Linux (Docker) Installation/Upgrade Instructions
    • 13 Dec 2023
    • PDF

    Linux (Docker) Installation/Upgrade Instructions

    • PDF

    Article Summary

    Installation/upgrade with a MySQL database

    This guide describes how to install SysAid with Docker using an MySQL database for both new installations and upgrades. For information on SysAid requirements, see SysAid System Requirements.

    This guide is relevant from version 20.1.14 and above. For versions lower than that, please see this guide.

    Before you begin this process, please ensure that you have Python 3.5 or above installed.

    New Installation

    If this is a new installation of SysAid, the first step is to prepare your SQL database.

    This involves:

    1. Creating an empty SysAid database with the necessary privileges on your running SQL server.
    2. Configure the database to allow remote login.

    Create an empty database on a MySQL server

    Run:
    mysql -u<user> -p<Password>
    create database sysaid;
    grant all privileges on <DB name>.* to <DB user name>@'%' identified by '<Password>';

    Instead of granting all IP addresses, you can grant permissions to the docker subnet - usually “172.17.0.%”, but you need to verify it after docker-ce installation (“docker0” interface in “ifconfig”).
    For example:
    grant all privileges on sysaid.* to root@'172.17.0.%' identified by 'Password1';
    Then run:
    flush privileges;

    Allow remote login

    Example texts included here apply to My SQL servers.

    1. On your MySQL server edit relevant configuration file:
      • Ubuntu / Debian : /etc/mysql/mysql.conf.d/mysqld.cnf or /etc/mysql/my.cnf
      • CentOs: /etc/my.cnf -
        1. If no “bind-address” line exists, continue to next step.
          If there is a “bind-address” line, update it to:bind-address = 0.0.0.0
        2. Verify below lines are commented out, if they exist at all.
          # skip-networking
          # skip-external-locking
        3. If needed, Open iptables rules.
    1. Run /usr/bin/mysql_secure_installation
      • Update your DB details and answer “n” to the question:Disallow root login remotely?
    2. CentOS-7 - add SQL port access to firewall:
      firewall-cmd --zone=public --add-port=3306/tcp --permanent ; service firewalld restart
    3. Restart SQL server:
      • MySQL: Ubuntu / Debian- /etc/init.d/mysql restart
      • CentOS - service mysql restart
    4. On your Linux server, install MYSQLclient (if not already installed):
      • Ubuntu: apt-get install mysql-client
      • CentOS: yum install mysql
      • Verify you can access sql db. For example: mysql -h<sql server IP>-u<user> -p<Password> 
      • Verify you are getting the sql prompt.
        Note:
        Do not continue with this procedure unless you can access the SQL server from the Linux docker unit.
      • If the connection fails, check that the database exists, privileges have been granted, bind-address has been opened, FW open, etc.

    Continue with the General preparations instructions below.

    Upgrade

    If you are upgrading your SysAid installation, follow the instructions below.

    If you are using MySQL server, make sure that SysAid can connect to the DB:

    Run:

    mysql -u<user> -p<Password>  
    grant all privileges on <DB name>.* to <DB user name>@'%' identified by '<Password>'; 
    flush privileges; 
    

    Instead of granting all IP addresses, you can grant permissions to the docker subnet - usually “172.17.0.%”, but you need to verify it after docker-ce installation (“docker0” interface in “ifconfig”).

    For example:

    grant all privileges on sysaid.* to root@'172.17.0.%' identified by 'Password1';
    Then run:
    flush privileges;

    Follow the instructions in the General Preparations and Install/Update SysAid Server on Docker sections below.

    General preparations

    1. On your Linux machine, copy the following files to the working directory:
      • docker-compose.yml
      • pre_requisites.sh
      • requirements.txt
      • SysAid.py
      • activation.xml (the account’s activation file)
    Note:

    The installer files need to be redownloaded with every version upgrade.

    1. If the unit has an external network connection, the script automatically fetches the needed packages.
    2. For faster and clearer output of the preparation script, run it before the upgrade:
      Ubuntu / Debian: apt-get update -y && apt-get upgrade -y
      CentOS: yum update -y
    3. Give execution permissions by running “chmod +x pre_requisites.sh” on the working directory
    4. Run the preparation script:
      ./pre_requisites.sh - this will install all the required packages
    5. Validate that the script finished successfully. If the script fails, fix the problem and rerun the script.

    Install/update SysAid server on Docker

    1. If you have proxy on this server, see Enable Docker pull with proxy, below.
    2. Copy SysAid.py to server and run it
      1. run: python3 SysAid.py install
      2. Supply all the requested info:
        Command PromptDescription
        please confirm running the configuration tool (Y/n): 

        This step is asking you if you want to configure the installation of SysAid

        enter db kind (localhostDB,remoteDB,dockerDB): 

        Select the DB where is your DB (same computer as SysAid, different computer, inside a docker)

        enter db type (mysql):

        What type of DB you are using

        enter db user [root]: 

        The DB user SysAid will use to connect to the DB

        enter db password: The password of the selected user on the previous step (the password will not be visible while you type)
         please enter DB timezone Select the time zone where the DB is located (please type as shown on the screen, it is case sensitive)
        enter db name [sysaid]: Select the name of the DB where SysAid will be installed
        enter sysaid ip/url [IP]: Select the IP address SysAid will be reachable (the default value will be the internal IP)
        do you want to enable old TLS versions? (y/N):Select if you want to use TLS 1.2 or not
         please enter max memory for SysAid (units: k/m/g, e.g.: 1048576k/1024m/1g) [2g]: Select the amount of RAM you want to allocate to SysAid
        do you want to copy certificate? (Y/n): Select if you want to upload an SSL certificate to SysAid
         do you want to enable http to https redirection? (Y/n): Select if you want to redirect your HTTP port to the HTTPS port

        Please note that this only redirects to HTTPS port 8443 regardless of whatever custom ports are configured.
        please specify a custom http port [8080]: Select HTTP port.

        Note: When you configure a custom port, SysAid docker also listens on the default port (8080). To disable the default port, see the section below.

        please specify a custom https port [8443]: 

        Select HTTPS port

        Note: When you configure a custom port, SysAid docker also listens on the default port (8443). To disable the default port, see the section below.

    1. Verify installation was successful:
      1. Follow installation progress by running:
        docker logs -f sysaid_sysaid_1
      2. When the installation finishes successfully, you should see the line:
        ******** WELCOME TO SYSAID ! **********
    2. Wait a few minutes and check that the SysAid web page is up at:
      http://<IP>:<SysAid port> (IP of the Linux machine with the SysAid docker installation).
    3. At the end of this stage you will have a container running.

      “docker ps” output should look something like this:

      CONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
      1b3552a85356sysaidserver:1.0"/SysAid/SysAid_co..."23 minutes agoUp 23 minutes0.0.0.0:8080->8080/tcpsysaid_sysaid_1
    1. SysAid persistency content can be found on the Linux machine under:
      /opt/sysaid/data
      On this folder we keep the files that need to be kept after stopping SysAid

      SysAid can be stopped and started with the following commands:

      Stop:

      cd/opt/sysaid and run

      docker-compose down

      Start:

      cd/opt/sysaid and run

      docker-compose up -d

    Enable Docker pull with proxy (optional)

    If you have proxy on your Linux server, you need to enable the docker pull via proxy.

    On Ubuntu:

    1. Create a systemd drop-in directory for the docker service:
      mkdir /etc/systemd/system/docker.service.d
    2. Create a file /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
      [Service]
      Environment="HTTP_PROXY=http://<proxy_host>:<proxy_port>/"
      Or, if you are behind an HTTPS proxy server, create a file called /etc/systemd/system/docker.service.d/https-proxy.conf that adds the HTTPS_PROXY environment variable:
      [Service]
      Environment="HTTPS_PROXY=https://<proxy_host>:<proxy_port>/"
    3. Flush changes:
      sudo systemctl daemon-reload
    4. Verify that the configuration has been loaded:
      sudo systemctl show --property Environment docker
      You should see the environment you updated.
    5. Restart Docker:
      sudo systemctl restart docker

    The above instructions were taken from docker official site, and can be found here:

    https://docs.docker.com/engine/admin/systemd/#httphttps-proxy

    Disable default ports (optional)

    Even if you configure a custom port, SysAid docker also listens on the default ports. You can disable this functionality by editing the YML file you extracted before running the installer.

    Important:

    Please note that if you do disable port 8443, HTTP to HTTPS redirection will not work.

    To disable the default ports

    1. Before you run the installer, open the docker-compose.yml file that you extracted.
    2. Remove the lines that mark the default ports that you want to disable.
      GuideInstallLinuxdocker2filesylmfile.png
    3. Save the modified file.

    Security guidelines and instructions to follow:

    If you are hosting SysAid via our installed in-House solution, please make sure you follow the security guidelines below:

    Security guidelines and instructions to follow:

    • Make sure you are installing the latest version of SysAid and are regularly following our website for updates.
    • Make sure the server you are running SysAid on is updated to the latest OS versions and security patches.
    • Make sure access to the Server where SysAid is installed on is accessible only from your local network or VPN and via 2FA
    • Make sure you security controls such as EDR (Endpoint Detection and Response) and WAF installed on your SysAid server like any other application in your network that needs to be
    • It is strongly recommended to block access from the outside world to your SysAid Server, if for business reasons you need access to the server from the outside world make sure to take actions like installing a WAF and other security measures. Consider our Cloud SaaS solution which is secured by following the highest security industry standards.