This patch configures TLS for OVN to use the local CA cert on the controller. The compute nodes request certificates to be provided by the CA cert and will use those certificates to configure local controller connections to the OVN SB database via TLS. The client certificates are validated against the control nodes CA. Local connections on the control node continue to use the local unix socket, which should be considered to be secure since it does not egress the node. Change-Id: Iacf5d5637c3a093bd80879c2ebb58efb16b52e66
|1 week ago|
|checks||2 years ago|
|patches||1 year ago|
|snap/hooks||2 months ago|
|snap-overlay||4 days ago|
|snap-wrappers||12 months ago|
|tests||1 month ago|
|tools||3 days ago|
|.gitignore||2 years ago|
|.gitreview||2 years ago|
|.zuul.yaml||9 months ago|
|CONTRIBUTING.md||2 years ago|
|DEMO.md||5 months ago|
|README.md||11 months ago|
|filebeat.pgp.key||2 years ago|
|osci.yaml||3 months ago|
|snapcraft.yaml||1 week ago|
|telegraf.pgp.key||2 years ago|
|test-requirements.txt||9 months ago|
|tox.ini||7 months ago|
MicroStack is a single-machine, snap-deployed OpenStack cloud.
Common purposes include:
- Development and testing of OpenStack workloads
- Continuous integration (CI)
- IoT and appliances
- Edge clouds (experimental)
- Introducing new users to OpenStack
Currently provided OpenStack services are: Nova, Keystone, Glance, Horizon, and Neutron.
MicroStack is frequently updated to provide the latest stable updates of the most recent OpenStack release.
Requirements: You will need at least 2 CPUs, 8 GiB of memory, and 100 GiB of disk space.
See the full MicroStack documentation.
At this time you can install from the
--edge snap channels:
sudo snap install microstack --classic --beta
The edge channel is moving toward a strictly confined snap. At this time, it must be installed in devmode:
sudo snap install microstack --devmode --edge
Initialisation will set up databases, networks, flavors, an SSH keypair, a CirrOS image, and open ICMP/SSH security groups:
sudo microstack.init --auto
The OpenStack client is bundled as
microstack.openstack. For example:
microstack.openstack network list microstack.openstack flavor list microstack.openstack keypair list microstack.openstack image list microstack.openstack security group rule list
Creating an instance
To create an instance (called "awesome") based on the CirrOS image:
microstack.launch cirros --name awesome
SSH to an instance
The launch output will show you how to connect to the instance. For the CirrOS image, the user account is 'cirros'.
ssh -i ~/.ssh/id_microstack cirros@<ip-address>
The launch output will also provide information for the Horizon dashboard. The username is 'admin' and the password can be obtained in this way:
sudo snap get microstack config.credentials.keystone-password
To remove MicroStack, run:
sudo microstack.remove --auto
This will clean up the Open vSwitch bridge device and uninstall
MicroStack. If you remove MicroStack with the
snap remove command
instead, don't worry -- the Open vSwitch bridge will disappear the
next time that you reboot your system.
Note that you can pass any arguments that you'd pass to the
snap remove command to
microstack.remove. To purge the snap,
for example, run:
sudo microstack.remove --auto --purge
Filebeat, Telegraf and NRPE are bundled as the snap systemd services.
Customising and contributing
To customise services and settings, look in the
.d directories under
/var/snap/microstack/common/etc. You can add services with your package
manager, or take a look at
CONTRIBUTING.md and make a code based argument for
adding a service to the default list.
Reporting a bug
Please report bugs to the MicroStack project on Launchpad.