Documentation update
Fix formatting so it is better represented on jujucharms.com. Add reference to the deployment guide. Change-Id: I62440b0f4359bdd47c3493e2f4335866e796bc97
This commit is contained in:
parent
a562b391bd
commit
12f73f43d1
|
@ -6,18 +6,16 @@ OpenStack Rocky or later is required.
|
|||
|
||||
# Usage
|
||||
|
||||
Octavia relies on services from a fully functional OpenStack Cloud and expects
|
||||
to be able to add images to glance, create networks in Neutron, store
|
||||
certificate secrets in Barbican (preferably utilizing a Vault backend) and spin
|
||||
up instances with Nova.
|
||||
Octavia and the Octavia charm relies on services from a fully functional OpenStack Cloud and expects to be able to consume images from glance, create networks in Neutron, consume certificate secrets from Barbican (preferably utilizing a Vault backend) and spin up instances with Nova.
|
||||
|
||||
A example overlay bundle to be used in conjunction with the
|
||||
[OpenStack Base bundle](https://jujucharms.com/openstack-base/) can be found
|
||||
[here](https://github.com/openstack-charmers/openstack-bundles/blob/master/stable/overlays/loadbalancer-octavia.yaml)
|
||||
There is a [overlay bundle](https://github.com/openstack-charmers/openstack-bundles/blob/master/stable/overlays/loadbalancer-octavia.yaml) to be used in conjunction with the [OpenStack Base bundle](https://jujucharms.com/openstack-base/).
|
||||
|
||||
Please refer to the [Octavia LBaaS](https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-octavia.html) section of the [OpenStack Charms Deployment Guide](https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/index.html)
|
||||
|
||||
## Required configuration
|
||||
|
||||
After the deployment is complete and has settled, you must run the `configure-resources` action on the lead unit.
|
||||
|
||||
This will prompt it to configure required resources in the deployed cloud for Octavia to operate.
|
||||
|
||||
You must also configure certificates for internal communication between the controller and its load balancer instances.
|
||||
|
@ -34,17 +32,23 @@ Excerpt from the upstream [operator maintenance guide](https://docs.openstack.or
|
|||
> * Amphora certificate: Presented to control plane processes to prove amphora identity.
|
||||
|
||||
The charm represents this with the following mandatory configuration options:
|
||||
* `lb-mgmt-issuing-cacert`
|
||||
* `lb-mgmt-issuing-ca-private-key`
|
||||
* `lb-mgmt-issuing-ca-key-passphrase`
|
||||
* `lb-mgmt-controller-cacert`
|
||||
* `lb-mgmt-controller-cert`
|
||||
|
||||
- `lb-mgmt-issuing-cacert`
|
||||
|
||||
- `lb-mgmt-issuing-ca-private-key`
|
||||
|
||||
- `lb-mgmt-issuing-ca-key-passphrase`
|
||||
|
||||
- `lb-mgmt-controller-cacert`
|
||||
|
||||
- `lb-mgmt-controller-cert`
|
||||
|
||||
You must issue/request certificates that meets your organizations requirements.
|
||||
|
||||
__NOTE__ It is important not to use the same CA certificate for both `lb-mgmt-issuing-cacert` and `lb-mgmt-controller-cacert` configuration options. Failing to keep them separate may lead to abuse of certificate data to gain access to other ``Amphora`` instances in the event one of them is compromised.
|
||||
|
||||
To get you started we include an example of generating your own certificates:
|
||||
|
||||
mkdir -p demoCA/newcerts
|
||||
touch demoCA/index.txt
|
||||
touch demoCA/index.txt.attr
|
||||
|
@ -73,6 +77,7 @@ To get you started we include an example of generating your own certificates:
|
|||
cat controller_cert.pem controller_key.pem > controller_cert_bundle.pem
|
||||
|
||||
To apply the configuration execute:
|
||||
|
||||
juju config octavia \
|
||||
lb-mgmt-issuing-cacert="$(base64 controller_ca.pem)" \
|
||||
lb-mgmt-issuing-ca-private-key="$(base64 controller_ca_key.pem)" \
|
||||
|
@ -82,12 +87,9 @@ To apply the configuration execute:
|
|||
|
||||
## Optional resource configuration
|
||||
|
||||
By executing the `configure-resources` action the charm will create the resources
|
||||
required for operation of the Octavia service. If you want to manage these
|
||||
resources yourself you must set the `create-mgmt-network` configuration option to False.
|
||||
By executing the `configure-resources` action the charm will create the resources required for operation of the Octavia service. If you want to manage these resources yourself you must set the `create-mgmt-network` configuration option to False.
|
||||
|
||||
You can at any time use the `configure-resources` action to prompt immediate resource
|
||||
discovery.
|
||||
You can at any time use the `configure-resources` action to prompt immediate resource discovery.
|
||||
|
||||
To let the charm discover the resources and apply the appropriate configuration
|
||||
to Octavia, you must use [Neutron resource tags](https://docs.openstack.org/neutron/latest/contributor/internals/tag.html).
|
||||
|
@ -95,13 +97,13 @@ to Octavia, you must use [Neutron resource tags](https://docs.openstack.org/neut
|
|||
The UUID of the Nova flavor you want to use must be set with the
|
||||
`custom-amp-flavor-id` configuration option.
|
||||
|
||||
| Resource type | Tag | Note |
|
||||
| ------------------------- | -------------------- | ------------------------ |
|
||||
| Neutron Network | charm-octavia | |
|
||||
| Neutron Subnet | charm-octavia | |
|
||||
| Neutron Router | charm-octavia | |
|
||||
| `Amphora` Security Group | charm-octavia | |
|
||||
| Controller Security Group | charm-octavia-health | |
|
||||
| Resource type | Tag | Description |
|
||||
| ------------------------- | -------------------- | --------------------------------------------------------- |
|
||||
| Neutron Network | charm-octavia | Management network |
|
||||
| Neutron Subnet | charm-octavia | Management network subnet |
|
||||
| Neutron Router | charm-octavia | (Optional) Router for IPv6 RA or north/south mgmt traffic |
|
||||
| `Amphora` Security Group | charm-octavia | Security group for Amphora ports |
|
||||
| Controller Security Group | charm-octavia-health | Security group for Controller ports |
|
||||
|
||||
# Bugs
|
||||
|
||||
|
|
|
@ -4,16 +4,16 @@ maintainer: OpenStack Charmers <openstack-charmers@lists.ubuntu.com>
|
|||
description: |
|
||||
Octavia is an open source, operator-scale load balancing solution designed to
|
||||
work with OpenStack.
|
||||
.
|
||||
|
||||
Octavia was borne out of the Neutron LBaaS project. Octavia has become the
|
||||
reference implementation for Neutron LBaaS version 2.
|
||||
.
|
||||
|
||||
Octavia accomplishes its delivery of load balancing services by managing a
|
||||
fleet of virtual machines, containers, or bare metal servers collectively
|
||||
known as amphorae which it spins up on demand. This on-demand, horizontal
|
||||
scaling feature differentiates Octavia from other load balancing solutions,
|
||||
thereby making Octavia truly suited "for the cloud."
|
||||
.
|
||||
|
||||
OpenStack Rocky or later is required.
|
||||
tags:
|
||||
- openstack
|
||||
|
|
Loading…
Reference in New Issue