openstack-ansible/deploy-guide/source/configure.rst
Jean-Philippe Evrard 3eca1b5b77 [Docs] Backport Master structure
This is backport combining the documentation changes applied master
according to the queens blueprint "docs-improvements":

* [Docs] Flatten out monitoring
(cherry picked from commit ebdd5759b1)
* [Docs] Move upgrade guides into ops
(cherry picked from commit 56194bcb5a)
* [Docs] Merge advanced configuration into reference
(cherry picked from commit ba7e064ef9)
* [Docs] Uniform landing text
(cherry picked from commit 134ec81016)
* [Docs] Move AIO to first scenario
(cherry picked from commit dc8d6256ce)
* [Docs] Include test scenario as a new user story
(cherry picked from commit 3d76d5e2e2)
* [Docs] Fix references
(cherry picked from commit 1d47028911)
* [Docs] Move more examples to user guide
(cherry picked from commit 73c45a8108)
* [Docs] Move Ceph example to user guides
(cherry picked from commit d27e329a5a)
* [Docs] Move network architecture into reference
(cherry picked from commit 99ca16e85e)
* [Docs] Centralize Inventory documentation
(cherry picked from commit eb89fa513a)
* [Docs] Move limited connectivity to user guide
(cherry picked from commit b6eb92beca)
* [Docs] Migrate security into user guide
(cherry picked from commit f1a7525570)
* [Docs] Guide users more
(cherry picked from commit 99f4f17751)
* [Docs] Add explicit warnings on common mistake
(cherry picked from commit 41bd98385b)

Change-Id: I4b39f2a9f33eff7d0433a98a085cf4fd05cef75e
2018-03-20 11:47:21 +00:00

5.4 KiB

Configure the deployment

Ansible references some files that contain mandatory and optional configuration directives. Before you can run the Ansible playbooks, modify these files to define the target environment. Configuration tasks include:

  • Target host networking to define bridge interfaces and networks.
  • A list of target hosts on which to install the software.
  • Virtual and physical network relationships for OpenStack Networking (neutron).
  • Passwords for all services.

Initial environment configuration

OpenStack-Ansible (OSA) depends on various files that are used to build an inventory for Ansible. Perform the following configuration on the deployment host.

  1. Copy the contents of the /opt/openstack-ansible/etc/openstack_deploy directory to the /etc/openstack_deploy directory.

  2. Change to the /etc/openstack_deploy directory.

  3. Copy the openstack_user_config.yml.example file to /etc/openstack_deploy/openstack_user_config.yml.

  4. Review the openstack_user_config.yml file and make changes to the deployment of your OpenStack environment.

    Note

    This file is heavily commented with details about the various options. See our :dev_docs:User Guide <user/index.html> and :dev_docs:Reference Guide <reference/index.html> for more details.

The configuration in the openstack_user_config.yml file defines which hosts run the containers and services deployed by OpenStack-Ansible. For example, hosts listed in the shared-infra_hosts section run containers for many of the shared services that your OpenStack environment requires. Some of these services include databases, Memcached, and RabbitMQ. Several other host types contain other types of containers, and all of these are listed in the openstack_user_config.yml file.

Some services, such as glance, heat, horizon and nova-infra, are not listed individually in the example file as they are contained in the os-infra hosts. You can specify image-hosts or dashboard-hosts if you want to scale out in a specific manner.

For examples, please see our :dev_docs:User Guides <user/index.html>

For details about how the inventory is generated, from the environment configuration and the variable precedence, see our :dev_docs:Reference Guide <reference/index.html> under the inventory section.

Installing additional services

To install additional services, the files in etc/openstack_deploy/conf.d provide examples showing the correct host groups to use. To add another service, add the host group, allocate hosts to it, and then execute the playbooks.

Advanced service configuration

OpenStack-Ansible has many options that you can use for the advanced configuration of services. Each role's documentation provides information about the available options.

Important

This step is essential to tailoring OpenStack-Ansible to your needs and is generally overlooked by new deployers. Have a look at each role documentation, user guides, and reference if you want a tailor made cloud.

Infrastructure service roles

  • :role_docs:galera_server
  • :role_docs:haproxy_server
  • :role_docs:memcached_server
  • :role_docs:rabbitmq_server
  • :role_docs:repo_build
  • :role_docs:repo_server
  • :role_docs:rsyslog_server

OpenStack service roles

  • :role_docs:os_aodh
  • :role_docs:os_barbican
  • :role_docs:os_ceilometer
  • :role_docs:os_cinder
  • :role_docs:os_designate
  • :role_docs:os_glance
  • :role_docs:os_gnocchi
  • :role_docs:os_heat
  • :role_docs:os_horizon
  • :role_docs:os_ironic
  • :role_docs:os_keystone
  • :role_docs:os_magnum
  • :role_docs:os_neutron
  • :role_docs:os_nova
  • :role_docs:os_rally
  • :role_docs:os_sahara
  • :role_docs:os_swift
  • :role_docs:os_tempest
  • :role_docs:os_trove

Other roles

  • :role_docs:apt_package_pinning
  • :role_docs:ceph_client
  • :role_docs:galera_client
  • :role_docs:lxc_container_create
  • :role_docs:lxc_hosts
  • :role_docs:pip_install
  • :role_docs:plugins
  • :role_docs:openstack_hosts
  • :role_docs:openstack_openrc
  • :role_docs:rsyslog_client

Configuring service credentials

Configure credentials for each service in the /etc/openstack_deploy/*_secrets.yml files. Consider using the Ansible Vault feature to increase security by encrypting any files that contain credentials.

Adjust permissions on these files to restrict access by nonprivileged users.

The keystone_auth_admin_password option configures the admin tenant password for both the OpenStack API and Dashboard access.

We recommend that you use the pw-token-gen.py script to generate random values for the variables in each file that contains service credentials:

# cd /opt/openstack-ansible
# ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml

To regenerate existing passwords, add the --regen flag.

Warning

The playbooks do not currently manage changing passwords in an existing environment. Changing passwords and rerunning the playbooks will fail and might break your OpenStack environment.