Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

PostgreSQL installation and configuration

NOTE!

  • in case you already have postgres setup in your network, you can skip this part

  • installation should be performed under the root user.

  1. Install PostgreSQL from yum repository

    yum install -y postgresql postgresql-server

  2. Initialize a new PostgreSQL installation

    postgresql-setup initdb

  3. By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network

    To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf and add the following lines:

    host    all     all     0.0.0.0/0       md5
    host    all     all     ::0/0           md5

    It allows all users to connect from any host via TCP or SSL socket using hashed passwords.

    Remove lines that enable ident connection to localhost:

    # IPv4 local connections:
    host    all             all             127.0.0.1/32         ident
    # IPv6 local connections:
    host    all             all             ::1/128              ident

    To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf , replace line:

    # listen_addresses = 'localhost'

    with

    listen_addresses = '*'

  4. Enable auto-start and start postgresql server (check service status)

    systemctl enable --now postgresql
    systemctl status postgresql

FIXICC-H2 installation and configuration

  1. Install dependencies

    yum install -y java-1.8.0-openjdk

  2. Download latest package from https://clientspace.b2bits.com/product-58 (fixicc-h2-*.el7.x86_64.rpm)

  3. Install rpm package fixicc-h2-*.el7.x86_64.rpm

    rpm -i fixicc-h2-*.el7.x86_64.rpm

  4. Login into postgres server

    sudo -u postgres psql

  5. Create a user and a database for FIXICC H2 in postgresql

    CREATE USER fixicch2 WITH CREATEDB PASSWORD 'fixicch2';
    CREATE DATABASE fixicch2;
    GRANT ALL PRIVILEGES ON DATABASE fixicch2 TO fixicch2;

  6. Exit psql console

    postgres=# \q

  7. Generate keystore for FIXICC-H2

    keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2
    chown fixicc-h2:fixicc-h2 /etc/fixicc-h2/keystore.jks

  8. Edit /etc/fixicc-h2/local.app.properties and set properties as follows

    cuba.rest.anonymousEnabled = true
    cuba.anonymousLogin = anonymous

    cuba.dbmsType = postgres
    cuba.dataSourceProvider = application
    cuba.dataSource.username = fixicch2
    cuba.dataSource.password = fixicch2
    cuba.dataSource.dbName = fixicch2
    cuba.dataSource.host = 127.0.0.1
    cuba.dataSource.port = 5432

    fixicch2.fixServerType = all
    fixicch2.consulEnabled=false
    fixicch2.secure_http_port = 8443
    fixicch2.key_store_path = keystore.jks
    fixicch2.trust_store_path = keystore.jks

  9. Edit /usr/lib/systemd/system/fixicc-h2.service as follows (NOTE: there is a version number in the file path, please specify the current version of FIXICCH2, e.g. 23Q1)

    [Unit]
    Description=FIXICC-H2
    After=syslog.target network.target
     
    [Service]
    Type=simple
    User=fixicc-h2
    Group=fixicc-h2
    SuccessExitStatus=143
    Environment=FIXICC_H2_KEY_STORE_PASSWORD=fixicch2 FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2 FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
    ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/22H1/app.jar'
    ExecReload=/bin/kill -HUP $MAINPID
     
    [Install]
    WantedBy=multi-user.target

  10. Enable auto-start and start FIXICC-H2 server (check service status)

    systemctl enable --now fixicc-h2
    systemctl status fixicc-h2

  11. FIXICC-H2 UI should be available on https://server_ip:8443/app/

Default user:password is admin:admin

FIXEdge installation and configuration

  1. Install dependencies

    yum install -y libtool-ltdl

NOTE for RHEL systems!

  1. check whether /usr/lib64/libnsl.so.1 exists on your system (create symlink if needed `ln -s /usr/lib64/libnsl.so.2 /usr/lib64/libnsl.so.1`)

  1. Download latest package from https://clientspace.b2bits.com/product-30 (fixedge-*.el7.x86_64.rpm)

  2. Install rpm package fixedge-*.el7.x86_64.rpm

    rpm -i fixedge-*.el7.x86_64.rpm

  3. Copy your engine.license file into /etc/fixedge/ directory

    cp ./engine.license /etc/fixedge/

  4. Add below config at the end of /etc/fixedge/FIXEdge.properties

    # FIXICC-H2 Integration
    AdminRESTAPI.Enabled = true
    AdminRESTAPI.Port = 8903
    AdminRESTAPI.HTTPSServer.PrivateKey = AdminRESTAPI.key
    AdminRESTAPI.HTTPSServer.Certificate = AdminRESTAPI.crt

    Components.Service.FIXICCH2 = configuration-service
    Components.Service.FIXICCH2.Host = 127.0.0.1
    Components.Service.FIXICCH2.Port = 8443
    Components.Service.FIXICCH2.SSL = true
    Components.Service.FIXICCH2.SSL.CertificateAuthority = /etc/fixedge/fixicc-h2.crt
    Components.Service.FIXICCH2.ReconnectInterval = 1000
    Components.Component.Configuration = FIXICCH2

  5. Extract fixicc-h2 certificate

    keytool -export -alias jetty -file /etc/fixicc-h2/fixicc-h2.der -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2
    openssl x509 -inform der -in /etc/fixicc-h2/fixicc-h2.der -out /etc/fixicc-h2/fixicc-h2.crt
    cp /etc/fixicc-h2/fixicc-h2.crt /etc/fixedge/fixicc-h2.crt
    chown fixedge:fixedge /etc/fixedge/fixicc-h2.crt

  6. Enable auto-start and start FIXEdge server (check service status)

    systemctl enable --now fixedge
    systemctl status fixedge

  7. After startup fixedge server navigate to "Show all servers" and you will see "Misbehaving" status for the FIXEdge1 server. Press on "Edit" button and provide the parameters like below, Then, press "OK":

image-20240820-115336.png

FIXEye Agent installation and configuration

FIXEye Agent installation instruction mentioned below is not applicable for RHEL systems.

  1. Download latest package from https://clientspace.b2bits.com/product-36 (fixeye-agent-*.el7.x86_64.rpm)

  2. Install rpm package fixeye-agent-*.el7.x86_64.rpm

    rpm -i fixeye-agent-*.el7.x86_64.rpm

  3. Copy your fixeye-agent.license file into /etc/fixeye/ directory

    cp ./fixeye-agent.license /etc/fixeye/

  4. Edit /etc/fixeye/fixeye-agent.config as follows

    -rest-port 8882 -rest-pkey "/etc/fixeye/AdminRESTAPI.key" -rest-cert "/etc/fixeye/AdminRESTAPI.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge/*.in" "/var/lib/fixedge/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"

  5. Copy RESTAPI certificate for fixeye

    cp /etc/fixedge/AdminRESTAPI.crt /etc/fixeye/AdminRESTAPI.crt
    cp /etc/fixedge/AdminRESTAPI.key /etc/fixeye/AdminRESTAPI.key
    chown fixeye:fixeye /etc/fixeye/AdminRESTAPI.crt
    chown fixeye:fixeye /etc/fixeye/AdminRESTAPI.key

  6. Add fixeye user to the fixedge group

    usermod -a -G fixedge fixeye

  7. Enable auto-start and start fixeye-agent server (check service status)

    systemctl enable --now fixeye-agent
    systemctl start fixeye-agent

  • No labels