Contents
1 Introduction
This document describes the procedures for installing Atlas. Atlas is a cloud management tool based on the OpenStack Dashboard and it is delivered as a part of Cloud Execution Environment (CEE).
The installation of Atlas is performed as a part of the overall installation of CEE.
All Atlas installation commands are executed from the Cloud Infrastructure Controller (CIC). Any of the three CICs can be used.
Commands are run from several parts of the system. The prompt proceeding commands indicate where the commands are issued.
For using Atlas in single server deployment as Atlas on Demand, refer to Atlas On Demand Use.
- Note:
- This guide does not include specific logon commands for Atlas, CIC, and so on. The prompt is used as an indicator.
1.1 Prerequisites
Before starting this procedure, ensure that the following conditions are met:
- A tar archive containing all Atlas artifacts is available.
- Before running the Atlas installation script, routing
among the following networks must be configured:
- Atlas northbound (NB) network (called tenant_x in the IP and VLAN Plan, Reference [1], where x is the actual segmentation id)
- Atlas southbound (SB) network (called tenant_x in the IP and VLAN Plan, Reference [1], where x is the actual segmentation id)
- CEE OM network (called cee_om_sp control network in the IP and VLAN Plan, Reference [1])
For more information, refer to the documents External Networking Connectivity for CEE Tenants in BSP Deployment, External Networking Connectivity for CEE Tenants in HP and Dell Multi-Server Deployment, External Networking Connectivity for CEE Tenants in Single Server Deployment, and also IP and VLAN Plan, Reference [1].
- TLS certificates are available.
For more information on the TLS certificates, refer to the "Conditions" section of the documents SW Installation in Multi-Server Deployment and SW Installation in Single Server Deployment.
- Two ranges of IP addresses for two subnets, according to the local network plan, must be available for Atlas.
- The CIC must be operational.
- At least 4 GB must be available on the CIC destination path for the Atlas image. Use the command df -h <destination-path> to determine if sufficient disk space is available.
1.2 Scope
This document aims to cover Atlas SW installation as part of CEE. A scenario where Atlas is installed in an alternative environment to CEE, is included in Section 5.
1.3 Limitations
The following limitations apply to the Atlas dashboard:
- Internet Explorer is not supported.
- The object store, Swift, is disabled by default, since Swift is not available for non-admin tenants.
- Previous login information in Atlas GUI is not displayed, since the login information for Keystone users is not stored by Keystone.
2 Preparing to Install Atlas
This section describes the preparations needed before the Atlas software is installed.
The Atlas image file has the following ID syntax:
ecs-atlas-x86_64-${TARGET_ATLAS_VERSION}-⇒
${BUILD_NUMBER}.qcow2ecs-atlas-x86_64-${TARGET_ATLAS_VERSION}-${BUILD_NUMBER}.qcow2
The Atlas image file is delivered in an archive, including checksum files and the Atlas installation script.
Throughout the document, the Atlas image ID is referred to as Atlas_image and the archive artifact name as ${TARGET_ATLAS_VERSION}.tar.gz.
To prepare for the installation, do the following:
- Download the ${TARGET_ATLAS_VERSION}.tar.gz to the Fuel node.
- Log on to the vCIC and create the artifacts directory,
then log out.
[root@fuel ~]# ssh cic-1
root@cic-1:~# mkdir -p artifacts
root@cic-1:~# exit
- Copy the Atlas archive to the vCIC:
- Note:
- In case of non-CEE environment, copy the Atlas artifacts to the controller node instead of vCIC.
[root@fuel ~]# scp ${TARGET_ATLAS_VERSION}.tar.gz ⇒ <cic-hostname>:/root/artifacts/[root@fuel ~]# scp ${TARGET_ATLAS_VERSION}.tar.gz <cic-hostname>:/root/artifacts/- Note:
- Ensure that the destination, for example /root/artifacts/, is present and has at least 4 GB free space. Use the command
df -h <destination-path>
to determine if the sufficient disk space is available.
- Unpack the archive file:
root@cic-1:~# cd artifacts root@cic-1:~/artifacts# tar -xzvf ${TARGET_ATLAS_VERSION}.tar.gz- Note:
- During the unpack sequence, all files in the archive are listed.
- Log on to the CIC:
[root@fuel ~]# ssh root@<Controller IP>
3 Install Atlas
This section describes how to install the Atlas Virtual Machine (VM) on a CEE-based target system.
- Note:
- All the OpenStack and network details are fetched from /etc/atlasrc.
- In /etc/atlasrc the following
environment variables are set with default values:
OS_CACERT
Environment variable for certificate file
CERT_FILE
Environment variable for certificate file
CA_CERT_FILE
Environment variable for certificate file
neutron_extreme
Enable neutron_extreme when extreme neutron configuration is used. Default is true.
WATCHMEN_PASSWORD
OpenStack password for watchmen service
TIMEZONE
Time zone, as defined in config.yaml
SSLCipherSuite, SSLProtocol
SSL Cipher suite and protocol, as defined in config.yaml
NTP_SERVER_1, NTP_SERVER_2
NTP server IP address as defined in config.yaml
CIDR_PUBLIC
Public (cee_om_sp) subnet range, as defined in config.yaml
MGMT_IP
OpenStack management IP address
CIDR_NBI, CIDR_SBI
NBI_IP, SBI_IP
START_ADDR_NBI, START_ADDR_SBI
NBI and SBI subnet allocation start address, as defined in config.yaml
END_ADDR_NBI, END_ADDR_SBI
NBI and SBI subnet allocation end address, as defined in config.yaml
GATEWAY_NBI, GATEWAY_SBI
SEGID_NBI, SEGID_SBI
NETWORK_NBI, NETWORK_SBI
SDNC_NBI_IP
SDN controller northbound IP, as defined in config.yaml
SDNC_USERNAME
SDN controller admin username, as defined in config.yaml
SDNC_PASSWORD
SDN controller admin password, as defined in config.yaml
VPN_NAME
Name of VPN network, as defined in config.yaml
ROUTE DISTINGUISHER
An 8-octet field prefixed to the IPv4 of the customer to make IPv4 prefixes globally unique, as defined in config.yaml
EXPORT_RT
Routing engine uses active routes from the routing table to send a protocol advertisement in export route table, as defined in config.yaml
IMPORT_RT
Routing engine places the routes of a routing protocol into the import route table, as defined in config.yaml
VPN_ID
Randomly generated UUID
NETWORK_TYPE
Network type can be vlan or vxlan, as defined in config.yaml. The default value is vlan.
KEYSTONE_HOST
Public IP of the Keystone identity service
KEYSTONE_PORT
Keystone port
OS_USERNAME
Keystone admin user
OS_PASSWORD
Keystone admin password
OS_TENANT_NAME
Keystone admin tenant name
OS_AUTH_URL
Keystone service internal url v2
ENABLE_ROUTER
Router menu displayed in Atlas (True or False)
DNS_SERVER
Set to the IP address of the DNS server, in order to assign DNS server to Atlas
ATLAS_HOSTNAME
Atlas host name used in the SSL certificate (SAN), Keystone endpoints
CONTROLLER_HOSTNAME
BOOT_FROM_VOLUME
Boot either from image or volume
- Note:
- All variables are filled during the CEE installation when config.yaml has Atlas details specified. This file is maintained by Ansible, and should not be modified manually.
- Give executable permissions
to the Atlas installation script:
root@cic-1:~/artifacts# chmod +x <atlas_install.sh path>
- Note:
- An example of the command is:
chmod +x atlas_install.sh
- In localrc, ensure that the
following variables have the appropriate values:
PASSWORD
Password for the atlasadm user. Default value is qwqwqw. New password should be of 12 or more characters with minimum three special, numeric, lower and upper case characters.
SERVICE_CINDER_VOLUME
Set to true or false, based on Cinder service availability. Default value is false.
ASSIGN_ATLAS_IP
Set to true to assign NBI_IP and SBI_IP to Atlas. Default value is true.
DATA_IMAGE_SIZE
Size of the Data volume or ephemeral disk. Default value is 120GB.
BOOT_IMAGE_SIZE
Size of the bootable volume. Default value is 10GB.
NET_ID
ID of the network on which the VM needs to be launched (for non-CEE environment)
DISK
Disk size for Flavor in GB. Default value is 10GB.
RAM
Memory for Flavor in MB. Default value is 4096MB.
VCPU
Number of CPUs. Default value is 2.
FLAVOR
Existing flavor-id or name. When the FLAVOR variable is specified, DISK, RAM, VCPU and EXTRA_SPECS information is overwritten.
EXTRA_SPECS
Set extra specs for flavor
Default value for hw:mem_page_size is 1048576
Default value for hw:cpu_policy is dedicated for CPU pinning.USER_DATA
Path to store generated user-data file. Default value is /tmp/user-data
NAME
Name of the Atlas VM
IMAGE_NAME
Atlas Image file name to be used
ARTIFACT
Path of artifacts
DEPLOYMENT_ENV
Set deployment environment. Can have only values: CEE, VBOX, RHEL, UBUNTU, MOS. Default is CEE.
- Note:
- All variables have default values. Correct variables as needed,
since they are site-dependent. More information is available within
the localrc script itself.
For non-CEE environment, update the following variables in localrc: DATA_IMAGE_SIZE DISK RAM VCPU EXTRA_SPECS USER_DATA NAME IMAGE_NAME ARTIFACT DEPLOYMENT_ENV NET_ID
- Execute the atlas_install.sh script to deploy Atlas, using the
following command:
root@cic-1:~/artifacts# ./atlas_install.sh
4 Post-Installation Activities
This section describes the post-installation activities needed for the Atlas software, once it is installed on the target system.
4.1 Verify Installation
To verify the installation of Atlas, do the following:
- List active servers:
root@cic1:~# nova list
ID
Name
Status
Task State
Power State
Networks
d8b0528c-9892-4c39-b015-5dd6253aa621
ecs-atlas
ACTIVE
None
Running
tenant_3582=<ip_address>;tenant_3583=<ip_address>
- Start an available browser and enter the following URL:
https://<ip_address>
- Log on to Atlas from outside the CIC CLI using NBI IP
(<nbi_ip_address>):
<user@laptop>:~# ssh atlasadm@<nbi_ip_address>
- Log on to Atlas from the CIC CLI using SBI IP (<sbi_ip_address>):
root@cic1:~# ssh atlasadm@<sbi_ip_address>
- Remove the Atlas image from the directory /root/artifacts/ on the same controller which was used for the installation of Atlas, in order to conserve disk space.
4.2 Change Password for Atlas Users
This section describes how to change password for the Atlas users.
For more information about user management in a system hardening context, refer to the System Hardening Guideline.
- Note:
- New passwords must be of 12 or more characters, with at least three special, numeric, lowercase and uppercase characters.
4.2.1 User atlasadm
To change the password for the user atlasadm, use the command:
atlasadm@atlas:~$ passwd
Changing password for atlasadm.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
atlasadm@atlas:~$
4.2.2 User root
To change the password for the user root, use the command:
atlasadm@atlas:~$ sudo -i
[sudo] password for atlasadm:
root@atlas:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@atlas:~#
5 Recommendations for Installing Atlas on non-CEE System
This section describes how to install the Atlas Virtual Machine (VM) on a non-CEE based target system.
- Note:
- The below commands are only valid for OpenStack environments. For other environments, additional integration efforts are necessary.
To deploy Atlas on a non-CEE based target system, do the following:
- Perform Step 1 in Section 2 to Step 3 in Section 2, in Section 2.
- Perform Step 2 in Section 3 to Step 4 in Section 3, in Section 3.
Reference List
| [1] IP and VLAN Plan, 2/102 62-CRA 119 1862/5 Uen |