Versions Compared

Old Version 8

changes.mady.by.user AntonA

Saved on

compared with

New Version Current

changes.mady.by.user author

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

PostgreSQL installation and configuration

Note
titleNOTE!

- in case you already have postgres setup in your network, you can skip this part

- installation should be performed under the root user.

  1. Install PostgreSQL from yum repository

    Code Block
    languagebash
    yum install -y postgresql postgresql-server


  2. Initialize a new PostgreSQL installation

    Code Block
    languagebash
    postgresql-setup initdb


  3. By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network

    To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf and add the following lines:

    Code Block
    languagecss
    host    all     all     0.0.0.0/0       md5
host    all     all     ::0/0           md5

    It allows all users to connect from any host via TCP or SSL socket using hashed passwords.

    Remove lines that enable ident connection to localhost:

    Code Block
    languagecss
    # IPv4 local connections:
host    all             all             127.0.0.1/32         ident
# IPv6 local connections:
host    all             all             ::1/128              ident

    To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf , replace line:

    Code Block
    languagecss
    # listen_addresses = 'localhost'

    with

    Code Block
    languagecss
    listen_addresses = '*'


  4. Enable auto-start and start postgresql server (check service status)

    Code Block
    languagebash
    systemctl enable --now postgresql
systemctl status postgresql


Consul installation and configuration

  1. Add HashiCorp repository:

    Code Block
    languagebash
    yum install -y yum-utils
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo


  2. Install consul from yum repository

    Code Block
    languagebash
    yum install -y consul


  3. Generate Consul certificate and private key

    Code Block
    languagebash
    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/consul.d/consul.key -out /etc/consul.d/consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul'
chown consul:consul /etc/consul.d/*


    Note
    titleNOTE!
    - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' with your company identity


  4. Configure consul as follows (/etc/consul.d/consul.json)

    Note
    titleNOTE!
    Create consul.json file if missing in the directory.


    Code Block
    languagecss
    {
    "bind_addr": "{{GetInterfaceIP \"ens5\"}}",
    "bootstrap": true,
    "server": true,
    "addresses": {
        "https": "0.0.0.0"
    },
    "ports": {
        "http": -1,
        "https": 8501
    },
    "auto_encrypt": {
        "allow_tls": true,
        "tls": true
    },
    "client_addr": "0.0.0.0",
    "ui": true,
    "data_dir": "/var/lib/consul",
    "log_level": "INFO",
    "disable_update_check": true,
    "disable_anonymous_signature": true,
    "verify_server_hostname": false,
    "cert_file": "/etc/consul.d/consul.crt",
    "key_file": "/etc/consul.d/consul.key",
    "auto_encrypt": {
        "allow_tls": true
    }
}



    Note
    titleNOTE!
    - replace ens5 with your server's network interface
    - you can find your network interface id with `ifconfig` command



  5. Remove or backup /etc/consul.d/consul.hcl

  6. Create consul data directory

    Code Block
    languagebash
    mkdir /var/lib/consul
chown consul:consul /var/lib/consul


  7. Remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service

    Code Block
    languagecss
    ConditionFileNotEmpty=/etc/consul.d/consul.hcl


  8. Enable auto-start and start consul server (check service status)

    Code Block
    languagebash
    systemctl enable --now consul
systemctl status consul


  9. Consul UI should be available on https://server_ip:8501/ui/

FIXICC-H2 installation and configuration

  1. Install dependencies

    Code Block
    languagebash
    yum install -y java-1.8.0-openjdk


  2. Download latest package from https://clientspace.b2bits.com/product-58 (fixicc-h2-*.el7.x86_64.rpm)

  3. Install rpm package fixicc-h2-*.el7.x86_64.rpm
        

    Code Block
    languagebash
    rpm -i fixicc-h2-*.el7.x86_64.rpm


  4. Login into postgres server

    Code Block
    languagebash
    sudo -u postgres psql


  5. Create a user and a database for FIXICC H2 in postgresql

    Code Block
    languagesql
    CREATE USER fixicch2 WITH CREATEDB PASSWORD 'fixicch2';
CREATE DATABASE fixicch2;
GRANT ALL PRIVILEGES ON DATABASE fixicch2 TO fixicch2;


  6. Exit psql console

    Code Block
    languagebash
    postgres=# \q


  7. Generate keystore for FIXICC-H2

    Code Block
    languagebash
    keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2
chown fixicc-h2:fixicc-h2 /etc/fixicc-h2/keystore.jks


  8. Edit /etc/fixicc-h2/local.app.properties and set properties as follows

    Code Block
    languagecss
    cuba.rest.anonymousEnabled = true
cuba.anonymousLogin = anonymous

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = fixicch2
cuba.dataSource.password = fixicch2
cuba.dataSource.dbName = fixicch2
cuba.dataSource.host = 127.0.0.1
cuba.dataSource.port = 5432

fixicch2.consul.encrypted_connection = true
fixicch2.consul.host = 127.0.0.1
fixicch2.consul.port = 8501
fixicch2.consul.insecure_connection_enabled = true
fixicch2.fixServerType = all
fixicch2.consul.check.tls_skip_verify=true

fixicch2.secure_http_port = 8443
fixicch2.key_store_path = keystore.jks
fixicch2.trust_store_path = keystore.jks


  9. Edit /usr/lib/systemd/system/fixicc-h2.service as follows

    Code Block
    languagecss
    [Unit]
Description=FIXICC-H2
After=syslog.target network.target

[Service]
Type=simple
User=fixicc-h2
Group=fixicc-h2
SuccessExitStatus=143
Environment=FIXICC_H2_KEY_STORE_PASSWORD=fixicch2 FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2 FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/22H1/app.jar'
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target


  10. Enable auto-start and start FIXICC-H2 server (check service status)

    Code Block
    languagebash
    systemctl enable --now fixicc-h2
systemctl status fixicc-h2


  11. FIXICC-H2 UI should be available on https://server_ip:8443/app/

    Note

    default user:password is admin:admin

FIXEdge installation and configuration

  1. Install dependencies

    Code Block
    languagebash
    yum install -y libtool-ltdl


    Note
    titleNOTE for RHEL systems!
    - check whether /usr/lib64/libnsl.so.1 exists on your system (create symlink if needed `ln -s /usr/lib64/libnsl.so.2 /usr/lib64/libnsl.so.1`)


  2. Download latest package from https://clientspace.b2bits.com/product-30 (fixedge-*.el7.x86_64.rpm)

  3. Install rpm package fixedge-*.el7.x86_64.rpm

    Code Block
    languagebash
    rpm -i fixedge-*.el7.x86_64.rpm


  4. Copy your engine.license file into /etc/fixedge/ directory

    Code Block
    languagebash
    cp ./engine.license /etc/fixedge/


  5. Add below config at the end of /etc/fixedge/FIXEdge.properties

    Code Block
    languagecss
    # FIXICC-H2 Integration
AdminRESTAPI.Enabled = true
AdminRESTAPI.Port = 8903
AdminRESTAPI.HTTPSServer.PrivateKey = AdminRESTAPI.key
AdminRESTAPI.HTTPSServer.Certificate = AdminRESTAPI.crt
Components.Service.ConsulAPI = Consul
Components.Service.ConsulAPI.Checks =
Components.Service.ConsulAPI.Host = localhost
Components.Service.ConsulAPI.Port = 8501
Components.Service.ConsulAPI.SSL = true
Components.Service.ConsulAPI.SSL.CertificateAuthority = /etc/fixedge/consul.crt
Components.Service.ConsulAPI.Services.Host = localhost
Components.Component.ServiceDiscovery = ConsulAPI
Components.Service.FIXICCH2 = configuration-service
Components.Service.FIXICCH2.Host = 127.0.0.1
Components.Service.FIXICCH2.Port = 8443
Components.Service.FIXICCH2.SSL = true
Components.Service.FIXICCH2.SSL.CertificateAuthority = /etc/fixedge/fixicc-h2.crt
Components.Service.FIXICCH2.ReconnectInterval = 1000
Components.Component.Configuration = FIXICCH2


  6. Copy consul certificate

    Code Block
    languagebash
    cp /etc/consul.d/consul.crt /etc/fixedge/consul.crt
chown fixedge:fixedge /etc/fixedge/consul.crt


  7. Extract fixicc-h2 certificate

    Code Block
    languagebash
    keytool -export -alias jetty -file /etc/fixicc-h2/fixicc-h2.der -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2
openssl x509 -inform der -in /etc/fixicc-h2/fixicc-h2.der -out /etc/fixicc-h2/fixicc-h2.crt
cp /etc/fixicc-h2/fixicc-h2.crt /etc/fixedge/fixicc-h2.crt
chown fixedge:fixedge /etc/fixedge/fixicc-h2.crt


  8. Enable auto-start and start FIXEdge server (check service status)

    Code Block
    languagebash
    systemctl enable --now fixedge
systemctl status fixedge


  9. After startup fixedge server should appear in fixicc-h2 UI

FIXEye Agent installation and configuration

Note

FIXEye Agent installation instruction mentioned below is not applicable for RHEL systems.

...