Versions Compared

Version Old Version 3 New Version Current
Changes made by

author

author

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Note
titleNOTE!

- in case you already have postgres setup in your network, you can skip this part

- installation should be performed under the root user.

  1. To install PostgreSQL on Centos, install postgresql-server from yum repository

    Code Block
    languagebash
    yum install postgresql postgresql-server

    The initialize a new PostgreSQL installation

    Code Block
    languagebash
    postgresql-setup initdb

    If you need to install PostgreSQL in Ubuntu, you can use the following guide: https://wiki.postgresql.org/wiki/Apt

  2. By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network.

    To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf (on Centos) or /etc/postgresql/14/main/pg_hba.conf (on Ubuntu) and add the following lines:

    Code Block
    languagecss
    host    all     all     0.0.0.0/0       md5
host    all     all     ::0/0           md5

    It allows all users to connect from any host via TCP or SSL socket using hashed passwords.

    Remove lines that enable ident  connection to localhost:

    Code Block
    languagecss
    # IPv4 local connections:
host    all             all             127.0.0.1/32         ident
# IPv6 local connections:
host    all             all             ::1/128              ident

    To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf (on Centos) or /etc/postgresql/14/main/postgresql.conf (on Ubuntu), replace line:

    Code Block
    languagecss
    # listen_addresses = 'localhost'

    with

    Code Block
    languagecss
    listen_addresses = '*'


  3. enable and start postgresql server

    Code Block
    languagebash
    systemctl enable --now postgresql
systemctl status postgresql


...

  1. To install Consul on Centos, apply the following actions:

     - add HashiCorp repository:

    Code Block
    languagebash
        yum install -y yum-utils
    yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

     -  install consul from yum repository

    Code Block
    languagebash
    yum -y install consul

    In order to install Consul on Ubuntu, follow the steps from https://learn.hashicorp.com/tutorials/consul/deployment-guide?in=consul/production-deploy#configure-consul-agents

  2. generate Consul CA and server certificate and private key

    Code Block
    languagebash
    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout consul.key -out consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul'


    Note
    titleNOTE!
    - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' with your company identity


  3. configure consul as follows (/etc/consul.d/consul.json)

    Note

    Create consul.json file if missing in the directory.


    Code Block
    languagecss
    {
    "bind_addr": "{{GetInterfaceIP \"ens5\"}}",
    "bootstrap": true,
    "server": true,
    "addresses": {
        "https": "0.0.0.0"
    },
    "ports": {
        "http": -1,
        "https": 8501
    },
    "auto_encrypt": {
        "allow_tls": true,
        "tls": true
    },
    "client_addr": "0.0.0.0",
    "ui": true,
    "data_dir": "/var/lib/consul",
    "log_level": "INFO",
    "disable_update_check": true,
    "disable_anonymous_signature": true,
    "verify_server_hostname": false,
    "cert_file": "/etc/consul.d/consul.crt",
    "key_file": "/etc/consul.d/consul.key",
    "auto_encrypt": {
        "allow_tls": true
    }
}


    Note
    titleNOTE!
    - replace ens5 with your server's network interface


  4. remove or backup /etc/consul.d/consul.hcl

  5. remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service

    Code Block
    languagecss
    ConditionFileNotEmpty=/etc/consul.d/consul.hcl


  6. change ownership and permissions for /var/lib/consul and /etc/consul.d directories

    Code Block
    languagecss
    chown -R consul:consul /var/lib/consul
chmod -R 775 /var/lib/consul
chown -R consul:consul /etc/consul.d


  7. enable and start consul server:

    Code Block
    languagebash
    systemctl enable --now consul
systemctl start consul


  8. consul UI should be available on https://server_ip:8501/ui/

...

  1. download latest package from https://clientspace.b2bits.com/product-58 (e.g., fixicc-h2-21Q4.1-84.el7.x86_64.rpm or fixicc-h2-21Q4.1-84.el7.x86_64.deb)

  2. install rpm package fixicc-h2-21Q4.1-84.el7.x86_64.rpm on Centos
       

    Code Block
    languagebash
    rpm -i fixicc-h2-21Q4.1-84.el7.x86_64.rpm

    or install deb package on Ubuntu

    Code Block
    languagebash
    sudo dpkg -i fixicc-h2-21Q4.1-84.el7.x86_64.deb


  3. create a user and a database for FIXICC H2 in postgresql

    Code Block
    languagesql
    CREATE USER <DBUSER> WITH CREATEDB PASSWORD '<DBPASSWORD>';
CREATE DATABASE <DBNAME>;
GRANT ALL PRIVILEGES ON DATABASE <DBNAME> TO <DBUSER>;


  4. generate keystore for FIXICC-H2

    Code Block
    languagebash
    cd /etc/fixicc-h2/
keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore keystore.jks -storepass <STORE_PASSWORD> -keypass <KEY_PASSWORD> -ext 'SAN=IP:127.0.0.1'


  5. Edit /etc/fixicc-h2/local.app.properties and set properties as follows

    Code Block
    languagecss
    cuba.rest.anonymousEnabled = true
cuba.anonymousLogin = anonymous

cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = <DBUSERNAME>
cuba.dataSource.password = <DBPASSWORD>
cuba.dataSource.dbName = <DBNAME>
cuba.dataSource.host = 127.0.0.1
cuba.dataSource.port = 5432

fixicch2.consul.encrypted_connection = true
fixicch2.consul.host = 127.0.0.1
fixicch2.consul.port = 8501
fixicch2.consul.insecure_connection_enabled = true
fixicch2.fixServerType = all
fixicch2.consul.check.tls_skip_verify=true

fixicch2.secure_http_port = 8443
fixicch2.key_store_path = keystore.jks
fixicch2.trust_store_path = keystore.jks

fixicch2.prometheus.host = 127.0.0.1


  6. edit /usr/lib/systemd/system/fixicc-h2.service as follows

    Code Block
    languagecss
    [Unit]
Description=FIXICC-H2
After=syslog.target network.target

[Service]
Type=simple
User=<USER>
Group=<GROUP>
SuccessExitStatus=143
Environment=FIXICC_H2_KEY_STORE_PASSWORD=<PASSWORD> FIXICC_H2_KEY_MANAGER_PASSWORD=<PASSWORD> FIXICC_H2_TRUST_STORE_PASSWORD=<PASSWORD>
ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/21Q4.1/app.jar'
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target


    Note
    titleNOTE!
    - The path to app.jar on Ubuntu will be a bit different: /usr/lib/fixicc-h2/21Q4.1/app.jar


  7. enable and start fixicc-h2 server:

    Code Block
    languagebash
    systemctl enable --now fixicc-h2
systemctl start fixicc-h2


  8. FIXICC-H2 UI should be available on https://server_ip:8443/app/

...

  1. download latest package from https://clientspace.b2bits.com/product-36 (e.g., fixeye-agent-2.3.0.168-1.el7.x86_64.rpm or fixeye-agent-2.3.0.168-1.el7.x86_64.deb)

  2. install rpm package fixeye-agent-2.3.0.168-1.el7.x86_64.rpm on Centos
       

    Code Block
    languagebash
    rpm -i fixeye-agent-2.3.0.168-1.el7.x86_64.rpm

    or install deb package on Ubuntu

    Code Block
    languagebash
    sudo dpkg -i fixeye-agent-2.3.0.168-1.el7.x86_64.deb


  3. copy your fixeye-agent.license file into /etc/fixeye/ directory

  4. generate Fixeye CA and server certificate and private key

    Code Block
    languagebash
    openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout fixeye.key -out fixeye.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.fixeye'


    Note
    titleNOTE!
    - replace '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.fixeye' with your company identity


  5. edit /etc/fixeye/fixeye-agent.config as follows

    Code Block
    languagebash
    -rest-port 8882 -rest-pkey "/etc/fixeye/fixeye.key" -rest-cert "/etc/fixeye/fixeye.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge-java/*.in" "/var/lib/fixedge-java/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"


  6. add below in the end of /etc/fixeye/fixeye-agent.properties

    Code Block
    languagecss
    Consul.Enabled=true
Consul.Host=localhost
Consul.Port=8501
Consul.ReconnectInterval=1000
Consul.ServerName=ServerA
Consul.Services.Host=localhost
Consul.Services.HealthChecks.Interval=5
Consul.Services.HealthChecks.Timeout=5
Consul.SSL=true
Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt


  7. copy consul certificate

    Code Block
    languagebash
    cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt
chown -R fixeye:fixeye /etc/fixeye/


  8. enable and start fixeye-agent server:

    Code Block
    languagebash
    systemctl enable --now fixeye-agent
systemctl start fixeye-agent


...