SBManager Download and Install Instructions

• Prerequisites
• Installation
  • Instructions for OSX and Linux
  • Instructions for Windows
• Health Check
• Backup and Restore
• Routine Maintenance
• Deployment Assets
• Security

Documentation

Download the User Guide / Tutorial, email us at support@quantumedgeservices.com with all your support needs.

Prerequisites

• Docker or Docker Desktop is downloaded and installed.
• AWS Command Line Interface is downloaded and installed. Version 1.16 is assumed in these instructions.
• An AWS access token is generated and ‘aws configure’ run.
• When configuring the AWS CLI, use us-east-1 as the region.

For OSX and Linux perform the following steps:

1. Run the command:
   aws ecr get-login-password  | docker login –username AWS –password-stdin 537682590988.dkr.ecr.us-east-1.amazonaws.com
   This will return a long string that begins with “docker login…” The content will be different than the example shown here. Copy this string and run it as a command, as shown below.
   
   [user@localhost ~]$

   aws ecr get-login-password –region us-east-1 | docker login –username AWS –password-stdin 537682590988.dkr.ecr.us-east-1.amazonaws.com
   Login Succeeded
   
   [user@localhost ~]$
2. Run the command:
   docker run -d -p 9306:3306 -p 8080:80 -p 8443:443 -p 8022:22 privileged -v /sys/fs/cgroup:/sys/fs/cgroup name sbmanager -it 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release: /usr/sbin/init
   This step runs the container and exposes the ports shown. Feel free to change the host ports (9306, 8080, 8443, or 8022) to values that work for you.
   [user@localhost ~]$ docker run -d -p 9306:3306 -p 8080:80 -p 8443:443 -p 8022:22 privileged -v /sys/fs/cgroup:/sys/fs/cgroup name sbmanager -it 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release: /usr/sbin/init
   f35eb13aad0cbc22266535f7ed527dda77c8ffe25a612d2791418eab523ba7c9
   
   [user@localhost ~]$
3. Use the following command to see if the container is running and obtain the name.
   docker ps -a
   This will return text like that shown here. Collect the container name (outlined in red in this example).
   [user@localhost ~]$ docker ps -a
   CONTAINER ID        IMAGE                                                                  COMMAND             CREATED              STATUS                       PORTS                                                                              NAMES
   7060a38a7ab2        537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:   “/usr/sbin/init”    23 hours ago         Exited (255) 2 minutes ago   8080/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:9306->3306/tcp   sbmanager
   
   [user@localhost ~]$
4. Copy the license file into the container. On the host machine put your license file in a directory, assumed to be /tmp in this example. Run the following commands. Substitute the container name discovered in step 4 for SBManager.
   cd /tmp
   docker cp license.txt sbmanager:/webdata/public/sbmanager/
   
   [user@localhost ~]$ cd /tmp
   
   [user@localhost tmp]$ docker cp license.txt sbmanager:/webdata/public/sbmanager/
   
   [user@localhost tmp]$
5. Access SBManager at https://localhost:8443/. This may be different if you modified the ports in step 3.
   The default login credentials are Admin/W@lcome1234.
6. Use the following command to access the container, but substitute the container name discovered in step 4 for sbmanager.
   docker exec -it sbmanager /bin/bash
   
   [user@localhost ~]$ docker exec -it sbmanager /bin/bash
   bash-4.2#
   

For Windows with a Powershell window or CMD prompt, perform the following steps:

1. Get the AWS login credential using either the PowerShell command shown in 1.a or the CMD prompt commands shown in 1.b.
   1. For PowerShell: Run the command:
      Invoke-Expression -Command (aws ecr get-login no-include-email registry-ids 537682590988)
      This will authenticate your docker client to the registry.
      
      PS C:\> Invoke-Expression -Command (aws ecr get-login no-include-email registry-ids 537682590988)
      WARNING! Using password via the CLI is insecure. Use password-stdin.
      Login Succeeded
      PS C:\>
      
   2. For CMD: Run the command:
      aws ecr get-login no-include-email registry-ids 537682590988
      This will return a long string that begins with “docker login…” The content will be different than the example shown here. Copy this string and run it as a command, as shown below.
      
      C:\> aws ecr get-login-password –region us-east-1
      WARNING! Using password via the CLI is insecure. Use password-stdin.
      Login Succeeded
      
      C:\>
      
2. Run the command:
   docker pull 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:
   C:\>docker pull 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:
   : Pulling from sbmanager/release
   Digest: sha256:d59e4f4b5474622b0bda90d8285899acdec7189370c3fe0edb658a2e418832d6
   Status: Image is up to date for 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:
   537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:
   
   C:\>
3. Run the command:
   docker run -d -p 9306:3306 -p 8080:80 -p 8443:443 -p 8022:22 privileged -v /sys/fs/cgroup:/sys/fs/cgroup name sbmanager -it 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release: /usr/sbin/init
   This step runs the container and exposes the ports shown. Feel free to change the host ports (9306, 8080, 8443, or 8022) to values that work for you.
   C:\>docker run -d -p 9306:3306 -p 8080:80 -p 8443:443 -p 8022:22 privileged -v /sys/fs/cgroup:/sys/fs/cgroup name sbmanager -it 537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release: /usr/sbin/init
   f35eb13aad0cbc22266535f7ed527dda77c8ffe25a612d2791418eab523ba7c9
   
   C:\>
   
4. Use the following command to see if the container is running and obtain the name.
   docker ps -a
   This will return text like that shown here. Collect the container name (outlined in red in this example).
   C:\>docker ps -a
   CONTAINER ID        IMAGE                                                                  COMMAND             CREATED              STATUS                       PORTS                                                                              NAMES
   7060a38a7ab2        537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:   “/usr/sbin/init”    23 hours ago         Exited (255) 2 minutes ago   8080/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:9306->3306/tcp   sbmanager
   C:\>
   
5. Copy the license file into the container. On the host machine put your license file in a directory, assumed to be /tmp in this example. Run the following commands. Substitute the container name discovered in step 4 for sbmanager.
   cd /tmp
   docker cp license.txt sbmanager:/webdata/public/sbmanager/
   
   C:\>cd /tmp
   C:\tmp>docker cp license.txt sbmanager:/webdata/public/sbmanager/
   C:\tmp>
   
6. Access SBManager at https://localhost:8443/. This may be different if you modified the ports in step 3. The default login credentials are Admin/W@lcome1234.
   
7. Use the following command to access the container, but substitute the container name discovered in step 4 for SBManager.
   docker exec -it sbmanager /bin/bash
   
   C:\>docker exec -it sbmanager /bin/bash
   bash-4.2#
   

Health Check

The SBManager runs as a web application accessible via HTTPS service. Therefore external 3rd party tool can be used to monitor SBManager server by performing standard HTTPS port health checks. In addition, the health of all SBManager services can be monitored via the following commands.

1. Use the following command to see if the container is running and obtain the name.
   docker ps -a
   This will return text like that shown here. Collect the container name (outlined in red in this example).
   docker ps -a
   CONTAINER ID        IMAGE                                                                  COMMAND             CREATED              STATUS                       PORTS                                                                              NAMES
   7060a38a7ab2        537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:   “/usr/sbin/init”    23 hours ago         Exited (255) 2 minutes ago   8080/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:9306->3306/tcp   sbmanager
   
   [user@localhost ~]$
2. Use the following command to access the container, but substitute the container name discovered in step 1 for SBManager.
   docker exec -it sbmanager /bin/bash
   
   docker exec -it sbmanager /bin/bash
   bash-4.2#
   
3. Use the following command to check the status of all SBManager services..
   systemctl status httpd mysqld redis rqworker*
   

   bash-4.4# systemctl status httpd mysqld redis rqworker* ● httpd.service - The Apache HTTP Server    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)   Drop-In: /usr/lib/systemd/system/httpd.service.d            └─php-fpm.conf    Active: active (running) since Mon 2022-08-29 23:55:34 UTC; 24s ago      Docs: man:httpd.service(8)  Main PID: 42 (httpd)    Status: "Running, listening on: port 443, port 80"     Tasks: 358 (limit: 204283)    Memory: 75.6M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/httpd.service            ├─42 /usr/sbin/httpd -DFOREGROUND            ├─59 /usr/sbin/httpd -DFOREGROUND            ├─60 /usr/sbin/httpd -DFOREGROUND            ├─61 /usr/sbin/httpd -DFOREGROUND            ├─62 /usr/sbin/httpd -DFOREGROUND            ├─63 /usr/sbin/httpd -DFOREGROUND            ├─64 /usr/sbin/httpd -DFOREGROUND            ├─65 /usr/sbin/httpd -DFOREGROUND            ├─66 /usr/sbin/httpd -DFOREGROUND            ├─68 /usr/sbin/httpd -DFOREGROUND            ├─69 /usr/sbin/httpd -DFOREGROUND            ├─70 /usr/sbin/httpd -DFOREGROUND            ├─71 /usr/sbin/httpd -DFOREGROUND            └─72 /usr/sbin/httpd -DFOREGROUND Aug 29 23:55:34 d4c847cf80a8 systemd[1]: Starting The Apache HTTP Server... Aug 29 23:55:34 d4c847cf80a8 systemd[1]: Started The Apache HTTP Server. Aug 29 23:55:34 d4c847cf80a8 httpd[42]: Server configured, listening on: port 443, port 80 ● mysqld.service - MySQL 8.0 database server    Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)    Active: active (running) since Mon 2022-08-29 23:55:37 UTC; 21s ago   Process: 579 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)   Process: 434 ExecStartPre=/usr/libexec/mysql-prepare-db-dir mysqld.service (code=exited, status=0/SUCCESS)   Process: 25 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)  Main PID: 482 (mysqld)    Status: "Server is operational"     Tasks: 43 (limit: 204283)    Memory: 458.5M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/mysqld.service            └─482 /usr/libexec/mysqld --basedir=/usr Aug 29 23:55:34 d4c847cf80a8 systemd[1]: Starting MySQL 8.0 database server... Aug 29 23:55:34 d4c847cf80a8 mysql-check-socket[25]: Socket file /var/lib/mysql/mysql.sock exists. Aug 29 23:55:34 d4c847cf80a8 mysql-check-socket[25]: No process is using /var/lib/mysql/mysql.sock, which means it is a garbage, so it will be removed automatically. Aug 29 23:55:37 d4c847cf80a8 systemd[1]: Started MySQL 8.0 database server. ● redis.service - Redis persistent key-value database    Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)   Drop-In: /etc/systemd/system/redis.service.d            └─limit.conf    Active: active (running) since Mon 2022-08-29 23:55:34 UTC; 24s ago  Main PID: 31 (redis-server)     Tasks: 4 (limit: 204283)    Memory: 1.6M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/redis.service            └─31 /usr/bin/redis-server 127.0.0.1:6379 Aug 29 23:55:34 d4c847cf80a8 systemd[1]: Starting Redis persistent key-value database... Aug 29 23:55:34 d4c847cf80a8 systemd[1]: Started Redis persistent key-value database. ● rqworker@1.service - SBManager Worker #1    Loaded: loaded (/etc/systemd/system/rqworker@.service; enabled; vendor preset: disabled)    Active: active (running) since Mon 2022-08-29 23:55:37 UTC; 21s ago  Main PID: 564 (python)     Tasks: 1 (limit: 204283)    Memory: 33.5M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/system-rqworker.slice/rqworker@1.service            └─564 /webdata/public/sbmanager/ms/venv/bin/python /webdata/public/sbmanager/ms/worker-rq.py Aug 29 23:55:37 d4c847cf80a8 systemd[1]: rqworker@1.service: Service RestartSec=100ms expired, scheduling restart. Aug 29 23:55:37 d4c847cf80a8 systemd[1]: rqworker@1.service: Scheduled restart job, restart counter is at 3. Aug 29 23:55:37 d4c847cf80a8 systemd[1]: Stopped SBManager Worker #1. Aug 29 23:55:37 d4c847cf80a8 systemd[1]: Started SBManager Worker #1. Aug 29 23:55:37 d4c847cf80a8 python[564]: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ● rqworker@4.service - SBManager Worker #4    Loaded: loaded (/etc/systemd/system/rqworker@.service; enabled; vendor preset: disabled)    Active: active (running) since Mon 2022-08-29 23:55:37 UTC; 21s ago  Main PID: 581 (python)     Tasks: 1 (limit: 204283)    Memory: 33.5M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/system-rqworker.slice/rqworker@4.service            └─581 /webdata/public/sbmanager/ms/venv/bin/python /webdata/public/sbmanager/ms/worker-rq.py Aug 29 23:55:37 d4c847cf80a8 systemd[1]: Started SBManager Worker #4. Aug 29 23:55:37 d4c847cf80a8 python[581]: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ● rqworker@3.service - SBManager Worker #3    Loaded: loaded (/etc/systemd/system/rqworker@.service; enabled; vendor preset: disabled)    Active: active (running) since Mon 2022-08-29 23:55:36 UTC; 22s ago  Main PID: 537 (python)     Tasks: 1 (limit: 204283)    Memory: 33.5M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/system-rqworker.slice/rqworker@3.service            └─537 /webdata/public/sbmanager/ms/venv/bin/python /webdata/public/sbmanager/ms/worker-rq.py Aug 29 23:55:36 d4c847cf80a8 systemd[1]: rqworker@3.service: Service RestartSec=100ms expired, scheduling restart. Aug 29 23:55:36 d4c847cf80a8 systemd[1]: rqworker@3.service: Scheduled restart job, restart counter is at 2. Aug 29 23:55:36 d4c847cf80a8 systemd[1]: Stopped SBManager Worker #3. Aug 29 23:55:36 d4c847cf80a8 systemd[1]: Started SBManager Worker #3. Aug 29 23:55:37 d4c847cf80a8 python[537]: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ● rqworker@2.service - SBManager Worker #2    Loaded: loaded (/etc/systemd/system/rqworker@.service; enabled; vendor preset: disabled)    Active: active (running) since Mon 2022-08-29 23:55:36 UTC; 22s ago  Main PID: 538 (python)     Tasks: 1 (limit: 204283)    Memory: 33.6M    CGroup: /docker/d4c847cf80a86f9c3a9ce12dcd217e48f1c453cfe3823680f2878aa8851c5952/system.slice/system-rqworker.slice/rqworker@2.service            └─538 /webdata/public/sbmanager/ms/venv/bin/python /webdata/public/sbmanager/ms/worker-rq.py Aug 29 23:55:36 d4c847cf80a8 systemd[1]: Started SBManager Worker #2. Aug 29 23:55:37 d4c847cf80a8 python[538]: /bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)

   
   

Backup and Restore

The SBManager is a docker based deployment. The backup and restore of an existing SBManager instance is accomplished by simply backing up and restoring SBManager container using standard docker utilities.

Backup SBManager Container

1. Use the following command to see if the container is running and obtain the name.
   docker ps -a
   This will return text like that shown here. Collect the container name (outlined in red in this example).
   docker ps -a
   CONTAINER ID        IMAGE                                                                  COMMAND             CREATED              STATUS                       PORTS                                                                              NAMES
   7060a38a7ab2        537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:   “/usr/sbin/init”    23 hours ago         Exited (255) 2 minutes ago   8080/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:9306->3306/tcp   sbmanager
   [user@localhost ~]$
   
2. Use the following command to stop the SBManager container
   docker stop sbmanager
   

   docker stop sbmanager
   sbmanager 

3. Use the following command to backup the SBManager container.
   docker export sbmanager –output /BackUP/sbmanager-20220829.tgz
   

   docker export sbmanager --output=/backup-folder/sbmanager-20220829.tgz 

4. Use the following command to start the SBManager container
   docker start sbmanager
   

   docker start sbmanager
   sbmanager 

Restore SBManager Container

1. Use the following command to see if the container is running and obtain the name.
   docker ps -a
   This will return text like that shown here. Collect the container name (outlined in red in this example).
   docker ps -a
   CONTAINER ID        IMAGE                                                                  COMMAND             CREATED              STATUS                       PORTS                                                                              NAMES
   7060a38a7ab2        537682590988.dkr.ecr.us-east-1.amazonaws.com/sbmanager/release:   “/usr/sbin/init”    23 hours ago         Exited (255) 2 minutes ago   8080/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp, 0.0.0.0:9306->3306/tcp   sbmanager
   [user@localhost ~]$
   
2. Use the following command to stop the SBManager container
   docker stop sbmanager
   sha256:8a8a8dea7a08d319c28a7f89790ce68b1b3fae64cca54a8528f7a01927fb5886

   docker stop sbmanager
   sbmanager 

3. Use the following command to backup the SBManager container.
   docker export sbmanager –output /BackUP/sbmanager-20220829.tgz
   

   docker import --output=/backup-folder/sbmanager-20220829.tgz

4. Use the following command to start the SBManager container
   docker start sbmanager
   

   docker start sbmanager
   sbmanager 

Routine Maintenance

SBManager runs in a docker container and is based on CentOS8 standard Linux. The routine maintenance of the SBManager instance requires basic server routine maintenance applicable to standard CentOS8 Linux servers. The following are the recommended routine maintenance procedures:

• Review security logs file /var/log/secure
• Review audit logs
• Log Rotation of all files /var/log/*
• Scheduled Reboots or Container Start/Stop as outlined in the Backup and Restore Procedures)
• Any other enterprise mandated Linux routine maintenance

Deployment Assets

SBManager deployment requires two components. They are:

• Latest SBManager Container image located on AWS ECR server
• License File provided by Quantum Edge Services (Automatically generated and sent via email during SBManager purchase from the AWS Market place)
• Security artifacts outlined in the below Security section

Please refer to the installation procedures outlined below on the details on how to pull down the SBManager container image and deploy the license provided.

Security

The SBManager is deployed outside the AWS network and runs mostly independent of the need to interface to AWS at all. The only two features that require access to AWS are the ability to auto-discover Snow Device list (past and present) and the Snowball Edge AMI update on-premises (i.e. after the Snow device is shipped to a customer). Following are the Security artifacts are required.

1. AWS Access Key and Secret with READ privileges to all Snow Device records
2. AWS Snowball AMI import Procedure requirements as outlined in importing an AMI to your device.