Contents

CLM Installation and Upgrade Guide

About this document

Part I. Getting started

1. Before you begin

CLM deployment overview

Getting started with CLM

CLM system redundancy

CLM deployment terms and concepts

Browser applications

2. System requirements for CLM

Container environment requirements

Cluster requirements for CLM

To test CLM disk performance

3. Network requirements

CLM deployment network addressing requirements

Network requirements for CLM redundancy and communications within a CLM cluster

4. CLM disk setup and partitioning

CLM disk deployment

To deploy a RHEL qcow2 disk image

To configure disk partitions using device UUIDs

To apply the VMware cloud-init workaround

To configure and mount a CLM disk partition

Disk partitioning for live deployments

Live partitioning requirements, CLM deployer host and cluster VMs

5. RHEL OS deployment for the CLM

RHEL OS deployment for CLM

To apply a RHEL update to a CLM image-based OS

Manual RHEL OS installation for CLM

Manually installing the RHEL OS for the CLM

Workflow for manual RHEL OS installation

Required RHEL OS packages for CLM container elements

RHEL OS packages to remove from CLM container elements

Special OS requirements

Optional RHEL OS packages

To lock the RHEL OS version

To enable the CLM crypto-policy function on a manually installed RHEL OS

To set the default Python version

To create the nsp user on a manually installed CLM cluster RHEL OS

To disable the RHEL firewalld service

To set the default umask to 0027

To disable RHEL user namespaces

6. Configuring CLM security

CLM system security

Securing the CLM

Operating system security for CLM stations

CLM Kubernetes Platform Communications

CLM platform user accounts

Restricting root-user system access

HTTPS Strict-Transport Security (HSTS)

CLM user authentication

CLM user authentication functions

CLM user activity logging

CLM Transport Layer Security (TLS)

CLM TLS overview

CLM TLS configuration requirements

CLM TLS configuration procedures

To generate custom TLS certificate files for the CLM

To suppress security warnings in CLM browser sessions

7. CLM deployment with multiple network interfaces and IP addresses

Support for multiple network interfaces

Part II. CLM system deployment

8. CLM deployment basics

CLM system elements

Containerized CLM cluster

CLM deployment infrastructure

Kubernetes deployment environment

To upgrade the CLM Kubernetes environment

IP version support

Addressing requirements

Using multiple CLM interfaces

Multi-interface configuration

Centralized logging

CLM application log forwarding to OpenSearch

CLM application log forwarding to Elasticsearch

CLM application log forwarding to Splunk

CLM application log forwarding to syslog servers

User activity log forwarding to syslog servers

9. CLM software configuration

CLM configuration file

Configuring database backups

Configuring single sign-on

10. CLM system installation

Supported installation scenarios

Workflow for new CLM system deployment

To provision the network bridge for CLM VMs

To install the CLM

11. CLM system upgrade

Upgrading the CLM system

12. CLM system uninstallation

Workflow to uninstall a CLM cluster

To uninstall the CLM software from a CLM cluster

To uninstall the CLM Kubernetes software

To uninstall the CLM Kubernetes registry

Appendix A. Removing world permissions from compiler executables

Resetting GCC-compiler file permissions

To remove world permissions from compiler executables

To restore compiler world permissions