Syndeia Cloud Installation Instructions for RHEL/CentOS7
Single Node Setup Instructions:
Pre-requisites:
1. Ensure you have the syndeia-cloud-3.4.zip (or latest service pack) downloaded to your home directory from the download/license instructions sent out by our team.
Note: the .ZIP will pre-create a separate folder for its contents when extracted so there is no need to pre-create a separate folder for it.
2. Review Syndeia Cloud's recommendations, ie: (Open|Oracle)JDK/JRE, memory, FS selection, params, etc. in Deployment.
Note: Syndeia Cloud can be deployed on a different machine VS Cassandra but these steps will focus on a single-node deployment.
3. Provide security credentials for Java JMX according to Appendix C3.5
4. When using firewalls, ensure at least the following port(s) are accessible from client machines:
| Purpose | TCP Port |
|---|---|
| HTTP for Syndeia | 9000 |
| HTTPS for Secure Syndeia | 9443 |
(consult your local network administrator for all policies or technical details)
5. For observability, optionally, if you use JMX monitoring (or Grafana), the following TCP ports need to be opened in your firewalls for any monitoring workstations:
SC service | JMX port # |
|---|---|
sc-auth | 31101 |
sc-store | 31102 |
sc-graph | 31103 |
sc-webgateway | 31100 |
sc-aras | 31112 |
sc-artifactory | 31116 |
sc-bitbucket | 31104 |
sc-confluence | 31105 |
sc-doors | 31115 |
sc-github | 31106 |
sc-gitlab | 31107 |
sc-jama | 31114 |
sc-jira | 31108 |
sc-sysmlv2 | 31112 |
sc-testrail | 31113 |
sc-twcloud | 31109 |
sc-wc | 31110 |
Downloading & Extracting Syndeia Cloud:
1. SSH to your designated Syndeia Cloud server as a user, not as root.
2. Set an environment var for the build version, ex: new_build_version=3.4.SP3_2022-07-01 ; export new_build_version
3. Create a new user and group named syndeia-cloud, ie: sudo useradd --system --user-group syndeia-cloud
Note, if you configured JMX, according to the prerequisite checks above, you already did this.
4. Run umask to ensure your user umask is set to 0002 and root's umask is set to 0022. If not, set it, ie: umask 0002, and then su && umask 0022
5. cd into the directory where you downloaded the Syndeia Cloud .ZIP
6. Unzip the main package, ie: unzip syndeia-cloud-${new_build_version}.zip
Note: if you don't have unzip installed, you may need to first install it via yum install unzip
IMPORTANT: please ensure you have enabled JMX monitoring per Appendix C3.5 (if for whatever reason you do not wish to use JMX, you can disable it post SC setup via the steps in Appendix C3.6).
Syndeia Cloud Database User Setup:
7. In a new terminal session, launch a CQLSH session (see Appendix C3.3 for instructions) & authenticate (see Appendix C3.1 on how to validate/configure this) with a superuser account (or have the Cassandra administrator authenticate) to do the following for you or your team:
Note1: If you ran the setup script specified in the JanusGraph setup page, this account should already be created and you can skip this section or just validate via LIST ROLES below.
Note2: If you have a user account you can check by running the CQL command LIST ROLES to list all roles to confirm your account has superuser privilege
$./cqlsh -u cassandra cassandra-syndeia-cloud.mycompany.com
Password:
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.0.15 | CQL spec 3.4.0 | Native protocol v4]
Use HELP for help.
cassandra@cqlsh> LIST ROLES;
role | super | login | options
------------------+-------+-------+---------
cassandra | True | True | {}
(1 rows)
cassandra@cqlsh>
8. Create a new syndeia_admin role and provide it with a new strong password, ie:
CREATE ROLE syndeia_admin WITH LOGIN = true AND SUPERUSER = true AND PASSWORD = '<syndeia_admin_strong_password>';
where <syndeia_admin_strong_password> is a strong password, ex: ‘M1Str9ngPass80rd' ( Avoid any of the following special characters: \?*[]+#&.{}$ )
Then, run the following command to list all roles and confirm syndeia_admin has login access (if you get an error from the CREATE command or do not see syndeia_admin listed in the LIST ROLES output, see Appendix C3.4)
LIST ROLES;
cassandra@cqlsh> LIST ROLES;
role | super | login | options
---------------+-------+-------+---------
cassandra | True | True | {}
syndeia_admin | True | True | {}
Installing, Configuring, and Starting Syndeia Cloud:
9. In the directory you downloaded and extracted the main .zip, run the install script from inside the bin directory, ie: ./syndeia-cloud-3.4_install.bash -SC_v ${. This will: new_build_version}
- install Syndeia Cloud 3.4 (or latest service pack) to /opt/icx/syndeia-cloud-${new_build_version} ,
- make syndeia-cloud:syndeia-cloud the owner,
- configure the application.conf files if necessary,
- generate a concatenated schema file,
- stop any existing Syndeia Cloud 3.4 processes,
- update/create a "current" symlink to the installed version,
- stop the Janusgraph service (on single-node deployments only),
- stop the Kafka service (on single-node deployments only),
- archive any old Kafka logs (on single-node deployments only),
- drop any old keyspaces & generate the new schema in the DB (Cassandra),
- start Kafka service (on single-node deployments only),
- start Janusgraph service (on single-node deployments only),
- initialize the Janusgraph configuration (on single-node deployments only),
- install a tmpfiles.d .conf file for syndeia-cloud,
- install systemd .target and .service files for syndeia-cloud microservices
- start all Syndeia Cloud microservices,
- create the superuser account, and
- create default repository-type data.
Note: you may be prompted for sudo authentication when installing to /opt/... you will also be prompted for your syndeia_admin password set previously
Note, If you are deploying SC 3.4 SP1 on a multi-node configuration where SC is not on the same machine as Cassandra or JG, please: a. ensure you have CQLSH installed, b. update JG_HOST on L42 in the provided conf/init/systemd/sc-graph.service file, c. update localhost with \localhost\ on L477-478 in the provided bin/syndeia-cloud-3.4_install.bash, and d. run the SC setup with the --multi_node or -m switch.
IMPORTANT: If you get an error at the end with the superuser (& setup) devops action failing (see screenshot below), it is most likely because you didn't adhere to (or ignored) the Minimum Requirements Note, you may need to scroll up at the end to see this.
or the superuser devops action appearing to succeed but not allowing a user to login to the web dashboard (see text),
15:08:15.457 [info] com.intercax.syndeia.cli.SyndeiaCli [] - Lagom Syndeia client
15:08:15.458 [info] com.intercax.syndeia.cli.SyndeiaCli [] - Action: setup
15:08:15.459 [info] com.intercax.syndeia.cli.SyndeiaCli [] - User: super.user
15:08:15.460 [info] com.intercax.syndeia.cli.SyndeiaCli [] - Mode: Prod
15:08:18.726 [info] akka.event.slf4j.Slf4jLogger [] - Slf4jLogger started
15:08:26.063 [error] com.intercax.syndeia.api.AuthApi [] - Sign in to Syndeia Cloud for super.user unsuccessful.
com.lightbend.lagom.scaladsl.api.transport.TransportException: {"statusCode":401,"message":"invalid.credentials","headers":{}}
at com.lightbend.lagom.scaladsl.api.transport.TransportException$.$anonfun$fromCodeAndMessage$2(Exceptions.scala:223)
at scala.Option.fold(Option.scala:175)
at com.lightbend.lagom.scaladsl.api.transport.TransportException$.fromCodeAndMessage(Exceptions.scala:223)
at com.intercax.syndeia.error.SyndeiaTransportException$.fromCodeAndMessage(SyndeiaTransportException.scala:29)
at com.intercax.syndeia.error.SyndeiaExceptionSerializer.fromCodeAndMessage(SyndeiaExceptionSerializer.scala:9)
at com.lightbend.lagom.scaladsl.api.deser.DefaultExceptionSerializer.deserialize(ExceptionSerializer.scala:100)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslServiceApiBridge.exceptionSerializerDeserializeHttpException(ScaladslServiceApiBridge.scala:82)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslServiceApiBridge.exceptionSerializerDeserializeHttpException$(ScaladslServiceApiBridge.scala:80)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslClientServiceCallInvoker.exceptionSerializerDeserializeHttpException(ScaladslServiceClientInvoker.scala:110)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslClientServiceCallInvoker.exceptionSerializerDeserializeHttpException(ScaladslServiceClientInvoker.scala:110)
at com.lightbend.lagom.internal.client.ClientServiceCallInvoker.$anonfun$makeStrictCall$3(ClientServiceCallInvoker.scala:222)
at scala.util.Success.$anonfun$map$1(Try.scala:255)
at scala.util.Success.map(Try.scala:213)
at scala.concurrent.Future.$anonfun$map$1(Future.scala:292)
at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:33)
at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:33)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
15:08:26.066 [error] com.intercax.syndeia.cli.SyndeiaCli [] - {"statusCode":401,"message":"invalid.credentials","headers":{}}
com.lightbend.lagom.scaladsl.api.transport.TransportException: {"statusCode":401,"message":"invalid.credentials","headers":{}}
at com.lightbend.lagom.scaladsl.api.transport.TransportException$.$anonfun$fromCodeAndMessage$2(Exceptions.scala:223)
at scala.Option.fold(Option.scala:175)
at com.lightbend.lagom.scaladsl.api.transport.TransportException$.fromCodeAndMessage(Exceptions.scala:223)
at com.intercax.syndeia.error.SyndeiaTransportException$.fromCodeAndMessage(SyndeiaTransportException.scala:29)
at com.intercax.syndeia.error.SyndeiaExceptionSerializer.fromCodeAndMessage(SyndeiaExceptionSerializer.scala:9)
at com.lightbend.lagom.scaladsl.api.deser.DefaultExceptionSerializer.deserialize(ExceptionSerializer.scala:100)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslServiceApiBridge.exceptionSerializerDeserializeHttpException(ScaladslServiceApiBridge.scala:82)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslServiceApiBridge.exceptionSerializerDeserializeHttpException$(ScaladslServiceApiBridge.scala:80)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslClientServiceCallInvoker.exceptionSerializerDeserializeHttpException(ScaladslServiceClientInvoker.scala:110)
at com.lightbend.lagom.internal.scaladsl.client.ScaladslClientServiceCallInvoker.exceptionSerializerDeserializeHttpException(ScaladslServiceClientInvoker.scala:110)
at com.lightbend.lagom.internal.client.ClientServiceCallInvoker.$anonfun$makeStrictCall$3(ClientServiceCallInvoker.scala:222)
at scala.util.Success.$anonfun$map$1(Try.scala:255)
at scala.util.Success.map(Try.scala:213)
at scala.concurrent.Future.$anonfun$map$1(Future.scala:292)
at scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:33)
at scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:33)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
... please run them manually, ie:
export SC_HOME=/opt/icx/syndeia-cloud-current ;
sudo -u syndeia-cloud ${SC_HOME}/devops-3.4-SP3/bin/devops -Duser.dir=${SC_HOME} -XX:+UnlockDiagnosticVMOptions -XX:LogFile=${SC_HOME}/logs/devops_JVM.log -DXloggc:devops_JVM_gc.log -Dsyndeia.client.action=superuser ;
sudo -u syndeia-cloud ${SC_HOME}/devops-3.4-SP3/bin/devops -Duser.dir=${SC_HOME} -XX:+UnlockDiagnosticVMOptions -XX:LogFile=${SC_HOME}/logs/devops_JVM.log -DXloggc:devops_JVM_gc.log -Dsyndeia.client.action=setup -Dsyndeia.client.username=super.user -Dsyndeia.client.password=syn45ia ;
If you wish to skip the automatic running of the devops actions at the end because you have an environment in which these actions do not succeed, you can pass the --skip_devops (or -s) parameter to the end of the script, ie: ./bin/syndeia-cloud-3.4_install.bash --skip_devops ( Note, this does NOT mean that the devops actions are "optional", this is simply providing a mechanism for you to run them manually after your system has "caught its breath" so to speak.)
10. Validate correct operation and create/update an archive image to use as a new base image if the node needs to be rebuilt or if you wish to create a cluster.
Before making the image you may wish to first stop and optionally disable Syndeia Cloud's services temporarily to prevent auto-start on boot, ie: sudo systemctl disable sc.target
Managing Syndeia Cloud:
11. To check the status of Syndeia Cloud services, use systemctl status <service_name>; where <service_name> = one of sc-auth|sc-store|sc-graph|sc-web-gateway|sc-aras|sc-artifactory|sc-bitbucket|sc-confluence|sc-doors|sc-github|sc-gitlab|sc-jama|sc-jira|sc-sysmlv2|sc-testrail|sc-twcloud|sc-wc
12. To stop/start the Syndeia Cloud services, use sudo systemctl <action> <service_name>; where <action> = one of start|stop, and <service_name> = one of sc-auth|sc-store|sc-graph|sc-web-gateway|sc-aras|sc-artifactory|sc-bitbucket|sc-confluence|sc-doors|sc-github|sc-gitlab|sc-jama|sc-jira|sc-sysmlv2|sc-testrail|sc-twcloud|sc-wc
Note: If you wish to ensure the services run on startup, run sudo systemctl enable <service_name>; where <service_name> = one of sc-auth|sc-store|sc-graph|sc-. For more information on installing the web-gateway|sc-aras|sc-artifactory|sc-bitbucket|sc-confluence|sc-doors|sc-github|sc-gitlab|sc-jama|sc-jira|sc-sysmlv2|sc-testrail|sc-twcloud|sc-wc.service files manually and configuring them to start after Cassandra, see Setting up Services to Start on Boot.
13. To tail or view the logs for any Syndeia Cloud service, use either sudo journalctl -feu sc-<service_name> or less /opt/icx/syndeia-cloud-${new_build_version}/logs/<service_name>.log; where <service_name> = one of auth|store|graph|web-gateway|sc-aras|sc-artifactory|sc-bitbucket|sc-confluence|sc-doors|sc-github|sc-gitlab|sc-jama|sc-jira|sc-sysmlv2|sc-testrail|sc-twcloud|sc-wc
Validating Syndeia Cloud Installation & Configuration:
14. Verify if syndeia_admin has all the permissions on the syndeia keyspace, ie:
LIST ALL PERMISSIONS OF syndeia_admin;
15. On the server and/or your local machine, launch a web browser & check the following to validate that the application is correctly running:
15.1. http://<syndeia_server_FQDN>:9000 should give you:
To login as the default administrator and create users, see the User Management section.
15.2 Once logged in, please verify you see a bar graph get rendered (and not a never-ending spinner followed by an error message) on the Dashboard home page and the version is shown correctly under Help > About in the sidebar.