Post-install configuration

There are a few platform settings that need to be updated after installing Anaconda Enterprise, before you can begin using it. Follow the instructions below, based on whether you used a web browser or a command-line to install the platform. Then you’ll be ready to test your installation and perform additional configuration, specific to your organization.

Browser-based instructions

If you installed Anaconda Enterprise using a web browser, a UI will guide you through some post-install configuration steps.

NOTE: It may take a moment for the Post-Install Setup screen to appear. If you see an error immediately after clicking Continue at the end of the installation process, please refresh your browser after a few seconds to display the UI.

  1. Enter the cluster Admin account credentials that you will use to log in to the Anaconda Enterprise Operations Center initially, and click Next.

NOTE: The installer will generate self-signed SSL certificates that you can use temporarily to get started. See Updating TLS/SSL certificates for information on how to change them later, if desired.

  1. Enter the fully-qualified domain name (FQDN) where the cluster will be accessed and click Finish Setup.
  2. Log in to the Anaconda Enterprise Operations Center using the cluster Admin credentials you provided in Step 1, and follow the instructions below to update the platform settings with the FQDN of the host server.

Command-line instructions

If you performed an unattended installation using the command-line instructions, follow the instructions below to generate self-signed SSL certificates that you can use temporarily to get started. See Updating TLS/SSL certificates for information on how to change them later, if desired.

NOTE: You need to have OpenJDK installed to be able to use the following method to generate self-signed SSL certificates.

  1. On the master node for your Anaconda Enterprise installation, run the following commands to save your secrets file to a location where Anaconda Enterprise can access it, replacing YOUR_FQDN with the fully-qualified domain name of the cluster on which you installed Anaconda Enterprise.:

    cd path/to/Anaconda/Enterprise/unpacked/installer
    cd DIY-SSL-CA
    bash create_noprompt.sh YOUR_FQDN
    cp out/DESIRED_FQDN/secret.yaml /var/lib/gravity/planet/share/secret.yaml
    

Now /var/lib/gravity/planet/share/secret.yaml is accessible as /ext/share/secret.yaml within the Anaconda Enterprise environment, which can be accessed with the following command:

sudo gravity enter
  1. Replace the default secrets cert with the contents of your secret.yaml file by running the following commands from within the Anaconda Enterprise environment:

    $ kubectl delete secrets anaconda-enterprise-certs
    secret "anaconda-enterprise-certs" deleted
    $ kubectl create -f /ext/share/secret.yaml
    secret "anaconda-enterprise-certs" created
    

NOTE: If the post-install process doesn’t complete after using the CLI install, you can complete the process by running the following commands within gravity.

To determine the site name:

SITE_NAME=$(gravity status --output=json | jq '.cluster.token.site_domain' -r)

To complete the post-install process:

gravity --insecure site complete $SITE_NAME --ops-url=https://gravity-site.kube-system.svc.cluster.local:3009

Replacing SITE_NAME with the actual name of the site.

To update the platform settings with the FQDN of the host server:

  1. Access the Anaconda Enterprise Operations Center by entering this URL in your browser:

https://anaconda.example.com:32009, replacing anaconda.example.com with the FQDN of the host server.

  1. Click Configuration in the left menu to display the Anaconda Enterprise Config map.

  2. Throughout the Config map, there are several instances of https://anaconda.example.com that you’ll need to replace with the FQDN of your host server.

  3. Click Apply to save your changes to the Config map.

  4. Restart all the service pods using the following command:

    kubectl get pods | grep ap- | cut -d' ' -f1 | xargs kubectl delete pods
    

Now you are ready to follow the instructions below to test your installation.

Testing your installation

After you’ve finished installing Anaconda Enterprise, and completed the post-install configuration steps, you can do the following to verify that your installation succeeded:

  1. Access the Anaconda Enterprise console by entering the URL of your AE server in a web browser: https://anaconda.example.com, replacing anaconda.example.com with the fully-qualified domain name of the host server.
  2. Login with the default username and password anaconda-enterprise / anaconda-enterprise. After testing your installation, update the credentials for this default login. See Configuring user access for more information.

You can verify a successful installation by doing any or all of the following:

NOTE: Some of the sample projects can only be deployed after mirroring the package repository. To test your installation without doing this first, you can deploy the “Hello Anaconda Enterprise” sample project.

Configuring your firewall settings

If your organization uses firewalld, you’ll need to run the following commands to update your configuration:

firewall-cmd --zone=<your-zone> --add-source=10.244.0.0/16 --permanent # pod subnet
firewall-cmd --zone=<your-zone> --add-source=10.100.0.0/16 --permanent # service subnet
firewall-cmd --zone=<your-zone> --add-source=<node-IP> --permanent # IP address (run for each node IP after installing your AE cluster)
firewall-cmd --zone=<your-zone> --add-interface=eth0 --permanent       # enable eth0 in trusted zone so nodes can communicate
firewall-cmd --zone=<your-zone> --add-masquerade --permanent           # masquerading so packets can be routed back
firewall-cmd --zone=<your-zone> --add-port=<port>/tcp --permanent # to open each required port
firewall-cmd --reload
systemctl restart firewalld

NOTES:

  • To get the IP address(es) for the nodes in your Anaconda Enterprise cluster, run the following command from a terminal on any node:

    gravity status
    
  • See Installation requirements for the list of required ports you’ll want to run the command that opens each port against.

Next steps:

Now that you’ve completed these essential steps, you can do any of the following optional steps: