To bootstrap a new openstack-installation it is recommended to install the bootstrap-role on a single machine, and from that machine install all the other nodes. At the end this machine is supposed to be decommissioned, as the other machines should provide all services in a redundant manner.
This article describes the steps needed to install the bootstrap-role onto a freshly installed server running ubuntu.
Installation
Install puppet
Download and install the puppet5 deb for your distro from here: https://apt.puppet.com/, and install the puppetserver.
root@bootstrap:~# wget https://apt.puppet.com/puppet5-release-xenial.deb root@bootstrap:~# dpkg -i puppet5-release-xenial.deb root@bootstrap:~# apt-get update ... Get:5 http://apt.puppetlabs.com xenial InRelease Get:6 http://apt.puppetlabs.com xenial Release [76.0 kB] Get:7 http://apt.puppetlabs.com xenial Release.gpg [836 B] Get:8 http://apt.puppetlabs.com xenial/puppet5 amd64 Packages [6,884 B] Get:9 http://apt.puppetlabs.com xenial/puppet5 i386 Packages [6,068 B] Get:10 http://apt.puppetlabs.com xenial/puppet5 all Packages [3,521 B] Fetched 93.3 kB in 0s (108 kB/s) Reading package lists... Done root@bootstrap:~# apt-get install puppetserver
The bootstrap needs a certificate which is valid for its own name, in addition to the names for the puppetserver and puppetdb role. Add these names to /etc/puppetlabs/puppet/puppet.conf before you run the puppetagent which generates these certificates. Run puppet using the bootstrap-machine as master. Verify that the SSL certificates generated includes the puppet and puppetdb alt names.
root@bootstrap:~# vim /etc/puppetlabs/puppet/puppet.conf root@bootstrap:~# tail -n 2 /etc/puppetlabs/puppet/puppet.conf [main] dns_alt_names = puppet.skyhigh.iik.ntnu.no,puppetdb.skyhigh.iik.ntnu.no root@bootstrap:~# grep puppet /etc/hosts 10.212.128.9 bootstrap.infra.skyhigh.iik.ntnu.no bootstrap puppet puppetdb root@bootstrap:~# systemctl start puppetserver root@bootstrap:~# puppet agent --test --server bootstrap.infra.skyhigh.iik.ntnu.no ... Notice: Applied catalog in 0.01 seconds root@bootstrap:~# puppet cert list --all + "bootstrap.infra.skyhigh.iik.ntnu.no" (SHA256) A3:C1:1C:BF:49:C3:2E:9F:97:3F:0A:B9:CB:76:44:B2:74:7F:BB:B9:3E:62:3E:8F:88:1F:62:E0:F1:35:E0:E8 (alt names: "DNS:bootstrap.infra.skyhigh.iik.ntnu.no", "DNS:puppet.skyhigh.iik.ntnu.no", "DNS:puppetdb.skyhigh.iik.ntnu.no")
Install r10k
At this point there are a working puppet infrastructure in place. Next up is installing and configuring r10k, and deploying your first environment. In this example the environment "infrastructure" is deployed:
root@bootstrap:~# /opt/puppetlabs/puppet/bin/gem install r10k root@bootstrap:~# mkdir /etc/puppetlabs/r10k root@bootstrap:~# vim /etc/puppetlabs/r10k/r10k.yaml root@bootstrap:~# cat /etc/puppetlabs/r10k/r10k.yaml --- :cachedir: /opt/puppetlabs/puppet/cache/r10k :sources: puppet: basedir: /etc/puppetlabs/code/environments remote: https://github.com/ntnusky/r10k.git root@bootstrap:~# /opt/puppetlabs/puppet/bin/r10k deploy environment infrastructure -pv
Set up hiera
Create the folder for the hieradata, create the initial datafiles, initialize a git-repo and commit the initial structures.
root@bootstrap:~# mkdir /etc/puppetlabs/puppet/data root@bootstrap:~# cd /etc/puppetlabs/puppet/data root@bootstrap:/etc/puppetlabs/puppet/data# mkdir nodes root@bootstrap:/etc/puppetlabs/puppet/data# touch common.yaml networking.yaml packages.yaml sensu.yaml users.yaml nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml root@bootstrap:/etc/puppetlabs/puppet/data# git init . Initialized empty Git repository in /etc/puppetlabs/puppet/data/.git/ root@bootstrap:/etc/puppetlabs/puppet/data# git add . root@bootstrap:/etc/puppetlabs/puppet/data# git commit -m "Initial import"
To configure hiera you might simply pull the latest version of the hiera.yaml file from github:
root@bootstrap:/etc/puppetlabs/puppet# wget https://raw.githubusercontent.com/ntnusky/profile/infrastructure/files/puppet/hiera.yaml ... 2017-12-22 14:18:52 (334 KB/s) - 'hiera.yaml.1' saved [72001] root@bootstrap:/etc/puppetlabs/puppet# mv hiera.yaml.1 hiera.yaml
Next up is populating the hiearchi with information based on this wikipage, and commiting this to the git repository
root@bootstrap:/etc/puppetlabs/puppet/data# git add common.yaml networking.yaml packages.yaml users.yaml root@bootstrap:/etc/puppetlabs/puppet/data# git commit -m "Initial data"
Add the class "role::bootstrap" to the node-specific hierafile so that the role can be set before the ENC is up and running. You should also configure the dashboard on bootstrap to not use the load-balancer before bootstrap is fully installed. Please see the example how the node-specific hierafile can look like. Also make sure that sensu and munin is set to not be installed; as we need the servers installed before we install the clients.
root@bootstrap.infra.skyhigh.iik.ntnu.no:/etc/puppetlabs/puppet/data# cat nodes/bootstrap.infra.skyhigh.iik.ntnu.no.yaml --- classes: - 'role::bootstrap' profile::interfaces: - 'eno1' profile::puppet::altnames: - 'puppet.skyhigh.iik.ntnu.no' - 'puppetdb.skyhigh.iik.ntnu.no' profile::interfaces::eno1::method: 'static' profile::interfaces::eno1::address: '10.212.132.9' profile::interfaces::eno1::netmask: '255.255.255.0' profile::interfaces::eno1::gateway: '10.212.132.1' profile::interfaces::eno1::tableid: 1 profile::interfaces::management: 'eno1' profile::dhcp::pxe::server: "%{hiera('profile::interfaces::eno1::address')}" profile::dashboard::database::host: "%{hiera('profile::interfaces::eno1::address')}" profile::haproxy::web::profile: 'management' root@bootstrap:/etc/puppetlabs/puppet/data# grep install: common.yaml profile::munin::install: false profile::sensu::install: false
Start the installation
root@bootstrap:/etc/puppetlabs/puppet/data# systemctl restart puppetserver root@bootstrap:/etc/puppetlabs/puppet/data# puppet agent --test --server puppet.skyhigh.iik.ntnu.no --environment infrastructure
At this point puppet should be able to configure most of whats needed. Puppet will also configure the master to use shiftleader as an ENC, so it is expected that puppet would stop work after the puppet-run until we have fed the dashboard with useful information.
Access shiftleader, and add initial information
Add a line in your local hosts-file pointing your dashboard-name to the machine you just installed. Open your web-browser pointing at this name. You should get a login-page where you can attempt to log in. The login should be declined as your user does not yet have acces. Access can be granted to users like so:
root@bootstrap.infra.skyhigh.iik.ntnu.no:~# /opt/shiftleader/manage.py ldap_promote <username>
At this point you should be able to log into the dashboard. Now you need to add a couple of things trough the webinterface:
- Deploy at least one puppet environment for the dashboard to discover your roles.
- Add the bootstrap machine, using its name/mac/ip/etc
- Add DNS records for:
- Puppet
- Puppetdb
- Mysql
- The dashboard
- The dashboard api (a v4-only record to the dashboard)
- Postgres
- The loadbalancer IP
Finalizing the installation
Now your installation should work. Remove all entries added to your host-file, both on your client and on the bootstrapping machine. Verify that everything (puppet, mysql, shiftleader etc) works.