Preparing for Installation
Perform the following tasks to prepare for ACSLS installation. Once you have completed these tasks, you are ready to install ACSLS 8.5.
Step 1: Export Existing Database and Control Files
If you are upgrading from a previous release and plan to use existing database and control files, you must export these files.
For more information, refer to the “Database Administration" chapter in the StorageTek ACSLS Administrator's Guide.
Step 2: Remove Previous ACSLS Versions
Remove any previous version of ACSLS. If this is a new installation with no previous version of ACSLS, then skip this step.
Step 3: Ensure Linux is Installed
Ensure that a compatible version of Linux is installed.
- ACSLS Release 8.5.0 is designed to run under Oracle Enterprise Linux releases 6.8 and 7.3
- ACSLS Release 8.5.1 is designed to run under Oracle Enterprise Linux releases 6.8, 6.10, 7.3, 7.6, 7.8 and 7.9
The Oracle Enterprise Linux Product Pack can be obtained from the Oracle Software Delivery Cloud at:
Oracle recommends installing the entire Linux distribution to ensure your installation includes the standard packages required for ACSLS operation.
Note:
If you perform an update to the Linux operating system after ACSLS is installed, ensure that you issue theupdatedb
command before rebooting the server. An operating system upgrade may impact ACSLS service operation during the reboot.
Before installing a new version of Linux, check with your IT system administrator to obtain the following information. The graphical installer requires the kdelibs
package, which is included in the Oracle Enterprise Linux Product Pack.
- Hostname and IP address for the ACSLS server.
- Gateway IP address and netmask for your network, as well as the primary and secondary DNS.
- IP address.
- Network proxy information, if available.
During the installation, several key software components are installed:
- GNOME desktop environment.
- Internet support.
- X Windows.
- Resource Package Manager (RPM), Yellowdog Updater, and Modified (yum).
- Java 7 or 8. If you are installing the ACSLS GUI, use the latest Java JDK/SE version. Refer to the ACSLS Product Information document for specific required Java versions.
Do not install (or enable) the following:
- Software Development
- Web Server
- Database
- Dial-up network
Linux 7 Dependencies
Oracle recommends installing the entire Linux distribution to ensure your installation includes the standard packages required for ACSLS operation.
- glibc.i686
- pam
- pam.i686
- libstdc++
- libstdc++.i686
- libxml2
- libxml2.i686
- unixODBC.i686
- openssl
- openssl-libs.i686
- rpcbind
- libgssglue
- libcrypto.so.10
- bzip2
- mlocate
Note:
This represents a partial list. Additional packages may be required.Installing Missing Oracle Linux Packages
If your installation is missing a standard Oracle Linux package required for ACSLS operation, use yum on the command line to acquire and install the missing package.
For example, to find and install a missing bzip2
package:
- Configure
/etc/yum.conf
. - Enter the following command:
yum install bzip2
Note:
- If packages contain shared object libraries required by ACSLS, you must install 32-bit versions (for example, unixODBC).
- If packages run a standalone process required by ACSLS, either 32-bit or 64-bit versions will work (for example, rpcbind).
If a package is not working as expected, or causes faults, you may need to install a different version of the package. Examples include:
- rpcbind (Some versions don't restart after reboot. For example, rpcbind.x86_64 on Oracle Linux 7.3 uses the version 0.2.0-48.el7.)
- Java (ACSLS has specific minimum supported versions for this and other packages. Refer to the ACSLS Product Information document for specific required Java versions.)
- unixODBC (may have installed the 64-bit version instead of the required 32-bit version)
Step 4: SELinux Security Settings
ACSLS 8.5 is designed to run in optional Security Enhanced Linux (SELinux) environments.
SELinux was merged into the Linux kernel in response to initiatives by the US National Security Agency. It provides access control to files, directories, and other system resources that go beyond the traditional protection found standard in UNIX environments. In addition to owner-group-public permission access, SELinux includes access control based on user role, domain, and context. The agent that enforces access control over all system resources is the Linux kernel.
To set SELinux enforcement:
Note:
-
This command requires that SELinux is enabled. Use the command
sestatus
to view the status of SELinux. -
To view the current system enforcement status, use the command
getenforce
.
Three SELinux policy modules are loaded into the kernel when you install ACSLS: allowPostgr
, acsdb
, and acsdb1
. These modules provide the definitions and enforcement exceptions that are necessary for ACSLS to access its own database and other system resources while SELinux enforcement is active. With these modules installed, you should be able to run normal ACSLS operations, including database operations such as bdb.acsss
, rdb.acsss
, db_export.sh
and db_import.sh
without the need to disable SELinux enforcement.
If problems occur, you may need to disable SELinux or run in permissive mode. For more information, refer to the "Troubleshooting" appendix in the StorageTek ACSLS Administrator's Guide.
Step 5: Cron Administration
Specific automated schedules known as crontabs are created for users acsss
and acsdb
when you run the install.sh
utility. These crontabs are provided for ACSLS database maintenance backup activities.
An optional file, /etc/cron.allow
(or /etc/cron.d/cron.allow
on some systems) may exist on the system. This file controls which users are allowed to run the crontab
command. If cron.allow
exists, then user IDs for acsss
and acsdb
must be included in that file before you run install.sh
. Otherwise, crontab
creation for these users fails.
The file cron.deny
exists by default on most systems. Any users listed in this file are explicitly denied access to the crontab
command. Make sure that users acsss
and acsdb
are not contained in the cron.deny
file.
Step 6: ACSLS Access Privileges
Note the following access privilege considerations:
-
ACSLS 8.5 may be installed in any local file system. The ACSLS base directory and backup directories (for example,
/export/home
and/export/backup
) must be mounted to allowSETUID
so that useracsss
can run asroot
. Super user access is required for scripts that start and stop ACSLS services and for scripts that collect diagnostic information for a support call. -
The
acsss
umask
is set to027
during installation. -
Network services, specifically
rpcbind
, must be enabled to allow ACSLS client communication unless the firewall security on ACSLS and all ACSAPI clients is configured without the need for the portmapper. For more information, refer to "Firewall Security" in the StorageTek ACSLS Administrator's Guide.
Step 7: Adjust Linux Tuning Settings
Adjust Linux tuning settings for your configuration. See Linux and ACSLS Tuning Settings.
Step 9: Configure YUM
After Linux installation, add specific packages required for ACSLS from the Oracle yum repository.
If your ACSLS server is behind a firewall, you may need to configure your ACSLS Linux system to use a local proxy server.
With these pre-requisites completed, you are now ready to install the ACSLS 8.5 package.
Step 10: Create User Accounts and Groups
Create the user accounts and associated groups described in the table below. For command examples, see Installation Command Examples.
ACSLS 8.5 allows for a user-defined home directory for the ACSLS application. The parent directory of each user home directory is referenced by the variable, $installDir
.
Note:
-
It is your responsibility to define any required user account attributes such as passwords, based upon your specific configuration and processes.
-
ACSLS user accounts (
acsss
,acsdb
, andacssa
) must execute.profile
when logging in. In some instances,.bash_profile
will override.profile
for bash shell user accounts. -
If you use directories that cross external NFS or ZFS mount points, ensure that root level privileges extend across the mount points. Without these root level privileges, ACSLS installation may fail, or post-installation functionality issues may occur.
Table 3-1 Required ACSLS User Accounts (Linux)
User Account | Group Assignment | Home Directory | Command Shell | Description |
---|---|---|---|---|
acsss |
acsls |
Default example: Ownership/Permissions:
|
/bin/bash |
ACSLS control user |
acssa |
acsls |
Default example: Ownership/Permissions:
|
/bin/bash |
ACSLS SA user |
acsdb |
acsls |
Default example: Ownership/Permissions:
|
/bin/bash |
ACSLS DB user |
postgres |
postgres |
Ownership/Permissions:
|
/bin/bash |
postgres user |
root |
no requirement |
standard root Ownership/Permissions: user defined |
/bin/bash |
root user |
If the user accounts already exist and are locked, you must unlock each account before you install the package.
For example, to check if the acsss account is locked:
# passwd -S acsss acsss LK
LK
indicates that the account is locked. To unlock the account:
# passwd -u acsss
If these user accounts exist on an LDAP or NIS server and the root
user on the local machine lacks usermod
authority on the LDAP or NIS server, then manual intervention by the system administrator is required to complete the ACSLS installation. Make sure the users are reassigned to the acsls
group and their home directories conform as stated above. The user shell should be bin/bash
.