Versions Compared

Old Version 176

changes.mady.by.user Amit Munwes

Saved on

compared with

New Version Current

changes.mady.by.user Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note
titleNon-Appliance Mode Only

The steps below are only applicable for installation in Non-Appliance mode, and should be performed by your Linux administrator.


Tip

...

This video demonstrates how to prepare a RHEL 7.8 operating system for DPOD Non-Appliance mode installation. Use it just as a demonstration, as it is not kept up-to-date with every change in the requirements. When preparing the operating system, you should follow the procedure provided below.


SubjectAction
Supported operating system

Verify that the operation system is supported by DPOD as described in System Requirements. After the server OS is installed, this can be verified using the following command:

cat /etc/redhat-release

Resources allocation

Allocate resources according to the chosen architecture type as listed in System Requirements. After the server OS is installed, this can be verified using the following commands:

free -h
lscpu

Network card

Ensure you have at least one network card installed and configured with full access to network services, such as DNS and NTP (the same as your Gateways)

...

SubjectAction

Prepare Admin access

Installation must be

. Some configurations, such as the Cell environment, require 2 network cards. See Network Preparation for more details.

Root access

The installation must be performed by a root user.

You can NOT run it with sudo.
You can run

 You cannot use sudo instead. However, you may run it after running the command: su -

Prepare disk


The installation will add entries to the PATH variable using .bash_profile. Make sure these entries are maintained during the login sequence (do not override with a fixed PATH).
Do not use script command during the login sequence to make typescript of the terminal session for audit, as this will cause various scripts to hang.

Disks, mount points / file systems and logical

volume
Info

Tuning requirement - define 3 Disks with LVM and with size and mount points as defined below

For both Production and Non Production installations, the Standard Edition requires

volumes

DPOD requires at least 3 disks (LUNs / physical / virtual)

to support throughput.You will need to allocate the following

for the operating system, for the application and for the data. Some configurations, such as the Cell environment, require additional disks.

Please allocate the mount points / file systems on the different disks, as described in

table

Table 1 below

It is strongly recommended to use logical volume manager (LVM) - particularly for the data disks.

This can be done during RHEL installation by choosing Installation Destination option. You will then need to select

Once configured, you may verify there are at least 3 disks using the following command:

lsblk


Tip: to create the mount points / file systems during RHEL installation:

  • Choose Installation Destination option.
  • Select all Local Standard drives and choose option "I will configure partitioning" under the "Other Storage Options" section.
You should follow table 2
  • Follow the table below and add all mount points with required definitions using the "+" button.
to
  • To create a volume group (sys, app, data), when applicable, open the "Volume Group"
list box
  •  listbox and choose "create new volume group ..."
This way you can partition your 3 (logical) drive exactly as stated in table 2Prepare
  • .

The minimum file system sizes for the different installation types are described in table 2 below

After configuring the required mount points you can use the command "df -h" to make sure all free space requirements are met.

Your mount point configuration should resemble the following :

Image Removed

Store service dedicated OS user and group

The Store service requires a dedicated OS user and group to run.

User can use

Consider executing the following command:

groupadd storeadms && useradd -g storeadms -md /home/storeadm -s /bin/bash storeadm

Configure
OS locale

The supported OS locale is en_US.UTF-8.

Use the following procedure to check the supported locale configuration

Check the OS Locale Configuration and change it if necessary

Prepare your installation file and environment

Ensure your /tmp directory has at least 1GB of free space

Installation from a different directory is possible. If you opt to run the install from a directory other than /tmp, ensure that this directory:

    • Has at least 1GB of free space
    • Is NOT one of these folders:
      • /app
      • /logs
      • /data
      • /shared
      • /installs

Download the CEF file and transfer it to the /tmp directory on the pre-installed OS server.

Execute the following command from the pre-installed OS server terminal: chmod 755 ./<File Name>

Setup your network (consult your network admin)

.

SELinux configurationChanges in SELinux configuration might be needed. If SELinux is enforced on the DPOD server, please review possible required configuration changes.

Setup DNS

Setup DNS - your network admin may need to assist you with this action. Make sure you can ping to your LDAP, Mail/SMTP Server, NTP Server.

Using yum on RedHat

For RedHat only: Your system might need to be registered and subscribed to the Red Hat Customer Portal to be able to install all prerequisites using yum.
Registration and subscription may differ between organizations, so use the following commands just as a demonstration:

subscription-manager register
subscription-manager attach --auto
subscription-manager repos --enable=rhel-7-server-rh-common-rpms
subscription-manager repos --enable=rhel-7-server-optional-rpms

Setup NTP

Setup NTP - it has to be the same

used for

one configured in your IBM DataPower Gateways.

  • Consult your Linux and network admin about the proper way to configure this service.
  • For RHEL 7.x

    • Ensure the NTP RPM is installed. Consider executing the following

command

    • commands:

      yum install ntp
      ntpdate <ntp server hostname>
      systemctl enable ntpd.service
      systemctl start ntpd.service

 

  • For RHEL 8.x

    • Ensure the Chrony RPM is installed. Consider executing the following commands:

      yum install chrony
      chronyd -q 'server {ntp_server_name} iburst'
      systemctl enable chronyd.service
      systemctl start chronyd.service

Setup hosts file

Verify that the /etc/hosts file includes an entry with your server name mapped to your external server IP.

To find your server name, you may execute the command:

hostname

Verify all required

Required RPMs

are installed

Verify the existence of the following RPMs from the official RedHat/CentOS yum repositories:

  • httpd version 2.4.6-67 and above (together with the following dependencies: mailcap, apr, httpd_tools)
  • mod_ssl
  • mod_proxy_html
  • curl
  • wget
  • unzip
  • iptables
  • iptables-services
  • bc
  • fontconfig

The installation is usually performed by executing yum:

yum install -y httpd
yum install -y mod_ssl
yum install -y mod_proxy_html
yum install -y curl
yum install -y wget

unzip iptables 


yum install -y unzip
yum install -y iptables
yum install -y iptables-services

 bc


yum install -y bc
yum install -y fontconfig

If this command

can not

fails to find the

package on account of it not being included in the repository, you will need to add the containing repository or

packages, you should manually download the

RPMs

RPM files and install them.

RedHat Only - Execute the following command: subscription-manager repos --enable=rhel-7-server-rh-common-rpms

Ensure the httpd service is enabled and started by executing the command:

 

systemctl enable httpd.service

Ensure the httpd service is started by executing the command: systemctl start httpd.service

Install mod_proxy_html
  • This RPM is not always accessible from existing repositories. Try first to install it by executing the command: yum install mod_proxy_html
    If you get the error "No package mod_proxy_html available. Error: Nothing to do", you will need to download the RPM yourself, using one of the following methods:
  • Method 1 - download the RPM
    • Find your httpd version by executing the command: rpm -qa | grep httpd
    • The system will print something resembling httpd-2.4.6-67.el7_2.4.x86_64. This is the mod_proxy version you need to download
    • RedHat Only - Download the mod_proxy with the correct version from the following url:
      https://access.redhat.com/downloads/content/mod_proxy_html/2.4.6-45.el7/x86_64/f21541eb/package (change the version part of the url
      to match the httpd version you found above). Use wget or any other mechanism to download, and ensure to place the RPM inside the /tmp directory of the pre-installed OS server.
    • Install the RPM by executing the command:  rpm -Uvh mod_proxy_html-2.4.6-67.el7_2.4.x86_64.rpm (Note: your version may vary, as described above)
  • Method 2 - add a repository and install it from the repository using the commands (RedHat Only)

    • subscription-manager repos --enable=rhel-7-server-optional-rpms

    • yum install mod_proxy_html

OPTIONAL - Install kibana OSS (kibana-oss-6.6.1)

This RPM is required only if you would like to manually query the Big Data store.

&& systemctl start httpd.service && systemctl status httpd.service


Optional: Install Kibana OSS (please read Kibana access limitations):

6
6
1
6
6
kibana (

  • Kibana (edit /etc/kibana/kibana.yml):

 


  • Code Block
    server.port: 5601
  • 
server.host: "montier-es-http"
  • 
server.basePath: "/op/kibana"
  • 
elasticsearch.hosts: "http://montier-es-http:9200"
  • 
elasticsearch.shardTimeout: 300000
Open your firewall to 
  • 
logging.dest: /logs/kibana/kibana.log
logging.rotate.enabled: true
logging.rotate.everyBytes: 10485760
logging.rotate.keepFiles: 3


Cleanup

In case you are using yum, it is recommended to clean its cache to make sure there is enough space in /var (yum cache can take a lot of the space there). To clean yum cache, execute the command:

yum clean all

Firewall access to DPOD server

To configure your firewall

for open

to allow access to

the

DPOD server

for

at port 443, execute the following commands:

Note

These commands may not be applicable if your system has no builtin firewall.

You should open port access for the DNS Server, your DataPower Gateways, your SMTP server and others as described in Firewall Requirements.

Please assist your network admin and Linux admin to enable access on these ports.

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
iptables-save | grep 443


If, for any reason, you need to remove this access (close the port) - execute the following commands:
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --reload
iptables-save | grep 443

note

You should open port access for the DNS Server, your DataPower devices, your SMTP server and others as described in firewall rules.

Please assist your network admin and Linux admin to enable access on these ports.


Table 1 - Prepare your

...

file system

Directory / Mount
point
Point

Disk

Name/sys/var

Space in Mib

Device Type

File System

biosbootsys
/tmp
2
sys/bootsys
Standard PartitionBIOS BOOT
swapsys8192
/logs
LVM
app
swap
/
data
boot
data
sys
/shared

2048

app

Standard Partition

/app
XFS
app
/
app
boot/
tmp
efi
app
sys
/installsapp

Table 2 - Prepare your file system

Directory / Mount point

Recommended

Disk

Standard Edition - Minimal/Low/Medium/High

free space in Mib

Device

Type

File

System

200
(for UEFI installations for GPT partition)

Standard Partition

EFI System Partition

/sys
4096
8192LVMXFS
swapsys8192swapXFS
/varsys
4096
8192LVMXFS
/tmpsys4096
2048
(recommended 16384)LVMXFS
/
bootsys

2048

Standard

Partition

XFS/
sharedapp512LVMXFS
/appapp8192LVMXFS
/app/tmpapp4096LVMXFS
/installsapp
8192
11264LVMXFS
/logsapp

12,288
(can be on other fast disk - preferred locally)

LVMXFS
/datadata

As described in Hardware and Software Requirements
minimum of 100GB

LVMXFS
/boot/efidata

For UEFI installations for GPT partition

200

Standard

Partition

EFI System

Partition

Installation Compatibility Checks

There are two types of checks: Critical and Informational.

The critical checks are mandatory in order to install the system. The informational checks are highly recommended for system optimization.

Please take time to review the results of these checks after installation, and perform all applicable optimizations. The compatibility checks report can be found in /installs/logs/appliance_checks-<date time>.log

Supported programs

The only supported programs for installation on the DPOD server are infrastructure / system tools like Antivirus agents, Monitor Agents, Backup Agents etc.

Note that these system tools may affect DPOD's functionality and performance.

...

Third-Party Software

Third-party software such as antivirus, cybersecurity, monitoring, APM, endpoint protection, backup, etc. might significantly decrease the performance of DPOD and impact its functionality.

In case of functionality or performance issues, try first to disable these system toolssuch software.

During the resolution of issues, DPOD support will ask the customer to disable any 3rd party software in order to isolate the issues and verify their source. Support cannot be provided if the 3rd party tools are not disabled.