Text Mode Installation
This procedure documents installation for Platform Analytics, release 9.3. If you need installation information for one of the following earlier releases, use the links below to open earlier PDF installation guides maintained on the PTC eSupport Portal:
This procedure represents the text installation mode, typically used in a Linux environment. For launch information using Graphical or Silent installation modes, see Graphical Mode Installation or Silent Mode Installation
Before Installation
.
• Make sure all of the prerequisites have been met.
• Download the appropriate installer files for your operating system.
• Extract the downloaded files to a location on your host system.
• If you plan to use an existing external instance of RabbitMQ or Apache Flink, instead of installing the components provided with the installer, those servers must be running during the Platform Analytics installation.
• If you plan to use TLS support for connections to any Platform Analytics components, review and complete any necessary tasks in the following sections:
 |
For Platform Analytics 9.2 and earlier, the TLS installation parameters are still labeled SSL instead of TLS.
|
Installation Steps
1. Open a terminal window and, as root user, launch the installer command: ./PlatformAnalytics-<n.n.n>-linux-x64-installer.run
|
|
An advanced option is available if you want to override the default user account during the installation. For more information about launching the installer with this option, see Change the User Account .
|
2. Accept the license agreement and press Enter.
3. Select the products you want to install. For a description of the available components, see Installation Components.
The default response for each component is y for Yes. You can press Enter to accept it and move on to the next component or clear it by changing it to n for No.
4. Specify an installation directory. You can accept the default or provide a different location.
If the installer detected a previous version of a component, and you want to upgrade, the old installation directory is preselected. For more information, see Upgrade from an Earlier Version.
5. Enter ThingWorx connection information. For a description of the required parameters, see ThingWorx Connection Information.
6. Enter RabbitMQ configuration information, according to the parameters described in RabbitMQ Configuration Information. The required information varies depending on the following:
◦ Are you installing the new RabbitMQ instance provided with the installer or pointing to an existing external instance?
◦ Are you using TLS connections between RabbitMQ and either ThingWorx or Flink?
|
|
The RabbitMQ password will be encrypted automatically as part of the installation process.
|
7. Enter Flink configuration information. Flink TLS requirements depend on the release of Platform Analytics you are installing, and whether you are using the Flink instance provided with the installer. For more information, see Flink Configuration Information.
8. If you opted, in Step 3, to include the Integration with Analytics Server for Anomaly Detection you are prompted to provide connection information for your Analytics Server. For a description of the required parameters, see Analytics Server Connection Information.
9. When you complete the last step, the installation begins. Depending on your operating system, several windows may open and then close while the process unpacks and installs the necessary libraries and settings.
When the installation process is complete, an installation summary is displayed. To view the entire summary, continue clicking Enter to scroll through the list of installed components.
10. To test the product installations, see:
◦ Verify the Descriptive Analytics Microservice Installation
◦ Verify the Property Transform Installation
Installation Components
In Step 3 above, the components available for installation include the following:
|
Property Transform Services
|
Select any of the following components included with the installer:
|
|
|
RabbitMQ
|
Installs the RabbitMQ component included with the installer.
If you opt not to install the instance of RabbitMQ available with the installer, you are prompted later in the procedure to provide information about the location of an existing external RabbitMQ instance.
|
|
|
Apache Flink
|
Installs the Flink component included with the installer.
If you opt not to install the instance of Flink available with the installer, you are prompted later in the procedure to provide information about the location of an existing external Flink instance.
|
|
|
Property Transform Microserver
|
The microserver component is selected by default and cannot be cleared.
|
|
|
Integration with Analytics Server for Anomaly Detection – If you plan to deploy Anomaly Detection in a ThingWorx cluster, enter y for Yes to select this option under the Property Transform Microserver option. The Analytics Server must already be installed and running. You are prompted later in the procedure for an API key and Analytics Server connection information (see Step 8). The default value for this option is n for No.
If you are deploying Anomaly Detection in a standalone ThingWorx environment, this option is not necessary.
|
||
|
Descriptive Services
|
Installs the Descriptive Analytics Microservice.
|
|
ThingWorx Connection Information
In Step 5 above, the following ThingWorx connection parameters are required.
|
Parameter
|
Description
|
||
|---|---|---|---|
|
ThingWorx IP Address or Host Name
|
Enter the IP address or host name of your ThingWorx server, which must already be installed and running.
If you are using TLS for your connection to ThingWorx, this IP Address or Host Name must match the SAN address or host used to create the ThingWorx TLS certificate.
|
||
|
ThingWorx Port
|
Enter the port for communicating with your ThingWorx server.
If you are using TLS for your connection to ThingWorx, enter that port number.
|
||
|
ThingWorx AppKey
|
Enter the value from the Key ID field of the application key you created in ThingWorx.
|
||
|
Use TLS?
|
Set to y for Yes in order to require the use of TLS when connecting to ThingWorx. The default value is n for No.
|
||
|
Upload ThingWorx Certificate File?
|
Set to y for Yes if you want the installer to upload your ThingWorx TLS certificate automatically. The default value is n for No.
For a new installation using TLS, this option must be enabled (set to y). For an upgrade, modify, or repair installation, this option is necessary only if you want to upload a new certificate. To continue using an existing certificate, leave the default value for this option (n).
For more information, see TLS Support for ThingWorx.
|
||
|
ThingWorx Certificate File
|
Enter the path to the TLS certificate created for your ThingWorx server. This file is required when Upload ThingWorx Certificate File? is set to y.
|
||
|
ThingWorx Truststore Password
|
Enter a password that will be assigned to the ThingWorx truststore. This truststore will be created automatically during the Platform Analytics installation.
|
RabbitMQ Configuration Information
For Step 6 above, configure the following RabbitMQ parameters for your installation scenario. You can either install the new RabbitMQ instance provided with the installer or point to an existing external instance. You can also choose to use TLS for connections between the RabbitMQ instance (new or existing) and either your ThingWorx server or Flink.
|
Scenario
|
Parameters
|
|---|---|
|
New RabbitMQ – No TLS
|
Provide the following:
• RabbitMQ Username
• RabbitMQ Password
The RabbitMQ virtual host is set to the root directory by default: “/”
|
|
Existing RabbitMQ – No TLS
|
Provide the following:
• RabbitMQ IP Address or Host Name
• RabbitMQ Port
• RabbitMQ Username
• RabbitMQ Password
• RabbitMQ Virtual Host
|
|
New RabbitMQ – Yes TLS
|
Provide the following:
• Use TLS? – Must be set to y for Yes to enable TLS.
• RabbitMQ CA Bundle file – Enter the path to the ca_certificate.pem file containing the authority that signed the RabbitMQ certificate. If you plan to use TLS for the connection between RabbitMQ and ThingWorx, this bundle must also include the authority that signed the ThingWorx certificate.
• RabbitMQ Certificate file – Enter the path to the rabbitmq_certificate.pem file certificate signed by the authority in the RabbitMQ CA Bundle.
• RabbitMQ Key file – Enter the path to the rabbitmq_key.pem file containing the key that corresponds to the signed RabbitMQ certificate.
• Truststore information as following:
◦ For 9.2 and later –
RabbitMQ Truststore Password – Enter a password that will be assigned to the RabbitMQ Truststore. This truststore will be created automatically during the Platform Analytics installation.
◦ For 9.0 and 9.1 –
RabbitMQ CA Alias – Enter an alias name that is assigned to the RabbitMQ certificate. The alias is used when importing the certificate authority into the Java Truststore. Alias names are converted automatically to all lower case.
Java Truststore Password – Enter the password for the Java Truststore, a file where trusted TLS certificates are stored. The Truststore is created automatically, with a default password, when Java is installed. For more information about Java Truststore passwords, see Working with Certificates and SSL on the Oracle website.
• Property Transform PKCS12 file – Enter the path to the client.pkcs12 file, which is used to identify the Property Transform and Flink services to RabbitMQ. It must contain a certificate and the corresponding key. It must be signed by an authority in the RabbitMQ CA Bundle. To create the PKCS12 file, use the OpenSSL tool. For example:
openssl pkcs12 -export -in <certificate.pem> -inkey <key.pem> -out client.pkcs12
• PKCS12 Password – Enter an optional password for the PKCS12 file.
|
|
Existing RabbitMQ – Yes TLS
|
Provide the following:
• Use TLS? – Must be set to y for Yes to enable TLS.
• Property Transform PKCS12 file – Enter the path to the client.pkcs12 file, which is used to identify the Property Transform and Flink services to RabbitMQ. It must contain a certificate and the corresponding key. It must be signed by an authority that the existing RabbitMQ is configured to trust. To create the PKCS12 file, use the OpenSSL tool. For example:
openssl pkcs12 -export -in <certificate.pem> -inkey <key.pem> -out client.pkcs12
• PKCS12 Password – Enter an optional password for the PKCS12 file.
• TLS Truststore file – Enter the path to a JKS Truststore file that contains the authority that signed the RabbitMQ certificate.
• TLS Truststore Password – Enter the password for the TLS Truststore. For more information about Java Truststore passwords, see Working with Certificates and SSL on the Oracle website.
|
Flink Configuration Information
For Step 7 above, configure the Flink parameters that are necessary for your installation scenario.
• New Flink instance – If you are installing the new Flink instance provided with the installer, enter the information listed in the New Flink Instance table. In the new Flink scenario, the installer collects parameters on one or two different screens, depending on which release of Platform Analytics you are installing:
◦ 9.0 – 9.1 – Two separate screens collect information for two types of TLS protections: the external REST connection between Flink and the Property Transform microserver, and the internal communication between the Flink job and task managers.
◦ 9.2 and later – One screen collects information for TLS protection of the external REST connection between Flink and the Property Transform microserver. TLS for the internal communication between Flink job and task managers is handled automatically by the installer.
In either case, TLS protection, which includes mutual authentication, is enabled by default.
 |
If you choose to disable TLS protection, you must block your Flink REST port (typically port 8086) via your firewall. Otherwise, the port will be exposed to outside networks.
|
For more information about creating the appropriate certificates, see TLS Support for Flink.
• Existing Flink instance – If you are pointing to an existing external Flink instance, enter the information listed in the Existing Flink Instance table. In the existing Flink scenario, the installer requests information about the existing Flink instance and collects parameters to enable TLS protections for the external REST connection between Flink and the Property Transform microserver. TLS protection, which includes mutual authentication, is enabled by default.
|
|
If you choose to disable TLS protection, your Flink REST port will be exposed to outside networks.
|
For more information about creating the appropriate certificate, see TLS Support for Flink.
|
Scenario
|
Parameters
|
||
|---|---|---|---|
|
Flink REST – No TLS
|
Use Flink REST TLS? – By default, this parameter is set to y for Yes to enable TLS. To disable TLS support for the REST connection, change the value to n for No.
No additional parameters are required.
|
||
|
Flink REST – Yes TLS
|
Use Flink REST TLS? – Is set to y for Yes to enable TLS by default.
Provide the following additional parameters:
• Flink REST Keystore – Enter the path to the REST Keystore file where the signed Flink REST TLS certificate is stored. The file can be in JKS or PKCS12 format. The Flink REST certificate is used by the Flink REST endpoint.
• REST Keystore Password – Enter the password for the Flink REST Keystore.
• REST Key Password – Enter the password used to protect the private key of the REST Keystore. This key password was defined when the REST Keystore was created and may be the same as the Keystore Password.
• Flink Client Keystore – Enter the path to the Client Keystore file where the signed Flink Client TLS certificate is stored. The file can be in JKS or PKCS12 format. The Flink Client certificate is used by the Flink client on the Property Transform microserver.
• Client Keystore Password – Enter the password for the Flink Client Keystore.
• Client Key Password – Enter the password used to protect the private key of the Client Keystore. This key password was defined when the Client Keystore was created and may be the same as the Keystore Password.
• Flink REST Truststore – Enter the path to a REST Truststore file that contains the certificate authority root that signed the Flink certificate. The file can be in JKS or PKCS12 format.
• REST Truststore Password – Enter the password for the Flink REST Truststore.
|
||
|
Flink Internal – No TLS
|
Use Flink Internal SSL? – By default, this parameter is set to y for Yes to enable TLS. To disable TLS support for the Flink internal connections, change the value to n for No.
No additional parameters are required.
|
||
|
Flink Internal – Yes TLS
|
Use Flink Internal SSL? – Is set to y for Yes to enable TLS by default.
Provide the following additional parameters:
• Flink Internal Keystore – Enter the path to the Internal Keystore file where the signed Flink TLS certificate is stored. The file can be in JKS or PKCS12 format.
• Internal Keystore Password – Enter the password for the Flink Internal Keystore.
• Flink Internal Truststore – Unless you created a separate Internal Truststore, enter the same path as the Internal Keystore file. The file can be in JKS or PKCS12 format.
• Internal Truststore Password – Unless you created a separate Internal Truststore, enter the password for the Flink Internal Keystore.
• Internal Key Password – Enter the password used to protect the private key of the Internal Keystore. This key password was defined when the Internal Keystore was created.
|
|
Scenario
|
Parameters
|
|---|---|
|
Flink REST – No TLS
|
Provide the following parameters:
• Flink IP Address or Host Name – Enter the IP address or host name of your existing Flink instance.
• Flink Port – Enter the port number for your existing Flink instance.
• Use Flink REST TLS? – By default, this parameter is set to y for Yes to enable TLS. To disable TLS support for the REST connection, change the value to n for No.
No additional parameters are required.
|
|
Flink REST – Yes TLS
|
Provide the following parameters:
• Flink IP Address or Host Name – Enter the IP address or host name of your existing Flink instance.
• Flink Port – Enter the port number for your existing Flink instance.
• Use Flink REST TLS? – Is set to y for Yes to enable TLS by default.
Provide the following additional parameters:
• Flink REST Keystore – Enter the path to the REST Keystore file where the signed Flink REST TLS certificate is stored. The file can be in JKS or PKCS12 format. The Flink REST certificate is used by the Flink REST endpoint.
• REST Keystore Password – Enter the password for the Flink REST Keystore.
• REST Key Password – Enter the password used to protect the private key of the REST Keystore. This key password was defined when the REST Keystore was created.
• Flink Client Keystore – Enter the path to the Client Keystore file where the signed Flink Client TLS certificate is stored. The file can be in JKS or PKCS12 format. The Flink Client certificate is used by the Flink client on the Property Transform microserver.
• Client Keystore Password – Enter the password for the Flink Client Keystore.
• Client Key Password – Enter the password used to protect the private key of the Client Keystore. This key password was defined when the Client Keystore was created and may be the same as the Keystore Password.
• Flink REST Truststore – Enter the path to a REST Truststore file that contains the authority that signed the Flink certificate. The file can be in JKS or PKCS12 format.
• REST Truststore Password – Enter the password for the Flink REST Truststore.
|
Analytics Server Connection Information
For Step 8 above, the following Analytics Server connection parameters are required.
|
Parameter
|
Description
|
||||
|---|---|---|---|---|---|
|
Analytics Server IP Address or Host Name
|
Enter the IP address or host name of your Analytics Server, which must already be installed and running.
If you are using TLS for your connection to the Analytics Microservices, this IP Address or Host Name must match the SAN address or host used to create the Analytics Microservices TLS certificate.
|
||||
|
Analytics Server Async Port
|
Enter the port for communicating with your Async microservice.
|
||||
|
Analytics Server API Key
|
Enter the key automatically generated at the end of the Analytics Server installation. This key is required to interact with the Analytics Server internal API layer. If you did not make a note of the automatically-generated key, you must generate an updated key. See Updating an Analytics API Key.
|
||||
|
TLS for Analytics Microservices
|
Indicate whether or not TLS authentication support is enabled for your Analytics Server microservices. The default response is n for No. You can press Enter to accept it or clear it by changing it to y for Yes.
|
||||
|
Analytics Server Async Certificate File
|
Navigate to the TLS certificate that was created for the Analytics Server installation. This is a JKS keystore file, however, for Platform Analytics, it must be converted to a PEM file. Use the following command to export the certificate from the keystore as a PEM file:
keytool -exportcert -alias <analytics server alias> -keystore <keystore name>.jks -rfc -file <new file name>.pem
Enter the path to the new PEM file for the Analytics Server Async Certificate File parameter.
|
||||
|
Analytics Server Truststore Password
|
Enter a password that will be assigned to the Analytics Server truststore. This truststore will be created automatically during the Platform Analytics installation. This is a new Analytics Server truststore, created by the Platform Analytics installer.
|