Installing Pivotal Greenplum Command Center

The Pivotal Greenplum Command Center installation utility installs the Command Center files on all hosts in the Greenplum Database cluster.

Run the Greenplum Command Center installer on the Greenplum Database master host. The installer installs the Command Center software on every host in your Greenplum Database cluster. It retrieves the list of hosts in your Greenplum Database cluster from the gp_segment_configuration system table.

After you have run the installer you can start Greenplum Command Center on the master host (recommended) or on the standby master host.

Prerequisites

Before installing Greenplum Command Center, ensure the following requirements are met:

  • Greenplum Database must be installed and running. See the Pivotal Greenplum Command Center release notes for compatible Greenplum Database versions.
  • The Greenplum Database MASTER_DATA_DIRECTORY environment variable must be set.
  • The directory where Greenplum Command Center will be installed, /usr/local/ by default, must be writable by the gpadmin user on all Greenplum Database hosts. See Selecting and Preparing an Installation Directory for Command Center.
  • Port 28080 (default) must be open to TCP connections from Web clients to the HTTP server on the master and standby master hosts. Greenplum Command Center web browser clients connect to this port to access the Command Center Console. Browser connections use HTTP/HTTPS and WebSocket (WS)/Secure WebSocket (WSS) protocols. A different port number can be specified when Command Center is installed. To access the Command Center web server through a proxy, the proxy must have WebSocket suport.
  • Port 8899 must be open on all hosts in the Greenplum Database cluster for TCP connections. This is an RPC port, used by the metrics collection agents on the segment hosts to send metrics to the backend.
  • Command Center requires the Apache Portable Runtime Utility library. The library is no longer included in the Greenplum Database lib directory, but it is installed as a dependency if you install the Greenplum Database distribution with yum or apt. Run the command yum install apr-util or apt install libapr1 if you need to install the apr-util library.
  • If you want Command Center server to support SSL/TLS encryption for browser connections, you need a combined SSL certificate file containing the server certificate and private key. See SSL/TLS Encryption for more information.

Selecting and Preparing an Installation Directory for Command Center

The Command Center installation directory (default /usr/local) must exist and be writable on every host in the Greenplum Database cluster by the gpadmin user. The Command Center installer creates a directory named greenplum-cc-web-<version> in the installation directory on every host. When Command Center installation is complete the greenplum-cc-web-<version> directory and all of its contents must be owned by the gpadmin user.

In a standard Linux system, the /usr/local directory is owned by root and is only writable by root. If you choose the default installation directory or another directory where gpadmin does not have write permission, you must make the directory writable by gpadmin on each host in the cluster.

You can use the gpssh utility to set permissions on all segment hosts at once if the gpadmin role has sudo access. For example:

$ source /usr/local/greenplum-db-<version>/greenplum_path.sh
$ gpssh -f <hostfile> 'sudo chmod 777 /usr/local'

After the Command Center installation is complete, you can restore the previous permissions on the installation directory.

See the Pivotal Greenplum Database Installation Guide for information about setting up passwordless SSH.

Install the Greenplum Command Center Software

Run the Greenplum Command Center installer on the Greenplum Database master host as the gpadmin user. The installer copies the software to all other hosts in the cluster.

  1. Download the Greenplum Command Center distribution file for your Greenplum Database version from Pivotal Network and copy it to the gpadmin user’s home directory on the master host.

  2. Extract the installer from the zip file.

    $ unzip greenplum-cc-web-<version>-LINUX-x86_64.zip
    

    Extracting the installer creates a greenplum-cc-web-<version> directory containing the gpccinstall-<version> installation utility.

There are four ways to run the Greenplum Command Center installer:

  • Interactive – the installer prompts you for the installation parameters.
  • Scripted – you run the installer with a configuration file containing installation parameters.
  • Upgrade – the installer uses the installation parameters from the current Command Center installation.
  • Auto – the installer uses default installation parameters.

Interactive Installation

  1. Source the greenplum_path.sh script in the Greenplum Database installation directory to ensure the GPHOME environment variable is set.

    $ source /usr/local/greenplum-db/greenplum_path.sh
    
  2. Run the Greenplum Command Center installer.

    $ cd greenplum-cc-web-<version>
    $ ./gpccinstall-<version> 
    

    You can add the following options to the gpccinstall command-line.

    • The -W option instructs the installer to prompt for the gpmon database user’s password.
      • If the gpmon user does not yet exist, the installer creates it using the password you enter at the prompt. The password is not saved anywhere, so be sure to remember the password you enter.
      • If the gpmon user already exists, the installer uses the password you enter at the prompt for the gpmon user. It ignores any password set in the PGPASSWORD environment variable, or in the .pgpass file in the gpadmin user’s home directory (or in the file specified in the PGPASSFILE environment variable).
      • If the gpmon user already exists, but you do not specify the -W option, the installer uses the password set in the PGPASSWORD environment variable or in the .pgpass file.
      • If the gpmon user does not yet exist and you do not specify -W (or if you specify the -W option but enter no password at the prompt) the installer creates the gpmon user with a default password. See the .pgpass file to find the password.
    • The -ssh_path option allows you to specify the full path to a custom SSH program. If you do not supply this option, the installer uses the ssh command on the path. Example: bash $ ./gpccinstall-<version> --ssh_path /usr/local/bin/ssh -W
    • The -krbenable option includes prompts to configure Command Center Kerberos authentication. The Kerberos prompts are omitted from the installation dialog by default.
  3. Read through the license agreement and enter y to accept.

  4. Where would you like to install Greenplum Command Center? (Default=/usr/local)

    Press Enter to accept the default or enter the desired path. The directory must exist on all hosts in the Greenplum Database cluster and must be writable by the gpadmin user.

  5. What would you like to name this installation of Greenplum Command Center? (Default=gpcc)

    Enter a name to display on Command Center web pages to identify this Greenplum Command Center installation.

  6. What port would you like the gpcc webserver to use? (Default=28080)

    The default Command Center listen port is 28080. Press Enter to accept the default or enter another port number.

  7. (Optional). These prompts appear only if you specify -krbenable on the gpccinstall command line.

    Enter webserver name for this instance: (Default=<gpcc-host>)

    The Kerberos keytab file must contain a principal for the Command Center web server. The web server principal name has the the format HTTP/<gpcc-host>@<realm>, where <gpcc-host> is the host name clients use in URLs when connecting to the Command Center web server.

    Enter the name of the Kerberos service: (Default=postgres)

    The default Kerberos service name for Greenplum Database is postgres.

    Choose Kerberos mode (1.normal/2.strict/3.gpmon_only): (Default=1)

    Greenplum Command Center supports three different Kerberos authentication schemes.

    1 - normal mode (default) – The Command Center Kerberos keytab file contains the Command Center principal and may contain principals for Command Center users. If the principal in the client’s connection request is in the Command Center’s keytab file, Command Center uses the client’s principal for database connections. Otherwise, Command Center uses the gpmon user for database connections.
    2 - strict mode – Command Center has a Kerberos keytab file containing the Command Center service principal and a principal for every Command Center user. If the principal in the client’s connection request is in the keytab file, the web server grants the client access and the web server connects to Greenplum Database using the client’s principal name. If the principal is not in the keytab file, the connection request fails.
    3 - gpmon_only mode – Command Center uses the gpmon database role for all Greenplum Database connections. No client principals are needed in the Command Center’s keytab file.

    Enter path to the keytab file

    Enter the path to the keytab file containing the Kerberos principal for the Command Center web server and, optionally, Command Center user principals.

    What is the URL of the Command Center web server?

    The Kerberos keytab file must contain a principal for the Command Center web server. The principal name is in the format HTTP/<gpcc-host>@<realm>, where <gpcc-host> is the host name clients use in URLs when connecting to the Command Center web server.

  8. Would you like to enable SSL?

    Enter y if you want to enable SSL/TLS (HTTPS) encryption for client connections to the Command Center web server. The installation utility prompts for the location of the combined SSL certificate file.

    Enter the full path of the certificate file, including file name

    Enter the path to the combined SSL certificate file installed on the Command Center host. This file contains a certificate and a private key for the web server. The file must be readable by the gpadmin user. See SSL/TLS Encryption for information about creating this file and installing it on your server.

  9. Choose a display language (Default=English)
    1. English
    2. Chinese
    3. Korean
    4. Russian
    5. Japanese

    Enter a number to choose a language for the Command Center user interface.

The installer saves a log of the installation session in the current directory in a file named gpccinstall.<timestamp>.log.

Install With a Configuration File

You can provide a configuration file to the Greenplum Command Center installer to perform a non-interactive Command Center installation. Note that you must still view and accept the license agreement.

$ cd greenplum-cc-web-<version>
$ ./gpccinstall-<version> -c <config-file>

The following table contains the names of the parameters corresponding to the interactive installation prompts and their default values. Define parameters in a configuration file for any parameters that have no default value or to override default values.

Installer Prompt Default Parameter
Where would you like to install Greenplum Command Center? /usr/local path
What would you like to name this installation of Greenplum Command Center? gpcc display_name
What port would you like the gpcc webserver to use? 28080 web_port

| Would you like to enable Kerberos? | false | enable_kerberos | | Choose Kerberos mode (1.normal/2.strict/3.gpmon_only): | 1 | krb_mode | | Please provide the path to the keytab file: | | keytab | | What is the name of the GPDB Kerberos service? | postgres | krb_service_name | | What is the URL of the Command Center web server? | gpcc | webserver_url | | Would you like to enable SSL? | false | enable_ssl | | Please provide the file path for the SSL certificate: | /etc/ssl/certs/cert.pem | ssl_cert_file | | Please choose a display language (1.English2.Chinese/3.Korean/4.Russian/5.Japanese) | 1 | language |

If the enable_kerberos parameter is true, the keytab, webserver_url, krb_mode, and krb_service_name parameters must also be set.

If the enable_ssl parameter is true, the ssl_cert_file parameter is required.

The following installation configuration file example sets all parameters to their default values.

path = /usr/local
# Set the display_name param to the string to display in the GPCC UI.
# The default is "gpcc"
# display_name = gpcc

master_port = 5432
web_port = 28080
rpc_port = 8899
enable_ssl = false
# Uncomment and set the ssl_cert_file if you set enable_ssl to true.
# ssl_cert_file = /etc/certs/mycert
enable_kerberos = false
# Uncomment and set the following parameters if you set enable_kerberos to true.
# webserver_url = <webserver_service_url>
# krb_mode = 1
# keytab = <path_to_keytab>
# krb_service_name = postgres
# User interface language: 1=English, 2=Chinese, 3=Korean, 4=Russian, 5=Japanese
language = 1 

Non-Interactive Installation with Defaults

The non-interative installation is useful when installing Command Center in a cloud environment.

  1. Source the greenplum_path.sh script in the Greenplum Database installation directory to ensure the GPHOME environment variable is set.

    $ source /usr/local/greenplum-db/greenplum_path.sh
    
  2. Run the Greenplum Command Center installer with the -auto option.

    $ cd greenplum-cc-web-<version>
    $ ./gpccinstall-<version> -auto
    

Upgrade

Running gpccinstall with the -u option installs a Greenplum Command Center release using the configuration parameters from the current Command Center installation. You can install a new Command Center release, or reinstall the current release. This option is useful after you have added new hosts to the Greenplum Database cluster or replaced failed hosts.

The configuration parameters are read from the $GPCC_HOME/conf/app.conf file.

  1. Source the greenplum_path.sh script in the Greenplum Database installation directory to ensure the GPHOME environment variable is set.

    $ source /usr/local/greenplum-db/greenplum_path.sh
    
  2. Source the gpcc_path.sh script in the Greenplum Command Center installation directory.

    $ source /usr/local/greenplum-cc-web-<version>/gpcc_path.sh
    
  3. Run the Greenplum Command Center installer with the -u option.

    $ cd greenplum-cc-web-<version>
    $ ./gpccinstall-<version> -u
    

Prepare the Standby Master Host

After the Command Center software is installed, you start the Command Center web server and backend on the master host or the standby master host. Running Command Center on the master host is recommended, but preparing the standby host ensures the standby can run Command Center if the master fails.

  1. Copy the .pgpass file from the master host to the standby master host. Run these commands from the master:

    $ ssh gpadmin@<standby_host>
    $ scp gpadmin@<master_host>:~/.pgpass ~
    $ chmod 600 ~/.pgpass
    

    NOTE There are two alternative methods you can use to supply the gpmon user’s password so that you do not have to put the .pgpass file on the host. Command Center only requires the gpmon password when you run gpcc start, gpcc stop, or gpcc status.

    1. Set the PGPASSWORD environment variable before you run gpcc commands. Example:
      $ PGPASSWORD=changeme gpcc status
    2. Add the -W option to gpcc commands to have the command prompt you for the password. Example:
      $ gpcc start -W
  2. If the Greenplum Command Center web server is to support TLS/SSL, a server certificate .pem file must be obtained and installed on the standby host in a location readable by the gpadmin user. The default path is /etc/ssl/certs/cert.pem.

  3. If Greenplum Command Center is to support Kerberos authentication, Greenplum Database must have Kerberos authentication set up and the required principals and keytabs must be installed on the standby host. See Enabling Authentication with Kerberos for Kerberos setup instructions. You can install Command Center without Kerberos authentication initially and then enable Kerberos later by running the gpcc krbenable command.

Next Steps