TL;DR: We make a multi-regions deployment with Kolla. It requires to
patch the code a little bit, and you can find the diff on our
GitHub. This patch is just a first attempt to support multi-regions
in Kolla and it raises questions. Some modifications are not done in
an idiomatic way and we do not expect this to be merged in Kolla. The
reminder of this mail explains our patch and states our questions.
At Inria/Discovery, we evaluate OpenStack at scale for the
Performance Working Group. So far, we focus on one single OpenStack
region deployment with hundreds of computes and we always go with
Kolla for our deployment. Over the last few days, we tried to achieve
a multi-regions OpenStack deployment with Kolla. We want to share with
you our current deployment workflow, patches we had to apply on Kolla
to support multi-regions, and also ask you if we do things correctly.
First of all, our multi-regions deployment follows the one described
by the OpenStack documentation. Concretely, the deployment
considers /one/ Administrative Region (AR) that contains Keystone and
Horizon. This is a Kolla-based deployment, so Keystone is hidden
behind an HAProxy, and has MariaDB and memcached as backend. At the
same time, /n/ OpenStack Regions (OSR1, ..., OSRn) contain a full
OpenStack, except Keystone. We got something as follows at the end of
Admin Region (AR):
OpenStack Region x (OSRx):
We do the deployment by running Kolla n+1 times. The first run deploys
the Administrative Region (AR) and the other runs deploy OpenStack
Regions (OSR). For each run, we fix the value of `openstackregionname'
variable to the name of the current region.
In the context of multi-regions, Keystone (in the AR) should be
available to all OSRs. This means, there are as many Keystone
endpoints as regions. For instance, if we consider two OSRs, the
result of listing endpoints at the end of the AR deployment looks like
$ openstack endpoint list
| Region | Serv Name | Serv Type | Interface | URL |
| AR | keystone | identity | public | http://10.24.63.248:5000/v3 |
| AR | keystone | identity | internal | http://10.24.63.248:5000/v3 |
| AR | keystone | identity | admin | http://10.24.63.248:35357/v3 |
| OSR1 | keystone | identity | public | http://10.24.63.248:5000/v3 |
| OSR1 | keystone | identity | internal | http://10.24.63.248:5000/v3 |
| OSR1 | keystone | identity | admin | http://10.24.63.248:35357/v3 |
| OSR2 | keystone | identity | public | http://10.24.63.248:5000/v3 |
| OSR2 | keystone | identity | internal | http://10.24.63.248:5000/v3 |
| OSR2 | keystone | identity | admin | http://10.24.63.248:35357/v3 |
This requires patching the
keystone/tasks/register.yml' play to
re-execute theCreating admin project, user, role, service, and
endpoint' task for all regions we consider. An example of such a patch
is given on our GitHub. In this example, the
variable is a list that contains the name of all regions (see ). As
a drawback, the patch implies to know in advance all OSR. A better
implementation would execute theCreating admin project, user, role,
service, and endpoint' task every time a new OSR is going to be
deployed. But this requires to move the task somewhere else in the
Kolla workflow and we have no idea where this should be.
In the AR, we also have to change the Horizon configuration file to
handle multi-regions. The modification could be done easily and
idiomatically by setting the
node_custome_config' variable to themulti-regions' directory and benefits from Kolla merging config
Also, deploying OSRs requires patching the kolla-toolbox as it seems
not region-aware. In particular, patch the `kollakeystoneservice.py'
module that is responsible for contacting Keystone and creating a
new endpoint when we register a new OpenStack service.
73 for endpoint in cloud.keystoneclient.endpoints.list():
74 if endpoint.serviceid == service.id and \
75 endpoint.interface == interface:
76 endpoint = _endpoint
77 if endpoint.url != url:
78 changed = True
80 endpoint, url=url)
83 changed = True
At some point, this module /create/ or /update/ a service endpoint. It
first tests if the service is already registered, and update the URL
if so (l. 74 to 81), or create the new endpoint in other cases (l.
82). Unfortunately, the test (l. 74 to 75) only looks at the service
(e.g., glance) and the interface (e.g., public). This makes the test
wrong because we deploy the same service many times, but into
different regions. We have to add an extra condition to not only test
the service but also its region.
74 if endpoint.serviceid == service.id and \
75 endpoint.interface == interface and \
76 _endpoint.region == endpointregion:
Finally, when we deployed OSRs, we override the value of
to target Keystone in AR. We also have to change the[keystoneauthtoken]' section of nova/neutron/glance conf so that
it uses these variables instead of the canonical form with the
kolla_internal_fqdn' variable. In this regards, is it due to some
legacy code that configuration files use thekollainternalfqdn'
variable instead of `keystone*_url'?
That's almost all. As you can see, handle multi-regions implies a very
small number of modifications if you call Kolla multiple times.
So, thanks for the great job Kolla team! And waiting for your
OpenStack Development Mailing List (not for usage questions)