Standalone Installer
The usage manual for the standalone installer
What Is Standalone Installer
The standalone installer is a software made to install all Oz Forensics modules to customers servers, performing all required settings related to personal topology and customer requirements.
This installer is intended to deploy the software to servers directly, under the server administration user account. The direct access to the Internet can be provided or not (with some notes). Linux OS should be preinstalled with the ability to connect with full access via SSH.
For installation to OpenShift and other orchestrators, please contact us.
Prerequisites
Server Requirements
Oz Biometry / Liveness Server
CPU: 16 cores
RAM: 32 GB
Disk: 80 GB
Oz API / Web UI / Web SDK Server
CPU: 8 cores
RAM: 16 GB
Disk: 300 GB
Please check the OS version with our team.
Kubernetes (K8s) Requirements
Kubernetes version: 1.27.
Mandatory components:
Prometheus (Helm chart version (kube-prometheus-stack) – 45.7.1),
Nginx Ingress Controller (Helm chart version – 4.7.1, please find our Helm chart repository here),
ClusterIssuers.
Optional components:
Any Storage Class that supports the ReadWriteMany (RWX) mode.
Node resources’ requirements:
CPU Architecture: Intel
CPU/Memory: same as described in Server Requirements.
If you want to configure the values yourself, please contact us.
Preparation
Request a list of clients’ URLs and the corresponding SSL certificates.
Check that all servers are accessible via the local network.
Check that access is allowed either via SSH with authorization by password or by key file and sudo without password.
For the installation, we recommend Docker or Podman. Alternatively, you need the Internet to download and install Docker or Podman automatically.
Docker version 19.03 and higher and Docker Compose version 1.27 and higher (should be installed in
/usr/sbin
);
or
Podman version 4.4 and higher (with netavark and aardvark-dns modules) and podman-compose.
To install the balancer (only in case your installation bundle include it), we recommend installing nginx (version >= 1.17.5). Additionally, SELinux should be switched to permissive mode (for CentOS and Redhat only). Alternatively, the Internet should be accessible for automatic download and installation.
Check the availability of license service by address https://api.cryptlex.com for servers. The client’s firewall should be opened for this address.
Check that AVX flags for CPU on BIO host are supported. To verify this, run the
lscpu | grep -E 'avx256|avx512' | wc -l
command. The response should be 1.The client’s firewall should not block:
any running scripts or binary image supplied;
any local ports for the processes’ intercommunication (docker networks: 192.168.0.1/24, 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24, 192.168.13.0/24);
ports 80, 8000, 8080, 8090 on the API server and port 8091 on the BIO server;
port 5432 for the additional Postgres installations.
Please be ready to terminate the HTTPS connection and decrypt the traffic before forwarding it to the API server. This is typically done by a firewall or other security device.
It is important that you warn our team about all non-typical and/or non-official software or services preinstalled on the host servers.
How to Get the Installer
Request your personal copy of the installer with the preliminary ordered product bundle for your test or production environment.
Trial bundle
You can order a trial bundle for free. For this bundle, you'll need two servers meeting system requirements listed above.
How to Run the Installer
To run the installer, you need any machine with Windows or Linux matching the following system requirements:
1 GB RAM, 1 CPU, 3 GB hard drive
Windows 10+ (recommended)
Linux 64 bit (Python 3.7 is required)
Prepare the Installer
Download and unpack your personal installer bundle.
Put the required configuration to the settings.yml
file. The most important settings are described below. Usually, it is only required to fill the authorization and variables sections.
Please note: the configuration file is your personal copy, sharing it with any 3rd side is prohibited.
Settings
# authorization block
auth:
ssh_user: # SSH user login
use_sudo: yes # use SUDO as
# full path to private ssh key. optional
ssh_private_key: C:\\cygwin64\\home\\user\\.ssh\\id_rsa
# variables block - could vary for your personal deploy bundle
# please, fill up variables in your copy, don't copy from this example
vars:
# usually, it contains IP addresses of servers by roles
api1: 130.193.58.196
api2: 178.154.232.159
bio1: 130.193.59.58
bio2: 130.193.57.151
text1: 178.154.232.69
balancer: 84.201.145.209
# also, login-password of API user with ADMIN role
common-login: [email protected]
common-password: 123456
# servers list. usually, it uses variable values from the block above
# it is not needed to change anything manually here
servers:
oz-api:
- $api1
- $api2
oz-api-balancer: $balancer
oz-webui:
- $api1
- $api2
oz-webui-balancer:
oz-webadapter:
- $api1
- $api2
oz-webadapter-balancer: $balancer
oz-bio:
- $bio1
- $bio2
oz-bio-balancer: $balancer
oz-text: $text1
# if nothing is defined here, the full API configuration
# will use the host of the database docker service
oz-db:
# precise settings block
settings:
# personal license key
license-key: "123456-123456-123456-123456-123456-123456"
# local path on each server to store configuration and data
working-directory: /opt/oz
# docker settings to `docker-daemon.json`
docker-daemon:
# address space to run containers via Docker
bip: 192.168.0.1/24
# address spaces to run containers via docker-compose
default-address-pools:
- base: 192.168.1.0/24
size: 24
# settings for Oz API
oz-api:
install: yes # turn on installation of the component
install-statistic: no # turn on installation of statistic submodule
balancer: yes # turn on installation of balancer for component
# domain name for external access to component
domain_name:
# SSL certificate and key for HTTPS access (optional)
domain_cert:
domain_key:
# the local path to the host where to save media files
media_path:
# login/password of ADMIN preinstalled account on Oz API
admin:
login: $common-login
password: $common-password
# configuration to config.py - check details in Oz API section of knowledge base
config:
# network port to access component
# (in case of SSL certificate installation, it is always 443)
port: 80
# settings for Oz Liveness Web Adapter
# settings, named the same as in the Oz API block, see above
oz-webadapter:
install: yes
balancer: yes
domain_name:
domain_cert:
domain_key:
# https address for redirect GET request of root /
# by default, demo page here
redirect_url:
# configuration to app_config.json
config:
port: 88
# settings for Oz Web UI
# settings, named the same as in the Oz API block, see above
oz-webui:
install: yes
balancer: yes
domain_name:
domain_cert:
domain_key:
# login/password for service account, is needed to synchronize database
admin:
login: admin
password: admin
# configuration to .env
config:
port: 80
# settings for database for Oz API
oz-db:
# turn on installation of Postgres on the same machine with Oz API
# if "no" is chosen, then Oz API connects to external database
# in that case external address external address is specified in block
# servers -> oz-db
install: yes
# master - password for Postgres, in case of chosen installation
psql_password: CHANGEME
# database name
database: gateway
# login and password for database
user_name: gateway_user
user_password: CHANGEUSERPASS
# Settings for Oz Bio (Liveness + Biometry)
# settings, named the same as in the Oz API block, see above
oz-bio:
install: yes
balancer: yes
# settings and list of models are not intended to be modified by customer
settings:
models:
Running
Run the command prompt with administrator's rights. Use the cd
command to go to the folder where the unzipped installer is located. Launch the installation.
Windows:
oz-installer.cmd install [parameters]
Linux:
chmod +x oz-installer.sh
./oz-installer.sh install [parameters]
Optional parameters:
filename
– filename with settings ('settings.yml' by default)private_key
– a path to the private SSH key (overwrites the appropriate option from settings file)key_password
– password to SSH key (if not specified, the system will ask to enter it in the console)ssh_password
– password for SSH logindebug
– generate additional logging information for support
Usage example:
install.cmd filename=settings.prod.yml key_password=psyco --debug
Troubleshooting
Every step of the installer echoes information to process.log
. To report any installation issues, please, attach that file to your ticket.
If the installation was interrupted by an issue, then, after the problem resolution, the process usually is allowed to continue. If it doesn't, be ready to reset servers to their original condition. You can try to solve the issue by adding the --debug
flag to the command line of the installer. You can also contact the Oz team for details.
Use the Putty ppk File for Connection
You need to extract the private part of the key and then specify the path to that file in section auth -> ssh_private_key
docker-compose: Command Not Found
This error could arise when the docker-compose tool was installed independently before the installer and default binary was set to /usr/local/bin
For the correct work of the installer, please, make a symbolic link:
ln -s /usr/local/bin/docker-compose /usr/sbin/docker-compose
Last updated
Was this helpful?