Install on Linux
Server Requirements
Before you start, please note that you can run your Orchestrator instance on the server of your choice, whether on-premises or in a public cloud infrastructure provider such as Azure, AWS, or GCP.
- Operating System:
- Linux: RHEL 8, CentOS 8
- Disk: 10GB (minimum)
- memory: 8GB (minimum)
- typical ports required: 22 (SSH/SCP), 3389 (Windows Remote Desktop), 443, 80
- root or Administrator access (for installation and configuration)
- Maverics Identity Orchestrator runs as user
maverics
undersystemd
(Linux) - Network egress from the Orchestrator host to your chosen cloud identity system
Verify the RPM
Obtain the latest Maverics RPM package. Place the package on the system on which you’d like to install Maverics.
It is a security best practice to verify an RPM before installing it.
Download Strata’s public GPG key:
curl --silent https://ops.strata.io/strata-pub-key.gpg --output strata-pub-key.gpg
Import the key into RPM:
sudo rpm --import strata-pub-key.gpg
Verify the key installation by running:
rpm --query --install gpg-pubkey-ad3f5520-* --queryformat '%{name}-%{version}-%{release} --> %{summary}\n'
Verify the RPM:
rpm --checksig -v maverics.rpm
Install the RPM
To install the Maverics package, run the following command substituting your filename in place of maverics.rpm
.
sudo rpm --upgrade --verbose --file maverics.rpm
By default, the Maverics binary is installed in the /usr/local/bin
directory. The
default maverics.yaml
configuration file is created in the /etc/maverics
directory.
After installing Maverics, it will run as a service under systemd
. To verify the Maverics service is running, run the following command.
sudo systemctl status maverics
If your Orchestrator installed successfully, you should see message similar to this.
Redirecting to /bin/systemctl status maverics.service
● maverics.service - Maverics
Loaded: loaded (/etc/systemd/system/maverics.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-08-13 16:48:01 UTC; 24h ago
Main PID: 330772 (maverics)
Tasks: 5 (limit: 11389)
Memory: 14.0M
CGroup: /system.slice/maverics.service
└─330772 /usr/local/bin/maverics --config /etc/maverics/maverics.yaml
If the Maverics service fails to start, execute the following command to investigate the problem:
journalctl --identifier=maverics --reverse
The most recent log entry will appear at the beginning of the output.
Configuring the Service
Local Configuration File
Create a maverics.yaml
file in the /etc/maverics
directory and add your desired Orchestrator configuration.
To use a configuration file in a different location, or with a different name, use the MAVERICS_CONFIG
environment variable to override the default location. Set this to the full path to your configuration file (e.g. MAVERICS_CONFIG=/opt/orchestrator/custom.yaml
).
Remote Configuration File
See the Remote Configuration & Auto-Reload section on how to configure the Orchestrator for remote shared storage.
Starting the Service
The maverics
service is managed by Systemd using configuration defined in
/etc/systemd/system/maverics.service
. This in turn sources environment
variables from /etc/maverics/maverics.env
.
See the Orchestrator Environment Variables section for environment variables that can be defined in this file.
The service can be started with the following command:
sudo systemctl start maverics
Stopping or Re-starting the Service
To stop the service, use the following command:
sudo systemctl stop maverics
To restart the service, use the following command:
sudo systemctl restart maverics
Installing to different locations
The RPM installer supports the --relocate
option for installing the maverics
binary and configuration to a custom location. For example, to install the binary in opt
and configuration in /home/maverics
:
sudo rpm --upgrade --verbose --file --relocate /usr/local/bin=/opt --relocate /etc/maverics=/home/maverics maverics.rpm
Installing with the --relocate
option creates systemd
service files that correctly reference the custom locations.
Installing with a custom user/group
If you need to run the Orchestrator under a specific user or group, set MAVERICS_USER
and MAVERICS_GROUP
environment variables before the installation. For example:
export MAVERICS_USER=maverics-service-acct
export MAVERICS_GROUP=id_services
sudo --preserve-env rpm --upgrade --verbose --file maverics.rpm
The user and group must already exist before you start the installation, and the variables will need to be set to the same values when you upgrade. If variables are not set, a default maverics
user and group are created and used.
If you see user or group related errors during or after installation, or if a service fails to start with an error such as Failed to start maverics.service: Unit maverics.service has a bad unit file setting.
, uninstall with the command sudo rpm --erase --noscripts maverics
then reinstall with valid user and group names.
Update
If you need to update your Orchestrator instance to use the latest version of the software, follow these steps:
Obtain the latest Maverics RPM package. Place the package on the system where Maverics will be updated.
To update the Maverics package, run the following command substituting your filename in place of maverics.rpm
.
sudo rpm --upgrade --verbose --file maverics.rpm
For users upgrading from Maverics prior to v0.16.0, you will also need to run the following commands:
sudo mv /etc/systemd/system/maverics.service.rpmnew /etc/systemd/system/maverics.service
sudo systemctl daemon-reload
sudo systemctl restart maverics
To verify the maverics service is running, run the following command.
sudo systemctl status maverics
Uninstall
If you need to uninstall your Orchestrator instance from your machine, follow these steps:
To uninstall the Maverics package, run the following command.
sudo rpm --erase maverics
To verify the service does not exist anymore, run the following command.
sudo systemctl status maverics
If your Orchestrator was successfully uninstalled, you should see a message similar to this.
Unit maverics.service could not be found.