Helion OpenStack 2.1 Example Cloud Deployment
It’s now time to start the deployment.
As I have protected the SSH key with a passphrase I need to execute the following commands to avoid having to enter the passphrase on every attempt by Ansible to connect to the client nodes (I have mentioned this earlier in the blog but it’s taken me several days, disconnects and reboots to get to this point in the blog and I need to do it again 😉 ):
eval $(ssh-agent) ssh-add ~/.ssh/id_rsa
If HOS 2.1 is behind a firewall and a proxy server is required to access the internet add the proxy details for Sherpa as follows:
sed -i 's$sherpa_http_proxy$http://172.16.1.5:8080$' ~/helion/my_cloud/config/sherpa/sherpa.conf.j2 sed -i 's$sherpa_https_proxy$http://172.16.1.5:8080$' ~/helion/my_cloud/config/sherpa/sherpa.conf.j2 sed -i 's$sherpa_no_proxy$localhost$' ~/helion/my_cloud/config/sherpa/sherpa.conf.j2
[WORKAROUND] – There is currently an issue with the Elasticsearch name that requires that you change it in the logging configuration file before continuing in the installation.
sed -i "s/default='elasticsearch'/default='bananas'/" ~/helion/hos/ansible/roles/logging-common/defaults/main.yml
If you need to encrypt your iLO passwords you can use the script provided in an earlier blog that will encrypt all the passwords at once in the servers.xml file as follows:
export HOS_USER_PASSWORD_ENCRYPT_KEY=SomeSecretKey python hosencryptfile.py -fe ~/helion/my_cloud/definition/data/servers.yml
Now that all the configuration is complete we need to commit all the changes into the repository as follows:
cd ~/helion/hos/ansible git add -A git commit -m "Basic cloud model updates configured"
Provisioning the bare metal nodes
The following command will verify that all the passwords are correct and that your configuration network (management network in this scenario) is communicating correctly with the IPMI network.
export HOS_USER_PASSWORD_ENCRYPT_KEY=SomeSecretKey ansible-playbook -i hosts/localhost bm-power-status.yml
Deploying Cobbler on the HLM
You’ll be prompted for a password that will be used to initially access the nodes – [Note to self: I used “helion”].
ansible-playbook -i hosts/localhost cobbler-deploy.yml
Verify the list of nodes that are going to be built – you should not see the deployer/controller1 in this list.
sudo cobbler system find --netboot-enabled=1
Start a screen session if not working directly on the console –
Install screen and then run it as follows
sudo apt-get install screen screen export HOS_USER_PASSWORD_ENCRYPT_KEY=SomeSecretKey
Because I’ve used a passphrase on my SSH key I need to run the following commands to avoid repeatedly having to type the passphrase.
eval $(ssh-agent) ssh-add ~/.ssh/id_rsa
Now execute the following command to install the base hLinux on these nodes:
cd ~/helion/hos/ansible ansible-playbook -i hosts/localhost bm-reimage.yml
ansible-playbook -i hosts/localhost bm-reimage.yml -e nodelist=all
if it’s a re-install
Now we run the configuration processor which will effectively validate our model.
Once again we’ll be prompted for a password if we wish to encrypt the sensitive data processed by this step. I’ll use ‘H3lionhelion!’ for a change.
cd ~/helion/hos/ansible ansible-playbook -i hosts/localhost config-processor-run.yml
Now we will create a self-signed certificate to configure TLS on the public endpoints.
Note: In a production setup your Security/PKI team should be able to organise this for you.
Examine the ~/helion/my_cloud/info/address_info.yml file to get the ip address of the public endpoint
openssl req -nodes -newkey rsa:2048 -keyout my-public-cert.key -out my-public-cert.csr -text -subj '/C=US/O=Helion Test Certificate/CN=hos2.allthingscloud.eu/emailAddressemail@example.com/' cat > v3_ext.cnf << *EOF* [ v3_req ] subjectAltName=DNS:hos2.allthingscloud.eu,DNS:172.16.61.5, IP:172.16.61.5 *EOF* openssl x509 –days 365 -extfile v3_ext.cnf -extensions v3_req -in my-public-cert.csr -signkey my-public-cert.key -req -text -out my-public-cert.crt
Now it’s necessary to combine the contents of my-public-cert.key and my-public-cert.crt into a single file which is used by the HLM installer and Copy it to ~/helion/my_cloud/config/tls/certs/
cat my-public-cert.key my-public-cert.crt > allthingscloud-certs cp allthingscloud-certs ~/helion/my_cloud/config/tls/certs/allthingscloud-certs
Modify the network_groups.yml file to include this new this new TLS configuration
Now we can re-commit everything and re-run the configuration processor.
Note: I’ve also added hos2.allthingscloud.eu to my /etc/hosts file as I’m not using a DNS server.
cd ~/helion/hos/ansible git add -A git commit -m "Added TLS configuration" ansible-playbook -i hosts/localhost config-processor-run.yml
Now we’re finally ready to deploy the cloud
ansible-playbook -i hosts/localhost ready-deployment.yml
As these servers have been used for previous deployments I need to wipe all the existing drive configurations as follows:
ansible-playbook -i hosts/verb_hosts wipe_disks.yml --ask-vault-pass
We get a couple of fails for the compute nodes which is acceptable – they don’t have any spare drives assigned – if we wipe the OS drive I’d have to start again 🙂
Now let’s kick off the cloud deployment proper
ansible-playbook -i hosts/verb_hosts site.yml --ask-vault-pass
I’ve never seen this warning before – hopefully it’s safe to ignore – looks like an Ansible best practise warning …
This looks like a successful installation.
One thought on “HOS 2.1 Ceph Installation with Network Customisation (5-of-8)”