Contents

1   Introduction

This document describes the procedures for installing Atlas. Atlas is a cloud management tool based on the OpenStack Dashboard and it is delivered as a part of the Cloud Execution Environment (CEE).

The installation of Atlas is performed as a part of the overall installation of CEE.

All Atlas installation commands are executed from the virtual Cloud Infrastructure Controller (vCIC). Any of the three vCICs can be used.

Commands are run from several parts of the system. The prompt proceeding commands indicate where the commands are issued.

Note:  

This guide does not include specific logon commands for Atlas, vCIC, and so on. The prompt is used as an indicator.

In this document, memory and storage quantities are represented according to the JESD100B.01 standard:

• KB refers to 2¹⁰ bytes
• MB refers to 2²⁰ bytes
• GB refers to 2³⁰ bytes

1.1   Prerequisites

Before starting this procedure, ensure that the following conditions are met:

• A tar archive containing all Atlas artifacts is available.
• Before running the Atlas installation script, routing among the following networks must be configured:
  • Atlas northbound (NB) network
  • Atlas southbound (SB) network
  • CEE OM network

  For more information, refer to the documents OpenStack Networking API in CEE in BSP Deployment, OpenStack Networking API in CEE in Dell Multi-Server Deployment, OpenStack Networking API in CEE in Single Server Deployment, and also the IP and VLAN Plan, Reference [1].

• TLS certificates are available.

  For more information on the TLS certificates, refer to the CEE Installation or the CEE on HDS Installation documents.

• Two ranges of IP addresses for two subnets, according to the local network plan, must be available for Atlas.
• The vCIC must be operational.
• At least 4 GB must be available on the vCIC destination path for the Atlas image. Use the command df -h <destination_path> to determine if sufficient disk space is available.

1.2   Scope

This document aims to cover Atlas SW installation as part of CEE. A scenario where Atlas is installed in an alternative environment to CEE, is included in Section 5.

1.3   Limitations

The following limitations apply to the Atlas dashboard:

• Atlas is best viewed using Google Chrome™ version 40.0 or later, but it also supports Mozilla Firefox® 40.0+.

  Internet Explorer is not supported.

• The object store, Swift, is disabled by default, since Swift is not available for non-admin tenants.

2   Preparing to Install Atlas

This section describes the preparations needed before the Atlas software is installed.

The Atlas image file has the following ID syntax:

ecs-atlas-x86_64-<target_atlas_version>-⇒
<build_number>.qcow2ecs-atlas-x86_64-<target_atlas_version>-<build_number>.qcow2

The Atlas image file is delivered in an archive, including checksum files and the Atlas installation script.

Throughout the document, the Atlas image ID is referred to as Atlas_image and the archive artifact name as <target_atlas_version>.tar.gz.

To prepare for the installation, do the following:

1. Download the <target_atlas_version>.tar.gz to the virtual Fuel (vFuel) node.
2. Log on to the vCIC and create the artifacts directory, then log out:

   [root@fuel ~]# ssh cic-1

   root@cic-1:~# mkdir -p artifacts

   root@cic-1:~# exit

3. Copy the Atlas archive to the vCIC:

   Note:  

   In case of non-CEE environment, copy the Atlas artifacts to the controller node instead of vCIC.

   
   

   [root@fuel ~]# scp <target_atlas_version>.tar.gz <vcic_hostname>:/root/artifacts/

   [root@fuel ~]# scp <target_atlas_version>.tar.gz ⇒
   <vcic_hostname>:/root/artifacts/

   Note:  

   Ensure that the destination, for example /root/artifacts/, is present and has at least 4 GB free space. Use the command
   df -h <destination_path>
   to determine if the sufficient disk space is available.

   
   
4. Log on to the vCIC:

   [root@fuel ~]# ssh root@<controller_ip>

5. Unpack the archive file:

   root@cic-1:~# cd artifacts root@cic-1:~/artifacts# tar -xzvf <target_atlas_version>.tar.gz

   Note:  

   During the unpack sequence, all files in the archive are listed.

   
   

3   Install Atlas

This section describes how to install the Atlas Virtual Machine (VM) on a CEE-based target system.

Note:  

All the OpenStack and network details are fetched from /etc/atlasrc.

In order to configure Atlas NBI and SBI parameters, refer to the Cloud Management section of the Configuration File Guide.

1. In /etc/atlasrc the following environment variables are set with default values:

   OS_CACERT	Environment variable for certificate file
   CERT_FILE	Environment variable for certificate file
   CA_CERT_FILE	Environment variable for certificate file
   neutron_extreme	Enable neutron_extreme when extreme neutron configuration is used. Default is true.
   WATCHMEN_PASSWORD	OpenStack password for watchmen service
   TIMEZONE	Time zone, as defined in config.yaml
   SSLCipherSuite, SSLProtocol	SSL Cipher suite and protocol, as defined in config.yaml
   NTP_SERVER	NTP server IP address as defined in config.yaml
   CIDR_PUBLIC	Public (cee_om_sp) subnet range, as defined in config.yaml
   MGMT_IP	OpenStack management IP address
   CIDR_NBI, CIDR_SBI	Atlas NBI IP and SBI IP, as defined in config.yaml
   NBI_IP, SBI_IP	Atlas NBI IP and SBI IP, as defined in config.yaml
   START_ADDR_NBI, START_ADDR_SBI	NBI and SBI subnet allocation start address, as defined in config.yaml
   END_ADDR_NBI, END_ADDR_SBI	NBI and SBI subnet allocation end address, as defined in config.yaml
   GATEWAY_NBI, GATEWAY_SBI	NBI and SBI gateway IP, as defined in config.yaml
   SEGID_NBI, SEGID_SBI	VLAN tag for NBI and SBI, as defined in config.yaml
   NETWORK_NBI, NETWORK_SBI	Network name of NBI and SBI, as defined in config.yaml
   SDNC_NBI_IP	SDN controller northbound IP, as defined in config.yaml
   SDNC_USERNAME	SDN controller admin username, as defined in config.yaml
   SDNC_PASSWORD	SDN controller admin password, as defined in config.yaml
   VPN_NAME	Name of VPN network, as defined in config.yaml
   L2GW_NBI	L2 gateway name of NBI, as defined in config.yaml
   L2GW_VLAN_NBI	L2 gateway VLAN ID of NBI, as defined in config.yaml
   L2GW_SBI	L2 gateway name of SBI, as defined in config.yaml
   L2GW_VLAN_SBI	L2 gateway VLAN ID of SBI, as defined in config.yaml
   ROUTE DISTINGUISHER	An 8-octet field prefixed to the IPv4 of the customer to make IPv4 prefixes globally unique, as defined in config.yaml
   EXPORT_RT	Routing engine uses active routes from the routing table to send a protocol advertisement in export route table, as defined in config.yaml
   IMPORT_RT	Routing engine places the routes of a routing protocol into the import route table, as defined in config.yaml
   VPN_ID	Randomly generated UUID
   NETWORK_TYPE	Network type can be vlan or vxlan, as defined in config.yaml. The default value is vlan.
   KEYSTONE_HOST	Public IP of the Keystone identity service
   KEYSTONE_PORT	Keystone port
   OS_USERNAME	Keystone admin user
   OS_PASSWORD	Keystone admin password
   OS_TENANT_NAME	Keystone admin tenant name
   OS_AUTH_URL	Keystone service internal URL v2
   ENABLE_ROUTER	Router menu displayed in Atlas (True or False)
   DNS_SERVER	Set to the IP address of the DNS server, in order to assign DNS server to Atlas
   ATLAS_HOSTNAME	Atlas host name used in the SSL certificate (SAN), Keystone endpoints
   CONTROLLER_HOSTNAME	vCIC host name used in SSL certificate (SAN), Keystone
   HAProxySSLProtocol, HAProxySSLConn	HAProxy SSL Protocol and HAProxy SSL Connection, as defined in config.yaml

   Note:  

   All variables are filled during the CEE installation when config.yaml has Atlas details specified. This file is maintained by Ansible, and should not be modified manually.

   
   
2. Give executable permissions to the Atlas installation script:

   root@cic-1:~/artifacts# chmod +x <atlas_install.sh_path>

   Note:  

   An example of the command is:

   chmod +x atlas_install.sh

   
   
3. In localrc, ensure that the following variables have the appropriate values:

   PASSWORD	Password for the atlasadm user. Default value is qwqwqw. New password should be of 14 or more characters with a minimum of one special, numeric, lower and upper case character.
   SERVICE_CINDER_VOLUME	Set to true or false, based on Cinder service availability. Default value is false.
   ASSIGN_ATLAS_IP	Set to true to assign NBI_IP and SBI_IP to Atlas. Default value is true.
   DATA_IMAGE_SIZE	Size of the data volume or ephemeral disk. Default value is 120GB.
   BOOT_IMAGE_SIZE	Size of the bootable volume. Default value is 10GB.
   BACKUP_PASSWORD	Password for periodic Atlas backup taken twice a day. Default BACKUP_PASSWORD is an openssl generated random password.
   NET_ID	ID of the network on that the VM needs to be launched (for CEE on VBOX, RHEL, UBUNTU, and MOS)
   FIXED_IP	Create a port with a specified IP address.
   SECURITY_GROUP	Associate a specified security group with the port.
   DISK	Disk size for flavor in GB. Fixed value is 10GB.
   RAM	Memory for flavor in MB. Fixed value is 4096MB.
   VCPU	Number of CPUs. Fixed value is 2.
   FLAVOR	Existing flavor-id or name. When the FLAVOR variable is specified, DISK, RAM, VCPU and EXTRA_SPECS information is overwritten.
   EXTRA_SPECS	Set EXTRA_SPECS for the flavor. Default value for hw:mem_page_size is 1048576 Default value for hw:cpu_policy is dedicated for CPU pinning.
   USER_DATA	Path to store generated user-data file. Default value is /tmp/user-data
   NAME	Name of the Atlas VM
   IMAGE_NAME	Atlas Image file name to be used
   ARTIFACT	Path of artifacts
   BOOT_FROM_VOLUME	Set true to boot from volume and to false to boot from image. Default is false. SERVICE_CINDER_VOLUME must be true to select boot from volume.
   DEPLOYMENT_ENV	Set deployment environment. Can only have the following values: CEE, VBOX, RHEL, UBUNTU, and MOS. Default value is CEE.
   AVAILABILITY_ZONE	Availability zone to deploy Atlas VM. Default value is nova.
   DISABLE_ATLAS_HEAT	To disable Heat API in Atlas, set value to true. Default value is false.
   ENABLE_BACKUP	Set to true to create periodic backups. Default value is true.
   BACKUP_INTERVAL	Time interval to create periodic backups. Default value "0 */12 * * *" creates two backups per day.

   Correct the default value of variables as needed, since they are site-dependent. More information is available within the localrc script itself.

   Note:  

   For non-CEE environment, update the following variables in localrc: DATA_IMAGE_SIZE, DISK RAM, VCPU, EXTRA_SPECS, USER_DATA, NAME, IMAGE_NAME, ARTIFACT, DEPLOYMENT_ENV, NET_ID, FIXED_IP, and SECURITY_GROUP.

   
   
4. Execute the atlas_install.sh script to deploy Atlas, using the following command:

   Note:  

   The default BACKUP_PASSWORD can be changed in localrc before Atlas installation. Write down the Atlas BACKUP_PASSWORD value displayed on the console after successful installation.

   
   

   root@cic-1:~/artifacts# ./atlas_install.sh

4   Post-Installation Activities

This section describes the post-installation activities needed for the Atlas software, once it is installed on the target system.

4.1   Verify Installation

To verify the installation of Atlas, do the following:

1. List active servers:

   root@cic1:~# nova list

   ID	Name	Status	Task State	Power State	Networks
   d8b0528c-9892-4c39-b015-5dd6253aa621	ecs-atlas	ACTIVE	None	Running	tenant_3582=<ip_address>;tenant_3583=<ip_address>

2. Start an available browser and enter the following URL:

   https://<ip_address>

3. Log on to Atlas from outside the vCIC CLI using NBI IP (<nbi_ip_address>):

   <user@laptop>:~# ssh atlasadm@<nbi_ip_address>

4. Log on to Atlas from the vCIC CLI using SBI IP (<sbi_ip_address>):

   root@cic1:~# ssh atlasadm@<sbi_ip_address>

5. Remove the Atlas image from the directory /root/artifacts/ on the same controller which was used for the installation of Atlas, in order to conserve disk space.

4.2   Change Password for Atlas Users

This section describes how to change password for the Atlas users.

For more information about user management in a system hardening context, refer to the System Hardening Guideline.

Note:  

New passwords have 14 or more characters, with at least one special, numeric, lowercase and uppercase character.

4.2.1   User atlasadm

To change the password for the user atlasadm, use the command:

atlasadm@atlas:~$ passwd

Changing password for atlasadm.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

atlasadm@atlas:~$

4.2.2   User root

To change the password for the user root, use the command:

atlasadm@atlas:~$ sudo -i

[sudo] password for atlasadm:
root@atlas:~# passwd

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

root@atlas:~#

5   Recommendations for Installing Atlas on non-CEE System

This section describes how to install the Atlas Virtual Machine (VM) on a non-CEE based target system.

Note:  

The below commands are only valid for OpenStack environments. For other environments, additional integration efforts are necessary.

To deploy Atlas on a non-CEE based target system, do the following:

1. Perform Step 1 in Section 2 to Step 3 in Section 2, in Section 2.
2. Perform Step 2 in Section 3 to Step 4 in Section 3, in Section 3.

Reference List

[1] IP and VLAN Plan, 2/102 62-CRA 119 1862/5 Uen