Installing the Greenplum Command Center Console
The Command Center Console provides a graphical interface for viewing performance data and for administering certain aspects of your Greenplum system.
The Command Center Console is typically installed on the Greenplum Database master host. However, you have the option to install the console on a host different from the master host. Note that this setup incurs a performance penalty due to the numerous database connections the console must open over the network.
If you have multiple Greenplum Database instances, you can create separate Command Center Console instances for each of them. Each separate console instance operates on a unique port and has its own unique configuration options.
The Command Center Console supports current browser versions of Chrome, Safari, Firefox, and Internet Explorer.
The Command Center Console runs on the gpmonws web server. The default web server port is 28080. For more information about the web server, see Web Server Administration.
Installing the Command Center Console involves the following high-level tasks:
- Install the Command Center Console Software – Create the software installation directory.
- Set Up the Command Center Console Instance – Set up the environment variables and then create and configure a Command Center Console instance and its supporting web services.
Install the Command Center Console Software
If you are installing the Command Center Console on a remote system (that is, not the same system on which you installed Greenplum Database), you must also install Greenplum Database installation binary files on the remote system. After installing the binary files, source greenplum_path.sh
, then perform the Console installation steps described below. Note that you do not need to initialize the database. See the Greenplum Database Installation Guide for more information.
- Download the installer file from Pivotal Network. Installer files are available for Linux 64-bit platforms.
Unzip the installer file:
# unzip greenplum-cc-web-3.X.X-LINUX-x86_64.zip
Log in as
gpadmin
.Launch the installer using
bash
. For example:$ /bin/bash greenplum-cc-web-3.X.X-LINUX.bin
Read through the license agreement. When you reach the bottom, type
yes
to accept the license agreement.The installer prompts you to provide an installation path. Press Enter to accept the default install path (
/usr/local/greenplum-cc-web-X.X.X
), or enter an absolute path to an install location. You must have write permissions to the location you specify.Once the installation has completed successfully, create a host file listing all remaining hostnames, including the standby master host. Do not include the name of the host where you ran the installer. Hostnames must be DNS resolvable.
The installation directory contains a
gpcc_path.sh
file with path and environment settings for the Console. Source this and the Greenplum path, as follows:$ source /usr/local/greenplum-db/greenplum_path.sh $ source /usr/local/greenplum-cc-web/gpcc_path.sh
Note:
If you have performed the previous steps as any user other thangpadmin
, you need to change ownership and permissions to the installation directory before you continue.Change the ownership of the installation directory:
$ chown -R gpadmin:gpadmin greenplum-cc-web-X.X.X
Change the permissions of the installation directory:
$ chmod -R 755 greenplum-cc-web-X.X.X
As
gpadmin
, run thegpccinstall
utility to install Command Center on all hosts listed in the host file you created.$ gpccinstall -f hostfilename
where
hostfilename
is the name of the host file you created earlier in this procedure.Configure the Console as described in Set Up the Command Center Console Instance.
Set Up the Command Center Environment
Follow the steps below to set up the Greenplum Command Center environment for the gpadmin
user.
Add the
GPPERFMONHOME
environment variable to your startup shell profile (such as~/.bashrc
). Set the variable to the Greenplum Command Center home directory.pre GPPERFMONHOME=/usr/local/greenplum-cc-web source $GPPERFMONHOME/gpcc_path.sh
Ensure that the
$GPPERFMONHOME/gpcc_path.sh
file has entries for thegreenplum_path.sh
file and theMASTER_DATA_DIRECTORY
environment variable. See the Greenplum Database Installation Guide for details.Save and source the
.bashrc
file:shell $ source ~/.bashrc
Set Up the Command Center Console Instance
A Command Center instance is a connection to a Greenplum Database cluster. The gpcmdr --setup
command sets up the Command Center Console. The command can be run interactively, or you can create an installation configuration file to run the installation non-interactively. When you use a configuration file, you can create multiple Command Center instances at once.
Command Center instances are typically set up on the Greenplum master host; if installed on another host, the console experiences slower performance due to frequent connections to the gpperfmon database.
Configuration files, log files, and runtime files for each Command Center instance are managed in a subdirectory of the $GPPERFMON/instances
directory.
Acquire or Create an SSL Certificate (Optional)
It is recommended that you enable SSL for the Web server that serves the Command Center Console. SSL ensures that client connections to the Greenplum Command Center are negotiated securely and encrypted. To enable SSL, you will need a server certificate for the web server.
You can use an existing certificate and dhparam file or you can create a self-signed certificate and a dhparam file when you set up a Command Center Console instance. If you use a self-signed certificate, Command Center users will have to explicitly override an exception when they first browse to the Control Center URL, since the certificate is not signed by a trusted CA. However, the connection is still effectively encrypted.
Ideally, you should acquire a signed certificate from a commercial Certificate Authority or your organization’s internal Certificate Authority. If you already have a certificate and dhparam file, install them on the server where GPCC is installed, for example in the /etc/ssl/certs
directory. Then you can choose to import them when you create a Control Center instance.
If you want to enable SSL in an existing Control Center instance, you can create the certificate file yourself and add the SSL parameters to the instances/instance-name/conf/app.conf
file
This is the recommended SSL configuration for the gpmonws web server:
ssl.engine = "enable"
ssl.pemfile = "/path/to/cert.pem"
ssl.ec-curve = "secp384r1"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.honor-cipher-order = "enable"
ssl.use-compression = "disable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
The following example creates certificate and dhparam files in the /etc/ssl/certs
directory. Note that because the certificate is self-signed, users will have to override the SSL exception to proceed to the Control Center. Perform these steps as root
.
Create a certificate for the Web server.
# cd /etc/ssl/certs # openssl req -newkey rsa:2048 -x509 -keyout cert.pem -out cert.pem -days 3650 -nodes
Enter the requested distinguished name (DN) information at the prompts to create an unsigned certificate. For example:
Country Name (2 letter code) [XX]:US State or Province Name (full name) [Berkshire]:California Locality Name (eg, city) [Newbury]:Palo Alto Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:mdw Email Address []:
Create the Greenplum Command Center Instance
Follow the steps below to run the gpcmdr --setup
command to create an instance. To accept the displayed default values for any parameters at configuration time, press the ENTER key. To monitor multiple instances, run the setup utility separately for each instance.
- Log in as the Greenplum administrator (
gpadmin
). With the Greenplum Database instance running, launch the setup utility. For example:
$ gpcmdr --setup
Provide an instance name for the Greenplum Database instance monitored by this Console.
Provide a display name for the instance. This name is shown in the Console user interface. This prompt does not appear if the master host is remote.4.
Select
y
orn
to specify if the Greenplum Database master for this instance is on a remote host. Note that Console performance is better when the Console and Greenplum Database master are on the same host. If the master host is remote, entery
and enter the hostname or IP address of the master at the prompt.Provide the port number for the Greenplum Database master instance.
Provide a port number for the Command Center Console web server. The default is 28080.
Enter
y
to enable SSL connections for the Command Center Console, orn
if you do not want SSL.Note: Because database login information is sent over the network, we recommend you use SSL to encrypt these communications.
If you choose to enable SSL:
- You are asked if you want to import a certificate file. If you have a certificate you want to use, enter
y
, then enter the full path to the certificate file. The path you enter is added to theapp.conf
file. If you did not import a certificate,
gpcmdr
generates a private key and then prompts you to enter the Distinguished Name information needed to generate a Certificate Signing Request (CSR). For example:Country Name (2 letter code) [GB]:US State or Province Name (full name) []:California Locality Name (eg, city) [Default City]:Palo Alto Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:mdw Email Address []:
The CSR is signed with the previously generated private key and the certificate is saved in the
instances/<instance-name>/conf
directory.
- You are asked if you want to import a certificate file. If you have a certificate you want to use, enter
Enter
y
orn
to specify whether you want this installation copied to a standby master. If you entery
, you are prompted for the standby master host name.Update the
pg_hba.conf
file to allow thegpmon
role access to every database that will be monitored using Control Center. Specify the md5 authentication method. This example allowsgpmon
access to all databases when GPCC is running on the master host:local all gpmon md5
Start the Console and log in. See Connecting to the Greenplum Command Center Console.
You can also configure authentication so that other Greenplum users can log in to the Console, see Configuring Authentication for the Command Center Console for details.
Setting Up Command Center Instances with a Configuration File
It can be useful to run gpcmdr --setup
non-interactively, taking input from a file. For example, you could install GPCC and create Command Center instances as part of a Greenplum cluster installation script. To accomplish this, create a configuration file and supply it to the gpcmdr
utility using the --config_file
option:
gpcmdr --setup --config_file file
The configuration file is a Python ConfigParser file, which is similar to a Windows INI file. The configuration file contains one or more sections, each section beginning with a section header in square braces. Parameters in the optional [DEFAULT]
section apply to all subsequent sections and may be overridden. Each section other than [DEFAULT]
defines a Command Center Console instance to create.
Parameters are specified one-per-line as name-value pairs separated with equals signs (=
) or colons (:
). Comments begin with a number sign (#
) or semicolon (;
) and continue to the end of the line.
Here is an example configuration file:
[DEFAULT]
# defaults apply to all instances
remote_db: false
enable_copy_standby: true
standby_master_host: smdw
enable_ssl: true
enable_user_import_cert: true
ssl_cert_file: /etc/ssl/certs/cert.pem
enable_user_import_dhe: false
enable_reuse_dhe: true
[production]
master_hostname: mdw
instance_name: prod
display_name: Production
master_port: 5432
web_port: 28080
[development]
master_hostname: mdw
instance_name: dev
enable_copy_standby: false ; override
display_name: Development
master_port: 5532
web_port: 28090
If you enable SSL and do not provide an SSL certificate, gpcmdr
will run the openssl
command to create a certificate, which requires input from the user. To avoid the need for user input, be sure to set the enable_user_import_cert
and ssl_cert_file
parameters.
See Setup Configuration File for a detailed description of the setup configuration file syntax and parameters.