Skip to content

Automated installation

IRIS+ Professional can be installed using Ansible to automate the deployment process - This guide provides step-by-step instructions.

Tip

It is recommended to have a high speed network connection, as multiple GBs of data will be downloaded during installation.

It is recommended to visit the hardware and software prerequisites page to learn more about deployment options and hardware requirements.

Docker credentials required

You will need valid Docker credentials to proceed with the installation. Make sure you have your Docker username and password ready, as they will be required in later steps. If you do not have these credentials, please contact sales@irisity.com to obtain them before continuing.

Installation via Ansible involves two machine types:

  • Control machine: The machine where Ansible is installed. It runs the playbooks as well as the coordinate operations.

  • Target machines: The machines where IRIS+ Professional is to be installed or updated. They receive and execute tasks sent by the control machine.

You must have SSH capability from the Control machine to the Target machine.

Info

A single machine can function as both the control machine and a target machine in an Ansible setup. This means you can install Ansible on this machine and include it in the inventory, allowing it to manage itself along with other machines. This configuration enables the machine to execute Ansible tasks on itself as well as on other target systems.

Prerequisites

Installation requires sudo rights.

The system can be installed on any OS that supports docker, however the recommended OS is Ubuntu 22.04. The steps described below assume an Ubuntu 22.04 installation.

Logging

Logging is based on your journald configuration. Changes to parameters such as log retention time and disk space usage can be made by modifying the journald configuration.

1. System update

Make sure your system is up-to-date.

1
2
3
sudo apt update && \
sudo apt upgrade -y && \
sudo reboot

2. Add Docker GPG key and repository

1
2
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

3. Add NVIDIA Docker GPG key and repository

1
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg

4. Add the NVIDIA container toolkit repository

1
echo 'deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://nvidia.github.io/libnvidia-container/stable/deb/$(ARCH) /' | sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list

5. Install required dependencies

1
2
3
sudo apt update && \
sudo apt -y install ca-certificates curl software-properties-common docker-ce docker-ce-cli docker-compose-plugin containerd.io python3-pip python3-venv nvidia-driver-550 nvidia-docker2 openssh-server && \
sudo reboot

Installation

1. Install Ansible

Note that the installer requires Ansible to be on the control machine.

1
2
3
sudo apt -y install sshpass python3-pip && \
pip3 install --user ansible jmespath && \
source ~/.profile

2. Download and extract the Ansible installer

1
2
3
4
5
 wget https://professional.irisity.com/docs/r24/ansible_playbook.tar -P /tmp && \
 mkdir -p ~/ansible-installer && \
 tar -xvf /tmp/ansible_playbook.tar -C ~/ansible-installer && \
 rm /tmp/ansible_playbook.tar && \
 cd ~/ansible-installer

3. Set up the Ansible inventory

Info

If your control machine and target machine are both on a single machine, 127.0.0.1 can be used for ansible_host.

Set up the Ansible inventory file under inventories/all.yaml.

all:
  hosts:
    YOUR_TARGET_MACHINE_NAME_HERE:
      ansible_host:  # TARGET_MACHINE_IP_HERE
      ansible_port:  # TARGET_MACHINE_PORT_HERE

  • Replace YOUR_TARGET_MACHINE_NAME_HERE with the name of your target machine.

  • ansible_host: The IP address or domain name of the target machine.

  • ansible_port: The SSH port number of the target machine.

Tip

You can check connectivity via the nc command:

nc -z TARGET_MACHINE_IP_HERE TARGET_MACHINE_PORT_HERE && echo "Connectivity succeeded!" || echo "Connectivity failed!"

4. Set up the Target machine specific variables

Create a directory for machine specific variables in the document root of the installer and copy the example variables:

mkdir -p host_vars/YOUR_TARGET_MACHINE_NAME_HERE && \
cp examples/vars.yaml host_vars/YOUR_TARGET_MACHINE_NAME_HERE/

Contact sales@irisity.com for docker credentials.

Fill in host_vars/YOUR_TARGET_MACHINE_NAME_HERE/vars.yaml:

  • The docker_username and docker_password variables.

  • init_sysadmin_email: The initial system administrator email address.

  • init_sysadmin_pwd: The initial system administrator password.

  • volume_videostorage_folder: The root folder for video storage. This is where the video files will be stored. By default, it is set to /var/lib/u-query/video_storage.

  • volume_kafka_folder: The root folder for the message broker data directory. This is where the message broker will store its data. By default, it is set to /var/lib/u-query/kafka.

  • metadata_storage_limit_mb: The maximum size of the metadata (indexes, imagesets and results) storage in megabytes. This is used to limit the amount of metadata that can be stored on the core node.

HTTPS settings

You can enable HTTPS connectivity using the https_enabled variable in host_vars/YOUR_TARGET_MACHINE_NAME_HERE/vars.yaml. If you need HTTPS connectivity, select the 'certificate_type':

  • In the case of 'official_ca', our reverse proxy will attempt to generate a Let's Encrypt signed certificate.

  • It is required to fill in the domain variable as well.

  • An automatic renew process included.

  • The domain's A record must be a public IPv4 address that points to your target machine.

  • The domain must be publicly accessible due to HTTP-01 validation for certificate generation and automatic renewal process.

  • In the case of 'self_signed', our reverse proxy will attempt to generate a self signed certificate.

  • It is required to fill in the domain variable as well.

  • An automatic renew process included.

  • In the case of 'custom', you can provide your own certificate and private key pair.

  • It is not required to fill in the domain variable.

  1. Create a directory relative to the installer's docroot:

    mkdir -p host_files/YOUR_TARGET_MACHINE_NAME_HERE/ssl

  2. Place the following in the created directory:

    • certificate.crt which represents the certificate.

    • certificate.key which represents the private key.

5. Start the installation

Start the Ansible playbook for installation:

1
ansible-playbook start.yaml -t install

You will be prompted for your SSH and sudo passwords for authenticating the target machine.

SSH password:
BECOME password[defaults to SSH password]:

Tip

If you can authenticate via an SSH private key, you can leave the value of SSH password blank. If there is no password requirement for sudo commands, you can leave the value of BECOME password blank as well.

Note that installation may take up to 30 minutes.