Portal:Cloud VPS/Admin/Devstack

From Wikitech-static
Jump to navigation Jump to search

This is how you install devstack for designate inside a Cloud VPS instance running Debian Stretch.

Do not try this at home. Make a fresh instance. Devstack takes over the system, and can and will break everything (e.g., sudo-ldap).

You can also add horizon + designate-dashboard on top of this and presumably other OpenStack services.

The upstream instructions for this are located at https://docs.openstack.org/designate/latest/contributor/devstack.html - note they're based on Ubuntu Xenial (16.04) which is unsupported on Wikimedia servers - historically that has only appeared in Cloud VPS as a result of a couple of cases of old Ubuntu Trusty instances getting in-place upgraded, but Ubuntu no longer exists on any known running Wikimedia system.

Note these instructions have been tested on a machine with sudo-ldap/nslcd. If you use sudo/sssd then you probably need to skip our sudo-ldap sed below. If you use sudo-ldap/nslcd and neglect to run the sudo-ldap sed commands, you may find yourself unable to sudo from your user anymore, in which case you may find the fix to be ctrl+Cing everything, SSHing in directly as root (assuming you can - find out about the passwords::root::extra_keys hiera key otherwise), and running SUDO_FORCE_REMOVE=yes apt install sudo-ldap. https://review.opendev.org/#/c/662891/ should hopefully resolve this.

The other problem these instructions attempt to work around is Debian's MySQL/MariaDB packages. See https://review.opendev.org/#/c/580141/3 and https://bugs.launchpad.net/devstack/+bug/1673825 for more on that.

  1. Figure out where you're going to put your instance. You'll need projectadmin access in the tenant and the most appropriate place to run it is usually going to be the openstack tenant. If you don't have projectadmin access there, ask nicely.
  2. Log into Horizon and create an m1.medium instance running stretch. No need for any non-default security groups - in fact given this will likely be running with default credentials, you probably do not want to open up connections from anywhere else. Wait a few minutes for it to start up.
  3. SSH into the instance as your user. Devstack will set things up from your user, not root, so do not run sudo except for this:
  4. Do steps 2, 3, and 4 from the upstream instructions linked above (git clone, cd devstack, create local.conf). Note you'll need to change the SERVICE_HOST option in the example local.conf given to the private IP your instance.
  5. sed -i 's/libmysqlclient-dev/default-libmysqlclient-dev/' files/debs/{nova,neutron-common,general}
  6. sed -i 's/sudo/sudo-ldap/' files/debs/{nova,neutron-common}; sed -i 's/is_package_installed sudo || install_package sudo/is_package_installed sudo-ldap || install_package sudo-ldap/' tools/create-stack-user.sh stack.sh
  7. Do step 5 from the upstream instructions - stack.sh. It should fail with errors about MySQL not being accessible to root@localhost. What's happening there is it's expecting to be able to access the MySQL server as root with password authentication, but the package we're using sets it to unix socket authentication. So:
  8. sudo -i mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION; flush privileges;"
  9. Run stack.sh again.

You can use upstream steps 6 onwards to check things are okay and play around with it.