安装其它组件

组件列表

下表中安装节点字段的表示如下:

M

管理节点

L

登录节点

C

计算节点

软件名

组件名称

版本

服务名

安装节点

备注

rabbitmq

rabbitmq-server

3.6.15

rabbitmq-server

M

el7

rabbitmq-server

3.5.8

rabbitmq-server

M

sle12

postgresql

postgresql-server

9.2.23

postgresql

M

el7

postgresql-server

9.6.0

postgresql

M

sle12

influxdb

influxdb

1.4.2

influxdb

M

confluent

confluent

1.8.1

confluent

M

openldap

slapd-ssl-config

1.0.0

slapd

M

nss-pam-ldapd

0.8.13

nslcd

M,C,L

libuser

0.60

M

libuser-python

0.60

M

gmond

gmond-ohpc-gpu-module

1.0.0

C

仅GPU节点 需要安装

安裝rabbitmq

Note

LiCO 使用 rabbitmq 作为消息中间件

  • 安装

    $ sudo yum install -y rabbitmq-server
    
    $ sudo zypper install rabbitmq-server
    
  • 启动

    $ sudo systemctl start rabbitmq-server
    $ sudo systemctl enable rabbitmq-server
    
  • 检查服务

    $ sudo systemctl status rabbitmq-server
    

安裝postgresql

Note

LiCO 使用 postgresql 作为存储业务数据的关系型数据库

  • 安装

    $ sudo yum install -y postgresql-server
    
    $ sudo zypper install postgresql-server
    
  • 初始化

    Note

    密码部分需要根据您的实际环境相应调整

    $ su - postgres
    $ echo '<PG_PASSWORD>' > /var/tmp/pwfile
    $ initdb -U postgres --pwfile /tmp/pwfile /var/lib/pgsql/data
    $ rm /var/tmp/pwfile
    $ exit
    
  • 启动

    $ sudo systemctl start postgresql
    $ sudo systemctl enable postgresql
    
  • 创建 LiCO 数据库

    $ export PGPASSWORD=<PG_PASSWORD>
    # Note modification to your password
    $ psql -U postgres -c 'CREATE DATABASE lico;'
    
  • 检查服务

    $ sudo systemctl status postgresql
    

安装influxdb

Note

LiCO 使用 influxdb 作为存储监控等数据的时序型数据库

  • 安装

    $ sudo yum install -y influxdb
    
    $ sudo zypper install influxdb
    
  • 启动

    $ sudo systemctl start influxdb
    $ sudo systemctl enable influxdb
    
  • 检查服务

    $ sudo systemctl status influxdb
    
  • 创建用户

    进入influxDB shell
    $ influx
    
    创建用户
    -- create database
    > create database lico
    -- use database
    > use lico
    --To create an administrator user, please note that the password must be a string, otherwise the error is reported.
    > create user <INFLUX_USERNAME> with password '<INFLUX_PASSWORD>' with all privileges
    > exit
    
    配置
    $ sed -i '/auth-enabled = false/a\  auth-enabled = true' /etc/influxdb/config.toml
    
    # restart influxDB
    $ sudo systemctl restart influxdb
    

Note

若需要手动创建 Influxdb 数据库,请参考 如何手动创建Influxdb数据库

安装confluent

Confluent 是专为联想服务器打造的节点管理软件, LiCO 使用 Confluent 完成对硬件的控制和对硬件状态的监控。

  • 安装

    $ sudo yum install -y python2-crypto
    $ sudo yum install -y confluent
    
    $ sudo zypper install --force-resolution confluent
    

    Note

    若需要在页面使用 web console 功能 参考 如何配置confluent

  • 启动

    $ sudo systemctl start confluent
    $ sudo systemctl enable confluent
    
  • 添加 confluent 账户

    $ sudo confetty create /users/<CONFLUENT_USERNAME> password=<CONFLUENT_PASSWORD>
    

配置用户认证

安装openldap-server

Note

openldap 是轻型目录访问协议的一个开源实现, LiCO 推荐使用 openldap 来管理用户, 但也支持其他兼容 linux-pam 的认证服务。如果集群已经配置 openldap 或使用其他的认证服务,请跳过此步骤。

  • 安装

    $ sudo yum install -y slapd-ssl-config
    $ sudo slapadd -v -l /usr/share/openldap-servers/lico.ldif -f /etc/openldap/slapd.conf -b ${lico_ldap_domain_name}
    $ sudo chown -R ldap:ldap /var/lib/ldap
    $ sudo chown ldap:ldap /etc/openldap/slapd.conf
    
    $ sudo zypper install slapd-ssl-config
    $ sudo install -g ldap -o ldap /etc/openldap/slapd.conf.lico /etc/openldap/slapd.conf
    $ sudo slapadd -v -l /usr/share/openldap-servers/lico.ldif -f /etc/openldap/slapd.conf -b ${lico_ldap_domain_name}
    $ sudo chown -R ldap:ldap /var/lib/ldap
    
  • 设置密码

    # set password
    # Get the key using the following command and enter <LDAP_PASSWORD> when prompted.
    $ sudo slappasswd
    
    # Edit the file /etc/openldap/slapd.conf to cover the contents of the rootpw with the key obtained.
    rootpw <ENCTYPT_PASSWORD>
    
  • 配置

    vi /etc/sysconfig/slapd
    
    # Add
    SLAPD_URLS = "ldapi:/// ldap:/// ldaps:///"
    SLAPD_OPTIONS = "-f /etc/openldap/slapd.conf"
    
    vi /etc/sysconfig/openldap
    
    # Modify
    OPENLDAP_START_LDAPS = "yes"
    OPENLDAP_CONFIG_BACKEND = "files"
    
  • 启动

    $ sudo systemctl start slapd
    $ sudo systemctl enable slapd
    
  • 检查服务

    $ sudo systemctl status slapd
    

安装libuser

Note

libuser 模块是一个有用的 openldap 工具包。此模块的安装是可选的,但对于本文档, 某些命令(如 luseradd)由 libuser 实现。

  • 安装

    $ sudo yum install -y libuser libuser-python
    
    $ sudo zypper install libuser libuser-python
    
  • 配置

    编辑文件 /etc/libuser.conf
    [import]
    login_defs = /etc/login.defs
    default_useradd = /etc/default/useradd
    
    [defaults]
    crypt_style = sha512
    modules = ldap
    create_modules = ldap
    
    [userdefaults]
    LU_USERNAME = %n
    LU_GIDNUMBER = %u
    LU_GECOS = %n
    # Pay attention to modify this
    LU_HOMEDIRECTORY = /home/%n
    LU_SHADOWNAME = %n
    LU_SHADOWMIN = 0
    LU_SHADOWMAX = 99999
    
    [groupdefaults]
    LU_GROUPNAME = %n
    
    [files]
    
    [shadow]
    
    [ldap]
    # modify <LDAP_ADDRESS> to management node IP
    server = ldap://<LDAP_ADDRESS>
    # make sure <DOMAIN> should be the same with ${lico_ldap_domain_name} defined in lico_env.local
    basedn = <DOMAIN>
    userBranch = ou=People
    groupBranch = ou=Group
    binddn = uid=admin,<DOMAIN>
    password = <PASSWORD>
    bindtype = simple
    
    [sasl]
    

安装openldap-client

配置 openldap 客户端,运行如下命令
$ sudo echo "TLS_REQCERT never" >> /etc/openldap/ldap.conf

$ sudo xdcp all /etc/openldap/ldap.conf /etc/openldap/ldap.conf

安装nss-pam-ldapd

Note

nss-pam-ldapd 是一个名字服务交换模块和插入式验证模块, LiCO 使用 nss-pam-ldapd 进行用户认证

  • el7

    安装
    # Management node
    $ sudo yum install -y nss-pam-ldapd authconfig
    
    # Other node
    $ sudo psh all yum install -y nss-pam-ldapd authconfig
    
    配置系统认证
    # Management node
    $ sudo authconfig --useshadow --usemd5 \
    --enablemkhomedir --disablecache --enablelocauthorize \
    --disablesssd --disablesssdauth --enableforcelegacy \
    --enableldap --enableldapauth --disableldaptls \
    --ldapbasedn="${lico_ldap_domain_name}" \
    --ldapserver="ldap://${sms_name}" \
    --updateall
    
    $ sudo echo "rootpwmoddn uid=admin,${lico_ldap_domain_name}" >> /etc/nslcd.conf
    
    # Startup nslcd
    $ sudo systemctl enable nslcd
    $ sudo systemctl start nslcd
    
    
    # Other node
    $ sudo psh all authconfig --useshadow --usemd5 \
    --enablemkhomedir --disablecache --enablelocauthorize \
    --disablesssd --disablesssdauth --enableforcelegacy \
    --enableldap --enableldapauth --disableldaptls \
    --ldapbasedn="${lico_ldap_domain_name}" \
    --ldapserver="ldap://${sms_name}" \
    --updateall
    
    $ sudo psh all echo "\""rootpwmoddn uid=admin,${lico_ldap_domain_name}"\"" \>\> /etc/nslcd.conf
    
    # Startup nslcd
    $ sudo psh all systemctl enable nslcd
    $ sudo psh all systemctl start nslcd
    
  • sle12

    安装 yast 扩展
    # Management node
    $ sudo zypper install yast2-auth-client
    
    # Other node
    $ sudo psh all zypper install -y --force-resolution yast2-auth-client
    

    运行命令 yast, 按照下图顺序配置认证

    sles_nss_pam_1

    sles_nss_pam_2

    sles_nss_pam_3

    安装 nss-pam-ldapd
    # Management node
    $ sudo sudo zypper install --force-resolution nss-pam-ldapd
    
    # Other node
    $ sudo psh all zypper install -y --force-resolution nss-pam-ldapd
    
    配置 nslcd ,编辑文件 /etc/nslcd.conf
    # modify <LDAP_ADDRESS> to management node IP
    uri ldap://<LDAP_ADDRESS>
    # make sure <DOMAIN> should be the same with ${lico_ldap_domain_name} defined in lico_env.local
    base <DOMAIN>
    rootpwmoddn uid=admin,<DOMAIN>
    
    分发配置
    $ sudo xdcp all /etc/nslcd.conf /etc/nslcd.conf
    $ sudo xdcp all /etc/nsswitch.conf /etc/nsswitch.conf
    $ sudo xdcp all /etc/krb5.conf /etc/krb5.conf
    $ sudo xdcp all /etc/pam.d/common-session-pc /etc/pam.d/common-session-pc
    $ sudo xdcp all /etc/pam.d/common-password-pc /etc/pam.d/common-password-pc
    $ sudo xdcp all /etc/pam.d/common-auth-pc /etc/pam.d/common-auth-pc
    $ sudo xdcp all /etc/pam.d/common-account-pc /etc/pam.d/common-account-pc
    
    启动服务
    # Management node
    $ sudo systemctl restart nslcd
    $ sudo systemctl enable nslcd
    
    # Other node
    $ sudo psh all systemctl stop nscd
    $ sudo psh all systemctl disable nscd
    $ sudo psh all systemctl enable nslcd
    $ sudo psh all systemctl start nslcd
    

安装Gmond GPU插件

Note

该插件仅需安装在所有 GPU 节点上

  • 安装

    $ sudo psh compute yum install -y gmond-ohpc-gpu-module
    $ sudo psh compute "ls /etc/ganglia/conf.d/*.pyconf | grep -v nvidia | xargs rm"
    
    $ sudo psh compute zypper install -y --force-resolution gmond-ohpc-gpu-module
    $ sudo psh compute "ls /etc/ganglia/conf.d/*.pyconf | grep -v nvidia | xargs rm"
    
  • 启动

    $ sudo psh compute systemctl restart gmond