Merge "Convert debconf files to RST"
@ -0,0 +1,78 @@
|
||||
======================
|
||||
Register API endpoints
|
||||
======================
|
||||
|
||||
All Debian packages for API services, except the ``heat-api`` package,
|
||||
register the service in the Identity service catalog. This feature is
|
||||
helpful because API endpoints are difficult to remember.
|
||||
|
||||
.. note::
|
||||
|
||||
The ``heat-common`` package and not the ``heat-api`` package configures the
|
||||
Orchestration service.
|
||||
|
||||
When you install a package for an API service, you are prompted to
|
||||
register that service. However, after you install or upgrade the package
|
||||
for an API service, Debian immediately removes your response to this
|
||||
prompt from the debconf database. Consequently, you are prompted to
|
||||
re-register the service with the Identity service. If you already
|
||||
registered the API service, respond ``no`` when you upgrade.
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/api-endpoint_1_register_endpoint.png
|
||||
|
||||
|
|
||||
|
||||
This screen registers packages in the Identity service catalog:
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/api-endpoint_2_keystone_server_ip.png
|
||||
|
||||
|
|
||||
|
||||
You are prompted for the Identity service ``admin_token`` value. The
|
||||
Identity Service uses this value to register the API service. When you
|
||||
set up the ``keystone`` package, this value is configured automatically.
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/api-endpoint_3_keystone_authtoken.png
|
||||
|
||||
|
|
||||
|
||||
This screen configures the IP addresses for the service. The
|
||||
configuration script automatically detects the IP address used by the
|
||||
interface that is connected to the default route (``/sbin/route`` and
|
||||
``/sbin/ip``).
|
||||
|
||||
Unless you have a unique set up for your network, press **ENTER**.
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/api-endpoint_4_service_endpoint_ip_address.png
|
||||
|
||||
|
|
||||
|
||||
This screen configures the region name for the service. For example,
|
||||
``us-east-coast`` or ``europe-paris``.
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/api-endpoint_5_region_name.png
|
||||
|
||||
|
|
||||
|
||||
The Debian package post installation scripts will then perform the below
|
||||
commands for you:
|
||||
|
||||
.. code-block:: ini
|
||||
:linenos:
|
||||
|
||||
PKG_SERVICE_ID=$(pkgos_get_id keystone --os-token ${AUTH_TOKEN} \
|
||||
--os-endpoint http://${KEYSTONE_ENDPOINT_IP}:35357/v2.0/ service-create \
|
||||
--name ${SERVICE_NAME} --type ${SERVICE_TYPE} --description "${SERVICE_DESC}")
|
||||
keystone --os-token ${AUTH_TOKEN} \
|
||||
--os-endpoint http://${KEYSTONE_ENDPOINT_IP}:35357/v2.0/
|
||||
endpoint-create \
|
||||
--region "${REGION_NAME}" --service_id ${PKG_SERVICE_ID} \
|
||||
--publicurl http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL} \
|
||||
--internalurl http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL} \
|
||||
--adminurl http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL})
|
||||
|
||||
The values of ``AUTH_TOKEN``, ``KEYSTONE_ENDPOINT_IP``,
|
||||
``PKG_ENDPOINT_IP``, and ``REGION_NAME`` depend on the answer you will
|
||||
provide to the debconf prompts. But the values of ``SERVICE_NAME``,
|
||||
``SERVICE_TYPE``, ``SERVICE_DESC``, and ``SERVICE_URL`` are already
|
||||
pre-wired in each package, so you don't have to remember them.
|
161
doc/install-guide-rst/source/debconf/debconf-dbconfig-common.rst
Normal file
@ -0,0 +1,161 @@
|
||||
===========================================
|
||||
Configure the database with dbconfig-common
|
||||
===========================================
|
||||
|
||||
Many of the OpenStack services need to be configured to access a
|
||||
database. These are configured through a DSN (Database Source Name)
|
||||
directive as follows:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[database]
|
||||
connection = mysql://keystone:0dec658e3f14a7d@localhost/keystonedb
|
||||
|
||||
This ``connection`` directive will be handled by the ``dbconfig-common``
|
||||
package, which provides a standard Debian interface. It enables you to
|
||||
configure Debian database parameters. It includes localized prompts for
|
||||
many languages and it supports the following database backends: SQLite,
|
||||
MySQL, and PostgreSQL.
|
||||
|
||||
By default, the ``dbconfig-common`` package configures the OpenStack
|
||||
services to use SQLite. So if you use debconf in non-interactive mode
|
||||
and without pre-seeding, the OpenStack services that you install will
|
||||
use SQLite.
|
||||
|
||||
By default, ``dbconfig-common`` does not provide access to database servers
|
||||
over a network. If you want the ``dbconfig-common`` package to prompt for
|
||||
remote database servers that are accessed over a network and not through
|
||||
a UNIX socket file, reconfigure it, as follows:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# apt-get install dbconfig-common && dpkg-reconfigure dbconfig-common
|
||||
|
||||
These screens appear when you re-configure the ``dbconfig-common`` package:
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_keep_admin_pass.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_used_for_remote_db.png
|
||||
|
||||
|
|
||||
|
||||
Unlike other debconf prompts, you cannot pre-seed the responses for the
|
||||
``dbconfig-common`` prompts by using ``debconf-set-selections``. Instead,
|
||||
you must create a file in :file:`/etc/dbconfig-common`. For example, you
|
||||
might create a keystone configuration file for ``dbconfig-common`` that is
|
||||
located in :file:`/etc/dbconfig-common/keystone.conf`, as follows:
|
||||
|
||||
.. code-block:: ini
|
||||
:linenos:
|
||||
|
||||
dbc_install='true'
|
||||
dbc_upgrade='true'
|
||||
dbc_remove=''
|
||||
dbc_dbtype='mysql'
|
||||
dbc_dbuser='keystone'
|
||||
dbc_dbpass='PASSWORD'
|
||||
dbc_dbserver=''
|
||||
dbc_dbport=''
|
||||
dbc_dbname='keystonedb'
|
||||
dbc_dbadmin='root'
|
||||
dbc_basepath=''
|
||||
dbc_ssl=''
|
||||
dbc_authmethod_admin=''
|
||||
dbc_authmethod_user=''
|
||||
|
||||
After you create this file, run this command:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# apt-get install keystone
|
||||
|
||||
The Identity service is installed with MySQL as the database back end,
|
||||
``keystonedb`` as database name, and the localhost socket file. The
|
||||
corresponding DNS will then be:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[database]
|
||||
connection = mysql://keystone:PASSWORD@localhost/keystonedb
|
||||
|
||||
The ``dbconfig-common`` package will configure MySQL for these access
|
||||
rights, and create the database for you. Since OpenStack 2014.1.1, all
|
||||
OpenStack packages in Debian are performing the following MySQL query
|
||||
after database creation (if you decide to use MySQL as a back-end):
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
ALTER DATABASE keystone CHARACTER SET utf8 COLLATE utf8_unicode_ci
|
||||
|
||||
So, if using Debian, you wont need to care about database creation,
|
||||
access rights and character sets. All that is handled for you by the
|
||||
packages.
|
||||
|
||||
As an example, here are screenshots from the ``cinder-common`` package:
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_1_configure-with-dbconfig-yes-no.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_2_db-types.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_3_connection_method.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_4_mysql_root_password.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_5_mysql_app_password.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/dbconfig-common_6_mysql_app_password_confirm.png
|
||||
|
||||
|
|
||||
|
||||
By default in Debian, you can access the MySQL server from either
|
||||
localhost through the socket file or 127.0.0.1. To access it over the
|
||||
network, you must edit the :file:`/etc/mysql/my.cnf` file, and the
|
||||
``mysql.user`` table. To do so, Debian provides a helper script in the
|
||||
``openstack-deploy`` package. To use it, install the package and run:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# /usr/share/openstack-deploy/mysql-remote-root
|
||||
|
||||
Alternatively, if you do not want to install this package, run this
|
||||
script to enable remote root access:
|
||||
|
||||
.. code-block:: bash
|
||||
:linenos:
|
||||
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
SQL="mysql --defaults-file=/etc/mysql/debian.cnf -Dmysql -e"
|
||||
|
||||
ROOT_PASS=`${SQL} "SELECT Password FROM user WHERE User='root' LIMIT 1;" \
|
||||
| tail -n 1`
|
||||
${SQL} "REPLACE INTO user SET host='%', user='root',\
|
||||
password='${ROOT_PASS}', Select_priv='Y', Insert_priv='Y',\
|
||||
Update_priv='Y', Delete_priv='Y', Create_priv='Y', Drop_priv='Y',\
|
||||
Reload_priv='Y', Shutdown_priv='Y', Process_priv='Y', File_priv='Y',\
|
||||
Grant_priv='Y', References_priv='Y', Index_priv='Y', Alter_priv='Y',\
|
||||
Super_priv='Y', Show_db_priv='Y', Create_tmp_table_priv='Y',\
|
||||
Lock_tables_priv='Y', Execute_priv='Y', Repl_slave_priv='Y',\
|
||||
Repl_client_priv='Y', Create_view_priv='Y', Show_view_priv='Y',\
|
||||
Create_routine_priv='Y', Alter_routine_priv='Y', Create_user_priv='Y',\
|
||||
Event_priv='Y', Trigger_priv='Y' "
|
||||
${SQL} "FLUSH PRIVILEGES"
|
||||
sed -i 's|^bind-address[ \t]*=.*|bind-address = 0.0.0.0|' /etc/mysql/my.cnf
|
||||
/etc/init.d/mysql restart
|
||||
|
||||
You must enable remote access before you install OpenStack services on
|
||||
multiple nodes.
|
@ -0,0 +1,56 @@
|
||||
======================================
|
||||
Services and the [keystone_authtoken]
|
||||
======================================
|
||||
|
||||
Because most OpenStack services must access the Identity service, you
|
||||
must configure the IP address of the ``keystone`` server to be able to
|
||||
access it. You must also configure the ``admin_tenant_name``,
|
||||
``admin_user``, and ``admin_password`` options for each service to work.
|
||||
|
||||
Generally, this section looks like this:
|
||||
|
||||
.. code-block:: ini
|
||||
:linenos:
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://controller:5000/v2.0
|
||||
identity_uri = http://controller:35357
|
||||
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||
admin_user = %SERVICE_USER%
|
||||
admin_password = %SERVICE_PASSWORD%
|
||||
|
||||
The debconf system helps users configure the ``auth_uri``,
|
||||
``identity_uri``, ``admin_tenant_name``, ``admin_user``, and
|
||||
``admin_password`` options.
|
||||
|
||||
The following screens show an example Image service configuration:
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/service_keystone_authtoken_server_hostname.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/service_keystone_authtoken_admin_tenant_name.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/service_keystone_authtoken_tenant_admin_user.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/service_keystone_authtoken_admin_password.png
|
||||
|
||||
This information is stored in the configuration file for each service.
|
||||
For example:
|
||||
|
||||
.. code-block:: ini
|
||||
:linenos:
|
||||
|
||||
/etc/ceilometer/ceilometer.conf
|
||||
/etc/nova/api-paste.ini
|
||||
/etc/glance/glance-api-paste.ini
|
||||
/etc/glance/glance-registry.ini
|
||||
/etc/cinder/cinder.conf
|
||||
/etc/neutron/neutron.conf
|
||||
|
||||
The Debian OpenStack packages offer automation for this, so OpenStack
|
||||
users do not have to manually edit the configuration files.
|
34
doc/install-guide-rst/source/debconf/debconf-rabbitmq.rst
Normal file
@ -0,0 +1,34 @@
|
||||
===============================
|
||||
RabbitMQ credentials parameters
|
||||
===============================
|
||||
|
||||
For every package that must connect to a Messaging Server, the Debian
|
||||
package enables you to configure the IP address for that server and the
|
||||
user name and password that is used to connect. The following example
|
||||
shows configuration with the ``ceilometer-common`` package:
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/rabbitmq-host.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/rabbitmq-user.png
|
||||
|
||||
|
|
||||
|
||||
.. image:: ../figures/debconf-screenshots/rabbitmq-password.png
|
||||
|
||||
|
|
||||
|
||||
These debconf screens appear in: ``ceilometer-common``, ``cinder-common``,
|
||||
``glance-common``, ``heat-common``, ``neutron-common``, and ``nova-common``.
|
||||
|
||||
This will configure the below directives (example from :file:`nova.conf`):
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
rabbit_host=localhost
|
||||
rabbit_userid=guest
|
||||
rabbit_password=guest
|
||||
|
||||
The other directives concerning RabbitMQ will stay untouched.
|
@ -6,9 +6,7 @@ Configure OpenStack with debconf
|
||||
:maxdepth: 2
|
||||
|
||||
debconf-concepts.rst
|
||||
|
||||
.. todo(karenb)
|
||||
debconf-dbconfig-common.rst
|
||||
debconf-rabbitmq.rst
|
||||
debconf-keystone_authtoken.rst
|
||||
debconf-keystone-authtoken.rst
|
||||
debconf-api-endpoints.rst
|
||||
|
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 13 KiB |
After Width: | Height: | Size: 10 KiB |
After Width: | Height: | Size: 20 KiB |
After Width: | Height: | Size: 16 KiB |
After Width: | Height: | Size: 44 KiB |
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 35 KiB |
After Width: | Height: | Size: 14 KiB |
After Width: | Height: | Size: 15 KiB |
After Width: | Height: | Size: 6.4 KiB |
After Width: | Height: | Size: 42 KiB |
After Width: | Height: | Size: 37 KiB |
After Width: | Height: | Size: 38 KiB |
After Width: | Height: | Size: 16 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 19 KiB |
After Width: | Height: | Size: 8.2 KiB |
After Width: | Height: | Size: 8.3 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 8.1 KiB |