diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index fda731afac..bc23bc96b8 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -257,6 +257,10 @@ openstack_logging_debug: "False" openstack_region_name: "RegionOne" +# In the context of multi-regions, list here the name of all your regions. +multiple_regions_names: + - "{{ openstack_region_name }}" + openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min if orchestration_engine == 'ANSIBLE' else '1'}}" # Optionally allow Kolla to set sysctl values diff --git a/ansible/roles/horizon/templates/local_settings.j2 b/ansible/roles/horizon/templates/local_settings.j2 index a115655384..e739b991a7 100644 --- a/ansible/roles/horizon/templates/local_settings.j2 +++ b/ansible/roles/horizon/templates/local_settings.j2 @@ -184,11 +184,14 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' #EMAIL_HOST_USER = 'djangomail' #EMAIL_HOST_PASSWORD = 'top-secret!' +{% if multiple_regions_names|length > 1 %} # For multiple regions uncomment this configuration, and add (endpoint, title). -#AVAILABLE_REGIONS = [ -# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), -# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), -#] +AVAILABLE_REGIONS = [ +{% for region_name in multiple_regions_names %} + ('{{ keystone_internal_url }}', '{{ region_name }}'), +{% endfor %} +] +{% endif %} OPENSTACK_HOST = "{% if orchestration_engine == 'KUBERNETES' %}{{ api_interface_address }}{% else %}{{ kolla_internal_fqdn }}{% endif %}" diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml index ac86767d67..7441bd574a 100644 --- a/ansible/roles/keystone/tasks/register.yml +++ b/ansible/roles/keystone/tasks/register.yml @@ -1,10 +1,11 @@ --- - name: Creating admin project, user, role, service, and endpoint - command: docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ openstack_auth.project_name }} admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ openstack_region_name }} + command: docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ openstack_auth.project_name }} admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }} register: keystone_bootstrap changed_when: "{{ (keystone_bootstrap.stdout | from_json).changed }}" failed_when: "{{ (keystone_bootstrap.stdout | from_json).failed }}" run_once: True + with_items: "{{ multiple_regions_names }}" - name: Creating default user role kolla_toolbox: diff --git a/ansible/roles/nova/tasks/simple_cell_setup.yml b/ansible/roles/nova/tasks/simple_cell_setup.yml index cc631e8a4c..8643a07390 100644 --- a/ansible/roles/nova/tasks/simple_cell_setup.yml +++ b/ansible/roles/nova/tasks/simple_cell_setup.yml @@ -3,7 +3,7 @@ command: > docker exec kolla_toolbox openstack --os-interface internal - --os-auth-url {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 + --os-auth-url {{ keystone_admin_url }} --os-identity-api-version 3 --os-project-domain-name default --os-tenant-name admin diff --git a/doc/advanced-configuration.rst b/doc/advanced-configuration.rst index 933d14e82e..c63b2a226e 100644 --- a/doc/advanced-configuration.rst +++ b/doc/advanced-configuration.rst @@ -146,6 +146,7 @@ configuration file: The files haproxy.pem and haproxy-ca.pem will be generated and stored in the ``/etc/kolla/certificates/`` directory. +.. _service-config: OpenStack Service Configuration in Kolla ======================================== diff --git a/doc/index.rst b/doc/index.rst index c9685547cf..00ca08cf4c 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -51,6 +51,7 @@ Kolla Overview production-architecture-guide quickstart multinode + multi-regions advanced-configuration operating-kolla security diff --git a/doc/multi-regions.rst b/doc/multi-regions.rst new file mode 100644 index 0000000000..6afbe7b3c0 --- /dev/null +++ b/doc/multi-regions.rst @@ -0,0 +1,121 @@ +.. _multi-regions: + +====================================== +Multiple Regions Deployment with Kolla +====================================== + +This section describes how to perform a basic multiple regions deployment +with Kolla. A basic multiple regions deployment consists of separate +OpenStack installation in two or more regions (RegionOne, RegionTwo, ...) +with a shared Keystone and Horizon. The rest of this documentation assumes +Keystone and Horizon are deployed in RegionOne, and other regions have +access to the admin endpoint (i.e., ``kolla_internal_fqdn``) of RegionOne. +It also assumes that the operator knows the name of all OpenStack regions +in advance, and considers as many Kolla deployments as there are regions. + +There are specifications of multiple regions deployment at: +``__ +and +``__. + +Deployment of the first region with Keystone and Horizon +======================================================== + +Deployment of the first region results in a typical Kolla deployment +whenever, it is an *all-in-one* or *multinode* deployment (see +:doc:`quickstart`). It only requires slight modifications in the +``/etc/kolla/globals.yml`` configuration file. First of all, ensure that +Keystone and Horizon are enabled: + +:: + + enable_keystone: "yes" + enable_horizon: "yes" + +Then, change the value of ``multiple_regions_names`` to add names of other +regions. In this example, we consider two regions. The current one, +formerly knows as RegionOne, that is hided behind +``openstack_region_name`` variable, and the RegionTwo: + +:: + + openstack_region_name: "RegionOne" + multiple_regions_names: + - "{{ openstack_region_name }}" + - "RegionTwo" + +.. note:: Kolla uses these variables to create necessary endpoints into + Keystone so that services of other regions can access it. Kolla + also updates the Horizon ``local_settings`` to support multiple + regions. + +Finally, note the value of ``kolla_internal_fqdn`` and run +``kolla-ansible``. The ``kolla_internal_fqdn`` value will be used by other +regions to contact Keystone. For the sake of this example, we assume the +value of ``kolla_internal_fqdn`` is ``10.10.10.254``. + +Deployment of other regions +=========================== + +Deployment of other regions follows an usual Kolla deployment except that +OpenStack services connect to the RegionOne's Keystone. This implies to +update the ``/etc/kolla/globals.yml`` configuration file to tell Kolla how +to reach Keystone. In the following, ``kolla_internal_fqdn_r1`` refers to +the value of ``kolla_internal_fqdn`` in RegionOne: + +:: + + kolla_internal_fqdn_r1: 10.10.10.254 + + keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}/v3" + keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_public_port }}/v3" + + openstack_auth: + auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}" + username: "admin" + password: "{{ keystone_admin_password }}" + project_name: "admin" + +Configuration files of nova/neutron/glance... have to be updated to +contact RegionOne's Keystone. Fortunately, Kolla offers to override all +configuration files at the same time thanks to the +``node_custom_config`` variable (see :ref:`service-config`). This +implies to create a ``global.conf`` file with the following content: + +:: + + [keystone_authtoken] + auth_uri = {{ keystone_internal_url }} + auth_url = {{ keystone_admin_url }} + +The Placement API section inside the nova configuration file also has +to be updated to contact RegionOne's Keystone. So create, in the same +directory, a ``nova.conf`` file with below content: + +:: + + [placement] + auth_url = {{ keystone_admin_url }} + +And link the directory that contains these files into the +``/etc/kolla/globals.yml``: + +:: + + node_custom_config: path/to/the/directory/of/global&nova_conf/ + +Also, change the name of the current region. For instance, RegionTwo: + +:: + + openstack_region_name: "RegionTwo" + +Finally, disable the deployment of Keystone and Horizon that are +unnecessary in this region and run ``kolla-ansible``: + +:: + + enable_keystone: "no" + enable_horizon: "no" + +The configuration is the same for any other region. diff --git a/releasenotes/notes/multi-regions-support-e69dea15e614629c.yaml b/releasenotes/notes/multi-regions-support-e69dea15e614629c.yaml new file mode 100644 index 0000000000..b174a4143a --- /dev/null +++ b/releasenotes/notes/multi-regions-support-e69dea15e614629c.yaml @@ -0,0 +1,4 @@ +--- +features: + - Add support for basic multiple regions, that is to say, many + OpenStack with a shared Keystone (same users) and Horizon.