Versions Compared

Version Old Version 1 New Version Current
Changes made by

author

author

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

PostgreSQL installation and configuration

Note
titleNOTE!

- in case you already have postgres setup in your network, you can skip this part

- installation should be performed under the root user.

  1. To install PostgreSQL on Centos, install postgresql-server from yum repository

    Code Block
    languagebash
    yum install postgresql postgresql-server

    The initialize a new PostgreSQL installation

    Code Block
    languagebash
    postgresql-setup initdb

    If you need to install PostgreSQL in Ubuntu, you can use the following guide: https://wiki.postgresql.org/wiki/Apt

  2. By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network.

    To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf (on Centos) or /etc/postgresql/14/main/pg_hba.conf (on Ubuntu) and add the following lines:

    Code Block
    languagecss
    host    all     all     0.0.0.0/0       md5
host    all     all     ::0/0           md5

    It allows all users to connect from any host via TCP or SSL socket using hashed passwords.

    Remove lines that enable ident  connection to localhost:

    Code Block
    languagecss
    # IPv4 local connections:
host    all             all             127.0.0.1/32         ident
# IPv6 local connections:
host    all             all             ::1/128              ident

    To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf (on Centos) or /etc/postgresql/14/main/postgresql.conf (on Ubuntu), replace line:

    Code Block
    languagecss
    # listen_addresses = 'localhost'

    with

    Code Block
    languagecss
    listen_addresses = '*'


  3. enable and start postgresql server

    Code Block
    languagebash
    systemctl enable --now postgresql
systemctl status postgresql


Consul installation and configuration

  1. To install Consul on Centos, apply the following actions:

     - add HashiCorp repository:

    Code Block
    languagebash
        yum install -y yum-utils
    yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

     -  install consul from yum repository

    Code Block
    languagebash
    yum -y install consul

    In order to install Consul on Ubuntu, follow the steps from https://learn.hashicorp.com/tutorials/consul/deployment-guide?in=consul/production-deploy#configure-consul-agents

  2. generate Consul CA and server certificate and private key

    Code Block
    languagebash
    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout consul.key -out consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul'


    Note
    titleNOTE!
    - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' with your company identity


  3. configure consul as follows (/etc/consul.d/consul.json)

    Note

    Create consul.json file if missing in the directory.


    Code Block
    languagecss
    {
    "bind_addr": "{{GetInterfaceIP \"ens5\"}}",
    "bootstrap": true,
    "server": true,
    "addresses": {
        "https": "0.0.0.0"
    },
    "ports": {
        "http": -1,
        "https": 8501
    },
    "auto_encrypt": {
        "allow_tls": true,
        "tls": true
    },
    "client_addr": "0.0.0.0",
    "ui": true,
    "data_dir": "/var/lib/consul",
    "log_level": "INFO",
    "disable_update_check": true,
    "disable_anonymous_signature": true,
    "verify_server_hostname": false,
    "cert_file": "/etc/consul.d/consul.crt",
    "key_file": "/etc/consul.d/consul.key",
    "auto_encrypt": {
        "allow_tls": true
    }
}


    Note
    titleNOTE!
    - replace ens5 with your server's network interface


  4. remove or backup /etc/consul.d/consul.hcl

  5. remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service

    Code Block
    languagecss
    ConditionFileNotEmpty=/etc/consul.d/consul.hcl


  6. change ownership and permissions for /var/lib/consul and /etc/consul.d directories

    Code Block
    languagecss
    chown -R consul:consul /var/lib/consul
chmod -R 775 /var/lib/consul
chown -R consul:consul /etc/consul.d


  7. enable and start consul server:

    Code Block
    languagebash
    systemctl enable --now consul
systemctl start consul


  8. consul UI should be available on https://server_ip:8501/ui/

FIXICC-H2 installation and configuration

  1. download latest package from https://clientspace.b2bits.com/product-58 (e.g., fixicc-h2-21Q4.1-84.el7.x86_64.rpm or fixicc-h2-21Q4.1-84.el7.x86_64.deb)

  2. install rpm package fixicc-h2-21Q4.1-84.el7.x86_64.rpm on Centos
       

    Code Block
    languagebash
    rpm -i fixicc-h2-21Q4.1-84.el7.x86_64.rpm

    or install deb package on Ubuntu

    Code Block
    languagebash
    sudo dpkg -i fixicc-h2-21Q4.1-84.el7.x86_64.deb


  3. create a user and a database for FIXICC H2 in postgresql

    Code Block
    languagesql
    CREATE USER <DBUSER> WITH CREATEDB PASSWORD '<DBPASSWORD>';
CREATE DATABASE <DBNAME>;
GRANT ALL PRIVILEGES ON DATABASE <DBNAME> TO <DBUSER>;


  4. generate keystore for FIXICC-H2

    Code Block
    languagebash
    cd /etc/fixicc-h2/
keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore keystore.jks -storepass <STORE_PASSWORD> -keypass <KEY_PASSWORD> -ext 'SAN=IP:127.0.0.1'


  5. Edit /etc/fixicc-h2/local.app.properties and set properties as follows

    Code Block
    languagecss
    cuba.rest.anonymousEnabled = true
cuba.anonymousLogin = anonymous

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = <DBUSERNAME>
cuba.dataSource.password = <DBPASSWORD>
cuba.dataSource.dbName = <DBNAME>
cuba.dataSource.host = 127.0.0.1
cuba.dataSource.port = 5432

fixicch2.consul.encrypted_connection = true
fixicch2.consul.host = 127.0.0.1
fixicch2.consul.port = 8501
fixicch2.consul.insecure_connection_enabled = true
fixicch2.fixServerType = all
fixicch2.consul.check.tls_skip_verify=true

fixicch2.secure_http_port = 8443
fixicch2.key_store_path = keystore.jks
fixicch2.trust_store_path = keystore.jks

fixicch2.prometheus.host = 127.0.0.1


  6. edit /usr/lib/systemd/system/fixicc-h2.service as follows

    Code Block
    languagecss
    [Unit]
Description=FIXICC-H2
After=syslog.target network.target

[Service]
Type=simple
User=<USER>
Group=<GROUP>
SuccessExitStatus=143
Environment=FIXICC_H2_KEY_STORE_PASSWORD=<PASSWORD> FIXICC_H2_KEY_MANAGER_PASSWORD=<PASSWORD> FIXICC_H2_TRUST_STORE_PASSWORD=<PASSWORD>
ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/21Q4.1/app.jar'
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target


    Note
    titleNOTE!
    - The path to app.jar on Ubuntu will be a bit different: /usr/lib/fixicc-h2/21Q4.1/app.jar


  7. enable and start fixicc-h2 server:

    Code Block
    languagebash
    systemctl enable --now fixicc-h2
systemctl start fixicc-h2


  8. FIXICC-H2 UI should be available on https://server_ip:8443/app/

FEJ installation (rpm or deb package) and configuration

  1. download latest package from https://clientspace.b2bits.com/product-42 (e.g., fixedge-java-1.9.1-1.el7.x86_64.rpm or fixedge-java_1.9.1_amd64.deb)

  2. install rpm package fixedge-java-1.9.1-1.el7.x86_64.rpm on Centos

    Code Block
    languagebash
    rpm -i fixedge-java-1.9.1-1.el7.x86_64.rpm

    or install deb package on Ubuntu

    Code Block
    languagebash
    sudo dpkg -i fixedge-java_1.9.1_amd64.deb


  3. copy your fixaj2-license.bin file into your /etc/fixedge-java directory

  4. in /etc/fixedge-java/fixedge.properties replace the line

    Code Block
    languagebash
    #rest.service.name=REST-AdminAPI

    with 

    Code Block
    languagebash
    rest.service.name=REST-AdminAPI

    and replace the line

    Code Block
    languagebash
    metrics.enable=false

    with 

    Code Block
    languagebash
    metrics.enable=true


    then replace Discovery Service Configuration section with the following one:

    Code Block
    languagecss
    ###################################################################
#################  DISCOVERY SERVICE CONFIGURATION  ###############
###################################################################
# Name of server, if it is not empty, server will be registered in Discovery by this name. Otherwise, it will not be registered.
server.name=ServerA
# Name of protocol, used for server registration in Service Discovery
protocol.name=FIX

service.discovery.enabled=true

# Health check interval (Service Discovery)
service.discovery.healthcheck.interval=10

# Service Discovery attempt period, milliseconds
service.discovery.attempt.period=10000

# To use original sessionConfigManager and scheduleConfigManager beans set 'false' or comment it
# To use fixxicch2 session and schedule config managers set 'true'
server.useFixicch2ConfigManager=true
server.useFixicch2RoutingConfigManager=true

fixicch2.enable=true

# Fixicch2 service name in Service Discovery
fixicch2.service=FIXICC-H2-Secure

# Fixicch2 URL prefix if Service Discovery is used to define IP and port
fixicch2.url.prefix=https

# Timeout for attempts to connect to Service Discovery, mc
fixicch2.service.discovery.connection.timeout=60000

# Max time to wait Service Discovery Fixicc H2 health status update, min
fixicch2.service.discovery.status.update.timeout=10

# Pause to reconnect to FIXICC H2 URL in case of errors, mc
fixicch2.reconnect.pause=2000

fixicch2.reconnect.attempt=3

consul.host = 127.0.0.1
consul.port = 8501
server.checkHost = 127.0.0.1

# True if insecure connection through https to FIXICC H2 is enabled.
fixicch2.insecure.connection.enabled=false

# FIXICC H2 client keystore properties
fixicch2.keystore.path=/etc/fixedge-java/ssl/fixicch2/keystore.jks
fixicch2.keystore.password=<PASSWORD>

service.discovery.encrypted.connection=true
service.discovery.insecure.connection.enabled=true

fixicch2.cache.path=/var/log/fixedge-java/cache


  5. copy fixicc-h2 keystore

    Code Block
    languagebash
    cp /etc/fixicc-h2/keystore.jks /etc/fixedge-java/ssl/fixicch2/keystore.jks 
chown fixedge-java:fixedge-java /etc/fixedge-java/ssl/fixicch2/keystore.jks


  6. enable and start fej server:

    Code Block
    languagebash
    systemctl enable --now cd /usr/bin/fixedge-java
systemctl start fixedge-java/
./FIXEdgeJ


  7. after startup fej server should appear in fixicc-h2 UI

FEJ installation (zip) and configuration

  1. download latest package from https://clientspace.b2bits.com/product-42 (e.g., fixedge-java-1.9.1.zip)

  2. unzip fixedge-java-1.9.1.zip

    Code Block
    languagebash
    unzip fixedgej-1.9.1 /etc
mv /etc/fixedgej-1.9.1 /etc/fixedge-java


  3. copy your fixaj2-license.bin file into your /etc/fixedge-java/conf directory

  4. in /etc/fixedge-java/conf/fixedge.properties replace the line

    Code Block
    languagebash
    #rest.service.name=REST-AdminAPI

    with 

    Code Block
    languagebash
    rest.service.name=REST-AdminAPI

    and replace the line

    Code Block
    languagebash
    metrics.enable=false

    with 

    Code Block
    languagebash
    metrics.enable=true

    then replace Discovery Service Configuration section with the following one:

    Code Block
    languagecss
    ###################################################################
#################  DISCOVERY SERVICE CONFIGURATION  ###############
###################################################################
# Name of server, if it is not empty, server will be registered in Discovery by this name. Otherwise, it will not be registered.
server.name=ServerA
# Name of protocol, used for server registration in Service Discovery
protocol.name=FIX

service.discovery.enabled=true

# Health check interval (Service Discovery)
service.discovery.healthcheck.interval=10

# Service Discovery attempt period, milliseconds
service.discovery.attempt.period=10000

# To use original sessionConfigManager and scheduleConfigManager beans set 'false' or comment it
# To use fixxicch2 session and schedule config managers set 'true'
server.useFixicch2ConfigManager=true
server.useFixicch2RoutingConfigManager=true

fixicch2.enable=true

# Fixicch2 service name in Service Discovery
fixicch2.service=FIXICC-H2-Secure

# Fixicch2 URL prefix if Service Discovery is used to define IP and port
fixicch2.url.prefix=https

# Timeout for attempts to connect to Service Discovery, mc
fixicch2.service.discovery.connection.timeout=60000

# Max time to wait Service Discovery Fixicc H2 health status update, min
fixicch2.service.discovery.status.update.timeout=10

# Pause to reconnect to FIXICC H2 URL in case of errors, mc
fixicch2.reconnect.pause=2000

fixicch2.reconnect.attempt=3

consul.host = 127.0.0.1
consul.port = 8501
server.checkHost = 127.0.0.1

# True if insecure connection through https to FIXICC H2 is enabled.
fixicch2.insecure.connection.enabled=false

# FIXICC H2 client keystore properties
fixicch2.keystore.path=/etc/fixedge-java/conf/ssl/fixicch2/keystore.jks
fixicch2.keystore.password=<PASSWORD>

service.discovery.encrypted.connection=true
service.discovery.insecure.connection.enabled=true

fixicch2.cache.path=/etc/fixedge-java/logs/cache


  5. add group and user fixedge-java


    Code Block
    languagebash
    sudo groupadd --system fixedge-java
sudo useradd -s /sbin/nologin --system -g fixedge-java fixedge-java


  6. copy fixicc-h2 keystore

    Code Block
    languagebash
    cp /etc/fixicc-h2/keystore.jks /etc/fixedge-java/conf/ssl/fixicch2/keystore.jks 
chown -R fixedge-java:fixedge-java /etc/fixedge-java/


  7. add new file /etc/systemd/system/fixedge-java.service:

    Code Block
    languagebash
    [Unit]
Description=Fixedge-java
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
User=fixedge-java
Group=fixedge-java
ExecReload=/bin/kill -HUP \$MAINPID
ExecStart=/etc/fixedge-java/bin/runConsole.shFIXEdgeJ

SyslogIdentifier=fixedge-java
Restart=always

[Install]
WantedBy=multi-user.target


  8. enable and start fej server:

    Code Block
    languagebash
    systemctl enable --now fixedge-java
systemctl start fixedge-java


  9. after startup fej server should appear in fixicc-h2 UI

Prometheus installation and configuration

  1. To install Prometheus on Ubuntu, follow the following guide: https://computingforgeeks.com/install-prometheus-server-on-debian-ubuntu-linux/

  2. add below in the end of /etc/prometheus/prometheus.yml:

    Code Block
    languagebash
      - job_name: 'serverA'
    metrics_path: /prometheus/metrics
    scheme: https
    tls_config:
        insecure_skip_verify: true
    static_configs:
    - targets: ['127.0.0.1:9010']


FIXEye Agent installation and configuration

Note

FIXEye Agent installation instruction mentioned below is not applicable for RHEL systems.

  1. download latest package from https://clientspace.b2bits.com/product-36 (e.g., fixeye-agent-2.3.0.168-1.el7.x86_64.rpm or fixeye-agent-2.3.0.168-1.el7.x86_64.deb)

  2. install rpm package fixeye-agent-2.3.0.168-1.el7.x86_64.rpm on Centos
       

    Code Block
    languagebash
    rpm -i fixeye-agent-2.3.0.168-1.el7.x86_64.rpm

    or install deb package on Ubuntu

    Code Block
    languagebash
    sudo dpkg -i fixeye-agent-2.3.0.168-1.el7.x86_64.deb


  3. copy your fixeye-agent.license file into /etc/fixeye/ directory

  4. generate Fixeye CA and server certificate and private key

    Code Block
    languagebash
    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout fixeye.key -out fixeye.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.fixeye'


    Note
    titleNOTE!
    - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.fixeye' with your company identity


  5. edit /etc/fixeye/fixeye-agent.config as follows

    Code Block
    languagebash
    -rest-port 8882 -rest-pkey "/etc/fixeye/fixeye.key" -rest-cert "/etc/fixeye/fixeye.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge-java/*.in" "/var/lib/fixedge-java/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"


  6. add below in the end of /etc/fixeye/fixeye-agent.properties

    Code Block
    languagecss
    Consul.Enabled=true
Consul.Host=localhost
Consul.Port=8501
Consul.ReconnectInterval=1000
Consul.ServerName=ServerA
Consul.Services.Host=localhost
Consul.Services.HealthChecks.Interval=5
Consul.Services.HealthChecks.Timeout=5
Consul.SSL=true
Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt


  7. copy consul certificate

    Code Block
    languagebash
    cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt
chown -R fixeye:fixeye /etc/fixeye/


  8. enable and start fixeye-agent server:

    Code Block
    languagebash
    systemctl enable --now fixeye-agent
systemctl start fixeye-agent


...