Skip to main content
Skip table of contents

On-Prem deployment using veridium-installer 3.5.4 - Rhel7 (9.5.13)

This article will describe the deployment procedure using the veridium-installer script.

1) Prerequisites

1.1) Node requirements

All nodes used in the deployment procedure will need to have SSH connectivity between them ensured by SSH keys on a single user, for example:

  • all nodes will have a user name centos that has ssh connectivity to all nodes

    CODE
    ## generate key (can be generated on all servers)
    ssh-keygen
    ## take the key (id_rsa.pub) from on server, from where the installation will take place, and put it on all other servers (including himself) in .ssh/authorized_keys
  • The default user will require admin (sudo) privileges (at least until the end of the deployment).

1.2) Dependencies

To have VeridiumID deployed in a client’s infrastructure the following dependencies must be installed (on all nodes):

CODE
sudo yum -y install apr-devel openssl-devel libstdc++-devel curl unzip wget zlib zlib-devel nc openssh-clients perl rsync zip

In order to run the Veridium installer deployment scripts the following packages must also be installed:

CODE
sudo yum -y install createrepo yum-utils vsftpd dialog net-tools

1.3) Installing docker and docker-compose (on the node from where the installation will be done)

For more information on installing these two dependencies please check the following links:

For RHEL & CentOS:

CODE
#RHEL
sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/rhel/docker-ce.repo

#CENTOS
sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

#COMMON
sudo yum -y install docker-ce docker-ce-cli containerd.io

sudo systemctl enable --now docker.service
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version

1.4) Set selinux to permissive

Please run bellow command. It is not necessary to restart the server:

CODE
sudo setenforce 0

2) Deployment steps

This section will describe the deployment steps.

 

CODE
## download veridium-installer and put it on server, with centos user. 
wget --user <user> --password <password> https://nexus.veridium-dev.com/repository/VeridiumInstaller/veridium-installer-9.5.13.zip
unzip veridium-installer-9.5.13.zip

2.1) Running the pre-requisites script

After uploading the Veridium archive to one of the nodes and unarchiving it, using the default user (for example: “centos“) run the following command:

CODE
./pre-reqs.sh

This script is in charge of the following:

  • Copy and install the VeridiumID layout and Python 3 packages on all nodes

  • Move all deployment files to veridiumid’s home directory

  • Configure veridiumid’s SSH connectivity using the SSH key used by the default user

  • Setting admin privileges (sudo) for the veridiumid user in order to ease the installation of VeridiumID

  • Adding veridiumid user to Docker’s list of allowed users

After running the script (as shown above) the user will be prompted for the following:

The user will need to add the list of IP addresses of all nodes including the current one, from which the installation will take place, for example:

  • Let’s say we have three nodes on which we wish to install VeridiumID with the following IPs: 10.0.10.1, 10.0.10.2 and 10.0.10.3

  • The node where the SE-Tools archive has been added to has the IP: 10.0.10.4

  • The user will need to add the following input to the script: 10.0.10.1,10.0.10.2,10.0.10.3,10.0.10.4

  • Afterwards, press the ENTER key

After providing the list of IP addresses the script will start copying the Layout and Python3 RPMs to all nodes and also install them, copying the deployment files to the current machine’s veridiumid home directory and add veridiumid to the list of users allowed to use the Docker service.

After finishing the above steps the script will ask the user if he wishes to allow the script to add root privileges to the veridiumid user. If giving “y“ as the response the following privileges will be added:

Providing “n“ as the input to the above prompt will print the following message to the standard output:

Root privileges for the veridiumid user are required in order to ease the installation phase and can be removed after finishing the deployment.

2.2) Running check_prereqs.sh

  • this script checks pre installation checks, meaning:

    • port connectivity with wget and nc

    • checks if prerequisites are installed

    • checks if ntp is in sync

    • checks RAM and disk

This script contains the following commands and provides instructions about how it can be used such as - r remote nodes, -r -w -p :

CODE
Usage: ./check_prereqs.sh <args>
Args:  -l          -> Run on local node 
       -r          -> Run on remote nodes
       -w IPS_LIST -> webapp node ip list delimitted by commas, for example: '10.0.0.1,10.0.0.2'
       -p IPS_LIST -> persistence node ip list delimitted by commas, for example: '10.0.0.1,10.0.0.2'
Examples:
## local server
./check_prereqs.sh -l
## one server, checks remote
./check_prereqs.sh -r -w 10.109.20.133 -p 10.109.20.133
## 2 webapps and 3 persistance
./check_prereqs.sh -r -w 10.109.20.133,10.109.21.164 -p 10.109.50.171,10.109.51.185,10.109.52.72
2.3) Starting the installation

 

2.3) Starting the installation

Before proceeding with this step, on the installation node, copy the domain certificate to veridiumid’s home directory.

After finishing the above steps connect as the veridiumid user and go to its home directory (/home/veridiumid).

CODE
sudo su - veridiumid

From here, start the installation by running the following script:

CODE
./veridium-installer.sh

This will start the Python Installation Wizard and the user will have to select between Simple and Advanced mode:

Simple mode will be used for POC deployments since it will automatically set the Ansible hosts to 127.0.0.1 and HaProxy to ports configuration.

Advanced mode will allow the user to configure every parameter configured by the VeridiumID installer.

For more information regarding the two deployment modes click on the following links:

2.3) Deployment

After exiting the Python Installation Wizard the deployment will start.

During this step please don’t close the terminal from which the script has been executed.

In case of any error during the deployment, a message will be shown in the terminal that points to the step’s log file.

All log files can be found in the following path: /home/veridiumid/logs

In case of needing to start the deployment from the beginning please run the following commands from the installation node:

BASH
# To remove local files:
bash /home/veridiumid/cleanup_install_files.sh -l

# To remove the previously generated CA (in case the install-ca step has been completed) and the local files
bash /home/veridiumid/cleanup_install_files.sh -l -c

3) Post-deployment steps

After the installation has succeeded to cleanup docker and local repository files (including vsftpd) please run the following on all nodes:

CODE
docker system prune -a
yum -y remove docker-ce docker-ce-cli containerd.io
rm -f /usr/local/bin/docker-compose
rm -rf /usr/bin/docker-compose
ip link delete docker0

4) Set a signed certificate for the installation

Replace the self signed certificate with a proper one, delivered by client. If the client has a p12, the following script can be executed to extract the certificates. It will be generated a in conversion_result, the private key and the public certificate. Please copy, as per instructions, the file in haproxy and restart the service. Also in websecadmin, remove the selfsigned certificate and import the correct one.

CODE
/etc/veridiumid/scripts/convert_haproxy_cert.sh certificate.p12

#To change the Haproxy domain certificate please use the following command as root user:
#    cp conversion_result/server.pem /etc/veridiumid/haproxy/server.pem; chown ver_haproxy:veridiumid /etc/veridiumid/haproxy/server.pem
# To restart the server after changing the certificate use the following command as root:
#    service ver_haproxy restart

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.