Installing the application server on Linux

This topic describes how to install the BMC Network Automation application server on Linux, which includes the installation of a local device agent on the same computer. By default, the local device agent is always active on the server.

A remote device agent offers several operational advantages that might be useful according to your site requirements. A remote device agent, unlike the default local device agent, cannot be installed on the host computer of the server.

The remote device agent is installed on a separate computer by using the same downloaded file or installation media (for example, CD). For more information, see Installing-the-remote-device-agent-on-Linux.

Before you begin

Before you install the application server, perform the following tasks:

Note

If you are installing multiple application servers and prefer to use a repeatable procedure that is not wizard-based, and is non-iterative, refer to Running-the-installer-in-silent-mode.

To install the application server

  1. Log on as root to the host computer where you are installing the server.
  2. Run the umask 022 command.

  3.  Locate the file that you downloaded from the BMC EPD site or on media if you purchased the product with media.
     For information about the EPD site, see Downloading-the-installation-files.
     On media, the Linux installation files are in the /install/linux subdirectory.
     For either downloads from EPD or media, the file name is: bna-server-v.r.mm-linux64.tar.gz

    Note

    v.r.mm is a substitute for the current version, 8.8.00 in this release.

  4.  Extract the file by using the following command. The -p option is required:
    tar -pzxvf bna-server-v.r.mm-linux64.tar.gz

     The following table lists the files contained in the download:

    File

    Description

    Disk1/setup.sh

    The main installation executable

    Disk1/setup.jar

    Compressed Java archive that contains installation files

    Disk1/files

    Main installation files

    Disk1/utility/ BcanMaintenanceTool.sh

    Installation maintenance utility used for various tasks. See Running-the-Maintenance-and-Cleanup-tools.

  5. Run the following command to start the installation program:
    ./setup.sh
    The installer might take a minute or more to start.
  6. Start panel: Select the language to be used for installation.

    BMC Network Automation supports the English, French, and Chinese languages.
  7. Click OK.
  8. Welcome panel: Click Next.
  9. End User License Agreement panel: Review the BMC Network Automation Software License. Select I agree to the terms of the license agreement to continue the installation, and then click Next.

  10. Component Selection panel: Select the Server with Local Device Agent option.

    Note

    The wizard prevents the installation of the server if it detects that a remote device agent has previously been installed on this computer.

  11. Installation Type Selection panel: Select the (default) Typical Setup or Custom Setup option, and click Next.
     Use the following table to select the appropriate option:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  12. Installation Directory panel: Specify the directory in which you want to install the product in the Destination Directory field, and click Next. This directory is the BCAN_HOME directory. (Default) /opt/bmc/bca-networks

    Notes

    • Do not use any spaces, pound ($), hash (#), or at sign (@) in the directory path.
    • The directory path cannot contain any non-Latin characters (Chinese, Japanese, Korean, or similar). These characters cause the installation to fail.
    • You must install the software on a local drive. Do not install the software on a network drive.
    • BMC recommends using the default value for continuity with uninstallation and future upgrades.

  13. Data Directory Information panel: Specify the directory in which you want to install the product data files in the Data Directory field, and click Next. This directory is the BCAN_DATA directory. (Default) /var/bca-networks-data

    Notes

    • Do not use any spaces, or the pound ($), hash (#), or at (@) sign in the directory path.
    • The directory path cannot contain any non-Latin characters (Chinese, Japanese, Korean, or similar). These characters cause the installation to fail.
    • Do not use the root directory.
    • BMC recommends using the default value for continuity with uninstallation and future upgrades.
    • You must install the data files on a local drive. Do not install the data files on a network drive.
    • Ensure that the database directory contains at least 3 GB of free space per 1000 devices because the operational data would increase in size.

  14. OS User Account Information panel: Enter the user name, password, and user group of the BCAN_USER account if this account was created before installation, and click Next.
     If this account was not created, select Create User Account and enter the required information. After the installation, assign the required permissions to this account as mentioned in (Optional) Creating a user account on a Linux server.

    The installer confirms the user name and password during installation. If the user name, password, or group is incorrect, an error message gives details of the problem. Click Previous and enter the correct information.

  15. Web Server Information panel: Change the Web server port numbers, as necessary, to avoid conflicts with other applications on the same host computer, and click Next.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  16. Certificate Information panel: Enter all of the information required for the HTTPS certificate, and click Next.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  17. (Custom installation) Database Information panel: Select and configure the database that you want to use with BMC Network Automation, and click Next.
    PostgreSQL (Embedded) is the default database. This embedded database is installed, upgraded and maintained as part of the product. You can change its defaults if you want.
     The following table lists all the options for the various databases. The three columns on the right indicate which database types have these options.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    Note

    To set up Oracle RAC, select Advanced Connection Settings, and then enter a string similar to the following examples:

     Single Node Environment:
    (DESCRIPTION = (ADDRESS = (PROTOCOL=TCP)(HOST= 10.128.251.110)
    (PORT=1521))(LOAD_BALANCE = yes)(CONNECT_DATA = (SERVER = DEDICATED)
    (SERVICE_NAME = orcl1)(FAILOVER_MODE = (TYPE = SELECT)(METHOD = BASIC))))

    Cluster Environment:
    (DESCRIPTION=(FAILOVER=ON)(ADDRESS=(PROTOCOL=TCP)
    (HOST=scaserv12-orac-1-vip.sca1.bladelogic.com)(PORT=1521))
    (ADDRESS=(PROTOCOL=TCP)(HOST=scaserv12-orac-2-vip.sca1.bladelogic.com)
    (PORT=1521))(LOAD_BALANCE=yes)(CONNECT_DATA=(SERVICE_NAME=BL)))

    Cluster Environment with SCAN name for Oracle 11g R2 and later:
    (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)
    (HOST=bna-oracle-scan-859192.domain.com)(PORT=1521))
    (CONNECT_DATA=(SERVICE_DEDICATED)
    (SERVICE_NAME=orcl.domain.com)))

  18. (Custom installation and Create New User is selected in the previous step) Database Administrator User Inputs panel: Enter the information listed in the following table and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  19. (Custom installation) Authentication Source panel: Select either Local, Active Directory, LDAP, RADIUS, or TACACS/TACACS+ as the authentication method that you want to use for the BMC Network Automation user and click Next.
     When local authentication is selected (default), the product maintains the user account password. Additional configuration panels are displayed based on the authentication method you select.

    Tip

    If you cannot log on using external authentication after installing the software, see Troubleshooting-user-login-to-external-authentication.

    1. (Active Directory) Active Directory Connection Information panel: Enter the following connection settings and click Next.

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    2. Active Directory Search Filter Information panel: Define the Active Directory user account search criteria, and click Next:

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    3. (Optional) After installation, if the authentication fails (for example, users cannot log on), you can manually tweak the settings in the server.xml and/or catalina.properties files located in the BCAN_HOME/tomcat/conf directory. The following code snippet shows an excerpt of an example server.xml file that references an Active Directory authentication setup:

      Example
      <!-- BEGIN: BCA-Networks realm configured by InstallShield -->
      <Realm className="org.apache.catalina.realm.JNDIRealm"
             connectionURL="${bna.jndiRealm.connectionURL}"
             connectionName="${bna.jndiRealm.principal},${bna.jndiRealm.baseDN}"
             connectionPassword="${bna.jndiRealm.connectionPassword}"
             userBase="${bna.jndiRealm.userBase}${bna.jndiRealm.baseDN}"
             userSearch="${bna.jndiRealm.userSearch}"
             userSubtree="${bna.jndiRealm.userSubtree}"
             referrals="${bna.jndiRealm.referrals}"/>
      <!-- END: BCA-Networks realm configured by InstallShield -->

       

      The following code snippet shows an excerpt of an example catalina.properties file that references an Active Directory authentication setup:

      bna.jndiRealm.connectionURL=ldap://ad.lab.local:389
      bna.jndiRealm.alternateURL=
      bna.jndiRealm.principal=cn=Administrator,cn=Users
      bna.jndiRealm.baseDN=dc=lab,dc=local
      bna.jndiRealm.connectionPassword=ddc915f58d57996a8fd9e65cb6d76c40
      bna.jndiRealm.userSearch=(sAMAccountName={0})
      bna.jndiRealm.userBase=ou=Service Accounts,
      bna.jndiRealm.userSubtree=true
      bna.jndiRealm.referrals=follow

    4. (Optional) If you modify the server.xml and/or catalina.properties files manually, stop and start the BCA-Networks Web Service. See Managing-product-services for instructions on how to stop and start the BCA-Networks Web Service.

      Note

      Changes to server.xml are lost during a subsequent upgrade (the file is overwritten). Changes to catalina.properties are preserved.

    5. Proceed to step 20.

    6. (LDAP) LDAP Connection Information panel: Enter the following connection parameters and click Next:

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    7. LDAP Search Filter Information panel: Define the LDAP user account search criteria, and click Next:

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    8. (Optional) After installation, if the LDAP authentication fails (for example, users cannot log on), you can manually tweak the settings in the server.xml and/or catalina.properties files located in the BCAN_HOME/tomcat/conf directory. The following code snippet shows an excerpt of an example server.xml file that references an LDAP authentication setup:

      Example
      <!-- BEGIN: BCA-Networks realm configured by InstallShield -->
      <Realm className="org.apache.catalina.realm.JNDIRealm"
             connectionURL="${bna.jndiRealm.connectionURL}"
             connectionName="${bna.jndiRealm.principal},${bna.jndiRealm.baseDN}"
             connectionPassword="${bna.jndiRealm.connectionPassword}"
             userBase="${bna.jndiRealm.userBase}${bna.jndiRealm.baseDN}"
             userSearch="${bna.jndiRealm.userSearch}"
             userSubtree="${bna.jndiRealm.userSubtree}"
             referrals="${bna.jndiRealm.referrals}"/>
      <!-- END: BCA-Networks realm configured by InstallShield -->

       

      The following code snippet shows an excerpt of an example catalina.properties file that references an LDAP authentication setup:

      bna.jndiRealm.connectionURL=ldap://ldap-server:389
      bna.jndiRealm.alternateURL=ldap://backup-ldap-server:389
      bna.jndiRealm.principal=cn=root
      bna.jndiRealm.baseDN=dc=bmc,dc=com
      bna.jndiRealm.connectionPassword=ddc915f58d57996a8fd9e65cb6d76c40
      bna.jndiRealm.userSearch=(uid=\{0\})
      bna.jndiRealm.userBase=ou=Users,
      bna.jndiRealm.userSubtree=true
      bna.jndiRealm.referrals=follow

    9. (Optional) If you modify server.xml and/or catalina.properties manually, stop and start the BCA-Networks Web Service. See Managing-product-services for instructions on how to stop and start the BCA-Networks Web Service.

      Note

      Changes to server.xml are lost during a subsequent upgrade (the file is overwritten). Changes to catalina.properties are preserved.

    10. Proceed to step 20.

    11. (RADIUS) RADIUS Connection Information panel: Enter the following connection parameters and click Next:

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

      The host name or names that you enter must be known host names in the environment where you are installing the software (that is, must be resolvable).

       If the RADIUS server host name cannot be resolved, if the shared secret does not match the one at the server, or if the server does not support the selected authentication type, any logon attempt fails with an invalid user name or password error message.

       The BCA-Networks.log.0 file provides more detail as to the cause; the server might also have logs that provide information about the failed logons. If any of the parameters are entered incorrectly at installation time, you must re-run the installer and enter the correct values.

       The default location for the BCA-Networks.log.0 file is /var/bca-networks-data/log.

    12. Proceed to step 20.

    13. (TACACS/TACACS+) TACACS Connection Information panel: Enter the following connection parameters and click Next:

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

      Note

      When using TACACS for authentication and Cisco ACS as the authentication server, if Cisco ACS is set up to forward requests to a higher-level database for domain accounts, you must use PAP as the authentication mode. Other modes result in local accounts passing but domain account failing authentication.

      If there is a problem reaching the server, if the shared secret does not match the one at the server, or if the server does not support the selected authentication type, any logon attempt fails with an invalid user name or password error message.

       The BCA-Networks.log.0 file provides more detail as to the cause; the server might also have logs that provide information about the failed logins. If any of the parameters are entered incorrectly at installation time, you must re-run the installer and enter the correct values.

       The default location for the BCA-Networks.log.0 file is /var/bca-networks-data/log.

    14. Proceed to step 20.

  20. Memory and System Options panel: Change memory settings or enter additional startup options if required, and click Next.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  21. (Custom installation) UDDI Registry Information panel: Select Enable Web Services Integration if you are using a Universal Description, Discovery, and Integration (UDDI) database, enter the required information listed in the following table, and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    Note

    These optional details are typically used for disambiguation if a site has deployed multiple application servers. For example, Geography can be used to identify the region that an application server manages. Any client program written to consume BMC Network Automation web services can use the optional details to route its web service requests to the appropriate application server.

  22. (Custom installation) AO Information panel: Select Enable BMC Atrium Orchestrator Integration if you are integrating BMC Network Automation with BMC Atrium Orchestrator, enter the required information listed in the following table, and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  23. (Custom installation) CMDB Integration panel: Select Enable CMDB Integration if you are integrating with BMC Atrium CMDB, enter the required information listed in the following table, and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

  24. (Custom installation) Cloud Service Management (CSM) Integration panel: Select Enable Virtual Data Center if you are integrating with BMC Cloud Lifecycle Management, enter the information listed in the following table, and click Next:

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    Note

    You can also enable integration with BMC Cloud Service Management after installation. See Enabling-the-Virtual-Data-Center for more information. If you enable Cloud Service Management after installation, you must import BMC Cloud Lifecycle Management out-of-box content manually.

  25. Installation Preview panel: Review the summary information, and then click Install.
     If you need to change a setting, click Previous. Each panel retains previous entries unless you change them.
    A panel appears indicating that the installation completed successfully. As part of a successful server installation, the following services are installed:
    • BCA-Networks Web server service
    • BCA-Networks Database server service
       The service binaries are installed in /etc/init.d and /etc/rc.* files.
  26. Finish and log file panel: Review the summary information. To view the installation log file click View Log. Otherwise click Next.
    The name of the log file is bcan_install_log.txt. The location of the file is /tmp.
  27. On the final page, click Done.

Deleting the embedded PostgreSQL password file

The embedded PostgreSQL password is stored in the pgpass.conf file located in the BCAN_HOME/tools directory. This is a protected file and stored in this location to allow for easier execution of the embedded PostgreSQL scripts (init_db.sh, query_db.sh, and so forth). When this file is present, the scripts do not prompt for a user name or password.

If security of the filesystem is a concern, then this file can be safely removed after the installation. In this case, the database scripts prompt for password information.

Where to go next

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*