system-config/launch
Jeremy Stanley b48c3bc49b Update launch docs for salt permissions.
* launch/README: Mention adding yourself to the salt group.

* modules/salt/manifests/master.pp: Loosen directory permissions
minimally as needed for salt group members to be able to run the
launch script without being root.

Change-Id: I4e462fe2efabe2200a635c79e4b7a1314bf174a3
Reviewed-on: https://review.openstack.org/27562
Reviewed-by: Jesse Keating <jesse.keating@rackspace.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2013-04-30 17:22:23 +00:00
..
dns.py Print DNS commands when launching a node. 2013-02-22 00:19:25 +00:00
launch-node.py Add functionality to create Salt keypairs 2013-04-11 23:45:00 +00:00
README Update launch docs for salt permissions. 2013-04-30 17:22:23 +00:00
sshclient.py Add a launch script. 2012-10-13 16:49:55 +00:00
utils.py Add functionality to create Salt keypairs 2013-04-11 23:45:00 +00:00

Create Server
=============

Note that these instructions assume you're working from this
directory on an updated local clone of the repository, and that
your account is a member of the puppet and salt groups for access
to their respective keys::

  sudo adduser YOURUSER puppet
  sudo adduser YOURUSER salt

(Remember to log out and back into your shell if you add yourself
to a group.)

To launch a node in the OpenStack CI account (production servers)::

  . ~root/ci-launch/openstackci-rs-nova.sh
  export FQDN=servername.openstack.org
  sudo puppet cert generate $FQDN
  ./launch-node.py $FQDN

To launch a node in the OpenStack Jenkins account (slave nodes)::

  . ~root/ci-launch/openstackjenkins-rs-nova.sh
  export FQDN=slavename.slave.openstack.org
  export CERT=slavetype.slave.openstack.org
  nova image-list
  export IMAGE='Ubuntu 12.10 (Quantal Quetzal)'
  nova flavor-list
  export RAM=8192
  sudo puppet cert generate $CERT
  ./launch-node.py $FQDN --cert $CERT.pem --image "$IMAGE" --ram $RAM

If you are launching a replacement server, you may skip the generate
step and specify the name of an existing puppet cert (as long as the
private key is on this host).

The server name and cert names may be different (as in the Jenkins
slave example), but launch-node.py will assume they are the same
unless specified.

Manually add the hostname to DNS (the launch script does not do so
automatically). Note that this example assumes you've already
exported a relevant FQDN and sourced the appropriate API credentials
above.

Add DNS Records
===============

There are no scripts to automatically handle DNS at the moment due to
a lack of library support for the new Rackspace Cloud DNS (with IPv6).
However, the launch-node script will print the commands needed to be
run to configure DNS for a newly launched server.  To see the commands
for an existing server, run:

  ./dns.py $FQDN

Activate Puppet Agent
=====================

If this is a Jenkins slave, Puppet configuration is applied through
an already installed cron job, so you can ignore this section. If
this is ''not'' a Jenkins slave, you'll want to log into it via SSH
and turn on the Puppet agent so it will start checking into the
master on its own::

  sudo sed -i 's/^START=.*/START=yes/' /etc/default/puppet
  sudo invoke-rc.d puppet start

You should be able to tell from the Puppet Dashboard when it begins
to check in, which normally happens at 10-minute intervals.