Prerequisites for adding hosts and installing Plug-ins package for Windows, Linux, or AIX
Before you add a host and install the plug-in packages, you must complete all the requirements. SnapCenter Plug-in for IBM Db2 supported on Windows, Linux, and AIX environments.
-
You must have installed Java 11 on your host.
IBM Java is not supported. -
For Windows, plug-in Creator Service should be running using the “LocalSystem” windows user, which is the default behavior when Plug-in for IBM Db2 is installed as domain administrator.
-
When installing a plug-in on a Windows host, if you specify a credential that is not built-in or if the user belongs to a local workgroup user, you must disable UAC on the host. SnapCenter Plug-in for Microsoft Windows will be deployed by default with the IBM Db2 plug-in on Windows hosts.
-
SnapCenter Server should have access to the 8145 or custom port of Plug-in for IBM Db2 host.
Windows hosts
-
You must have a domain user with local administrator privileges with local login permissions on the remote host.
-
While installing Plug-in for IBM Db2 on a Windows host, SnapCenter Plug-in for Microsoft Windows is installed automatically.
-
You must have enabled the password-based SSH connection for the root or non-root user.
-
You must have installed Java 11 on your Windows host.
Linux and AIX hosts
-
You must have enabled the password-based SSH connection for the root or non-root user.
-
You must have installed Java 11 on your Linux host.
-
For IBM Db2 databases that are running on a Linux host, while installing Plug-in for IBM Db2, SnapCenter Plug-in for UNIX is installed automatically.
-
You should have bash as the default shell for plug-in installation.
Supplemental commands
To run a supplemental command on the SnapCenter Plug-in for IBM Db2, you must include it in the allowed_commands.config file.
-
Default location on the Windows host: C:\Program Files\NetApp\SnapCenter\Snapcenter Plug-in Creator\etc\allowed_commands.config
-
Default location on the Linux host: /opt/NetApp/snapcenter/scc/etc/allowed_commands.config
To allow supplemental commands on the plug-in host, open allowed_commands.config file in an editor. Enter each command on a separate line and the commands are not case sensitive. Ensure that you specify the fully qualified pathname and enclose the pathname in quotation marks (") if it contains spaces.
For example:
command: mount
command: umount
command: "C:\Program Files\NetApp\SnapCreator commands\sdcli.exe"
command: myscript.bat
If the allowed_commands.config file is not present, the commands or script execution will be blocked and the workflow will fail with the following error:
"[/mnt/mount -a] execution not allowed. Authorize by adding the command in the file %s on the plugin host."
If the command or script is not present in the allowed_commands.config, the command or script execution will be blocked and the workflow will fail with the following error:
"[/mnt/mount -a] execution not allowed. Authorize by adding the command in the file %s on the plugin host."
You should not use a wildcard entry (*) to allow all commands. |
Configure sudo privileges for non-root users for Linux host
SnapCenter allows a non-root user to install the SnapCenter Plug-ins Package for Linux and to start the plug-in process. The plug-in processes will be running as an effective non-root user. You should configure sudo privileges for the non-root user to provide access to several paths.
What you will need
-
Sudo version 1.8.7 or later.
-
If the umask is 0027, ensure that the java folder and all the files inside should have permission of 555. Otherwise plug-in installation might fail.
-
For the non-root user, ensure that the name of the non-root user and the user's group should be the same.
-
Edit the /etc/ssh/sshd_config file to configure the message authentication code algorithms: MACs hmac-sha2-256 and MACs hmac-sha2-512.
Restart the sshd service after updating the configuration file.
Example:
#Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #Legacy changes #KexAlgorithms diffie-hellman-group1-sha1 #Ciphers aes128-cbc #The default requires explicit activation of protocol Protocol 2 HostKey/etc/ssh/ssh_host_rsa_key MACs hmac-sha2-256
About this task
You should configure sudo privileges for the non-root user to provide access to the following paths:
-
/home/LINUX_USER/.sc_netapp/snapcenter_linux_host_plugin.bin
-
/custom_location/NetApp/snapcenter/spl/installation/plugins/uninstall
-
/custom_location/NetApp/snapcenter/spl/bin/spl
Steps
-
Log in to the Linux host on which you want to install the SnapCenter Plug-ins Package for Linux.
-
Add the following lines to the /etc/sudoers file by using the visudo Linux utility.
Cmnd_Alias HPPLCMD = sha224:checksum_value== /home/LINUX_USER/.sc_netapp/snapcenter_linux_host_plugin.bin, /opt/NetApp/snapcenter/spl/installation/plugins/uninstall, /opt/NetApp/snapcenter/spl/bin/spl, /opt/NetApp/snapcenter/scc/bin/scc Cmnd_Alias PRECHECKCMD = sha224:checksum_value== /home/LINUX_USER/.sc_netapp/Linux_Prechecks.sh Cmnd_Alias CONFIGCHECKCMD = sha224:checksum_value== /opt/NetApp/snapcenter/spl/plugins/scu/scucore/configurationcheck/Config_Check.sh Cmnd_Alias SCCMD = sha224:checksum_value== /opt/NetApp/snapcenter/spl/bin/sc_command_executor Cmnd_Alias SCCCMDEXECUTOR =checksum_value== /opt/NetApp/snapcenter/scc/bin/sccCommandExecutor LINUX_USER ALL=(ALL) NOPASSWD:SETENV: HPPLCMD, PRECHECKCMD, CONFIGCHECKCMD, SCCCMDEXECUTOR, SCCMD Defaults: LINUX_USER !visiblepw Defaults: LINUX_USER !requiretty
If you are having a RAC setup, along with the other allowed commands, you should add the following to the /etc/sudoers file: '/<crs_home>/bin/olsnodes'
You can obtain the value of crs_home from the /etc/oracle/olr.loc file.
LINUX_USER is the name of the non-root user that you created.
You can obtain the checksum_value from the sc_unix_plugins_checksum.txt file, which is located at:
-
C:\ProgramData\NetApp\SnapCenter\Package Repository\sc_unix_plugins_checksum.txt if SnapCenter Server is installed on Windows host.
-
/opt/NetApp/snapcenter/SnapManagerWeb/Repository/sc_unix_plugins_checksum.txt if SnapCenter Server in installed on Linux host.
The example should be used only as a reference for creating your own data. |
Configure sudo privileges for non-root users for AIX host
SnapCenter 4.4 and later allows a non-root user to install the SnapCenter Plug-ins Package for AIX and to start the plug-in process. The plug-in processes will be running as an effective non-root user. You should configure sudo privileges for the non-root user to provide access to several paths.
What you will need
-
Sudo version 1.8.7 or later.
-
If the umask is 0027, ensure that the java folder and all the files inside should have permission of 555. Otherwise plug-in installation might fail.
-
Edit the /etc/ssh/sshd_config file to configure the message authentication code algorithms: MACs hmac-sha2-256 and MACs hmac-sha2-512.
Restart the sshd service after updating the configuration file.
Example:
#Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #Legacy changes #KexAlgorithms diffie-hellman-group1-sha1 #Ciphers aes128-cbc #The default requires explicit activation of protocol Protocol 2 HostKey/etc/ssh/ssh_host_rsa_key MACs hmac-sha2-256
About this task
You should configure sudo privileges for the non-root user to provide access to the following paths:
-
/home/AIX_USER/.sc_netapp/snapcenter_aix_host_plugin.bsx
-
/custom_location/NetApp/snapcenter/spl/installation/plugins/uninstall
-
/custom_location/NetApp/snapcenter/spl/bin/spl
Steps
-
Log in to the AIX host on which you want to install the SnapCenter Plug-ins Package for AIX.
-
Add the following lines to the /etc/sudoers file by using the visudo Linux utility.
Cmnd_Alias HPPACMD = sha224:checksum_value== /home/AIX_USER/.sc_netapp/snapcenter_aix_host_plugin.bsx, /opt/NetApp/snapcenter/spl/installation/plugins/uninstall, /opt/NetApp/snapcenter/spl/bin/spl Cmnd_Alias PRECHECKCMD = sha224:checksum_value== /home/AIX_USER/.sc_netapp/AIX_Prechecks.sh Cmnd_Alias CONFIGCHECKCMD = sha224:checksum_value== /opt/NetApp/snapcenter/spl/plugins/scu/scucore/configurationcheck/Config_Check.sh Cmnd_Alias SCCMD = sha224:checksum_value== /opt/NetApp/snapcenter/spl/bin/sc_command_executor AIX_USER ALL=(ALL) NOPASSWD:SETENV: HPPACMD, PRECHECKCMD, CONFIGCHECKCMD, SCCMD Defaults: AIX_USER !visiblepw Defaults: AIX_USER !requiretty
If you are having a RAC setup, along with the other allowed commands, you should add the following to the /etc/sudoers file: '/<crs_home>/bin/olsnodes'
You can obtain the value of crs_home from the /etc/oracle/olr.loc file.
AIX_USER is the name of the non-root user that you created.
You can obtain the checksum_value from the sc_unix_plugins_checksum.txt file, which is located at:
-
C:\ProgramData\NetApp\SnapCenter\Package Repository\sc_unix_plugins_checksum.txt if SnapCenter Server is installed on Windows host.
-
/opt/NetApp/snapcenter/SnapManagerWeb/Repository/sc_unix_plugins_checksum.txt if SnapCenter Server in installed on Linux host.
The example should be used only as a reference for creating your own data. |