Commit 7ce03dfd authored by Dionysis Grigoropoulos's avatar Dionysis Grigoropoulos
Browse files

docs: Add centos install guide

* Change the name of quick install admin guide to install guide debian
* Add CentOS installation guide (install-guide-centos)
* Update the doc index to comply with the aforementioned changes
* Update all pages that linked to the old guide
* Update both guides to be in sync with Synnefo 0.15
* Fix minor `bugs` in both Debian and CentOS install guides
* Add sections on how to create vlans/bridges/ssh-keys
* Update architecture images
parent c79459fc
......@@ -20,10 +20,6 @@ all the interactions between them.
:width: 100%
:target: _images/synnefo-arch2.png
Synnefo also supports RADOS as an alternative storage backend for
Files/Images/VM disks. You will find the :ref:`corresponding figure
<syn+archip+rados>` later in this guide.
Identity Service (Astakos)
==========================
......@@ -92,7 +88,7 @@ available at the destination::
Astakos keeps a map of shibboleth users using the value of the ``REMOTE_USER``
header, passed by the ``mod_shib2`` module. This happens in order to be able to
identify the astakos account the shibboleth user is associated to, every time
the user logs in from an affiliate shibboleth IdP.
the user logs in from an affiliate shibboleth IdP.
The shibboleth attribute which gets mapped to the ``REMOTE_USER`` header can be
changed in ``/etc/shibboleth/shibboleth2.xml`` configuration file.
......@@ -100,7 +96,7 @@ changed in ``/etc/shibboleth/shibboleth2.xml`` configuration file.
.. code-block:: xml
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="https://sp.example.org/shibboleth"
<ApplicationDefaults entityID="https://sp.example.org/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id">
.. warning::
......@@ -591,7 +587,7 @@ Enabling this feature consists of the following steps:
#. **Register Pithos+ as an OAuth2 client in Astakos**
Starting from synnefo version 0.15, in order to view the content of a
Starting from Synnefo version 0.15, in order to view the content of a
protected resource, Pithos+ (on behalf of the user) has to be granted
authorization for the specific resource by Astakos.
......@@ -2329,9 +2325,9 @@ Scaling up to multiple nodes
Here we will describe how should a large scale Synnefo deployment look like. Make
sure you are familiar with Synnefo and Ganeti before proceeding with this section.
This means you should at least have already set up successfully a working Synnefo
deployment as described in the :ref:`Admin's Installation Guide
<quick-install-admin-guide>` and also read the Administrator's Guide until this
section.
deployment as described in the Admin's Installation Guide (:ref:`Debian
<install-guide-debian>`/:ref:`CentOS <install-guide-centos>`) and also read the
Administrator's Guide until this section.
Graph of a scale-out Synnefo deployment
---------------------------------------
......@@ -2342,10 +2338,8 @@ Each box in the following graph corresponds to a distinct physical node:
:width: 100%
:target: _images/synnefo-arch2-roles.png
The above graph is actually the same with the one at the beginning of this
:ref:`guide <admin-guide>`, with the only difference that here we show the
Synnefo roles of each physical node. These roles are described in the
following section.
The above graph shows the Synnefo roles of each physical node. These roles are
described in the following section.
.. _physical-node-roles:
......
......@@ -29,4 +29,5 @@ authentication, along with the Synnefo Account API for quota, user group and
project management.
Please also see the :ref:`Admin Guide <admin-guide>` for more information and the
:ref:`Installation Guide <quick-install-admin-guide>` for installation instructions.
Installation Guide (:ref: `Debian <install-guide-debian>`/:ref: `CentOS
<install-guide-centos>`) for installation instructions.
......@@ -45,5 +45,5 @@ networking functionality is exported all the way from the backend to the API and
the UI.
Please also see the :ref:`Admin Guide <admin-guide>` for more information and
the :ref:`Installation Guide <quick-install-admin-guide>` for installation
instructions.
the Installation Guide for installation instructions on :ref:`Debian Wheezy
<install-guide-debian>` or :ref:`CentOS 6.5 <install-guide-centos>`.
......@@ -70,7 +70,7 @@ have problems with file permissions when deploying.
# python setup.py develop -N
This does not automatically install dependencies, in order to avoid
confusion with synnefo packages installed by ``snf-deploy``. External
confusion with Synnefo packages installed by ``snf-deploy``. External
dependencies have already been installed by ``snf-deploy``; if you introduce
a new dependency, you will have to explicitly install it.
......
docs/images/snf-architecture.png

98.9 KB | W: | H:

docs/images/snf-architecture.png

43.2 KB | W: | H:

docs/images/snf-architecture.png
docs/images/snf-architecture.png
docs/images/snf-architecture.png
docs/images/snf-architecture.png
  • 2-up
  • Swipe
  • Onion skin
docs/images/synnefo-arch2.png

90.8 KB | W: | H:

docs/images/synnefo-arch2.png

93.6 KB | W: | H:

docs/images/synnefo-arch2.png
docs/images/synnefo-arch2.png
docs/images/synnefo-arch2.png
docs/images/synnefo-arch2.png
  • 2-up
  • Swipe
  • Onion skin
docs/images/synnefo-overview.png

35.5 KB | W: | H:

docs/images/synnefo-overview.png

37.9 KB | W: | H:

docs/images/synnefo-overview.png
docs/images/synnefo-overview.png
docs/images/synnefo-overview.png
docs/images/synnefo-overview.png
  • 2-up
  • Swipe
  • Onion skin
......@@ -72,7 +72,7 @@ in less than 10 minutes using the `snf-deploy` tool. This kind of installation
is targeted for testing and demo environments rather than production usage
deployments. It is the perfect way, even for an inexperienced user to have the
whole Synnefo stack up and running and allows for a quick preview of the basic
Synnefo features.
Synnefo features. This installation method is only available for Debian Wheezy.
The Admin's Installation guide describes how to install the whole Synnefo stack
in just two physical nodes. This guide is useful to those interested in
......@@ -97,12 +97,9 @@ external world. Also documents all Synnefo external REST APIs.
.. extend/modify/change Synnefo itself, so describes Synnefo's indepth
.. architecture and the internals of Synnefo components (currently out-of-date!).
.. toctree::
:maxdepth: 1
Quick Installation Guide (single node) <quick-install-guide>
Installation Guide (on two nodes) <quick-install-admin-guide>
* Quick Installation Guide on single node [:ref:`Debian Wheezy <quick-install-guide>`]
* Installation Guide on two nodes [:ref:`Debian Wheezy <install-guide-debian>` |
:ref:`CentOS 6.5 <install-guide-centos>`]
.. toctree::
:maxdepth: 1
......
This diff is collapsed.
.. _install-guide-debian:
Administrator's Installation Guide On Debian Wheezy
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Administrator's Installation Guide (on Debian Wheezy)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is the Administrator's installation guide on Debian Wheezy.
It describes how to install the whole Synnefo stack on two (2) physical nodes,
with minimum configuration. It installs synnefo from Debian packages, and
with minimum configuration. It installs Synnefo from Debian packages, and
assumes the nodes run Debian Wheezy. After successful installation, you will
have the following services running:
......@@ -43,10 +43,10 @@ more information on how to do so.
General Prerequisites
=====================
These are the general synnefo prerequisites, that you need on node1 and node2
These are the general Synnefo prerequisites, that you need on node1 and node2
and are related to all the services (Astakos, Pithos, Cyclades).
To be able to download all synnefo components you need to add the following
To be able to download all Synnefo components you need to add the following
lines in your ``/etc/apt/sources.list`` file:
| ``deb http://apt.dev.grnet.gr wheezy/``
......@@ -70,10 +70,10 @@ assume that node1 acts as an NFS server and serves the directory ``/srv/pithos``
to node2 (be sure to set no_root_squash flag). Node2 has this directory
mounted under ``/srv/pithos``, too.
Before starting the synnefo installation, you will need basic third party
Before starting the Synnefo installation, you will need basic third party
software to be installed and configured on the physical nodes. We will describe
each node's general prerequisites separately. Any additional configuration,
specific to a synnefo service for each node, will be described at the service's
specific to a Synnefo service for each node, will be described at the service's
section.
Finally, it is required for Cyclades and Ganeti nodes to have synchronized
......@@ -934,7 +934,7 @@ You can change a resource's visibility with::
Register pithos view as an OAuth 2.0 client
-------------------------------------------
Starting from synnefo version 0.15, the pithos view, in order to get access to
Starting from Synnefo version 0.15, the pithos view, in order to get access to
the data of a protected pithos resource, has to be granted authorization for
the specific resource by astakos.
......@@ -1111,6 +1111,11 @@ It can be retrieved by running on the Astakos node (node1 in our case):
The token has been generated automatically during the :ref:`Pithos service
registration <services-reg>`.
The ``PITHOS_OAUTH2_CLIENT_CREDENTIALS`` setting is used by the pithos view
in order to authenticate itself with astakos during the authorization grant
procedure and it should contain the credentials issued for the pithos view
in `the pithos view registration step`__.
The ``PITHOS_UPDATE_MD5`` option by default disables the computation of the
object checksums. This results to improved performance during object uploading.
However, if compatibility with the OpenStack Object Storage API is important
......@@ -1132,11 +1137,6 @@ The ``CLOUDBAR_SERVICES_URL`` and ``CLOUDBAR_MENU_URL`` options are used by the
Pithos web client to get from Astakos all the information needed to fill its
own cloudbar. So we put our Astakos deployment urls there.
The ``PITHOS_OAUTH2_CLIENT_CREDENTIALS`` setting is used by the pithos view
in order to authenticate itself with astakos during the authorization grant
procedure and it should container the credentials issued for the pithos view
in `the pithos view registration step`__.
__ pithos_view_registration_
Pooling and Greenlets
......@@ -1294,7 +1294,7 @@ Cyclades Prerequisites
Before proceeding with the Cyclades installation, make sure you have
successfully set up Astakos and Pithos first, because Cyclades depends on
them. If you don't have a working Astakos and Pithos installation yet, please
return to the :ref:`top <quick-install-admin-guide>` of this guide.
return to the :ref:`top <install-guide-centos>` of this guide.
Besides Astakos and Pithos, you will also need a number of additional working
prerequisites, before you start the Cyclades installation.
......@@ -1335,22 +1335,69 @@ Ganeti requires an extra available IP and its FQDN e.g., ``203.0.113.100`` and
explained above.
Also, Ganeti will need a volume group with the same name e.g., ``ganeti``
across all nodes, of at least 20GiB. To create the volume group,
see `this <http://www.tldp.org/HOWTO/LVM-HOWTO/createvgs.html>`_.
across all nodes, of at least 20GiB. To create the volume group, run:
.. code-block:: console
# pvcreate /dev/sdb1
# vgcreate ganeti /dev/sdb1
Substitute ``sdb1`` with an available partition in your node. If you don't have an
available partition you can create a file with ``dd`` and mount it as a loop
device:
.. code-block:: console
# dd if=/dev/zero of=gntvg bs=1 count=0 seek=25G
# losetup /dev/loop0 gntvg
Then substitute `/dev/sdb1` with `/dev/loop0` on pvcreate and vgcreate commands.
For more information, see
`this <http://www.tldp.org/HOWTO/LVM-HOWTO/createvgs.html>`_.
Moreover, node1 and node2 must have the same dsa, rsa keys and authorised_keys
under ``/root/.ssh/`` for password-less root ssh between each other. To
generate said keys, see `this <https://wiki.debian.org/SSH#Using_shared_keys>`_.
generate said keys, run:
.. code-block:: console
# ssh-keygen -t rsa
Now copy the generated keys to both nodes under ``/root/.ssh`` and add the
public key to the ``/root/.ssh/authorized_keys`` file:
.. code-block:: console
# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
For more information on how to generate and use keys, see
`this <https://wiki.debian.org/SSH#Using_shared_keys>`_.
In the following sections, we assume that the public interface of all nodes is
``eth0`` and there are two extra interfaces ``eth1`` and ``eth2``, which can
also be vlans on your primary interface e.g., ``eth0.1`` and ``eth0.2`` in
case you don't have multiple physical interfaces. For information on how to
create vlans, please see
case you don't have multiple physical interfaces. To create such interfaces,
run:
.. code-block:: console
# vconfig add eth0 1
# vconfig add eth0 2
For information on how to create vlans, please see
`this <https://wiki.debian.org/NetworkConfiguration#Howto_use_vlan_.28dot1q.2C_802.1q.2C_trunk.29_.28Etch.2C_Lenny.29>`_.
Finally, setup two bridges on the host machines (e.g: br1/br2 on eth1/eth2
respectively), as described `here <https://wiki.debian.org/BridgeNetworkConnections>`_.
respectively):
.. code-block:: console
# brctl addbr 1
# brctl addbr 2
# brctl addif br1 eth1.1
# brctl addif br2 eth1.2
For more information on bridges read `this <https://wiki.debian.org/BridgeNetworkConnections>`_.
Ganeti Installation and Initialization
--------------------------------------
......@@ -1783,26 +1830,26 @@ Private Networks Setup
In this section, we'll describe a basic network configuration, that will provide
isolated private networks to the end-users. All private network traffic, will
pass through ``br1`` and isolation will be guaranteed with a specific set of
pass through ``br2`` and isolation will be guaranteed with a specific set of
``ebtables`` rules.
Testing the Private Networks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We'll create two instances and connect them to the same Private Network. This
means that the instances will have a second NIC connected to the ``br1``.
means that the instances will have a second NIC connected to the ``br2``.
.. code-block:: console
# gnt-network add --network=192.168.1.0/24 --mac-prefix=aa:00:55 --tags=nfdhcpd,private-filtered test-net-prv-mac
# gnt-network connect test-net-prv-mac bridged br1
# gnt-network connect test-net-prv-mac bridged br2
# gnt-instance add -o snf-image+default --os-parameters \
img_passwd=my_vm_example_passw0rd,img_format=diskdump,img_id=debian_base-6.0-x86_64,img_properties='{"OSFAMILY":"linux"\,"ROOT_PARTITION":"1"}' \
-t plain --disk 0:size=2G --no-name-check --no-ip-check \
--net 0:ip=pool,network=test-net-public \
--net 1:ip=pool,network=test-net-prv-mac \
testvm3
-n node1.example.com testvm3
# gnt-instance add -o snf-image+default --os-parameters \
img_passwd=my_vm_example_passw0rd,img_format=diskdump,img_id=debian_base-6.0-x86_64,img_properties='{"OSFAMILY":"linux"\,"ROOT_PARTITION":"1"}' \
......@@ -2114,10 +2161,8 @@ learn more please see /*TODO*/.
Add a Public Network
----------------------
Cyclades supports different Public Networks on different Ganeti backends.
After connecting Cyclades with our Ganeti cluster, we need to setup a Public
Network for this Ganeti backend (`id = 1`). The basic setup is to bridge every
created NIC on a bridge.
Network. The basic setup is to bridge every created NIC on a bridge.
.. code-block:: console
......@@ -2126,7 +2171,7 @@ created NIC on a bridge.
--public --dhcp=True --flavor=CUSTOM \
--link=br1 --mode=bridged \
--name=public_network \
--backend-id=1
--floating-ip-pool=True
This will create the Public Network on both Cyclades and the Ganeti backend. To
make sure everything was setup correctly, also run:
......
......@@ -361,7 +361,7 @@ and the create the network:
id name flavor owner mac_prefix dhcp state link vms public IPv4 Subnet IPv4 Gateway
3 mac MAC_FILTERED aa:00:01 True ACTIVE prv0 False 192.168.1.0/24 192.168.1.1
Edit the synnefo setting `DEFAULT_MAC_FILTERED_BRIDGE` to `prv0`.
Edit the Synnefo setting `DEFAULT_MAC_FILTERED_BRIDGE` to `prv0`.
This will add a network in Synnefo DB and create a network in Ganeti backend by
issuing:
......
.. _quick-install-guide:
Quick Installation Guide
^^^^^^^^^^^^^^^^^^^^^^^^
Quick Installation Guide on Debian Wheezy
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is the Synnefo Quick Installation guide.
......
......@@ -23,7 +23,7 @@ APT Setup
The following apply to ``synnefo`` nodes.
To be able to download all synnefo components, you need to add the following
To be able to download all Synnefo components, you need to add the following
lines in `/etc/apt/sources.list.d/synnefo.list` file:
.. code-block:: console
......
......@@ -29,7 +29,7 @@ Backends
The sections above, guide you though the actions needed to create a synnefo
backend. Once you have at least one backend up and running you can go back to
the :ref:`cyclades <i-cyclades>` section, add the backend, create a public
network and have full synnefo functionality.
network and have full Synnefo functionality.
In the following sections we will refer to the following roles:
......
......@@ -25,7 +25,7 @@ The following apply to ``cms`` node. In the following sections
we will refer to its IP as ``cms.example.com`` . Before install make sure
you have db, apache and gunicorn setup already.
IMPORTANT: Currently cms cannot coexist with astakos, synnefo and pithos roles
IMPORTANT: Currently cms cannot coexist with Astakos, Synnefo and Pithos roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First install the corresponding package:
......
......@@ -171,7 +171,7 @@ Here admin has to define two different resource pools in Synnefo:
# snf-manage pool-create --type=mac-prefix --base=aa:00:0 --size=65536
# snf-manage pool-create --type=bridge --base=prv --size=20
Add the synnefo setting in :file:`/etc/synnefo/cyclades.conf`:
Add the Synnefo setting in :file:`/etc/synnefo/cyclades.conf`:
.. code-block:: console
......
......@@ -24,7 +24,7 @@ kamaki Setup
The following apply to ``client`` node. Here we install a command line tool
that the end-user can use instead of web UI. Prerequisites are that the client
node can connect to synnefo nodes by using their FQDN and that the user has
node can connect to Synnefo nodes by using their FQDN and that the user has
already aquired an AUTH_TOKEN and UUID from his/her profile page after signing
in.
......
......@@ -20,7 +20,7 @@ synnefo ||
The above sections are the software components/roles that you should setup in
order to have full synnefo funtionality. After successful installation, you
order to have full Synnefo funtionality. After successful installation, you
will have the following services running:
* Identity Management (Astakos)
......@@ -52,7 +52,7 @@ end here we define the following roles:
Please note that all these roles can be "played" by the same node, but for the
sake of scalability is highly recommended to deploy Synnefo on more than 6 nodes,
each with different role(s). In setup synnefo and backend nodes are the same
each with different role(s). In setup Synnefo and backend nodes are the same
ones.
......
......@@ -11,9 +11,9 @@ You can use `snf-deploy` to deploy Synnefo, in two ways:
Currently, `snf-deploy` is mostly useful for testing/demo installations and is
not recommended for production environment Synnefo deployments. If you want to
deploy Synnefo in production, please read first the :ref:`Admin's installation
guide <quick-install-admin-guide>` and then the :ref:`Admin's guide
<admin-guide>`.
deploy Synnefo in production, please read first the Admin's installation
guide (:ref:`Debian <install-guide-debian>`/:ref:`CentOS
<install-guide-centos>`) and then the :ref:`Admin's guide <admin-guide>`.
If you use `snf-deploy` you will setup an up-and-running Synnefo installation,
but the end-to-end functionality will depend on your underlying infrastracture
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment