Complete the Post-Installation Configuration

Perform the following optional and recommended steps after you install capm:
capm360
Perform the following optional and recommended steps after you install
DX NetOps Performance Management
:
Set Up Autostart on Data Repository
You can set up autostart on Data Repository. If autostart is set up and you reboot the computer where Data Repository is installed, Data Repository starts automatically.
This feature might not work if Data Repository did not shut down properly. If the database did not shut down properly, the database might require manual intervention during startup to restore the last good epoch. If the Vertica database does not start automatically after an improper shutdown, use admintools to start it manually.
Data Aggregator stops automatically when Data Repository becomes inaccessible. Restart the data aggregator manually once Data Repository is online again.
Do one of the following steps:
  • Start the data aggregator service:
    service dadaemon start
    For RHEL 7.x or OL,
    service
    invokes
    systemctl
    . You can use
    systemctl
    instead.
  • (Fault-tolerant environment) Run one the following commands to enable the fault-tolerant data aggregator so that it can start when necessary:
    • RHEL 6.x:
      service dadaemon activate
    • RHEL 7.x, SLES, or OL:
      DA_Install_Directory
      /scripts/dadaemon activate
Follow these steps:
  1. Become the Linux user account for the database administrator user by issuing the following command:
    su
    dradmin
  2. Verify that the Linux user account for the database administrator user is set up with a passwordless ssh key:
    1. Verify that the passwordless ssh key is already set up by issuing the following command:
      ssh
      dr_host
      ls
      If the passwordless ssh key is set up, you are
      not
      prompted for a password. You do not need to do anything further.
    2. If you
      are
      prompted for a password, ignore the prompt, press Ctrl+C, and complete step 5.
  3. (Optional) Set up the Linux user account for the database administrator user with a passwordless ssh key. Complete the following steps:
    1. Generate a public key by issuing the following command. In a cluster installation, issue this command on each host that is participating in the cluster:
      ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa
    2. Copy the contents of the public key to the authorized_keys2 file on the same computer. In a cluster installation, copy the contents of the public key to the authorized_keys2 file on each host in the cluster:
      cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2
    3. (Cluster installation only) Copy the contents of the public key from each host to each of the other hosts:
      • As the database administrator user on the first host, issue the following command and copy the content of the file:
      vi ~/.ssh/id_rsa.pub
      vi ~/.ssh/authorized_keys2
      vi ~/.ssh/authorized_keys2
      • As the database administrator user on the second host, issue the following command:
      Paste the contents from the id_rsa.pub file on the first host to the end of the authorized_keys2 file on the second host.
    4. As the database administrator user on the third host, type the following command:
      vi ~/.ssh/authorized_keys2
      Paste the contents from the id_rsa.pub file on the first host to the end of the authorized_keys2 file on the third host.
  4. Enable ssh from one host to another without being prompted for a password by repeating the following steps for all hosts in the cluster:
    1. To set permissions for the authorized_keys2 file, type the following command. In a cluster environment, type these commands on each host in the cluster:
      chmod 644 ~/.ssh/authorized_keys2
    2. As the root user, type the following commands to restart the ssh daemon. In a cluster environment, type this command on each host in the cluster:
      su root
      service sshd restart
    3. (Single-node installations only) To confirm that you are not prompted for a password, type the following commands:
      su
      dradmin
      ssh [email protected]
      hostname
      ls /tmp
    4. (Cluster installations only) Confirm that you are not prompted for a password by issuing the following commands on the first host in the cluster:
      su
      dradmin
      ssh [email protected]
      host1
      ls /tmp
      ssh [email protected]
      host2
      ls /tmp
      ssh [email protected]
      host3
      ls /tmp
      Repeat this step on each host in the cluster.
      The ability to configure autostart on the data repository requires that you set up the passwordless ssh key.
  5. Issue the following command:
    /opt/vertica/bin/adminTools
    The Administration Tools dialog opens.
  6. Select (6) Configuration Menu, and then select
    OK
    .
  7. Select (4) Set Restart Policy, and then select
    OK
    .
    The Select Database dialog opens.
  8. Select the database name, and then select
    OK
    .
    The Select policy dialog opens.
  9. Select
    always
    when doing a single-node Data Repository installation. Select
    ksafe
    when doing a cluster installation.
    Select
    OK
    .
    In a single-node installation, ‘always’ means that, Data Repository automatically restarts when the system restarts. In a cluster installation, ‘ksafe’ means that, upon the system restarting, the Data Repository node automatically restarts if the database still has a status of ‘UP’.
    The Restart Policy setting is saved.
  10. Select
    OK
    to close the Select policy dialog.
  11. Return to the (M) Main Menu.
  12. Select
    (
    E) Exit
    .
  13. (Optional) Test that Data Repository starts when you reboot the computer where Data Repository is installed:
    1. Reboot the computer where Data Repository is installed.
      Log in as the root user or sudo user to reboot the computer.
    2. Become the Linux user account for the database administrator user by issuing the following command:
      su
      dradmin
    3. Issue the following command:
      /opt/vertica/bin/adminTools
      The Administration Tools dialog opens.
    4. Select (1) View Database Cluster State, and then select
      OK
      .
      The state is "UP."
    5. Select OK.
      The data repository can take several minutes to start up after you reboot.
Autostart is set up on the data repository.
Configure the Automatic Recovery for the Data Aggregator Process
If the database server runs out of memory, or if Data Repository is unavailable for a time, data aggregator shuts down automatically to ensure that data consistency is maintained. When the data aggregator shuts down, an audit message is logged in the following log file:
DA_installation_directory
/apache-karaf-<
vers
>/shutdown.log
When the data aggregator is unavailable, the Data Collectors continue polling. The Data Collector caches the poll responses in memory, up to a configurable limit. When the data aggregator host becomes available, the cached polled data is sent to the data aggregator.
Best Practice:
Disable this cron job before you upgrade data aggregator. If you shut down the data aggregator manually with the service dadaemon stop command, the cron job does not restart data aggregator automatically. Maintenance can be performed without having the cron job disrupt the system when it is expected to be down.
In a fault-tolerant environment, this procedure is unnecessary because Consul manages the start and stop state of the data aggregator.
For more information, see Fault Tolerance.
Follow these steps:
  1. Log in to the computer where the Data Aggregator is installed as the root user.
  2. Open a console and type the following command:
    crontab -e
    A vi session opens. If there are no cron jobs for the database administrator user, an empty file opens. Otherwise, the file contains existing cron job definitions.
  3. Add the following lines to the file for the cron job:
    * * * * * /sbin/service dadaemon start > /dev/null
    The cron job issues a start command to Data Aggregator every minute. If Data Aggregator is running, the start command is ignored.
(Optional) Modify the External ActiveMQ Memory Limit
The data aggregator installer calculates the memory that is needed on your system to accommodate the Apache ActiveMQ process. However, you can manually modify the memory limit settings to fine tune ActiveMQ on the data aggregator system. For example, you can modify the settings under the following circumstances:
  • When the system memory has changed.
  • When the number of Data Collector systems have changed.
  • To optimize the memory settings.
  • When you have determined that the performance of ActiveMQ is degraded. Monitor the performance through the JConsole or the
    DX NetOps Performance Management
    custom chart with ActiveMQ metrics.
Follow these steps:
  1. Calculate the amount of memory for ActiveMQ based on the following settings:
    • Maximum java heap size
      Default:
      20%
      Minimum:
      512M
    • Initial minimum java heap size
      50% of maximum java heap size
    • Young generation java heap size
      25% of the maximum java heap size
    • Memory limit for all messages
      50% of the maximum java heap size
    • Memory limit per queue
      Calculate based on how many Data Collector installations you have.
      Example:
      The memory per queue
      (system memory for all messages)/5/(Data Collector count)
  2. Log in to the computer where Data Aggregator is installed. Log in as the root user or a sudo user with access to a limited set of commands.
  3. Type the following command to stop the ActiveMQ broker:
    service activemq stop
  4. Modify the java heap size for ActiveMQ:
    1. Access the
      activemq
      file under
      DA_INSTALL_DIRECTORY
      /broker/apache-activemq-
      version
      /bin.
    2. Locate the line that defines ACTIVEMQ_OPTS_MEMORY.
    3. Change - Xms to be the Initial minimum java heap size.
    4. Change - Xmx to be the Maximum java heap size.
    5. Change –Xmn to be the Young generation java heap size.
    6. Save the file.
  5. Modify the ActiveMQ memory limit for the producer flow control:
    1. Access the activemq.xml file in
      Data Aggregator installation directory
      /broker/apache-activemq-
      version
      /conf.
    2. Locate the following line and change the value to Memory limit for all messages:
      <memoryUsage limit=”value”/>
    3. Locate the following line, change the value to Memory limit per queue:
      <policyEntry queue=">" producerFlowControl="true" memoryLimit="value"/>
  6. Type the following command to start the ActiveMQ broker:
    service activemq start
    Your new settings are activated.
(Optional) Change the Opened Port Number on the Data Aggregator Host
After you install data aggregator, you can change the port that is opened on the data aggregator host.
You opened port 61616 before you installed Data Aggregator and Data Collector.
Follow these steps:
  1. Log in to the computer where data aggregator is installed. Log in as the root user or a sudo user with access to a limited set of commands.
  2. Do one of the following steps:
    • Stop the data aggregator service:
      service dadaemon stop
    • (Fault-tolerant environment) If the local Data Aggregator is running, run one the following commands to shut it down and prevent it from restarting until maintenance is complete:
      • RHEL 6.x:
        service dadaemon maintenance
      • RHEL 7.x, SLES, or OL:
        DA_Install_Directory/scripts/dadaemon maintenance
  3. Remove the data directory and the
    local-jms-broker.xml
    file from the deploy directory by issuing the following commands:
    rm -rf
    <caimda> installation directory
    /apache-karaf-<
    vers
    >/data
    rm -rf
    <caimda> installation directory
    /apache-karaf-<
    vers
    >/deploy/local-jms-broker.xml
  4. Edit the
    activemq.xml
    file in the
    DA_installation_directory
    /broker/apache-activemq-<
    vers
    >/conf
    directory:
    1. Locate the following lines:
      <transportConnectors>
      <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
      <transportConnector name="PRQ" uri="tcp://0.0.0.0:61618"/>
      <transportConnector name="IREP" uri="tcp://0.0.0.0:61620"/>
      <transportConnector name="blob" uri="tcp://0.0.0.0:61622"/>
      </transportConnectors>
    2. Replace 61616, 61618, 61620, 61622 with the ports that you want to use for incoming connections on data aggregator.
      If you have a fault-tolerant environment, ensure that both data aggregators use the same ActiveMQ ports.
  5. Do one of the following steps:
    • Start the Data Aggregator service:
      service dadaemon start
    • (Fault- tolerant environment) Enable the fault-tolerant data aggregator so that it can start when necessary by issuing one of the following commands:
      • RHEL 6.x:
        service dadaemon activate
      • RHEL 7.x, SLES, or OL:
        DA_Install_Directory
        /scripts/dadaemon activate
  6. Wait a few minutes, and then verify that the port change is successful by issuing the following command:
    netstat -a | grep port
    • port
      The port number that you specified previously for incoming connections on Data Aggregator.
  7. If the port change is successful, Data Aggregator waits for incoming connections on that port. If Data Aggregator is not waiting for incoming connections, review the
    karaf.log
    file for errors by issuing the following command:
    grep ERROR karaf.log
  8. Resolve the errors.
  9. Log in to the computer where Data Collector is installed. Log in as the root user or a sudo user with access to a limited set of commands.
    For more information about the sudo user, see the
    Data Aggregator Installation Guide
    .
  10. Open a command prompt and issue the following command:
    service dcmd stop
  11. Remove the data directory and the
    local-jms-broker.xml
    file from the deploy directory by issuing the following commands:
    rm -rf
    <caimda> installation directory
    /apache-karaf-<
    vers
    >/data
    rm -rf
    <caimda> installation directory
    /apache-karaf-<
    vers
    >/deploy/local-jms-broker.xml
  12. Edit the
    activemq.xml
    file in the
    DC_installation_directory
    /broker/apache-activemq-<
    vers
    >/conf
    directory:
    1. Locate the following lines:
      <networkConnector name="da_manager" uri="static:(tcp://scalematda:61616)" duplex="true"
      suppressDuplicateTopicSubscriptions="false">
      <networkConnector name="da_manager-PRQ" uri="static:(tcp://scalematda:61618)" duplex="true"
      suppressDuplicateTopicSubscriptions="false">
      <networkConnector name="da_manager-IREP" uri="static:(tcp://scalematda:61620)" duplex="true"
      suppressDuplicateTopicSubscriptions="false">
      <networkConnector name="da_manager-blob" uri="static:(tcp://scalematda:61622)" duplex="true"
      suppressDuplicateTopicSubscriptions="false">
    2. Replace 61616, 61618, 61620, and 61622 with the ports that you specified previously in the
      activemq.xml
      file on the Data Aggregator host.
  13. Open a command prompt and start data collector by issuing the following command:
    service dcmd start
  14. Wait a few minutes, and then verify that each port change is successful by issuing the following command:
    netstat -a | grep
    port
    • port
      The port number that you specified in a previous step for incoming connections on Data Aggregator.
    If the port change is successful, the console shows a connection between the Data Aggregator and the Data Collector. If you do not see a connection, review the
    karaf.log
    file for errors by issuing the following command:
    grep ERROR karaf.log
  15. Resolve the errors.
    The opened port numbers on the Data Aggregator host is changed.
(Optional) Disable the ActiveMQ Admin Console for the Data Aggregator or Data Collector
Generally, the ActiveMQ admin console should not be available on the network. Therefore, you can disable it for the Data Aggregator or Data Collector.
Follow these steps:
  1. Go to one of the following files:
    • Data Aggregator
      DA_Install_Directory
      /broker/apache-activemq-
      version
      /conf/activemq.xml
    • Data Collector
      DC_Install_Directory
      /broker/apache-activemq-
      version
      /conf/activemq.xml
  2. Comment out
    <import resource="jetty.xml"/>
    .
  3. Shut down the ActiveMQ broker on each Data Collector by issuing the following command:
    service activemq stop
  4. Shut down the ActiveMQ broker on the data aggregator by issuing the following command:
    service activemq stop
  5. Start the ActiveMQ broker on the data aggregator by issuing the following command:
    service activemq start
    If you do not, the Data Aggregator starts the broker automatically.
    The Data Collectors automatically restart the ActiveMQ brokers.
  6. Restart the brokers manually by issuing the following command:
    service activemq start
(Optional) Update ActiveMQ Admin Console Access
Generally, the ActiveMQ admin console should not be available on the network. However, if certain users absolutely need the console, you can grant them access.
Follow these steps:
  1. Go to one of the following files:
    • Data Aggregator
      DA_Install_Directory
      /broker/apache-activemq-
      version
      /conf/activemq.xml
    • Data Collector
      DC_Install_Directory
      /broker/apache-activemq-
      version
      /conf/activemq.xml
  2. To update user access, edit the
    jetty-realm.properties
    .
  3. To encrypt the user passwords, run one of the following commands:
    • Data Aggregator
      java -cp
      DA_Install_Directory
      /broker/apache-activemq-
      version
      /lib/web/jetty-all-9.2.22.v20170606.jar org.eclipse.jetty.util.security.Password
      password
      password
    • Data Collector
      java -cp
      DC_Install_Directory
      /broker/apache-activemq-
      version
      /lib/web/jetty-all-9.2.22.v20170606.jar org.eclipse.jetty.util.security.Password
      password
      password
  4. Shut down the ActiveMQ broker on each Data Collector by issuing the following command:
    service activemq stop
  5. Shut down the ActiveMQ broker on the Data Aggregator by issuing the following command:
    service activemq stop
  6. Start the ActiveMQ broker on the Data Aggregator by issuing the following command:
    service activemq start
    If you do not, the Data Aggregator starts the broker automatically.
    The Data Collectors automatically restart the ActiveMQ brokers.
  7. Restart the brokers manually by issuing the following command:
    service activemq start
Authenticate and Encrypt ActiveMQ Communication
By default, the communication between the Data Aggregator and Data Collector is unencrypted and unauthenticated. To secure communications, secure the communication between the ActiveMQ brokers on these servers.
For more information, see Authenticate and Encrypt ActiveMQ Communication.