Standard environment preparation

This topic provides guidance for preparing your environment before Standard installation.

Install requirements

Note

The installer provides a single-node installation process.

Software requirements

The installer is a self-extracting binary (ate-x.x.x-installer.sh, where x.x.x is the version number) that contains the necessary components to run Anaconda Teams services. The basic requirements prior to installation are:

  • Any Linux variant capable of supporting Docker

  • Docker Engine 1.13.1+ or Docker CE/EE 17.04+ (Supports Compose format 3.1)

  • Docker Compose 1.11.0+ (Supports Compose format 3.1)

  • If SELinux is enabled, it cannot be in enforcing mode

  • Optional: DNS record and TLS/SSL certs (more information below)

Some additional recommendations:

  • RHEL7/CentOS7: This is our customers’ most common selection to date, and the variant we have the most experience supporting. The versions of Docker and Docker-compose available through the default yum package repository are sufficient.

  • Ubuntu 20.04 LTS: This has proven to be a reliable choice for customers as well, using the versions of Docker and Docker-Compose available in the default apt-get package repository.

  • RHEL8/CentOS8: Installing ATE on these variants is possible, but requires additional effort. Because RedHat has replaced its Docker offering with Podman, Podman must be removed from the installation Docker and Docker-Compose installed from third-party sources.

  • Other Linux variants that provide full support for Docker and Docker-Compose are likely to work as well, but we invite you to inquire with the Anaconda implementation team for our most up-to-date experience.

For Docker, the default log driver must be configured to the json-file.

For Red Hat systems, please refer to the Default options for modifying docker daemon options. To verify that you’re running the json-file, run the following command:

docker info --format '{{.LoggingDriver}}'

Hardware requirements

  • 4 CPUs

  • 8GB RAM

  • 1TB storage space

Warning

Our recommended storage space only accounts for Anaconda’s default channels; if you wish to mirror additional channels or upload additional packages, please allocate more storage accordingly.

Optional: TLS/SSL certificate requirements

Team Edition can use certificates to provide transport layer security for the cluster. It is required to have your TLS/SSL certs prior to installation, otherwise self-signed certificates can be generated during the initial installation. You can configure the platform to use organizational TLS/SSL certificates after completing the installation.

You may purchase certificates commercially, use Let’s Encrypt, or generate them using your organization’s internal public key infrastructure (PKI) system. When using an internal PKI-signed setup, the CA certificate is stored on the file system. You will need to make sure that the root certificate of your certificate authority is trusted by the server running the application and the workstations used by users of the application.

In either case, the configuration will include the following:

  • A certificate for the root certificate authority (CA)

  • An intermediate certificate chain

  • A server certificate

  • A private server key

Optional: DNS requirements

Web browsers use domain names and web origins to separate sites, so they cannot tamper with each other. If you want to use DNS, you must have it ready prior to installation. This DNS name is what users will use to access the application.

Security requirements

External — accessible outside of server

It is important to protect all services running on the node from outside access. The exceptions are as shown below:

  • :80 nginx - only if you are using HTTP

  • :443 nginx - only if you are using HTTPS

  • :22 ssh - optional; only if you need SSH

Internal — accessible only within server

Note

This is only necessary in a multi-node install. Please contact your implementation representative for more information.

Anaconda Team Edition uses several ports for internal communication between components. These ports do not need to be open to the end user.

  • :5000 repo - Team Edition API

  • :5002 repo-proxy - Team Edition file serving API proxy

  • :5000 repo-dispatcher - Team Edition event dispatcher/handler (exposed only for prometheus metrics)

  • :5000 repo-worker - Team Edition scheduled jobs worker (exposed only for prometheus metrics)

  • :8080 keycloak - keycloak’s /auth/* endpoints are proxied in Nginx

  • :5432 postgres - Postgresql database used by Team Edition and Keycloak

  • :6379 redis - Redis instance used by Team Edition services

  • :9090 prometheus - Prometheus is proxied in Nginx at /Prometheus

To change the postgres user password, run \password postgres when in the shell of the postgres container.

To change the redis user password, follow the instructions under Troubleshooting.

After ensuring all requirements have been met, proceed to Standard installation to install Team Edition.