openstack/openstack-manuals
Code Issues Proposed changes

Editorial updates to common files, including sentence-style headings and consistency/clarity edits

Browse Source 
Partial-Bug: #1250515

backport: havana

Change-Id: I9675dffd130c8aa6343143d9806adb4e0b74a55d
author: diane fleming
This commit is contained in:
Diane Fleming 2013-11-18 10:26:49 -06:00
parent 80cb0dc762
commit bc7a9f0da7
60 changed files with 2639 additions and 2389 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
doc/common/app_support.xml
View File

@ -29,21 +29,21 @@
<para>The following books explain how to install an OpenStack cloud <para>The following books explain how to install an OpenStack cloud
and its components: and its components:
</para> </para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<link xlink:href="http://docs.openstack.org/trunk/install-guide/install/apt-debian/content/"> <link xlink:href="http://docs.openstack.org/trunk/install-guide/install/apt-debian/content/">
<citetitle>Installation Guide for Debian 7.0</citetitle> <citetitle>Installation Guide for Debian 7.0</citetitle>
</link> </link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<link xlink:href="http://docs.openstack.org/trunk/install-guide/install/zypper/content/"> <link xlink:href="http://docs.openstack.org/trunk/install-guide/install/zypper/content/">
<citetitle>Installation Guide for openSUSE and SUSE Linux Enterprise Server</citetitle> <citetitle>Installation Guide for openSUSE and SUSE Linux Enterprise Server</citetitle>
</link> </link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -51,14 +51,14 @@
<citetitle>Installation Guide for Red Hat Enterprise Linux, <citetitle>Installation Guide for Red Hat Enterprise Linux,
CentOS, and Fedora</citetitle> CentOS, and Fedora</citetitle>
</link> </link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<link xlink:href="http://docs.openstack.org/trunk/install-guide/install/apt/content/"> <link xlink:href="http://docs.openstack.org/trunk/install-guide/install/apt/content/">
<citetitle>Installation Guide for Ubuntu 12.04 (LTS)</citetitle> <citetitle>Installation Guide for Ubuntu 12.04 (LTS)</citetitle>
</link> </link>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The following books explain how to configure and run an <para>The following books explain how to configure and run an
@ -69,13 +69,13 @@
<link <link
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/" xlink:href="http://docs.openstack.org/admin-guide-cloud/content/"
><citetitle>Cloud Administrator Guide</citetitle></link> ><citetitle>Cloud Administrator Guide</citetitle></link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para><link <para><link
xlink:href="http://docs.openstack.org/trunk/config-reference/content/" xlink:href="http://docs.openstack.org/trunk/config-reference/content/"
><citetitle>Configuration Reference</citetitle></link> ><citetitle>Configuration Reference</citetitle></link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para><link <para><link
@ -86,19 +86,19 @@
<para><link <para><link
xlink:href="http://docs.openstack.org/high-availability-guide/content/" xlink:href="http://docs.openstack.org/high-availability-guide/content/"
><citetitle>High Availability Guide</citetitle></link> ><citetitle>High Availability Guide</citetitle></link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para><link <para><link
xlink:href="http://docs.openstack.org/sec/" xlink:href="http://docs.openstack.org/sec/"
><citetitle>Security Guide</citetitle></link> ><citetitle>Security Guide</citetitle></link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para><link <para><link
xlink:href="http://docs.openstack.org/image-guide/content/" xlink:href="http://docs.openstack.org/image-guide/content/"
><citetitle>Virtual Machine Image Guide</citetitle></link> ><citetitle>Virtual Machine Image Guide</citetitle></link>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The following books explain how to use the OpenStack <para>The following books explain how to use the OpenStack
@ -109,21 +109,21 @@
<link <link
xlink:href="http://docs.openstack.org/api/quick-start/content/" xlink:href="http://docs.openstack.org/api/quick-start/content/"
><citetitle>API Quick Start</citetitle></link> ><citetitle>API Quick Start</citetitle></link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<link <link
xlink:href="http://docs.openstack.org/user-guide/content/" xlink:href="http://docs.openstack.org/user-guide/content/"
><citetitle>End User Guide</citetitle></link> ><citetitle>End User Guide</citetitle></link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<link <link
xlink:href="http://docs.openstack.org/user-guide-admin/content/" xlink:href="http://docs.openstack.org/user-guide-admin/content/"
><citetitle>Admin User Guide</citetitle></link> ><citetitle>Admin User Guide</citetitle></link>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The following documentation provides reference and <para>The following documentation provides reference and
@ -325,7 +325,7 @@ xlink:href="https://bugs.launchpad.net/ceilometer"
or <link or <link
xlink:href="https://bugs.launchpad.net/openstack-manuals/+filebug" xlink:href="https://bugs.launchpad.net/openstack-manuals/+filebug"
>report a bug</link>. >report a bug</link>.
</para> </para>
</section> </section>
<section xml:id="distro-support"> <section xml:id="distro-support">
@ -333,7 +333,7 @@ xlink:href="https://bugs.launchpad.net/ceilometer"
<para> <para>
The following Linux distributions provide community-supported packages for The following Linux distributions provide community-supported packages for
OpenStack: OpenStack:
</para> </para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><emphasis role="bold">Debian:</emphasis> <link <para><emphasis role="bold">Debian:</emphasis> <link
@ -343,20 +343,20 @@ xlink:href="https://bugs.launchpad.net/ceilometer"
<para><emphasis role="bold">CentOS, Fedora, and Red Hat <para><emphasis role="bold">CentOS, Fedora, and Red Hat
Enterprise Linux:</emphasis> <link Enterprise Linux:</emphasis> <link
xlink:href="http://openstack.redhat.com/">http://openstack.redhat.com/</link> xlink:href="http://openstack.redhat.com/">http://openstack.redhat.com/</link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">openSUSE and SUSE Linux <para><emphasis role="bold">openSUSE and SUSE Linux
Enterprise Server:</emphasis> Enterprise Server:</emphasis>
<link xlink:href="http://en.opensuse.org/Portal:OpenStack" <link xlink:href="http://en.opensuse.org/Portal:OpenStack"
>http://en.opensuse.org/Portal:OpenStack</link> >http://en.opensuse.org/Portal:OpenStack</link>
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">Ubuntu:</emphasis> <para><emphasis role="bold">Ubuntu:</emphasis>
<link xlink:href="https://wiki.ubuntu.com/ServerTeam/CloudArchive" <link xlink:href="https://wiki.ubuntu.com/ServerTeam/CloudArchive"
>https://wiki.ubuntu.com/ServerTeam/CloudArchive</link> >https://wiki.ubuntu.com/ServerTeam/CloudArchive</link>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>

2
doc/common/section_cli_install.xml
View File

@ -57,7 +57,7 @@
package directly from <link package directly from <link
xlink:href="http://pypi.python.org/pypi/setuptools" xlink:href="http://pypi.python.org/pypi/setuptools"
>http://pypi.python.org/pypi/setuptools</link>. >http://pypi.python.org/pypi/setuptools</link>.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>

3
doc/common/section_cli_openrc.xml
View File

@ -63,13 +63,12 @@
password.</para> password.</para>
</step> </step>
</procedure> </procedure>
<para>Alternatively, you can create the <para>Alternatively, you can create the
<filename>openrc.sh</filename> file from scratch.</para> <filename>openrc.sh</filename> file from scratch.</para>
<procedure> <procedure>
<step> <step>
<para>Create the <filename>openrc.sh</filename> file <para>Create the <filename>openrc.sh</filename> file
containing the authentication:</para> and add the authentication information:</para>
<programlisting language="bash">export OS_USERNAME=<replaceable>USERNAME</replaceable> <programlisting language="bash">export OS_USERNAME=<replaceable>USERNAME</replaceable>
export OS_PASSWORD=<replaceable>PASSWORD</replaceable> export OS_PASSWORD=<replaceable>PASSWORD</replaceable>
export OS_TENANT_NAME=<replaceable>PROJECT_NAME</replaceable> export OS_TENANT_NAME=<replaceable>PROJECT_NAME</replaceable>

32
doc/common/section_compute-configure-ec2.xml
View File

@ -1,21 +1,17 @@
<section xml:id="configuring-ec2-api" <section xml:id="configuring-ec2-api"
xmlns="http://docbook.org/ns/docbook" xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:ns5="http://www.w3.org/1999/xhtml" xmlns:ns5="http://www.w3.org/1999/xhtml"
xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns4="http://www.w3.org/2000/svg"
xmlns:ns3="http://www.w3.org/1998/Math/MathML" xmlns:ns3="http://www.w3.org/1998/Math/MathML"
xmlns:ns="http://docbook.org/ns/docbook"> xmlns:ns="http://docbook.org/ns/docbook">
<title>Configuring the EC2 API</title> <title>Configure the EC2 API</title>
<para>You can set options in the <filename>nova.conf</filename>
<para>You can use <filename>nova.conf</filename> configuration configuration file to control which network address and port the
options to control which network address and port the EC2 API will EC2 API listens on, the formatting of some API responses, and
listen on, the formatting of some API responses, and authentication authentication related options.</para>
related options.</para>
<para>To customize these options for OpenStack EC2 API, use these <para>To customize these options for OpenStack EC2 API, use these
configuration option settings.</para> configuration option settings:</para>
<xi:include href="../common/tables/nova-ec2.xml"/>
<xi:include href="../common/tables/nova-ec2.xml" />
</section> </section>

29
doc/common/section_compute-configure-quotas.xml
View File

@ -1,18 +1,17 @@
<section xml:id="configuring-quotas" <section xml:id="configuring-quotas"
xmlns="http://docbook.org/ns/docbook" xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:ns5="http://www.w3.org/1999/xhtml" xmlns:ns5="http://www.w3.org/1999/xhtml"
xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns4="http://www.w3.org/2000/svg"
xmlns:ns3="http://www.w3.org/1998/Math/MathML" xmlns:ns3="http://www.w3.org/1998/Math/MathML"
xmlns:ns="http://docbook.org/ns/docbook" version="5.0"> xmlns:ns="http://docbook.org/ns/docbook" version="5.0">
<title>Configuring Quotas</title> <title>Configure quotas</title>
<para>To prevent system capacities from being exhausted without <para>To prevent system capacities from being exhausted without
notification, you can set up quotas. Quotas are operational limits. notification, you can set up quotas. Quotas are operational
For example, the number of gigabytes allowed per tenant can be limits. For example, the number of gigabytes allowed per tenant
controlled so that cloud resources are optimized. can be controlled so that cloud resources are optimized. Quotas
Quotas are currently enforced at the tenant (or project) level, are currently enforced at the tenant (or project) level, rather
rather than by user. than by user.</para>
</para>
<xi:include href="section_nova_cli_quotas.xml"/> <xi:include href="section_nova_cli_quotas.xml"/>
</section> </section>

39
doc/common/section_compute-configure-spice.xml
View File

@ -1,26 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section <section xmlns="http://docbook.org/ns/docbook"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
version="5.0"
xml:id="spice-console"> xml:id="spice-console">
<title>Spice Console</title> <title>SPICE console</title>
<para>OpenStack Compute has long had support for VNC consoles to <para>OpenStack Compute supports VNC consoles to guests. The VNC
guests. The VNC protocol is fairly limited, lacking support for protocol is fairly limited, lacking support for multiple monitors,
multiple monitors, bi-directional audio, reliable cut+paste, video bi-directional audio, reliable cut-and-paste, video streaming and
streaming and more. SPICE is a new protocol which aims to address more. SPICE is a new protocol that aims to address the limitations
all the limitations in VNC, to provide good remote desktop in VNC and provide good remote desktop support.</para>
support.</para>
<para>SPICE support in OpenStack Compute shares a similar <para>SPICE support in OpenStack Compute shares a similar
architecture to the VNC implementation. The OpenStack Dashboard architecture to the VNC implementation. The OpenStack dashboard
uses a SPICE-HTML5 widget in its console tab, that communicates to uses a SPICE-HTML5 widget in its console tab that communicates to
the <literal>nova-spicehtml5proxy</literal> service using the <systemitem class="service">nova-spicehtml5proxy</systemitem>
SPICE-over-websockets. The <literal>nova-spicehtml5proxy</literal> service by using SPICE-over-websockets. The <systemitem
service communicates directly with the hypervisor process using SPICE.<note> class="service">nova-spicehtml5proxy</systemitem> service
<para>If Spice is not configured correctly, Compute will fall communicates directly with the hypervisor process by using SPICE.<note>
back upon VNC.</para> <para>If you do not configure SPICE correctly, Compute falls
back on VNC.</para>
</note></para> </note></para>
<para>Options for configuring SPICE as the console for OpenStack Compute can be found below.</para> <para>The following table shows the options to configure SPICE as
<xi:include href="../common/tables/nova-spice.xml"/> the console for OpenStack Compute:</para>
<xi:include href="../common/tables/nova-spice.xml"/>
</section> </section>

289
doc/common/section_compute-configure-vnc.xml
View File

@ -3,9 +3,10 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="getting-started-with-vnc-proxy"> xml:id="getting-started-with-vnc-proxy">
<title>VNC Console Proxy</title> <title>VNC console proxy</title>
<para>The VNC proxy is an OpenStack component that enables compute <para>The VNC proxy is an OpenStack component that enables compute
service users to access their instances through VNC clients.</para> service users to access their instances through VNC
clients.</para>
<para>The VNC console connection works as follows:</para> <para>The VNC console connection works as follows:</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
@ -15,17 +16,18 @@
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para>The user pastes the URL in a browser or as a client <para>The user pastes the URL in a browser or uses it as a
parameter.</para> client parameter.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The browser or client connects to the proxy.</para> <para>The browser or client connects to the proxy.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The proxy talks to <systemitem class="service">nova-consoleauth</systemitem> to <para>The proxy talks to <systemitem class="service"
authorize the user's token, and maps the token to the >nova-consoleauth</systemitem> to authorize the token for
<emphasis>private</emphasis> host and port of an instance's the user, and maps the token to the
VNC server.</para> <emphasis>private</emphasis> host and port of the VNC server
for an instance.</para>
<para>The compute host specifies the address that the proxy <para>The compute host specifies the address that the proxy
should use to connect through the should use to connect through the
<filename>nova.conf</filename> file option, <filename>nova.conf</filename> file option,
@ -34,35 +36,34 @@
private host network.</para> private host network.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>The proxy initiates the connection to VNC server, and <para>The proxy initiates the connection to VNC server and
continues to proxy until the session ends.</para> continues to proxy until the session ends.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>The proxy also tunnels the VNC protocol over WebSockets so <para>The proxy also tunnels the VNC protocol over WebSockets so
that the noVNC client has a way to talk VNC.</para> that the noVNC client can talk VNC.</para>
<para>In general, the VNC proxy:</para> <para>In general, the VNC proxy:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Bridges between the public network, where the clients <para>Bridges between the public network where the clients live
live, and the private network, where vncservers live.</para> and the private network where vncservers live.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Mediates token authentication.</para> <para>Mediates token authentication.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Transparently deals with hypervisor-specific connection <para>Transparently deals with hypervisor-specific connection
details to provide a uniform client experience. <figure details to provide a uniform client experience.</para>
xml:id="novnc-process"> <figure xml:id="novnc-process">
<title>noVNC process</title> <title>noVNC process</title>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata <imagedata
fileref="../common/figures/novnc/SCH_5009_V00_NUAC-VNC_OpenStack.png" fileref="../common/figures/novnc/SCH_5009_V00_NUAC-VNC_OpenStack.png"
format="PNG" width="5in"/> format="PNG" width="5in"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</figure> </figure>
</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<section xml:id="about-nova-consoleauth"> <section xml:id="about-nova-consoleauth">
@ -70,148 +71,156 @@
<title>About nova-consoleauth</title> <title>About nova-consoleauth</title>
</info> </info>
<para>Both client proxies leverage a shared service to manage <para>Both client proxies leverage a shared service to manage
token auth called <systemitem class="service">nova-consoleauth</systemitem>. This token authentication called <systemitem class="service"
service must be running for either proxy to work. Many proxies >nova-consoleauth</systemitem>. This service must be running
of either type can be run against a single for either proxy to work. Many proxies of either type can be run
<systemitem class="service">nova-consoleauth</systemitem> service in a cluster against a single <systemitem class="service"
>nova-consoleauth</systemitem> service in a cluster
configuration.</para> configuration.</para>
<para>Do not confuse the <systemitem class="service">nova-consoleauth</systemitem> <para>Do not confuse the <systemitem class="service"
shared service with <literal>nova-console</literal>, which is a >nova-consoleauth</systemitem> shared service with
XenAPI-specific service that most recent VNC proxy architectures <literal>nova-console</literal>, which is a XenAPI-specific
do not use.</para> service that most recent VNC proxy architectures do not
use.</para>
</section> </section>
<section xml:id="typical-deployment"> <section xml:id="typical-deployment">
<info> <title>Typical deployment</title>
<title>Typical deployment</title> <para>A typical deployment has the following components:</para>
</info>
<para>A typical deployment consists of the following components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>A <systemitem class="service">nova-consoleauth</systemitem> process. Typically <para>A <systemitem class="service"
runs on the controller host.</para> >nova-consoleauth</systemitem> process. Typically runs on
the controller host.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>One or more <systemitem class="service">nova-novncproxy</systemitem> services. <para>One or more <systemitem class="service"
Supports browser-based noVNC clients. For simple >nova-novncproxy</systemitem> services. Supports
deployments, this service typically runs on the same machine browser-based noVNC clients. For simple deployments, this
as <systemitem class="service">nova-api</systemitem> because it proxies between the public network service typically runs on the same machine as <systemitem
and the private compute host network.</para> class="service">nova-api</systemitem> because it operates
as a proxy between the public network and the private
compute host network.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>One or more <literal>nova-xvpvncproxy</literal> <para>One or more <literal>nova-xvpvncproxy</literal>
services. Supports the special Java client discussed here. services. Supports the special Java client discussed here.
For simple deployments, this service typically runs on the For simple deployments, this service typically runs on the
same machine as <systemitem class="service">nova-api</systemitem> because it proxies between the same machine as <systemitem class="service"
public network and the private compute host network.</para> >nova-api</systemitem> because it acts as a proxy between
the public network and the private compute host
network.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>One or more compute hosts. These compute hosts must have <para>One or more compute hosts. These compute hosts must have
correctly configured options, as follows.</para> correctly configured options, as follows.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section xml:id="vnc-configuration-options"> <section xml:id="vnc-configuration-options">
<title>VNC configuration options</title> <title>VNC configuration options</title>
<xi:include href="../common/tables/nova-vnc.xml"/> <xi:include href="../common/tables/nova-vnc.xml"/>
<note> <note>
<para>To support <link <para>To support <link
xlink:href="http://docs.openstack.org/trunk/config-reference/content/configuring-openstack-compute-basics.html#section_configuring-compute-migrations" xlink:href="http://docs.openstack.org/trunk/config-reference/content/configuring-openstack-compute-basics.html#section_configuring-compute-migrations"
>live migration</link>, you cannot specify a specific IP >live migration</link>, you cannot specify a specific IP
address for <literal>vncserver_listen</literal>, because address for <literal>vncserver_listen</literal>, because that
that IP address does not exist on the destination IP address does not exist on the destination host.</para>
host.</para> </note>
</note> <note>
<note> <para>The <literal>vncserver_proxyclient_address</literal>
<para>The <literal>vncserver_proxyclient_address</literal> defaults to <literal>127.0.0.1</literal>, which is the address
defaults to <literal>127.0.0.1</literal>, which is the of the compute host that nova instructs proxies to use when
address of the compute host that nova instructs proxies to connecting to instance servers.</para>
use when connecting to instance servers.</para> <para>For all-in-one XenServer domU deployments, set this to
<para>For all-in-one XenServer domU deployments, set this to 169.254.0.1.</para>
169.254.0.1.</para> <para>For multi-host XenServer domU deployments, set to a dom0
<para>For multi-host XenServer domU deployments, set to a dom0 management IP on the same network as the proxies.</para>
management IP on the same network as the proxies.</para> <para>For multi-host libvirt deployments, set to a host
<para>For multi-host libvirt deployments, set to a host management IP on the same network as the proxies.</para>
management IP on the same network as the proxies.</para> </note>
</note> </section>
</section> <section xml:id="nova-vncproxy-replaced-with-nova-novncproxy">
<section xml:id="nova-vncproxy-replaced-with-nova-novncproxy">
<info>
<title>nova-novncproxy (noVNC)</title>
</info>
<para>You must install the noVNC package, which contains the
<systemitem class="service">nova-novncproxy</systemitem> service.</para>
<para>As root, run the following command:</para>
<programlisting language="bash" role="gutter: false"><prompt>#</prompt> <userinput>apt-get install novnc</userinput></programlisting>
<para>The service starts automatically on installation.</para>
<para>To restart it, run the following command:</para>
<programlisting language="bash" role="gutter: false"><prompt>#</prompt> <userinput>service novnc restart</userinput></programlisting>
<para>The configuration option parameter should point to your
<filename>nova.conf</filename> file, which includes the
message queue server address and credentials.</para>
<para>By default, <systemitem class="service">nova-novncproxy</systemitem> binds on
<literal>0.0.0.0:6080</literal>.</para>
<para>To connect the service to your nova deployment, add the
following configuration options to your
<filename>nova.conf</filename> file:</para>
<itemizedlist>
<listitem>
<para>
<literal>vncserver_listen</literal>=<replaceable>0.0.0.0</replaceable>
</para>
<para>Specifies the address on which the VNC service should
bind. Make sure it is assigned one of the compute node
interfaces. This address is the one used by your domain
file.</para>
<programlisting language="bash" role="gutter: false"> &lt;graphics type="vnc" autoport="yes" keymap="en-us" listen="0.0.0.0"/></programlisting>
<note>
<para>To use live migration, make sure to use the
<replaceable>0.0.0.0</replaceable>address.</para>
</note>
</listitem>
<listitem>
<para>
<literal>vncserver_ proxyclient_ address
</literal>=<replaceable>127.0.0.1</replaceable>
</para>
<para>The address of the compute host that nova instructs
proxies to use when connecting to instance
<literal>vncservers</literal>.</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="faq-about-vnc">
<info> <info>
<title>Frequently asked questions about VNC access to <title>nova-novncproxy (noVNC)</title>
virtual machines</title> </info>
<para>You must install the noVNC package, which contains the
<systemitem class="service">nova-novncproxy</systemitem>
service.</para>
<para>As root, run the following command:</para>
<programlisting language="bash" role="gutter: false"><prompt>#</prompt> <userinput>apt-get install novnc</userinput></programlisting>
<para>The service starts automatically on installation.</para>
<para>To restart it, run the following command:</para>
<programlisting language="bash" role="gutter: false"><prompt>#</prompt> <userinput>service novnc restart</userinput></programlisting>
<para>The configuration option parameter should point to your
<filename>nova.conf</filename> file, which includes the
message queue server address and credentials.</para>
<para>By default, <systemitem class="service"
>nova-novncproxy</systemitem> binds on
<literal>0.0.0.0:6080</literal>.</para>
<para>To connect the service to your nova deployment, add the
following configuration options to your
<filename>nova.conf</filename> file:</para>
<itemizedlist>
<listitem>
<para>
<literal>vncserver_listen</literal>=<replaceable>0.0.0.0</replaceable>
</para>
<para>Specifies the address on which the VNC service should
bind. Make sure it is assigned one of the compute node
interfaces. This address is the one used by your domain
file.</para>
<programlisting language="bash" role="gutter: false"> &lt;graphics type="vnc" autoport="yes" keymap="en-us" listen="0.0.0.0"/></programlisting>
<note>
<para>To use live migration, use the
<replaceable>0.0.0.0</replaceable> address.</para>
</note>
</listitem>
<listitem>
<para>
<literal>vncserver_ proxyclient_ address
</literal>=<replaceable>127.0.0.1</replaceable>
</para>
<para>The address of the compute host that nova instructs
proxies to use when connecting to instance
<literal>vncservers</literal>.</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="faq-about-vnc">
<info>
<title>Frequently asked questions about VNC access to virtual
machines</title>
</info> </info>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><emphasis role="bold">Q: What is the difference between <para><emphasis role="bold">Q: What is the difference between
<literal>nova-xvpvncproxy</literal> and <literal>nova-xvpvncproxy</literal> and <systemitem
<systemitem class="service">nova-novncproxy</systemitem>?</emphasis> class="service">nova-novncproxy</systemitem>?</emphasis>
</para> </para>
<para>A: <literal>nova-xvpvncproxy</literal>, which ships with <para>A: <literal>nova-xvpvncproxy</literal>, which ships with
nova, is a proxy that supports a simple Java client. nova, is a proxy that supports a simple Java client.
<systemitem class="service">nova-novncproxy</systemitem> uses noVNC to provide <systemitem class="service">nova-novncproxy</systemitem>
VNC support through a web browser.</para> uses noVNC to provide VNC support through a web
browser.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">Q: I want VNC support in the <para><emphasis role="bold">Q: I want VNC support in the
Dashboard. What services do I need? </emphasis></para> Dashboard. What services do I need? </emphasis></para>
<para>A: You need <systemitem class="service">nova-novncproxy</systemitem>, <para>A: You need <systemitem class="service"
<systemitem class="service">nova-consoleauth</systemitem>, and correctly >nova-novncproxy</systemitem>, <systemitem class="service"
configured compute hosts.</para> >nova-consoleauth</systemitem>, and correctly configured
compute hosts.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">Q: When I use <command>nova <para><emphasis role="bold">Q: When I use <command>nova
get-vnc-console</command> or click on the VNC tab of the get-vnc-console</command> or click on the VNC tab of the
Dashboard, it hangs. Why? </emphasis></para> Dashboard, it hangs. Why? </emphasis></para>
<para>A: Make sure you are running <para>A: Make sure you are running <systemitem class="service"
<systemitem class="service">nova-consoleauth</systemitem> (in addition to >nova-consoleauth</systemitem> (in addition to <systemitem
<systemitem class="service">nova-novncproxy</systemitem>). The proxies rely on class="service">nova-novncproxy</systemitem>). The proxies
<systemitem class="service">nova-consoleauth</systemitem> to validate tokens, rely on <systemitem class="service"
and waits for a reply from them until a timeout is reached. >nova-consoleauth</systemitem> to validate tokens, and
waits for a reply from them until a timeout is reached.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
@ -224,7 +233,8 @@
two servers:</para> two servers:</para>
<programlisting language="bash" role="gutter: false">PROXYSERVER (public_ip=172.24.1.1, management_ip=192.168.1.1) <programlisting language="bash" role="gutter: false">PROXYSERVER (public_ip=172.24.1.1, management_ip=192.168.1.1)
COMPUTESERVER (management_ip=192.168.1.2)</programlisting> COMPUTESERVER (management_ip=192.168.1.2)</programlisting>
<para>Your <systemitem class="service">nova-compute</systemitem> configuration file must set the <para>Your <systemitem class="service"
>nova-compute</systemitem> configuration file must set the
following values:</para> following values:</para>
<programlisting language="bash" role="gutter: false"># These flags help construct a connection data structure <programlisting language="bash" role="gutter: false"># These flags help construct a connection data structure
vncserver_proxyclient_address=192.168.1.2 vncserver_proxyclient_address=192.168.1.2
@ -248,11 +258,12 @@ vncserver_listen=192.168.1.2</programlisting>
<listitem> <listitem>
<para> <para>
<emphasis role="bold">Q: My noVNC does not work with recent <emphasis role="bold">Q: My noVNC does not work with recent
versions of web browsers. Why? </emphasis> versions of web browsers. Why?</emphasis>
</para> </para>
<para>A: Make sure you have <literal>python-numpy</literal> <para>A: Make sure you have installed
installed, which is required to support a newer version of <literal>python-numpy</literal>, which is required to
the WebSocket protocol (HyBi-07+).</para> support a newer version of the WebSocket protocol
(HyBi-07+).</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -265,9 +276,9 @@ vncserver_listen=192.168.1.2</programlisting>
location of this file varies based on Linux distribution. On location of this file varies based on Linux distribution. On
Ubuntu 12.04, the file is at Ubuntu 12.04, the file is at
<filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html</filename>.</para> <filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html</filename>.</para>
<para>Modify the <literal>width</literal> and <para>Modify the <option>width</option> and
<literal>height</literal> parameters, as follows:</para> <option>height</option> options, as follows:</para>
<programlisting>&lt;iframe src="{{ vnc_url }}" width="720" height="430"&gt;&lt;/iframe&gt;</programlisting> <programlisting language="bash" role="gutter: false">&lt;iframe src="{{ vnc_url }}" width="720" height="430"&gt;&lt;/iframe&gt;</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>

244
doc/common/section_compute-options.xml
View File

@ -1,126 +1,138 @@
<?xml version= "1.0" encoding= "UTF-8"?> <?xml version= "1.0" encoding= "UTF-8"?>
<section xml:id="compute-options" <section xml:id="compute-options"
xmlns= "http://docbook.org/ns/docbook" xmlns="http://docbook.org/ns/docbook"
xmlns:xi= "http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink= "http://www.w3.org/1999/xlink" version= "5.0"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>File format for nova.conf</title> <title>File format for nova.conf</title>
<simplesect> <simplesect>
<title>Overview</title> <title>Overview</title>
<para>The Compute service supports a large number of configuration options. These options <para>The Compute service supports a large number of
are specified in a configuration file whose default location in configuration options. These options are specified in the
<filename>/etc/nova/nova.conf</filename>.</para> <filename>/etc/nova/nova.conf</filename> configuration
<para>The configuration file is in <link xlink:href="https://en.wikipedia.org/wiki/INI_file" file.</para>
>INI file format</link>, with options specified as <literal>key=value</literal> <para>The configuration file is in <link
pairs, grouped into sections. Almost all of the configuration options are in the xlink:href="https://en.wikipedia.org/wiki/INI_file"
<literal>DEFAULT</literal> section. Here's a brief >INI file format</link>, with options specified as
example:<programlisting language="ini">[DEFAULT] <literal>key=value</literal> pairs, grouped into
sections. Almost all configuration options are in the
<literal>DEFAULT</literal> section. For
example:</para>
<programlisting language="ini">[DEFAULT]
debug=true debug=true
verbose=true verbose=true
[trusted_computing] [trusted_computing]
server=10.3.4.2</programlisting></para> server=10.3.4.2</programlisting>
</simplesect>
</simplesect>
<simplesect> <simplesect>
<title>Types of configuration options</title> <title>Types of configuration options</title>
<para>Each configuration option has an associated type that indicates what values can be <para>Each configuration option has an associated type that
set. The supported option types are as follows:<variablelist> indicates which values can be set. The supported option
<varlistentry> types are:</para>
<term>BoolOpt</term> <variablelist>
<listitem> <varlistentry>
<para>Boolean option. Value must be either <literal>true</literal> or <term>BoolOpt</term>
<literal>false</literal> . <listitem>
Example:<programlisting language="ini">debug=false</programlisting></para> <para>Boolean option. Value must be either
</listitem> <literal>true</literal> or
</varlistentry> <literal>false</literal> .
<varlistentry> Example:<programlisting language="ini">debug=false</programlisting></para>
<term>StrOpt</term> </listitem>
<listitem> </varlistentry>
<para>String option. Value is an arbitrary string. <varlistentry>
Example:<programlisting language="ini">my_ip=10.0.0.1</programlisting></para> <term>StrOpt</term>
</listitem> <listitem>
</varlistentry> <para>String option. Value is an arbitrary string.
<varlistentry> Example:<programlisting language="ini">my_ip=10.0.0.1</programlisting></para>
<term>IntOption</term> </listitem>
<listitem> </varlistentry>
<para>Integer option. Value must be an integer. Example: <varlistentry>
<programlisting language="ini">glance_port=9292</programlisting></para> <term>IntOption</term>
</listitem> <listitem>
</varlistentry> <para>Integer option. Value must be an integer.
<varlistentry> Example:
<term>MultiStrOpt</term> <programlisting language="ini">glance_port=9292</programlisting></para>
<listitem> </listitem>
<para>String option. Same as StrOpt, except that it can be declared multiple </varlistentry>
times to indicate multiple values. <varlistentry>
Example:<programlisting language="ini">ldap_dns_servers=dns1.example.org <term>MultiStrOpt</term>
ldap_dns_servers=dns2.example.org</programlisting></para> <listitem>
</listitem> <para>String option. Same as StrOpt, except that
</varlistentry> it can be declared multiple times to indicate
<varlistentry> multiple values. Example:</para>
<term>ListOpt</term> <programlisting language="ini">ldap_dns_servers=dns1.example.org
<listitem> ldap_dns_servers=dns2.example.org</programlisting>
<para>List option. Value is a list of arbitrary strings separated by commas. </listitem>
Example:<programlisting language="ini">enabled_apis=ec2,osapi_compute,metadata</programlisting></para> </varlistentry>
</listitem> <varlistentry>
</varlistentry> <term>ListOpt</term>
<varlistentry> <listitem>
<term>FloatOpt</term> <para>List option. Value is a list of arbitrary
<listitem> strings separated by commas. Example:</para>
<para>Floating-point option. Value must be a floating-point number. <programlisting language="ini">enabled_apis=ec2,osapi_compute,metadata</programlisting>
Example:<programlisting language="ini">ram_allocation_ratio=1.5</programlisting></para> </listitem>
</listitem> </varlistentry>
</varlistentry> <varlistentry>
</variablelist> <term>FloatOpt</term>
</para> <listitem>
<para>Floating-point option. Value must be a
<important> floating-point number. Example:</para>
<para>Nova options should <emphasis>not</emphasis> <programlisting language="ini">ram_allocation_ratio=1.5</programlisting>
be quoted.</para> </listitem>
</important> </varlistentry>
</simplesect> </variablelist>
<important>
<para>Do not specify quotes around Nova options.</para>
</important>
</simplesect>
<simplesect> <simplesect>
<title>Sections</title> <title>Sections</title>
<para>Configuration options are grouped by section. The Compute config file supports the <para>Configuration options are grouped by section. The
following sections.<variablelist> Compute configuration file supports the following sections.<variablelist>
<varlistentry> <varlistentry>
<term><literal>[DEFAULT]</literal></term> <term><literal>[DEFAULT]</literal></term>
<listitem> <listitem>
<para>Almost all of the configuration options are organized into this <para>Contains most configuration options. If
section. If the documentation for a configuration option does not the documentation for a configuration
specify its section, assume that it should be placed in this one.</para> option does not specify its section,
assume that it appears in this
section.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>[cells]</literal></term> <term><literal>[cells]</literal></term>
<listitem> <listitem>
<para>The <literal>cells</literal> section is <para>Use options in this section to configure
used for options for configuring cells cells functionality. For details, see the
functionality. See the <link Cells section (<link
xlink:href="../openstack-compute/admin/content/ch_cells.html">Cells</link> xlink:href="../config-reference/content/section_compute-cells.html"
section of the OpenStack Compute Admin />) in the <citetitle>OpenStack
Manual for more details.</para> Configuration
Reference</citetitle>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>[baremetal]</literal></term> <term><literal>[baremetal]</literal></term>
<listitem> <listitem>
<para>This section is used for options that relate to the baremetal <para>Use options in this section to configure
hypervisor driver.</para> the baremetal hypervisor driver.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>[conductor]</literal></term> <term><literal>[conductor]</literal></term>
<listitem> <listitem>
<para>The <literal>conductor</literal> section is used for options for <para>Use options in this section to configure
configuring the <systemitem class="service">nova-conductor</systemitem> service.</para> the <systemitem class="service"
>nova-conductor</systemitem>
service.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><literal>[trusted_computing]</literal></term> <term><literal>[trusted_computing]</literal></term>
<listitem> <listitem>
<para>The <literal>trusted_computing</literal> section is used for options <para>Use options in this section to configure
that relate to the trusted computing pools functionality. Options in the trusted computing pools functionality
this section describe how to connect to a remote attestation and how to connect to a remote attestation
service.</para> service.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -128,35 +140,47 @@ ldap_dns_servers=dns2.example.org</programlisting></para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Variable substitution</title> <title>Variable substitution</title>
<para>The configuration file supports variable substitution. Once a configuration option is <para>The configuration file supports variable substitution.
set, it can be referenced in later configuration values when preceded by After you set a configuration option, it can be referenced
<literal>$</literal>. Consider the following example where <literal>my_ip</literal> in later configuration values when you precede it with
is defined and then <literal>$my_ip</literal> is used as a <literal>$</literal>. This example defines
variable.<programlisting language="ini">my_ip=10.2.3.4 <literal>my_ip</literal> and then uses
<literal>$my_ip</literal> as a
variable:<programlisting language="ini">my_ip=10.2.3.4
glance_host=$my_ip glance_host=$my_ip
metadata_host=$my_ip</programlisting></para> metadata_host=$my_ip</programlisting></para>
<para>If you need a value to contain the <literal>$</literal> symbol, escape it by doing <para>If you need a value to contain the <literal>$</literal>
<literal>$$</literal>. For example, if your LDAP DNS password was symbol, escape it with <literal>$$</literal>. For example,
<literal>$xkj432</literal>, you would if your LDAP DNS password was <literal>$xkj432</literal>,
do:<programlisting language="ini">ldap_dns_password=$$xkj432</programlisting></para> specify it, as
<para>The Compute code uses Python's <literal>string.Template.safe_substitute()</literal> follows:<programlisting language="ini">ldap_dns_password=$$xkj432</programlisting></para>
method to implement variable substitution. For more details on how variable substitution <para>The Compute code uses the Python
is resolved, see <link <literal>string.Template.safe_substitute()</literal>
xlink:href="http://docs.python.org/2/library/string.html#template-strings">Python method to implement variable substitution. For more
documentation on template strings</link> and <link details on how variable substitution is resolved, see
xlink:href="http://www.python.org/dev/peps/pep-0292/">PEP 292</link>.</para> <link
xlink:href="http://docs.python.org/2/library/string.html#template-strings"
>http://docs.python.org/2/library/string.html#template-strings</link>
and <link
xlink:href="http://www.python.org/dev/peps/pep-0292/"
>http://www.python.org/dev/peps/pep-0292/</link>.</para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Whitespace</title> <title>Whitespace</title>
<para>To include whitespace in a configuration value, use a quoted string. For <para>To include whitespace in a configuration value, use a
example:<programlisting language="ini">ldap_dns_passsword='a password with spaces'</programlisting></para> quoted string. For example:</para>
<programlisting language="ini">ldap_dns_passsword='a password with spaces'</programlisting>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Specifying an alternate location for nova.conf</title> <title>Define an alternate location for nova.conf</title>
<para>The configuration file is loaded by all of the nova-* services, as well as the <para>All <systemitem class="service">nova-*</systemitem>
<command>nova-manage</command> command-line tool. To specify an alternate location services and the <command>nova-manage</command>
for the configuration file, pass the <literal>--config-file command-line client load the configuration file. To define
<replaceable>/path/to/nova.conf</replaceable></literal> argument when starting a an alternate location for the configuration file, pass the
nova-* service or calling <command>nova-manage</command>.</para> <parameter>--config-file
<replaceable>/path/to/nova.conf</replaceable></parameter>
parameter when you start a <systemitem class="service"
>nova-*</systemitem> service or call a
<command>nova-manage</command> command.</para>
</simplesect> </simplesect>
</section> </section>

185
doc/common/section_compute_config-api.xml
View File

@ -1,89 +1,94 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="configuring-compute-API"> xml:id="configuring-compute-API">
<title>Configuring the Compute API</title> <title>Configure the Compute API</title>
<para>The Compute API, run by the <para>The Compute API, run by the <systemitem class="service"
<systemitem class="service">nova-api</systemitem> >nova-api</systemitem> daemon, is the component of
daemon, is the component of OpenStack Compute that OpenStack Compute that receives and responds to user requests,
receives and responds to user requests, whether they whether they be direct API calls, or via the CLI tools or
be direct API calls, or via the CLI tools or dashboard.</para> dashboard.</para>
<simplesect> <simplesect>
<title>Configuring Compute API password handling</title> <title>Configure Compute API password handling</title>
<para>The OpenStack Compute API allows the user to specify an <para>The OpenStack Compute API enables users to specify an
admin password when creating (or rebuilding) a server administrative password when they create or rebuild a
instance. If no password is specified, a randomly generated server instance. If the user does not specify a password,
password is used. The password is returned in the API a random password is generated and returned in the API
response.</para> response.</para>
<para>In practice, the handling of the admin password depends on <para>In practice, how the admin password is handled depends
the hypervisor in use, and may require additional on the hypervisor in use and might require additional
configuration of the instance, such as installing an agent to configuration of the instance. For example, you might have
handle the password setting. If the hypervisor and instance to install an agent to handle the password setting. If the
configuration do not support the setting of a password at hypervisor and instance configuration do not support
server create time, then the password returned by the create setting a password at server create time, the password
API call will be misleading, since it was ignored.</para> that is returned by the create API call is misleading
<para>To prevent this confusion, the configuration option because it was ignored.</para>
<literal>enable_instance_password</literal> can be used to <para>To prevent this confusion, use the
disable the return of the admin password for installations <option>enable_instance_password</option>
that don't support setting instance passwords.</para> configuration option to disable the return of the admin
password for installations that do not support setting
instance passwords.</para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Configuring Compute API Rate Limiting</title> <title>Configure Compute API rate limiting</title>
<para>OpenStack Compute supports API rate limiting for the <para>OpenStack Compute supports API rate limiting for the
OpenStack API. The rate limiting allows an administrator to OpenStack API. The rate limiting allows an administrator
configure limits on the type and number of API calls that can to configure limits on the type and number of API calls
be made in a specific time interval.</para> that can be made in a specific time interval.</para>
<para>When API rate limits are exceeded, HTTP requests will <para>When API rate limits are exceeded, HTTP requests return
return a error with a status code of 413 "Request entity too an error with a status code of <errorcode>413</errorcode>
large", and will also include a 'Retry-After' HTTP header. The <errortext>Request entity too large</errortext>, and
response body will include the error details, and the delay includes an HTTP <literal>Retry-After</literal> header.
before the request should be retried.</para> The response body includes the error details and the delay
before you should retry the request.</para>
<para>Rate limiting is not available for the EC2 API.</para> <para>Rate limiting is not available for the EC2 API.</para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Specifying Limits</title> <title>Define limits</title>
<para>Limits are specified using five values:</para> <para>To define limits, set these values:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>The <emphasis role="bold">HTTP method</emphasis> used <para>The <emphasis role="bold">HTTP method</emphasis>
in the API call, typically one of GET, PUT, POST, or used in the API call, typically one of GET, PUT,
DELETE.</para> POST, or DELETE.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>A <emphasis role="bold">human readable URI</emphasis> <para>A <emphasis role="bold">human readable
that is used as a friendly description of where the limit URI</emphasis> that is used as a friendly
is applied.</para> description of where the limit is applied.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>A <emphasis role="bold">regular expression</emphasis>. <para>A <emphasis role="bold">regular
The limit will be applied to all URI's that match the expression</emphasis>. The limit is applied to
regular expression and HTTP Method.</para> all URIs that match the regular expression and
HTTP method.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>A <emphasis role="bold">limit value </emphasis> that <para>A <emphasis role="bold">limit value </emphasis>
specifies the maximum count of units before the limit that specifies the maximum count of units before
takes effect.</para> the limit takes effect.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>An <emphasis role="bold">interval</emphasis> that <para>An <emphasis role="bold">interval</emphasis>
specifies time frame the limit is applied to. The interval that specifies time frame to which the limit is
can be SECOND, MINUTE, HOUR, or DAY.</para> applied. The interval can be SECOND, MINUTE, HOUR,
or DAY.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>Rate limits are applied in order, relative to the HTTP <para>Rate limits are applied in relative order to the HTTP
method, going from least to most specific. For example, method, going from least to most specific. For example,
although the default threshold for POST to */servers is 50 per although the default threshold for POST to */servers is 50
day, one cannot POST to */servers more than 10 times within a each day, you cannot POST to */servers more than 10 times
single minute because the rate limits for any POST is in a single minute because the rate limits for any POST is
10/min.</para> 10 each minute.</para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Default Limits</title> <title>Default limits</title>
<para>OpenStack compute is normally installed with the following <para>Normally, you install OpenStack Compute with the
limits enabled:</para> following limits enabled:</para>
<table rules="all"> <table rules="all">
<caption>Default API Rate Limits</caption> <caption>Default API rate limits</caption>
<thead> <thead>
<tr> <tr>
<td>HTTP method</td> <td>HTTP method</td>
@ -127,40 +132,54 @@
</table> </table>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Configuring and Changing Limits</title> <title>Configure and change limits</title>
<para>The actual limits are specified in the file <para>As part of the WSGI pipeline, the
<filename>etc/nova/api-paste.ini</filename>, as part of the <filename>etc/nova/api-paste.ini</filename> file
WSGI pipeline.</para> defines the actual limits.</para>
<para>To enable limits, ensure the <para>To enable limits, include the
'<literal>ratelimit</literal>' filter is included in the API <option>ratelimit</option>' filter in the API pipeline
pipeline specification. If the '<literal>ratelimit</literal>' specification. If the <option>ratelimit</option> filter is
filter is removed from the pipeline, limiting will be removed from the pipeline, limiting is disabled. You must
disabled. There should also be a definition for the rate limit also define the rate limit filter. The lines appear as
filter. The lines will appear as follows:</para> follows:</para>
<programlisting language="ini"> <programlisting language="ini">[pipeline:openstack_compute_api_v2]
[pipeline:openstack_compute_api_v2]
pipeline = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2 pipeline = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
[pipeline:openstack_volume_api_v1] [pipeline:openstack_volume_api_v1]
pipeline = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1 pipeline = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
[filter:ratelimit] [filter:ratelimit]
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory</programlisting>
</programlisting> <para>To modify the limits, add a <literal>limits</literal>
<para>To modify the limits, add a '<literal>limits</literal>'
specification to the <literal>[filter:ratelimit]</literal> specification to the <literal>[filter:ratelimit]</literal>
section of the file. The limits are specified in the order section of the file. Specify the limits in this
HTTP method, friendly URI, regex, limit, and interval. The order:</para>
following example specifies the default rate limiting <orderedlist>
<listitem>
<para>HTTP method</para>
</listitem>
<listitem>
<para>friendly URI</para>
</listitem>
<listitem>
<para>regex</para>
</listitem>
<listitem>
<para>limit</para>
</listitem>
<listitem>
<para>interval</para>
</listitem>
</orderedlist>
<para>The following example shows the default rate-limiting
values:</para> values:</para>
<programlisting language="ini"> <programlisting language="ini">[filter:ratelimit]
[filter:ratelimit]
paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
limits =(POST, "*", .*, 10, MINUTE);(POST, "*/servers", ^/servers, 50, DAY);(PUT, "*", .*, 10, MINUTE);(GET, "*changes-since*", .*changes-since.*, 3, MINUTE);(DELETE, "*", .*, 100, MINUTE) limits =(POST, "*", .*, 10, MINUTE);(POST, "*/servers", ^/servers, 50, DAY);(PUT, "*", .*, 10, MINUTE);(GET, "*changes-since*", .*changes-since.*, 3, MINUTE);(DELETE, "*", .*, 100, MINUTE)</programlisting>
</programlisting>
</simplesect> </simplesect>
<simplesect> <simplesect xml:id="compute_config_options">
<title>List of configuration options for Compute API</title> <title>Configuration reference</title>
<xi:include href="tables/nova-api.xml"/> <para>The following table lists the Compute API configuration options:</para>
<xi:include href="tables/nova-api.xml"/>
</simplesect> </simplesect>
</section> </section>

146
doc/common/section_config_keystone_ldap.xml
View File

@ -1,15 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section <section xmlns="http://docbook.org/ns/docbook"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="configuring-keystone-for-ldap-backend"> xml:id="configuring-keystone-for-ldap-backend">
<title>Configuring OpenStack Identity for an LDAP backend</title> <title>Configure the Identity Service with an LDAP
<para>As an alternative to the SQL Database backing store, Identity can use back-end</title>
a directory server to provide the Identity service. An example schema <para>As an alternative to the SQL database backing store, the
for AcmeExample would look like this:</para> Identity Service can use a directory server to provide the
<screen> Identity Service, for example:</para>
dn: dc=AcmeExample,dc=org <programlisting language="ini">dn: dc=AcmeExample,dc=org
dc: AcmeExample dc: AcmeExample
objectClass: dcObject objectClass: dcObject
objectClass: organizationalUnit objectClass: organizationalUnit
@ -28,12 +27,11 @@ ou: users
dn: ou=Roles,dc=AcmeExample,dc=org dn: ou=Roles,dc=AcmeExample,dc=org
objectClass: top objectClass: top
objectClass: organizationalUnit objectClass: organizationalUnit
ou: roles ou: roles</programlisting>
</screen> <para>The corresponding entries in the
<para>The corresponding entries in the <filename>keystone.conf</filename> <filename>keystone.conf</filename> configuration file
configuration file are:</para> are:</para>
<programlisting language="ini"> <programlisting language="ini">[ldap]
[ldap]
url = ldap://localhost url = ldap://localhost
user = dc=Manager,dc=AcmeExample,dc=org user = dc=Manager,dc=AcmeExample,dc=org
password = badpassword password = badpassword
@ -48,30 +46,26 @@ tenant_tree_dn = ou=Groups,dc=AcmeExample,dc=com
tenant_objectclass = groupOfNames tenant_objectclass = groupOfNames
role_tree_dn = ou=Roles,dc=AcmeExample,dc=com role_tree_dn = ou=Roles,dc=AcmeExample,dc=com
role_objectclass = organizationalRole role_objectclass = organizationalRole</programlisting>
</programlisting>
<para>The default object classes and attributes are intentionally <para>The default object classes and attributes are intentionally
simplistic. They reflect the common standard objects according to the simple. They reflect the common standard objects according to
LDAP RFCs. However, in a live deployment, the correct attributes can be the LDAP RFCs. However, in a live deployment, you can override
overridden to support a preexisting, more complex schema. For example, the correct attributes to support a preexisting, complex
in the user object, the objectClass posixAccount from RFC2307 is very schema. For example, in the user object, the objectClass
common. If this is the underlying objectclass, then the posixAccount from RFC2307 is very common. If this is the
<emphasis>uid</emphasis> field should probably be underlying objectclass, then the <emphasis>uid</emphasis>
<emphasis>uidNumber</emphasis> and <emphasis>username</emphasis> field should probably be <emphasis>uidNumber</emphasis> and
field either <emphasis>uid</emphasis> or <emphasis>cn</emphasis>. To <emphasis>username</emphasis> field either
change these two fields, the corresponding entries in the Keystone <emphasis>uid</emphasis> or <emphasis>cn</emphasis>. To
configuration file are:</para> change these two fields, the corresponding entries in the
<programlisting language="ini"> Keystone configuration file are:</para>
[ldap] <programlisting language="ini">[ldap]
user_id_attribute = uidNumber user_id_attribute = uidNumber
user_name_attribute = cn user_name_attribute = cn</programlisting>
</programlisting> <para>Depending on your deployment, you can modify a set of
<para>There is a set of allowed actions per object type that you can modify allowed actions for each object type. For example, you might
depending on your specific deployment. For example, the users are set the following options:</para>
managed by another tool and you have only read access, in such case the <programlisting language="ini">[ldap]
configuration is:</para>
<programlisting language="ini">
[ldap]
user_allow_create = False user_allow_create = False
user_allow_update = False user_allow_update = False
user_allow_delete = False user_allow_delete = False
@ -82,55 +76,42 @@ tenant_allow_delete = True
role_allow_create = True role_allow_create = True
role_allow_update = True role_allow_update = True
role_allow_delete = True role_allow_delete = True</programlisting>
</programlisting> <para>If the back-end provides too much output, you can filter
<para>There are some configuration options for filtering users, tenants and users, tenants, and roles. For example:</para>
roles, if the backend is providing too much output, in such case the <programlisting language="ini">[ldap]
configuration will look like:</para>
<programlisting language="ini">
[ldap]
user_filter = (memberof=CN=acme-users,OU=workgroups,DC=AcmeExample,DC=com) user_filter = (memberof=CN=acme-users,OU=workgroups,DC=AcmeExample,DC=com)
tenant_filter = tenant_filter =
role_filter = role_filter =</programlisting>
</programlisting> <para>If the directory server has not enabled the
<para> <literal>boolean</literal> type for the user, you can use
In case that the directory server does not have an attribute enabled configuration options to extract the value from an integer
of type boolean for the user, there are several configuration attribute. For example, in an Active Directory, as
parameters that can be used to extract the value from an integer follows:</para>
attribute like in Active Directory: <programlisting language="ini">[ldap]
</para>
<programlisting language="ini">
[ldap]
user_enabled_attribute = userAccountControl user_enabled_attribute = userAccountControl
user_enabled_mask = 2 user_enabled_mask = 2
user_enabled_default = 512 user_enabled_default = 512</programlisting>
</programlisting> <para>The attribute is an integer. Bit 1 contains the enabled
<para> attribute. If the <emphasis>user_enabled_mask</emphasis> mask
In this case the attribute is an integer and the enabled attribute is not 0, it gets its value from the
is listed in bit 1, so the if the mask configured <option>user_enabled_attribute</option> field and it
<emphasis>user_enabled_mask</emphasis> is different from 0, it gets performs an ADD operation by using the
the value from the field <emphasis>user_enabled_attribute</emphasis> <emphasis>user_enabled_mask</emphasis> value. If the value
and it makes an ADD operation with the value indicated on matches the mask, the account is disabled.</para>
<emphasis>user_enabled_mask</emphasis> and if the value matches the <para>It also saves the value without mask to the
mask then the account is disabled. <literal>identity</literal> user in the
</para> <option>enabled_nomask</option> attribute. In case you
<para> must change it to enable or disable a user, you can use this
It also saves the value without mask to the user identity in the value because it contains more information than the status
attribute <emphasis>enabled_nomask</emphasis>. This is needed in such as, password expiration. The
order to set it back in case that we need to change it to <emphasis>user_enabled_mask</emphasis> value is required
enable/disable a user because it contains more information than the to create a default value on the integer attribute (512 =
status like password expiration. Last setting NORMAL ACCOUNT on AD).</para>
<emphasis>user_enabled_mask</emphasis> is needed in order to create <para>If Active Directory classes and attributes do not match the
a default value on the integer attribute (512 = NORMAL ACCOUNT on specified classes in the LDAP module, so you can modify them,
AD) as follows:</para>
</para> <programlisting language="ini">[ldap]
<para>
In case of Active Directory the classes and attributes could not
match the specified classes in the LDAP module so you can configure
them like so:
</para>
<programlisting language="ini">
[ldap]
user_objectclass = person user_objectclass = person
user_id_attribute = cn user_id_attribute = cn
user_name_attribute = cn user_name_attribute = cn
@ -150,6 +131,5 @@ role_objectclass = organizationalRole
role_id_attribute = cn role_id_attribute = cn
role_name_attribute = ou role_name_attribute = ou
role_member_attribute = roleOccupant role_member_attribute = roleOccupant
role_attribute_ignore = role_attribute_ignore =</programlisting>
</programlisting>
</section> </section>

2
doc/common/section_customize_flavors.xml
View File

@ -170,7 +170,7 @@
<para>vif_outbound_peak</para> <para>vif_outbound_peak</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>
<para>Incoming and outgoing traffic can be shaped independently. <para>Incoming and outgoing traffic can be shaped independently.
The bandwidth element can have at most one inbound and at most The bandwidth element can have at most one inbound and at most
one outbound child element. Leaving any of these children one outbound child element. Leaving any of these children

2
doc/common/section_dashboard_access.xml
View File

@ -41,7 +41,7 @@
for the dashboard:</para> for the dashboard:</para>
<screen><prompt>$</prompt> <userinput>https://<replaceable>IP_ADDRESS_OR_HOSTNAME</replaceable>/</userinput></screen> <screen><prompt>$</prompt> <userinput>https://<replaceable>IP_ADDRESS_OR_HOSTNAME</replaceable>/</userinput></screen>
<note> <note>
<title>Certificate Warning</title> <title>Certificate warning</title>
<para>If a certificate warning appears when you try to <para>If a certificate warning appears when you try to
access the URL for the first time, a self-signed access the URL for the first time, a self-signed
certificate is in use, which is not considered certificate is in use, which is not considered

6
doc/common/section_dashboard_customizing.xml
View File

@ -127,13 +127,13 @@ text-decoration: none;
<para>Restart apache:</para> <para>Restart apache:</para>
<para>On Ubuntu: <para>On Ubuntu:
<screen><prompt>$</prompt> <userinput>sudo service apache2 restart</userinput></screen> <screen><prompt>$</prompt> <userinput>sudo service apache2 restart</userinput></screen>
</para> </para>
<para>On Fedora, RHEL, CentOS: <para>On Fedora, RHEL, CentOS:
<screen><prompt>$</prompt> <userinput>sudo service httpd restart</userinput></screen> <screen><prompt>$</prompt> <userinput>sudo service httpd restart</userinput></screen>
</para> </para>
<para>On openSUSE: <para>On openSUSE:
<screen><prompt>$</prompt> <userinput>sudo service apache2 restart</userinput></screen> <screen><prompt>$</prompt> <userinput>sudo service apache2 restart</userinput></screen>
</para> </para>
</step> </step>
<step> <step>
<para>Reload the dashboard in your browser to view your <para>Reload the dashboard in your browser to view your

2
doc/common/section_dashboard_launch_instances_from_image.xml
View File

@ -31,7 +31,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para>A <guilabel>name</guilabel> for your instance. <para>A <guilabel>name</guilabel> for your instance.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para>The <emphasis role="bold">flavor</emphasis> for your <para>The <emphasis role="bold">flavor</emphasis> for your

13
doc/common/section_dashboard_sessions.xml
View File

@ -14,7 +14,7 @@
/etc/openstack-dashboard/local_settings</filename>, on Ubuntu and Debian: /etc/openstack-dashboard/local_settings</filename>, on Ubuntu and Debian:
<filename>/etc/openstack-dashboard/local_settings.py</filename> and on openSUSE: <filename <filename>/etc/openstack-dashboard/local_settings.py</filename> and on openSUSE: <filename
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>). >/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>).
</para> </para>
<para>The following sections describe the pros and cons of each <para>The following sections describe the pros and cons of each
option as it pertains to deploying the dashboard.</para> option as it pertains to deploying the dashboard.</para>
<section xml:id="dashboard-session-local"> <section xml:id="dashboard-session-local">
@ -48,7 +48,7 @@ CACHES = {
<para>You can use applications such as Memcached or Redis for external <para>You can use applications such as Memcached or Redis for external
caching. These applications offer persistence and shared storage caching. These applications offer persistence and shared storage
and are useful for small-scale deployments and/or development. and are useful for small-scale deployments and/or development.
</para> </para>
<section xml:id="dashboard-session-memcached"> <section xml:id="dashboard-session-memcached">
<title>Memcached</title> <title>Memcached</title>
<para>Memcached is an high-performance and distributed memory object caching system <para>Memcached is an high-performance and distributed memory object caching system
@ -96,7 +96,7 @@ CACHES = {
</section> </section>
</section> </section>
<section xml:id="dashboard-session-database"> <section xml:id="dashboard-session-database">
<title>Database</title> <title>Initialize and configure the database</title>
<para>Database-backed sessions are scalable, persistent, and <para>Database-backed sessions are scalable, persistent, and
can be made high-concurrency and highly-available.</para> can be made high-concurrency and highly-available.</para>
<para>However, database-backed sessions are one of the slower <para>However, database-backed sessions are one of the slower
@ -105,7 +105,6 @@ CACHES = {
can also be a substantial undertaking and is far beyond can also be a substantial undertaking and is far beyond
the scope of this documentation.</para> the scope of this documentation.</para>
<procedure> <procedure>
<title>To initialize and configure the database:</title>
<step> <step>
<para>Start the mysql command line client:</para> <para>Start the mysql command line client:</para>
<screen><prompt>$</prompt> <userinput>mysql -u root -p</userinput></screen> <screen><prompt>$</prompt> <userinput>mysql -u root -p</userinput></screen>
@ -173,14 +172,14 @@ No fixtures found.</computeroutput></screen>
symbolic link settings:</para> symbolic link settings:</para>
<para>On Ubuntu: <para>On Ubuntu:
<screen><prompt>#</prompt> <userinput>/etc/init.d/apache2 restart</userinput></screen> <screen><prompt>#</prompt> <userinput>/etc/init.d/apache2 restart</userinput></screen>
</para> </para>
<para>On Fedora/RHEL/CentOS: <para>On Fedora/RHEL/CentOS:
<screen><prompt>#</prompt> <userinput>service httpd restart</userinput></screen> <screen><prompt>#</prompt> <userinput>service httpd restart</userinput></screen>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput></screen> <screen><prompt>#</prompt> <userinput>service apache2 restart</userinput></screen>
</para> </para>
<para>On openSUSE: <para>On openSUSE:
<screen><prompt>#</prompt> <userinput>systemctl restart apache2.service</userinput></screen> <screen><prompt>#</prompt> <userinput>systemctl restart apache2.service</userinput></screen>
</para> </para>
</step> </step>
<step> <step>
<para>On Ubuntu, restart the <systemitem class="service">nova-api</systemitem> service to ensure that the <para>On Ubuntu, restart the <systemitem class="service">nova-api</systemitem> service to ensure that the

81
doc/common/section_fibrechannel.xml
View File

@ -1,62 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="fibrechannel"> <section xmlns="http://docbook.org/ns/docbook"
<title>Nova Compute Fibre Channel Support</title> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
<section xml:id="fibre-channel-overview"><title>Overview of Fibre Channel Support</title> xml:id="fibrechannel">
<para> <title>Fibre Channel support in Compute</title>
<para>Fibre Channel support in OpenStack Compute is remote block
storage attached to Compute nodes for VMs.</para>
<para>In the Grizzly release, Fibre Channel supports only the KVM
hypervisor.</para>
<para>Nova and Cinder for Fibre Channel do not support automatic
zoning. Fibre Channel arrays must be pre-zoned or directly
attached to the KVM hosts.</para>
<section xml:id="fibre-channel-reqs">
<title>KVM host requirements</title>
<para>You must install these packages on the KVM host:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Fibre Channel support in OpenStack Compute is remote block storage attached <para>
to Compute nodes for VMs.</para> <package>sysfstools</package> - Nova uses the
<package>systool</package> application in this
package.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>In the Grizzly release, Fibre Channel only supports the KVM hypervisor.</para> <para>
</listitem> <package>sg3-utils</package> - Nova uses the
<listitem> <package>sg_scan</package> and
<para>There is no automatic zoning support in Nova or Cinder for Fibre Channel.  <package>sginfo</package> applications.</para>
Fibre Channel arrays must be pre-zoned or directly attached to the KVM
hosts.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> <para>Installing the <package>multipath-tools</package>
</section> package is optional.</para>
<section xml:id="fibre-channel-reqs">
<title>Requirements for KVM Hosts</title>
<para>The KVM host must have the following system packages installed:</para>
<para>
<itemizedlist>
<listitem>
<para>
<filename>sysfstools</filename> - Nova uses the <filename>systool</filename>
application in this package.</para>
</listitem>
<listitem>
<para>
<filename>sg3-utils</filename> - Nova uses the <filename>sg_scan</filename>
and <filename>sginfo</filename> applications.</para>
</listitem>
</itemizedlist>
</para>
<para>Installing the <filename>multipath-tools</filename> package is optional.</para>
</section> </section>
<section xml:id="fibre-channel-packages"> <section xml:id="fibre-channel-packages">
<title>Installing the Required Packages</title> <title>Install required packages</title>
<para>Use the following commands to install the system packages.</para> <para>Use these commands to install the system
<para> packages:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>For systems running Ubuntu:</para> <para>For systems running Ubuntu:</para>
<para> <screen><prompt>$</prompt> <userinput>sudo apt-get install sysfstools sg3-utils multipath-tools</userinput></screen>
<screen><prompt>$</prompt> <userinput>sudo apt-get install sysfstools sg3-utils multipath-tools</userinput></screen> </listitem>
</para> </itemizedlist>
</listitem>
</itemizedlist>
</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>For systems running Red Hat:</para> <para>For systems running Red Hat:</para>
<para> <screen><prompt>$</prompt> <userinput>sudo yum install sysfstools sg3_utils multipath-tools</userinput></screen>
<screen><prompt>$</prompt> <userinput>sudo yum install sysfstools sg3_utils multipath-tools</userinput></screen>
</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>

382
doc/common/section_getstart_compute.xml
View File

@ -1,145 +1,140 @@
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="compute-service"> xml:id="compute-service">
<title>Compute service</title> <title>Compute service</title>
<para>The Compute service is a cloud computing fabric <para>The Compute service is a cloud computing fabric controller,
controller, which is the main part of an IaaS system. Use it to which is the main part of an IaaS system. Use it to host and
host and manage cloud computing systems. The main modules are manage cloud computing systems. The main modules are implemented
implemented in Python.</para> in Python.</para>
<para>Compute interacts with the Identity Service for <para>Compute interacts with the Identity Service for
authentication, Image Service for images, and the Dashboard for authentication, Image Service for images, and the Dashboard for
the user and administrative interface. Access to images is limited the user and administrative interface. Access to images is limited
by project and by user; quotas are limited per project (for by project and by user; quotas are limited per project (for
example, the number of instances). The Compute service scales example, the number of instances). The Compute service scales
horizontally on standard hardware, and downloads images to launch horizontally on standard hardware, and downloads images to launch
instances as required.</para> instances as required.</para>
<para>The Compute Service is made up of the following functional <para>The Compute Service is made up of the following functional
areas and their underlying components:</para> areas and their underlying components:</para>
<itemizedlist> <itemizedlist>
<title>API</title> <title>API</title>
<listitem> <listitem>
<para><systemitem class="service">nova-api</systemitem> <para><systemitem class="service">nova-api</systemitem> service.
service. Accepts and responds to end user compute API Accepts and responds to end user compute API calls. Supports
calls. Supports the OpenStack Compute API, the Amazon EC2 the OpenStack Compute API, the Amazon EC2 API, and a special
API, and a special Admin API for privileged users to Admin API for privileged users to perform administrative
perform administrative actions. Also, initiates most actions. Also, initiates most orchestration activities, such
orchestration activities, such as running an instance, and as running an instance, and enforces some policies.</para>
enforces some policies.</para> </listitem>
</listitem> <listitem>
<listitem> <para><systemitem class="service">nova-api-metadata</systemitem>
<para><systemitem class="service">nova-api-metadata</systemitem> service. Accepts service. Accepts metadata requests from instances. The
metadata requests from instances. The <systemitem class="service">nova-api-metadata</systemitem> service <systemitem class="service">nova-api-metadata</systemitem>
is generally only used when you run in multi-host mode service is generally only used when you run in multi-host mode
with <systemitem class="service">nova-network</systemitem> with <systemitem class="service">nova-network</systemitem>
installations. For details, see installations. For details, see <link
<link xlink:href="http://docs.openstack.org/admin-guide-cloud/content/section_metadata-service.html">Metadata service</link> xlink:href="http://docs.openstack.org/admin-guide-cloud/content/section_metadata-service.html"
in the <citetitle>Cloud Administrator Guide</citetitle>.</para> >Metadata service</link> in the <citetitle>Cloud
<para>Note for Debian users: on Debian system, it is included in the Administrator Guide</citetitle>.</para>
<systemitem class="service">nova-api</systemitem> <para>On Debian systems, it is included in the <systemitem
package, and can be selected through <systemitem class="library">debconf</systemitem>.</para> class="service">nova-api</systemitem> package, and can be
</listitem> selected through <package>debconf</package>.</para>
</itemizedlist> </listitem>
<itemizedlist> </itemizedlist>
<title>Compute core</title> <itemizedlist>
<listitem> <title>Compute core</title>
<para><systemitem class="service">nova-compute</systemitem> <listitem>
process. A worker daemon that creates and terminates <para><systemitem class="service">nova-compute</systemitem>
virtual machine instances through hypervisor APIs. For process. A worker daemon that creates and terminates virtual
example, XenAPI for XenServer/XCP, libvirt for KVM or machine instances through hypervisor APIs. For example, XenAPI
QEMU, VMwareAPI for VMware, and so on. The process by for XenServer/XCP, libvirt for KVM or QEMU, VMwareAPI for
which it does so is fairly complex but the basics are VMware, and so on. The process by which it does so is fairly
simple: Accept actions from the queue and perform a series complex but the basics are simple: Accept actions from the
of system commands, like launching a KVM instance, to queue and perform a series of system commands, like launching
carry them out while updating state in the a KVM instance, to carry them out while updating state in the
database.</para> database.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service" <para><systemitem class="service">nova-scheduler</systemitem>
>nova-scheduler</systemitem> process. Conceptually the process. Conceptually the simplest piece of code in Compute.
simplest piece of code in Compute. Takes a virtual machine Takes a virtual machine instance request from the queue and
instance request from the queue and determines on which determines on which compute server host it should run.</para>
compute server host it should run.</para> </listitem>
</listitem> <listitem>
<listitem> <para><systemitem class="service">nova-conductor</systemitem>
<para><systemitem class="service" module. Mediates interactions between <systemitem
>nova-conductor</systemitem> module. Mediates class="service">nova-compute</systemitem> and the database.
interactions between <systemitem class="service" Aims to eliminate direct accesses to the cloud database made
>nova-compute</systemitem> and the database. Aims to by <systemitem class="service">nova-compute</systemitem>. The
eliminate direct accesses to the cloud database made by <systemitem class="service">nova-conductor</systemitem>
<systemitem class="service">nova-compute</systemitem>. module scales horizontally. However, do not deploy it on any
The <systemitem class="service" nodes where <systemitem class="service"
>nova-conductor</systemitem> module scales horizontally. >nova-compute</systemitem> runs. For more information, see
However, do not deploy it on any nodes where <systemitem <link
class="service">nova-compute</systemitem> runs. For more xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/"
information, see <link >A new Nova service: nova-conductor</link>.</para>
xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/" </listitem>
>A new Nova service: nova-conductor</link>.</para> </itemizedlist>
</listitem> <itemizedlist>
</itemizedlist> <title>Networking for VMs</title>
<itemizedlist> <listitem>
<title>Networking for VMs</title> <para><systemitem class="service">nova-network</systemitem>
<listitem> worker daemon. Similar to <systemitem class="service"
<para><systemitem class="service">nova-network</systemitem> >nova-compute</systemitem>, it accepts networking tasks from
worker daemon. Similar to <systemitem class="service" the queue and performs tasks to manipulate the network, such
>nova-compute</systemitem>, it accepts networking tasks as setting up bridging interfaces or changing iptables rules.
from the queue and performs tasks to manipulate the This functionality is being migrated to OpenStack Networking,
network, such as setting up bridging interfaces or which is a separate OpenStack service.</para>
changing iptables rules. This functionality is being </listitem>
migrated to OpenStack Networking, which is a separate <listitem>
OpenStack service.</para> <para><systemitem class="service">nova-dhcpbridge</systemitem>
</listitem> script. Tracks IP address leases and records them in the
<listitem> database by using the dnsmasq <literal>dhcp-script</literal>
<para><systemitem class="service" facility. This functionality is being migrated to OpenStack
>nova-dhcpbridge</systemitem> script. Tracks IP address Networking. OpenStack Networking provides a different
leases and records them in the database by using the script.</para>
dnsmasq <literal>dhcp-script</literal> facility. This </listitem>
functionality is being migrated to OpenStack Networking. </itemizedlist>
OpenStack Networking provides a different script.</para> <?hard-pagebreak?>
</listitem> <itemizedlist>
</itemizedlist> <title>Console interface</title>
<?hard-pagebreak?> <listitem>
<itemizedlist> <para><systemitem class="service">nova-consoleauth</systemitem>
<title>Console interface</title> daemon. Authorizes tokens for users that console proxies
<listitem> provide. See <systemitem class="service"
<para><systemitem class="service" >nova-novncproxy</systemitem> and <systemitem
>nova-consoleauth</systemitem> daemon. Authorizes tokens class="service">nova-xvpnvcproxy</systemitem>. This service
for users that console proxies provide. See <systemitem must be running for console proxies to work. Many proxies of
class="service">nova-novncproxy</systemitem> and either type can be run against a single <systemitem
<systemitem class="service" class="service">nova-consoleauth</systemitem> service in a
>nova-xvpnvcproxy</systemitem>. This service must be cluster configuration. For information, see <link
running for console proxies to work. Many proxies of xlink:href="http://docs.openstack.org/trunk/config-reference/content/about-nova-consoleauth.html"
either type can be run against a single <systemitem >About nova-consoleauth</link>.</para>
class="service">nova-consoleauth</systemitem> service in </listitem>
a cluster configuration. For information, see <link <listitem>
xlink:href="http://docs.openstack.org/trunk/config-reference/content/about-nova-consoleauth.html" <para><systemitem class="service">nova-novncproxy</systemitem>
>About nova-consoleauth</link>.</para> daemon. Provides a proxy for accessing running instances
</listitem> through a VNC connection. Supports browser-based novnc
<listitem> clients.</para>
<para><systemitem class="service" </listitem>
>nova-novncproxy</systemitem> daemon. Provides a proxy <listitem>
for accessing running instances through a VNC connection. <para><systemitem class="service">nova-console</systemitem>
Supports browser-based novnc clients.</para> daemon. Deprecated for use with Grizzly. Instead, the
</listitem> <systemitem class="service">nova-xvpnvncproxy</systemitem>
<listitem> is used.</para>
<para><systemitem class="service">nova-console</systemitem> </listitem>
daemon. Deprecated for use with Grizzly. Instead, the <listitem>
<systemitem class="service" <para><systemitem class="service">nova-xvpnvncproxy</systemitem>
>nova-xvpnvncproxy</systemitem> is used.</para> daemon. A proxy for accessing running instances through a VNC
</listitem> connection. Supports a Java client specifically designed for
<listitem> OpenStack.</para>
<para><systemitem class="service" </listitem>
>nova-xvpnvncproxy</systemitem> daemon. A proxy for <listitem>
accessing running instances through a VNC connection. <para><systemitem class="service">nova-cert</systemitem> daemon.
Supports a Java client specifically designed for Manages x509 certificates.</para>
OpenStack.</para> </listitem>
</listitem> </itemizedlist>
<listitem> <para os="debian">In Debian, a unique
<para><systemitem class="service">nova-cert</systemitem>
daemon. Manages x509 certificates.</para>
</listitem>
</itemizedlist>
<para os="debian">In Debian, a unique
<package>nova-consoleproxy</package> package provides the <package>nova-consoleproxy</package> package provides the
<package>nova-novncproxy</package>, <package>nova-novncproxy</package>,
<package>nova-spicehtml5proxy</package>, and <package>nova-spicehtml5proxy</package>, and
@ -149,64 +144,61 @@
the <package>debconf</package> interface. You can also manually the <package>debconf</package> interface. You can also manually
edit the <filename>/etc/default/nova-consoleproxy</filename> file edit the <filename>/etc/default/nova-consoleproxy</filename> file
and stop and start the console daemons.</para> and stop and start the console daemons.</para>
<itemizedlist> <itemizedlist>
<title>Image Management (EC2 scenario)</title> <title>Image management (EC2 scenario)</title>
<listitem> <listitem>
<para><systemitem class="service" <para><systemitem class="service">nova-objectstore</systemitem>
>nova-objectstore</systemitem> daemon. Provides an S3 daemon. Provides an S3 interface for registering images with
interface for registering images with the Image Service. the Image Service. Mainly used for installations that must
Mainly used for installations that must support euca2ools. support euca2ools. The euca2ools tools talk to <systemitem
The euca2ools tools talk to <systemitem class="service" class="service">nova-objectstore</systemitem> in <emphasis
>nova-objectstore</systemitem> in <emphasis role="italic">S3 language</emphasis>, and <systemitem
role="italic">S3 language</emphasis>, and <systemitem class="service">nova-objectstore</systemitem> translates S3
class="service">nova-objectstore</systemitem> translates requests into Image Service requests.</para>
S3 requests into Image Service requests.</para> </listitem>
</listitem> <listitem>
<listitem> <para>euca2ools client. A set of command-line interpreter
<para>euca2ools client. A set of command-line interpreter commands for managing cloud resources. Though not an OpenStack
commands for managing cloud resources. Though not an module, you can configure <systemitem class="service"
OpenStack module, you can configure <systemitem >nova-api</systemitem> to support this EC2 interface. For
class="service">nova-api</systemitem> to support this more information, see the <link
EC2 interface. For more information, see the <link xlink:href="http://www.eucalyptus.com/eucalyptus-cloud/documentation/2.0"
xlink:href="http://www.eucalyptus.com/eucalyptus-cloud/documentation/2.0" >Eucalyptus 2.0 Documentation</link>.</para>
>Eucalyptus 2.0 Documentation</link>.</para> </listitem>
</listitem> </itemizedlist>
</itemizedlist> <itemizedlist>
<itemizedlist> <title>Command-line clients and other interfaces</title>
<title>Command Line Interpreter/Interfaces</title> <listitem>
<listitem> <para>nova client. Enables users to submit commands as a tenant
<para>nova client. Enables users to submit commands as a administrator or end user.</para>
tenant administrator or end user.</para> </listitem>
</listitem> <listitem>
<listitem> <para>nova-manage client. Enables cloud administrators to submit
<para>nova-manage client. Enables cloud administrators to commands.</para>
submit commands.</para> </listitem>
</listitem> </itemizedlist>
</itemizedlist> <itemizedlist>
<itemizedlist> <title>Other components</title>
<title>Other components</title> <listitem>
<listitem> <para>The queue. A central hub for passing messages between
<para>The queue. A central hub for passing messages between daemons. Usually implemented with <link
daemons. Usually implemented with <link xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>, but
xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>, could be any AMPQ message queue, such as <link
but could be any AMPQ message queue, such as <link xlink:href="http://qpid.apache.org/">Apache Qpid</link> or
xlink:href="http://qpid.apache.org/">Apache Qpid</link> <link xlink:href="http://www.zeromq.org/">Zero
or <link xlink:href="http://www.zeromq.org/">Zero MQ</link>.</para>
MQ</link>.</para> </listitem>
</listitem> <listitem>
<listitem> <para>SQL database. Stores most build-time and runtime states
<para>SQL database. Stores most build-time and runtime for a cloud infrastructure. Includes instance types that are
states for a cloud infrastructure. Includes instance types available for use, instances in use, available networks, and
that are available for use, instances in use, available projects. Theoretically, OpenStack Compute can support any
networks, and projects. Theoretically, OpenStack Compute database that SQL-Alchemy supports, but the only databases
can support any database that SQL-Alchemy supports, but widely used are sqlite3 databases (only appropriate for test
the only databases widely used are sqlite3 databases and development work), MySQL, and PostgreSQL.</para>
(only appropriate for test and development work), MySQL, </listitem>
and PostgreSQL.</para> </itemizedlist>
</listitem> <para>The Compute Service interacts with other OpenStack services:
</itemizedlist> Identity Service for authentication, Image Service for images, and
<para>The Compute Service interacts with other OpenStack the OpenStack dashboard for a web interface.</para>
services: Identity Service for authentication, Image Service
for images, and the OpenStack dashboard for a web
interface.</para>
</section> </section>

2
doc/common/section_getstart_logical_arch.xml
View File

@ -26,7 +26,7 @@
architecture for an OpenStack cloud:</para> architecture for an OpenStack cloud:</para>
<!-- Source files in this repository in doc/src/docbkx/common/figures/openstack-arch-havana-v1.zip --> <!-- Source files in this repository in doc/src/docbkx/common/figures/openstack-arch-havana-v1.zip -->
<figure xml:id="os-logical-arch"> <figure xml:id="os-logical-arch">
<title>OpenStack logical architecture</title> <title>Logical architecture</title>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata <imagedata

4
doc/common/section_getstart_metering.xml
View File

@ -28,7 +28,7 @@
repudiated.</para> repudiated.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>
<para>The system consists of the following basic <para>The system consists of the following basic
components:</para> components:</para>
<itemizedlist> <itemizedlist>
@ -63,7 +63,7 @@
>ceilometer-alarm-notifier</systemitem>). Runs on one or more >ceilometer-alarm-notifier</systemitem>). Runs on one or more
central management servers to allow settting alarms based on central management servers to allow settting alarms based on
threshold evaluation for a collection of samples. threshold evaluation for a collection of samples.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para>A data store. A database capable of handling <para>A data store. A database capable of handling

88
doc/common/section_getstart_networking.xml
View File

@ -1,45 +1,43 @@
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="networking-service-overview"> xml:id="networking-service-overview">
<title>Networking Service Overview</title> <title>Networking service overview</title>
<para>Provides network-connectivity-as-a-service between <para>Provides network-connectivity-as-a-service between interface
interface devices that are managed by other OpenStack devices that are managed by other OpenStack services, usually
services, usually Compute. Enables users to create and attach Compute. Enables users to create and attach interfaces to
interfaces to networks. Like many OpenStack services, networks. Like many OpenStack services, OpenStack Networking is
OpenStack Networking is highly configurable due to its plug-in highly configurable due to its plug-in architecture. These
architecture. These plug-ins accommodate different networking plug-ins accommodate different networking equipment and software.
equipment and software. Consequently, the architecture and Consequently, the architecture and deployment vary
deployment vary dramatically.</para> dramatically.</para>
<para>Includes the following components:</para> <para>Includes the following components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><systemitem class="service" <para><systemitem class="service">neutron-server</systemitem>.
>neutron-server</systemitem>. Accepts and routes API Accepts and routes API requests to the appropriate OpenStack
requests to the appropriate OpenStack Networking plug-in Networking plug-in for action.</para>
for action.</para> </listitem>
</listitem> <listitem>
<listitem> <para>OpenStack Networking plug-ins and agents. Plugs and
<para>OpenStack Networking plug-ins and agents. Plugs and unplugs ports, creates networks or subnets, and provides IP
unplugs ports, creates networks or subnets, and provides addressing. These plug-ins and agents differ depending on the
IP addressing. These plug-ins and agents differ depending vendor and technologies used in the particular cloud.
on the vendor and technologies used in the particular OpenStack Networking ships with plug-ins and agents for Cisco
cloud. OpenStack Networking ships with plug-ins and agents virtual and physical switches, Nicira NVP product, NEC
for Cisco virtual and physical switches, Nicira NVP OpenFlow products, Open vSwitch, Linux bridging, and the Ryu
product, NEC OpenFlow products, Open vSwitch, Linux Network Operating System.</para>
bridging, and the Ryu Network Operating System.</para> <para>The common agents are L3 (layer 3), DHCP (dynamic host IP
<para>The common agents are L3 (layer 3), DHCP (dynamic host addressing), and a plug-in agent.</para>
IP addressing), and a plug-in agent.</para> </listitem>
</listitem> <listitem>
<listitem> <para>Messaging queue. Most OpenStack Networking installations
<para>Messaging queue. Most OpenStack Networking make use of a messaging queue to route information between the
installations make use of a messaging queue to route neutron-server and various agents as well as a database to
information between the neutron-server and various agents store networking state for particular plug-ins.</para>
as well as a database to store networking state for </listitem>
particular plug-ins.</para> </itemizedlist>
</listitem> <para>OpenStack Networking interacts mainly with OpenStack Compute,
</itemizedlist> where it provides networks and connectivity for its
<para>OpenStack Networking interacts mainly with OpenStack instances.</para>
Compute, where it provides networks and connectivity for its </section>
instances.</para>
</section>

93
doc/common/section_getstart_object-storage.xml
View File

@ -1,47 +1,46 @@
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="object-storage-service"> xml:id="object-storage-service">
<title>Object Storage Service</title> <title>Object Storage service</title>
<para>The Object Storage Service is a highly scalable and <para>The Object Storage service is a highly scalable and durable
durable multi-tenant object storage system for large amounts multi-tenant object storage system for large amounts of
of unstructured data at low cost through a RESTful http unstructured data at low cost through a RESTful HTTP API.</para>
API.</para> <para>It includes the following components:</para>
<para>It includes the following components:</para> <itemizedlist>
<itemizedlist> <listitem>
<listitem> <para>Proxy servers (<systemitem class="service"
<para>Proxy Servers (<systemitem class="service" >swift-proxy-server</systemitem>). Accepts Object Storage
>swift-proxy-server</systemitem>). Accepts Object Storage API and raw HTTP requests to upload files, modify metadata,
API and raw HTTP requests to upload files, modify and create containers. It also serves file or container
metadata, and create containers. It also serves file or listings to web browsers. To improve performance, the proxy
container listings to web browsers. To improve server can use an optional cache usually deployed with
performance, the proxy server can use an optional cache memcache.</para>
usually deployed with memcache.</para> </listitem>
</listitem> <listitem>
<listitem> <para>Account servers (<systemitem class="service"
<para>Account servers (<systemitem >swift-account-server</systemitem>). Manage accounts defined
class="service">swift-account-server</systemitem>). Manage with the Object Storage service.</para>
accounts defined with the Object Storage Service.</para> </listitem>
</listitem> <listitem>
<listitem> <para>Container servers (<systemitem class="service"
<para>Container servers (<systemitem >swift-container-server</systemitem>). Manage a mapping of
class="service">swift-container-server</systemitem>). Manage containers, or folders, within the Object Storage
a mapping of containers, or folders, within the Object service.</para>
Storage Service.</para> </listitem>
</listitem> <listitem>
<listitem> <para>Object servers (<systemitem class="service"
<para>Object servers (<systemitem >swift-object-server</systemitem>). Manage actual objects,
class="service">swift-object-server</systemitem>). Manage such as files, on the storage nodes.</para>
actual objects, such as files, on the storage nodes.</para> </listitem>
</listitem> <listitem>
<listitem> <para>A number of periodic processes. Performs housekeeping
<para>A number of periodic processes. Performs housekeeping tasks on the large data store. The replication services ensure
tasks on the large data store. The replication services consistency and availability through the cluster. Other
ensure consistency and availability through the cluster. periodic processes include auditors, updaters, and
Other periodic processes include auditors, updaters, and reapers.</para>
reapers.</para> </listitem>
</listitem> </itemizedlist>
</itemizedlist> <para>Configurable WSGI middleware that handles authentication.
<para>Configurable WSGI middleware, which is usually the Usually the Identity Service.</para>
Identity Service, handles authentication.</para> </section>
</section>

82
doc/common/section_getstart_orchestration.xml
View File

@ -1,43 +1,43 @@
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="orchestration-service"> xml:id="orchestration-service">
<title>Orchestration Service overview</title> <title>Orchestration service overview</title>
<para>The Orchestration service provides a template-based orchestration <para>The Orchestration service provides a template-based
for describing a cloud application by running OpenStack API calls to orchestration for describing a cloud application by running
generate running cloud applications. The software integrates other core OpenStack API calls to generate running cloud applications. The
components of OpenStack into a one-file template system. The templates software integrates other core components of OpenStack into a
enable you to create most OpenStack resource types, such as instances, one-file template system. The templates enable you to create most
floating IPs, volumes, security groups, users, and so on. Also, provides OpenStack resource types, such as instances, floating IPs,
some more advanced functionality, such as instance high availability, volumes, security groups, users, and so on. Also, provides some
more advanced functionality, such as instance high availability,
instance auto-scaling, and nested stacks. By providing very tight instance auto-scaling, and nested stacks. By providing very tight
integration with other OpenStack core projects, all OpenStack core projects integration with other OpenStack core projects, all OpenStack core
could receive a larger user base.</para> projects could receive a larger user base.</para>
<para>The service enables deployers to integrate with the Orchestration <para>The service enables deployers to integrate with the
service directly or through custom plug-ins.</para> Orchestration service directly or through custom plug-ins.</para>
<para>The Orchestration service consists of the following <para>The Orchestration service consists of the following
components:</para> components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><code>heat</code> tool. A CLI that communicates with the <para><code>heat</code> command-line client. A CLI that communicates with the
heat-api to run AWS CloudFormation APIs. End developers could also use heat-api to run AWS CloudFormation APIs. End developers could
the Orchestration REST API directly.</para> also use the Orchestration REST API directly.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><code>heat-api</code> component. Provides an <para><code>heat-api</code> component. Provides an
OpenStack-native REST API that processes API requests by OpenStack-native REST API that processes API requests by
sending them to the heat-engine over RPC.</para> sending them to the heat-engine over RPC.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><code>heat-api-cfn</code> component. Provides an AWS <para><code>heat-api-cfn</code> component. Provides an AWS Query
Query API that is compatible with AWS CloudFormation and API that is compatible with AWS CloudFormation and processes
processes API requests by sending them to the heat-engine API requests by sending them to the heat-engine over
over RPC.</para> RPC.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><code>heat-engine</code>. Orchestrates the launching <para><code>heat-engine</code>. Orchestrates the launching of
of templates and provides events back to the API templates and provides events back to the API consumer.</para>
consumer.</para> </listitem>
</listitem> </itemizedlist>
</itemizedlist> </section>
</section>

4
doc/common/section_glance_cli_manage_images.xml
View File

@ -105,7 +105,7 @@
}]</programlisting></para> }]</programlisting></para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>
<para>After you restart the Image Service, you can use the following syntax to view the image's location information:</para> <para>After you restart the Image Service, you can use the following syntax to view the image's location information:</para>
<screen><prompt>$</prompt> <userinput>glance --os-image-api-version=2 image-show <replaceable>imageID</replaceable></userinput></screen> <screen><prompt>$</prompt> <userinput>glance --os-image-api-version=2 image-show <replaceable>imageID</replaceable></userinput></screen>
<para>For example:</para> <para>For example:</para>
@ -302,7 +302,7 @@
<para>e1000</para> <para>e1000</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>

240
doc/common/section_host_aggregates.xml
View File

@ -1,96 +1,114 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="host-aggregates"> xml:id="host-aggregates">
<title>Host aggregates</title> <title>Host aggregates</title>
<simplesect> <para>Host aggregates are a mechanism to further partition an
<title>Overview</title> availability zone; while availability zones are visible to
<para>Host aggregates are a mechanism to further partition an availability zone; while availability users, host aggregates are only visible to administrators.
zones are visible to users, host aggregates are only visible to administrators. Host Aggregates provide a mechanism to allow administrators to
Host Aggregates provide a mechanism to allow administrators to assign key-value pairs to assign key-value pairs to groups of machines. Each node can
groups of machines. Each node can have multiple aggregates, each aggregate can have have multiple aggregates, each aggregate can have multiple
multiple key-value pairs, and the same key-value pair can be assigned to multiple key-value pairs, and the same key-value pair can be assigned
aggregate. This information can be used in the scheduler to enable advanced scheduling, to multiple aggregates. This information can be used in the
to set up hypervisor resource pools or to define logical groups for migration.</para> scheduler to enable advanced scheduling, to set up hypervisor
</simplesect> resource pools or to define logical groups for
migration.</para>
<simplesect> <simplesect>
<title>Command-line interface</title> <title>Command-line interface</title>
<para>The <command>nova</command> command-line tool supports the following aggregate-related <para>The <command>nova</command> command-line tool supports
commands. <variablelist> the following aggregate-related commands. <variablelist>
<varlistentry> <varlistentry>
<term><command>nova aggregate-list</command></term> <term><command>nova
aggregate-list</command></term>
<listitem> <listitem>
<para>Print a list of all aggregates.</para> <para>Print a list of all aggregates.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-create <replaceable>&lt;name></replaceable> <term><command>nova aggregate-create
<replaceable>&lt;name></replaceable>
<replaceable>&lt;availability-zone></replaceable></command></term> <replaceable>&lt;availability-zone></replaceable></command></term>
<listitem> <listitem>
<para>Create a new aggregate named <para>Create a new aggregate named
<replaceable>&lt;name></replaceable> in <replaceable>&lt;name></replaceable>
availability zone in availability zone
<replaceable>&lt;availability-zone></replaceable>. <replaceable>&lt;availability-zone></replaceable>.
Returns the ID of the newly created aggregate. Hosts Returns the ID of the newly created
can be made available to multiple availability aggregate. Hosts can be made available to
zones, but administrators should be careful when multiple availability zones, but
adding the host to a different host aggregate within administrators should be careful when
the same availability zone and pay attention when adding the host to a different host
using the aggregate-set-metadata and aggregate within the same availability
aggregate-update commands to avoid user confusion zone and pay attention when using the
when they boot instances in different availability <command>aggregate-set-metadata</command>
zones. You will see an error message if you cannot and <command>aggregate-update</command>
add a particular host in an aggregate zone it is not commands to avoid user confusion when they
intended for.</para> boot instances in different availability
zones. An error occurs if you cannot add a
particular host to an aggregate zone for
which it is not intended.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-delete <term><command>nova aggregate-delete
<replaceable>&lt;id></replaceable></command></term> <replaceable>&lt;id></replaceable></command></term>
<listitem> <listitem>
<para>Delete an aggregate with id <replaceable>&lt;id></replaceable>.</para> <para>Delete an aggregate with id
<replaceable>&lt;id></replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-details <term><command>nova aggregate-details
<replaceable>&lt;id></replaceable></command></term> <replaceable>&lt;id></replaceable></command></term>
<listitem> <listitem>
<para>Show details of the aggregate with id <para>Show details of the aggregate with id
<replaceable>&lt;id></replaceable>.</para> <replaceable>&lt;id></replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-add-host <replaceable>&lt;id></replaceable> <term><command>nova aggregate-add-host
<replaceable>&lt;id></replaceable>
<replaceable>&lt;host></replaceable></command></term> <replaceable>&lt;host></replaceable></command></term>
<listitem> <listitem>
<para>Add host with name <replaceable>&lt;host></replaceable> to aggregate <para>Add host with name
with id <replaceable>&lt;id></replaceable>.</para> <replaceable>&lt;host></replaceable>
to aggregate with id
<replaceable>&lt;id></replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-remove-host <replaceable>&lt;id></replaceable> <term><command>nova aggregate-remove-host
<replaceable>&lt;id></replaceable>
<replaceable>&lt;host></replaceable></command></term> <replaceable>&lt;host></replaceable></command></term>
<listitem> <listitem>
<para>Remove the host with name <replaceable>&lt;host></replaceable> from <para>Remove the host with name
the aggregate with id <replaceable>&lt;id></replaceable>.</para> <replaceable>&lt;host></replaceable>
from the aggregate with id
<replaceable>&lt;id></replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-set-metadata <replaceable>&lt;id></replaceable> <term><command>nova aggregate-set-metadata
<replaceable>&lt;id></replaceable>
<replaceable>&lt;key=value></replaceable> <replaceable>&lt;key=value></replaceable>
[<replaceable>&lt;key=value></replaceable> ...]</command></term> [<replaceable>&lt;key=value></replaceable>
...]</command></term>
<listitem> <listitem>
<para>Add or update metadata (key-value pairs) associated with the aggregate <para>Add or update metadata (key-value pairs)
with id <replaceable>&lt;id></replaceable>.</para> associated with the aggregate with id
<replaceable>&lt;id></replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova aggregate-update <replaceable>&lt;id></replaceable> <term><command>nova aggregate-update
<replaceable>&lt;id></replaceable>
<replaceable>&lt;name></replaceable> <replaceable>&lt;name></replaceable>
[<replaceable>&lt;availability_zone></replaceable>]</command></term> [<replaceable>&lt;availability_zone></replaceable>]</command></term>
<listitem> <listitem>
<para>Update the aggregate's name and optionally availability zone.</para> <para>Update the name and availability zone
(optional) for the aggregate.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -100,45 +118,59 @@ xml:id="host-aggregates">
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><command>nova host-update --maintenance [enable | <term><command>nova host-update --maintenance
disable]</command></term> [enable | disable]</command></term>
<listitem> <listitem>
<para>Put/resume host into/from maintenance.</para> <para>Put/resume host into/from
maintenance.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist></para> </variablelist></para>
<note><para>These commands are only accessible to administrators. If the username and tenant <note>
you are using to access the Compute service do not have the <literal>admin</literal> <para>Only administrators can access these commands. If
role, or have not been explicitly granted the appropriate privileges, you will see you try to use these commands and the user name and
one of the following errors when trying to use these tenant that you use to access the Compute service do
commands:<screen><computeroutput>ERROR: Policy doesn't allow compute_extension:aggregates to be performed. (HTTP 403) (Request-ID: req-299fbff6-6729-4cef-93b2-e7e1f96b4864) not have the <literal>admin</literal> role or the
</computeroutput></screen><screen><computeroutput>ERROR: Policy doesn't allow compute_extension:hosts to be performed. (HTTP 403) (Request-ID: req-ef2400f6-6776-4ea3-b6f1-7704085c27d1) appropriate privileges, these errors occur:</para>
</computeroutput></screen></para></note> <screen><computeroutput>ERROR: Policy doesn't allow compute_extension:aggregates to be performed. (HTTP 403) (Request-ID: req-299fbff6-6729-4cef-93b2-e7e1f96b4864)
</computeroutput></screen>
<screen><computeroutput>ERROR: Policy doesn't allow compute_extension:hosts to be performed. (HTTP 403) (Request-ID: req-ef2400f6-6776-4ea3-b6f1-7704085c27d1)
</computeroutput></screen>
</note>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Configure scheduler to support host aggregates</title> <title>Configure scheduler to support host aggregates</title>
<para>One common use case for host aggregates is when you want to support scheduling <para>One common use case for host aggregates is when you want
instances to a subset of compute hosts because they have a specific capability. For to support scheduling instances to a subset of compute
example, you may want to allow users to request compute hosts that have SSD drives if hosts because they have a specific capability. For
they need access to faster disk I/O, or access to compute hosts that have GPU cards to example, you may want to allow users to request compute
take advantage of GPU-accelerated code.</para> hosts that have SSD drives if they need access to faster
<para>To configure the scheduler to support host aggregates, the disk I/O, or access to compute hosts that have GPU cards
<literal>scheduler_default_filters</literal> configuration option must contain the to take advantage of GPU-accelerated code.</para>
<literal>AggregateInstanceExtraSpecsFilter</literal> in addition to the other <para>To configure the scheduler to support host aggregates,
filters used by the scheduler. Add the following line to the <literal>scheduler_default_filters</literal>
<filename>/etc/nova/nova.conf</filename> on the host that runs the <systemitem class="service">nova-scheduler</systemitem> configuration option must contain the
service to enable host aggregates filtering, as well as the other filters that are <literal>AggregateInstanceExtraSpecsFilter</literal>
typically in addition to the other filters used by the scheduler.
Add the following line to
<filename>/etc/nova/nova.conf</filename> on the host
that runs the <systemitem class="service"
>nova-scheduler</systemitem> service to enable host
aggregates filtering, as well as the other filters that
are typically
enabled:<programlisting language="ini">scheduler_default_filters=AggregateInstanceExtraSpecsFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter</programlisting></para> enabled:<programlisting language="ini">scheduler_default_filters=AggregateInstanceExtraSpecsFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter</programlisting></para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Example: specify compute hosts with SSDs</title> <title>Example: Specify compute hosts with SSDs</title>
<para>In this example, we configure the Compute service to allow users to request nodes that <para>This example configures the Compute service to enable
have solid-state drives (SSDs). We create a new host aggregate called users to request nodes that have solid-state drives
<literal>fast-io</literal> in the availability zone called <literal>nova</literal>, (SSDs). You create a <literal>fast-io</literal> host
we add the key-value pair <literal>ssd=true</literal> to the aggregate, and then we add aggregate in the <literal>nova</literal> availability zone
compute nodes <literal>node1</literal>, and <literal>node2</literal> to and you add the <literal>ssd=true</literal> key-value pair
it.<screen><prompt>$</prompt> <userinput>nova aggregate-create fast-io nova</userinput> to the aggregate. Then, you add the
<literal>node1</literal>, and <literal>node2</literal>
compute nodes to it.</para>
<screen><prompt>$</prompt> <userinput>nova aggregate-create fast-io nova</userinput>
<computeroutput>+----+---------+-------------------+-------+----------+ <computeroutput>+----+---------+-------------------+-------+----------+
| Id | Name | Availability Zone | Hosts | Metadata | | Id | Name | Availability Zone | Hosts | Metadata |
+----+---------+-------------------+-------+----------+ +----+---------+-------------------+-------+----------+
@ -165,25 +197,30 @@ xml:id="host-aggregates">
+----+---------+-------------------+----------------------+-------------------+ +----+---------+-------------------+----------------------+-------------------+
| 1 | fast-io | nova | [u'node1', u'node2'] | {u'ssd': u'true'} | | 1 | fast-io | nova | [u'node1', u'node2'] | {u'ssd': u'true'} |
+----+---------+-------------------+----------------------+-------------------+</computeroutput> +----+---------+-------------------+----------------------+-------------------+</computeroutput>
</screen></para> </screen>
<para>Next, we use the <command>nova flavor-create</command> command to create a new flavor <para>Use the <command>nova flavor-create</command> command to
called <literal>ssd.large</literal> with an ID of 6, 8GB of RAM, 80GB root disk, and 4 create the <literal>ssd.large</literal> flavor called with
vCPUs. an ID of 6, 8GB of RAM, 80GB root disk, and 4
<screen><prompt>$</prompt> <userinput>nova flavor-create ssd.large 6 8192 80 4</userinput> vCPUs.</para>
<screen><prompt>$</prompt> <userinput>nova flavor-create ssd.large 6 8192 80 4</userinput>
<computeroutput>+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ <computeroutput>+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | extra_specs | | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | extra_specs |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+ +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| 6 | ssd.large | 8192 | 80 | 0 | | 4 | 1 | True | {} | | 6 | ssd.large | 8192 | 80 | 0 | | 4 | 1 | True | {} |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+</computeroutput></screen></para> +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+</computeroutput></screen>
<para>Once the flavor has been created, we specify one or more key-value pair that must <para>Once the flavor is created, specify one or more
match the key-value pairs on the host aggregates. In this case, there's only one key-value pairs that match the key-value pairs on the host
key-value pair, <literal>ssd=true</literal>. Setting a key-value pair on a flavor is aggregates. In this case, that is the
done using the <command>nova flavor-key set_key</command> <literal>ssd=true</literal> key-value pair. Setting a
command.<screen><prompt>#</prompt> <userinput>nova flavor-key set_key --name=ssd.large --key=ssd --value=true</userinput></screen></para> key-value pair on a flavor is done using the <command>nova
<para>Once it is set, you should see the <literal>extra_specs</literal> property of the flavor-key set_key</command> command.</para>
<literal>ssd.large</literal> flavor populated with a key of <literal>ssd</literal> <screen><prompt>#</prompt> <userinput>nova flavor-key set_key --name=ssd.large --key=ssd --value=true</userinput></screen>
and a corresponding value of <para>Once it is set, you should see the
<literal>true</literal>.<screen><prompt>$</prompt> <userinput>nova flavor-show ssd.large</userinput> <literal>extra_specs</literal> property of the
<literal>ssd.large</literal> flavor populated with a
key of <literal>ssd</literal> and a corresponding value of
<literal>true</literal>.</para>
<screen><prompt>$</prompt> <userinput>nova flavor-show ssd.large</userinput>
<computeroutput>+----------------------------+-------------------+ <computeroutput>+----------------------------+-------------------+
| Property | Value | | Property | Value |
+----------------------------+-------------------+ +----------------------------+-------------------+
@ -198,17 +235,22 @@ xml:id="host-aggregates">
| rxtx_factor | 1.0 | | rxtx_factor | 1.0 |
| swap | | | swap | |
| vcpus | 4 | | vcpus | 4 |
+----------------------------+-------------------+</computeroutput></screen></para> +----------------------------+-------------------+</computeroutput></screen>
<para>Now, when a user requests an instance with the <literal>ssd.large</literal> flavor, <para>Now, when a user requests an instance with the
the scheduler will only consider hosts with the <literal>ssd=true</literal> key-value <literal>ssd.large</literal> flavor, the scheduler
pair. In this example, that would only be <literal>node1</literal> and only considers hosts with the <literal>ssd=true</literal>
<literal>node2</literal>.</para> key-value pair. In this example, these are
<literal>node1</literal> and
<literal>node2</literal>.</para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>XenServer hypervisor pools to support live migration</title> <title>XenServer hypervisor pools to support live
<para>When using the XenAPI-based hypervisor, the Compute service uses host aggregates to migration</title>
manage XenServer Resource pools, which are used in supporting live migration. <!--See <link <para>When using the XenAPI-based hypervisor, the Compute
service uses host aggregates to manage XenServer Resource
pools, which are used in supporting live migration.
<!--See <link
linkend="configuring-migrations-xenserver-shared-storage">Configuring Migrations</link> for details on how to linkend="configuring-migrations-xenserver-shared-storage">Configuring Migrations</link> for details on how to
create these kinds of host aggregates to support live migration. --></para> create these kinds of host aggregates to support live migration. --></para>
</simplesect> </simplesect>
</section> </section>

42
doc/common/section_identity-configure.xml
View File

@ -3,16 +3,19 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="keystone-configuration-file"> xml:id="keystone-configuration-file">
<title>Identity Configuration Files</title> <title>Identity Service configuration files</title>
<variablelist> <variablelist>
<varlistentry><term>keystone.conf</term> <varlistentry>
<listitem><para>The Identity Service <term>keystone.conf</term>
<filename>/etc/keystone/keystone.conf</filename> configuration <listitem>
file is an INI-format file with sections.</para> <para>The Identity Service
<para>The <literal>[DEFAULT]</literal> section configures general <filename>/etc/keystone/keystone.conf</filename>
configuration values.</para> configuration file is an INI-format file with
<para>Specific sections, such as the <literal>[sql]</literal> and sections.</para>
<literal>[ec2]</literal> sections, configure individual <para>The <literal>[DEFAULT]</literal> section configures
general configuration values.</para>
<para>Specific sections, such as the <literal>[sql]</literal>
and <literal>[ec2]</literal> sections, configure individual
services.</para> services.</para>
<table rules="all"> <table rules="all">
<caption>keystone.conf file sections</caption> <caption>keystone.conf file sections</caption>
@ -31,7 +34,7 @@
</tr> </tr>
<tr> <tr>
<td><literal>[sql]</literal></td> <td><literal>[sql]</literal></td>
<td>Optional storage backend configuration.</td> <td>Optional storage back-end configuration.</td>
</tr> </tr>
<tr> <tr>
<td><literal>[ec2]</literal></td> <td><literal>[ec2]</literal></td>
@ -68,11 +71,11 @@
</tbody> </tbody>
</table> </table>
<para>When you start the Identity Service, you can use the <para>When you start the Identity Service, you can use the
<literal>--config-file</literal> parameter to specify a <parameter>--config-file</parameter> parameter to specify
configuration file.</para> a configuration file.</para>
<para>If you do not specify a configuration file, the Identity <para>If you do not specify a configuration file, the Identity
Service looks for the <filename>keystone.conf</filename> Service looks for the <filename>keystone.conf</filename>
configuration file in the following directories in the following configuration file in these directories in this
order:</para> order:</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
@ -96,11 +99,16 @@
</para> </para>
</listitem> </listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry><term>keystone-paste.ini</term> <varlistentry>
<listitem><para>The <filename>/etc/keystone/keystone-paste.ini</filename> file <term>keystone-paste.ini</term>
configures the Identity Service WSGI middleware pipeline.</para></listitem> <listitem>
<para>The
<filename>/etc/keystone/keystone-paste.ini</filename> file
configures the Identity Service WSGI middleware
pipeline.</para>
</listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
</section> </section>

53
doc/common/section_keystone-external-auth.xml
View File

@ -1,32 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xml:id="keystone-external-auth" xmlns="http://docbook.org/ns/docbook" <section xml:id="keystone-external-auth"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://docbook.org/ns/docbook"
version="1.0"> xmlns:xi="http://www.w3.org/2001/XInclude"
<title>Using External Authentication with OpenStack Identity</title> xmlns:xlink="http://www.w3.org/1999/xlink" version="1.0">
<para>When Keystone is executed in <literal>apache-httpd</literal> <title>External authentication with the Identity
it is possible to use external authentication methods different Service</title>
from the authentication provided by the identity store backend. <para>When Keystone runs in <literal>apache-httpd</literal>, you
For example, this makes possible to use a SQL identity backend can use external authentication methods that differ from the
together with X.509 authentication, Kerberos, etc. instead of using authentication provided by the identity store back-end. For
the username/password combination.</para> example, you can use an SQL identity back-end together with
X.509 authentication, Kerberos, and so on instead of using the
user name and password combination.</para>
<section xml:id="keystone-httpd-auth"> <section xml:id="keystone-httpd-auth">
<title>Using HTTPD authentication</title> <title>Use HTTPD authentication</title>
<para>Webservers like Apache HTTP support many methods of <para>Web servers, like Apache HTTP, support many methods of
authentication. Keystone can profit from this feature and let the authentication. Keystone can allow the web server to
authentication be done in the webserver, that will pass down the perform the authentication. The web server then passes the
authenticated user to Keystone using the <literal>REMOTE_USER</literal> authenticated user to Keystone by using the
environment variable. This user must exist in advance in the identity <literal>REMOTE_USER</literal> environment variable.
backend so as to get a token from the controller. To use this method, This user must already exist in the Identity Service
OpenStack Identity should be running on <literal>apache-httpd</literal>. back-end so as to get a token from the controller. To use
</para> this method, the Identity Service should run on
<literal>apache-httpd</literal>.</para>
</section> </section>
<section xml:id="keystone-x509-auth"> <section xml:id="keystone-x509-auth">
<title>Using X.509</title> <title>Use X.509</title>
<para>The following snippet for the Apache conf will authenticate <para>The following Apache configuration snippet authenticates
the user based on a valid X.509 certificate from a known CA: the user based on a valid X.509 certificate from a known
<programlisting> &lt;VirtualHost _default_:5000&gt; CA:</para>
<programlisting> &lt;VirtualHost _default_:5000&gt;
SSLEngine on SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl.cert SSLCertificateFile /etc/ssl/certs/ssl.cert
SSLCertificateKeyFile /etc/ssl/private/ssl.key SSLCertificateKeyFile /etc/ssl/private/ssl.key
@ -39,6 +41,5 @@
(...) (...)
&lt;/VirtualHost&gt;</programlisting> &lt;/VirtualHost&gt;</programlisting>
</para>
</section> </section>
</section> </section>

20
doc/common/section_keystone-sample-conf-files.xml
View File

@ -1,28 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section <section xmlns="http://docbook.org/ns/docbook"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
version="5.0"
xml:id="sample-configuration-files"> xml:id="sample-configuration-files">
<title>Identity Sample Configuration Files</title> <title>Identity Service sample configuration files</title>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para> <para>
<filename>etc/keystone.conf.sample</filename> <filename>etc/keystone.conf.sample</filename>
</para><para> </para>
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone.conf.sample"></xi:include></programlisting></para> <para>
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone.conf.sample"/></programlisting></para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<filename>etc/keystone-paste.ini</filename> <filename>etc/keystone-paste.ini</filename>
</para><para> </para>
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone-paste.ini"></xi:include></programlisting></para> <para>
<programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/keystone-paste.ini"/></programlisting></para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>etc/logging.conf.sample</literal> <literal>etc/logging.conf.sample</literal>
</para> </para>
<para><programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/logging.conf.sample"/></programlisting></para> <para><programlisting language="ini"><xi:include parse="text" href="http://git.openstack.org/cgit/openstack/keystone/plain/etc/logging.conf.sample"/></programlisting></para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

142
doc/common/section_keystone-ssl-config.xml
View File

@ -1,12 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section <section xmlns="http://docbook.org/ns/docbook"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
version="5.0"
xml:id="keystone-ssl-config"> xml:id="keystone-ssl-config">
<title>Configure the Identity Service with SSL</title> <title>Configure the Identity Service with SSL</title>
<para>You can configure the Identity Service to support 2-way <para>You can configure the Identity Service to support two-way
SSL.</para> SSL.</para>
<para>You must obtain the x509 certificates externally and <para>You must obtain the x509 certificates externally and
configure them.</para> configure them.</para>
@ -15,50 +13,49 @@
>examples/pki/certs</filename> and <filename >examples/pki/certs</filename> and <filename
class="directory">examples/pki/private</filename> class="directory">examples/pki/private</filename>
directories:</para> directories:</para>
<variablelist><title>Certificate types</title> <variablelist>
<varlistentry> <title>Certificate types</title>
<term>cacert.pem <varlistentry>
</term> <term>cacert.pem </term>
<listitem> <listitem>
<para>Certificate Authority chain to validate against.</para> <para>Certificate Authority chain to validate
</listitem> against.</para>
</varlistentry> </listitem>
<varlistentry> </varlistentry>
<term>ssl_cert.pem <varlistentry>
</term> <term>ssl_cert.pem </term>
<listitem> <listitem>
<para>Public certificate for Identity Service <para>Public certificate for Identity Service
server.</para> server.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>middleware.pem <term>middleware.pem </term>
</term> <listitem>
<listitem> <para>Public and private certificate for Identity
<para>Public and private certificate for Service middleware/client.</para>
Identity Service middleware/client.</para> </listitem>
</listitem> </varlistentry>
</varlistentry> <varlistentry>
<varlistentry> <term>cakey.pem </term>
<term>cakey.pem <listitem>
</term> <para>Private key for the CA.</para>
<listitem> </listitem>
<para>Private key for the CA.</para> </varlistentry>
</listitem> <varlistentry>
</varlistentry> <term>ssl_key.pem </term>
<varlistentry> <listitem>
<term>ssl_key.pem <para>Private key for the Identity Service
</term> server.</para>
<listitem> </listitem>
<para>Private key for the Identity Service </varlistentry>
server.</para> </variablelist>
</listitem> <note>
</varlistentry> <para>You can choose names for these certificates. You can
</variablelist> also combine the public/private keys in the same file, if
<note><para>You can choose names for you wish. These certificates are provided as an
these certificates. You can also combine the public/private keys in the example.</para>
same file, if you wish. These certificates are provided as </note>
an example.</para></note>
<section xml:id="ssl-configuration"> <section xml:id="ssl-configuration">
<title>SSL configuration</title> <title>SSL configuration</title>
<para>To enable SSL with client authentication, modify the <para>To enable SSL with client authentication, modify the
@ -66,35 +63,36 @@
<filename>etc/keystone.conf</filename> file. The <filename>etc/keystone.conf</filename> file. The
following SSL configuration example uses the included following SSL configuration example uses the included
sample certificates:</para> sample certificates:</para>
<programlisting language="ini">[ssl] <programlisting language="ini">[ssl]
enable = True enable = True
certfile = &lt;path to keystone.pem&gt; certfile = &lt;path to keystone.pem&gt;
keyfile = &lt;path to keystonekey.pem&gt; keyfile = &lt;path to keystonekey.pem&gt;
ca_certs = &lt;path to ca.pem&gt; ca_certs = &lt;path to ca.pem&gt;
cert_required = True</programlisting> cert_required = True</programlisting>
<itemizedlist><title>Options</title> <itemizedlist>
<title>Options</title>
<listitem> <listitem>
<para><literal>enable</literal>. True enables SSL. <para><literal>enable</literal>. True enables SSL.
Default is False.</para> Default is False.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><literal>certfile</literal>. Path to the Identity <para><literal>certfile</literal>. Path to the
Service public certificate file.</para> Identity Service public certificate file.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><literal>keyfile</literal>. Path to the <para><literal>keyfile</literal>. Path to the Identity
Identity Service private certificate file. If you Service private certificate file. If you include
include the private key in the certfile, you can the private key in the certfile, you can omit the
omit the keyfile.</para> keyfile.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><literal>ca_certs</literal>. Path to the CA trust chain. <para><literal>ca_certs</literal>. Path to the CA
</para> trust chain.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><literal>cert_required</literal>. Requires <para><literal>cert_required</literal>. Requires
client certificate. Default is False.</para> client certificate. Default is False.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section>
</section> </section>
</section>

58
doc/common/section_keystone_certificates-for-pki.xml
View File

@ -73,10 +73,12 @@
<literal>None</literal>.</para> <literal>None</literal>.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>If <literal>token_format=UUID</literal>, a typical token will look like <para>If <literal>token_format=UUID</literal>, a typical token
<literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If looks like
<literal>token_format=PKI</literal>, a typical token will be a much longer string, e.g.: <literal>53f7f6ef0cc344b5be706bcc8b1479e1</literal>. If
<screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z <literal>token_format=PKI</literal>, a typical token is a
much longer string, such as:</para>
<screen>MIIKtgYJKoZIhvcNAQcCoIIKpzCCCqMCAQExCTAHBgUrDgMCGjCCCY8GCSqGSIb3DQEHAaCCCYAEggl8eyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxMy0wNS0z
MFQxNTo1MjowNi43MzMxOTgiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMxVDE1OjUyOjA2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVs MFQxNTo1MjowNi43MzMxOTgiLCAiZXhwaXJlcyI6ICIyMDEzLTA1LTMxVDE1OjUyOjA2WiIsICJpZCI6ICJwbGFjZWhvbGRlciIsICJ0ZW5hbnQiOiB7ImRlc2NyaXB0aW9uIjogbnVs
bCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiYzJjNTliNGQzZDI4NGQ4ZmEwOWYxNjljYjE4MDBlMDYiLCAibmFtZSI6ICJkZW1vIn19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRw bCwgImVuYWJsZWQiOiB0cnVlLCAiaWQiOiAiYzJjNTliNGQzZDI4NGQ4ZmEwOWYxNjljYjE4MDBlMDYiLCAibmFtZSI6ICJkZW1vIn19LCAic2VydmljZUNhdGFsb2ciOiBbeyJlbmRw
b2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTkyLjE2OC4yNy4xMDA6ODc3NC92Mi9jMmM1OWI0ZDNkMjg0ZDhmYTA5ZjE2OWNiMTgwMGUwNiIsICJyZWdpb24iOiAiUmVnaW9u b2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRwOi8vMTkyLjE2OC4yNy4xMDA6ODc3NC92Mi9jMmM1OWI0ZDNkMjg0ZDhmYTA5ZjE2OWNiMTgwMGUwNiIsICJyZWdpb24iOiAiUmVnaW9u
@ -102,28 +104,27 @@ OiBbeyJuYW1lIjogImFub3RoZXJyb2xlIn0sIHsibmFtZSI6ICJNZW1iZXIifV0sICJuYW1lIjogImRl
YWRiODM3NDVkYzQzNGJhMzk5ODllNjBjOTIzYWZhMjgiLCAiMzM2ZTFiNjE1N2Y3NGFmZGJhNWUwYTYwMWUwNjM5MmYiXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYD YWRiODM3NDVkYzQzNGJhMzk5ODllNjBjOTIzYWZhMjgiLCAiMzM2ZTFiNjE1N2Y3NGFmZGJhNWUwYTYwMWUwNjM5MmYiXX19fTGB-zCB-AIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYD
VQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCAHLpsEs2R VQQIEwVVbnNldDEOMAwGA1UEBxMFVW5zZXQxDjAMBgNVBAoTBVVuc2V0MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20CAQEwBwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCAHLpsEs2R
nouriuiCgFayIqCssK3SVdhOMINiuJtqv0sE-wBDFiEj-Prcudqlz-n+6q7VgV4mwMPszz39-rwp+P5l4AjrJasUm7FrO-4l02tPLaaZXU1gBQ1jUG5e5aL5jPDP08HbCWuX6wr-QQQB nouriuiCgFayIqCssK3SVdhOMINiuJtqv0sE-wBDFiEj-Prcudqlz-n+6q7VgV4mwMPszz39-rwp+P5l4AjrJasUm7FrO-4l02tPLaaZXU1gBQ1jUG5e5aL5jPDP08HbCWuX6wr-QQQB
SrWY8lF3HrTcJT23sZIleg==</screen></para> SrWY8lF3HrTcJT23sZIleg==</screen>
<section xml:id="signing-certificate-issued-by-external-ca"> <section xml:id="signing-certificate-issued-by-external-ca">
<title>Sign certificate issued by External CA</title> <title>Sign certificate issued by external CA</title>
<para>You may use a signing certificate issued by an external <para>You can use a signing certificate issued by an external
CA instead of generated by CA instead of generated by
<command>keystone-manage</command>. However, <command>keystone-manage</command>. However,
certificate issued by external CA must satisfy the certificate issued by external CA must satisfy the
following conditions:</para> following conditions:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>all certificate and key files must be in <para>all certificate and key files must be in Privacy
Privacy Enhanced Mail (PEM) format</para> Enhanced Mail (PEM) format</para>
</listitem> </listitem>
<listitem> <listitem>
<para>private key files must not be protected by a <para>private key files must not be protected by a
password</para> password</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>When using signing certificate issued by an external <para>When using signing certificate issued by an external CA,
CA, you do not need to specify you do not need to specify <literal>key_size</literal>,
<literal>key_size</literal>, <literal>valid_days</literal>, and
<literal>valid_days</literal>, and
<literal>ca_password</literal> as they will be <literal>ca_password</literal> as they will be
ignored.</para> ignored.</para>
<para>The basic workflow for using a signing certificate <para>The basic workflow for using a signing certificate
@ -131,7 +132,7 @@ SrWY8lF3HrTcJT23sZIleg==</screen></para>
<orderedlist numeration="arabic"> <orderedlist numeration="arabic">
<listitem> <listitem>
<para>Request Signing Certificate from External CA <para>Request Signing Certificate from External CA
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para>Convert certificate and private key to PEM if <para>Convert certificate and private key to PEM if
@ -143,7 +144,8 @@ SrWY8lF3HrTcJT23sZIleg==</screen></para>
</orderedlist> </orderedlist>
</section> </section>
<section xml:id="request-signing-certificate-from-external-ca"> <section xml:id="request-signing-certificate-from-external-ca">
<title>Request a signing certificate from external CA</title> <title>Request a signing certificate from an external
CA</title>
<para>One way to request a signing certificate from an <para>One way to request a signing certificate from an
external CA is to first generate a PKCS #10 Certificate external CA is to first generate a PKCS #10 Certificate
Request Syntax (CRS) using OpenSSL CLI.</para> Request Syntax (CRS) using OpenSSL CLI.</para>
@ -169,18 +171,18 @@ emailAddress = keystone@openstack.org
<para>Then generate a CRS with OpenSSL CLI. <emphasis <para>Then generate a CRS with OpenSSL CLI. <emphasis
role="strong">Do not encrypt the generated private role="strong">Do not encrypt the generated private
key. Must use the -nodes option.</emphasis> key. Must use the -nodes option.</emphasis>
</para> </para>
<para>For example:</para> <para>For example:</para>
<screen><prompt>$</prompt> <userinput>openssl req -newkey rsa:1024 -keyout signing_key.pem -keyform PEM \ <screen><prompt>$</prompt> <userinput>openssl req -newkey rsa:1024 -keyout signing_key.pem -keyform PEM \
-out signing_cert_req.pem -outform PEM -config cert_req.conf -nodes</userinput></screen> -out signing_cert_req.pem -outform PEM -config cert_req.conf -nodes</userinput></screen>
<para>If everything is successfully, you should end up with <para>If everything is successfully, you should end up with
<filename>signing_cert_req.pem</filename> and <filename>signing_cert_req.pem</filename> and
<filename>signing_key.pem</filename>. Send <filename>signing_key.pem</filename>. Send
<filename>signing_cert_req.pem</filename> to your CA to <filename>signing_cert_req.pem</filename> to your CA
request a token signing certificate and make sure to ask to request a token signing certificate and make sure to
the certificate to be in PEM format. Also, make sure your ask the certificate to be in PEM format. Also, make sure
trusted CA certificate chain is also in PEM format. your trusted CA certificate chain is also in PEM format.
</para> </para>
</section> </section>
<section xml:id="install-external-signing-certificate"> <section xml:id="install-external-signing-certificate">
<title>Install an external signing certificate</title> <title>Install an external signing certificate</title>
@ -193,8 +195,9 @@ emailAddress = keystone@openstack.org
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<filename>signing_key.pem</filename> - corresponding <filename>signing_key.pem</filename> -
(non-encrypted) private key in PEM format</para> corresponding (non-encrypted) private key in PEM
format</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
@ -214,10 +217,9 @@ emailAddress = keystone@openstack.org
<para>Make sure the certificate directory is only <para>Make sure the certificate directory is only
accessible by root.</para> accessible by root.</para>
</note> </note>
<para>If your certificate directory path is different from <para>If your certificate directory path is different from the
the default <filename>/etc/keystone/ssl/certs</filename>, default <filename>/etc/keystone/ssl/certs</filename>, make
make sure it is reflected in the sure it is reflected in the <literal>[signing]</literal>
<literal>[signing]</literal> section of the section of the configuration file.</para>
configuration file.</para>
</section> </section>
</section> </section>

2
doc/common/section_keystone_cli_credentials.xml
View File

@ -33,7 +33,7 @@
An endpoint to use instead of the one in An endpoint to use instead of the one in
the service catalog. Defaults to the service catalog. Defaults to
<code>env[OS_SERVICE_ENDPOINT]</code>. <code>env[OS_SERVICE_ENDPOINT]</code>.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>

64
doc/common/section_keystone_db_sync.xml
View File

@ -3,37 +3,42 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="keystone-db_sync"> xml:id="keystone-db_sync">
<title>Migrate the Identity Service Database</title> <title>Migrate the Identity Service database</title>
<para>Between revisions of the Identity service project code-named <para>Between revisions of the Identity Service project, you might
keystone, SQL migrations may need to happen. The keystone need to complete SQL migrations. The Identity Service project
project uses <link uses SQLAlchemy-migrate (see <link
xlink:href="http://code.google.com/p/sqlalchemy-migrate/" xlink:href="http://code.google.com/p/sqlalchemy-migrate/"
>SQLAlchemy-migrate</link> to migrate the SQL database >http://code.google.com/p/sqlalchemy-migrate/</link>) to
between revisions. For core components, the source code stores migrate the SQL database between revisions. For core
migrations in a central repository under a components, the source code stores migrations in a central
<filename>keystone/common/sql/migrate_repo</filename> repository under a
<filename>keystone/common/sql/migrate_repo</filename>
directory.</para> directory.</para>
<para>Extensions to the Identity service may require SQL <para>Extensions to the Identity Service might also require SQL
migrations as well. The directory migrations. The directory
<filename>keystone/contrib/example</filename> in the <filename>keystone/contrib/example</filename> in the
keystone repository contains a sample extension keystone repository contains a sample extension
migration.</para> migration.</para>
<procedure> <procedure>
<title>To set up a migration for an extension</title> <title>To set up a migration for an extension</title>
<step> <step>
<para>Create a directory structure where "my_extension" is <para>Create a directory structure where
the name of the extension: <literal>my_extension</literal> is the name of the
<filename>keystone/contrib/my_extension/migrate_repo/versions/</filename></para> extension, as follows:
<filename>keystone/contrib/my_extension/migrate_repo/versions/</filename>.</para>
</step> </step>
<step> <step>
<para>Create empty <filename>__init__.py</filename> files in the <filename>migrate_repo</filename> <para>Create empty <filename>__init__.py</filename> files
and <filename>versions</filename> subdirectories.</para> in the <filename>migrate_repo</filename> and
<filename>versions</filename>
subdirectories.</para>
</step> </step>
<step> <step>
<para>Create a configuration file in the migrate_repo <para>Create a <filename>migrate.cfg</filename>
subdirectory named <filename>migrate.cfg</filename> conforming to a configuration file in the
key/value ini file format.</para> <filename>migrate_repo</filename> subdirectory,
<para>Here is an example config file.</para> which conforms to a key/value <filename>.ini</filename> file format.</para>
<para>An example configuration file:</para>
<programlisting language="ini">[db_settings] <programlisting language="ini">[db_settings]
repository_id=my_extension repository_id=my_extension
version_table=migrate_version version_table=migrate_version
@ -41,27 +46,28 @@
</step> </step>
</procedure> </procedure>
<procedure> <procedure>
<title>To test and run a migration for a specific <title>To test a migration for a specific extension</title>
extension</title> <para>You can use the <command>keystone-manage</command>
<para>You can use the keystone-manage command with the command with the <command>--extension</command> parameter
parameter --extension both the db_sync and db_version for both the <command>db_sync</command> and
commands. Ensure the required configuration files exist <command>db_version</command> commands. Ensure that the
before doing these steps.</para> required configuration files exist before completing these
steps.</para>
<step> <step>
<para>Test your migrations with "example" as a named <para>Test your migrations with an <literal>example</literal>
extension:</para> extension:</para>
<screen><prompt>#</prompt> <userinput>bin/keystone-manage db_sync --extension example</userinput></screen> <screen><prompt>#</prompt> <userinput>bin/keystone-manage db_sync --extension example</userinput></screen>
</step> </step>
<step> <step>
<para>Migrate to version 1 with this command:</para> <para>Migrate to version 1:</para>
<screen><prompt>#</prompt> <userinput>bin/keystone-manage db_sync --extension example 1</userinput></screen> <screen><prompt>#</prompt> <userinput>bin/keystone-manage db_sync --extension example 1</userinput></screen>
</step> </step>
<step> <step>
<para>Migrate back to version 0 with this command:</para> <para>Migrate back to version 0:</para>
<screen><prompt>#</prompt> <userinput>bin/keystone-manage db_sync --extension example 0</userinput></screen> <screen><prompt>#</prompt> <userinput>bin/keystone-manage db_sync --extension example 0</userinput></screen>
</step> </step>
<step> <step>
<para>Use this command to check the version:</para> <para>Check the version:</para>
<screen><prompt>#</prompt> <userinput>bin/keystone-manage db_version --extension example</userinput></screen> <screen><prompt>#</prompt> <userinput>bin/keystone-manage db_version --extension example</userinput></screen>
</step> </step>
</procedure> </procedure>

182
doc/common/section_kvm_enable.xml
View File

@ -3,99 +3,99 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_kvm_enable"> xml:id="section_kvm_enable">
<title>Enabling KVM</title> <title>Enable KVM</title>
<para>To perform the following steps, you must be logged in as <para>To perform these steps, you must be logged in as the
the <systemitem>root</systemitem> user.</para> <systemitem>root</systemitem> user.</para>
<procedure> <procedure>
<step> <step>
<para>To determine whether the <literal>svm</literal> <para>To determine whether the <literal>svm</literal> or
or <literal>vmx</literal> CPU extensions are <literal>vmx</literal> CPU extensions are present,
present, run the following command:</para> run this command:</para>
<screen><prompt>#</prompt> <userinput>grep -E 'svm|vmx' /proc/cpuinfo</userinput></screen> <screen><prompt>#</prompt> <userinput>grep -E 'svm|vmx' /proc/cpuinfo</userinput></screen>
<para>This command generates output if the CPU is <para>This command generates output if the CPU is
hardware-virtualization capable. Even if output is hardware-virtualization capable. Even if output is
shown, you may still need to enable virtualization shown, you might still need to enable virtualization
in the system BIOS for full support.</para> in the system BIOS for full support.</para>
<para>If no output appears, consult your system <para>If no output appears, consult your system
documentation to ensure that your CPU and documentation to ensure that your CPU and motherboard
motherboard support hardware virtualization. support hardware virtualization. Verify that any
Verify that any relevant hardware virtualization relevant hardware virtualization options are enabled
options are enabled in the system BIOS.</para> in the system BIOS.</para>
<para>Each manufacturer's BIOS is different. If you need to enable virtualization in <para>The BIOS for each manufacturer is different. If you
the BIOS, look for an option containing the words "virtualization", "VT", "VMX", or must enable virtualization in the BIOS, look for an
"SVM." </para> option containing the words
</step> <literal>virtualization</literal>,
<step> <literal>VT</literal>, <literal>VMX</literal>, or
<para>To list the loaded kernel modules and verify <literal>SVM</literal>.</para>
that the <literal>kvm</literal> modules are </step>
loaded, run the following command:</para> <step>
<screen><prompt>#</prompt> <userinput>lsmod | grep kvm</userinput></screen> <para>To list the loaded kernel modules and verify that
<para>If the output includes <systemitem>kvm_intel</systemitem> or the <literal>kvm</literal> modules are loaded, run
<systemitem>kvm_amd</systemitem>, the <systemitem>kvm</systemitem> hardware this command:</para>
virtualization modules are loaded and your kernel meets the module requirements for <screen><prompt>#</prompt> <userinput>lsmod | grep kvm</userinput></screen>
OpenStack Compute.</para> <para>If the output includes
<para>If the output does not show that the kvm module <systemitem>kvm_intel</systemitem> or
is loaded, run the following command to load <systemitem>kvm_amd</systemitem>, the
it:</para> <systemitem>kvm</systemitem> hardware
<screen><prompt>#</prompt> <userinput>modprobe -a kvm</userinput></screen> virtualization modules are loaded and your kernel
<para>Run the command for your CPU. For Intel, run meets the module requirements for OpenStack
this command:</para> Compute.</para>
<screen><prompt>#</prompt> <userinput>modprobe -a kvm-intel</userinput></screen> <para>If the output does not show that the
<para>For AMD, run this command:</para> <literal>kvm</literal> module is loaded, run this
<screen><prompt>#</prompt> <userinput>modprobe -a kvm-amd</userinput></screen> command to load it:</para>
<para>Because a KVM installation can change user group <screen><prompt>#</prompt> <userinput>modprobe -a kvm</userinput></screen>
membership, you might need to log in again for <para>Run the command for your CPU. For Intel, run this
changes to take effect.</para> command:</para>
<para>If the kernel modules do not load automatically, please use the procedures listed <screen><prompt>#</prompt> <userinput>modprobe -a kvm-intel</userinput></screen>
in the subsections below.</para> <para>For AMD, run this command:</para>
</step> <screen><prompt>#</prompt> <userinput>modprobe -a kvm-amd</userinput></screen>
</procedure> <para>Because a KVM installation can change user group
<para>This completes the required checks to ensure that membership, you might need to log in again for changes
hardware virtualization support is available and enabled, to take effect.</para>
and that the correct kernel modules are loaded.</para> <para>If the kernel modules do not load automatically, use
<para>If the checks indicate that required hardware the procedures listed in these subsections.</para>
virtualization support or kernel modules are disabled or </step>
not available, you must either enable this support on the </procedure>
system or find a system with this support.</para> <para>If the checks indicate that required hardware virtualization
<note> support or kernel modules are disabled or unavailable, you
<para>Some systems require that you enable VT support in must either enable this support on the system or find a system
the system BIOS. If you believe your processor with this support.</para>
supports hardware acceleration but the previous <note>
command did not produce output, you might need to <para>Some systems require that you enable VT support in the
reboot your machine, enter the system BIOS, and enable system BIOS. If you believe your processor supports
the VT option.</para> hardware acceleration but the previous command did not
</note> produce output, reboot your machine, enter the system
<para>If KVM acceleration is not supported, configure Compute BIOS, and enable the VT option.</para>
to use a different hypervisor, such as <link </note>
xlink:href="http://docs.openstack.org/trunk/config-reference/content/qemu.html" <para>If KVM acceleration is not supported, configure Compute to
>QEMU</link> or <link use a different hypervisor, such as <link
xlink:href="http://docs.openstack.org/trunk/config-reference/content/introduction-to-xen.html" xlink:href="http://docs.openstack.org/trunk/config-reference/content/qemu.html"
>Xen</link>.</para> >QEMU</link> or <link
<para>The following procedures will help you load the kernel modules for Intel-based and xlink:href="http://docs.openstack.org/trunk/config-reference/content/introduction-to-xen.html"
AMD-based processors if they did not load automatically during KVM installation.</para> >Xen</link>.</para>
<section xml:id="kvm-intel"> <para>These procedures help you load the kernel modules for
<title>Intel-based processors</title> Intel-based and AMD-based processors if they do not load
<para>If your compute host is Intel-based, run the automatically during KVM installation.</para>
following command as root to load the kernel <section xml:id="kvm-intel">
modules:</para> <title>Intel-based processors</title>
<screen><prompt>#</prompt> <userinput>modprobe kvm</userinput> <para>If your compute host is Intel-based, run these commands
as root to load the kernel modules:</para>
<screen><prompt>#</prompt> <userinput>modprobe kvm</userinput>
<prompt>#</prompt> <userinput>modprobe kvm-intel</userinput></screen> <prompt>#</prompt> <userinput>modprobe kvm-intel</userinput></screen>
<para>Add the following lines to the <para>Add these lines to the <filename>/etc/modules</filename>
<filename>/etc/modules</filename> file so that file so that these modules load on reboot:</para>
these modules load on reboot:</para> <programlisting>kvm
<programlisting>kvm
kvm-intel</programlisting> kvm-intel</programlisting>
</section> </section>
<section xml:id="kvm-amd"> <section xml:id="kvm-amd">
<title>AMD-based processors</title> <title>AMD-based processors</title>
<para>If your compute host is AMD-based, run the following <para>If your compute host is AMD-based, run these commands as
command as root to load the kernel modules:</para> root to load the kernel modules:</para>
<screen><prompt>#</prompt> <userinput>modprobe kvm</userinput> <screen><prompt>#</prompt> <userinput>modprobe kvm</userinput>
<prompt>#</prompt> <userinput>modprobe kvm-amd</userinput></screen> <prompt>#</prompt> <userinput>modprobe kvm-amd</userinput></screen>
<para>Add the following lines to <para>Add these lines to <filename>/etc/modules</filename>
<filename>/etc/modules</filename> file so that file so that these modules load on reboot:</para>
these modules load on reboot:</para> <programlisting>kvm
<programlisting>kvm
kvm-amd</programlisting> kvm-amd</programlisting>
</section> </section>
</section> </section>

123
doc/common/section_multiple-compute-nodes.xml
View File

@ -1,32 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="configuring-multiple-compute-nodes"> xml:id="configuring-multiple-compute-nodes">
<title>Configuring Multiple Compute Nodes</title> <title>Configure multiple Compute nodes</title>
<para>If your goal is to split your VM load across more than one <para>To distribute your VM load across more than one server, you
server, you can connect an additional <systemitem can connect an additional <systemitem class="service"
class="service">nova-compute</systemitem> node to a cloud >nova-compute</systemitem> node to a cloud controller
controller node. This configuring can be reproduced on node. You can reproduce this configuration on multiple compute
multiple compute servers to start building a true multi-node servers to build a true multi-node OpenStack Compute
OpenStack Compute cluster.</para> cluster.</para>
<para>To build out and scale the Compute platform, you spread <para>To build and scale the Compute platform, you distribute
out services amongst many servers. While there are additional services across many servers. While you can accomplish this in
ways to accomplish the build-out, this section describes other ways, this section describes how to add compute nodes
adding compute nodes, and the service we are scaling out is and scale out the <systemitem class="service"
called <systemitem class="service" >nova-compute</systemitem> service.</para>
>nova-compute</systemitem>.</para> <para>For a multi-node installation, you make changes to only the
<para>For a multi-node install you only make changes to <filename>nova.conf</filename> file and copy it to
<filename>nova.conf</filename> and copy it to additional additional compute nodes. Ensure that each
compute nodes. Ensure each <filename>nova.conf</filename> file <filename>nova.conf</filename> file points to the correct
points to the correct IP addresses for the respective IP addresses for the respective services.</para>
services.</para> <procedure>
<para>By default, <systemitem class="service">nova-network</systemitem> <step>
sets the bridge device based on the <para>By default, <systemitem class="service"
setting in <literal>flat_network_bridge</literal>. Now you can >nova-network</systemitem> sets the bridge device
edit <filename>/etc/network/interfaces</filename> with the based on the setting in
following template, updated with your IP information.</para> <literal>flat_network_bridge</literal>. Update
<programlisting language="bash"># The loopback network interface your IP information in the
<filename>/etc/network/interfaces</filename> file
by using this template:</para>
<programlisting language="bash"># The loopback network interface
auto lo auto lo
iface lo inet loopback iface lo inet loopback
@ -44,30 +47,40 @@ iface br100 inet static
gateway <replaceable>xxx.xxx.xxx.xxx</replaceable> gateway <replaceable>xxx.xxx.xxx.xxx</replaceable>
# dns-* options are implemented by the resolvconf package, if installed # dns-* options are implemented by the resolvconf package, if installed
dns-nameservers <replaceable>xxx.xxx.xxx.xxx</replaceable></programlisting> dns-nameservers <replaceable>xxx.xxx.xxx.xxx</replaceable></programlisting>
<para>Restart networking:</para> </step>
<screen><prompt>$</prompt> <userinput>sudo service networking restart</userinput></screen> <step>
<para>With <filename>nova.conf</filename> updated and networking <para>Restart networking:</para>
set, configuration is nearly complete. First, bounce the <screen><prompt>$</prompt> <userinput>sudo service networking restart</userinput></screen>
relevant services to take the latest updates:</para> </step>
<screen><prompt>$</prompt> <userinput>sudo service libvirtd restart</userinput> <step>
$ <userinput>sudo service nova-compute restart</userinput></screen> <para>Bounce the relevant services to take the latest
<para>To avoid issues with KVM and permissions with Nova, run updates:</para>
the following commands to ensure we have VM's that are running <screen><prompt>$</prompt> <userinput>sudo service libvirtd restart</userinput>
optimally:</para> <prompt>$</prompt> <userinput>sudo service nova-compute restart</userinput></screen>
<screen><prompt>#</prompt> <userinput>chgrp kvm /dev/kvm</userinput> </step>
<step>
<para>To avoid issues with KVM and permissions with Nova,
run these commands to ensure that your VMs run
optimally:</para>
<screen><prompt>#</prompt> <userinput>chgrp kvm /dev/kvm</userinput>
<prompt>#</prompt> <userinput>chmod g+rwx /dev/kvm</userinput></screen> <prompt>#</prompt> <userinput>chmod g+rwx /dev/kvm</userinput></screen>
<para>Any server that does not have </step>
<command>nova-api</command> running on it needs this <step>
iptables entry so that images can get metadata info. On <para>Any server that does not have
compute nodes, configure the iptables with this next <command>nova-api</command> running on it requires
step:</para> an iptables entry so that images can get metadata
<screen><prompt>#</prompt> <userinput>iptables -t nat -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination <replaceable>$NOVA_API_IP</replaceable>:8773</userinput></screen> information.</para>
<para>Lastly, confirm that your compute node is talking to your <para>On compute nodes, configure iptables with this
cloud controller. From the cloud controller, run this database command:</para>
query:</para> <screen><prompt>#</prompt> <userinput>iptables -t nat -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination <replaceable>$NOVA_API_IP</replaceable>:8773</userinput></screen>
<screen><prompt>$</prompt> <userinput>mysql -u<replaceable>$MYSQL_USER</replaceable> -p<replaceable>$MYSQL_PASS</replaceable> nova -e 'select * from services;'</userinput></screen> </step>
<para>In return, you should see something similar to <step>
this:</para> <screen><computeroutput>+---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+ <para>Confirm that your compute node can talk to your
cloud controller.</para>
<para>From the cloud controller, run this database
query:</para>
<screen><prompt>$</prompt> <userinput>mysql -u<replaceable>$MYSQL_USER</replaceable> -p<replaceable>$MYSQL_PASS</replaceable> nova -e 'select * from services;'</userinput></screen>
<screen><computeroutput>+---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+
| created_at | updated_at | deleted_at | deleted | id | host | binary | topic | report_count | disabled | availability_zone | | created_at | updated_at | deleted_at | deleted | id | host | binary | topic | report_count | disabled | availability_zone |
+---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+ +---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+
| 2011-01-28 22:52:46 | 2011-02-03 06:55:48 | NULL | 0 | 1 | osdemo02 | nova-network | network | 46064 | 0 | nova | | 2011-01-28 22:52:46 | 2011-02-03 06:55:48 | NULL | 0 | 1 | osdemo02 | nova-network | network | 46064 | 0 | nova |
@ -77,10 +90,12 @@ $ <userinput>sudo service nova-compute restart</userinput></screen>
| 2011-01-30 23:42:24 | 2011-02-03 06:55:44 | NULL | 0 | 9 | osdemo04 | nova-compute | compute | 28484 | 0 | nova | | 2011-01-30 23:42:24 | 2011-02-03 06:55:44 | NULL | 0 | 9 | osdemo04 | nova-compute | compute | 28484 | 0 | nova |
| 2011-01-30 21:27:28 | 2011-02-03 06:54:23 | NULL | 0 | 8 | osdemo05 | nova-compute | compute | 29284 | 0 | nova | | 2011-01-30 21:27:28 | 2011-02-03 06:54:23 | NULL | 0 | 8 | osdemo05 | nova-compute | compute | 29284 | 0 | nova |
+---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+</computeroutput></screen> +---------------------+---------------------+------------+---------+----+----------+----------------+-----------+--------------+----------+-------------------+</computeroutput></screen>
<para>You can see that <literal>osdemo0{1,2,4,5}</literal> are <para>In this example, the <literal>osdemo</literal> hosts
all running <systemitem class="service" all run the <systemitem class="service"
>nova-compute</systemitem>. When you start spinning up >nova-compute</systemitem> service. When you
instances, they will allocate on any node that is running launch instances, they allocate on any node that runs
<systemitem class="service">nova-compute</systemitem> from <systemitem class="service"
this list.</para> >nova-compute</systemitem> from this list.</para>
</step>
</procedure>
</section> </section>

262
doc/common/section_networking-quotas.xml
View File

@ -3,24 +3,27 @@
xmlns="http://docbook.org/ns/docbook" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Manage Networking service quotas</title> <title>Manage Networking service quotas</title>
<para>A quota is a function used to limit the number of resources. A default quota may be <para>A quota limits the number of available resources. A default
enforced for all tenants. Attempting to create resources over the limit triggers an quota might be enforced for all tenants. When you try to create
error.</para> more resources than the quota allows, an errors:</para>
<screen><prompt>$</prompt> <userinput>neutron net-create test_net</userinput> <screen><prompt>$</prompt> <userinput>neutron net-create test_net</userinput></screen>
<computeroutput>Quota exceeded for resources: ['network']</computeroutput></screen> <screen><computeroutput>Quota exceeded for resources: ['network']</computeroutput></screen>
<para>Per-tenant quota configuration is also supported by the quota extension API. See <link <para>Per-tenant quota configuration is also supported by the quota
linkend="cfg_quotas_per_tenant"> Per-tenant quota configuration</link> for details.</para> extension API. See <link linkend="cfg_quotas_per_tenant">
<section xml:id="cfg_quotas_common"> Per-tenant quota configuration</link> for details.</para>
<title>Basic quota configuration</title> <section xml:id="cfg_quotas_common">
<para>In the Networking default quota mechanism, all tenants have the same quota value, such <title>Basic quota configuration</title>
as the number of resources that a tenant can create. This is enabled by default.</para> <para>In the Networking default quota mechanism, all tenants have
<para>The quota value is defined in the OpenStack Networking configuration file the same quota values, such as the number of resources that a
(<filename>neutron.conf</filename>). If you want to disable quotas for a specific resource tenant can create.</para>
(e.g., network, subnet, port), remove a corresponding item from <para>The quota value is defined in the OpenStack Networking
<literal>quota_items</literal>. Each of the quota values in the example below is the default <filename>neutron.conf</filename> configuration file. To
value.</para> disable quotas for a specific resource, such as network, subnet,
<programlisting language="ini">[quotas] or port, remove a corresponding item from
<option>quota_items</option>. This example shows the default
quota values:</para>
<programlisting language="ini">[quotas]
# resource name(s) that are supported in quota features # resource name(s) that are supported in quota features
quota_items = network,subnet,port quota_items = network,subnet,port
@ -35,38 +38,79 @@ quota_port = 50
# default driver to use for quota checks # default driver to use for quota checks
quota_driver = neutron.quota.ConfDriver</programlisting> quota_driver = neutron.quota.ConfDriver</programlisting>
<para>OpenStack Networking also supports quotas for L3 resources: router and floating IP. You <para>OpenStack Networking also supports quotas for L3 resources:
can configure them by adding the following lines to <literal>quotas</literal> section in router and floating IP. Add these lines to the
<filename>neutron.conf</filename>. (Note that <literal>quota_items</literal> does not <literal>quotas</literal> section in the
affect these quotas.)</para> <filename>neutron.conf</filename> file.</para>
<programlisting language="ini">[quotas] <programlisting language="ini">[quotas]
# number of routers allowed per tenant, and minus means unlimited # number of routers allowed per tenant, and minus means unlimited
quota_router = 10 quota_router = 10
# number of floating IPs allowed per tenant, and minus means unlimited # number of floating IPs allowed per tenant, and minus means unlimited
quota_floatingip = 50</programlisting> quota_floatingip = 50</programlisting>
<para>OpenStack Networking also supports quotas for security group resources: number of <note>
security groups and the number of rules per security group. You can configure them by adding <para>The <option>quota_items</option> option does not affect
the following lines to <literal>quotas</literal> section in these quotas.</para>
<filename>neutron.conf</filename>. (Note that <literal>quota_items</literal> does not </note>
affect these quotas.)</para> <para>OpenStack Networking also supports quotas for security group
<programlisting language="ini">[quotas] resources: number of security groups and the number of rules for
each security group. Add these lines to the
<literal>quotas</literal> section in the
<filename>neutron.conf</filename> file:</para>
<programlisting language="ini">[quotas]
# number of security groups per tenant, and minus means unlimited # number of security groups per tenant, and minus means unlimited
quota_security_group = 10 quota_security_group = 10
# number of security rules allowed per tenant, and minus means unlimited # number of security rules allowed per tenant, and minus means unlimited
quota_security_group_rule = 100</programlisting> quota_security_group_rule = 100</programlisting>
</section> <note>
<section xml:id="cfg_quotas_per_tenant"> <para>The <option>quota_items</option> option does not affect
<title>Per-tenant quota configuration</title> these quotas.</para>
<para>OpenStack Networking also supports per-tenant quota limit by quota extension API. To </note>
enable per-tenant quota, you need to set <literal>quota_driver</literal> in </section>
<literal>neutron.conf</literal>. For example:</para> <section xml:id="cfg_quotas_per_tenant">
<title>Configure per-tenant quotas</title>
<para>OpenStack Networking also supports per-tenant quota limit by
quota extension API.</para>
<para>Use these commands to manage per-tenant quotas:<itemizedlist>
<listitem>
<para><command>neutron quota-delete</command>. Deletes
defined quotas for a specified tenant.</para>
</listitem>
<listitem>
<para><command>neutron quota-list</command>. Lists defined
quotas for all tenants.</para>
</listitem>
<listitem>
<para><command>neutron quota-show</command>. Shows quotas
for a specified tenant.</para>
</listitem>
<listitem>
<para><command>neutron quota-update</command>. Updates
quotas for a specified tenant.</para>
</listitem>
</itemizedlist>Only users with the <literal>admin</literal> role
can change a quota value. By default, the default set of quotas
are enforced for all tenants, so no
<command>quota-create</command> command exists.</para>
<procedure>
<step>
<title>Configure Networking to show per-tenant quotas</title>
<para>Set the <literal>quota_driver</literal> option in the
<literal>neutron.conf</literal> file:</para>
<programlisting language="ini">quota_driver = neutron.db.quota_db.DbQuotaDriver</programlisting> <programlisting language="ini">quota_driver = neutron.db.quota_db.DbQuotaDriver</programlisting>
<para>When per-tenant quota is enabled, the output of the following commands contain <para>When you set this option, the output for Networking
<literal>quotas</literal>.</para> commands shows <literal>quotas</literal>.</para>
<screen><prompt>$</prompt> <userinput>neutron ext-list -c alias -c name</userinput> </step>
<computeroutput>+-----------------+--------------------------+ <step>
<title>List Networking extensions</title>
<para>To list the Networking extensions, run this
command:</para>
<screen><prompt>$</prompt> <userinput>neutron ext-list -c alias -c name</userinput></screen>
<para>The command shows the <literal>quotas</literal>
extension, which provides per-tenant quota management
support:</para>
<screen><computeroutput>+-----------------+--------------------------+
| alias | name | | alias | name |
+-----------------+--------------------------+ +-----------------+--------------------------+
| agent_scheduler | Agent Schedulers | | agent_scheduler | Agent Schedulers |
@ -79,9 +123,13 @@ quota_security_group_rule = 100</programlisting>
| lbaas | LoadBalancing service | | lbaas | LoadBalancing service |
| extraroute | Neutron Extra Route | | extraroute | Neutron Extra Route |
+-----------------+--------------------------+</computeroutput></screen> +-----------------+--------------------------+</computeroutput></screen>
<screen> </step>
<prompt>$</prompt> <userinput>neutron ext-show quotas</userinput> <step>
<computeroutput>+-------------+------------------------------------------------------------+ <title>Show information for the quotas extension</title>
<para>To show information for the <literal>quotas</literal>
extension, run this command:</para>
<screen><prompt>$</prompt> <userinput>neutron ext-show quotas</userinput></screen>
<screen><computeroutput>+-------------+------------------------------------------------------------+
| Field | Value | | Field | Value |
+-------------+------------------------------------------------------------+ +-------------+------------------------------------------------------------+
| alias | quotas | | alias | quotas |
@ -91,49 +139,38 @@ quota_security_group_rule = 100</programlisting>
| namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 | | namespace | http://docs.openstack.org/network/ext/quotas-sets/api/v2.0 |
| updated | 2012-07-29T10:00:00-00:00 | | updated | 2012-07-29T10:00:00-00:00 |
+-------------+------------------------------------------------------------+</computeroutput></screen> +-------------+------------------------------------------------------------+</computeroutput></screen>
<note><para> <note>
Per-tenant quotas are supported only supported by some plugins. At least Open vSwitch, <para>Only some plug-ins support per-tenant quotas.
Linux Bridge, and Nicira NVP are known to work but new versions of other plugins may Specifically, Open vSwitch, Linux Bridge, and Nicira NVP
bring additional functionality - consult the documentation for each plugin. support them, but new versions of other plug-ins might
</para></note> bring additional functionality. See the documentation for
<para>There are four CLI commands to manage per-tenant quotas:<itemizedlist> each plug-in.</para>
<listitem> </note>
<para><command>neutron quota-delete</command> - Delete defined quotas of a given </step>
tenant.</para> <step>
</listitem> <title>List tenants who have per-tenant quota support</title>
<listitem> <para>The <command>quota-list</command> command lists tenants
<para><command>neutron quota-list</command> - List defined quotas of all tenants.</para> for which the per-tenant quota is enabled. The command does
</listitem> not list tenants with default quota support. You must be an
<listitem> administrative user to run this command:</para>
<para><command>neutron quota-show</command> - Show quotas of a given tenant.</para> <screen><prompt>$</prompt> <userinput>neutron quota-list</userinput></screen>
</listitem> <screen><computeroutput>+------------+---------+------+--------+--------+----------------------------------+
<listitem>
<para><command>neutron quota-update</command> - Define tenant's quotas not to use
defaults.</para>
</listitem>
</itemizedlist>Only users with 'admin' role can change a quota value. Note that the default
set of quotas are enforced for all tenants by default, so there is no
<literal>quota-create</literal> command.</para>
<para>
<literal>quota-list</literal> displays a list of tenants for which per-tenant quota is enabled.
The tenants who have the default set of quota limits are not listed.
This command is permitted to only 'admin' users.
</para>
<screen><prompt>$</prompt> <userinput>neutron quota-list</userinput>
<computeroutput>+------------+---------+------+--------+--------+----------------------------------+
| floatingip | network | port | router | subnet | tenant_id | | floatingip | network | port | router | subnet | tenant_id |
+------------+---------+------+--------+--------+----------------------------------+ +------------+---------+------+--------+--------+----------------------------------+
| 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 | | 20 | 5 | 20 | 10 | 5 | 6f88036c45344d9999a1f971e4882723 |
| 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 | | 25 | 10 | 30 | 10 | 10 | bff5c9455ee24231b5bc713c1b96d422 |
+------------+---------+------+--------+--------+----------------------------------+</computeroutput></screen> +------------+---------+------+--------+--------+----------------------------------+</computeroutput></screen>
<para> </step>
<literal>quota-show</literal> reports the current set of quota limits for the specified tenant. <step>
Regular (non-admin) users can call this command (without --tenant_id parameter). <title>Show per-tenant quota values</title>
If per-tenant quota limits are not defined for the tenant, the default set of <para>The <command>quota-show</command> reports the current
quotas are displayed. set of quota limits for the specified tenant.
</para> Non-administrative users can run this command without the
<screen><prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput> <parameter>--tenant_id</parameter> parameter. If
<computeroutput>+------------+-------+ per-tenant quota limits are not enabled for the tenant, the
command shows the default set of quotas:</para>
<screen><prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput></screen>
<screen><computeroutput>+------------+-------+
| Field | Value | | Field | Value |
+------------+-------+ +------------+-------+
| floatingip | 20 | | floatingip | 20 |
@ -142,11 +179,10 @@ quota_security_group_rule = 100</programlisting>
| router | 10 | | router | 10 |
| subnet | 5 | | subnet | 5 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
<para> <para>The following command shows the command output for a
The below is an example called by a non-admin user. non-administrative user:</para>
</para> <screen><prompt>$</prompt> <userinput>neutron quota-show</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron quota-show</userinput> <screen><computeroutput>+------------+-------+
<computeroutput>+------------+-------+
| Field | Value | | Field | Value |
+------------+-------+ +------------+-------+
| floatingip | 20 | | floatingip | 20 |
@ -155,8 +191,11 @@ quota_security_group_rule = 100</programlisting>
| router | 10 | | router | 10 |
| subnet | 5 | | subnet | 5 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
<para>You can update a quota of the given tenant by <literal>quota-update</literal> command.</para> </step>
<para>Update the limit of network quota.</para> <step>
<title>Update quota values for a specified tenant</title>
<para>Use the <command>quota-update</command> command to
update a quota for a specified tenant:</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5</userinput> <screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 5</userinput>
<computeroutput>+------------+-------+ <computeroutput>+------------+-------+
| Field | Value | | Field | Value |
@ -167,7 +206,8 @@ quota_security_group_rule = 100</programlisting>
| router | 10 | | router | 10 |
| subnet | 10 | | subnet | 10 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
<para>You can update quotas of multiple resources in one command.</para> <para>You can update quotas for multiple resources through one
command:</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20</userinput> <screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --subnet 5 --port 20</userinput>
<computeroutput>+------------+-------+ <computeroutput>+------------+-------+
| Field | Value | | Field | Value |
@ -178,13 +218,13 @@ quota_security_group_rule = 100</programlisting>
| router | 10 | | router | 10 |
| subnet | 5 | | subnet | 5 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
<para> <para>To update the limits for an L3 resource such as, router
To update the limits of L3 resource (router, floating IP), we need to or floating IP, you must define new values for the quotas
specify new values of the quotas after '--'. The example below updates after the <parameter>--</parameter> directive.</para>
the limit of the number of floating IPs for the given tenant. <para>This example updates the limit of the number of floating
</para> IPs for the specified tenant:</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20</userinput> <screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 -- --floatingip 20</userinput></screen>
<computeroutput>+------------+-------+ <screen><computeroutput>+------------+-------+
| Field | Value | | Field | Value |
+------------+-------+ +------------+-------+
| floatingip | 20 | | floatingip | 20 |
@ -193,9 +233,9 @@ quota_security_group_rule = 100</programlisting>
| router | 10 | | router | 10 |
| subnet | 5 | | subnet | 5 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
<para> <para>You can update the limits of multiple resources by
You can update the limits of multiple resources including L2 resources and L3 resource in one command. including L2 resources and L3 resource through one
</para> command.</para>
<screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3</userinput> <screen><prompt>$</prompt> <userinput>neutron quota-update --tenant_id 6f88036c45344d9999a1f971e4882723 --network 3 --subnet 3 --port 3 -- --floatingip 3 --router 3</userinput>
<computeroutput>+------------+-------+ <computeroutput>+------------+-------+
| Field | Value | | Field | Value |
@ -206,16 +246,18 @@ quota_security_group_rule = 100</programlisting>
| router | 3 | | router | 3 |
| subnet | 3 | | subnet | 3 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
<para> </step>
To clear per-tenant quota limits, use <literal>quota-delete</literal>. <step>
After <literal>quota-delete</literal>, quota limits enforced to the tenant are reset to <title>Delete per-tenant quota values</title>
the default set of quotas. <para>To clear per-tenant quota limits, use the
</para> <command>quota-delete</command> command:</para>
<screen><prompt>$</prompt> <userinput>neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723</userinput> <screen><prompt>$</prompt> <userinput>neutron quota-delete --tenant_id 6f88036c45344d9999a1f971e4882723</userinput></screen>
<computeroutput>Deleted quota: 6f88036c45344d9999a1f971e4882723</computeroutput></screen> <screen><computeroutput>Deleted quota: 6f88036c45344d9999a1f971e4882723</computeroutput></screen>
<screen> <para>After you run this command, you can see that quota
<prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput> values for the tenant are reset to the default
<computeroutput>+------------+-------+ values:</para>
<screen><prompt>$</prompt> <userinput>neutron quota-show --tenant_id 6f88036c45344d9999a1f971e4882723</userinput></screen>
<screen><computeroutput>+------------+-------+
| Field | Value | | Field | Value |
+------------+-------+ +------------+-------+
| floatingip | 50 | | floatingip | 50 |
@ -224,5 +266,7 @@ quota_security_group_rule = 100</programlisting>
| router | 10 | | router | 10 |
| subnet | 10 | | subnet | 10 |
+------------+-------+</computeroutput></screen> +------------+-------+</computeroutput></screen>
</section> </step>
</procedure>
</section>
</section> </section>

4
doc/common/section_neutron_cli_commands.xml
View File

@ -21,9 +21,7 @@
[--os-cacert &lt;ca-certificate>] [--insecure]</computeroutput></screen> [--os-cacert &lt;ca-certificate>] [--insecure]</computeroutput></screen>
</example> </example>
<example> <example>
<title>Positional Arguments</title> <title>Positional arguments</title>
<screen><computeroutput> <screen><computeroutput>
agent-delete Delete a given agent. agent-delete Delete a given agent.
agent-list List agents. agent-list List agents.

30
doc/common/section_nova_boot_from_volume.xml
View File

@ -7,25 +7,26 @@
<para>After you create a bootable volume, you can launch an instance <para>After you create a bootable volume, you can launch an instance
from that volume.</para> from that volume.</para>
<para>Optionally, to configure your volume, see the <link <para>Optionally, to configure your volume, see the <link
xlink:href="http://docs.openstack.org/trunk/config-reference/content/config_overview.html" xlink:href="http://docs.openstack.org/trunk/config-reference/content/config_overview.html"
><citetitle>OpenStack Configuration ><citetitle>OpenStack Configuration
Reference</citetitle></link>.</para> Reference</citetitle></link>.</para>
<procedure xml:id="create_volume_from_image"> <procedure xml:id="create_volume_from_image">
<title>To launch an instance from a volume</title> <step>
<step><para>To choose an image to create a bootable volume from, run the <para>For a list of images to choose from to create a bootable
following command to list images:</para> volume, run this command:</para>
<screen><prompt>$</prompt> <userinput>nova image-list</userinput> <screen><prompt>$</prompt> <userinput>nova image-list</userinput>
<computeroutput>+--------------------------------------+---------------------------------+--------+--------+ <computeroutput>+--------------------------------------+---------------------------------+--------+--------+
| ID | Name | Status | Server | | ID | Name | Status | Server |
+--------------------------------------+---------------------------------+--------+--------+ +--------------------------------------+---------------------------------+--------+--------+
| e0b7734d-2331-42a3-b19e-067adc0da17d | cirros-0.3.1-x86_64-uec | ACTIVE | | | e0b7734d-2331-42a3-b19e-067adc0da17d | cirros-0.3.1-x86_64-uec | ACTIVE | |
| 75bf193b-237b-435e-8712-896c51484de9 | cirros-0.3.1-x86_64-uec-kernel | ACTIVE | | | 75bf193b-237b-435e-8712-896c51484de9 | cirros-0.3.1-x86_64-uec-kernel | ACTIVE | |
| 19eee81c-f972-44e1-a952-1dceee148c47 | cirros-0.3.1-x86_64-uec-ramdisk | ACTIVE | | | 19eee81c-f972-44e1-a952-1dceee148c47 | cirros-0.3.1-x86_64-uec-ramdisk | ACTIVE | |
+--------------------------------------+---------------------------------+--------+--------+</computeroutput></screen></step> +--------------------------------------+---------------------------------+--------+--------+</computeroutput></screen>
</step>
<step> <step>
<para>To create a bootable volume from an image, include the <para>To create a bootable volume from an image, include the
image ID in the command:</para> image ID in the command:</para>
<screen><prompt>#</prompt> <userinput>cinder create --image-id e0b7734d-2331-42a3-b19e-067adc0da17d --display-name my-boot-vol 8</userinput> <screen><prompt>#</prompt> <userinput>cinder create --image-id e0b7734d-2331-42a3-b19e-067adc0da17d --display-name my-boot-vol 8</userinput>
<computeroutput>+---------------------+--------------------------------------+ <computeroutput>+---------------------+--------------------------------------+
| Property | Value | | Property | Value |
+---------------------+--------------------------------------+ +---------------------+--------------------------------------+
@ -66,7 +67,12 @@
<screen><prompt>$</prompt> <userinput>nova boot --flavor <replaceable>FLAVOR</replaceable> --block_device_mapping <replaceable>DEVNAME</replaceable>=<replaceable>ID</replaceable>:<replaceable>TYPE</replaceable>:<replaceable>SIZE</replaceable>:<replaceable>DELETE_ON_TERMINATE</replaceable> <replaceable>NAME</replaceable></userinput></screen> <screen><prompt>$</prompt> <userinput>nova boot --flavor <replaceable>FLAVOR</replaceable> --block_device_mapping <replaceable>DEVNAME</replaceable>=<replaceable>ID</replaceable>:<replaceable>TYPE</replaceable>:<replaceable>SIZE</replaceable>:<replaceable>DELETE_ON_TERMINATE</replaceable> <replaceable>NAME</replaceable></userinput></screen>
<para>The command arguments are:</para> <para>The command arguments are:</para>
<informaltable> <informaltable>
<thead><tr><th>Parameter</th><th>Description</th></tr></thead> <thead>
<tr>
<th>Parameter</th>
<th>Description</th>
</tr>
</thead>
<tbody> <tbody>
<tr> <tr>
<td> <td>
@ -145,8 +151,10 @@
<literal>Attempt to boot from volume - no image <literal>Attempt to boot from volume - no image
supplied</literal> error is returned.</para> supplied</literal> error is returned.</para>
</note> </note>
<para>You can also attach a swap disk on boot with the <parameter>--swap</parameter> <para>You can also attach a swap disk on boot with the
flag, or you can attach an ephemeral disk on boot with the <parameter>--ephemeral</parameter> flag.</para> <parameter>--swap</parameter> flag, or you can attach an
ephemeral disk on boot with the
<parameter>--ephemeral</parameter> flag.</para>
<para>For example, you might enter the following command to boot <para>For example, you might enter the following command to boot
from a volume. The volume is not deleted when the instance is from a volume. The volume is not deleted when the instance is
terminated:</para> terminated:</para>

81
doc/common/section_nova_cli_baremetal.xml
View File

@ -3,53 +3,51 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Manage bare metal nodes</title> <title>Manage bare metal nodes</title>
<para>The bare metal driver for OpenStack Compute manages provisioning of <para>The bare metal driver for OpenStack Compute manages
physical hardware using common cloud APIs and tools such as Orchestration provisioning of physical hardware using common cloud APIs and
(Heat). The use case for this driver is for single tenant clouds such as a tools such as Orchestration (Heat). The use case for this driver
high-performance computing cluster or deploying OpenStack itself. is for single tenant clouds such as a high-performance computing
Development efforts are focused on moving the driver out of the Compute code cluster or deploying OpenStack itself. Development efforts are
base in the Icehouse release. If you use the bare metal driver, you must focused on moving the driver out of the Compute code base in the
create and add a network interface to a bare metal node. Then, you can Icehouse release. If you use the bare metal driver, you must
launch an instance from a bare metal image.</para> create and add a network interface to a bare metal node. Then, you
<para>You can list and delete bare metal nodes. When you delete a node, any can launch an instance from a bare metal image.</para>
associated network interfaces are removed. You can list and remove network <para>You can list and delete bare metal nodes. When you delete a
interfaces that are associated with a bare metal node.</para> node, any associated network interfaces are removed. You can list
and remove network interfaces that are associated with a bare
metal node.</para>
<itemizedlist> <itemizedlist>
<title>Commands</title> <title>Commands</title>
<listitem> <listitem>
<para><command>baremetal-interface-add</command></para> <para><command>baremetal-interface-add</command>. Adds a network
<para>Adds a network interface to a bare metal node.</para> interface to a bare metal node.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><command>baremetal-interface-list</command></para> <para><command>baremetal-interface-list</command>. Lists network
<para>Lists network interfaces associated with a bare metal node.</para> interfaces associated with a bare metal node.</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para><command>baremetal-interface-remove</command>. Removes a
<command>baremetal-interface-remove</command></para> network interface from a bare metal node.</para>
<para>Removes a network interface from a bare metal node.</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para><command>baremetal-node-create</command>. Creates a bare
<command>baremetal-node-create</command></para> metal node.</para>
<para>Creates a bare metal node.</para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para><command>baremetal-node-delete</command>. Removes a bare
<command>baremetal-node-delete</command></para> metal node and any associated interfaces.</para>
<para>Removes a bare metal node and any associated interfaces.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><command>baremetal-node-list</command></para> <para><command>baremetal-node-list</command>. Lists available
<para>Lists available bare metal nodes.</para> bare metal nodes.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><command>baremetal-node-show</command></para> <para><command>baremetal-node-show</command>. Shows information
<para>Shows information about a bare metal node.</para> about a bare metal node.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<procedure> <procedure>
<title>To manage bare metal nodes</title>
<step> <step>
<para>Create a bare metal node:</para> <para>Create a bare metal node:</para>
<screen><prompt>$</prompt> <userinput>nova baremetal-node-create --pm_address=1.2.3.4 --pm_user=ipmi --pm_password=ipmi $(hostname -f) 1 512 10 aa:bb:cc:dd:ee:ff</userinput></screen> <screen><prompt>$</prompt> <userinput>nova baremetal-node-create --pm_address=1.2.3.4 --pm_user=ipmi --pm_password=ipmi $(hostname -f) 1 512 10 aa:bb:cc:dd:ee:ff</userinput></screen>
@ -80,24 +78,24 @@
| id | 1 | | id | 1 |
| port_no | 0 | | port_no | 0 |
| address | aa:bb:cc:dd:ee:ff | | address | aa:bb:cc:dd:ee:ff |
+-------------+-------------------+</computeroutput> </screen> +-------------+-------------------+</computeroutput></screen>
</step> </step>
<step> <step>
<para>Launch an instance from a bare metal image:</para> <para>Launch an instance from a bare metal image:</para>
<screen><prompt>$</prompt> <userinput>nova boot --image my-baremetal-image --flavor my-baremetal-flavor test</userinput> </screen> <screen><prompt>$</prompt> <userinput>nova boot --image my-baremetal-image --flavor my-baremetal-flavor test</userinput> </screen>
<screen>+-----------------------------+--------------------------------------+ <screen><computeroutput>+-----------------------------+--------------------------------------+
| Property | Value | | Property | Value |
+-----------------------------+--------------------------------------+ +-----------------------------+--------------------------------------+
| status | BUILD | | status | BUILD |
| id | cc302a8f-cd81-484b-89a8-b75eb3911b1b | | id | cc302a8f-cd81-484b-89a8-b75eb3911b1b |
... wait for instance to become active ... </screen> ... wait for instance to become active ...</computeroutput></screen>
</step> </step>
<step> <step>
<para>You can list bare metal nodes and interfaces, as follows:</para> <para>List bare metal nodes and interfaces:</para>
<screen><prompt>$</prompt> <userinput>nova baremetal-node-list</userinput></screen> <screen><prompt>$</prompt> <userinput>nova baremetal-node-list</userinput></screen>
<para>When a node is in use, its status includes the UUID of the instance <para>When a node is in use, its status includes the UUID of the
that runs on it:</para> instance that runs on it:</para>
<screen><computeroutput>+----+--------+------+-----------+---------+------------------- <screen><computeroutput>+----+--------+------+-----------+---------+-------------------
+------+------------+-------------+-------------+---------------+ +------+------------+-------------+-------------+---------------+
| ID | Host | CPUs | Memory_MB | Disk_GB | MAC Address | ID | Host | CPUs | Memory_MB | Disk_GB | MAC Address
@ -132,10 +130,13 @@
</step> </step>
</procedure> </procedure>
<note> <note>
<para>Set the <parameter>--availability_zone</parameter> parameter to <para>Set the <parameter>--availability_zone</parameter> parameter
specify which zone or node to start the server. You can separate the zone to specify which zone or node to use to start the server.
from the hostname with a comma. As an example: Separate the zone from the host name with a comma. For
<screen><prompt>$</prompt> <userinput>nova boot --availability_zone=zone:<replaceable>host</replaceable>,<replaceable>node</replaceable></userinput></screen> example:</para>
Specifying "host" is optional for the <parameter>--availability_zone</parameter> parameter, and "zone:,node" also works.</para> <screen><prompt>$</prompt> <userinput>nova boot --availability_zone=zone:<replaceable>host</replaceable>,<replaceable>node</replaceable></userinput></screen>
<para><parameter>host</parameter> is optional for the
<parameter>--availability_zone</parameter> parameter.
<parameter>zone:,node</parameter> also works.</para>
</note> </note>
</section> </section>

2
doc/common/section_nova_cli_boot.xml
View File

@ -22,7 +22,7 @@
</listitem> </listitem>
<listitem> <listitem>
<para>A <guilabel>name</guilabel> for your instance. <para>A <guilabel>name</guilabel> for your instance.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para>The <emphasis role="bold">flavor</emphasis> for your <para>The <emphasis role="bold">flavor</emphasis> for your

14
doc/common/section_nova_cli_evacuate.xml
View File

@ -7,13 +7,13 @@
<para>If a cloud compute node fails due to a hardware malfunction <para>If a cloud compute node fails due to a hardware malfunction
or another reason, you can evacuate instances to make them or another reason, you can evacuate instances to make them
available again.</para> available again.</para>
<para>You can choose evacuation parameters for your use case.</para> <para>You can choose evacuation parameters for your use
case.</para>
<para>To preserve user data on server disk, you must configure <para>To preserve user data on server disk, you must configure
shared storage on the target host. Also, you must validate shared storage on the target host. Also, you must validate
that the current VM host is down. Otherwise the evacuation that the current VM host is down. Otherwise the evacuation
fails with an error.</para> fails with an error.</para>
<procedure xml:id="evacuate_shared"> <procedure xml:id="evacuate_shared">
<title>To evacuate your server</title>
<step> <step>
<para>To find a different host for the evacuated instance, <para>To find a different host for the evacuated instance,
run the following command to lists hosts:</para> run the following command to lists hosts:</para>
@ -40,9 +40,13 @@
</step> </step>
<step> <step>
<para>To preserve the user disk data on the evacuated <para>To preserve the user disk data on the evacuated
server, deploy OpenStack Compute with shared server, deploy OpenStack Compute with shared file
filesystem. To configure your system, see <link xlink:href="http://docs.openstack.org/trunk/config-reference/content/configuring-openstack-compute-basics.html#section_configuring-compute-migrations">Configure migrations</link> in <citetitle>OpenStack Configuration Reference</citetitle>. In this system. To configure your system, see <link
example, the password remains unchanged.</para> xlink:href="http://docs.openstack.org/trunk/config-reference/content/configuring-openstack-compute-basics.html#section_configuring-compute-migrations"
>Configure migrations</link> in
<citetitle>OpenStack Configuration
Reference</citetitle>. In this example, the
password remains unchanged.</para>
<screen><prompt>$</prompt> <userinput>nova evacuate <replaceable>evacuated_server_name</replaceable> <replaceable>host_b</replaceable> --on-shared-storage</userinput> </screen> <screen><prompt>$</prompt> <userinput>nova evacuate <replaceable>evacuated_server_name</replaceable> <replaceable>host_b</replaceable> --on-shared-storage</userinput> </screen>
</step> </step>
</procedure> </procedure>

2
doc/common/section_nova_cli_fileinjection.xml
View File

@ -19,6 +19,6 @@
<para>Run the following <para>Run the following
command:<screen> <prompt>$</prompt> <userinput>nova boot --image ubuntu-cloudimage --flavor 1 --file /root/.ssh/authorized_keys=special_authorized_keysfile</userinput></screen> command:<screen> <prompt>$</prompt> <userinput>nova boot --image ubuntu-cloudimage --flavor 1 --file /root/.ssh/authorized_keys=special_authorized_keysfile</userinput></screen>
</para> </para>
</section> </section>

2
doc/common/section_nova_cli_images.xml
View File

@ -20,7 +20,7 @@
xlink:href="http://docs.openstack.org/trunk/openstack-ops/content/snapsnots.html" xlink:href="http://docs.openstack.org/trunk/openstack-ops/content/snapsnots.html"
>Taking Snapshots</link> in the >Taking Snapshots</link> in the
<citetitle>OpenStack Operations Guide</citetitle>. <citetitle>OpenStack Operations Guide</citetitle>.
</para> </para>
</step> </step>
<step> <step>
<para>To create the image, list instances to get the <para>To create the image, list instances to get the

4
doc/common/section_nova_cli_metadata.xml
View File

@ -14,7 +14,7 @@
value. For example, you could add a description and also the creator value. For example, you could add a description and also the creator
of the server. of the server.
<screen><prompt>$</prompt> <userinput>nova boot --image=natty-image --flavor=2 smallimage2 --meta description='Small test image' --meta creator=joecool</userinput></screen> <screen><prompt>$</prompt> <userinput>nova boot --image=natty-image --flavor=2 smallimage2 --meta description='Small test image' --meta creator=joecool</userinput></screen>
</para> </para>
<para>When viewing the server information, you can see the metadata <para>When viewing the server information, you can see the metadata
included on the <literal>metadata</literal> line: included on the <literal>metadata</literal> line:
<screen><prompt>$</prompt> <userinput>nova show smallimage2</userinput> <screen><prompt>$</prompt> <userinput>nova show smallimage2</userinput>
@ -44,5 +44,5 @@
| updated | 2012-05-16T20:48:35Z | | updated | 2012-05-16T20:48:35Z |
| user_id | de3f4e99637743c7b6d27faca4b800a9 | | user_id | de3f4e99637743c7b6d27faca4b800a9 |
+------------------------+---------------------------------------------------------------+</computeroutput></screen> +------------------------+---------------------------------------------------------------+</computeroutput></screen>
</para> </para>
</section> </section>

58
doc/common/section_nova_cli_quotas.xml
View File

@ -34,74 +34,74 @@
<td> <td>
<para> <para>
<systemitem>cores</systemitem> <systemitem>cores</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of instance cores (VCPUs) allowed per tenant. Number of instance cores (VCPUs) allowed per tenant.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>fixed-ips</systemitem> <systemitem>fixed-ips</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of fixed IP addresses allowed per tenant. This number Number of fixed IP addresses allowed per tenant. This number
must be equal to or greater than the number of allowed must be equal to or greater than the number of allowed
instances. instances.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>floating-ips</systemitem> <systemitem>floating-ips</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of floating IP addresses allowed per tenant. Number of floating IP addresses allowed per tenant.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>injected-file-content-bytes</systemitem> <systemitem>injected-file-content-bytes</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of content bytes allowed per injected file. Number of content bytes allowed per injected file.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>injected-file-path-bytes</systemitem> <systemitem>injected-file-path-bytes</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of bytes allowed per injected file path. Number of bytes allowed per injected file path.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>injected-files</systemitem> <systemitem>injected-files</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of injected files allowed per tenant. Number of injected files allowed per tenant.
</para> </para>
</td> </td>
</tr> </tr>
@ -109,72 +109,72 @@
<td> <td>
<para> <para>
<systemitem>instances</systemitem> <systemitem>instances</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of instances allowed per tenant. Number of instances allowed per tenant.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>key-pairs</systemitem> <systemitem>key-pairs</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of key pairs allowed per user. Number of key pairs allowed per user.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>metadata-items</systemitem> <systemitem>metadata-items</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of metadata items allowed per instance. Number of metadata items allowed per instance.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>ram</systemitem> <systemitem>ram</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Megabytes of instance ram allowed per tenant. Megabytes of instance ram allowed per tenant.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>security-groups</systemitem> <systemitem>security-groups</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of security groups per tenant. Number of security groups per tenant.
</para> </para>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<para> <para>
<systemitem>security-group-rules</systemitem> <systemitem>security-group-rules</systemitem>
</para> </para>
</td> </td>
<td> <td>
<para> <para>
Number of rules per security group. Number of rules per security group.
</para> </para>
</td> </td>
</tr> </tr>
@ -188,7 +188,7 @@
<para>List all default quotas for all tenants, as follows:</para> <para>List all default quotas for all tenants, as follows:</para>
<screen><prompt>$</prompt> <userinput>nova quota-defaults</userinput></screen> <screen><prompt>$</prompt> <userinput>nova quota-defaults</userinput></screen>
<para>For example: <para>For example:
</para> </para>
<screen><prompt>$</prompt> <userinput>nova quota-defaults</userinput> <screen><prompt>$</prompt> <userinput>nova quota-defaults</userinput>
<computeroutput>+-----------------------------+-------+ <computeroutput>+-----------------------------+-------+
| Quota | Limit | | Quota | Limit |
@ -209,10 +209,10 @@
</step> </step>
<step> <step>
<para>Update a default value for a new tenant, as follows: <para>Update a default value for a new tenant, as follows:
</para> </para>
<screen><prompt>$</prompt> <userinput>nova quota-class-update --<replaceable>key</replaceable> <replaceable>value</replaceable> default</userinput></screen> <screen><prompt>$</prompt> <userinput>nova quota-class-update --<replaceable>key</replaceable> <replaceable>value</replaceable> default</userinput></screen>
<para>For example: <para>For example:
</para> </para>
<screen><prompt>$</prompt> <userinput>nova quota-class-update --instances 15 default</userinput></screen> <screen><prompt>$</prompt> <userinput>nova quota-class-update --instances 15 default</userinput></screen>
</step> </step>
</procedure> </procedure>
@ -276,7 +276,7 @@
<note> <note>
<para>To view a list of options for the <para>To view a list of options for the
<command>quota-update</command> command, run: <command>quota-update</command> command, run:
</para> </para>
<screen><prompt>$</prompt> <userinput>nova help quota-update</userinput></screen></note> <screen><prompt>$</prompt> <userinput>nova help quota-update</userinput></screen></note>
</step> </step>
</procedure> </procedure>
@ -351,7 +351,7 @@
<note> <note>
<para>To view a list of options for the <para>To view a list of options for the
<command>quota-update</command> command, run: <command>quota-update</command> command, run:
</para> </para>
<screen><prompt>$</prompt> <userinput>nova help quota-update</userinput></screen></note> <screen><prompt>$</prompt> <userinput>nova help quota-update</userinput></screen></note>
</step> </step>
</procedure> </procedure>

25
doc/common/section_nova_cli_resizerebuild.xml
View File

@ -6,7 +6,6 @@
<title>Change the size of your server</title> <title>Change the size of your server</title>
<para>You change the size of a server by changing its flavor.</para> <para>You change the size of a server by changing its flavor.</para>
<procedure> <procedure>
<title>To change the size of your server</title>
<step> <step>
<para>List the available flavors:</para> <para>List the available flavors:</para>
<screen><prompt>$</prompt> <userinput>nova flavor-list</userinput></screen> <screen><prompt>$</prompt> <userinput>nova flavor-list</userinput></screen>
@ -23,7 +22,8 @@
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+</computeroutput></screen> +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+</computeroutput></screen>
</step> </step>
<step> <step>
<para>Show information about your server, including its size:</para> <para>Show information about your server, including its
size:</para>
<screen><prompt>$</prompt> <userinput>nova show myCirrosServer</userinput></screen> <screen><prompt>$</prompt> <userinput>nova show myCirrosServer</userinput></screen>
<screen><computeroutput>+-------------------------------------+----------------------------------------------------------------+ <screen><computeroutput>+-------------------------------------+----------------------------------------------------------------+
@ -57,14 +57,15 @@
| config_drive | | | config_drive | |
+-------------------------------------+----------------------------------------------------------------+</computeroutput></screen> +-------------------------------------+----------------------------------------------------------------+</computeroutput></screen>
<para>The size of the server is <literal>m1.small <para>The size of the server is <literal>m1.small
(2)</literal>.</para></step> (2)</literal>.</para>
</step>
<step> <step>
<para>To resize the server, pass the server ID and the desired flavor to the nova <para>To resize the server, pass the server ID and the desired
<command>resize</command> command. flavor to the nova <command>resize</command> command. Include
Include the <literal>--poll</literal> parameter to report the resize the <literal>--poll</literal> parameter to report the resize
progress.</para> progress.</para>
<screen><prompt>$</prompt> <userinput>nova resize myCirrosServer 4 --poll</userinput></screen> <screen><prompt>$</prompt> <userinput>nova resize myCirrosServer 4 --poll</userinput></screen>
<screen><computeroutput>Instance resizing... 100% complete <screen><computeroutput>Instance resizing... 100% complete
Finished</computeroutput> </screen> Finished</computeroutput> </screen>
</step> </step>
<step> <step>
@ -78,12 +79,14 @@ Finished</computeroutput> </screen>
</step> </step>
<step> <step>
<para>When the resize completes, the status becomes <para>When the resize completes, the status becomes
<literal>VERIFY_RESIZE</literal>. To confirm the resize:</para> <literal>VERIFY_RESIZE</literal>. To confirm the
resize:</para>
<screen><prompt>$</prompt> <userinput>nova resize-confirm 6beefcf7-9de6-48b3-9ba9-e11b343189b3</userinput></screen> <screen><prompt>$</prompt> <userinput>nova resize-confirm 6beefcf7-9de6-48b3-9ba9-e11b343189b3</userinput></screen>
<para>The server status becomes ACTIVE.</para> </step> <para>The server status becomes ACTIVE.</para>
</step>
<step> <step>
<para>If the resize fails or does not work as expected, you <para>If the resize fails or does not work as expected, you can
can revert the resize:</para> revert the resize:</para>
<screen><prompt>$</prompt> <userinput>nova resize-revert 6beefcf7-9de6-48b3-9ba9-e11b343189b3</userinput></screen> <screen><prompt>$</prompt> <userinput>nova resize-revert 6beefcf7-9de6-48b3-9ba9-e11b343189b3</userinput></screen>
<para>The server status becomes ACTIVE.</para> <para>The server status becomes ACTIVE.</para>
</step> </step>

14
doc/common/section_nova_cli_secgroups.xml
View File

@ -52,7 +52,7 @@
<para>You can add extra rules into the default security group for handling the egress <para>You can add extra rules into the default security group for handling the egress
traffic. Rules are ingress only at this time.</para> traffic. Rules are ingress only at this time.</para>
</note> </note>
</para> </para>
<para>In the following example, the group <para>In the following example, the group
<literal>secure1</literal> is deleted. When you <literal>secure1</literal> is deleted. When you
view the security group list, it no longer view the security group list, it no longer
@ -65,7 +65,7 @@
+---------+-------------+ +---------+-------------+
| default | default | | default | default |
+---------+-------------+</computeroutput></screen> +---------+-------------+</computeroutput></screen>
</para> </para>
</section> </section>
<section xml:id="secgroup_rules"> <section xml:id="secgroup_rules">
<title>Modify security group rules</title> <title>Modify security group rules</title>
@ -118,7 +118,7 @@
indicates that all ICMP codes and types should indicates that all ICMP codes and types should
be allowed.</para> be allowed.</para>
</note> </note>
</para> </para>
<para> <para>
<note> <note>
<title>The CIDR notation</title> <title>The CIDR notation</title>
@ -141,7 +141,7 @@
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | | | tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen> +-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</para> </para>
<para>In order to allow any IP address to ping an instance <para>In order to allow any IP address to ping an instance
inside the default security group (Code 0, Type 8 for inside the default security group (Code 0, Type 8 for
the ECHO the ECHO
@ -151,7 +151,7 @@
+-------------+-----------+---------+-----------+--------------+ +-------------+-----------+---------+-----------+--------------+
| icmp | 0 | 8 | 0.0.0.0/0 | | | icmp | 0 | 8 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen> +-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</para> </para>
<para> <para>
<screen><prompt>$</prompt> <userinput>nova secgroup-list-rules default</userinput> <screen><prompt>$</prompt> <userinput>nova secgroup-list-rules default</userinput>
<computeroutput>+-------------+-----------+---------+-----------+--------------+ <computeroutput>+-------------+-----------+---------+-----------+--------------+
@ -160,7 +160,7 @@
| tcp | 80 | 80 | 0.0.0.0/0 | | | tcp | 80 | 80 | 0.0.0.0/0 | |
| icmp | 0 | 8 | 0.0.0.0/0 | | | icmp | 0 | 8 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+</computeroutput></screen> +-------------+-----------+---------+-----------+--------------+</computeroutput></screen>
</para> </para>
<para>In order to delete a rule, you need to specify the exact same arguments you used <para>In order to delete a rule, you need to specify the exact same arguments you used
to create it:<itemizedlist> to create it:<itemizedlist>
<listitem> <listitem>
@ -179,7 +179,7 @@
<para>&lt;cidr&gt; CIDR for address range.</para> <para>&lt;cidr&gt; CIDR for address range.</para>
</listitem> </listitem>
</itemizedlist><screen><prompt>$</prompt> <userinput>nova secgroup-delete-rule default tcp 80 80 0.0.0.0/0</userinput></screen> </itemizedlist><screen><prompt>$</prompt> <userinput>nova secgroup-delete-rule default tcp 80 80 0.0.0.0/0</userinput></screen>
</para> </para>
</section> </section>
</section> </section>

8
doc/common/section_nova_cli_sshkeys.xml
View File

@ -2,15 +2,15 @@
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="nova_cli_keygen"><title>Add keypair</title> xml:id="nova_cli_keygen">
<title>Add keypair</title>
<para>Create at least one keypair for each project. If you have <para>Create at least one keypair for each project. If you have
generated a keypair with an external tool, you can import it into generated a keypair with an external tool, you can import it into
OpenStack. The keypair can be used for multiple instances that OpenStack. The keypair can be used for multiple instances that
belong to a project.</para> belong to a project.</para>
<procedure> <procedure>
<title>To add a keypair</title>
<step> <step>
<title>Create a key</title> <para>Create a key.</para>
<para>To create a <literal>mykey</literal> key that you can <para>To create a <literal>mykey</literal> key that you can
associate with instances, run the following command:</para> associate with instances, run the following command:</para>
<screen><prompt>$</prompt> <userinput>nova keypair-add mykey > mykey.pem</userinput></screen> <screen><prompt>$</prompt> <userinput>nova keypair-add mykey > mykey.pem</userinput></screen>
@ -19,7 +19,7 @@
the <literal>mykey</literal> key is associated.</para> the <literal>mykey</literal> key is associated.</para>
</step> </step>
<step> <step>
<title>Import a keypair</title> <para>Alternatively, you can import a keypair.</para>
<para>To import an existing public key, <para>To import an existing public key,
<literal>mykey.pub</literal>, and associate it with the <literal>mykey.pub</literal>, and associate it with the
<literal>mykey</literal> key, run the following <literal>mykey</literal> key, run the following

36
doc/common/section_nova_cli_userdata.xml
View File

@ -1,24 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- moved to launch instances file --> <!-- moved to launch instances file -->
<section <section xmlns="http://docbook.org/ns/docbook"
xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="inserting_userdata">
version="5.0" <title>Provide user data to instances</title>
xml:id="inserting_userdata"> <para><firstterm>User data</firstterm> is a special key in the
<title>Providing User Data to Instances</title> metadata service that holds a file that cloud-aware applications
<para><literal>User Data</literal> is a special key in the metadata in the guest instance can access. For example the <link
service which holds a file that cloud aware applications within
the guest instance can access. For example the <link
xlink:href="https://help.ubuntu.com/community/CloudInit" xlink:href="https://help.ubuntu.com/community/CloudInit"
>cloudinit</link> system is an open source package from Ubuntu ><package>cloudinit</package></link> system is a Ubuntu open
that handles early initialization of a cloud instance that makes source package that handles early initialization of a cloud
use of this <literal>user data</literal>.</para> instance and that makes use of <literal>user
data</literal>.</para>
<para>This user-data can be put in a file on your local system and <para>You can place user data in a local file and pass it through
then passed in at instance creation with the flag the <parameter>--user-data &lt;user-data-file&gt;</parameter>
<literal>--user-data &lt;user-data-file&gt;</literal> for parameter at instance creation:</para>
example: <screen><prompt>$</prompt> <userinput>nova boot --image ubuntu-cloudimage --flavor 1 --user-data mydata.file</userinput></screen>
<screen><prompt>$</prompt> <userinput>nova boot --image ubuntu-cloudimage --flavor 1 --user-data mydata.file</userinput></screen>
</para>
</section> </section>

171
doc/common/section_rpc-for-networking.xml
View File

@ -1,113 +1,122 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="networking-configuring-rpc"> xml:id="networking-configuring-rpc">
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Configuration options for the Oslo RPC Messaging System</title> <title>Configure the Oslo RPC messaging system</title>
<para>Many OpenStack Networking plug-ins use RPC to enable agents to communicate with the main <para>OpenStack projects use an open standard for messaging
<systemitem class="service">neutron-server</systemitem> process. If your plugin requires middleware known as AMQP. This messaging middleware enables the
agents, they can use the same RPC mechanism used by other OpenStack components like Nova. OpenStack services that run on multiple servers to talk to each
OpenStack projects use an open standard for messaging middleware known as AMQP. This messaging other. OpenStack Oslo RPC supports three implementations of AMQP:
middleware enables the OpenStack services which will exist across multiple servers to talk to <application>RabbitMQ</application>,
each other. OpenStack Oslo RPC supports three implementations of AMQP: <application>Qpid</application>, and
<application>RabbitMQ</application>, <application>Qpid</application>, and <application>ZeroMQ</application>.</para>
<application>ZeroMQ</application>
</para>
<section xml:id="networking-configuration-rabbitmq">
<title>Configuration for RabbitMQ</title>
<para>OpenStack Oslo RPC uses <application>RabbitMQ</application> by <section xml:id="networking-configuration-rabbitmq">
default. This section discusses the configuration options that are <title>Configure RabbitMQ</title>
relevant when <application>RabbitMQ</application> is used. The
<literal>rpc_backend</literal> option is not required as long as <para>OpenStack Oslo RPC uses <application>RabbitMQ</application>
<application>RabbitMQ</application> is the default messaging system. by default. Use these options to configure the
However, if it is included the configuration, it must be set to <application>RabbitMQ</application> message system. The
<literal>neutron.openstack.common.rpc.impl_kombu</literal>.</para> <option>rpc_backend</option> option is optional as long as
<application>RabbitMQ</application> is the default messaging
system. However, if it is included the configuration, you must
set it to
<literal>neutron.openstack.common.rpc.impl_kombu</literal>.</para>
<programlisting language="ini"> <programlisting language="ini">
rpc_backend=neutron.openstack.common.rpc.impl_kombu rpc_backend=neutron.openstack.common.rpc.impl_kombu
</programlisting> </programlisting>
<para>The following tables describe the rest of the options that <para>Use these options to configure the
can be used when <application>RabbitMQ</application> is used <application>RabbitMQ</application> messaging system. You can
as the messaging system. You can configure the messaging configure messaging communication for different installation
communication for different installation scenarios as well as scenarios, tune retries for RabbitMQ, and define the size of the
tune RabbitMQ's retries and the size of the RPC thread pool. RPC thread pool. To monitor notifications through RabbitMQ, you
If you want to monitor notifications through RabbitMQ, you must set the <option>notification_driver</option> option to
must set the <literal>notification_driver</literal> option in <literal>neutron.notifier.rabbit_notifier</literal> in the
<filename>neutron.conf</filename> to <filename>neutron.conf</filename> file:</para>
<literal>neutron.notifier.rabbit_notifier</literal>. <xi:include href="tables/neutron-rabbitmq.xml"/>
</para> <xi:include href="tables/neutron-kombu.xml"/>
</section>
<xi:include href="tables/neutron-rabbitmq.xml"/> <section xml:id="networking-configuration-qpid">
<xi:include href="tables/neutron-kombu.xml"/> <title>Configure Qpid</title>
<para>Use these options to configure the
</section> <application>Qpid</application> messaging system for OpenStack
Oslo RPC. <application>Qpid</application> is not the default
<section xml:id="networking-configuration-qpid"> messaging system, so you must enable it by setting the
<title>Configuration for Qpid</title> <option>rpc_backend</option> option in the
<para>This section discusses the configuration options that are relevant if <filename>neutron.conf</filename> file:</para>
<application>Qpid</application> is used as the messaging system for OpenStack Oslo RPC.
<application>Qpid</application> is not the default messaging system, so it must be enabled
by setting the <literal>rpc_backend</literal> option in
<filename>neutron.conf</filename>.</para>
<programlisting language="ini"> <programlisting language="ini">
rpc_backend=neutron.openstack.common.rpc.impl_qpid rpc_backend=neutron.openstack.common.rpc.impl_qpid
</programlisting> </programlisting>
<para>This next critical option points the compute nodes to the <application>Qpid</application> <para>This critical option points the compute nodes to the
broker (server). Set <literal>qpid_hostname</literal> in <filename>neutron.conf</filename> to <application>Qpid</application> broker (server). Set the
be the hostname where the broker is running.</para> <option>qpid_hostname</option> option to the host name where
the broker runs in the <filename>neutron.conf</filename>
file.</para>
<note> <note>
<para>The -<literal>-qpid_hostname</literal> option accepts a value in the form of either a <para>The <option>--qpid_hostname</option> option accepts a host
hostname or an IP address.</para> name or IP address value.</para>
</note> </note>
<programlisting language="ini"> <programlisting language="ini">
qpid_hostname=hostname.example.com qpid_hostname=hostname.example.com
</programlisting> </programlisting>
<para>If the <application>Qpid</application> broker is listening on a port other than the AMQP
default of <literal>5672</literal>, you will need to set the <literal>qpid_port</literal> <para>If the <application>Qpid</application> broker listens on a
option:</para> port other than the AMQP default of <literal>5672</literal>, you
must set the <option>qpid_port</option> option to that
value:</para>
<programlisting language="ini"> <programlisting language="ini">
qpid_port=12345 qpid_port=12345
</programlisting> </programlisting>
<para>If you configure the <application>Qpid</application> broker to require authentication, you
will need to add a username and password to the configuration:</para> <para>If you configure the <application>Qpid</application> broker
to require authentication, you must add a user name and password
to the configuration:</para>
<programlisting language="ini"> <programlisting language="ini">
qpid_username=username qpid_username=username
qpid_password=password qpid_password=password
</programlisting> </programlisting>
<para>By default, TCP is used as the transport. If you would like to enable SSL, set the
<literal>qpid_protocol</literal> option:</para> <para>By default, TCP is used as the transport. To enable SSL, set
the <option>qpid_protocol</option> option:</para>
<programlisting language="ini"> <programlisting language="ini">
qpid_protocol=ssl qpid_protocol=ssl
</programlisting> </programlisting>
<para>The following table lists the rest of the options used by the Qpid messaging driver for
OpenStack Oslo RPC. It is not common that these options are used.</para> <para>Use these additional options to configure the Qpid messaging
driver for OpenStack Oslo RPC. These options are used
infrequently.</para>
<xi:include href="tables/neutron-qpid.xml"/> <xi:include href="tables/neutron-qpid.xml"/>
</section> </section>
<section xml:id="networking-configuration-zeromq"> <section xml:id="networking-configuration-zeromq">
<title>Configuration for ZeroMQ</title> <title>Configure ZeroMQ</title>
<para>This section discusses the configuration options that are relevant <para>Use these options to configure the
if <application>ZeroMQ</application> is used as the messaging system for <application>ZeroMQ</application> messaging system for
OpenStack Oslo RPC. <application>ZeroMQ</application> is not the default OpenStack Oslo RPC. <application>ZeroMQ</application> is not the
messaging system, so it must be enabled by setting the default messaging system, so you must enable it by setting the
<literal>rpc_backend</literal> option in <option>rpc_backend</option> option in the
<filename>neutron.conf</filename>.</para> <filename>neutron.conf</filename> file:</para>
<xi:include href="tables/neutron-zeromq.xml"/> <xi:include href="tables/neutron-zeromq.xml"/>
</section> </section>
<section xml:id="networking-common-messaging-configuration"> <section xml:id="networking-common-messaging-configuration">
<title>Common configuration for messaging</title> <title>Configure messaging</title>
<para>This section lists options that are common between the <para>Use these common options to configure the
<application>RabbitMQ</application>, <application>Qpid</application> <application>RabbitMQ</application>,
and <application>ZeroMq</application> <application>Qpid</application>, and
messaging drivers.</para> <application>ZeroMq</application> messaging drivers:</para>
<xi:include href="tables/neutron-rpc.xml"/> <xi:include href="tables/neutron-rpc.xml"/>
<xi:include href="tables/neutron-notifier.xml"/> <xi:include href="tables/neutron-notifier.xml"/>
</section> </section>
</section> </section>

202
doc/common/section_rpc.xml
View File

@ -1,119 +1,91 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="configuring-rpc"> xml:id="configuring-rpc">
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Configuring the Oslo RPC Messaging System</title> <title>Configure the Oslo RPC messaging system</title>
<para>OpenStack projects use AMQP, an open standard for messaging
<para>OpenStack projects use an open standard for messaging middleware middleware. OpenStack services that run on multiple servers to
known as AMQP. This messaging middleware enables the OpenStack talk to each other. OpenStack Oslo RPC supports three
services which will exist across multiple servers to talk to each other. implementations of AMQP: <application>RabbitMQ</application>,
OpenStack Oslo RPC supports three implementations of AMQP: <application>Qpid</application>, and
<application>RabbitMQ</application>, <application>ZeroMQ</application>.</para>
<application>Qpid</application>, and <section xml:id="configuration-rabbitmq">
<application>ZeroMQ</application>.</para> <title>Configure RabbitMQ</title>
<para>OpenStack Oslo RPC uses <application>RabbitMQ</application>
<section xml:id="configuration-rabbitmq"> by default. Use these options to configure the
<title>Configuration for RabbitMQ</title> <application>RabbitMQ</application> message system. The
<literal>rpc_backend</literal> option is not required as long
<para>OpenStack Oslo RPC uses <application>RabbitMQ</application> by as <application>RabbitMQ</application> is the default messaging
default. This section discusses the configuration options that are system. However, if it is included the configuration, you must
relevant when <application>RabbitMQ</application> is used. The set it to
<literal>rpc_backend</literal> option is not required as long as <literal>nova.openstack.common.rpc.impl_kombu</literal>.</para>
<application>RabbitMQ</application> is the default messaging system. <programlisting language="ini">rpc_backend=nova.openstack.common.rpc.impl_kombu</programlisting>
However, if it is included the configuration, it must be set to <para>You can use these additional options to configure the
<literal>nova.openstack.common.rpc.impl_kombu</literal>.</para> <application>RabbitMQ</application> messaging system. You can
configure messaging communication for different installation
scenarios, tune retries for RabbitMQ, and define the size of the
<programlisting language="ini">rpc_backend=nova.openstack.common.rpc.impl_kombu</programlisting> RPC thread pool. To monitor notifications through RabbitMQ, you
must set the <option>notification_driver</option> option to
<para>The following tables describe the rest of the options that <literal>nova.notifier.rabbit_notifier</literal> in the
can be used when <application>RabbitMQ</application> is used <filename>nova.conf</filename> file. The default for sending
as the messaging system. You can configure the messaging usage data is sixty seconds plus a random number of seconds from
communication for different installation scenarios as well as zero to sixty.</para>
tune RabbitMQ's retries and the size of the RPC thread pool. <xi:include href="tables/nova-rabbitmq.xml"/>
If you want to monitor notifications through RabbitMQ, you <xi:include href="tables/nova-kombu.xml"/>
must set the <literal>notification_driver</literal> option in </section>
<filename>nova.conf</filename> to <section xml:id="configuration-qpid">
<literal>nova.notifier.rabbit_notifier</literal>. The default <title>Configure Qpid</title>
for sending usage data is 60 seconds plus a randomized 0-60 seconds. <para>Use these options to configure the
</para> <application>Qpid</application> messaging system for OpenStack
Oslo RPC. <application>Qpid</application> is not the default
<xi:include href="tables/nova-rabbitmq.xml"/> messaging system, so you must enable it by setting the
<xi:include href="tables/nova-kombu.xml"/> <option>rpc_backend</option> option in the
</section> <filename>nova.conf</filename> file.</para>
<programlisting language="ini">rpc_backend=nova.openstack.common.rpc.impl_qpid</programlisting>
<section xml:id="configuration-qpid"> <para>This critical option points the compute nodes to the
<title>Configuration for Qpid</title> <application>Qpid</application> broker (server). Set
<option>qpid_hostname</option> to the host name where the
<para>This section discusses the configuration options that are relevant broker runs in the <filename>nova.conf</filename> file.</para>
if <application>Qpid</application> is used as the messaging system for <note>
OpenStack Oslo RPC. <application>Qpid</application> is not the default <para>The <option>--qpid_hostname</option> option accepts a host
messaging system, so it must be enabled by setting the name or IP address value.</para>
<literal>rpc_backend</literal> option in </note>
<filename>nova.conf</filename>.</para> <programlisting language="ini">qpid_hostname=hostname.example.com</programlisting>
<para>If the <application>Qpid</application> broker listens on a
<programlisting language="ini">rpc_backend=nova.openstack.common.rpc.impl_qpid</programlisting> port other than the AMQP default of <literal>5672</literal>, you
must set the <option>qpid_port</option> option to that
<para>This next critical option points the compute nodes to the value:</para>
<application>Qpid</application> broker (server). Set <programlisting language="ini">qpid_port=12345</programlisting>
<literal>qpid_hostname</literal> in <filename>nova.conf</filename> to <para>If you configure the <application>Qpid</application> broker
be the hostname where the broker is running.</para> to require authentication, you must add a user name and password
to the configuration:</para>
<note> <programlisting language="ini">qpid_username=username
<para>The -<literal>-qpid_hostname</literal> option accepts a value in
the form of either a hostname or an IP address.</para>
</note>
<programlisting language="ini">qpid_hostname=hostname.example.com</programlisting>
<para>If the <application>Qpid</application> broker is listening on a
port other than the AMQP default of <literal>5672</literal>, you will
need to set the <literal>qpid_port</literal> option:</para>
<programlisting language="ini">qpid_port=12345</programlisting>
<para>If you configure the <application>Qpid</application> broker to
require authentication, you will need to add a username and password to
the configuration:</para>
<programlisting language="ini">qpid_username=username
qpid_password=password</programlisting> qpid_password=password</programlisting>
<para>By default, TCP is used as the transport. To enable SSL, set
<para>By default, TCP is used as the transport. If you would like to the <option>qpid_protocol</option> option:</para>
enable SSL, set the <literal>qpid_protocol</literal> option:</para> <programlisting language="ini">qpid_protocol=ssl</programlisting>
<para>This table lists additional options that you use to
<programlisting language="ini">qpid_protocol=ssl</programlisting> configure the Qpid messaging driver for OpenStack Oslo RPC.
These options are used infrequently.</para>
<para>The following table lists the rest of the options used by the Qpid <xi:include href="tables/nova-qpid.xml"/>
messaging driver for OpenStack Oslo RPC. It is not common that these </section>
options are used.</para> <section xml:id="configuration-zeromq">
<title>Configure ZeroMQ</title>
<xi:include href="tables/nova-qpid.xml"/> <para>Use these options to configure the
<application>ZeroMQ</application> messaging system for
</section> OpenStack Oslo RPC. <application>ZeroMQ</application> is not the
<section xml:id="configuration-zeromq"> default messaging system, so you must enable it by setting the
<title>Configuration Options for ZeroMQ</title> <option>rpc_backend</option> option in the
<para>This section discusses the configuration options that are relevant <filename>nova.conf</filename> file.</para>
if <application>ZeroMQ</application> is used as the messaging system for <xi:include href="tables/nova-zeromq.xml"/>
OpenStack Oslo RPC. <application>ZeroMQ</application> is not the default </section>
messaging system, so it must be enabled by setting the <section xml:id="common-messaging-configuration">
<literal>rpc_backend</literal> option in <title>Configure messaging</title>
<filename>nova.conf</filename>.</para> <para>Use these options to configure the
<application>RabbitMQ</application> and
<application>Qpid</application> messaging drivers.</para>
<xi:include href="tables/nova-zeromq.xml"/> <xi:include href="tables/nova-rpc.xml"/>
</section> </section>
<section xml:id="common-messaging-configuration">
<title>Common Configuration for Messaging</title>
<para>This section lists options that are common between both the
<application>RabbitMQ</application> and <application>Qpid</application>
messaging drivers.</para>
<xi:include href="tables/nova-rpc.xml"/>
</section>
</section> </section>

2
doc/common/section_storage-concepts.xml
View File

@ -79,5 +79,5 @@
used independently of the Compute (nova) product.</para> used independently of the Compute (nova) product.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>
</section> </section>

291
doc/common/section_support-compute.xml
View File

@ -1,143 +1,180 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook" <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="section_compute-troubleshooting"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
<title>Troubleshooting Compute</title> xml:id="section_compute-troubleshooting">
<para>Common problems for Compute typically involve misconfigured networking or credentials that are not sourced properly in the environment. Also, most flat networking configurations do not enable ping or ssh from a compute node to the instances running on that node. Another common problem is trying to run 32-bit images on a 64-bit compute node. This section offers more information about how to troubleshoot Compute.</para> <title>Troubleshoot Compute</title>
<section xml:id="log-files-for-openstack-compute"><title>Log files for Compute</title> <para>Common problems for Compute typically involve misconfigured
networking or credentials that are not sourced properly in the
environment. Also, most flat networking configurations do not
enable <command>ping</command> or <command>ssh</command> from
a compute node to the instances that run on that node. Another
common problem is trying to run 32-bit images on a 64-bit
compute node. This section shows you how to troubleshoot
Compute.</para>
<section xml:id="log-files-for-openstack-compute">
<title>Compute log files</title>
<para>Compute stores a log file for each service in <para>Compute stores a log file for each service in
<filename>/var/log/nova</filename>. For example, <filename>/var/log/nova</filename>. For example,
<filename>nova-compute.log</filename> is the log for the <filename>nova-compute.log</filename> is the log for
<systemitem class="service">nova-compute</systemitem> the <systemitem class="service">nova-compute</systemitem>
service. You can set the following options to format log service. You can set the following options to format log
strings for the nova.log module in strings for the nova.log module in the
<filename>nova.conf</filename>: <filename>nova.conf</filename> file:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><literal>logging_context_format_string</literal></para> <para><literal>logging_context_format_string</literal></para>
</listitem> </listitem>
<listitem> <listitem>
<para><literal>logging_default_format_string</literal></para> <para><literal>logging_default_format_string</literal></para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
If the log level is set to <literal>debug</literal>, you can <para>If the log level is set to <literal>debug</literal>, you
also specify <literal>logging_debug_format_suffix</literal> can also specify
to append extra formatting. For information about what <literal>logging_debug_format_suffix</literal> to
variables are available for the formatter see: append extra formatting. For information about what
<link xlink:href="http://docs.python.org/library/logging.html#formatter">http://docs.python.org/library/logging.html#formatter</link>. variables are available for the formatter see: <link
</para> xlink:href="http://docs.python.org/library/logging.html#formatter"
<para>You have two options for logging for OpenStack Compute based on configuration >http://docs.python.org/library/logging.html#formatter</link>.</para>
settings. In <filename>nova.conf</filename>, include the <para>You have two options for logging for OpenStack Compute
<literal>logfile</literal> option to enable logging. Alternatively based on configuration settings. In
you can set <literal>use_syslog=1</literal>, and then the nova <filename>nova.conf</filename>, include the
daemon logs to syslog.</para> <literal>logfile</literal> option to enable logging.
Alternatively you can set <literal>use_syslog=1</literal>
so that the nova daemon logs to syslog.</para>
</section> </section>
<section xml:id="section_compute-common-errors-and-fixes"> <section xml:id="section_compute-common-errors-and-fixes">
<title>Common errors and fixes for Compute</title> <title>Common errors and fixes for Compute</title>
<para>The ask.openstack.org site offers a place to ask and <para>The <link xlink:href="ask.openstack.org"
answer questions, and you can also mark questions as >ask.openstack.org</link> site offers a place to ask
and answer questions, and you can also mark questions as
frequently asked questions. This section describes some frequently asked questions. This section describes some
errors people have posted previously. We errors people have posted previously. Bugs are constantly
are constantly fixing bugs, so online resources are a being fixed, so online resources are a great way to get
great way to get the most up-to-date errors and the most up-to-date errors and fixes.</para>
fixes.</para>
<section xml:id="section_credential-errors"> <section xml:id="section_credential-errors">
<title>Credential errors, 401, 403 forbidden errors</title> <title>Credential errors, 401, and 403 forbidden
<para>A 403 forbidden error is caused by missing credentials. errors</title>
Through current installation methods, there are basically <para>Missing credentials cause a
two ways to get the <filename>novarc</filename> file. The manual method <errorcode>403</errorcode>
requires getting it from within a project zipfile, and the <errortext>forbidden</errortext> error. To resolve
scripted method just generates <filename>novarc</filename> out of the project this issue, use one of these methods:<orderedlist>
zip file and sources it for you. If you use the manual <listitem>
method through a zip file, before sourcing <filename>novarc</filename> <para><emphasis role="bold">Manual
be sure to save any credentials that were created previously, as they method</emphasis>. Get get the
can be overridden. <filename>novarc</filename> file from
</para> the project ZIP file, save existing
<para>When you run <systemitem class="service">nova-api</systemitem> the credentials in case of override. and
first time, it generates the certificate authority information, manually source the
including <filename>openssl.cnf</filename>. If the CA components are <filename>novarc</filename>
started prior to this, you may not be able to create your zip file. file.</para>
Restart the services, then once your CA information is available, </listitem>
you should be able to create your zip file.</para> <listitem>
<para>You may also need to check your http proxy settings to see if <para><emphasis role="bold">Script
they are causing problems with the <filename>novarc</filename> method</emphasis>. Generates
creation.</para> <filename>novarc</filename> from the
project ZIP file and sources it for
you.</para>
</listitem>
</orderedlist></para>
<para>When you run <systemitem class="service"
>nova-api</systemitem> the first time, it
generates the certificate authority information,
including <filename>openssl.cnf</filename>. If you
start the CA services before this, you might not be
able to create your ZIP file. Restart the services.
When your CA information is available, create your ZIP
file.</para>
<para>Also, check your HTTP proxy settings to see whether
they cause problems with <filename>novarc</filename>
creation.</para>
</section> </section>
<section xml:id="section_instance-errors"> <section xml:id="section_instance-errors">
<title>Instance errors</title> <title>Instance errors</title>
<para>Sometimes a particular instance shows "pending" or you <para>Sometimes a particular instance shows
cannot SSH to it. Sometimes the image itself is the <literal>pending</literal> or you cannot SSH to
problem. For example, when using flat manager networking, it. Sometimes the image itself is the problem. For
you do not have a dhcp server, and certain images example, when you use flat manager networking, you do
don't support interface injection so you cannot connect not have a DHCP server and certain images do not
to them. The fix for this type of problem is to use an support interface injection; you cannot connect to
image that does support this method, such as Ubuntu, them. The fix for this problem is to use an image that
which should obtain an IP address correctly does support this method, such as Ubuntu, which
with FlatManager network settings. To troubleshoot other obtains an IP address correctly with FlatManager
possible problems with an instance, such as one that stays network settings.</para>
in a spawning state, first check the directory for the particular <para>To troubleshoot other possible problems with an
instance under <filename>/var/lib/nova/instances</filename> instance, such as an instance that stays in a spawning
on the <systemitem class="service">nova-compute</systemitem> state, check the directory for the particular instance
host and make sure it has the following files:</para> under <filename>/var/lib/nova/instances</filename> on
<itemizedlist> the <systemitem class="service"
<listitem> >nova-compute</systemitem> host and make sure that
<para>libvirt.xml</para> these files are present:</para>
</listitem> <itemizedlist>
<listitem> <listitem>
<para>disk</para> <para><filename>libvirt.xml</filename></para>
</listitem> </listitem>
<listitem> <listitem>
<para>disk-raw</para> <para><filename>disk</filename></para>
</listitem> </listitem>
<listitem> <listitem>
<para>kernel</para> <para><filename>disk-raw</filename></para>
</listitem> </listitem>
<listitem> <listitem>
<para>ramdisk</para> <para><filename>kernel</filename></para>
</listitem> </listitem>
<listitem> <listitem>
<para>console.log (Once the instance actually starts you should <para><filename>ramdisk</filename></para>
see a <filename>console.log</filename>.)</para> </listitem>
</listitem> <listitem>
</itemizedlist> <para>After the instance starts,
<para>Check the file sizes to see if they are reasonable. If <filename>console.log</filename></para>
any are missing/zero/very small then <systemitem class="service">nova-compute</systemitem> has </listitem>
somehow not completed download of the images from </itemizedlist>
the Image service.</para> <para>If any files are missing, empty, or very small, the
<para>Also check <filename>nova-compute.log</filename> for exceptions. <systemitem class="service"
Sometimes they don't show up in the console output.</para> >nova-compute</systemitem> service did not
<para>Next, check the log file for the instance in the directory successfully download the images from the Image
<filename>/var/log/libvirt/qemu</filename> Service.</para>
to see if it exists and has any useful error messages <para>Also check <filename>nova-compute.log</filename> for
in it.</para> exceptions. Sometimes they do not appear in the
<para>Finally, from the directory for the instance under console output.</para>
<filename>/var/lib/nova/instances</filename>, try <para>Next, check the log file for the instance in the
<screen><prompt>#</prompt> <userinput>virsh create libvirt.xml</userinput></screen> and see if you <filename>/var/log/libvirt/qemu</filename>
get an error when running this.</para> directory to see if it exists and has any useful error
messages in it.</para>
<para>Finally, from the
<filename>/var/lib/nova/instances</filename>
directory for the instance, see if this command
returns an error:</para>
<screen><prompt>#</prompt> <userinput>virsh create libvirt.xml</userinput></screen>
</section> </section>
</section> </section>
<section xml:id="reset-state"> <section xml:id="reset-state">
<title>Manually reset the state of an instance</title> <title>Reset the state of an instance</title>
<para>If an instance gets stuck in an intermediate state (e.g., "deleting"), you can <para>If an instance remains in an intermediate state, such as
manually reset the state of an instance using the <command>nova <literal>deleting</literal>, you can use the
reset-state</command> command. This will reset it to an error state, which you <command>nova reset-state</command> command to
can then delete. For manually reset the state of an instance to an error state.
example:<screen><prompt>$</prompt> <userinput>nova reset-state c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput> You can then delete the instance. For example:</para>
<prompt>$</prompt> <userinput>nova delete c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen></para> <screen><prompt>$</prompt> <userinput>nova reset-state c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput>
<para>You can also use the <literal>--active</literal> to <prompt>$</prompt> <userinput>nova delete c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen>
force the instance back into an active state instead of an <para>You can also use the <parameter>--active</parameter>
error state, for parameter to force the instance back to an active state
example:<screen><prompt>$</prompt> <userinput>nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput> </screen></para> instead of an error state. For example:</para>
</section> <screen><prompt>$</prompt> <userinput>nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen>
<section xml:id="problems-with-injection"> </section>
<title>Problems with injection</title> <section xml:id="problems-with-injection">
<para>If you are diagnosing problems with instances not booting, <title>Injection problems</title>
or booting slowly, consider investigating file injection as a <para>If instances do not boot or boot slowly, investigate
cause. Setting <literal>libvirt_inject_partition</literal> file injection as a cause.</para>
to -2 disables injection in libvirt. This can be required if you want to make user <para>To disable injection in libvirt, set
specified files available from the metadata server (and config drive is not enabled), <option>libvirt_inject_partition</option> to
for performance reasons, and also to avoid boot failure if injection itself fails.</para> <literal>-2</literal>.</para>
</section> <note>
</section> <para>If you have not enabled the configuration drive and
you want to make user-specified files available from
the metadata server for to improve performance and
avoid boot failure if injection fails, you must
disable injection.</para>
</note>
</section>
</section>

191
doc/common/section_support-object-storage.xml
View File

@ -1,53 +1,93 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook" <chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="troubleshooting-openstack-object-storage"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
<title>Troubleshooting OpenStack Object Storage</title> xml:id="troubleshooting-openstack-object-storage">
<para>For OpenStack Object Storage, everything is logged in /var/log/syslog (or messages on some distros). Several settings enable further customization of logging, such as log_name, log_facility, and log_level, within the object server configuration files.</para> <title>Troubleshoot Object Storage</title>
<section xml:id="handling-drive-failure"> <para>For OpenStack Object Storage, everything is logged in
<title>Handling Drive Failure</title> <filename>/var/log/syslog</filename> (or messages on some
<para>In the event that a drive has failed, the first step is to make sure the drive is unmounted. This will make it easier for OpenStack Object Storage to work around the failure until it has been resolved. If the drive is going to be replaced immediately, then it is just best to replace the drive, format it, remount it, and let replication fill it up.</para> distros). Several settings enable further customization of
<para>If the drive cant be replaced immediately, then it is best to leave it unmounted, and remove the drive from the ring. This will allow all the replicas that were on that drive to be replicated elsewhere until the drive is replaced. Once the drive is replaced, it can be re-added to the ring.</para> logging, such as <option>log_name</option>,
<para>Rackspace has seen hints at drive failures by looking at error messages in /var/log/kern.log - <option>log_facility</option>, and
do consider checking this in your monitoring</para> <option>log_level</option>, within the object server
</section> configuration files.</para>
<section xml:id="handling-drive-failure">
<section xml:id="handling-server-failure"> <title>Recover drive failures</title>
<para>If a drive fails, make sure the
<title>Handling Server Failure</title> drive is unmounted to make it easier for Object
Storage to work around the failure while you resolve
<para>If a server is having hardware issues, it is a good idea to make sure the OpenStack Object Storage services are not running. This will allow OpenStack Object Storage to work around the failure while you troubleshoot.</para> it. If you plan to replace the drive immediately, replace
the drive, format it, remount it, and let replication fill
<para>If the server just needs a reboot, or a small amount of work that should only last a couple of hours, then it is probably best to let OpenStack Object Storage work around the failure and get the machine fixed and back online. When the machine comes back online, replication will make sure that anything that is missing during the downtime will get updated.</para> it.</para>
<para>If you cannot replace the drive immediately, leave it
<para>If the server has more serious issues, then it is probably best to remove all of the servers devices from the ring. Once the server has been repaired and is back online, the servers devices can be added back into the ring. It is important that the devices are reformatted before putting them back into the ring as it is likely to be responsible for a different set of partitions than before.</para> unmounted and remove the drive from the ring. This enables
</section> you to replicate all the replicas on that drive elsewhere
<section xml:id="detecting-failed-drives"> until you can replace the drive. After you replace the
<title>Detecting Failed Drives</title> drive, you can add it to the ring again.</para>
<note>
<para>It has been our experience that when a drive is about to fail, error messages will spew into /var/log/kern.log. There is a script called swift-drive-audit that can be run via cron to watch for bad drives. If errors are detected, it will unmount the bad drive, so that OpenStack Object Storage can work around it. The script takes a configuration file with the following settings: <para>Rackspace has seen hints at drive failures by
</para> looking at error messages in
<xi:include href="tables/swift-drive-audit-drive-audit.xml"/> <filename>/var/log/kern.log</filename>. Check this
<para>This script has only been tested on Ubuntu 10.04, so if you are using a different distro or OS, some care should be taken before using in production. file in your monitoring.</para>
</para></section> </note>
</section>
<section xml:id="recover-ring-builder-file"> <section xml:id="handling-server-failure">
<title>Emergency Recovery of Ring Builder Files</title> <title>Recover server failures</title>
<para>You should always keep a backup of Swift ring builder files. <para>If a server has hardware issues, make sure that the
However, if an emergency occurs, this procedure may assist in returning Object Storage services are not running. This enables
your cluster to an operational state.</para> Object Storage to work around the failure while you
<para>Using existing Swift tools, there is no way to recover a builder troubleshoot.</para>
file from a ring.gz file. However, if you have a knowledge of Python, <para>If the server needs a reboot or a minimal amount of
it is possible to construct a builder file that is pretty close to work, let Object Storage work around the failure while you
the one you have lost. The following is what you will need to do.</para> fix the machine and get it back online. When the machine
<warning><title>Warning</title> comes back online, replication updates anything that was
<para>This procedure is a last-resort for emergency circumstances - it missing during the downtime.</para>
requires knowledge of the swift python code and may not succeed.</para></warning> <para>If the server has more serious issues,remove all server
<para>First, load the ring and a new ringbuilder object in a Python REPL:</para> devices from the ring. After you repair and put the server
<programlisting language="python">>>> from swift.common.ring import RingData, RingBuilder online, you can add the devices for the server back to the
ring. You must reformat the devices before you add them to
the ring because they might be responsible for a different
set of partitions than before.</para>
</section>
<section xml:id="detecting-failed-drives">
<title>Detect failed drives</title>
<para>When a drive is about to fail, many error messages
appear in the <filename>/var/log/kern.log</filename> file.
You can run the <package>swift-drive-audit</package>
script through <command>cron</command> to watch for bad
drives. If errors are detected, it unmounts the bad drive
so that Object Storage can work around it. The script uses
a configuration file with these settings:</para>
<xi:include href="tables/swift-drive-audit-drive-audit.xml"/>
<para>This script has been tested on only Ubuntu 10.04. If you
use a different distribution or operating system, take
care before using the script in production.</para>
</section>
<section xml:id="recover-ring-builder-file">
<title>Recover ring builder files (emergency)</title>
<para>You should always keep a backup of Swift ring builder
files. However, if an emergency occurs, use this procedure
to return your cluster to an operational state.</para>
<para>Existing Swift tools do not enable you to recover a
builder file from a <filename>ring.gz</filename> file.
However, if you have Python knowledge, you can construct a
builder file similar to the one you have lost.</para>
<warning>
<para>This procedure is a last-resort in an emergency. It
requires knowledge of the swift Python code and might
not succeed.</para>
</warning>
<procedure>
<step>
<para>Load the ring and a new ringbuilder object in a
Python REPL:</para>
<programlisting language="python">>>> from swift.common.ring import RingData, RingBuilder
>>> ring = RingData.load('/path/to/account.ring.gz')</programlisting> >>> ring = RingData.load('/path/to/account.ring.gz')</programlisting>
<para>Now, start copying the data we have in the ring into the builder.</para> </step>
<programlisting language="python">>>> import math <step>
<para>Copy the data in the ring into the
builder.</para>
<programlisting language="python">>>> import math
>>> partitions = len(ring._replica2part2dev_id[0]) >>> partitions = len(ring._replica2part2dev_id[0])
>>> replicas = len(ring._replica2part2dev_id) >>> replicas = len(ring._replica2part2dev_id)
@ -62,26 +102,43 @@
>>> for p2d in builder._replica2part2dev: >>> for p2d in builder._replica2part2dev:
for dev_id in p2d: for dev_id in p2d:
builder.devs[dev_id]['parts'] += 1</programlisting> builder.devs[dev_id]['parts'] += 1</programlisting>
<para>This is the extent of the recoverable fields. For <para>This is the extent of the recoverable
<literal>min_part_hours</literal> you'll either have to remember fields.</para>
what the value you used was, or just make up a new one.</para> </step>
<programlisting language="python">>>> builder.change_min_part_hours(24) # or whatever you want it to be</programlisting> <step>
<para>Try some validation: if this doesn't raise an exception, you may <para>For <option>min_part_hours</option>, you must
feel some hope. Not too much, though.</para> remember the value that you used previously or
<programlisting language="python">>>> builder.validate()</programlisting> create a new value.</para>
<para>Save the builder.</para> <programlisting language="python">>>> builder.change_min_part_hours(24) # or whatever you want it to be</programlisting>
<programlisting language="python">>>> import pickle <para>If validation succeeds without raising an
exception, you have succeeded.</para>
<programlisting language="python">>>> builder.validate()</programlisting>
</step>
<step>
<para>Save the builder.</para>
<programlisting language="python">>>> import pickle
>>> pickle.dump(builder.to_dict(), open('account.builder', 'wb'), protocol=2)</programlisting> >>> pickle.dump(builder.to_dict(), open('account.builder', 'wb'), protocol=2)</programlisting>
<para>You should now have a file called 'account.builder' in the current <para>The <filename>account.builder</filename> file
working directory. appears in the current working directory.</para>
Next, run <literal>swift-ring-builder account.builder write_ring</literal> </step>
and compare the new account.ring.gz to the account.ring.gz that you started <step>
from. They probably won't be byte-for-byte identical, but if you load them <para>Run <literal>swift-ring-builder account.builder
up in a REPL and their <literal>_replica2part2dev_id</literal> and write_ring</literal>.</para>
<literal>devs</literal> attributes are the same (or nearly so), then you're <para>Compare the new
in good shape.</para> <filename>account.ring.gz</filename> to the
<para>Next, repeat the procedure for <literal>container.ring.gz</literal> original <filename>account.ring.gz</filename>
and <literal>object.ring.gz</literal>, and you might get usable builder file. They might not be byte-for-byte identical,
files.</para> but if you load them in REPL and their
</section> <option>_replica2part2dev_id</option> and
<option>devs</option> attributes are the same
(or nearly so), you have succeeded.</para>
</step>
<step>
<para>Repeat this procedure for the
<filename>container.ring.gz</filename> and
<filename>object.ring.gz</filename> files, and
you might get usable builder files.</para>
</step>
</procedure>
</section>
</chapter> </chapter>

75
doc/common/section_tenant-specific-image-storage.xml
View File

@ -3,33 +3,50 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="configuring-tenant-specific-storage-for-images"> xml:id="configuring-tenant-specific-storage-for-images">
<title>Configuring Tenant-specific Storage Locations for Images <title>Configure tenant-specific image locations with Object
with Object Storage</title> Storage</title>
<para>For some deployers, storing all images in a single place for <para>For some deployers, it is not ideal to store all images in
all tenants and users to access is not ideal. To enable access one place to enable all tenants and users to access them. You
control to specific images for cloud users, you can configure can configure the Image Service to store image data in
the Image service with the ability to store image data in the tenant-specific image locations. Then, only the following
image owner-specific locations.</para> tenants can use the Image Service to access the created image:<itemizedlist>
<para>The relevant configuration options in the <listitem>
<filename>glance-api.conf</filename> file are:</para> <para>The tenant who owns the image</para>
<itemizedlist> </listitem>
<listitem> <listitem>
<para><literal>swift_store_multi_tenant</literal>: set to <para>Tenants that are defined in
<literal>True</literal> to enable tenant-specific storage locations (Default <option>swift_store_admin_tenants</option> and
value is <literal>False</literal>).</para> that have admin-level accounts</para>
</listitem> </listitem>
<listitem> </itemizedlist></para>
<para><literal>swift_store_admin_tenants</literal>: Specify a list of tenants <procedure>
by ID to which to grant read and write access to all Object Storage <title>To configure tenant-specific image locations</title>
containers created by the Image service.</para> <step>
</listitem> <para>Configure swift as your
</itemizedlist> <option>default_store</option> in the
<para>Assuming you configured 'swift' as your default_store in <filename>glance-api.conf</filename> file.</para>
<filename>glance-api.conf</filename> and you enable this </step>
feature as described above, images will be stored in an Object <step>
Storage service (swift) endpoint pulled from the authenticated <para>Set these configuration options in the
user's service_catalog. The created image data will only be <filename>glance-api.conf</filename> file: <itemizedlist>
accessible through the Image service by the tenant that owns <listitem>
it and any tenants defined in swift_store_admin_tenants that <para><option>swift_store_multi_tenant</option>.
are identified as having admin-level accounts.</para> Set to <literal>True</literal> to enable
tenant-specific storage locations. Default
is <literal>False</literal>.</para>
</listitem>
<listitem>
<para><option>swift_store_admin_tenants</option>.
Specify a list of tenant IDs that can
grant read and write access to all Object
Storage containers that are created by the
Image Service.</para>
</listitem>
</itemizedlist></para>
</step>
</procedure>
<para>With this configuration, images are stored in an
Object Storage service (swift) endpoint that is pulled
from the service catalog for the authenticated
user.</para>
</section> </section>

270
doc/common/section_trusted-compute-pools.xml
View File

@ -1,98 +1,120 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<section <section xmlns="http://docbook.org/ns/docbook"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
version="5.0"
xml:id="trusted-compute-pools"> xml:id="trusted-compute-pools">
<title>Trusted Compute Pools</title> <title>Trusted compute pools</title>
<simplesect> <para>Trusted compute pools enable administrators to designate a
<title>Overview</title> group of compute hosts as <firstterm>trusted</firstterm>. These hosts use hardware-based
<para>Trusted compute pools enable administrators to designate a group of compute hosts as security features, such as the Intel Trusted Execution
"trusted". These hosts use hardware-based security features, such as Intel's Trusted Technology (TXT), to provide an additional level of security.
Execution Technology (TXT), to provide an additional level of security. Combined with an Combined with an external stand-alone web-based remote
external standalone web-based remote attestation server, cloud providers can ensure that attestation server, cloud providers can ensure that the
the compute node is running software with verified measurements, thus they can establish compute node runs only software with verified measurements and
the foundation for the secure cloud stack. Through the Trusted Computing Pools, cloud can ensure a secure cloud stack.</para>
subscribers can request services to be run on verified compute nodes.</para> <para>Through the trusted compute pools, cloud subscribers can
<para>The remote attestation server performs node verification through the following steps:<orderedlist> request services to run on verified compute nodes.</para>
<listitem> <para>The remote attestation server performs node verification as
<para>Compute nodes boot with Intel TXT technology enabled.</para> follows:</para>
</listitem> <orderedlist>
<listitem> <listitem>
<para>The compute node's BIOS, hypervisor and OS are measured.</para> <para>Compute nodes boot with Intel TXT technology
</listitem> enabled.</para>
<listitem> </listitem>
<para>These measured data is sent to the attestation server when challenged by <listitem>
attestation server.</para> <para>The compute node BIOS, hypervisor, and OS are
</listitem> measured.</para>
<listitem> </listitem>
<para>The attestation server verifies those measurements against good/known <listitem>
database to determine nodes' trustworthiness.</para> <para>Measured data is sent to the attestation server when
</listitem> challenged by attestation server.</para>
</orderedlist></para> </listitem>
<para>A description of how to set up an attestation service is beyond the scope of this <listitem>
document. See the <link xlink:href="https://github.com/OpenAttestation/OpenAttestation" <para>The attestation server verifies those measurements
>Open Attestation</link> project for an open source project that can be used to against a good and known database to determine nodes'
implement an attestation service.</para> trustworthiness.</para>
<para> </listitem>
<mediaobject> </orderedlist>
<imageobject role="fo"> <para>A description of how to set up an attestation service is
<imagedata fileref="figures/OpenStackTrustedComputePool1.png" beyond the scope of this document. For an open source project
format="PNG" contentwidth="6in"/> that you can use to implement an attestation service, see the
</imageobject> <link
<imageobject role="html"> xlink:href="https://github.com/OpenAttestation/OpenAttestation"
<imagedata fileref="figures/OpenStackTrustedComputePool1.png" >Open Attestation</link> project.</para>
format="PNG"/> <mediaobject>
</imageobject> <imageobject role="fo">
</mediaobject> <imagedata
</para> fileref="figures/OpenStackTrustedComputePool1.png"
</simplesect> format="PNG" contentwidth="6in"/>
<simplesect> </imageobject>
<title>Configuring the Compute service to use Trusted Compute Pools</title> <imageobject role="html">
<para>The Compute service must be configured to with the connection information for the attestation <imagedata
service. The connection information is specified in the fileref="figures/OpenStackTrustedComputePool1.png"
<literal>trusted_computing</literal> section of nova.conf. Specify the following format="PNG" contentwidth="6in"/>
parameters in this section.<variablelist> </imageobject>
<varlistentry> </mediaobject>
<term>server</term> <section xml:id="configure_trusted_compute_pools">
<listitem> <title>Configure Compute to use trusted compute pools</title>
<para>Hostname or IP address of the host that runs the attestation <procedure>
service</para> <step>
</listitem> <para>Configure the Compute service with the
</varlistentry> connection information for the attestation
<varlistentry> service.</para>
<term>port</term> <para>Specify these connection options in the
<listitem> <literal>trusted_computing</literal> section
<para>HTTPS port for the attestation service</para> in the <filename>nova.conf</filename>
</listitem> configuration file:</para>
</varlistentry> <variablelist>
<varlistentry> <varlistentry>
<term>server_ca_file</term> <term>server</term>
<listitem> <listitem>
<para>Certificate file used to verify the attestation server's <para>Host name or IP address of the host
identity.</para> that runs the attestation
</listitem> service</para>
</varlistentry> </listitem>
<varlistentry> </varlistentry>
<term>api_url</term> <varlistentry>
<listitem> <term>port</term>
<para>The attestation service URL path.</para> <listitem>
</listitem> <para>HTTPS port for the attestation
</varlistentry> service</para>
<varlistentry> </listitem>
<term>auth_blob</term> </varlistentry>
<listitem> <varlistentry>
<para>An authentication blob, which is required by the attestation <term>server_ca_file</term>
service.</para> <listitem>
</listitem> <para>Certificate file used to verify the
</varlistentry> attestation server's identity.</para>
</variablelist>Add the following lines to <filename>/etc/nova/nova.conf</filename> in </listitem>
the <literal>DEFAULT</literal> and <literal>trusted_computing</literal> sections to </varlistentry>
enable scheduling support for Trusted Compute Pools, and edit the details of the <varlistentry>
<literal>trusted_computing</literal> section based on the details of your <term>api_url</term>
attestation <listitem>
service.<programlisting language="ini">[DEFAULT] <para>The attestation service URL
path.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>auth_blob</term>
<listitem>
<para>An authentication blob, which is
required by the attestation
service.</para>
</listitem>
</varlistentry>
</variablelist>
</step>
<step>
<para>To enable scheduling support for trusted compute
pools, add the following lines to the
<literal>DEFAULT</literal> and
<literal>trusted_computing</literal> sections
in the <filename>/etc/nova/nova.conf</filename>
file. Edit the details in the
<literal>trusted_computing</literal> section
based on the details of your attestation
service:</para>
<programlisting language="ini">[DEFAULT]
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_available_filters=nova.scheduler.filters.all_filters scheduler_available_filters=nova.scheduler.filters.all_filters
scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter
@ -105,30 +127,44 @@ server_ca_file=/etc/nova/ssl.10.1.71.206.crt
api_url=/AttestationService/resources api_url=/AttestationService/resources
# If using OAT pre-v1.5, use this api_url: # If using OAT pre-v1.5, use this api_url:
#api_url=/OpenAttestationWebServices/V1.0 #api_url=/OpenAttestationWebServices/V1.0
auth_blob=i-am-openstack</programlisting></para> auth_blob=i-am-openstack</programlisting>
<para>Restart the <systemitem class="service">nova-compute</systemitem> and <systemitem class="service">nova-scheduler</systemitem> services after making these changes.</para> </step>
<xi:include href="tables/nova-trustedcomputing.xml"/> <step>
</simplesect> <para>Restart the <systemitem class="service"
<simplesect> >nova-compute</systemitem> and <systemitem
class="service">nova-scheduler</systemitem>
services.</para>
</step>
</procedure>
<section xml:id="config_ref">
<title>Configuration reference</title>
<xi:include href="tables/nova-trustedcomputing.xml"/>
</section>
</section>
<section xml:id="trusted_flavors">
<title>Specify trusted flavors</title> <title>Specify trusted flavors</title>
<para>One or more flavors must be configured as "trusted". Users can then request trusted <para>You must configure one or more flavors as
nodes by specifying one of these trusted flavors when booting a new instance. Use the <firstterm>trusted</firstterm>. Users can request
<command>nova flavor-key set</command> command to set a flavor as trusted nodes by specifying a trusted flavor when they
trusted. For example, to set the m1.tiny flavor as trusted:</para> boot an instance.</para>
<para> <para>Use the <command>nova flavor-key set</command> command
<screen><prompt>#</prompt> <userinput>nova flavor-key m1.tiny set trust:trusted_host trusted</userinput></screen> to set a flavor as trusted. For example, to set the
</para> <literal>m1.tiny</literal> flavor as trusted:</para>
<para>A user can request that their instance runs on a trusted host by specifying a trusted <screen><prompt>#</prompt> <userinput>nova flavor-key m1.tiny set trust:trusted_host trusted</userinput></screen>
flavor when invoking the <command>nova boot</command> command.</para> <para>To request that their instances run on a trusted host,
<para> users can specify a trusted flavor on the <command>nova
<mediaobject> boot</command> command:</para>
<imageobject role="fo"> <mediaobject>
<imagedata fileref="figures/OpenStackTrustedComputePool2.png" format="PNG" contentwidth="6in"/> <imageobject role="fo">
</imageobject> <imagedata
<imageobject role="html"> fileref="figures/OpenStackTrustedComputePool2.png"
<imagedata fileref="figures/OpenStackTrustedComputePool2.png" format="PNG"/> format="PNG" contentwidth="6in"/>
</imageobject> </imageobject>
</mediaobject> <imageobject role="html">
</para> <imagedata
</simplesect> fileref="figures/OpenStackTrustedComputePool2.png"
format="PNG" contentwidth="6in"/>
</imageobject>
</mediaobject>
</section>
</section> </section>

2
doc/common/section_user-data.xml
View File

@ -137,7 +137,7 @@ adduser --disabled-password --gecos "" clouduser</programlisting>
hostname: mynode hostname: mynode
fqdn: mynode.example.com fqdn: mynode.example.com
manage_etc_hosts: true</programlisting> manage_etc_hosts: true</programlisting>
</para> </para>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>Example: Configure instances with Puppet</title> <title>Example: Configure instances with Puppet</title>

126
doc/common/section_using-vnc-console.xml
View File

@ -3,74 +3,70 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="using-vnc-console"> xml:id="using-vnc-console">
<title>Using VNC Console</title> <title>Use the VNC console</title>
<para>There are several methods to interact with the VNC console, <para>To interact through the VNC console, you can use a VNC client
using a VNC client directly, a special java client, or through the directly, a special Java client, or a web browser. For information
web browser. For information about configuring the console, about how to configure the console, see <xref
see <xref linkend="installing-openstack-dashboard"/>. linkend="installing-openstack-dashboard"/>.</para>
</para> <section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="getting-an-access-url">
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" <title>Get an access URL</title>
xml:id="getting-an-access-url"> <para>Nova enables you to create access_urls through the
<title>Get an access URL</title> os-consoles extension. Support for accessing this URL is
<para>Nova enables you to create access_urls through the provided by the nova client:</para>
os-consoles extension. Support for accessing this URL is <screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> <replaceable>[novnc|xvpvnc]</replaceable></userinput></screen>
provided by the nova client:</para> <para>Specify '<literal>novnc</literal>' to get a URL suitable for
<screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> <replaceable>[novnc|xvpvnc]</replaceable></userinput></screen> pasting into a web browser.</para>
<para>Specify '<literal>novnc</literal>' to get a URL suitable <para>Specify '<literal>xvpvnc</literal>' for a URL suitable for
for pasting into a web browser.</para> pasting into the Java client.</para>
<para>Specify '<literal>xvpvnc</literal>' for a URL suitable for <para>To request a web browser URL:</para>
pasting into the Java client.</para> <screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> novnc</userinput></screen>
<para>To request a web browser URL:</para> </section>
<screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> novnc</userinput></screen> <section xml:id="accessing-vnc-consoles-with-a-java-client">
</section> <title>Access a VNC console with a Java client</title>
<para>To enable support for the OpenStack Java VNC client in
<section xml:id="accessing-vnc-consoles-with-a-java-client"> compute, run the <literal>nova-xvpvncproxy</literal>
<info> service.</para>
<title>Access VNC consoles with a Java client</title> <itemizedlist>
</info> <listitem>
<para>To enable support for the OpenStack Java VNC client in <para><literal>xvpvncproxy_port</literal>=<replaceable>[port]</replaceable>
compute, run the <literal>nova-xvpvncproxy</literal> service.</para> - port to bind (defaults to 6081)</para>
<itemizedlist> </listitem>
<listitem> <listitem>
<para><literal>xvpvncproxy_port</literal>=<replaceable>[port]</replaceable> <para><literal>xvpvncproxy_host</literal>=<replaceable>[host]</replaceable>
- port to bind (defaults to 6081)</para> - host to bind (defaults to 0.0.0.0)</para>
</listitem> </listitem>
<listitem> </itemizedlist>
<para><literal>xvpvncproxy_host</literal>=<replaceable>[host]</replaceable> <para>As a client, you need a special Java client, which is a
- host to bind (defaults to 0.0.0.0)</para> slightly modified version of TightVNC that supports our token
</listitem> auth:</para>
</itemizedlist> <screen><prompt>$</prompt> <userinput>git clone https://github.com/cloudbuilders/nova-xvpvncviewer</userinput>
<para>As a client, you need a special Java client, which is a
slightly modified version of TightVNC that supports our token
auth:</para>
<screen><prompt>$</prompt> <userinput>git clone https://github.com/cloudbuilders/nova-xvpvncviewer</userinput>
<prompt>$</prompt> <userinput>cd nova-xvpvncviewer/viewer</userinput> <prompt>$</prompt> <userinput>cd nova-xvpvncviewer/viewer</userinput>
<prompt>$</prompt> <userinput>make</userinput></screen> <prompt>$</prompt> <userinput>make</userinput></screen>
<para>To create a session, request an access URL by using <para>To create a session, request an access URL by using
<command>python-novaclient</command>. Then, run the client <command>python-novaclient</command>. Then, run the client as
as follows.</para> follows.</para>
<para>To get an access URL:</para> <para>To get an access URL:</para>
<screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> xvpvnc</userinput></screen> <screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> xvpvnc</userinput></screen>
<para>To run the client:</para> <para>To run the client:</para>
<screen><prompt>$</prompt> <userinput>java -jar VncViewer.jar <replaceable>[access_url]</replaceable></userinput></screen> <screen><prompt>$</prompt> <userinput>java -jar VncViewer.jar <replaceable>[access_url]</replaceable></userinput></screen>
</section> </section>
<section xml:id="accessing-a-vnc-console-through-a-web-browser"> <section xml:id="accessing-a-vnc-console-through-a-web-browser">
<info> <info>
<title>Access a VNC console through a web browser</title> <title>Access a VNC console with a web browser</title>
</info> </info>
<para>Retrieving an access_url for a web browser is similar to <para>Retrieving an access_url for a web browser is similar to the
the flow for the Java client.</para> flow for the Java client.</para>
<para>To get the access URL, run the following command:</para> <para>To get the access URL, run the following command:</para>
<screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> novnc</userinput></screen> <screen><prompt>$</prompt> <userinput>nova get-vnc-console <replaceable>[server_id]</replaceable> novnc</userinput></screen>
<para>Paste the URL into your web browser.</para> <para>Paste the URL into your web browser.</para>
<para>Additionally, you can use the OpenStack dashboard, known <para>Additionally, you can use the OpenStack dashboard, known as
as horizon, to access browser-based VNC consoles for horizon, to access browser-based VNC consoles for
instances.</para> instances.</para>
</section> </section>
</section> </section>

35
doc/common/section_xapi-ami-setup.xml
View File

@ -3,26 +3,21 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="xapi-ami-setup"> xml:id="xapi-ami-setup">
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Prepare for AMI Type Images</title> <title>Prepare for AMI type images</title>
<para>In order to support AMI type images within your OpenStack <para>To support AMI type images in your OpenStack installation,
installation, a directory <literal>/boot/guest</literal> needs to be you must create a <filename>/boot/guest</filename> directory
created inside Dom0. The OpenStack VM will put the kernel and ramdisk inside Dom0. The OpenStack VM extracts the kernel and ramdisk
extracted from the AKI and ARI images to this location.</para> from the AKI and ARI images puts them in this location.</para>
<para>OpenStack maintains the contents of this directory and its
<para>This directory's content will be maintained by OpenStack, and its size should not increase during normal operation. However, in
size should not increase during normal operation. However, in case of power case of power failures or accidental shutdowns, some files
failures or accidental shutdowns, some files might be left over. In order might be left over. To prevent these files from filling the
to prevent these files from filling up Dom0's disk, it is recommended to set up Dom0 disk, set up this directory as a symlink that points to a
this directory as a symlink pointing to a subdirectory of the local SR. subdirectory of the local SR.</para>
</para> <para>Run these commands in Dom0 to achieve this setup:</para>
<screen><prompt>#</prompt> <userinput>LOCAL_SR=$(xe sr-list name-label="Local storage" --minimal)</userinput>
<para>Execute the following commands in Dom0 to achieve the above mentioned
setup:
<screen><prompt>#</prompt> <userinput>LOCAL_SR=$(xe sr-list name-label="Local storage" --minimal)</userinput>
<prompt>#</prompt> <userinput>LOCALPATH="/var/run/sr-mount/$LOCAL_SR/os-guest-kernels"</userinput> <prompt>#</prompt> <userinput>LOCALPATH="/var/run/sr-mount/$LOCAL_SR/os-guest-kernels"</userinput>
<prompt>#</prompt> <userinput>mkdir -p "$LOCALPATH"</userinput> <prompt>#</prompt> <userinput>mkdir -p "$LOCALPATH"</userinput>
<prompt>#</prompt> <userinput>ln -s "$LOCALPATH" /boot/guest</userinput> <prompt>#</prompt> <userinput>ln -s "$LOCALPATH" /boot/guest</userinput></screen>
</screen>
</para>
</section> </section>

140
doc/common/section_xapi-install-plugins.xml
View File

@ -3,83 +3,91 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="xapi-install-plugins"> xml:id="xapi-install-plugins">
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Installing the XenAPI Plugins</title> <title>Install the XenAPI plug-ins</title>
<para>When using Xen as the hypervisor for OpenStack Compute, you <para>When you use Xen as the hypervisor for OpenStack Compute,
can install a Python script (usually, but it can be any you can install a Python script (or any executable) on the
executable) on the host side, and then call that through the host side, and call that through the XenAPI. These scripts are
XenAPI. These scripts are called plugins. The XenAPI plugins called plug-ins. The XenAPI plug-ins live in the nova code
live in the nova code repository. These plugins have to be repository. These plug-ins have to be copied to the Dom0 for
copied to the hypervisor's Dom0, to the appropriate directory, the hypervisor, to the appropriate directory, where xapi can
where xapi can find them. There are several options for the find them. There are several options for the installation. The
installation. The important thing is to ensure that the important thing is to ensure that the version of the plug-ins
version of the plugins are in line with the nova installation are in line with the nova installation by only installing
by only installing plugins from a matching nova plug-ins from a matching nova repository.</para>
repository.</para> <section xml:id="manual_install">
<section xml:id="manual_install"> <title>Manual Installation</title> <title>Manually install the plug-in</title>
<procedure><title>To manually install</title> <procedure>
<step><para>Create temporary files/directories: <step>
<para>Create temporary files/directories:</para>
<screen><prompt>$</prompt> <userinput>NOVA_ZIPBALL=$(mktemp)</userinput> <screen><prompt>$</prompt> <userinput>NOVA_ZIPBALL=$(mktemp)</userinput>
<prompt>$</prompt> <userinput>NOVA_SOURCES=$(mktemp -d)</userinput></screen></para></step> <prompt>$</prompt> <userinput>NOVA_SOURCES=$(mktemp -d)</userinput></screen>
<step><para>Get the source from github. The example assumes the master </step>
branch is used. Amend the URL to match the version <step>
being used: <para>Get the source from github. The example assumes
<screen><prompt>$</prompt> <userinput>wget -qO "$NOVA_ZIPBALL" https://github.com/openstack/nova/archive/master.zip</userinput> the master branch is used. Amend the URL to match
<prompt>$</prompt> <userinput>unzip "$NOVA_ZIPBALL" -d "$NOVA_SOURCES"</userinput></screen>(Alternatively) the version being used:</para>
Should you wish to use the official Ubuntu <screen><prompt>$</prompt> <userinput>wget -qO "$NOVA_ZIPBALL" https://github.com/openstack/nova/archive/master.zip</userinput>
<prompt>$</prompt> <userinput>unzip "$NOVA_ZIPBALL" -d "$NOVA_SOURCES"</userinput></screen>
<para>(Alternatively) To use the official Ubuntu
packages, use the following commands to get the packages, use the following commands to get the
nova code base: nova code base:</para>
<screen><prompt>$</prompt> <userinput>( cd $NOVA_SOURCES &amp;&amp; apt-get source python-nova --download-only )</userinput> <screen><prompt>$</prompt> <userinput>( cd $NOVA_SOURCES &amp;&amp; apt-get source python-nova --download-only )</userinput>
<prompt>$</prompt> <userinput>( cd $NOVA_SOURCES &amp;&amp; for ARCHIVE in *.tar.gz; do tar -xzf $ARCHIVE; done )</userinput></screen></para></step> <prompt>$</prompt> <userinput>( cd $NOVA_SOURCES &amp;&amp; for ARCHIVE in *.tar.gz; do tar -xzf $ARCHIVE; done )</userinput></screen>
<step><para>Copy the plugins to the hypervisor: </step>
<step>
<para>Copy the plug-ins to the hypervisor:</para>
<screen><prompt>$</prompt> <userinput>PLUGINPATH=$(find $NOVA_SOURCES -path '*/xapi.d/plugins' -type d -print)</userinput> <screen><prompt>$</prompt> <userinput>PLUGINPATH=$(find $NOVA_SOURCES -path '*/xapi.d/plugins' -type d -print)</userinput>
<prompt>$</prompt> <userinput>tar -czf - -C "$PLUGINPATH" ./ | ssh root@xenserver tar -xozf - -C /etc/xapi.d/plugins/</userinput></screen></para></step> <prompt>$</prompt> <userinput>tar -czf - -C "$PLUGINPATH" ./ | ssh root@xenserver tar -xozf - -C /etc/xapi.d/plugins/</userinput></screen>
<step><para>Remove the temporary files/directories: </step>
<step>
<para>Remove the temporary files/directories:</para>
<screen><prompt>$</prompt> <userinput>rm "$NOVA_ZIPBALL"</userinput> <screen><prompt>$</prompt> <userinput>rm "$NOVA_ZIPBALL"</userinput>
<prompt>$</prompt> <userinput>rm -rf "$NOVA_SOURCES"</userinput> </screen></para></step> <prompt>$</prompt> <userinput>rm -rf "$NOVA_SOURCES"</userinput> </screen>
</step>
</procedure> </procedure>
</section> </section>
<section xml:id="packaged_install"> <section xml:id="packaged_install">
<title>Package a XenServer supplemental pack</title>
<title>Packaged Installation</title> <para>Follow these steps to produce a supplemental pack from
the nova sources, and package it as a XenServer
<para>Follow these steps to produce a supplemental
pack from the nova sources, and package it as a XenServer
supplemental pack.</para> supplemental pack.</para>
<procedure><title>To package a XenServer supplemental pack</title> <procedure>
<step> <step>
<para>Create RPM packages. Given you have <para>Create RPM packages. Given you have the nova
the nova sources (use one of the methods mentioned sources. Use one of the methods in <xref
at Manual Installation): linkend="manual_install"/>:</para>
<screen><prompt>$</prompt> <userinput>cd nova/plugins/xenserver/xenapi/contrib</userinput> <screen><prompt>$</prompt> <userinput>cd nova/plugins/xenserver/xenapi/contrib</userinput>
<prompt>$</prompt> <userinput>./build-rpm.sh</userinput></screen>These <prompt>$</prompt> <userinput>./build-rpm.sh</userinput></screen>
commands leave an <literal>.rpm</literal> file in <para>These commands leave an
the <literal>rpmbuild/RPMS/noarch/</literal> <filename>.rpm</filename> file in the
<filename>rpmbuild/RPMS/noarch/</filename>
directory.</para> directory.</para>
</step> </step>
<step> <step>
<para>Pack the RPM packages to a <para>Pack the RPM packages to a Supplemental Pack,
Supplemental Pack, using the XenServer DDK (the using the XenServer DDK (the following command
following command should be issued on the should be issued on the XenServer DDK virtual
XenServer DDK virtual appliance, after the appliance, after the produced rpm file has been
produced rpm file has been copied over): copied over):</para>
<screen><prompt>$</prompt> <userinput>/usr/bin/build-supplemental-pack.sh \</userinput> <screen><prompt>$</prompt> <userinput>/usr/bin/build-supplemental-pack.sh \</userinput>
<prompt>&gt;</prompt> <userinput>--output=output_directory \</userinput> <prompt>&gt;</prompt> <userinput>--output=output_directory \</userinput>
<prompt>&gt;</prompt> <userinput>--vendor-code=novaplugin \</userinput> <prompt>&gt;</prompt> <userinput>--vendor-code=novaplugin \</userinput>
<prompt>&gt;</prompt> <userinput>--vendor-name=openstack \</userinput> <prompt>&gt;</prompt> <userinput>--vendor-name=openstack \</userinput>
<prompt>&gt;</prompt> <userinput>--label=novaplugins \</userinput> <prompt>&gt;</prompt> <userinput>--label=novaplugins \</userinput>
<prompt>&gt;</prompt> <userinput>--text="nova plugins" \</userinput> <prompt>&gt;</prompt> <userinput>--text="nova plugins" \</userinput>
<prompt>&gt;</prompt> <userinput>--version=0 \</userinput> <prompt>&gt;</prompt> <userinput>--version=0 \</userinput>
<prompt>&gt;</prompt> <userinput>full_path_to_rpmfile</userinput></screen>This <prompt>&gt;</prompt> <userinput>full_path_to_rpmfile</userinput></screen>
command produces an <literal>.iso</literal> file <para>This command produces an
in the output directory specified. Copy that file <filename>.iso</filename> file in the output
to the hypervisor.</para> directory specified. Copy that file to the
</step> hypervisor.</para>
<step> </step>
<para>Install the Supplemental Pack. Log <step>
in to the hypervisor, and issue: <para>Install the Supplemental Pack. Log in to the
<screen><prompt>#</prompt> <userinput>xe-install-supplemental-pack path_to_isofile</userinput></screen></para> hypervisor, and issue:</para>
</step> <screen><prompt>#</prompt> <userinput>xe-install-supplemental-pack path_to_isofile</userinput></screen>
</procedure> </step>
</section> </procedure>
</section>
</section> </section>

39
doc/common/section_xapi-resize-setup.xml
View File

@ -3,17 +3,16 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="xapi-resize-setup"> xml:id="xapi-resize-setup">
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Dom0 Modifications for Resize/Migration Support</title> <title>Modify Dom0 for resize/migration support</title>
<para>To get resize to work with XenServer (and XCP) you need to:</para> <para>To resize servers with XenServer and XCP, you must:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Establish a root trust between all hypervisor nodes of your <para>Establish a root trust between all hypervisor nodes
deployment:</para> of your deployment:</para>
<para>To do so, generate an ssh key-pair with the
<para>You can do so by generating an ssh key-pair (with <command>ssh-keygen</command> command. Ensure that
<command>ssh-keygen</command>) and then ensuring each of your dom0's
that each of your dom0's
<filename>authorized_keys</filename> file (located <filename>authorized_keys</filename> file (located
in <filename>/root/.ssh/authorized_keys</filename>) in <filename>/root/.ssh/authorized_keys</filename>)
contains the public key fingerprint (located in contains the public key fingerprint (located in
@ -21,22 +20,20 @@
</listitem> </listitem>
<listitem> <listitem>
<para>Provide an <filename>/images</filename> mount point <para>Provide an <filename>/images</filename> mount point
to your hypervisor's dom0:</para> to the dom0 for your hypervisor:</para>
<para>Dom0 space is at a premium so creating a directory
<para>Dom0 space is a premium so creating a directory in in dom0 is potentially dangerous and likely to fail
dom0 is kind of dangerous, and almost surely bound to especially when you resize large servers. The least
fail especially when resizing big servers. The least
you can do is to symlink <filename>/images</filename> you can do is to symlink <filename>/images</filename>
to your local storage SR. The instructions below work to your local storage SR. The following instructions
for an English-based installation of XenServer (and work for an English-based installation of XenServer
XCP) and in the case of ext3 based SR (with which the (and XCP) and in the case of ext3-based SR (with which
resize functionality is known to work the resize functionality is known to work
correctly).</para> correctly).</para>
<screen><prompt>#</prompt> <userinput>LOCAL_SR=$(xe sr-list name-label="Local storage" --minimal)</userinput> <screen><prompt>#</prompt> <userinput>LOCAL_SR=$(xe sr-list name-label="Local storage" --minimal)</userinput>
<prompt>#</prompt> <userinput>IMG_DIR="/var/run/sr-mount/$LOCAL_SR/images"</userinput> <prompt>#</prompt> <userinput>IMG_DIR="/var/run/sr-mount/$LOCAL_SR/images"</userinput>
<prompt>#</prompt> <userinput>mkdir -p "$IMG_DIR"</userinput> <prompt>#</prompt> <userinput>mkdir -p "$IMG_DIR"</userinput>
<prompt>#</prompt> <userinput>ln -s "$IMG_DIR" /images</userinput> <prompt>#</prompt> <userinput>ln -s "$IMG_DIR" /images</userinput></screen>
</screen>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>

250
doc/common/section_xen-install.xml
View File

@ -3,140 +3,138 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="xenapi-install"> xml:id="xenapi-install">
<title xml:id="xenapi-install.title">Installing XenServer and <title xml:id="xenapi-install.title">Install XenServer and
XCP</title> XCP</title>
<para>Before you can run OpenStack with XCP or XenServer, you must <para>Before you can run OpenStack with XCP or XenServer, you must
install the software on <link install the software on <link
xlink:href="http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/installation.html#sys_requirements" xlink:href="http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/installation.html#sys_requirements"
> an appropriate server</link>.</para> >an appropriate server</link>.</para>
<note> <note>
<para>Xen is a type 1 hypervisor: When your server starts, Xen <para>Xen is a type 1 hypervisor: When your server starts, Xen
is the first software that runs. Consequently, you must is the first software that runs. Consequently, you must
install XenServer or XCP before you install the operating install XenServer or XCP before you install the operating
system on which you want to run OpenStack code. The system where you want to run OpenStack code. The OpenStack
OpenStack services then run in a virtual machine that you services then run in a virtual machine that you install on
install on top of XenServer.</para> top of XenServer.</para>
</note> </note>
<para>Before you can install your system you must decide if you <para>Before you can install your system, decide whether to
want to install Citrix XenServer (either the free edition, or install a free or paid edition of Citrix XenServer or Xen
one of the paid editions) or Xen Cloud Platform from Xen.org. Cloud Platform from Xen.org. Download the software from these
You can download the software from the following locations: <itemizedlist> locations:</para>
<listitem> <itemizedlist>
<para><link <listitem>
xlink:href="http://www.citrix.com/XenServer/download" <para><link
> http://www.citrix.com/XenServer/download xlink:href="http://www.citrix.com/XenServer/download"
</link></para> >http://www.citrix.com/XenServer/download</link></para>
</listitem> </listitem>
<listitem> <listitem>
<para><link <para><link
xlink:href="http://www.xen.org/download/xcp/index.html" xlink:href="http://www.xen.org/download/xcp/index.html"
> http://www.xen.org/download/xcp/index.html >http://www.xen.org/download/xcp/index.html</link></para>
</link></para> </listitem>
</listitem> </itemizedlist>
</itemizedlist> When installing many servers, you may find it <para>When you install many servers, you might find it easier to
easier to perform <link perform <link
xlink:href="http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/installation.html#pxe_boot_install" xlink:href="http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/installation.html#pxe_boot_install"
> PXE boot installations of XenServer or XCP</link>. You >PXE boot installations of XenServer or XCP</link>. You
can also package up any post install changes you wish to make can also package any post-installation changes that you want
to your XenServer by <link to make to your XenServer by <link
xlink:href="http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/supplemental_pack_ddk.html" xlink:href="http://docs.vmd.citrix.com/XenServer/6.0.0/1.0/en_gb/supplemental_pack_ddk.html"
> creating your own XenServer supplemental >creating your own XenServer supplemental
pack</link>.</para> pack</link>.</para>
<para>It is also possible to get XCP by installing the <emphasis <para>You can also install the <package>xcp-xenapi</package>
role="bold">xcp-xenapi</emphasis> package on Debian based package on Debian-based distributions to get XCP. However,
distributions. However, this is not as mature or feature this is not as mature or feature complete as above
complete as above distributions. This will modify your boot distributions. This modifies your boot loader to first boot
loader to first boot Xen, then boot your existing OS on top of Xen and boot your existing OS on top of Xen as Dom0. The xapi
Xen as Dom0. It is in Dom0 that the xapi daemon will run. You daemon runs in Dom0. Find more details at <link
can find more details on the Xen.org wiki: <link xlink:href="http://wiki.xen.org/wiki/Project_Kronos"
xlink:href="http://wiki.xen.org/wiki/Project_Kronos"> >http://wiki.xen.org/wiki/Project_Kronos</link>.</para>
http://wiki.xen.org/wiki/Project_Kronos </link></para> <important>
<para>Make sure you use the EXT type of storage repository
<para><important> (SR). Features that require access to VHD files (such as
<para>Ensure you are using the EXT type of storage copy on write, snapshot and migration) do not work when
repository (SR). Features that require access to VHD you use the LVM SR. Storage repository (SR) is a
files (such as copy on write, snapshot and migration) XenAPI-specific term relating to the physical storage
do not work when using the LVM SR. Storage repository where virtual disks are stored.</para>
(SR) is a XenAPI specific term relating to the <para>On the XenServer/XCP installation screen, choose the
physical storage on which virtual disks are <guilabel>XenDesktop Optimized</guilabel> option. If
stored.</para> you use an answer file, make sure you use
<para>On the XenServer/XCP installation screen, this is <literal>srtype="ext"</literal> in the
selected by choosing "XenDesktop Optimized" option. In <option>installation</option> tag of the answer
case you are using an answer file, make sure you use file.</para>
<literal>srtype="ext"</literal> within the </important>
<literal>installation</literal> tag of the answer
file.</para>
</important></para>
<section xml:id="xenapi-post-install"> <section xml:id="xenapi-post-install">
<title>Post install steps</title> <title>Post-installation steps</title>
<para>You are now ready to install OpenStack onto your <para>Complete these steps to install OpenStack in your
XenServer system. This process involves the following XenServer system:</para>
steps: <itemizedlist> <procedure>
<listitem> <step>
<para>For resize and migrate functionality, please <para>For resize and migrate functionality, complete
perform the changes described in the <link the changes described in the <citetitle>Configure
xlink:href="http://docs.openstack.org/trunk/config-reference/content/configuring-openstack-compute-basics.html#xenserver-resize" resize</citetitle> section in the <link
> Configuring Resize</link> section of the xlink:href="../config-reference/content/index.html"
<citetitle>OpenStack Configuration Reference</citetitle>. ><citetitle>OpenStack Configuration
</para> Reference</citetitle></link>.</para>
</listitem> </step>
<listitem> <step>
<para>Install the VIF isolation rules to help <para>Install the VIF isolation rules to help prevent
prevent mac and ip address spoofing.</para> mac and IP address spoofing.</para>
</listitem> </step>
<listitem> <step>
<para>Install the XenAPI plugins - see the next <para>Install the XenAPI plug-ins. See the following
section.</para> section.</para>
</listitem> </step>
<listitem> <step>
<para>To support AMI type images, you must set up <para>To support AMI type images, you must set up
<literal>/boot/guest</literal> <literal>/boot/guest</literal>
symlink/directory in Dom0. For detailed symlink/directory in Dom0. For detailed
instructions, see next section.</para> instructions, see next section.</para>
</listitem> </step>
<listitem> <step>
<para>To support resize/migration, set up an ssh <para>To support resize/migration, set up an ssh trust
trust relation between your XenServer hosts, relation between your XenServer hosts, and ensure
and ensure <literal>/images</literal> is <literal>/images</literal> is properly set up.
properly set up. See next section for more See next section for more details.</para>
details.</para> </step>
</listitem> <step>
<listitem> <para>Create a Paravirtualized virtual machine that
<para>Create a Paravirtualized virtual machine can run the OpenStack compute code.</para>
that can run the OpenStack compute </step>
code.</para> <step>
</listitem> <para>Install and configure the <systemitem
<listitem> class="service">nova-compute</systemitem> in
<para>Install and configure the <systemitem the above virtual machine.</para>
class="service">nova-compute</systemitem> </step>
in the above virtual machine.</para> </procedure>
</listitem> <para>For more information, see how DevStack performs the last
</itemizedlist> For further information on these steps three steps for developer deployments. For more
look at how DevStack performs the last three steps when information about DevStack, see <citetitle>Getting Started
doing developer deployments. For more information on With XenServer and Devstack</citetitle> (<link
DevStack, take a look at the <link
xlink:href="https://github.com/openstack-dev/devstack/blob/master/tools/xen/README.md" xlink:href="https://github.com/openstack-dev/devstack/blob/master/tools/xen/README.md"
> DevStack and XenServer Readme</link>. More >https://github.com/openstack-dev/devstack/blob/master/tools/xen/README.md</link>).
information on the first step can be found in the <link Find more information about the first step, see
<citetitle>Multi Tenancy Networking Protections in
XenServer</citetitle> (<link
xlink:href="https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst" xlink:href="https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst"
> XenServer mutli-tenancy protection doc</link>. More >https://github.com/openstack/nova/blob/master/plugins/xenserver/doc/networking.rst</link>).
information on how to install the XenAPI plugins can be For information about how to install the XenAPI plug-ins,
found in the <link see <citetitle>XenAPI README</citetitle> (<link
xlink:href="https://github.com/openstack/nova/blob/master/plugins/xenserver/xenapi/README" xlink:href="https://github.com/openstack/nova/blob/master/plugins/xenserver/xenapi/README"
> XenAPI plugins Readme</link>.</para> >https://github.com/openstack/nova/blob/master/plugins/xenserver/xenapi/README</link>).</para>
<xi:include href="section_xapi-install-plugins.xml"/> <xi:include href="section_xapi-install-plugins.xml"/>
<xi:include href="section_xapi-ami-setup.xml"/> <xi:include href="section_xapi-ami-setup.xml"/>
<xi:include href="section_xapi-resize-setup.xml"/> <xi:include href="section_xapi-resize-setup.xml"/>
</section> </section>
<section xml:id="xenapi-boot-from-iso"> <section xml:id="xenapi-boot-from-iso">
<title>Xen Boot from ISO</title> <title>Xen boot from ISO</title>
<para>XenServer, through the XenAPI integration with OpenStack <para>XenServer, through the XenAPI integration with
provides a feature to boot instances from an ISO file. To OpenStack, provides a feature to boot instances from an
activate the "Boot From ISO" feature, you must configure ISO file. To activate the Boot From ISO feature, you must
the SR elements on XenServer host that way.</para> configure the SR elements on XenServer host, as
follows:</para>
<procedure> <procedure>
<title>To Xen boot from ISO</title>
<step> <step>
<para>Create an ISO-typed SR, such as an NFS ISO <para>Create an ISO-typed SR, such as an NFS ISO
library, for instance. For this, using XenCenter library, for instance. For this, using XenCenter
@ -145,32 +143,32 @@
in read-write mode.</para> in read-write mode.</para>
</step> </step>
<step> <step>
<para>On the compute host, find the uuid of this ISO <para>On the compute host, find and record the uuid of
SR and write it down. this ISO SR:</para>
<screen><prompt>#</prompt> <userinput>xe host-list</userinput></screen></para> <screen><prompt>#</prompt> <userinput>xe host-list</userinput></screen>
</step> </step>
<step> <step>
<para>Locate the uuid of the NFS ISO library: <para>Locate the uuid of the NFS ISO library:</para>
<screen><prompt>#</prompt> <userinput>xe sr-list content-type=iso</userinput> </screen></para> <screen><prompt>#</prompt> <userinput>xe sr-list content-type=iso</userinput></screen>
</step> </step>
<step> <step>
<para>Set the uuid and configuration. Even if an NFS <para>Set the uuid and configuration. Even if an NFS
mount point isn't local storage, you must specify mount point is not local, you must specify
"local-storage-iso."</para> <literal>local-storage-iso</literal>.</para>
<screen><prompt>#</prompt> <userinput>xe sr-param-set uuid=[iso sr uuid] other-config:i18n-key=local-storage-iso</userinput></screen> <screen><prompt>#</prompt> <userinput>xe sr-param-set uuid=[iso sr uuid] other-config:i18n-key=local-storage-iso</userinput></screen>
</step> </step>
<step> <step>
<para>Make sure the host-uuid from "xe pbd-list" <para>Make sure the host-uuid from <literal>xe
equals the uuid of the host you found pbd-list</literal> equals the uuid of the host
earlier:</para> you found previously:</para>
<screen><prompt>#</prompt> <userinput>xe sr-uuid=[iso sr uuid]</userinput></screen> <screen><prompt>#</prompt> <userinput>xe sr-uuid=[iso sr uuid]</userinput></screen>
</step> </step>
<step> <step>
<para>You can now add images via the OpenStack Image <para>You can now add images through the OpenStack
Registry, with <literal>disk-format=iso</literal>, Image Service with
and boot them in OpenStack Compute. <literal>disk-format=iso</literal>, and boot
<screen><prompt>#</prompt> <userinput>glance image-create --name=fedora_iso --disk-format=iso --container-format=bare &lt; Fedora-16-x86_64-netinst.iso</userinput></screen> them in OpenStack Compute:</para>
</para> <screen><prompt>#</prompt> <userinput>glance image-create --name=fedora_iso --disk-format=iso --container-format=bare &lt; Fedora-16-x86_64-netinst.iso</userinput></screen>
</step> </step>
</procedure> </procedure>
</section> </section>