Maverics set up
Install an orchestrator
Install on Linux

Install on Linux

Server Requirements

Before you start, please note that you can run your Orchestrator instance on the server of your choice, whether on-premises or in a public cloud infrastructure provider such as Azure, AWS, or GCP.

  • Operating System:
    • Linux: RHEL 7.7 or higher, CentOS 7
  • Disk: 10GB (minimum)
  • memory: 8GB (minimum)
  • typical ports required: 22 (SSH/SCP), 3389 (Windows Remote Desktop), 443, 80
  • root or Administrator access (for installation and configuration)
  • Maverics Identity Orchestrator runs as user maverics under systemd (Linux)
  • Network egress from the Orchestrator host to your chosen cloud identity system

Verify the RPM

Obtain the latest Maverics RPM package. Place the package on the system on which you’d like to install Maverics.

It is a security best practice to verify an RPM before installing it.

Download Strata’s public GPG key:

curl --silent https://ops.strata.io/strata-pub-key.gpg --output strata-pub-key.gpg

Import the key into RPM:

sudo rpm --import strata-pub-key.gpg

Verify the key installation by running:

rpm --query --install gpg-pubkey-ad3f5520-* --queryformat '%{name}-%{version}-%{release} --> %{summary}\n'

Verify the RPM:

rpm --checksig -v maverics.rpm

Install the RPM

To install the Maverics package, run the following command substituting your filename in place of maverics.rpm.

sudo rpm --upgrade --verbose --file maverics.rpm

By default, the Maverics binary is installed in the /usr/local/bin directory. The default maverics.yaml configuration file is created in the /etc/maverics directory.

After installing Maverics, it will run as a service under systemd. To verify the Maverics service is running, run the following command.

sudo systemctl status maverics

If your Orchestrator installed successfully, you should see message similar to this.

Redirecting to /bin/systemctl status maverics.service
● maverics.service - Maverics
   Loaded: loaded (/etc/systemd/system/maverics.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-08-13 16:48:01 UTC; 24h ago
 Main PID: 330772 (maverics)
    Tasks: 5 (limit: 11389)
   Memory: 14.0M
   CGroup: /system.slice/maverics.service
           └─330772 /usr/local/bin/maverics --config /etc/maverics/maverics.yaml

If the Maverics service fails to start, execute the following command to investigate the problem:

journalctl --identifier=maverics --reverse

The most recent log entry will appear at the beginning of the output.

Configuring the Service

Local Configuration File

Create a maverics.yaml file in the /etc/maverics directory and add your desired Orchestrator configuration.

To use a configuration file in a different location, or with a different name, use the MAVERICS_CONFIG environment variable to override the default location. Set this to the full path to your configuration file (e.g. MAVERICS_CONFIG=/opt/orchestrator/custom.yaml).

Remote Configuration File

See the Remote Configuration & Auto-Reload section on how to configure the Orchestrator for remote shared storage.

Starting the Service

The maverics service is managed by Systemd using configuration defined in /etc/systemd/system/maverics.service. This in turn sources environment variables from /etc/maverics/maverics.env.

See the Orchestrator Environment Variables section for environment variables that can be defined in this file.

Installing to different locations

The RPM installer supports the --relocate option for installing the maverics binary and configuration to a custom location. For example, to install the binary in opt and configuration in /home/maverics:

sudo rpm --upgrade --verbose --file --relocate /usr/local/bin=/opt --relocate /etc/maverics=/home/maverics maverics.rpm

Installing with the --relocate option creates systemd service files that correctly reference the custom locations.

Installing with a custom user/group

If you need to run the Orchestrator under a specific user or group, set MAVERICS_USER and MAVERICS_GROUP environment variables before the installation. For example:

export MAVERICS_USER=maverics-service-acct
export MAVERICS_GROUP=id_services
sudo --preserve-env rpm --upgrade --verbose --file maverics.rpm

The user and group must already exist before you start the installation, and the variables will need to be set to the same values when you upgrade. If variables are not set, a default maverics user and group are created and used.

If you see user or group related errors during or after installation, or if a service fails to start with an error such as Failed to start maverics.service: Unit maverics.service has a bad unit file setting., uninstall with the command sudo rpm --erase --noscripts maverics then reinstall with valid user and group names.

Update

If you need to update your Orchestrator instance to use the latest version of the software, follow these steps:

Obtain the latest Maverics RPM package. Place the package on the system where Maverics will be updated.

To update the Maverics package, run the following command substituting your filename in place of maverics.rpm.

sudo rpm --upgrade --verbose --file maverics.rpm
ℹ️

For users upgrading from Maverics prior to v0.16.0, you will also need to run the following commands:

sudo mv /etc/systemd/system/maverics.service.rpmnew /etc/systemd/system/maverics.service
sudo systemctl daemon-reload
sudo systemctl restart maverics

To verify the maverics service is running, run the following command.

sudo systemctl status maverics

Uninstall

If you need to uninstall your Orchestrator instance from your machine, follow these steps:

To uninstall the Maverics package, run the following command.

sudo rpm --erase maverics

To verify the service does not exist anymore, run the following command.

sudo systemctl status maverics

If your Orchestrator was successfully uninstalled, you should see a message similar to this.

Unit maverics.service could not be found.
Install in DockerInstall on Mac OS