Preparing to install the Application Server and ETL Engine

Before installing the Application Server and ETL Engine, ensure that your environment meets the installation requirements, and complete the tasks described in this section.

Preparing to install without a sysdba password

The sysdba password is needed to automatically create users and tablespaces during installation. If you do not have a sysdba password, you can set up the database users and tablespaces manually before you install the product using scripts provided with the installer.

If the Database Administrator cannot provide the sysdba password, do the following to create users and tablespaces manually: 

  1. Log in to the host computer on which you want to install the Application Server and ETL Engine, and create a temporary directory.
  2. Extract the downloaded files to the temporary directory. 

  3. Navigate to the <temp_download>/BCO/Disk1/scripts folder.

  4. Based on the database you are using, copy the following database creation script from the scripts folder to the database server. 

    • (Oracle) create_users_tablespaces.sql

    • (PostgreSQL) create_postgres_users_tablespaces.sql

  5. Log in to the database server and navigate to the folder in which you have copied the script.

  6. Edit the script and modify the required values such as database users, roles, and tablespace names.
    Ensure to use the same values when you choose the Use existing database users and tablespaces option while installing.
  7. Run the script.

For information about supported database versions and requirements, see  Database requirements .

Preparing to install the Application Server as a non-root user

BMC recommends that you install the TrueSight Capacity Optimization product as a root user. If you cannot perform the installation as a root user, do the following: 

If you have access to the root user, proceed to Installing the Application Server and ETL Egine. The required user, group, and system properties will be automatically set by the installer.

If you are using a  supported Oracle Database Server , you must have a supported Oracle Client  installed on the host system or virtual machine.

  1. Create the system user, and its home folder.

    As a best practice, name the user group cpit, user name cpit, and the home directory /opt/bmc/BCO.

    mkdir /opt/bmc/BCO
    groupadd -g 87654321 cpit
    useradd -g cpit -d /opt/bmc/BCO -s /bin/bash -c "BMC TrueSight Capacity Optimization" -K UMASK=007 cpit
    chown cpit:cpit /opt/bmc/BCO
    chmod 770 /opt/bmc/BCO

    Note

    • UMASK for cpit has been explicitly set to allow users in the same group to modify files, and allow every user in the system to read files and folders created by the cpit user.
    • Ensure that the primary group names do not include space or parenthesis.
  2. Change the default password, 'cpit', for the cpit user.
  3. Define the open file limit for the cpit user. Defining this limit allows simultaneous execution of other operations on the same host. For example, importing data using ETL tasks.

    echo "cpit soft nofile 10240" >> /etc/security/limits.conf
    echo "cpit hard nofile 65536" >> /etc/security/limits.conf
    sysctl -p

  4. Create a temporary folder for the installation files. BMC recommends you to use /opt/cpitinstall.

  5. Define the cpit user as the owner of the temporary folder: chown -R cpit:cpit /opt/cpitinstall

  6. (Optional) If, on the application server, you plan to run an ETL process that accesses Windows shares, you need to enable permission for the application server to mount Windows shares. For more information, see  Enabling Windows shares mounting .
  7. (Optional) Ensure that the Capacity Optimization system user who runs the Application Server and ETL Engine has permissions to use the system crontab file:
    • If the host has a cron.deny policy, ensure that the Capacity Optimization user is not included in it.
    • If the host has a cron.allow policy, add the Capacity Optimization user to it.

Preparing for TLS-enabled communication between the internal database and the product components

The internal database (Oracle or PostgreSQL) communicates with the Application Server and ETL Engine. By default, this communication is non-secure. 

To upgrade the communication channel security to use TLS 1.2 with server certificate validation, do the following:

Before you begin

  • Ensure that you use the Oracle database and client versions that support TLS 1.2. For more information, see Database requirements .
  • Ensure that the Oracle database is configured in TLS 1.2 mode.
  • Ensure that a TLS 1.2 compliant ojdbc7.jar file exists in the <Oracle client home>/jdbc/lib directory. If not, copy the file from the Oracle website .

I. Procure the Oracle server security certificate and configure the Oracle wallet

  1. Procure the Certificate Authority (CA) signed Oracle server certificate from the system administrator of your organization. Ensure that the certificate is in x509 format. For example, oracle.crt.

  2. Procure and configure the Oracle wallet for the Oracle client. For more information, see Creating and Managing Oracle Wallet .

  3. Ensure that the Oracle client communicates with the server securely on TCPS port. For more information, see Configuring Secure Sockets Layer Authentication .

II. Import the security certificate

The Application Server and ETL Engine use the cotruststore.ts truststore to communicate with the Oracle database. This truststore is bundled along with the Server installation, and is located in the directory where you extracted the installation files. Example: BCO/Disk1. 

Do the following on both the Application Server and the ETL Engine to import the security certificate into their truststore files:

  1. Log in to the computer where the Application Server and the ETL Engine are installed.

  2. The keytool utility that is used to import the certificates is present in the directory where you extracted the installation files. Example: BCO/jre/bin. Add this directory path to the PATH environment variable: export PATH= BCO/jre/bin:$PATH

  3. Navigate to the directory where you extracted the installation files (Example: BCO/Disk1) and import the procured certificates by running the following command:

    keytool -importcert -trustcacerts -file <path>/<oracle certificate.crt> -keystore cotruststore.ts -alias CODB -storepass changeit

    where <oracle certificate.crt> is the name of the procured Oracle certificate and changeit is the default password of the truststore cotruststore.ts as it exists in directory where you extracted the installation files. Example: BCO/Disk1.
    Ensure that CODB is used as the alias name.


The Oracle server security certificate is now installed and will be enabled when you install the product.

I. Procure and copy the PostgreSQL server security certificate

  1. Procure the Certificate Authority (CA) signed certificate for the PostgreSQL database from the system administrator of your organization. Ensure that the certificate is in x509 format. For example, postgres.crt.

  2. Save the procured certificate file in the directory where you extracted the installation files. Example, BCO/Disk1.

II. Import the security certificate

The Application Server and ETL Engine use the cotruststore.ts truststore to communicate with the PostgreSQL database. This truststore is bundled along with the Server installation, and is located in the directory where you extracted the installation files. For example, BCO/Disk1.

Do the following on both the Application Server and the ETL Engine to import the security certificate into their truststore files:

  1. Log in to the computer where the Application Server and the ETL Engine are installed.

  2. The keytool utility that is used to import the certificates is present in the directory where you extracted the installation files. Example: BCO/jre/bin. Add this directory path to the PATH environment variable: export PATH= BCO/jre/bin:$PATH

  3. Navigate to the directory where you extracted the installation files (Example: BCO/Disk1) and import the procured certificates by running the following command:

    keytool -importcert -trustcacerts -file <path>/<postgres certificate.crt> -keystore cotruststore.ts -alias CODB -storepass changeit

    where <postgres certificate.crt> is the name of the procured PostgreSQL certificate and changeit is the default password of the truststore cotruststore.ts as it exists in directory where you extracted the installation files. Example: BCO/Disk1.
    Ensure that CODB is used as the alias name.


The PostgreSQL server security certificate is now installed. You must now run the installer to enable TLS.

Where to go from here

Perform the other preinstallation tasks listed in Preparing to install TrueSight Capacity Optimization.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Nacho Capdepon

    Hi, can we have a similar script for Postgres?
    it seems that the scripts are just for Oracle, but postgres is now supported as well. It would be nice to have such scripts.

    Aug 31, 2018 09:51
    1. Nacho Capdepon

      Hi again, Can we get the script for postgres DB creation?

      in the part of the documentation to perform the installation of the AS:

      (PostgreSQL only) Configure the PostgreSQL database.

      Configure connection details Configure schema creation Specify whether to create new database users and tablespaces (default) or use existing database users and tablespaces. If you do not have a sysdba password and have manually set up the database users and tablespaces before starting installation, use the existing database users and tablespaces option.

      About the part "and have manually set up the database users and tablespaces before starting installation," can we know how to do it? we just need a script to set up the 4 tablespaces, the users, roles, etc...

      If not is not possible to create the DB as we do not have the sysdba password and we are required to provide the script to create all.

      Thank you in advance.

      Sep 17, 2018 07:00
      1. Bipin Inamdar

        Hi Nacho,

        Thank you for the feedback. We will check with the SMEs and update the topic accordingly.

        Regards, Bipin Inamdar

        Sep 18, 2018 12:45