Harness Disconnected On-Prem Setup

Updated 5 months ago by Michael Cretzman

This document describes the process for setting up the trial version of Harness Disconnected On-Prem. For more information, contact Harness at https://harness.io/contact-sales. Note that Harness on-prem installations do not currently support the Harness Helm Delegate.

Harness Disconnected On-Prem is run entirely within your enterprise network (on-premises), as opposed to Harness SaaS, which is the Harness cloud offering, and Harness Connected On-Prem, which runs in your cloud environment.

In this topic:

Installation Overview

The Harness platform is made up of 7 microservices:

  • Harness Manager
  • Machine Learning Engine
  • Verification Service
  • MongoDB
  • TimescaleDB
  • Nginx Proxy
  • User Interface

Each microservice is containerized, and is deployed on the physical machine where you install Harness.

Before You Begin

Setting up Harness Disconnected On-Prem requires the following:

  • Recommended server specification for Harness: 16 cores, 32GB Memory, 250GB Disk.
  • Packages: Docker, cURL, sed.
  • Default settings on the Linux machine(s) where you run the installer. (For example: 0022 unmask.)
  • Ports 7143-7153 open on the VM where the installer is running.
Harness Disconnected On-Prem supports Security-Enhanced Linux (SELinux).

Set Up Harness Disconnected On-Prem

The following procedure sets up Harness on one physical server.

To set up Harness Disconnected On-Prem, do the following:

  1. Start Docker. The Docker daemon must be running before you begin Harness installation.
  2. Obtain the Set Up Harness Disconnected On-Prem tar file from Harness. It is named harness_installer_version.tar.gz. Contact Harness via the Web at harness.io/contact.
    The tar file contains the following:
    • The harness_installer folder.
    • Harness Disconnected On-Prem.
    • The install_harness.sh and stop_harness.sh scripts.
    • MongoDB.
  3. Extract the Set Up Harness Disconnected On-Prem tar file (tar -xvf harness_installer_version.tar.gz). The harness_installer folder appears.
  4. Open a terminal and navigate to the harness_installer folder.
If you want to run prerequisite checks, see Prerequisite Checks below.
  1. Open inframapping.properties in a text editor, and edit the HOST1_IP_ADDRESS property. Enter the external, public IP address of the host that will run Harness.
  2. In a terminal, run setup_mongo_directories.sh. (You can pass in the runtime directory as an argument to set where the MongoDB directories are installed. Without the argument, the script defaults to the $HOME directory, and installs the new directories within $HOME/harness_runtime.)
  3. In a terminal, navigate to the harness_installer folder and run install_harness.sh. (You can pass in the runtime directory as an argument to set where Harness is installed. Without the argument, the script defaults to the $HOME directory and Harness is installed in $HOME/harness_runtime.)
  4. Upon successful completion, the install_harness.sh script will have populated the server with Harness and MongoDB. The script will output a URL, using the public IP address you provided in inframapping.properties.

    Navigate to the displayed URL. This is the Harness Manager login URL.
  5. Log into Harness using the onprem-signup URL. For example: http://<IP_address>:7143/#/onprem-signup.
  6. Create a new account.

    Use the form fields to set your Admin Account email address and password. You can use this form only once. Subsequent users must be added using an email invite—see Managing Users and Groups (RBAC).
  7. Start setting up Harness by downloading and installing a Harness Delegate, as described in Delegate Installation.

Upgrade Harness Disconnected On-Prem

Do not delete the existing runtime directory of Harness before upgrading. The runtime directory is used to upgrade.

To upgrade your Harness Disconnected On-Prem installation, do the following:

  1. When you receive an upgrade to Harness Disconnected On-Prem, extract the harness_installer_version.tar.gz file.
  2. Open the harness_installer folder in a terminal.
  3. Run the install_harness.sh script as sudo.

    If you specified a runtime directory when you first installed Harness, ensure you use the same runtime directory as an argument when running install_harness.sh.

    If no argument was provided during the first time installation, there is no need to pass an argument while upgrading. The installer will use the default runtime directory location of $HOME/harness_runtime where it was first installed.
  4. Navigate to the URL displayed by the install_harness.sh script. This is the Harness Manager login.
  5. Log in to Harness.
You do not need to download and install a new Delegate. Any existing Delegates will automatically upgrade.

Adding a New License

To add a new license to your Harness Disconnected On-Prem, do the following:

  1. Request a new license key from your Harness Sales Engineer or Customer Success contact.
  2. In your Harness installation directory, open config.properties.
  3. Replace the licenseInfo with the new license key.
  4. Run the following: install_harness.sh <YOUR RUNTIME DIRECTORY>
You can omit <YOUR RUNTIME DIRECTORY> if you have the runtime directory as $HOME/harness_runtime.

The command will restart Harness with the new license key.

Enabling a Feature Flag

In some cases, Harness will have a new feature that may only be enabled via a feature flag.

To turn on the feature flag for a feature, do the following:

  1. Navigate to the $INSTALLER_DIRECTORY/config_template/manager/manager.properties file.
  2. Add <Feature_Name> to FEATURES. Separate multiple values using commas.
  3. Run the Harness install again with the runtime directory if needed.

Prerequisite Checks

Under the harness_installer folder on the On-Prem machine, find and run the pre_requisite_commands.sh file.

The following errors might appear.

  • touch command execution failed please grant user permission to create files
    • Resolution: The user running the script does not have the appropriate permissions in that directory. Give the user permission to access the folder.
  • Command curl/sed not found, this is required for installation
    • For Ubuntu: sudo apt-get install curl
    • For Centos: yum install curl/sed
  • OS is NOT supported, please contact Harness support team
    • Resolution: Harness only supports: RHEL, Centos, Ubuntu, Debian. Please check your OS.
  • Docker daemon is not running, please start docker daemon
    • Resolution: Run Docker ps and check the output. If not installed, install it.
    • The user running ambassador doesn't has permissions to run docker commands. - Give the https://docs.docker.com/install/linux/linux-postinstall/
  • Port P is being used, please make it available for installation
    • Check which process is using the port P using the command: netstat -tln --numeric-ports | grep "P and then make that port available.
  • chmod command failed please grant user permission to execute chmod command
    • The user running the script does not have permission to do chmod. Please run the script as sudo or give write permissions to the user running the script.
  • mkdir command failed please grant user permission to create directory
    • The user running the script does not have permission to do chmod. Please run the script as sudo or give write permissions to the user running the script.
  • echo failure at "$host":"$port"
    • The VM is not able to connect to Harness. Please check if the proxy is configured correctly.

Trusted Certificate Requirement for Harness On-Prem

All connections to the Harness Manager can be secure or unencrypted according to the URL scheme you use (https:// or http://).

For secure connections from any integration into the Harness Manager (Github Webhooks, etc), including the Harness Delegate, you must use a publicly trusted certificate.

Harness does not support self-signed certificates for connections to the Harness Manager.

For connections from the Harness Manager outbound to an integration, you can use a self-signed certificate. In this case, you must import the self-signed certificate into Harness Delegate's JRE keystore manually or using a Harness Delegate Profile.

See Add Self-Signed Certificates for Delegate Connections.


The following troubleshooting steps will help you diagnose and fix problems you might encounter.

Port Errors

The default port for Harness Disconnected On-Prem is 7143. Some deployment environments, such as AWS EC2, might require you to open inbound port 7143 manually, or even a TCP port range such as 7143 through 7153, to enable traffic to Harness Disconnected On-Prem.

Run Harness Disconnected On-Prem on Different Port

The default port for Harness Disconnected On-Prem is 7143. If you would like to run Harness Disconnected On-Prem on a different port, do the following:

  1. Extract the harness_installer_version.tar.gz file (tar -xvf harness_installer_version.tar.gz).
  2. Navigate to the file config_template/proxy/proxyconfig.properties.
  3. Change the proxy_port=7143 to the new port.
  4. Rerun the installation.
To keep using the new port after each upgrade, the steps above must be performed each time you upgrade.

Docker Is Not Running on the Server

The Docker daemon must be running on the server for the installation and running of Harness Disconnected On-Prem. For information on running the Docker daemon, see Configure and troubleshoot the Docker daemon from Docker.

Add Custom Load Balancer in Front Proxy

If you want to use a custom load balancer in front of the proxy server, do the following:

  1. Open the install_harness.sh script in a text editor.
  2. Locate the string, LOAD_BALANCER_URL=http://$host1:$proxyPort. It is around line 200 in the setupManager() function.
  3. Change the LOAD_BALANCER_URL value to the load balancer URL.
  4. Ensure that the load balancer is routing requests to port 7143 on the installation machine.
  5. Clean up the Harness runtime directory. The runtime directory is set in the config.properties file.
  6. Rerun the installation.

Docker CE Cannot be Installed on RedHat 7.x

If you wish to run Harness Disconnected On-Prem on RedHat (RHEL) 7.x, see the article Docker Tip #39: Installing Docker CE on RedHat (RHEL) 7.x.

How did we do?