Merge pull request #2783 from carmstrong/pr-2604

carmstrong · carmstrong · commit a71a618d243a · 2014-12-20T13:37:45.000-08:00
OpenStack: fix instructions and move to docs site
diff --git a/contrib/openstack/README.md b/contrib/openstack/README.md
@@ -1,126 +1,3 @@
 # Provision a Deis Cluster on OpenStack
 
-**NOTE**
-OpenStack support for Deis was contributed by @shakim. OpenStack support is untested by the Deis team, so we rely on the community to improve these scripts and to fix bugs.
-We greatly appreciate the help!
-
-### Prerequisites:
-Make sure that the following utilities are installed and in your execution path:
-- nova
-- neutron
-
-### Configure nova
-Create an `openrc.sh` file to match the following:
-```
-[production]
-OS_AUTH_URL = {openstack_auth_url}
-OS_USERNAME = {openstack_username}
-OS_PASSWORD = {openstack_api_key}
-OS_TENANT_ID = {openstack_tenant_id}
-OS_TENANT_NAME = {openstack_tenant_name}
-```
-
-(Alternatively, download OpenStack RC file from Horizon/Access & Security/API Access.)
-
-Source your nova credentials:
-
-```console
-# source openrc.sh
-```
-
-### Set up your keys
-Choose an existing keypair or upload a new public key, if desired.
-
-```console
-$ nova keypair-add --pub-key ~/.ssh/deis.pub deis-key
-```
-
-### Customize user-data
-
-Create a user-data file with a new discovery URL this way:
-
-```console
-$ make discovery-url
-```
-
-Or copy [`contrib/coreos/user-data.example`](../coreos/user-data.example) to `contrib/coreos/user-data` and follow the directions in the `etcd:` section to add a unique discovery URL.
-
-### Choose number of instances
-By default, the provision script will provision 3 servers. You can override this by setting `DEIS_NUM_INSTANCES`:
-```console
-$ DEIS_NUM_INSTANCES=5 ./provision-openstack-cluster.sh deis-key
-```
-
-Note that for scheduling to work properly, clusters must consist of at least 3 nodes and always have an odd number of members.
-For more information, see [optimal etcd cluster size](https://github.com/coreos/etcd/blob/master/Documentation/optimal-cluster-size.md).
-
-Deis clusters of less than 3 nodes are unsupported.
-
-### Deis network settings
-The script creates a private network called 'deis' if no such network exists.
-
-By default, the deis subnet IP range is set to 10.21.12.0/24. To override it and the default DNS settings, set the following variables:
-```console
-$ export DEIS_CIDR=10.21.12.0/24
-$ export DEIS_DNS=10.21.12.3,8.8.8.8
-```
-
-**_Please note that this script does not handle floating IPs or routers. These should be provisioned manually either by Horizon or CLI_**
-
-### Run the provision script
-Run the [Openstack provision script](provision-openstack-cluster.sh) to spawn a new CoreOS cluster.
-You'll need to provide the name of the CoreOS image name (or ID), and the key pair you just added. Optionally, you can also specify a flavor name.
-```console
-$ cd contrib/openstack
-$ ./provision-openstack-cluster.sh
-Usage: provision-openstack-cluster.sh <coreos image name/id> <key pair name> [flavor]
-$ ./provision-openstack-cluster.sh coreos deis-key
-```
-
-### Choose number of routers
-By default, the Makefile will provision 1 router. You can override this by setting `DEIS_NUM_ROUTERS`:
-```console
-$ export DEIS_NUM_ROUTERS=2
-```
-
-## Configure Deis
-Set the default domain used to anchor your applications:
-
-```console
-$ deisctl config platform set domain=mycluster.local
-```
-
-For this to work, you'll need to configure DNS records so you can access applications hosted on Deis. See [Configuring DNS](http://docs.deis.io/en/latest/managing_deis/configure-dns/#dns-records) for details.
-
-If you want to allow `deis run` for one-off admin commands, you must provide an SSH private key that allows Deis to gather container logs on CoreOS hosts:
-
-```console
-$ deisctl config platform set sshPrivateKey=<path-to-private-key>
-```
-
-### Initialize the cluster
-Once the cluster is up:
-* **If required, allocate and associate floating IPs to any or all of your hosts**
-* Get the IP address of any of the machines from Openstack
-* set DEISCTL_TUNNEL and install the platform:
-
-```console
-$ export DEISCTL_TUNNEL=23.253.219.94
-$ deisctl install platform && deisctl start platform
-```
-
-The installer will deploy Deis and make sure the services start properly.
-
-### Use Deis!
-After that, register with Deis!
-```console
-$ deis register http://deis.example.org
-username: deis
-password:
-password (confirm):
-email: info@opdemand.com
-```
-
-## Hack on Deis
-
-See [Hacking on Deis](http://docs.deis.io/en/latest/contributing/hacking/).
+Please refer to the instructions at http://docs.deis.io/en/latest/installing_deis/openstack/.
diff --git a/contrib/openstack/provision-openstack-cluster.sh b/contrib/openstack/provision-openstack-cluster.sh
@@ -5,11 +5,14 @@
 # Supported environment variables:
 #    DEIS_DNS: Comma separated list of names servers for use in the deis private network (default: none)
 #    DEIS_NUM_INSTANCES: Number of instances to create (default: 3)
+#    DEIS_NETWORK: name of neutron network to use.
 
 set -e
 
 THIS_DIR=$(cd $(dirname $0); pwd) # absolute path
 CONTRIB_DIR=$(dirname $THIS_DIR)
+DEIS_NETWORK=${DEIS_NETWORK:-deis}
+DEIS_SECGROUP=${DEIS_SECGROUP:-deis}
 
 source $CONTRIB_DIR/utils.sh
 
@@ -41,18 +44,25 @@ if [ -z "$OS_AUTH_URL" ]; then
   exit 1
 fi
 
-if ! nova network-list|grep -q deis &>/dev/null; then
+if neutron net-list|grep -q $DEIS_NETWORK &>/dev/null; then
+  NETWORK_ID=$(neutron net-list | grep internal | awk -F'| ' '{print $2}')
+else
   echo_yellow "Creating deis private network..."
   CIDR=${DEIS_CIDR:-10.21.12.0/24}
   SUBNET_OPTIONS=""
   [ ! -z "$DEIS_DNS" ] && SUBNET_OPTIONS=$(echo $DEIS_DNS|awk -F "," '{for (i=1; i<=NF; i++) printf "--dns-nameserver %s ", $i}')
-  NETWORK_ID=$(neutron net-create deis | awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
+  NETWORK_ID=$(neutron net-create $DEIS_NETWORK | awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
   echo "DBG: SUBNET_OPTIONS=$SUBNET_OPTIONS"
-  SUBNET_ID=$(neutron subnet-create --name deis_subnet $SUBNET_OPTIONS deis $CIDR| awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
-else
-  NETWORK_ID=$(neutron net-list | awk '{printf "%s", ($4 == "deis" ? $2 : "")}')
+  SUBNET_ID=$(neutron subnet-create --name deis_subnet $SUBNET_OPTIONS $NETWORK_ID $CIDR| awk '{ printf "%s", ($2 == "id" ? $4 : "")}')
 fi
 
+if ! neutron security-group-list | grep -q $DEIS_SECGROUP &>/dev/null; then
+  neutron security-group-create $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol tcp --remote-ip-prefix 0/0 --port-range-min 22 --port-range-max 22 $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol tcp --remote-ip-prefix 0/0 --port-range-min 2222 --port-range-max 22222 $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol tcp --remote-ip-prefix 0/0 --port-range-min 80 --port-range-max 80 $DEIS_SECGROUP
+  neutron security-group-rule-create --protocol icmp --remote-ip-prefix 0/0 $DEIS_SECGROUP
+fi
 
 if [ -z "$DEIS_NUM_INSTANCES" ]; then
     DEIS_NUM_INSTANCES=3
@@ -63,7 +73,9 @@ $CONTRIB_DIR/util/check-user-data.sh
 
 i=1 ; while [[ $i -le $DEIS_NUM_INSTANCES ]] ; do \
     echo_yellow "Provisioning deis-$i..."
-    nova boot --image $COREOS_IMAGE --flavor $FLAVOR --key-name $KEYPAIR --user-data ../coreos/user-data --nic net-id=$NETWORK_ID deis-$i ; \
+    nova boot --image $COREOS_IMAGE --flavor $FLAVOR --key-name $KEYPAIR  \
+      --security-groups $DEIS_SECGROUP --user-data ../coreos/user-data \
+      --nic net-id=$NETWORK_ID deis-$i ; \
     ((i = i + 1)) ; \
 done
 
diff --git a/docs/installing_deis/index.rst b/docs/installing_deis/index.rst
@@ -28,6 +28,7 @@ with CoreOS.
     rackspace
     vagrant
     baremetal
+    openstack
     install-deisctl
     install-platform
 
diff --git a/docs/installing_deis/openstack.rst b/docs/installing_deis/openstack.rst
@@ -0,0 +1,188 @@
+:title: Installing Deis on OpenStack
+:description: How to provision a multi-node Deis cluster on OpenStack
+
+.. _deis_on_openstack:
+
+OpenStack
+=========
+
+Please :ref:`get the source <get_the_source>` and refer to the scripts in `contrib/openstack`_
+while following this documentation.
+
+.. important::
+
+    OpenStack support for Deis was originally contributed by `Shlomo Hakim`_ and has been updated
+    by Deis community members. OpenStack support is untested by the Deis team, so we rely on
+    the community to improve this documentation and to fix bugs. We greatly appreciate the help!
+
+
+Check System Requirements
+-------------------------
+
+Please refer to :ref:`system-requirements` for resource considerations when choosing a machine
+size to run Deis.
+
+Prerequisites
+-------------
+
+Make sure that the following utilities are installed and in your execution path:
+
+* nova
+* neutron
+* glance
+
+Configure OpenStack
+-------------------
+
+Create an ``openrc.sh`` file to match the following:
+
+.. code-block:: console
+
+    $ export OS_AUTH_URL={openstack_auth_url}
+    $ export OS_USERNAME={openstack_username}
+    $ export OS_PASSWORD={openstack_password}
+    $ export OS_TENANT_NAME={openstack_tenant_name}
+
+
+(Alternatively, download OpenStack RC file from Horizon/Access & Security/API Access.)
+
+Source your nova credentials:
+
+.. code-block:: console
+
+    $ source openrc.sh
+
+
+Set up your keys
+----------------
+
+Choose an existing keypair or upload a new public key, if desired.
+
+.. code-block:: console
+
+    $ nova keypair-add --pub-key ~/.ssh/deis.pub deis-key
+
+
+Upload a CoreOS image to Glance
+-------------------------------
+
+You need to have a relatively recent CoreOS image.
+
+.. important::
+
+    Deis runs on CoreOS version 494.5.0 or later in the Stable channel.
+
+If you don't already have a suitable CoreOS image and your OpenStack install allows you to upload
+your own images, the following snippet will use the latest CoreOS image from the stable channel:
+
+.. code-block:: console
+
+    $ wget http://stable.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2
+    $ bunzip2 coreos_production_openstack_image.img.bz2
+    $ glance image-create --name coreos \
+      --container-format bare \
+      --disk-format qcow2 \
+      --file coreos_production_openstack_image.img \
+      --is-public True
+
+
+Generate a New Discovery URL
+----------------------------
+
+.. include:: ../_includes/_generate-discovery-url.rst
+
+
+Choose number of instances
+--------------------------
+
+For scheduling to work properly, clusters must consist of at least 3 nodes and always have an odd
+number of members. Please refer to :ref:`system-requirements` for more information about cluster
+size requirements.
+
+Instruct the provision script to launch the desired number of nodes:
+
+.. code-block:: console
+
+    $ export DEIS_NUM_INSTANCES=3
+
+
+Deis network settings
+---------------------
+
+The script creates a private network called 'deis' if no such network exists.
+
+By default, the deis subnet IP range is set to 10.21.12.0/24. To override it and the default
+DNS settings, set the following variables:
+
+.. code-block:: console
+
+    $ export DEIS_CIDR=10.21.12.0/24
+    $ export DEIS_DNS=10.21.12.3,8.8.8.8
+
+.. note::
+
+    This script does not handle floating IPs or routers. These should be provisioned manually by
+    either Horizon or the CLI.
+
+
+Run the provision script
+------------------------
+
+If you have a fairly straightforward OpenStack install, you should be able to use the provided
+provisioning script. This script assumes you are using neutron and have security-groups enabled.
+
+Run the ``provision-openstack-cluster.sh`` to spawn a new CoreOS cluster. You'll need to provide
+the name of the CoreOS image name (or ID), and the key pair you just added. Optionally, you can also
+specify a flavor name.
+
+.. code-block:: console
+
+    $ cd contrib/openstack
+    $ ./provision-openstack-cluster.sh
+    Usage: provision-openstack-cluster.sh <coreos image name/id> <key pair name> [flavor]
+    $ ./provision-openstack-cluster.sh coreos deis-key
+
+
+You can override the name of the internal network to use by setting the environment variable
+``DEIS_NETWORK=internal``.  If this doesn't exist the script will try to create it with the default
+CIDR which requires your OpenStack cluster to support tenant VLANs.
+
+You can also override the name of the security group to attach to the instances by setting
+``DEIS_SECGROUP=deis_test``.  If this doesn't exist the script will attempt to create it.
+If you are creating your own security groups you can use the provision script as a guide.  Make sure
+that you have a rule to enable full communication inside the security group, or you will have a bad day.
+
+Manually start the instances
+----------------------------
+
+Start the instances and ensure they're operational before continuing.
+
+Configure floating IPs
+----------------------
+
+You will want to attach a floating IP to at least one of your instances.  You'll do that like this:
+
+.. code-block:: console
+
+    $ nova floating-ip-create <pool>
+    $ nova floating-ip-associate deis-1 <IP provided by above command>
+
+Deploy a load balancer
+----------------------
+
+It is recommended that you deploy a load balancer for user requests to your Deis cluster.
+See :ref:`configure-load-balancers` for more details on using load balancers with Deis.
+
+Configure DNS
+-------------
+
+See :ref:`configure-dns` for more information on properly setting up your DNS records with Deis.
+
+Install Deis Platform
+---------------------
+
+Now that you've finished provisioning a cluster, please refer to :ref:`install_deis_platform` to
+start installing the platform.
+
+.. _`contrib/openstack`: https://github.com/deis/deis/tree/master/contrib/openstack
+.. _`Shlomo Hakim`: https://github.com/shakim
diff --git a/docs/installing_deis/quick-start.rst b/docs/installing_deis/quick-start.rst
@@ -49,6 +49,7 @@ Choose one of the following providers and deploy a new cluster:
 - :ref:`deis_on_rackspace`
 - :ref:`deis_on_vagrant`
 - :ref:`deis_on_bare_metal`
+- :ref:`deis_on_openstack`
 
 
 Configure DNS
