Versions Compared

Old Version 191

changes.mady.by.user Amit Munwes

Saved on

compared with

New Version Current

changes.mady.by.user Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


title
Note

Non-Appliance Mode Only

The steps below are only applicable for installation in Non-Appliance mode, and should be performed by your Linux your Linux administrator.

Tip

This video demonstrates how to prepare a RHEL 7.8 operating system for DPOD Non-Appliance mode installation. Use it just as a demonstration, as it is not kept up-to-date with every change in the requirements. When preparing the operating system, you should follow the procedure provided below.

For RHEL you can use cat

Subject

Action

Supported operating system

Verify that your operation system is one of the supported operating systems described in System Requirements.

Install an operating system that is supported by DPOD as described in Hardware and Software Requirements. Verify the installed OS using the following command:

Code Block
 cat /etc/redhat-
release For CentOS you can use cat/etc/centos-release  
release

Resources allocation

Ensure

Allocate resources according to

select the correct architecture type and that all resources listed in System Requirements are made available.

For memory use  free command

For the number of CPUs

Network card

the chosen deployment profile as listed in Hardware and Software Requirements. Verify the allocated resources using the following commands:

Code Block
free -h
lscpu

Network requirements

Ensure you have at least one network

card

interface installed and configured with full access to network services, such as DNS and NTP

(the same as your Gateways) - see Network Preparation

.
Some configurations, such as the Cell environment, require 2 network interfaces.
See Firewall Requirements for more details.

Root access

Installation must be

The installation must be performed by a root user.

You can NOT run it with sudo. However, you may run it after running the command: su -

 You cannot use sudo instead.

  • Do not override the PATH variable with a fixed value during login sequence, as this will override the value set by DPOD installation in .bash_profile and will cause various scripts to fail.

  • Do not use script command during the login sequence to make a typescript of the terminal session for audit, as this will cause various scripts to hang.

  • Do not use trap command to clear the terminal on session close, as this will cause various scripts to get extra characters as their input and fail.

  • Do not print a disclaimer in .bashrc, as this will cause various scripts to get the disclaimer as their input and fail.

Disks, mount points

/ For both Production and Non Production installations, the Standard Edition requires

, file systems and logical volumes

Info

Tuning requirement - define 3 Disks with LVM and with size and mount points as defined below

DPOD requires at least 3 disks (LUNs / physical / virtual)

to support throughput.You will need to

:

  • 1 disk for the operating system

  • 1 disk for the application/logs

  • At least 1 disk for the data

Some configurations, such as the Cell environment, require multiple disks for the data.
Please allocate the mount points / file systems on the different disks, as described in Table 1 below.
It is strongly recommended to use logical volume manager (LVM) - particularly for

data disks.

use lsblk to make sure you have 3 disk !

To create the mount points / file systems during RHEL installation:

  • Choose Installation Destination option.
  • Select all Local Standard drives and choose option "I will configure partitioning" under the "Other Storage Options" section.
  • Follow table 2 and add all mount points with required definitions using the "+" button.
  • To create a volume group (sys, app, data) open the "Volume Group"list box and choose "create new volume group ..."
  • This way you can partition your 3 (logical) drive exactly as stated in table 2.
After configuring the required mount points / file systems you can use the command "df -h" to make sure all free space requirements are met

the data disk(s). See Example: Creating File Systems using LVM.
Once configured, you may verify the configuration using the following command:

Code Block
lsblk

Tip: To use LVM in AWS EC2 instances with RHEL 8.x and EBS disks, first execute dnf install lvm2 to install the LVM package, and use gdisk to create a partition. For more information, see https://aws.amazon.com/premiumsupport/knowledge-center/create-lv-on-ebs-partition/.

Store service dedicated OS user and group

The Store service requires a dedicated OS user and group to run.

Consider executing the following command:

Code Block
groupadd storeadms && useradd -g storeadms -md /home/storeadm -s /bin/bash storeadm

OS locale

The supported OS locale is en_US.UTF-8.

Use the following procedure to check

Check the OS Locale Configuration and change it if necessary.

Installation file and environment

Ensure your /tmp directory has at least 1GB of free space

Installation from a different directory is possible. If you opt to run the install from a directory other than /tmp, ensure that this directory:

    • Has at least 1GB of free space
    • Is NOT one of these folders: /app, /logs, /data, /shared, /installs

Download the CEF file and transfer it to the installation directory (e.g. /tmp) on the pre-installed OS server.

Execute the following command from the pre-installed OS server terminal:
chmod 755 ./<File Name>

Setup your network (consult your network admin)

Setup

SELinux configuration

Changes in SELinux configuration might be needed. Check if SELinux is enabled using the following command:

Code Block
sestatus

If SELinux is enforced on the DPOD server, please review possible required configuration changes.

Setup DNS

It is highly recommended to setup DNS - your network admin may need to assist you with this action.

make sure you can ping to your LDAP, Mail/SMTP Server, NTP Server.Setup

Using yum on RedHat

For RedHat only: Your system might need to be registered and subscribed to the Red Hat Customer Portal to be able to install all prerequisites using yum.
Registration and subscription may differ between organizations and RHEL version, so consider the following commands just as an example:

Code Block
subscription-manager register
subscription-manager attach --auto

  • For RHEL 7.x

    Code Block
    subscription-manager repos --enable=rhel-7-server-rh-common-rpms
subscription-manager repos --enable=rhel-7-server-optional-rpms

  • For RHEL 8.x

    Code Block
    subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms
subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms

Setup NTP

It is highly recommended to setup NTP - it has to be the same

used for

one configured in your IBM DataPower Gateways.

  • Consult your Linux and network admin about the proper way to configure this service.

Ensure

  • For RHEL 7.x, ensure the NTP RPM is installed. Consider executing the following commands:

    Code Block
    yum install ntp

  • 
ntpdate <ntp server hostname>

  • 
systemctl enable ntpd.service
systemctl start ntpd.service

  • For RHEL 8.x, ensure the Chrony RPM is installed. Consider executing the following commands:

    Code Block
    yum install chrony
chronyd -q 'server {ntp_server_name} iburst'
systemctl enable chronyd.service
systemctl start
ntpd
  •  chronyd.service
 
Setup hosts file
Verify that the /etc/hosts file includes an entry with your server name mapped to your external server IP.
To 
 find 
display your server name, you may execute the command 
: 
 hostname.
To display your server’s IP address, you may execute the command ip a.
Required RPMs
Verify the existence of the following RPMs from the official RedHat/CentOS yum repositories:
  • httpd version 2.4.6-67 and above (together with the following dependencies: mailcap, apr, httpd_tools)
  • mod_ssl
  • mod_proxy_html
  • curl
  • wget
  • unzip
  • iptables
  • iptables-services
  • bc
  • fontconfig
  • squashfs-tools (make sure squashfs module is loaded - see more at https://access.redhat.com/solutions/5477831 - and that it is not disabled in /etc/modprobe.d)
  • numactl
  • pciutils
  • nvme-cli
The installation is usually performed by executing 
:
yum install httpd mod_ssl curl wget unzip iptables iptables-services bc fontconfig
If this command can not find the package on account of it not being included in the repository, you will need to add the containing repository or manually download the RPMs 
  • Download the RPM from: https://artifacts.elastic.co/downloads/kibana/kibana-oss-6.8.1-x86_64.rpm
  • Please follow instructions on https://www.elastic.co/guide/en/kibana/6.8/rpm.html#install-rpm
    • Configure Kibana (edit kibana.yml):
     Code Blockserver.port: 5601
server.host: "montier-es-http"
server.basePath: "/op/kibana"
elasticsearch.hosts: "http://montier-es-http:9200"
elasticsearch.shardTimeout: 300000
     yum. If the command fails to find the packages, you should manually download the RPM files and install them.
    For RedHat only - consider executing the following command:
    subscription-manager repos --enable=rhel-7-server-rh-common-rpms
    Ensure the httpd service is enabled and started by executing the command:
    systemctl enable httpd.service && systemctl start httpd.service
    Install mod_proxy_html:
    • This RPM is not always accessible from existing repositories. Try first to install it by executing the command: yum install mod_proxy_html
      If you get the error "No package mod_proxy_html available. Error: Nothing to do", you will need to download the RPM yourself, using one of the following methods:
      • Method 1 - download the RPM
        • Find your httpd version by executing the command: rpm -qa | grep httpd
        • The system will print something resembling httpd-2.4.6-67.el7_2.4.x86_64. This is the mod_proxy version you need to download.
        • For RedHat only - Download the mod_proxy with the correct version from the following url:
          https://access.redhat.com/downloads/content/mod_proxy_html/2.4.6-45.el7/x86_64/f21541eb/package (change the version part of the URL to match the httpd version you found above). Use wget or any other mechanism to download, and ensure to place the RPM inside the /tmp directory of the pre-installed OS server.
        • Install the RPM by executing the command:  rpm -Uvh mod_proxy_html-2.4.6-67.el7_2.4.x86_64.rpm (Note: your version may vary, as described above)
      • Method 2 - add a repository and install it from the repository using the commands (For RedHat only)
        • subscription-manager repos --enable=rhel-7-server-optional-rpms
        • yum install mod_proxy_html
    Optional: Install Kibana OSS (please read Kibana access limitations):
     Code Block
    yum install -y httpd
yum install -y mod_ssl
yum install -y mod_proxy_html
yum install -y curl
yum install -y wget
yum install -y unzip
yum install -y iptables
yum install -y iptables-services
yum install -y bc
yum install -y fontconfig
yum install -y squashfs-tools
yum install -y numactl
yum install -y pciutils
yum install -y nvme-cli
    The following RPMs are recommended for system maintenance and troubleshooting, and are optionaltelnet client, net-tools, iftop, tcpdump

    Ensure the httpd service is enabled and started by executing the command:
     Code Block
    systemctl enable httpd.service && systemctl start httpd.service && systemctl status httpd.service
    Cleanup
    In case you are using yum, it is recommended to clean its cache to make sure there is enough space in /var (yum cache can take a lot of the space there). To clean yum cache, execute the following command:
     Code Block
    languagebashtheme
    RDark
    yum clean all
    Firewall access to DPOD server
    To configure your firewall to allow access to DPOD server at port 443, execute the following commands:
    note
    These commands may not be applicable if your system has no builtin firewall.
    firewall-cmd --zone=public --add-port=443/tcp --permanent
    firewall-cmd --reload
    iptables-save | grep 443
    If, for any reason, you need to remove this access (close the port) - execute the following commands:
    firewall-cmd --zone=public --remove-port=443/tcp --permanent
    firewall-cmd --reload
    iptables-save | grep 443
     Note
    You should open port access for the DNS Server, your DataPower Gateways, your SMTP server and others as described in Firewall Requirements.
    Please assist your network admin and Linux admin to enable access on these ports.
    Table 1 - Prepare your file system
    ...
    Disk

    ...
    Table 1 - File Systems / Mount Points
    File System / Mount Point
    Minimum Size
    Device Type
    File System
    Operating System Disk (e.g.: sda)
    biosboot
    sys
    2MB
    2
    Standard Partition
    Standard Partition
    BIOS BOOT
    swap
    sys
    8GB
    8192Standard Partition
    LVM
    swap
    /boot
    sys
    2048
    2GB
    Standard Partition
    XFS
    /boot/efi
    sys
    200MB
    200
    (for UEFI installations for GPT partition)
    Standard Partition
    EFI System Partition
    /
    sys
    8GB
    40964096
    LVM
    XFS
    /var
    sys
    8GB
    LVM
    XFS
    /tmp
    sys
    15GB
    LVM
    2048LVMXFS
    XFS
    (recommended 16384)
    Application/logs Disk (e.g.: sdb)
    /shared
    app
    1GB
    512
    LVM
    XFS
    /app
    app
    30GB
    8192
    LVM
    XFS
    /app/tmp
    app
    8GB
    40968192
    LVM
    XFS
    /installs
    app/data
    30GB
    LVM
    XFS
    /logs
    app
    12,288
    (can be on other fast disk - preferred locally)
    LVMXFS
    15GB
    LVM
    XFS
    Data Disk(s) (e.g.: sdc, sdd, sde...)
    /data
    As described in Hardware and Software Requirements

    minimum 
     or according to the sizing spreadsheet in case one was provided by the DPOD support team. Minimum of 100GB.
    LVM
    XFS
    Installation Compatibility Checks
    There are two types of checks: Critical and Informational.
    The critical checks are mandatory in order to install the system. The informational checks are highly recommended for system optimization.
    Please take time to review the results of these checks after installation, and perform all applicable optimizations. The compatibility checks report can be found in /installs/logs/appliance_checks-<date time>.log
    Supported programs
    The only supported programs for installation on the DPOD server are infrastructure / system tools like Antivirus agents, Monitor Agents, Backup Agents etc.
    Note that these system tools may affect DPOD's functionality and performance.
    ...
    [Required only for cell members]
    /data2, /data22, /data222, /data3, /data33, /data333, /data4, /data44, /data444
    Only for cell members, according to the sizing spreadsheet provided by DPOD support team. See Setup a Cell Environment for information about these disks/mount points.
    LVM
    XFS
    Third-Party Software
    Third-party software such as antivirus, cybersecurity, monitoring, APM, endpoint protection, backup, etc. might significantly decrease the performance of DPOD and impact its functionality.
    In case of functionality or performance issues, try first to disable these system toolssuch software.
    During the resolution of issues, DPOD support will ask the customer to disable any 3rd party software in order to isolate the issues and verify their source. Support cannot be provided if the 3rd party tools are not disabled.