- 27 Nov 2024
- Print
- PDF
Linux (Docker) Installation/Upgrade Instructions
- Updated on 27 Nov 2024
- Print
- PDF
Installation/upgrade with a MySQL database
This guide describes how to install SysAid with Docker using an MySQL database for both new installations and upgrades. For information on SysAid requirements, see SysAid System Requirements.
This guide is relevant from version 20.1.14 and above. For versions lower than that, please see this guide.
Before you begin this process, please ensure that you have Python 3.5 or above installed.
New Installation
If this is a new installation of SysAid, the first step is to prepare your SQL database.
This involves:
- Creating an empty SysAid database with the necessary privileges on your running SQL server.
- Configure the database to allow remote login.
Create an empty database on a MySQL server
Run:mysql -u<user> -p<Password>
create database sysaid;
grant all privileges on <DB name>.* to <DB user name>@'%' identified by '<Password>';
Instead of granting all IP addresses, you can grant permissions to the docker subnet - usually “172.17.0.%”, but you need to verify it after docker-ce installation (“docker0” interface in “ifconfig”).
For example:grant all privileges on sysaid.* to root@'172.17.0.%' identified by 'Password1';
Then run:flush privileges;
Allow remote login
Example texts included here apply to My SQL servers.
- On your MySQL server, edit the relevant configuration file:
- Ubuntu / Debian :
/etc/mysql/mysql.conf.d/mysqld.cnf
or/etc/mysql/my.cnf
- CentOs: /etc/my.cnf -
- If no “bind-address” line exists, continue to the next step.
If there is a “bind-address” line, update it to:bind-address = 0.0.0.0
- Verify below lines are commented out, if they exist at all.
# skip-networking
# skip-external-locking
- If needed, Open iptables rules.
- If no “bind-address” line exists, continue to the next step.
- Ubuntu / Debian :
- Run /usr/bin/mysql_secure_installation
- Update your DB details and answer “n” to the question:Disallow root login remotely?
- CentOS-7 - add SQL port access to firewall:
firewall-cmd --zone=public --add-port=3306/tcp --permanent ; service firewalld restart
- Restart SQL server:
- MySQL: Ubuntu / Debian- /etc/init.d/mysql restart
- CentOS - service mysql restart
- On your Linux server, install MYSQLclient (if not already installed):
- Ubuntu:
apt-get install mysql-client
- CentOS:
yum install mysql
- Verify you can access sql db. For example:
mysql -h<sql server IP>
-u<user> -p<Password> - Verify you are getting the sql prompt.Note:Do not continue with this procedure unless you can access the SQL server from the Linux docker unit.
- If the connection fails, check that the database exists, privileges have been granted, bind-address has been opened, FW open, etc.
- Ubuntu:
Continue with the General preparations instructions below.
Upgrade
If you are upgrading your SysAid installation, follow the instructions below.
If you are using MySQL server, make sure that SysAid can connect to the DB:
Run:
mysql -u<user> -p<Password>
grant all privileges on <DB name>.* to <DB user name>@'%' identified by '<Password>';
flush privileges;
Instead of granting all IP addresses, you can grant permissions to the docker subnet - usually “172.17.0.%”, but you need to verify it after docker-ce installation (“docker0” interface in “ifconfig”).
For example:
grant all privileges on sysaid.* to root@'172.17.0.%' identified by 'Password1';
Then run:flush privileges;
Follow the instructions in the General Preparations and Install/Update SysAid Server on Docker sections below.
General preparations
- On your Linux machine, copy the following files to the working directory:
docker-compose.yml
pre_requisites.sh
requirements.txt
SysAid.py
activation.xml
(the account’s activation file)
The installer files need to be redownloaded with every version upgrade.
- If the unit has an external network connection, the script automatically fetches the needed packages.
- For faster and clearer output of the preparation script, run it before the upgrade:
Ubuntu / Debian:apt-get update -y && apt-get upgrade -y
CentOS:yum update -y
- Give execution permissions by running “chmod +x pre_requisites.sh” on the working directory
- Run the preparation script:
./pre_requisites.sh - this will install all the required packages - Validate that the script finished successfully. If the script fails, fix the problem and rerun the script.
Install/update SysAid server on Docker
- If you have proxy on this server, see Enable Docker pull with proxy, below.
- Copy SysAid.py to server and run it
- run: python3 SysAid.py install
- Supply all the requested info:
Command Prompt Description please confirm running the configuration tool (Y/n): This step is asking you if you want to configure the installation of SysAid
enter db kind (localhostDB,remoteDB,dockerDB): Select the DB where is your DB (same computer as SysAid, different computer, inside a docker)
enter db type (mysql): What type of DB you are using
enter db user [root]: The DB user SysAid will use to connect to the DB
enter db password: The password of the selected user on the previous step (the password will not be visible while you type) please enter DB timezone Select the time zone where the DB is located (please type as shown on the screen, it is case sensitive) enter db name [sysaid]: Select the name of the DB where SysAid will be installed enter sysaid ip/url [IP]: Select the IP address SysAid will be reachable (the default value will be the internal IP) do you want to enable old TLS versions? (y/N): Select if you want to use TLS 1.2 or not please enter max memory for SysAid (units: k/m/g, e.g.: 1048576k/1024m/1g) [2g]: Select the amount of RAM you want to allocate to SysAid do you want to copy certificate? (Y/n): Select if you want to upload an SSL certificate to SysAid do you want to enable http to https redirection? (Y/n): Select if you want to redirect your HTTP port to the HTTPS port
Please note that this only redirects to HTTPS port 8443 regardless of whatever custom ports are configured.please specify a custom http port [8080]: Select HTTP port. Note: When you configure a custom port, SysAid docker also listens on the default port (8080). To disable the default port, see the section below.
please specify a custom https port [8443]: Select HTTPS port
Note: When you configure a custom port, SysAid docker also listens on the default port (8443). To disable the default port, see the section below.
- Verify installation was successful:
- Follow installation progress by running:
docker logs -f sysaid_sysaid_1
- When the installation finishes successfully, you should see the line:
******** WELCOME TO SYSAID ! **********
- Follow installation progress by running:
- Wait a few minutes and check that the SysAid web page is up at:
http://<IP>:<SysAid port>
(IP of the Linux machine with the SysAid docker installation). - At the end of this stage you will have a container running.
“docker ps” output should look something like this:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1b3552a85356 sysaidserver:1.0 "/SysAid/SysAid_co..." 23 minutes ago Up 23 minutes 0.0.0.0:8080->8080/tcp sysaid_sysaid_1
- SysAid persistency content can be found on the Linux machine under:
/opt/sysaid/data
On this folder we keep the files that need to be kept after stopping SysAidSysAid can be stopped and started with the following commands:
Stop:
cd/opt/sysaid and run
docker compose down
Start:
cd/opt/sysaid and run
docker compose up -d
Enable Docker pull with proxy (optional)
If you have proxy on your Linux server, you need to enable the docker pull via proxy.
On Ubuntu:
- Create a systemd drop-in directory for the docker service:
mkdir /etc/systemd/system/docker.service.d
- Create a file
/etc/systemd/system/docker.service.d/http-proxy.conf
that adds the HTTP_PROXY environment variable:[Service]
Environment="HTTP_PROXY=http://<proxy_host>:<proxy_port>/"
Or, if you are behind an HTTPS proxy server, create a file called /etc/systemd/system/docker.service.d/https-proxy.conf that adds the HTTPS_PROXY environment variable:[Service]
Environment="HTTPS_PROXY=https://<proxy_host>:<proxy_port>/"
- Flush changes:
sudo systemctl daemon-reload
- Verify that the configuration has been loaded:
sudo systemctl show --property Environment docker
You should see the environment you updated. - Restart Docker:
sudo systemctl restart docker
The above instructions were taken from docker official site and can be found here:
https://docs.docker.com/engine/admin/systemd/#httphttps-proxy
Disable default ports (optional)
Even if you configure a custom port, SysAid docker also listens on the default ports. You can disable this functionality by editing the YML file you extracted before running the installer.
Please note that if you disable port 8443, HTTP to HTTPS redirection will not work.
To disable the default ports
- Before you run the installer, open the docker-compose.yml file that you extracted.
- Remove the lines that mark the default ports that you want to disable.
- Save the modified file.
Security guidelines and instructions to follow:
If you are hosting SysAid via our installed in-house solution, please make sure you follow the security guidelines below:
Security guidelines and instructions to follow:
- Make sure you are installing the latest version of SysAid and are regularly following our website for updates.
- Make sure the server you are running SysAid on is updated to the latest OS versions and security patches.
- Make sure access to the Server where SysAid is installed is accessible only from your local network or VPN and via 2FA
- Make sure you have security controls such as EDR (Endpoint Detection and Response) and WAF installed on your SysAid server, like any other application in your network that needs to be
- It is strongly recommended to block access from the outside world to your SysAid Server, if for business reasons you need access to the server from the outside world make sure to take actions like installing a WAF and other security measures. Consider our Cloud SaaS solution which is secured by following the highest security industry standards.