| StorageTek Automated Cartridge System Library Software Installation Guide Release 8.3 E48579-06 |
|
 Previous |
 Next |
| StorageTek Automated Cartridge System Library Software Installation Guide Release 8.3 E48579-06 |
|
Previous |
Next |
ACSLS 8.3 has been designed and tested to run under Oracle Linux Release 6 Update 3 and Oracle Linux Release 6 Update 4. The Oracle Linux Product Pack can be obtained from the Oracle E-Delivery site:
https://edelivery.oracle.com/linux
The procedures described in this chapter conform to a Linux 6.3 and 6.4 environments that include the specific packages detailed in the section, "Installing Linux". By closely following that section and "Linux Installation Tips", your installation should proceed smoothly and you can avoid issues of software incompatibility or unresolved package dependencies. Deviation from the prescribed set of packages is recommended only for experienced Linux administrators.
This chapter includes the following topics:
This section includes the following topics:
Three ACSLS user accounts, (acsss, acssa, acsdb) are added automatically when you install the ACSLS package.
The package install creates an acsls group and assigns all three users to this group. It also adds root to the acsls group.
If user accounts for the three acsls users already exist, the user home directory and group id will be adjusted automatically (if necessary) by the package install routine.
ACSLS 8.3 allows for a user-defined home directory for the ACSLS application. The parent directory of each user home directory is referenced by the variable, $installDir. The user home directories for ACSLS are:
acsss $installDir/ACSSS acssa $installDir/ACSSA acsdb $installDir/acsdb/ACSDB1.0
If user accounts already exist for these users and you are changing the $installDir, then these users must be logged out of the system during the installation since their home directory will change.
If the user accounts already exist and they are locked, they must be unlocked before you install the package. To check if the acsss account is locked:
# passwd -s acsss acsss LK
The "LK" tells you that the account is locked. To unlock the account:
# passwd -u acsss
Do this for each user account.
If these user accounts exist on an LDAP or NIS server and the root user on the local machine lacks usermod authority on the LDAP or NIS server, then manual intervention by the system administrator is needed to complete the ACSLS installation. Make sure the users are re assigned to the acsls group and their home directories conform to the guidelines in this section. The user shell should be /bin/bash.
Specific automated schedules known as crontabs are created for users acsss, and acsdb when you run the install.sh utility. These crontabs are provided for ACSLS database maintenance backup activities.
An optional file /etc/cron.d/cron.allow may exist on the system. This file controls which users are allowed to run the crontab command. If cron.allow exists, then user IDs for acsss and acsdb must be included in that file before you run install.sh. Otherwise, crontab creation for these users fail.
The file cron.deny exists by default on most systems. Any users listed in this file are explicitly denied access to the crontab command. Make sure that acsss and acsdb are not contained in the cron.deny file.
ACSLS 8.3 may be installed in any file system. The ACSLS base and the ACSLS backup directories (example: /export/home and /export/backup) must be mounted to allow SETUID so user acsss can run as root. Super user access is required for scripts that start and stop ACSLS services and for scripts that collect diagnostic information for a support call.
The acsss umask is set to 027 during installation.
Network services, specifically rpcbind, must be enabled to allow ACSLS client communication unless the firewall security on ACSLS and all ACSAPI clients is configured without the need for the portmapper. For more information, see the ACSLS Administrator's Guide, "Firewall Security Option" for details.
ACSLS 8.3 is designed to run in optional Security Enhanced Linux environments. SELinux was merged into the Linux 2.6.0 kernel in 2003 in response to initiatives by the US National Security Agency. It provides access control to files, directories, and other system resources that go beyond the traditional protection found standard in Unix environments. In addition to owner-group-public permission access, SELinux includes access control based on user role, domain, and context. The agent that enforces access control over all system resources is the Linux kernel.
The root user on a Linux system can set enforcement on or off with the setenforce command.
setenforce [Enforcing | Permissive | 1 | 0 ]
Use Enforcing or 1 to put SELinux in enforcing mode. Use Permissive or 0 to put SELinux in permissive mode.
|
Note: To view the current system enforcement status, use the commandgetenforce. |
Three SELinux policy modules are loaded into the kernel when you install ACSLS: allowPostgr, acsdb, and acsdb1. These modules provide the definitions and enforcement exceptions that are necessary for ACSLS to access its own database and other system resources while SELinux enforcement is active. With these modules installed, you should be able to run normal ACSLS operations, including database operations such as bdb.acsss, rdb.acsss, db_export.sh and db_import.sh without the need to disable SELinux enforcement.
For more information, refer to the ”Troubleshooting” Appendix in the StorageTek ACSLS 8.3 Administrator's Guide.
Before you begin installing Linux, check with your IT system administrator to obtain the following information. The graphical installer requires the kdelibs package, which is included in the Linux Installer Media Pack.
Hostname and IP address for the ACSLS server.
Gateway IP address and netmask for your network, as well as the primary and secondary DNS.
IP address.
Network proxy information, if available.
In this procedure, you install key software components, including the following:
GNOME desktop environment.
Internet support.
X Windows.
Resource Package Manager (RPM), Yellowdog Updater, and Modified (yum).
Java.
Do not install (or enable) the following:
Software Development
Web Server
Database
Dial-up network
If you are porting an earlier release of ACSLS from a Solaris or AIX machine, be sure to export your database and control files from that machine. The control files include those files in the data/external directory that have been customized to your local library environment. If you are moving the database and control files to the ACSLS 8.3 Linux platform, you need to export the database and control files. As user acsss, run the command:
db_export.sh -f myExport
In the example above, myExport is the name you assign to your export file. You should save myExport and myExport.misc to a non-volatile location. If you are updating your OS, then transfer these files to a remote machine for safe keeping.
For more information and procedures, refer to Exporting the Database in the ”Database Administration” chapter of the StorageTek ACSLS 8.3 Administrator's Guide.
If you have created additional ACSLS GUI users on ACSLS 8.1 or later releases, record those user IDs so you can re-add them after installing the new version of ACSLS. To do this:
As user acsss:
cd $ACS_HOME/install
Login in as root.
Use userAdmin.sh to list your existing users:
./userAdmin.sh
Select the List Users option and then the Exit option when you have finished.
Record the user IDs so you can re-add them later as described in "Adding Users of the ACSLS GUI."
You may install Oracle Linux from DVD media, from a jump-start server, or from an ISO image that resides on a remote server. Most contemporary Oracle Sun X86 servers are equipped with an advanced service processor using Integrated Lights Out Manager (ILOM). The ILOM enables you to install the Linux operating system on the same machine using remotely mounted media. Consult your Sun server documentation for details how to use the Oracle ILOM.
Use the following procedure to download the Linux installer media pack from the Oracle Software Deliver Cloud website. The media pack is delivered as a compressed ISO image file which you can extract and write to portable media of your choice.
Start a web browser on the system and navigate to the Oracle Software Delivery Cloud website at the following URL.
Click Sign In/Register.
Enter the user ID and password provided by your Oracle support representative.
On the Terms and Restrictions screen:
Select Oracle Linux in the Select a Product Pack menu.
Select x86 64 bit.
Click Go.
Select Oracle Linux Release 6 Update 3 or 4 Media Pack for x86 64 (64 Bit).
Click Download and save the media pack.zip file to the location of your choice.
Use any unzip tool to extract the ISO image file from the .zip file.
Use the media writing software of your choice to write the ISO image file to the media of your choice.
ACSLS 8.3 has been tested and verified on Linux 6.3, and 6.4, using the standard base installation of Linux with no specific packages required beyond those selected by default with the Linux installer. It is recommended that PostgreSQL packages are not included with the base installation of Linux. These are installed in the following section.
After Linux is installed, you will add specific packages required for ACSLS from the Oracle Yum repository.
If your ACSLS server is behind a firewall, you may need to configure your ACSLS Linux system to use a local proxy server.
Edit /etc/yum.conf and /etc/wgetrc to update proxy and caching parameters:
yum/conf Proxy=http://your local proxy serverhttp_caching=packages wgetrc #You can set the default proxies for wget to use for http, https, and ftp. #They will override the value in the environment. http_proxy=http://your local proxy server# Remove the comment sign (#) from this line: #use_proxy=on
Configure yum to use the Oracle repository for the correct architecture.
Obtain the repository list from the Oracle yum server.
# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-ol6.repo
Edit the file, public-yum-ol6.repo, to include i686 packages. Add the following lines to the bottom of this file.
[ol6_latest_i386] name=Oracle Linux 6 Latest 32-bit (i386) baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/i386/gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6gpgcheck=1 enabled=1
Disable the yum packagekit refresh.
Edit the file:
/etc/yum/pluginconf.d/refresh-packagekit.conf
Set enabled=0.
Install the pre-requisite packages for ACSLS.
yum install -y glibc.i686 pam pam.i686 yum install -y libstdc++ libstdc++.i686 yum install -y libxml2 libxml2.i686 yum install -y postgresql-server.i686 yum install -y unixODBC.i686 postgresql-odbc.i686
With these pre-requisites installed, you are now ready to install the ACSLS 8.3 package.
Your Linux installation may not contain all of the packages required for ACSLS. When you install the ACSLS package with rpm -ivh ACSLS-8.3.0.i686.rpm, this operation may return an error indicating specific unmet package dependencies. For each dependency that is identified, your can install that package with yum. Simply copy the package name from the dependency error message and submit that package name to a yum install command.
# yum install <package name>
If you would like to get a list of any dependencies in the ACSLS package before you attempt to install it, you can run the rpm install command with the --test option.
# rpm -ivh --test ACSLS-8.3.0.i686.rpm
If there are still unmet dependencies that remain on your Linux system, those dependencies are displayed with this test option.
The ACSLS 8.3 package is contained in the file ACSLS_8.3.0_Linux.zip which you can download from the Oracle eDelivery site. You will typically download the file to the /opt directory on your ACSLS server. Unzip the file and go into the ACSLS_8.3.0 directory to access the rpm package, ACSLS-8.3.0.i686.rpm.
ACSLS 8.3 installs in any directory. Determine the base install directory where the ACSLS application should reside. If that directory does not exist, then you must create it before installing the STKacsls package. The directory must be owned by root with permissions set to 755.
|
Note: Unless otherwise specified by the user, ACSLS will be installed in/export/home. |
As root, go into the ACSLS_8.3.0 package installation directory and install the ACSLS package.
pkg=ACSLS-8.3.0.i686.rpm rpm -i $pkg
This method places the ACSLS application under the default install directory,
/export/home. If you want to place the application under a different directory, use the following method to extract the package:
path=/my/desired/path
(the file system where you intend for the ACSLS application to reside)
rpm -Uvh --prefix $path ACSLS-8.3.0.i686.rpm
The rpm utility creates user and group IDs for users acsss, acssa, and acsdb. It assigns home directories for these users and places them in the acsls group. The root user is also added to the acsls group.
On systems where users acsss, acssa, and acsdb may already exist, please advise these users to log out before you install the package. The package install fails if a user is logged in while it is necessary to change the user's home directory. This happens in upgrade contexts where you have defined a different install directory from the previous ACSLS installation.
|
Note: Secure administration practices recommend that you to set initial passwords for these users immediately after the package installation. |
Once the package is installed, you should inherit the new ACSLS environment to your current shell. To inherit the acsls group identity, you must log out and log back in (or simply su -). Verify with the groups command.
su - # groups root acsls
(other groups may be listed)
To set your shell to the ACSLS installation environment, source the.acsls_env file.
. /var/tmp/acsls/.acsls_env
This step lets you refer to $ACS_HOME during subsequent installation operations.
The install.sh utility lets you select from the extracted ACSLS 8.3 package the specific features required for your unique Oracle StorageTek library environment. Flexibility has been added in ACSLS 8.3, allowing you to choose whether to install options including the Graphical User Interface (GUI) and fibre library support. You can run this utility to install the entire product, any portion of the product, or to alter an already-installed product without the need for a full installation.
While you are still logged in as root, run the following commands:
cd $ACS_HOME/install ./install.sh
|
Note: If you are installing Linux 6.4 and get the messageLinux 6.4 may not be supported, type ’y' and continue with the installation. |
Database creation is first step in the install.sh routine. This step is necessary if you are installing the package for the first time. If your ACSLS database already exists and you do not want to rebuild it, then you have the option to skip this step.
This step creates a new database under PostgreSQL and establishes an automated schedule for database backups. For Linux 6, it loads SE Linux policy modules that provide ACSLS with secure but unrestrained access to the PostgreSQL database engine.
Determine the directory where you intend for the database to reside. If that directory does not exist, then you must first create the directory. The directory must be owned by root with permissions set to 755. Unless you specify otherwise, the database is installed in export/backup.
The install.sh routine asks:
Which file system will be used to store database backups? [/export/backup]
Click Return to select the suggested directory, or specify a different directory. If you assign a relative path, it is placed directly under the desired path that you assigned in step-1 in the previous section, "Installing the ACSLS Package."
The install routine proceeds to load SE Linux policy modules. Unless you specify otherwise, the routine places the directory for database backups directly under the desired path that you assigned in step-1.
The mchanger driver is relevant only to fibre-attached or SCSI-attached library configurations. The install.sh routine asks:
Shall we install the mchanger driver for fibre-attached libraries? (y/n)
Respond with y or n whether your library environment includes a fibre-attached library such as the SL500 or SL150 library.
If you entered y, the routine scans the attached SAN environment, looking for any StorageTek library devices. It reports the devices it finds and prompts whether any additional libraries are attached. If you have an older SCSI attached L700 or L180 library, respond y to the prompt.
For SCSI attached libraries, simply enter the target:lun address for each library, separating them by a space. For example:
==> 4:0 5:0 5:1
When controlling fibre-attached libraries such as the SL500 or SL150, mchanger is the name that ACSLS uses when referring to the device driver for the SCSI media changer device. On Linux, /dev/mchanger* is a symbolic link to the SCSI Generic sg driver. It is not our purpose to remove sg since sg is a standard device driver on Linux. We simply remove the device links between mchanger and sg. This task is normally accomplished when you remove the ACSLS rpm package. But if you want to remove mchanger without removing the ACSLS package, use the following procedure:
Remove the device links for mchanger in /dev.
# cd /dev # rm mchanger*
Remove the rules that created the device links that you removed in step 1.
# cd /etc/udev/rules.d # rm persistent-storage-tape-acsls.rules
To re-create the mchanger device links:
Login as root.
Source the ACSLS environment:
# . /var/tmp/acsls/.acsls_env
Create the mchanger device links.
# $ACS_HOME/install/install_scsi_Linux.sh
The Graphical User Interface (GUI) is an option. If you chose to install the GUI:
Enter y at the following prompt:
Do you want to install the ACSLS Graphical User Interface? (y/n)
If this is a minor update or configuration change (not a new installation) your ACSLS GUI may already be installed.
In this case, you will have the option to re-install the GUI or to skip this section and retain the current ACSLS GUI domain. The install routine prompts:
The Acsls GUI Domain exists. Do you want to re-install it? (y/n)
Select one of the following:
Enter y if you are installing a new ACSLS release.
The WebLogic server package is extracted and the default GUI admin user account is created with the user name, acsls_admin.
You are then asked to assign a password for the admin user. The password must be between eight and sixteen characters using both alpha and numeric characters.
The install procedure unpacks and deploys the ACSLS GUI application and then creates the Acsls user group. At a later time, you can add GUI users to this group using the administrative tool, userAdmin.sh.
If you enter n, you have the option (y/n) whether to remove the existing GUI configuration.
When you install WebLogic on your ACSLS server, a simple 512-bit public key is automatically available to support basic https exchanges with client browsers. Normally, no further configuration should be necessary. However, some browsers, notably the Microsoft Internet Explorer, require a lengthier key of no less than 1024 bits. Refer to "Configuring an SSL Encryption Key" for a description of and procedures for configuring an SSL encryption key.
The lib_cmd feature is a command-line interface that performs many of the same operations that can be performed in the ACSLS GUI. This tool is installed automatically if you choose to install the GUI. While many lib_cmd operations apply to logical library functions, this feature is also useful for displaying the status of physical libraries, volumes and drives. The option to install lib_cmd is presented when support for logical libraries was not selected.
Shall we install the optional lib_cmd interface (y or n):
Depending on the set of features that you have selected in the above installation dialog, this final step installs Linux init.d services to control the automatic start, stop, and status functions for each selected ACSLS feature.
The service list includes any subset of the following:
acsdb acsls rmi-registry surrogate weblogic
During install.sh, you created the acsls_admin user. This user can now create accounts and assign passwords for other users of the ACSLS Web-based GUI application. You can refer to the list of GUI users that you saved earlier. To add a user, follow this procedure:
As root, go to the /export/home/ACSSS/install directory.
Run ./userAdmin.sh.
Enter the acsls_admin password that you assigned in "Installing the Graphical User Interface."
From the menu, select (1) to add a new user.
Enter the ID of the user you want to add.
Assign a password for that user.
Passwords must contain eight characters with a combination of alpha and numeric or special characters.
You can use the userAdmin.sh utility at any time to add or delete users or to change passwords for all ACSLS GUI users. See userAdmin.sh in the Utilities chapter of the StorageTek ACSLS 8.3 Administrator's Guide.
To complete ACSLS installation continue with "Getting Started". This chapter provides information on importing the database or configuring your library hardware and verifying your ACSLS Installation.
|
 Copyright © 2013, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|