openstack/deb-murano
Code Issues Proposed changes

[Docs] Moves network configuration to admin-guide

Browse Source 
Changes:

- Restructures and moves Network configuration to the appropriate
  section of the Admin Guide.
- Removes Murano Installation Guide from the Miscellaneous section as
  it has already been rewritten and moved to the Admin Guide
  (see sections: Deploying Murano and Prepare a lab for Murano)
- No changes in the Policy configuration section.

Change-Id: I7d396375a312648ad2f05350b87079601b7c0878
Partial-Bug: #1603950
This commit is contained in:
Maria Zlatkova 2016-08-12 14:59:52 +03:00
parent 5475ac13ad
commit 603b1c0d4a
18 changed files with 224 additions and 1096 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
doc/source/draft/admin-guide/configuration.rst Normal file
View File

@ -0,0 +1,216 @@
.. _configuration:
.. toctree::
:maxdepth: 2
=============
Configuration
=============
Network configuration
~~~~~~~~~~~~~~~~~~~~~
Murano may work in various networking environments and is capable of detecting
the current network configuration and choosing appropriate settings
automatically. However, some additional actions are required to support
advanced scenarios.
Nova-network support
^^^^^^^^^^^^^^^^^^^^
Nova-network is the simplest networking solution, which has limited
capabilities but is available on any OpenStack deployment without the need to
deploy any additional components.
When a new murano environment is created, murano checks if a dedicated
networking service, for example, neutron, exists in the current OpenStack
deployment. It relies on the Identity service catalog for that. If such a
service is not present, murano automatically falls back to nova-network. No
further configuration is needed in this case, all the VMs spawned by Murano
will be joining the same network.
Neutron support
^^^^^^^^^^^^^^^
If neutron is installed, murano enables its advanced networking features that
give you the ability to avoid configuring networks for your application.
By default, it creates an isolated network for each environment and joins
all VMs needed by your application to that network. To install and configure
the application in a newly spawned virtual machine, murano also requires a
router to be connected to the external network.
Automatic neutron configuration
+++++++++++++++++++++++++++++++
To create the router automatically, provide the following parameters in the
configuration file:
.. code-block:: ini
[networking]
external_network = %EXTERNAL_NETWORK_NAME%
router_name = %MURANO_ROUTER_NAME%
create_router = true
To figure out the name of the external network, run
:command:`openstack network list --external`.
During the first deployment, the required networks and router with a specified
name will be created and set up.
Manual neutron configuration
++++++++++++++++++++++++++++
To configure neutron manually, follow the steps below.
#. Create a public network.
#. Log in to the OpenStack dashboard as an administrator.
#. Verify the existence of external networks. For this, navigate to
:menuselection:`Project > Network > Network Topology`.
#. Check the network type in network details. For this, navigate to
:menuselection:`Admin > Networks` and see the :guilabel:`Network name`
section.
Alternatively, run the :command:`openstack network list --external`
command using CLI.
#. Create a new external network as described in the `OpenStack documentation <http://docs.openstack.org/cli-reference/openstack.html#openstack-network-create>`_.
.. image:: figures/network-topology-1.png
:alt: Network Topology page
:width: 630 px
#. Create a local network.
#. Navigate to :menuselection:`Project > Network > Networks`.
#. Click :guilabel:`Create Network` and fill in the form.
#. Create a router.
#. Navigate to :menuselection:`Project > Network > Routers`.
#. Click :guilabel:`Create Router`.
#. In the :guilabel:`Router Name` field, enter *murano-default-router*.
If you specify a name other than *murano-default-router*, change the
following settings in the configuration file:
.. code-block:: ini
[networking]
router_name = %SPECIFIED_NAME%
create_router = false
#. Click :guilabel:`Create router`.
#. Click the newly created router name.
#. In the :guilabel:`Interfaces` tab, click :guilabel:`Add Interface`.
#. Specify the subnet and IP address.
.. image:: figures/add-interface.png
:alt: Add Interface dialog
:width: 630 px
#. Verify the result in
:menuselection:`Project > Network > Network Topology`.
.. image:: figures/network-topology-2.png
:alt: Network Topology page
:width: 630 px
Policy configuration
~~~~~~~~~~~~~~~~~~~~
Like each service in OpenStack, murano has its own role-based access policies
that determine who and how can access objects. These policies are defined
in the service's :file:`policy.json` file.
On each API call corresponding policy check is performed.
:file:`policy.json` file can be changed whiteout interrupting the API service.
For detailed information on :file:`policy.json` syntax, please refer to the
`OpenStack official documentation <http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html>`_
With this file you can set who may upload packages and perform other operations.
The :file:`policy.json` example is:
.. code-block:: json
{
// Rule declaration
"context_is_admin": "role:admin",
"admin_api": "is_admin:True",
"default": "",
// Package operations
"get_package": "rule:default",
"upload_package": "rule:default",
"modify_package": "rule:default",
"publicize_package": "rule:admin_api",
"manage_public_package": "rule:default",
"delete_package": "rule:default",
"download_package": "rule:default",
// Category operations
"get_category": "rule:default",
"delete_category": "rule:admin_api",
"add_category": "rule:admin_api",
// Deployment read operations
"list_deployments": "rule:default",
"statuses_deployments": "rule:default",
// Environment operations
"list_environments": "rule:default",
"list_environments_all_tenants": "rule:admin_api",
"show_environment": "rule:default",
"update_environment": "rule:default",
"create_environment": "rule:default",
"delete_environment": "rule:default",
// Environment template operations
"list_env_templates": "rule:default",
"create_env_template": "rule:default",
"show_env_template": "rule:default",
"update_env_template": "rule:default",
"delete_env_template": "rule:default",
// Control on executing actions on deployment environments
"execute_action": "rule:default"
}
So, changing ``"upload_package": "rule:default"`` to ``"rule:admin_api"``
will forbid regular users to upload packages.
For reference:
- ``"get_package"`` is checked whenever a user accesses a package
from the catalog. default: anyone
- ``"upload_package"`` is checked whenever a user uploads a package
to the catalog. default: anyone
- ``"modify_package"`` is checked whenever a user modifies a package
in the catalog. default: anyone
- ``"publicize_package"`` is checked whenever a user is trying to
make a murano package public (both when creating a new package or
modifying an existing one). default: admin users
- ``"manage_public_package"`` is checked whenever a user attempts to
modify parameters of a public package. default: admin users
- ``"delete_package"`` is checked whenever a user attempts to
delete a package from the catalog. default: anyone
- ``"download_package"`` is checked whenever a user attempts to
download a package from the catalog. default: anyone
- ``"list_environments_all_tenants"`` is checked whenever a request
to list environments of all tenants is made. default: admin users
- ``"execute_action"`` is checked whenever a user attempts to execute
an action on deployment environments. default: anyone
Uploading package wizard in murano dashboard consists of several steps.
Upload package API call requested from the first form and modify from
the second one. It provides modifying package parameters on time of
uploading. So, please modify both configuration together. Otherwise it
will not be possible to browse package details on the second step
of the wizard.

1
doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst
View File

@ -93,6 +93,7 @@ set ``ssl = True`` in the ``[rabbitmq]`` section of
[rabbitmq]
...
ssl = True
insecure = False
If you want to configure the murano agent differently, you need to change
the `default template <http://git.openstack.org/cgit/openstack/murano/tree/meta/io.murano/Resources/Agent-v1.template>`_ located in the murano core library.

0
doc/source/install/4_2.png → doc/source/draft/admin-guide/figures/add-interface.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 74 KiB

After

Width:  |  Height:  |  Size: 74 KiB

0
doc/source/install/1.png → doc/source/draft/admin-guide/figures/network-topology-1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 23 KiB

0
doc/source/install/5.png → doc/source/draft/admin-guide/figures/network-topology-2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 28 KiB

105
doc/source/draft/admin-guide/installation.rst
View File

@ -1,105 +0,0 @@
.. _installation:
.. toctree::
:maxdepth: 2
============
Installation
============
Network configuration
~~~~~~~~~~~~~~~~~~~~~
Policy configuration
~~~~~~~~~~~~~~~~~~~~
Like each service in OpenStack, murano has its own role-based access policies
that determine who and how can access objects. These policies are defined
in the service's :file:`policy.json` file.
On each API call corresponding policy check is performed.
:file:`policy.json` file can be changed whiteout interrupting the API service.
For detailed information on :file:`policy.json` syntax, please refer to the
`OpenStack official documentation <http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html>`_
With this file you can set who may upload packages and perform other operations.
The :file:`policy.json` example is:
.. code-block:: javascript
{
// Rule declaration
"context_is_admin": "role:admin",
"admin_api": "is_admin:True",
"default": "",
// Package operations
"get_package": "rule:default",
"upload_package": "rule:default",
"modify_package": "rule:default",
"publicize_package": "rule:admin_api",
"manage_public_package": "rule:default",
"delete_package": "rule:default",
"download_package": "rule:default",
// Category operations
"get_category": "rule:default",
"delete_category": "rule:admin_api",
"add_category": "rule:admin_api",
// Deployment read operations
"list_deployments": "rule:default",
"statuses_deployments": "rule:default",
// Environment operations
"list_environments": "rule:default",
"list_environments_all_tenants": "rule:admin_api",
"show_environment": "rule:default",
"update_environment": "rule:default",
"create_environment": "rule:default",
"delete_environment": "rule:default",
// Environment template operations
"list_env_templates": "rule:default",
"create_env_template": "rule:default",
"show_env_template": "rule:default",
"update_env_template": "rule:default",
"delete_env_template": "rule:default",
// Control on executing actions on deployment environments
"execute_action": "rule:default"
}
So, changing ``"upload_package": "rule:default"`` to ``"rule:admin_api"``
will forbid regular users to upload packages.
For reference:
- ``"get_package"`` is checked whenever a user accesses a package
from the catalog. default: anyone
- ``"upload_package"`` is checked whenever a user uploads a package
to the catalog. default: anyone
- ``"modify_package"`` is checked whenever a user modifies a package
in the catalog. default: anyone
- ``"publicize_package"`` is checked whenever a user is trying to
make a murano package public (both when creating a new package or
modifying an existing one). default: admin users
- ``"manage_public_package"`` is checked whenever a user attempts to
modify parameters of a public package. default: admin users
- ``"delete_package"`` is checked whenever a user attempts to
delete a package from the catalog. default: anyone
- ``"download_package"`` is checked whenever a user attempts to
download a package from the catalog. default: anyone
- ``"list_environments_all_tenants"`` is checked whenever a request
to list environments of all tenants is made. default: admin users
- ``"execute_action"`` is checked whenever a user attempts to execute
an action on deployment environments. default: anyone
Uploading package wizard in murano dashboard consists of several steps.
Upload package API call requested from the first form and modify from
the second one. It provides modifying package parameters on time of
uploading. So, please modify both configuration together. Otherwise it
will not be possible to browse package details on the second step
of the wizard.

12
doc/source/draft/admin-guide/prepare_lab.rst
View File

@ -14,7 +14,7 @@
under the License.
========================
Prepare A Lab For Murano
Prepare a lab for murano
========================
This section provides basic information about lab's system requirements.
It also contains a description of a test which you may use to check if
@ -27,7 +27,7 @@ compare the results with baseline data provided.
System prerequisites
~~~~~~~~~~~~~~~~~~~~
Supported Operating Systems
Supported operating systems
---------------------------
* Ubuntu Server 12.04 LTS
@ -89,7 +89,7 @@ Install all the requirements on CentOS by running::
.. _lab_requirements:
Lab Requirements
Lab requirements
----------------
+------------+--------------------------------+-----------------------+
@ -119,7 +119,7 @@ All of them were tested and were working well.
* 1x HDD (15000 rpm) 500+ GB
Test Your Lab Host Performance
Test your lab host performance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We have measured time required to boot 1 to 5 instances of Windows
@ -189,7 +189,7 @@ Steps to reproduce test:
sudo killall kvm
Baseline Data
Baseline data
~~~~~~~~~~~~~
The table below provides baseline data which we've got in our
@ -207,7 +207,7 @@ environment.
while ``Max. Time`` refers to minimal hardware configuration.
Host Optimizations
Host optimizations
~~~~~~~~~~~~~~~~~~
Default KVM installation could be improved to provide better

2
doc/source/draft/index.rst
View File

@ -37,7 +37,7 @@ Deploying Murano
admin-guide/deploy_murano
admin-guide/prepare_lab
admin-guide/installation
admin-guide/configuration
admin-guide/manage_packages
admin-guide/manage_images
admin-guide/manage_categories

7
doc/source/index.rst
View File

@ -118,13 +118,6 @@ Developing Applications
Miscellaneous
~~~~~~~~~~~~~
**Installation**
.. toctree::
:maxdepth: 1
install/index
**Background Concepts for Murano**
.. toctree::

BIN
doc/source/install/2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 37 KiB

BIN
doc/source/install/3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 38 KiB

BIN
doc/source/install/4_1.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 16 KiB

129
doc/source/install/configure_network.rst
View File

@ -1,129 +0,0 @@
..
Copyleft 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
..
Network Configuration
---------------------
Murano may work in various networking environments and is capable of
detecting the current network configuration and choosing appropriate
settings automatically. However, some additional actions are required to
support advanced scenarios.
Nova network support
^^^^^^^^^^^^^^^^^^^^
Nova Network is simplest networking solution, which has limited capabilities
but is available on any OpenStack deployment without the need to deploy any
additional components.
When a new Murano Environment is created, Murano checks if a dedicated
networking service (i.e. Neutron) exists in the current OpenStack deployment.
It relies on Keystone's service catalog for that.
If such a service is not present, Murano automatically falls back to Nova
Network. No further configuration is needed in this case, all the VMs spawned
by Murano will be joining the same Network.
Neutron support
^^^^^^^^^^^^^^^
If neutron is installed, murano enables its advanced networking features that
give you the ability to avoid configuring networks for your application.
By default it will create an isolated network for each environment and join
all VMs needed by your application to that network. To install and configure
the application in a newly spawned virtual machine, murano also requires
a router to be connected to the external network.
Automatic neutron network configuration
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To create the router automatically, provide the following parameters
in the config file:
.. code-block:: ini
[networking]
external_network = %EXTERNAL_NETWORK_NAME%
router_name = %MURANO_ROUTER_NAME%
create_router = true
..
To figure out the name of the external network, perform the following command:
.. code-block:: console
openstack network list --external
During the first deployment, the required networks and router with a specified name
will be created and set up.
Manual neutron network configuration
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Step 1. Create public network
* First, you need to check for existence of external networks. Login as admin and go to
*Project -> Network -> Network Topology*. And check network type in network details at *Admin -> Networks -> Network name* page.
The same action can be done via CLI by running `openstack network list --external`. To create new external network examine `OpenStack documentation <http://docs.openstack.org/cli-reference/openstack.html#openstack-network-create>`_.
.. image:: 1.png
:align: left
:scale: 70 %
* Step 2. Create local network
* Go to *Project -> Network -> Networks*.
* Click *Create Network* and fill the form.
.. image:: 2.png
.. image:: 3.png
* Step 3. Create router
* Go to *Project -> Network -> Routers*
* Click "Create Router"
* In the "Router Name" field, enter the *murano-default-router*
.. image:: 4_1.png
If you specify a name other than *murano-default-router*, it will be necessary
to change the following settings in the config file:
.. code-block:: ini
[networking]
router_name = %SPECIFIED_NAME%
create_router = false
* Click on the specified router name
* In the opened view click “Add interface”
* Specify the subnet and IP address
.. image:: 4_2.png
And check the result in `Network Topology` tab.
.. image:: 5.png

29
doc/source/install/development.rst
View File

@ -1,29 +0,0 @@
..
Copyright 2014 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
==============================================
Installing and Running the Development Version
==============================================
The `devstack`_ directory contains the files necessary to integrate
Murano with `Devstack`_.
.. include:: ../../../devstack/README.rst
.. _Devstack: http://docs.openstack.org/developer/devstack/
.. _contrib/devstack: https://git.openstack.org/cgit/openstack/murano/tree/contrib/devstack

31
doc/source/install/index.rst
View File

@ -1,31 +0,0 @@
..
Copyright 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
.. _install:
=========================
Murano Installation Guide
=========================
Content
=======
.. toctree::
:maxdepth: 2
prepare
development
manual
ssl

452
doc/source/install/manual.rst
View File

@ -1,452 +0,0 @@
..
Copyright 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
..
.. _installing_manually:
===============================
Installing and Running Manually
===============================
Prepare Environment
===================
Install Prerequisites
---------------------
First you need to install a number of packages with your OS package manager.
The list of packages depends on the OS you use.
Ubuntu
^^^^^^
.. code-block:: console
sudo apt-get install python-pip python-dev \
libmysqlclient-dev libpq-dev \
libxml2-dev libxslt1-dev \
libffi-dev
..
Fedora
^^^^^^
.. note::
Fedora support wasn't thoroughly tested. We do not guarantee that murano
will work on Fedora.
..
.. code-block:: console
sudo yum install gcc python-setuptools python-devel python-pip
..
CentOS
^^^^^^
.. code-block:: console
sudo yum install gcc python-setuptools python-devel
sudo easy_install pip
..
Install tox
-----------
.. code-block:: console
sudo pip install tox
..
Install And Configure Database
------------------------------
Murano can use various database types on the back end. For development purposes
SQLite is enough in most cases. For production installations you should use
MySQL or PostgreSQL databases.
.. warning::
Although murano could use a PostgreSQL database on the back end, it wasn't
thoroughly tested and should be used with caution.
..
To use a MySQL database you should install it and create an empty database first:
.. code-block:: console
apt-get install python-mysqldb mysql-server
..
.. code-block:: console
mysql -u root -p
mysql> CREATE DATABASE murano;
mysql> GRANT ALL PRIVILEGES ON murano.* TO 'murano'@'localhost' \
IDENTIFIED BY 'MURANO_DBPASS';
mysql> exit;
..
Install the API service and Engine
==================================
#. Create a folder which will hold all Murano components.
.. code-block:: console
mkdir ~/murano
..
#. Clone the murano git repository to the management server.
.. code-block:: console
cd ~/murano
git clone git://git.openstack.org/openstack/murano
..
#. Set up the murano config file
Murano has a common config file for API and Engine services.
First, generate a sample configuration file, using tox
.. code-block:: console
cd ~/murano/murano
tox -e genconfig
..
And make a copy of it for further modifications
.. code-block:: console
cd ~/murano/murano/etc/murano
ln -s murano.conf.sample murano.conf
..
#. Edit ``murano.conf`` with your favorite editor. Below is an example
which contains basic settings your are likely need to configure.
.. note::
The example below uses SQLite database. Edit **[database]** section
if you want to use other database type.
..
.. code-block:: ini
[DEFAULT]
debug = true
verbose = true
rabbit_host = %RABBITMQ_SERVER_IP%
rabbit_userid = %RABBITMQ_USER%
rabbit_password = %RABBITMQ_PASSWORD%
rabbit_virtual_host = %RABBITMQ_SERVER_VIRTUAL_HOST%
...
[oslo_messaging_notifications]
driver = messagingv2
...
[database]
backend = sqlalchemy
connection = sqlite:///murano.sqlite
...
[keystone]
auth_url = 'http://%OPENSTACK_HOST_IP%:5000/v2.0'
...
[keystone_authtoken]
auth_uri = 'http://%OPENSTACK_HOST_IP%:5000/v2.0'
auth_host = '%OPENSTACK_HOST_IP%'
auth_port = 5000
auth_protocol = http
admin_tenant_name = %OPENSTACK_ADMIN_TENANT%
admin_user = %OPENSTACK_ADMIN_USER%
admin_password = %OPENSTACK_ADMIN_PASSWORD%
...
[murano]
url = http://%YOUR_HOST_IP%:8082
[rabbitmq]
host = %RABBITMQ_SERVER_IP%
login = %RABBITMQ_USER%
password = %RABBITMQ_PASSWORD%
virtual_host = %RABBITMQ_SERVER_VIRTUAL_HOST%
[networking]
default_dns = 8.8.8.8 # In case openstack neutron has no default
# DNS configured
..
#. Create a virtual environment and install Murano prerequisites. We will use
*tox* for that. Virtual environment will be created under *.tox* directory.
.. code-block:: console
cd ~/murano/murano
tox
..
#. Create database tables for Murano.
.. code-block:: console
cd ~/murano/murano
tox -e venv -- murano-db-manage \
--config-file ./etc/murano/murano.conf upgrade
..
#. Launch the murano API in a separate terminal:
.. code-block:: console
cd ~/murano/murano
tox -e venv -- murano-api --config-file ./etc/murano/murano.conf
..
.. note::
Run the command in a new terminal as the process will be running in
the terminal until you terminate it, therefore, blocking the current
terminal.
#. Leaving the API process running, return to the previous console and
import murano core library:
.. code-block:: console
cd ~/murano/murano
pushd ./meta/io.murano
zip -r ../../io.murano.zip *
popd
tox -e venv -- murano --murano-url http://localhost:8082 \
package-import --is-public io.murano.zip
..
#. Launch the murano engine in a separate terminal:
.. code-block:: console
cd ~/murano/murano
tox -e venv -- murano-engine --config-file ./etc/murano/murano.conf
..
.. note::
Run the command in a new terminal as the process will be running in
the terminal until you terminate it, therefore, blocking the current
terminal.
Register in Keystone
--------------------
To make the murano API available to all OpenStack users, you need to register the
Application Catalog service within the Identity service.
#. Add ``application-catalog`` service:
.. code-block:: console
openstack service create --name murano --description "Application Catalog for OpenStack" application-catalog
#. Provide an endpoint for that service:
.. code-block:: console
openstack endpoint create --region RegionOne --publicurl http://<murano-ip>:8082 --internalurl http://<murano-ip>:8082 --adminurl http://<murano-ip>:8082 <MURANO-SERVICE-ID>
where ``MURANO-SERVICE-ID`` is the unique service number that you can find
in the :command:`openstack service create` output.
.. note:: URLs (publicurl, internalurl and adminurl) may be different
depending on your environment.
Install Murano Dashboard
========================
Murano API & Engine services provide the core of Murano. However, your need a
control plane to use it. This section describes how to install and run Murano
Dashboard.
#. Clone the repository with Murano Dashboard.
.. code-block:: console
cd ~/murano
git clone git://git.openstack.org/openstack/murano-dashboard
..
#. Clone horizon repository
.. code-block:: console
git clone git://git.openstack.org/openstack/horizon
..
#. Create venv and install muranodashboard as editable module.
.. code-block:: console
cd horizon
tox -e venv -- pip install -e ../murano-dashboard
..
#. Copy muranodashboard plugin file.
This step enables murano panel in horizon dashboard.
* For the OpenStack installations prior to the Newton release, run::
.. code-block:: console
cp ../murano-dashboard/muranodashboard/local/_50_murano.py openstack_dashboard/local/enabled/
..
* For the Newton (and later) OpenStack installations, run::
.. code-block:: console
cp ../murano-dashboard/muranodashboard/local/enabled/_50_murano.py openstack_dashboard/local/enabled/
..
#. Prepare horizon local settings.
To get more information, check out official
`horizon documentation <http://docs.openstack.org/developer/horizon/topics/settings.html#openstack-settings-partial>`_.
.. code-block:: console
cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py
#. Customize local settings according to OpenStack installation.
.. code-block:: python
...
ALLOWED_HOSTS = '*'
# Provide OpenStack Lab credentials
OPENSTACK_HOST = '%OPENSTACK_HOST_IP%'
...
# Set secret key to prevent it's generation
SECRET_KEY = 'random_string'
...
DEBUG_PROPAGATE_EXCEPTIONS = DEBUG
..
* For the OpenStack installations prior to the Newton release:
Also, it's better to change default session backend from browser cookies
to database to avoid issues with forms during creating applications:
.. code-block:: python
...
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': 'murano-dashboard.sqlite',
}
}
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
..
* For the OpenStack installations of the Newton (and later) version:
Copy murano dashboard specific settings file to horizon dashboard.
.. code-block:: console
cp ../murano-dashboard/muranodashboard/local/local_settings.d/_50_murano.py openstack_dashboard/local/local_settings.d/
..
If you do not plan to get murano service from keystone application catalog,
provide where murano-api service is running:
.. code-block:: python
...
MURANO_API_URL = 'http://localhost:8082'
..
#. Perform database synchronization.
Optional step. Needed in case you set up database as a session backend.
.. code-block:: console
tox -e venv -- python manage.py migrate --noinput
..
You can reply 'no' since for development purpose separate user is not needed.
#. Run Django server at 127.0.0.1:8000 or provide different IP and PORT parameters.
.. code-block:: console
tox -e venv -- python manage.py runserver <IP:PORT>
..
Development server will be restarted automatically on every code change.
#. Open dashboard using url http://localhost:8000
Import Murano Applications
==========================
Applications need to be imported
to fill the catalog. This can be done via the dashboard, and via CLI:
1. Clone the murano apps repository.
.. code-block:: console
cd ~/murano
git clone git://git.openstack.org/openstack/murano-apps
..
2. Import every package you need from this repository, using the command
below.
.. code-block:: console
cd ~/murano/murano
pushd ../murano-apps/Docker/Applications/%APP-NAME%/package
zip -r ~/murano/murano/app.zip *
popd
tox -e venv -- murano --murano-url http://localhost:8082 package-import app.zip
.. include:: configure_network.rst

199
doc/source/install/prepare.rst
View File

@ -1,199 +0,0 @@
..
Copyright 2014 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
========================
Prepare A Lab For Murano
========================
This section provides basic information about lab's system requirements.
It also contains a description of a test which you may use to check if
your hardware fits the requirements. To do this, run the test and
compare the results with baseline data provided.
System prerequisites
=====================
**Supported Operating Systems**
* Ubuntu Server 12.04 LTS
* RHEL/CentOS 6.4
**System packages are required for Murano**
*Ubuntu*
* gcc
* python-pip
* python-dev
* libxml2-dev
* libxslt-dev
* libffi-dev
* libpq-dev
* python-openssl
* mysql-client
*CentOS*
* gcc
* python-pip
* python-devel
* libxml2-devel
* libxslt-devel
* libffi-devel
* postgresql-devel
* pyOpenSSL
* mysql
Lab Requirements
================
+------------+--------------------------------+----------------------+
| Criteria | Minimal | Recommended |
+============+================================+======================+
| CPU | 4 core @ 2.4 GHz | 24 core @ 2.67 GHz |
+------------+--------------------------------+----------------------+
| RAM | 8 GB | 24 GB or more |
+------------+--------------------------------+----------------------+
| HDD | 2 x 500 GB (7200 rpm) | 4 x 500 GB (7200 rpm |
+------------+--------------------------------+----------------------+
| RAID | Software RAID-1 (use mdadm as | Hardware RAID-10 |
| | it will improve read | |
| | performance almost two times) | |
+------------+--------------------------------+----------------------+
Table: Hardware requirements
There are a few possible storage configurations except the shown above.
All of them were tested and were working well.
* 1x SSD 500+ GB
* 1x HDD (7200 rpm) 500+ GB and 1x SSD 250+ GB (install the system onto
the HDD and mount the SSD drive to folder where VM images are)
* 1x HDD (15000 rpm) 500+ GB
Test Your Lab Host Performance
==============================
We have measured time required to boot 1 to 5 instances of Windows
system simultaneously. You can use this data as the baseline to check if
your system is fast enough.
You should use sysprepped images for this test, to simulate VM first
boot.
Steps to reproduce test:
1. Prepare Windows 2012 Standard (with GUI) image in QCOW2 format. Let's
assume that its name is ws-2012-std.qcow2
2. Ensure that there is NO KVM PROCESSES on the host. To do this, run
command:
::
ps aux | grep kvm
3. Make 5 copies of Windows image file:
::
for i in $(seq 5); do \
cp ws-2012-std.qcow2 ws-2012-std-$i.qcow2; done
4. Create script start-vm.sh in the folder with .qcow2 files:
::
#!/bin/bash
[ -z $1 ] || echo "VM count not provided!"; exit 1
for i in $(seq $1); do
echo "Starting VM $i ..."
kvm -m 1024 -drive file=ws-2012-std-$i.qcow2,if=virtio -net user -net nic,model=virtio -nographic -usbdevice tablet -vnc :$i & done
5. Start ONE instance with command below (as root) and measure time
between VMs launch and the moment when Server Manager window
appears. To view VMs desktop, connect with VNC viewer to your host
to VNC screen :1 (port 5901):
::
sudo ./start-vm.sh 1
6. Turn VM off. You may simply kill all KVM processes by
::
sudo killall kvm
7. Start FIVE instances with command below (as root) and measure time
interval between ALL VMs launch and the moment when LAST Server Manager
window appears. To view VMs desktops, connect with VNC viewer to your
host to VNC screens :1 thru :5 (ports 5901-5905):
::
sudo ./start-vm.sh 5
8. Turn VMs off. You may simply kill all KVM processes by
::
sudo killall kvm
Baseline Data
=============
The table below provides baseline data which we've got in our
environment.
**Avg. Time** refers to the lab with recommended hardware configuration,
while **Max. Time** refers to minimal hardware configuration.
+--------------------------+--------------------------+---------------------+
| | Boot ONE instance | Boot FIVE instances |
+==========================+==========================+=====================+
| Avg. Time | 3m:40s | 8m |
+--------------------------+--------------------------+---------------------+
| Max. Time | 5m | 20m |
+--------------------------+--------------------------+---------------------+
Host Optimizations
==================
Default KVM installation could be improved to provide better
performance.
The following optimizations may improve host performance up to 30%:
* change default scheduler from **CFQ** to **Deadline**
* use **ksm**
* use **vhost-net**

137
doc/source/install/ssl.rst
View File

@ -1,137 +0,0 @@
..
Copyright 2014 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
=================
SSL configuration
=================
Murano components are able to work with SSL. This chapter will help you
to make proper settings with SSL configuration.
HTTPS for Murano API
====================
SSL for Murano API service can be configured in *ssl* section in
``/etc/murano/murano.conf``. Just point to a valid SSL certificate.
See the example below:
::
[ssl]
cert_file = PATH
key_file = PATH
ca_file = PATH
- *cert\_file* Path to the certificate file the server should use when binding to an SSL-wrapped socket.
- *key\_file* Path to the private key file the server should use when binding to an SSL-wrapped socket.
- *ca\_file* Path to the CA certificate file the server should use to validate client certificates provided during an SSL handshake. This is ignored if cert\_file and "key\_file" are not set.
The use of SSL is automatically started after point to HTTPS protocol
instead of HTTP during registration Murano API service in endpoints
(Change publicurl argument to start with \https://).
SSL for Murano API is implemented like in any other OpenStack component.
This realization is based on ssl python module so more information about
it can be found `here`_.
.. _`here`: https://docs.python.org/2/library/ssl.html
SSL for RabbitMQ
================
All Murano components communicate with each other by RabbitMQ. This
interaction can be encrypted with SSL. By default all messages in Rabbit
MQ are not encrypted. Each RabbitMQ Exchange should be configured
separately.
**Murano API <-> Rabbit MQ exchange <-> Murano Engine**
Edit ssl parameters in default section of ``/etc/murano/murano.conf``. Set ``rabbit_use_ssl`` option to *true* and configure ssl kombu parameters.
Specify the path to the SSL keyfile and SSL CA certificate in a regular format: /path/to/file without quotes or leave it empty to
allow self-signed certificates.
::
# connect over SSL for RabbitMQ (boolean value)
#rabbit_use_ssl=false
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
# distributions (string value)
#kombu_ssl_version=
# SSL key file (valid only if SSL enabled) (string value)
#kombu_ssl_keyfile=
# SSL cert file (valid only if SSL enabled) (string value)
#kombu_ssl_certfile=
# SSL certification authority file (valid only if SSL enabled)
# (string value)
#kombu_ssl_ca_certs=
**Murano Agent -> Rabbit MQ exchange**
In main murano configuration file there is a section ,named *rabbitmq*, that is responsible for set up communication between Murano Agent and Rabbit MQ.
Just set *ssl* parameter to True to enable ssl.
::
[rabbitmq]
host = localhost
port = 5672
login = guest
password = guest
virtual_host = /
ssl = True
insecure = False
If you want to configure Murano Agent in a different way change
the default template. It can be found in Murano Core Library, located at *http://git.openstack.org/cgit/openstack/murano/tree/meta/io.murano/Resources/Agent-v1.template*. Take
a look at appSettings section:
::
<appSettings>
<add key="rabbitmq.host" value="%RABBITMQ_HOST%"/>
<add key="rabbitmq.port" value="%RABBITMQ_PORT%"/>
<add key="rabbitmq.user" value="%RABBITMQ_USER%"/>
<add key="rabbitmq.password" value="%RABBITMQ_PASSWORD%"/>
<add key="rabbitmq.vhost" value="%RABBITMQ_VHOST%"/>
<add key="rabbitmq.inputQueue" value="%RABBITMQ_INPUT_QUEUE%"/>
<add key="rabbitmq.resultExchange" value=""/>
<add key="rabbitmq.resultRoutingKey" value="%RESULT_QUEUE%"/>
<add key="rabbitmq.durableMessages" value="true"/>
<add key="rabbitmq.ssl" value="%RABBITMQ_SSL%"/>
<add key="rabbitmq.allowInvalidCA" value="true"/>
<add key="rabbitmq.sslServerName" value=""/>
</appSettings>
Desired parameter should be set directly to the value of the key that
you want to change. Quotes are need to be kept. Thus you can change
"rabbitmq.ssl" and "rabbitmq.port" values to make Rabbit MQ work with
this exchange in a different from Murano-Engine way.
After modification, don't forget to zip and re-upload core library.
SSL for Murano Dashboard
========================
If you are going not to use self-signed certificates additional
configuration do not need to be done. Just point https in the URL.
Otherwise, set *MURANO_API_INSECURE = True* on horizon config. You can
find it in ``/etc/openstack-dashboard/local_settings.py.``.