Skip to content

Commit

Permalink
Merge pull request #515 from klgill/Docs-Refine-Deploying-Backend-Ser…
Browse files Browse the repository at this point in the history
…vices

refining deploying backend services Pt1
  • Loading branch information
klgill authored Jul 24, 2024
2 parents b43dbdc + 69f04cb commit 2d18856
Showing 1 changed file with 50 additions and 57 deletions.
107 changes: 50 additions & 57 deletions docs_user/modules/proc_deploying-backend-services.adoc
Original file line number Diff line number Diff line change
@@ -1,18 +1,13 @@
[id="deploying-backend-services_{context}"]

= Deploying backend services
= Deploying back-end services

Create the `OpenStackControlPlane` custom resource (CR) with basic backend services deployed, and all the {rhos_prev_long} ({OpenStackShort}) services disabled. This will be the foundation of the control plane.

In subsequent steps, you import the original databases and then add
{OpenStackShort} control plane services.
Create the `OpenStackControlPlane` custom resource (CR) with the basic back-end services deployed, and disable all the {rhos_prev_long} ({OpenStackShort}) services. This CR is the foundation of the control plane.

.Prerequisites

* The cloud that you want to adopt is up and running, and it is on the
{OpenStackShort} {rhos_prev_ver} release.
* All control plane and data plane hosts of the source cloud are up
and running, and continue to run throughout the adoption procedure.
* The cloud that you want to adopt is running, and it is on the {OpenStackShort} {rhos_prev_ver} release.
* All control plane and data plane hosts of the source cloud are running, and continue to run throughout the adoption procedure.
* The `openstack-operator` is deployed, but `OpenStackControlPlane` is
not deployed.
ifeval::["{build}" != "downstream"]
Expand All @@ -22,20 +17,23 @@ by running `make openstack` inside
https://github.com/openstack-k8s-operators/install_yamls[install_yamls]
repo.
+
endif::[]
For production environments, the deployment method will likely be
different.
endif::[]
ifeval::["{build}" == "downstream"]
* Install the OpenStack Operators. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/{rhos_curr_ver}/html-single/deploying_red_hat_openstack_services_on_openshift/index#assembly_installing-and-preparing-the-Operators[Installing and preparing the Operators] in _Deploying Red Hat OpenStack Services on OpenShift_.
endif::[]

* If TLS Everywhere is enabled on the source environment, the `tls` root CA from the source environment must be copied over to the rootca-internal issuer.
* If you enabled TLS everywhere (TLS-e) on the {OpenStackShort} environment, you must copy the `tls` root CA from the {OpenStackShort} environment to the `rootca-internal` issuer.

* There are free PVs available to be claimed (for MariaDB and RabbitMQ).
* There are free PVs available for MariaDB and RabbitMQ.
ifeval::["{build}" != "downstream"]
+
For developer/CI environments driven by install_yamls, make sure
you've run `make crc_storage`.
endif::[]
* Set the desired admin password for the control plane deployment. This can
be the original deployment's admin password or something else.
be the admin password from your original deployment or a different password:
+
----
ADMIN_PASSWORD=SomePassword
Expand All @@ -46,12 +44,11 @@ To use the existing {OpenStackShort} deployment password:
----
ADMIN_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' AdminPassword:' | awk -F ': ' '{ print $2; }')
----
* Set service password variables to match the original deployment.
* Set the service password variables to match the original deployment.
Database passwords can differ in the control plane environment, but
synchronizing the service account passwords is a required step.
you must synchronize the service account passwords.
+
For example, in developer environments with {OpenStackPreviousInstaller} Standalone, the
passwords can be extracted like this:
For example, in developer environments with {OpenStackPreviousInstaller} Standalone, the passwords can be extracted:
+
----
AODH_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' AodhPassword:' | awk -F ': ' '{ print $2; }')
Expand All @@ -73,15 +70,15 @@ SWIFT_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' SwiftPassword:

.Procedure

. Make sure you are using the {OpenShift} namespace where you want the
control plane deployed:
. Ensure that you are using the {OpenShift} namespace where you want the
control plane to be deployed:
+
----
oc project openstack
$ oc project openstack
----

. Create OSP secret.
ifeval::["{build}" != "downstream"]
. Create the {OpenStackShort} secret.
+
The procedure for this will vary, but in developer/CI environments
you use `install_yamls`:
Expand All @@ -91,44 +88,40 @@ you use `install_yamls`:
make input
----
endif::[]
ifeval::["{build}" == "downstream"]
. Create the {OpenStackShort} secret. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/{rhos_curr_ver}/html-single/deploying_red_hat_openstack_services_on_openshift/index#proc_providing-secure-access-to-the-RHOSO-services_preparing[Providing secure access to the Red Hat OpenStack Services on OpenShift services] in _Deploying Red Hat OpenStack Services on OpenShift_.
endif::[]

. If the `$ADMIN_PASSWORD` is different than the already set password
in `osp-secret`, amend the `AdminPassword` key in the `osp-secret`
correspondingly:
. If the `$ADMIN_PASSWORD` is different than the password you set
in `osp-secret`, amend the `AdminPassword` key in the `osp-secret`:
+
----
oc set data secret/osp-secret "AdminPassword=$ADMIN_PASSWORD"
$ oc set data secret/osp-secret "AdminPassword=$ADMIN_PASSWORD"
----

. Set service account passwords in `osp-secret` to match the service
account passwords from the original deployment:
+
----
oc set data secret/osp-secret "AodhPassword=$AODH_PASSWORD"
oc set data secret/osp-secret "BarbicanPassword=$BARBICAN_PASSWORD"
oc set data secret/osp-secret "CeilometerMeteringSecret=$CEILOMETER_METERING_SECRET"
oc set data secret/osp-secret "CeilometerPassword=$CEILOMETER_PASSWORD"
oc set data secret/osp-secret "CinderPassword=$CINDER_PASSWORD"
oc set data secret/osp-secret "GlancePassword=$GLANCE_PASSWORD"
oc set data secret/osp-secret "HeatAuthEncryptionKey=$HEAT_AUTH_ENCRYPTION_KEY"
oc set data secret/osp-secret "HeatPassword=$HEAT_PASSWORD"
oc set data secret/osp-secret "IronicPassword=$IRONIC_PASSWORD"
oc set data secret/osp-secret "IronicInspectorPassword=$IRONIC_PASSWORD"
oc set data secret/osp-secret "ManilaPassword=$MANILA_PASSWORD"
oc set data secret/osp-secret "NeutronPassword=$NEUTRON_PASSWORD"
oc set data secret/osp-secret "NovaPassword=$NOVA_PASSWORD"
oc set data secret/osp-secret "OctaviaPassword=$OCTAVIA_PASSWORD"
oc set data secret/osp-secret "PlacementPassword=$PLACEMENT_PASSWORD"
oc set data secret/osp-secret "SwiftPassword=$SWIFT_PASSWORD"
$ oc set data secret/osp-secret "AodhPassword=$AODH_PASSWORD"
$ oc set data secret/osp-secret "BarbicanPassword=$BARBICAN_PASSWORD"
$ oc set data secret/osp-secret "CeilometerMeteringSecret=$CEILOMETER_METERING_SECRET"
$ oc set data secret/osp-secret "CeilometerPassword=$CEILOMETER_PASSWORD"
$ oc set data secret/osp-secret "CinderPassword=$CINDER_PASSWORD"
$ oc set data secret/osp-secret "GlancePassword=$GLANCE_PASSWORD"
$ oc set data secret/osp-secret "HeatAuthEncryptionKey=$HEAT_AUTH_ENCRYPTION_KEY"
$ oc set data secret/osp-secret "HeatPassword=$HEAT_PASSWORD"
$ oc set data secret/osp-secret "IronicPassword=$IRONIC_PASSWORD"
$ oc set data secret/osp-secret "IronicInspectorPassword=$IRONIC_PASSWORD"
$ oc set data secret/osp-secret "ManilaPassword=$MANILA_PASSWORD"
$ oc set data secret/osp-secret "NeutronPassword=$NEUTRON_PASSWORD"
$ oc set data secret/osp-secret "NovaPassword=$NOVA_PASSWORD"
$ oc set data secret/osp-secret "OctaviaPassword=$OCTAVIA_PASSWORD"
$ oc set data secret/osp-secret "PlacementPassword=$PLACEMENT_PASSWORD"
$ oc set data secret/osp-secret "SwiftPassword=$SWIFT_PASSWORD"
----

. Deploy `OpenStackControlPlane`. Make sure to only enable DNS,
MariaDB, Memcached, and RabbitMQ services. All other services must
be disabled.

. If the source environment enables TLS Everywhere, modify
spec:tls section with the following override before applying it:

. If you enabled TLS-e in your {OpenStackShort} environment, in the `spec:tls` section, set the `enabled` parameter to `true`:
+
[source,yaml]
----
Expand All @@ -155,9 +148,7 @@ spec:
enabled: true
----

. If the source environment does not enable TLS Everywhere, modify
spec:tls section with the following override before applying it:

. If you did not enable TLS-e, in the `spec:tls`` section, set the `enabled` parameter to `false`:
+
[source,yaml]
----
Expand All @@ -171,6 +162,8 @@ spec:
enabled: false
----

. Deploy the `OpenStackControlPlane` CR. Ensure that you only enable the DNS, MariaDB, Memcached, and RabbitMQ services. All other services must
be disabled:
+
[source,yaml]
----
Expand Down Expand Up @@ -253,18 +246,18 @@ spec:
templates:
openstack:
secret: osp-secret
replicas: 1
replicas: 3
storageRequest: 500M
openstack-cell1:
secret: osp-secret
replicas: 1
replicas: 3
storageRequest: 500M
memcached:
enabled: true
templates:
memcached:
replicas: 1
replicas: 3
neutron:
enabled: false
Expand Down Expand Up @@ -333,9 +326,9 @@ EOF

.Verification

* Check that MariaDB is running.
* Verify that MariaDB is running:
+
----
oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}'
oc get pod openstack-cell1-galera-0 -o jsonpath='{.status.phase}{"\n"}'
$ oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}'
$ oc get pod openstack-cell1-galera-0 -o jsonpath='{.status.phase}{"\n"}'
----

0 comments on commit 2d18856

Please sign in to comment.