Openstack evaluation

From Wikitech-static
Jump to navigation Jump to search

Goal

The goal is to evaluate openstack as a virtualization cluster management tool for miscellaneous services (This is as a comparison baseline to Ganeti for the same role)

Quick breakdown of design

  • Two machines, platinum/gold, networked with access ports in the same vlan/IP public address space.
  • ... more later

Rammifications of the design

VMs have a limited, flat network which has a simple trivial NAT to the outside. This should suffice for testing.

In practice, we'll probably want something that integrates better with our infrastructure if we are to use this for misc servers (possibly simply bridge, and leave DHCP to our real network?)

Installation

After the initial puppet run:

Nova-volume (storage) prefers whole partitions, so we set up a volume for it:

# swapoff -a
# vgrename platinum-vg nova-vg
# lvcreate -n nova-volume -L 200G nova-vg
fstab needs to be fixed to change the swap volume name at this point
# swapon -a


Nova wants a couple databases; there are a number of options (including redis) but for simplicity's sake I'm using mysql for the tests:

 # apt-get install mysql-server python-mysqldb 
 # mysql -p
 mysql> CREATE DATABASE nova;
 mysql> CREATE USER novadbadmin;
 mysql> GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%';
 mysql> SET PASSWORD FOR 'novadbadmin'@'%' = PASSWORD('<a password>');
 mysql> CREATE DATABASE glance;
 mysql> CREATE USER glancedbadmin;
 mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%';
 mysql> SET PASSWORD FOR 'glancedbadmin'@'%' = PASSWORD('<a password>');
 mysql> CREATE DATABASE keystone;
 mysql> CREATE USER keystonedbadmin;
 mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%';
 mysql> SET PASSWORD FOR 'keystonedbadmin'@'%' = PASSWORD('<a password>');

Install and configure keystone:

 # apt-get install keystone python-keystone python-keystoneclient
 # sed -i -e 's/^connection =.*/connection = mysql:\/\/keystonedbadmin:a password@127.0.0.1\/keystone/' /etc/keystone/keystone.conf
 # service keystone restart
 # keystone-manage db_sync

The whole openstack setup requires a number of tenants, users, roles and services. Create them now:

  # keystone tenant-create --name admin
  # keystone tenant-create --name service
  # keystone user-create --name admin --pass admin --email admin@example.com
  # keystone user-create --name nova --pass nova --email nova@example.com
  # keystone user-create --name glance --pass glance --email glance@example.com
  # keystone role-create --name admin
  # keystone role-create --name user
  # keystone user-role-add --user admin --role admin --tenant admin
  # keystone user-role-add --user nova --role admin --tenant service
  # keystone user-role-add --user glance --role admin --tenant service
  # keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
  # keystone service-create --name volume --type volume --description 'OpenStack Volume Service'
  # keystone service-create --name glance --type image --description 'OpenStack Image Service'
  # keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'
  # keystone endpoint-create --region test --service nova --publicurl 'http://208.80.154.84:8774/v2/$(tenant_id)s' --adminurl 'http://208.80.154.84:8774/v2/$(tenant_id)s' --internalurl 'http://208.80.154.84:8774/v2/$(tenant_id)s'
  # keystone endpoint-create --region test --service volume --publicurl 'http://208.80.154.84:8776/v1/$(tenant_id)s' --adminurl 'http://208.80.154.84:8776/v1/$(tenant_id)s' --internalurl 'http://208.80.154.84:8776/v1/$(tenant_id)s'
  # keystone endpoint-create --region test --service glance --publicurl 'http://208.80.154.84:9292/v1' --adminurl 'http://208.80.154.84:9292/v1' --internalurl 'http://208.80.154.84:9292/v1'
  # keystone endpoint-create --region test --service keystone --publicurl 'http://208.80.154.84:5000/v2.0' --adminurl 'http://208.80.154.84:35357/v2.0' --internalurl 'http://208.80.154.84:5000/v2.0'

Next up is glance:

  # apt-get install glance glance-api glance-common glance-registry python-glanceclient
  # sed -ie '/^admin/s/%SERVICE_TENANT_NAME%/service/' /etc/glance/glance-api.conf /etc/glance/glance-registry.conf 
  # sed -ie '/^admin/s/%SERVICE_USER%/glance/' /etc/glance/glance-api.conf /etc/glance/glance-registry.conf 
  # sed -ie '/^admin/s/%SERVICE_PASSWORD%/glance/' /etc/glance/glance-api.conf /etc/glance/glance-registry.conf 
  # sed -ie 's/^#\?\s*connection\s*=.*/connection = mysql:\/\/glancedbadmin:<a password>@127.0.0.1\/glance/' /etc/glance/glance-registry.conf
  # sed -ie 's/^#\?\s*flavor\s*=.*/flavor = keystone/' /etc/glance/glance-registry.conf /etc/glance/glance-api.conf
  # glance-manage db_version_control 0
  # glance-manage db_sync
  # service glance-api restart
  # service glance-registry restart

Nova:

  # apt-get install nova-api nova-cert nova-compute nova-compute-kvm nova-doc nova-network nova-scheduler nova-conductor rabbitmq-server novnc nova-consoleauth
  edit config
  # nova-manage db sync
  # nova-manage network create private --fixed_range_v4=192.168.4.32/27 --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=32
  # for i in libvirt-bin nova-api nova-conductor nova-network nova-compute nova-scheduler nova-cert nova-consoleauth; do service $i stop; done

Operations

All operations are done from platinum:

Create a new VM

You need to pick a flavor and an image; those can be listed with nova flavor-list and nova image-list respectively:

# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name      | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1  | m1.tiny   | 512       | 1    | 0         |      | 1     | 1.0         | True      |
| 2  | m1.small  | 2048      | 20   | 0         |      | 1     | 1.0         | True      |
| 3  | m1.medium | 4096      | 40   | 0         |      | 2     | 1.0         | True      |
| 4  | m1.large  | 8192      | 80   | 0         |      | 4     | 1.0         | True      |
| 5  | m1.xlarge | 16384     | 160  | 0         |      | 8     | 1.0         | True      |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
# nova image-list
+--------------------------------------+--------------+--------+--------+
| ID                                   | Name         | Status | Server |
+--------------------------------------+--------------+--------+--------+
| 3114d6d7-41b6-472a-b8e1-9f66906a0485 | Cirros 0.3.1 | ACTIVE |        |
| c2389c2d-7a02-42d3-a9d7-225c78f76c4d | Trusty       | ACTIVE |        |
+--------------------------------------+--------------+--------+--------+

(The Trusty image available is Canonical's default cloud image at this time)

You create and start a VM with:

 # nova boot --flavor 2 --image Trusty --key_name new_install --security_group default instance_name

The --key_name provides a default authorized_keys for the ubuntu user; it's currently set up to be the new_image key.

You can ssh to the instance with the user ubuntu (default from the image) which has sudo rights.

Reading the instance console

 # nova console-log instance_name

Listing instances

 # nova list

Deleting instances

 # nova delete instance_name

Power actions on instances

 # nova host-action --action reboot instance_name
 # nova host-action --action shutdown instance_name
 # nova host-action --action startup instance_name

Resize server

 # nova resize instance_name flavor --poll