Skip to content

Commit cdbe875

Browse files
amoralejopenshift-merge-bot[bot]
authored andcommitted
Modify the installation document for the integrate mode
The watcher-operator is now integrated in the openstack-operator and installation in standalone mode is not longer supported. This patch is modifying the documentation to reflect the new way of working.
1 parent 3f42856 commit cdbe875

1 file changed

Lines changed: 29 additions & 315 deletions

File tree

docs/install_guide.adoc

Lines changed: 29 additions & 315 deletions
Original file line numberDiff line numberDiff line change
@@ -1,317 +1,31 @@
11
= User Installation Guide
22

3-
== Getting Started
4-
5-
Before installing the Watcher operator you first need a functional
6-
OpenShift installation with the required Openstack operators,
7-
including the Telemetry operator. The following links point
8-
to documents detailing how to create this required starting environment:
9-
10-
* https://github.com/openstack-k8s-operators/openstack-operator[Openstack Operator]
11-
* https://github.com/openstack-k8s-operators/telemetry-operator[Telemetry Operator]
12-
* https://kubernetes.io/docs/concepts/extend-kubernetes/operator/[Kubernetes operators]
13-
* https://prometheus.io/[Prometheus metrics]
14-
15-
A CRC (https://crc.dev/docs/introducing/[Code Ready Containers]) installation is
16-
adequade for a developer environment.
17-
18-
To verify that the environment set up is ready, do the following:
19-
20-
. Log in to the Kubernetes/Openshift environment:
21-
+
22-
[,console]
23-
----
24-
$ oc login -u <username> -p <password> https://api.crc.testing:6443 --insecure-skip-tls-verify=true
25-
----
26-
+
27-
. Access the Openstack client and verify the service endpoints are available:
28-
+
29-
[,console]
30-
----
31-
$ oc rsh openstackclient openstack endpoint list -c 'ID' -c 'Service Name' -c 'Enabled'
32-
+----------------------------------+--------------+---------+
33-
| ID | Service Name | Enabled |
34-
+----------------------------------+--------------+---------+
35-
| 0bada656064a4d409bc5fed610654edd | neutron | True |
36-
| 17453066f8dc40bfa0f8584007cffc9a | cinderv3 | True |
37-
| 22768bf3e9a34fefa57b96c20d405cfe | keystone | True |
38-
| 54e3d48cdda84263b7f1c65c924f3e3a | glance | True |
39-
| 74345a18262740eb952d2b6b7220ceeb | keystone | True |
40-
| 789a2d6048174b849a7c7243421675b4 | placement | True |
41-
| 9b7d8f26834343a59108a4225e0e574a | nova | True |
42-
| a836d134394846ff88f2f3dd8d96de34 | nova | True |
43-
| af1bf23e62c148d3b7f6c47f8f071739 | placement | True |
44-
| ce0489dfeff64afb859338e480397f90 | glance | True |
45-
| db69cc22117344b796f97e8dd3dc67e5 | neutron | True |
46-
| fa48dc132b524915b4d1ca963c50a653 | cinderv3 | True |
47-
+----------------------------------+--------------+---------+
48-
----
49-
+
50-
. Verify that the Telemetry operator with Prometheus metric storage is ready:
51-
+
52-
[,console]
53-
----
54-
$ oc get telemetry
55-
NAME STATUS MESSAGE
56-
telemetry True Setup complete
57-
58-
$ oc get metricstorage
59-
NAME STATUS MESSAGE
60-
metric-storage True Setup complete
61-
62-
$ oc get route metric-storage-prometheus
63-
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
64-
metric-storage-prometheus metric-storage-prometheus-openstack.apps-crc.testing metric-storage-prometheus web edge/Redirect None
65-
----
66-
+
67-
. You can view the Prometheus metrics in a web browser at the `HOST/PORT` address, for example,
68-
https://metric-storage-prometheus-openstack.apps-crc.testing.
69-
70-
== Installing the Operator
71-
72-
.Procedure
73-
74-
Now that you have a ready working environment, you can install the Watcher Operator.
75-
NOTE: The steps below require you to log in to your OpenShift cluster as a user with
76-
cluster-admin privileges.
77-
78-
. Create a `watcher-operator.yaml` file:
79-
+
80-
[source,yaml]
81-
----
82-
---
83-
apiVersion: operators.coreos.com/v1alpha1
84-
kind: CatalogSource
85-
metadata:
86-
name: watcher-operator-index
87-
namespace: openstack-operators
88-
spec:
89-
image: quay.io/openstack-k8s-operators/watcher-operator-index:latest
90-
sourceType: grpc
91-
---
92-
apiVersion: operators.coreos.com/v1
93-
kind: OperatorGroup
94-
metadata:
95-
name: openstack
96-
namespace: openstack-operators
97-
---
98-
apiVersion: operators.coreos.com/v1alpha1
99-
kind: Subscription
100-
metadata:
101-
name: watcher-operator
102-
namespace: openstack-operators
103-
spec:
104-
name: watcher-operator
105-
channel: alpha
106-
source: watcher-operator-index
107-
sourceNamespace: openstack-operators
108-
----
109-
+
110-
. `oc apply` the file to create the resources:
111-
+
112-
[,console]
113-
----
114-
$ oc apply -f watcher-operator.yaml
115-
catalogsource.operators.coreos.com/watcher-operator-index created
116-
operatorgroup.operators.coreos.com/openstack unchanged
117-
subscription.operators.coreos.com/watcher-operator created
118-
----
119-
+
120-
. Check that the operator is installed:
121-
+
122-
[,console]
123-
----
124-
$ oc get subscription.operators.coreos.com/watcher-operator -n openstack-operators
125-
NAME PACKAGE SOURCE CHANNEL
126-
watcher-operator watcher-operator watcher-operator-index alpha
127-
128-
$ oc get pod -l openstack.org/operator-name=watcher -n openstack-operators
129-
NAME READY STATUS RESTARTS AGE
130-
watcher-operator-controller-manager-dd95db756-kslw9 2/2 Running 0 44s
131-
132-
$ oc get csv watcher-operator.v0.0.1
133-
NAME DISPLAY VERSION REPLACES PHASE
134-
watcher-operator.v0.0.1 Watcher Operator 0.0.1 Succeeded
135-
----
136-
137-
== Deploying the Watcher Service
138-
139-
Now, you will need to create a Watcher Custom Resource based on the `Watcher CRD` in the same project where your
140-
OpenStackControlPlane CR is created. Typically, this is `openstack` project but you can check it with:
141-
142-
[,console]
143-
----
144-
$ oc get OpenStackControlPlane --all-namespaces
145-
NAMESPACE NAME STATUS MESSAGE
146-
openstack openstack-controlplane True Setup complete
147-
148-
----
149-
150-
151-
.Procedure
152-
153-
. Use the following commands to _view_ the `Watcher CRD` definition and specification schema:
154-
+
155-
[,console]
156-
----
157-
$ oc describe crd watcher
158-
159-
$ oc explain watcher.spec
160-
----
161-
+
162-
. Add a WatcherPassword field to the `Secret` created as part of the control plane deployment.
163-
+
164-
For more information, see link:https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/deploying_red_hat_openstack_services_on_openshift/assembly_preparing-RHOCP-for-RHOSO#proc_providing-secure-access-to-the-RHOSO-services_preparing[Providing secure access to the Red Hat OpenStack Services on OpenShift services].
165-
+
166-
. Update the `Secret`, and verify that the `WatcherPassword` field is present:
167-
+
168-
[,console]
169-
----
170-
$ oc apply -f <secret file> -n openstack
171-
172-
$ oc describe secret osp-secret -n openstack | grep Watcher
173-
WatcherPassword: 9 bytes
174-
----
175-
+
176-
. To expose the watcher services over https, some certificates are needed
177-
which will be automatically created by the openstack-operator as part of the
178-
OpenStackControlPlane creation.
179-
+
180-
. Create a file on your workstation named `watcher.yaml` to define the Watcher
181-
CR. In the `endpointURL` field, replace the `example.com` domain with your
182-
cluster domain and the `openstack` with the name of the project you are
183-
deploying in (if it's different than the `openstack` default).
184-
Although the exact parameters of your file may depend on your
185-
specific environment customization, a Watcher CR similar to the example below
186-
would work in a typical deployment:
187-
+
188-
[source,yaml]
189-
----
190-
apiVersion: watcher.openstack.org/v1beta1
191-
kind: Watcher
192-
metadata:
193-
name: watcher
194-
spec:
195-
databaseInstance: "openstack"
196-
secret: <name of the secret with the credentials of the ControlPlane deploy>
197-
apiServiceTemplate:
198-
override:
199-
service:
200-
public:
201-
endpointURL: https://watcher-public-openstack.example.com
202-
tls:
203-
caBundleSecretName: "combined-ca-bundle"
204-
api:
205-
internal:
206-
secretName: cert-watcher-internal-svc
207-
public:
208-
secretName: cert-watcher-public-svc
209-
----
210-
+
211-
There are certain fields of the Watcher CR spec that need to match with the values used in the existing OpenStackControlplane:
212-
+
213-
* *databaseInstance* parameter value must match to the name of the galera database created in the existing Control Plane. By default, this value is `openstack` but you can find it by running (ignore any galera having `cell` in its name):
214-
+
215-
[,console]
216-
----
217-
$ oc get galeras -n openstack
218-
NAME READY MESSAGE
219-
openstack True Setup complete
220-
221-
----
222-
+
223-
* *rabbitMqClusterName* parameter value should be the name of the existing Rabbitmq cluster, which can be found with the command (ignore any rabbitmq having `cell` in its name). By default, it is `rabbitmq`.
224-
+
225-
[,console]
226-
----
227-
$ oc get rabbitmq -n openstack
228-
NAME ALLREPLICASREADY RECONCILESUCCESS AGE
229-
rabbitmq True True 6d15h
230-
231-
----
232-
+
233-
* *memcachedInstance* must contain the name of the existing memcached CR in the same project (`memcached` by default). you can find it with:
234-
+
235-
[,console]
236-
----
237-
$ oc get memcached -n openstack
238-
NAME READY MESSAGE
239-
memcached True Setup complete
240-
241-
----
242-
+
243-
* *caBundleSecretName* under apiServiceTemplate.tls section must match the value found in command:
244-
+
245-
[,console]
246-
----
247-
$ oc get OpenStackControlPlane openstack-controlplane -n openstack \
248-
-o jsonpath='{.status.tls.caBundleSecretName}'
249-
combined-ca-bundle
250-
251-
----
252-
+
253-
For more information about how to define an OpenStackControlPlane custom resource (CR), see link:https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/deploying_red_hat_openstack_services_on_openshift/assembly_creating-the-control-plane#proc_creating-the-control-plane_controlplane[Creating the control plane].
254-
+
255-
. `oc apply` to configure Watcher
256-
+
257-
[,console]
258-
----
259-
$ oc apply -f watcher.yaml -n openstack
260-
watcher.watcher.openstack.org/watcher configured
261-
----
262-
+
263-
. To check if the service status, run:
264-
+
265-
[,console]
266-
----
267-
$ oc wait -n openstack --for condition=Ready --timeout=300s Watcher watcher
268-
watcher.watcher.openstack.org/watcher condition met
269-
----
270-
+
271-
where `Watcher` refers to the _kind_ and `watcher` refers to the name of the CR.
272-
. Check that the watcher service has been registered in list of keystone services with command:
273-
+
274-
[,console]
275-
----
276-
$ oc rsh openstackclient openstack service list
277-
+----------------------------------+------------+-------------+
278-
| ID | Name | Type |
279-
+----------------------------------+------------+-------------+
280-
| 1470e8d6019446a1bcdfdb6dc55f3f6a | nova | compute |
281-
| 41d60e1c678142cf8e5daf7a82af1864 | neutron | network |
282-
| 5b0d95d1c08e4deb832815addd859924 | ceilometer | Ceilometer |
283-
| 7e081cb4928945d7aa41d1622f7b8586 | cinderv3 | volumev3 |
284-
| 8d7ee56ca2bb4dba999d67580909dd90 | glance | image |
285-
| c3348e10fb414780988fbbceac9c4b5f | watcher | infra-optim |
286-
| db60453eca65409bbb0b61f4295c66ec | placement | placement |
287-
| fa717124fbcb4d708ba4c41c9109df81 | keystone | identity |
288-
+----------------------------------+------------+-------------+
289-
----
290-
+
291-
. Check that the openstack cloud can communicate with the watcher endpoints:
292-
+
293-
[,console]
294-
----
295-
$ oc rsh openstackclient openstack optimize service list
296-
+----+-------------------------+---------------------------+--------+
297-
| ID | Name | Host | Status |
298-
+----+-------------------------+---------------------------+--------+
299-
| 1 | watcher-applier | watcher-applier-0 | ACTIVE |
300-
| 2 | watcher-decision-engine | watcher-decision-engine-0 | ACTIVE |
301-
+----+-------------------------+---------------------------+--------+
302-
----
303-
+
304-
This confirms that the openstackclient pod could communicate with the watcher
305-
services.
306-
. Check that the endpoints use HTTPS:
307-
+
308-
[,console]
309-
----
310-
$ oc rsh openstackclient openstack endpoint list --service infra-optim -c 'Service Name' -c 'Interface' -c 'URL'
311-
+--------------+-----------+---------------------------------------------------------------+
312-
| Service Name | Interface | URL |
313-
+--------------+-----------+---------------------------------------------------------------+
314-
| watcher | public | https://watcher-public-openstack.example.com |
315-
| watcher | internal | https://watcher-internal.openstack.svc:9322 |
316-
+--------------+-----------+---------------------------------------------------------------+
317-
----
3+
== Watcher operator installation
4+
The watcher-operator is now integrated in openstack-operator. The
5+
installation of the operator is now part of the installation of the
6+
OpenStack Operator. For details about the deployment consult the
7+
https://openstack-k8s-operators.github.io/openstack-operator/[OpenStack k8s Operators documentation].
8+
9+
== Watcher service deployment
10+
11+
The deployment of the Watcher service is performed as part of the
12+
OpenStackControlplane Custom Resource. A Watcher service section
13+
exist to enable and configure the different aspects of the service.
14+
15+
A default watcher service deployment can be done by just adding
16+
following content to your **OpenStackControlPlane Custom Resource
17+
spec**.
18+
19+
```
20+
watcher:
21+
enabled: true
22+
```
23+
24+
For additional details and existing parameters in the watcher service
25+
check the https://openstack-k8s-operators.github.io/openstack-operator/ctlplane/index.html#watchersection[WatcherSection]
26+
and https://openstack-k8s-operators.github.io/openstack-operator/ctlplane/index.html#watcherspeccore[WatcherSpecCore]
27+
sections of the documentation.
28+
29+
**Note:** Watcher requires that the **OpenStackControlPlane** has
30+
Telemetry service enabled, including the MetricStorage system which
31+
provides the Prometheus backend and metrics required by Watcher.

0 commit comments

Comments
 (0)