|
| 1 | +**Note:** |
| 2 | + |
| 3 | +In OpenStack, you must add `admin` as a member of all tenants that users want to access and use in {{ site.data.product.title_short }}. |
| 4 | + |
| 5 | +See [Cloud Tenants](../managing_infrastructure_and_inventory/index.html#cloud-tenants) in *Managing Infrastructure and Inventory* for information on working with OpenStack tenants (projects) in {{ site.data.product.title_short }}. |
| 6 | + |
| 7 | +{% include openstack/tenant-mapping.md %} |
| 8 | + |
| 9 | +**Note:** |
| 10 | + |
| 11 | +You can set whether {{ site.data.product.title_short }} should use the Telemetry service or Advanced Message Queueing Protocol (AMQP) for event monitoring. If you choose Telemetry, you should first configure the **ceilometer** service on the overcloud to store events. See [Configuring the Overcloud to Store Events](../managing_providers/index.html#configuring-the-overcloud-to-store-events) for instructions. |
| 12 | + |
| 13 | +For more information, see <a href="https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/11/html/architecture_guide/components#comp-telemetry" target="_blank">OpenStack Telemetry |
| 14 | +(ceilometer)</a> in the Red Hat OpenStack Platform *Architecture Guide*. |
| 15 | + |
| 16 | +**Note:** |
| 17 | + |
| 18 | +To authenticate the provider using a self-signed Certificate Authority (CA), configure the {{ site.data.product.title_short }} appliance to trust the certificate using the steps in [Using a Self-Signed CA Certificate](#app-self_signed_CA) before adding the provider. |
| 19 | + |
| 20 | +1. Browse to menu: **Compute > Clouds > Providers**. |
| 21 | + |
| 22 | +2. Click **Configuration**, then click |
| 23 | +  (**Add a New Cloud Provider**). |
| 24 | + |
| 25 | +3. From the **Type** list, select **OpenStack**. |
| 26 | + |
| 27 | +4. Enter a **Name** for the provider. |
| 28 | + |
| 29 | +5. Select the appropriate **Zone** for the provider. By default, the |
| 30 | + zone is set to **default**. |
| 31 | + |
| 32 | + **Note:** |
| 33 | + |
| 34 | + For more information, see the definition of host aggregates and availability zones in [OpenStack Compute (nova)](https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/11/html/architecture_guide/components#comp-compute) in the Red Hat OpenStack Platform *Architecture Guide*. |
| 35 | + |
| 36 | + |
| 37 | +6. Enter the OpenStack region in **Provider Region**. |
| 38 | + |
| 39 | + |
| 40 | +7. Select the appropriate **API Version** from the list. The default is |
| 41 | + `Keystone v2`. |
| 42 | + |
| 43 | + If you select `Keystone v3`, enter the `Keystone V3 Domain ID` that |
| 44 | + {{ site.data.product.title_short }} should use. This is the domain of the user account |
| 45 | + you will be specifying later in the **Default** tab. If domains are |
| 46 | + not configured in the provider, enter **default**. |
| 47 | + |
| 48 | + **Note:** |
| 49 | + |
| 50 | + Keystone API v3 is required to create cloud tenants on OpenStack |
| 51 | + cloud providers. |
| 52 | + |
| 53 | + **Note:** |
| 54 | + |
| 55 | + {% include openstack/osp-keystone-api-v3.md %} |
| 56 | + |
| 57 | +8. (Optional) Enable tenant mapping by toggling the **Tenant Mapping |
| 58 | + Enabled** option to **Yes**. This synchronizes resources and users |
| 59 | + between the OpenStack cloud provider and {{ site.data.product.title_short }}. By |
| 60 | + default, tenant mapping is disabled. |
| 61 | + |
| 62 | +9. In the **Default** tab, under **Endpoints**, configure the host and authentication details of your OpenStack provider: |
| 63 | + |
| 64 | + 1. Select a **Security Protocol** method to specify how to authenticate the provider: |
| 65 | + |
| 66 | + - **SSL without validation**: Authenticate the provider insecurely using SSL. |
| 67 | + |
| 68 | + - **SSL**: Authenticate the provider securely using a trusted Certificate Authority. Select this option if the provider has a valid SSL certificate and it is signed by a trusted |
| 69 | + Certificate Authority. No further configuration is required for this option. This is the recommended authentication |
| 70 | + method. |
| 71 | + |
| 72 | + - **Non-SSL**: Connect to the provider insecurely using only |
| 73 | + HTTP protocol, without SSL. |
| 74 | + |
| 75 | + 2. In **Hostname (or IPv4 or IPv6 address)**, enter the public IP |
| 76 | + or fully qualified domain name of the OpenStack Keystone |
| 77 | + service. |
| 78 | + |
| 79 | + **Note:** |
| 80 | + |
| 81 | + The hostname required here is also the **OS\_AUTH\_URL** value in the **\~/overcloudrc** file generated by the director (see [Accessing the Overcloud](https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/11/html-single/director_installation_and_usage/#sect-Accessing_the_Overcloud) in Red Hat OpenStack Platform *Director Installation and Usage*), or the **\~/keystonerc\_admin** file generated by Packstack (see [Evaluating OpenStack: Single-Node Deployment](https://access.redhat.com/articles/1127153)). |
| 82 | + |
| 83 | + 3. In **API Port**, set the public port used by the OpenStack |
| 84 | + Keystone service. By default, OpenStack uses port 5000 for |
| 85 | + non-SSL security protocol. For SSL, API port is 13000 by |
| 86 | + default. |
| 87 | + |
| 88 | + 4. In the **Username** field, enter the name of a user in the |
| 89 | + OpenStack environment. |
| 90 | + |
| 91 | + <div class="important"> |
| 92 | + |
| 93 | + In environments that use Keystone v3 authentication, the user |
| 94 | + must have the **admin** role for the relevant domain. |
| 95 | + |
| 96 | + </div> |
| 97 | + |
| 98 | + 5. In the **Password** field, enter the password for the user. |
| 99 | + |
| 100 | + 6. Click **Validate** to confirm {{ site.data.product.title_short }} can connect to the |
| 101 | + OpenStack provider. |
| 102 | + |
| 103 | +10. Next, configure how {{ site.data.product.title_short }} should receive events from the |
| 104 | + OpenStack provider. Click the **Events** tab in the **Endpoints** |
| 105 | + section to start. |
| 106 | + |
| 107 | + - To use the Telemetry service of the OpenStack provider, select **Ceilometer**. Before you do so, the provider must first be configured accordingly. See [Configuring the Overcloud to Store Events](../managing_providers/index.html#configuring-the-overcloud-to-store-events) for details. |
| 108 | + |
| 109 | + - If you prefer to use the AMQP Messaging bus instead, or eventing |
| 110 | + is not enabled on Ceilometer, select **AMQP** and configure the |
| 111 | + following: |
| 112 | + |
| 113 | + 1. Select a **Security Protocol** method. |
| 114 | + |
| 115 | + 2. In **Hostname (or IPv4 or IPv6 address)** (of the **Events** |
| 116 | + tab, under **Endpoints**), enter the public IP or fully |
| 117 | + qualified domain name of the AMQP host. |
| 118 | + |
| 119 | + 3. In the **API Port**, set the public port used by AMQP. By |
| 120 | + default, OpenStack uses port 5672 for this. |
| 121 | + |
| 122 | + 4. In the **Username** field, enter the name of an OpenStack |
| 123 | + user with privileged access (for example, **admin**). Then, |
| 124 | + provide its corresponding password in the **Password** |
| 125 | + field. |
| 126 | + |
| 127 | + 5. Click **Validate** to confirm the credentials. |
| 128 | + |
| 129 | +11. Click **Add** after configuring the cloud provider. |
| 130 | + |
| 131 | +**Note:** |
| 132 | + |
| 133 | + - To collect inventory and metrics from an OpenStack environment, the |
| 134 | + {{ site.data.product.title_short }} appliance requires that the adminURL endpoint for |
| 135 | + the OpenStack environment be on a non-private network. Hence, the |
| 136 | + OpenStack adminURL endpoint should be assigned an IP address other |
| 137 | + than `192.168.x.x`. Additionally, all the Keystone endpoints must be |
| 138 | + accessible, otherwise refresh will fail. |
| 139 | + |
| 140 | + - Collecting capacity and utilization data from an OpenStack cloud provider requires selecting the **Collect for All Clusters** option under **Configuration**, in the settings menu. For information, see [Capacity and Utilization Collections](../general_configuration/index.html#capacity-and-utilization-collection) in the *General Configuration Guide*. |
0 commit comments