Moogsoft Onprem - Online RPM pre-installation

You must perform certain preparatory tasks before you install Moogsoft Onprem.

Follow these steps if you have root access to the machine or machines on which you will install Moogsoft Onprem, and you can connect to Yum repositories outside your network from those machines.

Offline RPM pre-installation: Moogsoft Onprem - Offline RPM pre-installation.
Online Tarball pre-installation: Moogsoft Onprem Online Tarball Pre-installation.
Offline Tarball pre-installation: Moogsoft Onprem Offline Tarball Pre-installation.

Before you begin

Before you begin to prepare for the installation, verify the following:

You have root access to the system where you plan to install Moogsoft Onprem.
You have credentials to connect to the Moogsoft "speedy" Yum repository.
You are familiar with the supported versions of third party software, as outlined in Moogsoft Onprem 9.x Supported Environments.
You have an experienced Linux RHEL System Administrator to perform the installation/upgrade (required). If help is needed, please contact Moogsoft Support in order to engage Moogsoft Professional Services.

SAML Configuration Requirements

New security enhancements in v9.0.1 require enabling the Sign Response As Required option on the IDP side, if configurable. We kindly request your SAML team to do this for the <PROD/UAT> environment before the upgrade. If you are unsure after communicating with your SAML team whether this option applies to your setup, please contact Moogsoft support.

If a new IDP is generated after this change, SAML team should provide its metadata file to the team taking care of the upgrade. During the upgrade, the existing IDP file will be replaced with the one provided. In all cases, the SP metadata file will be regenerated and should be shared with SAML team. They may need to import the new SP metadata or configure the relevant fields with the information supplied in the file to complete the trust configuration.

Pre-installation steps

Complete the following steps before you perform an RPM installation of Moogsoft Onprem:

Run the following command to create the Moogsoft Onprem Yum repository file /etc/yum.repos.d/moogsoft-v9.repo with the following contents. Replace the username and password in the baseurl property with your Moogsoft "speedy" Yum repository credentials.
```
cat > /etc/yum.repos.d/moogsoft-v9.repo <<EOL
[moogsoft-v9]
name=moogsoft-v9
baseurl=https://<username>:<password>@speedy.moogsoft.com/v9/repo
enabled=1
gpgcheck=0
sslverify=0
EOL
```
Optional: GPG key validation of the RPMs
To validate the RPMs before installation:
1. For servers without internet access (if server has internet access go to the next step):
  1. Download the key from this site:
    https://keys.openpgp.org/vks/v1/by-fingerprint/1FE4C24A262339A8265034F0D39915EC5B492B37
  2. Copy the key (it will be an .asc file) to the server onto which the RPMs or tarball will be installed.
  3. Import the key:
    gpg --import 1FE4C24A262339A8265034F0D39915EC5B492B37.asc
2. For servers with internet access, run the following command:
```
curl https://keys.openpgp.org/vks/v1/by-fingerprint/1FE4C24A262339A8265034F0D39915EC5B492B37 | gpg --import
```
3. Download all the patch RPMs and .sig files from the speedy yum repository using a browser, providing speedy credentials when prompted by the browser:
```
https://<speedyusername>:<speedypassword>@speedy.moogsoft.com/v9/repo/x86_64
```
4. Move the RPMs and .sig files into the same folder. For example, /tmp, as used in the example below.
5. Copy the following code into a bash terminal and run it to perform the validation:
```
while read RPM
do
    echo "Current RPM: $RPM"
    gpg --verify ${RPM}.sig ${RPM} 2>&1
done < <(find /tmp -name '*.rpm');
```
6. Confirm that all the commands for each RPM report:
```
Good signature from "Dell Technologies Inc. <support@dell.com>"
```
7. You can now remove the RPMs and .sig files. Yum will download the packages from the online repository for the actual installation.
Install the RabbitMQ Erlang package. For example:
```
yum -y install https://github.com/rabbitmq/erlang-rpm/releases/download/v26.0.1/erlang-26.0.1-1.el8.x86_64.rpm
```
Alternatively, you can find the file at https://github.com/rabbitmq/erlang-rpm/releases.
Install the RabbitMQ Yum repository. For example:
```
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | sudo bash
```
Verify that the /etc/yum.repos.d/rabbitmq_rabbitmq-server.repo file has been created.

Run the following command to create an /etc/yum.repos.d/nginx.repo Nginx yum repo file:

cat <<END > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/8/\$basearch/
gpgcheck=0
enabled=1
module_hotfixes=1
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/rhel/8/\$basearch/
gpgcheck=0
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=1
END

Refresh the local Yum repo cache and verify that the NSS and OpenSSL packages are up to date on your system. For example:
```
yum clean all
yum -y update nss openssl
```

Install Java 11:

VERSION=11.0.22.0.7; yum -y install java-11-openjdk-headless-${VERSION} java-11-openjdk-${VERSION} java-11-openjdk-devel-${VERSION}

Install the Extra Packages for Enterprise Linux (EPEL) Yum repository and enable the optional packages:
```
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
```
Verify that the /etc/yum.repos.d/epel.repo file was created.
Before installing the Percona RPMs in the next step, check to make sure that no currently installed packages will cause a conflict by running this command:
```
rpm -q --whatprovides mysql-libs
```
If this command returns any packages, remove them (using yum remove <package_name>) before continuing. Yum provides a warning if the removal of those packages will also cause the removal of other dependant packages at the same time. If those packages cannot be removed, please contact Moogsoft Support⏤in such cases, a 'yum shell' script is required to swap the dependencies 'in-place' without removing any other packages.

Download the Percona database installer on all servers that will house a database node.

While the script configures multiple nodes to run as a cluster, a single node is also supported.

Run this command on an internet-connected host. If this host does not have internet access, download the script on a different host before copying it to this host. Enter your "speedy" Yum repo user credentials when prompted:

cat > get_percona_script.sh << _EOF_
#!/bin/bash
clear
echo "Please provide access credentials for the 'speedy' yum repository in order to download the Percona setup script"
echo
read -p "AIOps Repository Username: " AIOPS_USER
export AIOPS_USER
read -p "AIOps Repository Password: " -s AIOPS_PASS
export AIOPS_PASS
curl -L -O https://\$AIOPS_USER:\$AIOPS_PASS@speedy.moogsoft.com/v9/install_percona_nodes.sh 2>/dev/null
echo
_EOF_
bash get_percona_script.sh;

Set SELinux to permissive mode or disable it completely. For example, to set SELinux to permissive mode:
```
setenforce 0
```
If you want to disable SELinux at boot time, edit the file /etc/sysconfig/selinux.

Configure OpenSearch vm.max_map_count

To allow users to run an OpenSearch cluster, the vm.max_map_count property must be at least 262144. Check this property by running:

sysctl -n vm.max_map_count

If the value is less than 262144, add the following line to the end of the /etc/sysctl.conf file (requires root permissions):

vm.max_map_count = 262144

Then apply the new property value using this command (requires root/sudo permissions):

sudo sysctl -p

Configure user ulimits for RHEL8

Run the following commands as root to set appropriate RHEL8 ulimits for the 'moogsoft' user which will run the application. Replace the 'moogsoft' user below as the user who will be installing and running the application⏤by default, it is 'moogsoft' for RPM deployments:

LIMITS_NPROC_CONF=/etc/security/limits.d/00_moogsoft.conf
sudo bash -c "echo \"moogsoft   hard   nproc   65536\" >> ${LIMITS_NPROC_CONF}";
sudo bash -c "echo \"moogsoft   hard   nofile   65536\" >> ${LIMITS_NPROC_CONF}";
sudo bash -c "echo \"moogsoft   soft   nproc   65536\" >> ${LIMITS_NPROC_CONF}";
sudo bash -c "echo \"moogsoft   soft   nofile   65536\" >> ${LIMITS_NPROC_CONF}";

Log out of the command terminal and back in to implement the changes.

After you have completed these steps, proceed with your installation or upgrade.

See RPM Installation or Upgrade Moogsoft Onprem for the instructions relevant to your deployment.

In this section: