Deploying Openstack with Stackforge Chef-Zero Style

Edmund Haselwanter | 15.10.2014 Infrastructure as a Service

OpenStack Lifecycle Management Tools

In a joint effort Jannis Rake-Revelant, Jürgen Brüder, and myself Edmund Haselwanter had a look at several what we call "Openstack Lifecycle Management tools".

This time Jürgen Brüder did most of the work, so thanks for sharing your findings :-)

Deploying Openstack with Stackforge

Stackforge provides an open-source repository to setup Openstack with Chef. You can deploy it with a Chef-Server or simply by using Chef-Zero.

It currently includes all OpenStack core projects: Compute, Dashboard, Identity, Image, Network, Object Storage, Block Storage, Telemetry and Orchestration.

Stackforge also comes with a couple of Vagrantfiles that can be used to create a multi-node test deployment from scratch. This way, you also won't need a Chef Server for deployment.

Documentation and Tutorials

The following Git repository contains good documentation about using Stackforge: https://github.com/stackforge/openstack-chef-repo/tree/stable/icehouse

It also contains example configuration files for environments and roles.

Using Vagrant for Test setup

Vagrant can be installed on nearly all operating systems. We will be using Mac OS X for this example.

If you are on Mac OS X, you'll need to install Xcode Command Line Tools from https://developer.apple.com/downloads/

Installing ChefDK

To ensure a proper working deployment, we recommend using the ChefDK for installing all needed Gem dependencies. This will also install Berkshelf etc.

Just follow this link a download the version that fits your OS. Then install it: http://downloads.getchef.com/chef-dk/

Installing VirtualBox and Vagrant

Install the latest VirtualBox for your operating system: https://www.virtualbox.org/wiki/Downloads

Then install the latest version of Vagrant: https://www.vagrantup.com/downloads

To make the Vagrantfiles work, we need three additonal plugins for Vagrant. Open a terminal window and run these commands:

Now install the Omnibus, Chef-Zero and Berkshelf Vagrant plugin like this (order!)

1vagrant plugin install vagrant-berkshelf
2vagrant plugin install vagrant-chef-zero
3vagrant plugin install vagrant-omnibus

Please make sure to stick to the installation-order as listed above. Some plugins can have issues if installed in the wrong order.

Check the three plugins are really installed

1vagrant plugin list

Here is what we got back:

1vagrant-berkshelf (3.0.1)
2vagrant-chef-zero (0.7.1)
3vagrant-login (1.0.1, system)
4vagrant-omnibus (1.4.1)
5vagrant-share (1.1.2, system)

Deploying the Stackforge Cookbook

Clone the Stackforge openstack-chef-repo into your home directory:

1git clone -b stable/icehouse https://github.com/stackforge/openstack-chef-repo

Navigate into the created directory and rename the Vagrantfile-multi-neutron to Vagrantfile

1mv Vagrantfile-multi-neutron Vagrantfile

Now install all gems and cookbooks that are needed

1bundle install
2berks install

Now you can simply run this command to let Vagrant provision two VMs for you:

1vagrant up /ubuntu1204/

One will be an all-in-one node, the second one will be an additional compute node.

Vagrant Troubleshooting

If you run into any problems with Vagrant try setting:

1export VAGRANT_LOG=debug

Also make sure that the Vagrant Plugins are compatible to each other. They are developed on independent release schedules and a new version of a plugin might not work with an older version of the other plugins.

Testing the Openstack installation

You can now login at the URL of the first VM. Use the username admin and the password admin for this. If you navigate to Admin -> System Panel -> Host Aggregates you should see both nodes listed.

Analysing Vagrant Setup

To be able to create a production ready bare-metal deployment without Vagrant, we need to understand what Vagrant is doing to deploy Openstack on VMs.

Machine and Network setup

Vagrant uses two VMs with each having 2 CPUs and 2048MB memory. It also adds two promiscuous interfaces to each VM and allows all frames through.

Each machine will need access to two private networks. Vagrant is configuring this for each VM. The additional Compute node will have only these two networks configured:

1# Vagrantfile excerpt
2ubuntu1204comp1.vm.network "private_network", ip: "192.168.3.61"
3ubuntu1204comp1.vm.network "private_network", ip: "172.16.10.61"

Additionally, the Controller/Compute node will have three ports forwarded. Here the configuration of the Controller/Compute node:

1# Vagrantfile excerpt
2ubuntu1204cont.vm.network "forwarded_port", guest: 443, host: 8443     # dashboard-ssl
3ubuntu1204cont.vm.network "forwarded_port", guest: 8773, host: 8773    # compute-ec2-api
4ubuntu1204cont.vm.network "forwarded_port", guest: 8774, host: 8774    # compute-api
5ubuntu1204cont.vm.network "private_network", ip: "192.168.3.60"
6ubuntu1204cont.vm.network "private_network", ip: "172.16.10.60"

Chef-Zero and prerequisites

Vagrant is using Chef-Zero to setup the deployment. This means, that there is no actual Chef-Server necessary. This is a good approach for small deployments. It will also install all needed Chef dependencies (e.g. Berkshelf) on the VM with an omnibus installer.

During its run it will upload all needed cookbooks, all Openstack projects (Nova, Swift etc.) are available as a Chef cookbook, to Chef-Zero. On a bare machine you would run:

 1# Install Chef-Omnibus
 2curl -L https://www.opscode.com/chef/install.sh | bash
 3
 4# Checkout Stackforge repo
 5git clone -b stable/icehouse https://github.com/stackforge/openstack-chef-repo
 6cd openstack-chef-repo
 7
 8# Installing Berkshelf gem and cookbooks
 9/opt/chef/embedded/bin/gem install berkshelf --no-ri --no-rdoc
10/opt/chef/embedded/bin/berks vendor ./cookbooks

Create a Chef environment

The environment provides an overall configuration for our deployment. It can tell each VM where to look for specific services, which network interface to use for what etc. Stackforge comes with a number of predefined environments. For a production deployment we recommend to write your own.

We will modify one of the provided environments to fit our scenario better. Here you can see the environment that we will be using:

 1{
 2    "name": "vagrant-multi-neutron",
 3    "description": "Environment used in testing the upstream cookbooks and reference Chef repository with vagrant. To be used with the Vagrantfile-multi-neutron vagrantfile. Defines the necessary attributes for a working mutltinode (1 controller/n computes) openstack deployment, using neutron (with gre tunnels between hosts) for the networking component.",
 4    "cookbook_versions": {},
 5    "json_class": "Chef::Environment",
 6    "chef_type": "environment",
 7    "default_attributes": {},
 8    "override_attributes": {
 9        "mysql": {
10            "allow_remote_root": true,
11            "root_network_acl": ["%"]
12        },
13        "openstack": {
14            "developer_mode": true,
15            "identity": {
16                "bind_interface": "eth1"
17            },
18            "endpoints": {
19                "host": "192.168.3.60",
20                "mq": {
21                    "host": "192.168.3.60",
22                    "bind_interface": "eth1"
23                },
24                "db": {
25                    "host": "192.168.3.60",
26                    "bind_interface": "eth1"
27                },
28                "network": {
29                    "debug": "True",
30                    "dhcp": {
31                        "enable_isolated_metadata": "True"
32                    },
33                    "metadata": {
34                        "nova_metadata_ip": "192.168.3.60"
35                    },
36                    "openvswitch": {
37                        "tunnel_id_ranges": "1:1000",
38                        "enable_tunneling": "True",
39                        "tenant_network_type": "gre",
40                        "local_ip_interface": "eth2"
41                    },
42                    "api": {
43                        "bind_interface": "eth1"
44                    }
45                },
46                "image": {
47                    "api": {
48                        "bind_interface": "eth1"
49                    },
50                    "registry": {
51                        "bind_interface": "eth1"
52                    },
53                    "image_upload": true,
54                    "upload_images": [
55                        "cirros",
56                        "ubuntu"
57                    ],
58                    "upload_image": {
59                        "ubuntu": "http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img",
60                        "cirros": "https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img"
61                    }
62                },
63                "compute": {
64                    "xvpvnc_proxy": {
65                        "bind_interface": "eth1"
66                    },
67                    "novnc_proxy": {
68                        "bind_interface": "eth1"
69                    },
70                    "libvirt": {
71                        "virt_type": "qemu"
72                    },
73                    "network": {
74                        "public_interface": "eth1",
75                        "service_type": "neutron"
76                    },
77                    "config": {
78                        "ram_allocation_ratio": 5
79                    }
80                }
81            }
82        }
83    }
84}

You can create your the environment file under /openstack-chef-repo/environments/. The filename will needs to be vagrant-multi-neutron.json.

Define a run_list

Each machine gets it's own run_list. The run_list defines which roles or recipes are being used on that machine.

Here a listing of the run_list of each machine:

 1# Controller/Compute node
 2role[os-compute-single-controller-no-network]
 3recipe[openstack-network::identity_registration]
 4role[os-network-openvswitch]
 5role[os-network-dhcp-agent]
 6role[os-network-metadata-agent]
 7role[os-network-server]
 8
 9# Compute node
10role[os-compute-worker]
11recipe[apt::cacher-client]

If you would want to add a role to a machine manually, you can do this with this command:

1knife node run_list add NODE_NAME -z 'role[NAME_OF_ROLE]'

Run the Chef-Client

After everything is configured, Vagrant runs the Chef-Client on each VM. This will install everything that is needed and will create running deployment. This would be an equivalent command to run this manually:

1# Assuming you have a my-deployment.json inside the environments directory
2chef-client -z -E my-deployment

A quick rundown

Setup networking for your machines
Install the Chef-Omnibus-Installer on your machines
Install all needed cookbooks with Berkshelf
Create a Chef environment
Define the run_list for each machine
Run Chef-Client on each machine

Go Back explore our courses

Agile Testing CI/CD Bootcamp

Run your tests on autopilot with CI/CD pipelines.

Terraform Foundations

Introduction to modern infrastructure provisioning.

Cloud Native Essentials

This is an introduction to Kubernetes, an open-source system for automating deployment, scaling, and management of containerized applications.

Matthias Theuermann | 14.11.2024 Devops

Understanding DevOps and Cloud Maturity Models: A Guide to Elevating Your IT Strategy

In today’s fast-paced technological landscape, DevOps and Cloud practices are integral to accelerating software delivery and optimizing cloud resources. But as

Martin Buchleitner | 04.11.2024 Devops, IAC

Efficient Testing Environments with Vagrant and Ansible: Simplifying Automation

Setting up consistent testing environments is essential for development, and Vagrant combined with Ansible is a powerful, flexible solution for automating this

Martin Buchleitner | 17.10.2024 Infrastructure as Code, Devops, HashiCorp, Packer, Vault, Mondoo

Github Action to Build Golden Images with HashiCorp Packer

In previous posts we have already shown multiple ways to use HashiCorp Packer to build Golden Images. In this post we will show how to automate the process with

Martin Buchleitner | 16.10.2024 Infrastructure as Code, Devops, HashiCorp, Consul

Automating DNS Updates from Kubernetes - HashiCorp Style

In dynamic Kubernetes environments, managing DNS records can be a challenge. As services scale, redeploy, or change IP addresses, ensuring that DNS records

Martin Buchleitner | 15.10.2024 Infrastructure as Code, Devops, HashiCorp, Consul, Nomad, Çonsul Connect', Traefik

Secure Communication between HashiCorp Nomad and Traefik with Consul Connect

In today's rapidly evolving cloud-native landscape, the need for efficient service orchestration, service discovery, and secure communication between services

We are here for you

You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.