Installing OpenText Analytics Database on SELinux in Enforcing mode

Steps to install OpenText Analytics Database on SELinux in Enforcing mode.

Use the steps below to install OpenText™ Analytics Database on a server with SELinux in enforcing mode.

As the root user on the server:

Copy selinux folder and OpenText™ Analytics Database rpm from Orchestration server onto the node into /tmp directory.
Run the following command to set up the dbadmin user and data directory:


/tmp/selinux/pre-install_sepolicy.sh

Note

If you want to use a different user that the default dbadmin or set a specific catalog directory, you can run the following command:


DBADMIN=<dbadmin user> DBADMIN_GROUP=<dbadmin group> DATA_DIR=<where the catalog/depot/etc will be located> /tmp/selinux/pre-install_sepolicy.sh

Run the following to install OpenText™ Analytics Database:


rpm -Uvh /tmp/vertica-latest.rhel.x86_64.rpm

Check /opt/vertica content by running ls -alhZ /opt/vertica/bin. The content should show system_u:object_r:vertica_exec_t. If vertica_exec_t is missing, run the following command:


/tmp/selinux/post-install_sepolicy.sh

OR

DBADMIN=<dbadmin user> DBADMIN_GROUP=<dbadmin group> DATA_DIR=<where the catalog/depot/etc will be located> /tmp/selinux/post-install_sepolicy.sh

If the commands were run using sudo, log out and log back in to apply the new dbadmin SELinux context.

As dbadmin (or the user you specified previously):

Run the following on the node and copy the resulting json and pem files to /tmp on every node:


gen_httpstls_json.sh

In the test suite directory, run the following command to set the correct file permissions for the different areas OpenText™ Analytics Database:


sudo find /vertica/data/qa/vertica/QA/VT_Scenario -name \*.sh -exec chcon -v -R -t <Vertica file group> {} \;

The different file groups areas are: vertica_config_t (config files), vertica_log_t (log files), vertica_db_t (non-executables), and vertica_exec_t (executable files). The above command needs to be run any time new tests are added or the directory as a whole is synced.

On each node, run the install script:


/tmp/selinux/seinstall.sh

On one node, run the following command to create the database specifying the information for your system:


vcluster create_db --db-name <datebase name> --hosts <list of hosts> --catalog-path /vertica/catalog --data-path /vertica/depot --depot-path /vertica/depot --password <password> --depot-size <depot size> --verbose --communal-storage-location <s3 storage location> --shard-count <shard count>

Example command with system information:


vcluster create_db --db-name selinux_vdb --hosts 10.10.10.1,10.10.10.2,10.10.10.3,10.10.10.4 --catalog-path /vertica/catalog --data-path /vertica/depot --depot-path /vertica/depot --password pw --depot-size 80% --communal-storage-location s3://vertica-fleeting/selinux_vdb --shard-count 8

On each node, make sure both the nma and OpenText™ Analytics Database are not running unconfined using ps xfz. They should be running with the SELinux context system_u:object_r:vertica_exec_t.

Run a test suite to check to make sure that the installation was successful. For an example test suite, see Test Suite Example for Installing on SELinux. If you have any failures in the test, on one node, run the following commands:

audit2allow -a -M vertica /tmp/selinux/install-sepolicy.sh


You can also script the install of OpenText&trade; Analytics Database on SELinux. For a sample script, see Example Script for Installing on SELinux.