Preparing to install the Application Server and ETL Engine


Before installing the Application Server and ETL Engine, ensure that your environment meets the installation requirements, and complete the tasks described in this section.

Preparing to install the Application Server without a sysdba password

The sysdba password is needed to automatically create users and tablespaces during installation. If you do not have a sysdba password, you can set up the database users and tablespaces manually before you install the product using scripts provided with the installer.

If the Database Administrator cannot provide the sysdba password, do the following to create users and tablespaces manually: 

  1. Log in to the host computer on which you want to install the Application Server and ETL Engine, and create a temporary directory.
  2. Extract the downloaded files to the temporary directory. 

  3. Navigate to the <temp_download>/BCO/Disk1/scripts folder.

  4. Based on the database you are using, copy the following database creation script from the scripts folder to the database server. 

    • (Oraclecreate_users_tablespaces.sql

    • (PostgreSQLcreate_postgres_users_tablespaces.sql

  5. Log in to the database server and navigate to the folder in which you have copied the script.

  6. Edit the script and modify the required values such as database users, roles, and tablespace names. 
    Ensure to use the same values when you choose the Use existing database users and tablespaces option while installing.
  7. Run the script.

For information about supported database versions and requirements, see  Database Server requirements .


Preparing to install the Application Server as a non-root user

BMC recommends that you install the TrueSight Capacity Optimization product as a root user. If you cannot perform the installation as a root user, do the following: 

If you have access to the root user, proceed to Installing the Application Server and ETL Egine. The required user, group, and system properties will be automatically set by the installer.

If you are using a supported Oracle Database Server, you must have a  supported Oracle Client installed on the host system or virtual machine. For more information, see supported Oracle Database Server .

  1. Create the system user, and its home folder.

    As a best practice, name the user group cpit, user name cpit, and the home directory /opt/bmc/BCO.

    mkdir /opt/bmc/BCO
    groupadd -g 87654321 cpit
    useradd -g cpit -d /opt/bmc/BCO -s /bin/bash -c "BMC TrueSight Capacity Optimization" -K UMASK=007 cpit
    chown cpit:cpit /opt/bmc/BCO
    chmod 770 /opt/bmc/BCO

    Note

    • UMASK for cpit has been explicitly set to allow users in the same group to modify files, and allow every user in the system to read files and folders created by the cpit user.
    • Ensure that the primary group names do not include space or parenthesis.
  2. Change the default password, 'cpit', for the cpit user.
  3. Define the open file limit for the cpit user. Defining this limit allows simultaneous execution of other operations on the same host. For example, importing data using ETL tasks.

    echo "cpit soft nofile 10240" >> /etc/security/limits.conf
    echo "cpit hard nofile 65536" >> /etc/security/limits.conf
    sysctl -p

  4. Create a temporary folder for the installation files. BMC recommends you to use /opt/cpitinstall.

  5. Define the cpit user as the owner of the temporary folder: chown -R cpit:cpit /opt/cpitinstall

  6. (Optional) On the application server, if you plan to run an ETL process that accesses Windows shares, you need to enable permission for the application server to mount Windows shares. For more information, see  Enabling Windows shares mounting .
  7. Ensure that the Capacity Optimization system user who runs the Application Server and ETL Engine has permissions to use the system crontab file:
    • If the host has a cron.deny policy, ensure that the Capacity Optimization user is not included in it.
    • If the host has a cron.allow policy, add the Capacity Optimization user to it.


Preparing for TLS-enabled communication between the internal database and the product components

The internal database (Oracle or PostgreSQL) communicates with the Application Server and ETL Engine. By default, this communication is non-secure. 

To upgrade the communication channel security to use TLS 1.2 with server certificate validation, do the following:

Before you begin

  • Ensure that you use the Oracle database and client versions that support TLS 1.2. For more information, see TLS considerations for TrueSight Capacity Optimization.
  • Ensure that the Oracle database is configured in TLS 1.2 mode.
  • Ensure that a TLS 1.2 compliant ojdbc7.jar file exists in the <Oracle client home>/jdbc/lib directory. If not, copy the file from the Oracle website .

I. Procure the Oracle server security certificate and configure the Oracle wallet

  1. Procure the Certificate Authority (CA) signed Oracle server certificate from the system administrator of your organization. Ensure that the certificate is in x509 format. For example, oracle.crt.

  2. Procure and configure the Oracle wallet for the Oracle client. For more information, see Creating and Managing Oracle Wallet .

  3. Ensure that the Oracle client communicates with the server securely on TCPS port. For more information, see Configuring Secure Sockets Layer Authentication .

II. Import the security certificate

The Application Server and ETL Engine use the cotruststore.ts truststore to communicate with the Oracle database. This truststore is bundled along with the Server installation, and is located in the directory where you extracted the installation files. Example: BCO/Disk1. 

Do the following on both the Application Server and the ETL Engine to import the security certificate into their truststore files:

  1. Log in to the computer where the Application Server and the ETL Engine are installed.

  2. The keytool utility that is used to import the certificates is present in the directory where you extracted the installation files. Example: BCO/jre/bin. Add this directory path to the PATH environment variable: export PATH= BCO/jre/bin:$PATH

  3. Navigate to the directory where you extracted the installation files (Example: BCO/Disk1) and import the procured certificates by running the following command:

    keytool -importcert -trustcacerts -file <path>/<oracle certificate.crt> -keystore cotruststore.ts -alias CODB -storepass changeit

    where <oracle certificate.crt> is the name of the procured Oracle certificate and changeit is the default password of the truststore cotruststore.ts as it exists in directory where you extracted the installation files. Example: BCO/Disk1.
    Ensure that CODB is used as the alias name.


The Oracle server security certificate is now installed and will be enabled when you install the product.

I. Procure and copy the PostgreSQL server security certificate

  1. Procure the Certificate Authority (CA) signed certificate for the PostgreSQL database from the system administrator of your organization. Ensure that the certificate is in x509 format. For example, postgres.crt.

  2. Save the procured certificate file in the directory where you extracted the installation files. Example, BCO/Disk1.

II. Import the security certificate

The Application Server and ETL Engine use the cotruststore.ts truststore to communicate with the PostgreSQL database. This truststore is bundled along with the Server installation, and is located in the directory where you extracted the installation files. For example, BCO/Disk1.

Do the following on both the Application Server and the ETL Engine to import the security certificate into their truststore files:

  1. Log in to the computer where the Application Server and the ETL Engine are installed.

  2. The keytool utility that is used to import the certificates is present in the directory where you extracted the installation files. Example: BCO/jre/bin. Add this directory path to the PATH environment variable: export PATH= BCO/jre/bin:$PATH

  3. Navigate to the directory where you extracted the installation files (Example: BCO/Disk1) and import the procured certificates by running the following command:

    keytool -importcert -trustcacerts -file <path>/<postgres certificate.crt> -keystore cotruststore.ts -alias CODB -storepass changeit

    where <postgres certificate.crt> is the name of the procured PostgreSQL certificate and changeit is the default password of the truststore cotruststore.ts as it exists in directory where you extracted the installation files. Example: BCO/Disk1.
    Ensure that CODB is used as the alias name.


The PostgreSQL server security certificate is now installed. You must now run the installer to enable TLS.


Sharing the Content Repository directory

In an environment that has multiple Application Servers or a distributed Application Server, you must share the Content Repository directory.

The Content Repository directory needs to be accessed in read/write mode by the web console and Primary Scheduler, and in read-only mode by the web application component. In addition, the TrueSight Capacity Optimization user on each computer must have permissions to read, write, and update files in the Content Repository. For users to have the required permissions, the UID of the cpit users must be same across all Application Servers in an environment.

To share the Content Repository between two Application Servers, AS1 that is running the web application component, and AS2 that is running the Data hub and Primary scheduler, do the following:

  1. Run the installer first on AS1 and then on AS2.
  2. Share the Content Repository that has been created by the installer on each Application Server via a shared file system (NFS, by configuring a mount point on all servers, that maps an external storage).
  3. Copy the directory and subdirectories structure of Content Repository, from either AS1 or AS2 to the shared Content Repository location. For more information, see System-level administration overview.
  4. Mount the Content Repository location from both AS1 and AS2.


Preparing to install a Remote ETL Engine

To install a remote ETL Engine, you must forward a port on your external firewall to your TrueSight Capacity Optimization Data hub external communication port, to expose it to the remote ETL. You will be asked to provide external Data hub and port parameters during the configuration procedure. Configure both firewall and Data hub if you plan to have a remote ETL installation.


Preparing to install a Remote ETL Engine with a proxy server

This feature is available in Service Pack 1 (11.5.01) of TrueSight Capacity Optimization 11.5.

The Remote ETL engine supports proxy server configuration for communication between the Remote ETL Engine scheduler and the Application Server.

To enable configuration settings for proxy server, do the following to update the Application Server installer:

  1. Log in to the remote computer on which you want to install the Remote ETL Engine, and create a temporary directory.
    You can install the product as a root or a non-root user. BMC recommends that you install it as a root user, because some of the installation steps are available only to the root user.
  2. Extract the TSCO_AppServer_ver11.5.00_Linux.tar.gz file to the temporary directory. Example: TSCO_temp.

  3. Extract the REE_Installer_Proxy_Update.zip  to a different temporary directory. Example: TSCO_temp_REE.
    Ensure that the temporary directory is different from the installation directory to avoid any file sharing conflict.

  4. At the shell prompt, change to the directory where you have extracted the REE_Installer_Proxy_Update.zip installation files. Example: TSCO_temp_REE.
  5. Run the installer. At the shell prompt, type the following command:
    ./ree_pre-installer_proxy_enabler.sh -d <Untar directory location of 11.5.00 TSCO installer>
    Example: ./ree_pre-installer_proxy_enabler.sh -d TSCO_temp/BCO

    After successful installation, the following message is displayed.

  6. Install the Remote ETL Engine on the remote computer. For more information, see Installing the Application Server and the ETL Engine using the wizard.

Where to go from here

Perform the other preinstallation tasks listed in Preparing to install TrueSight Capacity Optimization.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Sujay Sinha

    I believe the point 7 - (Optional) should not be optional .


    As the Capacity Optimization system user who runs the Application Server and ETL Engine has permissions to use the system crontab file.


    Mar 01, 2020 08:18
    1. Bharati Poddar

      Thanks for the comment, Sujay. I have updated Step 7. 

      Jul 21, 2020 01:26