[doc] Document how to use separate RabbitMQ cluster

Since Trove requires guest network to be passed to the rabbitmq it makes
sense to use standalone rabbitmq cluster and instruction about how to do
might be useful

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/784780
Change-Id: Ibbc6faa2a5d5b3af39db9ae214ba9087a777a0eb
This commit is contained in:
Dmitriy Rabotyagov 2021-04-05 17:52:00 +03:00 committed by Dmitriy Rabotyagov
parent c92b99d3f4
commit 9b8e916d19

View File

@ -105,3 +105,95 @@ the images using custom ``diskimage-builder`` elements.
See the ``trove/integration/scripts/files/elements`` directory contents in
the OpenStack Trove project for ``diskimage-builder`` elements to build trove
disk images.
Use stand-alone RabbitMQ
~~~~~~~~~~~~~~~~~~~~~~~~
Since Trove uses RabbitMQ to interact with guest servers it requires you to
pass the neutron network into the RabbitMQ container which is a security risk.
As a result, you might want to isolate Trove from other services in terms of
the RabbitMQ cluster and use a standalone one.
In order to deploy new RabbitMQ cluster and use it for Trove, you will need
to:
#. Create a new group for RabbitMQ containers. You will need to create a file
inside ``/etc/openstack_depoy/env.d`` which defines group mappings
.. code-block:: yaml
component_skel:
trove_rabbitmq:
belongs_to:
- trove_mq_all
container_skel:
trove_rabbit_container:
belongs_to:
- trove-mq_containers
contains:
- trove_rabbitmq
physical_skel:
trove-mq_containers:
belongs_to:
- all_containers
trove-mq_hosts:
belongs_to:
- hosts
#. Define on which hosts this group will be deployed. This can be done either
with a new file in conf.d or inside openstack_user_config.yml
.. code-block:: yaml
trove-mq_hosts:
aio1:
ip: 172.29.236.100
#. Add to the dbaas network mapping for the new group:
.. code-block:: yaml
- network:
container_bridge: "br-dbaas"
container_type: "veth"
container_interface: "eth14"
host_bind_override: "eth14"
ip_from_q: "dbaas"
type: "flat"
net_name: "dbaas-mgmt"
group_binds:
- neutron_linuxbridge_agent
- oslomsg_rpc
- trove_rabbitmq
#. Create overrides for dedicated rabbitmq containers, ie
``/etc/openstack_deploy/group_vars/trove_rabbitmq.yml``
.. code-block:: yaml
rabbitmq_cluster_name: trove
rabbitmq_cookie_token: <token>
rabbitmq_monitoring_password: <password>
#. Create overrides for trove service contaienrs, ie
``/etc/openstack_deploy/group_vars/trove_all.yml``
.. note::
For notifications we still want to use main RabbitMQ cluster
.. code-block:: yaml
oslomsg_rpc_host_group: trove_rabbitmq
oslomsg_rpc_servers: "{{ groups[oslomsg_rpc_host_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}"
trove_guest_oslomsg_notify_servers: "{{ rabbitmq_servers }}"
#. Run playbooks to create rabbitmq containers and deploy cluster on them
.. code-block:: bash
openstack-ansible playbooks/lxc-containers-create.yml --limit trove_rabbitmq,lxc_hosts
openstack-ansible playbooks/rabbitmq-install.yml -e rabbitmq_host_group=trove_rabbitmq