Deployment Guide
Solution Prerequisites
Â
Installation Steps
The Internet should be available on the machine where the application is being installed and connections on port 9242 should be allowed in the network firewall to carry out the installation steps. All the commands start with a # indicating that root user privileges are required to execute these commands. Trailing # is not a part of the command.
Allow ports in the firewall
For internal communication of the docker swarm, you'll need to allow communication (both inbound and outbound) on the ports: 8083/tcp,8084/tcp , 8085/tcp, 8086/tcp, 8087/tcp, 8844/tcp, 8834/tcp, 8443/tcp and 443/tcp.
To start the firewall on CentOS (if it isn't started already), execute the following commands. You'll have to execute these commands on all the cluster machines.:Â
systemctl enable firewalld
systemctl start firewalld
To allow the ports on CentOS firewall, you can execute the following commands. You'll have to execute these commands on all the cluster machines.
firewall-cmd --add-port=8083/tcp --permanent
firewall-cmd --add-port=8084/tcp --permanent
firewall-cmd --add-port=8085/tcp --permanent
firewall-cmd --add-port=8086/tcp --permanent
firewall-cmd --add-port=8087/tcp --permanent
firewall-cmd --add-port=8844/tcp --permanent
firewall-cmd --add-port=8834/tcp --permanent
firewall-cmd --add-port=8443/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --reload
Configure Log Rotation
Add the following lines in /etc/docker/daemon.json
 file (create the file if not there already) and restart the docker daemon using systemctl restart docker.Â
Perform this step on all the machines in the cluster in case of HA deployment.
{
"log-driver":Â "json-file",
"log-opts": {
"max-size":Â "50m",
"max-file":Â "3"
}
}
Creating Databases
Create a database for UMM and Supervisor Tools services in the MSSQL server with suitable names and follow the application installation steps.
Installing Application
Download the deployment script . This script will:
delete the supervisor-tools-deployment directory in the present working directory if it exists.
clone the supervisor-tools-deployment repository from GitLab in the present working directory.
To execute the script, give it the execute permissions and execute it.Â
chmod +x supervisor-tools-deployment.sh ./supervisor-tools-deployment.sh
For UCCE customers only, execute the following command
rm /root/supervisor-tools-deployment/docker/config/umm/permissions/tam.json
For UCCX customers only, uncomment the lines 71 - 81 from file
/root/supervisor-tools-deployment/docker/docker-compose.yml
It should looks like
tam: image: gitlab.expertflow.com:9242/supervisor-tools/team-administration:13.2.1 ports: - "8082:8080" env_file: - ${PWD}/docker/environment-variables/environment-variables.env restart: always volumes: - ${PWD}/docker/trustStore:/usr/local/trustStore networks: - st
Update environment variables  in the following files inside
/supervisor-tools-deployment/docker/environment_variables
 folder.Update UMM environment variables in theÂ
umm-environment-variables.env
file.Update Supervisor Tools Environment variables in theÂ
environment-variables.env
. See also, Caller Lists Environment Variables to specify variables of the Caller Lists microservice.
Get domain/CA signed SSL certificates for SupervisorTools FQDN/CN and place the files inÂ
/root/supervisor-tools-deployment/docker/certificates
 folder. The file names should beÂserver.crt
 andÂserver.key
.Copy the supervisor-tools-deployment directory to the second machine for HA. Execute below commandÂ
scp -r supervisor-tools-deployment root@machine-ip:~/
Go to the second machine and update the environment variables where necessary.
Execute the following commands inside /root/supervisor-tools-deployment directory on both machines.
chmod 755 install.sh ./install.sh
Run the following command to ensure that all the components are up and running. The screenshot below shows a sample response for a standalone non-HA deployment.Â
docker ps
Â
Note: All machines and virtual IP should be on the same subnet for HA testing.
Virtual IP configuration
Repeat the following steps for all the machines in the HA cluster.
Download keepalived.sh script and place it in
/root
 the directory.Give execute permission and execute the script:Â
chmod +x keepalived.sh ./keepalived.sh
Configure keep.env file insideÂ
/root/keep-alived
 folder Update the SERVER_URL in
/supervisor-tools-deployment/docker/environment_variables
to hold Virtual IP for front-end.Give the execute permission and execute the script on both machine.
chmod +x keep-command.sh ./keep-command.sh
Finesse Gadget Deployment
SMBv2 Commands:
Following are the commands to enable and disable SMBv1 and SMBv2 on the SMB server component.
Detect if SMB1 enabled
Get-SmbServerConfiguration | Select EnableSMB1Protocol
Enable SMB1
Set-SmbServerConfiguration -EnableSMB1Protocol $true
Disable SMB1
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Detect if SMB2 enabled
Get-SmbServerConfiguration | Select EnableSMB2Protocol
Enable SMB2
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Disable SMB2
Set-SmbServerConfiguration -EnableSMB2Protocol $false
For more info you can check:How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
Adding License
Browse to http://<MACHINE_IP or FQDN>/umm in your browser (FQDN will be the domain name assigned to the IP/VIP).Â
Click on the red warning icon on right, paste the license in the field and click save.Â