root / README.deploy @ f4fe8796
History | View | Annotate | Download (16.4 kB)
1 |
README.deploy -- Instructions for a basic deployment of Synnefo v0.5.1 |
---|---|
2 |
|
3 |
This document describes the basic steps to obtain a basic, working Synnefo |
4 |
deployment. It begins by examining the different node roles, then moves to the |
5 |
installation and setup of distinct software components. |
6 |
|
7 |
It is current as of Synnefo v0.5.1. |
8 |
|
9 |
|
10 |
Node types |
11 |
=========== |
12 |
|
13 |
Nodes in a Synnefo deployment belong in one of the following types: |
14 |
|
15 |
* DB: |
16 |
A node [or more than one nodes, if using an HA configuration], running a DB |
17 |
engine supported by the Django ORM layer. The DB is the single source of |
18 |
truth for the servicing of API requests by Synnefo. |
19 |
Services: PostgreSQL / MySQL |
20 |
|
21 |
* APISERVER: |
22 |
A node running the implementation of the OpenStack API, in Django. Any number |
23 |
of APISERVERs can be used, in a load-balancing configuration, without any |
24 |
special consideration. Access to a common DB ensures consistency. |
25 |
Services: Web server, vncauthproxy |
26 |
|
27 |
* QUEUE: |
28 |
A node running the RabbitMQ software, which provides AMQP functionality. More |
29 |
than one QUEUE nodes may be deployed, in an HA configuration. Such |
30 |
deployments require shared storage, provided e.g., by DRBD. |
31 |
Services: RabbitMQ [rabbitmq-server] |
32 |
|
33 |
* LOGIC: |
34 |
A node running the business logic of Synnefo, in Django. It dequeues |
35 |
messages from QUEUE nodes, and provides the context in which business logic |
36 |
functions run. It uses Django ORM to connect to the common DB and update the |
37 |
state of the system, based on notifications received from the rest of the |
38 |
infrastructure, over AMQP. |
39 |
Services: the Synnefo logic dispatcher [/logic/dispatcher.py] |
40 |
|
41 |
* GANETI-MASTER and GANETI-NODE: |
42 |
A single GANETI-MASTER and a large number of GANETI-NODEs constitute the |
43 |
Ganeti backend for Synnefo, which undertakes all VM management functions. |
44 |
Any APISERVER can issue commands to the GANETI-MASTER, over RAPI, to effect |
45 |
changes in the state of the VMs. The GANETI-MASTER runs the Ganeti request |
46 |
queue. |
47 |
Services: |
48 |
only on GANETI-MASTER: |
49 |
the Synnefo Ganeti monitoring daemon [/ganeti/snf-ganeti-eventd] |
50 |
the Synnefo Ganeti hook [/ganeti/snf-ganeti-hook.py]. |
51 |
on each GANETI_NODE: |
52 |
a deployment-specific KVM ifup script |
53 |
properly configured NFDHCPD |
54 |
|
55 |
|
56 |
Installation Process |
57 |
===================== |
58 |
|
59 |
This section describes the installation process of the various node roles in a |
60 |
Synnefo deployment. |
61 |
|
62 |
|
63 |
0. Allocation of physical nodes: |
64 |
Determine the role of every physical node in your deployment. |
65 |
|
66 |
|
67 |
1. Ganeti installation: |
68 |
Synnefo requires a working Ganeti installation at the backend. Installation |
69 |
of Ganeti is not covered by this document, please refer to |
70 |
http://docs.ganeti.org/ganeti/current/html for all the gory details. A |
71 |
successful Ganeti installation concludes with a working GANETI-MASTER and a |
72 |
number of GANETI-NODEs. |
73 |
|
74 |
|
75 |
2. RabbitMQ installation: |
76 |
RabbitMQ is used as a generic message broker for the system. It should be |
77 |
installed on two seperate QUEUE nodes (VMs should be enough for the moment) |
78 |
in a high availability configuration as described here: |
79 |
|
80 |
http://www.rabbitmq.com/pacemaker.html |
81 |
|
82 |
After installation, create a user and set its permissions |
83 |
rabbitmqctl add_user okeanos 0k3@n0s |
84 |
rabbitmqctl set_permissions -p / okeanos "^.*" ".*" ".*" |
85 |
|
86 |
The values set for the user and password must be mirrored in the |
87 |
RABBIT_* variables in settings.py (see step 6) |
88 |
|
89 |
|
90 |
3. Web server installation: |
91 |
A Web Server (e.g., Apache) needs to be installed on the APISERVERs, |
92 |
and be configured to run the Synnefo Django project appropriately. Selection |
93 |
and configuration of a Web server is outside the scope of this document. |
94 |
|
95 |
For testing or development purposes, Django's own development server, |
96 |
`./manage.py runserver' can be used. |
97 |
|
98 |
|
99 |
4. Installation of the Synnefo Django project: |
100 |
As of v0.5 the Synnefo Django project needs to be installed on nodes |
101 |
of type APISERVER, LOGIC and on the GANETI-MASTER, with a properly |
102 |
configured settings.py. In later revisions, the specific parts of the Django |
103 |
project which need to run on each node type will be identified. |
104 |
|
105 |
Synnefo is written in Python 2.6 and depends on the following Python modules: |
106 |
[package versions confirmed to be compatible are in braces] |
107 |
|
108 |
* django 1.2 [Django==1.2.4] |
109 |
* simplejson [simplejson==2.1.3] |
110 |
* pycurl [pycurl==7.19.0] |
111 |
* python-dateutil [python-dateutil==1.4.1] |
112 |
WARNING: version python-dateutil==2.0 downloaded by pip known *not* to |
113 |
work with Python 2.6 |
114 |
* python-ipy [IPy==0.72] |
115 |
* south [south==0.7.1] |
116 |
WARNING: might not work with Debian squeeze's default south-0.7-1 package. |
117 |
* amqplib [amqplib==0.6.1] |
118 |
* lockfile [lockfile==0.8] |
119 |
* python-daemon [python-daemon==1.5.5] |
120 |
|
121 |
also, depending on the database engine of choice, on one of the following: |
122 |
* MySQL-python [MySQL-python==1.2.3] |
123 |
* psycopg2 [psycopg2==2.4] |
124 |
|
125 |
if the invitations application is deployed, the following dependencies should |
126 |
be installed: |
127 |
* pycrypto==2.1.0 |
128 |
|
129 |
To run the user interface tests, selenium must be installed |
130 |
* selenium [?] |
131 |
|
132 |
The easiest method for installation of the Django project is to setup a |
133 |
working environment through virtualenv. Alternatively, you can use your |
134 |
system's package manager to install the dependencies (e.g. Macports has them |
135 |
all). |
136 |
|
137 |
* On Snow Leopard and linux (64-bit), you have to set the following |
138 |
environment variable for pip to compile the dependencies correctly. |
139 |
|
140 |
$ export ARCHFLAGS="-arch x86_64" |
141 |
|
142 |
* On Ubuntu, a few more packages must be installed before installing the |
143 |
prerequisite Python libraries |
144 |
|
145 |
$ sudo aptitude install libcurl3-gnutls libcurl3-gnutls-dev uuid-dev |
146 |
|
147 |
Checkout the code and install the Python prerequisites. This assumes that |
148 |
python is already installed on the host. |
149 |
|
150 |
$ sudo easy_install virtualenv |
151 |
$ git clone https://user@code.grnet.gr/git/synnefo synnefo |
152 |
$ virtualenv --python=python2.6 synnefo --no-site-packages |
153 |
... |
154 |
$ cd synnefo |
155 |
$ ./bin/pip install <list_of_dependencies> |
156 |
|
157 |
[WARNING]: The software must be checked out in a directory named synnefo, |
158 |
otherwise python imports will not work. Therefore, do not change the |
159 |
or rename the checkout path. |
160 |
|
161 |
5. Database installation: |
162 |
A database supported by the Django ORM layer must be installed on nodes |
163 |
of type DB. The choices are: SQLIte, MySQL, PostgreSQL. |
164 |
|
165 |
* SQLite: |
166 |
The python sqlite driver is available by default with Python so no |
167 |
additional configuration is required. Also, most self-respecting systems |
168 |
have the sqlite library installed by default. |
169 |
|
170 |
* MySQL: |
171 |
MySQL must be installed first: |
172 |
|
173 |
* Ubuntu - Debian |
174 |
$ sudo apt-get install libmysqlclient-dev |
175 |
|
176 |
* MacPorts |
177 |
$ sudo port install mysql5 |
178 |
|
179 |
Install the MySQL python library on servers running the Django project: |
180 |
|
181 |
$ bin/pip install MySQL-python |
182 |
|
183 |
Note: On MacOSX with Mysql install from MacPorts the above command will |
184 |
fail complaining that it cannot find the mysql_config command. Do |
185 |
the following and restart the installation |
186 |
$ echo "mysql_config = /opt/local/bin/mysql_config5" >> \ |
187 |
./build/MySQL-python/site.cfg |
188 |
|
189 |
Configure a MySQL db/account for synnefo |
190 |
$ mysql -u root -p |
191 |
|
192 |
mysql> create database synnefo; |
193 |
mysql> show databases; |
194 |
mysql> GRANT ALL on synnefo.* TO username IDENTIFIED BY 'password'; |
195 |
|
196 |
IMPORTANT: |
197 |
MySQL *must* be set in READ-COMMITED mode, e.g. by setting |
198 |
|
199 |
transaction-isolation = READ-COMMITTED |
200 |
|
201 |
in the [mysql] section of /etc/mysql/my.cnf. |
202 |
|
203 |
* PostgreSQL |
204 |
You need to install the PostgreSQL binaries: |
205 |
* Ubuntu - Debian |
206 |
$ sudo apt-get install postgresql-8.4 libpq-dev |
207 |
|
208 |
* MacPorts |
209 |
$ sudo port install postgresql84 |
210 |
|
211 |
Install the postgres Python library |
212 |
$ bin/pip install psycopg2 |
213 |
|
214 |
Configure a postgres db/account for synnefo: |
215 |
|
216 |
Become the postgres user, connect to PostgreSQL: |
217 |
$ sudo su - postgres |
218 |
$ psql |
219 |
|
220 |
Run the following commands: |
221 |
DROP DATABASE synnefo; |
222 |
DROP USER username; |
223 |
CREATE USER username WITH PASSWORD 'password'; |
224 |
CREATE DATABASE synnefo; |
225 |
GRANT ALL PRIVILEGES ON DATABASE synnefo TO username; |
226 |
ALTER DATABASE synnefo OWNER TO username; |
227 |
ALTER USER username CREATEDB; |
228 |
|
229 |
The last line enables the newly created user to create own databases. This |
230 |
is needed for Django to create and drop the test_synnefo database for unit |
231 |
testing. |
232 |
|
233 |
|
234 |
6. Setting up the Django project: |
235 |
The settings.py file for Django may be derived by concatenating the |
236 |
settings.py.dist file contained in the Synnefo distribution with a file |
237 |
containing custom modifications, which shall override all settings deviating |
238 |
from the supplied settings.py.dist. This is recommended to minimize the load |
239 |
of reconstructing settings.py from scratch, since each release currently |
240 |
brings heavy changes to settings.py.dist. |
241 |
|
242 |
Add the following to your custom settings.py, depending on your choice |
243 |
of DB: |
244 |
* SQLite |
245 |
|
246 |
PROJECT_PATH = os.path.dirname(os.path.abspath(__file__)) + '/' |
247 |
|
248 |
DATABASES = { |
249 |
'default': { |
250 |
'ENGINE': 'django.db.backends.sqlite3', |
251 |
'NAME': PROJECT_PATH + 'synnefo.db' # WARN: This must be an absolute path |
252 |
} |
253 |
} |
254 |
|
255 |
* MySQL |
256 |
|
257 |
DATABASES = { |
258 |
'default': { |
259 |
'ENGINE': 'django.db.backends.mysql', |
260 |
'NAME': 'synnefo', |
261 |
'USER': 'USERNAME', |
262 |
'PASSWORD': 'PASSWORD', |
263 |
'HOST': 'HOST', |
264 |
'PORT': 'PORT', |
265 |
'OPTIONS': { |
266 |
'init_command': 'SET storage_engine=INNODB', |
267 |
} |
268 |
} |
269 |
} |
270 |
|
271 |
* PostgreSQL |
272 |
|
273 |
DATABASES = { |
274 |
'default': { |
275 |
'ENGINE': 'django.db.backends.postgresql_psycopg2', |
276 |
'NAME': 'DATABASE', |
277 |
'USER': 'USERNAME', |
278 |
'PASSWORD': 'PASSWORD', |
279 |
'HOST': 'HOST', |
280 |
'PORT': 'PORT', |
281 |
} |
282 |
} |
283 |
|
284 |
Try it out. The following command will attempt to connect to the DB and |
285 |
print out DDL statements. It should not fail. |
286 |
|
287 |
$ ./bin/python manage.py sql db |
288 |
|
289 |
|
290 |
7. Initialization of Synnefo DB: |
291 |
You need to initialize the Synnefo DB and load fixtures |
292 |
db/fixtures/{flavors,images}.json, which make the API usable by end users by |
293 |
defining a sample set of hardware configurations (flavors) and OS images. |
294 |
|
295 |
$ ./bin/python manage.py syncdb |
296 |
$ ./bin/python manage.py migrate db |
297 |
$ ./bin/python manage.py loaddata db/fixtures/flavors.json |
298 |
$ ./bin/python manage.py loaddata db/fixtures/images.json |
299 |
|
300 |
|
301 |
8. Finalization of settings.py: |
302 |
Set the BACKEND_PREFIX_ID variable to some unique prefix, e.g. your commit |
303 |
username in settings.py. Several functional conventions within the system |
304 |
require this variable to include a dash at its end (e.g. snf-) |
305 |
|
306 |
Fix the AMQP-specific settings based on the selected BACKEND_PREFIX_ID. |
307 |
The fix_amqp_settings() function is called once at the end of |
308 |
settings.py.dist, you must call it again if you change BACKEND_PREFIX_ID at |
309 |
some later point. |
310 |
|
311 |
|
312 |
9. Installation of the Ganeti monitoring daemon, /ganeti/snf-ganeti-eventd: |
313 |
The Ganeti monitoring daemon must run on GANETI-MASTER. |
314 |
The Ganeti monitoring daemon has no dependency on Django. |
315 |
|
316 |
Override all relevant settings in settings.d/99-snf-ganeti-eventd.conf, |
317 |
GANETI_* variables. |
318 |
Then, make sure PYTHONPATH contains the parent of the Django project, |
319 |
and start the server on the Ganeti master as root. |
320 |
|
321 |
root:~# export PYTHONPATH=$PYTHONPATH:/opt |
322 |
root:~# /opt/synnefo/ganeti/snf-ganeti-eventd.py |
323 |
|
324 |
TBD: how to handle master migration. |
325 |
|
326 |
|
327 |
10. Installation of the Synnefo dispatcher, /logic/dispatcher.py: |
328 |
The logic dispatcher is part of the Synnefo Django project and must run |
329 |
on LOGIC nodes. |
330 |
|
331 |
The dispatcher retrieves messages from the queue and calls the appropriate |
332 |
handler function as defined in the queue configuration in `setttings.py'. |
333 |
The default configuration should work directly without any modifications. |
334 |
|
335 |
For the time being The dispatcher must be run by hand: |
336 |
$ ./bin/python ./logic/dispatcher.py |
337 |
|
338 |
The dispatcher should run in at least 2 instances to ensure high |
339 |
(actually, increased) availability. |
340 |
|
341 |
|
342 |
11. Installation of the Synnefo Ganeti hook: |
343 |
The bash wrapper ganeti/snf-ganeti-hook is the generic launcher for |
344 |
Synnefo hooks in Ganeti. It resides in the ganeti/ directory under the |
345 |
root of the Synnefo Django project. |
346 |
|
347 |
The hook needs to be enabled for phases post-{add,modify,reboot,start,stop} |
348 |
by *symlinking* in |
349 |
/etc/ganeti/hooks/instance-{add,modify,reboot,start,stop}-post.d on |
350 |
GANETI-MASTER, e.g.: |
351 |
|
352 |
root@ganeti-master:/etc/ganeti/hooks/instance-start-post.d# ls -l |
353 |
lrwxrwxrwx 1 root root 45 May 3 13:45 00-snf-ganeti-hook -> /home/devel/synnefo/ganeti/snf-ganeti-hook |
354 |
|
355 |
IMPORTANT: The link name may only contain "upper and lower case, digits, |
356 |
underscores and hyphens. In other words, the regexp ^[a-zA-Z0-9_-]+$." |
357 |
See: |
358 |
http://docs.ganeti.org/ganeti/master/html/hooks.html?highlight=hooks#naming |
359 |
|
360 |
You need to set SYNNEFO_PROJECT_DIR in ganeti/snf-ganeti-hook. The bash |
361 |
script modifies PYTHONPATH accordingly, before passing control to the |
362 |
relevant Python code. |
363 |
|
364 |
|
365 |
12. Installation of the VNC authentication proxy, vncauthproxy: |
366 |
To support OOB console access to the VMs over VNC, the vncauthproxy |
367 |
daemon must be running on every node of type APISERVER. |
368 |
|
369 |
Download and install vncauthproxy from its own repository, |
370 |
at https://code.grnet.gr/git/vncauthproxy (known good commit: 8799ab6d6e). |
371 |
|
372 |
Edit default settings on top of vncauthproxy.py. |
373 |
Set CTRL_SOCKET in util/vapclient.py to point to its control socket. |
374 |
|
375 |
FIXME: The CTRL_SOCKET setting will be moved to settings.py as |
376 |
VNCAUTHPROXY_CTRL_SOCKET. |
377 |
|
378 |
Create /var/log/vncauthproxy and set its permissions appropriately. |
379 |
|
380 |
|
381 |
13. Installation of the customized Ganeti Instance Image for image deployment: |
382 |
For Synnefo to be able to launch VMs from specified Images, you need |
383 |
the gnt-instance-image OS Provider installed on the Ganeti backend. |
384 |
|
385 |
Download and install gnt-instance-image in all Ganeti nodes from its own |
386 |
repository, at https://code.grnet.gr/git/gnt-instance-image. It's |
387 |
recommended to use the win-support branch (last tested commit for Synnefo |
388 |
v0.5 is cb9587b68bb1e2d8ce14c351244a279b0e3eb963). |
389 |
|
390 |
After installing gnt-instance-image do the following: |
391 |
1. root@ganeti-master$ cd /path-to-repo |
392 |
root@ganeti-master$ cp ./defaults /etc/default/ganeti-instance-image |
393 |
2. Uncomment the following in /etc/default/ganeti-instance-image: |
394 |
SWAP=no |
395 |
ARCH="x86_64" |
396 |
3. In /etc/ganeti/instance-image/hooks, make sure the hooks you want to |
397 |
run during instance creation process have execute permission. |
398 |
For linux you will need at lease `grub' and `root_passwd' to make the |
399 |
instance usable: |
400 |
chmod +x /etc/ganeti/instance-image/hooks/linux/{grub,root_passwd} |
401 |
For security reasons make sure `ssh' hook is also enabled. |
402 |
For windows you will need `mbr' and `admin_passwd': |
403 |
chmod +x /etc/ganeti/instance-image/hooks/windows/{mbr,admin_passwd} |
404 |
For both architectures it is also highly recommended to enable |
405 |
`hostname' hook too: |
406 |
chmod +x /et/ganeti/instance-image/hooks/{linux,windows}/hostname |
407 |
|
408 |
Your Custom Images should be stored in a dump format under |
409 |
/var/cache/ganeti-instance-image and their filenames should have the |
410 |
following format: |
411 |
{backend_id}-x86_64-root.dump |
412 |
e.g., debian-6.0.1a-x86_64-root.dump (backend_id = "debian-6.0.1a") |
413 |
|
414 |
14. Setup Synnefo-specific networking on the Ganeti backend: |
415 |
This part is deployment-specific and must be customized based on the |
416 |
specific needs of the system administrators. |
417 |
|
418 |
A reference installation will use a Synnefo-specific KVM ifup script, |
419 |
NFDHCPD and pre-provisioned Linux bridges to support public and private |
420 |
network functionality. For this: |
421 |
|
422 |
Grab NFDHCPD from its own repository (https://code.grnet.gr/git/nfdhcpd), |
423 |
install it, modify /etc/nfdhcpd/nfdhcpd.conf to reflect your network |
424 |
configuration. |
425 |
|
426 |
Install a custom KVM ifup script for use by Ganeti, as |
427 |
/etc/ganeti/kvm-vif-bridge, on GANETI-NODEs. A sample implementation is |
428 |
provided under /contrib/ganeti-hooks. Set NFDHCPD_STATE_DIR to point |
429 |
to NFDHCPD's state directory, usually /var/lib/nfdhcpd. |
430 |
|
431 |
|
432 |
15. Create log file directories for Synnefo components, set appropriate |
433 |
permissions. By default logic/dispatcher.py and ganeti/snf-ganeti-eventd.py |
434 |
use /var/log/synnefo. |
435 |
|
436 |
|
437 |
16. (Hopefully) Done |
438 |
|