Skip to content

Installation using CLI

Before installing, make sure you have downloaded all the required Privacera installation packages. For more information, click here.

Environment Setup

  1. Copy the template configuration file 'sample.vars.privacera.yml' to 'vars.privacera.yml' and modify it for your specific environment.

    cd ~/privacera/privacera-manager
    cp config/sample.vars.privacera.yml config/vars.privacera.yml
    vi config/vars.privacera.yml
    
  2. Edit the properties in the file.

    Property Name Description Example Values
    DEPLOYMENT_ENV_NAME This is the environment name. Specify a value that includes only lowercase alphanumeric characters or dashes (-), starts and ends with an alphanumeric character, and is no longer than 63 characters. privacera-env; privacera-prod; privacera-1
    app_hostname If the Privacera Platform has a fully qualified domain name (FQDN) assign that value, otherwise leave the property commented out. privacera.mycompany.local
    privacera_hub_user

    The hub username access credential, set to the value provided for <PRIVACERA_HUB_USER>.

    Note: For an air-gap install, enter the username of the internal repository URL.

     
    privacera_hub_password

    The hub password access credential, set to the value assigned for <PRIVACERA_HUB_PASSWORD>.

    Note: For an air-gap install, enter the password of the internal repository URL.

     
    PRIVACERA_IMAGE_TAG The image tag, set to the value assigned for <PRIVACERA_IMAGE_TAG>.  
    PRIVACERA_BASE_DOWNLOAD_URL The download URL, set to the value assigned for <PRIVACERA_BASE_DOWNLOAD_URL>.  
    DEPLOYMENT_SIZE

    This is the deployment size. Valid values are SMALL (default), MEDIUM and LARGE.

    For more information on CPU, memory, disk space, etc., for the deployment sizes, click here.

    Note: This is applicable only for a Kubernetes environment.

    SMALL

Configure the deployment mode

To deploy Privacera as Docker containers, simply copy the Docker properties template into custom-vars/ folder.

cd ~/privacera/privacera-manager
cp config/sample-vars/vars.docker.yml config/custom-vars/

To use and create a Kubernetes based deployment, first copy the Kubernetes properties template into the custom-vars/ folder.

cd ~/privacera/privacera-manager
cp config/sample-vars/vars.kubernetes.yml config/custom-vars/

Then edit the 'vars.kubernetes.yml' file and set the value of K8S_CLUSTER_NAME to the name of the target Cluster.

You may use command:

kubectl config get-contexts

The value is displayed under CLUSTER as shown below. Click on the image to view it. The value contains the ARN of the EKS cluster along with the cluster name. Copy the cluster name, and set the value of K8S_CLUSTER_NAME.

Open the YML file.

vi config/custom-vars/vars.kubernetes.yml

Edit the following properties:

#This variables enable Kubernetes related properties
#Note: Please update all mandatory fields. Search for <PLEASE_CHANGE>

K8S_CLUSTER_NAME: "<PLEASE_CHANGE>"

#Name of the deployment. You can use privacera-prod, privacera-stage, etc
K8S_NAMESPACE: "{{DEPLOYMENT_ENV_NAME}}"

#Zones for Storage. For now, only one zone should be given
#K8S_STORAGE_ZONES:
#  - "us-east-1a"

#Default as 1, Recommended value is 32Gi and 3 for CLUSTER SIZE
ZOOKEEPER_K8S_PVC_STORAGE_SIZE: "5Gi"
ZOOKEEPER_CLUSTER_SIZE: 1

#Default as 1, Recommended value is 32Gi and 3 for CLUSTER SIZE
SOLR_K8S_PVC_STORAGE_SIZE: "5Gi"
SOLR_K8S_CLUSTER_SIZE: 1

#If your storage is encrypted, then set the below property
#K8S_PV_ENCRYPTED: "true"
#For AWS, it is ARN with keyId. E.g. arn:aws:kms:us-east-1:<account>:key/<hash>
#K8S_PV_KEY: ""

PRIVACERA_INSTALL_MODE: "kubernetes"

#Uncomment to obtain external loadbalancer. Default values are "false"
#PORTAL_K8S_LOADBALANCER_EXTERNAL: "true"
#SOLR_K8S_LOADBALANCER_EXTERNAL: "true"
#RANGER_K8S_LOADBALANCER_EXTERNAL: "true"
#KAFKA_K8S_LOADBALANCER_EXTERNAL: "true"
#DISCOVERY_K8S_LOADBALANCER_EXTERNAL: "true"

By default, Privacera creates a service account with the name, privacera-sa. The account is bound to a namespace-level Role and RoleBinding, whose default values are privacera-sa-role and privacera-sa-role-bind respectively. If you want to change the default values of these three Kubernetes objects, click here.

For more information about configuring the service account, click here.

Configure the cloud platform

For an AWS cloud environment, copy the sample AWS configuration file to custom-vars/.

cd ~/privacera/privacera-manager/config/
cp sample-vars/vars.aws.yml custom-vars/

Then edit this configuration:

vi custom-vars/vars.aws.yml

Set the property value for AWS_REGION based on where your instance will be running. 

For an Azure environment, copy the sample configuration file to custom-vars/.

cd ~/privacera/privacera-manager/config/
cp sample-vars/vars.azure.yml custom-vars/

For a Google Cloud Platform environment, copy the sample GCP configuration file to custom-vars/.

cd ~/privacera/privacera-manager/config/
cp sample-vars/vars.gcp.yml custom-vars/

Then edit this configuration:

vi custom-vars/vars.gcp.yml

Set the Project ID of your GCP project, this id can be found in the Google Console.

Configure secrets in keystores

Privacera can encrypt secrets used in Privacera services, this allows passwords to be stored safely in keystores, instead of being exposed in plaintext. Note that this does not need to be configured initially to install Privacera Manager, but is necessary for security in a production environment.

Learn more on how to Enable Password Encryption for Privacera Services.

Configure SSL

To secure your connections with Privacera, you can use self-signed or CA signed certificates.

Note these configurations are not required initially to install Privacera Manager, but is necessary for security in a production environment.

Default Privacera services

The following are core services that are installed as part of Privacera Manager. Make configurations to these services as needed based on your environment, click the Configure links below to learn more.

  • Privacera Portal - This is your Privacera dashboard for data access control and policy management across multiple cloud services.
  • Apache Ranger - Apache Ranger is an open-source project for data access governance for Big Data environments.
  • MariaDB - MariaDB is an open source relational database. It is part of most cloud offerings and the default in most Linux distributions.
  • Apache Zookeeper - ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. Configure access to a Zookeeper pod.
  • Apache Solr - Solr is an open source enterprise search platform built on Apache Lucene. Configure Solr Authentication.
  • AuditServer - You can set up an AuditServer to receive audits from Privacera Plugins and Ranger Admin and send those audits to Solr and Fluentd. Configure Solr Destination.

Validations

Before installing Privacera Manager, you can run pre-validation checks to test your service configurations. For more information, see Validations.

Run the Privacera Manager install script

Run the following script to install Privacera Manager. This will initiate the installation process and install all the services based on the defined configurations.

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Access Services

You can access the services - either as Docker 'containers' or Kubernetes 'pods'. Privacera Manager records the URIs for each of the key services. These are written to standard output and will look similar to the following:

Each service provides you with an internal and external URL. To access a Privacera service, use the external URL of the service. For example, to access Privacera Portal, copy its external URL in a browser, and log on with default username/password:  'padmin' / 'padmin'.

http://<app_hostname>:6868 or http://<app_host_ip>:6868

Note: Reset your administrator account ('padmin') password according to your enterprise policy. This password can be changed in the Privacera Portal under "Settings: User Management". See the Privacera Portal User Guide, Settings: User Management for more information.

Next Steps: Privacera component services

Once Privacera Manager is installed you can configure the component services listed below. Each of the services has a set of default and custom configurations. The default configurations are the minimum settings required for the service to run, whereas the custom configurations are the advanced/additional settings of the service to extend its functionality.

  1. Access Manager

  2. Discovery

  3. Encryption and Masking

    Configure a service for encryption and masking: