Creating ODP regional node from scratch Alexander Kolesnikov

Pre-installation process • Unpack the VM images on your computer • Make a connection

Pre-installation process Open the tab Configuration -> Storage, then open your datastorage 3

Pre-installation process • Click the icon for downloading files to the storage and select

Pre-installation process • After that open the folder and upload the VM into the

Specification of ODP node virtual machines (for 16 GB RAM server) Component CPU RAM

Basic requirements to install Cent. OS System localization - UTF 8. en_EN Time zone

Users environment Component ID Users Working directory PORTAL/SSO jboss zabbix /opt/portal/zabbix DB postgres zabbix

System environment Component ID Users Working directory PORTAL/SSO $JAVA_HOME $JBOSS_HOME $ZABBIX_HOME /opt/portal/java/jdk 1. 7.

Software versions Component ID PORTAL Sotware JBoss AS 4. 2. 3 GA (jboss-portal-2. 7.

Basic installation and configuration Action Login via root Command For all components ----- Install

Basic installation and configuration Action Command For all components Disable Selinux: ‘vi /etc/selinux/config’ Open

Basic installation and configuration Action Command For all components Install Open. SSH client and

Java installation and configuration Action Command For all components Create a directory for the

Java installation and configuration Action Command For components id Portal, DP, IS Download java

Java installation and configuration Action Command For components id Portal, DP, IS Create alternatives:

Java installation and configuration Action Command For components id Portal, DP, IS Add link

Java installation and configuration Action Command For component id SOI Add link to JAVA_HOME

JBoss AS installation Action Command For components id PORTAL, IS, SOI, DP Create user

JBoss AS installation Action Command For component id IS Download tar archive your ‘tar

JBoss AS installation Action Command For component id SOI ‘tar –xfv jboss-5. 2. 0.

JBoss AS installation Action Command For components id PORTAL, IS, SOI, DP Copy JBoss

Monitoring client installation Action Command For all components Create user ‘zabbix’ and set password

Monitoring client installation Action Command For all components Copy zabbix run script in ‘/etc/init.

Monitoring client configuration Action Command Configure zabbix_agentd. conf ‘vi$ZABBIX_HOME/conf/zabbix_agentd. conf’ Set IP address for

Tomcat installation Action Command Only for component ID PORTAL ‘tar –xfv apache-tomcat. Download tar

Postgre. SQL installation Action Command Only for component ID DB Download and install postgresql-8.

Postgre. SQL installation Action Command Only for component ID DB Edit $PGDATA/pg_hba. conf file

Increase security Cent. OS Action Command For all components Add mount option's in ‘vi

Networking NAT routing Redirecting requests for public port connections handled by the iptables, by

Networking (local interaction) Source IP or Domain portal-odp. nmdis. gov. cn db-odp. nmdis. gov.

Networking Interaction ODP Regional node to a ODP Global node Source IP or Domain

Networking Interaction ODP Global node to a ODP Regional node Source IP or Domain

Networking with in Internet user’s Source IP or Domain Source port Destination IP or

Slides: 36

Download presentation

Creating ODP regional node from scratch Alexander Kolesnikov RIHMI-WDC, Russia 1

Pre-installation process • Unpack the VM images on your computer • Make a connection to the ESXi host using Vsphere client • Transfer VM-images to the server storage • Add virtual machine to ESXi inventory 2

Pre-installation process Open the tab Configuration -> Storage, then open your datastorage 3

Pre-installation process • Click the icon for downloading files to the storage and select ‘Upload Folder’ • Next, select the folder which contains VM image and press OK • Wait until the folder will be loaded into the storage 4

Pre-installation process • After that open the folder and upload the VM into the ESXi host inventory 5

Specification of ODP node virtual machines (for 16 GB RAM server) Component CPU RAM DISK IP adress DNS name PORTAL, SECURITY (PORTAL) 2 3 Gb 80 Gb XXX portal-odp. nmdis. gov. cn DATABASE (DB) 2 3 Gb 230 Gb XXX db-odp. nmdis. gov. cn INTEGRATION SERVER (IS) 4 3 Gb 130 Gb XXX is-odp. nmdis. gov. cn SERVICE BUS (SOI) 4 3 Gb 80 Gb XXX soi-odp. nmdis. gov. cn DATA PROVIDER (DP) 4 3 Gb 160 Gb XXX dp-odp. nmdis. gov. cn MONITORING (SYS) 2 1 Gb 130 Gb XXX sys-dop. nmdis. gov. cn 6

Basic requirements to install Cent. OS System localization - UTF 8. en_EN Time zone - GMT+0 All connected hard disk must be in LVM Set of basic software installation– minimal. Component ID User’s functions PORTAL, IS, SOI, DP jboss – management application server’s JBoss 4. 2. 3, Jboss 5. 1. 0, Apache-Tomcat 6 zabbix – management monitoring client DB postgres – management DBMS Postgresql 8. 4 zabbix – management monitoring client IMPORTANT: The password must contain Latin characters from az in upper and lower case Special characters!» №~%? *()@#$%^&; The password must be minimum of 8 characters 7

Users environment Component ID Users Working directory PORTAL/SSO jboss zabbix /opt/portal/zabbix DB postgres zabbix /opt/db/Postgre. SQL /opt/db/zabbix IS jboss zabbix /opt/is/zabbix SOI jboss zabbix /opt/soi/zabbix DP jboss zabbix /opt/dp/zabbix SYS postgres zabbix /opt/sys/Postgre. SQL /home/zabbix 8

System environment Component ID Users Working directory PORTAL/SSO $JAVA_HOME $JBOSS_HOME $ZABBIX_HOME /opt/portal/java/jdk 1. 7. 0_51 /opt/portal/jboss-portal-2. 7. 2 /opt/portal/zabbix DB $PGDATA $ZABBIX_HOME /opt/db/Postgre. SQL/8. 4/data /opt/db/zabbix IS $JAVA_HOME $JBOSS_HOME $ZABBIX_HOME /opt/is/java/jdk 1. 7. 0_51 /opt/is/jboss-4. 2. 3. GA /opt/is/zabbix SOI $JAVA_HOME $JBOSS_HOME $ZABBIX_HOME /opt/soi/java/jdk 1. 6. 0_43 /opt/soi/jboss-5. 1. 0. GA /opt/soi/zabbix DP $JAVA_HOME $JBOSS_HOME $ZABBIX_HOME /opt/dp/java/jdk 1. 7. 0_51 /opt/dpjboss-4. 2. 3. GA /opt/dp/zabbix 9

Software versions Component ID PORTAL Sotware JBoss AS 4. 2. 3 GA (jboss-portal-2. 7. 2) Tomcat 6 JDK 1. 7 DB Postgre. SQL 8. 4 IS JBoss AS 4. 2. 3 GA JDK 1. 7 SOI JBoss AS 5. 1. 0 GA JDK 1. 6 DP JBoss AS 4. 2. 3 GA JDK 1. 7 10

Basic installation and configuration Action Login via root Command For all components ----- Install CMD manager configure ‘yum install system-configfirewall-tui’ Install Mid. Night. Comander ‘yum install mc’ 11

Basic installation and configuration Action Command For all components Disable Selinux: ‘vi /etc/selinux/config’ Open SElinux config Change Press “i” to enable write mode, “SELINUX=enforcing” to edit “SELINUX” option and save “SELINUX=disabled” file - press “Esc”, then “: wq” and press “Enter” Disable system Firewall system-config-firewall-tui 12

Basic installation and configuration Action Command For all components Install Open. SSH client and mlocate ‘yum install openssh-clients 5. 3 p 1 -94. el 6. x 86_64 mlocate’ Update you system and further reboot your system ‘yum update && shutdown –r now’ 13

Java installation and configuration Action Command For all components Create a directory for the ‘mkdir /opt/<component_ID>’ component (named with component ID) Installing Java ‘mkdir Create Java directory /opt/<component_ID>/java’ 14

Java installation and configuration Action Command For components id Portal, DP, IS Download java installer and ‘tar –xfv jdk-7 u 51 -linuxextract archive x 64. tar. gz’ For component id SOI Download java installer and ‘tar –xfv jdk-6 u 45 -linuxextract archive x 64. tar. gz’ 15

Java installation and configuration Action Command For components id Portal, DP, IS Create alternatives: • /usr/bin/javac • /usr/bin/jar ‘alternatives --install /usr/bin/java/opt/portal/java/jdk 1. 7. 0_51/bin/java 100 && alternatives --install /usr/bin/javac /opt/portal/java/jdk 1. 7. 0_51/bin/javac 100 && alternatives --install /usr/bin/jar /opt/portal/java/jdk 1. 7. 0_51/bin/jar 100’ For component id SOI ‘alternatives --install /usr/bin/java Create alternatives: java/opt/portal/java/jdk 1. 6. 0_45/bin/java 100 • /usr/bin/java && alternatives --install /usr/bin/javac /opt/portal/java/jdk 1. 6. 0_45/bin/javac 100 && • /usr/bin/javac alternatives --install /usr/bin/jar • /usr/bin/jar /opt/portal/java/jdk 1. 6. 0_45/bin/jar 100’ 16

Java installation and configuration Action Command For components id Portal, DP, IS Add link to JAVA_HOME in • run: ‘vi /etc/profile’ ‘/etc/profile’ • add following line: ‘export JAVA_HOME="/opt/portal/jav a/jdk 1. 7. 0_51"’ • save file Test JAVA_HOME ‘echo $JAVA_HOME && cd $JAVA_HOME’ && $JAVA_HOME/bin/java -version’ 17

Java installation and configuration Action Command For component id SOI Add link to JAVA_HOME in • run: ‘vi /etc/profile’ ‘/etc/profile’ • add following line: ‘export JAVA_HOME="/opt/portal/jav a/jdk 1. 6. 0_45“’ • save file Test JAVA_HOME ‘echo $JAVA_HOME && cd $JAVA_HOME’ && $JAVA_HOME/bin/java -version’ 18

JBoss AS installation Action Command For components id PORTAL, IS, SOI, DP Create user ‘jboss’ and set ‘useradd jboss && passwd jboss’ password in your system For component id PORTAL Download tar archive your ‘tar –xfv jboss-portal-2. 7. 2. tar. gz component in folder && chown –R jboss. ‘/opt/portal’, extract it and set /opt/portal/jboss-portal-2. 7. 2’ the destination folder owner to user ‘jboss’ 19

JBoss AS installation Action Command For component id IS Download tar archive your ‘tar –xfv jboss-4. 2. 3. GA. tar. gz component in folder ‘/opt/is’, && chown –R jboss. extract it and set the /opt/is/jboss-4. 2. 3. GA’ destination folder owner to user ‘jboss’ For component id DP Download tar archive your ‘tar –xfv jboss-4. 2. 3. GA. tar. gz component in folder ‘/opt/dp’, && chown –R jboss. extract it and set the /opt/dp/jboss-4. 2. 3. GA’ destination folder owner to user ‘jboss’ 20

JBoss AS installation Action Command For component id SOI ‘tar –xfv jboss-5. 2. 0. GA. tar. gz Download tar archive your component in folder ‘/opt/soi’, && chown –R jboss. /opt/soi/jboss-4. 2. 3. GA’ extract it and set the destination folder owner to user ‘jboss’ 21

JBoss AS installation Action Command For components id PORTAL, IS, SOI, DP Copy JBoss application ‘cp server run script in $JBOSS_HOME/bin/jboss_init_re ‘/etc/init. d’ dhat. sh /etc/init. d’ Add JBoss AS run script in autorun on the 2345 run levels ‘chkconfig --add jboss_init_redhat. sh && chkconfig --levels 2345 jboss_init_redhat. sh on’ 22

Monitoring client installation Action Command For all components Create user ‘zabbix’ and set password in your system ‘useradd zabbix && passwd zabbix’ Download tar archive of zabbix client to ‘/opt/<component_ID>’, extra ct it and set the destination folder owner to user ‘zabbix’ ‘tar –xfv zabbix. tar. gz chown –R zabbix. /opt/<component_ID>/zabbix’ 23

Monitoring client installation Action Command For all components Copy zabbix run script in ‘/etc/init. d’, change $ZABBIX_HOME in script Add zabbix run script in autorun on the 2345 run levels ‘cp /opt/<componeni_id> /zabbixd /etc/init. d’ ‘chkconfig --add zabbixd && chkconfig --levels 2345 zabbixd on’ 24

Monitoring client configuration Action Command Configure zabbix_agentd. conf ‘vi$ZABBIX_HOME/conf/zabbix_agentd. conf’ Set IP address for Zabbix server Set host name for Zabbix server For example: Pid. File=$ZABBIX_HOME/log/zabbix_agent d. pid Log. File= $ZABBIX_HOME/log/zabbix_agentd. log Debug. Level=3 Server=XXX. XXX Listen. Port=10050 Start. Agents=3 Hostname=portal-odp Timeout=3 Log. File. Size=2 Enable. Remote. Commands=1 25

Tomcat installation Action Command Only for component ID PORTAL ‘tar –xfv apache-tomcat. Download tar archive sso 6. 0. 29. tar. gz application server in chown –R jboss. ‘/opt/portal’ /opt/portal/apache-tomcat. Extract and set the 6. 0. 29’ destination folder owner to user ‘jboss’ ‘cp /opt/”componetn” /apache. Copy run script in ‘/etc/init. d’ tomcat-6. 0. 29/bin/tomcat. sh Add the script to auto run mode on the 2345 run levels /etc/init. d’ ‘chkconfig --add tomcat. sh chkconfig --levels 2345 tomcat. sh on’ 26

Postgre. SQL installation Action Command Only for component ID DB Download and install postgresql-8. 4. 19 -1 -linuxx 64. run to the folder ‘/opt/db’ ‘chmod +x postgresql-8. 4. 191 -linux-x 64. run’ Install DBMS postgresql 8. 4. 19 ‘. /postgresql-8. 4. 19 -1 -linuxx 64. run’ Set db directory /opt/db/Postgre. SQL and password for super user db 27

Postgre. SQL installation Action Command Only for component ID DB Edit $PGDATA/pg_hba. conf file Set owner postgres to $POSTGERS_HOME ‘vi /opt/db/Postgre. SQL/8. 4/data/pg_hb a. conf’ Add lines how may connected to data base server For example: host all IP/prefix md 5 ‘chown –R postgres. /opt/db/Postgre. SQL’ Restart DBMS ‘service postgres-8. 4 restart’ 28

Increase security Cent. OS Action Command For all components Add mount option's in ‘vi /etc/fstab’ ‘/etc/fstab’ to directories add option’s ‘/tmp’, ‘/var/tmp’ and nodev, nosuid, noexec for /tmp, ‘/dev/shm’ /vat/tmp and /dev/shm and save file Locked to launch shell programs: ‘/usr/bin/curl’, ‘/usr/bin/perl*’, ‘/bin/chmod’, ‘/usr/bin/*ftp*’, ‘/bin/umount’ ‘chmod 754 /usr/bin/curl && chmod 744 /usr/bin/perl* && chmod 754 /bin/chmod && chmod 754 /usr/bin/*ftp* && chmod 754 /bin/umount &&’ 29

Networking 30

Networking NAT routing Redirecting requests for public port connections handled by the iptables, by creating rules in the table NAT chain PREROUTING and OUTPU Component ID Destination Port Redirect Port PORTAL 80 8081 IS 80 8080 SOI 80 18080 DP 80 8081 31

Networking (local interaction) Source IP or Domain portal-odp. nmdis. gov. cn db-odp. nmdis. gov. cn is-odp. nmdis. gov. cn soi-odp. nmdis. gov. cn dp-odp. nmdis. gov. cn sys-dop. nmdis. gov. cn Source port any Destination IP or Domain Destination portal-odp. nmdis. gov. cn any db-odp. nmdis. gov. cn any is-odp. nmdis. gov. cn any soi-odp. nmdis. gov. cn any dp-odp. nmdis. gov. cn any sys-dop. nmdis. gov. cn any 32

Networking Interaction ODP Regional node to a ODP Global node Source IP or Domain portal-odp. nmdis. gov. cn db-odp. nmdis. gov. cn is-odp. nmdis. gov. cn soi-odp. nmdis. gov. cn dp-odp. nmdis. gov. cn sys-dop. nmdis. gov. cn Source port Destination IP or Domain portal. odp. meteo. ru any Destination port 80, 8081 db. odp. meteo. ru none is. odp. meteo. ru 80, 8080 soi. odp. meteo. ru 80, 18080 dp. odp. meteo. ru 80, 8081 mon. odp. meteo. ru 10050, 10051 33

Networking Interaction ODP Global node to a ODP Regional node Source IP or Domain Source port Destination or Domain portal-odp. nmdis. gov. cn portal. odp. meteo. ru db. odp. meteo. ru is. odp. meteo. ru soi. odp. meteo. ru dp. odp. meteo. ru sys. odp. meteo. ru any Destination port 20, 21, 22, 8080, 8081 db-odp. nmdis. gov. cn 20, 21, 22, 5432 is-odp. nmdis. gov. cn 20, 21, 22, 8080 soi-odp. nmdis. gov. cn 20, 21, 22, 80, 18080 dp-odp. nmdis. gov. cn 20, 21, 22, 8081 sys-dop. nmdis. gov. cn 20, 21, 22, 5432, 10050, 10051 34

Networking with in Internet user’s Source IP or Domain Source port Destination IP or Domain Destination port Interaction node *. nmdis. gov. cn (China) to a Internet portal-odp. nmdis. gov. cn any db-odp. nmdis. gov. cn any is-odp. nmdis. gov. cn any soi-odp. nmdis. gov. cn any dp-odp. nmdis. gov. cn any sys-dop. nmdis. gov. cn any 80, 443 Interaction Internet to a node *. nmdis. gov. cn (China) any portal-odp. nmdis. gov. cn 80, 8081 db-odp. nmdis. gov. cn none is-odp. nmdis. gov. cn 80, 8080 soi-odp. nmdis. gov. cn 80, 18080 dp-odp. nmdis. gov. cn 80, 8081 sys-dop. nmdis. gov. cn none 35

Questions? 36