Cisco Prime Home Installation Guide

Cisco Prime Home 5.2 Installation Guide

September 2014

Cisco Systems, Inc.

www.cisco.com

Cisco has more than 200 offices worldwide.

Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this

URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental..

© 2014 Cisco Systems, Inc. All rights reserved.

C H A P T E R

1

C H A P T E R

2

C H A P T E R

3

C H A P T E R

4

C H A P T E R

5

C O N T E N T S

Installation Overview

1-1

Product Overview

1-1

Deployment Variants

1-2

Licensing Requirements

1-2

Prime Home Components

1-2

Network Infrastructure Setup

1-4

Installation Requirements

2-1

Prerequisites

2-1

System Requirements

2-1

Preparing for Installation

3-1

Configuring the RHEL Platform

3-1

Setting Up the Apache Web Server

3-6

Setting Up a MongoDB Server

3-9

Installing and Configuring a MongoDB Server

3-9

Creating Replica Sets for MongoDB

3-10

Setting Up Apache Solr

3-11

High Availability Setup

3-14

Setting Up Cloudera Flume

3-15

Setting up Cisco Taze

3-18

Preparing the Database

4-1

MySQL Database

4-1

Setting Up the MySQL Database

4-1

Creating a MySQL Database Instance for Prime Home

4-3

Installing Prime Home

5-1

Installing the Configurator Tool

5-1

Deploying the Prime Home Configuration

5-2


3

Contents

C H A P T E R

6

Next Steps

6-1

Bandwidth Monitoring Function Setup

6-1

GUI Access

6-2

4


C H A P T E R

1

Installation Overview

This chapter provides an overview of Prime Home, and describes Prime Home availability, deployment variants, licensing requirements, and installation components.

This chapter includes the following sections:

•

•

•

•

•

Product Overview, page 1-1

Deployment Variants, page 1-2

Licensing Requirements, page 1-2

Prime Home Components, page 1-2

Network Infrastructure Setup, page 1-4

Product Overview

Prime Home is a network management solution that helps you to manage the devices available in the subscriber’s home network. The managed devices connect to the Prime Home platform, which can provision, configure, and monitor the devices, and perform firmware upgrades. Prime Home also provides a parental control facility for subscribers to allow or block websites based on their usage. For

Customer Service Representatives (CSRs), Prime Home provides a simulated view of the subscriber’s network to help them monitor devices and perform troubleshooting operations.

Prime Home deployment varies based on the components available in your network infrastructure, and can be scaled to suit networks of virtually any size.

Prime Home is available as a hosted solution and an onsite solution.

Hosted Prime Home

The hosted Prime Home solution involves setting up Prime Home in a cloud environment, where users are given access to Prime Home. A dedicated server space is allocated to the user based on the license, and the license governs the number of users who can access Prime Home simultaneously. Service providers can ask Cisco to monitor the performance of Prime Home for their network setup, and provide maintenance support.

Onsite Prime Home

The onsite Prime Home solution involves setting up Prime Home in the service provider’s network. The service provider manages all of Prime Home, including database setup and server space management.

The number of users who can access Prime Home simultaneously depends on the license acquired by the service provider. The onsite Prime Home solution provides the flexibility to customize third-party components based on Prime Home usage.


1-1

Chapter 1 Installation Overview

Deployment Variants

Deployment Variants

The Prime Home platform can be deployed as the following variants:

• Multiple node—Multiple node deployment is recommended for medium-scale organizations with fewer than 500,000 devices. For multiple node deployment, the Prime Home platform and database are configured on separate servers.

• High Availability—High Availability deployment is recommended for large-scale organizations with more than 500,000 devices. For High Availability deployment, a load-balanced failover system is set up with replicated system components.

Licensing Requirements

The license determines the maximum number of Prime Home sessions allowed, and which Prime Home features are available. For more information on Prime Home licensing, see the Cisco Prime Home 5.2

User Guide .

Prime Home Components

Prime Home installation requires setting up the Automated Configuration Service (ACS) node. When the CPE boots up, it communicates with the ACS node to get the initial configuration. The ACS node facilitates provisioning and configuring the CPE based on the firmware rules defined in the applicable firmware version.

Note The term ACS used in this document means Automated Configuration Service as described in the

Broadband Forum TR-069 specification.

Table 1-1

describes the network components involved in an onsite Prime Home solution.

Table 1-1 Prime Home Components

Component

ActiveMQ

Apache Solr

Description

Open source messaging platform that facilitates sending Java messages and acts as a message queue for Prime Home. Multiple instances of ActiveMQ can be set for Prime Home to serve the

ACS GUI.

Document repository where you store database indexes. Solr allows you to run the Prime Home GUI with rapid access to all of the data. Instead of directly accessing the database, Solr accesses the index manager and retrieves the data in XML format. In High Availability setup, Solr must be configured in a primary-secondary environment to support Prime Home. For more information on how to set up Apache Solr, see

Setting Up

Apache Solr, page 3-11 .

1-2



Prime Home Components

Table 1-1

Apache Tomcat

ACS CPE

ACS UI

Cloudera Flume

MongoDB

Prime Home Components (continued)

Component

(Optional) Session Traversal

Utilities for NAT (STUN)

Apache web server

Description

Allows a server to communicate with devices behind a firewall.

STUN is needed only when you do not have a direct network route to the device. In a hosted Prime Home setup, the server is located in a Cisco data center and might not have direct access to your network. With onsite Prime Home, you can set up routing within your network.

You can deploy Cisco Taze, which provides STUN functionality.

For more information on how to set up Cisco Taze, see

Setting up Cisco Taze, page 3-18 .

Provides standard HTTP services and helps in setting up the

Prime Home host in public, private, and secured mode. For more information on how to set up the Apache server, see

Setting Up the Apache Web Server, page 3-6

.

Java container platform for Prime Home. Tomcat provides an open-source implementation of the Java servlet and Java server technologies. For more information on how to configure Apache

Tomcat, see

Setting Up the Apache Web Server, page 3-6 .

Facilitates configuring and provisioning the CPEs. The ACS

CPE component also provides API service, which is used to discover data from CPEs for performance management. The

ACS CPE component is used to apply a specific configuration on the CPE.

Enables CPEs to retrieve the initial configuration and firmware rules. When the CPE boots up and contacts the ACS UI, the

CPE-responder component sends the initial configuration to the

CPE. The ACS UI also provides a simulated view of the subscriber’s network from the Prime Home GUI and the Control

Panel for subscribers.

Provides data transport between Prime Home and the data store.

For more information on how to set up Cloudera Flume, see

Setting Up Cloudera Flume, page 3-15 .

Document storage solution for Prime Home. Prime Home supports configuring multiple instances of MongoDB for document storage. For more information on how to set up the

MongoDB server, see

Setting Up a MongoDB Server, page 3-9

.

Figure 1-1 describes the interaction between the Prime Home components.


1-3

Network Infrastructure Setup

Figure 1-1 Interaction Between Prime Home Components



Prime Home deployment depends on the network infrastructure, and may vary based on the components available in the network.

The network infrastructure for installing Prime Home involves configuring the following components:

• RHEL 6.x on the ACS host, MySQL database server, and all the third-party component servers. For information on how to configure RHEL 6.x, see

Configuring the RHEL Platform, page 3-1

.


1-4



•

•

Apache web server, ActiveMQ, Apache Solr, ACS core, Cloudera Flume, MongoDB, and Cisco

Taze. For more information on how to set up these network components, see

Chapter 3, “Preparing for Installation.”

MySQL database application on the database server, and creating the required database instance for

Prime Home. For information on preparing the database, see

Chapter 4, “Preparing the Database.”


1-5



1-6


Installation Requirements

C H A P T E R

2

This chapter provides the prerequisites and system requirements for installing Prime Home.


•

•

Prerequisites, page 2-1

System Requirements, page 2-1

Prerequisites

To install Prime Home, you must meet the following prerequisites:

•

•

•

The ACS servers to host Prime Home components must be available.

The MySQL database server must be available.

The media for the Prime Home software package must be available. Cisco provides the media for

Prime Home, which consist of two zipped tar files:

– Configuration file or distribution file—Provides the Prime Home application and the required tools to use it. For example, the configuration file provides the database schema. You can use this file to customize Prime Home based on your network infrastructure. See

Deploying the

Prime Home Configuration, page 5-2

.

– Configurator tool—Use this tool to set up Prime Home and retrieve the Prime Home configuration from the configuration file on the ACS host server. See

Installing the Configurator

Tool, page 5-1 .

System Requirements

Table 2-1

lists the minimum system requirements to install Prime Home. These requirements are for planning purposes only, and might vary based on your network infrastructure.

Table 2-1 System Requirements

Requirement

Type Multiple Node

Load Balancer None

Prime Home Deployment

High Availability

Two load balancers


2-1

Chapter 2 Installation Requirements


Table 2-1

Requirement

Type

Server

System

Requirements

System Requirements (continued)

Multiple Node

One ACS server—For the

Prime Home Host



Two ACS servers—For the Prime Home host

Two database servers—For the MySQL database One database server—For the

MySQL database

ACS server:

•

•

Operating system—RHEL v6.1

Processor—6 to 8 cores

ACS server:

•

•

Operating system—RHEL v6.1

Processor—Either of the following with speed above 2.5 GHz:

•

•

•

RAM (DIMMs)—16 GB

Fiber disk—10,000 RPM

• Database storage—300 GB

Database server:

• Operating system—RHEL v6.1

Processor—6 to 8 cores

•

•

–

–

8 Intel CPU cores

12 AMD CPU cores

RAM (DIMMs)—Minimum 24 GB (over

32 GB preferred)

RAID controller with 1 GB battery-backed, write-through cache

•

•

•

RAM (DIMMs)—32 GB or 48

GB in production

Database storage—300 GB

Fiber disk—10,000 RPM

• Networking—Two NICs:

– NIC 1—Dedicated external connectivity

– NIC 2—Dedicated intraserver connectivity

Database storage—300 GB •

Database server:

• Operating system—RHEL v6.1

• Processor—Either of the following with speed above 2.5 GHz:

– 8 Intel CPU cores

•

•

•

•

– 12 AMD CPU cores

RAM (DIMMs)—Minimum 24 GB (over

32 GB preferred)

RAID controller with 1 GB battery-backed, write-through cache

Networking—Two NICs:

–

–

NIC 1—Dedicated external connectivity

NIC 2—Dedicated intraserver connectivity

Database storage—Above 500 GB

2-2




Table 2-1

Requirement

Type

System

Requirements

(continued)

System Requirements (continued)

Multiple Node



Load balancer:

•

•

HTTP transactions/sec (TPS)—1,000

Maximum SSL TPS—500


2-3



2-4


Preparing for Installation

C H A P T E R

3

This chapter describes the tasks to be performed before you install Prime Home. Prime Home installation depends on various third-party components. You need to set up these components prior to installing Prime Home in your network infrastructure.


•

•

•

•

•

Configuring the RHEL Platform, page 3-1

Configurator Environment Preparation, page 3-6

Setting Up the Apache Web Server, page 3-7

Setting Up a MongoDB Server, page 3-11

•

•

Setting Up Apache Solr, page 3-13

Setting Up Cloudera Flume, page 3-14

Setting up Cisco Taze, page 3-18

Configuring the RHEL Platform

The Red Hat Enterprise Linux (RHEL) operating system is installed on the ACS hosts and database server with the following specifications:

• The SSH access must be set up for Prime Home user for remote installation of Prime Home.

• The appropriate file system must be set up to support Prime Home installation.

Table 3-1

describes the minimum disk space required for the file system.

Table 3-1 File System Size

File System

/opt

/var

/home—Only for ACS hosts

/data—Only for database server

Minimum Size

64 GB

128 GB

128 GB

256 GB


3-1

Chapter 3 Preparing for Installation


Note The /data file system should be an EXT4 file system if the server is hosting MySQL. It is used for MongoDB or MySQL data storage.

After you install RHEL, you must configure the RHEL platform to support Prime Home installation.

To configure the RHEL platform:

Step 1

Step 2

Step 3

Step 4

Step 5

Log into the ACS host and database server as root.

Modify the config file to disable SELinux using the following commands:

# perl -p -i -e 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config

# perl -p -i -e 's/^SELINUXTYPE=.*$/SELINUXTYPE=targeted/g' /etc/selinux/config

The config file controls the state of SELinux on the system. In this file, set the value of SELINUX to disabled and SELINUXTYPE to targeted.

Reboot the ACS host and database server using the following command:

# reboot

Wait for 30 seconds and re-login to the ACS host and database server.

On the ACS host, create the Prime Home user account using the following command:

# useradd -c "Prime Home User" -m -G wheel clearvision

The configurator tool uses the Prime Home user account to log into the load balancer and application server nodes, and install the necessary components on the host servers.

Step 6

Step 7

Configure the Sudo facility on the ACS host: a.

Open the vi editor using the following command:

# visudo b.

Comment out the requiretty default using the following command:

# Defaults requiretty c.

d.

Add the PATH variable to the new environment:

...

Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Defaults env_keep += "PATH"

...

Disable the password prompts for the clearvision user using the following command: clearvision ALL=(ALL) NOPASSWD: ALL

Configure the SSH keys on the ACS host:

Note •

•

The SSH keys are generated on an administrative system, and their public keys are loaded onto the

ACS host. This allows the administrative system to perform an SSH access into the ACS host, and get authenticated by the public keys instead of a password. The configurator tool uses this SSH facility to connect to the ACS host, and configure the Prime Home components.

The administrative system user should not use a blank password for SSH keys.

3-2



Configuring the RHEL Platform a.

Generate the SSH key pair on the administrative system using the following commands:

# ssh-keygen -t rsa -b 2048 -C "<User/Identifying Comment>" -f ~/.ssh/id_rsa

# chmod 700 ~/.ssh

# chmod 600 ~/.ssh/id_rsa b.

Set up agent on the administrative system using the following commands:

# exec ssh-agent bash -l

# ssh-add c.

Set up public or private key login on the ACS server using the following command:

# ssh clearvision@ACSHOST "mkdir -p ~/.ssh; touch ~/.ssh/authorized_keys; chmod 700

~/.ssh; chmod 600 ~/.ssh/authorized_keys; echo \"`cat ~/.ssh/id_rsa.pub`\" >>

~/.ssh/authorized_keys"

You can also log into the ACS host and copy the SSH keys if the following conditions are met:

•

•

SSH agent is running

SSH agent forwarding is enabled on the ACS host

• Remote .ssh directory already exists

To log into the ACS host and copy the SSH keys, run the following commands:

# ssh clearvision@acshost

# ssh-add -L >> ~/.ssh/authorized_keys

# chmod 600 ~/.ssh/authorized_keys

Note Ensure that the administrative SSH public keys are distributed to all Apache and Prime Home nodes. Repeat this step to distribute SSH keys to all the Apache and Prime Home nodes in your network infrastructure.

Step 8 On the ACS host and database server, configure OS limits and sysctl using the following commands:

# echo '# DO NOT USE' > /etc/security/limits.d/90-nproc.conf

# perl -p -i -e 's/^net\.ipv4\.tcp_syncookies[ \t]=.*$/net.ipv4.tcp_syncookies = 0/g'\

/etc/sysctl.conf

# cat <<EOF > /etc/security/limits.conf

* soft nofile 8192

* hard nofile 16384

* soft data unlimited

* hard data unlimited

* soft stack unlimited

* hard stack unlimited

* soft rss unlimited

* hard rss unlimited

* soft nproc 32768

* hard nproc 65535

EOF

Note The OS limits are configured for the Prime Home components to improve the host’s performance. For a heavily loaded system with single server deployment, configure the OS limit and sysctl as described in this step.


3-3



Step 9 Configure time on the ACS host and database server: a.

Modify the /etc/sysconfig/clock file using the following command:

# perl -p -i -e 's/^ZONE=.*$/ZONE=UTC/g' /etc/sysconfig/clock b.

Change the system link using the following command:

# ln -sf /usr/share/zoneinfo/UTC /etc/localtime c.

Enable the time setting using the following commands:

# ntpdate pool.ntp.org

# chkconfig ntpd on

# service ntpd start

Note In virtualized environment, if the ACS host server uses Network Time Protocol (NTP) and the clock is synchronized with guest virtual machines, the installation of NTP is not required on the guest virtual machines.

Step 10 Configure iptables for the ACS host server:

Note It is assumed that em2 is the internal NIC and em1 is the external NIC on the host server.

a.

Modify the /etc/sysconfig/iptables file using the following command:

# vi /etc/sysconfig/iptables b.

Set the parameters as follows:

– UDP for STUN — 3478 or 3479

–

–

TCP for ActiveMQ — 7400

TCP for Solr — 7700

– To support validation of configurator ports for Apache or Tomcat TCP ports, add the following:

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -i em2 -j ACCEPT

-A INPUT -i em1 -p tcp -m tcp --dport 80 -j ACCEPT



-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT c.

If IPv6 support is available, add the following to the /etc/sysconfig/ip6tables file:

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]


3-4



-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p ipv6-icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -i em2 -j ACCEPT




-A INPUT -m state --state NEW -m tcp -p tcp --dport 8161 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp6-adm-prohibited

-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited

COMMIT

Step 11 On the ACS host and database server, remove the default RHEL platform packages using the following command:

# yum -y erase java-*-openjdk libgcj mod_perl mod_wsgi

Step 12 Configure Java for the ACS host and database server: a.

Download the 64-bit Java7 jdk RPM version; jdk-7u67-linux-x64-rpm.bin, from http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

.

b.

Install Java7 jdk using the following command:

# rpm -Uvh jdk-7u67-linux-x64.rpm

c.

Verify the Java version using the following command:

# java -version d.

Add the Sun JDK to /etc/alternatives file using the following command:

# alternatives --install /usr/bin/java <path_to_JDK_bin/java> 20000

Step 13 On the ACS host and database server, install RHEL platform packages for Prime Home using the following commands:

# yum install screen telnet logwatch lynx

The next stage is to run the configurator.

Note To improve the backup capability of the host, you can also install the pigz package, along with the lbzip2 or pbzip2 package.

Observations - RHEL Setup

Table 3-2

is a worksheet that you must fill out after you configure RHEL on the ACS host server and database server.

Table 3-2

RHEL Setup

Worksheet - RHEL Setup

Prime Home host user or ACS host user

Prime Home host password or

ACS host password

Sample Observation Your Observation clearvision clearvision


3-5


Configurator Environment Preparation

Configurator Environment Preparation

The configurator must be run as a non-root user with RVM installed as that user with an active Ruby

2.1.0 environment.

Running Configurator on CentOS 6

Prerequisites

Step 14

EPEL

RVM requires some libraries that are not present in the CentOS repositories, so the EPEL YUM repository must be installed before running Configurator.

Download and install the latest version of the epel-release package: http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Note: The MySQL client library must be installed prior to running Configurator, so that the mysql2 gem used by the migrations project can link with it successfully. It does not matter which version of the client library and development headers are used.

If MySQL 5.5 is available:

# sudo yum install MySQL-devel MySQL-shared

Step 15 If MySQL 5.5 is not available

# sudo yum install mysql-devel mysql-shared

RVM Installation and Environment Setup

Step 1 Install RVM as the non-root user that will be executing Configurator: curl -sSL https://get.rvm.io | bash -s stable

Step 2

Step 3

Follow the instructions printed by the RVM installation process.

Use RVM to install Ruby 2.1.0, again as the non-root user that will be executing Configurator: rvm install 2.1.0

rvm use 2.1.0 --default

Note: If a Ruby 2.1.0 RVM environment already existed, make sure to upgrade the Bundler gem to at least version 1.6.0: gem install bundler

Running Configurator on Mac OS X

Prerequisites

Homebrew

3-6



Setting Up the Apache Web Server

Homebrew is used to install MySQL and its library in /usr/local where it can be found by the mysql2 gem build process.

Step 1 Install Homebrew: ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"

Step 2 Verify that Homebrew is functioning and address all issues reported: brew doctor

Step 3

Step 4

Do not proceed until brew doctor reports "Your system is ready to brew."

Use Homebrew to install MySQL: brew install mysql

Note: The Homebrew formulae for specific versions of MySQL do not link the library and headers in

/usr/local, which will cause errors when attempting to execute migrations. You must use the formula for the latest version of MySQL when using Homebrew to install MySQL on OS X.

RVM Installation and Environment Setup

Step 1 Install RVM as the non-root user that will be executing Configurator: curl -sSL https://get.rvm.io | bash -s stable

Step 2

Step 3

Follow the instructions printed by the RVM installation process.

Use RVM to install Ruby 2.1.0, again as the non-root user that will be executing Configurator: rvm install 2.1.0

rvm use 2.1.0 --default

Note: If a Ruby 2.1.0 RVM environment already existed, make sure to upgrade the Bundler gem to at least version 1.6.0: gem install bundler


The Apache web server acts as a proxy server, and is used to redirect northbound requests to the correct components in Prime Home. The Apache web server is deployed in the network infrastructure to provide the following functionalities for Prime Home:

•

•

•

Direct the CPE, API, and Prime Home UI requests to the correct service port in the Prime Home platform’s Tomcat container.

Provide a simple means of managing SSL certificates for Customer Premises Equipment (CPE) and

Prime Home web URLs.

Limit the Prime Home platform access during maintenance, and allow the maintenance activity to be tracked.


3-7



You can analyze the log files of the Apache web server to determine CPE behavior and ACS performance.

Note SSL certificates are loaded in the Apache web server with specific certificate keys. You must restart the

Apache web server when a new certificate key is added. If the certificate is renewed and the associated certificate key is unchanged, only a reload of Apache web server is needed.

The Apache web server is installed on the ACS host.

To set up the Apache web server:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Log into the ACS host as root.

Install Apache httpd using the following command:

# yum install httpd mod_ssl

Remove the Perl and WSGI module of the Apache web server using the following command:

# yum erase mod_perl mod_wsgi

Delete the php.conf file using the following command:

# rm -f /etc/httpd/conf.d/php.conf

Modify the /etc/httpd/conf/httpd.conf configuration file using the following commands:

# perl -p -i -e 's/^Timeout .*$/Timeout 360/g' /etc/httpd/conf/httpd.conf

# perl -p -i -e 's/^KeepAlive .*$/KeepAlive On/g' /etc/httpd/conf/httpd.conf

# perl -p -i -e 's/^MaxKeepAliveRequests .*$/MaxKeepAliveRequests 1000/g'

/etc/httpd/conf/httpd.conf

# perl -p -i -e 's/^KeepAliveTimeout .*$/KeepAliveTimeout 300/g'


# sed -n '1h;1!H;${;g;s/<IfModule prefork.c>[^<]*</<IfModule prefork.c>\nStartServers

20\nMinSpareServers 20\nMaxSpareServers 50\nServerLimit 1024\nMaxClients

768\nMaxRequestsPerChild 0\n</g;p;}' /etc/httpd/conf/httpd.conf >

/etc/httpd/conf/httpd.conf.temp

# sed -n '1h;1!H;${;g;s/<IfModule worker.c>[^<]*</<IfModule worker.c>\nStartServers

5\nMaxClients 750\nMinSpareThreads 25\nMaxSpareThreads 75\nThreadsPerChild

25\nMaxRequestsPerChild 0\n</g;p;}' /etc/httpd/conf/httpd.conf.temp >


# rm -f /etc/httpd/conf/httpd.conf.temp

Depending upon the expected load, the worker may be the preferred worker at higher loads.

Create the directory, home/clearvision/vhosts, on the Apache web server using the following commands:

# mkdir -p /home/clearvision/vhosts

# chown clearvision /home/clearvision/vhosts

Note You have to specify the location of this directory in the Prime Home configuration file.

Step 7

Ensure that the appropriate permissions are provided to the Prime Home user to access this directory.

Include the directory, home/clearvision/vhosts, in the httpd.conf file using the following commands:

# perl -p -i -e 's/^Include \/home\/clearvision\/vhosts.*$//g' /etc/httpd/conf/httpd.conf

# perl -p -i -e 's/^Include conf\.d\/\*\.conf.*$/Include conf\.d\/\*\.conf\nInclude

\/home\/clearvision\/vhosts\/\*\.conf/g' /etc/httpd/conf/httpd.conf

# perl -p -i -e 's/^Listen 81$//g' /etc/httpd/conf/httpd.conf


3-8



Step 8

# perl -p -i -e 's/^Listen 80$/Listen 80\nListen 81/g' /etc/httpd/conf/httpd.conf

Create the /etc/httpd/conf.d/proxy.conf file. The proxy.conf file enables NameVirtualHosts to route requests correctly. Set the proxy.conf file as follows:

# Proxy Config cat <<EOF > /etc/httpd/conf.d/proxy.conf

<IfModule mod_proxy.c>

ProxyRequests Off

<Proxy *>

AddDefaultCharset off

Order deny,allow

Deny from all

Allow from all

</Proxy>

# Enable/disable the handling of HTTP/1.1 "Via:" headers.

# ("Full" adds the server version; "Block" removes all outgoing Via: headers)

# Set to one of: Off | On | Full | Block

ProxyVia On

ProxyTimeout 300

NameVirtualHost *:80

NameVirtualHost *:443

</IfModule>

EOF

Step 9

Step 10

Remove the _default_ virtual host section in /etc/httpd/conf.d/ssl.conf file.

Test the configuration using the following command:

# apachectl -t

You may ignore the warnings received for no virtual host existence. The configurator adds these virtual hosts in the Prime Home setup.

Note The apachectl -t command can only check syntax errors. If you have specified incorrect file paths or missing files, the error can be detected only during runtime.

Step 11 If the configuration is correct, start the httpd service using the following command:

# service httpd start

Step 12 If new SSL private keys are defined in the new configuration file, restart the httpd service using the following command:

# service httpd restart

Step 13 Verify the location of the log files and vhost files:

• /var/log/httpd/<acsname>.log

— Log file for user interface NBI

•

•

/var/log/httpd/<acsname>.cpe.log

— Log file for CPE responder

/home/clearvision/vhosts/hostname/ — Directory where the configurator-generated vhost files are stored

Observations - Apache Web Server Setup

Table 3-3

is a worksheet that you must fill out after you set up Apache web server.


3-9



Table 3-3 Worksheet - Apache Web Server Setup

Apache Web Server Setup Sample Observation loadBalancers hostname loadBalancerId location type acs-host or http-host.internal.net

http-public

/home/clearvision/httpd apache

URL nodeIds user nodes hostname location nodeId catalina_logDir catalina_logNamePrefix log4j_logFile ports_tc_ajp_external acshost.clearaccess.com

main clearvision acs-host

/home/clearvision/acshost/main main

/home/clearvision/acshost/logs/main catalina-main

/home/clearvision/acshost/logs/main/acs.

log

8082

Your Observation ports_tc_ajp_internal ports_tc_http_external

443 - If SSL is enabled

8083

8080 ports_tc_http_internal ports_tc_shutdown tc_route uuid

Note You can generate the UUID using the system command, uuidgen .

URL_user_internal_root

443 - If SSL is enabled

8081

8084 main

12B78A44-4F11-4142-8F5B-5990F9592

C21 clearprobe_rrd_directory http://acshost.clearaccess.com:80/primehome

/home/clearvision/acshost/logs/main/rrd

For information on the fields listed in the worksheet, see

Table 5-1 .

3-10



Setting Up a MongoDB Server


MongoDB provides a robust data storage engine that can be easily scaled. It can run on a single server as a standalone database to support smaller setups with only two nodes and an arbiter. MongoDB is deployed in the network infrastructure to provide the following functionalities for Prime Home:

• Permanent storage of data associated with system audit, Taze, and bandwidth monitoring.

•

•

Limited storage of configuration data. The configuration data is modified only when you change the

Prime Home setup. If MongoDB is used for storing the configuration data, you can deploy

MongoDB on a single server as the data transaction rate is very less for configuration data.

A highly available peer network that can be tracked easily in real time.

Note Memory utilization is high for MongoDB. Hence, we recommend that you deploy MongoDB on a separate server or virtual machine.

Installing and Configuring a MongoDB Server

To install and configure a MongoDB server:

Step 1

Step 2

Step 3

Log into the MongoDB host as root.

Add the 10gen repository to your local repository by creating the file /etc/yum.repos.d/10gen.repo with the following contents (the example text shown is for a 64-bit system): cat <<EOF > /etc/yum.repos.d/10gen.repo

[10gen] name=10gen Repository baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64 gpgcheck=0 enabled=1

EOF

Install the MongoDB packages, mongo-10gen and mongo-10gen-server, using the following command:

# yum -y install mongo-10gen mongo-10gen-server

Note You must install the MongoDB package mongo-10gen on the components that access the

MongoDB server. In this release, the components are the ACS server and the optional bandwidth monitoring server only.

Step 4 Modify the /etc/mongod.conf file using the following commands:

# perl -p -i -e 's/^[#]*dbpath[= ].*$/dbpath=\/data\/mongo/g' /etc/mongod.conf

# perl -p -i -e 's/^[#]*logpath[= ].*$/logpath=\/var\/log\/mongo\/mongod.log/g'

/etc/mongod.conf

# perl -p -i -e 's/^[#]*logappend[= ].*$/logappend=true/g' /etc/mongod.conf

# perl -p -i -e 's/^[#]*fork[= ].*$/fork=true/g' /etc/mongod.conf

Verify that you have created directories for dbpath and logpath with appropriate permissions, or create them using the following commands:

# mkdir -p /data/mongo /var/log/mongo

# chown mongod:mongod -R /data/mongo /var/log/mongo


3-11



Step 5

Step 6

Verify the MongDB configuration and restart the Mongo service using the following commands:

# chkconfig mongod on

# service mongod start

Initialize MongoDB to create the databases and collections for STUN and system audit.

A confirmation message informs you when the setup is complete.

Creating Replica Sets for MongoDB

If MongoDB is used for permanent storage of system audit, Taze, and bandwidth monitoring data, we recommend that you create replica sets for MongoDB. You must deploy MongoDB on multiple servers and configure three nodes with sufficient data storage.

To create replica sets for MongoDB:

Step 1

Step 2

Deploy MongoDB on an odd number of nodes greater than one.

Modify the /etc/mongod.conf file to add the replSet and oplogSize directives using the following command:

# perl -p -i -e 's/^[#]*replSet[= ].*$/replSet= replicaSetName/ g' /etc/mongod.conf

# perl -p -i -e 's/^[#]*oplogSize[= ].*$/oplogSize=100/g'

/etc/mongod.conf

Specify the replica set name and oplogSize as follows: replSet = replicaSetName oplogSize = 100

Note The oplogSize directive is the maximum size of the replication buffer, in megabytes. It should be set to approximately 5% of the file system size.

Step 3 Initialize the MongoDB replica sets using mongo shell as follows: rs.initiate({

"_id" : "replicaset",

"members" : [

{"_id" : 1, "host" : " mongohost1.domain.com

"},


"},


"}]

})

Observations - MongoDB Server Setup

Table 3-4 is a worksheet that you must fill out after you set up the MongoDB server.

3-12



Setting Up Apache Solr

Table 3-4 Worksheet - MongoDB Server Setup

MongoDB Server Setup Sample Observation db_directory on

MongoDB server

/data/mongo

Hosts on which

MongoDb is configured mongohost1.domain.com, mongohost2.domain.com, and mongohost3.domain.com

Your Observation

Setting Up Apache Solr

Apache Solr provides full text search capabilities within the Prime Home platform. When objects are added to the MySQL database, Apache Solr creates an index for the descriptors associated with the objects. The different parts of the Prime Home platform use this index to search the descriptors.

Apache Solr can be installed on the ACS host or on a separate host server.

After you set up the Apache Solr component, you can perform the following functions using the Apache

Solr admin UI:

•

•

View the counts of objects in the database and index.

Rebuild the complete or partial index.

To set up Apache Solr:

Step 1

Step 2

Step 3

Log into the Apache Solr host or ACS host as root.

Install solr-jetty-core package using the following commands:

# mkdir -p /opt/clearvision/packages/solr

# cd /opt/clearvision/packages/solr

# tar -xzf /path/to/solr-jetty-core-3.5.0.tgz

# useradd -d /opt/clearvision/packages/solr -s /bin/bash -G clearvision solr ln -sf /opt/clearvision/packages/solr/solr-jetty-core-3.5.0/bin/solr-jetty-core-3.5.0

/etc/init.d/solr-jetty-core

# chkconfig solr-jetty-core on

# cd /opt/clearvision

# ln -s packages/solr/solr-jetty-core-3.5.0 solr

# chown -R solr:clearvision solr packages/solr

Modify the /opt/clearvision/solr/solr/conf/solrconfig.xml file based on your network infrastructure, using the following command:

# vi /opt/clearvision/solr/solr/conf/solrconfig.xml

For multiple node with single ACS host, use the following pattern for solrconfig.xml file





<requestHandler name="/replication" class="solr.ReplicationHandler" >

<lst name="master">

<str name="enable">${enable.master:false}</str>

<str name="replicateAfter">commit</str>

<str name="replicateAfter">startup</str>

<str name="confFiles">schema.xml,stopwords.txt</str>

</lst>

</requestHandler>


3-13


Setting Up Cloudera Flume

Step 4

Step 5

Step 6

For High Availability installation, use the following pattern for solrconfig.xml file:





<requestHandler name="/replication" class="solr.ReplicationHandler" >

<lst name="master">

<str name="enable">${enable.master:false}</str>

<str name="replicateAfter">commit</str>

<str name="replicateAfter">startup</str>

<str name="confFiles">schema.xml,stopwords.txt</str>

</lst>

<lst name="slave">

<str name="enable">${enable.slave:false}</str>

<str name="masterUrl">http://MASTERHOSTNAME:7700/solr/corename/replication</str>

<str name="pollInterval">00:00:60</str>

</lst>

</requestHandler>

For HA installations, change the /etc/init.d/solr script to match the correct node role. On slave hosts, comment out the master line and uncomment out the slave line.

Start the Apache Solr service using the following command:

# service solr-jetty-core start

Create specific cores using the following script:

# /opt/clearvision/packages/solr/solr-jetty-core-3.5.0/bin/create-core.sh corename

Confirm that Apache Solr was successfully set up on the host server by opening the admin UI using the following URL: http:// host : 7700 /solr/ corename /admin

Observations - Apache Solr Setup

Table 3-5 is a worksheet that you must fill out after you set up Apache Solr.

Table 3-5 Worksheet - Apache Solr Setup

Apache Solr Setup solr_url

Sample Observation http://MASTERHOSTNAME:7700

/solr/corename



Table 5-1 .


Cloudera Flume provides a platform to transfer a large volume of data from the Prime Home components to MongoDB. MongoDB is the data storage solution for STUN and system audit data.

Before deploying Cloudera Flume in your network infrastructure, be sure that you have the appropriate network planning information for Prime Home functions. The network planning information includes whether you are setting up:

3-14




• Prime Home system auditing application

• Taze STUN application

If you set up these applications in a Prime Home setup that manages a large number of devices, the volume of data transfer and rate of notifications between these applications and MongoDB will be high.

You need to set up dedicated flows from these applications to MongoDB. Prime Home provides the package required to allow Cloudera Flume flows to connect to MongoDB.

Cloudera Flume is installed on all Prime Home components and the database server. You can deploy

Cloudera Flume in both Multiple node and High Availability environments. For High Availability setup, you can deploy Cloudera Flume agents in peer arrangements on hosts in the network.

To set up Cloudera Flume:

Step 1

Step 2

Step 3

Step 4

Log into the ACS hosts and database server as root.

Download the Cloudera Flume repository definition from http://archive.cloudera.com/redhat/6/x86_64/cdh/cloudera-cdh3.repo

.

Add the Cloudera Flume repository definition to the local repository /etc/yum.repos.d/ of all ACS hosts and the database server, using the following command:

# cat <<EOF > /etc/yum.repos.d/cloudera-cdh3.repo

[cloudera-cdh3] name=Cloudera´s Distribution for Hadoop, Version 3 mirrorlist=http://archive.cloudera.com/redhat/6/x86_64/cdh/3/mirrors gpgkey = http://archive.cloudera.com/redhat/6/x86_64/cdh/RPM-GPG-KEY-cloudera gpgcheck = 1

EOF

Install the Cloudera Flume packages, flume-node and flume-master, on the database server, using the following command:

# yum -y install flume-node flume-master

On the ACS hosts, install only flume-node package using the following command:

# yum -y install flume-node

Step 5 Modify the Flume master server configuraton to include the database host details. Using the example text shown here, do the following:

• Replace dbhost.domain with the <Database host>

• Include the flume.plugin.classes

property in the configuration

# mkdir -p /var/flume && chown flume:flume /var/flume

# cat <<EOF > /etc/flume/conf/flume-site.xml

<?xml version="1.0"?>

<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>





<configuration>

<property>

<name>flume.master.servers</name>

<value> dbhost.domain

</value>

<description>This is the address for the config servers status

server (http)

</description>

</property>

<property>

<name>flume.agent.logdir</name>

<value>/var/flume/flume-\${user.name}/agent</value>

<description> This is the directory that write-ahead logging data

or disk-failover data is collected from applications gets

written to. The agent watches this directory.

</description>

</property>

<property>

<name>flume.collector.dfs.dir</name>

<value>file:///var/flume/flume-\${user.name}/collected</value>

<description>This is a dfs directory that is the the final resting

place for logs to be stored in. This defaults to a local dir in

/tmp but can be hadoop URI path that such as hdfs://namenode/path/

</description>

</property>

<property>

<name>flume.master.zk.logdir</name>

<value>/var/flume/flume-\${user.name}-zk</value>

<description>The base directory in which the ZBCS stores data.</description>

</property>

<property>

<name>flume.plugin.classes</name>

<value>com.clearaccess.clearsight.flume.MongoDBAppendSink,com.clearaccess.clearsight.flume

.MongoDBSummaryUpdateSink</value>

<description></description>

</property>

</configuration>

EOF

Start the Flume service on the database server using the following commands:

# chkconfig flume-master on

# service flume-master start

Connect to the Flume master and configure bindings on the database server.

In the following example, replace:

•

• dbhost.domain with the <Database host> acshost.domain with the <ACS host>

# flume shell

# connect dbhost.domain

# Audit Logging

exec map dbhost.domain

dbhost.domain

.collector.audit

3-16




Step 8

Step 9


dbhost.domain

.agent.audit

exec map acshost.domain

acshost.domain

.agent.audit

exec config dbhost.domain

.collector.audit audit.flow 'collectorSource(35854)'

'collector(10000) { csMongoAppendSink("mongodb:// dbhost.domain

/cv.audit.log?maxpoolsize=17", "16") }'


.agent.audit audit.flow 'avroSource(12346)'

'agentE2ESink(" dbhost.domain

", 35854)'

exec config acshost.domain

.agent.audit audit.flow 'avroSource(12346)'


", 35854)'

(Optional) If you have deployed the STUN server in your network infrastructure, run the following commands else skip this part:

# STUN


dbhost.domain

.collector.stun


dbhost.domain

.agent.stun

exec map acshost.domain

acshost.domain

.agent.stun


.collector.stun stun.flow 'collectorSource(35853)'

'collector(10000) { csMongoUpdateSink("mongodb:// dbhost.domain

/cv.stun.summary?maxpoolsize=17",

"cvClusterId,oui,sn", "16") }'

exec config acshost.domain

.agent.stun stun.flow 'avroSource(12345)'


", 35853)'


.agent.stun stun.flow 'avroSource(12345)'


", 35853)'

Obtain the flume.tar file that contains the Flume library, and unpack it to /usr/lib/flume/lib using the following commands:

# dir=`pwd`

# cd /usr/lib/flume/lib

# tar -xf "${dir}/flume.tar"

# cd "${dir}"

Open a web browser on the Flumemaster host, and launch Cloudera Flume using the following URL: http:// localhost :35871

Note If the web browser is not available on the Flumemaster host, you must forward the port 35871 over SSH to a system on which the web browser is available and launch Cloudera Flume.

Observations - Cloudera Flume Setup

Table 3-6

is a worksheet that you must fill out after you set up Cloudera Flume.

Table 3-6 Worksheet - Cloudera Flume Setup

Cloudera Flume Setup Sample Observation

Flume_URL http://flumemaster:35871



3-17


Setting up Cisco Taze


You can deploy Cisco Taze in your network infrastructure to provide STUN functionalities. Session

Traversal Utilities for NAT (STUN) helps you to manage the devices behind a NAT gateway.

Before you deploy Cisco Taze in your network infrastructure, verify that the following prerequisites have been met:

•

•

•

A pair of publicly routable IP addresses that Cisco Taze uses to listen and respond to is available.

A pair of UDP ports, 3478 and 3479, on each of the publicly routable IP addresses is available.

•

Devices can access the publicly routable IP addresses with UDP ports 3478 and 3479.

Network connectivity between Cisco Taze and ActiveMQ is available. This allows the Cisco Taze to access the JMS queues on the ActiveMQ servers, and process solicit requests between the ACS and the CPE.

• Cloudera Flume is deployed. Cloudera Flume captures binding request messages and transfers the message data to MongoDB. For information on how to set up Cloudera Flume, see

Setting Up

Cloudera Flume, page 3-14 .

You can deploy Cisco Taze in multiple node or High Availability environments, but only one host at a given time can be the active Cisco Taze host.

To set up the Cisco Taze:

Step 1

Step 2

Step 3

Step 4

Step 5

Log into Cisco Taze host as root.

Copy the Cisco Taze package into the /opt/clearvision/taze directory.

Copy the Cisco Taze init script to /etc/init.d

.

Enable the Cisco Taze startup using the following command: chkconfig taze on

Modify the taze.conf file using the following command:

# vi taze.conf

The value of avroport in the taze.conf file must match the avrosource value in the Flume master configuration because the Flume node listens on the avroport.

The taze.conf file must include the following settings: stun.primary.address=19.15.45.15

stun.secondary.address=19.15.45.16

stun.primary.port=3478 stun.secondary.port=3479 activeMQ.brokerURL=failover:(nio://amqhost1:7400,nio://amqhost2:7400) clearprobe.rrds-path=rrds clearprobe.port=9090 clearsight.enabled=true clearsight.eventHost=stunhost.fqdn.com

clearsight.stun.avroHost=localhost clearsight.stun.avroPort=12345 clearsight.stun.pool.maxActive=50 clearsight.stun.pool.maxIdle=10 clearsight.stun.pool.minIdle=10 clearsight.stun.pool.maxWait=5000

3-18



Observations - Cisco Taze Setup

Table 3-7

is a worksheet that you must fill out after you set up Cisco Taze.

Table 3-7 Worksheet - Cisco Taze Setup

Cisco Taze Setup taze_broker_maxConnections taze_broker_url taze_enabled

Check whether STUN binding requests are logged into

MongoDB.

Check whether the Cisco Taze service is able to respond to UDP connection requests from remote hosts.

If the audit function is enabled, verify whether binding requests from devices appear in the Cisco

Prime Home log.

Sample Observation

50 nio://amqhost:7400

True

Yes

Yes

Yes



Table 5-1

.



3-19



3-20


Preparing the Database

C H A P T E R

4

This chapter explains how to set up the MySQL database for Prime Home.

The database setup depends on the size of the network and the type of Prime Home deployment.

Prime Home can be deployed in multiple node or High Availability setup.

The database must be functioning normally before you install Prime Home.


•

•

MySQL Database, page 4-1

Setting Up the MySQL Database, page 4-1

MySQL Database

The MySQL database is the default data store for Prime Home, and is installed on a separate host server.

For deploying Prime Home, the MySQL database requires the following settings:

•

•

Minimum 1-Gigabit Ethernet setup between the ACS host and the MySQL database. We recommend a 10-Gigabit Ethernet setup. This ensures that sufficient bandwidth is available for data transfer between the ACS host and the MySQL database.

Java Database Connectivity (JDBC) between the ACS host and the MySQL database. To support

JDBC, you have to create a specific database instance for Prime Home.

•

•

•

An existing directory for storing MySQL database files. The partition should be at least ext4, preferably XFS or another file system that can provide maximum throughput for large files.

Ensure that the MySQL connection information is based on the ACS host’s naming protocol, and the login credentials are assigned accordingly. MySQL will resolve the connection hostname, and use it for authentication.

Ensure that the Prime Home user can access the MySQL database from the ACS host.

Setting Up the MySQL Database

Caution Prime Home is an extremely write-intensive application. Ensure that the database scaling and tuning is done accurately with proper planning.


4-1

Chapter 4 Preparing the Database


To set up the MySQL database:

Step 1

Step 2

Step 3

Log into the MySQL host as root.

Install MySQL 5 using the following command:

# yum -y install mysql-server

Download the JDBC driver from http://dev.mysql.com/downloads/connector/j/ and install it.

Note The JDBC driver supports the connectivity between the ACS host and the MySQL database.

Step 4 Modify the /etc/my.cnf file using the following command:

# cat <<EOF > /etc/my.cnf

Set the values in the my.cnf file as follows:

[mysqld] datadir = /data/mysql socket=/var/lib/mysql/mysql.sock

user=mysql bind-address = 0.0.0.0

max_connections = 5000 max_connect_errors = 9999999999999 key_buffer = 32M max_allowed_packet = 32M thread_stack = 256K query_cache_limit = 4M query_cache_size = 32M auto_increment_increment = 10 innodb_data_file_path = ibdata1:512M;ibdata2:512M;ibdata3:512M:autoextend innodb_buffer_pool_size = 2G innodb_log_file_size = 512M innodb_thread_concurrency = 10 innodb_flush_log_at_trx_commit = 2 table_open_cache = 256 tmp_table_size = 64M server-id = 1 symbolic-links=0

[mysqld_safe] log-error=/var/log/mysqld.log

pid-file=/var/run/mysqld/mysqld.pid

EOF

Note •

•

In a High Availability environment, you must enable the primary-secondary setup for the MySQL database. Make sure that the server-id value in the /etc/my.cnf file is unique for all servers in the

MySQL database cluster.

Disable the symbolic-links to prevent security risks. Make sure that the symbolic-links value in the in the /etc/my.cnf file is set to zero.

Step 5

Step 6

Enable the MySQL startup using the following command:

# chkconfig mysqld on

# service mysqld start

Change the MySQL admin password using the following command:

4-2


Chapter 4 Preparing the Database mysqladmin -u root password newpassword


Creating a MySQL Database Instance for Prime Home

To enable selection, insertion, deletion, and drop privileges for Prime Home users, you must create a

MySQL database instance.

Before you Begin

Make sure that you have set up the MySQL database. For details, see Setting Up the MySQL Database, page 4-1

.

To create a MySQL database instance for Prime Home:

Step 1 Create the database instance for Prime Home using the following commands: mysql -uroot -p

Password: *********** mysql> create database _ acsname ; where _acsname is the Prime Home database instance name. It should be same as the Apache Solr instance name; for example, _sampleacs01.

Note The Configurator tool identifies the skeletal schema of the database instance, and applies changes to the MySQL database. Hence, the Prime Home database instance also requires a skeletal schema. The recommended naming convention for Prime Home database instance is

_acsname.

Step 2

Step 3

Assign privileges to the Prime Home database instance user using the following commands: mysql> grant all privileges on _acsname .* to ’ _acsnamedbuser ’@’ acshostname ’ mysql> identified by ’ _acsnamedbpw ’ with grant option; where:

• _acsnamedbuser — Prime Home database instance user

•

•

_acsnamedbpw — Prime Home database instance password acshostname — Name of the Prime Home ACS host.

Install schema definitions from the distribution file distribution-5.1.0.tar.bz2, using the following command:

# tar -O -jxf distribution-5.1.0.tar.bz2 \ database/ddl/im/im.ddl database/ddl/acs/acs-2.3.0.sql | mysql -u_ sampleacs01 -p password -D

_ sampleacs01

The following schema definition files are available in the distribution-5.1.0.tar.bz2 package:

• database/ddl/acs/acs-2.3.0.sql

— Defines the baseline schema for the database

• database/ddl/im/im.ddl

— Defines the schema for the index manager


4-3

Chapter 4 Preparing the Database


Step 4 Verify whether the Prime Home user can access the database instance from ACS host: a.

b.

Log into the ACS host.

Access the Prime Home database instance using the following command: mysql -u dbuser -p dbuserpw -h dbhost -D _acsname

Observations - MySQL Database Setup

Table 4-1 is a worksheet that you must fill out after you set up MySQL database.

Table 4-1 Worksheet- MySQL Database Setup

MySQL Database Setup Sample Observation db_hostname db_password db_schema db_url db_username clientId db01 acs

_acs jdbc:mysql://dbhost/_acsname acs acshost


For information on the fields listed in worksheet, see

Table 5-1

.

4-4


Installing Prime Home

C H A P T E R

5

This chapter explains how to install Prime Home in your network infrastructure. It includes:

•

Installing the Configurator Tool, page 5-1

•

Deploying the Prime Home Configuration, page 5-2

Installing the Configurator Tool

The Configurator tool is provided with the Prime Home installation package, and is used to deploy the

Prime Home configuration from the database server to the ACS host. It is recommended NOT to deploy the configurator on the ACS host, but on a separate host that manages the entire cluster.

The Configurator tool uses:

•

•

SSH keys to create, install, configure, and start the Prime Home components.

An administrator key pair to provide remote access to the ACS hosts. The key pair is placed in the

Prime Home authorized_keys file.

The Prime Home configuration for a specific network is defined using a configuration file. The configuration file is customized based on the network infrastructure and placed on the database server.

See

Deploying the Prime Home Configuration, page 5-2

.

For installing Prime Home, the Configurator tool facilitates running the customized configuration file on the host server.

Some preliminary Do’s and Don’ts follow:

Do Don’t

DO unpack Configurator as the user that will be running Configurator, in a location owned by the user that will be running Configurator.

DO NOT run Configurator as a privileged user.

DO run Configurator on a host that has network access to the database in the cluster configuration.

DO NOT run Configurator on the same host as the database referenced in the cluster configuration.

DO run Configurator in an environment with a functioning SSH Agent. (OS X has very seamless integration of an SSH Agent with key passphrases stored in your Keychain.)

DO NOT run Configurator on the same host as any load balancer (apache) referenced in the cluster configuration.


5-1

Chapter 5 Installing Prime Home

Deploying the Prime Home Configuration

Do

DO make sure the SSH Agent has a key that allows logging in to all load balancers in the cluster configuration.

Don’t

DO NOT run Configurator on the same host as any acs node in the cluster configuration.

DO make sure the SSH Agent has a key that allows logging in to all acs node hosts in the cluster configuration.

To install the Configurator tool:

Step 1

Step 2

Step 3

Step 4

Log into the Configurator host as a non-root user.

Select a local directory (for example, /bin) into which you will place the zipped configurator tool

(provided with the Cisco Prime Home installation package).

Untar and unpack the configurator package into the directory you selected, using the following command:

# tar jxf configurator-5.2.0.0.tar.bz2

Start the installation for the Configurator tool using the following command:

# bin/cv-cluster-manager.sh


The configuration file consists of various fields that you must customize based on the third-party technologies that are available in your network. After you customize the configuration file, you must save it and deploy

Prime Home configuration.

Caution The installation process could fail if the configuration file is not customized accurately, so be careful when making your changes.

To deploy the Prime Home configuration:

Step 1

Step 2

Step 3

Step 4

Log into the configurator host as clearvision.

Retrieve the configuration file template using the following command:

# ..bin/cv-cluster-manager.sh -c instancename -retrieve -mh mongohost > instancename .json

Copy the configuration file template to a file, and modify the instancename.json file based on your network setup.. See

Sample Configuration File, page 5-3

; also see

Table 5-1

for descriptions of fields in the configuration file.

On the configurator host, use the configurator tool to apply the updated Prime Home configuration using the following command:

5-2




# ..bin/cv-cluster-manager.sh -c sampleacs01 -mh sampleMongo -reinstall sampleacs01.json

Sample Configuration File

The following example shows a sample configuration file:

{ "clusterId": "clientname",

"distribution": "file:///path/to/5.2.0.0/prime-home-5.2.0.0-SNAPSHOT.tar.bz2",

"license": { "AllowBulkOperations": "true",

"AllowReportingRole": "true",

"AllowScriptEdit": "true",

"MaxNumberOfSessions": "80",

"SystemUsers": "root,system" },

"loadBalancers": [ {

"hostname": "hostname1",

"loadBalancerId": "http-public-lb",

"location": "/path/to/loadbalancer/installation/httpd",

"nodeIds": ["primary","secondary"],

"type": "apache",

"url": "hostname1.fqdn",

"user": "clearvision" },

{ "hostname": "hostname2",

"loadBalancerId": "http-public-cpe",


"nodeIds": ["primary","secondary"],

"nodeCookiePath": "/prime-home",

"nodePath": "/prime-home/tr-069",

"type": "apache",

"url": "10.1.1.32",



"loadBalancerId": "http-private-hostname1",


"nodeIds": ["primary"],


"nodePath": "/prime-home",

"nodePortProperty": "ports_tc_ajp_internal",

"port": "81",

"type": "apache",

"url": "acs-ui.fqdn",



"loadBalancerId": "http-private-hostname2",


"nodeIds": ["secondary"],


"nodePath": "/prime-home",

"nodePortProperty": "ports_tc_ajp_internal",

"port": "81",

"type": "apache",

"url": "acs-cpe.fqdn",

"user": "clearvision" } ],

"nodes": [{

"hostname": "hostname1",

"location": "/home/clearvision/name",

"nodeId": "primary",

"properties": {

"base_port": "8240",

"catalina_logDir": "/var/log/cisco/cph",

"catalina_logNamePrefix": "catalina-primary.",

"clearprobe_rrd_directory": "/var/log/cisco/cph/rrd",

"log4j_logFile": "/var/log/cisco/cph/acs.log",

"tc_route": "tomcat1",


5-3



"uuid": "12345f36-d5ca-3834-805b-4e7fe35d4b67" },



"location": "/home/clearvision/name",

"nodeId": "secondary",

"properties": {

"base_port": "8240",

"catalina_logDir": "/var/log/cisco/cph",

"catalina_logNamePrefix": "catalina-secondary.",

"clearprobe_rrd_directory": "/var/log/cisco/cph/rrd",

"log4j_logFile": "/var/log/cisco/cph/acs.log",

"tc_route": "tomcat2",

"uuid": "196e4f36-f5e0-3036-025d-4e5fe3738eff"

},

"user": "clearvision"

}],

"overlays": ["file:///path/to/mysql-connector-java-5.1.21-overlay.tar.bz2"],

"properties": {

"clientId": "clientname",

"clearsight_enabled": "true",

"clearsight_eventHost": "hostname1",

"clearsight_audit_avro_host": "localhost",

"clearsight_audit_avro_port": "12346",

"clearsight_audit_logMongoUri":

"mongodb://db,hostname1,hostname2/cv.audit.log?replicaSet=clientname",

"db_hostname": "dbhostname",

"db_password": "dbpassword",

"db_schema": "dbschemaname",

"db_username": "dbusername",

"jms_brokerUrl": "nio://hostname1:7401",

"smtp_host": "smtp",

"solr_url": "http://hostname2:7700/apache-solr-3.5.0/clientname",

"taze_broker_maxConnections": "8",

"taze_broker_url": "nio://hostname2:7401",

"taze_enabled": "false",

"url_user_internal_root": "http://hostname2:81/prime-home",

"externalAuthentication_configPropertiesLocation": "customer.ldap.xml"

}

}

Node UUIDs must be unique within a cluster. They can be created using the “uuidgen” command-line tool.

Table 5-1 provides field descriptions for the configuration file.

Table 5-1

Field clusterId distribution

Configuration File Field Descriptions

Description

Enter the ID for the Prime Home ACS cluster. The clusterId field acts as the identifier for the entire Prime Home package. For example, the cluster ID can be specified as production, QA, development, and so on. A cluster can have up to 10

Prime Home instances.

Enter the location of the updated tar.bz2 file on the ACS host server. The filename contains a version number and a time stamp.

The distribution field is a URI and can be specified as a file, http location, or ftp location. The distribution is downloaded from the URI each time you use the -update command.

5-4




Table 5-1 Configuration File Field Descriptions (continued)

Field license

Description

Enter the license details. The license provides the information on the license acquired, available features, and the number of allowed sessions for Prime Home.

loadbalancers Enter the information for the load balancer setup. The Apache web server is the load balancer for the Prime Home platform. The load balancer instances help you to determine access points for Prime Home. The access points can be for public, private, and secured access to Prime Home.

• hostname — Enter the name of the host on which the load balancer is available.

The configurator tool connects to this host for placing the apache configuration file. For details, see your observations in

Table 3-3

.

• Location — Enter the location of the home directory in which the load balancer is installed, and the load balancer configuration is deployed. For details, see your observations in

Table 3-3 .

•

•

•

•

•

LoadBalancerID — Enter the load balancer instance ID. The load balancer instances provide the access points for Prime Home. The access points are public, private, and secured. For details, see your observations in

Table 3-3

.

nodeIds—Enter the node IDs. The node ID is the name of the node, and acts as

an identifier for the node. For details, see your observations in Table 3-3 .

Type — Enter the load balancer type; for example, Apache.

URL—Enter the URL for the load balancer setup. The external clients use this

URL to reach load balancer. This URL defines the vhost entry, and is critical to set it correct. For this URL, ensure that the corresponding DNS entry for the

http-public clients must exist. For details, see your observations in Table 3-3 .

User—Enter the username for accessing the load balancer setup. For details, see your observations in

Table 3-2

.


5-5


Table 5-1

Field nodes


Configuration File Field Descriptions (continued)

Description

Enter the information to configure nodes in the Prime Home ACS cluster:

• hostname—Enter the name of the host on which the ACS node is available. The

Prime Home tomcat runs on this host. For details, see your observations in

Table 3-3

.

•

•

•

•

Location—Enter the location of the directory into which the ACS will be deployed on this node. This directory exists on the ACS host, and consists of the

Prime Home configurations. For details, see your observations in

Table 3-3

.

nodeId—Enter the node ID. The node ID is the name of the node, and acts as an identifier for the node. For details, see your observations in

Table 3-3

.

log4j_logFile—Enter the location of the log file for the ACS node. For details, see your observations in

Table 3-3

.

Ports—Enter the port information for the AJP and HTTP facilities. Prime Home and the Apache server use these ports to communicate. If Apache and

Prime Home are on separate servers, set up firewall rules for communication between them. For details, see your observations in

Table 3-3 .

•

•

•

• uuid—Enter the uuid that you have generated while setting up Apache web server. The uuid is generated using the system command, uuidgen . For details, see your observations in

Table 3-3

.

clearprobe_rrd_directory — Enter the location of the Round Robin Database

(RRD) directory for the ACS node. The RRD directory is used to store the network monitoring data, and helps to display the monitoring results. For details, see your observations in

Table 3-3

.

catalina_logDir — Enter the location of the logs directory where the Apache

Tomcat logs are stored. For details, see your observations in Table 3-3 .

catalina_logNamePrefix — Enter the name of the log file for Apache Tomcat

server. For details, see your observations in Table 3-3 .

•

•

•

•

•

ClientId—Enter the client ID that identifies the entire cluster. You can enter the client ID based on your network infrastructure. For details, see your observations in

Table 4-1 .

db_username—Enter the name of the user who accesses the MySQL database for modification. The db_username can also be a load balancer host in a high availability installation. For details, see your observations in

Table 4-1

.

db_password — Enter the password that is used to access the database to make

changes. For details, see your observations in Table 4-1 .

db_schema—Enter the schema for the database. For details, see your observations in

Table 4-1 .

Jms_brokerURL—Enter the URL of the ActiveMQ that is the messaging system.

In a high availability installation, enter the URL for the load balancer. For details, see your observations in Table 3-6 .

5-6



Table 5-1

Field nodes

(continued)


Configuration File Field Descriptions (continued)

Description

• Smtp_host — Enter the SMTP host details. This field is used to set the SMTP host for sending and receiving e-mails. This field is set only if Prime Home is to be configured with an e-mail facility. The SMTP host can be an e-mail server or the local host.

•

•

•

•

•

Solr_URL—Enter the URL of Apache Solr component. For details, see your observations in

Table 3-5 .

taze_broker_maxConnections—Enter the maximum connections available for

Cisco Taze server. For details, see your observations in

Table 3-7 .

taze_broker_url—Enter the URL of the Cisco Taze server. For details, see your observations in

Table 3-7 .

taze_enabled—Enter True to enable Cisco Taze services, and False to disable them. For details, see your observations in

Table 3-7 .

URL_user_internal_root—Enter the URL for Prime Home internal communication. This URL is constructed using the ACS cluster node, and is specified for private connection. For details, see your observations in

Table 3-3 .


5-7



5-8


C H A P T E R

6

Next Steps

This chapter describes Prime Home post-installation tasks. It includes:

•

Bandwidth Monitoring Function Setup, page 6-1

•

GUI Access, page 6-2

Bandwidth Monitoring Function Setup

The Bandwidth Monitoring function allows you to monitor the upstream and downstream data traffic for all home devices connected to the CPE. The CPE acts as a gateway for the Prime Home platform to manage the home devices.

Cisco can help you to set up the Bandwidth Monitoring function in Prime Home.

Table 6-1

provides component descriptions that you will find helpful when you set up the Bandwidth

Monitoring function in Prime Home:

Table 6-1 Components Needed for Bandwidth Monitoring Function Setup

Components

Bandwidth Monitoring collector

Bandwidth Monitoring application

Description

The Bandwidth Monitoring collector accumulates the upstream and downstream UDP NetFlow data received from the Prime Home Plus client, and stores this data in MongoDB.

The Prime Home Plus client runs on the CPE, and monitors the bandwidth usage of the devices behind the CPE.

The Bandwidth Monitoring collector uses the standard port

2055 for data collection, and must be deployed on a separate host server.

The Bandwidth Monitoring application helps you to configure the Prime Home Plus client that monitors the bandwidth usage of the devices behind the CPE. The Prime Home Plus client runs on the CPE, and provides the synchronization service with the Bandwidth Monitoring application.

You can install the Bandwidth Monitoring application on the

Prime Home host server using the Northbound Interface

(NBI).


6-1

GUI Access

Chapter 6 Next Steps

Table 6-1

Components

MongoDB

Components Needed for Bandwidth Monitoring Function Setup (continued)

Web Services for Bandwidth

Monitoring collector

Prime Home Plus client

Description

Mongo DB acts as a round robin database for CPEs. A specific database instance is created in MongoDB for a CPE. The

Bandwidth Monitoring collector dispatches the upstream and downstream data received from the Prime Home Plus client to the MongoDB. This data is stored at the database instance created for the CPE.

For information on how to set up MongoDB, see Setting Up a

MongoDB Server, page 3-11

.

Web services are used to retrieve upstream and downstream data from the Bandwidth Monitoring collector. The web services are hosted on a separate server, and you can access them using web services clients.

The Prime Home Plus client is integrated with the CPE to facilitate managing the CPE from the Prime Home platform.

Value-added extensions such as Bandwidth Monitoring and

Home Parental Controls are also integrated with the CPE.

To support the Bandwidth Monitoring function, Cisco provides the required drivers for Prime Home Plus client.

GUI Access

Prime Home functionalities are available based on the privileges assigned to the user. When the user logs into Prime Home with the appropriate username and password, Prime Home runs with the functionalities mapped to the user account.

For information on how to log into the Prime Home GUI, see the Cisco Prime Home 5.2 User Guide .

Prime Home users can be categorized as follows:

• CSR—The privileges assigned to the CSR are limited to accessing the subscriber’s network and troubleshooting the CPEs remotely. The Prime Home functions available to the CSR may vary based on the network infrastructure. For example, if the SMTP service is configured in Prime Home, the

CSR is allowed to send e-mails to the subscriber.

•

•

Administrator — All privileges are available to the administrator. In addition to having access to all

CSR functions, administrators can also configure the Prime Home platform using various functions such as adding users, adding custom labels, running reports and activity audits, managing CPE firmware updates, and so on.

Subscriber — The privileges assigned to subscribers are limited to parental controls only. Subscribers have access to a Control Panel, which is used for profile-based content filtering, Internet blocking, and managing wireless devices connected to the modem.

• Custom user—The Prime Home platform allows you to configure user privileges based on your staffing model. Custom users can be configured in Prime Home with access to features that you choose. Contact Cisco to configure custom users with additional roles.

For information on CSR, administrator, and subscriber functions in Prime Home, see the Cisco Prime

Home 5.2 User Guide .

6-2

Cisco Prime Home Installation Guide

Cisco Prime Home 5.2 Installation Guide

www.cisco.com

Setting Up the Apache Web Server

High Availability Setup

Installation Overview

Product Overview

Deployment Variants

Licensing Requirements

Prime Home Components

Network Infrastructure Setup

Installation Requirements

Prerequisites

System Requirements

Preparing for Installation

Configuring the RHEL Platform

Configurator Environment Preparation

Running Configurator on CentOS 6

Prerequisites

RVM Installation and Environment Setup

Running Configurator on Mac OS X

Prerequisites

RVM Installation and Environment Setup

Setting Up the Apache Web Server

Setting Up a MongoDB Server

Installing and Configuring a MongoDB Server

Creating Replica Sets for MongoDB

Setting Up Apache Solr

Setting Up Cloudera Flume

Setting up Cisco Taze

Preparing the Database

MySQL Database

Setting Up the MySQL Database

Creating a MySQL Database Instance for Prime Home

Installing Prime Home

Installing the Configurator Tool

Deploying the Prime Home Configuration

Next Steps

Bandwidth Monitoring Function Setup

GUI Access

Related manuals

Cisco

Prime Home

Cisco

Prime Home

Cisco

Prime Home

Cisco

Prime Home

Cisco

Prime Network

Cisco

Prime Network

Cisco

Prime Home

Cisco

Prime Home

Cisco

Prime Home