Skip to content

Privacera Installation on Cazena

Use Docker Compose to install Privacera Platform to Cazena, along with core components including Apache Ranger.

Prerequisites#

Create a Cazena Cloud Virtual Instance#

Minimum configuration:

  • 8 vCPU, x86_64 Architecture base with 32 GiB memory
  • 128 GiB virtual persistent HD
  • 10 GB network adapter
  • Image must be be installed with a supported version of Linux CentOS
  • The user performing the installation must have full root access
  • If your system doesn't have internet access, arrange with your Privacera sales representative to get the required software and images using an intermediate storage method.

Privacera Configuration Parameters#

Obtain three key values from your Privacera sales representative: the root URL used to download Privadera components, the Privacera version number, and the Ranger version number.

These are expressed as variables in the form ${variable}, in the installation steps.

  • PRIVACERA_BASE_DOWNLOAD_URL: The root URL to use for downloading components.

  • PRIVACERA_IMAGE_TAG: Privacera version number

  • RANGER_IMAGE_TAG: Ranger version number

Installation#

Install Docker#

Install Docker to your target Cazena VM using the instructions from this Docker documentation: Install Docker Engine on CentOS.

Install Docker Compose#

Identify the required version, then download Docker Compose.

DOCKER_COMPOSE_VERSION="1.23.2"
sudo  curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Download Privacera Cloud Package#

Using bash ‘export’, assign the this base download URL to the shell variable PRIVACERA_BASE_DOWNLOAD_URL, as follows:

export PRIVACERA_BASE_DOWNLOAD_URL=${PRIVACERA_BASE_DOWNLOAD_URL}

Download Privacera Components#

Download privacera_cloud.tar.gz from the Privacera Download Center.

export PRIVACERA_BASE_DOWNLOAD_URL=${PRIVACERA_BASE_DOWNLOAD_URL}
mkdir -p ~/privacera
mkdir -p ~/privacera/downloads
cd ~/privacera/downloads
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/privacera_cloud.tar.gz -O privacera_cloud.tar.gz

Extract the Components#

cd ~/privacera
tar xfz ~/privacera/downloads/privacera_cloud.tar.gz

Service Configuration#

Configure Privacera services: Privacera Portal and Data & Log Folder.

Service Data and Log Folder#

MariaDB, ZooKeeper, and Solr require persistent storage in a local file system. Set values ${Full_Path_Data_Folder} and ${Full_Path_Log_Folder} for your local system.

By default, Privacera will use an integrated Solr component. To connect to an existing Solr installation, consult with your Privacera sales representative.

cd ~/privacera/docker
cp sample.env .env
vi .env

Set the following values in the .env. (Data Folder and Log Folder must be expressed as full file paths).

DATA_FOLDER=${Data_Folder}
LOGS_FOLDER=${Log_Folder}

Enable or disable services, as needed for your environment.

Set the following values in the .env file:

  • PRIVACERA_IMAGE_TAG=${PRIVACERA_IMAGE_TAG}

  • RANGER_IMAGE_TAG=${RANGER_IMAGE_TAG}

Start Services#

Docker automatically loads the required images. Once loaded, the images remain available for use. This dependency load will not work if the Docker Image source repository is unavailable due to network access constraints or incorrect authentication. As an alternative, required Docker images can be preloaded. If you are unsure if there are netwoork access constraints, try the ‘Docker Automated Load’ sequence. If that fails, use the ‘Preload Docker Images’ instructions in the section Preload Docker Images.

Docker Automated Load on Service Start#

Log in to Privacera’s Docker rpository. See your Privacera Sales representative for access credentials

docker login hub2.privacera.com

Load required components, initialize databases, and start services. Note that this first start initiates the Image dependency load sequence and may take a few minutes to execute.

cd ~/privacera/docker
./privacera_services start

If all Privacera Docker images loaded and started, go to Verify Portal Access.

Preload Docker Images#

Download Docker Images#

cd ~/privacera/downloads
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/download_setup.sh -O download_setup.sh
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/mariadb.docker.gz -O mariadb.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/privacera.docker.gz -O privacera.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/solr.docker.gz -O solr.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/zookeeper.docker.gz -O zookeeper.docker.gz

Required for Privacera Cloud Access Manager:

wget ${PRIVACERA_BASE_DOWNLOAD_URL}/privacera_dataserver.docker.gz -O privacera_dataserver.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/ranger.docker.gz -O ranger.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/ranger-tagsync.docker.gz -O ranger-tagsync.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/ranger-usersync.docker.gz -O ranger-usersync.docker.gz

Load Docker Images#

If there are network issues, you may need to increase the COMPOSE_HTTP_TIMEOUT value (default is 60 seconds) to allow Docker more time to load components. In the example, it is set to 3600 seconds (1 hour).

set export COMPOSE_HTTP_TIMEOUT=3600
#Go to the folder which contains the docker iamges
cd ~/privacera/downloads
docker load -i mariadb.docker.gz
docker load -i privacera.docker.gz
docker load -i solr.docker.gz
docker load -i zookeeper.docker.gz

Load the Docker required for Privacera Cloud Access Manager.

docker load -i privacera_dataserver.docker.gz
docker load -i ranger.docker.gz
docker load -i ranger-tagsync.docker.gz
docker load -i ranger-usersync.docker.gz

Verify Portal Access#

Ranger Portal#

First sign-on credentials: - username: admin - password: welcome1

${RANGER_ADMIN_HOST}:6080

Change the admin password immediately after you first log in.

Privacera Portal#

First sign-on credentials: - username: padmin - password: padmin

${PRIVACERA_PORTAL_HOST}:6868

Change the admin password immediately after you first log in.

Managing Services#

Restarting Services#

cd ~/privacera/docker
./privacera_services restart

(Optional) Updating Startup Scripts#

To update scripts and default configurations, reset the download URL as needed for your environment.

export PRIVACERA_BASE_DOWNLOAD_URL=${PRIVACERA_BASE_DOWNLOAD_URL}
#Downloaded the cloud package
cd ~/privacera/downloads
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/privacera_cloud.tar.gz -O privacera_cloud.tar.gz
#Extract the cloud package on the server where the applications are installed
cd ~/privacera
tar xfz ~/privacera/downloads/privacera_cloud.tar.gz

(Optional) Updating Privacera Services in Non-HA Env#

ssh to ec2
cd ~/privacera/docker
./privacera_services down
vi ~/privacera/docker/.env
#Change the tag
PRIVACERA_IMAGE_TAG=<TAG>
RANGER_IMAGE_TAG=<TAG>
./privacera_services update
#After update restart all services
./privacera_services start

(Optional) Restarting Privacera Services in a Non-HA Environment#

  1. To restart the Ranger, run the command below.

    cd ~/privacera/docker ./privacera_services restart ranger

  2. To restart the Privacera portal, run the command below.

    cd ~/privacera/docker ./privacera_services restart privacera

  3. To restart the Solr, run the below command.

    cd ~/privacera/docker ./privacera_services restart solr

  4. To restart the Zookeeper, run the command below.​

    cd ~/privacera/docker ./privacera_services restart zookeeper

  5. To restart the Usersync, run the command below.​

    cd ~/privacera/docker ./privacera_services restart usersync

Updating Components - Internet Available#

If the target platform has Internet access, execute the following. (This will stop the applications and get the latest packages from Privacera Docker Repository).

cd ~/privacera/docker
./privacera_services stop
./privacera_services update
./privacera_services restart

Updating Components - Internet Not Available#

If the target platform does not have internet access, copy each Docker image to the target platform and reload Docker before restarting the services.

Reset the download URL as needed for your environment.

export PRIVACERA_BASE_DOWNLOAD_URL=${PRIVACERA_BASE_DOWNLOAD_URL}
mkdir -p ~/privacera/downloads
cd ~/privacera/downloads
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/mariadb.docker.gz -O mariadb.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/privacera_dataserver.docker.gz -O privacera_dataserver.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/ranger.docker.gz -O ranger.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/solr.docker.gz -O solr.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/zookeeper.docker.gz -O zookeeper.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/ranger-tagsync.docker.gz -O ranger-tagsync.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/ranger-usersync.docker.gz -O ranger-usersync.docker.gz
wget ${PRIVACERA_BASE_DOWNLOAD_URL}/privacera.docker.gz -O privacera.docker.gz
docker load -i mariadb.docker.gz
docker load -i privacera_dataserver.docker.gz
docker load -i ranger.docker.gz
docker load -i solr.docker.gz
docker load -i zookeeper.docker.gz
docker load -i ranger-tagsync.docker.gz
docker load -i ranger-usersync.docker.gz
docker load -i privacera.docker.gz
cd ~/privacera/docker
./privacera_services restart

Troubleshooting#

For additional help see: How to Contact Technical Support.

Unable to Connect to Docker#

Problem: Inability to connect to Docker could be due to several different causes.

Solution:

  1. Make sure the user account running Docker is part of the Docker group. Test it by running this command:

    id Ouput: uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal),991(docker)

  2. Make sure the Docker user is in the Docker group.

  3. If the issue persists, exit the shell and log in again.

Unable to Connect to MariaDB#

Problem: When Portal is unable to connect to MariaDB.

[ec2-user@ip-111-22-33-444 portal]$ tail -f privacera.log
  ... 168 common frames omitted
Caused by: org.mariadb.jdbc.internal.util.dao.QueryException: Could not connect: Access denied for user 'privacera'@'111.22.0.1' (using password: YES)
Current charset is US-ASCII. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
  at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.authentication(AbstractConnectProtocol.java:569)
  at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.handleConnectionPhases(AbstractConnectProtocol.java:503)

Solution: Restart Privacera Services.

./privacera_services restart privacera

Startup Issues#

Problem: ERROR: Connect to solr-1:8983 [solr-1/172.18.0.5] failed: Connection refused (Connection refused)

If you get this error during startup, Solr might be taking too long to start.

Solution: Run the start command again.

./privacera_services start

Problem: Console Error “wait-for-it.sh: timeout occurred after waiting 120 seconds for ranger:6080”

This error might occur when you start the Privacera services. Initial setup might take longer than expected or some dependent services might not have started. If you are unable to connect to Ranger Admin using the browser, then you can try restarting all the services or only Ranger.

Solution: Run the commands shown below.

./privacera_services restart ranger
#or
./privacera_services restart

Wget command Not Found#

Problem: If you get an error such as -bash: wget: command not found then check if wget is installed.

wget -V

Solution: Install wget using the command below.

sudo yum install wget

After successful installation, check and verify the version of wget using wget -V command.

Update Heap Memory#

Update the Heap Memory for Ranger#

  • SSH to the cluster.​
cd ~/privacera/docker
  • Update the heap memory in the file below.​
vi ranger/admin/conf/ranger-admin-env-custom.sh
  • Set maximum Java heap size. For example “1g” for 1GB and “512m” for 512MB​
ranger_admin_max_heap_size=${MEMORY_SIZE}
  • Restart the Ranger service.​
./privacera_services restart ranger

Update Heap Memory for Privacera#

  • SSH to the cluster.​
cd ~/privacera/docker
cp privacera/portal/conf/sample.privacera-env-custom.sh privacera/portal/conf/privacera-env-custom.sh
  • Update the heap memory in the file below.
vi privacera/portal/conf/privacera-env-custom.sh
  • Set maximum Java heap size. For example “-Xmx1g” for 1GB and “-Xmx512m” for 512MB.
PRIVACERA_PORTAL_JAVA_MEM=${PORTAL_JAVA_MEM}
  • Restart the Privacera service.
./privacera_services restart privacera