Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

2.2. Install the Database Server

Each OpenStack component requires a running MariaDB database service. You must deploy the database service before deploying a full Red Hat OpenStack Platform environment or installing any single OpenStack component.

2.2.1. Install the MariaDB Database Packages

The following packages are required by the MariaDB database service:
mariadb-galera-server
Provides the MariaDB database service.
mariadb-galera-common
Provides the MariaDB service shared files. This package is installed as a dependency of the mariadb-galera-server package.
galera
Installs the Galera wsrep (Write Set REPlication) provider. This package is installed as a dependency of the mariadb-galera-server package.
Install the packages:
# yum install mariadb-galera-server

2.2.2. Configure the Firewall to Allow Database Traffic

All components in the OpenStack environment use the database server, and must be able to access it. The firewall on the server hosting the database service must be configured to allow network traffic on the required port. All steps in this procedure must be performed on the server hosting the database service, while logged in as the root user.

Procedure 2.3. Configuring the Firewall to Allow Database Traffic

  1. Open the /etc/sysconfig/iptables file in a text editor.
  2. Add an INPUT rule allowing TCP traffic on port 3306 to the file. The new rule must appear before any INPUT rules that REJECT traffic:
    -A INPUT -p tcp -m multiport --dports 3306 -j ACCEPT
  3. Save the changes to the /etc/sysconfig/iptables file.
  4. Restart the iptables service to ensure that the change takes effect:
    # systemctl restart iptables.service

2.2.3. Start the Database Service

All steps in this procedure must be performed on the server hosting the database service, while logged in as the root user.

Procedure 2.4. Starting the Database Service

  1. Start the mariadb service:
    # systemctl start mariadb.service
  2. Configure the mariadb service to start at boot time:
    # systemctl enable mariadb.service

2.2.4. Configure the Database Administrator Account

By default, MariaDB creates a database user account named root that provides access to the MariaDB service from the machine on which the MariaDB service was installed. You must set a password for this account to secure access to the server hosting the MariaDB service. You must also enable access to the MariaDB service from machines other than the machine on which the MariaDB server is installed. It is also recommended that you remove the anonymous user and test database that are created during installation.

Procedure 2.5. Configuring the Database Administrator Account

  1. Log in to the machine on which the MariaDB service is installed.
  2. Use the mysql_secure_installation to set the root password, allow remote root login, and remove the anonymous user account and test database:
    # mysql_secure_installation

Note

Change the password of a database user, if required. In the following example, replace OLDPASS with the existing password of the user and NEWPASS with a new password, leaving no space between -p and the old password:
# mysqladmin -u root -pOLDPASS password NEWPASS

2.2.5. Test Connectivity

To ensure that a database user account has been correctly configured, test the connectivity of that user account with the MariaDB database service from the machine on which the MariaDB service is installed (local connectivity), and from a machine other than the machine on which the MariaDB service is installed (remote connectivity).

2.2.5.1. Test Local Connectivity

Test whether you can connect to the server hosting the database service from the machine on which the MariaDB service is installed.

Procedure 2.6. Testing Local Connectivity

  1. Connect to the database service, replacing USER with the user name with which to connect:
    # mysql -u USER -p
  2. Enter the password of the database user when prompted.
    Enter password:
If the permissions for the database user are correctly configured, the connection succeeds and the MariaDB welcome screen and prompt are displayed. If the permissions for the database user are not correctly configured, an error message is displayed that explains that the database user is not allowed to connect to the database service.

2.2.5.2. Test Remote Connectivity

Test whether you can connect to the database service from a machine other than the machine on which the MariaDB service is installed.

Procedure 2.7. Testing Remote Connectivity

  1. Install the MySQL client tools:
    # yum install mysql
  2. Connect to the database service, replacing USER with the database user name and HOST with the IP address or host name of the server hosting the database service:
    # mysql -u USER -h HOST -p
  3. Enter the password of the database user when prompted:
    Enter password:
If the permissions for the database user are correctly configured, the connection succeeds and the MariaDB welcome screen and prompt are displayed. If the permissions for the database user are not correctly configured, an error message is displayed that explains that the database user is not allowed to connect to the database service.