A. Setup ClusterControl repository
1. Manually import the Severalnines repository public key into your RPM keyring:
[root@teguhth data]# wget http://repo.severalnines.com/severalnines-repos.asc
[root@teguhth data]# rpm --import severalnines-repos.asc
[root@teguhth data]#
1. Manually import the Severalnines repository public key into your RPM keyring:
[root@teguhth data]# wget http://repo.severalnines.com/severalnines-repos.asc
[root@teguhth data]# rpm --import severalnines-repos.asc
[root@teguhth data]#
2 create repository s9s
[root@teguhth data]# cat /etc/yum.repos.d/s9s-repo.repo
[s9s-repo]
name = Severalnines Release Repository
baseurl = http://repo.severalnines.com/rpm/os/x86_64
enabled = 1
gpgkey = http://repo.severalnines.com/severalnines-repos.asc
gpgcheck = 1
[root@teguhth data]#
3. Look for ClusterControl packages:
[root@teguhth data]# yum search clustercontrol
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.idroot.cloud
* extras: mirror.dewabiz.com
* updates: kartolo.sby.datautama.net.id
s9s-repo | 2.9 kB 00:00:00
s9s-repo/primary_db | 67 kB 00:00:03
================================================================================= N/S matched: clustercontrol =================================================================================
clustercontrol.x86_64 : Severalnines ClusterControl Web Application. Frontend for clustercontrol-controller.
clustercontrol-cloud.x86_64 : Severalnines ClusterControl Cloud Module
clustercontrol-controller.x86_64 : ClusterControl Controller. Manage and monitor MySQL, MySQL Cluster, Galera, PostgreSQL and MongoDB.
clustercontrol-controller-debuginfo.x86_64 : Debuginfo for clustercontrol-controller
clustercontrol-nodejs.x86_64 : Severalnines ClusterControl NodeJS backend service.
clustercontrol-notifications.x86_64 : Severalnines ClusterControl Notifications Manager
clustercontrol-ssh.x86_64 : Severalnines ClusterControl SSH Module
clustercontrol-clud.x86_64 : Severalnines CloudLink upload/download
Name and summary matches only, use "search all" for everything.
[root@teguhth data]#
B. Setup Repository Centos/Redhat
The repository definition file for each distribution can be downloaded directly from:
CentOS 6: http://repo.severalnines.com/s9s-tools/CentOS_6/s9s-tools.repo
CentOS 7: http://repo.severalnines.com/s9s-tools/CentOS_7/s9s-tools.repo
CentOS 8: http://repo.severalnines.com/s9s-tools/CentOS_8/s9s-tools.repo
RHEL 6: http://repo.severalnines.com/s9s-tools/RHEL_6/s9s-tools.repo
RHEL 7: http://repo.severalnines.com/s9s-tools/RHEL_7/s9s-tools.repo
RHEL 8: http://repo.severalnines.com/s9s-tools/RHEL_8/s9s-tools.repo
[root@teguhth data]# wget http://repo.severalnines.com/s9s-tools/CentOS_7/s9s-tools.repo -P /etc/yum.repos.d
[root@teguhth ~]# cat /etc/yum.repos.d/s9s-tools.repo
[s9s-tools]
name=s9s-tools (CentOS_7)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/home:/kedazo/CentOS_7/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/home:/kedazo/CentOS_7/repodata/repomd.xml.key
enabled=1
[root@teguhth ~]#
[root@teguhth data]# yum install s9s-tools -y
[root@teguhth ~]# s9s --help
C. Installation Cluster Control Severalnines
1. Disable SELINUX
[root@teguhth ~]# sestatus
SELinux status: disabled
[root@teguhth ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@teguhth ~]#
2. Install required packages via package manager
[root@teguhth data]# yum -y install curl mailx cronie nc bind-utils mariadb mariadb-server httpd mod_ssl php php-pdo php-json php-mysql
3. Install ClusterControl packages:
[root@teguhth data]# yum -y install clustercontrol clustercontrol-controller clustercontrol-ssh clustercontrol-notifications clustercontrol-cloud clustercontrol-clud s9s-tools
4. Start MySQL server / MariaDB & set mysql secure
[root@teguhth ~]# systemctl start mariadb
[root@teguhth ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@teguhth ~]# systemctl status mariadb
[root@teguhth ~]# mysql_secure_installation
5. Create two databases called cmon and dcps and grant the cmon user:
example user: cmon , user: dcps, password: admin
mysql -u root -p -e 'DROP SCHEMA IF EXISTS cmon; CREATE SCHEMA cmon';
mysql -u root -p -e 'DROP SCHEMA IF EXISTS dcps; CREATE SCHEMA dcps';
mysql -u root -p -e 'GRANT ALL PRIVILEGES ON *.* TO "cmon"@"localhost" IDENTIFIED BY "admin" WITH GRANT OPTION';
mysql -u root -p -e 'GRANT ALL PRIVILEGES ON *.* TO "cmon"@"127.0.0.1" IDENTIFIED BY "admin" WITH GRANT OPTION';
mysql -u root -p -e 'FLUSH PRIVILEGES';
mysql -u root -p -e 'DROP SCHEMA IF EXISTS dcps; CREATE SCHEMA dcps';
mysql -u root -p -e 'GRANT ALL PRIVILEGES ON *.* TO "cmon"@"localhost" IDENTIFIED BY "admin" WITH GRANT OPTION';
mysql -u root -p -e 'GRANT ALL PRIVILEGES ON *.* TO "cmon"@"127.0.0.1" IDENTIFIED BY "admin" WITH GRANT OPTION';
mysql -u root -p -e 'FLUSH PRIVILEGES';
[root@teguhth ~]# mysql -u root -p -e 'DROP SCHEMA IF EXISTS cmon; CREATE SCHEMA cmon';
Enter password:
[root@teguhth ~]# mysql -u root -p -e 'DROP SCHEMA IF EXISTS dcps; CREATE SCHEMA dcps';
Enter password:
[root@teguhth ~]# mysql -u root -p -e 'GRANT ALL PRIVILEGES ON *.* TO "cmon"@"localhost" IDENTIFIED BY "admin" WITH GRANT OPTION';
Enter password:
[root@teguhth ~]# mysql -u root -p -e 'GRANT ALL PRIVILEGES ON *.* TO "cmon"@"127.0.0.1" IDENTIFIED BY "admin" WITH GRANT OPTION';
Enter password:
[root@teguhth ~]# mysql -u root -p -e 'FLUSH PRIVILEGES';
Enter password:
[root@teguhth ~]#
6. Import cmon and dcps schema structure and data:
[root@teguhth ~]# mysql -u root -p cmon < /usr/share/cmon/cmon_db.sql
Enter password:
[root@teguhth ~]# mysql -u root -p cmon < /usr/share/cmon/cmon_data.sql
Enter password:
[root@teguhth ~]# mysql -u root -p dcps < /var/www/html/clustercontrol/sql/dc-schema.sqlEnter password:
[root@teguhth ~]#
mysql -u root -p cmon < /usr/share/cmon/cmon_db.sql ;
mysql -u root -p cmon < /usr/share/cmon/cmon_data.sql;
mysql -u root -p dcps < /var/www/html/clustercontrol/sql/dc-schema.sql;
mysql -u root -p cmon < /usr/share/cmon/cmon_data.sql;
mysql -u root -p dcps < /var/www/html/clustercontrol/sql/dc-schema.sql;
7. Generate a ClusterControl key to be used by RPC_TOKEN and rpc_key:
[root@teguhth ~]# uuidgen | tr -d '-'
120f537ab4ad4a64b819ac49a324b85d
[root@teguhth ~]#
8. configure ClusterControl Controller (cmon) /etc/cmon.cnf
mysql_port=3306
mysql_hostname=127.0.0.1
mysql_password=admin
hostname=10.10.10.10
logfile=/var/log/cmon.log
rpc_key=120f537ab4ad4a64b819ac49a324b85d
example
[root@teguhth ~]# cat /etc/cmon.cnf
#
# clustercontrol-controller configuration file
# Copyright 2016 severalnines.com
#
## CMON database config - mysql_password is for the 'cmon' user
mysql_port=3306
mysql_hostname=127.0.0.1
mysql_password=admin
## hostname is the hostname of the current host
hostname=10.10.10.100
## The default logfile
logfile=/var/log/cmon.log
## For possible access restriction
# rpc_key = DEADBEEF01234567ABCDEF
rpc_key=120f537ab4ad4a64b819ac49a324b85d
controller_id=2192f7da-7a37-4ff1-8dee-d5355f37c44d
[root@teguhth ~]#
9. ClusterControl event and cloud modules require their service definition inside /etc/default/cmon
[root@teguhth ~]# cat /etc/default/cmon
EVENTS_CLIENT="http://127.0.0.1:9510"
CLOUD_SERVICE="http://127.0.0.1:9518"
[root@teguhth ~]#
10. Copy the provided Apache configuration files to their locations and prepare SSL key and certificate:
[root@teguhth ~]# cp /var/www/html/clustercontrol/app/tools/apache2/s9s.conf /etc/httpd/conf.d/s9s.conf
[root@teguhth ~]# cp /var/www/html/clustercontrol/app/tools/apache2/s9s-ssl.conf /etc/httpd/conf.d/s9s-ssl.conf
[root@teguhth ~]# cp -f /var/www/html/clustercontrol/ssl/server.crt /etc/pki/tls/certs/s9server.crt
[root@teguhth ~]# cp -f /var/www/html/clustercontrol/ssl/server.key /etc/pki/tls/private/s9server.key
[root@teguhth ~]# rm -rf /var/www/html/clustercontrol/ssl
[root@teguhth ~]# sed -i 's|AllowOverride None|AllowOverride All|g' /etc/httpd/conf/httpd.conf
cp /var/www/html/clustercontrol/app/tools/apache2/s9s.conf /etc/httpd/conf.d/s9s.conf
cp /var/www/html/clustercontrol/app/tools/apache2/s9s-ssl.conf /etc/httpd/conf.d/s9s-ssl.conf
cp -f /var/www/html/clustercontrol/ssl/server.crt /etc/pki/tls/certs/s9server.crt
cp -f /var/www/html/clustercontrol/ssl/server.key /etc/pki/tls/private/s9server.key
rm -rf /var/www/html/clustercontrol/ssl
sed -i 's|AllowOverride None|AllowOverride All|g' /etc/httpd/conf/httpd.conf
cp /var/www/html/clustercontrol/app/tools/apache2/s9s-ssl.conf /etc/httpd/conf.d/s9s-ssl.conf
cp -f /var/www/html/clustercontrol/ssl/server.crt /etc/pki/tls/certs/s9server.crt
cp -f /var/www/html/clustercontrol/ssl/server.key /etc/pki/tls/private/s9server.key
rm -rf /var/www/html/clustercontrol/ssl
sed -i 's|AllowOverride None|AllowOverride All|g' /etc/httpd/conf/httpd.conf
11. Replace the directives for SSLCertificateFile and SSLCertificateKeyFile in file /etc/conf.d/s9s-ssl.conf.
[root@teguhth ~]# sed -i 's|SSLCertificateFile.*|SSLCertificateFile /etc/pki/tls/certs/s9server.crt|g' /etc/httpd/conf.d/s9s-ssl.conf
[root@teguhth ~]# sed -i 's|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/pki/tls/private/s9server.key|g' /etc/httpd/conf.d/s9s-ssl.conf
[root@teguhth ~]#
sed -i 's|SSLCertificateFile.*|SSLCertificateFile /etc/pki/tls/certs/s9server.crt|g' /etc/httpd/conf.d/s9s-ssl.conf
sed -i 's|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/pki/tls/private/s9server.key|g' /etc/httpd/conf.d/s9s-ssl.conf
sed -i 's|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/pki/tls/private/s9server.key|g' /etc/httpd/conf.d/s9s-ssl.conf
12. Rename the ClusterControl UI default file and assign correct permission:
[root@teguhth ~]# cp /var/www/html/clustercontrol/bootstrap.php.default /var/www/html/clustercontrol/bootstrap.php
[root@teguhth ~]# chmod 644 /var/www/html/clustercontrol/bootstrap.php
13. Assign correct ownership and permission for the following paths:
[root@teguhth ~]# chmod -R 777 /var/www/html/clustercontrol/app/tmp
[root@teguhth ~]# chmod -R 777 /var/www/html/clustercontrol/app/upload
[root@teguhth ~]# chown -Rf apache.apache /var/www/html/clustercontrol/
[root@teguhth ~]#
14. Use the generated value from step #9 and specify it inside /var/www/html/clustercontrol/bootstrap.php under RPC_TOKEN constant and configure MySQL credentials for the ClusterControl UI by updating the DB_PASS and DB_PORT constants with the cmon user password and MySQL port for dcps database:
define('DB_PASS', 'admin');
define('DB_PORT', '3306');
define('RPC_TOKEN', '120f537ab4ad4a64b819ac49a324b85d');
example
[root@teguhth ~]# cat /var/www/html/clustercontrol/bootstrap.php
<?php
define('DB_HOST', '127.0.0.1');
define('DB_LOGIN', 'cmon');
define('DB_PASS', 'admin');
define('DB_NAME', 'dcps');
define('DB_PORT', '3306');
define('APP_PROTOCOL', 'http');
define('APP_HOST', '127.0.0.1');
define('APP_URL', APP_PROTOCOL.'://'.APP_HOST);
define('CC_UI_VERSION', '1.8.2.7950-#e59d66');
define('SMTP_HOST', '');
define('SMTP_USER', '');
define('SMTP_PASS', '');
define('SMTP_PORT', '');
define('STATUS_REFRESH_RATE', 10000);
define('RPC_PORT','9500');
define('RPC_HOST','127.0.0.1');
// RPC v2
define('RPC_V2_PORT','9501');
define('RPC_V2_HOST','127.0.0.1');
define('RPC_TOKEN','120f537ab4ad4a64b819ac49a324b85d');
//define('WEBSOCKET_HOST', 'ws://127.0.0.1:1337');
define('VENDOR', 'Severalnines');
// Disable Google Analytics
//define('DISABLE_GA', true);
// Disable Ping Home and Google Analytics
//define('ENABLE_PRIVACY', true);
// Enable Web SSH
define('SSH_ENABLED', true);
// cmon-events configuration
define('CMON_EVENTS_ENABLED', true);
define('CMON_EVENTS_HOST', '127.0.0.1');
define('CMON_EVENTS_PORT', 9510);
define('CMON_EVENTS_SSE_ENABLED', true);
// Cloud services
define('CLOUDS_ENABLED', true);
// Enable new user journey
//define('ENABLE_ONBOARDING_V1', 'true');
define('SESSIONS_FALLBACK', false);
define('ENABLE_AUTH_AUDIT_LOG', true);
// Sort cluster list by name, cluster_id, status, or type. Default is cluster_id.
define('CLUSTER_LIST_SORT_BY', 'cluster_id');
//define('AUDIT_DEFAULT_TIMEZONE', 'Europe/Berlin');
[root@teguhth ~]#
15. Insert the generated API token from step #9 into dcps.apis table, so ClusterControl UI can use the security token to retrieve cluster information from the controller service:
[root@teguhth ~]# mysql -u root -p -e "INSERT IGNORE INTO dcps.apis (id, company_id, user_id, url, token, created) values (1,1,1,'http://127.0.0.1','120f537ab4ad4a64b819ac49a324b85d', UNIX_TIMESTAMP())"
Enter password:
[root@teguhth ~]#
16. Enable ClusterControl and Apache daemons on boot and start
[root@teguhth ~]# systemctl start cmon cmon-ssh cmon-events cmon-cloud httpd
[root@teguhth ~]#
[root@teguhth ~]# systemctl enable cmon cmon-ssh cmon-events cmon-cloud httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/cmon.service to /etc/systemd/system/cmon.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/cmon-ssh.service to /etc/systemd/system/cmon-ssh.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/cmon-events.service to /etc/systemd/system/cmon-events.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/cmon-cloud.service to /etc/systemd/system/cmon-cloud.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@teguhth ~]#
17. Create the ccrpc user which is required since the ClusterControl version 1.8.2 to support new user management
[root@teguhth ~]# export S9S_USER_CONFIG=$HOME/.s9s/ccrpc.conf
[root@teguhth ~]# s9s user --create --new-password=120f537ab4ad4a64b819ac49a324b85d --generate-key --private-key-file==$HOME/.s9s/ccrpc.key --group=admins --controller=https://localhost:9501 ccrpc
User created.
[root@teguhth ~]# s9s user --set --first-name=RPC --last-name=API --cmon-user=ccrpc &>/dev/null
[root@teguhth ~]#
18. Generate an SSH key to be used by ClusterControl when connecting to all managed hosts. In this example, we are using the root user to connect to the managed hosts. To generate an SSH key for the root user
[root@teguhth ~]# whoami
root
[root@teguhth ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@teguhth ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:T2E3tuavTnDw/qKpfHxKkfonGGK9eJqfwSl0+wwwOTc root@teguhth
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| + + |
| . . B o |
| *.E = = |
| .oBoB B |
| ..oB=o + |
| .++O+o+o |
| o+=oBBooo |
+----[SHA256]-----+
[root@teguhth ~]#
19. Before creating or importing a database server/cluster into ClusterControl, set up passwordless SSH from the ClusterControl host to the database host(s). Use the following command to copy the SSH key to the target hosts
ssh-copy-id -i ~/.ssh/id_rsa root@10.10.10.100
[root@teguhth ~]# ssh-copy-id -i ~/.ssh/id_rsa root@10.10.10.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.10.10.100 (10.10.10.100)' can't be established.
ECDSA key fingerprint is SHA256:51kbyQK62E7vkLWExPDeLjK81WrXwCiulQ3V9U4VKak.
ECDSA key fingerprint is MD5:eb:6c:f4:0e:0e:d0:70:5b:40:2d:f0:7c:5e:f3:6a:02.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.10.10.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.10.10.100'"
and check to make sure that only the key(s) you wanted were added.
[root@teguhth ~]#
20. Open ClusterControl UI at https://ClusterControl_host/clustercontrol and create the default admin password by providing a valid email address and password.
login first time
https://10.10.10.100/clustercontrol/
login after create user
https://10.10.10.100/clustercontrol/#/
https://10.10.10.100/clustercontrol/#/cluster:1,g:topology
source
https://docs.severalnines.com/docs/clustercontrol/installation/severalnines-repository/#yum-repository
https://docs.severalnines.com/docs/clustercontrol/user-guide-cli/installation/#package-manager-yum-apt
https://docs.severalnines.com/docs/clustercontrol/installation/manual-installation/#offline-installation
[root@severalnines ~]# mv ~/.s9s/s9s.conf ~/.s9s/s9s.conf.bak
[root@severalnines ~]#
[root@severalnines ~]# mv /etc/s9s.conf /etc/s9s.conf.bak
[root@severalnines ~]# s9s user --create --generate-key --controller="https://localhost:9501" --group=admins dba
Grant user 'dba' succeeded.
[root@severalnines ~]# s9s user --cmon-user=dba --enable admin
Ok.
[root@severalnines ~]#
[root@severalnines ~]# /var/www/html/clustercontrol/app/tools/reset-ccrpc.sh
*** This script resets the 'ccrpc' s9s user which is used by the web application to create an admin user.
*** Run this script if you have a problem creating an Admin user with our new user management system.
Press any key to continue (CTRL-C to quit)
*** Checking for s9s admin user ...
*** Note: Your active s9s user must be an 'admins' user.
A ID UNAME GROUPS EMAIL REALNAME
A 4 dba admins - -
Total: 0
*** Deleting existing ccrpc user ...
Unable to delete ccrpc user but will try to continue ...
*** Creating a new ccrpc user ...
Grant user 'ccrpc' succeeded.
A ID UNAME GROUPS EMAIL REALNAME
- 1 system admins - System User
- 2 nobody nobody - Default User
- 3 admin admins - Default User
- 4 dba admins - -
A 5 ccrpc admins - RPC API
Total: 5
*** The ccrpc user has now been reset/recreated!
[root@severalnines ~]# s9s user --list
system
nobody
admin
dba
ccrpc
[root@severalnines ~]# s9s user --cmon-user=dba --enable admin
Ok.
[root@severalnines ~]#
No comments:
Post a Comment