From 141ef2e795123156974d005503ff3d3571263520 Mon Sep 17 00:00:00 2001 From: Adam Tengler Date: Mon, 25 Jan 2016 23:51:05 +0100 Subject: [PATCH] Configuration documentation --- doc/source/install/configure-compute.rst | 151 ++++- doc/source/install/configure-dashboard.rst | 357 ++++++++++- doc/source/install/configure-image.rst | 39 ++ .../install/configure-infrastructure.rst | 287 ++++++++- doc/source/install/configure-initial.rst | 595 ++++++++++++++++++ doc/source/install/configure-network.rst | 121 +++- doc/source/install/configure-orchestrate.rst | 82 +++ doc/source/install/configure-telemetry.rst | 85 ++- 8 files changed, 1706 insertions(+), 11 deletions(-) diff --git a/doc/source/install/configure-compute.rst b/doc/source/install/configure-compute.rst index ef4cfb5..9f53a42 100644 --- a/doc/source/install/configure-compute.rst +++ b/doc/source/install/configure-compute.rst @@ -1,10 +1,159 @@ -Configuring the compute service +Configuring the Compute service ================================ KVM backend ------------------- +Control nodes +************* + +Nova services on the control node + +.. code-block:: yaml + + nova: + controller: + version: kilo + enabled: true + security_group: true + cpu_allocation_ratio: 8.0 + ram_allocation_ratio: 1.0 + bind: + public_address: 10.0.0.122 + public_name: openstack.domain.com + novncproxy_port: 6080 + database: + engine: mysql + host: 127.0.0.1 + port: 3306 + name: nova + user: nova + password: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: nova + password: pwd + tenant: service + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + network: + engine: neutron + host: 127.0.0.1 + port: 9696 + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: neutron + password: pwd + tenant: service + metadata: + password: password + +Nova services from custom package repository + +.. code-block:: yaml + + nova: + controller: + version: kilo + source: + engine: pkg + address: http://... + .... + +Compute nodes +************* + +Nova services on compute node with Neutron networking + +.. code-block:: yaml + + nova: + compute: + version: kilo + enabled: true + virtualization: kvm + security_group: true + bind: + vnc_address: 172.20.0.100 + vnc_port: 6080 + vnc_name: openstack.domain.com + vnc_protocol: http + database: + engine: mysql + host: 127.0.0.1 + port: 3306 + name: nova + user: nova + password: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: nova + password: pwd + tenant: service + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + image: + engine: glance + host: 127.0.0.1 + port: 9292 + network: + engine: neutron + host: 127.0.0.1 + port: 9696 + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: neutron + password: pwd + tenant: service + qemu: + max_files: 4096 + max_processes: 4096 + +Nova services on compute node with OpenContrail + +.. code-block:: yaml + + nova: + compute: + enabled: true + ... + networking: contrail + +Nova services on compute node with memcached caching + +.. code-block:: yaml + + nova: + compute: + enabled: true + ... + cache: + engine: memcached + members: + - host: 127.0.0.1 + port: 11211 + - host: 127.0.0.1 + port: 11211 + -------------- .. include:: navigation.txt diff --git a/doc/source/install/configure-dashboard.rst b/doc/source/install/configure-dashboard.rst index ecb60d4..54421e9 100644 --- a/doc/source/install/configure-dashboard.rst +++ b/doc/source/install/configure-dashboard.rst @@ -2,11 +2,362 @@ Configuring the Dashboard service =================================== +OS Horizon from package +----------------------- -Installing plugins ---------------------- +Simple Horizon setup +******************** +.. code-block:: yaml + linux: + system: + name: horizon + repo: + - cloudarchive-kilo: + enabled: true + source: 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main' + pgpcheck: 0 + horizon: + server: + manage_repo: true + enabled: true + secret_key: SECRET + host: + name: cloud.lab.cz + cache: + engine: 'memcached' + host: '127.0.0.1' + port: 11211 + prefix: 'CACHE_HORIZON' + identity: + engine: 'keystone' + host: '127.0.0.1' + port: 5000 + api_version: 2 + mail: + host: '127.0.0.1' + +Simple Horizon setup with branding +********************************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + branding: 'OpenStack Company Dashboard' + default_dashboard: 'admin' + help_url: 'http://doc.domain.com' + +Horizon setup with SSL +********************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + secret_key: MEGASECRET + version: juno + ssl: + enabled: true + authority: CA_Authority + host: + name: cloud.lab.cz + cache: + engine: 'memcached' + host: '127.0.0.1' + port: 11211 + prefix: 'CACHE_HORIZON' + identity: + engine: 'keystone' + host: '127.0.0.1' + port: 5000 + api_version: 2 + mail: + host: '127.0.0.1' + +Horizon setup with multiple regions +*********************************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + version: juno + secret_key: MEGASECRET + cache: + engine: 'memcached' + host: '127.0.0.1' + port: 11211 + prefix: 'CACHE_HORIZON' + identity: + engine: 'keystone' + host: '127.0.0.1' + port: 5000 + api_version: 2 + mail: + host: '127.0.0.1' + regions: + - name: cluster1 + address: http://cluster1.example.com:5000/v2.0 + - name: cluster2 + address: http://cluster2.example.com:5000/v2.0 + +Horizon setup with sensu plugin +******************************* + +.. code-block:: yaml + + horizon: + server: + enabled: true + version: juno + sensu_api: + host: localhost + port: 4567 + plugins: + - name: monitoring + app: horizon_monitoring + source: + type: git + address: git@repo1.robotice.cz:django/horizon-monitoring.git + revision: master + - name: api-mask + app: api_mask + mask_url: 'custom-url.cz' + mask_protocol: 'http' + source: + type: git + address: git@repo1.robotice.cz:django/horizon-api-mask.git + revision: master + +Horizon Sensu plugin with multiple endpoints +******************************************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + version: juno + sensu_api: + dc1: + host: localhost + port: 4567 + dc2: + host: anotherhost + port: 4567 + +Horizon setup with Billometer plugin +************************************ + +.. code-block:: yaml + + horizon: + server: + enabled: true + version: juno + billometer_api: + host: localhost + port: 9753 + api_version: 1 + plugins: + - name: billing + app: horizon_billing + source: + type: git + address: git@repo1.robotice.cz:django/horizon-billing.git + revision: master + +Horizon setup with Contrail plugin +********************************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + version: icehouse + plugins: + - name: contrail + app: contrail_openstack_dashboard + override: true + source: + type: git + address: git@repo1.robotice.cz:django/horizon-contrail.git + revision: master + +Horizon setup with sentry log handler +************************************* + +.. code-block:: yaml + + horizon: + server: + enabled: true + version: juno + ... + logging: + engine: raven + dsn: http://pub:private@sentry1.test.cz/2 + +OS Horizon from Git repository (multisite support) +-------------------------------------------------- + +Simple Horizon setup +******************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + app: + default: + secret_key: MEGASECRET + source: + engine: git + address: https://github.com/openstack/horizon.git + revision: stable/kilo + cache: + engine: 'memcached' + host: '127.0.0.1' + port: 11211 + prefix: 'CACHE_DEFAULT' + identity: + engine: 'keystone' + host: '127.0.0.1' + port: 5000 + api_version: 2 + mail: + host: '127.0.0.1' + +Themed Horizon multisite +************************ + +.. code-block:: yaml + + horizon: + server: + enabled: true + app: + openstack1c: + secret_key: SECRET1 + source: + engine: git + address: https://github.com/openstack/horizon.git + revision: stable/kilo + plugin: + contrail: + app: contrail_openstack_dashboard + override: true + source: + type: git + address: git@repo1.robotice.cz:django/horizon-contrail.git + revision: master + theme: + app: site1_theme + source: + type: git + address: git@repo1.domain.com:django/horizon-site1-theme.git + cache: + engine: 'memcached' + host: '127.0.0.1' + port: 11211 + prefix: 'CACHE_SITE1' + identity: + engine: 'keystone' + host: '127.0.0.1' + port: 5000 + api_version: 2 + mail: + host: '127.0.0.1' + openstack2: + secret_key: SECRET2 + source: + engine: git + address: https://repo1.domain.com/openstack/horizon.git + revision: stable/kilo + plugin: + contrail: + app: contrail_openstack_dashboard + override: true + source: + type: git + address: git@repo1.domain.com:django/horizon-contrail.git + revision: master + monitoring: + app: horizon_monitoring + source: + type: git + address: git@domain.com:django/horizon-monitoring.git + revision: master + theme: + app: bootswatch_theme + source: + type: git + address: git@repo1.robotice.cz:django/horizon-bootswatch-theme.git + revision: master + cache: + engine: 'memcached' + host: '127.0.0.1' + port: 11211 + prefix: 'CACHE_SITE2' + identity: + engine: 'keystone' + host: '127.0.0.1' + port: 5000 + api_version: 3 + mail: + host: '127.0.0.1' + +Horizon with API versions override +********************************** + +.. code-block:: yaml + + horizon: + server: + enabled: true + app: + openstack_api_overrride: + secret_key: SECRET + api_versions: + identity: 3 + volume: 2 + source: + engine: git + address: https://github.com/openstack/horizon.git + revision: stable/kilo + +Horizon with changed dashboard behaviour +---------------------------------------- + +.. code-block:: yaml + + horizon: + server: + enabled: true + app: + openstack_dashboard_overrride: + secret_key: SECRET + dashboards: + settings: + enabled: true + project: + enabled: false + order: 10 + admin: + enabled: false + order: 20 + source: + engine: git + address: https://github.com/openstack/horizon.git + revision: stable/kilo + -------------- - + .. include:: navigation.txt diff --git a/doc/source/install/configure-image.rst b/doc/source/install/configure-image.rst index a081369..81e87a5 100644 --- a/doc/source/install/configure-image.rst +++ b/doc/source/install/configure-image.rst @@ -2,6 +2,45 @@ Configuring the Image service ============================= +.. code-block:: yaml + + glance: + server: + enabled: true + version: kilo + policy: + publicize_image: + - "role:admin" + - "role:image_manager" + database: + engine: mysql + host: 127.0.0.1 + port: 3306 + name: glance + user: glance + password: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + tenant: service + user: glance + password: pwd + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + storage: + engine: file + images: + - name: "CirrOS 0.3.1" + format: qcow2 + file: cirros-0.3.1-x86_64-disk.img + source: http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img + public: true -------------- diff --git a/doc/source/install/configure-infrastructure.rst b/doc/source/install/configure-infrastructure.rst index 972d534..3307e28 100644 --- a/doc/source/install/configure-infrastructure.rst +++ b/doc/source/install/configure-infrastructure.rst @@ -2,7 +2,292 @@ Configuring the infrastructure services ======================================= +RabbitMQ +-------- +RabbitMQ single node +******************** + +RabbitMQ as AMQP broker with admin user and vhosts + +.. code-block:: yaml + + rabbitmq: + server: + enabled: true + bind: + address: 0.0.0.0 + port: 5672 + secret_key: rabbit_master_cookie + admin: + name: adminuser + password: pwd + plugins: + - amqp_client + - rabbitmq_management + virtual_hosts: + - enabled: true + host: '/monitor' + user: 'monitor' + password: 'password' + +RabbitMQ as a Stomp broker + +.. code-block:: yaml + + rabbitmq: + server: + enabled: true + secret_key: rabbit_master_cookie + bind: + address: 0.0.0.0 + port: 5672 + virtual_hosts: + - enabled: true + host: '/monitor' + user: 'monitor' + password: 'password' + plugins: + - rabbitmq_stomp + +RabbitMQ cluster +**************** + +RabbitMQ as base cluster node + +.. code-block:: yaml + + rabbitmq: + server: + enabled: true + bind: + address: 0.0.0.0 + port: 5672 + secret_key: rabbit_master_cookie + admin: + name: adminuser + password: pwd + cluster: + enabled: true + role: master + mode: disc + members: + - name: openstack1 + host: 10.10.10.212 + - name: openstack2 + host: 10.10.10.213 + +HA Queues definition + +.. code-block:: yaml + + rabbitmq: + server: + enabled: true + ... + virtual_hosts: + - enabled: true + host: '/monitor' + user: 'monitor' + password: 'password' + policies: + - name: HA + pattern: '^(?!amq\.).*' + definition: '{"ha-mode": "all"}' + + +MySQL +----- + +MySQL database - simple +*********************** + +.. code-block:: yaml + + mysql: + server: + enabled: true + version: '5.5' + admin: + user: root + password: pwd + bind: + address: '127.0.0.1' + port: 3306 + database: + name: + encoding: 'utf8' + users: + - name: 'username' + password: 'password' + host: 'localhost' + rights: 'all privileges' + +MySQL database - configured +*************************** + +.. code-block:: yaml + + mysql: + server: + enabled: true + version: '5.5' + admin: + user: root + password: pwd + bind: + address: '127.0.0.1' + port: 3306 + key_buffer: 250M + max_allowed_packet: 32M + max_connections: 1000 + thread_stack: 512K + thread_cache_size: 64 + query_cache_limit: 16M + query_cache_size: 96M + force_encoding: utf8 + database: + name: + encoding: 'utf8' + users: + - name: 'username' + password: 'password' + host: 'localhost' + rights: 'all privileges' + +Galera database cluster +----------------------- + +Galera cluster master node +************************** + +.. code-block:: yaml + + galera: + master: + enabled: true + name: openstack + bind: + address: 192.168.0.1 + port: 3306 + members: + - host: 192.168.0.1 + port: 4567 + - host: 192.168.0.2 + port: 4567 + admin: + user: root + password: pwd + database: + name: + encoding: 'utf8' + users: + - name: 'username' + password: 'password' + host: 'localhost' + rights: 'all privileges' + +Galera cluster slave node +************************* + +.. code-blowk:: yaml + + galera: + slave: + enabled: true + name: openstack + bind: + address: 192.168.0.2 + port: 3306 + members: + - host: 192.168.0.1 + port: 4567 + - host: 192.168.0.2 + port: 4567 + admin: + user: root + password: pass + +Galera cluster - Usage + +MySQL Galera check sripts + +.. code-block:: bash + + mysql> SHOW STATUS LIKE 'wsrep%'; + + mysql> SHOW STATUS LIKE 'wsrep_cluster_size' ;" + +Galera monitoring command, performed from extra server + +.. code-block:: bash + + garbd -a gcomm://ipaddrofone:4567 -g my_wsrep_cluster -l /tmp/1.out -d + +1. salt-call state.sls mysql +2. Comment everything starting wsrep* (wsrep_provider, wsrep_cluster, wsrep_sst) +3. service mysql start +4. run on each node mysql_secure_install and filling root password. + +.. code-block:: bash + + Enter current password for root (enter for none): + OK, successfully used password, moving on... + + Setting the root password ensures that nobody can log into the MySQL + root user without the proper authorisation. + + Set root password? [Y/n] y + New password: + Re-enter new password: + Password updated successfully! + Reloading privilege tables.. + ... Success! + + By default, a MySQL installation has an anonymous user, allowing anyone + to log into MySQL without having to have a user account created for + them. This is intended only for testing, and to make the installation + go a bit smoother. You should remove them before moving into a + production environment. + + Remove anonymous users? [Y/n] y + ... Success! + + Normally, root should only be allowed to connect from 'localhost'. This + ensures that someone cannot guess at the root password from the network. + + Disallow root login remotely? [Y/n] n + ... skipping. + + By default, MySQL comes with a database named 'test' that anyone can + access. This is also intended only for testing, and should be removed + before moving into a production environment. + + Remove test database and access to it? [Y/n] y + - Dropping test database... + ... Success! + - Removing privileges on test database... + ... Success! + + Reloading the privilege tables will ensure that all changes made so far + will take effect immediately. + + Reload privilege tables now? [Y/n] y + ... Success! + + Cleaning up... + +5. service mysql stop +6. uncomment all wsrep* lines except first server, where leave only in my.cnf wsrep_cluster_address='gcomm://'; +7. start first node +8. Start third node which is connected to first one +9. Start second node which is connected to third one +10. After starting cluster, it must be change cluster address at first starting node without restart database and change config my.cnf. + +.. code-block:: bash + + mysql> SET GLOBAL wsrep_cluster_address='gcomm://10.0.0.2'; + -------------- - + .. include:: navigation.txt diff --git a/doc/source/install/configure-initial.rst b/doc/source/install/configure-initial.rst index bcfa96b..7d24781 100644 --- a/doc/source/install/configure-initial.rst +++ b/doc/source/install/configure-initial.rst @@ -2,6 +2,601 @@ Initial environment configuration ================================= +Linux system setup +------------------ + +Basic linux box +*************** + +.. code-block:: yaml + + linux: + system: + enabled: true + name: 'node1' + domain: 'domain.com' + cluster: 'system' + environment: prod + timezone: 'Europe/Prague' + utc: true + +Linux with defined users (optionaly with password) +************************************************** + +.. code-block:: yaml + + linux: + system: + ... + user: + jdoe: + name: 'jdoe' + enabled: true + sudo: true + shell: /bin/bash + full_name: 'Jonh Doe' + home: '/home/jdoe' + email: 'jonh@doe.com' + jsmith: + name: 'jsmith' + enabled: true + full_name: 'Password' + home: '/home/jsmith' + password: userpassword + +Linux package installation +************************** + +Install latest version + +.. code-block:: yaml + + linux: + system: + ... + package: + package-name: + version: latest + +Linux package with specified version and repository + +.. code-block:: yaml + + linux: + system: + ... + package: + package-name: + version: 2132.323 + repo: 'custom-repo' + hold: true + +Linux package with specified version and repository - disable GPG check + +.. code-block:: yaml + + linux: + system: + ... + package: + package-name: + version: 2132.323 + repo: 'custom-repo' + verify: false + +Linux cron job +************** + +.. code-block:: yaml + + linux: + system: + ... + job: + cmd1: + command: '/cmd/to/run' + enabled: true + user: 'root' + hour: 2 + minute: 0 + +Linux security limits +********************* + +Limit sensu user maximum memory usage to 1GB + +.. code-block:: yaml + + linux: + system: + ... + limit: + sensu: + enabled: true + domain: sensu + limits: + - type: hard + item: as + value: 1000000 + +Enable autologin on tty1 +************************ + +.. code-block:: yaml + + linux: + system: + console: + tty1: + autologin: root + +Linux Kernel setup +------------------ + +Install always up to date LTS kernel and headers from Ubuntu trusty + +.. code-block:: yaml + + linux: + system: + kernel: + type: generic + lts: trusty + headers: true + +Install specific kernel version and ensure all other kernel packages are not present. Also install extra modules and headers for this kernel + +.. code-block:: yaml + + linux: + system: + kernel: + type: generic + extra: true + headers: true + version: 4.2.0-22 + +Linux repositories setup +------------------------ + +RedHat based Linux with additional OpenStack repo + +.. code-block:: yaml + + linux: + system: + ... + repo: + rdo-icehouse: + enabled: true + source: 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/' + pgpcheck: 0 + +Ensure system repository to use czech Debian mirror (default: true) Also pin it's packages with priority 900 + +.. code-block:: yaml + + linux: + system: + repo: + debian: + default: true + source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free" + # Import signing key from URL if needed + key_url: "http://dummy.com/public.gpg" + pin: + - pin: 'origin "ftp.cz.debian.org"' + priority: 900 + package: '*' + +rc.local example + +.. code-block:: yaml + + linux: + system: + rc: + local: | + #!/bin/sh -e + # + # rc.local + # + # This script is executed at the end of each multiuser runlevel. + # Make sure that the script will "exit 0" on success or any other + # value on error. + # + # In order to enable or disable this script just change the execution + # bits. + # + # By default this script does nothing. + exit 0 + +Linux prompt setup +------------------ + +Setting prompt is implemented by creating /etc/profile.d/prompt.sh. Every user can have different prompt + +.. code-block:: yaml + + linux: + system: + prompt: + root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\] + default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w] + +Linux network setup +------------------- + +Linux interface/route setup +*************************** + +Linux with default static network interfaces, default gateway interface and DNS servers + +.. code-block:: yaml + + linux: + network: + enabled: true + interface: + eth0: + enabled: true + type: eth + address: 192.168.0.102 + netmask: 255.255.255.0 + gateway: 192.168.0.1 + name_servers: + - 8.8.8.8 + - 8.8.4.4 + mtu: 1500 + +Linux with bonded interfaces and disabled NetworkManager + +.. code-block:: yaml + + linux: + network: + enabled: true + interface: + eth0: + type: eth + ... + eth1: + type: eth + ... + bond0: + enabled: true + type: bond + address: 192.168.0.102 + netmask: 255.255.255.0 + mtu: 1500 + use_in: + - interface: ${linux:interface:eth0} + - interface: ${linux:interface:eth0} + network_manager: + disable: true + +Linux with vlan interface_params + +.. code-block:: yaml + + linux: + network: + enabled: true + interface: + vlan69: + type: vlan + use_interfaces: + - interface: ${linux:interface:bond0} + +Linux networks with routes defined + +.. code-block:: yaml + + linux: + network: + enabled: true + gateway: 10.0.0.1 + default_interface: eth0 + interface: + eth0: + type: eth + route: + default: + address: 192.168.0.123 + netmask: 255.255.255.0 + gateway: 192.168.0.1 + +Linux network bridges +********************* + +Native linux bridges + +.. code-block:: yaml + + linux: + network: + interface: + eth1: + enabled: true + type: eth + proto: manual + up_cmds: + - ip address add 0/0 dev $IFACE + - ip link set $IFACE up + down_cmds: + - ip link set $IFACE down + br-ex: + enabled: true + type: bridge + address: ${linux:network:host:public_local:address} + netmask: 255.255.255.0 + use_interfaces: + - eth1 + +OpenVSwitch bridges + +.. code-block:: yaml + + linux: + network: + bridge: openvswitch + interface: + eth1: + enabled: true + type: eth + proto: manual + up_cmds: + - ip address add 0/0 dev $IFACE + - ip link set $IFACE up + down_cmds: + - ip link set $IFACE down + br-ex: + enabled: true + type: bridge + address: ${linux:network:host:public_local:address} + netmask: 255.255.255.0 + use_interfaces: + - eth1 + +Other network related configuration +*********************************** + +Linux with network manager + +.. code-block:: yaml + + linux: + network: + enabled: true + network_manager: true + +/etc/hosts configuration + +.. code-block:: yaml + + linux: + network: + ... + host: + node1: + address: 192.168.10.200 + names: + - node2.domain.com + - service2.domain.com + node2: + address: 192.168.10.201 + names: + - node2.domain.com + - service2.domain.com + +/etc/resolv.conf configuration + +.. code-block:: yaml + + linux: + network: + resolv: + dns: + - 8.8.4.4 + - 8.8.8.8 + domain: my.example.com + search: + - my.example.com + - example.com + +Linux storage setup +------------------- + +Linux with mounted Samba + +.. code-block:: yaml + + linux: + storage: + enabled: true + mount: + samba1: + - path: /media/myuser/public/ + - device: //192.168.0.1/storage + - file_system: cifs + - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm + +Linux with file swap + +.. code-block:: yaml + + linux: + storage: + enabled: true + swap: + file: + enabled: true + engine: file + device: /swapfile + size: 1024 + +LVM group vg1 with one device and data volume mounted into /mnt/data + +.. code-block:: yaml + + + linux: + storage: + mount: + data: + device: /dev/vg1/data + file_system: ext4 + path: /mnt/data + lvm: + vg1: + enabled: true + devices: + - /dev/sdb + volume: + data: + size: 40G + mount: ${linux:storage:mount:data} + +OpenSSH client +-------------- + +OpenSSH client with shared private key + +.. code-block:: yaml + + openssh: + client: + enabled: true + user: + root: + enabled: true + private_key: ${private_keys:vaio.newt.cz} + user: ${linux:system:user:root} + +OpenSSH client with individual private key and known host + +.. code-block:: yaml + + openssh: + client: + enabled: true + user: + root: + enabled: true + user: ${linux:system:user:root} + known_hosts: + - name: repo.domain.com + type: rsa + fingerprint: dd:fa:e8:68:b1:ea:ea:a0:63:f1:5a:55:48:e1:7e:37 + +OpenSSH server +-------------- + +OpenSSH server with configuration parameters + +.. code-block:: yaml + + openssh: + server: + enabled: true + permit_root_login: true + public_key_auth: true + password_auth: true + host_auth: true + banner: Welcome to server! + +OpenSSH server with auth keys for users + +.. code-block:: yaml + + openssh: + server: + enabled: true + ... + user: + user1: + enabled: true + user: ${linux:system:user:user1} + public_keys: + - ${public_keys:user1} + root: + enabled: true + user: ${linux:system:user:root} + public_keys: + - ${public_keys:user1} + +OpenSSH server for use with FreeIPA + +.. code-block:: yaml + + openssh: + server: + enabled: true + public_key_auth: true + authorized_keys_command: + command: /usr/bin/sss_ssh_authorizedkeys + user: nobody + +Salt minion configuration +------------------------- + +Simple Salt minion + +.. code-block:: yaml + + salt: + minion: + enabled: true + master: + host: master.domain.com + +Multi-master Salt minion + +.. code-block:: yaml + + salt: + minion: + enabled: true + masters: + - host: master1.domain.com + - host: master2.domain.com + +Salt minion with salt mine options + +.. code-block:: yaml + + salt: + minion: + enabled: true + master: + host: master.domain.com + mine: + interval: 60 + module: + grains.items: [] + network.interfaces: [] + +Salt minion with graphing dependencies + +.. code-block:: yaml + + salt: + minion: + enabled: true + graph_states: true + master: + +NTP client +---------- + +.. code-block:: yaml + + ntp: + client: + enabled: true + strata: + - ntp.cesnet.cz + - ntp.nic.cz -------------- diff --git a/doc/source/install/configure-network.rst b/doc/source/install/configure-network.rst index fcd7e39..12d4c55 100644 --- a/doc/source/install/configure-network.rst +++ b/doc/source/install/configure-network.rst @@ -1,15 +1,126 @@ Configuring the Network service -=================================== +=============================== -OpenVSwitch backend ---------------------- +Control nodes +------------- +.. code-block:: yaml -OpenContrail backend ---------------------- + neutron: + server: + enabled: true + version: kilo + plugin: ml2/contrail + bind: + address: 172.20.0.1 + port: 9696 + tunnel_type: vxlan + public_networks: + - name: public + subnets: + - name: public-subnet + gateway: 10.0.0.1 + network: 10.0.0.0/24 + pool_start: 10.0.5.20 + pool_end: 10.0.5.200 + dhcp: False + database: + engine: mysql + host: 127.0.0.1 + port: 3306 + name: neutron + user: neutron + password: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: neutron + password: pwd + tenant: service + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + metadata: + host: 127.0.0.1 + port: 8775 + password: pass + fwaas: false +Network nodes +------------- +.. code-block:: yaml + + neutron: + bridge: + enabled: true + version: kilo + tunnel_type: vxlan + bind: + address: 172.20.0.2 + database: + engine: mysql + host: 127.0.0.1 + port: 3306 + name: neutron + user: neutron + password: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: neutron + password: pwd + tenant: service + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + +Compute nodes +------------- + +.. code-block:: yaml + + neutron: + switch: + enabled: true + version: kilo + migration: True + tunnel_type: vxlan + bind: + address: 127.20.0.100 + database: + engine: mysql + host: 127.0.0.1 + port: 3306 + name: neutron + user: neutron + password: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + user: neutron + password: pwd + tenant: service + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + -------------- .. include:: navigation.txt diff --git a/doc/source/install/configure-orchestrate.rst b/doc/source/install/configure-orchestrate.rst index 669a07f..9d26c23 100644 --- a/doc/source/install/configure-orchestrate.rst +++ b/doc/source/install/configure-orchestrate.rst @@ -2,6 +2,88 @@ Configuring the Orchestrate service =================================== +Heat server +----------- + +Heat control services +********************* + +.. code-block:: yaml + + heat: + server: + enabled: true + version: icehouse + bind: + metadata: + address: 10.0.106.10 + port: 8000 + waitcondition: + address: 10.0.106.10 + port: 8000 + watch: + address: 10.0.106.10 + port: 8003 + cloudwatch: + host: 10.0.106.20 + api: + host: 10.0.106.20 + api_cfn: + host: 10.0.106.20 + database: + engine: mysql + host: 10.0.106.20 + port: 3306 + name: heat + user: heat + password: password + identity: + engine: keystone + host: 10.0.106.20 + port: 35357 + tenant: service + user: heat + password: password + message_queue: + engine: rabbitmq + host: 10.0.106.20 + port: 5672 + user: openstack + password: password + virtual_host: '/openstack' + ha_queues: True + +Heat template deployment +************************ + +.. code-block:: yaml + + heat: + control: + enabled: true + system: + web_production: + format: hot + template_file: /srv/heat/template/web_cluster.hot + environment: /srv/heat/env/web_cluster/prd.env + web_staging: + format: hot + template_file: /srv/heat/template/web_cluster.hot + environment: /srv/heat/env/web_cluster/stg.env + +Heat client +----------- + +.. code-block:: yaml + + heat: + client: + enabled: true + source: + engine: git + address: git@repo.domain.com/heat-templates.git + revision: master + -------------- .. include:: navigation.txt diff --git a/doc/source/install/configure-telemetry.rst b/doc/source/install/configure-telemetry.rst index aee989c..77a9c11 100644 --- a/doc/source/install/configure-telemetry.rst +++ b/doc/source/install/configure-telemetry.rst @@ -2,6 +2,89 @@ Configuring the Telemetry service ================================= --------------- +Control nodes +------------- +Ceilometer API +************** + +.. code-black:: yaml + + ceilometer: + server: + enabled: true + version: havana + cluster: true + secret: pwd + bind: + host: 127.0.0.1 + port: 8777 + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + tenant: service + user: ceilometer + password: pwd + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + rabbit_ha_queues: true + database: + engine: mongodb + host: 127.0.0.1 + port: 27017 + name: ceilometer + user: ceilometer + password: pwd + +Compute nodes +------------- + +Ceilometer Graphite publisher +***************************** + +.. code-block:: yaml + + ceilometer: + server: + enabled: true + publisher: + graphite: + enabled: true + host: 10.0.0.1 + port: 2003 + +Ceilometer agent +**************** + +.. code-block:: yaml + + ceilometer: + agent: + enabled: true + version: havana + secret: pwd + identity: + engine: keystone + host: 127.0.0.1 + port: 35357 + tenant: service + user: ceilometer + password: pwd + message_queue: + engine: rabbitmq + host: 127.0.0.1 + port: 5672 + user: openstack + password: pwd + virtual_host: '/openstack' + rabbit_ha_queues: true + +-------------- + .. include:: navigation.txt