Installation requirements¶
This topic provides guidance on the following actions:
Install limitations¶
The installer provides a single-node installation process.
Install requirements¶
The following tools and components are required in order to install Anaconda Team Edition:
Any Linux variant capable of supporting Docker (RHEL 7.x/CentOS)
Docker Engine 1.13.1+ or Docker CE/EE 17.04+ (Supports Compose format 3.1)
Docker Compose 1.11.0+ (Supports Compose format 3.1)
If SELinux is enabled, it cannot be in enforcing mode
Optional: TLS/SSL certs and DNS are ready (more information below)
The installer is a self-extracting binary (ate-x.x.x-installer.sh, where x.x.x is the version number) that contains the necessary components to run Anaconda Teams services. The basic requirements prior to installation are:
A host Linux operating system that can run the installer binary
Docker running on the host
Docker Compose installed and available on the command line
4 CPUs
8GB RAM
500GB storage space
Optional: TLS/SSL certificate requirements
Team Edition can use certificates to provide transport layer security for the cluster. It is required to have your TLS/SSL certs prior to installation, otherwise self-signed certificates can be generated during the initial installation. You can configure the platform to use organizational TLS/SSL certificates after completing the installation.
You may purchase certificates commercially, use Let’s Encrypt, or generate them using your organization’s internal public key infrastructure (PKI) system. When using an internal PKI-signed setup, the CA certificate is stored on the file system. You will need to make sure that the root certificate of your certificate authority is trusted by the server running the application and the workstations used by users of the application.
In either case, the configuration will include the following:
A certificate for the root certificate authority (CA)
An intermediate certificate chain
A server certificate
A private server key
Optional: DNS requirements
Web browsers use domain names and web origins to separate sites, so they cannot tamper with each other. If you want to use DNS, you must have it ready prior to installation. This DNS name is what users will use to access the application.
Security requirements¶
External — accessible outside of server
It is important to protect all services running on the node from outside access.
The exceptions are ports 22, 80, 443, which need to be exposed.
:22- SSH (secure shell)nginx - nginx instance serving Team Edition UI; acts as API gateway for other services (
:80/:443)
Internal — accessible only within server
Note
This is only necessary in a multi-node install. Please contact your implementation representative for more information.
Anaconda Team Edition uses several ports for internal communication between components. These ports do not need to be open to the end user.
repo - Team Edition API (
:5000)repo-proxy - Team Edition file serving API proxy (
:5002)repo-dispatcher - Team Edition event dispatcher/handler (
:5000exposed only for prometheus metrics)repo-worker - Team Edition scheduled jobs worker (
:5000exposed only for prometheus metrics)keycloak - keycloak’s
/auth/*endpoints are proxied in Nginx (:8080)postgres - Postgresql database used by Team Edition and Keycloak (
:5432)redis - Redis instance used by Team Edition services (
:6379)prometheus - Prometheus is proxied in Nginx at
/Prometheus(:9090)
By default, Anaconda Team Edition will install internal instances of Postgres and Redis databases.
To change the postgres user password, run \password postgres when in the shell of the postgres container.
To change the redis user password, follow the instructions under Troubleshooting.
If you are providing your own Postgres and/or Redis databases running on host(s) separate from Anaconda Team Edition, you can connect on the ports above. For example, if you already have a Postgres database, it can connect over port 5432. The port numbers for Postgres and Redis are also configurable during installation to suit your existing environment.