Applies to SUSE OpenStack Cloud Crowbar 9

15 Installing SUSE CaaS Platform heat Templates #

This chapter describes how to install SUSE CaaS Platform heat template on SUSE OpenStack Cloud Crowbar.

15.1 SUSE CaaS Platform heat Installation Procedure #

Procedure 15.1: Preparation #

Download the latest SUSE CaaS Platform for OpenStack image (for example, SUSE-CaaS-Platform-3.0-OpenStack-Cloud.x86_64-1.0.0-GM.qcow2) from https://download.suse.com.

Upload the image to glance:

openstack image create --public --disk-format qcow2 --container-format \
bare --file SUSE-CaaS-Platform-3.0-OpenStack-Cloud.x86_64-1.0.0-GM.qcow2 \
CaaSP-3

Install the caasp-openstack-heat-templates package on a machine with SUSE OpenStack Cloud Crowbar repositories:
```
zypper in caasp-openstack-heat-templates
```
The installed templates are located in /usr/share/caasp-openstack-heat-templates.
Alternatively, you can get official heat templates by cloning the appropriate Git repository:
```
git clone https://github.com/SUSE/caasp-openstack-heat-templates
```

Procedure 15.2: Installing Templates via horizon #

In horizon, go to Project › Stacks › Launch Stack.
Select File from the Template Source drop-down box and upload the caasp-stack.yaml file.
In the Launch Stack dialog, provide the required information (stack name, password, flavor size, external network of your environment, etc.).
Click Launch to launch the stack. This creates all required resources for running SUSE CaaS Platform in an OpenStack environment. The stack creates one Admin Node, one Master Node, and server worker nodes as specified.

Procedure 15.3: Install Templates from the Command Line #

Specify the appropriate flavor and network settings in the caasp-environment.yaml file.

Create a stack in heat by passing the template, environment file, and parameters:

openstack stack create -t caasp-stack.yaml -e caasp-environment.yaml \
--parameter image=CaaSP-3 caasp-stack

Procedure 15.4: Accessing Velum SUSE CaaS Platform dashboard #

After the stack has been created, the Velum SUSE CaaS Platform dashboard runs on the Admin Node. You can access it using the Admin Node's floating IP address.
Create an account and follow the steps in the Velum SUSE CaaS Platform dashboard to complete the SUSE CaaS Platform installation.

When you have successfully accessed the admin node web interface via the floating IP, follow the instructions at https://documentation.suse.com/suse-caasp/3/single-html/caasp-deployment/ to continue the setup of SUSE CaaS Platform.

15.2 Installing SUSE CaaS Platform with Multiple Masters #

Note

A heat stack with load balancing and multiple master nodes can only be created from the command line, because horizon does not have support for nested heat templates.

Install the caasp-openstack-heat-templates package on a machine with SUSE OpenStack Cloud Crowbar repositories:

zypper in caasp-openstack-heat-templates

The installed templates are located in /usr/share/caasp-openstack-heat-templates.

A working load balancer is needed in your SUSE OpenStack Cloud deployment. SUSE OpenStack Cloud Crowbar uses HAProxy.

Verify that load balancing with HAProxy is working correctly in your OpenStack installation by creating a load balancer manually and checking that the provisioning_status changes to Active.

tux > openstack loadbalancer show
<LOAD_BALANCER_ID>

HAProxy is the default load balancer provider in SUSE OpenStack Cloud Crowbar.

The steps below can be used to set up a network, subnet, router, security and IPs for a test lb_net1 network with lb_subnet1 subnet.

tux > openstack network create lb_net1
  tux > openstack subnet create --name lb_subnet1 lb_net1 \
--subnet-range 172.29.0.0/24 --gateway 172.29.0.2
tux > openstack router create lb_router1
tux > openstack router add subnet lb_router1 lb_subnet1
tux > openstack router set lb_router1 --external-gateway ext-net
tux > openstack network list

Procedure 15.5: Steps to Install SUSE CaaS Platform with Multiple Masters #

Specify the appropriate flavor and network settings in the caasp-multi-master-environment.yaml file.
Set master_count to the desired number in the caasp-multi-master-environment.yaml file. The master count must be set to an odd number of nodes.
```
master_count: 3
```

Create a stack in heat by passing the template, environment file, and parameters:

tux > openstack stack create -t caasp-multi-master-stack.yaml \
-e caasp-multi-master-environment.yaml --parameter image=CaaSP-3 caasp-multi-master-stack

Find the floating IP address of the load balancer. This is necessary for accessing the Velum SUSE CaaS Platform dashboard.

tux > openstack loadbalancer list --provider

From the output, copy the id and enter it in the following command as shown in the following example:

tux > openstack loadbalancer show id

+---------------------+------------------------------------------------+
| Field               | Value                                          |
+---------------------+------------------------------------------------+
| admin_state_up      | True                                           |
| description         |                                                |
| id                  | 0d973d80-1c79-40a4-881b-42d111ee9625           |
| listeners           | {"id": "c9a34b63-a1c8-4a57-be22-75264769132d"} |
|                     | {"id": "4fa2dae0-126b-4eb0-899f-b2b6f5aab461"} |
| name                | caasp-stack-master_lb-bhr66gtrx3ue             |
| operating_status    | ONLINE                                         |
| pools               | {"id": "8c011309-150c-4252-bb04-6550920e0059"} |
|                     | {"id": "c5f55af7-0a25-4dfa-a088-79e548041929"} |
| provider            | haproxy                                        |
| provisioning_status | ACTIVE                                         |
| tenant_id           | fd7ffc07400642b1b05dbef647deb4c1               |
| vip_address         | 172.28.0.6                                     |
| vip_port_id         | 53ad27ba-1ae0-4cd7-b798-c96b53373e8b           |
| vip_subnet_id       | 87d18a53-ad0c-4d71-b82a-050c229b710a           |
+---------------------+------------------------------------------------+

Search the floating IP list for vip_address

tux > openstack floating ip list | grep 172.28.0.6
| d636f3...481b0c | fd7ff...deb4c1 | 172.28.0.6  | 10.84.65.37  | 53ad2...373e8b |

The load balancer floating ip address is 10.84.65.37

Accessing the Velum SUSE CaaS Platform Dashboard

After the stack has been created, the Velum SUSE CaaS Platform dashboard runs on the admin node. You can access it using the floating IP address of the admin node.

Create an account and follow the steps in the Velum SUSE CaaS Platform dashboard to complete the SUSE CaaS Platform installation.

SUSE CaaS Platform Admin Node Install: Screen 1

If you plan to manage your containers using Helm or Airship (this is common), check the box labeled Install Tiller (Helm's server component).

SUSE CaaS Platform Admin Node Install: Screen 2

SUSE CaaS Platform Admin Node Install: Screen 3

SUSE CaaS Platform Admin Node Install: Screen 4

SUSE CaaS Platform Admin Node Install: Screen 5

Set External Kubernetes API to LOADBALANCER_FLOATING_IP, External Dashboard FQDN to ADMIN_NODE_FLOATING_IP

SUSE CaaS Platform Admin Node Install: Screen 6

SUSE CaaS Platform Admin Node Install: Screen 7

15.3 Enabling the Cloud Provider Integration (CPI) Feature #

When deploying a CaaaSP cluster using SUSE CaaS Platform OpenStack heat templates, the following CPI parameters can be set in caasp-environment.yaml or caasp-multi-master-environment.yaml.

cpi_auth_url: The URL of the keystone API used to authenticate the user. This value can be found on OpenStack Dashboard under Access and Security › API Access › Credentials (for example, https://api.keystone.example.net:5000/)
cpi_domain_name: Name of the domain the user belongs to.
cpi_tenant_name: Name of the project the user belongs to. This is the project in which SUSE CaaS Platform resources are created.
cpi_region: Name of the region to use when running a multi-region OpenStack cloud. The region is a general division of an OpenStack deployment.
cpi_username: Username of a valid user that has been set in keystone. Default: admin
cpi_password: Password of a valid user that has been set in keystone.
cpi_monitor_max_retries: neutron load balancer monitoring max retries. Default: 3
cpi_bs_version: cinder Block Storage API version. Possible values are v1, v2 , v3 or auto. Default: auto
cpi_ignore_volume_az: Ignore cinder and nova availability zones. Default: true
dns_nameserver: Set this to the IP address of a DNS nameserver accessible by the SUSE CaaS Platform cluster.

Immediately after the SUSE CaaS Platform cluster comes online, and before bootstrapping, install the latest SUSE CaaS Platform 3.0 Maintenance Update using the following steps.

Register the SUSE CaaS Platform nodes for Maintenance Updates by following the instructions in Section 15.4, “Register SUSE CaaS Platform Cluster for Software Updates”.

On each of the SUSE CaaS Platform nodes, install the latest Maintenance Update:

tux > sudo transactional-update

Verify that the Velum image packages were updated:

tux > sudo zypper se --detail velum-image
i | sles12-velum-image | package    | 3.1.7-3.27.3  | x86_64 | update_caasp

Reboot the node:

tux > sudo reboot

Finally, when preparing to bootstrap using the SUSE CaaS Platform web interface, upload a valid trust certificate that can validate a certificate presented by keystone at the specified keystone_auth_url in the System-wide certificate section of Velum. If the SSL certificate provided by keystone cannot be verified, bootstrapping fails with the error x509: certificate signed by unknown authority.
Note
If your OpenStack endpoints operate on the Internet, or if the SSL certificates in use have been signed by a public authority, no action should be needed to enable secure communication with them.
If your OpenStack services operate in a private network using SSL certificates signed by an organizational certificate authority, provide that CA certificate as the system-wide certificate.
If your OpenStack service SSL infrastructure was self-signed during the installation of SUSE OpenStack Cloud Crowbar 9 (as is done by default), its CA certificate (with the file extension .pem) can be retrieved from the admin node in the /etc/ssl/certs/ directory. The filename should match the node name of your primary controller node. Download this file and provide it as the system-wide certificate.
The CPI configuration settings match the values provided via the caasp-environment.yaml or caasp-multi-master-environment.yaml files. Verify that they are correct before proceeding.

15.4 Register SUSE CaaS Platform Cluster for Software Updates #

Software updates are published for all registered users of SUSE CaaS Platform, and should always be enabled upon deploying a new cluster.

These steps may be performed on cluster nodes one at a time, or in parallel, making SSH connections as the root user with the password that was established in your /usr/share/caasp-openstack-heat-templates/caasp-environment.yaml file.

Note

If using a private SMT server for registration, use its hostname or IP address when running the commands below. Otherwise, use scc.suse.com to connect to SUSE's public registration server.

If this node was previously registered, deactivate its current registration:
```
tux > sudo SUSEConnect -d
tux > sudo SUSEConnect --cleanup
```
If you are registering with a private SMT server, install its SSL certificate or the related organizational CA in order to perform SMT operations securely.
```
tux > sudo curl SMT_SERVER/smt.crt \
  -o /etc/pki/trust/anchors/registration-server.pem
tux > sudo update-ca-certificates
```
Establish the new system registration:
```
tux > sudo SUSEConnect --write-config --url https://SMT_SERVER \
  -r REGISTRATION_CODE -e EMAIL_ADDRESS
```
The same registration code may be used for all the nodes in your cluster.
Test the registration and look for a status of Registered.
```
tux > sudo SUSEConnect --status-text
```

15.5 More Information about SUSE CaaS Platform #

More information about the SUSE CaaS Platform is available at https://documentation.suse.com/suse-caasp/3/single-html/caasp-deployment/