diff --git a/doc/source/install/deploy_openwrt.rst b/doc/source/install/deploy_openwrt.rst index 5f21049b7..8951c569d 100644 --- a/doc/source/install/deploy_openwrt.rst +++ b/doc/source/install/deploy_openwrt.rst @@ -21,305 +21,141 @@ Deploying OpenWRT as VNF Once tacker is installed successfully, follow the steps given below to get started with deploying OpenWRT as VNF. -1. Ensure Glance already contains OpenWRT image. +#. Ensure Glance already contains OpenWRT image. -Normally, Tacker tries to add OpenWRT image to Glance while installing -via devstack. By running **openstack image list** to check OpenWRT image -if exists. If not, download the customized image of OpenWRT 15.05.1 -[#f1]_. Unzip the file by using the command below: + Normally, Tacker tries to add OpenWRT image to Glance while installing + via devstack. By running ``openstack image list`` to check OpenWRT image + if exists. -.. code-block:: console + .. code-block:: console + :emphasize-lines: 5 - gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz + $ openstack image list + +--------------------------------------+--------------------------+--------+ + | ID | Name | Status | + +--------------------------------------+--------------------------+--------+ + | 8cc2aaa8-5218-49e7-9a57-ddb97dc68d98 | OpenWRT | active | + | 32f875b0-9e24-4971-b82d-84d6ec620136 | cirros-0.4.0-x86_64-disk | active | + | ab0abeb8-f73c-467b-9743-b17083c02093 | cirros-0.5.1-x86_64-disk | active | + +--------------------------------------+--------------------------+--------+ -.. + If not, you can get the customized image of OpenWRT 15.05.1 in your tacker repository, + or download the image from [#f1]_. Unzip the file by using the command below: -And then upload this image into Glance by using the command specified below: + .. code-block:: console -.. code-block:: console + $ cd /path/to/tacker/samples/images/ + $ gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz - openstack image create OpenWRT --disk-format qcow2 \ - --container-format bare \ - --file /path_to_image/openwrt-x86-kvm_guest-combined-ext4.img \ - --public -.. + Then upload the image into Glance by using command below: -2. Configure OpenWRT + .. code-block:: console -The example below shows how to create the OpenWRT-based Firewall VNF. -First, we have a yaml template which contains the configuration of -OpenWRT as shown below: + $ openstack image create OpenWRT --disk-format qcow2 \ + --container-format bare \ + --file /path/to/openwrt-x86-kvm_guest-combined-ext4.img \ + --public -*tosca-vnfd-openwrt.yaml* [#f2]_ +#. Configure OpenWRT -.. code-block:: yaml + The example below shows how to create the OpenWRT-based Firewall VNF. + First, we have a yaml template which contains the configuration of + OpenWRT as shown below: - tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 + *tosca-vnfd-openwrt.yaml* [#f2]_ - description: OpenWRT with services + .. literalinclude:: ../../../samples/tosca-templates/vnfd/tosca-vnfd-openwrt.yaml + :language: yaml - metadata: - template_name: OpenWRT - topology_template: - node_templates: + We also have another configuration yaml template with some firewall rules of + OpenWRT. - VDU1: - type: tosca.nodes.nfv.VDU.Tacker - capabilities: - nfv_compute: - properties: - num_cpus: 1 - mem_size: 512 MB - disk_size: 1 GB - properties: - image: OpenWRT - config: | - param0: key1 - param1: key2 - mgmt_driver: openwrt - monitoring_policy: - name: ping - parameters: - count: 3 - interval: 10 - actions: - failure: respawn + *tosca-config-openwrt-firewall.yaml* [#f3]_ - CP1: - type: tosca.nodes.nfv.CP.Tacker - properties: - management: true - order: 0 - anti_spoofing_protection: false - requirements: - - virtualLink: - node: VL1 - - virtualBinding: - node: VDU1 + .. literalinclude:: ../../../samples/tosca-templates/vnfd/tosca-config-openwrt-firewall.yaml + :language: yaml - CP2: - type: tosca.nodes.nfv.CP.Tacker - properties: - order: 1 - anti_spoofing_protection: false - requirements: - - virtualLink: - node: VL2 - - virtualBinding: - node: VDU1 + In this template file, we specify the ``mgmt_driver: openwrt`` which means + this VNFD is managed by openwrt driver [#f4]_. This driver can inject + firewall rules which defined in VNFD into OpenWRT instance by using SSH + protocol. We can run ``cat /etc/config/firewall`` to confirm the firewall + rules if inject succeed. - CP3: - type: tosca.nodes.nfv.CP.Tacker - properties: - order: 2 - anti_spoofing_protection: false - requirements: - - virtualLink: - node: VL3 - - virtualBinding: - node: VDU1 +#. Create a sample vnfd - VL1: - type: tosca.nodes.nfv.VL - properties: - network_name: net_mgmt - vendor: Tacker + .. code-block:: console - VL2: - type: tosca.nodes.nfv.VL - properties: - network_name: net0 - vendor: Tacker + $ openstack vnf descriptor create \ + --vnfd-file tosca-vnfd-openwrt.yaml - VL3: - type: tosca.nodes.nfv.VL - properties: - network_name: net1 - vendor: Tacker firewall +#. Create a VNF -.. + .. code-block:: console -We also have another configuration yaml template with some firewall rules of -OpenWRT. + $ openstack vnf create --vnfd-name \ + --config-file tosca-config-openwrt-firewall.yaml -*tosca-config-openwrt-firewall.yaml* [#f3]_ +#. Check the status -.. code-block:: yaml + .. code-block:: console - vdus: - VDU1: - config: - firewall: | - package firewall - config defaults - option syn_flood '1' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'REJECT' - config zone - option name 'lan' - list network 'lan' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'ACCEPT' - config zone - option name 'wan' - list network 'wan' - list network 'wan6' - option input 'REJECT' - option output 'ACCEPT' - option forward 'REJECT' - option masq '1' - option mtu_fix '1' - config forwarding - option src 'lan' - option dest 'wan' - config rule - option name 'Allow-DHCP-Renew' - option src 'wan' - option proto 'udp' - option dest_port '68' - option target 'ACCEPT' - option family 'ipv4' - config rule - option name 'Allow-Ping' - option src 'wan' - option proto 'icmp' - option icmp_type 'echo-request' - option family 'ipv4' - option target 'ACCEPT' - config rule - option name 'Allow-IGMP' - option src 'wan' - option proto 'igmp' - option family 'ipv4' - option target 'ACCEPT' - config rule - option name 'Allow-DHCPv6' - option src 'wan' - option proto 'udp' - option src_ip 'fe80::/10' - option src_port '547' - option dest_ip 'fe80::/10' - option dest_port '546' - option family 'ipv6' - option target 'ACCEPT' - config rule - option name 'Allow-MLD' - option src 'wan' - option proto 'icmp' - option src_ip 'fe80::/10' - list icmp_type '130/0' - list icmp_type '131/0' - list icmp_type '132/0' - list icmp_type '143/0' - option family 'ipv6' - option target 'ACCEPT' - config rule - option name 'Allow-ICMPv6-Input' - option src 'wan' - option proto 'icmp' - list icmp_type 'echo-request' - list icmp_type 'echo-reply' - list icmp_type 'destination-unreachable' - list icmp_type 'packet-too-big' - list icmp_type 'time-exceeded' - list icmp_type 'bad-header' - list icmp_type 'unknown-header-type' - list icmp_type 'router-solicitation' - list icmp_type 'neighbour-solicitation' - list icmp_type 'router-advertisement' - list icmp_type 'neighbour-advertisement' - option limit '190/sec' - option family 'ipv6' - option target 'REJECT' + $ openstack vnf list + $ openstack vnf show -.. + We can replace the firewall rules configuration file with + tosca-config-openwrt-vrouter.yaml [#f5]_, tosca-config-openwrt-dnsmasq.yaml + [#f6]_, or tosca-config-openwrt-qos.yaml [#f7]_ to deploy the router, DHCP, + DNS, or QoS VNFs. The openwrt VNFM management driver will do the same way to + inject the desired service rules into the OpenWRT instance. You can also do the + same to check if the rules are injected successful: **cat /etc/config/network** + to check vrouter, **cat /etc/config/dhcp** to check DHCP and DNS, and + **cat /etc/config/qos** to check the QoS rules. -In this template file, we specify the **mgmt_driver: openwrt** which means -this VNFD is managed by openwrt driver [#f4]_. This driver can inject -firewall rules which defined in VNFD into OpenWRT instance by using SSH -protocol. We can run**cat /etc/config/firewall** to confirm the firewall -rules if inject succeed. +#. Notes -3. Create a sample vnfd + #. OpenWRT user and password -.. code-block:: console + The user account is 'root' and password is '', which means there is no + password for root account. - openstack vnf descriptor create --vnfd-file tosca-vnfd-openwrt.yaml -.. + #. Procedure to customize the OpenWRT image -4. Create a VNF + The OpenWRT is modified based on KVM OpenWRT 15.05.1 to be suitable + for Tacker. The procedure is following as below: -.. code-block:: console + .. code-block:: console - openstack vnf create --vnfd-name \ - --config-file tosca-config-openwrt-firewall.yaml -.. + $ cd ~ + $ wget https://archive.openwrt.org/chaos_calmer/15.05.1/x86/kvm_guest/openwrt-15.05.1-x86-kvm_guest-combined-ext4.img.gz \ + -O openwrt-x86-kvm_guest-combined-ext4.img.gz + $ gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz -5. Check the status + $ mkdir -p imgroot -.. code-block:: console + $ sudo kpartx -av openwrt-x86-kvm_guest-combined-ext4.img - openstack vnf list - openstack vnf show -.. + # Replace the loopXp2 with the result of above command, e.g., loop0p2 + $ sudo mount -o loop /dev/mapper/loopXp2 imgroot + $ sudo chroot imgroot /bin/ash -We can replace the firewall rules configuration file with -tosca-config-openwrt-vrouter.yaml [#f5]_, tosca-config-openwrt-dnsmasq.yaml -[#f6]_, or tosca-config-openwrt-qos.yaml [#f7]_ to deploy the router, DHCP, -DNS, or QoS VNFs. The openwrt VNFM management driver will do the same way to -inject the desired service rules into the OpenWRT instance. You can also do the -same to check if the rules are injected successful: **cat /etc/config/network** -to check vrouter, **cat /etc/config/dhcp** to check DHCP and DNS, and -**cat /etc/config/qos** to check the QoS rules. + # Set password of this image to blank, type follow command and then enter two times + $ passwd -6. Notes + # Set DHCP for the network of OpenWRT so that the VNF can be ping + $ uci set network.lan.proto=dhcp; uci commit + $ exit -6.1. OpenWRT user and password + $ sudo umount imgroot + $ sudo kpartx -dv openwrt-x86-kvm_guest-combined-ext4.img -The user account is 'root' and password is '', which means there is no -password for root account. - -6.2. Procedure to customize the OpenWRT image - -The OpenWRT is modified based on KVM OpenWRT 15.05.1 to be suitable forTacker. -The procedure is following as below: - -.. code-block:: console - - cd ~ - wget https://archive.openwrt.org/chaos_calmer/15.05.1/x86/kvm_guest/openwrt-15.05.1-x86-kvm_guest-combined-ext4.img.gz \ - -O openwrt-x86-kvm_guest-combined-ext4.img.gz - gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz - - mkdir -p imgroot - - sudo kpartx -av openwrt-x86-kvm_guest-combined-ext4.img - - # Replace the loopXp2 with the result of above command, e.g., loop0p2 - sudo mount -o loop /dev/mapper/loopXp2 imgroot - sudo chroot imgroot /bin/ash - - # Set password of this image to blank, type follow command and then enter two times - passwd - - # Set DHCP for the network of OpenWRT so that the VNF can be ping - uci set network.lan.proto=dhcp; uci commit - exit - - sudo umount imgroot - sudo kpartx -dv openwrt-x86-kvm_guest-combined-ext4.img - -.. .. rubric:: Footnotes -.. [#] https://github.com/openstack/tacker/blob/master/samples/images/openwrt-x86-kvm_guest-combined-ext4.img.gz -.. [#] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-vnfd-openwrt.yaml -.. [#] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-firewall.yaml -.. [#] https://github.com/openstack/tacker/blob/master/tacker/vnfm/mgmt_drivers/openwrt/openwrt.py -.. [#] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-vrouter.yaml -.. [#] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-dnsmasq.yaml -.. [#] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnfd/tosca-config-openwrt-qos.yaml +.. [#] https://opendev.org/openstack/tacker/src/branch/master/samples/images/openwrt-x86-kvm_guest-combined-ext4.img.gz +.. [#] https://opendev.org/openstack/tacker/src/branch/master/samples/tosca-templates/vnfd/tosca-vnfd-openwrt.yaml +.. [#] https://opendev.org/openstack/tacker/src/branch/master/samples/tosca-templates/vnfd/tosca-config-openwrt-firewall.yaml +.. [#] https://opendev.org/openstack/tacker/src/branch/master/tacker/vnfm/mgmt_drivers/openwrt/openwrt.py +.. [#] https://opendev.org/openstack/tacker/src/branch/master/samples/tosca-templates/vnfd/tosca-config-openwrt-vrouter.yaml +.. [#] https://opendev.org/openstack/tacker/src/branch/master/samples/tosca-templates/vnfd/tosca-config-openwrt-dnsmasq.yaml +.. [#] https://opendev.org/openstack/tacker/src/branch/master/samples/tosca-templates/vnfd/tosca-config-openwrt-qos.yaml diff --git a/doc/source/install/devstack.rst b/doc/source/install/devstack.rst index af74cc13c..5748ccb62 100644 --- a/doc/source/install/devstack.rst +++ b/doc/source/install/devstack.rst @@ -19,167 +19,92 @@ Install via Devstack ==================== -The Devstack supports installation from different code branch by specifying - below. If there is no preference, it is recommended to install -Tacker from master branch, i.e. the is master. If pike branch -is the target branch, the is stable/pike. -Devstack should be run as a non-root with sudo enabled(standard logins to -cloud images such as "ubuntu" or "cloud-user" are usually fine). Creating a -separate user and granting relevant privileges please refer [#f0]_. +Overview +-------- -1. Download DevStack: +Tacker provides some examples, or templates, of ``local.conf`` used for +Devstack. You can find them in ``${TACKER_ROOT}/devstack`` directory in the +tacker repository. -.. code-block:: console +Devstack supports installation from different code branch by specifying +branch name in your ``local.conf`` as described in below. +If you install the latest version, use ``master`` branch. +On the other hand, if you install specific release, suppose ``ussuri`` +in this case, branch name must be ``stable/ussuri``. - $ git clone https://opendev.org/openstack-dev/devstack -b - $ cd devstack +For installation, ``stack.sh`` script in Devstack should be run as a +non-root user with sudo enabled. +Add a separate user ``stack`` and granting relevant privileges is a good way +to install via Devstack [#f0]_. -.. +Install +------- -2. Enable tacker related Devstack plugins in **local.conf** file: +Devstack expects to be provided ``local.conf`` before running install script. +The first step of installing tacker is to clone Devstack and prepare your +``local.conf``. -First, the **local.conf** file needs to be created by manual or copied from -Tacker Repo [#f1]_ and renamed to **local.conf**. We have two Tacker -configuration installation files. First, it is the all-in-one mode that -installs full Devstack environment including Tacker in one PC or Laptop. -Second, it is the standalone mode which only will install a standalone -Tacker environment with some mandatory OpenStack services. +#. Download DevStack -2.1. All-in-one mode + Get Devstack via git, with specific branch optionally if you prefer, + and go down to the directory. -The **local.conf** file of all-in-one mode from [#f2]_ is shown as below: + .. code-block:: console -.. code-block:: ini + $ git clone https://opendev.org/openstack-dev/devstack -b + $ cd devstack - [[local|localrc]] - ############################################################ - # Customize the following HOST_IP based on your installation - ############################################################ - HOST_IP=127.0.0.1 +#. Enable tacker related Devstack plugins in ``local.conf`` file - ADMIN_PASSWORD=devstack - MYSQL_PASSWORD=devstack - RABBIT_PASSWORD=devstack - SERVICE_PASSWORD=$ADMIN_PASSWORD - SERVICE_TOKEN=devstack + ``local.conf`` needs to be created by manual, or copied from Tacker + repo [#f1]_ renamed as ``local.conf``. We have two choices for + configuration basically. First one is the ``all-in-one`` mode that + installs full Devstack environment including Tacker in one PC or Laptop. + Second, it is ``standalone`` mode which only will install only Tacker + environment with some mandatory OpenStack services. Nova, Neutron or other + essential components are not included in this mode. - ############################################################ - # Customize the following section based on your installation - ############################################################ + #. All-in-one mode - # Pip - PIP_USE_MIRRORS=False - USE_GET_PIP=1 + There are two examples for ``all-in-one`` mode, targetting OpenStack + or Kubernetes as VIM. - #OFFLINE=False - #RECLONE=True + ``local.conf`` for ``all-in-one`` mode with OpenStack [#f2]_ + is shown as below. - # Logging - LOGFILE=$DEST/logs/stack.sh.log - VERBOSE=True - ENABLE_DEBUG_LOG_LEVEL=True - ENABLE_VERBOSE_LOG_LEVEL=True + .. literalinclude:: ../../../devstack/local.conf.example + :language: ini - # Neutron ML2 with OpenVSwitch - Q_PLUGIN=ml2 - Q_AGENT=openvswitch + The difference between ``all-in-one`` mode with Kubernetes [#f3]_ is + to deploy kuryr-kubernetes and octavia. - # Disable security groups - Q_USE_SECGROUP=False - LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver + .. literalinclude:: ../../../devstack/local.conf.kubernetes + :language: ini + :emphasize-lines: 60-65 - # Enable heat, networking-sfc, barbican and mistral - enable_plugin heat https://opendev.org/openstack/heat master - enable_plugin networking-sfc https://opendev.org/openstack/networking-sfc master - enable_plugin barbican https://opendev.org/openstack/barbican master - enable_plugin mistral https://opendev.org/openstack/mistral master + #. Standalone mode - # Ceilometer - #CEILOMETER_PIPELINE_INTERVAL=300 - enable_plugin ceilometer https://opendev.org/openstack/ceilometer master - enable_plugin aodh https://opendev.org/openstack/aodh master + The ``local.conf`` file of standalone mode from [#f4]_ is shown as below. - # Blazar - enable_plugin blazar https://github.com/openstack/blazar.git master + .. literalinclude:: ../../../devstack/local.conf.standalone + :language: ini - # Tacker - enable_plugin tacker https://opendev.org/openstack/tacker master +#. Installation - enable_service n-novnc - enable_service n-cauth + After saving the ``local.conf``, we can run ``stack.sh`` in the terminal + to start setting up. - disable_service tempest + .. code-block:: console - # Enable kuryr-kubernetes, docker, octavia - KUBERNETES_VIM=True - enable_plugin kuryr-kubernetes https://opendev.org/openstack/kuryr-kubernetes master - enable_plugin octavia https://opendev.org/openstack/octavia master - enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master - #KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24" - - [[post-config|/etc/neutron/dhcp_agent.ini]] - [DEFAULT] - enable_isolated_metadata = True - - [[post-config|$OCTAVIA_CONF]] - [controller_worker] - amp_active_retries=9999 - -.. - - -2.2. Standalone mode - -The **local.conf** file of standalone mode from [#f3]_ is shown as below: - -.. code-block:: ini - - [[local|localrc]] - ############################################################ - # Customize the following HOST_IP based on your installation - ############################################################ - HOST_IP=127.0.0.1 - SERVICE_HOST=127.0.0.1 - SERVICE_PASSWORD=devstack - ADMIN_PASSWORD=devstack - SERVICE_TOKEN=devstack - DATABASE_PASSWORD=root - RABBIT_PASSWORD=password - ENABLE_HTTPD_MOD_WSGI_SERVICES=True - KEYSTONE_USE_MOD_WSGI=True - - # Logging - LOGFILE=$DEST/logs/stack.sh.log - VERBOSE=True - ENABLE_DEBUG_LOG_LEVEL=True - ENABLE_VERBOSE_LOG_LEVEL=True - GIT_BASE=${GIT_BASE:-https://opendev.org} - - TACKER_MODE=standalone - USE_BARBICAN=True - TACKER_BRANCH= - enable_plugin networking-sfc ${GIT_BASE}/openstack/networking-sfc $TACKER_BRANCH - enable_plugin barbican ${GIT_BASE}/openstack/barbican $TACKER_BRANCH - enable_plugin mistral ${GIT_BASE}/openstack/mistral $TACKER_BRANCH - enable_plugin tacker ${GIT_BASE}/openstack/tacker $TACKER_BRANCH - -.. - -3. Installation - -After saving the **local.conf**, we can run **stack.sh** in the terminal -to start setting up: - -.. code-block:: console - - $ ./stack.sh - -.. + $ ./stack.sh .. rubric:: Footnotes .. [#f0] https://docs.openstack.org/devstack/latest/ -.. [#f1] https://github.com/openstack/tacker/tree/master/devstack -.. [#f2] https://github.com/openstack/tacker/blob/master/devstack/local.conf.kubernetes -.. [#f3] https://github.com/openstack/tacker/blob/master/devstack/local.conf.standalone - +.. [#f1] https://opendev.org/openstack/tacker/src/branch/master/devstack +.. [#f2] + https://opendev.org/openstack/tacker/src/branch/master/devstack/local.conf.example +.. [#f3] + https://opendev.org/openstack/tacker/src/branch/master/devstack/local.conf.kubernetes +.. [#f4] + https://opendev.org/openstack/tacker/src/branch/master/devstack/local.conf.standalone diff --git a/doc/source/install/getting_started.rst b/doc/source/install/getting_started.rst index 4b9c273b0..e18c54fa9 100644 --- a/doc/source/install/getting_started.rst +++ b/doc/source/install/getting_started.rst @@ -23,126 +23,129 @@ started with Tacker and validate the installation. Registering default OpenStack VIM -================================= -1. Get one account on the OpenStack VIM. +--------------------------------- -In Tacker MANO system, the VNF can be on-boarded to one target OpenStack, which -is also called VIM. Get one account on this OpenStack. For example, the below -is the account information collected in file `vim_config.yaml` [1]_: +#. Get one account on the OpenStack VIM -.. code-block:: yaml + In Tacker MANO system, VNFs can be on-boarded to a target OpenStack which + is also called as VIM. Get one account on your OpenStack, such as ``admin`` + if you deploy your OpenStack via devstack. Here is an example of a user + named as ``nfv_user`` and has a project ``nfv`` on OpenStack for + VIM configuration. It is described in ``vim_config.yaml`` [1]_: - auth_url: 'http://127.0.0.1/identity' - username: 'nfv_user' - password: 'mySecretPW' - project_name: 'nfv' - project_domain_name: 'Default' - user_domain_name: 'Default' - cert_verify: 'True' -.. + .. literalinclude:: ../../../samples/vim/vim_config.yaml + :language: yaml -.. note:: + .. note:: - In Keystone, port `5000` is enabled for authentication service [2]_, so the - end users can use `auth_url: 'http://127.0.0.1:5000/v3'` instead of - `auth_url: 'http://127.0.0.1/identity'` as above mention. + In Keystone, port ``5000`` is enabled for authentication service [2]_, + so the end users can use ``auth_url: 'http://127.0.0.1:5000/v3'`` instead + of ``auth_url: 'http://127.0.0.1/identity'`` as above mention. -By default, cert_verify is set as `True`. To disable verifying SSL -certificate, user can set cert_verify parameter to `False`. + By default, ``cert_verify`` is set as ``True``. To disable verifying SSL + certificate, user can set ``cert_verifyi`` parameter to ``False``. -2. Register the VIM that will be used as a default VIM for VNF deployments. -This will be required when the optional argument `--vim-id` is not provided by -the user during VNF creation. +#. Register VIM -.. code-block:: console + Register the default VIM with the config file for VNF deployment. + This will be required when the optional argument ``--vim-id`` is not + provided by the user during VNF creation. + + .. code-block:: console + + $ openstack vim register --config-file vim_config.yaml \ + --description 'my first vim' --is-default hellovim - openstack vim register --config-file vim_config.yaml \ - --description 'my first vim' --is-default hellovim -.. Onboarding sample VNF -===================== +--------------------- -1. Create a `sample-vnfd.yaml` file with the following template: +#. Create a ``sample-vnfd.yaml`` file with the following template -.. code-block:: yaml + .. code-block:: yaml - tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 + tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 - description: Demo example + description: Demo example - metadata: - template_name: sample-tosca-vnfd + metadata: + template_name: sample-tosca-vnfd - topology_template: - node_templates: - VDU1: - type: tosca.nodes.nfv.VDU.Tacker - capabilities: - nfv_compute: + topology_template: + node_templates: + VDU1: + type: tosca.nodes.nfv.VDU.Tacker + capabilities: + nfv_compute: + properties: + num_cpus: 1 + mem_size: 512 MB + disk_size: 1 GB properties: - num_cpus: 1 - mem_size: 512 MB - disk_size: 1 GB - properties: - image: cirros-0.4.0-x86_64-disk - availability_zone: nova - mgmt_driver: noop - config: | - param0: key1 - param1: key2 + image: cirros-0.4.0-x86_64-disk + availability_zone: nova + mgmt_driver: noop + config: | + param0: key1 + param1: key2 - CP1: - type: tosca.nodes.nfv.CP.Tacker - properties: - management: true - order: 0 - anti_spoofing_protection: false - requirements: - - virtualLink: - node: VL1 - - virtualBinding: - node: VDU1 + CP1: + type: tosca.nodes.nfv.CP.Tacker + properties: + management: true + order: 0 + anti_spoofing_protection: false + requirements: + - virtualLink: + node: VL1 + - virtualBinding: + node: VDU1 - VL1: - type: tosca.nodes.nfv.VL - properties: - network_name: net_mgmt - vendor: Tacker -.. + VL1: + type: tosca.nodes.nfv.VL + properties: + network_name: net_mgmt + vendor: Tacker -.. note:: + .. note:: - You can find more sample tosca templates for VNFD at [3]_ + You can find several samples of tosca template for VNFD at [3]_. -2. Create a sample VNFD +#. Create a sample VNFD -.. code-block:: console + .. code-block:: console - openstack vnf descriptor create --vnfd-file sample-vnfd.yaml samplevnfd -.. + $ openstack vnf descriptor create --vnfd-file sample-vnfd.yaml samplevnfd -3. Create a VNF +#. Create a VNF -.. code-block:: console + .. code-block:: console - openstack vnf create --vnfd-name samplevnfd samplevnf -.. + $ openstack vnf create --vnfd-name samplevnfd samplevnf -4. Some basic Tacker commands +#. Some basic Tacker commands -.. code-block:: console + You can find each of VIM, VNFD and VNF created in previous steps by using + ``list`` subcommand. - openstack vim list - openstack vnf descriptor list - openstack vnf list - openstack vnf show samplevnf -.. + .. code-block:: console + + $ openstack vim list + $ openstack vnf descriptor list + $ openstack vnf list + + If you inspect attributes of the isntances, use ``show`` subcommand with + name or ID. For example, you can inspect the VNF named as ``samplevnf`` + as below. + + .. code-block:: console + + $ openstack vnf show samplevnf References -========== +---------- -.. [1] https://github.com/longkb/tacker/blob/master/samples/vim/vim_config.yaml +.. [1] https://opendev.org/openstack/tacker/src/branch/master/samples/vim/vim_config.yaml .. [2] https://docs.openstack.org/keystoneauth/latest/using-sessions.html#sessions-for-users -.. [3] https://github.com/openstack/tacker/tree/master/samples/tosca-templates/vnfd +.. [3] https://opendev.org/openstack/tacker/src/branch/master/samples/tosca-templates/vnfd diff --git a/doc/source/install/kolla.rst b/doc/source/install/kolla.rst index 982b0a5e4..2d29d5d71 100644 --- a/doc/source/install/kolla.rst +++ b/doc/source/install/kolla.rst @@ -19,9 +19,21 @@ Install via Kolla Ansible ========================= -Please refer to "Install dependencies" part of kolla ansible quick start at -https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html to set -up the docker environment that is used by kolla ansible. +.. note:: + + This installation guide is explaining about Tacker. Other components, + such as nova or neutron, are not covered here. + +.. note:: + + This installation guide is just a bit old, and explained for Redhat distro. + + +Please refer to +`Install dependencies +`_ +of kolla ansible installation [1]_ to set up the docker environment that is +used by kolla ansible. To install via Kolla Ansible, the version of Kolla Ansible should be consistent with the target Tacker system. For example, stable/pike branch of Kolla Ansible @@ -34,164 +46,151 @@ installed in this document. Install Kolla Ansible -~~~~~~~~~~~~~~~~~~~~~ +--------------------- -1. Get the stable/pike version of kolla ansible: +#. Get the stable/pike version of kolla ansible: -.. code-block:: console + .. code-block:: console - $ git clone https://github.com/openstack/kolla-ansible.git -b stable/pike - $ cd kolla-ansible - $ sudo yum install python-devel libffi-devel gcc openssl-devel libselinux-python - $ sudo pip install -r requirements.txt - $ sudo python setup.py install + $ git clone https://github.com/openstack/kolla-ansible.git -b stable/pike + $ cd kolla-ansible + $ sudo yum install python-devel libffi-devel gcc openssl-devel libselinux-python + $ sudo pip install -r requirements.txt + $ sudo python setup.py install -.. + If the needed version has already been published at pypi site + 'https://pypi.org/project/kolla-ansible', the command below can be used: + .. code-block:: console -If the needed version has already been published at pypi site -'https://pypi.org/project/kolla-ansible', the command below can be used: - -.. code-block:: console - - $ sudo pip install "kolla-ansible==5.0.0" - -.. + $ sudo pip install "kolla-ansible==5.0.0" Install Tacker -~~~~~~~~~~~~~~ +-------------- -1. Edit kolla ansible's configuration file /etc/kolla/globals.yml: +#. Edit kolla ansible's configuration file ``/etc/kolla/globals.yml``: -.. code-block:: ini + .. code-block:: ini - --- - kolla_install_type: "source" - # openstack_release can be determined by version of kolla-ansible tool. - # But if needed, it can be specified. - #openstack_release: 5.0.0 - kolla_internal_vip_address: - # The Public address used to communicate with OpenStack as set in the - # public_url for the endpoints that will be created. This DNS name - # should map to kolla_external_vip_address. - #kolla_external_fqdn: "{{ kolla_external_vip_address }}" - # define your own registry if needed - #docker_registry: "127.0.0.1:4000" - # If needed OpenStack kolla images are published, docker_namespace should be - # kolla - #docker_namespace: "kolla" - docker_namespace: "gongysh" - enable_glance: "no" - enable_haproxy: "no" - enable_keystone: "yes" - enable_mariadb: "yes" - enable_memcached: "yes" - enable_neutron: "no" - enable_nova: "no" - enable_barbican: "yes" - enable_mistral: "yes" - enable_tacker: "yes" - enable_heat: "no" - enable_openvswitch: "no" - enable_horizon: "yes" - enable_horizon_tacker: "{{ enable_tacker | bool }}" + --- + kolla_install_type: "source" + # openstack_release can be determined by version of kolla-ansible tool. + # But if needed, it can be specified. + #openstack_release: 5.0.0 + kolla_internal_vip_address: + # The Public address used to communicate with OpenStack as set in the + # public_url for the endpoints that will be created. This DNS name + # should map to kolla_external_vip_address. + #kolla_external_fqdn: "{{ kolla_external_vip_address }}" + # define your own registry if needed + #docker_registry: "127.0.0.1:4000" + # If needed OpenStack kolla images are published, docker_namespace should be + # kolla + #docker_namespace: "kolla" + docker_namespace: "gongysh" + enable_glance: "no" + enable_haproxy: "no" + enable_keystone: "yes" + enable_mariadb: "yes" + enable_memcached: "yes" + enable_neutron: "no" + enable_nova: "no" + enable_barbican: "yes" + enable_mistral: "yes" + enable_tacker: "yes" + enable_heat: "no" + enable_openvswitch: "no" + enable_horizon: "yes" + enable_horizon_tacker: "{{ enable_tacker | bool }}" -.. + .. note:: -.. note:: + To determine version of kolla-ansible, the following commandline can be + used: - To determine version of kolla-ansible, the following commandline can be - used: + .. code-block:: console - $ python -c "import pbr.version; print(pbr.version.VersionInfo('kolla-ansible'))" + $ python -c \ + "import pbr.version; print(pbr.version.VersionInfo('kolla-ansible'))" -2. Run kolla-genpwd to generate system passwords: +#. Run kolla-genpwd to generate system passwords: -.. code-block:: console + .. code-block:: console - $ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml - $ sudo kolla-genpwd + $ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml + $ sudo kolla-genpwd -.. + .. note:: -.. note:: - - If the pypi version is used to install kolla-ansible the skeleton passwords - file maybe under '/usr/share/kolla-ansible/etc_examples/kolla'. + If the pypi version is used to install kolla-ansible the skeleton + passwords file maybe under + ``/usr/share/kolla-ansible/etc_examples/kolla``. -With this command, /etc/kolla/passwords.yml will be populated with -generated passwords. + With this command, ``/etc/kolla/passwords.yml`` will be populated with + generated passwords. + +#. Run kolla ansible deploy to install tacker system: + + .. code-block:: console + + $ sudo kolla-ansible deploy -3. Run kolla ansible deploy to install tacker system: +#. Run kolla ansible post-deploy to generate tacker access environment file: -.. code-block:: console + .. code-block:: console - $ sudo kolla-ansible deploy + $ sudo kolla-ansible post-deploy -.. + With this command, ``admin-openrc.sh`` will be generated at + ``/etc/kolla/admin-openrc.sh``. + +#. Check the related containers are started and running: + + Tacker system consists of some containers. Following is a sample output. + The containers fluentd, cron and kolla_toolbox are from kolla, please see + kolla ansible documentation for their usage. Others are from Tacker system + components. + + .. code-block:: console + + $ sudo docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}" + CONTAINER ID IMAGE NAMES + 78eafed848a8 gongysh/centos-source-tacker-server:5.0.0 tacker_server + 00bbecca5950 gongysh/centos-source-tacker-conductor:5.0.0 tacker_conductor + 19eddccf8e8f gongysh/centos-source-barbican-worker:5.0.0 barbican_worker + 6434b1d8236e gongysh/centos-source-barbican-keystone-listener:5.0.0 barbican_keystone_listener + 48be088643f8 gongysh/centos-source-barbican-api:5.0.0 barbican_api + 50b9a9a0e542 gongysh/centos-source-mistral-executor:5.0.0 mistral_executor + 07c28d845311 gongysh/centos-source-mistral-engine:5.0.0 mistral_engine + 196bbcc592a4 gongysh/centos-source-mistral-api:5.0.0 mistral_api + d5511b195a58 gongysh/centos-source-horizon:5.0.0 horizon + 62913ec7c056 gongysh/centos-source-keystone:5.0.0 keystone + 552b95e82f98 gongysh/centos-source-rabbitmq:5.0.0 rabbitmq + 4d57d7735514 gongysh/centos-source-mariadb:5.0.0 mariadb + 4e1142ff158d gongysh/centos-source-cron:5.0.0 cron + 000ba4ca1974 gongysh/centos-source-kolla-toolbox:5.0.0 kolla_toolbox + 0fe21b1ad18c gongysh/centos-source-fluentd:5.0.0 fluentd + a13e45fc034f gongysh/centos-source-memcached:5.0.0 memcached + +#. Install tacker client: + + .. code-block:: console + + $ sudo pip install python-tackerclient + +#. Check the Tacker server is running well: + + .. code-block:: console + + $ . /etc/kolla/admin-openrc.sh + $ openstack vim list -4. Run kolla ansible post-deploy to generate tacker access environment file: +References +---------- -.. code-block:: console - - $ sudo kolla-ansible post-deploy - -.. - -With this command, the "admin-openrc.sh" will be generated at -/etc/kolla/admin-openrc.sh. - - -5. Check the related containers are started and running: - -Tacker system consists of some containers. Following is a sample output. -The containers fluentd, cron and kolla_toolbox are from kolla, please see -kolla ansible documentation for their usage. Others are from Tacker system -components. - -.. code-block:: console - - $ sudo docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}" - CONTAINER ID IMAGE NAMES - 78eafed848a8 gongysh/centos-source-tacker-server:5.0.0 tacker_server - 00bbecca5950 gongysh/centos-source-tacker-conductor:5.0.0 tacker_conductor - 19eddccf8e8f gongysh/centos-source-barbican-worker:5.0.0 barbican_worker - 6434b1d8236e gongysh/centos-source-barbican-keystone-listener:5.0.0 barbican_keystone_listener - 48be088643f8 gongysh/centos-source-barbican-api:5.0.0 barbican_api - 50b9a9a0e542 gongysh/centos-source-mistral-executor:5.0.0 mistral_executor - 07c28d845311 gongysh/centos-source-mistral-engine:5.0.0 mistral_engine - 196bbcc592a4 gongysh/centos-source-mistral-api:5.0.0 mistral_api - d5511b195a58 gongysh/centos-source-horizon:5.0.0 horizon - 62913ec7c056 gongysh/centos-source-keystone:5.0.0 keystone - 552b95e82f98 gongysh/centos-source-rabbitmq:5.0.0 rabbitmq - 4d57d7735514 gongysh/centos-source-mariadb:5.0.0 mariadb - 4e1142ff158d gongysh/centos-source-cron:5.0.0 cron - 000ba4ca1974 gongysh/centos-source-kolla-toolbox:5.0.0 kolla_toolbox - 0fe21b1ad18c gongysh/centos-source-fluentd:5.0.0 fluentd - a13e45fc034f gongysh/centos-source-memcached:5.0.0 memcached - -.. - - -6. Install tacker client: - -.. code-block:: console - - $ sudo pip install python-tackerclient - -.. - - -7. Check the Tacker server is running well: - -.. code-block:: console - - $ . /etc/kolla/admin-openrc.sh - $ openstack vim list - -.. +.. [1] https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html diff --git a/doc/source/install/kubernetes_vim_installation.rst b/doc/source/install/kubernetes_vim_installation.rst index f80790cdc..bb3ddf18e 100644 --- a/doc/source/install/kubernetes_vim_installation.rst +++ b/doc/source/install/kubernetes_vim_installation.rst @@ -27,242 +27,243 @@ creating Kubernetes cluster and setting up native Neutron-based networking between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will bring VMs and Pods (and other Kubernetes resources) on the same network. -1. Edit local.conf file by adding the following content +#. Edit local.conf file by adding the following content -.. code-block:: console + .. code-block:: console - # Enable kuryr-kubernetes, docker, octavia - KUBERNETES_VIM=True - enable_plugin kuryr-kubernetes https://opendev.org/openstack/kuryr-kubernetes master - enable_plugin octavia https://opendev.org/openstack/octavia master - enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master - KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24" + # Enable kuryr-kubernetes, docker, octavia + KUBERNETES_VIM=True + enable_plugin kuryr-kubernetes https://opendev.org/openstack/kuryr-kubernetes master + enable_plugin octavia https://opendev.org/openstack/octavia master + enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master + KURYR_K8S_CLUSTER_IP_RANGE="10.0.0.0/24" -The public network will be used to launched LoadBalancer for Services in -Kubernetes. The example for setting public subnet is described in [#first]_ + The public network will be used to launched LoadBalancer for Services in + Kubernetes. The example for setting public subnet is described in [#first]_ -For more details, users also see the same examples in [#second]_ and [#third]_. + For more details, users also see the same examples in [#second]_ and [#third]_. -2. Run stack.sh +#. Run stack.sh -.. code-block:: console + .. code-block:: console - $ ./stack.sh + $ ./stack.sh -3. Get Kubernetes VIM configuration +#. Get Kubernetes VIM configuration -* After successful installation, user can get "Bearer Token": + * After successful installation, user can get "Bearer Token": -.. code-block:: console + .. code-block:: console - $ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t') + $ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t') -In the Hyperkube folder /yourdirectory/data/hyperkube/, user can get more -information for authenticating to Kubernetes cluster. + In the Hyperkube folder /yourdirectory/data/hyperkube/, user can get more + information for authenticating to Kubernetes cluster. -* Get ssl_ca_cert: + * Get ssl_ca_cert: -.. code-block:: console + .. code-block:: console - $ sudo cat /opt/stack/data/hyperkube/ca.crt - -----BEGIN CERTIFICATE----- - MIIDUzCCAjugAwIBAgIJAI+laRsxtQQMMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV - BAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzAeFw0xNzEwMDkxMzI5NDNaFw0yNzEw - MDcxMzI5NDNaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzCCASIw - DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfJ+Lsq8VmXBfZC4OPm96Y1Ots2 - Np/fuGLEhT+JpHGCK65l4WpBf+FkcNDIb5Jn1EBr5XDEVN1hlzcPdCHu1sAvfTNB - AJkq/4TzkenEusxiQ8TQWDnIrAo73tkYPyQMAfXHifyM20gCz/jM+Zy2IoQDArRq - MItRdoFa+7rRJntFk56y9NZTzDqnziLFFoT6W3ZdU3BElX6oWarbLWxNNpYlVEbI - YdfooLqKTH+25Fh3TKsMVxOdc7A5MggXRHYYkbbDgDAVln9ki9x/c6U+5bQQ9H8+ - +Lhzdova4gjq/RBJCtiISN7HvLuq+VenArFREgAqr/r/rQZckeAD/4mzQNECAwEA - AaOBjzCBjDAdBgNVHQ4EFgQU1zZHXIHhmPDe+ajaNqsOdu5QfbswUAYDVR0jBEkw - R4AU1zZHXIHhmPDe+ajaNqsOdu5QfbuhJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w - LjJAMTUwNzU1NTc4M4IJAI+laRsxtQQMMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD - AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAr8ARlYpIbeML8fbxdAARuZ/dJpbKvyNHC - GXJI/Uh4xKmj3LrdDYQjHb1tbRSV2S/gQld+En0L92XGUl/x1pG/GainDVpxpTdt - FwA5SMG5HLHrudZBRW2Dqe1ItKjx4ofdjz+Eni17QYnI0CEdJZyq7dBInuCyeOu9 - y8BhzIOFQALYYL+K7nERKsTSDUnTwgpN7p7CkPnAGUj51zqVu2cOJe48SWoO/9DZ - AT0UKTr/agkkjHL0/kv4x+Qhr/ICjd2JbW7ePxQBJ8af+SYuKx7IRVnubnqVMEN6 - V/kEAK/h2NAKS8OnlBgUMXIojSInmGXJfM5l1GUlQiqiBTv21Fm6 - -----END CERTIFICATE----- + $ sudo cat /opt/stack/data/hyperkube/ca.crt + -----BEGIN CERTIFICATE----- + MIIDUzCCAjugAwIBAgIJAI+laRsxtQQMMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV + BAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzAeFw0xNzEwMDkxMzI5NDNaFw0yNzEw + MDcxMzI5NDNaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzU1NTc4MzCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfJ+Lsq8VmXBfZC4OPm96Y1Ots2 + Np/fuGLEhT+JpHGCK65l4WpBf+FkcNDIb5Jn1EBr5XDEVN1hlzcPdCHu1sAvfTNB + AJkq/4TzkenEusxiQ8TQWDnIrAo73tkYPyQMAfXHifyM20gCz/jM+Zy2IoQDArRq + MItRdoFa+7rRJntFk56y9NZTzDqnziLFFoT6W3ZdU3BElX6oWarbLWxNNpYlVEbI + YdfooLqKTH+25Fh3TKsMVxOdc7A5MggXRHYYkbbDgDAVln9ki9x/c6U+5bQQ9H8+ + +Lhzdova4gjq/RBJCtiISN7HvLuq+VenArFREgAqr/r/rQZckeAD/4mzQNECAwEA + AaOBjzCBjDAdBgNVHQ4EFgQU1zZHXIHhmPDe+ajaNqsOdu5QfbswUAYDVR0jBEkw + R4AU1zZHXIHhmPDe+ajaNqsOdu5QfbuhJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w + LjJAMTUwNzU1NTc4M4IJAI+laRsxtQQMMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD + AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAr8ARlYpIbeML8fbxdAARuZ/dJpbKvyNHC + GXJI/Uh4xKmj3LrdDYQjHb1tbRSV2S/gQld+En0L92XGUl/x1pG/GainDVpxpTdt + FwA5SMG5HLHrudZBRW2Dqe1ItKjx4ofdjz+Eni17QYnI0CEdJZyq7dBInuCyeOu9 + y8BhzIOFQALYYL+K7nERKsTSDUnTwgpN7p7CkPnAGUj51zqVu2cOJe48SWoO/9DZ + AT0UKTr/agkkjHL0/kv4x+Qhr/ICjd2JbW7ePxQBJ8af+SYuKx7IRVnubnqVMEN6 + V/kEAK/h2NAKS8OnlBgUMXIojSInmGXJfM5l1GUlQiqiBTv21Fm6 + -----END CERTIFICATE----- -* Get basic authentication username and password: + * Get basic authentication username and password: -.. code-block:: console + .. code-block:: console - $ sudo cat /opt/stack/data/hyperkube/basic_auth.csv - admin,admin,admin + $ sudo cat /opt/stack/data/hyperkube/basic_auth.csv + admin,admin,admin -The basic auth file is a csv file with a minimum of 3 columns: password, -user name, user id. If there are more than 3 columns, see the following -example: + The basic auth file is a csv file with a minimum of 3 columns: password, + user name, user id. If there are more than 3 columns, see the following + example: -.. code-block:: console + .. code-block:: console - password,user,uid,"group1,group2,group3" + password,user,uid,"group1,group2,group3" -In this example, the user belongs to group1, group2 and group3. + In this example, the user belongs to group1, group2 and group3. -* Get Kubernetes server url + * Get Kubernetes server url -By default Kubernetes server listens on https://127.0.0.1:6443 and -https://{HOST_IP}:6443 + By default Kubernetes server listens on https://127.0.0.1:6443 and + https://{HOST_IP}:6443 -.. code-block:: console + .. code-block:: console - $ curl http://localhost:8080/api/ - { - "kind": "APIVersions", - "versions": [ - "v1" - ], - "serverAddressByClientCIDRs": [ + $ curl http://localhost:8080/api/ { - "clientCIDR": "0.0.0.0/0", - "serverAddress": "192.168.11.110:6443" + "kind": "APIVersions", + "versions": [ + "v1" + ], + "serverAddressByClientCIDRs": [ + { + "clientCIDR": "0.0.0.0/0", + "serverAddress": "192.168.11.110:6443" + } + ] } - ] - } -4. Check Kubernetes cluster installation +#. Check Kubernetes cluster installation -By default, after set KUBERNETES_VIM=True, Devstack creates a public network -called net-k8s, and two extra ones for the kubernetes services and pods under -the project k8s: + By default, after set KUBERNETES_VIM=True, Devstack creates a public network + called net-k8s, and two extra ones for the kubernetes services and pods + under the project k8s: -.. code-block:: console + .. code-block:: console - $ openstack network list --project admin - +--------------------------------------+-----------------+--------------------------------------+ - | ID | Name | Subnets | - +--------------------------------------+-----------------+--------------------------------------+ - | 28361f77-1875-4070-b0dc-014e26c48aeb | public | 28c51d19-d437-46e8-9b0e-00bc392c57d6 | - | 71c20650-6295-4462-9219-e0007120e64b | k8s-service-net | f2835c3a-f567-44f6-b006-a6f7c52f2396 | - | 97c12aef-54f3-41dc-8b80-7f07c34f2972 | k8s-pod-net | 7759453f-6e8a-4660-b845-964eca537c44 | - | 9935fff9-f60c-4fe8-aa77-39ba7ac10417 | net0 | 92b2bd7b-3c14-4d32-8de3-9d3cc4d204cb | - | c2120b78-880f-4f28-8dc1-3d33b9f3020b | net_mgmt | fc7b3f32-5cac-4857-83ab-d3700f4efa60 | - | ec194ffc-533e-46b3-8547-6f43d92b91a2 | net1 | 08beb9a1-cd74-4f2d-b2fa-0e5748d80c27 | - +--------------------------------------+-----------------+--------------------------------------+ + $ openstack network list --project admin + +--------------------------------------+-----------------+--------------------------------------+ + | ID | Name | Subnets | + +--------------------------------------+-----------------+--------------------------------------+ + | 28361f77-1875-4070-b0dc-014e26c48aeb | public | 28c51d19-d437-46e8-9b0e-00bc392c57d6 | + | 71c20650-6295-4462-9219-e0007120e64b | k8s-service-net | f2835c3a-f567-44f6-b006-a6f7c52f2396 | + | 97c12aef-54f3-41dc-8b80-7f07c34f2972 | k8s-pod-net | 7759453f-6e8a-4660-b845-964eca537c44 | + | 9935fff9-f60c-4fe8-aa77-39ba7ac10417 | net0 | 92b2bd7b-3c14-4d32-8de3-9d3cc4d204cb | + | c2120b78-880f-4f28-8dc1-3d33b9f3020b | net_mgmt | fc7b3f32-5cac-4857-83ab-d3700f4efa60 | + | ec194ffc-533e-46b3-8547-6f43d92b91a2 | net1 | 08beb9a1-cd74-4f2d-b2fa-0e5748d80c27 | + +--------------------------------------+-----------------+--------------------------------------+ -To check Kubernetes cluster works well, please see some tests in -kuryr-kubernetes to get more information [#fourth]_. + To check Kubernetes cluster works well, please see some tests in + kuryr-kubernetes to get more information [#fourth]_. -5. Register Kubernetes VIM +#. Register Kubernetes VIM -In vim_config.yaml, project_name is fixed as "default", that will use to -support multi tenant on Kubernetes in the future. + In vim_config.yaml, project_name is fixed as "default", that will use to + support multi tenant on Kubernetes in the future. -* Create vim_config.yaml file for Kubernetes VIM as the following examples: + Create vim_config.yaml file for Kubernetes VIM as the following examples: -.. code-block:: console + .. code-block:: console - auth_url: "https://192.168.11.110:6443" - bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ" - ssl_ca_cert: "None" - project_name: "default" - type: "kubernetes" + auth_url: "https://192.168.11.110:6443" + bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ" + ssl_ca_cert: "None" + project_name: "default" + type: "kubernetes" -* Or vim_config.yaml with ssl_ca_cert enabled: + Or vim_config.yaml with ssl_ca_cert enabled: -.. code-block:: console + .. code-block:: console - auth_url: "https://192.168.11.110:6443" - bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ" - ssl_ca_cert: "-----BEGIN CERTIFICATE----- - MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV - BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw - MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw - DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s - Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b - jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m - ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh - IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/ - xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA - AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw - R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w - LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD - AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM - J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2 - Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7 - tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ - U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs - MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk - -----END CERTIFICATE-----" - project_name: "default" - type: "kubernetes" + auth_url: "https://192.168.11.110:6443" + bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ" + ssl_ca_cert: "-----BEGIN CERTIFICATE----- + MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV + BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw + MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s + Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b + jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m + ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh + IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/ + xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA + AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw + R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w + LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD + AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM + J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2 + Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7 + tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ + U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs + MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk + -----END CERTIFICATE-----" + project_name: "default" + type: "kubernetes" -* You can also specify username and password for Kubernetes VIM configuration: + You can also specify username and password for Kubernetes VIM configuration: -.. code-block:: console + .. code-block:: console - auth_url: "https://192.168.11.110:6443" - username: "admin" - password: "admin" - ssl_ca_cert: "-----BEGIN CERTIFICATE----- - MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV - BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw - MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw - DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s - Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b - jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m - ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh - IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/ - xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA - AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw - R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w - LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD - AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM - J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2 - Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7 - tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ - U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs - MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk - -----END CERTIFICATE-----" - project_name: "default" - type: "kubernetes" + auth_url: "https://192.168.11.110:6443" + username: "admin" + password: "admin" + ssl_ca_cert: "-----BEGIN CERTIFICATE----- + MIIDUzCCAjugAwIBAgIJANPOjG38TA+fMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNV + BAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTAeFw0xNzEwMDYxMjUxMDVaFw0yNzEw + MDQxMjUxMDVaMCAxHjAcBgNVBAMMFTE3Mi4xNy4wLjJAMTUwNzI5NDI2NTCCASIw + DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKlPwd5Dp484Fb+SjBZeV8qF4k8s + Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b + jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m + ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh + IYSI0/xT1CDIlPmVucKRn/OVxpuTQ/WuVt7yIMRKIlApsZurZSt7ypR7SlQOLEx/ + xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA + AaOBjzCBjDAdBgNVHQ4EFgQUxINzbfoA2RzXk584ETZ0agWDDk8wUAYDVR0jBEkw + R4AUxINzbfoA2RzXk584ETZ0agWDDk+hJKQiMCAxHjAcBgNVBAMMFTE3Mi4xNy4w + LjJAMTUwNzI5NDI2NYIJANPOjG38TA+fMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD + AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQB7zNVRX++hUXs7+Fg1H2havCkSe63b/oEM + J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2 + Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7 + tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ + U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs + MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk + -----END CERTIFICATE-----" + project_name: "default" + type: "kubernetes" -User can change the authentication like username, password, etc. Please see -Kubernetes document [#fifth]_ to read more information about Kubernetes -authentication. + User can change the authentication like username, password, etc. Please see + Kubernetes document [#fifth]_ to read more information about Kubernetes + authentication. -* Run Tacker command for register vim: + Run Tacker command for register vim: -.. code-block:: console + .. code-block:: console - $ openstack vim register --config-file vim_config.yaml vim-kubernetes + $ openstack vim register --config-file vim_config.yaml vim-kubernetes - $ openstack vim list - +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ - | id | tenant_id | name | type | is_default | placement_attr | status | - +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ - | 45456bde-6179-409c-86a1-d8cd93bd0c6d | a6f9b4bc9a4d439faa91518416ec0999 | vim-kubernetes | kubernetes | False | {u'regions': [u'default', u'kube-public', u'kube-system']} | REACHABLE | - +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ + $ openstack vim list + +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ + | id | tenant_id | name | type | is_default | placement_attr | status | + +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ + | 45456bde-6179-409c-86a1-d8cd93bd0c6d | a6f9b4bc9a4d439faa91518416ec0999 | vim-kubernetes | kubernetes | False | {u'regions': [u'default', u'kube-public', u'kube-system']} | REACHABLE | + +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ -In ``placement_attr``, there are three regions: 'default', 'kube-public', -'kube-system', that map to ``namespace`` in Kubernetes environment. + In ``placement_attr``, there are three regions: 'default', 'kube-public', + 'kube-system', that map to ``namespace`` in Kubernetes environment. -* Other related commands to Kubernetes VIM + Other related commands to Kubernetes VIM: -.. code-block:: console + .. code-block:: console - $ cat kubernetes-VIM-update.yaml - username: "admin" - password: "admin" - project_name: "default" - ssl_ca_cert: "None" - type: "kubernetes" + $ cat kubernetes-VIM-update.yaml + username: "admin" + password: "admin" + project_name: "default" + ssl_ca_cert: "None" + type: "kubernetes" - $ tacker vim-update vim-kubernetes --config-file kubernetes-VIM-update.yaml - $ tacker vim-show vim-kubernetes - $ tacker vim-delete vim-kubernetes + $ tacker vim-update vim-kubernetes --config-file kubernetes-VIM-update.yaml + $ tacker vim-show vim-kubernetes + $ tacker vim-delete vim-kubernetes -When update Kubernetes VIM, user can update VIM information (such as username, -password, bearer_token and ssl_ca_cert) except auth_url and type of VIM. + When update Kubernetes VIM, user can update VIM information (such as username, + password, bearer_token and ssl_ca_cert) except auth_url and type of VIM. References -========== +---------- + .. [#first] https://github.com/openstack-dev/devstack/blob/master/doc/source/networking.rst#shared-guest-interface .. [#second] https://github.com/openstack/tacker/blob/master/doc/source/install/devstack.rst .. [#third] https://github.com/openstack/tacker/blob/master/devstack/local.conf.kubernetes diff --git a/doc/source/install/manual_installation.rst b/doc/source/install/manual_installation.rst index da97f6e1e..c2aa2b33e 100644 --- a/doc/source/install/manual_installation.rst +++ b/doc/source/install/manual_installation.rst @@ -21,369 +21,310 @@ Manual Installation This document describes how to install and run Tacker manually. +.. note:: + + User is supposed to install on Ubuntu. Some examples are invalid on other + distirbutions. For example, you should replace ``/usr/local/bin/`` with + ``/usr/bin/`` on CentOS. + Pre-requisites -============== +-------------- -1). Ensure that OpenStack components Keystone, Mistral, Barbican and -Horizon are installed. Refer the list below for installation of -these OpenStack projects on different Operating Systems. +#. Install required components. -* https://docs.openstack.org/keystone/latest/install/index.html -* https://docs.openstack.org/mistral/latest/admin/install/index.html -* https://docs.openstack.org/barbican/latest/install/install.html -* https://docs.openstack.org/horizon/latest/install/index.html + Ensure that OpenStack components, Keystone, Mistral, Barbican and + Horizon are installed. Refer the list below for installation of + these OpenStack projects on different Operating Systems. -2). one admin-openrc.sh file is generated. one sample admin-openrc.sh file -is like the below: + * https://docs.openstack.org/keystone/latest/install/index.html + * https://docs.openstack.org/mistral/latest/admin/install/index.html + * https://docs.openstack.org/barbican/latest/install/install.html + * https://docs.openstack.org/horizon/latest/install/index.html -.. code-block:: ini +#. Create ``admin-openrc.sh`` for env variables. - export OS_PROJECT_DOMAIN_NAME=Default - export OS_USER_DOMAIN_NAME=Default - export OS_PROJECT_NAME=admin - export OS_TENANT_NAME=admin - export OS_USERNAME=admin - export OS_PASSWORD=KTskN5eUMTpeHLKorRcZBBbH0AM96wdvgQhwENxY - export OS_AUTH_URL=http://localhost:5000/identity - export OS_INTERFACE=internal - export OS_IDENTITY_API_VERSION=3 - export OS_REGION_NAME=RegionOne + .. code-block:: shell + + export OS_PROJECT_DOMAIN_NAME=Default + export OS_USER_DOMAIN_NAME=Default + export OS_PROJECT_NAME=admin + export OS_TENANT_NAME=admin + export OS_USERNAME=admin + export OS_PASSWORD=KTskN5eUMTpeHLKorRcZBBbH0AM96wdvgQhwENxY + export OS_AUTH_URL=http://localhost:5000/identity + export OS_INTERFACE=internal + export OS_IDENTITY_API_VERSION=3 + export OS_REGION_NAME=RegionOne -Installing Tacker server -======================== +Installing Tacker Server +------------------------ .. note:: - The paths we are using for configuration files in these steps are with reference to - Ubuntu Operating System. The paths may vary for other Operating Systems. + The ```` in command examples is replaced with specific branch + name, such as ``stable/ussuri``. - The branch_name which is used in commands, specify the branch_name as - "stable/" for any stable branch installation. - For eg: stable/ocata, stable/newton. If unspecified the default will be - "master" branch. +#. Create MySQL database and user. + .. code-block:: console -1). Create MySQL database and user. + $ mysql -uroot -p -.. code-block:: console + Create database ``tacker`` and grant provileges for ``tacker`` user with + password ```` on all tables. - mysql -uroot -p - CREATE DATABASE tacker; - GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost' \ - IDENTIFIED BY ''; - GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' \ - IDENTIFIED BY ''; - exit; -.. + .. code-block:: -.. note:: + CREATE DATABASE tacker; + GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost' \ + IDENTIFIED BY ''; + GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' \ + IDENTIFIED BY ''; + exit; - Replace ``TACKERDB_PASSWORD`` with your password. +#. Create OpenStack user, role and endpoint. -2). Create users, roles and endpoints: + #. Set admin credentials to gain access to admin-only CLI commands. -a). Source the admin credentials to gain access to admin-only CLI commands: + .. code-block:: console -.. code-block:: console + $ . admin-openrc.sh - . admin-openrc.sh -.. + #. Create ``tacker`` user with admin privileges. -b). Create tacker user with admin privileges. + .. code-block:: console -.. note:: + $ openstack user create --domain default --password tacker + $ openstack role add --project service --user tacker admin - Project_name can be "service" or "services" depending on your - OpenStack distribution. -.. + .. note:: -.. code-block:: console + Project name can be ``service`` or ``services`` depending on your + OpenStack distribution. - openstack user create --domain default --password tacker - openstack role add --project service --user tacker admin -.. + #. Create ``tacker`` service. -c). Create tacker service. + .. code-block:: console -.. code-block:: console + $ openstack service create --name tacker \ + --description "Tacker Project" nfv-orchestration - openstack service create --name tacker \ - --description "Tacker Project" nfv-orchestration -.. + #. Provide an endpoint to tacker service. -d). Provide an endpoint to tacker service. + For keystone v3: -If you are using keystone v3 then, + .. code-block:: console -.. code-block:: console + $ openstack endpoint create --region RegionOne nfv-orchestration \ + public http://:9890/ + $ openstack endpoint create --region RegionOne nfv-orchestration \ + internal http://:9890/ + $ openstack endpoint create --region RegionOne nfv-orchestration \ + admin http://:9890/ - openstack endpoint create --region RegionOne nfv-orchestration \ - public http://:9890/ - openstack endpoint create --region RegionOne nfv-orchestration \ - internal http://:9890/ - openstack endpoint create --region RegionOne nfv-orchestration \ - admin http://:9890/ -.. + Or keystone v2: -If you are using keystone v2 then, + .. code-block:: console -.. code-block:: console + $ openstack endpoint create --region RegionOne \ + --publicurl 'http://:9890/' \ + --adminurl 'http://:9890/' \ + --internalurl 'http://:9890/' - openstack endpoint create --region RegionOne \ - --publicurl 'http://:9890/' \ - --adminurl 'http://:9890/' \ - --internalurl 'http://:9890/' -.. +#. Clone tacker repository. -3). Clone tacker repository. + You can use ``-b`` for specific release optionally. -.. code-block:: console + .. code-block:: console - cd ~/ - git clone https://github.com/openstack/tacker -b -.. + $ cd ${HOME} + $ git clone https://opendev.org/openstack/tacker.git -b -4). Install all requirements. +#. Install required packages and tacker itself. -.. code-block:: console + .. code-block:: console - cd tacker - sudo pip install -r requirements.txt -.. + $ cd ${HOME}/tacker + $ sudo pip3 install -r requirements.txt + $ sudo python3 setup.py install +#. Create directories for tacker. -5). Install tacker. + Directories log, VNF packages and csar files are required. -.. code-block:: console + .. code-block:: console - sudo python setup.py install -.. + $ sudo mkdir -p /var/log/tacker \ + /var/lib/tacker/vnfpackages \ + /var/lib/tacker/csar_files -.. + .. note:: -6). Create 'tacker' directory in '/var/log', and create directories for vnf - package and zip csar file(for glance store). + In case of multi node deployment, we recommend to configure + ``/var/lib/tacker/csar_files`` on a shared storage. -.. code-block:: console +#. Generate the ``tacker.conf.sample`` using + ``tools/generate_config_file_sample.sh`` or ``tox -e config-gen`` command. + Rename the ``tacker.conf.sample`` file at ``etc/tacker/`` to + ``tacker.conf``. Then edit it to ensure the below entries: - sudo mkdir /var/log/tacker - sudo mkdir -p /var/lib/tacker/vnfpackages - sudo mkdir -p /var/lib/tacker/csar_files + .. note:: -.. note:: + Ignore any warnings generated while using the + "generate_config_file_sample.sh". - In case of multi node deployment, we recommend to configure - /var/lib/tacker/csar_files on a shared storage. + .. note:: -.. + project_name can be "service" or "services" depending on your + OpenStack distribution in the keystone_authtoken section. -7). Generate the tacker.conf.sample using tools/generate_config_file_sample.sh - or 'tox -e config-gen' command. Rename the "tacker.conf.sample" file at - "etc/tacker/" to tacker.conf. Then edit it to ensure the below entries: + .. note:: -.. note:: + The path of tacker-rootwrap varies according to the operating system, + e.g. it is /usr/bin/tacker-rootwrap for CentOS, therefore the configuration for + [agent] should be like: - Ignore any warnings generated while using the - "generate_config_file_sample.sh". + .. code-block:: ini -.. - -.. note:: - - project_name can be "service" or "services" depending on your - OpenStack distribution in the keystone_authtoken section. -.. - -.. note:: - - The path of tacker-rootwrap varies according to the operating system, - e.g. it is /usr/bin/tacker-rootwrap for CentOS, therefore the configuration for - [agent] should be like: + [agent] + root_helper = sudo /usr/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf .. code-block:: ini + [DEFAULT] + auth_strategy = keystone + policy_file = /usr/local/etc/tacker/policy.json + debug = True + use_syslog = False + bind_host = + bind_port = 9890 + service_plugins = nfvo,vnfm + + state_path = /var/lib/tacker + ... + + [nfvo_vim] + vim_drivers = openstack + + [keystone_authtoken] + memcached_servers = 11211 + region_name = RegionOne + auth_type = password + project_domain_name = + user_domain_name = + username = + project_name = service + password = + auth_url = http://:5000 + www_authenticate_uri = http://:5000 + ... + [agent] - root_helper = sudo /usr/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf - .. -.. + root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf + ... -.. code-block:: ini + [database] + connection = mysql+pymysql://tacker:@:3306/tacker?charset=utf8 + ... - [DEFAULT] - auth_strategy = keystone - policy_file = /usr/local/etc/tacker/policy.json - debug = True - use_syslog = False - bind_host = - bind_port = 9890 - service_plugins = nfvo,vnfm + [tacker] + monitor_driver = ping,http_ping - state_path = /var/lib/tacker - ... +#. Copy the ``tacker.conf`` to ``/usr/local/etc/tacker/`` directory. - [nfvo_vim] - vim_drivers = openstack + .. code-block:: console - [keystone_authtoken] - memcached_servers = 11211 - region_name = RegionOne - auth_type = password - project_domain_name = - user_domain_name = - username = - project_name = service - password = - auth_url = http://:5000 - www_authenticate_uri = http://:5000 - ... + $ sudo su + $ cp etc/tacker/tacker.conf /usr/local/etc/tacker/ - [agent] - root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf - ... - - [database] - connection = mysql+pymysql://tacker:@:3306/tacker?charset=utf8 - ... - - [tacker] - monitor_driver = ping,http_ping - -.. - -8). Copy the tacker.conf file to "/usr/local/etc/tacker/" directory - -.. code-block:: console - - sudo su - cp etc/tacker/tacker.conf /usr/local/etc/tacker/ - -.. - -9). Populate Tacker database: - -.. note:: - - The path of tacker-db-manage varies according to the operating system, - e.g. it is /usr/bin/tacker-bin-manage for CentOS - -.. - -.. code-block:: console - - /usr/local/bin/tacker-db-manage --config-file /usr/local/etc/tacker/tacker.conf upgrade head - -.. - -10). To support systemd, copy tacker.service and tacker-conductor.service file to - "/etc/systemd/system/" directory, and restart systemctl daemon. - -.. code-block:: console - - sudo su - cp etc/systemd/system/tacker.service /etc/systemd/system/ - cp etc/systemd/system/tacker-conductor.service /etc/systemd/system/ - systemctl daemon-reload - -.. - -.. note:: - - Needs systemd support. - By default Ubuntu16.04 onward is supported. -.. +#. Populate Tacker database. -Install Tacker client -===================== + .. code-block:: console -1). Clone tacker-client repository. + $ /usr/local/bin/tacker-db-manage \ + --config-file /usr/local/etc/tacker/tacker.conf \ + upgrade head -.. code-block:: console +#. To make tacker be controlled from systemd, copy ``tacker.service`` and + ``tacker-conductor.service`` file to ``/etc/systemd/system/`` directory, + and restart ``systemctl`` daemon. - cd ~/ - git clone https://github.com/openstack/python-tackerclient -b -.. + .. code-block:: console -2). Install tacker-client. + $ sudo su + $ cp etc/systemd/system/tacker.service /etc/systemd/system/ + $ cp etc/systemd/system/tacker-conductor.service /etc/systemd/system/ + $ systemctl daemon-reload -.. code-block:: console +Install Tacker Client +--------------------- - cd python-tackerclient - sudo python setup.py install -.. +#. Clone ``tacker-client`` repository. + + .. code-block:: console + + $ cd ~/ + $ git clone https://opendev.org/openstack/python-tackerclient.git -b + +#. Install ``tacker-client``. + + .. code-block:: console + + $ cd ${HOME}/python-tackerclient + $ sudo python3 setup.py install Install Tacker horizon -====================== +---------------------- +#. Clone ``tacker-horizon`` repository. -1). Clone tacker-horizon repository. + .. code-block:: console -.. code-block:: console + $ cd ~/ + $ git clone https://opendev.org/openstack/tacker-horizon.git -b - cd ~/ - git clone https://github.com/openstack/tacker-horizon -b -.. +#. Install horizon module. -2). Install horizon module. + .. code-block:: console -.. code-block:: console + $ cd ${HOME}/tacker-horizon + $ sudo python3 setup.py install - cd tacker-horizon - sudo python setup.py install -.. +#. Enable tacker horizon in dashboard. -3). Enable tacker horizon in dashboard. + .. code-block:: console -.. code-block:: console + $ sudo cp tacker_horizon/enabled/* \ + /usr/share/openstack-dashboard/openstack_dashboard/enabled/ - sudo cp tacker_horizon/enabled/* \ - /usr/share/openstack-dashboard/openstack_dashboard/enabled/ -.. +#. Restart Apache server. -4). Restart Apache server. + .. code-block:: console -.. code-block:: console - - sudo service apache2 restart -.. + $ sudo service apache2 restart Starting Tacker server -====================== +---------------------- -1).Open a new console and launch tacker-server. A separate terminal is +Open a new console and launch ``tacker-server``. A separate terminal is required because the console will be locked by a running process. -.. note:: - - The path of tacker-server varies according to the operating system, - e.g. it is /usr/bin/tacker-server for CentOS - -.. - .. code-block:: console - sudo python /usr/local/bin/tacker-server \ + $ sudo python3 /usr/local/bin/tacker-server \ --config-file /usr/local/etc/tacker/tacker.conf \ --log-file /var/log/tacker/tacker.log -.. Starting Tacker conductor -========================= +------------------------- -1).Open a new console and launch tacker-conductor. A separate terminal is +Open a new console and launch tacker-conductor. A separate terminal is required because the console will be locked by a running process. -.. note:: - - The path of tacker-conductor varies according to the operating system, - e.g. it is /usr/bin/tacker-conductor for CentOS - -.. - .. code-block:: console - sudo python /usr/local/bin/tacker-conductor \ + $ sudo python /usr/local/bin/tacker-conductor \ --config-file /usr/local/etc/tacker/tacker.conf \ --log-file /var/log/tacker/tacker-conductor.log -.. diff --git a/doc/source/install/openstack_vim_installation.rst b/doc/source/install/openstack_vim_installation.rst index b5bf1e4aa..6425c73eb 100644 --- a/doc/source/install/openstack_vim_installation.rst +++ b/doc/source/install/openstack_vim_installation.rst @@ -34,7 +34,7 @@ The basic information and the topology of these nodes is like this: Prepare kolla-ansible -~~~~~~~~~~~~~~~~~~~~~ +--------------------- About how to prepare Docker and kolla-ansible environment, please refer to @@ -42,37 +42,26 @@ https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html Set up local kolla-ansible docker registry -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +------------------------------------------ Kolla-ansible is publishing the packaged Docker images at http://tarballs.openstack.org/kolla/images/. This document will use -centos-source-registry-pike.tar.gz. So Download it: +``centos-source-registry-pike.tar.gz``. + +Download this file and extract: .. code-block:: console # wget http://tarballs.openstack.org/kolla/images/centos-source-registry-pike.tar.gz - -.. - - -And unpack it: - -.. code-block:: console - # tar xzvf centos-source-registry-pike.tar.gz -C /opt/registry/ -.. - -And start Docker registry container: +Start Docker registry container: .. code-block:: console # docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2 -.. - - -And set Docker to access local registry via insecure channel: +Set Docker to access local registry via insecure channel: .. code-block:: console @@ -81,15 +70,12 @@ And set Docker to access local registry via insecure channel: # systemctl daemon-reload # systemctl restart docker -.. - .. note:: The way to set up Docker to access insecure registry depends on operating system and Docker version, above way is just an example. - -And verify the local registry contains the needed images: +Verify the local registry contains the needed images: .. code-block:: console @@ -97,127 +83,115 @@ And verify the local registry contains the needed images: # curl -k localhost:4000/v2/lokolla/centos-source-fluentd/tags/list {"name":"lokolla/centos-source-fluentd","tags":["5.0.1"]} -.. - Install OpenStack -~~~~~~~~~~~~~~~~~ +----------------- -1. Edit kolla ansible's configuration file /etc/kolla/globals.yml: +#. Edit kolla ansible's configuration file ``/etc/kolla/globals.yml``: -.. code-block:: ini + .. code-block:: ini - --- - kolla_install_type: "source" - openstack_release: "5.0.1" - kolla_internal_vip_address: "10.1.0.5" - docker_registry: "10.1.0.6:4000" - docker_namespace: "lokolla" - api_interface: "eth0" - tunnel_interface: "eth1" - neutron_external_interface: "eth2" - enable_glance: "yes" - enable_haproxy: "yes" - enable_keystone: "yes" - enable_mariadb: "yes" - enable_memcached: "yes" - enable_neutron: "yes" - enable_nova: "yes" - enable_rabbitmq: "yes" - enable_aodh: "yes" - enable_ceilometer: "yes" - enable_gnocchi: "yes" - enable_heat: "yes" - enable_horizon: "yes" - enable_neutron_sfc: "yes" + --- + kolla_install_type: "source" + openstack_release: "5.0.1" + kolla_internal_vip_address: "10.1.0.5" + docker_registry: "10.1.0.6:4000" + docker_namespace: "lokolla" + api_interface: "eth0" + tunnel_interface: "eth1" + neutron_external_interface: "eth2" + enable_glance: "yes" + enable_haproxy: "yes" + enable_keystone: "yes" + enable_mariadb: "yes" + enable_memcached: "yes" + enable_neutron: "yes" + enable_nova: "yes" + enable_rabbitmq: "yes" + enable_aodh: "yes" + enable_ceilometer: "yes" + enable_gnocchi: "yes" + enable_heat: "yes" + enable_horizon: "yes" + enable_neutron_sfc: "yes" + + .. note:: + + If nodes are using different network interface names to connect each + other, please define them in inventory file. + + "10.1.0.5" is an un-used ip address, will be used as VIP address, + realized by keepalived container. -.. note:: +#. Run kolla-genpwd to generate system passwords: - If nodes are using different network interface names to connect each other, - please define them in inventory file. + .. code-block:: console - "10.1.0.5" is an un-used ip address, will be used as VIP address, realized - by keepalived container. + $ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml + $ sudo kolla-genpwd + + .. note:: + + If the pypi version is used to install kolla-ansible the skeleton + passwords file may be under + ``/usr/share/kolla-ansible/etc_examples/kolla``. -2. Run kolla-genpwd to generate system passwords: - -.. code-block:: console - - $ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml - $ sudo kolla-genpwd - -.. - -.. note:: - - If the pypi version is used to install kolla-ansible the skeleton passwords - file may be under '/usr/share/kolla-ansible/etc_examples/kolla'. + With this command, ``/etc/kolla/passwords.yml`` will be populated with + generated passwords. -With this command, /etc/kolla/passwords.yml will be populated with -generated passwords. +#. Editor inventory: + First copy the sample multinode inventory file from kolla-ansible: -3. Editor inventory: + .. code-block:: console -First copy the sample multinode inventory file from kolla-ansible: + # cp inventory/multinode ~/ -.. code-block:: console + Then edit it to contain all of the OpenStack nodes. - # cp inventory/multinode ~/ + .. code-block:: ini -.. + [all_vim_nodes] + 10.1.0.8 + 10.1.0.7 + 10.1.0.6 + [control:children] + all_vim_nodes -Then edit it to contain all of the OpenStack nodes. + [network:children] + all_vim_nodes -.. code-block:: ini + [compute:children] + all_vim_nodes - [all_vim_nodes] - 10.1.0.8 - 10.1.0.7 - 10.1.0.6 + [monitoring:children] + all_vim_nodes - [control:children] - all_vim_nodes + [storage:children] + #if the tacker needs volume feature, put related nodes here - [network:children] - all_vim_nodes +#. Run kolla ansible deploy to install OpenStack system: - [compute:children] - all_vim_nodes + .. code-block:: console - [monitoring:children] - all_vim_nodes + # kolla-ansible deploy -i ~/multinode - [storage:children] - #if the tacker needs volume feature, put related nodes here +#. Run kolla ansible post-deploy to generate tacker access environment file: -4. Run kolla ansible deploy to install OpenStack system: + .. code-block:: console -.. code-block:: console + # kolla-ansible post-deploy - # kolla-ansible deploy -i ~/multinode - -.. - - -5. Run kolla ansible post-deploy to generate tacker access environment file: - -.. code-block:: console - - # kolla-ansible post-deploy - -.. - -With this command, the "admin-openrc.sh" will be generated at -/etc/kolla/admin-openrc.sh. + With this command, the ``admin-openrc.sh`` will be generated at + ``/etc/kolla/admin-openrc.sh``. Prepare OpenStack -~~~~~~~~~~~~~~~~~ +----------------- After installation, OpenStack administrator needs to: @@ -227,34 +201,34 @@ After installation, OpenStack administrator needs to: in OpenStack. * Upload related images. Tacker repo's sample TOSCA templates are - referring to cirros image named 'cirros-0.4.0-x86_64-disk', so + referring to cirros image named ``cirros-0.4.0-x86_64-disk``, so this image should uploaded into OpenStack before Tacker uses it. In additions, following steps are needed: -1. Create projects and users which can be used by Tacker: +#. Create projects and users which can be used by Tacker: -This is a simple task for any OpenStack administrator, but one thing to pay -attention to is that the user must have 'admin' and 'heat_stack_owner' -roles on the user's project. + This is a simple task for any OpenStack administrator, but one thing to pay + attention to is that the user must have ``admin`` and ``heat_stack_owner`` + roles on the user's project. -.. image:: ../_images/openstack_role.png - :scale: 50 % + .. image:: ../_images/openstack_role.png + :scale: 50 % -2. Create Neutron networks: +#. Create Neutron networks: -Most sample TOSCA templates assume there are three Neutron networks in -target OpenStack that the VIM user can use: + Most sample TOSCA templates assume there are three Neutron networks in + target OpenStack that the VIM user can use: -* net_mgmt, which is a network Tacker system can access to. Some Tacker - features, such as monitor policies, need Tacker to access started VNF - virtual machines. For Tacker to access VNF via net_mgmt, net_mgmt can - be a provider network. + * ``net_mgmt``, which is a network Tacker system can access to. Some Tacker + features, such as monitor policies, need Tacker to access started VNF + virtual machines. For Tacker to access VNF via ``net_mgmt``, ``net_mgmt`` + can be a provider network. -* net0 and net1, which are two business networks which VNFs will use. - How to connected them depends on the VNFs' business. + * ``net0`` and ``net1``, which are two business networks which VNFs will + use. How to connected them depends on the VNFs' business. -So create these three networks accordingly. For commands to create Neutron -networks, please refer to -https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network.html + So create these three networks accordingly. For commands to create Neutron + networks, please refer to + https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network.html diff --git a/samples/vim/vim_config.yaml b/samples/vim/vim_config.yaml index d639dba42..4c24ab3d4 100644 --- a/samples/vim/vim_config.yaml +++ b/samples/vim/vim_config.yaml @@ -1,7 +1,7 @@ -auth_url: 'http://10.18.112.10/identity' +auth_url: 'http://127.0.0.1/identity' username: 'nfv_user' password: 'mySecretPW' project_name: 'nfv' project_domain_name: 'Default' user_domain_name: 'Default' -cert_verify: 'False' +cert_verify: 'True'