Multi-regions Support
Add support for basic multiple regions, that is to say, many OpenStack with a shared Keystone (same users) and Horizon. The shared Keystone and Horizon are deployed into one region, for instance RegionOne. Services of other regions have an access to this Keystone. This support assumes that the operator knows the name of all OpenStack regions in advance, and considers as many Kolla runs as there are regions. The new variable, multiple_regions_names, contains the name of regions. It is needed by the region that includes Keystone and Horizon. In register.yml, it specifies to create as many Keystone endpoints as there are regiones, so that services of other regions can connect to Keystone. In local_settings.j2, it changes the render to support multiple regions in Horizon. The multi-regions.rst explains how to perform a multiple regions deployment. Implements: blueprint multi-kolla-config Change-Id: Icab2aebfc4de0e3bc609950956e0af397705f403
This commit is contained in:
parent
0160521337
commit
dcdbe44190
@ -257,6 +257,10 @@ openstack_logging_debug: "False"
|
|||||||
|
|
||||||
openstack_region_name: "RegionOne"
|
openstack_region_name: "RegionOne"
|
||||||
|
|
||||||
|
# In the context of multi-regions, list here the name of all your regions.
|
||||||
|
multiple_regions_names:
|
||||||
|
- "{{ openstack_region_name }}"
|
||||||
|
|
||||||
openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min if orchestration_engine == 'ANSIBLE' else '1'}}"
|
openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min if orchestration_engine == 'ANSIBLE' else '1'}}"
|
||||||
|
|
||||||
# Optionally allow Kolla to set sysctl values
|
# Optionally allow Kolla to set sysctl values
|
||||||
|
@ -184,11 +184,14 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
|||||||
#EMAIL_HOST_USER = 'djangomail'
|
#EMAIL_HOST_USER = 'djangomail'
|
||||||
#EMAIL_HOST_PASSWORD = 'top-secret!'
|
#EMAIL_HOST_PASSWORD = 'top-secret!'
|
||||||
|
|
||||||
|
{% if multiple_regions_names|length > 1 %}
|
||||||
# For multiple regions uncomment this configuration, and add (endpoint, title).
|
# For multiple regions uncomment this configuration, and add (endpoint, title).
|
||||||
#AVAILABLE_REGIONS = [
|
AVAILABLE_REGIONS = [
|
||||||
# ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
|
{% for region_name in multiple_regions_names %}
|
||||||
# ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
|
('{{ keystone_internal_url }}', '{{ region_name }}'),
|
||||||
#]
|
{% endfor %}
|
||||||
|
]
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
OPENSTACK_HOST = "{% if orchestration_engine == 'KUBERNETES' %}{{ api_interface_address }}{% else %}{{ kolla_internal_fqdn }}{% endif %}"
|
OPENSTACK_HOST = "{% if orchestration_engine == 'KUBERNETES' %}{{ api_interface_address }}{% else %}{{ kolla_internal_fqdn }}{% endif %}"
|
||||||
|
|
||||||
|
@ -1,10 +1,11 @@
|
|||||||
---
|
---
|
||||||
- name: Creating admin project, user, role, service, and endpoint
|
- name: Creating admin project, user, role, service, and endpoint
|
||||||
command: docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ openstack_auth.project_name }} admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ openstack_region_name }}
|
command: docker exec keystone kolla_keystone_bootstrap {{ openstack_auth.username }} {{ openstack_auth.password }} {{ openstack_auth.project_name }} admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
|
||||||
register: keystone_bootstrap
|
register: keystone_bootstrap
|
||||||
changed_when: "{{ (keystone_bootstrap.stdout | from_json).changed }}"
|
changed_when: "{{ (keystone_bootstrap.stdout | from_json).changed }}"
|
||||||
failed_when: "{{ (keystone_bootstrap.stdout | from_json).failed }}"
|
failed_when: "{{ (keystone_bootstrap.stdout | from_json).failed }}"
|
||||||
run_once: True
|
run_once: True
|
||||||
|
with_items: "{{ multiple_regions_names }}"
|
||||||
|
|
||||||
- name: Creating default user role
|
- name: Creating default user role
|
||||||
kolla_toolbox:
|
kolla_toolbox:
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
command: >
|
command: >
|
||||||
docker exec kolla_toolbox openstack
|
docker exec kolla_toolbox openstack
|
||||||
--os-interface internal
|
--os-interface internal
|
||||||
--os-auth-url {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3
|
--os-auth-url {{ keystone_admin_url }}
|
||||||
--os-identity-api-version 3
|
--os-identity-api-version 3
|
||||||
--os-project-domain-name default
|
--os-project-domain-name default
|
||||||
--os-tenant-name admin
|
--os-tenant-name admin
|
||||||
|
@ -146,6 +146,7 @@ configuration file:
|
|||||||
The files haproxy.pem and haproxy-ca.pem will be generated and stored
|
The files haproxy.pem and haproxy-ca.pem will be generated and stored
|
||||||
in the ``/etc/kolla/certificates/`` directory.
|
in the ``/etc/kolla/certificates/`` directory.
|
||||||
|
|
||||||
|
.. _service-config:
|
||||||
|
|
||||||
OpenStack Service Configuration in Kolla
|
OpenStack Service Configuration in Kolla
|
||||||
========================================
|
========================================
|
||||||
|
@ -51,6 +51,7 @@ Kolla Overview
|
|||||||
production-architecture-guide
|
production-architecture-guide
|
||||||
quickstart
|
quickstart
|
||||||
multinode
|
multinode
|
||||||
|
multi-regions
|
||||||
advanced-configuration
|
advanced-configuration
|
||||||
operating-kolla
|
operating-kolla
|
||||||
security
|
security
|
||||||
|
121
doc/multi-regions.rst
Normal file
121
doc/multi-regions.rst
Normal file
@ -0,0 +1,121 @@
|
|||||||
|
.. _multi-regions:
|
||||||
|
|
||||||
|
======================================
|
||||||
|
Multiple Regions Deployment with Kolla
|
||||||
|
======================================
|
||||||
|
|
||||||
|
This section describes how to perform a basic multiple regions deployment
|
||||||
|
with Kolla. A basic multiple regions deployment consists of separate
|
||||||
|
OpenStack installation in two or more regions (RegionOne, RegionTwo, ...)
|
||||||
|
with a shared Keystone and Horizon. The rest of this documentation assumes
|
||||||
|
Keystone and Horizon are deployed in RegionOne, and other regions have
|
||||||
|
access to the admin endpoint (i.e., ``kolla_internal_fqdn``) of RegionOne.
|
||||||
|
It also assumes that the operator knows the name of all OpenStack regions
|
||||||
|
in advance, and considers as many Kolla deployments as there are regions.
|
||||||
|
|
||||||
|
There are specifications of multiple regions deployment at:
|
||||||
|
`<http://docs.openstack.org/arch-design/multi-site-architecture.html>`__
|
||||||
|
and
|
||||||
|
`<https://wiki.openstack.org/wiki/Heat/Blueprints/Multi_Region_Support_for_Heat>`__.
|
||||||
|
|
||||||
|
Deployment of the first region with Keystone and Horizon
|
||||||
|
========================================================
|
||||||
|
|
||||||
|
Deployment of the first region results in a typical Kolla deployment
|
||||||
|
whenever, it is an *all-in-one* or *multinode* deployment (see
|
||||||
|
:doc:`quickstart`). It only requires slight modifications in the
|
||||||
|
``/etc/kolla/globals.yml`` configuration file. First of all, ensure that
|
||||||
|
Keystone and Horizon are enabled:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
enable_keystone: "yes"
|
||||||
|
enable_horizon: "yes"
|
||||||
|
|
||||||
|
Then, change the value of ``multiple_regions_names`` to add names of other
|
||||||
|
regions. In this example, we consider two regions. The current one,
|
||||||
|
formerly knows as RegionOne, that is hided behind
|
||||||
|
``openstack_region_name`` variable, and the RegionTwo:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
openstack_region_name: "RegionOne"
|
||||||
|
multiple_regions_names:
|
||||||
|
- "{{ openstack_region_name }}"
|
||||||
|
- "RegionTwo"
|
||||||
|
|
||||||
|
.. note:: Kolla uses these variables to create necessary endpoints into
|
||||||
|
Keystone so that services of other regions can access it. Kolla
|
||||||
|
also updates the Horizon ``local_settings`` to support multiple
|
||||||
|
regions.
|
||||||
|
|
||||||
|
Finally, note the value of ``kolla_internal_fqdn`` and run
|
||||||
|
``kolla-ansible``. The ``kolla_internal_fqdn`` value will be used by other
|
||||||
|
regions to contact Keystone. For the sake of this example, we assume the
|
||||||
|
value of ``kolla_internal_fqdn`` is ``10.10.10.254``.
|
||||||
|
|
||||||
|
Deployment of other regions
|
||||||
|
===========================
|
||||||
|
|
||||||
|
Deployment of other regions follows an usual Kolla deployment except that
|
||||||
|
OpenStack services connect to the RegionOne's Keystone. This implies to
|
||||||
|
update the ``/etc/kolla/globals.yml`` configuration file to tell Kolla how
|
||||||
|
to reach Keystone. In the following, ``kolla_internal_fqdn_r1`` refers to
|
||||||
|
the value of ``kolla_internal_fqdn`` in RegionOne:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
kolla_internal_fqdn_r1: 10.10.10.254
|
||||||
|
|
||||||
|
keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}/v3"
|
||||||
|
keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_public_port }}/v3"
|
||||||
|
|
||||||
|
openstack_auth:
|
||||||
|
auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn_r1 }}:{{ keystone_admin_port }}"
|
||||||
|
username: "admin"
|
||||||
|
password: "{{ keystone_admin_password }}"
|
||||||
|
project_name: "admin"
|
||||||
|
|
||||||
|
Configuration files of nova/neutron/glance... have to be updated to
|
||||||
|
contact RegionOne's Keystone. Fortunately, Kolla offers to override all
|
||||||
|
configuration files at the same time thanks to the
|
||||||
|
``node_custom_config`` variable (see :ref:`service-config`). This
|
||||||
|
implies to create a ``global.conf`` file with the following content:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
auth_uri = {{ keystone_internal_url }}
|
||||||
|
auth_url = {{ keystone_admin_url }}
|
||||||
|
|
||||||
|
The Placement API section inside the nova configuration file also has
|
||||||
|
to be updated to contact RegionOne's Keystone. So create, in the same
|
||||||
|
directory, a ``nova.conf`` file with below content:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
[placement]
|
||||||
|
auth_url = {{ keystone_admin_url }}
|
||||||
|
|
||||||
|
And link the directory that contains these files into the
|
||||||
|
``/etc/kolla/globals.yml``:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
node_custom_config: path/to/the/directory/of/global&nova_conf/
|
||||||
|
|
||||||
|
Also, change the name of the current region. For instance, RegionTwo:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
openstack_region_name: "RegionTwo"
|
||||||
|
|
||||||
|
Finally, disable the deployment of Keystone and Horizon that are
|
||||||
|
unnecessary in this region and run ``kolla-ansible``:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
enable_keystone: "no"
|
||||||
|
enable_horizon: "no"
|
||||||
|
|
||||||
|
The configuration is the same for any other region.
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- Add support for basic multiple regions, that is to say, many
|
||||||
|
OpenStack with a shared Keystone (same users) and Horizon.
|
Loading…
Reference in New Issue
Block a user