Merge "Multi-regions Support"

ansible/group_vars/all.yml

@@ -257,6 +257,10 @@ openstack_logging_debug: "False"
 
 openstack_region_name: "RegionOne"
 
+# In the context of multi-regions, list here the name of all your regions.
+multiple_regions_names:
+    - "{{ openstack_region_name }}"
+
 openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min if orchestration_engine == 'ANSIBLE' else '1'}}"
 
 # Optionally allow Kolla to set sysctl values

ansible/roles/horizon/templates/local_settings.j2

@@ -184,11 +184,14 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 #EMAIL_HOST_USER = 'djangomail'
 #EMAIL_HOST_PASSWORD = 'top-secret!'
 
+{% if multiple_regions_names|length > 1 %}
 # For multiple regions uncomment this configuration, and add (endpoint, title).
-#AVAILABLE_REGIONS = [
-#    ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
-#    ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
-#]
+AVAILABLE_REGIONS = [
+{% for region_name in multiple_regions_names %}
+    ('{{ keystone_internal_url }}', '{{ region_name }}'),
+{% endfor %}
+]
+{% endif %}
 
 OPENSTACK_HOST = "{% if orchestration_engine == 'KUBERNETES' %}{{ api_interface_address }}{% else %}{{ kolla_internal_fqdn }}{% endif %}"
 

ansible/roles/keystone/tasks/register.yml

@@ -1,10 +1,11 @@
 ---
 - name: Creating admin project, user, role, service, and endpoint
-  command: docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ openstack_auth.project_name }} admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ openstack_region_name }}
+  command: docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ openstack_auth.project_name }} admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
   register: keystone_bootstrap
   changed_when: "{{ (keystone_bootstrap.stdout | from_json).changed }}"
   failed_when: "{{ (keystone_bootstrap.stdout | from_json).failed }}"
   run_once: True
+  with_items: "{{ multiple_regions_names }}"
 
 - name: Creating default user role
   kolla_toolbox:

ansible/roles/nova/tasks/simple_cell_setup.yml

@@ -3,7 +3,7 @@
   command: >
     docker exec kolla_toolbox openstack
     --os-interface internal
-    --os-auth-url {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3
+    --os-auth-url {{ keystone_admin_url }}
     --os-identity-api-version 3
     --os-project-domain-name default
     --os-tenant-name admin

doc/advanced-configuration.rst

@@ -146,6 +146,7 @@ configuration file:
 The files haproxy.pem and haproxy-ca.pem will be generated and stored
 in the ``/etc/kolla/certificates/`` directory.
 
+.. _service-config:
 
 OpenStack Service Configuration in Kolla
 ========================================

doc/index.rst

@@ -51,6 +51,7 @@ Kolla Overview
    production-architecture-guide
    quickstart
    multinode
+   multi-regions
    advanced-configuration
    operating-kolla
    security

doc/multi-regions.rst

@@ -0,0 +1,121 @@
+.. _multi-regions:
+
+======================================
+Multiple Regions Deployment with Kolla
+======================================
+
+This section describes how to perform a basic multiple regions deployment
+with Kolla. A basic multiple regions deployment consists of separate
+OpenStack installation in two or more regions (RegionOne, RegionTwo, ...)
+with a shared Keystone and Horizon. The rest of this documentation assumes
+Keystone and Horizon are deployed in RegionOne, and other regions have
+access to the admin endpoint (i.e., ``kolla_internal_fqdn``) of RegionOne.
+It also assumes that the operator knows the name of all OpenStack regions
+in advance, and considers as many Kolla deployments as there are regions.
+
+There are specifications of multiple regions deployment at:
+`<http://docs.openstack.org/arch-design/multi-site-architecture.html>`__
+and
+`<https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat>`__.
+
+Deployment of the first region with Keystone and Horizon
+========================================================
+
+Deployment of the first region results in a typical Kolla deployment
+whenever, it is an *all-in-one* or *multinode* deployment (see
+:doc:`quickstart`). It only requires slight modifications in the
+``/etc/kolla/globals.yml`` configuration file. First of all, ensure that
+Keystone and Horizon are enabled:
+
+::
+
+   enable_keystone: "yes"
+   enable_horizon: "yes"
+
+Then, change the value of ``multiple_regions_names`` to add names of other
+regions. In this example, we consider two regions. The current one,
+formerly knows as RegionOne, that is hided behind
+``openstack_region_name`` variable, and the RegionTwo:
+
+::
+
+   openstack_region_name: "RegionOne"
+   multiple_regions_names:
+       - "{{ openstack_region_name }}"
+       - "RegionTwo"
+
+.. note:: Kolla uses these variables to create necessary endpoints into
+          Keystone so that services of other regions can access it. Kolla
+          also updates the Horizon ``local_settings`` to support multiple
+          regions.
+
+Finally, note the value of ``kolla_internal_fqdn`` and run
+``kolla-ansible``. The ``kolla_internal_fqdn`` value will be used by other
+regions to contact Keystone. For the sake of this example, we assume the
+value of ``kolla_internal_fqdn`` is ``10.10.10.254``.
+
+Deployment of other regions
+===========================
+
+Deployment of other regions follows an usual Kolla deployment except that
+OpenStack services connect to the RegionOne's Keystone. This implies to
+update the ``/etc/kolla/globals.yml`` configuration file to tell Kolla how
+to reach Keystone. In the following, ``kolla_internal_fqdn_r1`` refers to
+the value of ``kolla_internal_fqdn`` in RegionOne:
+
+::
+
+   kolla_internal_fqdn_r1: 10.10.10.254
+
+   keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}/v3"
+   keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_public_port }}/v3"
+
+   openstack_auth:
+       auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}"
+       username: "admin"
+       password: "{{ keystone_admin_password }}"
+       project_name: "admin"
+
+Configuration files of nova/neutron/glance... have to be updated to
+contact RegionOne's Keystone. Fortunately, Kolla offers to override all
+configuration files at the same time thanks to the
+``node_custom_config`` variable (see :ref:`service-config`). This
+implies to create a ``global.conf`` file with the following content:
+
+::
+
+   [keystone_authtoken]
+   auth_uri = {{ keystone_internal_url }}
+   auth_url = {{ keystone_admin_url }}
+
+The Placement API section inside the nova configuration file also has
+to be updated to contact RegionOne's Keystone. So create, in the same
+directory, a ``nova.conf`` file with below content:
+
+::
+
+   [placement]
+   auth_url = {{ keystone_admin_url }}
+
+And link the directory that contains these files into the
+``/etc/kolla/globals.yml``:
+
+::
+
+   node_custom_config: path/to/the/directory/of/global&nova_conf/
+
+Also, change the name of the current region. For instance, RegionTwo:
+
+::
+
+   openstack_region_name: "RegionTwo"
+
+Finally, disable the deployment of Keystone and Horizon that are
+unnecessary in this region and run ``kolla-ansible``:
+
+::
+
+   enable_keystone: "no"
+   enable_horizon: "no"
+
+The configuration is the same for any other region.

releasenotes/notes/multi-regions-support-e69dea15e614629c.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - Add support for basic multiple regions, that is to say, many
+    OpenStack with a shared Keystone (same users) and Horizon.