openstack/openstack-salt
Code Issues Proposed changes

Configuration documentation

Browse Source
This commit is contained in:
Adam Tengler
2016-01-25 23:51:05 +01:00
parent b0fddb2d92
commit 141ef2e795
8 changed files with 1706 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
doc/source/install/configure-compute.rst
View File

@@ -1,10 +1,159 @@
Configuring the compute service
Configuring the Compute service
================================
KVM backend
-------------------
Control nodes
*************
Nova services on the control node
.. code-block:: yaml
nova:
controller:
version: kilo
enabled: true
security_group: true
cpu_allocation_ratio: 8.0
ram_allocation_ratio: 1.0
bind:
public_address: 10.0.0.122
public_name: openstack.domain.com
novncproxy_port: 6080
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: nova
user: nova
password: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: nova
password: pwd
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
network:
engine: neutron
host: 127.0.0.1
port: 9696
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: neutron
password: pwd
tenant: service
metadata:
password: password
Nova services from custom package repository
.. code-block:: yaml
nova:
controller:
version: kilo
source:
engine: pkg
address: http://...
....
Compute nodes
*************
Nova services on compute node with Neutron networking
.. code-block:: yaml
nova:
compute:
version: kilo
enabled: true
virtualization: kvm
security_group: true
bind:
vnc_address: 172.20.0.100
vnc_port: 6080
vnc_name: openstack.domain.com
vnc_protocol: http
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: nova
user: nova
password: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: nova
password: pwd
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
image:
engine: glance
host: 127.0.0.1
port: 9292
network:
engine: neutron
host: 127.0.0.1
port: 9696
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: neutron
password: pwd
tenant: service
qemu:
max_files: 4096
max_processes: 4096
Nova services on compute node with OpenContrail
.. code-block:: yaml
nova:
compute:
enabled: true
...
networking: contrail
Nova services on compute node with memcached caching
.. code-block:: yaml
nova:
compute:
enabled: true
...
cache:
engine: memcached
members:
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
--------------
.. include:: navigation.txt

357
doc/source/install/configure-dashboard.rst
View File

@@ -2,11 +2,362 @@
Configuring the Dashboard service
===================================
OS Horizon from package
-----------------------
Installing plugins
---------------------
Simple Horizon setup
********************
.. code-block:: yaml
linux:
system:
name: horizon
repo:
- cloudarchive-kilo:
enabled: true
source: 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main'
pgpcheck: 0
horizon:
server:
manage_repo: true
enabled: true
secret_key: SECRET
host:
name: cloud.lab.cz
cache:
engine: 'memcached'
host: '127.0.0.1'
port: 11211
prefix: 'CACHE_HORIZON'
identity:
engine: 'keystone'
host: '127.0.0.1'
port: 5000
api_version: 2
mail:
host: '127.0.0.1'
Simple Horizon setup with branding
**********************************
.. code-block:: yaml
horizon:
server:
enabled: true
branding: 'OpenStack Company Dashboard'
default_dashboard: 'admin'
help_url: 'http://doc.domain.com'
Horizon setup with SSL
**********************
.. code-block:: yaml
horizon:
server:
enabled: true
secret_key: MEGASECRET
version: juno
ssl:
enabled: true
authority: CA_Authority
host:
name: cloud.lab.cz
cache:
engine: 'memcached'
host: '127.0.0.1'
port: 11211
prefix: 'CACHE_HORIZON'
identity:
engine: 'keystone'
host: '127.0.0.1'
port: 5000
api_version: 2
mail:
host: '127.0.0.1'
Horizon setup with multiple regions
***********************************
.. code-block:: yaml
horizon:
server:
enabled: true
version: juno
secret_key: MEGASECRET
cache:
engine: 'memcached'
host: '127.0.0.1'
port: 11211
prefix: 'CACHE_HORIZON'
identity:
engine: 'keystone'
host: '127.0.0.1'
port: 5000
api_version: 2
mail:
host: '127.0.0.1'
regions:
- name: cluster1
address: http://cluster1.example.com:5000/v2.0
- name: cluster2
address: http://cluster2.example.com:5000/v2.0
Horizon setup with sensu plugin
*******************************
.. code-block:: yaml
horizon:
server:
enabled: true
version: juno
sensu_api:
host: localhost
port: 4567
plugins:
- name: monitoring
app: horizon_monitoring
source:
type: git
address: git@repo1.robotice.cz:django/horizon-monitoring.git
revision: master
- name: api-mask
app: api_mask
mask_url: 'custom-url.cz'
mask_protocol: 'http'
source:
type: git
address: git@repo1.robotice.cz:django/horizon-api-mask.git
revision: master
Horizon Sensu plugin with multiple endpoints
********************************************
.. code-block:: yaml
horizon:
server:
enabled: true
version: juno
sensu_api:
dc1:
host: localhost
port: 4567
dc2:
host: anotherhost
port: 4567
Horizon setup with Billometer plugin
************************************
.. code-block:: yaml
horizon:
server:
enabled: true
version: juno
billometer_api:
host: localhost
port: 9753
api_version: 1
plugins:
- name: billing
app: horizon_billing
source:
type: git
address: git@repo1.robotice.cz:django/horizon-billing.git
revision: master
Horizon setup with Contrail plugin
**********************************
.. code-block:: yaml
horizon:
server:
enabled: true
version: icehouse
plugins:
- name: contrail
app: contrail_openstack_dashboard
override: true
source:
type: git
address: git@repo1.robotice.cz:django/horizon-contrail.git
revision: master
Horizon setup with sentry log handler
*************************************
.. code-block:: yaml
horizon:
server:
enabled: true
version: juno
...
logging:
engine: raven
dsn: http://pub:private@sentry1.test.cz/2
OS Horizon from Git repository (multisite support)
--------------------------------------------------
Simple Horizon setup
********************
.. code-block:: yaml
horizon:
server:
enabled: true
app:
default:
secret_key: MEGASECRET
source:
engine: git
address: https://github.com/openstack/horizon.git
revision: stable/kilo
cache:
engine: 'memcached'
host: '127.0.0.1'
port: 11211
prefix: 'CACHE_DEFAULT'
identity:
engine: 'keystone'
host: '127.0.0.1'
port: 5000
api_version: 2
mail:
host: '127.0.0.1'
Themed Horizon multisite
************************
.. code-block:: yaml
horizon:
server:
enabled: true
app:
openstack1c:
secret_key: SECRET1
source:
engine: git
address: https://github.com/openstack/horizon.git
revision: stable/kilo
plugin:
contrail:
app: contrail_openstack_dashboard
override: true
source:
type: git
address: git@repo1.robotice.cz:django/horizon-contrail.git
revision: master
theme:
app: site1_theme
source:
type: git
address: git@repo1.domain.com:django/horizon-site1-theme.git
cache:
engine: 'memcached'
host: '127.0.0.1'
port: 11211
prefix: 'CACHE_SITE1'
identity:
engine: 'keystone'
host: '127.0.0.1'
port: 5000
api_version: 2
mail:
host: '127.0.0.1'
openstack2:
secret_key: SECRET2
source:
engine: git
address: https://repo1.domain.com/openstack/horizon.git
revision: stable/kilo
plugin:
contrail:
app: contrail_openstack_dashboard
override: true
source:
type: git
address: git@repo1.domain.com:django/horizon-contrail.git
revision: master
monitoring:
app: horizon_monitoring
source:
type: git
address: git@domain.com:django/horizon-monitoring.git
revision: master
theme:
app: bootswatch_theme
source:
type: git
address: git@repo1.robotice.cz:django/horizon-bootswatch-theme.git
revision: master
cache:
engine: 'memcached'
host: '127.0.0.1'
port: 11211
prefix: 'CACHE_SITE2'
identity:
engine: 'keystone'
host: '127.0.0.1'
port: 5000
api_version: 3
mail:
host: '127.0.0.1'
Horizon with API versions override
**********************************
.. code-block:: yaml
horizon:
server:
enabled: true
app:
openstack_api_overrride:
secret_key: SECRET
api_versions:
identity: 3
volume: 2
source:
engine: git
address: https://github.com/openstack/horizon.git
revision: stable/kilo
Horizon with changed dashboard behaviour
----------------------------------------
.. code-block:: yaml
horizon:
server:
enabled: true
app:
openstack_dashboard_overrride:
secret_key: SECRET
dashboards:
settings:
enabled: true
project:
enabled: false
order: 10
admin:
enabled: false
order: 20
source:
engine: git
address: https://github.com/openstack/horizon.git
revision: stable/kilo
--------------
.. include:: navigation.txt

39
doc/source/install/configure-image.rst
View File

@@ -2,6 +2,45 @@
Configuring the Image service
=============================
.. code-block:: yaml
glance:
server:
enabled: true
version: kilo
policy:
publicize_image:
- "role:admin"
- "role:image_manager"
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: glance
user: glance
password: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
tenant: service
user: glance
password: pwd
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
storage:
engine: file
images:
- name: "CirrOS 0.3.1"
format: qcow2
file: cirros-0.3.1-x86_64-disk.img
source: http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
public: true
--------------

287
doc/source/install/configure-infrastructure.rst
View File

@@ -2,7 +2,292 @@
Configuring the infrastructure services
=======================================
RabbitMQ
--------
RabbitMQ single node
********************
RabbitMQ as AMQP broker with admin user and vhosts
.. code-block:: yaml
rabbitmq:
server:
enabled: true
bind:
address: 0.0.0.0
port: 5672
secret_key: rabbit_master_cookie
admin:
name: adminuser
password: pwd
plugins:
- amqp_client
- rabbitmq_management
virtual_hosts:
- enabled: true
host: '/monitor'
user: 'monitor'
password: 'password'
RabbitMQ as a Stomp broker
.. code-block:: yaml
rabbitmq:
server:
enabled: true
secret_key: rabbit_master_cookie
bind:
address: 0.0.0.0
port: 5672
virtual_hosts:
- enabled: true
host: '/monitor'
user: 'monitor'
password: 'password'
plugins:
- rabbitmq_stomp
RabbitMQ cluster
****************
RabbitMQ as base cluster node
.. code-block:: yaml
rabbitmq:
server:
enabled: true
bind:
address: 0.0.0.0
port: 5672
secret_key: rabbit_master_cookie
admin:
name: adminuser
password: pwd
cluster:
enabled: true
role: master
mode: disc
members:
- name: openstack1
host: 10.10.10.212
- name: openstack2
host: 10.10.10.213
HA Queues definition
.. code-block:: yaml
rabbitmq:
server:
enabled: true
...
virtual_hosts:
- enabled: true
host: '/monitor'
user: 'monitor'
password: 'password'
policies:
- name: HA
pattern: '^(?!amq\.).*'
definition: '{"ha-mode": "all"}'
MySQL
-----
MySQL database - simple
***********************
.. code-block:: yaml
mysql:
server:
enabled: true
version: '5.5'
admin:
user: root
password: pwd
bind:
address: '127.0.0.1'
port: 3306
database:
name:
encoding: 'utf8'
users:
- name: 'username'
password: 'password'
host: 'localhost'
rights: 'all privileges'
MySQL database - configured
***************************
.. code-block:: yaml
mysql:
server:
enabled: true
version: '5.5'
admin:
user: root
password: pwd
bind:
address: '127.0.0.1'
port: 3306
key_buffer: 250M
max_allowed_packet: 32M
max_connections: 1000
thread_stack: 512K
thread_cache_size: 64
query_cache_limit: 16M
query_cache_size: 96M
force_encoding: utf8
database:
name:
encoding: 'utf8'
users:
- name: 'username'
password: 'password'
host: 'localhost'
rights: 'all privileges'
Galera database cluster
-----------------------
Galera cluster master node
**************************
.. code-block:: yaml
galera:
master:
enabled: true
name: openstack
bind:
address: 192.168.0.1
port: 3306
members:
- host: 192.168.0.1
port: 4567
- host: 192.168.0.2
port: 4567
admin:
user: root
password: pwd
database:
name:
encoding: 'utf8'
users:
- name: 'username'
password: 'password'
host: 'localhost'
rights: 'all privileges'
Galera cluster slave node
*************************
.. code-blowk:: yaml
galera:
slave:
enabled: true
name: openstack
bind:
address: 192.168.0.2
port: 3306
members:
- host: 192.168.0.1
port: 4567
- host: 192.168.0.2
port: 4567
admin:
user: root
password: pass
Galera cluster - Usage
MySQL Galera check sripts
.. code-block:: bash
mysql> SHOW STATUS LIKE 'wsrep%';
mysql> SHOW STATUS LIKE 'wsrep_cluster_size' ;"
Galera monitoring command, performed from extra server
.. code-block:: bash
garbd -a gcomm://ipaddrofone:4567 -g my_wsrep_cluster -l /tmp/1.out -d
1. salt-call state.sls mysql
2. Comment everything starting wsrep* (wsrep_provider, wsrep_cluster, wsrep_sst)
3. service mysql start
4. run on each node mysql_secure_install and filling root password.
.. code-block:: bash
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
5. service mysql stop
6. uncomment all wsrep* lines except first server, where leave only in my.cnf wsrep_cluster_address='gcomm://';
7. start first node
8. Start third node which is connected to first one
9. Start second node which is connected to third one
10. After starting cluster, it must be change cluster address at first starting node without restart database and change config my.cnf.
.. code-block:: bash
mysql> SET GLOBAL wsrep_cluster_address='gcomm://10.0.0.2';
--------------
.. include:: navigation.txt

595
doc/source/install/configure-initial.rst
View File

@@ -2,6 +2,601 @@
Initial environment configuration
=================================
Linux system setup
------------------
Basic linux box
***************
.. code-block:: yaml
linux:
system:
enabled: true
name: 'node1'
domain: 'domain.com'
cluster: 'system'
environment: prod
timezone: 'Europe/Prague'
utc: true
Linux with defined users (optionaly with password)
**************************************************
.. code-block:: yaml
linux:
system:
...
user:
jdoe:
name: 'jdoe'
enabled: true
sudo: true
shell: /bin/bash
full_name: 'Jonh Doe'
home: '/home/jdoe'
email: 'jonh@doe.com'
jsmith:
name: 'jsmith'
enabled: true
full_name: 'Password'
home: '/home/jsmith'
password: userpassword
Linux package installation
**************************
Install latest version
.. code-block:: yaml
linux:
system:
...
package:
package-name:
version: latest
Linux package with specified version and repository
.. code-block:: yaml
linux:
system:
...
package:
package-name:
version: 2132.323
repo: 'custom-repo'
hold: true
Linux package with specified version and repository - disable GPG check
.. code-block:: yaml
linux:
system:
...
package:
package-name:
version: 2132.323
repo: 'custom-repo'
verify: false
Linux cron job
**************
.. code-block:: yaml
linux:
system:
...
job:
cmd1:
command: '/cmd/to/run'
enabled: true
user: 'root'
hour: 2
minute: 0
Linux security limits
*********************
Limit sensu user maximum memory usage to 1GB
.. code-block:: yaml
linux:
system:
...
limit:
sensu:
enabled: true
domain: sensu
limits:
- type: hard
item: as
value: 1000000
Enable autologin on tty1
************************
.. code-block:: yaml
linux:
system:
console:
tty1:
autologin: root
Linux Kernel setup
------------------
Install always up to date LTS kernel and headers from Ubuntu trusty
.. code-block:: yaml
linux:
system:
kernel:
type: generic
lts: trusty
headers: true
Install specific kernel version and ensure all other kernel packages are not present. Also install extra modules and headers for this kernel
.. code-block:: yaml
linux:
system:
kernel:
type: generic
extra: true
headers: true
version: 4.2.0-22
Linux repositories setup
------------------------
RedHat based Linux with additional OpenStack repo
.. code-block:: yaml
linux:
system:
...
repo:
rdo-icehouse:
enabled: true
source: 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/'
pgpcheck: 0
Ensure system repository to use czech Debian mirror (default: true) Also pin it's packages with priority 900
.. code-block:: yaml
linux:
system:
repo:
debian:
default: true
source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
# Import signing key from URL if needed
key_url: "http://dummy.com/public.gpg"
pin:
- pin: 'origin "ftp.cz.debian.org"'
priority: 900
package: '*'
rc.local example
.. code-block:: yaml
linux:
system:
rc:
local: |
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
exit 0
Linux prompt setup
------------------
Setting prompt is implemented by creating /etc/profile.d/prompt.sh. Every user can have different prompt
.. code-block:: yaml
linux:
system:
prompt:
root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
Linux network setup
-------------------
Linux interface/route setup
***************************
Linux with default static network interfaces, default gateway interface and DNS servers
.. code-block:: yaml
linux:
network:
enabled: true
interface:
eth0:
enabled: true
type: eth
address: 192.168.0.102
netmask: 255.255.255.0
gateway: 192.168.0.1
name_servers:
- 8.8.8.8
- 8.8.4.4
mtu: 1500
Linux with bonded interfaces and disabled NetworkManager
.. code-block:: yaml
linux:
network:
enabled: true
interface:
eth0:
type: eth
...
eth1:
type: eth
...
bond0:
enabled: true
type: bond
address: 192.168.0.102
netmask: 255.255.255.0
mtu: 1500
use_in:
- interface: ${linux:interface:eth0}
- interface: ${linux:interface:eth0}
network_manager:
disable: true
Linux with vlan interface_params
.. code-block:: yaml
linux:
network:
enabled: true
interface:
vlan69:
type: vlan
use_interfaces:
- interface: ${linux:interface:bond0}
Linux networks with routes defined
.. code-block:: yaml
linux:
network:
enabled: true
gateway: 10.0.0.1
default_interface: eth0
interface:
eth0:
type: eth
route:
default:
address: 192.168.0.123
netmask: 255.255.255.0
gateway: 192.168.0.1
Linux network bridges
*********************
Native linux bridges
.. code-block:: yaml
linux:
network:
interface:
eth1:
enabled: true
type: eth
proto: manual
up_cmds:
- ip address add 0/0 dev $IFACE
- ip link set $IFACE up
down_cmds:
- ip link set $IFACE down
br-ex:
enabled: true
type: bridge
address: ${linux:network:host:public_local:address}
netmask: 255.255.255.0
use_interfaces:
- eth1
OpenVSwitch bridges
.. code-block:: yaml
linux:
network:
bridge: openvswitch
interface:
eth1:
enabled: true
type: eth
proto: manual
up_cmds:
- ip address add 0/0 dev $IFACE
- ip link set $IFACE up
down_cmds:
- ip link set $IFACE down
br-ex:
enabled: true
type: bridge
address: ${linux:network:host:public_local:address}
netmask: 255.255.255.0
use_interfaces:
- eth1
Other network related configuration
***********************************
Linux with network manager
.. code-block:: yaml
linux:
network:
enabled: true
network_manager: true
/etc/hosts configuration
.. code-block:: yaml
linux:
network:
...
host:
node1:
address: 192.168.10.200
names:
- node2.domain.com
- service2.domain.com
node2:
address: 192.168.10.201
names:
- node2.domain.com
- service2.domain.com
/etc/resolv.conf configuration
.. code-block:: yaml
linux:
network:
resolv:
dns:
- 8.8.4.4
- 8.8.8.8
domain: my.example.com
search:
- my.example.com
- example.com
Linux storage setup
-------------------
Linux with mounted Samba
.. code-block:: yaml
linux:
storage:
enabled: true
mount:
samba1:
- path: /media/myuser/public/
- device: //192.168.0.1/storage
- file_system: cifs
- options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
Linux with file swap
.. code-block:: yaml
linux:
storage:
enabled: true
swap:
file:
enabled: true
engine: file
device: /swapfile
size: 1024
LVM group vg1 with one device and data volume mounted into /mnt/data
.. code-block:: yaml
linux:
storage:
mount:
data:
device: /dev/vg1/data
file_system: ext4
path: /mnt/data
lvm:
vg1:
enabled: true
devices:
- /dev/sdb
volume:
data:
size: 40G
mount: ${linux:storage:mount:data}
OpenSSH client
--------------
OpenSSH client with shared private key
.. code-block:: yaml
openssh:
client:
enabled: true
user:
root:
enabled: true
private_key: ${private_keys:vaio.newt.cz}
user: ${linux:system:user:root}
OpenSSH client with individual private key and known host
.. code-block:: yaml
openssh:
client:
enabled: true
user:
root:
enabled: true
user: ${linux:system:user:root}
known_hosts:
- name: repo.domain.com
type: rsa
fingerprint: dd:fa:e8:68:b1:ea:ea:a0:63:f1:5a:55:48:e1:7e:37
OpenSSH server
--------------
OpenSSH server with configuration parameters
.. code-block:: yaml
openssh:
server:
enabled: true
permit_root_login: true
public_key_auth: true
password_auth: true
host_auth: true
banner: Welcome to server!
OpenSSH server with auth keys for users
.. code-block:: yaml
openssh:
server:
enabled: true
...
user:
user1:
enabled: true
user: ${linux:system:user:user1}
public_keys:
- ${public_keys:user1}
root:
enabled: true
user: ${linux:system:user:root}
public_keys:
- ${public_keys:user1}
OpenSSH server for use with FreeIPA
.. code-block:: yaml
openssh:
server:
enabled: true
public_key_auth: true
authorized_keys_command:
command: /usr/bin/sss_ssh_authorizedkeys
user: nobody
Salt minion configuration
-------------------------
Simple Salt minion
.. code-block:: yaml
salt:
minion:
enabled: true
master:
host: master.domain.com
Multi-master Salt minion
.. code-block:: yaml
salt:
minion:
enabled: true
masters:
- host: master1.domain.com
- host: master2.domain.com
Salt minion with salt mine options
.. code-block:: yaml
salt:
minion:
enabled: true
master:
host: master.domain.com
mine:
interval: 60
module:
grains.items: []
network.interfaces: []
Salt minion with graphing dependencies
.. code-block:: yaml
salt:
minion:
enabled: true
graph_states: true
master:
NTP client
----------
.. code-block:: yaml
ntp:
client:
enabled: true
strata:
- ntp.cesnet.cz
- ntp.nic.cz
--------------

121
doc/source/install/configure-network.rst
View File

@@ -1,15 +1,126 @@
Configuring the Network service
===================================
===============================
OpenVSwitch backend
---------------------
Control nodes
-------------
.. code-block:: yaml
OpenContrail backend
---------------------
neutron:
server:
enabled: true
version: kilo
plugin: ml2/contrail
bind:
address: 172.20.0.1
port: 9696
tunnel_type: vxlan
public_networks:
- name: public
subnets:
- name: public-subnet
gateway: 10.0.0.1
network: 10.0.0.0/24
pool_start: 10.0.5.20
pool_end: 10.0.5.200
dhcp: False
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: neutron
user: neutron
password: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: neutron
password: pwd
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
metadata:
host: 127.0.0.1
port: 8775
password: pass
fwaas: false
Network nodes
-------------
.. code-block:: yaml
neutron:
bridge:
enabled: true
version: kilo
tunnel_type: vxlan
bind:
address: 172.20.0.2
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: neutron
user: neutron
password: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: neutron
password: pwd
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
Compute nodes
-------------
.. code-block:: yaml
neutron:
switch:
enabled: true
version: kilo
migration: True
tunnel_type: vxlan
bind:
address: 127.20.0.100
database:
engine: mysql
host: 127.0.0.1
port: 3306
name: neutron
user: neutron
password: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
user: neutron
password: pwd
tenant: service
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
--------------
.. include:: navigation.txt

82
doc/source/install/configure-orchestrate.rst
View File

@@ -2,6 +2,88 @@
Configuring the Orchestrate service
===================================
Heat server
-----------
Heat control services
*********************
.. code-block:: yaml
heat:
server:
enabled: true
version: icehouse
bind:
metadata:
address: 10.0.106.10
port: 8000
waitcondition:
address: 10.0.106.10
port: 8000
watch:
address: 10.0.106.10
port: 8003
cloudwatch:
host: 10.0.106.20
api:
host: 10.0.106.20
api_cfn:
host: 10.0.106.20
database:
engine: mysql
host: 10.0.106.20
port: 3306
name: heat
user: heat
password: password
identity:
engine: keystone
host: 10.0.106.20
port: 35357
tenant: service
user: heat
password: password
message_queue:
engine: rabbitmq
host: 10.0.106.20
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
ha_queues: True
Heat template deployment
************************
.. code-block:: yaml
heat:
control:
enabled: true
system:
web_production:
format: hot
template_file: /srv/heat/template/web_cluster.hot
environment: /srv/heat/env/web_cluster/prd.env
web_staging:
format: hot
template_file: /srv/heat/template/web_cluster.hot
environment: /srv/heat/env/web_cluster/stg.env
Heat client
-----------
.. code-block:: yaml
heat:
client:
enabled: true
source:
engine: git
address: git@repo.domain.com/heat-templates.git
revision: master
--------------
.. include:: navigation.txt

85
doc/source/install/configure-telemetry.rst
View File

@@ -2,6 +2,89 @@
Configuring the Telemetry service
=================================
--------------
Control nodes
-------------
Ceilometer API
**************
.. code-black:: yaml
ceilometer:
server:
enabled: true
version: havana
cluster: true
secret: pwd
bind:
host: 127.0.0.1
port: 8777
identity:
engine: keystone
host: 127.0.0.1
port: 35357
tenant: service
user: ceilometer
password: pwd
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
rabbit_ha_queues: true
database:
engine: mongodb
host: 127.0.0.1
port: 27017
name: ceilometer
user: ceilometer
password: pwd
Compute nodes
-------------
Ceilometer Graphite publisher
*****************************
.. code-block:: yaml
ceilometer:
server:
enabled: true
publisher:
graphite:
enabled: true
host: 10.0.0.1
port: 2003
Ceilometer agent
****************
.. code-block:: yaml
ceilometer:
agent:
enabled: true
version: havana
secret: pwd
identity:
engine: keystone
host: 127.0.0.1
port: 35357
tenant: service
user: ceilometer
password: pwd
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
user: openstack
password: pwd
virtual_host: '/openstack'
rabbit_ha_queues: true
--------------
.. include:: navigation.txt