2.2. Install the Database Server
Each OpenStack component requires a running MariaDB database service. You must deploy the database service before deploying a full Red Hat Enterprise Linux OpenStack Platform environment or installing any single OpenStack component.
2.2.1. Install the MariaDB Database Packages
The following packages are required by the MariaDB database service:
- mariadb-galera-server
- Provides the MariaDB database service.
- mariadb-galera-common
- Provides the MariaDB service shared files. This package is installed as a dependency of the mariadb-galera-server package.
- galera
- Installs the Galera wsrep (Write Set REPlication) provider. This package is installed as a dependency of the mariadb-galera-server package.
Install the packages:
#
yum install mariadb-galera-server
2.2.2. Configure the Firewall to Allow Database Traffic
All components in the OpenStack environment use the database server, and must be able to access it. The firewall on the server hosting the database service must be configured to allow network traffic on the required port. All steps in this procedure must be performed on the server hosting the database service, while logged in as the
root
user.
Procedure 2.3. Configuring the Firewall to Allow Database Traffic
- Open the
/etc/sysconfig/iptables
file in a text editor. - Add an INPUT rule allowing TCP traffic on port
3306
to the file. The new rule must appear before any INPUT rules that REJECT traffic:-A INPUT -p tcp -m multiport --dports 3306 -j ACCEPT
- Save the changes to the
/etc/sysconfig/iptables
file. - Restart the
iptables
service to ensure that the change takes effect:#
systemctl restart iptables.service
2.2.3. Start the Database Service
All steps in this procedure must be performed on the server hosting the database service, while logged in as the
root
user.
Procedure 2.4. Starting the Database Service
- Start the
mariadb
service:#
systemctl start mariadb.service
- Configure the
mariadb
service to start at boot time:#
systemctl enable mariadb.service
2.2.4. Configure the Database Administrator Account
By default, MariaDB creates a database user account named
root
that provides access to the MariaDB service from the machine on which the MariaDB service was installed. You must set a password for this account to secure access to the server hosting the MariaDB service. You must also enable access to the MariaDB service from machines other than the machine on which the MariaDB server is installed. It is also recommended that you remove the anonymous user and test database that are created during installation.
Procedure 2.5. Configuring the Database Administrator Account
- Log in to the machine on which the MariaDB service is installed.
- Use the
mysql_secure_installation
to set theroot
password, allow remote root login, and remove the anonymous user account and test database:#
mysql_secure_installation
Note
Change the password of a database user, if required. In the following example, replace OLDPASS with the existing password of the user and NEWPASS with a new password, leaving no space between
-p
and the old password:
#
mysqladmin -u root -pOLDPASS password NEWPASS
2.2.5. Test Connectivity
To ensure that a database user account has been correctly configured, test the connectivity of that user account with the MariaDB database service from the machine on which the MariaDB service is installed (local connectivity), and from a machine other than the machine on which the MariaDB service is installed (remote connectivity).
2.2.5.1. Test Local Connectivity
Test whether you can connect to the server hosting the database service from the machine on which the MariaDB service is installed.
Procedure 2.6. Testing Local Connectivity
- Connect to the database service, replacing
USER
with the user name with which to connect:#
mysql -u USER -p
- Enter the password of the database user when prompted.
Enter password:
If the permissions for the database user are correctly configured, the connection succeeds and the MariaDB welcome screen and prompt are displayed. If the permissions for the database user are not correctly configured, an error message is displayed that explains that the database user is not allowed to connect to the database service.
2.2.5.2. Test Remote Connectivity
Test whether you can connect to the database service from a machine other than the machine on which the MariaDB service is installed.
Procedure 2.7. Testing Remote Connectivity
- Install the MySQL client tools:
#
yum install mysql
- Connect to the database service, replacing USER with the database user name and HOST with the IP address or host name of the server hosting the database service:
#
mysql -u USER -h HOST -p
- Enter the password of the database user when prompted:
Enter password:
If the permissions for the database user are correctly configured, the connection succeeds and the MariaDB welcome screen and prompt are displayed. If the permissions for the database user are not correctly configured, an error message is displayed that explains that the database user is not allowed to connect to the database service.