Property

Description

Example

Docker registry details

IMAGE_REGISTRY_HOST   

Specify the host where the Docker registry is running with the BMC container images. If the images are synchronized to a local Harbor registry, make sure the Harbor registry is set up with HTTPS and set the local repository value to this parameter. 

Important: Do not specify the host path; specify only the host name.

Example:

IMAGE_REGISTRY_HOST=containers.bmc.com

IMAGE_REGISTRY_USERNAME

Specify the username to access the Docker registry.

If you use a local Harbor registry to synchronize with BMC DTR, specify the user name to log in to your local registry.

IMAGE_REGISTRY_USERNAME=abc@bmc.com

Infrastructure details

ENVIRONMENT

Specify the environment type. 

The value of this parameter depends on the kind of setup that you want to create, such as, dev, qa, or production.

Important:

• Do not use prod to indicate the production environment.
• Do not use special characters.
• The value of this parameter is not based on deployment size such as, compact, small, medium or large.

You can use the same environment value while performing the BMC Helix Service Managementinstallation.

ENVIRONMENT=poc

NAMESPACE   

Specify the namespace where you want to install the services.

You must have separate namespaces to install BMC Helix Platform Common Service and BMC Helix Service Management.

NAMESPACE=dark-helmet

LB_HOST     

Specify a URL to create the load balancer host.

ingress uses this URL to access the administration console.

LB_HOST=host-india-app.mydomain.com

LB_PORT     

Specify the port number that the load balancer listens to and accepts the client request.

The default value is 443.

LB_PORT=443

TMS_LB_HOST 

Specify a URL to create the Tenant Management System host.  The value of this parameter is used by the tenant management system ingress.

TMS_LB_HOST=tms-private-poc.mydomain.com

DOMAIN

Specify the URL for domain of the load balancer. This value is used to create a valid base URL for tenants and needs wild card certificate. Having a wild card certificate would help you to create multiple URLs.

DOMAIN=mydomain.bmc.com

MINIO_LB_HOST

Specify a URL to create a  MinIO storage. This value is used by the MinIO ingress.

MINIO_LB_HOST=minio.mydomain.bmc.com

MINIO_API_LB_HOST 

Specify a URL to create a MinIO storage. All the API based operations are performed using this URL. This URL is used to create a  MinIO bucket.
 

MINIO_API_LB_HOST=minio-api.mydomain.bmc.comKIBANA_LB_HOST

Specify a URL to create a Kibana load balancer host.  The ingress uses the value of this parameter. The value of this parameter depends on the self-signed/CA-signed certificate or CA custom certificate. 
 

KIBANA_LB_HOST=kibana-private-poc.mydomain.comCluster details

CLUSTER_TYPE

Cluster type can have values openshift or ocp for OpenShift.

If CLUSTER_TYPE is not set to openshift or ocp then cluster type is treated as kubernetes cluster.

CLUSTER_TYPE=openshift

Tenant details for onboarding

COMPANY_NAME    

Specify the name of the tenant.

The value that you specify is used to create the tenant URL in the following format:
$COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAIN

COMPANY_NAME=purplekite

TENANT_EMAIL    

Specify the email address of the admin user of the primary tenant.

TENANT_EMAIL=abc@bmc.com

TENANT_FIRST_NAME

Specify the first name of the admin user of the primary tenant.

TENANT_FIRST_NAME=Myfirstname

TENANT_LAST_NAME

Specify the last name of the admin user of theprimary tenant.

TENANT_LAST_NAME=Mylastname

TENANT_TYPE

Specify the unique identifier of the tenant.
The COMPANY_NAME value is used as the tenant name. In addition to the tenant name, use the TENANT_TYPE parameter to identify the teant.

TENANT_TYPE=tyrion

COUNTRY

The country name must match the value in the OS locale.

Important

• Add the country name within double quotes. For example:

  "India"

• Do not use abbreviation in country names.

  Click here to view a list of the supported country names.

COUNTRY="United States"

SMTP configuration details

SMTP_HOST     

SMTP host name of IP address accessible from cluster

This parameter is required.

SMTP parameters are required for the emails that are sent to the administrator for tenant activation after the BMC Helix Platform deployment is complete.

All SMTP mail servers are supported.

To use a temporary SMTP server to receive BMC Helix Platform Common Service installation emails, see the knowledge article 000396217 .

SMTP_HOST=mailhost.mycompany.com

SMTP_PORT     

An integer value for the port of the SMTP server. For example. 25

This parameter is required.

SMTP_PORT=25

SMTP_USERNAME 

User name to connect to the SMTP server.

If SMTP_AUTH value is set to NONE, keep the SMTP_USERNAME and SMTP_PASSWORD values blank as shown below:

• SMTP_USERNAME=""
• SMTP_PASSWORD=""

This parameter is required.

SMTP_USERNAME=abc@mycompany.com

SMTP_FROM_EMAIL

A valid email ID for the From address in all emails

This parameter is required.

SMTP_FROM_EMAIL=helix-rd@mycompany.com

SMTP_TLS

The SMTP server TLS. If not in use, leave the parameter blank as shown below:

SMTP_TLS=""

SMTP_TLS=""

SMTP_AUTH_DASHBOARD

The value can be true or false.

SMTP_AUTH_DASHBOARD=true

SMTP_AUTH

One of the following values:

• PLAIN
  This value is case sensitive. If you set the value as PLAIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
• LOGIN
  This value is case sensitive. If you set the value as LOGIN, it is mandatory to set valid values for SMTP_USER and SMTP_PASSWORD.
• NONE
  This value is case sensitive. Use this value when you want to skip SMTP authentication. If you set the value as NONE, set the user name and password values as shown below:
  
  • SMTP_USERNAME=""
  • SMTP_PASSWORD=""

SMTP_AUTH=PLAIN

OPS_GROUP_EMAIL

Specify a valid email address for your organization's operations team. All emails related to tenant activities such as tenant creation, registration, and offboarding are sent to this email address.

Important:
Special characters are not allowed in an email.

OPS_GROUP_EMAIL=ops-grp@mycompany.com

APPROVAL_GROUP_EMAIL

Set a valid email address of the approval group who would approve a new tenant. 

Important:

Special characters are not allowed in an email.

APPROVAL_GROUP_EMAIL=grp-rd@mycompany.com

Storage class details

PG_STORAGE_CLASS            

Storage class used. Usually there is one Storage class configured for all the infra services. Please repeat the same value in that case

PG_STORAGE_CLASS=ceph-block-storage

VMSTORAGE_STORAGE_CLASS

Storage class for VictoriaMetrics. 

VMSTORAGE_STORAGE_CLASS=onprem-storage

VMAGGSTORAGE_STORAGE_CLASS

Storage class for VictoriaMetrics. 

VMAGGSTORAGE_STORAGE_CLASS=onprem-storage

ES_MASTER_STORAGE_CLASSStorage class for Elasticsearch master nodesES_MASTER_STORAGE_CLASS=block-store-classES_DATA_STORAGE_CLASSStorage class for Elasticsearch data nodes.ES_DATA_STORAGE_CLASS=block-store-class

MINIO_STORAGE_CLASS

Storage class for Minio.

MINIO_STORAGE_CLASS=onprem-storage

EFS_STORAGE_CLASSSpecify a storage class for Amazon Elastic File System (EFS). EFS_STORAGE_CLASS=acme-nfs-storageREDIS_HA_GLOBAL_STORAGECLASSStorage class for REDIS.REDIS_HA_GLOBAL_STORAGECLASS=block-store-classKAFKA_STORAGECLASSStorage class for Kafka.KAFKA_STORAGECLASS=block-store-class

ESLOG_MASTER_STORAGE_CLASS

Storage class for Elasticsearch log.ESLOG_MASTER_STORAGE_CLASS=block-store-classESLOG_DATA_STORAGE_CLASSStorage class for Elasticsearch log.ESLOG_DATA_STORAGE_CLASS=block-store-classAIOPS_STORAGE_CLASS

Leave it as blank ""

This parameter is not required for BMC Helix Service Management

AIOPS_STORAGE_CLASS=""OPT_STORAGE_CLASS

Leave it as blank ""

This parameter is not required for BMC Helix Service Management

OPT_STORAGE_CLASS=""SMART_SYSTEM_USERNAME

Leave it as blank ""

This parameter is not required for BMC Helix Service Management

SMART_SYSTEM_USERNAME=""Certificate detailsCUSTOM_CA_SIGNED_CERT_IN_USE

The default value is false.

If you are using a self-signed or custom CA certificate, set the value to true.

For instructions on using a self-signed or custom CA certificates, see  Using self-signed or custom CA certificates .

Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and installation.

CUSTOM_CA_SIGNED_CERT_IN_USE=falseCUSTOM_SERVICEACCOUNT_NAME

Specify the custom service account name. 

Ifyou have cluster admin permissions to create ServiceAccount, Role, RoleBinding, retain the CUSTOM_SERVICEACCOUNT_NAME value as helix-onprem-sa, which is the default value.

If you do not have permissions to create ServiceAccount, Role, RoleBinding, create a serviceaccount and assign it to CUSTOM_SERVICEACCOUNT_NAME by replacing default value of helix-onprem-sa.

• Create a role and rolebinding from the commons/yaml_files/role_rolebinding.yaml file.
• Create a ServiceAccount from the file commons/yaml_files/serviceAccount.yaml file. 
  
• Before you create serviceaccount, role, rolebinding, you must replace _SERVICE_ACCOUNT_ with value of CUSTOM_SERVICEACCOUNT_NAME variable and replace _NAMESPACE_ with value of NAMESPACE variable.

CUSTOM_SERVICEACCOUNT_NAME=helix-onprem-saRSSO_CUSTOM_JAVA_KEYSTORE_IN_USE

If you want to use custom JAVA keystore for RSSO SAML keystore configuration, set variable RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE to true.

Perform the following steps:

1. Set the RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE variable to true.
2. Rename the java keystore file to rsso_custom_java_keystore.
3. Save this file in the commons/certs directory. The path of this file would be: commons/certs/rsso_custom_java_keystore

   The commons/certs/rsso_custom_java_keystore file will be mounted in the RSSO container at the following location: /etc/rsso_custom_java_keystore

The default value is false.

RSSO_CUSTOM_JAVA_KEYSTORE_IN_USE=false Ingress class details

INGRESS_CLASS

Ingress class used while deploying Ingress controller. Change if multiple ingress controllers on cluster.

By default rancher will have nginx.

If you have more than one ingress controllers in your cluster, use INGRESS_CLASS to specify the ingress class name that you want to use.

INGRESS_CLASS=nginx

Binary paths on your system
HELM_BIN

Specify the absolute path of the Helm binary that is supported for the current release.

HELM_BIN=/usr/local/bin/helmKUBECTL_BIN

Specify the absolute path of the kubectl binary that is supported for the current release.

KUBECTL_BIN=/usr/bin/kubectlOpenShift details
OC_BIN

Specify the absolute path of the OpenShift binary.

Important: OC_BIN path should be set if CLUSTER_TYPE is openshift or ocp .

OC_BIN=/usr/local/sbin/ocSecurity context used by infra components
RUN_AS_USER

Set the security context that the infrastructure components must use to enforce security.

Set the correct context for this variable according to the OpenShift namespace.  For example, in OpenShift namespace, run the following command to get the ID range:

oc describe namespace <namespace-name>

Example output: 1000670000

After you run the command look for the following line in the output:
: 1000670000/10000 and copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null: RUN_AS_USER=null

Important: The command and output changes for each namespace.

RUN_AS_USER=nullRUN_AS_GROUP

Set the security context that the infrastructure components must use to enforce security.

Set the correct context for this variable according to the OpenShift namespace.  For example, in OpenShift namespace, run the following command to get the ID range:

oc describe namespace <namespace-name>

Example output: 1000670000

After you run the command look for the following line in the output:
: 1000670000/10000 and copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null: RUN_AS_GROUP=null

Important: The command and output changes for each namespace.

RUN_AS_GROUP=nullFS_GROUP

Set the security context that the infrastructure components must use to enforce security.

Set the correct context for this variable according to the OpenShift namespace. For example, in OpenShift namespace, run the following command to get the ID range:

oc describe namespace <namespace-name>

Example output: 1000670000

After you run the command look for the following line in the output:
: 1000670000/10000 and copy 1000670000 for RUN_AS_USER, RUN_AS_GROUP and FS_GROUP.

Set this parameter only if the value of the CLUSTER_TYPE variable is openshift or ocp.
If the value of the CLUSTER_TYPE variable is kubernetes, set the value of this parameter to null: FS_GROUP=null

Important: The command and output changes for each namespace.

FS_GROUP=null

OPT_FSGROUP

Blank ""

This parameter is not required for BMC Helix Service Management

OPT_FSGROUP=""

ML_FSGROUP

Blank ""

This parameter is not required for BMC Helix Service Management

ML_FSGROUP=""