- Computers & electronics
- Software
- Computer utilities
- Database software
- Cisco
- Prime Home
- Installation Guide
advertisement
Cisco Prime Home 5.2 Installation Guide
September 2014
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental..
© 2014 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
Installation Overview
1-1
Product Overview
1-1
Deployment Variants
1-2
Licensing Requirements
1-2
Prime Home Components
1-2
Network Infrastructure Setup
1-4
Installation Requirements
2-1
Prerequisites
2-1
System Requirements
2-1
Preparing for Installation
3-1
Configuring the RHEL Platform
3-1
Setting Up the Apache Web Server
3-6
Setting Up a MongoDB Server
3-9
Installing and Configuring a MongoDB Server
3-9
Creating Replica Sets for MongoDB
3-10
Setting Up Apache Solr
3-11
High Availability Setup
3-14
Setting Up Cloudera Flume
3-15
Setting up Cisco Taze
3-18
Preparing the Database
4-1
MySQL Database
4-1
Setting Up the MySQL Database
4-1
Creating a MySQL Database Instance for Prime Home
4-3
Installing Prime Home
5-1
Installing the Configurator Tool
5-1
Deploying the Prime Home Configuration
5-2
Cisco Prime Home 5.2 Installation Guide
3
Contents
Next Steps
6-1
Bandwidth Monitoring Function Setup
6-1
GUI Access
6-2
4
Cisco Prime Home 5.2 Installation Guide
C H A P T E R
1
Installation Overview
This chapter provides an overview of Prime Home, and describes Prime Home availability, deployment variants, licensing requirements, and installation components.
This chapter includes the following sections:
•
•
•
•
•
Licensing Requirements, page 1-2
Prime Home Components, page 1-2
Network Infrastructure Setup, page 1-4
Product Overview
Prime Home is a network management solution that helps you to manage the devices available in the subscriber’s home network. The managed devices connect to the Prime Home platform, which can provision, configure, and monitor the devices, and perform firmware upgrades. Prime Home also provides a parental control facility for subscribers to allow or block websites based on their usage. For
Customer Service Representatives (CSRs), Prime Home provides a simulated view of the subscriber’s network to help them monitor devices and perform troubleshooting operations.
Prime Home deployment varies based on the components available in your network infrastructure, and can be scaled to suit networks of virtually any size.
Prime Home is available as a hosted solution and an onsite solution.
Hosted Prime Home
The hosted Prime Home solution involves setting up Prime Home in a cloud environment, where users are given access to Prime Home. A dedicated server space is allocated to the user based on the license, and the license governs the number of users who can access Prime Home simultaneously. Service providers can ask Cisco to monitor the performance of Prime Home for their network setup, and provide maintenance support.
Onsite Prime Home
The onsite Prime Home solution involves setting up Prime Home in the service provider’s network. The service provider manages all of Prime Home, including database setup and server space management.
The number of users who can access Prime Home simultaneously depends on the license acquired by the service provider. The onsite Prime Home solution provides the flexibility to customize third-party components based on Prime Home usage.
Cisco Prime Home 5.2 Installation Guide
1-1
Chapter 1 Installation Overview
Deployment Variants
Deployment Variants
The Prime Home platform can be deployed as the following variants:
• Multiple node—Multiple node deployment is recommended for medium-scale organizations with fewer than 500,000 devices. For multiple node deployment, the Prime Home platform and database are configured on separate servers.
• High Availability—High Availability deployment is recommended for large-scale organizations with more than 500,000 devices. For High Availability deployment, a load-balanced failover system is set up with replicated system components.
Licensing Requirements
The license determines the maximum number of Prime Home sessions allowed, and which Prime Home features are available. For more information on Prime Home licensing, see the Cisco Prime Home 5.2
User Guide .
Prime Home Components
Prime Home installation requires setting up the Automated Configuration Service (ACS) node. When the CPE boots up, it communicates with the ACS node to get the initial configuration. The ACS node facilitates provisioning and configuring the CPE based on the firmware rules defined in the applicable firmware version.
Note The term ACS used in this document means Automated Configuration Service as described in the
Broadband Forum TR-069 specification.
describes the network components involved in an onsite Prime Home solution.
Table 1-1 Prime Home Components
Component
ActiveMQ
Apache Solr
Description
Open source messaging platform that facilitates sending Java messages and acts as a message queue for Prime Home. Multiple instances of ActiveMQ can be set for Prime Home to serve the
ACS GUI.
Document repository where you store database indexes. Solr allows you to run the Prime Home GUI with rapid access to all of the data. Instead of directly accessing the database, Solr accesses the index manager and retrieves the data in XML format. In High Availability setup, Solr must be configured in a primary-secondary environment to support Prime Home. For more information on how to set up Apache Solr, see
1-2
Cisco Prime Home 5.2 Installation Guide
Chapter 1 Installation Overview
Prime Home Components
Table 1-1
Apache Tomcat
ACS CPE
ACS UI
Cloudera Flume
MongoDB
Prime Home Components (continued)
Component
(Optional) Session Traversal
Utilities for NAT (STUN)
Apache web server
Description
Allows a server to communicate with devices behind a firewall.
STUN is needed only when you do not have a direct network route to the device. In a hosted Prime Home setup, the server is located in a Cisco data center and might not have direct access to your network. With onsite Prime Home, you can set up routing within your network.
You can deploy Cisco Taze, which provides STUN functionality.
For more information on how to set up Cisco Taze, see
Setting up Cisco Taze, page 3-18 .
Provides standard HTTP services and helps in setting up the
Prime Home host in public, private, and secured mode. For more information on how to set up the Apache server, see
Setting Up the Apache Web Server, page 3-6
.
Java container platform for Prime Home. Tomcat provides an open-source implementation of the Java servlet and Java server technologies. For more information on how to configure Apache
Tomcat, see
Setting Up the Apache Web Server, page 3-6 .
Facilitates configuring and provisioning the CPEs. The ACS
CPE component also provides API service, which is used to discover data from CPEs for performance management. The
ACS CPE component is used to apply a specific configuration on the CPE.
Enables CPEs to retrieve the initial configuration and firmware rules. When the CPE boots up and contacts the ACS UI, the
CPE-responder component sends the initial configuration to the
CPE. The ACS UI also provides a simulated view of the subscriber’s network from the Prime Home GUI and the Control
Panel for subscribers.
Provides data transport between Prime Home and the data store.
For more information on how to set up Cloudera Flume, see
Setting Up Cloudera Flume, page 3-15 .
Document storage solution for Prime Home. Prime Home supports configuring multiple instances of MongoDB for document storage. For more information on how to set up the
MongoDB server, see
Setting Up a MongoDB Server, page 3-9
.
Figure 1-1 describes the interaction between the Prime Home components.
Cisco Prime Home 5.2 Installation Guide
1-3
Network Infrastructure Setup
Figure 1-1 Interaction Between Prime Home Components
Chapter 1 Installation Overview
Network Infrastructure Setup
Prime Home deployment depends on the network infrastructure, and may vary based on the components available in the network.
The network infrastructure for installing Prime Home involves configuring the following components:
• RHEL 6.x on the ACS host, MySQL database server, and all the third-party component servers. For information on how to configure RHEL 6.x, see
Configuring the RHEL Platform, page 3-1
.
Cisco Prime Home 5.2 Installation Guide
1-4
Chapter 1 Installation Overview
Network Infrastructure Setup
•
•
Apache web server, ActiveMQ, Apache Solr, ACS core, Cloudera Flume, MongoDB, and Cisco
Taze. For more information on how to set up these network components, see
Chapter 3, “Preparing for Installation.”
MySQL database application on the database server, and creating the required database instance for
Prime Home. For information on preparing the database, see
Chapter 4, “Preparing the Database.”
Cisco Prime Home 5.2 Installation Guide
1-5
Network Infrastructure Setup
Chapter 1 Installation Overview
1-6
Cisco Prime Home 5.2 Installation Guide
Installation Requirements
C H A P T E R
2
This chapter provides the prerequisites and system requirements for installing Prime Home.
This chapter includes the following sections:
•
•
Prerequisites
To install Prime Home, you must meet the following prerequisites:
•
•
•
The ACS servers to host Prime Home components must be available.
The MySQL database server must be available.
The media for the Prime Home software package must be available. Cisco provides the media for
Prime Home, which consist of two zipped tar files:
– Configuration file or distribution file—Provides the Prime Home application and the required tools to use it. For example, the configuration file provides the database schema. You can use this file to customize Prime Home based on your network infrastructure. See
Prime Home Configuration, page 5-2
.
– Configurator tool—Use this tool to set up Prime Home and retrieve the Prime Home configuration from the configuration file on the ACS host server. See
System Requirements
lists the minimum system requirements to install Prime Home. These requirements are for planning purposes only, and might vary based on your network infrastructure.
Table 2-1 System Requirements
Requirement
Type Multiple Node
Load Balancer None
Prime Home Deployment
High Availability
Two load balancers
Cisco Prime Home 5.2 Installation Guide
2-1
Chapter 2 Installation Requirements
System Requirements
Table 2-1
Requirement
Type
Server
System
Requirements
System Requirements (continued)
Multiple Node
One ACS server—For the
Prime Home Host
Prime Home Deployment
High Availability
Two ACS servers—For the Prime Home host
Two database servers—For the MySQL database One database server—For the
MySQL database
ACS server:
•
•
Operating system—RHEL v6.1
Processor—6 to 8 cores
ACS server:
•
•
Operating system—RHEL v6.1
Processor—Either of the following with speed above 2.5 GHz:
•
•
•
RAM (DIMMs)—16 GB
Fiber disk—10,000 RPM
• Database storage—300 GB
Database server:
• Operating system—RHEL v6.1
Processor—6 to 8 cores
•
•
–
–
8 Intel CPU cores
12 AMD CPU cores
RAM (DIMMs)—Minimum 24 GB (over
32 GB preferred)
RAID controller with 1 GB battery-backed, write-through cache
•
•
•
RAM (DIMMs)—32 GB or 48
GB in production
Database storage—300 GB
Fiber disk—10,000 RPM
• Networking—Two NICs:
– NIC 1—Dedicated external connectivity
– NIC 2—Dedicated intraserver connectivity
Database storage—300 GB •
Database server:
• Operating system—RHEL v6.1
• Processor—Either of the following with speed above 2.5 GHz:
– 8 Intel CPU cores
•
•
•
•
– 12 AMD CPU cores
RAM (DIMMs)—Minimum 24 GB (over
32 GB preferred)
RAID controller with 1 GB battery-backed, write-through cache
Networking—Two NICs:
–
–
NIC 1—Dedicated external connectivity
NIC 2—Dedicated intraserver connectivity
Database storage—Above 500 GB
2-2
Cisco Prime Home 5.2 Installation Guide
Chapter 2 Installation Requirements
System Requirements
Table 2-1
Requirement
Type
System
Requirements
(continued)
System Requirements (continued)
Multiple Node
Prime Home Deployment
High Availability
Load balancer:
•
•
HTTP transactions/sec (TPS)—1,000
Maximum SSL TPS—500
Cisco Prime Home 5.2 Installation Guide
2-3
System Requirements
Chapter 2 Installation Requirements
2-4
Cisco Prime Home 5.2 Installation Guide
Preparing for Installation
C H A P T E R
3
This chapter describes the tasks to be performed before you install Prime Home. Prime Home installation depends on various third-party components. You need to set up these components prior to installing Prime Home in your network infrastructure.
This chapter includes the following sections:
•
•
•
•
•
Configuring the RHEL Platform, page 3-1
Configurator Environment Preparation, page 3-6
Setting Up the Apache Web Server, page 3-7
Setting Up a MongoDB Server, page 3-11
•
•
Setting Up Apache Solr, page 3-13
Setting Up Cloudera Flume, page 3-14
Setting up Cisco Taze, page 3-18
Configuring the RHEL Platform
The Red Hat Enterprise Linux (RHEL) operating system is installed on the ACS hosts and database server with the following specifications:
• The SSH access must be set up for Prime Home user for remote installation of Prime Home.
• The appropriate file system must be set up to support Prime Home installation.
describes the minimum disk space required for the file system.
Table 3-1 File System Size
File System
/opt
/var
/home—Only for ACS hosts
/data—Only for database server
Minimum Size
64 GB
128 GB
128 GB
256 GB
Cisco Prime Home 5.2 Installation Guide
3-1
Chapter 3 Preparing for Installation
Configuring the RHEL Platform
Note The /data file system should be an EXT4 file system if the server is hosting MySQL. It is used for MongoDB or MySQL data storage.
After you install RHEL, you must configure the RHEL platform to support Prime Home installation.
To configure the RHEL platform:
Step 1
Step 2
Step 3
Step 4
Step 5
Log into the ACS host and database server as root.
Modify the config file to disable SELinux using the following commands:
# perl -p -i -e 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config
# perl -p -i -e 's/^SELINUXTYPE=.*$/SELINUXTYPE=targeted/g' /etc/selinux/config
The config file controls the state of SELinux on the system. In this file, set the value of SELINUX to disabled and SELINUXTYPE to targeted.
Reboot the ACS host and database server using the following command:
# reboot
Wait for 30 seconds and re-login to the ACS host and database server.
On the ACS host, create the Prime Home user account using the following command:
# useradd -c "Prime Home User" -m -G wheel clearvision
The configurator tool uses the Prime Home user account to log into the load balancer and application server nodes, and install the necessary components on the host servers.
Step 6
Step 7
Configure the Sudo facility on the ACS host: a.
Open the vi editor using the following command:
# visudo b.
Comment out the requiretty default using the following command:
# Defaults requiretty c.
d.
Add the PATH variable to the new environment:
...
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults env_keep += "PATH"
...
Disable the password prompts for the clearvision user using the following command: clearvision ALL=(ALL) NOPASSWD: ALL
Configure the SSH keys on the ACS host:
Note •
•
The SSH keys are generated on an administrative system, and their public keys are loaded onto the
ACS host. This allows the administrative system to perform an SSH access into the ACS host, and get authenticated by the public keys instead of a password. The configurator tool uses this SSH facility to connect to the ACS host, and configure the Prime Home components.
The administrative system user should not use a blank password for SSH keys.
3-2
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Configuring the RHEL Platform a.
Generate the SSH key pair on the administrative system using the following commands:
# ssh-keygen -t rsa -b 2048 -C "<User/Identifying Comment>" -f ~/.ssh/id_rsa
# chmod 700 ~/.ssh
# chmod 600 ~/.ssh/id_rsa b.
Set up agent on the administrative system using the following commands:
# exec ssh-agent bash -l
# ssh-add c.
Set up public or private key login on the ACS server using the following command:
# ssh clearvision@ACSHOST "mkdir -p ~/.ssh; touch ~/.ssh/authorized_keys; chmod 700
~/.ssh; chmod 600 ~/.ssh/authorized_keys; echo \"`cat ~/.ssh/id_rsa.pub`\" >>
~/.ssh/authorized_keys"
You can also log into the ACS host and copy the SSH keys if the following conditions are met:
•
•
SSH agent is running
SSH agent forwarding is enabled on the ACS host
• Remote .ssh directory already exists
To log into the ACS host and copy the SSH keys, run the following commands:
# ssh clearvision@acshost
# ssh-add -L >> ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys
Note Ensure that the administrative SSH public keys are distributed to all Apache and Prime Home nodes. Repeat this step to distribute SSH keys to all the Apache and Prime Home nodes in your network infrastructure.
Step 8 On the ACS host and database server, configure OS limits and sysctl using the following commands:
# echo '# DO NOT USE' > /etc/security/limits.d/90-nproc.conf
# perl -p -i -e 's/^net\.ipv4\.tcp_syncookies[ \t]=.*$/net.ipv4.tcp_syncookies = 0/g'\
/etc/sysctl.conf
# cat <<EOF > /etc/security/limits.conf
* soft nofile 8192
* hard nofile 16384
* soft data unlimited
* hard data unlimited
* soft stack unlimited
* hard stack unlimited
* soft rss unlimited
* hard rss unlimited
* soft nproc 32768
* hard nproc 65535
EOF
Note The OS limits are configured for the Prime Home components to improve the host’s performance. For a heavily loaded system with single server deployment, configure the OS limit and sysctl as described in this step.
Cisco Prime Home 5.2 Installation Guide
3-3
Chapter 3 Preparing for Installation
Configuring the RHEL Platform
Step 9 Configure time on the ACS host and database server: a.
Modify the /etc/sysconfig/clock file using the following command:
# perl -p -i -e 's/^ZONE=.*$/ZONE=UTC/g' /etc/sysconfig/clock b.
Change the system link using the following command:
# ln -sf /usr/share/zoneinfo/UTC /etc/localtime c.
Enable the time setting using the following commands:
# ntpdate pool.ntp.org
# chkconfig ntpd on
# service ntpd start
Note In virtualized environment, if the ACS host server uses Network Time Protocol (NTP) and the clock is synchronized with guest virtual machines, the installation of NTP is not required on the guest virtual machines.
Step 10 Configure iptables for the ACS host server:
Note It is assumed that em2 is the internal NIC and em1 is the external NIC on the host server.
a.
Modify the /etc/sysconfig/iptables file using the following command:
# vi /etc/sysconfig/iptables b.
Set the parameters as follows:
– UDP for STUN — 3478 or 3479
–
–
TCP for ActiveMQ — 7400
TCP for Solr — 7700
– To support validation of configurator ports for Apache or Tomcat TCP ports, add the following:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i em2 -j ACCEPT
-A INPUT -i em1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i em1 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i em1 -p tcp -m tcp --dport 1080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT c.
If IPv6 support is available, add the following to the /etc/sysconfig/ip6tables file:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
Cisco Prime Home 5.2 Installation Guide
3-4
Chapter 3 Preparing for Installation
Configuring the RHEL Platform
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i em2 -j ACCEPT
-A INPUT -i em1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i em1 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i em1 -p tcp -m tcp --dport 1080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8161 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
Step 11 On the ACS host and database server, remove the default RHEL platform packages using the following command:
# yum -y erase java-*-openjdk libgcj mod_perl mod_wsgi
Step 12 Configure Java for the ACS host and database server: a.
Download the 64-bit Java7 jdk RPM version; jdk-7u67-linux-x64-rpm.bin, from http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
.
b.
Install Java7 jdk using the following command:
# rpm -Uvh jdk-7u67-linux-x64.rpm
c.
Verify the Java version using the following command:
# java -version d.
Add the Sun JDK to /etc/alternatives file using the following command:
# alternatives --install /usr/bin/java <path_to_JDK_bin/java> 20000
Step 13 On the ACS host and database server, install RHEL platform packages for Prime Home using the following commands:
# yum install screen telnet logwatch lynx
The next stage is to run the configurator.
Note To improve the backup capability of the host, you can also install the pigz package, along with the lbzip2 or pbzip2 package.
Observations - RHEL Setup
is a worksheet that you must fill out after you configure RHEL on the ACS host server and database server.
Table 3-2
RHEL Setup
Worksheet - RHEL Setup
Prime Home host user or ACS host user
Prime Home host password or
ACS host password
Sample Observation Your Observation clearvision clearvision
Cisco Prime Home 5.2 Installation Guide
3-5
Chapter 3 Preparing for Installation
Configurator Environment Preparation
Configurator Environment Preparation
The configurator must be run as a non-root user with RVM installed as that user with an active Ruby
2.1.0 environment.
Running Configurator on CentOS 6
Prerequisites
Step 14
EPEL
RVM requires some libraries that are not present in the CentOS repositories, so the EPEL YUM repository must be installed before running Configurator.
Download and install the latest version of the epel-release package: http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Note: The MySQL client library must be installed prior to running Configurator, so that the mysql2 gem used by the migrations project can link with it successfully. It does not matter which version of the client library and development headers are used.
If MySQL 5.5 is available:
# sudo yum install MySQL-devel MySQL-shared
Step 15 If MySQL 5.5 is not available
# sudo yum install mysql-devel mysql-shared
RVM Installation and Environment Setup
Step 1 Install RVM as the non-root user that will be executing Configurator: curl -sSL https://get.rvm.io | bash -s stable
Step 2
Step 3
Follow the instructions printed by the RVM installation process.
Use RVM to install Ruby 2.1.0, again as the non-root user that will be executing Configurator: rvm install 2.1.0
rvm use 2.1.0 --default
Note: If a Ruby 2.1.0 RVM environment already existed, make sure to upgrade the Bundler gem to at least version 1.6.0: gem install bundler
Running Configurator on Mac OS X
Prerequisites
Homebrew
3-6
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Setting Up the Apache Web Server
Homebrew is used to install MySQL and its library in /usr/local where it can be found by the mysql2 gem build process.
Step 1 Install Homebrew: ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
Step 2 Verify that Homebrew is functioning and address all issues reported: brew doctor
Step 3
Step 4
Do not proceed until brew doctor reports "Your system is ready to brew."
Use Homebrew to install MySQL: brew install mysql
Note: The Homebrew formulae for specific versions of MySQL do not link the library and headers in
/usr/local, which will cause errors when attempting to execute migrations. You must use the formula for the latest version of MySQL when using Homebrew to install MySQL on OS X.
RVM Installation and Environment Setup
Step 1 Install RVM as the non-root user that will be executing Configurator: curl -sSL https://get.rvm.io | bash -s stable
Step 2
Step 3
Follow the instructions printed by the RVM installation process.
Use RVM to install Ruby 2.1.0, again as the non-root user that will be executing Configurator: rvm install 2.1.0
rvm use 2.1.0 --default
Note: If a Ruby 2.1.0 RVM environment already existed, make sure to upgrade the Bundler gem to at least version 1.6.0: gem install bundler
Setting Up the Apache Web Server
The Apache web server acts as a proxy server, and is used to redirect northbound requests to the correct components in Prime Home. The Apache web server is deployed in the network infrastructure to provide the following functionalities for Prime Home:
•
•
•
Direct the CPE, API, and Prime Home UI requests to the correct service port in the Prime Home platform’s Tomcat container.
Provide a simple means of managing SSL certificates for Customer Premises Equipment (CPE) and
Prime Home web URLs.
Limit the Prime Home platform access during maintenance, and allow the maintenance activity to be tracked.
Cisco Prime Home 5.2 Installation Guide
3-7
Chapter 3 Preparing for Installation
Setting Up the Apache Web Server
You can analyze the log files of the Apache web server to determine CPE behavior and ACS performance.
Note SSL certificates are loaded in the Apache web server with specific certificate keys. You must restart the
Apache web server when a new certificate key is added. If the certificate is renewed and the associated certificate key is unchanged, only a reload of Apache web server is needed.
The Apache web server is installed on the ACS host.
To set up the Apache web server:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Log into the ACS host as root.
Install Apache httpd using the following command:
# yum install httpd mod_ssl
Remove the Perl and WSGI module of the Apache web server using the following command:
# yum erase mod_perl mod_wsgi
Delete the php.conf file using the following command:
# rm -f /etc/httpd/conf.d/php.conf
Modify the /etc/httpd/conf/httpd.conf configuration file using the following commands:
# perl -p -i -e 's/^Timeout .*$/Timeout 360/g' /etc/httpd/conf/httpd.conf
# perl -p -i -e 's/^KeepAlive .*$/KeepAlive On/g' /etc/httpd/conf/httpd.conf
# perl -p -i -e 's/^MaxKeepAliveRequests .*$/MaxKeepAliveRequests 1000/g'
/etc/httpd/conf/httpd.conf
# perl -p -i -e 's/^KeepAliveTimeout .*$/KeepAliveTimeout 300/g'
/etc/httpd/conf/httpd.conf
# sed -n '1h;1!H;${;g;s/<IfModule prefork.c>[^<]*</<IfModule prefork.c>\nStartServers
20\nMinSpareServers 20\nMaxSpareServers 50\nServerLimit 1024\nMaxClients
768\nMaxRequestsPerChild 0\n</g;p;}' /etc/httpd/conf/httpd.conf >
/etc/httpd/conf/httpd.conf.temp
# sed -n '1h;1!H;${;g;s/<IfModule worker.c>[^<]*</<IfModule worker.c>\nStartServers
5\nMaxClients 750\nMinSpareThreads 25\nMaxSpareThreads 75\nThreadsPerChild
25\nMaxRequestsPerChild 0\n</g;p;}' /etc/httpd/conf/httpd.conf.temp >
/etc/httpd/conf/httpd.conf
# rm -f /etc/httpd/conf/httpd.conf.temp
Depending upon the expected load, the worker may be the preferred worker at higher loads.
Create the directory, home/clearvision/vhosts, on the Apache web server using the following commands:
# mkdir -p /home/clearvision/vhosts
# chown clearvision /home/clearvision/vhosts
Note You have to specify the location of this directory in the Prime Home configuration file.
Step 7
Ensure that the appropriate permissions are provided to the Prime Home user to access this directory.
Include the directory, home/clearvision/vhosts, in the httpd.conf file using the following commands:
# perl -p -i -e 's/^Include \/home\/clearvision\/vhosts.*$//g' /etc/httpd/conf/httpd.conf
# perl -p -i -e 's/^Include conf\.d\/\*\.conf.*$/Include conf\.d\/\*\.conf\nInclude
\/home\/clearvision\/vhosts\/\*\.conf/g' /etc/httpd/conf/httpd.conf
# perl -p -i -e 's/^Listen 81$//g' /etc/httpd/conf/httpd.conf
Cisco Prime Home 5.2 Installation Guide
3-8
Chapter 3 Preparing for Installation
Setting Up the Apache Web Server
Step 8
# perl -p -i -e 's/^Listen 80$/Listen 80\nListen 81/g' /etc/httpd/conf/httpd.conf
Create the /etc/httpd/conf.d/proxy.conf file. The proxy.conf file enables NameVirtualHosts to route requests correctly. Set the proxy.conf file as follows:
# Proxy Config cat <<EOF > /etc/httpd/conf.d/proxy.conf
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from all
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
ProxyTimeout 300
NameVirtualHost *:80
NameVirtualHost *:443
</IfModule>
EOF
Step 9
Step 10
Remove the _default_ virtual host section in /etc/httpd/conf.d/ssl.conf file.
Test the configuration using the following command:
# apachectl -t
You may ignore the warnings received for no virtual host existence. The configurator adds these virtual hosts in the Prime Home setup.
Note The apachectl -t command can only check syntax errors. If you have specified incorrect file paths or missing files, the error can be detected only during runtime.
Step 11 If the configuration is correct, start the httpd service using the following command:
# service httpd start
Step 12 If new SSL private keys are defined in the new configuration file, restart the httpd service using the following command:
# service httpd restart
Step 13 Verify the location of the log files and vhost files:
• /var/log/httpd/<acsname>.log
— Log file for user interface NBI
•
•
/var/log/httpd/<acsname>.cpe.log
— Log file for CPE responder
/home/clearvision/vhosts/hostname/ — Directory where the configurator-generated vhost files are stored
Observations - Apache Web Server Setup
is a worksheet that you must fill out after you set up Apache web server.
Cisco Prime Home 5.2 Installation Guide
3-9
Chapter 3 Preparing for Installation
Setting Up the Apache Web Server
Table 3-3 Worksheet - Apache Web Server Setup
Apache Web Server Setup Sample Observation loadBalancers hostname loadBalancerId location type acs-host or http-host.internal.net
http-public
/home/clearvision/httpd apache
URL nodeIds user nodes hostname location nodeId catalina_logDir catalina_logNamePrefix log4j_logFile ports_tc_ajp_external acshost.clearaccess.com
main clearvision acs-host
/home/clearvision/acshost/main main
/home/clearvision/acshost/logs/main catalina-main
/home/clearvision/acshost/logs/main/acs.
log
8082
Your Observation ports_tc_ajp_internal ports_tc_http_external
443 - If SSL is enabled
8083
8080 ports_tc_http_internal ports_tc_shutdown tc_route uuid
Note You can generate the UUID using the system command, uuidgen .
URL_user_internal_root
443 - If SSL is enabled
8081
8084 main
12B78A44-4F11-4142-8F5B-5990F9592
C21 clearprobe_rrd_directory http://acshost.clearaccess.com:80/primehome
/home/clearvision/acshost/logs/main/rrd
For information on the fields listed in the worksheet, see
3-10
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Setting Up a MongoDB Server
Setting Up a MongoDB Server
MongoDB provides a robust data storage engine that can be easily scaled. It can run on a single server as a standalone database to support smaller setups with only two nodes and an arbiter. MongoDB is deployed in the network infrastructure to provide the following functionalities for Prime Home:
• Permanent storage of data associated with system audit, Taze, and bandwidth monitoring.
•
•
Limited storage of configuration data. The configuration data is modified only when you change the
Prime Home setup. If MongoDB is used for storing the configuration data, you can deploy
MongoDB on a single server as the data transaction rate is very less for configuration data.
A highly available peer network that can be tracked easily in real time.
Note Memory utilization is high for MongoDB. Hence, we recommend that you deploy MongoDB on a separate server or virtual machine.
Installing and Configuring a MongoDB Server
To install and configure a MongoDB server:
Step 1
Step 2
Step 3
Log into the MongoDB host as root.
Add the 10gen repository to your local repository by creating the file /etc/yum.repos.d/10gen.repo with the following contents (the example text shown is for a 64-bit system): cat <<EOF > /etc/yum.repos.d/10gen.repo
[10gen] name=10gen Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64 gpgcheck=0 enabled=1
EOF
Install the MongoDB packages, mongo-10gen and mongo-10gen-server, using the following command:
# yum -y install mongo-10gen mongo-10gen-server
Note You must install the MongoDB package mongo-10gen on the components that access the
MongoDB server. In this release, the components are the ACS server and the optional bandwidth monitoring server only.
Step 4 Modify the /etc/mongod.conf file using the following commands:
# perl -p -i -e 's/^[#]*dbpath[= ].*$/dbpath=\/data\/mongo/g' /etc/mongod.conf
# perl -p -i -e 's/^[#]*logpath[= ].*$/logpath=\/var\/log\/mongo\/mongod.log/g'
/etc/mongod.conf
# perl -p -i -e 's/^[#]*logappend[= ].*$/logappend=true/g' /etc/mongod.conf
# perl -p -i -e 's/^[#]*fork[= ].*$/fork=true/g' /etc/mongod.conf
Verify that you have created directories for dbpath and logpath with appropriate permissions, or create them using the following commands:
# mkdir -p /data/mongo /var/log/mongo
# chown mongod:mongod -R /data/mongo /var/log/mongo
Cisco Prime Home 5.2 Installation Guide
3-11
Chapter 3 Preparing for Installation
Setting Up a MongoDB Server
Step 5
Step 6
Verify the MongDB configuration and restart the Mongo service using the following commands:
# chkconfig mongod on
# service mongod start
Initialize MongoDB to create the databases and collections for STUN and system audit.
A confirmation message informs you when the setup is complete.
Creating Replica Sets for MongoDB
If MongoDB is used for permanent storage of system audit, Taze, and bandwidth monitoring data, we recommend that you create replica sets for MongoDB. You must deploy MongoDB on multiple servers and configure three nodes with sufficient data storage.
To create replica sets for MongoDB:
Step 1
Step 2
Deploy MongoDB on an odd number of nodes greater than one.
Modify the /etc/mongod.conf file to add the replSet and oplogSize directives using the following command:
# perl -p -i -e 's/^[#]*replSet[= ].*$/replSet= replicaSetName/ g' /etc/mongod.conf
# perl -p -i -e 's/^[#]*oplogSize[= ].*$/oplogSize=100/g'
/etc/mongod.conf
Specify the replica set name and oplogSize as follows: replSet = replicaSetName oplogSize = 100
Note The oplogSize directive is the maximum size of the replication buffer, in megabytes. It should be set to approximately 5% of the file system size.
Step 3 Initialize the MongoDB replica sets using mongo shell as follows: rs.initiate({
"_id" : "replicaset",
"members" : [
{"_id" : 1, "host" : " mongohost1.domain.com
"},
{"_id" : 2, "host" : " mongohost2.domain.com
"},
{"_id" : 3, "host" : " mongohost3.domain.com
"}]
})
Observations - MongoDB Server Setup
Table 3-4 is a worksheet that you must fill out after you set up the MongoDB server.
3-12
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Setting Up Apache Solr
Table 3-4 Worksheet - MongoDB Server Setup
MongoDB Server Setup Sample Observation db_directory on
MongoDB server
/data/mongo
Hosts on which
MongoDb is configured mongohost1.domain.com, mongohost2.domain.com, and mongohost3.domain.com
Your Observation
Setting Up Apache Solr
Apache Solr provides full text search capabilities within the Prime Home platform. When objects are added to the MySQL database, Apache Solr creates an index for the descriptors associated with the objects. The different parts of the Prime Home platform use this index to search the descriptors.
Apache Solr can be installed on the ACS host or on a separate host server.
After you set up the Apache Solr component, you can perform the following functions using the Apache
Solr admin UI:
•
•
View the counts of objects in the database and index.
Rebuild the complete or partial index.
To set up Apache Solr:
Step 1
Step 2
Step 3
Log into the Apache Solr host or ACS host as root.
Install solr-jetty-core package using the following commands:
# mkdir -p /opt/clearvision/packages/solr
# cd /opt/clearvision/packages/solr
# tar -xzf /path/to/solr-jetty-core-3.5.0.tgz
# useradd -d /opt/clearvision/packages/solr -s /bin/bash -G clearvision solr ln -sf /opt/clearvision/packages/solr/solr-jetty-core-3.5.0/bin/solr-jetty-core-3.5.0
/etc/init.d/solr-jetty-core
# chkconfig solr-jetty-core on
# cd /opt/clearvision
# ln -s packages/solr/solr-jetty-core-3.5.0 solr
# chown -R solr:clearvision solr packages/solr
Modify the /opt/clearvision/solr/solr/conf/solrconfig.xml file based on your network infrastructure, using the following command:
# vi /opt/clearvision/solr/solr/conf/solrconfig.xml
For multiple node with single ACS host, use the following pattern for solrconfig.xml file
<!-- remove the <lst name="master"> section if this is just a slave -->
<!-- remove the <lst name="slave"> section if this is just a master -->
<requestHandler name="/replication" class="solr.ReplicationHandler" >
<lst name="master">
<str name="enable">${enable.master:false}</str>
<str name="replicateAfter">commit</str>
<str name="replicateAfter">startup</str>
<str name="confFiles">schema.xml,stopwords.txt</str>
</lst>
</requestHandler>
Cisco Prime Home 5.2 Installation Guide
3-13
Chapter 3 Preparing for Installation
Setting Up Cloudera Flume
Step 4
Step 5
Step 6
For High Availability installation, use the following pattern for solrconfig.xml file:
<!-- remove the <lst name="master"> section if this is just a slave -->
<!-- remove the <lst name="slave"> section if this is just a master -->
<requestHandler name="/replication" class="solr.ReplicationHandler" >
<lst name="master">
<str name="enable">${enable.master:false}</str>
<str name="replicateAfter">commit</str>
<str name="replicateAfter">startup</str>
<str name="confFiles">schema.xml,stopwords.txt</str>
</lst>
<lst name="slave">
<str name="enable">${enable.slave:false}</str>
<str name="masterUrl">http://MASTERHOSTNAME:7700/solr/corename/replication</str>
<str name="pollInterval">00:00:60</str>
</lst>
</requestHandler>
For HA installations, change the /etc/init.d/solr script to match the correct node role. On slave hosts, comment out the master line and uncomment out the slave line.
Start the Apache Solr service using the following command:
# service solr-jetty-core start
Create specific cores using the following script:
# /opt/clearvision/packages/solr/solr-jetty-core-3.5.0/bin/create-core.sh corename
Confirm that Apache Solr was successfully set up on the host server by opening the admin UI using the following URL: http:// host : 7700 /solr/ corename /admin
Observations - Apache Solr Setup
Table 3-5 is a worksheet that you must fill out after you set up Apache Solr.
Table 3-5 Worksheet - Apache Solr Setup
Apache Solr Setup solr_url
Sample Observation http://MASTERHOSTNAME:7700
/solr/corename
Your Observation
For information on the fields listed in the worksheet, see
Setting Up Cloudera Flume
Cloudera Flume provides a platform to transfer a large volume of data from the Prime Home components to MongoDB. MongoDB is the data storage solution for STUN and system audit data.
Before deploying Cloudera Flume in your network infrastructure, be sure that you have the appropriate network planning information for Prime Home functions. The network planning information includes whether you are setting up:
3-14
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Setting Up Cloudera Flume
• Prime Home system auditing application
• Taze STUN application
If you set up these applications in a Prime Home setup that manages a large number of devices, the volume of data transfer and rate of notifications between these applications and MongoDB will be high.
You need to set up dedicated flows from these applications to MongoDB. Prime Home provides the package required to allow Cloudera Flume flows to connect to MongoDB.
Cloudera Flume is installed on all Prime Home components and the database server. You can deploy
Cloudera Flume in both Multiple node and High Availability environments. For High Availability setup, you can deploy Cloudera Flume agents in peer arrangements on hosts in the network.
To set up Cloudera Flume:
Step 1
Step 2
Step 3
Step 4
Log into the ACS hosts and database server as root.
Download the Cloudera Flume repository definition from http://archive.cloudera.com/redhat/6/x86_64/cdh/cloudera-cdh3.repo
.
Add the Cloudera Flume repository definition to the local repository /etc/yum.repos.d/ of all ACS hosts and the database server, using the following command:
# cat <<EOF > /etc/yum.repos.d/cloudera-cdh3.repo
[cloudera-cdh3] name=Cloudera´s Distribution for Hadoop, Version 3 mirrorlist=http://archive.cloudera.com/redhat/6/x86_64/cdh/3/mirrors gpgkey = http://archive.cloudera.com/redhat/6/x86_64/cdh/RPM-GPG-KEY-cloudera gpgcheck = 1
EOF
Install the Cloudera Flume packages, flume-node and flume-master, on the database server, using the following command:
# yum -y install flume-node flume-master
On the ACS hosts, install only flume-node package using the following command:
# yum -y install flume-node
Step 5 Modify the Flume master server configuraton to include the database host details. Using the example text shown here, do the following:
• Replace dbhost.domain with the <Database host>
• Include the flume.plugin.classes
property in the configuration
# mkdir -p /var/flume && chown flume:flume /var/flume
# cat <<EOF > /etc/flume/conf/flume-site.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<!--
Licensed to Cloudera, Inc. under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. Cloudera, Inc. licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
Cisco Prime Home 5.2 Installation Guide
3-15
Chapter 3 Preparing for Installation
Setting Up Cloudera Flume
Step 6
Step 7
limitations under the License.
-->
<!-- site specific configuration variables should go here. -->
<configuration>
<property>
<name>flume.master.servers</name>
<value> dbhost.domain
</value>
<description>This is the address for the config servers status
server (http)
</description>
</property>
<property>
<name>flume.agent.logdir</name>
<value>/var/flume/flume-\${user.name}/agent</value>
<description> This is the directory that write-ahead logging data
or disk-failover data is collected from applications gets
written to. The agent watches this directory.
</description>
</property>
<property>
<name>flume.collector.dfs.dir</name>
<value>file:///var/flume/flume-\${user.name}/collected</value>
<description>This is a dfs directory that is the the final resting
place for logs to be stored in. This defaults to a local dir in
/tmp but can be hadoop URI path that such as hdfs://namenode/path/
</description>
</property>
<property>
<name>flume.master.zk.logdir</name>
<value>/var/flume/flume-\${user.name}-zk</value>
<description>The base directory in which the ZBCS stores data.</description>
</property>
<property>
<name>flume.plugin.classes</name>
<value>com.clearaccess.clearsight.flume.MongoDBAppendSink,com.clearaccess.clearsight.flume
.MongoDBSummaryUpdateSink</value>
<description></description>
</property>
</configuration>
EOF
Start the Flume service on the database server using the following commands:
# chkconfig flume-master on
# service flume-master start
Connect to the Flume master and configure bindings on the database server.
In the following example, replace:
•
• dbhost.domain with the <Database host> acshost.domain with the <ACS host>
# flume shell
# connect dbhost.domain
# Audit Logging
exec map dbhost.domain
dbhost.domain
.collector.audit
3-16
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Setting Up Cloudera Flume
Step 8
Step 9
exec map dbhost.domain
dbhost.domain
.agent.audit
exec map acshost.domain
acshost.domain
.agent.audit
exec config dbhost.domain
.collector.audit audit.flow 'collectorSource(35854)'
'collector(10000) { csMongoAppendSink("mongodb:// dbhost.domain
/cv.audit.log?maxpoolsize=17", "16") }'
exec config dbhost.domain
.agent.audit audit.flow 'avroSource(12346)'
'agentE2ESink(" dbhost.domain
", 35854)'
exec config acshost.domain
.agent.audit audit.flow 'avroSource(12346)'
'agentE2ESink(" dbhost.domain
", 35854)'
(Optional) If you have deployed the STUN server in your network infrastructure, run the following commands else skip this part:
# STUN
exec map dbhost.domain
dbhost.domain
.collector.stun
exec map dbhost.domain
dbhost.domain
.agent.stun
exec map acshost.domain
acshost.domain
.agent.stun
exec config dbhost.domain
.collector.stun stun.flow 'collectorSource(35853)'
'collector(10000) { csMongoUpdateSink("mongodb:// dbhost.domain
/cv.stun.summary?maxpoolsize=17",
"cvClusterId,oui,sn", "16") }'
exec config acshost.domain
.agent.stun stun.flow 'avroSource(12345)'
'agentE2ESink(" dbhost.domain
", 35853)'
exec config dbhost.domain
.agent.stun stun.flow 'avroSource(12345)'
'agentE2ESink(" dbhost.domain
", 35853)'
Obtain the flume.tar file that contains the Flume library, and unpack it to /usr/lib/flume/lib using the following commands:
# dir=`pwd`
# cd /usr/lib/flume/lib
# tar -xf "${dir}/flume.tar"
# cd "${dir}"
Open a web browser on the Flumemaster host, and launch Cloudera Flume using the following URL: http:// localhost :35871
Note If the web browser is not available on the Flumemaster host, you must forward the port 35871 over SSH to a system on which the web browser is available and launch Cloudera Flume.
Observations - Cloudera Flume Setup
is a worksheet that you must fill out after you set up Cloudera Flume.
Table 3-6 Worksheet - Cloudera Flume Setup
Cloudera Flume Setup Sample Observation
Flume_URL http://flumemaster:35871
Your Observation
Cisco Prime Home 5.2 Installation Guide
3-17
Chapter 3 Preparing for Installation
Setting up Cisco Taze
Setting up Cisco Taze
You can deploy Cisco Taze in your network infrastructure to provide STUN functionalities. Session
Traversal Utilities for NAT (STUN) helps you to manage the devices behind a NAT gateway.
Before you deploy Cisco Taze in your network infrastructure, verify that the following prerequisites have been met:
•
•
•
A pair of publicly routable IP addresses that Cisco Taze uses to listen and respond to is available.
A pair of UDP ports, 3478 and 3479, on each of the publicly routable IP addresses is available.
•
Devices can access the publicly routable IP addresses with UDP ports 3478 and 3479.
Network connectivity between Cisco Taze and ActiveMQ is available. This allows the Cisco Taze to access the JMS queues on the ActiveMQ servers, and process solicit requests between the ACS and the CPE.
• Cloudera Flume is deployed. Cloudera Flume captures binding request messages and transfers the message data to MongoDB. For information on how to set up Cloudera Flume, see
You can deploy Cisco Taze in multiple node or High Availability environments, but only one host at a given time can be the active Cisco Taze host.
To set up the Cisco Taze:
Step 1
Step 2
Step 3
Step 4
Step 5
Log into Cisco Taze host as root.
Copy the Cisco Taze package into the /opt/clearvision/taze directory.
Copy the Cisco Taze init script to /etc/init.d
.
Enable the Cisco Taze startup using the following command: chkconfig taze on
Modify the taze.conf file using the following command:
# vi taze.conf
The value of avroport in the taze.conf file must match the avrosource value in the Flume master configuration because the Flume node listens on the avroport.
The taze.conf file must include the following settings: stun.primary.address=19.15.45.15
stun.secondary.address=19.15.45.16
stun.primary.port=3478 stun.secondary.port=3479 activeMQ.brokerURL=failover:(nio://amqhost1:7400,nio://amqhost2:7400) clearprobe.rrds-path=rrds clearprobe.port=9090 clearsight.enabled=true clearsight.eventHost=stunhost.fqdn.com
clearsight.stun.avroHost=localhost clearsight.stun.avroPort=12345 clearsight.stun.pool.maxActive=50 clearsight.stun.pool.maxIdle=10 clearsight.stun.pool.minIdle=10 clearsight.stun.pool.maxWait=5000
3-18
Cisco Prime Home 5.2 Installation Guide
Chapter 3 Preparing for Installation
Observations - Cisco Taze Setup
is a worksheet that you must fill out after you set up Cisco Taze.
Table 3-7 Worksheet - Cisco Taze Setup
Cisco Taze Setup taze_broker_maxConnections taze_broker_url taze_enabled
Check whether STUN binding requests are logged into
MongoDB.
Check whether the Cisco Taze service is able to respond to UDP connection requests from remote hosts.
If the audit function is enabled, verify whether binding requests from devices appear in the Cisco
Prime Home log.
Sample Observation
50 nio://amqhost:7400
True
Yes
Yes
Yes
Your Observation
For information on the fields listed in the worksheet, see
.
Setting up Cisco Taze
Cisco Prime Home 5.2 Installation Guide
3-19
Setting up Cisco Taze
Chapter 3 Preparing for Installation
3-20
Cisco Prime Home 5.2 Installation Guide
Preparing the Database
C H A P T E R
4
This chapter explains how to set up the MySQL database for Prime Home.
The database setup depends on the size of the network and the type of Prime Home deployment.
Prime Home can be deployed in multiple node or High Availability setup.
The database must be functioning normally before you install Prime Home.
This chapter includes the following sections:
•
•
Setting Up the MySQL Database, page 4-1
MySQL Database
The MySQL database is the default data store for Prime Home, and is installed on a separate host server.
For deploying Prime Home, the MySQL database requires the following settings:
•
•
Minimum 1-Gigabit Ethernet setup between the ACS host and the MySQL database. We recommend a 10-Gigabit Ethernet setup. This ensures that sufficient bandwidth is available for data transfer between the ACS host and the MySQL database.
Java Database Connectivity (JDBC) between the ACS host and the MySQL database. To support
JDBC, you have to create a specific database instance for Prime Home.
•
•
•
An existing directory for storing MySQL database files. The partition should be at least ext4, preferably XFS or another file system that can provide maximum throughput for large files.
Ensure that the MySQL connection information is based on the ACS host’s naming protocol, and the login credentials are assigned accordingly. MySQL will resolve the connection hostname, and use it for authentication.
Ensure that the Prime Home user can access the MySQL database from the ACS host.
Setting Up the MySQL Database
Caution Prime Home is an extremely write-intensive application. Ensure that the database scaling and tuning is done accurately with proper planning.
Cisco Prime Home 5.2 Installation Guide
4-1
Chapter 4 Preparing the Database
Setting Up the MySQL Database
To set up the MySQL database:
Step 1
Step 2
Step 3
Log into the MySQL host as root.
Install MySQL 5 using the following command:
# yum -y install mysql-server
Download the JDBC driver from http://dev.mysql.com/downloads/connector/j/ and install it.
Note The JDBC driver supports the connectivity between the ACS host and the MySQL database.
Step 4 Modify the /etc/my.cnf file using the following command:
# cat <<EOF > /etc/my.cnf
Set the values in the my.cnf file as follows:
[mysqld] datadir = /data/mysql socket=/var/lib/mysql/mysql.sock
user=mysql bind-address = 0.0.0.0
max_connections = 5000 max_connect_errors = 9999999999999 key_buffer = 32M max_allowed_packet = 32M thread_stack = 256K query_cache_limit = 4M query_cache_size = 32M auto_increment_increment = 10 innodb_data_file_path = ibdata1:512M;ibdata2:512M;ibdata3:512M:autoextend innodb_buffer_pool_size = 2G innodb_log_file_size = 512M innodb_thread_concurrency = 10 innodb_flush_log_at_trx_commit = 2 table_open_cache = 256 tmp_table_size = 64M server-id = 1 symbolic-links=0
[mysqld_safe] log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
EOF
Note •
•
In a High Availability environment, you must enable the primary-secondary setup for the MySQL database. Make sure that the server-id value in the /etc/my.cnf file is unique for all servers in the
MySQL database cluster.
Disable the symbolic-links to prevent security risks. Make sure that the symbolic-links value in the in the /etc/my.cnf file is set to zero.
Step 5
Step 6
Enable the MySQL startup using the following command:
# chkconfig mysqld on
# service mysqld start
Change the MySQL admin password using the following command:
4-2
Cisco Prime Home 5.2 Installation Guide
Chapter 4 Preparing the Database mysqladmin -u root password newpassword
Setting Up the MySQL Database
Creating a MySQL Database Instance for Prime Home
To enable selection, insertion, deletion, and drop privileges for Prime Home users, you must create a
MySQL database instance.
Before you Begin
.
To create a MySQL database instance for Prime Home:
Step 1 Create the database instance for Prime Home using the following commands: mysql -uroot -p
Password: *********** mysql> create database _ acsname ; where _acsname is the Prime Home database instance name. It should be same as the Apache Solr instance name; for example, _sampleacs01.
Note The Configurator tool identifies the skeletal schema of the database instance, and applies changes to the MySQL database. Hence, the Prime Home database instance also requires a skeletal schema. The recommended naming convention for Prime Home database instance is
_acsname.
Step 2
Step 3
Assign privileges to the Prime Home database instance user using the following commands: mysql> grant all privileges on _acsname .* to ’ _acsnamedbuser ’@’ acshostname ’ mysql> identified by ’ _acsnamedbpw ’ with grant option; where:
• _acsnamedbuser — Prime Home database instance user
•
•
_acsnamedbpw — Prime Home database instance password acshostname — Name of the Prime Home ACS host.
Install schema definitions from the distribution file distribution-5.1.0.tar.bz2, using the following command:
# tar -O -jxf distribution-5.1.0.tar.bz2 \ database/ddl/im/im.ddl database/ddl/acs/acs-2.3.0.sql | mysql -u_ sampleacs01 -p password -D
_ sampleacs01
The following schema definition files are available in the distribution-5.1.0.tar.bz2 package:
• database/ddl/acs/acs-2.3.0.sql
— Defines the baseline schema for the database
• database/ddl/im/im.ddl
— Defines the schema for the index manager
Cisco Prime Home 5.2 Installation Guide
4-3
Chapter 4 Preparing the Database
Setting Up the MySQL Database
Step 4 Verify whether the Prime Home user can access the database instance from ACS host: a.
b.
Log into the ACS host.
Access the Prime Home database instance using the following command: mysql -u dbuser -p dbuserpw -h dbhost -D _acsname
Observations - MySQL Database Setup
Table 4-1 is a worksheet that you must fill out after you set up MySQL database.
Table 4-1 Worksheet- MySQL Database Setup
MySQL Database Setup Sample Observation db_hostname db_password db_schema db_url db_username clientId db01 acs
_acs jdbc:mysql://dbhost/_acsname acs acshost
Your Observation
For information on the fields listed in worksheet, see
.
4-4
Cisco Prime Home 5.2 Installation Guide
Installing Prime Home
C H A P T E R
5
This chapter explains how to install Prime Home in your network infrastructure. It includes:
•
Installing the Configurator Tool, page 5-1
•
Deploying the Prime Home Configuration, page 5-2
Installing the Configurator Tool
The Configurator tool is provided with the Prime Home installation package, and is used to deploy the
Prime Home configuration from the database server to the ACS host. It is recommended NOT to deploy the configurator on the ACS host, but on a separate host that manages the entire cluster.
The Configurator tool uses:
•
•
SSH keys to create, install, configure, and start the Prime Home components.
An administrator key pair to provide remote access to the ACS hosts. The key pair is placed in the
Prime Home authorized_keys file.
The Prime Home configuration for a specific network is defined using a configuration file. The configuration file is customized based on the network infrastructure and placed on the database server.
See
Deploying the Prime Home Configuration, page 5-2
.
For installing Prime Home, the Configurator tool facilitates running the customized configuration file on the host server.
Some preliminary Do’s and Don’ts follow:
Do Don’t
DO unpack Configurator as the user that will be running Configurator, in a location owned by the user that will be running Configurator.
DO NOT run Configurator as a privileged user.
DO run Configurator on a host that has network access to the database in the cluster configuration.
DO NOT run Configurator on the same host as the database referenced in the cluster configuration.
DO run Configurator in an environment with a functioning SSH Agent. (OS X has very seamless integration of an SSH Agent with key passphrases stored in your Keychain.)
DO NOT run Configurator on the same host as any load balancer (apache) referenced in the cluster configuration.
Cisco Prime Home 5.2 Installation Guide
5-1
Chapter 5 Installing Prime Home
Deploying the Prime Home Configuration
Do
DO make sure the SSH Agent has a key that allows logging in to all load balancers in the cluster configuration.
Don’t
DO NOT run Configurator on the same host as any acs node in the cluster configuration.
DO make sure the SSH Agent has a key that allows logging in to all acs node hosts in the cluster configuration.
To install the Configurator tool:
Step 1
Step 2
Step 3
Step 4
Log into the Configurator host as a non-root user.
Select a local directory (for example, /bin) into which you will place the zipped configurator tool
(provided with the Cisco Prime Home installation package).
Untar and unpack the configurator package into the directory you selected, using the following command:
# tar jxf configurator-5.2.0.0.tar.bz2
Start the installation for the Configurator tool using the following command:
# bin/cv-cluster-manager.sh
Deploying the Prime Home Configuration
The configuration file consists of various fields that you must customize based on the third-party technologies that are available in your network. After you customize the configuration file, you must save it and deploy
Prime Home configuration.
Caution The installation process could fail if the configuration file is not customized accurately, so be careful when making your changes.
To deploy the Prime Home configuration:
Step 1
Step 2
Step 3
Step 4
Log into the configurator host as clearvision.
Retrieve the configuration file template using the following command:
# ..bin/cv-cluster-manager.sh -c instancename -retrieve -mh mongohost > instancename .json
Copy the configuration file template to a file, and modify the instancename.json file based on your network setup.. See
Sample Configuration File, page 5-3
; also see
for descriptions of fields in the configuration file.
On the configurator host, use the configurator tool to apply the updated Prime Home configuration using the following command:
5-2
Cisco Prime Home 5.2 Installation Guide
Chapter 5 Installing Prime Home
Deploying the Prime Home Configuration
# ..bin/cv-cluster-manager.sh -c sampleacs01 -mh sampleMongo -reinstall sampleacs01.json
Sample Configuration File
The following example shows a sample configuration file:
{ "clusterId": "clientname",
"distribution": "file:///path/to/5.2.0.0/prime-home-5.2.0.0-SNAPSHOT.tar.bz2",
"license": { "AllowBulkOperations": "true",
"AllowReportingRole": "true",
"AllowScriptEdit": "true",
"MaxNumberOfSessions": "80",
"SystemUsers": "root,system" },
"loadBalancers": [ {
"hostname": "hostname1",
"loadBalancerId": "http-public-lb",
"location": "/path/to/loadbalancer/installation/httpd",
"nodeIds": ["primary","secondary"],
"type": "apache",
"url": "hostname1.fqdn",
"user": "clearvision" },
{ "hostname": "hostname2",
"loadBalancerId": "http-public-cpe",
"location": "/path/to/loadbalancer/installation/httpd",
"nodeIds": ["primary","secondary"],
"nodeCookiePath": "/prime-home",
"nodePath": "/prime-home/tr-069",
"type": "apache",
"url": "10.1.1.32",
"user": "clearvision" },
{ "hostname": "hostname1",
"loadBalancerId": "http-private-hostname1",
"location": "/path/to/loadbalancer/installation/httpd",
"nodeIds": ["primary"],
"nodeCookiePath": "/prime-home",
"nodePath": "/prime-home",
"nodePortProperty": "ports_tc_ajp_internal",
"port": "81",
"type": "apache",
"url": "acs-ui.fqdn",
"user": "clearvision" },
{ "hostname": "hostname2",
"loadBalancerId": "http-private-hostname2",
"location": "/path/to/loadbalancer/installation/httpd",
"nodeIds": ["secondary"],
"nodeCookiePath": "/prime-home",
"nodePath": "/prime-home",
"nodePortProperty": "ports_tc_ajp_internal",
"port": "81",
"type": "apache",
"url": "acs-cpe.fqdn",
"user": "clearvision" } ],
"nodes": [{
"hostname": "hostname1",
"location": "/home/clearvision/name",
"nodeId": "primary",
"properties": {
"base_port": "8240",
"catalina_logDir": "/var/log/cisco/cph",
"catalina_logNamePrefix": "catalina-primary.",
"clearprobe_rrd_directory": "/var/log/cisco/cph/rrd",
"log4j_logFile": "/var/log/cisco/cph/acs.log",
"tc_route": "tomcat1",
Cisco Prime Home 5.2 Installation Guide
5-3
Chapter 5 Installing Prime Home
Deploying the Prime Home Configuration
"uuid": "12345f36-d5ca-3834-805b-4e7fe35d4b67" },
"user": "clearvision" },
{ "hostname": "hostname2",
"location": "/home/clearvision/name",
"nodeId": "secondary",
"properties": {
"base_port": "8240",
"catalina_logDir": "/var/log/cisco/cph",
"catalina_logNamePrefix": "catalina-secondary.",
"clearprobe_rrd_directory": "/var/log/cisco/cph/rrd",
"log4j_logFile": "/var/log/cisco/cph/acs.log",
"tc_route": "tomcat2",
"uuid": "196e4f36-f5e0-3036-025d-4e5fe3738eff"
},
"user": "clearvision"
}],
"overlays": ["file:///path/to/mysql-connector-java-5.1.21-overlay.tar.bz2"],
"properties": {
"clientId": "clientname",
"clearsight_enabled": "true",
"clearsight_eventHost": "hostname1",
"clearsight_audit_avro_host": "localhost",
"clearsight_audit_avro_port": "12346",
"clearsight_audit_logMongoUri":
"mongodb://db,hostname1,hostname2/cv.audit.log?replicaSet=clientname",
"db_hostname": "dbhostname",
"db_password": "dbpassword",
"db_schema": "dbschemaname",
"db_username": "dbusername",
"jms_brokerUrl": "nio://hostname1:7401",
"smtp_host": "smtp",
"solr_url": "http://hostname2:7700/apache-solr-3.5.0/clientname",
"taze_broker_maxConnections": "8",
"taze_broker_url": "nio://hostname2:7401",
"taze_enabled": "false",
"url_user_internal_root": "http://hostname2:81/prime-home",
"externalAuthentication_configPropertiesLocation": "customer.ldap.xml"
}
}
Node UUIDs must be unique within a cluster. They can be created using the “uuidgen” command-line tool.
Table 5-1 provides field descriptions for the configuration file.
Table 5-1
Field clusterId distribution
Configuration File Field Descriptions
Description
Enter the ID for the Prime Home ACS cluster. The clusterId field acts as the identifier for the entire Prime Home package. For example, the cluster ID can be specified as production, QA, development, and so on. A cluster can have up to 10
Prime Home instances.
Enter the location of the updated tar.bz2 file on the ACS host server. The filename contains a version number and a time stamp.
The distribution field is a URI and can be specified as a file, http location, or ftp location. The distribution is downloaded from the URI each time you use the -update command.
5-4
Cisco Prime Home 5.2 Installation Guide
Chapter 5 Installing Prime Home
Deploying the Prime Home Configuration
Table 5-1 Configuration File Field Descriptions (continued)
Field license
Description
Enter the license details. The license provides the information on the license acquired, available features, and the number of allowed sessions for Prime Home.
loadbalancers Enter the information for the load balancer setup. The Apache web server is the load balancer for the Prime Home platform. The load balancer instances help you to determine access points for Prime Home. The access points can be for public, private, and secured access to Prime Home.
• hostname — Enter the name of the host on which the load balancer is available.
The configurator tool connects to this host for placing the apache configuration file. For details, see your observations in
.
• Location — Enter the location of the home directory in which the load balancer is installed, and the load balancer configuration is deployed. For details, see your observations in
•
•
•
•
•
LoadBalancerID — Enter the load balancer instance ID. The load balancer instances provide the access points for Prime Home. The access points are public, private, and secured. For details, see your observations in
.
nodeIds—Enter the node IDs. The node ID is the name of the node, and acts as
an identifier for the node. For details, see your observations in Table 3-3 .
Type — Enter the load balancer type; for example, Apache.
URL—Enter the URL for the load balancer setup. The external clients use this
URL to reach load balancer. This URL defines the vhost entry, and is critical to set it correct. For this URL, ensure that the corresponding DNS entry for the
http-public clients must exist. For details, see your observations in Table 3-3 .
User—Enter the username for accessing the load balancer setup. For details, see your observations in
.
Cisco Prime Home 5.2 Installation Guide
5-5
Deploying the Prime Home Configuration
Table 5-1
Field nodes
Chapter 5 Installing Prime Home
Configuration File Field Descriptions (continued)
Description
Enter the information to configure nodes in the Prime Home ACS cluster:
• hostname—Enter the name of the host on which the ACS node is available. The
Prime Home tomcat runs on this host. For details, see your observations in
.
•
•
•
•
Location—Enter the location of the directory into which the ACS will be deployed on this node. This directory exists on the ACS host, and consists of the
Prime Home configurations. For details, see your observations in
.
nodeId—Enter the node ID. The node ID is the name of the node, and acts as an identifier for the node. For details, see your observations in
.
log4j_logFile—Enter the location of the log file for the ACS node. For details, see your observations in
.
Ports—Enter the port information for the AJP and HTTP facilities. Prime Home and the Apache server use these ports to communicate. If Apache and
Prime Home are on separate servers, set up firewall rules for communication between them. For details, see your observations in
•
•
•
• uuid—Enter the uuid that you have generated while setting up Apache web server. The uuid is generated using the system command, uuidgen . For details, see your observations in
.
clearprobe_rrd_directory — Enter the location of the Round Robin Database
(RRD) directory for the ACS node. The RRD directory is used to store the network monitoring data, and helps to display the monitoring results. For details, see your observations in
.
catalina_logDir — Enter the location of the logs directory where the Apache
Tomcat logs are stored. For details, see your observations in Table 3-3 .
catalina_logNamePrefix — Enter the name of the log file for Apache Tomcat
server. For details, see your observations in Table 3-3 .
•
•
•
•
•
ClientId—Enter the client ID that identifies the entire cluster. You can enter the client ID based on your network infrastructure. For details, see your observations in
db_username—Enter the name of the user who accesses the MySQL database for modification. The db_username can also be a load balancer host in a high availability installation. For details, see your observations in
.
db_password — Enter the password that is used to access the database to make
changes. For details, see your observations in Table 4-1 .
db_schema—Enter the schema for the database. For details, see your observations in
Jms_brokerURL—Enter the URL of the ActiveMQ that is the messaging system.
In a high availability installation, enter the URL for the load balancer. For details, see your observations in Table 3-6 .
5-6
Cisco Prime Home 5.2 Installation Guide
Chapter 5 Installing Prime Home
Table 5-1
Field nodes
(continued)
Deploying the Prime Home Configuration
Configuration File Field Descriptions (continued)
Description
• Smtp_host — Enter the SMTP host details. This field is used to set the SMTP host for sending and receiving e-mails. This field is set only if Prime Home is to be configured with an e-mail facility. The SMTP host can be an e-mail server or the local host.
•
•
•
•
•
Solr_URL—Enter the URL of Apache Solr component. For details, see your observations in
taze_broker_maxConnections—Enter the maximum connections available for
Cisco Taze server. For details, see your observations in
taze_broker_url—Enter the URL of the Cisco Taze server. For details, see your observations in
taze_enabled—Enter True to enable Cisco Taze services, and False to disable them. For details, see your observations in
URL_user_internal_root—Enter the URL for Prime Home internal communication. This URL is constructed using the ACS cluster node, and is specified for private connection. For details, see your observations in
Cisco Prime Home 5.2 Installation Guide
5-7
Deploying the Prime Home Configuration
Chapter 5 Installing Prime Home
5-8
Cisco Prime Home 5.2 Installation Guide
C H A P T E R
6
Next Steps
This chapter describes Prime Home post-installation tasks. It includes:
•
Bandwidth Monitoring Function Setup, page 6-1
•
Bandwidth Monitoring Function Setup
The Bandwidth Monitoring function allows you to monitor the upstream and downstream data traffic for all home devices connected to the CPE. The CPE acts as a gateway for the Prime Home platform to manage the home devices.
Cisco can help you to set up the Bandwidth Monitoring function in Prime Home.
provides component descriptions that you will find helpful when you set up the Bandwidth
Monitoring function in Prime Home:
Table 6-1 Components Needed for Bandwidth Monitoring Function Setup
Components
Bandwidth Monitoring collector
Bandwidth Monitoring application
Description
The Bandwidth Monitoring collector accumulates the upstream and downstream UDP NetFlow data received from the Prime Home Plus client, and stores this data in MongoDB.
The Prime Home Plus client runs on the CPE, and monitors the bandwidth usage of the devices behind the CPE.
The Bandwidth Monitoring collector uses the standard port
2055 for data collection, and must be deployed on a separate host server.
The Bandwidth Monitoring application helps you to configure the Prime Home Plus client that monitors the bandwidth usage of the devices behind the CPE. The Prime Home Plus client runs on the CPE, and provides the synchronization service with the Bandwidth Monitoring application.
You can install the Bandwidth Monitoring application on the
Prime Home host server using the Northbound Interface
(NBI).
Cisco Prime Home 5.2 Installation Guide
6-1
GUI Access
Chapter 6 Next Steps
Table 6-1
Components
MongoDB
Components Needed for Bandwidth Monitoring Function Setup (continued)
Web Services for Bandwidth
Monitoring collector
Prime Home Plus client
Description
Mongo DB acts as a round robin database for CPEs. A specific database instance is created in MongoDB for a CPE. The
Bandwidth Monitoring collector dispatches the upstream and downstream data received from the Prime Home Plus client to the MongoDB. This data is stored at the database instance created for the CPE.
For information on how to set up MongoDB, see Setting Up a
.
Web services are used to retrieve upstream and downstream data from the Bandwidth Monitoring collector. The web services are hosted on a separate server, and you can access them using web services clients.
The Prime Home Plus client is integrated with the CPE to facilitate managing the CPE from the Prime Home platform.
Value-added extensions such as Bandwidth Monitoring and
Home Parental Controls are also integrated with the CPE.
To support the Bandwidth Monitoring function, Cisco provides the required drivers for Prime Home Plus client.
GUI Access
Prime Home functionalities are available based on the privileges assigned to the user. When the user logs into Prime Home with the appropriate username and password, Prime Home runs with the functionalities mapped to the user account.
For information on how to log into the Prime Home GUI, see the Cisco Prime Home 5.2 User Guide .
Prime Home users can be categorized as follows:
• CSR—The privileges assigned to the CSR are limited to accessing the subscriber’s network and troubleshooting the CPEs remotely. The Prime Home functions available to the CSR may vary based on the network infrastructure. For example, if the SMTP service is configured in Prime Home, the
CSR is allowed to send e-mails to the subscriber.
•
•
Administrator — All privileges are available to the administrator. In addition to having access to all
CSR functions, administrators can also configure the Prime Home platform using various functions such as adding users, adding custom labels, running reports and activity audits, managing CPE firmware updates, and so on.
Subscriber — The privileges assigned to subscribers are limited to parental controls only. Subscribers have access to a Control Panel, which is used for profile-based content filtering, Internet blocking, and managing wireless devices connected to the modem.
• Custom user—The Prime Home platform allows you to configure user privileges based on your staffing model. Custom users can be configured in Prime Home with access to features that you choose. Contact Cisco to configure custom users with additional roles.
For information on CSR, administrator, and subscriber functions in Prime Home, see the Cisco Prime
Home 5.2 User Guide .
6-2
Cisco Prime Home 5.2 Installation Guide
advertisement
Related manuals
advertisement