Skip to content

Configure and Install Core Services#

Prerequisites#

  • Obtain the values for the following variables from your Privacera technical sales representative. These values are used as you set installation properties in the steps below.

    • PRIVACERA_HUB_REPO_NAME
    • PRIVACERA_HUB_USER
    • PRIVACERA_HUB_PASSWORD
    • PRIVACERA_IMAGE_TAG
    • PRIVACERA_BASE_DOWNLOAD_URL
    • PRIV_MGR_IMAGE
    • PRIV_MGR_PACKAGE
  • Make sure you have met all the prerequisite hardware configuration and software for your platform, including Docker on AWS or Azure and Kubernetes. See Prerequisites Overview.

Install Privacera Manager#

  1. In a terminal window, connect to the cloud Linux instance using an SSH client. Follow the steps given in the links below.

  2. Replace <PRIV_MGR_PACKAGE>, <PRIV_MGR_IMAGE> and <PRIVACERA_HUB_REPO_NAME> below:

    export PRIV_MGR_PACKAGE=<PRIV_MGR_PACKAGE>
    export PRIV_MGR_IMAGE=<PRIV_MGR_IMAGE>
    export PRIVACERA_HUB_REPO_NAME=<PRIVACERA_HUB_REPO_NAME>
    
  3. Log in to the Privacera Docker Hub. Replace <PRIVACERA_HUB_USER> below:

    docker login $PRIVACERA_HUB_REPO_NAME -u <PRIVACERA_HUB_USER>
    
  4. Default installation folders for Privacera and Privacera Manager are '~/privacera', and '~/privacera/privacera-manager',  (If you use a different folder, you will need to adjust the commands and sequences accordingly. )

    Use the following sequence to first create the installation folder, then using wget, download and extract the privacera-manager components as shown

    mkdir -p ~/privacera/downloads
    cd ~/privacera/downloads
    wget $PRIV_MGR_PACKAGE/privacera-manager.tar.gz -O privacera-manager.tar.gz
    cd ~/privacera
    tar -zxf ~/privacera/downloads/privacera-manager.tar.gz
    

    The folder '~/privacera/privacera-manager' will contain all the required components.

  5. Create 'pm-env.sh', a shell script for future Privacera Manager upgrades.

    cd ~/privacera/privacera-manager/config
    echo '#!/bin/bash' > pm-env.sh
    echo "export  PRIV_MGR_PACKAGE=$PRIV_MGR_PACKAGE/privacera-manager.tar.gz" >> pm-env.sh
    echo "export  PRIV_MGR_IMAGE=$PRIVACERA_HUB_REPO_NAME/privacera-manager:$PRIV_MGR_IMAGE" >> pm-env.sh
    

Configure Installation#

  1. Copy the template configuration file 'sample.vars.privacera.yml' to 'vars.privacera.yml' and modify it for your specific environment.

    cd ~/privacera/privacera-manager
    cp config/sample.vars.privacera.yml config/vars.privacera.yml
    
  2. Edit 'vars.privacera.yml'  using vi or any preferred editor to set key properties.  E.g.

    vi config/vars.privacera.yml
    


Property Name Description Example Values
DEPLOYMENT_ENV_NAME Environment name. The environment name should have no space and can contain a combination of alphanumeric characters, underscore (_), dot (.) and dash (-). privacera-env
app_hostname If the Privacera Platform has a fully qualified domain name (FQDN) assign that value, otherwise leave the property commented out. privacera.mycompany.local
privacera_hub_user

Hub username access credential:
Set to the value provided for <PRIVACERA_HUB_USER>.

Note: For an air-gap install, enter the username of the internal repository URL.

 
privacera_hub_password

Hub password access credential:
Set to the value assigned for <PRIVACERA_HUB_PASSWORD>

Note: For an air-gap install, enter the password of the internal repository URL.

 
PRIVACERA_IMAGE_TAG Image tag:
Set to the value assigned for <PRIVACERA_IMAGE_TAG>
 
PRIVACERA_BASE_DOWNLOAD_URL Download URL:
Set to the value assigned for <PRIVACERA_BASE_DOWNLOAD_URL>
 
DEPLOYMENT_SIZE

This is the deployment size. Valid values for SMALL, MEDIUM and LARGE. The default is SMALL

For more information on what is the CPU, memory, disk space, etc. configured for each of the deployment sizes, click here.

Note: This is applicable only for a Kubernetes environment.

SMALL

Set the deployment mode#

To deploy Privacera as Docker containers, simply copy the Docker properties template into custom-vars/ folder.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.docker.yml config/custom-vars/

To use and create a Kubernetes based deployment, first copy the Kubernetes properties template into custom-vars/,  then open it to set specific properties.

cd ~/privacera/privacera-manager
cp config/sample-vars/vars.kubernetes.yml config/custom-vars/

Open the file 'vars.kubernetes.yml' for edit and set the value of K8S_CLUSTER_NAME to the name of the target Cluster.

You may use command kubectl config get-contexts.

kubectl config get-contexts

The value is displayed under CLUSTER as shown below. Click on the image to view it. The value contains the ARN of the EKS cluster along with the cluster name. Copy the cluster name, and set the value of K8S_CLUSTER_NAME.

Open the YML file.

vi custom-vars/vars.kubernetes.yml

Edit the following properties:

#This variables enable Kubernetes related properties
#Note: Please update all mandatory fields. Search for <PLEASE_CHANGE>

K8S_CLUSTER_NAME: "<PLEASE_CHANGE>"

#Name of the deployment. You can use privacera-prod, privacera-stage, etc
K8S_NAMESPACE: "{{DEPLOYMENT_ENV_NAME}}"

#Zones for Storage. For now, only one zone should be given
#K8S_STORAGE_ZONES:
#  - "us-east-1a"

#Default as 1, Recommended value is 32Gi and 3 for CLUSTER SIZE
ZOOKEEPER_K8S_PVC_STORAGE_SIZE: "5Gi"
ZOOKEEPER_CLUSTER_SIZE: 1

#Default as 1, Recommended value is 32Gi and 3 for CLUSTER SIZE
SOLR_K8S_PVC_STORAGE_SIZE: "5Gi"
SOLR_K8S_CLUSTER_SIZE: 1

#If your storage is encrypted, then set the below property
#K8S_PV_ENCRYPTED: "true"
#For AWS, it is ARN with keyId. E.g. arn:aws:kms:us-east-1:<account>:key/<hash>
#K8S_PV_KEY: ""

PRIVACERA_INSTALL_MODE: "kubernetes"

#Uncomment to obtain external loadbalancer. Default values are "false"
#PORTAL_K8S_LOADBALANCER_EXTERNAL: "true"
#SOLR_K8S_LOADBALANCER_EXTERNAL: "true"
#RANGER_K8S_LOADBALANCER_EXTERNAL: "true"
#KAFKA_K8S_LOADBALANCER_EXTERNAL: "true"
#DISCOVERY_K8S_LOADBALANCER_EXTERNAL: "true"

By default, Privacera creates a service account with the name, privacera-sa. The account is bound to a namespace-level Role and RoleBinding, whose default values are privacera-sa-role and privacera-sa-role-bind respectively. If you want to change the default values of these three Kubernetes objects, click here.

For more information about configuring the service account, click here.

Configure the cloud platform#

If this deployment is for an AWS cloud environment, copy the sample AWS configuration file to custom-vars/ and set the AWS Region to your AWS Cloud platform region.

cd ~/privacera/privacera-manager/config/
cp sample-vars/vars.aws.yml custom-vars/
vi custom-vars/vars.aws.yml

Set the property value for AWS_REGION where your instance will be running.  Save 'vars.aws.yml'.

If this deployment is for an Azure cloud environment...

cd ~/privacera/privacera-manager/config/
cp sample-vars/vars.azure.yml custom-vars/

If this deployment is for a Google Cloud Platform environment, copy the sample GCP configuration file to custom-vars/ and set the Project ID of your GCP project.

cd ~/privacera/privacera-manager/config/
cp sample-vars/vars.gcp.yml custom-vars/
vi custom-vars/vars.gcp.yml

Log in to Google Console and get the Project ID of your Google project. Set the project ID in the property and save the file.

Install Core Services

Run the Privacera Manager setup script:

cd ~/privacera/privacera-manager
./privacera-manager.sh update

This will initiate the first installation process. It will download all necessary components, and execute the deployment phase, and installs the following core services:

  • Privacera Portal
  • Apache Ranger
  • MariaDB
  • Apache Zookeeper
  • Apache Solr

Access Core Services:  Portals and APIs

As part of the first update, as it creates components - either as Docker 'containers' or Kubernetes 'pods',  Privacera Manager records the URIs for each of the key components. These are written to standard output and will look similar to the following:

Each service provides you with an internal and external URL. To access a Privacera service, use the external URL of the service. For example, to access Privacera Portal, copy its external URL in a browser, and log on with default username/password:  'padmin' / 'padmin'.

http://<app_hostname>:6868 or http://<app_host_ip>:6868

Note: Reset your administrator account ('padmin') password according to your enterprise policy. This password can be changed in the Privacera Portal under "Settings: User Management". See the Privacera Portal User Guide, Settings: User Management for more information.

Debugging and Logging#

Generate Verbose Logs#

When you start install Privacera, only the Ansible task names get displayed on the terminal. If you want to view the underlying details of a task, do the following;

  1. Open ansible.cfg.

    vi ~/privacera/privacera-manager/ansible.cfg
    
  2. Change verbosity to 1. You can change the verbosity value from 1 to 5.

    verbosity = 1
    
  3. Uncomment stdout_callback to display the output on the terminal.

    stdout_callback = minimal
    

View Installation Logs#

After the installation is completed, the logs get stored at the location, logs/pm/ with the filename as pm_run_<date_and_time>.log. Also, logs are generated when an installation is aborted.

To list all the generated logs, run the following command:

ls logs/pm/

To view a generated log, run the following command:

vi logs/pm/pm_run_<date_and_time>.log

What's Next#

Go to Privacera Manager Framework to learn more about the Privacera Manager files and commands.

Or. jump directly to   Component Configuration to get started installing additional Privacera Platform components.


Last update: September 14, 2021