Sunday, 31 October 2021

Adding a New Cloud Insights (CI) Acquisition Unit (AU)

 Official NetApp documentation is here: Configuring Acquisition Units (netapp.com)

In order to add a new Cloud Insights Acquisition Unit, you will need to have the following:

  1. A login to the NetApp Cloud Insights tenant (via invite)
  2. Monitor & Optimize Role: Administrator permission

And will have to have completed all your proxy/firewall requests as necessary.

1) Log into your NetApp Cloud Insights tenant:

https://YOURTENANT.cloudinsights.netapp.com/

2) In the right-hand panel click:

ADMIN > Data Collectors


3) Choose the option at the top for Acquisition Units and click + Acquisition Unit

4) Choose the Operating System of the Acquisition Unit server (here we are using Linux), and follow the Installation instructions as in the example below:




Troubleshooting Acquisition Unit Installation Problems on Linux

NetApp Documentation: Troubleshooting Acquisition Unit Problems on Linux (netapp.com)

Installation fails on SELinux

When the AU is installed on SELinux, SELinux should be either disabled or set to permissive mode. Once the installation is complete, enforcing mode can be enabled.


... but - potentially - when you reboot the CI AU, it may then fail to start (with SELinux enabled) and enterprises will not let you permanently disable SELinux (and nor should they.) Read on for what you should do in this case...


Note: I take no credit for the following section. This useful information comes from a Linux guru. Sharing here under the principle that good technical knowledge deserves to be disseminated for the benefit of seekers of help.


Installation of NetApp Cloud Insights AU on RHEL v8.4 (Without needing to permanently disable SELinux so the CI AU can survive a server reboot)

1) Check if noexec is set on tmpfs and set it to exec:

# mount |grep /tmp
# mount -o remount,exec /tmp

2) Check if enforcing is active and deactivate it:

# getenforce
# setenforce 0

3) Export proxy configuration (if required):

# export https_proxy='PROXY-SERVER:PORT' proxy_auth_scheme=''

4) Run the installer snippet from NetApp Cloud Insights WebUI to install the aquisition unit.

5) Reactivate noexec on tmpfs:

# mount -o remount,noexec /tmp

6) Reactivate Enforcing:

# setenforce 1

7) After installation change context for the symbolic link otherwise the CI AU service will not start after reboot because of active SELinux enforcing:

# chcon -h -u system_u -t usr_t /opt/netapp/cloudinsights/acq
# chcon -h -u system_u -t usr_t /opt/netapp/cloudinsights/acq/scripts/acquisition.server

After change the context should look like the following:

# ls -lZ /opt/netapp/cloudinsights/acq

  • Before: lrwxrwxrwx. 1 cisys cisys unconfined_u:object_r:unlabeled_t:s0
  • After: lrwxrwxrwx. 1 cisys cisys system_u:object_r:usr_t:s0

8) Check CI AU service status on server:

# cloudinsights-service.sh status

9) Reboot CI AU server and verify the service came up after the restart:

# cloudinsights-service.sh status


Additional Notes

restorecon command tries to restore the “original” context, and this usually only changes something when there was a previously defined context (which there is not in /opt/netapp). But we could have run these two commands instead of the commands in step 7:

# semanage fcontext -a -t usr_t "/opt/netapp/cloudinsights(/.*)?"
# restorecon –R /opt/netapp/cloudinsights

After a future upgrade of the NetApp CI software, it may be required to run the restorecon command again due to new files being copied to the system without the proper SELinux context.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.