#OpenStack
TBD https://docs.openstack.org
TBD
Chef cookbook:
/etc/**/policy.json role definitions
Install clients:
for prj in barbican ceilometer cinder glance heat magnum manila mistral \
murano neutron nova sahara swift trove tuskar openstack; do
sudo pip install --upgrade python-${prj}client
done
source ~/openrc;
TENANTID=\$(keystone tenant-list |awk '/droneci/ {print $2}');
nova list --all-tenants | awk -F'|' \"/$TENANTID/\"' {print $3 $8}'|awk '{print $NF, $1}'
openstack project create droneci
openstack project list
deprecated in favor of openstack
keystone tenant-create --name=droneci --description="Drone CI Tenant"
keystone user-create --name=drone --pass=passw0rd --email=petr_michalec@cz.ibm.com
keystone user-create --name=droneci --pass=passw0rd --email=petr_michalec@cz.ibm.com
keystone user-role-add --user=droneci --tenant=droneci --role=admin
Doc:
cli:
glance list
glance image-list
glance show <UUID of image>
glance image-create --name 'Fedora 20 x86_64' --disk-format qcow2 --container-format bare --is-public true \
--copy-from http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2
Edit/modify:
http://docs.openstack.org/image-guide/content/ch_modifying_images.html
guestfish -a rhel-7-server-guest-image.qcow2
run list-filesystems mount /dev/sda1 / vi /etc/shadow
URLs:
"upload_image": {
"cirros": "http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img",
"ubuntu-precise": "https://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img",
"ubuntu-trusty": "http://uec-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img",
"fedora": "http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.qcow2",
"centos-6": "http://cloud.centos.org/centos/6/images/CentOS-6-x86_64-GenericCloud.qcow2",
"centos-7": "http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2"
}
tenant=$(openstack project list | awk '/droneci/ {print $2}')
nova quota-defaults
#nova quota-class-update default --instances 15
# nova quota-update --floating-ips 20 $tenant
# nova quota-show --tenant $tenant
# cinder quota-update XYZ $tenant
# cinder quota-show --tenant $tenant
nova keypair-add --pub-key=/root/.ssh/id_rsa_bootstrap_insecure.pub bootstrap_insecure
To NAT networks behind network node:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
External network:
neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat
neutron subnet-create ext-net --name ext-subnet --allocation-pool start=FLOATING_IP_START,end=FLOATING_IP_END
--disable-dhcp --gateway EXTERNAL_NETWORK_GATEWAY EXTERNAL_NETWORK_CIDR
Tenant private network: neutron net-create droneci-net neutron subnet-create droneci-net --name droneci-subnet --gateway TENANT_NETWORK_GATEWAY TENANT_NETWORK_CIDR neutron router-create droneci-router neutron router-interface-add droneci-router droneci-subnet neutron router-gateway-set droneci-router ext-net
Example:
service
tenant=$(keystone tenant-list | awk '/service/ {print $2}')
## FIXME how/when default network how tenant['service']
neutron router-delete external
neutron port-list | awk ' /10.10.51/ {print $2}' | xargs neutron port-delete
neutron subnet-delete ext-net-51
neutron net-delete ext-net-51
#
neutron router-create external
neutron net-create ext-net-51 --router:external --provider:physical_network external --provider:network_type flat
neutron net-update ext-net-51 --shared True
neutron subnet-create ext-net-51 --name ext-subnet-51 --allocation-pool start=10.10.51.129,end=10.10.51.190 --disable-dhcp --gateway 10.10.51.1 10.10.51.0/24 aka .128/26
#neutron router-gateway-set external ext-net-51
neutron net-delete int-100
neutron router-delete internal
neutron router-create internal
neutron net-create int-100
neutron subnet-create int-100 --name int-subnet-100 192.168.100.0/24
neutron router-gateway-set internal ext-net-51
neutron router-interface-add internal int-100
tenant networking
tenant=$(keystone tenant-list | awk '/droneci/ {print $2}')
neutron router-delete droneci-net
neutron port-list | awk ' /192.168.100/ {print $2}' | xargs neutron port-delete
neutron subnet-delete droneci-net
neutron net-delete droneci-net
neutron router-create droneci-net --tenant-id $tenant
neutron net-create droneci-net --tenant-id $tenant
neutron subnet-create droneci-net --name droneci-subnet 192.168.100.0/24 --tenant-id $tenant #--gateway 192.168.100.1
neutron router-gateway-set droneci-net ext-net-51
neutron router-interface-add droneci-net droneci-subnet
ssh-keygen
nova boot test --image cirros --flavor 1 --security-groups=allow_ssh --key-name=mykey
Access the controller as noted above source openrc nova-manage version nova service-list && nova hypervisor-list glance image-list keystone user-list nova list
To allow SSH access to instances, a nova security group is defined as follows:
nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-create allow_ssh "allow ssh to instance"
nova secgroup-add-rule allow_ssh tcp 22 22 0.0.0.0/0
nova secgroup-list-rules allow_ssh
nova-manage floating create --pool nova --ip_range 10.10.51.64/26
nova-manage floating create --pool nova --ip_range 10.10.52.64/26
keystone service-list
keystone user-list
keystone tenant-list
keystone endpoint-list
keystone catalog
nova image-list
nova-manage service list
nova-manage network list
nova flavor-list
nova availability-zone-list
nova hypervisor-listta
nova quota-update --<key> <value> <project_name>
nova quota-update --instances 15 --floating-ips 15 classproject
nova-cloud-show
nova-netext-show <Region_name>
cinder list
service openstack-nova-api restart
service openstack-nova-cert restart
service openstack-nova-consoleauth restart
service openstack-nova-scheduler restart
service openstack-nova-conductor restart
service openstack-nova-novncproxy restart
service neutron-server restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart
service neutron-metadata-agent restart
Also restart your chosen Networking plug-in agent, for example, Open vSwitch.
service neutron-openvswitch-agent restart
service openstack-cinder-api restart
service openstack-cinder-backup restart
service openstack-cinder-scheduler restart
service openstack-cinder-volume restart
On ubuntu run:
service --status-all | grep nova
service --status-all | grep neutron Restart Compute services:
cd /iaas/scorchestrator
./SCOrchestrator.py (stop|start|)