Skip to content

Commit

Permalink
openstack privileges documented
Browse files Browse the repository at this point in the history
  • Loading branch information
Emilio Garcia committed Oct 7, 2020
1 parent c5352b9 commit 87d6cf7
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docs/user/openstack/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ In addition, it covers the installation with the default CNI (OpenShiftSDN), as

## Reference Documents

- [Privileges](privileges.md)
- [Known Issues and Workarounds](known-issues.md)
- [Using the OSP 4 installer with Kuryr](kuryr.md)
- [Troubleshooting your cluster](troubleshooting.md)
Expand Down Expand Up @@ -71,6 +72,8 @@ You may need to increase the security group related quotas from their default va
openstack quota set --secgroups 8 --secgroup-rules 100 <project>`
```

Once you configure the quota for your tenant, please ensure that the user for the installer has the proper [privileges](privileges.md).

### Master Nodes

The default deployment stands up 3 master nodes, which is the minimum amount required for a cluster. For each master node you stand up, you will need 1 instance, and 1 port available in your quota. They should be assigned a flavor with at least 16 GB RAM, 4 vCPUs, and 25 GB Disk. It is theoretically possible to run with a smaller flavor, but be aware that if it takes too long to stand up services, or certain essential services crash, the installer could time out, leading to a failed install.
Expand Down
11 changes: 11 additions & 0 deletions docs/user/openstack/privileges.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Required Privileges

In order to succesfully deploy an OpenShift cluster on OpenStack, the user passed to the installer needs a particular set of permissions in a given project. Our recommendation is to create a user in the project that you intend to install your cluster onto with the role *member*. In the event that you want to customize the permissions for a more restricted install, the following use cases can accomodate them.

## Bring Your Own Networks

Using the [bring your own networks feature](https://github.com/openshift/installer/blob/master/docs/user/openstack/customization.md#custom-subnets) will allow you use already prepared networking infrastructure. Using this feature enables the installer user to no longer need permission to create/delete networks, subnets, routers, and router interfaces. However it will still need to be able to read them, tag them, and create/read/modify/delete ports on a given network and subnet.

## Floating IP Free Installs

By leaving the `externalNetwork`, `ingressFloatingIP`, and `appsFloatingIP` fields empty, you can run the installer without creating, deleting, or modifying any floating IPs. Running the installer this way does not require you to have any Floating IP Privileges.

0 comments on commit 87d6cf7

Please sign in to comment.