Table of Contents |
---|
PostgreSQL installation and configuration
Note | ||
---|---|---|
| ||
- in case you already have postgres setup in your network, you can skip this part - installation should be performed under the root user. |
Install PostgreSQL from yum repository
Code Block language bash yum install -y postgresql postgresql-server
Initialize a new PostgreSQL installation
Code Block language bash postgresql-setup initdb
By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network
To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf and add the following lines:
Code Block language css host all all 0.0.0.0/0 md5 host all all ::0/0 md5
It allows all users to connect from any host via TCP or SSL socket using hashed passwords.
Remove lines that enable ident connection to localhost:
Code Block language css # IPv4 local connections: host all all 127.0.0.1/32 ident # IPv6 local connections: host all all ::1/128 ident
To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf , replace line:
Code Block language css # listen_addresses = 'localhost'
with
Code Block language css listen_addresses = '*'
Enable auto-start and start postgresql server (check service status)
Code Block language bash systemctl enable --now postgresql systemctl restatusstatus postgresql
Consul installation and configuration
Add HashiCorp repository:
Code Block language bash yum install -y yum-utils yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
Install consul from yum repository
Code Block language bash yum install -y install consul
Generate Consul certificate and private key
Code Block language bash openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/consul.d/consul.key -out /etc/consul.d/consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' chown consul:consul /etc/consul.d/*
Note title NOTE! - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' with your company identity Configure consul as follows (/etc/consul.d/consul.json)
Note title NOTE! Create consul.json file if missing in the directory. Code Block language css { "bind_addr": "{{GetInterfaceIP \"ens5\"}}", "bootstrap": true, "server": true, "addresses": { "https": "0.0.0.0" }, "ports": { "http": -1, "https": 8501 }, "auto_encrypt": { "allow_tls": true, "tls": true }, "client_addr": "0.0.0.0", "ui": true, "data_dir": "/var/lib/consul", "log_level": "INFO", "disable_update_check": true, "disable_anonymous_signature": true, "verify_server_hostname": false, "cert_file": "/etc/consul.d/consul.crt", "key_file": "/etc/consul.d/consul.key", "auto_encrypt": { "allow_tls": true } }
Note title NOTE! - replace ens5 with your server's network interface
- you can find your network interface id with `ifconfig` commandRemove or backup /etc/consul.d/consul.hcl
Create consul data directory
Code Block language bash mkdir /var/lib/consul chown consul:consul /var/lib/consul
Remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service
Code Block language css ConditionFileNotEmpty=/etc/consul.d/consul.hcl
Enable auto-start and start consul server :(check service status)
Code Block language bash systemctl enable --now consul systemctl startstatus consul
Consul UI should be available on https://server_ip:8501/ui/
FIXICC-H2 installation and configuration
Install dependencies
Code Block language bash yum install -y java-1.8.0-openjdk
- Download latest package from https://clientspace.b2bits.com/product-58 (fixicc-h2-22H1-87*.el7.x86_64.rpm)
Install rpm package fixicc-h2-22H1-87*.el7.x86_64.rpm
Code Block language bash rpm -i fixicc-h2-22H1-87*.el7.x86_64.rpm
Login into postgres server
Code Block language bash sudo -u postgres psql
Create a user and a database for FIXICC H2 in postgresql
Code Block language sql CREATE USER fixicch2 WITH CREATEDB PASSWORD 'fixicch2'; CREATE DATABASE fixicch2; GRANT ALL PRIVILEGES ON DATABASE fixicch2 TO fixicch2;
Exit psql console
Code Block language bash postgres=# \q
Generate keystore for FIXICC-H2
Code Block language bash keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2 chown fixicc-h2:fixicc-h2 /etc/fixicc-h2/keystore.jks
Edit /etc/fixicc-h2/local.app.properties and set properties as follows
Code Block language css cuba.rest.anonymousEnabled = true cuba.anonymousLogin = anonymous cuba.dbmsType = postgres cuba.dataSourceProvider = application cuba.dataSource.username = fixicch2 cuba.dataSource.password = fixicch2 cuba.dataSource.dbName = fixicch2 cuba.dataSource.host = 127.0.0.1 cuba.dataSource.port = 5432 fixicch2.consul.encrypted_connection = true fixicch2.consul.host = 127.0.0.1 fixicch2.consul.port = 8501 fixicch2.consul.insecure_connection_enabled = true fixicch2.fixServerType = all fixicch2.consul.check.tls_skip_verify=true fixicch2.secure_http_port = 8443 fixicch2.key_store_path = keystore.jks fixicch2.trust_store_path = keystore.jks
Edit /usr/lib/systemd/system/fixicc-h2.service as follows
Code Block language css [Unit] Description=FIXICC-H2 After=syslog.target network.target [Service] Type=simple User=fixicc-h2 Group=fixicc-h2 SuccessExitStatus=143 Environment=FIXICC_H2_KEY_STORE_PASSWORD=fixicch2 FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2 FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2 ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/22H1/app.jar' ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
Enable auto-start and start fixiccFIXICC-h2 server:H2 server (check service status)
Code Block language bash systemctl enable --now fixicc-h2 systemctl startstatus fixicc-h2
FIXICC-H2 UI should be available on https://server_ip:8443/app/
Note default user:password is admin:admin
FIXEdge installation and configuration
Install dependencies
Code Block language bash yum install -y libtool-ltdl
Note title NOTE for RHEL systems! - check whether /usr/lib64/libnsl.so.1 exists on your system (create symlink if needed `ln -s /usr/lib64/libnsl.so.2 /usr/lib64/libnsl.so.1`) - Download latest package from https://clientspace.b2bits.com/product-30 (fixedge-6.14.1-559.*.el7.x86_64.rpm)
Install rpm package fixedge-6.14.1-559.*.el7.x86_64.rpm
Code Block language bash rpm -i fixedge-6.14.1-559*.el7.x86_64.rpm
Copy your engine.license file into /etc/fixedge/ directory
Code Block language bash cp ./engine.license /etc/fixedge/
Add below config at the end of /etc/fixedge/FIXEdge.properties
Code Block language css # FIXICC-H2 Integration AdminRESTAPI.Enabled = true AdminRESTAPI.Port = 8903 AdminRESTAPI.HTTPSServer.PrivateKey = AdminRESTAPI.key AdminRESTAPI.HTTPSServer.Certificate = AdminRESTAPI.crt Components.Service.ConsulAPI = Consul Components.Service.ConsulAPI.Checks = Components.Service.ConsulAPI.Host = localhost Components.Service.ConsulAPI.Port = 8501 Components.Service.ConsulAPI.SSL = true Components.Service.ConsulAPI.SSL.CertificateAuthority = /etc/fixedge/consul.crt Components.Service.ConsulAPI.Services.Host = localhost Components.Component.ServiceDiscovery = ConsulAPI Components.Service.FIXICCH2 = configuration-service Components.Service.FIXICCH2.Host = 127.0.0.1 Components.Service.FIXICCH2.Port = 8443 Components.Service.FIXICCH2.SSL = true Components.Service.FIXICCH2.SSL.CertificateAuthority = /etc/fixedge/fixicc-h2.crt Components.Service.FIXICCH2.ReconnectInterval = 1000 Components.Component.Configuration = FIXICCH2
Copy consul certificate
Code Block language bash cp /etc/consul.d/consul.crt /etc/fixedge/consul.crt chown fixedge:fixedge /etc/fixedge/consul.crt
Extract fixicc-h2 certificate
Code Block language bash keytool -export -alias jetty -file /etc/fixicc-h2/fixicc-h2.der -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2 openssl x509 -inform der -in /etc/fixicc-h2/fixicc-h2.der -out /etc/fixicc-h2/fixicc-h2.crt cp /etc/fixicc-h2/fixicc-h2.crt /etc/fixedge/fixicc-h2.crt chown fixedge:fixedge /etc/fixedge/fixicc-h2.crt
Enable auto-start and start fixedge server:FIXEdge server (check service status)
Code Block language bash systemctl enable --now fixedge systemctl startstatus fixedge
- After startup fixedge server should appear in fixicc-h2 UI
FIXEye Agent installation and configuration
Note |
---|
FIXEye Agent installation instruction mentioned below is not applicable for RHEL systems. |
- Download latest package from https://clientspace.b2bits.com/product-36 (fixeye-agent-2.3.0.168-1.*.el7.x86_64.rpm)
Install rpm package fixeye-agent-2.3.0.168-1.*.el7.x86_64.rpm
Code Block language bash rpm -i fixeye-agent-2.3.0.168-1.*.el7.x86_64.rpm
Copy your fixeye-agent.license file into /etc/fixeye/ directory
Code Block language bash cp ./fixeye-agent.license /etc/fixeye/
Edit /etc/fixeye/fixeye-agent.config as follows
Code Block language bash -rest-port 8882 -rest-pkey "/etc/fixeye/AdminRESTAPI.key" -rest-cert "/etc/fixeye/AdminRESTAPI.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge/*.in" "/var/lib/fixedge/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"
Replace corresponding properties in /etc/fixeye/fixeye-agent.properties with the following
Code Block language css Consul.Enabled=true Consul.Host=localhost Consul.Port=8501 Consul.ReconnectInterval=1000 Consul.ServerName=FIXEdge1 Consul.Services.Host=localhost Consul.Services.HealthChecks.Interval=5 Consul.Services.HealthChecks.Timeout=5 Consul.SSL=true Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt
Copy consul certificate for fixeye
Code Block language bash cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt chown fixeye:fixeye /etc/fixeye/consul.crt
Copy consul RESTAPI certificate for fixeye
Code Block language bash cp /etc/fixedge/AdminRESTAPI.crt /etc/fixeye/AdminRESTAPI.crt cp /etc/fixedge/AdminRESTAPI.key /etc/fixeye/AdminRESTAPI.key chown fixeye:fixeye /etc/fixeye/AdminRESTAPI.crt chown fixeye:fixeye /etc/fixeye/AdminRESTAPI.key
Add fixeye user to the fixedge group
Code Block language bash usermod -a -G fixedge fixeye
Enable auto-start and start fixeye-agent server :(check service status)
Code Block language bash systemctl enable --now fixeye-agent systemctl start fixeye-agent
...