Preparing for Installation
Perform the following tasks to prepare for ACSLS installation. Once you have completed these tasks, you are ready to install ACSLS 8.5.
Step 1: Export Existing Database and Control Files
If you are upgrading from a previous release and plan to use existing database and control files, you must export these files.
For more information, refer to the “Database Administration" chapter in the StorageTek ACSLS Administrator's Guide.
Step 2: Remove Previous ACSLS Versions
Remove any previous version of ACSLS. If this is a new installation with no previous version of ACSLS, then skip this step.
Step 4: Network Security Settings
Your Solaris installation should "Enable remote services" to ensure that network client applications are able to communicate with the ACSLS server.
If you select the Solaris "Secure by Default" installation option, then it is necessary to alter a network configuration property for rpc-bind
. To do this:
Step 5: Cron Administration
Specific automated schedules known as crontabs are created for users acsss
and acsdb
when you run the install.sh
utility. These crontabs are provided for ACSLS database maintenance backup activities.
An optional file, /etc/cron.allow
(or /etc/cron.d/cron.allow
on some systems) may exist on the system. This file controls which users are allowed to run the crontab
command. If cron.allow
exists, then user IDs for acsss
and acsdb
must be included in that file before you run install.sh
. Otherwise, crontab
creation for these users fails.
The file cron.deny
exists by default on most systems. Any users listed in this file are explicitly denied access to the crontab
command. Make sure that users acsss
and acsdb
are not contained in the cron.deny
file.
Step 6: ACSLS Access Privileges
Note the following access privilege considerations:
-
ACSLS 8.5 may be installed in any local file system. The ACSLS base directory and backup directories (for example,
/export/home
and/export/backup
) must be mounted to allowSETUID
so that useracsss
can run asroot
. Super user access is required for scripts that start and stop ACSLS services and for scripts that collect diagnostic information for a support call. -
The
acsss
umask
is set to027
during installation. -
Network services, specifically
rpcbind
, must be enabled to allow ACSLS client communication unless the firewall security on ACSLS and all ACSAPI clients is configured without the need for the portmapper. For more information, refer to "Firewall Security" in the StorageTek ACSLS Administrator's Guide.
Step 8: Create User Accounts and Groups
Create the user accounts and associated groups described in the table below. For command examples, see Installation Command Examples.
ACSLS allows for a user-defined home directory for the ACSLS application. The parent directory of each user home directory is referenced by the variable, $installDir
.
Note:
-
It is your responsibility to define any required user account attributes such as passwords, based upon your specific configuration and processes.
-
ACSLS user accounts (
acsss
,acsdb
, andacssa
) must execute.profile
when logging in. In some instances,.bash_profile
will override.profile
for bash shell user accounts. -
If you use directories that cross external NFS or ZFS mount points, ensure that root level privileges extend across the mount points. Without these root level privileges, ACSLS installation may fail, or post-installation functionality issues may occur.
Table 2-1 Required ACSLS User Accounts (Solaris)
User Account | Group Assignment | Home Directory | Command Shell | Description |
---|---|---|---|---|
acsss |
acsls |
Default example: Ownership/Permissions:
|
/bin/bash |
ACSLS control user |
acssa |
acsls |
Default example: Ownership/Permissions:
|
/bin/bash |
ACSLS SA user |
acsdb |
acsls |
Default example: Ownership/Permissions:
|
/bin/bash |
ACSLS DB user |
postgres |
postgres |
Ownership/Permissions:
|
/bin/bash |
postgres user |
root |
no requirement |
standard root Ownership/Permissions: user defined |
/bin/bash |
root user |
If the user accounts already exist and are locked, you must unlock each account before you install the package.
For example, to check if the acsss account is locked:
# passwd -S acsss acsss LK
LK
indicates that the account is locked. To unlock the account:
# passwd -u acsss
If these user accounts exist on an LDAP or NIS server and the root
user on the local machine lacks usermod
authority on the LDAP or NIS server, then manual intervention by the system administrator is required to complete the ACSLS installation. For example, if the postgres
user already exists, you must change its home directory to /usr/postgres/10-pgdg
. The user shell should be /usr/bin/bash
.