root / docs / admin-guide.rst @ 382ca20a
History | View | Annotate | Download (10.7 kB)
1 | bc055d09 | Constantinos Venetsanopoulos | .. _admin-guide: |
---|---|---|---|
2 | bc055d09 | Constantinos Venetsanopoulos | |
3 | bc055d09 | Constantinos Venetsanopoulos | Synnefo Administrator's Guide |
4 | bc055d09 | Constantinos Venetsanopoulos | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
5 | bc055d09 | Constantinos Venetsanopoulos | |
6 | bc055d09 | Constantinos Venetsanopoulos | This is the complete Synnefo Administrator's Guide. |
7 | bc055d09 | Constantinos Venetsanopoulos | |
8 | bc055d09 | Constantinos Venetsanopoulos | Quick Installation |
9 | bc055d09 | Constantinos Venetsanopoulos | ================== |
10 | bc055d09 | Constantinos Venetsanopoulos | |
11 | bc055d09 | Constantinos Venetsanopoulos | The quick installation guide describes how to install the whole synnefo stack |
12 | bc055d09 | Constantinos Venetsanopoulos | in just two physical nodes, for testing purposes. This guide is useful to those |
13 | bc055d09 | Constantinos Venetsanopoulos | interested in deploying synnefo in large scale, as a starting point that will |
14 | bc055d09 | Constantinos Venetsanopoulos | help them get familiar with the synnefo components and overall architecture, as |
15 | bc055d09 | Constantinos Venetsanopoulos | well as the interconnection between different services. Such an installation, |
16 | bc055d09 | Constantinos Venetsanopoulos | also provides a quick preview of the basic synnefo features, although we would |
17 | bc055d09 | Constantinos Venetsanopoulos | like to think that synnefo unveils its real power while scaling. |
18 | bc055d09 | Constantinos Venetsanopoulos | |
19 | bc055d09 | Constantinos Venetsanopoulos | | :ref:`Administrator's quick installation guide <quick-install-admin-guide>` |
20 | bc055d09 | Constantinos Venetsanopoulos | | This guide will walk you through a complete installation using debian packages. |
21 | bc055d09 | Constantinos Venetsanopoulos | |
22 | bc055d09 | Constantinos Venetsanopoulos | Common administrative tasks |
23 | bc055d09 | Constantinos Venetsanopoulos | =========================== |
24 | bc055d09 | Constantinos Venetsanopoulos | |
25 | bc055d09 | Constantinos Venetsanopoulos | If you installed Synnefo successfully and have a working deployment, here are |
26 | bc055d09 | Constantinos Venetsanopoulos | some common administrative tasks that you may find useful. |
27 | bc055d09 | Constantinos Venetsanopoulos | |
28 | f846d8df | Constantinos Venetsanopoulos | |
29 | f846d8df | Constantinos Venetsanopoulos | .. _user_activation: |
30 | f846d8df | Constantinos Venetsanopoulos | |
31 | f846d8df | Constantinos Venetsanopoulos | User activation |
32 | f846d8df | Constantinos Venetsanopoulos | --------------- |
33 | f846d8df | Constantinos Venetsanopoulos | |
34 | f846d8df | Constantinos Venetsanopoulos | When a new user signs up, he/she is not marked as active. You can see his/her |
35 | f846d8df | Constantinos Venetsanopoulos | state by running (on the machine that runs the Astakos app): |
36 | f846d8df | Constantinos Venetsanopoulos | |
37 | f846d8df | Constantinos Venetsanopoulos | .. code-block:: console |
38 | f846d8df | Constantinos Venetsanopoulos | |
39 | f846d8df | Constantinos Venetsanopoulos | $ snf-manage listusers |
40 | f846d8df | Constantinos Venetsanopoulos | |
41 | f846d8df | Constantinos Venetsanopoulos | There are two different ways to activate a new user. Both need access to a |
42 | f846d8df | Constantinos Venetsanopoulos | running mail server. Your mail server should be defined in the |
43 | 382ca20a | Constantinos Venetsanopoulos | ``/etc/synnefo/00-snf-common-admins.conf`` related constants. At least: |
44 | 382ca20a | Constantinos Venetsanopoulos | |
45 | 382ca20a | Constantinos Venetsanopoulos | .. code-block:: console |
46 | 382ca20a | Constantinos Venetsanopoulos | |
47 | 382ca20a | Constantinos Venetsanopoulos | EMAIL_HOST = "my_mail_server.example.com" |
48 | 382ca20a | Constantinos Venetsanopoulos | EMAIL_PORT = "25" |
49 | f846d8df | Constantinos Venetsanopoulos | |
50 | f846d8df | Constantinos Venetsanopoulos | Manual activation |
51 | f846d8df | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~ |
52 | f846d8df | Constantinos Venetsanopoulos | |
53 | f846d8df | Constantinos Venetsanopoulos | You can manually activate a new user that has already signed up, by sending |
54 | f846d8df | Constantinos Venetsanopoulos | him/her an activation email. The email will contain an approriate activation |
55 | f846d8df | Constantinos Venetsanopoulos | link, which will complete the activation process if followed. You can send the |
56 | f846d8df | Constantinos Venetsanopoulos | email by running: |
57 | f846d8df | Constantinos Venetsanopoulos | |
58 | f846d8df | Constantinos Venetsanopoulos | .. code-block:: console |
59 | f846d8df | Constantinos Venetsanopoulos | |
60 | f846d8df | Constantinos Venetsanopoulos | $ snf-manage sendactivation <user ID or email> |
61 | f846d8df | Constantinos Venetsanopoulos | |
62 | f846d8df | Constantinos Venetsanopoulos | Be sure to have already setup your mail server and defined it in your synnefo |
63 | f846d8df | Constantinos Venetsanopoulos | settings, before running the command. |
64 | f846d8df | Constantinos Venetsanopoulos | |
65 | f846d8df | Constantinos Venetsanopoulos | Automatic activation |
66 | f846d8df | Constantinos Venetsanopoulos | ~~~~~~~~~~~~~~~~~~~~ |
67 | f846d8df | Constantinos Venetsanopoulos | |
68 | f846d8df | Constantinos Venetsanopoulos | |
69 | bc055d09 | Constantinos Venetsanopoulos | The "kamaki" API client |
70 | bc055d09 | Constantinos Venetsanopoulos | ----------------------- |
71 | bc055d09 | Constantinos Venetsanopoulos | |
72 | bc055d09 | Constantinos Venetsanopoulos | To upload, register or modify an image you will need the **kamaki** tool. |
73 | bc055d09 | Constantinos Venetsanopoulos | Before proceeding make sure that it is configured properly. Verify that |
74 | bc055d09 | Constantinos Venetsanopoulos | *image_url*, *storage_url*, and *token* are set as needed: |
75 | bc055d09 | Constantinos Venetsanopoulos | |
76 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
77 | bc055d09 | Constantinos Venetsanopoulos | |
78 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config list |
79 | bc055d09 | Constantinos Venetsanopoulos | |
80 | bc055d09 | Constantinos Venetsanopoulos | To chage a setting use ``kamaki config set``: |
81 | bc055d09 | Constantinos Venetsanopoulos | |
82 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
83 | bc055d09 | Constantinos Venetsanopoulos | |
84 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config set image_url https://cyclades.example.com/plankton |
85 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config set storage_url https://pithos.example.com/v1 |
86 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config set token ... |
87 | bc055d09 | Constantinos Venetsanopoulos | |
88 | bc055d09 | Constantinos Venetsanopoulos | Upload Image |
89 | bc055d09 | Constantinos Venetsanopoulos | ------------ |
90 | bc055d09 | Constantinos Venetsanopoulos | |
91 | bc055d09 | Constantinos Venetsanopoulos | As a shortcut, you can configure a default account and container that will be |
92 | bc055d09 | Constantinos Venetsanopoulos | used by the ``kamaki store`` commands: |
93 | bc055d09 | Constantinos Venetsanopoulos | |
94 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
95 | bc055d09 | Constantinos Venetsanopoulos | |
96 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config set storage_account images@example.com |
97 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki config set storage_container images |
98 | bc055d09 | Constantinos Venetsanopoulos | |
99 | bc055d09 | Constantinos Venetsanopoulos | If the container does not exist, you will have to create it before uploading |
100 | bc055d09 | Constantinos Venetsanopoulos | any images: |
101 | bc055d09 | Constantinos Venetsanopoulos | |
102 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
103 | bc055d09 | Constantinos Venetsanopoulos | |
104 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki store create images |
105 | bc055d09 | Constantinos Venetsanopoulos | |
106 | bc055d09 | Constantinos Venetsanopoulos | You are now ready to upload an image. You can upload it with a Pithos+ client, |
107 | bc055d09 | Constantinos Venetsanopoulos | or use kamaki directly: |
108 | bc055d09 | Constantinos Venetsanopoulos | |
109 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
110 | bc055d09 | Constantinos Venetsanopoulos | |
111 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki store upload ubuntu.iso |
112 | bc055d09 | Constantinos Venetsanopoulos | |
113 | bc055d09 | Constantinos Venetsanopoulos | You can use any Pithos+ client to verify that the image was uploaded correctly. |
114 | bc055d09 | Constantinos Venetsanopoulos | The full Pithos URL for the previous example will be |
115 | bc055d09 | Constantinos Venetsanopoulos | ``pithos://images@example.com/images/ubuntu.iso``. |
116 | bc055d09 | Constantinos Venetsanopoulos | |
117 | bc055d09 | Constantinos Venetsanopoulos | |
118 | bc055d09 | Constantinos Venetsanopoulos | Register Image |
119 | bc055d09 | Constantinos Venetsanopoulos | -------------- |
120 | bc055d09 | Constantinos Venetsanopoulos | |
121 | bc055d09 | Constantinos Venetsanopoulos | To register an image you will need to use the full Pithos+ URL. To register as |
122 | bc055d09 | Constantinos Venetsanopoulos | a public image the one from the previous example use: |
123 | bc055d09 | Constantinos Venetsanopoulos | |
124 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
125 | bc055d09 | Constantinos Venetsanopoulos | |
126 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki glance register Ubuntu pithos://images@example.com/images/ubuntu.iso --public |
127 | bc055d09 | Constantinos Venetsanopoulos | |
128 | bc055d09 | Constantinos Venetsanopoulos | The ``--public`` flag is important, if missing the registered image will not |
129 | bc055d09 | Constantinos Venetsanopoulos | be listed by ``kamaki glance list``. |
130 | bc055d09 | Constantinos Venetsanopoulos | |
131 | bc055d09 | Constantinos Venetsanopoulos | Use ``kamaki glance register`` with no arguments to see a list of available |
132 | bc055d09 | Constantinos Venetsanopoulos | options. A more complete example would be the following: |
133 | bc055d09 | Constantinos Venetsanopoulos | |
134 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
135 | bc055d09 | Constantinos Venetsanopoulos | |
136 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki glance register Ubuntu pithos://images@example.com/images/ubuntu.iso \ |
137 | bc055d09 | Constantinos Venetsanopoulos | --public --disk-format diskdump --property kernel=3.1.2 |
138 | bc055d09 | Constantinos Venetsanopoulos | |
139 | bc055d09 | Constantinos Venetsanopoulos | To verify that the image was registered successfully use: |
140 | bc055d09 | Constantinos Venetsanopoulos | |
141 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
142 | bc055d09 | Constantinos Venetsanopoulos | |
143 | bc055d09 | Constantinos Venetsanopoulos | $ kamaki glance list -l |
144 | bc055d09 | Constantinos Venetsanopoulos | |
145 | bc055d09 | Constantinos Venetsanopoulos | |
146 | bc055d09 | Constantinos Venetsanopoulos | Admin tool: snf-manage |
147 | bc055d09 | Constantinos Venetsanopoulos | ---------------------- |
148 | bc055d09 | Constantinos Venetsanopoulos | |
149 | bc055d09 | Constantinos Venetsanopoulos | ``snf-manage`` is a tool used to perform various administrative tasks. It needs |
150 | bc055d09 | Constantinos Venetsanopoulos | to be able to access the django database, so the following should be able to |
151 | bc055d09 | Constantinos Venetsanopoulos | import the Django settings. |
152 | bc055d09 | Constantinos Venetsanopoulos | |
153 | bc055d09 | Constantinos Venetsanopoulos | Additionally, administrative tasks can be performed via the admin web interface |
154 | e18edd26 | Constantinos Venetsanopoulos | located in /admin. Only users of type ADMIN can access the admin pages. To |
155 | e18edd26 | Constantinos Venetsanopoulos | change the type of a user to ADMIN, snf-admin can be used: |
156 | bc055d09 | Constantinos Venetsanopoulos | |
157 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
158 | bc055d09 | Constantinos Venetsanopoulos | |
159 | bc055d09 | Constantinos Venetsanopoulos | $ snf-manage user modify 42 --type ADMIN |
160 | bc055d09 | Constantinos Venetsanopoulos | |
161 | e18edd26 | Constantinos Venetsanopoulos | |
162 | e18edd26 | Constantinos Venetsanopoulos | Adding Astakos "Terms of Use" |
163 | e18edd26 | Constantinos Venetsanopoulos | ----------------------------- |
164 | e18edd26 | Constantinos Venetsanopoulos | |
165 | e18edd26 | Constantinos Venetsanopoulos | Astakos supports versioned terms-of-use. First of all you need to create an |
166 | e18edd26 | Constantinos Venetsanopoulos | html file that will contain your terms. For example, create the file |
167 | e18edd26 | Constantinos Venetsanopoulos | ``/usr/share/synnefo/sample-terms.html``, which contains the following: |
168 | e18edd26 | Constantinos Venetsanopoulos | |
169 | e18edd26 | Constantinos Venetsanopoulos | .. code-block:: console |
170 | e18edd26 | Constantinos Venetsanopoulos | |
171 | e18edd26 | Constantinos Venetsanopoulos | <h1>~okeanos terms</h1> |
172 | e18edd26 | Constantinos Venetsanopoulos | |
173 | e18edd26 | Constantinos Venetsanopoulos | These are the example terms for ~okeanos |
174 | e18edd26 | Constantinos Venetsanopoulos | |
175 | e18edd26 | Constantinos Venetsanopoulos | Then, add those terms-of-use with the snf-manage command: |
176 | e18edd26 | Constantinos Venetsanopoulos | |
177 | e18edd26 | Constantinos Venetsanopoulos | .. code-block:: console |
178 | e18edd26 | Constantinos Venetsanopoulos | |
179 | e18edd26 | Constantinos Venetsanopoulos | $ snf-manage addterms /usr/share/synnefo/sample-terms.html |
180 | e18edd26 | Constantinos Venetsanopoulos | |
181 | e18edd26 | Constantinos Venetsanopoulos | Your terms have been successfully added and you will see the corresponding link |
182 | e18edd26 | Constantinos Venetsanopoulos | appearing in the Astakos web pages' footer. |
183 | e18edd26 | Constantinos Venetsanopoulos | |
184 | e18edd26 | Constantinos Venetsanopoulos | |
185 | bc055d09 | Constantinos Venetsanopoulos | Reconciliation mechanism |
186 | bc055d09 | Constantinos Venetsanopoulos | ------------------------ |
187 | bc055d09 | Constantinos Venetsanopoulos | |
188 | bc055d09 | Constantinos Venetsanopoulos | On certain occasions, such as a Ganeti or RabbitMQ failure, the VM state in the |
189 | bc055d09 | Constantinos Venetsanopoulos | system's database may differ from that in the Ganeti installation. The |
190 | bc055d09 | Constantinos Venetsanopoulos | reconciliation process is designed to bring the system's database in sync with |
191 | bc055d09 | Constantinos Venetsanopoulos | what Ganeti knows about each VM, and is able to detect the following three |
192 | bc055d09 | Constantinos Venetsanopoulos | conditions: |
193 | bc055d09 | Constantinos Venetsanopoulos | |
194 | bc055d09 | Constantinos Venetsanopoulos | * Stale DB servers without corresponding Ganeti instances |
195 | bc055d09 | Constantinos Venetsanopoulos | * Orphan Ganeti instances, without corresponding DB entries |
196 | bc055d09 | Constantinos Venetsanopoulos | * Out-of-sync operstate for DB entries wrt to Ganeti instances |
197 | bc055d09 | Constantinos Venetsanopoulos | |
198 | bc055d09 | Constantinos Venetsanopoulos | The reconciliation mechanism runs as a management command, e.g., as follows: |
199 | bc055d09 | Constantinos Venetsanopoulos | [PYTHONPATH needs to contain the parent of the synnefo Django project |
200 | bc055d09 | Constantinos Venetsanopoulos | directory]: |
201 | bc055d09 | Constantinos Venetsanopoulos | |
202 | bc055d09 | Constantinos Venetsanopoulos | .. code-block:: console |
203 | bc055d09 | Constantinos Venetsanopoulos | |
204 | bc055d09 | Constantinos Venetsanopoulos | $ export PYTHONPATH=/srv:$PYTHONPATH |
205 | bc055d09 | Constantinos Venetsanopoulos | $ snf-manage reconcile --detect-all -v 2 |
206 | bc055d09 | Constantinos Venetsanopoulos | |
207 | bc055d09 | Constantinos Venetsanopoulos | Please see ``snf-manage reconcile --help`` for all the details. |
208 | bc055d09 | Constantinos Venetsanopoulos | |
209 | bc055d09 | Constantinos Venetsanopoulos | The administrator can also trigger reconciliation of operating state manually, |
210 | bc055d09 | Constantinos Venetsanopoulos | by issuing a Ganeti ``OP_INSTANCE_QUERY_DATA`` command on a Synnefo VM, using |
211 | bc055d09 | Constantinos Venetsanopoulos | gnt-instance info. |
212 | bc055d09 | Constantinos Venetsanopoulos | |
213 | bc055d09 | Constantinos Venetsanopoulos | Logging |
214 | bc055d09 | Constantinos Venetsanopoulos | ------- |
215 | bc055d09 | Constantinos Venetsanopoulos | |
216 | bc055d09 | Constantinos Venetsanopoulos | Logging in Synnefo is using Python's logging module. The module is configured |
217 | bc055d09 | Constantinos Venetsanopoulos | using dictionary configuration, whose format is described here: |
218 | bc055d09 | Constantinos Venetsanopoulos | |
219 | bc055d09 | Constantinos Venetsanopoulos | http://docs.python.org/release/2.7.1/library/logging.html#logging-config-dictschema |
220 | bc055d09 | Constantinos Venetsanopoulos | |
221 | bc055d09 | Constantinos Venetsanopoulos | Note that this is a feature of Python 2.7 that we have backported for use in |
222 | bc055d09 | Constantinos Venetsanopoulos | Python 2.6. |
223 | bc055d09 | Constantinos Venetsanopoulos | |
224 | bc055d09 | Constantinos Venetsanopoulos | The logging configuration dictionary is defined in settings.d/00-logging.conf |
225 | bc055d09 | Constantinos Venetsanopoulos | and is broken in 4 separate dictionaries: |
226 | bc055d09 | Constantinos Venetsanopoulos | |
227 | bc055d09 | Constantinos Venetsanopoulos | * LOGGING is the logging configuration used by the web app. By default all |
228 | bc055d09 | Constantinos Venetsanopoulos | loggers fall back to the main 'synnefo' logger. The subloggers can be |
229 | bc055d09 | Constantinos Venetsanopoulos | changed accordingly for finer logging control. e.g. To disable debug |
230 | bc055d09 | Constantinos Venetsanopoulos | messages from the API set the level of 'synnefo.api' to 'INFO'. |
231 | bc055d09 | Constantinos Venetsanopoulos | |
232 | bc055d09 | Constantinos Venetsanopoulos | * DISPATCHER_LOGGING is the logging configuration of the logic/dispatcher.py |
233 | bc055d09 | Constantinos Venetsanopoulos | command line tool. |
234 | bc055d09 | Constantinos Venetsanopoulos | |
235 | bc055d09 | Constantinos Venetsanopoulos | * SNFADMIN_LOGGING is the logging configuration of the snf-admin tool. |
236 | bc055d09 | Constantinos Venetsanopoulos | Consider using matching configuration for snf-admin and the synnefo.admin |
237 | bc055d09 | Constantinos Venetsanopoulos | logger of the web app. |
238 | bc055d09 | Constantinos Venetsanopoulos | |
239 | bc055d09 | Constantinos Venetsanopoulos | Please note the following: |
240 | bc055d09 | Constantinos Venetsanopoulos | |
241 | bc055d09 | Constantinos Venetsanopoulos | * As of Synnefo v0.7, by default the Django webapp logs to syslog, the |
242 | bc055d09 | Constantinos Venetsanopoulos | dispatcher logs to /var/log/synnefo/dispatcher.log and the console, |
243 | bc055d09 | Constantinos Venetsanopoulos | snf-admin logs to the console. |
244 | bc055d09 | Constantinos Venetsanopoulos | * Different handlers can be set to different logging levels: |
245 | bc055d09 | Constantinos Venetsanopoulos | for example, everything may appear to the console, but only INFO and higher |
246 | bc055d09 | Constantinos Venetsanopoulos | may actually be stored in a longer-term logfile |
247 | bc055d09 | Constantinos Venetsanopoulos | |
248 | bc055d09 | Constantinos Venetsanopoulos | |
249 | d189d11c | Constantinos Venetsanopoulos | .. _shibboleth-auth: |
250 | d189d11c | Constantinos Venetsanopoulos | |
251 | d189d11c | Constantinos Venetsanopoulos | Authentication using Shibboleth |
252 | d189d11c | Constantinos Venetsanopoulos | =============================== |
253 | d189d11c | Constantinos Venetsanopoulos | |
254 | d189d11c | Constantinos Venetsanopoulos | Astakos can delegate user authentication to a Shibboleth federation. |
255 | d189d11c | Constantinos Venetsanopoulos | |
256 | d189d11c | Constantinos Venetsanopoulos | To setup shibboleth, install package:: |
257 | d189d11c | Constantinos Venetsanopoulos | |
258 | d189d11c | Constantinos Venetsanopoulos | apt-get install libapache2-mod-shib2 |
259 | d189d11c | Constantinos Venetsanopoulos | |
260 | d189d11c | Constantinos Venetsanopoulos | Change appropriately the configuration files in ``/etc/shibboleth``. |
261 | d189d11c | Constantinos Venetsanopoulos | |
262 | d189d11c | Constantinos Venetsanopoulos | Add in ``/etc/apache2/sites-available/synnefo-ssl``:: |
263 | d189d11c | Constantinos Venetsanopoulos | |
264 | d189d11c | Constantinos Venetsanopoulos | ShibConfig /etc/shibboleth/shibboleth2.xml |
265 | d189d11c | Constantinos Venetsanopoulos | Alias /shibboleth-sp /usr/share/shibboleth |
266 | d189d11c | Constantinos Venetsanopoulos | |
267 | d189d11c | Constantinos Venetsanopoulos | <Location /im/login/shibboleth> |
268 | d189d11c | Constantinos Venetsanopoulos | AuthType shibboleth |
269 | d189d11c | Constantinos Venetsanopoulos | ShibRequireSession On |
270 | d189d11c | Constantinos Venetsanopoulos | ShibUseHeaders On |
271 | d189d11c | Constantinos Venetsanopoulos | require valid-user |
272 | d189d11c | Constantinos Venetsanopoulos | </Location> |
273 | d189d11c | Constantinos Venetsanopoulos | |
274 | d189d11c | Constantinos Venetsanopoulos | and before the line containing:: |
275 | d189d11c | Constantinos Venetsanopoulos | |
276 | d189d11c | Constantinos Venetsanopoulos | ProxyPass / http://localhost:8080/ retry=0 |
277 | d189d11c | Constantinos Venetsanopoulos | |
278 | d189d11c | Constantinos Venetsanopoulos | add:: |
279 | d189d11c | Constantinos Venetsanopoulos | |
280 | d189d11c | Constantinos Venetsanopoulos | ProxyPass /Shibboleth.sso ! |
281 | d189d11c | Constantinos Venetsanopoulos | |
282 | d189d11c | Constantinos Venetsanopoulos | Then, enable the shibboleth module:: |
283 | d189d11c | Constantinos Venetsanopoulos | |
284 | d189d11c | Constantinos Venetsanopoulos | a2enmod shib2 |
285 | d189d11c | Constantinos Venetsanopoulos | |
286 | d189d11c | Constantinos Venetsanopoulos | After passing through the apache module, the following tokens should be |
287 | d189d11c | Constantinos Venetsanopoulos | available at the destination:: |
288 | d189d11c | Constantinos Venetsanopoulos | |
289 | d189d11c | Constantinos Venetsanopoulos | eppn # eduPersonPrincipalName |
290 | d189d11c | Constantinos Venetsanopoulos | Shib-InetOrgPerson-givenName |
291 | d189d11c | Constantinos Venetsanopoulos | Shib-Person-surname |
292 | d189d11c | Constantinos Venetsanopoulos | Shib-Person-commonName |
293 | d189d11c | Constantinos Venetsanopoulos | Shib-InetOrgPerson-displayName |
294 | d189d11c | Constantinos Venetsanopoulos | Shib-EP-Affiliation |
295 | d189d11c | Constantinos Venetsanopoulos | Shib-Session-ID |
296 | d189d11c | Constantinos Venetsanopoulos | |
297 | d189d11c | Constantinos Venetsanopoulos | Finally, add 'shibboleth' in ``ASTAKOS_IM_MODULES`` list. The variable resides |
298 | d189d11c | Constantinos Venetsanopoulos | inside the file ``/etc/synnefo/20-snf-astakos-app-settings.conf`` |
299 | d189d11c | Constantinos Venetsanopoulos | |
300 | d189d11c | Constantinos Venetsanopoulos | |
301 | bc055d09 | Constantinos Venetsanopoulos | Scaling up to multiple nodes |
302 | bc055d09 | Constantinos Venetsanopoulos | ============================ |
303 | bc055d09 | Constantinos Venetsanopoulos | |
304 | bc055d09 | Constantinos Venetsanopoulos | Here we will describe how to deploy all services, interconnected with each |
305 | 2f6143c9 | Constantinos Venetsanopoulos | other, on multiple physical nodes. |
306 | 2f6143c9 | Constantinos Venetsanopoulos | |
307 | 2f6143c9 | Constantinos Venetsanopoulos | synnefo components |
308 | 2f6143c9 | Constantinos Venetsanopoulos | ------------------ |
309 | 2f6143c9 | Constantinos Venetsanopoulos | |
310 | 2f6143c9 | Constantinos Venetsanopoulos | You need to install the appropriate synnefo software components on each node, |
311 | 2f6143c9 | Constantinos Venetsanopoulos | depending on its type, see :ref:`Architecture <cyclades-architecture>`. |
312 | 2f6143c9 | Constantinos Venetsanopoulos | |
313 | 2f6143c9 | Constantinos Venetsanopoulos | Please see the page of each synnefo software component for specific |
314 | 2f6143c9 | Constantinos Venetsanopoulos | installation instructions, where applicable. |
315 | 2f6143c9 | Constantinos Venetsanopoulos | |
316 | 2f6143c9 | Constantinos Venetsanopoulos | Install the following synnefo components: |
317 | 2f6143c9 | Constantinos Venetsanopoulos | |
318 | 2f6143c9 | Constantinos Venetsanopoulos | Nodes of type :ref:`APISERVER <APISERVER_NODE>` |
319 | 2f6143c9 | Constantinos Venetsanopoulos | Components |
320 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-common <snf-common>`, |
321 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-webproject <snf-webproject>`, |
322 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-cyclades-app <snf-cyclades-app>` |
323 | 2f6143c9 | Constantinos Venetsanopoulos | Nodes of type :ref:`GANETI-MASTER <GANETI_MASTER>` and :ref:`GANETI-NODE <GANETI_NODE>` |
324 | 2f6143c9 | Constantinos Venetsanopoulos | Components |
325 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-common <snf-common>`, |
326 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-cyclades-gtools <snf-cyclades-gtools>` |
327 | 2f6143c9 | Constantinos Venetsanopoulos | Nodes of type :ref:`LOGIC <LOGIC_NODE>` |
328 | 2f6143c9 | Constantinos Venetsanopoulos | Components |
329 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-common <snf-common>`, |
330 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-webproject <snf-webproject>`, |
331 | 2f6143c9 | Constantinos Venetsanopoulos | :ref:`snf-cyclades-app <snf-cyclades-app>`. |
332 | 2f6143c9 | Constantinos Venetsanopoulos | |
333 | 547c78f6 | Constantinos Venetsanopoulos | RabbitMQ |
334 | 547c78f6 | Constantinos Venetsanopoulos | -------- |
335 | 547c78f6 | Constantinos Venetsanopoulos | |
336 | 547c78f6 | Constantinos Venetsanopoulos | RabbitMQ is used as a generic message broker for Cyclades. It should be |
337 | 547c78f6 | Constantinos Venetsanopoulos | installed on two seperate :ref:`QUEUE <QUEUE_NODE>` nodes in a high |
338 | 547c78f6 | Constantinos Venetsanopoulos | availability configuration as described here: |
339 | 547c78f6 | Constantinos Venetsanopoulos | |
340 | 547c78f6 | Constantinos Venetsanopoulos | http://www.rabbitmq.com/pacemaker.html |
341 | 547c78f6 | Constantinos Venetsanopoulos | |
342 | 547c78f6 | Constantinos Venetsanopoulos | The values set for the user and password must be mirrored in the ``RABBIT_*`` |
343 | 547c78f6 | Constantinos Venetsanopoulos | variables in your settings, as managed by :ref:`snf-common <snf-common>`. |
344 | 547c78f6 | Constantinos Venetsanopoulos | |
345 | 547c78f6 | Constantinos Venetsanopoulos | .. todo:: Document an active-active configuration based on the latest version |
346 | 547c78f6 | Constantinos Venetsanopoulos | of RabbitMQ. |
347 | 547c78f6 | Constantinos Venetsanopoulos | |
348 | bc055d09 | Constantinos Venetsanopoulos | |
349 | bc055d09 | Constantinos Venetsanopoulos | Upgrade Notes |
350 | bc055d09 | Constantinos Venetsanopoulos | ============= |
351 | bc055d09 | Constantinos Venetsanopoulos | |
352 | bc055d09 | Constantinos Venetsanopoulos | Cyclades upgrade notes |
353 | bc055d09 | Constantinos Venetsanopoulos | ---------------------- |
354 | bc055d09 | Constantinos Venetsanopoulos | |
355 | bc055d09 | Constantinos Venetsanopoulos | .. toctree:: |
356 | bc055d09 | Constantinos Venetsanopoulos | :maxdepth: 2 |
357 | bc055d09 | Constantinos Venetsanopoulos | |
358 | bc055d09 | Constantinos Venetsanopoulos | cyclades-upgrade |
359 | bc055d09 | Constantinos Venetsanopoulos | |
360 | bc055d09 | Constantinos Venetsanopoulos | Changelog |
361 | bc055d09 | Constantinos Venetsanopoulos | ========= |