Using the Interactive Installers to Install or Upgrade to Paragon Insights Release 4.3.0
This topic provides information on how to install and upgrade Paragon Insights.
You can perform an online or offline installation of Paragon Insights.
Online Installation—You need an active internet connection to run an online installation of Paragon Insights. You must download the necessary online package (.deb for Ubuntu or .rpm for CentOS/RedHat) from the Juniper Networks Software Downloads page and install them. You can then proceed to run the
sudo healthbot setupandhealthbot startcommands.Offline Installation—You do not need an active internet connection during offline installation. However, you need an active internet connection to download and install the necessary Paragon Insights package (.deb for Ubuntu or .rpm for CentOS/RedHat) from the Juniper Networks Software Downloads page and install them. After you install the package (.deb or .rpm), you must download the offline install package to the
/var/local/healthbotdirectory and rename the file tohealthbot-offline.tgz. You can then run thesudo healthbot setupandhealthbot startcommands without an active internet connection.
The Paragon Insights (formerly HealthBot) software package is available for download as a Debian (.deb) file for installation on Ubuntu, or a Red Hat Package Manager (.rpm) file for installation on CentOS and Red Hat Enterprise Linux (RHEL).
Before You Begin
You will need the following details for the installation:
Deployment type—Single node or multinode installation. Multinode installations are useful for load distribution and scaling.
SSL certificate and private key—Supply your own key, or have Paragon Insights create one for you.
Host IP address—The server IP address, for SSH and Web UI access.
If you are using Paragon Insights to install a new Kubernetes cluster, ensure that the hostnames of the nodes resolve to the IP addresses of the nodes used in the Kubernetes cluster. You can use DNS to map the hostname to the IP address or add the entries to the local
/etc/hostsfile.If you are installing Paragon Insights into an existing Kubernetes cluster, you need information about the existing Kubernetes cluster:
Docker registry name
The path to a kubeconfig file configured with the existing cluster details
A user account with administrator privileges for the Kubernetes cluster
The following points regarding installation on an existing Kubernetes cluster must be considered:
Paragon Insights has only been qualified with the Calico container network interface (CNI). It should work with other CNI plugins, but has not been tested.
If your Kubernetes cluster uses other CNI plugins, such as Flannel, you might notice long playbook deployment times on some Kubernetes versions. One potential workaround, is to disable transmit (tx) and receive (rx) checksum offloading on VXLAN interfaces. An example of this, using Flannel: ethtool --offload flannel.1 tx off rx off.
For discussions regarding the latency issue, see:
If there are a large number of device groups in Paragon Insights, there is the possibility that some of the Kubernetes pods might not get scheduled if the nodes are saturated by the maximum pods per node limit. By default, this limit is 110 pods per node in most Kubernetes distributions.
As a workaround, you can increase the maximum pods per node setting. Refer to the documentation from your Kubernetes distribution for details on how to modify this setting.
If your CNI plugin is configured with a static IP CIDR block for each node, make sure the number of IP addresses in the block allocated to the node is at least double the size of the maximum pods per node setting.
Additional requirements:
You must have a Juniper.net user account with permissions to download the Paragon Insights software package.
The Paragon Insights server must have access to the Internet during the software extraction process of installation (.deb for Ubuntu or .rpm for CentOS/Red Hat).
Paragon Insights creates a /var/local/healthbot/ directory as part of the installation process. This directory contains
all the Paragon Insights-related files.
Installing Paragon Insights On Ubuntu
The general workflow for installing Paragon Insights on Ubuntu is shown in Figure 1.
For multinode installations, perform the following tasks only on the primary node.
If you are logged in as root or using root privileges, remove
the sudo portion of each command below.
Part 1 - PREPARE
- Ensure that you have at least 60GB of free disk space. We recommend 100GB of free disk space.
- Set the environment variable, HB_EXTRA_MOUNT1, to allow
Paragon Insights to access directories outside of the
/var/local/healthbotdirectory.To set the environment variable:
root@hb_server:/ export HB_EXTRA_MOUNT1=/root/.kube/config - Set the environment variables— HB_IAM_SKIP_MAIL_VERIFICATION
and HB_IAM_DISABLE_SMTP_SETTINGS— as false to enable e-mail
verification of users.
To set the environment variable:
root@hb_server:/ export HB_IAM_SKIP_MAIL_VERIFICATION=falseroot@hb_server:/ export HB_IAM_DISABLE_SMTP_SETTINGS=false - Ensure that the Ubuntu package lists on your host system
are latest.
$ sudo apt-get update - (Optional) Install the
wgetpackage. This tool will be used later to download the Paragon Insights software package. On some installations,wgetis installed by default.$ sudo apt-get install -y wget - Install Docker CE.
The following commands install the latest stable version on x86 machines:
$ sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"$ sudo apt-get update$ sudo apt-get install -y docker-ce docker-ce-cli containerd.ioTo verify that Docker is installed and running:
$ docker run hello-worldTo verify the Docker version installed:
$ docker versionor
$ docker --versionFor more information, see Get Docker CE for Ubuntu and Manage Docker as a Non-root User.
- (Optional) Add your user account to the Docker group.
This is required for a later installation step.
If installing and running with root privileges, this step is not required.
$ sudo usermod -aG docker $USERLog out of the current session, and log back in.
Part 2 - DOWNLOAD
- Download the Paragon Insights package from the Juniper
Networks Software Download page to a temporary
directory (like /var/tmp/) on the server. Note that downloading software
requires a Juniper.net account.
wget -O /<temp-directory>/healthbot-<version>.deb "<URL-from-the-software-download-page>”Note You can also download the Paragon Insights package locally and push it to the server.
Part 3 - INSTALL
- Install the .deb package using the following
format:
$ sudo apt-get install -y /<path-to-deb-file>/healthbot-<version>.debParagon Insights checks that prerequisite software is installed on your host device during this step. If any required software is not found, Paragon Insights will prompt you before installing those missing software packages.
For example:
root@ubuntu:/var/tmp#
$ sudo apt-get install ./healthbot-4.3.0-1.debReading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'healthbot' instead of './healthbot-4.3.0-1.deb' The following NEW packages will be installed: healthbot 0 upgraded, 1 newly installed, 0 to remove and 82 not upgraded. Need to get 0 B/8,418 MB of archives. After this operation, 20.3 GB of additional disk space will be used. Get:1 /homes/sharanyab/healthbot-4.3.0-1.deb healthbot all 4.3.0-1 [8,418 MB] (Reading database ... 142792 files and directories currently installed.) Preparing to unpack .../healthbot-4.3.0-1.deb ... Unpacking healthbot (4.3.0-1) ... Setting up healthbot (4.3.0-1) ...
Note If you see the following error when running the sudo apt-get command, you can ignore it:
“Can't drop privileges for downloading as file '/home/user/healthbot-3.0.0-1.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)”
For more information, see Bug 1543280.
- Download the offline install package that is required for
offline installation from the Juniper Networks Software Downloads page. Once downloaded, change the name of the file
to
healthbot-offline.tgzand place it in the/var/local/healthbotdirectory. - Enter sudo healthbot setup to configure your
installation. You can also use sudo healthbot -v setup to
display more detailed information.
While running the
sudo healthbot setupcommand, you are prompted to answer several questions as part of the setup process. For more information, see Paragon Insights Interactive Installation Prompts.An example of the setup command from a multinode installation:
$ sudo healthbot setup ℹ️ Setting new password for postgres db ℹ️ Please have a look at below messages and acknowledge them to proceed: 1. Paragon Insights free model/freemium license tier is not available in this version. A valid license (trial or commercial) is needed to use Paragon Insights features. 2. The format of license key has been changed due to business reasons in this version. The system may have contained the older format of license keys, which are not valid now. You can log into the Juniper Agile Licensing Portal and choose to revoke the existing license and then re-activate the license to a new software version (that will provide you with a new format license key). This newly activated license can be added to the system post upgrade. 👨 Do you want to proceed? [Y/n] Y ℹ️ Checking disk space 🤔 Validating kernel version 👨 Do you want system to create and use a self-signed SSL certificate? [Y/n] Y [executing ..] openssl req -nodes -x509 -newkey rsa:4096 -keyout /var/local/healthbot/certs/key.pem -out /var/local/healthbot/certs/cert.pem -days 36525 -subj "/C=US/ST=Ca/L=Svl/O=Juniper Networks/OU=Org/CN=localhost" -extensions SAN -reqexts SAN -config /tmp/ssl.conf [executing ..] rm -f /tmp/ssl.conf 📝 Creating /var/local/healthbot/healthbot.conf config file.. ℹ️ Creating docker images. This might take some time... 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Docker images successfully created 🐳 Loading docker images. This may take some time.. 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [13:13<00:00, 15.87s/it] ✅ Docker images successfully loaded ✅ Done making directories ╭────────────────────────────────────╮ │ │ │ Installing new Kubernetes cluster │ │ │ ╰────────────────────────────────────╯ 👨 Enter hostnames/ip address of kubernetes master node(s): 10.221.XX.100 🤔 Validating hostname: 10.221.XX.100 [executing ..] ping 10.221.XX.100 -c 1 👨 Enter comma seperated hostnames/ip addresses of kubernetes worker nodes: 10.221.XX.201,10.221.XX.143,10.221.XX.8 🤔 Validating hostname: 10.221.XX.201 [executing ..] ping 10.221.XX.201 -c 1 🤔 Validating hostname: 10.221.XX.143 [executing ..] ping 10.221.XX.143 -c 1 🤔 Validating hostname: 10.221.XX.8 [executing ..] ping 10.221.XX.8 -c 1 👨 Do you want to run HealthBot services on master node? [Y/n] Y ⚠️ All nodes must be in same subnet. Abort the setup if all the nodes are not within same subnet. 👨 Please enter password for user "root" to connect to the nodes: 👨 Confirm password: ╭──────────────────────────────────────────────────────────────────────────╮ │ │ │ A virtual IP is required to connect to HealthBot services. │ │ If you have multiple interfaces connected to different networks, │ │ specify a virtual IP from each network that you need connectivity from. │ │ │ ╰──────────────────────────────────────────────────────────────────────────╯ 👨 Enter comma separated virtual IP(s): 10.221.XX.28 ℹ️ Using pod CIDR:10.244.XX.0/16 ℹ️ Using service CIDR: 10.96.xx.0/12 ╭───────────────────────────────────────────────────────────────────────────────────╮ │ │ │ Pod CIDR and Service CIDR can be modified using one of the below approaches │ │ Interactive installation : │ │ - Set the environment variables "HB_POD_CIDR" and "HB_SERVICE_CIDR" │ │ - For non-root user, Use 'sudo -E' instead of 'sudo' to use the │ │ existing environment variables │ │ Silent installation : │ │ - Set the "pod_cidr" and "service_cidr" values in "healthbot.conf" file │ │ │ │ Post changing the configuration, stop all the healthbot services and reconfigure │ │ healthbot using "healthbot reconfigure" command. │ │ │ ╰───────────────────────────────────────────────────────────────────────────────────╯ ℹ️ Offline package not found ✅ Created inventory file ✅ All node(s) validated successfully ✅ Installed Kubernetes cluster successfully ✅ Successfully executed post-install tasks on all host(s) ℹ️ Copying /etc/kubernetes/admin.conf directory to /var/local/healthbot/k8s.conf on master.. ℹ️ Finished copying. ℹ️ Patching docker registry: key=, value=, operator=Exists, effect=NoSchedule ℹ️ Patching docker registry: key=healthbot.juniper.net/dedicated, value=tsdb, operator=Equal, effect=NoExecute [executing ..] kubectl label nodes 10.221.XX.100 healthbot.juniper.net/tsdb=10-221-XX-100 --overwrite ✅ Copied helper files to input directory ⌛ Pushing images to registry ✅ Registry is ready 100%|███████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Successfully pushed images to registry ✅ Installation successful. Please run 'healthbot start'
An example of the setup command from a single-node installation:
$ sudo healthbot setup ℹ️ Setting new password for postgres db ℹ️ Please have a look at below messages and acknowledge them to proceed: 1. Paragon Insights free model/freemium license tier is not available in this version. A valid license (trial or commercial) is needed to use Paragon Insights features. 2. The format of license key has been changed due to business reasons in this version. The system may have contained the older format of license keys, which are not valid now. You can log into the Juniper Agile Licensing Portal and choose to revoke the existing license and then re-activate the license to a new software version (that will provide you with a new format license key). This newly activated license can be added to the system post upgrade. 👨 Do you want to proceed? [Y/n] Y ℹ️ Checking disk space 🤔 Validating kernel version 👨 Do you want system to create and use a self-signed SSL certificate? [Y/n] Y [executing ..] openssl req -nodes -x509 -newkey rsa:4096 -keyout /var/local/healthbot/certs/key.pem -out /var/local/healthbot/certs/cert.pem -days 36525 -subj "/C=US/ST=Ca/L=Svl/O=Juniper Networks/OU=Org/CN=localhost" -extensions SAN -reqexts SAN -config /tmp/ssl.conf [executing ..] rm -f /tmp/ssl.conf 📝 Creating /var/local/healthbot/healthbot.conf config file.. ℹ️ Creating docker images. This might take some time... 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Docker images successfully created 🐳 Loading docker images. This may take some time.. 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [13:13<00:00, 15.87s/it] ✅ Docker images successfully loaded ✅ Done making directories ╭────────────────────────────────────╮ │ │ │ Installing new Kubernetes cluster │ │ │ ╰────────────────────────────────────╯ 👨 Enter hostnames/ip address of kubernetes master node(s): 10.xxx.xxx.100 🤔 Validating hostname: 10.xx.xx.100 [executing ..] ping 10.xxx.131.xxx -c 1 👨 Enter comma seperated hostnames/ip addresses of kubernetes worker nodes: 10.xxx.132.201,10.xxx.131.143,10.xxx.130.8 🤔 Validating hostname: 10.xxx.xxx.201 [executing ..] ping 10.221.xxx.201 -c 1 🤔 Validating hostname: 10.xxx.131.143 [executing ..] ping 10.xxx.xxx.xxx -c 1 🤔 Validating hostname: 10.xxx.130.8 [executing ..] ping 10.xxx.xxx.8 -c 1 👨 Do you want to run HealthBot services on master node? [Y/n] Y ⚠️ All nodes must be in same subnet. Abort the setup if all the nodes are not within same subnet. 👨 Please enter password for user "root" to connect to the nodes: 👨 Confirm password: ╭──────────────────────────────────────────────────────────────────────────╮ │ │ │ A virtual IP is required to connect to HealthBot services. │ │ If you have multiple interfaces connected to different networks, │ │ specify a virtual IP from each network that you need connectivity from. │ │ │ ╰──────────────────────────────────────────────────────────────────────────╯ 👨 Enter comma separated virtual IP(s): 10.xx.xx.28 ℹ️ Using pod CIDR: 10.xxx.0.0/16 ℹ️ Using service CIDR: 10.xxx.0.0/12 ╭───────────────────────────────────────────────────────────────────────────────────╮ │ │ │ Pod CIDR and Service CIDR can be modified using one of the below approaches │ │ Interactive installation : │ │ - Set the environment variables "HB_POD_CIDR" and "HB_SERVICE_CIDR" │ │ - For non-root user, Use 'sudo -E' instead of 'sudo' to use the │ │ existing environment variables │ │ Silent installation : │ │ - Set the "pod_cidr" and "service_cidr" values in "healthbot.conf" file │ │ │ │ Post changing the configuration, stop all the healthbot services and reconfigure │ │ healthbot using "healthbot reconfigure" command. │ │ │ ╰───────────────────────────────────────────────────────────────────────────────────╯ ℹ️ Offline package not found ✅ Created inventory file ✅ All node(s) validated successfully ✅ Installed Kubernetes cluster successfully ✅ Successfully executed post-install tasks on all host(s) ℹ️ Copying /etc/kubernetes/admin.conf directory to /var/local/healthbot/k8s.conf on master.. ℹ️ Finished copying. ℹ️ Patching docker registry: key=, value=, operator=Exists, effect=NoSchedule ℹ️ Patching docker registry: key=healthbot.juniper.net/dedicated, value=tsdb, operator=Equal, effect=NoExecute [executing ..] kubectl label nodes 10.xxx.131.100 healthbot.juniper.net/tsdb=10-xxx-131-100 --overwrite ✅ Copied helper files to input directory ⌛ Pushing images to registry ✅ Registry is ready 100%|███████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Successfully pushed images to registry ✅ Installation successful. Please run 'healthbot start'
Paragon Insights installation is now complete. If any errors occurred, they will be listed in the outputs above.
- Enter healthbot start to start Paragon Insights
services including the Web UI.
For example:
$ healthbot start ⌛ Stopping HealthBot ✅ Configured secrets ✅ Generated service manifests ✅ Updated orchestrator details ✅ Successfully started redis ✅ Started configmanager successfully ✅ Successfully published files to config manager ✅ Restarted config manager successfully ✅ Started configmanager successfully ✅ Successfully generated manifest file ✅ Successfully deployed TSDB ✅ Successfully published tsdb manifest files ✅ Started postgres cluster successfully ✅ Successfully updated SNMP engine data ✅ Deployed services successfully ✅ Reconciling load balancer successfully ✅ Started load balancer successfully ✅ Started all services successfully ✅ Created default databases 🚀 UI can be accessed at following URL(s): https://10.xx.xx.17:8080
- Enter healthbot status to verify that the Paragon
Insights services are up and running.
For example:
$ healthbot status Name of service Status ---------------------------------------------------- alerta Up api-server Up argo-server Up auditlog Up config-server Up configmanager Up debugger Up gateway Up grafana Up hb-proxy-syslog Up hbmon Up iam Up inference-engine Up influxdb(10.221.133.53) Up ingest-snmp-proxy Up license-client Up metallb(controller) Up metallb(speaker) Up mgd Up node-exporter Up postgres Up redis(rfr-redis) Up redis(rfs-redis) Up redisoperator Up reports Up tsdb-shim Up udf-farm Up workflow-controller Up
Part 4 - LOG IN
- Open a browser and enter the https://server-IP:8080 URL to access the Paragon Insights UI, where server-IP is the virtual IP address you entered, to connect
to Paragon Insights services, during installation. Log in to the Paragon Insights Web
UI using the credentials: Username: admin, Password: Admin123!. These are
one-time credentials. When you enter them, Paragon Insights prompts
you to change the password and gives instructions about the recommended
length, case changes, and so on.
Note Starting from Paragon Insights Release 4.1.0, username is not case sensitive.
Installing Paragon Insights On CentOS
The general workflow for installing Paragon Insights on CentOS is shown in Figure 2.
For multinode installations, perform the following tasks
only on the primary node. If you are logged in as root or using root
privileges, remove the sudo portion of
each command below.
Part 1 - PREPARE
- This procedure assumes you are installing Paragon Insights
using a non-root user. If this user does not already have sudo privileges, set them now.
$ su Password: <root-pwd> # sudo usermod -aG wheel <non-root-username> <stay logged in as root>
- While logged in as root, set secure_path in
the /etc/sudoers file to include
/usr/local/bin/so that sudo will be able to locate the Paragon Insights script during the healthbot setup step, later in this procedure.# visudo <scroll down to Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin> <type i to enter edit mode> <scroll to end of line and add :/usr/local/bin > <type Esc, then :wq, and press Enter> # exit exit $ <Log out of the current session, and log back in>
- Install the
epel-releaserepository. This is required for installing Python3 and other packages.$ sudo yum install -y epel-release - Install the yum-utils package used for handling repositories
and extending package management.
$ sudo yum install -y yum-utils - Install the wget package. This tool will be used later
to download the Paragon Insights software package.
$ sudo yum install -y wget - Install Docker CE.
$ sudo yum install -y yum-utils \ device-mapper-persistent-data \ lvm2$ sudo yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo$ sudo yum install docker-ce docker-ce-cli containerd.io$ sudo systemctl start docker$ sudo systemctl enable dockerTo verify that Docker is installed and running:
$ sudo docker run hello-worldFor full instructions, see Get Docker CE for CentOS and Manage Docker as a Non-root User.
Part 2 - DOWNLOAD
- Download the Paragon Insights package from the Juniper
Networks Software Download page to a temporary
directory (like /var/tmp) on the server. Note that downloading software
requires a Juniper.net account.
wget -O /<temp-directory>/healthbot-<version>.noarch.rpm "<URL-from-the-software-download-page>”Note You can also download the Paragon Insights package locally and push it to the server.
Part 3 - INSTALL
- Install the .rpm package using the following
format:
$ sudo yum install -y /<path-to-rpm-file>/healthbot-<version>.noarch.rpmParagon Insights checks that prerequisite software is installed on your host device during this step. If any required software is not found, Paragon Insights will prompt you before installing those missing software packages. Paragon Insights uses an Internet connection to download any missing packages.
An example, from CentOS:
$ sudo yum install -y healthbot-4.3-0.1.noarch.rpm Last metadata expiration check: 1:22:13 ago on Tue 23 Nov 2021 03:27:33 PM UTC. Dependencies resolved. ============================================================================================================================= Package Architecture Version Repository Size ============================================================================================================================= Installing: healthbot noarch 4.3-0.1 @commandline 5.3 G Transaction Summary ============================================================================================================================= Install 1 Package Total size: 5.3 G Installed size: 16 G Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet : healthbot-4.3-0.1.noarch 1/1 Installing : healthbot-4.3-0.1.noarch 1/1 Running scriptlet : healthbot-4.3-0.1.noarch 1/1 Verifying : healthbot-4.3-0.1.noarch 1/1 Installed: healthbot-4.3-0.1.noarch 'infra_helm_tiller_image': ["gcr.io/kubernetes-helm/tiller:v2.16.1", "svl-artifactory.juniper.net/healthbot-registry/third_party/k8s/tiller:v2.16.1"], Complete! - Paragon Insights supports offline installation for Kubernetes-based
installations.
Download the offline install package that is required for offline installation from the Juniper Networks Software Downloads page. Once downloaded, change the name of the file to
healthbot-offline.tgzand place it in the/var/local/healthbotdirectory. - Enter sudo healthbot setup to configure your
installation. You can also use sudo healthbot -v setup to
display more detailed information.
While running the
sudo healthbot setupcommand, you are prompted to answer several questions as part of the setup process. For more information, see Paragon Insights Interactive Installation Prompts.An example of the setup command from a multinode installation:
$ sudo healthbot setup ℹ️ Setting new password for postgres db ℹ️ Please have a look at below messages and acknowledge them to proceed: 1. Paragon Insights free model/freemium license tier is not available in this version. A valid license (trial or commercial) is needed to use Paragon Insights features. 2. The format of license key has been changed due to business reasons in this version. The system may have contained the older format of license keys, which are not valid now. You can log into the Juniper Agile Licensing Portal and choose to revoke the existing license and then re-activate the license to a new software version (that will provide you with a new format license key). This newly activated license can be added to the system post upgrade. 👨 Do you want to proceed? [Y/n] Y ℹ️ Checking disk space 🤔 Validating kernel version 👨 Do you want system to create and use a self-signed SSL certificate? [Y/n] Y [executing ..] openssl req -nodes -x509 -newkey rsa:4096 -keyout /var/local/healthbot/certs/key.pem -out /var/local/healthbot/certs/cert.pem -days 36525 -subj "/C=US/ST=Ca/L=Svl/O=Juniper Networks/OU=Org/CN=localhost" -extensions SAN -reqexts SAN -config /tmp/ssl.conf [executing ..] rm -f /tmp/ssl.conf 📝 Creating /var/local/healthbot/healthbot.conf config file.. ℹ️ Creating docker images. This might take some time... 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Docker images successfully created 🐳 Loading docker images. This may take some time.. 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [13:13<00:00, 15.87s/it] ✅ Docker images successfully loaded ✅ Done making directories ╭────────────────────────────────────╮ │ │ │ Installing new Kubernetes cluster │ │ │ ╰────────────────────────────────────╯ 👨 Enter hostnames/ip address of kubernetes master node(s): 10.xxx.xxx.100 🤔 Validating hostname: 10.xxx.131.100 [executing ..] ping 10.XX.XX.100 -c 1 👨 Enter comma seperated hostnames/ip addresses of kubernetes worker nodes: 10.xxx.132.201,10.xxx.131.143,10.xxx.130.8 🤔 Validating hostname: 10.XX.XX.201 [executing ..] ping 10.XX.XX.201 -c 1 🤔 Validating hostname: 10.XX.XX.143 [executing ..] ping 10.XX.XX.143 -c 1 🤔 Validating hostname: 10.XX.XX.8 [executing ..] ping 10.XX.XX.8 -c 1 👨 Do you want to run HealthBot services on master node? [Y/n] Y ⚠️ All nodes must be in same subnet. Abort the setup if all the nodes are not within same subnet. 👨 Please enter password for user "root" to connect to the nodes: 👨 Confirm password: ╭──────────────────────────────────────────────────────────────────────────╮ │ │ │ A virtual IP is required to connect to HealthBot services. │ │ If you have multiple interfaces connected to different networks, │ │ specify a virtual IP from each network that you need connectivity from. │ │ │ ╰──────────────────────────────────────────────────────────────────────────╯ 👨 Enter comma separated virtual IP(s): 10.xx.21.28 ℹ️ Using pod CIDR: 10.244XX.XX/16 ℹ️ Using service CIDR: 10xx.0.0/12 ╭───────────────────────────────────────────────────────────────────────────────────╮ │ │ │ Pod CIDR and Service CIDR can be modified using one of the below approaches │ │ Interactive installation : │ │ - Set the environment variables "HB_POD_CIDR" and "HB_SERVICE_CIDR" │ │ - For non-root user, Use 'sudo -E' instead of 'sudo' to use the │ │ existing environment variables │ │ Silent installation : │ │ - Set the "pod_cidr" and "service_cidr" values in "healthbot.conf" file │ │ │ │ Post changing the configuration, stop all the healthbot services and reconfigure │ │ healthbot using "healthbot reconfigure" command. │ │ │ ╰───────────────────────────────────────────────────────────────────────────────────╯ ℹ️ Offline package not found ✅ Created inventory file ✅ All node(s) validated successfully ✅ Installed Kubernetes cluster successfully ✅ Successfully executed post-install tasks on all host(s) ℹ️ Copying /etc/kubernetes/admin.conf directory to /var/local/healthbot/k8s.conf on master.. ℹ️ Finished copying. ℹ️ Patching docker registry: key=, value=, operator=Exists, effect=NoSchedule ℹ️ Patching docker registry: key=healthbot.juniper.net/dedicated, value=tsdb, operator=Equal, effect=NoExecute [executing ..] kubectl label nodes 10.221.131.100 healthbot.juniper.net/tsdb=10-221-131-100 --overwrite ✅ Copied helper files to input directory ⌛ Pushing images to registry ✅ Registry is ready 100%|███████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Successfully pushed images to registry ✅ Installation successful. Please run 'healthbot start'
An example of the setup command from a single-node installation:
$ sudo healthbot setup ℹ️ Setting new password for postgres db ℹ️ Please have a look at below messages and acknowledge them to proceed: 1. Paragon Insights free model/freemium license tier is not available in this version. A valid license (trial or commercial) is needed to use Paragon Insights features. 2. The format of license key has been changed due to business reasons in this version. The system may have contained the older format of license keys, which are not valid now. You can log into the Juniper Agile Licensing Portal and choose to revoke the existing license and then re-activate the license to a new software version (that will provide you with a new format license key). This newly activated license can be added to the system post upgrade. 👨 Do you want to proceed? [Y/n] Y ℹ️ Checking disk space 🤔 Validating kernel version 👨 Do you want system to create and use a self-signed SSL certificate? [Y/n] Y [executing ..] openssl req -nodes -x509 -newkey rsa:4096 -keyout /var/local/healthbot/certs/key.pem -out /var/local/healthbot/certs/cert.pem -days 36525 -subj "/C=US/ST=Ca/L=Svl/O=Juniper Networks/OU=Org/CN=localhost" -extensions SAN -reqexts SAN -config /tmp/ssl.conf [executing ..] rm -f /tmp/ssl.conf 📝 Creating /var/local/healthbot/healthbot.conf config file.. ℹ️ Creating docker images. This might take some time... 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Docker images successfully created 🐳 Loading docker images. This may take some time.. 100%|█████████████████████████████████████████████████████████████████████████████████████| 50/50 [13:13<00:00, 15.87s/it] ✅ Docker images successfully loaded ✅ Done making directories ╭────────────────────────────────────╮ │ │ │ Installing new Kubernetes cluster │ │ │ ╰────────────────────────────────────╯ 👨 Enter hostnames/ip address of kubernetes master node(s): 10.221.xxx.100 🤔 Validating hostname: 10.xx.xx.100 [executing ..] ping 10.xxx.131.xxx -c 1 👨 Enter comma seperated hostnames/ip addresses of kubernetes worker nodes: 10.xxx.132.201,10.xxx.131.143,10.xxx.130.8 🤔 Validating hostname: 10.xxx.xxx.201 [executing ..] ping 10.221.xxx.201 -c 1 🤔 Validating hostname: 10.xxx.131.143 [executing ..] ping 10.xxx.xxx.xxx -c 1 🤔 Validating hostname: 10.xxx.130.8 [executing ..] ping 10.xxx.xxx.8 -c 1 👨 Do you want to run HealthBot services on master node? [Y/n] Y ⚠️ All nodes must be in same subnet. Abort the setup if all the nodes are not within same subnet. 👨 Please enter password for user "root" to connect to the nodes: 👨 Confirm password: ╭──────────────────────────────────────────────────────────────────────────╮ │ │ │ A virtual IP is required to connect to HealthBot services. │ │ If you have multiple interfaces connected to different networks, │ │ specify a virtual IP from each network that you need connectivity from. │ │ │ ╰──────────────────────────────────────────────────────────────────────────╯ 👨 Enter comma separated virtual IP(s): 10.xx.xx.28 ℹ️ Using pod CIDR: 10.xxx.0.0/16 ℹ️ Using service CIDR: 10.xxx.0.0/12 ╭───────────────────────────────────────────────────────────────────────────────────╮ │ │ │ Pod CIDR and Service CIDR can be modified using one of the below approaches │ │ Interactive installation : │ │ - Set the environment variables "HB_POD_CIDR" and "HB_SERVICE_CIDR" │ │ - For non-root user, Use 'sudo -E' instead of 'sudo' to use the │ │ existing environment variables │ │ Silent installation : │ │ - Set the "pod_cidr" and "service_cidr" values in "healthbot.conf" file │ │ │ │ Post changing the configuration, stop all the healthbot services and reconfigure │ │ healthbot using "healthbot reconfigure" command. │ │ │ ╰───────────────────────────────────────────────────────────────────────────────────╯ ℹ️ Offline package not found ✅ Created inventory file ✅ All node(s) validated successfully ✅ Installed Kubernetes cluster successfully ✅ Successfully executed post-install tasks on all host(s) ℹ️ Copying /etc/kubernetes/admin.conf directory to /var/local/healthbot/k8s.conf on master.. ℹ️ Finished copying. ℹ️ Patching docker registry: key=, value=, operator=Exists, effect=NoSchedule ℹ️ Patching docker registry: key=healthbot.juniper.net/dedicated, value=tsdb, operator=Equal, effect=NoExecute [executing ..] kubectl label nodes 10.xxx.131.100 healthbot.juniper.net/tsdb=10-xxx-131-100 --overwrite ✅ Copied helper files to input directory ⌛ Pushing images to registry ✅ Registry is ready 100%|███████████████████████████████████████████████████████████████████████| 50/50 [03:03<00:00, 3.67s/it] ✅ Successfully pushed images to registry ✅ Installation successful. Please run 'healthbot start'
Paragon Insights installation is now complete. If any errors occurred, they will be listed in the outputs above.
- Enter healthbot start to start Paragon Insights
services including the Web UI.
healthbot startStopping HealthBot Generated service manifests Updated orchestrator details Successfully started redis Started configmanager successfully Successfully published files to config manager Restarted config manager successfully Started configmanager successfully Successfully generated manifest file Successfully deployed TSDB Successfully published tsdb manifest files Started postgres cluster successfully Deployed services successfully Reconciling load balancer successfully Started load balancer successfully Started all services successfully Created default databases UI can be accessed at following URL(s): https://10.xxx.xxx.186:8080
- Enter healthbot status to verify that the Paragon
Insights services are up and running.
For example:
$ healthbot status Name of service Status ---------------------------------------------------- alerta Up api-server Up argo-server Up auditlog Up config-server Up configmanager Up debugger Up gateway Up grafana Up hb-proxy-syslog Up hbmon Up iam Up inference-engine Up influxdb(10.221.133.53) Up ingest-snmp-proxy Up license-client Up metallb(controller) Up metallb(speaker) Up mgd Up node-exporter Up postgres Up redis(rfr-redis) Up redis(rfs-redis) Up redisoperator Up reports Up tsdb-shim Up udf-farm Up workflow-controller Up
- Verify that SELinux is set to
Enforcing. If not, change it toEnforcing..$ getenforce Permissive $ sudo setenforce 1 $ getenforce Enforcing
Part 4 - LOG IN
- Open a browser and enter the https://server-IP:8080 URL to access the Paragon Insights UI, where server-IP is the virtual IP address you entered, to connect
to Paragon Insights services, during installation. Log in to the Paragon
Insights Web UI using the credentials: Username: admin, Password: Admin123!. These are one-time credentials. When you enter them, Paragon Insights
prompts you to change the password and gives instructions about the
recommended length, case changes, and so on.
Note Starting from Paragon Insights Release 4.1.0, username is not case sensitive.