root / doc / manual / source / adminguide.rst @ 2bc88961
History | View | Annotate | Download (13.4 kB)
1 |
Administration Guide |
---|---|
2 |
===================== |
3 |
|
4 |
The administration guide includes details on how an Aquarium setup should |
5 |
look like. |
6 |
|
7 |
Installation and Configuration |
8 |
------------------------------ |
9 |
|
10 |
Aquarium is distributed as a TAR archive or through its source code repository |
11 |
from `project home location <https://code.grnet.gr/projects/aquarium>`_. For |
12 |
instructions on how to build Aquarium from source, checkout the Development |
13 |
Guide. |
14 |
|
15 |
Upon un-archiving the binary archive, the following directories will appear: |
16 |
|
17 |
- ``bin`` Contains the ``aquarium.sh`` script, used to start/stop Aquarium |
18 |
- ``lib`` Library dependencies and the Aquarium.jar file |
19 |
- ``conf`` Configuration files |
20 |
- ``logs`` Where the Aquarium log output goes by default |
21 |
|
22 |
External Software Dependencies |
23 |
------------------------------ |
24 |
|
25 |
Aquarium depends on the following software to run: |
26 |
|
27 |
- `MongoDB <http://www.mongodb.org/>`_, ver >2. Aquarium uses MongoDB to store |
28 |
incoming messages (resource and user events) and also to store intermediate |
29 |
computation results, such as the user wallets. |
30 |
- `RabbitMQ <http://rabbitmq.com>`_, ver >2.7. Aquarium sets up a configurable |
31 |
number of queues to retrieve resource events from external systems. |
32 |
- An external identity provider installation that is capable of publishing messages |
33 |
in the `User Event`_ format. Aquarium retrieves user events from a configured |
34 |
queue. |
35 |
|
36 |
See the following sections for more detailed configuration notes for each one |
37 |
of the external software systems. |
38 |
|
39 |
MongoDB configuration for Aquarium |
40 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
41 |
|
42 |
.. IMPORTANT:: |
43 |
The `Failover Configuration`_ must precede any additional configuration step, |
44 |
if data replication is a strong requirement. |
45 |
|
46 |
Before starting Aquarium with MongoDB, you will need to create a data schema |
47 |
and an account for Aquarium. To do that, execute the following commands: |
48 |
|
49 |
.. code-block:: bash |
50 |
|
51 |
$ mongo |
52 |
> use aquarium |
53 |
> db.addUser("aquarium", "aquarpasswd") |
54 |
> db.aquarium.users.find() |
55 |
|
56 |
Aquarium automatically creates the following MongoDB collections upon first run: |
57 |
|
58 |
- ``resevents``: Contains incoming resource events |
59 |
- ``userstates``: Contains timestamped snapshots of the in memory data stored per |
60 |
each user |
61 |
- ``userevents``: Contains incoming user events |
62 |
- ``policyEntries``: Contains the history of changes to the applicable charging |
63 |
policy |
64 |
|
65 |
Indexes |
66 |
+++++++ |
67 |
|
68 |
It is advisable to create the following indexes to ensure fast querying of data |
69 |
in MongoDB: |
70 |
|
71 |
============== ================================================== |
72 |
Collection Indexes on fields |
73 |
============== ================================================== |
74 |
resevents id, userId |
75 |
userstates userId |
76 |
userevents id, userId |
77 |
============== ================================================== |
78 |
|
79 |
To create a MongoDB index, open a MongoDB shell and do the following: |
80 |
|
81 |
.. code-block:: bash |
82 |
|
83 |
>use aquarium |
84 |
>db.resevents.ensureIndex({userId:1}) |
85 |
>db.resevents.getIndexes() |
86 |
|
87 |
You can see more on MongoDB indexes |
88 |
`here <http://www.mongodb.org/display/DOCS/Indexes>`_. |
89 |
|
90 |
Failover Configuration |
91 |
++++++++++++++++++++++ |
92 |
|
93 |
MongoDB enables easy master/slave replication configuration, and it is |
94 |
advisable to enable it in all Aquarium installations. To configure replication |
95 |
for nodes A (IP: 10.0.0.1) and B (IP:10.0.0.2) with node A being the master do |
96 |
the following: |
97 |
|
98 |
1. Edit the MongoDB configuration file (``/etc/mongodb.conf`` on Debian) and include |
99 |
the following entries: |
100 |
|
101 |
.. code-block:: bash |
102 |
|
103 |
directoryperdb = true |
104 |
replSet = aquarium-replicas |
105 |
|
106 |
2. Login to MongoDB on the master node with the admin account: ``mongo A/admin``. |
107 |
3. Enter the following configuration: |
108 |
|
109 |
.. code-block:: bash |
110 |
|
111 |
>cfg = { |
112 |
_id : "aquarium-replicas", |
113 |
members : [ |
114 |
{_id: 0, host: "10.0.0.1"}, |
115 |
{_id: 1, host: "10.0.0.2"} |
116 |
] |
117 |
} |
118 |
|
119 |
>rs.initiate(cfg) |
120 |
|
121 |
4. Check that replication has started with: ``rs.status()`` |
122 |
|
123 |
You can find more on the |
124 |
`MongoDB replication <http://www.mongodb.org/display/DOCS/Replication>`_ page |
125 |
|
126 |
.. TIP:: |
127 |
MongoDB also supports splitting the data on multiple nodes in a cluster on |
128 |
a per collection basis, using a pre-defined data key. This is called |
129 |
`sharding <http://www.mongodb.org/display/DOCS/Sharding+Introduction>`_, |
130 |
and is only recommended on installations with very high incoming data volumes, |
131 |
primarily for the ``resevents`` collection. |
132 |
|
133 |
RabbitMQ configuration for Aquarium |
134 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
135 |
|
136 |
To connect to RabbitMQ, Aquarium needs an account with permission to create exchanges. |
137 |
Such an account can be created as follows: |
138 |
|
139 |
.. code-block:: bash |
140 |
|
141 |
rabbitmqctl add_user rabbit r@bb1t |
142 |
rabbitmqctl set_permissions -p / rabbit ".*" ".*" ".*" |
143 |
|
144 |
To ensure high availability, Aquarium can be configured to use RabbitMQ in |
145 |
active-active mode, where all nodes but one can fail individually. Aquarium has |
146 |
been developed to automatically connect to the next available node in case a |
147 |
connection to the currently enabled node fails. |
148 |
|
149 |
To configure nodes A (IP: 10.0.0.1) and B (IP: 10.0.0.2) as a |
150 |
RabbitMQ active-active cluster do the following: |
151 |
|
152 |
1. Start RabbitMQ on both nodes and then stop it. On node A, look for a file named |
153 |
``.erlang.cookie`` in RabbitMQ's runtime data directory (on Debian, this is |
154 |
configured to ``/var/lib/rabbitmq``). Copy its contents to the same file on node B |
155 |
and restart RabbitMQ on both nodes |
156 |
2. On both node A and node B, run the following: |
157 |
|
158 |
.. code-block:: bash |
159 |
|
160 |
rabbitmqctl add_user rabbit r@bb1t |
161 |
rabbitmqctl set_permissions -p / rabbit ".*" ".*" ".*" |
162 |
rabbitmqctl delete_user guest |
163 |
|
164 |
This will create the same user with full administrative rights on both nodes and will |
165 |
delete the default user. |
166 |
|
167 |
3. On node A, run the following to initialize the cluster: |
168 |
|
169 |
.. code-block:: bash |
170 |
|
171 |
rabbitmqctl stop_app |
172 |
rabbitmqctl reset |
173 |
rabbitmqctl cluster rabbit@10.0.0.1 rabbit@10.0.0.2 |
174 |
rabbitmqctl start_app |
175 |
|
176 |
4. To make sure it works, run: ``rabbitmqctl cluster_status`` |
177 |
|
178 |
To find out more, read the `RabbitMQ clustering guide <http://www.rabbitmq.com/clustering.html>`_. |
179 |
|
180 |
Running Aquarium |
181 |
---------------- |
182 |
|
183 |
To run Aquarium, change the current directory to the checked out and |
184 |
|
185 |
``./bin/aquarium.sh start`` |
186 |
|
187 |
Aquarium can also be started in debug mode, where all output is written to the |
188 |
console and the JVM is started with the JPDA remote debugger interface |
189 |
listening to port 8000. An IDE can then be connected to ``localhost:8000`` |
190 |
|
191 |
``./bin/aquarium.sh debug`` |
192 |
|
193 |
To stop Aquarium in normal mode, run |
194 |
|
195 |
``./bin/aquarium.sh stop`` |
196 |
|
197 |
The Aquarium start up script understands the following environment variables. |
198 |
It is advised that for the time being you only change the JAVA_OPTS configuration |
199 |
option. |
200 |
|
201 |
============== ================================================== |
202 |
Variable Description |
203 |
============== ================================================== |
204 |
JAVA_OPTS Runtime options for the JVM that runs Aquarium |
205 |
AQUARIUM_PROP Java system properties understood by Aquarium |
206 |
AQUARIUM_OPTS Cmd-line options for Aquarium |
207 |
AQUARIUM_HOME Location of the top level Aquarium dir |
208 |
============== ================================================== |
209 |
|
210 |
Configuring Aquarium |
211 |
-------------------- |
212 |
|
213 |
Aquarium is configured through the following configuration files: |
214 |
|
215 |
- ``aquarium.properties``: This is the central configuration file. The following two |
216 |
files are directly linked from this. |
217 |
- ``policy.yaml``: The file that contains the current resource charging policy. |
218 |
- ``role-agreement.map``: Contains a map of user role names to agreements. |
219 |
- ``log4j.conf``: Configuration for the Aquarium logger. See the Log4j |
220 |
`configuration instructions <http://logging.apache.org/log4j/1.2/manual.html>`_. |
221 |
|
222 |
Upon initialization, Aquarium scans the following locations to discover the |
223 |
first instance of the ``aquarium.properties`` file: |
224 |
|
225 |
1. ``$AQUARIUM_HOME/conf/`` |
226 |
2. ``$CWD`` |
227 |
3. ``/etc/aquarium/`` |
228 |
4. If searching in the above locations fails, Aquarium will use the default files |
229 |
provided in its classpath. This will probably cause Aquarium to fail. |
230 |
|
231 |
A brief description of the contents of each configuration file follows. |
232 |
|
233 |
The aquarium.properties file |
234 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
235 |
|
236 |
The following are the user configurable keys in the ``aquarium.properties`` file. |
237 |
|
238 |
=============================== ================================== ============= |
239 |
Key Description Default value |
240 |
=============================== ================================== ============= |
241 |
``aquarium.policy`` Location of the Aquarium policy.yaml |
242 |
accounting policy config file |
243 |
``aquarium.role-agreement.map`` Location of the file that role-agreement.map |
244 |
defines the mappings between |
245 |
``amqp.servers`` Comma separated list of AMQP localhost |
246 |
servers to use. To use more |
247 |
than one servers, they must be |
248 |
configured in active-active |
249 |
mode |
250 |
``amqp.port`` Port for connecting to the AMQP |
251 |
server |
252 |
``amqp.username`` Username to connect to AMQP aquarium |
253 |
``amqp.passwd`` Password to connect to AMQP aquarium |
254 |
``amqp.vhost`` The vhost for the AMQP server / |
255 |
``amqp.resevents.queues`` Queue declarations for receiving see below |
256 |
resource events. Format is |
257 |
``"exchange:routing.key:queue"`` |
258 |
Entries are separated by ``;`` |
259 |
``amqp.userevents.queues`` Queue declarations for receiving see below |
260 |
user events |
261 |
``rest.port`` REST service listening port 8080 |
262 |
``persistence.provider`` Provider for persistence services mongo |
263 |
``persistence.host`` Hostname for the persistence localhost |
264 |
service |
265 |
``persistence.port`` Port for connecting to the 27017 |
266 |
persistence service |
267 |
``persistence.username`` Username for connecting to the mongo |
268 |
persistence service |
269 |
``persistence.password`` Password for connecting to the mongo |
270 |
persistence service |
271 |
``mongo.connection.pool.size`` Maximum number of open 20 |
272 |
connections to MongoDB |
273 |
=============================== ================================== ============= |
274 |
|
275 |
|
276 |
**Defining queues**: |
277 |
The format for defining a queue mapping to retrieve messages from an AMQP |
278 |
exchange is the following: |
279 |
|
280 |
.. code-block:: bash |
281 |
|
282 |
exchange:routing.key:queue[;exchange:routing.key:queue] |
283 |
|
284 |
This means that multiple queues can be declared per message type. The |
285 |
routing key and exchange name must be agreed in advance with the external |
286 |
system that provides the messages to it. For example, if Aquarium must be |
287 |
connected to its project siblings |
288 |
(`Pithos <https://code.grnet.gr/projects/pithos>`_, |
289 |
`Cyclades <https://code.grnet.gr/projects/synnefo/>`_), the following |
290 |
configuration must be applied: |
291 |
|
292 |
.. code-block:: bash |
293 |
|
294 |
pithos:pithos.resource.#:aquarium-pithos-resevents;cyclades:cyclades.resource.#:aquarium-cyclades-resevents |
295 |
|
296 |
|
297 |
The policy.yaml file |
298 |
^^^^^^^^^^^^^^^^^^^^^^^^ |
299 |
|
300 |
The ``policy.yaml`` file contains the description of the latest charging |
301 |
policy, in the Aquarium DSL YAML format. You can find more details on the |
302 |
Aquarium DSL in the `Development Guide`_. |
303 |
|
304 |
Aquarium depends on the ``policy.yaml`` file to drive its resource charging |
305 |
system, and for this reason it maintains a full history of the edits to it |
306 |
internally. In fact, it even stores JSON renderings of the file in the |
307 |
``policyEntries`` MongoDB collection. At startup, Aquarium will compare the |
308 |
internally stored version time against the time the latest edit time of the |
309 |
file on disk. If the file has been edited after the latest version stored in |
310 |
the Aquarium database, the file is reloaded and a new policy version is stored. |
311 |
All events whose validity time overlaps with the lifetimes of two (or more) |
312 |
policies, will need to have separate charge entries according to the provisions |
313 |
of each policy version. It is generally advised to keep changes to the policy |
314 |
file to a minimum. |
315 |
|
316 |
The role-agreement.map file |
317 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
318 |
|
319 |
The ``role-agreement.map`` describes associations of user roles to agreements. |
320 |
|
321 |
Associations are laid out one per line in the following format |
322 |
|
323 |
.. code-block:: bash |
324 |
|
325 |
name-of-role=name-of-agreement |
326 |
|
327 |
The allowed characters for both parts of the association are |
328 |
``a-z,A-Z,0-9,-,_``, while lines that start with ``#`` are regarded as |
329 |
comments. The names are case insensitive. |
330 |
|
331 |
To cope with cases where a role is defined for a user, but Aquarium has not |
332 |
been made aware of the change, a special entry starting with ``*`` is supported, |
333 |
which assigns a default agreement to all unknown roles. |
334 |
For example, the entry ``*=foobar``, assigns the agreement named ``foobar`` to |
335 |
all roles not defined earlier on. |
336 |
|
337 |
Currently, Aquarium does not keep a history of the ``role-agreement.map`` file, |
338 |
as it does with the ``policy.yaml`` one. |
339 |
|
340 |
Document Revisions |
341 |
------------------ |
342 |
|
343 |
================== ========================================= |
344 |
Revision Description |
345 |
================== ========================================= |
346 |
0.1 (Mar 2012) Configuration options, running |
347 |
================== ========================================= |
348 |
|
349 |
|