========================== Connect Fleio to OpenStack ========================== .. note:: This page only applies for Fleio OpenStack Edition or Fleio Full Edition. .. contents:: :local: :backlinks: none To connect Fleio to your OpenStack installation, go to your staff panel, e.g., ``http://mydomain/staff``, **Settings** menu group, **OpenStack** menu option and fill in the field on tabs **CREDENTIALS**, **NOTIFICATIONS**, and **DEFAULTS**. Below are the steps to obtain the necessary values from your OpenStack cloud. For documentation on Fleio OpenStack settings user interface, see :ref:`openstack-settings`. OpenStack credentials ===================== Find the required setting fields by running commands on your OpenStack controller, or by checking at the configuration of each service: Nova, Glance, Neutron, Cinder. .. _obtain-openstack-credentials: Credentials ----------- .. warning:: Fleio requires an OpenStack admin user with full access to the entire cloud and to all operations. See below how to obtain the OpenStack API authentication details for the admin user and fill the values on the OpenStack settings :ref:`CREDENTIALS tab`. Keystone auth URL ----------------- OpenStack provides endpoints for different services. To obtain the Keystone API endpoint URL, connect to your OpenStack controller and run the following command. .. code-block:: bash :emphasize-lines: 6 openstack endpoint list --service identity -c Interface -c URL +-----------+------------------------------+ | Interface | URL | +-----------+------------------------------+ | admin | http://172.29.236.2:35357/v3 | | public | http://172.29.236.2:5000/v3 | | internal | http://172.29.236.2:5000/v3 | +-----------+------------------------------+ Copy the public interface URL. In the example above, it's ``http://172.29.236.2:5000/v3``. Administrator username ---------------------- The OpenStack administrator username is usually ``admin``. You can check this in your ``openrc`` or ``adminrc`` file: .. code-block:: bash :emphasize-lines: 2 grep OS_USERNAME openrc export OS_USERNAME=admin Administrator password ---------------------- Retrieve the administrator password from the ``openrc`` or ``adminrc`` file: .. code-block:: bash :emphasize-lines: 2 grep OS_PASSWORD openrc export OS_PASSWORD=OpenStackPassword In the example above, the admin password is ``OpenStackPassword``. Administrator project ID ------------------------ To find the ``admin`` project ID, run the following command on your controller: .. code-block:: bash :emphasize-lines: 1,2 openstack project list | grep admin | 986c6adb50f2419c8feb034217ddc6eb | admin | In this case, the ``admin`` project ID is ``986c6adb50f2419c8feb034217ddc6eb``. Administrator domain ID ----------------------- In most OpenStack installations the user domain ID is ``default`` but it may be different in your case. Run the following command on the controller: .. code-block:: bash :emphasize-lines: 1,6 openstack domain list -c ID -c Name +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 969ed4676ebd4eb1801f175ad42a91c0 | heat | | default | Default | +----------------------------------+---------+ In this example, the default domain ID is ``default``. .. _notifications-setup: OpenStack notifications setup options ===================================== .. note:: Before continuing, make sure you have :ref:`enabled OpenStack notifications`. Fleio keeps track of OpenStack resources by receiving notifications from OpenStack services like Nova, Glance, Cinder and Neutron. Without notifications, Fleio is unable to display accurate information related to running instances, available volumes, images or networks. Each OpenStack installation has at least one messaging broker. This is usually the RabbitMQ broker, however, ZeroMQ and other brokers are supported. There are three ways to configure Fleio to receive the OpenStack notifications. Option A: Fleio connects directly to OpenStack RabbitMQ ------------------------------------------------------- This is the simplest deployment method. Since Fleio connects directly to the OpenStack RabbitMQ, you need to :ref:`create a RabbitMQ user` for Fleio in each region. For Fleio to connect directly to the internal RabbitMQ server from each OpenStack region, it needs access to the private OpenStack subnet and this may pose a security issue. To overcome this disadvantage, just use RabbitMQ Shovel as described below. .. _shovel-notifications: Option B: RabbitMQ Shovel and intermediary RabbitMQ --------------------------------------------------- Install an additional RabbitMQ server, let's call this "intermediary RabbitMQ". It may be installed on the same machine with Fleio or, in any case, on a subnet to which Fleio has access. On each OpenStack RabbitMQ server, configure the `RabbitMQ Shovel plugin `_. Configure the Shovel plugins to forward notifications to the intermediary RabbitMQ, making sure that you differentiate between regions using a different *vhost*. Then :ref:`configure Fleio NOTIFICATIONS` to connect to the intermediary RabbitMQ, pairing each notification URL with its corresponding region. Option C: fleio-collector and intermediary RabbitMQ --------------------------------------------------- .. warning:: .. deprecated:: 2023.09 Fleio collector is deprecated and will be removed in the future. Use :ref:`shovel-notifications` instead. Install an additional RabbitMQ server, let's call this "intermediary RabbitMQ". It may be installed on the same machine with Fleio or, in any case, on a subnet to which Fleio has access. In each OpenStack region, install and configure the :ref:`fleio-collector`. The Fleio collector adds a "region" field to each notification received from OpenStack and forwards it to the intermediary RabbitMQ. All Fleio collectors forward notifications to the same *URL*/*vhost*, same *exchange*, and the same *topic* on the intermediary RabbitMQ. Then :ref:`configure Fleio NOTIFICATIONS` to connect to the intermediary RabbitMQ, selecting **Multiple regions** in the **Region** field from **ADD REGION SETTINGS** dialog. Notification UI fields ====================== .. _openstack-notifications-url: Notifications URLs ------------------ Fleio needs one or more URLs to be able to connect to the OpenStack messaging queue service (usually RabbitMQ) in order to listen for events from OpenStack services like Nova, Neutron, Glance or Cinder. For security reasons is better to create a different username. If you already have a username and password please specify a complete URL in this field having the accepted URI format. As an example, for RabbitMQ, you can enter multiple URLs of the form: ``rabbit://username:password@rabbitmqHost/`` Multiple URLs are usually required if you have multiple messaging queue servers for each service or multiple virtual hosts. Our demo setup has multiple virtual hosts for each service, and we should configure the following URLs in :ref:`Region notification settings`: .. code-block:: bash rabbit://username:password@rabbitmqHost//nova rabbit://username:password@rabbitmqHost//neutron rabbit://username:password@rabbitmqHost//glance rabbit://username:password@rabbitmqHost//cinder .. note:: If all your OpenStack services are using the same RabbitMQ queue (so, single URL in Fleio settings) or multiple queues (multiple URls needed in your Fleio settings), depends on the OpenStack installation method. If you are using :ref:`RabbitMQ messages forwarding` you can have just one notification URL. If you want to create a new user and password (in RabbitMQ) please run the following command on your controller or on your message queue service server. .. code-block:: bash rabbitmqctl add_user fleio TYPEPASSWORD We also have to set up permission for username ``fleio`` for different hosts that your Nova, Neutron, Glance, Cinder services may be configured. .. code-block:: bash rabbitmqctl list_vhosts Listing vhosts ... /neutron /heat /keystone / /cinder /nova /glance /ceilometer rabbitmqctl set_permissions fleio -p /neutron ".*" ".*" ".*" #repeat for every vhost Notifications topic ------------------- The default value for the notifications topic is ``notifications``. Each openstack service sends notifications to this topic. .. warning:: .. deprecated:: 2023.09.1 Fleio collector is deprecated and will be removed in the future. If we installed the :ref:`fleio-collector` service (usually in a multi-region setup) we should use the topic where the Fleio collectors services send the notifications. For fleio-collector, ``fleio`` is the default topic. We can also enter multiple values separated by a single ``,`` character. For example, we can input: ``notifications, fleio`` as a valid value. Notifications exchange ---------------------- Each OpenStack service uses an exchange. The default value is: ``cinder,glance,keystone,neutron,nova,openstack,magnum,trove``. Multiple exchange names may be filled in, as shown above, separated by a comma (``,``). Notifications pool name ----------------------- .. warning:: Notification pool name must be unique per RabbitMQ vhost. If you have two Fleio installations that use the same pool name, some notifications are be lost. Fleio can listen for notifications on the ``notifications`` topic directly. However, when Ceilometer is installed, Ceilometer also listens on the ``notifications`` topic. What this means is that messages will be split between Ceilometer and Fleio. None of the services will receive all the notifications. Specifying a pool name will ensure that all notifications are received by Fleio. In our setup, we will use: ``fleio-pool``.