Note |
This topic does not apply if you have installed the optional Cisco Virtual Topology System. For information about use of passwords
when VTS is installed, see the Installing Cisco VTS section in the Cisco NFV Infrastructure 2.4 Installation Guide.
|
You can reset some configurations after installation including the OpenStack service password and debugs, TLS certificates,
and ELK configurations. Two files, secrets.yaml and openstack_config.yaml which are located in : /root/installer-{tag id}/openstack-configs/,
contain the passwords, debugs, TLS file location, and ELK configurations. Also, Elasticsearch uses disk space for the data
that is sent to it. These files can grow in size, and Cisco VIM has configuration variables that establishes the frequency
and file size under which they are rotated.
Cisco VIM installer generates the OpenStack service and database passwords with 16 alphanumeric characters and stores those
in /root/openstack-configs/secrets.yaml. You can change the OpenStack service and database passwords using the password reconfigure
command on the deployed cloud. The command identifies the containers affected by the password change and restarts them so
the new password can take effect.
Note |
Always schedule password reconfiguration in a maintenance window because container restarts might disrupt the control plane
|
.
Run the following command to view the list of passwords and configurations :
[root@mgmt1 ~]# cd ~/installer-xxxx
[root@mgmt1 installer-xxxx]# ciscovim help reconfigure
usage: ciscovim reconfigure [--regenerate_secrets] [--setpassword <secretkey>]
[--setopenstackconfig <option>]
Reconfigure the openstack cloud
Optional arguments:
--regenerate_secrets Regenerate All Secrets
--setpassword <secretkey> Set of secret keys to be changed.
--setopenstackconfig <option> Set of Openstack config to be changed.
[root@mgmt1 ~]# ciscovim list-openstack-configs
+-------------------------------+----------------------------------------+
| Name | Option |
+-------------------------------+----------------------------------------+
| CINDER_DEBUG_LOGGING | False |
| KEYSTONE_DEBUG_LOGGING | False |
| CLOUDPULSE_VERBOSE_LOGGING | True |
| MAGNUM_VERBOSE_LOGGING | True |
| NOVA_DEBUG_LOGGING | True |
| NEUTRON_VERBOSE_LOGGING | True |
| external_lb_vip_cert | /root/openstack-configs/haproxy.pem |
| GLANCE_VERBOSE_LOGGING | True | |
| elk_rotation_frequency | monthly |
| CEILOMETER_VERBOSE_LOGGING | True |
| elk_rotation_del_older | 10 |
| HEAT_DEBUG_LOGGING | False |
| KEYSTONE_VERBOSE_LOGGING | True |
| external_lb_vip_cacert | /root/openstack-configs/haproxy-ca.crt |
| MAGNUM_DEBUG_LOGGING | True |
| CINDER_VERBOSE_LOGGING | True |
| elk_rotation_size | 2 |
| CLOUDPULSE_DEBUG_LOGGING | False |
| NEUTRON_DEBUG_LOGGING | True |
| HEAT_VERBOSE_LOGGING | True |
| CEILOMETER_DEBUG_LOGGING | False |
| GLANCE_DEBUG_LOGGING | False |
| NOVA_VERBOSE_LOGGING | True |
+-------------------------------+----------------------------------------+
[root@mgmt1 installer-xxxx]#
[root@mgmt1 installer-xxxx]# ciscovim list-password-keys
+----------------------------------+
| Password Keys |
+----------------------------------+
| COBBLER_PASSWORD |
| CPULSE_DB_PASSWORD |
| DB_ROOT_PASSWORD |
| KIBANA_PASSWORD |
| GLANCE_DB_PASSWORD |
| GLANCE_KEYSTONE_PASSWORD |
| HAPROXY_PASSWORD |
| HEAT_DB_PASSWORD |
| HEAT_KEYSTONE_PASSWORD |
| HEAT_STACK_DOMAIN_ADMIN_PASSWORD |
| HORIZON_SECRET_KEY |
| KEYSTONE_ADMIN_TOKEN |
| KEYSTONE_DB_PASSWORD |
| METADATA_PROXY_SHARED_SECRET |
| NEUTRON_DB_PASSWORD |
| NEUTRON_KEYSTONE_PASSWORD |
| NOVA_DB_PASSWORD |
| NOVA_KEYSTONE_PASSWORD |
| RABBITMQ_ERLANG_COOKIE |
| RABBITMQ_PASSWORD |
| WSREP_PASSWORD |
+----------------------------------+
[root@mgmt1 installer-xxxx]#
You can change specific password and configuration identified from the available list.
Run the reconfiguration command as follows:
[root@mgmt1 ~]# ciscovim help reconfigure
usage: ciscovim reconfigure [--regenerate_secrets] [--setpassword <secretkey>]
[--setopenstackconfig <option>]
Reconfigure the Openstack cloud
Optional arguments:
--regenerate_secrets Regenerate All Secrets
--setpassword <secretkey> Set of secret keys to be changed.
--setopenstackconfig <option> Set of Openstack config to be changed.
[root@mgmt1 ~]# ciscovim reconfigure --setpassword ADMIN_USER_PASSWORD,NOVA_DB_PASSWORD --setopenstackconfig HEAT_DEBUG_LOGGING,HEAT_VERBOSE_LOGGING
Password for ADMIN_USER_PASSWORD:
Password for NOVA_DB_PASSWORD:
Enter T/F for option HEAT_DEBUG_LOGGING:T
Enter T/F for option HEAT_VERBOSE_LOGGING:T
The password must be alphanumeric and can be maximum 32 characters in length.
Following are the configuration parameters for OpenStack:
Configuration Parameter
|
Allowed Values
|
CEILOMETER_DEBUG_LOGGING
|
T/F (True or False)
|
CEILOMETER_VERBOSE_LOGGING
|
T/F (True or False)
|
CINDER_DEBUG_LOGGING
|
T/F (True or False)
|
CINDER_VERBOSE_LOGGING
|
T/F (True or False)
|
CLOUDPULSE_DEBUG_LOGGING
|
T/F (True or False)
|
CLOUDPULSE_VERBOSE_LOGGING
|
T/F (True or False)
|
GLANCE_DEBUG_LOGGING
|
T/F (True or False)
|
GLANCE_VERBOSE_LOGGING
|
T/F (True or False)
|
HEAT_DEBUG_LOGGING
|
T/F (True or False)
|
HEAT_VERBOSE_LOGGING
|
T/F (True or False)
|
KEYSTONE_DEBUG_LOGGING
|
T/F (True or False)
|
KEYSTONE_VERBOSE_LOGGING
|
T/F (True or False)
|
MAGNUM_DEBUG_LOGGING
|
T/F (True or False)
|
MAGNUM_VERBOSE_LOGGING
|
T/F (True or False)
|
NEUTRON_DEBUG_LOGGING
|
T/F (True or False)
|
NEUTRON_VERBOSE_LOGGING
|
T/F (True or False)
|
NOVA_DEBUG_LOGGING
|
T/F (True or False)
|
NOVA_VERBOSE_LOGGING
|
T/F (True or False)
|
elk_rotation_del_older
|
Days after which older logs are purged
|
elk_rotation_frequency
|
Available options: "daily", "weekly", "fortnightly", "monthly"
|
elk_rotation_size
|
Gigabytes (entry of type float/int is allowed)
|
external_lb_vip_cacert
|
Location of HAProxy CA certificate
|
external_lb_vip_cert |
Location of HAProxy certificate
|
NOVA_RAM_ALLOCATION_RATIO
|
Mem oversubscription ratio (from 1.0 to 4.0)
|
NOVA_CPU_ALLOCATION_RATIO
|
CPU allocation ratio (from 1.0 to 16.0)
|
ES_SNAPSHOT_AUTODELETE
|
Elastic search auto-delete configuration, can manage the following:
period: ["hourly", "daily", "weekly", "monthly"] # Frequency of cronjob to check for disk space
threshold_warning: <1-99> # % of disk space occupied to display warning message
threshold_low: <1-99> # % of disk space occupied after cleaning up snapshots
threshold_high: <1-99> # % of disk space when starting to delete snapshots
|
Alternatively, you can regenerate all passwords using regenerate_secrets command option as follows:
[root@mgmt1 ~]# cd ~/installer-xxxx
[root@mgmt1 ~]# ciscovim reconfigure --regenerate_secrets
In addition to the services passwords, you can change the debug and verbose options for Heat, Glance, Cinder, Nova, Neutron,
Keystone and Cloudpulse in /root/openstack-configs/openstack_config.yaml. You can modify the other configurations including
the ELK configuration parameters, API and Horizon TLS certificates, Root CA, NOVA_EAMALLOCATION_RATIO and ES_SNAPSHOT_AUTODELETE.
When reconfiguring these options (For Example API and TLS), some control plane downtime will occur, so plan the changes during
maintenance windows.
The command to reconfigure these elements are:
ciscovim reconfigure
The command includes a built-in validation to ensure you do not enter typos in the secrets.yaml or openstack_config.yaml files.
When reconfiguration of password or enabling of openstack-services fails, all subsequent pod management operations are blocked.
In such casees, we recommend that you contact Cisco TAC to resolve the situation.