Performing the management server installation on zCX

This topic describes how to install the management server on zCX.

Before you begin

See Preparing-to-install-the-management-server-on-zCX.

Related topic

Installing-the-management-server-on-zCX

Task 1: To unzip the installation file

Create the file system hierarchy by using the following commands: 

docker exec -it dummy sh
cd /root
unzip /root/model9-v4.0.1_build_4932dbf-server-s390x.zip

# Create the diag directory
mkdir diag

# Update the docker-entrypoint-initdb.d directory
cp conf/docker-entrypoint-initdb.d/* /docker-entrypoint-initdb.d

# Logout of Alpine container (CTRL+D)

Task 2: To copy the containers to the zCX instance

Copy the Docker containers from the Alpine Docker container by using the following commands: 

docker cp dummy:/root/model9-v4.0.1_build_4932dbf-s390x.docker ./
docker cp dummy:/root/postgres-16.1-alpine3.17-s390x.docker.gz ./

Task 3: To load the docker container to the zCX instance

Create the file system hierarchy by using the following commands: 

docker load -i model9-v4.0.1_build_4932dbf-s390x.docker
docker load -i postgres-16.1-alpine3.17-s390x.docker.gz

Task 4: To start the BMC AMI Cloud database container

  1. Create a Docker network bridge by using the following command: 

    docker network create -d bridge model9network

  2. Start the BMC AMI Cloud PostgreSQL database container by using the following command: 

    docker run --shm-size=256m -p 127.0.0.1:5432:5432 \
    -v model9db:/var/lib/postgresql/data:z \
    -v model9db_initdb:/docker-entrypoint-initdb.d:z \
    --name model9db --restart unless-stopped \
    --network model9network \
    -e POSTGRES_PASSWORD=model9 -e POSTGRES_DB=model9 -d s390x/postgres:16.1-alpine3.17

  3. Verify the health status of the container and that it is ready to accept connections by issuing the docker logs model9db command and verifying its output as shown in the example:  

    2023-10-06 06:15:27.770 UTC [48] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
    2023-10-06 06:15:27.777 UTC [49] LOG:  database system was shut down at 2023-10-06 06:15:27 UTC
    2023-10-06 06:15:27.782 UTC [48] LOG:  database system is ready to accept connections

Task 5: To update the BMC AMI Cloud management server parameters file

  1. Login to the Alpine container by using the following commands:

    docker exec -it dummy sh
    cd /root
    vi conf/model9-local.yml
    #Logout of Alpine container (CTRL+D)

  2. Update the default parameters in the model9-local.yml file.

    Click here to expand...

    The model9-local.yml file, which resides in $MODEL9_HOME/conf/, contains some default parameters, which you can update.

    model9.licenseKey: <license-key>

    model9.home: '${MODEL9_HOME}'

    model9.security.dataInFlight.skipAgentHostNameVerification: true

    model9.security.dataInFlight.truststore.fileName: '${MODEL9_HOME}/keys/model9-backup-truststore.jks'
    model9.security.dataInFlight.truststore.type: "JKS"
    model9.security.dataInFlight.truststore.password: "model9"
    model9.security.dataInFlight.keystore.fileName: '${MODEL9_HOME}/keys/model9-backup-server.p12'
    model9.security.dataInFlight.keystore.type: "PKCS12"
    model9.security.dataInFlight.keystore.password: "model9"

    model9.session.timeout.minutes: 30

    model9.master_agent.name: "<ip_address>"
    model9.master_agent.port: <port>

    # model9.objstore.resources.container.name: model9-data
    # model9.objstore.endpoint.api.id: s3
    model9.objstore.endpoint.url: https://<object_storage_dns_or_ip>:<object_storage_port>
    model9.objstore.endpoint.userid: <object store access key>
    model9.objstore.endpoint.password: <object store secret>
    model9.objstore.endpoint.password_encrypted: <false|true>

    model9.runlogs.expirationScanIntervalMinutes: <min>
    model9.runlogs.maxRetentionPeriodDays: <days>

    dataSource.user: postgres
    dataSource.password: model9

    model9.licenseKey

    (Required) Valid BMC AMI Cloud license key as obtained in Obtaining the license key

    When using multiple keys for multiple CPCs, specify one of the keys in the server’s yml file. The agent performs server-initiated actions by using its own defined license. The license key specified for the server is used to display a message about the upcoming license expiration.

    License key

    model9.session.timeout.minutes

    (Optional) Number of minutes following which an inactive UI session should end

    Default: 30

    model9.objstore

    (Optional) Container or bucket

    Default: model9-data

    (Optional) Object storage API name

    Default: s3

    Amazon AWS1: aws-s3

    Microsoft Azure: azureblob

    model9.objstore.endpoint.url

    (Required) URL address of local or remote object storage. Both HTTP and HTTPS are supported.

    Using HTTPS for the object storage URL parameter enables data-in-flight encryption.

    Default: none

    Amazon AWS1: https://s3.amazonaws.com

    Google Cloud Storage: https://storage.googleapis.com

    model9.objstore.endpoint.userid

    (Required) Access key to object storage

    Default: none

    model9.objstore.endpoint.password

    (Required) Secret key to object storage

    Default: none

    model9.objstore.endpoint.api.s3.calculatemd5

    (Optional) Enables MD5 checksum calculation to be included in put Object requests.

    This parameter is required for Object Lock enabled buckets.

    Accepted values: true|false

    Default: false

    model9.objstore.endpoint.api.s3.v4signatures

    (Optional) When using object storage that uses V4 signatures, set this parameter to true in addition to api.id: s3

    Accepted values: true|false

    Default: false

    Cohesity: true

    HCP-CS: true

    (Optional) When using the HTTPS protocol, determines whether to avoid SSL certificate verifications

    Accepted values: true|false

    Default: true

    model9.runlogs

    Warning

    The following parameters automatically trigger the deletion of run logs from the server. This deletion irrecoverable. The logs are not deleted if at least one of the parameters is set to -1.


    model9.runlogs.expirationScanIntervalsMinutes

    (Optional) Determines the frequency of deleting old run logs

    Default: -1 (never)


    model9.runlogs.maxRetentionPeriodDays

    (Optional) Determines after how many days a run log will expire and can be deleted by the automatic deletion process.

    Default: -1 (never)

    dataSource

    dataSource.user

    Database user name


    dataSource.password

    Database password


    dataSource.url

    Database URL


    Parameter

    Description

    Value

    1 When using Amazon S3, see AWS S3 security considerations. 

Task 6: To create a BMC AMI Cloud environmental variables file

BMC AMI Cloud management server loads its environmental variables from the model9.env file.

You can use this file for the following purposes:

  • Set simple (non-array) environment variables.
  • Simplify how you start the server.
  • Get a point of reference to the variables that the management server was started with.

  1. Create the model9.env file in the user's home directory and add the following parameters:

    TZ=America/New_York
    EXTRA_JVM_ARGS=-Xmx2048m

  2. When running policies with objects of more than 100K objects, update the heap size to Xmx8192m. 

    Important

    If the container is already up with a lower value, you can stop and remove the current container and use the docker run command above to start it again: 

    docker stop model9-v<v.r.m>
    docker rm model9-v<v.r.m>
  3. Edit the time zone (TZ) setting to ensure proper scheduling.
  4. Save the file.

If you make a change to any of the parameters in the environment variables file, stop and remove the server Docker container and issue the Docker run command again.

Task 7: To start the BMC AMI Cloud server

When the object storage is available and the PostgreSQL container is running, start the server by using the following commands, replacing <zCX-VIPA> with the zCX instance VIPA:

docker run -d -p <zCX-VIPA>:443:443 -p <zCX-VIPA>:80:80 \
--sysctl net.ipv4.tcp_keepalive_time=600 \
--sysctl net.ipv4.tcp_keepalive_intvl=30 \
--sysctl net.ipv4.tcp_keepalive_probes=10 \
-v model9:/model9:z -h $(hostname) --restart unless-stopped \
--env-file <user home directory>/model9.env \
--network model9network \
--name model9-v4.0.1 model9:v4.0.1.4932dbf

Important

By default, BMC AMI Cloud uses ports 80 and 443 for the management server. If these ports are not available for use or you want to use different ports, update the -p parameters to use different ports. For example, to use port 8080 and port 8443, update the parameters as follows:  

-p <zCX-VIPA>:8443:443 -p <zCX-VIPA>:8080:80

Managing containers

For more information about managing containers after installation, see Managing-containers.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*