Install and Configure AN!CDB

From Alteeve Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

 AN!Wiki :: How To :: Install and Configure AN!CDB

Note: Once you finish installing AN!CDB, please visit the tutorial AN!CDB - Cluster Dashboard for information on how to use AN!CDB.
AN!CDB - Cluster Dashboard

Install

The easiest way to setup AN!CDB is to use the an-cdb-install.sh script.

Install CentOS or RHEL version 6.x on your dashboard server. Configure the network interfaces so that the dashboard can connect to the IFN and BCN.

Once the network is setup and the install is complete, download this file;

curl -O https://raw.github.com/digimer/an-cdb/master/an-cdb-install.sh
chmod 755 an-cdb-install.sh
#
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9065  100  9065    0     0  35571      0 --:--:-- --:--:-- --:--:--  134k

Next, simply run the script.

You will be asked for the host name, a password to use for the alteeve user's login and the dashboard's admin login and you will be asked for a company or organization name. The company or organization name is simply used for the dashboard's password prompt.

./an-cdb-install.sh
##############################################################################
# AN!CDB - Alteeve's Niche! - Cluster Dashboard                              #
#                                                          Install Beginning #
##############################################################################

What is the host name of this dashboard?
[an-m04.alteeve.ca] 

NOTE: The password you enter will be echoed back to you.
What password do you want for the local 'alteeve' user and for the dashboard's
'admin' user? 
[] secret

What is the company or organization to use for the Dashboard password prompt?
[] Alteeve's Niche!

Using the following values:
 - Host name: [an-m04.alteeve.ca]
 - Customer:  [Alteeve's Niche!]
 - Password:  [secret]

Shall I proceed? [y/N]
y
 - Beginning now.

After a fairly large amount of output, you should see:

##############################################################################
#                                                                            #
#                       Dashboard install is complete.                       #
#                                                                            #
# When you reboot and log in, you should see a file called:                  #
# [public_keys.txt] on the desktop. Copy the contents of that file and add   #
# them to: [/root/.ssh/authorized_keys] on each cluster node you wish this   #
# dashboard to access.                                                       #
#                                                                            #
# Once the keys are added, switch to the: [apache] user and use ssh to       #
# connect to each node for the first time. This is needed to add the node's  #
# SSH fingerprint to the apache user's: [~/.ssh/known_hosts] file. You only  #
# need to do this once per node.                                             #
#                                                                            #
# Please reboot to ensure the latest kernel is being used.                   #
#                                                                            #
# Remember to update: [/etc/an/an.conf] and then copy it to each node!       #
#                                                                            #
##############################################################################

This will usually update the kernel and install the graphical desktop. Generally, you will want to reboot at this point.

As it says above, remember to edit the /var/www/home/ricci_pw.txt and /etc/an/an.conf files to add the information for the Anvil!s you want this dashboard to have access to.

Also remember to log into the apache user's terminal and SSH to each node. This will ask you to verify the node's fingerprint and then record it in the apache user's /var/www/home/.ssh/known_hosts file. The dashboard will not connect to a node until this is done.

AN! generally installed the AN!CDB on ASUS EeeBox PC-EB1033 1-liter nettop PCs. You should be able to use any computer or appliance that can run the 64-bit version RHEL or CentOS version 6.

Adding an Anvil! to a Dashboard

Adding an Anvil! to a given dashboard involves a few steps;

  1. Adding the Anvil! nodes to /etc/hosts
    1. Configure /etc/ssh/ssh_config is you use non-standard ports.
  2. Setting up SSH access from the dashboard to your nodes.
  3. Adding the Anvil!'s details to the dashboard's /etc/an/an.conf file.
    1. Copy /etc/an/an.conf to your Anvil! nodes.
  4. Adding each node to the dashboard's Virtual Machine Manager application.

Adding the AN!CDB SSH keys to the Nodes

The public_keys.txt file on the new AN!CDB dashboard desktop.

When the dashboard was installed, a desktop file should have been created called public_keys.txt. This file contains the keys needed to provide password-less SSH access for the dashboard's apache, alteeve and root users. Strictly speaking, the only key you need to add to the nodes is the apache user. The dashboard can not authenticate against a node otherwise (at this time... patches welcomed!).

Adding the alteeve user's key allows Virtual Machine Manager to connect without having to enter a password. If you prefer though, you can leave out the alteeve. Adding the root user's key may come in handy if you use the dashboard machine as a gateway into the cluster. Adding the root user's key is the least important and safe to leave out if you prefer.

Note: In this example, we will be connecting to an Anvil! called an-cluster-05 which has the two nodes named an-c05n01 and an-c05n02. Please substitute these names for the name of your Anvil! and it's nodes.

Open a terminal window as the alteeve user. To do this, log into the dashboard's graphical interface and the open a terminal window by clicking on;

  • Applications -> System Tools -> Terminal

At the prompt, type the following;

cat /home/alteeve/Desktop/public_keys.txt | ssh root@an-c05n01 "cat >> /root/.ssh/authorized_keys"

You will be asked to verify the node's SSH fingerprint. If you trust the fingerprint is accurate, type yes.

The authenticity of host '[an-c05n01]:22501 ([10.255.50.1]:22501)' can't be established.
RSA key fingerprint is c4:5f:3d:52:d8:76:2d:0b:b0:9c:b5:e4:9d:ac:05:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[an-c05n01]:22501,[10.255.50.1]:22501' (RSA) to the list of known hosts.

The node's fingerprint will be added to the alteeve user's ~/.ssh/known_hosts file. You should not be asked to verify the fingerprint again.

Next, you will need to enter to node's root user's password.

root@an-c05n01's password:

When you enter the password, you will so no feedback at all. If you entered the correct password, it should simply have returned to the terminal. You can verify that this worked by trying to log into the node.

ssh root@an-c05n01
Last login: Tue Dec  3 21:23:48 2013 from alteeve.ca
an-c05n01:~#

Now exit out to return to the dashboard's terminal.

an-c05n01:~# exit
logout
Connection to an-c05n01 closed.

Now switch to the apache user.

su - apache

Enter the apache user's password. This was set when you ran the an-cdb-installer.sh script. There is no default password.

Password:

If the password was correct, you will get the apache user's shell.

-bash-4.1$

Now try using ssh to connect to the node.

ssh root@an-c05n01

As this is a different user, you will again be asked to verify that the SSH fingerprint is accurate. If you trust it, type yes.

The authenticity of host '[an-c05n01]:22501 ([10.255.50.1]:22501)' can't be established.
RSA key fingerprint is c4:5f:3d:52:d8:76:2d:0b:b0:9c:b5:e4:9d:ac:05:a1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[an-c05n01]:22501,[10.255.50.1]:22501' (RSA) to the list of known hosts.
Last login: Sun Jul 28 20:43:46 2013 from alteeve.ca
an-c05n01:~#

Now type exit to return to the dashboard.

exit
logout
Connection to an-c05n01 closed.

That's it!

Repeat this process for your other node, an-c05n02 in this case.

Configuring 'an.conf'

The an.conf file is where you tell AN!CDB how to send email and which Anvil!s your dashboard will be able to manage.

The first section we'll configure is the mail. Then we will configure the Anvil!s to be managed.

Configuring an.conf's Mail Settings

The dashboard itself does not send emails. However, the nodes will and we will be copying an.conf to them shortly. So we need to configure the mail server and client data. If you've ever setup a mail server, this section will be familiar to you. If not, please don't worry, it's quite simple. You may need to ask your Internet or email provider for some of the details though.

AN!CDB does not try to use local mail delivery. It is designed to act more like a traditional email client, so you will need to tell it where to connect in order to send email.

Lets take at the variables we will be setting.

Variable Description
smtp::server This is the mail server to connect to when sending email.
smtp::port This is the number of seconds to wait for a response when connection to the mail server on the given port that you set above. Note that most Internet service providers block outbound port 25 to combat spam.
smtp::timeout If the connection to the mail server is not established in this number of seconds, the connection will be declared failed.
smtp::username This is the user name used to send email from and it is the account used to log into the mail server when sending email.
smtp::password This is the password needed to authenticate the user account above.
smtp::security Set this to the encryption level used to connect to the server. Generally, this is STARTTLS.
smtp::encrypt_pass Set this to 1 to use encrypted passwords. Set this to 0 to send the password in plan text. Obviously, 1 is recommended if your mail server supports it.
mail_data::to This is a comma-separated list of email addresses to send messages to. Generally, this will be you and/or your company/organizations support address. Alerts generated from the nodes will go here.
mail_data::sending_domain This is the SMTP domain value used when connecting to the mail server. Generally, you will set this to either your domain name or the domain name of the company or organization who owns the Anvil!.

Set these values and you're done.

Configuring an.conf's Anvil!s

By default, three sample Anvil!s are pre-loaded in the config. Each Anvil has six variables. Each Anvil! is differentiated by a unique sequence in the variable name. Lets look at the variables, then we will look at the sequence numbers.

Variable Description
cluster::x::name This is the name of the cluster. It should match the cluster name set in each Anvil!'s cluster.conf file. The primary purpose of this name is to identify it from other Anvil!s you may have (or add in the future).
cluster::x::nodes This is a comma-separated list of nodes in this cluster. The names here must resolve to the IP address used to log into the Anvil! nodes.
cluster::x::company This is a descriptive field used in the Anvil! selection screen. Generally, you will want to use the same name you set when you ran an-cdb-install.sh. If you support multiple companies or organizations, this field will help you identify the Anvil! you want to work on a little more quickly.
cluster::x::description This is a free-form description that describes the specific Anvil!. You can use whatever you want to here. Generally, this will describe the general purpose of the main servers running on the node, but it's really up to you to put whatever you want.
cluster::x::url This is an optional URL that you can enter to link to external information about the Anvil!. This is useful if you have internal tracking, a wiki or other external resource.
cluster::x::ricci_pw This is the password you set for each node's ricci user. This is needed in order to create, modify or remove servers from your Anvil!.

The actual variable names above all have the prefix cluster::x::, where x is a simple sequence number. It doesn't even have to be a sequence, it just has to be unique. This number has no bearing on the importance of any Anvil! systems, it's really nothing more than an identifier.

Lets look at the three example Anvil! configurations included in the default /etc/an/an.conf

cluster::1::name		=	an-cluster-01
cluster::1::nodes		=	an-c01n01.remote, an-c01n02.remote
cluster::1::company		=	Alteeve's Niche!
cluster::1::description		=	Cluster 01 (Production Cluster - "Sagan")
cluster::1::url			=	https://internal.alteeve.ca/w/an-cluster-01
cluster::1::ricci_pw		=	secret

cluster::2::name		=	an-cluster-03
cluster::2::nodes		=	an-c03n01, an-c03n02
cluster::2::company		=	Alteeve's Niche!
cluster::2::description		=	Cluster 03 (Dev Cluster - "Vishniac")
cluster::2::url			=	https://internal.alteeve.ca/w/an-cluster-03
cluster::2::ricci_pw		=	secret

cluster::3::name		=	an-cluster-05
cluster::3::nodes		=	an-c05n01, an-c05n02
cluster::3::company		=	Alteeve's Niche!
cluster::3::description		=	Cluster 05 (Demo Cluster - "Tyson")
cluster::3::url			=	https://internal.alteeve.ca/w/an-cluster-05
cluster::3::ricci_pw		=	secret

Here we see three Anvil! platforms. When you have two or more Anvil!s, you will be presented with a selection screen when you first connect to AN!CDB. If you have only one Anvil!, it will automatically be selected.

You may notice that the first Anvil!, an-cluster-01, has nodes with the .remote suffix. This is a personal convention we use to identify and log into nodes that are reached over the Internet. On the rare occasions where we are on-site, we simply delete the .remote suffix. If you plan to frequently connect to an Anvil! locally and remotely, then simply create two entries; One with the short host names and the other with the .remote suffix on the node names. You will need to add something like "an-cluster-01 (remote)" to the name variable in order to tell them apart, of course.

There is no (practical) upper limit to the number of Anvil!s that a given dashboard can support.

Configuring Virtual Machine Manager

The Virtual Machine Manager application is a separate tool that is available on the AN!CDB appliances. You can think of it as a kind of KVM switch for your server running on your Anvil!s.

It gives you a way to directly access your servers, just as if you were sitting at a real keyboard, mouse and monitor plugged into a physical server. With it, you can watch your servers boot up, shut down and you can work on your servers when they have no network connection at all.

Normal remote management tools, like RDP for windows servers, SSH for Linux and UNIX and other tools require that the target server be up and running and have a working network connection. Most of the time, these are perfectly fine. Sometimes though, network settings are configured improperly, bad firewall rules lock out remote access and so on. These time require direct access and that is where Virtual Machine Manager comes in very handy.

Virtual Machine Manager
Virtual Machine Manager icon.
First launch.
"Add Connection" menu item.
Adding a node.
First node added.
Both nodes added.
Note: If you get prompted to enter the root user's password, do so. This will connect to the local machine. Right-click on localhost (QEMU) -> Details, click to uncheck Autoconnect and you will not be prompted for the password again.

The steps to add the nodes are (in the same order as the images above);

  1. On the dashboard's desktop is an icon called "Virtual Machine Manager".
  2. Double-click on it and it will start the program.
  3. Click on "File" -> "Add Connection"
  4. Fill in the details for the first node in your Anvil!.
    1. Click to check "Connect to remote host"
    2. Enter the host name of the node (same as you put in an.conf earlier)
    3. Click to check "Autoconnect"
    4. Clock on "Connect".
  5. The first node should appear in the main window. If you already have servers running on that node, they will appear. Otherwise they will appear when they are booted or created.
  6. Repeat steps #3 and #4 to add the second node.

That's it! You now have direct access to your servers. Simply run "Virtual Machine Manager" when ever you want. It's use is totally independent of the AN!CDB dashboard proper.

Connecting To AN!CDB

The AN!CDB Dashboard
AN!CDB dashboard password prompt.
Anvil! selection screen.
Connected to an-cluster-05.

To access the AN!CDB dashboard, open any browser on any computer on your network. If you open a browser on the dashboard server itself, connect to http://localhost. If you are using any other machine, connect to the dashboard's IP address.

Push an.conf, an-cm and an-cm.lib To Anvil! Nodes

AN!CDB is designed to be centrally configured from one of the dashboard machines and then pushed to other dashboard and to all nodes.

In this case, we've configured, among others, an-cluster-05. So let's copy the an.conf to those two nodes.

For each node, we're going to push five files;

  • /etc/an/an.conf; Central configuration file.
  • var/www/tools/an-cm and var/www/tools/an-cm.lib; The AN!CM monitoring and alert program (and it's library).
  • /var/www/tools/archive_an-cm.log.sh and /var/www/tools/archive_megasas.log.sh; Log archival scripts.

Copy to an-c05n01:

rsync -av /etc/an root@an-c05n01:/etc/
sending incremental file list
an/
an/an.conf

sent 19293 bytes  received 96 bytes  38778.00 bytes/sec
total size is 21037  speedup is 1.08
rsync -av /var/www/tools/an-cm* root@an-c05n01:/root/
sending incremental file list
an-cm
an-cm.lib

sent 2093 bytes  received 2990 bytes  10166.00 bytes/sec
total size is 342311  speedup is 67.34
rsync -av /var/www/tools/archive_* root@an-c05n01:/root/
sending incremental file list
archive_an-cm.log.sh
archive_megasas.log.sh

sent 1964 bytes  received 50 bytes  4028.00 bytes/sec
total size is 1798  speedup is 0.89

Copy to an-c05n02:

rsync -av /etc/an root@an-c05n02:/etc/
sending incremental file list
an/
an/an.conf

sent 4752 bytes  received 35 bytes  9574.00 bytes/sec
total size is 4649  speedup is 0.97
rsync -av /var/www/tools/an-cm* root@an-c05n02:/root/
sending incremental file list
an-cm
an-cm.lib

sent 342492 bytes  received 50 bytes  685084.00 bytes/sec
total size is 342311  speedup is 1.00
rsync -av /var/www/tools/archive_* root@an-c05n02:/root/
sending incremental file list
archive_an-cm.log.sh
archive_megasas.log.sh

sent 984 bytes  received 62 bytes  2092.00 bytes/sec
total size is 1798  speedup is 1.72

To setup AN!CM on each node, please now jump over to the main tutorial.

Now we're done.

 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support
Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.