Chapter 5. Adding an OpenStack Cloud Provider

Red Hat CloudForms supports operating with the OpenStack admin tenant. When creating an OpenStack provider in Red Hat CloudForms, select the OpenStack provider’s admin user because it is the default administrator of the OpenStack admin tenant. When using the admin credentials, a user in Red Hat CloudForms provisions into the admin tenant, and sees images, networks, and instances that are associated with the admin tenant.

Note

In OpenStack, you must add admin as a member of all tenants that users want to access and use in CloudForms.

When adding an OpenStack cloud or infrastructure provider, you can enable tenant mapping in Red Hat CloudForms to map any existing tenants from that provider. This means Red Hat CloudForms will create new cloud tenants to match each of existing OpenStack tenants; each new cloud tenant and its corresponding OpenStack tenant will have identical user memberships, quotas, access/security rules, and resources assignments.

During a provider refresh, Red Hat CloudForms will also check for any changes to the tenant list in OpenStack. Red Hat CloudForms will create new cloud tenants to match any new tenants, and delete any cloud tenants whose corresponding OpenStack tenants no longer exist. Red Hat CloudForms will also replicate any changes to OpenStack tenants to their corresponding cloud tenants.

Note

You can set whether Red Hat CloudForms should use the Telemetry service or Advanced Message Queueing Protocol (AMQP) for event monitoring. If you choose Telemetry, you should first configure the ceilometer service on the overcloud to store events. See Section 5.1, “Configuring the Overcloud to Store Events” for instructions.

For more information, see OpenStack Telemetry (ceilometer) in the Red Hat OpenStack Platform Architecture Guide.

Note

To authenticate the provider using a self-signed Certificate Authority (CA), configure the CloudForms appliance to trust the certificate using the steps in Appendix A, Using a Self-Signed CA Certificate before adding the provider.

  1. Navigate to ComputeCloudsProviders.
  2. Click 1847 (Configuration), then click 1848 (Add a New Cloud Provider).
  3. Enter a Name for the provider.
  4. From the Type drop down menu select OpenStack.

  5. Select the appropriate API Version from the list. The default is Keystone v2.

    If you select Keystone v3, enter the Keystone V3 Domain ID that Red Hat CloudForms should use. This is the domain of the user account you will be specifying later in the Default tab. If domains are not configured in the provider, enter default.

    Note
    • With Keystone API v3, domains are used to determine administrative boundaries of service entities in OpenStack. Domains allow you to group users together for various purposes, such as setting domain-specific configuration or security options. For more information, see OpenStack Identity (keystone) in the Red Hat OpenStack Platform Architecture Guide.
    • The provider you are creating will be able to see projects for the given domain only. To see projects for other domains, add it as another cloud provider. For more information on domain management in OpenStack, see Domain Management in the Red Hat OpenStack Platform Users and Identity Management Guide.
  6. By default, tenant mapping is disabled. To enable it, set Tenant Mapping Enabled to Yes.

  7. Select the appropriate Zone for the provider. By default, the zone is set to default.

    Note

    For more information, see the definition of host aggregates and availability zones in OpenStack Compute (nova) in the Red Hat OpenStack Platform Architecture Guide.

  8. In the Default tab, under Endpoints, configure the host and authentication details of your OpenStack provider:

    1. Select a Security Protocol method to specify how to authenticate the provider:

      • SSL without validation: Authenticate the provider insecurely using SSL.
      • SSL: Authenticate the provider securely using a trusted Certificate Authority. Select this option if the provider has a valid SSL certificate and it is signed by a trusted Certificate Authority. No further configuration is required for this option. This is the recommended authentication method.
      • Non-SSL: Connect to the provider insecurely using only HTTP protocol, without SSL.

    2. In Hostname (or IPv4 or IPv6 address), enter the public IP or fully qualified domain name of the OpenStack Keystone service.

      Note

      The hostname required here is also the OS_AUTH_URL value in the ~/overcloudrc file generated by the director (see Accessing the Overcloud in Red Hat OpenStack Platform Director Installation and Usage), or the ~/keystonerc_admin file generated by Packstack (see Evaluating OpenStack: Single-Node Deployment).

    3. In API Port, set the public port used by the OpenStack Keystone service. By default, OpenStack uses port 5000 for this.
    4. Select the appropriate Security Protocol used for authenticating with your OpenStack provider.

    5. In the Username field, enter the name of a user in the OpenStack environment.

      Important

      In environments that use Keystone v3 authentication, the user must have the admin role for the relevant domain.

    6. In the Password and Confirm Password fields, enter the password for the user.
    7. Click Validate to confirm Red Hat CloudForms can connect to the OpenStack provider.

  9. Next, configure how Red Hat CloudForms should receive events from the OpenStack provider. Click the Events tab in the Endpoints section to start.

    • To use the Telemetry service of the OpenStack provider, select Ceilometer. Before you do so, the provider must first be configured accordingly. See Section 5.1, “Configuring the Overcloud to Store Events” for details.

    • If you prefer to use the AMQP Messaging bus instead, select AMQP. When you do: In Hostname (or IPv4 or IPv6 address) (of the Events tab, under Endpoints), enter the public IP or fully qualified domain name of the AMQP host.

      • In the API Port, set the public port used by AMQP. By default, OpenStack uses port 5672 for this.
      • In the Username field, enter the name of an OpenStack user with privileged access (for example, admin). Then, provide its corresponding password in the Password and Confirm Password fields.
      • Click Validate to confirm the credentials.
  10. Click Add after configuring the cloud provider.
Note
  • To collect inventory and metrics from an OpenStack environment, the Red Hat CloudForms appliance requires that the adminURL endpoint for the OpenStack environment be on a non-private network. Hence, the OpenStack adminURL endpoint should be assigned an IP address other than 192.168.x.x. Additionally, all the Keystone endpoints must be accessible, otherwise refresh will fail.
  • Collecting capacity and utilization data from an OpenStack cloud provider requires selecting the Collect for All Clusters option under Configuration, in the settings menu. For information, see Capacity and Utilization Collections in the General Configuration Guide.

5.1. Configuring the Overcloud to Store Events

By default, the Telemetry service does not store events emitted by other services in a Red Hat OpenStack Platform environment. The following procedure outlines how to enable the Telemetry service on your OpenStack cloud provider to store such events. This ensures that events are exposed to Red Hat CloudForms when a Red Hat OpenStack Platform environment is added as a cloud provider.

  1. Log in to the undercloud host.

  2. Create an environment file called ceilometer.yaml, and add the following contents: 

    parameter_defaults:
  CeilometerStoreEvents: true

  3. Add the environment file to the overcloud deploy command: 

    # openstack overcloud deploy --templates -e ~/ceilometer.yaml

If your OpenStack cloud provider was not deployed through the undercloud, you can also set this manually. To do so:

  1. Log in to your Controller node.

  2. Edit /etc/ceilometer/ceilometer.conf, and specify the following option: 

    store_events = True

  3. Edit /etc/heat/heat.conf, and specify the following options: 

    notification_driver=glance.openstack.common.notifier.rpc_notifier
notification_topics=notifications

  4. Edit /etc/nova/nova.conf, and specify the following options: 

    notification_driver=messaging
notification_topics=notifications

  5. Restart the Compute service and Orchestration services: 

    # systemctl restart openstack-heat-api.service \
  openstack-heat-api-cfn.service \
  openstack-heat-engine.service \
  openstack-heat-api-cloudwatch.service
    # systemctl restart openstack-nova-compute.service