OpenStack Lifecycle Management Tools

In a joint effort Jannis Rake-Revelant, Jürgen Brüder, and myself Edmund Haselwanter had a look at several what we call "Openstack Lifecycle Management tools".

This time Jürgen Brüder did most of the work, so thanks for sharing your findings :-)

Deploying Openstack with Stackforge and Chef Server

Stackforge provides an open-source repository to setup Openstack with Chef. You can deploy it with a Chef-Server or simply by using Chef-Zero.

It currently includes all OpenStack core projects: Compute, Dashboard, Identity, Image, Network, Object Storage, Block Storage, Telemetry and Orchestration.

In this documents we will be using Chef Server to setup our deployment. We will be using Vagrant to create three virtual machines for us.

Using Vagrant for Test setup

Vagrant can be installed on nearly all operating systems. We will be using Mac OS X for this example.

If you are on Mac OS X, you'll need to install Xcode Command Line Tools from https://developer.apple.com/downloads/

Installing ChefDK

To ensure a proper working deployment, we recommend using the ChefDK for installing all needed Gem dependencies. This will also install Berkshelf etc.

Just follow this link a download the version that fits your OS. Then install it: http://downloads.getchef.com/chef-dk/

Installing VirtualBox and Vagrant

Install the latest VirtualBox for your operating system: https://www.virtualbox.org/wiki/Downloads

Then install the latest version of Vagrant: https://www.vagrantup.com/downloads

Create the VMs

Create a directory called stackforge-chef-server in your home directory. Inside of it, create a file called Vagrantfile.

Add this content to the Vagrantfile:

Vagrant.require_version ">= 1.1"

Vagrant.configure("2") do |config|

  # get local ip so that we can force chef zero onto a different port per
  # machine, allowing for multiple simultaneous vagrant up runs
  local_ip = Socket.ip_address_list.detect{|intf| intf.ipv4_private?}.ip_address

  # virtualbox provider settings
  config.vm.provider "virtualbox" do |vb|
    vb.customize ["modifyvm", :id, "--cpus", 2]
    vb.customize ["modifyvm", :id, "--memory", 2048]
    vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
    vb.customize ["modifyvm", :id, "--nicpromisc3", "allow-all"]
  end

  #################################
  # Ubuntu 12.04 controller       #
  #################################

  config.vm.define :ubuntu1204cont do |ubuntu1204cont|

    ubuntu1204cont.vm.hostname = "ubuntu1204cont"

    ubuntu1204cont.vm.box = "opscode-ubuntu-12.04"
    ubuntu1204cont.vm.box_url = "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box"

    ubuntu1204cont.vm.network "forwarded_port", guest: 443, host: 8443     # dashboard-ssl
    ubuntu1204cont.vm.network "forwarded_port", guest: 8773, host: 8773    # compute-ec2-api
    ubuntu1204cont.vm.network "forwarded_port", guest: 8774, host: 8774    # compute-api
    ubuntu1204cont.vm.network "private_network", ip: "192.168.3.60"
    ubuntu1204cont.vm.network "private_network", ip: "172.16.10.60"
  end

  #################################
  # Ubuntu 12.04 compute1         #
  #################################

  config.vm.define :ubuntu1204comp1 do |ubuntu1204comp1|

    ubuntu1204comp1.vm.hostname = "ubuntu1204comp1"

    ubuntu1204comp1.vm.box = "opscode-ubuntu-12.04"
    ubuntu1204comp1.vm.box_url = "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box"

    ubuntu1204comp1.vm.network "private_network", ip: "192.168.3.61"
    ubuntu1204comp1.vm.network "private_network", ip: "172.16.10.61"
  end

  #################################
  # Ubuntu 12.04 chefsererv       #
  #################################

  config.vm.define :ubuntu1204chef do |ubuntu1204comp1|

    ubuntu1204comp1.vm.hostname = "ubuntu1204chef"

    ubuntu1204comp1.vm.box = "opscode-ubuntu-12.04"
    ubuntu1204comp1.vm.box_url = "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box"

    ubuntu1204comp1.vm.network "private_network", ip: "192.168.3.62"
  end

end

What this Vagrantfile does it to setup three VMs for us. This way, we can give the VMs all necessary network configurations that we need directly through the file.

Simply run this command in the directory with the Vagrantfile:

1vagrant up

To SSH into the Machines, simply run from the stackforge-chef-server directory:

1vagrant ssh ubuntu1204chef
2
3vagrant ssh ubuntu1204cont
4
5vagrant ssh ubuntu1204comp1

Setup Chef Server

On the ubuntu1204chef machine, run the following commands to setup a Chef Server:

1wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef-server_11.1.4-1_amd64.deb
2sudo dpkg -i chef-server_11.1.4-1_amd64.deb
3sudo chef-server-ctl reconfigure

Point your browser to the Chef VM and login using admin and p@ssw0rd1. Change the password after the login, regenerate the key and copy the key somewhere safe.

Setup Workstation

After installing the ChefDK earlier on your workstation we have installed everything we need to connect to your Chef Server.

Inside your terminal run:

1export PATH="/opt/chefdk/embedded/bin:${HOME}/.chefdk/gem/ruby/2.1.0/bin:$PATH"
2chef

If both works, everything is setup just fine.

Clone the Chef-Repo Inside your home directory like so:

1git clone git://github.com/opscode/chef-repo.git
2
3Cloning into 'chef-repo'...
4remote: Counting objects: 199, done.
5remote: Compressing objects: 100% (119/119), done.
6remote: Total 199 (delta 71), reused 160 (delta 47)
7Receiving objects: 100% (199/199), 30.45 KiB, done.
8Resolving deltas: 100% (71/71), done.

Inside of the chef-repo directory create a new directory called .chef:

1sudo mkdir -p .chef

Now we only need to configure the knife plugin:

1knife configure --initial

Answer the questions of the setup. If you have configured everything correctly, you can run the following command to see if everything worked:

1knife client list

Bootstrap Nodes

Navigate into your chef-repo and run:

1knife bootstrap localhost --sudo -x vagrant -P vagrant --ssh-port 2222 -N ubuntu1204cont --bootstrap-version 11.14.6-1
2knife bootstrap localhost --sudo -x vagrant -P vagrant --ssh-port 2200 -N ubuntu1204comp1 --bootstrap-version 11.14.6-1

Please make sure, that the ports numbers are correct. While running the vagrant up command earlier, Vagrant will have shown you the correct port numbers.

Checkout Repo and bundle upload

Navigate into chef-repo/cookbooks and clone the Stackforge cookbook there:

1git clone -b stable/icehouse https://github.com/stackforge/openstack-chef-repo.git

To setup all cookbooks with your Chef server do

1cd openstack-chef-repo
2berks install
3berks upload

If you encounter problems regarding SSL, you can create a config.json file in your ~/.berkshelf directory:

1{
2  "ssl": {
3    "verify": false
4  }
5}

Create environment

Now we create the environment our deployment will be using:

 1export EDITOR=$(which vi)
 2knife environment create multi-node
 3
 4{
 5    "name": "multi-node",
 6    "description": "Environment used in testing the upstream cookbooks and reference Chef repository with vagrant. To be used with the Vagrantfile-multi-neutron vagrantfile. Defines the necessary attributes for a working mutltinode (1 controller/n computes) openstack deployment, using neutron (with gre tunnels between hosts) for the networking component.",
 7    "cookbook_versions": {},
 8    "json_class": "Chef::Environment",
 9    "chef_type": "environment",
10    "default_attributes": {},
11    "override_attributes": {
12        "mysql": {
13            "allow_remote_root": true,
14            "root_network_acl": ["%"]
15        },
16        "openstack": {
17            "developer_mode": true,
18            "identity": {
19                "bind_interface": "eth1"
20            },
21            "endpoints": {
22                "host": "192.168.3.60",
23                "mq": {
24                    "host": "192.168.3.60",
25                    "bind_interface": "eth1"
26                },
27                "db": {
28                    "host": "192.168.3.60",
29                    "bind_interface": "eth1"
30                },
31                "network": {
32                    "debug": "True",
33                    "dhcp": {
34                        "enable_isolated_metadata": "True"
35                    },
36                    "metadata": {
37                        "nova_metadata_ip": "192.168.3.60"
38                    },
39                    "openvswitch": {
40                        "tunnel_id_ranges": "1:1000",
41                        "enable_tunneling": "True",
42                        "tenant_network_type": "gre",
43                        "local_ip_interface": "eth2"
44                    },
45                    "api": {
46                        "bind_interface": "eth1"
47                    }
48                },
49                "image": {
50                    "api": {
51                        "bind_interface": "eth1"
52                    },
53                    "registry": {
54                        "bind_interface": "eth1"
55                    },
56                    "image_upload": true,
57                    "upload_images": [
58                        "cirros",
59                        "ubuntu"
60                    ],
61                    "upload_image": {
62                        "ubuntu": "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img",
63                        "cirros": "https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img"
64                    }
65                },
66                "compute": {
67                    "xvpvnc_proxy": {
68                        "bind_interface": "eth1"
69                    },
70                    "novnc_proxy": {
71                        "bind_interface": "eth1"
72                    },
73                    "libvirt": {
74                        "virt_type": "qemu"
75                    },
76                    "network": {
77                        "public_interface": "eth1",
78                        "service_type": "neutron"
79                    },
80                    "config": {
81                        "ram_allocation_ratio": 5
82                    }
83                }
84            }
85        }
86    }
87}

Now we add the multi-node environment to our nodes:

1knife node environment_set ubuntu1204cont multi-node
2
3knife node environment_set ubuntu1204comp1 multi-node

Add Roles and recipes to nodes

Next, we will be adding the necessary roles to our Chef Server.

Once again inside chef-repo/cookbooks/openstack-chef-repo run

1knife role from file roles/*.json

Now that the roles are on the Chef Server, we can add them to the nodes:

1knife node run_list add ubuntu1204cont "role[os-compute-single-controller-no-network],recipe[openstack-network::identity_registration]","role[os-network-openvswitch]","role[os-network-dhcp-agent]","role[os-network-metadata-agent]","role[os-network-server]"
2
3knife node run_list add ubuntu1204comp1 "role[os-compute-worker]"

As you can see, we configure one node to to be the Controller/Compute node and one to be just an additional Compute node.

Chef Client run

SSH on your nodes (ubuntu1204cont, ubuntu1204comp1) and run:

1sudo chef-client

Test the deployment

You can now login at the URL of the first VM. Use the username admin and the password admin for this. If you navigate to Admin -> System Panel -> Host Aggregates you should see both nodes listed.