Walkthrough: Installing individual components for Linux and Oracle environments
Requirements for installing individual components on UNIX and Linux section to review the required planning information for installation.This walkthrough topic provides a list of the steps required to install TrueSight Server Automation components in a Linux/Oracle environment. Note that walkthrough topics are targeted to experienced TrueSight Server Automation users, and do not include relevant planning and prerequisite information. If you are not an experienced user, see the topics in the
This topic includes the following sections:
Step 1: Configure the Oracle database instance
To configure the Oracle database for TrueSight Server Automation, do the following:
- Edit the init.ora file (where the instance the blade schema is located, for example, ../oracle/product/11.2.0/dbs/init.ora) to set the following initialization parameters:
- db_block_size must be set to 8192
- Processes must be set to at least 200
Ideally, the number of processes should be 30 to 40 greater than the total number of job-related and nonjob-related database connections configured for all Application Servers in your environment.
If you are running BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation, the number of processes should ideally be 20 to 30 higher than the total number of job-related and nonjob-related database connections.
For more information about configuring Application Servers, see Configuring the Application Server.
All other configuration parameters can be set at the discretion of the database administrator.
- If the database is configured for the UTF8 or AL32UTF8 character set (
NLS_CHARACTERSETparameter) in a LATIN-1 locale, and the CHAR schema is used as an underlying persistent schema, set the
NLS_LENGTH_SEMANTICSparameter of the database to CHAR to prevent column field overflow. Set this parameter before you run the master schema script to set up the database schema.
- Ensure that all synonyms are public.
Step 2: Run the script for creating an Oracle user
- Create the directory with the correct permissions to be used for the tablespace for the new schema. BMC recommends creating a directory on a disk separate from the Oracle system tables located at ../oradata/<SID>. For example:
chown oracle:dba /u01/app/oracle/oradata/bsa
- Copy installation scripts from the db_scripts directory (for example, ..<download_directory>/Disk1/files/configurations/db_scripts/) into the directory that you created for the tablespace. For details on the db_scripts directory, see Downloading the installation files. The relevant scripts appear in the /db_scripts/oracle/ and /db_scripts/oracle/schema directories.
- Change directory (
cd) to /db_scripts/oracle/schema.
Modify the create_oracle_instance.sql script and change the path for data files to match the directory you created for the tablespace for the new schema.
Note: Be sure to change both the
ALTER DATABASEcommands. You must change the path in four places.
- (Optional) If required by your company policy, you can modify the create_oracle_instance.sql script to revoke the RESOURCE and UNLIMITED TABLE SPACE privileges, and replace them with more granular privileges.
Click here if your company policy does not allow you to grant the RESOURCE privilege to BLADELOGIC.
- EXECUTE ON DBMS_LOCK (required for carrying out a handshake between TrueSight Server Automation database and the BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation ETL during database clean up.)
- CREATE VIEW
If your company policy does not allow you to grant the RESOURCE privilege to BLADELOGIC, revoke the RESOURCE privilege and provide the following granular privileges instead:
- CREATE TRIGGER
- CREATE SEQUENCE
- CREATE TYPE
- CREATE PROCEDURE
- CREATE CLUSTER
- CREATE OPERATOR
- CREATE INDEXTYPE
- CREATE TABLE
Click here if your company policy does not allow you to grant the UNLIMITED TABLESPACE privilege to BLADELOGIC.
- SELECT ANY DICTIONARY
- UNLIMITED TABLESPACE
If your company policy does not allow you to grant the UNLIMITED TABLESPACE privilege to BLADELOGIC, revoke the UNLIMITED TABLESPACE privilege and provide the following granular privilege on the relevant tabelspaces (BLADELOGIC and BLADELOGIC_INDEX) instead:
Grant UNLIMITED QUOTA on <tablespace>
Start SQL*Plus using a user name that has sysdba privileges. For example, you might enter the following commands:
sqlplus /nolog SQL> connect sys/manager as sysdba
Run the create_oracle_instance.sql script by using the following commands:
SQL> @/u01/app/oracle/oradata/bsa/create_oracle_instance.sql; SQL> exit
Step 3: Run the schema creation script
- Change (
cd) to /db_scripts/oracle.
Log on to the TrueSight Server Automation database with the BladeLogic user and password you just created with the create_oracle_instance.sql script.
sqlpluswith the following values:
Logon name of the TrueSight Server Automation database user that you created in To set up an Oracle database user
TrueSight Server Automation database user password. Do not specify a password that begins with an equal sign (=).
tns entry for the BMC BladeLogic database instance
Start a log and run the master script that corresponds to the character sets for which your database is configured.
SQL> spool create_bladelogic_schema.log SQL> start <master_script.sql> <BL_DATA> <BL_INDEX> SQL> spool off
Replace the variables with the following values:
oracle_master.sql if your database is configured for char/varchar character sets or oracle_nchar_master.sql if your database is configured for nchar/nvarchar character sets
TrueSight Server Automation data tablespace name. This name must match the data tablespace name in the create_oracle_instance.sql script (by default, BLADELOGIC).
TrueSight Server Automation index tablespace name. This name must match the index tablespace name in the create_oracle_instance.sql script (by default, BLADELOGIC_INDEX).
After executing the master script, check the create_bladelogic_schema.log file for errors.
Step 4: Install the agent on the file server
A file server should meet the following requirements:
An RSCD agent must be installed and should be the same version as the Application Server.
Do not limit access to the file server by pushing agent ACLs to the agent on the file server. All users must be mapped to the same user on the file server.
As a minimum, a file server must have 72 GB of available, nonredundant, disk space. BMC recommends that the file server be allotted 200 GB or more of available RAID 5 disk space.
- Define a user name on the file server, and map all users to that user name. Without this mapping, a user may not be able to access a file that another user has stored on the file server. To accomplish the necessary mapping, create an entry like the following in the exports file on the file server:
<appServer> rw,user= <userName>
Where <appServer> is a comma-separated list of Application Server names or IP addresses (IPv4 or IPv6) and <userName> is the name to which all users are mapped.
The default location of the exports file is:
- (Windows) C:\Windows\rs
- (Linux): /etc/rsc
- Map the internal System:System role/user to the user name defined on the file server. To accomplish the mapping, create an entry like the following in the users.local file on the file server:
Where <userName> is the name to which all users are mapped, typically bladmin or administrator.
If the required directory structure does not already exist on the file server, the system process attempts to create it.
The default location of the users.local file is:
- (Windows) C:\Windows\rs
- (Linux): /etc/rsc
- If your file server location is on partition or a mounted storage, you must ensure that the mount point for the storage or partition is consistent even if the file server host is restarted.
For example, on Linux, you can ensure this by configuring the fstab file in the etc folder of your machine. The fstab file maps the Universally Unique Identifier (UUID) of a storage or partition to the directory it should be mounted on.
TrueSight Server Automation uses the file server to store the contents of files included in snapshots, Network Shell scripts, BLPackages, software packages, and other types of information that is not easily stored in the database. The file server must have a RSCD agent installed on it, as described in the following procedure.
- Navigate to the directory containing installation files and run the installation script for the RSCD agent. Script names follow the convention: RSCDversion-platform. For a list of all the different agent installation files for the various platforms, see Installation programs for TrueSight Server Automation.
You must execute the installation from a root shell. Do not execute the installation script from a non-root account.
- The following message is displayed:
Please choose the installation directory. [/opt/bmc/bladelogic]
- To install the RSCD agent in /opt/bmc/bladelogic, press Enter. Or enter another directory path.
A message prompts you to choose a language for the installation program.
- Enter the number representing the language that you want to use for the installation.
A welcome message is displayed.
- Press Enter.
The following message is displayed:
Do you agree to the terms of the license agreement (y for Yes) ?
The following message is displayed:
============== Select Installation Components ============= Server Utilities 1 - RSCD Agent 9 - Start the installation A - Select all components Select component
- Enter 1.
A plus sign (+) appears next to the RSCD Agent to indicate you have chosen to install it.
- Enter 9.
A message is displayed, asking you if you want to continue.
- Enter y.
Follow the instructions in the installation script.
Installation is complete. The agent starts automatically.
TrueSight Server Automation version 8.9.03 and later support Security-Enhanced Linux (SELinux). You do not need to enable the
allow_execstackcommands during agent installation. If it is already enabled on the target the agent installer will not disable it. Note that support for SELinux is limited to the following configured state (as defined through /etc/sysconfig/selinux):
Multi Level Security is not supported.
For additional information on restricting access to RSCD agents, see How TrueSight Server Automation grants access to RSCD agents.
Step 5: Install the Application Server
- Linux platforms on which you plan to install the Application Server or Network Shell must have the appropriate version of libtermcap.so.2 shared library installed. Install the shared library before installing these components. For more information, see Requirement for installing the Application Server, TrueSight Server Automation Console, or Network Shell on Linux.
- The UNIX or Linux file system partition to which you plan to install the Application Server must not be mounted with the nosuid option.
- Set the umask for the root user to 0022 on the Application Server host computer.
- TrueSight Server Automation might have many open files at any given point in its operation. Therefore, unless your environment has specific needs for a more restrictive setting (depending on the specific operation of the Application Server), BMC recommends that you ensure that the following operating system parameters are set for the bladmin user. These settings should be permanently set for the user (for example, in the /etc/security/limits.conf file for Linux):
- Set core files to unlimited.
- Set the number of open file descriptors to 8192
Optionally, set the INSTALL_FILES_TEMP environment variable to a valid, writable directory. If this variable is set, the installer files are stored in that location, thereby reducing the disk space requirements for /tmpduring the installation. Enter the following commands at the operating system command line:
INSTALL_FILES_TEMP=<temporaryDirLocation> export INSTALL_FILES_TEMP
For more information, see Methods for reducing installation space on Linux and UNIX.
In a UNIX environment, if the Application Server and the File Server are on the same box, use only the Application Server installer, not the separate RSCD agent installer for the file server.
- Navigate to the directory containing installation files and run the installation script for TrueSight Server Automation. (Script names follow the convention: BSAversion-platform.) BMC recommends that you execute the installation from a root shell. Do not execute the installation script from a non-root account. For example:
Select the following individual components in the installation script. A plus sign (+) appears next to the component to indicate you have chosen to install it.
Enter 1 to select the RSCD Agent.
Enter 2 to select the Application Server.
- Enter 3 to select Network Shell.
- (optional) Enter P to select PXE Server if you are setting up provisioning.
(optional) Enter T to select TFTP Server if you are setting up provisioning.
==== TrueSight Server Automation Suite 8.9.03 === ================== Select Installation Components ================== Server Utilities 1 - RSCD Agent 2 - Application Server P - PXE Server T - TFTP Server Client Utilities 3 - Network Shell 9 - Start the installation A - Select all components Select component:
- Select 9 to start the installation.
When you see the prompts to set up the root privileges for the RSCD Agent, select n.
You will manually configure these privileges later, before you run the post-install configuration utilty (blappconf).
Set up an initial host with root equivalency (y/n) ? n Set up a mapping for a particular client user (y/n) ? n
- Follow the remaining instructions in the installation script.
- To avoid permission issues with bladmin, do not install a local installation beneath the root home directory.
If you are setting up VMware ESX servers, you must define certain properties that allow the Application Server to communicate with a web service which accesses the ESX server's virtual infrastructure. For more information on configuring an ESX server, see Setting up a VMware vSphere environment.
TrueSight Server Automation version 8.8 and later support Security-Enhanced Linux (SELinux). You do not need to enable the
allow_execstack commands during agent installation. If it is already enabled on the target the agent installer will not disable it. Note that support for SELinux is limited to the following configured state (as defined through /etc/sysconfig/selinux):
Multi Level Security is not supported.
Step 6: Run the post-install configuration utility
The Post-Install Configuration wizard consolidates the minimum configuration steps that must be performed to set up an Application Server.
Before you configure the Application server, add the property local account name for the file server to /etc/rsc/exports (Linux) or C:\windows\rsc\exports (Windows).
These permissions grant wide-open access to the file server. For more information, see File server requirements.
- To start the Post-Install Configuration wizard, do one of the following:
- Perform an installation that includes installation of the Application Server. The installation program gives you the option of launching the wizard at the end of the installation procedure.
- From the Windows Start menu, select Programs > BMC Software > BladeLogic Server Automation Suite > Utilities > Application Server Configuration Wizard.
- Start the wizard manually by running one of the following commands in the directory where TrueSight Server Automation is installed. Enter the following:
If you invoke the wizard without passing the -i (install) flag, the wizard displays configuration settings that have already been entered for the Application Server and allows you to change those settings.
The configuration wizard opens.
- Read the introductory page and click Next. The Database page appears.
- Choose a Database Type (either Oracle or SQL Server).
- If you are not using a custom connection string, provide the following database configuration information (and do not select the Advanced option):
- Database Server — Host name or IP address (IPv4 or IPv6) of the server running the database.
Database Port— Port the database listens on. By default a TrueSight Server Automation installation uses the following database ports:
- Database Name — Microsoft SQL server database name. By default, the database name is bladelogic . (This option is only available for SQL server databases.)
- SID — System ID of the Oracle database. (This option is only available for Oracle databases.)
- User ID — User name that the database needs to authenticate your connection.
- Password — Password assigned to the user ID.
If you are using a custom connection string, provide the following database configuration information:
- User ID — User name that the database needs to authenticate your connection.
- Password — Password assigned to the user ID.
- Advanced — Select this option to indicate that you are providing a custom connection string.
- Connection String — Type the custom connection string in the field below the Advanced check box.
- Click Next. The File Server page appears.
- Provide the following file server configuration information:
- File Server Name — Host name or IP address (IPv4 or IPv6) of the server where data is stored. By default, the file server is created on the same machine as the Application Server.
- File Server Storage Location — Directory on the file server where data is stored. By default, the directory of the file server is <appserverInstallDirectory>/storage.
- Click Next. The Notification Servers page appears.
- Provide information identifying an email server by entering the following under SMTP Options:
- SMTP Server — Name or IP address (IPv4 or IPv6) of the host managing email. (SMTP stands for simple mail transfer protocol.)
- E-mail From — email address from which TrueSight Server Automation-generated email is sent. TrueSight Server Automation jobs can generate email upon their completion.
- If you are using SNMP trap notifications, provide information identifying the SNMP server by entering the following under SNMP Options:
- SNMP Server — Name or IP address (IPv4 or IPv6) of the host to which SNMP traps should be sent.
- SNMP Port — The port on the SNMP server that listens for SNMP traps. By default, the port is set to the standard SNMP port of 162.
- Click Next. The User Passwords page appears.
- Under both RBACAdmin User and BLAdmin User, enter a password and then retype the password to confirm your entry. If a password is already set, you cannot enter a password.
Passwords are used to authenticate the RBACAdmin and BLAdmin users through the SRP authentication protocol.
The RBACAdmin user has full permission to manage roles and users in the RBAC Manager workspace in the TrueSight Server Automation Console, where you can assign permissions for all TrueSight Server Automation users. The BLAdmin user has Read access for all system objects within TrueSight Server Automation. For more information about the RBACAdmin and BLAdmin users, see RBACAdmin and BLAdmin users.
- (optional) In the Advanced Configuration panel, set Enable Provisioning for bare metal provisioning. You must also set up the provisioning system, create components used by the provisioning process, prepare devices, and create and execute Provision Jobs that perform the unattended installation of the operating system. For more information, see Implementation process for provisioning.
- Click Finish.
BMC recommends that you synchronize the clock on the Application Server and all client machines. Clocks should be synchronized to the minute. For example, if an Application Server is in Boston, where the time is 7:04 Eastern Time, set the clock on client machines in San Francisco to 4:04 Pacific Time.
Step 7: Install the console on your client system
- To install the TrueSight Server Automation Console, you can use the installation wizard in the user interface or silent mode. You cannot use console mode. To use the installation wizard, follow the steps below. To use silent mode, see Using silent mode to install the TrueSight Server Automation Console (Linux and UNIX).
- You must have an X Window server installed and configured.
- You must have write access to the /tmp directory, as well as sufficient disk space. To review the hardware requirements for the console, see Minimum hardware requirements.
- Make sure that port 12333 (TCP) is not being used. Installation of the console requires use of this port; if it is already in use, the installation fails.
- Linux platforms on which you plan to install the TrueSight Server Automation Console (RCP client) or Network Shell must have the libtermcap.so.2 shared library installed. Install the shared library before installing these components. For more information, see Requirement for installing the Application Server, TrueSight Server Automation Console, or Network Shell on Linux.
- If the version of the RSCD Agent does not match the version of the console, uninstall the old RSCD Agent and install a new version that matches the console. Stop the RSCD Agent before you try to install the console.
- Navigate to the directory containing installation files and run the installation script for the TrueSight Server Automation Console. (Script names follow the convention: BSACONSOLE<version>-<platformbit>, for example, BSACONSOLE89-SP3-LIN64.bin) You must execute the installation from a root shell. Do not execute the installation script from a non-root account.
- The TrueSight Server Automation Installation window opens.
- Select a language, and then click OK.
A series of messages indicate progress. This process might take several minutes. Then the Welcome window opens.
- Click Next.
The Review License Agreement page opens.
- To accept the license agreement, select I agree to the terms of the license agreement, and then click Next.
The User Inputs window opens.
- (optional) Remove the check marks from any components that you do not want to install, and then click Next.
A series of messages indicate progress.
- (optional) Select Check to install the default .nsh resource files into /etc/skel.
- Click Next.
The Installing window previews the features to be installed.
- To install, click Install. To change your selections, click Previous.
A series of messages indicate progress. This process might take several minutes. Then the Installation Summary window opens, indicating successful installation.
- (optional) Click View Log.
- Click Done.
The window closes. Installation is complete.
Start the RSCD Agent and then start the console (for example, /opt/bmc/BladeLogic/CM/rcp/launcher). To configure the console so that it connects to the default Application Server, click Options.
Click the Authentication Profiles tab and click Add. TrueSight Server Automation clients use authentication profiles to facilitate single sign-on feature. You must create an Authentication profile before you start using the Console. For more information about why we use Authentication Profiles, see System capabilities related to security.
- Enter the following information.
- Assign a name to the authentication profile. For example, you could assign a name such as QATeam, DevTeam, or defaultProfile.
- Enter the name or IP address (IPv4 or IPv6) of the default Application Server to which the client should connect.
- Enter an Authentication Port number to which the client should connect. The same port is used for all TrueSight Server Automation authentication mechanisms. The default Port is 9840. For more information about Console ports, see TrueSight Server Automation ports.
Select any one authentication mechanism for the authentication profile:
- Secure Remote Password.
- AD/Kerberos Single Sign-on.
- Domain Authentication.
- RSA SecurID Authentication.
- Public Key Infrastructure Authentication.
- Click OK.
Click Connect to log on the Application Server using the BLAdmin user that is created while installing the default Application Server node.
If you see a security alert that the certificate is not initially trusted, optionally, you can view the certificate. Or you can simply click Yes to proceed.
The quick start page is the first page that is displayed once you log on the the Console. It introduces you to the main use cases of TrueSight Server Automation and allows you to execute them from a centralized UI immediately after installing the TrueSight Server Automation set up. For information about using the quick start page, see Quick start page. For general information about the UI of the TrueSight Server Automation Console, see Navigating the interface.
Step 8: Connect to the Application Server
From the directory where TrueSight Server Automation is installed (for example, /opt/bmc/BladeLogic/CM), enter
A logon dialog box appears. To log on, you must choose an authentication profile. For more information about creating authentication profiles, see Setting up an authentication profile. Perform the following steps to start the console and connect to the Application Server.
- Using the Authentication profile tab, select an authentication profile.
- If you:
- Possess a valid cached session credential, skip this step and go to the next step.
- Are using Active Directory/Kerberos (ADK) or public key infrastructure (PKI) authentication, skip this step and go to the next step.
- Are using SRP, LDAP, or SecurID authentication, enter your user name and password. For SecurID, your password consists of a PIN followed by the current token code displayed on your RSA SecurID token.
- Are using Domain Authentication, enter your user name and domain. The domain name must always be capitalized. If you are defined as a member of the default realm, you do not have to enter a domain name. For information about how to set up the default realm for Domain Authentication, see Configuring Domain Authentication.
To change the setting for caching session credentials or the display language, click Options. The logon window expands to show additional options in a tabbed format. By default the Generaltab is open.
Save credential for this session
Saves a session credential between sessions.
By default, this option is not checked. The setting for this option remains in effect for future logons until you change the setting. If a session credential is already cached, this option is dimmed.
Displays your choice of language (either your previous choice or your acceptance of the installation default). Select a new display language for the console or keep the current user preference. The selection remains in effect as your default language for future logons until you make a new choice.
- Click Connect.
If the Application Server presents the TrueSight Server Automation Console with an X.509 certificate that is not trusted, a security alert appears. Most Application Servers use self-signed certificates, so typically you encounter this dialog box the first time you access a particular Application Server.
- If a security alert does not display, skip this step and go to the next step. If a security alert describes an untrusted certificate, do one of the following:
- To return to the logon dialog box, click No. You can cancel the logon session or use a different authentication profile to log on.
- To accept the unknown certificate and proceed with the logon, click Yes.
- To examine details about the certificate, click View Certificate. For more information about this procedure, see Viewing an untrusted certificate. After examining the certificate, click Yes or No, as described above.
- If multiple roles are associated with your user name, the Assume Role dialog box appears. From this dialog box, for Select Role, choose the role you want to use.
If you prefer, you can switch roles later at any time during a session. (See Switching roles.)
Click OK. The TrueSight Server Automation Console appears.
When the console starts, by default it loads certain types of information by running a background operation. The Show background operations icon Running background operations.in the lower right corner of the console indicates a background process is running. For information about background processes, see