Preparing to install the Application Server and ETL Engine
Before installing the Application Server and ETL Engine, ensure that your environment meets the installation requirements, and complete the tasks described in this section.
Preparing to install the Application Server without a sysdba password
The sysdba password is needed to automatically create users and tablespaces during installation. If you do not have a sysdba password, you can set up the database users and tablespaces manually before you install the product using scripts provided with the installer.
If the Database Administrator cannot provide the sysdba password, do the following to create users and tablespaces manually:
- Log in to the host computer on which you want to install the Application Server and ETL Engine, and create a temporary directory.
Extract the downloaded files to the temporary directory.
Navigate to the <temp_download>/BCO/Disk1/scripts folder.
Based on the database you are using, copy the following database creation script from the scripts folder to the database server.
(Oracle)
create_users_tablespaces.sql
(PostgreSQL)
create_postgres_users_tablespaces.sql
Log in to the database server and navigate to the folder in which you have copied the script.
- Edit the script and modify the required values such as database users, roles, and tablespace names.
Ensure to use the same values when you choose the Use existing database users and tablespaces option while installing. Run the script.
For information about supported database versions and requirements, see
Database requirements
.
Preparing to install the Application Server as a non-root user
BMC recommends that you install the TrueSight Capacity Optimization product as a root user. If you cannot perform the installation as a root user, do the following:
If you have access to the root user, proceed to Installing the Application Server and ETL Egine. The required user, group, and system properties will be automatically set by the installer.
If you are using a
supported Oracle Database Server
, you must have a
supported Oracle Client
installed on the host system or virtual machine.
Create the system user, and its home folder.
As a best practice, name the user group
cpit
, user namecpit
, and the home directory/opt/bmc/BCO
.mkdir /opt/bmc/BCO groupadd -g 87654321 cpit useradd -g cpit -d /opt/bmc/BCO -s /bin/bash -c "BMC TrueSight Capacity Optimization" -K UMASK=007 cpit chown cpit:cpit /opt/bmc/BCO chmod 770 /opt/bmc/BCO
Note
UMASK
for cpit has been explicitly set to allow users in the same group to modify files, and allow every user in the system to read files and folders created by the cpit user.- Ensure that the primary group names do not include space or parenthesis.
- Change the default password, 'cpit', for the cpit user.
Define the open file limit for the cpit user. Defining this limit allows simultaneous execution of other operations on the same host. For example, importing data using ETL tasks.
echo "cpit soft nofile 10240" >> /etc/security/limits.conf echo "cpit hard nofile 65536" >> /etc/security/limits.conf sysctl -p
Create a temporary folder for the installation files. BMC recommends you to use
/opt/cpitinstall
.Define the cpit user as the owner of the temporary folder:
chown -R cpit:cpit /opt/cpitinstall
- (Optional) If, on the application server, you plan to run an ETL process that accesses Windows shares, you need to enable permission for the application server to mount Windows shares. For more information, see
Enabling Windows shares mounting
.
- (Optional) Ensure that the Capacity Optimization system user who runs the Application Server and ETL Engine has permissions to use the system crontab file:
- If the host has a cron.deny policy, ensure that the Capacity Optimization user is not included in it.
- If the host has a cron.allow policy, add the Capacity Optimization user to it.
Preparing for TLS-enabled communication between the internal database and the product components
The internal database (Oracle or PostgreSQL) communicates with the Application Server and ETL Engine. By default, this communication is non-secure.
To upgrade the communication channel security to use TLS 1.2 with server certificate validation, do the following:
Before you begin
- Ensure that you use the Oracle database and client versions that support TLS 1.2. For more information, see Database requirements
.
- Ensure that the Oracle database is configured in TLS 1.2 mode.
- Ensure that a TLS 1.2 compliant ojdbc7.jar file exists in the <Oracle client home>/jdbc/lib directory. If not, copy the file from the Oracle website
.
I. Procure the Oracle server security certificate and configure the Oracle wallet
Procure the Certificate Authority (CA) signed Oracle server certificate from the system administrator of your organization. Ensure that the certificate is in x509 format. For example, oracle.crt.
Procure and configure the Oracle wallet for the Oracle client. For more information, see Creating and Managing Oracle Wallet
.
Ensure that the Oracle client communicates with the server securely on TCPS port. For more information, see Configuring Secure Sockets Layer Authentication
.
II. Import the security certificate
The Application Server and ETL Engine use the cotruststore.ts truststore to communicate with the Oracle database. This truststore is bundled along with the Server installation, and is located in the directory where you extracted the installation files. Example: BCO/Disk1
.
Do the following on both the Application Server and the ETL Engine to import the security certificate into their truststore files:
Log in to the computer where the Application Server and the ETL Engine are installed.
The keytool utility that is used to import the certificates is present in the directory where you extracted the installation files. Example:
BCO/jre/bin
. Add this directory path to the PATH environment variable:export PATH= BCO/jre/bin:$PATH
Navigate to the directory where you extracted the installation files (Example:
BCO/Disk1)
and import the procured certificates by running the following command:keytool -importcert -trustcacerts -file <path>/<oracle certificate.crt> -keystore cotruststore.ts -alias CODB -storepass changeit
where <oracle certificate.crt> is the name of the procured Oracle certificate and changeit is the default password of the truststore cotruststore.ts as it exists in directory where you extracted the installation files. Example: BCO/Disk1.
Ensure that CODB is used as the alias name.
The Oracle server security certificate is now installed and will be enabled when you install the product.
I. Procure and copy the PostgreSQL server security certificate
Procure the Certificate Authority (CA) signed certificate for the PostgreSQL database from the system administrator of your organization. Ensure that the certificate is in x509 format. For example, postgres.crt.
Save the procured certificate file in the directory where you extracted the installation files. Example,
BCO/Disk1
.
II. Import the security certificate
The Application Server and ETL Engine use the cotruststore.ts truststore to communicate with the PostgreSQL database. This truststore is bundled along with the Server installation, and is located in the directory where you extracted the installation files. For example, BCO/Disk1
.
Do the following on both the Application Server and the ETL Engine to import the security certificate into their truststore files:
Log in to the computer where the Application Server and the ETL Engine are installed.
The keytool utility that is used to import the certificates is present in the directory where you extracted the installation files. Example:
BCO/jre/bin
. Add this directory path to the PATH environment variable:export PATH= BCO/jre/bin:$PATH
Navigate to the directory where you extracted the installation files (Example:
BCO/Disk1)
and import the procured certificates by running the following command:keytool -importcert -trustcacerts -file <path>/<postgres certificate.crt> -keystore cotruststore.ts -alias CODB -storepass changeit
where <postgres certificate.crt> is the name of the procured PostgreSQL certificate and changeit is the default password of the truststore cotruststore.ts as it exists in directory where you extracted the installation files. Example: BCO/Disk1.
Ensure that CODB is used as the alias name.
The PostgreSQL server security certificate is now installed. You must now run the installer to enable TLS.
Where to go from here
Perform the other preinstallation tasks listed in Preparing to install TrueSight Capacity Optimization.
Comments
Hi, can we have a similar script for Postgres?
it seems that the scripts are just for Oracle, but postgres is now supported as well. It would be nice to have such scripts.
Hi again, Can we get the script for postgres DB creation?
in the part of the documentation to perform the installation of the AS:
(PostgreSQL only) Configure the PostgreSQL database.
About the part "and have manually set up the database users and tablespaces before starting installation," can we know how to do it? we just need a script to set up the 4 tablespaces, the users, roles, etc...
If not is not possible to create the DB as we do not have the sysdba password and we are required to provide the script to create all.
Thank you in advance.
Hi Nacho,
Thank you for the feedback. We will check with the SMEs and update the topic accordingly.
Regards, Bipin Inamdar