Configure the OpenStack environment settings

Configure the OpenStack environment settings

You can configure security, compute, storage, logging, and other settings in the Settings tab. Most of these settings you have already configured in the deployment wizard.

Additionally, you can configure some of the advanced OpenStack settings by editing the corresponding configuration files.

To configure the OpenStack environment settings:

  1. In the Fuel web UI, click Settings.

  2. Select a coresponding tab and edit as required:

    OpenStack environment settings
    Name Description
    General settings
    Access
    Enables you to modify access permissions for Horizon. By default, Fuel assigns user name, password, and tenant admin.
    Repositories
    Fuel includes default repositories from which it downloads the packages required to install and update Fuel and OpenStack components. If you do not have an Internet connection, you can set up a local repository and provide the URL to the repository on this page. For details, see: Set up a local repository.
    Kernel parameters
    Enables you to modify kernel parameters. This field does not set kernel parameters for the Fuel Master node or for nodes that have already been deployed.
    General settings: Kernel parameters
    ttys0=<speed>
    Enables serial console for videoless servers.
    console=ttyS0,9600
    Enables serial console.
    nofb
    Disables Linux framebuffer.
    nomodeset
    Disables the video card kernel handling. This parameter may be required for old integrated server video chips.
    intel_iommu and amd_iommu
    Enables/disables physical-to-virtual address translation for peripheral devices. Some devices, such as Mellanox cards, require this parameter to be enabled. Other peripheral devices may be incompatible with device virtual address space and may only work with real address space. If you are unable to boot a node or the node has a kernel panic soon after being booted, setting this parameter to off may resolve the issue.
    unsupported_hardware
    Instructs the operating system to boot even if it does not recognize some of the configured hardware. Failure to set this parameter may result in inability for Linux to boot. This typically happens with the latest CPU models. Because most hardware provides backward compatibility with older versions, setting this kernel parameter may enable the system to boot. However, if no backward compatibility is provided, the system may panic or fail in other ways even with this parameter set.
    Security settings: Public TLS
    TLS for OpenStack public endpoints
    Enables TLS termination on HAProxy for OpenStack services.
    HTTPS for Horizon
    Secures access to Horizon enabling HTTPS instead of HTTP.
    Select source for certificate

    Enable TLS for OpenStack public endpoints first to select a certificate. You can generate a private key with certificate or use the pre-generated ones.

    • Self-signed
      Generates a private key and certificate to be signed by this key.
    • I have my own keypair with certificate
      Uses the pre-generated key and certificate. If selected, you need to specify a certificate and private key data concatenated into a single file.
    DNS hostname for public TLS endpoints
    Enable TLS for OpenStack public endpoints first to specify a DNS hostname. Your DNS entries should point to this name. Self-signed certificates also use this hostname. The default value is public.fuel.local.
    Security settings: SSH security
    Restrict SSH service on network
    When enabled, provide at least one working IP address (the Fuel Master node IP is already added). Add new addresses instead of replacing the provided Fuel Master node IP address. When disabled (by default), the admin, management, and storage networks can only connect to the SSH service.
    Restrict access to
    Sets access restriction to the specified range of IP addresses.
    Brute force protection
    Grants access from all networks (except the provided ones), but Fuel checks the networks against the brute force attack.
    Security settings: Security groups
    Open vSwitch Firewall Driver
    Select the Open vSwitch Firewall Driver if you use OVS Bridges for networking.
    IPtables-based Firewall Driver
    Select the IPtables-based Firewall Driver if you use Linux Bridges for networking. Do not select this option if you have DPDK enabled as this results in not having a firewall at all.
    Compute settings
    Hypervisor
    Enables you to modify the previously selected option.
    Nova quotas
    Sets tenant quotas on CPU and memory usage.
    Resume guests state on host boot
    Controls whether to preserve the state of virtual instances across reboots.
    Storage settings
    Use qcow format for images
    If you select this option, ephemeral volumes will be created as a copy-on-write layer of the base image. If you do not select this option, ephemeral volumes will be full copies of the base image. The default setting is to use copy-on-write for ephemeral volumes. If you select to use Ceph RBD as a storage back end for ephemeral volumes, this setting is ignored.
    Storage Backends
    Modify storage options you have previously selected in the deployment wizard. The storage options that you select must match the roles you assign to a node. For example, if you select Ceph as a storage back end, you must configure the appropriate number of nodes with the Storage - Ceph OSD role.
    Ceph object replication factor
    Determines the minimum number of Ceph OSD nodes that Fuel must deploy. For a production environment, deploy at least three Ceph OSD nodes.
    Logging settings

    Configure the Puppet and OpenStack debug logging and syslog settings.

    Common
    Typically, you do not need to enable debug logging. Enable debug logging to analyze the problems in your system.
    Syslog
    Fuel deploys an OpenStack environment with the standard Linux syslog message logging tool. Syslog logs activity of all OpenStack services. By default, rsyslog is configured to use the Fuel Master node as a remote syslog server that contains all logs generated on all nodes in the OpenStack environment. If you want to use an external server for rsyslog, specify an IP address and port number of the server in the Syslog field.
    OpenStack services Select additional OpenStack services to deploy. Some OpenStack services may have additional network and storage requirements. For more information, see: Configure additional components.
  3. Click Save Settings.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

Contents