Skip to content

Latest commit

 

History

History
291 lines (228 loc) · 11.9 KB

First_OSP_Env_walkthrough.adoc

File metadata and controls

291 lines (228 loc) · 11.9 KB

Config on OpenStack

In this document we will explain how one could setup their laptop for AgnosticD deployment with OpenStack.

If you are a Red Hatter, you can use labs.opentlc.com to request access to our OpenStack cluster:

  1. Log in to https://labs.opentlc.com using your opentlc user.

  2. Go to ServicesCatalogsNovello TestingOSP Sandbox AgD Training (all Red Hat employees should see it, make sure you are in the right group).

  3. Click OrderSubmit

Note
You will receive three emails indicating the status of the environment and instructions for accessing the environment. In the third email you receive all information you need to login to the client machine that would have the rest of required information.
Note
You can use the bastion VM as your ansible host or copy the files over to your laptop and work locally. Most steps are only necessary on your laptop as the bastion host is already pre-configured.

Configure your environment for running OpenStack Ansible

Note
on Fedora dnf install python3-openstacksdk python3-openstackclient python-openstackclient-doc python-openstackclient-lang python3-heatclient python-heatclient-doc python3-dns will do the job (you may choose to skip doc and lang packages).
  1. Please make sure the file /etc/ansible/hosts doesn’t exist or is empty, otherwise this default inventory file will cause problems later.

  2. Install Python 3, gcc, and python package managemend and development libraries (On your laptop or on the clientVM):

    # on Linux
    $ sudo yum install gcc python3 python3-devel python3-libs python3-pip -y
    # on Mac
    $ brew install python pyenv-virtualenv
  3. Create virtualenv environment and download python requirements:

    1. Create virtualenv and activate

      $ python3 -m venv ansible2.9-python3.6
      
      ##In Mac
      $ pyenv virtualenv ansible2.9-python3.6
      
      
      ## In Mac, if you find the error " the error: error: pyenv: pip: command not found]", it could because you need pip3, in that case please do:
      $ alias pip=pip3
      $ pip install --upgrade pip
      
      $ source ansible2.9-python3.6/bin/activate
      
      ## In Mac
      $ source /Users/[USER]/.pyenv/versions/ansible2.9-python3.6/bin/activate
      
      ## ^replace [USER] with your username or the proper path
    2. Install the python modules inside that virtualenv

      • On Mac

        $ pip3 install -r https://raw.githubusercontent.com/redhat-cop/agnosticd/development/ansible/configs/ocp4-disconnected-osp-lab/files/macos_requirements.txt
      • On Linux

        (ansible2.9-python3.6) $ pip3 install -r https://raw.githubusercontent.com/redhat-cop/agnosticd/development/tools/virtualenvs/ansible2.9-python3.6-<DATE>.txt  #(1)
        1. go to https://github.com/redhat-cop/agnosticd/tree/development/tools/virtualenvs and check the latest available version (symlinks don’t work).

Getting your OpenStack Credentials

  1. Create the ~/.config/openstack/clouds.yaml file on your laptop using the information provided in the final email.

    $ mkdir -p ~/.config/openstack
    $ vim ~/.config/openstack/clouds.yaml
  2. Review your ~/.config/openstack/clouds.yaml:

    cat ~/.config/openstack/clouds.yaml
    clouds:
      35eb-project:
        auth:
          auth_url: "http://169.47.17.15:5000/v3"
          username: "35eb-user"
          project_name: "35eb-project"
          project_id: "1a79cf800ff94754bb495e2c1fd9d433"
          user_domain_name: "Default"
          password: "YOUR_TEMP_PASSWORD"
        region_name: "regionOne"
        interface: "public"
        identity_api_version: 3
  3. Check that your credentials are working. In order to do so, first log into your bastion, using the credentials provided to you via email:

    sassenach:~ Cibeles$ ssh YOUR-OPENTLC-USER@bastion.GUID.red.osp.opentlc.com
    YOUR-OPENTLC-USER@bastion.GUID.red.osp.opentlc.com's password: YOUR_EMAIL_PROVIDED_PASSWORD
    $ openstack --os-cloud=GUID-project server list
    +--------------------------------------+-----------+--------+------------------------------------------------+-------+---------+
    | ID                                   | Name      | Status | Networks                                       | Image | Flavor  |
    +--------------------------------------+-----------+--------+------------------------------------------------+-------+---------+
    | 653fb842-6ce8-4eb0-a51a-dc0f3d5fb103 | bastion   | ACTIVE | 35eb-ocp-network=192.168.47.33, 169.47.183.214 |       | 2c2g30d |
    +--------------------------------------+-----------+--------+------------------------------------------------+-------+---------+
  4. Try to login to OpenStack UI using the auth_url from the clouds.yaml without port and path, i.e. something like: https://api.xxx.infra.opentlc.com/. You must use username and password from .config/openstack/clouds.yaml to login to the UI (the domain can be ignored as long as it is 'Default').

Setting up AgnosticD and your development environment

  1. Clone the AgnosticD repository:

    git clone https://github.com/redhat-cop/agnosticd
  2. Create your secret.yml file outside the repository, and edit it using the correct credentials based on your clouds.yml file:

    cat << EOF >> ~/secret.yml
    # Authenication for OpenStack in order to create the things
    # RED
    osp_auth_username: CHANGEME
    osp_auth_password: CHANGEME
    osp_project_name: CHANGEME
    osp_project_id: CHANGEME
    
    
    osp_auth_url: http://169.47.188.15:5000/v3
    osp_auth_project_domain: default
    osp_auth_user_domain: default
    
    # DNS
    
    osp_cluster_dns_server: "169.45.246.132"  # ddns01.opentlc.com (1)
    osp_cluster_dns_zone: students.osp.opentlc.com
    ddns_key_name: PROVIDED_BY_ADMIN          # default value is set to "hmac-dm5"
    ddns_key_secret: PROVIDED_BY_ADMIN
    
    # Repo
    
    own_repo_path: PROVIDED_BY_ADMIN
    
    # Do not create PROJECT, we already have one and want to use it
    
    osp_project_create: false
    
    EOF
Note
You can find a secret.yml file provided to you on the home directory of your user at your bastion machine, use this to populate the file as previously stated.
Important
until issue #3275 is fixed, make sure that you replace the DNS name with an IP address if you have a dnspython library with version 2.x (e.g. on Fedora 33+).
[YOUR_USER@bastion ~]$ ls
agnosticd  secrets.yaml
Note
It is required that OpenStack SDK is installed on your working machine. For further information, please refer to its web page
  1. First checkpoint, make sure this secret file is correct by running the test-empty-config.

    cd agnosticd/ansible
    
    ansible-playbook main.yml \
      -e @configs/test-empty-config/sample_vars_osp.yml \
      -e @~/secret.yml
  2. Copy the sample_vars_osp.yml file and call it my_vars.yml

    cp configs/just-a-bunch-of-nodes/sample_vars_osp.yml \
      configs/just-a-bunch-of-nodes/my_vars.yml
  3. Edit the my_vars.yml and change the guid value to something short and unique.

    Warning
    Do not pick the same GUID as the one you got for access to the OSP cluster.
  4. you also need to check the email and the own_repo_path variables (or overwrite them in your secrets file).

  5. Second checkpoint, Run the ansible-playbook command to deploy just-a-bunch-of-nodes

    ansible-playbook main.yml \
      -e @configs/just-a-bunch-of-nodes/my_vars.yml \
      -e @~/secret.yml
    Note
    If you are having python2 Vs. Python3 issues, Add /usr/bin/python3.6 before the ansible-playbook command. For example: /usr/bin/python3.6 ansible-playbook ansible/main.yml -e @configs/just-a-bunch-of-nodes/my_vars.yml -e@~/secret.yml
  6. Check that the VM was installed and ssh into the box using the created key. In order to do so, first log into your bastion, using the credentials provided to you via email:

    sassenach:~ Cibeles$ ssh YOUR-OPENTLC-USER@bastion.GUID.red.osp.opentlc.com
    YOUR-OPENTLC-USER@bastion.GUID.red.osp.opentlc.com's password: YOUR_EMAIL_PROVIDED_PASSWORD
    [YOUR_USER@bastion ~]$ openstack --os-cloud=${GUID}-project server list
    
    +--------------------------------------+---------+--------+---------------------------------------------------------+-------+---------+
    | ID                                   | Name    | Status | Networks                                                | Image | Flavor  |
    +--------------------------------------+---------+--------+---------------------------------------------------------+-------+---------+
    | 2715f0d9-51e1-4619-a97e-c841914dddf6 | node    | ACTIVE | testamaya-default-network=192.168.47.26                 |       | 2c2g30d |
    | 6931bf5a-ec1e-4ac7-8477-9e96f9e14de3 | bastion | ACTIVE | testamaya-default-network=192.168.47.17, 169.47.188.156 |       | 2c2g30d |
    | 947d6397-c152-4a38-9825-02f9fa50c03e | bastion | ACTIVE | 98e1-testnet-network=192.168.0.35, 169.47.191.80        |       | 2c2g30d |
    +--------------------------------------+---------+--------+---------------------------------------------------------+-------+---------+

You can see there are some machines there and their IP addresses. Now you can log into your bastion machine from the outside world (your laptop) or from the bastion machine you were given credentials for in the email.

Let’s log in from the outside world (your laptop) using your ${GUID}_infra_ssh_key.pem key file. Please note that the key file should be created in the machine you launched the playbook from.

sassenach:~ Cibeles$ ll /tmp/output_dir/
 8 -rw-r--r--   1 Cibeles  staff   235B May 26 17:41 basic_heat_template.yml
 8 -rw-r--r--   1 Cibeles  staff   369B May 28 16:38 hosts-just-a-bunch-of-nodes-testamaya
16 -rw-r--r--   1 Cibeles  staff   6.8K May 26 17:42 just-a-bunch-of-nodes.testamaya.osp_cloud_master_template.yaml
 8 -rw-r--r--   1 Cibeles  staff   1.1K May 28 16:32 just-a-bunch-of-nodes_testamaya_ssh_conf
 8 -rw-r--r--   1 Cibeles  wheel   175B May 28 16:33 just-a-bunch-of-nodes_testamaya_ssh_known_hosts
 8 -rwxr--r--   1 Cibeles  staff   168B May 28 16:37 ssh-config-just-a-bunch-of-nodes-testamaya*
 8 -rw-------   1 Cibeles  staff   1.6K May 25 13:16 testamaya_infra_ssh_key.pem
 8 -r--------   1 Cibeles  wheel   1.8K May 28 16:19 testamayakey
 8 -rw-r--r--   1 Cibeles  wheel   399B May 28 16:19 testamayakey.pub

sassenach:~ Cibeles$ ssh -i /tmp/output_dir/testamaya_infra_ssh_key.pem cloud-user@169.47.188.156
Last login: Thu May 28 10:49:27 2020 from 90.77.177.210
[cloud-user@bastion 0 ~]$
  1. Now, if you want to log into any of your nodes, you just simply need to copy the identity file into the newly deployed bastion machine and ssh from it (as nodes do not have an external IP).

    sassenach:~ Cibeles$  scp -i /tmp/output_dir/testamaya_infra_ssh_key.pem /tmp/output_dir/testamaya_infra_ssh_key.pem cloud-user@169.47.188.156:.
    
    [cloud-user@bastion ~]$ ssh -i testamaya_infra_ssh_key.pem cloud-user@node
    Last login: Tue Jun  2 12:16:17 2020 from bastion.example.com
  2. You can now adapt my_vars.yml to your needs. Create different kind of instances, more security groups, etc.

Clean up

  1. Destroy the deployment:

    ansible-playbook destroy.yml \
      -e @configs/just-a-bunch-of-nodes/my_vars.yml \
      -e @~/secret.yml
Caution
beware that this last action destroys also the initial bastion so that you can’t reuse it for further tests in the same sandbox. It has been captured in issue #3726.

What’s next ?