From 72ba304e78410317d6629f317e6f8e8a9edabccd Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Fri, 6 Jan 2017 15:56:09 +0000
Subject: [PATCH] Add first iteration of PoC deployment scripts
deploy-seed.sh: Deploy the seed node.
deploy-overcloud.sh: Deploy an overcloud via the seed node.
---
PROBLEMS | 15 ++
deploy-overcloud.sh | 76 ++++++
deploy-seed.sh | 619 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 710 insertions(+)
create mode 100644 PROBLEMS
create mode 100755 deploy-overcloud.sh
create mode 100755 deploy-seed.sh
diff --git a/PROBLEMS b/PROBLEMS
new file mode 100644
index 00000000..a3cfd172
--- /dev/null
+++ b/PROBLEMS
@@ -0,0 +1,15 @@
+ansible PTY allocation request failed
+=====================================
+
+In /var/log/secure: Unable to open pty: No such file or directory
+none /dev/pts devpts gid=5,mode=620 0 0
+
+Kolla patches
+=============
+
+See bootstrap_kolla.sh.
+
+Ironic inspector
+================
+
+Failed to start due to iptables error.
diff --git a/deploy-overcloud.sh b/deploy-overcloud.sh
new file mode 100755
index 00000000..cc9bd7d9
--- /dev/null
+++ b/deploy-overcloud.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+
+###########################################################
+# Overcloud
+
+function configure_overcloud_network {
+ echo "TODO: configure overcloud network"
+}
+
+function configure_overcloud_bios_and_raid {
+ echo "TODO: configure overcloud BIOS and RAID"
+}
+
+function deploy_overcloud_servers {
+ # Deploy servers with Bifrost
+ kolla-ansible deploy-servers -i /etc/kolla/inventory/seed
+}
+
+function configure_overcloud_os {
+ #ansible controllers -b -i /etc/kolla/inventory/overcloud -m yum -a 'name=[epel-release, centos-release-openstack-newton]'
+ #ansible controllers -b -i /etc/kolla/inventory/overcloud -m yum -a 'name=[python-pip, vim]'
+
+ # Disable SELiunx
+ ansible controllers -b -i /etc/kolla/inventory/overcloud -m selinux -a 'state=disabled'
+ ansible controllers -b -i /etc/kolla/inventory/overcloud -m command -a 'reboot -f' &
+
+ # Wait for nodes to come back up
+ echo "Waiting for overcloud nodes to come back up"
+ while true ; do
+ ansible controllers -i /etc/kolla/inventory/overcloud -m command -a 'hostname' && break
+ done
+}
+
+function bootstrap_overcloud_kolla {
+ # TODO
+ # Bootstrap seed node
+ kolla-ansible bootstrap-servers -i /etc/kolla/inventory/overcloud
+ ansible controllers -i /etc/kolla/inventory/overcloud -m command -a 'docker ps'
+ ansible controllers -b -i /etc/kolla/inventory/overcloud -m service -a 'name=ntpd state=started enabled=yes'
+}
+
+function configure_overcloud_docker {
+ echo "TODO: configure overcloud docker"
+}
+
+function pull_overcloud_images {
+ kolla-ansible pull -i /etc/kolla/inventory/overcloud
+}
+
+function deploy_overcloud_services {
+ kolla-ansible prechecks -i /etc/kolla/inventory/overcloud
+ kolla-ansible deploy -i /etc/kolla/inventory/overcloud
+ kolla-ansible post-deploy -i /etc/kolla/inventory/overcloud
+}
+
+function deploy_overcloud {
+ configure_overcloud_network
+ configure_overcloud_bios_and_raid
+ deploy_overcloud_servers
+ configure_overcloud_os
+ bootstrap_overcloud_kolla
+ configure_overcloud_docker
+ pull_overcloud_images
+ deploy_overcloud_services
+}
+
+###########################################################
+# Main
+
+function main {
+ deploy_overcloud
+}
+
+deploy_overcloud
diff --git a/deploy-seed.sh b/deploy-seed.sh
new file mode 100755
index 00000000..9830d6cc
--- /dev/null
+++ b/deploy-seed.sh
@@ -0,0 +1,619 @@
+#!/bin/bash
+
+set -e
+
+###########################################################
+# Seed node
+
+function configure_seed_os {
+ sudo yum -y install epel-release
+ sudo yum -y install ansible
+ sudo yum -y install git vim
+
+ # Generate an SSH key
+ if [[ ! -f ~/.ssh/id_rsa ]]; then
+ ssh-keygen -N '' -f ~/.ssh/id_rsa
+ fi
+ ansible localhost -m authorized_key -a "user=$(whoami) key='$(cat ~/.ssh/id_rsa.pub)'"
+ ssh-keyscan 127.0.0.1 >> ~/.ssh/known_hosts
+ ssh-keyscan localhost >> ~/.ssh/known_hosts
+
+ # Disable SELiunx
+ if selinuxenabled && [[ $(getenforce) = 'Enforcing' ]] ; then
+ echo "Disabling SELinux and rebooting. Re-run this script"
+ ansible localhost -b -m selinux -a 'state=disabled'
+ sudo reboot -f
+ fi
+}
+
+function install_kolla {
+ # Install kolla
+ sudo yum -y install gcc python-devel python-pip libffi-devel openssl-devel
+ #sudo yum -y install centos-release-openstack-newton
+ #sudo yum -y install python-openstackclient python-neutronclient
+
+ sudo pip install 'kolla<4.0.0'
+ set +e
+ sudo yum -y install patch
+ sudo patch -u -f /usr/share/kolla/ansible/roles/baremetal/tasks/pre-install.yml << EOF
+--- /usr/share/kolla/ansible/roles/baremetal/tasks/pre-install.yml.old 2017-01-06 17:23:12.444746830 +0000
++++ /usr/share/kolla/ansible/roles/baremetal/tasks/pre-install.yml 2017-01-06 17:22:27.864278879 +0000
+@@ -28,6 +28,7 @@
+ {% for host in groups['all'] %}
+ {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }} {{ hostvars[host]['ansible_hostname'] }}
+ {% endfor %}
++ become: True
+ when: customize_etc_hosts | bool
+
+ - name: ensure sudo group is present
+@@ -126,7 +127,7 @@
+ recurse: yes
+ owner: kolla
+ group: kolla
+- mode: 755
++ mode: 0755
+ become: True
+ when: create_kolla_user | bool == True
+
+@@ -135,6 +136,6 @@
+ path: /etc/kolla
+ state: directory
+ recurse: yes
+- mode: 666
++ mode: 0666
+ become: True
+ when: create_kolla_user | bool == False
+EOF
+ sudo patch -u -f /usr/share/kolla/ansible/roles/ironic/templates/ironic-api.json.j2 << EOF
+--- /usr/share/kolla/ansible/roles/ironic/templates/ironic-api.json.j2.old 2017-01-06 13:56:52.881061188 +0000
++++ /usr/share/kolla/ansible/roles/ironic/templates/ironic-api.json.j2 2017-01-06 14:00:21.757338271 +0000
+@@ -10,7 +10,7 @@
+ ],
+ "permissions": [
+ {
+- "path": "/var/log/kolla/ironic"
++ "path": "/var/log/kolla/ironic",
+ "owner": "ironic:ironic",
+ "recurse": true
+ }
+EOF
+ sudo patch -u -f /usr/share/kolla/ansible/roles/ironic/templates/ironic-conductor.json.j2 << EOF
+--- /usr/share/kolla/ansible/roles/ironic/templates/ironic-conductor.json.j2.old 2017-01-06 14:28:35.048365453 +0000
++++ /usr/share/kolla/ansible/roles/ironic/templates/ironic-conductor.json.j2 2017-01-06 14:28:44.858467071 +0000
+@@ -20,7 +20,7 @@
+ "recurse": true
+ },
+ {
+- "path": "/tftpboot"
++ "path": "/tftpboot",
+ "owner": "ironic:ironic",
+ "recurse": true
+ }
+EOF
+ set -e
+}
+
+function configure_kolla {
+ # Configure Kolla
+ if [[ -d /etc/kolla ]]; then
+ sudo mv /etc/kolla /etc/kolla.old.$(date +%s)
+ fi
+ sudo mkdir -p /etc/kolla
+ sudo chown $(whoami):$(whoami) /etc/kolla
+ mkdir -p /etc/kolla/config /etc/kolla/inventory
+ cat > /etc/kolla/inventory/seed << EOF
+# Simple inventory for bootstrapping Kolla control host.
+[baremetal]
+seed ansible_host=127.0.0.1 ansible_user=kolla
+EOF
+
+ cat > /etc/kolla/inventory/overcloud << EOF
+[controllers]
+# These hostname must be resolvable from your deployment host
+control01 ansible_host=${CONTROLLER_IP} ansible_user=kolla ansible_become=true
+
+# These initial groups are the only groups required to be modified. The
+# additional groups are for more control of the environment.
+[control:children]
+controllers
+
+# The network nodes are where your l3-agent and loadbalancers will run
+# This can be the same as a host in the control group
+[network:children]
+controllers
+
+[compute:children]
+controllers
+
+[monitoring:children]
+controllers
+
+[storage:children]
+controllers
+
+[baremetal:children]
+control
+network
+compute
+storage
+monitoring
+
+# You can explicitly specify which hosts run each project by updating the
+# groups in the sections below. Common services are grouped together.
+[collectd:children]
+compute
+
+[grafana:children]
+monitoring
+
+[etcd:children]
+control
+
+[influxdb:children]
+monitoring
+
+[kibana:children]
+control
+
+[telegraf:children]
+monitoring
+
+[elasticsearch:children]
+control
+
+[haproxy:children]
+network
+
+[mariadb:children]
+control
+
+[rabbitmq:children]
+control
+
+[mongodb:children]
+control
+
+[keystone:children]
+control
+
+[glance:children]
+control
+
+[nova:children]
+control
+
+[neutron:children]
+network
+
+[cinder:children]
+control
+
+[cloudkitty:children]
+control
+
+[memcached:children]
+control
+
+[horizon:children]
+control
+
+[swift:children]
+control
+
+[barbican:children]
+control
+
+[heat:children]
+control
+
+[murano:children]
+control
+
+[ironic:children]
+control
+
+[ceph:children]
+control
+
+[magnum:children]
+control
+
+[sahara:children]
+control
+
+[mistral:children]
+control
+
+[manila:children]
+control
+
+[ceilometer:children]
+control
+
+[aodh:children]
+control
+
+[congress:children]
+control
+
+[gnocchi:children]
+control
+
+# Tempest
+[tempest:children]
+control
+
+[senlin:children]
+control
+
+[vmtp:children]
+control
+
+[watcher:children]
+control
+
+[rally:children]
+control
+
+# Additional control implemented here. These groups allow you to control which
+# services run on which hosts at a per-service level.
+#
+# Word of caution: Some services are required to run on the same host to
+# function appropriately. For example, neutron-metadata-agent must run on the
+# same host as the l3-agent and (depending on configuration) the dhcp-agent.
+
+# Glance
+[glance-api:children]
+glance
+
+[glance-registry:children]
+glance
+
+# Nova
+[nova-api:children]
+nova
+
+[nova-conductor:children]
+nova
+
+[nova-consoleauth:children]
+nova
+
+[nova-novncproxy:children]
+nova
+
+[nova-scheduler:children]
+nova
+
+[nova-spicehtml5proxy:children]
+nova
+
+[nova-compute-ironic:children]
+nova
+
+# Neutron
+[neutron-server:children]
+control
+
+[neutron-dhcp-agent:children]
+neutron
+
+[neutron-l3-agent:children]
+neutron
+
+[neutron-lbaas-agent:children]
+neutron
+
+[neutron-metadata-agent:children]
+neutron
+
+[neutron-vpnaas-agent:children]
+neutron
+
+# Ceph
+[ceph-mon:children]
+ceph
+
+[ceph-rgw:children]
+ceph
+
+[ceph-osd:children]
+storage
+
+# Cinder
+[cinder-api:children]
+cinder
+
+[cinder-backup:children]
+storage
+
+[cinder-scheduler:children]
+cinder
+
+[cinder-volume:children]
+storage
+
+# Cloudkitty
+[cloudkitty-api:children]
+cloudkitty
+
+[cloudkitty-processor:children]
+cloudkitty
+
+# iSCSI
+[iscsid:children]
+compute
+storage
+ironic-conductor
+
+[tgtd:children]
+storage
+
+# Manila
+[manila-api:children]
+manila
+
+[manila-scheduler:children]
+manila
+
+[manila-share:children]
+network
+
+# Swift
+[swift-proxy-server:children]
+swift
+
+[swift-account-server:children]
+storage
+
+[swift-container-server:children]
+storage
+
+[swift-object-server:children]
+storage
+
+# Barbican
+[barbican-api:children]
+barbican
+
+[barbican-keystone-listener:children]
+barbican
+
+[barbican-worker:children]
+barbican
+
+# Heat
+[heat-api:children]
+heat
+
+[heat-api-cfn:children]
+heat
+
+[heat-engine:children]
+heat
+
+# Murano
+[murano-api:children]
+murano
+
+[murano-engine:children]
+murano
+
+# Ironic
+[ironic-api:children]
+ironic
+
+[ironic-conductor:children]
+ironic
+
+[ironic-inspector:children]
+ironic
+
+[ironic-pxe:children]
+ironic
+
+# Magnum
+[magnum-api:children]
+magnum
+
+[magnum-conductor:children]
+magnum
+
+# Sahara
+[sahara-api:children]
+sahara
+
+[sahara-engine:children]
+sahara
+
+# Mistral
+[mistral-api:children]
+mistral
+
+[mistral-executor:children]
+mistral
+
+[mistral-engine:children]
+mistral
+
+# Ceilometer
+[ceilometer-api:children]
+ceilometer
+
+[ceilometer-central:children]
+ceilometer
+
+[ceilometer-notification:children]
+ceilometer
+
+[ceilometer-collector:children]
+ceilometer
+
+[ceilometer-compute:children]
+compute
+
+# Aodh
+[aodh-api:children]
+aodh
+
+[aodh-evaluator:children]
+aodh
+
+[aodh-listener:children]
+aodh
+
+[aodh-notifier:children]
+aodh
+
+# Congress
+[congress-api:children]
+congress
+
+[congress-datasource:children]
+congress
+
+[congress-policy-engine:children]
+congress
+
+# Gnocchi
+[gnocchi-api:children]
+gnocchi
+
+[gnocchi-statsd:children]
+gnocchi
+
+[gnocchi-metricd:children]
+gnocchi
+
+# Multipathd
+[multipathd:children]
+compute
+
+# Watcher
+[watcher-api:children]
+watcher
+
+[watcher-engine:children]
+watcher
+
+[watcher-applier:children]
+watcher
+
+# Senlin
+[senlin-api:children]
+senlin
+
+[senlin-engine:children]
+senlin
+EOF
+
+ my_ip=$(ip route get 192.168.0.1 | awk '{ print $5 }')
+ vip=$(python -c "import netaddr; a = netaddr.IPAddress('$my_ip'); print a+1")
+ my_intf=$(ip route get 192.168.0.1 | awk '{ print $3 }')
+
+ cp /usr/share/kolla/etc_examples/kolla/* /etc/kolla
+ cat >> /etc/kolla/globals.yml << EOF
+##################################################
+# Begin overrides
+##################################################
+
+# OpenStack distro
+kolla_base_distro: "centos"
+kolla_install_type: "binary"
+openstack_release: "3.0.1"
+
+# Networking
+kolla_internal_vip_address: "${vip}"
+network_interface: "${my_intf}"
+
+# TLS
+#kolla_enable_tls_external: "no"
+#kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem"
+
+# Services
+enable_ironic: "yes"
+EOF
+
+ # Generate passwords
+ kolla-genpwd
+
+ # Configure Kolla build
+ cat > /etc/kolla/template-override.j2 << EOF
+{% extends parent_template %}
+
+# Disable troublesome keys
+{% set base_yum_repo_keys_override=['http://yum.mariadb.org/RPM-GPG-KEY-MariaDB'] %}
+# Disable repos with troublesome keys
+{% set base_yum_repo_files_override=['MariaDB.repo'] %}
+EOF
+ cat > /etc/kolla/kolla-build.conf << EOF
+[DEFAULT]
+template_override=/etc/kolla/template-override.j2
+EOF
+
+ # Configure Bifrost
+ mkdir /etc/kolla/config/bifrost
+ cat > /etc/kolla/config/bifrost/bifrost.yml << EOF
+---
+EOF
+ cat > /etc/kolla/config/bifrost/dib.yml << EOF
+---
+dib_os_element: "centos7"
+EOF
+ cat > /etc/kolla/config/bifrost/servers.yml << EOF
+---
+EOF
+}
+
+function bootstrap_seed_kolla {
+ # Bootstrap seed node
+ kolla-ansible bootstrap-servers -i /etc/kolla/inventory/seed -e ansible_user=$(whoami)
+ ansible seed -i /etc/kolla/inventory/seed -b -m authorized_key -a "user=kolla key='$(cat ~/.ssh/id_rsa.pub)'" -e ansible_user=$(whoami)
+ ansible seed -i /etc/kolla/inventory/seed -b -m user -a "name=$(whoami) groups=kolla,docker append=true"
+ ansible seed -i /etc/kolla/inventory/seed -m command -a 'docker info'
+ # Enable NTPd
+ ansible seed -i /etc/kolla/inventory/seed -b -m service -a 'name=ntpd state=started enabled=yes'
+}
+
+function configure_seed_docker {
+ # TODO
+ echo "TODO: configure docker on seed"
+}
+
+function deploy_bifrost {
+ if true ; then
+ # Build Bifrost image
+ # FIXME: sudo required because we need to log out/in for docker group
+ # membership to take effect.
+ sudo kolla-build -t source bifrost-deploy
+ else
+ # Image on Dockerhub not currently working :(
+ docker pull docker.io/kolla/centos-source-bifrost-deploy:3.0.1
+ fi
+
+ # Deploy Bifrost
+ kolla-ansible deploy-bifrost -i /etc/kolla/inventory/seed -e kolla_install_type=source
+}
+
+function deploy_seed_node {
+ configure_seed_os
+ install_kolla
+ configure_kolla
+ bootstrap_seed_kolla
+ configure_seed_docker
+ deploy_bifrost
+}
+
+###########################################################
+# Main
+
+function main {
+ if [[ $# -ne 1 ]]; then
+ echo "Usage: $0 <controller IP>"
+ exit 1
+ fi
+ CONTROLLER_IP=$1
+ deploy_seed_node
+}
+
+main $*
--
GitLab