Performing first-time installation of Spectrum Connect

You can install the IBM Spectrum Connect software on a compatible version of Red Hat Enterprise Linux® (RHEL) or CentOS. For more information, refer to the release notes.

Before you begin

  • Verify that the following TCP ports are open to ensure network connectivity between VMware resources, Spectrum Connect and IBM storage systems:
    • 8440 (vCenter, vROps and vRO servers). Refer to the installation procedure below for details on opening the 8440 port for the firewall-cmd. In addition, Spectrum Connect must be allowed to bind to port 8440, if Security-Enhanced Linux (SELinux) is enabled.
    • 7778 (FlashSystem A9000/A9000R).
    • 22 (storage systems that run IBM Spectrum Virtualize).
    • 8452 (DS8000).
      Note: You can change the default TCP port (8440) at any time by running a script, as explained in Changing the Spectrum Connect communication port.
  • Verify that the TCP ports 5672 and 4369 are open. These ports are used by the 'rabbitmq' and 'ampq' internal processes, respectively. Refer to the installation procedure below for the port opening procedures.
  • Check that the 'zlib' library has been installed.
  • Check that the 'libsemanage-static' library has been installed for CentOS.
  • Check that the 'bzip2' program has been installed for all operating systems.
  • Verify that the 'postgresql' package is not installed on your host. Your server may have a package of 'postgresql' version 8 installed, as a part of operation system distribution. This may result in a conflict with version of the package, installed during the Spectrum Connect deployment. Use the rpm -qa | grep postgres command to search for the 'postgresql' package.
  • A new Linux username – ibmsc – is created during installation to be used for Spectrum Connect management operations.
    Note: In an Active Directory environment where a local user is not permitted, you must create ibmsc as a Domain user prior to the package installation.

    You can customize the user ID for ibmsc by adding a Linux user (useradd command in RHEL) prior to the package installation. In this case, create the /home/ibmsc directory before starting the installation process.

  • Make sure that the 'ibmsc' user can access the /opt/ibm and /var/log/sc folders.

Procedure

Follow these steps to install Spectrum Connect:

  1. Download the installation package and the IBM_Spectrum_Connect_Signing_Key_Pub.key file, used for the package validation. See Downloading IBM Spectrum Connect software).
  2. Copy the installation package and the public key files to a local folder on the Linux host that will be used as Spectrum Connect.
  3. Go to the local folder and then use the gpg --import IBM_Spectrum_Connect_Signing_Key_Pub.key to import the IBM® GNU Privacy Guard (GPG) public key to validate the installation files. This ensures that the files were received from IBM and were not manipulated in any way by a third party.
    Note: Downloading the install package from a trusted, SSL-protected resource, such as Fix Central, ensures its authenticity and integrity. However, you can mark the key as trusted by entering gpg --edit-key "IBM Spectrum Connect Signing Key", typing the trust command and selecting option 5.
  4. Extract the installation package file ('*' represents the build number): 
    # tar -xzvf IBM_Spectrum_Connect-3.8.0-*-x86_64.tar.gz
    Depending on the operating system type, the following files are extracted:
    • RHEL 7.x:
      • erlang-19.3.0-1.el7.centos.x86_64.rpm
      • jemalloc-3.6.0-1.el7.x86_64.rpm
      • nginx-1.10.3-1.el7.ngx.x86_64.rpm
      • postgresql96-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-contrib-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-docs-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-libs-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-server-9.6.17-1PGDG.rhel7.x86_64.rpm
      • rabbitmq-server-3.6.0-1.noarch.rpm
      • redis-3.2.5-1.el7.x86_64.rpm
      • uuid-1.6.2-26.el7.x86_64.rpm
    • CentOS 7.x:
      • erlang-19.3.0-1.el7.centos.x86_64.rpm
      • jemalloc-3.6.0-1.el7.x86_64.rpm
      • libxslt-1.1.28-5.el7.x86_64.rpm
      • nginx-1.10.3-1.el7.ngx.x86_64.rpm
      • postgresql96-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-contrib-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-docs-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-libs-9.6.17-1PGDG.rhel7.x86_64.rpm
      • postgresql96-server-9.6.17-1PGDG.rhel7.x86_64.rpm
      • rabbitmq-server-3.6.0-1.noarch.rpm
      • redis-3.2.5-1.el7.x86_64.rpm
      • uuid-1.6.2-26.el7.x86_64.rpm
    • RHEL 8.x:
      • erlang-22.1.2-1.el8.x86_64.rpm
      • jemalloc-5.2.1-2.el8.x86_64.rpm
      • nginx-1.16.1-1.el8.ngx.x86_64.rpm
      • postgresql96-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-contrib-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-docs-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-libs-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-server-9.6.17-1PGDG.rhel8.x86_64.rpm
      • rabbitmq-server-3.7.24-1.el8.noarch.rpm
      • redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64.rpm
      • socat-1.7.3.2-6.el8.x86_64.rpm
      • uuid-1.6.2-42.el8.x86_64.rpm
    • CentOS 8.x:
      • erlang-22.1.2-1.el8.x86_64.rpm
      • jemalloc-5.2.1-2.el8.x86_64.rpm
      • nginx-1.16.1-1.el8.ngx.x86_64.rpm
      • postgresql96-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-contrib-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-docs-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-libs-9.6.17-1PGDG.rhel8.x86_64.rpm
      • postgresql96-server-9.6.17-1PGDG.rhel8.x86_64.rpm
      • rabbitmq-server-3.7.24-1.el8.noarch.rpm
      • redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64.rpm
      • socat-1.7.3.2-6.el8.x86_64.rpm
      • uuid-1.6.2-42.el8.x86_64.rpm
    • ibm_spectrum_connect-3.8.0-*.bin – product BIN file.
    • ibm_spectrum_connect-3.8.0-*-x86_64.bin.asc – digital signature file for the BIN file verification.
  5. Enter gpg --verify ibm_spectrum_connect-3.8.0-*-x86_64.bin.asc ibm_spectrum_connect-3.8.0-*-x86_64.bin to verify the digital signature of the installation files.
  6. Go to the extracted directory and then use the rpm -iv *.rpm command to run and install all the complementary RPM files.
  7. Enter chmod +x ibm_spectrum_connect-3.8.0-*.bin to authorize the installation of the product BIN file.
  8. Enter ./ibm_spectrum_connect-3.8.0-*.bin to start the installation.
    Note: Make sure you login as root, or use sudo for the command.
  9. Review the license agreement which is displayed after you run the installation file.
  10. Enter 1 at the following prompt to accept the license agreement and complete the installation: 
    Press Enter to continue viewing the license agreement, or enter "1" to accept the agreement, "2" to decline it, "3" to Print, "4" to Read non-IBM terms, or "99" to go back.
    Installation progress messages are displayed:
    Preparing for new install of SC 3.8.0
Creating system user ibmsc
Extract Python according to OS version
Starting rabbitmq-server (via systemctl): [ OK ]
Configuring rsyslog
Setting up nginx
Generating SSL Certificate
Configuring new service [ibm_spectrum_connect]
Configuring postgresql database
Create default settings
Creating IBM Spectrum Connect user
    Once installation is complete, the following notes and installation completion messages are displayed:
    SECURITY NOTES:
===============
The following ports must be opened on this host:
- Port 5672 for rabbitmq on the internal interface (lo).
- Port 4369 for ampq on the internal interface (lo).
- Port 8440 on the external interface.

If you are using the linux default firewall, you can use the following commands to open the port:
firewall-cmd --permanent --zone=trusted --add-interface=lo
firewall-cmd --permanent --add-port=8440/tcp
firewall-cmd --permanent --zone=trusted --add-port=4369/tcp
firewall-cmd --permanent --zone=trusted --add-port=5672/tcp
firewall-cmd --reload
If you are using a different firewall software please refer to the software documentation for help.

If SELinux is enabled on this machine, nginx must be allowed to bind network interfaces and connect to ibmsc socket. This can be done using the following commands:
semodule -i /opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel7/ibmsc.pp
systemctl restart nginx
To display ibmsc selinux policy:
cat /opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel7/ibmsc.te

If the rabbitmq-server service is reported as not running it can be restarted by the following command: 
systemctl restart rabbitmq-server

NOTE: An initial username 'admin' with an initial password 'admin1!' has been defined for the initial access (via the CLI or GUI) to the IBM Spectrum Connect.

IMPORTANT: To avoid unauthorized access to the IBM Spectrum Connect, 
the password for this username should be changed as soon as possible.

You can control IBM Spectrum Connect services using the shell command 'service ibm_spectrum_connect {start|stop|status}'.

Installation completed successfully.

    Once the IBM Spectrum Connect service has been installed, the – ibmsc – user can be used for Spectrum Connect management operations, as stated under Before you begin.

    If the firewall and SELinux were disabled prior to installation, the IBM Spectrum Connect service starts automatically once installation has completed successfully. (To check on the status of the Spectrum Connect service, see Checking and controlling the Spectrum Connect Linux service.) If so, skip to step 12. If not, first complete step 11.

  11. In cases where the firewall and SELinux are enabled, perform the steps under Changing firewall and SELinux settings for Spectrum Connect and then manually start the Spectrum Connect service using the steps under Checking and controlling the Spectrum Connect Linux service.
  12. To avoid unauthorized access to Spectrum Connect via GUI, it is strongly recommended to change the default password for the 'admin' user as soon as possible, as described in Changing the password of a Spectrum Connect user.
    Note: During installation, IBM Spectrum Connect overwrites several configuration files. The previous versions of these files are renamed and kept in their original locations. A backup version is renamed as file_name.pre_previous_SCB_version_number. For example, sc_nginx.conf from Spectrum Control Base (3.0.3) installation is renamed as sc_nginx.conf.pre_3.0.3. The table below specifies the files renamed during installation.
    Table 1. Configuration files renamed during Spectrum Connect installation
    File name Location
    40-ibmsyslog.conf /etc/rsyslog.d/
    500.html /etc/nginx/conf.d/
    sc_fastcgi_params /etc/nginx/conf.d/
    sc_nginx.conf /etc/nginx/conf.d/