how to build your own openstack distro using puppet openstack
DESCRIPTION
In a joint meetup with the Sydney Puppet User Group, Michael will demonstrate how to build an OpenStack distro from scratch using the community OpenStack Puppet modules. In an interactive session with the audience, we’re going to pick a Linux distro, use the roles + profiles pattern, use Hiera to populate data, and build up a complete OpenStack cluster inside VMs running the OpenStack Identity, Image, Compute and Networking services. Although there are vendor tools available that can assist with this process, such as Fuel, Cisco OpenStack Installer and Aptira's own Stacktira, understanding how the modules fit together will allow an operator to easily add their own customisations to the any of these systems. Michael has been working in the cloud computing space, both in a research and enterprise context for several years, with OpenStack production experience stretching all the way back to the third release, 'Cactus'. He leads the Aptira software engineering team in developing deployment and operations tools for OpenStack. Michael is a maintainer of and a driving force behind the most widely used OpenStack deployment tool set, Puppet-OpenStack. He holds a Bachelor of Software Engineering with Honours from Australian National University and is regularly invited back to his alma mater to guest lecture.TRANSCRIPT
![Page 1: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/1.jpg)
Puppet + OpenstackMichael Chapman
![Page 2: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/2.jpg)
OpenStack has two major organisations on github:
openstack
stackforge
![Page 3: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/3.jpg)
The openstack organisation contains all of the code for the official projects - nova,
neutron, docs etc.
These are projects that have gone through the official community graduation process
and are part of the integrated release.
![Page 4: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/4.jpg)
The stackforge organisation on the other hand has very low requirements in order to
have a repository added. This accommodates things that are related to Openstack an official repository around
which communities can form.
![Page 5: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/5.jpg)
This is where the community puppet modules are located.
https://github.com/stackforge/puppet-*
![Page 6: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/6.jpg)
Today I’m going to make a 2 node OpenStack cluster in vagrant using these
modules + other puppet modules.
I’m not starting from nothing, because there’s a bit of boilerplate that’s tedious to
write but necessary.
![Page 7: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/7.jpg)
1. Vagrantfile
We have two nodes defined. Each is going to run a bash script, and then run puppet.
Both nodes have 3 network interfaces defined.
![Page 8: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/8.jpg)
192.168.242.0/24 deploy
10.2.4.0/24 public
10.4.4.0/24 internal
control compute
VM VM
nova
keystoneglanceneutron
neutronnova
mysqlrabbitmq
ovslibvirtqemu
ovs
![Page 9: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/9.jpg)
2. Bash script
I use an idempotent bash script that prepares nodes to run puppet. (Can be
safely run multiple times)
install and configure [proxy, repo, puppet, fqdn]
![Page 10: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/10.jpg)
Turn off the firewall.
Let’s not deal with that today.
OpenStack is going to add its own rules to iptables so be careful of doing this in a non-
destructive way.
![Page 11: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/11.jpg)
3. Hiera
I use a very simple hiera.yaml for this tutorial, but my prod one is a lot deeper.
Use facts to separate your data out.hostname, role, environment etc.
![Page 12: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/12.jpg)
We’re going to do something along the lines of ‘nodeless puppet’, where we define our
roles as a list of classes in hiera.
Profiles are handy where you need more logic for sub-choices, eg I ‘want neutron with
plugin X’, but we won’t need them.
![Page 13: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/13.jpg)
4. Site.pp
Our base site manifest is going to determine its role based on hostname, and then load
the classes to include by looking up that key from hiera.
![Page 14: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/14.jpg)
Also has a resource to make sure the kernel is always the latest.
I’ll talk about this later.
![Page 15: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/15.jpg)
5. Puppetfile
This is used along with librarian-puppet to install modules from github.
![Page 16: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/16.jpg)
Use Puppetfile to install:
puppet-* from stackforgepuppetlabs-mysql
puppetlabs-rabbitmqpuppetlabs-stdlib
puppet-openstack_extras from gh/aptirapuppet-vswitch from gh/aptira
![Page 17: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/17.jpg)
I’m using the Aptira forks to get a couple of patches that are under review, but not yet
merged.
![Page 18: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/18.jpg)
What are our roles?
![Page 19: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/19.jpg)
Compute: runs hypervisor
Control: runs everything else.
![Page 20: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/20.jpg)
Need to set up our repos:
openstack_extras::repo::redhat::redhat
This is currently under review upstream but should be the default for juno. Use aptira
repo at: https://github.com/aptira/puppet-openstack_extras
![Page 21: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/21.jpg)
openstack_extras::repo::redhat::redhat::repo_hash: 'CentOS-Base': 'descr': 'CentOS-$releasever - Base' 'baseurl': "%{hiera('yum_base_mirror')}/$releasever/os/$basearch/" 'CentOS-Updates': 'descr': 'CentOS-$releasever - Updates' 'baseurl': "%{hiera('yum_base_mirror')}/$releasever/updates/$basearch/" 'CentOS-Extras': 'descr': 'CentOS-$releasever - Extras' 'baseurl': "%{hiera('yum_base_mirror')}/$releasever/extras/$basearch/" 'epel': 'descr': 'Extra Packages for Enterprise Linux 6 - $basearch' 'baseurl': "%{hiera('yum_epel_mirror')}/$releasever/$basearch/" 'gpgkey': 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6' 'failovermethod': 'priority'openstack_extras::repo::redhat::redhat::gpgkey_hash: '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6': 'source': 'puppet:///modules/openstack_extras/RPM-GPG-KEY-EPEL-6'
![Page 22: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/22.jpg)
Interpolation
control_internal: 10.4.4.10
keystone::database_connection: “mysql://keystone:key_pass@%{hiera(‘control_internal’)}/keystone”
![Page 23: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/23.jpg)
Start with mysql
mysql::server
![Page 24: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/24.jpg)
Add keystone to control
keystonekeystone::roles::adminkeystone::db::mysql
![Page 25: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/25.jpg)
auth creds:
openstack::auth_file
![Page 26: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/26.jpg)
Add glance to control node
glance::apiglance::registryglance::backend::fileglance::db::mysqlglance::keystone::auth
![Page 27: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/27.jpg)
Rabbit for nova, neutron
There’s a wrapper provided in the nova module.
nova::rabbitmq
Horrible anti-pattern. Don’t do this in your own modules.
![Page 28: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/28.jpg)
Add nova to control node
novanova::apinova::schedulernova::network::neutronnova::conductornova::db::mysqlnova::keystone::auth
![Page 29: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/29.jpg)
neutronneutron::serverneutron::server::notificationsneutron::agents::metadataneutron::agents::dhcpneutron::agents::ml2::ovsneutron::plugins::ml2neutron::db::mysqlneutron::keystone::auth
Add neutron
![Page 30: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/30.jpg)
We should be able to interact with the cloud now, even though there aren’t any
hypervisors.
![Page 31: How to build your own OpenStack distro using Puppet OpenStack](https://reader035.vdocuments.us/reader035/viewer/2022062313/5575c997d8b42a312a8b50ad/html5/thumbnails/31.jpg)
Compute node
novanova::computenova::compute::libvirtnova::compute::neutronnova::network::neutronneutronneutron::plugins::ml2neutron::agents::ml2::ovs