Standalone Installer
The usage manual for the standalone installer
What Is Standalone Installer
The standalone installer is a software made to install all Oz Forensics modules to customers servers, performing all required settings related to personal topology and customer requirements.
This installer is intended to deploy the software to servers directly, under the server administration user account. The direct access to the Internet can be provided or not (with some notes). Linux OS should be preinstalled with the ability to connect with full access via SSH.
For installation to OpenShift and other orchestrators, please contact us.
Prerequisites
Server Requirements
Oz Biometry / Liveness Server
CPU: 16 cores
RAM: 24 GB
Disk: 80 GB
Oz API / Web UI / Web SDK Server
CPU: 8 cores
RAM: 16 GB
Disk: 300 GB
Please check the OS version with our team.
Kubernetes (K8s) Requirements
Kubernetes version: 1.27.
Mandatory components:
Prometheus (Helm chart version (kube-prometheus-stack) – 45.7.1),
Nginx Ingress Controller (Helm chart version – 4.7.1, please find our Helm chart repository here),
ClusterIssuers.
Optional components:
Any Storage Class that supports the ReadWriteMany (RWX) mode.
Node resources’ requirements:
CPU Architecture: Intel
CPU/Memory: same as described in Server Requirements.
If you want to configure the values yourself, please contact us.
Preparation
Request a list of clients’ URLs and the corresponding SSL certificates.
Check that all servers are accessible via the local network.
Check that access is allowed either via SSH with authorization by password or by key file and sudo without password.
For the installation, we recommend Docker or Podman. Alternatively, you need the Internet to download and install Docker or Podman automatically.
Docker version 19.03 and higher and Docker Compose version 1.27 and higher (should be installed in
/usr/sbin
);
or
Podman version 4.4 and higher (with netavark and aardvark-dns modules) and podman-compose.
To install the balancer (only in case your installation bundle include it), we recommend installing nginx (version >= 1.17.5). Additionally, SELinux should be switched to permissive mode (for CentOS and Redhat only). Alternatively, the Internet should be accessible for automatic download and installation.
Check the availability of license service by address https://api.cryptlex.com for servers. The client’s firewall should be opened for this address.
Check that AVX flags for CPU on BIO host are supported. To verify this, run the
lscpu | grep -E 'avx256|avx512' | wc -l
command. The response should be 1.The client’s firewall should not block:
any running scripts or binary image supplied;
any local ports for the processes’ intercommunication (docker networks: 192.168.0.1/24, 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24);
ports 80, 8000, 8080, 8090 on the API server and port 8091 on the BIO server;
port 5432 for the additional Postgres installations.
Please be ready to terminate the HTTPS connection and decrypt the traffic before forwarding it to the API server. This is typically done by a firewall or other security device.
It is important that you warn our team about all non-typical and/or non-official software or services preinstalled on the host servers.
How to Get the Installer
Request your personal copy of the installer with the preliminary ordered product bundle for your test or production environment.
Trial bundle
You can order a trial bundle for free. For this bundle, you'll need two servers meeting system requirements listed above.
How to Run the Installer
To run the installer, you need any machine with Windows or Linux matching the following system requirements:
1 GB RAM, 1 CPU, 3 GB hard drive
Windows 10+ (recommended)
Linux 64 bit (Python 3.7 is required)
Prepare the Installer
Download and unpack your personal installer bundle.
Put the required configuration to the settings.yml
file. The most important settings are described below. Usually, it is only required to fill the authorization and variables sections.
Please note: the configuration file is your personal copy, sharing it with any 3rd side is prohibited.
Settings
Running
Run the command prompt with administrator's rights. Use the cd
command to go to the folder where the unzipped installer is located. Launch the installation.
Windows:
Linux:
Optional parameters:
filename
– filename with settings ('settings.yml' by default)private_key
– a path to the private SSH key (overwrites the appropriate option from settings file)key_password
– password to SSH key (if not specified, the system will ask to enter it in the console)ssh_password
– password for SSH logindebug
– generate additional logging information for support
Usage example:
For Linux, place the private SSH key into the installer directory and set up the corresponding path in configuration: /installer/priv_key
Troubleshooting
Every step of the installer echoes information to process.log
. To report any installation issues, please, attach that file to your ticket.
If the installation was interrupted by an issue, then, after the problem resolution, the process usually is allowed to continue. If it doesn't, be ready to reset servers to their original condition. You can try to solve the issue by adding the --debug
flag to the command line of the installer. You can also contact the Oz team for details.
Use the Putty ppk File for Connection
You need to extract the private part of the key and then specify the path to that file in section auth -> ssh_private_key
docker-compose: Command Not Found
This error could arise when the docker-compose tool was installed independently before the installer and default binary was set to /usr/local/bin
For the correct work of the installer, please, make a symbolic link:
Last updated