Skip to content

How To Setup An Environment

Download the "Remote Bootstrap Zip" and "Remote Bootstrap Binaries Zip" artifacts as described in the IFS Lifecycle Experience Guide. Ensure that the certificate chain for jfrog.io and the private registry domain are trusted on the deployed servers.

Once downloaded, right click the downloaded zip files and select properties. In properties, tick the unblock checkbox at the bottom and click ok.

Unzip both zips to the same windows folder path (eg: "Extract Here"). It will create a folder structure as shown below, which contains a main.ps1 PowerShell script that is digitally signed.

Folder Structure

ifsroot
├── artifact-download               # Artifact Upload and Downloading Scripts (**Note**: For Airgap users)
├── backups                         # reserved for backup of the kubernetes namespace (**Note**: backup will leak secrets)
├── bin                             # Binaries required to install/upgrade IFS Apps
├── config                          # All the configuration files required to install/upgrade IFS Apps
│   ├── certs                       # holds the certificates created during setup for ifs-ingress,ifs-monitoring, etc.  
│   ├── ifs-storage-values.yaml     # holds config for the storage engines  
│   ├── ifs-ingress-values.yaml     # holds config for the ingress engines  
│   ├── ifs-monitoring-values.yaml  # holds config for the monitoring engines  
│   ├── kube                        # Kubernetes config file taken from Linux Box  
│   ├── secrets                     # holds all the user secrets  
│   ├── supported_platforms         #   
│   ├── ifscloud-values.yaml        # The ifscloud configuration  
│   ├── main_config.json.template   # Default parameters required to install/upgrade IFS Apps  
|   └── ...
├── deliveries                      # All deliveries and build_home are kept here - old deliveries can be zipped or removed
├── logs                            # Main log folder which contains all the relevant logs
│   ├── ifscloudinstaller           # ifscloud installer log folder
│   ├── main-script                 # Infrastructure script log folder
│   ├── remote-log-client           # log folders of all containers in all namespaces in kubernetes 
|   └── ...
├── remote-scripts                  # Bash scripts which execute against Linux Box
├── utils                           # Required utility scripts to install/upgrade IFS Apps
│   ├── utils.psm1                  # Utility powershell module for scripts
│   ├── common.psm1                 # Common powershell module for scripts
│   └── local.psm1                  # Local powershell module for scripts
│
└── main.ps1                        # Main powershell script that handles the rest of the script execution

NOTE: the filename of config\ifscloud-values.yaml is important.

Main Configuration Parameters File

The main_config.json.template and main_config.json file located at ./ifsroot/config.

Parameter Description Required
Ifs.Base Base Script Location. Mandatory. Must keep the Default value.
Ifs.Logs All Log Location. Mandatory. Must keep the Default value.
Ifs.LinuxUserName Management Server UserName. Mandatory. Must keep the Default value.
Ifs.Linuxhost Management Server Host Name. Mandatory.
Ifs.Nodes High Availability Nodes Names. Mandatory if configuring HA.
Ifs.ScriptsFName Management Server Script Execution Folder Name. Mandatory. Must keep the Default value.
Ifs.ScriptsLocal Local Utility Script Location. Mandatory. Must keep the Default value.
Ifs.ScriptsLinux Management Server Script Copy Folder Name. Mandatory. Must keep the Default value.
Ifs.KubeConfigPath Folder That Holds or Will Store the Kubeconfig. Mandatory. Must the keep the Default value.
Ifs.PowershellPath External Powershell Module Location. Mandatory. Must keep the Default value.
Ifs.Microk8sBin External Microk8s Bin Module Location. Mandatory. Must keep the Default value.
Ifs.NugetVersion Nuget Version used by Powershells. Mandatory. Must keep the Default value.
Ifs.localPowershellAssembliesPath Default Windows Location for Storing Provider Assemblies. Mandatory.
Ifs.localPSRepositoryName Local Powershell Repository Name. Mandatory.
Ifs.PoshVersion Compatible Posh Module Version. Mandatory. Must keep the Default value.
Ifs.PoshYamlVersion Compatible PoshYaml Module Version. Mandatory. Must keep the Default value.
Ifs.PrvKeyFile Management Server Private Key Location. Optional. Set a new value only if needed.
Ifs.RemoteArtifactUri Remote Private Registry Uri. Mandatory.
Ifs.JFrogArtifactoryUri DEPRECATED: Please use RemoteArtifactUri. IFS JFrog Artifactory Private Registry Uri. Mandatory.
Ifs.RemoteArtifactDockerRepo Remote Private Registry Docker Repo Name. Mandatory.
Ifs.JFrogArtifactoryDockerRepo DEPRECATED: Please use RemoteArtifactDockerRepo. IFS JFrog Artifactory Private Registry Docker Repo Name. Mandatory.
Ifs.RemoteArtifactDockerRepoPath Remote Private Registry Docker Repo Path. Mandatory.
Ifs.JFrogArtifactoryDockerRepoPath DEPRECATED: Please use RemoteArtifactDockerRepoPath. IFS JFrog Artifactory Private Registry Docker Repo Path. Mandatory.
Ifs.RemoteArtifactRemoteRepo Remote Artifactory Remote Repo Name. Optional.
Ifs.JFrogArtifactoryRemoteRepo DEPRECATED: Please use RemoteArtifactRemoteRepo. IFS JFrog Artifactory Private Registry Remote Repo Name. Optional.
Ifs.RemoteArtifactRemoteRepoVersion Remote Artifactory Remote Repo Artifacts Version. Optional.
Ifs.JFrogArtifactoryRemoteRepoVersion DEPRECATED: Please use RemoteArtifactRemoteRepoVersion. IFS JFrog Artifactory Private Registry Remote Repo Artifacts Version. Optional.
Ifs.RemoteArtifactHelmRepoName Name of the Remote Private Registry that is hosting the Helm Repo. Mandatory.
Ifs.JFrogArtifactoryHelmRepoName DEPRECATED: Please use RemoteArtifactHelmRepoName. Name of the IFS JFrog Artifactory Private Registry that is hosting the Helm Repo. Mandatory.
Ifs.RemoteArtifactThirdPartyRepo Remote Artifactory Third Party Repo Name. Optional.
Ifs.JFrogArtifactoryThirdPartyRepo DEPRECATED: Please use RemoteArtifactThirdPartyRepo. IFS JFrog Artifactory Private Registry Third Party Repo Name. Optional.
Ifs.RemoteArtifactHelmRepo Remote Private Registry Helm Repo Name. Mandatory.
Ifs.JFrogArtifactoryHelmRepo DEPRECATED: Please use RemoteArtifactHelmRepo. IFS JFrog Artifactory Private Registry Helm Repo Name. Mandatory.
Ifs.RemoteArtifactHelmStorageVersion Remote Artifactory Storage Helm Chart Artifact Version. Mandatory.
Ifs.RemoteArtifactHelmIngressVersion Remote Artifactory Ingress Helm Chart Artifact Version. Mandatory.
Ifs.JFrogArtifactoryHelmIngressVersion DEPRECATED: Please use RemoteArtifactHelmIngressVersion. IFS JFrog Artifactory Private Registry Ingress Helm Chart Artifact Version. Mandatory.
Ifs.RemoteArtifactHelmPriorityClassVersion Remote Artifactory Priority Class Helm Chart Artifact Version. Mandatory.
Ifs.RemoteArtifactHelmMonitoringVersion Remote Artifactory Monitoring Helm Chart Artifact Version. Mandatory.
Ifs.JFrogArtifactoryHelmMonitoringVersion DEPRECATED: Please use RemoteArtifactHelmMonitoringVersion. IFS JFrog Artifactory Monitoring Helm Chart Artifact Version. Mandatory.
Ifs.KubectlVersion Compatible Kubectl Client Version. Mandatory. Must keep the Default value.
Ifs.HelmVersion Compatible Helm Version. Mandatory. Must keep the Default value.
Ifs.StepVersion Compatible Step Version. Mandatory. Must keep the Default value.
Ifs.HtpasswdVersion Compatible Htpasswd Version. Mandatory. Must keep the Default value.
Ifs.OpenJDKVersion Compatible JDK Version. Mandatory. Must keep the Default value.
Ifs.Dns DNS used by Kubernetes. Mandatory.
Ifs.MaxVMRebootWaitSecs Maximum Wait Time for Management Server Restart. Mandatory.
Ifs.IFSCloudNamespace IFS Cloud Namespace Name. Mandatory.
Ifs.FirewallPorts Additional Firewall Ports to open in Firewall. Optional.
Ifs.ManagementServerIP Management Server IP. Mandatory. The value should be adjusted according to the infrastructure.
Ifs.PodCidrRange Pod IP Range to use for the Kubernetes Cluster. Mandatory. The value should be adjusted according to the infrastructure.
Ifs.LocalNetworkIpRange Local Network IP Range. Mandatory. The value should be adjusted according to the infrastructure.
Ifs.LoadBalancerPrivateIP Load Balancer Private IP. Mandatory for HA setup. The value should be adjusted according to the infrastructure.
IfsMonitoring.ReleaseName IFS Monitoring Release Name. Mandatory.
IfsMonitoring.ElasticsearchHost IFS Monitoring ElasticSearch Host Name. Mandatory.
IfsMonitoring.ElasticsearchPort IFS Monitoring ElasticSearch Port. Mandatory.
IfsMonitoring.ElasticsearchPath IFS Monitoring ElasticSearch Path. Mandatory.
IfsRemoteLogClient.ElasticsearchLogPath IFS Remote Log Client ElasticSearch Path. Mandatory.
IfsRemoteLogClient.InitialLogFetchInterval IFS Remote Log Client Initial Log Fetch Interval. Optional. The Default value is two days.
IfsRemoteLogClient.LogRetentionSize IFS Remote Log Client Log Retention Size. Optional. The Default value is 50 files.
IfsRemoteLogClient.SingleResponseSize IFS Remote Log Client Single Response Size. Optional. The Default value is 5000 hits per response.
IfsRemoteLogClient.LogFileSize IFS Remote Log Client Log File Size. Optional. The Default value is 10MB.

Parameters required for the Main Powershell Script action

Command Description
-action action to execute resource
-resource resource to execute
-verbosePref verbose requirement ('enable' or 'disable'), disabled by default

Open a Powershell window where the IFS remote folder structure was extracted.

Name the top folder with a unique name e.g. same as the namespace of the middle tier.

Continue to execute the following commands in the Powershell window.


1. Quick Installation

Go through the steps for each of the following capabilities in the Custom Installation section and fill in the necessary values in the main_config.json.

This step completes the installation of the below capabilities.

  • Initialize Powershell modules.
  • Create SSH key for remote access to Middle Tier Server.
  • Install or Reinstall Kubernetes cluster.
  • Get the kubeconfig file from the Kubernetes cluster in Middle Tier Server.
  • Disable AppArmor Profile.
  • Set CoreDNS DNS server.
  • Enable Middle-Tier Server Firewall.
  • Check Middle-Tier Server Firewall Status.
  • Change Pod IP Range.
  • If High Availability, join the nodes.
  • Install ifs-storage helm chart.
  • Install ifs-ingress helm chart - When Installing ifs-ingress for the first time, you will be prompted for Remote Artifact credentials.

Pre-Requisites :

  • Copy and rename the main_config.json.template file located at ./ifsroot/config into main_config.json.

  • Open the main_config.json file located at ifsroot/config.

  • Check whether the localPowershellAssembliesPath value exists. If not, create the empty folders manually.

  • Change the "Linuxhost" variable to your linux box host name.

  • Have a network for DB and other IP end-points that is separated from the internal k8s virtual network. Read "Change Pod IP Range" below.

  • By default, the DNS used by Kubernetes points to 8.8.8.8 8.8.4.4.

  • Docker Registry should be secured with a valid SSL certificate. Edit the #Dns# tag in config\main_config.json and set it to the corporate DNS. If using a list of DNS servers, use spaces as separators.

  • To enable firewall, Fill the "ManagementServerIP" variable to your workstation windows ip.

  • Fill the "LocalNetworkIpRange" variable to your local network ip range.

    If < 21R1 SU 11 or < 21R2 SU 4; Kubernetes default pod ip range is "10.1.0.0/16".

    If >= 21R1 SU 11 or >= 21R2 SU 4; Kubernetes default pod ip range is "10.64.0.0/16". If 10.64.0.0/16 pod ip range is conflicting with your local network IP Range, and you still need to continue using 10.1.0.0/64 (the pod ip range in 21R1 SU 10/21R2 SU 3 or below) or some other IP Range, you can change the value of "PodCidrRange" in the ifsroot/config/main_config.json file to the IP Range you need to use. Also, fill in the "LocalNetworkIpRange" in the ifsroot/config/main_config.json file

  • If setting-up a High Availability environment, Refer High Availability Prerequisite Configuration and configure the prerequisites for High Availability Setup.

Use the below command to start the installation from 'Initialize Powershell modules' to 'Install ifs-ingress helm chart' in one go. You also have the choice to follow commands one by one only for the above-mentioned capabilities referring to the Custom Installation section.

Command :

ps> .\main.ps1

Accept all the prompts (eg: yes/y/Y) and give the middle-tier server user (eg: ifs) password when requested.

2. Configure Java, Helm and Kubectl

Java, Helm and Kubectl are required to run the ifscloud installer and need to be accessible from a powershell prompt. Add the full path to ifsroot\bin\jdk\bin and to ifsroot\bin and your windows path to (open app "edit system environment variables") or add them to the PATH environment variable.

Open a new powershell and try to start java, helm and kubectl from there.

ps>  java  -version  
ps>  helm  version  
ps>  kubectl  version   

All above commands should successfully show the version of the respective tool.

3. Verify Kubernetes Cluster Installation

  • Check if all the pods are in 'Running' status.
  • Check if the ip of the pods have been set to an IP within the range mentioned in the Ifs.PodCidrRange parameter of the ifsroot/config/main_config.json file.

4. Install IFS Cloud

Refer to the documentation on deploying a fresh install here: Deploy Fresh install

5. Install ifs-monitoring helm chart command.

IMPORTANT: EFK - Elasticsearch, Fluentd, and Kibana will be installed when the below command is executed. The primary purpose of Elasticsearch is to store and retrieve logs from fluentd. Fluentd forwards logs to elasticsearch. Kibana is a UI tool for querying, visualization of logs, and dashboards. EFK stack replaces ifs remote log client after 22R2 GA, 22R1 SU7, and 21R2 SU13.

The existing logging client uses a powershell command to generate a file on which the logs can be viewed. However for monitoring, instead of running a PowerShell command, you can access Kibana and Grafana using a URL and get real time logs and metrics.

Kube-Prometheus stack provides an end-to-end Kubernetes cluster monitoring with Prometheus. Grafana allows users to visualize metrics, explore, and share dashboards.

Before installing ifs-monitoring, you need to have IFS Cloud installed. Open the main_config.json file located at ifsroot/config and fill in the below variables. If the IFS Cloud namespace is ever deleted, the ifs-monitoring need to be deleted and re-applied. Otherwise the ingress certificates will be set to a "Fake self-signed certificate"

  • "Linuxhost" variables to the "yourvmname.yourdomain.com" (to create ingress endpoints for Elasticsearch, Kibana and Grafana)

  • "IFSCloudNamespace" variable to the namespace given at the time of IFS Cloud installation.

This command will install the ifs-monitoring helm chart to the middle tier server.

The first time, you will be prompted for Remote Artifactory credentials if you have not used them before.

Contact LE if you don't have these credentials yet.

ps>  .\main.ps1  -resource  'MONITORING'  

Follow the below documentation to access Grafana and Kibana Dashboards.

NOTE: For users in air-gapped environments who need to install additional Grafana plugins, please follow these steps:

Navigate to the following directory on your Management Server:
ifsroot > infrastructure > grafana-plugins

Run the plugin_installer:

ps> .\plugin_installer.ps1

TROUBLESHOOTING: If there is a slowdown in your VM or network during or after the ifs-monitoring installation, please follow the guidelines below before reinstalling the monitoring solution.

Step 1: Remove ifs-monitoring installation.
Here, please ensure not to remove ifs-monitoring namespace completely since it will cause unnecessary malfunctions in the system.
Run the following commands in order:

helm delete kibana -n ifs-monitoring
helm delete fluentd -n ifs-monitoring
helm delete ifs-monitoring-curator -n ifs-monitoring
helm delete elasticsearch -n ifs-monitoring
helm delete kube-prometheus-stack -n ifs-monitoring
helm delete eshook -n ifs-monitoring

Then view the PVCs created within the ifs-monitoring namespace:

kubectl -n ifs-monitoring get pvc

And remove all of the PVCs returned by the above command:

kubectl -n ifs-monitoring delete pvc <pvcname>

Step 2: Re-run the main.ps1 command:

ps>  .\main.ps1  -resource  'MONITORING'

Get Powershell Help

Get-Help ".\main.ps1"

Accept all the prompts.