Installing Ops Center Administrator with the application installer

You can install Ops Center Administrator in a Linux environment that is running a supported version of a container runtime.

To enable maximum control of the environment, the application installer does not include a container runtime, an operating system, or a VM.

Do not install container runtimes except Podman on the host OS.
If you want to register Ops Center Administrator with Ops Center Common Services, do the following:
- Install Python3 before running the installer.
- Make sure that the host name of Ops Center Common Services is resolvable from the Ops Center Administrator server. If you want to use a host name that is not an FQDN, set the IP address and the host name in the /etc/hosts file for name resolution.
- After modifying the /etc/hosts file, run the following command to restart the Ops Center Administrator-related service.
```
# systemctl restart rainier
```
- Make sure that you have a user account with Ops Center Common Services that has the "Application Administrator" role to run the script.

During installation, you must select one of the following network modes for containers created by Ops Center Administrator:
- Bridge mode (Recommended):
  This is the default network mode for the container runtime.
  
  In this mode, a dedicated network for the container is created on the host network. When selecting this mode, ensure that the kernel parameter net.ipv4.ip_forward is set to enabled in order to allow traffic forwarding from the host network to the container network.
- Host mode:
  In this mode, the containers share the host network, and each container is allocated a host port number for internal services. This requires more port numbers than bridge mode. Select this mode only if you want to disable traffic forwarding from the host network to the container network. For details, see Port requirements.
Note: Before Ops Center Administrator v11.0.4, bridge mode was implicitly selected during installation. If you choose host mode during installation, the allocated port numbers for each container might conflict with those of other programs installed on the same computer, potentially causing installation failures. Additionally, each port used by the container to communicate with the external network must be explicitly registered as a firewall exception. This process is simplified in bridge mode because the virtual bridge used for communication is automatically added to the firewalld trusted zone by default. Therefore, we strongly recommend selecting bridge mode.

Verify the following:

You have root access or normal access to the OS where you plan to install Ops Center Administrator. If you log in as a normal user, use the sudo command to complete the procedure as the root user.
The available space on the server is 100 GiB including temporary space. For details, see Minimum system requirements.
The server has 8 to 10 GiB of available RAM. For details, see Minimum system requirements.
Note: Before starting the installation, as a best practice, do not install Ops Center Administrator in a location running other applications.
If you select bridge mode during installation, IP forwarding and br_netfilter for the IP V4 network is installed on the operating system.
Verify by using the sysctl command (1 means enabled):
```
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 1
```
If you select bridge mode during installation, the OS running firewalld (for example, RHEL 8 or later) is configured to allow communication between containers as follows:
- Enable communication by adding the container runtime network interface (for example, cni-podman0) to the trusted zone:
```
# firewall-cmd --zone=trusted --change-interface=cni-podman0 --permanent
```
```
# firewall-cmd --reload
```
- Enable IP masquerading for the default zone:
```
# firewall-cmd --add-masquerade --permanent
```
```
# firewall-cmd --reload
```
A supported version of container runtime is installed in a Linux environment.
- If the supported version of Podman is not installed in the environment, you must configure Yellowdog Updater, Modified (YUM) settings to install packages over a network. The application installer connects to the configured YUM repository and installs the required version of Podman. The packages related to Podman are located in the latest BaseOS and AppStream repositories.
- If you want to install or upgrade Podman yourself, you can run the following command:
```
yum install podman required-version
```
  For example, to install Podman v3.3.x:
```
yum install podman-3.3.*
```
  The asterisk indicates to obtain and install the latest patch version available in the repository.
  
  Note: Downgrading the Podman version is not supported.
- If you install or upgrade Ops Center Administrator while suppressing the upgrade of Podman, the installation fails with the error:
```
[Error] Failed to install Podman x.x.x from package repository. Confirm the network or repository server setting, and retry.
```
  Unlock the suppression and install or upgrade Ops Center Administrator again. After completing the installation, suppress the upgrade of Podman again.
  
  Note: You can upgrade Podman (major or minor version) during the installation or upgrade process, or after installing Ops Center Administrator. However, if you are upgrading Podman from version 3.x to 4.x or later, we recommend that you do so during the Ops Center Administrator installation. This is because upgrading Podman from version 3.x to 4.x or later after installation requires creating a backup of the existing Ops Center Administrator instance, removing it along with the Podman upgrade, reinstalling Ops Center Administrator, and then restoring the backup.
- If you install Podman 3.3.x, or upgrade Podman from 3.3.x to any version, or run any Podman command on the server using Podman 3.3.x, a warning message may appear:
```
Failed to decode the keys [<key1>, <key2>, ..., <keyN>] from "/usr/share/containers/containers.conf"
```
  Ignore this message because it does not affect Ops Center Administrator.
- If you cannot use YUM to install Podman because your management server is not connected to the network, you must get the Podman software from the OS media (ISO image or CD-ROM).
  For example, the minimum supported version of Podman 3.3.x is available with Red Hat Enterprise Linux and Oracle Linux version 8.5, and Podman 4.2.x is available with version 9.1. Therefore, regardless of the OS version that you are using, you must download the OS that includes the Podman version you want to use.
  1. Download the Linux ISO image (for example, redhat 8.5 iso).
  2. Mount the ISO image using the following command:
    mount /dev/cdrom /media
    
    For example: mount -o loop rhel-8.5-x86_64-dvd.iso /media
  3. If the /etc/yum.repos.d directory contains an existing repo file, rename the file extension or delete it.
  4. Create the yum repository file by running the following command:
    vim /etc/yum.repos.d/local.repo
  5. Add the required definition lines as shown in the following examples, and then save and close the file:
    For Oracle Linux
```
[LocalRepo_BaseOS]name= LocalRepo_BaseOS
gpgcheck=0
enabled=1
baseurl=file:///media/BaseOS/
LocalRepo_AppStream]
name=LocalRepo_AppStream
gpgcheck=0
enabled=1
baseurl=file:///media/AppStream/
```
    For Red Hat Enterprise Linux
```
[LocalRepo_BaseOS]
name=LocalRepo_BaseOS
metadata_expire=-1
enabled=1
gpgcheck=0
baseurl=file:///media/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 
[LocalRepo_AppStream]
name=LocalRepo_AppStream
metadata_expire=-1
enabled=1
gpgcheck=0
baseurl=file:///media/AppStream/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
```
  6. Verify the required library by running the following command:
```
yum repolist
```
  7. Install podman by using the following command :
```
yum install podman-required-version
```
    For example, to install Podman v3.3.x:
```
yum install podman-3.3.*
```

In the Linux environment, configure the network interface that will access Ops Center Administrator.
Ops Center Administrator supports user interface and API access by using an IPv4 address.
Copy the tar file ops-center-administrator-xx.tar.gz from the installation media to any folder in the Linux environment and unzip it.
Navigate to the unzipped folder and run install.sh.
At the prompts, enter the following:
1. Enter the username for the installer:
  Enter sysadmin
2. Enter the user password:
  Enter sysadmin
3. Enter the number corresponding to the network mode you want to select:
```
Select the network mode for containers.

1. bridge : (Recommended) Containers are isolated from the host's
            network namespace and communicate through the host's virtual
            bridge. This mode is suitable for most cases.

2. host   : Containers share the host's network namespace.
            Therefore, no IP forwarding is required. This mode is used when 
            it is absolutely necessary to disable IP forwarding
            (net.ipv4.ip_forward=0).
Enter the number [default=1]:
```
4. Enter host's IP:
  Enter the IP address for Ops Center Administrator. This IP address is also used for SNMP communications with the storage system.
5. Enter the Service port number (HTTPS, default 443):
  Enter the service port for accessing Ops Center Administrator. The default service port is HTTPS, 443. You can proceed with the default service port or enter your own.
  
  Note: If you are using Ops Center Administrator with Ops Center Common Services or Ops Center Protector, you must enter a port other than the default (443), which causes a conflict. We suggest 20961.
6. If you want to register Ops Center Administrator with Ops Center Common Services during installation, enter y at the prompt:
```
Do you wish to configure Ops Center [y/n]
```
  You are then prompted to enter a user name and password for Ops Center Common Services and the name and description of the Ops Center Administrator instance to register.
  Note:
  - If both Ops Center Administrator and Ops Center Common Services are v10.9.0 or later, then the token authentication time-out configured in Ops Center Common Services is reflected in Ops Center Administrator automatically. This time-out configuration applies not only to users managed in Ops Center Common Services, but also to local users in Ops Center Administrator.
    For details, see the Ops Center Portal Help.
  - In Ops Center Administrator, the Auto-refresh setting configured in the Ops Center Portal is ignored.
Note: During installation, vm.max_map_count is set to 262144 in /etc/sysctl.conf.
The installation may take a few minutes. At completion, messages indicate the following:
- The application was successfully added.
- The API is ready.
- Any pre-existing app manager containers have been removed.
Set the SNMP IP address in the virtual appliance manager tool:
1. Open a browser and enter the following URL in the address bar:
```
https://ip-address:port/vam
```
  where:
  - ip-address is the IP address of the Ops Center Administrator server.
  - port is the port number of the Ops Center Administrator. The default port number is 443 or 20961.
  The default login credentials are sysadmin/sysadmin
2. Click Network Settings, then enter the SNMP IP address for the storage system.
Suppress the upgrade of Podman to avoid unintentionally upgrading to the unsupported version.

For example, you can use yum-plugin-versionlock or you can add the exclude parameter to the yum.conf file.

Troubleshooting the installation

If the installation fails, try the following:

If the installation fails with the (401) error code, the user name and password specified by the installer was incorrect. Retry the installation and ensure that you use the credentials sysadmin/sysadmin.
Make sure your container runtime is working properly. If not, check the following network configuration:
- If you select bridge mode during installation, confirm that the network interface (for example, cni-podman0) of the container runtime is in a trusted zone in your operating system.
- If you select host mode during installation, confirm than the port numbers used by the container runtime are not allocated to other programs installed on the same computer. For details about port numbers used by the container runtime, see Port requirements.
  If the required port numbers are allocated to other programs installed on the same computer, stop them and install Ops Center Administrator again.
Check your YUM settings and the host network to make sure that your system can connect to the YUM repository.
If you use a local YUM mirror repository server, confirm the HTTP server setting and whether the repository data that is gathered by the reposync command exists correctly.
Delete all Ops Center Administrator containers, images, and files and then start the installation again.
Check the Podman logs.
Consult the container runtime documentation for more information on how to check logs.
Journal entries may have additional information about the error. To view the journal log, connect to the host with the root user or a normal user account and run the following commands:
Note: If you log in as a normal user, use the sudo command to complete the following procedure as the root user.
```
journalctl --no-pager -u rainier
```
If the issue persists, collect the installation log that was created under /var/logs/rainier-install and contact customer support.
If the installation produces any warnings, they may point to the cause of the problem. Correct any issues the installer identifies, delete any Ops Center Administrator containers and images, and start the installation again. You can log in as the root user or a normal user. If you log in as a normal user, use the sudo command to complete the following procedure as the root user.
To remove files, run the following commands:
rm -f /opt/rainier/bin/rainier-getlogs

rm -f /opt/rainier/bin/rainier-replace-jdk
To remove container images and containers that you do not manage, run these commands with the root account:
1. podman stop $(podman ps --format "{{.ID}} {{.Image}}" -a | grep "rdocker:6000/" | awk '{ print $1 }')
2. podman rm -fv $(podman ps --format "{{.ID}} {{.Image}}" -a | grep "rdocker:6000/" | awk '{ print $1 }')
3. podman rmi $(podman images --format "{{.ID}} {{.Repository}}" | grep "rdocker:6000/" | awk '{ print $1 }')
4. podman volume rm nginx-certificates
5. podman volume rm nginx-certificates-override
6. podman volume rm nginx-confd
7. podman volume rm nginx-log
If, after powering on or running ip-change, you attempt to execute to the container:
```
[root@hid ~]# podman exec -it d00be2ea7a01 /bin/bash
```
and the result is:
```
OCI runtime exec failed: exec failed: container_linux.go:296: starting container process caused "process_linux.go:78: starting setns process caused \"fork/exec /proc/self/exe: no such file or directory\"": unknown
```
Run the following to restart the service:
```
[root@hid ~]# systemctl restart rainier
```
If the Ops Center Administrator installation succeeded, but you cannot access Ops Center Administrator, confirm that the firewall exceptions are configured properly. For details, see Port requirements.
If the Ops Center Administrator installation succeeded, but registering with Ops Center Common Services failed, run the setupcommonservice command after the installed Ops Center Administrator goes online.

Required

Log on to Ops Center Administrator to verify the installation.
Generate and install a signed SSL certificate. By default, the Ops Center Administrator installation package comes with a self-signed certificate that you can use to initially log in to Ops Center Administrator.

Optional

For more information on changing the Ops Center Administrator port number, see Modifying the Ops Center Administrator port in virtual appliance manager.