Last active
April 15, 2017 09:14
-
-
Save bot11/b5dc7c67fd9348d844b2 to your computer and use it in GitHub Desktop.
Install openstack controller using chef cookbooks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ** Proxy configuration at the end of document. Make sure you have it in case if you internet is routed from proxy | |
| Installation of chef server: | |
| --------------------------- | |
| 1) Install pre-requisites: | |
| $ apt-get update | |
| $ apt-get install build-essential | |
| $ apt-get install ruby1.9.3 | |
| $ apt-get install ruby-dev | |
| 1) Download the .deb package required from http://downloads.getchef.com/chef-server/ | |
| $ wget https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/natty/chef-server_11.1.6-1_amd64.deb | |
| 2) Install the package | |
| $ dpkg -i chef-server_11.1.6-1_amd64.deb | |
| 3) Configure the chef server: | |
| $ /usr/bin/chef-server-ctl reconfigure | |
| Install the workstation: | |
| ------------------------ | |
| **We used the same chef server as workstation here** | |
| 1) Install the chef client from | |
| https://www.chef.io/download-chef-client/ | |
| $ wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.16.4-1_amd64.deb | |
| 2) Make sure ruby and the prerequisites mentioned are installed. | |
| 3) Install the package as: | |
| $ dpkg -i chef_11.16.4-1_amd64.deb | |
| 4) Copy the chef-validator.pem and admin.pem to the chef client. | |
| $ cp /etc/chef-server/chef-validator.pem /etc/chef | |
| $ cp /etc/chef-server/admin.pem /etc/chef | |
| 5) Download the chef-repo and put in a directory.Currently chef-repo is in [/opt/openstack-chef-repo] | |
| $ cd /opt | |
| $ git clone https://github.com/stackforge/openstack-chef-repo | |
| 6) Run the initial knife configuration: | |
| $ knife configure initial | |
| 7) Verify the knife configured properly by checking the command: | |
| $ knife client list | |
| chef-validator | |
| chef-webui | |
| Configure on workstation: | |
| openstack cookbooks, roles, environments and data bags | |
| ---------------------------------------------------------------- | |
| 1) Switch the repo content to the branch required. In this case "stable/icehouse" | |
| $ cd /opt/openstack-chef-repo | |
| $ git checkout "stable/icehouse" | |
| 2) In the chef-repo directory, run the following command to install the ruby gems needed. | |
| $ bundle install --path=.bundle | |
| 3) Download the cookbooks and dependency cookbooks using the following command: | |
| $ bundle exec berks install --path=cookbooks | |
| Note: | |
| * The berkshelf gem initally copies the cookbooks to the /root/.berkshelf/cookbooks directory. The bundle gem will fetch them to the current path specified, in this case "cookbooks" directory present in your chef-repo directory. | |
| * In case if you are getting non http proxy is not supported, change the https proxy to point to http proxy itself. | |
| 4) Now upload the cookbooks to the chef-server. | |
| $ knife cookbook upload -a | |
| In case if you get errors like maintainer_email is incorrect. | |
| Add "maintainer_email '[email protected]'" to metadata.rb of : | |
| openstack-network/ | |
| openstack-image/ | |
| openstack-orchestration/ | |
| openstack-object-store/ | |
| 5) Upload the roles given to the servers | |
| $ cd /opt/openstack-chef-repo/roles | |
| $ knife role from file *.json | |
| Verify the roles using the command: | |
| $ knife role list | |
| 6) Upload the environements required. | |
| $ knife environment from file vagrant-aio-nova.json | |
| 7) Upload the data bags which store the passowrds required for mysql, rabbit mq and other openstack services. | |
| Before creating databags , create a encrypted secret key. We need to copy this secret key to the node that we bootstrap in the future in order to decrypt. | |
| $ openssl rand -base64 512 |tr -d '\r\n' > /etc/chef-server/encrypted_data_bag_secret | |
| We need 4 data bags: | |
| run the bash snippet given for each of the databags | |
| 1) user_passwords | |
| user_passwords ITEM example : {"id" : "admin", "admin" : "mypass"} | |
| bash snipppet: | |
| for p in admin guest ; do | |
| knife data bag create user_passw $p --secret-file ~/.chef/openstack_data_bag_secret; | |
| done | |
| 2) db_passwords | |
| bash snippet: | |
| for p in nova horizon keystone glance ceilmeter neutron cinder heat dash ; do | |
| knife data bag create db_passwords $p --secret-file ~/.chef/openstack_data_bag_secret; | |
| done | |
| 3) service_passwords | |
| bash snippet: | |
| for item in openstack-image openstack-compute openstack-block-storage openstack-orchestration openstack-network rbd ; do | |
| knife data bag create service_passwords $p --secret-file ~/.chef/openstack_data_bag_secret; | |
| done | |
| 4) secrets | |
| bash snippet: | |
| for item in openstack_identity_bootstrap_token neutron_metadata_secret ; do | |
| knife data bag create secrets $p --secret-file ~/.chef/openstack_data_bag_secret; | |
| done | |
| Bootstrap the node: | |
| ------------------- | |
| 1) Make sure the proxy variables are set as required. [See the proxy section below this document to configure] | |
| 2) Make sure node is ssh accesible. | |
| 3) Run the bootstrap command from workstation. | |
| $ knife bootstrap --run-list "role[allinone-compute]" -N controller2 -x ks --sudo --environment vagrant-aio-nova 172.16.0.10 | |
| Errors encountered while bootstrap running: | |
| * Mysql Gem installation times out. Manually go and install the mysql gem on the node. | |
| $ /opt/chef/embedded/bin/gem install mysql -q --no-rdoc --no-ri -v "" | |
| * Glance doesnot support the proxy, and hence it throws 400 Bad request while uploading an image from the recipe. | |
| glance --debug --insecure --os-username glance --os-password openstack-image --os-tenant-name service --os-image-url http://127.0.0.1:9292 --os-auth-url http://127.0.0.1:5000/v2.0 image-create --name cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img | |
| Solution: Change the recipe, to support file upload and copy the image to some local directory in the node. | |
| On the node : | |
| $ cd /tmp | |
| $ wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img | |
| On the workstation: | |
| Edit , /opt/openstack-chef-repo/cookbooks/openstack-image/providers/image.rb and change line 72 as : | |
| localfile = '/tmp/cirros-0.3.0-x86_64-disk.img' | |
| command "#{glance_cmd} image-create --name #{name} --is-public true #{c_fmt} #{d_fmt} --file #{localfile}" | |
| Upload the cookbooks once again to the server. Run | |
| $ knife cookbook upload -a | |
| [[ proxy configuration ]] | |
| export http_proxy="http://anonymous:[email protected]:proxyport" | |
| export https_proxy="https://anonymous:[email protected]:proxyport" | |
| export no_proxy="127.0.0.1,localhost,public ip,fqdn,private ip" | |
| export EDITOR=$(which vim) | |
| git config --global url."https://".insteadOf git:// | |
| Also change the following configuration in /etc/wgetrc | |
| http_proxy=http://proxy.com:proxyport | |
| https_proxy=https://proxy.com:proxyport | |
| # If you do not want to use proxy at all, set this to off. | |
| use_proxy = on |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment