Non Appliance Mode Only

The steps below are only applicable for installation in Non-Appliance mode, and should be performed by your Linux administrator.

This video demonstrates how to prepare a RHEL 7.8 operating system for DPOD Non-Appliance mode installation. Use it just as a demonstration, as it is not kept up-to-date with every change in the requirements. When preparing the operating system, you should follow the procedure provided below.

Subject	Action
Supported operating system	Verify that your operation system is one of the supported operating systems described in System Requirements. You may use the following command: `cat /etc/redhat-release`
Resources allocation	Ensure to select the correct architecture type, and that all resources listed in System Requirements are available. You may use the following commands: `free -h` `lscpu`
Network card	Ensure you have at least one network card installed and configured with full access to network services such as DNS and NTP (the same as your Gateways). See Network Preparation for more details.
Root access	Installation must be performed by a root user. You cannot use sudo instead. However, you may run it after running the command: su -
Disks, mount points / file systems and logical volumes	DPOD Standard Edition requires 3 disks (LUNs / physical / virtual) to support throughput, for both production and non-production installations. Please allocate the mount points / file systems on the different disks, as described in Table 1 below. It is strongly recommended to use logical volume manager (LVM) - particularly for the data disks. Once configured, you may verify there are 3 disks using the following command: `lsblk` Tip: to create the mount points / file systems during RHEL installation: Choose Installation Destination option. Select all Local Standard drives and choose option "I will configure partitioning" under the "Other Storage Options" section. Follow the table below and add all mount points with required definitions using the "+" button. To create a volume group (sys, app, data) open the "Volume Group" listbox and choose "create new volume group ...".
Store service dedicated OS user and group	The Store service requires a dedicated OS user and group to run. Consider executing the following command: `groupadd storeadms && useradd -g storeadms -md /home/storeadm -s /bin/bash storeadm`
OS locale	The supported OS locale is en_US.UTF-8. Check the OS Locale Configuration and change it if necessary.
Installation file and environment	Ensure your /tmp directory has at least 1GB of free space. Installation from a different directory is possible. If you opt to run the install from a directory other than /tmp, ensure that this directory: Has at least 1GB of free space. Is NOT one of these folders: /app, /logs, /data, /shared, /installs. Download the CEF file and transfer it to the installation directory (e.g. /tmp) on the pre-installed OS server. Execute the following command from the pre-installed OS server terminal: `chmod 755 ./<File Name>`
Setup DNS	Setup DNS - your network admin may need to assist you with this action. Make sure you can ping to your LDAP, Mail/SMTP Server, NTP Server.
Using yum on RedHat	For RedHat only: Your system might need to be registered and subscribed to the Red Hat Customer Portal to be able to install all prerequisites using `yum`. Registration and subscription may differ between organizations, so use the following commands just as a demonstration: `subscription-manager register` `subscription-manager attach --auto` `subscription-manager repos --enable=rhel-7-server-rh-common-rpms`
Setup NTP	Setup NTP - it has to be the same one configured in your IBM DataPower Gateways. Consult your Linux and network admin about the proper way to configure this service. Ensure the NTP RPM is installed. Consider executing the following commands: `yum install ntp` `ntpdate <ntp server hostname>` `systemctl enable ntpd.service` `systemctl start ntpd.service`
Setup hosts file	Verify that the /etc/hosts file includes an entry with your server name mapped to your external server IP. To find your server name, you may execute the command: `hostname`
Required RPMs	Verify the existence of the following RPMs from the official RedHat/CentOS yum repositories: httpd version 2.4.6-67 and above (together with the following dependencies: mailcap, apr, httpd_tools) mod_ssl curl wget unzip iptables iptables-services bc fontconfig The installation is usually performed by executing yum: `yum install httpd mod_ssl curl wget unzip iptables iptables-services bc fontconfig` If this command fails to find the packages, you should manually download the RPM files and install them.
	Ensure the httpd service is enabled and started by executing the command: `systemctl enable httpd.service && systemctl start httpd.service`
	Install mod_proxy_html: This RPM is not always accessible from existing repositories. Try first to install it by executing the command: yum install mod_proxy_html If you get the error "No package mod_proxy_html available. Error: Nothing to do", you will need to download the RPM yourself, using one of the following methods: Method 1 - download the RPM Find your httpd version by executing the command: rpm -qa \| grep httpd The system will print something resembling httpd-2.4.6-67.el7_2.4.x86_64. This is the mod_proxy version you need to download. For RedHat only - Download the mod_proxy with the correct version from the following url: https://access.redhat.com/downloads/content/mod_proxy_html/2.4.6-45.el7/x86_64/f21541eb/package (change the version part of the URL to match the httpd version you found above). Use wget or any other mechanism to download, and ensure to place the RPM inside the /tmp directory of the pre-installed OS server. Install the RPM by executing the command: rpm -Uvh mod_proxy_html-2.4.6-67.el7_2.4.x86_64.rpm (Note: your version may vary, as described above) Method 2 - add a repository and install it from the repository using the commands (For RedHat only) `subscription-manager repos --enable=rhel-7-server-optional-rpms` `yum install mod_proxy_html`
	Optional: Install Kibana OSS (please read Kibana access limitations): Download the RPM from: https://artifacts.elastic.co/downloads/kibana/kibana-oss-6.8.11-x86_64.rpm Please follow instructions on https://www.elastic.co/guide/en/kibana/6.8/rpm.html#install-rpm Configure Kibana (edit kibana.yml): server.port: 5601 server.host: "montier-es-http" server.basePath: "/op/kibana" elasticsearch.hosts: "http://montier-es-http:9200" elasticsearch.shardTimeout: 300000
Cleanup	In case you are using yum, it is recommended to clean its cache to make sure there is enough space in /var (yum cache can take a lot of the space there). To clean yum cache, execute the command: `yum clean all`
Firewall access to DPOD server	To configure your firewall to allow access to DPOD server at port 443, execute the following commands: These commands may not be applicable if your system has no builtin firewall. `firewall-cmd --zone=public --add-port=443/tcp --permanent` `firewall-cmd --reload` `iptables-save \| grep 443` If, for any reason, you need to remove this access (close the port) - execute the following commands: `firewall-cmd --zone=public --remove-port=443/tcp --permanent` `firewall-cmd --reload` `iptables-save \| grep 443` You should open port access for the DNS Server, your DataPower Gateways, your SMTP server and others as described in Firewall Requirements. Please assist your network admin and Linux admin to enable access on these ports.
Operating System optimization	It is recommended to let DPOD optimize the Operating System parameters to ensure performance. Please review the script before executing it and make sure the OS parameters values match your organization's policy. `/app/scripts/tune-os-parameters.sh` When DPOD is later installed, it will check the OS parameters. Critical compatibility checks must be satisfied in order to install the system, while other informational compatibility checks will make sure the operating system is optimized and will notify if changes are recommended to be made. Please take time to review the results of these checks after installation, and perform all applicable optimizations. The compatibility checks report can be found in /installs/logs/appliance_checks-<date time>.log.

Table 1 - Prepare your file system

Directory / Mount Point	Disk	Space in Mib	Device Type	File System
biosboot	sys	2	Standard Partition	BIOS BOOT
swap	sys	8192	LVM	swap
/boot	sys	2048	Standard Partition	XFS
/boot/efi	sys	200 (for UEFI installations for GPT partition)	Standard Partition	EFI System Partition
/	sys	4096	LVM	XFS
/var	sys	4096	LVM	XFS
/tmp	sys	2048 (recommended 16384)	LVM	XFS
/shared	app	512	LVM	XFS
/app	app	8192	LVM	XFS
/app/tmp	app	4096	LVM	XFS
/installs	app	8192	LVM	XFS
/logs	app	12,288 (can be on other fast disk - preferred locally)	LVM	XFS
/data	data	As described in Hardware and Software Requirements minimum of 100GB	LVM	XFS

Third-Party Software

Third-party software such as antivirus, cybersecurity, monitoring, APM, endpoint protection, backup, etc. might significantly decrease the performance of DPOD and impact its functionality.

In case of functionality or performance issues, try first to disable such software.

During the resolution of issues, DPOD support will ask the customer to disable any 3rd party software in order to isolate the issues and verify their source. Support cannot be provided if the 3rd party tools are not disabled.

Browser not supported