Ansible references some files that contain mandatory and optional configuration directives. Before you can run the Ansible playbooks, modify these files to define the target environment. Configuration tasks include:
OpenStack-Ansible (OSA) depends on various files that are used to build an inventory for Ansible. Perform the following configuration on the deployment host.
Copy the contents of the
/opt/openstack-ansible/etc/openstack_deploy
directory to the
/etc/openstack_deploy
directory.
Change to the /etc/openstack_deploy
directory.
Copy the openstack_user_config.yml.example
file to
/etc/openstack_deploy/openstack_user_config.yml
.
Review the openstack_user_config.yml
file and make changes
to the deployment of your OpenStack environment.
Note
This file is heavily commented with details about the various options. See our User Guide and Reference Guide for more details.
The configuration in the openstack_user_config.yml
file defines which hosts
run the containers and services deployed by OpenStack-Ansible. For
example, hosts listed in the shared-infra_hosts
section run containers for
many of the shared services that your OpenStack environment requires. Some of
these services include databases, Memcached, and RabbitMQ. Several other
host types contain other types of containers, and all of these are listed
in the openstack_user_config.yml
file.
Some services, such as glance, heat, horizon and nova-infra, are not listed individually in the example file as they are contained in the os-infra hosts. You can specify image-hosts or dashboard-hosts if you want to scale out in a specific manner.
For examples, please see our User Guides
For details about how the inventory is generated, from the environment configuration and the variable precedence, see our Reference Guide under the inventory section.
To install additional services, the files in
etc/openstack_deploy/conf.d
provide examples showing
the correct host groups to use. To add another service, add the host group,
allocate hosts to it, and then execute the playbooks.
OpenStack-Ansible has many options that you can use for the advanced configuration of services. Each role’s documentation provides information about the available options.
Important
This step is essential to tailoring OpenStack-Ansible to your needs and is generally overlooked by new deployers. Have a look at each role documentation, user guides, and reference if you want a tailor made cloud.
Configure credentials for each service in the
/etc/openstack_deploy/*_secrets.yml
files. Consider using the
Ansible Vault feature to
increase security by encrypting any files that contain credentials.
Adjust permissions on these files to restrict access by nonprivileged users.
The keystone_auth_admin_password
option configures the admin
tenant
password for both the OpenStack API and Dashboard access.
We recommend that you use the pw-token-gen.py
script to generate random
values for the variables in each file that contains service credentials:
# cd /opt/openstack-ansible
# ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
To regenerate existing passwords, add the --regen
flag.
Warning
The playbooks do not currently manage changing passwords in an existing environment. Changing passwords and rerunning the playbooks will fail and might break your OpenStack environment.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.