Versions Compared

Version Old Version 221 New Version Current
Changes made by

Avi Falah

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
title

Non-Appliance Mode Only

The steps below are only applicable for installation in Non-Appliance mode, and should be performed by your Linux your Linux administrator.

Tip

This video demonstrates how to prepare a RHEL 7.8 operating system for DPOD Non-Appliance mode installation. Use it just as a demonstration, as it is not kept up-to-date with every change in the requirements. When preparing the operating system, you should follow the procedure provided below.

Subject

Action

Supported operating system

Verify that the operation system

Install an operating system that is supported by DPOD as described in 

System

Hardware and Software Requirements.

After

Verify the

server OS is installed, this can be verified

installed OS using the following command:

Code Block
 cat /etc/redhat-release

Resources allocation

Allocate resources according to the chosen

architecture type

deployment profile as listed in

System

Hardware and Software Requirements.

After the server OS is installed, this can be verified

Verify the allocated resources using the following commands:

Code Block
free -h


lscpu

Network

card

requirements

Ensure you have at least one network interface installed and configured with full access to network services, such as DNS and NTP

(the same as your Gateways)

.
Some configurations, such as the Cell environment, require 2 network interfaces.

See Network Preparation for


See Firewall Requirements for more details.

Root access

The installation must be performed by a root user. You cannot use sudo instead.

However, you may run it after running the command: su -
The installation will add entries to the PATH variable using .bash_profile. Make sure these entries are maintained during the login sequence (do not override with a fixed PATH)

  • Do not override the PATH variable with a fixed value during login sequence, as this will override the value set by DPOD installation in .bash_profile and will cause various scripts to fail.

  • Do not use script command during the login sequence to make a typescript of the terminal session for audit, as this will cause various scripts to hang.

Disks, mount points / file systems and logical volumes

  • Do not use trap command to clear the terminal on session close, as this will cause various scripts to get extra characters as their input and fail.

  • Do not print a disclaimer in .bashrc, as this will cause various scripts to get the disclaimer as their input and fail.

Disks

DPOD requires at least 3 disks (LUNs / physical / virtual):

  • 1 disk for the operating system

,

  • 1 disk for the application

and

  • /logs

  • At least 1 disk for the data

Some configurations, such as the Cell environment, require

additional disks.Please allocate the

multiple disks for the data.

You may verify the existence of the disks using the following command (e.g: look for sda, sdb and sdc):

Code Block
lsblk

Mount points, file systems and logical volumes

See Table 1 below for the required mount points / file systems on the different disks

, as described in Table 1 below. 

.
It is strongly recommended to use logical volume manager (LVM) - particularly for the data

disks

disk(s). See Example: Creating File Systems using LVM.
Once configured, you may verify

there are at least 3 disks

the configuration using the following command:

Code Block
lsblk

Tip:

to create the mount points / file systems during RHEL installation:
  • Choose Installation Destination option.
  • Select all Local Standard drives and choose option "I will configure partitioning" under the "Other Storage Options" section.
  • Follow the table below and add all mount points with required definitions using the "+" button.
    • To create a volume group (sys, app, data), when applicable, open the "Volume Group" listbox and choose "create new volume group ..."

    To use LVM in AWS EC2 instances with RHEL 8.x and EBS disks, first execute dnf install lvm2 to install the LVM package, and use gdisk to create a partition. For more information, see https://aws.amazon.com/premiumsupport/knowledge-center/create-lv-on-ebs-partition/.

    Store service dedicated OS user and group

    The Store service requires a dedicated OS user and group to run. Consider executing the following command:

    Code Block
    groupadd storeadms && useradd -g storeadms -md /home/storeadm -s /bin/bash storeadm

    OS locale

    The supported OS locale is en_US.UTF-8. Check the OS Locale Configuration and change it if necessary.

    SELinux configuration

    Changes in SELinux configuration might be needed. Check if SELinux is enabled using the following command:

    Code Block
    sestatus

    If SELinux is enforced on the DPOD server, please review possible required configuration changes.

    Setup DNS

    Setup

    It is highly recommended to setup DNS - your network admin may need to assist you with this action.

    Make sure you can ping to your LDAP, Mail/SMTP Server, NTP Server.

    Using yum on RedHat

    For RedHat only: Your system might need to be registered and subscribed to the Red Hat Customer Portal to be able to install all prerequisites using yum.
    Registration and subscription may differ between organizations and RHEL version, so

    use

    consider the following commands just as

    a demonstration

    an example:

    Code Block
    subscription-manager register

    
subscription-manager attach --auto

    • For RHEL 7.x

      Code Block
      subscription-manager repos --enable=rhel-7-server-rh-common-rpms

    • 
subscription-manager repos --enable=rhel-7-server-optional-rpms

    • For RHEL 8.x

      Code Block
      subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms
subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms

    Setup NTP

    Setup

    It is highly recommended to setup NTP - it has to be the same one configured in your IBM DataPower Gateways.

    • Consult your Linux and network admin about the proper way to configure this service.

    • For RHEL 7.x

    Ensure

    • , ensure the NTP RPM is installed. Consider executing the following commands:

      Code Block
      yum install ntp

    • 
ntpdate <ntp server hostname>

    • 
systemctl enable ntpd.service

    • 
systemctl start ntpd.service

    • For RHEL 8.x


    Ensure

    • , ensure the Chrony RPM is installed. Consider executing the following commands:

      Code Block
      yum install chrony

    • 
chronyd -q 'server {ntp_server_name} iburst'

    • 
systemctl enable chronyd.service

    • 
systemctl start chronyd.service

    Setup hosts file

    Verify that the /etc/hosts file includes an entry with your server name mapped to your external server IP.
    To

    find hostname

    display your server name, you may execute the command

    :

    hostname.
    To display your server’s IP address, you may execute the command ip a.

    Required RPMs

    Verify the existence of the following RPMs from the official RedHat/CentOS yum repositories:

    • httpd version 2.4.6-67 and above (together with the following dependencies: mailcap, apr, httpd_tools)

    • mod_ssl

    • mod_proxy_html

    • curl

    • wget

    • unzip

    • iptables

    • iptables-services

    • bc

    • fontconfig

    • squashfs-tools

    • numactl

    • pciutils

    • nvme-cli

    The installation is usually performed by executing yum

    :

    . If the command fails to find the packages, you should manually download the RPM files and install them.

    Code Block
    yum install -y httpd

    
yum install -y mod_ssl

    
yum install -y mod_proxy_html

    
yum install -y curl

    
yum install -y wget

    
yum install -y unzip

    
yum install -y iptables

    
yum install -y iptables-services

    
yum install -y bc

    
yum install -y fontconfig

    If this command fails to find the packages, you should manually download the RPM files and install them.

    Ensure the httpd service is enabled and started by executing the command:

    systemctl enable httpd.service && systemctl start httpd.service && systemctl status httpd.service

    Optional: Install Kibana OSS (please read Kibana access limitations):

  • Download the RPM from: https://artifacts.elastic.co/downloads/kibana/kibana-oss-7.10.2-x86_64.rpm
  • Please follow instructions on https://www.elastic.co/guide/en/kibana/7.10/rpm.html#install-rpm

    • Create the following directory: /logs/kibana/ and make sure that the kibana user has permissions to this directory. Consider executing the following commands:

    Code Block
    mkdir -p /logs/kibana
chown <kibana user name>:<kibana group name> /logs/kibana 
# example :  chown root:kibana /logs/kibana
chmod g+w /logs/kibana
  • If you choose to install Kibana in later on, you can follow the instruction on Configuring Kibana with DPOD's Store data
    • 
yum install -y squashfs-tools
yum install -y numactl
yum install -y pciutils
yum install -y nvme-cli

    The following RPMs are recommended for system maintenance and troubleshooting, and are optionaltelnet client, net-tools, iftop, tcpdump

    Ensure squashfs module is loaded - see more at https://access.redhat.com/solutions/5477831.
    Ensure squashfs is not disabled in /etc/modprobe.d (by running the command grep -ri squashfs /etc/modprobe.d).


    Ensure the httpd service is enabled and started by executing the command:

    Code Block
    systemctl enable httpd.service && systemctl start httpd.service && systemctl status httpd.service

    Cleanup

    In case you are using yum, it is recommended to clean its cache to make sure there is enough space in /var (yum cache can take a lot of the space there). To clean yum cache, execute the following command:

    Code Block
    yum clean
    allFirewall access to DPOD server

    To configure your firewall to allow access to DPOD server at port 443, execute the following commands:

    Note

    These commands may not be applicable if your system has no builtin firewall.

    You should open port access for the DNS Server, your DataPower Gateways, your SMTP server and others as described in Firewall Requirements.

    Please assist your network admin and Linux admin to enable access on these ports.

    firewall-cmd --zone=public --add-port=443/tcp --permanent
    firewall-cmd --reload
    iptables-save | grep 443

    If, for any reason, you need to remove this access (close the port) - execute the following commands:
    firewall-cmd --zone=public --remove-port=443/tcp --permanent
    firewall-cmd --reload
    iptables-save | grep 443

    Table 1 - Prepare your file system

    Directory / Mount Point

    Disk

    Space in Mib

    Device Type

    File System

    biosbootsys2Standard PartitionBIOS BOOTswapsys8192
     all


    Table 1 - File Systems / Mount Points

    File System / Mount Point

    Minimum Size

    Device Type

    File System

    Disk 1: Operating System (e.g.: sda)

    biosboot

    2MB

    Standard Partition

    BIOS BOOT

    swap

    8GB

    LVM

    swap

    /boot

    sys

    2048

    Standard Partition

    2GB

    Standard Partition

    XFS

    /boot/efi

    sys200

    200MB
    (for UEFI installations for GPT partition)

    Standard Partition

    EFI System Partition

    /

    sys81928192

    8GB

    LVM

    XFS

    /var

    sys

    8GB

    LVM

    XFS

    /tmp

    16GB

    sys

    LVM

    4096
    (recommended 16384)LVMXFS

    XFS

    Disk 2: Application/logs (e.g.: sdb)

    /shared

    app

    1GB

    5128192

    LVM

    XFS

    /app

    app4096

    30GB

    LVM

    XFS

    /app/tmp

    app

    8GB

    LVM

    XFS

    /installs

    app11264

    30GB

    LVM

    XFS

    /logs

    15GB

    app/datadata

    LVM

    12,288
    (can be on other fast disk - preferred locally)

    LVMXFS

    XFS

    Data Disk(s) (e.g.: sdc, sdd, sde...)

    /data

    As described in Hardware and Software Requirements


    minimum of 100GB

    or according to the sizing spreadsheet in case one was provided by the DPOD support team. Minimum of 100GB.

    LVM

    XFS

    [Required only for cell members]
    /data2, /data22, /data222, /data3, /data33, /data333, /data4, /data44, /data444

    Only for cell members, according to the sizing spreadsheet provided by DPOD support team. See Setup a Cell Environment for information about these disks/mount points.

    LVM

    XFS

    Third-Party Software

    Third-party software such as antivirus, cybersecurity, monitoring, APM, endpoint protection, backup, etc. might significantly decrease the performance of DPOD and impact its functionality.

    In case of functionality or performance issues, try first to disable such software.

    During the resolution of issues, DPOD support will ask the customer to disable any 3rd party software in order to isolate the issues and verify their source. Support cannot be provided if the 3rd party tools are not disabled.

    ...