{{tag>Openstack}}

= Notes VMWare OpenStack VIO - Configuration

Voir :
* https://docs.vmware.com/en/VMware-Integrated-OpenStack/6.0/integrated-openstack-60-install-config-guide.pdf
* https://docs.vmware.com/en/VMware-Integrated-OpenStack/6.0/integrated-openstack-60-administration-guide.pdf

Config :
* https://kb.vmware.com/s/article/77005

''/etc/keystone/keystone.conf''
<code ini>
[DEFAULT]                          
public_endpoint = https://192.168.51.61:5000/
admin_endpoint = https://192.168.51.61:35357/
member_role_name = _member_
list_limit = 500                                     
insecure_debug = False                               
debug = True                                
log_file = keystone.log
log_dir = /var/log/keystone
use_syslog = true
syslog_log_facility = LOG_LOCAL7      
default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.d
ogpile=INFO,dogpile.lock=INFO
           
[auth]
methods = password,token,saml2,openid,mapped

[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = 192.168.51.65:11211,192.168.51.66:11211

[database]
connection = CHANGEME
                                                                                                                                                                                             
[federation]
trusted_dashboard = https://192.168.21.53/auth/websso/
trusted_dashboard = https://192.168.51.61/auth/websso/

[fernet_tokens]
max_active_keys = 2

[identity]
domain_specific_drivers_enabled = true
domain_configurations_from_database = False

[oslo_policy]
policy_file = /etc/keystone/policy.yaml

[resource]
admin_project_domain_name = Default
admin_project_name = admin

[saml2]
remote_id_attribute = Shib-Identity-Provider

[token]
expiration = 7200
</code>


''/etc/keystone/domains/keystone.acme.conf''
<code ini>
[identity]
domain_configurations_from_database = False
driver = ldap
list_limit = 500

[ldap]
query_scope = sub
group_name_attribute = sAMAccountName
group_objectclass = group
user_mail_attribute = mail
user_enabled_attribute = userAccountControl
group_tree_dn = CN=Openstack,OU=Groupes,DC=acme,DC=local
chase_referrals = false
user_id_attribute = sAMAccountName
group_members_are_ids = true
group_member_attribute = memberUid
page_size = 100
use_tls = false
url = ldaps://ldap.acme.local:636
user_name_attribute = sAMAccountName
user = admin
user_objectclass = organizationalPerson
group_id_attribute = cn
user_filter = (memberOf=CN=Openstack,OU=Groupes,DC=acme,DC=local)
group_desc_attribute = description
user_tree_dn = DC=acme,DC=local
user_pass_attribute = userPassword
password = CHANGEME
</code>

''/etc/nova/nova.conf''
<code ini>
[DEFAULT]                                                                                                                                                                                     
log_dir = /var/log/nova                       
lock_path = /var/lock/nova                                                                                                 
state_path = /var/lib/nova    
                
[api_database]                             
connection = sqlite:////var/lib/nova/nova_api.sqlite                                                                                                            

[cells]
enable = False

[database]
connection = sqlite:////var/lib/nova/nova.sqlite

[placement]
os_region_name = openstack
</code>

''/etc/nova/nova-compute.conf''
<code ini>
[DEFAULT]                                                              
compute_driver = vmwareapi.VMwareVCDriver      
allow_resize_to_same_host = true              
remove_unused_original_minimum_age_seconds = 86400
cpu_allocation_ratio = 10                                                                                                                                                                                          
ram_allocation_ratio = 1.5                                                                                                                                                             
disk_allocation_ratio = 0.0                                                                                                                                                            
resume_guests_state_on_host_boot = true
max_concurrent_builds = 20
block_device_allocate_retries = 1800         
heal_instance_info_cache_interval = 120                      
block_device_allocate_retries_interval = 2               
force_config_drive = False
dhcpbridge_flagfile = /etc/nova/nova.conf                      
dhcpbridge = /usr/bin/nova-dhcpbridge
metadata_host = 192.168.51.61                         
dhcp_domain = novalocal                                                                                                                                                                
web = /usr/share/vmware-mks
state_path = /var/lib/nova
periodic_fuzzy_delay = 120
debug = True
verbose = True
log_dir = /var/log/nova
use_syslog = true
syslog_log_facility = LOG_LOCAL7
rpc_response_timeout = 120
sync_power_state_action = dbsync
use_hypervisor_stats = True

[api]
use_forwarded_for = true
compute_link_prefix = https://192.168.21.53:8774
glance_link_prefix = https://192.168.21.53:9292

[api_database]
connection = "CHANGEME"
max_pool_size = 50
max_overflow = 50

[cache]
enabled = false

[cinder]
endpoint_template = https://192.168.51.61:8776/v3/%(project_id)s
api_insecure = true

[conductor]
workers = 2

[database]
connection = "CHANGEME"
                                                                                                                                                                                   
[filter_scheduler]
max_io_ops_per_host = 8
max_instances_per_host = 50

[glance]
api_servers = https://192.168.51.61:9292

[keystone_authtoken]
memcached_servers = 192.168.51.65:11211,192.168.51.66:11211
auth_type = v3password
auth_url = https://192.168.51.61:35357/v3
project_name = service
username = nova
password = CHANGEME
project_domain_name = local
user_domain_name = local

[mks]
mksproxy_base_url = https://192.168.21.53:6090/vnc_auto.html
enabled = true

[neutron]
url = https://192.168.51.61:9696
service_metadata_proxy = true
metadata_proxy_shared_secret = CHANGEME
auth_type = v3password
auth_url = https://192.168.51.61:35357/v3
project_name = service
project_domain_name = local
username = neutron
user_domain_name = local
password = CHANGEME

[oslo_concurrency]
lock_path = /var/lock/nova

[oslo_messaging_rabbit]
rabbit_hosts = 192.168.51.62,192.168.51.63,192.168.51.64
rabbit_userid = test
rabbit_password = CHANGEME
rabbit_ha_queues = true

[oslo_messaging_zmq]
rpc_thread_pool_size = 100

[pci]
passthrough_whitelist = [{"vendor_id": "*", "product_id": "*"}]

[placement]
os_region_name = nova
os_interface = internal
auth_type = v3password
auth_url = https://192.168.51.61:35357/v3
project_name = service
project_domain_name = local
username = neutron
user_domain_name = local
password = CHANGEME

[oslo_concurrency]
lock_path = /var/lock/nova

[oslo_messaging_rabbit]
rabbit_hosts = 192.168.51.62,192.168.51.63,192.168.51.64
rabbit_userid = test
rabbit_password = CHANGEME
rabbit_ha_queues = true

[oslo_messaging_zmq]
rpc_thread_pool_size = 100

[pci]
passthrough_whitelist = [{"vendor_id": "*", "product_id": "*"}]

[placement]
os_region_name = nova
os_interface = internal
auth_type = v3password                                                                                                                                                                                             
auth_url = https://192.168.51.61:35357/v3
project_name = service
project_domain_name = local
username = placement
user_domain_name = local
password = CHANGEME

[vmware]
serial_port_service_uri = s1cb9is4rC66cr000791
serial_port_proxy_uri = telnets://192.168.51.71:13370#thumbprint=A9:CF:EC:E6:DD:00:6A:90:C4:F7:4B:83:11:C9:70:42:13:A9:08:36
serial_log_dir = /var/log/vspc
host_ip = 192.168.51.160
host_username = Administrator@vsphere.local
host_password = CHANGEME
insecure = True
cluster_name = Production
datastore_regex = production
vnc_port_total = 6500
use_linked_clone = True
cache_prefix = VIO_9a9c86dc379144d7a4f43919d9066315_b78814fd_domain-c34
store_image_dir = /images
snapshot_format = template
import_vm_enabled = True
import_vm_relocate = True
tenant_vdc = False
passthrough = False

[vnc]
enabled = False
vncserver_proxyclient_address = 192.168.51.160
novncproxy_base_url = https://192.168.21.53:6080/vnc_auto.html

[wsgi]
api_paste_config = /etc/nova/api-paste.ini
</code>

''javascript /etc/glance/policy.json''
<code javascript>
{
    "context_is_admin":  "role:admin",
    "default": "role:admin",

    "add_image": "",
    "delete_image": "",
    "get_image": "",
    "get_images": "",
    "modify_image": "",
    "publicize_image": "role:admin",
    "communitize_image": "",
    "copy_from": "",

    "download_image": "",
    "upload_image": "",

    "delete_image_location": "",
    "get_image_location": "",
    "set_image_location": "",

    "add_member": "",
    "delete_member": "",
    "get_member": "",
    "get_members": "",
    "modify_member": "",

    "manage_image_cache": "role:admin",

    "get_task": "",
    "get_tasks": "",
    "add_task": "",
    "modify_task": "",

    "deactivate": "",
    "reactivate": "",

    "get_metadef_namespace": "",
    "get_metadef_namespaces":"",
    "modify_metadef_namespace":"",
    "add_metadef_namespace":"",

    "get_metadef_object":"",
    "get_metadef_objects":"",
    "modify_metadef_object":"",
    "add_metadef_object":"",

    "list_metadef_resource_types":"",
    "get_metadef_resource_type":"",
    "add_metadef_resource_type_association":"",

    "get_metadef_property":"",
    "get_metadef_properties":"",
    "modify_metadef_property":"",
    "add_metadef_property":"",

    "get_metadef_tag":"",
    "get_metadef_tags":"",
    "modify_metadef_tag":"",
    "add_metadef_tag":"",
    "add_metadef_tags":"" 
}
</code>

Console FR 
''/?locale=fr_FR'' \\
Voir https://kb.vmware.com/s/article/1016403