Revision dd45ee44 docs/quick-install-admin-guide.rst
b/docs/quick-install-admin-guide.rst | ||
---|---|---|
98 | 98 |
* gevent |
99 | 99 |
* dns server |
100 | 100 |
|
101 |
You can install apache2, progresql and ntp by running:
|
|
101 |
You can install apache2, postgresql and ntp by running:
|
|
102 | 102 |
|
103 | 103 |
.. code-block:: console |
104 | 104 |
|
... | ... | |
250 | 250 |
|
251 | 251 |
Now you can create the certificate |
252 | 252 |
|
253 |
.. code-block:: console
|
|
254 |
|
|
253 |
.. code-block:: console |
|
254 |
|
|
255 | 255 |
# ./build-ca |
256 | 256 |
|
257 | 257 |
The previous will create a ``ca.crt`` file. Copy this file under |
... | ... | |
266 | 266 |
Now you can create the keys and sign them with the certificate |
267 | 267 |
|
268 | 268 |
.. code-block:: console |
269 |
|
|
269 |
|
|
270 | 270 |
# ./build-key-server node1.example.com |
271 | 271 |
|
272 | 272 |
This will create a .pem and a .key file in your current folder. Copy these in |
273 |
``/etc/ssl/certs/`` and ``/etc/ssl/private/`` respectively and
|
|
273 |
``/etc/ssl/certs/`` and ``/etc/ssl/private/`` respectively and |
|
274 | 274 |
use them in the apache2 configuration file below instead of the defaults. |
275 | 275 |
|
276 | 276 |
Apache2 setup |
... | ... | |
344 | 344 |
# a2enmod headers |
345 | 345 |
# a2enmod proxy_http |
346 | 346 |
|
347 |
.. note:: This isn't really needed, but it's a good security practice to disable |
|
348 |
directory listing in apache:: |
|
349 |
|
|
350 |
# a2dismod autoindex |
|
351 |
|
|
352 |
|
|
347 | 353 |
.. warning:: Do NOT start/restart the server yet. If the server is running:: |
348 | 354 |
|
349 | 355 |
# /etc/init.d/apache2 stop |
... | ... | |
387 | 393 |
In order to set up a dns server using dnsmasq do the following |
388 | 394 |
|
389 | 395 |
.. code-block:: console |
390 |
|
|
396 |
|
|
391 | 397 |
# apt-get install dnsmasq |
392 | 398 |
|
393 | 399 |
Then edit you ``/etc/hosts/`` as follows |
... | ... | |
400 | 406 |
Finally edit the ``/etc/dnsmasq.conf`` file and specify the ``listen-address`` and |
401 | 407 |
the ``interface`` you would like to listen to. |
402 | 408 |
|
403 |
Also add the following in your ``/etc/resolv.conf`` file
|
|
409 |
Also add the following in your ``/etc/resolv.conf`` file |
|
404 | 410 |
|
405 | 411 |
.. code-block:: console |
406 | 412 |
|
... | ... | |
556 | 562 |
# a2enmod headers |
557 | 563 |
# a2enmod proxy_http |
558 | 564 |
|
565 |
.. note:: This isn't really needed, but it's a good security practice to disable |
|
566 |
directory listing in apache:: |
|
567 |
|
|
568 |
# a2dismod autoindex |
|
569 |
|
|
559 | 570 |
.. warning:: Do NOT start/restart the server yet. If the server is running:: |
560 | 571 |
|
561 | 572 |
# /etc/init.d/apache2 stop |
... | ... | |
582 | 593 |
Add the following line in ``/etc/resolv.conf`` file |
583 | 594 |
|
584 | 595 |
.. code-block:: console |
585 |
|
|
596 |
|
|
586 | 597 |
nameserver 4.3.2.1 |
587 | 598 |
|
588 | 599 |
to inform the node about the new dns server. |
... | ... | |
703 | 714 |
Email delivery configuration |
704 | 715 |
---------------------------- |
705 | 716 |
|
706 |
Many of the ``astakos`` operations require server to notify service users and
|
|
707 |
administrators via email. e.g. right after the signup process the service sents
|
|
708 |
an email to the registered email address containing an email verification url,
|
|
709 |
after the user verifies the email address astakos once again needs to notify
|
|
717 |
Many of the ``astakos`` operations require server to notify service users and |
|
718 |
administrators via email. e.g. right after the signup process the service sents |
|
719 |
an email to the registered email address containing an email verification url, |
|
720 |
after the user verifies the email address astakos once again needs to notify |
|
710 | 721 |
administrators with a notice that a new account has just been verified. |
711 | 722 |
|
712 | 723 |
More specifically astakos sends emails in the following cases |
713 | 724 |
|
714 | 725 |
- An email containing a verification link after each signup process. |
715 |
- An email to the people listed in ``ADMINS`` setting after each email
|
|
716 |
verification if ``ASTAKOS_MODERATION`` setting is ``True``. The email
|
|
717 |
notifies administrators that an additional action is required in order to
|
|
726 |
- An email to the people listed in ``ADMINS`` setting after each email |
|
727 |
verification if ``ASTAKOS_MODERATION`` setting is ``True``. The email |
|
728 |
notifies administrators that an additional action is required in order to |
|
718 | 729 |
activate the user. |
719 |
- A welcome email to the user email and an admin notification to ``ADMINS``
|
|
730 |
- A welcome email to the user email and an admin notification to ``ADMINS`` |
|
720 | 731 |
right after each account activation. |
721 |
- Feedback messages submited from astakos contact view and astakos feedback
|
|
732 |
- Feedback messages submited from astakos contact view and astakos feedback |
|
722 | 733 |
API endpoint are sent to contacts listed in ``HELPDESK`` setting. |
723 |
- Project application request notifications to people included in ``HELPDESK``
|
|
734 |
- Project application request notifications to people included in ``HELPDESK`` |
|
724 | 735 |
and ``MANAGERS`` settings. |
725 |
- Notifications after each project members action (join request, membership
|
|
736 |
- Notifications after each project members action (join request, membership |
|
726 | 737 |
accepted/declinde etc.) to project members or project owners. |
727 | 738 |
|
728 |
Astakos uses the Django internal email delivering mechanism to send email
|
|
729 |
notifications. A simple configuration, using an external smtp server to
|
|
730 |
deliver messages, is shown below. Alter the following example to meet your
|
|
739 |
Astakos uses the Django internal email delivering mechanism to send email |
|
740 |
notifications. A simple configuration, using an external smtp server to |
|
741 |
deliver messages, is shown below. Alter the following example to meet your |
|
731 | 742 |
smtp server characteristics. Notice that the smtp server is needed for a proper |
732 | 743 |
installation |
733 | 744 |
|
734 | 745 |
.. code-block:: python |
735 |
|
|
746 |
|
|
736 | 747 |
# /etc/synnefo/00-snf-common-admins.conf |
737 | 748 |
EMAIL_HOST = "mysmtp.server.synnefo.org" |
738 | 749 |
EMAIL_HOST_USER = "<smtpuser>" |
... | ... | |
740 | 751 |
|
741 | 752 |
# this gets appended in all email subjects |
742 | 753 |
EMAIL_SUBJECT_PREFIX = "[example.synnefo.org] " |
743 |
|
|
754 |
|
|
744 | 755 |
# Address to use for outgoing emails |
745 | 756 |
DEFAULT_FROM_EMAIL = "server@example.synnefo.org" |
746 | 757 |
|
747 |
# Email where users can contact for support. This is used in html/email
|
|
758 |
# Email where users can contact for support. This is used in html/email |
|
748 | 759 |
# templates. |
749 | 760 |
CONTACT_EMAIL = "server@example.synnefo.org" |
750 | 761 |
|
... | ... | |
753 | 764 |
|
754 | 765 |
Notice that since email settings might be required by applications other than |
755 | 766 |
astakos they are defined in a different configuration file than the one |
756 |
previously used to set astakos specific settings.
|
|
767 |
previously used to set astakos specific settings. |
|
757 | 768 |
|
758 |
Refer to
|
|
769 |
Refer to |
|
759 | 770 |
`Django documentation <https://docs.djangoproject.com/en/1.2/topics/email/>`_ |
760 | 771 |
for additional information on available email settings. |
761 | 772 |
|
762 |
As refered in the previous section, based on the operation that triggers
|
|
763 |
an email notification, the recipients list differs. Specifically for
|
|
764 |
emails whose recipients include contacts from your service team
|
|
765 |
(administrators, managers, helpdesk etc) synnefo provides the following
|
|
773 |
As refered in the previous section, based on the operation that triggers |
|
774 |
an email notification, the recipients list differs. Specifically for |
|
775 |
emails whose recipients include contacts from your service team |
|
776 |
(administrators, managers, helpdesk etc) synnefo provides the following |
|
766 | 777 |
settings located in ``10-snf-common-admins.conf``: |
767 | 778 |
|
768 | 779 |
.. code-block:: python |
769 | 780 |
|
770 |
ADMINS = (('Admin name', 'admin@example.synnefo.org'),
|
|
781 |
ADMINS = (('Admin name', 'admin@example.synnefo.org'), |
|
771 | 782 |
('Admin2 name', 'admin2@example.synnefo.org)) |
772 | 783 |
MANAGERS = (('Manager name', 'manager@example.synnefo.org'),) |
773 | 784 |
HELPDESK = (('Helpdesk user name', 'helpdesk@example.synnefo.org'),) |
... | ... | |
1219 | 1230 |
:ref:`GANETI-NODE <GANETI_NODES>` and is Master-capable and VM-capable too. |
1220 | 1231 |
|
1221 | 1232 |
We highly recommend that you read the official Ganeti documentation, if you are |
1222 |
not familiar with Ganeti.
|
|
1233 |
not familiar with Ganeti. |
|
1223 | 1234 |
|
1224 | 1235 |
Unfortunately, the current stable version of the stock Ganeti (v2.6.2) doesn't |
1225 | 1236 |
support IP pool management. This feature will be available in Ganeti >= 2.7. |
... | ... | |
1231 | 1242 |
|
1232 | 1243 |
# apt-get install snf-ganeti ganeti-htools |
1233 | 1244 |
|
1234 |
Ganeti will make use of drbd. To enable this and make the configuration pemanent
|
|
1245 |
Ganeti will make use of drbd. To enable this and make the configuration pemanent |
|
1235 | 1246 |
you have to do the following : |
1236 | 1247 |
|
1237 | 1248 |
.. code-block:: console |
1238 | 1249 |
|
1239 |
# rmmod -f drbd && modprobe drbd minor_count=255 usermode_helper=/bin/true
|
|
1250 |
# rmmod -f drbd && modprobe drbd minor_count=255 usermode_helper=/bin/true |
|
1240 | 1251 |
# echo 'drbd minor_count=255 usermode_helper=/bin/true' >> /etc/modules |
1241 | 1252 |
|
1242 | 1253 |
|
1243 | 1254 |
We assume that Ganeti will use the KVM hypervisor. After installing Ganeti on |
1244 | 1255 |
both nodes, choose a domain name that resolves to a valid floating IP (let's |
1245 |
say it's ``ganeti.node1.example.com``). This IP is needed to communicate with
|
|
1246 |
the Ganeti cluster. Make sure node1 and node2 have same dsa,rsa keys and authorised_keys
|
|
1247 |
for password-less root ssh between each other. If not then skip passing --no-ssh-init but be
|
|
1248 |
aware that it will replace /root/.ssh/* related files and you might lose access to master node.
|
|
1249 |
Also, Ganeti will need a volume to host your VMs' disks. So, make sure there is an lvm volume
|
|
1250 |
group named ``ganeti``. Finally, setup a bridge interface on the host machines (e.g: br0). This
|
|
1256 |
say it's ``ganeti.node1.example.com``). This IP is needed to communicate with |
|
1257 |
the Ganeti cluster. Make sure node1 and node2 have same dsa,rsa keys and authorised_keys |
|
1258 |
for password-less root ssh between each other. If not then skip passing --no-ssh-init but be |
|
1259 |
aware that it will replace /root/.ssh/* related files and you might lose access to master node. |
|
1260 |
Also, Ganeti will need a volume to host your VMs' disks. So, make sure there is an lvm volume |
|
1261 |
group named ``ganeti``. Finally, setup a bridge interface on the host machines (e.g: br0). This |
|
1251 | 1262 |
will be needed for the network configuration afterwards. |
1252 | 1263 |
|
1253 | 1264 |
Then run on node1: |
... | ... | |
1291 | 1302 |
able to access the Pithos database. This is why, we also install them on *all* |
1292 | 1303 |
VM-capable Ganeti nodes. |
1293 | 1304 |
|
1294 |
.. warning::
|
|
1305 |
.. warning:: |
|
1295 | 1306 |
snf-image uses ``curl`` for handling URLs. This means that it will |
1296 | 1307 |
not work out of the box if you try to use URLs served by servers which do |
1297 | 1308 |
not have a valid certificate. In case you haven't followed the guide's |
Also available in: Unified diff