docs/en-US/management-server-install-db-external.xml - cloudstack - Git at Google

 <?xml version='1.0' encoding='utf-8' ?>
 <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
 %BOOK_ENTITIES;
 ]>

 <!-- Licensed to the Apache Software Foundation (ASF) under one
  or more contributor license agreements.  See the NOTICE file
  distributed with this work for additional information
  regarding copyright ownership.  The ASF licenses this file
  to you under the Apache License, Version 2.0 (the
  "License"); you may not use this file except in compliance
  with the License.  You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing,
  software distributed under the License is distributed on an
  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  KIND, either express or implied.  See the License for the
  specific language governing permissions and limitations
  under the License.
 -->

 <section id="management-server-install-db-external">
     <title>Install the Database on a Separate Node</title>
     <para>This section describes how to install MySQL on a standalone machine, separate from the Management Server.
         This technique is intended for a deployment that includes several Management Server nodes.
         If you have a single-node Management Server deployment, you will typically use the same node for MySQL.
         See <xref linkend="management-server-install-db-local"/>.
     </para>
     <note>
         <para>The management server doesn't require a specific distribution for the MySQL node.
             You can use a distribution or Operating System of your choice.
             Using the same distribution as the management server is recommended, but not required.
             See <xref linkend="management-server-system-requirements"/>.
         </para>
     </note>
     <orderedlist>
         <listitem>
             <para>Install MySQL from the package repository from your distribution:</para>
             <para condition="community">On RHEL or CentOS:</para>
             <programlisting language="Bash">yum install mysql-server</programlisting>
             <para condition="community">On Ubuntu:</para>
             <programlisting language="Bash">apt-get install mysql-server</programlisting>
         </listitem>
         <listitem><para>Edit the MySQL configuration (/etc/my.cnf or /etc/mysql/my.cnf, depending on your OS)
             and insert the following lines in the [mysqld] section. You can put these lines below the datadir
             line. The max_connections parameter should be set to 350 multiplied by the number of Management
             Servers you are deploying. This example assumes two Management Servers.</para>
             <note>
                 <para>On Ubuntu you can also create a file /etc/mysql/conf.d/cloudstack.cnf and add these directives there. Don't forget to add [mysqld] on the first line of the file.</para>
             </note>
             <programlisting>
 innodb_rollback_on_timeout=1
 innodb_lock_wait_timeout=600
 max_connections=700
 log-bin=mysql-bin
 binlog-format = 'ROW'
 bind-address = 0.0.0.0
             </programlisting>
         </listitem>
         <listitem>
             <para>On RHEL/CentOS MySQL doesn't start after installation, start it manually.</para>
             <programlisting language="Bash">service mysqld start</programlisting>
         </listitem>
         <listitem>
             <warning>
                 <para>On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly recommended that you set a root password as a security precaution. Run the following commands, and substitute your own desired root password. This step is not required on Ubuntu as it asks for a root password during installation.</para>
             </warning>
             <para>Run this command to secure your installation. You can answer "Y" to all questions except to "Disallow root login remotely?". This is required to set up the databases.</para>
             <programlisting>mysql_secure_installation</programlisting>
         </listitem>
         <listitem><para>If a firewall is present on the system, open TCP port 3306 so external MySQL connections can be established.</para>
             <orderedlist numeration="loweralpha">
                 <listitem>
                     <para>On RHEL/CentOS:</para>
                     <orderedlist>
                         <listitem>
                             <para>Edit the /etc/sysconfig/iptables file and add the following line at the beginning of the INPUT chain.</para>
                             <programlisting>-A INPUT -p tcp --dport 3306 -j ACCEPT</programlisting>
                         </listitem>
                         <listitem>
                             <para>Now reload the iptables rules.</para>
                             <programlisting language="Bash">service iptables restart</programlisting>
                         </listitem>
                     </orderedlist>
                 </listitem>
                 <listitem>
                     <para>On Ubuntu:</para>
                     <para>UFW is the default firewall on Ubuntu, open the port with this command:</para>
                     <programlisting language="Bash">ufw allow mysql</programlisting>
                 </listitem>
             </orderedlist>
         </listitem>
         <listitem>
             <para>Set up the database. The following command creates the cloud user on the database.</para>
             <note>
                 <para>This command should be run on the first Management server node!</para>
             </note>
             <itemizedlist>
                 <listitem><para>In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password.</para></listitem>
                 <listitem><para>In deploy-as, specify the username and password of the user deploying the database. In the following command, it is assumed the root user is deploying the database and creating the cloud user.</para></listitem>
                 <listitem><para>(Optional) For encryption_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See About Password and Key Encryption.</para></listitem>
                 <listitem><para>(Optional) For management_server_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption.</para></listitem>
                 <listitem><para>(Optional) For database_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; database. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption.</para></listitem>
             </itemizedlist>
             <programlisting language="Bash">cloud-setup-databases cloud:&lt;dbpassword&gt;@&lt;ip address mysql server&gt; \
                 --deploy-as=root:&lt;password&gt; \
                 -e &lt;encryption_type&gt; \
                 -m &lt;management_server_key&gt; \
                 -k &lt;database_key&gt;</programlisting>
             <para>When this script is finished, you should see a message like “Successfully initialized the database.”</para>
         </listitem>
     </orderedlist>
 </section>
	<?xml version='1.0' encoding='utf-8' ?>
	<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
	<!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
	%BOOK_ENTITIES;
	]>

	<!-- Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->

	<section id="management-server-install-db-external">
	<title>Install the Database on a Separate Node</title>
	<para>This section describes how to install MySQL on a standalone machine, separate from the Management Server.
	This technique is intended for a deployment that includes several Management Server nodes.
	If you have a single-node Management Server deployment, you will typically use the same node for MySQL.
	See <xref linkend="management-server-install-db-local"/>.
	</para>
	<note>
	<para>The management server doesn't require a specific distribution for the MySQL node.
	You can use a distribution or Operating System of your choice.
	Using the same distribution as the management server is recommended, but not required.
	See <xref linkend="management-server-system-requirements"/>.
	</para>
	</note>
	<orderedlist>
	<listitem>
	<para>Install MySQL from the package repository from your distribution:</para>
	<para condition="community">On RHEL or CentOS:</para>
	<programlisting language="Bash">yum install mysql-server</programlisting>
	<para condition="community">On Ubuntu:</para>
	<programlisting language="Bash">apt-get install mysql-server</programlisting>
	</listitem>
	<listitem><para>Edit the MySQL configuration (/etc/my.cnf or /etc/mysql/my.cnf, depending on your OS)
	and insert the following lines in the [mysqld] section. You can put these lines below the datadir
	line. The max_connections parameter should be set to 350 multiplied by the number of Management
	Servers you are deploying. This example assumes two Management Servers.</para>
	<note>
	<para>On Ubuntu you can also create a file /etc/mysql/conf.d/cloudstack.cnf and add these directives there. Don't forget to add [mysqld] on the first line of the file.</para>
	</note>
	<programlisting>
	innodb_rollback_on_timeout=1
	innodb_lock_wait_timeout=600
	max_connections=700
	log-bin=mysql-bin
	binlog-format = 'ROW'
	bind-address = 0.0.0.0
	</programlisting>
	</listitem>
	<listitem>
	<para>On RHEL/CentOS MySQL doesn't start after installation, start it manually.</para>
	<programlisting language="Bash">service mysqld start</programlisting>
	</listitem>
	<listitem>
	<warning>
	<para>On RHEL and CentOS, MySQL does not set a root password by default. It is very strongly recommended that you set a root password as a security precaution. Run the following commands, and substitute your own desired root password. This step is not required on Ubuntu as it asks for a root password during installation.</para>
	</warning>
	<para>Run this command to secure your installation. You can answer "Y" to all questions except to "Disallow root login remotely?". This is required to set up the databases.</para>
	<programlisting>mysql_secure_installation</programlisting>
	</listitem>
	<listitem><para>If a firewall is present on the system, open TCP port 3306 so external MySQL connections can be established.</para>
	<orderedlist numeration="loweralpha">
	<listitem>
	<para>On RHEL/CentOS:</para>
	<orderedlist>
	<listitem>
	<para>Edit the /etc/sysconfig/iptables file and add the following line at the beginning of the INPUT chain.</para>
	<programlisting>-A INPUT -p tcp --dport 3306 -j ACCEPT</programlisting>
	</listitem>
	<listitem>
	<para>Now reload the iptables rules.</para>
	<programlisting language="Bash">service iptables restart</programlisting>
	</listitem>
	</orderedlist>
	</listitem>
	<listitem>
	<para>On Ubuntu:</para>
	<para>UFW is the default firewall on Ubuntu, open the port with this command:</para>
	<programlisting language="Bash">ufw allow mysql</programlisting>
	</listitem>
	</orderedlist>
	</listitem>
	<listitem>
	<para>Set up the database. The following command creates the cloud user on the database.</para>
	<note>
	<para>This command should be run on the first Management server node!</para>
	</note>
	<itemizedlist>
	<listitem><para>In dbpassword, specify the password to be assigned to the cloud user. You can choose to provide no password.</para></listitem>
	<listitem><para>In deploy-as, specify the username and password of the user deploying the database. In the following command, it is assumed the root user is deploying the database and creating the cloud user.</para></listitem>
	<listitem><para>(Optional) For encryption_type, use file or web to indicate the technique used to pass in the database encryption password. Default: file. See About Password and Key Encryption.</para></listitem>
	<listitem><para>(Optional) For management_server_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; properties file. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption.</para></listitem>
	<listitem><para>(Optional) For database_key, substitute the default key that is used to encrypt confidential parameters in the &PRODUCT; database. Default: password. It is highly recommended that you replace this with a more secure value. See About Password and Key Encryption.</para></listitem>
	</itemizedlist>
	<programlisting language="Bash">cloud-setup-databases cloud:<dbpassword>@<ip address mysql server> \
	--deploy-as=root:<password> \
	-e <encryption_type> \
	-m <management_server_key> \
	-k <database_key></programlisting>
	<para>When this script is finished, you should see a message like “Successfully initialized the database.”</para>
	</listitem>
	</orderedlist>
	</section>