Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

11.2. Configure the Data Processing Service

To configure the Data Processing service (Sahara), you must complete the following tasks:
  • Configure the Data Processing service database connection.
  • Configure the Data Processing API service to authenticate with the Identity service.
  • Configure the firewall to allow service traffic for the Data Processing service (through port 8386).

11.2.1. Create the Data Processing Service Database

Create the database and database user used by the Data Processing API service. The database connection string used by the Data Processing service is defined in the /etc/sahara/sahara.conf file. It must be updated to point to a valid database server before starting the Data Processing API service (openstack-sahara-api).

Procedure 11.1. Creating and Configuring a Database for the Data Processing API Service

  1. Connect to the database service:
    # mysql -u root -p
  2. Create the sahara database:
    mysql> CREATE DATABASE sahara;
  3. Create a sahara database user and grant the user access to the sahara database:
    mysql> GRANT ALL ON sahara.* TO 'sahara'@'%' IDENTIFIED BY 'PASSWORD';
    mysql> GRANT ALL ON sahara.* TO 'sahara'@'localhost' IDENTIFIED BY 'PASSWORD';
    Replace PASSWORD with a secure password that will be used to authenticate with the database server as this user.
  4. Exit the mysql client:
    mysql> quit
  5. Set the value of the sql_connection configuration key:
    # openstack-config --set /etc/sahara/sahara.conf \
        database connection mysql://sahara:PASSWORD@IP/sahara
    Replace the following values:
    • Replace PASS with the password of the database user.
    • Replace IP with the IP address or host name of the server hosting the database service.
  6. Configure the schema of the sahara database:
    # sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head

Important

The IP address or host name specified in the connection configuration key must match the IP address or host name to which the Data Processing service database user was granted access when creating the Data Processing service database. Moreover, if the database is hosted locally and you granted permissions to 'localhost' when creating the Data Processing service database, you must enter 'localhost'.

11.2.2. Create the Data Processing Service Identity Records

Create and configure Identity service records required by the Data Processing service. These entries assist other OpenStack services attempting to locate and access the functionality provided by the Data Processing service.
This procedure assumes that you have already created an administrative user account and a services tenant. For more information, see:
Perform this procedure on the Identity service server, or on any machine onto which you have copied the keystonerc_admin file and on which the keystone command-line utility is installed.

Procedure 11.2. Creating Identity Records for the Data Processing Service

  1. Set up the shell to access keystone as the administrative user:
    # source ~/keystonerc_admin
  2. Create the sahara user:
    [(keystone_admin)]# keystone user-create --name sahara --pass PASSWORD
    Replace PASSWORD with a password that will be used by the Data Processing service when authenticating with the Identity service.
  3. Link the sahara user and the admin role together within the context of the services tenant:
    [(keystone_admin)]# keystone user-role-add --user sahara --role admin --tenant services
  4. Create the sahara service entry:
    [(keystone_admin)]# keystone service-create --name sahara \
    --type data-processing \
    --description "OpenStack Data Processing"
  5. Create the sahara endpoint entry:
    [(keystone_admin)]# keystone endpoint-create \
       --service sahara \
       --publicurl 'http://SAHARA_HOST:8386/v1.1/%(tenant_id)s' \
       --adminurl 'http://SAHARA_HOST:8386/v1.1/%(tenant_id)s' \
       --internalurl 'http://SAHARA_HOST:8386/v1.1/%(tenant_id)s' \
       --region 'RegionOne'
    Replace SAHARA_HOST with the IP address or fully qualified domain name of the server hosting the Data Processing service.

    Note

    By default, the endpoint is created in the default region, RegionOne. This is a case-sensitive value. To specify a different region when creating an endpoint, use the --region argument to provide it.
    See Section 3.6.1, “Service Regions” for more information.

11.2.3. Configure Data Processing Service Authentication

Configure the Data Processing API service (openstack-sahara-api) to use the Identity service for authentication. All steps in this procedure must be performed on the server hosting the Data Processing API service, while logged in as the root user.

Procedure 11.3. Configuring the Data Processing API Service to Authenticate through the Identity Service

  1. Set the Identity service host that the Data Processing API service must use:
    # openstack-config --set /etc/sahara/sahara.conf \
       keystone_authtoken auth_uri http://IP:5000/v2.0/
    # openstack-config --set /etc/sahara/sahara.conf \
       keystone_authtoken identity_uri http://IP:35357
    Replace IP with the IP address of the server hosting the Identity service.
  2. Set the Data Processing API service to authenticate as the correct tenant:
    # openstack-config --set /etc/sahara/sahara.conf \
       keystone_authtoken admin_tenant_name services
    Replace services with the name of the tenant created for the use of the Data Processing service. Examples in this guide use services.
  3. Set the Data Processing API service to authenticate using the sahara administrative user account:
    # openstack-config --set /etc/sahara/sahara.conf \
       keystone_authtoken admin_user sahara
  4. Set the Data Processing API service to use the correct sahara administrative user account password:
    # openstack-config --set /etc/sahara/sahara.conf \
       keystone_authtoken admin_password PASSWORD
    Replace PASSWORD with the password set when the sahara user was created.

11.2.4. Configure the Firewall to Allow OpenStack Data Processing Service Traffic

The Data Processing service receives connections on port 8386. The firewall on the service node must be configured to allow network traffic on this port. All steps in this procedure must be performed on the server hosting the Data Processing service, while logged in as the root user.

Procedure 11.4. Configuring the Firewall to Allow Data Processing Service Traffic

  1. Open the /etc/sysconfig/iptables file in a text editor.
  2. Add an INPUT rule allowing TCP traffic on port 8386. The new rule must appear before any INPUT rules that REJECT traffic:
    -A INPUT -p tcp -m multiport --dports 8386 -j ACCEPT
  3. Save the changes to the /etc/sysconfig/iptables file.
  4. Restart the iptables service to ensure that the change takes effect:
    # systemctl restart iptables.service