Install Murano ComponentsThis chapter describes how to install Murano components on a
separate devbox. We
strongly recommend to use a separate host (virtual machine or real
host) for Murano
devbox as it prevents you from various dependency conflicts.
Automatic InstallationThere is a script to automate Murano installation onto
devbox.
Create a folder to hold cloned
repositories
># mkdir -p /opt/gitClone murano-deployment
repository
># cd /opt/git
># git clone git://github.com/stackforge/murano-deployment.git
Change directory to
murano-deployment
and switch to required branch (e.g.master)
># cd /opt/git/murano-deployment
># git checkout -b master origin/master
Install
prerequisites
># cd /opt/git/murano-deployment/devbox-scripts
># ./murano-git-install.sh prerequisites
Configure the following parameters in lab binding
configuration file
/etc/murano-deployment/lab-binding.rc
LAB_HOST
- IP or nostname
of the lab. Actually, this address/name
should point to the
host where Keystone is installed.
ADMIN_USER
- OpenStack
admin
user
ADMIN_PASSWORD
- A password for OpenStack
admin
user
RABBITMQ_USER
- User to connect to RabbitMQ host
RABBITMQ_PASSWORD
- Password for that user
RABBITMQ_VHOST
- vHost
which will be used by Murano
components. Provides additional
layer of isolation from other devboxes.
RABBITMQ_HOST
-
(optional) IP address or hostname of
the host where RabbitMQ
is installed IF it is not the same host
as LAB_HOST points
to
RABBITMQ_HOST_ALT
-
(optional) IP address or hostname of
the RabbitMQ host to
connect from inside the Windows
instance. In some cases the
addresses like LAB_HOST or
RABBITMQ_HOST are inaccessible
from instances, and they must use
different address.
FILE_SHARE_HOST
-
(optional) IP address or hostname of
the host where file
share with prerequisites is located IF
it is not the same
host as LAB_HOST points to.
BRANCH_NAME
- branch name
from which all Murano components will
be fetched for
installation
SSL_ENABLED
- Set
'true'
if OpenStack is
configured with SSL support and
'false'
otherwise.
SSL_CA_FILE
- Path to CA
certificate for certificate validation
on client
side.
Install Murano
components
># ./murano-git-install.sh installLogin to the Dashboard using URL
http://<your
VM IP>/dashboard
or
http://<your
VM IP>/horizon
Manual InstallationThis chapter describes manual installation and configuration of Murano services.Note that all Murano modules can be downloaded from
our page
on launchpad.
Automatic installation Murano can be installed in automatic way. Script will install all
necessary packages to your system. Find out more about this in
Getting Started Guide
Pre-RequisitesMurano supports the following operating systems:Ubuntu 12.04RHEL/CentOS 6.4These system packages are required for Murano:Ubuntugccpython-pippython-devlibxml2-devlibxslt-devlibffi-devCentOSgccpython-pippython-devellibxml2-devellibxslt-devellibffi-devel
All these packages will be installed in murano-installation scripts. In addition to these packages some repositories are required.
Please follow the instructions in the appendix to prepare your environment for murano installation.
Murano API ServiceMurano API provides access to the Murano orchestration engine via API.This chapter describes the procedure of installation and condiguration of Murano API. InstallSuperuser privileges is required to install and configure system packages. Let's switch to root account:Make sure that additional linux repositories are installed. See the appendix for information about preparing a virtual machine for murano installation.
Clone Murano API git repository:Stable version one of our releases can be checked by tag:Switch to just created directory and then perform installationUbuntuCentOSSuccessful installation ends with message like this:
Making sample configuration files at "/etc/murano-api"
LOG:> Reloading initctl
LOG:> Please, make proper configuration,located at "/etc/murano-api", before starting the "murano-api" daemon!
]]>
ConfigureCopy and edit configuration files:Configure it according to your environment:
[DEFAULT] section sets up logging.
[reports]
section allows you to set up names for new rabbitMQ queues.
In
[rabbitmq]
section you can set up host configuration where rabbitMQ
with just created user and vhost is running.
If you consider to use Murano in production it;sbetter to use seperate vhosts in RabbitMQ.
To add new vhost and user with
administrator rights preform:
In [filter:authtoken]
configure keystone auth_token. For more information see
Auth-Token Middleware with Username and Password
Update configuration in /etc/murano-api/murano-api-paste.ini
:
...
[filter.authtoken]
...
# auth_host should point to the host where Keyston servive is installed
auth_host =
...
# For auth_protocol use 'http' in general and 'https' if Keystone supports SSL.
auth_protocol = http
# A name for OpenStack admin tenant name ('admin' by default)
admin_tenant_name = admin
# A name for OpenStack admin user ('admin' by default)
admin_user = admin
# A pasword for admin user
admin_password =
...
For more information how to configure SSL take a look at SSL configuration chapter Register murano-api service in Openstack. To do that perform the folowwing commands:You need to be authorized in Openstack to run this commandsRunRun Murano API service:UbuntuCentOSConductor ServiceConductor is a Murano orchestration engine that transforms object model sent by REST API service into
a series of Heat and Murano-Agent commands.
This chapter describes Conductor for contributors of the project.InstallMurano Conductor uses OpenStack Heat for new virtual machines creation, therefore Heat should
been installed and configured. Some services require the Internet access for virtual machines to
successful deployment.
The detailed information about Heat configuration is described
here.
OpenStack Heat require Key Pair for Load Balancer instances. Murano Conductor uses
LoadBalancer for IIS Farms and ASP.NET Farms. The default name for Key Pair is "murano-lb-key",
you can change this parameter in file
Superuser privileges is required to install and configure system packages. Let's switch to root account:Make sure that additional repositories are installed.
See
the appendix
for information about preparing a virtual machine for murano installation.
Clone Murano Conductor repository from the github.Stable version one of our
releases
can be checked out by tag:
Switch to just created directory and then perform installationUbuntuCentOSConfigureEdit configuration file and take a look at inline comments:Change configuration file according to your environment.
[DEFAULT]section is responsible for logging.
[heat]points where heat is running.
[rabbitmq]section points where your rabbitMQ installed and
configured.
RunRun Murano Conductor service:UbuntuCentOSMurano DashboardMurano Dashboard provides Web UI for Murano Project.This installation is not capable with Horizon installed by devstackInstallSuperuser privileges is required to install and configure system packages. Let's switch to root account:Make sure that additional repositories are installed and your system is updated and upgraded.
Please check from with steps in the appendix.
If there is no openstack dashboard package in your environment install it now with all dependencies.
Deleting an Ubuntu theme is an optional step but recommended.
Horizon installed by devstack is not capable for a murano installation.
CentOS
yum install make gcc memcached python-memcached \
mod_wsgi openstack-dashboard python-netaddr.noarch
Ubuntu
apt-get install memcached libapache2-mod-wsgi openstack-dashboard
dpkg --purge openstack-dashboard-ubuntu-theme
Clone Murano Dashboard repository from the github:Stable version one of our
releases
can be checked out by tag:
git checkout 0.2
Switch to just created directory and run installation scriptUbuntuCentOSConfigure
Murano installation script makes all needed changes in horizon (openstack dashboard) configs.
All you have to do is to configure horizon in appropriate way. Set OPENSTACK_HOST in your
horizon local settings which located in
/etc/openstack-dashboard/local_settings.py..
For more information visit official horizon documentation.
Run
Since all required settings are made Apache service need to be restarted to apply all changes.
CentOS
# service httpd restart
Ubuntu
# service apache2 restart
Check that "Environments" panel appears at the horizon "Project" tab.
To see how to operate with Murano dashboard plugin check out
Murano User Guide.
SSL configuration
Murano components are able to work with SSL. This chapter will
help your to make proper settings with SSL configuration.
HTTPS for Murano API
SSL for Murano API service can be configured in ssl section in
/etc/murano-api/murano-api.conf. Just point to a valid SSL certificate.
See the example below:
cert_file=PATH:
Path to the certificate file the server should use when binding to an SSL-wrapped socket.
key_file=PATH: Path to the private key file the server should
use when binding to an SSL-wrapped socket.
ca_file=PATH:
Path to the CA certificate file the server should use to validate
client certificates provided during an SSL handshake. This is
ignored if cert_file and "key_file" are not set.
The use of SSL is automatically started after point to HTTPS protocol instead of HTTP during registration Murano API service in endpoints
(Change publicurl argument to start with https://). See here
how to register Murano API in Openstack Keystone.
SSL for Murano API is implemented like in any other Openstack component.
This realization is based on ssl python module so more information about it can be found
here.
SSL for RabbitMQ
All Murano components communicate with each other
by RabbitMQ. This interaction can be encrypted with SSL. By
default all messages in Rabbit MQ are not encrypted.
Each RabbitMQ Exchange should be configured separately.
Murano API -> Rabbit MQ exchange
Edit rabbitmq section in /etc/murano-api/murano-api.conf
and set ssl option to True to enable SSL. Specify the path to the
SSL CA certificate in regular format: /path/to/file without quotes or leave it empty to allow
self-signed certificates.
Rabbit MQ -> Murano Conductor exchange
Open /etc/murano-conductor/conductor.conf
and configure rabbitmq section in the same way:
enable ssl option to True and set CA certificate path or leave it empty to allow
self-signed certificates.
Murano Agent -> Rabbit MQ exchange
By default all Murano Conductor configuration settings apply to Murano Agent.
If you want to configure Murano Agent in a different way change the default template. It can be found
here:/etc/murano-conductor/data/templates/agent-config/Default.template.
Take a look at appSettings section:
]]>
Desired parameter should be set directly to the value of the key
that you want to change. Quotes are need to be kept.
Thus you can change "rabbitmq.ssl" and "rabbitmq.port" values to
make Rabbit MQ work with this exchange in a different from
Murano-Conductor way.