OpenStack Magnum Users¶
Important: Magnum is currently in technical preview on STFC Cloud. If you have any feedback or suggestions please send it to firstname.lastname@example.org
When a cluster is created, Magnum creates unique credentials for each cluster. This allows the cluster to make changes to its structure (e.g. create load balancers for specific services, create and attach cinder volumes, update the stack, etc.) without exposing the user’s cloud credentials.
How to find the Magnum User Credentials¶
We can obtain the cluster credentials directly from the VM which the master node is on. First, SSH into the master node’s VM and then:
[fedora@cluster-master-0 ~]$ cd /etc [fedora@cluster-master-0 /etc]$ cd kubernetes/ [fedora@cluster-master-0 kubernetes]$ ls #This will return the list of items similar to: apiserver cloud-config controller-manager kube_openstack_config manifests scheduler ca-bundle.crt cloud-config-occm get_require_kubeconfig.sh kubelet proxy certs config keystone_webhook_config.yaml kubelet-config.yaml proxy-kubeconfig.yaml #The cluster's credentials can be found in the file 'cloud-config' #Print the config to the terminal [fedora@cluster-master-0 kubernetes]$ cat cloud-config
This will return the cloud-config file containing the cluster’s credentials similar to:
[Global] auth-url=https://AUTH-URL user-id=CLUSTER_USER_ID password=PASSWORD trust-id=TRUST-ID ca-file=/etc/kubernetes/ca-bundle.crt region=RegionOne [LoadBalancer] #with the octavia ingress controller enabled use-octavia=True subnet-id=SUBNET_ID floating-network-id=FLOATING_NETWORK_ID create-monitor=yes monitor-delay=1m monitor-timeout=30s monitor-max-retries=3 [BlockStorage] bs-version=v2
These global variables should be used when setting up configmaps such as magnum-auto-healer configmap. Never use your own cloud credentials in Kubernetes configmaps. These would be visible to anyone who has access to the master node in the cluster.