foreman-and-puppet-for-openstack-audo-deployment
TRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 1
Foreman&Puppet Integrated Solution for OpenStack Auto DeploymentYating YangFeb 10 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Agenda• Foreman&Puppet Solution for OpenStack deployment introduction (20min )
• Foreman introduction (30min )
• Puppet introduction (Optionnal : 10min)
• Q&A (10min)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
OpenStack Deployment Tools Overviewhttp://www.chenshake.com/openstack-deployment-tool-summary/
• Fuel ( Mirantis )• Devstack
• Crowbar
• Cobbler
• RDO
• Packstack
• TripleO
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Foreman & Puppet
Network
Controller
ComputeCompute
ComputeCompute
Network
Controller
ComputeCompute
ComputeCompute
Ironic
VMVM
VMVM
Baremetal
Foreman&Puppet Solution Architecture
OpenStack#1 OpenStack#2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
OpenStack Auto Deployment ProcessForeman Server
(include Puppet Master +PXE server)
Bare Metal #1
Ubuntu14.04 #1 with Puppet agent
Control Node
Bare Metal #2
Ubuntu14.04 #2 with Puppet agent
Computer Node
Bare Metal #3
Ubuntu14.04 #3 with Puppet agent
Network Node
Bare Metal #4
Ubuntu14.04 #4 with Puppet agent
Ironic Node
PXE
Puppet
PXE PXE PXE
PuppetPuppetPuppet
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
PXE for Ubuntu installation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Foreman GUI Config Process fore Bare Metal Installation
Foreman GUI
Add Preseed Templates
Add Partition Template
Add Ubuntu 14.04 OS
Add a Domain
Ubuntu 14.04 Bare Metal Add a Host Add 2
Subnet
CIMC (change BIOS boot from PXE, Reboot)
CIMC (change BIOS boot from HardDisk, Reboot)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Add Preseed Provisioning Templates
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Add a Partition Tables
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Add a New Operation systems
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Add Subnets
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Add a Domains
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Add a new Host
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Puppet Setting for OpenStack Deployment
Puppet OpenStack
Module Install
common.yaml configuration
site.pp configuration
OpenStack auto
Deployment Start
Puppet OpenStack
Module InstaComputer
Network
ControlWait 2 hours , Installation is
done
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
• The puppetlabs-openstack module is used to deploy a multi-node, all-in-one, or swift-only installation of OpenStack.
• Install puppet module
puppet module install puppetlabs-openstack
or git clone https://github.com/puppetlabs/puppetlabs-openstack.git
Puppet OpenStack Module Install
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Puppet OpenStack Version
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Each node needs a minimum of two network interfaces, and up to four. The network interfaces are divided into two groups.
• Public interfaces: API network.
External network.
• Internal interfaces: Management network.
Data network.
OpenStack Network Design
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
openstack::region: 'openstack’
######## Networks
openstack::network::api: '10.74.116.0/24'
openstack::network::external: '10.74.116.0/24'
openstack::network::management: '10.74.15.0/24'
openstack::network::data: '10.74.15.0/24’
openstack::network::external::ippool::start: 10.74.116.165
openstack::network::external::ippool::end: 10.74.116.168
openstack::network::external::gateway: 10.74.116.1
openstack::network::external::dns: 64.104.123.144
]
common.yaml sample######## Private Neutron Network
openstack::network::neutron::private: '10.0.0.0/24'
######## Fixed IPs (controllers)
openstack::controller::address::api: '10.74.116.163'openstack::controller::address::management: '10.74.15.85'openstack::storage::address::api: '10.74.116.163'openstack::storage::address::management: '10.74.15.85'
######## Database
openstack::mysql::root_password: 'spam-gak'openstack::mysql::service_password: 'fuva-wax'openstack::mysql::allowed_hosts: ['localhost', '127.0.0.1', '10.74.15.%’
… …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
node 'control' {
include ::openstack::role::controller
}
node 'network' {
include ::openstack::role::network
}
node 'compute' {
include ::openstack::role::compute
}
Site.pp sample
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
OpenStack ServicesController Node
nova-apinova-certnova-conductornova-consoleauthnova-novncproxynova-schedulerkeystoneneutron-serverglance-apiglance-registrydashboard
MySQL ServerRabbitMQ ServerNTP
Network Node Compute Node Ironic Node
neutron-dhcp-agentneutron-l3-agentneutron-metadata-agentneutron-ovs-cleanupneutron-plugin-openvswitch-agent
RabbitMQ ClientNTP
nova-computeneutron-ovs-cleanupneutron-plugin-openvswitch-agent
RabbitMQ ClientNTPHypervisor + libvirt
MySQL Clienttftp-hpaopenipmiNTP
ironic-apiironic-conductor
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 22
Foreman TOIYating YangFeb 10 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Foreman is a complete lifecycle management tool for physical and virtual servers.
Foreman is an open source tool that can help with the management of servers, by providing an easy way to interact with Puppet (or Chef) to automate tasks and application deployment.
Foreman provides a robust web user interface, API, and CLI which can be used to provision, configure, and monitor your servers.
What is Foreman
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Foreman Architecture
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Smart Proxies• The Smart Proxy is a project which provides a restful API to various sub-systems
• DHCP - ISC DHCP and MS DHCP Servers
• DNS - Bind and MS DNS Servers
• TFTP - any UNIX based tftp server
• Puppet - Any Puppet server from 0.24.x
• Puppet CA - Manage certificate signing, cleaning and autosign on a Puppet CA server
• Realm - Manage host registration to a realm (e.g. FreeIPA)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Foreman installer• A lot of options
• Interactive installation: -I
• Enables/disables stuff
• Creates a puppet tree skeleton
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Foreman GUI
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Provisioning• Bare metal and virtual machine
• Install any distribution
• Configure almost everything
• Decentralized (control remote TFTP, DNS, DHCP)
• ERB Scripting
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Automation• Trigger Puppet runs
• Advanced use: parameters,…
• History of changes
• ENC ( External Node Classifiers ) is optional
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Reporting• Visualize changes
• See the full logs
• View the facts
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Providers• Libvirt
• EC2
• OpenStack
• Google Compute Engine
• oVirt
• VMWare
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Features of providers• Depending on the provider
• Unattended installation
• Image-based install
• Power management
• Console (noVNC)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Operation System• CentOS/RHEL
• Fedora
• Ubuntu/Debian
• Suse
• Solaris
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Puppet Certificate• Puppet-ca proxy
• Takes care of signing certificates
• Trigger first puppet run
• Run first puppet run in loop (before reboot)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Puppet reports• Very detailed
• History
• Host Configuration Status
• Overview of the last reports
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Host groups• Default provisioning parameters
• Puppet classes
• Network configuration
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Hammer• Command line to foreman
• Scripting
• Automation
• Without browser (e.g no http(s) access)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Scaling up• Multiple Puppet Masters
• Multiple Smart Proxies
• Foreman talks with the CA
• Multiple compute resources
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Foreman plugin• Foreman plugins are implemented as gems
• RPM Installations
• Debian Installations
• Gems Installations
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Conclusion• From small labs to larger environments
• Interactions with RESTful API
• Complete puppet management
• Bare Metal and virtual machines
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 42
Puppet TOIYating YangFeb 10 2015
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
• Puppet is a configuration management system that allows you to define the state of your IT infrastructure, then automatically enforces the correct state.
• Fact colletction
• Catalog compilation
• Enforcement
• Report
• Report sharing
What is Puppet?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Puppet Master/Agent Mode
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
• stackforge/puppet-ceph
• stackforge/puppet-cinder
• stackforge/puppet-designate
• stackforge/puppet-glance
• stackforge/puppet-heat
• stackforge/puppet-horizon
• stackforge/puppet-ironic
• stackforge/puppet-keystone
• stackforge/puppet-manila
• stackforge/puppet-neutron
• stackforge/puppet-nova
• stackforge/puppet-openstack
• stackforge/puppet-sahara
• stackforge/puppet-swift
• stackforge/puppet-tempest
• stackforge/puppet-trove
• stackforge/puppet-tuskar
• stackforge/puppet-vswitch
• stackforge/puppet-openstacklib
• stackforge/puppet-openstack-specs
• stackforge/puppet-openstack_extras
Puppet OpenStack Modules
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Puppet OpenStack Version
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47