Installation and configuration

Installation

Important

First need to do setting up the environment. All commands are executed only from superuser.

Mode superuser:

sudo -i
  1. Save the list of previously installed packages before starting the installation, this will allow to painlessly restore the system in case of damage. Run the following commands to do this:

    mkdir -p /tmp/rollback/rs_server
    pip3 freeze > /tmp/rollback/rs_server/pip_before.txt
    

    After that, the directory /tmp/rollback/rs_server will contain the file pip_before.txt with a list of installed applications.

  2. Also save migration versions:

    openstack aos db list -n rs_sever > /tmp/rollback/rs_server/migrations.txt
    

    Where:

    • /tmp/rollback/rs_server/ is a file directory;
    • migrations.txt is a name of the file with migration versions.
  3. Install RSserver package:

    • from Python package repository:

      pip3 install rs-server
      
  4. Save the list of installed packages after installation to be able to roll back changes:

    pip3 freeze > /tmp/rollback/rs_server/pip_after.txt
    
  5. Add user aos:

    useradd -m aos
    passwd password
    

Note

To install RSserver on Astra Linux (Smolensk) do following:

  1. Connect the provided repository with AccentOS packages.

  2. Install the package with the command:

    sudo apt install -y aos-rs-server
    

Installation on two or more controllers

It is need when installing RSserver on two or more controllers:

  1. to replicate database for each of controllers;
  2. to replicate message broker for each of controllers;
  3. to install a module with the same parameters for each of controllers.

Note

Deleting and diagnostics of the module on each controller is performed in the same way as in the case of one controller.

Configuration

Note

We consider setting up launch of the API service through WSGI-server supplied with eventlet library. See the documentation for the corresponding server to configure the launch of the service through another WSGI-server (Nginx + Gunicorn, Apache + mod_wsgi, etc.). WSGI application path is rs_server.api.api.wsgi.

  1. Perform the initial configuration of the module:

    openstack aos configure -n rs_server
    

    When running the command openstack aos configure -n rs_server:

    examples of configuration files to the directory /etc/aos/ are copying; configuration files for the Apache web server are generating; statics for RSserver are assembling.

  2. Create directory for logs with the required permissions:

    mkdir -p /var/log/aos/rs-server
    chown -R aos:aos /var/log/aos/rs-server
    
  1. Copy the sample configuration file, if using non-standard parameters, edit them:

    cp /etc/aos/aos.conf.example /etc/aos/aos.conf
    cp /etc/aos/rs_server.conf.example /etc/aos/rs_server.conf
    
  2. Create database using MySQL as an example, configure rights, database type and other parameters:

    # Login to the database using the root password
    mysql -uroot -p
    # Create rs_server database
    CREATE DATABASE rs_server;
    # Give permission to read, edit, perform any actions on all tables in rs_server database
    GRANT ALL PRIVILEGES ON rs_server.* TO 'aos'@'localhost' IDENTIFIED BY 'password';
    GRANT ALL PRIVILEGES ON rs_server.* TO 'aos'@'%' IDENTIFIED BY 'password';
    # Exit the database
    
  3. Edit section [database] of the configuration file etc/aos/rs_server.conf, for example:

    [database]
    url = mysql+pymysql://aos:password@tst.stand.loc:3306/rs_server?charset=utf8
    
  4. Migrate database:

    openstack aos db migrate -n rs_server
    
  5. Configure RabbitMQ Server message broker:

    rabbitmqctl add_user aos password
    rabbitmqctl add_vhost aos
    rabbitmqctl set_permissions -p aos aos ".*" ".*" ".*"
    rabbitmqctl set_permissions aos ".*" ".*" ".*"
    
  6. Create RSserver API service:

    openstack service create --name rs-server --description "RSserver Service" rs-server
    
  7. Create endpoints:

    openstack endpoint create --region RegionOne rs-server internal http://controller:9364
    openstack endpoint create --region RegionOne rs-server admin http://controller:9364
    openstack endpoint create --region RegionOne rs-server public http://controller:9364
    
  8. Create user in OpenStack for API services:

    openstack user create --domain default --project service --project-domain default --password password --or-show aos
    
  9. Assign user service role:

    openstack role add --user aos --user-domain default --project service --project-domain default service
    
  10. Enable and start systemd services:

    systemctl daemon-reload
    systemctl enable aos-rs-server-api.service
    systemctl start aos-rs-server-api.service
    systemctl enable aos-rs-broker-api.service
    systemctl start aos-rs-broker-api.service
    systemctl enable aos-rs-listener.service
    systemctl start aos-rs-listener.service
    systemctl enable aos-rs-beat.service
    systemctl start aos-rs-beat.service
    systemctl enable aos-rs-worker.service
    systemctl start aos-rs-worker.service
    
  11. Configure Nova services on all controllers and compute nodes for synchronization instances (in the configuration file /etc/nova/nova.conf):

    [oslo_messaging_notifications]
    driver = messagingv2
    
  12. Configure Keystone services on all controllers and compute nodes for synchronization instances (in the configuration file /etc/keystone/keystone.conf):

    [oslo_messaging_notifications]
    driver = messagingv2
    
  13. Configure Neutron services on all controllers and compute nodes for synchronization instances (in the configuration file /etc/neutron/neutron.conf):

    [DEFAULT]
    notification_driver = messagingv2
    
  14. Configure Cinder services on all controllers and compute nodes for synchronization instances (in the configuration file /etc/cinder/cinder.conf):

    [DEFAULT]
    notification_driver = messagingv2
    
  15. Create symlink to the supplied Apache config file and restart web servers:

    # Debian:
    ln -s /etc/apache2/conf-available/aos-rs-web.conf /etc/apache2/conf-enabled/aos-rs-web.conf
    service apache2 restart
    

    Note

    It is need to make sure that the configuration file is correct, namely, check paths to the installed modules, paths to logs, compliance of directives of the installed version of Apache.

  16. Restart Nova and Neutron service, this action is necessary to enable notifications:

    # Debian:
    systemctl restart nova-api.service
    systemctl restart neutron-server.service
    

RS broker API service configuration

WSGI server gunicorn is used to start the service by default. Use following options to configure alternate server:

  • WSGI application path is rs_server.api.broker_api.wsgi:application;

  • WSGI file:

    # Ubuntu, Debian:
    ``/usr/local/bin/aos-rs-broker-wsgi``.
    

Configuration file

Note

Config file allows to override sections and parameters of common file aos.conf for specific module.

Note

There are no lines with the level logging by default in the file cloud_manager.conf.example, it is specified if necessary. Level logging is set by default in the general configuration file. More information about the configuration files can be found in the corresponding section.

Configuration file is presented in ini format and consists of the following sections and parameters:

Section Parameter Description Default value
DEFAULT default_availability_zone Availability zone for launching TRS instances. nova
api audit_enabled Enabling logging of requests to aos-rs-server-api service. True
api host aos-rs-server-api service start host. 0.0.0.0
api logfile Path to log file of aos-rs-server-api service.  
api port Port to start aos-rs-server-api service. 9364
broker allow_getvm_log Enabling logging of the results of TRS instances requests from the RSclient and TRS web interface. File name is :/var/log/aos/rs- server/trs_requests.log False
broker getvm_logfile Path to the file for collecting TRS instances requests messages from RSclient and TRS web interface.  
broker otp_sender_method Method of sending OTP to user. telegram
broker power_state_monitor Option that enables checking the power status of the instance. False
broker request_mode Selection mode for TRS instance user. single
broker request_pending_timeout Threshold waiting time for the start of processing a request to receive TRS instances in seconds. 60
broker request_processing_timeout Threshold waiting time for request to get the TRS instance in seconds. It is counted from the time query record was updated in the database. 360
broker requests_ttl Time to store instance query in NoSQL Redis database in seconds. 3600
broker security_group Parameter that determines the automatic creation of a security group for each TRS instance at the time of connecting to it in order to restrict access of unassigned users to TRS instance. True
broker spice_enabled Parameter that allows the RSclient to receive the SPICE console address of with the IP address of instance. False
broker_api audit_enabled Enabling logging of requests to aos-rs-broker-api service. True
broker_api logfile Path to log file of aos-rs-broker-api service.  
broker_api use_rs_token Enabling checking for permission to connect user to the guest operating system. False
broker_api web_guard Enabling WebGuard support. False
broker_api web_guard_redirect_response Response code for webguard redirected request. 302
kerberos script_path Path to the script for changing the user’s password via Kerberos.  
listener after_delete_vm_script Path to the script that is executed when instance is deleted. The script is run from the user aos.  
listener cinder_rabbit_vhost Virtual host of Cinder service message broker. /
listener keystone_rabbit_vhost Virtual host of Keystone service message broker. /
listener logfile Path to log file of aos-rs-listener service.  
listener neutron_rabbit_vhost Virtual host of Neutron service message broker. /
listener nova_rabbit_vhost Virtual host of Nova service message broker. /
project_sync enabled Option that enables project synchronization. True
project_sync logfile Path to log file of project synchronization service.  
project_sync sync_interval Project synchronization start interval (in seconds). 600
web compress_enabled Enabling static compression. True
web debug Debug mode. True
web memcache_location Url address to access the caching system. localhost:11211

Important

When changing the parameters of the configuration file, to make them take effect, it is need to perform the procedure described in the section “Updating the configuration file”.

Recovery plan

Roll back if the RSserver plug-in installation or update fails:

  1. Compare versions of migrations in file /tmp/rollback/rs_server/migrations.txt with current. If there are any differences, migrate to the previous version for each of the applications. Migration example:

    openstack aos db list -n rs_server
    openstack aos db migrate -n rs_server --migration 14
    
  2. Revert to the previous state of the packages:

    cd /tmp/rollback/rs_server
    diff --changed-group-format='%>' --unchanged-group-format='' pip_before.txt pip_after.txt > pip_uninstall.txt
    diff --changed-group-format='%<' --unchanged-group-format='' pip_before.txt pip_after.txt > pip_install.txt
    pip3 uninstall -r pip_uninstall.txt
    pip3 install -r pip_install.txt