Google Git
Sign in
apache / cloudstack-docs / 24fae4506689cba80a9de75cb727fedc128ddff0 / . / en-US / management-server-install-db-local.xml
blob: ebade5795142137c10dd4b3988202d8c610ff50c [file] [log] [blame]
<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
%BOOK_ENTITIES;
]>
<!-- Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<section id="management-server-install-db-local">
<title>Install the Database on the Management Server Node</title>
<para>This section describes how to install MySQL on the same machine with the Management Server.
This technique is intended for a simple deployment that has a single Management Server node. If
you have a multi-node Management Server deployment, you will typically use a separate node for
MySQL. See <xref linkend="management-server-install-db-external"/>.</para>
<orderedlist>
<listitem>
<para>Install MySQL from the package repository of your distribution:</para>
<para condition="community">On RHEL or CentOS:</para>
<programlisting language="Bash">yum install mysql-server</programlisting>
<para condition="community">On Ubuntu:</para>
<programlisting language="Bash">apt-get install mysql-server</programlisting>
</listitem>
<listitem>
<para>Open the MySQL configuration file. The configuration file is <filename>/etc/my.cnf</filename> or
<filename>/etc/mysql/my.cnf</filename>, depending on your OS.</para>
</listitem>
<listitem>
<para>Insert the following lines in the [mysqld] section. </para>
<para>You can put these lines below the datadir line. The max_connections parameter should be
set to 350 multiplied by the number of Management Servers you are deploying. This example
assumes one Management Server.</para>
<note>
<para>On Ubuntu, you can also create a file <filename>/etc/mysql/conf.d/cloudstack.cnf</filename> and add these
directives there. Don't forget to add [mysqld] on the first line of the file.</para>
</note>
<programlisting language="Bash">innodb_rollback_on_timeout=1
innodb_lock_wait_timeout=600
max_connections=350
log-bin=mysql-bin
binlog-format = 'ROW'</programlisting>
</listitem>
<listitem>
<para>Start or restart MySQL to put the new configuration into effect.</para>
<para>On RHEL/CentOS, MySQL doesn't automatically start after installation. Start it
manually.</para>
<programlisting language="Bash">service mysqld start</programlisting>
<para>On Ubuntu, restart MySQL.</para>
<programlisting language="Bash">service mysql restart</programlisting>
</listitem>
<listitem>
<para>(CentOS and RHEL only; not required on Ubuntu)</para>
<warning>
<para>On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly
recommended that you set a root password as a security precaution. </para>
</warning>
<para>Run the following command to secure your installation. You can answer "Y" to all
questions.</para>
<programlisting language="Bash">mysql_secure_installation</programlisting>
</listitem>
<listitem>
<para>&PRODUCT; can be blocked by security mechanisms, such as SELinux. Disable SELinux to
ensure + that the Agent has all the required permissions.</para>
<para>Configure SELinux (RHEL and CentOS):</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>Check whether SELinux is installed on your machine. If not, you can skip this
section.</para>
<para>In RHEL or CentOS, SELinux is installed and enabled by default. You can verify this
with:</para>
<programlisting language="Bash"><command>$ rpm -qa | grep selinux</command></programlisting>
</listitem>
<listitem>
<para>Set the SELINUX variable in <filename>/etc/selinux/config</filename> to
"permissive". This ensures that the permissive setting will be maintained after a system
reboot.</para>
<para>In RHEL or CentOS:</para>
<programlisting language="Bash">vi /etc/selinux/config</programlisting>
<para>Change the following line</para>
<programlisting>SELINUX=enforcing</programlisting>
<para>to this:</para>
<programlisting>SELINUX=permissive</programlisting>
</listitem>
<listitem>
<para>Set SELinux to permissive starting immediately, without requiring a system
reboot.</para>
<programlisting language="Bash"><command>$ setenforce permissive</command></programlisting>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Set up the database. The following command creates the "cloud" user on the
database.</para>
<itemizedlist>
<listitem>
<para>In dbpassword, specify the password to be assigned to the "cloud" user. You can
choose to provide no password although that is not recommended.</para>
</listitem>
<listitem>
<para>In deploy-as, specify the username and password of the user deploying the database.
In the following command, it is assumed the root user is deploying the database and
creating the "cloud" user.</para>
</listitem>
<listitem>
<para>(Optional) For encryption_type, use file or web to indicate the technique used to
pass in the database encryption password. Default: file. See <xref
linkend="about-password-encryption"/>.</para>
</listitem>
<listitem>
<para>(Optional) For management_server_key, substitute the default key that is used to
encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It
is highly recommended that you replace this with a more secure value. See <xref
linkend="about-password-encryption"/>.</para>
</listitem>
<listitem>
<para>(Optional) For database_key, substitute the default key that is used to encrypt
confidential parameters in the &PRODUCT; database. Default: password. It is highly
recommended that you replace this with a more secure value. See <xref
linkend="about-password-encryption"/>.</para>
</listitem>
<listitem>
<para>(Optional) For management_server_ip, you may explicitly specify cluster management
server node IP. If not specified, the local IP address will be used.</para>
</listitem>
</itemizedlist>
<programlisting language="Bash">cloudstack-setup-databases cloud:&lt;dbpassword&gt;@localhost \
--deploy-as=root:&lt;password&gt; \
-e &lt;encryption_type&gt; \
-m &lt;management_server_key&gt; \
-k &lt;database_key&gt; \
-i &lt;management_server_ip&gt;</programlisting>
<para>When this script is finished, you should see a message like “Successfully initialized
the database.”</para>
<note>
<para>If the script is unable to connect to the MySQL database, check
the "localhost" loopback address in <filename>/etc/hosts</filename>. It should
be pointing to the IPv4 loopback address "127.0.0.1" and not the IPv6 loopback
address ::1. Alternatively, reconfigure MySQL to bind to the IPv6 loopback
interface.
</para>
</note>
</listitem>
<listitem>
<para>If you are running the KVM hypervisor on the same machine with the Management Server,
edit /etc/sudoers and add the following line:</para>
<programlisting language="Bash">Defaults:cloud !requiretty</programlisting>
</listitem>
<listitem>
<para>Now that the database is set up, you can finish configuring the OS for the Management
Server. This command will set up iptables, sudoers, and start the Management Server.</para>
<programlisting><prompt>#</prompt> cloudstack-setup-management</programlisting>
<para>You should see the message “&PRODUCT; Management Server setup is done.”</para>
</listitem>
</orderedlist>
</section>