Configure the deployment

_images/installation-workflow-configure-deployment.png

Ansible references some files that contain mandatory and optional configuration directives. Before you can run the Ansible playbooks, modify these files to define the target environment. Configuration tasks include:

  • Target host networking to define bridge interfaces and networks.

  • A list of target hosts on which to install the software.

  • Virtual and physical network relationships for OpenStack Networking (neutron).

  • Passwords for all services.

Initial environment configuration

OpenStack-Ansible (OSA) depends on various files that are used to build an inventory for Ansible. Perform the following configuration on the deployment host.

  1. Copy the contents of the /opt/openstack-ansible/etc/openstack_deploy directory to the /etc/openstack_deploy directory.

    # cp -a /opt/openstack-ansible/etc/openstack_deploy /etc/openstack_deploy

  2. Change to the /etc/openstack_deploy directory.

  3. Copy the openstack_user_config.yml.example file to openstack_user_config.yml.

    # cp openstack_user_config.yml.example openstack_user_config.yml

  4. Review the openstack_user_config.yml file and make changes to the deployment of your OpenStack environment.

    Note

    This file is heavily commented with details about the various options. See our User Guide and Reference Guide for more details.

  5. Review the user_variables.yml file to configure global and role specific deployment options. The file contains some example variables and comments but you can get the full list of variables in each role’s specific documentation.

    Note

    One important variable is the install_method which configures the installation method for the OpenStack services. The services can either be deployed from source (default) or from distribution packages. Source based deployments are closer to a vanilla OpenStack installation and allow for more tweaking and customizations. On the other hand, distro based deployments generally provide a package combination which has been verified by the distributions themselves. However, this means that updates are being released less often and with a potential delay. Moreover, this method offer fewer opportunities for deployment customizations and is supported only by selected services. The install_method variable is set during the initial deployment and you must not change it as OpenStack-Ansible is not able to convert itself from one installation method to the other. As such, it’s important to judge your needs against the pros and cons of each method before making a decision.

The configuration in the openstack_user_config.yml file defines which hosts run the containers and services deployed by OpenStack-Ansible. For example, hosts listed in the shared-infra_hosts section run containers for many of the shared services that your OpenStack environment requires. Some of these services include databases, Memcached, and RabbitMQ. Several other host types contain other types of containers, and all of these are listed in the openstack_user_config.yml file.

Some services, such as glance, heat, horizon and nova-infra, are not listed individually in the example file as they are contained in the os-infra hosts. You can specify image-hosts or dashboard-hosts if you want to scale out in a specific manner.

For examples, please see our User Guides

For details about how the inventory is generated, from the environment configuration and the variable precedence, see our Reference Guide under the inventory section.

Configure target hosts

Modify the /etc/openstack_deploy/openstack_user_config.yml file to configure the target hosts.

Do not assign the same IP address to different target hostnames. Unexpected results may occur. Each IP address and hostname must be a matching pair. To use the same host in multiple roles, for example infrastructure and networking, specify the same hostname and IP in each section.

Unless otherwise stated, replace *_IP_ADDRESS with the IP address of the br-mgmt container management bridge on each target host.

Note

If the SSH access to the host is via a different network than the br-mgmt interface, please, refer to the guide.

  1. Configure a list containing at least three infrastructure target hosts in the shared-infra_hosts section:

    shared-infra_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02:
    ip: INFRA02_IP_ADDRESS
  infra03:
    ip: INFRA03_IP_ADDRESS
  infra04: ...

  2. Configure a list of at least one keystone target host in the identity_hosts section:

    identity_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02: ...

  3. Configure the appropriate set of hosts responsible for network-related roles in your deployment:

    network-infra_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02: ...

network-northd_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02: ...

    When deploying OpenStack with OVN, it’s essential to properly configure network-gateway_hosts depending on your network architecture. There are two typical scenarios:

    Scenario 1: DVR with gateway on compute nodes:

    network-gateway_hosts:
  compute01:
    ip: COMPUTE01_IP_ADDRESS
  compute02: ...

    Scenario 2: standalone network nodes:

    network-gateway_hosts:
  network01:
    ip: NETWORK01_IP_ADDRESS
  network02: ...

  4. Configure a list containing at least one compute target host in the compute_hosts section:

    compute_hosts:
  compute01:
    ip: COMPUTE01_IP_ADDRESS
  compute02: ...

  5. Configure a list containing at least one repository target host in the repo-infra_hosts section:

    repo-infra_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02:
    ip: INFRA02_IP_ADDRESS
  infra03:
    ip: INFRA03_IP_ADDRESS
  infra04: ...

    The repository typically resides on one or more infrastructure hosts.

  6. Optionally configure storage host in the storage_hosts section:

    storage_hosts:
  storage01:
    ip: STORAGE01_IP_ADDRESS
  storage02: ...

    Each storage host requires additional configuration to define the back end driver. The default configuration includes an optional storage host. To install without storage hosts, comment out the stanza beginning with the storage_hosts: line.

Installing additional services

To install additional services, the files in etc/openstack_deploy/conf.d provide examples showing the correct host groups to use. To add another service, add the host group, allocate hosts to it, and then execute the playbooks.

Advanced service configuration

OpenStack-Ansible has many options that you can use for the advanced configuration of services. Each role’s documentation provides information about the available options.

Important

This step is essential to tailoring OpenStack-Ansible to your needs and is generally overlooked by new deployers. Have a look at each role documentation, user guides, and reference if you want a tailor made cloud.

Infrastructure service roles

OpenStack service roles

Other roles

Configuring service credentials

Configure credentials for each service in the /etc/openstack_deploy/user_secrets.yml file. Consider using the Ansible Vault feature to increase security by encrypting any files that contain credentials.

Adjust permissions on these files to restrict access by non-privileged users.

The keystone_auth_admin_password option configures the admin tenant password for both the OpenStack API and Dashboard access.

We recommend that you use the pw-token-gen.py script to generate random values for the variables in each file that contains service credentials:

# cd /opt/openstack-ansible
# ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml

To regenerate existing passwords, add the --regen flag.

For information on how to rotate passwords, please refer to the Password Rotation documentation.