Hyperscience Virtual Machine Prerequisites

Introduction

Purpose

This article outlines the prerequisites necessary to setup the virtual machines (VMs) on which you will install the Hyperscience Application and Trainer. It is oriented toward the System Administrators who will perform this task.

After you complete these steps, you can provision the VMs by following steps given in the Technical Installation / Upgrade Instructions.

Scope

This article is valid for both the Hyperscience Application and Trainer, whether you are installing them for the first time or are adding more machines to an existing cluster.

In the most common use case, the following items need to be provisioned and considered as part of the setup for both the application and the trainer VMs:

  • Containers

  • Folders

  • Opening ports

Before you begin…

Prior to preparing the VMs, make sure you review our Infrastructure Overview and Infrastructure Requirements.

Take special note of the Server section, which gives more information about what is supported and required.

If you are planning on installing Hyperscience on multiple VMs, make sure you have the same setup on all of them.

Also, make sure you are either a root user or that you have elevated root-level permissions (i.e., you can execute sudo commands) on the machines that will be running Hyperscience.

Prerequisites

Containers - Docker/Podman

Depending on the OS of the VM, you need to install either Docker or Podman on each of the machines running Hyperscience. Refer to the official installation documentation for your operating system:

fapolicyd not supported with Podman

The application does not support the use of fapolicyd in Podman-based deployments. It does support SELinux, which provides similar security measures.

Folders

Installation folder

You will need to set up a folder on the VMs where the Hyperscience installation bundle will be downloaded and unpacked. We will refer to this folder as the “Hyperscience installation folder.”

Our recommendation is to create it inside /opt/hs, but you may choose to set it up elsewhere.

To create the folder, run the following command in the shell:

mkdir /opt/hs

Data folder

​​In addition to the installation folder, you need to create a directory where the application will store additional files.

We recommend creating /mnt/hs and using it as the directory for these files:

mkdir /mnt/hs

Depending on where you set your data folder, this location corresponds to the HS_PATH environment variable. If you set it according to the recommendation above, record this value to add to the “.env” file when installing the product:

HS_PATH=/mnt/hs/

If HS_PATH is not set explicitly, Hyperscience will use the default value of /mnt/hs/.

File storage

Application VM

If you have chosen to use Network-attached File Storage for your file store (see Hyperscience Infrastructure Prerequisites), you need to create this directory by running the following commands:

# considering HS_PATH=/mnt/hs
mkdir -p /mnt/hs/media
chown 1000:1000 /mnt/hs/media

Then, you need to mount that file storage under the $HS_PATH/media location on all application VMs.

If you have chosen to use any of the other three storage options (S3 Cloud Storage, Azure Blob Storage, Google Cloud Storage), no additional mounting is required.

Trainer VM

The trainer uses only local folders for file storage

Unlike the application file storage, the trainer must use a local directory called trainer_media under HS_PATH for its file store. Even when using multiple trainers connected to the same environment, each trainer has its own local file storage.

To create the local directory, run the following commands:

mkdir -p /mnt/hs/trainer_media
chown 1000:1000 /mnt/hs/trainer_media

Opening ports

The application’s web user interface will be exposed on port 80 (or port 443 if you are using SSL/TLS), so the respective port must be open in any firewall that may be enabled.

If you need to check settings and open port 80, run:

Ubuntu

sudo ufw status   #show the status of the firewall - enabled or disabled
sudo ufw app list #lists the configured, or opened ports by name 
sudo ufw allow 80 #enables open service on port 80
sudo ufw reload   #reloads configuration after changing rules

RHEL

sudo firewall-cmd --list-all  #show currently applied rules
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent  #adds exception to allow port 80 to accept traffic
sudo firewall-cmd --reload

If you are using SSL/TLS, replace 80 with 443 in the above commands.

From outside the server, you must be able to receive HTTP replies from our software at <external hostname or IP>:80 or <external hostname or IP>:443.