docs.openstack.org Cloud Administrator Guide May 1, 2015 current OpenStack Cloud Administrator Guide current (2015-05-01) Copyright © 2013-2015 OpenStack Foundation Some rights reserved. OpenStack offers open source software for cloud administrators to manage and troubleshoot an Open- Stack cloud. This guide documents OpenStack Kilo, OpenStack Juno, and OpenStack Icehouse releases. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Except where otherwise noted, this document is licensed under Creative Commons Attribution ShareAlike 3.0 License. http://creativecommons.org/licenses/by-sa/3.0/legalcode ii Cloud Administrator Guide May 1, 2015 current Table of Contents Preface ........................................................................................................................... ix Conventions ............................................................................................................ ix Document change history ....................................................................................... ix 1. Get started with OpenStack ........................................................................................ 1 Conceptual architecture .......................................................................................... 2 Logical architecture ................................................................................................. 3 OpenStack services .................................................................................................. 4 Feedback ............................................................................................................... 18 2. Identity management ................................................................................................ 19 Identity concepts ................................................................................................... 19 Certificates for PKI ................................................................................................ 25 Configure the Identity Service with SSL .................................................................. 28 External authentication with Identity .................................................................... 29 Integrate Identity with LDAP ................................................................................. 29 Configure Identity service for token binding .......................................................... 39 Use trusts .............................................................................................................. 40 Caching layer ........................................................................................................ 40 User CRUD ............................................................................................................ 42 Logging ................................................................................................................. 43 Start the Identity services ...................................................................................... 44 Example usage ...................................................................................................... 44 Authentication middleware with user name and password .................................... 45 Identity API protection with role-based access control (RBAC) ................................ 46 Troubleshoot the Identity service ........................................................................... 49 3. Dashboard ................................................................................................................ 52 Customize the dashboard ...................................................................................... 52 Set up session storage for the dashboard .............................................................. 54 4. Compute ................................................................................................................... 59 System architecture ............................................................................................... 59 Images and instances ............................................................................................ 65 Networking with nova-network ............................................................................. 72 System administration ........................................................................................... 88 Troubleshoot Compute ........................................................................................ 127 5. Object Storage ........................................................................................................ 132 Introduction to Object Storage ............................................................................ 132 Features and benefits .......................................................................................... 132 Object Storage characteristics .............................................................................. 133 Components ........................................................................................................ 134 Ring-builder ......................................................................................................... 140 Cluster architecture ............................................................................................. 143 Replication .......................................................................................................... 146 Account reaper ................................................................................................... 147 Configure tenant-specific image locations with Object Storage ............................. 148 Object Storage monitoring .................................................................................. 148 System administration for Object Storage ............................................................ 152 Troubleshoot Object Storage ............................................................................... 152 6. Block Storage .......................................................................................................... 156 Introduction to Block Storage .............................................................................. 156 iii Cloud Administrator Guide May 1, 2015 current Increase Block Storage API service throughput ..................................................... 157 Manage volumes ................................................................................................. 157 Troubleshoot your installation ............................................................................. 190 7. Networking ............................................................................................................. 201 Introduction to Networking ................................................................................. 201 Plug-in configurations .......................................................................................... 207 Configure neutron agents ................................................................................... 212 Networking architecture ...................................................................................... 220 Configure Identity Service for Networking ........................................................... 225 Networking scenarios .......................................................................................... 229 Advanced configuration options .......................................................................... 251 Scalable and highly available DHCP agents ........................................................... 257 Use Networking .................................................................................................. 266 Advanced features through API extensions .......................................................... 273 Advanced operational features ............................................................................ 290 Authentication and authorization ........................................................................ 292 Plug-in pagination and sorting support ................................................................ 296 8. Telemetry ................................................................................................................ 297 Introduction ........................................................................................................ 297 System architecture ............................................................................................. 298 Data collection .................................................................................................... 300 Data retrieval ...................................................................................................... 314 Alarms ................................................................................................................. 322 Measurements ..................................................................................................... 326 Events ................................................................................................................. 341 Troubleshoot Telemetry ....................................................................................... 344 9. Database ................................................................................................................. 346 Introduction ........................................................................................................ 346 Create a datastore .............................................................................................. 346 Configure a cluster .............................................................................................. 350 10. Orchestration ......................................................................................................... 351 Introduction ........................................................................................................ 351 Orchestration authorization model ...................................................................... 351 Stack domain users .............................................................................................. 353 A. Community support ................................................................................................ 356 Documentation ................................................................................................... 356 ask.openstack.org ................................................................................................ 357 OpenStack mailing lists ........................................................................................ 357 The OpenStack wiki ............................................................................................. 357 The Launchpad Bugs area ................................................................................... 358 The OpenStack IRC channel ................................................................................. 359 Documentation feedback .................................................................................... 359 OpenStack distribution packages ......................................................................... 359 iv Cloud Administrator Guide May 1, 2015 current List of Figures 1.1. OpenStack conceptual architecture ........................................................................... 2 1.2. Logical architecture .................................................................................................. 3 4.1. Base image state with no running instances ............................................................ 66 4.2. Instance creation from image and runtime state ..................................................... 66 4.3. End state of image and volume after instance exits ................................................. 67 4.4. multinic flat manager ............................................................................................. 84 4.5. multinic flatdhcp manager ...................................................................................... 84 4.6. multinic VLAN manager .......................................................................................... 85 4.7. noVNC process ..................................................................................................... 112 4.8. Trusted compute pool .......................................................................................... 121 5.1. Object Storage (swift) ........................................................................................... 134 5.2. Object Storage building blocks .............................................................................. 135 5.3. The ring ............................................................................................................... 136 5.4. Zones ................................................................................................................... 137 5.5. Accounts and containers ....................................................................................... 137 5.6. Partitions .............................................................................................................. 138 5.7. Replication ............................................................................................................ 138 5.8. Object Storage in use ........................................................................................... 140 5.9. Object Storage architecture .................................................................................. 144 5.10. Object Storage (swift) ......................................................................................... 145 7.1. FWaaS architecture ............................................................................................... 204 7.2. Tenant and provider networks .............................................................................. 223 7.3. VMware NSX deployment example - two Compute nodes ..................................... 224 7.4. VMware NSX deployment example - single Compute node .................................... 225 7.5. Example VXLAN tunnel ......................................................................................... 239 v Cloud Administrator Guide May 1, 2015 current List of Tables 1.1. OpenStack services ................................................................................................... 1 1.2. Storage types ........................................................................................................... 8 4.1. Description of IPv6 configuration options ............................................................... 77 4.2. Description of metadata configuration options ....................................................... 80 4.3. Identity Service configuration file sections ............................................................... 90 4.4. rootwrap.conf configuration options .................................................................... 104 4.5. .filters configuration options ................................................................................. 104 4.6. Description of live migration configuration options ............................................... 107 4.7. Description of VNC configuration options ............................................................. 113 4.8. Description of SPICE configuration options ............................................................ 116 4.9. Description of Zookeeper configuration options .................................................... 118 4.10. Description of trusted computing configuration options ...................................... 120 5.1. Description of configuration options for [drive-audit] in drive- audit.conf .............................................................................................................. 153 6.1. Image settings reported by glance image-list for image ID .................................... 195 7.1. Networking resources ........................................................................................... 201 7.2. LBaaS features ...................................................................................................... 203 7.3. Available networking plug-ins ............................................................................... 206 7.4. Plug-in compatibility with Compute drivers ............................................................ 207 7.5. Basic operations on Networking agents ................................................................ 220 7.6. Networking agents ............................................................................................... 221 7.7. General distinct physical data center networks ...................................................... 222 7.8. nova.conf API and credential settings ................................................................... 227 7.9. nova.conf security group settings .......................................................................... 228 7.10. nova.conf metadata settings ............................................................................... 228 7.11. Settings .............................................................................................................. 252 7.12. Settings .............................................................................................................. 253 7.13. Settings .............................................................................................................. 253 7.14. Settings .............................................................................................................. 255 7.15. Hosts for demo ................................................................................................... 258 7.16. API abstractions .................................................................................................. 267 7.17. Network attributes ............................................................................................. 268 7.18. Subnet attributes ................................................................................................ 268 7.19. Port attributes .................................................................................................... 269 7.20. Basic Networking operations ............................................................................... 269 7.21. Advanced Networking operations ....................................................................... 271 7.22. Basic Compute and Networking operations ......................................................... 272 7.23. Advanced VM creation operations ...................................................................... 272 7.24. Provider extension terminology ........................................................................... 274 7.25. Provider network attributes ................................................................................ 275 7.26. Router ................................................................................................................ 277 7.27. Floating IP .......................................................................................................... 277 7.28. Basic L3 operations ............................................................................................. 278 7.29. Security group attributes .................................................................................... 279 7.30. Security group rules ............................................................................................ 279 7.31. Basic security group operations ........................................................................... 280 7.32. Firewall rules ....................................................................................................... 282 7.33. Firewall policies ................................................................................................... 283 vi Cloud Administrator Guide May 1, 2015 current 7.34. Firewalls .............................................................................................................. 283 7.35. VMware NSX QoS attributes ............................................................................... 284 7.36. Basic VMware NSX QoS operations ..................................................................... 285 7.37. Recommended values for max_lp_per_bridged_ls ................................................ 285 7.38. Configuration options for tuning operational status synchronization in the NSX plug-in ......................................................................................................................... 286 7.39. Big Switch Router rule attributes ......................................................................... 287 7.40. Label .................................................................................................................. 288 7.41. Rules ................................................................................................................... 288 7.42. Basic L3 operations ............................................................................................. 290 7.43. Plug-ins that support native pagination and sorting ............................................. 296 8.1. Consumed event types from OpenStack services .................................................... 301 8.2. List of available transformers ................................................................................ 309 8.3. Time-to-live support for database back ends ......................................................... 314 8.4. Telemetry meter types .......................................................................................... 327 8.5. OpenStack Compute meters ................................................................................. 328 8.6. OpenStack Compute host meters .......................................................................... 332 8.7. Metrics of Bare metal module for OpenStack ........................................................ 332 8.8. IPMI based meters ................................................................................................ 333 8.9. SNMP based meters .............................................................................................. 334 8.10. OpenStack Image Service meters ......................................................................... 334 8.11. OpenStack Block Storage meters ......................................................................... 335 8.12. OpenStack Object Storage meters ....................................................................... 335 8.13. Metrics for Ceph Object Storage ......................................................................... 336 8.14. OpenStack Identity meters .................................................................................. 336 8.15. OpenStack Networking meters ........................................................................... 337 8.16. SDN meters ........................................................................................................ 338 8.17. LoadBalancer as a Service meters ........................................................................ 338 8.18. VPN as a Service meters ...................................................................................... 339 8.19. Firewall as a Service meters ................................................................................. 340 8.20. Metrics for the Orchestration module ................................................................. 340 8.21. Metrics of the Data processing service for OpenStack .......................................... 341 8.22. Key Value Store module meters .......................................................................... 341 8.23. Energy meters .................................................................................................... 341 vii Cloud Administrator Guide May 1, 2015 current List of Examples 2.1. Configure the Memcached backend ........................................................................ 42 viii Cloud Administrator Guide May 1, 2015 current Preface Conventions The OpenStack documentation uses several typesetting conventions. Notices Notices take these forms: Note A handy tip or reminder. Important Something you must be aware of before proceeding. Warning Critical information about the risk of data loss or security issues. Command prompts $ prompt Any user, including the root user, can run commands that are prefixed with the $ prompt. # prompt The root user must run commands that are prefixed with the # prompt. You can also prefix these commands with the sudo command, if available, to run them. Document change history This version of the guide replaces and obsoletes all earlier versions. The following table describes the most recent changes: Revision Date Summary of Changes February 20, 2015 •For the Kilo release, the guide has been updated with a new Measurements section in the Telemetry chapter. The tables contain the release information for all collected meters re- garding to when they were introduced in the module. In addition, the Orchestration chapter has been added to the guide. It describes in details Orchestration module available in Open- Stack since Havana release. October 15, 2014 •For the Juno release, the guide has been updated with a new Telemetry chapter. July 21, 2014 •Updated variables to use correct formatting. April 17, 2014 •For the Icehouse release, the guide was organized with system administration and system architecture sections. Also, how-to sections were moved to this guide instead of the Open- Stack Configuration Reference. November 12, 2013 •Adds options for tuning operational status synchronization in the NSX plug-in. ix Cloud Administrator Guide May 1, 2015 current Revision Date Summary of Changes October 17, 2013 •Havana release. September 5, 2013 •Moves object storage monitoring section to this guide. •Removes redundant object storage information. September 3, 2013 •Moved all but configuration and installation information from these component guides to create the new guide: •OpenStack Compute Administration Guide •OpenStack Networking Administration Guide •OpenStack Object Storage Administration Guide •OpenStack Block Storage Service Administration Guide x