Installing the GSS Adaptive Application - Adaptive Applications - BlueCat Gateway - 22.1

Global Server Selector Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.1

Before you begin, you must download the latest GSS Adaptive Application from Quay.

Downloading and installing from Quay

To install the custom Gateway image:
  1. From the Linux console of a host machine with internet access, log in to your Quay account using the following commands:
    docker login quay.io
    Username: <quay_username>
    Password: <quay_password>
  2. From the Linux console of a host machine with internet access, pull the latest GSS Adaptive Application image using the following command:
    docker pull quay.io/bluecat/gss:22.1
  3. If a different server will be running the BlueCat Gateway instance, use the following command to export the GSS Adaptive Application file. Copy this image file to the server that will be running the BlueCat Gateway instance:
    docker save -o <path_to_image_tar_file> quay.io/bluecat/gss:22.1
  4. Run the following command to import the image file created by the Docker save command:
    docker load -i <path_to_image_tar_file>
  5. Run the custom Gateway image using the following command:
    docker run -d \
    -p 80:8000 \
    -p 443:44300 \
    -p 4789:4789/udp \
    -v <GATEWAY_LOG_DIR>:/logs/ \
    -e BAM_IP=<your_bam_ip_address> \
    -e DISABLE_HEALTH_CHECK=no \
    --dns <dns_server_address1> --dns <dns_server_address2> \
    --name <gateway_container_name> \
    quay.io/bluecat/gss:22.1
    Where:
    • -p 4789:4789/udp is used for the high-availability heartbeat communication.
    • <GATEWAY_LOG_DIR> represents the directory where the BlueCat Gateway logs are stored.
    • (Optional) <dns_server_address1> and <dns_server_address2> represent the IP addresses of the DNS servers that can resolve the gss.bluecat zone used by GSS.
      Note:
      • If you do not specify the --dns parameter, the DNS servers configured on the host system are used to resolve the gss.bluecat zone.
      • If you are deploying GSS on a BDDS, the --dns parameter cannot be configured; however, you can configure the DNS resolver settings on the BDDS. For more information, refer to the DNS Resolver section of the Address Manager Administration Guide.
    • The DISABLE_HEALTH_CHECK environment variable is used to disable the scheduled health checker when starting the BlueCat Gateway instance. The default value is no.
      Tip: BlueCat advises all customers to map Docker logs volumes to save data from BlueCat Gateway. This is the recommended best practice for Docker containers. However, if you prefer to mount logs directories to your local machine, you must manually set rwx (read, write, execute) permissions to those directories before running the container. If you do not map logs directories to your local machine during installation, BlueCat Gateway will write all the data to the container by default. If you then stop or restart the container, all this data will be lost.
      To set permissions to external volumes, run the following command:
      chmod -R a=rwx <mapped volume>
    GSS contains a configuration file within /bluecat_gateway/customizations/gss.ini that is updated during the GSS installation workflow. In managed environments where the GSS container is deployed automatically and must be stateless, the following configuration parameters can be passed in as environment variables in the docker run command:
    • GSS_USER—name of the BlueCat Gateway user that will be used by the scheduled ACL management function.
    • GSS_PASS—encrypted password for the BlueCat Gateway user that will be used by the scheduled ACL management function.
    • GSS_CONFIGURATION—name of the Address Manager configuration that is used with GSS.
    • GSS_VIEW—name of the Address Manager DNS view that is used with GSS.
    • GSS_TAG_GROUP—name of the Address Manager Tag Group that is used with GSS. The default value is Traffic Steering but this can be updated to support multiple independent deployments of GSS.
    • GSS_REGION—the health-check region used by this GSS server. In the Default region, the value should be Default.
    • GSS_TSIG_KEY—the primary TSIG key that will be used to update DNS . This value is also a seed to generate the view-specific TSIG keys. The format of the key is as follows:
      <hmac>:<name>:<key>
    • LOCAL_ADDRESS—the local IP address and port that is used for the high-availability heartbeat communication. The local address includes the IP address and port on the docker host where the GSS container is exposed in the following address:
      <ip-address>:<port>
    • DISABLE_HA—indicates whether high-availability is configured. Set the value to yes to disable the high-availability function.

    When the configuration parameters are passed in as environment variables, the corresponding values in the /bluecat_gateway/customizations/gss.ini configuration file are ignored. To update the configuration provided in the environment variables, you must delete and redeploy the GSS container.