Quick Note: NovaJoin in the Overcloud

In the last post, we discussed how to — starting from quickstart — get an undercloud which was enrolled with FreeIPA and which had the novajoin service up and running.  As part of the work to get that going, we had to create some puppet modules for novajoin.  We can reuse those same puppet modules to help us deploy overcloud controllers which are also enrolled with FreeIPA and on which novajoin is installed and configured.

As before, this is a quick note, so there is stuff here that will likely change as we iterate through this.  All the configuration steps below take place on an undercloud which has been registered with FreeIPA, and on which novajoin is running.  You could, for example, use the methods in the previous section to create this undercloud.

Prepare the Overcloud Image

The overcloud image needs to be customized in a number of ways:

  1. The image needs to have a recent enough cloud-init in order to retrieve the vendor metadata to register with IPA.
  2. By default, package installs are disabled during an overcloud install.  Essentially, any package operations are replaced by a no-op.  This means that all required packages (novajoin in particular) need to be installed in the image ahead of time.

As root, run the following:

cd ~stack
source ./stackrc

cat > novajoin.repo << EOF
[rcritten-novajoin]
name=Copr repo for novajoin owned by rcritten
baseurl=https://copr-be.cloud.fedoraproject.org/results/rcritten/novajoin/epel-7-\$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/rcritten/novajoin/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF

chmod 777 /home/stack
virt-copy-in -a overcloud-full.qcow2 novajoin.repo /etc/yum.repos.d
virt-customize -a overcloud-full.qcow2 --install https://vakwetu.fedorapeople.org/novajoin/cloud-init-0.7.6-9.el7.x86_64.rpm
virt-customize -a overcloud-full.qcow2 --install python-novajoin
openstack overcloud image upload --update-existing
chmod 700 /home/stack

Make sure DNS is set correctly on the undercloud

As the stack user,

source ./stackrc

# set nameserver to ipa server 
ID=$(openstack subnet list -f value -c ID)
openstack subnet set ${ID} --dns-nameserver  <ipa_server_address>

Add the relevant puppet modules

We need to add the puppet modules for IPA and novajoin to the overcloud image.  In addition, a new puppet manifest needs to be added to puppet-tripleo to call the novajoin puppet modules.  We’ll pull all these changes in from current gerrit reviews.

Rather than using virt-customize to copy in the relevant files, we will use the swift artifacts mechanism (https://hardysteven.blogspot.fi/2016/08/tripleo-deploy-artifacts-and-puppet.html) to deploy the puppet modules.

# set up puppet artifact mechanism
git config --global user.email "alee@redhat.com"
git config --global user.name "Ade Lee"

git clone https://git.openstack.org/openstack/tripleo-common
export PATH="$PATH:/home/stack/tripleo-common/scripts"

mkdir puppet-modules
cd puppet-modules
git clone https://github.com/openstack/puppet-tripleo tripleo

cd tripleo
git fetch https://git.openstack.org/openstack/puppet-tripleo \
  refs/changes/88/374288/1 && git cherry-pick FETCH_HEAD
cd ..
git clone https://github.com/purpleidea/puppet-ipa.git ipa
git clone https://github.com/vakwetu/puppet-novajoin.git novajoin
cd ~

upload-puppet-modules -d puppet-modules

Get heat-templates

A new profile needs to be added to tripleo-heat-templates for the novajoin service.  This profile then needs to be included as an optional component.

git clone https://github.com/openstack/tripleo-heat-templates
cd tripleo-heat-templates
git fetch https://git.openstack.org/openstack/tripleo-heat-templates \
  refs/changes/85/374285/2 && git checkout FETCH_HEAD
cd ..

Create Environment Files

We create two environment files – one for joining IPA and one for novajoin.

cat >  /home/stack/tripleo-heat-templates/environments/ipa-join.yaml << EOF
parameter_defaults:
  ServerMetadata:
    ipa_hostClass: app_server
    ipa_enroll: True
  CloudDomain: alee.test.com
EOF

cat > novajoin.yaml << EOF
  resource_registry:
    OS::TripleO::Services::Novajoin: ./tripleo-heat-templates/puppet/services/novajoin.yaml
  parameter_defaults:
    IpaDomain: 'alee.test.com'
    IpaPassword: 'redhat123'
    IpaPrincipal: 'admin'
    IpaServer: '<ipa server hostname>'
    NovaPassword: 'DxpwEd4bXxtCQgPan8QDHQQMT'
EOF

Deploy the Overcloud!

openstack overcloud deploy \
  --templates ./tripleo-heat-templates \
   -e ./tripleo-heat-templates/environments/ipa-join.yaml \
   -e novajoin.yaml

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s