-
Notifications
You must be signed in to change notification settings - Fork 87
S3server provisioning on single node VM cluster with OpenLDAP steps : Manual [ DEPRECATED ]
-
Install third-party packages
curl -s http://cortx-storage.colo.seagate.com/releases/cortx/third-party-deps/rpm/install-cortx-prereq.sh | bash
-
Add below repositories on the test VM (Generate your own jenkins custom build) using 'main' branch of all components
- lustre (for cortx-motr)
$yum-config-manager --add-repo http://cortx-storage.colo.seagate.com/releases/cortx/github/integration-custom-ci/centos-7.8.2003/custom-build-399/3rd_party/lustre/custom/tcp/
- cortx iso
$yum-config-manager --add-repo http://cortx-storage.colo.seagate.com/releases/cortx/github/integration-custom-ci/centos-7.8.2003/custom-build-399/cortx_iso/
- 3rd part libraries
$yum-config-manager --add-repo=http://cortx-storage.colo.seagate.com/releases/cortx/github/integration-custom-ci/centos-7.8.2003/custom-build-1120/3rd_party/
-
S3 Server rpm
$yum install -y --nogpgcheck cortx-s3server
-
Machine-ID of the VM
$cat /etc/machine-id
-
FQDN of the VM
$hostname
-
Cluster-ID
$cat /opt/seagate/cortx/s3/s3backgrounddelete/s3_cluster.yaml
Please edit this file (and template file in step 8) if the non-default cluster-ID is used -
Openldap credentials
$s3cipher generate_key --const_key cortx
$s3cipher encrypt --data "any-string-of-your-choice as LDAP root secret key" --key 'output of 7(i) step'
$s3cipher encrypt --data "any-string-of-your-choice as SGIAM secret key" --key 'output of 7(i) step'
-
Update following s3server confstore template files (refer respective
*.sample
files for help)-
/opt/seagate/cortx/s3/conf/s3.config.tmpl.1-node
- Replace TMPL_MACHINE_ID with machine-id of the VM (step 4)
- Replace TMPL_CLUSTER_ID with cluster_id from step 6
- Replace TMPL_HOSTNAME with FQDN of the VM
- Replace TMPL_ROOT_SECRET_KEY with output of step 7(ii)
- Replace TMPL_SGIAM_SECRET_KEY with output of step 7(iii)
-
/opt/seagate/cortx/s3/conf/s3.init.tmpl.1-node
- Replace TMPL_MACHINE_ID with machine-id of the VM (step 4)
- Replace TMPL_CLUSTER_ID with cluster_id from step 6
- Replace TMPL_HOSTNAME with FQDN of the VM
- Replace TMPL_ROOT_SECRET_KEY with output of step 7(ii)
- Replace TMPL_SGIAM_SECRET_KEY with output of step 7(iii)
-
/opt/seagate/cortx/s3/conf/s3.test.tmpl.1-node
- Replace TMPL_SGIAM_SECRET_KEY with output of step 7(iii)
- Add/set 'srvnode-1.data.public' to entry containing 'Public IP' in
/etc/hosts
file - Add/set 'srvnode-1.data.private' to entry containing 'private IP' in
/etc/hosts
file
-
- If found, comment the lines containing "PROFILE=SYSTEM" from /etc/haproxy/haproxy.cfg file
- If not existing, create /etc/ssl/stx/stx.pem file and copy contents from here : stx.pem
- (Optional) If you need client certificates on your client node, create /etc/ssl/stx-s3-clients/s3/ca.crt file and copy contents from here : ca.crt on your client machine.
- Follow all the pre-requisite steps for cortx-py-utils. Mini-provisioning for s3server and utils will happen alongside as per below steps. Reference wiki for cortx-py-utils - cortx-py-utils-single-node-manual-provisioning
- Install all openldap relevant packages
symas-openldap symas-openldap-servers symas-openldap-clients openldap-devel python36-ldap
- Note that ldap logs are dumped at -
/var/log/seagate/utils/openldap/OpenldapProvisioning.log
$/opt/seagate/cortx/utils/bin/utils_setup post_install --config yaml:///tmp/utils.post_install.tmpl.1-node
$/opt/seagate/cortx/utils/bin/openldap_setup post_install --config "yaml:///opt/seagate/cortx/utils/conf/openldap.post_install.tmpl"
$/opt/seagate/cortx/s3/bin/s3_setup post_install --config "yaml:///opt/seagate/cortx/s3/conf/s3.post_install.tmpl.1-node"
$/opt/seagate/cortx/utils/bin/utils_setup prepare --config yaml:///tmp/utils.prepare.tmpl.1-node
$/opt/seagate/cortx/utils/bin/openldap_setup prepare --config "yaml:///opt/seagate/cortx/utils/conf/openldap.prepare.tmpl"
$/opt/seagate/cortx/s3/bin/s3_setup prepare --config "yaml:///opt/seagate/cortx/s3/conf/s3.prepare.tmpl.1-node"
- All 3rd party services are expected to be run before config stage as per CORTX Components Mini Provisioning Deliverables
- Use s3prov_start_services.sh to run required 3rd party services
$sh ./s3prov_start_services.sh haproxy slapd rsyslog sshd
- Fill out the OpenLDAP config and init related template files as described in config and init phases of OpenLDAP-Setup
-
/opt/seagate/cortx/utils/bin/utils_setup config --config yaml:///tmp/utils.config.tmpl.1-node
-
/opt/seagate/cortx/utils/bin/openldap_setup config --config "yaml:///opt/seagate/cortx/utils/conf/openldap.config.tmpl.1-node"
-
$/opt/seagate/cortx/s3/bin/s3_setup config --config "yaml:///opt/seagate/cortx/s3/conf/s3.config.tmpl.1-node"
$/opt/seagate/cortx/utils/bin/utils_setup init --config yaml:///tmp/utils.init.tmpl.1-node
$/opt/seagate/cortx/utils/bin/openldap_setup init --config "yaml:///opt/seagate/cortx/utils/conf/openldap.init.tmpl.1-node"
$/opt/seagate/cortx/s3/bin/s3_setup init --config "yaml:///opt/seagate/cortx/s3/conf/s3.init.tmpl.1-node"
- Install Hare
$yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
$yum -y install consul-1.7.8
$yum install -y --nogpgcheck cortx-hare
- Set hostname as node name
$hostname > /var/lib/hare/node-name
- Create virtual devices
$m0setup
- Configure lnet
- Create file: /etc/modprobe.d/lnet.conf
- Add below line in the file:
options lnet networks=tcp(eth0) config_on_load=1
- Start lnet service
$service lnet start
- Create CDF file: /tmp/singlenode.yaml as below
https://seagatetechnology.sharepoint.com/:u:/r/sites/gteamdrv1/tdrive1224/Shared%20Documents/Components/S3/mini-provisioning/singlenode.yaml?csf=1&web=1&e=bwNpy8
- Note: please mention confstore config file's 's3_instances' value for 'm0_clients:s3' in above CDF file
- bootstrap hctl
$hctl bootstrap --mkfs /tmp/singlenode.yaml
- Check status
$hctl status
- Start s3authserver
$systemctl restart s3authserver.service
- Start s3background services
$systemctl start s3backgroundproducer
$systemctl start s3backgroundconsumer
- Add below entries in /etc/hosts file of the client node
iam.seagate.com s3.seagate.com
- Sample entry in /etc/hosts:
<public IP of Server node> iam.seagate.com s3.seagate.com
- To install s3iamcli:
$yum-config-manager --add-repo=http://cortx-storage.colo.seagate.com/releases/cortx/uploads/centos/centos-7.8.2003/s3server_uploads/
$yum install --nogpgcheck cortx-s3iamcli
iamadmin password would be 'ldapadmin'
- If you want to use SSL, please copy ca.crt file to /etc/ssl/stx-s3-clients/s3/ on the VM.
Add the path to ca.crt file in s3-clients config files, like aws (/root/.aws/config), s3iamcli(/root/.sgs3iamcli/config.yaml) etc.
1. Add third party repo using this command yum-config-manager --add-repo http://cortx-storage.colo.seagate.com/releases/cortx/uploads/centos/centos-7.8.2003/
2. Install test RPM if not already installed.
3. Make sure /etc/hosts is properly configured.
4. $/opt/seagate/cortx/s3/bin/s3_setup test --config "yaml:///opt/seagate/cortx/s3/conf/s3.test.tmpl.1-node"
$/opt/seagate/cortx/s3/bin/s3_setup reset --config "yaml:///opt/seagate/cortx/s3/conf/s3.reset.tmpl.1-node"
$/opt/seagate/cortx/utils/bin/openldap_setup reset --config "yaml:///opt/seagate/cortx/utils/conf/openldap.reset.tmpl"
$/opt/seagate/cortx/utils/bin/utils_setup reset --config yaml:///tmp/utils.reset.tmpl.1-node
$/opt/seagate/cortx/s3/bin/s3_setup cleanup --config "yaml:///opt/seagate/cortx/s3/conf/s3.cleanup.tmpl.1-node"
$/opt/seagate/cortx/utils/bin/openldap_setup cleanup --config "yaml:///opt/seagate/cortx/utils/conf/openldap.cleanup.tmpl"
$/opt/seagate/cortx/utils/bin/utils_setup cleanup --config yaml:///tmp/utils.cleanup.tmpl.1-node
$hctl shutdown
$/opt/seagate/cortx/s3/bin/s3_setup preupgrade
$yum upgrade cortx-s3server-2.0.0-1613_git23fcb199_el7.x86_64.rpm -y
$/opt/seagate/cortx/s3/bin/s3_setup postupgrade
$hctl bootstrap /tmp/singlenode.yaml
- Note s3_setup is not Idempotent as of now. In case of configuration failure or re-configuration, Perform following steps:
- Run S3:Reset step
- Run S3:Cleanup step
- copy clean_openldap script to the VM, and execute it.
- Repeat all steps of the s3server mini-provisioning, starting from
post_install
, tillinit