Chapter 3. Installing Discovery containers with the connected installation process
You use the connected installation process when you want to run Discovery from a system that has internet access, also commonly referred to as a connected or online environment. During the Discovery connected installation process, you complete all steps from the system that you intend to use as the Discovery server. You will enter commands to obtain, install, configure the environment for, and start the Discovery containers from the container images on the Red Hat Ecosystem Catalog website.
The connected installation process uses Podman to perform the container installation tasks for the Discovery server and its supporting PostgreSQL database. You will need sudo permissions to install Podman on your system. However, running the Discovery application with sudo
access or as the root
user is not supported.
Prerequisites
- Before you begin, ensure that all hardware, software, and environment prerequisites are installed and configured. For more information about the prerequisites, see Installing prerequisites for Discovery.
Procedure
To install Discovery with the connected installation process, you do the following tasks:
From a single connected system, run a series of commands:
- Access and download the container images.
- Install, configure, and start the Discovery server and database containers.
3.1. Installing the Discovery database and server container images for the connected installation
During the connected installation of the Discovery database and server container images, you obtain the Discovery containers from the container images on the Red Hat Ecosystem Catalog website, configure the containers and configure Discovery, and start the containers.
While you are completing the steps to configure the containers and configure Discovery, you must enter values for a number of environment variables. The example code provided in the following procedure includes example values for these environment variables. All of the environment variable values can be customized to suit the needs of your environment. For example, due to heavy traffic on your network, you might need to set a longer connection timeout than the default provided in the example command. To do so, you would change the value of the -e NETWORK_CONNECT_JOB_TIMEOUT
environment variable.
Included in the environment variables that you set are the Discovery server administrator username, server administrator password, server hostname, and server port. These values can also be changed, and it is possible that security standards at your organization might require that you change them. At a minimum, you should change the password value to align with common security best practices.
The server administrator password must be:
- at least ten characters
- cannot be a word found in the dictionary
- cannot be the previously provided Discovery default passwords
- cannot be numeric only
The values for the username, password, and hostname are set with -e
option for the podman run
command. The value for the port is set with the --publish 9443:443
option for the podman run
command. The following list contains the defaults for these Discovery environment variables:
-
server administrator username:
admin
-
server hostname:
localhost
-
server port:
9443
Note any changes to any usernames and passwords in the environment variables in the password management system that is used by your organization. Red Hat does not provide support for lost passwords for Discovery, and Discovery does not offer a method to recover these usernames and passwords.
In addition, if you upgrade Discovery, you must use the same database username and password during the upgrade. The failure to use the same database credentials could result in data loss of previously stored Discovery data.
Prerequisites
- The system on which you are downloading the Discovery container images must be connected to the internet.
- That system must be able to connect to the Red Hat Ecosystem Catalog.
Procedure
To install the Discovery server and database containers with the connected installation process, use the following steps:
Log in to the Red Hat Ecosystem Catalog (the registry.redhat.io website). When prompted, supply your Red Hat Customer Portal account credentials.
$ podman login registry.redhat.io
Create directories for the discovery server.
$ mkdir -p "${HOME}"/.local/share/discovery/data $ mkdir -p "${HOME}"/.local/share/discovery/log $ mkdir -p "${HOME}"/.local/share/discovery/sshkeys
Pull the container images for the Discovery database and server.
$ podman pull registry.redhat.io/rhel9/postgresql-15:latest $ podman pull registry.redhat.io/discovery/discovery-server-rhel9:latest
Run the following command to start and configure the Discovery database container in a new
discovery-pod
pod. This command is shown on multiple lines for readability, but note the continuation characters at the end of each line.ImportantThe following sample command contains the settings for multiple Discovery environment variables. The values of these environment variables can be changed as needed for your environment. In particular, the value for the Discovery server administrator password is used in multiple environment variables in this step and the following step and is shown as a variable because it is strongly recommended that you change this value. As you do this step, preserve any changed values for the environment variables related to usernames and passwords in your password management system. Discovery does not offer a method to recover these usernames and passwords.
$ podman run --name dsc-db \ --pod new:discovery-pod \ --publish 9443:443 \ --restart on-failure \ -e POSTGRESQL_USER=dsc \ -e POSTGRESQL_PASSWORD=server_administrator_password \ -e POSTGRESQL_DATABASE=dsc-db \ -v dsc-data:/var/lib/pgsql/data:z \ -d registry.redhat.io/rhel9/postgresql-15:latest
Run the following command to start and configure the Discovery server container in the
discovery-pod
pod. This command is shown on multiple lines for readability, but note the continuation characters at the end of each line.ImportantThe following sample command contains the settings for multiple Discovery environment variables. The values of these environment variables can be changed as needed for your environment. As in the previous step, the value for the Discovery server administrator password is shown as a variable. As you do this step, preserve any changed values for the environment variables related to usernames and passwords in your password management system. Discovery does not offer a method to recover these usernames and passwords.
$ podman run \ --name discovery \ --restart on-failure \ --pod discovery-pod \ -e DJANGO_DEBUG=False \ -e NETWORK_CONNECT_JOB_TIMEOUT=60 \ -e NETWORK_INSPECT_JOB_TIMEOUT=600 \ -e PRODUCTION=True \ -e QPC_DBMS_HOST=localhost \ -e QPC_DBMS_PASSWORD=server_administrator_password \ -e QPC_DBMS_USER=dsc \ -e QPC_DBMS_DATABASE=dsc-db \ -e QPC_SERVER_PASSWORD=server_administrator_password \ -e QPC_SERVER_TIMEOUT=120 \ -e QPC_SERVER_USERNAME=admin \ -e QPC_SERVER_USER_EMAIL=admin@example.com \ -v "${HOME}"/.local/share/discovery/data/:/var/data:z \ -v "${HOME}"/.local/share/discovery/log/:/var/log:z \ -v "${HOME}"/.local/share/discovery/sshkeys/:/sshkeys:z \ -d registry.redhat.io/discovery/discovery-server-rhel9:latest
Additional resources
- For more information about the optional procedure to install the Discovery command line interface, see Installing the Discovery command line interface.
- For more information about logging in to Discovery, see Accessing the Discovery user interface.