openstack/blazar
Code Issues Proposed changes
blazar/doc/source/userdoc/installation.guide.rst
Pierre Riteau 3de6f73e92 Fix physical host reservation for non-admin users 
Originally, Blazar was using its service user to manage objects for
physical host reservation, e.g. host aggregates, which by default
requires admin rights. Commit 16d5f67ba7020701edbbf09a747f5683b0840c21
started using a dedicated account configured with values
climate_username, climate_password, and climate_tenant_name. Commit
c9b7307cf3c97d3b48878aca6eda5b7fbc4dcfa7 removed this dedicated account
and started using trusts instead, so that operations were performed on
behalf of the user creating the lease (with the trustee being the blazar
service user).

While this works well if users creating leases are admins, non-admin
users will get errors because the default Nova policy prevents them from
running required operations associated with aggregates and hypervisors.

Since it is not clear why a dedicated account for admin operations was
required, this patch brings back the approach used before commit
16d5f67ba7020701edbbf09a747f5683b0840c21, which was to use the service
account for admin operations. This allows non-admin users to create
Blazar leases.

The nova client setup is updated to authenticate against Keystone v3.

Change-Id: Iad86bb549aec13edd662965d2f91b68c856ae06c
Closes-Bug: #1663204
2017-06-02 16:00:54 +09:00

4.9 KiB
Raw Blame History

Installation using DevStack

This section includes instructions for Blazar installation using DevStack.

  1. Download DevStack:
git clone https://git.openstack.org/openstack-dev/devstack.git
  1. Create a local.conf file in the devstack directory. You can use the following sample local.conf:
[[local|localrc]]
ADMIN_PASSWORD=password
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
DEST=/opt/stack/
LOGFILE=$DEST/logs/stack.sh.log
HOST_IP=127.0.0.1
GIT_BASE=https://git.openstack.org/
RECLONE=yes
enable_plugin blazar https://git.openstack.org/openstack/blazar
  1. Run DevStack as the stack user:
./stack.sh
  1. Source the admin credentials:
. openrc admin admin
  1. Now you can add hosts to Blazar:
blazar host-create hostname

Installation without DevStack

This section includes instructions for Blazar installation.

Download all Blazar related repos:

git clone https://git.openstack.org/openstack/blazar
git clone https://git.openstack.org/openstack/blazar-nova
git clone https://git.openstack.org/openstack/python-blazarclient

Install all these projects to your working environment via:

python setup.py install

or

python setup.py develop

Next you need to create a Blazar policy file:

cp /path/to/blazar/etc/policy.json /etc/blazar/

Next you need to configure Blazar and Nova. First, generate a blazar.conf sample:

cd /path/to/blazar
tox -e genconfig
mv etc/blazar/blazar.conf.sample /etc/blazar/blazar.conf

Then edit /etc/blazar/blazar.conf using the following example:

[DEFAULT]
host=<blazar_host>
port=<blazar_port>
os_auth_host=<auth_host>
os_auth_port=<auth_port>
os_auth_protocol=<http, for example>
os_auth_version=v3
os_admin_username=<username>
os_admin_password=<password>
os_admin_project_name=<project_name>
identity_service=<identity_service_name>

[manager]
plugins=physical.host.plugin

[keystone_authtoken]
auth_type=<password, for example>
project_domain_name=<project_domain_name>
project_name=<project_name>
user_domain_name=<user_domain_name>
username=<username>
password=<password>
auth_url=<identity_service_url>

[physical:host]
aggregate_freepool_name=freepool
project_id_key=blazar:project
blazar_owner=blazar:owner
blazar_az_prefix=blazar:

os_admin_* flags refer to the Blazar service user. If you do not have this user, create it:

openstack user create --password <password> --project <project_name> --email <email-address> <username>
openstack role add --project <project_name> --user <username> <admin_role>

Next you need to configure Nova. If you want to use physical reservations, please add the following lines to nova.conf file:

scheduler_available_filters = nova.scheduler.filters.all_filters
scheduler_available_filters = blazarnova.scheduler.filters.blazar_filter.BlazarFilter
scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,BlazarFilter

Restart nova-scheduler to use the new configuration file.

Next you need to create a Nova aggregate to use as a free pool for host reservation:

openstack aggregate create freepool

And we need to create the reservation service in Keystone with its endpoints:

openstack service create --name blazar --description “OpenStack Reservation Service” reservation
openstack endpoint create --region <region> blazar public "<auth_protocol>://<blazar_host>:<blazar_port>/v1"
openstack endpoint create --region <region> blazar public "<auth_protocol>://<blazar_host>:<blazar_port>/v1"
openstack endpoint create --region <region> blazar public "<auth_protocol>://<blazar_host>:<blazar_port>/v1"

And, finally, we need to create a database for Blazar:

mysql -u<user> -p<password> -h<host> -e "DROP DATABASE IF EXISTS blazar;"
mysql -u<user> -p<password> -h<host> -e "CREATE DATABASE blazar CHARACTER SET utf8;"

Then edit the database section of /etc/blazar/blazar.conf:

[database]
connection=mysql+pymysql://<user>:<password>@<host>/blazar?charset=utf8

To start Blazar services use:

blazar-api --config-file /etc/blazar/blazar.conf
blazar-manager --config-file /etc/blazar/blazar.conf

Now you can use python-blazarclient to communicate with Blazar.