openstack/openstack-manuals
Code Issues Proposed changes

Fixes to Cloud Admin Guide for Havana (testing with Anne G)

Browse Source 
Change-Id: I65a12cfdde82c069684e7fac0b53ae5720b6ebda
author: diane fleming
This commit is contained in:
Diane Fleming 2013-09-27 12:14:51 -05:00
parent 94c72ccb4e
commit c2bfed945d
25 changed files with 3721 additions and 3244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/admin-guide-cloud/bk-admin-guide-cloud.xml
View File

@ -7,7 +7,7 @@
xml:id="openstack-compute-admin-manual-grizzly">
<title>OpenStack Cloud Administrator Guide</title>
<?rax title.font.size="28px" subtitle.font.size="28px"?>
<titleabbrev>OpenStack Cloud Administrator Guide</titleabbrev>
<titleabbrev>Cloud Administrator Guide</titleabbrev>
<info>
<author>
<personname>

23
doc/admin-guide-cloud/ch_blockstorage.xml
View File

@ -3,6 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="managing-volumes">
<?dbhtml stop-chunking?>
<title>Block Storage</title>
<para>The OpenStack Block Storage service works though the
interaction of a series of daemon processes named cinder-*
@ -26,6 +27,7 @@
service is similar to the Amazon EC2 Elastic Block Storage
(EBS) offering.</para>
</section>
<?hard-pagebreak?>
<section xml:id="section_manage-volumes">
<title>Manage volumes</title>
<para>The default OpenStack Block Storage service implementation
@ -45,8 +47,6 @@
<para>The following high-level procedure shows you how to create
and attach a volume to a server instance.</para>
<procedure>
<title>To create and attach a volume to a server
instance:</title>
<step><para>You must configure both OpenStack Compute and the
OpenStack Block Storage service through the
<filename>cinder.conf</filename> file.</para></step>
@ -83,14 +83,11 @@
<systemitem class="service">nova-compute</systemitem>. The walk through uses
a custom partitioning scheme that carves out 60GB of space
and labels it as LVM. The network uses
<literal>FlatManger</literal> is the
<literal>FlatManager</literal> is the
<literal>NetworkManager</literal> setting for
OpenStack Compute (Nova).</para>
<para>Please note that the network mode doesn't interfere at
all with the way cinder works, but networking must be set
up for cinder to work. Please refer to <link
xlink:href="http://docs.openstack.org/grizzly/openstack-network/admin/content/">Networking Administration</link> for more
details.</para>
<para>The network mode does not interfere with the way cinder works, but networking must be set
up for cinder to work. For details, see <xref linkend="ch_networking"/>.</para>
<para>To set up Compute to use volumes, ensure that Block
Storage is installed along with lvm2. This guide describes how to:</para>
<para>
@ -106,10 +103,14 @@
<section xml:id="boot-from-volume">
<title>Boot from volume</title>
<para>In some cases, instances can be stored and run from inside volumes. This is explained in further detail in the <link xlink:href="http://docs.openstack.org/user-guide/content/boot_from_volume.html">Boot From Volume</link>
section of the <citetitle>OpenStack End User Guide</citetitle>.</para>
<para>In some cases, instances can be stored and run from
inside volumes. For information, see the <link
xlink:href="http://docs.openstack.org/user-guide/content/boot_from_volume.html"
>Launch an instance from a volume</link> section in the
<link xlink:href="http://docs.openstack.org/user-guide/content/"><citetitle>OpenStack End User
Guide</citetitle></link>.</para>
</section>
<?hard-pagebreak?>
<xi:include href="section_troubleshoot-cinder.xml"/>
<xi:include href="section_multi_backend.xml"/>
<xi:include href="section_backup-block-storage-disks.xml"/>

2884
doc/admin-guide-cloud/ch_compute.xml
View File

File diff suppressed because it is too large Load Diff

33
doc/admin-guide-cloud/ch_dashboard.xml
View File

@ -3,18 +3,20 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_install-dashboard">
<?dbhtml stop-chunking?>
<title>Dashboard</title>
<para xmlns:raxm="http://docs.rackspace.com/api/metadata">The dashboard, also known as <link
xlink:href="https://github.com/openstack/horizon/">horizon</link>, is a Web interface
that allows cloud administrators and users to manage various OpenStack resources and
services.</para>
<para>The dashboard enables web-based interactions with the
OpenStack Compute cloud controller through the OpenStack APIs.</para>
<para>The following instructions show an example deployment
configured with an Apache web server.</para>
<para>After you <link linkend="installing-openstack-dashboard"
>install and configure the dashboard</link>, you can
complete the following tasks:</para>
<para xmlns:raxm="http://docs.rackspace.com/api/metadata">The
dashboard, also known as <link
xlink:href="https://github.com/openstack/horizon/"
>horizon</link>, enables cloud administrators and users to
manage various OpenStack resources and services through a
Web-based interface. The dashboard enables interactions with
the OpenStack Compute cloud controller through the OpenStack
APIs. For information about installing and configuring the
dashboard, see the <citetitle>OpenStack Installation
Guide</citetitle> for your distribution. After you install and
configure the dashboard, you can complete the
following tasks:</para>
<itemizedlist>
<listitem>
<para>Customize your dashboard. See <xref
@ -30,13 +32,12 @@
>Deploying Horizon</link>.</para>
</listitem>
<listitem xml:id="launch_instances">
<para>Launch instances with the dashboard. See the
<citetitle>OpenStack User
Guide</citetitle>.</para>
<para>Launch instances with the dashboard. See the <link
xlink:href="http://docs.openstack.org/user-guide/content/"
><citetitle>OpenStack End User
Guide</citetitle></link>.</para>
</listitem>
</itemizedlist>
<xi:include href="../common/section_dashboard-system-reqs.xml"/>
<xi:include href="../common/section_dashboard-install.xml"/>
<xi:include href="../common/section_dashboard_customizing.xml"/>
<xi:include href="../common/section_dashboard_sessions.xml"/>
</chapter>

268
doc/admin-guide-cloud/ch_identity_mgmt.xml
View File

@ -3,166 +3,135 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch-identity-mgmt-config">
<?dbhtml stop-chunking?>
<title>Identity Management</title>
<para>
The default identity management system for OpenStack is the OpenStack Identity Service, code-named Keystone.
Once Identity is installed, it is configured via a primary
configuration file (<filename>etc/keystone.conf</filename>), possibly
a separate logging configuration file, and initializing data into
keystone using the command line client.
</para>
<para>The default identity management system for OpenStack is the
OpenStack Identity Service, code-named Keystone. Once Identity is
installed, it is configured via a primary configuration file
(<filename>etc/keystone.conf</filename>), possibly a separate
logging configuration file, and initializing data into keystone
using the command line client.</para>
<xi:include href="../common/section_keystone-concepts.xml"/>
<section xml:id="user-crud">
<title>User CRUD</title>
<para>
Keystone provides a user CRUD filter that can be added to the
public_api pipeline. This user crud filter allows users to use a
HTTP PATCH to change their own password. To enable this extension
you should define a <literal>user_crud_extension</literal> filter, insert it after
<para>Keystone provides a user CRUD filter that can be added to
the public_api pipeline. This user crud filter enables users to
use a HTTP PATCH to change their own password. To enable this
extension you should define a
<literal>user_crud_extension</literal> filter, insert it after
the <literal>*_body</literal> middleware and before the
<literal>public_service</literal> app in the public_api WSGI
pipeline in <filename>keystone.conf</filename> e.g.:
</para>
<programlisting language="ini">
[filter:user_crud_extension]
pipeline in <filename>keystone.conf</filename> e.g.:</para>
<programlisting language="ini"><?db-font-size 75%?>[filter:user_crud_extension]
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
[pipeline:public_api]
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service
</programlisting>
<para>
Each user can then change their own password with a HTTP PATCH
</para>
<programlisting language="ini">
&gt; curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/&lt;userid&gt; -H &quot;Content-type: application/json&quot; \
-H &quot;X_Auth_Token: &lt;authtokenid&gt;&quot; -d '{&quot;user&quot;: {&quot;password&quot;: &quot;ABCD&quot;, &quot;original_password&quot;: &quot;DCBA&quot;}}'
</programlisting>
<para>
In addition to changing their password all of the users current
tokens will be deleted (if the backend used is kvs or sql)
</para>
pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service</programlisting>
<para>Each user can then change their own password with a HTTP
PATCH</para>
<programlisting language="ini"><?db-font-size 75%?>&gt; curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/&lt;userid&gt; -H &quot;Content-type: application/json&quot; \
-H &quot;X_Auth_Token: &lt;authtokenid&gt;&quot; -d '{&quot;user&quot;: {&quot;password&quot;: &quot;ABCD&quot;, &quot;original_password&quot;: &quot;DCBA&quot;}}'</programlisting>
<para>In addition to changing their password all of the users
current tokens are deleted (if the back end is kvs or
sql).</para>
</section>
<section xml:id="keystone-logging">
<title>Logging</title>
<para> Logging is configured externally to the rest of Identity,
the file specifying the logging configuration is in the
<para>You configure logging externally to the rest of Identity.
The file specifying the logging configuration is in the
<literal>[DEFAULT]</literal> section of the
<filename>keystone.conf</filename> file under
<literal>log_config</literal>. If you wish to route all your
logging through syslog, set <literal>use_syslog=true</literal>
option in the <literal>[DEFAULT]</literal> section. </para>
<para>
A sample logging file is available with the project in the
directory <filename>etc/logging.conf.sample</filename>. Like other
OpenStack projects, Identity uses the `python logging module`,
which includes extensive configuration options for choosing the
output levels and formats.
</para>
<para>
In addition to this documentation page, you can check the
<filename>etc/keystone.conf</filename> sample configuration files
distributed with keystone for example configuration files for each
server application.
</para>
<para>For services which have separate paste-deploy ini file,
auth_token middleware can be alternatively configured in
[keystone_authtoken] section in the main config file, such as
<filename>nova.conf</filename>. For
example in Nova, all middleware parameters can be removed from
api-paste.ini like these:</para>
<programlisting language="ini"> [filter:authtoken]
paste.filter_factory =
keystoneclient.middleware.auth_token:filter_factory
</programlisting>
<para>and set in
<filename>nova.conf</filename> like these: </para>
<programlisting language="ini">[DEFAULT]
...
auth_strategy=keystone
<literal>log_config</literal>. To route logging through
syslog, set <literal>use_syslog=true</literal> option in the
<literal>[DEFAULT]</literal> section.</para>
<para>A sample logging file is available with the project in the
directory <filename>etc/logging.conf.sample</filename>. Like
other OpenStack projects, Identity uses the python logging
module, which includes extensive configuration options for
choosing the output levels and formats.</para>
<para>Review the <filename>etc/keystone.conf</filename> sample
configuration files distributed with keystone for example
configuration files for each server application.</para>
<para>For services which have separate paste-deploy ini file, you
can configure auth_token middleware in [keystone_authtoken]
section in the main config file, such as
<filename>nova.conf</filename>. For example in Compute, you
can remove the middleware parameters from
<filename>api-paste.ini</filename>, as follows:</para>
<programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
paste.filter_factory =
keystoneclient.middleware.auth_token:filter_factory</programlisting>
<para>And set the following values in
<filename>nova.conf</filename>, as follows:</para>
<programlisting language="ini"><?db-font-size 75%?>[DEFAULT]
...
auth_strategy=keystone
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
</programlisting>
<para>Note that middleware parameters in
paste config take priority, they must be removed to use values
in [keystone_authtoken] section.</para>
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service </programlisting>
<note>
<para>Middleware parameters in paste config take priority. You
must remove them to use values in [keystone_authtoken]
section.</para>
</note>
</section>
<section xml:id="monitoring">
<title>Monitoring</title>
<para>
Keystone provides some basic request/response monitoring
statistics out of the box.
</para>
<para>
Enable data collection by defining a
<literal>stats_monitoring</literal> filter and including it at the
beginning of any desired WSGI pipelines:
</para>
<programlisting language="ini">
[filter:stats_monitoring]
<para>Keystone provides some basic request/response monitoring
statistics out of the box.</para>
<para>Enable data collection by defining a
<literal>stats_monitoring</literal> filter and including it at
the beginning of any desired WSGI pipelines:</para>
<programlisting language="ini"><?db-font-size 75%?>[filter:stats_monitoring]
paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
[pipeline:public_api]
pipeline = stats_monitoring [...] public_service
</programlisting>
<para>
Enable the reporting of collected data by defining a
<literal>stats_reporting</literal> filter and including it near
the end of your <literal>admin_api</literal> WSGI pipeline (After
<literal>*_body</literal> middleware and before
<literal>*_extension</literal> filters is recommended):
</para>
<programlisting language="ini">
[filter:stats_reporting]
pipeline = stats_monitoring [...] public_service</programlisting>
<para>Enable the reporting of collected data by defining a
<literal>stats_reporting</literal> filter and including it
near the end of your <literal>admin_api</literal> WSGI pipeline
(After <literal>*_body</literal> middleware and before
<literal>*_extension</literal> filters is recommended):</para>
<programlisting language="ini"><?db-font-size 75%?>[filter:stats_reporting]
paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
[pipeline:admin_api]
pipeline = [...] json_body stats_reporting ec2_extension [...] admin_service
</programlisting>
<para>
Query the admin API for statistics using:
</para>
pipeline = [...] json_body stats_reporting ec2_extension [...] admin_service</programlisting>
<para>Query the admin API for statistics using:</para>
<screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen>
<para>
Reset collected data using:
</para>
<screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' -X DELETE http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen>
<para>Reset collected data using:</para>
<screen><prompt>$</prompt> <userinput>curl -H 'X-Auth-Token: ADMIN' -X DELETE \
http://localhost:35357/v2.0/OS-STATS/stats</userinput></screen>
</section>
<section xml:id="running-keystone">
<title>Running</title>
<para>
Running Identity is simply starting the services by using the
command:
</para>
<screen><prompt>$</prompt> <userinput>
keystone-all
</userinput></screen>
<para>
Invoking this command starts up two wsgi.Server instances,
configured by the <filename>keystone.conf</filename> file as
described above. One of these wsgi 'servers' is
<literal>admin</literal> (the administration API) and the other is
<literal>main</literal> (the primary/public API interface). Both
of these run in a single process.
</para>
<title>Start the Identity Service</title>
<para>To start the services for the Identity Service, run the
following command:</para>
<screen><prompt>$</prompt> <userinput>keystone-all</userinput></screen>
<para>This command starts two wsgi.Server instances configured by
the <filename>keystone.conf</filename> file as described
previously. One of these wsgi servers is
<literal>admin</literal> (the administration API) and the
other is <literal>main</literal> (the primary/public API
interface). Both run in a single process.</para>
</section>
<section xml:id="example-usage">
<title>Example usage</title>
<para>The <literal>keystone</literal> client is set up to expect commands
in the general form of <literal>keystone</literal>
<para>The <literal>keystone</literal> client is set up to expect
commands in the general form of <literal>keystone</literal>
<literal>command</literal>
<literal>argument</literal>, followed by flag-like keyword arguments to
provide additional (often optional) information. For example, the
command <literal>user-list</literal> and
<literal>tenant-create</literal> can be invoked as follows: </para>
<programlisting language="bash">
# Using token auth env variables
<literal>argument</literal>, followed by flag-like keyword
arguments to provide additional (often optional) information.
For example, the command <literal>user-list</literal> and
<literal>tenant-create</literal> can be invoked as
follows:</para>
<programlisting language="bash"><?db-font-size 65%?># Using token auth env variables
export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
export SERVICE_TOKEN=secrete_token
keystone user-list
@ -181,25 +150,22 @@ keystone tenant-create --name=demo
# Using user + password + tenant_name flags
keystone --username=admin --password=secrete --tenant_name=admin user-list
keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo
</programlisting>
keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo</programlisting>
</section>
<section xml:id="auth-token-middleware-with-username-and-password">
<title>Auth-Token Middleware with Username and Password</title>
<para>
It is also possible to configure Keystone's auth_token
middleware using the 'admin_user' and 'admin_password' options.
When using the 'admin_user' and 'admin_password' options the
'admin_token' parameter is optional. If 'admin_token' is
specified it will by used only if the specified token is still
valid.
</para>
<para>
Here is an example paste config filter that makes use of the
'admin_user' and 'admin_password' parameters:
</para>
<screen>
[filter:authtoken]
<title>Auth-Token middleware with user name and password</title>
<para>It is also possible to configure the Identity Service
Auth-Token middleware using the <option>admin_user</option> and
<option>admin_password</option> options. When using the
<option>admin_user</option> and
<option>admin_password</option> options the
<option>admin_token</option> parameter is optional. If
<option>admin_token</option> is specified it is used only if
the specified token is still valid.</para>
<para>Here is an example paste config filter that makes use of the
<option>admin_user</option> and
<option>admin_password</option> parameters:</para>
<screen>[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_port = 5000
service_host = 127.0.0.1
@ -207,13 +173,11 @@ auth_port = 35357
auth_host = 127.0.0.1
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
</screen>
<para>
It should be noted that when using this option an admin
admin_password = keystone123</screen>
<para>It should be noted that when using this option an admin
tenant/role relationship is required. The admin user is granted
access to the 'Admin' role on the 'admin' tenant.
</para>
access to the Admin role on the admin tenant.</para>
</section>
<?hard-pagebreak?>
<xi:include href="../common/section_identity-troubleshooting.xml"/>
</chapter>

21
doc/admin-guide-cloud/ch_networking.xml
View File

@ -3,6 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_networking">
<?dbhtml stop-chunking?>
<title>Networking</title>
<para>Learn Networking concepts, architecture, and basic and
advanced neutron and nova command-line interface (CLI)
@ -14,8 +15,7 @@
API for defining network connectivity and addressing in
the cloud. The Networking service enables operators to
leverage different networking technologies to power their
cloud networking.</para>
<para>The Networking service also provides an API to configure
cloud networking. The Networking service also provides an API to configure
and manage a variety of network services ranging from L3
forwarding and NAT to load balancing, edge firewalls, and
IPSEC VPN.</para>
@ -59,8 +59,7 @@
<para>You can configure rich network topologies by
creating and configuring networks and subnets, and
then instructing other OpenStack services like Compute
to attach virtual devices to ports on these networks.
In particular, Networking supports each tenant having
to attach virtual devices to ports on these networks.</para><para>In particular, Networking supports each tenant having
multiple private networks, and allows tenants to
choose their own IP addressing scheme (even if those
IP addresses overlap with those used by other
@ -195,7 +194,6 @@
number of plug-ins, the cloud administrator is able to
weigh different options and decide which networking
technology is right for the deployment.</para>
<?hard-pagebreak?>
<para>Not all Networking plug-ins are compatible with all
possible Compute drivers:</para>
<table rules="all">
@ -333,7 +331,6 @@
with each other and with other OpenStack services.</para>
<section xml:id="arch_overview">
<title>Overview</title>
<para>Networking is a standalone service, just like other
OpenStack services such as Compute, Image service,
Identity service, or the Dashboard. Like those
@ -433,7 +430,7 @@
<title>Network connectivity for physical hosts</title>
<mediaobject>
<imageobject>
<imagedata scale="60"
<imagedata scale="50"
fileref="../common/figures/Neutron-PhysNet-Diagram.png"
/>
</imageobject>
@ -552,6 +549,7 @@
first available IP address.</para>
</listitem>
</itemizedlist>
<?hard-pagebreak?>
<para>The following table summarizes the attributes
available for each networking abstraction. For
information about API abstraction and operations,
@ -734,6 +732,7 @@
</tr>
</tbody>
</table>
<?hard-pagebreak?>
<table rules="all">
<caption>Port attributes</caption>
<col width="20%"/>
@ -913,6 +912,7 @@
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput></screen>
</note>
</section>
<?hard-pagebreak?>
<section xml:id="advanced_networking">
<title>Advanced Networking operations</title>
<para>The following table shows example neutron
@ -968,6 +968,7 @@
</table>
</section>
</section>
<?hard-pagebreak?>
<section xml:id="using_nova_with_neutron">
<title>Use Compute with Networking</title>
<section xml:id="basic_workflow_with_nova">
@ -1110,8 +1111,10 @@
<command>ping</command> and
<command>ssh</command> access to your
VMs.</para>
<screen><prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol icmp --direction ingress default</userinput>
<prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress default</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol icmp \
--direction ingress default</userinput></screen>
<screen><prompt>$</prompt> <userinput>neutron security-group-rule-create --protocol tcp --port-range-min 22 \
--port-range-max 22 --direction ingress default</userinput></screen>
</listitem>
<listitem>
<para>Does not implement Networking security

14
doc/admin-guide-cloud/ch_objectstorage.xml
View File

@ -4,10 +4,16 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="ch_admin-openstack-object-storage">
<?dbhtml stop-chunking?>
<title>Object Storage</title>
<para>OpenStack Object Storage is a scalable object storage system&#x2014;it is not a file system in
the traditional sense. You will not be able to mount this system like traditional SAN or NAS
volumes.</para>
<xi:include href="../common/section_about-object-storage.xml"/>
<para>Object Storage is a scalable object storage system. It is
not a file system in the traditional sense. You cannot mount
this system like traditional SAN or NAS volumes. Because Object
Storage requires a different way of thinking when it comes to
storage, take a few moments to review the key concepts in the
developer documentation at <link
xlink:href="http://docs.openstack.org/developer/swift/"
>docs.openstack.org/developer/swift/</link>.</para>
<!-- <xi:include href="../common/section_about-object-storage.xml"/> -->
<xi:include href="section_object-storage-monitoring.xml"/>
</chapter>

8
doc/admin-guide-cloud/section_networking_adv_features.xml
View File

@ -326,6 +326,7 @@
other hosts on the external network (and often to all
hosts on the Internet). You can allocate and map floating
IPs from one port to another, as needed.</para>
<?hard-pagebreak?>
<section xml:id="l3_api_abstractions">
<title>L3 API abstractions</title>
<table rules="all">
@ -463,8 +464,8 @@
</tr>
</tbody>
</table>
</section>
<?hard-pagebreak?>
<section xml:id="l3_workflow">
<title>Basic L3 operations</title>
<para>External networks are visible to all users. However,
@ -656,6 +657,7 @@
</table>
</section>
</section>
<?hard-pagebreak?>
<section xml:id="section_securitygroups">
<title>Security groups</title>
<para>Security groups and security group rules allows
@ -917,6 +919,7 @@
</table>
</section>
</section>
<?hard-pagebreak?>
<section xml:id="lbaas_workflow">
<title>Basic Load-Balancer-as-a-Service operations</title>
<note>
@ -994,6 +997,7 @@
</tbody>
</table>
</section>
<?hard-pagebreak?>
<section xml:id="fwaas">
<title>Firewall-as-a-Service</title>
<para>The Firewall-as-a-Service (FWaaS) API is an experimental
@ -1386,6 +1390,7 @@
</note>
</section>
</section>
<?hard-pagebreak?>
<section xml:id="section_allowed_address_pairs">
<title>Allowed-address-pairs</title>
<para>Allowed-address-pairs is an API extension that extends
@ -1433,6 +1438,7 @@
</note>
</section>
</section>
<?hard-pagebreak?>
<section xml:id="section_plugin_specific_extensions">
<title>Plug-in specific extensions</title>
<?dbhtml stop-chunking?>

58
doc/admin-guide-cloud/section_troubleshoot-cinder.xml
View File

@ -3,11 +3,14 @@
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink"
version="1.0">
<title>Troubleshoot your cinder installation</title>
<para>This section is intended to help solve some basic and common errors that are encountered
during setup and configuration of Cinder. The focus here is on failed creation of volumes.
The most important thing to know is where to look in case of a failure. There are two log
files that are especially helpful in the case of a volume creation failure. The first is the
<systemitem class="service">cinder-api</systemitem> log, and the second is the <systemitem class="service">cinder-volume</systemitem> log.</para>
<para>This section is intended to help solve some basic and common
errors that are encountered during set up and configuration of
Cinder. The focus here is on failed creation of volumes. The
most important thing to know is where to look in case of a
failure. Two log files are especially helpful when volume
creation fails: <systemitem class="service"
>cinder-api</systemitem> log and <systemitem
class="service">cinder-volume</systemitem> log.</para>
<para>The <systemitem class="service">cinder-api</systemitem> log is useful in determining if you have
endpoint or connectivity issues. If you send a request to
create a volume and it fails, it's a good idea to look here
@ -15,8 +18,9 @@
service. If the request seems to be logged, and there are no
errors or trace-backs then you can move to the <systemitem class="service">cinder-volume</systemitem>
log and look for errors or trace-backs there.</para>
<para>There are some common issues to look out for. The following describes
some common issues hit during configuration and some suggested solutions.</para>
<para>There are some common issues to look out for. The following
describes some common configuration issues with suggested
solutions.</para>
<para><emphasis role="bold"><emphasis role="underline">Create commands are in <systemitem class="service">cinder-api</systemitem> log
with no error</emphasis></emphasis></para>
<para>
@ -48,10 +52,7 @@
simple entry in <filename>/etc/tgt/conf.d</filename>, and you should have created this when you went
through the install guide. If you haven't or you're running into issues, verify
that you have a file <filename>/etc/tgt/conf.d/cinder.conf</filename>.</para>
<para>If the file is not there, you can create it easily by doing the
following:<programlisting>
sudo sh -c "echo 'include /var/lib/cinder/volumes/*' >> /etc/tgt/conf.d/cinder.conf"
</programlisting></para>
<para>If the file is not there, create it, as follows:</para><screen><prompt>$</prompt> <userinput>sudo sh -c "echo 'include /var/lib/cinder/volumes/*' >> /etc/tgt/conf.d/cinder.conf"</userinput></screen>
</listitem>
</itemizedlist>
</para>
@ -60,26 +61,23 @@ sudo sh -c "echo 'include /var/lib/cinder/volumes/*' >> /etc/tgt/conf.d/cinder.c
<para>This is most likely going to be a minor adjustment to your
<filename>nova.conf</filename> file. Make sure that your
<filename>nova.conf</filename> has the following
entry:<programlisting>
volume_api_class=nova.volume.cinder.API
</programlisting></para>
<para>And make certain that you EXPLICITLY set enabled_apis as the default will include
osapi_volume:<programlisting>
enabled_apis=ec2,osapi_compute,metadata
</programlisting>
</para>
entry:<programlisting>volume_api_class=nova.volume.cinder.API </programlisting></para>
<para>Make certain that you explicitly set
<option>enabled_apis</option> because the default includes
<option>osapi_volume</option>:<programlisting>enabled_apis=ec2,osapi_compute,metadata</programlisting></para>
<para><emphasis role="bold">Failed to create iscsi target error in the <filename>cinder-volume.log</filename></emphasis></para>
<programlisting language="bash">2013-03-12 01:35:43 1248 TRACE cinder.openstack.common.rpc.amqp ISCSITargetCreateFailed: Failed to create iscsi target for volume volume-137641b2-af72-4a2f-b243-65fdccd38780.
</programlisting>
<para>You may see this error in <filename>cinder-volume.log</filename> after trying to create a volume that is 1 GB. To fix this issue:
</para>
<para>Change content of the <filename>/etc/tgt/targets.conf</filename> from "include /etc/tgt/conf.d/*.conf" to:
include /etc/tgt/conf.d/cinder_tgt.conf:</para>
<programlisting language="bash">
include /etc/tgt/conf.d/cinder_tgt.conf
include /etc/tgt/conf.d/cinder.conf
default-driver iscsi</programlisting>
<programlisting language="bash">2013-03-12 01:35:43 1248 TRACE cinder.openstack.common.rpc.amqp ISCSITargetCreateFailed: Failed to create iscsi target for volume volume-137641b2-af72-4a2f-b243-65fdccd38780.</programlisting>
<para>You might see this error in
<filename>cinder-volume.log</filename> after trying to
create a volume that is 1 GB. </para>
<para>To fix this issue, change the content of the
<filename>/etc/tgt/targets.conf</filename> from
<literal>include /etc/tgt/conf.d/*.conf</literal> to
<literal>include
/etc/tgt/conf.d/cinder_tgt.conf</literal>, as follows:</para>
<programlisting language="bash">include /etc/tgt/conf.d/cinder_tgt.conf
include /etc/tgt/conf.d/cinder.conf
default-driver iscsi</programlisting>
<para>Then restart tgt and <literal>cinder-*</literal> services so they pick up the new configuration.</para>
</section>

731
doc/common/ch_getstart.xml
View File

@ -5,19 +5,19 @@
xml:id="ch_getting-started-with-openstack">
<title>Get started with OpenStack</title>
<?dbhtml stop-chunking?>
<para>The OpenStack project is an
open source cloud computing platform for all types of clouds, which aims
to be simple to implement, massively scalable, and feature
rich. Developers and cloud computing technologists from around the
world create the OpenStack project.</para>
<para>The OpenStack project is an open source cloud computing
platform for all types of clouds, which aims to be simple to
implement, massively scalable, and feature rich. Developers and
cloud computing technologists from around the world create the
OpenStack project.</para>
<para>OpenStack provides an Infrastructure as a Service (IaaS)
solution through a set of interrelated services. Each service offers
an application programming interface (API) that facilitates this
integration.</para>
solution through a set of interrelated services. Each service
offers an application programming interface (API) that facilitates
this integration.</para>
<section xml:id="openstack-architecture">
<title>OpenStack architecture</title>
<para>The following table describes the OpenStack services that make
up the OpenStack architecture:</para>
<para>The following table describes the OpenStack services that
make up the OpenStack architecture:</para>
<table rules="all">
<caption>OpenStack services</caption>
<col width="20%"/>
@ -32,77 +32,106 @@
</thead>
<tbody>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-dashboard/"
<td><link
xlink:href="http://www.openstack.org/software/openstack-dashboard/"
>Dashboard</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/horizon/">Horizon</link></td>
<td>Enables users to interact with all OpenStack services to launch
an instance, assign IP addresses, set access controls, and so
on.</td>
<td><link
xlink:href="http://docs.openstack.org/developer/horizon/"
>Horizon</link></td>
<td>Enables users to interact with all OpenStack services to
launch an instance, assign IP addresses, set access
controls, and so on.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/">Identity
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/keystone/">Keystone</link></td>
<td>Provides authentication and authorization for all the OpenStack services. Also
provides a service catalog within a particular OpenStack cloud.</td>
<td><link
xlink:href="http://www.openstack.org/software/openstack-shared-services/"
>Identity Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/keystone/"
>Keystone</link></td>
<td>Provides authentication and authorization for all the
OpenStack services. Also provides a service catalog within
a particular OpenStack cloud.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-compute/">Compute
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/nova/">Nova</link></td>
<td>Provisions and manages large networks of virtual machines on
demand.</td>
<td><link
xlink:href="http://www.openstack.org/software/openstack-compute/"
>Compute Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/nova/"
>Nova</link></td>
<td>Provisions and manages large networks of virtual
machines on demand.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-storage/">Object Storage
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/swift/">Swift</link></td>
<td>Stores and retrieve files. Does not mount directories like a file
server.</td>
<td><link
xlink:href="http://www.openstack.org/software/openstack-storage/"
>Object Storage Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/swift/"
>Swift</link></td>
<td>Stores and retrieve files. Does not mount directories
like a file server.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-storage/">Block Storage
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/cinder/">Cinder</link></td>
<td>Provides persistent block storage to guest virtual machines.</td>
<td><link
xlink:href="http://www.openstack.org/software/openstack-storage/"
>Block Storage Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/cinder/"
>Cinder</link></td>
<td>Provides persistent block storage to guest virtual
machines.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/">Image
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/glance/"
<td><link
xlink:href="http://www.openstack.org/software/openstack-shared-services/"
>Image Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/glance/"
>Glance</link></td>
<td>Provides a registry of virtual machine images. Compute Service
uses it to provision instances.
</td>
<td>Provides a registry of virtual machine images. Compute
Service uses it to provision instances. </td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-networking/">Networking
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/neutron/">Neutron</link></td>
<td>Enables network connectivity as a service among interface devices
managed by other OpenStack services, usually Compute Service.
Enables users to create and attach interfaces to networks. Has a
pluggable architecture that supports many popular networking
vendors and technologies.</td>
<td><link
xlink:href="http://www.openstack.org/software/openstack-networking/"
>Networking Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/neutron/"
>Neutron</link></td>
<td>Enables network connectivity as a service among
interface devices managed by other OpenStack services,
usually Compute Service. Enables users to create and
attach interfaces to networks. Has a pluggable
architecture that supports many popular networking vendors
and technologies.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/"
<td><link
xlink:href="http://www.openstack.org/software/openstack-shared-services/"
>Metering/Monitoring Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/ceilometer/">Ceilometer</link></td>
<td>Monitors and meters the OpenStack cloud for billing, benchmarking, scalability, and statistics
purposes.</td>
<td><link
xlink:href="http://docs.openstack.org/developer/ceilometer/"
>Ceilometer</link></td>
<td>Monitors and meters the OpenStack cloud for billing,
benchmarking, scalability, and statistics purposes.</td>
</tr>
<tr>
<td><link xlink:href="http://www.openstack.org/software/openstack-shared-services/">Orchestration
Service</link></td>
<td><link xlink:href="http://docs.openstack.org/developer/heat/">Heat</link></td>
<td>Orchestrates multiple composite cloud applications by using the
AWS CloudFormation template format, through both an
OpenStack-native REST API and a CloudFormation-compatible Query
API.</td>
<td><link
xlink:href="http://www.openstack.org/software/openstack-shared-services/"
>Orchestration Service</link></td>
<td><link
xlink:href="http://docs.openstack.org/developer/heat/"
>Heat</link></td>
<td>Orchestrates multiple composite cloud applications by
using the AWS CloudFormation template format, through both
an OpenStack-native REST API and a
CloudFormation-compatible Query API.</td>
</tr>
</tbody>
</table>
<?hard-pagebreak?>
<section xml:id="conceptual-architecture">
<title>Conceptual architecture</title>
<para>The following diagram shows the relationships among the
@ -117,41 +146,52 @@ provides a service catalog within a particular OpenStack cloud.</td>
</mediaobject>
</informalfigure>
</section>
<?hard-pagebreak?>
<section xml:id="logical-architecture">
<title>Logical architecture</title>
<para>To design, install, and configure a cloud, cloud administrators
must understand the logical architecture.</para>
<para>To design, install, and configure a cloud, cloud
administrators must understand the logical
architecture.</para>
<para>OpenStack modules are one of the following types:</para>
<itemizedlist>
<listitem>
<para>Daemon. Runs as a daemon. On Linux platforms, it's usually installed as a service.</para>
<para>Daemon. Runs as a daemon. On Linux platforms, it's
usually installed as a service.</para>
</listitem>
<listitem>
<para>Script. Runs installation and tests of a virtual environment. For example, a script called <code>run_tests.sh</code> installs a virtual environment for a service and then may also run tests to verify that virtual environment functions well.</para>
<para>Script. Runs installation and tests of a virtual
environment. For example, a script called
<code>run_tests.sh</code> installs a virtual environment
for a service and then may also run tests to verify that
virtual environment functions well.</para>
</listitem>
<listitem>
<para>Command-line interface (CLI). Enables users to submit API calls to OpenStack services through
easy-to-use commands.</para>
<para>Command-line interface (CLI). Enables users to submit
API calls to OpenStack services through easy-to-use
commands.</para>
</listitem>
</itemizedlist>
<para>The following diagram shows the most common, but not the only,
architecture for an OpenStack cloud:</para>
<para>The following diagram shows the most common, but not the
only, architecture for an OpenStack cloud:</para>
<!-- Source files in this repository in doc/src/docbkx/common/figures/openstack-arch-grizzly-v1.zip https://github.com/openstack/openstack-manuals/raw/master/doc/src/docbkx/common/figures/openstack-arch-grizzly-v1.zip -->
<figure xml:id="os-logical-arch"><title>OpenStack logical architecture</title>
<figure xml:id="os-logical-arch">
<title>OpenStack logical architecture</title>
<mediaobject>
<imageobject>
<imagedata fileref="figures/openstack-arch-grizzly-v1-logical.jpg"
<imagedata
fileref="figures/openstack-arch-grizzly-v1-logical.jpg"
contentwidth="6.5in"/>
</imageobject>
</mediaobject>
</figure>
<para>As in the conceptual architecture, end users can interact
through the dashboard, CLIs, and APIs. All services authenticate
through a common Identity Service and individual services interact
with each other through public APIs, except where privileged
administrator commands are necessary.</para>
through the dashboard, CLIs, and APIs. All services
authenticate through a common Identity Service and individual
services interact with each other through public APIs, except
where privileged administrator commands are necessary.</para>
</section>
</section>
<?hard-pagebreak?>
<section xml:id="openstack-services">
<title>OpenStack services</title>
<para>This section describes OpenStack services in detail.</para>
@ -170,14 +210,14 @@ provides a service catalog within a particular OpenStack cloud.</td>
</mediaobject>
</informalfigure>
<para>The dashboard is usually deployed through <link
xlink:href="http://code.google.com/p/modwsgi/">mod_wsgi</link> in
Apache. You can modify the dashboard code to make it suitable for
different sites.</para>
<para>From a network architecture point of view, this service must be
accessible to customers and the public API for each OpenStack
service. To use the administrator functionality for other
services, it must also connect to Admin API endpoints, which
should not be accessible by customers.</para>
xlink:href="http://code.google.com/p/modwsgi/"
>mod_wsgi</link> in Apache. You can modify the dashboard
code to make it suitable for different sites.</para>
<para>From a network architecture point of view, this service
must be accessible to customers and the public API for each
OpenStack service. To use the administrator functionality for
other services, it must also connect to Admin API endpoints,
which should not be accessible by customers.</para>
</section>
<section xml:id="identity-service">
<title>Identity Service</title>
@ -186,41 +226,47 @@ provides a service catalog within a particular OpenStack cloud.</td>
projects. It consists of:</para>
<itemizedlist>
<listitem>
<para><systemitem class="service">keystone-all</systemitem>. Starts both the service and
administrative APIs in a single process to provide Catalog, Authorization, and Authentication
services for OpenStack.</para>
<para><systemitem class="service">keystone-all</systemitem>.
Starts both the service and administrative APIs in a
single process to provide Catalog, Authorization, and
Authentication services for OpenStack.</para>
</listitem>
<listitem>
<para>Identity Service functions. Each has a pluggable backend that allows different ways to use
the particular service. Most support standard backends like LDAP or SQL.</para>
<para>Identity Service functions. Each has a pluggable back
end that allows different ways to use the particular
service. Most support standard back ends like LDAP or
SQL.</para>
</listitem>
</itemizedlist>
<para>The Identity Service is mostly used to customize authentication
services.</para>
<para>The Identity Service is mostly used to customize
authentication services.</para>
</section>
<?hard-pagebreak?>
<section xml:id="compute-service">
<title>Compute Service</title>
<para>The Compute Service is a cloud computing fabric controller, the
main part of an IaaS system. It can be used for hosting and
managing cloud computing systems. The main modules are implemented
in Python.</para>
<para>The Compute Service is a cloud computing fabric
controller, the main part of an IaaS system. It can be used
for hosting and managing cloud computing systems. The main
modules are implemented in Python.</para>
<para>The Compute Service is made up of the following functional
areas and their underlying components:</para>
<itemizedlist>
<title>API</title>
<listitem>
<para><systemitem class="service">nova-api</systemitem> service.
Accepts and responds to end user compute API calls. Supports the
OpenStack Compute API, the Amazon EC2 API, and a special Admin
API for privileged users to perform administrative actions.
Also, initiates most orchestration activities, such as running
an instance, and enforces some policies.</para>
<para><systemitem class="service">nova-api</systemitem>
service. Accepts and responds to end user compute API
calls. Supports the OpenStack Compute API, the Amazon EC2
API, and a special Admin API for privileged users to
perform administrative actions. Also, initiates most
orchestration activities, such as running an instance, and
enforces some policies.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-api-metadata</systemitem>
service. Accepts metadata requests from instances. The
<systemitem class="service">nova-api-metadata</systemitem>
service is generally only used when you run in multi-host mode
<para><systemitem class="service"
>nova-api-metadata</systemitem> service. Accepts
metadata requests from instances. The <systemitem
class="service">nova-api-metadata</systemitem> service
is generally only used when you run in multi-host mode
with <systemitem class="service">nova-network</systemitem>
installations. For details, see <link
xlink:href="http://docs.openstack.org/trunk/openstack-compute/admin/content/metadata-service.html"
@ -230,31 +276,36 @@ provides a service catalog within a particular OpenStack cloud.</td>
<itemizedlist>
<title>Compute core</title>
<listitem>
<para><systemitem class="service">nova-compute</systemitem> process. A
worker daemon that creates and terminates virtual machine
instances through hypervisor APIs. For example, XenAPI for
XenServer/XCP, libvirt for KVM or QEMU, VMwareAPI for VMware,
and so on. The process by which it does so is fairly complex but
the basics are simple: Accept actions from the queue and perform
a series of system commands, like launching a KVM instance, to
carry them out while updating state in the database.</para>
<para><systemitem class="service">nova-compute</systemitem>
process. A worker daemon that creates and terminates
virtual machine instances through hypervisor APIs. For
example, XenAPI for XenServer/XCP, libvirt for KVM or
QEMU, VMwareAPI for VMware, and so on. The process by
which it does so is fairly complex but the basics are
simple: Accept actions from the queue and perform a series
of system commands, like launching a KVM instance, to
carry them out while updating state in the
database.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-scheduler</systemitem>
process. Conceptually the simplest piece of code in Compute.
Takes a virtual machine instance request from the queue and
determines on which compute server host it should run.</para>
<para><systemitem class="service"
>nova-scheduler</systemitem> process. Conceptually the
simplest piece of code in Compute. Takes a virtual machine
instance request from the queue and determines on which
compute server host it should run.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-conductor</systemitem> module.
Mediates interactions between <systemitem class="service"
>nova-compute</systemitem> and the database. Aims to eliminate
direct accesses to the cloud database made by <systemitem
class="service">nova-compute</systemitem>. The <systemitem
class="service">nova-conductor</systemitem> module scales
horizontally. However, do not deploy it on any nodes where
<systemitem class="service">nova-compute</systemitem> runs. For
more information, see <link
<para><systemitem class="service"
>nova-conductor</systemitem> module. Mediates
interactions between <systemitem class="service"
>nova-compute</systemitem> and the database. Aims to
eliminate direct accesses to the cloud database made by
<systemitem class="service">nova-compute</systemitem>.
The <systemitem class="service"
>nova-conductor</systemitem> module scales horizontally.
However, do not deploy it on any nodes where <systemitem
class="service">nova-compute</systemitem> runs. For more
information, see <link
xlink:href="http://russellbryantnet.wordpress.com/2012/11/19/a-new-nova-service-nova-conductor/"
>A new Nova service: nova-conductor</link>.</para>
</listitem>
@ -263,79 +314,83 @@ provides a service catalog within a particular OpenStack cloud.</td>
<title>Networking for VMs</title>
<listitem>
<para><systemitem class="service">nova-network</systemitem>
worker daemon. Similar to <systemitem class="service"
worker daemon. Similar to <systemitem class="service"
>nova-compute</systemitem>, it accepts networking tasks
from the queue and performs tasks to manipulate the
network, such as setting up bridging interfaces or
changing iptables rules. This functionality is being
migrated to OpenStack Networking, which is a separate
OpenStack service.</para>
from the queue and performs tasks to manipulate the
network, such as setting up bridging interfaces or
changing iptables rules. This functionality is being
migrated to OpenStack Networking, which is a separate
OpenStack service.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-dhcpbridge</systemitem>
script. Tracks IP address leases and records them in the
database by using the dnsmasq <literal>dhcp-script</literal>
facility. This functionality is being migrated to OpenStack
Networking. OpenStack Networking provides a different
script.</para>
<para><systemitem class="service"
>nova-dhcpbridge</systemitem> script. Tracks IP address
leases and records them in the database by using the
dnsmasq <literal>dhcp-script</literal> facility. This
functionality is being migrated to OpenStack Networking.
OpenStack Networking provides a different script.</para>
</listitem>
</itemizedlist>
<?hard-pagebreak?>
<itemizedlist>
<title>Console interface</title>
<listitem>
<para><systemitem class="service"
>nova-consoleauth</systemitem> daemon. Authorizes tokens
for users that console proxies provide. See <systemitem
for users that console proxies provide. See <systemitem
class="service">nova-novncproxy</systemitem> and
<systemitem class="service"
>nova-xvpnvcproxy</systemitem>. This service must be
running for console proxies to work. Many proxies of
either type can be run against a single <systemitem
running for console proxies to work. Many proxies of
either type can be run against a single <systemitem
class="service">nova-consoleauth</systemitem> service in
a cluster configuration. For information, see <link
a cluster configuration. For information, see <link
xlink:href="http://docs.openstack.org/trunk/openstack-compute/admin/content/about-nova-consoleauth.html"
>About nova-consoleauth</link>.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-novncproxy</systemitem>
daemon. Provides a proxy for accessing running instances through
a VNC connection. Supports browser-based novnc clients.</para>
<para><systemitem class="service"
>nova-novncproxy</systemitem> daemon. Provides a proxy
for accessing running instances through a VNC connection.
Supports browser-based novnc clients.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-console</systemitem>
daemon. Deprecated for use with Grizzly. Instead, the
daemon. Deprecated for use with Grizzly. Instead, the
<systemitem class="service"
>nova-xvpnvncproxy</systemitem> is used.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-xvpnvncproxy</systemitem>
daemon. A proxy for accessing running instances through a VNC
connection. Supports a Java client specifically designed for
<para><systemitem class="service"
>nova-xvpnvncproxy</systemitem> daemon. A proxy for
accessing running instances through a VNC connection.
Supports a Java client specifically designed for
OpenStack.</para>
</listitem>
<listitem>
<para><systemitem class="service">nova-cert</systemitem>
daemon. Manages x509 certificates.</para>
daemon. Manages x509 certificates.</para>
</listitem>
</itemizedlist>
<itemizedlist>
<title>Image Management (EC2 scenario)</title>
<listitem>
<para><systemitem class="service">nova-objectstore</systemitem>
daemon. Provides an S3 interface for registering images with the
Image Service. Mainly used for installations that must support
euca2ools. The euca2ools tools talk to <systemitem
class="service">nova-objectstore</systemitem> in <emphasis
<para><systemitem class="service"
>nova-objectstore</systemitem> daemon. Provides an S3
interface for registering images with the Image Service.
Mainly used for installations that must support euca2ools.
The euca2ools tools talk to <systemitem class="service"
>nova-objectstore</systemitem> in <emphasis
role="italic">S3 language</emphasis>, and <systemitem
class="service">nova-objectstore</systemitem> translates S3
requests into Image Service requests.</para>
class="service">nova-objectstore</systemitem> translates
S3 requests into Image Service requests.</para>
</listitem>
<listitem>
<para>euca2ools client. A set of command-line interpreter commands
for managing cloud resources. Though not an OpenStack module,
you can configure <systemitem class="service"
>nova-api</systemitem> to support this EC2 interface. For more
information, see the <link
<para>euca2ools client. A set of command-line interpreter
commands for managing cloud resources. Though not an
OpenStack module, you can configure <systemitem
class="service">nova-api</systemitem> to support this
EC2 interface. For more information, see the <link
xlink:href="http://www.eucalyptus.com/eucalyptus-cloud/documentation/2.0"
>Eucalyptus 2.0 Documentation</link>.</para>
</listitem>
@ -343,263 +398,313 @@ daemon. Manages x509 certificates.</para>
<itemizedlist>
<title>Command Line Interpreter/Interfaces</title>
<listitem>
<para>nova client. Enables users to submit commands as a tenant
administrator or end user.</para>
<para>nova client. Enables users to submit commands as a
tenant administrator or end user.</para>
</listitem>
<listitem>
<para>nova-manage client. Enables cloud administrators to submit
commands.</para>
<para>nova-manage client. Enables cloud administrators to
submit commands.</para>
</listitem>
</itemizedlist>
<itemizedlist>
<title>Other components</title>
<listitem>
<para>The queue. A central hub for passing messages between daemons.
Usually implemented with <link
xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>, but
could be any AMPQ message queue, such as <link
xlink:href="http://qpid.apache.org/">Apache Qpid</link>) or
<link xlink:href="http://www.zeromq.org/">Zero
<para>The queue. A central hub for passing messages between
daemons. Usually implemented with <link
xlink:href="http://www.rabbitmq.com/">RabbitMQ</link>,
but could be any AMPQ message queue, such as <link
xlink:href="http://qpid.apache.org/">Apache Qpid</link>)
or <link xlink:href="http://www.zeromq.org/">Zero
MQ</link>.</para>
</listitem>
<listitem>
<para>SQL database. Stores most build-time and runtime states for
a cloud infrastructure. Includes instance types that are
available for use, instances in use, available networks, and
projects. Theoretically, OpenStack Compute can support any
database that SQL-Alchemy supports, but the only databases
widely used are sqlite3 databases, MySQL (only appropriate for
test and development work), and PostgreSQL.</para>
<para>SQL database. Stores most build-time and runtime
states for a cloud infrastructure. Includes instance types
that are available for use, instances in use, available
networks, and projects. Theoretically, OpenStack Compute
can support any database that SQL-Alchemy supports, but
the only databases widely used are sqlite3 databases,
MySQL (only appropriate for test and development work),
and PostgreSQL.</para>
</listitem>
</itemizedlist>
<para>The Compute Service interacts with other OpenStack services:
Identity Service for authentication, Image Service for images, and
the OpenStack Dashboard for a web interface.</para>
<para>The Compute Service interacts with other OpenStack
services: Identity Service for authentication, Image Service
for images, and the OpenStack Dashboard for a web
interface.</para>
</section>
<?hard-pagebreak?>
<section xml:id="object-storage-service">
<title>Object Storage Service</title>
<para>The Object Storage Service is a highly scalable and durable
multi-tenant object storage system for large amounts of
unstructured data at low cost through a RESTful http API.</para>
<para>The Object Storage Service is a highly scalable and
durable multi-tenant object storage system for large amounts
of unstructured data at low cost through a RESTful http
API.</para>
<para>It includes the following components:</para>
<itemizedlist>
<listitem>
<para><systemitem class="service">swift-proxy-server</systemitem>.
Accepts Object Storage API and raw HTTP requests to upload
files, modify metadata, and create containers. It also serves
file or container listings to web browsers. To improve
performance, the proxy server can use an optional cache usually
deployed with memcache.</para>
<para><systemitem class="service"
>swift-proxy-server</systemitem>. Accepts Object Storage
API and raw HTTP requests to upload files, modify
metadata, and create containers. It also serves file or
container listings to web browsers. To improve
performance, the proxy server can use an optional cache
usually deployed with memcache.</para>
</listitem>
<listitem>
<para>Account servers. Manage accounts defined with the Object
Storage Service.</para>
<para>Account servers. Manage accounts defined with the
Object Storage Service.</para>
</listitem>
<listitem>
<para>Container servers. Manage a mapping of containers, or folders,
within the Object Storage Service.</para>
<para>Container servers. Manage a mapping of containers, or
folders, within the Object Storage Service.</para>
</listitem>
<listitem>
<para>Object servers. Manage actual objects, such as files, on the
storage nodes.</para>
<para>Object servers. Manage actual objects, such as files,
on the storage nodes.</para>
</listitem>
<listitem>
<para>A number of periodic processes. Performs housekeeping tasks on
the large data store. The replication services ensure
consistency and availability through the cluster. Other periodic
processes include auditors, updaters, and reapers.</para>
<para>A number of periodic processes. Performs housekeeping
tasks on the large data store. The replication services
ensure consistency and availability through the cluster.
Other periodic processes include auditors, updaters, and
reapers.</para>
</listitem>
</itemizedlist>
<para>Configurable WSGI middleware, which is usually the
Identity Service, handles authentication.</para>
Identity Service, handles authentication.</para>
<xi:include href="section_storage-concepts.xml"/>
</section>
<section xml:id="block-storage-service">
<title>Block Storage Service</title>
<para>The Block Storage Service enables management of volumes, volume
snapshots, and volume types. It includes the following
<para>The Block Storage Service enables management of volumes,
volume snapshots, and volume types. It includes the following
components:</para>
<itemizedlist>
<listitem>
<para><systemitem class="service">cinder-api</systemitem>.
Accepts API requests and routes them to <systemitem
Accepts API requests and routes them to <systemitem
class="service">cinder-volume</systemitem> for
action.</para>
action.</para>
</listitem>
<listitem>
<para><systemitem class="service">cinder-volume</systemitem>. Responds to requests to read from and
write to the Object Storage database to maintain state, interacting with other processes (like
<systemitem class="service">cinder-scheduler</systemitem>) through a message queue and
directly upon block storage providing hardware or software. It can interact with a variety of
<para><systemitem class="service"
>cinder-volume</systemitem>. Responds to requests to read
from and write to the Object Storage database to maintain
state, interacting with other processes (like <systemitem
class="service">cinder-scheduler</systemitem>) through a
message queue and directly upon block storage providing
hardware or software. It can interact with a variety of
storage providers through a driver architecture.</para>
</listitem>
<listitem>
<para><systemitem class="service"
>cinder-scheduler</systemitem> daemon. Like the
<systemitem class="service">nova-scheduler</systemitem>,
picks the optimal block storage provider node on which to
create the volume.</para>
picks the optimal block storage provider node on which to
create the volume.</para>
</listitem>
<listitem>
<para>Messaging queue. Routes information between the Block Storage
Service processes and a database, which stores volume
state.</para>
<para>Messaging queue. Routes information between the Block
Storage Service processes and a database, which stores
volume state.</para>
</listitem>
</itemizedlist>
<para>The Block Storage Service interacts with Compute to provide
volumes for instances.</para>
<para>The Block Storage Service interacts with Compute to
provide volumes for instances.</para>
</section>
<section xml:id="image-service">
<title>Image Service</title>
<para>The Image Service includes the following components:</para>
<para>The Image Service includes the following
components:</para>
<itemizedlist>
<listitem>
<para><systemitem class="service">glance-api</systemitem>. Accepts
Image API calls for image discovery, retrieval, and
storage.</para>
<para><systemitem class="service">glance-api</systemitem>.
Accepts Image API calls for image discovery, retrieval,
and storage.</para>
</listitem>
<listitem>
<para><systemitem class="service">glance-registry</systemitem>.
Stores, processes, and retrieves metadata about images. Metadata
includes size, type, and so on.</para>
<para><systemitem class="service"
>glance-registry</systemitem>. Stores, processes, and
retrieves metadata about images. Metadata includes size,
type, and so on.</para>
</listitem>
<listitem>
<para>Database. Stores image metadata. You can choose your database
depending on your preference. Most deployments use MySQL or
SQlite.</para>
<para>Database. Stores image metadata. You can choose your
database depending on your preference. Most deployments
use MySQL or SQlite.</para>
</listitem>
<listitem>
<para>Storage repository for image files. In <xref
linkend="os-logical-arch"/>, the Object Storage Service is the
image repository. However, you can configure a different
repository. The Image Service supports normal filesystems, RADOS
block devices, Amazon S3, and HTTP. Some of these choices are
limited to read-only usage.</para>
linkend="os-logical-arch"/>, the Object Storage Service
is the image repository. However, you can configure a
different repository. The Image Service supports normal
file systems, RADOS block devices, Amazon S3, and HTTP.
Some of these choices are limited to read-only
usage.</para>
</listitem>
</itemizedlist>
<para>A number of periodic processes run on the Image Service to
support caching. Replication services ensures consistency and
availability through the cluster. Other periodic processes
include auditors, updaters, and reapers.</para>
<para>As shown in <xref linkend="concept_arch"/>, the Image Service
is central to the overall IaaS picture. It accepts API requests
for images or image metadata from end users or Compute components
and can store its disk files in the Object Storage Service.</para>
support caching. Replication services ensures consistency and
availability through the cluster. Other periodic processes
include auditors, updaters, and reapers.</para>
<para>As shown in <xref linkend="concept_arch"/>, the Image
Service is central to the overall IaaS picture. It accepts API
requests for images or image metadata from end users or
Compute components and can store its disk files in the Object
Storage Service.</para>
</section>
<section xml:id="networking-service">
<title>Networking Service</title>
<para>Provides network-connectivity-as-a-service between interface
devices that are managed by other OpenStack services, usually
Compute. Enables users to create and attach interfaces to
networks. Like many OpenStack services, OpenStack Networking is
highly configurable due to its plug-in architecture. These
plug-ins accommodate different networking equipment and software.
Consequently, the architecture and deployment vary dramatically.</para>
<para>Provides network-connectivity-as-a-service between
interface devices that are managed by other OpenStack
services, usually Compute. Enables users to create and attach
interfaces to networks. Like many OpenStack services,
OpenStack Networking is highly configurable due to its plug-in
architecture. These plug-ins accommodate different networking
equipment and software. Consequently, the architecture and
deployment vary dramatically.</para>
<para>Includes the following components:</para>
<itemizedlist>
<listitem>
<para><systemitem class="service">neutron-server</systemitem>.
Accepts and routes API requests to the appropriate OpenStack
Networking plug-in for action.</para>
<para><systemitem class="service"
>neutron-server</systemitem>. Accepts and routes API
requests to the appropriate OpenStack Networking plug-in
for action.</para>
</listitem>
<listitem>
<para>OpenStack Networking plug-ins and agents. Plugs and unplugs
ports, creates networks or subnets, and provides IP addressing.
These plug-ins and agents differ depending on the vendor and
technologies used in the particular cloud. OpenStack Networking
ships with plug-ins and agents for Cisco virtual and physical
switches, Nicira NVP product, NEC OpenFlow products, Open
vSwitch, Linux bridging, and the Ryu Network Operating
System.</para>
<para>The common agents are L3 (layer 3), DHCP (dynamic host IP addressing), and a plug-in
agent.</para>
<para>OpenStack Networking plug-ins and agents. Plugs and
unplugs ports, creates networks or subnets, and provides
IP addressing. These plug-ins and agents differ depending
on the vendor and technologies used in the particular
cloud. OpenStack Networking ships with plug-ins and agents
for Cisco virtual and physical switches, Nicira NVP
product, NEC OpenFlow products, Open vSwitch, Linux
bridging, and the Ryu Network Operating System.</para>
<para>The common agents are L3 (layer 3), DHCP (dynamic host
IP addressing), and a plug-in agent.</para>
</listitem>
<listitem>
<para>Messaging queue. Most OpenStack Networking installations make
use of a messaging queue to route information between the
neutron-server and various agents as well as a database to store
networking state for particular plug-ins.</para>
<para>Messaging queue. Most OpenStack Networking
installations make use of a messaging queue to route
information between the neutron-server and various agents
as well as a database to store networking state for
particular plug-ins.</para>
</listitem>
</itemizedlist>
<para>OpenStack Networking interacts mainly with OpenStack
Compute, where it provides networks and connectivity for its
instances.</para>
Compute, where it provides networks and connectivity for its
instances.</para>
</section>
<?hard-pagebreak?>
<section xml:id="metering-service">
<title>Metering/Monitoring Service</title>
<para>The Metering Service is designed to:</para>
<para>
<itemizedlist>
<listitem>
<para>Efficiently collect the metering data about the CPU and network costs.</para>
<para>Efficiently collect the metering data about the CPU
and network costs.</para>
</listitem>
<listitem><para>Collect data by monitoring notifications sent from services or by polling the
infrastructure.</para>
<listitem>
<para>Collect data by monitoring notifications sent from
services or by polling the infrastructure.</para>
</listitem>
<listitem><para>Configure the type of collected data to meet various operating requirements.
Accessing and inserting the metering data through the REST API.</para>
<listitem>
<para>Configure the type of collected data to meet various
operating requirements. Accessing and inserting the
metering data through the REST API.</para>
</listitem>
<listitem>
<para>Expand the framework to collect custom usage data by
additional plug-ins.</para>
</listitem>
<listitem>
<para>Produce signed metering messages that cannot be
repudiated.</para>
</listitem>
<listitem><para>Expand the framework to collect custom usage data by additional
plug-ins.</para></listitem>
<listitem><para>Produce signed metering messages that cannot be
repudiated.</para></listitem>
</itemizedlist>
</para>
<para>The system consists of the following basic components:</para>
<para>The system consists of the following basic
components:</para>
<itemizedlist>
<listitem>
<para>A compute agent. Runs on each compute node and polls for resource utilization
statistics. There may be other types of agents in the future, but for now we will
focus on creating the compute agent.</para>
<para>A compute agent. Runs on each compute node and polls
for resource utilization statistics. There may be other
types of agents in the future, but for now we will focus
on creating the compute agent.</para>
</listitem>
<listitem><para>A central agent. Runs on a central management server to poll for resource
utilization statistics for resources not tied to instances or compute nodes.</para>
<listitem>
<para>A central agent. Runs on a central management server
to poll for resource utilization statistics for resources
not tied to instances or compute nodes.</para>
</listitem>
<listitem><para>A collector. Runs on one or more central management servers to monitor the
message queues (for notifications and for metering data coming from the agent).
Notification messages are processed and turned into metering messages and sent back
out onto the message bus using the appropriate topic. Metering messages are written
to the data store without modification.</para>
<listitem>
<para>A collector. Runs on one or more central management
servers to monitor the message queues (for notifications
and for metering data coming from the agent). Notification
messages are processed and turned into metering messages
and sent back out onto the message bus using the
appropriate topic. Metering messages are written to the
data store without modification.</para>
</listitem>
<listitem><para>A data store. A database capable of handling concurrent writes (from one or more
collector instances) and reads (from the API server).</para>
<listitem>
<para>A data store. A database capable of handling
concurrent writes (from one or more collector instances)
and reads (from the API server).</para>
</listitem>
<listitem><para>An API server. Runs on one or more central management servers to provide access to the data
from the data store. These services communicate using the standard OpenStack messaging
bus. Only the collector and API server have access to the data store.</para>
<listitem>
<para>An API server. Runs on one or more central management
servers to provide access to the data from the data store.
These services communicate using the standard OpenStack
messaging bus. Only the collector and API server have
access to the data store.</para>
</listitem>
</itemizedlist>
<para>These services communicate by using the standard OpenStack messaging bus. Only the collector and API server have access to the data store.</para>
<para>These services communicate by using the standard OpenStack
messaging bus. Only the collector and API server have access
to the data store.</para>
</section>
<?hard-pagebreak?>
<section xml:id="orchestration-service">
<title>Orchestration Service</title>
<para>The Orchestration Service provides a template-based
orchestration for describing a cloud application by running
OpenStack API calls to generate running cloud applications. The
software integrates other core components of OpenStack into a
one-file template system. The templates enable you to create most
OpenStack resource types, such as instances, floating IPs,
volumes, security groups, users, and so on. Also, provides some
more advanced functionality, such as instance high availability,
instance auto-scaling, and nested stacks. By providing very tight
integration with other OpenStack core projects, all OpenStack core
projects could receive a larger user base.</para>
<para>Enables deployers to integrate with the Orchestration Service
directly or through custom plug-ins.</para>
OpenStack API calls to generate running cloud applications.
The software integrates other core components of OpenStack
into a one-file template system. The templates enable you to
create most OpenStack resource types, such as instances,
floating IPs, volumes, security groups, users, and so on.
Also, provides some more advanced functionality, such as
instance high availability, instance auto-scaling, and nested
stacks. By providing very tight integration with other
OpenStack core projects, all OpenStack core projects could
receive a larger user base.</para>
<para>Enables deployers to integrate with the Orchestration
Service directly or through custom plug-ins.</para>
<para>The Orchestration Service consists of the following
components:</para>
<itemizedlist>
<listitem><para><code>heat</code> tool. A CLI that communicates with the
heat-api to run AWS CloudFormation APIs. End developers could
also use the heat REST API directly.</para>
<listitem>
<para><code>heat</code> tool. A CLI that communicates with
the heat-api to run AWS CloudFormation APIs. End
developers could also use the heat REST API
directly.</para>
</listitem>
<listitem><para><code>heat-api</code> component. Provides an OpenStack-native
REST API that processes API requests by sending them to the
heat-engine over RPC.</para>
<listitem>
<para><code>heat-api</code> component. Provides an
OpenStack-native REST API that processes API requests by
sending them to the heat-engine over RPC.</para>
</listitem>
<listitem><para><code>heat-api-cfn</code> component. Provides an AWS Query API that is compatible with AWS CloudFormation
and processes API requests by sending them to the heat-engine over RPC.</para></listitem>
<listitem><para><code>heat-engine</code>. Orchestrates the launching of templates and provides events back to the API
<listitem>
<para><code>heat-api-cfn</code> component. Provides an AWS
Query API that is compatible with AWS CloudFormation and
processes API requests by sending them to the heat-engine
over RPC.</para>
</listitem>
<listitem>
<para><code>heat-engine</code>. Orchestrates the launching
of templates and provides events back to the API
consumer.</para>
</listitem>
</itemizedlist>
@ -608,11 +713,11 @@ instances.</para>
<section xml:id="feedback">
<title>Feedback</title>
<para>To provide feedback on documentation, join and use the
<email>openstack-docs@lists.openstack.org</email> mailing list
<email>openstack-docs@lists.openstack.org</email> mailing list
at <link
xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs"
>OpenStack Documentation Mailing List</link>, or <link
xlink:href="https://bugs.launchpad.net/openstack-manuals/+filebug"
>report a bug</link>.</para>
xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs"
>OpenStack Documentation Mailing List</link>, or <link
xlink:href="https://bugs.launchpad.net/openstack-manuals/+filebug"
>report a bug</link>.</para>
</section>
</chapter>

251
doc/common/ch_support.xml
View File

@ -1,131 +1,166 @@
<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="ch_support-and-troubleshooting">
<title>Support</title>
<para>Online resources aid in supporting OpenStack and there
are many community members willing and able to answer
questions and help with bug suspicions. We are constantly
improving and adding to the main features of OpenStack,
but if you have any problems, do not hesitate to ask.
Here are some ideas for supporting OpenStack and
troubleshooting your existing installations.</para>
<section xml:id="community-support">
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_support-and-troubleshooting">
<?dbhtml stop-chunking?>
<title>Community Support</title>
<para>Here are some places you can locate others who want to
help.</para>
<para>Many OpenStack community members can answer questions and
help with bug suspicions. We are constantly improving and
adding to the main features of OpenStack, but if you have any
problems, do not hesitate to ask. Use the following resources
to get OpenStack support and troubleshoot your existing
installations.</para>
<simplesect>
<title>ask.openstack.org</title>
<para>During setup or testing, you may have questions
about how to do something, or end up in a situation
where you can't seem to get a feature to work
correctly. The ask.openstack.org site is available for
questions and answers. When visiting the Ask site at
<link xlink:href="http://ask.openstack.org"
>http://ask.openstack.org</link>, it is usually
good to at least scan over recently asked questions to
see if your question has already been answered. If
that is not the case, then proceed to adding a new
question. Be sure you give a clear, concise summary in
the title and provide as much detail as possible in
the description. Paste in your command output or stack
traces, link to screenshots, and so on.</para>
<para>During set up or testing, you might have questions about
how to do something or be in a situation where a feature
does not work correctly. Use the <link
xlink:href="ask.openstack.org"
>ask.openstack.org</link> site to ask questions and
get answers. When you visit the <link
xlink:href="http://ask.openstack.org"
>http://ask.openstack.org</link> site, scan the recently asked questions to see whether
your question was already answered. If not, ask a new question. Be sure
to give a clear, concise summary in the title and provide
as much detail as possible in the description. Paste in
your command output or stack traces, link to screen shots,
and so on.</para>
</simplesect>
<simplesect><title>OpenStack mailing lists</title>
<para>Posting your question or scenario to the OpenStack
mailing list is a great way to get answers and
insights. You can learn from and help others who may
have the same scenario as you. Go to <link
<simplesect>
<title>OpenStack mailing lists</title>
<para>A great way to get answers and insights is to post your
question or scenario to the OpenStack mailing list. You
can learn from and help others who might have the same
scenario as you. To subscribe or view the archives, go to
<link
xlink:href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack"
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</link> to
subscribe or view the archives.
You may be interested in the other mailing lists for
specific projects or development - these can be found
<link
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</link>.
You might be interested in the other mailing lists for
specific projects or development, which you can find <link
xlink:href="http://wiki.openstack.org/MailingLists">on
the wiki</link>. A description of all mailing lists is
available at <link
xlink:href="http://wiki.openstack.org/MailingLists"
>on the wiki</link>. A description of all the
additional mailing lists is available at
<link
xlink:href="http://wiki.openstack.org/MailingLists">http://wiki.openstack.org/MailingLists</link>.</para></simplesect><simplesect>
>http://wiki.openstack.org/MailingLists</link>.</para>
</simplesect>
<simplesect>
<title>The OpenStack Wiki search</title>
<para>The <link xlink:href="http://wiki.openstack.org/">OpenStack wiki</link> contains content
on a broad range of topics, but some of it sits a bit below the surface. Fortunately, the wiki
search feature is very powerful in that it can do both searches by title and by content. If
you are searching for specific information, say about "networking" or "api" for nova, you can
find lots of content using the search feature. More is being added all the time, so be sure to
check back often. You can find the search box in the upper right hand corner of any OpenStack wiki
page.</para></simplesect>
<simplesect><title>The Launchpad Bugs area</title>
<para>So you think you've found a bug. That's great! Seriously, it is. The OpenStack community
values your setup and testing efforts and wants your feedback. To log a bug you must
have a Launchpad account, so sign up at https://launchpad.net/+login if you do not
already have a Launchpad ID. You can view existing bugs and report your bug in the
Launchpad Bugs area. It is suggested that you first use the search facility to see
if the bug you found has already been reported (or even better, already fixed). If
it still seems like your bug is new or unreported then it is time to fill out a bug
<para>The <link xlink:href="http://wiki.openstack.org/"
>OpenStack wiki</link> contains content on a broad
range of topics but some of it sits a bit below the
surface. Fortunately, the wiki search feature enables you
to search by title or content. If you search for specific
information, such as about networking or nova, you can
find lots of content. More is being added all the time, so
be sure to check back often. You can find the search box
in the upper right corner of any OpenStack wiki
page.</para>
</simplesect>
<simplesect>
<title>The Launchpad Bugs area</title>
<para>So you think you've found a bug. That's great!
Seriously, it is. The OpenStack community values your set
up and testing efforts and wants your feedback. To log a
bug, you must sign up for a Launchpad account at <link
xlink:href="https://launchpad.net/+login"
>https://launchpad.net/+login</link>. You can view
existing bugs and report bugs in the Launchpad Bugs area.
Use the search feature to determine whether the bug was
already reported (or even better, already fixed). If it
still seems like your bug is unreported, fill out a bug
report.</para>
<para>Some tips:</para>
<itemizedlist><listitem><para>Give a clear, concise summary!</para></listitem>
<listitem><para>Provide as much detail as possible
in the description. Paste in your command output or stack traces, link to
screenshots, etc.</para></listitem>
<listitem><para>Be sure to include what version of the software you are using.
This is especially critical if you are using a development branch eg. "Grizzly
release" vs git commit bc79c3ecc55929bac585d04a03475b72e06a3208.</para></listitem>
<listitem><para>Any deployment specific info is helpful as well, such as Ubuntu
12.04, multi-node install.</para></listitem> </itemizedlist>
<para>The Launchpad Bugs areas are available here - :</para>
<itemizedlist>
<listitem><para>OpenStack Compute: <link
xlink:href="https://bugs.launchpad.net/nova"
>https://bugs.launchpad.net/nova</link></para></listitem>
<listitem><para>OpenStack Object Storage: <link
xlink:href="https://bugs.launchpad.net/swift"
>https://bugs.launchpad.net/swift</link></para></listitem>
<listitem><para>OpenStack Image Delivery and Registration: <link
xlink:href="https://bugs.launchpad.net/glance"
>https://bugs.launchpad.net/glance</link></para></listitem>
<listitem><para>OpenStack Identity: <link
xlink:href="https://bugs.launchpad.net/keystone"
>https://bugs.launchpad.net/keystone</link></para></listitem>
<listitem><para>OpenStack Dashboard: <link
xlink:href="https://bugs.launchpad.net/horizon"
>https://bugs.launchpad.net/horizon</link></para></listitem>
<listitem><para>OpenStack Network Connectivity: <link
xlink:href="https://bugs.launchpad.net/neutron"
>https://bugs.launchpad.net/neutron</link></para></listitem>
<listitem><para>OpenStack Orchestration: <link
xlink:href="https://bugs.launchpad.net/heat"
>https://bugs.launchpad.net/heat</link></para></listitem>
<listitem><para>OpenStack Metering: <link
xlink:href="https://bugs.launchpad.net/ceilometer"
>https://bugs.launchpad.net/ceilometer</link></para></listitem>
<listitem>
<para>Give a clear, concise summary!</para>
</listitem>
<listitem>
<para>Provide as much detail as possible in the
description. Paste in your command output or stack
traces, link to screen shots, and so on.</para>
</listitem>
<listitem>
<para>Be sure to include the software version that you are using,
especially if you are using a development branch,
such as, <literal>"Grizzly release" vs git commit
bc79c3ecc55929bac585d04a03475b72e06a3208</literal>.</para>
</listitem>
<listitem>
<para>Any deployment specific information is helpful,
such as Ubuntu 12.04 or multi-node install.</para>
</listitem>
</itemizedlist>
<para>The Launchpad Bugs areas are available here:</para>
<itemizedlist>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/nova"
>Bugs: OpenStack Compute (nova)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/swift"
>Bugs : OpenStack Object Storage (swift)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/glance"
>Bugs : OpenStack Image Service (glance)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/keystone"
>Bugs : OpenStack Identity (keystone)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/horizon"
>Bugs : OpenStack Dashboard (horizon)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/neutron"
>Bugs : OpenStack Networking (neutron)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/heat"
>Bugs : OpenStack Orchestration (heat)</link></para>
</listitem>
<listitem>
<para><link
xlink:href="https://bugs.launchpad.net/ceilometer"
>Bugs : OpenStack Metering (ceilometer)</link></para>
</listitem>
</itemizedlist>
</simplesect>
<simplesect>
<title>The OpenStack IRC channel</title>
<para>The OpenStack community lives and breathes in the
#openstack IRC channel on the Freenode network. You
can come by to hang out, ask questions, or get
immediate feedback for urgent and pressing issues. To
get into the IRC channel you need to install an IRC
client or use a browser-based client by going to
http://webchat.freenode.net/. You can also use
Colloquy (Mac OS X, http://colloquy.info/) or mIRC
(Windows, http://www.mirc.com/) or XChat (Linux). When
#openstack IRC channel on the Freenode network. You can
come by to hang out, ask questions, or get immediate
feedback for urgent and pressing issues. To get into the
IRC channel, you must install an IRC client or use a
browser-based client by going to <link
xlink:href="http://webchat.freenode.net"
>http://webchat.freenode.net/</link>. You can also use
Colloquy (Mac OS X, <link
xlink:href="http://colloquy.info/"
>http://colloquy.info/</link>), mIRC (Windows, <link
xlink:href="http://www.mirc.com/"
>http://www.mirc.com/</link>), or XChat (Linux). When
you are in the IRC channel and want to share code or
command output, the generally accepted method is to
use a Paste Bin, the OpenStack project has one at
http://paste.openstack.org. Just paste your longer
amounts of text or logs in the web form and you get a
URL you can then paste into the channel. The OpenStack
IRC channel is: #openstack on irc.freenode.net. A list
of all the OpenStack-related IRC channels is at <link
command output, the generally accepted method is to use a
Paste Bin. The OpenStack project has one at <link
xlink:href="http://paste.openstack.org"
>http://paste.openstack.org</link>. Just paste your
longer amounts of text or logs in the web form and you get
a URL you can paste into the channel. The OpenStack IRC
channel is: <literal>#openstack</literal> on
<literal>irc.freenode.net</literal>. You can find a
list of all OpenStack-related IRC channels at <link
xlink:href="https://wiki.openstack.org/wiki/IRC"
>https://wiki.openstack.org/wiki/IRC</link>.</para>
</simplesect>
</section>
</chapter>

15
doc/common/section_about-object-storage.xml
View File

@ -4,11 +4,14 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="ch_introduction-to-openstack-object-storage">
<title>Introduction to OpenStack Object Storage</title>
<para>OpenStack Object Storage is a scalable object storage system - it is not a file system in the
traditional sense. You will not be able to mount this system like traditional SAN or NAS volumes.
Since OpenStack Object Storage is a different way of thinking when it comes to storage, take a few
moments to review the key concepts in the developer documentation at
<link xlink:href="http://docs.openstack.org/developer/swift/">docs.openstack.org/developer/swift/</link>.</para>
<title>Introduction to Object Storage</title>
<para>Object Storage is a scalable object storage system - it is
not a file system in the traditional sense. You cannot mount
this system like traditional SAN or NAS volumes. Because Object
Storage requires a different way of thinking when it comes to
storage, take a few moments to review the key concepts in the
developer documentation at <link
xlink:href="http://docs.openstack.org/developer/swift/"
>docs.openstack.org/developer/swift/</link>.</para>
<!-- TODO Is this really the best we can do?-->
</section>

34
doc/common/section_dashboard-configure-http.xml Normal file
View File

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="configure-dashboard-http"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Configure the dashboard for HTTP</title>
<?dbhtml stop-chunking?>
<para>You can configure the dashboard for a simple HTTP deployment. The standard installation
uses a non-encrypted HTTP channel.</para>
<procedure xml:id="dashboard-config-http">
<step>
<para>Specify the host for your OpenStack Identity
Service endpoint in the
<filename>/etc/openstack-dashboard/local_settings.py</filename>
file with the <literal>OPENSTACK_HOST</literal>
setting.</para>
<para>The following example shows this setting:</para>
<programlisting language="python"><?db-font-size 65%?><xi:include parse="text" href="samples/local_settings.py"/></programlisting>
<para>The service catalog configuration in the
Identity Service determines whether a service appears
in the dashboard. For the full listing, see
<link
xlink:href="http://docs.openstack.org/developer/horizon/topics/settings.html"
>Horizon Settings and
Configuration</link>.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
</step>
</procedure>
</section>

94
doc/common/section_dashboard-configure-https.xml Normal file
View File

@ -0,0 +1,94 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="dashboard-config-https" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"><title>Configure the dashboard for HTTPS</title>
<para>You can configure the dashboard for a secured HTTPS deployment. While the standard installation
uses a non-encrypted HTTP channel, you can enable SSL support
for the dashboard.</para>
<procedure>
<para>The following example uses the domain,
"http://openstack.example.com." Use a domain that fits
your current setup.</para>
<step>
<para>In<filename>/etc/openstack-dashboard/local_settings.py</filename>
update the following
directives:</para><programlisting>USE_SSL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True</programlisting>
<para>The first option is required to enable HTTPS.
The other recommended settings defend against
cross-site scripting and require HTTPS.</para>
</step>
<step>
<para>Edit
<filename>/etc/apache2/ports.conf</filename>
and add the following line:</para>
<programlisting>NameVirtualHost *:443</programlisting>
</step>
<step>
<para>Edit
<filename>/etc/apache2/conf.d/openstack-dashboard.conf:</filename></para>
<para>Before:</para>
<programlisting><?db-font-size 65%?>WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;</programlisting>
<para>After:</para>
<programlisting><?db-font-size 65%?>&lt;VirtualHost *:80&gt;
ServerName openstack.example.com
&lt;IfModule mod_rewrite.c&gt;
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
&lt;/IfModule&gt;
&lt;IfModule !mod_rewrite.c&gt;
RedirectPermanent / https://openstack.example.com
&lt;/IfModule&gt;
&lt;/VirtualHost&gt;
&lt;VirtualHost *:443&gt;
ServerName openstack.example.com
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
SetEnvIf User-Agent &quot;.*MSIE.*&quot; nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;
&lt;/VirtualHost&gt;</programlisting>
<para>In this configuration, Apache listens on the
port 443 and redirects all the hits to the HTTPS
protocol for all the non-secured requests. The secured
section defines the private key, public key, and
certificate to use.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
<para>If you try to access the dashboard through HTTP,
the browser redirects you to the HTTPS page.</para>
</step>
</procedure></section>

21
doc/common/section_dashboard-configure-vnc-window.xml Normal file
View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<section xml:id="vnc-window"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Change the size of the dashboard VNC window</title>
<para>The <filename>_detail_vnc.html</filename> file defines
the size of the VNC window. To change the window size, edit
this file.</para>
<procedure xml:id="adjust-vnc-window">
<step>
<para>Edit
<filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html.</filename></para>
</step>
<step>
<para>Modify the <literal>width</literal> and
<literal>height</literal> parameters, as follows:</para>
<programlisting>&lt;iframe src="{{ vnc_url }}" width="720" height="430"&gt;&lt;/iframe&gt;</programlisting>
</step>
</procedure>
</section>

141
doc/common/section_dashboard-configure.xml
View File

@ -5,134 +5,15 @@
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Configure the dashboard</title>
<?dbhtml stop-chunking?>
<para>You can configure the dashboard for a simple HTTP deployment
or a secured HTTPS deployment. While the standard installation
uses a non-encrypted HTTP channel, you can enable SSL support
for the dashboard.</para>
<procedure xml:id="dashboard-config-http">
<title>To configure the dashboard for HTTP</title>
<step>
<para>Specify the host for your OpenStack Identity
Service endpoint in the
<filename>/etc/openstack-dashboard/local_settings.py</filename>
file with the <literal>OPENSTACK_HOST</literal>
setting.</para>
<para>The following example shows this setting:</para>
<programlisting language="python"><?db-font-size 65%?><xi:include parse="text" href="samples/local_settings.py"/></programlisting>
<para>The service catalog configuration in the
Identity Service determines whether a service appears
in the dashboard. For the full listing, see
<link
xlink:href="http://docs.openstack.org/developer/horizon/topics/settings.html"
>Horizon Settings and
Configuration</link>.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
</step>
</procedure>
<procedure xml:id="dashboard-config-https">
<title>To configure the dashboard for HTTPS</title>
<para>The following example uses the domain,
"http://openstack.example.com." Use a domain that fits
your current setup.</para>
<step>
<para>In<filename>/etc/openstack-dashboard/local_settings.py</filename>
update the following
directives:<programlisting>USE_SSL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True</programlisting></para>
<para>The first option is required to enable HTTPS.
The other recommended settings defend against
cross-site scripting and require HTTPS.</para>
</step>
<step>
<para>Edit
<filename>/etc/apache2/ports.conf</filename>
and add the following line:</para>
<programlisting>NameVirtualHost *:443</programlisting>
</step>
<step>
<para>Edit
<filename>/etc/apache2/conf.d/openstack-dashboard.conf:</filename></para>
<para>Before:</para>
<programlisting><?db-font-size 65%?>WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;</programlisting>
<para>After:</para>
<programlisting><?db-font-size 65%?>&lt;VirtualHost *:80&gt;
ServerName openstack.example.com
&lt;IfModule mod_rewrite.c&gt;
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
&lt;/IfModule&gt;
&lt;IfModule !mod_rewrite.c&gt;
RedirectPermanent / https://openstack.example.com
&lt;/IfModule&gt;
&lt;/VirtualHost&gt;
&lt;VirtualHost *:443&gt;
ServerName openstack.example.com
SSLEngine On
# Remember to replace certificates and keys with valid paths in your environment
SSLCertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCACertificateFile /etc/apache2/SSL/openstack.example.com.crt
SSLCertificateKeyFile /etc/apache2/SSL/openstack.example.com.key
SetEnvIf User-Agent &quot;.*MSIE.*&quot; nokeepalive ssl-unclean-shutdown
# HTTP Strict Transport Security (HSTS) enforces that all communications
# with a server go over SSL. This mitigates the threat from attacks such
# as SSL-Strip which replaces links on the wire, stripping away https prefixes
# and potentially allowing an attacker to view confidential information on the
# wire
Header add Strict-Transport-Security "max-age=15768000"
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
&lt;Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi&gt;
Order allow,deny
Allow from all
&lt;/Directory&gt;
&lt;/VirtualHost&gt;</programlisting>
<para>In this configuration, Apache listens on the
port 443 and redirects all the hits to the HTTPS
protocol for all the non-secured requests. The secured
section defines the private key, public key, and
certificate to use.</para>
</step>
<step>
<para>Restart Apache and memcached:</para>
<screen><prompt>#</prompt> <userinput>service apache2 restart</userinput>
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
<para>If you try to access the dashboard through HTTP,
the browser redirects you to the HTTPS page.</para>
</step>
</procedure>
<procedure xml:id="adjust-vnc-window">
<title>To adjust the dimensions of the VNC window in the
Dashboard</title>
<para>The <filename>_detail_vnc.html</filename> file defines
the size of the VNC window. To change the window size, edit
this file.</para>
<step>
<para>Edit
<filename>/usr/share/pyshared/horizon/dashboards/nova/instances/templates/instances/_detail_vnc.html.</filename></para>
</step>
<step>
<para>Modify the <literal>width</literal> and
<literal>height</literal> parameters, as follows:</para>
<programlisting>&lt;iframe src="{{ vnc_url }}" width="720" height="430"&gt;&lt;/iframe&gt;</programlisting>
</step>
</procedure>
<para>You can configure the dashboard for a simple HTTP
deployment. </para>
<para>You can configure the dashboard for a secured HTTPS
deployment. While the standard installation uses a
non-encrypted HTTP channel, you can enable SSL support for the
dashboard.</para>
<para>Also, you can configure the size of the VNC window in the
dashboard. </para>
<xi:include href="section_dashboard-configure-http.xml"/>
<xi:include href="section_dashboard-configure-https.xml"/>
<xi:include href="section_dashboard-configure-vnc-window.xml"/>
</section>

77
doc/common/section_dashboard-install.xml
View File

@ -5,33 +5,36 @@
<!ENTITY mdash "&#x2014;">
<!ENTITY hellip "&#x2026;">
]>
<section xml:id="installing-openstack-dashboard"
<section xml:id="install_dashboard"
xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Install and configure the dashboard</title>
<?dbhtml stop-chunking?>
<title>Install the dashboard</title>
<para>Before you can install and configure the dashboard, meet the
requirements in <xref linkend="dashboard-system-requirements"/>.</para>
<para>For more information about how to deploy the dashboard, see <link
requirements in <xref linkend="dashboard-system-requirements"
/>.</para>
<para>For more information about how to deploy the dashboard, see
<link
xlink:href="http://docs.openstack.org/developer/horizon/topics/deployment.html"
>Deploying Horizon</link>.</para>
<procedure>
<title>To install the dashboard</title>
<step>
<para>Install the dashboard on the node that can contact the
Identity Service as root:</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install memcached libapache2-mod-wsgi openstack-dashboard</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install memcached python-memcached mod_wsgi openstack-dashboard</userinput></screen>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install memcached python-python-memcached apache2-mod_wsgi openstack-dashboard</userinput></screen>
<para>Install the dashboard on the node that can contact
the Identity Service as root:</para>
<screen os="ubuntu" language="bash"><prompt>#</prompt> <userinput>apt-get install memcached libapache2-mod-wsgi openstack-dashboard</userinput></screen>
<screen os="rhel;centos;fedora" language="bash"><prompt>#</prompt> <userinput>yum install memcached python-memcached mod_wsgi openstack-dashboard</userinput></screen>
<screen os="opensuse" language="bash"><prompt>#</prompt> <userinput>zypper install memcached python-python-memcached apache2-mod_wsgi openstack-dashboard</userinput></screen>
</step>
<step>
<para>Modify the value of
<literal>CACHES['default']['LOCATION']</literal> in
<filename os="ubuntu"
<literal>CACHES['default']['LOCATION']</literal>
in <filename os="ubuntu"
>/etc/openstack-dashboard/local_settings.py</filename><filename
os="centos;fedora;rhel"
>/etc/openstack-dashboard/local_settings</filename><filename
os="opensuse">/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
os="opensuse"
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
to match the ones set in <filename os="ubuntu"
>/etc/memcached.conf</filename><filename
os="centos;fedora;rhel;opensuse"
@ -39,59 +42,62 @@
<para>Open <filename os="ubuntu"
>/etc/openstack-dashboard/local_settings.py</filename>
<filename os="centos;fedora;rhel"
>/etc/openstack-dashboard/local_settings</filename> and look
for this line:</para>
<programlisting language="bash" linenumbering="unnumbered">CACHES = {
>/etc/openstack-dashboard/local_settings</filename>
and look for this line:</para>
<programlisting language="bash" linenumbering="unnumbered"><?db-font-size 75%?>CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211'
}
}</programlisting>
}</programlisting>
<note xlink:href="#installing-openstack-dashboard"
xlink:title="Notes">
<title>Notes</title>
<itemizedlist>
<listitem>
<para>The address and port must match the ones set in
<filename os="ubuntu"
<para>The address and port must match the ones
set in <filename os="ubuntu"
>/etc/memcached.conf</filename><filename
os="centos;fedora;rhel;opensuse"
>/etc/sysconfig/memcached</filename>.</para>
<para>If you change the memcached settings, you must
restart the Apache web server for the changes to
take effect.</para>
<para>If you change the memcached settings,
you must restart the Apache web server for
the changes to take effect.</para>
</listitem>
<listitem>
<para>You can use options other than memcached option
for session storage. Set the session back-end
through the <parameter>SESSION_ENGINE</parameter>
<para>You can use options other than memcached
option for session storage. Set the
session back-end through the
<parameter>SESSION_ENGINE</parameter>
option.</para>
</listitem>
<listitem>
<para>To change the timezone, use the dashboard or edit
the <filename os="centos;fedora;rhel"
<para>To change the timezone, use the
dashboard or edit the <filename
os="centos;fedora;rhel"
>/etc/openstack-dashboard/local_settings</filename><filename
os="ubuntu"
>/etc/openstack-dashboard/local_settings.py</filename><filename
os="opensuse"
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
file.</para>
<para>Change the following parameter: <code>TIME_ZONE =
"UTC"</code>
<para>Change the following parameter:
<code>TIME_ZONE = "UTC"</code>
</para>
</listitem>
</itemizedlist>
</note>
</step>
<step>
<para>Make sure that the web browser on your local machine supports
HTML5.</para>
<para>Make sure that the web browser on your local machine
supports HTML5.</para>
<para>Enable cookies and JavaScript.</para>
<note>
<para>To use the VNC client with the dashboard, the browser must
support HTML5 Canvas and HTML5 WebSockets.</para>
<para>For details about browsers that support noVNC, see <link
<para>To use the VNC client with the dashboard, the
browser must support HTML5 Canvas and HTML5
WebSockets.</para>
<para>For details about browsers that support noVNC,
see <link
xlink:href="https://github.com/kanaka/noVNC/blob/master/README.md"
>https://github.com/kanaka/noVNC/blob/master/README.md</link>,
and <link
@ -100,5 +106,4 @@
</note>
</step>
</procedure>
<xi:include href="section_dashboard-configure.xml"/>
</section>

2
doc/common/section_dashboard-system-reqs.xml
View File

@ -34,7 +34,7 @@
might differ by platform.</para>
</listitem>
</itemizedlist>
<para>Then, <link linkend="installing-openstack-dashboard"
<para>Then, <link linkend="ch_install-dashboard"
>install and configure the dashboard</link> on a node that
can contact the Identity Service.</para>
<para>Provide users with the following information so that they

18
doc/common/section_dashboard_customizing.xml
View File

@ -15,13 +15,14 @@
<para>Canonical also provides an
<literal>openstack-dashboard-ubuntu-theme</literal>
package that brands the Python-based Django interface.</para>
<para>The following example shows a customized dashboard with
<!-- The following diagrams are sized incorrectly and will add back later -->
<!--<para>The following example shows a customized dashboard with
custom colors, logo, and site title:</para>
<mediaobject>
<imageobject role="fo">
<imagedata
fileref="figures/Login-OpenStack-Dashboard.png"
format="PNG" scale="60"/>
format="PNG" scale="40"/>
</imageobject>
<imageobject role="html">
<imagedata
@ -33,16 +34,15 @@
<imageobject role="fo">
<imagedata
fileref="figures/Flavors-TGen-Cloud-Dashboard.png"
format="PNG" scale="60"/>
format="PNG" scale="40"/>
</imageobject>
<imageobject role="html">
<imagedata
fileref="figures/Flavors-TGen-Cloud-Dashboard.png"
format="PNG"/>
</imageobject>
</mediaobject>
</mediaobject>-->
<procedure>
<title>To customize the dashboard:</title>
<step>
<para>Create a graphical logo with a transparent
background. The text <literal>TGen Cloud</literal> in
@ -76,7 +76,7 @@
appropriate, though the relative directory paths
should be the same. The following example file shows
you how to customize your CSS
file:<programlisting><?db-font-size 65%?>/*
file:</para><programlisting><?db-font-size 65%?>/*
* New theme colors for dashboard that override the defaults:
* dark blue: #355796 / rgb(53, 87, 150)
* light blue: #BAD3E1 / rgb(186, 211, 225)
@ -108,7 +108,7 @@ border: none;
box-shadow: none;
background-color: #BAD3E1 !important;
text-decoration: none;
}</programlisting></para>
}</programlisting>
</step>
<step>
<para>Open the following HTML template in an editor:
@ -116,12 +116,12 @@ text-decoration: none;
</step>
<step>
<para>Add a line to include your
<filename>custom.css</filename> file:
<filename>custom.css</filename> file:</para>
<programlisting><?db-font-size 65%?>...
&lt;link href='{{ STATIC_URL }}bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet' /&gt;
&lt;link href='{{ STATIC_URL }}dashboard/css/{% choose_css %}' media='screen' rel='stylesheet' /&gt;
<emphasis>&lt;link href='{{ STATIC_URL }}dashboard/css/custom.css' media='screen' rel='stylesheet' /&gt;</emphasis>
...</programlisting></para>
...</programlisting>
</step>
<step>
<para>Restart apache:</para>

28
doc/common/section_dashboard_sessions.xml
View File

@ -6,9 +6,9 @@
<title>Set up session storage for the dashboard</title>
<para>The dashboard uses <link
xlink:href="https://docs.djangoproject.com/en/dev/topics/http/sessions/"
>Djangos sessions framework</link> to handle user session
data. However, you can use any available session backend. You
customize the session backend through the
>Django sessions framework</link> to handle user session
data. However, you can use any available session back end. You
customize the session back end through the
<literal>SESSION_ENGINE</literal> setting in your
<filename os="centos;fedora;rhel">
/etc/openstack-dashboard/local_settings</filename>
@ -20,7 +20,7 @@
<section xml:id="dashboard-session-local">
<title>Local memory cache</title>
<para>Local memory storage is the quickest and easiest session
backend to set up, as it has no external dependencies
back end to set up, as it has no external dependencies
whatsoever. It has the following significant
drawbacks:</para>
<itemizedlist>
@ -33,11 +33,11 @@
terminates.</para>
</listitem>
</itemizedlist>
<para>The local memory backend is enabled as the default for
<para>The local memory back end is enabled as the default for
Horizon solely because it has no dependencies. It is not
recommended for production use, or even for serious
development work. Enabled by:</para>
<programlisting language="python">SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
<programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'
}</programlisting>
@ -62,7 +62,7 @@ CACHES = {
</listitem>
</itemizedlist>
<para>Enabled by:</para>
<programlisting language="python">SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
<programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
'LOCATION': 'my_memcached_host:11211',
@ -82,7 +82,7 @@ CACHES = {
</listitem>
</itemizedlist>
<para>Enabled by:</para>
<programlisting language="python">SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
<programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
"default": {
"BACKEND": "redis_cache.cache.RedisCache",
@ -136,7 +136,7 @@ CACHES = {
<filename os="opensuse"
>/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py</filename>
file, change these options:</para>
<programlisting language="python">SESSION_ENGINE = 'django.core.cache.backends.db.DatabaseCache'
<programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = 'django.core.cache.backends.db.DatabaseCache'
DATABASES = {
'default': {
# Database configuration here
@ -189,20 +189,20 @@ No fixtures found.</computeroutput></screen>
<section xml:id="dashboard-session-cached-database">
<title>Cached database</title>
<para>To mitigate the performance issues of database queries,
you can use the Django cached_db session backend, which
you can use the Django cached_db session back end, which
utilizes both your database and caching infrastructure to
perform write-through caching and efficient retrieval.</para>
<para>Enable this hybrid setting by configuring both your
database and cache, as discussed previously. Then, set the
following value:</para>
<programlisting language="python">SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"</programlisting>
<programlisting language="python"><?db-font-size 75%?>SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"</programlisting>
</section>
<section xml:id="dashboard-session-cookies">
<title>Cookies</title>
<para>If you use Django 1.4 or later, the signed_cookies
backend avoids server load and scaling problems.</para>
<para>This backend stores session data in a cookie, which is
stored by the users browser. The backend uses a
back end avoids server load and scaling problems.</para>
<para>This back end stores session data in a cookie, which is
stored by the users browser. The back end uses a
cryptographic signing technique to ensure session data is
not tampered with during transport. This is not the same
as encryption; session data is still readable by an

2
doc/common/section_identity-troubleshooting.xml
View File

@ -161,7 +161,7 @@ arg_dict: {}
<parameter>--keystone-user</parameter> and
<parameter>--keystone-group</parameter> parameters,
you get an error, as follows:</para>
<screen><computeroutput>2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing key file
<screen><?db-font-size 75%?><computeroutput>2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing key file
/etc/keystone/ssl/private/signing_key.pem
140380567730016:error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('/etc/keystone/ssl/private/signing_key.pem','r')

264
doc/common/section_keystone-concepts.xml
View File

@ -5,10 +5,12 @@
xml:id="keystone-concepts">
<?dbhtml stop-chunking?>
<title>Identity Service concepts</title>
<para>The Identity Service performs the following functions:</para>
<para>The Identity Service performs the following
functions:</para>
<itemizedlist spacing="compact">
<listitem>
<para>User management. Tracks users and their permissions.</para>
<para>User management. Tracks users and their
permissions.</para>
</listitem>
<listitem>
<para>Service catalog. Provides a catalog of available
@ -17,55 +19,47 @@
</itemizedlist>
<para>To understand the Identity Service, you must understand the
following concepts:</para>
<variablelist>
<variablelist wordsize="10">
<varlistentry>
<term>User</term>
<term><emphasis role="bold">User</emphasis></term>
<listitem>
<para>Digital representation of a person, system, or service
who uses OpenStack cloud services. Identity authentication
services will validate that incoming request are being made
by the user who claims to be making the call. Users have a
login and may be assigned tokens to access resources. Users
may be directly assigned to a particular tenant and behave
as if they are contained in that tenant.
</para>
<para>Digital representation of a person, system, or
service who uses OpenStack cloud services. The
Identity Service validates that incoming requests
are made by the user who claims to be making the
call. Users have a login and may be assigned
tokens to access resources. Users can be directly
assigned to a particular tenant and behave as if
they are contained in that tenant.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Credentials</term>
<term><emphasis role="bold">Credentials</emphasis></term>
<listitem>
<para>Data that is known only by a user that proves
who they are. In the Identity Service, examples
are:</para>
<itemizedlist>
<listitem>
<para>Username and password</para>
</listitem>
<listitem>
<para>Username and API key</para>
</listitem>
<listitem>
<para>An authentication token provided by the
Identity Service</para>
</listitem>
</itemizedlist>
are: User name and password, user name and API
key, or an authentication token provided by the
Identity Service.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Authentication</term>
<term><emphasis role="bold"
>Authentication</emphasis></term>
<listitem>
<para>The act of confirming the identity of a user.
The Identity Service confirms an incoming request
by validating a set of credentials supplied by the
user. These credentials are initially a username
and password or a username and API key. In
response to these credentials, the Identity
Service issues the user an authentication token,
which the user provides in subsequent requests.</para>
user. </para>
<para>These credentials are initially a user name and
password or a user name and API key. In response
to these credentials, the Identity Service issues
an authentication token to the user, which the
user provides in subsequent requests.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Token</term>
<term><emphasis role="bold">Token</emphasis></term>
<listitem>
<para>An arbitrary bit of text that is used to access
resources. Each token has a scope which describes
@ -82,7 +76,7 @@
</listitem>
</varlistentry>
<varlistentry>
<term>Tenant</term>
<term><emphasis role="bold">Tenant</emphasis></term>
<listitem>
<para>A container used to group or isolate resources
and/or identity objects. Depending on the service
@ -91,16 +85,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>Service</term>
<term><emphasis role="bold">Service</emphasis></term>
<listitem>
<para>An OpenStack service, such as Compute (Nova),
Object Storage (Swift), or Image Service (Glance).
Provides one or more endpoints through which users
can access resources and perform operations.</para>
can access resources and perform
operations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Endpoint</term>
<term><emphasis role="bold">Endpoint</emphasis></term>
<listitem>
<para>An network-accessible address, usually described
by URL, from where you access a service. If using
@ -111,7 +106,7 @@
</listitem>
</varlistentry>
<varlistentry>
<term>Role</term>
<term><emphasis role="bold">Role</emphasis></term>
<listitem>
<para>A personality that a user assumes that enables
them to perform a specific set of operations. A
@ -119,20 +114,21 @@
user assuming that role inherits those rights and
privileges.</para>
<para>In the Identity Service, a token that is issued
to a user includes the list of roles that user can
assume. Services that are being called by that
user determine how they interpret the set of roles
a user has and which operations or resources each
role grants access to.</para>
to a user includes the list of roles that user
has. Services that are being called by that user
determine how they interpret the set of roles a
user has and to which operations or resources each
role grants access.</para>
</listitem>
</varlistentry>
</variablelist>
<para>
<para>The following diagram shows the Identity Service process
flow:</para>
<mediaobject>
<imageobject role="fo">
<imagedata
fileref="figures/SCH_5002_V00_NUAC-Keystone.png"
format="PNG" scale="50"/>
format="PNG" scale="40"/>
</imageobject>
<imageobject role="html">
<imagedata
@ -140,7 +136,7 @@
format="PNG" scale="10"/>
</imageobject>
</mediaobject>
</para>
<?hard-pagebreak?>
<section xml:id="keystone-user-management">
<title>User management</title>
<para>The main components of Identity user management are: <itemizedlist>
@ -155,15 +151,17 @@
</listitem>
</itemizedlist></para>
<para>A <emphasis>user</emphasis> represents a human user, and
has associated information such as username, password and
email. This example creates a user named "alice":</para>
<screen><prompt>$</prompt> <userinput>keystone user-create --name=alice --pass=mypassword123 --email=alice@example.com</userinput></screen>
has associated information such as user name, password,
and email. This example creates a user named
"alice":</para>
<screen><prompt>$</prompt> <userinput>keystone user-create --name=alice \
--pass=mypassword123 --email=alice@example.com</userinput></screen>
<para>A <emphasis>tenant</emphasis> can be a project, group,
or organization. Whenever you make requests to OpenStack
services, you must specify a tenant. For example, if you
query the Compute service for a list of running instances,
you will receive a list of all of the running instances in
the tenant you specified in your query. This example
you receive a list of all of the running instances in the
tenant that you specified in your query. This example
creates a tenant named "acme":</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-create --name=acme</userinput></screen>
<note>
@ -185,10 +183,11 @@
roles. As far as the Identity service is concerned, a
role is simply a name.</para>
</note>
<?hard-pagebreak?>
<para>The Identity service associates a user with a tenant and
a role. To continue with our previous examples, we may
wish to assign the "alice" user the "compute-user" role in
the "acme" tenant:</para>
a role. To continue with the previous examples, you might
to assign the "alice" user the "compute-user" role in the
"acme" tenant:</para>
<screen><prompt>$</prompt> <userinput>keystone user-list</userinput></screen>
<screen><computeroutput>+--------+---------+-------------------+--------+
| id | enabled | email | name |
@ -209,44 +208,47 @@
+--------+------+---------+</computeroutput></screen>
<screen><prompt>$</prompt> <userinput>keystone user-role-add --user=892585 --role=9a764e --tenant-id=6b8fd2</userinput> </screen>
<para>A user can be assigned different roles in different
tenants: for example, Alice may also have the "admin" role
in the "Cyberdyne" tenant. A user can also be assigned
multiple roles in the same tenant.</para>
tenants: for example, Alice might also have the "admin"
role in the "Cyberdyne" tenant. A user can also be
assigned multiple roles in the same tenant.</para>
<para>The
<filename>/etc/<replaceable>[SERVICE_CODENAME]</replaceable>/policy.json</filename>
file controls what users are allowed to do for a given service.
For example, <filename>/etc/nova/policy.json</filename>
specifies the access policy for the Compute service,
file controls the tasks that users can perform for a given
service. For example,
<filename>/etc/nova/policy.json</filename> specifies
the access policy for the Compute service,
<filename>/etc/glance/policy.json</filename> specifies
the access policy for the Image service, and
<filename>/etc/keystone/policy.json</filename>
specifies the access policy for the Identity service.</para>
specifies the access policy for the Identity
service.</para>
<para>The default <filename>policy.json</filename> files in
the Compute, Identity, and Image service recognize only
the <literal>admin</literal> role: all operations that do
not require the <literal>admin</literal> role will be
accessible by any user that has any role in a tenant.</para>
not require the <literal>admin</literal> role are
accessible by any user that has any role in a
tenant.</para>
<para>If you wish to restrict users from performing operations
in, say, the Compute service, you need to create a role in
the Identity service and then modify
<filename>/etc/nova/policy.json</filename> so that
this role is required for Compute operations.</para>
<?hard-pagebreak?>
<para>For example, this line in
<filename>/etc/nova/policy.json</filename> specifies
that there are no restrictions on which users can create
volumes: if the user has any role in a tenant, they will
be able to create volumes in that tenant.</para>
volumes: if the user has any role in a tenant, they can
create volumes in that tenant.</para>
<programlisting language="json">"volume:create": [],</programlisting>
<para>If we wished to restrict creation of volumes to users
who had the <literal>compute-user</literal> role in a
particular tenant, we would add
<literal>"role:compute-user"</literal>, like so:</para>
<para>To restrict creation of volumes to users who had the
<literal>compute-user</literal> role in a particular
tenant, you would add
<literal>"role:compute-user"</literal>, like
so:</para>
<programlisting language="json">"volume:create": ["role:compute-user"],</programlisting>
<para>
If we wished to restrict all Compute service requests to require
this role, the resulting file would look like:
</para>
<programlisting language="json">{
<para>To restrict all Compute service requests to require this
role, the resulting file would look like:</para>
<programlisting language="json"><?db-font-size 50%?>{
"admin_or_owner": [["role:admin"], ["project_id:%(project_id)s"]],
"default": [["rule:admin_or_owner"]],
@ -363,59 +365,81 @@
</listitem>
</itemizedlist>
<para>The Identity Service also maintains a user that
corresponds to each service (such as, a user named
<emphasis>nova</emphasis>, for the Compute service)
and a special service tenant, which is called
corresponds to each service, such as, a user named
<emphasis>nova</emphasis> for the Compute service, and
a special service tenant called
<emphasis>service</emphasis>.</para>
<para>The commands for creating services and endpoints are
described in a later section.</para>
<para>For information about how to create services and
endpoints, see the <link
xlink:href="http://docs.openstack.org/user-guide-admin/content/index.html"
><citetitle>OpenStack Admin User
Guide</citetitle></link>.</para>
</section>
<?hard-pagebreak?>
<section xml:id="identity-groups">
<title>Groups</title>
<para>
A group is a collection of users.
Administrators can create groups and add users to them.
Then, rather than assign a role to each user individually,
assign a role to the group.
</para>
<para>
Every group is in a domain. Groups were introduced with version 3 of the
Identity API (the Grizzly release of Keystone).
</para>
<para>
Identity API V3 provides the following group-related operations:
</para>
<para>A group is a collection of users. Administrators can
create groups and add users to them. Then, rather than
assign a role to each user individually, assign a role to
the group. Every group is in a domain. Groups were
introduced with version 3 of the Identity API (the Grizzly
release of Keystone).</para>
<para>Identity API V3 provides the following group-related
operations:</para>
<itemizedlist>
<listitem><para>Create a group</para></listitem>
<listitem><para>Delete a group</para></listitem>
<listitem><para>Update a group (change its name or description)</para></listitem>
<listitem><para>Add a user to a group</para></listitem>
<listitem><para>Remove a user from a group</para></listitem>
<listitem><para>List group members</para></listitem>
<listitem><para>List groups for a user</para></listitem>
<listitem><para>Assign a role on a tenant to a group</para></listitem>
<listitem><para>Assign a role on a domain to a group</para></listitem>
<listitem><para>Query role assignments to groups</para></listitem>
<listitem>
<para>Create a group</para>
</listitem>
<listitem>
<para>Delete a group</para>
</listitem>
<listitem>
<para>Update a group (change its name or
description)</para>
</listitem>
<listitem>
<para>Add a user to a group</para>
</listitem>
<listitem>
<para>Remove a user from a group</para>
</listitem>
<listitem>
<para>List group members</para>
</listitem>
<listitem>
<para>List groups for a user</para>
</listitem>
<listitem>
<para>Assign a role on a tenant to a group</para>
</listitem>
<listitem>
<para>Assign a role on a domain to a group</para>
</listitem>
<listitem>
<para>Query role assignments to groups</para>
</listitem>
</itemizedlist>
<note>
<para>
Not all of these operations may be allowed by the Identity server.
For example, if using the Keystone server with the LDAP Identity backend and
group updates are disabled, then a request to create, delete, or update a group
will fail.
</para>
<para>The Identity service server might not allow all
operations. For example, if using the Keystone server
with the LDAP Identity back end and group updates are
disabled, then a request to create, delete, or update
a group fails.</para>
</note>
<para>
Here's a couple examples:
</para><para>
Group A is granted Role A on Tenant A. If User A is a member of Group A,
then when User A gets a token scoped to Tenant A then the token will also
include Role A.
</para><para>
Group B is granted Role B on Domain B. If User B is a member of Domain B,
then if User B gets a token scoped to Domain B then the token will also
include Role B.
</para>
<para>Here are a couple examples:</para>
<itemizedlist>
<listitem>
<para>Group A is granted Role A on Tenant A. If User A
is a member of Group A, when User A gets a token
scoped to Tenant A, the token also includes Role
A.</para>
</listitem>
<listitem>
<para>Group B is granted Role B on Domain B. If User B
is a member of Domain B, if User B gets a token
scoped to Domain B, the token also includes Role
B.</para>
</listitem>
</itemizedlist>
</section>
</section>

1
doc/common/section_storage-concepts.xml
View File

@ -54,6 +54,7 @@
</tr>
</tbody>
</table>
<?hard-pagebreak?>
<para>Other points of note include: <itemizedlist>
<listitem>
<para><emphasis>OpenStack Object Storage is not used like a

7
doc/common/section_support-compute.xml
View File

@ -123,9 +123,10 @@
can then delete. For
example:<screen><prompt>$</prompt> <userinput>nova reset-state c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput>
<prompt>$</prompt> <userinput>nova delete c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen></para>
<para>You can also use the <literal>--active</literal> to force the instance back into
an active state instead of an error state, for example:<screen><prompt>$</prompt> <userinput>nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput></screen>
</para>
<para>You can also use the <literal>--active</literal> to
force the instance back into an active state instead of an
error state, for
example:<screen><prompt>$</prompt> <userinput>nova reset-state --active c6bbbf26-b40a-47e7-8d5c-eb17bf65c485</userinput> </screen></para>
</section>
<section xml:id="problems-with-injection">
<title>Problems with Injection</title>

2
doc/install-guide/ch_installdashboard.xml
View File

@ -14,7 +14,7 @@
OpenStack Compute cloud controller through the OpenStack APIs.</para>
<para>The following instructions show an example deployment
configured with an Apache web server.</para>
<para>After you <link linkend="installing-openstack-dashboard"
<para>After you <link linkend="ch_install-dashboard"
>install and configure the dashboard</link>, you can
complete the following tasks:</para>
<itemizedlist>