Installing on User-Provided Hosts (Connected and Air-gapped Environments)

Provides the steps for installing HPE Ezmeral Unified Analytics Software on user-provided hosts in connected and air-gapped environments. A user-provided host is a bare metal machine or virtual machine (VM) that meets the installation prerequisites.

HPE Ezmeral Unified Analytics Software supports bare metal and VM installations on AWS, GCP, and Azure. You can install HPE Ezmeral Unified Analytics Software from a laptop or host machine.

Complete the following steps to install HPE Ezmeral Unified Analytics Software on a bare metal machine or virtual machine (VM):
  1. Review the prerequisites and verify that the requirements have been met.
  2. Run the installation script to access the Installer Web UI.
  3. In the Installer Web UI, provide the pertinent information on each of the following screens:
    1. Node Setup
    2. Installation Details
    3. User Authentication Details
    4. Tools & Frameworks
    5. Storage Details
    6. Review
  4. Complete the post-installation steps.

The HPE Ezmeral Unified Analytics Software deployment runs on a Kubernetes cluster. Components within HPE Ezmeral Unified Analytics Software cannot launch until they download their respective container images. How the components download the container images depends on your environment.

The following table describes container downloads in different environments:
Environment Description
Direct connection If the machine is directly connected to the internet (UI accessible), you do not have to provide any proxy settings during installation. However, the firewall settings can prevent the packages from being downloaded.
Proxy connection If the machine is connected to the internet via proxy, you must provide the proxy server information for http, https, and no_proxy during installation
Air-gapped environment The Airgap Utility prerequisite describes the requirements for an air-gapped environment. See Installation Prerequisites.

Prerequisites

See Installation Prerequisites.

Run the Installation Script to Access the Installer Web UI

To run the installation script and open the Installer Web UI, complete the following steps:
  1. Go to the directory where you extracted the installer bundle (HPE_Ezmeral_Unified_Analytics_Installer_S1U85-70034)
    cd S1U85-70034
  2. Run the installation script on a host, but do not run it on the hosts used to deploy HPE Ezmeral Unified Analytics Software. See Installation Prerequisites for details.
    ./start_ezua_installer_ui.sh
    The launcher guides you through the prompts to start the Installer Web UI.
    NOTE
    • If you get a permission denied error, run chmod +x start_ezua*.sh before you run the installation script.
    • If the image is locally available, the container starts right away. If the image is not local, it takes time to download the image. Time for the image to download and start the container UI depends on network speed.
    • If you ran the script on a laptop, you can access the installer UI by connecting to the browser using localhost:8080. If you ran the script on a different node, you can access the installer UI by connecting to the browser using <node-ip-address>:8080. Verify that port 8080 is opened through firewalls from the laptop to the node running the installer.
    • If proxy settings are present in the environment, include the control plane node DNS names of the workload and coordinator clusters in the NO_PROXY list.
  3. On the screen that appears, select one of the options. The HPE Ezmeral Coordinator is the component that orchestrates the deployment of HPE Ezmeral Unified Analytics Software instances.
    Installation Using New HPE Ezmeral Coordinator
    • For first time installation, select this option.
    • When you install with a new HPE Ezmeral Coordinator, you designate the control plane (HPE Ezmeral Coordinator and management cluster nodes) and worker nodes, as described in the following section, Node Setup.
    Installation Using Existing HPE Ezmeral Coordinator
    • If you previously installed HPE Ezmeral Unified Analytics Software, select this option to use the existing HPE Ezmeral Coordinator to create a new HPE Ezmeral Unified Analytics Software cluster.
    • All files in the existing cluster are cleared, except for the kubeconfig file for the HPE Ezmeral Coordinator. You do not have to reconfigure the management cluster or upload the configuration file again.
  4. On the Select your deploy target screen, select Install in the Bare Metal or VM tile.

    The Node Setup screen appears.

Node Setup

Node setup sets up the control plane and worker nodes. You can upload a YAML file or manually configure the nodes through fields in the Installer Web UI. You can also run an installation pre-check script, as described in step 2 of this section.

The following table describes control plane and worker nodes:
Node Type Description Minimum Required Minimum Required for High Availability
Control Plane Enter a comma-separated list of nodes (IP addresses). If you chose to install using a new HPE Ezmeral Coordinator, the first node listed becomes the HPE Ezmeral Coordinator node. This node orchestrates the deployment of HPE Ezmeral Unified Analytics Software instances. The remainder of the nodes in the list serve as the management cluster. Installation Using New HPE Ezmeral Coordinator (First-time installation) 2* 4**
Installation Using Existing HPE Ezmeral Coordinator 1 3
Worker Enter a comma-separated list of nodes (IP addresses). These nodes run the HPE Ezmeral Unified Analytics Software service. Calculate the number of worker nodes based on the VCPUs you enter in step 7. Must be a minimum of 96 VCPUs. The accumulated total VCPU of the worker nodes should match or exceed the number of VCPUs that you enter in step 7.
ATTENTION
If you plan to use GPU nodes as storage capable hosts to meet the vCPU sizing requirements, contact HPE Support.
 3 N/A
* Requires one node for the HPE Ezmeral Coordinator and one node for the workload.

** Requires one node for the HPE Ezmeral Coordinator and three nodes for the workload.

IMPORTANT
  • Either the SSH password or SSH key is required. The SSH pass phrase is optional and only applicable if the SSH key is provided.
  • Wall clock time on the hosts in the deployment must be synchronized.
On the Node Setup screen, complete the following steps:
  1. Upload a YAML file or complete the fields to manually configure the nodes.
    If you upload a YAML file, the system runs a validation check against the file and returns an error message if the file is invalid.
    TIP
    A YAML template file is provided and includes the following fields: 
    controlplanes: "" # comma-separated list of ip values
workers: "" # comma-separated list of ip values
ssh_username: root
ssh_password: ""
ssh_key: "" # base64 encoded string
ssh_passphrase: ""
  2. Click Pre-check to run the installation pre-check script.

    The installation pre-check script runs checks against each of the host machines configured for HPE Ezmeral Unified Analytics Software, including the HPE Ezmeral Coordinator, control plane, and worker hosts. The script also does an aggregated check to verify that the hosts, operating as a cluster, have enough resources to support the installation. If the pre-check script identifies any issues, the system provides detailed messages in the UI, as well as log files for troubleshooting. To view the logs, click View details. Installation cannot resume until the pre-check script runs successfully.

  3. Click Next to proceed to Installation Details.

Installation Details

On the Installation Details screen, complete the following steps:

  1. Complete the following fields:
    Field Description
    Installation Name Enter a unique name for the installation. The installation name must consist of lowercase alphanumeric characters or -. For example, installation-1. This name becomes the name of the cluster namespace. In the future, if you need to add additional hosts to increase resources for applications, you will use this name as the namespace when adding hosts, as described in Expanding the Cluster.
    Domain Name Enter a valid DNS domain name to connect to the cluster via the browser.
    NOTE
    • The HPE Ezmeral Unified Analytics Software cluster domain name cannot be the same as the DNS host domain name.
    • Do not enter your corporate top level domain (TLD) name in this field. If you enter the corporate TLD name, you must set up a wildcard record that points all subdomains of the corporate domain to the HPE Ezmeral Unified Analytics Software ingress gateway hosts.
    • Best practice is to enter a subdomain off the corporate domain. For example, if your corporate domain is company.com, you could enter ezua.company.com as your domain name.
    • As you continue the installation process, you will set up wildcard records for the domain name you enter in this field. The DNS name resolution to those records should work for pods and any member of your organization that needs access to HPE Ezmeral Unified Analytics Software.
    VCPU The number of VCPUs that you enter is determined by the number of worker nodes. Typically, 96 VCPUs translates to three worker nodes, and entering 97 would translate to four worker nodes. If you need to distinguish between cores and VCPUs, for example in cases where hyperthreading is enabled, run the lscpu tool to accurately determine the VCPUs for your hosts.
    High Availability When selected, three controller nodes are enabled. Currently, HA is available for the workload cluster only. The management cluster does not support HA.
    Use GPU See GPU Support.
    Air Gap Environment Select this option when installing in an air-gapped environment (no internet access). If you select Air Gap Environment, you must provide the registry details.
    Registry URL Enter the registry URL. Only required for air-gapped environments, but can also be used for a custom image registry in connected environments. Make sure you add the trailing / at the end of the URL, as shown in the following example: 
    my-registry.mip.storage.mycompany.net/ezua/
    Username Enter the user name for the registry.
    Password Enter the password for the registry.
    Registry Insecure Select this option if the registry is not secure. If the registry is secure, do not select this option.
    CA Certificate Upload the CA certificate. See Working with Certs and the Truststore.
    TLS Certificates
    • Use Self Signed Certificate - Typically only selected for POCs and demos. For production environments, HPE recommends uploading your own certificates (CA certificate and Private Key).
    • CA Certificate - Upload the CA certificate
    • Private Key - Upload the private key.
    • Certificate - Upload additional certificates.
    Proxy Details
    NOTE
    The proxy details apply to the HPE Ezmeral Unified Analytics Software application; they do not apply to the host.
    • HTTP Proxy - Enter the URL for the proxy data center.
    • HTTPS Proxy - Enter the URL for the proxy data center.
    • No Proxy - Each of the hosts in the HPE Ezmeral Unified Analytics Software cluster must have the IP addresses of the coordinator and control plane hosts of the workload cluster in the no_proxy list. Add the FQDN of the master host in the workload cluster OR a comma-separated list of IP addresses or hostnames. Note that some of the IP addresses in the cluster are required to bypass the proxy settings to reach the internal pod/container entities. Use the following string of IP addresses to bypass the proxy settings: 
      10.96.0.0/12,10.224.0.0/16,10.43.0.0/16,\
.external.hpe.local,localhost,.cluster.local,.svc,\
.default.svc,127.0.0.1
      For example, if your domain is ezua.company.com, you would enter the following string for no_proxy: 
      10.96.0.0/12,10.224.0.0/16,10.43.0.0/16,
.external.hpe.local,localhost,.cluster.local,.svc,\
.default.svc,127.0.0.1, ezua.company.com
    • External URL - This field only applies to the workload nodes and is only required if you select HA for the HPE Ezmeral Unified Analytics Software application. If you want HA for the HPE Ezmeral Coordinator, contact HPE Support before you install on the HPE Ezmeral Coordinator node.
  2. Click Next to proceed to User Authentication Details.

User Authentication Details

Connected and air-gapped installations can use internal or external LDAP. Internal LDAP is typically used for POC and demo scenarios. External LDAP is typically used for production environments. To learn about AD/LDAP servers in detail, see AD/LDAP Servers.

To add user authentication details, complete the following steps:
  1. Either select or do not select the option to use an internal LDAP server.
    • If you select the Use Internal LDAP Server option. Provide the following information to create the default Unified Analytics administrative user. This user must be part of your organization and have an organization email, for example bob@company.com.
      • Username
      • Full Name
      • Email
      • Password
    • If you do not select Use Internal LDAP Server, complete the related fields. The user that you enter becomes the default Unified Analytics administrative user. This user must already exist in the AD/LDAP server that you specify.
      List of related fields:
      • Select Active Directory if the LDAP is an Active Directory (ADLDAP)
      • Security Protocol
      • LDAP Server Address
      • Server Port
      • Bind DN
      • Bind Password
      • Search Base DN
      • Trust Store File
      • Trust Store Password
      • Username Attribute
      • Fullname Attribute
      • Email Attribute
        NOTE
        If the admin performing the installation selects the Allow Login By Email Address option, users can sign in using their email address or username; otherwise, users can only sign in with their usernames.

        Even if you do not select the option Allow Login By Email Address, you can still specify an email attribute for users, and their email addresses (if available) will be discovered for display purposes. However, in this scenario, users will not be able to sign in to Unified Analytics using their email address.

      • UID Attribute
      • GID Attribute
      • Group Name
      • Group GID
      • Username of the default admin user
      • Validation options
  2. Click Next to proceed to Tools & Frameworks.

Tools & Frameworks

You do not have to install all of the tools and frameworks packaged with HPE Ezmeral Unified Analytics Software. You have the option of deselecting the following applications:
  • Superset
  • EzPresto
  • Livy
  • Feast
  • MLDE

Deselect the applications that you do not want to install. Any application that you do not install now can be installed later. Note that options related to the uninstalled applications and frameworks will not appear in the Unified Analytics UI. For example, if you do not install EzPresto, the Data Catalog, Query Editor, and Cached Assets options will not appear in the left navigation panel of the Unified Analytics UI. However, if you choose to install EzPresto in the future, these options become available.

Click Next to proceed to Storage Details.

Storage Details

Enter the required information to connect Unified Analytics to a storage platform (primary storage) and object store. Unified Analytics supports HPE Ezmeral Data Fabric for primary storage and HPE Ezmeral Data Fabric, HPE GreenLake for File Storage, MinIO, and AWS S3 for object storage.

For details about how to prepare the HPE Ezmeral Data Fabric cluster to be primary storage for Unified Analytics, see Preparing HPE Ezmeral Data Fabric to be Primary Storage for HPE Ezmeral Unified Analytics Software.

To configure primary and object storage for Unified Analytics, complete the following steps:
  1. In the Data Volumes section, enter the following information:
    Field Description
    Data Source Select Ezmeral Data Fabric
    CLDB Hosts Enter a comma-separated list of CLDB hosts that the HPE Ezmeral Data Fabric administrator provided for the Unified Analytics deployment.
    REST Servers Enter a comma-separted list of REST servers that the HPE Ezmeral Data Fabric administrator provided for the Unified Analytics deployment.
    Tenant Ticket Enter the content of the tenant ticket that the HPE Ezmeral Data Fabric administrator created for the Unified Analytics deployment.
    Username Enter the username for the HPE Ezmeral Data Fabric user that the HPE Ezmeral Data Fabric administrator created for the Unified Analytics deployment.
    Password Enter the password for the HPE Ezmeral Data Fabric user that the HPE Ezmeral Data Fabric administrator created for the Unified Analytics deployment.
    CA Certificate Apply the CA certificate that the HPE Ezmeral Data Fabric administrator obtained from the HPE Ezmeral Data Fabric for the Unified Analytics deployment.
    Mount prefix Enter the mount prefix that the HPE Ezmeral Data Fabric administrator created for the Unified Analytics deployment.
  2. In the Object Store section, enter the following information:
    Field Description
    Object Source Select which object store you want to connect Unified Analytics to. You can connect Unified Analytics to the following object stores:
    • HPE Ezmeral Data Fabric Object Store
    • HPE GreenLake for File Storage
    • MinIO
    • AWS
    End Point Enter the endpoint URL for the object store.
    For secure object stores (https), specify the FQDN in the object store endpoint TLS certificate. For example, if the object store is located at 192.168.0.10 and uses a TLS certificate with the subject name myobjecstore.example.com, you would specify the endpoint as:
    https://myobjecstore.example.com:9000
    Specifying https://192.168.0.10:9000 would cause a connection failure.
    Access Key Enter the access key.

    The access key and secret key must correspond to an IAM account on the object store that has permission to create buckets, read from buckets, and write to buckets on the object store.
    Secret Key Enter the secret key.
    Root Certificate Apply the root certificate.

    You must provide the CA certificate for the object store. Unified Analytics validates the TLS certificate presented by the object store endpoint. If the object storage is within the same primary storage platform, such as HPE Ezmeral Data Fabric and HPE Ezmeral Data Fabric Object Store, use the same CA file that was used for the primary storage.
  3. Click Review to proceed.

Review

On the Review screen, review all the selections and entries you made before you start the Unified Analytics installation process in the cluster. Click the pencil icon to go back to any of the installation screens and make changes. Click Submit when you want to start the installation.

After you click Submit, the installation of components and applications begins. The Installation Status screen displays the installation status of the components and applications as the installation progresses.
IMPORTANT
  • Note the IP addresses on this screen. You need these to complete the post installation steps and update your DNS A and DNS records.
  • If the installation fails at any point, click Download Logs to access the logs files for the HPE Ezmeral Coordinator or Ezmeral Unified Analytics. The Ezmeral Unified Analytics logs include both the infrastructure services and application services logs. Review the log files to troubleshoot the failure. If you cannot resolve the installation failure issue, contact HPE Support.
TIP
  • The first status update shows the progress of the HPE Ezmeral Coordinator. When complete, the Download Kubeconfig button appears on the screen. You can download the kubeconfig for the HPE Ezmeral Coordinator and worker cluster.
  • Clicking Open HPE Ezmeral Unified Analytics Software launches the UI.
  • Clicking Start New Installation installs another instance of HPE Ezmeral Unified Analytics Software.

Post Installation Steps

See Post Installation Steps.