Initial Setup and Installation
Hardware
A new rack was placed in a server room, and wired for two independent power sources. Two servers with the following characteristics were placed in the rack:
- Two CPUs (16 cores)
- 64G RAM
- One NIC card supporting 4 1Gb Ethernet interfaces
- Eight 600GB 15000 RPM hard drives
- Redundant power supplies
On each server, eth1 (port 2) is connected to the other server by a 1G cable. On each server, eth0 is connected to the network switch (and the internet).
DNS Setup
We will assume that the company puts its intranet on Net 10 – in the private IP space. Many companies would use public IPs for their intranet – this is a company decision. Here are some example values that we will use:
| Type | Hostname | IP |
|---|---|---|
| Primary | ha1.internal.<yourcompany>.com | 10.10.10.2 |
| Secondary | ha2.internal.<yourcompany>.com | 10.10.10.3 |
| Service | esm.internal.<yourcompany>.com | 10.10.10.10 |
Clients of ESM will connect to esm.internal.<yourcompany>.com. The primary and secondary hostname are required for configuration of those servers, and are convenient for accessing them.
Operating System Installation
The RedHat installation supports formatting of hard drives, including formatting multiple hard drives to a RAID partition. So first format all the drives into a single RAID 10 disk array. After accounting for redundant storage support this leaves the system with 2.4TB = 2.2TiB.
The root (/), swap, and boot partitions should be physical partitions allocated during installation. Allocate 20 GiB (generous) for root, 8 GiB (minimum) for swap, and 2 GiB for boot. The remaining disk space can be put into a single LVM volume group (vg00) for later allocation to support ESM.
Give the primary and secondary machines the hostnames specified in the previous section, and configure the IP address of the primary and secondary on the eth0 interface of the respective servers.
Disk Partition Setup
It is a good idea to configure a separate /tmp partition – in this case a 10GiB partition in ext4 format. Run the following commands as user root to create a partition from the existing volume group:
lvcreate –L 10G –n tmp vg00
mkfs –t ext4 /dev/mapper/vg00-tmp
To make the mount persist across reboots, add the following line to /etc/fstab:
/dev/mapper/vg00-tmp /tmp ext4 defaults 1 2
To mount the /tmp partition, run the following command:
mount /tmp
Next, set up a partition for /opt that is as large as possible. However, it is necessary to save space for the metadata partition required for APHA installation. Assuming that the disk will be 2.2 TiB (2,306,867 MiB), then the metadata partition must be at least 72 MiB, where:
size = (2,306,867 MiB/32768) + 1
Assuming the chunk size of the volume group is 32 MiB, allocate 96 MiB.
To create the partition, run the following command:
lvcreate –L 96M –n metadata vg00
There is no need to make a file system or mount in this case.
You can make a partition big enough to fill the volume group by running these commands as user root:
lvcreate –l 100%FREE –n opt vg00
mkfs –t xfs /dev/mapper/vg00-opt
Then, as with /tmp, add an entry to /etc/fstab and mount /opt with the command mount /opt. The fstab entry is as follows:
/dev/mapper/vg00-lv_opt /opt xfs defaults,inode64 1 2
Note that the inode64 option is used in this example, which is a good idea for very large file systems. If you have special mount options you want to use, mount your filesystem with them if you want them to be used after the APHA installation.
/opt during installation. Pacemaker will automatically control when the /opt partition is mounted.Interconnect Cable Setup
This section shows how to configure the interconnected interfaces. The eth1 interface on each machine will be connected with a crossover cable. Pick IP addresses for the interconnect interfaces. A private subnet that is not routed to other nodes is a good choice. In this example, we will use subnet 192.168.10.0/24. Address 192.168.10.2 will be the primary IP and 192.168.10.3 will be the secondary IP.
To set this up, first modify the interface scripts ifcfg-eth1 on both machines. This file is in /etc/sysconfig/network-scripts. An example of an ifcfg-eth1 script after the configuration changes:
DEVICE=eth1
HWADDR=12:34:56:78:90:AB
UUID=3835e99d-2ef2-422b-9455-75697e092689
IPADDR=192.168.10.2
NETMASK=255.255.255.0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
NM_CONTROLLED=no
IPV6ADDR=fdfd::1:2/120
The first three lines come from the original file that was created when the operating system was installed. Delete any other lines from the original file. The next line, defining the IP address, is unique to each machine. On the secondary, we will use the IP Address 192.168.10.3. The remaining lines are the same for all such files – you may copy them in.
To bring up the connection, run ifup eth1 as root on both the primary and the secondary. At this point pings to 192.168.10.3 on the primary and pings to 192.168.10.2 on the secondary should succeed.
Set Up Connected Hosts
In this case, we will set up the network to allow pings to hosts on three different subnets of the intranet – 10.10.11.5, 10.10.12.5, and 10.10.13.5 .
Install ArcSight Software
This is a new installation, so it is faster to install the APHA Module before ESM. After the installations described below are complete, then ESM will be running in APHA mode.
Install APHA Module
APHA Module is installed on ha1.internal.acme.com . Here are the parameters to use to install APHA:
| Parameter | Value |
|---|---|
| Shared Disk | /opt |
| Metadata volume | /dev/mapper/vg00-metadata |
| Service hostname | esm.internal.<mycompany>.com |
| Secondary hostname | ha2.internal.<mycompany>.com |
| Primary cable IP | 192.168.10.2 |
| Secondary cable IP | 192.168.10.3 |
| Connected hosts | 10.10.11.5 10.10.12.5 10.10.13.5 |
| Ping timeout | 2 |
| Ping attempts | 2 |
Install ESM
ESM is installed as described in the ESM Installation Guide. The only special step is when you are prompted for Manager Information. One value will be entered differently than if you are setting up a single ESM system.
Manager host name (or IP): The correct value to enter for Manager host name (or IP) is esm.internal.<mycompany>.com.
Administrator user name: There is no change to this variable.
Administrator password: There is no change to this variable.
Password confirmation: There is no change to this variable.