Runtime Configuration Guide

Cloud Execution Environment

1	Introduction
1.1	Prerequisites
1.1.1	Conditions
1.1.2	Tools and Equipment
1.1.3	Documents
1.2	Disaster Recovery
2	Reconfigure Fencing
2.1	Reconfigure Fencing Behavior
2.2	Reconfigure Fencing Access to Out-of-Band Management
3	Reconfigure CSS CPU Reservation
3.1	Reconfigure CSS CPU Reservation
4	Change Legal Text at Logon
4.1	Change Legal Text in Multi-Server Deployment
4.2	Change Legal Text in Single Server Deployment
5	Change GRUB Password
6	Set Static Routes
7	Perform ScaleIO Maintenance Operations
8	Configure Cinder Backup
8.1	Runtime Installation and Configuration
9	Configure License Management
10	Appendix
10.1	NeLS Certificates
Reference List

1 Introduction

This document provides information on configuring or reconfiguring settings in a running Cloud Execution Environment (CEE). It is a collection of independent procedures. Use the Table of Contents to select the section relevant to the task to be performed.

Note:: This document is not used for CEE installation.

1.1 Prerequisites

This section states the prerequisites that must be fulfilled.

1.1.1 Conditions

Ensure that CEE is installed and it is operational.

1.1.2 Tools and Equipment

Ensure that the management tool for the node configuration is available.

1.1.3 Documents

Ensure that the following documents have been read:

The user guide of the used management tool
CEE Connectivity User Guide

1.2 Disaster Recovery

After changes to the system configuration files, for example, config.yaml, it is recommended to back up the configuration files for disaster recovery purposes. For more information, refer to the document Disaster Recovery.

2 Reconfigure Fencing

Use the relevant section:

To reconfigure the fencing behavior, see Section 2.1.
To reconfigure the access of fencing to out-of-band management, see Section 2.2.

2.1 Reconfigure Fencing Behavior

To change the settings for fencing behavior:

Modify the fencing-related parameters in the cmha section of the config.yaml configuration file in the CEE_RELEASE directory on the vFuel node. Refer to the Configuration File Guide for the parameters and their possible values.
Validate the updated configuration file by using the following command in vFuel:
```
validate_config_yaml /mnt/cee_config/config.yaml
```
If the command output contains errors for some of the parameters, fix the reported problems and repeat this step. If the command output does not contain errors, continue with the next step.

Update the Ericsson inventory with the required changes:

pre_deploy /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

pre_deploy /var/lib/ericsson/pre_deploy/ ⇒
/mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

Upload the configuration changes to all nodes:

fuel node --node <node_ids> --tasks upload_configuration

fuel node --node <node_ids> --tasks ⇒
upload_configuration

Rerun the CM-HA Fuel plugin tasks:

fuel node --node <node_ids> --tasks eri_cmha_install eri_cmha_pacemaker_setup eri_cmha_location eri_cmha_post_task eri_cmha_copy_node_info_map --force

fuel node --node <node_ids> --tasks ⇒<nl/>eri_cmha_install eri_cmha_pacemaker_setup ⇒<nl
/>eri_cmha_location eri_cmha_post_task ⇒<nl/>eri_cmha_copy_node_info_map --force

where <node_ids> is the list of node IDs from the fuel2 node list printout. Multiple node IDs must be comma-separated.

Perform a Fuel synchronization as described in Fuel Synchronization.

2.2 Reconfigure Fencing Access to Out-of-Band Management

In case the out-of-band management access has been changed, fencing must be reconfigured accordingly to make sure that it works with the new password.

To change the settings for fencing:

Modify the out-of-band management access parameters in the shelf section of the config.yaml configuration file in the CEE_RELEASE directory on the vFuel node. Refer to the Configuration File Guide for the parameters. Fencing uses the usernames and passwords configured for blade management.
Validate the updated configuration file by using the following command in vFuel:
```
validate_config_yaml /mnt/cee_config/config.yaml
```
If the command output contains errors for some of the parameters, fix the reported problems and repeat this step. If the command output does not contain errors, continue with the next step.

Update the Ericsson inventory with the required changes:

pre_deploy /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

pre_deploy /var/lib/ericsson/pre_deploy/ ⇒
/mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

Upload the configuration changes to all nodes:

fuel node --node <node_ids> --tasks upload_configuration

fuel node --node <node_ids> --tasks ⇒
upload_configuration

Rerun the CM-HA Fuel plugin tasks:

fuel node --node <node_ids> --tasks eri_cmha_install eri_cmha_pacemaker_setup eri_cmha_location eri_cmha_post_task eri_cmha_copy_node_info_map --force

fuel node --node <node_ids> --tasks ⇒<nl/>eri_cmha_install eri_cmha_pacemaker_setup ⇒<nl
/>eri_cmha_location eri_cmha_post_task ⇒<nl/>eri_cmha_copy_node_info_map --force

where <node_ids> is the list of node IDs from the fuel2 node list printout. Multiple node IDs must be comma-separated.

Perform a Fuel synchronization as described in Fuel Synchronization.

3 Reconfigure CSS CPU Reservation

Both automatic and manual CSS CPU reservation can be reconfigured after CEE deployment. The reconfiguration is applicable for compute hosts, including those containing a vCIC.

Note:: If multiple compute hosts are to be reconfigured, they have to be processed one by one.

As a result of this procedure, the number of CPUs reserved for tenant VMs can be altered on those hosts. This procedure is based on the server replacement procedure. Depending of the reconfiguration, more (if allocating fewer CPUs for CSS) or less (if allocating more CPUs for CSS) CPU resources would remain on the reconfigured compute hosts.

3.1 Reconfigure CSS CPU Reservation

Perform the following steps for each server where the CSS CPU allocation is to be reconfigured, one by one:

Evacuate the VMs from the server.
Change the CSS CPU allocation in the /mnt/cee_config/config.yaml file on vFuel. For the configuration options, refer to the section Allocating CPUs for CSS (OVS) in the Configuration File Guide.
Note:
If the css_mode parameter is changed in the config.yaml, the vSwitch capacity must also be reconfigured according to the Multi-Server System Dimensioning Guide, CEE 6. Refer to the vSwitch Capacity section in the Configuration File Guide.
Perform the server replacement procedure on the server, see Server Replacement.

4 Change Legal Text at Logon

The legal text presented at logon can be updated depending on the deployment:

To change the legal text in multi-server deployment, see Section 4.1.
To change the legal text in single server deployment, see Section 4.2.

Note:: The legal text at logon cannot be changed if using CSC CLI.

4.1 Change Legal Text in Multi-Server Deployment

To change the legal text in a multi-server deployment:

Modify the legaltext section of the config.yaml configuration file in the CEE_RELEASE directory on the vFuel node. Refer to the Configuration File Guide for the parameters.
Validate the updated configuration file by using the following command in vFuel:
```
validate_config_yaml /mnt/cee_config/config.yaml
```
If the command output contains errors for some of the parameters, fix the reported problems and repeat this step. If the command output does not contain errors, continue with the next step.

Update the Ericsson inventory with the required changes:

pre_deploy /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

pre_deploy /var/lib/ericsson/pre_deploy/ ⇒
/mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

Upload the configuration changes to all nodes:

fuel node --node <node_ids> --tasks upload_configuration

fuel node --node <node_ids> --tasks ⇒
upload_configuration

Rerun the hardening vFuel plugin task:
```
fuel node --node <node_ids> --tasks eri_hardening_slave --force
```
```
fuel node --node <node_ids> --tasks ⇒
eri_hardening_slave --force
```
where <node_ids> is the list of node IDs from the fuel2 node list printout. Multiple node IDs must be comma-separated.
Perform a Fuel synchronization as described in Fuel Synchronization.

4.2 Change Legal Text in Single Server Deployment

To change the legal text in a single server deployment:

Log on to the vCIC:
ssh ceeadm@<vcic_address>
Update the /etc/issue and /etc/issue.net files. Sudo privileges are required.
Log on to the compute host:
ssh ceeadm@<compute_address>
Update the /etc/issue and /etc/issue.net files. Sudo privileges are required.
The legaltext section in config.yaml on vFuel also has to be updated.
1. Log on to the kickstart server or installation laptop hosting vFuel.
2. Log on to vFuel.
3. Update the config.yaml. Sudo privileges are required.

5 Change GRUB Password

To change the Grand Unified Bootloader (GRUB) password after CEE installation:

Modify the GRUB password in the grub section of the config.yaml file. For more information, refer to section GRUB Configuration in the Configuration File Guide.
Validate the updated configuration file by using the following command in vFuel:
validate_config_yaml /mnt/cee_config/config.yaml
If the command output contains errors for any of the parameters, solve the reported problems and repeat Step 2.

Run the following command to update the environment with the config.yaml changes:

pre_deploy /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

pre_deploy /var/lib/ericsson/pre_deploy⇒
/ /mnt/cee_config/config.yaml 1 ⇒
/etc/cee/openstack_config/

Run the upload configuration task and the hardening vFuel plugin task to update the GRUB password:
```
fuel node --node <node_ids> --tasks upload_configuration eri_hardening_slave --force
```
```
fuel node --node <node_ids> ⇒
--tasks upload_configuration eri_hardening_slave --force
```
where <node_ids> is the list of node IDs from the fuel2 node list printout. Multiple node IDs must be comma-separated.
Perform a Fuel synchronization as described in Fuel Synchronization.

6 Set Static Routes

This section is only applicable to configurations with Neutron managed Extreme switches.

The maximum number of static routes is defined in the neutron.conf file. If more static routes are needed, the default setting must be changed by performing the following steps:

Log on to the vCIC:
ssh ceeadm@<cic_address>
Add the following option to the /etc/neutron.conf file:
ext_max_routes = <value>
Repeat Step 1 and Step 2 for each vCIC.
Restart the Neutron server by using the following command:
crm resource restart neutron-server

Note:: For setting the ext_max_routes value at CEE installation, refer to the Neutron Configuration Options in the Configuration File Guide.

7 Perform ScaleIO Maintenance Operations

This section is only applicable to configurations using unmanaged EMC ScaleIO storage solution.

Permanent changes to the ScaleIO MDM cluster or to the frontend network interfaces of the SDSs must be propagated in the CEE region manually after the following operations:

Changing ScaleIO cluster mode between three-node and five-node MDM cluster
Changing the IP address of an MDM cluster member or changing the frontend IP address of an SDS
Adding or removing an MDM cluster member

To propagate ScaleIO changes in the CEE region, do the following:

Log on to Fuel as root. For more information, refer to the document CEE Connectivity User Guide.
Navigate to the /usr/share/ericsson-orchestration/playbooks folder:
```
cd /usr/share/ericsson-orchestration/playbooks/
```
Execute the eri-scaleio-setup-openstack Ansible playbook:
```
openstack-ansible eri-scaleio-setup-openstack.yml
```

The propagation of changes can be verified by executing the following commands on any of the vCICs as root:

/bin/emc/scaleio/drv_cfg --query_mdm

The printout contains the management IP addresses of the MDMs as defined in CEE. This information can be used to verify the propagation of MDM cluster changes and MDM IP address changes.

An example of the printout is the following:

root@cic-1:~# /bin/emc/scaleio/drv_cfg --query_mdm
Retrieved 1 mdm(s)
MDM-ID 562e5f61376e3d03 SDC ID dfc71ae500000000 INSTALLATION ID 32b0b57a468a998b IPs [0]-192.168.17.84 [1]-192.168.18.84 [2]-192.168.17.81 [3]-192.168.18.81

root@cic-1:~# /bin/emc/scaleio/drv_cfg --query_mdm
Retrieved 1 mdm(s)
MDM-ID 562e5f61376e3d03 SDC ID dfc71ae500000000 INSTALLATION⇒
 ID 32b0b57a468a998b IPs [0]-192.168.17.84 [1]-192.168.18.84 ⇒
[2]-192.168.17.81 [3]-192.168.18.81

/bin/emc/scaleio/drv_cfg --query_tgt

The printout contains the frontend IP addresses of the SDSs.

An example of the printout is the following:

root@cic-1:~# /bin/emc/scaleio/drv_cfg --query_tgt
Retrieved 5 tgt(s)
TGT-ID 0xcd50762f00000000 MDM-ID 0x48b290cd6524c335 Tgt IPs : [0]-192.168.17.85 [1]-192.168.18.85
TGT-ID 0xcd50763000000001 MDM-ID 0x48b290cd6524c335 Tgt IPs : [0]-192.168.17.87 [1]-192.168.18.87
TGT-ID 0xcd50763100000002 MDM-ID 0x48b290cd6524c335 Tgt IPs : [0]-192.168.17.80 [1]-192.168.18.80
TGT-ID 0xcd50763300000004 MDM-ID 0x48b290cd6524c335 Tgt IPs : [0]-192.168.17.83 [1]-192.168.18.83
TGT-ID 0xcd50763400000003 MDM-ID 0x48b290cd6524c335 Tgt IPs : [0]-192.168.17.110 [1]-192.168.18.110

root@cic-1:~# /bin/emc/scaleio/drv_cfg --query_tgt
Retrieved 5 tgt(s)
TGT-ID 0xcd50762f00000000 MDM-ID 0x48b290cd6524c335 Tgt IPs :⇒
 [0]-192.168.17.85 [1]-192.168.18.85
TGT-ID 0xcd50763000000001 MDM-ID 0x48b290cd6524c335 Tgt IPs :⇒
 [0]-192.168.17.87 [1]-192.168.18.87
TGT-ID 0xcd50763100000002 MDM-ID 0x48b290cd6524c335 Tgt IPs :⇒
 [0]-192.168.17.80 [1]-192.168.18.80
TGT-ID 0xcd50763300000004 MDM-ID 0x48b290cd6524c335 Tgt IPs :⇒
 [0]-192.168.17.83 [1]-192.168.18.83
TGT-ID 0xcd50763400000003 MDM-ID 0x48b290cd6524c335 Tgt IPs :⇒
 [0]-192.168.17.110 [1]-192.168.18.110

8 Configure Cinder Backup

This section is only applicable if the cinder-backup service is utilized in a CEE region.

8.1 Runtime Installation and Configuration

This section is applicable for the following use cases:

Enable the cinder-backup service
Configure the storage back end to Swift or NFS
Depending on the storage back end utilized, the required drivers are automatically configured for the service. See Table 1 for Swift and Table 2 for NFS driver configuration values.
Configure the NFS share path

To configure the cinder-backup service on a running environment, do the following:

Note:: The cinder-backup service is restarted during the procedure.

Log on to vFuel. For more information, refer to the CEE Connectivity User Guide.
In the config.yaml configuration file in the CEE_RELEASE directory, modify the relevant configuration attribute of the ericsson_openstack_config Fuel plugin in the fuel-plugins section:
```
ericsson:
...
   fuel-plugins:
   ...
     -
        name: ericsson_openstack_config
        config_attributes:
           configure_cinder_backup:
           cinder_backup_type:
           nfs_backup_share:
```
For configuration attribute values, refer to the Fuel Plugin Configuration Guide.

Note:
If configure_cinder_backup is set to true and cinder_backup_type is not specified, Swift is automatically configured as back end.
Validate the updated configuration file by using the following command in vFuel:
```
validate_config_yaml /mnt/cee_config/config.yaml
```
If the command output contains errors for some of the parameters, fix the reported problems and repeat Step 3. If the command output does not contain errors, continue with Step 5.

Enable the eri_cider_backup task in Fuel:

apply_settings /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 update /etc/cee/eri_deployment_tasks.yaml /etc/cee/repos.yaml

apply_settings /var/lib/ericsson/pre_deploy/⇒
 /mnt/cee_config/config.yaml 1 update⇒
 /etc/cee/eri_deployment_tasks.yaml /etc/cee/repos.yaml

Update the deployment files with the task information:

pre_deploy /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

pre_deploy /var/lib/ericsson/pre_deploy/⇒
 /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

Execute the plugin tasks to update the plugin information in the slave nodes and run the eri_cinder_backup task:

fuel node --node <node_ids> --tasks eri_cinder_backup upload_configuration -–force

fuel node --node <node_ids> --tasks⇒
 eri_cinder_backup upload_configuration --force

Where <node_ids> is a comma-separated list of the node IDs of the vCICs. The following is an example of the command:

fuel node --node 7,8,9 --tasks eri_cinder_backup upload_configuration0 --force

fuel node --node 7,8,9 --tasks⇒
 eri_cinder_backup upload_configuration0 --force

For the node IDs of the vCICs, see the printout of the fuel node command.

Perform a Fuel synchronization as described in Fuel Synchronization.

Table 1 Configured Values - Cinder Backup Swift Driver
Option = Value	(Type) Description
`backup_swift_auth` = `per_user`	(StrOpt) Swift authentication mechanism
`backup_swift_auth_version` = `1`	(StrOpt) Swift authentication version, auth 1.0.
`backup_swift_block_size` = `32768`	(IntgerOpt) The size in bytes that changes are tracked for incremental backups.
`backup_swift_ca_cert_file` = `None`	(StrOpt) Location of the CA certificate file to use for Swift client requests
`backup_swift_container` = `volumebackups`	(StrOpt) The default Swift container.
`backup_swift_enable_progress_timer` = `True`	(BoolOpt) Enable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift back-end storage.
`backup_swift_key` = `None`	(StrOpt) Swift key for authentication
`backup_swift_object_size` = `52428800`	(IntgerOpt) The size in bytes of Swift backup objects
`backup_swift_retry_attempts` = `3`	(IntgerOpt) The number of retries to make for Swift operations
`backup_swift_retry_backoff` = `2`	(IntgerOpt) The backoff time in seconds between Swift retries
`backup_swift_url` = `None`	(StrOpt) The URL of the Swift endpoint
`backup_swift_url` = `None`	(StrOpt) Swift user name
`keystone_catalog_info` = `identity:Identity Service:publicURL`	(StrOpt) Info to match when looking for Keystone in the service catalog.
`swift_catalog_info` = `object-store:swift:publicURL`	(StrOpt) Info to match when looking for Swift in the service catalog.

Table 2 Configured Values- Cinder Backup NFS Driver
Option = Default Value	Description
`backup_container` = `None`	(StrOpt) Custom directory to use for backups.
`backup_enable_progress_timer` = `True`	(BoolOpt) Enable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the back-end storage.
`backup_file_size` = `1999994880`	(IntgerOpt) The maximum size in bytes of the files used to hold backups. If the volume being backed up exceeds this size, then it is backed up into multiple files.
`backup_mount_options` = `None`	(StrOpt) Mount options passed to the NFS client
`backup_mount_point_base` = `$state_path/backup_mount`	(StrOpt) Base directory containing mount point for NFS share
`backup_sha_block_size_bytes` = `32768`	(IntgerOpt) The size in bytes that changes are tracked for incremental backups.
`backup_share` = `None`	(StrOpt) NFS share hostname and path. Defined in `config.yaml` in CEE.

9 Configure License Management

Use the procedure described in this section in the following use cases:

In new CEE deployments, to establish connection to the NeLS server and to install the required certificates
In running CEE systems, if reconfiguration of the connection to the NeLS server is required
In running CEE systems, if the related certificates expired or are about to expire

For more information about NeLS certificates, see Section 10.1.

Do the following:

Log on to vFuel as root. For more information, refer to the CEE Connectivity User Guide.
If required, generate certificates according the requirements described in Certificate Management in NeLS CPI, Reference [1]

If new certificate is generated, remove old certificates from the vCICs. Execute the following command on vFuel:

fuel node --node <node_ids> --task eri_sheriff_cert_preparation_on_controllers --force

fuel node --node <node_ids> --task⇒
 eri_sheriff_cert_preparation_on_controllers --force

where <node_ids> is a comma-separated list of the node IDs of the vCICs. The following is an example of the command:

fuel node --node 7,8,9 --task eri_sheriff_cert_preparation_on_controllers --force

fuel node --node 7,8,9 --task⇒
 eri_sheriff_cert_preparation_on_controllers --force

If required, copy the certificate files to the /mnt/cee_config directory on vFuel.
Depending on the use case, modify the required license parameters in the config.yaml configuration file, in the /mnt/cee_config directory on the vFuel node:
- NeLS Server IP address or hostname
- port used for communication with the NeLS server
- Certificate file name
Refer to the Configuration File Guide for the parameters.
Validate the updated configuration file by using the following command in vFuel:
```
validate_config_yaml /mnt/cee_config/config.yaml
```
If the command output contains errors for some of the parameters, fix the reported problems and repeat this step. If the command output does not contain errors, continue with the next step.

Update the Ericsson inventory with the required changes:

pre_deploy /var/lib/ericsson/pre_deploy/ /mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

pre_deploy /var/lib/ericsson/pre_deploy/ ⇒
/mnt/cee_config/config.yaml 1 /etc/cee/openstack_config/

Upload the configuration changes to all nodes:

fuel node --node <node_ids> --tasks upload_configuration

fuel node --node <node_ids> --tasks ⇒
upload_configuration

Rerun the Sheriff Fuel plugin tasks:

fuel node --node <node_ids> --start eri_sheriff_controller_install --end eri_sheriff_restart --force

fuel node --node <node_ids> ⇒
--start eri_sheriff_controller_install ⇒
--end eri_sheriff_restart --force

where <node_ids> is the comma-separated list of vCIC IDs from the fuel2 node list printout.

Perform a Fuel synchronization as described in Fuel Synchronization.

10 Appendix

10.1 NeLS Certificates

NeLS certificates include a CA certificate and a client certificate, both issued by Ericsson:

tls_trusted_ca_certificate	Certificate for authentication of the TLS connection between the NeLS server and the CEE region.

tls_nels_client_certificate	Certificate for authentication of the NeLS server. The client certificate is located in the `/etc/ssl/certs/CEE` directory.

Reference List


[1] Certificate Management, 1551-CRA 119 1933