To bootstrap a new openstack-installation it is recommended to install the bootstrap-role on a single machine, and from that machine install all the other nodes. At the end this machine is supposed to be decommissioned, as the other machines should provide all services in a redundant manner.

This article describes the steps needed to install the bootstrap-role onto a freshly installed server running ubuntu.

Installation

Install puppet

Download and install the puppet5 deb for your distro from here: https://apt.puppet.com/, and install the puppetserver.

Install puppet
root@bootstrap:~# wget https://apt.puppet.com/puppet5-release-xenial.deb
root@bootstrap:~# dpkg -i puppet5-release-xenial.deb 
root@bootstrap:~# apt-get update
  ...
Get:5 http://apt.puppetlabs.com xenial InRelease               
Get:6 http://apt.puppetlabs.com xenial Release [76.0 kB]
Get:7 http://apt.puppetlabs.com xenial Release.gpg [836 B]
Get:8 http://apt.puppetlabs.com xenial/puppet5 amd64 Packages [6,884 B]
Get:9 http://apt.puppetlabs.com xenial/puppet5 i386 Packages [6,068 B]
Get:10 http://apt.puppetlabs.com xenial/puppet5 all Packages [3,521 B]
Fetched 93.3 kB in 0s (108 kB/s)       
Reading package lists... Done
root@bootstrap:~# apt-get install puppetserver

The bootstrap needs a certificate which is valid for its own name, in addition to the names for the puppetserver and puppetdb role. Add these names to /etc/puppetlabs/puppet/puppet.conf before you run the puppetagent which generates these certificates. Run puppet using the bootstrap-machine as master. Verify that the SSL certificates generated includes the puppet and puppetdb alt names.

Puppet SSL certificates
root@bootstrap:~# vim /etc/puppetlabs/puppet/puppet.conf
root@bootstrap:~# tail -n 2 /etc/puppetlabs/puppet/puppet.conf
[main]
dns_alt_names = puppet.skyhigh.iik.ntnu.no,puppetdb.skyhigh.iik.ntnu.no
root@bootstrap:~# grep puppet /etc/hosts
10.212.128.9	bootstrap.infra.skyhigh.iik.ntnu.no	bootstrap puppet puppetdb
 
root@bootstrap:~# systemctl start puppetserver
root@bootstrap:~# puppet agent --test --server bootstrap.infra.skyhigh.iik.ntnu.no
 ...
Notice: Applied catalog in 0.01 seconds
root@bootstrap:~# puppet cert list --all
+ "bootstrap.infra.skyhigh.iik.ntnu.no" (SHA256) A3:C1:1C:BF:49:C3:2E:9F:97:3F:0A:B9:CB:76:44:B2:74:7F:BB:B9:3E:62:3E:8F:88:1F:62:E0:F1:35:E0:E8 (alt names: "DNS:bootstrap.infra.skyhigh.iik.ntnu.no", "DNS:puppet.skyhigh.iik.ntnu.no", "DNS:puppetdb.skyhigh.iik.ntnu.no")

Install r10k

At this point there are a working puppet infrastructure in place. Next up is installing and configuring r10k, and deploying your first environment. In this example the environment "infrastructure" is deployed:

Install r10k
root@bootstrap:~# /opt/puppetlabs/puppet/bin/gem install r10k
root@bootstrap:~# mkdir /etc/puppetlabs/r10k
root@bootstrap:~# vim /etc/puppetlabs/r10k/r10k.yaml
root@bootstrap:~# cat /etc/puppetlabs/r10k/r10k.yaml
---
:cachedir: /opt/puppetlabs/puppet/cache/r10k
:sources:
  puppet:
    basedir: /etc/puppetlabs/code/environments
    remote: https://github.com/ntnusky/r10k.git
root@bootstrap:~# /opt/puppetlabs/puppet/bin/r10k deploy environment infrastructure -pv

Set up hiera

Create the folder for the hieradata, create the initial datafiles, initialize a git-repo and commit the initial structures.

Set up hiera datafiles
root@bootstrap:~# mkdir /etc/puppetlabs/puppet/data
root@bootstrap:~# cd /etc/puppetlabs/puppet/data
root@bootstrap:/etc/puppetlabs/puppet/data# mkdir nodes
root@bootstrap:/etc/puppetlabs/puppet/data# touch common.yaml networking.yaml packages.yaml sensu.yaml users.yaml nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# git init .
Initialized empty Git repository in /etc/puppetlabs/puppet/data/.git/
root@bootstrap:/etc/puppetlabs/puppet/data# git add .
root@bootstrap:/etc/puppetlabs/puppet/data# git commit -m "Initial import"

To configure hiera you might simply pull the latest version of the hiera.yaml file from github:

Configure hiera
root@bootstrap:/etc/puppetlabs/puppet# wget https://raw.githubusercontent.com/ntnusky/profile/master/files/puppet/hiera.yaml
   ...
2017-12-22 14:18:52 (334 KB/s) - 'hiera.yaml.1' saved [72001]
root@bootstrap:/etc/puppetlabs/puppet# mv hiera.yaml.1 hiera.yaml

Next up is populating the hiearchi with information based on this wikipage, and commiting this to the git repository

Set up hiera datafiles
root@bootstrap:/etc/puppetlabs/puppet/data# git add common.yaml networking.yaml packages.yaml users.yaml
root@bootstrap:/etc/puppetlabs/puppet/data# git commit -m "Initial data"

Add the class "role::bootstrap" to the node-specific hierafile so that the role can be set before the ENC is up and running. You should also configure the dashboard on bootstrap to not use the load-balancer before bootstrap is fully installed. Please see the example how the node-specific hierafile can look like. Also make sure that sensu and munin is set to not be installed; as we need the servers installed before we install the clients.

Define role for bootstrap
root@bootstrap.infra.skyhigh.iik.ntnu.no:/etc/puppetlabs/puppet/data# cat nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml 
---
classes:
 - 'role::bootstrap'

profile::interfaces:
 - 'eno1'

profile::puppet::altnames:
 - 'puppet.skyhigh.iik.ntnu.no'
 - 'puppetdb.skyhigh.iik.ntnu.no'

profile::interfaces::eno1::method: 'static'
profile::interfaces::eno1::address: '10.212.132.9'
profile::interfaces::eno1::netmask: '255.255.255.0'
profile::interfaces::eno1::gateway: '10.212.132.1'
profile::interfaces::eno1::tableid: 1

profile::interfaces::management: 'eno1'
profile::dhcp::pxe::server: "%{hiera('profile::interfaces::eno1::address')}"
profile::dashboard::database::host: "%{hiera('profile::interfaces::eno1::address')}"

profile::haproxy::web::profile: 'management'

root@bootstrap:/etc/puppetlabs/puppet/data# grep install: common.yaml 
profile::munin::install: false
profile::sensu::install: false

Start the installation

Start the installation
root@bootstrap:/etc/puppetlabs/puppet/data# systemctl restart puppetserver
root@bootstrap:/etc/puppetlabs/puppet/data# puppet agent --test --server puppet.skyhigh.iik.ntnu.no --environment infrastructure

At this point puppet should be able to configure most of whats needed. Puppet will also configure the master to use shiftleader as an ENC, so it is expected that puppet would stop work after the puppet-run until we have fed the dashboard with useful information.

Access shiftleader, and add initial information

Add a line in your local hosts-file pointing your dashboard-name to the machine you just installed. Open your web-browser pointing at this name. You should get a login-page where you can attempt to log in. The login should be declined as your user does not yet have acces. Access can be granted to users like so:

Grant access to shiftleader
root@bootstrap.infra.skyhigh.iik.ntnu.no:~# /opt/shiftleader/manage.py ldap_promote <username>

At this point you should be able to log into the dashboard. Now you need to add a couple of things trough the webinterface:

  • Deploy at least one puppet environment for the dashboard to discover your roles.
  • Add the bootstrap machine, using its name/mac/ip/etc
  • Add DNS records for:
    • Puppet
    • Puppetdb
    • Mysql
    • The dashboard
    • The dashboard api (a v4-only record to the dashboard)
    • Postgres
    • The loadbalancer IP

Finalizing the installation

Now your installation should work. Remove all entries added to your host-file, both on your client and on the bootstrapping machine. Verify that everything (puppet, mysql, shiftleader etc) works.

  • No labels