Hyper Open Edge Cloud

How to deploy SlapOS Master with SlapOS

A step by step guide to allocate SlapOS Master instances with SlapOS either through VIFIB Web user interface or through slapconsole command line interface.
  • Last Update:2020-05-04
  • Version:001
  • Language:en

Procedure to Install and Configure SlapOS Master

This guide will teach you how to get a SlapOS Master on your own machine.

Content:

  • Install and Deploy SlapOS Master through SlapOS
  • Install and configure Frontend
  • Configure SlapOS Master
  • Optional: Create frontend for "SlapOS" home page

Requirements:

  • A Configured SlapOS Client on your own machine
  • A configured SlapOS Node with at least 4GB of RAM and at least 20GB of disk (much more if possible), preferably on a dedicated machine

Install and Deploy SlapOS Master through SlapOS

Supply SlapOS Master Software Release

run the "slapos console" command to enter to enter SlapOS Console (click here to know how to configure slapos console) : type the following command. You should replace 'COMP-XXXX' by the identifier of your SlapOS Node:

 

software_url = 'https://lab.nexedi.com/nexedi/slapos/raw/master/software/slapos-master/software.cfg'
supply(
    software_url,
    'COMP-XXXX'
) 

Configure Certificate Authority path (Optional if you are deploying with Webrunner)

You need to configure the folder of the certificate authority that will be used by SlapOS services.

Warning: This configuration below can cause security vulnerability. To avoid security issues, please don't deploy another SlapOS service on this computer than your SlapOS Master. This issue will be fixed soon.

Note:

  • If you are deploying SlapOS Master with webrunner, you can just skip this part.
  • You need to access the computer where your instance of SlapOS master is deployed.
 

Instructions:

  • Create a folder to store the certificate files:

    mkdir -p /etc/slapos-ssl

  • It's really important to give access of certificate folder to the user and the group slapsoft:

    chmod 770 -R /etc/slapos-ssl
    chown -R slapsoft:slapsoft /etc/slapos-ssl

Request SlapOS Master Instance

  • Run the command "slapos console" to enter in the SlapOS console tool.
  • From the SlapOS console, type the following command. You should replace 'COMP-XXXX' by the identifier of your SlapOS Node:

     

    import json
    software_url = 'https://lab.nexedi.com/nexedi/slapos/raw/master/software/slapos-master/software.cfg'
    # Choose a SlapOS Node
    # If you are deploying SlapOS Master with Webrunner, then computer_id is 'slaprunner'
    computer_id = 'COMP-XXXX'
    
    parameter_dict = {
      "timezone": "UTC",
      "wsgi": false,
      "site-id": "erp5",
      "bt5": "erp5_full_text_mroonga_catalog slapos_configurator",
      "zope-partition-dict": {
        "activities-node": { # Not needed for webrunner dev instance
          "family": "activities",
          "thread-amount": 3,
          "instance-count": 1,
          "timerserver-interval": 1,
          "computer-guid": computer_id,
        },
    
        "distribution-node": { # Not needed for webrunner dev instance
          "family": "distribution",
          "thread-amount": 1,
          "instance-count": 1,
          "computer-guid": computer_id,
          "port-base": 2210,
          "timerserver-interval": 1,
        },
    
        "admin-node": {
          "family": "admin",
          "thread-amount": 1,
          "instance-count": 1,
          "port-base": 2220,
          "computer-guid": computer_id
        },
        
        "web-node": { # Not needed for webrunner dev instance
          "family": "web",
          "thread-amount": 2,
          "instance-count": 1,
          "computer-guid": computer_id,
          "port-base": 2230,
        },
    
        "service-slapos": {
          "family": "service",
          "thread-amount": 2,
          "instance-count": 1,
          "computer-guid": computer_id,
          "port-base": 2240,
          "ssl-authentication": True,
          "backend-path": "/%(site-id)s/portal_slap",
        },
      },
    
      "mariadb-computer-guid": computer_id,
      "mariadb": {
        "test-database-amount": 0
      },
    
      "zodb-software-type": "zeo",
      "zodb-computer-guid": computer_id
    }
    
    # If your are deploying SlapOS Master with Webrunner, don't set "certificate-authority-path" parameter
    ca_path = '/etc/slapos-ssl'
    parameter_dict["shared-certificate-authority-path"] =  ca_path
    
    # Choose a title
    title = "SlapOS Master on COMP-XXXX"
    
    request(software_url,
      title,
      filter_kw={'computer_guid': computer_id},
      software_type='default',
      partition_parameter_kw={
       '_': json.dumps(parameter_dict, sort_keys=True, indent=2),
      }
    )
    

XML for webrunner

In case of using webrunner such small XML can be used in Services --> Parameters --> Load XML:

<?xml version="1.0" encoding="utf-8"?>
<instance>
<parameter id="_">{
  "bt5": "erp5_full_text_mroonga_catalog slapos_configurator", 
  "site-id": "erp5", 
  "zodb-software-type": "zeo",

  "wsgi": false,
  "zope-partition-dict": {
    "service-slapos": {
      "backend-path": "/%(site-id)s/portal_slap", 
      "family": "service", 
      "thread-amount": 2, 
      "port-base": 2240, 
      "ssl-authentication": true, 
      "instance-count": 1
    }, 
    "admin-node": {
      "port-base": 2220, 
      "thread-amount": 1, 
      "instance-count": 1, 
      "family": "admin", 
      "timerserver-interval": 1
    }
  }, 
  "timezone": "UTC", 
  "mariadb": {
    "test-database-amount": 0
  }
}
</parameter>
</instance>

Fix Certificate Authority path (Only if you are not deploying in Webrunner)

Once your instance is correctly deployed, you will need to fix again the rights for the content of the folder /etc/slapos-ssl

Warning: This configuration below can cause security vulnerability. To avoid security issues, please don't deploy another SlapOS service on this computer than your SlapOS Master. This issue will be fixed soon.

cd /etc/slapos-ssl
chmod -R 770 cacert.pem crl requests certs crlnumber index.txt newcerts private serial
chown -R slapsoft:slapsoft cacert.pem crl requests certs crlnumber index.txt newcerts private serial

SlapOS Master url and others informations

  • Get credential informations from the main instance:
    1. "inituser-login" is the administrator login for the website and management frontend. By default, this value is "zope".
    2. "inituser-password" is the password for "inituser-login". This value is auto generated by default.
  • Get SlapOS Master service et website url from the instance called "balancer":

    Navigate to the instance called "balancer". According to our previous parameters list, you will have in the information list this two values.

    1. "service-v6": It's the url that should be used as master_url in all SlapOS Nodes configuration, generally in /etc/opt/slapos/slapos.cfg.
    2. "web-v6": we'll use that url to request a frontend (used to access the website).

Deploy Frontend

To access to the web interface of the SlapOS Master, you will need to setup a reverse proxy (a.k.a "Apache frontend") with slapos. By default, it will use infrastructure of slapos.org to act as a frontend. But you can use yours.

Request Slave Frontend Instance

To properly access your instance, you need to configure a frontend. It will be soon automatically done by the Master itself.

  • Run the command "slapos console" to enter in the SlapOS console tool.
  • From the SlapOS console: type the following command. You should replace 'COMP-XXXX' in the end by the identifier of your SlapOS Node:

     

    request(
      'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg',
      'Slave frontend for SlapOS Master on COMP-XXX',
      partition_parameter_kw={
        'url': 'REPLACE THIS BY YOUR BALANCER WEB-V6 URL',
        'type': 'zope',
        'path': 'erp5',
      },
      shared=True,
    )
          

     

    After a few minutes, you should be able to access and login to the erp5 home page. Remember to get default credentials from the main instance connection information (inituser-login and inituser-password).

Configure SlapOS Master

Restart instance

On your SlapOS node, restart your instances. It can be done by typing:

slapos node restart all

Access to erp5 website

From the "SlapOS Master Slave frontend" instance, connect to the service by cliking on the URL.
You can login by using the generated login and password.

Configurator

  • As soon "Configure Your Site" is Showed on menu (and make sure you don't have activities in portal_activities/ActivityTool_viewWatcher) simply click the wizard to install

    • Note: The configuration will take a lot of time.

  • When done, restart your SlapOS Master instance. On the SlapOS Node hosting the Master, you can do:

    slapos node restart all

  • You are done! You can access your SlapOS interface at /web_site_module/hosting.

Optional: Create frontend for "SlapOS" home page

Request Slave Frontend Instance

To avoid typing YOUR_URL/web_site_module/hosting to access to your SlapOS web interface, you can define another frontend instance.

  • From the SlapOS console (run the "slapos console $HOME/.slapos/slapos.cfg" command to enter in it): type the following command. You should replace 'COMP-XXXX' in the end by the identifier of your SlapOS Node:
    request(
      'http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg',
      'Slave frontend for SlapOS Master on COMP-XXX',
      partition_parameter_kw={
        'url': 'REPLACE THIS BY YOUR BALANCER WEB-V6 URL',
        'type': 'zope',
        'path': 'erp5/web_site_module/hosting',
      },
      shared=True,
    )
          

What next

Now you have a working SlapOS Master on your own infrastructure, you can configure the users. There are two ways to do this:

Recommended: configure/use external SMTP server

If you want to enable signup from the web UI, you will need an external SMTP server. You then need to configure, in /manage_main, in Mailhost, the informations about your SMTP server: SMTP host, SMTP port, username, password and TLS.

In the future, it will be included into the deployment of the Master itself.

Manual creation of users

If you want to manually manage your accounts, you will need to create them one by one (You can help yourself understanding the ERP5 concepts by reading http://www.osoe-project.org/lesson/osoe-Lecture.ERP.Configuration.Introduction/howto-Create.New.User/view)

  • Go to /person_module
  • Look for the "Member Template" person: just enter the name in the "Usual name" filter field. Then click to open it, then clone it by clicking on the clone button in the menu bar
  • Change name and email, then save
  • Go to the "assignments" tab, click on the only assignment. Set a start date (today) and stop date (when you want the user to be invalidated, can be 2050)
  • Start the assigment: in the menu, click "Actions..." then "Start assignment" then confirm
  • Go back to you Person document: in the breadcrumb, click on the name of your Person
  • Validate your user: In the menu, click "Action..." then "Validate", then confirm
  • Allow your user to login: In the menu, click "Action..." then "Create user", enter login, password, then confirm

You user is now able to login and use your SlapOS Master.