stackforge-attic
/
murano-docs
Code Issues Proposed changes
murano-docs/src/administrators-guide/src/docbkx/content/installation-guide.xml

1095 lines
47 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2013 Mirantis, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xlink="http://www.w3.org/1999/xlink"
xsi:schemaLocation="http://docbook.org/ns/docbook http://www.docbook.org/xml/5.0/xsd/docbook.xsd
http://www.w3.org/1999/xlink http://www.w3.org/1999/xlink.xsd"
version="5.0">
<title>Install Murano Components</title>
<para>This chapter describes how to install Murano components on a
separate devbox. We strongly recommend to use a separate host (virtual machine or real
host) for Murano devbox as it prevents you from various dependency conflicts.
You can refer <link xlink:href="https://wiki.openstack.org/wiki/Murano/Requirements"> this link</link> to check supported version of all Murano dependencies.
</para>
<section>
<title>Automatic Installation</title>
<para>There is a script to automate Murano installation onto devbox.
<itemizedlist>
<listitem>
<para>Create a folder to hold cloned repositories
<programlisting>
># mkdir -p /opt/git
</programlisting>
</para>
</listitem>
<listitem>
<para>Clone murano-deployment repository
<programlisting>
># cd /opt/git
># git clone git://github.com/stackforge/murano-deployment.git
</programlisting>
</para>
</listitem>
<listitem>
<para>Set configuration and install prerequisites
<programlisting>
># cd /opt/git/murano-deployment/devbox-scripts
># ./murano-git-install.sh prerequisites
</programlisting>
</para>
<para>Press Enter to edit <filename>/etc/murano-deployment/lab-binding.rc</filename>,
then 'i' to enter INSERT mode. After editing press ESC and type :wq to write and exit from VI.
<programlisting>
LAB_HOST=''
ADMIN_USER=''
ADMIN_PASSWORD=''
RABBITMQ_LOGIN=''
RABBITMQ_PASSWORD=''
RABBITMQ_VHOST=''
RABBITMQ_PORT=''
#RABBITMQ_HOST=''
#RABBITMQ_HOST_ALT=''
#FILE_SHARE_HOST=''
BRANCH_NAME='master'
# Only 'true' or 'false' values are allowed!
SSL_ENABLED='false'
SSL_CA_FILE=''
SSL_CERT_FILE=''
SSL_KEY_FILE=''
#BRANCH_MURANO_API=''
#BRANCH_MURANO_DASHBOARD=''
#BRANCH_MURANO_CLIENT=''
#BRANCH_MURANO_CONDUCTOR=''
#BRANCH_MURANO_REPOSITORY=''
</programlisting>
<itemizedlist>
<listitem>
<para><emphasis role="bold">LAB_HOST</emphasis> - IP or hostname of the lab.
This address/hostname should point to the host where Keystone is installed.</para>
</listitem>
<listitem>
<para><emphasis role="bold">ADMIN_USER</emphasis> - OpenStack admin user.</para>
</listitem>
<listitem>
<para><emphasis role="bold">ADMIN_PASSWORD</emphasis> - A password for OpenStack admin user.</para>
</listitem>
<listitem>
<para><emphasis role="bold">RABBITMQ_USER</emphasis> - User to connect to RabbitMQ host.</para>
</listitem>
<listitem>
<para><emphasis role="bold">RABBITMQ_PASSWORD</emphasis> - Password for that user.</para>
</listitem>
<listitem>
<para><emphasis role="bold">RABBITMQ_VHOST</emphasis> - vHost which will be used by Murano
components. Provides additional layer of isolation from other devboxes.</para>
</listitem>
<listitem>
<para><emphasis role="bold">RABBITMQ_PORT</emphasis> - Port number for Murano components interconnection.
It should be different from general RabbitMQ port to provide SSL opportunity.</para>
</listitem>
<listitem>
<para><emphasis role="bold">RABBITMQ_HOST</emphasis> - (optional) IP address or hostname of
the host where RabbitMQ is installed IF it is not the same host as LAB_HOST points to.
This parameter can be skipped and in this case LAB_HOST will be used.</para>
</listitem>
<listitem>
<para><emphasis role="bold">RABBITMQ_HOST_ALT</emphasis> - (optional) IP address or hostname of
the RabbitMQ host to connect from inside the instance. In some cases the
addresses like LAB_HOST or RABBITMQ_HOST are inaccessible from instances, and they must use
different address.</para>
</listitem>
<listitem>
<para><emphasis role="bold">FILE_SHARE_HOST</emphasis> - (optional) IP address or hostname of
the host where file share with prerequisites is located if it is not the same host as
LAB_HOST points to.</para>
</listitem>
<listitem>
<para><emphasis role="bold">BRANCH_MURANO_*</emphasis> - (optional) code from specified branch name for a selected Murano
component will be installed. By default code from 'master' branch will be fetched.</para>
</listitem>
<listitem>
<para><emphasis role="bold">SSL_ENABLED</emphasis> - Set <emphasis role="bold">'true'</emphasis> if
OpenStack is configured with SSL support and <emphasis role="bold">'false'</emphasis> otherwise.</para>
</listitem>
<listitem>
<para><emphasis role="bold">SSL_CA_FILE</emphasis> - Path to CA certificate for certificate validation
on client side. Leave it empty when used self-signed certificates.</para>
</listitem>
<listitem>
<para><emphasis role="bold">SSL_CERT_FILE</emphasis> - Path to the valid SSL certificate. </para>
</listitem>
<listitem>
<para><emphasis role="bold">SSL_KEY_FILE</emphasis> - Path to the valid key file.</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>Install Murano components
<programlisting>
># ./murano-git-install.sh install
</programlisting>
</para>
</listitem>
<listitem>
<para>Login to the Dashboard using URL <emphasis role="bold">http://your_VM_IP/horizon</emphasis>
on Ubuntu or <emphasis role="bold">http://your_VM_IP/dashboard</emphasis> on CentOS.</para>
</listitem>
</itemizedlist>
</para>
</section>
<section>
<title>Manual Installation</title>
<para>This chapter describes manual installation and configuration of Murano services.</para>
<para>Note that all Murano modules can be downloaded from
<link xlink:href="https://launchpad.net/murano/">our page</link>
on launchpad.
</para>
<para>
<note>
<title>Automatic installation</title>
<para>
Murano can be installed in automatic way. Script will install all
necessary packages to your system. Find out more about this in
<link xlink:href='http://murano-docs.github.io/0.4/getting-started/content/ch04s02.html'>
Getting Started Guide</link>
</para>
</note>
</para>
<section xml:id="prerequisites">
<title>Pre-Requisites</title>
<para>Murano supports the following operating systems:</para>
<orderedlist>
<listitem>
<para>Ubuntu 12.04</para>
</listitem>
<listitem>
<para>RHEL/CentOS 6.4</para>
</listitem>
</orderedlist>
<para>These system packages are required for Murano:</para>
<para><emphasis>Ubuntu</emphasis></para>
<orderedlist>
<listitem>
<para>gcc</para>
</listitem>
<listitem>
<para>python-pip</para>
</listitem>
<listitem>
<para>python-dev</para>
</listitem>
<listitem>
<para>libxml2-dev</para>
</listitem>
<listitem>
<para>libxslt-dev</para>
</listitem>
<listitem>
<para>libffi-dev</para>
</listitem>
</orderedlist>
<para>
<emphasis>CentOS</emphasis>
</para>
<orderedlist>
<listitem>
<para>gcc</para>
</listitem>
<listitem>
<para>python-pip</para>
</listitem>
<listitem>
<para>python-devel</para>
</listitem>
<listitem>
<para>libxml2-devel</para>
</listitem>
<listitem>
<para>libxslt-devel</para>
</listitem>
<listitem>
<para>libffi-devel</para>
</listitem>
</orderedlist>
<para>
All these packages will be installed in murano-installation scripts. In addition to these packages some repositories are required.
Please follow the instructions in <link linkend="Appendix">the appendix</link> to prepare your environment for murano installation.
</para>
</section>
<section>
<title>Murano API Service</title>
<para>Murano API provides access to the Murano orchestration engine via API.</para>
<para>This chapter describes the procedure of installation and configuration of Murano API. </para>
<section>
<title>Install</title>
<itemizedlist spacing="compact">
<listitem>
<para>Superuser privileges is required to install and configure system packages. Let's switch to root account:</para>
<programlisting>
<![CDATA[
sudo su -
]]>
</programlisting>
</listitem>
<listitem>
<para>Make sure that additional linux repositories are installed. See <link linkend="Appendix">the appendix</link> for information about preparing a virtual machine for murano installation.
</para>
</listitem>
<listitem>
<para>Clone Murano API git repository:</para>
<programlisting>
<![CDATA[
git clone https://github.com/stackforge/murano-api
]]>
</programlisting>
<para>Stable version one of our releases can be checked by the tag:</para>
<programlisting>
cd murano-api &amp;&amp; git checkout 0.4
</programlisting>
</listitem>
<listitem>
<para>And perform installation:</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup.sh install
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup-centos.sh install
]]>
</programlisting>
</listitem>
<listitem>
<para>Successful installation ends with message like this:</para>
<programlisting>
<![CDATA[
Successfully installed muranoapi
Cleaning up...
LOG:> Making sample configuration files at "/etc/murano"
LOG:> Reloading initctl
LOG:> Please, make proper configuration,located at "/etc/murano", before starting the "murano-api" daemon!
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
<section xml:id="configure_api">
<title>Configure</title>
<itemizedlist spacing="compact">
<listitem>
<para>Copy and edit configuration files:</para>
<programlisting>
<![CDATA[
cd /etc/murano
cp murano-api.conf.sample murano-api.conf
cp murano-api-paste.ini.sample murano-api-paste.ini
]]>
</programlisting>
</listitem>
<listitem>
<para>Configure <filename>murano-api.conf</filename> according to your environment:
<itemizedlist>
<listitem>
<para><emphasis>[DEFAULT]</emphasis> section sets up logging.
</para>
</listitem>
<listitem>
<para><emphasis>[database]</emphasis>sets database connection.
</para>
</listitem>
<listitem>
<para><emphasis>[reports]</emphasis> section defines names of RabbitMQ queues.
This naming should correspond to a similar parameter in conductor config file.
</para>
</listitem>
<listitem>
<para>In <emphasis>[rabbitmq]</emphasis>
section you can set up host configuration where rabbitMQ
with just created user and vhost is running. If you consider to use Murano in production it's better to use separate vhosts in RabbitMQ.
To add new vhost and user with administrator rights perform:
</para>
<programlisting>
<![CDATA[
rabbitmqctl add_user muranouser murano
rabbitmqctl set_user_tags muranouser administrator
rabbitmqctl add_vhost muranovhost
rabbitmqctl set_permissions -p muranovhost muranouser ".*" ".*" ".*"
]]>
</programlisting>
</listitem>
<listitem>
<para><emphasis>[ssl]</emphasis> sets up SSL parameters - paths to required files in case of ssl connection.
For more information how to configure SSL take a look at <link linkend="ssl"> SSL configuration chapter </link>
</para>
</listitem>
<listitem>
<para>In <emphasis>[keystone_authtoken]</emphasis>
configure parameters of Openstack Keystone service. For more information see
<link xlink:href="http://docs.openstack.org/developer/keystone/configuringservices.html">
Auth-Token Middleware with Username and Password
</link>
</para>
</listitem>
<listitem>
<para>
Another murano-api configuration file located at
<filename>/etc/murano/murano-api-paste.ini</filename> and does
not require any changes.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<anchor xml:id="murano_api_endpoint"></anchor>
<para>Register murano-api service in Openstack. To do that perform the following commands:</para>
<note><para>You need to be authorized in Openstack to run this commands</para></note>
<programlisting>
<![CDATA[
$ keystone service-create --name muranoapi --type murano --description "Murano-Api Service"
$ keystone endpoint-create
--region RegionOne
--service-id The ID field returned by the keystone service-create
--publicurl http://x.x.x.x:8082 (where x.x.x.x - host ip where murano-api installed)
--internalurl the same as publicurl
--adminurl the same as publicurl
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
<section>
<title>Run</title>
<itemizedlist>
<listitem>
<para>Run Murano API service:</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
service murano-api start
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
initctl start murano-api
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Conductor Service</title>
<para>Conductor is a Murano orchestration engine that transforms object model sent by REST API service into
a series of Heat and Murano-Agent commands.
</para>
<para>This chapter describes Conductor for contributors of the project.</para>
<section>
<title>Install</title>
<itemizedlist spacing="compact">
<listitem>
<para>Murano Conductor uses OpenStack Heat for new virtual machines creation, therefore Heat should
been installed and configured. Some services require the Internet access for virtual machines to
successful deployment.
</para>
<para>The detailed information about Heat configuration is described
<link xlink:href="http://docs.openstack.org/developer/heat/getting_started/index.html">here.
</link>
</para>
</listitem>
<listitem>
<para>OpenStack Heat requires Key Pair for Load Balancer instances.
Murano Conductor uses LoadBalancer for IIS Farms and ASP.NET Farms.
</para>
</listitem>
<listitem>
<para>Superuser privileges is required to install and configure system packages. Let's switch to root account:</para>
<programlisting>
<![CDATA[
sudo su -
]]>
</programlisting>
</listitem>
<listitem>
<para>Make sure that additional repositories are installed.
See
<link linkend="Appendix">the appendix</link>
for information about preparing a virtual machine for murano installation.
</para>
</listitem>
<listitem>
<para>Clone Murano Conductor repository from the github.</para>
<programlisting>
<![CDATA[
git clone https://github.com/stackforge/murano-conductor
]]>
</programlisting>
<para>Stable version one of our releases can be checked out by tag: </para>
<programlisting>
cd murano-conductor &amp;&amp; git checkout 0.4
</programlisting>
</listitem>
<listitem>
<para>And then perform installation</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup.sh install
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup-centos.sh install
]]>
</programlisting>
</listitem>
</itemizedlist >
</section>
<section xml:id="configure_conductor">
<title>Configure</title>
<itemizedlist spacing="compact">
<listitem>
<para>Copy example of the configuration file:</para>
<programlisting>
<![CDATA[
cd /etc/murano
cp conductor.conf.sample conductor.conf
]]>
</programlisting>
</listitem>
<listitem>
<para>Configure <filename>conductor.conf</filename> file according to your environment.
<itemizedlist >
<listitem>
<para><emphasis>[DEFAULT]</emphasis> section is responsible for logging.
</para>
</listitem>
<listitem>
<para><emphasis>[keystone]</emphasis> defines where kestone is located.
</para>
</listitem>
<listitem>
<para><emphasis>[heat]</emphasis>points where heat is running.
</para>
</listitem>
<listitem>
<para><emphasis>[neutron]</emphasis> sets up parameters for interconnection with neutron.
</para>
</listitem>
<listitem>
<para><emphasis>[rabbitmq]</emphasis>section points where your rabbitMQ installed and
configured.
</para>
</listitem>
</itemizedlist>
</para>
<programlisting>
[DEFAULT]
# Path where log will be written
log_file = /tmp/conductor.log
# Log verbosity
debug=True
verbose=True
# Provide directory with initialization scripts
init_scripts_dir = etc/init-scripts
# Provide directory with agent configs
agent_config_dir = etc/agent-config
# Directory for data cache, OS temp directory is used by default
#data_dir = /tmp/muranoconductor-cache
# Provide url to Murano Metadata repository
# Comment this line if you registered murano-metadata in keystone catalog
murano_metadata_url = http://localhost:8084/v1
# Maximum number of environments that can be processed simultaneously
max_environments = 20
# Maximum number of VMs per environment
max_hosts = 250
# Template IP address for generating environment subnet cidrs
env_ip_template = 10.0.0.0
# Enforces default network topology.
# Allowed values: nova, flat, routed
# default is routed
network_topology = routed
[keystone]
# URL of OpenStack KeyStone service REST API.
# Typically only hostname (or IP) needs to be changed
auth_url = http://localhost:5000/v2.0
# Keystone SSL parameters
# Optional CA cert file to use in SSL connections
#ca_file =
# Optional PEM-formatted certificate chain file
#cert_file =
# Optional PEM-formatted file that contains the private key
#key_file =
# If set then the server's certificate will not be verified
insecure = False
[heat]
# Heat SSL parameters
# Optional CA cert file to use in SSL connections
#ca_file =
# Optional PEM-formatted certificate chain file
#cert_file =
# Optional PEM-formatted file that contains the private key
#key_file =
# If set then the server's certificate will not be verified
insecure = False
# Valid endpoint types: publicURL (default), internalURL, adminURL
endpoint_type = publicURL
[neutron]
# Optional CA cert file to use in SSL connections
#ca_cert =
# Allow self signed server certificate
insecure = False
# Valid endpoint types: publicURL (default), internalURL, adminURL
endpoint_type = publicURL
[rabbitmq]
# Connection parameters to RabbitMQ service
# Hostname or IP address where RabbitMQ is located.
# !!! Change localhost to your real IP or hostname as this address must be reachable from VMs !!!
host = localhost
# RabbitMQ port (5672 is a default)
port = 5672
# Use SSL for RabbitMQ connections (True or False)
ssl = False
# Path to SSL CA certificate or empty to allow self signed server certificate
#ca_certs =
# RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password.
# It is recommended to create dedicated user account for Murano using RabbitMQ web console or command line utility
login = guest
password = guest
# RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured.
# It is recommended to create dedicated vhost for Murano using RabbitMQ web console or command line utility
virtual_host = /
</programlisting>
</listitem>
</itemizedlist>
</section>
<section>
<title>Run</title>
<itemizedlist>
<listitem>
<para>Run Murano Conductor service:</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
service murano-conductor start
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
initctl start murano-conductor
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Murano Repository Service</title>
<para>Murano Repository provides access to metadata for Murano Conductor and Murano Dashboard.
It also allows to manage metadata objects via API.</para>
<para>This chapter describes the procedure of installation and configuration of Murano Repository.</para>
<section>
<title>Install</title>
<itemizedlist spacing="compact">
<listitem>
<para>Superuser privileges is required to install and configure system packages. Let's switch to root account:</para>
<programlisting>
<![CDATA[
sudo su -
]]>
</programlisting>
</listitem>
<listitem>
<para>Make sure that additional linux repositories are installed. See <link linkend="Appendix">the appendix</link> for information about preparing a virtual machine for murano installation.
</para>
</listitem>
<listitem>
<para>Clone Murano Repository from git:</para>
<programlisting>
<![CDATA[
git clone https://github.com/stackforge/murano-repository
]]>
</programlisting>
<para>Stable version one of our releases can be checked by the tag:</para>
<programlisting>
cd murano-repository &amp;&amp; git checkout 0.4
</programlisting>
</listitem>
<listitem>
<para>And perform installation:</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup.sh install
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup-centos.sh install
]]>
</programlisting>
</listitem>
<listitem>
<para>Successful installation ends with message like this:</para>
<programlisting>
<![CDATA[
Successfully installed muranorepository
Cleaning up...
LOG:> Making sample configuration files at "/etc/murano"
LOG:> Reloading initctl
LOG:> Please, make proper configuration,located at "/etc/murano", before starting the "murano-repository" daemon!
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
<section xml:id="configure_repository">
<title>Configure</title>
<itemizedlist spacing="compact">
<listitem>
<para>Copy and edit configuration files:</para>
<programlisting>
<![CDATA[
cd /etc/murano
cp murano-repository.conf.sample murano-repository.conf
]]>
</programlisting>
</listitem>
<listitem>
<para>Configure <filename>murano-repository.conf</filename> according to your environment:
<itemizedlist>
<listitem>
<para><emphasis>[DEFAULT]</emphasis> section sets up main server parameters: port and address.
Folder to store cache and logging parameters also defines in this section.
<itemizedlist>
<listitem>
<para><emphasis>manifests</emphasis> parameter points out to directory with metadata objects: manifests should be on the first level.
All other objects are kept in a separates folders. This folders are configured in the parameters described below:</para>
</listitem>
<listitem><para><emphasis>ui</emphasis> sets up directory name for keeping Murano dashboard ui definitions</para></listitem>
<listitem><para><emphasis>workflows</emphasis> sets up directory name for keeping Murano Conductor workflows</para> </listitem>
<listitem><para><emphasis>heat</emphasis> sets up directory name for keeping Heat templates</para></listitem>
<listitem><para><emphasis>agent</emphasis>sets up directory name for keeping Murano Agent templates</para></listitem>
<listitem><para><emphasis>scripts</emphasis> sets up directory name for keeping Murano Execution Plans</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para><emphasis>[output]</emphasis> defines result archive structure.
This parameters applies to archive structure that clients (Murano Conductor) request from Metadata Repository.
</para>
</listitem>
<listitem>
<para>In <emphasis>[keystone]</emphasis>
configure parameters of Openstack Keystone service. For more information see
<link xlink:href="http://docs.openstack.org/developer/keystone/configuringservices.html">
Auth-Token Middleware with Username and Password
</link>
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<anchor xml:id="murano_repository_endpoint"></anchor>
<para>Register murano-repository service in Openstack. To do that perform the following commands:</para>
<note><para>You need to be authorized in Openstack to run this commands</para></note>
<programlisting>
<![CDATA[
$ keystone service-create --name murano-metadata --type murano-metadata --description "Murano-Repository Service"
$ keystone endpoint-create
--region RegionOne
--service-id The ID field returned by the keystone service-create
--publicurl http://x.x.x.x:8084/v1 (where x.x.x.x - host ip where murano-api installed,
8084 - port number, also can be changed,
v1 - metadata API version)
--internalurl the same as publicurl
--adminurl the same as publicurl
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
<section>
<title>Run</title>
<itemizedlist>
<listitem>
<para>Run Murano Repository service:</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
service murano-repository start
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
initctl start murano-repository
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Murano Dashboard</title>
<para>Murano Dashboard provides Web UI for Murano Project.</para>
<warning>
<para>This installation is not capable with Horizon installed by devstack</para>
</warning>
<section>
<title>Install</title>
<itemizedlist>
<listitem>
<para>Superuser privileges is required to install and configure system packages. Let's switch to root account:</para>
<programlisting>
<![CDATA[
sudo su -
]]>
</programlisting>
</listitem>
<listitem>
<para>Make sure that additional repositories are installed and your system is updated and upgraded.
Please check from with steps in the <link linkend="Appendix">appendix</link>.
</para>
</listitem>
<listitem>
<para>If there is no openstack dashboard package in your environment install it now with all dependencies.
Deleting an Ubuntu theme is an optional step but recommended. In Centos open up the firewall ports for HTTP.</para>
<note>
<para>
Horizon installed by devstack is not capable for a murano installation.
</para>
</note>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
apt-get install memcached libapache2-mod-wsgi openstack-dashboard
dpkg --purge openstack-dashboard-ubuntu-theme
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
yum install make gcc memcached python-memcached \
mod_wsgi openstack-dashboard python-netaddr.noarch
#> lokkit -p http:tcp
#> lokkit -p https:tcp
</programlisting>
</listitem>
<listitem>
<para>Clone Murano Dashboard repository from the github:</para>
<programlisting>
<![CDATA[
git clone https://github.com/stackforge/murano-dashboard
]]>
</programlisting>
</listitem>
<listitem>
<para>Stable version one of our releases can be checked out by tag:
</para>
<programlisting>
cd murano-dashboard &amp;&amp; git checkout 0.4
</programlisting>
</listitem>
<listitem>
<para>Switch to just created directory and run installation script</para>
<para>
<emphasis>Ubuntu</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup.sh install
]]>
</programlisting>
<para>
<emphasis>CentOS</emphasis>
</para>
<programlisting>
<![CDATA[
sh setup-centos.sh install
]]>
</programlisting>
</listitem>
</itemizedlist>
</section>
<section xml:id="configure_dashboard">
<title>Configure</title>
<itemizedlist spacing="compact">
<listitem>
<para>
Murano installation script makes all needed changes in horizon (openstack dashboard) configs.
All you have to do is to configure horizon in appropriate way. Set OPENSTACK_HOST in your
horizon local settings which located in
<filename>/etc/openstack-dashboard/local_settings.py.</filename>.
<link xlink:href="http://docs.openstack.org/developer/horizon/">
For more information visit official horizon documentation. </link>
</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>Run</title>
<para>
Since all required settings are made Apache service need to be restarted to apply all changes.
</para>
<itemizedlist>
<listitem>
<para>
<emphasis>Ubuntu</emphasis>
<programlisting>
# service apache2 restart
</programlisting>
</para>
</listitem>
<listitem>
<para>
<emphasis>CentOS</emphasis>
<programlisting>
# service httpd restart
</programlisting>
</para>
</listitem>
<listitem>
<para>
Check that "Environments" panel appears at the horizon "Project" tab.
To see how to operate with Murano dashboard plugin check out
<link xlink:href="http://murano-docs.github.io/latest/user-guide/content/ch01.html">
Murano User Guide.
</link>
</para>
</listitem>
</itemizedlist>
</section>
</section>
<section xml:id="ssl">
<title>SSL configuration</title>
<para>
Murano components are able to work with SSL. This chapter will
help your to make proper settings with SSL configuration.
</para>
<section>
<title>HTTPS for Murano API</title>
<para>
SSL for Murano API service can be configured in <emphasis>ssl</emphasis> section in
<filename>/etc/murano/murano-api.conf</filename>. Just point to a valid SSL certificate.
See the example below:
</para>
<programlisting>
<![CDATA[
[ssl]
cert_file = PATH
key_file = PATH
ca_file = PATH
]]>
</programlisting>
<itemizedlist>
<listitem>
<para>
<emphasis>cert_file=PATH:</emphasis>
Path to the certificate file the server should use when binding to an SSL-wrapped socket.
</para>
</listitem>
<listitem>
<para>
<emphasis>key_file=PATH:</emphasis> Path to the private key file the server should
use when binding to an SSL-wrapped socket.
</para>
</listitem>
<listitem>
<para>
<emphasis>ca_file=PATH:</emphasis>
Path to the CA certificate file the server should use to validate
client certificates provided during an SSL handshake. This is
ignored if cert_file and "key_file" are not set.
</para>
</listitem>
</itemizedlist>
<para>
The use of SSL is automatically started after point to HTTPS protocol instead of HTTP during registration Murano API service in endpoints
(Change publicurl argument to start with https://). See <link linkend="murano_api_endpoint">here</link>
how to register Murano API in Openstack Keystone.
</para>
<simpara>
SSL for Murano API is implemented like in any other Openstack component.
This realization is based on ssl python module so more information about it can be found
<link xlink:href="http://docs.python.org/2/library/ssl.html"> here.</link>
</simpara>
</section>
<section>
<title>SSL for RabbitMQ</title>
<para>
All Murano components communicate with each other
by RabbitMQ. This interaction can be encrypted with SSL. By
default all messages in Rabbit MQ are not encrypted.
Each RabbitMQ Exchange should be configured separately.
</para>
<para><emphasis role="bold">Murano API -> Rabbit MQ exchange</emphasis></para>
<para>
Edit <emphasis>rabbitmq</emphasis> section in <filename>/etc/murano/murano-api.conf</filename>
and set ssl option to True to enable SSL. Specify the path to the
SSL CA certificate in regular format: /path/to/file without quotes or leave it empty to allow
self-signed certificates.
</para>
<programlisting>
<![CDATA[
[rabbitmq]
# Use SSL for RabbitMQ connections (True or False)
ssl = True
# Path to SSL CA certificate or empty to allow self signed server certificate
ca_certs =
]]>
</programlisting>
<para><emphasis role="bold">Rabbit MQ -> Murano Conductor exchange</emphasis></para>
<para>
Open <emphasis>/etc/murano/conductor.conf</emphasis>
and configure <emphasis>rabbitmq</emphasis> section in the same way:
enable ssl option to True and set CA certificate path or leave it empty to allow
self-signed certificates.
</para>
<programlisting>
<![CDATA[
[rabbitmq]
# Use SSL for RabbitMQ connections (True or False)
ssl = True
# Path to SSL CA certificate or empty to allow self signed server certificate
ca_certs = /home/user/certificates/example.crt
]]>
</programlisting>
<para><emphasis role="bold">
Murano Agent -> Rabbit MQ exchange</emphasis>
</para>
<para>
By default all Murano Conductor configuration settings apply to Murano Agent.
If you want to configure Murano Agent in a different way change the default template. It can be found
here:<emphasis>/etc/murano/data/templates/agent-config/Default.template.</emphasis>
Take a look at appSettings section:
</para>
<programlisting>
<![CDATA[
<appSettings>
<add key="rabbitmq.host" value="%RABBITMQ_HOST%"/>
<add key="rabbitmq.port" value="%RABBITMQ_PORT%"/>
<add key="rabbitmq.user" value="%RABBITMQ_USER%"/>
<add key="rabbitmq.password"
value="%RABBITMQ_PASSWORD%"/>
<add key="rabbitmq.vhost" value="%RABBITMQ_VHOST%"/>
<add key="rabbitmq.inputQueue"
value="%RABBITMQ_INPUT_QUEUE%"/>
<add key="rabbitmq.resultExchange" value=""/>
<add key="rabbitmq.resultRoutingKey"
value="%RESULT_QUEUE%"/>
<add key="rabbitmq.durableMessages" value="true"/>
<add key="rabbitmq.ssl" value="%RABBITMQ_SSL%"/>
<add key="rabbitmq.allowInvalidCA" value="true"/>
<add key="rabbitmq.sslServerName" value=""/>
</appSettings>
]]>
</programlisting>
<para>
Desired parameter should be set directly to the value of the key
that you want to change. Quotes are need to be kept.
Thus you can change "rabbitmq.ssl" and "rabbitmq.port" values to
make Rabbit MQ work with this exchange in a different from
Murano-Conductor way.
</para>
</section>
<section>
<title>SSL for Murano Dashboard</title>
<para>
If you are going not to use self-signed certificates additional configuration do not need to be done.
Just point https in the URL. Otherwise, set <emphasis>MURANO_API_INSECURE = True</emphasis> on horizon config.
You can find it in <filename>/etc/openstack-dashboard/local_settings.py.</filename>.
</para>
</section>
</section>
</section>
</chapter>
View Git Blame Copy Permalink