Skip to content

Privacera Manager Setup

Prerequisites

You can do the install and setup of Privacera Manager only after you have met the prerequisites. If you have not done so, please refer to the Prerequisites section and follow the steps for your cloud provider.

Privacera Manager Setup is required for both Self Managed and PrivaceraCloud Data-plane deployment.

Overview

Privacera provides a command-line utility called Privacera Manager which generates various installation artifacts such as helm charts, terraform and cloud formation templates to install the Privacera components. Privacera Manager consists of a tar ball of various template files, scripts and a docker image.

You will be installing Privacera Manager on the compute instance that you have created as part of the Prerequisites.

Installation Information

Typically, you will be installing Privacera Manager on a compute host that has access to the Internet to be able to download the Privacera Manager software and docker images.

If you are installing in an air gap (without internet access) network, follow these steps first and then continue with the installation.

You will need the following information to install Privacera Manager, obtain these from Privacera Sales Representative:

Information Required

PRIV_MGR_PACKAGE: The format will be https://<domain>/<filepath>/<file.tar.gz>

PRIV_MGR_IMAGE: The format will be <PRIVACERA_HUB_HOST>/privacera-manager:<PRIV_MGR_IMAGE_TAG>

PRIVACERA_HUB_USER: Privacera Docker hub registry username

PRIVACERA_HUB_PASSWORD: Privacera Docker hub registry password

You will need the following information to install Privacera Manager in an air gap (no Internet access) network. Obtain these from Air gap Installation:

Information Required

AIRGAP_PRIV_MGR_IMAGE: The format will be <PRIVACERA_HUB_HOST>/privacera-manager:<PRIV_MGR_IMAGE_TAG>

AIRGAP_HUB_USER: Privacera Docker hub registry username

AIRGAP_HUB_PASSWORD: Privacera Docker hub registry password

Setup the environment variables

Info

These shell variables are used while downloading and installing the packages. They don't need to be added to your login profile as they are not needed after running commands on this page. You need these shell variables for all the commands on this page.

On the compute instance where you want to install Privacera Manager, perform the following steps:

Set the following temporary shell variables with the information provided to you by the Privacera sales representative.

Bash
1
2
PRIV_MGR_IMAGE=<PLEASE_CHANGE>
PRIV_MGR_PACKAGE=<PLEASE_CHANGE>

After setting the above variables, run the following code in your shell to initialize these variables.

Bash
1
2
3
PRIVACERA_HUB_HOSTNAME=$(echo $PRIV_MGR_IMAGE | awk -F'/' '{print $1}')
PRIV_MGR_IMAGE_TAG=$(echo $PRIV_MGR_IMAGE | awk -F':' '{print $2}')
PRIV_MGR_BASE_URL=${PRIV_MGR_PACKAGE%/privacera-manager.tar.gz}

Update the following shell variables with your air gap docker registry.

Bash
1
AIRGAP_PRIV_MGR_IMAGE=<PLEASE_CHANGE>

After setting the above variables, run the following code in your shell to initialize these variables.

Bash
1
2
3
4
5
6
7
AIRGAP_HUB_HOSTNAME=$(echo $AIRGAP_PRIV_MGR_IMAGE | awk -F'/' '{print $1}')
PRIV_MGR_IMAGE_TAG=$(echo $AIRGAP_PRIV_MGR_IMAGE | awk -F':' '{print $2}')

echo && \
echo "AIRGAP_HUB_HOSTNAME=${AIRGAP_HUB_HOSTNAME}" && \
echo "PRIV_MGR_IMAGE_TAG=${PRIV_MGR_IMAGE_TAG}" && \
echo
Copy the output to a text file to be used in the next section.

Docker login

On the compute instance where you want to install Privacera Manager, perform the following steps:

Log into Privacera docker hub using the username and password provided to you.

Bash
1
2
3
4
docker login $PRIVACERA_HUB_HOSTNAME
# when prompted enter these, 
# Username: $PRIVACERA_HUB_USER
# Password: $PRIVACERA_HUB_PASSWORD

Pull the Privacera Manager docker image from Privacera docker hub.

Bash
1
docker pull $PRIV_MGR_IMAGE

Log into your air-gap docker hub using the username and password provided to you.

Bash
1
2
3
4
docker login $AIRGAP_HUB_HOSTNAME
# when prompted enter these, 
# Username: $AIRGAP_HUB_USER
# Password: $AIRGAP_HUB_PASSWORD

Pull the Privacera Manager docker image from your air gap docker hub.

Bash
1
docker pull $AIRGAP_PRIV_MGR_IMAGE

Download the package

Create folder structure for Privacera Manager and download the software tar ball. Maintain the same folder structure so it is easy to follow the documentation.

Bash
1
mkdir -p ~/privacera/downloads

Run the following commands to download the package,

Bash
1
2
cd ~/privacera/downloads
wget $PRIV_MGR_PACKAGE -O privacera-manager.tar.gz

If you have followed the airgap setup steps then you would be having the privacera-manager.tar.gz in the ~/privacera/privacera-manager folder.

Extract the package

Extract the tarball in the Privacera folder. From now on you will run all command from ~/privacera/privacera-manager folder.

Bash
1
2
3
# extract the tarball
cd ~/privacera
tar -zxf ~/privacera/downloads/privacera-manager.tar.gz

Create the pm-env.sh script

Create a script called pm-env.sh that has the download URL and Privacera Manager docker image name in it.

Bash
1
2
3
4
5
# create a shell script that is used internally
cd ~/privacera/privacera-manager/config 
echo '#!/bin/bash' > pm-env.sh
echo "export PRIV_MGR_PACKAGE=${PRIV_MGR_PACKAGE}" >> pm-env.sh 
echo "export PRIV_MGR_IMAGE=${PRIV_MGR_IMAGE}" >> pm-env.sh

Create a script called pm-env.sh that has the download URL and Privacera Manager docker image name in it.

Bash
1
2
3
4
5
6
# create a shell script that is used internally
cd ~/privacera/privacera-manager/config 
echo '#!/bin/bash' > pm-env.sh
echo "export PRIV_MGR_PACKAGE=" >> pm-env.sh 
echo "export PRIV_MGR_IMAGE=${AIRGAP_PRIV_MGR_IMAGE}" >> pm-env.sh
echo "export privacera_hub_url=${AIRGAP_HUB_HOSTNAME}" >> pm-env.sh

Name your deployment

Come up with a name for your deployment. This name will be used as a namespace in Kubernetes and will be visible in the Privacera Portal. As such, this name will become part of the service endpoint host names generated by Privacera Manager.

It should be a short user-friendly name that follows these rules:

  • contain at most 63 characters
  • contain only lowercase alphanumeric characters or '-'
  • start with an alpha character
  • end with an alphanumeric character

Some examples are privacera-dev, privacera-prod, privacera-qa, etc.

Run the following commands, where you can name your deployment environment as you like along with the Privacera Manager image tag and download URL base-path.

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
cd ~/privacera/privacera-manager
cp -n config/sample.vars.privacera.yml config/vars.privacera.yml

sed -i \
"s|^PRIVACERA_IMAGE_TAG: .*|PRIVACERA_IMAGE_TAG: \"${PRIV_MGR_IMAGE_TAG}\"|g" \
config/vars.privacera.yml

sed -i \
"s|^PRIVACERA_BASE_DOWNLOAD_URL: .*|PRIVACERA_BASE_DOWNLOAD_URL: \"${PRIV_MGR_BASE_URL}\"|g" \
config/vars.privacera.yml

vi config/vars.privacera.yml

Add or edit the following values in the file.

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Give a short user-friendly name for your installation, 
# - contain at most 63 characters
# - contain only lowercase alphanumeric characters or '-'
# - start with an alphanumeric character
# - end with an alphanumeric character
# It will be visible in Privacera Portal and will be used as a 
# namespace in Kubernetes.
# Examples are `privacera-dev`, `privacera-prod`, `privacera-qa`, etc.
DEPLOYMENT_ENV_NAME: "<DEPLOYMENT_NAME>"

privacera_hub_user: "<PRIVACERA_HUB_USER>"
privacera_hub_password: "<PRIVACERA_HUB_PASSWORD>"

# This should be only the IMAGE_TAG out of HUB_HOST/IMAGE_NAME:IMAGE_TAG
PRIVACERA_IMAGE_TAG: "<PRIV_MGR_IMAGE_TAG>"

# Only the download URL without the file name privacera-manager.tar.gz, 
# example: https://<hostname.domain>/<filepath>
PRIVACERA_BASE_DOWNLOAD_URL: "<PRIV_MGR_BASE_URL>"

# Set the DEPLOYMENT_SIZE which determines the compute, memory and 
# storage requirements.
# You can start with SMALL and then later change to MEDIUM or LARGE 
# based on your requirements.
DEPLOYMENT_SIZE: "SMALL"

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
cd ~/privacera/privacera-manager
cp -n config/sample.vars.privacera.yml config/vars.privacera.yml

sed -i \
"s|^PRIVACERA_IMAGE_TAG: .*|PRIVACERA_IMAGE_TAG: \"${PRIV_MGR_IMAGE_TAG}\"|g" \
config/vars.privacera.yml

sed -i \
"s|^PRIVACERA_BASE_DOWNLOAD_URL: .*|PRIVACERA_BASE_DOWNLOAD_URL: \"\"|g" \
config/vars.privacera.yml

vi config/vars.privacera.yml
Add or edit the following values in the file.
Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Give a short user-friendly name for your installation, 
# - contain at most 63 characters
# - contain only lowercase alphanumeric characters or '-'
# - start with an alphanumeric character
# - end with an alphanumeric character
# It will be visible in Privacera Portal and will be used as a 
# namespace in Kubernetes.
# Examples are `privacera-dev`, `privacera-prod`, `privacera-qa`, etc.
DEPLOYMENT_ENV_NAME: "<DEPLOYMENT_NAME>"

privacera_hub_url: "<AIRGAP_HUB_HOST>"
privacera_hub_user: "<AIRGAP_HUB_USER>"
privacera_hub_password: "<AIRGAP_HUB_PASSWORD>"

# this should be only the IMAGE_TAG out of HUB_HOST/IMAGE_NAME:IMAGE_TAG
PRIVACERA_IMAGE_TAG: "<PRIV_MGR_IMAGE_TAG>"

# only the download URL without the file name privacera-manager.tar.gz, 
# example: https://<domain>/<filepath>
# set it to empty string
PRIVACERA_BASE_DOWNLOAD_URL: ""

# set the DEPLOYMENT_SIZE which determines the compute, memory and storage requirements
# You can start with small and then later change to medium or large based on your requirements
DEPLOYMENT_SIZE: "small"

For more information about the deployment size, you can refer to the Deployment Size section.

Now you are all set to continue with configuring the Privacera Manager.

Exploring Privacera Manager

Privacera Manager consists of two parts - the tar ball containing various template files and scripts, and the docker image containing the Privacera Manager templating software. The privacera-manager.sh script is the driver script and provides the command line interface.

Under ~/privacera/privacera-manager, you will find the following folders of interest

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
# installation folder of Privacera Manager
ls -l ~/privacera/privacera-manager

# Custom config vars folder of Privacera Manager
ls -l ~/privacera/privacera-manager/config/custom-vars

# Sample config vars folder of Privacera Manager
ls -l ~/privacera/privacera-manager/config/sample-vars

# Config SSL folder of Privacera Manager. This is created after your first run.
ls -l ~/privacera/privacera-manager/config/ssl

# Output folder of Privacera Manager. This is created after your first run.
ls -l ~/privacera/privacera-manager/output

# Log folder of Privacera Manager. This is created after your first run.
ls -l ~/privacera/privacera-manager/logs

Comments