This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.To view the documentation for the latest version, select 23.3.04 from the Product version picker.

Installing BMC Helix Platform services

BMC Helix Platform services 23.2.02 installation is a pre-requisite for BMC Helix Service Management 21.3.10 installation. BMC Helix Service Management uses the following services provided by BMC Helix Platform:

  • Infrastructure services
  • Common services
  • BMC Helix Dashboards
  • BMC Helix ITSM Insights

Install these services before you install BMC Helix Service Management.

Related topics

System-requirements

Installing

Before you begin

To create a namespace

  1. Run the following command. The namespace must be a DNS-1123 label. That is, it must consist of lowercase alphanumeric characters or '-', and must start and end with an alphanumeric character.

    kubectl create ns <namespace>

    Important

    In BMC Helix Platform services 23.2.02, Elasticsearch and Kibana are deployed in the BMC Helix Platform namespace, and not in a separate namespace.

  2. Verify that nothing is installed in the namespace in which you plan to deploy the product.

    1. Run the following command:

      kubectl get all -n <namespace_created_earlier_in_this_procedure>

    2. Make sure that the following message is displayed:

      No resources found.

To configure the Ingress controller

  1. Identify the configmap name by running the following command:

    kubectl get all -n <ingress_nginx_namespace>

  2. Change the configmap name to use the configmap in your environment by running the following command:

    kubectl edit cm <ingress_nginx_configmap> -n  <ingress_nginx_namespace>

    data:
      enable-underscores-in-headers: "true"
      proxy-body-size: 250m
      server-name-hash-bucket-size: "1024"
      ssl-redirect: "false"
      use-forwarded-headers: "true"
     worker-processes: "40"

To deploy the BMC Helix Platform services

  1. Log in to the controller or bastion machine from where the Kubernetes cluster is accessible.
  2. Download the deployment manager BMC_Helix_Platform_Services_for_Service_Management_Version_23.2.02.zip from BMC Electronic Product Distribution (EPD) and extract it, if you haven't already.
    The ZIP file contains the deployment manager, helix-on-prem-deployment-manager-23.2.02.sh 
    To download the files from EPD, see Downloading-the-installation-files.
  1. Go to the directory where you downloaded the deployment manager from the EPD and give the execute permission to the helix-on-prem-deployment-manager-23.2.02.sh file.

  2. Self-extract the deployment manager. Run the following command:

    ./helix-on-prem-deployment-manager-23.2.02.sh
    cd helix-on-prem-deployment-manager
  3. Prepare for password encryption:
    1. Go to the commons/certs directory and open the secrets.txt file.

    2. Add the following passwords to this file:

      Property

      Description

      Example

      IMAGE_REGISTRY_PASSWORD

      Password for the Docker registry.

      5016adc4-993f-4fc5-8fb0-8ef6b02ca9d3

      SMTP_PASSWORD

      Password to connect to the SMTP server. 

      In the configs/infra.config file, if the value of the SMTP_AUTH parameter file is NONE, leave the SMTP_PASSWORD value blank as shown below:

       SMTP_PASSWORD=""

      password123

      SMART_SYSTEM_PASSWORD

      Password to connect to the  BMC Discovery appliance.

      password123

      PG_PASSWD

      Password to connect to the PostgreSQL database.

      password123

      KIBANA_PASSWORD

      Password to connect to BMC Helix Logging (EFK).

      kibana123

      MINIO_ACCESS_KEY

      Password to access MinIO.

      admin

      MINIO_SECRET_KEY

      Password to connect to MinIO.

      bmcAdm1n

      ES_JKS_PASSWORD

      Password to connect to Elasticsearch.

      Important: If you are using a custom CA certificate, specify the password, else specify the value as ES_JKS_PASSWORD=""

      test@1234

    3. Save the secrets.txt file

      Troubleshooting tip

      Make sure that you provide all passwords in the secrets.txt file. Even if a single password is not added in the secrets.txt file, the deployment fails with an error.

      Sample secrets.txt file

      # cat commons/certs/secrets.txt
      #Please put the passwords in this file
      IMAGE_REGISTRY_PASSWORD=password123
      SMTP_PASSWORD=""
      SMART_SYSTEM_PASSWORD=password123
      PG_PASSWD=pGtest2020
      KIBANA_PASSWORD=kibana123MINIO_ACCESS_KEY=adminMINIO_SECRET_KEY=bmcAdm1nES_JKS_PASSWORD=test@1234

      ################## End OF THE FILE ####################

  2. In the helix-on-prem-deployment-manager/configs/infra.config file, modify the following parameters that are environment-specific.

    Important

    • The following load balancer hosts are required. You do not need any subdomains.
      • LB_HOST
        Ensure that the LB_HOST value is not the same as the tenant URL.
      • TMS_LB_HOST
      • MINIO_LB_HOST
      • MINIO_API_LB_HOST
      • KIBANA_LB_HOST
      • Tenant URL that is derived based on the following parameters from the infra.config file:
        $COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN
    • Make sure that you have created a storage class.
      BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS. NFS is not supported for persistent volumes. CephRBD is certified by BMC.

  3. In the helix-on-prem-deployment-manager/configs/deployment.config file, modify the following parameters:

    Parameter

    Required value

    Infra services options

    DEPLOYMENT_SIZE

    itsmcompact or itsmsmall

    If you are installing BMC Helix Platform services in a nonproduction environment, specify the value as itsmcompact.

    If you are installing BMC Helix Platform services in a production environment, specify the value as itsmsmall.

    INFRA

    yes
    _PTPOSTGRESS
    yes
    _KAFKA
    yes
    _REDIS
    yes
    _RSSO
    yes
    _ELASTICSEARCH
    yes
    _VICTORIAMETRICS
    yes
    _MINIO
    yes

    BMC Helix Dashboard services

    HELIX_DASHBOARD_SERVICES
    yes

    BMC Helix ITSM Insights

    (Optional)ITSMINSIGHT_SERVICES

    yes 

    If you are not using ITSM Insights, set this parameter to No.

    AR System services

    ARSERVICES
    yes

    BMC Helix Logging

    BMC_HELIX_LOGGING
    yes

  4. Install the product by running the following command:

    ./deployment-manager.sh

After the BMC Helix Platform services are deployed, the tenant administrator receives the following emails:

  • An email with details about the BMC Helix Platform account
  • An email to change the BMC Helix Platform account password at the first login

All installation logs are located in the following directory:

helix-on-prem-deployment-manager/logs

Sample configuration files

Sample infra.config file
#Docker registry details
#IMAGE_REGISTRY_HOST=containers.bmc.com
#IMAGE_REGISTRY_USERNAME=<user name to access registry>
IMAGE_REGISTRY_HOST=
IMAGE_REGISTRY_USERNAME=

# keep double quotes in all variables if not required, don't leave them blank or empty
#Infra details
#NAMESPACE=dark-helmet
#LB_HOST=host-india-app.mydomain.com
#LB_PORT=443
#TMS_LB_HOST=tms-private-poc.mydomain.com
#DOMAIN=mydomain.com
#MINIO_LB_HOST=minio-private-poc.mydomain.com
#KIBANA_LB_HOST=kibana-private-poc.mydomain.com
#ENVIRONMENT=<Type of environment>
# The values of ENVIRONMENT is based on kind of setup you are going to create e.g. dev, qa, production, poc, multi-service, canary etc. (this is not based on deployment size compact, small, medium, large etc)
ENVIRONMENT=dev
NAMESPACE=
LB_HOST=
LB_PORT=
TMS_LB_HOST=
DOMAIN=
# If minio web access required .Please give LB (e.g.minio.domain.com )which has DNS entry otherwise keep blank "".
MINIO_LB_HOST=
# Use minio api ingress(minio-api.domain.com)
MINIO_API_LB_HOST=
KIBANA_LB_HOST=

#Cluster type can have values openshift or ocp for OpenShift.
#If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.
CLUSTER_TYPE=

#Tenant details for onboarding
#COMPANY_NAME=<tenant company name same as in tenant discover appliance url>
#TENANT_EMAIL=<tenant email address>
#TENANT_FIRST_NAME=<tenant first name>
#TENANT_LAST_NAME=<tenant last name>
## TENANT_TYPE= <Tenant type in tenant url same as in tenant discovery appliance url>
## Please use only alphanumeric value in COMPANY_NAME
COMPANY_NAME=
TENANT_EMAIL=
TENANT_FIRST_NAME=
TENANT_LAST_NAME=
TENANT_TYPE=
# Ensure that the value of COUNTRY is enclosed within double quotes
COUNTRY="Virgin Islands, U.S."

#SMTP Config
#SMTP_HOST=<SMTP host name of IP address accessible from cluster>
#SMTP_PORT=<SMTP server port, e.g. 25>
#SMTP_USERNAME=<SMTP user name>
#SMTP_FROM_EMAIL=<SMTP from email address>
#SMTP_TLS=<true/false>
#This below variable is used by portal team
#SMTP_AUTH=<PLAIN or LOGIN or NONE>
# If you use NONE it will not skip the validation of SMTP but it means that your organization allows you to send email without SMTP authentication.
# PLAIN or LOGIN is used when you have authenticated SMTP user and SMTP password
#This variable is used for getting report email to dahsboard team by default value is true
#SMTP_AUTH_DASHBOARD=<true or false>
#OPS_GROUP_EMAIL=<ops email address>
#APPROVAL_GROUP_EMAIL=<email address for approval>
SMTP_HOST=
SMTP_PORT=
#Ensure blank values for SMTP username password is in double quotes
SMTP_USERNAME=
SMTP_FROM_EMAIL=
## SMTP_TLS value can be true or false.
## If SMTP_TLS is set to true and certificate of SMTP_HOST is signed by a custom or self-signed CA then
## ensure to append custom or self-signed CA certificate (full CA chain) to commons/certs/custom_cacert.pem file.
SMTP_TLS=false
SMTP_AUTH_DASHBOARD=true
SMTP_AUTH=
OPS_GROUP_EMAIL=
APPROVAL_GROUP_EMAIL=

#storage class, set value as per storage class in cluster
#PG_STORAGE_CLASS=onprem-storage
#VMSTORAGE_STORAGE_CLASS=onprem-storage
#VMAGGSTORAGE_STORAGE_CLASS=onprem-storage
#ES_MASTER_STORAGE_CLASS=onprem-storage
#ES_DATA_STORAGE_CLASS=onprem-storage
#MINIO_STORAGE_CLASS=onprem-storage
#EFS_STORAGE_CLASS=onprem-storage
#REDIS_HA_GLOBAL_STORAGECLASS=onprem-storage
#KAFKA_STORAGECLASS=onprem-storage
#ESLOG_MASTER_STORAGE_CLASS=onprem-storage
#ESLOG_DATA_STORAGE_CLASS=onprem-storage
#AIOPS_STORAGE_CLASS=onprem-storage

PG_STORAGE_CLASS=
VMSTORAGE_STORAGE_CLASS=
VMAGGSTORAGE_STORAGE_CLASS=
ES_MASTER_STORAGE_CLASS=
ES_DATA_STORAGE_CLASS=
MINIO_STORAGE_CLASS=
EFS_STORAGE_CLASS=
REDIS_HA_GLOBAL_STORAGECLASS=
KAFKA_STORAGECLASS=
ESLOG_MASTER_STORAGE_CLASS=
ESLOG_DATA_STORAGE_CLASS=
AIOPS_STORAGE_CLASS=

#Optimize storage details
#OPT_STORAGE_CLASS=onprem-storage
OPT_STORAGE_CLASS=

#CUSTOM_CA_SIGNED_CERT_IN_USE=true/false
#if you are using self-signed/custom CA signed certificate please set it to true,
#also ensure you have copied custom CA certificate file at commons/certs directory with file name custom_cacert.pem i.e. commons/certs/custom_cacert.pem
CUSTOM_CA_SIGNED_CERT_IN_USE=false

# If there are no permissions to create ServiceAccount, Role, RoleBinding then, create a serviceaccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing default value of helix_onprem_sa.
# Ensure to create a role and rolebinding from file commons/yaml_files/role_rolebinding.yaml and a serviceAccount from file commons/yaml_files/serviceAccount.yaml.
# If there are permissions to create ServiceAccount, Role, RoleBinding then do not change CUSTOM_SERVICEACCOUNT_NAME from value helix-onprem-sa.
CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-sa

# If you want to use custom JAVA keystore for "RSSO SAML keystore configuration", then you must set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true
# and put the custom java keystore file at commons/certs directory with file name rsso_custom_java_keystore
# i.e. commons/certs/rsso_custom_java_keystore
# The file commons/certs/rsso_custom_java_keystore will be mounted inside RSSO container at location /etc/rsso_custom_java_keystore
# SAML Keystore - this is the Keystore used for reading SAML-specific certificates/keys. So, it's an application-level Keystore, used directly by the app.
# While JVM Keystore contains certificates for HTTPS connections, the SAML Keystore is used for storing signing and encryption certificates for communication with SAML v2 IdP.
RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE=false  

# Smart Graph
#SMART_SYSTEM_USERNAME=system
SMART_SYSTEM_USERNAME=""

# Ingress class used while deploying Ingress controller
INGRESS_CLASS=nginx

#Binary paths on your system
#HELM_BIN=/usr/local/bin/helm
#KUBECTL_BIN=/usr/bin/kubectl
HELM_BIN=
KUBECTL_BIN=
#OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp
#OC_BIN=/usr/local/sbin/oc
OC_BIN=

# Infra components will run with below Security Context.
# Below 3 variables are considered only for OpenShift cluster
# i.e. if CLUSTER_TYPE is openshift or ocp
# Set correct context as per the OpenShift namespace.
# Else RUN_AS_USER, RUN_AS_GROUP and FS_GROUP must be null.
RUN_AS_USER=null
RUN_AS_GROUP=null
FS_GROUP=null

# Optimize Security Context:
# OPT_FSGROUP must have value 87654321 if CLUSTER_TYPE is openshift or ocp and INSTALL_MODE is upgrade and fresh deployment was performed with 22.2.01 version
# Else OPT_FSGROUP must have value 1001
OPT_FSGROUP=1001

# If CLUSTER_TYPE is openshift or ocp  and INSTALL_MODE is fresh then ML_FSGROUP must be same as FS_GROUP mentioned above, else ML_FSGROUP must have value 998
ML_FSGROUP=998

################################### DO NOT CHANGE ANYTHING BELOW THIS LINE ##########################################

#Patroni Postgres config
PG_HOSTNAME=postgres-bmc-pg-ha-pool
PG_USER=postgres
PG_DATABASE=postgres


#Redis HA config
REDIS_HA_HOSTNAME=redis-redis-ha-haproxy

#Kafka & Zookeeper config
KAFKA_HOSTNAME=kafka
ZOOKEEPER_HOSTNAME=kafka-zookeeper

#RSSO Config
RSSO_PG_DB=ade_rsso

#Elasticsearch config
ES_EVENTS_HOSTNAME=elasticsearch-events-opendistro-es-data-svc
ES_LOGS_HOSTNAME=elasticsearch-logs-opendistro-es-data-svc

#MinIO config
MINIO_HOSTNAME=minio

# Misc
IMAGE_REGISTRY_SECRET=bmc-dtrhub
TENANT_PHONE=1234567890
LOGIN_ID=hannah_admin

Sample deployment.config file
#Common config begin
#Size of deployment, values are compact, small, medium, large, itsmcompact, and itsmsmall
DEPLOYMENT_SIZE=small

#Docker registry project details
IMAGE_REGISTRY_PROJECT=bmc
IMAGE_REGISTRY_ORG=lp0lz
CORE_IMAGE_REGISTRY_ORG=lp0lz
IA_IMAGE_REGISTRY_ORG=lp0oz
OPTIMIZE_IMAGE_REGISTRY_ORG=lp0pz
BHOM_IMAGE_REGISTRY_ORG=lp0mz
AIOPS_IMAGE_REGISTRY_ORG=la0cz

#Common config end

#Install mode as fresh or upgrade
INSTALL_MODE=fresh

#Flag controlling infra services installation
INFRA=yes

#Flag controlling individual infra services installation
_PTPOSTGRESS=yes
_KAFKA=yes
_REDIS=yes
_RSSO=yes
_VICTORIAMETRICS=yes
_ELASTICSEARCH=yes
_MINIO=yes

# Do not make changes to service flags it will break dependency
#Flag controlling helix dashboard services installation
HELIX_DASHBOARD_SERVICES=yes

#Flag controlling itsminsight services installation
ITSMINSIGHT_SERVICES=no

#Flag controlling aiops services installation
AIOPS_SERVICES=no

#Flag controlling monitor product installation
MONITOR=no

#Flag controlling intelligentintegrations services installation
INTELLI_INT_SERVICES=no

#Flag controlling intelligent automation product installation
INTELLIGENT_AUTOMATION=no

#Flag controlling bmc-helix-logging product installation
BMC_HELIX_LOGGING=yes

#Flag Controlling optimize installation
OPTIMIZE=no

#Flag AR Services installation
ARSERVICES=yes

Where to go from here

Next task

Back to process

If you are finished setting up the installation environment, return to the appropriate installation, update, or upgrade process:




 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*