4.2 Installing and Configuring CIS Server with Cluster Services

4.2.1 Prerequisites

The following prerequisites must be taken care for NCS:

4.2.2 Using CIS in Cluster Environment

IMPORTANT:Before proceeding, ensure that you have met all the prerequisites specified in Section 2.0, Planning Your Implementation.

  1. From the boot menu, select Installation and press enter, then continue with the installation as desired until you get to the Installation Settings page.

    For detailed instructions, see Installing OES 2018 as a New Installation in the OES 2018: Installation Guide.

  2. On the Installation Settings page, click Software to open the Software Selection and System Tasks page.

  3. Under Open Enterprise Server, select Cloud Integrated Storage (CIS) and continue with the installation process, but do not configure Cloud Integrated Storage when you reach the Micro Focus Open Enterprise Server Configuration page. You configure it later.

    IMPORTANT:

  4. After you install Cloud Integrated Storage, use YaST > Open Enterprise Server > OES Install and Configuration to go to Software Selection page and click Accept.

  5. On Micro Focus Open Enterprise Server Configuration page, click Cloud Integrated Storage (CIS) and specify the following details:

    • ZooKeeper URI: Specify the ZooKeeper URI in IP:Port or Hostname:Port format. Ensure that the hostname provided is resolvable. By default, the ZooKeeper port is 2181. For example, 192.168.0.1:2181 or acme.com:2181. You can also specify a custom port to connect to ZooKeeper.

    • Server Certificate file path: Specify the path of the server certificate file (.pem format) issued by the eDirectory CA. The default file path is /etc/ssl/servercerts/servercert.pem.

    • Server Key file path: Specify the path of the key file associated with the server certificate. The key file should be in .pem format. The default file path is /etc/ssl/servercerts/serverkey.pem.

    • CA Certificate file path: Specify the path of eDirectory Certificate Authority (CA) file in .pem format. CA is a trusted entity that issues digital signatures to verify the identity for secure communication. The default file path is /etc/opt/novell/certs/SSCert.pem.

  6. Click Next and then specify the following details:

    • Directory Server URI: Specify the LDAP URI of a eDirectory server that the CIS server will communicate to. The URI should be in IP:Port or Hostname:Port format. Ensure that the hostname provided is resolvable. By default, the LDAP port is 636. For example, 192.168.0.1:636 or acme.com:636. You can also specify a custom port to connect to Directory server.

    • CIS admin name with context: Specify the LDAP distinguished name (DN) of the user who can administer the CIS server. For example, cn=admin,o=acme.

    • Admin Password: Specify the password for the CIS administrator.

    • Server Context: Specify the LDAP distinguished name (DN) of the container object under which the NCP server objects of the OES server reside that can connect to the CIS server. The OES server includes the agents that connect to the CIS server. The CIS admin user must have supervisory rights on this server context.

    • Gateway Server Address: Specify the virtual IP address of the cluster resource where the CIS server is part of. If DNS name is provided, ensure that it is the same DNS name configured in CIS certificate. For example, the default eDirectory generated certificates contains the DNS name in <hostname>.labs.wdc.acme.com format, so ensure that the same DNS name is provided. For more information on the DNS name configured in certificate, see Creating Certificates for CIS.

    • Cluster Enable: As the CIS gateway server address configured is part of a cluster resource, select this check box. By default, this option is disabled.

  7. Click Next and then specify the following details:

    • Database URI: Specify the MariaDB URI in IP:Port or Hostname:Port format. Ensure that the hostname provided is resolvable. By default, the MariaDB port is 3306. For example, 192.168.0.1:3306 or acme.com:3306. You can also specify a custom port to connect to MariaDB.

      If only IP address is provided without port, it automatically takes the default MariaDB port.

      NOTE:If database is configured in your local, ensure to provide the actual database server IP address instead of localhost or 127.0.0.1.

    • Database User Name and Database Password: Specify the MariaDB user name and password.

    • Elasticsearch URI: Specify the Elasticsearch URI in IP:Port or Hostname:Port format. Ensure that the hostname provided is resolvable. By default, the Elasticsearch port is 9400. For example, 192.168.0.1:9400 or acme.com:9400. You can also specify a custom port to connect to Elasticsearch.

      If only IP address is provided without port, it automatically takes the default Elasticsearch port.

      NOTE:If Elasticsearch is configured in your local, ensure to provide the actual Elasticsearch server IP address instead of localhost or 127.0.0.1.

    • Use Secure Mode: Enables or disables secure communication. By default, this option is enabled.

    • Kafka URI: Specify the Kafka URI in IP:Port or Hostname:Port format. Ensure that the hostname provided is resolvable. By default, the Kafka port is 9092. For example, 192.168.0.1:9092 or acme.com:9092. You can also specify a custom port to connect to Kafka.

      If only IP address is provided without port, it automatically takes the default Kafka port.

      NOTE:If Kafka is configured in your local, ensure to provide the actual Kafka server IP address instead of localhost or 127.0.0.1.

    • Use Secure Mode: Enables or disables secure communication. By default, this option is enabled.

  8. Click Next.

  9. From 2nd node onwards, provide ZooKeeper URI and the remaining CIS configuration is pre-populated in YaST screen with the details configured in cluster node 1. Verify the details and continue with CIS configuration.

  10. Configure CIS server with Novell Cluster Service using CIS_Template in iManager.

    IMPORTANT:CIS is installed and configured identically on the cluster servers where all the YaST configuration is obtained from the centralized ZooKeeper in the network. Therefore, CIS does not require shared storage to run with Novell Cluster Services.

    The CIS_Template simplifies the process of creating a CIS cluster resource.

    1. Start your Internet browser and enter the URL for iManager.

      The URL is https://server_ip_address/nps/iManager.html. Replace server_ip_address with the IP address or DNS name of a server in the cluster.

    2. Enter your username and password.

    3. In Roles and Tasks, select Clusters > My Clusters.

      The list is initially empty.

    4. Click Add to open the eDirectory browser pop-up window.

    5. Browse the tree where you are currently logged in to locate and select a Cluster object, then click OK.

      Newly selected cluster is added to your personalized list.

    6. Click the cluster object and select the Cluster Options tab to access the templates.

    7. Click the New link.

    8. Specify Resource as the resource type you want to create by clicking the Resource radio button, then click Next.

    9. In Cluster Resource Name, specify the name of the resource you want to create.

    10. In Inherit from Template, browse to the Cluster object and select the existing resource template (CIS_Template) in the Cluster container.

    11. Ensure that the Define Additional Properties check box is selected, then click Next to continue to the Load Script page.

    12. Edit the load script for your specific configuration.

      The default load script is:

      #!/bin/bash
      . /opt/novell/ncs/lib/ncsfuncs
      
      # define the IP address
      RESOURCE_IP=a.b.c.d
      
      # add the IP address
      exit_on_error add_secondary_ipaddress $RESOURCE_IP
      
      # start the services
      exit_on_error /usr/bin/systemctl start oes-cis-auth.service
      exit_on_error /usr/bin/systemctl start oes-cis-data.service
      exit_on_error /usr/bin/systemctl start oes-cis-metadata.service
      exit_on_error /usr/bin/systemctl start oes-cis-policy.service
      exit_on_error /usr/bin/systemctl start oes-cis-mgmt.service
      exit_on_error /usr/bin/systemctl start oes-cis-aggregator.service
      exit_on_error /usr/bin/systemctl start oes-cis-collector.service
      exit_on_error /usr/bin/systemctl start oes-cis-repaggregator.service
      exit_on_error /usr/bin/systemctl start oes-cis-repcollector.service
      exit_on_error /usr/bin/systemctl start oes-cis-gateway.service
      
      # wait before checking their status
      sleep 5
      
      # check the services
      exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
      
      # restart firewall if its running
      systemctl status SuSEfirewall2.service
      if [ $? -eq 0 ]; then
          ignore_error systemctl restart SuSEfirewall2.service
      fi
      
      # return status
      exit 0

      IMPORTANT:For RESOURCE_IP=a.b.c.d, enter the Gateway Server resource IP provided during the CIS configuration.

    13. Click Next to continue to the Unload Script page.

    14. Edit the unload script for your specific configuration.

      The default unload script is:

      #!/bin/bash
      . /opt/novell/ncs/lib/ncsfuncs
      
      # define the IP address
      RESOURCE_IP=a.b.c.d
      
      # request services stop
      ignore_error /usr/bin/systemctl stop oes-cis-auth.service
      ignore_error /usr/bin/systemctl stop oes-cis-data.service
      ignore_error /usr/bin/systemctl stop oes-cis-metadata.service
      ignore_error /usr/bin/systemctl stop oes-cis-policy.service
      ignore_error /usr/bin/systemctl stop oes-cis-mgmt.service
      ignore_error /usr/bin/systemctl stop oes-cis-aggregator.service
      ignore_error /usr/bin/systemctl stop oes-cis-collector.service
      ignore_error /usr/bin/systemctl stop oes-cis-repaggregator.service
      ignore_error /usr/bin/systemctl stop oes-cis-repcollector.service
      ignore_error /usr/bin/systemctl stop oes-cis-gateway.service
      
      # del the IP address
      ignore_error del_secondary_ipaddress $RESOURCE_IP
      
      # return status
      exit 0

      IMPORTANT:For RESOURCE_IP=a.b.c.d, enter the gateway server resource IP provided during the CIS configuration.

    15. Click Next to continue to the Monitor Script page.

    16. Edit the monitor script for your specific configuration.

      The default monitor script is:

      #!/bin/bash
      . /opt/novell/ncs/lib/ncsfuncs
      
      # define the IP address
      RESOURCE_IP=a.b.c.d
      
      # check the IP address
      exit_on_error status_secondary_ipaddress $RESOURCE_IP
      
      # check the services
      exit_on_error /usr/bin/systemctl is-active oes-cis-auth.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-data.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-metadata.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-policy.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-mgmt.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-aggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-collector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repaggregator.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-repcollector.service
      exit_on_error /usr/bin/systemctl is-active oes-cis-gateway.service
      
      # return status
      exit 0

      IMPORTANT:For RESOURCE_IP=a.b.c.d, enter the gateway server resource IP provided during the CIS configuration.

    17. Click Next to continue to the Resource Policies page, then click Next.

    18. On the Resource Preferred Nodes page, specify the node assignments for the resource, then click Finish.

      The resource you created is saved to the Cluster container of the cluster you selected.

    19. Go to Cluster Manager tab to view the state of resource created. The Cluster state will be Offline.

    20. Select the check box next to the resource you created, then click Online.

    21. Select the cluster node where you want the resource to load, then click OK.

    For more information on cluster configuration, see OES 2018: Novell Cluster Services for Linux Administration Guide.

  11. Verify the CIS server configuration by entering the following command:

    docker ps

    The command lists all the docker images running.

  12. Verify the status of CIS services. The CIS includes the following microservices:

    oes-cis-auth.service

    oes-cis-data.service

    oes-cis-metadata.service

    oes-cis-policy.service

    oes-cis-mgmt.service

    oes-cis-aggregator.service

    oes-cis-collector.service

    oes-cis-repaggregator.service

    oes-cis-repcollector.service

    oes-cis-gateway.service

    For example:

    blr7-user1:~ # systemctl status oes-cis-data.service
    ● oes-cis-data.service - Micro Focus OES CIS server's Data service
       Loaded: loaded (/usr/lib/systemd/system/oes-cis-data.service; enabled; vendor preset: disabled)
       Active: active (running) since Thu 2017-06-15 14:14:30 IST; 1 day 4h ago
         Docs: https://www.microfocus.com/products/open-enterprise-server/
     Main PID: 29307 (docker)
        Tasks: 7 (limit: 512)
       Memory: 4.5M
          CPU: 118ms
       CGroup: /system.slice/oes-cis-data.service
               └─29307 /usr/bin/docker run --expose=5000 -v /etc/opt/novell/cis/certs:/certs -e LOGLEVEL=debug -e DATA_THREADS=10 -e DB_USER=roo...
    
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"DATA","level":"debug","msg":"ValidateBucketNa...
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"DATA","level":"debug","msg":"ValidateBucketNa...
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"DATA","level":"debug","msg":"ValidateBucketNa...
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"THREADPOOL","level":"debug","msg":"dat...9246Z"}
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"REST","level":"debug","msg":"http status=200(...
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"REST","level":"debug","msg":"getContext: r=0x...
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"REST","level":"debug","msg":"POST\t/api/v1/da...
    Jun 16 12:56:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"REST","level":"debug","msg":"net/http.(Handle...
    Jun 16 12:57:26 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"THREADPOOL","level":"debug","msg":"PendingQMa...
    Jun 16 12:57:56 blr7-user1 docker[29307]: {"Cname":"CTS-Data","Hname":"b4dcfb012af0","Mname":"THREADPOOL","level":"debug","msg":"dat...7065Z"}
    Hint: Some lines were ellipsized, use -l to show in full.

    Similarly, verify the status of other microservices.