| <?xml version='1.0' encoding='utf-8' ?> |
| <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ |
| <!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent"> |
| %BOOK_ENTITIES; |
| ]> |
| |
| <!-- Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| http://www.apache.org/licenses/LICENSE-2.0 |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| <section id="management-server-install-db-local"> |
| <title>Install the Database on the Management Server Node</title> |
| <para>This section describes how to install MySQL on the same machine with the Management Server. |
| This technique is intended for a simple deployment that has a single Management Server node. If |
| you have a multi-node Management Server deployment, you will typically use a separate node for |
| MySQL. See <xref linkend="management-server-install-db-external"/>.</para> |
| <orderedlist> |
| <listitem> |
| <para>Install MySQL from the package repository of your distribution:</para> |
| <para condition="community">On RHEL or CentOS:</para> |
| <programlisting language="Bash">yum install mysql-server</programlisting> |
| <para condition="community">On Ubuntu:</para> |
| <programlisting language="Bash">apt-get install mysql-server</programlisting> |
| </listitem> |
| <listitem> |
| <para>Open the MySQL configuration file. The configuration file is <filename>/etc/my.cnf</filename> or |
| <filename>/etc/mysql/my.cnf</filename>, depending on your OS.</para> |
| </listitem> |
| <listitem> |
| <para>Insert the following lines in the [mysqld] section. </para> |
| <para>You can put these lines below the datadir line. The max_connections parameter should be |
| set to 350 multiplied by the number of Management Servers you are deploying. This example |
| assumes one Management Server.</para> |
| <note> |
| <para>On Ubuntu, you can also create a file <filename>/etc/mysql/conf.d/cloudstack.cnf</filename> and add these |
| directives there. Don't forget to add [mysqld] on the first line of the file.</para> |
| </note> |
| <programlisting language="Bash">innodb_rollback_on_timeout=1 |
| innodb_lock_wait_timeout=600 |
| max_connections=350 |
| log-bin=mysql-bin |
| binlog-format = 'ROW'</programlisting> |
| </listitem> |
| <listitem> |
| <para>Start or restart MySQL to put the new configuration into effect.</para> |
| <para>On RHEL/CentOS, MySQL doesn't automatically start after installation. Start it |
| manually.</para> |
| <programlisting language="Bash">service mysqld start</programlisting> |
| <para>On Ubuntu, restart MySQL.</para> |
| <programlisting language="Bash">service mysql restart</programlisting> |
| </listitem> |
| <listitem> |
| <para>(CentOS and RHEL only; not required on Ubuntu)</para> |
| <warning> |
| <para>On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly |
| recommended that you set a root password as a security precaution. </para> |
| </warning> |
| <para>Run the following command to secure your installation. You can answer "Y" to all |
| questions.</para> |
| <programlisting language="Bash">mysql_secure_installation</programlisting> |
| </listitem> |
| <listitem> |
| <para>&PRODUCT; can be blocked by security mechanisms, such as SELinux. Disable SELinux to |
| ensure + that the Agent has all the required permissions.</para> |
| <para>Configure SELinux (RHEL and CentOS):</para> |
| <orderedlist numeration="loweralpha"> |
| <listitem> |
| <para>Check whether SELinux is installed on your machine. If not, you can skip this |
| section.</para> |
| <para>In RHEL or CentOS, SELinux is installed and enabled by default. You can verify this |
| with:</para> |
| <programlisting language="Bash"><command>$ rpm -qa | grep selinux</command></programlisting> |
| </listitem> |
| <listitem> |
| <para>Set the SELINUX variable in <filename>/etc/selinux/config</filename> to |
| "permissive". This ensures that the permissive setting will be maintained after a system |
| reboot.</para> |
| <para>In RHEL or CentOS:</para> |
| <programlisting language="Bash">vi /etc/selinux/config</programlisting> |
| <para>Change the following line</para> |
| <programlisting>SELINUX=enforcing</programlisting> |
| <para>to this:</para> |
| <programlisting>SELINUX=permissive</programlisting> |
| </listitem> |
| <listitem> |
| <para>Set SELinux to permissive starting immediately, without requiring a system |
| reboot.</para> |
| <programlisting language="Bash"><command>$ setenforce permissive</command></programlisting> |
| </listitem> |
| </orderedlist> |
| </listitem> |
| <listitem> |
| <para>Set up the database. The following command creates the "cloud" user on the |
| database.</para> |
| <itemizedlist> |
| <listitem> |
| <para>In dbpassword, specify the password to be assigned to the "cloud" user. You can |
| choose to provide no password although that is not recommended.</para> |
| </listitem> |
| <listitem> |
| <para>In deploy-as, specify the username and password of the user deploying the database. |
| In the following command, it is assumed the root user is deploying the database and |
| creating the "cloud" user.</para> |
| </listitem> |
| <listitem> |
| <para>(Optional) For encryption_type, use file or web to indicate the technique used to |
| pass in the database encryption password. Default: file. See <xref |
| linkend="about-password-encryption"/>.</para> |
| </listitem> |
| <listitem> |
| <para>(Optional) For management_server_key, substitute the default key that is used to |
| encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It |
| is highly recommended that you replace this with a more secure value. See <xref |
| linkend="about-password-encryption"/>.</para> |
| </listitem> |
| <listitem> |
| <para>(Optional) For database_key, substitute the default key that is used to encrypt |
| confidential parameters in the &PRODUCT; database. Default: password. It is highly |
| recommended that you replace this with a more secure value. See <xref |
| linkend="about-password-encryption"/>.</para> |
| </listitem> |
| <listitem> |
| <para>(Optional) For management_server_ip, you may explicitly specify cluster management |
| server node IP. If not specified, the local IP address will be used.</para> |
| </listitem> |
| </itemizedlist> |
| <programlisting language="Bash">cloudstack-setup-databases cloud:<dbpassword>@localhost \ |
| --deploy-as=root:<password> \ |
| -e <encryption_type> \ |
| -m <management_server_key> \ |
| -k <database_key> \ |
| -i <management_server_ip></programlisting> |
| <para>When this script is finished, you should see a message like “Successfully initialized |
| the database.”</para> |
| <note> |
| <para>If the script is unable to connect to the MySQL database, check |
| the "localhost" loopback address in <filename>/etc/hosts</filename>. It should |
| be pointing to the IPv4 loopback address "127.0.0.1" and not the IPv6 loopback |
| address ::1. Alternatively, reconfigure MySQL to bind to the IPv6 loopback |
| interface. |
| </para> |
| </note> |
| </listitem> |
| <listitem> |
| <para>If you are running the KVM hypervisor on the same machine with the Management Server, |
| edit /etc/sudoers and add the following line:</para> |
| <programlisting language="Bash">Defaults:cloud !requiretty</programlisting> |
| </listitem> |
| <listitem> |
| <para>Now that the database is set up, you can finish configuring the OS for the Management |
| Server. This command will set up iptables, sudoers, and start the Management Server.</para> |
| <programlisting><prompt>#</prompt> cloudstack-setup-management</programlisting> |
| <para>You should see the message “&PRODUCT; Management Server setup is done.”</para> |
| </listitem> |
| </orderedlist> |
| </section> |