Performing the management server installation on Linux

This topic describes how to install the management server on Linux.

Before you begin

See Preparing-to-install-the-management-server-on-Linux.


Related topics

Installing-the-management-server-on-Linux

Task 1: To unzip the installation file

Create the file system hierarchy by using the following commands: 

# Change user to root
sudo su -
# Define the path to model9 installation files you uploaded earlier
export M9INSTALL=/<path>
# If you haven’t done so already, set the model9 target installation path
export MODEL9_HOME=/data/model9
# Change the directory to $MODEL9_HOME
cd $MODEL9_HOME

# Create the diag directory
mkdir diag

# Unzip the server’s installation file

# On Linux issue:  
unzip $M9INSTALL/model9-v2.7.0_build_caf1b68-server.zip
# On Linux on z issue:  
unzip $M9INSTALL/model9-v2.7.0_build_caf1b68-server.zip

#Define docker to podman alias if using podman as the container platform
alias docker=podman

#When using sudo define sudo alias that will resolve other aliases
alias sudo='sudo '

Important

Verify that the $MODEL9_HOME/diag directory exists.

Task 2: To deploy the management server components

Deploy the management server components by using the following commands: 

# On Linux issue:
docker load -i $MODEL9_HOME/model9-v2.7.0_build_caf1b68.docker
docker load -i $MODEL9_HOME/postgres-14.5-x86.docker.gz

# On Linux on z issue:
docker load -i $MODEL9_HOME/model9-v2.7.0_build_caf1b68-s390x.docker
docker load -i $MODEL9_HOME/postgres-14.5-s390x.docker.gz

Task 3: To replace the default self-signed certificate

Important

This task is optional.

The base installation provides a self-signed certificate for encrypting access to the user interface. To replace the default certificate for the web UI, see Securing web browser communication.

Communications between the BMC AMI Cloud Server and the BMC AMI Cloud Agent are encrypted by default. Further action should only be taken if site certificates are preferred.

Task 4: To obfuscate the object storage credentials

Important

This task is optional.

To prevent the object storage secret key appearing in clear text within the configuration files, you can obfuscate it.

The obfuscation utility resides in the $MODEL9_HOME/Utilities directory.

To run the utility, issue the following command:

$MODEL9_HOME/Utilities/model9-obfuscator.sh <object storage secret key>

The script's outcome is an obfuscated version of the object storage secret key. For example:

[root@rhel73 Utilities]# ./model9-obfuscator.sh objstoresecret
/model9/Utilities/model9-credential-encryptor  model9-obfuscator.sh
15:24:59.677 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - *******************************************************************************
15:24:59.679 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - * Model9 Credential Encryptor                                                 *
15:24:59.679 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - * Website: https://www.model9.io                                              *
15:24:59.679 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - * Contact: support@model9.io                                                  *
15:24:59.679 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - * 2016-2021 (c) Model9 Software                                               *
15:24:59.679 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - *******************************************************************************
15:24:59.702 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - Encrypting...
15:24:59.785 INFO  [i.m.c.Model9CredentialEncryptorEntryPoint-main] - Encrypted: rNEiN6QZB+OrmDMZBSXYX4F0OlrtWBSbhEJAfU6LfwCPGrW7HsRMZw5599guVIs5

Use the obfuscated key when setting the object storage password for the server and agents. If using the obfuscated secret, add the following setting to the server's configuration file:

model9.objstore.endpoint.password_encrypted: true

Task 5: To update the management server parameters file

Update the default parameters in the model9-local.yml file, which resides in the $MODEL9_HOME/conf/ directory.

Click here to see the parameters...

The model9-local.yml contains some default parameters, which you can update.

model9.licenseKey: <license-key>

model9.home: '${MODEL9_HOME}'

model9.security.dataInFlight.skipAgentHostNameVerification: true

model9.security.dataInFlight.truststore.fileName: '${MODEL9_HOME}/keys/model9-backup-truststore.jks'
model9.security.dataInFlight.truststore.type: "JKS"
model9.security.dataInFlight.truststore.password: "model9"
model9.security.dataInFlight.keystore.fileName: '${MODEL9_HOME}/keys/model9-backup-server.p12'
model9.security.dataInFlight.keystore.type: "PKCS12"
model9.security.dataInFlight.keystore.password: "model9"

model9.session.timeout.minutes: 30

model9.master_agent.name: "<ip_address_or_DNS>"
model9.master_agent.port: <port>

# model9.objstore.resources.container.name: model9-data
# model9.objstore.endpoint.api.id: s3  
model9.objstore.endpoint.url: https://<object_storage_dns_or_ip>:<object_storage_port>
model9.objstore.endpoint.userid: <object store access key>
model9.objstore.endpoint.password: <object store secret>
model9.objstore.endpoint.password_encrypted: <false|true>

model9.runlogs.expirationScanIntervalMinutes: <min>
model9.runlogs.maxRetentionPeriodDays: <days>

model9.parallelism.tapeMounts.numberOfThreads: 3

dataSource.user: postgres
dataSource.password: model9
dataSource.url: jdbc:postgresql://model9db:5432/model9

Parameter

Description

Value

model9.licenseKey

(Required) Valid BMC AMI Cloud license key as obtained in Obtaining the license key

When using multiple keys for multiple CPCs, specify one of the keys in the server’s yml file. The agent performs server-initiated actions by using its own defined license. The license key specified for the server is used to display a message about the upcoming license expiration.

License key

model9.session.timeout.minutes

(Optional) Number of minutes following which an inactive UI session should end

Default: 30

model9.objstore

model9.objstore.resources.container.name

(Optional) Container or bucket

Default: model9-data

model9.objstore.endpoint.api.id

(Optional) Object storage API name

Default: s3

Amazon AWS1: aws-s3

Microsoft Azure: azureblob

model9.objstore.endpoint.url

(Required) URL address of local or remote object storage. Both HTTP and HTTPS are supported.

Using HTTPS for the object storage URL parameter enables data-in-flight encryption.

Default: none

Amazon AWS1: https://s3.amazonaws.com

Google Cloud Storage: https://storage.googleapis.com

model9.objstore.endpoint.userid

(Required) Access key to object storage

Default: none

model9.objstore.endpoint.password

(Required) Secret key to object storage

Default: none

model9.objstore.endpoint.password_encrypted

(Optional) Determines whether the object storage password is obfuscated

Default: false

model9.objstore.endpoint.api.s3.calculatemd5

(Optional) Enables MD5 checksum calculation to be included in put Object requests.

This parameter is required for Object Lock enabled buckets.

Accepted values: true|false

Default: false

model9.objstore.endpoint.api.s3.v4signatures

(Optional) When using object storage that uses V4 signatures, set this parameter to true in addition to api.id: s3

Accepted values: true|false

Default: false

Cohesity: true

HCP-CS: true

model9.objstore.endpoint.no.verify.ssl

(Optional) When using the HTTPS protocol, determines whether to avoid SSL certificate verifications

Accepted values: true|false

Default: true

model9.parallelism

model9.parallelism.indirectsExpiration.numberOfThreads

(Optional) Allows configuring the size of the thread pool, which handles the expiration of indirect datasets during Full Dump expiration.

1

model9.parallelism.tapeMounts.numberOfThreads

(Optional) Determines the number of parallel tape mounts per policy

Default: 3

model9.runlogs

Warning

The following parameters automatically trigger the deletion of run logs from the server. This deletion irrecoverable. The logs are not deleted if at least one of the parameters is set to -1.

model9.runlogs.expirationScanIntervalsMinutes

(Optional) Determines the frequency of deleting old run logs

Default: -1 (never)

model9.runlogs.maxRetentionPeriodDays

(Optional) Determines after how many days a run log will expire and can be deleted by the automatic deletion process.

Default: -1 (never)

dataSource

dataSource.user

Database user name


dataSource.password

Database password


dataSource.url

Database URL


1 When using Amazon S3, see AWS S3 security considerations. 

Task 6: To create a BMC AMI Cloud environmental variables file

BMC AMI Cloud management server loads its environmental variables from the model9.env file, which you must create in the $MODEL9_HOME/conf directory.

You can use this file for the following purposes:

  • Set simple (non-array) environment variables.
  • Simplify how you start the server.
  • Get a point of reference to the variables that the management server was started with.
  1. Create the model9.env file in the $MODEL9_HOME/conf directory:

    1. When using Linux on intel, use the following parameters:

      TZ=America/New_York
      EXTRA_JVM_ARGS=-Xmx2048m

    2. When using Linux on IBM Z, use the following parameters:

      TZ=America/New_York
      CATALINA_OPTS=-Xmx2048m

  2. When running policies with objects of more than 100K objects, update the heap size to Xmx8192m. 

    Important

    If the container is already up with a lower value, you can stop and remove the current container and use the docker run command above to start it again: 

    docker stop model9-vx.y.z
    docker rm model9-vx.y.z
  3. Edit the time zone (TZ) setting to ensure proper scheduling.
  4. Save the file.

If you make a change to any of the parameters in the environment variables file, stop and remove the server Docker container and issue the Docker run command again.

Task 7: To start the BMC AMI Cloud management server

  1. Create a Docker network bridge by using the following command: 

    docker network create -d bridge model9network

  2. Start the BMC AMI Cloud PostgreSQL database container by using the following command: 

    # On Linux issue:
    docker run -p 127.0.0.1:5432:5432 \
    -v $MODEL9_HOME/db/data:/var/lib/postgresql/data:z \
    -v $MODEL9_HOME/conf/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:z \
    --name model9db --restart unless-stopped \
    --network model9network \
    -e POSTGRES_PASSWORD=model9 -e POSTGRES_DB=model9 -d postgres:14.5

    # On Linux on z issue:
    docker run -p 127.0.0.1:5432:5432 \
     -v $MODEL9_HOME/db/data:/var/lib/postgresql/data:z \
    -v $MODEL9_HOME/conf/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:z \
    --name model9db --restart unless-stopped \
    --network model9network \
    -e POSTGRES_PASSWORD=model9 -e POSTGRES_DB=model9 -d s390x/postgres:14.5

  3. Verify the health status of the container and that it is ready to accept connections by issuing the docker logs model9db command and verifying its output as shown in the example: 

    2023-10-06 06:15:27.770 UTC [48] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
    2023-10-06 06:15:27.777 UTC [49] LOG:  database system was shut down at 2023-10-06 06:15:27 UTC
    2023-10-06 06:15:27.782 UTC [48] LOG:  database system is ready to accept connections
  4. Start the server.

  5. When the object storage is available and the PostgreSQL container is running, start the server again by using the following command: 

    # On Linux issue:
    docker run -d -p 0.0.0.0:443:443 -p 0.0.0.0:80:80 \
    --sysctl net.ipv4.tcp_keepalive_time=600 \
    --sysctl net.ipv4.tcp_keepalive_intvl=30 \
    --sysctl net.ipv4.tcp_keepalive_probes=10 \
    -v $MODEL9_HOME:/model9:z -h $(hostname) --restart unless-stopped \
    --env-file $MODEL9_HOME/conf/model9.env \
    --network model9network \  
    --name model9-v2.7.0 model9:v2.7.0.caf1b68

    # On Linux on z issue:
    docker run -d -p 0.0.0.0:443:443 -p 0.0.0.0:80:80 \
    --sysctl net.ipv4.tcp_keepalive_time=600 \
    --sysctl net.ipv4.tcp_keepalive_intvl=30 \
    --sysctl net.ipv4.tcp_keepalive_probes=10 \
    -v $MODEL9_HOME:/model9:z -h $(hostname) --restart unless-stopped \
    --env-file $MODEL9_HOME/conf/model9.env \
    --network model9network \
    --name model9-v2.7.0 model9:v2.7.0.caf1b68

  6. View the PostgreSQL and BMC AMI Cloud Server logs by using the following commands: 

      # Dump logs to screen
    cat /data/model9/logs/model9.*.log
    docker logs model9db
    # Dump logs to screen and keep displaying new log messages as they arrive
    tail -f /data/model9/logs/model9.*.log
    docker logs -f model9db

  7. View the container’s logs by using the tail command to verify that the BMC AMI Cloud container has started up successfully. For example: 

    2020-09-29 01:56:44,719 [main] INFO zosbackupserver.ApdplicationLoader - The following profiles are active: production  
    2020-09-29 01:56:45,873 [main] INFO  zosbackupserver.Application - Loading external configuration from /model9/conf/model9-local.yml  
    2020-09-29 01:57:08,860 [main] INFO  z.l.AddProjectionsToAllLiveArchivesAndDeleteExpired - Using container: model9-ci  
    2020-09-29 01:57:09,929 [main] INFO  z.l.AddProjectionsToAllLiveArchivesAndDeleteExpired - Migration complete. Created 0 expiration projections. Deleted 0 archive versions  
    2020-09-29 01:57:09,937 [main] INFO  z.l.BlobRepositoryChangeDashMetadataKeysToUnderscore - Using container: model9-ci  
    2020-09-29 01:57:10,165 [main] INFO  i.m.b.c.o.BucketValidator - Object store connectivity has been established successfully  
    2020-09-29 01:57:10,413 [main] INFO  zosbackupserver.BootStrap - Model9 Version: v2.7.0 Build caf1b68 Started
    2020-09-29 01:57:13,799 [main] INFO  zosbackupserver.ApplicationLoader - Started ApplicationLoader in 30.488 seconds (JVM running for 39.514)[1]

The installation is complete.

To stop, start, or restart the server

Run the following commands:

docker stop|start|restart model9-v2.7.0
docker stop|start|restart model9db

To display the server’s resource consumption

Run the the following commands: 

docker stats model9-v2.7.0
docker stats model9db

To display the containers’ health status

Run the following command and, if necessary, check the relevant logs:

docker ps -a

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*