1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
=================================
Kingbird installation instruction
=================================
Abstract
--------
This document will give the user instructions on how to deploy
available scenarios verified for the Colorado release of OPNFV
platform.
Preparing the installation
--------------------------
Kingbird is centralized synchronization service for multi-region OpenStack
deployments. In OPNFV Colorado release, Kingbird provides centralized quota
management feature. At least two OpenStack regions with shared KeyStone should
be installed first.
Kingbird includes kingbird-api and kingbird-engine, kingbird-api and
kingbird-engine which talk to each other through message bus, and both
services access the database. Kingbird-api receives the RESTful
API request for quota management and forward the request to kingbird-engine
to do quota synchronization etc task.
Therefore install Kingbird on the controller nodes of one of the OpenStack
region, these two services could be deployed in same node or different node.
Both kingbird-api and kingbird-engine can run in multiple nodes with
multi-workers mode. It's up to you how many nodes you want to deploy
kingbird-api and kingbird-engine and they can work in same node or
different nodes.
HW requirements
---------------
No special hardware requirements
Installation instruction
------------------------
In colorado release, Kingbird is recommended to be installed in a python
virtual environment. So install and activate virtualenv first.
.. code-block:: bash
sudo pip install virtualenv
virtualenv venv
source venv/bin/activate
Get the latest code of Kingbird from git repository:
.. code-block:: bash
git clone https://github.com/openstack/kingbird.git
cd kingbird/
pip install -e .
or get the stable release from PyPI repository:
.. code-block:: bash
pip install kingbird
In case of the database package are not installed, you may need to install:
.. code-block:: bash
pip install mysql
pip install pymysql
In the Kingbird root folder, where you can find the source code of Kingbird,
generate the configuration sample file for Kingbird:
.. code-block:: bash
oslo-config-generator --config-file=./tools/config-generator.conf
prepare the folder used for cache, log and configuration for Kingbird:
.. code-block:: bash
sudo rm -rf /var/cache/kingbird
sudo mkdir -p /var/cache/kingbird
sudo chown `whoami` /var/cache/kingbird
sudo rm -rf /var/log/kingbird
sudo mkdir -p /var/log/kingbird
sudo chown `whoami` /var/log/kingbird
sudo rm -rf /etc/kingbird
sudo mkdir -p /etc/kingbird
sudo chown `whoami` /etc/kingbird
Copy the sample configuration to the configuration folder /etc/kingbird:
.. code-block:: bash
cp etc/kingbird/kingbird.conf.sample /etc/kingbird/kingbird.conf
Before editing the configuration file, prepare the database info for Kingbird.
.. code-block:: bash
mysql -uroot -e "CREATE DATABASE $kb_db CHARACTER SET utf8;"
mysql -uroot -e "GRANT ALL PRIVILEGES ON $kb_db.* TO '$kb_db_user'@'%' IDENTIFIED BY '$kb_db_pwd';"
For example, the following command will create database "kingbird", and grant the
privilege for the db user "kingbird" with password "password":
.. code-block:: bash
mysql -uroot -e "CREATE DATABASE kingbird CHARACTER SET utf8;"
mysql -uroot -e "GRANT ALL PRIVILEGES ON kingbird.* TO 'kingbird'@'%' IDENTIFIED BY 'password';"
Create the service user in OpenStack:
.. code-block:: bash
source openrc admin admin
openstack user create --project=service --password=$kb_svc_pwd $kb_svc_user
openstack role add --user=$kb_svc_user --project=service admin
For example, the following command will create service user "kingbird",
and grant the user "kingbird" with password "password" the role of admin
in service project:
.. code-block:: bash
source openrc admin admin
openstack user create --project=service --password=password kingbird
openstack role add --user=kingbird --project=service admin
Then edit the configuration file for Kingbird:
.. code-block:: bash
vim /etc/kingbird/kingbird.conf
By default, the bind_host of kingbird-api is local_host(127.0.0.1), and the
port for the service is 8118, you can leave it as the default if no port
conflict happened.
Please replace the address of Kingbird service "127.0.0.1" which is mentioned
below to the address you get from OpenStack Kingbird endpoint.
To make the Kingbird work normally, you have to edit these configuration
items. The [cache] section is used by kingbird engine to access the quota
information of Nova, Cinder, Neutron in each region, replace the
auth_uri to the keystone service in your environment,
especially if the keystone service is not located in the same node, and
also for the account to access the Nova, Cinder, Neutron in each region,
in the following configuration, user "admin" with password "password" of
the tenant "admin" is configured to access other Nova, Cinder, Neutron in
each region:
.. code-block:: bash
[cache]
auth_uri = http://127.0.0.1:5000/v3
admin_tenant = admin
admin_password = password
admin_username = admin
Configure the database section with the service user "kingbird" and its
password, to access database "kingbird". For detailed database section
configuration, please refer to http://docs.openstack.org/developer/oslo.db/opts.html,
and change the following configuration accordingly based on your
environment.
.. code-block:: bash
[database]
connection = mysql+pymysql://$kb_db_user:$kb_db_pwd@127.0.0.1/$kb_db?charset=utf8
For example, if the database is "kingbird", and the db user "kingbird" with
password "password", then the configuration is as following:
.. code-block:: bash
[database]
connection = mysql+pymysql://kingbird:password@127.0.0.1/kingbird?charset=utf8
The [keystone_authtoken] section is used by keystonemiddleware for token
validation during the API request to the kingbird-api, please refer to
http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html
on how to configure the keystone_authtoken section for the keystonemiddleware
in detail, and change the following configuration accordingly based on your
environment:
*please specify the region_name where you want the token will be validated if the
KeyStone is deployed in multiple regions*
.. code-block:: bash
[keystone_authtoken]
signing_dir = /var/cache/kingbird
cafile = /opt/stack/data/ca-bundle.pem
auth_uri = http://127.0.0.1:5000/v3
project_domain_name = Default
project_name = service
user_domain_name = Default
password = $kb_svc_pwd
username = $kb_svc_user
auth_url = http://127.0.0.1:35357/v3
auth_type = password
region_name = RegionOne
For example, if the service user is "kingbird, and the password for the user
is "password", then the configuration will look like this:
.. code-block:: bash
[keystone_authtoken]
signing_dir = /var/cache/kingbird
cafile = /opt/stack/data/ca-bundle.pem
auth_uri = http://127.0.0.1:5000/v3
project_domain_name = Default
project_name = service
user_domain_name = Default
password = password
username = kingbird
auth_url = http://127.0.0.1:35357/v3
auth_type = password
region_name = RegionOne
And also configure the message bus connection, you can refer to the message
bus configuration in Nova, Cinder, Neutron configuration file.
.. code-block:: bash
[DEFAULT]
transport_url = rabbit://stackrabbit:password@127.0.0.1:5672/
After these basic configuration items configured, now the database schema of
"kingbird" should be created:
.. code-block:: bash
python kingbird/cmd/manage.py --config-file=/etc/kingbird/kingbird.conf db_sync
And create the service and endpoint for Kingbird, please change the endpoint url
according to your cloud planning:
.. code-block:: bash
openstack service create --name=kingbird synchronization
openstack endpoint create --region=RegionOne kingbird public http://127.0.0.1:8118/v1.0
openstack endpoint create --region=RegionOne kingbird admin http://127.0.0.1:8118/v1.0
openstack endpoint create --region=RegionOne kingbird internal http://127.0.0.1:8118/v1.0
Now it's ready to run kingbird-api and kingbird-engine:
.. code-block:: bash
nohup python kingbird/cmd/api.py --config-file=/etc/kingbird/kingbird.conf &
nohup python kingbird/cmd/engine.py --config-file=/etc/kingbird/kingbird.conf &
Run the following command to check whether kingbird-api and kingbird-engine
are running:
.. code-block:: bash
ps aux|grep python
Post-installation activities
----------------------------
Run the following commands to check whether kingbird-api is serving, please
replace $mytoken to the token you get from "openstack token issue":
.. code-block:: bash
openstack token issue
curl -H "Content-Type: application/json" -H "X-Auth-Token: $mytoken" \
http://127.0.0.1:8118/
If the response looks like following: {"versions": [{"status": "CURRENT",
"updated": "2016-03-07", "id": "v1.0", "links": [{"href":
"http://127.0.0.1:8118/v1.0/", "rel": "self"}]}]},
then that means the kingbird-api is working normally.
Run the following commands to check whether kingbird-engine is serving, please
replace $mytoken to the token you get from "openstack token issue", and the
$admin_project_id to the admin project id in your environment:
.. code-block:: bash
curl -H "Content-Type: application/json" -H "X-Auth-Token: $mytoken" \
-X PUT \
http://127.0.0.1:8118/v1.0/$admin_project_id/os-quota-sets/$admin_project_id/sync
If the response looks like following: "triggered quota sync for
0320065092b14f388af54c5bd18ab5da", then that means the kingbird-engine
is working normally.
|