diff --git a/doc/source/draft/admin-guide/configuration.rst b/doc/source/draft/admin-guide/configuration.rst new file mode 100644 index 00000000..fa553870 --- /dev/null +++ b/doc/source/draft/admin-guide/configuration.rst @@ -0,0 +1,216 @@ +.. _configuration: + +.. toctree:: + :maxdepth: 2 + +============= +Configuration +============= + +Network configuration +~~~~~~~~~~~~~~~~~~~~~ + +Murano may work in various networking environments and is capable of detecting +the current network configuration and choosing appropriate settings +automatically. However, some additional actions are required to support +advanced scenarios. + +Nova-network support +^^^^^^^^^^^^^^^^^^^^ + +Nova-network is the simplest networking solution, which has limited +capabilities but is available on any OpenStack deployment without the need to +deploy any additional components. + +When a new murano environment is created, murano checks if a dedicated +networking service, for example, neutron, exists in the current OpenStack +deployment. It relies on the Identity service catalog for that. If such a +service is not present, murano automatically falls back to nova-network. No +further configuration is needed in this case, all the VMs spawned by Murano +will be joining the same network. + +Neutron support +^^^^^^^^^^^^^^^ + +If neutron is installed, murano enables its advanced networking features that +give you the ability to avoid configuring networks for your application. + +By default, it creates an isolated network for each environment and joins +all VMs needed by your application to that network. To install and configure +the application in a newly spawned virtual machine, murano also requires a +router to be connected to the external network. + +Automatic neutron configuration ++++++++++++++++++++++++++++++++ + +To create the router automatically, provide the following parameters in the +configuration file: + +.. code-block:: ini + + [networking] + + external_network = %EXTERNAL_NETWORK_NAME% + router_name = %MURANO_ROUTER_NAME% + create_router = true + +To figure out the name of the external network, run +:command:`openstack network list --external`. + +During the first deployment, the required networks and router with a specified +name will be created and set up. + +Manual neutron configuration +++++++++++++++++++++++++++++ + +To configure neutron manually, follow the steps below. + +#. Create a public network. + + #. Log in to the OpenStack dashboard as an administrator. + + #. Verify the existence of external networks. For this, navigate to + :menuselection:`Project > Network > Network Topology`. + + #. Check the network type in network details. For this, navigate to + :menuselection:`Admin > Networks` and see the :guilabel:`Network name` + section. + Alternatively, run the :command:`openstack network list --external` + command using CLI. + + #. Create a new external network as described in the `OpenStack documentation `_. + + .. image:: figures/network-topology-1.png + :alt: Network Topology page + :width: 630 px + +#. Create a local network. + + #. Navigate to :menuselection:`Project > Network > Networks`. + #. Click :guilabel:`Create Network` and fill in the form. + + +#. Create a router. + + #. Navigate to :menuselection:`Project > Network > Routers`. + #. Click :guilabel:`Create Router`. + #. In the :guilabel:`Router Name` field, enter *murano-default-router*. + If you specify a name other than *murano-default-router*, change the + following settings in the configuration file: + + .. code-block:: ini + + [networking] + + router_name = %SPECIFIED_NAME% + create_router = false + + #. Click :guilabel:`Create router`. + #. Click the newly created router name. + #. In the :guilabel:`Interfaces` tab, click :guilabel:`Add Interface`. + #. Specify the subnet and IP address. + + .. image:: figures/add-interface.png + :alt: Add Interface dialog + :width: 630 px + + #. Verify the result in + :menuselection:`Project > Network > Network Topology`. + + .. image:: figures/network-topology-2.png + :alt: Network Topology page + :width: 630 px + +Policy configuration +~~~~~~~~~~~~~~~~~~~~ + +Like each service in OpenStack, murano has its own role-based access policies +that determine who and how can access objects. These policies are defined +in the service's :file:`policy.json` file. + +On each API call corresponding policy check is performed. +:file:`policy.json` file can be changed whiteout interrupting the API service. + +For detailed information on :file:`policy.json` syntax, please refer to the +`OpenStack official documentation `_ + +With this file you can set who may upload packages and perform other operations. + +The :file:`policy.json` example is: + +.. code-block:: json + + { + // Rule declaration + "context_is_admin": "role:admin", + "admin_api": "is_admin:True", + "default": "", + + // Package operations + "get_package": "rule:default", + "upload_package": "rule:default", + "modify_package": "rule:default", + "publicize_package": "rule:admin_api", + "manage_public_package": "rule:default", + "delete_package": "rule:default", + "download_package": "rule:default", + + // Category operations + "get_category": "rule:default", + "delete_category": "rule:admin_api", + "add_category": "rule:admin_api", + + // Deployment read operations + "list_deployments": "rule:default", + "statuses_deployments": "rule:default", + + // Environment operations + "list_environments": "rule:default", + "list_environments_all_tenants": "rule:admin_api", + "show_environment": "rule:default", + "update_environment": "rule:default", + "create_environment": "rule:default", + "delete_environment": "rule:default", + + // Environment template operations + "list_env_templates": "rule:default", + "create_env_template": "rule:default", + "show_env_template": "rule:default", + "update_env_template": "rule:default", + "delete_env_template": "rule:default", + + // Control on executing actions on deployment environments + "execute_action": "rule:default" + } + +So, changing ``"upload_package": "rule:default"`` to ``"rule:admin_api"`` +will forbid regular users to upload packages. + +For reference: + +- ``"get_package"`` is checked whenever a user accesses a package + from the catalog. default: anyone +- ``"upload_package"`` is checked whenever a user uploads a package + to the catalog. default: anyone +- ``"modify_package"`` is checked whenever a user modifies a package + in the catalog. default: anyone +- ``"publicize_package"`` is checked whenever a user is trying to + make a murano package public (both when creating a new package or + modifying an existing one). default: admin users +- ``"manage_public_package"`` is checked whenever a user attempts to + modify parameters of a public package. default: admin users +- ``"delete_package"`` is checked whenever a user attempts to + delete a package from the catalog. default: anyone +- ``"download_package"`` is checked whenever a user attempts to + download a package from the catalog. default: anyone +- ``"list_environments_all_tenants"`` is checked whenever a request + to list environments of all tenants is made. default: admin users +- ``"execute_action"`` is checked whenever a user attempts to execute + an action on deployment environments. default: anyone + +Uploading package wizard in murano dashboard consists of several steps. +Upload package API call requested from the first form and modify from +the second one. It provides modifying package parameters on time of +uploading. So, please modify both configuration together. Otherwise it +will not be possible to browse package details on the second step +of the wizard. diff --git a/doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst b/doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst index 3f1012fb..818efc7b 100644 --- a/doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst +++ b/doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst @@ -93,6 +93,7 @@ set ``ssl = True`` in the ``[rabbitmq]`` section of [rabbitmq] ... ssl = True + insecure = False If you want to configure the murano agent differently, you need to change the `default template `_ located in the murano core library. diff --git a/doc/source/install/4_2.png b/doc/source/draft/admin-guide/figures/add-interface.png similarity index 100% rename from doc/source/install/4_2.png rename to doc/source/draft/admin-guide/figures/add-interface.png diff --git a/doc/source/install/1.png b/doc/source/draft/admin-guide/figures/network-topology-1.png similarity index 100% rename from doc/source/install/1.png rename to doc/source/draft/admin-guide/figures/network-topology-1.png diff --git a/doc/source/install/5.png b/doc/source/draft/admin-guide/figures/network-topology-2.png similarity index 100% rename from doc/source/install/5.png rename to doc/source/draft/admin-guide/figures/network-topology-2.png diff --git a/doc/source/draft/admin-guide/installation.rst b/doc/source/draft/admin-guide/installation.rst deleted file mode 100644 index c5a0771f..00000000 --- a/doc/source/draft/admin-guide/installation.rst +++ /dev/null @@ -1,105 +0,0 @@ -.. _installation: - -.. toctree:: - :maxdepth: 2 - -============ -Installation -============ - -Network configuration -~~~~~~~~~~~~~~~~~~~~~ - -Policy configuration -~~~~~~~~~~~~~~~~~~~~ - -Like each service in OpenStack, murano has its own role-based access policies -that determine who and how can access objects. These policies are defined -in the service's :file:`policy.json` file. - -On each API call corresponding policy check is performed. -:file:`policy.json` file can be changed whiteout interrupting the API service. - -For detailed information on :file:`policy.json` syntax, please refer to the -`OpenStack official documentation `_ - -With this file you can set who may upload packages and perform other operations. - -The :file:`policy.json` example is: - -.. code-block:: javascript - - { - // Rule declaration - "context_is_admin": "role:admin", - "admin_api": "is_admin:True", - "default": "", - - // Package operations - "get_package": "rule:default", - "upload_package": "rule:default", - "modify_package": "rule:default", - "publicize_package": "rule:admin_api", - "manage_public_package": "rule:default", - "delete_package": "rule:default", - "download_package": "rule:default", - - // Category operations - "get_category": "rule:default", - "delete_category": "rule:admin_api", - "add_category": "rule:admin_api", - - // Deployment read operations - "list_deployments": "rule:default", - "statuses_deployments": "rule:default", - - // Environment operations - "list_environments": "rule:default", - "list_environments_all_tenants": "rule:admin_api", - "show_environment": "rule:default", - "update_environment": "rule:default", - "create_environment": "rule:default", - "delete_environment": "rule:default", - - // Environment template operations - "list_env_templates": "rule:default", - "create_env_template": "rule:default", - "show_env_template": "rule:default", - "update_env_template": "rule:default", - "delete_env_template": "rule:default", - - // Control on executing actions on deployment environments - "execute_action": "rule:default" - } - -So, changing ``"upload_package": "rule:default"`` to ``"rule:admin_api"`` -will forbid regular users to upload packages. - -For reference: - -- ``"get_package"`` is checked whenever a user accesses a package - from the catalog. default: anyone -- ``"upload_package"`` is checked whenever a user uploads a package - to the catalog. default: anyone -- ``"modify_package"`` is checked whenever a user modifies a package - in the catalog. default: anyone -- ``"publicize_package"`` is checked whenever a user is trying to - make a murano package public (both when creating a new package or - modifying an existing one). default: admin users -- ``"manage_public_package"`` is checked whenever a user attempts to - modify parameters of a public package. default: admin users -- ``"delete_package"`` is checked whenever a user attempts to - delete a package from the catalog. default: anyone -- ``"download_package"`` is checked whenever a user attempts to - download a package from the catalog. default: anyone -- ``"list_environments_all_tenants"`` is checked whenever a request - to list environments of all tenants is made. default: admin users -- ``"execute_action"`` is checked whenever a user attempts to execute - an action on deployment environments. default: anyone - -Uploading package wizard in murano dashboard consists of several steps. -Upload package API call requested from the first form and modify from -the second one. It provides modifying package parameters on time of -uploading. So, please modify both configuration together. Otherwise it -will not be possible to browse package details on the second step -of the wizard. diff --git a/doc/source/draft/admin-guide/prepare_lab.rst b/doc/source/draft/admin-guide/prepare_lab.rst index 69a5cec0..3d217d81 100644 --- a/doc/source/draft/admin-guide/prepare_lab.rst +++ b/doc/source/draft/admin-guide/prepare_lab.rst @@ -14,7 +14,7 @@ under the License. ======================== -Prepare A Lab For Murano +Prepare a lab for murano ======================== This section provides basic information about lab's system requirements. It also contains a description of a test which you may use to check if @@ -27,7 +27,7 @@ compare the results with baseline data provided. System prerequisites ~~~~~~~~~~~~~~~~~~~~ -Supported Operating Systems +Supported operating systems --------------------------- * Ubuntu Server 12.04 LTS @@ -89,7 +89,7 @@ Install all the requirements on CentOS by running:: .. _lab_requirements: -Lab Requirements +Lab requirements ---------------- +------------+--------------------------------+-----------------------+ @@ -119,7 +119,7 @@ All of them were tested and were working well. * 1x HDD (15000 rpm) 500+ GB -Test Your Lab Host Performance +Test your lab host performance ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We have measured time required to boot 1 to 5 instances of Windows @@ -189,7 +189,7 @@ Steps to reproduce test: sudo killall kvm -Baseline Data +Baseline data ~~~~~~~~~~~~~ The table below provides baseline data which we've got in our @@ -207,7 +207,7 @@ environment. while ``Max. Time`` refers to minimal hardware configuration. -Host Optimizations +Host optimizations ~~~~~~~~~~~~~~~~~~ Default KVM installation could be improved to provide better diff --git a/doc/source/draft/index.rst b/doc/source/draft/index.rst index fab33170..2d30eef6 100644 --- a/doc/source/draft/index.rst +++ b/doc/source/draft/index.rst @@ -37,7 +37,7 @@ Deploying Murano admin-guide/deploy_murano admin-guide/prepare_lab - admin-guide/installation + admin-guide/configuration admin-guide/manage_packages admin-guide/manage_images admin-guide/manage_categories diff --git a/doc/source/index.rst b/doc/source/index.rst index d98c3c35..1aa939d0 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -118,13 +118,6 @@ Developing Applications Miscellaneous ~~~~~~~~~~~~~ -**Installation** - -.. toctree:: - :maxdepth: 1 - - install/index - **Background Concepts for Murano** .. toctree:: diff --git a/doc/source/install/2.png b/doc/source/install/2.png deleted file mode 100644 index b20b4856..00000000 Binary files a/doc/source/install/2.png and /dev/null differ diff --git a/doc/source/install/3.png b/doc/source/install/3.png deleted file mode 100644 index ccee95c6..00000000 Binary files a/doc/source/install/3.png and /dev/null differ diff --git a/doc/source/install/4_1.png b/doc/source/install/4_1.png deleted file mode 100644 index 471d1a45..00000000 Binary files a/doc/source/install/4_1.png and /dev/null differ diff --git a/doc/source/install/configure_network.rst b/doc/source/install/configure_network.rst deleted file mode 100644 index e1a98d17..00000000 --- a/doc/source/install/configure_network.rst +++ /dev/null @@ -1,129 +0,0 @@ -.. - Copyleft 2014 Mirantis, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. -.. - -Network Configuration ---------------------- - -Murano may work in various networking environments and is capable of -detecting the current network configuration and choosing appropriate -settings automatically. However, some additional actions are required to -support advanced scenarios. - - -Nova network support -^^^^^^^^^^^^^^^^^^^^ - -Nova Network is simplest networking solution, which has limited capabilities -but is available on any OpenStack deployment without the need to deploy any -additional components. - -When a new Murano Environment is created, Murano checks if a dedicated -networking service (i.e. Neutron) exists in the current OpenStack deployment. -It relies on Keystone's service catalog for that. -If such a service is not present, Murano automatically falls back to Nova -Network. No further configuration is needed in this case, all the VMs spawned -by Murano will be joining the same Network. - -Neutron support -^^^^^^^^^^^^^^^ - -If neutron is installed, murano enables its advanced networking features that -give you the ability to avoid configuring networks for your application. - -By default it will create an isolated network for each environment and join -all VMs needed by your application to that network. To install and configure -the application in a newly spawned virtual machine, murano also requires -a router to be connected to the external network. - - -Automatic neutron network configuration -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -To create the router automatically, provide the following parameters -in the config file: - -.. code-block:: ini - - [networking] - - external_network = %EXTERNAL_NETWORK_NAME% - router_name = %MURANO_ROUTER_NAME% - create_router = true - -.. - -To figure out the name of the external network, perform the following command: - -.. code-block:: console - - openstack network list --external - -During the first deployment, the required networks and router with a specified name -will be created and set up. - -Manual neutron network configuration -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -* Step 1. Create public network - - * First, you need to check for existence of external networks. Login as admin and go to - *Project -> Network -> Network Topology*. And check network type in network details at *Admin -> Networks -> Network name* page. - The same action can be done via CLI by running `openstack network list --external`. To create new external network examine `OpenStack documentation `_. - - .. image:: 1.png - :align: left - :scale: 70 % - -* Step 2. Create local network - - * Go to *Project -> Network -> Networks*. - * Click *Create Network* and fill the form. - - .. image:: 2.png - - - .. image:: 3.png - -* Step 3. Create router - - * Go to *Project -> Network -> Routers* - - * Click "Create Router" - * In the "Router Name" field, enter the *murano-default-router* - - .. image:: 4_1.png - - - If you specify a name other than *murano-default-router*, it will be necessary - to change the following settings in the config file: - - .. code-block:: ini - - [networking] - - router_name = %SPECIFIED_NAME% - create_router = false - - - * Click on the specified router name - * In the opened view click “Add interface” - * Specify the subnet and IP address - - .. image:: 4_2.png - - And check the result in `Network Topology` tab. - - .. image:: 5.png diff --git a/doc/source/install/development.rst b/doc/source/install/development.rst deleted file mode 100644 index c7553e27..00000000 --- a/doc/source/install/development.rst +++ /dev/null @@ -1,29 +0,0 @@ -.. - Copyright 2014 2014 Mirantis, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - -============================================== -Installing and Running the Development Version -============================================== - -The `devstack`_ directory contains the files necessary to integrate -Murano with `Devstack`_. - - -.. include:: ../../../devstack/README.rst - - - -.. _Devstack: http://docs.openstack.org/developer/devstack/ -.. _contrib/devstack: https://git.openstack.org/cgit/openstack/murano/tree/contrib/devstack diff --git a/doc/source/install/index.rst b/doc/source/install/index.rst deleted file mode 100644 index d52ee49d..00000000 --- a/doc/source/install/index.rst +++ /dev/null @@ -1,31 +0,0 @@ -.. - Copyright 2014 Mirantis, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - -.. _install: - -========================= -Murano Installation Guide -========================= - -Content -======= - -.. toctree:: - :maxdepth: 2 - - prepare - development - manual - ssl diff --git a/doc/source/install/manual.rst b/doc/source/install/manual.rst deleted file mode 100644 index be5a70bc..00000000 --- a/doc/source/install/manual.rst +++ /dev/null @@ -1,452 +0,0 @@ -.. - Copyright 2014 Mirantis, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. -.. - -.. _installing_manually: - -=============================== -Installing and Running Manually -=============================== - -Prepare Environment -=================== - -Install Prerequisites ---------------------- - -First you need to install a number of packages with your OS package manager. -The list of packages depends on the OS you use. - -Ubuntu -^^^^^^ - -.. code-block:: console - - sudo apt-get install python-pip python-dev \ - libmysqlclient-dev libpq-dev \ - libxml2-dev libxslt1-dev \ - libffi-dev -.. - -Fedora -^^^^^^ - -.. note:: - - Fedora support wasn't thoroughly tested. We do not guarantee that murano - will work on Fedora. -.. - -.. code-block:: console - - sudo yum install gcc python-setuptools python-devel python-pip -.. - - -CentOS -^^^^^^ - -.. code-block:: console - - sudo yum install gcc python-setuptools python-devel - sudo easy_install pip -.. - - -Install tox ------------ - -.. code-block:: console - - sudo pip install tox -.. - - -Install And Configure Database ------------------------------- - -Murano can use various database types on the back end. For development purposes -SQLite is enough in most cases. For production installations you should use -MySQL or PostgreSQL databases. - -.. warning:: - - Although murano could use a PostgreSQL database on the back end, it wasn't - thoroughly tested and should be used with caution. -.. - -To use a MySQL database you should install it and create an empty database first: - -.. code-block:: console - - apt-get install python-mysqldb mysql-server -.. - -.. code-block:: console - - mysql -u root -p - - mysql> CREATE DATABASE murano; - mysql> GRANT ALL PRIVILEGES ON murano.* TO 'murano'@'localhost' \ - IDENTIFIED BY 'MURANO_DBPASS'; - mysql> exit; -.. - - -Install the API service and Engine -================================== - -#. Create a folder which will hold all Murano components. - - .. code-block:: console - - mkdir ~/murano - .. - -#. Clone the murano git repository to the management server. - - .. code-block:: console - - cd ~/murano - git clone git://git.openstack.org/openstack/murano - .. - -#. Set up the murano config file - - Murano has a common config file for API and Engine services. - - First, generate a sample configuration file, using tox - - .. code-block:: console - - cd ~/murano/murano - tox -e genconfig - .. - - And make a copy of it for further modifications - - .. code-block:: console - - cd ~/murano/murano/etc/murano - ln -s murano.conf.sample murano.conf - .. - -#. Edit ``murano.conf`` with your favorite editor. Below is an example - which contains basic settings your are likely need to configure. - - .. note:: - - The example below uses SQLite database. Edit **[database]** section - if you want to use other database type. - .. - - .. code-block:: ini - - [DEFAULT] - debug = true - verbose = true - rabbit_host = %RABBITMQ_SERVER_IP% - rabbit_userid = %RABBITMQ_USER% - rabbit_password = %RABBITMQ_PASSWORD% - rabbit_virtual_host = %RABBITMQ_SERVER_VIRTUAL_HOST% - - ... - - [oslo_messaging_notifications] - driver = messagingv2 - - ... - - [database] - backend = sqlalchemy - connection = sqlite:///murano.sqlite - - ... - - [keystone] - auth_url = 'http://%OPENSTACK_HOST_IP%:5000/v2.0' - - ... - - [keystone_authtoken] - auth_uri = 'http://%OPENSTACK_HOST_IP%:5000/v2.0' - auth_host = '%OPENSTACK_HOST_IP%' - auth_port = 5000 - auth_protocol = http - admin_tenant_name = %OPENSTACK_ADMIN_TENANT% - admin_user = %OPENSTACK_ADMIN_USER% - admin_password = %OPENSTACK_ADMIN_PASSWORD% - - ... - - [murano] - url = http://%YOUR_HOST_IP%:8082 - - [rabbitmq] - host = %RABBITMQ_SERVER_IP% - login = %RABBITMQ_USER% - password = %RABBITMQ_PASSWORD% - virtual_host = %RABBITMQ_SERVER_VIRTUAL_HOST% - - [networking] - default_dns = 8.8.8.8 # In case openstack neutron has no default - # DNS configured - .. - -#. Create a virtual environment and install Murano prerequisites. We will use - *tox* for that. Virtual environment will be created under *.tox* directory. - - .. code-block:: console - - cd ~/murano/murano - tox - .. - -#. Create database tables for Murano. - - .. code-block:: console - - cd ~/murano/murano - tox -e venv -- murano-db-manage \ - --config-file ./etc/murano/murano.conf upgrade - .. - -#. Launch the murano API in a separate terminal: - - .. code-block:: console - - cd ~/murano/murano - tox -e venv -- murano-api --config-file ./etc/murano/murano.conf - .. - - .. note:: - - Run the command in a new terminal as the process will be running in - the terminal until you terminate it, therefore, blocking the current - terminal. - -#. Leaving the API process running, return to the previous console and - import murano core library: - - .. code-block:: console - - cd ~/murano/murano - pushd ./meta/io.murano - zip -r ../../io.murano.zip * - popd - tox -e venv -- murano --murano-url http://localhost:8082 \ - package-import --is-public io.murano.zip - .. - -#. Launch the murano engine in a separate terminal: - - .. code-block:: console - - cd ~/murano/murano - tox -e venv -- murano-engine --config-file ./etc/murano/murano.conf - .. - - .. note:: - - Run the command in a new terminal as the process will be running in - the terminal until you terminate it, therefore, blocking the current - terminal. - -Register in Keystone --------------------- - -To make the murano API available to all OpenStack users, you need to register the -Application Catalog service within the Identity service. - -#. Add ``application-catalog`` service: - - .. code-block:: console - - openstack service create --name murano --description "Application Catalog for OpenStack" application-catalog - -#. Provide an endpoint for that service: - - .. code-block:: console - - openstack endpoint create --region RegionOne --publicurl http://:8082 --internalurl http://:8082 --adminurl http://:8082 - - where ``MURANO-SERVICE-ID`` is the unique service number that you can find - in the :command:`openstack service create` output. - -.. note:: URLs (publicurl, internalurl and adminurl) may be different - depending on your environment. - -Install Murano Dashboard -======================== - - Murano API & Engine services provide the core of Murano. However, your need a - control plane to use it. This section describes how to install and run Murano - Dashboard. - -#. Clone the repository with Murano Dashboard. - - .. code-block:: console - - cd ~/murano - git clone git://git.openstack.org/openstack/murano-dashboard - .. - -#. Clone horizon repository - - .. code-block:: console - - git clone git://git.openstack.org/openstack/horizon - .. - -#. Create venv and install muranodashboard as editable module. - - .. code-block:: console - - cd horizon - tox -e venv -- pip install -e ../murano-dashboard - .. - -#. Copy muranodashboard plugin file. - - This step enables murano panel in horizon dashboard. - - * For the OpenStack installations prior to the Newton release, run:: - - .. code-block:: console - - cp ../murano-dashboard/muranodashboard/local/_50_murano.py openstack_dashboard/local/enabled/ - .. - - * For the Newton (and later) OpenStack installations, run:: - - .. code-block:: console - - cp ../murano-dashboard/muranodashboard/local/enabled/_50_murano.py openstack_dashboard/local/enabled/ - .. - -#. Prepare horizon local settings. - - To get more information, check out official - `horizon documentation `_. - - .. code-block:: console - - cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py - -#. Customize local settings according to OpenStack installation. - - .. code-block:: python - - ... - ALLOWED_HOSTS = '*' - - # Provide OpenStack Lab credentials - OPENSTACK_HOST = '%OPENSTACK_HOST_IP%' - - ... - - # Set secret key to prevent it's generation - SECRET_KEY = 'random_string' - - ... - - DEBUG_PROPAGATE_EXCEPTIONS = DEBUG - .. - - * For the OpenStack installations prior to the Newton release: - - Also, it's better to change default session backend from browser cookies - to database to avoid issues with forms during creating applications: - - .. code-block:: python - - ... - DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': 'murano-dashboard.sqlite', - } - } - - SESSION_ENGINE = 'django.contrib.sessions.backends.db' - .. - - * For the OpenStack installations of the Newton (and later) version: - - Copy murano dashboard specific settings file to horizon dashboard. - - .. code-block:: console - - cp ../murano-dashboard/muranodashboard/local/local_settings.d/_50_murano.py openstack_dashboard/local/local_settings.d/ - - .. - - If you do not plan to get murano service from keystone application catalog, - provide where murano-api service is running: - - .. code-block:: python - - ... - MURANO_API_URL = 'http://localhost:8082' - .. - -#. Perform database synchronization. - - Optional step. Needed in case you set up database as a session backend. - - .. code-block:: console - - tox -e venv -- python manage.py migrate --noinput - .. - - You can reply 'no' since for development purpose separate user is not needed. - -#. Run Django server at 127.0.0.1:8000 or provide different IP and PORT parameters. - - .. code-block:: console - - tox -e venv -- python manage.py runserver - .. - - Development server will be restarted automatically on every code change. - -#. Open dashboard using url http://localhost:8000 - -Import Murano Applications -========================== - -Applications need to be imported -to fill the catalog. This can be done via the dashboard, and via CLI: - -1. Clone the murano apps repository. - - .. code-block:: console - - cd ~/murano - git clone git://git.openstack.org/openstack/murano-apps - .. - -2. Import every package you need from this repository, using the command - below. - - .. code-block:: console - - cd ~/murano/murano - pushd ../murano-apps/Docker/Applications/%APP-NAME%/package - zip -r ~/murano/murano/app.zip * - popd - tox -e venv -- murano --murano-url http://localhost:8082 package-import app.zip - -.. include:: configure_network.rst diff --git a/doc/source/install/prepare.rst b/doc/source/install/prepare.rst deleted file mode 100644 index ffc35a02..00000000 --- a/doc/source/install/prepare.rst +++ /dev/null @@ -1,199 +0,0 @@ -.. - Copyright 2014 2014 Mirantis, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - -======================== -Prepare A Lab For Murano -======================== -This section provides basic information about lab's system requirements. -It also contains a description of a test which you may use to check if -your hardware fits the requirements. To do this, run the test and -compare the results with baseline data provided. - -System prerequisites -===================== -**Supported Operating Systems** - -* Ubuntu Server 12.04 LTS -* RHEL/CentOS 6.4 - -**System packages are required for Murano** - -*Ubuntu* - -* gcc - -* python-pip - -* python-dev - -* libxml2-dev - -* libxslt-dev - -* libffi-dev - -* libpq-dev - -* python-openssl - -* mysql-client - -*CentOS* - -* gcc - -* python-pip - -* python-devel - -* libxml2-devel - -* libxslt-devel - -* libffi-devel - -* postgresql-devel - -* pyOpenSSL - -* mysql - - -Lab Requirements -================ - -+------------+--------------------------------+----------------------+ -| Criteria | Minimal | Recommended | -+============+================================+======================+ -| CPU | 4 core @ 2.4 GHz | 24 core @ 2.67 GHz | -+------------+--------------------------------+----------------------+ -| RAM | 8 GB | 24 GB or more | -+------------+--------------------------------+----------------------+ -| HDD | 2 x 500 GB (7200 rpm) | 4 x 500 GB (7200 rpm | -+------------+--------------------------------+----------------------+ -| RAID | Software RAID-1 (use mdadm as | Hardware RAID-10 | -| | it will improve read | | -| | performance almost two times) | | -+------------+--------------------------------+----------------------+ - -Table: Hardware requirements - -There are a few possible storage configurations except the shown above. -All of them were tested and were working well. - -* 1x SSD 500+ GB - -* 1x HDD (7200 rpm) 500+ GB and 1x SSD 250+ GB (install the system onto - the HDD and mount the SSD drive to folder where VM images are) - -* 1x HDD (15000 rpm) 500+ GB - -Test Your Lab Host Performance -============================== - -We have measured time required to boot 1 to 5 instances of Windows -system simultaneously. You can use this data as the baseline to check if -your system is fast enough. - -You should use sysprepped images for this test, to simulate VM first -boot. - -Steps to reproduce test: - -1. Prepare Windows 2012 Standard (with GUI) image in QCOW2 format. Let's - assume that its name is ws-2012-std.qcow2 - -2. Ensure that there is NO KVM PROCESSES on the host. To do this, run - command: - - :: - - ps aux | grep kvm - -3. Make 5 copies of Windows image file: - - :: - - for i in $(seq 5); do \ - cp ws-2012-std.qcow2 ws-2012-std-$i.qcow2; done - -4. Create script start-vm.sh in the folder with .qcow2 files: - - :: - - #!/bin/bash - [ -z $1 ] || echo "VM count not provided!"; exit 1 - for i in $(seq $1); do - echo "Starting VM $i ..." - kvm -m 1024 -drive file=ws-2012-std-$i.qcow2,if=virtio -net user -net nic,model=virtio -nographic -usbdevice tablet -vnc :$i & done - -5. Start ONE instance with command below (as root) and measure time - between VM’s launch and the moment when Server Manager window - appears. To view VM’s desktop, connect with VNC viewer to your host - to VNC screen :1 (port 5901): - - :: - - sudo ./start-vm.sh 1 - -6. Turn VM off. You may simply kill all KVM processes by - - :: - - sudo killall kvm - -7. Start FIVE instances with command below (as root) and measure time - interval between ALL VM’s launch and the moment when LAST Server Manager - window appears. To view VM’s desktops, connect with VNC viewer to your - host to VNC screens :1 thru :5 (ports 5901-5905): - - :: - - sudo ./start-vm.sh 5 - -8. Turn VMs off. You may simply kill all KVM processes by - - :: - - sudo killall kvm - -Baseline Data -============= - -The table below provides baseline data which we've got in our -environment. - -**Avg. Time** refers to the lab with recommended hardware configuration, -while **Max. Time** refers to minimal hardware configuration. - -+--------------------------+--------------------------+---------------------+ -| | Boot ONE instance | Boot FIVE instances | -+==========================+==========================+=====================+ -| Avg. Time | 3m:40s | 8m | -+--------------------------+--------------------------+---------------------+ -| Max. Time | 5m | 20m | -+--------------------------+--------------------------+---------------------+ - -Host Optimizations -================== - -Default KVM installation could be improved to provide better -performance. - -The following optimizations may improve host performance up to 30%: - -* change default scheduler from **CFQ** to **Deadline** -* use **ksm** -* use **vhost-net** diff --git a/doc/source/install/ssl.rst b/doc/source/install/ssl.rst deleted file mode 100644 index c94ddffb..00000000 --- a/doc/source/install/ssl.rst +++ /dev/null @@ -1,137 +0,0 @@ -.. - Copyright 2014 2014 Mirantis, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); you may - not use this file except in compliance with the License. You may obtain - a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - License for the specific language governing permissions and limitations - under the License. - -================= -SSL configuration -================= -Murano components are able to work with SSL. This chapter will help you -to make proper settings with SSL configuration. - -HTTPS for Murano API -==================== - -SSL for Murano API service can be configured in *ssl* section in -``/etc/murano/murano.conf``. Just point to a valid SSL certificate. -See the example below: - -:: - - - [ssl] - cert_file = PATH - key_file = PATH - ca_file = PATH - -- *cert\_file* Path to the certificate file the server should use when binding to an SSL-wrapped socket. -- *key\_file* Path to the private key file the server should use when binding to an SSL-wrapped socket. -- *ca\_file* Path to the CA certificate file the server should use to validate client certificates provided during an SSL handshake. This is ignored if cert\_file and "key\_file" are not set. - -The use of SSL is automatically started after point to HTTPS protocol -instead of HTTP during registration Murano API service in endpoints -(Change publicurl argument to start with \https://). -SSL for Murano API is implemented like in any other OpenStack component. -This realization is based on ssl python module so more information about -it can be found `here`_. - -.. _`here`: https://docs.python.org/2/library/ssl.html - -SSL for RabbitMQ -================ - -All Murano components communicate with each other by RabbitMQ. This -interaction can be encrypted with SSL. By default all messages in Rabbit -MQ are not encrypted. Each RabbitMQ Exchange should be configured -separately. - -**Murano API <-> Rabbit MQ exchange <-> Murano Engine** - -Edit ssl parameters in default section of ``/etc/murano/murano.conf``. Set ``rabbit_use_ssl`` option to *true* and configure ssl kombu parameters. -Specify the path to the SSL keyfile and SSL CA certificate in a regular format: /path/to/file without quotes or leave it empty to -allow self-signed certificates. - -:: - - # connect over SSL for RabbitMQ (boolean value) - #rabbit_use_ssl=false - - # SSL version to use (valid only if SSL enabled). valid values - # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some - # distributions (string value) - #kombu_ssl_version= - - # SSL key file (valid only if SSL enabled) (string value) - #kombu_ssl_keyfile= - - # SSL cert file (valid only if SSL enabled) (string value) - #kombu_ssl_certfile= - - # SSL certification authority file (valid only if SSL enabled) - # (string value) - #kombu_ssl_ca_certs= - - -**Murano Agent -> Rabbit MQ exchange** - -In main murano configuration file there is a section ,named *rabbitmq*, that is responsible for set up communication between Murano Agent and Rabbit MQ. -Just set *ssl* parameter to True to enable ssl. - -:: - - [rabbitmq] - host = localhost - port = 5672 - login = guest - password = guest - virtual_host = / - ssl = True - insecure = False - -If you want to configure Murano Agent in a different way change -the default template. It can be found in Murano Core Library, located at *http://git.openstack.org/cgit/openstack/murano/tree/meta/io.murano/Resources/Agent-v1.template*. Take -a look at appSettings section: - -:: - - - - - - - - - - - - - - - - - - - -Desired parameter should be set directly to the value of the key that -you want to change. Quotes are need to be kept. Thus you can change -"rabbitmq.ssl" and "rabbitmq.port" values to make Rabbit MQ work with -this exchange in a different from Murano-Engine way. -After modification, don't forget to zip and re-upload core library. - -SSL for Murano Dashboard -======================== - -If you are going not to use self-signed certificates additional -configuration do not need to be done. Just point https in the URL. -Otherwise, set *MURANO_API_INSECURE = True* on horizon config. You can -find it in ``/etc/openstack-dashboard/local_settings.py.``.