openstack/openstack-manuals
Code Issues Proposed changes

Fixes to Cloud Admin Guide for Havana (testing with Anne G)

Browse Source 
Change-Id: I65a12cfdde82c069684e7fac0b53ae5720b6ebda
author: diane fleming
This commit is contained in:
Diane Fleming 2013-09-27 12:14:51 -05:00
parent 94c72ccb4e
commit c2bfed945d
25 changed files with 3721 additions and 3244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/admin-guide-cloud/bk-admin-guide-cloud.xml
View File

@ -7,7 +7,7 @@
xml:id="openstack-compute-admin-manual-grizzly"> xml:id="openstack-compute-admin-manual-grizzly">
<title>OpenStack Cloud Administrator Guide</title> <title>OpenStack Cloud Administrator Guide</title>
<?rax title.font.size="28px" subtitle.font.size="28px"?> <?rax title.font.size="28px" subtitle.font.size="28px"?>
<titleabbrev>OpenStack Cloud Administrator Guide</titleabbrev> <titleabbrev>Cloud Administrator Guide</titleabbrev>
<info> <info>
<author> <author>
<personname> <personname>

23
doc/admin-guide-cloud/ch_blockstorage.xml
View File

@ -3,6 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="managing-volumes"> xml:id="managing-volumes">
<?dbhtml stop-chunking?>
<title>Block Storage</title> <title>Block Storage</title>
<para>The OpenStack Block Storage service works though the <para>The OpenStack Block Storage service works though the
interaction of a series of daemon processes named cinder-* interaction of a series of daemon processes named cinder-*
@ -26,6 +27,7 @@
service is similar to the Amazon EC2 Elastic Block Storage service is similar to the Amazon EC2 Elastic Block Storage
(EBS) offering.</para> (EBS) offering.</para>
</section> </section>
<?hard-pagebreak?>
<section xml:id="section_manage-volumes"> <section xml:id="section_manage-volumes">
<title>Manage volumes</title> <title>Manage volumes</title>
<para>The default OpenStack Block Storage service implementation <para>The default OpenStack Block Storage service implementation
@ -45,8 +47,6 @@
<para>The following high-level procedure shows you how to create <para>The following high-level procedure shows you how to create
and attach a volume to a server instance.</para> and attach a volume to a server instance.</para>
<procedure> <procedure>
<title>To create and attach a volume to a server
instance:</title>
<step><para>You must configure both OpenStack Compute and the <step><para>You must configure both OpenStack Compute and the
OpenStack Block Storage service through the OpenStack Block Storage service through the
<filename>cinder.conf</filename> file.</para></step> <filename>cinder.conf</filename> file.</para></step>
@ -83,14 +83,11 @@
<systemitem class="service">nova-compute</systemitem>. The walk through uses <systemitem class="service">nova-compute</systemitem>. The walk through uses
a custom partitioning scheme that carves out 60GB of space a custom partitioning scheme that carves out 60GB of space
and labels it as LVM. The network uses and labels it as LVM. The network uses
<literal>FlatManger</literal> is the <literal>FlatManager</literal> is the
<literal>NetworkManager</literal> setting for <literal>NetworkManager</literal> setting for
OpenStack Compute (Nova).</para> OpenStack Compute (Nova).</para>
<para>Please note that the network mode doesn't interfere at <para>The network mode does not interfere with the way cinder works, but networking must be set
all with the way cinder works, but networking must be set up for cinder to work. For details, see <xref linkend="ch_networking"/>.</para>
up for cinder to work. Please refer to <link
xlink:href="http://docs.openstack.org/grizzly/openstack-network/admin/content/">Networking Administration</link> for more
details.</para>
<para>To set up Compute to use volumes, ensure that Block <para>To set up Compute to use volumes, ensure that Block
Storage is installed along with lvm2. This guide describes how to:</para> Storage is installed along with lvm2. This guide describes how to:</para>
<para> <para>
@ -106,10 +103,14 @@
<section xml:id="boot-from-volume"> <section xml:id="boot-from-volume">
<title>Boot from volume</title> <title>Boot from volume</title>
<para>In some cases, instances can be stored and run from inside volumes. This is explained in further detail in the <link xlink:href="http://docs.openstack.org/user-guide/content/boot_from_volume.html">Boot From Volume</link> <para>In some cases, instances can be stored and run from
section of the <citetitle>OpenStack End User Guide</citetitle>.</para> inside volumes. For information, see the <link
xlink:href="http://docs.openstack.org/user-guide/content/boot_from_volume.html"
>Launch an instance from a volume</link> section in the
<link xlink:href="http://docs.openstack.org/user-guide/content/"><citetitle>OpenStack End User
Guide</citetitle></link>.</para>
</section> </section>
<?hard-pagebreak?>
<xi:include href="section_troubleshoot-cinder.xml"/> <xi:include href="section_troubleshoot-cinder.xml"/>
<xi:include href="section_multi_backend.xml"/> <xi:include href="section_multi_backend.xml"/>
<xi:include href="section_backup-block-storage-disks.xml"/> <xi:include href="section_backup-block-storage-disks.xml"/>

2884
doc/admin-guide-cloud/ch_compute.xml
View File

File diff suppressed because it is too large Load Diff

33
doc/admin-guide-cloud/ch_dashboard.xml
View File

@ -3,18 +3,20 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_install-dashboard"> xml:id="ch_install-dashboard">
<?dbhtml stop-chunking?>
<title>Dashboard</title> <title>Dashboard</title>
<para xmlns:raxm="http://docs.rackspace.com/api/metadata">The dashboard, also known as <link <para xmlns:raxm="http://docs.rackspace.com/api/metadata">The
xlink:href="https://github.com/openstack/horizon/">horizon</link>, is a Web interface dashboard, also known as <link
that allows cloud administrators and users to manage various OpenStack resources and xlink:href="https://github.com/openstack/horizon/"
services.</para> >horizon</link>, enables cloud administrators and users to
<para>The dashboard enables web-based interactions with the manage various OpenStack resources and services through a
OpenStack Compute cloud controller through the OpenStack APIs.</para> Web-based interface. The dashboard enables interactions with
<para>The following instructions show an example deployment the OpenStack Compute cloud controller through the OpenStack
configured with an Apache web server.</para> APIs. For information about installing and configuring the
<para>After you <link linkend="installing-openstack-dashboard" dashboard, see the <citetitle>OpenStack Installation
>install and configure the dashboard</link>, you can Guide</citetitle> for your distribution. After you install and
complete the following tasks:</para> configure the dashboard, you can complete the
following tasks:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Customize your dashboard. See <xref <para>Customize your dashboard. See <xref
@ -30,13 +32,12 @@
>Deploying Horizon</link>.</para> >Deploying Horizon</link>.</para>
</listitem> </listitem>
<listitem xml:id="launch_instances"> <listitem xml:id="launch_instances">
<para>Launch instances with the dashboard. See the <para>Launch instances with the dashboard. See the <link
<citetitle>OpenStack User xlink:href="http://docs.openstack.org/user-guide/content/"
Guide</citetitle>.</para> ><citetitle>OpenStack End User
Guide</citetitle></link>.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<xi:include href="../common/section_dashboard-system-reqs.xml"/>
<xi:include href="../common/section_dashboard-install.xml"/>
<xi:include href="../common/section_dashboard_customizing.xml"/> <xi:include href="../common/section_dashboard_customizing.xml"/>
<xi:include href="../common/section_dashboard_sessions.xml"/> <xi:include href="../common/section_dashboard_sessions.xml"/>
</chapter> </chapter>

268
doc/admin-guide-cloud/ch_identity_mgmt.xml
View File

@ -3,166 +3,135 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch-identity-mgmt-config"> xml:id="ch-identity-mgmt-config">
<?dbhtml stop-chunking?>
<title>Identity Management</title> <title>Identity Management</title>
<para> <para>The default identity management system for OpenStack is the
The default identity management system for OpenStack is the OpenStack Identity Service, code-named Keystone. OpenStack Identity Service, code-named Keystone. Once Identity is
Once Identity is installed, it is configured via a primary installed, it is configured via a primary configuration file
configuration file (<filename>etc/keystone.conf</filename>), possibly (<filename>etc/keystone.conf</filename>), possibly a separate
a separate logging configuration file, and initializing data into logging configuration file, and initializing data into keystone
keystone using the command line client. using the command line client.</para>
</para>
<xi:include href="../common/section_keystone-concepts.xml"/> <xi:include href="../common/section_keystone-concepts.xml"/>
<section xml:id="user-crud"> <section xml:id="user-crud">
<title>User CRUD</title> <title>User CRUD</title>
<para> <para>Keystone provides a user CRUD filter that can be added to
Keystone provides a user CRUD filter that can be added to the the public_api pipeline. This user crud filter enables users to
public_api pipeline. This user crud filter allows users to use a use a HTTP PATCH to change their own password. To enable this
HTTP PATCH to change their own password. To enable this extension extension you should define a
you should define a <literal>user_crud_extension</literal> filter, insert it after <literal>user_crud_extension</literal> filter, insert it after
the <literal>*_body</literal> middleware and before the the <literal>*_body</literal> middleware and before the
<literal>public_service</literal> app in the public_api WSGI <literal>public_service</literal> app in the public_api WSGI
pipeline in <filename>keystone.conf</filename> e.g.: pipeline in <filename>keystone.conf</filename> e.g.:</para>
</para> <programlisting language="ini"><?db-font-size 75%?>[filter:user_crud_extension]
<programlisting language="ini">
[filter:user_crud_extension]
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
[pipeline:public_api] [pipeline:public_api]
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service</programlisting>
</programlisting> <para>Each user can then change their own password with a HTTP
<para> PATCH</para>
Each user can then change their own password with a HTTP PATCH <programlisting language="ini"><?db-font-size 75%?>&gt; curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/&lt;userid&gt; -H &quot;Content-type: application/json&quot; \
</para> -H &quot;X_Auth_Token: &lt;authtokenid&gt;&quot; -d '{&quot;user&quot;: {&quot;password&quot;: &quot;ABCD&quot;, &quot;original_password&quot;: &quot;DCBA&quot;}}'</programlisting>
<programlisting language="ini"> <para>In addition to changing their password all of the users
&gt; curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/&lt;userid&gt; -H &quot;Content-type: application/json&quot; \ current tokens are deleted (if the back end is kvs or
-H &quot;X_Auth_Token: &lt;authtokenid&gt;&quot; -d '{&quot;user&quot;: {&quot;password&quot;: &quot;ABCD&quot;, &quot;original_password&quot;: &quot;DCBA&quot;}}' sql).</para>
</programlisting>
<para>
In addition to changing their password all of the users current
tokens will be deleted (if the backend used is kvs or sql)
</para>
</section> </section>
<section xml:id="keystone-logging"> <section xml:id="keystone-logging">
<title>Logging</title> <title>Logging</title>
<para> Logging is configured externally to the rest of Identity, <para>You configure logging externally to the rest of Identity.
the file specifying the logging configuration is in the The file specifying the logging configuration is in the
<literal>[DEFAULT]</literal> section of the <literal>[DEFAULT]</literal> section of the
<filename>keystone.conf</filename> file under <filename>keystone.conf</filename> file under
<literal>log_config</literal>. If you wish to route all your <literal>log_config</literal>. To route logging through
logging through syslog, set <literal>use_syslog=true</literal> syslog, set <literal>use_syslog=true</literal> option in the
option in the <literal>[DEFAULT]</literal> section. </para> <literal>[DEFAULT]</literal> section.</para>
<para> <para>A sample logging file is available with the project in the
A sample logging file is available with the project in the directory <filename>etc/logging.conf.sample</filename>. Like
directory <filename>etc/logging.conf.sample</filename>. Like other other OpenStack projects, Identity uses the python logging
OpenStack projects, Identity uses the `python logging module`, module, which includes extensive configuration options for
which includes extensive configuration options for choosing the choosing the output levels and formats.</para>
output levels and formats. <para>Review the <filename>etc/keystone.conf</filename> sample
</para> configuration files distributed with keystone for example
<para> configuration files for each server application.</para>
In addition to this documentation page, you can check the <para>For services which have separate paste-deploy ini file, you
<filename>etc/keystone.conf</filename> sample configuration files can configure auth_token middleware in [keystone_authtoken]
distributed with keystone for example configuration files for each section in the main config file, such as
server application. <filename>nova.conf</filename>. For example in Compute, you
</para> can remove the middleware parameters from
<para>For services which have separate paste-deploy ini file, <filename>api-paste.ini</filename>, as follows:</para>
auth_token middleware can be alternatively configured in <programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
[keystone_authtoken] section in the main config file, such as paste.filter_factory =
<filename>nova.conf</filename>. For keystoneclient.middleware.auth_token:filter_factory</programlisting>
example in Nova, all middleware parameters can be removed from <para>And set the following values in
api-paste.ini like these:</para> <filename>nova.conf</filename>, as follows:</para>
<programlisting language="ini"> [filter:authtoken] <programlisting language="ini"><?db-font-size 75%?>[DEFAULT]
paste.filter_factory = ...
keystoneclient.middleware.auth_token:filter_factory auth_strategy=keystone
</programlisting>
<para>and set in
<filename>nova.conf</filename> like these: </para>
<programlisting language="ini">[DEFAULT]
...
auth_strategy=keystone
[keystone_authtoken] [keystone_authtoken]
auth_host = 127.0.0.1 auth_host = 127.0.0.1
auth_port = 35357 auth_port = 35357
auth_protocol = http auth_protocol = http
auth_uri = http://127.0.0.1:5000/ auth_uri = http://127.0.0.1:5000/
admin_user = admin admin_user = admin
admin_password = SuperSekretPassword admin_password = SuperSekretPassword
admin_tenant_name = service admin_tenant_name = service </programlisting>
</programlisting> <note>
<para>Note that middleware parameters in <para>Middleware parameters in paste config take priority. You
paste config take priority, they must be removed to use values must remove them to use values in [keystone_authtoken]
in [keystone_authtoken] section.</para> section.</para>
</note>
</section> </section>
<section xml:id="monitoring"> <section xml:id="monitoring">
<title>Monitoring</title> <title>Monitoring</title>
<para> <para>Keystone provides some basic request/response monitoring
Keystone provides some basic request/response monitoring statistics out of the box.</para>
statistics out of the box. <para>Enable data collection by defining a
</para> <literal>stats_monitoring</literal> filter and including it at
<para> the beginning of any desired WSGI pipelines:</para>
Enable data collection by defining a <programlisting language="ini"><?db-font-size 75%?>[filter:stats_monitoring]
<literal>stats_monitoring</literal> filter and including it at the
beginning of any desired WSGI pipelines:
</para>
<programlisting language="ini">
[filter:stats_monitoring]
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
[pipeline:public_api] [pipeline:public_api]
pipeline = stats_monitoring [...] public_service pipeline = stats_monitoring [...] public_service</programlisting>
</programlisting> <para>Enable the reporting of collected data by defining a
<para> <literal>stats_reporting</literal> filter and including it
Enable the reporting of collected data by defining a near the end of your <literal>admin_api</literal> WSGI pipeline
<literal>stats_reporting</literal> filter and including it near (After <literal>*_body</literal> middleware and before
the end of your <literal>admin_api</literal> WSGI pipeline (After <literal>*_extension</literal> filters is recommended):</para>
<literal>*_body</literal> middleware and before <programlisting language="ini"><?db-font-size 75%?>[filter:stats_reporting]
<literal>*_extension</literal> filters is recommended):
</para>
<programlisting language="ini">
[filter:stats_reporting]
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
[pipeline:admin_api] [pipeline:admin_api]
pipeline = [...] json_body stats_reporting ec2_extension [...] admin_service pipeline = [...] json_body stats_reporting ec2_extension [...] admin_service</programlisting>
</programlisting> <para>Query the admin API for statistics using:</para>
<para>
Query the admin API for statistics using:
</para>
<screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen> <screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen>
<para> <para>Reset collected data using:</para>
Reset collected data using: <screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' -X DELETE \
</para> http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen>
<screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' -X DELETE http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen>
</section> </section>
<section xml:id="running-keystone"> <section xml:id="running-keystone">
<title>Running</title> <title>Start the Identity Service</title>
<para> <para>To start the services for the Identity Service, run the
Running Identity is simply starting the services by using the following command:</para>
command: <screen><prompt>$</prompt> <userinput>keystone-all</userinput></screen>
</para> <para>This command starts two wsgi.Server instances configured by
<screen><prompt>$</prompt> <userinput> the <filename>keystone.conf</filename> file as described
keystone-all previously. One of these wsgi servers is
</userinput></screen> <literal>admin</literal> (the administration API) and the
<para> other is <literal>main</literal> (the primary/public API
Invoking this command starts up two wsgi.Server instances, interface). Both run in a single process.</para>
configured by the <filename>keystone.conf</filename> file as
described above. One of these wsgi 'servers' is
<literal>admin</literal> (the administration API) and the other is
<literal>main</literal> (the primary/public API interface). Both
of these run in a single process.
</para>
</section> </section>
<section xml:id="example-usage"> <section xml:id="example-usage">
<title>Example usage</title> <title>Example usage</title>
<para>The <literal>keystone</literal> client is set up to expect commands <para>The <literal>keystone</literal> client is set up to expect
in the general form of <literal>keystone</literal> commands in the general form of <literal>keystone</literal>
<literal>command</literal> <literal>command</literal>
<literal>argument</literal>, followed by flag-like keyword arguments to <literal>argument</literal>, followed by flag-like keyword
provide additional (often optional) information. For example, the arguments to provide additional (often optional) information.
command <literal>user-list</literal> and For example, the command <literal>user-list</literal> and
<literal>tenant-create</literal> can be invoked as follows: </para> <literal>tenant-create</literal> can be invoked as
<programlisting language="bash"> follows:</para>
# Using token auth env variables <programlisting language="bash"><?db-font-size 65%?># Using token auth env variables
export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/ export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
export SERVICE_TOKEN=secrete_token export SERVICE_TOKEN=secrete_token
keystone user-list keystone user-list
@ -181,25 +150,22 @@ keystone tenant-create --name=demo
# Using user + password + tenant_name flags # Using user + password + tenant_name flags
keystone --username=admin --password=secrete --tenant_name=admin user-list keystone --username=admin --password=secrete --tenant_name=admin user-list
keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo</programlisting>
</programlisting>
</section> </section>
<section xml:id="auth-token-middleware-with-username-and-password"> <section xml:id="auth-token-middleware-with-username-and-password">
<title>Auth-Token Middleware with Username and Password</title> <title>Auth-Token middleware with user name and password</title>
<para> <para>It is also possible to configure the Identity Service
It is also possible to configure Keystone's auth_token Auth-Token middleware using the <option>admin_user</option> and
middleware using the 'admin_user' and 'admin_password' options. <option>admin_password</option> options. When using the
When using the 'admin_user' and 'admin_password' options the <option>admin_user</option> and
'admin_token' parameter is optional. If 'admin_token' is <option>admin_password</option> options the
specified it will by used only if the specified token is still <option>admin_token</option> parameter is optional. If
valid. <option>admin_token</option> is specified it is used only if
</para> the specified token is still valid.</para>
<para> <para>Here is an example paste config filter that makes use of the
Here is an example paste config filter that makes use of the <option>admin_user</option> and
'admin_user' and 'admin_password' parameters: <option>admin_password</option> parameters:</para>
</para> <screen>[filter:authtoken]
<screen>
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_port = 5000 service_port = 5000
service_host = 127.0.0.1 service_host = 127.0.0.1
@ -207,13 +173,11 @@ auth_port = 35357
auth_host = 127.0.0.1 auth_host = 127.0.0.1
auth_token = 012345SECRET99TOKEN012345 auth_token = 012345SECRET99TOKEN012345
admin_user = admin admin_user = admin
admin_password = keystone123 admin_password = keystone123</screen>
</screen> <para>It should be noted that when using this option an admin
<para>
It should be noted that when using this option an admin
tenant/role relationship is required. The admin user is granted tenant/role relationship is required. The admin user is granted
access to the 'Admin' role on the 'admin' tenant. access to the Admin role on the admin tenant.</para>
</para>
</section> </section>
<?hard-pagebreak?>
<xi:include href="../common/section_identity-troubleshooting.xml"/> <xi:include href="../common/section_identity-troubleshooting.xml"/>
</chapter> </chapter>

21
doc/admin-guide-cloud/ch_networking.xml
View File

@ -3,6 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_networking"> xml:id="ch_networking">
<?dbhtml stop-chunking?>
<title>Networking</title> <title>Networking</title>
<para>Learn Networking concepts, architecture, and basic and <para>Learn Networking concepts, architecture, and basic and
advanced neutron and nova command-line interface (CLI) advanced neutron and nova command-line interface (CLI)
@ -14,8 +15,7 @@
API for defining network connectivity and addressing in API for defining network connectivity and addressing in
the cloud. The Networking service enables operators to the cloud. The Networking service enables operators to
leverage different networking technologies to power their leverage different networking technologies to power their
cloud networking.</para> cloud networking. The Networking service also provides an API to configure
<para>The Networking service also provides an API to configure
and manage a variety of network services ranging from L3 and manage a variety of network services ranging from L3
forwarding and NAT to load balancing, edge firewalls, and forwarding and NAT to load balancing, edge firewalls, and
IPSEC VPN.</para> IPSEC VPN.</para>
@ -59,8 +59,7 @@
<para>You can configure rich network topologies by <para>You can configure rich network topologies by
creating and configuring networks and subnets, and creating and configuring networks and subnets, and
then instructing other OpenStack services like Compute then instructing other OpenStack services like Compute
to attach virtual devices to ports on these networks. to attach virtual devices to ports on these networks.</para><para>In particular, Networking supports each tenant having
In particular, Networking supports each tenant having
multiple private networks, and allows tenants to multiple private networks, and allows tenants to
choose their own IP addressing scheme (even if those choose their own IP addressing scheme (even if those
IP addresses overlap with those used by other IP addresses overlap with those used by other
@ -195,7 +194,6 @@
number of plug-ins, the cloud administrator is able to number of plug-ins, the cloud administrator is able to
weigh different options and decide which networking weigh different options and decide which networking
technology is right for the deployment.</para> technology is right for the deployment.</para>
<?hard-pagebreak?>
<para>Not all Networking plug-ins are compatible with all <para>Not all Networking plug-ins are compatible with all
possible Compute drivers:</para> possible Compute drivers:</para>
<table rules="all"> <table rules="all">
@ -333,7 +331,6 @@
with each other and with other OpenStack services.</para> with each other and with other OpenStack services.</para>
<section xml:id="arch_overview"> <section xml:id="arch_overview">
<title>Overview</title> <title>Overview</title>
<para>Networking is a standalone service, just like other <para>Networking is a standalone service, just like other
OpenStack services such as Compute, Image service, OpenStack services such as Compute, Image service,
Identity service, or the Dashboard. Like those Identity service, or the Dashboard. Like those
@ -433,7 +430,7 @@
<title>Network connectivity for physical hosts</title> <title>Network connectivity for physical hosts</title>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata scale="60" <imagedata scale="50"
fileref="../common/figures/Neutron-PhysNet-Diagram.png" fileref="../common/figures/Neutron-PhysNet-Diagram.png"
/> />
</imageobject> </imageobject>
@ -552,6 +549,7 @@
first available IP address.</para> first available IP address.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<?hard-pagebreak?>
<para>The following table summarizes the attributes <para>The following table summarizes the attributes
available for each networking abstraction. For available for each networking abstraction. For
information about API abstraction and operations, information about API abstraction and operations,
@ -734,6 +732,7 @@
</tr> </tr>
</tbody> </tbody>
</table> </table>
<?hard-pagebreak?>
<table rules="all"> <table rules="all">
<caption>Port attributes</caption> <caption>Port attributes</caption>
<col width="20%"/> <col width="20%"/>
@ -913,6 +912,7 @@
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen> <screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen>
</note> </note>
</section> </section>
<?hard-pagebreak?>
<section xml:id="advanced_networking"> <section xml:id="advanced_networking">
<title>Advanced Networking operations</title> <title>Advanced Networking operations</title>
<para>The following table shows example neutron <para>The following table shows example neutron
@ -968,6 +968,7 @@
</table> </table>
</section> </section>
</section> </section>
<?hard-pagebreak?>
<section xml:id="using_nova_with_neutron"> <section xml:id="using_nova_with_neutron">
<title>Use Compute with Networking</title> <title>Use Compute with Networking</title>
<section xml:id="basic_workflow_with_nova"> <section xml:id="basic_workflow_with_nova">
@ -1110,8 +1111,10 @@
<command>ping</command> and <command>ping</command> and
<command>ssh</command> access to your <command>ssh</command> access to your
VMs.</para> VMs.</para>
<screen><prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol icmp --direction ingress default</userinput> <screen><prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol icmp \
<prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress default</userinput></screen> --direction ingress default</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol tcp --port-range-min 22 \
--port-range-max 22 --direction ingress default</userinput></screen>
</listitem> </listitem>
<listitem> <listitem>
<para>Does not implement Networking security <para>Does not implement Networking security

14
doc/admin-guide-cloud/ch_objectstorage.xml
View File

@ -4,10 +4,16 @@
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0" version="5.0"
xml:id="ch_admin-openstack-object-storage"> xml:id="ch_admin-openstack-object-storage">
<?dbhtml stop-chunking?>
<title>Object Storage</title> <title>Object Storage</title>
<para>OpenStack Object Storage is a scalable object storage system&#x2014;it is not a file system in <para>Object Storage is a scalable object storage system. It is
the traditional sense. You will not be able to mount this system like traditional SAN or NAS not a file system in the traditional sense. You cannot mount
volumes.</para> this system like traditional SAN or NAS volumes. Because Object
<xi:include href="../common/section_about-object-storage.xml"/> Storage requires a different way of thinking when it comes to
storage, take a few moments to review the key concepts in the
developer documentation at <link
xlink:href="http://docs.openstack.org/developer/swift/"
>docs.openstack.org/developer/swift/</link>.</para>
<!-- <xi:include href="../common/section_about-object-storage.xml"/> -->
<xi:include href="section_object-storage-monitoring.xml"/> <xi:include href="section_object-storage-monitoring.xml"/>
</chapter> </chapter>

8
doc/admin-guide-cloud/section_networking_adv_features.xml
View File

@ -326,6 +326,7 @@
other hosts on the external network (and often to all other hosts on the external network (and often to all
hosts on the Internet). You can allocate and map floating hosts on the Internet). You can allocate and map floating
IPs from one port to another, as needed.</para> IPs from one port to another, as needed.</para>
<?hard-pagebreak?>
<section xml:id="l3_api_abstractions"> <section xml:id="l3_api_abstractions">
<title>L3 API abstractions</title> <title>L3 API abstractions</title>
<table rules="all"> <table rules="all">
@ -463,8 +464,8 @@
</tr> </tr>
</tbody> </tbody>
</table> </table>
</section> </section>
<?hard-pagebreak?>
<section xml:id="l3_workflow"> <section xml:id="l3_workflow">
<title>Basic L3 operations</title> <title>Basic L3 operations</title>
<para>External networks are visible to all users. However, <para>External networks are visible to all users. However,
@ -656,6 +657,7 @@
</table> </table>
</section> </section>
</section> </section>
<?hard-pagebreak?>
<section xml:id="section_securitygroups"> <section xml:id="section_securitygroups">
<title>Security groups</title> <title>Security groups</title>
<para>Security groups and security group rules allows <para>Security groups and security group rules allows
@ -917,6 +919,7 @@
</table> </table>
</section> </section>
</section> </section>
<?hard-pagebreak?>
<section xml:id="lbaas_workflow"> <section xml:id="lbaas_workflow">
<title>Basic Load-Balancer-as-a-Service operations</title> <title>Basic Load-Balancer-as-a-Service operations</title>
<note> <note>
@ -994,6 +997,7 @@
</tbody> </tbody>
</table> </table>
</section> </section>
<?hard-pagebreak?>
<section xml:id="fwaas"> <section xml:id="fwaas">
<title>Firewall-as-a-Service</title> <title>Firewall-as-a-Service</title>
<para>The Firewall-as-a-Service (FWaaS) API is an experimental <para>The Firewall-as-a-Service (FWaaS) API is an experimental
@ -1386,6 +1390,7 @@
</note> </note>
</section> </section>
</section> </section>
<?hard-pagebreak?>
<section xml:id="section_allowed_address_pairs"> <section xml:id="section_allowed_address_pairs">
<title>Allowed-address-pairs</title> <title>Allowed-address-pairs</title>
<para>Allowed-address-pairs is an API extension that extends <para>Allowed-address-pairs is an API extension that extends
@ -1433,6 +1438,7 @@
</note> </note>
</section> </section>
</section> </section>
<?hard-pagebreak?>
<section xml:id="section_plugin_specific_extensions"> <section xml:id="section_plugin_specific_extensions">
<title>Plug-in specific extensions</title> <title>Plug-in specific extensions</title>
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>

58
doc/admin-guide-cloud/section_troubleshoot-cinder.xml
View File

@ -3,11 +3,14 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink"
version="1.0"> version="1.0">
<title>Troubleshoot your cinder installation</title> <title>Troubleshoot your cinder installation</title>
<para>This section is intended to help solve some basic and common errors that are encountered <para>This section is intended to help solve some basic and common
during setup and configuration of Cinder. The focus here is on failed creation of volumes. errors that are encountered during set up and configuration of
The most important thing to know is where to look in case of a failure. There are two log Cinder. The focus here is on failed creation of volumes. The
files that are especially helpful in the case of a volume creation failure. The first is the most important thing to know is where to look in case of a
<systemitem class="service">cinder-api</systemitem> log, and the second is the <systemitem class="service">cinder-volume</systemitem> log.</para> failure. Two log files are especially helpful when volume
creation fails: <systemitem class="service"
>cinder-api</systemitem> log and <systemitem
class="service">cinder-volume</systemitem> log.</para>
<para>The <systemitem class="service">cinder-api</systemitem> log is useful in determining if you have <para>The <systemitem class="service">cinder-api</systemitem> log is useful in determining if you have
endpoint or connectivity issues. If you send a request to endpoint or connectivity issues. If you send a request to
create a volume and it fails, it's a good idea to look here create a volume and it fails, it's a good idea to look here
@ -15,8 +18,9 @@
service. If the request seems to be logged, and there are no service. If the request seems to be logged, and there are no
errors or trace-backs then you can move to the <systemitem class="service">cinder-volume</systemitem> errors or trace-backs then you can move to the <systemitem class="service">cinder-volume</systemitem>
log and look for errors or trace-backs there.</para> log and look for errors or trace-backs there.</para>
<para>There are some common issues to look out for. The following describes <para>There are some common issues to look out for. The following
some common issues hit during configuration and some suggested solutions.</para> describes some common configuration issues with suggested
solutions.</para>
<para><emphasis role="bold"><emphasis role="underline">Create commands are in <systemitem class="service">cinder-api</systemitem> log <para><emphasis role="bold"><emphasis role="underline">Create commands are in <systemitem class="service">cinder-api</systemitem> log
with no error</emphasis></emphasis></para> with no error</emphasis></emphasis></para>
<para> <para>
@ -48,10 +52,7 @@
simple entry in <filename>/etc/tgt/conf.d</filename>, and you should have created this when you went simple entry in <filename>/etc/tgt/conf.d</filename>, and you should have created this when you went
through the install guide. If you haven't or you're running into issues, verify through the install guide. If you haven't or you're running into issues, verify
that you have a file <filename>/etc/tgt/conf.d/cinder.conf</filename>.</para> that you have a file <filename>/etc/tgt/conf.d/cinder.conf</filename>.</para>
<para>If the file is not there, you can create it easily by doing the <para>If the file is not there, create it, as follows:</para><screen><prompt>$</prompt> <userinput>sudo sh -c "echo 'include /var/lib/cinder/volumes/*' >> /etc/tgt/conf.d/cinder.conf"</userinput></screen>
following:<programlisting>
sudo sh -c "echo 'include /var/lib/cinder/volumes/*' >> /etc/tgt/conf.d/cinder.conf"
</programlisting></para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</para> </para>
@ -60,26 +61,23 @@ sudo sh -c "echo 'include /var/lib/cinder/volumes/*' >> /etc/tgt/conf.d/cinder.c
<para>This is most likely going to be a minor adjustment to your <para>This is most likely going to be a minor adjustment to your
<filename>nova.conf</filename> file. Make sure that your <filename>nova.conf</filename> file. Make sure that your
<filename>nova.conf</filename> has the following <filename>nova.conf</filename> has the following
entry:<programlisting> entry:<programlisting>volume_api_class=nova.volume.cinder.API </programlisting></para>
volume_api_class=nova.volume.cinder.API <para>Make certain that you explicitly set
</programlisting></para> <option>enabled_apis</option> because the default includes
<para>And make certain that you EXPLICITLY set enabled_apis as the default will include <option>osapi_volume</option>:<programlisting>enabled_apis=ec2,osapi_compute,metadata</programlisting></para>
osapi_volume:<programlisting>
enabled_apis=ec2,osapi_compute,metadata
</programlisting>
</para>
<para><emphasis role="bold">Failed to create iscsi target error in the <filename>cinder-volume.log</filename></emphasis></para> <para><emphasis role="bold">Failed to create iscsi target error in the <filename>cinder-volume.log</filename></emphasis></para>
<programlisting language="bash">2013-03-12 01:35:43 1248 TRACE cinder.openstack.common.rpc.amqp ISCSITargetCreateFailed: Failed to create iscsi target for volume volume-137641b2-af72-4a2f-b243-65fdccd38780. <programlisting language="bash">2013-03-12 01:35:43 1248 TRACE cinder.openstack.common.rpc.amqp ISCSITargetCreateFailed: Failed to create iscsi target for volume volume-137641b2-af72-4a2f-b243-65fdccd38780.</programlisting>
</programlisting> <para>You might see this error in
<para>You may see this error in <filename>cinder-volume.log</filename> after trying to create a volume that is 1 GB. To fix this issue: <filename>cinder-volume.log</filename> after trying to
</para> create a volume that is 1 GB. </para>
<para>Change content of the <filename>/etc/tgt/targets.conf</filename> from "include /etc/tgt/conf.d/*.conf" to: <para>To fix this issue, change the content of the
include /etc/tgt/conf.d/cinder_tgt.conf:</para> <filename>/etc/tgt/targets.conf</filename> from
<programlisting language="bash"> <literal>include /etc/tgt/conf.d/*.conf</literal> to
include /etc/tgt/conf.d/cinder_tgt.conf <literal>include
include /etc/tgt/conf.d/cinder.conf /etc/tgt/conf.d/cinder_tgt.conf</literal>, as follows:</para>
default-driver iscsi</programlisting> <programlisting language="bash">include /etc/tgt/conf.d/cinder_tgt.conf
include /etc/tgt/conf.d/cinder.conf
default-driver iscsi</programlisting>
<para>Then restart tgt and <literal>cinder-*</literal> services so they pick up the new configuration.</para> <para>Then restart tgt and <literal>cinder-*</literal> services so they pick up the new configuration.</para>
</section> </section>

731
doc/common/ch_getstart.xml
View File

@ -5,19 +5,19 @@
xml:id="ch_getting-started-with-openstack"> xml:id="ch_getting-started-with-openstack">
<title>Get started with OpenStack</title> <title>Get started with OpenStack</title>
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<para>The OpenStack project is an <para>The OpenStack project is an open source cloud computing
open source cloud computing platform for all types of clouds, which aims platform for all types of clouds, which aims to be simple to
to be simple to implement, massively scalable, and feature implement, massively scalable, and feature rich. Developers and
rich. Developers and cloud computing technologists from around the cloud computing technologists from around the world create the
world create the OpenStack project.</para> OpenStack project.</para>
<para>OpenStack provides an Infrastructure as a Service (IaaS) <para>OpenStack provides an Infrastructure as a Service (IaaS)
solution through a set of interrelated services. Each service offers solution through a set of interrelated services. Each service
an application programming interface (API) that facilitates this offers an application programming interface (API) that facilitates
integration.</para> this integration.</para>
<section xml:id="openstack-architecture"> <section xml:id="openstack-architecture">
<title>OpenStack architecture</title> <title>OpenStack architecture</title>
<para>The following table describes the OpenStack services that make <para>The following table describes the OpenStack services that
up the OpenStack architecture:</para> make up the OpenStack architecture:</para>
<table rules="all"> <table rules="all">
<caption>OpenStack services</caption> <caption>OpenStack services</caption>
<col width="20%"/> <col width="20%"/>
@ -32,77 +32,106 @@
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-dashboard/" <td><link
xlink:href="http://www.openstack.org/software/openstack-dashboard/"
>Dashboard</link></td> >Dashboard</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/horizon/">Horizon</link></td> <td><link
<td>Enables users to interact with all OpenStack services to launch xlink:href="http://docs.openstack.org/developer/horizon/"
an instance, assign IP addresses, set access controls, and so >Horizon</link></td>
on.</td> <td>Enables users to interact with all OpenStack services to
launch an instance, assign IP addresses, set access
controls, and so on.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/">Identity <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-shared-services/"
<td><link xlink:href="http://docs.openstack.org/developer/keystone/">Keystone</link></td> >Identity Service</link></td>
<td>Provides authentication and authorization for all the OpenStack services. Also <td><link
provides a service catalog within a particular OpenStack cloud.</td> xlink:href="http://docs.openstack.org/developer/keystone/"
>Keystone</link></td>
<td>Provides authentication and authorization for all the
OpenStack services. Also provides a service catalog within
a particular OpenStack cloud.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-compute/">Compute <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-compute/"
<td><link xlink:href="http://docs.openstack.org/developer/nova/">Nova</link></td> >Compute Service</link></td>
<td>Provisions and manages large networks of virtual machines on <td><link
demand.</td> xlink:href="http://docs.openstack.org/developer/nova/"
>Nova</link></td>
<td>Provisions and manages large networks of virtual
machines on demand.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-storage/">Object Storage <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-storage/"
<td><link xlink:href="http://docs.openstack.org/developer/swift/">Swift</link></td> >Object Storage Service</link></td>
<td>Stores and retrieve files. Does not mount directories like a file <td><link
server.</td> xlink:href="http://docs.openstack.org/developer/swift/"
>Swift</link></td>
<td>Stores and retrieve files. Does not mount directories
like a file server.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-storage/">Block Storage <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-storage/"
<td><link xlink:href="http://docs.openstack.org/developer/cinder/">Cinder</link></td> >Block Storage Service</link></td>
<td>Provides persistent block storage to guest virtual machines.</td> <td><link
xlink:href="http://docs.openstack.org/developer/cinder/"
>Cinder</link></td>
<td>Provides persistent block storage to guest virtual
machines.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/">Image <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-shared-services/"
<td><link xlink:href="http://docs.openstack.org/developer/glance/" >Image Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/glance/"
>Glance</link></td> >Glance</link></td>
<td>Provides a registry of virtual machine images. Compute Service <td>Provides a registry of virtual machine images. Compute
uses it to provision instances. Service uses it to provision instances. </td>
</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-networking/">Networking <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-networking/"
<td><link xlink:href="http://docs.openstack.org/developer/neutron/">Neutron</link></td> >Networking Service</link></td>
<td>Enables network connectivity as a service among interface devices <td><link
managed by other OpenStack services, usually Compute Service. xlink:href="http://docs.openstack.org/developer/neutron/"
Enables users to create and attach interfaces to networks. Has a >Neutron</link></td>
pluggable architecture that supports many popular networking <td>Enables network connectivity as a service among
vendors and technologies.</td> interface devices managed by other OpenStack services,
usually Compute Service. Enables users to create and
attach interfaces to networks. Has a pluggable
architecture that supports many popular networking vendors
and technologies.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/" <td><link
xlink:href="http://www.openstack.org/software/openstack-shared-services/"
>Metering/Monitoring Service</link></td> >Metering/Monitoring Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/ceilometer/">Ceilometer</link></td> <td><link
<td>Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistics xlink:href="http://docs.openstack.org/developer/ceilometer/"
purposes.</td> >Ceilometer</link></td>
<td>Monitors and meters the OpenStack cloud for billing,
benchmarking, scalability, and statistics purposes.</td>
</tr> </tr>
<tr> <tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/">Orchestration <td><link
Service</link></td> xlink:href="http://www.openstack.org/software/openstack-shared-services/"
<td><link xlink:href="http://docs.openstack.org/developer/heat/">Heat</link></td> >Orchestration Service</link></td>
<td>Orchestrates multiple composite cloud applications by using the <td><link
AWS CloudFormation template format, through both an xlink:href="http://docs.openstack.org/developer/heat/"
OpenStack-native REST API and a CloudFormation-compatible Query >Heat</link></td>
API.</td> <td>Orchestrates multiple composite cloud applications by
using the AWS CloudFormation template format, through both
an OpenStack-native REST API and a
CloudFormation-compatible Query API.</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<?hard-pagebreak?>
<section xml:id="conceptual-architecture"> <section xml:id="conceptual-architecture">
<title>Conceptual architecture</title> <title>Conceptual architecture</title>
<para>The following diagram shows the relationships among the <para>The following diagram shows the relationships among the
@ -117,41 +146,52 @@ provides a service catalog within a particular OpenStack cloud.</td>
</mediaobject> </mediaobject>
</informalfigure> </informalfigure>
</section> </section>
<?hard-pagebreak?>
<section xml:id="logical-architecture"> <section xml:id="logical-architecture">
<title>Logical architecture</title> <title>Logical architecture</title>
<para>To design, install, and configure a cloud, cloud administrators <para>To design, install, and configure a cloud, cloud
must understand the logical architecture.</para> administrators must understand the logical
architecture.</para>
<para>OpenStack modules are one of the following types:</para> <para>OpenStack modules are one of the following types:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Daemon. Runs as a daemon. On Linux platforms, it's usually installed as a service.</para> <para>Daemon. Runs as a daemon. On Linux platforms, it's
usually installed as a service.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Script. Runs installation and tests of a virtual environment. For example, a script called <code>run_tests.sh</code> installs a virtual environment for a service and then may also run tests to verify that virtual environment functions well.</para> <para>Script. Runs installation and tests of a virtual
environment. For example, a script called
<code>run_tests.sh</code> installs a virtual environment
for a service and then may also run tests to verify that
virtual environment functions well.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Command-line interface (CLI). Enables users to submit API calls to OpenStack services through <para>Command-line interface (CLI). Enables users to submit
easy-to-use commands.</para> API calls to OpenStack services through easy-to-use
commands.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The following diagram shows the most common, but not the only, <para>The following diagram shows the most common, but not the
architecture for an OpenStack cloud:</para> only, architecture for an OpenStack cloud:</para>
<!-- Source files in this repository in doc/src/docbkx/common/figures/openstack-arch-grizzly-v1.zip https://github.com/openstack/openstack-manuals/raw/master/doc/src/docbkx/common/figures/openstack-arch-grizzly-v1.zip --> <!-- Source files in this repository in doc/src/docbkx/common/figures/openstack-arch-grizzly-v1.zip https://github.com/openstack/openstack-manuals/raw/master/doc/src/docbkx/common/figures/openstack-arch-grizzly-v1.zip -->
<figure xml:id="os-logical-arch"><title>OpenStack logical architecture</title> <figure xml:id="os-logical-arch">
<title>OpenStack logical architecture</title>
<mediaobject> <mediaobject>
<imageobject> <imageobject>
<imagedata fileref="figures/openstack-arch-grizzly-v1-logical.jpg" <imagedata
fileref="figures/openstack-arch-grizzly-v1-logical.jpg"
contentwidth="6.5in"/> contentwidth="6.5in"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</figure> </figure>
<para>As in the conceptual architecture, end users can interact <para>As in the conceptual architecture, end users can interact
through the dashboard, CLIs, and APIs. All services authenticate through the dashboard, CLIs, and APIs. All services
through a common Identity Service and individual services interact authenticate through a common Identity Service and individual
with each other through public APIs, except where privileged services interact with each other through public APIs, except
administrator commands are necessary.</para> where privileged administrator commands are necessary.</para>
</section> </section>
</section> </section>
<?hard-pagebreak?>
<section xml:id="openstack-services"> <section xml:id="openstack-services">
<title>OpenStack services</title> <title>OpenStack services</title>
<para>This section describes OpenStack services in detail.</para> <para>This section describes OpenStack services in detail.</para>
@ -170,14 +210,14 @@ provides a service catalog within a particular OpenStack cloud.</td>
</mediaobject> </mediaobject>
</informalfigure> </informalfigure>
<para>The dashboard is usually deployed through <link <para>The dashboard is usually deployed through <link
xlink:href="http://code.google.com/p/modwsgi/">mod_wsgi</link> in xlink:href="http://code.google.com/p/modwsgi/"
Apache. You can modify the dashboard code to make it suitable for >mod_wsgi</link> in Apache. You can modify the dashboard
different sites.</para> code to make it suitable for different sites.</para>
<para>From a network architecture point of view, this service must be <para>From a network architecture point of view, this service
accessible to customers and the public API for each OpenStack must be accessible to customers and the public API for each
service. To use the administrator functionality for other OpenStack service. To use the administrator functionality for
services, it must also connect to Admin API endpoints, which other services, it must also connect to Admin API endpoints,
should not be accessible by customers.</para> which should not be accessible by customers.</para>
</section> </section>
<section xml:id="identity-service"> <section xml:id="identity-service">
<title>Identity Service</title> <title>Identity Service</title>
@ -186,41 +226,47 @@ provides a service catalog within a particular OpenStack cloud.</td>
projects. It consists of:</para> projects. It consists of:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><systemitem class="service">keystone-all</systemitem>. Starts both the service and <para><systemitem class="service">keystone-all</systemitem>.
administrative APIs in a single process to provide Catalog, Authorization, and Authentication Starts both the service and administrative APIs in a
services for OpenStack.</para> single process to provide Catalog, Authorization, and
Authentication services for OpenStack.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Identity Service functions. Each has a pluggable backend that allows different ways to use <para>Identity Service functions. Each has a pluggable back
the particular service. Most support standard backends like LDAP or SQL.</para> end that allows different ways to use the particular
service. Most support standard back ends like LDAP or
SQL.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The Identity Service is mostly used to customize authentication <para>The Identity Service is mostly used to customize
services.</para> authentication services.</para>
</section> </section>
<?hard-pagebreak?>
<section xml:id="compute-service"> <section xml:id="compute-service">
<title>Compute Service</title> <title>Compute Service</title>
<para>The Compute Service is a cloud computing fabric controller, the <para>The Compute Service is a cloud computing fabric
main part of an IaaS system. It can be used for hosting and controller, the main part of an IaaS system. It can be used
managing cloud computing systems. The main modules are implemented for hosting and managing cloud computing systems. The main
in Python.</para> modules are implemented in Python.</para>
<para>The Compute Service is made up of the following functional <para>The Compute Service is made up of the following functional
areas and their underlying components:</para> areas and their underlying components:</para>
<itemizedlist> <itemizedlist>
<title>API</title> <title>API</title>
<listitem> <listitem>
<para><systemitem class="service">nova-api</systemitem> service. <para><systemitem class="service">nova-api</systemitem>
Accepts and responds to end user compute API calls. Supports the service. Accepts and responds to end user compute API
OpenStack Compute API, the Amazon EC2 API, and a special Admin calls. Supports the OpenStack Compute API, the Amazon EC2
API for privileged users to perform administrative actions. API, and a special Admin API for privileged users to
Also, initiates most orchestration activities, such as running perform administrative actions. Also, initiates most
an instance, and enforces some policies.</para> orchestration activities, such as running an instance, and
enforces some policies.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-api-metadata</systemitem> <para><systemitem class="service"
service. Accepts metadata requests from instances. The >nova-api-metadata</systemitem> service. Accepts
<systemitem class="service">nova-api-metadata</systemitem> metadata requests from instances. The <systemitem
service is generally only used when you run in multi-host mode class="service">nova-api-metadata</systemitem> service
is generally only used when you run in multi-host mode
with <systemitem class="service">nova-network</systemitem> with <systemitem class="service">nova-network</systemitem>
installations. For details, see <link installations. For details, see <link
xlink:href="http://docs.openstack.org/trunk/openstack-compute/admin/content/metadata-service.html" xlink:href="http://docs.openstack.org/trunk/openstack-compute/admin/content/metadata-service.html"
@ -230,31 +276,36 @@ provides a service catalog within a particular OpenStack cloud.</td>
<itemizedlist> <itemizedlist>
<title>Compute core</title> <title>Compute core</title>
<listitem> <listitem>
<para><systemitem class="service">nova-compute</systemitem> process. A <para><systemitem class="service">nova-compute</systemitem>
worker daemon that creates and terminates virtual machine process. A worker daemon that creates and terminates
instances through hypervisor APIs. For example, XenAPI for virtual machine instances through hypervisor APIs. For
XenServer/XCP, libvirt for KVM or QEMU, VMwareAPI for VMware, example, XenAPI for XenServer/XCP, libvirt for KVM or
and so on. The process by which it does so is fairly complex but QEMU, VMwareAPI for VMware, and so on. The process by
the basics are simple: Accept actions from the queue and perform which it does so is fairly complex but the basics are
a series of system commands, like launching a KVM instance, to simple: Accept actions from the queue and perform a series
carry them out while updating state in the database.</para> of system commands, like launching a KVM instance, to
carry them out while updating state in the
database.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-scheduler</systemitem> <para><systemitem class="service"
process. Conceptually the simplest piece of code in Compute. >nova-scheduler</systemitem> process. Conceptually the
Takes a virtual machine instance request from the queue and simplest piece of code in Compute. Takes a virtual machine
determines on which compute server host it should run.</para> instance request from the queue and determines on which
compute server host it should run.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-conductor</systemitem> module. <para><systemitem class="service"
Mediates interactions between <systemitem class="service" >nova-conductor</systemitem> module. Mediates
>nova-compute</systemitem> and the database. Aims to eliminate interactions between <systemitem class="service"
direct accesses to the cloud database made by <systemitem >nova-compute</systemitem> and the database. Aims to
class="service">nova-compute</systemitem>. The <systemitem eliminate direct accesses to the cloud database made by
class="service">nova-conductor</systemitem> module scales <systemitem class="service">nova-compute</systemitem>.
horizontally. However, do not deploy it on any nodes where The <systemitem class="service"
<systemitem class="service">nova-compute</systemitem> runs. For >nova-conductor</systemitem> module scales horizontally.
more information, see <link However, do not deploy it on any nodes where <systemitem
class="service">nova-compute</systemitem> runs. For more
information, see <link
xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/" xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/"
>A new Nova service: nova-conductor</link>.</para> >A new Nova service: nova-conductor</link>.</para>
</listitem> </listitem>
@ -263,79 +314,83 @@ provides a service catalog within a particular OpenStack cloud.</td>
<title>Networking for VMs</title> <title>Networking for VMs</title>
<listitem> <listitem>
<para><systemitem class="service">nova-network</systemitem> <para><systemitem class="service">nova-network</systemitem>
worker daemon. Similar to <systemitem class="service" worker daemon. Similar to <systemitem class="service"
>nova-compute</systemitem>, it accepts networking tasks >nova-compute</systemitem>, it accepts networking tasks
from the queue and performs tasks to manipulate the from the queue and performs tasks to manipulate the
network, such as setting up bridging interfaces or network, such as setting up bridging interfaces or
changing iptables rules. This functionality is being changing iptables rules. This functionality is being
migrated to OpenStack Networking, which is a separate migrated to OpenStack Networking, which is a separate
OpenStack service.</para> OpenStack service.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-dhcpbridge</systemitem> <para><systemitem class="service"
script. Tracks IP address leases and records them in the >nova-dhcpbridge</systemitem> script. Tracks IP address
database by using the dnsmasq <literal>dhcp-script</literal> leases and records them in the database by using the
facility. This functionality is being migrated to OpenStack dnsmasq <literal>dhcp-script</literal> facility. This
Networking. OpenStack Networking provides a different functionality is being migrated to OpenStack Networking.
script.</para> OpenStack Networking provides a different script.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<?hard-pagebreak?>
<itemizedlist> <itemizedlist>
<title>Console interface</title> <title>Console interface</title>
<listitem> <listitem>
<para><systemitem class="service" <para><systemitem class="service"
>nova-consoleauth</systemitem> daemon. Authorizes tokens >nova-consoleauth</systemitem> daemon. Authorizes tokens
for users that console proxies provide. See <systemitem for users that console proxies provide. See <systemitem
class="service">nova-novncproxy</systemitem> and class="service">nova-novncproxy</systemitem> and
<systemitem class="service" <systemitem class="service"
>nova-xvpnvcproxy</systemitem>. This service must be >nova-xvpnvcproxy</systemitem>. This service must be
running for console proxies to work. Many proxies of running for console proxies to work. Many proxies of
either type can be run against a single <systemitem either type can be run against a single <systemitem
class="service">nova-consoleauth</systemitem> service in class="service">nova-consoleauth</systemitem> service in
a cluster configuration. For information, see <link a cluster configuration. For information, see <link
xlink:href="http://docs.openstack.org/trunk/openstack-compute/admin/content/about-nova-consoleauth.html" xlink:href="http://docs.openstack.org/trunk/openstack-compute/admin/content/about-nova-consoleauth.html"
>About nova-consoleauth</link>.</para> >About nova-consoleauth</link>.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-novncproxy</systemitem> <para><systemitem class="service"
daemon. Provides a proxy for accessing running instances through >nova-novncproxy</systemitem> daemon. Provides a proxy
a VNC connection. Supports browser-based novnc clients.</para> for accessing running instances through a VNC connection.
Supports browser-based novnc clients.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-console</systemitem> <para><systemitem class="service">nova-console</systemitem>
daemon. Deprecated for use with Grizzly. Instead, the daemon. Deprecated for use with Grizzly. Instead, the
<systemitem class="service" <systemitem class="service"
>nova-xvpnvncproxy</systemitem> is used.</para> >nova-xvpnvncproxy</systemitem> is used.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-xvpnvncproxy</systemitem> <para><systemitem class="service"
daemon. A proxy for accessing running instances through a VNC >nova-xvpnvncproxy</systemitem> daemon. A proxy for
connection. Supports a Java client specifically designed for accessing running instances through a VNC connection.
Supports a Java client specifically designed for
OpenStack.</para> OpenStack.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">nova-cert</systemitem> <para><systemitem class="service">nova-cert</systemitem>
daemon. Manages x509 certificates.</para> daemon. Manages x509 certificates.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<itemizedlist> <itemizedlist>
<title>Image Management (EC2 scenario)</title> <title>Image Management (EC2 scenario)</title>
<listitem> <listitem>
<para><systemitem class="service">nova-objectstore</systemitem> <para><systemitem class="service"
daemon. Provides an S3 interface for registering images with the >nova-objectstore</systemitem> daemon. Provides an S3
Image Service. Mainly used for installations that must support interface for registering images with the Image Service.
euca2ools. The euca2ools tools talk to <systemitem Mainly used for installations that must support euca2ools.
class="service">nova-objectstore</systemitem> in <emphasis The euca2ools tools talk to <systemitem class="service"
>nova-objectstore</systemitem> in <emphasis
role="italic">S3 language</emphasis>, and <systemitem role="italic">S3 language</emphasis>, and <systemitem
class="service">nova-objectstore</systemitem> translates S3 class="service">nova-objectstore</systemitem> translates
requests into Image Service requests.</para> S3 requests into Image Service requests.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>euca2ools client. A set of command-line interpreter commands <para>euca2ools client. A set of command-line interpreter
for managing cloud resources. Though not an OpenStack module, commands for managing cloud resources. Though not an
you can configure <systemitem class="service" OpenStack module, you can configure <systemitem
>nova-api</systemitem> to support this EC2 interface. For more class="service">nova-api</systemitem> to support this
information, see the <link EC2 interface. For more information, see the <link
xlink:href="http://www.eucalyptus.com/eucalyptus-cloud/documentation/2.0" xlink:href="http://www.eucalyptus.com/eucalyptus-cloud/documentation/2.0"
>Eucalyptus 2.0 Documentation</link>.</para> >Eucalyptus 2.0 Documentation</link>.</para>
</listitem> </listitem>
@ -343,263 +398,313 @@ daemon. Manages x509 certificates.</para>
<itemizedlist> <itemizedlist>
<title>Command Line Interpreter/Interfaces</title> <title>Command Line Interpreter/Interfaces</title>
<listitem> <listitem>
<para>nova client. Enables users to submit commands as a tenant <para>nova client. Enables users to submit commands as a
administrator or end user.</para> tenant administrator or end user.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>nova-manage client. Enables cloud administrators to submit <para>nova-manage client. Enables cloud administrators to
commands.</para> submit commands.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<itemizedlist> <itemizedlist>
<title>Other components</title> <title>Other components</title>
<listitem> <listitem>
<para>The queue. A central hub for passing messages between daemons. <para>The queue. A central hub for passing messages between
Usually implemented with <link daemons. Usually implemented with <link
xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>, but xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>,
could be any AMPQ message queue, such as <link but could be any AMPQ message queue, such as <link
xlink:href="http://qpid.apache.org/">Apache Qpid</link>) or xlink:href="http://qpid.apache.org/">Apache Qpid</link>)
<link xlink:href="http://www.zeromq.org/">Zero or <link xlink:href="http://www.zeromq.org/">Zero
MQ</link>.</para> MQ</link>.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>SQL database. Stores most build-time and runtime states for <para>SQL database. Stores most build-time and runtime
a cloud infrastructure. Includes instance types that are states for a cloud infrastructure. Includes instance types
available for use, instances in use, available networks, and that are available for use, instances in use, available
projects. Theoretically, OpenStack Compute can support any networks, and projects. Theoretically, OpenStack Compute
database that SQL-Alchemy supports, but the only databases can support any database that SQL-Alchemy supports, but
widely used are sqlite3 databases, MySQL (only appropriate for the only databases widely used are sqlite3 databases,
test and development work), and PostgreSQL.</para> MySQL (only appropriate for test and development work),
and PostgreSQL.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The Compute Service interacts with other OpenStack services: <para>The Compute Service interacts with other OpenStack
Identity Service for authentication, Image Service for images, and services: Identity Service for authentication, Image Service
the OpenStack Dashboard for a web interface.</para> for images, and the OpenStack Dashboard for a web
interface.</para>
</section> </section>
<?hard-pagebreak?>
<section xml:id="object-storage-service"> <section xml:id="object-storage-service">
<title>Object Storage Service</title> <title>Object Storage Service</title>
<para>The Object Storage Service is a highly scalable and durable <para>The Object Storage Service is a highly scalable and
multi-tenant object storage system for large amounts of durable multi-tenant object storage system for large amounts
unstructured data at low cost through a RESTful http API.</para> of unstructured data at low cost through a RESTful http
API.</para>
<para>It includes the following components:</para> <para>It includes the following components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><systemitem class="service">swift-proxy-server</systemitem>. <para><systemitem class="service"
Accepts Object Storage API and raw HTTP requests to upload >swift-proxy-server</systemitem>. Accepts Object Storage
files, modify metadata, and create containers. It also serves API and raw HTTP requests to upload files, modify
file or container listings to web browsers. To improve metadata, and create containers. It also serves file or
performance, the proxy server can use an optional cache usually container listings to web browsers. To improve
deployed with memcache.</para> performance, the proxy server can use an optional cache
usually deployed with memcache.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Account servers. Manage accounts defined with the Object <para>Account servers. Manage accounts defined with the
Storage Service.</para> Object Storage Service.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Container servers. Manage a mapping of containers, or folders, <para>Container servers. Manage a mapping of containers, or
within the Object Storage Service.</para> folders, within the Object Storage Service.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Object servers. Manage actual objects, such as files, on the <para>Object servers. Manage actual objects, such as files,
storage nodes.</para> on the storage nodes.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>A number of periodic processes. Performs housekeeping tasks on <para>A number of periodic processes. Performs housekeeping
the large data store. The replication services ensure tasks on the large data store. The replication services
consistency and availability through the cluster. Other periodic ensure consistency and availability through the cluster.
processes include auditors, updaters, and reapers.</para> Other periodic processes include auditors, updaters, and
reapers.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>Configurable WSGI middleware, which is usually the <para>Configurable WSGI middleware, which is usually the
Identity Service, handles authentication.</para> Identity Service, handles authentication.</para>
<xi:include href="section_storage-concepts.xml"/> <xi:include href="section_storage-concepts.xml"/>
</section> </section>
<section xml:id="block-storage-service"> <section xml:id="block-storage-service">
<title>Block Storage Service</title> <title>Block Storage Service</title>
<para>The Block Storage Service enables management of volumes, volume <para>The Block Storage Service enables management of volumes,
snapshots, and volume types. It includes the following volume snapshots, and volume types. It includes the following
components:</para> components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><systemitem class="service">cinder-api</systemitem>. <para><systemitem class="service">cinder-api</systemitem>.
Accepts API requests and routes them to <systemitem Accepts API requests and routes them to <systemitem
class="service">cinder-volume</systemitem> for class="service">cinder-volume</systemitem> for
action.</para> action.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">cinder-volume</systemitem>. Responds to requests to read from and <para><systemitem class="service"
write to the Object Storage database to maintain state, interacting with other processes (like >cinder-volume</systemitem>. Responds to requests to read
<systemitem class="service">cinder-scheduler</systemitem>) through a message queue and from and write to the Object Storage database to maintain
directly upon block storage providing hardware or software. It can interact with a variety of state, interacting with other processes (like <systemitem
class="service">cinder-scheduler</systemitem>) through a
message queue and directly upon block storage providing
hardware or software. It can interact with a variety of
storage providers through a driver architecture.</para> storage providers through a driver architecture.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service" <para><systemitem class="service"
>cinder-scheduler</systemitem> daemon. Like the >cinder-scheduler</systemitem> daemon. Like the
<systemitem class="service">nova-scheduler</systemitem>, <systemitem class="service">nova-scheduler</systemitem>,
picks the optimal block storage provider node on which to picks the optimal block storage provider node on which to
create the volume.</para> create the volume.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Messaging queue. Routes information between the Block Storage <para>Messaging queue. Routes information between the Block
Service processes and a database, which stores volume Storage Service processes and a database, which stores
state.</para> volume state.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The Block Storage Service interacts with Compute to provide <para>The Block Storage Service interacts with Compute to
volumes for instances.</para> provide volumes for instances.</para>
</section> </section>
<section xml:id="image-service"> <section xml:id="image-service">
<title>Image Service</title> <title>Image Service</title>
<para>The Image Service includes the following components:</para> <para>The Image Service includes the following
components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><systemitem class="service">glance-api</systemitem>. Accepts <para><systemitem class="service">glance-api</systemitem>.
Image API calls for image discovery, retrieval, and Accepts Image API calls for image discovery, retrieval,
storage.</para> and storage.</para>
</listitem> </listitem>
<listitem> <listitem>
<para><systemitem class="service">glance-registry</systemitem>. <para><systemitem class="service"
Stores, processes, and retrieves metadata about images. Metadata >glance-registry</systemitem>. Stores, processes, and
includes size, type, and so on.</para> retrieves metadata about images. Metadata includes size,
type, and so on.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Database. Stores image metadata. You can choose your database <para>Database. Stores image metadata. You can choose your
depending on your preference. Most deployments use MySQL or database depending on your preference. Most deployments
SQlite.</para> use MySQL or SQlite.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Storage repository for image files. In <xref <para>Storage repository for image files. In <xref
linkend="os-logical-arch"/>, the Object Storage Service is the linkend="os-logical-arch"/>, the Object Storage Service
image repository. However, you can configure a different is the image repository. However, you can configure a
repository. The Image Service supports normal filesystems, RADOS different repository. The Image Service supports normal
block devices, Amazon S3, and HTTP. Some of these choices are file systems, RADOS block devices, Amazon S3, and HTTP.
limited to read-only usage.</para> Some of these choices are limited to read-only
usage.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>A number of periodic processes run on the Image Service to <para>A number of periodic processes run on the Image Service to
support caching. Replication services ensures consistency and support caching. Replication services ensures consistency and
availability through the cluster. Other periodic processes availability through the cluster. Other periodic processes
include auditors, updaters, and reapers.</para> include auditors, updaters, and reapers.</para>
<para>As shown in <xref linkend="concept_arch"/>, the Image Service <para>As shown in <xref linkend="concept_arch"/>, the Image
is central to the overall IaaS picture. It accepts API requests Service is central to the overall IaaS picture. It accepts API
for images or image metadata from end users or Compute components requests for images or image metadata from end users or
and can store its disk files in the Object Storage Service.</para> Compute components and can store its disk files in the Object
Storage Service.</para>
</section> </section>
<section xml:id="networking-service"> <section xml:id="networking-service">
<title>Networking Service</title> <title>Networking Service</title>
<para>Provides network-connectivity-as-a-service between interface <para>Provides network-connectivity-as-a-service between
devices that are managed by other OpenStack services, usually interface devices that are managed by other OpenStack
Compute. Enables users to create and attach interfaces to services, usually Compute. Enables users to create and attach
networks. Like many OpenStack services, OpenStack Networking is interfaces to networks. Like many OpenStack services,
highly configurable due to its plug-in architecture. These OpenStack Networking is highly configurable due to its plug-in
plug-ins accommodate different networking equipment and software. architecture. These plug-ins accommodate different networking
Consequently, the architecture and deployment vary dramatically.</para> equipment and software. Consequently, the architecture and
deployment vary dramatically.</para>
<para>Includes the following components:</para> <para>Includes the following components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><systemitem class="service">neutron-server</systemitem>. <para><systemitem class="service"
Accepts and routes API requests to the appropriate OpenStack >neutron-server</systemitem>. Accepts and routes API
Networking plug-in for action.</para> requests to the appropriate OpenStack Networking plug-in
for action.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>OpenStack Networking plug-ins and agents. Plugs and unplugs <para>OpenStack Networking plug-ins and agents. Plugs and
ports, creates networks or subnets, and provides IP addressing. unplugs ports, creates networks or subnets, and provides
These plug-ins and agents differ depending on the vendor and IP addressing. These plug-ins and agents differ depending
technologies used in the particular cloud. OpenStack Networking on the vendor and technologies used in the particular
ships with plug-ins and agents for Cisco virtual and physical cloud. OpenStack Networking ships with plug-ins and agents
switches, Nicira NVP product, NEC OpenFlow products, Open for Cisco virtual and physical switches, Nicira NVP
vSwitch, Linux bridging, and the Ryu Network Operating product, NEC OpenFlow products, Open vSwitch, Linux
System.</para> bridging, and the Ryu Network Operating System.</para>
<para>The common agents are L3 (layer 3), DHCP (dynamic host IP addressing), and a plug-in <para>The common agents are L3 (layer 3), DHCP (dynamic host
agent.</para> IP addressing), and a plug-in agent.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Messaging queue. Most OpenStack Networking installations make <para>Messaging queue. Most OpenStack Networking
use of a messaging queue to route information between the installations make use of a messaging queue to route
neutron-server and various agents as well as a database to store information between the neutron-server and various agents
networking state for particular plug-ins.</para> as well as a database to store networking state for
particular plug-ins.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>OpenStack Networking interacts mainly with OpenStack <para>OpenStack Networking interacts mainly with OpenStack
Compute, where it provides networks and connectivity for its Compute, where it provides networks and connectivity for its
instances.</para> instances.</para>
</section> </section>
<?hard-pagebreak?>
<section xml:id="metering-service"> <section xml:id="metering-service">
<title>Metering/Monitoring Service</title> <title>Metering/Monitoring Service</title>
<para>The Metering Service is designed to:</para> <para>The Metering Service is designed to:</para>
<para> <para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Efficiently collect the metering data about the CPU and network costs.</para> <para>Efficiently collect the metering data about the CPU
and network costs.</para>
</listitem> </listitem>
<listitem><para>Collect data by monitoring notifications sent from services or by polling the <listitem>
infrastructure.</para> <para>Collect data by monitoring notifications sent from
services or by polling the infrastructure.</para>
</listitem> </listitem>
<listitem><para>Configure the type of collected data to meet various operating requirements. <listitem>
Accessing and inserting the metering data through the REST API.</para> <para>Configure the type of collected data to meet various
operating requirements. Accessing and inserting the
metering data through the REST API.</para>
</listitem>
<listitem>
<para>Expand the framework to collect custom usage data by
additional plug-ins.</para>
</listitem>
<listitem>
<para>Produce signed metering messages that cannot be
repudiated.</para>
</listitem> </listitem>
<listitem><para>Expand the framework to collect custom usage data by additional
plug-ins.</para></listitem>
<listitem><para>Produce signed metering messages that cannot be
repudiated.</para></listitem>
</itemizedlist> </itemizedlist>
</para> </para>
<para>The system consists of the following basic components:</para> <para>The system consists of the following basic
components:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>A compute agent. Runs on each compute node and polls for resource utilization <para>A compute agent. Runs on each compute node and polls
statistics. There may be other types of agents in the future, but for now we will for resource utilization statistics. There may be other
focus on creating the compute agent.</para> types of agents in the future, but for now we will focus
on creating the compute agent.</para>
</listitem> </listitem>
<listitem><para>A central agent. Runs on a central management server to poll for resource <listitem>
utilization statistics for resources not tied to instances or compute nodes.</para> <para>A central agent. Runs on a central management server
to poll for resource utilization statistics for resources
not tied to instances or compute nodes.</para>
</listitem> </listitem>
<listitem><para>A collector. Runs on one or more central management servers to monitor the <listitem>
message queues (for notifications and for metering data coming from the agent). <para>A collector. Runs on one or more central management
Notification messages are processed and turned into metering messages and sent back servers to monitor the message queues (for notifications
out onto the message bus using the appropriate topic. Metering messages are written and for metering data coming from the agent). Notification
to the data store without modification.</para> messages are processed and turned into metering messages
and sent back out onto the message bus using the
appropriate topic. Metering messages are written to the
data store without modification.</para>
</listitem> </listitem>
<listitem><para>A data store. A database capable of handling concurrent writes (from one or more <listitem>
collector instances) and reads (from the API server).</para> <para>A data store. A database capable of handling
concurrent writes (from one or more collector instances)
and reads (from the API server).</para>
</listitem> </listitem>
<listitem><para>An API server. Runs on one or more central management servers to provide access to the data <listitem>
from the data store. These services communicate using the standard OpenStack messaging <para>An API server. Runs on one or more central management
bus. Only the collector and API server have access to the data store.</para> servers to provide access to the data from the data store.
These services communicate using the standard OpenStack
messaging bus. Only the collector and API server have
access to the data store.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>These services communicate by using the standard OpenStack messaging bus. Only the collector and API server have access to the data store.</para> <para>These services communicate by using the standard OpenStack
messaging bus. Only the collector and API server have access
to the data store.</para>
</section> </section>
<?hard-pagebreak?>
<section xml:id="orchestration-service"> <section xml:id="orchestration-service">
<title>Orchestration Service</title> <title>Orchestration Service</title>
<para>The Orchestration Service provides a template-based <para>The Orchestration Service provides a template-based
orchestration for describing a cloud application by running orchestration for describing a cloud application by running
OpenStack API calls to generate running cloud applications. The OpenStack API calls to generate running cloud applications.
software integrates other core components of OpenStack into a The software integrates other core components of OpenStack
one-file template system. The templates enable you to create most into a one-file template system. The templates enable you to
OpenStack resource types, such as instances, floating IPs, create most OpenStack resource types, such as instances,
volumes, security groups, users, and so on. Also, provides some floating IPs, volumes, security groups, users, and so on.
more advanced functionality, such as instance high availability, Also, provides some more advanced functionality, such as
instance auto-scaling, and nested stacks. By providing very tight instance high availability, instance auto-scaling, and nested
integration with other OpenStack core projects, all OpenStack core stacks. By providing very tight integration with other
projects could receive a larger user base.</para> OpenStack core projects, all OpenStack core projects could
<para>Enables deployers to integrate with the Orchestration Service receive a larger user base.</para>
directly or through custom plug-ins.</para> <para>Enables deployers to integrate with the Orchestration
Service directly or through custom plug-ins.</para>
<para>The Orchestration Service consists of the following <para>The Orchestration Service consists of the following
components:</para> components:</para>
<itemizedlist> <itemizedlist>
<listitem><para><code>heat</code> tool. A CLI that communicates with the <listitem>
heat-api to run AWS CloudFormation APIs. End developers could <para><code>heat</code> tool. A CLI that communicates with
also use the heat REST API directly.</para> the heat-api to run AWS CloudFormation APIs. End
developers could also use the heat REST API
directly.</para>
</listitem> </listitem>
<listitem><para><code>heat-api</code> component. Provides an OpenStack-native <listitem>
REST API that processes API requests by sending them to the <para><code>heat-api</code> component. Provides an
heat-engine over RPC.</para> OpenStack-native REST API that processes API requests by
sending them to the heat-engine over RPC.</para>
</listitem> </listitem>
<listitem><para><code>heat-api-cfn</code> component. Provides an AWS Query API that is compatible with AWS CloudFormation <listitem>
and processes API requests by sending them to the heat-engine over RPC.</para></listitem> <para><code>heat-api-cfn</code> component. Provides an AWS
<listitem><para><code>heat-engine</code>. Orchestrates the launching of templates and provides events back to the API Query API that is compatible with AWS CloudFormation and
processes API requests by sending them to the heat-engine
over RPC.</para>
</listitem>
<listitem>
<para><code>heat-engine</code>. Orchestrates the launching
of templates and provides events back to the API
consumer.</para> consumer.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -608,11 +713,11 @@ instances.</para>
<section xml:id="feedback"> <section xml:id="feedback">
<title>Feedback</title> <title>Feedback</title>
<para>To provide feedback on documentation, join and use the <para>To provide feedback on documentation, join and use the
<email>openstack-docs@lists.openstack.org</email> mailing list <email>openstack-docs@lists.openstack.org</email> mailing list
at <link at <link
xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs" xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs"
>OpenStack Documentation Mailing List</link>, or <link >OpenStack Documentation Mailing List</link>, or <link
xlink:href="https://bugs.launchpad.net/openstack-manuals/+filebug" xlink:href="https://bugs.launchpad.net/openstack-manuals/+filebug"
>report a bug</link>.</para> >report a bug</link>.</para>
</section> </section>
</chapter> </chapter>

251
doc/common/ch_support.xml
View File

@ -1,131 +1,166 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook" <chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="ch_support-and-troubleshooting"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_support-and-troubleshooting">
<title>Support</title> <?dbhtml stop-chunking?>
<para>Online resources aid in supporting OpenStack and there
are many community members willing and able to answer
questions and help with bug suspicions. We are constantly
improving and adding to the main features of OpenStack,
but if you have any problems, do not hesitate to ask.
Here are some ideas for supporting OpenStack and
troubleshooting your existing installations.</para>
<section xml:id="community-support">
<title>Community Support</title> <title>Community Support</title>
<para>Here are some places you can locate others who want to <para>Many OpenStack community members can answer questions and
help.</para> help with bug suspicions. We are constantly improving and
adding to the main features of OpenStack, but if you have any
problems, do not hesitate to ask. Use the following resources
to get OpenStack support and troubleshoot your existing
installations.</para>
<simplesect> <simplesect>
<title>ask.openstack.org</title> <title>ask.openstack.org</title>
<para>During setup or testing, you may have questions <para>During set up or testing, you might have questions about
about how to do something, or end up in a situation how to do something or be in a situation where a feature
where you can't seem to get a feature to work does not work correctly. Use the <link
correctly. The ask.openstack.org site is available for xlink:href="ask.openstack.org"
questions and answers. When visiting the Ask site at >ask.openstack.org</link> site to ask questions and
<link xlink:href="http://ask.openstack.org" get answers. When you visit the <link
>http://ask.openstack.org</link>, it is usually xlink:href="http://ask.openstack.org"
good to at least scan over recently asked questions to >http://ask.openstack.org</link> site, scan the recently asked questions to see whether
see if your question has already been answered. If your question was already answered. If not, ask a new question. Be sure
that is not the case, then proceed to adding a new to give a clear, concise summary in the title and provide
question. Be sure you give a clear, concise summary in as much detail as possible in the description. Paste in
the title and provide as much detail as possible in your command output or stack traces, link to screen shots,
the description. Paste in your command output or stack and so on.</para>
traces, link to screenshots, and so on.</para>
</simplesect> </simplesect>
<simplesect><title>OpenStack mailing lists</title> <simplesect>
<para>Posting your question or scenario to the OpenStack <title>OpenStack mailing lists</title>
mailing list is a great way to get answers and <para>A great way to get answers and insights is to post your
insights. You can learn from and help others who may question or scenario to the OpenStack mailing list. You
have the same scenario as you. Go to <link can learn from and help others who might have the same
scenario as you. To subscribe or view the archives, go to
<link
xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</link> to >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</link>.
subscribe or view the archives. You might be interested in the other mailing lists for
You may be interested in the other mailing lists for specific projects or development, which you can find <link
specific projects or development - these can be found xlink:href="http://wiki.openstack.org/MailingLists">on
<link the wiki</link>. A description of all mailing lists is
available at <link
xlink:href="http://wiki.openstack.org/MailingLists" xlink:href="http://wiki.openstack.org/MailingLists"
>on the wiki</link>. A description of all the >http://wiki.openstack.org/MailingLists</link>.</para>
additional mailing lists is available at </simplesect>
<link <simplesect>
xlink:href="http://wiki.openstack.org/MailingLists">http://wiki.openstack.org/MailingLists</link>.</para></simplesect><simplesect>
<title>The OpenStack Wiki search</title> <title>The OpenStack Wiki search</title>
<para>The <link xlink:href="http://wiki.openstack.org/">OpenStack wiki</link> contains content <para>The <link xlink:href="http://wiki.openstack.org/"
on a broad range of topics, but some of it sits a bit below the surface. Fortunately, the wiki >OpenStack wiki</link> contains content on a broad
search feature is very powerful in that it can do both searches by title and by content. If range of topics but some of it sits a bit below the
you are searching for specific information, say about "networking" or "api" for nova, you can surface. Fortunately, the wiki search feature enables you
find lots of content using the search feature. More is being added all the time, so be sure to to search by title or content. If you search for specific
check back often. You can find the search box in the upper right hand corner of any OpenStack wiki information, such as about networking or nova, you can
page.</para></simplesect> find lots of content. More is being added all the time, so
<simplesect><title>The Launchpad Bugs area</title> be sure to check back often. You can find the search box
<para>So you think you've found a bug. That's great! Seriously, it is. The OpenStack community in the upper right corner of any OpenStack wiki
values your setup and testing efforts and wants your feedback. To log a bug you must page.</para>
have a Launchpad account, so sign up at https://launchpad.net/+login if you do not </simplesect>
already have a Launchpad ID. You can view existing bugs and report your bug in the <simplesect>
Launchpad Bugs area. It is suggested that you first use the search facility to see <title>The Launchpad Bugs area</title>
if the bug you found has already been reported (or even better, already fixed). If <para>So you think you've found a bug. That's great!
it still seems like your bug is new or unreported then it is time to fill out a bug Seriously, it is. The OpenStack community values your set
up and testing efforts and wants your feedback. To log a
bug, you must sign up for a Launchpad account at <link
xlink:href="https://launchpad.net/+login"
>https://launchpad.net/+login</link>. You can view
existing bugs and report bugs in the Launchpad Bugs area.
Use the search feature to determine whether the bug was
already reported (or even better, already fixed). If it
still seems like your bug is unreported, fill out a bug
report.</para> report.</para>
<para>Some tips:</para> <para>Some tips:</para>
<itemizedlist><listitem><para>Give a clear, concise summary!</para></listitem>
<listitem><para>Provide as much detail as possible
in the description. Paste in your command output or stack traces, link to
screenshots, etc.</para></listitem>
<listitem><para>Be sure to include what version of the software you are using.
This is especially critical if you are using a development branch eg. "Grizzly
release" vs git commit bc79c3ecc55929bac585d04a03475b72e06a3208.</para></listitem>
<listitem><para>Any deployment specific info is helpful as well, such as Ubuntu
12.04, multi-node install.</para></listitem> </itemizedlist>
<para>The Launchpad Bugs areas are available here - :</para>
<itemizedlist> <itemizedlist>
<listitem><para>OpenStack Compute: <link <listitem>
xlink:href="https://bugs.launchpad.net/nova" <para>Give a clear, concise summary!</para>
>https://bugs.launchpad.net/nova</link></para></listitem> </listitem>
<listitem><para>OpenStack Object Storage: <link <listitem>
xlink:href="https://bugs.launchpad.net/swift" <para>Provide as much detail as possible in the
>https://bugs.launchpad.net/swift</link></para></listitem> description. Paste in your command output or stack
<listitem><para>OpenStack Image Delivery and Registration: <link traces, link to screen shots, and so on.</para>
xlink:href="https://bugs.launchpad.net/glance" </listitem>
>https://bugs.launchpad.net/glance</link></para></listitem> <listitem>
<listitem><para>OpenStack Identity: <link <para>Be sure to include the software version that you are using,
xlink:href="https://bugs.launchpad.net/keystone" especially if you are using a development branch,
>https://bugs.launchpad.net/keystone</link></para></listitem> such as, <literal>"Grizzly release" vs git commit
<listitem><para>OpenStack Dashboard: <link bc79c3ecc55929bac585d04a03475b72e06a3208</literal>.</para>
xlink:href="https://bugs.launchpad.net/horizon" </listitem>
>https://bugs.launchpad.net/horizon</link></para></listitem> <listitem>
<listitem><para>OpenStack Network Connectivity: <link <para>Any deployment specific information is helpful,
xlink:href="https://bugs.launchpad.net/neutron" such as Ubuntu 12.04 or multi-node install.</para>
>https://bugs.launchpad.net/neutron</link></para></listitem> </listitem>
<listitem><para>OpenStack Orchestration: <link </itemizedlist>
xlink:href="https://bugs.launchpad.net/heat" <para>The Launchpad Bugs areas are available here:</para>
>https://bugs.launchpad.net/heat</link></para></listitem> <itemizedlist>
<listitem><para>OpenStack Metering: <link <listitem>
xlink:href="https://bugs.launchpad.net/ceilometer" <para><link
>https://bugs.launchpad.net/ceilometer</link></para></listitem> xlink:href="https://bugs.launchpad.net/nova"
>Bugs: OpenStack Compute (nova)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/swift"
>Bugs : OpenStack Object Storage (swift)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/glance"
>Bugs : OpenStack Image Service (glance)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/keystone"
>Bugs : OpenStack Identity (keystone)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/horizon"
>Bugs : OpenStack Dashboard (horizon)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/neutron"
>Bugs : OpenStack Networking (neutron)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/heat"
>Bugs : OpenStack Orchestration (heat)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/ceilometer"
>Bugs : OpenStack Metering (ceilometer)</link></para>
</listitem>
</itemizedlist> </itemizedlist>
</simplesect> </simplesect>
<simplesect> <simplesect>
<title>The OpenStack IRC channel</title> <title>The OpenStack IRC channel</title>
<para>The OpenStack community lives and breathes in the <para>The OpenStack community lives and breathes in the
#openstack IRC channel on the Freenode network. You #openstack IRC channel on the Freenode network. You can
can come by to hang out, ask questions, or get come by to hang out, ask questions, or get immediate
immediate feedback for urgent and pressing issues. To feedback for urgent and pressing issues. To get into the
get into the IRC channel you need to install an IRC IRC channel, you must install an IRC client or use a
client or use a browser-based client by going to browser-based client by going to <link
http://webchat.freenode.net/. You can also use xlink:href="http://webchat.freenode.net"
Colloquy (Mac OS X, http://colloquy.info/) or mIRC >http://webchat.freenode.net/</link>. You can also use
(Windows, http://www.mirc.com/) or XChat (Linux). When Colloquy (Mac OS X, <link
xlink:href="http://colloquy.info/"
>http://colloquy.info/</link>), mIRC (Windows, <link
xlink:href="http://www.mirc.com/"
>http://www.mirc.com/</link>), or XChat (Linux). When
you are in the IRC channel and want to share code or you are in the IRC channel and want to share code or
command output, the generally accepted method is to command output, the generally accepted method is to use a
use a Paste Bin, the OpenStack project has one at Paste Bin. The OpenStack project has one at <link
http://paste.openstack.org. Just paste your longer xlink:href="http://paste.openstack.org"
amounts of text or logs in the web form and you get a >http://paste.openstack.org</link>. Just paste your
URL you can then paste into the channel. The OpenStack longer amounts of text or logs in the web form and you get
IRC channel is: #openstack on irc.freenode.net. A list a URL you can paste into the channel. The OpenStack IRC
of all the OpenStack-related IRC channels is at <link channel is: <literal>#openstack</literal> on
<literal>irc.freenode.net</literal>. You can find a
list of all OpenStack-related IRC channels at <link
xlink:href="https://wiki.openstack.org/wiki/IRC" xlink:href="https://wiki.openstack.org/wiki/IRC"
>https://wiki.openstack.org/wiki/IRC</link>.</para> >https://wiki.openstack.org/wiki/IRC</link>.</para>
</simplesect> </simplesect>
</section>
</chapter> </chapter>

15
doc/common/section_about-object-storage.xml
View File

@ -4,11 +4,14 @@
xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0" version="5.0"
xml:id="ch_introduction-to-openstack-object-storage"> xml:id="ch_introduction-to-openstack-object-storage">
<title>Introduction to OpenStack Object Storage</title> <title>Introduction to Object Storage</title>
<para>OpenStack Object Storage is a scalable object storage system - it is not a file system in the <para>Object Storage is a scalable object storage system - it is
traditional sense. You will not be able to mount this system like traditional SAN or NAS volumes. not a file system in the traditional sense. You cannot mount
Since OpenStack Object Storage is a different way of thinking when it comes to storage, take a few this system like traditional SAN or NAS volumes. Because Object
moments to review the key concepts in the developer documentation at Storage requires a different way of thinking when it comes to
<link xlink:href="http://docs.openstack.org/developer/swift/">docs.openstack.org/developer/swift/</link>.</para> storage, take a few moments to review the key concepts in the
developer documentation at <link
xlink:href="http://docs.openstack.org/developer/swift/"
>docs.openstack.org/developer/swift/</link>.</para>
<!-- TODO Is this really the best we can do?--> <!-- TODO Is this really the best we can do?-->
</section> </section>

34
doc/common/section_dashboard-configure-http.xml Normal file
View File

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="configure-dashboard-http"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Configure the dashboard for HTTP</title>
<?dbhtml stop-chunking?>
<para>You can configure the dashboard for a simple HTTP deployment. The standard installation
uses a non-encrypted HTTP channel.</para>
<procedure xml:id="dashboard-config-http">
<step>
<para>Specify the host for your OpenStack Identity
Service endpoint in the
<filename>/etc/openstack-dashboard/local_settings.py</filename>
file with the <literal>OPENSTACK_HOST</literal>
setting.</para>
<para>The following example shows this setting:</para>
<programlisting language="python"><?db-font-size 65%?><xi:include parse="text" href="samples/local_settings.py"/></programlisting>
<para>The service catalog configuration in the
Identity Service determines whether a service appears
in the dashboard. For the full listing, see
<link
xlink:href="http://docs.openstack.org/developer/horizon/topics/settings.html"
>Horizon Settings and
Configuration</link>.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
</step>
</procedure>
</section>

94
doc/common/section_dashboard-configure-https.xml Normal file
View File

@ -0,0 +1,94 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="dashboard-config-https" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"><title>Configure the dashboard for HTTPS</title>
<para>You can configure the dashboard for a secured HTTPS deployment. While the standard installation
uses a non-encrypted HTTP channel, you can enable SSL support
for the dashboard.</para>
<procedure>
<para>The following example uses the domain,
"http://openstack.example.com." Use a domain that fits
your current setup.</para>
<step>
<para>In<filename>/etc/openstack-dashboard/local_settings.py</filename>
update the following
directives:</para><programlisting>USE_SSL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True</programlisting>
<para>The first option is required to enable HTTPS.
The other recommended settings defend against
cross-site scripting and require HTTPS.</para>
</step>
<step>
<para>Edit
<filename>/etc/apache2/ports.conf</filename>
and add the following line:</para>
<programlisting>NameVirtualHost *:443</programlisting>
</step>
<step>
<para>Edit
<filename>/etc/apache2/conf.d/openstack-dashboard.conf:</filename></para>
<para>Before:</para>
<programlisting><?db-font-size 65%?>WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;</programlisting>
<para>After:</para>
<programlisting><?db-font-size 65%?>&lt;VirtualHost *:80&gt;
ServerName openstack.example.com
&lt;IfModule mod_rewrite.c&gt;
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
&lt;/IfModule&gt;
&lt;IfModule !mod_rewrite.c&gt;
RedirectPermanent / https://openstack.example.com
&lt;/IfModule&gt;
&lt;/VirtualHost&gt;
&lt;VirtualHost *:443&gt;
ServerName openstack.example.com
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
SetEnvIf User-Agent &quot;.*MSIE.*&quot; nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;
&lt;/VirtualHost&gt;</programlisting>
<para>In this configuration, Apache listens on the
port 443 and redirects all the hits to the HTTPS
protocol for all the non-secured requests. The secured
section defines the private key, public key, and
certificate to use.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
<para>If you try to access the dashboard through HTTP,
the browser redirects you to the HTTPS page.</para>
</step>
</procedure></section>

21
doc/common/section_dashboard-configure-vnc-window.xml Normal file
View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="vnc-window"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Change the size of the dashboard VNC window</title>
<para>The <filename>_detail_vnc.html</filename> file defines
the size of the VNC window. To change the window size, edit
this file.</para>
<procedure xml:id="adjust-vnc-window">
<step>
<para>Edit
<filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html.</filename></para>
</step>
<step>
<para>Modify the <literal>width</literal> and
<literal>height</literal> parameters, as follows:</para>
<programlisting>&lt;iframe src="{{ vnc_url }}" width="720" height="430"&gt;&lt;/iframe&gt;</programlisting>
</step>
</procedure>
</section>

141
doc/common/section_dashboard-configure.xml
View File

@ -5,134 +5,15 @@
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Configure the dashboard</title> <title>Configure the dashboard</title>
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<para>You can configure the dashboard for a simple HTTP deployment <para>You can configure the dashboard for a simple HTTP
or a secured HTTPS deployment. While the standard installation deployment. </para>
uses a non-encrypted HTTP channel, you can enable SSL support <para>You can configure the dashboard for a secured HTTPS
for the dashboard.</para> deployment. While the standard installation uses a
<procedure xml:id="dashboard-config-http"> non-encrypted HTTP channel, you can enable SSL support for the
<title>To configure the dashboard for HTTP</title> dashboard.</para>
<step> <para>Also, you can configure the size of the VNC window in the
<para>Specify the host for your OpenStack Identity dashboard. </para>
Service endpoint in the <xi:include href="section_dashboard-configure-http.xml"/>
<filename>/etc/openstack-dashboard/local_settings.py</filename> <xi:include href="section_dashboard-configure-https.xml"/>
file with the <literal>OPENSTACK_HOST</literal> <xi:include href="section_dashboard-configure-vnc-window.xml"/>
setting.</para>
<para>The following example shows this setting:</para>
<programlisting language="python"><?db-font-size 65%?><xi:include parse="text" href="samples/local_settings.py"/></programlisting>
<para>The service catalog configuration in the
Identity Service determines whether a service appears
in the dashboard. For the full listing, see
<link
xlink:href="http://docs.openstack.org/developer/horizon/topics/settings.html"
>Horizon Settings and
Configuration</link>.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
</step>
</procedure>
<procedure xml:id="dashboard-config-https">
<title>To configure the dashboard for HTTPS</title>
<para>The following example uses the domain,
"http://openstack.example.com." Use a domain that fits
your current setup.</para>
<step>
<para>In<filename>/etc/openstack-dashboard/local_settings.py</filename>
update the following
directives:<programlisting>USE_SSL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True</programlisting></para>
<para>The first option is required to enable HTTPS.
The other recommended settings defend against
cross-site scripting and require HTTPS.</para>
</step>
<step>
<para>Edit
<filename>/etc/apache2/ports.conf</filename>
and add the following line:</para>
<programlisting>NameVirtualHost *:443</programlisting>
</step>
<step>
<para>Edit
<filename>/etc/apache2/conf.d/openstack-dashboard.conf:</filename></para>
<para>Before:</para>
<programlisting><?db-font-size 65%?>WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;</programlisting>
<para>After:</para>
<programlisting><?db-font-size 65%?>&lt;VirtualHost *:80&gt;
ServerName openstack.example.com
&lt;IfModule mod_rewrite.c&gt;
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
&lt;/IfModule&gt;
&lt;IfModule !mod_rewrite.c&gt;
RedirectPermanent / https://openstack.example.com
&lt;/IfModule&gt;
&lt;/VirtualHost&gt;
&lt;VirtualHost *:443&gt;
ServerName openstack.example.com
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
SetEnvIf User-Agent &quot;.*MSIE.*&quot; nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;
&lt;/VirtualHost&gt;</programlisting>
<para>In this configuration, Apache listens on the
port 443 and redirects all the hits to the HTTPS
protocol for all the non-secured requests. The secured
section defines the private key, public key, and
certificate to use.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
<para>If you try to access the dashboard through HTTP,
the browser redirects you to the HTTPS page.</para>
</step>
</procedure>
<procedure xml:id="adjust-vnc-window">
<title>To adjust the dimensions of the VNC window in the
Dashboard</title>
<para>The <filename>_detail_vnc.html</filename> file defines
the size of the VNC window. To change the window size, edit
this file.</para>
<step>
<para>Edit
<filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html.</filename></para>
</step>
<step>
<para>Modify the <literal>width</literal> and
<literal>height</literal> parameters, as follows:</para>
<programlisting>&lt;iframe src="{{ vnc_url }}" width="720" height="430"&gt;&lt;/iframe&gt;</programlisting>
</step>
</procedure>
</section> </section>

77
doc/common/section_dashboard-install.xml
View File

@ -5,33 +5,36 @@
<!ENTITY mdash "&#x2014;"> <!ENTITY mdash "&#x2014;">
<!ENTITY hellip "&#x2026;"> <!ENTITY hellip "&#x2026;">
]> ]>
<section xml:id="installing-openstack-dashboard" <section xml:id="install_dashboard"
xmlns="http://docbook.org/ns/docbook" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"> xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Install and configure the dashboard</title> <?dbhtml stop-chunking?>
<title>Install the dashboard</title>
<para>Before you can install and configure the dashboard, meet the <para>Before you can install and configure the dashboard, meet the
requirements in <xref linkend="dashboard-system-requirements"/>.</para> requirements in <xref linkend="dashboard-system-requirements"
<para>For more information about how to deploy the dashboard, see <link />.</para>
<para>For more information about how to deploy the dashboard, see
<link
xlink:href="http://docs.openstack.org/developer/horizon/topics/deployment.html" xlink:href="http://docs.openstack.org/developer/horizon/topics/deployment.html"
>Deploying Horizon</link>.</para> >Deploying Horizon</link>.</para>
<procedure> <procedure>
<title>To install the dashboard</title>
<step> <step>
<para>Install the dashboard on the node that can contact the <para>Install the dashboard on the node that can contact
Identity Service as root:</para> the Identity Service as root:</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install memcached libapache2-mod-wsgi openstack-dashboard</userinput></screen> <screen os="ubuntu" language="bash"><prompt>#</prompt> <userinput>apt-get install memcached libapache2-mod-wsgi openstack-dashboard</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install memcached python-memcached mod_wsgi openstack-dashboard</userinput></screen> <screen os="rhel;centos;fedora" language="bash"><prompt>#</prompt> <userinput>yum install memcached python-memcached mod_wsgi openstack-dashboard</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install memcached python-python-memcached apache2-mod_wsgi openstack-dashboard</userinput></screen> <screen os="opensuse" language="bash"><prompt>#</prompt> <userinput>zypper install memcached python-python-memcached apache2-mod_wsgi openstack-dashboard</userinput></screen>
</step> </step>
<step> <step>
<para>Modify the value of <para>Modify the value of
<literal>CACHES['default']['LOCATION']</literal> in <literal>CACHES['default']['LOCATION']</literal>
<filename os="ubuntu" in <filename os="ubuntu"
>/etc/openstack-dashboard/local_settings.py</filename><filename >/etc/openstack-dashboard/local_settings.py</filename><filename
os="centos;fedora;rhel" os="centos;fedora;rhel"
>/etc/openstack-dashboard/local_settings</filename><filename >/etc/openstack-dashboard/local_settings</filename><filename
os="opensuse">/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename> os="opensuse"
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
to match the ones set in <filename os="ubuntu" to match the ones set in <filename os="ubuntu"
>/etc/memcached.conf</filename><filename >/etc/memcached.conf</filename><filename
os="centos;fedora;rhel;opensuse" os="centos;fedora;rhel;opensuse"
@ -39,59 +42,62 @@
<para>Open <filename os="ubuntu" <para>Open <filename os="ubuntu"
>/etc/openstack-dashboard/local_settings.py</filename> >/etc/openstack-dashboard/local_settings.py</filename>
<filename os="centos;fedora;rhel" <filename os="centos;fedora;rhel"
>/etc/openstack-dashboard/local_settings</filename> and look >/etc/openstack-dashboard/local_settings</filename>
for this line:</para> and look for this line:</para>
<programlisting language="bash" linenumbering="unnumbered">CACHES = { <programlisting language="bash" linenumbering="unnumbered"><?db-font-size 75%?>CACHES = {
'default': { 'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211' 'LOCATION' : '127.0.0.1:11211'
} }
}</programlisting> }</programlisting>
<note xlink:href="#installing-openstack-dashboard" <note xlink:href="#installing-openstack-dashboard"
xlink:title="Notes"> xlink:title="Notes">
<title>Notes</title> <title>Notes</title>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>The address and port must match the ones set in <para>The address and port must match the ones
<filename os="ubuntu" set in <filename os="ubuntu"
>/etc/memcached.conf</filename><filename >/etc/memcached.conf</filename><filename
os="centos;fedora;rhel;opensuse" os="centos;fedora;rhel;opensuse"
>/etc/sysconfig/memcached</filename>.</para> >/etc/sysconfig/memcached</filename>.</para>
<para>If you change the memcached settings, you must <para>If you change the memcached settings,
restart the Apache web server for the changes to you must restart the Apache web server for
take effect.</para> the changes to take effect.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>You can use options other than memcached option <para>You can use options other than memcached
for session storage. Set the session back-end option for session storage. Set the
through the <parameter>SESSION_ENGINE</parameter> session back-end through the
<parameter>SESSION_ENGINE</parameter>
option.</para> option.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>To change the timezone, use the dashboard or edit <para>To change the timezone, use the
the <filename os="centos;fedora;rhel" dashboard or edit the <filename
os="centos;fedora;rhel"
>/etc/openstack-dashboard/local_settings</filename><filename >/etc/openstack-dashboard/local_settings</filename><filename
os="ubuntu" os="ubuntu"
>/etc/openstack-dashboard/local_settings.py</filename><filename >/etc/openstack-dashboard/local_settings.py</filename><filename
os="opensuse" os="opensuse"
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename> >/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
file.</para> file.</para>
<para>Change the following parameter: <code>TIME_ZONE = <para>Change the following parameter:
"UTC"</code> <code>TIME_ZONE = "UTC"</code>
</para> </para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</note> </note>
</step> </step>
<step> <step>
<para>Make sure that the web browser on your local machine supports <para>Make sure that the web browser on your local machine
HTML5.</para> supports HTML5.</para>
<para>Enable cookies and JavaScript.</para> <para>Enable cookies and JavaScript.</para>
<note> <note>
<para>To use the VNC client with the dashboard, the browser must <para>To use the VNC client with the dashboard, the
support HTML5 Canvas and HTML5 WebSockets.</para> browser must support HTML5 Canvas and HTML5
<para>For details about browsers that support noVNC, see <link WebSockets.</para>
<para>For details about browsers that support noVNC,
see <link
xlink:href="https://github.com/kanaka/noVNC/blob/master/README.md" xlink:href="https://github.com/kanaka/noVNC/blob/master/README.md"
>https://github.com/kanaka/noVNC/blob/master/README.md</link>, >https://github.com/kanaka/noVNC/blob/master/README.md</link>,
and <link and <link
@ -100,5 +106,4 @@
</note> </note>
</step> </step>
</procedure> </procedure>
<xi:include href="section_dashboard-configure.xml"/>
</section> </section>

2
doc/common/section_dashboard-system-reqs.xml
View File

@ -34,7 +34,7 @@
might differ by platform.</para> might differ by platform.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>Then, <link linkend="installing-openstack-dashboard" <para>Then, <link linkend="ch_install-dashboard"
>install and configure the dashboard</link> on a node that >install and configure the dashboard</link> on a node that
can contact the Identity Service.</para> can contact the Identity Service.</para>
<para>Provide users with the following information so that they <para>Provide users with the following information so that they

18
doc/common/section_dashboard_customizing.xml
View File

@ -15,13 +15,14 @@
<para>Canonical also provides an <para>Canonical also provides an
<literal>openstack-dashboard-ubuntu-theme</literal> <literal>openstack-dashboard-ubuntu-theme</literal>
package that brands the Python-based Django interface.</para> package that brands the Python-based Django interface.</para>
<para>The following example shows a customized dashboard with <!-- The following diagrams are sized incorrectly and will add back later -->
<!--<para>The following example shows a customized dashboard with
custom colors, logo, and site title:</para> custom colors, logo, and site title:</para>
<mediaobject> <mediaobject>
<imageobject role="fo"> <imageobject role="fo">
<imagedata <imagedata
fileref="figures/Login-OpenStack-Dashboard.png" fileref="figures/Login-OpenStack-Dashboard.png"
format="PNG" scale="60"/> format="PNG" scale="40"/>
</imageobject> </imageobject>
<imageobject role="html"> <imageobject role="html">
<imagedata <imagedata
@ -33,16 +34,15 @@
<imageobject role="fo"> <imageobject role="fo">
<imagedata <imagedata
fileref="figures/Flavors-TGen-Cloud-Dashboard.png" fileref="figures/Flavors-TGen-Cloud-Dashboard.png"
format="PNG" scale="60"/> format="PNG" scale="40"/>
</imageobject> </imageobject>
<imageobject role="html"> <imageobject role="html">
<imagedata <imagedata
fileref="figures/Flavors-TGen-Cloud-Dashboard.png" fileref="figures/Flavors-TGen-Cloud-Dashboard.png"
format="PNG"/> format="PNG"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>-->
<procedure> <procedure>
<title>To customize the dashboard:</title>
<step> <step>
<para>Create a graphical logo with a transparent <para>Create a graphical logo with a transparent
background. The text <literal>TGen Cloud</literal> in background. The text <literal>TGen Cloud</literal> in
@ -76,7 +76,7 @@
appropriate, though the relative directory paths appropriate, though the relative directory paths
should be the same. The following example file shows should be the same. The following example file shows
you how to customize your CSS you how to customize your CSS
file:<programlisting><?db-font-size 65%?>/* file:</para><programlisting><?db-font-size 65%?>/*
* New theme colors for dashboard that override the defaults: * New theme colors for dashboard that override the defaults:
* dark blue: #355796 / rgb(53, 87, 150) * dark blue: #355796 / rgb(53, 87, 150)
* light blue: #BAD3E1 / rgb(186, 211, 225) * light blue: #BAD3E1 / rgb(186, 211, 225)
@ -108,7 +108,7 @@ border: none;
box-shadow: none; box-shadow: none;
background-color: #BAD3E1 !important; background-color: #BAD3E1 !important;
text-decoration: none; text-decoration: none;
}</programlisting></para> }</programlisting>
</step> </step>
<step> <step>
<para>Open the following HTML template in an editor: <para>Open the following HTML template in an editor:
@ -116,12 +116,12 @@ text-decoration: none;
</step> </step>
<step> <step>
<para>Add a line to include your <para>Add a line to include your
<filename>custom.css</filename> file: <filename>custom.css</filename> file:</para>
<programlisting><?db-font-size 65%?>... <programlisting><?db-font-size 65%?>...
&lt;link href='{{ STATIC_URL }}bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet' /&gt; &lt;link href='{{ STATIC_URL }}bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet' /&gt;
&lt;link href='{{ STATIC_URL }}dashboard/css/{% choose_css %}' media='screen' rel='stylesheet' /&gt; &lt;link href='{{ STATIC_URL }}dashboard/css/{% choose_css %}' media='screen' rel='stylesheet' /&gt;
<emphasis>&lt;link href='{{ STATIC_URL }}dashboard/css/custom.css' media='screen' rel='stylesheet' /&gt;</emphasis> <emphasis>&lt;link href='{{ STATIC_URL }}dashboard/css/custom.css' media='screen' rel='stylesheet' /&gt;</emphasis>
...</programlisting></para> ...</programlisting>
</step> </step>
<step> <step>
<para>Restart apache:</para> <para>Restart apache:</para>

28
doc/common/section_dashboard_sessions.xml
View File

@ -6,9 +6,9 @@
<title>Set up session storage for the dashboard</title> <title>Set up session storage for the dashboard</title>
<para>The dashboard uses <link <para>The dashboard uses <link
xlink:href="https://docs.djangoproject.com/en/dev/topics/http/sessions/" xlink:href="https://docs.djangoproject.com/en/dev/topics/http/sessions/"
>Djangos sessions framework</link> to handle user session >Django sessions framework</link> to handle user session
data. However, you can use any available session backend. You data. However, you can use any available session back end. You
customize the session backend through the customize the session back end through the
<literal>SESSION_ENGINE</literal> setting in your <literal>SESSION_ENGINE</literal> setting in your
<filename os="centos;fedora;rhel"> <filename os="centos;fedora;rhel">
/etc/openstack-dashboard/local_settings</filename> /etc/openstack-dashboard/local_settings</filename>
@ -20,7 +20,7 @@
<section xml:id="dashboard-session-local"> <section xml:id="dashboard-session-local">
<title>Local memory cache</title> <title>Local memory cache</title>
<para>Local memory storage is the quickest and easiest session <para>Local memory storage is the quickest and easiest session
backend to set up, as it has no external dependencies back end to set up, as it has no external dependencies
whatsoever. It has the following significant whatsoever. It has the following significant
drawbacks:</para> drawbacks:</para>
<itemizedlist> <itemizedlist>
@ -33,11 +33,11 @@
terminates.</para> terminates.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The local memory backend is enabled as the default for <para>The local memory back end is enabled as the default for
Horizon solely because it has no dependencies. It is not Horizon solely because it has no dependencies. It is not
recommended for production use, or even for serious recommended for production use, or even for serious
development work. Enabled by:</para> development work. Enabled by:</para>
<programlisting language="python">SESSION_ENGINE = 'django.contrib.sessions.backends.cache' <programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = { CACHES = {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'
}</programlisting> }</programlisting>
@ -62,7 +62,7 @@ CACHES = {
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>Enabled by:</para> <para>Enabled by:</para>
<programlisting language="python">SESSION_ENGINE = 'django.contrib.sessions.backends.cache' <programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = { CACHES = {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache' 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'LOCATION': 'my_memcached_host:11211', 'LOCATION': 'my_memcached_host:11211',
@ -82,7 +82,7 @@ CACHES = {
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>Enabled by:</para> <para>Enabled by:</para>
<programlisting language="python">SESSION_ENGINE = 'django.contrib.sessions.backends.cache' <programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = { CACHES = {
"default": { "default": {
"BACKEND": "redis_cache.cache.RedisCache", "BACKEND": "redis_cache.cache.RedisCache",
@ -136,7 +136,7 @@ CACHES = {
<filename os="opensuse" <filename os="opensuse"
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename> >/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
file, change these options:</para> file, change these options:</para>
<programlisting language="python">SESSION_ENGINE = 'django.core.cache.backends.db.DatabaseCache' <programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.core.cache.backends.db.DatabaseCache'
DATABASES = { DATABASES = {
'default': { 'default': {
# Database configuration here # Database configuration here
@ -189,20 +189,20 @@ No fixtures found.</computeroutput></screen>
<section xml:id="dashboard-session-cached-database"> <section xml:id="dashboard-session-cached-database">
<title>Cached database</title> <title>Cached database</title>
<para>To mitigate the performance issues of database queries, <para>To mitigate the performance issues of database queries,
you can use the Django cached_db session backend, which you can use the Django cached_db session back end, which
utilizes both your database and caching infrastructure to utilizes both your database and caching infrastructure to
perform write-through caching and efficient retrieval.</para> perform write-through caching and efficient retrieval.</para>
<para>Enable this hybrid setting by configuring both your <para>Enable this hybrid setting by configuring both your
database and cache, as discussed previously. Then, set the database and cache, as discussed previously. Then, set the
following value:</para> following value:</para>
<programlisting language="python">SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"</programlisting> <programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"</programlisting>
</section> </section>
<section xml:id="dashboard-session-cookies"> <section xml:id="dashboard-session-cookies">
<title>Cookies</title> <title>Cookies</title>
<para>If you use Django 1.4 or later, the signed_cookies <para>If you use Django 1.4 or later, the signed_cookies
backend avoids server load and scaling problems.</para> back end avoids server load and scaling problems.</para>
<para>This backend stores session data in a cookie, which is <para>This back end stores session data in a cookie, which is
stored by the users browser. The backend uses a stored by the users browser. The back end uses a
cryptographic signing technique to ensure session data is cryptographic signing technique to ensure session data is
not tampered with during transport. This is not the same not tampered with during transport. This is not the same
as encryption; session data is still readable by an as encryption; session data is still readable by an

2
doc/common/section_identity-troubleshooting.xml
View File

@ -161,7 +161,7 @@ arg_dict: {}
<parameter>--keystone-user</parameter> and <parameter>--keystone-user</parameter> and
<parameter>--keystone-group</parameter> parameters, <parameter>--keystone-group</parameter> parameters,
you get an error, as follows:</para> you get an error, as follows:</para>
<screen><computeroutput>2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing key file <screen><?db-font-size 75%?><computeroutput>2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing key file
/etc/keystone/ssl/private/signing_key.pem /etc/keystone/ssl/private/signing_key.pem
140380567730016:error:0200100D:system library:fopen:Permission 140380567730016:error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('/etc/keystone/ssl/private/signing_key.pem','r') denied:bss_file.c:398:fopen('/etc/keystone/ssl/private/signing_key.pem','r')

264
doc/common/section_keystone-concepts.xml
View File

@ -5,10 +5,12 @@
xml:id="keystone-concepts"> xml:id="keystone-concepts">
<?dbhtml stop-chunking?> <?dbhtml stop-chunking?>
<title>Identity Service concepts</title> <title>Identity Service concepts</title>
<para>The Identity Service performs the following functions:</para> <para>The Identity Service performs the following
functions:</para>
<itemizedlist spacing="compact"> <itemizedlist spacing="compact">
<listitem> <listitem>
<para>User management. Tracks users and their permissions.</para> <para>User management. Tracks users and their
permissions.</para>
</listitem> </listitem>
<listitem> <listitem>
<para>Service catalog. Provides a catalog of available <para>Service catalog. Provides a catalog of available
@ -17,55 +19,47 @@
</itemizedlist> </itemizedlist>
<para>To understand the Identity Service, you must understand the <para>To understand the Identity Service, you must understand the
following concepts:</para> following concepts:</para>
<variablelist> <variablelist wordsize="10">
<varlistentry> <varlistentry>
<term>User</term> <term><emphasis role="bold">User</emphasis></term>
<listitem> <listitem>
<para>Digital representation of a person, system, or service <para>Digital representation of a person, system, or
who uses OpenStack cloud services. Identity authentication service who uses OpenStack cloud services. The
services will validate that incoming request are being made Identity Service validates that incoming requests
by the user who claims to be making the call. Users have a are made by the user who claims to be making the
login and may be assigned tokens to access resources. Users call. Users have a login and may be assigned
may be directly assigned to a particular tenant and behave tokens to access resources. Users can be directly
as if they are contained in that tenant. assigned to a particular tenant and behave as if
</para> they are contained in that tenant.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Credentials</term> <term><emphasis role="bold">Credentials</emphasis></term>
<listitem> <listitem>
<para>Data that is known only by a user that proves <para>Data that is known only by a user that proves
who they are. In the Identity Service, examples who they are. In the Identity Service, examples
are:</para> are: User name and password, user name and API
<itemizedlist> key, or an authentication token provided by the
<listitem> Identity Service.</para>
<para>Username and password</para>
</listitem>
<listitem>
<para>Username and API key</para>
</listitem>
<listitem>
<para>An authentication token provided by the
Identity Service</para>
</listitem>
</itemizedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Authentication</term> <term><emphasis role="bold"
>Authentication</emphasis></term>
<listitem> <listitem>
<para>The act of confirming the identity of a user. <para>The act of confirming the identity of a user.
The Identity Service confirms an incoming request The Identity Service confirms an incoming request
by validating a set of credentials supplied by the by validating a set of credentials supplied by the
user. These credentials are initially a username user. </para>
and password or a username and API key. In <para>These credentials are initially a user name and
response to these credentials, the Identity password or a user name and API key. In response
Service issues the user an authentication token, to these credentials, the Identity Service issues
which the user provides in subsequent requests.</para> an authentication token to the user, which the
user provides in subsequent requests.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Token</term> <term><emphasis role="bold">Token</emphasis></term>
<listitem> <listitem>
<para>An arbitrary bit of text that is used to access <para>An arbitrary bit of text that is used to access
resources. Each token has a scope which describes resources. Each token has a scope which describes
@ -82,7 +76,7 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Tenant</term> <term><emphasis role="bold">Tenant</emphasis></term>
<listitem> <listitem>
<para>A container used to group or isolate resources <para>A container used to group or isolate resources
and/or identity objects. Depending on the service and/or identity objects. Depending on the service
@ -91,16 +85,17 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Service</term> <term><emphasis role="bold">Service</emphasis></term>
<listitem> <listitem>
<para>An OpenStack service, such as Compute (Nova), <para>An OpenStack service, such as Compute (Nova),
Object Storage (Swift), or Image Service (Glance). Object Storage (Swift), or Image Service (Glance).
Provides one or more endpoints through which users Provides one or more endpoints through which users
can access resources and perform operations.</para> can access resources and perform
operations.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Endpoint</term> <term><emphasis role="bold">Endpoint</emphasis></term>
<listitem> <listitem>
<para>An network-accessible address, usually described <para>An network-accessible address, usually described
by URL, from where you access a service. If using by URL, from where you access a service. If using
@ -111,7 +106,7 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term>Role</term> <term><emphasis role="bold">Role</emphasis></term>
<listitem> <listitem>
<para>A personality that a user assumes that enables <para>A personality that a user assumes that enables
them to perform a specific set of operations. A them to perform a specific set of operations. A
@ -119,20 +114,21 @@
user assuming that role inherits those rights and user assuming that role inherits those rights and
privileges.</para> privileges.</para>
<para>In the Identity Service, a token that is issued <para>In the Identity Service, a token that is issued
to a user includes the list of roles that user can to a user includes the list of roles that user
assume. Services that are being called by that has. Services that are being called by that user
user determine how they interpret the set of roles determine how they interpret the set of roles a
a user has and which operations or resources each user has and to which operations or resources each
role grants access to.</para> role grants access.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para> <para>The following diagram shows the Identity Service process
flow:</para>
<mediaobject> <mediaobject>
<imageobject role="fo"> <imageobject role="fo">
<imagedata <imagedata
fileref="figures/SCH_5002_V00_NUAC-Keystone.png" fileref="figures/SCH_5002_V00_NUAC-Keystone.png"
format="PNG" scale="50"/> format="PNG" scale="40"/>
</imageobject> </imageobject>
<imageobject role="html"> <imageobject role="html">
<imagedata <imagedata
@ -140,7 +136,7 @@
format="PNG" scale="10"/> format="PNG" scale="10"/>
</imageobject> </imageobject>
</mediaobject> </mediaobject>
</para> <?hard-pagebreak?>
<section xml:id="keystone-user-management"> <section xml:id="keystone-user-management">
<title>User management</title> <title>User management</title>
<para>The main components of Identity user management are: <itemizedlist> <para>The main components of Identity user management are: <itemizedlist>
@ -155,15 +151,17 @@
</listitem> </listitem>
</itemizedlist></para> </itemizedlist></para>
<para>A <emphasis>user</emphasis> represents a human user, and <para>A <emphasis>user</emphasis> represents a human user, and
has associated information such as username, password and has associated information such as user name, password,
email. This example creates a user named "alice":</para> and email. This example creates a user named
<screen><prompt>$</prompt> <userinput>keystone user-create --name=alice --pass=mypassword123 --email=alice@example.com</userinput></screen> "alice":</para>
<screen><prompt>$</prompt> <userinput>keystone user-create --name=alice \
--pass=mypassword123 --email=alice@example.com</userinput></screen>
<para>A <emphasis>tenant</emphasis> can be a project, group, <para>A <emphasis>tenant</emphasis> can be a project, group,
or organization. Whenever you make requests to OpenStack or organization. Whenever you make requests to OpenStack
services, you must specify a tenant. For example, if you services, you must specify a tenant. For example, if you
query the Compute service for a list of running instances, query the Compute service for a list of running instances,
you will receive a list of all of the running instances in you receive a list of all of the running instances in the
the tenant you specified in your query. This example tenant that you specified in your query. This example
creates a tenant named "acme":</para> creates a tenant named "acme":</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-create --name=acme</userinput></screen> <screen><prompt>$</prompt> <userinput>keystone tenant-create --name=acme</userinput></screen>
<note> <note>
@ -185,10 +183,11 @@
roles. As far as the Identity service is concerned, a roles. As far as the Identity service is concerned, a
role is simply a name.</para> role is simply a name.</para>
</note> </note>
<?hard-pagebreak?>
<para>The Identity service associates a user with a tenant and <para>The Identity service associates a user with a tenant and
a role. To continue with our previous examples, we may a role. To continue with the previous examples, you might
wish to assign the "alice" user the "compute-user" role in to assign the "alice" user the "compute-user" role in the
the "acme" tenant:</para> "acme" tenant:</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen> <screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen>
<screen><computeroutput>+--------+---------+-------------------+--------+ <screen><computeroutput>+--------+---------+-------------------+--------+
| id | enabled | email | name | | id | enabled | email | name |
@ -209,44 +208,47 @@
+--------+------+---------+</computeroutput></screen> +--------+------+---------+</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>keystone user-role-add --user=892585 --role=9a764e --tenant-id=6b8fd2</userinput> </screen> <screen><prompt>$</prompt> <userinput>keystone user-role-add --user=892585 --role=9a764e --tenant-id=6b8fd2</userinput> </screen>
<para>A user can be assigned different roles in different <para>A user can be assigned different roles in different
tenants: for example, Alice may also have the "admin" role tenants: for example, Alice might also have the "admin"
in the "Cyberdyne" tenant. A user can also be assigned role in the "Cyberdyne" tenant. A user can also be
multiple roles in the same tenant.</para> assigned multiple roles in the same tenant.</para>
<para>The <para>The
<filename>/etc/<replaceable>[SERVICE_CODENAME]</replaceable>/policy.json</filename> <filename>/etc/<replaceable>[SERVICE_CODENAME]</replaceable>/policy.json</filename>
file controls what users are allowed to do for a given service. file controls the tasks that users can perform for a given
For example, <filename>/etc/nova/policy.json</filename> service. For example,
specifies the access policy for the Compute service, <filename>/etc/nova/policy.json</filename> specifies
the access policy for the Compute service,
<filename>/etc/glance/policy.json</filename> specifies <filename>/etc/glance/policy.json</filename> specifies
the access policy for the Image service, and the access policy for the Image service, and
<filename>/etc/keystone/policy.json</filename> <filename>/etc/keystone/policy.json</filename>
specifies the access policy for the Identity service.</para> specifies the access policy for the Identity
service.</para>
<para>The default <filename>policy.json</filename> files in <para>The default <filename>policy.json</filename> files in
the Compute, Identity, and Image service recognize only the Compute, Identity, and Image service recognize only
the <literal>admin</literal> role: all operations that do the <literal>admin</literal> role: all operations that do
not require the <literal>admin</literal> role will be not require the <literal>admin</literal> role are
accessible by any user that has any role in a tenant.</para> accessible by any user that has any role in a
tenant.</para>
<para>If you wish to restrict users from performing operations <para>If you wish to restrict users from performing operations
in, say, the Compute service, you need to create a role in in, say, the Compute service, you need to create a role in
the Identity service and then modify the Identity service and then modify
<filename>/etc/nova/policy.json</filename> so that <filename>/etc/nova/policy.json</filename> so that
this role is required for Compute operations.</para> this role is required for Compute operations.</para>
<?hard-pagebreak?>
<para>For example, this line in <para>For example, this line in
<filename>/etc/nova/policy.json</filename> specifies <filename>/etc/nova/policy.json</filename> specifies
that there are no restrictions on which users can create that there are no restrictions on which users can create
volumes: if the user has any role in a tenant, they will volumes: if the user has any role in a tenant, they can
be able to create volumes in that tenant.</para> create volumes in that tenant.</para>
<programlisting language="json">"volume:create": [],</programlisting> <programlisting language="json">"volume:create": [],</programlisting>
<para>If we wished to restrict creation of volumes to users <para>To restrict creation of volumes to users who had the
who had the <literal>compute-user</literal> role in a <literal>compute-user</literal> role in a particular
particular tenant, we would add tenant, you would add
<literal>"role:compute-user"</literal>, like so:</para> <literal>"role:compute-user"</literal>, like
so:</para>
<programlisting language="json">"volume:create": ["role:compute-user"],</programlisting> <programlisting language="json">"volume:create": ["role:compute-user"],</programlisting>
<para> <para>To restrict all Compute service requests to require this
If we wished to restrict all Compute service requests to require role, the resulting file would look like:</para>
this role, the resulting file would look like: <programlisting language="json"><?db-font-size 50%?>{
</para>
<programlisting language="json">{
"admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]], "admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]],
"default": [["rule:admin_or_owner"]], "default": [["rule:admin_or_owner"]],
@ -363,59 +365,81 @@
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>The Identity Service also maintains a user that <para>The Identity Service also maintains a user that
corresponds to each service (such as, a user named corresponds to each service, such as, a user named
<emphasis>nova</emphasis>, for the Compute service) <emphasis>nova</emphasis> for the Compute service, and
and a special service tenant, which is called a special service tenant called
<emphasis>service</emphasis>.</para> <emphasis>service</emphasis>.</para>
<para>The commands for creating services and endpoints are <para>For information about how to create services and
described in a later section.</para> endpoints, see the <link
xlink:href="http://docs.openstack.org/user-guide-admin/content/index.html"
><citetitle>OpenStack Admin User
Guide</citetitle></link>.</para>
</section> </section>
<?hard-pagebreak?>
<section xml:id="identity-groups"> <section xml:id="identity-groups">
<title>Groups</title> <title>Groups</title>
<para> <para>A group is a collection of users. Administrators can
A group is a collection of users. create groups and add users to them. Then, rather than
Administrators can create groups and add users to them. assign a role to each user individually, assign a role to
Then, rather than assign a role to each user individually, the group. Every group is in a domain. Groups were
assign a role to the group. introduced with version 3 of the Identity API (the Grizzly
</para> release of Keystone).</para>
<para> <para>Identity API V3 provides the following group-related
Every group is in a domain. Groups were introduced with version 3 of the operations:</para>
Identity API (the Grizzly release of Keystone).
</para>
<para>
Identity API V3 provides the following group-related operations:
</para>
<itemizedlist> <itemizedlist>
<listitem><para>Create a group</para></listitem> <listitem>
<listitem><para>Delete a group</para></listitem> <para>Create a group</para>
<listitem><para>Update a group (change its name or description)</para></listitem> </listitem>
<listitem><para>Add a user to a group</para></listitem> <listitem>
<listitem><para>Remove a user from a group</para></listitem> <para>Delete a group</para>
<listitem><para>List group members</para></listitem> </listitem>
<listitem><para>List groups for a user</para></listitem> <listitem>
<listitem><para>Assign a role on a tenant to a group</para></listitem> <para>Update a group (change its name or
<listitem><para>Assign a role on a domain to a group</para></listitem> description)</para>
<listitem><para>Query role assignments to groups</para></listitem> </listitem>
<listitem>
<para>Add a user to a group</para>
</listitem>
<listitem>
<para>Remove a user from a group</para>
</listitem>
<listitem>
<para>List group members</para>
</listitem>
<listitem>
<para>List groups for a user</para>
</listitem>
<listitem>
<para>Assign a role on a tenant to a group</para>
</listitem>
<listitem>
<para>Assign a role on a domain to a group</para>
</listitem>
<listitem>
<para>Query role assignments to groups</para>
</listitem>
</itemizedlist> </itemizedlist>
<note> <note>
<para> <para>The Identity service server might not allow all
Not all of these operations may be allowed by the Identity server. operations. For example, if using the Keystone server
For example, if using the Keystone server with the LDAP Identity backend and with the LDAP Identity back end and group updates are
group updates are disabled, then a request to create, delete, or update a group disabled, then a request to create, delete, or update
will fail. a group fails.</para>
</para>
</note> </note>
<para> <para>Here are a couple examples:</para>
Here's a couple examples: <itemizedlist>
</para><para> <listitem>
Group A is granted Role A on Tenant A. If User A is a member of Group A, <para>Group A is granted Role A on Tenant A. If User A
then when User A gets a token scoped to Tenant A then the token will also is a member of Group A, when User A gets a token
include Role A. scoped to Tenant A, the token also includes Role
</para><para> A.</para>
Group B is granted Role B on Domain B. If User B is a member of Domain B, </listitem>
then if User B gets a token scoped to Domain B then the token will also <listitem>
include Role B. <para>Group B is granted Role B on Domain B. If User B
</para> is a member of Domain B, if User B gets a token
scoped to Domain B, the token also includes Role
B.</para>
</listitem>
</itemizedlist>
</section> </section>
</section> </section>

1
doc/common/section_storage-concepts.xml
View File

@ -54,6 +54,7 @@
</tr> </tr>
</tbody> </tbody>
</table> </table>
<?hard-pagebreak?>
<para>Other points of note include: <itemizedlist> <para>Other points of note include: <itemizedlist>
<listitem> <listitem>
<para><emphasis>OpenStack Object Storage is not used like a <para><emphasis>OpenStack Object Storage is not used like a

7
doc/common/section_support-compute.xml
View File

@ -123,9 +123,10 @@
can then delete. For can then delete. For
example:<screen><prompt>$</prompt> <userinput>nova reset-state c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput> example:<screen><prompt>$</prompt> <userinput>nova reset-state c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput>
<prompt>$</prompt> <userinput>nova delete c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen></para> <prompt>$</prompt> <userinput>nova delete c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen></para>
<para>You can also use the <literal>--active</literal> to force the instance back into <para>You can also use the <literal>--active</literal> to
an active state instead of an error state, for example:<screen><prompt>$</prompt> <userinput>nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen> force the instance back into an active state instead of an
</para> error state, for
example:<screen><prompt>$</prompt> <userinput>nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput> </screen></para>
</section> </section>
<section xml:id="problems-with-injection"> <section xml:id="problems-with-injection">
<title>Problems with Injection</title> <title>Problems with Injection</title>

2
doc/install-guide/ch_installdashboard.xml
View File

@ -14,7 +14,7 @@
OpenStack Compute cloud controller through the OpenStack APIs.</para> OpenStack Compute cloud controller through the OpenStack APIs.</para>
<para>The following instructions show an example deployment <para>The following instructions show an example deployment
configured with an Apache web server.</para> configured with an Apache web server.</para>
<para>After you <link linkend="installing-openstack-dashboard" <para>After you <link linkend="ch_install-dashboard"
>install and configure the dashboard</link>, you can >install and configure the dashboard</link>, you can
complete the following tasks:</para> complete the following tasks:</para>
<itemizedlist> <itemizedlist>