OpenStack
This deployment is responsible for the OpenStack deployment. For more information please refer to the respective repository documentation.
Deplyoment
To deploy, change into the appropriate overlay and run kustomize build | kubectl apply -f -
Preparation
- deployed and running rook-ceph cluster on storage-nodes
- replace ceph fsid uuid in
config/*ceph.conf - get ceph keyrings for openstack services
- see ceph deployment and example below
- replace ceph fsid uuid in
- check interfaces for
config/overrides/linuxbridge_agent.ini.tmpl - check and adjust
config/*dockerconfig.json - check environment variables for OpenStack services
- tag and check images for openstack
Typical Operations
Changing component releases
To change releases for COTB software components adapt the images listed within the images: section of the kusomization.yaml and run the deployment command again.
Variables
Cinder
File: overlays/workload/cinder_control.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| CINDER_PASSWORD | required | String | Password for user Cinder against Keystone service. |
| DB_PORT | required | "3310" | Database port for cinder-db, Set this according to the configured Database Port in cinder-db. |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| INTERFACE | required | String | Interface to listen. In general eth0 inside of a container. |
| ISCSI_PORT | required | "3261" | Set the port for exporting volumes via iscsi. Usually runs on 3261. |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| MYSQL_PASSWORD | required | String | MySQL Password for cinder-db |
| OS_ADMIN_PASSWORD | required | String | OpenStack Admin Password |
| PUBLIC_DOMAIN | required | cinder | Set (sub-) domain for the cinder service |
| PUBLIC_PORT | optional | "443" | Overwrite the public port. Defaults to 8776. |
| VOLUME_BACKUP_NFS | optional | String | backup NFS share if configured in hostname:path, ipaddr:path format. |
Cinder-DB
File: overlays/workload/cinder_control.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| MYSQL_DATABASE | required | cinder | Name of service Database |
| MYSQL_PASSWORD | required | String | MySQL Password for cinder-db |
| MYSQL_ROOT_PASSWORD | required | String | MySQL root password |
| MYSQL_USER | required | cinder | Name of MySQL user for cinder-db |
Arguments: Set the port to expose the database within your infrastructure.
Cinder-volume
File: overlays/workload/cinder_volume.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| CINDER_PASSWORD | required | String | Password for user Cinder against Keystone service. |
| DB_PORT | required | "3310" | Database port for cinder-db, Set this according to the configured Database Port in cinder-db. |
| DEVICE | required | /dev/sda2 | Path to storage backend if cinder used with lvm. |
| INTERFACE | required | String | Interface to listen. In general eth0 inside of a container. |
| ISCSI_PORT | required | "3261" | Set the port for exporting volumes via iscsi. Usually runs on 3261. |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| MYSQL_PASSWORD | required | String | MySQL Password for cinder-db |
| VOLUME_BACKUP_NFS | optional | String | backup NFS share if configured in hostname:path, ipaddr:path format. |
| STORAGE_BACKEND | required | ceph, lvm | Set the desired storage backend to be used. |
| RBD_SECRET_UUID | required | uuid | RBD secret uuid generated according the docs. |
Designate-bind
File: overlays/workload/designate-bind.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| PUBLIC_IP | required | IPv4 | Set public IP for designates named config. |
Designate
File: overlays/workload/designate.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3312" | Database port for designate-db, Set this according to the configured Database Port in designate-db. |
| DEBUG | optional | "false", "true" | Configure Debug Logging for designate. |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| MYSQL_PASSWORD | required | String | MySQL Password for designate-db |
| DESIGNATE_PASSWORD | required | String | Password for user Designate against Keystone service. |
| OS_ADMIN_PASSWORD | required | String | OpenStack Admin Password |
| PUBLIC_DOMAIN | required | designate | Set (sub-) domain for the designate service |
| PUBLIC_PORT | optional | "443" | Overwrite the public port. Defaults to 9001. |
| PUBLIC_IP | required | IPv4 | Set public IP for designates named config. |
| INTERFACE_INTERNAL | required | eth0 | Internal interface to listen. In general eth0 inside of a container. |
Designate-DB
File: overlays/workload/designate.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| MYSQL_DATABASE | required | nova | Name of service Database |
| MYSQL_PASSWORD | required | String | MySQL Password for designate-db |
| MYSQL_ROOT_PASSWORD | required | String | MySQL root password |
| MYSQL_USER | required | nova | Name of MySQL user for designate-db |
Arguments: Set the port to expose the database within your infrastructure.
Glance
File: overlays/workload/glance.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3311" | Database port for glance-db, Set this according to the configured Database Port in glance-db. |
| GLANCE_PASSWORD | required | String | Password for user Glance against Keystone service. |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| INTERFACE_INTERNAL | required | String | Internal interface to listen. In general eth0 inside of a container. |
| MYSQL_PASSWORD | required | String | MySQL Password for glance-db |
| OS_ADMIN_PASSWORD | required | String | OpenStack Admin Password |
| PUBLIC_DOMAIN | required | glance | Set (sub-) domain for the glance service. |
| PUBLIC_PORT | optional | "443" | Overwrite the public port. Defaults to 9292. |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
Glance-DB
File: overlays/workload/glance.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| MYSQL_DATABASE | required | glance | Name of service Database |
| MYSQL_PASSWORD | required | String | MySQL Password for glance-db |
| MYSQL_ROOT_PASSWORD | required | String | MySQL root password |
| MYSQL_USER | required | glance | Name of MySQL user for glance-db |
Arguments: Set the port to expose the database within your infrastructure.
Horizon
File: overlays/workload/horizon.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| DEBUG | optional | "False", "True" | Configure Debug Logging for horizon. |
| DEFAULT_DOMAIN | optional | String | Set the default domain for horizon. Defaults to "Default". |
| MULTIDOMAIN_SUPPORT | optional | "False", "True" | Enable multidomain support for horizon. Defaults to "False" |
Keystone
File: overlays/workload/keystone.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3307" | Database port for keystone-db, Set this according to the configured Database Port in keystone-db. |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| KEYSTONE_PORT | required | "5000" | Set the internal port for keystone. Usually 5000. |
| KEYSTONE_TYPE | required | admin | Set keystone type to admin. This performs additional bootstrapping operations on service initialization. |
| MYSQL_PASSWORD | required | String | MySQL Password for keystone-db |
| OS_ADMIN_PASSWORD | required | String | OpenStack Admin Password |
| PUBLIC_DOMAIN | required | keystone | Set (sub-) domain for the keystone service. |
| PUBLIC_PORT | optional | "443" | Overwrite the public port. Defaults to 5000. |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
Keystone-DB
File: overlays/workload/keystone.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| MYSQL_DATABASE | required | keystone | Name of service Database |
| MYSQL_PASSWORD | required | String | MySQL Password for keystone-db |
| MYSQL_ROOT_PASSWORD | required | String | MySQL root password |
| MYSQL_USER | required | keystone | Name of MySQL user for keystone-db |
Arguments: Set the port to expose the database within your infrastructure.
Messageq
File: overlays/workload/messageq.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| RABBIT_PORT | required | "5672" | Configure port for Messageq Service. Usually 5672. |
| INTERFACE_INTERNAL | required | String | Internal interface to listen. In general eth0 inside of a container. |
| RABBIT_USERNAME | required | String | Set default user for messageq. Usually openstack. |
| RABBIT_PASSWORD | required | String | Set Password for messageq. This is consumed with the MESSAGEQ_PASSWORD in other services. |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
Neutron-Compute
File: overlays/workload/neutron_compute.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3309" | Database port for neutron-db, Set this according to the configured Database Port in neutron-db. |
| INTERFACE_EXTERNAL | required | String | Set to the interface name of your external network. E.g. ethpublic |
| INTERFACE_INTERNAL | required | String | Set to the interface name of your data network. E.g. ethdata |
| INFERFACE_PHYS_VLANS | optional | String | Comma seperated list of additional physical vlans. E.g. ethvlan.4-111 |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| NEUTRON_PASSWORD | required | String | Password for user Neutron against Keystone service. |
Neutron-Control
File: overlays/workload/neutron_control.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3309" | Database port for neutron-db, Set this according to the configured Database Port in neutron-db. |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| INTERFACE_CONTROL | required | String | Set to the interface name of your control network. E.g. ethcontrol |
| INTERFACE_EXTERNAL | required | String | Set to the interface name of your external network. E.g. ethpublic |
| INFERFACE_PHYS_VLANS | required | String | Comma seperated list of additional physical vlans. E.g. ethvlan.4-111 |
| INTERFACE_INTERNAL | required | String | Set to the interface name of your data network. E.g. ethdata |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| METADATA_SECRET | required | String | Shared metadata secret between nova and neutron |
| MYSQL_PASSWORD | required | String | MySQL Password for neutron-db |
| NEUTRON_PASSWORD | required | String | Password for user Neutron against Keystone service. |
| NOVA_PASSWORD | required | String | Password for user Nova against Keystone service. |
| DESIGNATE_PASSWORD | optional | String | Password for user Designate against Keystone service. Needed if you have configured designate. |
| OS_ADMIN_PASSWORD | required | String | OpenStack admin password |
| PUBLIC_DOMAIN | required | neutron | Set (sub-) domain for the neutron service. |
| PUBLIC_PORT | optional | "443" | Overwrite the public port. Defaults to 9696. |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
Neutron-DB
File: overlays/workload/neutron_control.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| MYSQL_DATABASE | required | neutron | Name of service Database |
| MYSQL_PASSWORD | required | String | MySQL Password for neutron-db |
| MYSQL_ROOT_PASSWORD | required | String | MySQL root password |
| MYSQL_USER | required | neutron | Name of MySQL user for neutron-db |
Arguments: Set the port to expose the database within your infrastructure.
Nova-Compute-Libvirt
File: overlays/workload/libvirt_compute.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| INTERFACE | required | String | Set to the interface name of your control network. E.g. ethcontrol |
| VIRT_TYPE | required | kvm, qemu | Configure virtualization type based on your machine suuport. Fallback to qemu if kvm is not supported. |
| RBD_SECRET_UUID | required | uuid | RBD secret uuid generated according the docs. |
Nova-Compute
File: overlays/workload/nova-compute.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3308" | Database port for nova-db, Set this according to the configured Database Port in nova-db. |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| INTERFACE | required | String | Set to the interface name of your control network. E.g. ethcontrol |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| NEUTRON_PASSWORD | required | String | Password for user Neutron against Keystone service. |
| NOVA_PASSWORD | required | String | Password for user Nova against Keystone service. |
| PUBLIC_VNC_DOMAIN | required | vnc | Set (sub-) domain for the vnc service. |
| VNC_PROXY_PORT | optional | "443" | Overwrite the public vnc port. Defaults to 6080. |
| VIRT_TYPE | required | kvm, qemu | Configure virtualization type based on your machine suuport. Fallback to qemu if kvm is not supported. |
| VIRT_URI | required | qemu+tcp://localhost/system | Configure libvirt uri |
| RBD_SECRET_UUID | required | uuid | RBD secret uuid generated according the docs. |
Nova-Control
File: overlays/workload/nova-control.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| DB_PORT | required | "3308" | Database port for nova-db, Set this according to the configured Database Port in nova-db. |
| DEFAULT_SCHEDULE_ZONE | required | String | Configure the default scheduling zone. Usually nova |
| HTTP_SCHEMA | required | http, https | Http schema for service communication. |
| INTERFACE_INTERNAL | required | String | Set to the interface name of your control network. E.g. ethcontrol |
| LOG_LEVEL | optional | DEBUG, INFO, WARNING, ERROR, CRITICAL | Set de log level of the application. Defaults to INFO |
| MESSAGEQ_PASSWORD | required | String | Password for Messageq |
| METADATA_SECRET | required | String | Shared metadata secret between nova and neutron |
| MYSQL_PASSWORD | required | String | MySQL Password for nova-db |
| NEUTRON_PASSWORD | required | String | Password for user Neutron against Keystone service. |
| NOVA_PASSWORD | required | String | Password for user Nova against Keystone service. |
| NOVA_ENABLED_FILTERS | optional | String (comm seperated) | List of nova scheduling filters. E.g. AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateMultiTenancyIsolation,DifferentHostFilter,AggregateInstanceExtraSpecsFilter,NUMATopologyFilter |
| OS_ADMIN_PASSWORD | required | String | OpenStack admin password |
| PUBLIC_NOVA_DOMAIN | required | nova | Set (sub-) domain for the nova service. |
| PUBLIC_NOVA_PORT | optional | "443" | Overwrite the public nova port. Defaults to 8774. |
| PUBLIC_PLACEMENT_DOMAIN | required | placement | Set (sub-) domain for the placement service. |
| PUBLIC_PLACEMENT_PORT | optional | "443" | Overwrite the public placememnt port. Defaults to 8778. |
| PUBLIC_VNC_DOMAIN | required | vnc | Set (sub-) domain for the vnc service. |
| VNC_PROXY_PORT | optional | "443" | Overwrite the public vnc port. Defaults to 6080. |
| OS_INTERFACE | optional | String | OpenStack interface used for internal communication is usually set to admin |
Nova-DB
File: overlays/workload/nova-control.yaml
| Name | Kind | Values | Description |
|---|---|---|---|
| MYSQL_DATABASE | required | nova | Name of service Database |
| MYSQL_PASSWORD | required | String | MySQL Password for nova-db |
| MYSQL_ROOT_PASSWORD | required | String | MySQL root password |
| MYSQL_USER | required | nova | Name of MySQL user for nova-db |
Arguments: Set the port to expose the database within your infrastructure.