Connect Fleio to OpenStack¶
Note
This page only applies for Fleio OpenStack Edition or Fleio Full Edition.
To connect Fleio to your OpenStack installation, go to your staff panel, e.g., http://mydomain/staff
, Settings
menu group, OpenStack menu option and fill in the field on tabs CREDENTIALS, NOTIFICATIONS,
and DEFAULTS.
Below are the steps to obtain the necessary values from your OpenStack cloud. For documentation on Fleio OpenStack settings user interface, see Staff / Settings / OpenStack.
OpenStack credentials¶
Find the required setting fields by running commands on your OpenStack controller, or by checking at the configuration of each service: Nova, Glance, Neutron, Cinder.
Credentials¶
Warning
Fleio requires an OpenStack admin user with full access to the entire cloud and to all operations.
See below how to obtain the OpenStack API authentication details for the admin user and fill the values on the OpenStack settings CREDENTIALS tab.
Keystone auth URL¶
OpenStack provides endpoints for different services. To obtain the Keystone API endpoint URL, connect to your OpenStack controller and run the following command.
openstack endpoint list --service identity -c Interface -c URL
+-----------+------------------------------+
| Interface | URL |
+-----------+------------------------------+
| admin | http://172.29.236.2:35357/v3 |
| public | http://172.29.236.2:5000/v3 |
| internal | http://172.29.236.2:5000/v3 |
+-----------+------------------------------+
Copy the public interface URL. In the example above, it’s http://172.29.236.2:5000/v3
.
Administrator username¶
The OpenStack administrator username is usually admin
. You can check this in your openrc
or adminrc
file:
grep OS_USERNAME openrc
export OS_USERNAME=admin
Administrator password¶
Retrieve the administrator password from the openrc
or adminrc
file:
grep OS_PASSWORD openrc
export OS_PASSWORD=OpenStackPassword
In the example above, the admin password is OpenStackPassword
.
Administrator project ID¶
To find the admin
project ID, run the following command on your controller:
openstack project list | grep admin
| 986c6adb50f2419c8feb034217ddc6eb | admin |
In this case, the admin
project ID is 986c6adb50f2419c8feb034217ddc6eb
.
Administrator domain ID¶
In most OpenStack installations the user domain ID is default
but it may be different in your case. Run the
following command on the controller:
openstack domain list -c ID -c Name
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 969ed4676ebd4eb1801f175ad42a91c0 | heat |
| default | Default |
+----------------------------------+---------+
In this example, the default domain ID is default
.
OpenStack notifications setup options¶
Note
Before continuing, make sure you have enabled OpenStack notifications.
Fleio keeps track of OpenStack resources by receiving notifications from OpenStack services like Nova, Glance, Cinder and Neutron. Without notifications, Fleio is unable to display accurate information related to running instances, available volumes, images or networks. Each OpenStack installation has at least one messaging broker. This is usually the RabbitMQ broker, however, ZeroMQ and other brokers are supported.
There are three ways to configure Fleio to receive the OpenStack notifications.
Option A: Fleio connects directly to OpenStack RabbitMQ¶
This is the simplest deployment method.
Since Fleio connects directly to the OpenStack RabbitMQ, you need to create a RabbitMQ user for Fleio in each region.
For Fleio to connect directly to the internal RabbitMQ server from each OpenStack region, it needs access to the private OpenStack subnet and this may pose a security issue. To overcome this disadvantage, just use RabbitMQ Shovel as described below.
Option B: RabbitMQ Shovel and intermediary RabbitMQ¶
Install an additional RabbitMQ server, let’s call this “intermediary RabbitMQ”. It may be installed on the same machine with Fleio or, in any case, on a subnet to which Fleio has access.
On each OpenStack RabbitMQ server, configure the RabbitMQ Shovel plugin.
Configure the Shovel plugins to forward notifications to the intermediary RabbitMQ, making sure that you differentiate between regions using a different vhost.
Then configure Fleio NOTIFICATIONS to connect to the intermediary RabbitMQ, pairing each notification URL with its corresponding region.
Option C: fleio-collector and intermediary RabbitMQ¶
Warning
Deprecated since version 2023.09: Fleio collector is deprecated and will be removed in the future. Use Option B: RabbitMQ Shovel and intermediary RabbitMQ instead.
Install an additional RabbitMQ server, let’s call this “intermediary RabbitMQ”. It may be installed on the same machine with Fleio or, in any case, on a subnet to which Fleio has access.
In each OpenStack region, install and configure the Fleio collector. The Fleio collector adds a “region” field to each notification received from OpenStack and forwards it to the intermediary RabbitMQ. All Fleio collectors forward notifications to the same URL/vhost, same exchange, and the same topic on the intermediary RabbitMQ.
Then configure Fleio NOTIFICATIONS to connect to the intermediary RabbitMQ, selecting Multiple regions in the Region field from ADD REGION SETTINGS dialog.
Notification UI fields¶
Notifications URLs¶
Fleio needs one or more URLs to be able to connect to the OpenStack messaging queue service (usually RabbitMQ) in order to listen for events from OpenStack services like Nova, Neutron, Glance or Cinder.
For security reasons is better to create a different username. If you already have a username and password please specify a complete URL in this field having the accepted URI format.
As an example, for RabbitMQ, you can enter multiple URLs of the form: rabbit://username:password@rabbitmqHost/
Multiple URLs are usually required if you have multiple messaging queue servers for each service or multiple virtual hosts. Our demo setup has multiple virtual hosts for each service, and we should configure the following URLs in Region notification settings:
rabbit://username:password@rabbitmqHost//nova
rabbit://username:password@rabbitmqHost//neutron
rabbit://username:password@rabbitmqHost//glance
rabbit://username:password@rabbitmqHost//cinder
Note
If all your OpenStack services are using the same RabbitMQ queue (so, single URL in Fleio settings) or multiple queues (multiple URls needed in your Fleio settings), depends on the OpenStack installation method.
If you are using RabbitMQ messages forwarding you can have just one notification URL.
If you want to create a new user and password (in RabbitMQ) please run the following command on your controller or on your message queue service server.
rabbitmqctl add_user fleio TYPEPASSWORD
We also have to set up permission for username fleio
for different hosts that your Nova, Neutron, Glance,
Cinder services may be configured.
rabbitmqctl list_vhosts
Listing vhosts ...
/neutron
/heat
/keystone
/
/cinder
/nova
/glance
/ceilometer
rabbitmqctl set_permissions fleio -p /neutron ".*" ".*" ".*" #repeat for every vhost
Notifications topic¶
The default value for the notifications topic is notifications
. Each openstack service sends notifications to this
topic.
Warning
Deprecated since version 2023.09.1: Fleio collector is deprecated and will be removed in the future.
If we installed the fleio-collector service (usually in a multi-region setup) we should use the topic where the Fleio collectors services send the notifications.
For fleio-collector, fleio
is the default topic. We can also enter multiple values separated by a single ,
character. For example, we can input: notifications, fleio
as a valid value.
Notifications exchange¶
Each OpenStack service uses an exchange. The default value is:
cinder,glance,keystone,neutron,nova,openstack,magnum,trove
. Multiple exchange names may be filled in, as shown
above, separated by a comma (,
).
Notifications pool name¶
Warning
Notification pool name must be unique per RabbitMQ vhost. If you have two Fleio installations that use the same pool name, some notifications are be lost.
Fleio can listen for notifications on the notifications
topic directly. However, when Ceilometer is installed,
Ceilometer also listens on the notifications
topic. What this means is that messages will be split between
Ceilometer and Fleio. None of the services will receive all the notifications. Specifying a pool name will ensure that
all notifications are received by Fleio. In our setup, we will use: fleio-pool
.