Revise installation guides

This update is for revising contents of documents, especially for styles,
because current tacker documentation does not follow the guidelines [1].

Other than styles, this patch revises things bellow. However, [2] and
[3] are still remained old because they are very different situation
with other parts, too old and redhat distro based. It seems better to
remove the contentents insteads of upudate, but neet to have a
discussion before to decide.

* Update old links, such as referring to

* Correct explanations which are not wrong, but misunderstanding.

* Replace code blocks of `local.conf` with literalinclude to reduce
  unnecessary lines.

* Fix collapsed descriptions in format.


Change-Id: I9a2a58a804ff65dff356b424e12f605066717844
Signed-off-by: Yasufumi Ogawa <>
This commit is contained in:
Yasufumi Ogawa 2020-06-22 17:27:29 +00:00
parent 93a7ffb06c
commit 64cc7f7e44
8 changed files with 856 additions and 1177 deletions

@ -21,305 +21,141 @@ Deploying OpenWRT as VNF
Once tacker is installed successfully, follow the steps given below to get Once tacker is installed successfully, follow the steps given below to get
started with deploying OpenWRT as VNF. started with deploying OpenWRT as VNF.
1. Ensure Glance already contains OpenWRT image. #. Ensure Glance already contains OpenWRT image.
Normally, Tacker tries to add OpenWRT image to Glance while installing Normally, Tacker tries to add OpenWRT image to Glance while installing
via devstack. By running **openstack image list** to check OpenWRT image via devstack. By running ``openstack image list`` to check OpenWRT image
if exists. If not, download the customized image of OpenWRT 15.05.1 if exists.
[#f1]_. Unzip the file by using the command below:
.. code-block:: console .. code-block:: console
:emphasize-lines: 5
gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz $ openstack image list
| ID | Name | Status |
| 8cc2aaa8-5218-49e7-9a57-ddb97dc68d98 | OpenWRT | active |
| 32f875b0-9e24-4971-b82d-84d6ec620136 | cirros-0.4.0-x86_64-disk | active |
| ab0abeb8-f73c-467b-9743-b17083c02093 | cirros-0.5.1-x86_64-disk | active |
.. If not, you can get the customized image of OpenWRT 15.05.1 in your tacker repository,
or download the image from [#f1]_. Unzip the file by using the command below:
And then upload this image into Glance by using the command specified below: .. code-block:: console
.. code-block:: console $ cd /path/to/tacker/samples/images/
$ gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz
openstack image create OpenWRT --disk-format qcow2 \ Then upload the image into Glance by using command below:
--container-format bare \
--file /path_to_image/openwrt-x86-kvm_guest-combined-ext4.img \
2. Configure OpenWRT .. code-block:: console
The example below shows how to create the OpenWRT-based Firewall VNF. $ openstack image create OpenWRT --disk-format qcow2 \
First, we have a yaml template which contains the configuration of --container-format bare \
OpenWRT as shown below: --file /path/to/openwrt-x86-kvm_guest-combined-ext4.img \
*tosca-vnfd-openwrt.yaml* [#f2]_ #. Configure OpenWRT
.. code-block:: yaml The example below shows how to create the OpenWRT-based Firewall VNF.
First, we have a yaml template which contains the configuration of
OpenWRT as shown below:
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 *tosca-vnfd-openwrt.yaml* [#f2]_
description: OpenWRT with services .. literalinclude:: ../../../samples/tosca-templates/vnfd/tosca-vnfd-openwrt.yaml
:language: yaml
template_name: OpenWRT
topology_template: We also have another configuration yaml template with some firewall rules of
node_templates: OpenWRT.
VDU1: *tosca-config-openwrt-firewall.yaml* [#f3]_
type: tosca.nodes.nfv.VDU.Tacker
num_cpus: 1
mem_size: 512 MB
disk_size: 1 GB
image: OpenWRT
config: |
param0: key1
param1: key2
mgmt_driver: openwrt
name: ping
count: 3
interval: 10
failure: respawn
CP1: .. literalinclude:: ../../../samples/tosca-templates/vnfd/tosca-config-openwrt-firewall.yaml
type: tosca.nodes.nfv.CP.Tacker :language: yaml
management: true
order: 0
anti_spoofing_protection: false
- virtualLink:
node: VL1
- virtualBinding:
node: VDU1
CP2: In this template file, we specify the ``mgmt_driver: openwrt`` which means
type: tosca.nodes.nfv.CP.Tacker this VNFD is managed by openwrt driver [#f4]_. This driver can inject
properties: firewall rules which defined in VNFD into OpenWRT instance by using SSH
order: 1 protocol. We can run ``cat /etc/config/firewall`` to confirm the firewall
anti_spoofing_protection: false rules if inject succeed.
- virtualLink:
node: VL2
- virtualBinding:
node: VDU1
CP3: #. Create a sample vnfd
type: tosca.nodes.nfv.CP.Tacker
order: 2
anti_spoofing_protection: false
- virtualLink:
node: VL3
- virtualBinding:
node: VDU1
VL1: .. code-block:: console
type: tosca.nodes.nfv.VL
network_name: net_mgmt
vendor: Tacker
VL2: $ openstack vnf descriptor create \
type: tosca.nodes.nfv.VL --vnfd-file tosca-vnfd-openwrt.yaml <VNFD_NAME>
network_name: net0
vendor: Tacker
VL3: #. Create a VNF
type: tosca.nodes.nfv.VL
network_name: net1
vendor: Tacker firewall
.. .. code-block:: console
We also have another configuration yaml template with some firewall rules of $ openstack vnf create --vnfd-name <VNFD_NAME> \
OpenWRT. --config-file tosca-config-openwrt-firewall.yaml <NAME>
*tosca-config-openwrt-firewall.yaml* [#f3]_ #. Check the status
.. code-block:: yaml .. code-block:: console
vdus: $ openstack vnf list
VDU1: $ openstack vnf show <VNF_ID>
firewall: |
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '190/sec'
option family 'ipv6'
option target 'REJECT'
.. We can replace the firewall rules configuration file with
tosca-config-openwrt-vrouter.yaml [#f5]_, tosca-config-openwrt-dnsmasq.yaml
[#f6]_, or tosca-config-openwrt-qos.yaml [#f7]_ to deploy the router, DHCP,
DNS, or QoS VNFs. The openwrt VNFM management driver will do the same way to
inject the desired service rules into the OpenWRT instance. You can also do the
same to check if the rules are injected successful: **cat /etc/config/network**
to check vrouter, **cat /etc/config/dhcp** to check DHCP and DNS, and
**cat /etc/config/qos** to check the QoS rules.
In this template file, we specify the **mgmt_driver: openwrt** which means #. Notes
this VNFD is managed by openwrt driver [#f4]_. This driver can inject
firewall rules which defined in VNFD into OpenWRT instance by using SSH
protocol. We can run**cat /etc/config/firewall** to confirm the firewall
rules if inject succeed.
3. Create a sample vnfd #. OpenWRT user and password
.. code-block:: console The user account is 'root' and password is '', which means there is no
password for root account.
openstack vnf descriptor create --vnfd-file tosca-vnfd-openwrt.yaml <VNFD_NAME> #. Procedure to customize the OpenWRT image
4. Create a VNF The OpenWRT is modified based on KVM OpenWRT 15.05.1 to be suitable
for Tacker. The procedure is following as below:
.. code-block:: console .. code-block:: console
openstack vnf create --vnfd-name <VNFD_NAME> \ $ cd ~
--config-file tosca-config-openwrt-firewall.yaml <NAME> $ wget \
.. -O openwrt-x86-kvm_guest-combined-ext4.img.gz
$ gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz
5. Check the status $ mkdir -p imgroot
.. code-block:: console $ sudo kpartx -av openwrt-x86-kvm_guest-combined-ext4.img
openstack vnf list # Replace the loopXp2 with the result of above command, e.g., loop0p2
openstack vnf show <VNF_ID> $ sudo mount -o loop /dev/mapper/loopXp2 imgroot
.. $ sudo chroot imgroot /bin/ash
We can replace the firewall rules configuration file with # Set password of this image to blank, type follow command and then enter two times
tosca-config-openwrt-vrouter.yaml [#f5]_, tosca-config-openwrt-dnsmasq.yaml $ passwd
[#f6]_, or tosca-config-openwrt-qos.yaml [#f7]_ to deploy the router, DHCP,
DNS, or QoS VNFs. The openwrt VNFM management driver will do the same way to
inject the desired service rules into the OpenWRT instance. You can also do the
same to check if the rules are injected successful: **cat /etc/config/network**
to check vrouter, **cat /etc/config/dhcp** to check DHCP and DNS, and
**cat /etc/config/qos** to check the QoS rules.
6. Notes # Set DHCP for the network of OpenWRT so that the VNF can be ping
$ uci set network.lan.proto=dhcp; uci commit
$ exit
6.1. OpenWRT user and password $ sudo umount imgroot
$ sudo kpartx -dv openwrt-x86-kvm_guest-combined-ext4.img
The user account is 'root' and password is '', which means there is no
password for root account.
6.2. Procedure to customize the OpenWRT image
The OpenWRT is modified based on KVM OpenWRT 15.05.1 to be suitable forTacker.
The procedure is following as below:
.. code-block:: console
cd ~
wget \
-O openwrt-x86-kvm_guest-combined-ext4.img.gz
gunzip openwrt-x86-kvm_guest-combined-ext4.img.gz
mkdir -p imgroot
sudo kpartx -av openwrt-x86-kvm_guest-combined-ext4.img
# Replace the loopXp2 with the result of above command, e.g., loop0p2
sudo mount -o loop /dev/mapper/loopXp2 imgroot
sudo chroot imgroot /bin/ash
# Set password of this image to blank, type follow command and then enter two times
# Set DHCP for the network of OpenWRT so that the VNF can be ping
uci set network.lan.proto=dhcp; uci commit
sudo umount imgroot
sudo kpartx -dv openwrt-x86-kvm_guest-combined-ext4.img
.. rubric:: Footnotes .. rubric:: Footnotes
.. [#] .. [#]
.. [#] .. [#]
.. [#] .. [#]
.. [#] .. [#]
.. [#] .. [#]
.. [#] .. [#]
.. [#] .. [#]

@ -19,167 +19,92 @@
Install via Devstack Install via Devstack
==================== ====================
The Devstack supports installation from different code branch by specifying Overview
<branch-name> below. If there is no preference, it is recommended to install --------
Tacker from master branch, i.e. the <branch-name> is master. If pike branch
is the target branch, the <branch-name> is stable/pike.
Devstack should be run as a non-root with sudo enabled(standard logins to
cloud images such as "ubuntu" or "cloud-user" are usually fine). Creating a
separate user and granting relevant privileges please refer [#f0]_.
1. Download DevStack: Tacker provides some examples, or templates, of ``local.conf`` used for
Devstack. You can find them in ``${TACKER_ROOT}/devstack`` directory in the
tacker repository.
.. code-block:: console Devstack supports installation from different code branch by specifying
branch name in your ``local.conf`` as described in below.
If you install the latest version, use ``master`` branch.
On the other hand, if you install specific release, suppose ``ussuri``
in this case, branch name must be ``stable/ussuri``.
$ git clone -b <branch-name> For installation, ```` script in Devstack should be run as a
$ cd devstack non-root user with sudo enabled.
Add a separate user ``stack`` and granting relevant privileges is a good way
to install via Devstack [#f0]_.
.. Install
2. Enable tacker related Devstack plugins in **local.conf** file: Devstack expects to be provided ``local.conf`` before running install script.
The first step of installing tacker is to clone Devstack and prepare your
First, the **local.conf** file needs to be created by manual or copied from #. Download DevStack
Tacker Repo [#f1]_ and renamed to **local.conf**. We have two Tacker
configuration installation files. First, it is the all-in-one mode that
installs full Devstack environment including Tacker in one PC or Laptop.
Second, it is the standalone mode which only will install a standalone
Tacker environment with some mandatory OpenStack services.
2.1. All-in-one mode Get Devstack via git, with specific branch optionally if you prefer,
and go down to the directory.
The **local.conf** file of all-in-one mode from [#f2]_ is shown as below: .. code-block:: console
.. code-block:: ini $ git clone -b <branch-name>
$ cd devstack
[[local|localrc]] #. Enable tacker related Devstack plugins in ``local.conf`` file
# Customize the following HOST_IP based on your installation
ADMIN_PASSWORD=devstack ``local.conf`` needs to be created by manual, or copied from Tacker
MYSQL_PASSWORD=devstack repo [#f1]_ renamed as ``local.conf``. We have two choices for
RABBIT_PASSWORD=devstack configuration basically. First one is the ``all-in-one`` mode that
SERVICE_PASSWORD=$ADMIN_PASSWORD installs full Devstack environment including Tacker in one PC or Laptop.
SERVICE_TOKEN=devstack Second, it is ``standalone`` mode which only will install only Tacker
environment with some mandatory OpenStack services. Nova, Neutron or other
essential components are not included in this mode.
############################################################ #. All-in-one mode
# Customize the following section based on your installation
# Pip There are two examples for ``all-in-one`` mode, targetting OpenStack
PIP_USE_MIRRORS=False or Kubernetes as VIM.
#OFFLINE=False ``local.conf`` for ``all-in-one`` mode with OpenStack [#f2]_
#RECLONE=True is shown as below.
# Logging .. literalinclude:: ../../../devstack/local.conf.example
LOGFILE=$DEST/logs/ :language: ini
# Neutron ML2 with OpenVSwitch The difference between ``all-in-one`` mode with Kubernetes [#f3]_ is
Q_PLUGIN=ml2 to deploy kuryr-kubernetes and octavia.
# Disable security groups .. literalinclude:: ../../../devstack/local.conf.kubernetes
Q_USE_SECGROUP=False :language: ini
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver :emphasize-lines: 60-65
# Enable heat, networking-sfc, barbican and mistral #. Standalone mode
enable_plugin heat master
enable_plugin networking-sfc master
enable_plugin barbican master
enable_plugin mistral master
# Ceilometer The ``local.conf`` file of standalone mode from [#f4]_ is shown as below.
enable_plugin ceilometer master
enable_plugin aodh master
# Blazar .. literalinclude:: ../../../devstack/local.conf.standalone
enable_plugin blazar master :language: ini
# Tacker #. Installation
enable_plugin tacker master
enable_service n-novnc After saving the ``local.conf``, we can run ```` in the terminal
enable_service n-cauth to start setting up.
disable_service tempest .. code-block:: console
# Enable kuryr-kubernetes, docker, octavia $ ./
enable_plugin kuryr-kubernetes master
enable_plugin octavia master
enable_plugin devstack-plugin-container master
enable_isolated_metadata = True
2.2. Standalone mode
The **local.conf** file of standalone mode from [#f3]_ is shown as below:
.. code-block:: ini
# Customize the following HOST_IP based on your installation
# Logging
enable_plugin networking-sfc ${GIT_BASE}/openstack/networking-sfc $TACKER_BRANCH
enable_plugin barbican ${GIT_BASE}/openstack/barbican $TACKER_BRANCH
enable_plugin mistral ${GIT_BASE}/openstack/mistral $TACKER_BRANCH
enable_plugin tacker ${GIT_BASE}/openstack/tacker $TACKER_BRANCH
3. Installation
After saving the **local.conf**, we can run **** in the terminal
to start setting up:
.. code-block:: console
$ ./
.. rubric:: Footnotes .. rubric:: Footnotes
.. [#f0] .. [#f0]
.. [#f1] .. [#f1]
.. [#f2] .. [#f2]
.. [#f3]
.. [#f3]
.. [#f4]

@ -23,126 +23,129 @@ started with Tacker and validate the installation.
Registering default OpenStack VIM Registering default OpenStack VIM
================================= ---------------------------------
1. Get one account on the OpenStack VIM.
In Tacker MANO system, the VNF can be on-boarded to one target OpenStack, which #. Get one account on the OpenStack VIM
is also called VIM. Get one account on this OpenStack. For example, the below
is the account information collected in file `vim_config.yaml` [1]_:
.. code-block:: yaml In Tacker MANO system, VNFs can be on-boarded to a target OpenStack which
is also called as VIM. Get one account on your OpenStack, such as ``admin``
if you deploy your OpenStack via devstack. Here is an example of a user
named as ``nfv_user`` and has a project ``nfv`` on OpenStack for
VIM configuration. It is described in ``vim_config.yaml`` [1]_:
auth_url: '' .. literalinclude:: ../../../samples/vim/vim_config.yaml
username: 'nfv_user' :language: yaml
password: 'mySecretPW'
project_name: 'nfv'
project_domain_name: 'Default'
user_domain_name: 'Default'
cert_verify: 'True'
.. note:: .. note::
In Keystone, port `5000` is enabled for authentication service [2]_, so the In Keystone, port ``5000`` is enabled for authentication service [2]_,
end users can use `auth_url: ''` instead of so the end users can use ``auth_url: ''`` instead
`auth_url: ''` as above mention. of ``auth_url: ''`` as above mention.
By default, cert_verify is set as `True`. To disable verifying SSL By default, ``cert_verify`` is set as ``True``. To disable verifying SSL
certificate, user can set cert_verify parameter to `False`. certificate, user can set ``cert_verifyi`` parameter to ``False``.
2. Register the VIM that will be used as a default VIM for VNF deployments. #. Register VIM
This will be required when the optional argument `--vim-id` is not provided by
the user during VNF creation.
.. code-block:: console Register the default VIM with the config file for VNF deployment.
This will be required when the optional argument ``--vim-id`` is not
provided by the user during VNF creation.
.. code-block:: console
$ openstack vim register --config-file vim_config.yaml \
--description 'my first vim' --is-default hellovim
openstack vim register --config-file vim_config.yaml \
--description 'my first vim' --is-default hellovim
Onboarding sample VNF Onboarding sample VNF
===================== ---------------------
1. Create a `sample-vnfd.yaml` file with the following template: #. Create a ``sample-vnfd.yaml`` file with the following template
.. code-block:: yaml .. code-block:: yaml
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0 tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: Demo example description: Demo example
metadata: metadata:
template_name: sample-tosca-vnfd template_name: sample-tosca-vnfd
topology_template: topology_template:
node_templates: node_templates:
type: tosca.nodes.nfv.VDU.Tacker type: tosca.nodes.nfv.VDU.Tacker
capabilities: capabilities:
nfv_compute: nfv_compute:
num_cpus: 1
mem_size: 512 MB
disk_size: 1 GB
properties: properties:
num_cpus: 1 image: cirros-0.4.0-x86_64-disk
mem_size: 512 MB availability_zone: nova
disk_size: 1 GB mgmt_driver: noop
properties: config: |
image: cirros-0.4.0-x86_64-disk param0: key1
availability_zone: nova param1: key2
mgmt_driver: noop
config: |
param0: key1
param1: key2
CP1: CP1:
type: tosca.nodes.nfv.CP.Tacker type: tosca.nodes.nfv.CP.Tacker
properties: properties:
management: true management: true
order: 0 order: 0
anti_spoofing_protection: false anti_spoofing_protection: false
requirements: requirements:
- virtualLink: - virtualLink:
node: VL1 node: VL1
- virtualBinding: - virtualBinding:
node: VDU1 node: VDU1
VL1: VL1:
type: tosca.nodes.nfv.VL type: tosca.nodes.nfv.VL
properties: properties:
network_name: net_mgmt network_name: net_mgmt
vendor: Tacker vendor: Tacker
.. note:: .. note::
You can find more sample tosca templates for VNFD at [3]_ You can find several samples of tosca template for VNFD at [3]_.
2. Create a sample VNFD #. Create a sample VNFD
.. code-block:: console .. code-block:: console
openstack vnf descriptor create --vnfd-file sample-vnfd.yaml samplevnfd $ openstack vnf descriptor create --vnfd-file sample-vnfd.yaml samplevnfd
3. Create a VNF #. Create a VNF
.. code-block:: console .. code-block:: console
openstack vnf create --vnfd-name samplevnfd samplevnf $ openstack vnf create --vnfd-name samplevnfd samplevnf
4. Some basic Tacker commands #. Some basic Tacker commands
.. code-block:: console You can find each of VIM, VNFD and VNF created in previous steps by using
``list`` subcommand.
openstack vim list .. code-block:: console
openstack vnf descriptor list
openstack vnf list $ openstack vim list
openstack vnf show samplevnf $ openstack vnf descriptor list
.. $ openstack vnf list
If you inspect attributes of the isntances, use ``show`` subcommand with
name or ID. For example, you can inspect the VNF named as ``samplevnf``
as below.
.. code-block:: console
$ openstack vnf show samplevnf
References References
========== ----------
.. [1] .. [1]
.. [2] .. [2]
.. [3] .. [3]

@ -19,9 +19,21 @@
Install via Kolla Ansible Install via Kolla Ansible
========================= =========================
Please refer to "Install dependencies" part of kolla ansible quick start at .. note:: to set
up the docker environment that is used by kolla ansible. This installation guide is explaining about Tacker. Other components,
such as nova or neutron, are not covered here.
.. note::
This installation guide is just a bit old, and explained for Redhat distro.
Please refer to
`Install dependencies
of kolla ansible installation [1]_ to set up the docker environment that is
used by kolla ansible.
To install via Kolla Ansible, the version of Kolla Ansible should be consistent To install via Kolla Ansible, the version of Kolla Ansible should be consistent
with the target Tacker system. For example, stable/pike branch of Kolla Ansible with the target Tacker system. For example, stable/pike branch of Kolla Ansible
@ -34,164 +46,151 @@ installed in this document.
Install Kolla Ansible Install Kolla Ansible
~~~~~~~~~~~~~~~~~~~~~ ---------------------
1. Get the stable/pike version of kolla ansible: #. Get the stable/pike version of kolla ansible:
.. code-block:: console .. code-block:: console
$ git clone -b stable/pike $ git clone -b stable/pike
$ cd kolla-ansible $ cd kolla-ansible
$ sudo yum install python-devel libffi-devel gcc openssl-devel libselinux-python $ sudo yum install python-devel libffi-devel gcc openssl-devel libselinux-python
$ sudo pip install -r requirements.txt $ sudo pip install -r requirements.txt
$ sudo python install $ sudo python install
.. If the needed version has already been published at pypi site
'', the command below can be used:
.. code-block:: console
If the needed version has already been published at pypi site $ sudo pip install "kolla-ansible==5.0.0"
'', the command below can be used:
.. code-block:: console
$ sudo pip install "kolla-ansible==5.0.0"
Install Tacker Install Tacker
~~~~~~~~~~~~~~ --------------
1. Edit kolla ansible's configuration file /etc/kolla/globals.yml: #. Edit kolla ansible's configuration file ``/etc/kolla/globals.yml``:
.. code-block:: ini .. code-block:: ini
--- ---
kolla_install_type: "source" kolla_install_type: "source"
# openstack_release can be determined by version of kolla-ansible tool. # openstack_release can be determined by version of kolla-ansible tool.
# But if needed, it can be specified. # But if needed, it can be specified.
#openstack_release: 5.0.0 #openstack_release: 5.0.0
kolla_internal_vip_address: <one IP address of local nic interface> kolla_internal_vip_address: <one IP address of local nic interface>
# The Public address used to communicate with OpenStack as set in the # The Public address used to communicate with OpenStack as set in the
# public_url for the endpoints that will be created. This DNS name # public_url for the endpoints that will be created. This DNS name
# should map to kolla_external_vip_address. # should map to kolla_external_vip_address.
#kolla_external_fqdn: "{{ kolla_external_vip_address }}" #kolla_external_fqdn: "{{ kolla_external_vip_address }}"
# define your own registry if needed # define your own registry if needed
#docker_registry: "" #docker_registry: ""
# If needed OpenStack kolla images are published, docker_namespace should be # If needed OpenStack kolla images are published, docker_namespace should be
# kolla # kolla
#docker_namespace: "kolla" #docker_namespace: "kolla"
docker_namespace: "gongysh" docker_namespace: "gongysh"
enable_glance: "no" enable_glance: "no"
enable_haproxy: "no" enable_haproxy: "no"
enable_keystone: "yes" enable_keystone: "yes"
enable_mariadb: "yes" enable_mariadb: "yes"
enable_memcached: "yes" enable_memcached: "yes"
enable_neutron: "no" enable_neutron: "no"
enable_nova: "no" enable_nova: "no"
enable_barbican: "yes" enable_barbican: "yes"
enable_mistral: "yes" enable_mistral: "yes"
enable_tacker: "yes" enable_tacker: "yes"
enable_heat: "no" enable_heat: "no"
enable_openvswitch: "no" enable_openvswitch: "no"
enable_horizon: "yes" enable_horizon: "yes"
enable_horizon_tacker: "{{ enable_tacker | bool }}" enable_horizon_tacker: "{{ enable_tacker | bool }}"
.. .. note::
.. note:: To determine version of kolla-ansible, the following commandline can be
To determine version of kolla-ansible, the following commandline can be .. code-block:: console
$ python -c "import pbr.version; print(pbr.version.VersionInfo('kolla-ansible'))" $ python -c \
"import pbr.version; print(pbr.version.VersionInfo('kolla-ansible'))"
2. Run kolla-genpwd to generate system passwords: #. Run kolla-genpwd to generate system passwords:
.. code-block:: console .. code-block:: console
$ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml $ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml
$ sudo kolla-genpwd $ sudo kolla-genpwd
.. .. note::
.. note:: If the pypi version is used to install kolla-ansible the skeleton
passwords file maybe under
If the pypi version is used to install kolla-ansible the skeleton passwords ``/usr/share/kolla-ansible/etc_examples/kolla``.
file maybe under '/usr/share/kolla-ansible/etc_examples/kolla'.
With this command, /etc/kolla/passwords.yml will be populated with With this command, ``/etc/kolla/passwords.yml`` will be populated with
generated passwords. generated passwords.
#. Run kolla ansible deploy to install tacker system:
.. code-block:: console
$ sudo kolla-ansible deploy
3. Run kolla ansible deploy to install tacker system: #. Run kolla ansible post-deploy to generate tacker access environment file:
.. code-block:: console .. code-block:: console
$ sudo kolla-ansible deploy $ sudo kolla-ansible post-deploy
.. With this command, ```` will be generated at
#. Check the related containers are started and running:
Tacker system consists of some containers. Following is a sample output.
The containers fluentd, cron and kolla_toolbox are from kolla, please see
kolla ansible documentation for their usage. Others are from Tacker system
.. code-block:: console
$ sudo docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
78eafed848a8 gongysh/centos-source-tacker-server:5.0.0 tacker_server
00bbecca5950 gongysh/centos-source-tacker-conductor:5.0.0 tacker_conductor
19eddccf8e8f gongysh/centos-source-barbican-worker:5.0.0 barbican_worker
6434b1d8236e gongysh/centos-source-barbican-keystone-listener:5.0.0 barbican_keystone_listener
48be088643f8 gongysh/centos-source-barbican-api:5.0.0 barbican_api
50b9a9a0e542 gongysh/centos-source-mistral-executor:5.0.0 mistral_executor
07c28d845311 gongysh/centos-source-mistral-engine:5.0.0 mistral_engine
196bbcc592a4 gongysh/centos-source-mistral-api:5.0.0 mistral_api
d5511b195a58 gongysh/centos-source-horizon:5.0.0 horizon
62913ec7c056 gongysh/centos-source-keystone:5.0.0 keystone
552b95e82f98 gongysh/centos-source-rabbitmq:5.0.0 rabbitmq
4d57d7735514 gongysh/centos-source-mariadb:5.0.0 mariadb
4e1142ff158d gongysh/centos-source-cron:5.0.0 cron
000ba4ca1974 gongysh/centos-source-kolla-toolbox:5.0.0 kolla_toolbox
0fe21b1ad18c gongysh/centos-source-fluentd:5.0.0 fluentd
a13e45fc034f gongysh/centos-source-memcached:5.0.0 memcached
#. Install tacker client:
.. code-block:: console
$ sudo pip install python-tackerclient
#. Check the Tacker server is running well:
.. code-block:: console
$ . /etc/kolla/
$ openstack vim list
4. Run kolla ansible post-deploy to generate tacker access environment file: References
.. code-block:: console .. [1]
$ sudo kolla-ansible post-deploy
With this command, the "" will be generated at
5. Check the related containers are started and running:
Tacker system consists of some containers. Following is a sample output.
The containers fluentd, cron and kolla_toolbox are from kolla, please see
kolla ansible documentation for their usage. Others are from Tacker system
.. code-block:: console
$ sudo docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
78eafed848a8 gongysh/centos-source-tacker-server:5.0.0 tacker_server
00bbecca5950 gongysh/centos-source-tacker-conductor:5.0.0 tacker_conductor
19eddccf8e8f gongysh/centos-source-barbican-worker:5.0.0 barbican_worker
6434b1d8236e gongysh/centos-source-barbican-keystone-listener:5.0.0 barbican_keystone_listener
48be088643f8 gongysh/centos-source-barbican-api:5.0.0 barbican_api
50b9a9a0e542 gongysh/centos-source-mistral-executor:5.0.0 mistral_executor
07c28d845311 gongysh/centos-source-mistral-engine:5.0.0 mistral_engine
196bbcc592a4 gongysh/centos-source-mistral-api:5.0.0 mistral_api
d5511b195a58 gongysh/centos-source-horizon:5.0.0 horizon
62913ec7c056 gongysh/centos-source-keystone:5.0.0 keystone
552b95e82f98 gongysh/centos-source-rabbitmq:5.0.0 rabbitmq
4d57d7735514 gongysh/centos-source-mariadb:5.0.0 mariadb
4e1142ff158d gongysh/centos-source-cron:5.0.0 cron
000ba4ca1974 gongysh/centos-source-kolla-toolbox:5.0.0 kolla_toolbox
0fe21b1ad18c gongysh/centos-source-fluentd:5.0.0 fluentd
a13e45fc034f gongysh/centos-source-memcached:5.0.0 memcached
6. Install tacker client:
.. code-block:: console
$ sudo pip install python-tackerclient
7. Check the Tacker server is running well:
.. code-block:: console
$ . /etc/kolla/
$ openstack vim list

@ -27,242 +27,243 @@ creating Kubernetes cluster and setting up native Neutron-based networking
between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will between Kubernetes and OpenStack VIMs. Features from Kuryr-Kubernetes will
bring VMs and Pods (and other Kubernetes resources) on the same network. bring VMs and Pods (and other Kubernetes resources) on the same network.
1. Edit local.conf file by adding the following content #. Edit local.conf file by adding the following content
.. code-block:: console .. code-block:: console
# Enable kuryr-kubernetes, docker, octavia # Enable kuryr-kubernetes, docker, octavia
enable_plugin kuryr-kubernetes master enable_plugin kuryr-kubernetes master
enable_plugin octavia master enable_plugin octavia master
enable_plugin devstack-plugin-container master enable_plugin devstack-plugin-container master
The public network will be used to launched LoadBalancer for Services in The public network will be used to launched LoadBalancer for Services in
Kubernetes. The example for setting public subnet is described in [#first]_ Kubernetes. The example for setting public subnet is described in [#first]_
For more details, users also see the same examples in [#second]_ and [#third]_. For more details, users also see the same examples in [#second]_ and [#third]_.
2. Run #. Run
.. code-block:: console .. code-block:: console
$ ./ $ ./
3. Get Kubernetes VIM configuration #. Get Kubernetes VIM configuration
* After successful installation, user can get "Bearer Token": * After successful installation, user can get "Bearer Token":
.. code-block:: console .. code-block:: console
$ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t') $ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t')
In the Hyperkube folder /yourdirectory/data/hyperkube/, user can get more In the Hyperkube folder /yourdirectory/data/hyperkube/, user can get more
information for authenticating to Kubernetes cluster. information for authenticating to Kubernetes cluster.
* Get ssl_ca_cert: * Get ssl_ca_cert:
.. code-block:: console .. code-block:: console
$ sudo cat /opt/stack/data/hyperkube/ca.crt $ sudo cat /opt/stack/data/hyperkube/ca.crt
Np/fuGLEhT+JpHGCK65l4WpBf+FkcNDIb5Jn1EBr5XDEVN1hlzcPdCHu1sAvfTNB Np/fuGLEhT+JpHGCK65l4WpBf+FkcNDIb5Jn1EBr5XDEVN1hlzcPdCHu1sAvfTNB
AJkq/4TzkenEusxiQ8TQWDnIrAo73tkYPyQMAfXHifyM20gCz/jM+Zy2IoQDArRq AJkq/4TzkenEusxiQ8TQWDnIrAo73tkYPyQMAfXHifyM20gCz/jM+Zy2IoQDArRq
MItRdoFa+7rRJntFk56y9NZTzDqnziLFFoT6W3ZdU3BElX6oWarbLWxNNpYlVEbI MItRdoFa+7rRJntFk56y9NZTzDqnziLFFoT6W3ZdU3BElX6oWarbLWxNNpYlVEbI
YdfooLqKTH+25Fh3TKsMVxOdc7A5MggXRHYYkbbDgDAVln9ki9x/c6U+5bQQ9H8+ YdfooLqKTH+25Fh3TKsMVxOdc7A5MggXRHYYkbbDgDAVln9ki9x/c6U+5bQQ9H8+
+Lhzdova4gjq/RBJCtiISN7HvLuq+VenArFREgAqr/r/rQZckeAD/4mzQNECAwEA +Lhzdova4gjq/RBJCtiISN7HvLuq+VenArFREgAqr/r/rQZckeAD/4mzQNECAwEA
GXJI/Uh4xKmj3LrdDYQjHb1tbRSV2S/gQld+En0L92XGUl/x1pG/GainDVpxpTdt GXJI/Uh4xKmj3LrdDYQjHb1tbRSV2S/gQld+En0L92XGUl/x1pG/GainDVpxpTdt
FwA5SMG5HLHrudZBRW2Dqe1ItKjx4ofdjz+Eni17QYnI0CEdJZyq7dBInuCyeOu9 FwA5SMG5HLHrudZBRW2Dqe1ItKjx4ofdjz+Eni17QYnI0CEdJZyq7dBInuCyeOu9
AT0UKTr/agkkjHL0/kv4x+Qhr/ICjd2JbW7ePxQBJ8af+SYuKx7IRVnubnqVMEN6 AT0UKTr/agkkjHL0/kv4x+Qhr/ICjd2JbW7ePxQBJ8af+SYuKx7IRVnubnqVMEN6
V/kEAK/h2NAKS8OnlBgUMXIojSInmGXJfM5l1GUlQiqiBTv21Fm6 V/kEAK/h2NAKS8OnlBgUMXIojSInmGXJfM5l1GUlQiqiBTv21Fm6
* Get basic authentication username and password: * Get basic authentication username and password:
.. code-block:: console .. code-block:: console
$ sudo cat /opt/stack/data/hyperkube/basic_auth.csv $ sudo cat /opt/stack/data/hyperkube/basic_auth.csv
admin,admin,admin admin,admin,admin
The basic auth file is a csv file with a minimum of 3 columns: password, The basic auth file is a csv file with a minimum of 3 columns: password,
user name, user id. If there are more than 3 columns, see the following user name, user id. If there are more than 3 columns, see the following
example: example:
.. code-block:: console .. code-block:: console
password,user,uid,"group1,group2,group3" password,user,uid,"group1,group2,group3"
In this example, the user belongs to group1, group2 and group3. In this example, the user belongs to group1, group2 and group3.
* Get Kubernetes server url * Get Kubernetes server url
By default Kubernetes server listens on and By default Kubernetes server listens on and
https://{HOST_IP}:6443 https://{HOST_IP}:6443
.. code-block:: console .. code-block:: console
$ curl http://localhost:8080/api/ $ curl http://localhost:8080/api/
"kind": "APIVersions",
"versions": [
"serverAddressByClientCIDRs": [
{ {
"clientCIDR": "", "kind": "APIVersions",
"serverAddress": "" "versions": [
"serverAddressByClientCIDRs": [
"clientCIDR": "",
"serverAddress": ""
} }
4. Check Kubernetes cluster installation #. Check Kubernetes cluster installation
By default, after set KUBERNETES_VIM=True, Devstack creates a public network By default, after set KUBERNETES_VIM=True, Devstack creates a public network
called net-k8s, and two extra ones for the kubernetes services and pods under called net-k8s, and two extra ones for the kubernetes services and pods
the project k8s: under the project k8s:
.. code-block:: console .. code-block:: console
$ openstack network list --project admin $ openstack network list --project admin
+--------------------------------------+-----------------+--------------------------------------+ +--------------------------------------+-----------------+--------------------------------------+
| ID | Name | Subnets | | ID | Name | Subnets |
+--------------------------------------+-----------------+--------------------------------------+ +--------------------------------------+-----------------+--------------------------------------+
| 28361f77-1875-4070-b0dc-014e26c48aeb | public | 28c51d19-d437-46e8-9b0e-00bc392c57d6 | | 28361f77-1875-4070-b0dc-014e26c48aeb | public | 28c51d19-d437-46e8-9b0e-00bc392c57d6 |
| 71c20650-6295-4462-9219-e0007120e64b | k8s-service-net | f2835c3a-f567-44f6-b006-a6f7c52f2396 | | 71c20650-6295-4462-9219-e0007120e64b | k8s-service-net | f2835c3a-f567-44f6-b006-a6f7c52f2396 |
| 97c12aef-54f3-41dc-8b80-7f07c34f2972 | k8s-pod-net | 7759453f-6e8a-4660-b845-964eca537c44 | | 97c12aef-54f3-41dc-8b80-7f07c34f2972 | k8s-pod-net | 7759453f-6e8a-4660-b845-964eca537c44 |
| 9935fff9-f60c-4fe8-aa77-39ba7ac10417 | net0 | 92b2bd7b-3c14-4d32-8de3-9d3cc4d204cb | | 9935fff9-f60c-4fe8-aa77-39ba7ac10417 | net0 | 92b2bd7b-3c14-4d32-8de3-9d3cc4d204cb |
| c2120b78-880f-4f28-8dc1-3d33b9f3020b | net_mgmt | fc7b3f32-5cac-4857-83ab-d3700f4efa60 | | c2120b78-880f-4f28-8dc1-3d33b9f3020b | net_mgmt | fc7b3f32-5cac-4857-83ab-d3700f4efa60 |
| ec194ffc-533e-46b3-8547-6f43d92b91a2 | net1 | 08beb9a1-cd74-4f2d-b2fa-0e5748d80c27 | | ec194ffc-533e-46b3-8547-6f43d92b91a2 | net1 | 08beb9a1-cd74-4f2d-b2fa-0e5748d80c27 |
+--------------------------------------+-----------------+--------------------------------------+ +--------------------------------------+-----------------+--------------------------------------+
To check Kubernetes cluster works well, please see some tests in To check Kubernetes cluster works well, please see some tests in
kuryr-kubernetes to get more information [#fourth]_. kuryr-kubernetes to get more information [#fourth]_.
5. Register Kubernetes VIM #. Register Kubernetes VIM
In vim_config.yaml, project_name is fixed as "default", that will use to In vim_config.yaml, project_name is fixed as "default", that will use to
support multi tenant on Kubernetes in the future. support multi tenant on Kubernetes in the future.
* Create vim_config.yaml file for Kubernetes VIM as the following examples: Create vim_config.yaml file for Kubernetes VIM as the following examples:
.. code-block:: console .. code-block:: console
auth_url: "" auth_url: ""
bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ" bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ"
ssl_ca_cert: "None" ssl_ca_cert: "None"
project_name: "default" project_name: "default"
type: "kubernetes" type: "kubernetes"
* Or vim_config.yaml with ssl_ca_cert enabled: Or vim_config.yaml with ssl_ca_cert enabled:
.. code-block:: console .. code-block:: console
auth_url: "" auth_url: ""
bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ" bearer_token: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tc2ZqcTQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBiMzZmYTQ2LWFhOTUtMTFlNy05M2Q4LTQwOGQ1Y2Q0ZmJmMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.MBjFA18AjD6GyXmlqsdsFpJD_tgPfst2faOimfVob-gBqnAkAU0Op2IEauiBVooFgtvzm-HY2ceArftSlZQQhLDrJGgH0yMAUmYhI8pKcFGd_hxn_Ubk7lPqwR6GIuApkGVMNIlGh7LFLoF23S_yMGvO8CHPM-UbFjpbCOECFdnoHjz-MsMqyoMfGEIF9ga7ZobWcKt_0A4ge22htL2-lCizDvjSFlAj4cID2EM3pnJ1J3GXEqu-W9DUFa0LM9u8fm_AD9hBKVz1dePX1NOWglxxjW4KGJJ8dV9_WEmG2A2B-9Jy6AKW83qqicBjYUUeAKQfjgrTDl6vSJOHYyzCYQ"
ssl_ca_cert: "-----BEGIN CERTIFICATE----- ssl_ca_cert: "-----BEGIN CERTIFICATE-----
Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b
jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m
ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh
xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA
J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2 J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2
Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7 Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7
tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ
U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs
MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk
project_name: "default" project_name: "default"
type: "kubernetes" type: "kubernetes"
* You can also specify username and password for Kubernetes VIM configuration: You can also specify username and password for Kubernetes VIM configuration:
.. code-block:: console .. code-block:: console
auth_url: "" auth_url: ""
username: "admin" username: "admin"
password: "admin" password: "admin"
ssl_ca_cert: "-----BEGIN CERTIFICATE----- ssl_ca_cert: "-----BEGIN CERTIFICATE-----
Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b Z06NPdlHKuXaxz7+aReGSwz09JittlqQ/2CwSd5834Ll+btfyTyrB4bv+mr/WD3b
jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m jxEhnWrUK7oHObzZq0i60Ard6CuiWnv5tP0U5tVPWfNBoHEEPImVcUmgzGSAWW1m
ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh ZzGdcpwkqE1NznLsrqYqjT5bio7KUqySRe13WNichDrdYSqEEQwFa+b+BO1bRCvh
xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA xKsVTbMvhcKIMKdK8pHUJK2pk8uNPAKd7zjpiu04KMa3WsUreIJHcjat6lMCAwEA
J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2 J8LPLYWjqdFnLgC+usGq+nhJiuVCqqAIK0dIizGaoXS91hoWuuHWibSlLFRd2wF2
Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7 Go2oL5pgC/0dKW1D6V1Dl+3mmCVYrDnExXybWGtOsvaUmsnt4ugsb+9AfUtWbCA7
tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ tepBsbAHS62buwNdzrzjJV+GNB6KaIEVVAdZdRx+HaZP2kytOXqxaUchIhMHZHYZ
U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs U0/5P0Ei56fLqIFO3WXqVj9u615VqX7cad4GQwtSW8sDnZMcQAg8mnR4VqkF8YSs
MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk MkFnsNNkfqE9ck/D2auMwRl1IaDPVqAFiWiYZZhw8HsG6K4BYEgk
project_name: "default" project_name: "default"
type: "kubernetes" type: "kubernetes"
User can change the authentication like username, password, etc. Please see User can change the authentication like username, password, etc. Please see
Kubernetes document [#fifth]_ to read more information about Kubernetes Kubernetes document [#fifth]_ to read more information about Kubernetes
authentication. authentication.
* Run Tacker command for register vim: Run Tacker command for register vim:
.. code-block:: console .. code-block:: console
$ openstack vim register --config-file vim_config.yaml vim-kubernetes $ openstack vim register --config-file vim_config.yaml vim-kubernetes
$ openstack vim list $ openstack vim list
+--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+
| id | tenant_id | name | type | is_default | placement_attr | status | | id | tenant_id | name | type | is_default | placement_attr | status |
+--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+
| 45456bde-6179-409c-86a1-d8cd93bd0c6d | a6f9b4bc9a4d439faa91518416ec0999 | vim-kubernetes | kubernetes | False | {u'regions': [u'default', u'kube-public', u'kube-system']} | REACHABLE | | 45456bde-6179-409c-86a1-d8cd93bd0c6d | a6f9b4bc9a4d439faa91518416ec0999 | vim-kubernetes | kubernetes | False | {u'regions': [u'default', u'kube-public', u'kube-system']} | REACHABLE |
+--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+ +--------------------------------------+----------------------------------+----------------+------------+------------+------------------------------------------------------------+-----------+
In ``placement_attr``, there are three regions: 'default', 'kube-public', In ``placement_attr``, there are three regions: 'default', 'kube-public',
'kube-system', that map to ``namespace`` in Kubernetes environment. 'kube-system', that map to ``namespace`` in Kubernetes environment.
* Other related commands to Kubernetes VIM Other related commands to Kubernetes VIM:
.. code-block:: console .. code-block:: console
$ cat kubernetes-VIM-update.yaml $ cat kubernetes-VIM-update.yaml
username: "admin" username: "admin"
password: "admin" password: "admin"
project_name: "default" project_name: "default"
ssl_ca_cert: "None" ssl_ca_cert: "None"
type: "kubernetes" type: "kubernetes"
$ tacker vim-update vim-kubernetes --config-file kubernetes-VIM-update.yaml $ tacker vim-update vim-kubernetes --config-file kubernetes-VIM-update.yaml
$ tacker vim-show vim-kubernetes $ tacker vim-show vim-kubernetes
$ tacker vim-delete vim-kubernetes $ tacker vim-delete vim-kubernetes
When update Kubernetes VIM, user can update VIM information (such as username, When update Kubernetes VIM, user can update VIM information (such as username,
password, bearer_token and ssl_ca_cert) except auth_url and type of VIM. password, bearer_token and ssl_ca_cert) except auth_url and type of VIM.
References References
========== ----------
.. [#first] .. [#first]
.. [#second] .. [#second]
.. [#third] .. [#third]

@ -21,369 +21,310 @@ Manual Installation
This document describes how to install and run Tacker manually. This document describes how to install and run Tacker manually.
.. note::
User is supposed to install on Ubuntu. Some examples are invalid on other
distirbutions. For example, you should replace ``/usr/local/bin/`` with
``/usr/bin/`` on CentOS.
Pre-requisites Pre-requisites
============== --------------
1). Ensure that OpenStack components Keystone, Mistral, Barbican and #. Install required components.
Horizon are installed. Refer the list below for installation of
these OpenStack projects on different Operating Systems.
* Ensure that OpenStack components, Keystone, Mistral, Barbican and
* Horizon are installed. Refer the list below for installation of
* these OpenStack projects on different Operating Systems.
2). one file is generated. one sample file *
is like the below: *
.. code-block:: ini #. Create ```` for env variables.
export OS_PROJECT_DOMAIN_NAME=Default .. code-block:: shell
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin export OS_PROJECT_DOMAIN_NAME=Default
export OS_TENANT_NAME=admin export OS_USER_DOMAIN_NAME=Default
export OS_USERNAME=admin export OS_PROJECT_NAME=admin
export OS_PASSWORD=KTskN5eUMTpeHLKorRcZBBbH0AM96wdvgQhwENxY export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://localhost:5000/identity export OS_USERNAME=admin
export OS_INTERFACE=internal export OS_PASSWORD=KTskN5eUMTpeHLKorRcZBBbH0AM96wdvgQhwENxY
export OS_IDENTITY_API_VERSION=3 export OS_AUTH_URL=http://localhost:5000/identity
export OS_REGION_NAME=RegionOne export OS_INTERFACE=internal
export OS_REGION_NAME=RegionOne
Installing Tacker server Installing Tacker Server
======================== ------------------------
.. note:: .. note::
The paths we are using for configuration files in these steps are with reference to The ``<branch_name>`` in command examples is replaced with specific branch
Ubuntu Operating System. The paths may vary for other Operating Systems. name, such as ``stable/ussuri``.
The branch_name which is used in commands, specify the branch_name as #. Create MySQL database and user.
"stable/<branch>" for any stable branch installation.
For eg: stable/ocata, stable/newton. If unspecified the default will be
"master" branch.
.. code-block:: console
1). Create MySQL database and user. $ mysql -uroot -p
.. code-block:: console Create database ``tacker`` and grant provileges for ``tacker`` user with
password ``<TACKERDB_PASSWORD>`` on all tables.
mysql -uroot -p .. code-block::
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost' \
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' \
.. note:: CREATE DATABASE tacker;
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost' \
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' \
Replace ``TACKERDB_PASSWORD`` with your password. #. Create OpenStack user, role and endpoint.
2). Create users, roles and endpoints: #. Set admin credentials to gain access to admin-only CLI commands.
a). Source the admin credentials to gain access to admin-only CLI commands: .. code-block:: console
.. code-block:: console $ .
. #. Create ``tacker`` user with admin privileges.
b). Create tacker user with admin privileges. .. code-block:: console
.. note:: $ openstack user create --domain default --password <PASSWORD> tacker
$ openstack role add --project service --user tacker admin
Project_name can be "service" or "services" depending on your .. note::
OpenStack distribution.
.. code-block:: console Project name can be ``service`` or ``services`` depending on your
OpenStack distribution.
openstack user create --domain default --password <PASSWORD> tacker #. Create ``tacker`` service.
openstack role add --project service --user tacker admin
c). Create tacker service. .. code-block:: console
.. code-block:: console $ openstack service create --name tacker \
--description "Tacker Project" nfv-orchestration
openstack service create --name tacker \ #. Provide an endpoint to tacker service.
--description "Tacker Project" nfv-orchestration
d). Provide an endpoint to tacker service. For keystone v3:
If you are using keystone v3 then, .. code-block:: console
.. code-block:: console $ openstack endpoint create --region RegionOne nfv-orchestration \
public http://<TACKER_NODE_IP>:9890/
$ openstack endpoint create --region RegionOne nfv-orchestration \
internal http://<TACKER_NODE_IP>:9890/
$ openstack endpoint create --region RegionOne nfv-orchestration \
admin http://<TACKER_NODE_IP>:9890/
openstack endpoint create --region RegionOne nfv-orchestration \ Or keystone v2:
public http://<TACKER_NODE_IP>:9890/
openstack endpoint create --region RegionOne nfv-orchestration \
internal http://<TACKER_NODE_IP>:9890/
openstack endpoint create --region RegionOne nfv-orchestration \
admin http://<TACKER_NODE_IP>:9890/
If you are using keystone v2 then, .. code-block:: console
.. code-block:: console $ openstack endpoint create --region RegionOne \
--publicurl 'http://<TACKER_NODE_IP>:9890/' \
--adminurl 'http://<TACKER_NODE_IP>:9890/' \
--internalurl 'http://<TACKER_NODE_IP>:9890/' <SERVICE-ID>
openstack endpoint create --region RegionOne \ #. Clone tacker repository.
--publicurl 'http://<TACKER_NODE_IP>:9890/' \
--adminurl 'http://<TACKER_NODE_IP>:9890/' \
--internalurl 'http://<TACKER_NODE_IP>:9890/' <SERVICE-ID>
3). Clone tacker repository. You can use ``-b`` for specific release optionally.
.. code-block:: console .. code-block:: console
cd ~/ $ cd ${HOME}
git clone -b <branch_name> $ git clone -b <branch_name>
4). Install all requirements. #. Install required packages and tacker itself.
.. code-block:: console .. code-block:: console
cd tacker $ cd ${HOME}/tacker
sudo pip install -r requirements.txt $ sudo pip3 install -r requirements.txt
.. $ sudo python3 install
#. Create directories for tacker.
5). Install tacker. Directories log, VNF packages and csar files are required.
.. code-block:: console .. code-block:: console
sudo python install $ sudo mkdir -p /var/log/tacker \
.. /var/lib/tacker/vnfpackages \
.. .. note::
6). Create 'tacker' directory in '/var/log', and create directories for vnf In case of multi node deployment, we recommend to configure
package and zip csar file(for glance store). ``/var/lib/tacker/csar_files`` on a shared storage.
.. code-block:: console #. Generate the ``tacker.conf.sample`` using
``tools/`` or ``tox -e config-gen`` command.
Rename the ``tacker.conf.sample`` file at ``etc/tacker/`` to
``tacker.conf``. Then edit it to ensure the below entries:
sudo mkdir /var/log/tacker .. note::
sudo mkdir -p /var/lib/tacker/vnfpackages
sudo mkdir -p /var/lib/tacker/csar_files
.. note:: Ignore any warnings generated while using the
In case of multi node deployment, we recommend to configure .. note::
/var/lib/tacker/csar_files on a shared storage.
.. project_name can be "service" or "services" depending on your
OpenStack distribution in the keystone_authtoken section.
7). Generate the tacker.conf.sample using tools/ .. note::
or 'tox -e config-gen' command. Rename the "tacker.conf.sample" file at
"etc/tacker/" to tacker.conf. Then edit it to ensure the below entries:
.. note:: The path of tacker-rootwrap varies according to the operating system,
e.g. it is /usr/bin/tacker-rootwrap for CentOS, therefore the configuration for
[agent] should be like:
Ignore any warnings generated while using the .. code-block:: ini
.. [agent]
root_helper = sudo /usr/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf
.. note::
project_name can be "service" or "services" depending on your
OpenStack distribution in the keystone_authtoken section.
.. note::
The path of tacker-rootwrap varies according to the operating system,
e.g. it is /usr/bin/tacker-rootwrap for CentOS, therefore the configuration for
[agent] should be like:
.. code-block:: ini .. code-block:: ini
auth_strategy = keystone
policy_file = /usr/local/etc/tacker/policy.json
debug = True
use_syslog = False
bind_host = <TACKER_NODE_IP>
bind_port = 9890
service_plugins = nfvo,vnfm
state_path = /var/lib/tacker
vim_drivers = openstack
memcached_servers = 11211
region_name = RegionOne
auth_type = password
project_domain_name = <DOMAIN_NAME>
user_domain_name = <DOMAIN_NAME>
username = <TACKER_USER_NAME>
project_name = service
auth_url = http://<KEYSTONE_IP>:5000
www_authenticate_uri = http://<KEYSTONE_IP>:5000
[agent] [agent]
root_helper = sudo /usr/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf
.. ...
.. code-block:: ini [database]
connection = mysql+pymysql://tacker:<TACKERDB_PASSWORD>@<MYSQL_IP>:3306/tacker?charset=utf8
[DEFAULT] [tacker]
auth_strategy = keystone monitor_driver = ping,http_ping
policy_file = /usr/local/etc/tacker/policy.json
debug = True
use_syslog = False
bind_host = <TACKER_NODE_IP>
bind_port = 9890
service_plugins = nfvo,vnfm
state_path = /var/lib/tacker #. Copy the ``tacker.conf`` to ``/usr/local/etc/tacker/`` directory.
[nfvo_vim] .. code-block:: console
vim_drivers = openstack
[keystone_authtoken] $ sudo su
memcached_servers = 11211 $ cp etc/tacker/tacker.conf /usr/local/etc/tacker/
region_name = RegionOne
auth_type = password
project_domain_name = <DOMAIN_NAME>
user_domain_name = <DOMAIN_NAME>
username = <TACKER_USER_NAME>
project_name = service
auth_url = http://<KEYSTONE_IP>:5000
www_authenticate_uri = http://<KEYSTONE_IP>:5000
[agent] #. Populate Tacker database.
root_helper = sudo /usr/local/bin/tacker-rootwrap /usr/local/etc/tacker/rootwrap.conf
connection = mysql+pymysql://tacker:<TACKERDB_PASSWORD>@<MYSQL_IP>:3306/tacker?charset=utf8
monitor_driver = ping,http_ping
8). Copy the tacker.conf file to "/usr/local/etc/tacker/" directory
.. code-block:: console
sudo su
cp etc/tacker/tacker.conf /usr/local/etc/tacker/
9). Populate Tacker database:
.. note::
The path of tacker-db-manage varies according to the operating system,
e.g. it is /usr/bin/tacker-bin-manage for CentOS
.. code-block:: console
/usr/local/bin/tacker-db-manage --config-file /usr/local/etc/tacker/tacker.conf upgrade head
10). To support systemd, copy tacker.service and tacker-conductor.service file to
"/etc/systemd/system/" directory, and restart systemctl daemon.
.. code-block:: console
sudo su
cp etc/systemd/system/tacker.service /etc/systemd/system/
cp etc/systemd/system/tacker-conductor.service /etc/systemd/system/
systemctl daemon-reload
.. note::
Needs systemd support.
By default Ubuntu16.04 onward is supported.
Install Tacker client .. code-block:: console
1). Clone tacker-client repository. $ /usr/local/bin/tacker-db-manage \
--config-file /usr/local/etc/tacker/tacker.conf \
upgrade head
.. code-block:: console #. To make tacker be controlled from systemd, copy ``tacker.service`` and
``tacker-conductor.service`` file to ``/etc/systemd/system/`` directory,
and restart ``systemctl`` daemon.
cd ~/ .. code-block:: console
git clone -b <branch_name>
2). Install tacker-client. $ sudo su
$ cp etc/systemd/system/tacker.service /etc/systemd/system/
$ cp etc/systemd/system/tacker-conductor.service /etc/systemd/system/
$ systemctl daemon-reload
.. code-block:: console Install Tacker Client
cd python-tackerclient #. Clone ``tacker-client`` repository.
sudo python install
.. .. code-block:: console
$ cd ~/
$ git clone -b <branch_name>
#. Install ``tacker-client``.
.. code-block:: console
$ cd ${HOME}/python-tackerclient
$ sudo python3 install
Install Tacker horizon Install Tacker horizon
====================== ----------------------
#. Clone ``tacker-horizon`` repository.
1). Clone tacker-horizon repository. .. code-block:: console
.. code-block:: console $ cd ~/
$ git clone -b <branch_name>
cd ~/ #. Install horizon module.
git clone -b <branch_name>
2). Install horizon module. .. code-block:: console
.. code-block:: console $ cd ${HOME}/tacker-horizon
$ sudo python3 install
cd tacker-horizon #. Enable tacker horizon in dashboard.
sudo python install
3). Enable tacker horizon in dashboard. .. code-block:: console
.. code-block:: console $ sudo cp tacker_horizon/enabled/* \
sudo cp tacker_horizon/enabled/* \ #. Restart Apache server.
4). Restart Apache server. .. code-block:: console
.. code-block:: console $ sudo service apache2 restart
sudo service apache2 restart
Starting Tacker server Starting Tacker server
====================== ----------------------
1).Open a new console and launch tacker-server. A separate terminal is Open a new console and launch ``tacker-server``. A separate terminal is
required because the console will be locked by a running process. required because the console will be locked by a running process.
.. note::
The path of tacker-server varies according to the operating system,
e.g. it is /usr/bin/tacker-server for CentOS
.. code-block:: console .. code-block:: console
sudo python /usr/local/bin/tacker-server \ $ sudo python3 /usr/local/bin/tacker-server \
--config-file /usr/local/etc/tacker/tacker.conf \ --config-file /usr/local/etc/tacker/tacker.conf \
--log-file /var/log/tacker/tacker.log --log-file /var/log/tacker/tacker.log
Starting Tacker conductor Starting Tacker conductor
========================= -------------------------
1).Open a new console and launch tacker-conductor. A separate terminal is Open a new console and launch tacker-conductor. A separate terminal is
required because the console will be locked by a running process. required because the console will be locked by a running process.
.. note::
The path of tacker-conductor varies according to the operating system,
e.g. it is /usr/bin/tacker-conductor for CentOS
.. code-block:: console .. code-block:: console
sudo python /usr/local/bin/tacker-conductor \ $ sudo python /usr/local/bin/tacker-conductor \
--config-file /usr/local/etc/tacker/tacker.conf \ --config-file /usr/local/etc/tacker/tacker.conf \
--log-file /var/log/tacker/tacker-conductor.log --log-file /var/log/tacker/tacker-conductor.log

@ -34,7 +34,7 @@ The basic information and the topology of these nodes is like this:
Prepare kolla-ansible Prepare kolla-ansible
~~~~~~~~~~~~~~~~~~~~~ ---------------------
About how to prepare Docker and kolla-ansible environment, About how to prepare Docker and kolla-ansible environment,
please refer to please refer to
@ -42,37 +42,26 @@
Set up local kolla-ansible docker registry Set up local kolla-ansible docker registry
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------
Kolla-ansible is publishing the packaged Docker images at Kolla-ansible is publishing the packaged Docker images at This document will use This document will use
centos-source-registry-pike.tar.gz. So Download it: ``centos-source-registry-pike.tar.gz``.
Download this file and extract:
.. code-block:: console .. code-block:: console
# wget # wget
And unpack it:
.. code-block:: console
# tar xzvf centos-source-registry-pike.tar.gz -C /opt/registry/ # tar xzvf centos-source-registry-pike.tar.gz -C /opt/registry/
.. Start Docker registry container:
And start Docker registry container:
.. code-block:: console .. code-block:: console
# docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2 # docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2
.. Set Docker to access local registry via insecure channel:
And set Docker to access local registry via insecure channel:
.. code-block:: console .. code-block:: console
@ -81,15 +70,12 @@ And set Docker to access local registry via insecure channel:
# systemctl daemon-reload # systemctl daemon-reload
# systemctl restart docker # systemctl restart docker
.. note:: .. note::
The way to set up Docker to access insecure registry depends on operating The way to set up Docker to access insecure registry depends on operating
system and Docker version, above way is just an example. system and Docker version, above way is just an example.
Verify the local registry contains the needed images:
And verify the local registry contains the needed images:
.. code-block:: console .. code-block:: console
@ -97,127 +83,115 @@ And verify the local registry contains the needed images:
# curl -k localhost:4000/v2/lokolla/centos-source-fluentd/tags/list # curl -k localhost:4000/v2/lokolla/centos-source-fluentd/tags/list
{"name":"lokolla/centos-source-fluentd","tags":["5.0.1"]} {"name":"lokolla/centos-source-fluentd","tags":["5.0.1"]}
Install OpenStack Install OpenStack
~~~~~~~~~~~~~~~~~ -----------------
1. Edit kolla ansible's configuration file /etc/kolla/globals.yml: #. Edit kolla ansible's configuration file ``/etc/kolla/globals.yml``:
.. code-block:: ini .. code-block:: ini
--- ---
kolla_install_type: "source" kolla_install_type: "source"
openstack_release: "5.0.1" openstack_release: "5.0.1"
kolla_internal_vip_address: "" kolla_internal_vip_address: ""
docker_registry: "" docker_registry: ""
docker_namespace: "lokolla" docker_namespace: "lokolla"
api_interface: "eth0" api_interface: "eth0"
tunnel_interface: "eth1" tunnel_interface: "eth1"
neutron_external_interface: "eth2" neutron_external_interface: "eth2"
enable_glance: "yes" enable_glance: "yes"
enable_haproxy: "yes" enable_haproxy: "yes"
enable_keystone: "yes" enable_keystone: "yes"
enable_mariadb: "yes" enable_mariadb: "yes"
enable_memcached: "yes" enable_memcached: "yes"
enable_neutron: "yes" enable_neutron: "yes"
enable_nova: "yes" enable_nova: "yes"
enable_rabbitmq: "yes" enable_rabbitmq: "yes"
enable_aodh: "yes" enable_aodh: "yes"
enable_ceilometer: "yes" enable_ceilometer: "yes"
enable_gnocchi: "yes" enable_gnocchi: "yes"
enable_heat: "yes" enable_heat: "yes"
enable_horizon: "yes" enable_horizon: "yes"
enable_neutron_sfc: "yes" enable_neutron_sfc: "yes"
.. note::
If nodes are using different network interface names to connect each
other, please define them in inventory file.
"" is an un-used ip address, will be used as VIP address,
realized by keepalived container.
.. note:: #. Run kolla-genpwd to generate system passwords:
If nodes are using different network interface names to connect each other, .. code-block:: console
please define them in inventory file.
"" is an un-used ip address, will be used as VIP address, realized $ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml
by keepalived container. $ sudo kolla-genpwd
.. note::
If the pypi version is used to install kolla-ansible the skeleton
passwords file may be under
2. Run kolla-genpwd to generate system passwords: With this command, ``/etc/kolla/passwords.yml`` will be populated with
generated passwords.
.. code-block:: console
$ sudo cp etc/kolla/passwords.yml /etc/kolla/passwords.yml
$ sudo kolla-genpwd
.. note::
If the pypi version is used to install kolla-ansible the skeleton passwords
file may be under '/usr/share/kolla-ansible/etc_examples/kolla'.
With this command, /etc/kolla/passwords.yml will be populated with #. Editor inventory:
generated passwords.
First copy the sample multinode inventory file from kolla-ansible:
3. Editor inventory: .. code-block:: console
First copy the sample multinode inventory file from kolla-ansible: # cp inventory/multinode ~/
.. code-block:: console Then edit it to contain all of the OpenStack nodes.
# cp inventory/multinode ~/ .. code-block:: ini
.. [all_vim_nodes]
Then edit it to contain all of the OpenStack nodes. [network:children]
.. code-block:: ini [compute:children]
[all_vim_nodes] [monitoring:children] all_vim_nodes
[control:children] [storage:children]
all_vim_nodes #if the tacker needs volume feature, put related nodes here
[network:children] #. Run kolla ansible deploy to install OpenStack system:
[compute:children] .. code-block:: console
[monitoring:children] # kolla-ansible deploy -i ~/multinode
[storage:children] #. Run kolla ansible post-deploy to generate tacker access environment file:
#if the tacker needs volume feature, put related nodes here
4. Run kolla ansible deploy to install OpenStack system: .. code-block:: console
.. code-block:: console # kolla-ansible post-deploy
# kolla-ansible deploy -i ~/multinode With this command, the ```` will be generated at
5. Run kolla ansible post-deploy to generate tacker access environment file:
.. code-block:: console
# kolla-ansible post-deploy
With this command, the "" will be generated at
Prepare OpenStack Prepare OpenStack
~~~~~~~~~~~~~~~~~ -----------------
After installation, OpenStack administrator needs to: After installation, OpenStack administrator needs to:
@ -227,34 +201,34 @@ After installation, OpenStack administrator needs to:
in OpenStack. in OpenStack.
* Upload related images. Tacker repo's sample TOSCA templates are * Upload related images. Tacker repo's sample TOSCA templates are
referring to cirros image named 'cirros-0.4.0-x86_64-disk', so referring to cirros image named ``cirros-0.4.0-x86_64-disk``, so
this image should uploaded into OpenStack before Tacker uses it. this image should uploaded into OpenStack before Tacker uses it.
In additions, following steps are needed: In additions, following steps are needed:
1. Create projects and users which can be used by Tacker: #. Create projects and users which can be used by Tacker:
This is a simple task for any OpenStack administrator, but one thing to pay This is a simple task for any OpenStack administrator, but one thing to pay
attention to is that the user must have 'admin' and 'heat_stack_owner' attention to is that the user must have ``admin`` and ``heat_stack_owner``
roles on the user's project. roles on the user's project.
.. image:: ../_images/openstack_role.png .. image:: ../_images/openstack_role.png
:scale: 50 % :scale: 50 %
2. Create Neutron networks: #. Create Neutron networks:
Most sample TOSCA templates assume there are three Neutron networks in Most sample TOSCA templates assume there are three Neutron networks in
target OpenStack that the VIM user can use: target OpenStack that the VIM user can use:
* net_mgmt, which is a network Tacker system can access to. Some Tacker * ``net_mgmt``, which is a network Tacker system can access to. Some Tacker
features, such as monitor policies, need Tacker to access started VNF features, such as monitor policies, need Tacker to access started VNF
virtual machines. For Tacker to access VNF via net_mgmt, net_mgmt can virtual machines. For Tacker to access VNF via ``net_mgmt``, ``net_mgmt``
be a provider network. can be a provider network.
* net0 and net1, which are two business networks which VNFs will use. * ``net0`` and ``net1``, which are two business networks which VNFs will
How to connected them depends on the VNFs' business. use. How to connected them depends on the VNFs' business.
So create these three networks accordingly. For commands to create Neutron So create these three networks accordingly. For commands to create Neutron
networks, please refer to networks, please refer to

@ -1,7 +1,7 @@
auth_url: '' auth_url: ''
username: 'nfv_user' username: 'nfv_user'
password: 'mySecretPW' password: 'mySecretPW'
project_name: 'nfv' project_name: 'nfv'
project_domain_name: 'Default' project_domain_name: 'Default'
user_domain_name: 'Default' user_domain_name: 'Default'
cert_verify: 'False' cert_verify: 'True'