Before starting to install HERO, you must check the following system prerequisites:
Verify that Docker and Docker Compose are installed, configured, and ready to use. For the required version, see System Requirements.
If you don't have Docker and Docker Compose already installed, see Installing Docker and Docker Compose.
HERO requires some values to be set for ulimit parameter, for Linux OS. See: How to verify and set ulimit parameter.
Verify the available virtual memory. See: How to verify and set the available virtual memory.
If you are installing HERO on RHEL or CentOS distros, SELinux must be set to Permissive or Disabled. See: How to set SELinux to permissive.
Verify that the Workload Automation user entitled to discover servers in HERO has access to the crontab command.
To install and configure HERO, run the following procedure.
From HCL License Portal download the appropriate HERO installation package.
HCL HERO V1.0.0.9
Hero is available with 2 different types of installation packages:
Installation package for offline installation: HCL_HERO_1.0.0.9_OFFLINE.tar.gz containing:
hero.tar.gz
hero-images.tar
install.sh
cert
Installation package for online installation: HCL_HERO_1.0.0.9_ONLINE.tar.gz containing:
hero.tar.gz
install.sh
cert
The online installation requires a working internet connection to reach the Entitled Registry that contains Hero images. Contact your HCL sales representative for the login details required to access the Entitled Registry.
Execute the following command to log into the Entitled Registry:
docker login -u <your_username> -p <your_entitled_key> hclcr.io
Hero images are as follows:
hclcr.io/slt/hero/hero_nginx :1.0.0.9
hclcr.io/slt/hero/hero_tomcat :1.0.0.9
hclcr.io/slt/hero/hero_configurer:1.0.0.9
hclcr.io/slt/hero/hero_elasticsearch:1.0.0.9
hclcr.io/slt/hero/hero_kibana:1.0.0.9
hclcr.io/slt/hero/hero-predictor:1.0.0.9
hclcr.io/slt/hero/hero_keycloak:1.0.0.9
For the selected installation package (offline or online), extract the content of the tar.gz file(s) into <BUILD_DIR>, a directory of your choice, using one of the extraction tools available on your system or downloadable from the internet. The tool you use must be able to keep the file permissions on the extracted files.
To install Hero using a custom SSL certificate instead of the default one, follow these steps:
i. Navigate to the <BUILD-DIR>\cert folder.
ii. Place the custom SSL certificate files (hero.key and hero.cert) in cert directory.
Note: Ensure that your custom files are named hero.key for the private key and hero.cert for the certificate.
Open a bash shell and get ready to install Hero.
From the <BUILD_DIR> directory, run the command:
Note: This function installs Hero on the target machine by utilizing the files and folder structure extracted from the provided shipping package.
By default, before starting the installation, Hero checks the installation prerequisites. If you want to skip this check, add the --skip-check-prereq parameter. For details, see the install.sh command usage.
./installHERO.sh --host <hostname> [ --skip-license-check, --port <port>, --install-path <install path>, --prune-docker-pv, --skip-check-prereq, --podman, --client-secret ]
| Parameter | Description | Mandatory |
|
--host <hostname> |
The hostname or IP address of the machine on which you are installing Hero. | Yes |
| --port <port> | The network port where you are installing Hero (default port is 443). | No |
| --install-path <install path> |
The path where you want to install Hero (default value is /opt/hcl). |
No |
| --skip-license-check | Use this option to skip the license check. | No |
| --skip-check-prereq | Use this option to skip the pre-requisites check. | No |
| --prune-docker-pv |
Use this option if you want to prune the docker volumes. |
No |
| --podman | Use this option for installation with the Podman container engine. | No |
| --client-secret | The client secret for the keycloak. | Yes |
The installation script dispalys the HCL Master License Agreement (MLA) for your acceptance. Scroll down or press the "q" key to quit. Type "Y" to accept the MLA.
The installation script runs the installation process, and verifies its successful completion.
Post installation steps
When the installation is complete, the following link is prompted to login to the HERO dashboard: https://<your_host_machine_address:port>/Dashboard
The installation script creates two default HERO user accounts:
userid test, password test, with user role
userid admin, password Hclsolutions00, with administrator role
Note:
At login time, if you enter wrong credentials, after 5 unsuccessful attempts you will be locked out for 30 minutes.
After completing the installation successfully, you can proceed to configure email alerts.
Use the Keycloak administration console to define new users, new roles, or change default passwords. You can access Keycloak administration console at the following link: https://<IP:PORT>/keycloak/auth/admin by using the following credentials:
userid=admin
password=admin
If you want, you can change Keycloak default password. For instructions, see Configuring Security.
Before adding environments to the HERO dashboard, verify that the installation process has created OpenSearch Dashboards default index pattern:
In the environment page, check if the KPI link appears on top of the server card.
If the link doesn't show up, manually set the OpenSearch Dashboards default index pattern by following the procedure in the Appendix.
To stop HERO (for example, after changing some configuration parameters), from the <install-path> directory, type docker-compose stop.
To restart HERO, from the <install-path> directory, type docker-compose start.
For any reference, you can find the manual installation procedure in the Appendix. It guides you to manually execute the steps run by the automatic installation script.
To manage HERO containers, run the following procedures from the <install-path> directory.
To gracefully stop/restart HERO, for example after reconfiguring HERO, run the following commands:
docker-compose stop
docker-compose start
docker-compose down
docker-compose up --build -d
This procedure doesn't reset the custom client secret if you have created one (see Configuring Security).
docker-compose down
docker volume rm <install-path>_hero-home
docker-compose up --build -d
This procedure doesn't reset the custom client secret if you have created one (see Configuring Security).
docker-compose down
docker volume rm <install-path>_hero-home <install-path>_ build_hero-db-data <install-path>_ build_hero-es-data <install-path>_ build_keycloak-nginx-ssl <install-path>_ build_pgdata
docker-compose up --build -d
This procedure resets also the custom client secret if you have created one (see Configuring Security). Reconfigure HERO with the default client secret or create a new one.
In addition, to delete also HERO images, run the following command:
docker rmi <install-path>] _tomcat <install-path>_prediction <install-path>_keycloak <install-path>_nginx <install-path>_kibana docker.elastic.co/kibana/kibana-oss docker.elastic.co/elasticsearch/elasticsearch-oss
This command completely uninstall HERO.
Every time a runbook is added, or a new monitor is created, run the following commands from the <install-path> directory:
docker stop hero-tomcat
docker rm hero-tomcat
docker volume rm <install-path>_hero-home (to remove the configuration volume)
docker-compose up --build -d
The dashboard.properties file contains general configuration parameters:
|
disk-space |
Minimum percentage for the disk space monitor to generate an alert. |
|
IPdashboard |
The URL of the HERO server used by the monitoring scripts. |
|
IPdashboard_curl_options |
The options used by the CURL command run by the monitoring scripts. Used for authentication purposes on the HERO server. |
|
elasticsearch_external |
The historical database (OpenSearch) URL to be used by the monitoring scripts running on the workstation. |
|
elasticsearch_curl_options |
The options for the CURL command run by the KPI scripts. Used for authentication purposes on OpenSearch.
|
|
Queue_< queue name >_limit |
Warning that notifies when the queue availability is lower than the limit that you set. Supported only for Workload Automation. |
|
esClientLink |
The link used by the HERO server to reach the Historical Database (OpenSearch). |
|
kibanaLink |
Link to OpenSearch Dashboards. |
|
scheduledTime |
The frequency of the scheduling operations for HERO monitors. |
|
esQueueMapping |
Template for creating the index on OpenSearch. |
|
esQueueDashboardTemplate |
Template for creating the queue dashboard. |
|
esQueueChartVisualizationTemplate |
Template for creating the chart visualization for the queue. |
|
esQueueGaugeVisualizationTemplate |
Template for creating the Gauge visualization for the chart in the dashboard. |
|
esQueuePanelJSONTemplate |
Template for creating the Queue panel. |
|
esThroughputMapping |
Template for creating the OpenSearch index for throughput. |
|
esThroughputChartVisualizationTemplate |
Template for the throughput visualization for the chart in the dashboard. |
|
esThroughputPanelJSONTemplate |
Template for creating the throughput panel. |
|
LaunchInContextUrl |
The url of the HERO UI that will be used in the alert emails. |
|
tempPath |
The path on the HERO Server where the monitor files will be stored before deploying. |
|
runbookLimit |
Maximum number of visualized runbooks. |
|
alertSmtpEmail |
Optional if you want to configure alerting by email. The sender email account [Example: username@gmail.com]. |
|
alertSmtpPassword |
Optional if you want to configure alerting by email. The password associated to the sender email account. |
|
smtpPasswordEncrypted |
Optional if you want to configure alerting by email. Set encryption for the alertSmtpPassword. Can be "true" or "false". If smtp is configured through HERO installation script, the value of smtpPasswordEncrypted parameter is set to "true" (default value). If you configure smtp manually, you must set smtpPasswordEncrypted to "false". |
|
alertSmtpServer |
Optional if you want to configure alerting by email. Fully qualified hostname of the SMTP Server that will be used by HERO to send alerts by email [Example: smtp.gmail.com]. |
|
alertSmtpPort |
Optional if you want to configure alerting by email. The port of the SMTP mail server. |
|
smtpTlsEnabled |
Optional if you want to configure alerting by email. Set the TLS enablement for smtp client while establishing a connection from HERO. Can be "true" or "false". Default value is "true". |
|
sslTrustStorePassword |
Optional if you are using a custom SSL truststore file for your JDBC connection, you are required to provide an SSLtruststore password. |
|
maxLogsShown |
Maximum number of visualized logs. |
|
pwdNeedsEncryption |
Require that alertSmtpPassword must be encrypted on the first execution of SMTP application. |
|
taskSchedulerThreadPoolSize |
Max number of threads for scheduled monitors. |
|
predictionIndexMapping |
Template to create the prediction index on OpenSearch. |
|
deployPath |
Home directory in which monitoring scripts are deployed. |
The ui.properties file configures the connection to the HERO web application services:
|
ip |
The hostname or IP address of the HERO server. |
|
port |
The port of the HERO server. Default value is 443. |
|
kibanaHost |
The hostname of the dashboarding service (OpenSearch Dashboards) that is reachable by the browser. |
|
kibanaPort |
The port of the dashboarding service (OpenSearch Dashboards) that is reachable by the browser. |
|
protocol |
The protocol to be used (http or https). |
|
wsProtocol |
The protocol used for the shell inside HERO, this protocol should be ws if the protocol property is http, otherwise this should be wss. |
|
sshPort |
The ssh port for the connection to other machines (usually 22). |
|
keycloak |
Used to configure the connection to Keycloak. Set this variable to the same value at which you set the Keycloak_URL parameter in the .tomcat.env file. For details, see Configuring Security. |
|
roles |
Available roles in the HERO Keycloak security configuration, separated by comma. |
|
clientSecret |
Used to configure HERO with a new secret in place of the default one. For details, see Configuring Security. |
If a re-configuration is done on dynamic files, such as dashboard.properties or ui.properties, restart docker-compose by running the following commands:
docker-compose stop
docker-compose start