Setup Fleio

Open http://mydomain/staff and login with your admin user and password created earlier.

Connect Fleio to OpenStack

All parameters that you need to define in Fleio in order to connect with your OpenStack controller are described below. We will guide you on how to find the required fields by running commands on your currently running OpenStack controller and also by looking at the configuration of each service, nova, glance, neutron, cinder.

Open the configuration panel by clicking on Settings and then OpenStack Settings.

Credentials

The Credentials settings are required in order to connect to OpenStack as an administrator. These credentials are used by Fleio to setup new projects and perform administrative tasks.

Fleio requires an OpenStack admin user with full access to the entire cloud and to all operations.

Keystone auth URL

OpenStack provides endpoints for different services but we are interested in this section for the endpoint of the identity service (Keystone). Connect to your OpenStack controller and run the following command.

openstack endpoint list # retrieves the entire list of endpoints (URLs) for all services
openstack endpoint list --service identity -c Interface -c URL
+-----------+------------------------------+
| Interface | URL                          |
+-----------+------------------------------+
| admin     | http://172.29.236.2:35357/v3 |
| public    | http://172.29.236.2:5000/v3  |
| internal  | http://172.29.236.2:5000/v3  |
+-----------+------------------------------+

Alternative, if your OpenStack client is too old, you can use the python-keystoneclient’s keystone endpoint-list command.

In our case we are going to use the public interface and we will specify in the Keystone auth URL field the value http://172.29.236.2:5000/v3

Administrator username

Administrator username field is the administrator username that you use in your environment, usually this is admin. This can be found by looking at the openrc or adminrc file, usually generated when installing OpenStack.

grep OS_USERNAME openrc
export OS_USERNAME=admin

We will specify in this field the value admin.

Administrator password

In the Administrator password field type the password for the administrator username that we specified earlier. This can be found by looking at the openrc or adminrc file.

grep OS_PASSWORD openrc
export OS_PASSWORD=OpenStackPassword

We will specify in this field the found value OpenStackPassword.

Administrator project ID

In username field, we have specified the admin as value. In this field we need to specify the value of the project ID in which this username has an administrative role. To find out the value, please run the following command on your controller.

openstack project list | grep admin
| 986c6adb50f2419c8feb034217ddc6eb | admin                          |

We will specify in this field the value 986c6adb50f2419c8feb034217ddc6eb.

Administrator domain ID

In most OpenStack installations the user domain ID is default but it may be different in your case. On the controller, run the following command:

openstack domain list -c ID -c Name
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 969ed4676ebd4eb1801f175ad42a91c0 | heat    |
| default                          | Default |
+----------------------------------+---------+

We will specify in this field the ID value: default.

Verify API SSL certificates

Fleio has the ability to verify SSL certificates validity by using the certifi Python library which contains the Mozilla CA Bundle. Certificate validation will work out ok if all endpoints are hosts (unlike in our example) with valid SSL certificates setup. If you setup SSL certificates and would like also to check their validity, check this option.

Notifications

Fleio keeps track of OpenStack resources by receiving notifications from OpenStack services like Nova, Glance, Cinder and Neutron. Without notifications Fleio is unable to display accurate information related to running instances, available volumes, images or networks. Each OpenStack installation has at least one messaging broker. This is usually the RabbitMQ broker, however, ZeroMQ and other brokers are supported.

Notifications URLs

Fleio needs one or more URLs to be able to connect to the OpenStack messaging queue service (usually RabbitMQ) in order to listen for events from services like nova, neutron, glance and cinder. For security reasons is better to create a different username. If you already have a username and password please specify a complete URL in this field having the accepted URI format. As an example, for RabbitMQ, you can enter multiple URLs of the form: rabbit://username:password@rabbitmqHost/ Multiple URLs are usually required if you have multiple messaging queue servers for each service or multiple virtual hosts. Our demo setup has multiple virtual hosts for each services so we should enter the following URLs:

rabbit://username:password@rabbitmqHost//nova rabbit://username:password@rabbitmqHost//neutron rabbit://username:password@rabbitmqHost//glance rabbit://username:password@rabbitmqHost//cinder

Please note that each URL should be specified one per line without , or other characters at the end.

If you want to create a new user and password (in RabbitMQ) please run the following command on your controller or on your message queue service server.

rabbitmqctl add_user fleio TYPEPASSWORD

We also have to set up permission for username fleio for different hosts that your Nova, Neutron, Glance, Cinder services may be configured.

rabbitmqctl list_vhosts
Listing vhosts ...
/neutron
/heat
/keystone
/
/cinder
/nova
/glance
/ceilometer

rabbitmqctl set_permissions fleio -p /neutron ".*" ".*" ".*" #repeat for every vhost

Notifications topic

The default value for the notifications topic is notifications. Each openstack service sends notifications to this topic. If we installed the fleio-collector service (usually in a multi region setup) we should use the topic where the Fleio collectors services send the notifications. For fleio-collector, fleio is the default topic. We can also enter multiple values separated by a single , character. For example, we can input: notifications, fleio as a valid value.

Notifications exchange

Each OpenStack service uses an exchange. The default value is: nova, openstack, neutron, glance Do note that Cinder is using openstack as an exchange name, unlike the other services. Multiple exchange names can be entered, as shown above, each separated by ,

Notifications pool name

Fleio can listen for notifications on the notifications topic directly. However, when Ceilometer is installed, Ceilometer also listens on the notifications topic. What this means is that messages will be split between Ceilometer and Fleio. None of the services will receive all the notifications. Specifying a pool name will ensure that all notifications are received by Fleio. In our setup, we will use: fleio-pool

Defaults

Various other uncategorized settings are listed below. These do not usually require modifications but you can modify them as you wish.

Default role name

The default role is used for authentication in OpenStack when a user performs an action like creating an instance or deleting a volume. It is important to use a normal role without administrative privileges.

In most OpenStack installations the default role is _member_. Using the openstack client run the following command to see all the available roles:

openstack role list
+----------------------------------+------------------+
| ID                               | Name             |
+----------------------------------+------------------+
| 1641b1f3053b4d7a8bbc71be1c641695 | admin            |
| 6a347bea8f234052813d651d4f82681b | heat_stack_owner |
| 72fc4df09618461d9d31837b4e96f2a4 | heat_stack_user  |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_         |
+----------------------------------+------------------+

If the _member_ role is not present, you can simply create it with the following command:

openstack role create _member_

We will use the value _member_ for our Fleio configuration.

Default region name

In this section we are going to set up the default region where all your virtual servers are going to be provisioned by default. To find out the name of all regions, run the following command:

openstack endpoint list -c Region
+-----------+
| Region    |
+-----------+
| RegionOne |
+-----------+

We will specify in this field the value RegionOne.

Projects default domain

The OpenStack domain where all projects will be automatically created. We recommend using the default project since it’s usually present in all OpenStack installations, Do note that this is the domain ID, not it’s name

openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID                               | Name    | Enabled | Description        |
+----------------------------------+---------+---------+--------------------+
| default                          | Default | True    | The default domain |
+----------------------------------+---------+---------+--------------------+

Force config drive for instance creation

When an instance gets created from Fleio, config_drive param is always sent as True to nova.

Hide projects and API users

Checking this will hide all projects specified by IDs. The administrator project ID specified in credentials tabs will be automatically included in this list. API users for these projects will be also hidden

Prefix API users with username

Checking this will prefix OpenStack API users with currently logged in Fleio user name. This will only apply for end-user, API users created by staff will not be prefixed