Install the TrustPortal services

TrustPortal services comprise a number of docker containers, connected via a docker network running on a docker host. All access to TrustPortal services is via a reverse proxy/load balancer, which is connected to the docker network of each TrustPortal instance. By default, the TrustPortal install script will install and configure the trustportal-reverse-proxy if a reverse proxy is not already installed.

The installation TAR file is available from the Blue Prism Portal and contains:

• A GenerateDeployFiles program which when executed will create a series of scripts to install TrustPortal services and deploy reverse proxy with self-signed certificates.
• An assets directory with icons and language files.
• MySQL scripts (init-db/update-db.sql) used to install or upgrade the TrustPortal schema.

Ensure you are connected to the internet before starting the installation.

1. Log into the Linux machine and verify that the docker service is running.

2. Copy the SERVICE_ASSIST2021-1.tar file into your Linux machine.

3. Un-TAR the TrustPortal compressed installation scripts:
   $ sudo tar xvf SERVICE_ASSIST2021-1.tar

   A GenerateDeployFiles program specific to your Linux version will display, for example:

   • GenerateDeployFiles.fedora (includes Fedora, CentOS and Rhel systems)
   • GenerateDeployFiles.ubuntu

   The format for using GenerateDeploy files is:

   $ sudo ./GenerateDeployFiles.<linuxtype> <PROD> <Version> <Install> <Linux>,
   for example ./GenerateDeployFiles.centos SERVICE_ASSIST 2021.1 Install Linux

4. When prompted to select the type of installation you require, enter 1, 2, 3, or 4. For the purpose of this example installation, we have used option 2.

   The installer provides four types of installation:

   Option	Description
   1	Full installation of all dockers on the TrustPortal server
   2	Partial installation with one API server connecting to MySQL, Redis or reverse proxy services
   3	Complex installation, with multiple API servers connecting to MySQL, Redis or reverse proxy services
   4	Software download only with no installation

5. When prompted, enter the following configuration details:
   • Instance Name – The name of the TrustPortal environnment (for example, “serviceassist”)
   • FQDN Common Name (FDQN CN) – The name of the domain for the environment (for example, ”local.net”). The instance name and FQDN CN should be the same as the DNS entry for the web (for example, “serviceassist.local.net”).
   • MySQL Master User– The administrator user (for example, root) already installed for MySQL.
   • MySQL Master Password – The administrator password already set for MySQL.
   • MySQL Service Assist User – The name of the user created during installation to be used by the API server to access the MySQL instance for day-to-day running of the TrustPortal environment.
   • MySQL Service Assist Password – The password for the user created during installation to be used the MySQL instance for day-to-day running of the TrustPortal environment.
   • License ID (User) – The ID that is used to pull the TrustPortal software from the repository. This is provided by TrustPortal.
   • Licence Key (Password) – The license key that is used to pull TrustPortal software from the repository. This is provided by TrustPortal.

   • License Filename – The name of the license file (for example, license.lic) provided by TrustPortal based on purchase of licenses.

     As part of the installation, the license file must be saved in the same directory where the GenerateDeployFiles program is executed. The license file is then automatically copied in the /var/local/<API URL>/config directory.

   • When prompted whether you require a specific network to connect to the API docker or not, enter N for no.

   • When prompted whether you are using a service for MySQL or Redis, enter M for MySQL. You will be prompted to confirm that you have a paid-for MySQL license before continuing, enter Y for yes.
     

     

   • MySQL Service URL – This is either the IP address or the FQDN of the machine on which you have installed the MySQL service.

   • MySQL Service Port – The port that the server listens on the specified MySQL service URL. Enter the port number used by your MySQL instance.

   • When prompted whether you are using an external reverse proxy (instead of the default NGINX reverse proxy provided with the installer) or not, enter N for no.

6. At this stage and if you haven't run the command to skip the pre-installation checks before starting the installation, the installer performs several pre-installation checks to ensure that:

   • TrustPortal will be installed in the correct environment.

   • The running OS and its version are supported.

   • The running docker version is supported and docker is currently running on the machine.

   • There is connectivity with the MySQL and Redis services if declared during installation and compatibility with the MySQL version installed. (This will require mysql-cli and redis-cli installed on the machine to perform the check).

   • There is connectivity with the Data Terminal Ready (DTR) to be able to pull the docker.

   • Security-Enhanced Linux (SELinux) is set to 'permissive' if enabled.

     If SELinux is enabled without being set to 'permissive', the installer will fail and you will have to set it to 'permissive' via the command sudo setenforce 0. For more details, see the installation prerequisites.

   • /etc/docker/daemon.json file exists (intended to remind of the requirement to configure docker log rotation).

     It is highly recommended to limit the number and size of docker logs, as without constraining these it is possible for the logs to fill system disks and crash the installation. For more details, see the installation prerequisites.

7. The GenerateDeployFiles program will generate a list of scripts in the format <SeqNo>-ServiceAssist-Deploy-<date:time>-<name>.<type>:

   
   

   Run the DoInstall script by using sudo bash ./DoInstall-ServiceAssist-<date:time>.sh to execute all the scripts and complete the installation.

Installation locations and containers

After a successful installation, there will be three docker containers running and three directories, see example below:

You can use use "sudo docker ps" to confirm the docker containers have been installed and are running.

Containers	Directories	Component
<INSTANCE NAME>.<FQDN CN>, e.g. serviceassist.local.net	/var/local/<INSTANCE NAME>.<FQDN CN>, e.g./var/local/serviceassist.local.net	API server
<INSTANCE NAME>redis.<FQDN CN>, e.g. serviceassistredis.local.net	/var/local/<INSTANCE NAME>redis.<FQDN CN>, e.g. /var/local/serviceassistredis.local.net	Redis cache
trustportal-reverse-proxy	/var/local/trustportal-reverse-proxy	NGINX reverse proxy

The web application configuration is located at:

<INSTANCE NAME>.<FQDN CN>/config/environment.json

The API server configuration is located at:

/var/local/<INSTANCE NAME>api.<FQDN CN>/config/config.json

Verify the installation

1. Check that your DNS record has been set up by entering ping serviceassist.local.net

   If this does not show a DNS route to the Linux server, you may have to manually add a temporary entry into the C:\Windows\System32\drivers\etc\hosts file until the DNS record is shown, for example 127.0.0.1 serviceassist.local.net serviceassistapi.local.net

2. Test the API connection via a browser on a device that has a connection to the Linux machine hosting your TrustPortal API server, for example https://serviceassist.local.net/trustportal or https://serviceassist.local.net/login

   If using self-signed certificates, you will need to accept the security exceptions your browser displays. A confirmation message displays if the connection is established.

3. If TrustPortal still won't start up, check that you have a valid license file.

   If the license file is incorrect, the API docker container will continually report “Restarting” and the API docker container logs will show errors (e.g. EVP_DecryptFinal_ex failed). The correct license file called license.lic must be placed in the /var/local/<API URL>/config directory.