Commit 32d33c20 authored by Dimitris Aragiorgis's avatar Dimitris Aragiorgis

New installation overview/guide

In the future quick-admin-installation-guide will be for one node
only.
Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
parent 4d90e92b
.. _i-apache:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
apache ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
Apache Setup
++++++++++++
The following apply to ``astakos``, ``pithos``, ``cyclades`` and ``cms`` nodes.
Here we assume that these nodes have FQDM ``nodeX.example.com``.
First install corresponding packet:
.. code-block:: console
# apt-get install apache2
In `/etc/apache2/sites-available/synnefo` add:
.. code-block:: console
<VirtualHost *:80>
ServerName nodeX.example.com
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
In `/etc/apache2/sites-available/synnefo-ssl` add:
.. code-block:: console
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName nodeX.example.com
Alias /static "/usr/share/synnefo/static"
AllowEncodedSlashes On
RequestHeader set X-Forwarded-Protocol "https"
<Proxy * >
Order allow,deny
Allow from all
</Proxy>
SetEnv proxy-sendchunked
SSLProxyEngine off
ProxyErrorOverride off
ProxyPass /static !
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>
Now enable sites and modules by running:
.. code-block:: console
# a2enmod ssl
# a2enmod rewrite
# a2dissite default
# a2ensite synnefo
# a2ensite synnefo-ssl
# a2enmod headers
# a2enmod proxy_http
.. _i-apt:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
apt ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
APT Setup
+++++++++
The following apply to ``synnefo`` nodes.
To be able to download all synnefo components, you need to add the following
lines in `/etc/apt/sources.list.d/synnefo.list` file:
.. code-block:: console
deb http://apt.dev.grnet.gr squeeze main
deb-src http://apt.dev.grnet.gr squeeze main
deb http://apt.dev.grnet.gr squeeze-backports main
deb-src http://apt.dev.grnet.gr squeeze-backports main
deb http://backports.debian.org/debian-backports squeeze-backports main
deb http://www.rabbitmq.com/debian/ testing main
Import the additional repos' GPG key and get the packages list:
.. code-block:: console
# wget http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
# apt-key add rabbitmq-signing-key-public.asc
# curl https://dev.grnet.gr/files/apt-grnetdev.pub | apt-key add -
# apt-get update
.. _i-astakos:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
astakos ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
Astakos Setup
+++++++++++++
The following apply to ``astakos`` node. In the following sections
we will refer to its IP as ``accounts.example.com`` . Make sure
you have db, mq, apache and gunicorn setup already.
First install the corresponding package:
.. code-block:: console
# apt-get install snf-astakos-app
In `/etc/synnefo/astakos.conf` add:
.. code-block:: console
CLOUDBAR_LOCATION = 'https://accounts.example.com/static/im/cloudbar/'
CLOUDBAR_SERVICES_URL = 'https://accounts.example.com/im/get_services'
CLOUDBAR_MENU_URL = 'https://accounts.example.com/im/get_menu'
ASTAKOS_IM_MODULES = ['local']
ASTAKOS_BASEURL = 'https://accounts.example.com'
ASTAKOS_SITENAME = '~okeanos @ example.com'
ASTAKOS_RECAPTCHA_PUBLIC_KEY = '6LeFidMSAAAAAM7Px7a96YQzsBcKYeXCI_sFz0Gk'
ASTAKOS_RECAPTCHA_PRIVATE_KEY = '6LeFidMSAAAAAFv5U5NSayJJJhr0roludAidPd2M'
ASTAKOS_RECAPTCHA_USE_SSL = True
ASTAKOS_RECAPTCHA_ENABLED = True
ASTAKOS_COOKIE_DOMAIN = 'example.com'
Then initialize the Database and register services with:
.. code-block:: console
# /etc/init.d/gunicorn restart
# snf-manage syncdb --noinput
# snf-manage migrate im
# snf-manage loaddata groups
# snf-manage service-add "~okeanos home" https://cms.example.com/ home-icon.png
# snf-manage service-add "cyclades" https://cyclades.example.com/ui/
# snf-manage service-add "pithos+" https://pithos.example.com/ui/
# /etc/init.d/gunicorn restart
# /etc/init.d/apache2 restart
Please note that in case pithos and cyclades nodes are the same node, the pithos url
should be ``https://pithos.example.com/pithos/ui/`` .
Let's create our first user. Go at ``http://accounts.example.com/im/`` and
click the "CREATE ACCOUNT" button and fill all your data at the sign up form.
Then click "SUBMIT". You should now see a green box on the top, which informs
you that you made a successful request and the request has been sent to the
administrators. So far so good, let's assume that you created the user with
username ``user@example.com``.
Now we need to activate that user. Return to a command prompt aand run:
.. code-block:: console
# snf-manage user-list
# snf-manage user-modify --set-active 1
where 1 should be the id of the user you previously created.
All this can be done with one command:
.. code-block:: console
# snf-manage user-add --password=12345 --active user@example.com Name LastName
.. _i-backends:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
backends
Backends
++++++++
:ref:`ganeti <i-ganeti>` ||
:ref:`image <i-image>` ||
:ref:`gtools <i-gtools>` ||
:ref:`network <i-network>`
The sections above, guide you though the actions needed to create a synnefo
backend. Once you have at least one backend up and running you can go back to
the :ref:`cyclades <i-cyclades>` section, add the backend, create a public
network and have full synnefo functionality.
In the following sections we will refer to the following roles:
* ``ganeti`` (all nodes of a Ganeti cluster/synnefo backend)
* ``master`` (ganeti master node)
* ``router``
Please note that all these roles can be "played" by the same node.
Prerequisites:
~~~~~~~~~~~~~~
``master``:
- Available master IP that resolves to FQDN (ganeti.example.com)
``ganeti``:
- primary interface: `eth0` with IP that resolves to FQDN (nodeX.example.com)
- /etc/hosts: hostname should not resolv to 127.* address.
- /etc/ssh/ssh_host_rsa_key*: must be identical among all nodes.
- extra interfaces: `eth1`, `eth2` (vlans can be used too)
- NFS mount point: `/srv/pithos`
- lvm: Volume Group named `ganeti`
``router``:
- primary interface: `eth0` with public routable IP
- extra interfaces: `eth1`, `eth2` (vlans can be used too) connected with ganeti nodes
.. _i-cms:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
cms ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
CMS Setup
+++++++++
The following apply to ``cms`` node. In the following sections
we will refer to its IP as ``cms.example.com`` . Before install make sure
you have db, apache and gunicorn setup already.
First install the corresponding package:
.. code-block:: console
# apt-get install snf-cloudcms
In `/etc/synnefo/cloudcms.conf` add:
.. code-block:: console
CLOUDBAR_ACTIVE = True
CLOUDBAR_LOCATION = 'https://accounts.example.com/static/im/cloudbar/'
CLOUDBAR_SERVICES_URL = 'https://accounts.example.com/im/get_services'
CLOUDBAR_MENU_URL = 'https://accounts.example.com/im/get_menu'
WEBPROJECT_SERVE_STATIC = True
Then restart the services and initialize database:
.. code-block:: console
# /etc/init.d/gunicorn restart
# /etc/init.d/apache2 restart
# snf-manage syncdb
# snf-manage migrate
Here we can load some initial data. Add in `/tmp/sites.json` :
.. code-block:: console
[
{
"pk": 1,
"model": "sites.site",
"fields": {
"domain": "okeanos.grnet.gr",
"name": "okeanos.grnet.gr"
}
}
]
and in `/tmp/pages.json`:
.. code-block:: console
[
{
"fields": {
"_cached_url": "/",
"_content_title": "",
"_page_title": "",
"active": true,
"creation_date": "2012-11-16 14:52:19",
"in_navigation": false,
"language": "en",
"level": 0,
"lft": 1,
"meta_description": "",
"meta_keywords": "",
"modification_date": "2012-11-16 14:52:19",
"navigation_extension": null,
"override_url": "/",
"parent": null,
"publication_date": "2012-11-16 14:50:00",
"publication_end_date": null,
"redirect_to": "",
"rght": 2,
"site": 1,
"slug": "okeanos",
"symlinked_page": null,
"template_key": "twocolwide",
"title": "Okeanos",
"translation_of": null,
"tree_id": 1
},
"model": "page.page",
"pk": 1
},
{
"fields": {
"ordering": 0,
"parent": 1,
"region": "main",
"text": "Welcome to Okeanos!!\r\n\r\n"
},
"model": "page.rawcontent",
"pk": 1
}
]
and finally run:
.. code-block:: console
# snf-manage loaddata /tmp/sites.json
# snf-manage loaddata /tmp/page.json
# snf-manage createsuperuser --username=admin --email=admin@example --noinput
.. _i-cyclades:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
cyclades ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
Cyclades Setup
++++++++++++++
The following apply to ``cyclades`` node. In the rest of the sections
we will refer to its IP with FQDN ``cyclades.example.com``.Please make sure you have
db, mq, gunicorn, apache, webproject, pithos and astakos already setup.
Install the corresponding package:
.. code-block:: console
# apt-get install snf-cyclades-app
In `/etc/synnefo/cyclades.conf` add:
.. code-block:: console
MAX_CIDR_BLOCK = 21
PUBLIC_USE_POOL = True
CUSTOM_BRIDGED_BRIDGE = 'br0'
MAX_VMS_PER_USER = 5
VMS_USER_QUOTA = {
'user@example.com': 20,
}
MAX_NETWORKS_PER_USER = 3
NETWORKS_USER_QUOTA = { 'user@example.com': 10 }
GANETI_DISK_TEMPLATES = ('blockdev', 'diskless', 'drbd', 'file', 'plain',
'rbd', 'sharedfile', 'ext')
ASTAKOS_URL = 'https://accounts.example.com/im/authenticate'
SECRET_ENCRYPTION_KEY= "oEs0pt7Di1mkxA0P6FiK"
GANETI_CREATEINSTANCE_KWARGS = {
'os': 'snf-image+default',
'hvparams': {'serial_console': False, 'security_model': 'pool'},
'wait_for_sync': False}
GANETI_USE_HOTPLUG = True
CLOUDBAR_LOCATION = 'https://accounts.example.com/static/im/cloudbar/'
CLOUDBAR_ACTIVE_SERVICE = '2'
CLOUDBAR_SERVICES_URL = 'https://accounts.example.com/im/get_services'
CLOUDBAR_MENU_URL = 'https://accounts.example.com/im/get_menu'
BACKEND_DB_CONNECTION = 'postgresql://synnefo:example_passw0rd@db.example.com:5432/snf_pithos'
BACKEND_BLOCK_PATH = '/srv/pithos/data/'
AMQP_HOSTS = ["amqp://synnefo:example_rabbitmq_passw0rd@mq.example.com:5672"]
Restart services and initialize database:
.. code-block:: console
# /etc/init.d/gunicorn restart
# /etc/init.d/apache2 restart
# snf-manage syncdb
# snf-manage migrate
# snf-manage loaddata flavors
Enable dispatcher:
.. code-block:: console
# sed -i 's/false/true/' /etc/default/snf-dispatcher
# /etc/init.d/snf-dispatcher start
In order end-user to have access to the VM's console:
.. code-block:: console
# apt-get install snf-vncauthproxy
Edit `/etc/default/vncauthproxy`:
.. code-block:: console
CHUID="www-data:nogroup"
At this point you should setup a :ref:`backend <i-backends>`. Please refer to the
coresponding section. Here we assume that at least one backend is up and running,
so we can add it in Cyclades with:
.. code-block:: console
# snf-manage backend-add --clustername=ganeti.example.com --user=synnefo --pass=example_rapi_passw0rd
Further assumptions:
- Preprovisioned Bridges: ``br0``, ``prv0``, ``prv1..prv20``
- Available "public" Subnet: ``10.0.1.0/24``
- Available "public" Gateway: ``10.0.1.1``
- Connectivity link for public network: ``br0``
Here admin has to define two different resource pools in Synnefo:
- MAC prefix Pool
- Bridge Pool
.. code-block:: console
# snf-manage pool-create --type=mac-prefix --base=aa:00:0 --size=65536
# snf-manage pool-create --type=bridge --base=prv --size=20
Add the synnefo setting in :file:`/etc/synnefo/cyclades.conf`:
.. code-block:: console
PRIVATE_MAC_FILTERED_BRIDGE = 'prv0'
Add public network where the VM's will eventually connect to in order to
access Internet:
.. code-block:: console
# snf-manage network-create --subnet=10.0.1.0/24 --gateway=10.0.1.1 --public --dhcp --flavor=CUSTOM --mode=bridged --link=br0 --name=Internet --backend-id=1
.. _i-db:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
db ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
Database Setup
++++++++++++++
The following apply to ``db`` node. For the rest of the sections we will
refer to its IP as ``db.example.com`` .
First install progresql:
.. code-block:: console
# apt-get install postgresql
We create a database called ``snf_apps``, that will host all django
apps related tables. We also create the user ``synnefo`` and grant him all
privileges on the database. We do this by running:
.. code-block:: console
# su - postgres
postgres:~$ psql
postgres=# CREATE DATABASE snf_apps WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0;
postgres=# CREATE USER synnefo WITH PASSWORD 'example_passw0rd';
postgres=# GRANT ALL PRIVILEGES ON DATABASE snf_apps TO synnefo;
We also create the database ``snf_pithos`` needed by the pithos+ backend and
grant the ``synnefo`` user all privileges on the database.
.. code-block:: console
postgres=# CREATE DATABASE snf_pithos WITH ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0;
postgres=# GRANT ALL PRIVILEGES ON DATABASE snf_pithos TO synnefo;
Configure the database to listen to all network interfaces. You can do this by
editting the file `/etc/postgresql/8.4/main/postgresql.conf` with:
| ``listen_addresses = '*'``
Furthermore, edit `/etc/postgresql/8.4/main/pg_hba.conf` to allow the nodes
to connect to the database. Add the following line:
| ``host all all 4.3.2.0/24 md5``
.. code-block:: console
# /etc/init.d/postgresql restart
.. _i-ganeti:
Synnefo
-------
:ref:`synnefo <i-synnefo>` ||
:ref:`ns <i-ns>` ||
:ref:`apt <i-apt>` ||
:ref:`mq <i-mq>` ||
:ref:`db <i-db>` ||
:ref:`gunicorn <i-gunicorn>` ||
:ref:`apache <i-apache>` ||
:ref:`webproject <i-webproject>` ||
:ref:`astakos <i-astakos>` ||
:ref:`cms <i-cms>` ||
:ref:`pithos <i-pithos>` ||
:ref:`cyclades <i-cyclades>` ||
:ref:`kamaki <i-kamaki>` ||
:ref:`backends <i-backends>`
Backends
++++++++
ganeti ||
:ref:`image <i-image>` ||
:ref:`gtools <i-gtools>` ||
:ref:`network <i-network>`
Ganeti Setup
~~~~~~~~~~~~
<