From 9b8e916d19e84bfd698e46bd924c3fbce0aa6a95 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 5 Apr 2021 17:52:00 +0300 Subject: [PATCH] [doc] Document how to use separate RabbitMQ cluster Since Trove requires guest network to be passed to the rabbitmq it makes sense to use standalone rabbitmq cluster and instruction about how to do might be useful Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784780 Change-Id: Ibbc6faa2a5d5b3af39db9ae214ba9087a777a0eb --- doc/source/configure-trove.rst | 92 ++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/doc/source/configure-trove.rst b/doc/source/configure-trove.rst index 2071b5c..37a621c 100644 --- a/doc/source/configure-trove.rst +++ b/doc/source/configure-trove.rst @@ -105,3 +105,95 @@ the images using custom ``diskimage-builder`` elements. See the ``trove/integration/scripts/files/elements`` directory contents in the OpenStack Trove project for ``diskimage-builder`` elements to build trove disk images. + + +Use stand-alone RabbitMQ +~~~~~~~~~~~~~~~~~~~~~~~~ + +Since Trove uses RabbitMQ to interact with guest servers it requires you to +pass the neutron network into the RabbitMQ container which is a security risk. +As a result, you might want to isolate Trove from other services in terms of +the RabbitMQ cluster and use a standalone one. + +In order to deploy new RabbitMQ cluster and use it for Trove, you will need +to: + +#. Create a new group for RabbitMQ containers. You will need to create a file + inside ``/etc/openstack_depoy/env.d`` which defines group mappings + + .. code-block:: yaml + + component_skel: + trove_rabbitmq: + belongs_to: + - trove_mq_all + + container_skel: + trove_rabbit_container: + belongs_to: + - trove-mq_containers + contains: + - trove_rabbitmq + + physical_skel: + trove-mq_containers: + belongs_to: + - all_containers + trove-mq_hosts: + belongs_to: + - hosts + +#. Define on which hosts this group will be deployed. This can be done either + with a new file in conf.d or inside openstack_user_config.yml + + .. code-block:: yaml + + trove-mq_hosts: + aio1: + ip: 172.29.236.100 + +#. Add to the dbaas network mapping for the new group: + +.. code-block:: yaml + + - network: + container_bridge: "br-dbaas" + container_type: "veth" + container_interface: "eth14" + host_bind_override: "eth14" + ip_from_q: "dbaas" + type: "flat" + net_name: "dbaas-mgmt" + group_binds: + - neutron_linuxbridge_agent + - oslomsg_rpc + - trove_rabbitmq + +#. Create overrides for dedicated rabbitmq containers, ie + ``/etc/openstack_deploy/group_vars/trove_rabbitmq.yml`` + + .. code-block:: yaml + + rabbitmq_cluster_name: trove + rabbitmq_cookie_token: + rabbitmq_monitoring_password: + +#. Create overrides for trove service contaienrs, ie + ``/etc/openstack_deploy/group_vars/trove_all.yml`` + + .. note:: + + For notifications we still want to use main RabbitMQ cluster + + .. code-block:: yaml + + oslomsg_rpc_host_group: trove_rabbitmq + oslomsg_rpc_servers: "{{ groups[oslomsg_rpc_host_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}" + trove_guest_oslomsg_notify_servers: "{{ rabbitmq_servers }}" + +#. Run playbooks to create rabbitmq containers and deploy cluster on them + + .. code-block:: bash + + openstack-ansible playbooks/lxc-containers-create.yml --limit trove_rabbitmq,lxc_hosts + openstack-ansible playbooks/rabbitmq-install.yml -e rabbitmq_host_group=trove_rabbitmq