This chapter describes the prerequisites and procedure for installing each of the RUEI components. The procedure for upgrading an existing RUEI 13.x.x.x installation to release 13.2.2.1 is described in Chapter 3, "Upgrading to RUEI 13.2.2.1". The post-installation configuration procedure is described in Chapter 6, "Configuring RUEI".
Note:
Before attempting to install RUEI components on any system, make sure that you have applied the latest OpenSSL patches for your operating system using the appropriate commands (for example,yum update
or up2date
). Applying the latest OpenSSL patches helps improve the security of the system.This section describes the steps that should be taken before starting to install the RUEI software. Ensure that all preconditions described in this section are met before proceeding with the installation process.
Note:
RUEI installation is supported for both RedHat Enterprise/Oracle Linux 5.x and RedHat Enterprise/Oracle Linux 6.x, however for maximum reliability and security, upgrade the system to the latest patch version before installing RUEI.For an introduction to RUEI data collection see Section 1.1.1, "Data Collection". The following installation data collection options are available:
Network data collector: This option collects data that passes through the network and was the default option in previous releases and requires either a local or remote collector.
Tag data collector: This option, also called tag based monitoring, collects data by monitoring the request and processing of a specific web URL (the tag) which is inserted into all pages.
ADF monitoring: Various data collection options are available for monitoring ADF based applications, including the ADF monitoring Service. This service collects data (for example, user names) from the application server for ADF based applications, enhancing the data from network data collection. See Section 4, "Configuring RUEI for ADF Monitoring" for more information on these options.
Table 2-1 Installation Overview and Data Collection Methods
Network | Tag | |
---|---|---|
Requirement |
Access to network traffic to perform Network Protocol Analysis. |
Access to application templates to insert Javascript code. |
Single Server |
Use the |
Use the |
Multiple Server |
Use the Use the |
Use the Use the |
ADF Monitoring |
Various data collection options are available for monitoring ADF based applications, including the ADF monitoring Service. This service collects data (for example, user names) from the application server for ADF based applications, enhancing the data from network data collection. See Chapter 4, "Configuring RUEI for ADF Monitoring" for more information on these options. |
Depending on the installation location of the Reporter database and the RUEI software, the necessary disk space needs to be carefully planned. During operating system installation, you will need this information at hand for the disk partitioning phase.
Table 2-2 shows the disk space requirements for the RUEI installation components.
Table 2-2 Required Disk Space Specifications
Partition | Min. Required Disk Space (GB) | Component |
---|---|---|
ORACLE_BASE (default |
500 |
Database server |
RUEI_HOME (default |
5 |
Reporter, Collector |
RUEI_DATA (default |
100 |
Reporter, Collector |
Footnote 1 This is the example database location used throughout this guide.
This means that for a stand-alone RUEI server installation, a minimum of 700 GB is required. In the case of a high-traffic implementation, involving a dedicated remote Collector, a minimum of 200 GB of disk space is recommended for /var/opt/ruei
(RUEI_DATA
).
Important:
The Reporter and database servers require high-performance data storage. RAID-10 or RAID-5 (or equivalent) storage configurations with high-performance disks are strongly recommended.If you want to use network data collection:
Ensure that a static IP address is assigned to the interface used to access the RUEI web interface. In addition, the assigned IP address and host name should be configured in the /etc/hosts
file. If necessary, ensure that all Reporter, Collector, and Processing Engine systems are correctly defined in the DNS system.
Ensure that the network interface(s) used for network packet monitoring are administratively up, but without an IP address.
Important:
Make the network interface up status permanent (after a reboot) by setting theONBOOT
parameter of the capturing interfaces to yes
. The network interfaces configuration can be found in the /etc/sysconfig/network-scripts/ifcfg-eth
X
file (where X
represents the necessary network interface). Alternatively, use the graphical utility system-config-network to perform the above actions.When the system boots for the first time, a post-installation wizard appears, and allows you to finalize the operating system configuration settings. Ensure that:
The RUEI firewall rules shown in Table 1-9 are correctly configured.
Security Enhanced Linux (SELinux) is disabled. This is necessary for the correct operation of RUEI. Note that changing the SELinux setting requires rebooting the system so that the entire system can be relabeled.
For security reasons, it is strongly recommended that you check the Encrypt System check box during operating system installation so that all sensitive data is stored in a secure manner. A passphase is required during booting the system.
Ensure that the date and time settings are correctly specified. The use of NTP is strongly recommended, and is required in a split-server deployment. In addition, all time zones specified for Reporter, Collector, and Processing Engine systems must be identical.
Because the NTP daemon is a critical component of RUEI, especially in a split server configuration, it is recommended that you verify that it is activated in at least run level 5 during boot. Use the following commands:
/sbin/chkconfig --list | grep ntpd ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off /sbin/chkconfig ntpd on /sbin/chkconfig --list | grep ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off /etc/init.d/ntpd start Starting ntpd: [ OK ]
Note that if the NTP daemon is not already running, you can start it by issuing the following command:
/etc/init.d/ntpd restart
The following sample output shows when the NTP daemon is synchronized (indicated by an "*").
ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== *194.171.167.130 .PPS. 1 u 994 1024 377 6.429 0.041 0.093 +80.85.129.25 130.235.20.3 3 u 725 1024 377 4.435 0.673 0.129 +82.94.235.106 135.81.191.59 2 u 678 1024 377 1.709 1.774 0.020 127.127.1.0 .LOCL. 10 l 8 64 377 0.000 0.000 0.001
Important:
In distributed environments, all time zones specified for Reporter, Collector, and Processing Engine systems must be identical.Note that the procedure described in this section is only required for a Reporter system. The procedure depends on whether you are using RedHat Enterprise/Oracle Linux 5.x or 6.x, and is described in the following sections.
After performing a minimum RedHat installation, complete the following steps:
The required packages are available from the RedHat Enterprise/Oracle Linux distribution sets. Issue the following command to install all prerequisites for the Reporter:
rpm -Uhv httpd-2.2.15-*..x86_64.rpm \ libpcap-0.9*.x86_64.rpm \ apr-1.2.7-11.*.x86_64.rpm \ apr-util-1.2.7-*.x86_64.rpm \ php-5.1.6-*.x86_64.rpm \ mod_ssl-2.2.3-*.el5.x86_64.rpm \ distcache-1.4.5-*.x86_64.rpm \ php-common-5.1.6-*.x86_64.rpm \ php-cli-5.1.6-*.x86_64.rpm \ php-mbstring-5.1.6-*.x86_64.rpm \ php-soap-5.1.6-*.x86_64.rpm \ php-ldap-5.1.6-*.x86_64.rpm \ gmp-4.1.4-*.el5.x86_64.rpm \ postgresql-libs-8.1.11-*.el5_1.1.x86_64.rpm \ lm_sensors-2.10.7-*.el5.x86_64.rpm \ net-snmp-5.3.2.2-*.el5.x86_64.rpm \ net-snmp-utils-5.3.2.2-*.el5.x86_64.rpm \ perl-XML-Twig-3.26-*.fc6.noarch.rpm \ perl-XML-Parser-2.34-*.x86_64.rpm \ bridge-utils-1.1-*.x86_64.rpm
Issue the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
rpm -Uhv fonts-*
After performing a minimum RedHat installation, complete the following steps:
The required packages are available from the RedHat Enterprise/Oracle Linux 6.x distribution sets. Issue the following command to install all prerequisites for the Reporter:
rpm -Uvh httpd-2.2.15-*..x86_64.rpm \ apr-1.3.9-*.x86_64.rpm \ apr-util-1.3.9-*.x86_64.rpm \ php-5.3.3-*.x86_64.rpm \ mod_ssl-2.2.15-*.x86_64.rpm \ php-common-5.3.3-*.x86_64.rpm \ php-cli-5.3.3-*.x86_64.rpm \ php-soap-5.3.3-*.x86_64.rpm \ php-ldap-5.3.3-*.x86_64.rpm \ hdparm-9.16-*.x86_64.rpm \ libpcap-1.0.0-*.x86_64.rpm \ gmp-4.3.1-*.x86_64.rpm \ lm_sensors-3.1.1-*.x86_64.rpm \ net-snmp-5.5-*.x86_64.rpm \ net-snmp-libs-5.5-*.x86_64.rpm \ net-snmp-utils-5.5-*.x86_64.rpm \ perl-XML-Twig-3.34-*.noarch.rpm \ perl-XML-Parser-2.36-*.x86_64.rpm \ ksh-20100621-*.x86_64.rpm \ rsync-3.0.6-*.x86_64.rpm \ wget-1.12-*x86_64.rpm \ bc-1.06.95-*.x86_64.rpm \ bind-utils-9.7.3-*.x86_64.rpm \ bridge-utils-1.2-*.x86_64.rpm \ zlib-1.2.3-*.el6.x86_64.rpm \ ncurses-libs-5.7-*.x86_64.rpm \ ncurses-5.7-*.x86_64.rpm \ ncurses-base-5.7-*.x86_64.rpm \ php-process-5.3.3*.x86_64.rpm
Issue the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
rpm -Uhv *-fonts*
Issue the following command to ensure that connections between Collectors and Reporters do not fail.
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
where N.N.N is the version of libpcap installed. For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
As an alternative to manual installation (described in the previous section), you can use a Yum repository to install the required RPMs. This requires a working Yum repository. Information about Yum repositories is available at the following location:
http://linux.duke.edu/projects/yum/
The procedure depends on whether you are using RedHat Enterprise/Oracle Linux 5.x or 6.x, and is described in the following sections.
After performing a minimum RedHat installation, complete the following steps. Note that a graphic environment is not required.
Install the necessary Reporter packages using the following commands:
yum -y install perl-URI yum -y install perl-XML-Twig yum -y install net-snmp-utils yum -y install sendmail-cf yum -y install httpd yum -y install mod_ssl yum -y install php yum -y install php-mbstring yum -y install php-ldap yum -y install php-soap yum -y install librsvg2 yum -y install xorg-x11-xinit yum -y install bridge-utils
Issue the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
rpm -Uhv fonts-*
After performing a minimum RedHat installation, complete the following steps. Note that a graphic environment is not required.
Install the necessary Reporter packages using the following commands:
yum -y install perl-URI yum -y install perl-XML-Twig yum -y install net-snmp-utils yum -y install sendmail-cf yum -y install httpd yum -y install mod_ssl yum -y install php yum -y install php-ldap yum -y install php-soap yum -y install librsvg2 yum -y install xorg-x11-xinit yum -y install rsync yum -y install ksh yum -y install *-fonts yum -y install wget yum -y install bc yum -y install bind-utils yum -y install hdparm yum -y install libpcap yum -y install bridge-utils yum -y install ncurses yum -y install zlib yum -y install php-process
Issue the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
rpm -Uhv fonts-*
Issue the following command to ensure that connections between Collectors and Reporters do not fail.
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
where N.N.N is the version of libpcap installed. For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
Download and install Oracle Database 12c Enterprise Edition from the Oracle database home page at the following location:
http://www.oracle.com/technetwork/database/enterprise-edition/downloads
The procedure for installing the Oracle database is fully described in the product documentation. It is strongly recommended that you download and review the appropriate Oracle Database 12c Quick Installation Guide. It is available from the Oracle Database Documentation Library. A summary of this procedure is described in Appendix A, "Installing the Oracle Database Software". Note that the path, user, and group names used in this guide are based on the Oracle database product documentation.
Note:
While RUEI is supported on Oracle Database release 11gR2 and later, the best performance for this release of RUEI is achieved with Oracle Database 12c Release1.The RUEI software is available from the Oracle E-Delivery web site (http://edelivery.oracle.com
). Select the following media pack criteria:
Oracle Enterprise Manager
Linux x86-64
Copy the downloaded RUEI zip file to /root
directory on the server, and unzip it. Use the following commands:
cd /root
unzip package_name.zip
The following directories are created which contain the software required to complete the RUEI installation:
/root/RUEI/132
/root/RUEI/ZendOptimizer
/root/RUEI/ZendGuardLoader
/root/RUEI/IC
/root/RUEI/PHP
/root/RUEI/Java
/root/RUEI/extra
/root/RUEI/mkstore
All steps described in this section must be performed regardless of your planned installation (that is, a Reporter with local database, a Reporter with remote database, a Processing Engine, or a Collector).
Note:
Installing a separate Processing Engine might degrade performance of a RUEI system. Contact Oracle Support for advice before installing a Processing Engine.The /etc/ruei.conf
file specifies the settings used within your installation. A template of this file is provided in the /root/RUEI/extra
directory of the RUEI distribution zip. Note that all components in your RUEI environment (such as the remote database and Collectors) require the same global /etc/ruei.conf
configuration file. Note that there is one exception to this requirement, and that is for Processing Engine systems. This requirement is fully described in Chapter 8, "Installing Processing Engines". The settings shown in Table 2-3 are defined.
Table 2-3 RUEI Configuration Settings
Setting | Description | ValueFoot 1 |
---|---|---|
|
Home directory of the RUEI software. Do not set to any path beginning with |
|
|
Directory for RUEI data files. Do not set to any path beginning with |
|
|
The RUEI operating system user. |
|
|
The RUEI operating system group. |
|
|
The database instance name. |
|
|
The configuration tablespace name |
|
|
The statistics tablespace name |
|
|
The database user name. |
|
|
The Reporter or Processing Engine database connect string. |
|
|
The Reporter database connect string. |
$RUEI_DB_TNSNAME or |
|
The export database connect string. |
|
|
The location of the |
|
|
The PHP timezone setting. |
|
DEFAULT_TABLESPACE (see, foot 10) |
The name for the default RUEI tablespace. |
|
REMOTE_DBFoot 10 |
Default is 0. Set to 1 for remote database. |
|
DBCONNECT (see, foot 10) |
Fully qualified database connection string to remote database |
Footnote 1 Be aware that all variables specified in this table are the values used throughout this guide, and can be modified as required.
Footnote 2 The directory name cannot exceed 50 characters in length. Note that RUEI_HOME and RUEI_DATA must be independent paths. For example, if RUEI_HOME is /opt/ruei, then RUEI_DATA cannot be set to /opt/ruei/data. Also note that RUEI_HOME cannot be set to a subdirectory of /var/opt/ruei and that RUEI_DATA cannot be set to a subdirectory of /opt/ruei.
Footnote 3 The database instance name cannot exceed 8 characters in length.
Footnote 4 A database table space name cannot exceed 30 characters in length.
Footnote 5 The database user name cannot exceed 30 characters in length.
Footnote 6 The alias name cannot exceed 255 characters in length.
Footnote 7 RUEI_DB_TNSNAME
is the default for a Reporter system. For a Processing Engine, the example value config
is used in this guide.
Footnote 8 Necessary for creating the RUEI wallet using ruei-prepare-db.sh (see Section 2.5.5, "Creating the Reporter Database Instance") and when you want to integrate your RUEI deployment with Oracle Enterprise Manager's Incident Manager facility (see Appendix D, "Setting up a Connection to the Enterprise Manager Repository").
Footnote 9 This should be the appropriate timezone setting, and must be valid for both Linux and PHP. For Linux, you can use the tzselect
utility, and for PHP use the following location: http://www.php.net/manual/en/timezones.php
.
Footnote 10 Necessary when you do not have command-line access to the remote database host and running ruei-prepare-db.sh there is not an option. (See Appendix K, "Setting up RUEI against a remote database Service")
Be aware that the TZ
, RUEI_HOME
, RUEI_DATA
, RUEI_USER
and RUEI_GROUP
settings described in Table 2-3 must be specified in terms of literal values. Therefore, the following is not permitted:
RUEI_BASE=/my/ruei/dir export RUEI_HOME=$RUEI_BASE/home
Note:
If you change settings in/etc/ruei.conf
after the installation of a RUEI system, you must restart system processing to make these changes effective (System > Maintenance > System reset > Restart system processing).Failover Reporter Configuration Settings
Table 2-4 shows the settings that are used to configure a failover Reporter, and are only relevant to Reporter systems. See Chapter 9, "Configuring a Failover Reporter System" for information on the configuration procedure.
Table 2-4 RUEI Failover Reporter Configuration Settings
Setting | Description |
---|---|
|
The primary Reporter IP address. |
|
The secondary Reporter IP address. |
|
The virtual Reporter IP address. |
|
The network interface used to connect to the virtual Reporter IP address. |
|
The network mask of the virtual Reporter IP address. |
Failover Collector Configuration Settings
Table 2-5 shows the settings that are used to configure a failover Collector, and are only relevant to Collector systems. See Chapter 10, "Configuring a Failover Collector System" for information on the configuration procedure.
Table 2-5 RUEI Failover Collector Configuration Settings
Settings | Description |
---|---|
|
The primary Collector IP address. |
|
The secondary Collector IP address. |
|
The virtual Collector IP address. |
|
The network interface used to connect to the virtual Collector IP address. |
|
The network mask of the virtual Reporter IP address. |
There is no need to change the settings for JAVA_HOME
and INSTANTCLIENT_DIR
if you intend to use the software contained on the RUEI distribution pack.
Create the moniforce
group and RUEI_USER
user. The home directory of moniforce
should be set to /var/opt/ruei
, with read permissions for group members.
/usr/sbin/groupadd moniforce /usr/sbin/useradd moniforce -g moniforce -d /var/opt/ruei chmod -R 750 /var/opt/ruei chown -R moniforce:moniforce /var/opt/ruei
Note:
The login shell for themoniforce
(RUEI_USER
) user must be set to /bin/bash
.An example of the configuration file is included in the RUEI distribution pack. Ensure the file is readable by the RUEI_USER
user by issuing the following commands:
cp /root/RUEI/extra/ruei.conf /etc/ chmod 644 /etc/ruei.conf chown moniforce:moniforce /etc/ruei.conf
In case of a remote Reporter database installation, the ruei.conf
file needs to be identical to that of the Reporter system.
For Reporter, Collector, and Processing Engines systems, you need to install the Java Runtime Environment (JRE). Java is bundled within the RUEI distribution pack.
Issue the following commands:
mkdir -p /usr/java/ chmod 755 /usr/java cd /usr/java tar xzf /root/RUEI/Java/jre-8u121-linux-x64.tar.gz
This installs the necessary Java software in the directory /usr/java/jre1.8.0_121
. To make the install directory version independent, create a more generic symlink using the following command:
ln -s /usr/java/jre1.8.0_121 /usr/java/jre
This section describes the procedure for installing the required components for a Reporter system. These include the Apache web server, the Oracle database Instant Client, and the Zend Optimizer (or Zend Guard Loader).
This section describes the installation and configuration of the Apache web server, and the components that use it.
Ensure that the web server starts automatically after re-boot by issuing the following command:
/sbin/chkconfig httpd on
Edit the /etc/sysconfig/httpd
file to include the following line at the bottom of the file:
source /etc/ruei.conf
Create the following settings in the /etc/php.d/ruei.ini
file:
session.gc_maxlifetime = 14400 memory_limit = 192M upload_max_filesize = 128M post_max_size = 128M
RUEI uses RSVG for graph generation. In order to avoid warnings about a missing directory, create the empty .gnome2
directory using the following command:
mkdir -p /var/www/.gnome2
In order to protect sensitive data on RUEI, it is strongly recommended that access to the Reporter interface is restricted to HTTPS. Use the following command as the root
user:
sed -i -e 's/^Listen 80/#Listen 80/' /etc/httpd/conf/httpd.conf
In additional to the already disabled SSLv2, also disable support for SSLv3 in the web server using the following command as the root
user:
sed -i -e 's/^SSLProtocol all -SSLv2/SSLProtocol all -SSLv2 -SSLv3/' /etc/httpd/conf.d/ssl.conf
This section only applies to RedHat Enterprise/Oracle Linux 6.x. You need to install the php-mbstring
RPM version on the distribution set relevant to your operating system. For example:
cd /root/RUEI/PHP/OL6
rpm -Uhv php-mbstring-5.3.3-version.x86_64.rpm
Updates and patches of php-mbstring can be found here:
http://public-yum.oracle.com/repo/OracleLinux/OL6/
Install the Oracle database Instant Client and SQLplus extension by issuing the following commands as the root
user:
cd /root/RUEI/IC rpm -Uhv oracle-instantclient11.2-basic-11.2.0.4.0-1.x86_64.rpm rpm -Uhv oracle-instantclient11.2-sqlplus-11.2.0.4.0-1.x86_64.rpm
Install the php-oci8
module (this is part of the RUEI distribution set). Note that the procedure differs depending on whether you are using RedHat Enterprise/Oracle Linux 5.x or 6.x.
RedHat Enterprise/Oracle Version 5.x
Issue the following commands:
cd /root/RUEI/PHP/OL5 rpm -Uhv php-oci8-11gR2-5.1.6-27.el5_7.4.x86_64.rpm
Note that if you are using a version of RedHat Enterprise/Oracle Linux prior to 5.7, you should use php-oci8-11gR2-5.1.6-27.el5.x86_64.rpm
. This is also shipped with the RUEI distribution set.
RedHat Enterprise/Oracle Version 6.x
Issue the following commands:
cd /root/RUEI/PHP/OL6 rpm -Uhv php-oci8-11gR2-5.3.3-4.el6.x86_64.rpm
If you are installing on RedHat Enterprise/Oracle Linux version 5.x, you will need to install the Zend Optimizer. If you are installing on version 6.x, you need to install the Zend Guard Loader. The procedure is described in the following sections.
Go to the directory containing the Zend Optimizer code, unpack the tar file, and run the Zend optimizer installer. Read the license agreement. You will not be able to proceed until you have accepted the license terms. Accept all default settings, and allow the installer to restart the Apache web server. Issue the following commands:
cd /root/RUEI/ZendOptimizer tar zxvf ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz cd ZendOptimizer-3.3.3-linux-glibc23-x86_64 ./install
Note:
If you upgrade your system packages (for example, using Yum), this can overwrite changes you previously made to the/etc/php.ini
file. Therefore, you should be prepared to re-install the Zend Optimizer. When doing so, ensure the Zend Optimizer installer indicates the location of the php.ini
file as /etc/php.ini
and not /usr/local/Zend/etc/php.ini
.Important: it is recommended you move the Zend configuration lines created in the /etc/php.ini
file to the RUEI-specific PHP configuration file /etc/php.d/ruei.ini
to prevent PHP upgrade issues. If you performed a default installation of the Zend Optimizer, this involves moving the following lines:
[Zend] zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3 zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3 zend_optimizer.version=3.3.3 zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so
Go to the directory containing the Zend Guard Loader code, unpack the tar file, copy the required module to the Reporter system, and set it permissions. Issue the following commands:
cd /root/RUEI/ZendGuardLoader tar xvf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz cp ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so \ /usr/lib64/php/modules/ chown root:root /usr/lib64/php/modules/ZendGuardLoader.so chmod 755 /usr/lib64/php/modules/ZendGuardLoader.so
Add the following lines to the /etc/php.d/ruei.ini
file:
zend_extension=/usr/lib64/php/modules/ZendGuardLoader.so zend_loader.enable=1
Important: because the Zend Guard Loader does not handle garbage collection very well, it must be disabled by including the following line in the /etc/php.d/ruei.ini
file:
zend.enable_gc = Off
Be aware that this disables garbage collection for all PHP-based applications running on the Reporter system.
Note:
If you intend to use RUEI with Enterprise Manager, you require the RUEI wallet password described below. Without the correct wallet password you cannot associate RUEI with Enterprise Manager.The procedure described in this section should be skipped if you are installing a secondary (failover) Reporter system (see Chapter 9, "Configuring a Failover Reporter System"), and you should continue at Section 2.5.6, "Installing the Reporter Software".
The Reporter database can reside either locally (that is, on the Reporter server) or on a remote database server. In this section you will create the database instance required for RUEI, and generate the "connection data" required for the Reporter to connect to this database instance. As an alternative for the database setup described in this chapter, you can follow the procedure described in Appendix B, "Generic Database Instance Setup".
If you are using a remote database and you do not have command-line access to the remote database server because, for example, you want to configure RUEI using a ”Pluggable Database”, see Appendix K, "Setting up RUEI against a remote database Service".
You will need the following scripts to be present on the system where the database instance (RUEI_DB_INST
) will be created:
ruei-prepare-db.sh
: creates the database instance, Oracle wallet, and database connect files. Note that this script will only run on Linux. If you are installing the Oracle database on a different operating system, see Appendix B, "Generic Database Instance Setup" for more information.
sql_scripts
: this directory contains a number of SQL scripts that are called by the ruei-prepare-db.sh
script.
db_templates
: this directory contains templates for the RUEI database instance that is created by the ruei-prepare-db.sh
script.
ruei-check.sh
: this is a hardware and environment check utility, and is automatically invoked by ruei-prepare-db.sh
. The script can also be used as a stand-alone troubleshooting utility. For a complete description of the script, refer to Appendix E, "The ruei-check.sh Script".
For creating the database autologin wallet in this section and, optionally, for the integration with Enterprise Manager later on, a specific version of the "mkstore" utility is needed. You can set up this utility as follows. This needs to be done on the system where the database instance (RUEI_DB_INST) will be created as well as the reporter if those are separate systems.
Issue the following commands:
cd /usr/local
tar xzf /root/RUEI/mkstore/mkstore-11.2.0.4.0.tar.gz
This installs the mkstore utility to /usr/local/mkstore-11.2.0.4.0. To make the install directory version independent, create a more generic symlink using the following command:
ln -s /usr/local/mkstore-11.2.0.4.0 /usr/local/mkstore
Make the following change to /etc/ruei.conf:
* export MKSTORE_BIN=/usr/local/mkstore/mkstore
If you are executing these steps on a database server separate from the reporter system, make the following change to /etc/ruei.conf:
* export JAVA_HOME=$ORACLE_HOME/jdk/jre
The four "connection data" files created during the procedure described in this section are as follows:
cwallet.sso
ewallet.p12
sqlnet.ora
tnsnames.ora
The RUEI configuration file (/etc/ruei.conf
) also needs to be present on the database server and configured as described in Section 2.4.1, "Check The RUEI Configuration File" and the instructions for setting up mkstore, given earlier in this section.
Do the following:
Copy the ruei-prepare-db.sh
and ruei-check.sh
scripts, and the sql_scripts
and db_templates
directories to the server on which you intend to run the database instance, and make them executable for the oracle
user. These scripts and directories can be found in the RUEI distribution zip (/root/RUEI/131
).
Review the settings in the /etc/ruei.conf
file to match your needs as described in Section 2.4.1, "Check The RUEI Configuration File". If you want to use different names for the configuration and statistics tablespaces make sure these names are set before continuing. Note that the same tablespace names must be used for all components in your RUEI environment, such as the remote database and Processors.
Logon to the database server as the oracle
user on the database server, and set the ORACLE_HOME
environment variable. You need to run the ruei-prepare-db.sh
script as the oracle
user. This script creates the $RUEI_DB_INST database, but only after a number of hardware and software environment checks have been performed. The actual checks performed depend on the system type you are currently installing.
The script prompts you for the Reporter database user passwordFoot 1 . This enables the RUEI application to login to the database automatically. The script also creates the "connection data" files for you now.
The script also prompts you for a default tablespace name to be used for this installation, and then creates the "connection data" files.
Issue the following commands:
chmod +x ruei-prepare-db.sh ruei-check.sh chmod -R +r /home/oracle/sql_scripts/ chmod -R +r /home/oracle/db_templates/ export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1Foot 2 ./ruei-prepare-db.sh create
Note that you are prompted whether you want the installation script to check your system. It is recommended that you do so. The checks performed are fully described in Appendix E, "The ruei-check.sh Script".
If you ran the above commands on a combined Reporter/Database server, you can skip step 4 and proceed to step 5.
This step only applies when using a remote database.
In the case of a Reporter system using a remote database, you will need to copy the generated /tmp/ruei-database-configuration.tar
file in step 3 from the database server to the Reporter system. The /tmp/ruei-database-configuration.tar
file must be extracted on the Reporter server in the directory /var/opt/ruei
(RUEI_DATA
). The permissions of the files need to be set so that the specified RUEI_USER
(moniforce
) can use them.
Copy the generated .tar
file, which holds connection data files to the Reporter system. Logon to the Reporter server and extract the .tar
file using the following commands:
cd /var/opt/ruei
tar xvf path-to-tar-file/ruei/database-configuration.tar
chown moniforce:moniforce cwallet.sso ewallet.p12 sqlnet.ora tnsnames.ora
Because logging of the database can consume a large amount of disk space, it is recommended that you install a clean-up script to avoid the usage of unnecessary disk space. Copy the (example) script to the oracle
user directory and activate it via cron
using the following commands:
mkdir -p /home/oracle/bin cp /root/RUEI/extra/ruei-clean.sh /home/oracle/bin chmod +x /home/oracle/bin/ruei-clean.sh su - oracle -c 'echo "10 0 * * * /home/oracle/bin/ruei-clean.sh" | crontab'
The procedure described in this section is relevant to all configurations described in Section 1.6, "Scaling Scenarios" and Section 2.1.1, "Planning the Software Installation". Installing the reporter software also installs the collector and processor software.
The RUEI directory locations are flexible, however it is necessary to use the exact directory name described as configured in the /etc/ruei.conf
file. Create the RUEI application root directory using the following commands:
mkdir -p /opt/ruei chmod 755 /opt/ruei
Note:
The specified $RUEI_HOME and $RUEI_DATA directories must have 755 permissions defined for them. See Table 2-3 for more information on these directories.Make the apache
and moniforce
members of two additional groups using the following commands:
/usr/sbin/usermod -aG moniforce apache /usr/sbin/usermod -aG uucp apache /usr/sbin/usermod -aG uucp moniforce
Go to the directory that holds the RUEI software, and enter the following commands:
cd /root/RUEI/132 chmod +x ruei-install.sh
Use one of the following options to install the reporter software:
If you are installing a reporter in a split server configuration or you want to use only network based data collection as described in Section 2.1.1, "Planning the Software Installation":
./ruei-install.sh reporter
If you are installing on a single server and you want to use tag based data collection as described in Section 2.1.1, "Planning the Software Installation" (Note that this option also supports network based data collection):
./ruei-install.sh reporter-tag
For information on monitoring an application based on tagging, see Defining Applications in the Identifying and Reporting Web Pages chapter of the RUEI Users Guide.
Re-start the Apache web server using the following command:
/sbin/service httpd restart
As the root
user, add the following lines to the .bash_profile
file of the RUEI_USER
(RUEI_DATA
/.bash_profile
):
source /etc/ruei.conf source $RUEI_HOME/bin/env.sh
Verify that the RUEI software was correctly installed by issuing the following command:
./ruei-check.sh postinstall
This step should not be performed if you are installing a secondary (failover) Reporter system (see Chapter 9, "Configuring a Failover Reporter System"). You should continue at Section 2.8, "Configuring the Network Interface".
As the moniforce
user, set the RUEI admin
user password to enable logging onto the RUEI interface with the following commands:
su - moniforce set-admin-password
You are prompted to enter and confirm the password.
When defining the admin
user password, bear the following in mind:
The password must have at least eight characters, and contain at least one non-alphanumeric character (such as $, @, &, and !).
The initial password must be changed within seven days.
The user name and password are case sensitive.
The procedure described in this section is only relevant to remote tag-based data Collector systems, see Section 2.1.1, "Planning the Software Installation" and Section 1.6, "Scaling Scenarios".
Logon to the Collector system as the root
user, and do the following:
Make sure that the rsync and libpcap packages are installed. For example, enter the following commands to install the packages using Yum:
yum -y install rsync yum -y install libpcap
If you are using RedHat Enterprise/Oracle Linux 6.x, enter the following command:
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
where N.N.N is the version of libpcap installed. For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
Install Apache using the following command:
rpm -Uhv httpd-2.2.15-*..x86_64.rpm
Ensure that the web server starts automatically after re-boot by issuing the following command:
/sbin/chkconfig httpd on
Create the RUEI application root directory using the following commands:
mkdir -p /opt/ruei chmod 755 /opt/ruei
Change to the RUEI root directory and run the ruei-install.sh
script using the following commands:
cd /root/RUEI/132 chmod +x ruei-install.sh ruei-check.sh
Install the tag based data collector as described in Section 2.1.1, "Planning the Software Installation":
./ruei-install.sh tag-server
Re-start the Apache web server using the following command:
/sbin/service httpd restart
As the root user, add the following lines to the .bash_profile file of the RUEI_USER (RUEI_DATA/.bash_profile):
source /etc/ruei.conf source $RUEI_HOME/bin/env.sh
Verify that the RUEI software was correctly installed by issuing the following command:
./ruei-check.sh postinstall
Set up a password-less remote login from the Reporter system to the newly created Collector system. The necessary configuration steps are described in Section 2.13, "Configuring Reporter Communication (Split-Server Setup Only)"
The procedure described in this section is only relevant to remote network data Collector systems, see Section 2.1.1, "Planning the Software Installation" and Section 1.6, "Scaling Scenarios".
Logon to the Collector system as the root
user, and do the following:
Make sure that the rsync and libpcap packages are installed. For example, enter the following commands to install the packages using Yum:
yum -y install rsync yum -y install libpcap
If you are using RedHat Enterprise/Oracle Linux 6.x, enter the following command:
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
where N.N.N is the version of libpcap installed. For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
Create the RUEI application root directory using the following commands:
mkdir -p /opt/ruei chmod 755 /opt/ruei
Change to the RUEI root directory and run the ruei-install.sh
script using the following commands:
cd /root/RUEI/132 chmod +x ruei-install.sh ruei-check.sh
Install the network based collector as described in Section 2.1.1, "Planning the Software Installation":
./ruei-install.sh collector
As the root user, add the following lines to the .bash_profile file of the RUEI_USER (RUEI_DATA/.bash_profile):
source /etc/ruei.conf source $RUEI_HOME/bin/env.sh
Configure the network interfaces as described in Section 2.8, "Configuring the Network Interface".
Verify that the RUEI software was correctly installed by issuing the following command:
./ruei-check.sh postinstall
Set up a password-less remote login from the Reporter system to the newly created Collector system. The necessary configuration steps are described in Section 2.13, "Configuring Reporter Communication (Split-Server Setup Only)"
This section is only relevant to network data Collector systems.
Make the monitoring network interface up
status permanent (after a reboot) by setting the ONBOOT
parameter of the capturing interfaces to yes
in the interface configuration files. The network interfaces configuration can be found in the /etc/sysconfig/network-scripts/ifcfg-eth
X
file (where X
represents the necessary network interface). Alternatively, use the graphical utility system-config-network to set the appropriate interfaces to "activate device when computer starts".
This section is only relevant to the Reporter system.
For PDF generation with international character content, additional fonts are required to be enabled. These fonts need to be made available to Java. Use the following command to copy (or move) the RUEI-installed fonts to the appropriate Java directory:
cp RUEI_HOME/bi-publisher/fonts/* \
/usr/java/jre/lib/fonts/
This section is only relevant to the Reporter system.
RUEI assumes a working local MTA for sending PDF reports and E-mail alerts. By default, Linux uses the Sendmail MTA. By default, Sendmail delivers the E-mail directly to the destination MTA. If this behavior is not according to your needs or policies, sending mail via a SmartHost (relay) might be an alternative. To configure a SmartHost in Sendmail, do the following:
Install the Sendmail configuration utility by going to the directory containing the uploaded RPM and issuing the following command for RedHat Enterprise/Oracle Linux 5.x:
rpm -Uhv sendmail-cf-8.13.8-*.el5.x86_64.rpm
In RedHat Enterprise/Oracle Linux 6.x, issue the following command:
rpm -Uhv sendmail-cf-8.14.4-*.el6.x86_64.rpm
Find the line which contains the Smart Host setting in /etc/mail/sendmail.mc
. Modify the SMART_HOST
setting to your needs. For example:
define('SMART_HOST', 'my.example')dnl
Generate the new configuration into a new sendmail.cf
by executing the following command:
make -C /etc/mail
Restart Sendmail. For example:
/etc/init.d/sendmail restart
Note:
Extensive information about the configuration of the Sendmail MTA is available athttp://www.sendmail.org
.You can download the RUEI MIB definition file through the Reporter interface. This definition file can then be added to your SNMP manager. The procedure for downloading the MIB file is described in the Oracle Real User Experience Insight User's Guide.
To enable the RUEI_USER to use the SNMP utilities, complete the following (applies to OL6, not OEL5):
As the root
user, edit the snmpd config file in /etc/sysconfig/snmpd
and make sure the 'OPTIONS' line is not commented out by removing the '#' at the start of the line.
Add the following option to the line:
-u RUEI_USER
As the root user, start and stop the snmpd daemon to have it set the correct permissions on all related files by issuing the following commands:
service snmpd start service snmpd stop
This section is only relevant to Reporter systems.
To have the browser automatically redirected to the correct RUEI path, create the file /var/www/html/index.html
with the following content:
<head> <meta http-equiv="REFRESH" content="0;URL=/ruei/"> </head>
This section is only relevant to a Reporter system with remote Collector(s).
A password-less SSH connection must be setup between the Moniforce
user from the Reporter system to each Collector system. Do the following:
Logon to the Reporter server as root
. Issue the following commands:
su - moniforce ssh-keygen -P ""
Press Enter to accept the defaults.
Logon as root
to each of the Collector systems and become the moniforce
user by issuing the following command:
su - moniforce
Create the .ssh
directory (if it does not already exist) for the moniforce
user on each Collector system by issuing the following commands:
mkdir ~/.ssh chmod 700 ~/.ssh
Copy the SSH key on the Reporter system to the required location on the Collector system by issuing the following commands:
cd ~/.ssh
ssh root@Reporter cat /var/opt/ruei/.ssh/id_rsa.pub >> authorized_keys
(you will need to specify the Reporter system root
password)
chmod 600 authorized_keys
Check that it is now possible to execute a remote command (as moniforce
user) on the Reporter system without using a password. For example:
Logon as root
on the Reporter server.
Logon as moniforce
user: su - moniforce
.
Execute a remote pwd command: ssh
Collector
pwd
.
Enter yes to the question "Are you sure you want to continue connecting (yes/no)?".
The command should return /var/opt/ruei
.
The above steps must be performed for each Collector!
Note:
If the connection between the Reporter and the Collector(s) has not been correctly configured, you will receive an authorization error when you try to register the remote Collector.On completion of the Initial Setup Wizard (described in Section 6.2, "Performing Initial RUEI Configuration"), you can verify your installation by selecting System, then Status. All system indicators should report OK. Note Status notification will indicate "Unknown" because no system alerts have yet been configured. This is fully described in the Oracle Real User Experience Insight User's Guide.
You can set up a connection to the Oracle Enterprise Manager Repository so that KPIs defined for the applications, suites, and services that comprise your business applications can be reported as events in Incident Manager. The use of the business application facility is described in Oracle Enterprise Manager Cloud Control Oracle Fusion Middleware Management Guide.
Footnote Legend
Footnote 1: The database password is also used as the Oracle wallet password. Both passwords must be 8-30 characters in length, and contain both numbers and letters. For information on changing the Oracle wallet password, please consult the appropriate Oracle documentation.