PostgreSQL installation and configuration

1. Install PostgreSQL from yum repository

   yum install -y postgresql postgresql-server

2. Initialize a new PostgreSQL installation

   postgresql-setup initdb

3. By default PostgreSQL server is only accessible via Unix Domain Sockets or loopback IP interface (127.0.0.1) to the local users, the users are authenticated by the operating system, i.e. the OS user postgres can connect as PostreSQL user postgres without any additional authentication from the PostgreSQL server side. To allow PgAdmin4 and FIXICC H2 to work we need to enable access via a network

   To enable network access to PostgreSQL server edit file /var/lib/pgsql/data/pg_hba.conf and add the following lines:

   host    all     all     0.0.0.0/0       md5 host    all     all     ::0/0           md5

   It allows all users to connect from any host via TCP or SSL socket using hashed passwords.

   Remove lines that enable ident connection to localhost:

   # IPv4 local connections: host    all             all             127.0.0.1/32         ident # IPv6 local connections: host    all             all             ::1/128              ident

   To enable listening of all network interfaces edit file /var/lib/pgsql/data/postgresql.conf , replace line:

   # listen_addresses = 'localhost'

   with

   listen_addresses = '*'

4. Enable auto-start and start postgresql server (check service status)

   systemctl enable --now postgresql systemctl status postgresql

Consul installation and configuration

1. Add HashiCorp repository:

   yum install -y yum-utils yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

2. Install consul from yum repository

   yum install -y consul

3. Generate Consul certificate and private key

   openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/consul.d/consul.key -out /etc/consul.d/consul.crt -subj '/C=RU/L=Saratov/O=EPAM/OU=BFIX/CN=fixicch2.consul' chown consul:consul /etc/consul.d/*

4. Configure consul as follows (/etc/consul.d/consul.json)

   { "bind_addr": "{{GetInterfaceIP \"ens5\"}}", "bootstrap": true, "server": true, "addresses": { "https": "0.0.0.0" }, "ports": { "http": -1, "https": 8501 }, "auto_encrypt": { "allow_tls": true, "tls": true }, "client_addr": "0.0.0.0", "ui": true, "data_dir": "/var/lib/consul", "log_level": "INFO", "disable_update_check": true, "disable_anonymous_signature": true, "verify_server_hostname": false, "cert_file": "/etc/consul.d/consul.crt", "key_file": "/etc/consul.d/consul.key", "auto_encrypt": { "allow_tls": true } }

    

    

    

    

5. Remove or backup /etc/consul.d/consul.hcl

6. Create consul data directory

   mkdir /var/lib/consul chown consul:consul /var/lib/consul

7. Remove ConditionFileNotEmpty in /usr/lib/systemd/system/consul.service

   ConditionFileNotEmpty=/etc/consul.d/consul.hcl

8. Enable auto-start and start consul server (check service status)

   systemctl enable --now consul systemctl status consul

9. Consul UI should be available on https://server_ip:8501/ui/
   

FIXICC-H2 installation and configuration

1. Install dependencies

   yum install -y java-1.8.0-openjdk

2. Download latest package from https://clientspace.b2bits.com/product-58 (fixicc-h2-*.el7.x86_64.rpm)

3. Install rpm package fixicc-h2-*.el7.x86_64.rpm
       

   rpm -i fixicc-h2-*.el7.x86_64.rpm

4. Login into postgres server

   sudo -u postgres psql

5. Create a user and a database for FIXICC H2 in postgresql
   Postgres version <= 14

   CREATE USER fixicch2 WITH CREATEDB PASSWORD 'fixicch2'; CREATE DATABASE fixicch2; GRANT ALL PRIVILEGES ON DATABASE fixicch2 TO fixicch2;

   Postgres version >= 15

   CREATE USER fixicch2 WITH CREATEDB PASSWORD 'fixicch2'; CREATE DATABASE fixicch2; GRANT ALL PRIVILEGES ON DATABASE fixicch2 TO fixicch2; \connect fixicch2 GRANT ALL ON SCHEMA public TO fixicch2;

6. Exit psql console

   postgres=# \q

7. Generate keystore for FIXICC-H2

   keytool -genkey -noprompt -alias jetty -keyalg RSA -dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown' -keystore /etc/fixicc-h2/keystore.jks -storepass fixicch2 -keypass fixicch2 chown fixicc-h2:fixicc-h2 /etc/fixicc-h2/keystore.jks

8. Edit /etc/fixicc-h2/local.app.properties and set properties as follows

   cuba.rest.anonymousEnabled = true cuba.anonymousLogin = anonymous cuba.dbmsType = postgres cuba.dataSourceProvider = application cuba.dataSource.username = fixicch2 cuba.dataSource.password = fixicch2 cuba.dataSource.dbName = fixicch2 cuba.dataSource.host = 127.0.0.1 cuba.dataSource.port = 5432 fixicch2.consul.encrypted_connection = true fixicch2.consul.host = 127.0.0.1 fixicch2.consul.port = 8501 fixicch2.consul.insecure_connection_enabled = true fixicch2.fixServerType = all fixicch2.consul.check.tls_skip_verify=true fixicch2.secure_http_port = 8443 fixicch2.key_store_path = keystore.jks fixicch2.trust_store_path = keystore.jks

9. Edit /usr/lib/systemd/system/fixicc-h2.service as follows

   [Unit] Description=FIXICC-H2 After=syslog.target network.target [Service] Type=simple User=fixicc-h2 Group=fixicc-h2 SuccessExitStatus=143 Environment=FIXICC_H2_KEY_STORE_PASSWORD=fixicch2 FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2 FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2 ExecStart=/bin/bash -c '/usr/bin/java -Dapp.home=/etc/fixicc-h2/ -Dfixicch2.secure_http_port=8443 -Dfixicch2.key_store_path=/etc/fixicc-h2/keystore.jks -Dfixicch2.trust_store_path=/etc/fixicc-h2/keystore.jks -jar /usr/lib64/fixicc-h2/22H1/app.jar' ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target

10. Enable auto-start and start FIXICC-H2 server (check service status)

    systemctl enable --now fixicc-h2 systemctl status fixicc-h2

11. FIXICC-H2 UI should be available on https://server_ip:8443/app/

    Open