Installing on RHOSP

The Red Hat Openstack Platform Director is the supported and recommended method to deploy and maintain any RHOSP installation.
TrilioVault is integrating natively into the RHOSP Director.
Manual deployment methods are not supported for RHOSP.
1. Prepare for deployment
1.1] Select 'backup target' type
 Backup target storage is used to store backup images taken by TrilioVault and details needed for configuration: 
Following backup target types are supported by TrilioVault
a) NFS
Need NFS share path 
b) Amazon S3
- S3 Access Key
- Secret Key
- Region
- Bucket name
c) Other S3 compatible  storage (Like, Ceph based S3)
- S3 Access Key
- Secret Key
- Region
- Endpoint URL (Valid for S3 other than Amazon S3)
- Bucket name
1.2] Clone triliovault-cfg-scripts repository
The following steps are to be done on 'undercloud' node on an already installed RHOSP environment.
The overcloud-deploy command has to be run successfully already and the overcloud should be available.
All commands need to be run as user 'stack' on undercloud node
The following command clones the triliovault-cfg-scripts github repository.
1
cd /home/stack
2
git clone -b hotfix-4-TVO/4.1 https://github.com/trilioData/triliovault-cfg-scripts.git
3
cd triliovault-cfg-scripts/redhat-director-scripts/<RHOSP_RELEASE_DIRECTORY>/
Copied!
The TrilioVault appliance connected to this installation needs to be of version 4.1 HF4
Next access the Red Hat Director scripts according to the used RHOSP version.
RHOSP 13
1
cd triliovault-cfg-scripts/redhat-director-scripts/rhosp13/
Copied!
RHOSP 16
1
cd triliovault-cfg-scripts/redhat-director-scripts/rhosp16/
Copied!
RHOSP 16.1
1
cd triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/
Copied!
The remaining documentation will use the following path for examples:
1
cd triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/
Copied!
1.3] If backup target type is 'Ceph based S3'   with SSL:
If your backup target is ceph S3 with SSL and SSL certificates are self signed or authorized by private CA, then user needs to provide CA chain certificate to validate the SSL requests. For that, user needs to rename his ca chain cert file to 's3-cert.pem' and copy it into directory - 'triliovault-cfg-scripts/redhat-director-scripts/redhat-director-scripts/<RHOSP_RELEASE_Directory/puppet/trilio/files'
1
cp s3-cert.pem /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/puppet/trilio/files/
Copied!
2] Upload trilio puppet module
The following commands upload the Trilio puppet module to the overcloud registry. The actual upload happens upon the next deployment.
​
1
cd /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/scripts/
2
./upload_puppet_module.sh
3
​
4
## Output of above command looks like following.
5
Creating tarball...
6
Tarball created.
7
Creating heat environment file: /home/stack/.tripleo/environments/puppet-modules-url.yaml
8
Uploading file to swift: /tmp/puppet-modules-8Qjya2X/puppet-modules.tar.gz
9
+-----------------------+---------------------+----------------------------------+
10
| object                | container           | etag                             |
11
+-----------------------+---------------------+----------------------------------+
12
| puppet-modules.tar.gz | overcloud-artifacts | 368951f6a4d39cfe53b5781797b133ad |
13
+-----------------------+---------------------+----------------------------------+
14
​
15
## Above command creates following file.
16
ls -ll /home/stack/.tripleo/environments/puppet-modules-url.yaml
Copied!
Trilio puppet module is uploaded to overcloud as a swift deploy artifact with heat resource name 'DeployArtifactURLs'. If you check trilio's puppet module artifact file it looks like following.
1
(undercloud) [[email protected] ~]$ cat /home/stack/.tripleo/environments/puppet-modules-url.yaml
2
# Heat environment to deploy artifacts via Swift Temp URL(s)
3
parameter_defaults:
4
    DeployArtifactURLs:
5
    - 'http://172.25.0.103:8080/v1/AUTH_46ba596219d143c8b076e9fcc4139fed/overcloud-artifacts/puppet-modules.tar.gz?temp_url_sig=c3972b7ce75226c278ab3fa8237d31cc1f2115bd&temp_url_expires=1646738377'
6
​
Copied!
Note: If your overcloud deploy command using any other deploy artifact through a environment file, then you need to merge trilio deploy artifact url and your url in single file. 
How to check if your overcloud deploy environment files using deploy artifacts?
You need to check string 'DeployArtifactURLs' in your environment files (only those mentioned in overcloud deploy command with -e option). If you find it any such  environment file that is mentioned in overcloud dpeloy command with '-e' option then your deploy command is using deploy artifact.
In that case you need to merge all deploy artifacts in single file. Refer following steps.
Let's say, your artifact file path is "/home/stack/templates/user-artifacts.yaml" then refer following steps to merge both urls in single file and pass that new file to overcloud deploy command with '-e' option.
1
(undercloud) [[email protected] ~]$ cat /home/stack/.tripleo/environments/puppet-modules-url.yaml | grep http >> /home/stack/templates/user-artifacts.yaml
2
(undercloud) [[email protected] ~]$ cat /home/stack/templates/user-artifacts.yaml
3
# Heat environment to deploy artifacts via Swift Temp URL(s)
4
parameter_defaults:
5
    DeployArtifactURLs:
6
    - 'http://172.25.0.103:8080/v1/AUTH_57ba596219d143c8b076e9fcc4139f3g/overcloud-artifacts/some-artifact.tar.gz?temp_url_sig=dc972b7ce75226c278ab3fa8237d31cc1f2115sc&temp_url_expires=3446738365'
7
    - 'http://172.25.0.103:8080/v1/AUTH_46ba596219d143c8b076e9fcc4139fed/overcloud-artifacts/puppet-modules.tar.gz?temp_url_sig=c3972b7ce75226c278ab3fa8237d31cc1f2115bd&temp_url_expires=1646738377'
8
​
Copied!
​
3] Update overcloud roles data file to include Trilio services
TrilioVault contains multiple services. Add these services to your roles_data.yaml. 
In the case of uncustomized roles_data.yaml can the default file be found on the undercloud at:
/usr/share/openstack-tripleo-heat-templates/roles_data.yaml
Add the following services to the roles_data.yaml
 All commands need to be run as user 'stack'
3.1] Add Trilio Datamover Api Service to role data file
This service needs to share the same role as the keystone and database service.
In case of the pre-defined roles will these services run on the role Controller.
In case of custom defined roles, it is necessary to use the same role where 'OS::TripleO::Services::Keystone' service installed.
Add the following line to the identified role:
1
'OS::TripleO::Services::TrilioDatamoverApi'
Copied!
3.2] Add Trilio Datamover Service to role data file 
This service needs to share the same role as the nova-compute service.
In case of the pre-defined roles will the nova-compute service run on the role Compute.
In case of custom defined roles, it is necessary to use the role the nova-compute service is using.
Add the following line to the identified role:
1
'OS::TripleO::Services::TrilioDatamover' 
Copied!
4] Prepare Trilio container images
All commands need to be run as user 'stack'
Trilio containers are pushed to 'RedHat Container Registry'. 
Registry URL: 'registry.connect.redhat.com'. Container pull URLs are given below.
Please note that using the hotfix containers requires that the TrilioVault Appliance is getting upgraded to the desired hotfix level as well.
RHOSP 13
1
TrilioVault 4.1 HF4
2
TrilioVault Datamove container:        registry.connect.redhat.com/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp13
3
TrilioVault Datamover Api Container:   registry.connect.redhat.com/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp13
4
TrilioVault horizon plugin:            registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp13
Copied!
RHOSP 16.0
1
TrilioVault 4.1 HF4 (use only together with hotfix branch puppet modules):
2
TrilioVault Datamove container:        registry.connect.redhat.com/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16
3
TrilioVault Datamover Api Container:   registry.connect.redhat.com/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16
4
TrilioVault horizon plugin:            registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16
Copied!
RHOSP 16.1
1
TrilioVault 4.1 HF4 (use only together with hotfix branch puppet modules):
2
TrilioVault Datamove container:        registry.connect.redhat.com/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16.1
3
TrilioVault Datamover Api Container:   registry.connect.redhat.com/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16.1
4
TrilioVault horizon plugin:            registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16.1
Copied!
There are three registry methods available in RedHat Openstack Platform.
1.
Remote Registry
2.
Local Registry
3.
Satellite Server
4.1] Remote Registry
Follow this section when 'Remote Registry' is used.
In this method, container images gets downloaded directly on overcloud nodes during overcloud deploy/update command execution. User can set remote registry to redhat registry or any other private registry that he wants to use.
User needs to provide credentials of the registry in 'containers-prepare-parameter.yaml' file.
1.
Make sure other openstack service images are also using the same method to pull container images.
If it's not the case you can not use this method.
2.
Populate 'containers-prepare-parameter.yaml' with content like following. Important parameters are 'push_destination: false',  
ContainerImageRegistryLogin: true and registry credentials.
TrilioVault container images are published to registry 'registry.connect.redhat.com'. 
Credentials of  registry 'registry.redhat.io' will work for 'registry.connect.redhat.com' registry too. 
Note: This file -'containers-prepare-parameter.yaml' 
 File name: containers-prepare-parameter.yaml
1
parameter_defaults:
2
  ContainerImagePrepare:
3
  - push_destination: false
4
    set:
5
      namespace: registry.redhat.io/...
6
      ...
7
  ...
8
  ContainerImageRegistryCredentials:
9
    registry.redhat.io:
10
      myuser: '[email protected]!'
11
    registry.connect.redhat.com:
12
      myuser: '[email protected]!'
13
  ContainerImageRegistryLogin: true
Copied!



Redhat document for remote registry method: 
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/director_installation_and_usage/preparing-for-director-installation#container-image-preparation-parameters​
​
Note: File 'containers-prepare-parameter.yaml' gets created as output of command 'openstack tripleo container image prepare'. Refer above document by RedHat
3. Make sure you have network connectivity to above registries from all overcloud nodes. Otherwise image pull operation will fail.
4. Populate the trilio_env.yaml with TrilioVault container image URLs:
TrilioVault Datamover container
TrilioVault Datamover api container
TrilioVault Horizon Plugin
trilio_env.yaml will be available in 
1
cd triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/
2
vi trilio_env.yaml
Copied!
1
# For RHOSP13
2
$ grep 'Image' trilio_env.yaml
3
   DockerTrilioDatamoverImage: registry.connect.redhat.com/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp13
4
   DockerTrilioDmApiImage: registry.connect.redhat.com/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp13
5
   DockerHorizonImage: registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp13
6
​
7
# For RHOSP16
8
$ grep 'Image' trilio_env.yaml
9
   DockerTrilioDatamoverImage: registry.connect.redhat.com/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16
10
   DockerTrilioDmApiImage: registry.connect.redhat.com/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16
11
   ContainerHorizonImage: registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16
12
   
13
# For RHOSP16.1
14
$ grep 'Image' trilio_env.yaml
15
   DockerTrilioDatamoverImage: registry.connect.redhat.com/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16.1
16
   DockerTrilioDmApiImage: registry.connect.redhat.com/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16.1
17
   ContainerHorizonImage: registry.connect.redhat.com/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16.1
Copied!
4.2] Local Registry
Follow this section when 'local registry' is used on the undercloud.
In this case it is necessary to push the TrilioVault containers to the undercloud registry.
TrilioVault provides shell scripts which will pull the containers from 'registry.connect.redhat.com' and push them to the undercloud and updates the trilio_env.yaml.
RHOSP13
1
cd /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp13/scripts/
2
​
3
./prepare_trilio_images.sh <undercloud_ip/hostname> 4.1.94-hotfix-5-rhosp13
4
​
5
## Verify changes
6
$ grep '4.1.94-hotfix-5-rhosp13' ../environments/trilio_env.yaml
7
   DockerTrilioDatamoverImage: 172.25.2.2:8787/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp13
8
   DockerTrilioDmApiImage: 172.25.2.2:8787/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp13
9
   DockerHorizonImage: 172.25.2.2:8787/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp13
Copied!
RHOSP 16.0
1
cd /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16/scripts/
2
​
3
./prepare_trilio_images.sh <undercloud_ip/hostname> 4.1.94-hotfix-5-rhosp16
4
​
5
## Verify changes
6
$ grep 'Image' ../environments/trilio_env.yaml
7
   DockerTrilioDatamoverImage: undercloud.ctlplane.localdomain:8787/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16
8
   DockerTrilioDmApiImage: undercloud.ctlplane.localdomain:8787/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16
9
   ContainerHorizonImage: undercloud.ctlplane.localdomain:8787/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16
Copied!
RHOSP16.1
1
cd /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/scripts/
2
​
3
./prepare_trilio_images.sh <undercloud_ip/hostname> 4.1.94-hotfix-5-rhosp16.1
4
​
5
## Verify changes
6
$ grep 'Image' ../environments/trilio_env.yaml
7
   DockerTrilioDatamoverImage: undercloud.ctlplane.localdomain:8787/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16.1
8
   DockerTrilioDmApiImage: undercloud.ctlplane.localdomain:8787/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16.1
9
   ContainerHorizonImage: undercloud.ctlplane.localdomain:8787/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16.1
Copied!
4.3] Red Hat Satellite Server
Follow this section when a Satellite Server is used for the container registry.
Pull the TrilioVault containers on the Red Hat Satellite using the given Red Hat registry URLs.​
Populate the trilio_env.yaml with container urls.
RHOSP 13
1
$ grep '4.1.94-rhosp13' ../environments/trilio_env.yaml
2
   DockerTrilioDatamoverImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp13
3
   DockerTrilioDmApiImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp13
4
   DockerHorizonImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp13
Copied!
RHOSP 16.0
1
$ grep 'Image' trilio_env.yaml
2
   DockerTrilioDatamoverImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16
3
   DockerTrilioDmApiImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16
4
   ContainerHorizonImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16
Copied!
RHOSP16.1
1
$ grep 'Image' trilio_env.yaml
2
   DockerTrilioDatamoverImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16.1
3
   DockerTrilioDmApiImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16.1
4
   ContainerHorizonImage: <SATELLITE_REGISTRY_URL>/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16.1
Copied!
5] Provide environment details in trilio-env.yaml
Provide backup target details and other necessary details in the provided environment file. This environment file will be used in the overcloud deployment to configure Trilio components. Container image names have already been populated in the preparation of the container images. Still it is recommended to verify the container URLs.
The following information are required additionally:
Network for the datamover api
datamover password
Backup target type {nfs/s3}
In case of NFS
list of NFS Shares
NFS options
In case of S3
S3 type {amazon_s3/ceph_s3}
S3 Access key
S3 Secret key
S3 Region name
S3 Bucket
S3 Endpoint URL
S3 Signature Version
S3 Auth Version
S3 SSL Enabled {true/false}
S3 SSL Cert
Use ceph_s3 for any non-aws S3 backup targets.
1
resource_registry:
2
  OS::TripleO::Services::TrilioDatamover: ../services/trilio-datamover.yaml
3
  OS::TripleO::Services::TrilioDatamoverApi: ../services/trilio-datamover-api.yaml
4
  # NOTE: If there are addition customizations to the endpoint map (e.g. for
5
  # other integratiosn), this will need to be regenerated.
6
  OS::TripleO::EndpointMap: endpoint_map.yaml
7
​
8
parameter_defaults:
9
​
10
   ## Enable TrilioVault's quota functionality on horizon
11
   ExtraConfig:
12
     horizon::customization_module: 'dashboards.overrides'
13
​
14
   ## Define network map for trilio datamover api service
15
   ServiceNetMap:
16
       TrilioDatamoverApiNetwork: internal_api
17
​
18
   ## TrilioVault Datamover Password for keystone and database
19
   TrilioDatamoverPassword: "test1234"
20
​
21
   ## TrilioVault container pull urls
22
   DockerTrilioDatamoverImage: devundercloud.ctlplane.localdomain:8787/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16.1
23
   DockerTrilioDmApiImage: devundercloud.ctlplane.localdomain:8787/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16.1
24
​
25
   ## If you do not want Trilio's horizon plugin to replace your horizon container, just comment following line.
26
   ContainerHorizonImage: devundercloud.ctlplane.localdomain:8787/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16.1
27
​
28
   ## Backup target type nfs/s3, used to store snapshots taken by triliovault
29
   BackupTargetType: 'nfs'
30
​
31
   ## For backup target 'nfs'
32
   NfsShares: '192.168.122.101:/opt/tvault'
33
   NfsOptions: 'nolock,soft,timeo=180,intr,lookupcache=none'
34
​
35
   ## For backup target 's3'
36
   ## S3 type: amazon_s3/ceph_s3
37
   S3Type: 'amazon_s3'
38
​
39
   ## S3 access key
40
   S3AccessKey: ''
41
​
42
   ## S3 secret key
43
   S3SecretKey: ''
44
​
45
   ## S3 region, if your s3 does not have any region, just keep the parameter as it is
46
   S3RegionName: ''
47
​
48
   ## S3 bucket name
49
   S3Bucket: ''
50
​
51
   ## S3 endpoint url, not required for Amazon S3, keep it as it is
52
   S3EndpointUrl: ''
53
​
54
   ## S3 signature version
55
   S3SignatureVersion: 'default'
56
​
57
   ## S3 Auth version
58
   S3AuthVersion: 'DEFAULT'
59
​
60
   ## If S3 backend is not Amazon S3 and SSL is enabled on S3 endpoint url then change it to 'True', otherwise keep it as 'False'
61
   S3SslEnabled: False
62
​
63
   ## If S3 backend is not Amazon S3 and SSL is enabled on S3 endpoint URL and SSL certificates are self signed, then
64
   ## user need to set this parameter value to: '/etc/tvault-contego/s3-cert.pem', otherwise keep it's value as empty string.
65
   S3SslCert: ''
66
​
67
   ## Don't edit following parameter
68
   EnablePackageInstall: True
Copied!
6. Advanced Settings/Configuration
6.1 Haproxy customized configuration for TrilioVault dmapi service 
The existing default haproxy configuration works fine with most of the environments. Only when timeout issues with the dmapi are observed or other reasons are known, change the configuration as described here.
Following is the haproxy conf file location on haproxy nodes of the overcloud.
TrilioVault datamover api service haproxy configuration gets added to this file.
1
/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg
Copied!
TrilioVault datamover haproxy default configuration from the above file looks as follows:
1
listen trilio_datamover_api
2
  bind 172.25.0.107:13784 transparent ssl crt /etc/pki/tls/private/overcloud_endpoint.pem
3
  bind 172.25.0.107:8784 transparent
4
  balance roundrobin
5
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
6
  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
7
  http-request set-header X-Forwarded-Port %[dst_port]
8
  maxconn 50000
9
  option httpchk
10
  option httplog
11
  retries 5
12
  timeout check 10m
13
  timeout client 10m
14
  timeout connect 10m
15
  timeout http-request 10m
16
  timeout queue 10m
17
  timeout server 10m
18
  server overcloud-controller-0.internalapi.localdomain 172.25.0.106:8784 check fall 5 inter 2000 rise 2
19
​
Copied!
The user can change the following configuration parameter values.
1
retries 5
2
timeout http-request 10m
3
timeout queue 10m
4
timeout connect 10m
5
timeout client 10m
6
timeout server 10m
7
timeout check 10m
8
balance roundrobin
9
maxconn 50000
Copied!
To change these default values, you need to do the following steps.
i) On the undercloud node, open the following file for edit (Edit <RHOSP_RELEASE> with your cloud's release information. Valid values are - rhosp13, rhosp16, rhosp16.1)
For RHOSP13
1
/home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp13/services/trilio-datamover-api.yaml
Copied!
For RHOSP16.0
1
/home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16/services/trilio-datamover-api.yaml
Copied!
For RHOSP16.1
1
/home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/services/trilio-datamover-api.yaml
Copied!
ii) Search the following entries and edit as required
1
          tripleo::haproxy::trilio_datamover_api::options:
2
             'retries': '5'
3
             'maxconn': '50000'
4
             'balance': 'roundrobin'
5
             'timeout http-request': '10m'
6
             'timeout queue': '10m'
7
             'timeout connect': '10m'
8
             'timeout client': '10m'
9
             'timeout server': '10m'
10
             'timeout check': '10m'
Copied!
iii) Save the changes.
7] Deploy overcloud with trilio environment
Use the following heat environment file and roles data file in overcloud deploy command:
1.
trilio_env.yaml
2.
roles_data.yaml
3.
Use correct Trilio endpoint map file as per available Keystone endpoint configuration
1.
Instead of tls-endpoints-public-dns.yaml file, use environments/trilio_env_tls_endpoints_public_dns.yaml
2.
Instead of tls-endpoints-public-ip.yaml file, useenvironments/trilio_env_tls_endpoints_public_ip.yaml
3.
Instead of tls-everywhere-endpoints-dns.yaml file, useenvironments/trilio_env_tls_everywhere_dns.yaml
To include new environment files use '-e' option and for roles data file use '-r' option.
An example overcloud deploy command is shown below:
1
openstack overcloud deploy --templates \
2
  -e /home/stack/templates/node-info.yaml \
3
  -e /home/stack/templates/overcloud_images.yaml \
4
  -e /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/environments/trilio_env.yaml \
5
  -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-tls.yaml \
6
  -e /usr/share/openstack-tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml \
7
  -e /home/stack/triliovault-cfg-scripts/redhat-director-scripts/rhosp16.1/environments/trilio_env_tls_endpoints_public_dns.yaml \
8
  --ntp-server 192.168.1.34 \
9
  --libvirt-type qemu \
10
  --log-file overcloud_deploy.log \
11
  -r /home/stack/templates/roles_data.yaml
Copied!
8] Verify deployment
If the containers are in restarting state or not listed by the following command then your deployment is not done correctly. Please recheck if you followed the complete documentation.
8.1] On Controller node 
Make sure Trilio dmapi and horizon containers are in a running state and no other Trilio container is deployed on controller nodes. 
When the role for these containers is not "controller" check on respective nodes according to configured roles_data.yaml.
1
[[email protected] heat-admin]# podman ps | grep trilio
2
26fcb9194566  rhosptrainqa.ctlplane.localdomain:8787/trilio/trilio-datamover-api:4.1.94-hotfix-5-rhosp16.1        kolla_start           5 days ago  Up 5 days ago         trilio_dmapi
3
094971d0f5a9  rhosptrainqa.ctlplane.localdomain:8787/trilio/trilio-horizon-plugin:4.1.94-hotfix-5-rhosp16.1       kolla_start           5 days ago  Up 5 days ago         horizon
Copied!
Verify the haproxy configuration under:
1
/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg
Copied!
8.2] On Compute node
Make sure Trilio datamover container is in running state and no other Trilio container is deployed on compute nodes. 
1
[[email protected] heat-admin]# podman ps | grep trilio
2
b1840444cc59  rhosptrainqa.ctlplane.localdomain:8787/trilio/trilio-datamover:4.1.94-hotfix-5-rhosp16.1                    kolla_start           5 days ago  Up 5 days ago         trilio_datamover
Copied!
8.3] On the node with Horizon service
Make sure horizon container is in running state. Please note that 'Horizon' container is replaced with Trilio Horizon container. This container will have latest OpenStack horizon + TrilioVault's horizon plugin.
1
[[email protected] heat-admin]# podman ps | grep horizon
2
094971d0f5a9  rhosptrainqa.ctlplane.localdomain:8787/trilio/trilio-horizon-plugin:4.1.94-hotfix-4-rhosp16.1       kolla_start           5 days ago  Up 5 days ago         horizon
Copied!
9] Additional Steps on TrilioVault Appliance
9.1] Change the nova user id on the TrilioVault Nodes
In RHOSP, 'nova' user id on nova-compute docker container is set to '42436'. The 'nova' user id on the TrilioVault nodes need to be set the same. Do the following steps on all TrilioVault nodes:
1.
Download the shell script that will change the user id
2.
Assign executable permissions
3.
Execute the script
4.
Verify that 'nova' user and group id has changed to '42436'
1
## Download the shell script
2
$ curl -O https://raw.githubusercontent.com/trilioData/triliovault-cfg-scripts/master/common/nova_userid.sh
3
​
4
## Assign executable permissions
5
$ chmod +x nova_userid.sh
6
​
7
## Execute the shell script to change 'nova' user and group id to '42436'
8
$ ./nova_userid.sh
9
​
10
## Ignore any errors and verify that 'nova' user and group id has changed to '42436'
11
$ id nova
12
   uid=42436(nova) gid=42436(nova) groups=42436(nova),990(libvirt),36(kvm)
Copied!
10] Troubleshooting for overcloud deployment failures
Trilio components will be deployed using puppet scripts.
oIn case of the overcloud deployment failing do the following command provide the list of errors.
The following document also provides valuable insights: https://docs.openstack.org/tripleo-docs/latest/install/troubleshooting/troubleshooting-overcloud.html​
1
openstack stack failures list overcloud
2
heat stack-list --show-nested -f "status=FAILED"
3
heat resource-list --nested-depth 5 overcloud | grep FAILED
4
​
5
=> If trilio datamover api containers does not start well or in restarting state, use following logs to debug.
6
​
7
​
8
docker logs trilio_dmapi
9
​
10
tailf /var/log/containers/trilio-datamover-api/dmapi.log
11
​
12
 
13
​
14
=> If trilio datamover containers does not start well or in restarting state, use following logs to debug.
15
​
16
​
17
docker logs trilio_datamover
18
​
19
tailf /var/log/containers/trilio-datamover/tvault-contego.log
Copied!