This feature is deprecated and you should avoid using it.
A DPOD External Self-Service Console is an instance of DPOD All-In-One installation that is deployed externally to a network, provides users with a Console UI only, and does not store any transactional data of its own. In lieu of storing data, this instance communicates with a DPOD Internal Console.
A typical use for the DPOD External Self-Service Console is to proxy the DPOD Console UI to a less secured network (e.g. a DMZ) without placing DPOD's internal data in that area.
Installation Preparation
Network Requirements
- Ensure you have an IP for the DPOD External Self-Service Console (including DNS, default GW, subnet mask and other network configuration).
- Ensure you have an NTP server available and obtain the NTP server IP address.
- Ensure the ports detailed below are opened during or after install:
From | To | Ports (Defaults) | Protocol | Usage |
---|---|---|---|---|
DPOD External Self-Service Console | NTP Server | 123 | NTP | Sync time between DPOD instances |
DPOD External Self-Service Console | Organizational mail server | 25 | SMTP | Send reports by email |
NTP Server | DPOD External Self-Service Console | 123 | NTP | Sync time |
Users IPs | DPOD External Self-Service Console | 80, 443 | HTTP/s | Work with DPOD Service Center Console |
Admins IPs | DPOD External Self-Service Console | 22 | TCP | SSH |
DPOD External Self-Service Console | DPOD Internal Console | 9200, 9302 | TCP | Connection to DPOD Internal Console Store |
Hardware Requirements
DPOD External Self-Service Console should have a Low deployment profile as detailed in Hardware and Software Requirements with the following exceptions:
- The Data disk can be as small as 5 GB (instead of 100 GB)
- (Optional) You may add a second network interface to separate DPOD's External Self Service Console access to the DPOD Internal Console from the UI interface.
DPOD External Self-Service Console Post Installation Tasks
After installing DPOD on the External Self-Service Console machine, follow the steps below:
- Disable some DPOD services:
Edit (using
vi
) the file/etc/sysconfig/MonTier
:
Change the SERVICES section to the following:RUN_FIRST_VERIFIER="" SERVICES_FIRST_GROUP="MonTier-AppAdmin MonTier-Derby" SERVICES_SECOND_GROUP="" SERVICES_THIRD_GROUP="MonTier-HK-ESRetention" SERVICES_FORTH_GROUP="" RUN_SECOND_VERIFIRE="" SERVICES_FIFTH_GROUP="" SERVICES_SIXTH_GROUP="" SERVICES_SEVENTH_GROUP="MonTier-UI MonTier-Reports"
Change DPOD's Store entries in
/etc/hosts
to direct to DPOD Internal Console IP address (1.1.1.1 in the example below):1.1.1.1 montier-es 1.1.1.1 montier-es-http
Start configuration database service
/app/scripts/start_services.sh -a start -p derby -o /app/scripts/execute_on_db.sh -c
Update the SystemParameter SQL table:
UPDATE SystemParameter SET value='false' WHERE name='agents.management.enabled'; UPDATE SystemParameter SET value='false' WHERE name = 'system.internal_self_service.is_internal'; UPDATE SystemParameter SET value='false' WHERE name = 'system.should_run_retention_on_startup'; update HATSRECURRINGTASK set isEnabled='false' where taskType not in ('DATABASE_CLEANUP', 'FILE_CLEANUP', 'INTERNAL_ALERTS_CHECK_DERBY', 'INTERNAL_ALERTS_CHECK_FS_FREESPACE');
- Update external server's encryption key:
Copy the encryption key from internal server to the external server's temp folder - do not override servers encryption file:
scp root@<internal server ip>:/app/keys/encryption.key /tmp/encryption.key
Deploy the key using utility:
/app/scripts/replace_encryption_key.sh --deploy /tmp/encryption.key
Copy store keys from internal server and update retention cert
scp root@<internal server ip>:/app/keys/store/* /app/keys/store/ cp /app/keys/store/dpod-es-admin-keystore.p12 /app/hk_retention/MonTier-HK-ESRetention/conf/certs/dpod-es-admin-keystore.p12
Update the configuration files for MonTier-HK-ESRetention, MonTier-UI, MonTier-Reports, MonTier-HK-WsmKeepalive
Copy the configuration files from internal server
This step should be preformed after each upgrade.scp root@<internal server ip>:/app/hk_retention/MonTier-HK-ESRetention/conf/MonTierHousekeeping.conf /app/hk_retention/MonTier-HK-ESRetention/conf/MonTierHousekeeping.conf scp root@<internal server ip>:/app/ui/MonTier-UI/conf/MonTierUI.conf /app/ui/MonTier-UI/conf/MonTierUI.conf scp root@<internal server ip>:/app/reports/MonTier-Reports/conf/MonTierReports.conf /app/reports/MonTier-Reports/conf/MonTierReports.conf scp root@<internal server ip>:/app/hk_keepalive/MonTier-HK-WsmKeepalive/conf/MonTierHousekeeping.conf /app/hk_keepalive/MonTier-HK-WsmKeepalive/conf/MonTierHousekeeping.conf
Delete the following folders from /etc/init.d
rm /etc/init.d/MonTier-SyslogAgent-* /etc/init.d/MonTier-WsmAgent-* /etc/init.d/MonTier-es-raw-trans-Node-* /etc/init.d/MonTier-OpenSearchDashboards /etc/init.d/MonTier-MessagingAgent-1
Ensure all components are up and running
app_status.sh #Output Example: MonTier-AppAdmin (pid 7380) is running... MonTier-Derby (pid 4983) is running... MonTier-HK-ESRetention (pid 13576) is running... MonTier-HK-WsmKeepalive (pid 17724) is running... MonTier-UI (pid 16959) is running... MonTier-Reports (pid 17335) is running...
If you wish to let the external self service users access the DevOps Services Portal, change the following system parameters in the external self service console
(you can do that from Manage → Customize → System Parameters after the web console starts):- Internal Self Service Address: Enter the address of the internal self service portal.
- Internal Self Service Webserver Port: (defaults to 443) The webserver port for the internal self service portal - change this value only if advised.
DPOD Internal Console Post Installation Tasks
Connect to the DPOD Internal Console server and alter the configuration to let it accept communication from the DPOD External Self-Service Console.
Change DPOD Store entries in
/etc/hosts
to bind to DPOD Internal Console IP address instead of 127.0.0.1 (1.1.1.1 in the example below):1.1.1.1 montier-es 1.1.1.1 montier-es-http
Ensure all components are up and running
app_status.sh #Output Example: MonTier-AppAdmin (pid 17836) is running... MonTier-Derby (pid 17940) is running... MonTier-es-raw-trans-Node-1 (pid 18125) is running... MonTier-es-raw-trans-Node-2 (pid 21122) is running... MonTier-es-raw-trans-Node-3 (pid 21103) is running... MonTier-es-raw-trans-Node-4 (pid 21120) is running... MonTier-SyslogAgent-1 (pid 27350) is running... MonTier-SyslogAgent-2 (pid 27286) is running... MonTier-SyslogAgent-3 (pid 27177) is running... MonTier-SyslogAgent-4 (pid 27075) is running... MonTier-WsmAgent-1 (pid 27002) is running... MonTier-WsmAgent-2 (pid 26921) is running... MonTier-WsmAgent-3 (pid 26881) is running... MonTier-WsmAgent-4 (pid 26773) is running... MonTier-HK-ESRetention (pid 24012) is running... MonTier-HK-WdpDeviceResources (pid 27590) is running... MonTier-HK-WdpServiceResources (pid 27447) is running... MonTier-HK-SyslogKeepalive (pid 1976) is running... MonTier-HK-WsmKeepalive (pid 1932) is running... MonTier-UI (pid 1635) is running... MonTier-Reports (pid 1830) is running... MonTier-AgentNode (pid 1736) is running...
- Restart External Console
- Stop DPOD components
Ensure all components are up and running
app_status.sh #Output Example: MonTier-AppAdmin (pid 7380) is running... MonTier-Derby (pid 4983) is running... MonTier-HK-ESRetention (pid 13576) is running... MonTier-HK-WsmKeepalive (pid 17724) is running... MonTier-UI (pid 16959) is running... MonTier-Reports (pid 17335) is running...
DPOD External Self-Service Console Upgrade
When upgrading from 1.0.20.2:
First upgrade to 1.0.21.0, following the all-in-one upgrade steps.
Then upgrade to 1.0.22.0, follow the all-in-one upgrade and all special steps, and then all post installation steps above should be executed.
- Upgrade to 1.0.21.0.
- Upgrade to 1.0.22.0, following all special steps.
- After upgrading to 1.0.22.0, follow all post installation steps above for external and internal console.