Installing the Greenplum Command Center Console
Installing the Greenplum Command Center Console
The Command Center Console provides a graphical interface for viewing performance data and for administering certain aspects of your Greenplum system.
The Command Center Console is typically installed on the Greenplum Database master host. However, you have the option to install the console on a host different from the master host. Note that this setup incurs a performance penalty due to the numerous database connections the console must open over the network.
If you have multiple Greenplum Database instances, you can create separate Command Center Console instances for each of them. Each separate console instance operates on a unique port and has its own unique configuration options.
The Command Center Console supports browsers that have at a minimum Adobe Flash 9.0 (for GPCC 126.96.36.199 and earlier) or Adobe Flash 11.0 (for GPCC 188.8.131.52 and later) enabled.
We recommend that you always install the latest version of Adobe Flash Player to ensure you receive the latest security updates from Adobe.
For example, the following browsers are supported:
- Internet Explorer for Windows XP and Vista
- Mozilla Firefox for Windows and Linux
- Apple Safari browser for Macintosh
- Google Chrome
The Command Center Console runs on a lighttpd web server. The default web server port is 28080. For more information about the web server, see Web Server Administration.
Installing the Command Center Console involves the following high-level tasks:
Install the Command Center Console Software
If you are installing the Command Center Console on a remote system (that is, not the same system on which you installed Greenplum Database), you must also install Greenplum Database installation binary files on the remote system. After installing the binary files, source greenplum_path.sh, then perform the Console installation steps described below. Note that you do not need to initialize the database. See the Greenplum Database Installation Guide for more information.
- Download the installer file from Pivotal Network. Installer files are available for the Red Hat Enterprise Linux 64-bit platform. You do not need to download the installer file if you are installing the console on an EMC Data Computing Appliance; the installer file is already loaded on DCAs.
- Unzip the installer file where PLATFORM is
RHEL5-x86_64 (Red Hat 64-bit). For example:
# unzip greenplum-cc-web-184.108.40.206-RHEL5-x86_64.zip
- Log in as gpadmin.
- Launch the installer using bash. For example:
$ /bin/bash greenplum-cc-web-x.x.x.x-PLATFORM.bin
- Read through the license agreement. When you reach the bottom, type yes to accept the license agreement.
- The installer prompts you to provide an installation path. Press Enter to accept the default install path (/usr/local/greenplum-cc-web-x.x.x.x), or enter an absolute path to an install location. You must have write permissions to the location you specify.
- Once the installation has completed successfully, create a host file listing all remaining hostnames, including the standby master host. Hostnames must be DNS resolvable.
- The installation directory contains a gpcc_path.sh file with path
and environment settings for the Console. Source this and the Greenplum path, as follows:
$ source /usr/local/greenplum-db/greenplum_path.sh $ source /usr/local/greenplum-cc-web/gpcc_path.shNote:
If you have performed the previous steps as any user other than gpadmin, you need to change ownership and permissions to the installation directory before you continue.
Change the ownership of the installation directory:
$ chown -R gpadmin:gpadmin greenplum-cc-web-x.x.x.x
Change the permissions of the installation directory:
$ chmod -R 755 greenplum-cc-web-x.x.x.x
- As gpadmin, run the gpccinstall utility to install
Command Center on all hosts listed in the host file you created.
$ gpccinstall -f hostfilename
where hostfilename is the name of the host file you created earlier in this procedure.
- Configure the Console as described in Set Up the Command Center Console Instance.
Set up the Command Center Environment
Follow the steps below to set up the Greenplum Command Center environment for the gpadmin user.
- Add the GPPERFMONHOME environment variable to your startup shell
profile (such as ~/.bashrc). Set the variable to the Greenplum Command
Center home directory.
GPPERFMONHOME=/usr/local/greenplum-cc-web-x.x.x.x source $GPPERFMONHOME/gpcc_path.sh
Ensure that the $GPPERFMONHOME/gpcc_path.sh file has entries for the greenplum_path.sh file and the MASTER_DATA_DIRECTORY environment variable. See the Greenplum Database Installation Guide for details.
- Save and source the .bashrc
$ source ~/.bashrc
Set Up the Command Center Console Instance
A Command Center instance is a connection to a Greenplum Database cluster. The gpcmdr --setup command sets up the Command Center Console. The command can be run interactively, or you can create an installation configuration file to run the installation non-interactively. When you use a configuration file, you can create multiple Command Center instances at once.
Command Center instances are typically set up on the Greenplum master host; if installed on another host, the console experiences slower performance due to frequent connections to the gpperfmon database.
If you choose to secure web browser connections to the Command Center web server with SSL, you can provide a server certificate or allow the gpcmdr command to generate a self-signed certificate for you. Because the generated certificate is self-signed, clients cannot verify that the certificate is signed by a trusted Certificate Authority, so they must override an exception on their first connection to the web server. This can be avoided if you supply a certificate signed by a commercial or local Certificate authority. The SSL configuration also enables Diffie-Hellman key exchange, which requires a dhparams file. This file can be generated by the gpcmdr or supplied by you. See Acquire or Create an SSL Certificate (Optional) for instructions.
Configuration files, log files, and runtime files for each Command Center instance are managed in a subdirectory of the $GPPERFMON/instances directory.
- Acquire or Create an SSL Certificate (Optional)
- Set up a Greenplum Command Center Instance
- Setting Up Command Center Instances with a Configuration File
Acquire or Create an SSL Certificate (Optional)
It is recommended that you enable SSL for the lighttpd Web server that serves the Command Center Console. SSL ensures that client connections to the Greenplum Command Center are negotiated securely and encrypted. To enable SSL, you will need a server certificate for the web server and a Diffie-Hellman parameters (dhparam) file, which is used while negotiating the connection.
You can use an existing certificate and dhparam file or you can create a self-signed certificate and a dhparam file when you set up a Command Center Console instance. If you use a self-signed certificate, Command Center users will have to explicitely override an exception when they first browse to the Control Center URL, since the certificate is not signed by a trusted CA. However, the connection is still effectively encrypted.
Ideally, you should acquire a signed certificate from a commercial Certificate Authority or your organization's internal Certificate Authority. If you already have a certificate and dhparam file, install them on the server where GPCC is installed, for example in the /etc/ssl/certs directory. Then you can choose to import them when you create a Control Center instance.
If you want to enable SSL in an existing Control Center instance, you can create the certificate and dhparam files yourself and add the SSL parameters to the instances/instance-name/conf/lighttpd.conf file.
This is the recommended SSL configuration for the lighttpd web server:
ssl.engine = "enable" ssl.pemfile = "/path/to/cert.pem" ssl.dh-file = "/path/to/dhparam.pem" ssl.ec-curve = "secp384r1" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.honor-cipher-order = "enable" ssl.use-compression = "disable" ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
The following example creates certificate and dhparam files in the /etc/ssl/certs directory. Note that because the certificate is self-signed, users will have to override the SSL exception to proceed to the Control Center. Perform these steps as root.
- Create a certificate for the Web
# cd /etc/ssl/certs # openssl req -newkey rsa:2048 -x509 -keyout cert.pem -out cert.pem -days 3650 -nodes
Enter the requested distinguished name (DN) information at the prompts to create an unsigned certificate. For example:
Country Name (2 letter code) [XX]:US State or Province Name (full name) [Berkshire]:California Locality Name (eg, city) [Newbury]:Palo Alto Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :mdw Email Address :
- Create a Diffie-Hellman parameters file. This command can take a long time to finish.
# cd /etc/ssl/certs # openssl dhparam -out dhparam.pem 4096
Set up a Greenplum Command Center Instance
Follow the steps below to run the gpcmdr --setup command to create an instance. To accept the displayed default values for any parameters at configuration time, press the ENTER key. To monitor multiple instances, run the setup utility separately for each instance.
- Log in as the Greenplum administrator (gpadmin).
- With the Greenplum Database instance running, launch the setup utility. For example:
$ gpcmdr --setup
- Provide an instance name for the Greenplum Database instance monitored by this Console.
- Select y or n to specify if the Greenplum Database master for this instance is on a remote host. Note that Console performance is better when the Console and Greenplum Database master are on the same host. If the master host is remote, enter y and enter the hostname of the master at the prompt.
- Provide a display name for the instance. This name is shown in the Console user interface. This prompt does not appear if the master host is remote.
- Provide the port for the Greenplum Database master instance.
- Enter y to install Greenplum Workload Manager, or n
if you do not want to install Workload Manager now. If you enter y,
Workload Manager is installed into the current user's home directory,
Installing Workload Manager with gpcmdr is only supported when gpcmdr is running on the master host. If you answered y in step 4 to specify that the Greenplum Database master is on a remote host, you must enter n for this step. You can install Workload Manager on the master host later, after creating the Command Center instance.Note:
You can run the Workload Manager installer separately at the command line. Command-line installation allows you to override the Workload Manager installer defaults, such as the installation location. See "Installing Greenplum Workload Manager" in the Pivotal Greenplum Workload Manager User Guide for instructions.
In rare instances, the Workload Manager installer will fail during the cluster-health-check phase. If the installer reports that the cluster is not healthy, run gpcmdr --setup without installing Workload Manager, and then run the Workload Manager installer at the command line with the --force option. When you re-run gpcmdr --setup you must either provide a new instance name or remove the instance directory from the $GPPERFMONHOME/instances directory.
- Provide a port number for the Command Center Console web server. The default is 28080.
- Enter y to enable SSL connections for the Command Center Console, or
n if you do not want SSL.Note: Because database login information is sent over the network, we recommend you use SSL to encrypt these communications.
If you choose to enable SSL:
- You are asked if you want to import a certificate file. If you have a certificate you want to use, enter y, then enter the full path to the certificate file. The path you enter is added to the lighttp.conf file.
- You are asked if you want to import the dhparams file. If you have a dhparams file to use, enter y, then enter the full path to the file. The path you enter is added to the lighttp.conf file.
- If you did not import a certificate, gpcmdr generates a private
key and then prompts you to enter the Distinguished Name information needed to
generate a Certificate Signing Request (CSR). For example:
Country Name (2 letter code) [GB]:US State or Province Name (full name) :California Locality Name (eg, city) [Default City]:Palo Alto Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :mdw Email Address :The CSR is signed with the previously generated private key and the certificate is saved in the instances/instance-name/conf directory.
- If you did not import a dhparams file, gpcmdr generates one and saves it in the instances//conf directory. This may take a long time.
- Enter y to enable IPv6 support. IPv6 support is disabled by default.
- Enter y to enable cross site request forgery protection for the GPCC Web API. This is disabled by default.
- Enter y or n to specify whether you want this installation copied to a standby master. If you enter y, you are prompted for the standby master host name.
- Update the pg_hba.conf file to allow the gpmon role
access to every database that will be monitored using Control Center. Specify the md5
authentication method. This example allows gpmon access to all
databases when GPCC is running on the master
local all gpmon md5
- Start the Console and log in. See Connecting to the Greenplum Command Center Console.
- You can also configure authentication so that other Greenplum users can log in to the Console, see Configuring Authentication for the Command Center Console for details.
Setting Up Command Center Instances with a Configuration File
It can be useful to run gpcmdr --setup non-interactively, taking input from a file. For example, you could install GPCC and create Command Center instances as part of a Greenplum cluster installation script. To accomplish this, create a configuration file and supply it to the gpcmdr utility using the --config_file option:
gpcmdr --setup --config_file file
The configuration file is a Python ConfigParser file, which is similar to a Windows INI file. The configuration file contains one or more sections, each section beginning with a section header in square braces. Parameters in the optional [DEFAULT] section apply to all subsequent sections and may be overridden. Each section other than [DEFAULT] defines a Command Center Console instance to create.
Parameters are specified one-per-line as name-value pairs separated with equals signs (=) or colons (:). Comments begin with a number sign (#) or semicolon (;) and continue to the end of the line.
Here is an example configuration file:
[DEFAULT] # defaults apply to all instances remote_db: false enable_ipv6: false enable_csrf_protect: true enable_copy_standby: true standby_master_host: smdw enable_ssl: true enable_user_import_cert: true ssl_cert_file: /etc/ssl/certs/cert.pem enable_user_import_dhe: false enable_reuse_dhe: true install_wlm: false [production] master_hostname: mdw instance_name: prod display_name: Production master_port: 5432 web_port: 28080 [development] master_hostname: mdw instance_name: dev enable_copy_standby: false ; override display_name: Development master_port: 5532 web_port: 28090
If you want to install just one instance, you can add the section header to the command. For example, the following command installs the dev instance:
gpcmdr --setup development --config_file myconfig.cfg
If you enable SSL and do not provide an SSL certificate, gpcmdr will run the openssl command to create a certificate, which requires input from the user. To avoid the need for user input, be sure to set the enable_user_import_cert and ssl_cert_file parameters.
See Setup Configuration File for a detailed description of the setup configuration file syntax and parameters.