Transcription
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Oracle OpenStackConfiguration Guide for Release 5.0E96263-03March 2021
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Oracle Legal NoticesCopyright 2018, 2021 Oracle and/or its affiliates. All rights reserved.This software and related documentation are provided under a license agreement containing restrictions on use anddisclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreementor allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute,exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, ordecompilation of this software, unless required by law for interoperability, is prohibited.The information contained herein is subject to change without notice and is not warranted to be error-free. If you findany errors, please report them to us in writing.If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf ofthe U.S. Government, then the following notice is applicable:U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, anyprograms embedded, installed or activated on delivered hardware, and modifications of such programs) andOracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are"commercial computer software" or "commercial computer software documentation" pursuant to the applicableFederal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction,duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracleprograms (including any operating system, integrated software, any programs embedded, installed or activatedon delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) otherOracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. Theterms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for suchservices. No other rights are granted to the U.S. Government.This software or hardware is developed for general use in a variety of information management applications. It is notdeveloped or intended for use in any inherently dangerous applications, including applications that may create a riskof personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible totake all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporationand its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerousapplications.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of theirrespective owners.Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are usedunder license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMDlogo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of TheOpen Group.This software or hardware and documentation may provide access to or information about content, products, andservices from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim allwarranties of any kind with respect to third-party content, products, and services unless otherwise set forth in anapplicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for anyloss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except asset forth in an applicable agreement between you and Oracle.
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Table of ContentsAbout This Document . v1 Introduction to OpenStack Configuration . 1Using the kollacli Command . 1Enabling Bash Command Completion . 2Using the kollacli Shell . 3Formatting Command Output . 3Using Groups to Deploy Services . 4Setting Properties for Deployment Groups or Hosts . 5Dealing With Variable Network Interface Names . 7Configuring Network Interfaces for OpenStack Networks . 9Configuring OpenStack Service Endpoints . 11Configuring Transport Layer Security (TLS) . 13Using a Certificate Signed by a CA . 14Using a Self-Signed Certificate . 15Configuring OpenStack Service Accounts . 16About the OpenStack Kolla User . 172 Openstack Service Configuration . 19Barbican Key Manager Service . 20Ceilometer Telemetry Service . 22Cinder Block Storage Service . 22Using Ceph for Cinder Volumes . 23Using LVM for Cinder Volumes . 23Using External iSCSI Storage for Cinder Volumes . 24Configuring the iSCSI Initiator Name and iSCSI Multipath . 27Using Shared Cinder Volumes (Multi-Attached) . 27Configuring Cinder Backup . 28Designate DNS-as-a-Service . 29Glance Image Service . 30Ironic Bare Metal Provisioning Service . 32Murano Application Catalog Service . 34Neutron Networking Service . 34Configuring VLAN Networks . 35Setting up Multiple External Network Interfaces . 35Enabling Distributed Virtual Routing (DVR) . 36Enabling Neutron Agent High Availability . 37Neutron Plug-ins: Firewalls and Load Balancing . 37Nova Compute Service . 38Hypervisors . 38Automatic Hypervisor Configuration . 39Preparing a Compute Node . 40Removing a Compute Node . 40Swift Object Storage Service . 41Preparing the Storage Devices . 41Building the Swift Rings . 42Enabling and Configuring Swift . 45Telemetry Alarming Service (aodh) . 463 Additional Component Configuration . 49Central Logging (Fluentd, Elasticsearch and Kibana) . 49Ceph Storage for Oracle Linux . 51Ceph Storage Partitioning . 51iii
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Oracle OpenStackSetting up Ceph Storage .Configuring Ceph Networks .Adding a Ceph Node .Removing a Ceph OSD Node (Storage) .Removing a Ceph Mon Node (Controller) .Running Ceph Commands .MySQL Database .Setting MySQL NDB Cluster Global Options .Setting MySQL NDB Cluster Configuration Parameters .Configuring the Service Databases .Backing Up and Restoring the MySQL Database .Service Endpoint High Availability (Keepalived and HAProxy) .Time Synchronization (Chrony) .Gnocchi Metric Service .Infoblox OpenStack Cloud Adapter .A kollacli Command Reference .iv55585959606161626263646972747579
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.About This DocumentThis document is part of the documentation library for Oracle OpenStack Release 5.0, which is availableat:https://docs.oracle.com/cd/E96260 01/The documentation library consists of the following items:Oracle OpenStack Release NotesThis document provides a summary of the new features, changes, fixed bugs, and known issues inOracle OpenStack. It contains last-minute information, which may not be included in the main body ofdocumentation, and information on Oracle OpenStack support.Read this document before you install your environment.Oracle OpenStack Installation and Deployment GuideThis document explains how to install Oracle OpenStack and deploy OpenStack services.Oracle OpenStack Configuration GuideThis document describes the configuration options for deploying services with Oracle OpenStack.Oracle OpenStack Application Deployment GuideThis document describes how to set up Oracle products and deploy them using the OpenStackApplication Catalog (Murano) service.Oracle OpenStack Licensing Information User ManualThis document provides licensing information for Oracle OpenStack.This document was generated on 04 March 2021 (revision: 1476) .You can get the latest information on Oracle OpenStack mlConventionsThe following text conventions are used in this document:ConventionMeaningboldfaceBoldface type indicates graphical user interface elements associated with anaction, or terms defined in text or the glossary.italicItalic type indicates book titles, emphasis, or placeholder variables for whichyou supply particular values.monospaceMonospace type indicates commands within a paragraph, URLs, code inexamples, text that appears on the screen, or text that you enter.v
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Command SyntaxCommand SyntaxCommand syntax appears in monospace font. The dollar character ( ) and number sign (#) are commandprompts. You do not enter them as part of the command. Commands that any user, including the rootuser, can run are shown with the prompt: commandCommands that must be run as the root user, or by a user with superuser privileges obtained throughanother utility such as sudo, are shown with the # prompt:# commandThe following command syntax conventions are used in this guide:ConventionDescriptionbackslash \A backslash is the Oracle Linux command continuation character. It is used incommand examples that are too long to fit on a single line. Enter the commandas displayed (with a backslash) or enter it on a single line without a backslash:dd if /dev/rdsk/c0t1d0s6 of /dev/rst0 bs 10b \count 10000braces { }Braces indicate required items:.DEFINE {macro1}brackets [ ]Brackets indicate optional items:cvtcrt termname [outfile]ellipses .Ellipses indicate an arbitrary number of similar items:CHKVAL fieldname value1 value2 . valueNitalicsItalic type indicates a variable. Substitute a value for the variable:library namevertical line A vertical line indicates a choice within braces or brackets:FILE filesize [K M]Access to Oracle Support for AccessibilityOracle customers that have purchased support have access to electronic support through My OracleSupport. For information, y/learning-support.html#support-tab.vi
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Chapter 1 Introduction to OpenStack ConfigurationTable of ContentsUsing the kollacli Command . 1Enabling Bash Command Completion . 2Using the kollacli Shell . 3Formatting Command Output . 3Using Groups to Deploy Services . 4Setting Properties for Deployment Groups or Hosts . 5Dealing With Variable Network Interface Names . 7Configuring Network Interfaces for OpenStack Networks . 9Configuring OpenStack Service Endpoints . 11Configuring Transport Layer Security (TLS) . 13Using a Certificate Signed by a CA . 14Using a Self-Signed Certificate . 15Configuring OpenStack Service Accounts . 16About the OpenStack Kolla User . 17Oracle OpenStack is based on the OpenStack Kolla project, which aims to simplify deployments by usingDocker containers to run OpenStack clouds. Oracle provides Docker images for OpenStack servicesbased on Oracle Linux 7.In line with Docker best practices, each OpenStack service is broken down into its components (sometimesreferred to as a microservice). Ansible playbooks (based on the OpenStack Kolla-Ansible project) are usedto configure, deploy, and manage the Docker containers on a large number of hosts.While it is possible to use the Ansible playbooks manually, Oracle OpenStack provides a command-lineinterface (the kollacli command) to make it easier to configure a deployment, and to deploy, update,and remove OpenStack services. The kollacli command is the only supported method for configuringand deploying Oracle OpenStack.This chapter covers some of general configuration options for deploying Oracle OpenStack.Using the kollacli CommandThis section introduces the kollacli command, and how you use it to configure and deploy OpenStackservices.You run the kollacli command on the master node. To run kollacli commands, you must be amember of the kolla group.The kollacli command has a set of subcommands, which are organized by the objects that theymanage.To configure the layout of your OpenStack deployment, you perform actions on groups, hosts and services,as follows: The kollacli host commands manage the nodes in a deployment.Example command: kollacli host add adds a host to the list of nodes.1
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Enabling Bash Command Completion The kollacli group commands manage the associations between nodes and the OpenStackservices they run. Nodes in the same group run the same services.Example command: kollacli group addhost adds a host to a group. The kollacli service commands manage the OpenStack services to add or remove them fromdeployment groups.Example command: kollacli service addgroup adds an OpenStack service to a deploymentgroup.To configure your OpenStack deployment, you configure values for passwords and properties, as follows: The kollacli password commands manage the passwords for the OpenStack components.Example command: kollacli password set sets a value for an individual password. The kollacli property commands manage the configuration settings for OpenStack services.Example command: kollacli property set sets a value for a configuration property.Once you have configured your deployment, you deploy OpenStack services with the kollacli deploycommand.If you want to reset your OpenStack deployment to the default settings, use the kollacli configreset command. This resets all options to their defaults.Help on how to use the kollacli command is available, as follows: To list all kollacli commands, use the kollacli help command. To list the related commands for an object, use the kollacli help object for example kollaclihelp host. To get help for a specific command, use the kollacli help subcommand command, wheresubcommand is the name of the command, for example kollacli host list or kollacliservice listgroups.For a complete syntax reference for kollacli commands, see Appendix A, kollacli Command Reference.Enabling Bash Command CompletionYou can enable Bash command completion for the kollacli command, as follows:1. Install the bash-completion package, if it is not already installed:# yum install bash-completion2. Use the kollacli complete command to generate the command completion function.To display the function so you can copy and paste it into a file: kollacli completeTo output the function to a file: kollacli complete /etc/bash completion.d/kollacli2
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Using the kollacli ShellYou need root privileges to write to the /etc/bash completion.d directory.3. Source the file to enable command completion: source /etc/bash completion.d/kollacliUsing the kollacli ShellThe kollacli shell enables you to enter several commands without having to type the kollaclicommand each time. You start the shell with the kollacli command. When you are in the kollaclishell, the prompt changes to (kollacli). From the shell prompt you can enter kollacli commands intheir short form, for example: kollacli(kollacli) host list(kollacli) group listhostsIn addition to the help command, the kollacli shell also supports the -h and --help options forobtaining help with kollacli commands.To exit the kollacli shell and return to the operating system prompt, type exit, quit, or q.Formatting Command OutputWhen you use kollacli commands, such as the kollacli property list command to show whatyou have configured, these commands have a --format option which enables you to format the output tosuit your needs, as shown in the following table.OptionFormatcsvComma-separated values.Use the --quote option with this format to control the use ofquotes in the output: all: Quote all values. minimal: Optimized minimal quoting of values. none: No quoting of any values. nonnumeric: Quote only non-numeric values.The default is nonnumeric.htmlHTML table markup.jsonJavaScript Object Notation.tableSimple ASCII display table.This is the default output format.Use the --max-width option with this format to set the maximumdisplay width for each column. The value for this option must be aninteger. The default is 0 (no maximum width).3
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Using Groups to Deploy ServicesOptionFormatvalueSpace separated values with no headers.This format may be useful to pipe output to an operating systemcommand.yamlYAML format.You can also use the --column option to select the columns that are included in the output. Use multiple--column options to select each column you want. The names of the columns change depending on thekollacli command used and the names are case sensitive. By default, all columns are included.Using Groups to Deploy ServicesOracle OpenStack uses groups to associate nodes with OpenStack services. Nodes in the same group runthe same OpenStack services. The default groups are: control: Contains the control-related services, such as glance, keystone, ndbcluster, nova, andrabbitmq. compute: Contains the hypervisor part of the compute services, such as nova-compute. database: Contains the data part of the database services. network: Contains the shared network services, such as neutron-server, neutron-agents and neutronplugins. storage: Contains the storage part of storage services, such as cinder and swift.A node can belong to more than one group and can run multiple OpenStack services.The minimum supported deployment of OpenStack contains at least three nodes, as shown in Figure 1.1: Two controller nodes, each of these nodes runs the OpenStack services in the control, database,network and storage groups. One or more compute nodes, each of these nodes runs the OpenStack services in the compute group.NoteSingle-node deployments (sometimes referred to as all-in-one deployments) are notsupported.Figure 1.1 Minimum Supported DeploymentAs your scaling and performance requirements change, you can increase the number of nodes and movegroups on to separate nodes to spread the workload. In Figure 1.2, more compute nodes have been addedto the deployment to increase capacity, and the services in the network group have been moved to twoseparate network nodes to handle the increased network workload.4
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Setting Properties for Deployment Groups or HostsFigure 1.2 Expanding DeploymentAs your deployment expands, note the following "rules" for deployment: The nodes in the compute group must not be assigned to the control group. The control group must contain at least two nodes. The number of nodes in the database group must always be a multiple of two. The number of nodes in each group must be two or more to enable high availability.There is no limit on the number of nodes in a deployment. Figure 1.3 shows a fully-expanded deploymentusing the default groups. To maintain high availability, there are at least two nodes that run the services ineach group, and the number of database nodes is a multiple of two.Figure 1.3 Fully-Expanded DeploymentYou are not restricted to using the default groups. You can change the services a group runs, or configureyour own groups. If you configure your own groups, be sure to remember the rules of deployment listedabove.Setting Properties for Deployment Groups or HostsBecause OpenStack Kolla uses properties and templates to configure OpenStack services, deployingOpenStack Kolla containers works best where the nodes are identical. However, where your nodes are notidentical, or you have custom configuration requirements, you can set properties that are specific to groupsor hosts.When you use the kollacli property set command without any options, the properties are globalproperties that apply to all hosts and OpenStack services in your deployment. However, to enable you totune your deployment, you can use the --groups and --hosts options to set properties that are specificto particular groups or individual hosts.The properties you set are used in the following order of precedence:5
The software described in this documentation is either no longer supported or is in extended support.Oracle recommends that you upgrade to a current supported release.Setting Properties for Deployment Groups or Hosts1. Host properties.2. Group properties.3. Global properties.4. Default properties.Group properties files are used in alphabetical order, for example properties set for the group namedcontrol have precedence over properties for the group named database.To set properties for hosts or groups1. Identify the name of the property that you want to set.Use the kollacli property list command to see a list of properties. By default, only theproperties with values of less than 50 characters are shown. Use the --all option to list all properties,or set the KOLLA PROP LIST LENGTH environmental variable with the maximum number ofcharacters you want.2. (Optional) Set the global property value.If the default value for the property is not what you require for the majority of the groups or hosts, youshould set the global property for your deployment: kollacli property set property name valueUse the kollacli property list command with the --long option to list default and globalproperties.3. Set the property for individual groups or hosts.To set the property for one or more groups: kollacli property set property name value --groups group listwhere group list is a comma-separated list of group names. The names must match the names ofthe defined groups. Use the kollacli group listservices command to list the defined groups.To set the property for one or more hosts: kollacli property set property name value --hosts host listwhere host list is a comma-separated list of host names. The host names must match the namesof the hosts added to the deployment. Use
Oracle OpenStack is based on the OpenStack Kolla project, which aims to simplify deployments by using Docker containers to run OpenStack clouds. Oracle provides Docker images for OpenStack services based on Oracle Linux 7. In line with Docker best practices, each OpenStack service is broken down into its components (sometimes
