1
=== added directory 'Admin'
2
=== added file 'Admin/Appendix-Ceph-and-OpenStack.md'
3
--- Admin/Appendix-Ceph-and-OpenStack.md	1970-01-01 00:00:00 +0000
4
+++ Admin/Appendix-Ceph-and-OpenStack.md	2014-04-15 16:06:33 +0000
5
@@ -0,0 +1,229 @@
6
1
Title: Appendix - Ceph and OpenStack
7
2
Status: Done
8
3
9
4
# Appendix: Ceph and OpenStack
10
5
11
6
Ceph stripes block device images as objects across a cluster. This way it provides
12
7
a better performance than standalone server. OpenStack is able to use Ceph Block Devices
13
8
through `libvirt`, which configures the QEMU interface to `librbd`. 
14
9
15
10
To use Ceph Block Devices with OpenStack, you must install QEMU, `libvirt`, and OpenStack 
16
11
first. It's recommended to use a separate physical node for your OpenStack installation. 
17
12
OpenStack recommends a minimum of 8GB of RAM and a quad-core processor. 
18
13
19
14
Three parts of OpenStack integrate with Ceph’s block devices:
20
15
21
16
- Images: OpenStack Glance manages images for VMs. Images are immutable. OpenStack 
22
17
  treats images as binary blobs and downloads them accordingly.
23
18
- Volumes: Volumes are block devices. OpenStack uses volumes to boot VMs, or to 
24
19
  attach volumes to running VMs. OpenStack manages volumes using Cinder services.
25
20
- Guest Disks: Guest disks are guest operating system disks. By default, when you 
26
21
  boot a virtual machine, its disk appears as a file on the filesystem of the 
27
22
  hypervisor (usually under /var/lib/nova/instances/<uuid>/). Prior OpenStack Havana, 
28
23
  the only way to boot a VM in Ceph was to use the boot from volume functionality 
29
24
  from Cinder. However, now it is possible to directly boot every virtual machine 
30
25
  inside Ceph without using Cinder. This is really handy because it allows us to 
31
26
  easily perform maintenance operation with the live-migration process. On the other 
32
27
  hand, if your hypervisor dies it is also really convenient to trigger Nova evacuate 
33
28
  and almost seamlessly run the virtual machine somewhere else.
34
29
35
30
You can use OpenStack Glance to store images in a Ceph Block Device, and you can 
36
31
use Cinder to boot a VM using a copy-on-write clone of an image.
37
32
38
33
## Create a pool
39
34
40
35
By default, Ceph block devices use the `rbd` pool. You may use any available pool. 
41
36
We recommend creating a pool for Cinder and a pool for Glance. Ensure your Ceph 
42
37
cluster is running, then create the pools.
43
38
44
39
````
45
40
ceph osd pool create volumes 128
46
41
ceph osd pool create images 128
47
42
ceph osd pool create backups 128
48
43
````
49
44
50
45
## Configure OpenStack Ceph Clients
51
46
52
47
The nodes running `glance-api`, `cinder-volume`, `nova-compute` and `cinder-backup` act 
53
48
as Ceph clients. Each requires the `ceph.conf` file
54
49
55
50
````
56
51
ssh {your-openstack-server} sudo tee /etc/ceph/ceph.conf </etc/ceph/ceph.conf
57
52
````
58
53
59
54
On the `glance-api` node, you’ll need the Python bindings for `librbd`
60
55
61
56
````
62
57
sudo apt-get install python-ceph
63
58
sudo yum install python-ceph
64
59
````
65
60
66
61
On the `nova-compute`, `cinder-backup` and on the `cinder-volume` node, use both the 
67
62
Python bindings and the client command line tools
68
63
69
64
````
70
65
sudo apt-get install ceph-common
71
66
sudo yum install ceph
72
67
````
73
68
74
69
If you have cephx authentication enabled, create a new user for Nova/Cinder and 
75
70
Glance. Execute the following
76
71
77
72
````
78
73
ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rx pool=images'
79
74
ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
80
75
ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'
81
76
````
82
77
83
78
Add the keyrings for `client.cinder`, `client.glance`, and `client.cinder-backup` 
84
79
to the appropriate nodes and change their ownership
85
80
86
81
````
87
82
ceph auth get-or-create client.glance | ssh {your-glance-api-server} sudo tee /etc/ceph/ceph.client.glance.keyring
88
83
ssh {your-glance-api-server} sudo chown glance:glance /etc/ceph/ceph.client.glance.keyring
89
84
ceph auth get-or-create client.cinder | ssh {your-volume-server} sudo tee /etc/ceph/ceph.client.cinder.keyring
90
85
ssh {your-cinder-volume-server} sudo chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
91
86
ceph auth get-or-create client.cinder-backup | ssh {your-cinder-backup-server} sudo tee /etc/ceph/ceph.client.cinder-backup.keyring
92
87
ssh {your-cinder-backup-server} sudo chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring
93
88
````
94
89
95
90
Nodes running `nova-compute` need the keyring file for the `nova-compute` process. 
96
91
They also need to store the secret key of the `client.cinder` user in `libvirt`. The 
97
92
`libvirt` process needs it to access the cluster while attaching a block device 
98
93
from Cinder.
99
94
100
95
Create a temporary copy of the secret key on the nodes running `nova-compute`
101
96
102
97
````
103
98
ceph auth get-key client.cinder | ssh {your-compute-node} tee client.cinder.key
104
99
````
105
100
106
101
Then, on the compute nodes, add the secret key to `libvirt` and remove the 
107
102
temporary copy of the key
108
103
109
104
````
110
105
uuidgen
111
106
457eb676-33da-42ec-9a8c-9293d545c337
112
107
113
108
cat > secret.xml <<EOF
114
109
<secret ephemeral='no' private='no'>
115
110
  <uuid>457eb676-33da-42ec-9a8c-9293d545c337</uuid>
116
111
  <usage type='ceph'>
117
112
    <name>client.cinder secret</name>
118
113
  </usage>
119
114
</secret>
120
115
EOF
121
116
sudo virsh secret-define --file secret.xml
122
117
Secret 457eb676-33da-42ec-9a8c-9293d545c337 created
123
118
sudo virsh secret-set-value --secret 457eb676-33da-42ec-9a8c-9293d545c337 --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
124
119
````
125
120
126
121
Save the uuid of the secret for configuring `nova-compute` later.
127
122
128
123
**Important** You don’t necessarily need the UUID on all the compute nodes. 
129
124
However from a platform consistency perspective it’s better to keep the 
130
125
same UUID.
131
126
132
127
## Configure OpenStack to use Ceph
133
128
134
129
### Glance
135
130
136
131
Glance can use multiple back ends to store images. To use Ceph block devices 
137
132
by default, edit `/etc/glance/glance-api.conf` and add
138
133
139
134
````
140
135
default_store=rbd
141
136
rbd_store_user=glance
142
137
rbd_store_pool=images
143
138
````
144
139
145
140
If want to enable copy-on-write cloning of images into volumes, also add:
146
141
147
142
````
148
143
show_image_direct_url=True
149
144
````
150
145
151
146
Note that this exposes the back end location via Glance’s API, so 
152
147
the endpoint with this option enabled should not be publicly 
153
148
accessible.
154
149
155
150
### Cinder
156
151
157
152
OpenStack requires a driver to interact with Ceph block devices. You 
158
153
must also specify the pool name for the block device. On your 
159
154
OpenStack node, edit `/etc/cinder/cinder.conf` by adding
160
155
161
156
````
162
157
volume_driver=cinder.volume.drivers.rbd.RBDDriver
163
158
rbd_pool=volumes
164
159
rbd_ceph_conf=/etc/ceph/ceph.conf
165
160
rbd_flatten_volume_from_snapshot=false
166
161
rbd_max_clone_depth=5
167
162
glance_api_version=2
168
163
````
169
164
170
165
If you’re using cephx authentication, also configure the user and 
171
166
uuid of the secret you added to `libvirt` as documented earlier
172
167
173
168
````
174
169
rbd_user=cinder
175
170
rbd_secret_uuid=457eb676-33da-42ec-9a8c-9293d545c337
176
171
````
177
172
178
173
## Cinder Backup
179
174
180
175
OpenStack Cinder Backup requires a specific daemon so don’t 
181
176
forget to install it. On your Cinder Backup node, 
182
177
edit `/etc/cinder/cinder.conf` and add:
183
178
184
179
````
185
180
backup_driver=cinder.backup.drivers.ceph
186
181
backup_ceph_conf=/etc/ceph/ceph.conf
187
182
backup_ceph_user=cinder-backup
188
183
backup_ceph_chunk_size=134217728
189
184
backup_ceph_pool=backups
190
185
backup_ceph_stripe_unit=0
191
186
backup_ceph_stripe_count=0
192
187
restore_discard_excess_bytes=true
193
188
````
194
189
195
190
### Nova
196
191
197
192
In order to boot all the virtual machines directly into Ceph Nova must be 
198
193
configured. On every Compute nodes, edit `/etc/nova/nova.conf` and add
199
194
200
195
````
201
196
libvirt_images_type=rbd
202
197
libvirt_images_rbd_pool=volumes
203
198
libvirt_images_rbd_ceph_conf=/etc/ceph/ceph.conf
204
199
rbd_user=cinder
205
200
rbd_secret_uuid=457eb676-33da-42ec-9a8c-9293d545c337
206
201
````
207
202
208
203
It is also a good practice to disable any file injection. Usually, while 
209
204
booting an instance Nova attempts to open the rootfs of the virtual machine. 
210
205
Then, it injects directly into the filesystem things like: password, ssh 
211
206
keys etc... At this point, it is better to rely on the metadata service 
212
207
and cloud-init. On every Compute nodes, edit `/etc/nova/nova.conf` and add
213
208
214
209
````
215
210
libvirt_inject_password=false
216
211
libvirt_inject_key=false
217
212
libvirt_inject_partition=-2
218
213
````
219
214
220
215
## Restart OpenStack
221
216
222
217
To activate the Ceph block device driver and load the block device pool name 
223
218
into the configuration, you must restart OpenStack. 
224
219
225
220
````
226
221
sudo glance-control api restart
227
222
sudo service nova-compute restart
228
223
sudo service cinder-volume restart
229
224
sudo service cinder-backup restart
230
225
````
231
226
232
227
Once OpenStack is up and running, you should be able to create a volume 
233
228
and boot from it.
234
229
235
0
230
236
=== added file 'Admin/Backup-and-Recovery-Ceph.md'
237
--- Admin/Backup-and-Recovery-Ceph.md	1970-01-01 00:00:00 +0000
238
+++ Admin/Backup-and-Recovery-Ceph.md	2014-04-15 16:06:33 +0000
239
@@ -0,0 +1,107 @@
240
1
Title: Backup and Recovery - Ceph
241
2
Status: In Progress
242
3
243
4
# Backup and Recovery - Ceph
244
5
245
6
## Introduction
246
7
247
8
A snapshot is a read-only copy of the state of an image at a particular point in time. One 
248
9
of the advanced features of Ceph block devices is that you can create snapshots of the images 
249
10
to retain a history of an image’s state. Ceph also supports snapshot layering, which allows 
250
11
you to clone images (e.g., a VM image) quickly and easily. Ceph supports block device snapshots 
251
12
using the `rbd` command and many higher level interfaces including OpenStack.
252
13
253
14
## Scope
254
15
255
16
**TODO**
256
17
257
18
## Backup
258
19
259
20
To create a snapshot with `rbd`, specify the `snap create` option, the pool name and the 
260
21
image name.
261
22
262
23
````
263
24
rbd --pool {pool-name} snap create --snap {snap-name} {image-name}
264
25
rbd snap create {pool-name}/{image-name}@{snap-name}
265
26
````
266
27
267
28
For example:
268
29
269
30
````
270
31
rbd --pool rbd snap create --snap snapname foo
271
32
rbd snap create rbd/foo@snapname
272
33
````
273
34
274
35
## Restore
275
36
276
37
To rollback to a snapshot with `rbd`, specify the `snap rollback` option, the pool name, the 
277
38
image name and the snap name.
278
39
279
40
````
280
41
rbd --pool {pool-name} snap rollback --snap {snap-name} {image-name}
281
42
rbd snap rollback {pool-name}/{image-name}@{snap-name}
282
43
````
283
44
284
45
For example:
285
46
286
47
````
287
48
rbd --pool rbd snap rollback --snap snapname foo
288
49
rbd snap rollback rbd/foo@snapname
289
50
````
290
51
291
52
**Note:** Rolling back an image to a snapshot means overwriting the current version of the image 
292
53
with data from a snapshot. The time it takes to execute a rollback increases with the size of the 
293
54
image. It is faster to clone from a snapshot than to rollback an image to a snapshot, and it is 
294
55
the preferred method of returning to a pre-existing state.
295
56
296
57
## Maintenance
297
58
298
59
Taking snapshots increases your level of security but also costs disk space. To delete older ones
299
60
you can list them, delete individual ones or purge all snapshots.
300
61
301
62
To list snapshots of an image, specify the pool name and the image name.
302
63
303
64
````
304
65
rbd --pool {pool-name} snap ls {image-name}
305
66
rbd snap ls {pool-name}/{image-name}
306
67
````
307
68
308
69
For example:
309
70
310
71
````
311
72
rbd --pool rbd snap ls foo
312
73
rbd snap ls rbd/foo
313
74
````
314
75
315
76
To delete a snapshot with `rbd`, specify the `snap rm` option, the pool name, the image name 
316
77
and the username.
317
78
318
79
````
319
80
rbd --pool {pool-name} snap rm --snap {snap-name} {image-name}
320
81
rbd snap rm {pool-name}/{image-name}@{snap-name}
321
82
````
322
83
323
84
For example:
324
85
325
86
````
326
87
rbd --pool rbd snap rm --snap snapname foo
327
88
rbd snap rm rbd/foo@snapname
328
89
````
329
90
330
91
**Note:** Ceph OSDs delete data asynchronously, so deleting a snapshot doesn’t free up the 
331
92
disk space immediately.
332
93
333
94
To delete all snapshots for an image with `rbd`, specify the snap purge option and the 
334
95
image name.
335
96
336
97
````
337
98
rbd --pool {pool-name} snap purge {image-name}
338
99
rbd snap purge {pool-name}/{image-name}
339
100
````
340
101
341
102
For example:
342
103
343
104
````
344
105
rbd --pool rbd snap purge foo
345
106
rbd snap purge rbd/foo
346
107
````
347
0
108
348
=== added file 'Admin/Backup-and-Recovery-Juju.md'
349
--- Admin/Backup-and-Recovery-Juju.md	1970-01-01 00:00:00 +0000
350
+++ Admin/Backup-and-Recovery-Juju.md	2014-04-15 16:06:33 +0000
351
@@ -0,0 +1,59 @@
352
1
Title: Backup and Recovery - Juju
353
2
Status: In Progress
354
3
355
4
# Backup and Recovery - Juju
356
5
357
6
## Introduction
358
7
359
8
**TODO**
360
9
361
10
## Scope
362
11
363
12
**TODO**
364
13
365
14
## Backup
366
15
367
16
Jujus working principle is based on storing the state of the cloud in
368
17
database containing information about the environment, machines, services,
369
18
and units. Changes to an environment are made to the state first, which are
370
19
then detected by their according agents. Those are responsible to do the
371
20
needed steps then.
372
21
373
22
This principle allows Juju to easily do a *backup* of this information, plus
374
23
some needed configuration data and some more useful information more. The 
375
24
command to do so is `juju-backup`, which saves the currently selected 
376
25
environment. So please make sure to switch to the environment you want to 
377
26
backup.
378
27
379
28
````
380
29
$ juju switch my-env
381
30
$ juju backup
382
31
````
383
32
384
33
The command creates two generations of backups on the bootstrap node, also
385
34
know as `machine-0`. Beside the state and configuration data about this machine
386
35
itself and the other ones of its environment the aggregated log for all
387
36
machines and the one of this machine itself are saved. The aggregated log
388
37
is the same you're accessing when calling
389
38
390
39
````
391
40
$ juju debug-log
392
41
````
393
42
394
43
and enables you to retrieve helpful information in case of a problem. After
395
44
the backup is created on the bootstrap node it is transferred to your 
396
45
working machine into the current directory as `juju-backup-YYYYMMDD-HHMM.tgz`,
397
46
where *YYYYMMDD-HHMM* is date and time of the backup. In case you want to open 
398
47
the backup manually to access the mentioned logging data you'll find it in the 
399
48
contained archive `root.tar`. Here please don't wonder, this way all owner, 
400
49
access rights and other information are preserved.
401
50
402
51
## Restore
403
52
404
53
To *restore* an environment the according command is 
405
54
406
55
````
407
56
$ juju restore <BACKUPFILE>
408
57
````
409
58
410
59
This way you're able to choose the concrete environment to restore.
411
0
60
412
=== added file 'Admin/Backup-and-Recovery-OpenStack.md'
413
--- Admin/Backup-and-Recovery-OpenStack.md	1970-01-01 00:00:00 +0000
414
+++ Admin/Backup-and-Recovery-OpenStack.md	2014-04-15 16:06:33 +0000
415
@@ -0,0 +1,131 @@
416
1
Title: Backup and Recovery - OpenStack
417
2
Status: In Progress
418
3
419
4
# Backup and Recovery - OpenStack
420
5
421
6
## Introduction
422
7
423
8
The OpenStack flexibility makes backup and restore to a very individual process
424
9
depending on the used components. This section describes how the critical parts
425
10
like the configuration files and databases OpenStack needs to run are saved. As
426
11
before for Juju it doesn't describe ho to back up the objects inside the Object 
427
12
Storage or the data inside the Block Storage.
428
13
429
14
## Scope
430
15
431
16
**TODO**
432
17
433
18
## Backup Cloud Controller Database
434
19
435
20
Like Juju the OpenStack cloud controller uses a database server which stores the
436
21
central databases for Nova, Glance, Keystone, Cinder, and Switft. You can backup
437
22
the five databases into one common dump:
438
23
439
24
````
440
25
$ mysqldump --opt --all-databases > openstack.sql
441
26
````
442
27
443
28
Alternatively you can backup the database for each component individually:
444
29
445
30
````
446
31
$ mysqldump --opt nova > nova.sql
447
32
$ mysqldump --opt glance > glance.sql
448
33
$ mysqldump --opt keystone > keystone.sql
449
34
$ mysqldump --opt cinder > cinder.sql
450
35
$ mysqldump --opt swift > swift.sql
451
36
````
452
37
453
38
## Backup File Systems
454
39
455
40
Beside the databases OpenStack uses different directories for its configuration,
456
41
runtime files, and logging. Like the databases they are grouped individually per
457
42
component. This way also the backup can be done per component.
458
43
459
44
### Nova
460
45
461
46
You'll find the configuration directory `/etc/nova` on the cloud controller and 
462
47
each compute node. It should be regularly backed up.
463
48
464
49
Another directory to backup is `/var/lib/nova`. But here you have to be careful
465
50
with the `instances` subdirectory on the compute nodes. It contains the KVM images
466
51
of the running instances. If you want to maintain backup copies of those instances
467
52
you can do a backup here too. In this case make sure to not save a live KVM instance
468
53
because it may not boot properly after restoring the backup.
469
54
470
55
Third directory for the compute component is `/var/log/nova`. In case of a central
471
56
logging server this directory does not need to be backed up. So we suggest you to
472
57
run your environment with this kind of logging.
473
58
474
59
### Glance
475
60
476
61
Like for Nova you'll find the directories `/etc/glance` and `/var/log/glance`, the
477
62
handling should be the same here too.
478
63
479
64
Glance also uses the directory named `/var/lib/glance` which also should be backed
480
65
up.
481
66
482
67
### Keystone
483
68
484
69
Keystone is using the directories `/etc/keystone`, `/var/lib/keystone`, and
485
70
`/var/log/keystone`. They follow the same rules as Nova and Glance. Even if
486
71
the `lib` directory should not contain any data being used, can also be backed 
487
72
up just in case.
488
73
489
74
### Cinder
490
75
491
76
Like before you'll find the directories `/etc/cinder`, `/var/log/cinder`,
492
77
and `/var/lib/cinder`. And also here the handling should be the same. Opposite
493
78
to Nova abd Glance there's no special handling of `/var/lib/cinder` needed.
494
79
495
80
### Swift
496
81
497
82
Beside the Swift configuration the directory `/etc/swift` contains the ring files
498
83
and the ring builder files. If those get lest the data on your data gets inaccessable.
499
84
So you can easily imagine how important it is to backup this directory. Best practise
500
85
is to copy the builder files to the storage nodes along with the ring files. So
501
86
multiple copies are spread throughout the cluster.
502
87
503
88
**TODO(mue)** Really needed when we use Ceph for storage?
504
89
505
90
## Restore
506
91
507
92
The restore based on the backups is a step-by-step process restoring the components
508
93
databases and all their directories. It's important that the component to restore is 
509
94
currently not running. So always start the restoring with stopping all components.
510
95
511
96
Let's take Nova as an example. First execute
512
97
513
98
````
514
99
$ stop nova-api
515
100
$ stop nova-cert
516
101
$ stop nova-consoleauth
517
102
$ stop nova-novncproxy
518
103
$ stop nova-objectstore
519
104
$ stop nova-scheduler
520
105
````
521
106
522
107
on the cloud controller to savely stop the processes of the component. Next step is the
523
108
restore of the database. By using the `--opt` option during backup we ensured that all
524
109
tables are initially dropped and there's no conflict with currently existing data in
525
110
the databases.
526
111
527
112
````
528
113
$ mysql nova < nova.sql
529
114
````
530
115
531
116
Before restoring the directories you should move at least the configuration directoy,
532
117
here `/etc/nova`, into a secure location in case you need to roll it back.
533
118
534
119
After the database and the files are restored you can start MySQL and Nova again.
535
120
536
121
````
537
122
$ start mysql
538
123
$ start nova-api
539
124
$ start nova-cert
540
125
$ start nova-consoleauth
541
126
$ start nova-novncproxy
542
127
$ start nova-objectstore
543
128
$ start nova-scheduler
544
129
````
545
130
546
131
The process for the other components look similar.
547
0
132
548
=== added file 'Admin/Logging-Juju.md'
549
--- Admin/Logging-Juju.md	1970-01-01 00:00:00 +0000
550
+++ Admin/Logging-Juju.md	2014-04-15 16:06:33 +0000
551
@@ -0,0 +1,24 @@
552
1
Title: Logging - Juju
553
2
Status: In Progress
554
3
555
4
# Logging - Juju
556
5
557
6
## Introduction
558
7
559
8
**TODO**
560
9
561
10
## Scope
562
11
563
12
**TODO**
564
13
565
14
## Connecting to rsyslogd
566
15
567
16
Juju already uses `rsyslogd` for the aggregation of all logs into on centralized log. The
568
17
target of this logging is the file `/var/log/juju/all-machines.log`. You can directly
569
18
access it using the command
570
19
571
20
````
572
21
$ juju debug-log
573
22
````
574
23
575
24
**TODO** Describe a way to redirect this log to a central rsyslogd server.
576
0
25
577
=== added file 'Admin/Logging-OpenStack.md'
578
--- Admin/Logging-OpenStack.md	1970-01-01 00:00:00 +0000
579
+++ Admin/Logging-OpenStack.md	2014-04-15 16:06:33 +0000
580
@@ -0,0 +1,92 @@
581
1
Title: Logging - OpenStack
582
2
Status: In Progress
583
3
584
4
# Logging - OpenStack
585
5
586
6
## Introduction
587
7
588
8
**TODO**
589
9
590
10
## Scope
591
11
592
12
**TODO**
593
13
594
14
## Connecting to rsyslogd
595
15
596
16
By default OpenStack is writting its logging output into files into directories for each
597
17
component, like `/var/log/nova` or `/var/log/glance`. For the usage of `rsyslogd` the components
598
18
have to be configured to also log to `syslog`. When doing this also configure each component
599
19
to log into a different syslog facility. This will help you to split the logs into individual
600
20
components on the central logging server. So ensure the following settings:
601
21
602
22
**/etc/nova/nova.conf:**
603
23
604
24
````
605
25
use_syslog=True
606
26
syslog_log_facility=LOG_LOCAL0
607
27
````
608
28
609
29
**/etc/glance/glance-api.conf and /etc/glance/glance-registry.conf:**
610
30
611
31
````
612
32
use_syslog=True
613
33
syslog_log_facility=LOG_LOCAL1
614
34
````
615
35
616
36
**/etc/cinder/cinder.conf:**
617
37
618
38
````
619
39
use_syslog=True
620
40
syslog_log_facility=LOG_LOCAL2
621
41
````
622
42
623
43
**/etc/keystone/keystone.conf:**
624
44
625
45
````
626
46
use_syslog=True
627
47
syslog_log_facility=LOG_LOCAL3
628
48
````
629
49
630
50
The object storage Swift be fault already logs to syslog. So you now can tell the local
631
51
rsyslogd clients to pass the logged information to the logging server. You'll do this
632
52
by creating a `/etc/rsyslog.d/client.conf` containing the line like
633
53
634
54
````
635
55
*.* @192.16.1.10
636
56
````
637
57
638
58
where the IP address points to your rsyslogd server. Best is to choose a server that is
639
59
dedicated to this task only. Here you've got to create the file `/etc/rsyslog.d/server.conf`
640
60
contining the settings
641
61
642
62
````
643
63
# Enable UDP
644
64
$ModLoad imudp
645
65
# Listen on 192.168.1.10 only
646
66
$UDPServerAddress 192.168.1.10
647
67
# Port 514
648
68
$UDPServerRun 514
649
69
# Create logging templates for nova
650
70
$template NovaFile,"/var/log/rsyslog/%HOSTNAME%/nova.log"
651
71
$template NovaAll,"/var/log/rsyslog/nova.log"
652
72
# Log everything else to syslog.log
653
73
$template DynFile,"/var/log/rsyslog/%HOSTNAME%/syslog.log"
654
74
*.* ?DynFile
655
75
# Log various openstack components to their own individual file
656
76
local0.* ?NovaFile
657
77
local0.* ?NovaAll
658
78
& ~
659
79
````
660
80
661
81
This example only contains the settings for Nova only, the other OpenStack components
662
82
have to be added the same way. Using two templates per component, one containing the 
663
83
`%HOSTNAME%` variable and one without it enables a better splitting of the logged 
664
84
data. Think about the two example nodes `alpha.example.com` and `bravo.example.com`.
665
85
They will write their logging into the files
666
86
667
87
- `/var/log/rsyslog/alpha.example.com/nova.log` - only the data of alpha,
668
88
- `/var/log/rsyslog/bravo.example.com/nova.log` - only the data of bravo,
669
89
- `/var/log/rsyslog/nova.log` - the combined data of both.
670
90
671
91
This allows a quick overview over all nodes as well as the focussed analysis of an
672
92
individual node.
673
0
93
674
=== added file 'Admin/Logging.md'
675
--- Admin/Logging.md	1970-01-01 00:00:00 +0000
676
+++ Admin/Logging.md	2014-04-15 16:06:33 +0000
677
@@ -0,0 +1,15 @@
678
1
Title: Logging
679
2
Status: In Progress
680
3
681
4
# Logging
682
5
683
6
The controlling of individual logs is a cumbersome job, even in an environment with only
684
7
few computer system. But it's even more worse in typical clouds with a large number of
685
8
nodes. Here the centrallized approach using `rsyslogd` helps. It allows you to aggregate
686
9
the logging output of all systems in one place. Here the monitoring and analysis gets
687
10
more simple.
688
11
689
12
Ubuntu uses `rsyslogd` as the default logging service. Since it is natively able to send 
690
13
logs to a remote location, you don't have to install anything extra to enable this feature, 
691
14
just modify the configuration file. In doing this, consider running your logging over 
692
15
a management network or using an encrypted VPN to avoid interception.
693
0
16
694
=== added file 'Admin/Scaling-Ceph.md'
695
--- Admin/Scaling-Ceph.md	1970-01-01 00:00:00 +0000
696
+++ Admin/Scaling-Ceph.md	2014-04-15 16:06:33 +0000
697
@@ -0,0 +1,36 @@
698
1
Title: Scaling - Ceph
699
2
Status: In Progress
700
3
701
4
# Scaling - Ceph
702
5
703
6
## Introduction
704
7
705
8
Beside the redundancy for more safety and the higher performance through the usage of 
706
9
Ceph as storage backend for OpenStack the user also benefits from the more simple way
707
10
of scaling the storage of the needs grow.
708
11
709
12
## Scope
710
13
711
14
**TODO**
712
15
713
16
## Scaling
714
17
715
18
The addition of Ceph nodes is done using the Juju `add-node` command. By default
716
19
it adds only one node, but it is possible to add the number of wanted nodes as
717
20
argument. To add one more Ceph OSD Daemon node you simply call
718
21
719
22
```
720
23
juju add-node ceph-osd
721
24
```
722
25
723
26
Larger numbers of nodes can be added using the `-n` argument, e.g. 5 nodes
724
27
with
725
28
726
29
```
727
30
juju add-node -n 5 ceph-osd
728
31
```
729
32
730
33
**Attention:** The adding of more nodes to Ceph leads to a redistribution of data
731
34
between the nodes of an image. This can cause inefficiencies during this process. So
732
35
it should be done in smaller steps.
733
36
734
0
37
735
=== added file 'Admin/Upgrading-and-Patching-Juju.md'
736
--- Admin/Upgrading-and-Patching-Juju.md	1970-01-01 00:00:00 +0000
737
+++ Admin/Upgrading-and-Patching-Juju.md	2014-04-15 16:06:33 +0000
738
@@ -0,0 +1,45 @@
739
1
Title: Upgrading and Patching - Juju
740
2
Status: In Progress
741
3
742
4
# Upgrading and Patching - Juju
743
5
744
6
## Introduction
745
7
746
8
**TODO**
747
9
748
10
## Scope
749
11
750
12
**TODO**
751
13
752
14
## Upgrading
753
15
754
16
The upgrade of a Juju environment is done using the Juju client and its command
755
17
756
18
````
757
19
$ juju upgrade-juju
758
20
````
759
21
760
22
This command sets the version number for all Juju agents to run. This by default
761
23
is the most recent supported version compatible with the comand-line tools version.
762
24
So ensure that you've upgraded the Juju client first.
763
25
764
26
When run without arguments, `upgrade-juju` will try to upgrade to the following 
765
27
versions, in order of preference and depending on the current value of the 
766
28
environment's `agent-version` setting:
767
29
768
30
- The highest patch.build version of the *next* stable major.minor version.
769
31
- The highest patch.build version of the *current* major.minor version.
770
32
771
33
Both of these depend on the availability of the according tools. On MAAS you've
772
34
got to manage this yourself using the command
773
35
774
36
````
775
37
$ juju sync-tools
776
38
````
777
39
778
40
This copies the Juju tools tarball from the official tools store (located
779
41
at https://streams.canonical.com/juju) into your environment.
780
42
781
43
## Patching
782
44
783
45
**TODO**
784
0
46
785
=== added file 'Admin/Upgrading-and-Patching-OpenStack.md'
786
--- Admin/Upgrading-and-Patching-OpenStack.md	1970-01-01 00:00:00 +0000
787
+++ Admin/Upgrading-and-Patching-OpenStack.md	2014-04-15 16:06:33 +0000
788
@@ -0,0 +1,83 @@
789
1
Title: Upgrading and Patching - OpenStack
790
2
Status: In Progress
791
3
792
4
# Upgrading and Patching - OpenStack
793
5
794
6
## Introduction
795
7
796
8
**TODO**
797
9
798
10
## Scope
799
11
800
12
**TODO**
801
13
802
14
## Upgrading
803
15
804
16
The upgrade of an OpenStack cluster in one big step is an approach requiring additional
805
17
hardware to setup an update cloud beside the productive one and leads to a longer
806
18
outage while your cloud is in read-only mode, the state is transferred to the new
807
19
one and the environments are switched. So the preferred way of upgrading an OpenStack
808
20
cloud is the rolling upgrade of each component of the system piece by piece.
809
21
810
22
Here you can choose between in-place and side-by-side upgrades. But the first one needs
811
23
to shutdown the regarding component while you're performing its upgrade. Additionally you
812
24
may have troubles in case of a rollback. So to avoid this the side by side upgrade is
813
25
the preferred way here.
814
26
815
27
Before starting the upgrade itself you should
816
28
817
29
- Perform some "cleaning" of the environment process to ensure a consistent state; for 
818
30
  example, instances not fully purged from the system after deletion may cause 
819
31
  indeterminate behavior
820
32
- Read the release notes and documentation
821
33
- Find incompatibilities between your versions
822
34
823
35
The upgrade tasks here follow the same procedure for each component:
824
36
825
37
1. Configure the new worker
826
38
1. Turn off the current worker; during this time hide the downtime using a message
827
39
   queue or a load balancer
828
40
1. Take a backup as described earlier of the old worker for a rollback
829
41
1. Copy the state of the current to the new worker
830
42
1. Start up the new worker
831
43
832
44
Now repeat these steps for each worker in an approprate order. In case of a problem it
833
45
should be easy to rollback as long as the former worker stays untouched. This is,
834
46
beside the shorter downtime, the most important advantage of the side-by-side upgrade.
835
47
836
48
The following order for service upgrades seems the most successful:
837
49
838
50
1. Upgrade the OpenStack Identity Service (Keystone).
839
51
1. Upgrade the OpenStack Image Service (Glance).
840
52
1. Upgrade OpenStack Compute (Nova), including networking components.
841
53
1. Upgrade OpenStack Block Storage (Cinder).
842
54
1. Upgrade the OpenStack dashboard.
843
55
844
56
These steps look very easy, but still are a complex procedure depending on your cloud
845
57
configuration. So we recommend to have a testing environment with a near-identical
846
58
architecture to your production system. This doesn't mean that you should use the same
847
59
sizes and hardware, which would be best but expensive. But there are some ways to reduce
848
60
the cost.
849
61
850
62
- Use your own cloud. The simplest place to start testing the next version of OpenStack 
851
63
  is by setting up a new environment inside your own cloud. This may seem odd—especially 
852
64
  the double virtualisation used in running compute nodes—but it's a sure way to very 
853
65
  quickly test your configuration.
854
66
- Use a public cloud. Especially because your own cloud is unlikely to have sufficient 
855
67
  space to scale test to the level of the entire cloud, consider using a public cloud 
856
68
  to test the scalability limits of your cloud controller configuration. Most public 
857
69
  clouds bill by the hour, which means it can be inexpensive to perform even a test 
858
70
  with many nodes.
859
71
- Make another storage endpoint on the same system. If you use an external storage plug-in 
860
72
  or shared file system with your cloud, in many cases it's possible to test that it 
861
73
  works by creating a second share or endpoint. This will enable you to test the system 
862
74
  before entrusting the new version onto your storage.
863
75
- Watch the network. Even at smaller-scale testing, it should be possible to determine 
864
76
  whether something is going horribly wrong in intercomponent communication if you 
865
77
  look at the network packets and see too many.
866
78
867
79
**TODO** Add more concrete description here.
868
80
869
81
## Patching
870
82
871
83
**TODO**
872
0
84
873
=== removed file 'Appendix-Ceph-and-OpenStack.md'
874
--- Appendix-Ceph-and-OpenStack.md	2014-04-02 16:18:10 +0000
875
+++ Appendix-Ceph-and-OpenStack.md	1970-01-01 00:00:00 +0000
876
@@ -1,229 +0,0 @@
877
1
Title: Appendix - Ceph and OpenStack
878
2
Status: Done
879
3
880
4
# Appendix: Ceph and OpenStack
881
5
882
6
Ceph stripes block device images as objects across a cluster. This way it provides
883
7
a better performance than standalone server. OpenStack is able to use Ceph Block Devices
884
8
through `libvirt`, which configures the QEMU interface to `librbd`. 
885
9
886
10
To use Ceph Block Devices with OpenStack, you must install QEMU, `libvirt`, and OpenStack 
887
11
first. It's recommended to use a separate physical node for your OpenStack installation. 
888
12
OpenStack recommends a minimum of 8GB of RAM and a quad-core processor. 
889
13
890
14
Three parts of OpenStack integrate with Ceph’s block devices:
891
15
892
16
- Images: OpenStack Glance manages images for VMs. Images are immutable. OpenStack 
893
17
  treats images as binary blobs and downloads them accordingly.
894
18
- Volumes: Volumes are block devices. OpenStack uses volumes to boot VMs, or to 
895
19
  attach volumes to running VMs. OpenStack manages volumes using Cinder services.
896
20
- Guest Disks: Guest disks are guest operating system disks. By default, when you 
897
21
  boot a virtual machine, its disk appears as a file on the filesystem of the 
898
22
  hypervisor (usually under /var/lib/nova/instances/<uuid>/). Prior OpenStack Havana, 
899
23
  the only way to boot a VM in Ceph was to use the boot from volume functionality 
900
24
  from Cinder. However, now it is possible to directly boot every virtual machine 
901
25
  inside Ceph without using Cinder. This is really handy because it allows us to 
902
26
  easily perform maintenance operation with the live-migration process. On the other 
903
27
  hand, if your hypervisor dies it is also really convenient to trigger Nova evacuate 
904
28
  and almost seamlessly run the virtual machine somewhere else.
905
29
906
30
You can use OpenStack Glance to store images in a Ceph Block Device, and you can 
907
31
use Cinder to boot a VM using a copy-on-write clone of an image.
908
32
909
33
## Create a pool
910
34
911
35
By default, Ceph block devices use the `rbd` pool. You may use any available pool. 
912
36
We recommend creating a pool for Cinder and a pool for Glance. Ensure your Ceph 
913
37
cluster is running, then create the pools.
914
38
915
39
````
916
40
ceph osd pool create volumes 128
917
41
ceph osd pool create images 128
918
42
ceph osd pool create backups 128
919
43
````
920
44
921
45
## Configure OpenStack Ceph Clients
922
46
923
47
The nodes running `glance-api`, `cinder-volume`, `nova-compute` and `cinder-backup` act 
924
48
as Ceph clients. Each requires the `ceph.conf` file
925
49
926
50
````
927
51
ssh {your-openstack-server} sudo tee /etc/ceph/ceph.conf </etc/ceph/ceph.conf
928
52
````
929
53
930
54
On the `glance-api` node, you’ll need the Python bindings for `librbd`
931
55
932
56
````
933
57
sudo apt-get install python-ceph
934
58
sudo yum install python-ceph
935
59
````
936
60
937
61
On the `nova-compute`, `cinder-backup` and on the `cinder-volume` node, use both the 
938
62
Python bindings and the client command line tools
939
63
940
64
````
941
65
sudo apt-get install ceph-common
942
66
sudo yum install ceph
943
67
````
944
68
945
69
If you have cephx authentication enabled, create a new user for Nova/Cinder and 
946
70
Glance. Execute the following
947
71
948
72
````
949
73
ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rx pool=images'
950
74
ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
951
75
ceph auth get-or-create client.cinder-backup mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=backups'
952
76
````
953
77
954
78
Add the keyrings for `client.cinder`, `client.glance`, and `client.cinder-backup` 
955
79
to the appropriate nodes and change their ownership
956
80
957
81
````
958
82
ceph auth get-or-create client.glance | ssh {your-glance-api-server} sudo tee /etc/ceph/ceph.client.glance.keyring
959
83
ssh {your-glance-api-server} sudo chown glance:glance /etc/ceph/ceph.client.glance.keyring
960
84
ceph auth get-or-create client.cinder | ssh {your-volume-server} sudo tee /etc/ceph/ceph.client.cinder.keyring
961
85
ssh {your-cinder-volume-server} sudo chown cinder:cinder /etc/ceph/ceph.client.cinder.keyring
962
86
ceph auth get-or-create client.cinder-backup | ssh {your-cinder-backup-server} sudo tee /etc/ceph/ceph.client.cinder-backup.keyring
963
87
ssh {your-cinder-backup-server} sudo chown cinder:cinder /etc/ceph/ceph.client.cinder-backup.keyring
964
88
````
965
89
966
90
Nodes running `nova-compute` need the keyring file for the `nova-compute` process. 
967
91
They also need to store the secret key of the `client.cinder` user in `libvirt`. The 
968
92
`libvirt` process needs it to access the cluster while attaching a block device 
969
93
from Cinder.
970
94
971
95
Create a temporary copy of the secret key on the nodes running `nova-compute`
972
96
973
97
````
974
98
ceph auth get-key client.cinder | ssh {your-compute-node} tee client.cinder.key
975
99
````
976
100
977
101
Then, on the compute nodes, add the secret key to `libvirt` and remove the 
978
102
temporary copy of the key
979
103
980
104
````
981
105
uuidgen
982
106
457eb676-33da-42ec-9a8c-9293d545c337
983
107
984
108
cat > secret.xml <<EOF
985
109
<secret ephemeral='no' private='no'>
986
110
  <uuid>457eb676-33da-42ec-9a8c-9293d545c337</uuid>
987
111
  <usage type='ceph'>
988
112
    <name>client.cinder secret</name>
989
113
  </usage>
990
114
</secret>
991
115
EOF
992
116
sudo virsh secret-define --file secret.xml
993
117
Secret 457eb676-33da-42ec-9a8c-9293d545c337 created
994
118
sudo virsh secret-set-value --secret 457eb676-33da-42ec-9a8c-9293d545c337 --base64 $(cat client.cinder.key) && rm client.cinder.key secret.xml
995
119
````
996
120
997
121
Save the uuid of the secret for configuring `nova-compute` later.
998
122
999
123
**Important** You don’t necessarily need the UUID on all the compute nodes. 
1000
124
However from a platform consistency perspective it’s better to keep the 
1001
125
same UUID.
1002
126
1003
127
## Configure OpenStack to use Ceph
1004
128
1005
129
### Glance
1006
130
1007
131
Glance can use multiple back ends to store images. To use Ceph block devices 
1008
132
by default, edit `/etc/glance/glance-api.conf` and add
1009
133
1010
134
````
1011
135
default_store=rbd
1012
136
rbd_store_user=glance
1013
137
rbd_store_pool=images
1014
138
````
1015
139
1016
140
If want to enable copy-on-write cloning of images into volumes, also add:
1017
141
1018
142
````
1019
143
show_image_direct_url=True
1020
144
````
1021
145
1022
146
Note that this exposes the back end location via Glance’s API, so 
1023
147
the endpoint with this option enabled should not be publicly 
1024
148
accessible.
1025
149
1026
150
### Cinder
1027
151
1028
152
OpenStack requires a driver to interact with Ceph block devices. You 
1029
153
must also specify the pool name for the block device. On your 
1030
154
OpenStack node, edit `/etc/cinder/cinder.conf` by adding
1031
155
1032
156
````
1033
157
volume_driver=cinder.volume.drivers.rbd.RBDDriver
1034
158
rbd_pool=volumes
1035
159
rbd_ceph_conf=/etc/ceph/ceph.conf
1036
160
rbd_flatten_volume_from_snapshot=false
1037
161
rbd_max_clone_depth=5
1038
162
glance_api_version=2
1039
163
````
1040
164
1041
165
If you’re using cephx authentication, also configure the user and 
1042
166
uuid of the secret you added to `libvirt` as documented earlier
1043
167
1044
168
````
1045
169
rbd_user=cinder
1046
170
rbd_secret_uuid=457eb676-33da-42ec-9a8c-9293d545c337
1047
171
````
1048
172
1049
173
## Cinder Backup
1050
174
1051
175
OpenStack Cinder Backup requires a specific daemon so don’t 
1052
176
forget to install it. On your Cinder Backup node, 
1053
177
edit `/etc/cinder/cinder.conf` and add:
1054
178
1055
179
````
1056
180
backup_driver=cinder.backup.drivers.ceph
1057
181
backup_ceph_conf=/etc/ceph/ceph.conf
1058
182
backup_ceph_user=cinder-backup
1059
183
backup_ceph_chunk_size=134217728
1060
184
backup_ceph_pool=backups
1061
185
backup_ceph_stripe_unit=0
1062
186
backup_ceph_stripe_count=0
1063
187
restore_discard_excess_bytes=true
1064
188
````
1065
189
1066
190
### Nova
1067
191
1068
192
In order to boot all the virtual machines directly into Ceph Nova must be 
1069
193
configured. On every Compute nodes, edit `/etc/nova/nova.conf` and add
1070
194
1071
195
````
1072
196
libvirt_images_type=rbd
1073
197
libvirt_images_rbd_pool=volumes
1074
198
libvirt_images_rbd_ceph_conf=/etc/ceph/ceph.conf
1075
199
rbd_user=cinder
1076
200
rbd_secret_uuid=457eb676-33da-42ec-9a8c-9293d545c337
1077
201
````
1078
202
1079
203
It is also a good practice to disable any file injection. Usually, while 
1080
204
booting an instance Nova attempts to open the rootfs of the virtual machine. 
1081
205
Then, it injects directly into the filesystem things like: password, ssh 
1082
206
keys etc... At this point, it is better to rely on the metadata service 
1083
207
and cloud-init. On every Compute nodes, edit `/etc/nova/nova.conf` and add
1084
208
1085
209
````
1086
210
libvirt_inject_password=false
1087
211
libvirt_inject_key=false
1088
212
libvirt_inject_partition=-2
1089
213
````
1090
214
1091
215
## Restart OpenStack
1092
216
1093
217
To activate the Ceph block device driver and load the block device pool name 
1094
218
into the configuration, you must restart OpenStack. 
1095
219
1096
220
````
1097
221
sudo glance-control api restart
1098
222
sudo service nova-compute restart
1099
223
sudo service cinder-volume restart
1100
224
sudo service cinder-backup restart
1101
225
````
1102
226
1103
227
Once OpenStack is up and running, you should be able to create a volume 
1104
228
and boot from it.
1105
229
1106
230
0
1107
=== removed file 'Backup-and-Recovery-Ceph.md'
1108
--- Backup-and-Recovery-Ceph.md	2014-04-02 16:18:10 +0000
1109
+++ Backup-and-Recovery-Ceph.md	1970-01-01 00:00:00 +0000
1110
@@ -1,107 +0,0 @@
1111
1
Title: Backup and Recovery - Ceph
1112
2
Status: In Progress
1113
3
1114
4
# Backup and Recovery - Ceph
1115
5
1116
6
## Introduction
1117
7
1118
8
A snapshot is a read-only copy of the state of an image at a particular point in time. One 
1119
9
of the advanced features of Ceph block devices is that you can create snapshots of the images 
1120
10
to retain a history of an image’s state. Ceph also supports snapshot layering, which allows 
1121
11
you to clone images (e.g., a VM image) quickly and easily. Ceph supports block device snapshots 
1122
12
using the `rbd` command and many higher level interfaces including OpenStack.
1123
13
1124
14
## Scope
1125
15
1126
16
**TODO**
1127
17
1128
18
## Backup
1129
19
1130
20
To create a snapshot with `rbd`, specify the `snap create` option, the pool name and the 
1131
21
image name.
1132
22
1133
23
````
1134
24
rbd --pool {pool-name} snap create --snap {snap-name} {image-name}
1135
25
rbd snap create {pool-name}/{image-name}@{snap-name}
1136
26
````
1137
27
1138
28
For example:
1139
29
1140
30
````
1141
31
rbd --pool rbd snap create --snap snapname foo
1142
32
rbd snap create rbd/foo@snapname
1143
33
````
1144
34
1145
35
## Restore
1146
36
1147
37
To rollback to a snapshot with `rbd`, specify the `snap rollback` option, the pool name, the 
1148
38
image name and the snap name.
1149
39
1150
40
````
1151
41
rbd --pool {pool-name} snap rollback --snap {snap-name} {image-name}
1152
42
rbd snap rollback {pool-name}/{image-name}@{snap-name}
1153
43
````
1154
44
1155
45
For example:
1156
46
1157
47
````
1158
48
rbd --pool rbd snap rollback --snap snapname foo
1159
49
rbd snap rollback rbd/foo@snapname
1160
50
````
1161
51
1162
52
**Note:** Rolling back an image to a snapshot means overwriting the current version of the image 
1163
53
with data from a snapshot. The time it takes to execute a rollback increases with the size of the 
1164
54
image. It is faster to clone from a snapshot than to rollback an image to a snapshot, and it is 
1165
55
the preferred method of returning to a pre-existing state.
1166
56
1167
57
## Maintenance
1168
58
1169
59
Taking snapshots increases your level of security but also costs disk space. To delete older ones
1170
60
you can list them, delete individual ones or purge all snapshots.
1171
61
1172
62
To list snapshots of an image, specify the pool name and the image name.
1173
63
1174
64
````
1175
65
rbd --pool {pool-name} snap ls {image-name}
1176
66
rbd snap ls {pool-name}/{image-name}
1177
67
````
1178
68
1179
69
For example:
1180
70
1181
71
````
1182
72
rbd --pool rbd snap ls foo
1183
73
rbd snap ls rbd/foo
1184
74
````
1185
75
1186
76
To delete a snapshot with `rbd`, specify the `snap rm` option, the pool name, the image name 
1187
77
and the username.
1188
78
1189
79
````
1190
80
rbd --pool {pool-name} snap rm --snap {snap-name} {image-name}
1191
81
rbd snap rm {pool-name}/{image-name}@{snap-name}
1192
82
````
1193
83
1194
84
For example:
1195
85
1196
86
````
1197
87
rbd --pool rbd snap rm --snap snapname foo
1198
88
rbd snap rm rbd/foo@snapname
1199
89
````
1200
90
1201
91
**Note:** Ceph OSDs delete data asynchronously, so deleting a snapshot doesn’t free up the 
1202
92
disk space immediately.
1203
93
1204
94
To delete all snapshots for an image with `rbd`, specify the snap purge option and the 
1205
95
image name.
1206
96
1207
97
````
1208
98
rbd --pool {pool-name} snap purge {image-name}
1209
99
rbd snap purge {pool-name}/{image-name}
1210
100
````
1211
101
1212
102
For example:
1213
103
1214
104
````
1215
105
rbd --pool rbd snap purge foo
1216
106
rbd snap purge rbd/foo
1217
107
````
1218
108
0
1219
=== removed file 'Backup-and-Recovery-Juju.md'
1220
--- Backup-and-Recovery-Juju.md	2014-04-02 16:18:10 +0000
1221
+++ Backup-and-Recovery-Juju.md	1970-01-01 00:00:00 +0000
1222
@@ -1,59 +0,0 @@
1223
1
Title: Backup and Recovery - Juju
1224
2
Status: In Progress
1225
3
1226
4
# Backup and Recovery - Juju
1227
5
1228
6
## Introduction
1229
7
1230
8
**TODO**
1231
9
1232
10
## Scope
1233
11
1234
12
**TODO**
1235
13
1236
14
## Backup
1237
15
1238
16
Jujus working principle is based on storing the state of the cloud in
1239
17
database containing information about the environment, machines, services,
1240
18
and units. Changes to an environment are made to the state first, which are
1241
19
then detected by their according agents. Those are responsible to do the
1242
20
needed steps then.
1243
21
1244
22
This principle allows Juju to easily do a *backup* of this information, plus
1245
23
some needed configuration data and some more useful information more. The 
1246
24
command to do so is `juju-backup`, which saves the currently selected 
1247
25
environment. So please make sure to switch to the environment you want to 
1248
26
backup.
1249
27
1250
28
````
1251
29
$ juju switch my-env
1252
30
$ juju backup
1253
31
````
1254
32
1255
33
The command creates two generations of backups on the bootstrap node, also
1256
34
know as `machine-0`. Beside the state and configuration data about this machine
1257
35
itself and the other ones of its environment the aggregated log for all
1258
36
machines and the one of this machine itself are saved. The aggregated log
1259
37
is the same you're accessing when calling
1260
38
1261
39
````
1262
40
$ juju debug-log
1263
41
````
1264
42
1265
43
and enables you to retrieve helpful information in case of a problem. After
1266
44
the backup is created on the bootstrap node it is transferred to your 
1267
45
working machine into the current directory as `juju-backup-YYYYMMDD-HHMM.tgz`,
1268
46
where *YYYYMMDD-HHMM* is date and time of the backup. In case you want to open 
1269
47
the backup manually to access the mentioned logging data you'll find it in the 
1270
48
contained archive `root.tar`. Here please don't wonder, this way all owner, 
1271
49
access rights and other information are preserved.
1272
50
1273
51
## Restore
1274
52
1275
53
To *restore* an environment the according command is 
1276
54
1277
55
````
1278
56
$ juju restore <BACKUPFILE>
1279
57
````
1280
58
1281
59
This way you're able to choose the concrete environment to restore.
1282
60
0
1283
=== removed file 'Backup-and-Recovery-OpenStack.md'
1284
--- Backup-and-Recovery-OpenStack.md	2014-04-02 16:18:10 +0000
1285
+++ Backup-and-Recovery-OpenStack.md	1970-01-01 00:00:00 +0000
1286
@@ -1,131 +0,0 @@
1287
1
Title: Backup and Recovery - OpenStack
1288
2
Status: In Progress
1289
3
1290
4
# Backup and Recovery - OpenStack
1291
5
1292
6
## Introduction
1293
7
1294
8
The OpenStack flexibility makes backup and restore to a very individual process
1295
9
depending on the used components. This section describes how the critical parts
1296
10
like the configuration files and databases OpenStack needs to run are saved. As
1297
11
before for Juju it doesn't describe ho to back up the objects inside the Object 
1298
12
Storage or the data inside the Block Storage.
1299
13
1300
14
## Scope
1301
15
1302
16
**TODO**
1303
17
1304
18
## Backup Cloud Controller Database
1305
19
1306
20
Like Juju the OpenStack cloud controller uses a database server which stores the
1307
21
central databases for Nova, Glance, Keystone, Cinder, and Switft. You can backup
1308
22
the five databases into one common dump:
1309
23
1310
24
````
1311
25
$ mysqldump --opt --all-databases > openstack.sql
1312
26
````
1313
27
1314
28
Alternatively you can backup the database for each component individually:
1315
29
1316
30
````
1317
31
$ mysqldump --opt nova > nova.sql
1318
32
$ mysqldump --opt glance > glance.sql
1319
33
$ mysqldump --opt keystone > keystone.sql
1320
34
$ mysqldump --opt cinder > cinder.sql
1321
35
$ mysqldump --opt swift > swift.sql
1322
36
````
1323
37
1324
38
## Backup File Systems
1325
39
1326
40
Beside the databases OpenStack uses different directories for its configuration,
1327
41
runtime files, and logging. Like the databases they are grouped individually per
1328
42
component. This way also the backup can be done per component.
1329
43
1330
44
### Nova
1331
45
1332
46
You'll find the configuration directory `/etc/nova` on the cloud controller and 
1333
47
each compute node. It should be regularly backed up.
1334
48
1335
49
Another directory to backup is `/var/lib/nova`. But here you have to be careful
1336
50
with the `instances` subdirectory on the compute nodes. It contains the KVM images
1337
51
of the running instances. If you want to maintain backup copies of those instances
1338
52
you can do a backup here too. In this case make sure to not save a live KVM instance
1339
53
because it may not boot properly after restoring the backup.
1340
54
1341
55
Third directory for the compute component is `/var/log/nova`. In case of a central
1342
56
logging server this directory does not need to be backed up. So we suggest you to
1343
57
run your environment with this kind of logging.
1344
58
1345
59
### Glance
1346
60
1347
61
Like for Nova you'll find the directories `/etc/glance` and `/var/log/glance`, the
1348
62
handling should be the same here too.
1349
63
1350
64
Glance also uses the directory named `/var/lib/glance` which also should be backed
1351
65
up.
1352
66
1353
67
### Keystone
1354
68
1355
69
Keystone is using the directories `/etc/keystone`, `/var/lib/keystone`, and
1356
70
`/var/log/keystone`. They follow the same rules as Nova and Glance. Even if
1357
71
the `lib` directory should not contain any data being used, can also be backed 
1358
72
up just in case.
1359
73
1360
74
### Cinder
1361
75
1362
76
Like before you'll find the directories `/etc/cinder`, `/var/log/cinder`,
1363
77
and `/var/lib/cinder`. And also here the handling should be the same. Opposite
1364
78
to Nova abd Glance there's no special handling of `/var/lib/cinder` needed.
1365
79
1366
80
### Swift
1367
81
1368
82
Beside the Swift configuration the directory `/etc/swift` contains the ring files
1369
83
and the ring builder files. If those get lest the data on your data gets inaccessable.
1370
84
So you can easily imagine how important it is to backup this directory. Best practise
1371
85
is to copy the builder files to the storage nodes along with the ring files. So
1372
86
multiple copies are spread throughout the cluster.
1373
87
1374
88
**TODO(mue)** Really needed when we use Ceph for storage?
1375
89
1376
90
## Restore
1377
91
1378
92
The restore based on the backups is a step-by-step process restoring the components
1379
93
databases and all their directories. It's important that the component to restore is 
1380
94
currently not running. So always start the restoring with stopping all components.
1381
95
1382
96
Let's take Nova as an example. First execute
1383
97
1384
98
````
1385
99
$ stop nova-api
1386
100
$ stop nova-cert
1387
101
$ stop nova-consoleauth
1388
102
$ stop nova-novncproxy
1389
103
$ stop nova-objectstore
1390
104
$ stop nova-scheduler
1391
105
````
1392
106
1393
107
on the cloud controller to savely stop the processes of the component. Next step is the
1394
108
restore of the database. By using the `--opt` option during backup we ensured that all
1395
109
tables are initially dropped and there's no conflict with currently existing data in
1396
110
the databases.
1397
111
1398
112
````
1399
113
$ mysql nova < nova.sql
1400
114
````
1401
115
1402
116
Before restoring the directories you should move at least the configuration directoy,
1403
117
here `/etc/nova`, into a secure location in case you need to roll it back.
1404
118
1405
119
After the database and the files are restored you can start MySQL and Nova again.
1406
120
1407
121
````
1408
122
$ start mysql
1409
123
$ start nova-api
1410
124
$ start nova-cert
1411
125
$ start nova-consoleauth
1412
126
$ start nova-novncproxy
1413
127
$ start nova-objectstore
1414
128
$ start nova-scheduler
1415
129
````
1416
130
1417
131
The process for the other components look similar.
1418
132
0
1419
=== added directory 'Install'
1420
=== added file 'Install/Installing-Ceph.md'
1421
--- Install/Installing-Ceph.md	1970-01-01 00:00:00 +0000
1422
+++ Install/Installing-Ceph.md	2014-04-15 16:06:33 +0000
1423
@@ -0,0 +1,56 @@
1424
1
Title: Installing - Ceph
1425
2
Status: Review
1426
3
1427
4
# Installing - Ceph
1428
5
1429
6
## Introduction
1430
7
1431
8
Typically OpenStack uses the local storage of their nodes for the configuration data
1432
9
as well as for the object storage provided by Swift and the block storage provided by 
1433
10
Cinder and Glance. But it also can use Ceph as storage backend. Ceph stripes block 
1434
11
device images across a cluster. This way it provides a better performance than typical 
1435
12
standalone server. It allows scalabillity and redundancy needs to be satisfied and 
1436
13
Cinder's RDB driver used to create, export and connect volumes to instances.
1437
14
1438
15
## Scope
1439
16
1440
17
This document covers the deployment of Ceph via Juju. Other related documents are
1441
18
1442
19
- [Scaling Ceph](Scaling-Ceph.md)
1443
20
- [Troubleshooting Ceph](Troubleshooting-Ceph.md)
1444
21
- [Appendix Ceph and OpenStack](Appendix-Ceph-and-OpenStack.md)
1445
22
1446
23
## Deployment
1447
24
1448
25
During the installation of OpenStack we've already seen the deployment of Ceph via
1449
26
1450
27
```
1451
28
juju deploy --config openstack-config.yaml -n 3 ceph
1452
29
juju deploy --config openstack-config.yaml -n 10 ceph-osd
1453
30
```
1454
31
1455
32
This will install three Ceph nodes configured with the information contained in the
1456
33
file `openstack-config.yaml`. This file contains the configuration `block-device: None`
1457
34
for Cinder, so that this component does not use the local disk. Instead we're calling
1458
35
Additionally 10 Ceph OSD nodes providing the object storage are deployed and related 
1459
36
to the Ceph nodes by
1460
37
1461
38
```
1462
39
juju add-relation ceph-osd ceph
1463
40
```
1464
41
1465
42
Once the ceph charm has bootstrapped the cluster, it will notify the ceph-osd charm which 
1466
43
will scan for the configured storage devices and add them to the pool of available storage.
1467
44
Now the relation to Cinder and Glance can be established with
1468
45
1469
46
```
1470
47
juju add-relation cinder ceph
1471
48
juju add-relation glance ceph
1472
49
```
1473
50
1474
51
so that both are using the storage provided by Ceph.
1475
52
1476
53
## See also
1477
54
1478
55
- https://manage.jujucharms.com/charms/precise/ceph
1479
56
- https://manage.jujucharms.com/charms/precise/ceph-osd
1480
0
57
1481
=== added file 'Install/Installing-MAAS.md'
1482
--- Install/Installing-MAAS.md	1970-01-01 00:00:00 +0000
1483
+++ Install/Installing-MAAS.md	2014-04-15 16:06:33 +0000
1484
@@ -0,0 +1,467 @@
1485
1
Title: Installing MAAS 
1486
2
Status: In progress
1487
3
Notes:
1488
4
1489
5
1490
6
1491
7
1492
8
1493
9
#Installing the MAAS software
1494
10
1495
11
##Scope of this documentation
1496
12
1497
13
This document provides instructions on how to install the Metal As A Service (MAAS) software. It has been prepared alongside guides for installing Juju, OpenStack and Landscape as part of a production grade cloud environment. MAAS itself may be used in different ways and you can find documentation for this on the main MAAS website [MAAS docs]. For the purposes of this documentation, the following assumptions have been made:
1498
14
* You have sufficient, appropriate node hardware 
1499
15
* You will be using Juju to assign workloads to MAAS
1500
16
* You will be configuring the cluster network to be controlled entirely by MAAS (i.e. DNS and DHCP)
1501
17
* If you have a compatible power-management system, any additional hardware required is also installed(e.g. IPMI network).
1502
18
1503
19
## Introducing MAAS
1504
20
1505
21
Metal as a Service – MAAS – lets you treat physical servers like virtual machines in the cloud. Rather than having to manage each server individually, MAAS turns your bare metal into an elastic cloud-like resource.
1506
22
1507
23
What does that mean in practice? Tell MAAS about the machines you want it to manage and it will boot them, check the hardware’s okay, and have them waiting for when you need them. You can then pull nodes up, tear them down and redeploy them at will; just as you can with virtual machines in the cloud.
1508
24
1509
25
When you’re ready to deploy a service, MAAS gives Juju the nodes it needs to power that service. It’s as simple as that: no need to manually provision, check and, afterwards, clean-up. As your needs change, you can easily scale services up or down. Need more power for your Hadoop cluster for a few hours? Simply tear down one of your Nova compute nodes and redeploy it to Hadoop. When you’re done, it’s just as easy to give the node back to Nova.
1510
26
1511
27
MAAS is ideal where you want the flexibility of the cloud, and the hassle-free power of Juju charms, but you need to deploy to bare metal.
1512
28
1513
29
## Installing MAAS from the Cloud Archive
1514
30
1515
31
The Ubuntu Cloud Archive is a repository made especially to provide users with the most up to date, stable versions of MAAS, Juju and other tools. It is highly recommended to configure this repository and use it to keep your software up to date:
1516
32
1517
33
```
1518
34
sudo add-apt-repository cloud-archive:tools
1519
35
sudo apt-get update
1520
36
```
1521
37
1522
38
There are several packages that comprise a MAAS install. These are:
1523
39
1524
40
maas-region-controller:
1525
41
    Which comprises the 'control' part of the software, including the web-based user interface, the API server and the main database.
1526
42
maas-cluster-controller:
1527
43
    This includes the software required to manage a cluster of nodes, including managing DHCP and boot images.
1528
44
maas-dns:
1529
45
    This is a customised DNS service that MAAS can use locally to manage DNS for all the connected nodes.
1530
46
mass-dhcp:
1531
47
    As for DNS, there is a DHCP service to enable MAAS to correctly enlist nodes and assign IP addresses. The DHCP setup is critical for the correct PXE booting of nodes.
1532
48
1533
49
As a convenience, there is also a `maas` metapackage, which will install all these components
1534
50
1535
51
1536
52
If you need to separate these services or want to deploy an additional cluster controller, you should install the corresponding packages individually (see [_the description of a typical setup_](https://www.filepicker.io/api/file/orientation.html#setup) for more background on how a typical hardware setup might be arranged).
1537
53
1538
54
1539
55
1540
56
1541
57
### Installing the packages
1542
58
1543
59
The configuration for the MAAS controller will automatically run and pop up this config screen:
1544
60
1545
61
![]( install_cluster-config.png)
1546
62
1547
63
Here you will need to enter the hostname for where the region controller can be contacted. In many scenarios, you may be running the region controller (i.e. the web and API interface) from a different network address, for example where a server has several network interfaces.
1548
64
1549
65
Once the configuration scripts have run you should see this message telling you that the system is ready to use:
1550
66
1551
67
![]( install_controller-config.png)
1552
68
1553
69
The web server is started last, so you have to accept this message before the service is run and you can access the Web interface. Then there are just a few more setup steps [_Post-Install tasks_](https://www.filepicker.io/api/file/WMGTttJT6aaLnQrEkAPv?signature=a86d0c3b4e25dba2d34633bbdc6873d9d8e6ae3cecc4672f2219fa81ee478502&policy=eyJoYW5kbGUiOiJXTUdUdHRKVDZhYUxuUXJFa0FQdiIsImV4cGlyeSI6MTM5NTE3NDE2MSwiY2FsbCI6WyJyZWFkIl19#post-install)
1554
70
1555
71
The maas-dhcp and maas-dns packages should be installed by default. You can check whether they are installed with:
1556
72
1557
73
```
1558
74
dpkg -l maas-dhcp maas-dns
1559
75
```
1560
76
1561
77
If they are missing, then:
1562
78
1563
79
```
1564
80
sudo apt-get install maas-dhcp maas-dns
1565
81
```
1566
82
1567
83
And then proceed to the post-install setup below.
1568
84
1569
85
If you now use a web browser to connect to the region controller, you should see that MAAS is running, but there will also be some errors on the screen:
1570
86
1571
87
![]( install_web-init.png)
1572
88
1573
89
The on screen messages will tell you that there are no boot images present, and that you can't login because there is no admin user.
1574
90
1575
91
## Create a superuser account
1576
92
1577
93
Once MAAS is installed, you'll need to create an administrator account:
1578
94
1579
95
```
1580
96
sudo maas createadmin --username=root --email=MYEMAIL@EXAMPLE.COM
1581
97
```
1582
98
1583
99
Substitute your own email address in the command above. You may also use a different username for your administrator account, but "root" is a common convention and easy to remember. The command will prompt for a password to assign to the new user.
1584
100
1585
101
You can run this command again for any further administrator accounts you may wish to create, but you need at least one.
1586
102
1587
103
## Import the boot images
1588
104
1589
105
MAAS will check for and download new Ubuntu images once a week. However, you'll need to download them manually the first time. To do this you will need to connect to the MAAS API using the maas-cli tool. (see for details). Then you need to run the command:
1590
106
1591
107
```
1592
108
maas-cli maas node-groups import-boot-images
1593
109
```
1594
110
1595
111
(substitute in a different profile name for 'maas' if you have called yours something else) This will initiate downloading the required image files. Note that this may take some time depending on your network connection.
1596
112
1597
113
1598
114
## Login to the server
1599
115
1600
116
To check that everything is working properly, you should try and login to the server now. Both the error messages should have gone (it can take a few minutes for the boot image files to register) and you can see that there are currently 0 nodes attached to this controller.
1601
117
1602
118
![]( install-login.png)
1603
119
## Configure switches on the network
1604
120
1605
121
Some switches use Spanning-Tree Protocol (STP) to negotiate a loop-free path through a root bridge. While scanning, it can make each port wait up to 50 seconds before data is allowed to be sent on the port. This delay in turn can cause problems with some applications/protocols such as PXE, DHCP and DNS, of which MAAS makes extensive use.
1606
122
1607
123
To alleviate this problem, you should enable [Portfast](https://www.symantec.com/business/support/index?page=content&id=HOWTO6019) for Cisco switches or its equivalent on other vendor equipment, which enables the ports to come up almost immediately.
1608
124
1609
125
##Add an additional cluster
1610
126
1611
127
Whilst it is certainly possible to run MAAS with just one cluster controller for all the nodes, in the interests of easier maintenance, uprades and stability, it is desirable to have at least two operational clusters.
1612
128
1613
129
Each cluster needs a controller node. Install Ubuntu on this node and then follow a similar setup proceedure to install the cluster controller software:
1614
130
1615
131
```
1616
132
sudo add-apt-repository cloud-archive:tools
1617
133
sudo apt-get update
1618
134
sudo apt-get install maas-cluster-controller
1619
135
sudo apt-get install maas-dhcp
1620
136
```
1621
137
1622
138
During the install process, a configuration window will appear. You merely need to type in the address of the MAAS controller API, like this:
1623
139
1624
140
![config-image.png]
1625
141
1626
142
## Configure Cluster Controller(s)
1627
143
1628
144
### Cluster acceptance
1629
145
When you install your first cluster controller on the same system as the region controller, it will be automatically accepted by default (but not yet configured, see below). Any other cluster controllers you set up will show up in the user interface as “pending,” until you manually accept them into the MAAS.
1630
146
1631
147
To accept a cluster controller, click on the settings “cog” icon at the top right to visit the settings page:
1632
148
![]settings.png
1633
149
You can either click on “Accept all” or click on the edit icon to edit the cluster. After clicking on the edit icon, you will see this page:
1634
150
1635
151
![]cluster-edit.png
1636
152
Here you can change the cluster’s name as it appears in the UI, its DNS zone, and its status. Accepting the cluster changes its status from “pending” to “accepted.”
1637
153
1638
154
Now that the cluster controller is accepted, you can configure one or more of its network interfaces to be managed by MAAS. This will enable the cluster controller to manage nodes attached to those networks. The next section explains how to do this and what choices are to be made.
1639
155
1640
156
### Configuration
1641
157
MAAS automatically recognises the network interfaces on each cluster controller. Some of these will be connected to networks where you want to manage nodes. We recommend letting your cluster controller act as a DHCP server for these networks, by configuring those interfaces in the MAAS user interface.
1642
158
1643
159
As an example, we will configure the cluster controller to manage a network on interface eth0. Click on the edit icon for eth0, which takes us to this page:
1644
160
1645
161
![]cluster-interface-edit.png
1646
162
Here you can select to what extent you want the cluster controller to manage the network:
1647
163
1648
164
DHCP only - this will run a DHCP server on your cluster
1649
165
DHCP and DNS - this will run a DHCP server on the cluster and configure the DNS server included with the region controller so that it can be used to look up hosts on this network by name.
1650
166
Note
1651
167
You cannot have DNS management without DHCP management because MAAS relies on its own DHCP server’s leases file to work out the IP address of nodes in the cluster.
1652
168
If you set the interface to be managed, you now need to provide all of the usual DHCP details in the input fields below. Once done, click “Save interface”. The cluster controller will now be able to boot nodes on this network.
1653
169
1654
170
!!! note:There is also an option to leave the network unmanaged. Use this for networks where you don’t want to manage any nodes. Or, if you do want to manage nodes but don’t want the cluster controller to serve DHCP, you may be able to get by without it. This is explained in Manual DHCP configuration.
1655
171
1656
172
!!! note: A single cluster controller can manage more than one network, each from a different network interface on the cluster-controller server. This may help you scale your cluster to larger numbers of nodes, or it may be a requirement of your network architecture.
1657
173
1658
174
## Enlisting nodes
1659
175
1660
176
Now that the MAAS controller is running, we need to make the nodes aware of MAAS and vice-versa. With MAAS controlling DHCP and nodes capable of PXE booting, this is straightforward
1661
177
1662
178
Automatic Discovery
1663
179
With nodes set to boot from a PXE image, they will start, look for a DHCP server, receive the PXE boot details, boot the image, contact the MAAS server and shut down.
1664
180
1665
181
During this process, the MAAS server will be passed information about the node, including the architecture, MAC address and other details which will be stored in the database of nodes. You can accept and comission the nodes via the web interface. When the nodes have been accepted the selected series of Ubuntu will be installed.
1666
182
1667
183
To save time, you can also accept and commission all nodes from the commandline. This requires that you first login with the API key [1], which you can retrieve from the web interface:
1668
184
1669
185
```
1670
186
maas-cli maas nodes accept-all
1671
187
```
1672
188
1673
189
### Manually adding nodes
1674
190
1675
191
If your nodes are not capable of booting from PXE images, they can be manually registered with MAAS. On the Nodes screen:
1676
192
![]add-node.png
1677
193
1678
194
Select 'Add node' and manually enter details about the node, including its MAC address. This is used to identify the node when it contacts the DHCP server.
1679
195
1680
196
1681
197
1682
198
## Preparing MAAS for Juju using Simplestreams
1683
199
1684
200
When Juju bootstraps a cloud, it needs two critical pieces of information:
1685
201
1686
202
1. The uuid of the image to use when starting new compute instances.
1687
203
2. The URL from which to download the correct version of a tools tarball.
1688
204
1689
205
This necessary information is stored in a json metadata format called "simplestreams". For supported public cloud services such as Amazon Web Services, HP Cloud, Azure, etc, no action is required by the end user. However, those setting up a private cloud, or who want to change how things work (eg use a different Ubuntu image), can create their own metadata, after understanding a bit about how it works.
1690
206
1691
207
The simplestreams format is used to describe related items in a structural fashion.( [See the Launchpad project lp:simplestreams for more details on implementation](https://launchpad.net/simplestreams)). Below we will discuss how Juju determines which metadata to use, and how to create your own images and tools and have Juju use them instead of the defaults.
1692
208
1693
209
### Basic Workflow
1694
210
1695
211
Whether images or tools, Juju uses a search path to try and find suitable metadata. The path components (in order of lookup) are:
1696
212
1697
213
1. User supplied location (specified by tools-metadata-url or image-metadata-url config settings).
1698
214
2. The environment's cloud storage.
1699
215
3. Provider specific locations (eg keystone endpoint if on Openstack).
1700
216
4. A web location with metadata for supported public clouds (https://streams.canonical.com).
1701
217
1702
218
Metadata may be inline signed, or unsigned. We indicate a metadata file is signed by using the '.sjson' extension. Each location in the path is first searched for signed metadata, and if none is found, unsigned metadata is attempted before moving onto the next path location.
1703
219
1704
220
Juju ships with public keys used to validate the integrity of image and tools metadata obtained from https://streams.canonical.com. So out of the box, Juju will "Just Work" with any supported public cloud, using signed metadata. Setting up metadata for a private (eg Openstack) cloud requires metadata to be generated using tools which ship with Juju.
1705
221
1706
222
### Image Metadata Contents
1707
223
1708
224
Image metadata uses a simplestreams content type of "image-ids". The product id is formed as follows:
1709
225
1710
226
com.ubuntu.cloud:server:<series_version>:<arch> For Example:
1711
227
com.ubuntu.cloud:server:14.04:amd64 Non-released images (eg beta, daily etc) have product ids like:
1712
228
com.ubuntu.cloud.daily:server:13.10:amd64
1713
229
1714
230
The metadata index and product files are required to be in the following directory tree (relative to the URL associated with each path component):
1715
231
1716
232
<path_url> |-streams |-v1 |-index.(s)json |-product-foo.(s)json |-product-bar.(s)json
1717
233
1718
234
The index file must be called "index.(s)json" (sjson for signed). The various product files are named according to the Path values contained in the index file.
1719
235
1720
236
Tools metadata uses a simplestreams content type of "content-download". The product id is formed as follows:
1721
237
1722
238
"com.ubuntu.juju:<series_version>:<arch>"
1723
239
1724
240
For example:
1725
241
1726
242
"com.ubuntu.juju:12.04:amd64"
1727
243
1728
244
The metadata index and product files are required to be in the following directory tree (relative to the URL associated with each path component). In addition, tools tarballs which Juju needs to download are also expected.
1729
245
1730
246
|-streams | |-v1 | |-index.(s)json | |-product-foo.(s)json | |-product-bar.(s)json | |-releases |-tools-abc.tar.gz |-tools-def.tar.gz |-tools-xyz.tar.gz
1731
247
1732
248
The index file must be called "index.(s)json" (sjson for signed). The product file and tools tarball name(s) match whatever is in the index/product files.
1733
249
1734
250
### Configuration
1735
251
1736
252
For supported public clouds, no extra configuration is required; things work out-of-the-box. However, for testing purposes, or for non-supported cloud deployments, Juju needs to know where to find the tools and which image to run. Even for supported public clouds where all required metadata is available, the user can put their own metadata in the search path to override what is provided by the cloud.
1737
253
1738
254
#### User specified URLs
1739
255
1740
256
These are initially specified in the environments.yaml file (and then subsequently copied to the jenv file when the environment is bootstrapped). For images, use "image-metadata-url"; for tools, use "tools-metadata-url". The URLs can point to a world readable container/bucket in the cloud, an address served by a http server, or even a shared directory which is accessible by all node instances running in the cloud.
1741
257
1742
258
Assume an Apache http server with base URL `https://juju-metadata` , providing access to information at `<base>/images` and `<base>/tools` . The Juju environment yaml file could have the following entries (one or both):
1743
259
1744
260
tools-metadata-url: https://juju-metadata/tools image-metadata-url: https://juju-metadata/images
1745
261
1746
262
The required files in each location is as per the directory layout described earlier. For a shared directory, use a URL of the form "file:///sharedpath".
1747
263
1748
264
#### Cloud storage
1749
265
1750
266
If no matching metadata is found in the user specified URL, environment's cloud storage is searched. No user configuration is required here - all Juju environments are set up with cloud storage which is used to store state information, charms etc. Cloud storage setup is provider dependent; for Amazon and Openstack clouds, the storage is defined by the "control-bucket" value, for Azure, the "storage-account-name" value is relevant.
1751
267
1752
268
The (optional) directory structure inside the cloud storage is as follows:
1753
269
1754
270
|-tools | |-streams | |-v1 | |-releases | |-images |-streams |-v1
1755
271
1756
272
Of course, if only custom image metadata is required, the tools directory will not be required, and vice versa.
1757
273
1758
274
Note that if juju bootstrap is run with the `--upload-tools` option, the tools and metadata are placed according to the above structure. That's why the tools are then available for Juju to use.
1759
275
1760
276
#### Provider specific storage
1761
277
1762
278
Providers may allow additional locations to search for metadata and tools. For OpenStack, Keystone endpoints may be created by the cloud administrator. These are defined as follows:
1763
279
1764
280
juju-tools the &LT;path_url&GT; value as described above in Tools Metadata Contentsproduct-streams the &LT;path_url&GT; value as described above in Image Metadata Contents
1765
281
1766
282
Other providers may similarly be able to specify locations, though the implementation will vary.
1767
283
1768
284
This is the default location used to search for image and tools metadata and is used if no matches are found earlier in any of the above locations. No user configuration is required.
1769
285
1770
286
There are two main issues when deploying a private cloud:
1771
287
1772
288
1. Image ids will be specific to the cloud.
1773
289
2. Often, outside internet access is blocked
1774
290
1775
291
Issue 1 means that image id metadata needs to be generated and made available.
1776
292
1777
293
Issue 2 means that tools need to be mirrored locally to make them accessible.
1778
294
1779
295
Juju tools exist to help with generating and validating image and tools metadata. For tools, it is often easiest to just mirror `https://streams.canonical.com/tools` . However image metadata cannot be simply mirrored because the image ids are taken from the cloud storage provider, so this needs to be generated and validated using the commands described below.
1780
296
1781
297
The available Juju metadata tools can be seen by using the help command:
1782
298
1783
299
juju help metadata
1784
300
1785
301
The overall workflow is:
1786
302
1787
303
- Generate image metadata
1788
304
- Copy image metadata to somewhere in the metadata search path
1789
305
- Optionally, mirror tools to somewhere in the metadata search path
1790
306
- Optionally, configure tools-metadata-url and/or image-metadata-url
1791
307
1792
308
#### Image metadata
1793
309
1794
310
Generate image metadata using
1795
311
1796
312
juju metadata generate-image -d <metadata_dir>
1797
313
1798
314
As a minimum, the above command needs to know the image id to use and a directory in which to write the files.
1799
315
1800
316
Other required parameters like region, series, architecture etc. are taken from the current Juju environment (or an environment specified with the -e option). These parameters can also be overridden on the command line.
1801
317
1802
318
The image metadata command can be run multiple times with different regions, series, architecture, and it will keep adding to the metadata files. Once all required image ids have been added, the index and product json files can be uploaded to a location in the Juju metadata search path. As per the Configuration section, this may be somewhere specified by the `image-metadata-url` setting or the cloud's storage etc.
1803
319
1804
320
Examples:
1805
321
1806
322
1. image-metadata-url
1807
323
1808
324
- upload contents of to `http://somelocation`
1809
325
- set image-metadata-url to `http://somelocation/images`
1810
326
1811
327
2. Cloud storage
1812
328
1813
329
If run without parameters, the validation command will take all required details from the current Juju environment (or as specified by -e) and output the image id it would use to spin up an instance. Alternatively, series, region, architecture etc. can be specified on the command line to override the values in the environment config.
1814
330
#### Tools metadata
1815
331
1816
332
Generally, tools and related metadata are mirrored from `https://streams.canonical.com/tools` . However, it is possible to manually generate metadata for a custom built tools tarball.
1817
333
1818
334
First, create a tarball of the relevant tools and place in a directory structured like this:
1819
335
1820
336
<tools_dir>/tools/releases/
1821
337
1822
338
Now generate relevant metadata for the tools by running the command:
1823
339
1824
340
juju generate-tools -d <tools_dir>
1825
341
1826
342
Finally, the contents of can be uploaded to a location in the Juju metadata search path. As per the Configuration section, this may be somewhere specified by the tools-metadata-url setting or the cloud's storage path settings etc.
1827
343
1828
344
Examples:
1829
345
1830
346
1. tools-metadata-url
1831
347
1832
348
- upload contents of the tools dir to `http://somelocation`
1833
349
- set tools-metadata-url to `http://somelocation/tools`
1834
350
1835
351
2. Cloud storage
1836
352
1837
353
upload contents of directly to environment's cloud storage
1838
354
1839
355
As with image metadata, the validation command is used to ensure tools are available for Juju to use:
1840
356
1841
357
juju metadata validate-tools
1842
358
1843
359
The same comments apply. Run the validation tool without parameters to use details from the Juju environment, or override values as required on the command line. See `juju help metadata validate-tools` for more details.
1844
360
1845
361
##Appendix I - Using Tags
1846
362
##Appendix II - Using the MAAS CLI
1847
363
As well as the web interface, many tasks can be performed by accessing the MAAS API directly through the maas-cli command. This section details how to login with this tool and perform some common operations.
1848
364
1849
365
###Logging in
1850
366
Before the API will accept any commands from maas-cli, you must first login. To do this, you need the API key which can be found in the user interface.
1851
367
1852
368
Login to the web interface on your MAAS. Click on the username in the top right corner and select ‘Preferences’ from the menu which appears.
1853
369
1854
370
![]maascli-prefs.png
1855
371
A new page will load...
1856
372
1857
373
![]maascli-key.png
1858
374
The very first item is a list of MAAS keys. One will have already been generated when the system was installed. It’s easiest to just select all the text, copy the key (it’s quite long!) and then paste it into the commandline. The format of the login command is:
1859
375
1860
376
```
1861
377
 maas-cli login <profile-name> <hostname> <key>
1862
378
```
1863
379
1864
380
The profile created is an easy way of associating your credentials with any subsequent call to the API. So an example login might look like this:
1865
381
1866
382
```
1867
383
maas-cli login maas http://10.98.0.13/MAAS/api/1.0
1868
384
AWSCRMzqMNy:jjk...5e1FenoP82Qm5te2
1869
385
```
1870
386
which creates the profile ‘maas’ and registers it with the given key at the specified API endpoint. If you omit the credentials, they will be prompted for in the console. It is also possible to use a hyphen, ‘-‘ in place of the credentials. In this case a single line will be read from stdin, stripped of any whitespace and used as the credentials, which can be useful if you are devolping scripts for specific tasks. If an empty string is passed instead of the credentials, the profile will be logged in anonymously (and consequently some of the API calls will not be available)
1871
387
1872
388
### maas-cli commands
1873
389
The maas-cli command exposes the whole API, so you can do anything you actually can do with MAAS using this command. This leaves us with a vast number of options, which are more fully expressed in the complete [2][MAAS Documentation]
1874
390
1875
391
list:
1876
392
    lists the details [name url auth-key] of all the currently logged-in profiles.
1877
393
1878
394
login <profile> <url> <key>:
1879
395
    Logs in to the MAAS controller API at the given URL, using the key provided and
1880
396
    associates this connection with the given profile name.
1881
397
1882
398
logout <profile>:
1883
399
    Logs out from the given profile, flushing the stored credentials.
1884
400
1885
401
refresh:
1886
402
    Refreshes the API descriptions of all the current logged in profiles. This may become necessary for example when upgrading the maas packages to ensure the command-line options match with the API.
1887
403
1888
404
### Useful examples
1889
405
1890
406
Displays current status of nodes in the commissioning phase:
1891
407
```
1892
408
maas cli maas nodes check-commissioning
1893
409
```
1894
410
1895
411
Accept and commission all discovered nodes:
1896
412
```
1897
413
maas-cli maas nodes accept-all
1898
414
```
1899
415
1900
416
List all known nodes:
1901
417
```
1902
418
maas-cli maas nodes list
1903
419
```
1904
420
1905
421
Filter the list using specific key/value pairs:
1906
422
```
1907
423
maas-cli maas nodes list architecture="i386/generic"
1908
424
```
1909
425
1910
426
Set the power parameters for an ipmi enabled node:
1911
427
```
1912
428
maas-cli maas node update <system_id> \
1913
429
  power_type="ipmi" \
1914
430
  power_parameters_power_address=192.168.22.33 \
1915
431
  power_parameters_power_user=root \
1916
432
  power_parameters_power_pass=ubuntu;
1917
433
```
1918
434
## Appendix III - Physical Zones
1919
435
1920
436
To help you maximise fault-tolerance and performance of the services you deploy, MAAS administrators can define _physical zones_ (or just _zones_ for short), and assign nodes to them. When a user requests a node, they can ask for one that is in a specific zone, or one that is not in a specific zone.
1921
437
1922
438
It's up to you as an administrator to decide what a physical zone should represent: it could be a server rack, a room, a data centre, machines attached to the same UPS, or a portion of your network. Zones are most useful when they represent portions of your infrastructure. But you could also use them simply to keep track of where your systems are located.
1923
439
1924
440
Each node is in one and only one physical zone. Each MAAS instance ships with a default zone to which nodes are attached by default. If you do not need this feature, you can simply pretend it does not exist.
1925
441
1926
442
### Applications
1927
443
1928
444
Since you run your own MAAS, its physical zones give you more flexibility than those of a third-party hosted cloud service. That means that you get to design your zones and define what they mean. Below are some examples of how physical zones can help you get the most out of your MAAS.
1929
445
1930
446
### Creating a Zone
1931
447
1932
448
Only administrators can create and manage zones. To create a physical zone in the web user interface, log in as an administrator and browse to the "Zones" section in the top bar. This will takes you to the zones listing page. At the bottom of the page is a button for creating a new zone:
1933
449
1934
450
![]add-zone.png
1935
451
1936
452
Or to do it in the [_region-controller API_][#region-controller-api], POST your zone definition to the _"zones"_ endpoint.
1937
453
1938
454
### Assigning Nodes to a Zone
1939
455
1940
456
Once you have created one or more physical zones, you can set nodes' zones from the nodes listing page in the UI. Select the nodes for which you wish to set a zone, and choose "Set physical zone" from the "Bulk action" dropdown list near the top. A second dropdown list will appear, to let you select which zone you wish to set. Leave it blank to clear nodes' physical zones. Clicking "Go" will apply the change to the selected nodes.
1941
457
1942
458
You can also set an individual node's zone on its "Edit node" page. Both ways are available in the API as well: edit an individual node through a request to the node's URI, or set the zone on multiple nodes at once by calling the operation on the endpoint.
1943
459
1944
460
### Allocating a Node in a Zone
1945
461
1946
462
To deploy in a particular zone, call the method in the [_region-controller API_][#region-controller-api] as before, but pass the parameter with the name of the zone. The method will allocate a node in that zone, or fail with an HTTP 409 ("conflict") error if the zone has no nodes available that match your request.
1947
463
1948
464
Alternatively, you may want to request a node that is _not_ in a particular zone, or one that is not in any of several zones. To do that, specify the parameter to . This parameter takes a list of zone names; the allocated node will not be in any of them. Again, if that leaves no nodes available that match your request, the call will return a "conflict" error.
1949
465
1950
466
It is possible, though not usually useful, to combine the and parameters. If your choice for is also present in , no node will ever match your request. Or if it's not, then the values will not affect the result of the call at all.
1951
467
1952
0
468
1953
=== added file 'Install/Intro.md'
1954
--- Install/Intro.md	1970-01-01 00:00:00 +0000
1955
+++ Install/Intro.md	2014-04-15 16:06:33 +0000
1956
@@ -0,0 +1,28 @@
1957
1
Title: Introduction
1958
2
1959
3
#Ubuntu Cloud Documentation
1960
4
1961
5
## Deploying Production Grade OpenStack with MAAS, Juju and Landscape
1962
6
1963
7
This documentation has been created to describe best practice in deploying
1964
8
a Production Grade installation of OpenStack using current Canonical 
1965
9
technologies, including bare metal provisioning using MAAS, service 
1966
10
orchestration with Juju and system management with Landscape.
1967
11
1968
12
This documentation is divided into four main topics:
1969
13
1970
14
 1. [Installing the MAAS Metal As A Service software](../installing-maas.html)
1971
15
 2. [Installing Juju and configuring it to work with MAAS](../installing-juju.html)
1972
16
 3. [Using Juju to deploy OpenStack](../installing-openstack.html)
1973
17
 4. [Deploying Landscape to manage your OpenStack cloud](../installing-landscape)
1974
18
 
1975
19
Once you have an up and running OpenStack deployment, you should also read
1976
20
our [Administration Guide](../admin-intro.html) which details common tasks
1977
21
for maintenance and scaling of your service. 
1978
22
1979
23
1980
24
## Legal notices
1981
25
1982
26
1983
27
1984
28
![Canonical logo](./media/logo-canonical_no™-aubergine-hex.jpg)
1985
0
29
1986
=== added file 'Install/installing-openstack-outline.md'
1987
--- Install/installing-openstack-outline.md	1970-01-01 00:00:00 +0000
1988
+++ Install/installing-openstack-outline.md	2014-04-15 16:06:33 +0000
1989
@@ -0,0 +1,395 @@
1990
1
Title:Installing OpenStack
1991
2
1992
3
# Installing OpenStack
1993
4
1994
5
![Openstack](../media/openstack.png)
1995
6
1996
7
##Introduction
1997
8
1998
9
OpenStack is a versatile, open source cloud environment equally suited to serving up public, private or hybrid clouds. Canonical is a Platinum Member of the OpenStack foundation and has been involved with the OpenStack project since its inception; the software covered in this document has been developed with the intention of providing a streamlined way to deploy and manage OpenStack installations.
1999
10
2000
11
### Scope of this documentation
2001
12
2002
13
The OpenStack platform is powerful and its uses diverse. This section of documentation 
2003
14
is primarily concerned with deploying a 'standard' running OpenStack system using, but not limited to, Canonical components such as MAAS, Juju and Ubuntu. Where appropriate other methods and software will be mentioned.
2004
15
2005
16
### Assumptions
2006
17
2007
18
1. Use of MAAS
2008
19
   This document is written to provide instructions on how to deploy OpenStack using MAAS for hardware provisioning. If you are not deploying directly on hardware, this method will still work, with a few alterations, assuming you have a properly configured Juju environment. The main difference will be that you will have to provide different configuration options depending on the network configuration.
2009
20
   
2010
21
2. Use of Juju
2011
22
   This document assumes an up to date, stable release version of Juju.
2012
23
   
2013
24
3. Local network configuration
2014
25
   This document assumes that you have an adequate local network configuration, including separate interfaces for access to the OpenStack cloud. Ideal networks are laid out in the [MAAS][MAAS documentation for OpenStack]
2015
26
2016
27
## Planning an installation
2017
28
2018
29
Before deploying any services, it is very useful to take stock of the resources available and how they are to be used. OpenStack comprises of a number of interrelated services (Nova, Swift, etc) which each have differing demands in terms of hosts. For example, the Swift service, which provides object storage, has a different requirement than the Nova service, which provides compute resources.
2019
30
2020
31
The minimum requirements for each service and recommendations are laid out in the official [oog][OpenStack Operations Guide] which is available (free) in HTML or various downloadable formats. For guidance, the following minimums are recommended for Ubuntu Cloud:
2021
32
2022
33
[insert minimum hardware spec]
2023
34
2024
35
2025
36
2026
37
The recommended composition of nodes for deploying OpenStack with MAAS and Juju is that all nodes in the system should be capable of running *ANY* of the services. This is best practice for the robustness of the system, as since any physical node should fail, another can be repurposed to take its place. This obviously extends to any hardware requirements such as extra network interfaces.
2027
38
2028
39
If for reasons of economy or otherwise you choose to use different configurations of hardware, you should note that your ability to overcome hardware failure will be reduced. It will also be necessary to target deployments to specific nodes - see the section in the MAAS documentation on tags [MAAS tags]
2029
40
2030
41
2031
42
###Create the OpenStack configuration file
2032
43
2033
44
We will be using Juju charms to deploy the component parts of OpenStack. Each charm encapsulates everything required to set up a particular service. However, the individual services have many configuration options, some of which we will want to change. 
2034
45
2035
46
To make this task easier and more reproduceable, we will create a separate configuration file with the relevant options for all the services. This is written in a standard YAML format. 
2036
47
2037
48
You can download the [openstack-config.yaml] file we will be using from here. It is also reproduced below:
2038
49
2039
50
```
2040
51
keystone:
2041
52
  admin-password: openstack
2042
53
  debug: 'true'
2043
54
  log-level: DEBUG
2044
55
nova-cloud-controller:
2045
56
  network-manager: 'Neutron'
2046
57
  quantum-security-groups: 'yes'
2047
58
  neutron-external-network: Public_Network
2048
59
nova-compute:
2049
60
  enable-live-migration: 'True'
2050
61
  migration-auth-type: "none"
2051
62
  virt-type: kvm
2052
63
  #virt-type: lxc
2053
64
  enable-resize: 'True'
2054
65
quantum-gateway:
2055
66
  ext-port: 'eth1'
2056
67
  plugin: ovs
2057
68
glance:
2058
69
  ceph-osd-replication-count: 3
2059
70
cinder:
2060
71
  block-device: None
2061
72
  ceph-osd-replication-count: 3
2062
73
  overwrite: "true"
2063
74
  glance-api-version: 2
2064
75
ceph:
2065
76
  fsid: a51ce9ea-35cd-4639-9b5e-668625d3c1d8
2066
77
  monitor-secret: AQCk5+dR6NRDMRAAKUd3B8SdAD7jLJ5nbzxXXA==
2067
78
  osd-devices: /dev/sdb
2068
79
  osd-reformat: 'True'
2069
80
```
2070
81
2071
82
For all services, we can configure the `openstack-origin` to point to an install source. In this case, we will rely on the default, which will point to the relevant sources for the Ubuntu 14.04 LTS Trusty release. Further configuration for each service is explained below:
2072
83
2073
84
####keystone
2074
85
admin password:
2075
86
    You should set a memorable password here to be able to access OpenStack when it is deployed
2076
87
2077
88
debug: 
2078
89
    It is useful to set this to 'true' initially, to monitor the setup. this will produce more verbose messaging.
2079
90
   
2080
91
log-level: 
2081
92
    Similarly, setting the log-level to DEBUG means that more verbose logs can be generated. These options can be changed once the system is set up and running normally. 
2082
93
2083
94
####nova-cloud-controller
2084
95
2085
96
cloud-controller:
2086
97
    'Neutron' - Other options are now depricated.
2087
98
    
2088
99
quantum-security-groups: 
2089
100
    'yes'
2090
101
    
2091
102
neutron-external-network: 
2092
103
    Public_Network - This is an interface we will use for allowing access to the cloud, and will be defined later
2093
104
2094
105
####nova-compute
2095
106
enable-live-migration: 
2096
107
  We have set this to 'True'
2097
108
2098
109
migration-auth-type: 
2099
110
    "none"
2100
111
2101
112
virt-type: 
2102
113
    kvm
2103
114
2104
115
enable-resize: 
2105
116
    'True'
2106
117
2107
118
####quantum-gateway
2108
119
ext-port:
2109
120
    This is where we specify the hardware for the public network. Use 'eth1' or the relevant 
2110
121
  plugin: ovs
2111
122
  
2112
123
  
2113
124
####glance
2114
125
2115
126
  ceph-osd-replication-count: 3
2116
127
2117
128
####cinder
2118
129
  openstack-origin: cloud:trusty-icehouse/updates
2119
130
  block-device: None
2120
131
  ceph-osd-replication-count: 3
2121
132
  overwrite: "true"
2122
133
  glance-api-version: 2
2123
134
  
2124
135
####ceph
2125
136
  
2126
137
fsid: 
2127
138
    The fsid is simply a unique identifier. You can generate a suitable value by running `uuidgen`  which should return a value which looks like: a51ce9ea-35cd-4639-9b5e-668625d3c1d8
2128
139
    
2129
140
monitor-secret: 
2130
141
    The monitor secret is a secret string used to authenticate access. There is advice on how to generate a suitable secure secret at [ceph][the ceph website]. A typical value would be `AQCk5+dR6NRDMRAAKUd3B8SdAD7jLJ5nbzxXXA==`
2131
142
    
2132
143
osd-devices: 
2133
144
    This should point (in order of preference) to a device,partition or filename. In this case we will assume secondary device level storage located at `/dev/sdb`
2134
145
    
2135
146
osd-reformat: 
2136
147
    We will set this to 'True', allowing ceph to reformat the drive on provisioning. 
2137
148
    
2138
149
  
2139
150
##Deploying OpenStack with Juju
2140
151
Now that the configuration is defined, we can use Juju to deploy and relate the services.
2141
152
2142
153
###Initialising Juju
2143
154
Juju requires a minimal amount of setup. Here we assume it has already been configured to work with your MAAS cluster (see the [juju_install][Juju Install Guide] for more information on this.
2144
155
2145
156
Firstly, we need to fetch images and tools that Juju will use:
2146
157
```
2147
158
juju sync-tools --debug
2148
159
```
2149
160
Then we can create the bootstrap instance:
2150
161
2151
162
```
2152
163
juju bootstrap --upload-tools --debug
2153
164
```
2154
165
We use the upload-tools switch to use the local versions of the tools which we just fetched. The debug switch will give verbose output which can be useful. This process may take a few minutes, as Juju is creating an instance and installing the tools. When it has finished, you can check the status of the system with the command:
2155
166
```
2156
167
juju status
2157
168
```
2158
169
This should return something like:
2159
170
```
2160
171
---------- example 
2161
172
```
2162
173
### Deploy the OpenStack Charms
2163
174
2164
175
Now that the Juju bootstrap node is up and running we can deploy the services required to make our OpenStack installation. To configure these services properly as they are deployed, we will make use of the configuration file we defined earlier, by passing it along with the `--config` switch with each deploy command. Substitute in the name and path of your config file if different.
2165
176
2166
177
It is useful but not essential to deploy the services in the order below. It is also highly reccommended to open an additional terminal window and run the command `juju debug-log`. This will output the logs of all the services as they run, and can be useful for troubleshooting.
2167
178
2168
179
It is also recommended to run a `juju status` command periodically, to check that each service has been installed and is running properly. If you see any errors, please consult the [troubleshooting][troubleshooting section below].
2169
180
2170
181
```
2171
182
juju deploy --to=0 juju-gui
2172
183
juju deploy rabbitmq-server
2173
184
juju deploy mysql
2174
185
juju deploy --config openstack-config.yaml openstack-dashboard
2175
186
juju deploy --config openstack-config.yaml keystone
2176
187
juju deploy --config openstack-config.yaml ceph -n 3
2177
188
juju deploy --config openstack-config.yaml nova-compute -n 3
2178
189
juju deploy --config openstack-config.yaml quantum-gateway
2179
190
juju deploy --config openstack-config.yaml cinder
2180
191
juju deploy --config openstack-config.yaml nova-cloud-controller
2181
192
juju deploy --config openstack-config.yaml glance
2182
193
juju deploy --config openstack-config.yaml ceph-radosgw
2183
194
```
2184
195
2185
196
2186
197
### Add relations between the OpenStack services
2187
198
2188
199
Although the services are now deployed, they are not yet connected together. Each service currently exists in isolation. We use the `juju add-relation`command to make them aware of each other and set up any relevant connections and protocols. This extra configuration is taken care of by the individual charms themselves. 
2189
200
2190
201
    
2191
202
We should start adding relations between charms by setting up the Keystone authorization service and its database, as this will be needed by many of the other connections:
2192
203
2193
204
juju add-relation keystone mysql
2194
205
2195
206
We wait until the relation is set. After it finishes check it with juju status:
2196
207
2197
208
```
2198
209
juju status mysql
2199
210
juju status keystone
2200
211
```
2201
212
2202
213
It can take a few moments for this service to settle. Although it is certainly possible to continue adding relations (Juju manages a queue for pending actions) it can be counterproductive in terms of the overall time taken, as many of the relations refer to the same services.
2203
214
The following relations also need to be made:
2204
215
```
2205
216
juju add-relation nova-cloud-controller mysql
2206
217
juju add-relation nova-cloud-controller rabbitmq-server
2207
218
juju add-relation nova-cloud-controller glance
2208
219
juju add-relation nova-cloud-controller keystone
2209
220
juju add-relation nova-compute mysql
2210
221
juju add-relation nova-compute rabbitmq-server
2211
222
juju add-relation nova-compute glance
2212
223
juju add-relation nova-compute nova-cloud-controller
2213
224
juju add-relation glance mysql
2214
225
juju add-relation glance keystone
2215
226
juju add-relation cinder keystone
2216
227
juju add-relation cinder mysql
2217
228
juju add-relation cinder rabbitmq-server
2218
229
juju add-relation cinder nova-cloud-controller
2219
230
juju add-relation openstack-dashboard keystone
2220
231
juju add-relation swift-proxy swift-storage
2221
232
juju add-relation swift-proxy keystone
2222
233
```
2223
234
Finally, the output of juju status should show the all the relations as complete. The OpenStack cloud is now running, but it needs to be populated with some additional components before it is ready for use.
2224
235
2225
236
2226
237
2227
238
2228
239
##Preparing OpenStack for use
2229
240
2230
241
###Configuring access to Openstack
2231
242
2232
243
2233
244
2234
245
The configuration data for OpenStack can be fetched by reading the configuration file generated by the Keystone service. You can also copy this information by logging in to the Horizon (OpenStack Dashboard) service and examining the configuration there. However, we actually need only a few bits of information. The following bash script can be run to extract the relevant information:
2235
246
2236
247
```
2237
248
#!/bin/bash
2238
249
2239
250
set -e
2240
251
2241
252
KEYSTONE_IP=`juju status keystone/0 | grep public-address | awk '{ print $2 }' | xargs host | grep -v alias | awk '{ print $4 }'`
2242
253
KEYSTONE_ADMIN_TOKEN=`juju ssh keystone/0 "sudo cat /etc/keystone/keystone.conf | grep admin_token" | sed -e '/^M/d' -e 's/.$//' | awk '{ print $3 }'`
2243
254
2244
255
echo "Keystone IP: [${KEYSTONE_IP}]"
2245
256
echo "Keystone Admin Token: [${KEYSTONE_ADMIN_TOKEN}]"
2246
257
2247
258
cat << EOF > ./nova.rc
2248
259
export SERVICE_ENDPOINT=http://${KEYSTONE_IP}:35357/v2.0/
2249
260
export SERVICE_TOKEN=${KEYSTONE_ADMIN_TOKEN}
2250
261
export OS_AUTH_URL=http://${KEYSTONE_IP}:35357/v2.0/
2251
262
export OS_USERNAME=admin
2252
263
export OS_PASSWORD=openstack
2253
264
export OS_TENANT_NAME=admin
2254
265
EOF
2255
266
2256
267
juju scp ./nova.rc nova-cloud-controller/0:~
2257
268
```  
2258
269
This script extract the required information and then copies the file to the instance running the nova-cloud-controller.
2259
270
Before we do any nova or glance command we will load the file we just created:
2260
271
2261
272
```
2262
273
$ source ./nova.rc
2263
274
$ nova endpoints
2264
275
```
2265
276
2266
277
At this point the output of nova endpoints should show the information of all the available OpenStack endpoints.
2267
278
2268
279
### Install the Ubuntu Cloud Image
2269
280
2270
281
In order for OpenStack to create instances in its cloud, it needs to have access to relevant images
2271
282
$ mkdir ~/iso
2272
283
$ cd ~/iso
2273
284
$ wget http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img
2274
285
2275
286
###Import the Ubuntu Cloud Image into Glance
2276
287
!!!Note:  glance comes with the package glance-client which may need to be installed where you plan the run the command from
2277
288
2278
289
```
2279
290
apt-get install glance-client
2280
291
glance add name="Trusty x86_64" is_public=true container_format=ovf disk_format=qcow2 < trusty-server-cloudimg-amd64-disk1.img
2281
292
```
2282
293
###Create OpenStack private network
2283
294
Note:  nova-manage  can be run from the nova-cloud-controller node or any of the nova-compute nodes. To access the node we run the following command:
2284
295
2285
296
```
2286
297
juju ssh nova-cloud-controller/0
2287
298
2288
299
sudo nova-manage network create --label=private --fixed_range_v4=1.1.21.32/27 --num_networks=1 --network_size=32 --multi_host=T --bridge_interface=eth0 --bridge=br100
2289
300
```
2290
301
2291
302
To make sure that we have created the network we can now run the following command:
2292
303
2293
304
```
2294
305
sudo nova-manage network list
2295
306
```
2296
307
2297
308
### Create OpenStack public network
2298
309
```
2299
310
sudo nova-manage floating create --ip_range=1.1.21.64/26
2300
311
sudo nova-manage floating list
2301
312
```
2302
313
Allow ping and ssh access adding them to the default security group
2303
314
Note: The following commands are run from a machine where we have the package python-novaclient installed and within a session where we have loaded the above created nova.rc file.
2304
315
2305
316
```
2306
317
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
2307
318
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
2308
319
```
2309
320
2310
321
###Create and register the ssh keys in OpenStack
2311
322
Generate a default keypair
2312
323
```
2313
324
ssh-keygen -t rsa -f ~/.ssh/admin-key
2314
325
```
2315
326
###Copy the public key into Nova
2316
327
We will name it admin-key:
2317
328
Note: In the precise version of python-novaclient the command works with --pub_key instead of --pub-key
2318
329
2319
330
```
2320
331
nova keypair-add --pub-key ~/.ssh/admin-key.pub admin-key
2321
332
```
2322
333
And make sure it’s been successfully created:
2323
334
```
2324
335
nova keypair-list
2325
336
```
2326
337
2327
338
###Create a test instance
2328
339
We created an image with glance before. Now we need the image ID to start our first instance. The ID can be found with this command:
2329
340
```
2330
341
nova image-list
2331
342
```
2332
343
2333
344
Note: we can also use the command glance image-list
2334
345
###Boot the instance:
2335
346
2336
347
```
2337
348
nova boot --flavor=m1.small --image=< image_id_from_glance_index > --key-name admin-key testserver1
2338
349
```
2339
350
2340
351
###Add a floating IP to the new instance
2341
352
First we allocate a floating IP from the ones we created above:
2342
353
2343
354
```
2344
355
nova floating-ip-create
2345
356
```
2346
357
2347
358
Then we associate the floating IP obtained above to the new instance:
2348
359
2349
360
```
2350
361
nova add-floating-ip 9363f677-2a80-447b-a606-a5bd4970b8e6  1.1.21.65
2351
362
```
2352
363
2353
364
2354
365
### Create and attach a Cinder volume to the instance
2355
366
Note: All these steps can be also done through the Horizon Web UI
2356
367
2357
368
We make sure that cinder works by creating a 1GB volume and attaching it to the VM:
2358
369
2359
370
```
2360
371
cinder create --display_name test-cinder1 1
2361
372
```
2362
373
2363
374
Get the ID of the volume with cinder list:
2364
375
2365
376
```
2366
377
cinder list
2367
378
```
2368
379
2369
380
Attach it to the VM as vdb
2370
381
2371
382
```
2372
383
nova volume-attach test-server1 bbb5c5c2-a5fd-4fe1-89c2-d16fe91578d4 /dev/vdb
2373
384
```
2374
385
2375
386
Now we should be able to ssh the VM test-server1 from a server with the private key we created above and see that vdb appears in /proc/partitions
2376
387
2377
388
2378
389
2379
390
2380
391
[troubleshooting]
2381
392
[oog](http://docs.openstack.org/ops/)
2382
393
[MAAS tags]
2383
394
[openstack-config.yaml]
2384
395
[ceph](http://ceph.com/docs/master/dev/mon-bootstrap/)
2385
0
396
2386
=== added file 'Install/landcsape.md'
2387
--- Install/landcsape.md	1970-01-01 00:00:00 +0000
2388
+++ Install/landcsape.md	2014-04-15 16:06:33 +0000
2389
@@ -0,0 +1,909 @@
2390
1
Title: Landscape
2391
2
#Managing OpenStack with Landscape
2392
3
2393
4
##About Landscape
2394
5
Landscape is a system management tool designed to let you easily manage multiple Ubuntu systems - up to 40,000 with a single Landscape instance. From a single dashboard you can apply package updates and perform other administrative tasks on many machines. You can categorize machines by group, and manage each group separately. You can make changes to targeted machines even when they are offline; the changes will be applied next time they start. Landscape lets you create scripts to automate routine work such as starting and stopping services and performing backups. It lets you use both common Ubuntu repositories and any custom repositories you may create for your own computers. Landscape is particularly adept at security updates; it can highlight newly available packages that involve security fixes so they can be applied quickly. You can use Landscape as a hosted service as part of Ubuntu Advantage, or run it on premises via Landscape Dedicated Server.
2395
6
2396
7
##Ubuntu Advantage
2397
8
Ubuntu Advantage comprises systems management tools, technical support, access to online resources and support engineers, training, and legal assurance to keep organizations on top of their Ubuntu server, desktop, and cloud deployments. Advantage provides subscriptions at various support levels to help organizations maintain the level of support they need.
2398
9
2399
10
2400
11
2401
12
2402
13
2403
14
##Access groups
2404
15
2405
16
2406
17
2407
18
2408
19
Landscape lets administrators limit administrative rights on computers
2409
20
by assigning them to logical groupings called access groups. Each
2410
21
computer can be in only one access group, but you can organize access
2411
22
groups hierarchically to mirror the organization of your business. In
2412
23
addition to computers, access groups can contain package profiles,
2413
24
scripts, and custom graphs.
2414
25
2415
26
Creating access groups
2416
27
----------------------
2417
28
2418
29
A new Landscape installation comes with a single access group, called
2419
30
global, which gives any administrators who are associated with roles
2420
31
that include that access group control over every computer managed by
2421
32
Landscape. Most organizations will want to subdivide administration
2422
33
responsibilities by creating logical groupings of computers. You can
2423
34
create new access groups from the ACCESS GROUPS menu under your account
2424
35
menu.
2425
36
2426
37
**Figure 5.1.**
2427
38
2428
39
![image](./Chapter%A05.%A0Access%20groups_files/accessgroups1.png)
2429
40
2430
41
\
2431
42
2432
43
To create a new access group, you must provide two pieces of
2433
44
information: a title for the access group and a parent.
2434
45
2435
46
To start with, the parent must be the global access group. If you want a
2436
47
flat management hierarchy, you can make every access group a child of
2437
48
global. Alternatively, you can use parent/child relationships to create
2438
49
a hierarchy of access groups. For instance, you could specify different
2439
50
sites at a high level, and under them individual buildings, and finally
2440
51
individual departments. Such a hierarchy allows you to specify groups of
2441
52
computers to be managed together by one administrator. Administrators
2442
53
whose roles are associated with higher-level access groups can manage
2443
54
all subgroups of which their access group is a parent.
2444
55
2445
56
When a new access group is first created, its administrators are those
2446
57
who have roles linked to its parent access group, but you can edit the
2447
58
roles associated with an access group. To change the roles associated
2448
59
with an access group, see
2449
60
[below](https://landscape.canonical.com/static/doc/user-guide/ch05.html#associatingadmins "Associating roles with access groups").
2450
61
2451
62
Adding computers to access groups
2452
63
---------------------------------
2453
64
2454
65
To see all the computers currently in an access group, click on the name
2455
66
of the group in the ACCESS GROUPS screen. The screen that then appears
2456
67
displays information about that group. On the right side of the screen,
2457
68
click the word "computers" to show the list of computers that are
2458
69
currently members of this access group.
2459
70
2460
71
**Figure 5.2.**
2461
72
2462
73
![image](./Chapter%A05.%A0Access%20groups_files/accessgroups2.png)
2463
74
2464
75
\
2465
76
Alternatively, you can click on the COMPUTERS menu item at the top of
2466
77
the Landscape screen, and in the selection box at the top of the left
2467
78
column, enter `access-group:`{.literal} followed by the name of your
2468
79
access group: for instance, `access-group:stagingservers`{.literal}.
2469
80
2470
81
To add computers to an access group, click on the COMPUTERS menu item at
2471
82
the top of the Landscape screen. The resulting INFO screen shows the
2472
83
total number of available computers being managed by Landscape, and the
2473
84
number of computers currently selected:
2474
85
2475
86
**Figure 5.3.**
2476
87
2477
88
![image](./Chapter%A05.%A0Access%20groups_files/accessgroups3.png)
2478
89
2479
90
\
2480
91
Find computers you wish to include (see the documentation on [selecting
2481
92
computers](https://landscape.canonical.com/static/doc/user-guide/ch06.html#selectingcomputers "Selecting computers")),
2482
93
then tick the checkbox next to each computer you wish to select. Once
2483
94
you've made your selection, click on the INFO menu entry at the top of
2484
95
the page Scroll down to the bottom section, choose the access group you
2485
96
want from the drop-down list, then click Update access group.
2486
97
2487
98
**Figure 5.4.**
2488
99
2489
100
![image](./Chapter%A05.%A0Access%20groups_files/accessgroups4.png)
2490
101
2491
102
\
2492
103
2493
104
Associating roles with access groups
2494
105
------------------------------------
2495
106
2496
107
An administrator may manage an access group if he is associated with a
2497
108
role that has permission to do so. To associate a role with one or more
2498
109
access groups, click on the ROLES menu item under your account to
2499
110
display a screen that shows a role membership matrix.
2500
111
2501
112
**Figure 5.5.**
2502
113
2503
114
![image](./Chapter%A05.%A0Access%20groups_files/accessgroups5.png)
2504
115
2505
116
\
2506
117
The top of that screen shows a list of role names. Click on a role name
2507
118
to edit the permissions and access groups associated with that role.
2508
119
Note that you cannot modify the GlobalAdmin role, so there is no link
2509
120
associated with that label at the top of the matrix.
2510
121
2511
122
Editing access groups
2512
123
---------------------
2513
124
2514
125
To change the name or title of an existing access group, click on the
2515
126
name of the group in the ACCESS GROUPS screen, then click on the Edit
2516
127
access group link at the top of next screen. Make changes, then click
2517
128
Save.
2518
129
2519
130
**Figure 5.6.**
2520
131
2521
132
![image](./Chapter%A05.%A0Access%20groups_files/accessgroups6.png)
2522
133
2523
134
\
2524
135
2525
136
Deleting access groups
2526
137
----------------------
2527
138
2528
139
To delete an existing access group, click on the name of the group in
2529
140
the ACCESS GROUPS screen, then click on the Edit access group link at
2530
141
the top of next screen. On the resulting screen, click the Delete
2531
142
button. You may Confirm the group's deletion, or you can click Cancel to
2532
143
abort the operation. When you delete an access group, its resources move
2533
144
to its parent access group.
2534
145
2535
146
**Figure 5.7.**
2536
147
2537
148
2538
149
2539
150
##Managing computers
2540
151
2541
152
2542
153
Provisioning new computers
2543
154
--------------------------
2544
155
2545
156
Landscape can provision computers in two ways: manually, or via metal as
2546
157
a service (MAAS). [The Ubuntu wiki explains how to set up
2547
158
MAAS](https://wiki.ubuntu.com/ServerTeam/MAAS/).
2548
159
2549
160
To manually provision computers, click on PROVISIONING under your
2550
161
ACCOUNT menu. Landscape displays a provisioning dashboard that shows the
2551
162
number of provisioning servers you have set up, managed systems, and
2552
163
pending systems.
2553
164
2554
165
**Figure 6.1.**
2555
166
2556
167
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers1.png)
2557
168
2558
169
\
2559
170
2560
171
To provision new systems, click the Provision new systems link. On the
2561
172
Provisioning New Systems screen, the top three fields apply to all the
2562
173
computers you wish to provision at one time.
2563
174
2564
175
**Figure 6.2.**
2565
176
2566
177
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers2.png)
2567
178
2568
179
\
2569
180
Enter the Ubuntu release/architecture from a drop-down list; the
2570
181
available choices are the two hardware architectures (i386 and amd64)
2571
182
for the each Ubuntu release beginning with 12.04. Enter the access group
2572
183
to which the new systems should belong from a drop-down list of the
2573
184
access groups set up for your account. You can optionally enter user
2574
185
data, which Landscape can use for special processing. For instance, you
2575
186
could use this field with Ubuntu's
2576
187
[cloud-init](https://help.ubuntu.com/community/CloudInit) utility, which
2577
188
handles early initialization functions for a cloud instance.
2578
189
2579
190
For each computer you wish to provision, enter its MAC address,
2580
191
hostname, an optional title that will be displayed on the computer
2581
192
listing screen after the computer is set up, and optional tags separated
2582
193
by commas that can later help you search for this computer. Click the
2583
194
Add more systems link to get a new line of empty boxes into which you
2584
195
can add data.
2585
196
2586
197
When you click the Next button, Landscape displays a screen that lets
2587
198
you review the information you entered.
2588
199
2589
200
**Figure 6.3.**
2590
201
2591
202
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers3.png)
2592
203
2593
204
\
2594
205
You can click on Back to make changes, or Provision to perform the
2595
206
operation. Landscape then displays a status screen that at first shows
2596
207
the specified computers waiting to boot on the MAAS server.
2597
208
2598
209
**Figure 6.4.**
2599
210
2600
211
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers4.png)
2601
212
2602
213
\
2603
214
2604
215
Registering computers
2605
216
---------------------
2606
217
2607
218
If a computer is provisioned by Landscape, is it automatically
2608
219
registered with Landscape, but when you first install Landscape, your
2609
220
computers are not known to the Landscape server. To manage them, you
2610
221
must register them with the server. Complete instructions for
2611
222
registering client computers with a Landscape server are available at
2612
223
https://yourserver/standalone/how-to-register. You can get to this page
2613
224
by first clicking on the menu item for your account page on the top
2614
225
menu, then on the link in the box on the left side of the page.
2615
226
2616
227
Selecting computers
2617
228
-------------------
2618
229
2619
230
You can select one or more computers individually, or by using searches
2620
231
or tags. For each of those approaches, the starting place is the
2621
232
COMPUTERS menu entry at the top of the screen. Clicking on it displays a
2622
233
list of all computers Landscape knows about.
2623
234
2624
235
-   To select computers individually, tick the boxes beside their names
2625
236
    in the Select computers list.
2626
237
2627
238
-   Using searches - The upper left corner of the Select computers
2628
239
    screen displays the instructions "Refine your selection by searching
2629
240
    or selecting from the tags below," followed by a search box. You can
2630
241
    enter any string in that box and press Enter, or click the arrow
2631
242
    next to the box. Landscape will search both the name and hostname
2632
243
    associated with all computers for a match with the search term.
2633
244
    Searches are not case-sensitive. A list of matching computers is
2634
245
    displayed on the right side of the screen.
2635
246
2636
247
    Once you've selected a group of computers, you can apply a tag to
2637
248
    them to make it easier to find them again. To do so, with your
2638
249
    computers selected, click on INFO under COMPUTERS. In the box under
2639
250
    Tags:, enter the tag you want to use and click Add.
2640
251
2641
252
-   Using tags - Any tags you have already created appear in a list
2642
253
    under the search box on the left of the Computers screens. You can
2643
254
    click on any tag to display the list of computers associated with
2644
255
    it. To select any of the displayed computers, tick the box next to
2645
256
    its name, or click Select: All link at the top of the list.
2646
257
2647
258
Information about computers
2648
259
---------------------------
2649
260
2650
261
By clicking on several submenus of the COMPUTERS menu, you can get
2651
262
information about selected computers.
2652
263
2653
264
-   Clicking on ACTIVITIES displays information about actions that may
2654
265
    be applied to computers. You can filter the activity log to show
2655
266
    All, Pending, Unapproved, or Failed activities. You can click on
2656
267
    each activity in the list to display a screen showing details about
2657
268
    the activity. On that screen you can Approve, Cancel, Undo, or Redo
2658
269
    the activity by clicking on the relevant button.
2659
270
2660
271
-   Clicking on HARDWARE displays information about the selected
2661
272
    computer's processor, memory, network, storage, audio, video, PCI,
2662
273
    and USB hardware, as well as BIOS information and CPU flags.
2663
274
2664
275
    **Figure 6.5.**
2665
276
2666
277
    ![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers5.png)
2667
278
2668
279
    \
2669
280
2670
281
-   Clicking on PROCESSES displays information about all processes
2671
282
    running on a computer at the last time it checked in with the
2672
283
    Landscape server, and lets you end or kill processes by selecting
2673
284
    them and clicking on the relevant buttons.
2674
285
2675
286
    **Figure 6.6.**
2676
287
2677
288
    ![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers6.png)
2678
289
2679
290
    \
2680
291
2681
292
-   Clicking on REPORTS displays seven pie charts that show what
2682
293
    percentage of computers:
2683
294
2684
295
    -   are securely patched
2685
296
2686
297
    -   are covered by upgrade profiles
2687
298
2688
299
    -   have contacted the server within the last five minutes
2689
300
2690
301
    -   have applied security updates - four charts show computers that
2691
302
        have applied Ubuntu Security Notices within the last two, 14,
2692
303
        30, and 60+ days
2693
304
2694
305
-   Clicking on MONITORING displays graphs of key performance
2695
306
    statistics, such as CPU load, memory use, disk use, and network
2696
307
    traffic.
2697
308
2698
309
    **Figure 6.7.**
2699
310
2700
311
    ![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers7.png)
2701
312
2702
313
    \
2703
314
    You can also create custom graphs to display at the top of the page
2704
315
    by clicking on the Create some now! link. A drop-down box at the top
2705
316
    of the page lets you specify the timeframe the graph data covers:
2706
317
    one day, three days, one week, or four weeks. You can download the
2707
318
    data behind each graph by clicking the relevant button under the
2708
319
    graph.
2709
320
2710
321
The activity log
2711
322
----------------
2712
323
2713
324
The right side of the dashboard that displays when you click on your
2714
325
account menu, and when you click on the ACTIVITIES submenu, shows the
2715
326
status of Landscape activities, displayed in reverse chronological
2716
327
order.
2717
328
2718
329
**Figure 6.8.**
2719
330
2720
331
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers8.png)
2721
332
2722
333
\
2723
334
You can view details on an individual activity by clicking on its
2724
335
description. Each activity is labeled with a status; possible values
2725
336
are:
2726
337
2727
338
-   Succeeded
2728
339
2729
340
-   In progress
2730
341
2731
342
-   Scheduled
2732
343
2733
344
-   Queued
2734
345
2735
346
-   Unapproved
2736
347
2737
348
-   Canceled
2738
349
2739
350
-   Failed
2740
351
2741
352
You can select a subset to view by clicking on the links above the table
2742
353
for All, Pending, Unapproved, or Failed activities.
2743
354
2744
355
In addition to the status and description of each activity, the table
2745
356
shows what computers the activity applied to, who created it, and when.
2746
357
2747
358
Managing users
2748
359
--------------
2749
360
2750
361
Clicking on USERS displays a list of users on each of the selected
2751
362
computers.
2752
363
2753
364
**Figure 6.9.**
2754
365
2755
366
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers9.png)
2756
367
2757
368
\
2758
369
You can select one or more users, then click one of the buttons at the
2759
370
top of the screen:
2760
371
2761
372
-   The ADD button lets you add a new user to the selected computers.
2762
373
2763
374
    **Figure 6.10.**
2764
375
2765
376
    ![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers10.png)
2766
377
2767
378
    \
2768
379
    You must specify the person's name, a username, and a passphrase.
2769
380
    You may also specify a location and telephone numbers. Click the ADD
2770
381
    button at the bottom of the screen to complete the operation.
2771
382
2772
383
-   The DELETE button displays a screen that lets you delete the
2773
384
    selected users.
2774
385
2775
386
    **Figure 6.11.**
2776
387
2777
388
    ![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers11.png)
2778
389
2779
390
    \
2780
391
    You may also tick a checkbox to delete the user's home folders as
2781
392
    well. Press the Delete button at the bottom of the screen to
2782
393
    complete the operation.
2783
394
2784
395
-   The EDIT button displays a User details screen that lets you change
2785
396
    details such as the person's name, primary group, passphrase,
2786
397
    location, and telephone numbers, and add or remove the user from
2787
398
    groups on the selected computers.
2788
399
2789
400
    **Figure 6.12.**
2790
401
2791
402
    ![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers12.png)
2792
403
2793
404
    \
2794
405
2795
406
-   The LOCK button prevents the selected users from logging into their
2796
407
    accounts.
2797
408
2798
409
-   The UNLOCK button lets users into their cars when they've
2799
410
    accidentally locked their keys inside. Actually, no, it simply
2800
411
    unlocks previously locked accounts.
2801
412
2802
413
Managing alerts
2803
414
---------------
2804
415
2805
416
Landscape uses alerts to notify administrators of conditions that
2806
417
require attention. The following types of alerts are available:
2807
418
2808
419
-   when a pending computer needs to be accepted or rejected
2809
420
2810
421
-   when you are exceeding your license entitlements for Landscape
2811
422
    Dedicated Server (This alert does not apply to the hosted version of
2812
423
    Landscape.)
2813
424
2814
425
-   when new package updates are available for computers
2815
426
2816
427
-   when new security updates are available for computers
2817
428
2818
429
-   when a package profile is not applied
2819
430
2820
431
-   when package reporting fails (Each client runs the command **apt-get
2821
432
    update** every 60 minutes. Anything that prevents that command from
2822
433
    succeeding is considered a package reporting failure.)
2823
434
2824
435
-   when an activity requires explicit administrator acceptance or
2825
436
    rejection
2826
437
2827
438
-   when a computer has not contacted the Landscape server for more than
2828
439
    five minutes
2829
440
2830
441
-   when computers need to be rebooted in order for a package update
2831
442
    (such as a kernel update) to take effect
2832
443
2833
444
To configure alerts, click on the Configure alerts link in the
2834
445
dashboard, or click on your account's ALERTS menu item. Tick the check
2835
446
box next to each type of alert you want to subscribe to, or click the
2836
447
All or None buttons at the top of the table, then click on the Subscribe
2837
448
or Unsubscribe button below the table.
2838
449
2839
450
**Figure 6.13.**
2840
451
2841
452
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers13.png)
2842
453
2843
454
\
2844
455
2845
456
The Alerts screen shows the status of each alert. If an alert has not
2846
457
been tripped, the status is OK; if it has, the status is Alerted. The
2847
458
last column notes whether the alert applies to your account (pending
2848
459
computers, for instance, are not yet Landscape clients, but they are
2849
460
part of your account), to all computers, or to a specified set of tagged
2850
461
computers.
2851
462
2852
463
If an alert is tripped, chances are an administrator should investigate
2853
464
it. You can see alerts on the account dashboard that displays when you
2854
465
click on your account name on the top menu. The description for each
2855
466
alert is a link; click on it to see a table of alerts. When you click on
2856
467
an alert, the resulting screen shows relevant information about the
2857
468
problem. For instance, if you click on an alert about computers having
2858
469
issues reporting packages, the table shows the computer affected, the
2859
470
error code, and error output text.
2860
471
2861
472
**Figure 6.14.**
2862
473
2863
474
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers14.png)
2864
475
2865
476
\
2866
477
On some alert screens you can download the list of affected computers as
2867
478
a CSV file or save the criteria that generated the alert as a saved
2868
479
search by clicking the relevant button at the bottom of the screen.
2869
480
2870
481
Managing scripts
2871
482
----------------
2872
483
2873
484
Landscape lets you run scripts on the computers you manage in your
2874
485
account. The scripts may be in any language, as long as an interpreter
2875
486
for that language is present on the computers on which they are to run.
2876
487
You can maintain a library of scripts for common tasks. You can manage
2877
488
scripts from the STORED SCRIPTS menu under your account, and run them
2878
489
against computers from the SCRIPTS menu under COMPUTERS.
2879
490
2880
491
The Stored scripts screen displays a list of existing scripts, along
2881
492
with the access groups each belongs to and its creator.
2882
493
2883
494
**Figure 6.15.**
2884
495
2885
496
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers15.png)
2886
497
2887
498
\
2888
499
You can edit a script by clicking on its name. To delete a stored
2889
500
script, tick the check box next to its name, then click Remove. If you
2890
501
have the proper permissions, Landscape erases the script immediately
2891
502
without asking for confirmation.
2892
503
2893
504
From the Stored scripts screen you can add a new script by clicking on
2894
505
Add stored script.
2895
506
2896
507
**Figure 6.16.**
2897
508
2898
509
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers16.png)
2899
510
2900
511
\
2901
512
On the Create script screen you must enter a title, interpreter, the
2902
513
script code, the time within which the script must complete, and the
2903
514
access group to which the script belongs. You may enter a default user
2904
515
to run the script as; if you don't, you will have to specify the user
2905
516
when you choose to run the script. You may also attach as many as five
2906
517
files with a maximum of 1MB in total size. On each computer on which a
2907
518
script runs, attachments are placed in the directory specified by the
2908
519
environment variable LANDSCAPE\_ATTACHMENTS, and are deleted once the
2909
520
script has been run. After specifying all the information for a stored
2910
521
script, click on Save to save it.
2911
522
2912
523
To run a stored script, go to the SCRIPTS menu under COMPUTERS. Here you
2913
524
can choose to run a stored script, or run a new script.
2914
525
2915
526
**Figure 6.17.**
2916
527
2917
528
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers17.png)
2918
529
2919
530
\
2920
531
When you choose to run an existing script, Landscape displays the script
2921
532
details, which allows you to modify any information. You must specify
2922
533
the user on the target computers to run the script as, and schedule the
2923
534
script to run either as soon as possible, or at a specified time. When
2924
535
you're ready to run the script, click on Run.
2925
536
2926
537
To run a new script, you must enter most of the same information you
2927
538
would if you were creating a stored script, with three differences.
2928
539
2929
540
**Figure 6.18.**
2930
541
2931
542
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers18.png)
2932
543
2933
544
\
2934
545
On this screen you must specify the user on the target computers to run
2935
546
the script as, and you may optionally tick a check box to store the
2936
547
script in your script library. You must also schedule the script to run
2937
548
either as soon as possible, or at a specified time. When you're ready to
2938
549
run the script, click on Run.
2939
550
2940
551
Managing upgrade profiles
2941
552
-------------------------
2942
553
2943
554
An upgrade profile defines a schedule for the times when upgrades are to
2944
555
be automatically installed on the machines associated with a specific
2945
556
access group. You can associate zero or more computers with each upgrade
2946
557
profile via tags to install packages on those computers. You can also
2947
558
associate an upgrade profile with an access group, which limits its use
2948
559
to only computers within the specified access group. You can manage
2949
560
upgrade profiles from the UPGRADE PROFILES link in the PROFILES choice
2950
561
under your account.
2951
562
2952
563
When you do so, Landscape displays a list of the names and descriptions
2953
564
of existing upgrade profiles.
2954
565
2955
566
**Figure 6.19.**
2956
567
2957
568
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers19.png)
2958
569
2959
570
\
2960
571
To see the details of an existing profile, click on its name to display
2961
572
a screen that shows the name, schedule, and tags of computers associated
2962
573
with the upgrade profile. If you want to change the upgrade profile's
2963
574
name or schedule, click on the Edit upgrade profile link. If you want to
2964
575
change the computers associated with the upgrade profile, tick or untick
2965
576
the check boxes next to the tags on the lower part of the screen, then
2966
577
click on the Change button. Though you can see the access group
2967
578
associated with the upgrade profile, you cannot change the access groups
2968
579
anywhere but from their association with a computer.
2969
580
2970
581
To add an upgrade profile, click on the Add upgrade profile link.
2971
582
2972
583
**Figure 6.20.**
2973
584
2974
585
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers20.png)
2975
586
2976
587
\
2977
588
On the resulting Create an upgrade profile screen you must enter a name
2978
589
for the upgrade profile. Names can contain only letters, numbers, and
2979
590
hyphens. You may check a box to make the upgrade profile apply only to
2980
591
security upgrades; if you leave it unchecked, it will target all
2981
592
upgrades. Specify the access group to which the upgrade profile belongs
2982
593
from a drop-down list. Finally, specify the schedule on which the
2983
594
upgrade profile can run. You can specify a number of hours to let the
2984
595
upgrade profile run; if it does not complete successfully in that time,
2985
596
Landscape will trigger an alert. Click on the Save button to save the
2986
597
new upgrade profile.
2987
598
2988
599
To delete one or more upgrade profiles, tick a check box next to the
2989
600
upgrade profiles' names, then click on the Remove button.
2990
601
2991
602
Managing removal profiles
2992
603
-------------------------
2993
604
2994
605
A removal profile defines a maximum number of days that a computer can
2995
606
go without exchanging data with the Landscape server before it is
2996
607
automatically removed. If more days pass than the profile's "Days
2997
608
without exchange", that computer will automatically be removed and the
2998
609
license seat it held will be released. This helps Landscape keep license
2999
610
seats open and ensure Landscape is not tracking stale or retired
3000
611
computer data for long periods of time. You can associate zero or more
3001
612
computers with each removal profile via tags to ensure those computers
3002
613
are governed by this removal profile. You can also associate a removal
3003
614
profile with an access group, which limits its use to only computers
3004
615
within the specified access group. You can manage removal profiles from
3005
616
the REMOVAL PROFILES link in the PROFILES choice under your account.
3006
617
3007
618
When you do so, Landscape displays a list of the names and descriptions
3008
619
of existing removal profiles.
3009
620
3010
621
**Figure 6.21.**
3011
622
3012
623
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers21.png)
3013
624
3014
625
\
3015
626
To see the details of an existing profile, click on its name to display
3016
627
a screen that shows the title, name and number of days without exchange
3017
628
before the computer is automatically removed, and tags of computers
3018
629
associated with the removal profile. If you want to change the removal
3019
630
profile's title or number of days before removal, click on the Edit
3020
631
removal profile link. If you want to change the computers associated
3021
632
with the removal profile, tick or untick the check boxes next to the
3022
633
tags on the lower part of the screen, then click on the Change button.
3023
634
Though you can see the access group associated with the removal profile,
3024
635
you cannot change the access groups anywhere but from their association
3025
636
with a computer.
3026
637
3027
638
To add a removal profile, click on the Add removal profile link.
3028
639
3029
640
**Figure 6.22.**
3030
641
3031
642
![image](./Chapter%A06.%A0Managing%20computers_files/managecomputers22.png)
3032
643
3033
644
\
3034
645
On the resulting Create a removal profile screen you must enter a title
3035
646
for the removal profile. Specify the access group to which the removal
3036
647
profile belongs from a drop-down list. Finally, specify the number of
3037
648
days without exchange that computers will be allowed without contact
3038
649
before they are automatically removed and their license seat is
3039
650
released. If a computer does not contact Landscape within that number of
3040
651
days, it will subsequently be removed. Click on the Save button to save
3041
652
the new removal profile.
3042
653
3043
654
To delete one or more removal profiles, tick a check box next to the
3044
655
removal profiles' names, then click on the Remove button.
3045
656
3046
657
##Managing packages
3047
658
3048
659
3049
660
A package is a group of related files that comprise everything you need
3050
661
to install an application. Packages are stored in repositories, and each
3051
662
package is managed via a package profile, which is a record of the
3052
663
package's dependencies and conflicts.
3053
664
3054
665
Package information
3055
666
-------------------
3056
667
3057
668
Clicking on PACKAGES under the COMPUTERS menu displays a screen where
3058
669
you can search for information about all the packages Landscape knows
3059
670
about. You may first specify a package name or other search string, then
3060
671
press Enter or click on the arrow next to the box. Landscape then
3061
672
displays a list of packages that meet the search criteria.
3062
673
3063
674
**Figure 7.1.**
3064
675
3065
676
![image](./Chapter%A07.%A0Managing%20packages_files/managepackages1.png)
3066
677
3067
678
\
3068
679
The top of the screen displays summary information about the packages:
3069
680
clickable links to which computers have security updates and other
3070
681
upgrades to be installed, and the number of computers that are
3071
682
up-to-date and those that have not reported package information.
3072
683
3073
684
The next section provides a list of security issues on computers that
3074
685
need security updates. You can click on the name or USN number of a
3075
686
security issue to see a full Ubuntu Security Notice.
3076
687
3077
688
**Figure 7.2.**
3078
689
3079
690
![image](./Chapter%A07.%A0Managing%20packages_files/managepackages2.png)
3080
691
3081
692
\
3082
693
The third section displays package information in the form of four
3083
694
numbers for each selected computer: the number of packages available and
3084
695
installed, pending upgrades, and held upgrades. You can click on the
3085
696
number of pending or held upgrades to see a screen that lets you modify
3086
697
the relevant package list and set a time for the upgrades to take place:
3087
698
3088
699
**Figure 7.3.**
3089
700
3090
701
![image](./Chapter%A07.%A0Managing%20packages_files/managepackages3.png)
3091
702
3092
703
3093
704
Finally, a Request upgrades button at the bottom of the screen lets you
3094
705
quickly request that all possible upgrades be applied to the selected
3095
706
computers. Any resulting activities require explicit administrator
3096
707
approval.
3097
708
3098
709
Adding a package profile
3099
710
------------------------
3100
711
3101
712
Landscape uses package profiles (also called meta packages) to make sure
3102
713
the proper software is installed when you request packages. You can
3103
714
think of a package profile as a package with no file contents, just
3104
715
dependencies and conflicts. With that information, the package profile
3105
716
can trigger the installation of other packages necessary for the
3106
717
requested package to run, or trigger the removal of software that
3107
718
conflicts with the requested package. These dependencies and conflicts
3108
719
fall under the general category of constraints.
3109
720
3110
721
To manage package profiles, click the PROFILES menu entry under your
3111
722
account and the Package profiles link. The Package profiles screen
3112
723
displays a list of existing package profiles and a link that you can
3113
724
click to add a new package profile.
3114
725
3115
726
**Figure 7.4.**
3116
727
3117
728
![image](./Chapter%A07.%A0Managing%20packages_files/managepackages4.png)
3118
729
3119
730
\
3120
731
Click on that link to display the Create package profile screen:
3121
732
3122
733
**Figure 7.5.**
3123
734
3124
735
![image](./Chapter%A07.%A0Managing%20packages_files/managepackages5.png)
3125
736
3126
737
\
3127
738
Here you enter a name for the package profile, a description (which
3128
739
appears at the top of the package profile's information screen), the
3129
740
access group to which the package profile should belong, and,
3130
741
optionally, any package constraints - packages that this profile depends
3131
742
on or conflicts with. The constraints drop-down lists lets you add
3132
743
constraints in three ways: based on a computer's installed packages,
3133
744
imported from a previously exported CSV file or the output of the **dpkg
3134
745
--get-selections** command, or manually added. Use the first option if
3135
746
you want to replicate one computer to another, as it makes all currently
3136
747
installed packages that are on the selected computer dependencies of the
3137
748
package profile you're creating. The second approach imports the
3138
749
dependencies of a previously exported package profile. The manual
3139
750
approach is suitable when you have few dependencies to add, all of which
3140
751
you know.
3141
752
3142
753
When you save a package profile, behind the scenes Landscape creates a
3143
754
Debian package with the specified dependencies and conflicts and gives
3144
755
it a name and a version. Every time you change the package profile,
3145
756
Landscape increments the version by one.
3146
757
3147
758
If Landscape finds computers on which the package profile should be
3148
759
installed, it creates an activity to do so. That activity will run
3149
760
unattended, except that you must provide explicit administrator approval
3150
761
to remove any packages that the package profile wants to delete.
3151
762
3152
763
Exporting a package profile
3153
764
---------------------------
3154
765
3155
766
You can export a package profile in order to use the same constraints
3156
767
it's set up for with a new package profile. To export a package profile,
3157
768
click the PROFILES menu entry under your account and the Package
3158
769
profiles link. Tick the check box next to the packages you want to
3159
770
export, then click Download as CSV.
3160
771
3161
772
Modifying a package profile
3162
773
---------------------------
3163
774
3164
775
To modify a package profile, click the PROFILES menu entry under your
3165
776
account and the Package profiles link, then click on the name of a
3166
777
package profile in the list.
3167
778
3168
779
Deleting a package profile
3169
780
--------------------------
3170
781
3171
782
To delete a package profile, click the PROFILES menu entry under your
3172
783
account and then the Package profiles link. Tick the check box next to
3173
784
the packages you want to delete, then click Remove. The package profile
3174
785
is deleted immediately, with no prompt to confirm the action.
3175
786
3176
787
Repositories
3177
788
------------
3178
789
3179
790
Packages are stored in repositories. A repository is simply a designated
3180
791
location that stores packages. You can manage Landscape repositories
3181
792
only via [the Landscape
3182
793
API](https://landscape.canonical.com/static/doc/user-guide/ch09.html "Chapter 9. The Landscape API").
3183
794
3184
795
3185
796
3186
797
3187
798
* * * * *
3188
799
3189
800
[Prev](https://landscape.canonical.com/static/doc/user-guide/ch07.html)
3190
801
[Up](https://landscape.canonical.com/static/doc/user-guide/index.html)
3191
802
[Next](https://landscape.canonical.com/static/doc/user-guide/ch09.html)
3192
803
3193
804
##Use cases
3194
805
--------------------
3195
806
3196
807
3197
808
You can use Landscape to perform many common system administration tasks
3198
809
easily and automatically. Here are a few examples.
3199
810
3200
811
How do I upgrade all packages on a certain group of machines?
3201
812
-------------------------------------------------------------
3202
813
3203
814
First, tag the machines you want to upgrade with a common tag, so you
3204
815
can use the tag anytime you need to manage those computers as a group.
3205
816
If, for instance, you want to upgrade all your desktop computers, you
3206
817
might want to use "desktop" as a tag. Select your computers, then click
3207
818
on COMPUTERS on the top menu, and under that INFO. In the box under
3208
819
Tags:, enter the tag you want to use and click the Add button.
3209
820
3210
821
If you've already tagged the computers, click on COMPUTERS, then click
3211
822
on the tag in the left column.
3212
823
3213
824
With your desktop computers selected, click on COMPUTERS, then PACKAGES.
3214
825
Scroll to the bottom of the screen, where you'll see a Request upgrades
3215
826
button. Click it to queue the upgrade tasks.
3216
827
3217
828
![image](./Chapter%A08.%A0Use%20cases_files/usecases1.png)
3218
829
3219
830
While the upgrade tasks are now in the queue, they will not be executed
3220
831
until you approve them. To do so, next to Select:, click All, then click
3221
832
on the Approve button at the bottom of the page.
3222
833
3223
834
How do I keep all of my file servers automatically up to date?
3224
835
--------------------------------------------------------------
3225
836
3226
837
The best way is to use [upgrade
3227
838
profiles](https://landscape.canonical.com/static/doc/user-guide/ch02.html#defineupgradeprofiles),
3228
839
which rely on access groups.
3229
840
3230
841
If an access group for your file servers already exists, simply click on
3231
842
its name. If not, you must create an access group for them. To do so,
3232
843
click on your account, then on ACCESS GROUPS. Specify a name for your
3233
844
new access group and click the Save button. You must then add computers
3234
845
to the access group. To do that, click on COMPUTERS, then select all
3235
846
your file servers by using a tag, if one exists, or a search, or by
3236
847
ticking them individually. Once all the computers you want to add to the
3237
848
access group are tagged, click on the INFO menu choice, scroll down to
3238
849
the bottom section, choose the access group you want from the drop-down
3239
850
list, then click the Update access group button.
3240
851
3241
852
![image](./Chapter%A08.%A0Use%20cases_files/accessgroups4.png)
3242
853
3243
854
Once you have all your file servers in an access group you can create an
3244
855
upgrade profile for them. Click on your account, then PROFILES menu
3245
856
following the Upgrade profiles link, and then on the Add upgrade profile
3246
857
link. Enter a name for the new upgrade profile, choose the access group
3247
858
you wish to associate with it, and specify the schedule on which the
3248
859
upgrades should run, then click the Save button.
3249
860
3250
861
How do I keep Landscape from upgrading a certain package on one of my servers?
3251
862
------------------------------------------------------------------------------
3252
863
3253
864
First find the package by clicking on COMPUTERS, then PACKAGES. Use the
3254
865
search box at the top of the screen to find the package you want. Click
3255
866
the triangle on the left of the listing line of the package you want to
3256
867
hold, which expands the information for that package. Now click on the
3257
868
icon to the left of the package name. A new icon with a lock replaces
3258
869
the old one, indicating that this package is to be held during upgrades.
3259
870
Scroll to the bottom of the page and click on the Apply Changes button.
3260
871
3261
872
![image](./Chapter%A08.%A0Use%20cases_files/usecases2.png)
3262
873
3263
874
How do I set up a custom graph?
3264
875
-------------------------------
3265
876
3266
877
First select the computers whose information you want to see. One good
3267
878
way to do so is to create a tag for that group of computers on my
3268
879
computers. Suppose you want to monitor the size of the PostgreSQL
3269
880
database on your database servers. Select the servers, then click on
3270
881
COMPUTERS on the top menu, and INFO under that. In the box under Tags:,
3271
882
enter a tag name, such as "db-server," and click the Add button. Next,
3272
883
under your account, click on CUSTOM GRAPHS, then on the link to Add
3273
884
custom graph. Enter a title, and in the \#! field, enter **/bin/sh** to
3274
885
indicate a shell script. In the Code section, enter the commands
3275
886
necessary to create the data for the graph. For this example, the
3276
887
command might be:
3277
888
3278
889
~~~~ {.programlisting}
3279
890
psql -tAc "select pg_database_size('postgres')"
3280
891
~~~~
3281
892
3282
893
For Run as user, enter **postgres**.
3283
894
3284
895
Fill in the Y-axix title, then click the Save button at the bottom of
3285
896
the page.
3286
897
3287
898
![image](./Chapter%A08.%A0Use%20cases_files/usecases3.png)
3288
899
3289
900
To view the graph, click on COMPUTERS, then MONITORING. You can select
3290
901
the monitoring period from the drop-down box at the top of the window.
3291
902
3292
903
How do I ensure all computers with a given tag have a common list of packages installed?
3293
904
----------------------------------------------------------------------------------------
3294
905
3295
906
Manage them via a [package
3296
907
profile](https://landscape.canonical.com/static/doc/user-guide/ch07.html#definepp "Adding a package profile").
3297
908
3298
909
3299
0
910
3300
=== removed file 'Installing-Ceph.md'
3301
--- Installing-Ceph.md	2014-04-07 13:23:30 +0000
3302
+++ Installing-Ceph.md	1970-01-01 00:00:00 +0000
3303
@@ -1,56 +0,0 @@
3304
1
Title: Installing - Ceph
3305
2
Status: Review
3306
3
3307
4
# Installing - Ceph
3308
5
3309
6
## Introduction
3310
7
3311
8
Typically OpenStack uses the local storage of their nodes for the configuration data
3312
9
as well as for the object storage provided by Swift and the block storage provided by 
3313
10
Cinder and Glance. But it also can use Ceph as storage backend. Ceph stripes block 
3314
11
device images across a cluster. This way it provides a better performance than typical 
3315
12
standalone server. It allows scalabillity and redundancy needs to be satisfied and 
3316
13
Cinder's RDB driver used to create, export and connect volumes to instances.
3317
14
3318
15
## Scope
3319
16
3320
17
This document covers the deployment of Ceph via Juju. Other related documents are
3321
18
3322
19
- [Scaling Ceph](Scaling-Ceph.md)
3323
20
- [Troubleshooting Ceph](Troubleshooting-Ceph.md)
3324
21
- [Appendix Ceph and OpenStack](Appendix-Ceph-and-OpenStack.md)
3325
22
3326
23
## Deployment
3327
24
3328
25
During the installation of OpenStack we've already seen the deployment of Ceph via
3329
26
3330
27
```
3331
28
juju deploy --config openstack-config.yaml -n 3 ceph
3332
29
juju deploy --config openstack-config.yaml -n 10 ceph-osd
3333
30
```
3334
31
3335
32
This will install three Ceph nodes configured with the information contained in the
3336
33
file `openstack-config.yaml`. This file contains the configuration `block-device: None`
3337
34
for Cinder, so that this component does not use the local disk. Instead we're calling
3338
35
Additionally 10 Ceph OSD nodes providing the object storage are deployed and related 
3339
36
to the Ceph nodes by
3340
37
3341
38
```
3342
39
juju add-relation ceph-osd ceph
3343
40
```
3344
41
3345
42
Once the ceph charm has bootstrapped the cluster, it will notify the ceph-osd charm which 
3346
43
will scan for the configured storage devices and add them to the pool of available storage.
3347
44
Now the relation to Cinder and Glance can be established with
3348
45
3349
46
```
3350
47
juju add-relation cinder ceph
3351
48
juju add-relation glance ceph
3352
49
```
3353
50
3354
51
so that both are using the storage provided by Ceph.
3355
52
3356
53
## See also
3357
54
3358
55
- https://manage.jujucharms.com/charms/precise/ceph
3359
56
- https://manage.jujucharms.com/charms/precise/ceph-osd
3360
57
0
3361
=== removed file 'Installing-MAAS.md'
3362
--- Installing-MAAS.md	2014-04-02 23:18:00 +0000
3363
+++ Installing-MAAS.md	1970-01-01 00:00:00 +0000
3364
@@ -1,467 +0,0 @@
3365
1
Title: Installing MAAS 
3366
2
Status: In progress
3367
3
Notes:
3368
4
3369
5
3370
6
3371
7
3372
8
3373
9
#Installing the MAAS software
3374
10
3375
11
##Scope of this documentation
3376
12
3377
13
This document provides instructions on how to install the Metal As A Service (MAAS) software. It has been prepared alongside guides for installing Juju, OpenStack and Landscape as part of a production grade cloud environment. MAAS itself may be used in different ways and you can find documentation for this on the main MAAS website [MAAS docs]. For the purposes of this documentation, the following assumptions have been made:
3378
14
* You have sufficient, appropriate node hardware 
3379
15
* You will be using Juju to assign workloads to MAAS
3380
16
* You will be configuring the cluster network to be controlled entirely by MAAS (i.e. DNS and DHCP)
3381
17
* If you have a compatible power-management system, any additional hardware required is also installed(e.g. IPMI network).
3382
18
3383
19
## Introducing MAAS
3384
20
3385
21
Metal as a Service – MAAS – lets you treat physical servers like virtual machines in the cloud. Rather than having to manage each server individually, MAAS turns your bare metal into an elastic cloud-like resource.
3386
22
3387
23
What does that mean in practice? Tell MAAS about the machines you want it to manage and it will boot them, check the hardware’s okay, and have them waiting for when you need them. You can then pull nodes up, tear them down and redeploy them at will; just as you can with virtual machines in the cloud.
3388
24
3389
25
When you’re ready to deploy a service, MAAS gives Juju the nodes it needs to power that service. It’s as simple as that: no need to manually provision, check and, afterwards, clean-up. As your needs change, you can easily scale services up or down. Need more power for your Hadoop cluster for a few hours? Simply tear down one of your Nova compute nodes and redeploy it to Hadoop. When you’re done, it’s just as easy to give the node back to Nova.
3390
26
3391
27
MAAS is ideal where you want the flexibility of the cloud, and the hassle-free power of Juju charms, but you need to deploy to bare metal.
3392
28
3393
29
## Installing MAAS from the Cloud Archive
3394
30
3395
31
The Ubuntu Cloud Archive is a repository made especially to provide users with the most up to date, stable versions of MAAS, Juju and other tools. It is highly recommended to configure this repository and use it to keep your software up to date:
3396
32
3397
33
```
3398
34
sudo add-apt-repository cloud-archive:tools
3399
35
sudo apt-get update
3400
36
```
3401
37
3402
38
There are several packages that comprise a MAAS install. These are:
3403
39
3404
40
maas-region-controller:
3405
41
    Which comprises the 'control' part of the software, including the web-based user interface, the API server and the main database.
3406
42
maas-cluster-controller:
3407
43
    This includes the software required to manage a cluster of nodes, including managing DHCP and boot images.
3408
44
maas-dns:
3409
45
    This is a customised DNS service that MAAS can use locally to manage DNS for all the connected nodes.
3410
46
mass-dhcp:
3411
47
    As for DNS, there is a DHCP service to enable MAAS to correctly enlist nodes and assign IP addresses. The DHCP setup is critical for the correct PXE booting of nodes.
3412
48
3413
49
As a convenience, there is also a `maas` metapackage, which will install all these components
3414
50
3415
51
3416
52
If you need to separate these services or want to deploy an additional cluster controller, you should install the corresponding packages individually (see [_the description of a typical setup_](https://www.filepicker.io/api/file/orientation.html#setup) for more background on how a typical hardware setup might be arranged).
3417
53
3418
54
3419
55
3420
56
3421
57
### Installing the packages
3422
58
3423
59
The configuration for the MAAS controller will automatically run and pop up this config screen:
3424
60
3425
61
![]( install_cluster-config.png)
3426
62
3427
63
Here you will need to enter the hostname for where the region controller can be contacted. In many scenarios, you may be running the region controller (i.e. the web and API interface) from a different network address, for example where a server has several network interfaces.
3428
64
3429
65
Once the configuration scripts have run you should see this message telling you that the system is ready to use:
3430
66
3431
67
![]( install_controller-config.png)
3432
68
3433
69
The web server is started last, so you have to accept this message before the service is run and you can access the Web interface. Then there are just a few more setup steps [_Post-Install tasks_](https://www.filepicker.io/api/file/WMGTttJT6aaLnQrEkAPv?signature=a86d0c3b4e25dba2d34633bbdc6873d9d8e6ae3cecc4672f2219fa81ee478502&policy=eyJoYW5kbGUiOiJXTUdUdHRKVDZhYUxuUXJFa0FQdiIsImV4cGlyeSI6MTM5NTE3NDE2MSwiY2FsbCI6WyJyZWFkIl19#post-install)
3434
70
3435
71
The maas-dhcp and maas-dns packages should be installed by default. You can check whether they are installed with:
3436
72
3437
73
```
3438
74
dpkg -l maas-dhcp maas-dns
3439
75
```
3440
76
3441
77
If they are missing, then:
3442
78
3443
79
```
3444
80
sudo apt-get install maas-dhcp maas-dns
3445
81
```
3446
82
3447
83
And then proceed to the post-install setup below.
3448
84
3449
85
If you now use a web browser to connect to the region controller, you should see that MAAS is running, but there will also be some errors on the screen:
3450
86
3451
87
![]( install_web-init.png)
3452
88
3453
89
The on screen messages will tell you that there are no boot images present, and that you can't login because there is no admin user.
3454
90
3455
91
## Create a superuser account
3456
92
3457
93
Once MAAS is installed, you'll need to create an administrator account:
3458
94
3459
95
```
3460
96
sudo maas createadmin --username=root --email=MYEMAIL@EXAMPLE.COM
3461
97
```
3462
98
3463
99
Substitute your own email address in the command above. You may also use a different username for your administrator account, but "root" is a common convention and easy to remember. The command will prompt for a password to assign to the new user.
3464
100
3465
101
You can run this command again for any further administrator accounts you may wish to create, but you need at least one.
3466
102
3467
103
## Import the boot images
3468
104
3469
105
MAAS will check for and download new Ubuntu images once a week. However, you'll need to download them manually the first time. To do this you will need to connect to the MAAS API using the maas-cli tool. (see for details). Then you need to run the command:
3470
106
3471
107
```
3472
108
maas-cli maas node-groups import-boot-images
3473
109
```
3474
110
3475
111
(substitute in a different profile name for 'maas' if you have called yours something else) This will initiate downloading the required image files. Note that this may take some time depending on your network connection.
3476
112
3477
113
3478
114
## Login to the server
3479
115
3480
116
To check that everything is working properly, you should try and login to the server now. Both the error messages should have gone (it can take a few minutes for the boot image files to register) and you can see that there are currently 0 nodes attached to this controller.
3481
117
3482
118
![]( install-login.png)
3483
119
## Configure switches on the network
3484
120
3485
121
Some switches use Spanning-Tree Protocol (STP) to negotiate a loop-free path through a root bridge. While scanning, it can make each port wait up to 50 seconds before data is allowed to be sent on the port. This delay in turn can cause problems with some applications/protocols such as PXE, DHCP and DNS, of which MAAS makes extensive use.
3486
122
3487
123
To alleviate this problem, you should enable [Portfast](https://www.symantec.com/business/support/index?page=content&id=HOWTO6019) for Cisco switches or its equivalent on other vendor equipment, which enables the ports to come up almost immediately.
3488
124
3489
125
##Add an additional cluster
3490
126
3491
127
Whilst it is certainly possible to run MAAS with just one cluster controller for all the nodes, in the interests of easier maintenance, uprades and stability, it is desirable to have at least two operational clusters.
3492
128
3493
129
Each cluster needs a controller node. Install Ubuntu on this node and then follow a similar setup proceedure to install the cluster controller software:
3494
130
3495
131
```
3496
132
sudo add-apt-repository cloud-archive:tools
3497
133
sudo apt-get update
3498
134
sudo apt-get install maas-cluster-controller
3499
135
sudo apt-get install maas-dhcp
3500
136
```
3501
137
3502
138
During the install process, a configuration window will appear. You merely need to type in the address of the MAAS controller API, like this:
3503
139
3504
140
![config-image.png]
3505
141
3506
142
## Configure Cluster Controller(s)
3507
143
3508
144
### Cluster acceptance
3509
145
When you install your first cluster controller on the same system as the region controller, it will be automatically accepted by default (but not yet configured, see below). Any other cluster controllers you set up will show up in the user interface as “pending,” until you manually accept them into the MAAS.
3510
146
3511
147
To accept a cluster controller, click on the settings “cog” icon at the top right to visit the settings page:
3512
148
![]settings.png
3513
149
You can either click on “Accept all” or click on the edit icon to edit the cluster. After clicking on the edit icon, you will see this page:
3514
150
3515
151
![]cluster-edit.png
3516
152
Here you can change the cluster’s name as it appears in the UI, its DNS zone, and its status. Accepting the cluster changes its status from “pending” to “accepted.”
3517
153
3518
154
Now that the cluster controller is accepted, you can configure one or more of its network interfaces to be managed by MAAS. This will enable the cluster controller to manage nodes attached to those networks. The next section explains how to do this and what choices are to be made.
3519
155
3520
156
### Configuration
3521
157
MAAS automatically recognises the network interfaces on each cluster controller. Some of these will be connected to networks where you want to manage nodes. We recommend letting your cluster controller act as a DHCP server for these networks, by configuring those interfaces in the MAAS user interface.
3522
158
3523
159
As an example, we will configure the cluster controller to manage a network on interface eth0. Click on the edit icon for eth0, which takes us to this page:
3524
160
3525
161
![]cluster-interface-edit.png
3526
162
Here you can select to what extent you want the cluster controller to manage the network:
3527
163
3528
164
DHCP only - this will run a DHCP server on your cluster
3529
165
DHCP and DNS - this will run a DHCP server on the cluster and configure the DNS server included with the region controller so that it can be used to look up hosts on this network by name.
3530
166
Note
3531
167
You cannot have DNS management without DHCP management because MAAS relies on its own DHCP server’s leases file to work out the IP address of nodes in the cluster.
3532
168
If you set the interface to be managed, you now need to provide all of the usual DHCP details in the input fields below. Once done, click “Save interface”. The cluster controller will now be able to boot nodes on this network.
3533
169
3534
170
!!! note:There is also an option to leave the network unmanaged. Use this for networks where you don’t want to manage any nodes. Or, if you do want to manage nodes but don’t want the cluster controller to serve DHCP, you may be able to get by without it. This is explained in Manual DHCP configuration.
3535
171
3536
172
!!! note: A single cluster controller can manage more than one network, each from a different network interface on the cluster-controller server. This may help you scale your cluster to larger numbers of nodes, or it may be a requirement of your network architecture.
3537
173
3538
174
## Enlisting nodes
3539
175
3540
176
Now that the MAAS controller is running, we need to make the nodes aware of MAAS and vice-versa. With MAAS controlling DHCP and nodes capable of PXE booting, this is straightforward
3541
177
3542
178
Automatic Discovery
3543
179
With nodes set to boot from a PXE image, they will start, look for a DHCP server, receive the PXE boot details, boot the image, contact the MAAS server and shut down.
3544
180
3545
181
During this process, the MAAS server will be passed information about the node, including the architecture, MAC address and other details which will be stored in the database of nodes. You can accept and comission the nodes via the web interface. When the nodes have been accepted the selected series of Ubuntu will be installed.
3546
182
3547
183
To save time, you can also accept and commission all nodes from the commandline. This requires that you first login with the API key [1], which you can retrieve from the web interface:
3548
184
3549
185
```
3550
186
maas-cli maas nodes accept-all
3551
187
```
3552
188
3553
189
### Manually adding nodes
3554
190
3555
191
If your nodes are not capable of booting from PXE images, they can be manually registered with MAAS. On the Nodes screen:
3556
192
![]add-node.png
3557
193
3558
194
Select 'Add node' and manually enter details about the node, including its MAC address. This is used to identify the node when it contacts the DHCP server.
3559
195
3560
196
3561
197
3562
198
## Preparing MAAS for Juju using Simplestreams
3563
199
3564
200
When Juju bootstraps a cloud, it needs two critical pieces of information:
3565
201
3566
202
1. The uuid of the image to use when starting new compute instances.
3567
203
2. The URL from which to download the correct version of a tools tarball.
3568
204
3569
205
This necessary information is stored in a json metadata format called "simplestreams". For supported public cloud services such as Amazon Web Services, HP Cloud, Azure, etc, no action is required by the end user. However, those setting up a private cloud, or who want to change how things work (eg use a different Ubuntu image), can create their own metadata, after understanding a bit about how it works.
3570
206
3571
207
The simplestreams format is used to describe related items in a structural fashion.( [See the Launchpad project lp:simplestreams for more details on implementation](https://launchpad.net/simplestreams)). Below we will discuss how Juju determines which metadata to use, and how to create your own images and tools and have Juju use them instead of the defaults.
3572
208
3573
209
### Basic Workflow
3574
210
3575
211
Whether images or tools, Juju uses a search path to try and find suitable metadata. The path components (in order of lookup) are:
3576
212
3577
213
1. User supplied location (specified by tools-metadata-url or image-metadata-url config settings).
3578
214
2. The environment's cloud storage.
3579
215
3. Provider specific locations (eg keystone endpoint if on Openstack).
3580
216
4. A web location with metadata for supported public clouds (https://streams.canonical.com).
3581
217
3582
218
Metadata may be inline signed, or unsigned. We indicate a metadata file is signed by using the '.sjson' extension. Each location in the path is first searched for signed metadata, and if none is found, unsigned metadata is attempted before moving onto the next path location.
3583
219
3584
220
Juju ships with public keys used to validate the integrity of image and tools metadata obtained from https://streams.canonical.com. So out of the box, Juju will "Just Work" with any supported public cloud, using signed metadata. Setting up metadata for a private (eg Openstack) cloud requires metadata to be generated using tools which ship with Juju.
3585
221
3586
222
### Image Metadata Contents
3587
223
3588
224
Image metadata uses a simplestreams content type of "image-ids". The product id is formed as follows:
3589
225
3590
226
com.ubuntu.cloud:server:<series_version>:<arch> For Example:
3591
227
com.ubuntu.cloud:server:14.04:amd64 Non-released images (eg beta, daily etc) have product ids like:
3592
228
com.ubuntu.cloud.daily:server:13.10:amd64
3593
229
3594
230
The metadata index and product files are required to be in the following directory tree (relative to the URL associated with each path component):
3595
231
3596
232
<path_url> |-streams |-v1 |-index.(s)json |-product-foo.(s)json |-product-bar.(s)json
3597
233
3598
234
The index file must be called "index.(s)json" (sjson for signed). The various product files are named according to the Path values contained in the index file.
3599
235
3600
236
Tools metadata uses a simplestreams content type of "content-download". The product id is formed as follows:
3601
237
3602
238
"com.ubuntu.juju:<series_version>:<arch>"
3603
239
3604
240
For example:
3605
241
3606
242
"com.ubuntu.juju:12.04:amd64"
3607
243
3608
244
The metadata index and product files are required to be in the following directory tree (relative to the URL associated with each path component). In addition, tools tarballs which Juju needs to download are also expected.
3609
245
3610
246
|-streams | |-v1 | |-index.(s)json | |-product-foo.(s)json | |-product-bar.(s)json | |-releases |-tools-abc.tar.gz |-tools-def.tar.gz |-tools-xyz.tar.gz
3611
247
3612
248
The index file must be called "index.(s)json" (sjson for signed). The product file and tools tarball name(s) match whatever is in the index/product files.
3613
249
3614
250
### Configuration
3615
251
3616
252
For supported public clouds, no extra configuration is required; things work out-of-the-box. However, for testing purposes, or for non-supported cloud deployments, Juju needs to know where to find the tools and which image to run. Even for supported public clouds where all required metadata is available, the user can put their own metadata in the search path to override what is provided by the cloud.
3617
253
3618
254
#### User specified URLs
3619
255
3620
256
These are initially specified in the environments.yaml file (and then subsequently copied to the jenv file when the environment is bootstrapped). For images, use "image-metadata-url"; for tools, use "tools-metadata-url". The URLs can point to a world readable container/bucket in the cloud, an address served by a http server, or even a shared directory which is accessible by all node instances running in the cloud.
3621
257
3622
258
Assume an Apache http server with base URL `https://juju-metadata` , providing access to information at `<base>/images` and `<base>/tools` . The Juju environment yaml file could have the following entries (one or both):
3623
259
3624
260
tools-metadata-url: https://juju-metadata/tools image-metadata-url: https://juju-metadata/images
3625
261
3626
262
The required files in each location is as per the directory layout described earlier. For a shared directory, use a URL of the form "file:///sharedpath".
3627
263
3628
264
#### Cloud storage
3629
265
3630
266
If no matching metadata is found in the user specified URL, environment's cloud storage is searched. No user configuration is required here - all Juju environments are set up with cloud storage which is used to store state information, charms etc. Cloud storage setup is provider dependent; for Amazon and Openstack clouds, the storage is defined by the "control-bucket" value, for Azure, the "storage-account-name" value is relevant.
3631
267
3632
268
The (optional) directory structure inside the cloud storage is as follows:
3633
269
3634
270
|-tools | |-streams | |-v1 | |-releases | |-images |-streams |-v1
3635
271
3636
272
Of course, if only custom image metadata is required, the tools directory will not be required, and vice versa.
3637
273
3638
274
Note that if juju bootstrap is run with the `--upload-tools` option, the tools and metadata are placed according to the above structure. That's why the tools are then available for Juju to use.
3639
275
3640
276
#### Provider specific storage
3641
277
3642
278
Providers may allow additional locations to search for metadata and tools. For OpenStack, Keystone endpoints may be created by the cloud administrator. These are defined as follows:
3643
279
3644
280
juju-tools the &LT;path_url&GT; value as described above in Tools Metadata Contentsproduct-streams the &LT;path_url&GT; value as described above in Image Metadata Contents
3645
281
3646
282
Other providers may similarly be able to specify locations, though the implementation will vary.
3647
283
3648
284
This is the default location used to search for image and tools metadata and is used if no matches are found earlier in any of the above locations. No user configuration is required.
3649
285
3650
286
There are two main issues when deploying a private cloud:
3651
287
3652
288
1. Image ids will be specific to the cloud.
3653
289
2. Often, outside internet access is blocked
3654
290
3655
291
Issue 1 means that image id metadata needs to be generated and made available.
3656
292
3657
293
Issue 2 means that tools need to be mirrored locally to make them accessible.
3658
294
3659
295
Juju tools exist to help with generating and validating image and tools metadata. For tools, it is often easiest to just mirror `https://streams.canonical.com/tools` . However image metadata cannot be simply mirrored because the image ids are taken from the cloud storage provider, so this needs to be generated and validated using the commands described below.
3660
296
3661
297
The available Juju metadata tools can be seen by using the help command:
3662
298
3663
299
juju help metadata
3664
300
3665
301
The overall workflow is:
3666
302
3667
303
- Generate image metadata
3668
304
- Copy image metadata to somewhere in the metadata search path
3669
305
- Optionally, mirror tools to somewhere in the metadata search path
3670
306
- Optionally, configure tools-metadata-url and/or image-metadata-url
3671
307
3672
308
#### Image metadata
3673
309
3674
310
Generate image metadata using
3675
311
3676
312
juju metadata generate-image -d <metadata_dir>
3677
313
3678
314
As a minimum, the above command needs to know the image id to use and a directory in which to write the files.
3679
315
3680
316
Other required parameters like region, series, architecture etc. are taken from the current Juju environment (or an environment specified with the -e option). These parameters can also be overridden on the command line.
3681
317
3682
318
The image metadata command can be run multiple times with different regions, series, architecture, and it will keep adding to the metadata files. Once all required image ids have been added, the index and product json files can be uploaded to a location in the Juju metadata search path. As per the Configuration section, this may be somewhere specified by the `image-metadata-url` setting or the cloud's storage etc.
3683
319
3684
320
Examples:
3685
321
3686
322
1. image-metadata-url
3687
323
3688
324
- upload contents of to `http://somelocation`
3689
325
- set image-metadata-url to `http://somelocation/images`
3690
326
3691
327
2. Cloud storage
3692
328
3693
329
If run without parameters, the validation command will take all required details from the current Juju environment (or as specified by -e) and output the image id it would use to spin up an instance. Alternatively, series, region, architecture etc. can be specified on the command line to override the values in the environment config.
3694
330
#### Tools metadata
3695
331
3696
332
Generally, tools and related metadata are mirrored from `https://streams.canonical.com/tools` . However, it is possible to manually generate metadata for a custom built tools tarball.
3697
333
3698
334
First, create a tarball of the relevant tools and place in a directory structured like this:
3699
335
3700
336
<tools_dir>/tools/releases/
3701
337
3702
338
Now generate relevant metadata for the tools by running the command:
3703
339
3704
340
juju generate-tools -d <tools_dir>
3705
341
3706
342
Finally, the contents of can be uploaded to a location in the Juju metadata search path. As per the Configuration section, this may be somewhere specified by the tools-metadata-url setting or the cloud's storage path settings etc.
3707
343
3708
344
Examples:
3709
345
3710
346
1. tools-metadata-url
3711
347
3712
348
- upload contents of the tools dir to `http://somelocation`
3713
349
- set tools-metadata-url to `http://somelocation/tools`
3714
350
3715
351
2. Cloud storage
3716
352
3717
353
upload contents of directly to environment's cloud storage
3718
354
3719
355
As with image metadata, the validation command is used to ensure tools are available for Juju to use:
3720
356
3721
357
juju metadata validate-tools
3722
358
3723
359
The same comments apply. Run the validation tool without parameters to use details from the Juju environment, or override values as required on the command line. See `juju help metadata validate-tools` for more details.
3724
360
3725
361
##Appendix I - Using Tags
3726
362
##Appendix II - Using the MAAS CLI
3727
363
As well as the web interface, many tasks can be performed by accessing the MAAS API directly through the maas-cli command. This section details how to login with this tool and perform some common operations.
3728
364
3729
365
###Logging in
3730
366
Before the API will accept any commands from maas-cli, you must first login. To do this, you need the API key which can be found in the user interface.
3731
367
3732
368
Login to the web interface on your MAAS. Click on the username in the top right corner and select ‘Preferences’ from the menu which appears.
3733
369
3734
370
![]maascli-prefs.png
3735
371
A new page will load...
3736
372
3737
373
![]maascli-key.png
3738
374
The very first item is a list of MAAS keys. One will have already been generated when the system was installed. It’s easiest to just select all the text, copy the key (it’s quite long!) and then paste it into the commandline. The format of the login command is:
3739
375
3740
376
```
3741
377
 maas-cli login <profile-name> <hostname> <key>
3742
378
```
3743
379
3744
380
The profile created is an easy way of associating your credentials with any subsequent call to the API. So an example login might look like this:
3745
381
3746
382
```
3747
383
maas-cli login maas http://10.98.0.13/MAAS/api/1.0
3748
384
AWSCRMzqMNy:jjk...5e1FenoP82Qm5te2
3749
385
```
3750
386
which creates the profile ‘maas’ and registers it with the given key at the specified API endpoint. If you omit the credentials, they will be prompted for in the console. It is also possible to use a hyphen, ‘-‘ in place of the credentials. In this case a single line will be read from stdin, stripped of any whitespace and used as the credentials, which can be useful if you are devolping scripts for specific tasks. If an empty string is passed instead of the credentials, the profile will be logged in anonymously (and consequently some of the API calls will not be available)
3751
387
3752
388
### maas-cli commands
3753
389
The maas-cli command exposes the whole API, so you can do anything you actually can do with MAAS using this command. This leaves us with a vast number of options, which are more fully expressed in the complete [2][MAAS Documentation]
3754
390
3755
391
list:
3756
392
    lists the details [name url auth-key] of all the currently logged-in profiles.
3757
393
3758
394
login <profile> <url> <key>:
3759
395
    Logs in to the MAAS controller API at the given URL, using the key provided and
3760
396
    associates this connection with the given profile name.
3761
397
3762
398
logout <profile>:
3763
399
    Logs out from the given profile, flushing the stored credentials.
3764
400
3765
401
refresh:
3766
402
    Refreshes the API descriptions of all the current logged in profiles. This may become necessary for example when upgrading the maas packages to ensure the command-line options match with the API.
3767
403
3768
404
### Useful examples
3769
405
3770
406
Displays current status of nodes in the commissioning phase:
3771
407
```
3772
408
maas cli maas nodes check-commissioning
3773
409
```
3774
410
3775
411
Accept and commission all discovered nodes:
3776
412
```
3777
413
maas-cli maas nodes accept-all
3778
414
```
3779
415
3780
416
List all known nodes:
3781
417
```
3782
418
maas-cli maas nodes list
3783
419
```
3784
420
3785
421
Filter the list using specific key/value pairs:
3786
422
```
3787
423
maas-cli maas nodes list architecture="i386/generic"
3788
424
```
3789
425
3790
426
Set the power parameters for an ipmi enabled node:
3791
427
```
3792
428
maas-cli maas node update <system_id> \
3793
429
  power_type="ipmi" \
3794
430
  power_parameters_power_address=192.168.22.33 \
3795
431
  power_parameters_power_user=root \
3796
432
  power_parameters_power_pass=ubuntu;
3797
433
```
3798
434
## Appendix III - Physical Zones
3799
435
3800
436
To help you maximise fault-tolerance and performance of the services you deploy, MAAS administrators can define _physical zones_ (or just _zones_ for short), and assign nodes to them. When a user requests a node, they can ask for one that is in a specific zone, or one that is not in a specific zone.
3801
437
3802
438
It's up to you as an administrator to decide what a physical zone should represent: it could be a server rack, a room, a data centre, machines attached to the same UPS, or a portion of your network. Zones are most useful when they represent portions of your infrastructure. But you could also use them simply to keep track of where your systems are located.
3803
439
3804
440
Each node is in one and only one physical zone. Each MAAS instance ships with a default zone to which nodes are attached by default. If you do not need this feature, you can simply pretend it does not exist.
3805
441
3806
442
### Applications
3807
443
3808
444
Since you run your own MAAS, its physical zones give you more flexibility than those of a third-party hosted cloud service. That means that you get to design your zones and define what they mean. Below are some examples of how physical zones can help you get the most out of your MAAS.
3809
445
3810
446
### Creating a Zone
3811
447
3812
448
Only administrators can create and manage zones. To create a physical zone in the web user interface, log in as an administrator and browse to the "Zones" section in the top bar. This will takes you to the zones listing page. At the bottom of the page is a button for creating a new zone:
3813
449
3814
450
![]add-zone.png
3815
451
3816
452
Or to do it in the [_region-controller API_][#region-controller-api], POST your zone definition to the _"zones"_ endpoint.
3817
453
3818
454
### Assigning Nodes to a Zone
3819
455
3820
456
Once you have created one or more physical zones, you can set nodes' zones from the nodes listing page in the UI. Select the nodes for which you wish to set a zone, and choose "Set physical zone" from the "Bulk action" dropdown list near the top. A second dropdown list will appear, to let you select which zone you wish to set. Leave it blank to clear nodes' physical zones. Clicking "Go" will apply the change to the selected nodes.
3821
457
3822
458
You can also set an individual node's zone on its "Edit node" page. Both ways are available in the API as well: edit an individual node through a request to the node's URI, or set the zone on multiple nodes at once by calling the operation on the endpoint.
3823
459
3824
460
### Allocating a Node in a Zone
3825
461
3826
462
To deploy in a particular zone, call the method in the [_region-controller API_][#region-controller-api] as before, but pass the parameter with the name of the zone. The method will allocate a node in that zone, or fail with an HTTP 409 ("conflict") error if the zone has no nodes available that match your request.
3827
463
3828
464
Alternatively, you may want to request a node that is _not_ in a particular zone, or one that is not in any of several zones. To do that, specify the parameter to . This parameter takes a list of zone names; the allocated node will not be in any of them. Again, if that leaves no nodes available that match your request, the call will return a "conflict" error.
3829
465
3830
466
It is possible, though not usually useful, to combine the and parameters. If your choice for is also present in , no node will ever match your request. Or if it's not, then the values will not affect the result of the call at all.
3831
467
3832
468
0
3833
=== removed file 'Intro.md'
3834
--- Intro.md	2014-04-11 14:51:27 +0000
3835
+++ Intro.md	1970-01-01 00:00:00 +0000
3836
@@ -1,26 +0,0 @@
3837
1
#Ubuntu Cloud Documentation
3838
2
3839
3
## Deploying Production Grade OpenStack with MAAS, Juju and Landscape
3840
4
3841
5
This documentation has been created to describe best practice in deploying
3842
6
a Production Grade installation of OpenStack using current Canonical 
3843
7
technologies, including bare metal provisioning using MAAS, service 
3844
8
orchestration with Juju and system management with Landscape.
3845
9
3846
10
This documentation is divided into four main topics:
3847
11
3848
12
 1. [Installing the MAAS Metal As A Service software](../installing-maas.html)
3849
13
 2. [Installing Juju and configuring it to work with MAAS](../installing-juju.html)
3850
14
 3. [Using Juju to deploy OpenStack](../installing-openstack.html)
3851
15
 4. [Deploying Landscape to manage your OpenStack cloud](../installing-landscape)
3852
16
 
3853
17
Once you have an up and running OpenStack deployment, you should also read
3854
18
our [Administration Guide](../admin-intro.html) which details common tasks
3855
19
for maintenance and scaling of your service. 
3856
20
3857
21
3858
22
## Legal notices
3859
23
3860
24
3861
25
3862
26
![Canonical logo](./media/logo-canonical_no™-aubergine-hex.jpg)
3863
27
0
3864
=== removed file 'Logging-Juju.md'
3865
--- Logging-Juju.md	2014-04-02 16:18:10 +0000
3866
+++ Logging-Juju.md	1970-01-01 00:00:00 +0000
3867
@@ -1,24 +0,0 @@
3868
1
Title: Logging - Juju
3869
2
Status: In Progress
3870
3
3871
4
# Logging - Juju
3872
5
3873
6
## Introduction
3874
7
3875
8
**TODO**
3876
9
3877
10
## Scope
3878
11
3879
12
**TODO**
3880
13
3881
14
## Connecting to rsyslogd
3882
15
3883
16
Juju already uses `rsyslogd` for the aggregation of all logs into on centralized log. The
3884
17
target of this logging is the file `/var/log/juju/all-machines.log`. You can directly
3885
18
access it using the command
3886
19
3887
20
````
3888
21
$ juju debug-log
3889
22
````
3890
23
3891
24
**TODO** Describe a way to redirect this log to a central rsyslogd server.
3892
25
0
3893
=== removed file 'Logging-OpenStack.md'
3894
--- Logging-OpenStack.md	2014-04-02 16:18:10 +0000
3895
+++ Logging-OpenStack.md	1970-01-01 00:00:00 +0000
3896
@@ -1,92 +0,0 @@
3897
1
Title: Logging - OpenStack
3898
2
Status: In Progress
3899
3
3900
4
# Logging - OpenStack
3901
5
3902
6
## Introduction
3903
7
3904
8
**TODO**
3905
9
3906
10
## Scope
3907
11
3908
12
**TODO**
3909
13
3910
14
## Connecting to rsyslogd
3911
15
3912
16
By default OpenStack is writting its logging output into files into directories for each
3913
17
component, like `/var/log/nova` or `/var/log/glance`. For the usage of `rsyslogd` the components
3914
18
have to be configured to also log to `syslog`. When doing this also configure each component
3915
19
to log into a different syslog facility. This will help you to split the logs into individual
3916
20
components on the central logging server. So ensure the following settings:
3917
21
3918
22
**/etc/nova/nova.conf:**
3919
23
3920
24
````
3921
25
use_syslog=True
3922
26
syslog_log_facility=LOG_LOCAL0
3923
27
````
3924
28
3925
29
**/etc/glance/glance-api.conf and /etc/glance/glance-registry.conf:**
3926
30
3927
31
````
3928
32
use_syslog=True
3929
33
syslog_log_facility=LOG_LOCAL1
3930
34
````
3931
35
3932
36
**/etc/cinder/cinder.conf:**
3933
37
3934
38
````
3935
39
use_syslog=True
3936
40
syslog_log_facility=LOG_LOCAL2
3937
41
````
3938
42
3939
43
**/etc/keystone/keystone.conf:**
3940
44
3941
45
````
3942
46
use_syslog=True
3943
47
syslog_log_facility=LOG_LOCAL3
3944
48
````
3945
49
3946
50
The object storage Swift be fault already logs to syslog. So you now can tell the local
3947
51
rsyslogd clients to pass the logged information to the logging server. You'll do this
3948
52
by creating a `/etc/rsyslog.d/client.conf` containing the line like
3949
53
3950
54
````
3951
55
*.* @192.16.1.10
3952
56
````
3953
57
3954
58
where the IP address points to your rsyslogd server. Best is to choose a server that is
3955
59
dedicated to this task only. Here you've got to create the file `/etc/rsyslog.d/server.conf`
3956
60
contining the settings
3957
61
3958
62
````
3959
63
# Enable UDP
3960
64
$ModLoad imudp
3961
65
# Listen on 192.168.1.10 only
3962
66
$UDPServerAddress 192.168.1.10
3963
67
# Port 514
3964
68
$UDPServerRun 514
3965
69
# Create logging templates for nova
3966
70
$template NovaFile,"/var/log/rsyslog/%HOSTNAME%/nova.log"
3967
71
$template NovaAll,"/var/log/rsyslog/nova.log"
3968
72
# Log everything else to syslog.log
3969
73
$template DynFile,"/var/log/rsyslog/%HOSTNAME%/syslog.log"
3970
74
*.* ?DynFile
3971
75
# Log various openstack components to their own individual file
3972
76
local0.* ?NovaFile
3973
77
local0.* ?NovaAll
3974
78
& ~
3975
79
````
3976
80
3977
81
This example only contains the settings for Nova only, the other OpenStack components
3978
82
have to be added the same way. Using two templates per component, one containing the 
3979
83
`%HOSTNAME%` variable and one without it enables a better splitting of the logged 
3980
84
data. Think about the two example nodes `alpha.example.com` and `bravo.example.com`.
3981
85
They will write their logging into the files
3982
86
3983
87
- `/var/log/rsyslog/alpha.example.com/nova.log` - only the data of alpha,
3984
88
- `/var/log/rsyslog/bravo.example.com/nova.log` - only the data of bravo,
3985
89
- `/var/log/rsyslog/nova.log` - the combined data of both.
3986
90
3987
91
This allows a quick overview over all nodes as well as the focussed analysis of an
3988
92
individual node.
3989
93
0
3990
=== removed file 'Logging.md'
3991
--- Logging.md	2014-04-02 16:18:10 +0000
3992
+++ Logging.md	1970-01-01 00:00:00 +0000
3993
@@ -1,15 +0,0 @@
3994
1
Title: Logging
3995
2
Status: In Progress
3996
3
3997
4
# Logging
3998
5
3999
6
The controlling of individual logs is a cumbersome job, even in an environment with only
4000
7
few computer system. But it's even more worse in typical clouds with a large number of
4001
8
nodes. Here the centrallized approach using `rsyslogd` helps. It allows you to aggregate
4002
9
the logging output of all systems in one place. Here the monitoring and analysis gets
4003
10
more simple.
4004
11
4005
12
Ubuntu uses `rsyslogd` as the default logging service. Since it is natively able to send 
4006
13
logs to a remote location, you don't have to install anything extra to enable this feature, 
4007
14
just modify the configuration file. In doing this, consider running your logging over 
4008
15
a management network or using an encrypted VPN to avoid interception.
4009
16
0
4010
=== removed file 'Scaling-Ceph.md'
4011
--- Scaling-Ceph.md	2014-04-07 13:23:30 +0000
4012
+++ Scaling-Ceph.md	1970-01-01 00:00:00 +0000
4013
@@ -1,36 +0,0 @@
4014
1
Title: Scaling - Ceph
4015
2
Status: In Progress
4016
3
4017
4
# Scaling - Ceph
4018
5
4019
6
## Introduction
4020
7
4021
8
Beside the redundancy for more safety and the higher performance through the usage of 
4022
9
Ceph as storage backend for OpenStack the user also benefits from the more simple way
4023
10
of scaling the storage of the needs grow.
4024
11
4025
12
## Scope
4026
13
4027
14
**TODO**
4028
15
4029
16
## Scaling
4030
17
4031
18
The addition of Ceph nodes is done using the Juju `add-node` command. By default
4032
19
it adds only one node, but it is possible to add the number of wanted nodes as
4033
20
argument. To add one more Ceph OSD Daemon node you simply call
4034
21
4035
22
```
4036
23
juju add-node ceph-osd
4037
24
```
4038
25
4039
26
Larger numbers of nodes can be added using the `-n` argument, e.g. 5 nodes
4040
27
with
4041
28
4042
29
```
4043
30
juju add-node -n 5 ceph-osd
4044
31
```
4045
32
4046
33
**Attention:** The adding of more nodes to Ceph leads to a redistribution of data
4047
34
between the nodes of an image. This can cause inefficiencies during this process. So
4048
35
it should be done in smaller steps.
4049
36
4050
37
0
4051
=== removed file 'Upgrading-and-Patching-Juju.md'
4052
--- Upgrading-and-Patching-Juju.md	2014-04-02 16:18:10 +0000
4053
+++ Upgrading-and-Patching-Juju.md	1970-01-01 00:00:00 +0000
4054
@@ -1,45 +0,0 @@
4055
1
Title: Upgrading and Patching - Juju
4056
2
Status: In Progress
4057
3
4058
4
# Upgrading and Patching - Juju
4059
5
4060
6
## Introduction
4061
7
4062
8
**TODO**
4063
9
4064
10
## Scope
4065
11
4066
12
**TODO**
4067
13
4068
14
## Upgrading
4069
15
4070
16
The upgrade of a Juju environment is done using the Juju client and its command
4071
17
4072
18
````
4073
19
$ juju upgrade-juju
4074
20
````
4075
21
4076
22
This command sets the version number for all Juju agents to run. This by default
4077
23
is the most recent supported version compatible with the comand-line tools version.
4078
24
So ensure that you've upgraded the Juju client first.
4079
25
4080
26
When run without arguments, `upgrade-juju` will try to upgrade to the following 
4081
27
versions, in order of preference and depending on the current value of the 
4082
28
environment's `agent-version` setting:
4083
29
4084
30
- The highest patch.build version of the *next* stable major.minor version.
4085
31
- The highest patch.build version of the *current* major.minor version.
4086
32
4087
33
Both of these depend on the availability of the according tools. On MAAS you've
4088
34
got to manage this yourself using the command
4089
35
4090
36
````
4091
37
$ juju sync-tools
4092
38
````
4093
39
4094
40
This copies the Juju tools tarball from the official tools store (located
4095
41
at https://streams.canonical.com/juju) into your environment.
4096
42
4097
43
## Patching
4098
44
4099
45
**TODO**
4100
46
0
4101
=== removed file 'Upgrading-and-Patching-OpenStack.md'
4102
--- Upgrading-and-Patching-OpenStack.md	2014-04-02 16:18:10 +0000
4103
+++ Upgrading-and-Patching-OpenStack.md	1970-01-01 00:00:00 +0000
4104
@@ -1,83 +0,0 @@
4105
1
Title: Upgrading and Patching - OpenStack
4106
2
Status: In Progress
4107
3
4108
4
# Upgrading and Patching - OpenStack
4109
5
4110
6
## Introduction
4111
7
4112
8
**TODO**
4113
9
4114
10
## Scope
4115
11
4116
12
**TODO**
4117
13
4118
14
## Upgrading
4119
15
4120
16
The upgrade of an OpenStack cluster in one big step is an approach requiring additional
4121
17
hardware to setup an update cloud beside the productive one and leads to a longer
4122
18
outage while your cloud is in read-only mode, the state is transferred to the new
4123
19
one and the environments are switched. So the preferred way of upgrading an OpenStack
4124
20
cloud is the rolling upgrade of each component of the system piece by piece.
4125
21
4126
22
Here you can choose between in-place and side-by-side upgrades. But the first one needs
4127
23
to shutdown the regarding component while you're performing its upgrade. Additionally you
4128
24
may have troubles in case of a rollback. So to avoid this the side by side upgrade is
4129
25
the preferred way here.
4130
26
4131
27
Before starting the upgrade itself you should
4132
28
4133
29
- Perform some "cleaning" of the environment process to ensure a consistent state; for 
4134
30
  example, instances not fully purged from the system after deletion may cause 
4135
31
  indeterminate behavior
4136
32
- Read the release notes and documentation
4137
33
- Find incompatibilities between your versions
4138
34
4139
35
The upgrade tasks here follow the same procedure for each component:
4140
36
4141
37
1. Configure the new worker
4142
38
1. Turn off the current worker; during this time hide the downtime using a message
4143
39
   queue or a load balancer
4144
40
1. Take a backup as described earlier of the old worker for a rollback
4145
41
1. Copy the state of the current to the new worker
4146
42
1. Start up the new worker
4147
43
4148
44
Now repeat these steps for each worker in an approprate order. In case of a problem it
4149
45
should be easy to rollback as long as the former worker stays untouched. This is,
4150
46
beside the shorter downtime, the most important advantage of the side-by-side upgrade.
4151
47
4152
48
The following order for service upgrades seems the most successful:
4153
49
4154
50
1. Upgrade the OpenStack Identity Service (Keystone).
4155
51
1. Upgrade the OpenStack Image Service (Glance).
4156
52
1. Upgrade OpenStack Compute (Nova), including networking components.
4157
53
1. Upgrade OpenStack Block Storage (Cinder).
4158
54
1. Upgrade the OpenStack dashboard.
4159
55
4160
56
These steps look very easy, but still are a complex procedure depending on your cloud
4161
57
configuration. So we recommend to have a testing environment with a near-identical
4162
58
architecture to your production system. This doesn't mean that you should use the same
4163
59
sizes and hardware, which would be best but expensive. But there are some ways to reduce
4164
60
the cost.
4165
61
4166
62
- Use your own cloud. The simplest place to start testing the next version of OpenStack 
4167
63
  is by setting up a new environment inside your own cloud. This may seem odd—especially 
4168
64
  the double virtualisation used in running compute nodes—but it's a sure way to very 
4169
65
  quickly test your configuration.
4170
66
- Use a public cloud. Especially because your own cloud is unlikely to have sufficient 
4171
67
  space to scale test to the level of the entire cloud, consider using a public cloud 
4172
68
  to test the scalability limits of your cloud controller configuration. Most public 
4173
69
  clouds bill by the hour, which means it can be inexpensive to perform even a test 
4174
70
  with many nodes.
4175
71
- Make another storage endpoint on the same system. If you use an external storage plug-in 
4176
72
  or shared file system with your cloud, in many cases it's possible to test that it 
4177
73
  works by creating a second share or endpoint. This will enable you to test the system 
4178
74
  before entrusting the new version onto your storage.
4179
75
- Watch the network. Even at smaller-scale testing, it should be possible to determine 
4180
76
  whether something is going horribly wrong in intercomponent communication if you 
4181
77
  look at the network packets and see too many.
4182
78
4183
79
**TODO** Add more concrete description here.
4184
80
4185
81
## Patching
4186
82
4187
83
**TODO**
4188
84
0
4189
=== removed directory 'build'
4190
=== removed directory 'build/epub'
4191
=== removed directory 'build/html'
4192
=== removed directory 'build/pdf'
4193
=== removed file 'installing-openstack-outline.md'
4194
--- installing-openstack-outline.md	2014-04-11 14:51:27 +0000
4195
+++ installing-openstack-outline.md	1970-01-01 00:00:00 +0000
4196
@@ -1,395 +0,0 @@
4197
1
Title:Installing OpenStack
4198
2
4199
3
# Installing OpenStack
4200
4
4201
5
![Openstack](../media/openstack.png)
4202
6
4203
7
##Introduction
4204
8
4205
9
OpenStack is a versatile, open source cloud environment equally suited to serving up public, private or hybrid clouds. Canonical is a Platinum Member of the OpenStack foundation and has been involved with the OpenStack project since its inception; the software covered in this document has been developed with the intention of providing a streamlined way to deploy and manage OpenStack installations.
4206
10
4207
11
### Scope of this documentation
4208
12
4209
13
The OpenStack platform is powerful and its uses diverse. This section of documentation 
4210
14
is primarily concerned with deploying a 'standard' running OpenStack system using, but not limited to, Canonical components such as MAAS, Juju and Ubuntu. Where appropriate other methods and software will be mentioned.
4211
15
4212
16
### Assumptions
4213
17
4214
18
1. Use of MAAS
4215
19
   This document is written to provide instructions on how to deploy OpenStack using MAAS for hardware provisioning. If you are not deploying directly on hardware, this method will still work, with a few alterations, assuming you have a properly configured Juju environment. The main difference will be that you will have to provide different configuration options depending on the network configuration.
4216
20
   
4217
21
2. Use of Juju
4218
22
   This document assumes an up to date, stable release version of Juju.
4219
23
   
4220
24
3. Local network configuration
4221
25
   This document assumes that you have an adequate local network configuration, including separate interfaces for access to the OpenStack cloud. Ideal networks are laid out in the [MAAS][MAAS documentation for OpenStack]
4222
26
4223
27
## Planning an installation
4224
28
4225
29
Before deploying any services, it is very useful to take stock of the resources available and how they are to be used. OpenStack comprises of a number of interrelated services (Nova, Swift, etc) which each have differing demands in terms of hosts. For example, the Swift service, which provides object storage, has a different requirement than the Nova service, which provides compute resources.
4226
30
4227
31
The minimum requirements for each service and recommendations are laid out in the official [oog][OpenStack Operations Guide] which is available (free) in HTML or various downloadable formats. For guidance, the following minimums are recommended for Ubuntu Cloud:
4228
32
4229
33
[insert minimum hardware spec]
4230
34
4231
35
4232
36
4233
37
The recommended composition of nodes for deploying OpenStack with MAAS and Juju is that all nodes in the system should be capable of running *ANY* of the services. This is best practice for the robustness of the system, as since any physical node should fail, another can be repurposed to take its place. This obviously extends to any hardware requirements such as extra network interfaces.
4234
38
4235
39
If for reasons of economy or otherwise you choose to use different configurations of hardware, you should note that your ability to overcome hardware failure will be reduced. It will also be necessary to target deployments to specific nodes - see the section in the MAAS documentation on tags [MAAS tags]
4236
40
4237
41
4238
42
###Create the OpenStack configuration file
4239
43
4240
44
We will be using Juju charms to deploy the component parts of OpenStack. Each charm encapsulates everything required to set up a particular service. However, the individual services have many configuration options, some of which we will want to change. 
4241
45
4242
46
To make this task easier and more reproduceable, we will create a separate configuration file with the relevant options for all the services. This is written in a standard YAML format. 
4243
47
4244
48
You can download the [openstack-config.yaml] file we will be using from here. It is also reproduced below:
4245
49
4246
50
```
4247
51
keystone:
4248
52
  admin-password: openstack
4249
53
  debug: 'true'
4250
54
  log-level: DEBUG
4251
55
nova-cloud-controller:
4252
56
  network-manager: 'Neutron'
4253
57
  quantum-security-groups: 'yes'
4254
58
  neutron-external-network: Public_Network
4255
59
nova-compute:
4256
60
  enable-live-migration: 'True'
4257
61
  migration-auth-type: "none"
4258
62
  virt-type: kvm
4259
63
  #virt-type: lxc
4260
64
  enable-resize: 'True'
4261
65
quantum-gateway:
4262
66
  ext-port: 'eth1'
4263
67
  plugin: ovs
4264
68
glance:
4265
69
  ceph-osd-replication-count: 3
4266
70
cinder:
4267
71
  block-device: None
4268
72
  ceph-osd-replication-count: 3
4269
73
  overwrite: "true"
4270
74
  glance-api-version: 2
4271
75
ceph:
4272
76
  fsid: a51ce9ea-35cd-4639-9b5e-668625d3c1d8
4273
77
  monitor-secret: AQCk5+dR6NRDMRAAKUd3B8SdAD7jLJ5nbzxXXA==
4274
78
  osd-devices: /dev/sdb
4275
79
  osd-reformat: 'True'
4276
80
```
4277
81
4278
82
For all services, we can configure the `openstack-origin` to point to an install source. In this case, we will rely on the default, which will point to the relevant sources for the Ubuntu 14.04 LTS Trusty release. Further configuration for each service is explained below:
4279
83
4280
84
####keystone
4281
85
admin password:
4282
86
    You should set a memorable password here to be able to access OpenStack when it is deployed
4283
87
4284
88
debug: 
4285
89
    It is useful to set this to 'true' initially, to monitor the setup. this will produce more verbose messaging.
4286
90
   
4287
91
log-level: 
4288
92
    Similarly, setting the log-level to DEBUG means that more verbose logs can be generated. These options can be changed once the system is set up and running normally. 
4289
93
4290
94
####nova-cloud-controller
4291
95
4292
96
cloud-controller:
4293
97
    'Neutron' - Other options are now depricated.
4294
98
    
4295
99
quantum-security-groups: 
4296
100
    'yes'
4297
101
    
4298
102
neutron-external-network: 
4299
103
    Public_Network - This is an interface we will use for allowing access to the cloud, and will be defined later
4300
104
4301
105
####nova-compute
4302
106
enable-live-migration: 
4303
107
  We have set this to 'True'
4304
108
4305
109
migration-auth-type: 
4306
110
    "none"
4307
111
4308
112
virt-type: 
4309
113
    kvm
4310
114
4311
115
enable-resize: 
4312
116
    'True'
4313
117
4314
118
####quantum-gateway
4315
119
ext-port:
4316
120
    This is where we specify the hardware for the public network. Use 'eth1' or the relevant 
4317
121
  plugin: ovs
4318
122
  
4319
123
  
4320
124
####glance
4321
125
4322
126
  ceph-osd-replication-count: 3
4323
127
4324
128
####cinder
4325
129
  openstack-origin: cloud:trusty-icehouse/updates
4326
130
  block-device: None
4327
131
  ceph-osd-replication-count: 3
4328
132
  overwrite: "true"
4329
133
  glance-api-version: 2
4330
134
  
4331
135
####ceph
4332
136
  
4333
137
fsid: 
4334
138
    The fsid is simply a unique identifier. You can generate a suitable value by running `uuidgen`  which should return a value which looks like: a51ce9ea-35cd-4639-9b5e-668625d3c1d8
4335
139
    
4336
140
monitor-secret: 
4337
141
    The monitor secret is a secret string used to authenticate access. There is advice on how to generate a suitable secure secret at [ceph][the ceph website]. A typical value would be `AQCk5+dR6NRDMRAAKUd3B8SdAD7jLJ5nbzxXXA==`
4338
142
    
4339
143
osd-devices: 
4340
144
    This should point (in order of preference) to a device,partition or filename. In this case we will assume secondary device level storage located at `/dev/sdb`
4341
145
    
4342
146
osd-reformat: 
4343
147
    We will set this to 'True', allowing ceph to reformat the drive on provisioning. 
4344
148
    
4345
149
  
4346
150
##Deploying OpenStack with Juju
4347
151
Now that the configuration is defined, we can use Juju to deploy and relate the services.
4348
152
4349
153
###Initialising Juju
4350
154
Juju requires a minimal amount of setup. Here we assume it has already been configured to work with your MAAS cluster (see the [juju_install][Juju Install Guide] for more information on this.
4351
155
4352
156
Firstly, we need to fetch images and tools that Juju will use:
4353
157
```
4354
158
juju sync-tools --debug
4355
159
```
4356
160
Then we can create the bootstrap instance:
4357
161
4358
162
```
4359
163
juju bootstrap --upload-tools --debug
4360
164
```
4361
165
We use the upload-tools switch to use the local versions of the tools which we just fetched. The debug switch will give verbose output which can be useful. This process may take a few minutes, as Juju is creating an instance and installing the tools. When it has finished, you can check the status of the system with the command:
4362
166
```
4363
167
juju status
4364
168
```
4365
169
This should return something like:
4366
170
```
4367
171
---------- example 
4368
172
```
4369
173
### Deploy the OpenStack Charms
4370
174
4371
175
Now that the Juju bootstrap node is up and running we can deploy the services required to make our OpenStack installation. To configure these services properly as they are deployed, we will make use of the configuration file we defined earlier, by passing it along with the `--config` switch with each deploy command. Substitute in the name and path of your config file if different.
4372
176
4373
177
It is useful but not essential to deploy the services in the order below. It is also highly reccommended to open an additional terminal window and run the command `juju debug-log`. This will output the logs of all the services as they run, and can be useful for troubleshooting.
4374
178
4375
179
It is also recommended to run a `juju status` command periodically, to check that each service has been installed and is running properly. If you see any errors, please consult the [troubleshooting][troubleshooting section below].
4376
180
4377
181
```
4378
182
juju deploy --to=0 juju-gui
4379
183
juju deploy rabbitmq-server
4380
184
juju deploy mysql
4381
185
juju deploy --config openstack-config.yaml openstack-dashboard
4382
186
juju deploy --config openstack-config.yaml keystone
4383
187
juju deploy --config openstack-config.yaml ceph -n 3
4384
188
juju deploy --config openstack-config.yaml nova-compute -n 3
4385
189
juju deploy --config openstack-config.yaml quantum-gateway
4386
190
juju deploy --config openstack-config.yaml cinder
4387
191
juju deploy --config openstack-config.yaml nova-cloud-controller
4388
192
juju deploy --config openstack-config.yaml glance
4389
193
juju deploy --config openstack-config.yaml ceph-radosgw
4390
194
```
4391
195
4392
196
4393
197
### Add relations between the OpenStack services
4394
198
4395
199
Although the services are now deployed, they are not yet connected together. Each service currently exists in isolation. We use the `juju add-relation`command to make them aware of each other and set up any relevant connections and protocols. This extra configuration is taken care of by the individual charms themselves. 
4396
200
4397
201
    
4398
202
We should start adding relations between charms by setting up the Keystone authorization service and its database, as this will be needed by many of the other connections:
4399
203
4400
204
juju add-relation keystone mysql
4401
205
4402
206
We wait until the relation is set. After it finishes check it with juju status:
4403
207
4404
208
```
4405
209
juju status mysql
4406
210
juju status keystone
4407
211
```
4408
212
4409
213
It can take a few moments for this service to settle. Although it is certainly possible to continue adding relations (Juju manages a queue for pending actions) it can be counterproductive in terms of the overall time taken, as many of the relations refer to the same services.
4410
214
The following relations also need to be made:
4411
215
```
4412
216
juju add-relation nova-cloud-controller mysql
4413
217
juju add-relation nova-cloud-controller rabbitmq-server
4414
218
juju add-relation nova-cloud-controller glance
4415
219
juju add-relation nova-cloud-controller keystone
4416
220
juju add-relation nova-compute mysql
4417
221
juju add-relation nova-compute rabbitmq-server
4418
222
juju add-relation nova-compute glance
4419
223
juju add-relation nova-compute nova-cloud-controller
4420
224
juju add-relation glance mysql
4421
225
juju add-relation glance keystone
4422
226
juju add-relation cinder keystone
4423
227
juju add-relation cinder mysql
4424
228
juju add-relation cinder rabbitmq-server
4425
229
juju add-relation cinder nova-cloud-controller
4426
230
juju add-relation openstack-dashboard keystone
4427
231
juju add-relation swift-proxy swift-storage
4428
232
juju add-relation swift-proxy keystone
4429
233
```
4430
234
Finally, the output of juju status should show the all the relations as complete. The OpenStack cloud is now running, but it needs to be populated with some additional components before it is ready for use.
4431
235
4432
236
4433
237
4434
238
4435
239
##Preparing OpenStack for use
4436
240
4437
241
###Configuring access to Openstack
4438
242
4439
243
4440
244
4441
245
The configuration data for OpenStack can be fetched by reading the configuration file generated by the Keystone service. You can also copy this information by logging in to the Horizon (OpenStack Dashboard) service and examining the configuration there. However, we actually need only a few bits of information. The following bash script can be run to extract the relevant information:
4442
246
4443
247
```
4444
248
#!/bin/bash
4445
249
4446
250
set -e
4447
251
4448
252
KEYSTONE_IP=`juju status keystone/0 | grep public-address | awk '{ print $2 }' | xargs host | grep -v alias | awk '{ print $4 }'`
4449
253
KEYSTONE_ADMIN_TOKEN=`juju ssh keystone/0 "sudo cat /etc/keystone/keystone.conf | grep admin_token" | sed -e '/^M/d' -e 's/.$//' | awk '{ print $3 }'`
4450
254
4451
255
echo "Keystone IP: [${KEYSTONE_IP}]"
4452
256
echo "Keystone Admin Token: [${KEYSTONE_ADMIN_TOKEN}]"
4453
257
4454
258
cat << EOF > ./nova.rc
4455
259
export SERVICE_ENDPOINT=http://${KEYSTONE_IP}:35357/v2.0/
4456
260
export SERVICE_TOKEN=${KEYSTONE_ADMIN_TOKEN}
4457
261
export OS_AUTH_URL=http://${KEYSTONE_IP}:35357/v2.0/
4458
262
export OS_USERNAME=admin
4459
263
export OS_PASSWORD=openstack
4460
264
export OS_TENANT_NAME=admin
4461
265
EOF
4462
266
4463
267
juju scp ./nova.rc nova-cloud-controller/0:~
4464
268
```  
4465
269
This script extract the required information and then copies the file to the instance running the nova-cloud-controller.
4466
270
Before we do any nova or glance command we will load the file we just created:
4467
271
4468
272
```
4469
273
$ source ./nova.rc
4470
274
$ nova endpoints
4471
275
```
4472
276
4473
277
At this point the output of nova endpoints should show the information of all the available OpenStack endpoints.
4474
278
4475
279
### Install the Ubuntu Cloud Image
4476
280
4477
281
In order for OpenStack to create instances in its cloud, it needs to have access to relevant images
4478
282
$ mkdir ~/iso
4479
283
$ cd ~/iso
4480
284
$ wget http://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img
4481
285
4482
286
###Import the Ubuntu Cloud Image into Glance
4483
287
!!!Note:  glance comes with the package glance-client which may need to be installed where you plan the run the command from
4484
288
4485
289
```
4486
290
apt-get install glance-client
4487
291
glance add name="Trusty x86_64" is_public=true container_format=ovf disk_format=qcow2 < trusty-server-cloudimg-amd64-disk1.img
4488
292
```
4489
293
###Create OpenStack private network
4490
294
Note:  nova-manage  can be run from the nova-cloud-controller node or any of the nova-compute nodes. To access the node we run the following command:
4491
295
4492
296
```
4493
297
juju ssh nova-cloud-controller/0
4494
298
4495
299
sudo nova-manage network create --label=private --fixed_range_v4=1.1.21.32/27 --num_networks=1 --network_size=32 --multi_host=T --bridge_interface=eth0 --bridge=br100
4496
300
```
4497
301
4498
302
To make sure that we have created the network we can now run the following command:
4499
303
4500
304
```
4501
305
sudo nova-manage network list
4502
306
```
4503
307
4504
308
### Create OpenStack public network
4505
309
```
4506
310
sudo nova-manage floating create --ip_range=1.1.21.64/26
4507
311
sudo nova-manage floating list
4508
312
```
4509
313
Allow ping and ssh access adding them to the default security group
4510
314
Note: The following commands are run from a machine where we have the package python-novaclient installed and within a session where we have loaded the above created nova.rc file.
4511
315
4512
316
```
4513
317
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
4514
318
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
4515
319
```
4516
320
4517
321
###Create and register the ssh keys in OpenStack
4518
322
Generate a default keypair
4519
323
```
4520
324
ssh-keygen -t rsa -f ~/.ssh/admin-key
4521
325
```
4522
326
###Copy the public key into Nova
4523
327
We will name it admin-key:
4524
328
Note: In the precise version of python-novaclient the command works with --pub_key instead of --pub-key
4525
329
4526
330
```
4527
331
nova keypair-add --pub-key ~/.ssh/admin-key.pub admin-key
4528
332
```
4529
333
And make sure it’s been successfully created:
4530
334
```
4531
335
nova keypair-list
4532
336
```
4533
337
4534
338
###Create a test instance
4535
339
We created an image with glance before. Now we need the image ID to start our first instance. The ID can be found with this command:
4536
340
```
4537
341
nova image-list
4538
342
```
4539
343
4540
344
Note: we can also use the command glance image-list
4541
345
###Boot the instance:
4542
346
4543
347
```
4544
348
nova boot --flavor=m1.small --image=< image_id_from_glance_index > --key-name admin-key testserver1
4545
349
```
4546
350
4547
351
###Add a floating IP to the new instance
4548
352
First we allocate a floating IP from the ones we created above:
4549
353
4550
354
```
4551
355
nova floating-ip-create
4552
356
```
4553
357
4554
358
Then we associate the floating IP obtained above to the new instance:
4555
359
4556
360
```
4557
361
nova add-floating-ip 9363f677-2a80-447b-a606-a5bd4970b8e6  1.1.21.65
4558
362
```
4559
363
4560
364
4561
365
### Create and attach a Cinder volume to the instance
4562
366
Note: All these steps can be also done through the Horizon Web UI
4563
367
4564
368
We make sure that cinder works by creating a 1GB volume and attaching it to the VM:
4565
369
4566
370
```
4567
371
cinder create --display_name test-cinder1 1
4568
372
```
4569
373
4570
374
Get the ID of the volume with cinder list:
4571
375
4572
376
```
4573
377
cinder list
4574
378
```
4575
379
4576
380
Attach it to the VM as vdb
4577
381
4578
382
```
4579
383
nova volume-attach test-server1 bbb5c5c2-a5fd-4fe1-89c2-d16fe91578d4 /dev/vdb
4580
384
```
4581
385
4582
386
Now we should be able to ssh the VM test-server1 from a server with the private key we created above and see that vdb appears in /proc/partitions
4583
387
4584
388
4585
389
4586
390
4587
391
[troubleshooting]
4588
392
[oog](http://docs.openstack.org/ops/)
4589
393
[MAAS tags]
4590
394
[openstack-config.yaml]
4591
395
[ceph](http://ceph.com/docs/master/dev/mon-bootstrap/)
4592
396
0
4593
=== removed file 'landcsape.md'
4594
--- landcsape.md	2014-03-24 13:49:58 +0000
4595
+++ landcsape.md	1970-01-01 00:00:00 +0000
4596
@@ -1,1297 +0,0 @@
4597
1
#Managing OpenStack with Landscape
4598
2
4599
3
##About Landscape
4600
4
Landscape is a system management tool designed to let you easily manage multiple Ubuntu systems - up to 40,000 with a single Landscape instance. From a single dashboard you can apply package updates and perform other administrative tasks on many machines. You can categorize machines by group, and manage each group separately. You can make changes to targeted machines even when they are offline; the changes will be applied next time they start. Landscape lets you create scripts to automate routine work such as starting and stopping services and performing backups. It lets you use both common Ubuntu repositories and any custom repositories you may create for your own computers. Landscape is particularly adept at security updates; it can highlight newly available packages that involve security fixes so they can be applied quickly. You can use Landscape as a hosted service as part of Ubuntu Advantage, or run it on premises via Landscape Dedicated Server.
4601
5
4602
6
##Ubuntu Advantage
4603
7
Ubuntu Advantage comprises systems management tools, technical support, access to online resources and support engineers, training, and legal assurance to keep organizations on top of their Ubuntu server, desktop, and cloud deployments. Advantage provides subscriptions at various support levels to help organizations maintain the level of support they need.
4604
8
4605
9
##Concepts
4606
10
4607
11
###Tags
4608
12
4609
13
4610
14
Landscape lets you group multiple computers by applying tags to them.
4611
15
You can group computers using any set of characteristics; architecture
4612
16
and location might be two logical tagging schemes. Tag names may use any
4613
17
combination of letters, numbers, and dashes. Each computer can be
4614
18
associated with multiple tags. There is no menu choice for tags; rather,
4615
19
you can select multiple computers under the COMPUTERS menu and apply or
4616
20
remove one or more tags to all the ones you select on the INFO screen.
4617
21
If you want to specify more than one tag at a time for your selected
4618
22
computers, separate the tags by spaces.
4619
23
4620
24
###Packages
4621
25
4622
26
In Linux, a package is a group of related files for an application that
4623
27
make it easy to install, upgrade, and remove the application. You can
4624
28
manage packages from the PACKAGES menu under COMPUTERS.
4625
29
4626
30
###Repositories
4627
31
4628
32
Linux distributions like Ubuntu use repositories to hold packages you
4629
33
can install on managed computers. While Ubuntu has [several
4630
34
repositories](https://help.ubuntu.com/community/Repositories/Ubuntu/)
4631
35
that anyone can access, you can also maintain your own repositories on
4632
36
your network. This can be useful when you want to maintain packages with
4633
37
different versions from those in the community repositories, or if
4634
38
you've packages in-house software for installation. Landscape's [12.09
4635
39
release
4636
40
notes](https://help.landscape.canonical.com/LDS/ReleaseNotes12.09#Repository_Management)
4637
41
contain a quick tutorial about repository management.
4638
42
4639
43
###Upgrade profiles
4640
44
4641
45
An upgrade profile defines a schedule for the times when upgrades are to
4642
46
be automatically installed on the machines associated with a specific
4643
47
access group. You can associate zero or more computers with each upgrade
4644
48
profile via tags to install packages on those computers. You can also
4645
49
associate an upgrade profile with an access group, which limits its use
4646
50
to only computers within the specified access group. You can manage
4647
51
upgrade profiles from the UPGRADE PROFILES link in the PROFILES choice
4648
52
under your account.
4649
53
4650
54
###Package profiles
4651
55
4652
56
A package profile, or meta-package, comprises a set of one or more
4653
57
packages, including their dependencies and conflicts (generally called
4654
58
constraints), that you can manage as a group. Package profiles specify
4655
59
sets of packages that associated systems should always get, or never
4656
60
get. You can associate zero or more computers with each package profile
4657
61
via tags to install packages on those computers. You can also associate
4658
62
a package profile with an access group, which limits its use to only
4659
63
computers within the specified access group. You can manage package
4660
64
profiles from the Package Profiles link in the PROFILES menu under your
4661
65
account.
4662
66
4663
67
###Removal profiles
4664
68
4665
69
A removal profile defines a maximum number of days that a computer can
4666
70
go without exchanging data with the Landscape server before it is
4667
71
automatically removed. If more days pass than the profile's "Days
4668
72
without exchange", that computer will automatically be removed and the
4669
73
license seat it held will be released. This helps Landscape keep license
4670
74
seats open and ensure Landscape is not tracking stale or retired
4671
75
computer data for long periods of time. You can associate zero or more
4672
76
computers with each removal profile via tags to ensure those computers
4673
77
are governed by this removal profile. You can also associate a removal
4674
78
profile with an access group, which limits its use to only computers
4675
79
within the specified access group. You can manage removal profiles from
4676
80
the REMOVAL PROFILES link in the PROFILES choice under your account.
4677
81
4678
82
Scripts
4679
83
-------
4680
84
4681
85
Landscape lets you run scripts on the computers you manage in your
4682
86
account. The scripts may be in any language, as long as an interpreter
4683
87
for that language is present on the computers on which they are to run.
4684
88
You can maintain a library of scripts for common tasks. You can manage
4685
89
scripts from the STORED SCRIPTS menu under your account, and run them
4686
90
against computers from the SCRIPTS menu under COMPUTERS.
4687
91
4688
92
Administrators
4689
93
--------------
4690
94
4691
95
Administrators are people who are authorized to manage computers using
4692
96
Landscape. You can manage administrators from the ADMINISTRATORS menu
4693
97
under your account.
4694
98
4695
99
Access Groups
4696
100
-------------
4697
101
4698
102
Landscape lets administrators limit administrative rights on computers
4699
103
by assigning them to logical groupings called access groups. Each
4700
104
computer can be in only one access group. Typical access groups might be
4701
105
constucted around organizational units or departments, locations, or
4702
106
hardware architecture. You can manage access groups from the ACCESS
4703
107
GROUPS menu under your account; read about [how to create access
4704
108
groups](https://landscape.canonical.com/static/doc/user-guide/ch05.html#creatingaccessgroups "Creating access groups"),
4705
109
[add computers to access
4706
110
groups](https://landscape.canonical.com/static/doc/user-guide/ch05.html#addingtoaccessgroups "Adding computers to access groups"),
4707
111
and [associate administrators with access
4708
112
groups](https://landscape.canonical.com/static/doc/user-guide/ch05.html#associatingadmins "Associating roles with access groups").
4709
113
It is good policy to come up with and document a naming convention for
4710
114
access groups before you deploy Landscape, so that all administrators
4711
115
understand what constitutes an acceptable logical grouping for your
4712
116
organization.
4713
117
4714
118
Roles
4715
119
-----
4716
120
4717
121
For each access group, you can assign management privileges to
4718
122
administrators via the use of roles. Administrators may be associated
4719
123
with multiple roles, and roles may be associated with many access
4720
124
groups. You can manage roles from the ROLES menu under your account.
4721
125
4722
126
Alerts
4723
127
------
4724
128
4725
129
Landscape uses alerts to notify administrators of conditions that
4726
130
require attention. You can manage alerts from the ALERTS menu under your
4727
131
account.
4728
132
4729
133
Provisioning
4730
134
------------
4731
135
4732
136
Landscape lets you provision new computers starting with bare hardware -
4733
137
what Canonical calls metal as a service. With MAAS, you provision new
4734
138
hardware only as you need it, just as you would bring new cloud
4735
139
instances online. [The Ubuntu wiki explains how to set up
4736
140
MAAS](https://wiki.ubuntu.com/ServerTeam/MAAS/).
4737
141
4738
142
You can provision one or more new computers from the PROVISIONING menu
4739
143
under your account.
4740
144
4741
145
4742
146
##Managing Landscape
4743
147
------------------
4744
148
4745
149
4746
150
Prerequisites
4747
151
-------------
4748
152
4749
153
You can install Landscape Dedicated Server (LDS) on any server with a
4750
154
dual-core processor running at 2.0GHz or higher, at least 4GB of RAM,
4751
155
and 5GB of disk space. The operating system must be Ubuntu Server 12.04
4752
156
LTS x86\_64 or higher. You must also have PostgreSQL installed and
4753
157
network ports 80/tcp (http) and 443/tcp (https) open. You can optionally
4754
158
open port 22/tcp (ssh) as well for general server maintenance.
4755
159
4756
160
Installing
4757
161
----------
4758
162
4759
163
Refer to the [Recommended
4760
164
Deployment](https://help.landscape.canonical.com/LDS/RecommendedDeployment)
4761
165
guide in the Landscape wiki for all the information you need to install,
4762
166
configure, and start Landscape and the dependent services it relies on.
4763
167
4764
168
Upgrading Landscape
4765
169
-------------------
4766
170
4767
171
The process of upgrading an installed version of Landscape is
4768
172
[documented in the Landscape
4769
173
wiki](https://help.landscape.canonical.com/LDS/ReleaseNotes#Upgrading).
4770
174
4771
175
Backing up and restoring
4772
176
------------------------
4773
177
4774
178
Landscape uses several PostgreSQL databases and needs to keep them
4775
179
consistent. For example, if you remove a computer from Landscape
4776
180
management, more than one database needs to be updated. Running a
4777
181
utility like `pg_dumpall`{.code} won't guarantee the consistency of the
4778
182
backup, because while the dump process does lock all tables in the
4779
183
database being backed up, it doesn't care about other databases. The
4780
184
result will likely be an inconsistent backup.
4781
185
4782
186
Instead, you should perform hot backups by using write-ahead log files
4783
187
from PostgreSQL and/or filesystem snapshots in order to take a
4784
188
consistent image of all the databases at a given time, or, if you can
4785
189
afford some down time, run offline backups. To run offline backups,
4786
190
disable the Landscape service and run a normal backup with
4787
191
`pg_dump`{.code} or `pg_dumpall`{.code}. Offline backup can take just a
4788
192
few minutes for databases at smaller sites, or about half an hour for a
4789
193
database with several thousand computers. Bear in mind that Landscape
4790
194
can be deployed using several servers, so when you are taking the
4791
195
offline backup route, remember to disable all the Landscape services on
4792
196
all server machines. See the [PostgreSQL documentation on backup and
4793
197
restore](http://www.postgresql.org/docs/9.1/interactive/backup.html) for
4794
198
detailed instructions.
4795
199
4796
200
In addition to the Landscape databases, make sure you back up certain
4797
201
additional important files:
4798
202
4799
203
-   `/etc/landscape`{.filename}: configuration files and the LDS license
4800
204
4801
205
-   `/etc/default/landscape-server`{.filename}: file to configure which
4802
206
    services will start on this machine
4803
207
4804
208
-   `/var/lib/landscape/hash-id-databases`{.filename}: these files are
4805
209
    recreated by a weekly cron job, which can take several minutes to
4806
210
    run, so backing them up can save time
4807
211
4808
212
-   `/etc/apache2/sites-available/`{.filename}: the Landscape Apache
4809
213
    vhost configuration file, usually named after the fully qualified
4810
214
    domain name of the server
4811
215
4812
216
-   `/etc/ssl/certs/`{.filename}: the Landscape server X509 certificate
4813
217
4814
218
-   `/etc/ssl/private/`{.filename}: the Landscape server X509 key file
4815
219
4816
220
-   `/etc/ssl/certs/landscape_server_ca.crt`{.filename}: if in use, this
4817
221
    is the CA file for the internal CA used to issue the Landscape
4818
222
    server certificates
4819
223
4820
224
-   `/etc/postgresql/8.4/main/`{.filename}: PostgreSQL configuration
4821
225
    files - in particular, postgresql.conf for tuning and pg\_hba.conf
4822
226
    for access rules. These files may be in a separate host, dedicated
4823
227
    to the database. Use subdirectory 9.1 for PostgreSQL version 9.1,
4824
228
    etc.
4825
229
4826
230
-   `/var/log/landscape`{.filename}: all LDS log files
4827
231
4828
232
Log files
4829
233
---------
4830
234
4831
235
Landscape generates several log files in
4832
236
`/var/log/landscape`{.filename}:
4833
237
4834
238
-   `update-alerts`{.filename}: output of that cron job. Used to
4835
239
    determine which computers are offline
4836
240
4837
241
-   `process-alerts`{.filename}: output of that cron job. Used to
4838
242
    trigger alerts and send out alert email messages
4839
243
4840
244
-   `process-profiles`{.filename}: output of that cron job. Used to
4841
245
    process upgrade profiles
4842
246
4843
247
-   `sync_lds_releases`{.filename}: output of that cron job. Used to
4844
248
    check for new LDS releases
4845
249
4846
250
-   `maintenance`{.filename}: output of that cron job. Removes old
4847
251
    monitoring data and performs other maintenance tasks
4848
252
4849
253
-   `update_security_db`{.filename}: output of that cron job. Checks for
4850
254
    new Ubuntu Security Notices
4851
255
4852
256
-   `maas-poller`{.filename}: output of that cron job. Used to check the
4853
257
    status of MAAS tasks
4854
258
4855
259
-   `package-retirement`{.filename}: output of that (optional) cron job.
4856
260
    Moves unreferenced packages to another table in the database to
4857
261
    speed up package queries
4858
262
4859
263
-   `appserver-N`{.filename}: output of the application server N, where
4860
264
    N (here and below) is a number that distinguishes between multiple
4861
265
    instances that may be running
4862
266
4863
267
-   `appserver_access-N`{.filename}: access log for application server
4864
268
    N; the application server handles the web-based user interface
4865
269
4866
270
-   `message_server-N`{.filename}: output of message server N; the
4867
271
    message server handles communication between the clients and the
4868
272
    server
4869
273
4870
274
-   `message_server_access-N`{.filename}: access log for message server
4871
275
    N
4872
276
4873
277
-   `pingserver-N`{.filename}: output of pingserver N; the pingserver
4874
278
    tracks client heartbeats to watch for unresponsive clients
4875
279
4876
280
-   `pingtracker-N`{.filename}: complementary log for pingserver N
4877
281
    detailing how the algorithm is working
4878
282
4879
283
-   `async-frontend-N`{.filename}: log for async-frontend server N; the
4880
284
    async front end delivers AJAX-style content to the web user
4881
285
    interface
4882
286
4883
287
-   `api-N`{.filename}: log for API server N; the API services handles
4884
288
    requests from landscape-api clients
4885
289
4886
290
-   `combo-loader-N`{.filename}: log for combo-loader server N, which is
4887
291
    responsible for delivering CSS and JavaScript
4888
292
4889
293
-   `job-handler-N`{.filename}: log for job-handler server N; the job
4890
294
    handler service controls individual back-end tasks on the server
4891
295
4892
296
-   `package-upload-N`{.filename}: output of package-upload server N,
4893
297
    which is used in repository management for upload pockets, which are
4894
298
    repositories that hold packages that are uploaded to them by
4895
299
    authorized users
4896
300
4897
301
4898
302
4899
303
##Managing administrators
4900
304
4901
305
4902
306
Administrators are people who are authorized to manage computers using
4903
307
Landscape. You can manage administrators from the ADMINISTRATORS menu
4904
308
under your account.
4905
309
4906
310
**Figure 4.1.**
4907
311
4908
312
![image](./Chapter%A04.%A0Managing%20administrators_files/manageadmin1.png)
4909
313
4910
314
\
4911
315
On this page, the upper part of the screen shows a list of existing
4912
316
administrators and their email addresses. You may create as many as
4913
317
1,000 administrators, or as few as one. If you're running Landscape
4914
318
Dedicated Server, the first user you create automatically become an
4915
319
administrator of your account. If you're using the hosted version of
4916
320
Landscape, Canonical sends you an administrator invitation when your
4917
321
account is created. After that, you must create additional
4918
322
administrators yourself.
4919
323
4920
324
Inviting administrators
4921
325
-----------------------
4922
326
4923
327
You make someone an administrator by sending that person an invitation
4924
328
via email. On the administrator management page, specify the person's
4925
329
name and email address, and the administration role you wish the person
4926
330
to have. The choices that appear in the drop-down list are the roles
4927
331
defined under the ROLES menu. See the discussion of roles below.
4928
332
4929
333
When you have specified contact and role information, click on the
4930
334
Invite button to send an invitation. The message will go out from the
4931
335
email address you specified during Landscape setup.
4932
336
4933
337
Users who receive an invitation will see an HTML link in the email
4934
338
message. Clicking on the link takes them to a page where they are asked
4935
339
to log in to Landscape or create an Ubuntu Single Sign-on account. Once
4936
340
they do so, they gain the administrator privileges associated with the
4937
341
role to which they've been assigned.
4938
342
4939
343
It's worth noting that an administrator invitation is like a blank check
4940
344
- the first person who clicks on the link and submits information can
4941
345
become an administrator, even if it's not the person with the name and
4942
346
email address to which you sent the invitation. Therefore, take care to
4943
347
keep track of the status of administrator invitations.
4944
348
4945
349
Disabling administrators
4946
350
------------------------
4947
351
4948
352
To disable one or more administrators, tick the check boxes next to
4949
353
their names, then click on the Disable button. The adminstrator is
4950
354
permanently disabled and will no longer show up in Landscape. Though
4951
355
this operation cannot be reversed, you can send another invitation to
4952
356
the same email address.
4953
357
4954
358
Roles
4955
359
-----
4956
360
4957
361
A role is a set of permissions that determine what operations an
4958
362
administrator can perform. When you define a role, you also specify a
4959
363
set of one or more access groups to which the role applies.
4960
364
4961
365
Available permissions:
4962
366
4963
367
-   View computers
4964
368
4965
369
-   Manage computer
4966
370
4967
371
-   Add computers to an access group
4968
372
4969
373
-   Remove computers from an access group
4970
374
4971
375
-   Manage pending computers (In the hosted version of Landscape,
4972
376
    pending computers are clients that have been set up with the
4973
377
    landscape-config tool but have not yet been accepted or rejected by
4974
378
    an administrator. Landscape Dedicated Server never needs to have
4975
379
    pending computers once it is set up and has an account password
4976
380
    assigned.)
4977
381
4978
382
-   View scripts
4979
383
4980
384
-   Manage scripts
4981
385
4982
386
-   View upgrade profiles
4983
387
4984
388
-   Manage upgrade profiles
4985
389
4986
390
-   View package profiles
4987
391
4988
392
-   Manage package profiles
4989
393
4990
394
By specifying different permission levels and different access groups to
4991
395
which they apply, you can create roles and associate them with
4992
396
administrators to get a very granular level of control over sets of
4993
397
computers.
4994
398
4995
399
4996
400
4997
401
4998
402
##Access groups
4999
403
5000
404
Status:	Merged
Approved by:	Frank Mueller on 2014-04-16
Approved revision:	16
Merged at revision:	16
Proposed branch:	lp:~evilnick/clouddocs/reorg
Merge into:	lp:~jujudocs/clouddocs/trunk
Diff against target:	6235 lines (+3009/-3062) 31 files modified Admin/Appendix-Ceph-and-OpenStack.md (+229/-0) Admin/Backup-and-Recovery-Ceph.md (+107/-0) Admin/Backup-and-Recovery-Juju.md (+59/-0) Admin/Backup-and-Recovery-OpenStack.md (+131/-0) Admin/Logging-Juju.md (+24/-0) Admin/Logging-OpenStack.md (+92/-0) Admin/Logging.md (+15/-0) Admin/Scaling-Ceph.md (+36/-0) Admin/Upgrading-and-Patching-Juju.md (+45/-0) Admin/Upgrading-and-Patching-OpenStack.md (+83/-0) Appendix-Ceph-and-OpenStack.md (+0/-229) Backup-and-Recovery-Ceph.md (+0/-107) Backup-and-Recovery-Juju.md (+0/-59) Backup-and-Recovery-OpenStack.md (+0/-131) Install/Installing-Ceph.md (+56/-0) Install/Installing-MAAS.md (+467/-0) Install/Intro.md (+28/-0) Install/installing-openstack-outline.md (+395/-0) Install/landcsape.md (+909/-0) Installing-Ceph.md (+0/-56) Installing-MAAS.md (+0/-467) Intro.md (+0/-26) Logging-Juju.md (+0/-24) Logging-OpenStack.md (+0/-92) Logging.md (+0/-15) Scaling-Ceph.md (+0/-36) Upgrading-and-Patching-Juju.md (+0/-45) Upgrading-and-Patching-OpenStack.md (+0/-83) installing-openstack-outline.md (+0/-395) landcsape.md (+0/-1297) resources/templates/Template (+333/-0)
To merge this branch:	bzr merge lp:~evilnick/clouddocs/reorg
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
Frank Mueller		2014-04-15	Pending
Review via email: mp+215915@code.launchpad.net