Preparing for Installation

Step 1: Export Existing Database and Control Files

If you are upgrading from a previous release and plan to use existing database and control files, you must export these files.

As user acsss, enter the following command:
```
db_export.sh -f /path/myExport
```
where myExport is the name of your export file.
Save both myExport and myExport.misc files to a non-volatile location.
If you are updating your operating system, then transfer these files to a remote machine for safe keeping.

For more information, refer to the “Database Administration" chapter in the StorageTek ACSLS Administrator's Guide.

Step 2: Remove Previous ACSLS Versions

Remove any previous version of ACSLS. If this is a new installation with no previous version of ACSLS, then skip this step.

Ensure that you have exported the database, using the db_export.sh utility command.
Log in as user acsss.
Shut down all ACSLS services:
```
acsss shutdown
```
Remove any acsss, acssa, and acsdb crontab entries:
- Login as user acsss; Execute a crontab -r; logout
- Login as user acssa; Execute a crontab -r; logout
- Login as user acsdb; Execute a crontab -r; logout
Remove the previous version of ACSLS for Linux:
```
yum remove ACSLS.x86_64
```
Remove the postgreSQL database:
```
yum remove PostgreSQL.x86_64
```

As user root, remove previously populated directories:

	rm -rf /export/home/ACSSS (or other directory where you installed ACSLS)
	rm -rf /export/home/SSLM (or other direcrtory)
	rm -rf /export/home/Oracle (or other directory)
	rm -rf /var/tmp/acsls
	rm -rf /opt/ACSLS_8.4.0
	rm -rf /opt/ACSLS_8.5.0
rm -rf /opt/oracle/postgresql-10

Reboot.

Step 3: Ensure Linux is Installed

Ensure that a compatible version of Linux is installed.

ACSLS Release 8.5.0 is designed to run under Oracle Enterprise Linux releases 6.8 and 7.3
ACSLS Release 8.5.1 is designed to run under Oracle Enterprise Linux releases 6.8, 6.10, 7.3, 7.6, 7.8 and 7.9

The Oracle Enterprise Linux Product Pack can be obtained from the Oracle Software Delivery Cloud at:

edelivery.oracle.com

Oracle recommends installing the entire Linux distribution to ensure your installation includes the standard packages required for ACSLS operation.

Note:

If you perform an update to the Linux operating system after ACSLS is installed, ensure that you issue the updatedb command before rebooting the server. An operating system upgrade may impact ACSLS service operation during the reboot.

Before installing a new version of Linux, check with your IT system administrator to obtain the following information. The graphical installer requires the kdelibs package, which is included in the Oracle Enterprise Linux Product Pack.

Hostname and IP address for the ACSLS server.
Gateway IP address and netmask for your network, as well as the primary and secondary DNS.
IP address.
Network proxy information, if available.

During the installation, several key software components are installed:

GNOME desktop environment.
Internet support.
X Windows.
Resource Package Manager (RPM), Yellowdog Updater, and Modified (yum).
Java 7 or 8. If you are installing the ACSLS GUI, use the latest Java JDK/SE version. Refer to the ACSLS Product Information document for specific required Java versions.

Do not install (or enable) the following:

Software Development
Web Server
Database
Dial-up network

Linux 7 Dependencies

Oracle recommends installing the entire Linux distribution to ensure your installation includes the standard packages required for ACSLS operation.

Additionally, Linux 7 installations include the following dependencies:

glibc.i686
pam
pam.i686
libstdc++
libstdc++.i686
libxml2
libxml2.i686
unixODBC.i686
openssl
openssl-libs.i686
rpcbind
libgssglue
libcrypto.so.10
bzip2
mlocate

Note:

This represents a partial list. Additional packages may be required.

Installing Missing Oracle Linux Packages

If your installation is missing a standard Oracle Linux package required for ACSLS operation, use yum on the command line to acquire and install the missing package.

For example, to find and install a missing bzip2 package:

Configure /etc/yum.conf.
Enter the following command:
```
yum install bzip2
```

Note:

If packages contain shared object libraries required by ACSLS, you must install 32-bit versions (for example, unixODBC).
If packages run a standalone process required by ACSLS, either 32-bit or 64-bit versions will work (for example, rpcbind).

If a package is not working as expected, or causes faults, you may need to install a different version of the package. Examples include:

rpcbind (Some versions don't restart after reboot. For example, rpcbind.x86_64 on Oracle Linux 7.3 uses the version 0.2.0-48.el7.)
Java (ACSLS has specific minimum supported versions for this and other packages. Refer to the ACSLS Product Information document for specific required Java versions.)
unixODBC (may have installed the 64-bit version instead of the required 32-bit version)

Step 4: SELinux Security Settings

ACSLS 8.5 is designed to run in optional Security Enhanced Linux (SELinux) environments.

SELinux was merged into the Linux kernel in response to initiatives by the US National Security Agency. It provides access control to files, directories, and other system resources that go beyond the traditional protection found standard in UNIX environments. In addition to owner-group-public permission access, SELinux includes access control based on user role, domain, and context. The agent that enforces access control over all system resources is the Linux kernel.

To set SELinux enforcement:

As user root, use the setenforce command to enable or disable SELinux enforcement.
```
setenforce [Enforcing | Permissive | 1 | 0 ]
```
- Specify Enforcing or 1 to enable enforcement.
- Specify Permissive or 0 to disable enforcement.
Verify the SELinux enforcement status:
```
getenforce
```

Note:

This command requires that SELinux is enabled. Use the command sestatus to view the status of SELinux.
To view the current system enforcement status, use the command getenforce.

Three SELinux policy modules are loaded into the kernel when you install ACSLS: allowPostgr, acsdb, and acsdb1. These modules provide the definitions and enforcement exceptions that are necessary for ACSLS to access its own database and other system resources while SELinux enforcement is active. With these modules installed, you should be able to run normal ACSLS operations, including database operations such as bdb.acsss, rdb.acsss, db_export.sh and db_import.sh without the need to disable SELinux enforcement.

If problems occur, you may need to disable SELinux or run in permissive mode. For more information, refer to the "Troubleshooting" appendix in the StorageTek ACSLS Administrator's Guide.

Step 5: Cron Administration

Specific automated schedules known as crontabs are created for users acsss and acsdb when you run the install.sh utility. These crontabs are provided for ACSLS database maintenance backup activities.

An optional file, /etc/cron.allow (or /etc/cron.d/cron.allow on some systems) may exist on the system. This file controls which users are allowed to run the crontab command. If cron.allow exists, then user IDs for acsss and acsdb must be included in that file before you run install.sh. Otherwise, crontab creation for these users fails.

The file cron.deny exists by default on most systems. Any users listed in this file are explicitly denied access to the crontab command. Make sure that users acsss and acsdb are not contained in the cron.deny file.

Step 6: ACSLS Access Privileges

Note the following access privilege considerations:

ACSLS 8.5 may be installed in any local file system. The ACSLS base directory and backup directories (for example, /export/home and /export/backup) must be mounted to allow SETUID so that user acsss can run as root. Super user access is required for scripts that start and stop ACSLS services and for scripts that collect diagnostic information for a support call.
The acsss umask is set to 027 during installation.
Network services, specifically rpcbind, must be enabled to allow ACSLS client communication unless the firewall security on ACSLS and all ACSAPI clients is configured without the need for the portmapper. For more information, refer to "Firewall Security" in the StorageTek ACSLS Administrator's Guide.

Step 7: Adjust Linux Tuning Settings

Adjust Linux tuning settings for your configuration. See Linux and ACSLS Tuning Settings.

Step 8: Download and Unzip the ACSLS 8.5 Package

To download and unzip the ACSLS 8.5 package:

Start a web browser on the system and visit the Oracle Software Delivery Cloud:

https://edelivery.oracle.com
Click Sign In and enter the user name and password provided by your Oracle Support representative.
In the search field, enter acsls and select StorageTek Automated Cartridge System Library Software (ACSLS).
In the search results, select ACSLS release level 8.5.0.0.0 or 8.5.1.0.0 to add it to the cart.
Click Selected Software to view the cart.
On the Selected Software screen, select your desired platform and click Continue.
On the Oracle Terms and Restrictions screen, review and accept the terms of the licenses. Click Continue.
Click Download and save the zip file to a common installation directory, typically /opt.
Before extracting the ZIP file, remove any previously installed versions of ACSLS installation directories. For example:
```
rm -rf /opt/ACSLS_8.4.0
rm -rf /opt/ACSLS_8.5.0
```
Unzip the compressed file. The extracted package set is found in the resulting ACSLS_8.5.0 or ACSLS_8.5.1 subdirectory.

Step 9: Configure YUM

After Linux installation, add specific packages required for ACSLS from the Oracle yum repository.

If your ACSLS server is behind a firewall, you may need to configure your ACSLS Linux system to use a local proxy server.

Edit /etc/yum.conf to update the local proxy server:

yum/conf
Proxy=http://your local proxy server
http_caching=packages

Edit /etc/wgetrc to update proxy and caching parameters:

wgetrc
#You can set the default proxies for wget to use for http, https, and ftp.
#They will override the value in the environment.
http_proxy=http://your local proxy server

# Remove the comment sign (#) from this line: 
#use_proxy=on

Configure yum to use the Oracle repository for the correct architecture.
- Linux 6.8 or 6.10:
  
  Copy the provided yum repository file to /etc/yum.repos.d/.
  
  Note:
  There should be only one file in this directory, public-yum-ol6.repo.
- Linux 7.3, 7.6, 7.8 or 7.9:
  
  Copy the provided yum repository file to /etc/yum.repos.d/.
  
  Note:
  There should be only one file in this directory, public-yum-ol7.repo.
Edit the file /etc/yum/pluginconf.d/refresh-packagekit.conf and set enabled=0 to disable the yum packagekit refresh (Linux 6.8 or 6.10 only).

With these pre-requisites completed, you are now ready to install the ACSLS 8.5 package.

Step 10: Create User Accounts and Groups

Create the user accounts and associated groups described in the table below. For command examples, see Installation Command Examples.

ACSLS 8.5 allows for a user-defined home directory for the ACSLS application. The parent directory of each user home directory is referenced by the variable, $installDir.

Note:

It is your responsibility to define any required user account attributes such as passwords, based upon your specific configuration and processes.
ACSLS user accounts (acsss, acsdb, and acssa) must execute .profile when logging in. In some instances, .bash_profile will override .profile for bash shell user accounts.
If you use directories that cross external NFS or ZFS mount points, ensure that root level privileges extend across the mount points. Without these root level privileges, ACSLS installation may fail, or post-installation functionality issues may occur.

Table 3-1 Required ACSLS User Accounts (Linux)

User Account	Group Assignment	Home Directory	Command Shell	Description
acsss	acsls	`$(installDir)/ACSSS` Default example: `/export/home/ACSSS` Ownership/Permissions: Directory Owner: `acsss:acsls` Minimum permissions: `rwxr-x---`	/bin/bash	ACSLS control user
acssa	acsls	`$(installDir)/ACSSA` Default example: `/export/home/ACSSA` Ownership/Permissions: Directory Owner: `acssa:acsls` Minimum permissions: `rwxr-x---`	/bin/bash	ACSLS SA user
acsdb	acsls	`$(installDir)/acsdb/ACSDB1.0` Default example: `/export/home/acsdb/ACSDB1.0` Ownership/Permissions: Directory Owner: `acsdb:acsls` Minimum permissions: `rwxr-x---`	/bin/bash	ACSLS DB user
postgres	postgres	`/opt/oracle/postgresql-10` Ownership/Permissions: Directory Owner: `postgres:postgres` Minimum. permissions: `rwxr-xr-x`	/bin/bash	postgres user
root	no requirement	standard root Ownership/Permissions: user defined	/bin/bash	root user

If the user accounts already exist and are locked, you must unlock each account before you install the package.

For example, to check if the acsss account is locked:

# passwd -S acsss
acsss LK

LK indicates that the account is locked. To unlock the account:

# passwd -u acsss

If these user accounts exist on an LDAP or NIS server and the root user on the local machine lacks usermod authority on the LDAP or NIS server, then manual intervention by the system administrator is required to complete the ACSLS installation. Make sure the users are reassigned to the acsls group and their home directories conform as stated above. The user shell should be bin/bash.