Installing the Greenplum Command Center Console

Install the Command Center Console Software
Set Up the Command Center Environment
Set Up the Command Center Console Instance
- Acquire or Create an SSL Certificate (Optional)
- Create the Greenplum Command Center Instance
Setting Up Command Center Instances with a Configuration File

The Command Center Console provides a graphical interface for viewing performance data and for administering certain aspects of your Greenplum system.

The Command Center Console is typically installed on the Greenplum Database master host. However, you have the option to install the console on a host different from the master host. Note that this setup incurs a performance penalty due to the numerous database connections the console must open over the network.

If you have multiple Greenplum Database instances, you can create separate Command Center Console instances for each of them. Each separate console instance operates on a unique port and has its own unique configuration options.

The Command Center Console supports current browser versions of Chrome, Safari, Firefox, and Internet Explorer.

The Command Center Console runs on the gpmonws web server. The default web server port is 28080. For more information about the web server, see Web Server Administration.

Installing the Command Center Console involves the following high-level tasks:

Install the Command Center Console Software – Create the software installation directory.
Set Up the Command Center Console Instance – Set up the environment variables and then create and configure a Command Center Console instance and its supporting web services.

Install the Command Center Console Software

If you are installing the Command Center Console on a remote system (that is, not the same system on which you installed Greenplum Database), you must also install Greenplum Database installation binary files on the remote system. After installing the binary files, source greenplum_path.sh, then perform the Console installation steps described below. Note that you do not need to initialize the database. See the Greenplum Database Installation Guide for more information.

Download the installer file from Pivotal Network. Installer files are available for Linux 64-bit platforms.

Unzip the installer file:

# unzip greenplum-cc-web-3.X.X-LINUX-x86_64.zip

Launch the installer using bash. For example:

$ /bin/bash greenplum-cc-web-3.X.X-LINUX.bin

Read through the license agreement. When you reach the bottom, type yes to accept the license agreement.
The installer prompts you to provide an installation path. Press Enter to accept the default install path (/usr/local/greenplum-cc-web-X.X.X), or enter an absolute path to an install location. You must have write permissions to the location you specify.
Once the installation has completed successfully, create a host file listing all remaining hostnames, including the standby master host. Do not include the name of the host where you ran the installer. Hostnames must be DNS resolvable.
The installation directory contains a gpcc_path.sh file with path and environment settings for the Console. Source this and the Greenplum path, as follows:
```
$ source /usr/local/greenplum-db/greenplum_path.sh 
$ source /usr/local/greenplum-cc-web/gpcc_path.sh
```
Note:
If you have performed the previous steps as any user other than gpadmin, you need to change ownership and permissions to the installation directory before you continue.

Change the ownership of the installation directory:
```
$ chown -R gpadmin:gpadmin greenplum-cc-web-X.X.X
```
Change the permissions of the installation directory:
```
$ chmod -R 755 greenplum-cc-web-X.X.X
```
As gpadmin, run the gpccinstall utility to install Command Center on all hosts listed in the host file you created.
```
$ gpccinstall -f hostfilename
```
where hostfilename is the name of the host file you created earlier in this procedure.
Configure the Console as described in Set Up the Command Center Console Instance.

Set Up the Command Center Environment

Follow the steps below to set up the Greenplum Command Center environment for the gpadmin user.

Add the GPPERFMONHOME environment variable to your startup shell profile (such as ~/.bashrc). Set the variable to the Greenplum Command Center home directory. pre GPPERFMONHOME=/usr/local/greenplum-cc-web source $GPPERFMONHOME/gpcc_path.sh

Ensure that the $GPPERFMONHOME/gpcc_path.sh file has entries for the greenplum_path.sh file and the MASTER_DATA_DIRECTORY environment variable. See the Greenplum Database Installation Guide for details.
Save and source the .bashrc file: shell $ source ~/.bashrc

Set Up the Command Center Console Instance

A Command Center instance is a connection to a Greenplum Database cluster. The gpcmdr --setup command sets up the Command Center Console. The command can be run interactively, or you can create an installation configuration file to run the installation non-interactively. When you use a configuration file, you can create multiple Command Center instances at once.

Command Center instances are typically set up on the Greenplum master host; if installed on another host, the console experiences slower performance due to frequent connections to the gpperfmon database.

Configuration files, log files, and runtime files for each Command Center instance are managed in a subdirectory of the $GPPERFMON/instances directory.

Acquire or Create an SSL Certificate (Optional)
Create a Greenplum Command Center Instance

Acquire or Create an SSL Certificate (Optional)

It is recommended that you enable SSL for the Web server that serves the Command Center Console. SSL ensures that client connections to the Greenplum Command Center are negotiated securely and encrypted. To enable SSL, you will need a server certificate for the web server.

You can use an existing certificate and dhparam file or you can create a self-signed certificate and a dhparam file when you set up a Command Center Console instance. If you use a self-signed certificate, Command Center users will have to explicitly override an exception when they first browse to the Control Center URL, since the certificate is not signed by a trusted CA. However, the connection is still effectively encrypted.

Ideally, you should acquire a signed certificate from a commercial Certificate Authority or your organization’s internal Certificate Authority. If you already have a certificate and dhparam file, install them on the server where GPCC is installed, for example in the /etc/ssl/certs directory. Then you can choose to import them when you create a Control Center instance.

If you want to enable SSL in an existing Control Center instance, you can create the certificate file yourself and add the SSL parameters to the instances/instance-name/conf/app.conf file

This is the recommended SSL configuration for the gpmonws web server:

ssl.engine = "enable"
ssl.pemfile = "/path/to/cert.pem"
ssl.ec-curve = "secp384r1"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.honor-cipher-order = "enable"
ssl.use-compression = "disable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

The following example creates certificate and dhparam files in the /etc/ssl/certs directory. Note that because the certificate is self-signed, users will have to override the SSL exception to proceed to the Control Center. Perform these steps as root.

Create a certificate for the Web server.

# cd /etc/ssl/certs
# openssl req -newkey rsa:2048 -x509 -keyout cert.pem -out cert.pem -days 3650 -nodes

Enter the requested distinguished name (DN) information at the prompts to create an unsigned certificate. For example:

Country Name (2 letter code) [XX]:US 
State or Province Name (full name) [Berkshire]:California 
Locality Name (eg, city) [Newbury]:Palo Alto 
Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. 
Organizational Unit Name (eg, section) []: 
Common Name (eg, your name or your server's hostname) []:mdw 
Email Address []:

Create the Greenplum Command Center Instance

Follow the steps below to run the gpcmdr --setup command to create an instance. To accept the displayed default values for any parameters at configuration time, press the ENTER key. To monitor multiple instances, run the setup utility separately for each instance.

Log in as the Greenplum administrator (gpadmin).
With the Greenplum Database instance running, launch the setup utility. For example:
```
$ gpcmdr --setup
```
Provide an instance name for the Greenplum Database instance monitored by this Console.
Provide a display name for the instance. This name is shown in the Console user interface. This prompt does not appear if the master host is remote.4.
Select y or n to specify if the Greenplum Database master for this instance is on a remote host. Note that Console performance is better when the Console and Greenplum Database master are on the same host. If the master host is remote, enter y and enter the hostname or IP address of the master at the prompt.
Provide the port number for the Greenplum Database master instance.
Provide a port number for the Command Center Console web server. The default is 28080.
Enter y to enable SSL connections for the Command Center Console, or n if you do not want SSL.

Note: Because database login information is sent over the network, we recommend you use SSL to encrypt these communications.

If you choose to enable SSL:
1. You are asked if you want to import a certificate file. If you have a certificate you want to use, enter y, then enter the full path to the certificate file. The path you enter is added to the app.conf file.
2. If you did not import a certificate, gpcmdr generates a private key and then prompts you to enter the Distinguished Name information needed to generate a Certificate Signing Request (CSR). For example:
```
Country Name (2 letter code) [GB]:US 
State or Province Name (full name) []:California 
Locality Name (eg, city) [Default City]:Palo Alto 
Organization Name (eg, company) [My Company Ltd]:Pivotal Software, Inc. 
Organizational Unit Name (eg, section) []: 
Common Name (eg, your name or your server's hostname) []:mdw 
Email Address []:
```
  The CSR is signed with the previously generated private key and the certificate is saved in the instances/<instance-name>/conf directory.
Enter y or n to specify whether you want this installation copied to a standby master. If you enter y, you are prompted for the standby master host name.
Update the pg_hba.conf file to allow the gpmon role access to every database that will be monitored using Control Center. Specify the md5 authentication method. This example allows gpmon access to all databases when GPCC is running on the master host:
```
local      all    gpmon     md5
```
Start the Console and log in. See Connecting to the Greenplum Command Center Console.
You can also configure authentication so that other Greenplum users can log in to the Console, see Configuring Authentication for the Command Center Console for details.

Setting Up Command Center Instances with a Configuration File

It can be useful to run gpcmdr --setup non-interactively, taking input from a file. For example, you could install GPCC and create Command Center instances as part of a Greenplum cluster installation script. To accomplish this, create a configuration file and supply it to the gpcmdr utility using the --config_file option:

gpcmdr --setup --config_file file

The configuration file is a Python ConfigParser file, which is similar to a Windows INI file. The configuration file contains one or more sections, each section beginning with a section header in square braces. Parameters in the optional [DEFAULT] section apply to all subsequent sections and may be overridden. Each section other than [DEFAULT] defines a Command Center Console instance to create.

Parameters are specified one-per-line as name-value pairs separated with equals signs (=) or colons (:). Comments begin with a number sign (#) or semicolon (;) and continue to the end of the line.

Here is an example configuration file:

[DEFAULT]
# defaults apply to all instances
remote_db: false
enable_copy_standby: true
standby_master_host: smdw
enable_ssl: true
enable_user_import_cert: true
ssl_cert_file: /etc/ssl/certs/cert.pem
enable_user_import_dhe: false
enable_reuse_dhe: true

[production]
master_hostname: mdw
instance_name: prod
display_name: Production
master_port: 5432
web_port: 28080

[development]
master_hostname: mdw
instance_name: dev
enable_copy_standby: false ; override
display_name: Development
master_port: 5532
web_port: 28090

If you enable SSL and do not provide an SSL certificate, gpcmdr will run the openssl command to create a certificate, which requires input from the user. To avoid the need for user input, be sure to set the enable_user_import_cert and ssl_cert_file parameters.

See Setup Configuration File for a detailed description of the setup configuration file syntax and parameters.