The resource requirements that a server must meet for deploying FineOps are detailed in this article.
Virtual machines are prone to issues such as resource contention, which may cause unexpected system failure, making them unsuitable for deploying FineOps.
It is recommended that FineOps monopolize one server.
That is, only deploy FineOps on the server, and do not deploy other applications or FanRuan projects to ensure the independence of operation and maintenance.
FineOps can share a server with a single-node FanRuan project.
That is, deploy FineOps and a FanRuan application (a standalone project) on the server, and do not deploy other content.
When using the FineKey tool to deploy FineOps, the Docker container is automatically installed.
Ensure that the server where FineOps is located has no pre-installed Docker. Otherwise, the FineOps deployment may fail due to version and permission issues.
Execute the following command.
docker version
If it returns nothing, no Docker is installed.
If it returns the version number, Docker has been installed. Uninstall Docker or replace the server.
Configuration
Operating system kernel
Version 3.10 and above
Operating system software
Recommended: Ubuntu 22
Supported:
Ubuntu 18.04.4 and later releases (except for Ubuntu 20.04)
CentOS 7.3 to 7.9
Red Hat 7.6 and later releases
Rocky Linux 8.8 to 9.4
You are advised to use Ubuntu since CentOS is discontinued.
Ensure the user you use has relevant permission if the operating system is Ubuntu (as the default root user is not a superuser).
The server on which FineOps is deployed shall meet the following requirements.
Requirement
1 GB
Take the larger value between the following listed ones as the configuration requirement.
1. Ensure the server contains a partition with at least 100 GB (200 GB recommended) of free space.
2. The required disk space of the FineOps server increases with the number of daily visits and nodes of the O&M project to be connected (if any). An extra 100 GB is required per 50000 daily visits and an extra 50 GB is required per node.
For an exclusive server of FineOps Standard Edition, the memory larger than 16 GB is recommended and should be at least 12 GB.
For an inclusive server of FineOps Standard Edition, the memory should be larger than 16 GB.
For the server of FineOps Basic Version, the memory should be larger than 4 GB.
1. If the number of main application nodes of O&M projects to be connected exceeds 10, an extra 100 MB of memory is required per main application node.
2. For projects deployed on the same server as FineOps, you must perform registration authentication after deployment.
For the intranet environment that can be connected to the Fanruan cloud or the extranet environment, you are advised to authenticate registration via a public cloud. For details, see Public Cloud Authentication.
For the pure intranet environment, you need to install a registration service component on the project component server and authenticate registration via private cloud on FineOps. Therefore, you must ensure an additional 2 GB of free physical memory on this server. For details, see New Project Registration.
Extranet bandwidth
Greater than or equal to 5 MB/s
The configuration requirements in the above table must be met because each component of FineOps has default configuration requirements, as shown in the following table.
A resource-sharing strategy is used to prevent resource over-provisioning, as the components do not run at full load simultaneously.
The total amount of required server resources are not the sum of the maximum usage amount of each container.
xmx = 2 GB
-XX:ReservedCodeCacheSize = 250 MB
-XX:MaxDirectMemorySize = 500MB
-XX:MaxMetaspaceSize = 500 MB
xmx= 0.5 GB
-XX:MaxDirectMemorySize = 100 MB
MALLOC_ARENA_MAX = 8
FineOps includes many components, and some of them require port mapping to the host machine, occupying server ports for operation.
Before deployment, ensure the port to be mapped automatically (default port) is not in use. If it is already in use, use a free port.
1. For instructions on port occupancy inspection and firewall configuration, see Port Occupancy Inspection and Firewall Configuration.
2. You do not need to reserve server ports for the OPS, Pushgateway, Prometheus, Grafana, and Alertmanager components, because they require no port mapping to the host machine.
It is the port you use to access FineOps.
Deployed by a root user: 80
Deployed by a non-root user: 8090
If using a non-root user for installation, do not use ports below 1024.
In a Linux environment, non-root users can only use ports 1024 and above.
Google Chrome identifies the following ports as insecure ports with potential security threats.
Do not use the following ports, as doing so will prevent Google Chrome from accessing FineOps.
1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 69, 77, 79, 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 137, 139, 143, 161, 179, 389, 465, 512, 513, 514, 515, 526, 530, 531, 532, 540, 548, 554, 556, 563, 587, 601, 636, 989, 990, 993, 995, 1719, 1720, 1723, 2049, 3659, 4045, 5061, 6000, 6566, 6665, 6666, 6667, 6668, 6669, 6697, and 10080
Certain server ports must be opened to ensure normal access to FineOps and smooth deployment and monitoring of O&M projects.
O&M personnel
(unlimited IP address)
FineOps Nginx
The default port is as follows.
FineOps deployed by a root user: 80
FineOps deployed by a non-root user: 8090
FineOps configured with SSL: 443
FanRuan cloud image repository
(fineops-registry.cn-hangzhou.cr.aliyuncs.com:443)
Registry: 5000
The application node and the engine node of the project, including FineBI - Application Node, Engine - Metadata Node, Engine - Calculation Node, FineReport, and FineDataLink
The OPS Agent component on every server of this project (on project nodes and cluster component nodes): 9070
Tracing
FineOps SkyWalking OAP:
11800 and 12800
The application node and the engine node of the project, including ineBI - Application Node, Engine - Metadata Node, Engine - Calculation Node, FineReport, and FineDataLink
The project node, the BI engine node, and the cluster component node on every server
The FineOps mounting path associates essential FineOps files on the host machine with those in the container, realizing data persistence and enabling quick file viewing.
1. Check the server disk space.
Use the df-h command to find a mounting point with large free space.
In this example, the most appropriate mounting point for the server is the /home directory.
2. Create a folder.
Select an appropriate position in this directory and create a folder as the FineOps mounting directory.
Use the mkdir command to create a folder. (In this example, a folder named fanruan is created in the /home directory.)
mkdir/home/fanruan
Use the chmod command to grant permission on the folder. (In this example, the 777 permission is assigned.)
chmod 777/home/fanruan
The mounting path (/home/fanruan) is the value of the dataRootPath parameter in the finekey.yaml file used to deploy FineOps.
3. Empty ACL rules.
An access control list (ACL) is a list of rules that specify the access permission of different users or user groups on files and directories.
If the mounting directory is configured with an ACL, after deployment, the data-root directory of the Docker container will inherit the ACL automatically, which may lead to various issues caused by lack of permission such as container startup failure.
Therefore, you are advised to remove all ACL rules configured for the mounting directory and retain the UNIX permission only.
setfacl -b /Mounting path
You are advised to use the account with a user ID of 0 and a username of root to upload, decompress, and run the FineKey tool for containerized deployment.
Ensure the root user can connect to the FineOps server via the SSH protocol. Ensure the password used for SSH connection contains no English single quotation marks, otherwise, the permission will fail to be validated during deployment.
1. The user whose user ID is 0 but whose username is not root cannot be used for deployment. Rename it root.
2. The default root user of a Ubuntu operating system is not a superuser. Ensure the user you use has the following permission.
To deploy FineOps using a regular user account, ensure the user has the following permission.
1. For permission necessity, see Linux User Permission Explanation.
2. A Docker environment will be created on the target server and the user you use will be added to the Docker user group automatically during FineOps deployment. You must terminate the current terminal session and reconnect to the server using a new terminal session. This step is essential for the user group changes to take effect, enabling the execution of Docker commands and related operations.
Ensure the user you use can connect to the FineOps server via the SSH protocol.
Ensure the password used for SSH connection contains no English single quotation marks, otherwise, the permission will fail to be validated during deployment.
FineOps deployment relies on the FineKey installation package. You are required to upload the FineKey installation package to the server and execute commands to decompress the package and deploy FineOps.
For the directory to which you want to upload the FineKey installation package and save the extracted package content, ensure that:
The user you use has the necessary permission to execute the tar command in the directory so that you can decompress the FineKey installation package.
The user is the directory owner. You can use the following command to grant permission.
chown -R Username /Absolute path of the FineKey installation package
The user has read, write, and execute permission for the directory. You can use the following command to grant permission.
chmod -R 755 /Absolute path of the FineKey installation package
Since you need to add and edit files in the FineOps installation directory when installing FineOps, ensure that:
The user you use is the owner of the FineOps installation directory prepared in the previous section. You can use the following command to grant permission.
chown -R Username /Absolute path of the FineOps installation directory
The user has read, write, and execute permission for the FineOps installation directory prepared in the previous section. You can use the following command to grant permission.
chmod -R 755 /Absolute path of the FineOps installation directory
You must allow the user to execute configuration commands using the sudo command as a root user on any host computer.
Modify the /etc/sudoers file. The following is an example.
Username ALL=(root) /bin/sh,/bin/mkdir,/bin/rm,/bin/cp,/bin/systemctl,/bin/kill,/usr/sbin/sysctl,/usr/bin/gpasswd,/usr/ sbin/groupadd,/usr/bin/chown,/usr/sbin/modprobe,/usr/bin/echo,/usr/bin/sed,/usr/sbin/swapoff,/bin/sudo
(Optional) Allow the user to execute commands using the sudo command without entering a password if the user still lacks permission.
Username ALL=(root) NOPASSWD: bin/sh,/bin/mkdir,/bin/rm, /bin/cp,/bin/systemctl,/bin/kill,/usr/sbin/sysctl, /usr/bin/gpasswd,/usr/sbin/groupadd,/usr/bin/chown, /usr/sbin/modprobe,/usr/bin/echo,/usr/bin/sed, /usr/sbin/swapoff,/bin/sudo
Ensure the user does not require a TTY session to execute sudo commands. This will allow the execution of sudo commands through scripts/remote commands.
Comment out the requiretty-related content in the /etc/sudoers file. The following is an example.
#Defaults: requiretty
Security-Enhanced Linux (SELinux) is a security module integrated into the Linux kernel, which strictly restricts access to system resources by programs and users via mandatory access control mechanisms.
The enabled SELinux may interfere with starting Docker as a service using the systemctl command.
Disable SELinux before deployment to ensure smooth deployment using FineKey.
Command:
getenforce
Return value:
Enforcing: SELinux is in enforcing mode. All operations violating SELinux policies will be blocked.
Permissive: SELinux is in permissive mode. Operations violating SELinux policies will not be blocked but will be logged.
Disabled: SELinux is disabled. The system no longer enforces SELinux security policies.
Disable SELinux if the return value is Enforcing.
1. Disabling SELinux Temporarily
sudo setenforce 0
This switches SELinux from enforcing mode to permissive mode. No server reboot is required, and the change takes effect immediately.
2. Disabling SELinux Permanently (Optional)
Edit the configuration file:
sudo vi /etc/selinux/config
Modify the SELinux status:
SELINUX=disabled
Reboot the server for the changes to take effect.
3. Notes
If you disable SELinux after the ./finekey command gets stuck, terminate the related processes and re-execute ./finekey for deployment.
Stop Docker:
systemctl stop docker
(This command may also get stuck. Interrupt it with Ctrl + C.)
Kill the stuck process:
kill -9 $(pidof dockerd)
You can now re-execute ./finekey to proceed with the deployment.