openstack/openstack-ansible
Code Issues Proposed changes
18c9e1faee
openstack-ansible/doc/source/install-guide/configure.rst
daz 1b0f0203b1 [docs] Add links to example configuration files 
Adding links to example configuration files in the
appendix, and in openstack_deploy/conf.d

Change-Id: Ifd395c40ccd53dc15d2c9c7bdeeb05cb4d47059b
Implements: blueprint osa-install-guide-overhaul
2016-09-20 08:54:41 +00:00

3.4 KiB
Raw Blame History

Configure deployment

Ansible references a handful of files containing mandatory and optional configuration directives. Modify these files to define the target environment before running the Ansible playbooks. Configuration tasks include:

  • Target host networking to define bridge interfaces and networks.
  • A list of target hosts on which to install the software.
  • Virtual and physical network relationships for OpenStack Networking (neutron).
  • Passwords for all services.

Initial environment configuration

OpenStack-Ansible depends on various files that are used to build an inventory for Ansible. The following configuration is to be done on the deployment host. Start by getting those files into the correct places:

  1. Copy the contents of the /opt/openstack-ansible/etc/openstack_deploy directory to the /etc/openstack_deploy directory.

  2. Change to the /etc/openstack_deploy directory.

  3. Copy the openstack_user_config.yml.example file to /etc/openstack_deploy/openstack_user_config.yml.

  4. Review the openstack_user_config.yml file and make changes to the deployment of your OpenStack environment.

    Note

    The file is heavily commented with details about the various options.

Configuration in openstack_user_config.yml defines which hosts will run the containers and services deployed by OpenStack-Ansible. For example, hosts listed in the shared-infra_hosts run containers for many of the shared services that your OpenStack environment requires. Some of these services include databases, memcached, and RabbitMQ. There are several other host types that contain other types of containers and all of these are listed in openstack_user_config.yml.

For details about how the inventory is generated from the environment configuration, see developer-inventory.

To configure your OpenStack installation for a test environment or production environment, see the examples in test-environment-config and production-environment-config.

To install additional services, see the example configuration files in /etc/openstack_deploy/conf.d.

Configuring service credentials

Configure credentials for each service in the /etc/openstack_deploy/*_secrets.yml files. Consider using Ansible Vault to increase security by encrypting any files containing credentials.

Adjust permissions on these files to restrict access by non-privileged users.

Note

The following options configure passwords for the web interfaces.

  • keystone_auth_admin_password configures the admin tenant

    password for both the OpenStack API and dashboard access.

Note

We recommend using the pw-token-gen.py script to generate random values for the variables in each file that contains service credentials:

# cd /opt/openstack-ansible/scripts
# python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml

To regenerate existing passwords, add the --regen flag.

Warning

The playbooks do not currently manage changing passwords in an existing environment. Changing passwords and re-running the playbooks will fail and may break your OpenStack environment.