1. Installation Guide
  2. Installing Session Monitor
  3. Installing Session Monitor Using the RPM

Installing Session Monitor Using the RPM

This section describes installing the Session Monitor using RPM.

You have to set up the machine with Oracle Linux 8 operating system to install Session Monitor using the RPM. Configurations are necessary for proxies and repos, if there are any, see Configuring Proxies and Repos.

To install Session Monitor using an RPM:

  1. Verify that the system hosting the OCSM is connected to the Internet.
  2. Log on to the OCSM server as the root user or root privileged user.
  3. Run this command to verify that Oracle Linux 8 has been installed.cat /etc/oracle-release
  4. If partitioning is required, refer to the section Creating a Separate Partition for Data and MySQL Storage.
  5. Download the Session Monitor software:
    1. Create a temporary directory (temp_dir) on the system that hosts the OCSM.
    2. Download the software pack for your operating system from the Oracle software delivery website.
    3. Download the Session Monitor installation software RPM ZIP file to temp_dir.
    4. Unzip the Session Monitor installation software RPM ZIP file.
  6. Download the latest MySQL 8 Commercial Package file from the Oracle software delivery website. Patch 34982613: MySQL Database/Components 8.0.32 Yum Repository TAR for Oracle Linux / RHEL 8 x86 (64bit).
    1. Copy the MySQL tar.gz package from the download to a temporary directory
    2. Run these commands to untar the MySQL tar.gz package:
      yum install tar
tar -xvf mysql-commercial-<rn>.x86_64.repo.tar.gz
where <rn> is the current MySQL 8 version
    3. Move to the MySQL directory: 
      cd mysql-8.X/8.X.XX/
    Example:
    tar -xvf mysql-commercial-8.0.32-1.1.el8.x86_64.repo.tar.gz
cd mysql-8.0/8.0.32/
  7. Install the MySQL 8 rpms using the command: 
    yum install mysql-commercial-*

Installing Python 39

Run the following commands to install Python 39 and PIP3

  1. Install python39 and pip3
    yum install python39-pip
  2. Set Python alternatives to python3.9:

    Note:

    Important! When prompted, select the number corresponding to the python3.9 option and press the Enter key. 
    update-alternatives --config python3
update-alternatives --config python

    Note:

    After the OCSM Installation, while installing any new packages using yum, some packages will install Python 3.6 as a dependency. As a result Python alternatives will get changed. This can cause unexpected problems in the OCSM functionality. So it is mandatory for you to verify that Python is pointing to python 39 after every package installation using yum by running the above two commands.

Installing the SQL Connector

Download MySQL Connector package corresponding to the MySQL version.

  1. Download MySQL Connector package corresponding to the MySQL version installed from MOS to a temporary directory of the OCSM Server, for example: If MySQL 8.0.32 Commercial is installed in the system, download the MySQL Connector 8.0.32 Package from MOS:
    (Patch 34984522: MySQL Connector/Python 8.0.32 WHL for portable Linux x86 (64bit) Python 3.9 -– p34984522_800_Linux-x86-64.zip)
  2. From the temporary directory, run the following commands to install the MySQL Connector:
    yum install unzip
unzip pXXXXXXXX_XXX_Linux-x86-64.zip
pip3 install mysql_connector_python-8.X.X-1commercial-cp39-cp39-manylinux1_x86_64.whl
    For example:
    unzip p34984522_800_Linux-x86-64.zip
pip3 install mysql_connector_python-8.0.32-1commercial-cp39-cp39-manylinux1_x86_64.whl

    Note:

    If required, use proxy with pip3. For example, 
    pip3 install --proxy [PROTOCOL://]HOST[:PORT] mysql_connector_python-8.0.32-1commercial-cp39-cp39-manylinux1_x86_64.whl

Installing the Oracle epel Repository

Install the Oracle epel Repository:

  1. Use the following commands to install the Oracle epel Repository:
    yum install oracle-epel-release-el8.x86_64
  2. For OCI Cloud Machines, complete the following additional step to enable ol8_developer_EPEL repo.
    1. Using an editor, open the file /etc/yum.repos.d/oracle-epel-ol8.repo.
    2. Under the section [ol8_developer_EPEL] set enabled=1.
    3. Save the file.
      [ol8_developer_EPEL]
name=Oracle Linux $releasever EPEL Packages for Development ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL8/developer/EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
  3. Install yum-utils:
    1. Use this command:
      yum install yum-utils
    2. Enable the latest Oracle Linux 8 repositories by running the following commands:
      yum-config-manager --enable 
ol8_baseos_latest ol8_appstream 
ol8_addons ol8_developer_EPEL
  4. Install the Session Monitor RPM file uisng this command. 
    yum install ocsm-<rn>x86_64.rpm

    Note:

    In this command, <rn> is the latest Session Monitor release number. For example, ocsm-5.1.0.0.0-134.x86_64.rpm.

Creating a Separate Partition for Data Storage and MySQL Storage

Perform the following tasks to create a separate partition for data (block) storage and MySQL Storage

The following partitioning options are available:
  • Single partition (default option)
  • Secondary partition for data and MySQL storage
Perform the following tasks to create the partition for data storage MySQL Storage.
  1. Run the following command to create a directory to mount the partition:
    mkdir -pv /opt/oracle/ocsm/var/vsi
mkdir -pv /var/lib/mysql
  2. Adjust /etc/fstab to mount the data storage partition. For example:
    For example,this entry may vary based on the environment:
LABEL=PLD_DATA /opt/oracle/ocsm/var/vsi xfs
defaults,nosuid,nodev,nofail 0 2
LABEL=MYSQL_DATA /var/lib/mysql xfs
defaults,nosuid,nodev,nofail 0 2
    During the MySQL and OCSM installation, partitions are detected by the product and the system uses these separate partitions.

Tasks to be Performed after RPM Installation

Perform the tasks given here after the

  1. Verify the installation by doing the following:
    1. Navigate to /var/log/ocsm file.
    2. Verify whether the following log file exists: ocsm_installed_*.log
  2. Adjust the firewalld to access the Session Monitor applications by doing the following tasks:
    1. Allow firewalld to access the HTTPS service (port 443) by running the following command: firewall-cmd --permanent --zone=public --add-service=https.
    2. (Optional) If you are planning to configure the system as a Mediation Engine, allow the firewalld to access the probe connection by doing these tasks:
      For SBC (embedded) probes:
      firewall-cmd --permanent --zone=public --add-port=4739/tcp
firewall-cmd --permanent --zone=public --add-port=4740/tcp
      For standalone probes:
      firewall-cmd --permanent --zone=public --add-port=4741/tcp
firewall-cmd --permanent --zone=public --add-port=4742/tcp

    Note:

    Please note that the ports 4740/4742 are the preferred ports for connecting to SBC / standalone probes respectively. So, the firewall should be opened for ports 4739/4741 only if you are agree to have non-TLS connections.
  3. Reload the configuration by running the following command: firewall-cmd --reload

    Note:

    If you are planning to enable additional services, see the discussion about network security in Oracle Communications Session Monitor Security Guide for a complete list of services and their respective ports.
  4. Enable or Disable SELinux as per your requirement. For more information, see Enabling SELinux.

Enabling SELinux

Session Monitor currently supports the following top-level state of SELinux on a system – enforcing, permissive and disabled. The only supported SELinux type is targeted.

To enable SELinux:
  1. Run the command to set the SELinux mode as enforcing and SELinux policy as targeted:
    sed -i -e "s/^SELINUX=.*/SELINUX=enforcing/" /etc/selinux/config
    sed -i -e "s/^SELINUXTYPE=.*/SELINUXTYPE=targeted/" /etc/selinux/config
  2. Reboot the system using the command: 
    reboot
  3. After the reboot, run the command to verify the SELinux status:
    sestatus
    Verify the command output:
    SELinux status:        enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
  4. Install the customized SELinux policy modules for Session monitor using the command:
    cd /opt/oracle/ocsm/
./ocsm_ext.sh

Disabling SELinux

Use the following instructions to disable SELinux.

  1. Set the SELinux mode as disabled using the command as a root user:
    sed -i -e "s/^SELINUX=.*/SELINUX=disabled/" /etc/selinux/config
  2. Reboot the system using the command:
    reboot
  3. Verify the SELinux status using the command:
    sestatus
  4. Verify the output:
    SELinux status: disabled

Adding Ports in the SELinux Port List

On a SELinux enabled machine, in order to use any port other than the default ports in the Session Monitor, add the port in the SELinux port list using the following commands.

yum install -y setroubleshoot-server 
semanage port -a -t <Service_Name> -p <Protocol> <Port_Number>
You can view all ports allowed in the SELinux using the command: 
semanage port -l
For example: By default, SELinux allows http to listen on TCP ports 80, 443, 488, 8008, 8009, or 8443.
To configure http to run on a port other than the TCP ports listed above, such as 8001, then add the ports to the SELinux port list using the command:
semanage port -a -t http_port_t -p tcp 8001

Troubleshooting Tips

Following intructions will be helpful in solving issues in configuring SELinux.

To modify the mode in which SELinux runs in real-time, run the following commands:

Table 2-1 Modifying SELinux Mode

Mode Command
To run SELinux in permissive mode (System prints warnings only but does not enforce SELinux policy) 
setenforce 0
To run SELinux in the enforcing mode (SELinux security policy is enforced) 
setenforce 1
Verify the status using command 
getenforce