HOS 2.1 Ceph Installation with Network Customisation (5-of-8)

Helion OpenStack 2.1 Example Cloud Deployment

It’s now time to start the deployment.

As I have protected the SSH key with a passphrase I need to execute the following commands to avoid having to enter the passphrase on every attempt by Ansible to connect to the client nodes (I have mentioned this earlier in the blog but it’s taken me several days, disconnects and reboots to get to this point in the blog and I need to do it again 😉 ):

eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa

 

InstallC (1)

If HOS 2.1 is behind a firewall and a proxy server is required to access the internet add the proxy details for Sherpa as follows:

sed -i 's$sherpa_http_proxy$http://172.16.1.5:8080$' ~/helion/my_cloud/config/sherpa/sherpa.conf.j2
sed -i 's$sherpa_https_proxy$http://172.16.1.5:8080$' ~/helion/my_cloud/config/sherpa/sherpa.conf.j2
sed -i 's$sherpa_no_proxy$localhost$' ~/helion/my_cloud/config/sherpa/sherpa.conf.j2

 

InstallC (2)

[WORKAROUND] – There is currently an issue with the Elasticsearch name that requires that you change it in the logging configuration file before continuing in the installation.

sed -i "s/default='elasticsearch'/default='bananas'/" ~/helion/hos/ansible/roles/logging-common/defaults/main.yml

 

If you need to encrypt your iLO passwords you can use the script provided in an earlier blog that will encrypt all the passwords at once in the servers.xml file as follows:

export HOS_USER_PASSWORD_ENCRYPT_KEY=SomeSecretKey
python hosencryptfile.py -fe ~/helion/my_cloud/definition/data/servers.yml

 

InstallC (4)

Now that all the configuration is complete we need to commit all the changes into the repository as follows:

cd ~/helion/hos/ansible
git add -A
git commit -m "Basic cloud model updates configured"

 

InstallC (5)

Provisioning the bare metal nodes

The following command will verify that all the passwords are correct and that your configuration network (management network in this scenario) is communicating correctly with the IPMI network.

export HOS_USER_PASSWORD_ENCRYPT_KEY=SomeSecretKey
ansible-playbook -i hosts/localhost bm-power-status.yml 

 

InstallC (6)

Deploying Cobbler on the HLM

You’ll be prompted for a password that will be used to initially access the nodes – [Note to self: I used “helion”].

ansible-playbook -i hosts/localhost cobbler-deploy.yml

 

InstallC (7)

Verify the list of nodes that are going to be built – you should not see the deployer/controller1 in this list.

sudo cobbler system find --netboot-enabled=1

 

InstallC (8)

Start a screen session if not working directly on the console –
Install screen and then run it as follows

sudo apt-get install screen
screen
export HOS_USER_PASSWORD_ENCRYPT_KEY=SomeSecretKey

 

Because I’ve used a passphrase on my SSH key I need to run the following commands to avoid repeatedly having to type the passphrase.

eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa

 

Now execute the following command to install the base hLinux on these nodes:

cd ~/helion/hos/ansible
ansible-playbook -i hosts/localhost bm-reimage.yml

 

or

ansible-playbook -i hosts/localhost bm-reimage.yml -e nodelist=all

 

if it’s a re-install

InstallC (9)

Now we run the configuration processor which will effectively validate our model.
Once again we’ll be prompted for a password if we wish to encrypt the sensitive data processed by this step. I’ll use ‘H3lionhelion!’ for a change.

cd ~/helion/hos/ansible
ansible-playbook -i hosts/localhost config-processor-run.yml

 

InstallC (10)

InstallC (17)

Now we will create a self-signed certificate to configure TLS on the public endpoints.

Note: In a production setup your Security/PKI team should be able to organise this for you.

Examine the ~/helion/my_cloud/info/address_info.yml file to get the ip address of the public endpoint

InstallC (18)

openssl req -nodes -newkey rsa:2048 -keyout my-public-cert.key -out my-public-cert.csr -text -subj '/C=US/O=Helion Test Certificate/CN=hos2.allthingscloud.eu/emailAddress=admin@ficticious.org/'

InstallC (19)

cat > v3_ext.cnf << *EOF*
[ v3_req ]
subjectAltName=DNS:hos2.allthingscloud.eu,DNS:172.16.61.5, IP:172.16.61.5
*EOF*

InstallC (20)

openssl x509 –days 365 -extfile v3_ext.cnf -extensions v3_req -in my-public-cert.csr -signkey my-public-cert.key -req -text -out my-public-cert.crt

InstallC (21)

 

Now it’s necessary to combine the contents of my-public-cert.key and my-public-cert.crt into a single file which is used by the HLM installer and Copy it to ~/helion/my_cloud/config/tls/certs/

cat my-public-cert.key my-public-cert.crt > allthingscloud-certs
cp allthingscloud-certs ~/helion/my_cloud/config/tls/certs/allthingscloud-certs

 

InstallC (22)

Modify the network_groups.yml file to include this new this new TLS configuration

InstallC (23)

Now we can re-commit everything and re-run the configuration processor.
Note: I’ve also added hos2.allthingscloud.eu to my /etc/hosts file as I’m not using a DNS server.

InstallC (24)

cd ~/helion/hos/ansible
git add -A
git commit -m "Added TLS configuration"

ansible-playbook -i hosts/localhost config-processor-run.yml

 

InstallC (56)

Now we’re finally ready to deploy the cloud

ansible-playbook -i hosts/localhost ready-deployment.yml

 

InstallC (26)

As these servers have been used for previous deployments I need to wipe all the existing drive configurations as follows:

ansible-playbook -i hosts/verb_hosts wipe_disks.yml --ask-vault-pass

 

We get a couple of fails for the compute nodes which is acceptable – they don’t have any spare drives assigned – if we wipe the OS drive I’d have to start again 🙂

InstallC (28)

Now let’s kick off the cloud deployment proper

ansible-playbook -i hosts/verb_hosts site.yml --ask-vault-pass

 

InstallC (29)

I’ve never seen this warning before – hopefully it’s safe to ignore – looks like an Ansible best practise warning …

InstallC (45)

This looks like a successful installation.

One thought on “HOS 2.1 Ceph Installation with Network Customisation (5-of-8)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s