My weekend project was rebuilding our HP 3PAR System Reporter installation. I used the HP 3PAR System Reporter 3. 1 MU1 Software User’s Guide to work off of. Section 2 contains the build instructions and I do encourage you to read it, but it’s a little unclear in parts so I made some notes of my own build which I’ll share below; and between these two you should have success.
For new installation I used a CentOS 6.4 x86-64 VM. It’s running the System Reporter sampler and Web server 3.1 components, 3PAR CLI 3.1.2, Apache 2.2.15, and MySQL 5.1.
HP notes “when running System Reporter on a VM it’s best to have the database server running on a separate VM, especially for Microsoft SQL, MySQL or Oracle.” I haven’t particularly found performance to be an issue myself but I assume that would depend on the number of storage arrays we were reporting against.
I started with a minimal CentOS 6.4 64-bit base install. After install, the first thing I needed to do was modify “/etc/sysconfig/network-scripts/ifcfg-eth0” which had onboot=no, so I changed to yes.
Then once you have a valid IP:
yum -y update
yum -y upgrade
Since I am running this in a VMware environment. I installed vmware tools. Note: you need to install vmware tools in the vmware console. If you install via ssh remoting, vmware tools does not automatically start at boot.
yum install make gcc kernel-devel kernel-headers glibc-headers perl
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
cp /mnt/cdrom/VMwareTools*.tar.gz /tmp/
cd /tmp/
tar xvfz VMwareTools*.tar.gz
cd /tmp/vmware-tools-distrib
./vmware-install.pl
To use the vmxnet driver:
/etc/init.d/network stop
rmmod pcnet32
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
Next allow ssh, http, and https through firewall:
vi /etc/sysconfig/iptables
Add the following entries before “-A INPUT -j REJECT –reject-with icmp-host-prohibited”:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
Add the following entries after “-A INPUT -j REJECT –reject-with icmp-host-prohibited”:
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 443 -j ACCEPT
Restart iptables:
service iptables restart
Now you can continue via ssh session. Login as root and install apache:
yum install httpd
chkconfig httpd on
service httpd start
Install 3PAR CLI. This is included in the e-media kit download or System Reporter installation CD. I used WinSCP to copy it over to my server. From the location where you’ve copied the Linux contents:
chmod +x setup.bin
./setup.bin
Note: make sure you document the location of the 3PAR CLI install. In my case, 3.1.2 defaulted to “/opt/3PAR/inform_cli_3.1.2/bin/cli”
Install MySQL:
yum install mysql-server
service mysqld start
chkconfig --level 345 mysqld on
/usr/bin/mysql_secure_installation
You’ll be prompted for your current root password. Since you just installed MySQL, leave it blank and hit [enter]. Then the prompt will ask you if you want to set up a root password. Enter a root password at this time and continue with prompts accepting all defaults.
When installing on a CentOS server where MySQL server is running locally on the same server, you must complete the following procedures:
- Create a symbolic link using the following command (I added this to “/etc/init.d/mysqld” to have it execute at boot):
ln -s /var/lib/mysql/mysql.sock /var/run/mysqld/mysqld.sock
- Change the “max_allowed_packet” MySQL parameter by editing its value in the MySQL initialization file located in “/etc/my.cnf”:
vi /etc/my.cnf
Add the following to “/etc/my.cnf”:
max_allowed_packet=32M
Restart MySQL:
service mysqld restart
Create MySQL Users and Schema:
mysql -u root -p
create database inservstats;
create user cliuser identified by 'cliuserpassword';
create user webuser identified by 'webuserpassword';
use inservstats grant all on * to cliuser;
grant select on * to webuser;
exit;
Install 3PAR System Reporter Tools for x86_64. System Reporter tools on Linux x86_64 consists of two RPM packages available in the RHEL6_U1-U2x86_64 folder in the e-media kit or CD:
- sampleloop (sampleloop-3.1-3.x86_64.rpm) consists of the files needed to install the sampleloop daemon.
- sysrptwebsrv (sysrptwebsrv-3.1-3.x86_64.rpm) consists of the files needed to install the System Reporter web server code.
NOTE: The sysrptwebsrv requires the 32-bit version of the gd (version 2.0 or greater) package to be installed. The 32-bit version available in CentOS 6.4 is: gd.i686 2.0.35-11.el6.
Install gd.i686:
yum install gd.i686
Using WinSCP or other method, copy sampleloop-3.1-3.x86_64.rpm to server, then install from that location:
yum install sampleloop-3.1-3.x86_64.rpm
Edit /etc/sampleloop.conf:
vi /etc/sampleloop.conf
Set the full path to cli, (this was “/opt/3PAR/inform_cli_3.1.2/bin/cli” from earlier):
set Sysdb::cli "/opt/3PAR/inform_cli_3.1.2/bin/cli"
Set the IP address or name of the smtp server
set Sysdb::smtpserver "yoursmtpserver.com"
Set the originator’s email address
set Sysdb::smtporig "sysreporter@yourdomain.com"
Set the username and password for the smtp server (if you do not need a username or password, these can remarked out as I have below):
#set Sysdb::smtpuser "username"
#set Sysdb::smtppasswd "password"
For mysql: Set the IP address or name of the database server
set Sysdb::dbhost nameofyourserver
For MySQL databases, create the “/etc/sampleloop_dbpwfile” file to include a single line that has the database user name and password separated by a space.
vi /etc/sampleloop_dbpwfile
This should look like the example below:
cliuser cliuserpassword
Start the sampleloop daemon by running:
/etc/init.d/sampleloop start
Add sampleloop to the execute at startup:
chkconfig -add sampleloop
Using WinSCP or other method, copy sysrptwebsrv-3.1-3.x86_64.rpm to server, then install from copy location:
yum install sysrptwebsrv-3.1-3.x86_64.rpm
Edit “/var/www/cgi-bin/3par-rpts/config.tcl”:
vi /var/www/cgi-bin/3par-rpts/config.tcl
Set the full path to cli, (this was “/opt/3PAR/inform_cli_3.1.2/bin/cli” from earlier):
set ::cli "/opt/3PAR/inform_cli_3.1.2/bin/cli"
For mysql: Set the IP address or name of the database server
set Sysdb::dbhost nameofyourserver
Set the database user name and password.
The user need only have SELECT privileges for the schema
set Sysdb::dbuser webuser
set Sysdb::dbpasswd webuserpassword
Set the IP address or name of the smtp server
set Sysdb::smtpserver "yoursmtpserver.com"
Set the originator’s email address
set Sysdb::smtporig "sysreporter@yourdomain.com"
Set the username and password for the smtp server (if you do not need a username or password, these can remarked out as I have below):
#set Sysdb::smtpuser "username"
#set Sysdb::smtppasswd "password"
Edit “/var/www/cgi-bin/3par-policy/config.tcl”:
vi /var/www/cgi-bin/3par-policy/config.tcl
Set the full path to cli, (this was “/opt/3PAR/inform_cli_3.1.2/bin/cli” from earlier):
set ::cli "/opt/3PAR/inform_cli_3.1.2/bin/cli"
For mysql: Set the IP address or name of the database server
set Sysdb::dbhost nameofyourserver
Set the database user name and password
The user should be the same as used for the the sampleloop daemon which has all the privileges for the schema.
set Sysdb::dbuser cliuser
set Sysdb::dbpasswd cliuserpassword
Disable SELinux:
sestatus | grep -i mode
setenforce 0
Edit “/etc/sysconfig/selinux” to disable upon boot:
vi /etc/sysconfig/selinux
Change SELINUX to “disabled”:
SELINUX=disabled
If the configuration files are correct , you should be able to open the webpage: http://hostname/3par.
At this point you are functionally finished but an additional step you should consider is configuring Apache HTTP Server to require a username and password before allowing a user to:
- read the HP 3PAR System Reporter database or view the database sampling policies.
- make changes to database sampling policies.
This is outlined in the System Reporter User’s Guide in the section “Apache HTTP Server Authorization and Access Control”.
I chose to only password protect the modifications to the policy settings. To do that you must first create a password file.
mkdir /etc/htpasswd/
htpasswd -c /etc/htpasswd/.htpasswd yourusername
chmod ug+rw /etc/htpasswd/.htpasswd
chown apache:apache /etc/htpasswd/.htpasswd
At this point you can add Directory directives to the httpd.conf file:
vi /etc/httpd/conf/httpd.conf
Add the following:
<Directory "/var/www/cgi-bin/3par-policy">
AuthType Basic
AuthName "3PAR System Reporter Policy Update"
AuthUserFile /etc/htpasswd/.htpasswd
Require user yourusername
</Directory>
Then restart httpd and the next time you try to make policy changes, you’ll be prompted for the username and password you’ve specified. (Consult the User’s Guide if you’re interested in password protecting the reading of the database and the display of policy settings).
service httpd restart
Lastly, you should observe best practices & create a user account for yourself and disable root ssh login.