Managing OpenStack with The Foreman

OpenStack is picking up a lot of steam these days, but getting it installed can be a hassle. Lots of puppet-based installers have popped up to automate this arduous task. Using Foreman, however, administrators can not only configure and install OpenStack using puppet, but provision & add new compute nodes at their fancy.

The Foreman is a Ruby on Rails application that does configuration management with puppet and provisioning. We’ll use both of these features to make using & administering OpenStack easier. Our installer leverages PackStack, which includes great puppet modules for setting up OpenStack. Combining these to setup and manage OpenStack Grizzly is a breeze!

Requirements

  1. At least three machines running RHEL 6.4 with an active subscription to RHEL OpenStack Platform or Red Hat Cloud Infrastructure.. We recommend your OpenStack Compute & Controller nodes run on bare metal.
  2. Each machine needs to have a resolvable FQDN
  3. Each machine needs to be subscribed to a proper RHEL subscription
  4. The Foreman server should have its firewall configured to allow inbound network traffic on TCP ports 80, 443 and 8140 for Foreman and Puppet to function correctly
  5. The host running Foreman may be running selinux in Enforcing mode, but you must first install the ruby193-foreman-selinux package. Both the OpenStack controller and compute nodes can also run in enforcing mode if you install the openstack-selinux package. You must also manually set a boolean on the controller node: setsebool -P httpd_can_network_connect on

Installing Foreman

First, pick a machine to be your Foreman host. This machine will run Foreman and a puppetmaster and will manage and provision your other hosts. We’re going to install Foreman on this and add the OpenStack Puppet Classes.

First, you need to install & configure The Foreman. We wrote a simple script that will install Foreman, configure it and give you the tools needed to setup OpenStack. To get started:

sudo yum install ruby193-openstack-foreman-installer; cd /usr/share/openstack-foreman-installer/bin/

The openstack-foreman-installer package provides the QuickStack & PackStack puppet modules and a handy script to automate the Foreman installation and configuration. It will also generate a script to send to your clients for configuration.

You’ll need to provide a little information inside the script first. Edit these values where applicable. For this runthrough, we will disable Foreman baremetal provisioning. Edit bin/foreman_server.sh:

# FOREMAN_PROVISIONING determines whether configure foreman for bare
 # metal provisioning including installing dns and dhcp servers.
 if [ "x$FOREMAN_PROVISIONING" = "x" ]; then
   FOREMAN_PROVISIONING=false
 fi

 # openstack networking configs.  These must be set to something sensible.
 PRIVATE_CONTROLLER_IP=10.0.0.10
 PRIVATE_INTERFACE=eth1
 PRIVATE_NETMASK=10.0.0.0/23
 PUBLIC_CONTROLLER_IP=10.9.9.10
 PUBLIC_INTERFACE=eth2
 PUBLIC_NETMASK=10.9.9.0/24
 FOREMAN_GATEWAY=false

Run the setup script to install & configure Foreman and generate your client script (this will take a few minutes):

sudo sh ./foreman_server.sh

When the script is complete, you’ll have a running Foreman and a foreman_client.sh script. SCP this to your client nodes and run it. It will configure EPEL & the puppetlabs repo for you.

You’ll need to accept your client certificates on the Foreman host:

puppet cert list
puppet cert sign (client_fqdn)

Repeat this step for all of your clients.

Installing OpenStack

The hard part is done! Now you have some work to do inside the Foreman UI. First, log in to your Foreman instance (https://{foreman_fqdn}). The default login and password are admn/changeme; we recommend changing this if you plan on keeping this host around.

Next, you’ll need to assign the correct puppet classes to each of your hosts. Click the HOSTS link and select your host from the list. Select EDIT HOST and add the appropriate Host Group (OpenStack Controller or OpenStack Compute). When applying host groups, you can override any values (such as service passwords) in the Foreman UI. Hit save, and do run puppet on the host in question:

puppet agent -tv

Repeat for all of your nodes. Both Controller and Compute nodes take quite a while to setup. After about 10 minutes on each host, you will have a working OpenStack! Add more Compute nodes at any time with Foreman.

Share
  • Reblogged this on huffisland and commented:
    Great post

  • Enforcing_mode_is_beter

    About “The host running Foreman must be running selinux in Permissive mode”: can I assume that this is just a temporary “fix” until there’s a Foreman policy in SELinux? Has a bug been filed?

    • jsomara

      Great point – when I wrote this there was not a foreman-selinux policy available, but we’ve since released one! I’ll update the post accordingly

  • Ne

    Nice post! Was looking for something like this instead of running packstack on each node.
    One question though, should this also work with rdo repositories for demo/test purposes?
    Thanks!

    • Unfortunately the foreman installer package is not in the RDO repos yet. However, an enterprising user should be able to assemble the pieces from the various upstream repos + RDO. Check out the upstream for the foreman installer here: https://github.com/jsomara/astapor

      • Ne

        Ah, you are saying “not yet” 🙂 any plans on when it should be available in RDO? Otherwise Ill have to get enterprising 😉

  • ohadlevyOhad

    agent signup is also available via the UI, under more -> configuration -> smart proxies -> certificates

  • Reblogueó esto en Carlos Spitzery comentado:
    Do you want how to manage OpenStack nodes using one of the best frameworks ever made? Check this post to lear how… Great post coming from Red Hat Developer’s Blog:

  • Pingback: Red Hat Enterprise Linux OpenStack Platform – First Look | How to JBoss()

  • Pingback: Our Top 12 Blog Articles of 2013 | Red Hat Developer Blog()

  • Pingback: Red Hat OpenStack Platform Installer (Foreman) | Define Cloud()