Friday, April 22, 2016

Chrome Advanced REST Client && Creating Servers via REST API on RDO Mitaka

In posting bellow we are going to demonstrate Chrome Advanced REST Client
successfully issuing REST API POST requests for creating RDO Mitaka Servers (VMs) as well as getting information about servers via GET requests.
All required HTTP Headers are configured in GUI environment as well as
body request field for servers creation.

Version of keystone API installed v2.0

Following [ 1 ] to authenticate access to OpenStack Services, you are supposed first of all to issue an authentication request to get authentication token. If the request succeeds, the server returns an authentication token.

Source keystonerc_demo on Controller or on Compute node. It doesn't
matter. Then run this cURL command to request a token:

 curl -s -X POST http://192.169.142.54:5000/v2.0/tokens \
  -H "Content-Type: application/json" \
  -d '{"auth": {"tenantName": "'"$OS_TENANT_NAME"'", "passwordCredentials": {"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' \
  | python -m json.tool

to get authentication token and scroll down to the bottom :-

        "token": {
            "audit_ids": [
                "ce1JojlRSiO6TmMTDW3QNQ"
            ],
            "expires": "2016-04-21T18:26:28Z",
            "id": "0cfb3ec7a10c4f549a3dc138cf8a270a", <== X-Auth-Token
            "issued_at": "2016-04-21T17:26:28.246724Z",
            "tenant": {
                "description": "default tenant",
                "enabled": true,
                "id": "1578b57cfd8d43278098c5266f64e49f", <== Demo tenant's id
                "name": "demo"
            }
        },
        "user": {
            "id": "8e1e992eee474c3ab7a08ffde678e35b",
            "name": "demo",
            "roles": [
                {
                    "name": "heat_stack_owner"
                },
                {
                    "name": "_member_"
                }
            ],
            "roles_links": [],
            "username": "demo"
        }
    }
}

*****************************************************************************************************
Original request to obtain token might be issued via Chrome Advanced REST Client as well
*****************************************************************************************************



Scrolling down shows up token been returned and demo's tenant id



Required output

{
"access": 
{
"token": 
{
"issued_at": "2016-04-21T21:56:52.668252Z"
"expires": "2016-04-21T22:56:52Z"
"id": "dd119ea14e97416b834ca72aab7f8b5a"
"tenant": 
{
"description": "default tenant"
"enabled": true
"id": "1578b57cfd8d43278098c5266f64e49f"
"name": "demo"
}

*****************************************************************************
Next create ssh-keypair via CLI or dashboard for particular tenant :-
*****************************************************************************
nova keypair-add oskeymitaka0417 > oskeymitaka0417.pem
chmod 600 *.pem

******************************************************************************************************
Following bellow is a couple of samples REST API POST requests starting servers as they are usually described and issued ( [ 2 ] )
******************************************************************************************************

curl -g -i -X POST http://192.169.142.54:8774/v2/1578b57cfd8d43278098c5266f64e49f/servers -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 0cfb3ec7a10c4f549a3dc138cf8a270a" -d '{"server": {"name": "CirrOSDevs03", "key_name" : "oskeymitaka0417", "imageRef": "2e148cd0-7dac-49a7-8a79-2efddbd83852", "flavorRef": "1", "max_count": 1, "min_count": 1, "networks": [{"uuid": "e7c90970-c304-4f51-9d65-4be42318487c"}], "security_groups": [{"name": "default"}]}}'

curl -g -i -X POST http://192.169.142. 54:8774/v2/1578b57cfd8d43278098c5266f64e49f/servers -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 0cfb3ec7a10c4f549a3dc138cf8a270a" -d '{"server": {"name": "VF23Devs03", "key_name" : "oskeymitaka0417", "imageRef": "5b00b1a8-30d1-4e9d-bf7d-5f1abed5173b", "flavorRef": "2", "max_count": 1, "min_count": 1, "networks": [{"uuid": "e7c90970-c304-4f51-9d65-4be42318487c"}], "security_groups": [{"name": "default"}]}}'


**********************************************************************************
We are going to initiate REST API POST requests creating servers been
issued  via Chrome Advanced REST Client
**********************************************************************************

[root@ip-192-169-142-54 ~(keystone_demo)]# glance image-list
+--------------------------------------+-----------------------+
| ID                                   | Name                  |
+--------------------------------------+-----------------------+
| 28b590fa-05c8-4706-893a-54efc4ca8cd6 | cirros                |
| 9c78c3da-b25b-4b26-9d24-514185e99c00 | Ubuntu1510Cloud-image |
| a050a122-a1dc-40d0-883f-25617e452d90 | VF23Cloud-image       |
+--------------------------------------+-----------------------+

[root@ip-192-169-142-54 ~(keystone_demo)]# neutron net-list
+--------------------------------------+--------------+----------------------------------------+
| id                                   | name         | subnets                                |
+--------------------------------------+--------------+----------------------------------------+
| 43daa7c3-4e04-4661-8e78-6634b06d63f3 | public       | 71e0197b-fe9a-4643-b25f-65424d169492   |
|                                      |              | 192.169.142.0/24                       |
| 292a2f21-70af-48ef-b100-c0639a8ffb22 | demo_network | d7aa6f0f-33ba-430d-a409-bd673bed7060   |
|                                      |              | 50.0.0.0/24                            |
+--------------------------------------+--------------+----------------------------------------+

First required Headers were created in corresponding fields and
following fragment was placed in Raw Payload area of Chrome Client

{"server":
 {"name": "VF23Devs03",
  "key_name" : "oskeymitaka0420",
  "imageRef" : "a050a122-a1dc-40d0-883f-25617e452d90",
  "flavorRef": "2",
  "max_count": 1,
  "min_count": 1,
  "networks": [{"uuid": "292a2f21-70af-48ef-b100-c0639a8ffb22"}],
  "security_groups": [{"name": "default"}]
  }
}

Now create a couple of servers Fedora23 and Ubuntu 15.10 via Chrome Advanced REST Client GUI interface




***************************************************************************************
Re-launch Chrome REST Client again for servers verification via GET request
***************************************************************************************

 

Just in case run `nova list`


Posted by at 1 comment:

Saturday, April 2, 2016

Setup Docker Hypervisor on Multi Node DVR Cluster RDO Mitaka

UPDATE 04/03/2016
  In meantime  use  repositories for RC1, rather then Delorean trunks
END UPDATE

DVR && Nova-Docker Driver (stable/mitaka) tested fine on RDO Mitaka build 20160329) with no issues described in previous notice for RDO Liberty
So, create DVR deployment with Contrpoller/Network + N(*)Compute Nodes. Switch to Docker Hypervisor on each Compute Node and make requiered updates to glance and filters file on Controller. You are all set. Nova-Dockers instances FIP(s) are available from outside via Neutron Distributed Router (DNAT) using "fg" interface ( fip-namespace ) residing on same host as Docker Hypervisor. South-North traffic is not related with VXLAN tunneling on DVR systems.

Why DVR come into concern ?

  Refreshing in memory similar problem with Nova-Docker Driver (Kilo)
with which I had same kind of problems (VXLAN connection Controller <==> Compute) on F22 (OVS 2.4.0) when the same driver worked fine on CentOS 7.1 (OVS 2.3.1). I just guess that Nova-Docker driver has a problem with OVS 2.4.0  no matter of stable/kilo, stable/liberty, stable/mitaka branches been checked out for driver build.

I have to notice that issue is related specifically with ML2&OVS&VXLAN setup, RDO Mitaka deployment ML2&OVS&VLAN  works with Nova-Docker (stable/mitaka) with no problems. However, VXLAN tunneling is pretty much common on RDO deployments.

Thus as quick and efficient workaround I suggest DVR deployment setup,
to kill two birds with one stone. It will result South-North traffic
to be forwarded right away from host running Docker Hypervisor to Internet
and vice/versa due to basic "fg" functionality (outgoing interface of
fip-namespace,residing on Compute node having L3 agent running in "dvr"
agent_mode).


**************************
Procedure in details
**************************
First install repositories for RDO Mitaka (the most recent build passed CI):-

# yum -y install yum-plugin-priorities
# cd /etc/yum.repos.d
# curl -O https://trunk.rdoproject.org/centos7-mitaka/delorean-deps.repo
# curl -O https://trunk.rdoproject.org/centos7-mitaka/current-passed-ci/delorean.repo
# yum -y install openstack-packstack (Controller only)

Now proceed as follows :-

1. Here is   Answer file to deploy pre DVR Cluster
2. Convert cluster to DVR as advised in  "RDO Liberty DVR Neutron workflow on CentOS 7.2"  :-
http://dbaxps.blogspot.com/2015/10/rdo-liberty-rc-dvr-deployment.html

Just one notice on RDO Mitaka on each compute node, first create br-ex and add port eth0

# ovs-vsctl add-br br-ex
# ovs-vsctl add-port br-ex eth0

 Then configure

*********************************
Compute nodes X=(3,4)
*********************************
# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="192.169.142.1(X)7"
NETMASK="255.255.255.0"
DNS1="83.221.202.254"
BROADCAST="192.169.142.255"
GATEWAY="192.169.142.1"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"

# cat ifcfg-eth0
DEVICE="eth0"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no
***************************
Then run script
***************************
#!/bin/bash -x
chkconfig network on
systemctl stop NetworkManager
systemctl disable NetworkManager
service network restart

Reboot node.

**********************************************
Nova-Docker Setup on each Compute
**********************************************
# curl -sSL https://get.docker.com/ | sh
# usermod -aG docker nova      ( seems not help to set 660 for docker.sock )
# systemctl start docker
# systemctl enable docker
# chmod 666  /var/run/docker.sock (add to /etc/rc.d/rc.local)
# easy_install pip
# git clone -b stable/mitaka   https://github.com/openstack/nova-docker

*******************
Driver build
*******************
# cd nova-docker
# pip install -r requirements.txt
# python setup.py install

********************************************
Switch nova-compute to DockerDriver
********************************************
vi /etc/nova/nova.conf
compute_driver=novadocker.virt.docker.DockerDriver


******************************************************************
Next on Controller/Network Node and each Compute Node
******************************************************************

mkdir /etc/nova/rootwrap.d
vi /etc/nova/rootwrap.d/docker.filters
[Filters]
# nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*'
ln: CommandFilter, /bin/ln, root

**********************************************************
Nova Compute Service restart on Compute Nodes
**********************************************************
# systemctl restart openstack-nova-compute

***********************************************
Glance API Service restart on Controller
**********************************************
vi /etc/glance/glance-api.conf
container_formats=ami,ari,aki,bare,ovf,ova,docker
# systemctl restart openstack-glance-api
  
****************************************
Status on Controller/Network
****************************************

[root@ip-192-169-142-127 ~(keystone_admin)]# nova-manage version
13.0.0-0.2.0rc3.el7

[root@ip-192-169-142-127 ~(keystone_admin)]# ip netns
snat-1c7ae3d0-3783-491b-b1da-a17d118cb145
qrouter-1c7ae3d0-3783-491b-b1da-a17d118cb145
qdhcp-11e9f7f5-d1a0-407e-9124-a3d26068f372

[root@ip-192-169-142-127 ~(keystone_admin)]# neutron router-show RouterDSA
+-------------------------+---------------------------------------------------------------------+
| Field                   | Value                                                               |
+-------------------------+---------------------------------------------------------------------+
| admin_state_up          | True                                                                |
| availability_zone_hints |                                                                     |
| availability_zones      | nova                                                                |
| description             |                                                                     |
| distributed             | True                                                                |
| external_gateway_info   | {"network_id": "9f869fe1-e15d-40a4-b4fc-df89f3e39490",              |
|                         | "enable_snat": true, "external_fixed_ips": [{"subnet_id":           |
|                         | "1b04cc74-838f-4410-96c7-db21fef88ed1", "ip_address":               |
|                         | "192.169.142.150"}]}                                                |
| ha                      | False                                                               |
| id                      | 1c7ae3d0-3783-491b-b1da-a17d118cb145                                |
| name                    | RouterDSA                                                           |
| routes                  |                                                                     |
| status                  | ACTIVE                                                              |
| tenant_id               | edf899e41b4546689a9678db4c8e7567                                    |
+-------------------------+---------------------------------------------------------------------+

[root@ip-192-169-142-127 ~(keystone_admin)]# neutron l3-agent-list-hosting-router RouterDSA
+-----------------------------+-----------------------------+----------------+-------+----------+
| id                          | host                        | admin_state_up | alive | ha_state |
+-----------------------------+-----------------------------+----------------+-------+----------+
| 390b4dd0-e1b9-4446-877c-    | ip-192-169-142-127.ip.secur | True      | :-)   |
| e7ed0123fb73                        | eserver.net                          |                |      |      
+-----------------------------+-----------------------------+----------------+-------+----------+




  


   
Posted by at 2 comments:
Subscribe to: Posts (Atom)