docs(openstack): fix instructions

paulczar · carmstrong · commit 0351b993bdde · 2014-12-20T12:46:03.000-08:00
The openstack instructions were a mix of new/old commands and
wouldn't work on a lot of openstack installs.

These documentation and changes to the provisioning script should
allow for more variation in openstack installs.

This has been tested as working against both a Havana and Juno release
of Openstack.
diff --git a/contrib/openstack/README.md b/contrib/openstack/README.md
@@ -8,24 +8,32 @@ We greatly appreciate the help!
 Make sure that the following utilities are installed and in your execution path:
 - nova
 - neutron
+- glance
 
-### Configure nova
+### Install Deis CLI tools
+
+```console
+$ sudo pip install deis
+$ curl -sSL http://deis.io/deisctl/install.sh | sh -s 1.0.1
+$ mv deisctl /usr/local/bin
+$ chmod +x /usr/local/bin/deisctl
+```
+
+### Configure openstack
 Create an `openrc.sh` file to match the following:
 ```
-[production]
-OS_AUTH_URL = {openstack_auth_url}
-OS_USERNAME = {openstack_username}
-OS_PASSWORD = {openstack_api_key}
-OS_TENANT_ID = {openstack_tenant_id}
-OS_TENANT_NAME = {openstack_tenant_name}
+export OS_AUTH_URL={openstack_auth_url}
+export OS_USERNAME={openstack_username}
+export OS_PASSWORD={openstack_password}
+export OS_TENANT_NAME={openstack_tenant_name}
 ```
 
 (Alternatively, download OpenStack RC file from Horizon/Access & Security/API Access.)
 
 Source your nova credentials:
 
 ```console
-# source openrc.sh
+$ source openrc.sh
 ```
 
 ### Set up your keys
@@ -35,6 +43,20 @@ Choose an existing keypair or upload a new public key, if desired.
 $ nova keypair-add --pub-key ~/.ssh/deis.pub deis-key
 ```
 
+### Upload a coreos image to Glance
+
+You need to have a relatively recent CoreOS image.  If you don't have one and your Openstack install allows you to upload your own images you can do the following:
+
+```console
+$ wget http://alpha.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2
+$ bunzip2 coreos_production_openstack_image.img.bz2
+$ glance image-create --name coreos \
+  --container-format bare \
+  --disk-format qcow2 \
+  --file coreos_production_openstack_image.img \
+  --is-public True
+```
+
 ### Customize user-data
 
 Create a user-data file with a new discovery URL this way:
@@ -45,10 +67,11 @@ $ make discovery-url
 
 Or copy [`contrib/coreos/user-data.example`](../coreos/user-data.example) to `contrib/coreos/user-data` and follow the directions in the `etcd:` section to add a unique discovery URL.
 
-### Choose number of instances
-By default, the provision script will provision 3 servers. You can override this by setting `DEIS_NUM_INSTANCES`:
+### Choose number of instances and routers
+
 ```console
-$ DEIS_NUM_INSTANCES=5 ./provision-openstack-cluster.sh deis-key
+$ export DEIS_NUM_INSTANCES=3
+$ export DEIS_NUM_ROUTERS=1
 ```
 
 Note that for scheduling to work properly, clusters must consist of at least 3 nodes and always have an odd number of members.
@@ -60,6 +83,7 @@ Deis clusters of less than 3 nodes are unsupported.
 The script creates a private network called 'deis' if no such network exists.
 
 By default, the deis subnet IP range is set to 10.21.12.0/24. To override it and the default DNS settings, set the following variables:
+
 ```console
 $ export DEIS_CIDR=10.21.12.0/24
 $ export DEIS_DNS=10.21.12.3,8.8.8.8
@@ -68,6 +92,9 @@ $ export DEIS_DNS=10.21.12.3,8.8.8.8
 **_Please note that this script does not handle floating IPs or routers. These should be provisioned manually either by Horizon or CLI_**
 
 ### Run the provision script
+
+If you have a fairly straight forward openstack install you should be able to use the provisioning script provided.   This script assumes you are using neutron and have security-groups enabled.
+
 Run the [Openstack provision script](provision-openstack-cluster.sh) to spawn a new CoreOS cluster.
 You'll need to provide the name of the CoreOS image name (or ID), and the key pair you just added. Optionally, you can also specify a flavor name.
 ```console
@@ -77,35 +104,43 @@ Usage: provision-openstack-cluster.sh <coreos image name/id> <key pair name> [fl
 $ ./provision-openstack-cluster.sh coreos deis-key
 ```
 
-### Choose number of routers
-By default, the Makefile will provision 1 router. You can override this by setting `DEIS_NUM_ROUTERS`:
-```console
-$ export DEIS_NUM_ROUTERS=2
+You can override the name of the internal network to use by setting the environment variable `DEIS_NETWORK=internal`.  If this doesn't exist the script will try to create it with the default CIDR which requires your openstack cluster to support tenant vlans.
+
+You can also override the name of the security group to attach to the instances by setting `DEIS_SECGROUP=deis_test`.  If this doesn't exist the script will attempt to create it.  If you are creating your own security groups you can use the provision script as a guide.  Make sure that you have a rule to enable full communication inside the security group, or you will have a bad day.
+
+### Manually start the instances
+
+### Finish of your openstack configuration by setting up floating IPs.
+
+You will want to attach a floating ip to at least one of your instances.  You'll do that like this:
+
+```
+$ nova floating-ip-create <pool>
+$  nova floating-ip-associate deis-1 <IP provided by above command>
 ```
 
-## Configure Deis
-Set the default domain used to anchor your applications:
+### Initialize the cluster
+Once the cluster is up:
+* **If required, allocate and associate floating IPs to any or all of your hosts**
+* Get the IP address of any of the machines from Openstack
+* Set the default domain used to anchor your applications:
 
 ```console
 $ deisctl config platform set domain=mycluster.local
 ```
 
-For this to work, you'll need to configure DNS records so you can access applications hosted on Deis. See [Configuring DNS](http://docs.deis.io/en/latest/managing_deis/configure-dns/#dns-records) for details.
+** For this to work, you'll need to configure DNS records so you can access applications hosted on Deis. See [Configuring DNS](http://docs.deis.io/en/latest/managing_deis/configure-dns/#dns-records) for details.
 
-If you want to allow `deis run` for one-off admin commands, you must provide an SSH private key that allows Deis to gather container logs on CoreOS hosts:
+* If you want to allow `deis run` for one-off admin commands, you must provide an SSH private key that allows Deis to gather container logs on CoreOS hosts:
 
 ```console
 $ deisctl config platform set sshPrivateKey=<path-to-private-key>
 ```
 
-### Initialize the cluster
-Once the cluster is up:
-* **If required, allocate and associate floating IPs to any or all of your hosts**
-* Get the IP address of any of the machines from Openstack
-* set DEISCTL_TUNNEL and install the platform:
+* set DEISCTL_TUNNEL to one of your floating IPs and install the platform:
 
 ```console
-$ export DEISCTL_TUNNEL=23.253.219.94
+$ export DEISCTL_TUNNEL=<Floating IP>
 $ deisctl install platform && deisctl start platform
 ```
 
diff --git a/contrib/openstack/provision-openstack-cluster.sh b/contrib/openstack/provision-openstack-cluster.sh
@@ -5,11 +5,14 @@
 # Supported environment variables:
 #    DEIS_DNS: Comma separated list of names servers for use in the deis private network (default: none)
 #    DEIS_NUM_INSTANCES: Number of instances to create (default: 3)
+#    DEIS_NETWORK: name of neutron network to use.
 
 set -e
 
 THIS_DIR=$(cd $(dirname $0); pwd) # absolute path
 CONTRIB_DIR=$(dirname $THIS_DIR)
+DEIS_NETWORK=${DEIS_NETWORK:-deis}
+DEIS_SECGROUP=${DEIS_SECGROUP:-deis}
 
 source $CONTRIB_DIR/utils.sh
 
@@ -41,18 +44,25 @@ if [ -z "$OS_AUTH_URL" ]; then
   exit 1
 fi
 
-if ! nova network-list|grep -q deis &>/dev/null; then
+if neutron net-list|grep -q $DEIS_NETWORK &>/dev/null; then
+  NETWORK_ID=$(neutron net-list | grep internal | awk -F'| ' '{print $2}')
+else
   echo_yellow "Creating deis private network..."
   CIDR=${DEIS_CIDR:-10.21.12.0/24}
   SUBNET_OPTIONS=""
   [ ! -z "$DEIS_DNS" ] && SUBNET_OPTIONS=$(echo $DEIS_DNS|awk -F "," '{for (i=1; i<=NF; i++) printf "--dns-nameserver %s ", $i}')
-  NETWORK_ID=$(neutron net-create deis | awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
+  NETWORK_ID=$(neutron net-create $DEIS_NETWORK | awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
   echo "DBG: SUBNET_OPTIONS=$SUBNET_OPTIONS"
-  SUBNET_ID=$(neutron subnet-create --name deis_subnet $SUBNET_OPTIONS deis $CIDR| awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
-else
-  NETWORK_ID=$(neutron net-list | awk '{printf "%s", ($4 == "deis" ? $2 : "")}')
+  SUBNET_ID=$(neutron subnet-create --name deis_subnet $SUBNET_OPTIONS $NETWORK_ID $CIDR| awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
 fi
 
+if ! neutron security-group-list | grep -q $DEIS_SECGROUP &>/dev/null; then
+  neutron security-group-create $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol tcp --remote-ip-prefix 0/0 --port-range-min 22 --port-range-max 22 $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol tcp --remote-ip-prefix 0/0 --port-range-min 2222 --port-range-max 22222 $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol tcp --remote-ip-prefix 0/0 --port-range-min 80 --port-range-max 80 $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol icmp --remote-ip-prefix 0/0 $DEIS_SECGROUP
+fi
 
 if [ -z "$DEIS_NUM_INSTANCES" ]; then
     DEIS_NUM_INSTANCES=3
@@ -63,7 +73,9 @@ $CONTRIB_DIR/util/check-user-data.sh
 
 i=1 ; while [[ $i -le $DEIS_NUM_INSTANCES ]] ; do \
     echo_yellow "Provisioning deis-$i..."
-    nova boot --image $COREOS_IMAGE --flavor $FLAVOR --key-name $KEYPAIR --user-data ../coreos/user-data --nic net-id=$NETWORK_ID deis-$i ; \
+    nova boot --image $COREOS_IMAGE --flavor $FLAVOR --key-name $KEYPAIR  \
+      --security-groups $DEIS_SECGROUP --user-data ../coreos/user-data \
+      --nic net-id=$NETWORK_ID deis-$i ; \
     ((i = i + 1)) ; \
 done
 
