Merge "Upgrade the rst convention of the Admin Guide"

This commit is contained in:
Zuul 2018-03-22 06:58:33 +00:00 committed by Gerrit Code Review
commit 911e1e5b89
4 changed files with 157 additions and 110 deletions

View File

@ -5,91 +5,106 @@ Advanced Configuration
====================== ======================
Endpoint Network Configuration Endpoint Network Configuration
============================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When an OpenStack cloud is deployed, the REST API of each service is presented When an OpenStack cloud is deployed, the REST API of each service is presented
as a series of endpoints. These endpoints are the admin URL, the internal as a series of endpoints. These endpoints are the admin URL, the internal
URL, and the external URL. URL, and the external URL.
Kolla offers two options for assigning these endpoints to network addresses: Kolla offers two options for assigning these endpoints to network addresses:
- Combined - Where all three endpoints share the same IP address - Combined - Where all three endpoints share the same IP address
- Separate - Where the external URL is assigned to an IP address that is - Separate - Where the external URL is assigned to an IP address that is
different than the IP address shared by the internal and admin URLs different than the IP address shared by the internal and admin URLs
The configuration parameters related to these options are: The configuration parameters related to these options are:
- kolla_internal_vip_address - kolla_internal_vip_address
- network_interface - network_interface
- kolla_external_vip_address - kolla_external_vip_address
- kolla_external_vip_interface - kolla_external_vip_interface
For the combined option, set the two variables below, while allowing the For the combined option, set the two variables below, while allowing the
other two to accept their default values. In this configuration all REST other two to accept their default values. In this configuration all REST
API requests, internal and external, will flow over the same network. :: API requests, internal and external, will flow over the same network.
.. code-block:: none
kolla_internal_vip_address: "10.10.10.254" kolla_internal_vip_address: "10.10.10.254"
network_interface: "eth0" network_interface: "eth0"
.. end
For the separate option, set these four variables. In this configuration For the separate option, set these four variables. In this configuration
the internal and external REST API requests can flow over separate the internal and external REST API requests can flow over separate
networks. :: networks.
.. code-block:: none
kolla_internal_vip_address: "10.10.10.254" kolla_internal_vip_address: "10.10.10.254"
network_interface: "eth0" network_interface: "eth0"
kolla_external_vip_address: "10.10.20.254" kolla_external_vip_address: "10.10.20.254"
kolla_external_vip_interface: "eth1" kolla_external_vip_interface: "eth1"
.. end
Fully Qualified Domain Name Configuration Fully Qualified Domain Name Configuration
========================================= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When addressing a server on the internet, it is more common to use When addressing a server on the internet, it is more common to use
a name, like www.example.net, instead of an address like 10.10.10.254. a name, like ``www.example.net``, instead of an address like
If you prefer to use names to address the endpoints in your kolla ``10.10.10.254``. If you prefer to use names to address the endpoints
deployment use the variables: in your kolla deployment use the variables:
- kolla_internal_fqdn - kolla_internal_fqdn
- kolla_external_fqdn - kolla_external_fqdn
:: .. code-block:: none
kolla_internal_fqdn: inside.mykolla.example.net kolla_internal_fqdn: inside.mykolla.example.net
kolla_external_fqdn: mykolla.example.net kolla_external_fqdn: mykolla.example.net
.. end
Provisions must be taken outside of kolla for these names to map to the Provisions must be taken outside of kolla for these names to map to the
configured IP addresses. Using a DNS server or the /etc/hosts file are configured IP addresses. Using a DNS server or the ``/etc/hosts`` file
two ways to create this mapping. are two ways to create this mapping.
RabbitMQ Hostname Resolution RabbitMQ Hostname Resolution
============================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RabbitMQ doesn't work with IP address, hence the IP address of api_interface RabbitMQ doesn't work with IP address, hence the IP address of
should be resolvable by hostnames to make sure that all RabbitMQ Cluster hosts ``api_interface`` should be resolvable by hostnames to make sure that
can resolve each others hostname beforehand. all RabbitMQ Cluster hosts can resolve each others hostname beforehand.
TLS Configuration TLS Configuration
================= ~~~~~~~~~~~~~~~~~
An additional endpoint configuration option is to enable or disable An additional endpoint configuration option is to enable or disable
TLS protection for the external VIP. TLS allows a client to authenticate TLS protection for the external VIP. TLS allows a client to authenticate
the OpenStack service endpoint and allows for encryption of the requests the OpenStack service endpoint and allows for encryption of the requests
and responses. and responses.
.. note:: The kolla_internal_vip_address and kolla_external_vip_address must .. note::
The kolla_internal_vip_address and kolla_external_vip_address must
be different to enable TLS on the external network. be different to enable TLS on the external network.
The configuration variables that control TLS networking are: The configuration variables that control TLS networking are:
- kolla_enable_tls_external - kolla_enable_tls_external
- kolla_external_fqdn_cert - kolla_external_fqdn_cert
The default for TLS is disabled; to enable TLS networking: The default for TLS is disabled, to enable TLS networking:
:: .. code-block:: none
kolla_enable_tls_external: "yes" kolla_enable_tls_external: "yes"
kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/mycert.pem" kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/mycert.pem"
.. end
.. note:: TLS authentication is based on certificates that have been .. note::
TLS authentication is based on certificates that have been
signed by trusted Certificate Authorities. Examples of commercial signed by trusted Certificate Authorities. Examples of commercial
CAs are Comodo, Symantec, GoDaddy, and GlobalSign. Letsencrypt.org CAs are Comodo, Symantec, GoDaddy, and GlobalSign. Letsencrypt.org
is a CA that will provide trusted certificates at no charge. Many is a CA that will provide trusted certificates at no charge. Many
@ -97,8 +112,9 @@ The default for TLS is disabled; to enable TLS networking:
company's domain. If using a trusted CA is not possible for your company's domain. If using a trusted CA is not possible for your
situation, you can use OpenSSL to create your own or see the section situation, you can use OpenSSL to create your own or see the section
company's domain. If using a trusted CA is not possible for your company's domain. If using a trusted CA is not possible for your
situation, you can use `OpenSSL`_ to create your own or see the section situation, you can use `OpenSSL <https://www.openssl.org>`__
below about kolla generated self-signed certificates. to create your own or see the section below about kolla
generated self-signed certificates.
Two certificate files are required to use TLS securely with authentication. Two certificate files are required to use TLS securely with authentication.
These two files will be provided by your Certificate Authority. These These two files will be provided by your Certificate Authority. These
@ -112,7 +128,7 @@ need to be distributed to the client.
When using TLS to connect to a public endpoint, an OpenStack client will When using TLS to connect to a public endpoint, an OpenStack client will
have settings similar to this: have settings similar to this:
:: .. code-block:: shell
export OS_PROJECT_DOMAIN_ID=default export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default
@ -124,12 +140,14 @@ have settings similar to this:
export OS_CACERT=/etc/pki/mykolla-cacert.crt export OS_CACERT=/etc/pki/mykolla-cacert.crt
export OS_IDENTITY_API_VERSION=3 export OS_IDENTITY_API_VERSION=3
.. _OpenSSL: https://www.openssl.org/ .. end
Self-Signed Certificates Self-Signed Certificates
======================== ~~~~~~~~~~~~~~~~~~~~~~~~
.. note:: Self-signed certificates should never be used in production. .. note::
Self-signed certificates should never be used in production.
It is not always practical to get a certificate signed by a well-known It is not always practical to get a certificate signed by a well-known
trust CA, for example a development or internal test kolla deployment. In trust CA, for example a development or internal test kolla deployment. In
@ -139,7 +157,7 @@ For convenience, the ``kolla-ansible`` command will generate the necessary
certificate files based on the information in the ``globals.yml`` certificate files based on the information in the ``globals.yml``
configuration file: configuration file:
:: .. code-block:: console
kolla-ansible certificates kolla-ansible certificates
@ -149,14 +167,16 @@ in the ``/etc/kolla/certificates/`` directory.
.. _service-config: .. _service-config:
OpenStack Service Configuration in Kolla OpenStack Service Configuration in Kolla
======================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note:: As of now kolla only supports config overrides for ini based configs. .. note::
As of now kolla only supports config overrides for ini based configs.
An operator can change the location where custom config files are read from by An operator can change the location where custom config files are read from by
editing ``/etc/kolla/globals.yml`` and adding the following line. editing ``/etc/kolla/globals.yml`` and adding the following line.
:: .. code-block:: none
# The directory to merge custom config files the kolla's config files # The directory to merge custom config files the kolla's config files
node_custom_config: "/etc/kolla/config" node_custom_config: "/etc/kolla/config"
@ -167,32 +187,41 @@ This can be done per-project, per-service or per-service-on-specified-host.
For example to override scheduler_max_attempts in nova scheduler, the operator For example to override scheduler_max_attempts in nova scheduler, the operator
needs to create ``/etc/kolla/config/nova/nova-scheduler.conf`` with content: needs to create ``/etc/kolla/config/nova/nova-scheduler.conf`` with content:
:: .. path /etc/kolla/config/nova/nova-scheduler.conf
.. code-block:: ini
[DEFAULT] [DEFAULT]
scheduler_max_attempts = 100 scheduler_max_attempts = 100
.. end
If the operator wants to configure compute node cpu and ram allocation ratio If the operator wants to configure compute node cpu and ram allocation ratio
on host myhost, the operator needs to create file on host myhost, the operator needs to create file
``/etc/kolla/config/nova/myhost/nova.conf`` with content: ``/etc/kolla/config/nova/myhost/nova.conf`` with content:
:: .. path /etc/kolla/config/nova/myhost/nova.conf
.. code-block:: ini
[DEFAULT] [DEFAULT]
cpu_allocation_ratio = 16.0 cpu_allocation_ratio = 16.0
ram_allocation_ratio = 5.0 ram_allocation_ratio = 5.0
.. end
Kolla allows the operator to override configuration globally for all services. Kolla allows the operator to override configuration globally for all services.
It will look for a file called ``/etc/kolla/config/global.conf``. It will look for a file called ``/etc/kolla/config/global.conf``.
For example to modify database pool size connection for all services, the For example to modify database pool size connection for all services, the
operator needs to create ``/etc/kolla/config/global.conf`` with content: operator needs to create ``/etc/kolla/config/global.conf`` with content:
:: .. path /etc/kolla/config/global.conf
.. code-block:: ini
[database] [database]
max_pool_size = 100 max_pool_size = 100
.. end
In case the operators want to customize ``policy.json`` file, they should In case the operators want to customize ``policy.json`` file, they should
create a full policy file for specific project in the same directory like above create a full policy file for specific project in the same directory like above
and Kolla will overwrite default policy file with it. Be aware, with some and Kolla will overwrite default policy file with it. Be aware, with some
@ -204,72 +233,87 @@ For example to overwrite ``policy.json`` file of Neutron project, the operator
needs to grab ``policy.json`` from Neutron project source code, update rules needs to grab ``policy.json`` from Neutron project source code, update rules
and then put it to ``/etc/kolla/config/neutron/policy.json``. and then put it to ``/etc/kolla/config/neutron/policy.json``.
.. note:: Currently kolla-ansible only support JSON format for policy file. .. note::
Currently kolla-ansible only support JSON format for policy file.
The operator can make these changes after services were already deployed by The operator can make these changes after services were already deployed by
using following command: using following command:
:: .. code-block:: console
kolla-ansible reconfigure kolla-ansible reconfigure
.. end
IP Address Constrained Environments IP Address Constrained Environments
=================================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If a development environment doesn't have a free IP address available for VIP If a development environment doesn't have a free IP address available for VIP
configuration, the host's IP address may be used here by disabling HAProxy by configuration, the host's IP address may be used here by disabling HAProxy by
adding: adding:
:: .. code-block:: none
enable_haproxy: "no" enable_haproxy: "no"
.. end
Note this method is not recommended and generally not tested by the Note this method is not recommended and generally not tested by the
Kolla community, but included since sometimes a free IP is not available Kolla community, but included since sometimes a free IP is not available
in a testing environment. in a testing environment.
External Elasticsearch/Kibana environment External Elasticsearch/Kibana environment
========================================= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It is possible to use an external Elasticsearch/Kibana environment. To do this It is possible to use an external Elasticsearch/Kibana environment. To do this
first disable the deployment of the central logging. first disable the deployment of the central logging.
:: .. code-block:: none
enable_central_logging: "no" enable_central_logging: "no"
.. end
Now you can use the parameter ``elasticsearch_address`` to configure the Now you can use the parameter ``elasticsearch_address`` to configure the
address of the external Elasticsearch environment. address of the external Elasticsearch environment.
Non-default <service> port Non-default <service> port
========================== ~~~~~~~~~~~~~~~~~~~~~~~~~~
It is sometimes required to use a different than default port It is sometimes required to use a different than default port
for service(s) in Kolla. It is possible with setting <service>_port for service(s) in Kolla. It is possible with setting
in ``globals.yml`` file. ``<service>_port`` in ``globals.yml`` file. For example:
For example:
:: .. code-block:: none
database_port: 3307 database_port: 3307
As <service>_port value is saved in different services' configuration so .. end
As ``<service>_port`` value is saved in different services' configuration so
it's advised to make above change before deploying. it's advised to make above change before deploying.
Use an external Syslog server Use an external Syslog server
============================= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
By default, Fluentd is used as a syslog server to collect Swift and HAProxy By default, Fluentd is used as a syslog server to collect Swift and HAProxy
logs. When Fluentd is disabled or you want to use an external syslog server, logs. When Fluentd is disabled or you want to use an external syslog server,
You can set syslog parameters in ``globals.yml`` file. You can set syslog parameters in ``globals.yml`` file. For example:
For example:
:: .. code-block:: none
syslog_server: "172.29.9.145" syslog_server: "172.29.9.145"
syslog_udp_port: "514" syslog_udp_port: "514"
You can also set syslog facility names for Swift and HAProxy logs. By default, .. end
Swift and HAProxy use ``local0`` and ``local1``, respectively.
:: You can also set syslog facility names for Swift and HAProxy logs.
By default, Swift and HAProxy use ``local0`` and ``local1``, respectively.
.. code-block:: none
syslog_swift_facility: "local0" syslog_swift_facility: "local0"
syslog_haproxy_facility: "local1" syslog_haproxy_facility: "local1"
.. end

View File

@ -5,7 +5,7 @@ Kolla's Deployment Philosophy
============================= =============================
Overview Overview
======== ~~~~~~~~
Kolla has an objective to replace the inflexible, painful, resource-intensive Kolla has an objective to replace the inflexible, painful, resource-intensive
deployment process of OpenStack with a flexible, painless, inexpensive deployment process of OpenStack with a flexible, painless, inexpensive
@ -23,7 +23,7 @@ OpenStack services increases, Kolla offers full capability to override every
OpenStack service configuration option in the deployment. OpenStack service configuration option in the deployment.
Why not Template Customization? Why not Template Customization?
=============================== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Kolla upstream community does not want to place key/value pairs in the The Kolla upstream community does not want to place key/value pairs in the
Ansible playbook configuration options that are not essential to obtaining Ansible playbook configuration options that are not essential to obtaining
@ -39,7 +39,7 @@ Essentially templating in configuration options is not a scalable solution
and would result in an inability of the project to execute its mission. and would result in an inability of the project to execute its mission.
Kolla's Solution to Customization Kolla's Solution to Customization
================================= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rather than deal with the customization madness of templating configuration Rather than deal with the customization madness of templating configuration
options in Kolla's Ansible playbooks, Kolla eliminates all the inefficiencies options in Kolla's Ansible playbooks, Kolla eliminates all the inefficiencies
@ -56,12 +56,17 @@ configuration options documentation is extremely mature and well-formulated.
As an example, consider running Kolla in a virtual machine. In order to As an example, consider running Kolla in a virtual machine. In order to
launch virtual machines from Nova in a virtual environment, it is necessary launch virtual machines from Nova in a virtual environment, it is necessary
to use the QEMU hypervisor, rather than the KVM hypervisor. To achieve this to use the QEMU hypervisor, rather than the KVM hypervisor. To achieve this
result, simply `mkdir -p /etc/kolla/config` and modify the file result, simply :command:`mkdir -p /etc/kolla/config` and modify the file
`/etc/kolla/config/nova.conf` with the contents:: `/etc/kolla/config/nova.conf` with the contents
.. path /etc/kolla/config/nova.conf
.. code-block:: ini
[libvirt] [libvirt]
virt_type=qemu virt_type=qemu
.. end
After this change Kolla will use an emulated hypervisor with lower performance. After this change Kolla will use an emulated hypervisor with lower performance.
Kolla could have templated this commonly modified configuration option. If Kolla could have templated this commonly modified configuration option. If
Kolla starts down this path, the Kolla project could end with hundreds of Kolla starts down this path, the Kolla project could end with hundreds of

View File

@ -1,8 +1,9 @@
============
Admin Guides Admin Guides
============ ============
.. toctree:: .. toctree::
:maxdepth: 1 :maxdepth: 2
advanced-configuration advanced-configuration
production-architecture-guide production-architecture-guide

View File

@ -9,7 +9,7 @@ meant to answer some questions regarding basic configuration options that Kolla
requires. This document also contains other useful pointers. requires. This document also contains other useful pointers.
Node types and services running on them Node types and services running on them
======================================= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A basic Kolla inventory consists of several types of nodes, known in Ansible as A basic Kolla inventory consists of several types of nodes, known in Ansible as
``groups``. ``groups``.
@ -30,12 +30,12 @@ A basic Kolla inventory consists of several types of nodes, known in Ansible as
* Monitoring - Monitor nodes which host monitoring services. * Monitoring - Monitor nodes which host monitoring services.
Network configuration Network configuration
===================== ~~~~~~~~~~~~~~~~~~~~~
.. _interface-configuration: .. _interface-configuration:
Interface configuration Interface configuration
*********************** -----------------------
In Kolla operators should configure following network interfaces: In Kolla operators should configure following network interfaces:
@ -80,21 +80,21 @@ In Kolla operators should configure following network interfaces:
with the bare metal cloud hosts in order to provide DHCP leases with with the bare metal cloud hosts in order to provide DHCP leases with
PXE boot options. Defaults to ``network_interface``. PXE boot options. Defaults to ``network_interface``.
.. WARNING:: .. warning::
Ansible facts does not recognize interface names containing dashes, Ansible facts does not recognize interface names containing dashes,
in example ``br-ex`` or ``bond-0`` cannot be used because ansible will read in example ``br-ex`` or ``bond-0`` cannot be used because ansible will read
them as ``br_ex`` and ``bond_0`` respectively. them as ``br_ex`` and ``bond_0`` respectively.
Docker configuration Docker configuration
==================== ~~~~~~~~~~~~~~~~~~~~
Because Docker is core dependency of Kolla, proper configuration of Docker can Because Docker is core dependency of Kolla, proper configuration of Docker can
change the experience of Kolla significantly. Following section will highlight change the experience of Kolla significantly. Following section will highlight
several Docker configuration details relevant to Kolla operators. several Docker configuration details relevant to Kolla operators.
Storage driver Storage driver
************** --------------
In certain distributions Docker storage driver defaults to devicemapper, which In certain distributions Docker storage driver defaults to devicemapper, which
can heavily hit performance of builds and deploys. We suggest to use btrfs or can heavily hit performance of builds and deploys. We suggest to use btrfs or
@ -102,14 +102,11 @@ aufs as driver. More details on which storage driver to use in
`Docker documentation <https://docs.docker.com/engine/userguide/storagedriver/selectadriver/>`_. `Docker documentation <https://docs.docker.com/engine/userguide/storagedriver/selectadriver/>`_.
Volumes Volumes
******* -------
Kolla puts nearly all of persistent data in Docker volumes. These volumes are Kolla puts nearly all of persistent data in Docker volumes. These volumes are
created in Docker working directory, which defaults to created in Docker working directory, which defaults to ``/var/lib/docker``
directory.
::
/var/lib/docker
We recommend to ensure that this directory has enough space and is placed on We recommend to ensure that this directory has enough space and is placed on
fast disk as it will affect performance of builds, deploys as well as database fast disk as it will affect performance of builds, deploys as well as database