[install] Add install guide from template for rdo

This guide is based on the installguide-cookiecutter template
and will be published automatically to docs.openstack.org.

[2] is a similar patch and [3] is WIP.

A change to add magnum to the install-guide job will follow.

This is a follow-up of [4].

[1] http://docs.openstack.org/contributor-guide/project-install-guide.html
[2] https://review.openstack.org/#/c/325389
[3] https://review.openstack.org/#/c/317152
[4] https://review.openstack.org/#/c/332161

Change-Id: I145fd30f575dab45b4c947bc4609287b1e300025
Partially-Implements: blueprint magnum-installation-guide
This commit is contained in:
Spyros Trigazis 2016-06-14 14:09:56 +02:00
parent aacc9c327c
commit 936dd11a16
11 changed files with 791 additions and 0 deletions

View File

@ -0,0 +1,138 @@
2. Edit the ``/etc/magnum/magnum.conf``:
* In the ``[api]`` section, configure the host:
.. code-block:: ini
[api]
...
host = controller
* In the ``[certificates]`` section, select ``barbican`` (or ``local`` if
you don't have barbican installed):
* Use barbican to store certificates:
.. code-block:: ini
[certificates]
...
cert_manager_type = barbican
.. important::
Barbican is recommended for production environments, local store should
be used for evaluation purposes.
* To use local store for certificates, you have to specify the directory
to use:
.. code-block:: ini
[certificates]
...
cert_manager_type = local
storage_path = /var/lib/magnum/certificates/
* In the ``[cinder_client]`` section, configure the region name:
.. code-block:: ini
[cinder_client]
...
region_name = RegionOne
* In the ``[database]`` section, configure database access:
.. code-block:: ini
[database]
...
connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum
Replace ``MAGNUM_DBPASS`` with the password you chose for
the magnum database.
* In the ``[keystone_authtoken]`` and ``trust`` sections, configure
Identity service access:
.. code-block:: ini
[keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
auth_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:35357
auth_type = password
[trust]
...
trustee_domain_id = 66e0469de9c04eda9bc368e001676d20
trustee_domain_admin_id = 529b81cf35094beb9784c6d06c090c2b
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
``trustee_domain_id`` is the id of the ``magnum`` domain and
``trustee_domain_admin_id`` is the id of the ``magnum_domain_admin`` user.
Replace MAGNUM_PASS with the password you chose for the magnum user in the
Identity service and DOMAIN_ADMIN_PASS with the password you chose for the
``magnum_domain_admin`` user.
* In the ``[oslo_concurrency]`` section, configure the ``lock_path``:
.. code-block:: ini
[oslo_concurrency]
...
lock_path = /var/lib/magnum/tmp
* In the ``[oslo_messaging_notifications]`` section, configure the
``driver``:
.. code-block:: ini
[oslo_messaging_notifications]
...
driver = messaging
* In the ``[oslo_messaging_rabbit]`` section, configure RabbitMQ message
queue access:
.. code-block:: ini
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
Replace RABBIT_PASS with the password you chose for the openstack account
in RabbitMQ.
.. note::
Make sure that ``/etc/magnum/magnum.conf`` still have the correct
permissions. You can set the permissions again with:
# chown magnum:magnum /etc/magnum/magnum.conf
3. Populate Magnum database:
.. code-block:: console
# su -s /bin/sh -c "magnum-db-manage upgrade" magnum
4. Update heat policy to allow magnum list stacks. Edit your heat policy file,
usually ``/etc/heat/policy.json``:
.. code-block:: ini
...
stacks:global_index: "role:admin",
Now restart heat.

View File

@ -0,0 +1,188 @@
Prerequisites
-------------
Before you install and configure the Container Infrastructure Management
service, you must create a database, service credentials, and API endpoints.
#. To create the database, complete these steps:
* Use the database access client to connect to the database
server as the ``root`` user:
.. code-block:: console
$ mysql -u root -p
* Create the ``magnum`` database:
.. code-block:: console
CREATE DATABASE magnum;
* Grant proper access to the ``magnum`` database:
.. code-block:: console
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'controller' \
IDENTIFIED BY 'MAGNUM_DBPASS';
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \
IDENTIFIED BY 'MAGNUM_DBPASS';
Replace ``MAGNUM_DBPASS`` with a suitable password.
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to
admin-only CLI commands:
.. code-block:: console
$ . admin-openrc
#. To create the service credentials, complete these steps:
* Create the ``magnum`` user:
.. code-block:: console
$ openstack user create --domain default \
--password-prompt magnum
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a8ebafc275c54d389dfc1bff8b4fe286 |
| name | magnum |
+-----------+----------------------------------+
* Add the ``admin`` role to the ``magnum`` user:
.. code-block:: console
$ openstack role add --project service --user magnum admin
.. note::
This command provides no output.
* Create the ``magnum`` service entity:
.. code-block:: console
$ openstack service create --name magnum \
--description "Container Infrastructure Management Service" \
container-infra
+-------------+-------------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------------+
| description | OpenStack Container Infrastructure Management service |
| enabled | True |
| id | 194faf83e8fd4e028e5ff75d3d8d0df2 |
| name | magnum |
| type | container-infra |
+-------------+-------------------------------------------------------+
#. Create the Container Infrastructure Management service API endpoints:
.. code-block:: console
$ openstack endpoint create --region RegionOne \
container-infra public http://controller:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cb137e6366ad495bb521cfe92d8b8858 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://controller:9511/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
container-infra internal http://controller:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 17cbc3b6f51449a0a818118d6d62868d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://controller:9511/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
container-infra admin http://controller:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 30f8888e6b6646d7b5cd14354c95a684 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://controller:9511/v1 |
+--------------+----------------------------------+
#. Magnum requires additional information in the Identity service to
manage COE clusters (bays). To add this information, complete these
steps:
* Create the ``magnum`` domain that contains projects and users:
.. code-block:: console
$ openstack domain create --description "Owns users and projects \
created by magnum" magnum
+-------------+-------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------+
| description | Owns users and projects created by magnum |
| enabled | True |
| id | 66e0469de9c04eda9bc368e001676d20 |
| name | magnum |
+-------------+-------------------------------------------+
* Create the ``magnum_domain_admin`` user to manage projects and users
in the ``magnum`` domain:
.. code-block:: console
$ openstack user create --domain magnum --password-prompt \
magnum_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 66e0469de9c04eda9bc368e001676d20 |
| enabled | True |
| id | 529b81cf35094beb9784c6d06c090c2b |
| name | magnum_domain_admin |
+-----------+----------------------------------+
* Add the ``admin`` role to the ``magnum_domain_admin`` user in the
``magnum`` domain to enable administrative management privileges
by the ``magnum_domain_admin`` user:
.. code-block:: console
$ openstack role add --domain magnum --user magnum_domain_admin admin
.. note::
This command provides no output.

View File

@ -0,0 +1,300 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
import os
import openstackdocstheme
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
# TODO(ajaeger): enable PDF building, for example add 'rst2pdf.pdfbuilder'
# extensions =
# Add any paths that contain templates here, relative to this directory.
# templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
# The encoding of source files.
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Installation Guide for Container Infrastructure Management Service'
bug_tag = u'install-guide'
copyright = u'2016, OpenStack contributors'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '0.1'
# The full version, including alpha/beta/rc tags.
release = '0.1'
# A few variables have to be set for the log-a-bug feature.
# giturl: The location of conf.py on Git. Must be set manually.
# gitsha: The SHA checksum of the bug description. Automatically extracted
# from git log.
# bug_tag: Tag for categorizing the bug. Must be set manually.
# These variables are passed to the logabug code via html_context.
giturl = u'http://git.openstack.org/cgit/openstack/magnum/tree/'
giturl += u'install-guide/source'
git_cmd = "/usr/bin/git log | head -n1 | cut -f2 -d' '"
gitsha = os.popen(git_cmd).read().strip('\n')
html_context = {"gitsha": gitsha, "bug_tag": bug_tag,
"giturl": giturl}
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
# language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
# today = ''
# Else, today_fmt is used as the format for a strftime call.
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ["common_prerequisites.rst", "common_configure.rst"]
# The reST default role (used for this markup: `text`) to use for all
# documents.
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
html_theme_path = [openstackdocstheme.get_html_theme_path()]
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
# html_title = None
# A shorter title for the navigation bar. Default is the same as html_title.
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
# html_logo = None
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
# html_static_path = []
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
# html_extra_path = []
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
# So that we can enable "log-a-bug" links from each output HTML page, this
# variable must be set to a format that includes year, month, day, hours and
# minutes.
html_last_updated_fmt = '%Y-%m-%d %H:%M'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
# html_additional_pages = {}
# If false, no module index is generated.
# html_domain_indices = True
# If false, no index is generated.
html_use_index = False
# If true, the index is split into individual pages for each letter.
# html_split_index = False
# If true, links to the reST sources are added to the pages.
html_show_sourcelink = False
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Output file base name for HTML help builder.
htmlhelp_basename = 'install-guide'
# If true, publish source files
html_copy_source = False
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
# 'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('index', 'InstallGuide.tex', u'Install Guide',
u'OpenStack contributors', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
# latex_use_parts = False
# If true, show page references after internal links.
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
# latex_appendices = []
# If false, no module index is generated.
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'installguide', u'Install Guide',
[u'OpenStack contributors'], 1)
]
# If true, show URL addresses after external links.
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'InstallGuide', u'Install Guide',
u'OpenStack contributors', 'InstallGuide',
'This guide shows OpenStack end users how to install '
'an OpenStack cloud.', 'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
# texinfo_appendices = []
# If false, no module index is generated.
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
# texinfo_no_detailmenu = False
# -- Options for Internationalization output ------------------------------
locale_dirs = ['locale/']
# -- Options for PDF output --------------------------------------------------
pdf_documents = [
('index', u'InstallGuide', u'Install Guide',
u'OpenStack contributors')
]

View File

@ -0,0 +1,20 @@
====================================================
Container Infrastructure Management service overview
====================================================
The Container Infrastructure Management service consists of the
following components:
``magnum`` command-line client
A CLI that communicates with the ``magnum-api`` to create and manage
container clusters (i.e. bays in magnum terminology). End developers
can directly use the magnum REST API.
``magnum-api`` service
An OpenStack-native REST API that processes API requests by sending
them to the ``magnum-conductor`` via AMQP.
``magnum-conductor`` service
Runs on a controller machine and connects to heat to orchestrate a
magnum bay. Additionally, it connects to a Docker Swarm, Kubernetes
or Mesos REST API endpoint.

View File

@ -0,0 +1,22 @@
===========================================
Container Infrastructure Management service
===========================================
.. toctree::
get_started.rst
install.rst
verify.rst
next-steps.rst
The Container Infrastructure Management service codenamed (magnum) is an
OpenStack API service developed by the OpenStack Containers Team making
container orchestration engines (COE) such as Docker Swarm, Kubernetes
and Mesos available as first class resources in OpenStack. Magnum uses
Heat to orchestrate an OS image which contains Docker and Kubernetes and
runs that image in either virtual machines or bare metal in a cluster
configuration.
This chapter assumes a working setup of OpenStack following `OpenStack
Installation Tutorial <http://docs.openstack.org/#install-guides>`_..

View File

@ -0,0 +1,33 @@
.. _install-rdo:
Install and configure for Red Hat Enterprise Linux and CentOS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This section describes how to install and configure the Container
Infrastructure Management service for Red Hat Enterprise Linux 7 and CentOS 7.
.. include:: common_prerequisites.rst
Install and configure components
--------------------------------
#. Install the packages:
.. code-block:: console
# yum install openstack-magnum-api openstack-magnum-conductor
.. include:: common_configure.rst
Finalize installation
---------------------
#. Start Magnum services and configure them to start when
the system boots:
.. code-block:: console
# systemctl enable openstack-magnum-api.service \
openstack-magnum-conductor.service
# systemctl start openstack-magnum-api.service \
openstack-magnum-conductor.service

View File

@ -0,0 +1,40 @@
.. _install:
Install and configure
~~~~~~~~~~~~~~~~~~~~~
This section describes how to install and configure the Container
Infrastructure Management service, code-named magnum, on the controller node.
This section assumes that you already have a working OpenStack environment with
at least the following components installed: Compute, Image Service, Identity,
Networking, Block Storage, Orchestration and Neutron/LBaaS. See `OpenStack
Install Guides <http://docs.openstack.org/#install-guides>`__ for all the above
services apart from Neutron/LBaaS. For Neutron/LBaaS see
`Neutron/LBaaS/HowToRun
<https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun>`__.
To store certificates, you can use Barbican (which is recommended) or save
them locally on the controller node. To install Barbican see `Setting up a
Barbican Development Environment <http://docs.openstack.org/developer/barbican/
setup/dev.html#configuring-barbican>`__
Optionally, you can install the following components: Object Storage to make
private Docker registries available to users and Telemetry to send periodically
magnum related metrics. See `OpenStack Install Guides
<http://docs.openstack.org /#install-guides>`__.
.. note::
Installation and configuration vary by distribution.
.. important::
Magnum creates VM clusters on the Compute service (nova), called bays. These
VMs must have basic Internet connectivity and must be able to reach magnum's
API server. Make sure that Compute and Network services are configured
accordingly.
.. toctree::
install-rdo.rst

View File

@ -0,0 +1,9 @@
.. _next-steps:
Next steps
~~~~~~~~~~
Your OpenStack environment now includes the magnum service.
To add more services, see the `additional documentation on installing OpenStack
<http://docs.openstack.org/#install-guides>`_ .

View File

@ -0,0 +1,33 @@
.. _verify:
Verify operation
~~~~~~~~~~~~~~~~
Verify operation of the Container Infrastructure Management service.
.. note::
Perform these commands on the controller node.
#. Source the ``admin`` tenant credentials:
.. code-block:: console
$ . admin-openrc
#. To list out the health of the internal services, namely conductor, of
magnum, use:
.. code-block:: console
$ magnum service-list
+----+-----------------------+------------------+-------+
| id | host | binary | state |
+----+-----------------------+------------------+-------+
| 1 | controller | magnum-conductor | up |
+----+-----------------------+------------------+-------+
.. note::
This output should indicate a ``magnum-conductor`` component
on the controller node.

View File

@ -11,6 +11,7 @@ doc8 # Apache-2.0
fixtures>=3.0.0 # Apache-2.0/BSD
hacking<0.11,>=0.10.0 # Apache-2.0
mock>=2.0 # BSD
openstackdocstheme>=1.0.3 # Apache-2.0
oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
oslotest>=1.10.0 # Apache-2.0
os-testr>=0.7.0 # Apache-2.0

View File

@ -136,3 +136,10 @@ install_command = pip install -U --force-reinstall {opts} {packages}
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
[testenv:install-guide]
# NOTE(jaegerandi): this target does not use constraints because
# upstream infra does not yet support it. Once that's fixed, we can
# drop the install_command.
install_command = pip install -U --force-reinstall {opts} {packages}
commands = sphinx-build -a -E -W -d install-guide/build/doctrees -b html install-guide/source install-guide/build/html