Installing the Model9 management server on zCX
Prerequisites
Prepare the environment for installation of the server on zCX by following these steps:
License key
Obtain a license key from Model9 by opening a “new license request” in the Model9 service portal: https://model9.atlassian.net/servicedesk/customer/portals
The output of the z/OS command “D M=CPU” is required.
zCX Configuration
Verify that the zCX instance has at least 8GB of memory.
Verify that the zCX root filesystem has at least 8GB of storage space.
Verify that the zCX data filesystem has at least 40GB of storage space (Extra data volumes can be added dynamically after instance creation).
Docker
Create docker volumes for the Model9 management server and database:
docker volume create model9 docker volume create model9db
Create a docker instance of alpine linux to unzip and edit the installation files.
# Running an alpine container and mounting the model9 docker volume docker run -d --rm --name dummy -v model9:/root s390x/alpine \ tail -f /dev/null
Upload the s390x installation zip to the zCX instance.
Copy the s390x installation zip from the zCX instance to the alpine container (one line):
docker cp model9-v2.0.0_build_f3aba202-s390x.zip dummy:/root/model9-2.0.0_build_f3aba202-s390x.zip
Optional: Install bash for advanced file edit capabilities
docker exec -it dummy sh apk update && apk add bash
Step 1: Unzip the installation file
Create the filesystem hierarchy using the following commands:
docker exec -it dummy sh cd /root unzip /root/model9-v2.0.0_build_f3aba202-s390x.zip # Logout of Alpine container (CTRL+D)
Step 2: Copy the containers to the zCX instance
Copy the docker containers from the alpine docker container:
docker cp dummy:/root/model9-v2.0.0_build_f3aba202-s390x.docker ./ docker cp dummy:/root/postgres-s390x-12.3.docker.gz ./
Step 3: Load the docker container to the zCX instance
Create the filesystem hierarchy using the following commands:
docker load -i model9-v2.0.0_build_f3aba202-s390x.docker docker load -i postgres-s390x-12.3.docker.gz
Step 4: Start the Model9 database container
Start the Model9 PostgreSQL database container using the following command:
docker run -p 127.0.0.1:5432:5432 \ -v model9db:/var/lib/postgresql/data:z \ --name model9db --restart unless-stopped \ -e POSTGRES_PASSWORD=model9 -e POSTGRES_DB=model9 -d s390x/postgres
Verify the health status of the container and make sure it is ready to accept connections by issuing the following command and verifying its output as shown in the following example:
docker logs model9db
Step 5: Update the Model9 management server parameters file
Login to the alpine container and edit the model9-local-yml file:
docker exec -it dummy sh cd /root vi conf/model9-local.yml #Logout of Alpine container (CTRL+D)
Some of the parameters are explained below:
model9.licenseKey: <license-key> model9.home: 'MODEL9_HOME' model9.security.dataInFlight.skipAgentHostNameVerification: true model9.security.dataInFlight.truststore.fileName: 'MODEL9_HOME/keys/model9-backup-truststore.jks' model9.security.dataInFlight.truststore.type: "JKS" model9.security.dataInFlight.truststore.password: "model9" model9.security.dataInFlight.keystore.fileName: 'MODEL9_HOME/keys/model9-backup-server.p12' model9.security.dataInFlight.keystore.type: "PKCS12" model9.security.dataInFlight.keystore.password: "model9" model9.session.timeout.minutes: 30 model9.master_agent.name: "<ip_address>" model9.master_agent.port: <port> # model9.objstore.resources.container.name: model9-data # model9.objstore.endpoint.api.id: s3 model9.objstore.endpoint.url: http://minio:9000 model9.objstore.endpoint.userid: <object store access key> model9.objstore.endpoint.password: <object store secret> model9.runlogs.expirationScanIntervalMinutes: <min> model9.runlogs.maxRetentionPeriodDays: <days> dataSource.user: postgres dataSource.password: model9
License Key – A valid Model9 license key as obtained in the prerequisites section. When using multiple keys for multiple CPCs, specify one of the keys in the server’s yml file. The server-initiated actions are carried out by the agent using its own defined license. The license key specified for the server is used for displaying a message regarding the upcoming expiration of the license.
Session timeout minutes - Specify the number of minutes following which an inactive UI session will end. The default is 30 minutes.
Master Agent – The agent running on z/OS which verifies the UI login credentials, hostname, IP address and port number.
Note
Specifying a distributed virtual IP address (Distributed VIPA) can provide high availability by allowing the use of agent groups and multiple agents. See the Administrator and User Guide for more details.
Objstore endpoint – object storage information including:
Parameter
Description
Required
Value
resources. container.name
Container/bucket name
no
default: model9-data
model9.objstore.endpoint.url
URL address of local or remote object storage, both HTTP and HTTPS** are supported
yes
default: none
Amazon AWS*: https://s3.amazonaws.com
Google Cloud Storage: https://storage.googleapis.com
model9.objstore.endpoint.userid
Access key to object storage
yes
default: none
model9.objstore.endpoint.password
Secret key to object storage
yes
default: none
model9.objstore.endpoint.api.id
The object storage API name
no
default: s3
Amazon AWS*: aws-s3
Microsoft Azure: azureblob
api.s3.v4signatures
When using object storage that uses V4 signatures, set this parameter to ‘true’ in addition to api.id: s3
no
default: false Cohesity: true HCP-CS: true
no.verify.ssl
when using the HTTPS protocol, whether to avoid SSL certificate verifications
no
default: true
* When using Amazon S3, see Appendix C: AWS S3 bucket permissions.
** Using HTTPS for the object storage URL parameter enables Data-in-Flight encryption.
Run logs expiration - Setting these parameters will trigger an automatic deletion of run logs from the server. Please note that the deletion is non-recoverable. The automatic deletion will not be executed as long as one of the following parameters is set to (-1):
Parameter
Description
Required
Value
model9.runlogs.expirationScanIntervalMinutes
This parameter determines the frequency of running the deletion process of old run logs.
no
default: -1 (never)
model9.runlogs.maxRetentionPeriodDays
This parameter determines after how many days a run log will expire and can be deleted by the automatic deletion process.
no
default: -1 (never)
DataSource - DB connection information.
Step 6: Starting the Model9 server
Once the object storage is available and the PostgreSQL container is running, start the server:
docker run -d -p 0.0.0.0:443:443 -p 0.0.0.0:80:80 \ -v $MODEL9_HOME:/model9:z -h $(hostname) --restart unless-stopped \ -e "TZ=America/New_York" \ -e "CATALINA_OPTS=-Xmx2048m -Djdk.nativeCBC=false -Xjit:maxOnsiteCacheSlotForInstanceOf=0" \ --link minio:minio --link model9db:model9db \ --name model9-v2.0.0 model9:v2.0.0.f3aba202