Install 4.4 Community Server edition of MongoDB at: https://www.mongodb.com/download- center#community
Optional: If the default folder paths of db and logs are preferred, the following instructions can be used to change them.
-
Create folders mongo/data/db and mongo/data/logs in preferred disk drive.
-
Navigate to the mongo configuration path /etc/mongod.conf
-
Open the mongod.conf and update the above created folder path.
# Where and how to store data. storage:
dbPath: /var/lib/mongodb
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0
-
After updating the mongod.conf file restart mongod using below command:
sudo systemctl restart mongod.service
Note
MongoDB reports database name can be changed, and the same should be updated in the respective property files and we recommend not to change the admin database name.
Execute the following commands in Mongo Shell to create users with required privileges. This user will be used by application to connect to mongo database. Make sure to update the following commands with a strong password before executing.
use admin
db.createUser(
{
user: "siteUserAdmin",
pwd: "replace with strong password",
roles: [{role: "userAdminAnyDatabase", db: "admin"}]
}
)
use reports
db.createUser(
{
user: "reporting",
pwd: "replace with strong password",
roles: [{role: "dbOwner", db: "reports"}]
}
)
-
Download the OnPrem installer from the URL provided by OneTrust.
-
Unzip the downloaded installer.
-
Open a command line and navigate the directory to extracted installer .../k8s-deployment/
Note
Windows users need to use windows subsystem Linux (WSL).
Setting Up the Certificate
-
Place the pfx certificate in the following path /admin-portal/k8s-deployment
-
Navigate to the terminal and change directory to the above path.
-
Run the below command to get the base64 format of the pfx file:
cat {pfxname}.pfx | base64 | tr -d " \t\n\r" -
Navigate to the package downloaded path and go to the following path …\admin-portal\k8s-deployment\_templates\secrets
-
Open the internal-certificate.yml file.
-
In the wildcard_ssl.pfx: placeholder enter the Base 64 code of the SSL certificate and select Save.
Ingress cert and key setup
We need to generate the cert and key from the .pfx certificate
-
Run the below command via terminal to generate the cert, After running the below command it asks to enter the certificate password, enter it and .crt file will be generated
openssl pkcs12 -in <pfx file name>.pfx -nodes -nokeys -nomac -out <enter the file name as app-cert.crt>
-
To generate .key file , run the below command, After running the below command it asks to enter the certificate password, enter it and .key file will be generated
openssl pkcs12 -in <pfx file name>.pfx -nocerts -nodes -out <enter the file name as app-cert.key>
-
Place both the app-cert.crt and app-cert.key in the ../admin-portal/k8s-deployment/ path
Configure General Properties
-
Navigate to the …\admin-portal\k8s-deployment\properties\services and edit the application-onprem.properties as follows:
-
Set host.url to the actual domain URL which is being set up (e.g., host.url=https://privacy.onetrust.com)
-
Generate a strong, random password as site.secret (e.g., site.secret=xxxxxxxxxxxxxxxx)
-
Set the db.*properties with SQL Server information:
db.hostname=
db.port=
db.username=
db.password=
-
Set the dsar.authorization.onetrust.client.secret=onetrust
-
Configure the Privacy Portal name: dsportal.hostname= {Privacy Portal application domain name}
Note
3rd and 4th bullet point is applicable only for customers choosing to deploy the Privacy Portal.
-
Configure the Redis details:
spring.redis.host=redis
spring.redis.password=redis
-
Configure the MongoDB details:
If the Mongo is installed as Stand Alone follow the below setup:
spring.data.mongodb.host={The h ost name of the MongoDB router}
spring.data.mongodb.username=reporting
spring.data.mongodb.password={The password generated during MongoDB configuration}
spring.data.mongodb.admin.host={The host name of the MongoDB router}
spring.data.mongodb.admin.username=siteUserAdmin
spring.data.mongodb.admin.password={The password generated during MongoDB configuration}
If the Mongo is installed as a cluster then follow below setup:
Replica setup:
First edit the application-onprem.properties to add and set the following values:
spring.data.mongodb.host={ReplicaSet hostname 1:Port1, ReplicaSet hostname 2:Port2, ReplicaSet hostname 3:Port3}
spring.data.mongodb.username=reporting
spring.data.mongodb.password={The password generated during MongoDB configuration}
spring.data.mongodb.admin.host={ReplicaSet hostname 1:Port1, ReplicaSet hostname 2:Port2, ReplicaSet hostname 3:Port3}
spring.data.mongodb.admin.username=siteUserAdmin
spring.data.mongodb.admin.password={The password generated during MongoDB configuration}
Next, edit the following reporting property files to add and set the following values:
reporting-onprem.properties
spring.data.mongodb.replicaSetName={Configured replica set name}
spring.data.mongodb.admin.database=admin
spring.data.mongodb.database=reports
reporting-data-ingest-onprem.properties
spring.data.mongodb.replicaSetName={Configured replica set name}
spring.data.mongodb.admin.database=admin
spring.data.mongodb.database=reports -
Navigate to .../k8s-deployment/tools folder and unzip the admin-portal-keystore.zip file
-
Open the Windows Subsystem for Linux or bash command line and point it to the folder .../k8s-deployment/tools/admin-portal-keystore/keystore
-
Run the command ./get-keystore.sh and enter the following values:
Note
-
JRE 11 should be installed to run keystore shell script
-
KeyStore pass can be kept empty if preferred not to set password.
Enter Distinguished Name (e.g.cn=OneTrust, OU=IT): cn=OneTrust, OU=IT
Keypair validity: 365
Auth key alias: AuthJWT
Consent key alias: ConsentJWT
Keystore pass:
-
A file named cert.txt would have generated in the same folder. Copy the generated content of cert.txt file and paste it into the end of application-onprem.properties
encryption.masterKeyStorePassword=
encryption.masterKeyId=
encryption.masterKeyPassword=
consentmanager.keystore.secretKeyName=
consentmanager.jwt.key.password=
# Base64Encoded PublicKey of Consent will be going in DSPortal
auth.keystore.string=
auth.keystore.secret=
auth.jwt.alias=
encryption.masterKeyStoreLocation=property:jceks.file
jceks.file= encrypt.keyStore.password=
encrypt.keyStore.alias=
# HMAC key for document assertions
onetrust.access-control-assertions.hmac-key-id=
onetrust.access-control-assertions.hmac-secret=
-
If you are deploying Privacy Portal, copy the value of ds.sdk.jwt.publickey to the Privacy Portal server application-onprem.properties file
Configure Notification Service
Navigate to admin_portal/k8s-deployment/properties/services and edit notification-onprem.properties for the following values.
-
Configure the spring.mail.*properties:
spring.mail.port={SMTP Mail server Port}
spring.mail.host={SMTP Mail server host name}
spring.mail.username={SMTP Mail Username}
spring.mail.password={SMTP mail server password} -
Go to admin_portal /k8s-deployment/properties/services and edit notification.properties file.
-
Update onetrust.notification.email.from.mail-id with a "from email address". This entry will be used as a "from email address" sent by the application.
Configure Data Subject Access Service (Applicable Only for Privacy Portal users)
Edit datasubject-access-onprem.properties and set the following values:
dsar.webformtemplate.cdn.uri={the HTTPS DS hostname of the webform URL}
Configure SSL on Gateway and Turnstile Services
Edit gateway-onprem.properties and turnstile-onprem.properties and set the following values in both files:
server.ssl.key-store-type=PKCS12
server.ssl.key-store= {the pfx file name}
server.ssl.key-store-password= {the pfx file's password}
