2.3. Prerequisite Database Server

Each OpenStack component requires a running MariaDB service. As such, you will need to deploy one before deploying a full OpenStack cloud service or installing any single OpenStack component.

Important

MySQL is not supported in Red Hat Enterprise Linux OpenStack Platform 5.0 on Red Hat Enterprise Linux 6.5. If you are upgrading an existing environment with a MySQL database server on Red Hat Enterprise Linux 6.5, you must upgrade your database server from MySQL to MariaDB. See Overview of Upgrading to Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) for information on how to perform the upgrade.

2.3.1. Install the MariaDB Database Packages

The following packages are required by the MariaDB database server:
mariadb-galera-server
Provides the MariaDB database server.
mariadb-galera-common
Provides the MariaDB server shared files. Installed as a dependency of the mariadb-galera-server package.
galera
Installs the Galera wsrep provider. Installed as a dependency of the mariadb-galera-server package.
To install the required packages, log in as the root user and run: 
# yum install mariadb-galera-server
The database server is installed and ready to be configured.

2.3.2. Configure the Firewall to Allow Database Traffic

As the database service is used by all of the components in the OpenStack environment it must be accessible by them.
To allow this the firewall on the system hosting the database service must be altered to allow network traffic on the required port. All steps in this procedure must be run while logged in to the server hosting the database service as the root user.

Procedure 2.4. Configuring the firewall to allow database traffic (for Red Hat Enterprise Linux 6-based systems)

  1. Open the /etc/sysconfig/iptables file in a text editor.
  2. Add an INPUT rule allowing TCP traffic on port 3306 to the file. The new rule must appear before any INPUT rules that REJECT traffic. 
    -A INPUT -p tcp -m multiport --dports 3306 -j ACCEPT
  3. Save the changes to the /etc/sysconfig/iptables file.
  4. Restart the iptables service to ensure that the change takes effect. 
    # service iptables restart

Procedure 2.5. Configuring the firewall to allow database traffic (for Red Hat Enterprise Linux 7-based systems)

  1. Add a rule allowing TCP traffic on port 3306: 
    # firewall-cmd --permanent --add-port=3306/tcp
  2. For the change to take immediate effect, add the rule to the runtime mode: 
    # firewall-cmd --add-port=3306/tcp
The firewall is now configured to allow incoming connections to the MariaDB database service on port 3306.

2.3.3. Start the Database Service

All steps in this procedure must be performed while logged in to the server hosting the database service as the root user.

Procedure 2.6. Start the database service (for Red Hat Enterprise Linux 6-based systems)

  1. Use the service command to start the mysqld service: 
    # service start mysqld
  2. Use the chkconfig command to ensure that mysqld service will be started automatically in the future: 
    # chkconfig mysqld on

Procedure 2.7. Start the database service (for Red Hat Enterprise Linux 7-based systems)

  1. Use the systemctl command to start the mariadb.service: 
    # systemctl start mariadb.service
  2. Use the systemctl command to ensure that mariadb.service will be started automatically in the future: 
    # systemctl enable mariadb.service
The database service has been started, and is configured to start automatically on boot.

2.3.4. Configuring the Database Administrator Account

Summary
By default, MariaDB creates a database user account called root that provides access to the MariaDB server from the machine on which the MariaDB server was installed. You must manually set a password for this account to secure access to the MariaDB server. Moreover, you must create a user account that provides access to the MariaDB server from machines other than the machine on which the MariaDB server is installed if required.

Procedure 2.8. Configuring the Database Administrator Account

  1. Log in to the machine on which the MariaDB server is installed.
  2. Set a password for the local root user: 
    # mysqladmin -u root password "PASSWORD"
  3. Optionally, configure a user account for remote access:
    1. Use the mysql client to connect to the MariaDB server: 
      # mysql -p
    2. Enter the newly configured password for the root database user account: 
      Enter password:
    3. Create a user called root that can access the MariaDB server from remote machines: 
      MariaDB [(none)]> CREATE USER 'root'@'%' IDENTIFIED BY 'PASSWORD';
    4. Grant the newly created user access to resources in the database: 
      MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
  4. Exit the mysql client: 
    MariaDB [(none)]> \q
Summary
You have set a password for the root database user with permission to access the MariaDB server from the machine on which the MariaDB server is installed, and optionally created a new database user account with permission to access the MariaDB server from a machine other than the machine on which the MariaDB server is installed.

Note

You can also use the mysqladmin command to change the password of a database user if required. In the following example, replace OLDPASS with the existing password of the user and NEWPASS with a new password: 
# mysqladmin -u root -p OLDPASS NEWPASS

2.3.5. Testing Connectivity

To ensure a database user account has been correctly configured, you can test the connectivity of that user account with the MariaDB server from the machine on which the MariaDB server is installed (local connectivity), and from a machine other than the machine on which the MariaDB server is installed (remote connectivity).

2.3.5.1. Testing Local Connectivity

Summary
Test whether you can connect to the MariaDB server from the machine on which the MariaDB server is installed.

Procedure 2.9. Testing Local Connectivity

  1. Log in to the machine on which the MariaDB server is installed.
  2. Use the mysql client tool to connect to the MariaDB server, replacing USER with the user name by which to connect: 
    $ mysql -u USER -p
  3. Enter the password of the database user when prompted. 
    Enter password:
Result
If the permissions for the database user are correctly configured, the connection succeeds and the MariaDB welcome screen and prompt are displayed. If the permissions for the database user are not correctly configured, an error message is displayed that explains that the database user is not allowed to connect to the MariaDB server.

2.3.5.2. Testing Remote Connectivity

Summary
Test whether you can connect to the MariaDB server from a machine other than the machine on which the MariaDB server is installed.

Procedure 2.10. Testing Remote Connectivty

  1. Log in to a machine other than the machine on which the MariaDB server is installed.
  2. Install the MySQL client tools provided by the mysql package: 
    # yum install mysql
  3. Use the mysql client tool to connect to the MariaDB server, replacing USER with the user name and HOST with the IP address or fully qualified domain name of the MariaDB server: 
    # mysql -u USER -h HOST -p
  4. Enter the password of the database user when prompted: 
    Enter password:
Result
If the permissions for the database user are correctly configured, the connection succeeds and the MariaDB welcome screen and prompt are displayed. If the permissions for the database user are not correctly configured, an error message is displayed that explains that the database user is not allowed to connect to the MariaDB server.