From 9d6b645fe9df9d6519434c882b4300b5290d6b73 Mon Sep 17 00:00:00 2001 From: Sofia Wallin Date: Thu, 25 Aug 2016 17:02:24 +0200 Subject: Updated docs structure according to directives Created 2 new rst files, /installationprocedure/feature.configuration.rst and /userguide/feature.useage.rst. The index.rst should not contain any text only reference other rst files in your repo. Change-Id: Ic0d247063ea7d35618b7e5f9a591b420e66b8cf2 Signed-off-by: Sofia Wallin --- .../feature.configuration.rst | 321 +++++++++++++++++++++ docs/installationprocedure/index.rst | 320 +------------------- 2 files changed, 326 insertions(+), 315 deletions(-) create mode 100644 docs/installationprocedure/feature.configuration.rst (limited to 'docs/installationprocedure') diff --git a/docs/installationprocedure/feature.configuration.rst b/docs/installationprocedure/feature.configuration.rst new file mode 100644 index 00000000..611876c2 --- /dev/null +++ b/docs/installationprocedure/feature.configuration.rst @@ -0,0 +1,321 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + + +Introduction +============ + +The Moon platform is composed of 3 components : +* keystone-moon +* keystonemiddleware-moon +* python-moonclient + +keystone-moon +============= +This component replaces the Keystone component of the OpenStack platform. +All basic functions of the original component were maintained but we add some new functions (specially authorization functions) + +keystonemiddleware-moon +======================= +This component replaces the KeystoneMiddleware component of the OpenStack platform. +The main function added was to intercept all actions from Nova and Swift in order to retrieve an authorization token +from the Keystone-moon component. + +python-moonclient +================= +The MoonClient is an interactive script to drive the Keystone-Moon component through the network. + +================= +Packages creation +================= + +Packages can be found on https://github.com/dthom/moon-bin + +keystone-moon package +===================== + +The Keystone-Moon can be package into 2 forms. +The first form is in traditional Python package : + +.. code-block:: bash + + cd moon_repo/keystone-moon + python setup.py sdist + ls dist + +We develop a script to build a Debian package, this script is located in `moon_repo/debian/keystone-moon` + +.. code-block:: bash + + cd moon_repo/debian/keystone-moon + python create_deb.py + + +keystonemiddleware-moon package +=============================== + +The KeystoneMiddleware-Moon can be package into 2 forms. +The first form is in traditional Python package : + +.. code-block:: bash + + cd moon_repo/keystonemiddleware-moon + python setup.py sdist + ls dist + +We develop a script to build a Debian package, this script is located in `moon_repo/debian/keystonemiddleware-moon` + +.. code-block:: bash + + cd moon_repo/debian/keystonemiddleware-moon + python create_deb.py + + +python-moonclient package +========================= + +There is only one type of package for the Moon client: + +.. code-block:: bash + + cd moon_repo/moonclient + python setup.py sdist + ls dist + + +============ +Installation +============ + +This installation procedure only describe the installation of a standalone Moon platform. + + +Pre-requisite +============= + +To install the Moon platform, you will need a working Linux server box. +The platform is tested on an up-to-date Ubuntu 16.04 box. + +You can build your own packages or you can download stable ones on https://github.com/dthom/moon-bin + +Installation +============ + +First of all, you must install dependencies for the Keystone-moon package, then you can download pre-built packages or +create them by yourself. Endly, you can install Keystone-Moon and MoonClient packages: + +.. code-block:: bash + + cd /tmp + wget https://github.com/dthom/moon-bin/archive/master.zip + unzip master.zip + PKGS = $(python3 /tmp/moon-bin-master/tools/get_deb_depends.py /tmp/moon-bin-master/*.deb) + sudo apt-get install $PKGS + sudo dpkg -i /tmp/moon-bin-master/keystone_latest-moon_all.deb + sudo pip install --upgrade /tmp/moon-bin-master/python-moonclient-latest.tar.gz + +At this point, the Nova and Swift components must be installed on the same box or on an other box. +See http://docs.openstack.org/ for more explanation. + +Nova and Swift components automatically installed the python-keystonemiddleware package. +We have to replace it with the dedicated Moon one: + +.. code-block:: bash + + cd /tmp + sudo dpkg -i /tmp/moon-bin-master/python3-keystonemiddleware_latest-moon_all.deb + sudo dpkg -i /tmp/moon-bin-master/python-keystonemiddleware_latest-moon_all.deb + +Note: if you installed Nova and Swift in 2 different nodes, you must install python-keystonemiddleware +in those 2 nodes. + +Configuration +============= + +For Keystone, the following files must be configured, some modifications may be needed, specially passwords: + +/etc/keystone/keystone-paste.ini + +.. code-block:: bash + + sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak + sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini + sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini + sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini + sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini + +/etc/keystone/keystone.conf + +.. code-block:: bash + + cat << EOF | sudo tee -a /etc/keystone/keystone.conf + [moon] + + # Configuration backend driver + configuration_driver = keystone.contrib.moon.backends.memory.ConfigurationConnector + + # Tenant backend driver + tenant_driver = keystone.contrib.moon.backends.sql.TenantConnector + + # Authorisation backend driver + authz_driver = keystone.contrib.moon.backends.flat.SuperExtensionConnector + + # IntraExtension backend driver + intraextension_driver = keystone.contrib.moon.backends.sql.IntraExtensionConnector + + # InterExtension backend driver + interextension_driver = keystone.contrib.moon.backends.sql.InterExtensionConnector + + # Logs backend driver + log_driver = keystone.contrib.moon.backends.flat.LogConnector + + # Local directory where all policies are stored + policy_directory = /etc/keystone/policies + + # Local directory where Root IntraExtension configuration is stored + root_policy_directory = policy_root + + # URL of the Moon master + master = 'http://localhost:35357/' + + # Login of the Moon master + master_login = 'admin' + + # Password of the Moon master + master_password = 'nomoresecrete' + EOF + + +The logging system must be configured : + +.. code-block:: bash + + sudo mkdir /var/log/moon/ + sudo chown keystone /var/log/moon/ + + sudo addgroup moonlog + + sudo chgrp moonlog /var/log/moon/ + + sudo touch /var/log/moon/keystonemiddleware.log + sudo touch /var/log/moon/system.log + + sudo chgrp moonlog /var/log/moon/keystonemiddleware.log + sudo chgrp moonlog /var/log/moon/system.log + sudo chmod g+rw /var/log/moon + sudo chmod g+rw /var/log/moon/keystonemiddleware.log + sudo chmod g+rw /var/log/moon/system.log + + sudo adduser keystone moonlog + sudo adduser swift moonlog + sudo adduser nova moonlog + +The Keystone database must be updated: + +.. code-block:: bash + + sudo /usr/bin/keystone-manage db_sync + sudo /usr/bin/keystone-manage db_sync --extension moon + +And, Apache must be restarted: + +.. code-block:: bash + + sudo systemctl restart apache.service + +In order to Nova to be able to communicate with Keystone-Moon, you must update the Nova KeystoneMiddleware configuration file. +To achieve this, a new filter must be added in `/etc/nova/api-paste.ini` and this filter must be added to the composite data. +The filter is: + +.. code-block:: bash + + [filter:moon] + paste.filter_factory = keystonemiddleware.moon_agent:filter_factory + authz_login=admin + authz_password=password + logfile=/var/log/moon/keystonemiddleware.log + +Here is some bash lines to insert this into the Nova configuration file: + +.. code-block:: bash + + sudo cp /etc/nova/api-paste.ini /etc/nova/api-paste.ini.bak2 + sudo sed "/^keystone = / s/keystonecontext/keystonecontext moon/" /etc/nova/api-paste.ini > /tmp/api-paste.ini + sudo cp /tmp/api-paste.ini /etc/nova/api-paste.ini + + echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/nova/api-paste.ini + +Nova can then be restarted: + +.. code-block:: bash + + for service in nova-compute nova-api nova-cert nova-conductor nova-consoleauth nova-scheduler ; do + sudo service ${service} restart + done + +In order to Swift to be able to communicate with Keystone-Moon, you must update the Swift KeystoneMiddleware configuration file. +To achieve this, a new filter must be added in `/etc/swift/proxy-server.conf` and this filter must be added to the composite data. +The filter is (exactly the same as Nova): + +.. code-block:: bash + + [filter:moon] + paste.filter_factory = keystonemiddleware.moon_agent:filter_factory + authz_login=admin + authz_password=password + logfile=/var/log/moon/keystonemiddleware.log + +Here is some bash lines to insert this into the Nova configuration file: + +.. code-block:: bash + + sudo cp /etc/swift/proxy-server.conf /etc/swift/proxy-server.conf.bak2 + sudo sed "/^pipeline = / s/proxy-server/moon proxy-server/" /etc/swift/proxy-server.conf > /tmp/proxy-server.conf + sudo cp /tmp/proxy-server.conf /etc/swift/proxy-server.conf + + echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/swift/proxy-server.conf + +Swift can then be restarted: + +.. code-block:: bash + + for service in swift-account swift-account-replicator \ + swift-container-replicator swift-object swift-object-updater \ + swift-account-auditor swift-container swift-container-sync \ + swift-object-auditor swift-proxy swift-account-reaper swift-container-auditor \ + swift-container-updater swift-object-replicator ; do + sudo service ${service} status + done + + + +Running tests +============= + +After a successful installation of the Moon platform, you can execute some tests to see if the platform is +up and running. Be patient, the latest test takes time (5 to 20 minutes). + +.. code-block:: bash + + export OS_USERNAME=admin + export OS_PASSWORD=password + export OS_REGION_NAME=What_ever_you_want + export OS_TENANT_NAME=admin + export OS_AUTH_URL=http://localhost:5000/v2.0 + + # See if Nova is up and running: + nova list + + # See if Swift is up and running: + swift stat + + # See if Keystone-Moon is up and running + moon intraextension list + # you must see one extension (named root) + moon test --self + + +Revision: _sha1_ + +Build date: |today| diff --git a/docs/installationprocedure/index.rst b/docs/installationprocedure/index.rst index e8528f6d..1311b248 100644 --- a/docs/installationprocedure/index.rst +++ b/docs/installationprocedure/index.rst @@ -2,329 +2,19 @@ .. http://creativecommons.org/licenses/by/4.0 .. (c) ruan.he@orange.com & thomas.duval@orange.com -***************************** -OPNFV MOON installation guide -***************************** + +*********************************************** +Moon installation and configuration instruction +*********************************************** .. toctree:: :numbered: :maxdepth: 2 + feature.configuration.rst -============ -Introduction -============ - -The Moon platform is composed of 3 components : -* keystone-moon -* keystonemiddleware-moon -* python-moonclient - -keystone-moon -============= -This component replaces the Keystone component of the OpenStack platform. -All basic functions of the original component were maintained but we add some new functions (specially authorization functions) - -keystonemiddleware-moon -======================= -This component replaces the KeystoneMiddleware component of the OpenStack platform. -The main function added was to intercept all actions from Nova and Swift in order to retrieve an authorization token -from the Keystone-moon component. - -python-moonclient -================= -The MoonClient is an interactive script to drive the Keystone-Moon component through the network. - -================= -Packages creation -================= - -Packages can be found on https://github.com/dthom/moon-bin - -keystone-moon package -===================== - -The Keystone-Moon can be package into 2 forms. -The first form is in traditional Python package : - -.. code-block:: bash - - cd moon_repo/keystone-moon - python setup.py sdist - ls dist - -We develop a script to build a Debian package, this script is located in `moon_repo/debian/keystone-moon` - -.. code-block:: bash - - cd moon_repo/debian/keystone-moon - python create_deb.py - - -keystonemiddleware-moon package -=============================== - -The KeystoneMiddleware-Moon can be package into 2 forms. -The first form is in traditional Python package : - -.. code-block:: bash - - cd moon_repo/keystonemiddleware-moon - python setup.py sdist - ls dist - -We develop a script to build a Debian package, this script is located in `moon_repo/debian/keystonemiddleware-moon` - -.. code-block:: bash - - cd moon_repo/debian/keystonemiddleware-moon - python create_deb.py - - -python-moonclient package -========================= - -There is only one type of package for the Moon client: - -.. code-block:: bash - - cd moon_repo/moonclient - python setup.py sdist - ls dist - - -============ -Installation -============ - -This installation procedure only describe the installation of a standalone Moon platform. - - -Pre-requisite -============= - -To install the Moon platform, you will need a working Linux server box. -The platform is tested on an up-to-date Ubuntu 16.04 box. - -You can build your own packages or you can download stable ones on https://github.com/dthom/moon-bin - -Installation -============ - -First of all, you must install dependencies for the Keystone-moon package, then you can download pre-built packages or -create them by yourself. Endly, you can install Keystone-Moon and MoonClient packages: - -.. code-block:: bash - - cd /tmp - wget https://github.com/dthom/moon-bin/archive/master.zip - unzip master.zip - PKGS = $(python3 /tmp/moon-bin-master/tools/get_deb_depends.py /tmp/moon-bin-master/*.deb) - sudo apt-get install $PKGS - sudo dpkg -i /tmp/moon-bin-master/keystone_latest-moon_all.deb - sudo pip install --upgrade /tmp/moon-bin-master/python-moonclient-latest.tar.gz - -At this point, the Nova and Swift components must be installed on the same box or on an other box. -See http://docs.openstack.org/ for more explanation. - -Nova and Swift components automatically installed the python-keystonemiddleware package. -We have to replace it with the dedicated Moon one: - -.. code-block:: bash - - cd /tmp - sudo dpkg -i /tmp/moon-bin-master/python3-keystonemiddleware_latest-moon_all.deb - sudo dpkg -i /tmp/moon-bin-master/python-keystonemiddleware_latest-moon_all.deb - -Note: if you installed Nova and Swift in 2 different nodes, you must install python-keystonemiddleware -in those 2 nodes. - -Configuration -============= - -For Keystone, the following files must be configured, some modifications may be needed, specially passwords: - -/etc/keystone/keystone-paste.ini - -.. code-block:: bash - - sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak - sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini - sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini - sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini - sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini - -/etc/keystone/keystone.conf - -.. code-block:: bash - - cat << EOF | sudo tee -a /etc/keystone/keystone.conf - [moon] - - # Configuration backend driver - configuration_driver = keystone.contrib.moon.backends.memory.ConfigurationConnector - - # Tenant backend driver - tenant_driver = keystone.contrib.moon.backends.sql.TenantConnector - - # Authorisation backend driver - authz_driver = keystone.contrib.moon.backends.flat.SuperExtensionConnector - - # IntraExtension backend driver - intraextension_driver = keystone.contrib.moon.backends.sql.IntraExtensionConnector - - # InterExtension backend driver - interextension_driver = keystone.contrib.moon.backends.sql.InterExtensionConnector - - # Logs backend driver - log_driver = keystone.contrib.moon.backends.flat.LogConnector - - # Local directory where all policies are stored - policy_directory = /etc/keystone/policies - - # Local directory where Root IntraExtension configuration is stored - root_policy_directory = policy_root - - # URL of the Moon master - master = 'http://localhost:35357/' - - # Login of the Moon master - master_login = 'admin' - - # Password of the Moon master - master_password = 'nomoresecrete' - EOF - - -The logging system must be configured : - -.. code-block:: bash - - sudo mkdir /var/log/moon/ - sudo chown keystone /var/log/moon/ - - sudo addgroup moonlog - - sudo chgrp moonlog /var/log/moon/ - - sudo touch /var/log/moon/keystonemiddleware.log - sudo touch /var/log/moon/system.log - - sudo chgrp moonlog /var/log/moon/keystonemiddleware.log - sudo chgrp moonlog /var/log/moon/system.log - sudo chmod g+rw /var/log/moon - sudo chmod g+rw /var/log/moon/keystonemiddleware.log - sudo chmod g+rw /var/log/moon/system.log - - sudo adduser keystone moonlog - sudo adduser swift moonlog - sudo adduser nova moonlog - -The Keystone database must be updated: - -.. code-block:: bash - - sudo /usr/bin/keystone-manage db_sync - sudo /usr/bin/keystone-manage db_sync --extension moon - -And, Apache must be restarted: - -.. code-block:: bash - - sudo systemctl restart apache.service - -In order to Nova to be able to communicate with Keystone-Moon, you must update the Nova KeystoneMiddleware configuration file. -To achieve this, a new filter must be added in `/etc/nova/api-paste.ini` and this filter must be added to the composite data. -The filter is: - -.. code-block:: bash - - [filter:moon] - paste.filter_factory = keystonemiddleware.moon_agent:filter_factory - authz_login=admin - authz_password=password - logfile=/var/log/moon/keystonemiddleware.log - -Here is some bash lines to insert this into the Nova configuration file: - -.. code-block:: bash - - sudo cp /etc/nova/api-paste.ini /etc/nova/api-paste.ini.bak2 - sudo sed "/^keystone = / s/keystonecontext/keystonecontext moon/" /etc/nova/api-paste.ini > /tmp/api-paste.ini - sudo cp /tmp/api-paste.ini /etc/nova/api-paste.ini - - echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/nova/api-paste.ini - -Nova can then be restarted: - -.. code-block:: bash - - for service in nova-compute nova-api nova-cert nova-conductor nova-consoleauth nova-scheduler ; do - sudo service ${service} restart - done - -In order to Swift to be able to communicate with Keystone-Moon, you must update the Swift KeystoneMiddleware configuration file. -To achieve this, a new filter must be added in `/etc/swift/proxy-server.conf` and this filter must be added to the composite data. -The filter is (exactly the same as Nova): - -.. code-block:: bash - - [filter:moon] - paste.filter_factory = keystonemiddleware.moon_agent:filter_factory - authz_login=admin - authz_password=password - logfile=/var/log/moon/keystonemiddleware.log - -Here is some bash lines to insert this into the Nova configuration file: - -.. code-block:: bash - - sudo cp /etc/swift/proxy-server.conf /etc/swift/proxy-server.conf.bak2 - sudo sed "/^pipeline = / s/proxy-server/moon proxy-server/" /etc/swift/proxy-server.conf > /tmp/proxy-server.conf - sudo cp /tmp/proxy-server.conf /etc/swift/proxy-server.conf - - echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/swift/proxy-server.conf - -Swift can then be restarted: - -.. code-block:: bash - - for service in swift-account swift-account-replicator \ - swift-container-replicator swift-object swift-object-updater \ - swift-account-auditor swift-container swift-container-sync \ - swift-object-auditor swift-proxy swift-account-reaper swift-container-auditor \ - swift-container-updater swift-object-replicator ; do - sudo service ${service} status - done - - - -Running tests -============= - -After a successful installation of the Moon platform, you can execute some tests to see if the platform is -up and running. Be patient, the latest test takes time (5 to 20 minutes). - -.. code-block:: bash - - export OS_USERNAME=admin - export OS_PASSWORD=password - export OS_REGION_NAME=What_ever_you_want - export OS_TENANT_NAME=admin - export OS_AUTH_URL=http://localhost:5000/v2.0 - - # See if Nova is up and running: - nova list - # See if Swift is up and running: - swift stat - # See if Keystone-Moon is up and running - moon intraextension list - # you must see one extension (named root) - moon test --self -Revision: _sha1_ -Build date: |today| \ No newline at end of file -- cgit 1.2.3-korg