Puppet OpenStack

<3 Fest
by Dan Bode
bodepd <at > [freenode.net, twitter, github]

OpenStack?

What is OpenStack?
Open source project
Self service API for your infrastructure

OpenStack Components

Compute (Nova)
Image (Glance)
Identity (Keystone)
Dashboard (Horizon)
Object Store (Swift)

Nova
OpenStack Compute
Schedules allocation of compute resources.
Scheduler

Nova API

RabbitMQ

Volumes
Volumes

Compute
Compute
Compute

Network

Nova
Supports management of VM instances, volumes, and
networks

Scheduler
list instance
create instance
terminate instance

Nova API

RabbitMQ

Volumes
Volumes

Compute
Compute
Compute

create network
create volume
attach volume

Network

Glance
Storage service for Virtual machine images

Swift
Store
Glance
API
Glance
Registry

FileSystem

Glance
Storage service for Virtual machine images

Swift
AMI

Store
Retrieve

AMI

Store
Glance
API
Glance
Registry

FileSystem

Keystone
Manages authentication/authorization

Tenant
User

Authenticate
Role
Keystone API
Token

Service
Endpoint

Horizon
Provides a dashboard for the OpenStack components.

Why Integrate?

OpenStack is hard to build reliably, repeatedly

OpenStack is hard

OpenStack makes it easier to automate the management

of compute resources

Puppet
OpenStack

Your Business
Configuration Management
Self Service API
Hardware

Puppet can be used to codify best practices for OpenStack

OpenStackios
Now with best practices by:
CERN,
Enovance,
Cisco
Redhat,
Cybera

Building
OpenStack
Modules

Part One:
Creating a community
Because youre the experts

The first step towards starting an open

source community is to write some
code

Create classes that wrap all of the

OpenStack components

Class[keystone]
Package[keystone]
Interface
- bind_host
- public_port
- admin_port
- admin_token
- compute_port

Group[keystone]

User[keystone]
File[/etc/keystone/keystone.conf]
Service[keystone]

All of them:

nova
swift
glance
keystone
horizon
openstack

rabbitmq
mysql
memcache
apt
concat
ntp
rsync
stdlib
xinetd

Create Higher level role classes

Class
[openstack::controller]
mysql::server

rabbit::queue
glance::api

keystone

nova::api

Class
[openstack::compute]
nova::compute::libvirt

nova::network::flatdhcp

glance::registry
nova::volume::iscsi

memcached

nova::scheduler
horizon

Design with community in mind

Base everything on small reusable

components
repos:
repo_paths:
# openstack git repos
git://github.com/puppetlabs/puppetlabs-nova:
git://github.com/puppetlabs/puppetlabs-glance:
git://github.com/puppetlabs/puppetlabs-swift:
git://github.com/puppetlabs/puppetlabs-keystone:
git://github.com/puppetlabs/puppetlabs-horizon:
# openstack middleware
git://github.com/puppetlabs/puppetlabs-rabbitmq:
git://github.com/puppetlabs/puppetlabs-mysql:
git://github.com/puppetlabs/puppetlabs-git:
git://github.com/puppetlabs/puppetlabs-vcsrepo:
git://github.com/saz/puppet-memcached:
git://github.com/puppetlabs/puppetlabs-rsync:
# other deps
git://github.com/ghoneycutt/puppet-xinetd:
git://github.com/saz/puppet-ssh:
git://github.com/puppetlabs/puppetlabs-stdlib:
git://github.com/puppetlabs/puppetlabs-apt:
git://github.com/ripienaar/puppet-concat:
git://github.com/duritong/puppet-sysctl.git:

nova
glance
swift
keystone
horizon
rabbitmq
mysql
git
vcsrepo
memcached
rsync
xinetd
ssh
stdlib
apt
concat
sysctl

Make them flexible

class nova(
$nova_cluster_id='localcluster',
$sql_connection = false,
$image_service = 'nova.image.glance.GlanceImageService',
$glance_api_servers = 'localhost:9292',
$rabbit_host = 'localhost',
$rabbit_password='guest',
$rabbit_port='5672',
$rabbit_userid='guest',
$rabbit_virtual_host='/',
$auth_strategy = 'keystone',
$service_down_time = 60,
$logdir = '/var/log/nova',
$state_path = '/var/lib/nova',
$lock_path = $::nova::params::lock_path,
$verbose = false,
$periodic_interval = '60',
$report_interval = '10',
$root_helper = $::nova::params::root_helper
)
{...}

Make it obvious where extensions go

glance
|-- manifests
| |-- db
| | |-- mysql.pp
| | `--postgresql.pp
| |-- backend
| | |-- file.pp
| | `-- swift.pp

Make it obvious how to add additional

platforms
class nova::params {
case $::osfamily {
'RedHat': {
# package names
$api_package_name
$cert_package_name
$common_package_name
$compute_package_name
...
}
'Debian': {
# package names
$api_package_name
$cert_package_name
$common_package_name
$compute_package_name
...

=
=
=
=

false
false
'openstack-nova'
false

=
=
=
=

'nova-api'
'nova-cert'
'nova-common'
'nova-compute'

Fear the Fork!

Git those forkers!

300+ merged pull requests

Whoa, we need tests

Rspec Puppet
Data

Puppet
Facts

Model

Emulate Facter
let :facts do
{:operatingsystem => RedHat}
end

Data

Puppet
Facts

Model

Specify Data
Data

let :params do
{:rabbit_host => 10.0.0.42}
end

Puppet
Facts

Model

Inspect catalog

it do
should contain_file (/etc/nova.conf).\
with_content (rabbit_host = 10.0.0.42)
end

Data

Puppet
Facts

Model

Automated unit tests

Integration Tests
GitHub
Tempest
Jenkins
Puppet

Next Steps
Start connecting the community
get more collaboration on the mailing list
grant community members merge rights
Single set of preferred community modules for
monitoring
HA

Part 2: Bare Metal

Gotta hit bare metal at some

point

Razor
automatically boots a machine in a micro-OS with

facter running
Machines are automatically discovered and turned
into an inventory service that can be
programmatically installed.

Moving towards Reference

Architectures

You Business, Automated

Puppet
OpenStack
Razor/Puppet/Facter
Hardware

Resources:

http://puppetlabs.com/blog/module-of-the-week-puppetlabs-openstack/
http://forge.puppetlabs.com/puppetlabs/openstack
https://github.com/puppetlabs/puppetlabs-openstack