openstack/murano
Code Issues Proposed changes

Add new articles to documentation

Browse Source 
Add converted into rst fromat the following articles:
  * Windows image builder
  * Linux image builder
  * Uploading image to Glance
  * Lab preparation and system requiremnts added in installation section
  * SSL configuration

Change-Id: I6b4c7e7e6670690e5722ea906e6464faff2a369b
Signed-off-by: Ekaterina Fedorova <efedorova@mirantis.com>
This commit is contained in:
Ekaterina Fedorova 2014-05-12 17:55:40 +04:00
parent 4603c2a48d
commit e2e00a2382
8 changed files with 1096 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
doc/source/image_builders/index.rst Normal file
View File

@ -0,0 +1,25 @@
..
Copyright 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
=====================
Building Murano Image
=====================
.. toctree::
:maxdepth: 2
windows
linux
upload

226
doc/source/image_builders/linux.rst Normal file
View File

@ -0,0 +1,226 @@
..
Copyright 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
===========
Linux Image
===========
**Create a VM**
This section describes steps required to build an image of Linux Virtual
Machine which could be used with Murano. There are two possible ways to
create it - from CLI or using GUI tools. We describe both in this
section.
**Note**
Run all commands as root.
**Way 1: Using CLI Tools**
This section describes the required step to launch a VM using CLI tools
only.
1. Preallocate disk image
::
># qemu-img create -f qcow2 /var/lib/libvirt/images/cloud-linux.img 10G
2. Start the VM
::
># virt-install --connect qemu:///system --hvm --name cloud-linux \
--ram 2048 --vcpus 2 --cdrom /PATH_TO_YOUR_LINUX.ISO \
--disk path=/var/lib/libvirt/images/cloud-linux.img, \
format=qcow2,bus=virtio,cache=none \
--network network=default,model=virtio \
--memballoon model=virtio --vnc --os-type=linux \
--accelerate --noapic --keymap=en-us --video=cirrus --force
**Way 2: Using virt-manager UI**
A VM also could be lauched via GUI tools like virt-manager.
1. Launch *virt-manager* from shell as root
2. Set a name for VM and select Local install media
3. Add one cdrom and attach your linux ISO image to it
4. Select OS type **Linux** and it's version **choose yours**
5. Set CPU and RAM amount
6. Deselect option **Enable storage for this virtual machine**
7. Select option **Customize configuration before install**
8. Add (or create new) HDD image with Disk bus **VirtIO** and storage
format **QCOW2**
9. Set network device model **VirtIO**
10. Start installation process and open guest vm screen through
**Console** button
Guest VM Linux OS preparation
=============================
**Ubuntu 12.04 LTS x86\_64**
::
># for action in update upgrade dist-upgrade;do apt-get -y $action;done
># apt-get install -y git unzip make cmake gcc python-dev python-pip openssh-server sudo
**CentOS 6.4 x86\_64**
::
># rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
># for action in update upgrade;do yum -y $action; done
># yum install -y git unzip make cmake gcc python-devel python-pip openssh-server openssh-clients sudo
**murano-agent installation steps**
::
># mkdir -p /opt/git
># cd /opt/git
># git clone https://github.com/stackforge/murano-agent.git
># cd murano-agent/python-agent
># git checkout release-0.5
># chmod a+x setup*.sh
# To install Murano Agent on run the following command:
- **Ubuntu**
># ./setup.sh install
- **CentOS**
># ./setup-centos.sh install
**cloud-init installation steps**
- **Ubuntu**
::
># apt-get install -y cloud-init cloud-initramfs-growroot
- **CentOS**
::
># yum install -y cloud-init
**Note**
**Ubuntu only**
::
># dpkg-reconfigure cloud-init
Mark **EC2** data source support, save and exit or add manualy
**Ec2** to the datasource\_list variable in the
/etc/cloud/cloud.cfg.d/90\_dfkg.cfg
- **Minimal cloud-init configuration options**
::
># vi /etc/cloud/cloud.cfg:
user: ec2-user
disable_root: 1
preserve_hostname: False
**Security setup**
Create user and make it able to run commands through sudo without
password prompt.
- **Ubuntu**
::
># useradd -m -G sudo -s /bin/bash ec2-user
># passwd ec2-user
- **CentOS**
::
># useradd -m -G wheel -s /bin/bash ec2-user
># passwd ec2-user
- **Sudo**
::
># echo "ec2-user ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/ec2-user
># chmod 440 /etc/sudoers.d/ec2-user
**Disable SSH password-based logins in the /etc/ssh/sshd\_config.**
::
...
GSSAPIAuthentication no
PasswordAuthentication no
PermitRootLogin no
...
</itemizedlist> </para>
**Network handling**
- **Ubuntu**
::
># rm -rf /etc/udev/rules.d/70-persistent-net.rules
- **CentOS** Remove or comment out HWADDR and UUID in
/etc/sysconfig/network-scripts/ifcfg-eth\*
::
># rm -rf /etc/udev/rules.d/70-persistent-net.rules
**Shutdown VM**
**Convert the image from RAW to QCOW2 format if you made it as RAW.**
The image must be converted from RAW format to QCOW2 before being
imorted into Glance.
::
># qemu-img convert -O qcow2 /var/lib/libvirt/images/cloud-linux.img \
/var/lib/libvirt/images/cloud-linux.img.qcow2

81
doc/source/image_builders/upload.rst Normal file
View File

@ -0,0 +1,81 @@
..
Copyright 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
========================
Upload Image Into Glance
========================
To deploy applications with Murano, virtual machine images should be uploaded into Glance in a special way - *murano_image_info* property should be set
1. Use the glance image-create command to import your disk image to
Glance:
::
>$ glance image-create --name <NAME> --is-public true --disk-format qcow2 --container-format bare --file <IMAGE_FILE> --property <IMAGE_METADATA>
Replace the command line arguments to glance image-create with the
appropriate values for your environment and disk image:
* Replace **<NAME>** with the name that users will refer to the disk
image by. E.g. '**ws-2012-std**\ '
* Replace **<IMAGE\_FILE>** with the local path to the image file to
upload. E.g. '**ws-2012-std.qcow2**\ '.
* Replace **<IMAGE\_METADATA>** with the following property string
::
murano_image_info='{"title": "Windows 2012 Standart Edition", "type": "windows.2012"}'
where
* title - user-friendly description of the image
* type - is a image type, for example 'windows.2012'
2. To update metadata of the existing image run the command:
::
>$ glance image-update <IMAGE-ID> --property <IMAGE_MATADATA>
* Replace **<IMAGE-ID>** with image id from the previous command
output.
* Replace **<IMAGE\_METADATA>** with murano\_image\_info property, e.g.
::
murano_image_info='{"title": "Windows 2012 Standart Edition", "type": "windows.2012"}'
**Warning**
The value of the **--property** argument named
**murano\_image\_info** is a JSON string. Only double quotes are
valid in JSON, so please type the string exactly as in the example
above.
**Note**
Already existing image could be marked in a simple way in Horizon UI with Murano dashboard installed. Navigate to *Murano -> Manage -> Images -> Mark Image* and fill up a form:
- **Image** - ws-2012-std
- **Title** - My Prepared Image
- **Type** - Windows Server 2012
After these steps desired image can be chosen in application creation wizard.

438
doc/source/image_builders/windows.rst Normal file
View File

@ -0,0 +1,438 @@
..
Copyright 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
=============
Windows Image
=============
Murano requires a Windows Image in QCOW2 format to be builded and
uploaded into Glance.
The easiest way to build Windows image for Murano is to build it on the
host where your OpenStack is installed.
Install Required Packages
=========================
**Note**
Please check that hardware virtualization supported and enabled in
BIOS.
The following packages should be installed on any host which will be
used to build Windows Image:
* ipxe-qemu
* kvm-ipxe
* qemu-kvm
* munin-libvirt-plugins
* python-libvirt
* virt-goodies
* virt-manager
* virt-top
* virt-what
* virtinst
* python
On Ubuntu you could install them using the command below:
::
># apt-get install ipxe-qemu kvm-ipxe qemu-kvm virt-goodies \
virtinst virt-manager libvirt0 libvirt-bin \
munin-libvirt-plugins python python-libvirt \
python-libxml2 python-minimal python-pycurl \
python-pyorbit python-requests python-six \
samba samba-common openssh-server virt-top virt-what
Configure Shared Resource
=========================
**Configure samba based share.**
::
># mkdir -p /opt/samba/share
># chown -R nobody:nogroup /opt/samba/share
**Configure samba server (/etc/samba/smb.conf).**
::
...
[global]
...
security = user
...
[share]
comment = Deployment Share
path = /opt/samba/share
browsable = yes
read only = no
create mask = 0755
guest ok = yes
guest account = nobody
...
**Restart services.**
::
># service smbd restart
># service nmbd restart
Prerequisites
===============
Download the files below and copy them into their places in your
**${SHARE\_PATH}** folder (we usually use **/opt/samba/share** as
**${SHARE\_PATH}**):
* *Windows 2012 Server ISO evaluation version*
* ${SHARE\_PATH}/libvirt/images/ws-2012-eval.iso
* `http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx`_
* *VirtIO drivers for Windows*
* ${SHARE\_PATH}/libvirt/images/virtio-win-0.1-74.iso
* `http://alt.fedoraproject.org/pub/alt/virtio-win/stable/virtio-win-0.1-74.iso`_
* *CloudBase-Init for Windows*
* ${SHARE\_PATH}/share/files/CloudbaseInitSetup\_Beta.msi
* `https://www.cloudbase.it/downloads/CloudbaseInitSetup_Beta.msi`_
* *Far Manager*
* ${SHARE\_PATH}/share/files/Far30b3367.x64.20130717.msi
* `http://www.farmanager.com/files/Far30b3525.x64.20130717.msi`_
* Git client
* ${SHARE\_PATH}/share/files/Git-1.8.1.2-preview20130601.exe
* `https://msysgit.googlecode.com/files/Git-1.8.3-preview20130601.exe`_
* *Sysinternals Suite*
* ${SHARE\_PATH}/share/files/SysinternalsSuite.zip
* `http://download.sysinternals.com/files/SysinternalsSuite.zip`_
* *unzip.exe tool*
* ${SHARE\_PATH}/share/files/unzip.exe
* `https://www.dropbox.com/sh/zthldcxnp6r4flm/AACwiyfcrlGDt3ygCFHrbwMra/unzip.exe`_
* *PowerShell v3*
* ${SHARE\_PATH}/share/files/Windows6.1-KB2506143-x64.msu
* `http://www.microsoft.com/en-us/download/details.aspx?id=34595`_
* *.NET 4.0*
* ${SHARE\_PATH}/share/files/dotNetFx40\_Full\_x86\_x64.exe
* `http://www.microsoft.com/en-us/download/details.aspx?id=17718`_
* *.NET 4.5*
* ${SHARE\_PATH}/share/files/dotNetFx45\_Full\_setup.exe
* `http://www.microsoft.com/en-us/download/details.aspx?id=30653`_
* *Murano Agent*
* ${SHARE\_PATH}/share/files/MuranoAgent.zip
* `https://www.dropbox.com/sh/zthldcxnp6r4flm/AADh6LkVkcw2j8nKZevqedHja/MuranoAgent.zip`_
.. _`http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx`: http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx
.. _`http://alt.fedoraproject.org/pub/alt/virtio-win/stable/virtio-win-0.1-74.iso`: http://alt.fedoraproject.org/pub/alt/virtio-win/stable/virtio-win-0.1-74.iso
.. _`https://www.cloudbase.it/downloads/CloudbaseInitSetup_Beta.msi`: https://www.cloudbase.it/downloads/CloudbaseInitSetup_Beta.msi
.. _`http://www.farmanager.com/files/Far30b3525.x64.20130717.msi`: http://www.farmanager.com/files/Far30b3525.x64.20130717.msi
.. _`https://msysgit.googlecode.com/files/Git-1.8.3-preview20130601.exe`: https://msysgit.googlecode.com/files/Git-1.8.3-preview20130601.exe
.. _`http://download.sysinternals.com/files/SysinternalsSuite.zip`: http://download.sysinternals.com/files/SysinternalsSuite.zip
.. _`https://www.dropbox.com/sh/zthldcxnp6r4flm/AACwiyfcrlGDt3ygCFHrbwMra/unzip.exe`: https://www.dropbox.com/sh/zthldcxnp6r4flm/AACwiyfcrlGDt3ygCFHrbwMra/unzip.exe
.. _`http://www.microsoft.com/en-us/download/details.aspx?id=34595`: http://www.microsoft.com/en-us/download/details.aspx?id=34595
.. _`http://www.microsoft.com/en-us/download/details.aspx?id=17718`: http://www.microsoft.com/en-us/download/details.aspx?id=17718
.. _`http://www.microsoft.com/en-us/download/details.aspx?id=30653`: http://www.microsoft.com/en-us/download/details.aspx?id=30653
.. _`https://www.dropbox.com/sh/zthldcxnp6r4flm/AADh6LkVkcw2j8nKZevqedHja/MuranoAgent.zip`: https://www.dropbox.com/sh/zthldcxnp6r4flm/AADh6LkVkcw2j8nKZevqedHja/MuranoAgent.zip
Additional Software
===================
This section describes additional software which is required to build an
Windows Image.
**Windows ADK**
*Windows Assessment and Deployment Kit (ADK) for Windows® 8* is required
to build your own answer files for auto unattended Windows installation.
You can dowload it from `http://www.microsoft.com/en-us/download/details.aspx?id=30652`_.
**PuTTY**
PuTTY is a useful tool to manage your Linux boxes via SSH.
You can download it from
`http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html`_.
**Windows Server ISO image**
We use the following Windows installation images:
* Windows Server 2008 R2
* Image Name:
7601.17514.101119-1850\_x64fre\_server\_eval\_en-us-GRMSXEVAL\_EN\_DVD.iso
* URL:
`http://www.microsoft.com/en-us/download/details.aspx?id=11093`_
* Windows Server 2012
* Image Name:
9200.16384.WIN8\_RTM.120725-1247\_X64FRE\_SERVER\_EVAL\_EN-US-HRM\_SSS\_X64FREE\_EN-US\_DV5.iso
* URL:
`http://technet.microsoft.com/en-US/evalcenter/hh670538.aspx?ocid=&wt.mc\_id=TEC\_108\_1\_33`_
**VirtIO Red Hat drivers ISO image**
**Warning**
Please, choose stable version instead of latest, Weve got errors
with unstable drivers during guest unattended install.
Download drivers from
`http://alt.fedoraproject.org/pub/alt/virtio-win/stable/`_
**Floppy Image With Unattended File**
Run following commands as root:
1. Create emtpy floppy image in your home folder
::
># dd bs=512 count=2880 \
if=/dev/zero of=~/floppy.img \
mkfs.msdos ~/floppy.img
2. Mount the image to **/media/floppy**
::
># mkdir /media/floppy mount -o loop \
~/floppy.img /media/floppy
3. Download **autounattend.xml** file from
`https://raw.githubusercontent.com/stackforge/murano-deployment/master/image-builder/share/files/ws-2012-std/autounattend.xml.template`_
::
># cd ~
># wget https://raw.githubusercontent.com/stackforge/murano-deployment/master/image-builder/share/files/ws-2012-std/autounattend.xml.template
4. Copy our **autounattend.xml** to **/media/floppy**
::
># cp ~/autounattend.xml /media/floppy
5. Unmount the image
::
># umount /media/floppy
.. _`http://www.microsoft.com/en-us/download/details.aspx?id=30652`: http://www.microsoft.com/en-us/download/details.aspx?id=30652
.. _`http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html`: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
.. _`http://www.microsoft.com/en-us/download/details.aspx?id=11093`: http://www.microsoft.com/en-us/download/details.aspx?id=11093
.. _`http://technet.microsoft.com/en-US/evalcenter/hh670538.aspx?ocid=&wt.mc\_id=TEC\_108\_1\_33`: http://technet.microsoft.com/en-US/evalcenter/hh670538.aspx?ocid=&wt.mc\_id=TEC\_108\_1\_33
.. _`http://alt.fedoraproject.org/pub/alt/virtio-win/stable/`: http://alt.fedoraproject.org/pub/alt/virtio-win/stable/
.. _`https://raw.githubusercontent.com/stackforge/murano-deployment/master/image-builder/share/files/ws-2012-std/autounattend.xml.template`: https://raw.githubusercontent.com/stackforge/murano-deployment/master/image-builder/share/files/ws-2012-std/autounattend.xml.template
Build Windows Image (Automatic Way)
===================================
1. Clone **murano-deployment** repository
::
># git clone git://github.com/stackforge/murano-deployment.git
2. Change directory to **murano-deployment/image-builder** folder.
3. Create folder structure for image builder
::
># make build-root
4. Create shared resource
**Add to /etc/samba/smb.conf.**
::
[image-builder-share]
comment = Image Builder Share
browsable = yes
path = /opt/image-builder/share
guest ok = yes
guest user = nobody
read only = no
create mask = 0755
**Restart samba services.**
::
># restart smbd && restart nmbd
5. Test that all required files are in place
::
># make test-build-files
6. Get list of available images
::
># make
7. Run image build process
::
># make ws-2012-std
8. Wait until process finishes
9. The image file **ws-2012-std.qcow2** should be stored under
**/opt/image-builder/share/images** folder.
Build Windows Image (Manual Way)
================================
**Warning**
Please note that the preferred way to build images is to use
**Automated Build** described in the previous chapter.
**Get Post-Install Scripts**
There are a few scripts which perform all the required post-installation
tasks.
Package installation tasks are performed by script named **wpi.ps1**.
Download it from `https://raw.github.com/stackforge/murano-deployment/master/image-builder/share/scripts/ws-2012-std/wpi.ps1`_
**Note**
There are a few scripts named **wpi.ps1**, each supports only one
version of Windows image. The script above is intended to be used to
create Windows Server 2012 Standard. To build other version of
Windows please use appropriate script from **scripts** folder.
Clean-up actions to finish image preparation are performed by
**Start-Sysprep.ps1** script.
Download it from `https://raw.github.com/stackforge/murano-deployment/master/image-builder/share/scripts/ws-2012-std/Start-Sysprep.ps1`_
These scripts should be copied to the shared resource folder, subfolder
**Scripts**.
**Create a VM**
This section describes steps required to build an image of Windows
Virtual Machine which could be used with Murano. There are two possible
ways to create it - from CLI or using GUI tools. We describe both in
this section.
**Note**
Run all commands as root.
**Way 1: Using CLI Tools**
This section describes the required step to launch a VM using CLI tools
only.
1. Preallocate disk image
::
># qemu-img create -f raw /var/lib/libvirt/images/ws-2012.img 40G
2. Start the VM
::
># virt-install --connect qemu:///system --hvm --name WinServ \
--ram 2048 --vcpus 2 --cdrom /opt/samba/share/9200.16384.WIN8_RTM\
.120725-1247_X64FRE_SERVER_EVAL_EN-US-HRM_SSS_X64FREE_EN-US_DV5.ISO \
--disk path=/opt/samba/share/virtio-win-0.1-52.iso,device=cdrom \
--disk path=/opt/samba/share/floppy.img,device=floppy \
--disk path=/var/lib/libvirt/images/ws-2012.qcow2\
,format=qcow2,bus=virtio,cache=none \
--network network=default,model=virtio \
--memballoon model=virtio --vnc --os-type=windows \
--os-variant=win2k8 --noautoconsole \
--accelerate --noapic --keymap=en-us --video=cirrus --force
**Way 2: Using virt-manager UI**
A VM also could be lauched via GUI tools like virt-manager.
1. Launch *virt-manager* from shell as root
2. Set a name for VM and select Local install media
3. Add one cdrom and attach Windows Server ISO image to it
4. Select OS type **Windows**
5. Set CPU and RAM amount
6. Deselect option **Enable storage for this virtual machine**
7. Add second cdrom for ISO image with virtio drivers
8. Add a floppy drive and attach our floppy image to it
9. Add (or create new) HDD image with Disk bus **VirtIO** and storage format **RAW**
10. Set network device model **VirtIO**
11. Start installation process and open guest vm screen through **Console** button
**Convert the image from RAW to QCOW2 format.**
The image must be converted from RAW format to QCOW2 before being
imported into Glance.
::
># qemu-img convert -O qcow2 /var/lib/libvirt/images/ws-2012.raw \
/var/lib/libvirt/images/ws-2012-ref.qcow2
.. _`https://raw.github.com/stackforge/murano-deployment/master/image-builder/share/scripts/ws-2012-std/wpi.ps1`: https://raw.github.com/stackforge/murano-deployment/master/image-builder/share/scripts/ws-2012-std/wpi.ps1
.. _`https://raw.github.com/stackforge/murano-deployment/master/image-builder/share/scripts/ws-2012-std/Start-Sysprep.ps1`: https://raw.github.com/stackforge/murano-deployment/master/image-builder/share/scripts/ws-2012-std/Start-Sysprep.ps1

2
doc/source/index.rst
View File

@ -58,7 +58,7 @@ Table of contents
guidelines
install/index
articles/index
image_builders/index
Indices and tables
==================

2
doc/source/install/index.rst
View File

@ -22,5 +22,7 @@
.. toctree::
:maxdepth: 2
prepare
development
manual
ssl

187
doc/source/install/prepare.rst Normal file
View File

@ -0,0 +1,187 @@
..
Copyright 2014 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
========================
Prepare A Lab For Murano
========================
This section provides basic information about lab's system requirements.
It also contains a description of a test which you may use to check if
your hardware fits the requirements. To do this, run the test and
compare the results with baseline data provided.
System prerequisites
=====================
**Supported Operation Systems**
* Ubuntu Server 12.04 LTS
* RHEL/CentOS 6.4
**System packages are required for Murano**
*Ubuntu*
* gcc
* python-pip
* python-dev
* libxml2-dev
* libxslt-dev
* libffi-dev
*CentOS*
* gcc
* python-pip
* python-devel
* libxml2-devel
* libxslt-devel
* libffi-devel
Lab Requirements
================
+------------+--------------------------------+----------------------+
| Criteria | Minimal | Recommended |
+============+================================+======================+
| CPU | 4 core @ 2.4 GHz | 24 core @ 2.67 GHz |
+------------+--------------------------------+----------------------+
| RAM | 8 GB | 24 GB or more |
+------------+--------------------------------+----------------------+
| HDD | 2 x 500 GB (7200 rpm) | 4 x 500 GB (7200 rpm |
+------------+--------------------------------+----------------------+
| RAID | Software RAID-1 (use mdadm as | Hardware RAID-10 |
| | it will improve read | |
| | performance almost two times) | |
+------------+--------------------------------+----------------------+
Table: Hardware requirements
There are a few possible storage configurations except the shown above.
All of them were tested and were working well.
* 1x SSD 500+ GB
* 1x HDD (7200 rpm) 500+ GB and 1x SSD 250+ GB (install the system onto
the HDD and mount the SSD drive to folder where VM images are)
* 1x HDD (15000 rpm) 500+ GB
Test Your Lab Host Performance
==============================
We have measured time required to boot 1 to 5 instances of Windows
system simultaneously. You can use this data as the baseline to check if
your system is fast enough.
You should use sysprepped images for this test, to simulate VM first
boot.
Steps to reproduce test:
1. Prepare Windows 2012 Standard (with GUI) image in QCOW2 format. Let's
assume that its name is ws-2012-std.qcow2
2. Ensure that there is NO KVM PROCESSES on the host. To do this, run
command:
::
># ps aux | grep kvm
3. Make 5 copies of Windows image file:
::
># for i in $(seq 5); do \
cp ws-2012-std.qcow2 ws-2012-std-$i.qcow2; done
4. Create script start-vm.sh in the folder with .qcow2 files:
::
#!/bin/bash
[ -z $1 ] || echo "VM count not provided!"; exit 1
for i in $(seq $1); do
echo "Starting VM $i ..."
kvm -m 1024 -drive file=ws-2012-std-$i.qcow2,if=virtio -net user -net nic,model=virtio -nographic -usbdevice tablet -vnc :$i & done
5. Start ONE instance with command below (as root) and measure time
between VMs launch and the moment when Server Manager window
appears. To view VMs desktop, connect with VNC viewer to your host
to VNC screen :1 (port 5901):
::
># ./start-vm.sh 1
6. Turn VM off. You may simply kill all KVM processes by
::
># killall kvm
7. Start FIVE instances with command below (as root) and measure time
interval between ALL VMs launch and the moment when LAST Server Manager
window appears. To view VMs desktops, connect with VNC viewer to your
host to VNC screens :1 thru :5 (ports 5901-5905):
::
># ./start-vm.sh 5
8. Turn VMs off. You may simply kill all KVM processes by
::
># killall kvm
Baseline Data
=============
The table below provides baseline data which we've got in our
environment.
**Avg. Time** refers to the lab with recommended hardware configuration,
while **Max. Time** refers to minimal hardware configuration.
+--------------------------+--------------------------+---------------------+
| | Boot ONE instance | Boot FIVE instances |
+==========================+==========================+=====================+
| Avg. Time | 3m:40s | 8m |
+--------------------------+--------------------------+---------------------+
| Max. Time | 5m | 20m |
+--------------------------+--------------------------+---------------------+
Host Optimizations
==================
Default KVM installation could be improved to provide better
performance.
The following optimizations may improve host performance up to 30%:
* change default scheduler from **CFQ** to **Deadline**
* use **ksm**
* use **vhost-net**

136
doc/source/install/ssl.rst Normal file
View File

@ -0,0 +1,136 @@
..
Copyright 2014 2014 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
=================
SSL configuration
=================
Murano components are able to work with SSL. This chapter will help your
to make proper settings with SSL configuration.
HTTPS for Murano API
====================
SSL for Murano API service can be configured in *ssl* section in
``/etc/murano/murano-api.conf``. Just point to a valid SSL certificate.
See the example below:
::
[ssl]
cert_file = PATH
key_file = PATH
ca_file = PATH
- *cert\_file* Path to the certificate file the server should use when binding to an SSL-wrapped socket.
- *key\_file* Path to the private key file the server should use when binding to an SSL-wrapped socket.
- *ca\_file* Path to the CA certificate file the server should use to validate client certificates provided during an SSL handshake. This is ignored if cert\_file and "key\_file" are not set.
The use of SSL is automatically started after point to HTTPS protocol
instead of HTTP during registration Murano API service in endpoints
(Change publicurl argument to start with \https://).
SSL for Murano API is implemented like in any other Openstack component.
This realization is based on ssl python module so more information about
it can be found `here`_.
.. _`here`: https://docs.python.org/2/library/ssl.html
SSL for RabbitMQ
================
All Murano components communicate with each other by RabbitMQ. This
interaction can be encrypted with SSL. By default all messages in Rabbit
MQ are not encrypted. Each RabbitMQ Exchange should be configured
separately.
**Murano API <-> Rabbit MQ exchange <-> Murano Engine**
Edit ssl parameters in default section of ``/etc/murano/murano-api.conf``. Set ``rabbit_use_ssl`` option to *true* and configure ssl kombu parameters.
Specify the path to the SSL keyfile and SSL CA certificate in a regular format: /path/to/file without quotes or leave it empty to
allow self-signed certificates.
::
# connect over SSL for RabbitMQ (boolean value)
#rabbit_use_ssl=false
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
# distributions (string value)
#kombu_ssl_version=
# SSL key file (valid only if SSL enabled) (string value)
#kombu_ssl_keyfile=
# SSL cert file (valid only if SSL enabled) (string value)
#kombu_ssl_certfile=
# SSL certification authority file (valid only if SSL enabled)
# (string value)
#kombu_ssl_ca_certs=
**Murano Agent -> Rabbit MQ exchange**
In main murano-api configuration file there is a section ,named *rabbitmq*, that is responsible for set up communication between Murano Agent and Rabbit MQ.
Just set *ssl* parameter to True to enable ssl.
::
[rabbitmq]
host = localhost
port = 5672
login = guest
password = guest
virtual_host = /
ssl = True
If you want to configure Murano Agent in a different way change
the default template. It can be found in Murano Core Library, located at */https://github.com/stackforge/murano-api/blob/master/meta/io.murano/Resources/Agent-v1.template.* Take
a look at appSettings section:
::
<appSettings>
<add key="rabbitmq.host" value="%RABBITMQ_HOST%"/>
<add key="rabbitmq.port" value="%RABBITMQ_PORT%"/>
<add key="rabbitmq.user" value="%RABBITMQ_USER%"/>
<add key="rabbitmq.password" value="%RABBITMQ_PASSWORD%"/>
<add key="rabbitmq.vhost" value="%RABBITMQ_VHOST%"/>
<add key="rabbitmq.inputQueue" value="%RABBITMQ_INPUT_QUEUE%"/>
<add key="rabbitmq.resultExchange" value=""/>
<add key="rabbitmq.resultRoutingKey" value="%RESULT_QUEUE%"/>
<add key="rabbitmq.durableMessages" value="true"/>
<add key="rabbitmq.ssl" value="%RABBITMQ_SSL%"/>
<add key="rabbitmq.allowInvalidCA" value="true"/>
<add key="rabbitmq.sslServerName" value=""/>
</appSettings>
Desired parameter should be set directly to the value of the key that
you want to change. Quotes are need to be kept. Thus you can change
"rabbitmq.ssl" and "rabbitmq.port" values to make Rabbit MQ work with
this exchange in a different from Murano-Engine way.
After modification, don't forget to zip and re-upload core library.
SSL for Murano Dashboard
========================
If you are going not to use self-signed certificates additional
configuration do not need to be done. Just point https in the URL.
Otherwise, set *MURANO_API_INSECURE = True* on horizon config. You can
find it in ``/etc/openstack-dashboard/local_settings.py.``.