Tag: CentOS

Install 3PAR System Reporter on CentOS 6 64-bit

Posted on by David Maldonado

My weekend project was rebuilding our HP 3PAR System Reporter installation. I used the HP 3PAR System Reporter 3. 1 MU1 Software User’s Guide to work off of. Section 2 contains the build instructions and I do encourage you to read it, but it’s a little unclear in parts so I made some notes of my own build which I’ll share below; and between these two you should have success.

For new installation I used a CentOS 6.4 x86-64 VM. It’s running the System Reporter sampler and Web server 3.1 components, 3PAR CLI 3.1.2, Apache 2.2.15, and MySQL 5.1.

HP notes “when running System Reporter on a VM it’s best to have the database server running on a separate VM, especially for Microsoft SQL, MySQL or Oracle.” I haven’t particularly found performance to be an issue myself but I assume that would depend on the number of storage arrays we were reporting against.

I started with a minimal CentOS 6.4 64-bit base install. After install, the first thing I needed to do was modify “/etc/sysconfig/network-scripts/ifcfg-eth0” which had onboot=no, so I changed to yes.

Then once you have a valid IP:

yum -y update  
yum -y upgrade

Since I am running this in a VMware environment. I installed vmware tools. Note: you need to install vmware tools in the vmware console. If you install via ssh remoting, vmware tools does not automatically start at boot.

yum install make gcc kernel-devel kernel-headers glibc-headers perl  
mkdir /mnt/cdrom  
mount /dev/cdrom /mnt/cdrom  
cp /mnt/cdrom/VMwareTools*.tar.gz /tmp/  
cd /tmp/  
tar xvfz VMwareTools*.tar.gz  
cd /tmp/vmware-tools-distrib  
./vmware-install.pl

To use the vmxnet driver:

/etc/init.d/network stop
rmmod pcnet32  
rmmod vmxnet  
modprobe vmxnet  
/etc/init.d/network start

Next allow ssh, http, and https through firewall:

vi /etc/sysconfig/iptables

Add the following entries before “-A INPUT -j REJECT –reject-with icmp-host-prohibited”:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

Add the following entries after “-A INPUT -j REJECT –reject-with icmp-host-prohibited”:

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 443 -j ACCEPT

Restart iptables:

service iptables restart

Now you can continue via ssh session. Login as root and install apache:

yum install httpd  
chkconfig httpd on  
service httpd start

Install 3PAR CLI. This is included in the e-media kit download or System Reporter installation CD. I used WinSCP to copy it over to my server. From the location where you’ve copied the Linux contents:

chmod +x setup.bin  
./setup.bin

Note: make sure you document the location of the 3PAR CLI install. In my case, 3.1.2 defaulted to “/opt/3PAR/inform_cli_3.1.2/bin/cli”

Install MySQL:

yum install mysql-server  
service mysqld start  
chkconfig --level 345 mysqld on  
/usr/bin/mysql_secure_installation

You’ll be prompted for your current root password. Since you just installed MySQL, leave it blank and hit [enter]. Then the prompt will ask you if you want to set up a root password. Enter a root password at this time and continue with prompts accepting all defaults.

When installing on a CentOS server where MySQL server is running locally on the same server, you must complete the following procedures:

  • Create a symbolic link using the following command (I added this to “/etc/init.d/mysqld” to have it execute at boot):
ln -s /var/lib/mysql/mysql.sock /var/run/mysqld/mysqld.sock
  • Change the “max_allowed_packet” MySQL parameter by editing its value in the MySQL initialization file located in “/etc/my.cnf”:
vi /etc/my.cnf

Add the following to “/etc/my.cnf”:

max_allowed_packet=32M

Restart MySQL: 

service mysqld restart

Create MySQL Users and Schema:

mysql -u root -p  
create database inservstats;  
create user cliuser identified by 'cliuserpassword';  
create user webuser identified by 'webuserpassword';  
use inservstats grant all on * to cliuser;  
grant select on * to webuser;  
exit;

Install 3PAR System Reporter Tools for x86_64. System Reporter tools on Linux x86_64 consists of two RPM packages available in the RHEL6_U1-U2x86_64 folder in the e-media kit or CD:

  • sampleloop (sampleloop-3.1-3.x86_64.rpm) consists of the files needed to install the sampleloop daemon.
  • sysrptwebsrv (sysrptwebsrv-3.1-3.x86_64.rpm) consists of the files needed to install the System Reporter web server code.

NOTE: The sysrptwebsrv requires the 32-bit version of the gd (version 2.0 or greater) package to be installed. The 32-bit version available in CentOS 6.4 is: gd.i686 2.0.35-11.el6.

Install gd.i686:

yum install gd.i686

Using WinSCP or other method, copy sampleloop-3.1-3.x86_64.rpm to server, then install from that location:

yum install sampleloop-3.1-3.x86_64.rpm

Edit /etc/sampleloop.conf:

vi /etc/sampleloop.conf

Set the full path to cli, (this was “/opt/3PAR/inform_cli_3.1.2/bin/cli” from earlier): 

set Sysdb::cli "/opt/3PAR/inform_cli_3.1.2/bin/cli"

Set the IP address or name of the smtp server 

set Sysdb::smtpserver "yoursmtpserver.com"

Set the originator’s email address 

set Sysdb::smtporig "sysreporter@yourdomain.com"

Set the username and password for the smtp server (if you do not need a username or password, these can remarked out as I have below): 

#set Sysdb::smtpuser "username"
#set Sysdb::smtppasswd "password"

For mysql: Set the IP address or name of the database server 

set Sysdb::dbhost nameofyourserver

For MySQL databases, create the “/etc/sampleloop_dbpwfile” file to include a single line that has the database user name and password separated by a space.

vi /etc/sampleloop_dbpwfile

This should look like the example below:

cliuser cliuserpassword

Start the sampleloop daemon by running:

/etc/init.d/sampleloop start

Add sampleloop to the execute at startup:

chkconfig -add sampleloop

Using WinSCP or other method, copy sysrptwebsrv-3.1-3.x86_64.rpm to server, then install from copy location:

yum install sysrptwebsrv-3.1-3.x86_64.rpm

Edit “/var/www/cgi-bin/3par-rpts/config.tcl”:

vi /var/www/cgi-bin/3par-rpts/config.tcl

Set the full path to cli, (this was “/opt/3PAR/inform_cli_3.1.2/bin/cli” from earlier):

set ::cli "/opt/3PAR/inform_cli_3.1.2/bin/cli"

For mysql: Set the IP address or name of the database server 

set Sysdb::dbhost nameofyourserver

Set the database user name and password.
The user need only have SELECT privileges for the schema 

set Sysdb::dbuser webuser  
set Sysdb::dbpasswd webuserpassword

Set the IP address or name of the smtp server 

set Sysdb::smtpserver "yoursmtpserver.com"

Set the originator’s email address 

set Sysdb::smtporig "sysreporter@yourdomain.com"

Set the username and password for the smtp server (if you do not need a username or password, these can remarked out as I have below): 

#set Sysdb::smtpuser "username"
#set Sysdb::smtppasswd "password"

Edit “/var/www/cgi-bin/3par-policy/config.tcl”:

vi /var/www/cgi-bin/3par-policy/config.tcl

Set the full path to cli, (this was “/opt/3PAR/inform_cli_3.1.2/bin/cli” from earlier): 

set ::cli "/opt/3PAR/inform_cli_3.1.2/bin/cli"

For mysql: Set the IP address or name of the database server 

set Sysdb::dbhost nameofyourserver

Set the database user name and password
The user should be the same as used for the the sampleloop daemon which has all the privileges for the schema. 

set Sysdb::dbuser cliuser  
set Sysdb::dbpasswd cliuserpassword

Disable SELinux:

sestatus | grep -i mode  
setenforce 0

Edit “/etc/sysconfig/selinux” to disable upon boot:

vi /etc/sysconfig/selinux

Change SELINUX to “disabled”:

SELINUX=disabled

If the configuration files are correct , you should be able to open the webpage: http://hostname/3par.

At this point you are functionally finished but an additional step you should consider is configuring Apache HTTP Server to require a username and password before allowing a user to:

  • read the HP 3PAR System Reporter database or view the database sampling policies.
  • make changes to database sampling policies.

This is outlined in the System Reporter User’s Guide in the section “Apache HTTP Server Authorization and Access Control”.

I chose to only password protect the modifications to the policy settings. To do that you must first create a password file.

mkdir /etc/htpasswd/  
htpasswd -c /etc/htpasswd/.htpasswd yourusername  
chmod ug+rw /etc/htpasswd/.htpasswd  
chown apache:apache /etc/htpasswd/.htpasswd

At this point you can add Directory directives to the httpd.conf file:

vi /etc/httpd/conf/httpd.conf

Add the following:

<Directory "/var/www/cgi-bin/3par-policy">
AuthType Basic  
AuthName "3PAR System Reporter Policy Update"  
AuthUserFile /etc/htpasswd/.htpasswd  
Require user yourusername  
</Directory>

Then restart httpd and the next time you try to make policy changes, you’ll be prompted for the username and password you’ve specified. (Consult the User’s Guide if you’re interested in password protecting the reading of the database and the display of policy settings).

service httpd restart

Lastly, you should observe best practices & create a user account for yourself and disable root ssh login.