11.3. Configure the Sahara Service

To configure the Sahara service, you will need to:
  • Configure the OpenStack Sahara database connection.
  • Configure OpenStack Sahara API server to authenticate with the Identity service.
  • Configure the firewall to allow OpenStack Sahara service traffic (through port 8386).
The following sections describe each step in greater detail.

11.3.1. Configure the OpenStack Sahara Database Connection

The database connection URL used by the OpenStack Sahara service is defined in the /etc/sahara/sahara.conf file. This URL must be set to point to a valid database server before launching the OpenStack Sahara API server (openstack-sahara-api). Typically, if a database already exists for OpenStack Sahara you would set the database connection URL using the following command: 
# openstack-config --set /etc/sahara/sahara.conf \
    database connection DB_TYPE://USER:PASS@IP:PORT/sahara
Where:
  • DB_TYPE is the database type of the database server.
  • USER and PASS are the username and password required by the OpenStack Sahara service to log on to the database server. Supply these credentials only when required by the database server (for example, when the database server is hosted on another system or node).
  • IP:PORT is the IP address/hostname and port of the system hosting the database server.
If you have not created a database yet for OpenStack Sahara, perform the following steps instead:

Procedure 11.1. Creating and configuring a database for OpenStack Sahara

If you are installing the OpenStack Sahara service for testing purposes, create the database on the same server hosting the openstack-sahara-api service.
  1. Log in as root.
  2. Set the database connection URL to an empty database: 
    # openstack-config --set /etc/sahara/sahara.conf \
    database connection mysql:////tmp/sahara.db
  3. Create the database schema: 
    # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
    This command will also configure the database connection URl accordingly.

11.3.2. Create the OpenStack Sahara Service Identity Records

This section assumes that you have already created an administrator account and services tenant. For more information, refer to:
In this procedure, you will:
  1. Create the sahara user, who has the admin role in the services tenant.
  2. Create the sahara service entry and assign it an endpoint.
In order to proceed, you should have already performed the following (using the Identity service):
  1. Created an Administrator role named admin (refer to Section 3.8, “Create an Administrator Account” for instructions)
  2. Created the services tenant (refer to Section 3.10, “Create the Services Tenant” for instructions)

Note

The Deploying OpenStack: Learning Environments guide uses one tenant for all service users. For more information, refer to Section 3.10, “Create the Services Tenant”.
You can perform this procedure from your Identity service server or on any machine where you've copied the keystonerc_admin file (which contains administrator credentials) and the keystone command-line utility is installed.

Procedure 11.2. Configuring the OpenStack Sahara service to authenticate through the Identity Service

  1. Set up the shell to access Keystone as the admin user: 
    # source ~/keystonerc_admin
  2. Create the sahara user and set its password by replacing PASSWORD with your chosen password: 
    # keystone user-create --name sahara --pass PASSWORD
  3. Add the sahara user to the services tenant with the admin role: 
    # keystone user-role-add --user sahara --role admin --tenant services
  4. Create the sahara system item: 
    # keystone service-create --name=sahara --type=data_processing --description="Sahara data processing"
  5. Create the sahara endpoint entry: 
    # keystone endpoint-create \
    --service sahara \
    --publicurl "http://IP:8386/v1.1/%(tenant_id)s" \
    --adminurl "http://IP:8386/v1.1/%(tenant_id)s" \
    --internalurl "http://IP:8386/v1.1/%(tenant_id)s"
    Replace IP with the IP address or fully qualified domain name of the system hosting the OpenStack Sahara service.
You have now configured the Identity service to work with the OpenStack Sahara service.

11.3.3. Configure OpenStack Sahara Authentication

After creating and configuring the required OpenStack Sahara service users and roles (namely, Identity records), configure the OpenStack Sahara API server (openstack-sahara-api) to authenticate with the Identity service. Doing so involves setting the required Identity credentials in the /etc/sahara/sahara.conf configuration file.
To configure the required Identity credentials for the OpenStack Sahara API server, perform the following procedure.

Procedure 11.3. Configuring the OpenStack Sahara API server to authenticate through the Identity service

  1. Set the OpenStack Sahara API server's authentication host (auth_host) configuration key: 
    # openstack-config --set /etc/sahara/sahara.conf \
   DEFAULT os_auth_host IP
    Replace IP with the IP address or host name of the Identity server.
  2. Set the OpenStack Sahara API server's authentication port (auth_port) configuration key: 
    # openstack-config --set /etc/sahara/sahara.conf \
   DEFAULT os_auth_port PORT
    Replace PORT with the authentication port used by the Identity server.
  3. Set the OpenStack Sahara API server to authenticate as the correct tenant: 
    # openstack-config --set /etc/sahara/sahara.conf \
   DEFAULT os_admin_tenant_name services
    Where services is the name of the tenant created for the use of the OpenStack Sahara API server. Examples in this guide use services.
  4. Set the OpenStack Sahara API server to authenticate using the sahara administration user account: 
    # openstack-config --set /etc/sahara/sahara.conf \
   DEFAULT os_admin_username sahara
  5. Set the OpenStack Sahara API server to use the correct sahara administration user account password: 
    # openstack-config --set /etc/sahara/sahara.conf \
   DEFAULT os_admin_password SERVICE_PASSWORD
    Where SERVICE_PASSWORD is the password set during the creation of the sahara user.

11.3.4. Configure the Firewall to Allow OpenStack Sahara Service Traffic

OpenStack Sahara uses port 8386. As such, Red Hat Enterprise Linux should be configured to allow traffic on this port.
To do so, perform the following steps as the root user.

Procedure 11.4. Configuring the firewall to allow OpenStack Sahara traffic (for Red Hat Enterprise Linux 6-based systems)

  1. Open the /etc/sysconfig/iptables file in a text editor.
  2. Add an INPUT rule allowing TCP traffic on port 8386 to the file. The new rule must appear before any INPUT rules that REJECT traffic. 
    -A INPUT -p tcp -m multiport --dports 8386 -j ACCEPT
  3. Save the changes to the /etc/sysconfig/iptables file.
  4. Restart the iptables service to ensure that the change takes effect. 
    # service iptables restart

Procedure 11.5. Configuring the firewall to allow OpenStack Sahara traffic (for Red Hat Enterprise Linux 7-based systems)

  1. Add a rule allowing TCP traffic on port 8386: 
    # firewall-cmd --permanent --add-port=8386/tcp
  2. For the change to take immediate effect, add the rule to the runtime mode: 
    # firewall-cmd --add-port=8386/tcp
The firewall is now configured to allow incoming connections to the OpenStack Sahara service on port 8386.