PingIntelligence

Configuring system parameters

Configure system parameters by running the command below or manually if the configured user does not have sudo access.

Before you begin

The following two system parameters are required to be set before installing the PingIntelligence software:

  • For Elasticsearch: vm.max_map_count

  • For API Security Enforcer (ASE), API Behavioral Security (ABS), MongoDB, and Elasticsearch: ulimit

  • Command-based configuration

  • Manual configuration

Configuring command-based system parameters

Before you begin

The script in this task uses sudo access for the user on the Elasticsearch, ASE, ABS, and MongoDB hosts. Ensure the Internet Protocol (IP) address of these hosts was configured in the hosts file. See Creating a new SSH user and configuring user authentication.

About this task

To set up system parameters using command-based configuration:

Steps

  1. Run the following command to configure the system parameters on the respective virtual machines (VMs).

    Make sure that the following command is run only when install_as_sudo is set to true in the hosts file.

    [pi-api-deployment]# ./bin/start.sh configure
    Please see /opt/pingidentity/pi-api-deployment/logs/ansible.log for
    more details.

    Example:

    An example ansible.log file for a successful launch of EC2 instances is shown below:

    [pi-api-deployment]# tail -f logs/ansible.log
    
    ================================================================================
    Current Time: Sun Jun 07 06:05:25 EST 2020
    Starting configure scripts
    ================================================================================
    Sun Jun 07 06:05:25 EST 2020: Setting up local environment
    Sun Jun 07 06:05:25 EST 2020: Installing packages
    Sun Jun 07 06:05:25 EST 2020: Installing pip and ansible
    
    PLAY [Configure system settings for elasticsearch] *
    
    TASK [Get vm.max_map_count] 
    TASK [Set vm.max_map_count if less than 262144] 
    TASK [Get ulimit -n] 
    TASK [Set ulimit nofile to 65536 if value is low - softlimit] *
    TASK [Set ulimit nofile to 65536 if value is low - hardlimit] 
    
    PLAY RECAP *
    192.168.11.143             : ok=7    changed=1    unreachable=0    failed=0
    192.168.11.144             : ok=3    changed=0    unreachable=0    failed=0
    192.168.11.145             : ok=5    changed=2    unreachable=0    failed=0
    
    Sun Jun 07 06:06:14 EST 2020: Configure successful
    ================================================================================

Configuring system parameters manually

About this task

If the configured user does not have sudo access, then manually edit the vm.max_map_count and ulimit values:

Steps

  1. Set the vm.max_map_count to 262144 on the Elasticsearch virtual machine (VM) by entering the following command:

    $sudo sysctl -w vm.max_map_count=262144
  2. To make the setting persistent across reboots, run the following command:

    $sudo echo "vm.max_map_count=262144" >> /etc/sysctl.conf
  3. Set the ulimit to 65536 on the ASE, ABS, MongoDB, and Elasticsearch hosts. To set the ulimit:

    1. Edit /etc/security/limits.conf for increasing the soft limit and hard limit.

    2. Add the following two lines for the user that you have created (for example, pi-user):

      pi-user soft nofile 65536
      pi-user hard nofile 65536

      If the number of APIs in the environment is greather than 1500, then set the ulimit to 131070.