Eyeglass Isilon Edition Quick Start Guide for Eyeglass Centos RHEL install

Eyeglass Isilon Edition Quick Start Guide for Eyeglass Centos /RHEL install

 



Read Me First

This installer option requires a purchased RPM install licence key, a trial key option is available.  The OS key is required to use this installer option in production.  This is not part of enterprise keys and excluded from maintenance contracts.

 

This license key allows customers to build their own appliance.    Email sales@superna.net for a assistance with ordering.

Eyeglass Quick Start

Use this document to get your new Eyeglass installation up and running fast with all the best options.

For planning DR and understanding design choices with Eyeglass use the Eyeglass Start Here First Guide

System Requirements

Operating System:

  • CentOS Version 7.3- 7.4

  • Red Hat Enterprise Linux Version 7.3-74

  • NOTE:  The OS itself is not covered under the support contract.   The installation of the software

Appliance requirements:

  • 4 vCPU

  • 8 GB RAM if large number of objects shares, quota,exports > than 10000 use 16G

*Note requires shutting down the VM and editing RAM and restart)

  • 80 GB disk

  • Chrome Browser (preferred), Browser must support Websockets, Internet Explorer not supported. ,

  • Eyeglass Port Requirements: Eyeglass-Ports-Requirements

Support limitations

  1. The Operating system maintenance of patches and updates is customer responsibility

  2. Installation of the Linux Eyeglass installer combines application software and tested and supported dependencies including the following:

    1. Sudoer configuration

    2. Lighttpd

    3. Apache Tomcat

  3. Support statement: This yum package manager will not be allowed to upgrade these components unless forced overwrite option is used. The application versions installed by the Eyeglass dependency rpm is version controlled and is the supported version.  Customers that want to update these packages own the risk  of breaking application functionality.  Support of versions other than the provided version is excluded from support contract coverage.  Customers will be asked to downgrade the version if application functionality is impacted by the customer forced override  of a supported package version.

  4. See Appendix A for a controlled list of files set as owned by Eyeglass RPM dependencies and how to force update the affected applications.

 

 

Supported OneFS releases

Please refer to the Release Notes for the Eyeglass Isilon Edition version that you are installing.

Feature Release Compatibility

Please refer to the Release Notes for the Eyeglass Isilon Edition version that you are installing.

Eyeglass Scalability Limits

Please refer to the Eyeglass Admin Guide Scalability limits.

New Eyeglass Installation

If you are doing a new Eyeglass installation, continue following steps in this document.

Download Eyeglass

Request download Eyeglass  RHEL/CENTOS from Superna web site Latest Appliance Code Download

 

 

Deploy the virtual machine with Centos 7.0-7.2 - RHEL 7.0-7.2

Eyeglass is delivered as RPM installer and has dependencies that must be installed

  • Subnet and network required so that appliance will have IP connectivity to the Isilon clusters that it is managing and the users that are using it

  • IP address for the appliance

  • Gateway

  • DNS server

  • RPM package dependencies required before installation:

nodejs, shellinabox, syslog-ng, lighttpd, protobuf-python, tomcat, net-tools, nfs-utils, python-setuptools, zip , unzip and epel-release

The rhel-7-server-optional-rpms repository will have to be enabled for Red Hat Enterprise Linux 7 installations.  Additionally the epel-release package will have to be manually added.  Be sure to follow the detailed instructions below for procedure.

IMPORTANT:

If you are using a hostname or FQDN for the target cluster in your SyncIQ policies, the DNS information entered here must be able to resolve it back to a discovered cluster ip address (should resolve to a synciq smartconnect zone ip pool ip address) in order for Eyeglass to perform configuration replication.  Eyeglass will not create the associated configuration replication job. If the hostname or FQDN cannot be resolved.

 

Steps to Install

Appliance Deployment steps :

Step 1 : Install Centos or RHEL VM as per above requirements

Step 2 : Download RHEL/Centos RPM installer file:

Step 3 : Login as root.

Step 4 : SCP install file to VM.

Step 5 : chmod 755 install-file-name

Step 6: Edit the file /etc/sysconfig/selinux and set up the  "SELINUX=permissive" parameter, after reboot the vm.

Step 7: Install dependencies.

  1. If you have RHEL 7.0-7.2, you must enable the “Red Hat Enterprise Linux 7 Server - Optional (RPMs)” repository by executing the following command:

subscription-manager repos --enable rhel-7-server-optional-rpms

 

  1. Enable the Extra Packages for Enterprise Linux repository:

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

yum install ./epel-release-latest-7.noarch.rpm

 

  1. All supported versions should now complete dependency install:

yum install nodejs shellinabox syslog-ng lighttpd protobuf-python tomcat net-tools nfs-utils python-setuptools zip unzip

 

Note:

The syslog-ng has a conflict with rsyslog, you need to remove the rsyslog package to be able install syslog-ng package by executing the following command:

yum remove rsyslog

 

 

 

Step 8: ./install-file-name

Step 9: verify output to verify installation completes without error, dependency checks will fail and indicate which packages are not installed

Step 10: Check services are running correctly

  • Systemctl status sca

  • Systemctl status -l scadb

  • Systemctl status shellinaboxd

  • Systemctl status tomcat

  • Systemctl status lighttpd

Step 11:  Send install log file in same directory as install file to http://support.superna.net if installation fails, by opening a support case and attaching file to the case

Step 12: Eyeglass appliance sudoers file needs to be updated with this information:

 

Vi sudo configuration file

 

sca ALL=(ALL) NOPASSWD: /opt/bin/yum, /opt/superna/bin/kill_packagekit.sh, /opt/superna/sbin/*, /usr/bin/systemctl restart syslog

 

 

Eyeglass Initial Configuration

Your Eyeglass  initial configuration steps are:

  1. Login to the Eyeglass UI

  2. Install License

  3. Create Eyeglass service account first for each Isilon cluster with minimum permissions (if not done configure Clusters in Eyeglass using root user)

  4. Add Clusters ()

Login to the Eyeglass UI

To login to the Eyeglass web UI, enter the following URL into your browser (Chrome preferred) replacing <Eyeglass IP address> with the real IP address assigned to the appliance:

 

https://<Eyeglass IP address>

 

You have 2 options for login authentication:

 

Local - Select Auth Type “Local” and use the admin user and password configured on the appliance

Default user/password:   admin / 3y3gl4ss

 

Isilon Cluster - Select Auth Type “Isilon Cluster” and enter IP address of an Isilon that Eyeglass has network connectivity with and a valid user and password configured for that Isilon Cluster and minimum privileges as documented here: http://documentation.superna.net/eyeglass-isilon-edition/tech-notes/eyeglass-authentication.

 

 

Install License

Retrieve your Eyeglass License keys (instructions provided here).

NOTE: You will require a CENTOS or RHEL OS license key in addition to other Eyeglass product keys

Upload the license zip file provided to you by Superna:

 

IMPORTANT: Do not unzip the license file.  Upload the zip file.

 

 

 

 

 

IMPORTANT: You will be asked to accept the Eyeglass EULA and Phone Home after selecting the Upload button.  License will not be loaded unless EULA is accepted.

 

 

 

 

 

 

Add Isilon Clusters

 

NOTE No Auto Refresh Inventory View

This window does not auto refresh after adding a cluster. You must click the refresh button bottom right to verify when a cluster has finished discovery.  This process can take 5-10 minutes typically.

 

NOTE Cluster DNS Setup and Add Cluster to Inventory:

 If discovery takes a very long time to complete (> 10 minutes), then it's important to check cluster configuration data can resolve external URL.  Cloud pools uses a URL to a storage bucket and if this URL can not complete DNS lookup to IP address API calls that discovery cloud pools will take too long to complete and will timeout the cluster discovery.   Make Sure all URL and DNS resolution is functioning on the cluster if

 

Important After Discovery of a  Cluster’s SyncIQ policies all eyeglass configuration jobs are disabled automatically

 

Configuration Replication Jobs for zones, shares, exports and nfs alias protected by SyncIQ Policy automatically created and are in USERDISABLED state after successful provisioning in Eyeglass.  Enabling these Jobs will be part of the installation steps.  

 

Important Clusters on source target must be in the support feature matrix

Isilon cluster replication pairs must be running supported OneFS version as documented in the System Requirements / Feature Release Compatibility matrix.

Before you add a cluster to Eyeglass verify SyncIQ FQDN Name resolution

 

This step is important to allow eyeglass to automatically build configuration replication jobs correctly. Eyeglass will resolve the FQDN of the SyncIQ policy and then compare the returned ip address to all Isilon clusters added to the eyeglass appliance.  If no match is found, Config Sync jobs will fail be be added to the jobs window, until name resolution works correctly.  A system alarm is also raised that  indicates no matching clusters found for the SyncIQ policies on Cluster named X.

 

  1. Login to eyeglass

  2. open eyeglass shell from eyeglass main menu (bottom left)

  3. login as admin with default password 3y3gl4ss

  4. Get list of SyncIQ policies from the source cluster you are adding and record the FQDN target host value used in the policy

  5. validate the FQDN will resolve correctly on eyeglass

  6. nslookup FQDN   

    1. If an ip address does not get returned you MUST fix this using YAST utility to add DNS to eyeglass (see admin guide for instructions)

    2. OR you must sudo to root with sudo -s (enter admin password)

    3. vi /etc/hosts  and add an entry for the FQDN value that does not resolve correctly

    4. NOTE: DNS is the preferred solution to resolve entries, hosts file can be used as a work around on the appliance for each smartconnect zone that does not resolve to an ip address

  7. Repeat nslookup step for each FQDN used on each cluster you want to add to eyeglass for DR management

From the Eyeglass UI add the Isilon Clusters between which Eyeglass will be replicating the share and export configuration data.

 

 

 

 

 

 

Note:

  • SmartConnect Service must be IP address format.  

  • Maximum RPO Value is the Recovery Point Objective for the cluster in minutes.  If you are using the RPO feature, this target is used during RPO analysis.  More information about Eyeglass RPO analysis can be found here.

  • To create an Eyeglass service account with minimum privileges follow the instructions provided here.

              

 

Once the Isilon is added, Eyeglass will automatically run an inventory task to discover the Isilon components.  When completed, the discovered inventory can be seen in the Inventory View.

 

 

 

 

Enable Eyeglass Jobs

 

Once you have configured your Isilon cluster pair and the Inventory task has completed, 3 Eyeglass Jobs are automatically created per SyncIQ Policy to replicate between the SyncIQ Policy defined source and target.  

 

In addition to the Configuration Replication Jobs, Failover Readiness Jobs are created between replicating clusters that monitor the configuration and readiness of Access Zones.

 

Note:  These jobs are disabled by default (see admin guide on how to change default to enable via the CLI).  Once enabled they will raise alarms if all configuration for Access Zones is not created or prerequisites completed.

 

Pre-requisite for Enabling Configuration Replication

  1. If you have an Active - Active Replication Topology (for data), confirm that you do not have an unsupported share or nfs alias environment described in the diagram below:

Hot Hot Un supported.png

 

 

  1. Review Eyeglass Admin Guide Jobs description to understand what the Configuration Replication Jobs will do.

  2. Review Eyeglass Admin Guide for Configuration Replication Pre-requisites

  3. Review how Eyeglass determines uniqueness for configuration items and what properties are replicated.

 

Enable Jobs for Configuration Replication

Next step is to enable your Share, Export, NFS Alias (AUTO) Jobs for Configuration Replication.  This can be done on a Job by Job basis by following these steps:

 

 

 

Select the Configuration Replication Job to be enabled.

 

Select a bulk action and then select the Enable/Disable option.

 

On the next Configuration Replication cycle, the enabled Job will be run.

Initial state for Jobs

You can change the default behaviour so that these Jobs are enabled by default using this command.

 

Setup Eyeglass for Email Notification

  1. Configure SMTP

  2. Configure Email Recipients

 

Configure SMTP

  1. Enter the information for your email server in the Notification Center / Configure SMTP tab.

 

 

Screen Shot 2016-05-27 at 6.42.36 PM.png

 

  • Host name: Enter the host name for your email server

  • Port: Enter the port which should be used for sending email

  • From: Enter the email address of the sender of the email.  Typically this is required to be a valid email address recognized by the email server.

  • Use Authentication: Select if email server requires an authenticated login

    • User: User or email address for authentication

    • Password: Password for authentication

  • Enable TLS: Select the Enable TLS check box if your email server expects TLS communication.

  • Alarm Severity Filter: Select level of alarms for which you would like to receive email.

 

2. Use the Test Email Setting button to check that the email server information added is correct.  If an error occurs, you will get error codes from the SMTP connection. The "no error" response indicates successful connection.  If error is returned the debug response should be sent to support.superna.net.

3. Save your changes.

 

Configure Email Recipients

  1. Enter the information for your email server in the Notification Center / Manage Recipients tab.

    • Email Recipient: Enter the email address that emails will be sent to.

  1. Select the Add button.

 

Setup Eyeglass for Twitter Notification

 

  • Configure twitter for secure mobile alarms look here note only sends eyeglass DR status to twitter

Setup Eyeglass for Slack

 

  • To Configure Slack channel cluster alarms AND Eyelgass DR events

    • Login to Slack as administrator follow screen shots to get a webhook configured and a slack channel should exist to send alarms too

    • Screen Shot 2016-05-27 at 6.45.30 PM.pngclick Apps & Integrations from settings menu

    • Screen Shot 2016-05-27 at 6.45.48 PM.png

    • Screen Shot 2016-05-27 at 6.46.06 PM.png

    • Screen Shot 2016-05-27 at 6.46.47 PM.png

    • Set alarm filter for type of alarms to send to the slack channel configured for the webhook url.  The setting of Critical means only Critical.

 

 

 

 

Appendix A

 

Use this procedure to force update Eyeglass controlled packages.

List of files controlled by Eyeglass

  1. /etc/lighttpd/conf.d/proxy.conf

  2. /etc/lighttpd/lighttpd.conf

  3. /etc/lighttpd/modules.conf

  4. /etc/motd

  5. /etc/sudoers.d/admin

 

These above mentioned files need to be replaced after you upgrade your RHEL packages. We strongly recommend copying the above mentioned files to a location prior to performing RHEL package upgrade so that they can be copied back safe after upgrade.

 

Example of RPM manager CLI command:

" rpm -Uvh --replacefiles <package-name> "   [ -U  is an upgrade flag ]

 

" rpm -Uvh --replacefiles lighttpd-1.4.45-1.el7.x86_64.rpm "

 

[..customer is responsible for downloading the RPM files..]

 

The current version of lighttpd on RHEL 7.3 [Maipo] is:

lighttpd/1.4.45 (ssl) - a light and fast webserver

Build-Date: Jan 17 2017 18:29:13