From 168b11398ab5c6d4a945f78b638734779a65c13a Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 28 Jan 2013 21:50:37 +0000 Subject: [PATCH] Streamline launching new nodes. * launch/README: More clarity on Jenkins slave example, and additional levels of cut-n-pasteability on the DNS record creation example. Also switch from requiring root to expecting to be run from a normal account with sudo access and membership in the puppet group. * launch/launch-node.py: Default to assuming the certname is the same as the node FQDN, if it isn't overridden via command-line option. Change-Id: I9c987055b18e084983f2459fe01598837e1ebcc6 Reviewed-on: https://review.openstack.org/20645 Reviewed-by: Monty Taylor Reviewed-by: Clark Boylan Approved: Clark Boylan Tested-by: Jenkins --- launch/README | 54 ++++++++++++++++++++++++++----------------- launch/launch-node.py | 11 ++++++--- 2 files changed, 41 insertions(+), 24 deletions(-) diff --git a/launch/README b/launch/README index 1f957c1508..f5fe1b2546 100644 --- a/launch/README +++ b/launch/README @@ -1,29 +1,42 @@ -Note that these instructions assume commands will be run in a full -root environment:: +Note that these instructions assume you're working from this +directory on an updated local clone of the repository, and that +your account is a member of the puppet group for access to the +puppet keys:: - sudo su - + sudo adduser YOURUSER puppet + +(Remember to log out and back into your shell if you add yourself +to a group.) To launch a node in the OpenStack CI account (production servers):: + export FQDN=servername.openstack.org . ~root/ci-launch/openstackci-rs-nova.sh + sudo puppet cert generate $FQDN + ./launch-node.py $FQDN To launch a node in the OpenStack Jenkins account (slave nodes):: + export FQDN=slavename.slave.openstack.org + export CERT=slavetype.slave.openstack.org + export IMAGE='Ubuntu 12.10 (Quantal Quetzal)' + export RAM=2048 . ~root/ci-launch/openstackjenkins-rs-nova.sh - -Then:: - - puppet cert generate servername.openstack.org - ./launch-node.py servername.openstack.org --cert servername.openstack.org.pem + sudo puppet cert generate $CERT + ./launch-node.py $FQDN --cert $CERT.pem --image "$IMAGE" --ram $RAM If you are launching a replacement server, you may skip the generate step and specify the name of an existing puppet cert (as long as the private key is on this host). -The server name and cert names may be different. +The server name and cert names may be different (as in the Jenkins +slave example), but launch-node.py will assume they are the same +unless specified. Manually add the hostname to DNS (the launch script does not do so -automatically). +automatically). Note that this example assumes you've already +exported a relevant FQDN and sourced the appropriate API credentials +above. DNS === @@ -37,17 +50,16 @@ URL should be satisfied by sourcing the "openstackci-rs-nova.sh" script (or jenkins, as appropriate). . ~root/rackdns-venv/bin/activate - . ~root/ci-launch/openstackci-rs-nova.sh - export SERVERNAME=server - nova list | grep "| $SERVERNAME\.openstack\.org " - export IPV6ADDR=dead:beef::cafe - export IPV4ADDR=123.45.67.89 - export UUID=fedcba98-7654-3210-0123-456789abcdef + TEMPFILE=$(tempfile) + nova list | grep "| $FQDN " | sed 's/^| \([0-9a-f-]\+\) .* public=\([0-9a-f:]\+\), \([0-9\.]\+\);.*/export UUID="\1"\nexport IPV6="\2"\nexport IPV4="\3"/' > $TEMPFILE + cat $TEMPFILE + . $TEMPFILE + rm $TEMPFILE - rackdns rdns-create --name $SERVERNAME.openstack.org --data $IPV6ADDR --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/$UUID --ttl 300 - rackdns rdns-create --name $SERVERNAME.openstack.org --data $IPV4ADDR --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/$UUID --ttl 300 + rackdns rdns-create --name $FQDN --data "$IPV6" --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/"$UUID" --ttl 300 + rackdns rdns-create --name $FQDN --data "$IPV4" --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/"$UUID" --ttl 300 - . openstack-rs-nova.sh - rackdns record-create --name $SERVERNAME.openstack.org --type AAAA --data $IPV6ADDR --ttl 300 openstack.org - rackdns record-create --name $SERVERNAME.openstack.org --type A --data $IPV4ADDR --ttl 300 openstack.org + . ~root/ci-launch/openstack-rs-nova.sh + rackdns record-create --name $FQDN --type AAAA --data "$IPV6" --ttl 300 openstack.org + rackdns record-create --name $FQDN --type A --data "$IPV4" --ttl 300 openstack.org diff --git a/launch/launch-node.py b/launch/launch-node.py index 4f8d07a0e6..14106253e0 100755 --- a/launch/launch-node.py +++ b/launch/launch-node.py @@ -151,15 +151,20 @@ def main(): parser.add_argument("--environment", dest="environment", default="production", help="puppet environment name") - parser.add_argument("--cert", dest="cert", required=True, + parser.add_argument("--cert", dest="cert", help="name of signed puppet certificate file (e.g., " "hostname.example.com.pem)") options = parser.parse_args() client = get_client() + if options.cert: + cert = options.cert + else: + cert = options.name + ".pem" + if not os.path.exists(os.path.join("/var/lib/puppet/ssl/private_keys", - options.cert)): + cert)): raise Exception("Please specify the name of a signed puppet cert.") flavors = [f for f in client.flavors.list() if f.ram >= options.ram] @@ -187,7 +192,7 @@ def main(): image = images[0] print "Found image", image - build_server(client, options.name, image, flavor, options.cert, options.environment) + build_server(client, options.name, image, flavor, cert, options.environment) if __name__ == '__main__': main()