blob: 44ee5f14899c948b337e8c418373f80d8ebc8551 [file] [log] [blame]
OlgaGusarenko74b53f22018-06-28 17:35:48 +03001=====
2Usage
3=====
Filip Pytlounda2a0792015-10-06 16:28:31 +02004
OlgaGusarenko74b53f22018-06-28 17:35:48 +03005Cinder provides an infrastructure for managing volumes in OpenStack.
6Originally, this project was the Nova component called ``nova-volume``
7and starting from the Folsom OpenStack release it has become an independent
8project.
Filip Pytlounda2a0792015-10-06 16:28:31 +02009
OlgaGusarenko74b53f22018-06-28 17:35:48 +030010This file provides the sample configurations for different use cases:
Filip Pytlounda2a0792015-10-06 16:28:31 +020011
OlgaGusarenko74b53f22018-06-28 17:35:48 +030012* Pillar sample of a basic Cinder configuration:
Filip Pytlounda2a0792015-10-06 16:28:31 +020013
OlgaGusarenko74b53f22018-06-28 17:35:48 +030014 The pillar structure defines ``cinder-api`` and ``cinder-scheduler`` inside
15 the ``controller`` role and ``cinder-volume`` inside the to ``volume``
16 role.
17
18 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +020019
20 cinder:
21 controller:
22 enabled: true
23 version: juno
Dmitry Stremkovskiy9f4ac8b2017-07-11 09:48:46 +030024 cinder_uid: 304
25 cinder_gid: 304
Dmitry Stremkovskiyef4c7d02017-07-30 16:51:52 +030026 nas_secure_file_permissions: false
27 nas_secure_file_operations: false
Dmitry Stremkovskiya5dd7992017-07-30 19:54:23 +030028 cinder_internal_tenant_user_id: f46924c112a14c80ab0a24a613d95eef
29 cinder_internal_tenant_project_id: b7455b8974bb4064ad247c8f375eae6c
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +010030 default_volume_type: 7k2SaS
stelucz1f3a82f2017-09-19 18:38:13 +020031 enable_force_upload: true
Damian Szeluga0918f5a2017-04-19 12:26:56 +020032 availability_zone_fallback: True
Oleksandr Pidrepnyi27e25fa2019-05-02 14:00:40 +030033 image_conversion_dir: /var/tmp/cinder/conversion
Filip Pytlounda2a0792015-10-06 16:28:31 +020034 database:
35 engine: mysql
36 host: 127.0.0.1
37 port: 3306
38 name: cinder
39 user: cinder
40 password: pwd
41 identity:
42 engine: keystone
43 host: 127.0.0.1
44 port: 35357
45 tenant: service
46 user: cinder
47 password: pwd
48 message_queue:
49 engine: rabbitmq
50 host: 127.0.0.1
51 port: 5672
52 user: openstack
53 password: pwd
54 virtual_host: '/openstack'
root08402652018-12-28 15:04:23 +000055 client:
56 connection_params:
57 connect_retries: 50
58 connect_retry_delay: 1
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +010059 backend:
60 7k2_SAS:
61 engine: storwize
Jakub Pavlikedd46102016-01-08 16:20:38 +010062 type_name: slow-disks
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +010063 host: 192.168.0.1
64 port: 22
65 user: username
66 password: pass
67 connection: FC/iSCSI
68 multihost: true
69 multipath: true
70 pool: SAS7K2
Kirill Bespalov01614c02017-07-31 17:06:09 +030071 audit:
Petr Michaleca1c7ff12016-11-29 16:32:50 +010072 enabled: false
Simon Pasquier9089de42017-02-03 16:13:22 +010073 osapi_max_limit: 500
Oleg Iurchenko83ee09a2017-10-17 18:24:28 +030074 barbican:
75 enabled: true
Filip Pytlounda2a0792015-10-06 16:28:31 +020076
77 cinder:
78 volume:
79 enabled: true
80 version: juno
Dmitry Stremkovskiy9f4ac8b2017-07-11 09:48:46 +030081 cinder_uid: 304
82 cinder_gid: 304
Dmitry Stremkovskiyef4c7d02017-07-30 16:51:52 +030083 nas_secure_file_permissions: false
84 nas_secure_file_operations: false
Dmitry Stremkovskiya5dd7992017-07-30 19:54:23 +030085 cinder_internal_tenant_user_id: f46924c112a14c80ab0a24a613d95eef
86 cinder_internal_tenant_project_id: b7455b8974bb4064ad247c8f375eae6c
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +010087 default_volume_type: 7k2SaS
Michael Polenchukf0d642e2018-07-27 09:55:14 +040088 enable_force_upload: true
89 my_ip: 192.168.0.254
Oleksandr Pidrepnyida465022019-04-26 18:44:05 +030090 image_conversion_dir: /var/tmp/cinder/conversion
Filip Pytlounda2a0792015-10-06 16:28:31 +020091 database:
92 engine: mysql
93 host: 127.0.0.1
94 port: 3306
95 name: cinder
96 user: cinder
97 password: pwd
98 identity:
99 engine: keystone
100 host: 127.0.0.1
101 port: 35357
102 tenant: service
103 user: cinder
104 password: pwd
105 message_queue:
106 engine: rabbitmq
107 host: 127.0.0.1
108 port: 5672
109 user: openstack
110 password: pwd
111 virtual_host: '/openstack'
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +0100112 backend:
113 7k2_SAS:
114 engine: storwize
Jakub Pavlikedd46102016-01-08 16:20:38 +0100115 type_name: 7k2 SAS disk
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +0100116 host: 192.168.0.1
117 port: 22
118 user: username
119 password: pass
120 connection: FC/iSCSI
121 multihost: true
122 multipath: true
123 pool: SAS7K2
Petr Michaleca1c7ff12016-11-29 16:32:50 +0100124 audit:
125 enabled: false
Oleg Iurchenko83ee09a2017-10-17 18:24:28 +0300126 barbican:
127 enabled: true
Ondrej Smola74af21b2017-04-28 12:30:24 +0200128
129
Vasyl Saienkoa5de7512018-07-12 17:28:36 +0300130Volume vmware related options:
131
132.. code-block:: yaml
133
134 cinder:
135 volume:
136 backend:
137 vmware:
138 engine: vmware
139 host_username: vmware
140 host_password: vmware
141 cluster_names: vmware_cluster01,vmware_cluster02
142
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300143* The CORS parameters enablement:
Vasyl Saienkoa5de7512018-07-12 17:28:36 +0300144
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300145 .. code-block:: yaml
Ondrej Smola74af21b2017-04-28 12:30:24 +0200146
147 cinder:
148 controller:
149 cors:
150 allowed_origin: https:localhost.local,http:localhost.local
151 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
152 allow_methods: GET,PUT,POST,DELETE,PATCH
153 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
154 allow_credentials: True
155 max_age: 86400
Jiri Konecny2dce35f2016-04-19 16:29:52 +0200156
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300157* The client-side RabbitMQ HA setup for the controller:
Jiri Konecny2dce35f2016-04-19 16:29:52 +0200158
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300159 .. code-block:: yaml
Jiri Konecny2dce35f2016-04-19 16:29:52 +0200160
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300161 cinder:
162 controller:
163 ....
164 message_queue:
165 engine: rabbitmq
166 members:
167 - host: 10.0.16.1
168 - host: 10.0.16.2
169 - host: 10.0.16.3
170 user: openstack
171 password: pwd
172 virtual_host: '/openstack'
173 ....
Jiri Konecny2dce35f2016-04-19 16:29:52 +0200174
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300175* The client-side RabbitMQ HA setup for the volume component
Jiri Konecny2dce35f2016-04-19 16:29:52 +0200176
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300177 .. code-block:: yaml
Jiri Konecny2dce35f2016-04-19 16:29:52 +0200178
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300179 cinder:
180 volume:
181 ....
182 message_queue:
183 engine: rabbitmq
184 members:
185 - host: 10.0.16.1
186 - host: 10.0.16.2
187 - host: 10.0.16.3
188 user: openstack
189 password: pwd
190 virtual_host: '/openstack'
191 ....
Filip Pytlounda2a0792015-10-06 16:28:31 +0200192
Kirill Bespalov01614c02017-07-31 17:06:09 +0300193
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300194* Configuring TLS communications.
Kirill Bespalov01614c02017-07-31 17:06:09 +0300195
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300196 .. note:: By default, system-wide installed CA certs are used.
197 Therefore, the ``cacert_file`` and ``cacert`` parameters are
198 optional.
Kirill Bespalov01614c02017-07-31 17:06:09 +0300199
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300200 * RabbitMQ TLS:
Kirill Bespalov1550d6c2017-11-21 12:55:33 +0300201
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300202 .. code-block:: yaml
Kirill Bespalov1550d6c2017-11-21 12:55:33 +0300203
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300204 cinder:
205 controller, volume:
206 message_queue:
207 port: 5671
208 ssl:
209 enabled: True
210 (optional) cacert: cert body if the cacert_file does not exists
211 (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
212 (optional) version: TLSv1_2
Kirill Bespalov01614c02017-07-31 17:06:09 +0300213
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300214 * MySQL TLS:
Kirill Bespalov01614c02017-07-31 17:06:09 +0300215
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300216 .. code-block:: yaml
Kirill Bespalov01614c02017-07-31 17:06:09 +0300217
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300218 cinder:
219 controller:
220 database:
221 ssl:
222 enabled: True
223 (optional) cacert: cert body if the cacert_file does not exists
224 (optional) cacert_file: /etc/openstack/mysql-ca.pem
Kirill Bespalov01614c02017-07-31 17:06:09 +0300225
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300226 * Openstack HTTPS API:
Kirill Bespalov01614c02017-07-31 17:06:09 +0300227
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300228 .. code-block:: yaml
Kirill Bespalov01614c02017-07-31 17:06:09 +0300229
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300230 cinder:
231 controller, volume:
232 identity:
233 protocol: https
234 (optional) cacert_file: /etc/openstack/proxy.pem
235 glance:
236 protocol: https
237 (optional) cacert_file: /etc/openstack/proxy.pem
Kirill Bespalov01614c02017-07-31 17:06:09 +0300238
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300239* Cinder setup with zeroing deleted volumes:
Kirill Bespalov01614c02017-07-31 17:06:09 +0300240
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300241 .. code-block:: yaml
Alexander Noskov62496fb2017-02-27 16:42:54 +0100242
Filip Pytlounda2a0792015-10-06 16:28:31 +0200243 cinder:
244 controller:
245 enabled: true
246 wipe_method: zero
247 ...
248
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300249* Cinder setup with shreding deleted volumes:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200250
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300251 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200252
253 cinder:
254 controller:
255 enabled: true
256 wipe_method: shred
257 ...
258
Oleksandr Pidrepnyida465022019-04-26 18:44:05 +0300259* Configure directory used for temporary storage during image conversion:
260
261 .. code-block:: yaml
262
263 cinder:
Oleksandr Pidrepnyi27e25fa2019-05-02 14:00:40 +0300264 controller:
265 image_conversion_dir: /var/tmp/cinder/conversion
Oleksandr Pidrepnyida465022019-04-26 18:44:05 +0300266 volume:
267 image_conversion_dir: /var/tmp/cinder/conversion
268 ...
269
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300270* Configuration of ``policy.json`` file:
Dmitry Ukov56c29072017-05-04 16:48:29 +0400271
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300272 .. code-block:: yaml
Dmitry Ukov56c29072017-05-04 16:48:29 +0400273
274 cinder:
275 controller:
276 ....
277 policy:
278 'volume:delete': 'rule:admin_or_owner'
279 # Add key without value to remove line from policy.json
280 'volume:extend':
281
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300282* Default Cinder backend ``lvm_type`` setup:
sgarbuz0901ebe2018-06-13 17:16:16 +0300283
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300284 .. code-block:: yaml
sgarbuz0901ebe2018-06-13 17:16:16 +0300285
286 cinder:
287 volume:
288 enabled: true
289 backend:
290 # Type of LVM volumes to deploy; (default, thin, or auto). Auto defaults to thin if thin is supported.
291 lvm_type: auto
292
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300293* Default Cinder setup with iSCSI target:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200294
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300295 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200296
297 cinder:
298 controller:
299 enabled: true
Jakub Pavlik3d437df2016-04-11 22:07:50 +0200300 version: mitaka
301 default_volume_type: lvmdriver-1
Filip Pytlounda2a0792015-10-06 16:28:31 +0200302 database:
303 engine: mysql
304 host: 127.0.0.1
305 port: 3306
306 name: cinder
307 user: cinder
308 password: pwd
309 identity:
310 engine: keystone
311 host: 127.0.0.1
312 port: 35357
313 tenant: service
314 user: cinder
315 password: pwd
316 message_queue:
317 engine: rabbitmq
318 host: 127.0.0.1
319 port: 5672
320 user: openstack
321 password: pwd
322 virtual_host: '/openstack'
Jakub Pavlikaf96c2a2016-01-08 15:49:54 +0100323 backend:
Jakub Pavlik3d437df2016-04-11 22:07:50 +0200324 lvmdriver-1:
325 engine: lvm
326 type_name: lvmdriver-1
327 volume_group: cinder-volume
Filip Pytlounda2a0792015-10-06 16:28:31 +0200328
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300329* Cinder setup for IBM Storwize:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200330
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300331 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200332
333 cinder:
Ales Komarekdf13bbd2016-01-05 21:33:36 +0100334 volume:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200335 enabled: true
Ales Komarekdf13bbd2016-01-05 21:33:36 +0100336 backend:
337 7k2_SAS:
338 engine: storwize
Jakub Pavlikedd46102016-01-08 16:20:38 +0100339 type_name: 7k2 SAS disk
Ales Komarekdf13bbd2016-01-05 21:33:36 +0100340 host: 192.168.0.1
341 port: 22
342 user: username
343 password: pass
344 connection: FC/iSCSI
345 multihost: true
346 multipath: true
347 pool: SAS7K2
348 10k_SAS:
349 engine: storwize
Jakub Pavlikedd46102016-01-08 16:20:38 +0100350 type_name: 10k SAS disk
Ales Komarekdf13bbd2016-01-05 21:33:36 +0100351 host: 192.168.0.1
352 port: 22
353 user: username
354 password: pass
355 connection: FC/iSCSI
356 multihost: true
357 multipath: true
358 pool: SAS10K
359 15k_SAS:
360 engine: storwize
Jakub Pavlikedd46102016-01-08 16:20:38 +0100361 type_name: 15k SAS
Ales Komarekdf13bbd2016-01-05 21:33:36 +0100362 host: 192.168.0.1
363 port: 22
364 user: username
365 password: pass
366 connection: FC/iSCSI
367 multihost: true
368 multipath: true
369 pool: SAS15K
Filip Pytlounda2a0792015-10-06 16:28:31 +0200370
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300371* Cinder setup with NFS:
Jiri Broulik88548db2017-03-31 12:21:37 +0200372
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300373 .. code-block:: yaml
Jiri Broulik88548db2017-03-31 12:21:37 +0200374
375 cinder:
376 controller:
377 enabled: true
378 default_volume_type: nfs-driver
379 backend:
380 nfs-driver:
381 engine: nfs
382 type_name: nfs-driver
383 volume_group: cinder-volume
384 path: /var/lib/cinder/nfs
385 devices:
386 - 172.16.10.110:/var/nfs/cinder
387 options: rw,sync
388
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300389* Cinder setup with NetApp:
Jiri Broulik88548db2017-03-31 12:21:37 +0200390
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300391 .. code-block:: yaml
Alexey Chekunovf916f0c2017-05-25 13:29:45 +0400392
393 cinder:
394 controller:
395 backend:
396 netapp:
397 engine: netapp
398 type_name: netapp
399 user: openstack
400 vserver: vm1
401 server_hostname: 172.18.2.3
402 password: password
403 storage_protocol: nfs
404 transport_type: https
405 lun_space_reservation: enabled
406 use_multipath_for_image_xfer: True
Dmitry Stremkouskiffa53c02017-09-15 19:47:21 +0300407 nas_secure_file_operations: false
408 nas_secure_file_permissions: false
Alexey Chekunovf916f0c2017-05-25 13:29:45 +0400409 devices:
410 - 172.18.1.2:/vol_1
411 - 172.18.1.2:/vol_2
412 - 172.18.1.2:/vol_3
413 - 172.18.1.2:/vol_4
Jakub Pavlik94dc0c92017-06-14 14:53:23 +0200414 linux:
415 system:
416 package:
417 nfs-common:
418 version: latest
Alexey Chekunovf916f0c2017-05-25 13:29:45 +0400419
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300420* Cinder setup with Hitachi VPS:
Alexey Chekunovf916f0c2017-05-25 13:29:45 +0400421
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300422 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200423
424 cinder:
425 controller:
426 enabled: true
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100427 backend:
428 hus100_backend:
marcodaa52fa2016-01-25 23:49:50 +0100429 type_name: HUS100
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100430 backend: hus100_backend
431 engine: hitachi_vsp
432 connection: FC
Filip Pytlounda2a0792015-10-06 16:28:31 +0200433
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300434* Cinder setup with Hitachi VPS with defined ``ldev`` range:
Ondrej Smola16d66bd2017-01-15 13:56:03 +0100435
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300436 .. code-block:: yaml
Ondrej Smola16d66bd2017-01-15 13:56:03 +0100437
438 cinder:
439 controller:
440 enabled: true
441 backend:
442 hus100_backend:
443 type_name: HUS100
444 backend: hus100_backend
445 engine: hitachi_vsp
446 connection: FC
447 ldev_range: 0-1000
448
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300449* Cinder setup with Ceph:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200450
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300451 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200452
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300453 cinder:
454 controller:
455 enabled: true
456 backend:
457 ceph_backend:
458 type_name: standard-iops
459 backend: ceph_backend
sgarbuz94de9292018-09-10 10:22:39 +0300460 backend_host: ceph
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300461 pool: volumes
462 engine: ceph
463 user: cinder
464 secret_uuid: da74ccb7-aa59-1721-a172-0006b1aa4e3e
465 client_cinder_key: AQDOavlU6BsSJhAAnpFR906mvdgdfRqLHwu0Uw==
466 report_discard_supported: True
stelucz9f4986c2018-08-30 09:46:55 +0200467 image_volume_cache_enabled: False
Filip Pytlounda2a0792015-10-06 16:28:31 +0200468
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300469 .. note:: `Ceph official documentation <http://ceph.com/docs/master/rbd/rbd-openstack/>`__
Filip Pytlounda2a0792015-10-06 16:28:31 +0200470
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300471* Cinder setup with HP3par:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200472
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300473 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200474
475 cinder:
476 controller:
477 enabled: true
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100478 backend:
479 hp3par_backend:
Jakub Pavlikedd46102016-01-08 16:20:38 +0100480 type_name: hp3par
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100481 backend: hp3par_backend
482 user: hp3paruser
483 password: something
484 url: http://10.10.10.10/api/v1
485 cpg: OpenStackCPG
486 host: 10.10.10.10
487 login: hp3paradmin
488 sanpassword: something
489 debug: True
490 snapcpg: OpenStackSNAPCPG
Filip Pytlounda2a0792015-10-06 16:28:31 +0200491
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300492* Cinder setup with Fujitsu Eternus:
Filip Pytlounda2a0792015-10-06 16:28:31 +0200493
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300494 .. code-block:: yaml
Filip Pytlounda2a0792015-10-06 16:28:31 +0200495
496 cinder:
497 volume:
498 enabled: true
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100499 backend:
500 10kThinPro:
Jakub Pavlikedd46102016-01-08 16:20:38 +0100501 type_name: 10kThinPro
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100502 engine: fujitsu
503 pool: 10kThinPro
504 host: 192.168.0.1
505 port: 5988
506 user: username
507 password: pass
508 connection: FC/iSCSI
marcodaa52fa2016-01-25 23:49:50 +0100509 name: 10kThinPro
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100510 10k_SAS:
Jakub Pavlikedd46102016-01-08 16:20:38 +0100511 type_name: 10k_SAS
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100512 pool: SAS10K
513 engine: fujitsu
514 host: 192.168.0.1
515 port: 5988
516 user: username
517 password: pass
518 connection: FC/iSCSI
marcodaa52fa2016-01-25 23:49:50 +0100519 name: 10k_SAS
Filip Pytlounda2a0792015-10-06 16:28:31 +0200520
Sergio Lystopadbbfba652019-06-06 16:20:08 +0300521* Cinder setup with Fujitsu Eternus. Set driver class to be used by cinder-volume:
522 .. code-block:: yaml
523
524 cinder:
525 controller:
526 enabled: True
527 backend:
528 FJISCSI:
529 driver: cinder.volume.drivers.fujitsu.eternus_dx.eternus_dx_iscsi.FJDXISCSIDriver
530 engine: fujitsu
531 FJFC:
532 driver: cinder.volume.drivers.fujitsu.eternus_dx.eternus_dx_fc.FJDXFCDriver
533 engine: fujitsu
534
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300535* Cinder setup with IBM GPFS filesystem:
Jakub Pavlik9703c602015-10-15 18:52:47 +0200536
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300537 .. code-block:: yaml
Jakub Pavlik9703c602015-10-15 18:52:47 +0200538
539 cinder:
540 volume:
541 enabled: true
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100542 backend:
543 GPFS-GOLD:
Jakub Pavlikedd46102016-01-08 16:20:38 +0100544 type_name: GPFS-GOLD
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100545 engine: gpfs
546 mount_point: '/mnt/gpfs-openstack/cinder/gold'
marcodaa52fa2016-01-25 23:49:50 +0100547 GPFS-SILVER:
Jakub Pavlikedd46102016-01-08 16:20:38 +0100548 type_name: GPFS-SILVER
Jakub Pavlik5d7df0d2016-01-06 13:08:30 +0100549 engine: gpfs
550 mount_point: '/mnt/gpfs-openstack/cinder/silver'
Kirill Bespalov01614c02017-07-31 17:06:09 +0300551
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300552* Cinder setup with HP LeftHand:
Jakub Pavlik9f5988a2016-01-11 13:44:57 +0100553
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300554 .. code-block:: yaml
Jakub Pavlik9f5988a2016-01-11 13:44:57 +0100555
556 cinder:
557 volume:
558 enabled: true
559 backend:
560 HP-LeftHand:
561 type_name: normal-storage
562 engine: hp_lefthand
563 api_url: 'https://10.10.10.10:8081/lhos'
564 username: user
565 password: password
566 clustername: cluster1
567 iscsi_chap_enabled: false
568
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300569* Extra parameters for HP LeftHand:
Jakub Pavlika63764f2016-01-11 14:41:06 +0100570
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300571 .. code-block:: yaml
Jakub Pavlik5050dda2016-01-11 16:52:32 +0100572
Kirill Bespalov01614c02017-07-31 17:06:09 +0300573 cinder type-key normal-storage set hplh:data_pl=r-10-2 hplh:provisioning=full
Jakub Pavlik5050dda2016-01-11 16:52:32 +0100574
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300575* Cinder setup with Solidfire:
Jakub Pavlik5050dda2016-01-11 16:52:32 +0100576
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300577 .. code-block:: yaml
Jakub Pavlik5050dda2016-01-11 16:52:32 +0100578
579 cinder:
580 volume:
581 enabled: true
582 backend:
583 solidfire:
584 type_name: normal-storage
585 engine: solidfire
586 san_ip: 10.10.10.10
587 san_login: user
588 san_password: password
589 clustername: cluster1
590 sf_emulate_512: false
sergio9e6387e2018-02-19 21:13:14 +0200591 sf_api_port: 14443
592 host: ctl01
Aleksieiev, Oleksii224e8ae2018-07-13 09:43:43 -0700593 #for compatibility with old versions
594 sf_account_prefix: PREFIX
Filip Pytlounda2a0792015-10-06 16:28:31 +0200595
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300596* Cinder setup with Block Device driver:
Alexander Noskov023a0032017-06-16 09:31:59 +0200597
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300598 .. code-block:: yaml
Alexander Noskov023a0032017-06-16 09:31:59 +0200599
600 cinder:
601 volume:
602 enabled: true
603 backend:
604 bdd:
605 engine: bdd
606 enabled: true
607 type_name: bdd
608 devices:
609 - sdb
610 - sdc
611 - sdd
612
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300613* Enable cinder-backup service for ceph
Petr Michaleca1c7ff12016-11-29 16:32:50 +0100614
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300615 .. code-block:: yaml
Petr Michaleca1c7ff12016-11-29 16:32:50 +0100616
Ondrej Smolaed6abbf2017-04-25 11:55:44 +0200617 cinder:
618 controller:
619 enabled: true
620 version: mitaka
621 backup:
622 engine: ceph
623 ceph_conf: "/etc/ceph/ceph.conf"
624 ceph_pool: backup
625 ceph_stripe_count: 0
626 ceph_stripe_unit: 0
627 ceph_user: cinder
628 ceph_chunk_size: 134217728
629 restore_discard_excess_bytes: false
630 volume:
631 enabled: true
632 version: mitaka
633 backup:
634 engine: ceph
635 ceph_conf: "/etc/ceph/ceph.conf"
636 ceph_pool: backup
637 ceph_stripe_count: 0
638 ceph_stripe_unit: 0
639 ceph_user: cinder
640 ceph_chunk_size: 134217728
641 restore_discard_excess_bytes: false
Kirill Bespalov01614c02017-07-31 17:06:09 +0300642
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300643* Auditing filter (CADF) enablement:
Petr Michaleca1c7ff12016-11-29 16:32:50 +0100644
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300645 .. code-block:: yaml
Petr Michaleca1c7ff12016-11-29 16:32:50 +0100646
647 cinder:
648 controller:
649 audit:
650 enabled: true
651 ....
652 filter_factory: 'keystonemiddleware.audit:filter_factory'
653 map_file: '/etc/pycadf/cinder_api_audit_map.conf'
654 ....
655 volume:
656 audit:
657 enabled: true
658 ....
659 filter_factory: 'keystonemiddleware.audit:filter_factory'
660 map_file: '/etc/pycadf/cinder_api_audit_map.conf'
661
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300662* Cinder setup with custom availability zones:
Michel Nederlofb8603eb2017-02-09 10:04:38 +0100663
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300664 .. code-block:: yaml
Michel Nederlofb8603eb2017-02-09 10:04:38 +0100665
666 cinder:
667 controller:
668 default_availability_zone: my-default-zone
669 storage_availability_zone: my-custom-zone-name
670 cinder:
671 volume:
672 default_availability_zone: my-default-zone
673 storage_availability_zone: my-custom-zone-name
674
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300675 The ``default_availability_zone`` is used when a volume has been created,
676 without specifying a zone in the ``create`` request as this zone must exist
677 in your configuration.
Andrii Ostapenkob7aa34d2017-04-20 14:22:44 +0300678
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300679 The ``storage_availability_zone`` is an actual zone where the node belongs to
680 and must be specified per each node.
Andrii Ostapenkob7aa34d2017-04-20 14:22:44 +0300681
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300682* Cinder setup with custom non-admin volume query filters:
683
684 .. code-block:: yaml
Andrii Ostapenkob7aa34d2017-04-20 14:22:44 +0300685
686 cinder:
687 controller:
688 query_volume_filters:
689 - name
690 - status
691 - metadata
692 - availability_zone
693 - bootable
694
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300695* ``public_endpoint`` and ``osapi_volume_base_url``:
Andrii Ostapenkob7aa34d2017-04-20 14:22:44 +0300696
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300697 * ``public_endpoint``
698 Used for configuring versions endpoint
699 * ``osapi_volume_base_URL``
700 Used to present Cinder URL to users
Alexander Noskov62496fb2017-02-27 16:42:54 +0100701
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300702 These parameters can be useful when running Cinder under load balancer in
703 SSL.
704
705 .. code-block:: yaml
Alexander Noskov62496fb2017-02-27 16:42:54 +0100706
707 cinder:
708 controller:
709 public_endpoint_address: https://${_param:cluster_domain}:8776
710
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300711* Client role definition:
Michel Nederlofb8603eb2017-02-09 10:04:38 +0100712
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300713 .. code-block:: yaml
Jiri Broulik47aa6b32017-07-10 18:39:15 +0200714
715 cinder:
716 client:
717 enabled: true
718 identity:
719 host: 127.0.0.1
720 port: 35357
721 project: service
722 user: cinder
723 password: pwd
724 protocol: http
725 endpoint_type: internalURL
726 region_name: RegionOne
root08402652018-12-28 15:04:23 +0000727 connection_params:
728 connect_retries: 5
729 connect_retry_delay: 1
Jiri Broulik47aa6b32017-07-10 18:39:15 +0200730 backend:
731 ceph:
732 type_name: standard-iops
733 engine: ceph
734 key:
735 conn_speed: fibre-10G
736
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300737* Barbican integration enablement:
Oleg Iurchenko83ee09a2017-10-17 18:24:28 +0300738
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300739 .. code-block:: yaml
Oleg Iurchenko83ee09a2017-10-17 18:24:28 +0300740
741 cinder:
742 controller:
743 barbican:
744 enabled: true
Jiri Broulik47aa6b32017-07-10 18:39:15 +0200745
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300746* Keystone API version specification (v3 is default):
Oleg Iurchenko6fe8e5d2018-02-20 14:26:04 +0200747
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300748 .. code-block:: yaml
Oleg Iurchenko6fe8e5d2018-02-20 14:26:04 +0200749
750 cinder:
751 controller:
752 identity:
753 api_version: v2.0
754
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300755**Enhanced logging with logging.conf**
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400756
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300757By default ``logging.conf`` is disabled.
758You can enable per-binary ``logging.conf`` by setting the following
759parameters:
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400760
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300761* ``openstack_log_appender``
762 Set to ``true`` to enable ``log_config_append`` for all OpenStack
763 services
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400764
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300765* ``openstack_fluentd_handler_enabled``
766 Set to ``true`` to enable FluentHandler for all Openstack services
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400767
OlgaGusarenko74b53f22018-06-28 17:35:48 +0300768* ``openstack_ossyslog_handler_enabled``
769 Set to ``true`` to enable OSSysLogHandler for all Openstack services
770
771Only WatchedFileHandler, OSSysLogHandler, and FluentHandler are available.
772
773To configure this functionality with pillar:
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400774
775.. code-block:: yaml
776
777 cinder:
778 controller:
779 logging:
780 log_appender: true
781 log_handlers:
782 watchedfile:
783 enabled: true
784 fluentd:
785 enabled: true
Oleksii Chupryn688ae092018-02-07 09:49:21 +0200786 ossyslog:
787 enabled: true
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400788
789 volume:
790 logging:
791 log_appender: true
792 log_handlers:
793 watchedfile:
794 enabled: true
795 fluentd:
796 enabled: true
Oleksii Chupryn688ae092018-02-07 09:49:21 +0200797 ossyslog:
798 enabled: true
Dmitry Kalashnik3291f542017-12-05 18:43:47 +0400799
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300800Enable x509 and ssl communication between Cinder and Galera cluster.
801---------------------
802By default communication between Cinder and Galera is unsecure.
Jakub Pavlikb513f132016-05-20 11:11:19 +0200803
Oleksandr Shyshko9a8196c2018-09-07 13:51:20 +0300804cinder:
805 volume:
806 database:
807 x509:
808 enabled: True
809 controller:
810 database:
811 x509:
812 enabled: True
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300813
Oleksandr Shyshko9a8196c2018-09-07 13:51:20 +0300814You able to set custom certificates in pillar:
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300815
816cinder:
817 controller:
818 database:
819 x509:
Oleksandr Shyshko9a8196c2018-09-07 13:51:20 +0300820 cacert: (certificate content)
821 cert: (certificate content)
822 key: (certificate content)
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300823 volume:
824 database:
825 x509:
Oleksandr Shyshko9a8196c2018-09-07 13:51:20 +0300826 cacert: (certificate content)
827 cert: (certificate content)
828 key: (certificate content)
Oleksandr Shyshkoe17f67a2018-08-22 15:26:17 +0300829
830You can read more about it here:
831 https://docs.openstack.org/security-guide/databases/database-access-control.html
832
Oleksandr Bryndzii8f9e3882018-09-28 23:08:56 +0000833Cinder services on compute node with memcached caching and security strategy:
834
835.. code-block:: yaml
836
837 cinder:
838 volume:
839 enabled: true
840 ...
841 cache:
842 engine: memcached
843 members:
844 - host: 127.0.0.1
845 port: 11211
846 - host: 127.0.0.1
847 port: 11211
848 security:
849 enabled: true
850 strategy: ENCRYPT
851 secret_key: secret
852
853Cinder services on controller node with memcached caching and security strategy:
854
855.. code-block:: yaml
856
857 cinder:
858 controller:
859 enabled: true
860 ...
861 cache:
862 engine: memcached
863 members:
864 - host: 127.0.0.1
865 port: 11211
866 - host: 127.0.0.1
867 port: 11211
868 security:
869 enabled: true
870 strategy: ENCRYPT
871 secret_key: secret
872
Oleksandr Shyshkof8446ed2019-02-01 13:02:34 +0000873Cinder service supports to define iscsi_helper for lvm backend.
rootbb607002019-01-30 17:17:34 +0000874=======
Oleksandr Shyshkof8446ed2019-02-01 13:02:34 +0000875
876.. code-block:: yaml
877
878 cinder:
879 volume:
880 ...
881 backend:
882 lvm:
883 ...
884 engine: lvm
885 iscsi_helper: tgtadm
886
887Cinder service supports to define scheduler_default_filters. Which filter class names
888to use for filtering hosts when not specified in the request.
889
890.. code-block:: yaml
891
892 cinder:
893 volume:
894 ...
895 scheduler_default_filters: (filters)
896
897 cinder:
898 controller:
899 ...
900 scheduler_default_filters: (filters)
rootbb607002019-01-30 17:17:34 +0000901=======
902
903* Cinder database connection setup:
904
905.. code-block:: yaml
906
907 cinder:
908 controller:
909 enabled: True
910 ...
911 database:
912 idle_timeout: 280
913 max_pool_size: 30
914 max_retries: '-1'
915 max_overflow: 40
916 volume:
917 enabled: True
918 ...
919 database:
920 idle_timeout: 280
921 max_pool_size: 30
922 max_retries: '-1'
923 max_overflow: 40
924
Oleksandr Bryndzii3beb0852019-02-27 16:44:01 +0200925Configure cinder to use service user tokens:
926========
927Long-running operations such as snapshot can sometimes overrun the expiry of the user token.
928In such cases, post operations such as cleaning up after a snapshot can fail when the
929cinder service needs to cleanup resources.
930
931This pillar enables cinder to use service user tokens to supplement the regular user token
932used to initiate the operation. The identity service (keystone) will then authenticate
933a request using the service user token if the user token has already expired.
934
935.. code-block:: yaml
936
937 cinder:
938 controller:
939 enabled: True
940 ...
941 service_user:
942 enabled: True
943 auth_type: password
944 user_domain_id: default
945 project_domain_id: default
946 project_name: service
947 username: cinder
948 password: pswd
Oleksandr Shyshkof8446ed2019-02-01 13:02:34 +0000949
Oleksandr Bryndzii95b4b6b2019-04-24 11:22:39 +0300950Change default resource quotas using configmap template settings
951========
952
953.. code-block:: yaml
954
955 cinder:
956 controller:
957 configmap:
958 DEFAULT:
959 quota_volumes: 15
960 quota_snapshots: 15
961 quota_consistencygroups: 15
962 quota_groups: 15
963 quota_gigabytes: 1500
964 quota_backups: 15
965 quota_backup_gigabytes: 1500
966 reservation_expire: 86400
967 reservation_clean_interval: 86400
968 until_refresh: 0
969 max_age: 0
970 quota_driver: cinder.quota.DbQuotaDriver
971 use_default_quota_class: true
972 per_volume_size_limit: 100
973
Vasyl Saienko79ecd552018-09-10 10:31:21 +0000974Upgrades
975========
976
977Each openstack formula provide set of phases (logical bloks) that will help to
978build flexible upgrade orchestration logic for particular components. The list
979of phases and theirs descriptions are listed in table below:
980
981+-------------------------------+------------------------------------------------------+
982| State | Description |
983+===============================+======================================================+
984| <app>.upgrade.service_running | Ensure that all services for particular application |
985| | are enabled for autostart and running |
986+-------------------------------+------------------------------------------------------+
987| <app>.upgrade.service_stopped | Ensure that all services for particular application |
988| | disabled for autostart and dead |
989+-------------------------------+------------------------------------------------------+
990| <app>.upgrade.pkgs_latest | Ensure that packages used by particular application |
991| | are installed to latest available version. |
992| | This will not upgrade data plane packages like qemu |
993| | and openvswitch as usually minimal required version |
994| | in openstack services is really old. The data plane |
995| | packages should be upgraded separately by `apt-get |
996| | upgrade` or `apt-get dist-upgrade` |
997| | Applying this state will not autostart service. |
998+-------------------------------+------------------------------------------------------+
999| <app>.upgrade.render_config | Ensure configuration is rendered actual version. +
1000+-------------------------------+------------------------------------------------------+
1001| <app>.upgrade.pre | We assume this state is applied on all nodes in the |
1002| | cloud before running upgrade. |
1003| | Only non destructive actions will be applied during |
1004| | this phase. Perform service built in service check |
1005| | like (keystone-manage doctor and nova-status upgrade)|
1006+-------------------------------+------------------------------------------------------+
1007| <app>.upgrade.upgrade.pre | Mostly applicable for data plane nodes. During this |
1008| | phase resources will be gracefully removed from |
1009| | current node if it is allowed. Services for upgraded |
1010| | application will be set to admin disabled state to |
1011| | make sure node will not participate in resources |
1012| | scheduling. For example on gtw nodes this will set |
1013| | all agents to admin disable state and will move all |
1014| | routers to other agents. |
1015+-------------------------------+------------------------------------------------------+
1016| <app>.upgrade.upgrade | This state will basically upgrade application on |
1017| | particular target. Stop services, render |
1018| | configuration, install new packages, run offline |
1019| | dbsync (for ctl), start services. Data plane should |
1020| | not be affected, only OpenStack python services. |
1021+-------------------------------+------------------------------------------------------+
1022| <app>.upgrade.upgrade.post | Add services back to scheduling. |
1023+-------------------------------+------------------------------------------------------+
1024| <app>.upgrade.post | This phase should be launched only when upgrade of |
1025| | the cloud is completed. Cleanup temporary files, |
1026| | perform other post upgrade tasks. |
1027+-------------------------------+------------------------------------------------------+
1028| <app>.upgrade.verify | Here we will do basic health checks (API CRUD |
1029| | operations, verify do not have dead network |
1030| | agents/compute services) |
1031+-------------------------------+------------------------------------------------------+