openstack/magnum
Code Issues Proposed changes
Files
e06004d9f5ffbf40f612da54924e87dfddbca529
magnum/install-guide/source/common/configure_2_edit_magnum_conf.rst
yatin 67a48749c7 Fix magnum TLS cert generation 
TLS enabled k8s cluster are not created if admin_user, admin_password
and admin_tenant_name are not set in [keystone_authtoken] section,
This patch updates the install guide for the same.

Change-Id: Id58bbbda34d52f60c174630400ae469c48a7d115
Closes-Bug: #1717798
Related-Bug: #1670355
2017-10-05 14:21:32 +00:00

3.0 KiB
Raw Blame History

  1. Edit the /etc/magnum/magnum.conf file:

    • In the [api] section, configure the host:

      [api]
...
host = CONTROLLER_IP

      Replace CONTROLLER_IP with the IP address on which you wish magnum api should listen.

    • In the [certificates] section, select barbican (or x509keypair if you don't have barbican installed):

      • Use barbican to store certificates:

        [certificates]
...
cert_manager_type = barbican

      Important

      Barbican is recommended for production environments.

      • To store x509 certificates in magnum's database:

        [certificates]
...
cert_manager_type = x509keypair

    • In the [cinder_client] section, configure the region name:

      [cinder_client]
...
region_name = RegionOne

    • In the [database] section, configure database access:

      [database]
...
connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum

      Replace MAGNUM_DBPASS with the password you chose for the magnum database.

    • In the [keystone_authtoken] and [trust] sections, configure Identity service access:

      [keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
auth_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:35357
auth_type = password
admin_user = magnum
admin_password = MAGNUM_PASS
admin_tenant_name = service

[trust]
...
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
trustee_keystone_interface = KEYSTONE_INTERFACE

      Replace MAGNUM_PASS with the password you chose for the magnum user in the Identity service and DOMAIN_ADMIN_PASS with the password you chose for the magnum_domain_admin user.

      Replace KEYSTONE_INTERFACE with either public or internal depending on your network configuration. If your instances cannot reach internal keystone endpoint which is often the case in production environments it should be set to public. Default to public

    • In the [oslo_messaging_notifications] section, configure the driver:

      [oslo_messaging_notifications]
...
driver = messaging

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

View Git Blame Copy Permalink