Start and Initialize the PCE
Start the PCE
As the PCE runtime user, perform the following steps:
-
On all nodes, start the PCE at runlevel 1:
# sudo -u ilo-pce illumio-pce-ctl start --runlevel 1Troubleshooting: If this command fails, verify that you have set
service_discovery_encryption_keyto the same value inruntime_env.ymlon all PCE nodes.Wait while all the nodes process the start command, which can take up to 10 minutes. When a node has finished, its status is
RUNNING. -
On all nodes, verify that they started:
# sudo -u ilo-pce illumio-pce-ctl statusExpected output:
Checking Illumio Runtime RUNNING 0.38sIf any nodes do not start after 10 minutes, check the following issues:
-
Network connectivity between nodes and iptables is configured correctly.
See IPTables for information.
-
See TLS Requirements for information.
-
See Language: UTF-8 for information.
-
See Verify the PCE Runtime Environment for information.
-
Initialize the PCE
As the PCE runtime user, perform the following steps:
-
On any node, initialize the PCE database:
# sudo -u ilo-pce illumio-pce-db-management setup -
On the data0 node, bring the system up to runlevel 5:
# sudo -u ilo-pce illumio-pce-ctl set-runlevel 5 -
On any core node, check the status of the cluster:
# sudo -u ilo-pce illumio-pce-ctl cluster-statusMake sure the cluster status is
RUNNINGbefore proceeding to the next step. -
On any core node, create the initial PCE user and organization name:
# sudo -u ilo-pce illumio-pce-db-management create-domain --user-name user-email-address --full-name user-full-name --org-name organization-nameYou are prompted for a password. The password must conform to these restrictions: at least 8 characters, no more than 128 characters, at least 1 upper case character, 1 lower case character and 1 number.
For example:
# sudo -u ilo-pce illumio-pce-db-management create-domain --user-name myuser@mycompany.com --full-name 'Joe User' --org-name 'ACME Inc.' Reading /var/illumio-pce-data/runtime_env.yml. INSTALL_ROOT=/var/illumio-pce RENV=production (defaulted because not set in runtime_env.yml) Please enter a password with at least 8 characters with one uppercase, one lowercase and one number. Enter Password: Re-enter Password: ------------------------------------------------------------ Running cd /var/illumio-pce/illumio/webservices/people && RAILS_ENV=production bundle exec rails runner script/create_org_owner --output-file /tmp/illumio/org.yml --user-name myuser@mycompany.com --create-org --org-name 'ACME Inc.' Completed in 5.471846432 sec. Exit Code = 0 ------------------------------------------------------------ Running cd /var/illumio-pce/illumio/webservices/agent && RAILS_ENV=production bundle exec rails runner script/create_org_defaults --input-file /tmp/Illumio/org.yml Completed in 5.609754678 sec. Exit Code = 0 ------------------------------------------------------------ Running cd /var/illumio-pce/illumio/webservices/login && RAILS_ENV=production ILO_*********************bundle exec rails runner script/setup_initial_config --org-data /tmp/Illumio/org.yml --user-name myuser@mycompany.com --full-name 'Joe User' domain_name=mycompany.com Completed in 5.303522871 sec. Exit Code = 0 Done. -
Check to be sure the expected session limits for
nofileandnprocmeet the minimum requirements for the PCE.For more information, see Process and File Limits.
Use the following command:
cat /proc/$(pgrep -f config_listener.rb)/limits | grep -e open -e processesIf the limits are too low, correct the issue.
- Point a web browser to the PCE FQDN and log in using the account you just created. You should see the PCE web console.
VEN Deployment
In addition to deploying PCE nodes, you must also deploy the Virtual Enforcement Node (VEN) on your distributed, on-premise systems. For more information, see the VEN Installation and Upgrade Guide.