This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.To view the documentation for the latest version, select 23.3.04 from the Product version picker.

Installing BMC Helix Platform services 22.4.00


The following services provided by BMC Helix Platform are used by BMC Helix Service Management:

  • Infrastructure services
  • Common services
  • BMC Helix Dashboards
  • BMC Helix ITSM Insights
Click here to see the list of containers required to deploy services:
AIF/ITSM INSIGHTS    
containers.bmc.com/bmc/lp0lz:ade-file-service-93acc46-136
containers.bmc.com/bmc/lp0lz:aif-api-service-c0e77f3-196
containers.bmc.com/bmc/lp0lz:aif-clustering-ingestion-service-0a4f181-209
containers.bmc.com/bmc/lp0lz:aif-clustering-service-3cb0ce6-145
containers.bmc.com/bmc/lp0lz:aif-core-service-498f30a-209
containers.bmc.com/bmc/lp0lz:aif-incident-ingestion-service-4388a36-132
containers.bmc.com/bmc/lp0lz:aif-job-manager-service-a635f78-190
containers.bmc.com/bmc/lp0lz:aif-machine-learning-utilities-59bd4c5-151
containers.bmc.com/bmc/lp0lz:aif-ticket-service-43f7612-147

CORE
containers.bmc.com/bmc/lp0lz:ade-audit-service-207
containers.bmc.com/bmc/lp0lz:ade-authz-service-292
containers.bmc.com/bmc/lp0lz:ade-identity-management-service-1134
containers.bmc.com/bmc/lp0lz:ade-predeploydb-40
containers.bmc.com/bmc/lp0lz:adereporting-3152
containers.bmc.com/bmc/lp0lz:adereporting-apiservice-22.2.00.001-16jun
containers.bmc.com/bmc/lp0lz:adereporting-content-fa81cba-442
containers.bmc.com/bmc/lp0lz:adereporting-initdb-v001
containers.bmc.com/bmc/lp0lz:adereporting-kafkacli-v002
containers.bmc.com/bmc/lp0lz:adereporting-puller-20d31c8-490
containers.bmc.com/bmc/lp0lz:adereporting-renderer-2cae2a4-448
containers.bmc.com/bmc/lp0lz:adereporting-runner-20d31c8-490
containers.bmc.com/bmc/lp0lz:aif-clustering-query-service-5b9d911-169
containers.bmc.com/bmc/lp0lz:anomaly-detection-service-ea2af64-126
containers.bmc.com/bmc/lp0lz:es-proxy-nginx-service-101af7e-253
containers.bmc.com/bmc/lp0lz:es-proxy-service-101af7e-253
containers.bmc.com/bmc/lp0lz:event-ingestion-service-18ed847-205
containers.bmc.com/bmc/lp0lz:event-mgmt-service-bd596c3-240
containers.bmc.com/bmc/lp0lz:event-processor-service-e551a5a-444
containers.bmc.com/bmc/lp0lz:event-service-8bf97b3-153
containers.bmc.com/bmc/lp0lz:kibana-proxy-service-77c08a2-314
containers.bmc.com/bmc/lp0lz:kibana-service-77c08a2-314
containers.bmc.com/bmc/lp0lz:log-ingestion-service-7f9eaab-181
containers.bmc.com/bmc/lp0lz:log-mgmt-service-e487cfa-299
containers.bmc.com/bmc/lp0lz:log-processing-service-8ea37b7-290
containers.bmc.com/bmc/lp0lz:logs-enrichment-sync-service-77e8c5d-89
containers.bmc.com/bmc/lp0lz:logs-portal-3427b5f-211
containers.bmc.com/bmc/lp0lz:metric-aggregation-service-e4db843-133
containers.bmc.com/bmc/lp0lz:metric-configuration-service-974a60f-140
containers.bmc.com/bmc/lp0lz:metric-gateway-service-f441bf4-152
containers.bmc.com/bmc/lp0lz:metricservice-0953cab-183
containers.bmc.com/bmc/lp0lz:prometheus-ingestion-service-8ccbab9-74
containers.bmc.com/bmc/lp0lz:smart-graph-api-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:thirdparty-ingestion-service-7291e10-69
containers.bmc.com/bmc/lp0lz:truesight-credential-service-320
containers.bmc.com/bmc/lp0lz:truesight-featureflag-service-62
containers.bmc.com/bmc/lp0lz:ade-ims-webhook-218
containers.bmc.com/bmc/lp0lz:ade-itsm-identity-sync-336
containers.bmc.com/bmc/lp0lz:adeops-util-88
containers.bmc.com/bmc/lp0lz:smart-graph-controller-api-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:smart-graph-controller-efsinit-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:smart-graph-controller-security-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:smart-graph-environment-controller-r850051-1150-daas_ship-tkn_ship
containers.bmc.com/bmc/lp0lz:tctlrest-110
containers.bmc.com/bmc/lp0lz:tctlrest-24
PLATFORM    
containers.bmc.com/bmc/lp0lz:ade-identity-management-portal-1150
containers.bmc.com/bmc/lp0lz:ade-notification-service-334
containers.bmc.com/bmc/lp0lz:adeops-util-71
containers.bmc.com/bmc/lp0lz:ade-tenant-management-automation-404
containers.bmc.com/bmc/lp0lz:ade-tenant-management-portal-327
containers.bmc.com/bmc/lp0lz:ade-tenant-management-service-807
containers.bmc.com/bmc/lp0lz:ade-ui-content-service-247
containers.bmc.com/bmc/lp0lz:authproxy-RSSO_Auth_Proxy_126
containers.bmc.com/bmc/lp0lz:authproxy-RSSO_Auth_Proxy_130
containers.bmc.com/bmc/lp0lz:kubectl-latest
containers.bmc.com/bmc/lp0lz:tctlrest-85

INFRA    
containers.bmc.com/bmc/lp0lz:22201-1-v1-bitnami-kafka-2.7.0-debian-10-r124
containers.bmc.com/bmc/lp0lz:22201-1-v1-haproxy-2.4.9
containers.bmc.com/bmc/lp0lz:22201-1-v1-justwatch-elasticsearch_exporter-1.1.0
containers.bmc.com/bmc/lp0lz:22201-1-v2-bitnami-minio-2021.4.18-debian-10-r0
containers.bmc.com/bmc/lp0lz:22201-1-v2-bitnami-postgresql-repmgr-12.9.0
containers.bmc.com/bmc/lp0lz:22201-1-v2-pgpool-4.3.1-debian-10-r58
containers.bmc.com/bmc/lp0lz:22201-1-v2-victoriametrics-vminsert-v1.76.1-cluster
containers.bmc.com/bmc/lp0lz:22201-1-v2-victoriametrics-vmselect-v1.76.1-cluster
containers.bmc.com/bmc/lp0lz:22201-1-v2-victoriametrics-vmstorage-v1.76.1-cluster
containers.bmc.com/bmc/lp0lz:22201-1-v3-redis-6.2.5-alpine
containers.bmc.com/bmc/lp0lz:22201-1-v4-bitnami-zookeeper-3.7.0-debian-10-r25
containers.bmc.com/bmc/lp0lz:22201-1-v6-opendistro-for-elasticsearch-1.13.3
containers.bmc.com/bmc/lp0lz:22201-1-v7-elasticsearch-7.16.2-debian-10-r0
containers.bmc.com/bmc/lp0lz:22201-1-v2-bitnami-elasticsearch-curator-5.8.4
containers.bmc.com/bmc/lp0lz:22201-1-v4-bitnami-kibana-7.16.3-debian-10-r18
containers.bmc.com/bmc/lp0lz:HSSO_22.2.01-RC
containers.bmc.com/bmc/lp0lz:22201-1-v4-ade-infra-clients-1

Important

After you install BMC Helix Platform services to 22.4.00 version, you must apply the 22.4.00 hotfix 1.

Before you begin

  1. Create a namespace.

    Expand to see the steps:
    1. Run the following command. The namespace must be a DNS-1123 label. That is, it must consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character.

      kubectl create ns <namespace>
    2. Verify that nothing is installed in the namespace in which you plan to deploy the product.
      1. Run the following command:

        kubectl get all -n <namespace_created_earlier_in_this_procedure>
      2. Make sure that the following message is displayed:

        No resources found.
    For EFK logging

    Create a namespace called bmc-helix-logging by using the following command:

    kubectl create ns bmc-helix-logging

    The Elasticsearch, FluentD, and Kibana services are installed in this namespace. These services are required to access logs from the pods that are running on BMC Helix Platform.

  2. Configure the ingress controller.

    Expand to see the steps:
    1. Identify the configmap name by running the following command:

      kubectl get cm -n <ingress_nginx_namespace>
    2. Change the configmap name to use the configmap in your environment by running the following command:

      kubectl edit cm <ingress_nginx_configmap> -n  <ingress_nginx_namespace>

      data:
        enable-underscores-in-headers: "true"
        proxy-body-size: 250m
        server-name-hash-bucket-size: "1024"
        ssl-redirect: "false"
        use-forwarded-headers: "true"
       worker-processes: "40"

      Note

      The configurations shown above are mandatory. Apart from these, you can retain any other configurations as per your requirement.

  3. The following host names must be created with a DNS entry that points to the load balancer. The property names are used in the infra.config and deployment.config files during deployment. Make sure that the URLs are in the same domain.

    Description

    Product

    Format

    Example

    Must be configured in the load balancer?

    Must have a DNS entry?

    File name

    Property name

    Host for Helix RSSO

    All

    <any unique string>.$DOMAIN

    mycomputer-rsso.lab.bmc.com

    Yes

    Yes

    configs/infra.config

    LB_HOST

    Host for tenant management system

    All

    <any unique string>.$DOMAIN

    mycomputer-tms.lab.bmc.com

    Yes

    Yes

    configs/infra.config

    TMS_LB_HOST

    MinIO storage URL

    All

    <any unique string>.$DOMAIN

    mycomputer-minio.lab.bmc.com

    Yes

    Yes

    configs/infra.config

    MINIO_LB_HOST

    Tenant URL

    All

    $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    acme-private-poc.lab.bmc.com

    Yes

    Yes

    configs/deployment.config for ENVIRONMENT and configs/infra.config for the others

    COMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN

    Discovery Appliance URL

    • BMC Helix IT Operations Management
    •  BMC Helix Continuous Optimization
    $COMPANY_NAME-disc-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    acme-disc-private-poc.lab.bmc.com

    No

    Yes

    configs/deployment.config for ENVIRONMENT and configs/infra.config for the others

    COMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN

    BMC Helix Continuous Optimization

    BMC Helix Continuous Optimization

    $COMPANY_NAME-optimize-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    acme-optimize-private-poc.lab.bmc.com

    No

    Yes

    configs/deployment.config for ENVIRONMENT and configs/infra.config for the others

    COMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN

To deploy the BMC Helix Platform services

  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. Download the deployment manager BMC_Helix_Platform_Services_for_Service_Management_Version_22.4.00.zip from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
    The ZIP file contains the following files:
    • helix-on-prem-deployment-manager-22.4.00.sh—This file contains the deployment manager.
    • hotfix-22.4.00.001-10.tar.gz—This file contains the 22.4.00 hotfix 1 artifacts.
  1. Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-22.4.00.sh file.
  2. Self-extract the deployment manager. Run the following command:

    ./helix-on-prem-deployment-manager-22.4.00.sh
    cd helix-on-prem-deployment-manager
  3. If you are installing BMC Helix Platform services on Kubernetes 1.24 version, perform the following steps:
    1. Navigate to the commons directory.
    2. Open the preinstall-checker.sh file.
    3. Comment the code for Kubernetes version check.
  4. Prepare for password encryption:

    Expand to see the steps:
    1. Go to the commons/certs directory and open the secrets.txt file.
    2. Add the following passwords to this file:

    3. Save the secrets.txt file

    Troubleshooting tip

    Make sure that you provide all passwords in the secrets.txt file. Even if a single password is not added in the secrets.txt file, the deployment fails with an error.

    Sample secrets.txt file

    # cat commons/certs/secrets.txt
    #Please put the passwords in this file
    IMAGE_REGISTRY_PASSWORD=password123
    SMTP_PASSWORD=""
    SMART_SYSTEM_PASSWORD=password123
    PG_PASSWD=Test2020

    ################## End OF THE FILE ####################
  5. In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.

    Important

    • The following load balancer hosts are required. You do not need any subdomains.
      • LB_HOST
        Ensure that the LB_HOST value is not the same as the tenant URL.
      • TMS_LB_HOST
      • MINIO_LB_HOST
      • Tenant URL that is derived based on the following parameters from the infra.config file:
        $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
    • Make sure that you have created a storage class.

    Parameter

    Example value

    Description

    IMAGE_REGISTRY_HOST   

    containers.bmc.com

    (or local repo if copied down)

    Image registry from where the nodes on the cluster download the images.

    If you have synchronized the images to a local Harbor registry, make sure the Harbor registry is set up with HTTPS.

    IMAGE_REGISTRY_USERNAME

    User name to log in to BMC DTR.

    If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.

    ENVIRONMENT

    poc

    Type of environment such as poc, dev, and qa.

    Do not use special characters for the environment value.

    You can use the same environment value while performing the BMC Helix Service Management installation.

    NAMESPACE   

    dark-helmet

    Namespace in which to install the services.

    You must have separate namespaces to install BMC Helix Platform services and BMC Helix Innovation Suite  and applications.

    LB_HOST     

    Host for load balancer for BMC Helix Innovation Suite.

    Specify the BMC Helix Innovation Suite URL.

    LB_PORT     

    443

    Port for load balancer.

    TMS_LB_HOST 

    Host for tenant management system.

    Specify the host of the load balancer that points to the tenant management system service.

    Domain        

    Domain name of the Load Balancer

    MINIO_LB_HOST

    URL for Minio storage.

    MINIO_API_LB_HOST

    Use MinIO API ingress to create buckets by using the command line.

    CLUSTER_TYPE

    ""

    Either values openshift or ocp for OpenShift.

    If CLUSTER_TYPE is not set to openshift or ocp, cluster type is treated as a Kubernetes cluster.

    COMPANY_NAME    

    photon2

    Parameter in the tenant URL formation like $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

    Do not use special characters for the Company name.

    COMPANY_NAME value is used to generate the tenant URL.

    TENANT_EMAIL    

    Email address of the admin user of initial tenant.

    TENANT_FIRST_NAME

    TestName

    First name of the admin user for initial tenant.

    TENANT_LAST_NAME

    TestLastName

    Last name of the admin user for initial tenant.

    TENANT_TYPE

    tyrion

    Unique identifier of the tenant.
    The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the tenant.

    TENANT_DOMAIN_HOST

    The tenant domain. This URL is for BMC Helix Portal.

    You must enter the parameter value in the following format:$TENANT_NAME-$TENANT_TYPE-$ENVIRONMENT$.DOMAIN

    COUNTRY

    "United States"

    Matches the value in the OS locale.

    Important

    • Add the country name within quotation marks. For example:"India"
    • Do not use abbreviation in country names.

      Click  here to view a list of the supported country names.

    NFS_STORAGE_CLASS

    ""

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    SMTP_HOST     

    mailhost.mycompany.com

    SMTP host name of IP address accessible from cluster

    SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete.

    All SMTP mail servers are supported.

    To use a temporary SMTP server to receive BMC Helix Platform services installation emails, see the knowledge article000396217.

    SMTP_PORT     

    25

    An integer value for the port of the SMTP server.

    SMTP_USERNAME 

    abc@mycompany.com

    User name to connect to the SMTP server.

    If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below:

    • SMTP_USERNAME=""
    • SMTP_PASSWORD=""
    SMTP_FROM_EMAIL

    helix-rd@mycompany.com

    A valid email ID for the From address in all emails.

    SMTP_TLS

    "false"

    The SMTP server TLS. The value can be true or false.
    If not in use, specify the value as false.

    SMTP_AUTH_DASHBOARD

    true

    SMTP authentication.

    Valid values are True or false.

    SMTP_AUTH

    PLAIN

    SMTP authentication type.

    One of the following values:

    • PLAIN
      This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • LOGIN
      This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
    • NONE
      This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below:
      • SMTP_USERNAME=""
      • SMTP_PASSWORD=""
    OPS_GROUP_EMAIL

    ops-grp@mycompany.com

    ops email address.

    All emails related to tenant activities such as tenant creation, tenant registration, and tenant offboarding are sent to your organization's operations team.

    APPROVAL_GROUP_EMAIL

    grp-rd@mycompany.com

    Email address for approval.

    When a new tenant is created, an email is sent for tenant approval to this email group.

    PG_STORAGE_CLASS            

    ceph-block-storage

    Storage class used. Usually there is one Storage class configured for all the infra services. Repeat the same value in that case.

    VMSTORAGE_STORAGE_CLASS

    onprem-storage

    Storage class for VictoriaMetrics. 

    VMAGGSTORAGE_STORAGE_CLASS

    onprem-storage

    Storage class for VictoriaMetrics. 

    ES_MASTER_STORAGE_CLASS

    block-store-class

    Storage class for Elasticsearch master nodes.

    ES_DATA_STORAGE_CLASS

    block-store-class

    Storage class for Elasticsearch data nodes.

    MINIO_STORAGE_CLASS

    onprem-storage

    Storage class for Minio.

    EFS_STORAGE_CLASS

    ""

    Blank ""

    REDIS_HA_GLOBAL_STORAGECLASS

    block-store-class

    Storage class for REDIS.

    KAFKA_STORAGECLASS

    block-store-class

    Storage class for Kafka.

    ESLOG_MASTER_STORAGE_CLASS

    block-store-class

    Storage class for Elasticsearch log.

    ESLOG_DATA_STORAGE_CLASS

    block-store-class

    Storage class for Elasticsearch log.

    MINIO_STORAGE_CLASS

    acme-block-storage

    Storage class for MinIO.

    Usually, a single storage class by using block storage is configured for all the infra services. Repeat the same value if configured in this manner.

    AIOPS_STORAGE_CLASS

    ""

    Blank ""

    CUSTOM_CA_SIGNED_CERT_IN_USE

    false

    Flag to use self-signed or custom CA certificate.

    Default value is false.

    If you are using a self-signed or custom CA certificate, set the value to true. Copy the self-signed or custom CA certificate in the commons/certs/ directory. Ensure that the file name of the certificate is custom_cacert.pem

    Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.

    OPT_STORAGE_CLASS

    ""

    Blank ""

    REPOPV_MOUNT_PATH

    ""

    Blank ""

    MIGRATORPV_MOUNT_PATH

    ""

    Blank ""

    ETLPV_MOUNT_PATH

    ""

    Blank ""

    CLIENT_ROOT_CERT

    ""

    Blank ""

    SMART_SYSTEM_USERNAME

    ""

    Blank ""

    INGRESS_CLASS

    nginx

    Ingress class used while deploying Ingress controller. Change if multiple ingress controllers are on the cluster.

    If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.

    INGRESS_API_VERSION

    true

    Flag to indicate if the Ingress controller version is 1.2.0 or higher.

    True if your Ingress controller version is 1.2.0 or higher.

    HELM_BIN

    /usr/local/bin/helm

    Absolute path of the HELM binary.

    KUBECTL_BIN

    /usr/bin/kubectl

    Absolute path of the kubectl binary.

    OC_BIN

    /usr/local/sbin/oc

    Cluster type.

    Set if CLUSTER_TYPE is openshift or ocp.

    KIBANA_LB_HOST


    The BMC Helix Logging ingress uses this value. This value depends on the self-signed, CA-signed certificate, or custom certificate.

    If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.

    If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is false, use the DNS configured for the CA-signed certificate.

    If the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is true, use the DNS configured for the self-signed certificate.

    RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE

    true

    Flag to enable custom JAVA keystore for RSSO SAML keystore.

    If you want to use custom JAVA keystore for RSSO SAML keystore configuration, set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.

    Perform the following steps:

    1. Set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.
    2. Rename the java keystore file to rsso_custom_java_keystore.
    3. Save this file in the commons/certs directory. The path of this file would be: commons/certs/rsso_custom_java_keystore

      The commons/certs/rsso_custom_java_keystore file will be mounted in the RSSO container at the following location: /etc/rsso_custom_java_keystore
    RUN_AS_USER

    null

    The security context that the components will use.

    This variable is considered only if the value of the CLUSTER_TYPE variable is openshift or ocp.

    For the Kubernetes cluster, use the following value:

    null

    Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift, run the following command to get the ID range:

    oc describe namespace <namespace-name>
    FS_GROUP

    null

    The security context that the components will use.

    This variable is considered only if the value of the CLUSTER_TYPE variable is openshift or ocp.

    For the Kubernetes cluster, use the following value:

    null

    Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift, run the following command to get the ID range:

    oc describe namespace <namespace-name>
    RUN_AS_GROUP

    null

    The security context that the components will use.

    This variable is considered only if the value of the CLUSTER_TYPE variable is openshift or ocp.

    For the Kubernetes cluster, use the following value:

    null

    Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift, run the following command to get the ID range:

    oc describe namespace <namespace-name>

    The command will change for each namespace.

    OPT_FSGROUP

    ""

    Blank ""

    Leave blank. This parameter is not required for BMC Helix Service Management.

    ML_FSGROUP

    ""

    Blank ""

    This parameter is not required for BMC Helix Service Management.

    CUSTOM_SERVICEACCOUNT_NAME

     helix-onprem-sa

    Custom service account name.

    Default value is helix-onprem-sa.

    If there are no permissions to create ServiceAccount, Role, RoleBinding, perform the following steps:

    1. Replace the default value of helix_onprem_sa with the required value.
    2. Create a role and rolebinding from the commons/yaml_files/role_rolebinding.yaml file.
    3. Create a ServiceAccount from the commons/yaml_files/serviceAccount.yaml file. 

    If there are permissions to create ServiceAccount, Role, RoleBinding, retain the CUSTOM_SERVICEACCOUNT_NAME value as helix-onprem-sa as shown below:
    CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-sa

  6. In the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:

  7. To install the product, run the following command:

    ./deployment-manager.sh
  8. When asked, enter a password of your choice for encryption or decryption.

    This password is used to encrypt all passwords that you added in the commons/certs/secrets.txt file.

    Important

    Save this password. The deployer uses this password in all future product deployments.

    What happens next?
    1. The deployer encrypts all passwords that you added in the secrets.txt file.
    2. The deployer creates a commons/certs/secrets.config file and adds all the encrypted passwords to it.
    3. The deployer deletes the secrets.txt file.


    What happens if I need to change the encryption password?

    Perform these steps if you forget the encryption password or if you need to change it:

    1. Delete the commons/certs/secrets.config file.
    2. In thecommons/certs directory, create secrets.txt file, and specify the encryption password.
    3. Run the deployer again.
    4. When asked, enter a password of your choice for encryption or decryption.
      The deployer creates a new secrets.config file with the new encryption password.

After the BMC Helix Platform services are deployed, the tenant administrator receives the following emails:

  • An email with details about the BMC Helix Platform account
  • An email to change the BMC Helix Platform account password at the first login

After the installation, you can see the Elasticsearch, Fluentd, and Kibana pods in the bmc-helix-logging namespace. You can access Kibana with the following URL:

http://<masternodeip>:5601/ 

All installation logs are located in the following directory:

helix-on-prem-deployment-manager/logs

To apply the hotfix

  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. Create a new directory; for example, ITOM_HotFix_22.4.00.001
  3. Copy the hotfix-22.4.00.001-10.tar.gz file that you downloaded from EPD to the new directory.
  4. Extract the hotfix-22.4.00.001-10.tar.gz file by using the following command:

    tar xvf hotfix-22.4.00.001-10.tar.gz
  5. Navigate to the hotfix directory.
  6. If you are using a local repository for accessing container images, make sure that you synchronize the images listed in the hotfix/new-image-list.txt to the local repository.
  7. If you have not installed BMC Helix ITSM Insights, in the hotfix/new-service-list.config file, modify the ITSMINSIGHT_SERVICES parameter value to blank, ITSMINSIGHT_SERVICES=
  8. Run the hotfix script file hf_script.sh by using the following command:

    bash hf_script.sh <full path of the helix-on-prem-deployment-manager directory> 

    Replace <full path of the helix-on-prem-deployment-manager directory> with the full path of the directory where you installed BMC Helix Platform services 22.4.
    Example:

    bash hf_script.sh /data/22.4.00/helix-on-prem-deployment-manager

    The hf_script.sh script creates a copy of helix-on-prem-deployment-manager in the path that you specified in the command and the directory is named helix-on-prem-deployment-manager_HF1.

    For example, a new directory /data/22.4.00/helix-on-prem-deployment-manager_HF1 is created. No changes are made to the original directory helix-on-prem-deployment-manager.

    The hf_script.sh script installs the following chart:

    • tas chart with version 542
    • ade-arservices-register chart with version 10
    • aif-core-service chart with version 22.4.00.001-8

Sample configuration files

Sample infra.config file
#Docker registry details
IMAGE_REGISTRY_HOST=containers.bmc.com
IMAGE_REGISTRY_USERNAME=<user name to access registry>

# keep double quotes in all variables if not required, don't leave them blank or empty
#Infra details
#NAMESPACE=dark-helmet
#LB_HOST=host-india-app.mydomain.com
#LB_PORT=443
#TMS_LB_HOST=tms-private-poc.mydomain.com
#DOMAIN=mydomain.com
#MINIO_LB_HOST=minio-private-poc.mydomain.com
#ENVIRONMENT=<Type of environment>
ENVIRONMENT=small
NAMESPACE=
LB_HOST=
LB_PORT=
TMS_LB_HOST=
DOMAIN=
MINIO_LB_HOST=

#Cluster type can have values openshift or ocp for OpenShift.
#If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.
CLUSTER_TYPE=

#Tenant details for onboarding
#COMPANY_NAME=<tenant company name same as in tenant discover appliance url>
#TENANT_EMAIL=<tenant email address>
#TENANT_FIRST_NAME=<tenant first name>
#TENANT_LAST_NAME=<tenant last name>
## TENANT_TYPE= <Tenant type in tenant url same as in tenant discovery appliance url>
## Please use only alphanumeric value in COMPANY_NAME
COMPANY_NAME=
TENANT_EMAIL=
TENANT_FIRST_NAME=
TENANT_LAST_NAME=
TENANT_TYPE=
# Ensure that the values must  be compliant with the domain format mentioned in parameter "ADE_TENANT_DOMAIN_FORMAT" defined in ../product/platform/platform.json file
# i.e. ADE_TENANT_DOMAIN_FORMAT: "#TENANT_NAME#__tenant_type__#ENV_NAME#.__domain__" i.e. adecompany-private-dev.onbmc.com
TENANT_DOMAIN_HOST=
# Ensure that the value of COUNTRY is enclosed within double quotes
COUNTRY="Virgin Islands, U.S."

#SMTP Config
#SMTP_HOST=<SMTP host name of IP address accessible from cluster>
#SMTP_PORT=<SMTP server port, e.g. 25>
#SMTP_USERNAME=<SMTP user name>
#SMTP_FROM_EMAIL=<SMTP from email address>
#SMTP_TLS=<SMTP server TLS, Leave it blank if not in use>
#This below variable is used by portal team
#SMTP_AUTH=<PLAIN or LOGIN or NONE>
# Use NONE for if you want to skip SMTP authentication
# PLAIN or LOGIN is used when you have authenticated SMTP user and SMTP password
#This variable is used for getting report email to dahsboard team by default value is true
#SMTP_AUTH_DASHBOARD=<true or false>
#OPS_GROUP_EMAIL=<ops email address>
#APPROVAL_GROUP_EMAIL=<email address for approval>
SMTP_HOST=
SMTP_PORT=
#Ensure blank values for SMTP username password is in double quotes
SMTP_USERNAME=
SMTP_FROM_EMAIL=
## SMTP_TLS value can be blank, use double quotes to give blank value
SMTP_TLS=
SMTP_AUTH_DASHBOARD=
SMTP_AUTH=
OPS_GROUP_EMAIL=
APPROVAL_GROUP_EMAIL=

#NFS details
## fully qualified mount path (e.g. /data/ade-stack/export) with folder (e.g. volumes), it will use static pvc with nfs storage
## Create a folder under mount path and change the owner to 786:998, e.g. chown -R 786:998 /data/ade-stack/export/volumes
#NFS_MOUNT_PATH=/data/ade-stack/export/volumes
#NFS_SERVER=<nfs server host name or IP address accessible from cluster>
#NFS_STORAGE_CLASS=onprem-nfs-storage
## keep NFS_STORAGE_CLASS empty if default storage class value should be used.
NFS_MOUNT_PATH=""
NFS_SERVER=""
NFS_STORAGE_CLASS=""

#storage class, set value as per storage class in cluster
#PG_STORAGE_CLASS=onprem-storage
#VMSTORAGE_STORAGE_CLASS=onprem-storage
#VMAGGSTORAGE_STORAGE_CLASS=onprem-storage
#ES_MASTER_STORAGE_CLASS=onprem-storage
#ES_DATA_STORAGE_CLASS=onprem-storage
#MINIO_STORAGE_CLASS=onprem-storage
#EFS_STORAGE_CLASS=onprem-storage
#REDIS_HA_GLOBAL_STORAGECLASS=onprem-storage
#KAFKA_STORAGECLASS=onprem-storage
#ESLOG_MASTER_STORAGE_CLASS=onprem-storage
#ESLOG_DATA_STORAGE_CLASS=onprem-storage
#AIOPS_STORAGE_CLASS=onprem-storage

PG_STORAGE_CLASS=
VMSTORAGE_STORAGE_CLASS=
VMAGGSTORAGE_STORAGE_CLASS=
ES_MASTER_STORAGE_CLASS=
ES_DATA_STORAGE_CLASS=
MINIO_STORAGE_CLASS=
EFS_STORAGE_CLASS=
REDIS_HA_GLOBAL_STORAGECLASS=
KAFKA_STORAGECLASS=
ESLOG_MASTER_STORAGE_CLASS=
ESLOG_DATA_STORAGE_CLASS=
AIOPS_STORAGE_CLASS=

#Optimize storage details
#OPT_STORAGE_CLASS=onprem-storage
OPT_STORAGE_CLASS=

################################################################################################################
## This section is only relevant on upgrade scenario from 21.3.03, on fresh deployment there is not need to create the static
## directories for optimize, they will be created dynamicliy
################################################################################################################
## fully qualified mount path (e.g. /data/ade-stack/export) with folders it will use static pvc with nfs storage
# 1) repository
# 2) migratorrepository
# 3) etlrepository
## Create a folder under mount path and change the owner to 1001:87654321,
# e.g. chown -R 1001:87654321 /data/ade-stack/export/repository
# e.g. chown -R 1001:87654321 /data/ade-stack/export/migratorrepository
# e.g. chown -R 1001:87654321 /data/ade-stack/export/etlrepository
REPOPV_MOUNT_PATH=
MIGRATORPV_MOUNT_PATH=
ETLPV_MOUNT_PATH=
################################################################################################################

#CUSTOM_CA_SIGNED_CERT_IN_USE=true/false
#if you are using self-signed/custom CA signed certificate please set it to true,
#also ensure you have copied custom CA certificate file at commons/certs dir with file name custom_cacert.pem i.e. commons/certs/custom_cacert.pem
CUSTOM_CA_SIGNED_CERT_IN_USE=false
# Deployment Repository Service client root cert
# Ensure that the value of CLIENT_ROOT_CERT is enclosed within double quotes
#CLIENT_ROOT_CERT="jEV0lsYSEY1QSte="
CLIENT_ROOT_CERT=""

# Smart Graph
#SMART_SYSTEM_USERNAME=system
SMART_SYSTEM_USERNAME=""

# Ingress class used while deploying Ingress controller
INGRESS_CLASS=nginx

#Binary paths on your system
#HELM_BIN=/usr/local/bin/helm
#KUBECTL_BIN=/usr/bin/kubectl
HELM_BIN=
KUBECTL_BIN=
#OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp
#OC_BIN=/usr/local/sbin/oc
OC_BIN=

# If kubernetes in use is higher than 1.21 then set INGRESS_API_VERSION to true, else set it to false.
# Or if OpenShift version in use is higher than 4.8 then set INGRESS_API_VERSION to true, else set it to false.
INGRESS_API_VERSION=false

################################### DO NOT CHANGE ANYTHING BELOW THIS LINE ##########################################

#Postgres config
PG_HOSTNAME=postgres-postgresql-ha-pgpool
PG_USER=postgres
PG_DATABASE=postgres


#Redis HA config
REDIS_HA_HOSTNAME=redis-redis-ha-haproxy

#Kafka & Zookeeper config
KAFKA_HOSTNAME=kafka
ZOOKEEPER_HOSTNAME=kafka-zookeeper

#RSSO Config
RSSO_PG_DB=ade_rsso

#Elasticsearch config
ES_EVENTS_HOSTNAME=elasticsearch-events-opendistro-es-data-svc
ES_LOGS_HOSTNAME=elasticsearch-logs-opendistro-es-data-svc

#MinIO config
MINIO_HOSTNAME=minio

# Misc
IMAGE_REGISTRY_SECRET=bmc-dtrhub
TENANT_PHONE=1234567890
LOGIN_ID=hannah_admin
Sample deployment.config file
#Common config begin
#Type of deployment, values are compact, small, medium, large
DEPLOYMENT_ENVIRONMENT=small

#Docker registry project details
IMAGE_REGISTRY_PROJECT=bmc
IMAGE_REGISTRY_ORG=lp0lz
CORE_IMAGE_REGISTRY_ORG=lp0lz
IA_IMAGE_REGISTRY_ORG=lp0oz
OPTIMIZE_IMAGE_REGISTRY_ORG=lp0pz
BHOM_IMAGE_REGISTRY_ORG=lp0mz
AIOPS_IMAGE_REGISTRY_ORG=la0cz

#Common config end

#Install mode as fresh or upgrade
INSTALL_MODE=fresh

#Flag controlling infra services installation
INFRA=yes

#Flag controlling individual infra services installation
_POSTGRES=yes
_KAFKA=yes
_REDIS=yes
_RSSO=yes
_VICTORIAMETRICS=yes
_ELASTICSEARCH=yes
_MINIO=yes

# Do not make changes to service flags it will break dependency
#Flag controlling helix dashboard services installation
HELIX_DASHBOARD_SERVICES=yes

#Flag controlling itsminsight services installation
ITSMINSIGHT_SERVICES=yes

#Flag controlling aiops services installation
AIOPS_SERVICES=no

#Flag controlling monitor product installation
MONITOR=no

#Flag controlling intelligentintegrations services installation
INTELLI_INT_SERVICES=no

#Flag controlling intelligent automation product installation
INTELLIGENT_AUTOMATION=no

#Flag controlling bmc-helix-logging product installation
BMC_HELIX_LOGGING=yes

#Flag Controlling optimize installation
OPTIMIZE=no

Where to go from here

Next task

Back to process

If you are finished setting up the installation environment, return to the appropriate installation, update, or upgrade process:

Installation-process-overview

Upgrading-BMC-Helix-IT-Service-Management-to-21-3-06

Staged-upgrade-process