Before you begin, you must download the latest GSS Adaptive Application from Quay.
Downloading and installing from Quay
To install the custom Gateway image:
- From the Linux console of a host machine with internet access, log in to
your Quay account using the following
docker login quay.io Username: <quay_username> Password: <quay_password>
- From the Linux console of a host machine with internet access, pull the
latest GSS Adaptive Application image using the following
docker pull quay.io/bluecat/gss:23.1
- If a different server will be running the BlueCat Gateway instance, use the
following command to export the GSS Adaptive Application file. Copy this
image file to the server that will be running the BlueCat Gateway
docker save -o <path_to_image_tar_file> quay.io/bluecat/gss:23.1
- Run the following command to import the image file created by the Docker
docker load -i <path_to_image_tar_file>
- Run the custom Gateway image using the following
docker run -d \ -p 80:8000 \ -p 443:44300 \ -p 4789:4789/udp \ -v <GATEWAY_LOG_DIR>:/logs/ \ -e BAM_IP=<your_bam_ip_address> \ -e DISABLE_HEALTH_CHECK=no \ --dns <dns_server_address1> --dns <dns_server_address2> \ --name <gateway_container_name> \ quay.io/bluecat/gss:23.1Where:
GSS contains a configuration file within /bluecat_gateway/customizations/gss.ini that is updated during the GSS installation workflow. In managed environments where the GSS container is deployed automatically and must be stateless, the following configuration parameters can be passed in as environment variables in the
-p 4789:4789/udpis used for the high-availability heartbeat communication.
<GATEWAY_LOG_DIR>represents the directory where the BlueCat Gateway logs are stored.
<dns_server_address2>represent the IP addresses of the DNS servers that can resolve the
gss.bluecatzone used by GSS.Note:
- If you do not specify the
--dnsparameter, the DNS servers configured on the host system are used to resolve the
- If you are deploying GSS on a BDDS, the
--dnsparameter cannot be configured; however, you can configure the DNS resolver settings on the BDDS. For more information, refer to the DNS Resolver section of the Address Manager Administration Guide.
- If you do not specify the
DISABLE_HEALTH_CHECKenvironment variable is used to disable the scheduled health checker when starting the BlueCat Gateway instance. The default value is
no.Tip: BlueCat advises all customers to map Docker logs volumes to save data from BlueCat Gateway. This is the recommended best practice for Docker containers. However, if you prefer to mount logs directories to your local machine, you must manually set rwx (read, write, execute) permissions to those directories before running the container. If you do not map logs directories to your local machine during installation, BlueCat Gateway will write all the data to the container by default. If you then stop or restart the container, all this data will be lost.To set permissions to external volumes, run the following command:
chmod -R a=rwx <mapped volume>
GSS_USER—name of the BlueCat Gateway user that will be used by the scheduled ACL management function.
GSS_PASS—encrypted password for the BlueCat Gateway user that will be used by the scheduled ACL management function.
GSS_CONFIGURATION—name of the Address Manager configuration that is used with GSS.
GSS_VIEW—name of the Address Manager DNS view that is used with GSS.
GSS_TAG_GROUP—name of the Address Manager Tag Group that is used with GSS. The default value is Traffic Steering but this can be updated to support multiple independent deployments of GSS.
GSS_REGION—the health-check region used by this GSS server. In the Default region, the value should be Default.
GSS_TSIG_KEY—the primary TSIG key that will be used to update DNS . This value is also a seed to generate the view-specific TSIG keys. The format of the key is as follows:
LOCAL_ADDRESS—the local IP address and port that is used for the high-availability heartbeat communication. The local address includes the IP address and port on the docker host where the GSS container is exposed in the following address:
DISABLE_HA—indicates whether high-availability is configured. Set the value to yes to disable the high-availability function.
When the configuration parameters are passed in as environment variables, the corresponding values in the /bluecat_gateway/customizations/gss.ini configuration file are ignored. To update the configuration provided in the environment variables, you must delete and redeploy the GSS container.