Staff / Settings / OpenStack¶
To connect Fleio to OpenStack you need to configure CREDENTIALS, NOTIFICATIONS, and possibly DEFAULTS.
CREDENTIALS¶
See how to obtain your cloud’s OpenStack credentials, and fill in the fields as described below.
Keystone auth URL - the OpenStack API URL for the Keystone service. Only Keystone version 3 is supported.
Administrator username - OpenStack admin username. Fleio requires full administrator credentials.
Password - OpenStack admin password.
Administrator project ID - admin project ID. This in a UUID, e.g., b36c5c45d0824b7f92c9545d114c3485, and it is used for the OpenStack admin user authentication.
Administrator domain ID - default OpenStack authentication domain. This is usually domain.
Default API interface - select the type of API to use when connecting to OpenStack.
When Verify API SSL certificates is checked, connection to OpenStack fails if the SSL certificate is not valid.
Press the TEST CONNECTION button to confirm that authentication details are correct and Fleio can successfully connect to OpenStack.
To download an openrc
file which can be used for the openstack
command line client, press GET OPENRC FILE.
For security reasons, the password is not included in the file.
To save the credentials and initiate a sync process, press SAVE & SYNC.
NOTIFICATIONS¶
Before filling in the fields from the NOTIFICATIONS tab, make sure:
you have enabled OpenStack notifications and
you have decided on and configured one of the notifications setup option.
Important
Test connections button from the Notifications tab does not confirm that RabbitMQ messages are received by Fleio. This only confirms that Fleio can connect and authenticate to the provided RabbitMQ URL(s). The test if notifications are working, please see How to check if OpenStack notifications are working.
Warning
Notification pool name must be unique per RabbitMQ vhost. If you have two Fleio installations that use the same pool name, some notifications are be lost.
Region notification settings¶
Fleio can be configured to fetch notifications from multiple RabbitMQ servers. If you have multiple OpenStack regions each with its own RabbitMQ you should configure Fleio to connect to each region.
For each region you can configure one or more RabbitMQ URLs. When Fleio receives a notification it assigns the region associated with that URL to the notification.
Multiple regions region is a special case added for compatibility. See Fleio collector documentation below.
Forwarding RabbitMQ messages¶
For Fleio to connect directly to the internal RabbitMQ server from each OpenStack region, it needs access to the private OpenStack subnet and this may pose a security issue.
This can be avoided if you have an intermediary RabbitMQ installation and forward messages to it. Fleio can than connect to this intermediary RabbitMQ installation and no longer needs access to private OpenStack subnet. RabbitMQ Shovel plugin (see https://www.rabbitmq.com/shovel.html) can be used to accomplish this.
If you have a multi-region OpenStack setup, and you are using only one intermediary RabbitMQ installation then you need to forward messages from each region to a separate virtual host in this intermediary RabbitMQ installation and add separate region notification settings for each virtual host in Fleio.
Fleio collector¶
Warning
Deprecated since version 2023.09: Fleio collector is deprecated and will be removed in the following months. Use Option B: RabbitMQ Shovel and intermediary RabbitMQ instead.
Fleio collector is deprecated and will not receive updates anymore. If you still use Fleio collector you should select
Multiple regions when adding new region configuration. When this setting is used Fleio looks for fleio_region
field in the message context to determine the region. The fleio_region
field is populated by Fleio collector.
See Fleio collector for more details.
DEFAULTS¶
Various default settings are available in this tab.
API timeout defines the number of seconds to wait for OpenStack API to reply.
Gnocchi resource types timeout - How many seconds to wait for Gnocchi resource types API to reply.
When Fleio automatically creates a project on end-user sign-up, the OpenStack admin user is added to this project with the Default role names. For security reasons, when the end-user performs an action, like OpenStack instance create, admin authenticates on the end-user project. This is why admin has to have the necessary roles on each OpenStack project that is associated with a Fleio service. It is important to use a normal roles without administrative privileges. In most OpenStack installations the default roles are _member_ and/or member.
Field Default region name defines the default region to use when Fleio connects to the OpenStack API when the API call is not specific to a particular region.
Projects default domain is the domain where all new OpenStack projects are created. default domain is usually present in all OpenStack installations. Note that this is the domain ID, not its name.
Fields New projects name template and New projects description template are template strings used when projects are automatically created when a new client is created (through end-user sign-up or by staff users). Note that the project name has to be unique, otherwise OpenStack project creation fails.
Force config drive for instance creation - when Fleio creates a compute instance, config_drive
param is always
sent as True
to Nova.
Auto allocated topology
When Hide projects and API users is checked, the list of projects (specified by project ID) are hidden from the Fleio UI together with the API users of these projects. The Administrator project ID specified in CREDENTIALS tab is automatically hidden.
When Use API username template is checked, you can define a template string in field API username template that is used when end-users create OpenStack API users. {{ api_user_username }} variable is the string filled in by the end-user.
When Hide images in other flavors’ scope on instance create is checked, images that are assigned to other flavors and are unavailable to be used with the selected flavor are hidden on the instance create form. Unchecking this, they would show as disabled with an explanation tooltip. If Hide unassigned images on instance create is checked, this field is ignored.
When Hide unassigned images on instance create is checked, unassigned images for a flavor are hidden on instance create form. Flavors without any assignment still display all images. When this is unchecked, other images show up on boot source selection if they are not assigned to other flavor than the selected one.
When Use instance availability zone for volume on instance create is checked, Availability zone field is hidden from volume create form and the instance availability zone (AZ) is used. If AZ name is not found in cinder, it is automatically selected by OpenStack.
Default PTR settings¶
Fleio can set a default PTR record value (also known reverse DNS) to an IP address when the IP it is added or removed from an instance, including when the compute instance is created and an initial IP is allocated. This is useful when the previous user of the IP address has set a custom PTR and you want to reset it to a default value when the IP is assigned to another user. This feature requires that you have OpenStack Designate project installed.
Use PTR default format to set PTR record on IPv4s allocation/de-allocation. Leave empty so it won’t change PTR record on mentioned actions. You can use the following template examples: “{dashed_ip}.static.yourclouddomain.com”, “{dashed_ip}.{region}.static.yourclouddomain.com”.
Use PTR default format IPv6 to set PTR record on IPv6s allocation/de-allocation. Leave empty so it won’t change PTR record on mentioned actions. You can use the following template examples: “{dashed_ip}.static.yourclouddomain.com”, “{dashed_ip}.{region}.static.yourclouddomain.com”.
{dashed_ip}
will be replaced with the actual IP address using dashes instead of dot, e.g., 127-0-0.1
and region
with the related port region.
The Inverse address zone email field must be set if you are using PTR default format setting, and will be used when creating the DNS zone.
Check Force lowercase for PTR records to make sure to always use lowercase characters when setting PTR record.
VOLUME SIZE INCREMENTS¶
Using this form, you can define a minimum size and allowed size steps for each type of volume from each region. The default value is 1 GB for every volume type.
Field <<type>> size increments defines the step size that may be used when extending or shrinking a volume. For example, some storage types allow a minimum of 8GB when increasing or decreasing the available space. The default value is 1 GB for every volume type.
<<type>> minimum size value is enforced when creating a volume. The value should be greater than zero and a multiple of volume <<type>> size increment.
Note
OpenStack automatically rounds up the volume size if invalid values are provided.
These limits only apply in Fleio. If an end-user creates or resizes a volume directly using the OpenStack API, these limits are ignored.
DISCOVERED SERVICES¶
The DISCOVERED SERVICES tab lists all discovered services grouped by region and weather they are supported by Fleio along with minimum and maximum supported version. If an OpenStack service is not found (e.g., load-balancer) or if the service version is not supported, a red exclamation mark is shown next to the service.
Note
To learn how to connect Fleio to your OpenStack cloud, see Connect Fleio to OpenStack.
ADVANCED¶
We call “ghost (billing) resources” OpenStack resources that were deleted from OpenStack and are still (wrongly) charged by Fleio. Ghost billing resources are left in the Fleio database when something went wrong, e.g. notification was not received from OpenStack, or it was wrongly processed by the “updated” Fleio container.
If you check End ghost usage on sync, fleio sync
script checks for ghost billing resources after syncing the
list of OpenStack objects (e.g. volumes). To avoid concurrency issues, on the first sync run, they are marked as
potential ghost billing resources, and on a subsequent run they are ended (the billing end timestamp is set to “now”).
This means that you must run “fleio sync” twice to end billing ghost resources after checking End ghost usage on
sync.