8.2 Installing the CDF

This section provides guidance for installing the Container Deployment Foundation (CDF).

NOTE:You can install CDF as a root user or sudo user. However, if you choose to install as a sudo user, you must first configure installation permissions from the root user.

  1. Log in to the master node as the root or sudo user.

  2. Change to the directory where you downloaded the installation files. For information about downloading the installation files, see Section II, Installing CDF and Deploying ESM for Fusion.

    cd <download_directory>/esm-cmd-center-installer-for-fusion-x.x.x.x/installers/cdf-<year>.<month>.<build_number>-<version>

    For example:

    cd opt/esm-cmd-center-installer-for-fusion-x.x.x.x/installers/cdf-2020.02.00120-2.2.0.2

  3. (Conditional) If you are installing CDF on a node where ESM Manager is not installed, use the command:

    ./install -m <metadata_file_path>
--k8s-home <cdf_installer_directory>
--nfs-server <NFS_server_IP_address>
--nfs-folder <NFS_Volume_file_path>
--registry-orgname srg

    For example:

    ./install -m /opt/esm-cmd-center-installer-for-fusion-x.x.x.x/suite_images/arcsight-installer-metadata-x.x.x.x.tar
--k8s-home /opt/arcsight/kubernetes
--nfs-server <NFS_server_IP_address>
--nfs-folder <NFS_Volume_file_path>/itom-vol
--registry-orgname srg

  4. (Conditional) If you are installing CDF on the same machine as ESM Manager, complete the following action:

    If ESM is installed with the default port (8443), add the following command argument to configure the CDF API server port (default 8443) to use a different port:

    --master-api-ssl-port 7443

    For example:

    ./install -m /opt/esm-cmd-center-installer-for-fusion-x.x.x.x/suite_images/arcsight-installer-metadata-x.x.x.x.tar 
--k8s-home /opt/arcsight/kubernetes 
--nfs-server <NFS_server_IP_address> 
--master-api-ssl-port 7443 
--nfs-folder <NFS_Volume_file_path>/itom-vol 
--registry-orgname srg

  5. (Conditional) For high availability, use the following command:

    ./install -m <metadata_file_path>
--k8s-home <NFS_server_IP_address>
--nfs-folder <NFS_Volume_file_path>
--registry-orgname srg 
--ha-virtual-ip <HA_virtual_IP_address>

    For example:

    ./install -m /opt/esm-cmd-center-installer-for-fusion-x.x.x.x/suite_images/arcsight-installer-metadata-x.x.x.x.tar
--k8s-home /opt/arcsight/kubernetes
--nfs-server <NFS_server_IP_address>
--nfs-folder <NFS_Volume_file_path>/itom-vol 
--registry-orgname srg
--ha-virtual-ip <NFS_server_IP_address>

  6. When prompted, specify the administrator password. This password is required to log in to the CDF Management Portal as an administrator.

    The CDF Management Portal enables you to deploy ESM for Fusion and all required software in a cluster.

  7. Change the default CA certificate that is generated during the installation. For steps to change the CA certificate, see Changing the CA of CDF.

    A self-signed CA certificate is generated during the installation of CDF by default. After deploying Fusion, the pods of the deployed products use the certificates generated by the CA on pod startup. If you change the CA certificate after deployment, you will have to uninstall and reinstall all the software. So, we recommend changing the CA certificate before deploying ESM for Fusion.

  8. To deploy ESM for Fusion and all required software, continue with the section Deploying ESM for Fusion.