mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-02 20:02:29 +01:00
168 lines
8.6 KiB
XML
168 lines
8.6 KiB
XML
<?xml version='1.0' encoding='utf-8' ?>
|
|
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
|
|
%BOOK_ENTITIES;
|
|
]>
|
|
|
|
<!-- Licensed to the Apache Software Foundation (ASF) under one
|
|
or more contributor license agreements. See the NOTICE file
|
|
distributed with this work for additional information
|
|
regarding copyright ownership. The ASF licenses this file
|
|
to you under the Apache License, Version 2.0 (the
|
|
"License"); you may not use this file except in compliance
|
|
with the License. You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing,
|
|
software distributed under the License is distributed on an
|
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
KIND, either express or implied. See the License for the
|
|
specific language governing permissions and limitations
|
|
under the License.
|
|
-->
|
|
<section id="management-server-install-db-local">
|
|
<title>Install the Database on the Management Server Node</title>
|
|
<para>This section describes how to install MySQL on the same machine with the Management Server.
|
|
This technique is intended for a simple deployment that has a single Management Server node. If
|
|
you have a multi-node Management Server deployment, you will typically use a separate node for
|
|
MySQL. See <xref linkend="management-server-install-db-external"/>.</para>
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>Install MySQL from the package repository of your distribution:</para>
|
|
<para condition="community">On RHEL or CentOS:</para>
|
|
<programlisting language="Bash">yum install mysql-server</programlisting>
|
|
<para condition="community">On Ubuntu:</para>
|
|
<programlisting language="Bash">apt-get install mysql-server</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Open the MySQL configuration file. The configuration file is <filename>/etc/my.cnf</filename> or
|
|
<filename>/etc/mysql/my.cnf</filename>, depending on your OS.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Insert the following lines in the [mysqld] section. </para>
|
|
<para>You can put these lines below the datadir line. The max_connections parameter should be
|
|
set to 350 multiplied by the number of Management Servers you are deploying. This example
|
|
assumes one Management Server.</para>
|
|
<note>
|
|
<para>On Ubuntu, you can also create a file <filename>/etc/mysql/conf.d/cloudstack.cnf</filename> and add these
|
|
directives there. Don't forget to add [mysqld] on the first line of the file.</para>
|
|
</note>
|
|
<programlisting language="Bash">innodb_rollback_on_timeout=1
|
|
innodb_lock_wait_timeout=600
|
|
max_connections=350
|
|
log-bin=mysql-bin
|
|
binlog-format = 'ROW'</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Start or restart MySQL to put the new configuration into effect.</para>
|
|
<para>On RHEL/CentOS, MySQL doesn't automatically start after installation. Start it
|
|
manually.</para>
|
|
<programlisting language="Bash">service mysqld start</programlisting>
|
|
<para>On Ubuntu, restart MySQL.</para>
|
|
<programlisting language="Bash">service mysqld restart</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>(CentOS and RHEL only; not required on Ubuntu)</para>
|
|
<warning>
|
|
<para>On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly
|
|
recommended that you set a root password as a security precaution. </para>
|
|
</warning>
|
|
<para>Run the following command to secure your installation. You can answer "Y" to all
|
|
questions.</para>
|
|
<programlisting language="Bash">mysql_secure_installation</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>&PRODUCT; can be blocked by security mechanisms, such as SELinux. Disable SELinux to
|
|
ensure + that the Agent has all the required permissions.</para>
|
|
<para>Configure SELinux (RHEL and CentOS):</para>
|
|
<orderedlist numeration="loweralpha">
|
|
<listitem>
|
|
<para>Check whether SELinux is installed on your machine. If not, you can skip this
|
|
section.</para>
|
|
<para>In RHEL or CentOS, SELinux is installed and enabled by default. You can verify this
|
|
with:</para>
|
|
<programlisting language="Bash"><command>$ rpm -qa | grep selinux</command></programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Set the SELINUX variable in <filename>/etc/selinux/config</filename> to
|
|
"permissive". This ensures that the permissive setting will be maintained after a system
|
|
reboot.</para>
|
|
<para>In RHEL or CentOS:</para>
|
|
<programlisting language="Bash">vi /etc/selinux/config</programlisting>
|
|
<para>Change the following line</para>
|
|
<programlisting>SELINUX=enforcing</programlisting>
|
|
<para>to this:</para>
|
|
<programlisting>SELINUX=permissive</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Set SELinux to permissive starting immediately, without requiring a system
|
|
reboot.</para>
|
|
<programlisting language="Bash"><command>$ setenforce permissive</command></programlisting>
|
|
</listitem>
|
|
</orderedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Set up the database. The following command creates the "cloud" user on the
|
|
database.</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>In dbpassword, specify the password to be assigned to the "cloud" user. You can
|
|
choose to provide no password although that is not recommended.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>In deploy-as, specify the username and password of the user deploying the database.
|
|
In the following command, it is assumed the root user is deploying the database and
|
|
creating the "cloud" user.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>(Optional) For encryption_type, use file or web to indicate the technique used to
|
|
pass in the database encryption password. Default: file. See <xref
|
|
linkend="about-password-encryption"/>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>(Optional) For management_server_key, substitute the default key that is used to
|
|
encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It
|
|
is highly recommended that you replace this with a more secure value. See <xref
|
|
linkend="about-password-encryption"/>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>(Optional) For database_key, substitute the default key that is used to encrypt
|
|
confidential parameters in the &PRODUCT; database. Default: password. It is highly
|
|
recommended that you replace this with a more secure value. See <xref
|
|
linkend="about-password-encryption"/>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>(Optional) For management_server_ip, you may explicitly specify cluster management
|
|
server node IP. If not specified, the local IP address will be used.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<programlisting language="Bash">cloudstack-setup-databases cloud:<dbpassword>@localhost \
|
|
--deploy-as=root:<password> \
|
|
-e <encryption_type> \
|
|
-m <management_server_key> \
|
|
-k <database_key> \
|
|
-i <management_server_ip></programlisting>
|
|
<para>When this script is finished, you should see a message like “Successfully initialized
|
|
the database.”</para>
|
|
<note>
|
|
<para>If the script is unable to connect to the MySQL database, check
|
|
the "localhost" loopback address in <filename>/etc/hosts</filename>. It should
|
|
be pointing to the IPv4 loopback address "127.0.0.1" and not the IPv6 loopback
|
|
address ::1. Alternatively, reconfigure MySQL to bind to the IPv6 loopback
|
|
interface.
|
|
</para>
|
|
</note>
|
|
</listitem>
|
|
<listitem>
|
|
<para>If you are running the KVM hypervisor on the same machine with the Management Server,
|
|
edit /etc/sudoers and add the following line:</para>
|
|
<programlisting language="Bash">Defaults:cloud !requiretty</programlisting>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Now that the database is set up, you can finish configuring the OS for the Management
|
|
Server. This command will set up iptables, sudoers, and start the Management Server.</para>
|
|
<programlisting><prompt>#</prompt> cloudstack-setup-management</programlisting>
|
|
<para>You should see the message “&PRODUCT; Management Server setup is done.”</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
</section>
|