安装其它组件
组件列表
下表中安装节点字段的表示如下:
- M
管理节点
- L
登录节点
- C
计算节点
软件名 |
组件名称 |
版本 |
服务名 |
安装节点 |
备注 |
---|---|---|---|---|---|
rabbitmq |
rabbitmq-server |
3.6.15 |
rabbitmq-server |
M |
|
rabbitmq-server |
3.5.8 |
rabbitmq-server |
M |
||
postgresql |
postgresql-server |
9.2.23 |
postgresql |
M |
|
postgresql-server |
9.6.0 |
postgresql |
M |
||
influxdb |
influxdb |
1.4.2 |
influxdb |
M |
|
confluent |
confluent |
1.8.1 |
confluent |
M |
|
openldap |
slapd-ssl-config |
1.0.0 |
slapd |
M |
|
nss-pam-ldapd |
0.8.13 |
nslcd |
M,C,L |
||
libuser |
0.60 |
M |
|||
libuser-python |
0.60 |
M |
|||
gmond |
gmond-ohpc-gpu-module |
1.0.0 |
C |
仅GPU节点 需要安装 |
安裝rabbitmq
Note
LiCO 使用 rabbitmq 作为消息中间件
安装
$ sudo yum install -y rabbitmq-server
$ sudo zypper install rabbitmq-server
启动
$ sudo systemctl start rabbitmq-server $ sudo systemctl enable rabbitmq-server
检查服务
$ sudo systemctl status rabbitmq-server
安裝postgresql
Note
LiCO 使用 postgresql 作为存储业务数据的关系型数据库
安装
$ sudo yum install -y postgresql-server
$ sudo zypper install postgresql-server
初始化
Note
密码部分需要根据您的实际环境相应调整
$ su - postgres $ echo '<PG_PASSWORD>' > /var/tmp/pwfile $ initdb -U postgres --pwfile /tmp/pwfile /var/lib/pgsql/data $ rm /var/tmp/pwfile $ exit
启动
$ sudo systemctl start postgresql $ sudo systemctl enable postgresql
创建 LiCO 数据库
$ export PGPASSWORD=<PG_PASSWORD> # Note modification to your password $ psql -U postgres -c 'CREATE DATABASE lico;'
检查服务
$ sudo systemctl status postgresql
安装influxdb
Note
LiCO 使用 influxdb 作为存储监控等数据的时序型数据库
安装
$ sudo yum install -y influxdb
$ sudo zypper install influxdb
启动
$ sudo systemctl start influxdb $ sudo systemctl enable influxdb
检查服务
$ sudo systemctl status influxdb
创建用户
$ influx
-- create database > create database lico -- use database > use lico --To create an administrator user, please note that the password must be a string, otherwise the error is reported. > create user <INFLUX_USERNAME> with password '<INFLUX_PASSWORD>' with all privileges > exit
$ sed -i '/auth-enabled = false/a\ auth-enabled = true' /etc/influxdb/config.toml # restart influxDB $ sudo systemctl restart influxdb
Note
若需要手动创建 Influxdb 数据库,请参考 如何手动创建Influxdb数据库
安装confluent
Confluent 是专为联想服务器打造的节点管理软件, LiCO 使用 Confluent 完成对硬件的控制和对硬件状态的监控。
安装
$ sudo yum install -y python2-crypto $ sudo yum install -y confluent
$ sudo zypper install --force-resolution confluent
Note
若需要在页面使用 web console 功能 参考 如何配置confluent
启动
$ sudo systemctl start confluent $ sudo systemctl enable confluent
添加 confluent 账户
$ sudo confetty create /users/<CONFLUENT_USERNAME> password=<CONFLUENT_PASSWORD>
配置用户认证
安装openldap-server
Note
openldap 是轻型目录访问协议的一个开源实现, LiCO 推荐使用 openldap 来管理用户, 但也支持其他兼容 linux-pam 的认证服务。如果集群已经配置 openldap 或使用其他的认证服务,请跳过此步骤。
安装
$ sudo yum install -y slapd-ssl-config $ sudo slapadd -v -l /usr/share/openldap-servers/lico.ldif -f /etc/openldap/slapd.conf -b ${lico_ldap_domain_name} $ sudo chown -R ldap:ldap /var/lib/ldap $ sudo chown ldap:ldap /etc/openldap/slapd.conf
$ sudo zypper install slapd-ssl-config $ sudo install -g ldap -o ldap /etc/openldap/slapd.conf.lico /etc/openldap/slapd.conf $ sudo slapadd -v -l /usr/share/openldap-servers/lico.ldif -f /etc/openldap/slapd.conf -b ${lico_ldap_domain_name} $ sudo chown -R ldap:ldap /var/lib/ldap
设置密码
# set password # Get the key using the following command and enter <LDAP_PASSWORD> when prompted. $ sudo slappasswd # Edit the file /etc/openldap/slapd.conf to cover the contents of the rootpw with the key obtained. rootpw <ENCTYPT_PASSWORD>
配置
vi /etc/sysconfig/slapd # Add SLAPD_URLS = "ldapi:/// ldap:/// ldaps:///" SLAPD_OPTIONS = "-f /etc/openldap/slapd.conf"
vi /etc/sysconfig/openldap # Modify OPENLDAP_START_LDAPS = "yes" OPENLDAP_CONFIG_BACKEND = "files"
启动
$ sudo systemctl start slapd $ sudo systemctl enable slapd
检查服务
$ sudo systemctl status slapd
安装libuser
Note
libuser 模块是一个有用的 openldap 工具包。此模块的安装是可选的,但对于本文档, 某些命令(如 luseradd)由 libuser 实现。
安装
$ sudo yum install -y libuser libuser-python
$ sudo zypper install libuser libuser-python
配置
[import] login_defs = /etc/login.defs default_useradd = /etc/default/useradd [defaults] crypt_style = sha512 modules = ldap create_modules = ldap [userdefaults] LU_USERNAME = %n LU_GIDNUMBER = %u LU_GECOS = %n # Pay attention to modify this LU_HOMEDIRECTORY = /home/%n LU_SHADOWNAME = %n LU_SHADOWMIN = 0 LU_SHADOWMAX = 99999 [groupdefaults] LU_GROUPNAME = %n [files] [shadow] [ldap] # modify <LDAP_ADDRESS> to management node IP server = ldap://<LDAP_ADDRESS> # make sure <DOMAIN> should be the same with ${lico_ldap_domain_name} defined in lico_env.local basedn = <DOMAIN> userBranch = ou=People groupBranch = ou=Group binddn = uid=admin,<DOMAIN> password = <PASSWORD> bindtype = simple [sasl]
安装openldap-client
$ sudo echo "TLS_REQCERT never" >> /etc/openldap/ldap.conf $ sudo xdcp all /etc/openldap/ldap.conf /etc/openldap/ldap.conf
安装nss-pam-ldapd
Note
nss-pam-ldapd 是一个名字服务交换模块和插入式验证模块, LiCO 使用 nss-pam-ldapd 进行用户认证
-
# Management node $ sudo yum install -y nss-pam-ldapd authconfig # Other node $ sudo psh all yum install -y nss-pam-ldapd authconfig
# Management node $ sudo authconfig --useshadow --usemd5 \ --enablemkhomedir --disablecache --enablelocauthorize \ --disablesssd --disablesssdauth --enableforcelegacy \ --enableldap --enableldapauth --disableldaptls \ --ldapbasedn="${lico_ldap_domain_name}" \ --ldapserver="ldap://${sms_name}" \ --updateall $ sudo echo "rootpwmoddn uid=admin,${lico_ldap_domain_name}" >> /etc/nslcd.conf # Startup nslcd $ sudo systemctl enable nslcd $ sudo systemctl start nslcd # Other node $ sudo psh all authconfig --useshadow --usemd5 \ --enablemkhomedir --disablecache --enablelocauthorize \ --disablesssd --disablesssdauth --enableforcelegacy \ --enableldap --enableldapauth --disableldaptls \ --ldapbasedn="${lico_ldap_domain_name}" \ --ldapserver="ldap://${sms_name}" \ --updateall $ sudo psh all echo "\""rootpwmoddn uid=admin,${lico_ldap_domain_name}"\"" \>\> /etc/nslcd.conf # Startup nslcd $ sudo psh all systemctl enable nslcd $ sudo psh all systemctl start nslcd
-
# Management node $ sudo zypper install yast2-auth-client # Other node $ sudo psh all zypper install -y --force-resolution yast2-auth-client
运行命令 yast, 按照下图顺序配置认证
# Management node $ sudo sudo zypper install --force-resolution nss-pam-ldapd # Other node $ sudo psh all zypper install -y --force-resolution nss-pam-ldapd
# modify <LDAP_ADDRESS> to management node IP uri ldap://<LDAP_ADDRESS> # make sure <DOMAIN> should be the same with ${lico_ldap_domain_name} defined in lico_env.local base <DOMAIN> rootpwmoddn uid=admin,<DOMAIN>
$ sudo xdcp all /etc/nslcd.conf /etc/nslcd.conf $ sudo xdcp all /etc/nsswitch.conf /etc/nsswitch.conf $ sudo xdcp all /etc/krb5.conf /etc/krb5.conf $ sudo xdcp all /etc/pam.d/common-session-pc /etc/pam.d/common-session-pc $ sudo xdcp all /etc/pam.d/common-password-pc /etc/pam.d/common-password-pc $ sudo xdcp all /etc/pam.d/common-auth-pc /etc/pam.d/common-auth-pc $ sudo xdcp all /etc/pam.d/common-account-pc /etc/pam.d/common-account-pc
# Management node $ sudo systemctl restart nslcd $ sudo systemctl enable nslcd # Other node $ sudo psh all systemctl stop nscd $ sudo psh all systemctl disable nscd $ sudo psh all systemctl enable nslcd $ sudo psh all systemctl start nslcd
安装Gmond GPU插件
Note
该插件仅需安装在所有 GPU 节点上
安装
$ sudo psh compute yum install -y gmond-ohpc-gpu-module $ sudo psh compute "ls /etc/ganglia/conf.d/*.pyconf | grep -v nvidia | xargs rm"
$ sudo psh compute zypper install -y --force-resolution gmond-ohpc-gpu-module $ sudo psh compute "ls /etc/ganglia/conf.d/*.pyconf | grep -v nvidia | xargs rm"
启动
$ sudo psh compute systemctl restart gmond