First stab at cloud readme, security groups section still needs re-write

2015-05-14 16:51:26 +00:00 · 2015-05-14 16:51:26 +00:00 · d2011bc0e7
commit d2011bc0e7
parent c57f5151fe
1 changed files with 66 additions and 169 deletions
--- a/README.cloud
+++ b/README.cloud
@ -1,154 +1,105 @@
 == Cloud information ==
 cloud instances:
 to startup a new cloud instance and configure for basic server use run (as
 root):
-el6:
+=== Transient instances ===
 sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/el6_temp_instance.yml
-f19:
+Transient instances are short term use instances for Fedora 
-sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/f19_temp_instance.yml
+contributors. They can be terminated at any time and shouldn't be
 relied on for any production use.  If you have an application 
 or longer term item that should always be around
 please create a persistent playbook instead. (see below)
 to startup a new transient cloud instance and configure for basic 
 server use run (as root):
 sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/transient_cloud_instance.yml -e 'name=somename'
 The -i is important - ansible's tools need access to root's sshagent as well
 as the cloud credentials to run the above playbooks successfully.
 This will setup a new instance, provision it and email sysadmin-main that
-the instance was created, it's instance id (for terminating it, attaching
+the instance was created and it's ip address.
 volumes, etc) and it's ip address.
-You will then be able to login, as root.
+You will then be able to login, as root if you are in the sysadmin-main group.
 (If you are making the instance for another user, see below)
-You can add various extra vars to the above commands to change the instance
+You MUST pass a name to it, ie: -e 'name=somethingdescriptive'
-you've just spun up.
+You can optionally override defaults by passing any of the following: 
 image=imagename (default is centos70_x86_64)
 instance_type=some instance type (default is m1.small)
 root_auth_users='user1 user2 user3 @group1' (default always includes sysadmin-main group)
-variables to define:
+Note: if you run this playbook with the same name= multiple times
-instance_type=c1.medium
+openstack is smart enough to just return the current ip of that instance
-security_group=default
+and go on. This way you can re-run if you want to reconfigure it without
-root_auth_users='username1 username2 @groupname'
+reprovisioning it.
 hostbase=basename for hostname - will have instance id appended to it
 === Persistent cloud instances ===
-define these with:
+Persistent cloud instances are ones that we want to always have up and 
-
+configured. These are things like dev instances for various applications, 
--extra-vars="varname=value varname1=value varname2=value"
+proof of concept servers for evaluating something, etc. They will be 
-
+reprovisioned after a reboot/maint window for the cloud. 
 Name        Memory_MB  Disk   VCPUs
 m1.tiny     512        0      1
 m1.small    2048       20     1
 m1.medium   4096       40     2
 m1.large    8192       80     4
 m1.xlarge   16384      160    8
 m1.builder  5120       50     3
 Setting up a new persistent cloud host:
 1. select an ip:
   source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
   oeuca-describe-addresses
  - pick an ip from the list that is not assigned anywhere
  - add it into dns - normally in the cloud.fedoraproject.org but it doesn't
    have to be
-2. If needed create a persistent storage disk for the instance:
+1) Select an available floating IP
   source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
   euca-create-volume -z nova -s <size in gigabytes>
    source /srv/private/ansible/files/openstack/novarc
    nova floating-ip-list
-3. set up the host/ip in ansible host inventory
+2) Add that IP addr to dns (typically as foo.cloud.fedoraproject.org)
   - add to ansible/inventory/inventory under [persistent-cloud]
     - either the ip itself or the hostname you want to refer to it as
-4. setup the host_vars
+3) Create persistent storage disk for the instance (if necessary.. you might not
-   - create file named by the hostname or ip you used in the inventory
+   need this).
   - for adding persistent volumes add an entry like this into the host_vars file
-   volumes: ['-d /dev/vdb vol-BCA33FCD', '-d /dev/vdc vol-DC833F48']
+    nova volume-create --display-name SOME_NAME SIZE
-   for each volume you want to attach to the instance.
+4) Add to ansible inventory in the persistent-cloud group.
   You should use the FQDN for this and not the IP.  Names are good.
-   The device names matter - they start at /dev/vdb and increment. However,
+5) setup the host_vars file.  It should looks something like this::
   they are not reliable IN the instance. You should find the device, partition
   it, format it and label the formatted device then mount the device by label
   or  by UUID. Do not count on the device name being the same each time.
        instance_type: m1.medium
        image: 
        keypair: fedora-admin-20130801
        security_group: webserver
        zone: nova
        tcp_ports: [22, 80, 443]
-Contents should look like this (remove all the comments)
+        inventory_tenant: persistent
        inventory_instance_name: taiga
        hostbase: taiga
        public_ip: 209.132.184.50
        root_auth_users:  ralph maxamillion
        description: taiga frontend server
---
+        volumes:
-# 2cpus, 3GB of ram 20GB of ephemeral space
+          - volume_id: VOLUME_UUID_GOES_HERE
-instance_type: m1.large
+            device: /dev/vdc
 # image id - see global vars. You can also use euca-describe-images to find other images as well
 image: "{{ el6_qcow_id }}"
 keypair: fedora-admin-20130801
 # what security group to add the host to
 security_group: webserver
 zone: fedoracloud
 # instance id will be appended
 hostbase: hostname_base-
 # ip should be in the 209.132.184.XXX range
 public_ip: $ip_you_selected
 # users/groups who should have root ssh access
 root_auth_users:  skvidal bkabrda
 description: some description so someone else can know what this is
-The available images can be found by running::
+        cloud_networks:
-   source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
+          # persistent-net
-   euca-describe-images | grep ami
+          - net-id: "7c705493-f795-4c3a-91d3-c5825c50abfe"
-4. setup a host playbook ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
+6) setup the host playbook
   Note: the name of this file doesn't really matter but it should normally
         be the hostname of the host you're setting up.
- name: check/create instance
+7) run the playbook:
  hosts: $YOUR_HOSTNAME/IP HERE
  user: root
  gather_facts: False
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
  tasks:
  - include: "{{ tasks }}/persistent_cloud.yml"
 - name: provision instance
  hosts: $YOUR_HOSTNAME/IP HERE
  user: root
  gather_facts: True
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars//{{ ansible_distribution }}.yml
  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml
  # fill in other actions/includes/etc here
  handlers:
  - include: "{{ handlers }}/restart_services.yml
 5. add/commit the above to the git repo and push your changes
 6. set it up:
   sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
 7. login, etc
 You should be able to run that playbook over and over again safely, it will
 only setup/create a new instance if the ip is not up/responding.
-SECURITY GROUPS
+=== SECURITY GROUPS ===
 FIXME: needs work for new cloud. 
 - to edit security groups you must either have your own cloud account or
  be a member of sysadmin-main
 This gives you the credential to change things in the persistent tenant
 - source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
 This lists all security groups in that tenant:
 - euca-describe-groups | grep GROUP
@ -190,70 +141,16 @@ impacting other instances using that security group.
 - You will almost always want to allow 22/tcp (sshd) and icmp -1 -1 (ping
 and traceroute and friends).
-
+=== TERMINATING INSTANCES === 
 TERMINATING INSTANCES
 For transient:
-1. source /srv/private/ansible/files/openstack/transient-admin/ec2rc.sh
+1. source /srv/private/ansible/files/openstack/transient-admin/keystonerc.sh
  - OR -
 For persistent:
-1. source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
+1. source /srv/private/ansible/files/openstack/persistent-admin/keystonerc.sh
-2. euca-describe-instances | grep <ip of your instance>
+2. nova list | grep <ip of your instance or name of your instance>
-3. euca-terminate-instances <the id, something like i-00000295>
+3. nova delete <name of instance or ID of instance>
 New Cloud stuff
 ===============
 These are instructions for some basic tasks regarding our "new" openstack cloud.
 Creating a persistant instance
 ------------------------------
 1) Select an available floating IP
    source /srv/private/ansible/files/openstack/novarc
    nova floating-ip-list
 2) Add that IP addr to dns (typically as foo.cloud.fedoraproject.org)
 3) Create persistent storage disk for the instance (if necessary.. you might not
   need this).
    nova volume-create --display-name SOME_NAME SIZE
 4) Add to ansible inventory in the persistent-cloud group.
   You should use the FQDN for this and not the IP.  Names are good.
 5) setup the host_vars file.  It should looks something like this::
        instance_type: m1.medium
        image: "{{ f20_qcow_id }}"
        keypair: fedora-admin-20130801
        security_group: webserver
        zone: nova
        tcp_ports: [22, 80, 443]
        inventory_tenant: persistent
        inventory_instance_name: taiga
        hostbase: taiga
        public_ip: 209.132.184.50
        root_auth_users:  ralph maxamillion
        description: taiga frontend server
        volumes:
          - volume_id: VOLUME_UUID_GOES_HERE
            device: /dev/vdc
        cloud_networks:
          # persistent-net
          - net-id: "7c705493-f795-4c3a-91d3-c5825c50abfe"
 6) setup the host playbook