Novell Doc: Novell ZENworks Orchestrator 1.3 Installation and Getting Started Guide - Installing and Configuring ZENworks Orchestrator Components

4.2 Installing and Configuring ZENworks Orchestrator Components

The ZENworks Orchestrator Server (Orchestrator Server) is supported on SUSE® Linux Enterprise Server 10 Service Pack 1 (SLES 10 SP1) or Service Pack 2 (SLES 10 SP2) only. You should install the ZENworks Orchestrator Server on a dedicated server for optimal performance.

After you install and configure the components you want from ZENworks Orchestrator, there are other basic tasks you need to perform to make the Orchestrator system perform at a basic level. Those tasks are documented in Section 5.0, First Use of Basic ZENworks Orchestrator Components.

IMPORTANT:For this guide, the installation of the Orchestrator Server, the Virtual Machine (VM) Warehouse and Builder, and the ZENworks Monitoring Server are all shown. The Virtual Machine Management components are purchased under a separate license, but for the purpose of this guide, the same installation is used for all.

These components (if licensed and selected during the installation) can be installed on the same machine where the Orchestrator Server is installed. However, for better scale and performance we recommend that you install the VM Warehouse and VM Builder together on a separate machine, and the VM Builder must be installed on Dom₀boxes where Xen exits. The Monitoring Server can be installed on any server as it runs independently of the other components. For more information, see Section 3.1, Orchestrator Server Requirements.

Also, the VM Builder cannot be installed on a VM and must only be installed on the host operating system of the VM Builder node. Multiple servers with VM host capability can be used as VM Builder machines to make the VM Builder group.

This section includes the following information:

4.2.1 Installation and Configuration Steps

To install and configure a typical ZENworks Orchestrator system:

Review Section 3.0, Planning the Installation to verify that the device where you want to install the Orchestrator Server software fulfills the necessary requirements.
Download the appropriate ZENworks Orchestrator Server ISO (32-bit or 64-bit) to an accessible network location.
(Optional) Create a DVD ISO (32-bit or 64-bit) that you can take with you to the machine where you want to install it.
Install ZENworks Orchestrator software:
1. Log in to the target SLES 10 SP1 or SP2 server as root, then open YaST2.
2. In the YaST Control Center, click > Software, then click Add-on Product to display the Add-on Product Media dialog box.
3. In the Add-on Product Media dialog box, select the ISO media (Local Directory or DVD) to install.
  1. (Conditional) Select DVD, click Next, insert the DVD, then click Continue.
  2. (Conditional) Select Local Directory, click Next, select the ISO Image check box, browse to ISO on the file system, then click OK.
4. Read and accept the license agreement, then click Next to display YaST2.
5. In YaST2, click the Filter drop-down menu, then select Patterns to display the install patterns available on the ZENworks Orchestrator ISO.
6. Select the ZENworks Orchestrator installation patterns that you want to install:
  - ZENworks Orchestrator Server: This pattern is the gateway between enterprise applications and resource servers. The Orchestrator Server manages computing nodes (resources) and the jobs that are submitted from applications to run on these resources.
  - ZENworks Virtual Machine Warehouse: Stores VM images and image data, versions the images, designates the gold master VM image, and checks out and in the VM images.
    
    For better scale and performance, we recommend that you install this pattern to a different server than where the Orchestrator Server is installed.
    
    NOTE:If you are installing the VM Warehouse and the VM Builder on a machine separate from the Orchestrator Server, make sure you install and configure the Orchestrator component first, as described in Step 5 through Step 7, then complete Step 9 to set up VM Management with an NFS Share.
    
    If the VM Management packages are installed on the same machine as the Orchestrator Server, no share needs to be created.
  - ZENworks Monitoring Server: Uses open source Ganglia monitoring of the performance of certain data on network resources in a user-defined time period.
    
    This pattern can be installed on a server where any other ZENworks Orchestrator pattern is installed, or on a server by itself.
  - ZENworks Orchestrator Agent: This pattern is installed on all computing resources that are to be managed. It runs applications under the management of the Orchestrator Server and reports its status to the Orchestrator Server.
  - ZENworks Orchestrator Clients: Installing this patter lets the administrator of a computing resource administrator troubleshoot, initiate, change, or shut down server functions for ZENworks Orchestrator and its computing resources. For information about the tools included in this pattern, see ZENworks Orchestrator Clients:.
  - ZENworks Virtual Machine Builder: This pattern is an agent that builds the VM images as the jobs are sent to it by the Orchestrator Server. The Xen hypervisor must exist on the server where this pattern is installed.
    
    We recommend for better scale and performance that this pattern be installed to a different server than where the Orchestrator Server is installed. Also, it must be installed on the same server where the VM Warehouse pattern is installed.
    
    NOTE:If you are installing the VM Warehouse and the VM Builder on a machine separate from the Orchestrator Server, make sure you install and configure the Orchestrator component first, as described in Step 5 through Step 7, then complete Step 9 to set up VM Management with an NFS Share.
    
    If the VM Management packages are installed on the same machine as the Orchestrator Server, no share needs to be created.
  - ZENworks Monitoring Agent: This pattern is installed with any installation of the Orchestrator Server, and it installs the Ganglia Agent on each monitored node, which collects performance metrics and sends the data to the ZENworks Monitoring Server.
  Refer to the information in Section A.0, ZENworks Orchestrator Components: Install Patterns for more detail about these patterns.
  
  If you choose not to install the ZENworks Orchestrator Agent or the ZENworks Orchestrator Clients on some machines using this method now, you can install them later by using installers that are accessible from a hosted Web page from the ZENworks Orchestrator Server or you can repeat this process by downloading the ISO to the machine where you want to install the agent or clients. For more information, see Section 4.3, Independent Installation of the Agent and Clients.
7. Click Accept to install the packages.
Configure the ZENworks Orchestrator components that you have installed. You can use one of two information gathering methods to perform the configuration:
- The Orchestrator product configuration script. If you use this method, continue with Step 5.a.
- The GUI Configuration Wizard. If you use this method, skip to Step 5.b.
HINT:Although the text-based configuration process detects which RPM patterns are installed, the GUI Configuration Wizard requires that you specify which components are to be configured.
1. (Optional) Run the Orchestrator product configuration script.
  1. Make sure you are logged in as root to run the configuration script.
  2. Run the script, as follows:
    /opt/novell/zenworks/orch/bin/config
    
    When the script runs, the following information is initially displayed:
    Welcome to Novell ZENworks Orchestrator. This program will configure Novell ZENworks Orchestrator 1.3 Select whether this is a new install or an upgrade i) install u) upgrade - - - - - - Selection [install]:
  3. Determine whether this is a new installation or an upgrade.
    
    This section discusses standard installation, so specify i (for install) or press Enter to accept the default. For more information about upgrade, see the Novell ZENworks Orchestrator 1.3 Upgrade Guide.
    
    When you make the selection, the following information is displayed:
    Select products to configure # selected Item 1) yes ZENworks Monitoring Service 2) yes ZENworks Orchestrator Server 3) yes ZENworks Orchestrator Agent 4) yes ZENworks Orchestrator VM Builder 5) yes ZENworks Orchestrator VM Warehouse Select from the following: 1 - 5) toggle selection status a) all n) none f) finished making selections q) quit -- exit the program
  4. Determine which installed products you want to configure. The options are listed with option numbers.
    
    Select or deselect an option by typing its number to toggle its selection status, or type a and press Enter to select all of them.
    
    When you have selected the products you want to configure, type f and press Enter to finish the selection and begin the configuration
    
    For information to help you complete the configuration interview, see Section 4.2.2, ZENworks Orchestrator Configuration Information
    
    When the you have finished answering questions in the configuration interview, continue with Step 6.
2. (Optional) Run the GUI Configuration Wizard.
  1. Run the script for the ZENworks Orchestrator Configuration Wizard as follows:
    /opt/novell/zenworks/orch/bin/guiconfig
    
    The GUI Configuration Wizard launches.
    
    IMPORTANT:If you only have a keyboard to navigate through the pages of the GUI Configuration Wizard, use the Tab key to shift the focus to a control you want to use (for example, a Next button), then press the space bar to activate that control.
  2. Click Next to display the license agreement.
  3. Accept the agreement, then click Next to display the ZENworks Orchestrator components page.
    
    This section discusses new installation. For more information about upgrade, see Novell ZENworks Orchestrator 1.3 Upgrade Guide.
  4. Select New Installation, then click Next to display the ZENworks Orchestrator components page.
    
    The components page lists the ZENworks Orchestrator components that are available for configuration (already installed). By default, all installed components are selected for configuration.
  5. Click Next to confirm the components you want to install and to display the High Availability Configuration page of the wizard.
    
    or
    
    Deselect any ZENworks Orchestrator components that you do not want to configure, then click Next to display the High Availability Configuration page of the wizard.
  6. Click Next on the succeeding pages and provide information for the wizard to be used the configuration process. As the configuration interview in the wizard proceeds, refer to the information in Table 4-1, Orchestrator Configuration Information for details about the configuration data that you need to provide. The GUI Configuration Wizard uses this information to build a response file that is consumed by the setup program inside the GUI Configuration Wizard.
    
    When you have finished answering the configuration questions in the wizard, the ZENworks Orchestrator Configuration Summary page is displayed.
    
    IMPORTANT:Although this page of the wizard lets you navigate using the Tab key and spacebar, you need to use the Shift+Tab combination to navigate past the summary list. Click Back if you accidentally enter the summary list and re-enter the page to navigate to the control buttons.
    
    By default, the Configure now check box on this page is selected. If you accept the default of having it selected, the wizard starts ZENworks Orchestrator and applies the configuration settings. If you deselect the check box, the wizard writes out the configuration file to /etc/opt/novell/novell_zenworks_orch_install.conf without starting Orchestrator or applying the configuration settings.
    
    NOTE:You can use this .conf file to start the Orchestrator server or client and apply the settings either manually or with an installation script. Use the following command to run the configuration:
    
    /opt/novell/zenworks/orch/bin/config -rs
  7. Click Next to display the following wizard page.
  8. Click Next to launch the configuration script. When the configuration is finished, the following page is displayed:
  9. Click Finish to close the configuration wizard.
    
    IMPORTANT:When the installation and configuration are complete, you need to register the resources to be managed by the ZENworks Orchestrator system. Please refer to Section 5.0, First Use of Basic ZENworks Orchestrator Components for detailed information about getting resources to manage in the ZENworks Orchestrator system.
Open the configuration log file (/var/opt/novell/novell_zenworks_orch_install.log) to make sure that the components were correctly configured.

You might want to change the configuration if you change your mind about some of the parameters you provided in the configuration process. For information about what to do in these circumstances, see Section 4.2.3, Correcting Configuration Errors and Repeating the Configuration Process.
Access the ZENworks Orchestrator Administrator Information Page to verify that the Orchestrator Server is installed and running. Use the following URL to open the page in a Web browser:

http://DNS_name_or_IP_address_of_Orchestrator_Server:8001

The Administrator Information page includes links to separate installation programs (installers) for the ZENworks Orchestrator Agent (Orchestrator Agent) and the ZENworks Orchestrator Clients (Orchestrator Clients). The installers are used for various operating systems.

IMPORTANT:Currently, most of the installers listed on this page have not been fully tested, and are therefore not currently supported by Novell.This includes the RPM agent installer without JRE ( novell-zenworks-zos-agent-1.3.0-33604.i586.rpm) which is not labeled as being unsupported.
(Conditional and Optional) If you installed the ZENworks Orchestrator Clients, you can increase the heap size that the JVM handles. This enables the console to manage a larger number of objects.
1. Open the zoc bash shell script at /opt/novell/zenworks/zos/server/bin.
  
  NOTE:On Microsoft Windows, the path to the console is files\novell\zos\clients\bin\zoc.bat. For more information, see Section 4.3, Independent Installation of the Agent and Clients.
2. Inside the script, find the following line where the JVM parameters are defined:
```
JVMARGS="-Xmx256m -Xms256m -Xmn64m -XX:NewSize=64m -XX:MaxNewSize=64m"
```
  The -Xmx argument specifies the maximum heap size for the JVM. Increasing the heap size prevents a JVM out of memory condition.
3. Change the value in the -Xmx argument from 256MB to 512MB.
(Conditional) If you installed ZENworks Virtual Machine Management (VM Builder and VM Warehouse Server) on a machine other than the one where you installed the ZENworks Orchestrator Server, you need to set up an NFS Share between the Orchestrator Server and the VM Management Server.

NOTE:Execute this part of the procedure only after the Orchestrator packages are installed and you have run the configuration script or the GUI Configuration Wizard.
1. At the command line of the machine where the ZENworks Orchestrator Server is installed, run the following commands to create the directories required for the NFS Share to work:
  
  mkdir /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse/
  
  mkdir /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse/import
  
  mkdir /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse/export
2. Start the NFS Server on each node in the cluster where the Orchestrator Server is installed.
  1. At the command line, run the following command:
    yast2 nfs_server
    
    The NFS Server Configuration utility is displayed.
  2. In the NFS Server Configuration utility, select Start, deselect Enable NFSv4, then click Next to display the Directories to Export page.
  3. On the Directories to Export page, click Add Directory, add /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse/export as the directory path, then click OK to display a browser popup box.
  4. In the popup box, browse to the /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse/export directory, then click OK to display the Directories to Export page with an overlaid configuration popup box.
  5. In the popup box, fill in the fields:
    
    Host Wild Card: Enter the IP address of the VM Warehouse Server.
    
    Options: Edit the options string so that it appears as rw,sync,no_root_squash
  6. Click Finish to save the configuration and start the NFS Server.
3. Mount the VM Warehouse share located inside the cluster using one of the following two methods:
  1. (Method 1) On the command line of the VM Warehouse/Builder Server, run the following command:
    
    yast2 nfs add spec="<ip address of zos server>:/var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse" file="/var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse"
  2. (Method 2) On the command line of the VM Warehouse/Builder Server, run the following command:
    
    yast2 nfs
    
    This command displays the NFS Client Configuration utility.
  3. In the NFS Client Configuration utility, click Add to open a dialog box you can use to specify the share information.
  4. In the dialog box, fill in the fields:
    
    NFS Server Hostname: Enter the IP Address of the ZENworks Orchestrator Server and the shared directory you created, for example:
    
    192.168.1.255
    
    Remote File System: Enter the name of the remote file system (that is, the shared directory) you created:
    
    /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse
    
    Mount Point: Enter the local mount point:
    
    /var/opt/novell/zenworks/zos/server/dataGrid/files/warehouse
  5. Click OK, then click Finish.

4.2.2 ZENworks Orchestrator Configuration Information

The following table includes information about the information required by the ZENworks Orchestrator configuration (config) and the configuration wizard (guiconfig). The information is organized in this way to make it readily available if you want to evaluate the entire product. The information is listed in the order that it is presented in the configuration file.

Table 4-1 Orchestrator Configuration Information

Configuration Information	Explanation
ZENworks Monitoring	If you installed the ZENworks Monitoring Server and the ZENworks Monitoring Agent, the following questions are asked during the configuration process. Monitored or Monitoring: You can configure this host to be the Monitoring Server or a monitored node. Configure this host as the Monitoring Server? (y/n) Default value = yes (if the ZENworks Monitoring Server is installed on this machine) This question always appears if you installed the Monitoring Server component. Because the configuration already knows that ZENworks Monitoring is installed, you are choosing whether the machine being installed to is to be the controlling node for monitoring. Hostname of Monitoring Server: Specify the hostname or IP address of the ZENworks Monitoring Server. Default value = none This question appears if you did not install the Monitoring Server on this machine. It is the name or IP address of the server (also known as the controlling node) where the Monitoring Agent will send its metrics. Location: Enter a name describing this monitored computer’s location. Default value = name_of_this_computer This question always appears if you specify this computer as a monitored node (that is, you answer no when asked if this machine is to be the Monitoring Server). The descriptive name you create here appears in the Monitoring user interface as the name of the device. Monitoring user: Create a user for ZENworks Monitoring. Default = none This question always appears if you specify this host as the Monitoring Server. The name you create here is used to authenticate to the Monitoring Service. You should record this username for future use. Monitoring User password: Specify the password for <Monitoring user>: Default = none The password you create here is used to authenticate to the Monitoring Service. You should remember this password for future use.
Type of Configuration	Select whether this is a standard or high-availability server configuration. Default value = standard Your answer here determines whether this is a standard installation or a High Availability installation. This section discusses standard installation, so specify s (for standard) or press Enter to accept the default. For more information about High Availability configuration, see the Novell ZENworks Orchestrator 1.3 High Availability Configuration Guide.
Orchestrator Server	Because the ZENworks Orchestrator Server must always be installed for a full Orchestrator system, the following questions are always asked when you have installed server patterns prior to the configuration process: ZENworks Orchestrator Administrator user: Create an Administrator user for ZENworks Orchestrator. Default = none The name you create here is required when you access the ZENworks Orchestrator Console or the zosadmin command line interface. You should remember this username for future use. ZENworks Orchestrator Administrator password: Specify the password for <Administrator user> Default = none This password you create here is required when you access the ZENworks Orchestrator Console or the zosadmin command line interface. You should remember this password for future use. ZENworks Orchestrator grid name: Select a name for the Orchestrator grid. Default = hostname_grid A grid is an administrative domain container holding all of the objects in your network or data center. The Orchestrator monitors and manages these objects, including users, resources, and jobs. The grid name you create here is displayed as the name for the container placed at the root of the tree in the Explorer panel of the Orchestrator console. Audit Database: Do you want to install the audit database? Default = no If you answer yes to this question, the configuration creates an audit database and a simple schema that persists all of the jobs (and the parameters for them) and maintains every login/logout user event in that database. The audit database can be configured only on a server where a PostgreSQL^* relational database has been installed. For more information, see Section 4.2.4, Installing and Configuring the ZENworks Orchestrator for Use with a PostgreSQL Audit Database on a Different Host or Section 4.2.5, Installing and Configuring the ZENworks Orchestrator for Use with a Local PostgreSQL Audit Database. License file: Specify the full path to the license file. Default = none A license key is required to use this product. You should have received this key from Novell, then you should have subsequently copied it to the network location that you specify here. Be sure to include the name of the license file in the path. A Novell license key for ZENworks Orchestrator High Performance Computing (HPC) differs from the Novell license key for ZENworks Orchestrator Virtual Machine Management. If you purchased the Orchestrator HPC license and provide it here, none of the Orchestrator VM Management functionality will be visible or available. If you purchase the ZENworks Orchestrator Virtual Machine Management license, HPC functionality is also visible and available.
Orchestrator Server (continued)	User Portal¹: Specify the User Portal port. Default = 8080 (if ZENworks Monitoring is installed) or 80 (if ZENworks Monitoring is not installed). Because Apache uses port 80 for ZENworks Monitoring, it forwards non-monitoring requests to the Orchestrator Server on the port you specify here. Administrator Information port¹: Specify the Administrator Information page port. Default = 8001 Port 8001 on the ZENworks Server provides access to an Administrator Information page that includes links to product documentation, agent and client installers, and product tools to help you understand and use the product. Specify another port number if 8001 is reserved for another use on this server. Agent Port¹: Specify the Agent port. Default = 8100 Port 8100 is used for communication between the Orchestrator Server and the Orchestrator Agent. Specify another port number if 8100 is reserved for another use. TLS Certificate and Key¹: Generate a TLS certificate and key? Specify the full path to the TLS server certificate. Specify the full path to the TLS server private key. Default = yes (the Orchestrator Server must generate a certificate and key for authentication) A PEM-encoded TLS certificate and key is needed for secure communication between the Orchestrator Server and Orchestrator Agent. If you respond with no, you need to provide the location of an existing certificate and key. TLS Server Certificate²: Specify the full path to the TLS server certificate. Default = /etc/ssl/servercerts/servercert.pem Specify the path to the existing TLS certificate. TLS Server Key²: Specify the full path to the TLS server private key. Default = /etc/ssl/servercerts/serverkey.pem Specify the path to the existing TLS private key. Xen VNC password: Set the password that will be used for VNC on Xen virtualization hosts. You will need this password when logging into virtual machines using VNC.
Orchestrator Agent	You can install and configure the Orchestrator Agent on any computing node. It is not necessary to install it on the same machine with the Orchestrator Server. If you installed the Orchestrator Agent, the following questions are asked in the configuration process. Agent Name: Specify the name of the ZOS Agent on this node. Default = none The name you create here is used by the Orchestrator Agent to authenticate to the Orchestrator Server. IMPORTANT:When the VM Warehouse is installed on a machine, the name of the Orchestrator Agent on that machine must match the machine's host name. ZOS Server: Specify the hostname or IP address of the ZOS Server. Default = none Specify the DNS name or IP address of the Orchestrator Server that this agent will bind to. ZOS Server Certificate³: Do you want to provide an existing ZOS Server certificate? Default = no In configuring the Orchestrator Server, you either entered a PEM-encoded TLS certificate and key, or the system generated them. If you answer no, the agent always trusts the server certificate. The certificate is downloaded from the Orchestrator Server to the Orchestrator Agent the first time the agent connects. If you answer yes, the agent uses the certificate to verify that it is communicating with the correct server. Virtual Machine³: Is the host for the agent a Virtual Machine? Default = no This setting helps the Orchestrator system to know how to treat this host. Agent Port³: Specify the Agent port. Default = 8100 Port 8100 is used for communication between the Orchestrator Server and the Orchestrator Agent. Specify another port number if 8100 is reserved for another use. Agent IP Address: Specify the Agent IP address. Default = none This value is on the advanced page for the Orchestrator Agent settings. Orchestrator Server Certificate File⁴: Specify the path to the Orchestrator Server certificate file. Default = /root/zos_server_cert.pem
VM Builder	If you installed the ZENworks Virtual Machine Builder, the following questions are asked in the configuration process. ZOS Orchestrator Administrator user: Specify the name of the ZENworks Orchestrator Administrator user. Default = none This is the name of the Administrator user you previously created when you configured the Orchestrator Server. See Orchestrator Server. If you supplied this name when configuring the Orchestrator Server, this question is not displayed. VM Manager Proxy user: Create a proxy ZOS user to be used by VM Builder. Default = none This proxy user represents the VM Builder as it communicates with the Orchestrator Server. This name is also used for the VM Warehouse, if you have installed it. The configuration script does not ask you for it again. VM Manager Proxy user password: Create a proxy ZOS user password to be used by VM Builder. Default = none This proxy user password authenticates the VM Builder as it communicates with the Orchestrator Server. This password is also used for the VM Warehouse, if you have installed it. The configuration script does not ask you for it again.
VM Warehouse	If you installed the ZENworks Virtual Machine Warehouse, the following questions are asked in the configuration process. VM Manager Proxy user: Create a proxy ZOS user to be used by VM Warehouse. Default = none This proxy user represents the VM Warehouse as it communicates with the Orchestrator Server. IMPORTANT:If you install the Orchestrator Agent, the Orchestrator Server, and the VM Warehouse on the same machine, you must be certain that the agent and the warehouse have the same object name as the Orchestrator Server. This name is also used for the VM Builder, if you have installed it. The configuration script does not ask you for it again. VM Manager Proxy user password: Create a proxy ZOS user password to be used by VM Warehouse. Default = none This proxy user password authenticates the VM Warehouse as it communicates with the Orchestrator Server. This password is also used for the VM Builder, if you have installed it. The configuration script does not ask you for it again.
Configuration Summary	When you have completed the configuration process, you have the option of viewing a summary of the configuration information. View summary: Do you want to view summary information? Default = yes Answering yes to this question displays a list of all the Orchestrator components you have configured and the information with which they will be configured. Answering no to this question starts the configuration program. Configuration information change: Do you want to make changes? Default = no Answering yes to this question restarts the configuration process so that you can make changes to the configuration information. Answering no to this question starts the configuration program.

¹ This configuration parameter is considered an advanced setting for the Orchestrator Server in the ZENworks Orchestrator Configuration Wizard. If you select the Configure Advanced Settings check box in the wizard, the setting is configured with normal defaults. Leaving the check box deselected lets you have the option of changing the default value.

² This configuration parameter is considered an advanced setting for the Orchestrator Server in the ZENworks Orchestrator Configuration Wizard. If you select the Configure Advanced Settings check box in the wizard, this parameter is listed, but default values are provided only if the previous value is manually set to no.

3 This configuration parameter is considered an advanced setting for the Orchestrator Agent in the ZENworks Orchestrator Configuration Wizard. If you select the Configure Advanced Settings check box in the wizard, the setting is configured with normal defaults. Leaving the check box deselected lets you have the option of changing the default value.

4 This configuration parameter is considered an advanced setting for the Orchestrator Agent in the ZENworks Orchestrator Configuration Wizard, but only if you set Provide Existing Orchestrator Server Certificate to yes.

4.2.3 Correcting Configuration Errors and Repeating the Configuration Process

If you want to reconfigure the components of the ZENworks Orchestrator system that you previously installed and configured, you can rerun the configuration script or the GUI Configuration Wizard and change your responses during the configuration process.

4.2.4 Installing and Configuring the ZENworks Orchestrator for Use with a PostgreSQL Audit Database on a Different Host

When you install ZENworks Orchestrator, you can optionally point it to a relational database that you can use to audit the work done by the product. There is no relational database management system bundled with the product, but because ZENworks Orchestrator is supported by default on SLES 10 SP1 or SP2, you can use a PostgreSQL database and configure it for use with Orchestrator auditing. If you want to use some other database, you have to configure it separately for use with Orchestrator. This section includes the following information:

Installing the PostgreSQL Package and Dependencies on an Independent Host

When you enable and configure ZENworks Orchestrator auditing, you create a small custom database and a simple schema that persists all of the Orchestrator jobs that have been run, along with their parameters.The database also maintains the login or logout activity of the Orchestrator users and resources.

NOTE:We recommend that you install the PostgreSQL packages on a SLES 10 SP1 or SP2 server that is different from the server where you install the ZENworks Orchestrator Server. This ensures an adequate amount of space for running the server as the database is used.

For High Availability Orchestrator Server configurations, you need to install the database outside of the High Availability cluster.

If you want to run the database on the same host with ZENworks Orchestrator, see Section 4.2.5, Installing and Configuring the ZENworks Orchestrator for Use with a Local PostgreSQL Audit Database.

If the SLES 10 SP1 or SP2 machine does not have PostgreSQL packages installed and running, use YaST to search for postgresql-server, then install the package and its dependencies.

yast2 -i postgresql-server

When PostgreSQL is installed, you need to create the default database and start it. Use the following commands:

su - postgres

initdb

pg_ctl start

These commands create or update the PostgreSQL privilege database and installs the prepared tables. For more detail about what you will see when you run these commands, see Detail.

NOTE:You cannot run the pg_ctl command as root. You must first change to the superuser for PostgreSQL (su - postgres). Failure to issue this command first results as follows:


# pg_ctl start
pg_ctl: cannot be run as root
Please log in (using, e.g., "su") as the (unprivileged) user that will
own the server process.

Detail

postgres> initdb
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale en_US.UTF-8.
The default database encoding has accordingly been set to UTF8.

creating directory /var/lib/pgsql/data ... ok
creating directory /var/lib/pgsql/data/global ... ok
creating directory /var/lib/pgsql/data/pg_xlog ... ok
creating directory /var/lib/pgsql/data/pg_xlog/archive_status ... ok
creating directory /var/lib/pgsql/data/pg_clog ... ok
creating directory /var/lib/pgsql/data/pg_subtrans ... ok
creating directory /var/lib/pgsql/data/pg_twophase ... ok
creating directory /var/lib/pgsql/data/pg_multixact/members ... ok
creating directory /var/lib/pgsql/data/pg_multixact/offsets ... ok
creating directory /var/lib/pgsql/data/base ... ok
creating directory /var/lib/pgsql/data/base/1 ... ok
creating directory /var/lib/pgsql/data/pg_tblspc ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 1000
creating configuration files ... ok
creating template1 database in /var/lib/pgsql/data/base/1 ... ok
initializing pg_authid ... ok
enabling unlimited row size for system tables ... ok
initializing dependencies ... ok
creating system views ... ok
loading pg_description ... ok
creating conversions ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.

Success. You can now start the database server using:

    postmaster -D /var/lib/pgsql/data
or
    pg_ctl -D /var/lib/pgsql/data -l logfile start

postgres> postmaster -i

Configuring PostgreSQL to Accept Remote Database Connections

To configure the PostgreSQL database to accept remote database connections, you need to add the following line to the /var/lib/pgsql/data/pg_hba.conf file:

host    all      all         0.0.0.0/0      trust

NOTE:After initial configuration, you can replace the 0.0.0.0/0 with a more restrictive mask. In a high availability server configuration, make sure that each host in the high availability cluster is enabled as a remote host.

After you make the change to the pg_hba.conf file, you need to specify the following command so that you do not receive an error when remote hosts try to connect:

pg_ctl restart

If pg_hba.conf is not configured when attempting to connect, an error similar to the following is displayed:


psql: FATAL:  no pg_hba.conf entry for host "164.99.15.64", user "postgres", database "postgres", SSL off

For remote database access, you need to edit the listen_addresses section of the /var/lib/pgsql/data/postgresql.conf file. This enables the database server to listen for incoming connections on the specified IP addresses.

Edit this section of the file:


listen_addresses = 'localhost'
                    # what IP address(es) to listen on;
                    # comma-separated list of addresses;
                    # defaults to 'localhost', '*' = all

Your edit should look like this:


listen_addresses = '*'
                    # what IP address(es) to listen on;
                    # comma-separated list of addresses;
                    # defaults to 'localhost', '*' = all

NOTE:You might have to unremark the listen_addresses line in the file (that is, remove the pound sign ( # ) preceding the listen_address line).

Save the postgresql.conf file and then specify the following command:

pg_ctl restart

IMPORTANT:Restarting the PostgreSQL server is mandatory; the new address does not take effect without it.

Logging in Locally to the PostgreSQL Database

When you have installed the database, the next step is to check that you can connect to the database on the database host. The default admin username is postgres. Use the following commands to set up a password for the postgres user on the database host machine:

psql

NOTE:Remember the password. You will need it to log in later to log in to the database.

Running this command results in a screen like this:

Welcome to psql 8.1.11, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

postgres=# alter user postgres password 'pass';
ALTER ROLE
postgres=#

Creating an Orchestrator User for the PostgreSQL Database

Next, set up a PostgreSQL user to own the audit database schema before you running the server configuration script or the GUI Configuration Wizard.

On the database host machine, use the following commands to log in as root at the database host machine:

su - postgres

psql
At the psql prompt on the database host, use the following command to create a user specific to the ZENworks Orchestrator Server host:

create username password password;

Where you supply the username and password.
Enter the \q command at the psql prompt to exit the database.

Configuring the Orchestrator Audit Database on a Separate Host

The easiest way to configure the audit database is to do so when you configure the ZENworks Orchestrator Server. Use the following procedure to configure the database.

NOTE:Although the interview questions presented in the config script are shown here, the questions presented in the graphical Configuration Wizard are similar.

After you have installed the ZENworks Orchestrator packages you want, run the configuration (either the config script or the graphical Configuration Wizard) until you see the following question:
```
Enable Auditing (y/n) [no]:
```
Enter yes to answer this question. The following question displays:
```
Configure Audit DB (y/n) [no]:
```
Enter yes to answer this question. the following question displays:
```
Jdbc URL [jdbc:postgresql://localhost/]:
```
Enter the URL of the server where PostgreSQL is running, then press Enter.
```
jdbc:postgresql://IP_address_of_database_server/
```
NOTE:This is a standard JDBC URL because this server is Java and uses JDBC for the interface database. The URL must be properly formed, with a slash and without a database name at the end. We do not recommend using “localhost” as the URL.

The following prompt is displayed:
```
DB Admin Username:
```
Specify the PostgreSQL database administrator username, then press Enter.

This is the same username that was created when PostgreSQL was installed. In most instances, the username is postgres.

The following prompt is displayed:
```
DB Admin Password:
```
Specify the PostgreSQL database administrator password, then press Enter.

The following prompt is displayed:
```
Retype password:
```
Retype the database administrator password to verify it, then press Enter. The following prompt is displayed:
```
ZOS Audit Database Name [zos_db]:
```
Specify the name of the database you want to create for ZENworks Orchestrator auditing, then press Enter. The following prompt is displayed:
```
Audit DB Username:
```
Specify the name you want to use for the PostgreSQL database user that will be used by ZENworks Orchestrator for auditing (that is, a user with Read and Write privileges, not the administrator), then press Enter. The following prompt is displayed:
```
Audit DB Password:
```
Specify the password you want to use for authentication by the designated PostgreSQL database user, then press Enter. The following prompt is displayed:
```
Retype password:
```
Retype the password, then press Enter.

After you retype the new audit database password, the configuration interview for the Orchestrator Server continues normally.

4.2.5 Installing and Configuring the ZENworks Orchestrator for Use with a Local PostgreSQL Audit Database

Installing the PostgreSQL Package and Dependencies

NOTE:We recommend that you install the PostgreSQL package on a SLES 10 SP1 or SP2 server that is different from the server where you install the ZENworks Orchestrator Server. This ensures an adequate amount of space for running the server as the database is used.

For more information, see Section 4.2.4, Installing and Configuring the ZENworks Orchestrator for Use with a PostgreSQL Audit Database on a Different Host.

If your SLES 10 SP1 or SP2 machine does not have PostgreSQL package installed and running, use YaST to search for postgresql-server, then install the package and its dependencies.

You can also run the following command from the bash prompt: