From a467588307438c4a0cf71fef287a0971745e326d Mon Sep 17 00:00:00 2001 From: EMaksy Date: Thu, 16 Oct 2025 16:00:23 +0200 Subject: [PATCH 1/3] Restructure trento install section --- trento/adoc/helm-event-pruning.adoc | 3 +- trento/adoc/trento-ansible-install.adoc | 2 +- trento/adoc/trento-container-install.adoc | 10 +- trento/adoc/trento-install-kubernetes.adoc | 266 +++++++++++++++++++++ trento/adoc/trento-install-server.adoc | 233 +----------------- trento/adoc/trento-requirements.adoc | 4 +- trento/adoc/trento-systemd-install.adoc | 44 ++-- 7 files changed, 302 insertions(+), 260 deletions(-) create mode 100644 trento/adoc/trento-install-kubernetes.adoc diff --git a/trento/adoc/helm-event-pruning.adoc b/trento/adoc/helm-event-pruning.adoc index e29ea50..a29c58d 100644 --- a/trento/adoc/helm-event-pruning.adoc +++ b/trento/adoc/helm-event-pruning.adoc @@ -1,8 +1,7 @@ -include::generic-attributes.adoc[] include::product-attributes.adoc[] [[helm-event-pruning]] -== Configuring event pruning +==== Configuring event pruning :revdate: 2025-05-23 diff --git a/trento/adoc/trento-ansible-install.adoc b/trento/adoc/trento-ansible-install.adoc index f495613..c178515 100644 --- a/trento/adoc/trento-ansible-install.adoc +++ b/trento/adoc/trento-ansible-install.adoc @@ -1,6 +1,6 @@ include::product-attributes.adoc[] -== Automated deployment with Ansible +=== Automated deployment with Ansible :revdate: 2025-08-05 diff --git a/trento/adoc/trento-container-install.adoc b/trento/adoc/trento-container-install.adoc index a12616a..624fbba 100644 --- a/trento/adoc/trento-container-install.adoc +++ b/trento/adoc/trento-container-install.adoc @@ -1,6 +1,6 @@ include::product-attributes.adoc[] -== Containerized deployment +=== Containerized deployment :revdate: 2025-08-05 @@ -11,9 +11,9 @@ Docker containers. Follow the steps in <>, but skip the *Install Trento using RPM packages* step and follow the procedures as described below. -=== Install Trento using Docker +==== Install Trento using Docker -==== Install Docker container runtime +===== Install Docker container runtime . Enable the containers module (replace `15.x` with the correct Service Pack version): + @@ -35,7 +35,7 @@ zypper install docker systemctl enable --now docker ---- -==== Create a dedicated Docker network for Trento +===== Create a dedicated Docker network for Trento . Create the Trento Docker network: + @@ -61,7 +61,7 @@ The output should be similar to this (the exact address may vary): . Open the _/var/lib/pgsql/data/pg_hba.conf_ file for editing and replace `0.0.0.0/0` with the address returned by the command in the previous step. . Restart the PostgreSQL server using the `systemctl restart postgresql` command. -==== Install Trento on Docker +===== Install Trento on Docker . Create secret environment variables: + diff --git a/trento/adoc/trento-install-kubernetes.adoc b/trento/adoc/trento-install-kubernetes.adoc new file mode 100644 index 0000000..69d116f --- /dev/null +++ b/trento/adoc/trento-install-kubernetes.adoc @@ -0,0 +1,266 @@ +include::product-attributes.adoc[] + +[[sec-trento-k8s-deployment]] +=== {k8s} deployment + +The subsection uses the following placeholders: + +* `TRENTO_SERVER_HOSTNAME`: the host name used by the end user to access the console. +* `ADMIN_PASSWORD`: the password of the default user created during the installation process. It must have at least 8 characters. + +[[sec-trento-install-trentoserver-on-existing-k8s-cluster]] +==== Installing {trserver} on an existing {k8s} cluster + +{trserver} consists of a several components delivered as container images and intended for deployment on a {k8s} cluster. A manual production-ready deployment of these components requires {k8s} knowledge. Customers without in-house {k8s} expertise and who want to try {trento} with a minimum of effort, can use the {trento} Helm chart. This approach automates the deployment of all the required components on a single {k8s} cluster node. You can use the {trento} Helm chart to install {trserver} on a existing {k8s} cluster as follows: + +. Install Helm: ++ +==== +[source,bash,subs="attributes"] +---- +curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash +---- +==== ++ +. Connect Helm to an existing {k8s} cluster. +. Use Helm to install {trserver} with the {trento} Helm chart: ++ +==== +[source,bash,subs="attributes"] +---- +helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD +---- +==== ++ +When using a Helm version lower than 3.8.0, an experimental flag must be set as follows: ++ +==== +[source,bash] +---- +HELM_EXPERIMENTAL_OCI=1 helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD +---- +==== ++ +. To verify that the {trserver} installation was successful, open the URL of the {trweb} (`http://TRENTO_SERVER_HOSTNAME`) from a workstation on the {sap} administrator's LAN. + +[[sec-trento-install-trentoserver-on-k3s]] +==== Installing {trserver} on K3s + +If you do not have a {k8s} cluster, or have one but do not want to use it for {trento}, {suse} Rancher's K3s provides an alternative. To deploy {trserver} on K3s, you need a small server or VM (see <> for minimum requirements) and follow steps in <>. + +[IMPORTANT] +==== +The following procedure deploys {trserver} on a single-node K3s cluster. Note that this setup is not recommended for production use. +==== + +[[pro-trento-manually-installing]] +===== Manually installing Trento on a {trserver} host + +. Log in to the {trserver} host. ++ +[[st-install-k3s]] +. Install K3s either as {rootuser} or a non-{rootuser} user. ++ +* Installing as user {rootuser}: ++ +==== +[source,subs="attributes"] +---- +curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true sh +---- +==== ++ +* Installing as a non-{rootuser} user: ++ +==== +[source,bash,subs="attributes"] +---- +curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true sh -s - --write-kubeconfig-mode 644 +---- +==== ++ +[[st-install-helm]] +. Install Helm as {rootuser}. ++ +==== +[source,subs="attributes"] +---- +curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash +---- +==== ++ +. Set the `KUBECONFIG` environment variable for the same user that installed K3s: ++ +==== +[source,bash] +---- +export KUBECONFIG=/etc/rancher/k3s/k3s.yaml +---- +==== ++ +[[st-deploy-k3s]] +. With the same user that installed K3s, install {trserver} using the Helm chart: ++ +==== +[source,bash] +---- +helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD +---- +==== +When using a Helm version lower than 3.8.0, an experimental flag must be set as follows: ++ +==== +[source,bash] +---- +HELM_EXPERIMENTAL_OCI=1 helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD +---- +==== ++ +. Monitor the creation and start-up of the {trserver} pods, and wait until they are ready and running: ++ +==== +[source,bash] +---- +watch kubectl get pods +---- +==== ++ +All pods must be in the ready and running state. ++ +. Log out of the {trserver} host. +. To verify that the {trserver} installation was successful, open the URL of the {trweb} (`http://TRENTO_SERVER_HOSTNAME`) from a workstation on the {sap} administrator's LAN. + +[[sec-trento-deploying-trento-on-selected-nodes]] +==== Deploying {trserver} on selected nodes + +If you use a multi-node {k8s} cluster, it is possible to deploy {trserver} images on selected nodes by specifying the field `nodeSelector` in the helm upgrade command as follows: +==== +[source,bash] +---- +HELM_EXPERIMENTAL_OCI=1 helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD \ + --set prometheus.server.nodeSelector.LABEL=VALUE \ + --set postgresql.primary.nodeSelector.LABEL=VALUE \ + --set trento-web.nodeSelector.LABEL=VALUE \ + --set trento-runner.nodeSelector.LABEL=VALUE +---- +==== + +[[helm-event-pruning]] +==== Configuring event pruning +:revdate: 2025-05-23 + + +The event pruning feature allows administrators to manage how long registered events are stored in the database and how often the expired events are removed. + +The following configuration options are available: + +`pruneEventsOlderThan`:: +The number of days registered events are stored in the database. The default value is *10*. _Keep in mind that `pruneEventsOlderThan` can be set to *0*. However, this deletes all events whenever the cron job runs, making it impossible to analyze and troubleshoot issues with the application_ + +`pruneEventsCronjobSchedule`:: +The frequency of the cron job that deletes expired events. The default value is *"0 0 * * *"*, which runs daily at midnight. + +To modify the default values, execute the following Helm command: + +[source,bash] +---- +helm ... \ + --set trento-web.pruneEventsOlderThan=<> \ + --set trento-web.pruneEventsCronjobSchedule="<>" +---- + +Replace the placeholders with the desired values: + +`EXPIRATION_IN_DAYS`:: +Number of days to retain events in the database before pruning. + +`NEW_SCHEDULE`:: +The cron rule specifying how frequently the pruning job is performed. + +*Example* command to retain events for 30 days and schedule pruning daily at 3 AM: + +[source,bash] +---- +helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD \ + --set trento-web.pruneEventsOlderThan=30 \ + --set trento-web.pruneEventsCronjobSchedule="0 3 * * *" +---- + +[[sec-trento-enabling-email-alerts]] +==== Enabling email alerts + +Email alerting feature notifies the {sap} Basis administrator about important changes in the {sap} Landscape being monitored by {trento}. + +The reported events include the following: + +* Host heartbeat failed +* Cluster health detected critical +* Database health detected critical +* {sap} System health detected critical + +This feature is disabled by default. It can be enabled at installation time or anytime at a later stage. In both cases, the procedure is the same and uses the following placeholders: + +`SMTP_SERVER`:: +The SMTP server designated to send email alerts + +`SMTP_PORT`:: +Port on the SMTP server + +`SMTP_USER`:: +User name to access SMTP server + +`SMTP_PASSWORD`:: +Password to access SMTP server + +`ALERTING_SENDER`:: +Sender email for alert notifications + +`ALERTING_RECIPIENT`:: +Recipient email for alert notifications. + +The command to enable email alerts is as follows: + +[source,bash] +---- +HELM_EXPERIMENTAL_OCI=1 helm upgrade \ + --install trento-server oci://registry.suse.com/trento/trento-server \ + --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ + --set trento-web.adminUser.password=ADMIN_PASSWORD \ + --set trento-web.alerting.enabled=true \ + --set trento-web.alerting.smtpServer=SMTP_SERVER \ + --set trento-web.alerting.smtpPort=SMTP_PORT \ + --set trento-web.alerting.smtpUser=SMTP_USER \ + --set trento-web.alerting.smtpPassword=SMTP_PASSWORD \ + --set trento-web.alerting.sender=ALERTING_SENDER \ + --set trento-web.alerting.recipient=ALERTING_RECIPIENT +---- + +[[sec-trento-enabling-ssl]] +==== Enabling SSL + +Ingress may be used to provide SSL termination for the Web component of {trserver}. This would allow to encrypt the communication from the agent to the server, which is already secured by the corresponding API key. It would also allow HTTPS access to the Web console with trusted certificates. + +Configuration must be done in the tls section of the `values.yaml` file of the chart of the {trserver} Web component. + +For details on the required Ingress setup and configuration, refer to: https://kubernetes.io/docs/concepts/services-networking/ingress/. Particularly, refer to section https://kubernetes.io/docs/concepts/services-networking/ingress/#tls for details on the secret format in the YAML configuration file. + +Additional steps are required on the Agent side. +// toms 2022-09-14: which steps? diff --git a/trento/adoc/trento-install-server.adoc b/trento/adoc/trento-install-server.adoc index 0fa7c69..f6ba28a 100644 --- a/trento/adoc/trento-install-server.adoc +++ b/trento/adoc/trento-install-server.adoc @@ -2,232 +2,9 @@ include::product-attributes.adoc[] [[sec-trento-installing-trentoserver]] == Installing {trserver} -:revdate: 2025-08-05 +:revdate: 2025-10-16 - -[[sec-trento-k8s-deployment]] -=== {k8s} deployment - -The subsection uses the following placeholders: - -* `TRENTO_SERVER_HOSTNAME`: the host name used by the end user to access the console. -* `ADMIN_PASSWORD`: the password of the default user created during the installation process. It must have at least 8 characters. - -[[sec-trento-install-trentoserver-on-existing-k8s-cluster]] -==== Installing {trserver} on an existing {k8s} cluster - -{trserver} consists of a several components delivered as container images and intended for deployment on a {k8s} cluster. A manual production-ready deployment of these components requires {k8s} knowledge. Customers without in-house {k8s} expertise and who want to try {trento} with a minimum of effort, can use the {trento} Helm chart. This approach automates the deployment of all the required components on a single {k8s} cluster node. You can use the {trento} Helm chart to install {trserver} on a existing {k8s} cluster as follows: - -. Install Helm: -+ -==== -[source,bash,subs="attributes"] ----- -curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash ----- -==== -+ -. Connect Helm to an existing {k8s} cluster. -. Use Helm to install {trserver} with the {trento} Helm chart: -+ -==== -[source,bash,subs="attributes"] ----- -helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD ----- -==== -+ -When using a Helm version lower than 3.8.0, an experimental flag must be set as follows: -+ -==== -[source,bash] ----- -HELM_EXPERIMENTAL_OCI=1 helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD ----- -==== -+ -. To verify that the {trserver} installation was successful, open the URL of the {trweb} (`http://TRENTO_SERVER_HOSTNAME`) from a workstation on the {sap} administrator's LAN. - -[[sec-trento-install-trentoserver-on-k3s]] -==== Installing {trserver} on K3s - -If you do not have a {k8s} cluster, or have one but do not want to use it for {trento}, {suse} Rancher's K3s provides an alternative. To deploy {trserver} on K3s, you need a small server or VM (see <> for minimum requirements) and follow steps in <>. - -[IMPORTANT] -==== -The following procedure deploys {trserver} on a single-node K3s cluster. Note that this setup is not recommended for production use. -==== - -[[pro-trento-manually-installing]] -===== Manually installing Trento on a {trserver} host - -. Log in to the {trserver} host. -+ -[[st-install-k3s]] -. Install K3s either as {rootuser} or a non-{rootuser} user. -+ -* Installing as user {rootuser}: -+ -==== -[source,subs="attributes"] ----- -curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true sh ----- -==== -+ -* Installing as a non-{rootuser} user: -+ -==== -[source,bash,subs="attributes"] ----- -curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true sh -s - --write-kubeconfig-mode 644 ----- -==== -+ -[[st-install-helm]] -. Install Helm as {rootuser}. -+ -==== -[source,subs="attributes"] ----- -curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash ----- -==== -+ -. Set the `KUBECONFIG` environment variable for the same user that installed K3s: -+ -==== -[source,bash] ----- -export KUBECONFIG=/etc/rancher/k3s/k3s.yaml ----- -==== -+ -[[st-deploy-k3s]] -. With the same user that installed K3s, install {trserver} using the Helm chart: -+ -==== -[source,bash] ----- -helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD ----- -==== -When using a Helm version lower than 3.8.0, an experimental flag must be set as follows: -+ -==== -[source,bash] ----- -HELM_EXPERIMENTAL_OCI=1 helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD ----- -==== -+ -. Monitor the creation and start-up of the {trserver} pods, and wait until they are ready and running: -+ -==== -[source,bash] ----- -watch kubectl get pods ----- -==== -+ -All pods must be in the ready and running state. -+ -. Log out of the {trserver} host. -. To verify that the {trserver} installation was successful, open the URL of the {trweb} (`http://TRENTO_SERVER_HOSTNAME`) from a workstation on the {sap} administrator's LAN. - -[[sec-trento-deploying-trento-on-selected-nodes]] -==== Deploying {trserver} on selected nodes - -If you use a multi-node {k8s} cluster, it is possible to deploy {trserver} images on selected nodes by specifying the field `nodeSelector` in the helm upgrade command as follows: -==== -[source,bash] ----- -HELM_EXPERIMENTAL_OCI=1 helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD \ - --set prometheus.server.nodeSelector.LABEL=VALUE \ - --set postgresql.primary.nodeSelector.LABEL=VALUE \ - --set trento-web.nodeSelector.LABEL=VALUE \ - --set trento-runner.nodeSelector.LABEL=VALUE ----- -==== - -include::helm-event-pruning.adoc[leveloffset=+2] - -[[sec-trento-enabling-email-alerts]] -==== Enabling email alerts - -Email alerting feature notifies the {sap} Basis administrator about important changes in the {sap} Landscape being monitored by {trento}. - -The reported events include the following: - -* Host heartbeat failed -* Cluster health detected critical -* Database health detected critical -* {sap} System health detected critical - -This feature is disabled by default. It can be enabled at installation time or anytime at a later stage. In both cases, the procedure is the same and uses the following placeholders: - -`SMTP_SERVER`:: -The SMTP server designated to send email alerts - -`SMTP_PORT`:: -Port on the SMTP server - -`SMTP_USER`:: -User name to access SMTP server - -`SMTP_PASSWORD`:: -Password to access SMTP server - -`ALERTING_SENDER`:: -Sender email for alert notifications - -`ALERTING_RECIPIENT`:: -Recipient email for alert notifications. - -The command to enable email alerts is as follows: - -[source,bash] ----- -HELM_EXPERIMENTAL_OCI=1 helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD \ - --set trento-web.alerting.enabled=true \ - --set trento-web.alerting.smtpServer=SMTP_SERVER \ - --set trento-web.alerting.smtpPort=SMTP_PORT \ - --set trento-web.alerting.smtpUser=SMTP_USER \ - --set trento-web.alerting.smtpPassword=SMTP_PASSWORD \ - --set trento-web.alerting.sender=ALERTING_SENDER \ - --set trento-web.alerting.recipient=ALERTING_RECIPIENT ----- - -[[sec-trento-enabling-ssl]] -==== Enabling SSL - -Ingress may be used to provide SSL termination for the Web component of {trserver}. This would allow to encrypt the communication from the agent to the server, which is already secured by the corresponding API key. It would also allow HTTPS access to the Web console with trusted certificates. - -Configuration must be done in the tls section of the `values.yaml` file of the chart of the {trserver} Web component. - -For details on the required Ingress setup and configuration, refer to: https://kubernetes.io/docs/concepts/services-networking/ingress/. Particularly, refer to section https://kubernetes.io/docs/concepts/services-networking/ingress/#tls for details on the secret format in the YAML configuration file. - -Additional steps are required on the Agent side. -// toms 2022-09-14: which steps? - -include::trento-systemd-install.adoc[leveloffset=+1] -include::trento-container-install.adoc[leveloffset=+1] -include::trento-ansible-install.adoc[leveloffset=+1] \ No newline at end of file +include::trento-install-kubernetes.adoc[] +include::trento-systemd-install.adoc[] +include::trento-container-install.adoc[] +include::trento-ansible-install.adoc[] \ No newline at end of file diff --git a/trento/adoc/trento-requirements.adoc b/trento/adoc/trento-requirements.adoc index 22fcfe1..dd3e2bf 100644 --- a/trento/adoc/trento-requirements.adoc +++ b/trento/adoc/trento-requirements.adoc @@ -56,5 +56,5 @@ Similarly, the clusters must have unique authkeys in order to be registered in { [[sec-trento-installation-prerequisites]] === Installation prerequisites -* *{trserver}* For a {k8s}-based deployment, you must have access to {suse} public registry for the deployment of {trserver} containers. For a systemd deployment, you must have a registered {sles4sap} 15 (SP3 or higher) distribution. The same applies to a containerized deployment. -* *{tragent}s* A registered {sles4sap} 15 (SP3 or higher) distribution. \ No newline at end of file +* *{trserver}* For a {k8s}-based deployment, you must have access to {suse} public registry for the deployment of {trserver} containers. For a systemd deployment, you must have a registered {sles4sap} 15 (SP3 or higher) distribution. The same applies to a containerized deployment. +* *{tragent}s* A registered {sles4sap} 15 (SP3 or higher) distribution. diff --git a/trento/adoc/trento-systemd-install.adoc b/trento/adoc/trento-systemd-install.adoc index 117104f..14e919f 100644 --- a/trento/adoc/trento-systemd-install.adoc +++ b/trento/adoc/trento-systemd-install.adoc @@ -1,7 +1,7 @@ include::product-attributes.adoc[] [[sec-systemd-deployment]] -== systemd deployment +=== systemd deployment :revdate: 2025-08-05 @@ -19,16 +19,16 @@ throughout this guide. * SP6 * SP7 -=== List of dependencies +==== List of dependencies * https://www.postgresql.org/[PostgreSQL] * https://rabbitmq.com/[RabbitMQ] * https://nginx.org/en/[NGINX] * https://prometheus.io/[Prometheus] (optional) -=== Install {trento} dependencies +==== Install {trento} dependencies -==== Install Prometheus (Optional) +===== Install Prometheus (Optional) https://prometheus.io/[Prometheus] is not required to run {trento}, but it is recommended, as it allows {trento} to display charts for each host with @@ -44,7 +44,7 @@ container. To use an existing Prometheus installation, set `+CHARTS_ENABLED+` to ==== [[prometheus-existing-installation, Use existing installation]] -===== Use existing installation +====== Use existing installation Minimal required Prometheus version is *2.28.0*. @@ -57,7 +57,7 @@ packages. Use <> as a reference to adjust the Prometheus configuration. [[prometheus-packagehub, Install Prometheus using the *unsupported* PackageHub repository]] -===== Install Prometheus using the *unsupported* PackageHub repository +====== Install Prometheus using the *unsupported* PackageHub repository https://packagehub.suse.com/[PackageHub] packages are tested by SUSE, but they do not come with the same level of support as the core SLES @@ -142,7 +142,7 @@ firewall-cmd --zone=public --add-port=9090/tcp --permanent firewall-cmd --reload ---- -==== Install PostgreSQL +===== Install PostgreSQL The current instructions are tested with the following PostgreSQL versions: @@ -171,7 +171,7 @@ zypper in postgresql-server systemctl enable --now postgresql ---- -===== Configure PostgreSQL +====== Configure PostgreSQL . Start `+psql+` with the `+postgres+` user to open a connection to the database: @@ -244,7 +244,7 @@ listen_addresses = '*' systemctl restart postgresql ---- -==== Install RabbitMQ +===== Install RabbitMQ . Install RabbitMQ server: + @@ -273,7 +273,7 @@ firewall-cmd --reload systemctl enable --now rabbitmq-server ---- -===== Configure RabbitMQ +====== Configure RabbitMQ To configure RabbitMQ for a production system, follow the official suggestions in the @@ -298,7 +298,7 @@ rabbitmqctl add_vhost vhost rabbitmqctl set_permissions -p vhost trento_user ".*" ".*" ".*" ---- -=== Install {trento} using RPM packages +==== Install {trento} using RPM packages The `+trento-web+` and `+trento-wanda+` packages come in the supported SLES4SAP distributions by default. @@ -310,7 +310,7 @@ Install {trento} web and wanda: zypper install trento-web trento-wanda ---- -==== Create the configuration files +===== Create the configuration files Both services depend on respective configuration files. They must be placed in `+/etc/trento/trento-web+` and `+/etc/trento/trento-wanda+` @@ -338,7 +338,7 @@ Otherwise websockets fail to connect, causing no real-time updates in the UI. ==== -==== trento-web configuration +===== trento-web configuration ==== [source,bash] @@ -387,7 +387,7 @@ SMTP_PASSWORD=<> ---- ==== -==== trento-wanda configuration +===== trento-wanda configuration ==== [source,bash] @@ -402,7 +402,7 @@ ACCESS_TOKEN_ENC_SECRET=some-secret ---- ==== -==== Start the services +===== Start the services Enable and start the services: @@ -411,7 +411,7 @@ Enable and start the services: systemctl enable --now trento-web trento-wanda ---- -==== Monitor the services +===== Monitor the services Use `+journalctl+` to check if the services are up and running correctly. For example: @@ -422,7 +422,7 @@ journalctl -fu trento-web ---- [[validate-the-health-status-of-trento-web-and-wanda]] -=== Check the health status of trento web and wanda +==== Check the health status of trento web and wanda You can check if {trento} web and wanda services function correctly by accessing accessing the `+healthz+` and `+readyz+` API. @@ -460,7 +460,7 @@ correctly, the output should be as follows: ---- ==== -=== Install and configure NGINX +==== Install and configure NGINX . Install NGINX package: + @@ -548,13 +548,13 @@ server { ---- ==== -=== Prepare SSL certificate for NGINX +==== Prepare SSL certificate for NGINX Create or provide a certificate for https://nginx.org/en/[NGINX] to enable SSL for {trento}. [[option-1-creating-a-self-signed-certificate]] -==== Create a self-signed certificate +===== Create a self-signed certificate . Generate a self-signed certificate: + @@ -615,7 +615,7 @@ systemctl enable --now nginx ---- [[option-2-using-lets-encrypt-for-a-signed-certificate-using-packagehub-repository]] -==== Create a signed certificate with Let's Encrypt using PackageHub repository +===== Create a signed certificate with Let's Encrypt using PackageHub repository [NOTE] ==== @@ -658,7 +658,7 @@ Certbot certificates are valid for 90 days. Refer to the above link for details on how to renew certificates. ==== -=== Accessing the trento-web UI +==== Accessing the trento-web UI Pin the browser to `+https://trento.example.com+`. You should be able to login using the credentials specified in the `+ADMIN_USER+` and From eb005ebad1b2314a9334f41c7f21dfbf848e4bed Mon Sep 17 00:00:00 2001 From: EMaksy Date: Thu, 16 Oct 2025 16:01:26 +0200 Subject: [PATCH 2/3] Remove partial as it was included in kubernetes partial --- trento/adoc/helm-event-pruning.adoc | 45 ----------------------------- 1 file changed, 45 deletions(-) delete mode 100644 trento/adoc/helm-event-pruning.adoc diff --git a/trento/adoc/helm-event-pruning.adoc b/trento/adoc/helm-event-pruning.adoc deleted file mode 100644 index a29c58d..0000000 --- a/trento/adoc/helm-event-pruning.adoc +++ /dev/null @@ -1,45 +0,0 @@ -include::product-attributes.adoc[] - -[[helm-event-pruning]] -==== Configuring event pruning -:revdate: 2025-05-23 - - -The event pruning feature allows administrators to manage how long registered events are stored in the database and how often the expired events are removed. - -The following configuration options are available: - -`pruneEventsOlderThan`:: -The number of days registered events are stored in the database. The default value is *10*. _Keep in mind that `pruneEventsOlderThan` can be set to *0*. However, this deletes all events whenever the cron job runs, making it impossible to analyze and troubleshoot issues with the application_ - -`pruneEventsCronjobSchedule`:: -The frequency of the cron job that deletes expired events. The default value is *"0 0 * * *"*, which runs daily at midnight. - -To modify the default values, execute the following Helm command: - -[source,bash] ----- -helm ... \ - --set trento-web.pruneEventsOlderThan=<> \ - --set trento-web.pruneEventsCronjobSchedule="<>" ----- - -Replace the placeholders with the desired values: - -`EXPIRATION_IN_DAYS`:: -Number of days to retain events in the database before pruning. - -`NEW_SCHEDULE`:: -The cron rule specifying how frequently the pruning job is performed. - -*Example* command to retain events for 30 days and schedule pruning daily at 3 AM: - -[source,bash] ----- -helm upgrade \ - --install trento-server oci://registry.suse.com/trento/trento-server \ - --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \ - --set trento-web.adminUser.password=ADMIN_PASSWORD \ - --set trento-web.pruneEventsOlderThan=30 \ - --set trento-web.pruneEventsCronjobSchedule="0 3 * * *" ----- \ No newline at end of file From 9bda3d2fe43c7860dbef409e749367aff4bd5cca Mon Sep 17 00:00:00 2001 From: EMaksy Date: Thu, 16 Oct 2025 16:28:01 +0200 Subject: [PATCH 3/3] Aligned naming of partial and added revdate to kubernetes --- trento/adoc/trento-install-server.adoc | 2 +- ...o-install-kubernetes.adoc => trento-kubernetes-install.adoc} | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) rename trento/adoc/{trento-install-kubernetes.adoc => trento-kubernetes-install.adoc} (99%) diff --git a/trento/adoc/trento-install-server.adoc b/trento/adoc/trento-install-server.adoc index f6ba28a..b96c4a7 100644 --- a/trento/adoc/trento-install-server.adoc +++ b/trento/adoc/trento-install-server.adoc @@ -4,7 +4,7 @@ include::product-attributes.adoc[] == Installing {trserver} :revdate: 2025-10-16 -include::trento-install-kubernetes.adoc[] +include::trento-kubernetes-install.adoc[] include::trento-systemd-install.adoc[] include::trento-container-install.adoc[] include::trento-ansible-install.adoc[] \ No newline at end of file diff --git a/trento/adoc/trento-install-kubernetes.adoc b/trento/adoc/trento-kubernetes-install.adoc similarity index 99% rename from trento/adoc/trento-install-kubernetes.adoc rename to trento/adoc/trento-kubernetes-install.adoc index 69d116f..c46b031 100644 --- a/trento/adoc/trento-install-kubernetes.adoc +++ b/trento/adoc/trento-kubernetes-install.adoc @@ -2,6 +2,7 @@ include::product-attributes.adoc[] [[sec-trento-k8s-deployment]] === {k8s} deployment +:revdate: 2025-10-16 The subsection uses the following placeholders: