aboutsummaryrefslogtreecommitdiffstats
path: root/docs/configurationguide/index.rst
blob: 4001a63ea2b55a4b808b8b6c64f89faca0fee198 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198

.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. (c) ruan.he@orange.com & thomas.duval@orange.com

******************************
OPNFV MOON configuration guide
******************************

.. toctree::
   :numbered:
   :maxdepth: 2


============
Introduction
============

Moon must be configured through the standard Keystone configuration files and the standard KeystoneMiddleware configuration files:
* /etc/keystone/keystone-paste.ini
* /etc/keystone/keystone.conf
* /etc/nova/api-paste.ini
* /etc/swift/proxy-server.conf

There is no other custom configuration file.

=============
Configuration
=============

Keystone
========

For Keystone, the following files must be configured, some modifications may be needed, specially passwords:

/etc/keystone/keystone-paste.ini

.. code-block:: bash

    sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak
    sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini
    sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini
    sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini
    sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini

/etc/keystone/keystone.conf

.. code-block:: bash

    cat << EOF | sudo tee -a /etc/keystone/keystone.conf
    [moon]

    # Configuration backend driver
    configuration_driver = keystone.contrib.moon.backends.memory.ConfigurationConnector

    # Tenant backend driver
    tenant_driver = keystone.contrib.moon.backends.sql.TenantConnector

    # Authorisation backend driver
    authz_driver = keystone.contrib.moon.backends.flat.SuperExtensionConnector

    # IntraExtension backend driver
    intraextension_driver = keystone.contrib.moon.backends.sql.IntraExtensionConnector

    # InterExtension backend driver
    interextension_driver = keystone.contrib.moon.backends.sql.InterExtensionConnector

    # Logs backend driver
    log_driver = keystone.contrib.moon.backends.flat.LogConnector

    # Local directory where all policies are stored
    policy_directory = /etc/keystone/policies

    # Local directory where Root IntraExtension configuration is stored
    root_policy_directory = policy_root

    # URL of the Moon master
    master = 'http://localhost:35357/'

    # Login of the Moon master
    master_login = 'admin'

    # Password of the Moon master
    master_password = 'nomoresecrete'
    EOF


The logging system must be configured :

.. code-block:: bash

    sudo mkdir /var/log/moon/
    sudo chown keystone /var/log/moon/

    sudo addgroup moonlog

    sudo chgrp moonlog /var/log/moon/

    sudo touch /var/log/moon/keystonemiddleware.log
    sudo touch /var/log/moon/system.log

    sudo chgrp moonlog /var/log/moon/keystonemiddleware.log
    sudo chgrp moonlog /var/log/moon/system.log
    sudo chmod g+rw /var/log/moon
    sudo chmod g+rw /var/log/moon/keystonemiddleware.log
    sudo chmod g+rw /var/log/moon/system.log

    sudo adduser keystone moonlog
    sudo adduser swift moonlog
    sudo adduser nova moonlog

The Keystone database must be updated:

.. code-block:: bash

    sudo /usr/bin/keystone-manage db_sync
    sudo /usr/bin/keystone-manage db_sync --extension moon

And, Apache must be restarted:

.. code-block:: bash

    sudo systemctl restart apache.service

Nova
====

In order to Nova to be able to communicate with Keystone-Moon, you must update the Nova KeystoneMiddleware configuration file.
To achieve this, a new filter must be added in `/etc/nova/api-paste.ini` and this filter must be added to the composite data.
The filter is:

.. code-block:: bash

    [filter:moon]
    paste.filter_factory = keystonemiddleware.moon_agent:filter_factory
    authz_login=admin
    authz_password=password
    logfile=/var/log/moon/keystonemiddleware.log

Here is some bash lines to insert this into the Nova configuration file:

.. code-block:: bash

    sudo cp /etc/nova/api-paste.ini /etc/nova/api-paste.ini.bak2
    sudo sed "/^keystone = / s/keystonecontext/keystonecontext moon/" /etc/nova/api-paste.ini > /tmp/api-paste.ini
    sudo cp /tmp/api-paste.ini /etc/nova/api-paste.ini

    echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/nova/api-paste.ini

Nova can then be restarted:

.. code-block:: bash

    for service in nova-compute nova-api nova-cert nova-conductor nova-consoleauth nova-scheduler ; do
        sudo service ${service} restart
    done

Swift
=====

In order to Swift to be able to communicate with Keystone-Moon, you must update the Swift KeystoneMiddleware configuration file.
To achieve this, a new filter must be added in `/etc/swift/proxy-server.conf` and this filter must be added to the composite data.
The filter is (exactly the same as Nova):

.. code-block:: bash

    [filter:moon]
    paste.filter_factory = keystonemiddleware.moon_agent:filter_factory
    authz_login=admin
    authz_password=password
    logfile=/var/log/moon/keystonemiddleware.log

Here is some bash lines to insert this into the Nova configuration file:

.. code-block:: bash

    sudo cp /etc/swift/proxy-server.conf /etc/swift/proxy-server.conf.bak2
    sudo sed "/^pipeline = / s/proxy-server/moon proxy-server/" /etc/swift/proxy-server.conf > /tmp/proxy-server.conf
    sudo cp /tmp/proxy-server.conf /etc/swift/proxy-server.conf

    echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/swift/proxy-server.conf

Swift can then be restarted:

.. code-block:: bash

    for service in swift-account swift-account-replicator \
                    swift-container-replicator  swift-object swift-object-updater \
                    swift-account-auditor swift-container swift-container-sync \
                    swift-object-auditor swift-proxy swift-account-reaper swift-container-auditor \
                    swift-container-updater swift-object-replicator ; do
        sudo service ${service} status
    done



Revision: _sha1_

Build date: |today|