Installation and configuration¶
Installation¶
Important
First need to do setting up the environment. All commands are executed only from superuser.
Mode superuser:
sudo -i
Save the list of previously installed packages before starting the installation, this will allow to painlessly restore the system in case of damage. Run the following commands to do this:
mkdir -p /tmp/rollback/rs_server pip3 freeze > /tmp/rollback/rs_server/pip_before.txt
After that, the directory
/tmp/rollback/rs_serverwill contain the filepip_before.txtwith a list of installed applications.Also save migration versions:
openstack aos db list -n rs_sever > /tmp/rollback/rs_server/migrations.txt
Where:
/tmp/rollback/rs_server/is a file directory;migrations.txtis a name of the file with migration versions.
Install RSserver package:
from Python package repository:
pip3 install rs-server
Save the list of installed packages after installation to be able to roll back changes:
pip3 freeze > /tmp/rollback/rs_server/pip_after.txt
Add user
aos:useradd -m aos passwd password
Note
To install RSserver on Astra Linux (Smolensk) do following:
Connect the provided repository with AccentOS packages.
Install the package with the command:
sudo apt install -y aos-rs-server
Installation on two or more controllers¶
It is need when installing RSserver on two or more controllers:
- to replicate database for each of controllers;
- to replicate message broker for each of controllers;
- to install a module with the same parameters for each of controllers.
Note
Deleting and diagnostics of the module on each controller is performed in the same way as in the case of one controller.
Configuration¶
Note
We consider setting up launch of the API service through WSGI-server supplied with eventlet library. See the documentation for the corresponding server to configure the launch of the service through another WSGI-server (Nginx + Gunicorn, Apache + mod_wsgi, etc.). WSGI application path is rs_server.api.api.wsgi.
Perform the initial configuration of the module:
openstack aos configure -n rs_server
When running the command
openstack aos configure -n rs_server:examples of configuration files to the directory
/etc/aos/are copying; configuration files for the Apache web server are generating; statics for RSserver are assembling.Create directory for logs with the required permissions:
mkdir -p /var/log/aos/rs-server chown -R aos:aos /var/log/aos/rs-server
Copy the sample configuration file, if using non-standard parameters, edit them:
cp /etc/aos/aos.conf.example /etc/aos/aos.conf cp /etc/aos/rs_server.conf.example /etc/aos/rs_server.conf
Create database using MySQL as an example, configure rights, database type and other parameters:
# Login to the database using the root password mysql -uroot -p # Create rs_server database CREATE DATABASE rs_server; # Give permission to read, edit, perform any actions on all tables in rs_server database GRANT ALL PRIVILEGES ON rs_server.* TO 'aos'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON rs_server.* TO 'aos'@'%' IDENTIFIED BY 'password'; # Exit the database
Edit section
[database]of the configuration fileetc/aos/rs_server.conf, for example:[database] url = mysql+pymysql://aos:password@tst.stand.loc:3306/rs_server?charset=utf8
Migrate database:
openstack aos db migrate -n rs_server
Configure RabbitMQ Server message broker:
rabbitmqctl add_user aos password rabbitmqctl add_vhost aos rabbitmqctl set_permissions -p aos aos ".*" ".*" ".*" rabbitmqctl set_permissions aos ".*" ".*" ".*"
Create RSserver API service:
openstack service create --name rs-server --description "RSserver Service" rs-server
Create endpoints:
openstack endpoint create --region RegionOne rs-server internal http://controller:9364 openstack endpoint create --region RegionOne rs-server admin http://controller:9364 openstack endpoint create --region RegionOne rs-server public http://controller:9364
Create user in OpenStack for API services:
openstack user create --domain default --project service --project-domain default --password password --or-show aos
Assign user service role:
openstack role add --user aos --user-domain default --project service --project-domain default service
Enable and start systemd services:
systemctl daemon-reload systemctl enable aos-rs-server-api.service systemctl start aos-rs-server-api.service systemctl enable aos-rs-broker-api.service systemctl start aos-rs-broker-api.service systemctl enable aos-rs-listener.service systemctl start aos-rs-listener.service systemctl enable aos-rs-beat.service systemctl start aos-rs-beat.service systemctl enable aos-rs-worker.service systemctl start aos-rs-worker.service
Configure Nova services on all controllers and compute nodes for synchronization instances (in the configuration file
/etc/nova/nova.conf):[oslo_messaging_notifications] driver = messagingv2
Configure Keystone services on all controllers and compute nodes for synchronization instances (in the configuration file
/etc/keystone/keystone.conf):[oslo_messaging_notifications] driver = messagingv2
Configure Neutron services on all controllers and compute nodes for synchronization instances (in the configuration file
/etc/neutron/neutron.conf):[DEFAULT] notification_driver = messagingv2
Configure Cinder services on all controllers and compute nodes for synchronization instances (in the configuration file
/etc/cinder/cinder.conf):[DEFAULT] notification_driver = messagingv2
Create symlink to the supplied Apache config file and restart web servers:
# Debian: ln -s /etc/apache2/conf-available/aos-rs-web.conf /etc/apache2/conf-enabled/aos-rs-web.conf service apache2 restart
Note
It is need to make sure that the configuration file is correct, namely, check paths to the installed modules, paths to logs, compliance of directives of the installed version of Apache.
Restart Nova and Neutron service, this action is necessary to enable notifications:
# Debian: systemctl restart nova-api.service systemctl restart neutron-server.service
RS broker API service configuration¶
WSGI server gunicorn is used to start the service by default. Use following options to configure alternate server:
WSGI application path is
rs_server.api.broker_api.wsgi:application;WSGI file:
# Ubuntu, Debian: ``/usr/local/bin/aos-rs-broker-wsgi``.
Configuration file¶
Note
Config file allows to override sections and parameters of common file aos.conf for specific module.
Note
There are no lines with the level logging by default in the file cloud_manager.conf.example, it is specified if necessary. Level logging is set by default in the general configuration file. More information about the configuration files can be found in the corresponding section.
Configuration file is presented in ini format and consists of the following sections and parameters:
| Section | Parameter | Description | Default value |
|---|---|---|---|
| DEFAULT | default_availability_zone | Availability zone for launching TRS instances. | nova |
| api | audit_enabled | Enabling logging of requests to aos-rs-server-api service. | True |
| api | host | aos-rs-server-api service start host. | 0.0.0.0 |
| api | logfile | Path to log file of aos-rs-server-api service. | |
| api | port | Port to start aos-rs-server-api service. | 9364 |
| broker | allow_getvm_log | Enabling logging of the results of TRS instances requests from the RSclient and TRS web interface. File name is :/var/log/aos/rs- server/trs_requests.log | False |
| broker | getvm_logfile | Path to the file for collecting TRS instances requests messages from RSclient and TRS web interface. | |
| broker | otp_sender_method | Method of sending OTP to user. | telegram |
| broker | power_state_monitor | Option that enables checking the power status of the instance. | False |
| broker | request_mode | Selection mode for TRS instance user. | single |
| broker | request_pending_timeout | Threshold waiting time for the start of processing a request to receive TRS instances in seconds. | 60 |
| broker | request_processing_timeout | Threshold waiting time for request to get the TRS instance in seconds. It is counted from the time query record was updated in the database. | 360 |
| broker | requests_ttl | Time to store instance query in NoSQL Redis database in seconds. | 3600 |
| broker | security_group | Parameter that determines the automatic creation of a security group for each TRS instance at the time of connecting to it in order to restrict access of unassigned users to TRS instance. | True |
| broker | spice_enabled | Parameter that allows the RSclient to receive the SPICE console address of with the IP address of instance. | False |
| broker_api | audit_enabled | Enabling logging of requests to aos-rs-broker-api service. | True |
| broker_api | logfile | Path to log file of aos-rs-broker-api service. | |
| broker_api | use_rs_token | Enabling checking for permission to connect user to the guest operating system. | False |
| broker_api | web_guard | Enabling WebGuard support. | False |
| broker_api | web_guard_redirect_response | Response code for webguard redirected request. | 302 |
| kerberos | script_path | Path to the script for changing the user’s password via Kerberos. | |
| listener | after_delete_vm_script | Path to the script that is executed when instance is deleted. The script is run from the user aos. | |
| listener | cinder_rabbit_vhost | Virtual host of Cinder service message broker. | / |
| listener | keystone_rabbit_vhost | Virtual host of Keystone service message broker. | / |
| listener | logfile | Path to log file of aos-rs-listener service. | |
| listener | neutron_rabbit_vhost | Virtual host of Neutron service message broker. | / |
| listener | nova_rabbit_vhost | Virtual host of Nova service message broker. | / |
| project_sync | enabled | Option that enables project synchronization. | True |
| project_sync | logfile | Path to log file of project synchronization service. | |
| project_sync | sync_interval | Project synchronization start interval (in seconds). | 600 |
| web | compress_enabled | Enabling static compression. | True |
| web | debug | Debug mode. | True |
| web | memcache_location | Url address to access the caching system. | localhost:11211 |
Important
When changing the parameters of the configuration file, to make them take effect, it is need to perform the procedure described in the section “Updating the configuration file”.
Recovery plan¶
Roll back if the RSserver plug-in installation or update fails:
Compare versions of migrations in file
/tmp/rollback/rs_server/migrations.txtwith current. If there are any differences, migrate to the previous version for each of the applications. Migration example:openstack aos db list -n rs_server openstack aos db migrate -n rs_server --migration 14
Revert to the previous state of the packages:
cd /tmp/rollback/rs_server diff --changed-group-format='%>' --unchanged-group-format='' pip_before.txt pip_after.txt > pip_uninstall.txt diff --changed-group-format='%<' --unchanged-group-format='' pip_before.txt pip_after.txt > pip_install.txt pip3 uninstall -r pip_uninstall.txt pip3 install -r pip_install.txt