Streamline launching new nodes.

* launch/README: More clarity on Jenkins slave example, and additional levels of cut-n-pasteability on the DNS record creation example. Also switch from requiring root to expecting to be run from a normal account with sudo access and membership in the puppet group. * launch/launch-node.py: Default to assuming the certname is the same as the node FQDN, if it isn't overridden via command-line option. Change-Id: I9c987055b18e084983f2459fe01598837e1ebcc6 Reviewed-on: https://review.openstack.org/20645 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-01-28 21:50:37 +00:00 · 2013-01-28 21:50:37 +00:00 · 168b11398a
commit 168b11398a
parent f8edec9929
2 changed files with 41 additions and 24 deletions
--- a/launch/README
+++ b/launch/README
@ -1,29 +1,42 @@
-Note that these instructions assume commands will be run in a full
+Note that these instructions assume you're working from this
-root environment::
+directory on an updated local clone of the repository, and that
 your account is a member of the puppet group for access to the
 puppet keys::
-  sudo su -
+  sudo adduser YOURUSER puppet
 (Remember to log out and back into your shell if you add yourself
 to a group.)
 To launch a node in the OpenStack CI account (production servers)::
  export FQDN=servername.openstack.org
  . ~root/ci-launch/openstackci-rs-nova.sh
  sudo puppet cert generate $FQDN
  ./launch-node.py $FQDN
 To launch a node in the OpenStack Jenkins account (slave nodes)::
  export FQDN=slavename.slave.openstack.org
  export CERT=slavetype.slave.openstack.org
  export IMAGE='Ubuntu 12.10 (Quantal Quetzal)'
  export RAM=2048
  . ~root/ci-launch/openstackjenkins-rs-nova.sh
-
+  sudo puppet cert generate $CERT
-Then::
+  ./launch-node.py $FQDN --cert $CERT.pem --image "$IMAGE" --ram $RAM
  puppet cert generate servername.openstack.org
  ./launch-node.py servername.openstack.org --cert servername.openstack.org.pem
 If you are launching a replacement server, you may skip the generate
 step and specify the name of an existing puppet cert (as long as the
 private key is on this host).
-The server name and cert names may be different.
+The server name and cert names may be different (as in the Jenkins
 slave example), but launch-node.py will assume they are the same
 unless specified.
 Manually add the hostname to DNS (the launch script does not do so
-automatically).
+automatically). Note that this example assumes you've already
 exported a relevant FQDN and sourced the appropriate API credentials
 above.
 DNS
 ===
@ -37,17 +50,16 @@ URL should be satisfied by sourcing the "openstackci-rs-nova.sh"
 script (or jenkins, as appropriate).
  . ~root/rackdns-venv/bin/activate
  . ~root/ci-launch/openstackci-rs-nova.sh
-  export SERVERNAME=server
+  TEMPFILE=$(tempfile)
-  nova list | grep "| $SERVERNAME\.openstack\.org "
+  nova list | grep "| $FQDN " | sed 's/^| \([0-9a-f-]\+\) .* public=\([0-9a-f:]\+\), \([0-9\.]\+\);.*/export UUID="\1"\nexport IPV6="\2"\nexport IPV4="\3"/' > $TEMPFILE
-  export IPV6ADDR=dead:beef::cafe
+  cat $TEMPFILE
-  export IPV4ADDR=123.45.67.89
+  . $TEMPFILE
-  export UUID=fedcba98-7654-3210-0123-456789abcdef
+  rm $TEMPFILE
-  rackdns rdns-create --name $SERVERNAME.openstack.org --data $IPV6ADDR --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/$UUID --ttl 300
+  rackdns rdns-create --name $FQDN --data "$IPV6" --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/"$UUID" --ttl 300
-  rackdns rdns-create --name $SERVERNAME.openstack.org --data $IPV4ADDR --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/$UUID --ttl 300
+  rackdns rdns-create --name $FQDN --data "$IPV4" --server-href https://$os_region_name.servers.api.rackspacecloud.com/v2/$OS_TENANT_NAME/servers/"$UUID" --ttl 300
-  . openstack-rs-nova.sh
+  . ~root/ci-launch/openstack-rs-nova.sh
-  rackdns record-create --name $SERVERNAME.openstack.org --type AAAA --data $IPV6ADDR --ttl 300 openstack.org
+  rackdns record-create --name $FQDN --type AAAA --data "$IPV6" --ttl 300 openstack.org
-  rackdns record-create --name $SERVERNAME.openstack.org --type A --data $IPV4ADDR --ttl 300 openstack.org
+  rackdns record-create --name $FQDN --type A --data "$IPV4" --ttl 300 openstack.org
--- a/launch/launch-node.py
+++ b/launch/launch-node.py
@ -151,15 +151,20 @@ def main():
    parser.add_argument("--environment", dest="environment",
                        default="production",
                        help="puppet environment name")
-    parser.add_argument("--cert", dest="cert", required=True,
+    parser.add_argument("--cert", dest="cert",
                        help="name of signed puppet certificate file (e.g., "
                        "hostname.example.com.pem)")
    options = parser.parse_args()
    client = get_client()
    if options.cert:
        cert = options.cert
    else:
        cert = options.name + ".pem"
    if not os.path.exists(os.path.join("/var/lib/puppet/ssl/private_keys",
-                                       options.cert)):
+                                       cert)):
        raise Exception("Please specify the name of a signed puppet cert.")
    flavors = [f for f in client.flavors.list() if f.ram >= options.ram]
@ -187,7 +192,7 @@ def main():
    image = images[0]
    print "Found image", image
-    build_server(client, options.name, image, flavor, options.cert, options.environment)
+    build_server(client, options.name, image, flavor, cert, options.environment)
 if __name__ == '__main__':
    main()