openstack/magnum
Code Issues Proposed changes
4676d63e0b
magnum/install-guide/source/common/configure_2_edit_magnum_conf.rst
Kevin Lefevre 4c241a683f Enable custom keystone endpoint_type in templates 
Allow to specify a custom AUTH_URL for the templates in case instances
cannot reach internalURL which is the case in mose deployment.

A new variable in trust section: trustee_keystone_interface which
default to public is introduced.

Change-Id: I2a908c0752387e4ff4ad2b0fdf0c1025a73ce806
Closes-Bug: #1643197
2017-05-01 18:15:58 +02:00

2.9 KiB
Raw Blame History

  1. Edit the /etc/magnum/magnum.conf file:

    • In the [api] section, configure the host:

      [api]
...
host = CONTROLLER_IP

      Replace CONTROLLER_IP with the IP address on which you wish magnum api should listen.

    • In the [certificates] section, select barbican (or x509keypair if you don't have barbican installed):

      • Use barbican to store certificates:

        [certificates]
...
cert_manager_type = barbican

      Important

      Barbican is recommended for production environments.

      • To store x509 certificates in magnum's database:

        [certificates]
...
cert_manager_type = x509keypair

    • In the [cinder_client] section, configure the region name:

      [cinder_client]
...
region_name = RegionOne

    • In the [database] section, configure database access:

      [database]
...
connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum

      Replace MAGNUM_DBPASS with the password you chose for the magnum database.

    • In the [keystone_authtoken] and [trust] sections, configure Identity service access:

      [keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
auth_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:35357
auth_type = password

[trust]
...
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
trustee_keystone_interface = KEYSTONE_INTERFACE

      Replace MAGNUM_PASS with the password you chose for the magnum user in the Identity service and DOMAIN_ADMIN_PASS with the password you chose for the magnum_domain_admin user.

      Replace KEYSTONE_INTERFACE with either public or internal depending on your network configuration. If your instances cannot reach internal keystone endpoint which is often the case in production environments it should be set to public. Default to public

    • In the [oslo_messaging_notifications] section, configure the driver:

      [oslo_messaging_notifications]
...
driver = messaging

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.