- Notes, cautions, and warnings
- Introduction
- Linux
- Overview—deployment steps and options
- Preparation for deployment
- Download installation packages—Linux
- Deploying PowerFlex with SELinux
- Prepare server operating systems for support of large-scale systems (up to 2048 SDCs)
- Prepare the DAX devices
- Install and configure the PowerFlex Gateway
- Install PowerFlex Gateway on Linux
- Install PowerFlex Gateway on Windows
- Configure PowerFlex Gateway properties
- Advanced and optional PowerFlex Gateway tasks
- Install the PowerFlex Gateway without assigning an admin password
- Reset PowerFlex Gateway password
- Store Tomcat's keystore password in the lockbox
- PowerFlex Gateway installation with a custom Java configuration
- Install Java on SUSE 12 servers
- Certificate management for PowerFlex Gateway
- Using SSH authentication on the PowerFlex Gateway
- Preparation tasks for SLES, Oracle Linux and Ubuntu
- Prepare the CSV file
- Clean the PowerFlex VMware environment
- Deploying PowerFlex using a non-root user
- Configure the OpenStack Nova Compute service
- Deploy PowerFlex
- Installation wizard
- Customizable installation using CSV file—hyper-converged system
- Customizable installation using CSV file—two-layer system
- Log in and upload installation packages
- Upload the CSV file
- Start the customized installation
- Complete the customized installation—two-layer system backend
- Install SDC on frontend servers
- Install the PowerFlex presentation server
- SDC (scini) driver configuration for SELinux
- Add components to a PowerFlex system—Linux
- VMware ESXi
- Overview—deployment steps
- Preparation for deployment
- Deploy PowerFlex using the vSphere PowerFlex plug-in
- Manually deploy PowerFlex on ESXi servers
- Manual Deployment of VxFlex OS on ESXi Servers
- Deploying the PowerFlex storage virtual machine (SVM)
- Manually install PowerFlex components on the SVMs
- Register the vSphere PowerFlex plug-in
- Install SDC on an ESXi server using the vSphere PowerFlex plug-in
- Install the SDC on an ESXi-based server and connect it to PowerFlex using esxcli
- Manually remove a VIB file from an ESXi host
- Add components to a PowerFlex system—ESXi
- PowerFlex Installer REST API
- PowerFlex VASA
- Post-deployment tasks
Deploy Dell PowerFlex v3.6.x
Load the PowerFlex SELinux module
Load the PowerFlex Security-Enhanced Linux (SELinux) module and prepare to deploy it or run it on the system.
Steps
-
Ensure that you are in the correct folder for SELinux, using the command:
pwd
Expected location: /var/PowerFlex_SELinux/Go to the folder, if necessary. -
To load the policy and additional settings without impacting a deployed system, run the following command to set the current state of SELinux to Permissive state:
setenforce 0
-
Run the following command to load the SELinux module:
semodule -i dell-vxflex.pp -vv
Expected result:Attempting to install module 'dell-vxflex.pp': Ok: return value of 0. Committing changes: Ok: transaction number 0
-
Run the following command:
restorecon -RF /opt/emc
This command corrects any missing labels in all directories and files in /opt/emc. -
Configure the
PowerFlex ports in SELinux:
NOTE: Only run commands on the relevant node. For example, if the PowerFlex presentation server or PowerFlex Gateway is on a stand-alone node, do not enable the MDM, SDS, SDR, or LIA ports.
For relevant port information, see "Port usage and changing default ports" in the PowerFlex Security Guide corresponding to the PowerFlex version you are using.
If the default ports settings were changed for any process, update the command below accordingly (for example, for the PowerFlex presentation server https port).
/usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 25620; /usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 9011; /usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 6611; /usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 7611; /usr/sbin/semanage port -N -a -t vxflex_mdm_port_t -p tcp 25600; /usr/sbin/semanage port -N -a -t vxflex_lia_port_t -p tcp 9099 ; /usr/sbin/semanage port -N -a -t vxflex_sdr_port_t -p tcp 11088; /usr/sbin/semanage port -N -a -t vxflex_sds_port_t -p tcp 7072; /usr/sbin/semanage port -N -a -t vxflex_sds_port_t -p tcp 25640; /usr/sbin/semanage port -N -a -t vxflex_gateway_port_t -p tcp 443; /usr/sbin/semanage port -N -a -t vxflex_gateway_port_t -p tcp 8080;
NOTE: Ports 443 and 8080 are usually enabled by default in SELinux and might return the following error:ValueError: Port tcp/443 already defined ValueError: Port tcp/8080 already defined
In this case, proceed. This is a valid error.
/usr/sbin/semanage port -N -a -t vxflex_mgmt_port_t -p tcp 8443; /usr/sbin/semanage port -N -a -t vxflex_mgmt_port_t -p tcp 8080;
-
Run the following command:
setenforce 1
This command changes the SELinux state to the targeted state for the current run time. - Repeat the steps above on all nodes that will run with SELinux.
Results
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\