EYEv5 Installation Guide. January 2009, Glacier Consulting.

This guide provides installation instructions for the EYE collector and utilites. 

                              ----------------------
                              Utilities Installation
                              ----------------------

The utilities is used on a single monitoring server and consists of:

iHealth - Performs system checks based on collected data.
IDIST   - Performs EYE tasks on groups of servers, such as data collection.
iRead   - Displays the content and status of collected data.
iGrep   - Scans collected data for patterns, similar to the UNIX grep utility.
iDiff   - Functions similar to the UNIX diff utility on collected data.
iConfig - Text-based menu driven configuration utility for EYE. 

EYE Utilities Installation steps:
---------------------------------

If you are upgrading from a previous release:

1. In the program installation directory (default: /usr/local/eye)
	Save idist.rc, and any custom ihealth.rc and ihealth-HOSTXXX.rc files you may have.
2. Uninstall the old version of the EYE utilities (eye.utils.rte).
	On AIX:
	smitty install -> Software Maintenance -> Remove Installed Software
	Select eye.utils.rte under Software Name.

	On Linux:
	Remove all files & sub-directories in the program installation directory.
3. Remove all other files in /usr/local/eye (program installation directory).
4. Follow the below installation steps.

To install the new version:

On AIX, follow these steps:
1. Copy eye.utils-x.x.x-aix53.bff to /tmp/eye on the server that will perform the monitoring and analysis.
2. Run: inutoc /tmp/eye
3. Run: smit install_all and select and install 'eye.utils.rte'.
4. Configure EYE utilities by running: ./iconfig (see README.iconfig)
	If you are upgrading, you should select Maintenance -> Import NetHosts if you want your old hosts to be automatically imported into the EYE v5 database.
5. Configure trusted SSH keys from this monitoring server to each client machine (see "SSH trusted key setup").

On Linux, follow these steps:
1. Copy the eye.utils-x.x.x-linux.tgz file to /tmp/eye on the monitoring server.
2. Create a directory where the utilities should operate from, i.e.:
	mkdir /support/eye
	cd /support/eye
3. Run: tar xzvf /tmp/eye/eye.utils-x.x.x-linux.tgz

Configure EYE utilities, by running: ./iconfig (see README.iconfig)
-  See README.iconfig for EYE configuration documentation.
-  The minimum configuration requirement (using iconfig) is:
   * Global settings - set the HTML report output directory.
   * Configure one or more NetHosts (client machines).
5. Configure trusted SSH keys from this monitoring server to each client machine (see "SSH trusted key setup").

                              ----------------------
                              Collector Installation
                              ----------------------

         --------------------------------------------------------------------
                WARNING: USAGE GUIDELINES FOR THE COLLECTOR UTILITY
         --------------------------------------------------------------------

Never manually copy an icol.exe program between different releases of AIX, for example between AIX v5.2 to AIX v5.3.

A known AIX defect (IY79272 on AIX 5.2, IY84261 on AIX 5.3) may cause a system crash should this guideline not be adhered to.

If the AIX SMIT utility is used to install the EYE utilities, this will not be an issue as it is not possible to install the incorrect version of the utilities on any system when SMIT is used.

As with any software, it is highly recommended that you test each release of the EYE utilities and collector software before attempting wide-scale deployment.

EYE Collector
-------------

The icol collector gathers a snapshot of critical client system data which can be analysed by the EYE utilities, or manually inspected at a remote location.

The collector is normally installed (as root) on each client server that should be analysed. On environments with restricted access such as pSeries HMC systems, it is still posible to collect information without the collector installed. This is referred to as agentless operation mode.

Installation of the Collector on AIX:
-------------------------------------

Parallel Installation:
1. Install the EYE utilities, as per the above instructions.
2. Ensure SSH trusted key authentication is set up and functional between the server that contains the EYE utilities and each client (for more information, refer to "SSH trusted key setup").

Do not continue unless you have manually tested an SSH connection to each client machine without a password. (The SSH software needs to have added the SSH key fingerprint to known_hosts, and should not display messages like "Authenticity of host X not established. Continue (y/n)?").

3. Use the iconfig utility to create a NetHost for each client machine that requires the collector:

Run: ./iconfig
Select NetHosts -> 3. Add NetHost
Enter a unique name for the NetHost. The name must be reachable via SSH.
Enter a primary group for the NetHost. This is required to group similar types of client machines (i.e. use group 'prod' for production client machines).

4. Continue with the following step if the client machine is an HMC, or an environment that should not have the collector installed:
Select and set Communication Method to 'ssh'.
Select and set Connection Arguments to 'hscroot@hmchostname'.

*Note: Agentless data collection is not recommended for servers other than pSeries HMCs. 
5. Press C to continue and save the new configuration. Repeat step 3 as required.

6. It should now be possible to use the IDIST utility to install the collector tool simultaneously on one or more client machines. Continue with "Manual Collector Installation" should you prefer to not use IDIST.

Idist installation examples:
To install the collector on each client that belongs to the group 'prod':
./idist.exe install -l ./eye.collector-4.x.x.x-aix53 prod

To install the collector on all client machines:
./idist.exe install -l ./eye.collector-4.x.x.x-aix53 all

To install the collector on a user-specified list of servers:
./idist.exe install -l ./eye.collector-4.x.x.x-aix53 -w server1,server2,serverN

Note:
It is not necessary to perform separate installations for each version of AIX, as long as all the relevant BFF installation files are present in the directory specified by the -l option. The idist utility will then automatically determine and adjust the name of the BFF installation file to use on each target client machine.

7. The collector should now have been installed to /var/eye on each client system, and data can now be collected and analysed.

If any problems are encountered, see the -v and -D options as described in README.idist.

Manual Collector Installation (AIX):
1. Upload the eye.collector-xxx-bff installation file to /tmp/eye on the target server.
2. Run "inutoc /tmp/eye".
3. Run smitty install_all, and install the eye.collector.rte fileset.
4. Configure /usr/local/eye/icol.rc (using icol.rc.sample).

Manual Collector Installation (other UNIX systems):
1. Upload eye.collector-4.x.x.x-platform.tgz to /tmp/eye on the target server.
2. Run "mkdir -p /usr/local/eye && cd /usr/local/eye" 
3. Run "tar zxvf /tmp/eye/eye.collector-4.x.x.x-platform.tgz".
3. Configure /usr/local/eye/icol.rc (using icol.rc.sample).

Agentless Operation Mode:
In this mode of operation, the collector runs on the monitoring server itself, without the collector being installed on the remote client machine. This is not recommended for normal AIX client machines, as data collection is not as complete as with the fully installed collector, but is required for the monitoring of pSeries HMC systems.

1. Install the collector utility on the monitoring server itself as per the above steps.
2. Ensure that this server is SSH trusted-key enabled, and that passwordless logins can be made to each client.
3. Change the configuration of each agentless NetHost, as per step 4 of the collector installation instructions.
4. This will enable the IDIST utility to collect information from these NetHosts, just as per any other client machine.

SSH Trusted Key Setup:
1. If the client machine is an HMC:  Enable SSH access to the HMC using WebSM or the web-browser interface, as described in the IBM pSeries HMC documentation.
2. Copy the existing authorized_keys2 file from the client machine:
	For an HMC:
   scp hscroot@hmchostname:~/.ssh/authorized_keys2 /tmp

	For an AIX/Linux server:
   scp hscroot@hmchostname:~/.ssh/authorized_keys /tmp

3. Generate a SSH keypair for your local user unless it already exists in ~/.ssh/id_dsa.pub.
   ssh-keygen -t dsa
4. Add your public key to the authorized_keys file:
	On HMC systems:
   cat ~/.ssh/id_dsa.pub >> /tmp/authorized_keys2

	On AIX/Linux systems:
   cat ~/.ssh/id_dsa.pub >> /tmp/authorized_keys
5. Copy the modified file back to the client machine.
   scp /tmp/authorized_keys2 hscroot@hmchostname:~/.ssh/authorized_keys2
6. Delete the local /tmp/authorized_keys file.
	rm /tmp/authorized_keys
7. Test that you are able to perform an SSH login without a password:
	On HMC systems:
	ssh hscroot@hmcname

	On AIX/Linux systems:
	ssh root@host

8. If step 7 fails, you should check if 'PermitRootLogin' is set to Yes.

Usage instructions can be found in README.idist and README.icol.