Installing the Greenplum Command Center Console
The Command Center Console provides a graphical interface for viewing performance data and for administering certain aspects of your Greenplum system.
The Command Center Console is typically installed on the Greenplum Database master host. However, you have the option to install the console on a host different from the master host. Note that this setup incurs a performance penalty due to the numerous database connections the console must open over the network.
If you have multiple Greenplum Database instances, you can create separate Command Center Console instances for each of them. Each separate console instance operates on a unique port and has its own unique configuration options.
The Command Center Console supports browsers that have at a minimum Adobe Flash 9.0 (for GPCC 188.8.131.52 and earlier) or Adobe Flash 11.0 (for GPCC 184.108.40.206 and later) enabled.
Important: We recommend that you always install the latest version of Adobe Flash Player to ensure you receive the latest security updates from Adobe.
For example, the following browsers are supported:
- Internet Explorer for Windows XP and Vista
- Mozilla Firefox for Windows and Linux
- Apple Safari browser for Macintosh
- Google Chrome
The Command Center Console runs on a lighttpd web server. The default web server port is 28080. For more information about the web server, see Web Server Administration.
Installing the Command Center Console involves the following high-level tasks:
- Install the Command Center Console Software – Create the software installation directory.
- Set Up the Command Center Console Instance – Set up the environment variables and then create and configure a Command Center Console instance and its supporting web services.
If you are installing the Command Center Console on a remote system (that is, not the same system on which you installed Greenplum Database), you must also install Greenplum Database installation binary files on the remote system. After installing the binary files, source
greenplum_path.sh, then perform the Console installation steps described below. Note that you do not need to initialize the database. See the Greenplum Database Installation Guide for more information.
- Download the installer file from Pivotal Network. Installer files are available for the Red Hat Enterprise Linux 64-bit platform. You do not need to download the installer file if you are installing the console on an EMC Data Computing Appliance; the installer file is already loaded on DCAs.
Unzip the installer file where
RHEL5-x86_64(Red Hat 64-bit). For example:
# unzip greenplum-cc-web-220.127.116.11-RHEL5-x86_64.zip
Log in as
Launch the installer using
bash. For example:
$ /bin/bash greenplum-cc-web-x.x.x.x-PLATFORM.bin
Read through the license agreement. When you reach the bottom, type
yesto accept the license agreement.
The installer prompts you to provide an installation path. Press Enter to accept the default install path (
/usr/local/greenplum-cc-web-x.x.x.x), or enter an absolute path to an install location. You must have write permissions to the location you specify.
Once the installation has completed successfully, create a host file listing all remaining hostnames, including the standby master host. Do not include the name of the host where you ran the installer. Hostnames must be DNS resolvable.
The installation directory contains a
gpcc_path.shfile with path and environment settings for the Console. Source this and the Greenplum path, as follows:
$ source /usr/local/greenplum-db/greenplum_path.sh $ source /usr/local/greenplum-cc-web/gpcc_path.sh
If you have performed the previous steps as any user other than
gpadmin, you need to change ownership and permissions to the installation directory before you continue.
Change the ownership of the installation directory:
$ chown -R gpadmin:gpadmin greenplum-cc-web-x.x.x.x
Change the permissions of the installation directory:
$ chmod -R 755 greenplum-cc-web-x.x.x.x
gpadmin, run the
gpccinstallutility to install Command Center on all hosts listed in the host file you created.
$ gpccinstall -f hostfilename
hostfilenameis the name of the host file you created earlier in this procedure.
Configure the Console as described in Set Up the Command Center Console Instance.
Follow the steps below to set up the Greenplum Command Center environment for the
GPPERFMONHOMEenvironment variable to your startup shell profile (such as
~/.bashrc). Set the variable to the Greenplum Command Center home directory.
GPPERFMONHOME=/usr/local/greenplum-cc-web-x.x.x.x source $GPPERFMONHOME/gpcc_path.sh
Ensure that the
$GPPERFMONHOME/gpcc_path.shfile has entries for the
greenplum_path.shfile and the
MASTER_DATA_DIRECTORYenvironment variable. See the Greenplum Database Installation Guide for details.
Save and source the
$ source ~/.bashrc
A Command Center instance is a connection to a Greenplum Database cluster. The
gpcmdr --setup command sets up the Command Center Console. The command can be run interactively, or you can create an installation configuration file to run the installation non-interactively. When you use a configuration file, you can create multiple Command Center instances at once.
Command Center instances are typically set up on the Greenplum master host; if installed on another host, the console experiences slower performance due to frequent connections to the gpperfmon database.
If you choose to secure web browser connections to the Command Center web server with SSL, you can provide a server certificate or allow the
gpcmdr command to generate a self-signed certificate for you. Because the generated certificate is self-signed, clients cannot verify that the certificate is signed by a trusted Certificate Authority, so they must override an exception on their first connection to the web server. This can be avoided if you supply a certificate signed by a commercial or local Certificate authority. The SSL configuration also enables Diffie-Hellman key exchange, which requires a dhparams file. This file can be generated by the
gpcmdr or supplied by you. See Acquire or Create an SSL Certificate (Optional) for instructions.
Configuration files, log files, and runtime files for each Command Center instance are managed in a subdirectory of the
It is recommended that you enable SSL for the lighttpd Web server that serves the Command Center Console. SSL ensures that client connections to the Greenplum Command Center are negotiated securely and encrypted. To enable SSL, you will need a server certificate for the web server and a Diffie-Hellman parameters (dhparam) file, which is used while negotiating the connection.
You can use an existing certificate and dhparam file or you can create a self-signed certificate and a dhparam file when you set up a Command Center Console instance. If you use a self-signed certificate, Command Center users will have to explicitely override an exception when they first browse to the Control Center URL, since the certificate is not signed by a trusted CA. However, the connection is still effectively encrypted.
Ideally, you should acquire a signed certificate from a commercial Certificate Authority or your organization’s internal Certificate Authority. If you already have a certificate and dhparam file, install them on the server where GPCC is installed, for example in the
/etc/ssl/certs directory. Then you can choose to import them when you create a Control Center instance.
If you want to enable SSL in an existing Control Center instance, you can create the certificate and dhparam files yourself and add the SSL parameters to the `instances/instance-name/conf/lighttpd.conf file.
This is the recommended SSL configuration for the lighttpd web server:
ssl.engine = "enable" ssl.pemfile = "/path/to/cert.pem" ssl.dh-file = "/path/to/dhparam.pem" ssl.ec-curve = "secp384r1" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.honor-cipher-order = "enable" ssl.use-compression = "disable" ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
The following example creates certificate and dhparam files in the
/etc/ssl/certs directory. Note that because the certificate is self-signed, users will have to override the SSL exception to proceed to the Control Center. Perform these steps as
Create a certificate for the Web server.
# cd /etc/ssl/certs # openssl req -newkey rsa:2048 -x509 -keyout cert.pem -out cert.pem -days 3650 -nodes
Enter the requested distinguished name (DN) information at the prompts to create an unsigned certificate. For example:
Country Name (2 letter code) [XX]:US State or Province Name (full name) [Berkshire]:California Locality Name (eg, city) [Newbury]:Palo Alto Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :mdw Email Address :
Create a Diffie-Hellman parameters file. This command can take a long time to finish.
# cd /etc/ssl/certs # openssl dhparam -out dhparam.pem 4096
Follow the steps below to run the
gpcmdr --setup command to create an instance. To accept the displayed default values for any parameters at configuration time, press the ENTER key. To monitor multiple instances, run the setup utility separately for each instance.
- Log in as the Greenplum administrator (
With the Greenplum Database instance running, launch the setup utility. For example:
$ gpcmdr --setup
Provide an instance name for the Greenplum Database instance monitored by this Console.
nto specify if the Greenplum Database master for this instance is on a remote host. Note that Console performance is better when the Console and Greenplum Database master are on the same host. If the master host is remote, enter
yand enter the hostname of the master at the prompt.
Provide a display name for the instance. This name is shown in the Console user interface. This prompt does not appear if the master host is remote.
Provide the port for the Greenplum Database master instance.
Provide a port number for the Command Center Console web server. The default is 28080.
yto enable SSL connections for the Command Center Console, or
nif you do not want SSL.
Note: Because database login information is sent over the network, we recommend you use SSL to encrypt these communications.
If you choose to enable SSL:
- You are asked if you want to import a certificate file. If you have a certificate you want to use, enter
y, then enter the full path to the certificate file. The path you enter is added to the
- You are asked if you want to import the dhparams file. If you have a dhparams file to use, enter
y, then enter the full path to the file. The path you enter is added to the
If you did not import a certificate,
gpcmdrgenerates a private key and then prompts you to enter the Distinguished Name information needed to generate a Certificate Signing Request (CSR). For example:
Country Name (2 letter code) [GB]:US State or Province Name (full name) :California Locality Name (eg, city) [Default City]:Palo Alto Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :mdw Email Address :
The CSR is signed with the previously generated private key and the certificate is saved in the
If you did not import a dhparams file,
gpcmdrgenerates one and saves it in the
instances//confdirectory. This may take a long time.
- You are asked if you want to import a certificate file. If you have a certificate you want to use, enter
yto enable IPv6 support. IPv6 support is disabled by default.
yto enable cross site request forgery protection for the GPCC Web API. This is disabled by default.
nto specify whether you want this installation copied to a standby master. If you enter
y, you are prompted for the standby master host name.
pg_hba.conffile to allow the
gpmonrole access to every database that will be monitored using Control Center. Specify the md5 authentication method. This example allows
gpmonaccess to all databases when GPCC is running on the master host:
local all gpmon md5
Start the Console and log in. See Connecting to the Greenplum Command Center Console.
You can also configure authentication so that other Greenplum users can log in to the Console, see Configuring Authentication for the Command Center Console for details.
It can be useful to run
gpcmdr --setup non-interactively, taking input from a file. For example, you could install GPCC and create Command Center instances as part of a Greenplum cluster installation script. To accomplish this, create a configuration file and supply it to the
gpcmdr utility using the
gpcmdr --setup --config_file file
The configuration file is a Python ConfigParser file, which is similar to a Windows INI file. The configuration file contains one or more sections, each section beginning with a section header in square braces. Parameters in the optional
[DEFAULT] section apply to all subsequent sections and may be overridden. Each section other than
[DEFAULT] defines a Command Center Console instance to create.
Parameters are specified one-per-line as name-value pairs separated with equals signs (
=) or colons (
:). Comments begin with a number sign (
#) or semicolon (
;) and continue to the end of the line.
Here is an example configuration file:
[DEFAULT] # defaults apply to all instances remote_db: false enable_ipv6: false enable_csrf_protect: true enable_copy_standby: true standby_master_host: smdw enable_ssl: true enable_user_import_cert: true ssl_cert_file: /etc/ssl/certs/cert.pem enable_user_import_dhe: false enable_reuse_dhe: true [production] master_hostname: mdw instance_name: prod display_name: Production master_port: 5432 web_port: 28080 [development] master_hostname: mdw instance_name: dev enable_copy_standby: false ; override display_name: Development master_port: 5532 web_port: 28090
If you want to install just one instance, you can add the section header to the command. For example, the following command installs the
gpcmdr --setup development --config_file myconfig.cfg
If you enable SSL and do not provide an SSL certificate,
gpcmdr will run the
openssl command to create a certificate, which requires input from the user. To avoid the need for user input, be sure to set the
See Setup Configuration File for a detailed description of the setup configuration file syntax and parameters.