Installing the Database in Azure

This section provides information about installing the ArcSight Database in Azure.

Preparing the Azure Virtual Machine

This section describes how to prepare the Azure virtual machine for database installation.

  1. Log in to the Azure portal.
  2. Select an active Azure subscription.
  3. Click Create a Resource or select an existing resource.
  4. In the search box (case-insensitive), specify CentOS 8.4 and select an image.
  5. Click create.
  6. In the Virtual machine name field, specify a name for the virtual machine.
  7. In the Image drop-down list, select the supported image.
  8. In the Size drop-down list, select the VM that will be accomplishing the database requirements. For example, D8s_v3.
  9. Select the appropriate Authentication type, and specify the details.
  10. In the Select inbound ports drop-down list, be sure SSH (22) is selected.
  11. In the Public inbound ports area, select the Allow selected ports option.
  12. Click Next: Disks.
  13. On the Disks tab, create a new disk of minimum size 256 GB.
  14. For Data disks and Host caching select Read/write.
  15. Select the Networking and your Virtual network.
  16. For subnet, create or select a subnet for the database and select it in the subnet drop-down..
  17. Click Review + create to review and create a VM. (Give the deployment time to complete.)
  18. Click Create.
  19. Click Go to your resource and launch the new VM.
  20. In the left navigation panel, click Overview > DNS Name.
  21. Set Assignment to static and then specify the DNS name label.
  22. Click Save.
  23. In the left navigation pane, click Networking.
  24. Select your Network Interface.
  25. From the left menu, select IP configuration.
  26. Navigate to the IP Forwarding Field, and select Enabled.
  27. Click Save.
You must create one virtual machine for each database node.
  1. SSH to your VM with it's public IP address.
  2. Log in with your VM user, then become root.
  3. Change your root password.
  4. Create a folder for the ArcSight database by running the command:
    5. mkdir /opt/vertica

  5. Find the device for the data disk by running the following command: 

    fdisk -l
    Depending on your VM, the result can be sdc, sdb, etc.
  6. Create partitions on the data disk using the datadisk you obtained in the previous step.
    The ArcSight database requires a minimum 2 GB swap partition irrespective of the amount of RAM installed. The remaining part of the disk, you can format using ext4 and mount it to /opt/vertica.
    [root@vertica1 ~]# fdisk /dev/<datadisk>

    1. Specify n and press Enter.

    2. Press Enter.

    3. Press Enter.

    4. Press Enter

    5. Specify the value for ${sizePartitionForSwap} and press Enter.

      You must provide the value in KB, minimum value is 2 GB.

    6. Specify n and press Enter.

    7. Press Enter.

    8. Press Enter.

    9. Press Enter.

    10. Specify p and press Enter.

    11. Specify w and press Enter.

    For instance:

    7. Welcome to fdisk (util-linux 2.23.2)

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
 
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x2959fe99.
 
The device presents a logical sector size that is smaller than
the physical sector size. Aligning to a physical sector (or optimal
I/O) size boundary is recommended, or performance may be impacted.
 
Command (m for help): n
Partition type:
p   primary (0 primary, 0 extended, 4 free)
e   extended
Select (default p):
Using default response p
Partition number (1-4, default 1):
First sector (2048-536870911, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-536870911, default 536870911): 
${sizePartitionForSwap}
Partition 1 of type Linux and of size X GiB is set
 
Command (m for help): n
Partition type:
p   primary (1 primary, 0 extended, 3 free)
e   extended
Select (default p):
Using default response p
Partition number (2-4, default 2):
First sector (4196352-536870911, default 4196352):
Using default value 4196352
Last sector, +sectors or +size{K,M,G} (4196352-536870911, default 536870911):
Using default value 536870911
Partition 2 of type Linux and of size XXX GiB is set
 
Command (m for help): p
 
Disk /dev/<datadisk>: XXX GB, 274877906944 bytes, 536870912 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: dos
Disk identifier: 0xcca9a285
 
Device Boot             Start         End      Blocks   Id  System
/dev/<datadisk>1         2048     2097152     1047552+  83  Linux
/dev/<datadisk>2      2099200   536870911   267385856   83  Linux
 
Command (m for help): w
The partition table has been altered!
 
Calling ioctl() to re-read partition table.
Syncing disks.
  7. Create a swap partition by running the command:
    8. mkswap /dev/<datadisk>1
  8. Activate the swap partition by running the command:
    9. swapon /dev/<datadisk>1
  9. To format the rest of disk to ext4, run the command:
    10. mkfs.ext4 /dev/<datadisk>2
  10. Get the last created UUID of the disks from the output by running the command:
    11. blkid

  11. For the swap partition (<datadisk>1) and for the rest of the disk (<datadisk>2), note of the given UUID values, modify the /etc/fstab file, and add the following lines by replacing the UUIDs:

    12. UUID=<UUID <datadisk>1>    none	  swap	sw	  0 0
UUID=<UUID <datadisk>2>    /opt/vertica  ext4	 defaults  0 0
  12. Mount all by running the command:
    13. mount -a
  13. Check if /opt/vertica is assigned by running the command:
    14. df -h
  14. Enable the swap partition by running the command:
    15. swapon -a
  15. Check the swap partition size by running the command:
    16. free -h
  16. Repeat these steps for each expected database node.

Installing Prerequisites

This section describes how to install the prerequisites necessary to install the Azure database.

  1. Configure passwordless communication from the node1 server to all of the node servers in the cluster.

    1. On the node1 server, run the ssh-keygen command:

      ssh-keygen -t rsa

    2. Copy the key from node1 to all of the nodes, including node1, using the node IP address:

      ssh-copy-id -i ~/.ssh/id_rsa.pub root@$node1
ssh-copy-id -i ~/.ssh/id_rsa.pub root@$node2
ssh-copy-id -i ~/.ssh/id_rsa.pub root@$node3
  2. Set up and activate /etc/rc.local by running the following command:
    3. #!/bin/sh
function drive {
block_device=`realpath $(df $1 | grep '^/' | cut -d' ' -f1)`
partition=$(echo $block_device | sed -e "s#/dev/##")
if [[ $partition == dm-* ]]; then
echo $partition
else
echo $partition | cut -c1-3
fi
}
cat > /etc/rc.local << EOF
#!/bin/sh
touch /var/lock/subsys/local
/sbin/blockdev --setra 2048 /dev/$(drive /)
/sbin/blockdev --setra 2048 /dev/$(drive /opt/vertica)
echo deadline > /sys/block/$(drive /)/queue/scheduler
echo deadline > /sys/block/$(drive /opt/vertica)/queue/scheduler
echo madvise > /sys/kernel/mm/transparent_hugepage/enabled
tuned-adm profile throughput-performance
EOF
chmod 755 /etc/rc.local
/etc/rc.local

  3. Add the following parameters to /etc/sysctl.conf.

    net.core.somaxconn = 1024
net.core.wmem_max = 16777216	
net.core.rmem_max = 16777216
net.core.wmem_default = 262144
net.core.rmem_default = 262144
net.core.netdev_max_backlog = 100000
net.ipv4.tcp_mem = 16777216 16777216 16777216
net.ipv4.tcp_wmem = 8192 262144 8388608
net.ipv4.tcp_rmem = 8192 262144 8388608
net.ipv4.udp_mem = 16777216 16777216 16777216
net.ipv4.udp_rmem_min = 16384
net.ipv4.udp_wmem_min = 16384
vm.swappiness = 1

    where,

    4. Parameter Description
    net.core.somaxconn = 1024 Increases the number of incoming connections
    net.core.wmem_max = 16777216 Sets the send socket buffer maximum size in bytes
    net.core.rmem_max = 16777216 Sets the receive socket buffer maximum size in bytes
    net.core.wmem_default = 262144 Sets the receive socket buffer default size in bytes
    net.core.rmem_default = 262144 Controls the default size of receive buffers used by sockets
    net.core.netdev_max_backlog = 100000 Increase the length of the network interface input queue
    net.ipv4.tcp_mem = 16777216 16777216 16777216
    net.ipv4.tcp_wmem = 8192 262144 8388608
    net.ipv4.tcp_rmem = 8192 262144 8388608
    net.ipv4.udp_mem = 16777216 16777216 16777216
    net.ipv4.udp_rmem_min = 16384
    net.ipv4.udp_wmem_min = 16384
    vm.swappiness = 1

    Defines the amount and frequency at which the kernel copies RAM contents to a swap space

    For more information, see Check for Swappiness.

  4. Next, run the following command:

    sysctl -p

  5. To disable the firewall WARN (N0010), use iptables

    iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
systemctl mask firewalld
systemctl disable firewalld
systemctl stop firewalld
    The database requires several ports to be open on the local network. Micro Focus does not recommend that you place a firewall between nodes (all nodes should be behind a firewall), but if you must use a firewall between nodes, ensure that all the database ports are available. For more information, see Firewall Considerations.
  6. Set SELinux to permissive mode in /etc/selinux/config. 
    SELINUX=permissive

    For more information, see SELinux Configuration.

  7. Run the following command: 

    setenforce permissive

  8. In /etc/default/grub, append the following lines:

    GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet intel_idle.max_cstate=0 processor.max_cstate=1 intel_pstate=disable"
    grub2-mkconfig -o /boot/grub2/grub.cfg />
  9. Depending on your OS (RHEL/CentOS 8.4), run the following command:
    10. echo madvise > /sys/kernel/mm/transparent_hugepage/enabled
##? echo madvise > /sys/kernel/mm/redhat_transparent_hugepage/defrag
##> echo no > /sys/kernel/mm/redhat_transparent_hugepage/khugepaged/defrag
### Changed: cpupower frequency-set --governor performance #### CentOS only, resolve WARN (S0140/S0141)

  10. Depending on your OS (RHEL/CentOS 8.4), run the following command:

    11. myroot=`df -h | grep '/$' | awk '{print $1}'`
myopt=`df -h | grep '/opt' | awk '{print $1}'`
  
echo deadline > /sys/block/sdb/queue/scheduler    #### Resolve FAIL (S0150)
/sbin/blockdev --setra 8192 $myopt                #### Resolve FAIL (S0020)
/sbin/blockdev --setra 2048 $myroot
echo madvise > /sys/kernel/mm/transparent_hugepage/enabled  
echo deadline > /sys/block/sda/queue/scheduler
tuned-adm profile throughput-performance #### CentOS only, resolve WARN (S0140/S0141)
  11. If you have a high-concurrency workload and if the database is CPU bound, reboot the virtual machine by running the following command; otherwise skip this step.
    12. sudo sysctl -w net.core.netdev_max_backlog=2000

  12. Run this command to ensure that rng-tools packages are installed in all cluster nodes:

    sudo dnf install rng-tools -y

  13. Set the UTC time for all cluster nodes:

    sudo timedatectl set-timezone UTC
    For CentOS 8.4, any changes to the timezone will require a cluster nodes reboot.
  14. Reboot for your changes to take effect.

  15. For RHEL/CentOS 8.x, you must run RHEL/CentOS 8.x using the following command:

    dnf install libnsl

  16. Modify the /etc/bashrc by running the following command:

    export VERTICA_FAILURE_THRESHOLD=FAIL
  17. Repeat these steps for each expected database node.

Configuring and Installing the Database Server

This section describes how to configure and install the Azure database.

  1. Prepare the Azure Storage account.

    1. Log in to the Azure portal.

    2. From the left portal menu, select Storage Accounts to display a list of your storage accounts.

    3. On the Storage Accounts page, select Create.

    4. On the Basics tab, select Resource Group.

    5. Enter Storage account name, Region, and Performance as standard for storage account.

    6. On the Advanced tab, select Blob storage Access tier as Hot.

    7. On the Networking tab, select Connectivity method as Public endpoint (all networks) and Routing preference as Microsoft network routing.

    8. On the Data Protection tab, select Enable soft delete for blobs and set Days to retain deleted blobs to 7.

    9. On the Tags tab, enter values for Owner and Product.

    10. On the Review + create tab, verify the storage account you prepared and click Create.

  2. Create a private endpoint to connect to Azure Storage Account.

    1. Log in to the Azure portal.

    2. Select the storage account you created in Step 1.

    3. Navigate to Security + Networking in the left menu and click Networking.

    4. Select Private endpoint connections and click +Private endpoint.

    5. On the Basics tab, select Resource group from the drop down list.

    6. Enter Name and Region.

    7. On the Resource tab, select Target sub-resource as Blob from the drop down list.

    8. On the Configuration tab, select Virtual network, subnet from the drop down list.

    9. Set Integrate with private DNS zone to Yes.

    10. On the Tags tab, enter values for Owner and Product.

    11. On the Review + create tab, verify the DNS configuration for private endpoint and click Create.

    This IP address and FQDN must be resolved from the Database Node.

  3. Create a Blob container in Azure Storage.

    1. Log in to the Azure portal.

    2. Select the storage account you created in Step 1.

    3. Navigate to Data Storage in the left menu and click blob containers.

    4. Click + Container.

    5. Enter a name for the new container.

    6. Set the Public access level. Default is Private.

    7. Click Create to create the container.

  4. Collect Blob storage details.

    1. Log in to the Azure portal.

    2. Select the storage account you created in Step 1.

    3. Navigate to Security + Networking in the left menu and click Access Keys.

    4. On the Show keys tab, click Rotate key icon to generate a key.

    5. Collect the Storage account name and the generated key.

    6. Navigate to Security + Networking in the left menu and click Networking.

    7. Click Private endpoint connections, the Private endpoint tab and then in the left menu click DNS configuration.

    8. Make note of the FQDN and IP address.

    9. Navigate to Data Storage in the left menu and select the container you created in Step 3.

    10. Navigate to Properties in the left menu and collect the container URL.

  1. (Conditional) Update CentOS.

    If you are deploying the database with CentOS 8.4 2105, you need to update the distros by running the commands below on all database nodes:

    sudo dnf --disablerepo '*' --enablerepo=extras swap centos-linux-repos centos-stream-repos
sudo dnf distro-sync
    If the distro repository is broken, update the --enablerepo repositories from: https://www.centos.org/centos-stream/.

  2. On the Database cluster node1 server, create a folder for the database installer:

    mkdir /opt/arcsight-db-tools

  3. From the master node where you performed the Downloading Installation Packages steps, copy the following directory on the Database cluster node1 server:

    {unzipped-installer-dir}/installers/database/db-installer_x.x.x-x.tar.gz file to the /opt/arcsight-db-tools

  4. To extract the installer file and place it in the correct directory, run the following commands:

    cd /opt/arcsight-db-tools
    tar xvfz db-installer_x.x.x.x.tar.gz

  5. Navigate to the config directory. Edit the db_user.properties file and add the private IPs of the Azure VM nodes under the host parameter.

    For example:

    hosts=<IP node1>,<IP node2>,<IP node3>

  1. Navigate to the /opt/arcsight-db-tools folder.

  2. Install the database:

    ./db_installer install

  3. (Conditional) If the license file is not found, then enter y to continue using the community license.

  4. When prompted, create the database administrator user and specify a password for it.

  5. Specify the shard count. We recommend a shard count of 3 for single-node, or a count of 18 for multi-node to allow for scalability. The prompt options are based on your environment, single-node or multi-node.

  6. Choose a communal storage type : 2 (Azure Blob storage)

  7. Specify the account name: As collected in Step 4

  8. Enter N to not use manage authentication.

  9. Specify the account key: As collected in Step 4

  10. Enter y to enable TLS.

  11. Specify the Azure container for communal storage: As collected in Step 4

  12. Specify a folder inside the container for communal storage.

  1. Log in to the Azure portal.

  2. Navigate to the database node 1 VM which you created.

  3. Navigate to Identity in the left menu.

  4. Switch on System Assigned and save the set up.

  5. Repeat the two previous steps for all database node VMs.

  6. Navigate to the resource group where the VM is located.

  7. Navigate to Access control (IAM) in the left menu.

  8. Click Add Role Assignment.

  9. Select the role as Storage Blob Data Owner.

  10. Click Next.

  11. On the Members tab, set Assigned access to as User, group or server principal.

  12. On Select Members, select your member.

  13. Switch Assigned access to to Managed Identity.

  14. Add your database VM as a member.

  15. Click Review + Assign.

  16. Navigate to the storage account.

  17. Navigate to Access control (IAM) in the left menu.

  18. Click Add Role Assignment.

  19. Select the role as Storage Blob Data Owner.

  20. Click Next.

  21. On the Members tab, set Assigned access to as User, group or server principal.

  22. On Select Members, select your member.

  23. Switch Assigned access to to Managed Identity.

  24. Add your database VM as a member.

  25. Click Review + Assign.

  26. On the Database cluster node1 server , navigate to the /opt/arcsight-db-tools folder.

  27. Install the database:

    ./db_installer install

  28. (Conditional) If the license file is not found, then enter y to continue using the community license.

  29. When prompted, create the database administrator user and specify a password for it.

  30. Specify the shard count. We recommend a shard count of 3 for single-node, or a count of 18 for multi-node to allow for scalability.

  31. Choose a communal storage type: 2 (Azure Blob Storage)

  32. Specify the account name: As collected in Step 4

  33. Enter Y to use manage authentication.

  34. Specify the Azure container for communal storage: As collected in Step 4

  35. (Conditional) Specify a folder inside the container for communal storage.

If you rotate the access keys to your Azure storage account after database installation, log in to the master node and run the following query to update the key credentials in the database:
ALTER DATABASE DEFAULT SET AzureStorageCredentials = '[{"accountName":accountname", "accountKey":"new account key", "blobEndpoint": "blob endpoint"}]';