diff --git a/doc/source/deploy/install-guide.rst b/doc/source/deploy/install-guide.rst index f224e4f328..8a2a7f65c4 100644 --- a/doc/source/deploy/install-guide.rst +++ b/doc/source/deploy/install-guide.rst @@ -163,6 +163,14 @@ Although some configuration options are mentioned here, it is recommended that you review all the `available options `_ so that the Bare Metal service is configured for your needs. +It is possible to set up an ironic-api and an ironic-conductor services on the +same host or different hosts. Users also can add new ironic-conductor hosts +to deal with an increasing number of bare metal nodes. But the additional ironic-conductor +services should be at the same version as that of existing ironic-conductor services. + +Configuring ironic-api service +------------------------------ + #. The Bare Metal service stores information in a database. This guide uses the MySQL database that is used by other OpenStack services. @@ -172,15 +180,19 @@ so that the Bare Metal service is configured for your needs. [database] ... - # The SQLAlchemy connection string used to connect to the # database (string value) - #connection= connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic?charset=utf8 -#. Configure the Bare Metal service to use the RabbitMQ message broker by +#. Configure the ironic-api service to use the RabbitMQ message broker by setting one or more of these options. Replace RABBIT_HOST with the - address of the RabbitMQ server.:: + address of the RabbitMQ server:: + + [DEFAULT] + ... + # The messaging driver to use, defaults to rabbit. Other + # drivers include qpid and zmq. (string value) + #rpc_backend=rabbit [oslo_messaging_rabbit] ... @@ -194,109 +206,183 @@ so that the Bare Metal service is configured for your needs. # The RabbitMQ password (string value) #rabbit_password=guest - # The RabbitMQ virtual host (string value) - #rabbit_virtual_host=/ - -#. Configure the Bare Metal service to use these credentials with the Identity +#. Configure the ironic-api service to use these credentials with the Identity service. Replace IDENTITY_IP with the IP of the Identity server, and replace IRONIC_PASSWORD with the password you chose for the ``ironic`` user in the Identity service:: [DEFAULT] ... - # Method to use for authentication: noauth or keystone. - # (string value) - auth_strategy=keystone + # Authentication strategy used by ironic-api: one of + # "keystone" or "noauth". "noauth" should not be used in a + # production environment because all authentication will be + # disabled. (string value) + #auth_strategy=keystone - ... [keystone_authtoken] - - # Host providing the admin Identity API endpoint (string - # value) - #auth_host=127.0.0.1 - auth_host=IDENTITY_IP - - # Port of the admin Identity API endpoint (integer value) - #auth_port=35357 - - # Protocol of the admin Identity API endpoint(http or https) - # (string value) - #auth_protocol=https - + ... # Complete public Identity API endpoint (string value) - #auth_uri= auth_uri=http://IDENTITY_IP:5000/ - # Keystone account username (string value) - #admin_user= + # Complete admin Identity API endpoint. This should specify + # the unversioned root endpoint e.g. https://localhost:35357/ + # (string value) + identity_uri=http://IDENTITY_IP:35357/ + + # Service username. (string value) admin_user=ironic - # Keystone account password (string value) - #admin_password= + # Service account password. (string value) admin_password=IRONIC_PASSWORD - # Keystone service account tenant name to validate user tokens - # (string value) - #admin_tenant_name=admin + # Service tenant name. (string value) admin_tenant_name=service - # Directory used to cache files related to PKI tokens (string - # value) - #signing_dir= - -#. Set the URL (replace NEUTRON_IP) for connecting to the Networking service, - to be the Networking service endpoint:: - - [neutron] - - # URL for connecting to neutron. (string value) - #url=http://127.0.0.1:9696 - url=http://NEUTRON_IP:9696 - -#. Configure the Bare Metal service so that it can communicate with the - Image service. Replace GLANCE_IP with the hostname or IP address of - the Image service:: - - [glance] - - # A list of URL schemes that can be downloaded directly via - # the direct_url. Currently supported schemes: [file]. (list - # value) - #allowed_direct_url_schemes= - - # Default glance hostname or IP address. (string value) - #glance_host=$my_ip - glance_host=GLANCE_IP - - # Default glance port. (integer value) - #glance_port=9292 - - # Default protocol to use when connecting to glance. Set to - # https for SSL. (string value) - #glance_protocol=http - - # A list of the glance api servers available to nova. Prefix - # with https:// for SSL-based glance API servers. Format is - # [hostname|IP]:port. (string value) - #glance_api_servers= - - Note: Swift backend for the Image service should be installed and configured - for ``agent_*`` drivers. Starting with Mitaka the Bare Metal service also - supports Ceph Object Gateway (RADOS Gateway) as the Image service's backend - (:ref:`radosgw support`). - #. Create the Bare Metal service database tables:: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema -#. Restart the Bare Metal service:: +#. Restart the ironic-api service:: Fedora/RHEL7/CentOS7: sudo systemctl restart openstack-ironic-api - sudo systemctl restart openstack-ironic-conductor Ubuntu: sudo service ironic-api restart + + +Configuring ironic-conductor service +------------------------------------ + +#. Replace HOST_IP with IP of the conductor host, and replace DRIVERS with a + comma-separated list of drivers you chose for the conductor service as + follows:: + + [DEFAULT] + ... + # IP address of this host. If unset, will determine the IP + # programmatically. If unable to do so, will use "127.0.0.1". + # (string value) + my_ip = HOST_IP + + # Specify the list of drivers to load during service + # initialization. Missing drivers, or drivers which fail to + # initialize, will prevent the conductor service from + # starting. The option default is a recommended set of + # production-oriented drivers. A complete list of drivers + # present on your system may be found by enumerating the + # "ironic.drivers" entrypoint. An example may be found in the + # developer documentation online. (list value) + enabled_drivers=DRIVERS + + .. note:: + If a conductor host has multiple IPs, ``my_ip`` should + be set to the IP which is on the same network as the bare metal nodes. + +#. Configure the ironic-api service URL. Replace IRONIC_API_IP with IP of + ironic-api service as follows:: + + [conductor] + ... + # URL of Ironic API service. If not set ironic can get the + # current value from the keystone service catalog. (string + # value) + api_url=http://IRONIC_API_IP:6385 + +#. Configure the location of the database. Ironic-conductor should use the same + configuration as ironic-api. Replace IRONIC_DBPASSWORD with the password of + your ``ironic`` user, and replace DB_IP with the IP address where the DB server + is located:: + + [database] + ... + # The SQLAlchemy connection string to use to connect to the + # database. (string value) + connection = mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic?charset=utf8 + +#. Configure the ironic-conductor service to use the RabbitMQ message broker by + setting one or more of these options. Ironic-conductor should use the same + configuration as ironic-api. Replace RABBIT_HOST with the address of the RabbitMQ + server:: + + [DEFAULT] + ... + # The messaging driver to use, defaults to rabbit. Other + # drivers include qpid and zmq. (string value) + #rpc_backend=rabbit + + [oslo_messaging_rabbit] + ... + # The RabbitMQ broker address where a single node is used. + # (string value) + rabbit_host=RABBIT_HOST + + # The RabbitMQ userid. (string value) + #rabbit_userid=guest + + # The RabbitMQ password. (string value) + #rabbit_password=guest + +#. Configure the ironic-conductor service so that it can communicate with the + Image service. Replace GLANCE_IP with the hostname or IP address of + the Image service:: + + [glance] + ... + # Default glance hostname or IP address. (string value) + glance_host=GLANCE_IP + + .. note:: + Swift backend for the Image service should be installed and configured + for ``agent_*`` drivers. Starting with Mitaka the Bare Metal service also + supports Ceph Object Gateway (RADOS Gateway) as the Image service's backend + (:ref:`radosgw support`). + +#. Set the URL (replace NEUTRON_IP) for connecting to the Networking service, + to be the Networking service endpoint:: + + [neutron] + ... + # URL for connecting to neutron. (string value) + url=http://NEUTRON_IP:9696 + + To configure the network for ironic-conductor service to perform node cleaning, see + `CleaningNetworkSetup`_. + +#. Configure the ironic-conductor service to use these credentials with the Identity + service. Ironic-conductor should use the same configuration as ironic-api. + Replace IDENTITY_IP with the IP of the Identity server, and replace IRONIC_PASSWORD + with the password you chose for the ``ironic`` user in the Identity service:: + + [keystone_authtoken] + ... + # Complete public Identity API endpoint (string value) + auth_uri=http://IDENTITY_IP:5000/ + + # Complete admin Identity API endpoint. This should specify + # the unversioned root endpoint e.g. https://localhost:35357/ + # (string value) + identity_uri=http://IDENTITY_IP:35357/ + + # Service username. (string value) + admin_user=ironic + + # Service account password. (string value) + admin_password=IRONIC_PASSWORD + + # Service tenant name. (string value) + admin_tenant_name=service + +#. Make sure that ``qemu-img`` and ``iscsiadm`` (in the case of using iscsi-deploy driver) + binaries are installed and prepare the host system as described at + `Setup the drivers for the Bare Metal service`_ + +#. Restart the ironic-conductor service:: + + Fedora/RHEL7/CentOS7: + sudo systemctl restart openstack-ironic-conductor + + Ubuntu: sudo service ironic-conductor restart