Connecting your Node to FIWARE Lab

This section contains a guide of the necessary steps to connect your Node to FIWARE Lab.

Prerequisites

Before starting the process of connecting your node to FIWARE Lab you have to accomplish the following:

  • To be an authorized node to join FIWARE Lab, you can get this authorization by filling the corresponding document Become a new FIWARE Lab node and send it to FIWARE Lab administrator.

  • To have every OpenStack service properly working locally (using your local Keystone)

  • To have the public endpoints of your OpenStack services opened to the Internet.

Connection process

Creating your admin and services accounts

The first thing you need to start registering your node is to have the following accounts registered in FIWARE Lab Keystone:

  • An admin account: it will be used for administrative tasks such as communicating with the users of your node or managing the users accounts status.

  • A service account for each OpenStack service you are providing: these accounts are used to configure the OpenStack services and allow them to validate tokens with the FIWARE Lab Keystone.

To create all these accounts, you have to contact FIWARE Lab Keystone administrators providing the following data:

  • Name of your node

  • List of services you wish to register

  • Email address of the node administrator

FIWARE Lab administrators will provide you the usernames/passwords for all the service accounts. They will also provide you the authorization endpoint you have to use in the step Configuring your services.

Registering your services endpoints

The second step is to register your node endpoints in the FIWARE Lab Service Catalogue. To do that you have to contact FIWARE Lab Keystone administrators providing them the list of endpoints of all your OpenStack services.

The list of the endpoints has to follow the following template:

  • Nova: (service type: compute, service name: nova)
"adminURL": "http://<IP_ADRRESS>:8774/v2/$(tenant_id)s"

"internalURL": "http://<IP_ADRRESS>:8774/v2/$(tenant_id)s"

"publicURL": "http://<IP_ADRRESS>:8774/v2/$(tenant_id)s"
  • Glance: (service type: image, service name: image)
"adminURL": "http://<IP_ADRRESS>:9292/v1"

"internalURL": "http://<IP_ADRRESS>:9292/v1"

"publicURL": "http://<IP_ADRRESS>:9292/v1"
  • Volume: (service type: volume, service name: cinder)
"adminURL": "http://<IP_ADRRESS>:8776/v1/$(tenant_id)s"

"internalURL": "http://<IP_ADRRESS>:8776/v1/$(tenant_id)s"

"publicURL": "http://<IP_ADRRESS>:8776/v1/$(tenant_id)s"
  • Network: (service type: network, service name: neutron)
"adminURL": "http://<IP_ADRRESS>:9696/"

"internalURL": "http://<IP_ADRRESS>:9696/"

"publicURL": "http://<IP_ADRRESS>:9696/"
  • Object Store: (service type: object-store, service name: swift)
"adminURL": "http://<IP_ADRRESS>:8090/v1"

"internalURL": "http://<IP_ADRRESS>:8090/v1/AUTH_$(tenant_id)s"

"publicURL": "http://<IP_ADRRESS>:8090/v1/AUTH_$(tenant_id)s"

Configuring your services

Once you have your service accounts and passwords you can proceed with the service configuration. What you have to do is to change the Keystone service to which they are validating the tokens. Currently your OpenStack services are connected to your local Keystone. You have to connect them to the FIWARE Lab Keystone.

To do so, you have to modify the configuration files of each service changing the following parameters:

  • auth_uri: You have to update it with the authorization endpoint administrators have provided you when registering your account (in the step Creating your admin and services accounts)

  • admin_tenant_name: service

  • admin_user: the username of this service account

  • admin_password: the password of this service account

Below is a list of configuration files that need to be changed:

  • /etc/nova/nova.conf

  • /etc/neutron/dhcp_agent.ini

  • /etc/neutron/metadata_agent.ini

  • /etc/neutron/neutron.conf

  • /etc/neutron/l3_agent.ini

  • /etc/neutron/api-paste.ini

  • /etc/glance/glance-api.conf

  • /etc/glance/glance-registry.conf

  • /etc/glance/glance-cache.conf

  • /etc/cinder/cinder.conf

  • /etc/swift/proxy-server.conf

Some of these files can be also hosted in the Controller and in the Compute nodes. It depends on the OpenStack configuration adopted by each Infrastructure Owner. For example, you can install OpenStack Networking in the Controller server or in a dedicated one. Usually in Compute nodes you have only to change the nova configuration file.

Once these files are updated you should restart the corresponding services.

Validating the registration

Once all the steps are done, you have to check that the connection with the new Keystone is working properly. To do that you have to use the CLI tools to check:

  • you can deploy a virtual machine

  • you can deploy an image (deploy an image is equal to register as image in glance)

  • you can deploy a network

  • you can attach a floating IP to a VM and it is reachable from outside

Keep in mind that if we want to use CLI tools, some environment variables must be first exported:

export OS_REGION_NAME="you_region_name"
export OS_USERNAME=”your_user_name”
export OS_PASSWORD=”your_password”
export OS_AUTH_URL=http://cloud.lab.fiware.org:4730/v3
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_IDENTITY_API_VERSION=3

Node publication in FIWARE Lab

Once the registration process is finished and you have correctly validated it using the CLI tools, your node is ready for publication in FIWARE Lab.

To publish it you have to contact the FIWARE Lab Keystone administrators telling them you have finished the process. They will check everything is ok and they will activate your node in the FIWARE Lab Cloud Portal and in the FIWARE Lab Account Portal (for administrators).

Synchronization of Glance Images

Once your node is ready and working, the Glance Images need to be synchronized. These images include some base Operating System images (CentOS, Ubuntu, Debian) with some security enhancements and some images containing the Basic Generic Enablers needed to build applications based on FIWARE (i.e. Orion Context Broker, CKAN, Keyrock IDM, etc).

To do that you have to contact FIWARE Lab Spain2 node administrators providing them the credentials that should be used to synchronize the images. The first synchronization is a long process since it has to upload many large files.