Introduction
Purpose
This article outlines the prerequisites necessary to setup the virtual machines (VMs) on which you will install the Hyperscience Application and Trainer. It is oriented toward the System Administrators who will perform this task.
After you complete these steps, you can provision the VMs by following steps given in the Technical Installation / Upgrade Instructions.
Scope
This article is valid for both the Hyperscience Application and Trainer, whether you are installing them for the first time or are adding more machines to an existing cluster.
In the most common use case, the following items need to be provisioned and considered as part of the setup for both the application and the trainer VMs:
Containers
Folders
Opening ports
Before you begin…
Prior to preparing the VMs, make sure you review our Infrastructure Overview and Infrastructure Requirements.
Take special note of the Server section, which gives more information about what is supported and required.
If you are planning on installing Hyperscience on multiple VMs, make sure you have the same setup on all of them.
Also, make sure you are either a root user or that you have elevated root-level permissions (i.e., you can execute sudo
commands) on the machines that will be running Hyperscience.
Prerequisites
Containers - Docker/Podman
Depending on the OS of the VM, you need to install either Docker or Podman on each of the machines running Hyperscience. Refer to the official installation documentation for your operating system:
RHEL 7 — Red Hat’s Getting Docker in RHEL 7
RHEL 7 is not supported for v40 and later.
RHEL 8 — Configuring Podman in RHEL 8
Ubuntu — Docker’s Install Docker Engine on Ubuntu
fapolicyd not supported with Podman
The application does not support the use of
fapolicyd
in Podman-based deployments. It does support SELinux, which provides similar security measures.
Folders
Installation folder
You will need to set up a folder on the VMs where the Hyperscience installation bundle will be downloaded and unpacked. We will refer to this folder as the “Hyperscience installation folder.”
Our recommendation is to create it inside /opt/hs
, but you may choose to set it up elsewhere.
To create the folder, run the following command in the shell:
mkdir /opt/hs
Data folder
​​In addition to the installation folder, you need to create a directory where the application will store additional files.
We recommend creating /mnt/hs
and using it as the directory for these files:
mkdir /mnt/hs
Depending on where you set your data folder, this location corresponds to the HS_PATH
environment variable. If you set it according to the recommendation above, record this value to add to the “.env” file when installing the product:
HS_PATH=/mnt/hs/
If
HS_PATH
is not set explicitly, Hyperscience will use the default value of/mnt/hs/
.
File storage
Application VM
If you have chosen to use Network-attached File Storage for your file store (see Hyperscience Infrastructure Prerequisites), you need to create this directory by running the following commands:
# considering HS_PATH=/mnt/hs
mkdir -p /mnt/hs/media
chown 1000:1000 /mnt/hs/media
Then, you need to mount that file storage under the $HS_PATH/media
location on all application VMs.
If you have chosen to use any of the other three storage options (S3 Cloud Storage, Azure Blob Storage, Google Cloud Storage), no additional mounting is required.
Trainer VM
The trainer uses only local folders for file storage
Unlike the application file storage, the trainer must use a local directory called
trainer_media
underHS_PATH
for its file store. Even when using multiple trainers connected to the same environment, each trainer has its own local file storage.
To create the local directory, run the following commands:
mkdir -p /mnt/hs/trainer_media
chown 1000:1000 /mnt/hs/trainer_media
Opening ports
The application’s web user interface will be exposed on port 80 (or port 443 if you are using SSL/TLS), so the respective port must be open in any firewall that may be enabled.
If you need to check settings and open port 80, run:
Ubuntu
sudo ufw status #show the status of the firewall - enabled or disabled
sudo ufw app list #lists the configured, or opened ports by name
sudo ufw allow 80 #enables open service on port 80
sudo ufw reload #reloads configuration after changing rules
RHEL
sudo firewall-cmd --list-all #show currently applied rules
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent #adds exception to allow port 80 to accept traffic
sudo firewall-cmd --reload
If you are using SSL/TLS, replace 80
with 443
in the above commands.
From outside the server, you must be able to receive HTTP replies from our software at <external hostname or IP>:80
or <external hostname or IP>:443
.