Start and Initialize the PCE

Starting and initializing the PCE are the final steps in installing it. After completing these steps, you are ready to install VENs on hosts in your environment as described in the VEN Installation and Upgrade Guide.

Start the PCE

As the PCE runtime user, perform the following steps:

  1. On all nodes, start the PCE at runlevel 1:

    # sudo -u ilo-pce illumio-pce-ctl start --runlevel 1

    Troubleshooting: If this command fails, verify that you have set service_discovery_encryption_key to the same value in runtime_env.yml on all PCE nodes.

    Wait while all the nodes process the start command, which can take up to 10 minutes. When a node has finished, its status is RUNNING.

  2. On all nodes, verify that they started:

    # sudo -u ilo-pce illumio-pce-ctl status

    Expected output:

    Checking Illumio Runtime            RUNNING 0.38s

    If any nodes do not start after 10 minutes, check the following issues:

Initialize the PCE

As the PCE runtime user, perform the following steps:

  1. On any node, initialize the PCE database:

    # sudo -u ilo-pce illumio-pce-db-management setup

  2. On the data0 node, bring the system up to runlevel 5:

    # sudo -u ilo-pce illumio-pce-ctl set-runlevel 5

  3. On any core node, check the status of the cluster:

    # sudo -u ilo-pce illumio-pce-ctl cluster-status

    Make sure the cluster status is RUNNING before proceeding to the next step.

  4. On any core node, create the initial PCE user and organization name:

    # sudo -u ilo-pce illumio-pce-db-management create-domain --user-name user-email-address --full-name user-full-name --org-name organization-name

    You are prompted for a password. The password must conform to these restrictions: at least 8 characters, no more than 128 characters, at least 1 upper case character, 1 lower case character and 1 number.

    For example:

    # sudo -u ilo-pce illumio-pce-db-management create-domain --user-name [email protected] --full-name
'Joe User' --org-name 'ACME Inc.'
 
Reading /var/illumio-pce-data/runtime_env.yml.
INSTALL_ROOT=/var/illumio-pce
RENV=production (defaulted because not set in runtime_env.yml)
Please enter a password with at least 8 characters with one uppercase, one lowercase and 
one number.
 
Enter Password: 
Re-enter Password:
------------------------------------------------------------
Running cd /var/illumio-pce/illumio/webservices/people && RAILS_ENV=production bundle exec rails 
runner script/create_org_owner 
--output-file /tmp/illumio/org.yml --user-name [email protected] --create-org 
--org-name 'ACME Inc.'
Completed in 5.471846432 sec. Exit Code = 0
------------------------------------------------------------
Running cd /var/illumio-pce/illumio/webservices/agent && RAILS_ENV=production bundle 
exec rails runner script/create_org_defaults 
--input-file /tmp/Illumio/org.yml
Completed in 5.609754678 sec. Exit Code = 0
------------------------------------------------------------
Running cd /var/illumio-pce/illumio/webservices/login && RAILS_ENV=production 
ILO_*********************bundle exec rails runner 
script/setup_initial_config --org-data /tmp/Illumio/org.yml 
--user-name [email protected] 
--full-name 'Joe User'
domain_name=mycompany.com 
Completed in 5.303522871 sec. Exit Code = 0
Done.

  5. (RHEL 7+ only) Check to be sure the expected session limits for nofile and nproc meet the minimum requirements for the PCE (see Process and File Limits). Use the following command:

    cat /proc/$(pgrep -f config_listener.rb)/limits | grep -e open -e processes

    If the limits are too low, correct the issue. See Session Limits Too Low.

  6. Point a web browser to the PCE FQDN and log in using the account you just created. You should see the PCE web console.

VEN Deployment

In addition to deploying PCE nodes, you must also deploy the Virtual Enforcement Node (VEN) on your distributed, on-premise systems. For more information, see the VEN Installation and Upgrade Guide.