_EMAILops-grp@mycompany.com
ops email address.
All emails related to tenant activities such as tenant creation, tenant registration, and tenant offboarding are sent to your organization's operations team.
APPROVAL_GROUP_EMAILgrp-rd@mycompany.com
Email address for approval.
When a new tenant is created, an email is sent for tenant approval to this email group.
PG_STORAGE_CLASSceph-block-storage
Storage class used. Usually there is one Storage class configured for all the infra services. Repeat the same value in that case.
VMSTORAGE_STORAGE_CLASSonprem-storage
Storage class for VictoriaMetrics.
VMAGGSTORAGE_STORAGE_CLASSonprem-storage
Storage class for VictoriaMetrics.
ES_MASTER_STORAGE_CLASSblock-store-class
Storage class for Elasticsearch master nodes.
ES_DATA_STORAGE_CLASSblock-store-class
Storage class for Elasticsearch data nodes.
MINIO_STORAGE_CLASSonprem-storage
Storage class for Minio.
EFS_STORAGE_CLASS""
Blank ""
REDIS_HA_GLOBAL_STORAGECLASSblock-store-class
Storage class for REDIS.
KAFKA_STORAGECLASSblock-store-class
Storage class for Kafka.
ESLOG_MASTER_STORAGE_CLASS
block-store-class
Storage class for Elasticsearch log.
ESLOG_DATA_STORAGE_CLASSblock-store-class
Storage class for Elasticsearch log.
MINIO_STORAGE_CLASSacme-block-storage
Storage class for MinIO.
Usually, a single storage class by using block storage is configured for all the infra services. Repeat the same value if configured in this manner.
AIOPS_STORAGE_CLASS""
Blank ""
CUSTOM_CA_SIGNED_CERT_IN_USEfalse
Flag to use self-signed or custom CA certificate.
Default value is false.
If you are using a self-signed or custom CA certificate, set the value to true. Copy the self-signed or custom CA certificate in the commons/certs/ directory. Ensure that the file name of the certificate is custom_cacert.pem
Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.
OPT_STORAGE_CLASS""
Blank ""
REPOPV_MOUNT_PATH""
Blank ""
MIGRATORPV_MOUNT_PATH""
Blank ""
ETLPV_MOUNT_PATH""
Blank ""
CLIENT_ROOT_CERT""
Blank ""
SMART_SYSTEM_USERNAME""
Blank ""
INGRESS_CLASSnginx
Ingress class used while deploying Ingress controller. Change if multiple ingress controllers are on the cluster.
If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.
INGRESS_API_VERSIONtrue
Flag to indicate if the Ingress controller version is 1.2.0 or higher.
True if your Ingress controller version is 1.2.0 or higher.
HELM_BIN/usr/local/bin/helm
Absolute path of the HELM binary.
KUBECTL_BIN/usr/bin/kubectl
Absolute path of the kubectl binary.
OC_BIN/usr/local/sbin/oc
Cluster type.
Set if CLUSTER_TYPE is openshift or ocp.
KIBANA_LB_HOST
The BMC Helix Logging ingress uses this value. This value depends on the self-signed, CA-signed certificate, or custom certificate.
If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.
If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is false, use the DNS configured for the CA-signed certificate.
If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.
RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE
true
Flag to enable custom JAVA keystore for RSSO SAML keystore.
If you want to use custom JAVA keystore for RSSO SAML keystore configuration, set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.
Perform the following steps:
- Set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.
- Rename the java keystore file to rsso_custom_java_keystore.
- Save this file in the commons/certs directory. The path of this file would be: commons/certs/rsso_custom_java_keystore
The commons/certs/rsso_custom_java_keystore file will be mounted in the RSSO container at the following location: /etc/rsso_custom_java_keystore
RUN_AS_USERnull
The security context that the components will use.
This variable is considered only if the value of the CLUSTER_TYPE variable is openshift or ocp.
For the Kubernetes cluster, use the following value:
nullSet the correct context for this variable according to the OpenShift namespace. For example, in OpenShift, run the following command to get the ID range:
oc describe namespace <namespace-name>FS_GROUPnull
The security context that the components will use.
This variable is considered only if the value of the CLUSTER_TYPE variable is openshift or ocp.
For the Kubernetes cluster, use the following value:
nullSet the correct context for this variable according to the OpenShift namespace. For example, in OpenShift, run the following command to get the ID range:
oc describe namespace <namespace-name>RUN_AS_GROUPnull
The security context that the components will use.
This variable is considered only if the value of the CLUSTER_TYPE variable is openshift or ocp.
For the Kubernetes cluster, use the following value:
nullSet the correct context for this variable according to the OpenShift namespace. For example, in OpenShift, run the following command to get the ID range:
oc describe namespace <namespace-name>The command will change for each namespace.
OPT_FSGROUP""
Blank ""
Leave blank. This parameter is not required for BMC Helix Service Management.
ML_FSGROUP
""
Blank ""
This parameter is not required for BMC Helix Service Management.
CUSTOM_SERVICEACCOUNT_NAME
helix-onprem-sa
Custom service account name.
Default value is helix-onprem-sa.
If there are no permissions to create ServiceAccount, Role, RoleBinding, perform the following steps:
- Replace the default value of helix_onprem_sa with the required value.
- Create a role and rolebinding from the commons/yaml_files/role_rolebinding.yaml file.
- Create a ServiceAccount from the commons/yaml_files/serviceAccount.yaml file.
If there are permissions to create ServiceAccount, Role, RoleBinding, retain the CUSTOM_SERVICEACCOUNT_NAME value as helix-onprem-sa as shown below:
CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-saIn the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:
To install the product, run the following command:
./deployment-manager.shWhen asked, enter a password of your choice for encryption or decryption.
This password is used to encrypt all passwords that you added in the commons/certs/secrets.txt file.
After the BMC Helix Platform services are deployed, the tenant administrator receives the following emails:
- An email with details about the BMC Helix Platform account
- An email to change the BMC Helix Platform account password at the first login
After the installation, you can see the Elasticsearch, Fluentd, and Kibana pods in the bmc-helix-logging namespace. You can access Kibana with the following URL:
http://<masternodeip>:5601/
All installation logs are located in the following directory:
helix-on-prem-deployment-manager/logs
To apply the hotfix
- Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
- Create a new directory; for example, ITOM_HotFix_22.4.00.001.
- Copy the hotfix-22.4.00.001-10.tar.gz file that you downloaded from EPD to the new directory.
Extract the hotfix-22.4.00.001-10.tar.gz file by using the following command:
tar xvf hotfix-22.4.00.001-10.tar.gz- Navigate to the hotfix directory.
- If you are using a local repository for accessing container images, make sure that you synchronize the images listed in the hotfix/new-image-list.txt to the local repository.
- If you have not installed BMC Helix ITSM Insights, in the hotfix/new-service-list.config file, modify the ITSMINSIGHT_SERVICES parameter value to blank, ITSMINSIGHT_SERVICES=
Run the hotfix script file hf_script.sh by using the following command:
bash hf_script.sh <full path of the helix-on-prem-deployment-manager directory>Replace <full path of the helix-on-prem-deployment-manager directory> with the full path of the directory where you installed BMC Helix Platform services 22.4.
Example:bash hf_script.sh /data/22.4.00/helix-on-prem-deployment-managerThe hf_script.sh script creates a copy of helix-on-prem-deployment-manager in the path that you specified in the command and the directory is named helix-on-prem-deployment-manager_HF1.
For example, a new directory /data/22.4.00/helix-on-prem-deployment-manager_HF1 is created. No changes are made to the original directory helix-on-prem-deployment-manager.
The hf_script.sh script installs the following chart:
- tas chart with version 542
- ade-arservices-register chart with version 10
- aif-core-service chart with version 22.4.00.001-8
Sample configuration files
Where to go from here
Next task | Proceed with Setting-up-the-installation-environment |
---|---|
Back to process | If you are finished setting up the installation environment, return to the appropriate installation, update, or upgrade process: |