Note:
Before attempting to install RUEI components on any system, make sure that you have applied the latest OpenSSL patches for your operating system using the appropriate commands (for example, yum update
or up2date
). Applying the latest OpenSSL patches helps improve the security of the system.
This section describes the steps that should be taken before installing the RUEI software. Ensure that all preconditions described in this section are met before proceeding with the installation process.
Note:
RUEI installation is supported for both RedHat Enterprise/Oracle Linux 6.x (6.5 or higher) and RedHat Enterprise/Oracle Linux 7.x, however for maximum reliability and security, upgrade the system to the latest patch version before installing RUEI.
For an introduction to RUEI data collection see Data Collection. The following installation data collection options are available:
Network data collector: This option collects data that passes through the network and was the default option in previous releases and requires either a local or remote collector.
Tag data collector: This option, also called tag based monitoring, collects data by monitoring the request and processing of a specific web URL (the tag) which is inserted into all pages.
ADF monitoring: Various data collection options are available for monitoring ADF based applications, including the ADF monitoring Service. This service collects data (for example, user names) from the application server for ADF based applications, enhancing the data from network data collection. See Configuring RUEI for ADF Monitoring for more information on these options.
Table 2-1 Installation Overview and Data Collection Methods
Network | Tag | |
---|---|---|
Requirement |
Access to network traffic to perform Network Protocol Analysis. |
Access to application templates to insert Javascript code. |
Single Server (as in Figure 1-7) |
Use the |
Use the |
Multiple Server (as in Figure 1-9) |
Use the Use the |
Use the Use the |
ADF Monitoring |
Various data collection options are available for monitoring ADF based applications, including the ADF monitoring Service. This service collects data (for example, user names) from the application server for ADF based applications, enhancing the data from network data collection. See Configuring RUEI for ADF Monitoring for more information on these options. |
Depending on the installation location of the Reporter database and the RUEI software, the necessary disk space needs to be carefully planned. During operating system installation, you will need this information at hand for the disk partitioning phase.
Table 2-2 shows the disk space requirements for the RUEI installation components.
Table 2-2 Required Disk Space Specifications
Partition | Min. Required Disk Space (GB) | Component |
---|---|---|
ORACLE_BASE (default |
500 |
Database server |
RUEI_HOME (default |
5 |
Reporter, Collector |
RUEI_DATA (default |
100 |
Reporter, Collector |
Footnote 1
This is the example database location used throughout this guide.
This means that for a stand-alone RUEI server installation, a minimum of 700 GB is required. In the case of a high-traffic implementation, involving a dedicated remote Collector, a minimum of 200 GB of disk space is recommended for /var/opt/ruei
(RUEI_DATA
).
Note:
The Reporter and database servers require high-performance data storage. RAID-10 or RAID-5 (or equivalent) storage configurations with high-performance disks are recommended.
If you want to use network data collection:
Ensure that a static IP address is assigned to the interface used to access the RUEI web interface. In addition, the assigned IP address and host name should be configured in the /etc/hosts
file. If necessary, ensure that all Reporter, Collector, and Processing Engine systems are correctly defined in the DNS system.
Ensure that the network interface(s) used for network packet monitoring are administratively up, but without an IP address.
Note:
Make the network interface up status permanent (after a reboot) by setting the ONBOOT
parameter of the capturing interfaces to yes
. The network interfaces configuration can be found in the /etc/sysconfig/network-scripts/ifcfg-eth
X
file (where X
represents the necessary network interface). Alternatively, use the graphical utility system-config-network to perform the above actions.
When the system boots for the first time, a post-installation wizard appears, and allows you to finalize the operating system configuration settings. Ensure that:
The RUEI firewall rules shown in Table 1-9 are correctly configured.
Security Enhanced Linux (SELinux) is disabled. This is necessary for the correct operation of RUEI. Note that changing the SELinux setting requires rebooting the system so that the entire system can be relabeled.
For security reasons, it is strongly recommended that you check the Encrypt System check box during operating system installation so that all sensitive data is stored in a secure manner. A passphase is required during booting the system.
Ensure that the date and time settings are correctly specified. The use of NTP is strongly recommended, and is required in a split-server deployment. In addition, all time zones specified for Reporter, Collector, and Processing Engine systems must be identical.
Note:
In distributed environments, all time zones specified for Reporter, Collector, and Processing Engine systems must be identical.
Because the NTP daemon is a critical component of RUEI, especially in a split server configuration, it is recommended that you verify that it is activated in at least run level 5 during boot. Run the following commands:
/sbin/chkconfig --list | grep ntpd ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off /sbin/chkconfig ntpd on /sbin/chkconfig --list | grep ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off /etc/init.d/ntpd start Starting ntpd: [ OK ]
If the NTP daemon is not already running, you can start it by running the following command:
/etc/init.d/ntpd restart
The following sample output shows when the NTP daemon is synchronized (indicated by an "*").
ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== *194.171.167.130 .PPS. 1 u 994 1024 377 6.429 0.041 0.093 +80.85.129.25 130.235.20.3 3 u 725 1024 377 4.435 0.673 0.129 +82.94.235.106 135.81.191.59 2 u 678 1024 377 1.709 1.774 0.020 127.127.1.0 .LOCL. 10 l 8 64 377 0.000 0.000 0.001
In RedHat Enterprise/Oracle Linux 7.x, NTP synchronization, timezone and other clock related settings are managed through the timedatectl tool:
# timedatectl Local time: Wed 2017-10-04 09:42:09 BST Universal time: Wed 2017-10-04 08:42:09 UTC RTC time: Wed 2017-10-04 08:42:09 Time zone: Europe/London (BST, +0100) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2017-03-26 00:59:59 GMT Sun 2017-03-26 02:00:00 BST Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2017-10-29 01:59:59 BST Sun 2017-10-29 01:00:00 GMT
Verify that NTP enabled and NTP synchronized show yes.
By default, the chrony
package is installed to provide NTP synchronization. If time is not synchronized, in /etc/chrony.conf
, provide at least one valid (and reachable) timeserver through at least one server
directive.
After editing /etc/chrony.conf
, restart the chronyd
daemon:
systemctl restart chronyd
After that, the timedatectl
command should show NTP synchronized is yes.
The procedure described in this section is only required for a Reporter system. The procedure depends on whether you are using RedHat Enterprise/Oracle Linux 6.x or 7.x.
After performing a minimum RedHat installation, complete the following steps:
The required packages are available from the RedHat Enterprise/Oracle Linux 6.x distribution sets. Run the following commands to install all prerequisites for the Reporter:
rpm -Uvh httpd-2.2.15-*..x86_64.rpm \ apr-1.3.9-*.x86_64.rpm \ apr-util-1.3.9-*.x86_64.rpm \ php-5.3.3-*.x86_64.rpm \ mod_ssl-2.2.15-*.x86_64.rpm \ php-common-5.3.3-*.x86_64.rpm \ php-cli-5.3.3-*.x86_64.rpm \ php-soap-5.3.3-*.x86_64.rpm \ php-ldap-5.3.3-*.x86_64.rpm \ hdparm-9.16-*.x86_64.rpm \ libpcap-1.0.0-*.x86_64.rpm \ gmp-4.3.1-*.x86_64.rpm \ lm_sensors-3.1.1-*.x86_64.rpm \ net-snmp-5.5-*.x86_64.rpm \ net-snmp-libs-5.5-*.x86_64.rpm \ net-snmp-utils-5.5-*.x86_64.rpm \ perl-XML-Twig-3.34-*.noarch.rpm \ perl-XML-Parser-2.36-*.x86_64.rpm \ ksh-20100621-*.x86_64.rpm \ rsync-3.0.6-*.x86_64.rpm \ wget-1.12-*x86_64.rpm \ bc-1.06.95-*.x86_64.rpm \ bind-utils-9.7.3-*.x86_64.rpm \ bridge-utils-1.2-*.x86_64.rpm \ zlib-1.2.3-*.el6.x86_64.rpm \ ncurses-libs-5.7-*.x86_64.rpm \ ncurses-5.7-*.x86_64.rpm \ ncurses-base-5.7-*.x86_64.rpm \ php-process-5.3.3*.x86_64.rpm
Run the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
rpm -Uhv *-fonts*
Run the following command to ensure the collector loads the correct system libpcap
library. Connections to the collector will fail if the library is not loaded.
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
Where, N.N.N
is the version of libpcap installed.
For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
It is highly recommended that, during RedHat Enterprise / Oracle Linux 7.x installation, you choose Basic Web Server as Base Environment, with PHP Support as an Add-On. This greatly reduces the list of RPMs you need to install manually afterward. Alternatively, you can install the prerequisites using yum.
The required packages are available from the RedHat Enterprise/Oracle Linux 7.x distribution sets. Run the following commands to install all prerequisites for the reporter:
rpm -Uvh php-soap-5.4.16-*.x86_64.rpm \ php-ldap-5.4.16-*.x86_64.rpm \ hdparm-9.43-*.x86_64.rpm \ ksh-20120801-*.x86_64.rpm \ lm_sensors-3.3.4-*.x86_64.rpm \ net-snmp-5.7.2-*.x86_64.rpm \ net-snmp-libs-5.7.2-*.x86_64.rpm \ net-snmp-utils-5.7.2-*.x86_64.rpm \ net-snmp-agent-libs-5.7.2-*.x86_64.rpm \ perl-XML-Twig-3.44-*.noarch.rpm \ perl-XML-Parser-2.41-*.x86_64.rpm \ perl-Data-Dumper-2.145-*.x86_64.rpm \ perl-Business-ISBN-*.noarch.rpm \ perl-Business-ISBN-Data-*.noarch.rpm \ perl-Compress-Raw-Bzip2-*.x86_64.rpm \ perl-Compress-Raw-Zlib-*.x86_64.rpm \ perl-Digest-*.noarch.rpm \ perl-Digest-MD5-*.x86_64.rpm \ perl-Digest-SHA-*.x86_64.rpm \ perl-Encode-Locale-*.noarch.rpm \ perl-Font-AFM-*.noarch.rpm \ perl-File-Listing-*.noarch.rpm \ perl-HTML-Format-*.noarch.rpm \ perl-HTML-Parser-*.x86_64.rpm \ perl-HTML-Tagset-*.noarch.rpm \ perl-HTML-Tree-*.noarch.rpm \ perl-HTTP-Cookies-*.noarch.rpm \ perl-HTTP-Daemon-*.noarch.rpm \ perl-HTTP-Date-*.noarch.rpm \ perl-HTTP-Message-*.noarch.rpm \ perl-HTTP-Negotiate-*.noarch.rpm \ perl-IO-Compress-*.noarch.rpm \ perl-IO-HTML-*.noarch.rpm \ perl-IO-Socket-IP-*.noarch.rpm \ perl-IO-Socket-SSL-*.noarch.rpm \ perl-IO-stringy-*.noarch.rpm \ perl-LWP-MediaTypes-*.noarch.rpm \ perl-Net-HTTP-*.noarch.rpm \ perl-Net-LibIDN-*.x86_64.rpm \ perl-Net-SSLeay-*.x86_64.rpm \ perl-TimeDate-*.noarch.rpm \ perl-URI-*.noarch.rpm \ perl-WWW-RobotRules-*.noarch.rpm \ perl-libwww-perl-*.noarch.rpm \ librsvg2-2.39.0-*.x86_64.rpm \ cairo-1.12.14-*.x86_64.rpm \ fontconfig-2.10.95-*.x86_64.rpm \ fontpackages-filesystem-1.44-*.noarch.rpm \ graphite2-1.2.2-*.x86_64.rpm \ harfbuzz-0.9.20-*.x86_64.rpm \ libXdamage-1.1.4-*.x86_64.rpm \ libXext-1.3.2-*.x86_64.rpm \ libXfixes-5.0.1-*.x86_64.rpm \ libXft-2.3.1-*.x86_64.rpm \ libXrender-0.9.8-*.x86_64.rpm \ libXxf86vm-1.1.3-*.x86_64.rpm \ libthai-0.1.14-*.x86_64.rpm \ mesa-libEGL-9.2.5-*.x86_64.rpm \ mesa-libGL-9.2.5-*.x86_64.rpm \ mesa-libgbm-9.2.5-*.x86_64.rpm \ mesa-libglapi-9.2.5-*.x86_64.rpm \ pango-1.34.1-*.x86_64.rpm \ pixman-0.32.4-*.x86_64.rpm
Run the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
rpm -Uhv *-fonts*
As an alternative to manual installation (described in the previous section), you can use a Yum repository to install the required RPMs. This requires a working Yum repository. For more information about Yum repositories, see Yum: Yellowdog Updater Modified.
The procedure depends on whether you are using RedHat Enterprise/Oracle Linux 6.x or 7.x.
After performing a minimum RedHat installation, complete the following steps. A graphic environment is not required.
Install the necessary Reporter packages running the following commands:
yum -y install perl-URI \ perl-XML-Twig \ net-snmp-utils \ sendmail-cf \ httpd \ mod_ssl \ php \ php-ldap \ php-soap \ librsvg2 \ xorg-x11-xinit \ rsync \ ksh \ *-fonts \ wget \ bc \ bind-utils \ hdparm \ libpcap \ bridge-utils \ ncurses \ zlib \ install php-process
yum -y install perl-URI \ yum -y install perl-XML-Twig yum -y install net-snmp-utils yum -y install sendmail-cf yum -y install httpd yum -y install mod_ssl yum -y install php yum -y install php-ldap yum -y install php-soap yum -y install librsvg2 yum -y install xorg-x11-xinit yum -y install rsync yum -y install ksh yum -y install *-fonts yum -y install wget yum -y install bc yum -y install bind-utils yum -y install hdparm yum -y install libpcap yum -y install bridge-utils yum -y install ncurses yum -y install zlib yum -y install php-process
Run the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
yum -y install *-fonts
Run the following command to ensure the collector loads the correct system libpcap
library. Connections to the collector will fail if the library is not loaded.
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
where, N.N.N
is the version of libpcap
installed.
For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
After performing a minimum RedHat Enterprise / Oracle Linux 7.x installation, complete the following steps. A graphic environment is not required.
Install the necessary Reporter prerequisite packages running the following commands:
yum -y install perl-URI \ perl-XML-Twig \ net-snmp-utils \ httpd \ mod_ssl \ php \ php-ldap \ php-soap \ librsvg2 \ librsvg2-tools \ rsync \ ksh \ wget \ bc \ bind-utils \ hdparm \ libpcap \ bridge-utils \ ncurses \ zlib \ php-process \ install gnu-free*-fonts
Run the following command to install all optional fonts. Alternatively, install the multi-byte character sets necessary to meet your NLS requirements.
yum -y install *-fonts
Download and install Oracle Database 12c Enterprise Edition from the Oracle database home page at the following location:
http://www.oracle.com/technetwork/database/enterprise-edition/downloads
The procedure for installing the Oracle database is fully described in the product documentation. It is recommended that you download and review the appropriate Oracle Database 12c Quick Installation Guide. It is available from the Oracle Database Documentation Library. The path user and group names used in this guide are based on the Oracle database product documentation.
Note:
While RUEI is supported on Oracle Database release 11gR2 and later, the best performance for this release of RUEI is achieved with Oracle Database 12c Release1.
The RUEI software is available from the Oracle E-Delivery web site (http://edelivery.oracle.com
). Select the following media pack criteria:
Oracle Enterprise Manager
Linux x86-64
Copy the downloaded RUEI zip file to /root
directory on the server, and unzip it. Run the following commands:
cd /root
unzip package_name.zip
The following directories are created which contain the software required to complete the RUEI installation:
/root/RUEI/133
/root/RUEI/ZendGuardLoader
/root/RUEI/IC
/root/RUEI/PHP
/root/RUEI/Java
/root/RUEI/extra
/root/RUEI/mkstore
The steps described in this section must be performed regardless of your planned installation (that is, a Reporter with local database, a Reporter with remote database, or a Collector).
The /etc/ruei.conf
file specifies the settings used within your installation. A template of this file is provided in the /root/RUEI/extra
directory of the RUEI distribution zip. Note that all components in your RUEI environment (such as the remote database and Collectors) require the same global /etc/ruei.conf
configuration file. Note that there is one exception to this requirement, and that is for Processing Engine systems. This requirement is fully described in Installing Processing Engines. The settings shown in Table 2-3 are defined.
Table 2-3 RUEI Configuration Settings
Setting | Description | Value(2) |
---|---|---|
|
Home directory of the RUEI software. Do not set to any path beginning with |
|
|
Directory for RUEI data files. Do not set to any path beginning with |
|
|
The RUEI operating system user. |
|
|
The RUEI operating system group. |
|
|
The database instance name. |
|
|
The configuration tablespace name |
|
|
The statistics tablespace name |
|
|
The database user name. |
|
|
The Reporter or Processing Engine database connect string. |
|
|
The Reporter database connect string. |
$RUEI_DB_TNSNAME or |
|
The export database connect string. |
|
|
The location of the |
|
|
The PHP timezone setting. |
|
DEFAULT_TABLESPACE (see, foot 10) |
The name for the default RUEI tablespace. |
|
REMOTE_DBFoot 11 |
Default is 0. Set to 1 for remote database. |
|
DBCONNECT (see, foot 10) |
Fully qualified database connection string to remote database |
Footnote 2 Be aware that all variables specified in this table are the values used throughout this guide, and can be modified as required.
Footnote 3
The directory name cannot exceed 50 characters in length. Note that RUEI_HOME and RUEI_DATA must be independent paths. For example, if RUEI_HOME is /opt/ruei, then RUEI_DATA cannot be set to /opt/ruei/data. Also note that RUEI_HOME cannot be set to a subdirectory of /var/opt/ruei and that RUEI_DATA cannot be set to a subdirectory of /opt/ruei.
Footnote 4
The database instance name cannot exceed 8 characters in length.
Footnote 5
A database table space name cannot exceed 30 characters in length.
Footnote 6
The database user name cannot exceed 30 characters in length.
Footnote 7
The alias name cannot exceed 255 characters in length.
Footnote 8
RUEI_DB_TNSNAME
is the default for a Reporter system. For a Processing Engine, the example value config
is used in this guide.
Footnote 9
Necessary for creating the RUEI wallet using ruei-prepare-db.sh (see Creating the Reporter Database Instance) and when you want to integrate your RUEI deployment with Oracle Enterprise Manager's Incident Manager facility (see Setting up a Connection to the Enterprise Manager Repository).
Footnote 10
This should be the appropriate timezone setting, and must be valid for both Linux and PHP. For Linux, you can use the tzselect
utility, and for PHP use the following location: http://www.php.net/manual/en/timezones.php
.
Footnote 11
Necessary when you do not have command-line access to the remote database host and running ruei-prepare-db.sh there is not an option. (See Setting up RUEI against a remote database Service)
Important
Be aware that the TZ
, RUEI_HOME
, RUEI_DATA
, RUEI_USER
and RUEI_GROUP
settings described in Table 2-3 must be specified in terms of literal values. Therefore, the following is not permitted:
RUEI_BASE=/my/ruei/dir export RUEI_HOME=$RUEI_BASE/home
Note:
If you change settings in /etc/ruei.conf
after the installation of a RUEI system, you must restart system processing to make these changes effective (System > Maintenance > System reset > Restart system processing).
Failover Reporter Configuration Settings
Table 2-4 shows the settings that are used to configure a failover Reporter, and are only relevant to Reporter systems. See Configuring a Failover Reporter System for information on the configuration procedure.
Table 2-4 RUEI Failover Reporter Configuration Settings
Setting | Description |
---|---|
|
The primary Reporter IP address. |
|
The secondary Reporter IP address. |
|
The virtual Reporter IP address. |
|
The network interface used to connect to the virtual Reporter IP address. |
|
The network mask of the virtual Reporter IP address. |
Failover Collector Configuration Settings
Table 2-5 shows the settings that are used to configure a failover Collector, and are only relevant to Collector systems. See Configuring a Failover Collector System for information on the configuration procedure.
Table 2-5 RUEI Failover Collector Configuration Settings
Settings | Description |
---|---|
|
The primary Collector IP address. |
|
The secondary Collector IP address. |
|
The virtual Collector IP address. |
|
The network interface used to connect to the virtual Collector IP address. |
|
The network mask of the virtual Reporter IP address. |
There is no need to change the settings for JAVA_HOME
and INSTANTCLIENT_DIR
if you intend to use the software contained on the RUEI distribution pack.
Create the moniforce
group and RUEI_USER
user. The home directory of moniforce
should be set to /var/opt/ruei
, with read permissions for group members.
/usr/sbin/groupadd moniforce /usr/sbin/useradd moniforce -g moniforce -d /var/opt/ruei chmod -R 750 /var/opt/ruei chown -R moniforce:moniforce /var/opt/ruei
Note:
The login shell for the moniforce
(RUEI_USER
) user must be set to /bin/bash
.
An example of the configuration file is included in the RUEI distribution pack. Ensure the file is readable by the RUEI_USER
user by issuing the following commands:
cp /root/RUEI/extra/ruei.conf /etc/ chmod 644 /etc/ruei.conf chown moniforce:moniforce /etc/ruei.conf
In case of a remote Reporter database installation, the ruei.conf
file needs to be identical to that of the Reporter system.
For Reporter, Collector, and Processing Engines systems, you need to install the Java Runtime Environment (JRE). Java is bundled within the RUEI distribution pack.
Issue the following commands:
mkdir -p /usr/java/ chmod 755 /usr/java cd /usr/java tar xzf /root/RUEI/Java/jre-8u144-linux-x64.tar.gz
This installs the necessary Java software in the directory /usr/java/jre1.8.0_144
. To make the install directory version independent, create a more generic symlink using the following command:
ln -s /usr/java/jre1.8.0_144 /usr/java/jre
This section describes the procedure for installing the required components for a Reporter system. These include the Apache web server, the Oracle database Instant Client, and the Zend Optimizer (or Zend Guard Loader).
This section describes the installation and configuration of the Apache web server, and the components that use it.
Ensure that the web server starts automatically after re-boot by running the following command:
RedHat Enterprise / Oracle version 6.x:
/sbin/chkconfig httpd on
RedHat Enterprise / Oracle version 7.x:
systemctl enable httpd
Create the following settings in the /etc/php.d/ruei.ini
file:
session.gc_maxlifetime = 14400 memory_limit = 192M upload_max_filesize = 128M post_max_size = 128M
RUEI uses RSVG for graph generation. In order to avoid warnings about a missing directory, create the empty .gnome2
directory using the following command:
mkdir -p /var/www/.gnome2
In order to protect sensitive data on RUEI, it is strongly recommended that access to the Reporter interface is restricted to HTTPS. Use the following command as the root
user:
sed -i -e 's/^Listen 80/#Listen 80/' /etc/httpd/conf/httpd.conf
In additional to the already disabled SSLv2, also disable support for SSLv3 in the web server using the following command as the root
user:
sed -i -e 's/^SSLProtocol all -SSLv2/SSLProtocol all -SSLv2 -SSLv3/' /etc/httpd/conf.d/ssl.conf
You need to install the php-mbstring
RPM version on the distribution set relevant to your operating system. For example:
EL6/OL6:
cd /root/RUEI/PHP/OL6 rpm -Uhv ./php-mbstring-5.3.3-*.x86_64.rpm
EL7/OL7:
cd /root/RUEI/PHP/OL7 rpm -Uhv ./php-mbstring-5.4.16-*.x86_64.rpm
Install the Oracle database Instant Client and SQLplus extension by running the following commands as the root
user:
cd /root/RUEI/IC rpm -Uhv oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm rpm -Uhv oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm
Install the php-oci8
module (this is part of the RUEI distribution set). The procedure differs depending on whether you are using RedHat Enterprise/Oracle Linux 6.x or 7.x.
RedHat Enterprise/Oracle Version 6.x
Run the following commands:
cd /root/RUEI/PHP/OL6 rpm -Uhv php-oci8-12cR1-5.3.3-*.x86_64.rpm
RedHat Enterprise/Oracle Version 7.x
Run the following commands:
cd /root/RUEI/PHP/OL7 rpm -Uhv ./php-oci8-12cR1-5.4.16-*.x86_64.rpm
The Zend Guard Loader which needs to be installed differs depending on whether you are using RedHat Enterprise/Oracle Linux 6.x (PHP 5.3) or 7.x (PHP 5.4).
Go to the directory containing the Zend Guard Loader code, unpack the tar file, copy the required module to the Reporter system, and set it permissions. Run the following commands:
EL6/OL6
cd /root/RUEI/ZendGuardLoader tar xvf ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz cp ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so /usr/lib64/php/modules/ chown root:root /usr/lib64/php/modules/ZendGuardLoader.so chmod 755 /usr/lib64/php/modules/ZendGuardLoader.so
EL7/OL7
cd /root/RUEI/ZendGuardLoader tar xvf ZendGuardLoader-70429-PHP-5.4-linux-glibc23-x86_64.tar.gz cp ZendGuardLoader-70429-PHP-5.4-linux-glibc23-x86_64/php-5.4.x/ZendGuardLoader.so /usr/lib64/php/modules/ chown root:root /usr/lib64/php/modules/ZendGuardLoader.so chmod 755 /usr/lib64/php/modules/ZendGuardLoader.so
Add the following lines to the /etc/php.d/ruei.ini
file:
zend_extension=/usr/lib64/php/modules/ZendGuardLoader.so zend_loader.enable=1
Important: Because the Zend Guard Loader does not handle garbage collection very well, it must be disabled by including the following line in the /etc/php.d/ruei.ini
file:
zend.enable_gc = Off
This disables garbage collection for all PHP-based applications running on the Reporter system.
Note:
If you intend to use RUEI with Enterprise Manager, you require the RUEI wallet password described below. Without the correct wallet password you cannot associate RUEI with Enterprise Manager.
The procedure described in this section should be skipped if you are installing a secondary (failover) Reporter system (see Configuring a Failover Reporter System), and you should continue at Installing the Reporter Software.
The Reporter database can reside either locally (that is, on the Reporter server) or on a remote database server. In this section you will create the database instance required for RUEI, and generate the "connection data" required for the Reporter to connect to this database instance. As an alternative for the database setup described in this chapter, you can follow the procedure described in Generic Database Instance Setup.
If you are using a remote database and you do not have command-line access to the remote database server because, for example, you want to configure RUEI using a “Pluggable Database", see Setting up RUEI against a remote database Service.
You will need the following scripts to be present on the system where the database instance (RUEI_DB_INST
) will be created:
ruei-prepare-db.sh
: creates the database instance, Oracle wallet, and database connect files. This script will only run on Linux. If you are installing the Oracle database on a different operating system, see Generic Database Instance Setup.
sql_scripts
: this directory contains a number of SQL scripts that are called by the ruei-prepare-db.sh
script.
db_templates
: this directory contains templates for the RUEI database instance that is created by the ruei-prepare-db.sh
script.
ruei-check.sh
: this is a hardware and environment check utility, and is automatically invoked by ruei-prepare-db.sh
. The script can also be used as a stand-alone troubleshooting utility. For a complete description of the script, refer to The ruei-check.sh Script.
For creating the database autologin wallet in this section and, optionally, for the integration with Enterprise Manager later on, a specific version of the "mkstore" utility is needed. You can set up this utility as follows. This needs to be done on the system where the database instance (RUEI_DB_INST) will be created as well as the reporter if those are separate systems.
Run the following commands:
cd /usr/local tar xzf /root/RUEI/mkstore/mkstore-11.2.0.4.0.tar.gz
This installs the mkstore utility to /usr/local/mkstore-11.2.0.4.0. To make the install directory version independent, create a more generic symlink using the following command:
ln -s /usr/local/mkstore-11.2.0.4.0 /usr/local/mkstore
Make the following change to /etc/ruei.conf:
* export MKSTORE_BIN=/usr/local/mkstore/mkstore
If you are executing these steps on a database server separate from the reporter system, make the following change to /etc/ruei.conf:
* export JAVA_HOME=$ORACLE_HOME/jdk/jre
The four connection data files created during the procedure described in this section are as follows:
cwallet.sso
ewallet.p12
sqlnet.ora
tnsnames.ora
The RUEI configuration file (/etc/ruei.conf
) also needs to be present on the database server and configured as described in Check The RUEI Configuration File and the instructions for setting up mkstore
, given earlier in this section.
Do the following:
Copy the ruei-prepare-db.sh
and ruei-check.sh
scripts, and the sql_scripts
and db_templates
directories to the server on which you intend to run the database instance, and make them executable for the oracle
user. These scripts and directories can be found in the RUEI distribution zip (/root/RUEI/131
).
Review the settings in the /etc/ruei.conf
file to match your needs as described in Check The RUEI Configuration File. If you want to use different names for the configuration and statistics tablespaces make sure these names are set before continuing. The same tablespace names must be used for all components in your RUEI environment, such as the remote database and Processors.
Log in to the database server as the oracle
user on the database server, and set the ORACLE_HOME
environment variable. You need to run the ruei-prepare-db.sh
script as the oracle
user. This script creates the $RUEI_DB_INST database, but only after a number of hardware and software environment checks have been performed. The actual checks performed depend on the system type you are currently installing.
The script prompts you for the Reporter database user passwordFoot 12. This enables the RUEI application to login to the database automatically. The script also creates the "connection data" files for you now.
The script also prompts you for a default tablespace name to be used for this installation, and then creates the connection data files.
Run the following commands:
chmod +x ruei-prepare-db.sh ruei-check.sh chmod -R +r /home/oracle/sql_scripts/ chmod -R +r /home/oracle/db_templates/ export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1Foot 13 ./ruei-prepare-db.sh create
You are prompted whether you want the installation script to check your system. It is recommended that you do so. The checks performed are fully described in The ruei-check.sh Script.
If you ran the above commands on a combined Reporter/Database server, you can skip step 4 and proceed to step 5.
This step only applies when using a remote database.
In case of a Reporter system using a remote database, you will need to copy the generated /tmp/ruei-database-configuration.tar
file in step 3 from the database server to the Reporter system. The /tmp/ruei-database-configuration.tar
file must be extracted on the Reporter server in the directory /var/opt/ruei
(RUEI_DATA
). The permissions of the files need to be set so that the specified RUEI_USER
(moniforce
) can use them.
Copy the generated .tar
file, which holds connection data files to the Reporter system. Log in to the Reporter server and extract the .tar
file using the following commands:
cd /var/opt/ruei
tar xvf path-to-tar-file/ruei/database-configuration.tar
chown moniforce:moniforce cwallet.sso ewallet.p12 sqlnet.ora tnsnames.ora
Because logging of the database can consume a large amount of disk space, it is recommended that you install a clean-up script to avoid the usage of unnecessary disk space. Copy the (example) script to the oracle
user directory and activate it through cron
running the following commands:
mkdir -p /home/oracle/bin cp /root/RUEI/extra/ruei-clean.sh /home/oracle/bin chmod +x /home/oracle/bin/ruei-clean.sh su - oracle -c 'echo "10 0 * * * /home/oracle/bin/ruei-clean.sh" | crontab'
The procedure described in this section is relevant to all configurations described in Scaling Scenarios and Planning the Software Installation. Installing the reporter software also installs the collector and processor software.
The RUEI directory locations are flexible, however it is necessary to use the exact directory name described as configured in the /etc/ruei.conf
file. Create the RUEI application root directory running the following commands:
mkdir -p /opt/ruei chmod 755 /opt/ruei
Note:
The specified $RUEI_HOME and $RUEI_DATA directories must have 755 permissions defined for them. For more information on these directories, see Table 2-3 .
Make the apache
and moniforce
members of two additional groups running the following commands:
EL6/OL6:
/usr/sbin/usermod -aG moniforce apache /usr/sbin/usermod -aG uucp apache /usr/sbin/usermod -aG uucp moniforce
EL7/OL7
/usr/sbin/usermod -aG moniforce apache /usr/sbin/usermod -aG dialout apache /usr/sbin/usermod -aG dialout moniforce
Go to the directory that holds the RUEI software, and run the following commands:
cd /root/RUEI/132 chmod +x ruei-install.sh
Use one of the following options to install the reporter software:
If you are installing a reporter in a split server configuration or you want to use only network based data collection as described in Planning the Software Installation:
./ruei-install.sh reporter
If you are installing on a single server and you want to use tag based data collection as described in Planning the Software Installation (This option also supports network based data collection):
./ruei-install.sh reporter-tag
For information on monitoring an application based on tagging, see Defining Applications in the Identifying and Reporting Web Pages chapter of the RUEI Users Guide.
Re-start the Apache web server running the following command:
/sbin/service httpd restart
As the root
user, add the following lines to the .bash_profile
file of the RUEI_USER
(RUEI_DATA
/.bash_profile
):
source /etc/ruei.conf source $RUEI_HOME/bin/env.sh
Verify that the RUEI software was correctly installed by running the following command:
./ruei-check.sh postinstall
This step should not be performed if you are installing a secondary (failover) Reporter system (see Configuring a Failover Reporter System). You should continue at Configuring the Network Interface.
As the moniforce
user, set the RUEI admin
user password to enable logging onto the RUEI interface running the following commands:
su - moniforce set-admin-password
You are prompted to enter and confirm the password.
Password Requirements
When defining the admin
user password, bear the following in mind:
The password must have at least eight characters, and contain at least one non-alphanumeric character (such as $, @, &, and !).
The initial password must be changed within seven days.
The user name and password are case sensitive.
The procedure described in this section is only relevant to remote tag-based data Collector systems, see Planning the Software Installation and Scaling Scenarios.
Log in to the Collector system as the root
user, and do the following:
Make sure that the rsync and libpcap packages are installed. For example, enter the following commands to install the packages using Yum:
yum -y install rsync yum -y install libpcap
If you are using RedHat Enterprise/Oracle Linux 6.x, run the following command:
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
where N.N.N is the version of libpcap installed. For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
Install Apache running the following command:
rpm -Uhv httpd-2.2.15-*..x86_64.rpm
Ensure that the web server starts automatically after re-boot by running the following command:
/sbin/chkconfig httpd on
Create the RUEI application root directory running the following commands:
mkdir -p /opt/ruei chmod 755 /opt/ruei
Change to the RUEI root directory and run the ruei-install.sh
script running the following commands:
cd /root/RUEI/132 chmod +x ruei-install.sh ruei-check.sh
Install the tag based data collector as described in Planning the Software Installation:
./ruei-install.sh tag-server
Re-start the Apache web server running the following command:
/sbin/service httpd restart
As the root
user, add the following lines to the .bash_profile file of the RUEI_USER (RUEI_DATA/.bash_profile):
source /etc/ruei.conf source $RUEI_HOME/bin/env.sh
Verify that the RUEI software is correctly installed by running the following command:
./ruei-check.sh postinstall
Set up a password-less remote login from the Reporter system to the newly created Collector system. The necessary configuration steps are described in Configuring Reporter Communication (Split-Server Setup Only).
The procedure described in this section is only relevant to remote network data Collector systems, see Planning the Software Installation and Scaling Scenarios.
Logon to the Collector system as the root
user, and do the following:
Make sure that the rsync and libpcap packages are installed. For example, enter the following commands to install the packages using Yum:
yum -y install rsync yum -y install libpcap
If you are using RedHat Enterprise/Oracle Linux 6.x, run the following command:
ln -s /usr/lib64/libpcap.so.N.N.N /usr/lib64/libpcap.so.0.9.4
Where, N.N.N
is the version of libpcap installed. For example:
ln -s /usr/lib64/libpcap.so.1.0.0 /usr/lib64/libpcap.so.0.9.4
Create the RUEI application root directory running the following commands:
mkdir -p /opt/ruei chmod 755 /opt/ruei
Change to the RUEI root directory and run the ruei-install.sh
script running the following commands:
cd /root/RUEI/132 chmod +x ruei-install.sh ruei-check.sh
Install the network based collector as described in Planning the Software Installation:
./ruei-install.sh collector
As the root
user, add the following lines to the .bash_profile
file of the RUEI_USER (RUEI_DATA/.bash_profile):
source /etc/ruei.conf source $RUEI_HOME/bin/env.sh
Configure the network interfaces as described in Configuring the Network Interface.
Verify that the RUEI software is correctly installed by running the following command:
./ruei-check.sh postinstall
Set up a password-less remote login from the Reporter system to the newly created Collector system. The necessary configuration steps are described in Configuring Reporter Communication (Split-Server Setup Only)
This section is only relevant to network data Collector systems.
Make the monitoring network interface up
status permanent (after a reboot) by setting the ONBOOT
parameter of the capturing interfaces to yes
in the interface configuration files. The network interfaces configuration can be found in the /etc/sysconfig/network-scripts/ifcfg-eth
X
file (where X
represents the necessary network interface). Alternatively, use the graphical utility system-config-network to set the appropriate interfaces to activate device when computer starts.
This section is only relevant to the Reporter system.
For PDF generation with international character content, additional fonts are required to be enabled. These fonts need to be made available to Java. Run the following command to copy (or move) the RUEI-installed fonts to the appropriate Java directory:
cp RUEI_HOME/bi-publisher/fonts/* \
/usr/java/jre/lib/fonts/
This section is only relevant to the Reporter system.
RUEI assumes a working local MTA for sending PDF reports and E-mail alerts. By default, Linux uses the Sendmail MTA. By default, Sendmail delivers the E-mail directly to the destination MTA. If this behavior is not according to your needs or policies, sending mail through a SmartHost (relay) might be an alternative. To configure a SmartHost in Sendmail, do the following:
Install the Sendmail configuration utility by going to the directory containing the uploaded RPM and running the following command for RedHat Enterprise/Oracle Linux 5.x:
rpm -Uhv sendmail-cf-8.13.8-*.el5.x86_64.rpm
In RedHat Enterprise/Oracle Linux 6.x, run the following command:
rpm -Uhv sendmail-cf-8.14.4-*.el6.x86_64.rpm
Find the line which contains the Smart Host setting in /etc/mail/sendmail.mc
. Modify the SMART_HOST
setting to your needs. For example:
define('SMART_HOST', 'my.example')dnl
Generate the new configuration into a new sendmail.cf
by running the following command:
make -C /etc/mail
Restart Sendmail running the following command:
/etc/init.d/sendmail restart
Note:
Extensive information about the configuration of the Sendmail MTA is available at http://www.sendmail.org
.
You can download the RUEI MIB definition file through the Reporter interface. This definition file can then be added to your SNMP manager. The procedure for downloading the MIB file is described in the Oracle Real User Experience Insight User's Guide.
To enable the RUEI_USER to use the SNMP utilities, complete the following (applies to OL6, not OEL5):
As the root
user, edit the snmpd config file in /etc/sysconfig/snmpd
and make sure the 'OPTIONS' line is not commented out by removing the '#' at the start of the line.
Add the following option to the line:
-u RUEI_USER
As the root
user, start and stop the snmpd daemon to have it set the correct permissions on all related files by running the following commands:
service snmpd start service snmpd stop
This section is only relevant to Reporter systems.
To have the browser automatically redirected to the correct RUEI path, create the file /var/www/html/index.html
with the following content:
<head> <meta http-equiv="REFRESH" content="0;URL=/ruei/"> </head>
This section is only relevant to a Reporter system with remote Collector(s).
A password-less SSH connection must be setup between the Moniforce
user from the Reporter system to each Collector system. Do the following:
Log in to the Reporter server as root
. Run the following commands:
su - moniforce ssh-keygen -P ""
Press Enter to accept the defaults.
Log in as root
to each of the Collector systems and become the moniforce
user by running the following command:
su - moniforce
Create the .ssh
directory (if it does not already exist) for the moniforce
user on each Collector system by running the following commands:
mkdir ~/.ssh chmod 700 ~/.ssh
Copy the SSH key on the Reporter system to the required location on the Collector system by running the following commands:
cd ~/.ssh
ssh root@Reporter cat /var/opt/ruei/.ssh/id_rsa.pub >> authorized_keys
(you will need to specify the Reporter system root
password)
chmod 600 authorized_keys
Check if it is now possible to execute a remote command (as moniforce
user) on the Reporter system without using a password. For example:
Log in as root
on the Reporter server.
Log in as moniforce
user: su - moniforce
.
Execute a remote pwd command: ssh
Collector
pwd
.
Enter yes to the question "Are you sure you want to continue connecting (yes/no)?".
The command should return /var/opt/ruei
.
The above steps must be performed for each Collector!
Note:
If the connection between the Reporter and the Collector(s) has not been correctly configured, you will receive an authorization error when you try to register the remote Collector.
On completion of the Initial Setup Wizard (described in Performing Initial RUEI Configuration), you can verify your installation by selecting System, then Status. All system indicators should report OK. This is fully described in the Oracle Real User Experience Insight User's Guide.
You can set up a connection to the Oracle Enterprise Manager Repository so that KPIs defined for the applications, suites, and services that comprise your business applications can be reported as events in Incident Manager. The use of the business application facility is described in Oracle Enterprise Manager Cloud Control Oracle Fusion Middleware Management Guide.
Footnote Legend
Footnote 12:The database password is also used as the Oracle wallet password. Both passwords must be 8-30 characters in length, and contain both numbers and letters. For information on changing the Oracle wallet password, please consult the appropriate Oracle documentation.
This line requires customization based on your database version and installation path.