Subject | Action |
---|
Supported operating system | Verify that the operation system is supported by DPOD as described in System Requirements. After the server OS is installed, this can be verified using the following command: cat /etc/redhat-release
|
Resources allocation | Allocate resources according to the chosen architecture type as listed in System Requirements. After the server OS is installed, this can be verified using the following commands: free -h
lscpu
|
Network card | Ensure you have at least one network interface installed and configured with full access to network services, such as DNS and NTP (the same as your Gateways). Some configurations, such as the Cell environment, require 2 network interfaces. See Network Preparation for more details. |
Root access | The installation must be performed by a root user. You cannot use sudo instead. However, you may run it after running the command: su - The installation will add entries to the PATH variable using .bash_profile . Make sure these entries are maintained during the login sequence (do not override with a fixed PATH). Do not use script command during the login sequence to make typescript of the terminal session for audit, as this will cause various scripts to hang. |
Disks, mount points / file systems and logical volumes | DPOD requires at least 3 disks (LUNs / physical / virtual) for the operating system, for the application and for the data. Some configurations, such as the Cell environment, require additional disks. Please allocate the mount points / file systems on the different disks, as described in Table 1 below. It is strongly recommended to use logical volume manager (LVM) - particularly for the data disks. Once configured, you may verify there are at least 3 disks using the following command: Tip: to create the mount points / file systems during RHEL installation: - Choose Installation Destination option.
- Select all Local Standard drives and choose option "I will configure partitioning" under the "Other Storage Options" section.
- Follow the table below and add all mount points with required definitions using the "+" button.
- To create a volume group (sys, app, data), when applicable, open the "Volume Group" listbox and choose "create new volume group ...".
|
Store service dedicated OS user and group | The Store service requires a dedicated OS user and group to run. Consider executing the following command: groupadd storeadms && useradd -g storeadms -md /home/storeadm -s /bin/bash storeadm
|
OS locale | The supported OS locale is en_US.UTF-8. Check the OS Locale Configuration and change it if necessary. |
SELinux configuration | Changes in SELinux configuration might be needed. If SELinux is enforced on the DPOD server, please review possible required configuration changes. |
Setup DNS | Setup DNS - your network admin may need to assist you with this action. Make sure you can ping to your LDAP, Mail/SMTP Server, NTP Server. |
Using yum on RedHat | For RedHat only: Your system might need to be registered and subscribed to the Red Hat Customer Portal to be able to install all prerequisites using yum . Registration and subscription may differ between organizations and RHEL version, so use the following commands just as a demonstration: subscription-manager register
subscription-manager attach --auto
subscription-manager repos --enable=rhel-7-server-rh-common-rpms
subscription-manager repos --enable=rhel-7-server-optional-rpms
|
Setup NTP | Setup NTP - it has to be the same one configured in your IBM DataPower Gateways. - Consult your Linux and network admin about the proper way to configure this service.
- For RHEL 7.x
- For RHEL 8.x
Ensure the Chrony RPM is installed. Consider executing the following commands:
yum install chrony chronyd -q 'server {ntp_server_name} iburst'
systemctl enable chronyd.service
systemctl start chronyd.service
|
Setup hosts file | Verify that the /etc/hosts file includes an entry with your server name mapped to your external server IP. To find your server name, you may execute the command: hostname
|
Required RPMs | Verify the existence of the following RPMs from the official RedHat/CentOS yum repositories: - httpd version 2.4.6-67 and above (together with the following dependencies: mailcap, apr, httpd_tools)
- mod_ssl
- mod_proxy_html
- curl
- wget
- unzip
- iptables
- iptables-services
- bc
- fontconfig
The installation is usually performed by executing yum: yum install -y httpd
yum install -y mod_ssl
yum install -y mod_proxy_html
yum install -y curl
yum install -y wget
yum install -y unzip yum install -y iptables
yum install -y iptables-services
yum install -y bc
yum install -y fontconfig
If this command fails to find the packages, you should manually download the RPM files and install them. |
| Ensure the httpd service is enabled and started by executing the command: systemctl enable httpd.service && systemctl start httpd.service && systemctl status httpd.service
|
| Optional: Install Kibana OSS (please read Kibana access limitations): - Download the RPM from: https://artifacts.elastic.co/downloads/kibana/kibana-oss-7.10.2-x86_64.rpm
- Please follow instructions on https://www.elastic.co/guide/en/kibana/7.10/rpm.html#install-rpm
Configure Kibana (edit /etc/kibana/kibana.yml):
Code Block |
---|
server.port: 5601
server.host: "montier-es-http"
server.basePath: "/op/kibana"
elasticsearch.hosts: "http://montier-es-http:9200"
elasticsearch.shardTimeout: 300000
logging.dest: /logs/kibana/kibana.log
logging.rotate.enabled: true
logging.rotate.everyBytes: 10485760
logging.rotate.keepFiles: 3 |
Create the following directory: /logs/kibana/ and make sure that the kibana user has permissions to this directory. Consider executing the following commands: Code Block |
---|
mkdir -p /logs/kibana
chown <kibana user name>:<kibana group name> /logs/kibana
# example : chown root:kibana /logs/kibana
chmod g+w /logs/kibana |
- If you choose to install Kibana in later on, you can follow the instruction on Configuring Kibana with DPOD's Store data
|
Cleanup | In case you are using yum, it is recommended to clean its cache to make sure there is enough space in /var (yum cache can take a lot of the space there). To clean yum cache, execute the command: yum clean all
|
Firewall access to DPOD server | To configure your firewall to allow access to DPOD server at port 443, execute the following commands: Note |
---|
These commands may not be applicable if your system has no builtin firewall. You should open port access for the DNS Server, your DataPower Gateways, your SMTP server and others as described in Firewall Requirements. Please assist your network admin and Linux admin to enable access on these ports. |
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
iptables-save | grep 443
If, for any reason, you need to remove this access (close the port) - execute the following commands:
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --reload
iptables-save | grep 443
|