144 lines
5.8 KiB
XML
144 lines
5.8 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="basics-database">
|
|
<?dbhtml stop-chunking?>
|
|
<title>SQL database</title>
|
|
<para>Most OpenStack services use an SQL database to store information.
|
|
The database typically runs on the controller node. The procedures in
|
|
this guide use <application>MariaDB</application> or
|
|
<application>MySQL</application> depending on the distribution.
|
|
OpenStack services also support other SQL databases including
|
|
<link xlink:href="http://www.postgresql.org/">PostgreSQL</link>.</para>
|
|
<procedure>
|
|
<title>To install and configure the database server</title>
|
|
<step>
|
|
<para>Install the packages:</para>
|
|
<note os="ubuntu;rhel;centos;fedora;opensuse">
|
|
<para>The Python MySQL library is compatible with MariaDB.</para>
|
|
</note>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install mariadb-server python-mysqldb</userinput></screen>
|
|
<screen os="debian"><prompt>#</prompt> <userinput>apt-get install mysql-server python-mysqldb</userinput></screen>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install mariadb mariadb-server MySQL-python</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install mariadb-client mariadb python-mysql</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu;debian">
|
|
<para>Choose a suitable password for the database root account.</para>
|
|
</step>
|
|
<step>
|
|
<para os="ubuntu;debian">Create and edit the
|
|
<filename>/etc/mysql/conf.d/mysqld_openstack.cnf</filename> file and
|
|
complete the following actions:</para>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Create and edit the
|
|
<filename>/etc/my.cnf.d/mariadb_openstack.cnf</filename> file and
|
|
complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[mysqld]</literal> section, set the
|
|
<literal>bind-address</literal> key to the management IP
|
|
address of the controller node to enable access by other
|
|
nodes via the management network:</para>
|
|
<programlisting language="ini">[mysqld]
|
|
...
|
|
bind-address = 10.0.0.11</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[mysqld]</literal> section, set the
|
|
following keys to enable useful options and the UTF-8
|
|
character set:</para>
|
|
<programlisting language="ini">[mysqld]
|
|
...
|
|
default-storage-engine = innodb
|
|
innodb_file_per_table
|
|
collation-server = utf8_general_ci
|
|
init-connect = 'SET NAMES utf8'
|
|
character-set-server = utf8</programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To finalize installation</title>
|
|
<step os="ubuntu;debian">
|
|
<para>Restart the database service:</para>
|
|
<screen><prompt>#</prompt> <userinput>service mysql restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;sles;opensuse">
|
|
<para>Start the database service and configure it to start when the
|
|
system boots:</para>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>systemctl enable mariadb.service</userinput>
|
|
<prompt>#</prompt> <userinput>systemctl start mariadb.service</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>systemctl enable mysql.service</userinput>
|
|
<prompt>#</prompt> <userinput>systemctl start mysql.service</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para os="ubuntu;debian">Secure the database service:</para>
|
|
<para os="rhel;centos;fedora;sles;opensuse">Secure the database
|
|
service including choosing a suitable password for the root
|
|
account:</para>
|
|
<screen><prompt>#</prompt> <userinput>mysql_secure_installation</userinput>
|
|
<computeroutput>NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
|
|
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
|
|
|
|
In order to log into MariaDB to secure it, we'll need the current
|
|
password for the root user. If you've just installed MariaDB, and
|
|
you haven't set the root password yet, the password will be blank,
|
|
so you should just press enter here.
|
|
|
|
Enter current password for root (enter for none):
|
|
OK, successfully used password, moving on...
|
|
|
|
Setting the root password ensures that nobody can log into the MariaDB
|
|
root user without the proper authorisation.
|
|
|
|
Set root password? [Y/n] Y
|
|
New password:
|
|
Re-enter new password:
|
|
Password updated successfully!
|
|
Reloading privilege tables..
|
|
... Success!
|
|
|
|
|
|
By default, a MariaDB installation has an anonymous user, allowing anyone
|
|
to log into MariaDB without having to have a user account created for
|
|
them. This is intended only for testing, and to make the installation
|
|
go a bit smoother. You should remove them before moving into a
|
|
production environment.
|
|
|
|
Remove anonymous users? [Y/n] Y
|
|
... Success!
|
|
|
|
Normally, root should only be allowed to connect from 'localhost'. This
|
|
ensures that someone cannot guess at the root password from the network.
|
|
|
|
Disallow root login remotely? [Y/n] Y
|
|
... Success!
|
|
|
|
By default, MariaDB comes with a database named 'test' that anyone can
|
|
access. This is also intended only for testing, and should be removed
|
|
before moving into a production environment.
|
|
|
|
Remove test database and access to it? [Y/n] Y
|
|
- Dropping test database...
|
|
... Success!
|
|
- Removing privileges on test database...
|
|
... Success!
|
|
|
|
Reloading the privilege tables will ensure that all changes made so far
|
|
will take effect immediately.
|
|
|
|
Reload privilege tables now? [Y/n] Y
|
|
... Success!
|
|
|
|
Cleaning up...
|
|
|
|
All done! If you've completed all of the above steps, your MariaDB
|
|
installation should now be secure.
|
|
|
|
Thanks for using MariaDB!</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|