starlingx/docs
Code Issues Proposed changes

Procedure to set the OpenStack domain (pick)

Browse Source 
Moved section to correct page and added reference.
Editorial fixes.

Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
Change-Id: I0d29b719cac09e9225a2ceea6b2ccd51913e2e1c
This commit is contained in:
Elisamara Aoki Goncalves
2022-02-14 10:44:50 -03:00
committed by Elisamara Aoki Gonçalves
parent f95ffd6878
commit 8b2d726fde
1 changed files with 98 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
doc/source/deploy_install_guides/r6_release/openstack/access.rst
View File

@@ -2,73 +2,13 @@
Access StarlingX OpenStack Access StarlingX OpenStack
========================== ==========================
Use local/remote CLIs, GUIs and/or REST APIs to access and manage StarlingX Use local/remote CLIs, GUIs and/or REST APIs to access and manage |prod|
OpenStack and hosted virtualized applications. OpenStack and hosted virtualized applications.
.. contents:: .. contents::
:local: :local:
:depth: 1 :depth: 1
------------------------------
Configure helm endpoint domain
------------------------------
Containerized OpenStack services in StarlingX are deployed behind an ingress
controller (nginx) that listens on either port 80 (HTTP) or port 443 (HTTPS).
The ingress controller routes packets to the specific OpenStack service, such as
the Cinder service, or the Neutron service, by parsing the FQDN in the packet.
For example, `neutron.openstack.svc.cluster.local` is for the Neutron service,
`cinderapi.openstack.svc.cluster.local` is for the Cinder service.
This routing requires that access to OpenStack REST APIs must be via a FQDN
or by using a remote OpenStack CLI that uses the REST APIs. You cannot access
OpenStack REST APIs using an IP address.
FQDNs (such as `cinderapi.openstack.svc.cluster.local`) must be in a DNS server
that is publicly accessible.
.. note::
There is a way to wildcard a set of FQDNs to the same IP address in a DNS
server configuration so that you dont need to update the DNS server every
time an OpenStack service is added. Check your particular DNS server for
details on how to wild-card a set of FQDNs.
In a “real” deployment, that is, not a lab scenario, you can not use the default
`openstack.svc.cluster.local` domain name externally. You must set a unique
domain name for your StarlingX system. StarlingX provides the
:command:`system serviceparameter-add` command to configure and set the
OpenStack domain name:
::
system service-parameter-add openstack helm endpoint_domain=<domain_name>
`<domain_name>` should be a fully qualified domain name that you own, such that
you can configure the DNS Server that owns `<domain_name>` with the OpenStack
service names underneath the domain.
For example:
.. parsed-literal::
system service-parameter-add openstack helm endpoint_domain=my-starlingx-domain.my-company.com
system application-apply |prefix|-openstack
This command updates the helm charts of all OpenStack services and restarts them.
For example it would change `cinderapi.openstack.svc.cluster.local` to
`cinderapi.my-starlingx-domain.my-company.com`, and so on for all OpenStack
services.
.. note::
This command also changes the containerized OpenStack Horizon to listen on
`horizon.my-starlingx-domain.my-company.com:80` instead of the initial
`<oamfloatingip>:31000`.
You must configure `{ *.my-starlingx-domain.my-company.com: --> oamfloatingipaddress }`
in the external DNS server that owns `my-company.com`.
--------- ---------
Local CLI Local CLI
--------- ---------
@@ -84,7 +24,7 @@ You can use this method on either controller, active or standby.
**Do not** use ``source /etc/platform/openrc``. **Do not** use ``source /etc/platform/openrc``.
#. Set the CLI context to the StarlingX OpenStack Cloud Application and set up #. Set the CLI context to the |prod-os| Cloud Application and set up
OpenStack admin credentials: OpenStack admin credentials:
:: ::
@@ -111,14 +51,14 @@ You can use this method on either controller, active or standby.
**Method 2** **Method 2**
Use this method to access StarlingX Kubernetes commands and StarlingX OpenStack Use this method to access |prod| Kubernetes commands and |prod-os|
commands in the same shell. You can only use this method on the active commands in the same shell. You can only use this method on the active
controller. controller.
#. Log in to the active controller via the console or SSH with a #. Log in to the active controller via the console or SSH with a
sysadmin/<sysadmin-password>. sysadmin/<sysadmin-password>.
#. Set the CLI context to the StarlingX OpenStack Cloud Application and set up #. Set the CLI context to the |prod-os| Cloud Application and set up
OpenStack admin credentials: OpenStack admin credentials:
:: ::
@@ -128,16 +68,16 @@ controller.
.. note:: .. note::
To switch between StarlingX Kubernetes/Platform credentials and StarlingX To switch between |prod| Kubernetes/Platform credentials and |prod-os|
OpenStack credentials, use ``source /etc/platform/openrc`` or credentials, use ``source /etc/platform/openrc`` or ``source
``source ./openrc.os`` respectively. ./openrc.os`` respectively.
********************** **********************
OpenStack CLI commands OpenStack CLI commands
********************** **********************
Access OpenStack CLI commands for the StarlingX OpenStack cloud application Access OpenStack CLI commands for the |prod-os| cloud application
using the :command:`openstack` command. For example: using the :command:`openstack` command. For example:
:: ::
@@ -162,14 +102,101 @@ The image below shows a typical successful run.
:alt: starlingx-access-openstack-flavorlist :alt: starlingx-access-openstack-flavorlist
:scale: 50% :scale: 50%
*Figure 1: StarlingX OpenStack Flavorlist* *Figure 1: |prod-os| Flavorlist*
.. figure:: /deploy_install_guides/r6_release/figures/starlingx-access-openstack-command.png .. figure:: /deploy_install_guides/r6_release/figures/starlingx-access-openstack-command.png
:alt: starlingx-access-openstack-command :alt: starlingx-access-openstack-command
:scale: 50% :scale: 50%
*Figure 2: StarlingX OpenStack Commands* *Figure 2: |prod-os| Commands*
------------------------------
Configure Helm endpoint domain
------------------------------
Containerized OpenStack services in |prod| are deployed behind an ingress
controller (nginx) that listens on either port 80 (HTTP) or port 443 (HTTPS).
The ingress controller routes packets to the specific OpenStack service, such as
the Cinder service, or the Neutron service, by parsing the |FQDN| in the packet.
For example, ``neutron.openstack.svc.cluster.local`` is for the Neutron service,
``cinderapi.openstack.svc.cluster.local`` is for the Cinder service.
This routing requires that access to OpenStack REST APIs must be via a |FQDN|
or by using a remote OpenStack CLI that uses the REST APIs. You cannot access
OpenStack REST APIs using an IP address.
FQDNs (such as ``cinderapi.openstack.svc.cluster.local``) must be in a DNS
server that is publicly accessible.
.. note::
There is a way to wildcard a set of FQDNs to the same IP address in a DNS
server configuration so that you dont need to update the DNS server every
time an OpenStack service is added. Check your particular DNS server for
details on how to wild-card a set of FQDNs.
In a “real” deployment, that is, not a lab scenario, you cannot use the default
``openstack.svc.cluster.local`` domain name externally. You must set a unique
domain name for your |prod| system. |prod| provides the
:command:`system serviceparameter-add` command to configure and set the
OpenStack domain name:
::
system service-parameter-add openstack helm endpoint_domain=<domain_name>
``<domain_name>`` should be a fully qualified domain name that you own, such that
you can configure the DNS Server that owns ``<domain_name>`` with the OpenStack
service names underneath the domain.
For example:
.. parsed-literal::
system service-parameter-add openstack helm endpoint_domain=my-starlingx-domain.my-company.com
system application-apply |prefix|-openstack
This command updates the Helm charts of all OpenStack services and restarts them.
For example it would change ``cinderapi.openstack.svc.cluster.local`` to
``cinderapi.my-starlingx-domain.my-company.com``, and so on for all OpenStack
services.
.. note::
This command also changes the containerized OpenStack Horizon to listen on
``horizon.my-starlingx-domain.my-company.com:80`` instead of the initial
``<oamfloatingip>:31000``.
You must configure { ``*.my-starlingx-domain.my-company.com: --> oamfloatingipaddress }``
in the external DNS server that owns ``my-company.com``.
---------------------------
Configure HTTPS Certificate
---------------------------
This certificate must be valid for the domain configured for |prod-os|.
#. Enable HTTPS for |prod|, see :ref:`Enable HTTPS Access for StarlingX REST
and Web Server Endpoints
<enable-https-access-for-starlingx-rest-and-web-server-endpoints>`.
.. note::
IF AND ONLY IF |prod-os| application is currently APPLIED when you do
this, a |prod-os| application (re-)apply is internally triggered and
fails because you have not setup the |prod-os| certificate yet.
#. Set the |prod-os| domain and configure your external DNS server, see
:ref:`Update the Domain Name <update-the-domain-name>`.
#. Configure the |prod-os| certificate and configure |prod-os| services to use
it, see :ref:`Install REST API and Horizon Certificate
<install-rest-api-and-horizon-certificate>`.
#. Open port 443 in |prod| firewall, see :ref:`Modify Firewall Options
<security-firewall-options>`.
---------- ----------
Remote CLI Remote CLI
@@ -181,7 +208,7 @@ Documentation coming soon.
GUI GUI
--- ---
Access the StarlingX containerized OpenStack Horizon GUI in your browser at the Access the |prod| containerized OpenStack Horizon GUI in your browser at the
following address: following address:
:: ::