Introduction
AIP Console requires one or multiple CAST Storage Service/PostgreSQL instances (see Deployment considerations for more information about recommended deployment architecture) on dedicated Windows or Linux servers. The installation process for each is provided below.
CAST Storage Service on Windows
Before beginning the installation process, please ensure that you have carried out all of the following tasks and that the following requirements have been met:
You need local "Administrator" privileges to install the CAST Storage Service on all Windows versions. In addition, the Windows installer requires "elevated permissions" and therefore needs to be run using the "Run as Administrator" option. | |
The CAST Storage Service installer is delivered in a ZIP file. Make sure you have the required ZIP file ready. | |
Unzip the ZIP file to a convenient location on the workstation | |
Make sure that you disable your anti-virus software prior to launching the installer. |
In some circumstances, the installer may appear to have completed, but a message will also be displayed as follows (more information about this is available here: http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q111303): "The system has not been modified. To install this program at a later time, run the installation again."_This message indicates that the setup has failed and that no CAST programs have been installed. This can occur even when your user login has "Administrator" privileges. In order to workaround this, you need to assign your user login a specific Windows privilege entitled _"Impersonate a client after authentication". This method runs the installation in CLI mode. Note that local Administrator rights are required to run the setup - as such you may need to run the Command Prompt (cmd) with the "Run as Administrator" option, or, if you are running the script in a batch file, you may need to run the batch file with administrator rights. Enter the full path to the location on disk where you want to install the CAST Storage Service binaries. The default location chosen by the GUI installer is: Enter the port number on which you want to run the CAST Storage Service. The following ports are offered by the GUI installer: Enter the full path to the location on disk where you want to store the CAST Storage Service data. The default location chosen by the GUI installer is:Interactive mode
Silent CLI mode
set SILENT=/s
setup.bat /qn INSTALLDIR=\"<INSTALLPATH_CSS>\" CSSPORT=\"<CSS_PORT>\" DBDATADIR=\"<INSTALLPATH_CSSDATA>\"
Option Description INSTALLDIR CSSPORT 4.13.x 2284 3.0.x 2282 2.0.x 2280 DBDATADIR
PostgreSQL on Linux
PostgreSQL can be installed using RPMs (binary) or SRPMs (source) managed by YUM. This is available for the following Linux distributions (CAST recommends using only 64-bit platforms): Locate and edit your distribution .repo file, located: To the section(s) identified above, you need to append a line (otherwise dependencies might resolve to the postgresql supplied by the base repository): A PGDG file is available for each distribution. Browse https://yum.postgresql.org/repopackages.php and find your correct RPM. There is only one single repo RPM for all PostgreSQL versions for each platform. Ensure you modify the link to the rpm file in the command below: this command will download the RPM package for the latest release of Red Hat: First run the following command to view the available releases: Then run the install, for example to install PostgreSQL 11: The default location for PostgreSQL data storage is set to (where <name> is the release number): To customize this location, you need to edit the following file (where <name> is the release number): Once installed, please run the following command to initialize the server (where <name> is the release number): Before clients/users connect, you may wish to secure your PostgreSQL instance using the pg_hba.conf file. There are many ways to do this which will entirely depend on your own environment and organization - for example you may wish to allow access only from certain IP addresses/hosts, or specific PostgreSQL users. The pg_hba.conf file is explained in more detail here: https://www.postgresql.org/docs/10/auth-pg-hba-conf.html. Edit the pg_hba.conf file at /usr/local/pgsql/data using the vi command: A default set of rules is provided, which will look similar to the following: This default configuration only allows connections from localhost using IPv4 and IPv6, therefore to allow any client to connect, you could add the following line: Or to allow a specific subnet: You can also restrict access to specific databases and logins. For example, to allow only the operator login to access the postgres database from any client, add the following like: To check if the server itself is configured correctly for CAST AIP, we need to verify and modify certain parameters in the postgresql.conf (the file is in the postgresql directory \db_data). The postgresql.conf settings listed below are directly related to available RAM for the PostgreSQL instance - and as such their configuration is specific to the host machine. Please use http://pgtune.leopard.in.ua/ on the host machine to identify the correct settings and then modify postgresql.conf with the settings provided by pgtune. You should update the following settings with the values provided by pgtune: When running pgtune, choose the following: Some of the values suggested by pgtune are somewhat low. Therefore, please calculate the following postgresql.conf settings as follows: maintenance_work_mem= 512 MB The following settings should also be modified to the values listed below: Where <name> is the release number: By default PostgreSQL will create a system account user named postgres with the role postgres. The equivalent CAST Storage Service provided by CAST includes two default users as follows: If you would like to create these users, use the following commands: If you are using CAST AIP ≥ 8.3.12, you are also free to create your own users and then use them with CAST AIP and related software - you need to have a minimum of one user with the SUPERUSER permission and then grant the "postgres" role to this user. For example: When using CAST AIP ≥ 8.3.30, it is possible to create custom users that do NOT require the SUPERUSER permission if you prefer not to grant this. For example, this script creates a role "my_role" with the password "my_password" that can login. The role has not been granted the SUPERUSER permission and instead only the minimum permissions required to operate CAST AIP are granted: The "postgres" database is created by default in PostgreSQL. CAST products will, by default, expect to create/connect to schemas in this database. However, it is also possible to configure CAST products to connect to a custom database other than "postgres". See Using a custom CAST Storage Service or PostgreSQL database other than the default postgres. Change the following parameters in the configuration file (..\db_data\postgresql.conf): Set this parameter to off when only actual row counts, and not exact times, are needed:Installation via YUM
Configure your YUM repository
exclude=postgresql*
Update the RPM package
rpm -ivh https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum update
Install PostgreSQL
yum list postgresql*
yum install postgresql11-server
Configure data storage location
/var/lib/pgsql/<name>/data
/usr/lib/systemd/system/postgresql-<name>.service
Initialize the PostgreSQL database server to configure data storage location
export PGSETUP_INITDB_OPTIONS="-E 'UTF-8' --no-locale"
/usr/pgsql-<name>/bin/postgresql-<name>-setup initdb
Configuring the server/database
Edit the pg_hba.conf file to allow clients/users
vi pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 0.0.0.0/0 md5
host all all 172.20.143.0/24 md5
host postgres operator 0.0.0.0/0 md5
Check server configuration
pgtune
Other settings
listen_addresses '*' Instead of localhost by default. Enables connectivity from other machines. Port 2282 max_connections 300 fsync off synchronous_commit off full_page_writes off commit_delay 10 checkpoint_completion_target 0.9 cursor_tuple_fraction 1.0 log_checkpoints on log_destination 'stderr' logging_collector on log_line_prefix '%t [%p]: [%l-1] ' Don't forget the space before final quote mark. log_temp_files 1024kB log_autovacuum_min_duration 1000ms autovacuum_vacuum_cost_limit 200 bytea_output 'escape' datestyle 'iso, mdy' Ensure that this option is active (it may already be active). lc_messages 'C' lc_monetary 'C' lc_numeric 'C' lc_time 'C' max_locks_per_transaction 4096 Higher value than 64 by default. standard_conforming_strings on PostgreSQL database server actions (start/stop/restart etc.)
systemctl stop postgresql-<name>.service --> FOR SHUTDOWN
systemctl start postgresql-<name>.service --> FOR STARTING
systemctl restart postgresql-<name>.service --> FOR RESTARTING
systemctl status postgresql-<name>.service --> FOR CHECKING STATUS
systemctl reload postgresql-<name>.service --> FOR CONFIGURATION RELOAD
Create users
Username Password Permissions Notes operator CastAIP SUPERUSER - guest WelcomeToAIP - Note that in the CAST AIP ≥ 8.3.11, the "guest" user is no longer used. psql
*create user operator with SUPERUSER password 'CastAIP';
*create user guest with password 'WelcomeToAIP';
*grant postgres to operator;
CAST AIP ≥ 8.3.12 - custom users
[postgres@cssx data]$ psql
*create user my_user with SUPERUSER password 'my_password';
*grant postgres to my_user;
[postgres@cssx data]$ psql
*create role my_role LOGIN PASSWORD 'my_password' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
*grant create, connect, temporary on database postgres to my_role;
postgres database
How to log all statement's plan
auto_explain.log_min_duration = '0s' # setting this to zero logs all plan
auto_explain.log_nested_statements = on # log statements executed inside a function
auto_explain.log_verbose = on # it's equivalent to the VERBOSE option of EXPLAIN
auto_explain.log_buffers = on # it's equivalent to the BUFFERS option of EXPLAIN
auto_explain.log_analyze = on # causes EXPLAIN ANALYZE output; when this parameter is on, per-plan-node timing occurs for all statements executed, whether or not they run long enough to actually get logged. This can have an extremely negative impact on performance. Turning off auto_explain.log_timing ameliorates the performance cost, at the price of obtaining less information.
shared_preload_libraries = 'auto_explain' # change requires restart
auto_explain.log_timing = off # this parameter has no effect unlessauto_explain.log_analyze is enabled