root$ lsmod | grep br_netfilter
To ensure the performance and stability of Anypoint Platform Private Cloud Edition (Anypoint Platform PCE), every node in your Anypoint Platform PCE environment must meet the software prerequisites described in this topic:
Operating system (OS) prerequisites
Third-party software prerequisites
MuleSoft software prerequisites
|Before you install Anypoint Platform PCE, your infrastructure team must review each of the following sections and verify that your environment meets the stated software requirements. If needed, contact your MuleSoft representative for assistance.|
The following Linux distributions are supported:
Red Hat Enterprise Linux (RHEL) 7.8, 7.9, 8.1, 8.2, 8.3
CentOS 7.8, 7.9, 8.1, 8.2, and 8.3
Anypoint Platform PCE version 3.0.2 includes support for RHEL and CentOS versions 8.4 and 8.5.
Although SELinux is not required, Anypoint Platform PCE supports the default SELinux profile running in strict mode. If your environment uses a custom profile, it must provide an unconstrained user context when running the installer. Review any custom profiles with your MuleSoft representative.
You must enable the following kernel modules on each node:
For each kernel module, run a command similar to the following example to verify that each module is loaded. Replace
br_netfilter with the name of the kernel module you are checking:
If this command does not display any output, then the module is not loaded. In this case, load the module using
root$ modprobe br_netfilter
Ensure a module is loaded after a reboot by using the following command:
root$ echo 'br_netfilter' > /etc/modules-load.d/br_netfilter.conf
The following flags must be enabled:
Ensure that no processes on your system set this flag to
false. To set a parameter, use
sysctl -w, as shown in the following example:
root$ sysctl -w net.ipv4.ip_forward=1
To make the changes permanent for the next reboot, write the changes to a file under
/etc/sysctl.d. Replace the setting in the following example with the setting you are configuring.
echo net.ipv4.ip_forward=1 >> /etc/sysctl.d/10-ipv4-forwarding.conf
Ensure that no processes or files conflict with those settings.
Firewalld is an iptables controller that defines rules for persistent network traffic.
If you are using firewalld with a Red Hat Enterprise Linux (RHEL) 7.3 operating system, you must enable forwarding on the
You must also forward any packets being sent from or to the 10.0.0.0/8 subnet.
To determine if your system is using firewalld, run the following command on every node:
systemctl status firewalld.service
If firewalld is installed, the following output is displayed:
$ sudo systemctl status firewalld.service * firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)
If firewalld is not installed, an error message is displayed.
To enable forwarding on the docker0 device, run the following commands:
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -o docker0 -j ACCEPT -m comment --comment "docker subnet" firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 1 -s 10.0.0.0/8 -j ACCEPT -m comment --comment "docker subnet"
To enable forwarding on the 10.0.0.0/8 subnet, run the following commands:
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -s 10.0.0.0/8 -j ACCEPT -m comment --comment "docker subnet" firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -d 10.0.0.0/8 -j ACCEPT -m comment --comment "docker subnet"
Remove local caching DNS servers listening on port 53, for example,
Tool to Verify NFS Server Ports are Open
Netcat is recommended, but you can use your tool of choice to verify the correct ports are open on the NFS server. If you do not have
netcat, you can install it from http://netcat.sourceforge.net/download.php or follow the instructions at https://linoxide.com/linux-how-to/install-use-netcat-command-linux/.
Any Server Configuration Management software, such as Puppet, Chef, Ansible, and SaltStack, must be removed. This software usually changes kernel modules and settings that are required, and can also restart servers without following the correct shut down procedure, causing the system to enter a failed state.
Obtain the installer archive (
anypoint-3.0.x-installer.tar.gz) and license key from your MuleSoft account representative.
To ensure proper cluster load balancing and routing, you must enable, correctly configure, and verify the following items:
Kernel IP forwarding
To enable internal Kubernetes load balancing, you must enable IPv4 forwarding on all servers.
Enable the Linux kernel to translate packets to and from hosted containers.
IP addresses for bridge-netfiltering are managed by the overlay network created by Kubernetes. Verify that the CIDR block used for that network is in the private IP address range.
To use the Anypoint Platform PCE, you must provide SSL certificates. You can upload a certificate through the Anypoint Platform PCE UI. This certificate must be trusted by every machine that is connected to the platform.
|You must register the same SSL certificate on every node containing Mule runtime engines managed by your installation.|
Some software causes conflicts with Anypoint Platform PCE. You must uninstall this software before performing Anypoint Platform PCE installation.