Skip to content

503. Prerequisites

503.1 Required packages and applications

Foretify Manager is a client-server application that requires the following packages:

  • OpenJDK 17.0.5 or above (17.0.16 provided with Foretify Manager.)
  • PostgreSQL 9.6 or above.
  • Elasticsearch 8.6.0 or above, up to 8.19.x (version 9.x is not yet supported due to breaking API changes.)
  • Python 3.11 or above to use the Python SDK.
  • Google Chrome browser to use the web UI client.

503.1.1 Minimum Hardware Requirements

For minimum hardware requirements, see Product prerequisites and platform support.

503.2 Install PostgreSQL

First, determine which PostgreSQL version you want to install. Refer to the official PostgreSQL documentation for package-based installation instructions for your platform. For example, PostgreSQL 18 supports Ubuntu 22.04 and later.

Then, use the following commands to install the required PostgreSQL package.

Shell command
# Import the repository signing key:
sudo apt install curl ca-certificates
sudo install -d /usr/share/postgresql-common/pgdg
sudo curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc

# Create the repository configuration file:
. /etc/os-release
sudo sh -c "echo 'deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt $VERSION_CODENAME-pgdg main' > /etc/apt/sources.list.d/pgdg.list"

# Update the package lists:
sudo apt update

# Install PostgreSQL: (replace "18" by another version if required)
sudo apt install postgresql-18

503.2.1 Enable postgresql.service

PostgreSQL must be run as a service. Verify it is up:

Shell command
sudo systemctl status postgresql

The status command should indicate that the service started and is active.

If it is down, start and enable it:

Shell command
sudo systemctl enable postgresql
sudo systemctl start postgresql

503.2.2 Initialize the Foretify Manager database

  1. Enter the PostgreSQL command-line interface (psql):

    Shell command
    sudo su - postgres
psql

  2. Initialize a user and a database named fmanager (see Changing the default PostgreSQL credentials if other credentials are required):

    PostgreSQL commands: Create 'fmanager' user & database, grant permissions
    CREATE USER fmanager;
ALTER USER fmanager WITH ENCRYPTED PASSWORD 'fmanager';
CREATE DATABASE fmanager;
GRANT ALL PRIVILEGES ON DATABASE fmanager TO fmanager;
\c fmanager;
GRANT USAGE ON SCHEMA public TO fmanager;
GRANT CREATE ON SCHEMA public TO fmanager;
SHOW hba_file;

    The SHOW command prints the path of the pg_hba.conf file, which needs to be edited later:

    psql command output
                  hba_file              
 /etc/postgresql/10/main/pg_hba.conf
              (1 row)

503.2.3 Changing the default PostgreSQL credentials

The instructions in the previous sections initialized the fmanager PostgreSQL database with the fmanager username, which is the default for Foretify Manager.

If you choose different values for the user, database or password, or if PostgreSQL is hosted on a different machine than the Foretify Server, update the corresponding settings in the Foretify Manager application.properties file:

application.properties: PostgreSQL connection details
postgresql.host=<hostname>:5432
postgresql.database=fmanager
postgresql.username=fmanager
postgresql.password=fmanager

503.2.4 Change the DB authentication method to md5

Edit the pg_hba.conf file and change all cells in METHOD column from indent or peer to md5.

503.3 Install Elasticsearch

To install Elasticsearch on Linux machines (Ubuntu/Debian), follow the instructions in Elasticsearch Installation Documentation.

Note

Elasticsearch 8.x uses SSL (HTTPS) by default.

For Foretify Manager to work with SSL, further configuration is required. See Integrating Foretify Manager with Elasticsearch via SSL for details.

Although disabling SSL is not recommended for production servers, Elasticsearch can be configured to run un-secured (HTTP). See Elasticsearch Security Settings Documentation for details.

503.3.1 Enable the elasticsearch.service

Shell command
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

The systemctl status command should indicate that the service started and is active.

To verify that Elasticsearch is operating correctly (hostname and port number may differ):

Shell command
curl http://localhost:9200
curl http://localhost:9200/_cluster/health?pretty

503.3.2 Changing the default Elasticsearch credentials

To integrate with an Elasticsearch server, you can configure authentication using either basic username & password authentication or an API key.

The instructions in the previous sections initialized Elasticsearch with the default Foretify Manager username fmanager.

If you configure an API key, it will be used to authenticate and the configured username and password will be ignored.

503.3.2.1 Configuring an API key

If Elasticsearch was configured with an API key, it must also be configured in Foretify Manager's application.properties using the syntax in the following example:

application.properties: Elasticsearch credentials
elasticsearch.apiKey=R0hXOXRwb0J5dUVsSGxyVVR3VhdsDFGH4234xa26Vl92eGs4bXlKWnRnQQ==

503.3.2.2 Configuring username & password credentials

If you create an Elasticsearch user or password different from the default fmanager, you must also update Foretify Manager’s application.properties file to match the new credentials. Specifically, set the following properties:

application.properties: Elasticsearch credentials
elasticsearch.username=<your_new_username>
elasticsearch.password=<your_new_password>

503.3.3 Integrating Foretify Manager with Elasticsearch via SSL (HTTPS)

Note

This step is only needed if the Elasticsearch server is configured with SSL.

To integrate Foretify Manager with Elasticsearch using SSL, create a keystore from Elasticsearch's certificate and provide it to Foretify Manager.

503.3.3.1 Create a keystore for Elasticsearch

Note

Elasticsearch 8.6.0 or newer is required from the 23.04 release onwards.

  1. Create an fmanager user in the Elasticsearch server (see Changing the default Elasticsearch credentials if other credentials are required):

    Shell command
    $ES_HOME/bin/elasticsearch-users useradd fmanager -p fmanager -r superuser

  2. Verify the fmanager user is permitted to make HTTPS calls to Elasticsearch (hostname and port number may differ):

    Shell command
    curl -k -u fmanager:fmanager https://localhost:9200

  3. Create a keystore file from the Elasticsearch certificate:

    Shell command
    keytool -import -file $ES_HOME/config/certs/http_ca.crt -alias elastic_cert -keystore fmanager_elasticsearch.keystore

    A keytool utility is bundled with the Foretify Manager package to create and manage keystores using digital certificates. The keytool executable is located at /opt/ftx/fmanager/jre/bin/keytool.

Note

The location of the certificate depends on how Elasticsearch was installed:

If installed by extracting a tar-file, it will be located at $ES_HOME/config/certs/http_ca.crt.

If installed by a Debian package, it will be located at /etc/elasticsearch/certs/http_ca.crt.

The program prompts for a password, which must be configured later in Foretify Manager. It will also ask for trust verification; type 'yes' when prompted.

503.3.3.2 Configure Foretify Manager to use Elasticsearch via SSL

  1. Edit Foretify Manager's application.properties to include the keystore filename and password:

    application.properties file syntax
    fmanager.ssl.trustStore=<KEYSTORE_PATH_AND_FILENAME>
fmanager.ssl.trustStorePassword=<KEYSTORE_PASSWORD>

  2. Change the FTX_ELASTICSEARCH_HOST environment variable to indicate that HTTPS is the required protocol (hostname and port number may differ):

    Shell command
    export FTX_ELASTICSEARCH_HOST=https://localhost:9200