Differences

This shows you the differences between two versions of the page.

--- cn:ccr:cloud:cloud_multiregione:installazione [2014/09/11 13:53] – fzani@infn.it
+++ cn:ccr:cloud:cloud_multiregione:installazione [2014/11/24 10:24] (current) – fzani@infn.it
@@ Line 1: / Line 1: @@
+====== Installazione di una nuova regione in INFN Cloud ======
+===== File per autenticazione Keystone =====
+export OS_TENANT_NAME=admin\\
+export OS_USERNAME=admin\\
+export OS_PASSWORD=<admin password>\\
+export OS_AUTH_URL="https://keystone.ha.infn.it:5000/v2.0/"\\
+export OS_CACERT=/etc/ssl/certs/Keystone_INFN_CA.pem\\
+export OS_REGION_NAME=<region name>\\
+\\
+Il certificato Keystone_INFN_CA.pem è \\
+-----BEGIN CERTIFICATE-----\\
+MIICaDCCAdGgAwIBAgIJAIRxL0gdXhJiMA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV\\
+BAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UECgwESU5GTjENMAsGA1UECwwE\\
+TE5HUzEQMA4GA1UEAwwHTE5HUyBDQTAeFw0xNDAxMDgwODQ2MjlaFw0xNzAxMDcw\\
+ODQ2MjlaME0xCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UECgwE\\
+SU5GTjENMAsGA1UECwwETE5HUzEQMA4GA1UEAwwHTE5HUyBDQTCBnzANBgkqhkiG\\
+w0BAQEFAAOBjQAwgYkCgYEAxL3BJqHs5qXR3Xfxi86z84G5x2oxO7wtqIVztf2w\\
+LEicFlTJiqtlrg66NhMKOcmNCP12pbKJNSYgox1OzFVVmR09PwPImK/fDEYKXcHc\\
+fFCxygNvCDLzlXhx/n96Zf6aFliInhlA/Jpm1ks2kLobFU922L2r/oKub1UIF8RL\\
+GRMCAwEAAaNQME4wHQYDVR0OBBYEFEvGGkxFxH0a4ds/8gMNnAugwmkxMB8GA1Ud\\
+IwQYMBaAFEvGGkxFxH0a4ds/8gMNnAugwmkxMAwGA1UdEwQFMAMBAf8wDQYJKoZI\\
+hvcNAQEFBQADgYEAdEkNu3s2xkNC3sufWC3scacPm8TV2g7s42YqVs0OaTcGbH3Y\\
+TwcI+AlFzKtk0nxGLnJH/SwmfL+qAJ6SD7beMOEf6CX7woNCjAAxUmIEMgRRmSNj\\
+IWlGeAF6i/XVKAk5JimfHysSfWmaVZMZGwwzpRoIGncd2ZHsNJp1D/dB5k=\\
+-----END CERTIFICATE-----\\
+===== Utilizzo del KeyStone nazionale =====
+[[cn:ccr:cloud:autenticazione_openstack:keystone_wan|Keystone distribuito]]
+===== Guidelines per la creazione endpoint =====
+- non devi creare i servizi su keystone ma devi usare quelli che ci sono gia`
+ root@havanaregion:~# keystone service-list
++----------------------------------+----------+--------------+--------------------------------+
+|                id                |   name   |     type     |          description           |
++----------------------------------+----------+--------------+--------------------------------+
+| 0eaf959bb77f467a86de0af3fd496cbf |  cinder  |    volume    |     Cinder Volume Service      |
+| c65c355e8b2f41ba940224cccffcc153 | cinderv2 |   volumev2   |    Cinder Volume Service v2    |
+| ab86a2e85a10433b992b9c521a7b62f9 |  glance  |    image     |      Glance Image Service      |
+| a7fc3ee278fc4335af037f9d12d7bda9 | keystone |   identity   |       OpenStack Identity       |
+| 285a0837f7764ec39c010008c20d9fd5 | neutron  |   network    |  OpenStack Networking Service  |
+| b27150005a694c2390735440c062d9eb |   nova   |   compute    |      Nova Compute service      |
+| a6e2a12512464bd99c4815cc1fc1b5ae |  swift   | object-store | OpenStack Object Store Service |
++----------------------------------+----------+--------------+--------------------------------+
+- quando crei gli utenti di servizio, appendici il nome della sede, ad esempio:
+root@keystone-infn:~# keystone user-list | grep "\-lngs"
+| ad0ad189797245b59c55e48f034d4a40 |    cinder-lngs     |   True  |       cloud@lngs.infn.it      |
+| ab5d9b23f674488ba016bb09c8ea90df |    glance-lngs     |   True  |      calcolo@lngs.infn.it     |
+| f2b917b178e14c87b53d93a9dc850c77 |    neutron-lngs    |   True  |       cloud@lngs.infn.it      |
+| 0b741ff52266440aa1487dbdeb2981a9 |     nova-lngs      |   True  |       cloud@lngs.infn.it      |
+- vanno anche aggiunti al tenant service come admin
+  keystone user-role-add --user=<user> --tenant=service --role=admin
+- se vuoi appoggiarti alla dashboard qui ai lngs: https://havanactl.lngs.infn.it, o se preferisci,
+  istanziane una tu
+- mi sa che gli ultimi aggiornamenti di havana accettano header html fino a 16K. Altrimenti, almeno per glance
+  la patch e` descritta qui:
+  https://review.openstack.org/#/c/77108/3
+- quando crei gli endpoint, ricordati di mettere la regione, es.
+keystone --os-region-name=rm2 endpoint-create --service-id=ab86a2e85a10433b992b9c521a7b62f9 --publicurl=http://cloud03.roma2.infn.it:9292 --internalurl=http://cloud03.roma2.infn.it:9292 --adminurl=http://cloud03.roma2.infn.it:9292
+- se vuoi usare swift copiati l'endpoint da un'altra regione\\
+- se vuoi usare swift come back-end per glance, in /etc/glance/glance-api.conf.\\
+<code>
+# Which backend scheme should Glance use by default is not specified
+# in a request to add a new image to Glance? Known schemes are determined
+# by the known_stores option below.
+# Default: 'file'
+#default_store = file
+default_store = swift
+........
+# ============ Swift Store Options =============================
+# Version of the authentication service to use
+# Valid versions are '2' for keystone and '1' for swauth and rackspace
+swift_store_auth_version = 2
+# Address where the Swift authentication service lives
+# Valid schemes are 'http://' and 'https://'
+# If no scheme specified,  default to 'https://'
+# For swauth, use something like '127.0.0.1:8080/v1.0/'
+swift_store_auth_address = https://keystone.ha.infn.it:5000/v2.0/
+swift_store_endpoint_type = publicURL
+swift_store_auth_insecure = True
+# User to authenticate against the Swift authentication service
+# If you use Swift authentication service, set it to 'account':'user'
+# where 'account' is a Swift storage account and 'user'
+# is a user in that account
+swift_store_user = service:glance-swift
+# Auth key for the user authenticating against the
+# Swift authentication service
+swift_store_key = <password>
+# Container within the account that the account should use
+# for storing images in Swift
+swift_store_container = glance
+# Do we create the container if it does not exist?
+swift_store_create_container_on_put = True
+# What size, in MB, should Glance start chunking image files
+# and do a large object manifest in Swift? By default, this is
+# the maximum object size in Swift, which is 5GB
+swift_store_large_object_size = 5120
+# When doing a large object manifest, what size, in MB, should
+# Glance write chunks to Swift? This amount of data is written
+# to a temporary disk buffer during the process of chunking
+# the image file, and the default is 200MB
+swift_store_large_object_chunk_size = 200
+# Whether to use ServiceNET to communicate with the Swift storage servers.
+# (If you aren't RACKSPACE, leave this False!)
+#
+# To use ServiceNET for authentication, prefix hostname of
+# `swift_store_auth_address` with 'snet-'.
+# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
+swift_enable_snet = False
+# If set to True enables multi-tenant storage mode which causes Glance images
+# to be stored in tenant specific Swift accounts.
+#swift_store_multi_tenant = False
+# A list of swift ACL strings that will be applied as both read and
+# write ACLs to the containers created by Glance in multi-tenant
+# mode. This grants the specified tenants/users read and write access
+# to all newly created image objects. The standard swift ACL string
+# formats are allowed, including:
+# <tenant_id>:<username>
+# <tenant_name>:<username>
+# *:<username>
+# Multiple ACLs can be combined using a comma separated list, for
+# example: swift_store_admin_tenants = service:glance,*:admin
+#swift_store_admin_tenants =
+# The region of the swift endpoint to be used for single tenant. This setting
+# is only necessary if the tenant has multiple swift endpoints.
+#swift_store_region =
+swift_store_region = <region name>
+# If set to False, disables SSL layer compression of https swift requests.
+# Setting to 'False' may improve performance for images which are already
+# in a compressed format, eg qcow2. If set to True, enables SSL layer
+# compression (provided it is supported by the target swift proxy).
+#swift_store_ssl_compression = True
+</code>
+===== Setup =====
+http://docs.openstack.org/icehouse/install-guide/install/apt/content/