(Click to open topic with navigation)

Installation > Installing the base RPMs

Installing the base RPMs

Because many system-level files and directories are accessed during the installation, the following instructions should be executed with root privileges.

You will see that the instructions below execute commands as the root user. Please note that the same commands will work for a non-root user with the sudo command.

The xCAT connector requires Nagios to report VM state information to Moab. Without this information, VM states are reported as "Unknown," which may affect VM migration policies. The Moab head node, which runs the Nagios resource manager, must run on the same network segment as xCAT. Instructions for installing and configuring the Nagios resource manager are contained later in this guide (see Installing and configuring Nagios).

To install the base RPMs

Before you begin the base installation, it is strongly recommended that you install NTP to make sure that management servers stay time-synched.

  1. Install and enable the Linux x64 RPM version of Oracle® Java® 7 Runtime Environment.

    2. Oracle Java 7 Runtime Environment is the recommended Java environment, but Java 6 is also supported. All other versions of Java, including OpenJDK/IcedTea, GNU Compiler for Java, and so on cannot run Moab Web Services.

    Do the following:

    1. Download the Linux x64 RPM version of Oracle Java SE 7 JRE. (Go to the Oracle Java 7 download page, copy the URL to the Linux x64 RPM version, then run the following command.)
      2. [root]# wget <URL> -O jre-7-linux-x64.rpm

      To verify that the download was successful, run the following on the RPM before installation:

      [root]# rpm -qip jre-7-linux-x64.rpm
    2. Run the following to install Java 7:
      3. [root]# rpm -Uh jre-7-linux-x64.rpm
  2. Untar the tarball.
    3. [root]# tar xzf <suite>-<version>.tgz
  3. Change directory into the extracted directory.
  4. Install the repository.
    5. [root]# ./install-rpm-repos.sh [<repository-directory>]

    For a description of the options of the repository installer script, run:

    # ./install-rpm-repos.sh -h

    The [<repository-directory>] option is the directory where you want to copy the RPMs. If no argument is given, [<repository-directory>] defaults to /opt/adaptive-rpm-repository/rpm. If the [<repository-directory>] already exists, RPMs will be added to the existing directory. No files are overwritten in [<repository-directory>]. A repository file is also created in /etc/yum.repos.d/ and points to the [<repository-directory>] location.

    For ease in repository maintenance, the install script fails if Adaptive Computing RPMs are copied to different directories. If a non-default [<repository-directory>] is specified, please use the same directory for future updates.

    The script installs the createrepo package and its dependencies. You must answer "y" to all the questions in order for the RPM install of the cloud suite to work. Additionally, the script installs the EPEL, xCAT, and 10gen repositories.

  5. Test the repository.
    6. [root]# yum search moab

    If no error is given, the repository is correctly installed. The output will look similar to the following:

    ...
moab-cloud-accounting-manager.x86_64 : Moab Accounting Manager for Moab HPC Suite
moab-cloud-optimizer-base.noarch : Moab Cloud Optimizer Base Packages
moab-cloud-optimizer-xcat-connector.noarch : Moab Cloud Optimizer for xCAT Connector
moab-perl-RRDs.noarch : Moab RRDs
moab-tomcat-config.x86_64 : Tomcat Configuration for Moab Viewpoint and Web Services
moab-verify-oracle-java.noarch : Java Validator for Moab Viewpoint and Web Services
moab-viewpoint.x86_64 : Moab Viewpoint
moab-web-services.x86_64 : Moab Web Services
moab-workload-manager-generic-libodbc.x86_64 : Moab Workload Manager
moab-workload-manager-generic-libodbc-client.x86_64 : Moab Workload Manager Client
moab-workload-manager-generic-libodbc-common.x86_64 : Moab Workload Manager Common Files
moab-perl-data.noarch : Perl Configuration for perl packages by Adaptive Computing
moab-web-services-xcat-configuration.x86_64 : MWS configuration for xCAT
moab-workload-manager-xcat-configuration.x86_64 : MWM configuration for xCAT
  6. Install the base package.
    7. [root]# yum install moab-cloud-optimizer-base

    If you encounter the following error (likely CentOS 5):

    ...
  --> Finished Dependency Resolution
krb5-workstation-1.6.1-62.el5.x86_64 from installed has depsolving problems
  --> Missing Dependency: krb5-libs = 1.6.1-62.el5 is needed by package krb5-workstation-1.6.1-62.el5.x86_64 (installed)
krb5-workstation-1.6.1-62.el5.x86_64 from installed has depsolving problems
  --> Missing Dependency: krb5-libs = 1.6.1-62.el5 is needed by package krb5-workstation-1.6.1-62.el5.x86_64 (installed)
Error: Missing Dependency: krb5-libs = 1.6.1-62.el5 is needed by package krb5-workstation-1.6.1-62.el5.x86_64 (installed)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest

    Install the krb5-workstation package, then execute the install suite package again.

    [root]# yum install krb5-workstation
[root]# yum install moab-cloud-optimizer-base
  7. Install MongoDB server and client packages.
    8. [root]# yum install mongo-10gen-server mongo-10gen
  8. Start the MongoDB service.
    9. [root]# service mongod start
[root]# chkconfig mongod on
  9. Verify that MongoDB started.

    10. Be aware that it can take some time for MongoDB to initialize.

    [root]# mongo
MongoDB shell version: 2.4.7
connecting to: test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
   http://docs.mongodb.org/
Questions? Try the support group
   http://groups.google.com/group/mongodb-user
> exit
  10. Secure the Moab and MWS databases in Mongo. Do the following:
    1. Add the required MongoDB users.
      2. [root]# mongo
use admin;
db.addUser("admin_user", "secret1");
      db.auth ("admin_user", "secret1");
use moab;
db.addUser("moab_user", "secret2");
db.addUser("mws_user", "secret3", true);
use mws;
db.addUser("mws_user", "secret3");

      Because the admin_user has read and write rights to the admin database, it also has read and write rights to all other databases. See Control Access to MongoDB Instances with Authentication for more information.

      The passwords used above (secret1, secret2, and secret3) are examples. Choose your own passwords for these users.

    2. Enable authentication in MongoDB.
      3. [root]# vi /etc/mongod.conf
...
auth = true
...
[root]# service mongod restart
    3. In the /opt/moab/etc/moab-private.cfg file, set the MONGOUSER and MONGOPASSWORD parameters to the MongoDB moab_user credentials you set in step a.
      4. MONGOUSER     moab_user
MONGOPASSWORD secret2
    4. In /opt/mws/etc/mws-config.groovy, add the grails.mongo.username and grails.mongo.password parameters to the MongoDB mws_user credentials you set in the step above.
      5. ...
grails.mongo.username = "mws_user"
grails.mongo.password = "secret3"
  11. Install your Moab license.
    12. [root]# cp <license file> /opt/moab/etc/moab.lic
  12. Start the Moab service.
    13. [root]# service moab start
[root]# chkconfig moab on
[root]# exec bash     ## This adds the suite directories to the $PATH environment
  13. Run mdiag -S to verify Moab is running and that it is able to connect to MongoDB.
    14. [root]# mdiag -S

Moab Workload Manager Version '7.5.0' License Information:
  Current License:  Max Procs   = xxxx
  Current License:  Valid Until - xxxx
  Current License:  Max VMs   = xxxx

Moab Server 'Moab' running on xxxx:42559  (Mode: NORMAL)
  Version: 7.5.0  (revision xxxx, changeset xxxx)
  Build date: xxxx
  Mongo connection (xxxx) is up (credentials are set)
  ZeroMQ connection is bound on port 5563 (encryption is on)

  NOTE:  using .moab.key for client authentication
  ...
  14. Configure an MWS connection to your LDAP server by adding the following parameters to the /opt/mws/etc/mws-config.groovy file:
    15. Parameter Description
    ldap.server Specify the hostname or IP address of the LDAP server.
    ldap.port Specify the port the LDAP server is listening on.
    ldap.baseDNs Specify a list of distinguished names that are the root entries for LDAP searches.
    ldap.bindUser Specify the distinguished name of the bind user.
    ldap.password Specify the password of the ldap.bindUser.
    ldap.directory.type

    Specify the type of LDAP directory (for example, "Microsoft Active Directory").

    The ldap.directory.type can have one of the following values:

    • "Microsoft Active Directory"
    • "OpenLDAP Using InetOrgPerson Schema"
    • "OpenLDAP Using NIS Schema"
    • "OpenLDAP Using Samba Schema"

    In these examples, you will see dc=acme,dc=com. "acme" is only used as an example to illustrate what you would use as your own domain controller if your domain name was "acme.com." You should replace any references to "acme" with your own organization's domain name.

    Here is a sample configuration for OpenLDAP:

    If you followed the Adaptive Computing tutorial, "Setting up OpenLDAP on CentOS 6," in the Viewpoint Management and User Guide, your ldap.directory.type should be set to "OpenLDAP Using InetOrgPerson Schema."

    ldap.server  = "192.168.0.5"
ldap.port = 389
ldap.baseDNs = ["dc=acme,dc=com"]
ldap.bindUser = "cn=Manager,dc=acme,dc=com"
ldap.password = "*****"
ldap.directory.type = "OpenLDAP Using InetOrgPerson Schema"

    Here is a sample configuration for Microsoft Active Directory:

    ldap.server  = "192.168.0.5"
ldap.port = 389
ldap.baseDNs = ["CN=Users,DC=acme,DC=com","OU=Europe,DC=acme,DC=com"]
ldap.bindUser = "cn=Administrator,cn=Users,DC=acme,DC=com"
ldap.password = "*****"
ldap.directory.type = "Microsoft Active Directory"

    To see how to configure a secure connection to the LDAP server, see "Connection to LDAP" in the Moab Web Services Reference Guide.

  15. (Recommended if you are using MWS as a resource manager [see "Moab Workload Manager resource manager integration" in the Moab Web Services Reference Guide]) Enable gzip compression in your Tomcat configuration.

    16. In the Tomcat server.xml file (for example, /etc/tomcat6/server.xml), add compression="on" and compressableMimeType="application/json" to the configuration. For example:

    <Connector port="8080" protocol="HTTP/1.1"
               compression="on"
               compressableMimeType="application/json"
               connectionTimeout="20000"
               redirectPort="8443" />

    Depending on your system size, you may also want to use the compressionMinSize or the noCompressionUserAgents configuration options to further customize compression. For more information, see the Tomcat compression documentation.

  16. Start or restart Tomcat.
    17. [root]# service tomcat6 restart
[root]# chkconfig tomcat6 on
  17. Using the table below, configure the firewall to allow connections to necessary ports.
    18. Service Port - protocol Notes
    ssh 22 - tcp Necessary for remote access/administration.
    moab 42559 - tcp Only necessary on the Moab node (if components are installed on separate nodes), and only if external clients (i.e. MWS, Moab CLI client, etc.) wish to connect. If all components are on one server, this is not necessary.
    mongo 27017:27019 - tcp Only necessary on the Mongo node (if components are installed on separate nodes), and only if external clients wish to connect. If all components are on one server, this is not necessary.
    mam 7112 - tcp Only necessary on the MAM node (if components are installed on separate nodes).
    tomcat (Viewpoint & MWS) 8080[,8443] - tcp

    Only necessary on the MWS/Viewpoint node (if components are installed on separate nodes).

    Port 8443 or 443 is required if SSL is enabled.

    zmq "private

    zmq "public"

    5563

    5564

    Port 5563 is necessary on the Moab node if MWS is on a separate server. MWS subscribes to this port on the Moab node.

    MWS publishes events on ZMQ on port 5564. This port is only necessary on the MWS node (if components are installed on separate nodes), and only if external clients wish to subscribe. If all components are on one server, this is not necessary.

    Below is a sample script for basic firewall configuration. Be sure to work with your network/security administrator for more advanced security configurations.

    The following script will overwrite existing firewall rules and policies. It is provided as an example only and should be used with caution.

    This script has been tested with iptables v1.4.7.

    #!/bin/sh
##
# Flush (remove) all current rules from iptables
##
iptables -F

##
# Set default policies for INPUT, FORWARD and OUTPUT chains
##
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

##
# Allow access for localhost
##
iptables -A INPUT -i lo -j ACCEPT

##
# Accept packets belonging to established and related connections
##
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

##
# Accept <protocol> packets on destination <port>
##
# ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# viewpoint and mws
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
# Uncomment if using SSL
#iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

# moab
# Uncomment if a Moab client is making requests from another server
#iptables -A INPUT -p tcp --dport 42559 -j ACCEPT

# mongo
# Uncomment if a Mongo client is making requests from another server
#iptables -A INPUT -p tcp -m multiport --dports 27017:27019 -j ACCEPT
     
    # mam 
    # Uncomment if the MAM server is running on this node and MAM clients will be making requests from another server
    #iptables -A INPUT -p tcp --dport 7112 -j ACCEPT
    
# zmq "private"
# Uncomment on the Moab server only if MWS is on a separate server
#iptables -A INPUT -p tcp --dport 5563 -j ACCEPT

# zmq "public"
# Uncomment if a zmq client is listening from another server
#iptables -A INPUT -p tcp --dport 5564 -j ACCEPT

##
# Save settings
##
/sbin/service iptables save

##
# List updated rules
##
iptables -L -v
  18. Direct your browser to your Viewpoint URL (for example: http://[hostname or ip address]:8080/moab) to verify that Viewpoint is running.
  19. Log in to Viewpoint with the default super user username and password (moab-admin/changeme!).

    20. The Viewpoint Configuration page displays.

  20. Do the following:
    1. Set the Moab Web Services connection. (For more information, see "Setting the MWS configuration" in the Viewpoint Management and User Guide.)
    2. Authenticate the LDAP connection by specifying the bind user password. (For more information, see "Setting the LDAP configuration" in the Viewpoint Management and User Guide.)
    3. Change the super user password. (For more information, see "Changing the super user password" in the Viewpoint Management and User Guide.)
    4. Check the MWS Diagnostics to verify that the MWS connections are active. (For more information, see "Fields: MWS Diagnostics" in the Viewpoint Management and User Guide.)
  21. (Optional) Install the Moab Accounting Manager component.
    22. [root]# yum install moab-cloud-accounting-manager

    Even though the step above installs Moab Accounting Manager, you will still need to configure it after installing and configuring the xCAT connector (see Configuring Moab Accounting Manager).

Congratulations! You have successfully installed the base RPMs.

If you are integrating Moab Cloud Suite with xCAT, proceed to Configuring Moab Cloud Suite for xCAT.

If you want to enable quoting in Viewpoint, see Configuring Moab Cloud Suite for quoting.