aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuillermo Herrero <guillermo.herrero@enea.com>2018-03-05 20:54:22 +0100
committerGuillermo Herrero <guillermo.herrero@enea.com>2018-03-07 11:27:59 +0100
commit8931bddd42767eb323f4d31c728c3c3412e7fc1d (patch)
tree1c4997721c4533f7199f70baeda236651d863182
parent7d67464f9e33659de42ac4f1591f7a2cdc5bd178 (diff)
[docs] Openstack endpoints description
- Describe SSL certificate usage for public endpoints - Fixed all code-blocks formatting on the file JIRA:FUEL-328 Change-Id: Ifecab459ee0d633b4d8a254dcb01c92f76b66d4f Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
-rw-r--r--docs/release/userguide/userguide.rst214
1 files changed, 124 insertions, 90 deletions
diff --git a/docs/release/userguide/userguide.rst b/docs/release/userguide/userguide.rst
index 6ea923267..4bdcc5557 100644
--- a/docs/release/userguide/userguide.rst
+++ b/docs/release/userguide/userguide.rst
@@ -60,9 +60,9 @@ Accessing the Cloud
Access to any component of the deployed cloud is done from Jumpserver to user *ubuntu* with
ssh key */var/lib/opnfv/mcp.rsa*. The example below is a connection to Salt master.
- .. code-block:: bash
+ .. code-block:: bash
- $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu 10.20.0.2
+ $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu 10.20.0.2
**Note**: The Salt master IP is not hard set, it is configurable via INSTALLER_IP during deployment
@@ -75,10 +75,10 @@ to infrastructure VMs (Salt master and MaaS).
The example below is a connection to a controller VM. The connection is made from the baremetal
server kvm01.
- .. code-block:: bash
+ .. code-block:: bash
- $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu x.y.z.141
- ubuntu@kvm01:~$ virsh console ctl01
+ $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu x.y.z.141
+ ubuntu@kvm01:~$ virsh console ctl01
User *ubuntu* has sudo rights. User *opnfv* has sudo rights only on aarch64 deploys.
@@ -104,26 +104,26 @@ with *root* user.
#. View the IPs of all the components
- .. code-block:: bash
+ .. code-block:: bash
- root@cfg01:~$ salt "*" network.ip_addrs
- cfg01.baremetal-mcp-ocata-odl-ha.local:
+ root@cfg01:~$ salt "*" network.ip_addrs
+ cfg01.baremetal-mcp-ocata-odl-ha.local:
- 10.20.0.2
- 172.16.10.100
- mas01.baremetal-mcp-ocata-odl-ha.local:
+ mas01.baremetal-mcp-ocata-odl-ha.local:
- 10.20.0.3
- 172.16.10.3
- 192.168.11.3
- .........................
+ .........................
#. View the interfaces of all the components and put the output in a file with yaml format
- .. code-block:: bash
+ .. code-block:: bash
- root@cfg01:~$ salt "*" network.interfaces --out yaml --output-file interfaces.yaml
- root@cfg01:~# cat interfaces.yaml
- cfg01.baremetal-mcp-ocata-odl-ha.local:
+ root@cfg01:~$ salt "*" network.interfaces --out yaml --output-file interfaces.yaml
+ root@cfg01:~# cat interfaces.yaml
+ cfg01.baremetal-mcp-ocata-odl-ha.local:
enp1s0:
hwaddr: 52:54:00:72:77:12
inet:
@@ -136,77 +136,77 @@ with *root* user.
prefixlen: '64'
scope: link
up: true
- .........................
+ .........................
#. View installed packages in MaaS node
- .. code-block:: bash
+ .. code-block:: bash
- root@cfg01:~# salt "mas*" pkg.list_pkgs
- mas01.baremetal-mcp-ocata-odl-ha.local:
- ----------
- accountsservice:
- 0.6.40-2ubuntu11.3
- acl:
- 2.2.52-3
- acpid:
- 1:2.0.26-1ubuntu2
- adduser:
- 3.113+nmu3ubuntu4
- anerd:
- 1
- .........................
+ root@cfg01:~# salt "mas*" pkg.list_pkgs
+ mas01.baremetal-mcp-ocata-odl-ha.local:
+ ----------
+ accountsservice:
+ 0.6.40-2ubuntu11.3
+ acl:
+ 2.2.52-3
+ acpid:
+ 1:2.0.26-1ubuntu2
+ adduser:
+ 3.113+nmu3ubuntu4
+ anerd:
+ 1
+ .........................
#. Execute any linux command on all nodes (list the content of */var/log* in this example)
- .. code-block:: bash
+ .. code-block:: bash
- root@cfg01:~# salt "*" cmd.run 'ls /var/log'
- cfg01.baremetal-mcp-ocata-odl-ha.local:
- alternatives.log
- apt
- auth.log
- boot.log
- btmp
- cloud-init-output.log
- cloud-init.log
- .........................
+ root@cfg01:~# salt "*" cmd.run 'ls /var/log'
+ cfg01.baremetal-mcp-ocata-odl-ha.local:
+ alternatives.log
+ apt
+ auth.log
+ boot.log
+ btmp
+ cloud-init-output.log
+ cloud-init.log
+ .........................
#. Execute any linux command on nodes using compound queries filter
- .. code-block:: bash
+ .. code-block:: bash
- root@cfg01:~# salt -C '* and cfg01*' cmd.run 'ls /var/log'
- cfg01.baremetal-mcp-ocata-odl-ha.local:
- alternatives.log
- apt
- auth.log
- boot.log
- btmp
- cloud-init-output.log
- cloud-init.log
- .........................
+ root@cfg01:~# salt -C '* and cfg01*' cmd.run 'ls /var/log'
+ cfg01.baremetal-mcp-ocata-odl-ha.local:
+ alternatives.log
+ apt
+ auth.log
+ boot.log
+ btmp
+ cloud-init-output.log
+ cloud-init.log
+ .........................
#. Execute any linux command on nodes using role filter
- .. code-block:: bash
+ .. code-block:: bash
- root@cfg01:~# salt -I 'nova:compute' cmd.run 'ls /var/log'
- cmp001.baremetal-mcp-ocata-odl-ha.local:
- alternatives.log
- apache2
- apt
- auth.log
- btmp
- ceilometer
- cinder
- cloud-init-output.log
- cloud-init.log
- .........................
+ root@cfg01:~# salt -I 'nova:compute' cmd.run 'ls /var/log'
+ cmp001.baremetal-mcp-ocata-odl-ha.local:
+ alternatives.log
+ apache2
+ apt
+ auth.log
+ btmp
+ ceilometer
+ cinder
+ cloud-init-output.log
+ cloud-init.log
+ .........................
@@ -217,16 +217,16 @@ Accessing Openstack
Once the deployment is complete, Openstack CLI is accessible from controller VMs (ctl01..03).
Openstack credentials are at */root/keystonercv3*.
- .. code-block:: bash
+ .. code-block:: bash
- root@ctl01:~# source keystonercv3
- root@ctl01:~# openstack image list
- +--------------------------------------+-----------------------------------------------+--------+
- | ID | Name | Status |
- +======================================+===============================================+========+
- | 152930bf-5fd5-49c2-b3a1-cae14973f35f | CirrosImage | active |
- | 7b99a779-78e4-45f3-9905-64ae453e3dcb | Ubuntu16.04 | active |
- +--------------------------------------+-----------------------------------------------+--------+
+ root@ctl01:~# source keystonercv3
+ root@ctl01:~# openstack image list
+ +--------------------------------------+-----------------------------------------------+--------+
+ | ID | Name | Status |
+ +======================================+===============================================+========+
+ | 152930bf-5fd5-49c2-b3a1-cae14973f35f | CirrosImage | active |
+ | 7b99a779-78e4-45f3-9905-64ae453e3dcb | Ubuntu16.04 | active |
+ +--------------------------------------+-----------------------------------------------+--------+
The OpenStack Dashboard, Horizon is available at http://<controller VIP>:8078, e.g. http://10.16.0.11:8078.
@@ -254,6 +254,42 @@ For Virtual deploys, the most commonly used IPs are in the table below.
+-----------+--------------+---------------+
+===================
+Openstack Endpoints
+===================
+
+For each Openstack service three endpoints are created: admin, internal and public.
+
+ .. code-block:: bash
+
+ ubuntu@ctl01:~$ openstack endpoint list --service keystone
+ +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+ +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
+ | 008fec57922b4e9e8bf02c770039ae77 | RegionOne | keystone | identity | True | internal | http://172.16.10.26:5000/v3 |
+ | 1a1f3c3340484bda9ef7e193f50599e6 | RegionOne | keystone | identity | True | admin | http://172.16.10.26:35357/v3 |
+ | b0a47d42d0b6491b995d7e6230395de8 | RegionOne | keystone | identity | True | public | https://10.0.15.2:5000/v3 |
+ +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
+
+MCP sets up all Openstack services to talk to each other over unencrypted
+connections on the internal management network. All admin/internal endpoints use
+plain http, while the public endpoints are https connections terminated via nginx
+at the VCP proxy VMs.
+
+To access the public endpoints an SSL certificate has to be provided. For
+convenience, the installation script will copy the required certificate into
+to the cfg01 node at /etc/ssl/certs/os_cacert.
+
+Copy the certificate from the cfg01 node to the client that will access the https
+endpoints and place it under /etc/ssl/certs. The SSL connection will be established
+automatically after.
+
+ .. code-block:: bash
+
+ $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu 10.20.0.2 \
+ "cat /etc/ssl/certs/os_cacert" | sudo tee /etc/ssl/certs/os_cacert
+
+
=============================
Reclass model viewer tutorial
=============================
@@ -274,36 +310,36 @@ After the installation is done, a webbrowser on the host can be used to view the
#. Create a new directory at any location
- .. code-block:: bash
+ .. code-block:: bash
- $ mkdir -p modeler
+ $ mkdir -p modeler
#. Place fuel repo in the above directory
- .. code-block:: bash
+ .. code-block:: bash
- $ cd modeler
- $ git clone https://gerrit.opnfv.org/gerrit/fuel && cd fuel
+ $ cd modeler
+ $ git clone https://gerrit.opnfv.org/gerrit/fuel && cd fuel
#. Create a container and mount the above host directory
- .. code-block:: bash
+ .. code-block:: bash
- $ docker run --privileged -it -v <absolute_path>/modeler:/host ubuntu bash
+ $ docker run --privileged -it -v <absolute_path>/modeler:/host ubuntu bash
#. Install all the required packages inside the container.
- .. code-block:: bash
+ .. code-block:: bash
- $ apt-get update
- $ apt-get install -y npm nodejs
- $ npm install -g reclass-doc
- $ cd /host/fuel/mcp/reclass
- $ ln -s /usr/bin/nodejs /usr/bin/node
- $ reclass-doc --output /host /host/fuel/mcp/reclass
+ $ apt-get update
+ $ apt-get install -y npm nodejs
+ $ npm install -g reclass-doc
+ $ cd /host/fuel/mcp/reclass
+ $ ln -s /usr/bin/nodejs /usr/bin/node
+ $ reclass-doc --output /host /host/fuel/mcp/reclass
#. View the results from the host by using a browser. The file to open should be now at modeler/index.html
@@ -320,5 +356,3 @@ References
1) `Installation instructions <http://docs.opnfv.org/en/stable-euphrates/submodules/fuel/docs/release/installation/installation.instruction.html>`_
2) `Saltstack Documentation <https://docs.saltstack.com/en/latest/topics>`_
3) `Saltstack Formulas <http://salt-formulas.readthedocs.io/en/latest/develop/overview-reclass.html>`_
-
-