Install Control Panel Server

Before You Begin

  •  Review Get Started Guide to ensure that your environment is ready for the installation.
  • Use a corresponding option of the Control Panel installer in case MySQL is already installed and configured.
  • The installer output is redirected to ./onapp-cp-install.log
  • All the installer critical errors are written to /var/log/messages
  • If you want to reinstall an existing Control Panel, see Control Panel Migration Guide for instructions.
  • If you plan to deploy Accelerator, refer to the RabbitMQ Configuration for Accelerator document for more details.
  • If you need to install other components, for example, OnApp Database Server, RabbitMQ Server, or Redis Server, see OnApp Installation Components for instructions. You can also migrate an OnApp database from MySQL to MariaDB, Percona Server, or Percona Cluster.

To install the Control Panel server, run the following procedure:

  1. Update your server:

    bash# yum update
  2. Download the OnApp YUM repository file:

    bash# rpm -Uvh http://rpm.repo.onapp.com/repo/onapp-repo-6.1.noarch.rpm
  3. Install the OnApp Control Panel installer package:

    bash#> yum install onapp-cp-install
  4. (Optional) You can set custom configuration options for Control Panel. It is important to set custom values before the installer script runs.

     The full list of custom configuration options for Control Panel.

    Edit the /onapp/onapp-cp.conf file to set custom values for Control Panel:

    #Template server URL

    TEMPLATE_SERVER_URL='http://templates-manager.onapp.com'

    # IPs (separated with coma) list for the SNMP to trap. This is the list of Control Panel IP addresses on which the traps sent from the compute resources are processed.

    SNMP_TRAP_IPS=""

    # OnApp Control Panel custom version

    ONAPP_VERSION=""

    # OnApp MySQL/MariaDB connection data (database.yml)

    ONAPP_CONN_WAIT_TIMEOUT=15
    ONAPP_CONN_POOL=30
    ONAPP_CONN_RECONNECT='true'
    ONAPP_CONN_ENCODING='utf8'

    # MySQL/MariaDB server configuration data (in case of local server)

    MYSQL_WAIT_TIMEOUT=604800
    MYSQL_MAX_CONNECTIONS=500
    MYSQL_LIMITNOFILE=8192

    Use MariaDB instead of MySQL as OnApp database server (Deprecated parameter. If you set any values for this parameter, they will not take effect)

    WITH_MARIADB=0

    # Configure the database server relative amount of available RAM

    TUNE_DB_SERVER=1

    # The number of C data structures that can be allocated before triggering the garbage collector. It defaults to 8 million. Only change this value if you understand what it does.

    RUBY_GC_MALLOC_LIMIT=16000000

    # sysctl.conf net.core.somaxconn value

    NET_CORE_SOMAXCONN=2048

    # The root of OnApp database dump directory (on the Control Panel box)

    ONAPP_DB_DUMP_ROOT=""

    # Remote server's (to store database dumps) IP, user, path, openssh connection options and number of dumps to keep

    DB_DUMP_SERVER=""
    DB_DUMP_USER="root"
    DB_DUMP_SERVER_ROOT="/onapp/backups"
    DB_DUMP_SERVER_SSH_OPT="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PasswordAuthentication=no"
    KEEP_DUMPS=168
    DB_DUMP_CRON='40 * * * *'

    Enable monit - tool for managing and monitoring Unix systems

    ENABLE_MONIT=1

    DEPRECATED: If enabled (the 1 value is set) - install (if local box) and configures RabbitMQ Server (messaging system) for the vCloud support. (Deprecated parameter. If you set any values for this parameter, they will not take effect)

    ENABLE_RABBITMQ=1

    # Rotate transactions' log files created more than TRANS_LOGS_ROTATE_TIME day(s) ago

    TRANS_LOGS_ROTATE_TIME=30

    # Maximum allowed for uploading file size in bytes, from 0 (meaning unlimited) to 2147483647 (2GB). Default is 0.

    MAX_UPLOAD_SIZE=0

    # Timeout before ping Redis Server to check if it is started. Default is 10 sec.

    REDIS_PING_TIMEOUT=10

    # OnApp Control Panel SSL certificates (please do not change if you aren't familar with SSL certificates)
    # * The data below to generate self-signed PEM-encoded X.509 certificate

    SSL_CERT_COUNTRY_NAME="UK"
    SSL_CERT_ORGANIZATION_NAME='OnApp Limited'
    SSL_CERT_ORGANIZATION_ALUNITNAME='OnApp Cloud'
    SSL_CERT_COMMON_NAME="`hostname --fqdn 2>/dev/null`"

    #   SSLCertificateFile, SSLCertificateKeyFile Apache directives' values
    #   ssl_certificate, ssl_certificate_key Nginx directives' values

    SSLCERTIFICATEFILE="/etc/pki/tls/certs/ca.crt"
    SSLCERTIFICATECSRFILE="/etc/pki/tls/private/ca.csr"
    SSLCERTIFICATEKEYFILE="/etc/pki/tls/private/ca.key"

    # * PEM-encoded CA Certificate (if custom one exists)
    #   SSLCACertificateFile, SSLCertificateChainFile Apache directives' values
    #   ssl_client_certificate Nginx directives' values

    SSLCACERTIFICATEFILE=""
    SSLCERTIFICATECHAINFILE=""

    #   SSLCipherSuite, SSLProtocol Apache directives' values
    #   ssl_ciphers, ssl_protocols Nginx directives' values

    SSLCIPHERSUITE=""
    SSLPROTOCOL=""
    bash# vi /onapp/onapp-cp.conf

    For successful installation you need to accept the EULA.

    Before installing the OnApp Control Panel package, apply the following changes to the /onapp/onapp-cp.conf file to avoid the RC4 Cipher Suite (CVE-2015-2808) vulnerability.

    SSLCIPHERSUITE="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!3DES"
    SSLPROTOCOL="all -SSLv2 -SSLv3 -TLSv1"
  5. Run the Control Panel installer:

    bash#> /onapp/onapp-cp-install/onapp-cp-install.sh -i SNMP_TRAP_IPS
     The full list of installer options for Control Panel.

    Usage:

    # /onapp/onapp-cp-install/onapp-cp-install.sh -h
    Usage: /onapp/onapp-cp-install/onapp-cp-install.sh [-c CONFIG_FILE] [--mariadb | --community | --percona | --percona-cluster] [-m MYSQL_HOST] [--mysql-port=MYSQL_PORT] [--mysql-sock[=MYSQL_SOCK] [-p MYSQL_PASSWD] [-d MYSQL_DB] [-u MYSQL_USER] [-U ADMIN_LOGIN] [-P ADMIN_PASSWD] [-F ADMIN_FIRSTNAME] [-L ADMIN_LASTNAME] [-E ADMIN_EMAIL] [-v ONAPP_VERSION] [-i SNMP_TRAP_IPS] [--redis-host=REDIS_HOST] [--redis-bind[=REDIS_BIND] [--redis-passwd[=REDIS_PASSWD] [--redis-port=REDIS_PORT] [--redis-sock[=REDIS_SOCK] [--rbthost RBT_HOST] [--vcdlogin VCD_LOGIN] [--vcdpasswd VCD_PASSWD] [--vcdvhost VCD_VHOST] [--rbtlogin RBT_LOGIN] [--rbtpasswd RBT_PASSWD] [-a] [-y] [-D] [-t] [--noservices] [--ha-install] [--rake=RAKE_TASKS] [--quick|--quick-update[=SERVICE] [--accept-eula] [-w] [-h]
    Where:
     Database server options:Default database SQL server is MySQL Server. Please use one of the following option to install LOCALLY.
    --mariadbMariaDB Server
    --communityMySQL Community Server
    --perconaPercona Server
    --percona-clusterPercona Cluster
    MYSQL_*Options are useful if MySQL is already installed and configured.
    -m MYSQL_HOSTMySQL host. Default is 'localhost'
    --mysql-port=MYSQL_PORTTCP port where MySQL Server serves connections. Default values is 3306 for the local installation
     --mysql-sock[=MYSQL_SOCK]Unix socket on which MySQL Server serves connections. Default values is /var/lib/mysql/mysql.sock.
    Used if local server only. The socket is unset if the option's argument isn't specified.
    -p MYSQL_PASSWDMySQL password. Random is generated if is not set or specified.
    -d MYSQL_DBOnApp MySQL database name. Default is 'onapp'.
    -u MYSQL_USERMySQL user. Default is 'root'.
    Redis Server options:
    REDIS_*Options are useful if Redis Server is already installed and configured.
    --redis-host=REDIS_HOST


    IP address/FQDN where Redis Server runs. It is used by Control Panel to connect to Redis Server.
    The Redis Server will be installed and configured on the current box if localhost/127.0.0.1 or box's
    public IP address (listed in SNMP_TRAP_IPS) is specified. Default value is 127.0.0.1.
    If local Redis, it will serve as well on the unix socket 'PORT' (if --redis-sock without argument isn't specified).
    --redis-bind[=REDIS_BIND]The IP address for Redis Server to serve connections (to listen). The option isn't mandatory.
    --redis-port=REDIS_PORTRedis Server listen port.
    Defaults are:
    0 - if local server
    6379 - if remote server
    --redis-passwd[=REDIS_PASSWD]Redis Server password to authentificate.
    Random password is generated if the option's argument isn't specified.
    By default no password is used for local Redis.
    --redis-sock[=REDIS_SOCK]Path to the Redis Server's socket. Used if local server only. Default is /var/run/redis/redis.sock.
    The socket is unset if the option's argument isn't specified.
     Options to manage the OnApp Control Panel administrator account:
    ADMIN_*Options are used to configure OnApp Control Panel administrator data.
    Please note that these options are for NEW INSTALL only and not for upgrade

    -P ADMIN_PASSWD

    CP administrator password
    -F ADMIN_FIRSTNAMECP administrator first name
    -L ADMIN_LASTNAMECP administrator last name
    -E ADMIN_EMAILCP administrator e-mail
    RabbitMQ Server and vCloud options:
      --rbthost   RBT_HOST  IP address/FQDN where RabbitMQ Server runs. The RabbitMQ will be installed and configured on the current box
    if localhost/127.0.0.1 or box's public IP address (enlisted in SNMP_TRAP_IPS) Default value is 127.0.0.1.
    VCD_*Options are usefull if vCloud/RabbitMQ are already installed and configured.
    --vcdlogin  VCD_LOGINRabbitMQ/vCloud user. Default value is 'rbtvcd'.
    --vcdpasswd VCD_PASSWDRabbitMQ/vCloud user password. The random password is generated if isn't specified.
    --vcdvhost  VCD_VHOSTRabbitMQ/vCloud vhost. Default value is '/'
    RBT_*  Options are used to configure RabbitMQ manager account. If local RabbitMQ server.
    --rbtlogin  RBT_LOGIN RabbitMQ manager login. The default value is 'rbtmgr'.
    --rbtpasswd RBT_PASSWDRabbitMQ manager password. The random password is generated if isn't specified.
    General options:
    --rake RAKE_TASKSList of OnApp Control Panel rake tasks (separated with space) to run at the very end of install or upgrade.
    -v ONAPP_VERSIONInstall custom OnApp CP version
    -i SNMP_TRAP_IPSIP addresses separated with coma for snmp to trap
    -yUpdate OS packages (except of OnApp provided) on the box with 'yum update'.
    -aIs not interactive. Process with automatic installation. Please note, this will continue OnApp Control Panel
    install/upgrade even if there is transaction currently running.
    -tAdd to the database and download Base Templates. For new installs only. If this option is not used, then only the following mandatory
    System Templates will be added by default during fresh install: OnApp CDN Appliance; Load Balancer Virtual Appliance; Application Server Appliance.
    --noservices

    Do not start OnApp services: monit, onapp and httpd
    Please note, crond and all OnApp's cron tasks remain running. They could be disabled by stopping crond service manually for your own risk.

    -DDo not make database dump, and make sure it is disabled in the cron and not running at the moment.
    -w

    Do not disable the iptables service. It is applicable on fresh installs only.

    --quick|--quick-update[=SERVICE] Procceed with quick update procedure. This will skip update and configuration for services, such as system packages,
    MySQL database, Redis Server, RabbitMQ Server, and Monit service. Set the SERVICE parameter (space separated list of statements)
    to define services, which need to be updated. Possible reserved statements are:                  
    rpms - for 'system packages' upgrade;
    mysql - for MySQL databse upgrade ond configuring;
    redis - for ERedis Server upgrade and configuring;
    rabbitmq - for RabbitMQ Server upgrade and configuring;
    monit - for Monit upgrade and configuring.
    --accept-eulaAutomatically accept OnApp's End User License Agreement.
    -c CONFIG_FILECustom installer configuration file. Otherwise, preinstalled one is used.
    -hPrint this info

    Perform the steps from six to nine (6-9) only if you are going to use CloudBoot and/or OnApp Storage.

  6. Install CloudBoot dependencies:

    Depending on a compute resource type, you should install onapp-ramdisk-DISTRO-FLAVOR package(s) where:

    DISTRO: centos6, centos7
    FLAVOR: xen, kvm

    It is required to install yum install onapp-ramdisk-centos7-default together with onappstore packages.

    It is recommended to install all the following packages:

    bash#> # yum install onapp-ramdisk-centos6-kvm
    bash#> # yum install onapp-ramdisk-centos6-xen
    bash#> # yum install onapp-ramdisk-centos7-kvm
    bash#> # yum install onapp-ramdisk-centos7-xen
    bash#> # yum install onapp-ramdisk-centos7-default
    bash#> /onapp/onapp-store-install/onapp-store-install.sh

    Any of the ramdisk packages install the following packages automatically:
    onapp-store-install
    onapp-ramdisk-tools

  7. Run the following utility to configure and customize ramdisks:

    bash# /onapp/onapp-store-install/onapp-store-install.sh
  8. Install an OnApp license to activate your Control Panel. Enter a valid license key via the OnApp UI. Your default OnApp credentials are admin/changeme. You can change a password via the Control Panel > Users menu.

    After you enter a license key, it may take up to 15 minutes to activate the key.

  9. Restart the OnApp service:

    bash#> service onapp restart

    Perform the following step (10) only if you plan to deploy Accelerator.

  10. If you plan to configure an Accelerator, run the following command:

    • For all compute resources:

      rake hypervisor:messaging:configure
    • For certain compute resources only:

      rake hypervisor:messaging:configure['11.0.50.111 11.0.50.112']

      To perform the configuration for a number of compute resources, separate their IP addresses with a space.

      The command above runs on compute resources that are online. If some compute resources are offline, you should run the command again when they are online. The rabbitmq_host parameter in the on_app.yml file should contain the real IP address of a server with RabbitMQ installed. The rabbitmq_host parameter should not be set to 'localhost' or '127.0.0.1'. The server with RabbitMQ installed should be available from the compute resources. For information on manual configuration for Accelerator, refer to RabbitMQ Configuration for Accelerator.

  11. Generate SSH keys that OnApp requires for you to access various elements of the cloud. The script provided generates and transfers keys as necessary. The script needs to be run on your Control Panel server. It overwrites any keys that already exist so if you have custom keys already installed, you need to add them again after running the script. You need to provide your login details to various servers during the script execution. Please follow the onscreen instructions.

  12. If you install a new cloud instance, connect to your Control Panel server via SSH, download, and run the script:

    bash#> wget http://downloads.repo.onapp.com/install-all-keys.sh
    bash#> /bin/sh install-all-keys.sh

    Note that the script is applicable only if you configure your first compute resources in the cloud. If you already have some existing compute resources and install new ones, the script sets new SSH keys to all the compute resources, both new and existing.

  13. If you add additional compute resources to an existing cloud, update the authorized_keys file by running the following script on the Control Panel server:

    bash#> ssh-copy-id -i /home/onapp/.ssh/id_rsa.pub root@HV_HOST_IP
  14. Mount the locations for templates and backups. If you do not have a dedicated backup server, you must mount your template and backup repositories to compute resources. If your template and backup repositories are located on the Control Panel server, you can mount them as follows:

    Add the repositories to /etc/exports on the Control Panel server and then restart the NFS service:

    /onapp/templates 192.168.10.0/24(rw,no_root_squash)
    /onapp/backups 192.168.10.0/24(rw,no_root_squash)
  15. After you installed the Control Panel server, configure your Cloud Settings