OpenStack Cloud Computing Cookbook

http://www.openstackcookbook.com/

Monthly Archives: February 2014

Installing Rackspace Private Cloud using Chef Cookbooks

What It Does

In this recipe we show you how to install Rackspace Private Cloud on 3 servers: 2 Controllers in HA and a Compute host.

Getting Ready

You will need

  • a Chef server installed and configured
  • 3 Servers (virtual or physical) running Ubuntu 12.04

Ensure you are on a client or server that has the Chef Client, knife, installed and configured to use your Chef Server.

How to do it…

#!/usr/bin/env bash
set -e 
set -v
set -u
# This is a crude script which will deploy an openstack HA environment 
# YOU have to populate the IP addresses for Controller 1 and 2 as well as
# The IP addresses for your compute nodes.  Additionally you will need to
# Populate the VIP_PREFIX with the first three octets of your VIP addresses.
# You should run this script on the node that will become controller 1.

# Rabbit Password
RMQ_PW="Passw0rd"

# Rabbit IP address, this should be the host ip which is on
# the same network used by your management network
RMQ_IP="10.51.50.1"

# Set the cookbook version that we will upload to chef
COOKBOOK_VERSION="v4.2.1"

# SET THE NODE IP ADDRESSES
CONTROLLER1="10.51.50.1"
CONTROLLER2="10.51.50.2"

# ADD ALL OF THE COMPUTE NODE IP ADDRESSES, SPACE SEPERATED.
COMPUTE_NODES="10.51.50.3 10.51.50.4"

# This is the VIP prefix, IE the beginning of your IP addresses for all your VIPS.
# Note, This makes a lot of assumptions for your VIPS.
# The environment use .154, .155, .156 for your HA VIPS.
VIP_PREFIX="10.51.50"

# Make the system key used for bootstrapping self and others.
if [ ! -f "/root/.ssh/id_rsa" ];then
    ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''
    pushd /root/.ssh/
    cat id_rsa.pub | tee -a authorized_keys
    popd
fi

for node in ${CONTROLLER1} ${CONTROLLER2} ${COMPUTE_NODES};do
    ssh-copy-id ${node}
done

apt-get update
apt-get install -y python-dev python-pip git erlang erlang-nox erlang-dev curl lvm2
pip install git+https://github.com/cloudnull/mungerator
RABBIT_URL="http://www.rabbitmq.com"

function rabbit_setup() {
    if [ ! "$(rabbitmqctl list_vhosts | grep -w '/chef')" ];then
      rabbitmqctl add_vhost /chef
    fi

    if [ "$(rabbitmqctl list_users | grep -w 'chef')" ];then
      rabbitmqctl delete_user chef
    fi

    rabbitmqctl add_user chef "${RMQ_PW}"
    rabbitmqctl set_permissions -p /chef chef '.*' '.*' '.*'
}

function install_apt_packages() { 
    RABBITMQ_KEY="${RABBIT_URL}/rabbitmq-signing-key-public.asc"
    wget -O /tmp/rabbitmq.asc ${RABBITMQ_KEY};   
    apt-key add /tmp/rabbitmq.asc 
    RABBITMQ="${RABBIT_URL}/releases/rabbitmq-server/v3.1.5/rabbitmq-server_3.1.5-1_all.deb"
    wget -O /tmp/rabbitmq.deb ${RABBITMQ}
    dpkg -i /tmp/rabbitmq.deb
    rabbit_setup

    CHEF="https://www.opscode.com/chef/download-server?p=ubuntu&pv=12.04&m=x86_64"
    CHEF_SERVER_PACKAGE_URL=${CHEF}
    wget -O /tmp/chef_server.deb ${CHEF_SERVER_PACKAGE_URL}
    dpkg -i /tmp/chef_server.deb
}

function CREATE_SWAP() {

  cat > /tmp/swap.sh <<EOF
#!/usr/bin/env bash
if [ ! "\$(swapon -s | grep -v Filename)" ];then
  SWAPFILE="/SwapFile"
  if [ -f "\${SWAPFILE}" ];then
    swapoff -a
    rm \${SWAPFILE}
  fi
  dd if=/dev/zero of=\${SWAPFILE} bs=1M count=1024
  chmod 600 \${SWAPFILE}
  mkswap \${SWAPFILE}
  swapon \${SWAPFILE}
fi
EOF

  cat > /tmp/swappiness.sh <<EOF
#!/usr/bin/env bash
SWAPPINESS=\$(sysctl -a | grep vm.swappiness | awk -F' = ' '{print \$2}')

if [ "\${SWAPPINESS}" != 60 ];then
  sysctl vm.swappiness=60
fi
EOF

  if [ ! "$(swapon -s | grep -v Filename)" ];then
    chmod +x /tmp/swap.sh
    chmod +x /tmp/swappiness.sh
    /tmp/swap.sh && /tmp/swappiness.sh
  fi
}

CREATE_SWAP
install_apt_packages

mkdir -p /etc/chef-server
cat > /etc/chef-server/chef-server.rb <<EOF
erchef["s3_url_ttl"] = 3600
nginx["ssl_port"] = 4000
nginx["non_ssl_port"] = 4080
nginx["enable_non_ssl"] = true
rabbitmq["enable"] = false
rabbitmq["password"] = "${RMQ_PW}"
rabbitmq["vip"] = "${RMQ_IP}"
rabbitmq['node_ip_address'] = "${RMQ_IP}"
chef_server_webui["web_ui_admin_default_password"] = "THISisAdefaultPASSWORD"
bookshelf["url"] = "https://#{node['ipaddress']}:4000"
EOF

chef-server-ctl reconfigure

sysctl net.ipv4.conf.default.rp_filter=0 | tee -a /etc/sysctl.conf
sysctl net.ipv4.conf.all.rp_filter=0 | tee -a /etc/sysctl.conf
sysctl net.ipv4.ip_forward=1 | tee -a /etc/sysctl.conf

bash <(wget -O - http://opscode.com/chef/install.sh)

SYS_IP=$(ohai ipaddress | awk '/^ / {gsub(/ *\"/, ""); print; exit}')
export CHEF_SERVER_URL=https://${SYS_IP}:4000

# Configure Knife
mkdir -p /root/.chef
cat > /root/.chef/knife.rb <<EOF
log_level                :info
log_location             STDOUT
node_name                'admin'
client_key               '/etc/chef-server/admin.pem'
validation_client_name   'chef-validator'
validation_key           '/etc/chef-server/chef-validator.pem'
chef_server_url          "https://${SYS_IP}:4000"
cache_options( :path => '/root/.chef/checksums' )
cookbook_path            [ '/opt/chef-cookbooks/cookbooks' ]
EOF

if [ ! -d "/opt/" ];then
    mkdir -p /opt/
fi

if [ -d "/opt/chef-cookbooks" ];then
    rm -rf /opt/chef-cookbooks
fi

git clone https://github.com/rcbops/chef-cookbooks.git /opt/chef-cookbooks
pushd /opt/chef-cookbooks
git checkout ${COOKBOOK_VERSION}
git submodule init
git submodule sync
git submodule update

# Get add-on Cookbooks
knife cookbook site download -f /tmp/cron.tar.gz cron 1.2.6 
tar xf /tmp/cron.tar.gz -C /opt/chef-cookbooks/cookbooks

knife cookbook site download -f /tmp/chef-client.tar.gz chef-client 3.0.6
tar xf /tmp/chef-client.tar.gz -C /opt/chef-cookbooks/cookbooks

# Upload all of the RCBOPS Cookbooks
knife cookbook upload -o /opt/chef-cookbooks/cookbooks -a
popd

# Save the erlang cookie
if [ ! -f "/var/lib/rabbitmq/.erlang.cookie" ];then
    ERLANG_COOKIE="ANYSTRINGWILLDOJUSTFINE"
else
    ERLANG_COOKIE="$(cat /var/lib/rabbitmq/.erlang.cookie)"
fi

# DROP THE BASE ENVIRONMENT FILE
cat > /opt/base.env.json <<EOF
{
  "name": "RCBOPS_Openstack_Environment",
  "description": "Environment for Openstack Private Cloud",
  "cookbook_versions": {
  },
  "json_class": "Chef::Environment",
  "chef_type": "environment",
  "default_attributes": {
  },
  "override_attributes": {
    "monitoring": {
      "procmon_provider": "monit",
      "metric_provider": "collectd"
    },
    "enable_monit": true,
    "osops_networks": {
      "management": "${VIP_PREFIX}.0/24",
      "swift": "${VIP_PREFIX}.0/24",
      "public": "${VIP_PREFIX}.0/24",
      "nova": "${VIP_PREFIX}.0/24"
    },
    "rabbitmq": {
      "cluster": true,
      "erlang_cookie": "${ERLANG_COOKIE}"
    },
    "nova": {
      "config": {
        "use_single_default_gateway": false,
        "ram_allocation_ratio": 1.0,
        "disk_allocation_ratio": 1.0,
        "cpu_allocation_ratio": 2.0,
        "resume_guests_state_on_host_boot": false
      },
      "network": {
        "provider": "neutron"
      },
      "scheduler": {
        "default_filters": [
          "AvailabilityZoneFilter",
          "ComputeFilter",
          "RetryFilter"
        ]
      },
      "libvirt": {
        "vncserver_listen": "0.0.0.0",
        "virt_type": "qemu"
      }
    },
    "keystone": {
      "pki": {
        "enabled": false
      },
      "admin_user": "admin",
      "tenants": [
        "service",
        "admin",
        "demo",
        "demo2"
      ],
      "users": {
        "admin": {
          "password": "secrete",
          "roles": {
            "admin": [
              "admin"
            ]
          }
        },
        "demo": {
          "password": "secrete",
          "default_tenant": "demo",
          "roles": {
            "Member": [
              "demo2",
              "demo"
            ]
          }
        },
        "demo2": {
          "password": "secrete",
          "default_tenant": "demo2",
          "roles": {
            "Member": [
              "demo2",
              "demo"
            ]
          }
        }
      }
    },
    "neutron": {
      "ovs": {
        "network_type": "gre",
        "provider_networks": [
          {
            "bridge": "br-eth2",
            "vlans": "1024:1024",
            "label": "ph-eth2"
          }
        ]
      }
    },
    "mysql": {
      "tunable": {
        "log_queries_not_using_index": false
      },
      "allow_remote_root": true,
      "root_network_acl": "127.0.0.1"
    },
    "vips": {
      "horizon-dash": "${VIP_PREFIX}.156",
      "keystone-service-api": "${VIP_PREFIX}.156",
      "nova-xvpvnc-proxy": "${VIP_PREFIX}.156",
      "nova-api": "${VIP_PREFIX}.156",
      "cinder-api": "${VIP_PREFIX}.156",
      "nova-ec2-public": "${VIP_PREFIX}.156",
      "config": {
        "${VIP_PREFIX}.156": {
          "vrid": 12,
          "network": "public"
        },
        "${VIP_PREFIX}.154": {
          "vrid": 10,
          "network": "public"
        },
        "${VIP_PREFIX}.155": {
          "vrid": 11,
          "network": "public"
        }
      },
      "rabbitmq-queue": "${VIP_PREFIX}.155",
      "nova-novnc-proxy": "${VIP_PREFIX}.156",
      "mysql-db": "${VIP_PREFIX}.154",
      "glance-api": "${VIP_PREFIX}.156",
      "keystone-internal-api": "${VIP_PREFIX}.156",
      "horizon-dash_ssl": "${VIP_PREFIX}.156",
      "glance-registry": "${VIP_PREFIX}.156",
      "neutron-api": "${VIP_PREFIX}.156",
      "ceilometer-api": "${VIP_PREFIX}.156",
      "ceilometer-central-agent": "${VIP_PREFIX}.156",
      "heat-api": "${VIP_PREFIX}.156",
      "heat-api-cfn": "${VIP_PREFIX}.156",
      "heat-api-cloudwatch": "${VIP_PREFIX}.156",
      "keystone-admin-api": "${VIP_PREFIX}.156"
    },
    "glance": {
      "images": [

      ],
      "image": {
      },
      "image_upload": false
    },
    "osops": {
      "do_package_upgrades": false,
      "apply_patches": false
    },
    "developer_mode": false
  }
}
EOF

# Upload all of the RCBOPS Roles
knife role from file /opt/chef-cookbooks/roles/*.rb
knife environment from file /opt/base.env.json

# Build all the things
knife bootstrap -E RCBOPS_Openstack_Environment -r role[ha-controller1],role[single-network-node] ${CONTROLLER1}
knife bootstrap -E RCBOPS_Openstack_Environment -r role[ha-controller2],role[single-network-node] ${CONTROLLER2}

for node in ${COMPUTE_NODES};do
  knife bootstrap -E RCBOPS_Openstack_Environment -r role[single-compute] ${node}
done
Advertisements