IBM DataPower Operations Dashboard v1.0.11.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Prepare Pre-Installed Operating System

Non Appliance Mode Only

The steps below are only applicable for installation in Non-Appliance mode, and should be performed by your Linux administrator.


This video demonstrates how to prepare a RHEL 7.8 operating system for DPOD Non-Appliance mode installation. Use it just as a demonstration, as it is not kept up-to-date with every change in the requirements. When preparing the operating system, you should follow the procedure provided below.


SubjectAction
Supported operating system

Verify that your operation system is one of the supported operating systems described in System Requirements. You may use the following command:

cat /etc/redhat-release

Resources allocation

Ensure to select the correct architecture type, and that all resources listed in System Requirements are available. You may use the following commands:

free -h
lscpu

Network card

Ensure you have at least one network card installed and configured with full access to network services such as DNS and NTP (the same as your Gateways).

See Network Preparation for more details.

Root access

Installation must be performed by a root user.

You cannot use sudo instead. However, you may run it after running the command: su -

Disks, mount points / file systems and logical volumes

DPOD Standard Edition requires 3 disks (LUNs / physical / virtual) to support throughput, for both production and non-production installations.

Please allocate the mount points / file systems on the different disks, as described in Table 1 below.

It is strongly recommended to use logical volume manager (LVM) - particularly for the data disks.

Once configured, you may verify there are 3 disks using the following command:

lsblk

Tip: to create the mount points / file systems during RHEL installation:

  • Choose Installation Destination option.
  • Select all Local Standard drives and choose option "I will configure partitioning" under the "Other Storage Options" section.
  • Follow the table below and add all mount points with required definitions using the "+" button.
  • To create a volume group (sys, app, data) open the "Volume Group" listbox and choose "create new volume group ...".
Store service dedicated OS user and group

The Store service requires a dedicated OS user and group to run. Consider executing the following command:

groupadd storeadms && useradd -g storeadms -md /home/storeadm -s /bin/bash storeadm

OS locale

The supported OS locale is en_US.UTF-8. Check the OS Locale Configuration and change it if necessary.

Installation file and environment

Ensure your /tmp directory has at least 1GB of free space.

Installation from a different directory is possible. If you opt to run the install from a directory other than /tmp, ensure that this directory:

    • Has at least 1GB of free space.
    • Is NOT one of these folders: /app, /logs, /data, /shared, /installs.

Download the CEF file and transfer it to the installation directory (e.g. /tmp) on the pre-installed OS server.

Execute the following command from the pre-installed OS server terminal:

chmod 755 ./<File Name>

Setup DNS

Setup DNS - your network admin may need to assist you with this action. Make sure you can ping to your LDAP, Mail/SMTP Server, NTP Server.

Using yum on RedHat

For RedHat only: Your system might need to be registered and subscribed to the Red Hat Customer Portal to be able to install all prerequisites using yum.
Registration and subscription may differ between organizations, so use the following commands just as a demonstration:

subscription-manager register
subscription-manager attach --auto
subscription-manager repos --enable=rhel-7-server-rh-common-rpms

Setup NTP

Setup NTP - it has to be the same one configured in your IBM DataPower Gateways.

  • Consult your Linux and network admin about the proper way to configure this service.
  • Ensure the NTP RPM is installed. Consider executing the following commands:

    yum install ntp
    ntpdate <ntp server hostname>
    systemctl enable ntpd.service
    systemctl start ntpd.service

Setup hosts file

Verify that the /etc/hosts file includes an entry with your server name mapped to your external server IP.

To find your server name, you may execute the command:

hostname

Required RPMs

Verify the existence of the following RPMs from the official RedHat/CentOS yum repositories:

  • httpd version 2.4.6-67 and above (together with the following dependencies: mailcap, apr, httpd_tools)
  • mod_ssl
  • curl
  • wget
  • unzip
  • iptables
  • iptables-services
  • bc
  • fontconfig

The installation is usually performed by executing yum:

yum install httpd mod_ssl curl wget unzip iptables iptables-services bc fontconfig

If this command fails to find the packages, you should manually download the RPM files and install them.


Ensure the httpd service is enabled and started by executing the command:

systemctl enable httpd.service && systemctl start httpd.service


Install mod_proxy_html:
  • This RPM is not always accessible from existing repositories. Try first to install it by executing the command: yum install mod_proxy_html
    If you get the error "No package mod_proxy_html available. Error: Nothing to do", you will need to download the RPM yourself, using one of the following methods:
    • Method 1 - download the RPM
      • Find your httpd version by executing the command: rpm -qa | grep httpd
      • The system will print something resembling httpd-2.4.6-67.el7_2.4.x86_64. This is the mod_proxy version you need to download.
      • For RedHat only - Download the mod_proxy with the correct version from the following url:
        https://access.redhat.com/downloads/content/mod_proxy_html/2.4.6-45.el7/x86_64/f21541eb/package (change the version part of the URL to match the httpd version you found above). Use wget or any other mechanism to download, and ensure to place the RPM inside the /tmp directory of the pre-installed OS server.
      • Install the RPM by executing the command:  rpm -Uvh mod_proxy_html-2.4.6-67.el7_2.4.x86_64.rpm (Note: your version may vary, as described above)
    • Method 2 - add a repository and install it from the repository using the commands (For RedHat only)
      subscription-manager repos --enable=rhel-7-server-optional-rpms
      yum install mod_proxy_html

Optional: Install Kibana OSS (please read Kibana access limitations):

Cleanup

In case you are using yum, it is recommended to clean its cache to make sure there is enough space in /var (yum cache can take a lot of the space there). To clean yum cache, execute the command:

yum clean all

Firewall access to DPOD server

To configure your firewall to allow access to DPOD server at port 443, execute the following commands:

These commands may not be applicable if your system has no builtin firewall.

firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
iptables-save | grep 443


If, for any reason, you need to remove this access (close the port) - execute the following commands:
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --reload
iptables-save | grep 443


You should open port access for the DNS Server, your DataPower Gateways, your SMTP server and others as described in Firewall Requirements.

Please assist your network admin and Linux admin to enable access on these ports.

Operating System optimization

It is recommended to let DPOD optimize the Operating System parameters to ensure performance.

Please review the script before executing it and make sure the OS parameters values match your organization's policy.

/app/scripts/tune-os-parameters.sh

When DPOD is later installed, it will check the OS parameters. Critical compatibility checks must be satisfied in order to install the system, while other informational compatibility checks will make sure the operating system is optimized and will notify if changes are recommended to be made. Please take time to review the results of these checks after installation, and perform all applicable optimizations. The compatibility checks report can be found in /installs/logs/appliance_checks-<date time>.log.

Table 1 - Prepare your file system

Directory / Mount Point

Disk

Space in Mib

Device Type

File System

biosbootsys2Standard PartitionBIOS BOOT
swapsys8192LVMswap
/bootsys

2048

Standard Partition

XFS
/boot/efisys

200
(for UEFI installations for GPT partition)

Standard Partition

EFI System Partition

/sys4096LVMXFS
/varsys4096LVMXFS
/tmpsys2048
(recommended 16384)
LVMXFS
/sharedapp512LVMXFS
/appapp8192LVMXFS
/app/tmpapp4096LVMXFS
/installsapp8192LVMXFS
/logsapp

12,288
(can be on other fast disk - preferred locally)

LVMXFS
/datadata

As described in Hardware and Software Requirements
minimum of 100GB

LVMXFS

Third-Party Software

Third-party software such as antivirus, cybersecurity, monitoring, APM, endpoint protection, backup, etc. might significantly decrease the performance of DPOD and impact its functionality.

In case of functionality or performance issues, try first to disable such software.

During the resolution of issues, DPOD support will ask the customer to disable any 3rd party software in order to isolate the issues and verify their source. Support cannot be provided if the 3rd party tools are not disabled.





IBM DataPower Operations Dashboard (DPOD) v1.0.11.0