Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this Articlearticle

Table of Contents
maxLevel2

Install a Snaplex on Linux

This article describes the procedures for installing an on-premise Snaplex in a Linux environment. An on-premise Snaplex is also known as a Groundplex. This document uses the term Groundplex to distinguish this type of Snaplex (on-premise) from other types, such as a Cloudplex or an eXtremeplex, which SnapLogic manages. However, in command syntax and references to the UI, the generic term Snaplex is used.

Groundplex installation covers the following tasks:

  1. Setting up a Groundplex.

  2. Importing a certificate.

For prerequisites, see Requirements for On-premises Snaplexsee Groundplex Deployment Planning

Note
title

Linux-based Groundplex Installation Tips

  • The Linux installer comes bundled with the JRE necessary for this Snaplex. We recommend you use the patch version of Java 11 that is bundled with the installer for your Linux environment.

To update your Snaplex to the Java 11, see Upgrading Your Groundplex to Java 11
  •  

  • Before you begin, learn more about memory configuration for dynamic workloads here.

Setting up a Groundplex

  1. Log into SnapLogic Manager as an Org admin.

  2. Navigate to the project where you want to create your Groundplex,

...

  1. and perform one of the following steps:

    • Click the Snaplex tab, then click 

...

    • (blue star)  to display the Snaplex

...

    • dialog.
      OR

    • Click

...

    • (blue star) to display the Assets drop-down list, then select Snaplex; the Snaplex

...

    • dialog appears.

...

    • Image Added

  1. Enter the required information on the Create Snaplex form. Once completed, the Downloads tab on the Snaplex popup appears. The Downloads tab has links to the installer and configuration files.

  2. Download the RPM

...

  1. or DEB-based installer and configuration files onto a Linux machine, where <filename> is the name of the current installer file and fontconfig and zip are the required dependencies:

    • For CentOS (or Redhat) 6.3 or newer, run the following

...

    • commands:
      $ sudo yum install fontconfig zip
      $

...

    • sudo rpm -i <filename>.rpm

    • For Ubuntu 14.04 or newer, run the following command: 
      $ sudo apt-get install fontconfig zip
      $ sudo dpkg -i <filename>.deb

...


...

  1. After the software is installed, place the downloaded configuration file in the /opt/snaplogic/etc directory and make sure the file name ends with .slpropz. Change the .slpropz file so that snapuser owns it by running the following commands:

    Code Block
    $ sudo chown snapuser:snapuser /opt/snaplogic/etc/myplex.slpropz
    $ sudo chmod 600 /opt/snaplogic/etc/myplex.slpropz
  2. To start the Snaplex service, run:
    $ sudo /opt/snaplogic/bin/jcc.sh start

  3. To verify

...

  1. that the Snaplex has started, visit https://elastic.snaplogic.com/sl/dashboard.html#Health. The newly installed Snaplex node should

...

  1. appear in the list of nodes for the Snaplex.

title
Note

Disable noexec Setting

Some Snaps, such as the SQL Bulk Load Snaps, require write and execute permissions to the /tmp directory. Make sure you disable the noexec setting in the mount used for the /tmp directory. Else, the Snap execution could fail with an error like Failed to map segment from shared object: Operation not permitted. You can also specify a different location as the temporary folder.

title
Info

FeedMaster Installation

Ultra Pipelines required require that you set up a FeedMaster along with the JCC nodes (Java Component Container) nodes in your Groundplex. For instructionsdetails, see Deploying a FeedMaster Node.

Importing a Certificate to SnapLogic JCC nodes

Importing a certificate is not a requirement. However, we recommend that you import a certificate on your Groundplex nodes for any communication over TLS 1.2.

The following scenarios are two examples of where an SSL certificate is required:

  • Example 1 - New Groundplex installation with an SSL proxy. Groundplex nodes must communicate with an SSL proxy, so import the proxy self-signed certificate into the Truststore once at the time of installation.

  • Example 2 - Running a Pipeline where Snaps establish an SSL-encrypted JDBC connection to an endpoint where a Truststore requires the root CA’s certificate. You need to import the root CA’s certificate into the Java Truststore every time the Trustore does not include an endpoint’s CA certificate.

To generate and import a self-signed certificate on all the JCC nodes in the Snaplex:

  1. Obtain the certificate (.pem) file by using SSH.

  2. Import the file by using the following command in the JCC node:

...

  1. Code Block

...

  1. /opt/snaplogic/pkgs/jre1.8.0_45/bin/keytool -import -file <path_to_pem_file_from_step_1> -alias <alias_name_optional> -keystore /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/cacerts -vEnter keystore password: changeit
    Note

    This example is an excerpt from 1.8.0_45; the directory path might vary based on the Java installation directory.

  2. Restart the JCC node process to confirm the import.

  3. Run the following command to list certificates from the CAcerts file:

...

  1. Code Block

...

  1.  /opt/snaplogic/pkgs/jre1.8.0_45/bin/keytool -list --keystore /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/cacerts -v+
Note

The steps to import the certificate to the JCC node can vary based on the certificate format and the OS.

Info
title

Invalid Self-signed certificate

While configuring accounts for various Snap Packs, you might encounter the following error message:

Failed to validate account: Invalid credentials Cause: Could not send Message. (Reason: unable to find valid certification path to requested target; Resolution: Please provide valid credentials.)

If this error occurs, update the CAcert trust store in the SnapLogic JCC nodes to enable a successful TLS (SSL) handshake to the target endpoint.

Find the trust store at /opt/snaplogic/pkgs/java version/lib/security/cacerts, and confirm that every node in the Groundplex has the certificate imported.

Automatically Start and Stop a Groundplex on Linux

You can use either the systemd or init.d utility to start and stop the Snaplex. Procedures for both are included below. The procedures vary depending on which Linux distribution is installed on the Snaplex host.

Starting and Stopping the Groundplex by Using the Linux Systems Call

Use this procedure for Red Hat-like Linux distributions such as Red Hat, Fedora CoreOS, CentOS, and SuSE.

To add the Groundplex Snaplex as a Service:

  1. Log

...

  1. in to the

...

  1. host as a root or sudo user.

  2. Create the startup service file:

    Code Block
    touch /etc/systemd/system/snaplogic.service
  3. Change the permissions on the file:

    Code Block
    chmod 664 /etc/systemd/system/snaplogic.service

    This change provides read and write permissions for the owner and group, and read permission for others.

  4. Open the file with a text editor. For example,

...

  1. using a vim editor:

    Code Block
     vim /etc/systemd/system/snaplogic.service
  2. Add the following text to the file:

    Paste code macro
    [Unit]
    Description=SnapLogic JVM
    After=network.target
    
    [Service]
    Type=forking
    ExecStart=/opt/snaplogic/bin/jcc.sh start
    ExecReload=/opt/snaplogic/bin/jcc.sh restart
    ExecStop=/opt/snaplogic/bin/jcc.sh stop
    
    [Install]
    WantedBy=default.target

  3. Save and exit the file.

  4. Enable the service by running the following command:

    Code Block
     systemctl enable snaplogic.service

    The service will start automatically when the host reboots.

  5. Start the service:

    Code Block
    systemctl start snaplogic.service
  6. To stop the Snaplex as a service,

...

  1. run the following command:

    Code Block
     systemctl disable snaplogic.service

Starting and Stopping the Groundplex by Using the init.d Utility

Use this procedure for Red Hat-like Linux distributions such as Red Hat, Fedora CoreOS, CentOS, and SuSE.

To add the Groundplex as Snaplex as a service:

  1. Login to the Linux machine as root.

  2. Change directories:

    Code Block
    cd /etc/init.d/
  3. Create a softlink to the jcc.sh file: 

    Code Block
    ln -s /opt/snaplogic/bin/jcc.sh snaplex
  4. Add the softlink to chkconfig management:

    Code Block
    chkconfig --add snaplex
Note

We recommend that you reboot the machine to verify if the Snaplex service is restarting automatically on machine reboot. Under some conditions, the symlink resolution might fail when the machine is starting up. In this case, you can change the Snaplex startup script to be a file instead of a symlink. Run the following commands a root user:

Code Block
rm /etc/init.d/snaplex
cp /opt/snaplogic/bin/jcc.sh /etc/init.d/snaplex
echo "export SL_ROOT=/opt/snaplogic" >> /etc/sysconfig/jcc

To delete the Snaplex as a service, remove remove the service from the chkconfig management:

Code Block
chkconfig --del snaplex

...

To add the Snaplex as a Service:

  1. Log in to the Linux machine as root.

  2. Change directories:

    Code Block
    cd /etc/init.d/
  3. Create a soft-link to the jcc.sh file: 

    Code Block
    ln -s /opt/snaplogic/bin/jcc.sh snaplex
  4. Install the service using update-rc.d. For example: 

    Code Block
    sudo update-rc.d snaplex defaults 98 02
    Note
    titleTroubleshooting if the machine reboot fails

    We recommend that you reboot the machine to verify whether the Snaplex service is restarting automatically on machine reboot. Under some conditions, the symlink resolution might fail when the machine is starting up. In this case, you can change the Snaplex startup script to be a file instead of a symlink. Run the following commands a root user:

    Code Block
    rm /etc/init.d/snaplex
    cp /opt/snaplogic/bin/jcc.sh /etc/init.d/snaplex
    echo "export SL_ROOT=/opt/snaplogic" >> /etc/sysconfig/jcc

    On a Debian system, the /etc/sysconfig directory would need to be created if not already present.

  5. To stop the Snaplex as a Service,

...

  1. remove the service from update-rc.d management:

    Code Block
    update-rc.d -f snaplex remove

Manage disk volumes for Groundplex nodes

To address issues that cause disk full errors and to ensure smoother operations of the systems that affect the stability of the Groundplex, you need to have separate mounts on Groundplex nodes. Follow the steps suggested below to create two separate disk volumes on the JCC nodes.

Note

The commands and the steps specified are validated on *nix (RHEL based systems).

  • The JCC nodes are equipped with two separate disk volumes to ensure that the operating system and pipeline execution workspace remain segregated.

    • The JCC is installed in /(root) volume, and the workspace is separated in the bind mounts.

    • The second disk volume is mounted on /workspace, and bind mount directories are created.

      Code Block
      sudo su
      mkdir /workspace
  • Create subdirectories in /workspace and /opt/snaplogic/run directories using the commands specified below:

Code Block
mount /dev/nvme2n1 /dev/workspace  #(replace nvme2n1 with the device name)
mkdir -p /workspace/{fs,broker,tmp}
mkdir -p /opt/snaplogic/run/{fs, broker}
chown -R snapuser:snapuser /workspace && chmod -R 0755 /workspace
  • Create the bind mounts using the commands specified below:

Code Block
mount --bind /workspace/fs /opt/snaplogic/run/fs
mount --bind /workspace/broker /opt/snaplogic/run/broker
mount --bind /workspace/tmp /tmp   

Workspace

Bind Mount

Ownership

Permissions

/workspace/fs

/opt/snaplogic/run/fs

snapuser:snapuser

0775

 /workspace/broker

/opt/snaplogic/run/broker

snapuser:snapuser

0775

/workspace/tmp

/tmp

snapuser:snapuser

0775

...

Info

To ensure that the changes remain in effect after system reboots, it is necessary to create entries in /etc/fstab.

For Example:             

Code Block
/dev/nvme1n1 /workspace xfs noatime 0 0
/workspace/fs /opt/snaplogic/run/fs none bind 0 0
/workspace/broker /opt/snaplogic/run/broker none bind 0 0
/workspace/tmp /tmp none bind 0 0 

Configure Java 11 on Linux

The JRE is bundled with the Snaplex installer. While a Snaplex auto upgrade updates the SnapLogic binaries in the installed Snaplex, the JRE version is not automatically updated. You must manage the JRE versions of your Snaplex.

Info

We recommend installing the latest JRE 11 version available at https://adoptium.net/temurin/releases/?version=11.

To update your JCC nodes to OpenJDK Java 11:

...

  1. Stop the existing JCC node by running the following command:
    $ sudo /opt/snaplogic/bin/jcc.sh stop

  2. Download the new Snaplex installer and install the Groundplex, running the RPM, DEB, or Docker installers as appropriate.

    • For RPM systems, run the following command:

...

    • $ rpm -U snaplogic-snaplex.rpm

    • For DEB systems, run  the following command:

...

    • $ dpkg -i snaplogic-snaplex.deb

    • For Docker, stop the existing container and start a new container using the latest image.

  1. Add the following entry to the /etc/sysconfig/jcc directory. You must create this directory and file if neither are present. 
    export SL_JAVA_HOME=/opt/snaplogic/pkgs/

...

  1. jdk-11.0.

...

  1. 12+

...

  1. 7-jre/

  2. Start the JCC node by running the following command:
    $ sudo /opt/snaplogic/bin/jcc.sh start.

Older Versions of JRE and TLS

JRE versions prior to 11.0.8 have issues connecting to TLS 1.3 endpoints. We recommend using a newer JRE version.

Note

If you are running with 11.0.10 onwards, endpoint connections to TLS 1.0 and 1.1 are disabled by default. We recommend that you update the endpoint to support TLS 1.2 or later, for security.

Renabling Support for Older Versions

If updating the TLS endpoint is not possible, then the Snaplex JRE can be updated to re-enable support for older TLS versions by doing these steps:

  1. Open the jre/conf/security/java.security file in the JRE installation /opt/snaplogic/pkgs folder.

  2. Change the jdk.tls.disabledAlgorithms configuration property by removing TLSv1, TLSv1.1.

  3. Restart the Snaplex to re-enable support for TLS 1.0 and 1.1.

Changing the Installation Folder

If you want to use the/myopt/myroot instead of the /opt/snaplogic as the installation folder and myuser instead of snapuser, do perform the following steps:

  1. Run the following commands after installing the RPM/DEB package:

    1. $ sudo mv /opt/snaplogic /myopt/myroot

    2. $ sudo chown -R myuser /myopt/myroot

  2. Add the following properties in the /etc/sysconfig/jcc file. If this file does not exist, create it.

    1. export SL_USER=myuser

    2. export SL_ROOT=/myopt/myroot

  3. Restart the service with the following command: 
    $ sudo /myopt/myroot/bin/jcc.sh restart

  4. To make a service using init.d, make the /etc/init.d/snaplex file a symlink to the /myopt/myroot/bin/jcc.sh file.

Uninstalling the SnapLogic RPM from your environment

To uninstall the SnapLogic Linux-based package from your environment:

  1. Remove all content from the /etc/snaplogic and /opt/snaplogic folders by running the following commands:

    1. $ rpm -qa | grep snaplogic

    2. $ sudo rpm -e snaplogic-sidekick-4.main_9292-1.x86_64

    3. $ sudo rm -rf /opt/snaplogic

    4. $ sudo rm -rf /etc/snaplogic

  2. Verify that the packages were deleted from the /etc/snaplogic and /opt/snaplogic folders.

Note

Enhanced Encryption Keys

When using Enhanced Account Encryption, the private key for the Org is stored in the /etc/snaplogic directory. We recommend that you also maintain a copy of the private key elsewhere. If the private keys are not available, then Accounts created in SnapLogic cannot be used.

System Limits

Some Linux installations have system ulimit settings that are set to low lower values. This low setting can cause errors when running higher Pipeline pipeline loads on the Groundplex JCC node, such as, java.lang.OutOfMemoryError: unable to create new native thread.

To fix this issue, you need to increase the system limits for the Snapuser user. You can add the following in the /etc/security/limits.conf folder to increase the file and process limits.

...

Code Block
snapuser soft nproc 8192
snapuser hard nproc 65536
snapuser soft nofile 8192
snapuser hard nofile 65536
title
Info

Setting limits for Docker Containers

For Docker deployments, you may not be able to set these limits because of permissions issues with the su – user user. Instead you can set the ulimits using the --ulimit parameter when running the docker run command. The limits described above also apply to the Docker container ulimits.

...

Related content

Video: Installing a Groundplex through a Debian-based Linux Distribution