Openstack

Overview

Openstack is becoming a widely used on-premise infrastructure orchestration platform. It has a wide array of contributors and enterprise sponsorships. There are several variations on Openstack as well. Morpheus supports integration with all the various platform offerings and ranges in support all the way back to Openstack Juno. The complete list of compatible versions is listed in our Integration Compatibility table. It leverages the APIs and provides full functionality as a self service portal in front of Openstack.

Features

  • Virtual Machine Provisioning

  • Backups and Snapshots

  • Security Group Management

  • Disk Mode support Local/Image (via Ceph)

  • Floating IP Assignment support

  • Brownfield VM management and Migration

  • Lifecycle Management and Resize

  • Docker Host management and configuration

  • Manila File Services (SFS)

  • Object Storage (OBS)

  • Network Lifecycle

  • LBaaS/Octavia Load Balancing Services

On top of all these features, Morpheus also adds additional features to Openstack that do not exist out of the box to make it easier to manage in multitenant environments as well as hybrid cloud environments:

  • Image to QCOW2 Image Conversion

  • QCOW2 to RAW Image Conversion

  • Multitenancy resource allocation

  • Virtual Image management (Blueprints)

  • Auto-scaling and recovery

  • Instance Cloning

  • Morpheus Kubernetes Cluster Deployment

Tip

To allow Morpheus to list Hypervisor Hosts, ensure the Openstack user used for the Cloud Integration has sufficient privileges for os_compute_api:os-hypervisors in /etc/nova/policy.json in Openstack.

Getting Started

OpenStack Clouds are very easy to integrate with Morpheus. First, go to the Infrastructure > Clouds section and click + ADD. Select OpenStack to begin the integration process, most branded flavors of OpenStack will work with this Cloud selection as well.

Warning

Support for OpenStack v2 Identity API has been removed in v5.3.3

Cloud Configuration

NAME

Name of the Cloud in Morpheus

CODE

Unique code used for api/cli, automation and policies.

LOCATION

Description field for adding notes on the cloud, such as location.

VISIBILITY

For setting cloud permissions in a multi-tenant environment. Not applicable in single tenant environments.

TENANT

If Visibility is set to Private, select the Tenant the Cloud resources will assigned to.

ENABLED

When disabled, automatic Cloud sync is paused and the Cloud will not be selectable for provisioning.

AUTOMATICALLY POWER ON VMS

When enabled, Morpheus will maintain the expected power state of managed VMs. Morpheus will power on any managed VMs in the Cloud that have been shut down for unknown reasons (not powered off by Morpheus) to ensure availability of services.

Note

When “AUTOMATICALLY POWER ON VMS” is enabled, the power state of managed VMs should be maintained in Morpheus. This setting is not applicable to discovered/unmanaged resources.

Details

IDENTITY API URL

v3 Identity endpoint.

DOMAIN ID

For Default domains, Default can be used. For other domain the Domain ID must be entered, not the Domain Name.

PROJECT

Enter the target project or leave this field blank to integrate all projects

USERNAME

Service Username

PASSWORD

Service user password

OS VERSION

Select Openstack Version. Morpheus supports the latest versions of OpenStack, select the latest version available if your current version is not shown.

IMAGE FORMAT

Select QCOW2, RAW or VMDK Image Type

LB TYPE

Select LB Type for Openstack LB syncing and creation

Inventory Existing Instances

Select for Morpheus to discover and sync existing VM’s

Enable Hypervisor Console

Hypervisor console support for openstack currently only supports novnc. Be sure the novnc proxy is configured properly in your openstack environment. When disabled Morpheus will use ssh and rdp for console conneciton (vm/host credentials required)

Advanced Options

DOMAIN

Specify a default domain for instances provisioned to this Cloud.

SCALE PRIORITY

Only affects Docker Provisioning. Specifies the priority with which an instance will scale into the cloud. A lower priority number means this cloud integration will take scale precedence over other cloud integrations in the group.

APPLIANCE URL

Alternate Appliance url for scenarios when the default Appliance URL (configured in admin > settings) is not reachable or resolvable for Instances provisioned in this cloud. The Appliance URL is used for Agent install and reporting.

TIME ZONE

Configures the time zone on provisioned VM’s if necessary.

DATACENTER ID

Used for differentiating pricing among multiple datacenters. Leave blank unless prices are properly configured.

NETWORK MODE

Unmanaged or select a Network Integration (NSX, ACI etc)

LOCAL FIREWALL

On or Off. Enable to managed Host and VM firewall/IP Table rules (linux only)

SECURITY SERVER

Security Server setting is for Security Service Integrations such as ACI

TRUST PROVIDER

Select Internal (Morpheus) or an existing Trust Provider Integration

STORAGE MODE

Single Disk, LVM or Clustered

BACKUP PROVIDER

Select a backup provider. Depending on the Cloud type and any currently-configured backup plugins you may select Internal Backups (Morpheus) or another configured backup solution

REPLICATION PROVIDER

Sets the default Replication Provider for the Cloud. Select an existing Replication Provider Integration

GUIDANCE

Enable Guidance recommendations on cloud resources.

COSTING

Enable for Morpheus to sync Costing data from the Cloud provider, when available. For on-prem Clouds, enabling costing activates a costing service designed to mirror the live costing experience of public clouds, including invoicing with line items and real-time cost data (Operations > Costing > Invoices). If your organization utilizes reserved instances and you want to pull in related pricing data, some Cloud integrations include the option to select Costing and Reservations. If this is not relevant, select Costing to save money on additional calls to the Cloud provider’s costing API.

DNS INTEGRATION

Records for instances provisioned in this cloud will be added to selected DNS integration.

SERVICE REGISTRY

Services for instances provisioned in this cloud will be added to selected Service Registry integration.

CONFIG MANAGEMENT

Select a Chef, Ansible or Puppet integration to be used with this Cloud.

CMDB

Select CMDB Integration to automatically update selected CMDB.

CMDB DISCOVERY

When checked, any automatically discovered (unmanaged) servers onboarded into Morpheus from this Cloud will also have CMDB records created for them.

CHANGE MANAGEMENT

Select an existing Change Management Integration to set on the Cloud. ex: Cherwell

AGENT INSTALL MODE
  • SSH / WINRM: Morpheus will use SSH or WINRM for Agent install.

  • Cloud Init / Unattend (when available): (DEFAULT) Morpheus will utilize Cloud-Init or Cloudbase-Init for agent install when provisioning images with Cloud-Init/Cloudbase-Init installed. Morpheus will fall back on SSH or WINRM if cloud-init is not installed on the provisioned image. Morpheus will also add Agent installation to Windows unattend.xml data when performing Guest Customizations or utilizing syspreped images.

API PROXY

Set a proxy for outbound communication from the Morpheus Appliance to the Cloud endpoints. Proxies can be added in the Infrastructure > Networks > Proxies tab.

INSTALL AGENT

Enable to have Agent Installation on by default for all provisioning into this Cloud. Disable for Agent Installation to be off by default for all provisioning into this Cloud.

Provisioning Options

PROXY

Set a proxy for inbound communication from Instances to the Morpheus Appliance. Proxies can be added in the Infrastructure > Networks > Proxies tab.

Bypass Proxy for Appliance URL

Enable to bypass proxy settings (if added) for Morpheus Agent communication to the Appliance URL.

NO PROXY

Include a list of IP addresses or name servers to exclude from proxy traversal

USER DATA (LINUX)

Add cloud-init user data. Morpheus 4.1.0 and earlier assumes bash syntax. Morpheus 4.1.1 and later supports all User Data formats. Refer to https://cloudinit.readthedocs.io/en/latest/topics/format.html for more information.

Note

v5.3.3 adds openstack project management which requires additional permissions in openstack:

identity:list_domain_roles
identity:list_role_assignments
identity:list_roles
identity:list_projects
identity:create_project
identity:update_project
identity:delete_project
identity:create_grant
identity:revoke_grant

Most of the information in the dialog can be acquired from the Openstack dashboard. under Project > Access & Security > API Access. The API URL that is needed is the one tied to Identity. The Domain and Project inputs typically correlate to the multitenant domain setup within Openstack (sometimes just left at default) as well as the project name given to instances. Morpheus allows multiple integrations to the same Openstack cluster to be scoped to various domains and projects as needed.

The remaining options help Morpheus determine which API capabilities exist in the selected Openstack environment. Hence the need for the Openstack version and image format. If a newer Openstack cluster is being used then exists in the dropdown, simply select the most recent version in the dropdown and this should function sufficiently until the new version is added.

Tip

Some Openstack environments do not support QCOW2 and force RAW image formats (like Metapod). This is due to some network overhead in Ceph created by using QCOW2. Morpheus keeps two copies of Openstack image templates for this exact purpose.

Saving this cloud integration should perform a verification step and close upon successful completion.

Existing Instances

Morpheus provides several features regarding pulling in existing virtual machines and servers in an environment. Most cloud options contain a checkbox titled ‘Inventory Existing Instances’. When this option is selected, all VMs found within the specified scope of the cloud integration will be scanned periodically and Virtual Machines will be synced into Morpheus.

By default these virtual machines are considered ‘unmanaged’ and do not appear in the Provisioning > Instances area but rather Infrastructure > Compute > Virtual Machines. However, a few features are provided with regards to unmanaged instances. They can be assigned to various accounts if using a multitenant master account, however it may be best suited to instead assign the ‘Resource Pool’ to an account and optionally move all servers with regards to that pool (more on this later).

A server can also be made into a managed server. During this process remote access is requested and an agent install is performed on the guest operating system. This allows for guest operations regarding log acquisition and stats. If the agent install fails, a server will still be marked as managed and an Instance will be created in Provisioning, however certain features will not function. This includes stats collection and logs.

Service Ports

Morpheus consumes the following OpenStack service ports by default as part of its cloud integration. If your OpenStack implementation has been configured to use alternate service ports, these can be overwritten in the Cloud configuration under the Service Endpoints section when adding or editing the Cloud integration.

../../../_images/serviceEndpoints.png

Default Service Ports

  • Identity: 5000

  • Compute: 8774

  • Image: 9292

  • Key Manager: 9311

  • Network: 9696

  • Volume API v3: 8776 v3

  • Manila: 8786

OpenStack Scalable File Service (SFS)

The Morpheus integration with Openstack Cloud includes the capability to work with Openstack Scalable File Service (SFS). SFS is shared file storage hosted on Openstack Cloud. By integrating Morpheus with Openstack you can discover, create, manage, and delete SFS servers, as well as view and work with the file shares and files contained therein.

SFS Server Discovery and Management

On integrating Openstack Cloud with Morpheus, SFS servers and file shares are discovered automatically after a short time. The server(s) can be viewed in Infrastructure > Storage > Servers. By viewing the server detail page and clicking EDIT, the storage server can be scoped as needed. Administrators can choose to scope to other Openstack Cloud integrations (if more than one relevant integration currently exists), select from synced availability zones, and scope the storage server to specific Tenants if desired.

Additionally, Openstack SFS servers can be created from the storage server list page (Infrastructure > Storage > Servers) directly in Morpheus. Click +ADD to begin and set the storage server type value to “Openstack SFS”. Just like with existing synced SFS servers, those created from Morpheus can be scoped as needed.

../../../_images/addSfs.png

SFS File Share Discovery and Management

Discovered file shares will appear among other file shares synced with Morpheus in Infrastructure > Storage > File Shares. Depending on the number of cloud integrations in your Morpheus appliance and the number of cloud integrations available to your user account, this list may be quite large. Using the search bar on this page, we can narrow down the list to only file shares whose names match the search terms.

We can drill into individual file shares by clicking on the hyperlinked name in the list of all integrated file shares. From the file share detail page, a list of files will appear on the files tab. Begin the process of adding a new file by clicking +ADD. The Access tab on the file shares detail page allows users to view and manage ACL rules.

Note

“Failed to load files from storage provider” is present when the Morpheus appliance doesn’t have access to the file share.

New Openstack SFS file shares can also be created directly in Morpheus. From the file shares list page, get started by clicking +ADD. Select the type “Openstack SFS Share”. Set the storage service field to a pre-existing Openstack SFS server. Setting a friendly name for the file share in Morpheus and selecting from synced availability zones is required.

Network and Router Creation

Once an OpenStack Cloud is integrated into Morpheus, new network creation options become available. When adding a new network (Infrastructure > Networks > Networks Tab), a new type labeled “OpenStack Private Network” is available when clicking +ADD. When the user creates this network construct in Morpheus, a layer two subnet is created but it’s not connected to a Virtual Private Cloud (VPC). This is by design as an Internet-routable network is not always desired. Continue on with this section after creating the network to also create a VPC (router).

Create a network

  1. Navigate to Infrastructure > Networks

  2. Click on the Networks tab

  3. Click +ADD

  4. Select OpenStack Private Network

  5. Complete the modal based on requirements for the new network

  6. Click SAVE CHANGES

Create a router

  1. Navigate to Infrastructure > Networks

  2. Click on the Routers tab

  3. Click +ADD

  4. Select OpenStack Router

  5. Complete the modal based on requirements for the new router

  6. Click SAVE CHANGES

When creating a router, it’s helpful to note that the External Network is the floating IP network that has been assigned to the OpenStack project. This network will grant your Instances their routes out to the Internet. The Internal Subnet can be a layer two subnet that you may have created in the previous step. In addition, multiple subnets can be added to the router (VPC) and the IP address on the subnet would be the router’s internal IP address.

Advanced

There are a few advanced features when it comes to provisioning on top of Openstack. Most of these present themselves in the provisioning wizard. This includes OS Volume Type (Local or Volume) which dictates whether the main OS disk is copied and run off the hypervisor or remotely mounted as a volume via Glacier. Some Openstack setups only configure hypervisors with minimal local disks so volume type is needed.

Another option during provisioning is “Assign Floating IP”. This option does exactly what it says and is similar to the feature on the Openstack instance dashboard itself. It should be noted that this will attempt to acquire a floating IP from the project and, if out of capacity, will attempt to increase capacity to the project if the cloud credentials provided have sufficient administrative privileges to do so.

Docker

So far this document has covered how to add the Openstack cloud integration and has described how to provision virtual machine-based Instances via the Add Instance catalog in Provisioning. Another great feature provided by Morpheus out of the box is the ability to work with Docker containers and even support multiple containers per Docker host. To do this, a Docker host must first be provisioned into Openstack (multiple hosts are needed when dealing with horizontal scaling scenarios).

To provision a Docker Host, navigate to Infrastructure > Clusters and click + ADD CLUSTER. Complete the provisioning wizard including selecting the appropriate Group and Cloud. Alternatively, you can navigate to the Clusters tab for a specific Cloud (Infrastructure > Clouds > Specific Cloud detail page > Clusters tab) and begin the process of provisioning a Docker host to that Cloud from there. Once completed, this host will show up in the Hosts sections (Infrastructure > Hosts OR Infrastructure > Clouds > Specific Cloud detail page > Hosts tab). Morpheus views a Docker host just like any other Hypervisor with the caveat being that it is used for running containerized images instead of virtualized ones.

Once a Docker Host is successfully provisioned, a green checkmark will appear to the right of the host marking it as available for use. In the event of a failure, click into the relevant host that failed and an error explaining the failure will be displayed in red at the top.

Some common error scenarios include network connectivity. For a Docker Host to function properly, it must be able to resolve the Morpheus appliance URL which can be configured in Administration > Settings. If it is unable to resolve and negotiate with the appliance, the Morpheus Agent installation will fail and provisioning instructions will not be able to be issued to the host.