From 7b13f9954aa8c38b7229ce336e65843cc438fd1f Mon Sep 17 00:00:00 2001 From: Arif Ali Date: Sun, 5 Oct 2014 00:14:53 +0100 Subject: [PATCH] Added a hpc sample heat template, updated xCAT templates, and some automated scripts for GRE/VXLAN 3 node installation Signed-off-by: Arif Ali --- .gitignore | 2 + heat_templates/compute_node.yaml | 139 ++++++++++++ heat_templates/hpc.yaml | 225 +++++++++++++++++++ packstack/packstack-answers-multi.txt | 8 +- scripts/gre-packstack.sh | 75 +++++++ scripts/vxlan-packstack.sh | 68 ++++++ xcat/c7-os/common.juno.tmpl | 3 +- xcat/c7-os/controller.juno.otherpkgs.pkglist | 3 +- xcat/postscripts/scripts/packstack-openstack | 4 +- 9 files changed, 519 insertions(+), 8 deletions(-) create mode 100644 .gitignore create mode 100644 heat_templates/compute_node.yaml create mode 100644 heat_templates/hpc.yaml create mode 100644 scripts/gre-packstack.sh create mode 100644 scripts/vxlan-packstack.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d38c149 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.swp +*~ diff --git a/heat_templates/compute_node.yaml b/heat_templates/compute_node.yaml new file mode 100644 index 0000000..5141176 --- /dev/null +++ b/heat_templates/compute_node.yaml @@ -0,0 +1,139 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to deploy one compute node into an xisting neutron tenant network and + assign floating IP address to the server so they are routable from the + public network. + +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + image: + type: string + description: Name of image to use for servers + flavor: + type: string + description: Flavor to use for servers + public_net_id: + type: string + description: > + ID of public network for which floating IP addresses will be allocated + private_net_id: + type: string + description: ID of private network into which servers get deployed + private_subnet_id: + type: string + description: ID of private sub network into which servers get deployed + master_node_ip: + type: string + description: IP address of the Master node. + #index_name: + # type: string + # description: IP address of the Master node. + +resources: + + node_wait_handle: + type: "AWS::CloudFormation::WaitConditionHandle" + + node_wait_condition: + type: "AWS::CloudFormation::WaitCondition" + depends_on: + - compute_node + properties: + Handle: + get_resource: node_wait_handle + Timeout: "300" + + secgroup_all_open: + type: "OS::Neutron::SecurityGroup" + properties: + rules: + - protocol: icmp + - protocol: tcp + - protocol: udp + + compute_node: + type: OS::Nova::Server + properties: + name: compute + image: { get_param: image } + flavor: { get_param: flavor } + key_name: { get_param: key_name } + networks: + - port: { get_resource: compute_port } + user_data_format: RAW + user_data: + str_replace: + template: | + #!/bin/sh + + cat > /etc/yum.repos.d/epel-7.repo << EOF + [epel-7] + name=epel-7 + baseurl=http://192.168.33.200/install/post/otherpkgs/el7/epel + enabled=1 + gpgcheck=0 + EOF + + cat > /etc/yum.repos.d/rdo-openstack.repo << EOF + [rdo-openstack] + name=rdo-openstack + baseurl=http://192.168.33.200/install/post/otherpkgs/el7/rdo-openstack + enabled=1 + gpgcheck=0 + EOF + + yum -y remove NetworkManager + chkconfig network on + + yum -y install heat-cfntools + + myip=$(ip addr show eth0 | awk '$1 == "inet" {print $2}' | cut -f1 -d/) + myip_last_octet=${myip##*.} + + cfn-signal -e0 --data 'OK' -r 'Setup complete' '$WAIT_HANDLE' + params: + "$MASTER_NODE_IP": + get_param: master_node_ip + "$WAIT_HANDLE": + get_resource: node_wait_handle + networks: + - port: + get_resource: compute_node_eth0 + + compute_node_eth0: + type: OS::Neutron::Port + properties: + network_id: { get_param: private_net_id } + fixed_ips: + - subnet_id: { get_param: private_subnet_id } + security_groups: [{ get_resource: secgroup_all_open }] + + compute_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: public_net_id } + port_id: { get_resource: compute_node_eth0 } + + compute_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + +outputs: + compute_node_ip: + description: IP address of compute node in private network + value: { get_attr: [ compute_node_eth0, fixed_ips, 0, ip_address ] } + compute_node_external_ip: + description: Floating IP address of compute node in public network + value: { get_attr: [ compute_floating_ip, floating_ip_address ] } diff --git a/heat_templates/hpc.yaml b/heat_templates/hpc.yaml new file mode 100644 index 0000000..dd1e50c --- /dev/null +++ b/heat_templates/hpc.yaml @@ -0,0 +1,225 @@ +heat_template_version: 2013-05-23 + +description: > + This template will boot a Kubernetes cluster with one or more + minions (as specified by the number_of_minions parameter, which + defaults to "2"). + +parameters: + + # + # REQUIRED PARAMETERS + # + key_name: + type: string + description: name of ssh key to be provisioned on our server + public_net_id: + type: string + description: uuid of a network to use for floating ip addresses + private_net_id: + type: string + description: uuid of a network to use for floating ip addresses + private_subnet_id: + type: string + description: uuid of a network to use for floating ip addresses + + # + # OPTIONAL PARAMETERS + # + image: + type: string + default: centos7 + description: glance image used to boot the server + + flavor: + type: string + default: m1.small + description: flavor to use when booting the server + + dns_nameserver: + type: string + description: address of a dns nameserver reachable in your environment + default: 8.8.8.8 + + number_of_compute_nodes: + type: string + description: how many compute nodes to spawn + default: 10 + +resources: + + master_wait_handle: + type: "AWS::CloudFormation::WaitConditionHandle" + + master_wait_condition: + type: "AWS::CloudFormation::WaitCondition" + depends_on: + - master_node + properties: + Handle: + get_resource: master_wait_handle + Timeout: "300" + + ###################################################################### + # + # network resources. allocate a network and router for our server. + # it would also be possible to take advantage of existing network + # resources (and have the deployer provide network and subnet ids, + # etc, as parameters), but I wanted to minmize the amount of + # configuration necessary to make this go. + #fixed_net: + # type: "OS::Neutron::Net" + + # This is the subnet on which we will deploy our server. + #fixed_subnet: + # type: "OS::Neutron::Subnet" + # properties: + # cidr: 10.0.9.0/24 + # network_id: { get_param: private_net_id } + # dns_nameservers: { get_param: dns_nameserver } + + # create a router attached to the external network provided as a + # parameter to this stack. + #extrouter: + # type: "OS::Neutron::Router" + # properties: + # external_gateway_info: + # network: + # get_param: public_net_id + + # attached fixed_subnet to our extrouter router. + #extrouter_inside: + # type: "OS::Neutron::RouterInterface" + # properties: + # router_id: + # get_resource: extrouter + # subnet_id: + # get_param: + # private_subnet_id + + ###################################################################### + # + # security groups. we need to permit network traffic of various + # sorts. + # + + secgroup_base: + type: "OS::Neutron::SecurityGroup" + properties: + rules: + - protocol: icmp + - protocol: tcp + port_range_min: 22 + port_range_max: 22 + + secgroup_compute: + type: "OS::Neutron::SecurityGroup" + properties: + rules: + - protocol: tcp + port_range_min: 22 + port_range_max: 22 + - protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + + ###################################################################### + # + # databases server. this sets up a MySQL server + # + master_node: + type: "OS::Nova::Server" + #depends_on: + # - extrouter_inside + properties: + image: + get_param: image + flavor: + get_param: flavor + key_name: + get_param: key_name + user_data_format: RAW + user_data: + str_replace: + template: | + #!/bin/sh + + yum -y upgrade + + cat > /etc/yum.repos.d/epel-7.repo << EOF + [epel-7] + name=epel-7 + baseurl=http://192.168.33.200/install/post/otherpkgs/el7/epel + enabled=1 + gpgcheck=0 + EOF + + cat > /etc/yum.repos.d/rdo-openstack.repo << EOF + [rdo-openstack] + name=rdo-openstack + baseurl=http://192.168.33.200/install/post/otherpkgs/el7/rdo-openstack + enabled=1 + gpgcheck=0 + EOF + + yum -y install heat-cfntools + + cfn-signal -e0 --data 'OK' -r 'Setup complete' '$WAIT_HANDLE' + params: + #"$COMP_NODE_ADDRESSES": {"Fn::Join": [",", {get_attr: [compute_nodes, compute_node_ip]}]} + "$WAIT_HANDLE": + get_resource: master_wait_handle + networks: + - port: + get_resource: master_node_eth0 + + master_node_eth0: + type: "OS::Neutron::Port" + properties: + network_id: + get_param: private_net_id + security_groups: + - get_resource: secgroup_base + - get_resource: secgroup_compute + fixed_ips: + - subnet_id: + get_param: private_subnet_id + + master_node_floating: + type: "OS::Neutron::FloatingIP" + #depends_on: + # - extrouter_inside + properties: + floating_network_id: + get_param: public_net_id + port_id: + get_resource: master_node_eth0 + + compute_nodes: + type: "OS::Heat::ResourceGroup" + #depends_on: + # - extrouter_inside + properties: + count: {get_param: number_of_compute_nodes} + resource_def: + type: compute_node.yaml + properties: + #index_name: %index% + key_name: {get_param: key_name} + image: {get_param: image} + flavor: {get_param: flavor} + private_net_id: {get_param: private_net_id} + private_subnet_id: {get_param: private_subnet_id} + public_net_id: {get_param: public_net_id} + master_node_ip: {get_attr: [master_node_eth0, fixed_ips, 0, ip_address]} + +outputs: + + master_node: + value: {get_attr: [master_node_floating, floating_ip_address]} + + compute_nodes: + value: {get_attr: [compute_nodes, compute_node_ip]} + + compute_node_external: + value: {get_attr: [compute_nodes, compute_node_external_ip]} diff --git a/packstack/packstack-answers-multi.txt b/packstack/packstack-answers-multi.txt index 335475d..7c4eb4d 100644 --- a/packstack/packstack-answers-multi.txt +++ b/packstack/packstack-answers-multi.txt @@ -22,8 +22,8 @@ CONFIG_NEUTRON_L2_PLUGIN=ml2 CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vlan CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vlan CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch -CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet_xcat:1000:2000 +CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet_internal:1000:2000 CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=vlan -CONFIG_NEUTRON_OVS_VLAN_RANGES=physnet_xcat:1000:2000 -CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet_xcat:br-xcat -CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-xcat:enp2s1f0 +CONFIG_NEUTRON_OVS_VLAN_RANGES=physnet_internal:1000:2000 +CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet_internal:br-xcat +CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-internal:enp2s1f0 diff --git a/scripts/gre-packstack.sh b/scripts/gre-packstack.sh new file mode 100644 index 0000000..6c83f1b --- /dev/null +++ b/scripts/gre-packstack.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +packstack --gen-answer-file /root/packstack_answers.txt + +cat > /tmp/sed.script << EOF +s/\(CONFIG_KEYSTONE_ADMIN_PW=\).*/\1openstack/g +s/\(CONFIG_HEAT_INSTALL=\).*/\1y/g +s/\(CONFIG_NTP_SERVERS=\).*/\110.0.0.251/g + +s/\(CONFIG_COMPUTE_HOSTS=\).*/\110.0.0.1,10.0.0.2,10.0.0.3/g + +s/\(CONFIG_USE_EPEL=\).*/\1n/g +s/\(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=\).*/\1physnet_ex:br-ex/g +s/\(CONFIG_NEUTRON_OVS_BRIDGE_IFACES=\).*/\1br-ex:enp2s1f1/g +s/\(CONFIG_PROVISION_DEMO=\).*/\1n/g + +s/\(CONFIG_NEUTRON_ML2_TYPE_DRIVERS=\).*/\1gre,flat/g +s/\(CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=\).*/\1gre/g +s/\(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=\).*/\1gre/g +s/\(CONFIG_NEUTRON_OVS_TUNNEL_RANGES=\).*/\11:1000/g +s/\(CONFIG_NEUTRON_OVS_TUNNEL_IF=\).*/\1enp2s1f0/g +EOF + +sed -i -f /tmp/sed.script /root/packstack_answers.txt + +packstack --answer-file /root/packstack_answers.txt + +. /root/keystonerc_admin +neutron net-create ext_net --provider:network_type=flat --provider:physical_network=physnet_ex --router:external=True +neutron subnet-create --name ext_subnet --disable-dhcp ext_net 192.168.33.0/24 \ + --gateway 192.168.33.254 --allocation-pool start=192.168.33.161,end=192.168.33.190 + +wget --no-check-certificate https://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img + +glance image-create --name cirros --is-public=True --disk-format=qcow2 \ + --container-format=bare --disk-format=qcow2 --file /root/cirros-0.3.3-x86_64-disk.img + +keystone tenant-create --name demo + +demo_tenant_id=$(keystone tenant-get demo | grep id | awk '{print $4}') + +neutron net-create stack_net_priv --provider:network_type=gre --tenant-id ${demo_tenant_id} --provider:segmentation_id=11 +keystone user-create --name demo --pass demo +keystone user-role-add --user demo --role _member_ --tenant demo + +cat > /root/keystonerc_demo << EOF +export OS_USERNAME=demo +export OS_TENANT_NAME=demo +export OS_PASSWORD=demo +export OS_AUTH_URL=http://10.0.0.1:5000/v2.0/ +export PS1='[\u@\h \W(keystone_demo)]\$ ' +EOF + +. /root/keystonerc_demo + +ssh-keygen -t rsa -b 4096 -N '' -f /root/id_rsa_demo +nova keypair-add --pub-key /root/id_rsa_demo.pub demo_key + +neutron subnet-create --name stack_subnet_priv --dns-nameserver 8.8.8.8 stack_net_priv 10.0.8.0/24 + +neutron router-create extnet_stackrouter +neutron router-gateway-set extnet_stackrouter ext_net +neutron router-interface-add extnet_stackrouter stack_subnet_priv + +neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 default +neutron security-group-rule-create --protocol icmp default + +subnet_id=$(neutron subnet-show stack_subnet_priv | grep network_id | awk '{print $4}') + +nova boot --poll --flavor m1.tiny --image cirros --nic net-id=${subnet_id} --key-name demo_key --min-count 8 test0 + +for i in `seq 1 8` +do + nova floating-ip-create ext_net +done diff --git a/scripts/vxlan-packstack.sh b/scripts/vxlan-packstack.sh new file mode 100644 index 0000000..8ae9191 --- /dev/null +++ b/scripts/vxlan-packstack.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +packstack --gen-answer-file /root/packstack_answers.txt + +cat > /tmp/sed.script << EOF +s/\(CONFIG_KEYSTONE_ADMIN_PW=\).*/\1openstack/g +s/\(CONFIG_HEAT_INSTALL=\).*/\1y/g +s/\(CONFIG_NTP_SERVERS=\).*/\110.0.0.251/g + +s/\(CONFIG_COMPUTE_HOSTS=\).*/\110.0.0.1,10.0.0.2,10.0.0.3/g + +s/\(CONFIG_USE_EPEL=\).*/\1n/g +s/\(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=\).*/\1physnet_ex:br-ex,physnet_mgmt:br-mgmt/g +s/\(CONFIG_NEUTRON_OVS_BRIDGE_IFACES=\).*/\1br-ex:enp2s1f1,br-mgmt:enp2s1f0/g +s/\(CONFIG_PROVISION_DEMO=\).*/\1n/g +EOF + +sed -i -f /tmp/sed.script /root/packstack_answers.txt + +packstack --answer-file /root/packstack_answers.txt + +. /root/keystonerc_admin +neutron net-create ext_net --router:external=True +neutron subnet-create --name ext_subnet --disable-dhcp ext_net 192.168.33.0/24 \ + --gateway 192.168.33.254 --allocation-pool start=192.168.33.161,end=192.168.33.190 + +wget --no-check-certificate https://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img + +glance image-create --name cirros --is-public=True --disk-format=qcow2 \ + --container-format=bare --disk-format=qcow2 --file /root/cirros-0.3.3-x86_64-disk.img + +keystone tenant-create --name demo +keystone user-create --name demo --pass demo +keystone user-role-add --user demo --role _member_ --tenant demo + +cat > /root/keystonerc_demo << EOF +export OS_USERNAME=demo +export OS_TENANT_NAME=demo +export OS_PASSWORD=demo +export OS_AUTH_URL=http://10.0.0.1:5000/v2.0/ +export PS1='[\u@\h \W(keystone_demo)]\$ ' +EOF + +. /root/keystonerc_demo + +ssh-keygen -t rsa -b 4096 -N '' -f /root/id_rsa_demo +nova keypair-add --pub-key /root/id_rsa_demo.pub demo_key + +neutron net-create stack_net_priv +neutron subnet-create --name stack_subnet_priv --dns-nameserver 8.8.8.8 stack_net_priv 10.0.8.0/24 + +neutron router-create extnet_stackrouter +neutron router-gateway-set extnet_stackrouter ext_net +neutron router-interface-add extnet_stackrouter stack_subnet_priv + +neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 default +neutron security-group-rule-create --protocol icmp default + +subnet_id=$(neutron subnet-show stack_subnet_priv | grep network_id | awk '{print $4}') + +nova boot --poll --flavor m1.tiny --image cirros --nic net-id=${subnet_id} --key-name demo_key --min-count 8 test0 + +for i in `seq 1 8` +do + nova floating-ip-create ext_net +done + + diff --git a/xcat/c7-os/common.juno.tmpl b/xcat/c7-os/common.juno.tmpl index 8e49dbe..36d9081 100644 --- a/xcat/c7-os/common.juno.tmpl +++ b/xcat/c7-os/common.juno.tmpl @@ -133,7 +133,8 @@ auth --useshadow --enablemd5 # # SE Linux # -selinux --permissive +#selinux --permissive +selinux --disabled # # Reboot after installation diff --git a/xcat/c7-os/controller.juno.otherpkgs.pkglist b/xcat/c7-os/controller.juno.otherpkgs.pkglist index 8f180df..11a81f8 100644 --- a/xcat/c7-os/controller.juno.otherpkgs.pkglist +++ b/xcat/c7-os/controller.juno.otherpkgs.pkglist @@ -1,5 +1,6 @@ ## PackStack/Puppet -puppet/puppet +epel/puppet +#puppet/puppet rdo-openstack-juno/openstack-packstack rdo-openstack-juno/openstack-puppet-modules epel/erlang diff --git a/xcat/postscripts/scripts/packstack-openstack b/xcat/postscripts/scripts/packstack-openstack index 558eb4a..64ba58a 100755 --- a/xcat/postscripts/scripts/packstack-openstack +++ b/xcat/postscripts/scripts/packstack-openstack @@ -37,7 +37,7 @@ neutron subnet-create --name ext_subnet --disable-dhcp ext_net 192.168.33.0/24 \ neutron net-create int_net neutron subnet-create --name int_subnet --disable-dhcp int_net 10.0.0.0/23 \ - --gateway 10.0.0.201 --allocation-pool start=10.0.0.161,end=10.0.0.190 + --gateway 10.0.0.251 --allocation-pool start=10.0.0.161,end=10.0.0.190 # Add the default cirros image from xCAT's local repo mkdir -p /post @@ -75,7 +75,7 @@ neutron subnet-create --name stack_subnet_priv --dns-nameserver 8.8.8.8 stack_ne neutron router-create extnet_stackrouter neutron router-gateway-set extnet_stackrouter ext_net -neutron router-interface-add extnet_stackrouter stack_net_priv +neutron router-interface-add extnet_stackrouter stack_subnet_priv # Allow ssh and ping from the default security group neutron security-group-rule-create --protocol icmp default