This document provides a Centos 7 install guide. The guide can be followed for Ubuntu installation or serve as a starting point for installing on other Linux OS.
You should read the Deployment documentation beforehand, in order to understand the components and their roles.
ssh user@<server>
sudo su
#password
cat /etc/centos-release
#CentOS Linux release 7 eller 8
sudo yum -y install epel-release
sudo yum install -y htop
sudo yum install -y wget
sudo wget https://github.com/bcicen/ctop/releases/download/v0.7.3/ctop-0.7.3-linux-amd64 -O /usr/local/bin/ctop
sudo chmod +x /usr/local/bin/ctop
sudo yum install -y postgresql
systemctl stop rpcbind.service
systemctl disable rpcbind.service
systemctl stop rpcbind.socket
systemctl disable rpcbind.socket
On the target machine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum install -y containerd.io-1.2.6-3.3.el7.x86_64.rpm
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo docker run hello-world
sudo systemctl enable docker
sudo systemctl status docker
ctrl-c to stop
If target machine has no internet add http(s) proxy to docker
On the target machine
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
echo "export PATH=/usr/local/bin:$PATH" >> /root/.bashrc
source /root/.bashrc
docker-compose --version
#docker-compose version 1.25.3, build d4d1b42b
sysctl net.bridge.bridge-nf-call-iptables=0
sysctl net.bridge.bridge-nf-call-arptables=0
sysctl net.bridge.bridge-nf-call-ip6tables=0
echo 'net.bridge.bridge-nf-call-iptables=0' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-arptables=0' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables=0' >> /etc/sysctl.conf
On the target machine pull some Sirenia software
mkdir /root/deploy
cd /root/deploy
Create a docker-compose file for your specific setup.
yum install -y nano
nano docker-compose.yml
You could take a base in this example. You must change at least kwanza version, cuesta version and <FQDN> of your server. You MUST use all small letters in the fqdn. eg. some.sirenia.io
version: '3'
networks:
default:
ipam:
driver: default
config:
- subnet: "172.27.0.0/24"
services:
kwanza:
image: registry.gitlab.com/sirenia/dist/kwanza:v2.13.0
restart: unless-stopped
environment:
KWANZA_DATABASE: pg://postgres:postgres@postgres/kwanza
KWANZA_CERT_SUBJECTS: "<FQDN>"
KWANZA_CERT_DURATION: 87600h
KWANZA_CERT: "/cert/cert.pem"
KWANZA_KEY: "/cert/key.pem"
KWANZA_SALT: kwanzified
KWANZA_AUTH: jwt
KWANZA_MAXSTREAMSPERSUBSCRIBER: 102400
KWANZA_MAXAUTHTHROTTLEDKEYS: -1
KWANZA_MAXTHROTTLEDKEYS: -1
ports:
- "8000:8000" # HTTP(S)
- "8001:8001" # TCP (gRPC)
- "127.0.0.1:6060:6060" # Profiling to host-only
- "127.0.0.1:8080:8080" # Expvar to host-only
volumes:
- "/usr/local/etc/sirenia/cert:/cert"
- "/usr/local/etc/sirenia/kwanza/conf:/etc/sirenia/kwanza"
depends_on:
- postgres
cuesta:
image: registry.gitlab.com/sirenia/dist/cuesta:v1.14.0
restart: unless-stopped
environment:
CUESTA_CERT: "/cert/cert.pem"
CUESTA_KEY: "/cert/key.pem"
KWANZA_URL: "https://<FQDN>:8000/v1"
KWANZA_STREAMURL: "wss://<FQDN>:8000/v1/stream"
ports:
- "80:80"
- "443:443"
volumes:
- "/usr/local/etc/sirenia/cert:/cert"
depends_on:
- kwanza
postgres:
image: postgres:10
restart: always
ports:
- "127.0.0.1:5432:5432"
environment:
PGDATA: "/data"
POSTGRES_PASSWORD: "postgres"
volumes:
- "/root/postgresdata:/data"
Now pull some software from the repository and try to start the combined setup.
docker login registry.gitlab.com
#dist-<username> / <password>
# ... Login Succeeded
docker-compose up
<ctrl-c> (stop again)
Kwanza will generate self-signed cert at startup. Alternatively copy valid cert for prod here /usr/local/etc/sirenia/cert It must be a valid x.509 certificate with a full trust chain to a CA in PEM format.
cd /usr/local/etc/sirenia/kwanza/conf
nano .kwanza.yml
paste this
users:
john: d224cfd091471383708424f3e494f8029b456b0e559fe82ee9adb5b66a7f1e55
martin: d224cfd091471383708424f3e494f8029b456b0e559fe82ee9adb5b66a7f1e55
jonathan: d224cfd091471383708424f3e494f8029b456b0e559fe82ee9adb5b66a7f1e55
Ok, we are ready to test the complete setup
cd /root/deploy/
docker-compose stop
docker-compose up
Look for errors etc in the logs. Login to Cuesta
https://<FQDN>/user:john pass:1234If no errors show up, we are ready to go. Start the setup as background processes.
docker-compose stop
docker-compose up -d
If you have acquired a license to the Data Driven Operational Intelligence solution Sirenia Analytics, follow the instalation guide here. You can deploy this on the same server as Cuesta and Kwanza (assuming it is sized coorectly), or on is’s own. If you install on a new server, you must first install docker and docker-compose as explained above.
Create a docker-compose file for your specific setup (or add to existing).
mkdir /root/deploy-elk
cd /root/deploy-elk
nano docker-compose.yml
You could take a base in this example. You must change at least versions and <FQDN> of your server.
version: '2'
networks:
default:
ipam:
driver: default
config:
- subnet: "172.28.0.0/24"
services:
nginx-proxy:
container_name: nginx-proxy
image: jwilder/nginx-proxy
ports:
- "81:80"
restart: always
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./nginx-proxy/htpasswd:/etc/nginx/htpasswd"
aripuana-stats:
image: registry.gitlab.com/sirenia/aripuana:v1.4.0
restart: unless-stopped
environment:
ARIPUANA_CERT_SUBJECTS: "<FQDN>"
ARIPUANA_CERT_DURATION: 87600h
ARIPUANA_CERT: "/cert/cert.pem"
ARIPUANA_KEY: "/cert/key.pem"
ARIPUANA_SALT: "fishy"
ARIPUANA_WRITERS: 1
ARIPUANA_PORT: 8083
ARIPUANA_LOGNAME: "stats.manatee"
ARIPUANA_OUTPUTDIR: "/data"
ports:
- "8082:8082"
- "8083:8083"
volumes:
- "/usr/local/etc/sirenia/cert:/cert"
- "./aripuana/data:/data"
aripuana-logs:
image: registry.gitlab.com/sirenia/aripuana:v1.4.0
restart: unless-stopped
environment:
ARIPUANA_CERT_SUBJECTS: "<FQDN>"
ARIPUANA_CERT_DURATION: 87600h
ARIPUANA_CERT: "/cert/cert.pem"
ARIPUANA_KEY: "/cert/key.pem"
ARIPUANA_SALT: "fishy"
ARIPUANA_WRITERS: 1
ARIPUANA_PORT: 8085
ARIPUANA_LOGNAME: "all.manatee"
ARIPUANA_OUTPUTDIR: "/data"
ports:
- "8084:8084"
- "8085:8085"
volumes:
- "/usr/local/etc/sirenia/cert:/cert"
- "./aripuana/data:/data"
aripuana-perf:
image: registry.gitlab.com/sirenia/aripuana:v1.4.0
restart: unless-stopped
environment:
ARIPUANA_CERT_SUBJECTS: "<FQDN>"
ARIPUANA_CERT_DURATION: 87600h
ARIPUANA_CERT: "/cert/cert.pem"
ARIPUANA_KEY: "/cert/key.pem"
ARIPUANA_SALT: "fishy"
ARIPUANA_WRITERS: 1
ARIPUANA_PORT: 8087
ARIPUANA_LOGNAME: "perf.manatee"
ARIPUANA_OUTPUTDIR: "/data"
ports:
- "8086:8086"
- "8087:8087"
volumes:
- "/usr/local/etc/sirenia/cert:/cert"
- "./aripuana/data:/data"
elk6:
container_name: elk6
environment:
ES_JAVA_OPTS: "-Xmx1500m -Xms1500m"
LS_HEAP_SIZE: "256m"
VENDOR: Sirenia
ELASTICSEARCH_START: 1
LOGSTASH_START: 1
KIBANA_START: 1
VIRTUAL_HOST: <FQDN> # will be fwd by nginx proxy
VIRTUAL_PORT: 5601 # will be fwd by nginx proxy
image: registry.gitlab.com/sirenia/dist/analytics/sirenia-elk-7:7.2.0.1
restart: always
volumes:
- "./elk6/conf.d/:/etc/logstash/conf.d/"
- "./aripuana/data:/etc/logstash/indata/"
- "./elk6/elk-data:/var/lib/elasticsearch/" #OBS: Required chown 991:991 elk6/elk-data/
expose:
- "5601"
Pull the software and initialize folder structure.
docker-compose up
Wait for download of software and start-up of all dockers. Is expected til give errors, as the setup have not been configured yet.
ctrl-c to stop
To configure Elastic do the following
chown 991:991 elk6/elk-data/
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -w vm.max_map_count=262144
cd elk6/conf.d
nano logstash-in-out.conf
Add this to the file
input {
file {
#All for debug
type => "all-manatee"
path => "/etc/logstash/indata/all.manatee*.log"
#start_position => "beginning"
start_position => "end"
codec => json
}
file {
#Stats for BI only
type => "bi-manatee"
path => "/etc/logstash/indata/stats.manatee*.log"
#start_position => "beginning"
start_position => "end"
codec => json
}
file {
#perf for perf only
type => "perf-manatee"
path => "/etc/logstash/indata/perf.manatee*.log"
#start_position => "beginning"
start_position => "end"
codec => json
}
}
filter {
#NOOP
}
output {
if [type] == "all-manatee" {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "all-manatee"
}
}
if [type] == "bi-manatee" {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "all-manatee"
}
}
if [type] == "perf-manatee" {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "all-manatee-perf"
}
}
}
To configure the Nginx Proxy do the following. Change user and password according to your desired setup
cd ../../nginx-proxy/htpasswd/
yum install -y httpd-tools
htpasswd -nb user password >> <FQDN>
Ok, we are ready to test the complete DDOI setup. Start all dockers
cd ../../
docker-compose up
Look for errors etc in the logs. Login to Sirenia Analytics
http://<FQDN>:81/user:user pass:passwordIf no errors show up, we are ready to go. Start the setup as background processes. ctrl-c to stop
docker-compose up -d
Ensure that the containers are running as expected
docker-compose ps
Should produce output showing three containers running un Up state.
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------
deploy-elk_aripuana-logs_1 aripuana run Up 0.0.0.0:8084->8084/tcp, 0.0.0.0:8085->8085/tcp
deploy-elk_aripuana-perf_1 aripuana run Up 0.0.0.0:8086->8086/tcp, 0.0.0.0:8087->8087/tcp
deploy-elk_aripuana-stats_1 aripuana run Up 0.0.0.0:8082->8082/tcp, 0.0.0.0:8083->8083/tcp
elk6 /usr/local/bin/start.sh Up 5044/tcp, 5601/tcp, 9200/tcp, 9300/tcp
nginx-proxy /app/docker-entrypoint.sh ... Up 0.0.0.0:81->80/tcp
You should always finish an install procedure with a complete servere restart, to test that all services starts after a complete host restart
reboot -n