Gerard Braad's bloghttps://blog.gbraad.nl/2016-11-08T00:00:00+08:00Presentation: Atomic, FUDCon Phnom Penh2016-11-08T00:00:00+08:002016-11-08T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-11-08:/presentation-atomic-fudcon-phnom-penh.html<p>This is the presentation as given at the FUDCon Phnom Penh. In short it explains
what Project Atomic is, how to use Atomic Host, and some advanced use-cases;
deployment of a composed application, and customization of the Atomic images.
The presentation relied heavily on showing usage in the form of …</p><p>This is the presentation as given at the FUDCon Phnom Penh. In short it explains
what Project Atomic is, how to use Atomic Host, and some advanced use-cases;
deployment of a composed application, and customization of the Atomic images.
The presentation relied heavily on showing usage in the form of a demo,
therefore please see the links to the other relevant articles on this blog.</p>
<h2>Presentation</h2>
<iframe src="//gbraad.gitlab.io/presentation-fudcon-phnompenh/" width="1024" height="768">
<p>Your browser does not support iframes.</p>
</iframe>
<h2>Feedback</h2>
<p>If you have any suggestion, please discuss below or send me an email.</p>Setup OpenStack Keystone for testing purposes2016-10-27T00:00:00+08:002016-10-27T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-10-27:/setup-openstack-keystone-for-testing-purposes.html<p>OpenStack can be seen as a set of projects which combined into a configuration
can deliver a management solution for different use-cases. However, several of
these projects can also exist on their own to provide a certain functionality,
such as Keystone, Ironic, etc. Some of these I will describe in …</p><p>OpenStack can be seen as a set of projects which combined into a configuration
can deliver a management solution for different use-cases. However, several of
these projects can also exist on their own to provide a certain functionality,
such as Keystone, Ironic, etc. Some of these I will describe in articles on this
blog, but let's start with one of the most important one's that deal with
Authenticatioin, namely Keystone.</p>
<h2>Keystone</h2>
<p>Keystone is one of the core projects of OpenStack and is responsible for
providing Identity. It offersauthentication, authorization and service
discovery mechanisms via HTTP. Especially this last property, offering the API
to be accessed by HTTP as a ReSTful interface offers a lot of opportunities for
re-use. More about the Keystone project can be found on the
<a href="http://docs.openstack.org/developer/keystone/">project homepage</a>.</p>
<h2>Containerized</h2>
<p>To simplify the deployment process, I have containerized Keystone. The image can
be found at <a href="https://gitlab.com/gbraad/openstack-keystone">GitLab</a> and the
<a href="https://hub.docker.com/r/gbraad/openstack-keystone/">Docker Registry</a>.</p>
<h3><code>Dockerfile</code></h3>
<p>The image is based on a standard CentOS 7 cloud image. To install Keystone, I
used the packaged version from the <a href="//www.rdoproject.org">RDO project</a>. After
an update, it install the repository information pointing to mitaka, and then
it install the Keystone service, some useful utils to use with OpenStack and
the SELinux configuration files.</p>
<div class="highlight"><pre><span></span><code>RUN yum update -y && \
yum install -y centos-release-openstack-mitaka && \
yum install -y openstack-keystone openstack-utils openstack-selinux && \
yum clean all
</code></pre></div>
<p>After this we expose the ports that Keystone uses for interaction.</p>
<div class="highlight"><pre><span></span><code>EXPOSE 5000
EXPOSE 35357
</code></pre></div>
<p>As the <code>CMD</code> it will run a simple initialization script. It takes care to setup
an admin token and use a MySQL connection. It then starts <code>keystone-manage</code> to
provision the database with the schemas. And finally, it will use <code>keystone-all</code>
to run the services on the exposed ports.</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/sh</span>
<span class="nv">ADMIN_TOKEN</span><span class="o">=</span><span class="si">${</span><span class="nv">ADMIN_TOKEN</span><span class="p">-</span><span class="sb">`</span>openssl<span class="w"> </span>rand<span class="w"> </span>-hex<span class="w"> </span><span class="m">10</span><span class="sb">`</span><span class="si">}</span>
openstack-config<span class="w"> </span>--set<span class="w"> </span>/etc/keystone/keystone.conf<span class="w"> </span>DEFAULT<span class="w"> </span>admin_token<span class="w"> </span><span class="nv">$ADMIN_TOKEN</span>
openstack-config<span class="w"> </span>--set<span class="w"> </span>/etc/keystone/keystone.conf<span class="w"> </span>DEFAULT<span class="w"> </span>use_stderr<span class="w"> </span>True
openstack-config<span class="w"> </span>--set<span class="w"> </span>/etc/keystone/keystone.conf<span class="w"> </span>database<span class="w"> </span>connection<span class="w"> </span><span class="si">${</span><span class="nv">CONNECTION</span><span class="p">-mysql://keystone:</span><span class="nv">password</span><span class="p">@dbhost/keystone</span><span class="si">}</span>
su<span class="w"> </span>keystone<span class="w"> </span>-s<span class="w"> </span>/bin/sh<span class="w"> </span>-c<span class="w"> </span><span class="s2">"keystone-manage db_sync"</span>
/usr/bin/keystone-all
</code></pre></div>
<p>In the rest of the article I will describe how to use this image to setup the
test environment. The first component you will need to use Keystone is the
database to store the credentials and other relevant information.</p>
<h3>Setup database</h3>
<p>As you saw in the <code>Dockerfile</code>, we specified a MySQL connection. To make it
easy to deploy, we will also be using a container for this database server. I
prefer to use MariaDB, as this is also what normally would come with CentOS. For
this article I will be using MariaDB version 10.1.</p>
<p>To start the container perform the following command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>run<span class="w"> </span>-d<span class="w"> </span>--name<span class="w"> </span>keystone-database<span class="w"> </span>-e<span class="w"> </span><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="o">=</span>secrete<span class="w"> </span>mariadb:10.1
</code></pre></div>
<p>This will pull the container and start a named instance as <code>keystone-database</code>.
The <code>root</code> password to configure the database is set using the environment
variable to <code>secrete</code>.</p>
<p>Using this password and container name, we will create a database for Keystone
and grant priviliges:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-database<span class="w"> </span>mysql<span class="w"> </span>-psecrete<span class="w"> </span>-e<span class="w"> </span><span class="s2">"create database keystone;"</span>
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-database<span class="w"> </span>mysql<span class="w"> </span>-psecrete<span class="w"> </span>-e<span class="w"> </span><span class="s2">"GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';"</span>
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-database<span class="w"> </span>mysql<span class="w"> </span>-psecrete<span class="w"> </span>-e<span class="w"> </span><span class="s2">"GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password';"</span>
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-database<span class="w"> </span>mysql<span class="w"> </span>-psecrete<span class="w"> </span>-e<span class="w"> </span><span class="s2">"flush privileges;"</span>
</code></pre></div>
<p>After this, all the setting for the database are done and we can just leave it
running without further configuration.</p>
<h3>Generate token for API usage</h3>
<p>Just like MariaDB, Keystone can use a token to perform the initial configuration.
It is preferred to make this admin token something that is random and not easily
guessable. A random token can be generated for instance with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">export</span><span class="w"> </span><span class="nv">TOKEN</span><span class="o">=</span><span class="k">$(</span>openssl<span class="w"> </span>rand<span class="w"> </span>-hex<span class="w"> </span><span class="m">10</span><span class="k">)</span>
</code></pre></div>
<p>In the rest of the article, this token will be used.</p>
<h3>Start container</h3>
<p>After the database has been setup, and a token has been decided, we can start
the Keystone services. </p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>run<span class="w"> </span>-d<span class="w"> </span>--link<span class="w"> </span>keystone-database:dbhost<span class="w"> </span>-e<span class="w"> </span><span class="nv">ADMIN_TOKEN</span><span class="o">=</span><span class="nv">$TOKEN</span><span class="w"> </span>-p<span class="w"> </span><span class="m">5000</span>:5000<span class="w"> </span>--name<span class="w"> </span>keystone-server<span class="w"> </span>gbraad/openstack-keystone:mitaka
</code></pre></div>
<p>This will link the keystone container to the database container. If all goes
well, the service will now be available on the exposed ports. The container
instance will be identified by the name <code>keystone-server</code>.</p>
<p>As mentioned earlier, when the container gets started, it will provision the
database with the schemas that are needed.</p>
<p>In the following segment we will configure Keystone. </p>
<h3>Create service entry</h3>
<p>To finalize the Keystone configuration, we will insert the service and endpoints
for the Identity service.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-server<span class="w"> </span>keystone<span class="w"> </span>--os-token<span class="w"> </span><span class="nv">$TOKEN</span><span class="w"> </span>--os-endpoint<span class="w"> </span>http://localhost:35357/v2.0/<span class="w"> </span>service-create<span class="w"> </span>--name<span class="o">=</span>keystone<span class="w"> </span>--type<span class="o">=</span>identity<span class="w"> </span>--description<span class="o">=</span><span class="s2">"Keystone Identity Service"</span>
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-server<span class="w"> </span>keystone<span class="w"> </span>--os-token<span class="w"> </span><span class="nv">$TOKEN</span><span class="w"> </span>--os-endpoint<span class="w"> </span>http://localhost:35357/v2.0/<span class="w"> </span>endpoint-create<span class="w"> </span>--service<span class="w"> </span>keystone<span class="w"> </span>--publicurl<span class="w"> </span><span class="s1">'http://localhost:5000/v2.0'</span><span class="w"> </span>--adminurl<span class="w"> </span><span class="s1">'http://localhost:35357/v2.0'</span><span class="w"> </span>--internalurl<span class="w"> </span><span class="s1">'http://localhost:5000/v2.0'</span>
</code></pre></div>
<p>Note that these command are performed inside the keystone container.</p>
<h3>Create admin user</h3>
<p>To allow access to keystone without using the admin token, we will need to
create a user. The following commands will create a user named <code>admin</code> with
the password <code>password</code> and add this to a tenant called <code>admin</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-server<span class="w"> </span>keystone<span class="w"> </span>--os-token<span class="w"> </span><span class="nv">$TOKEN</span><span class="w"> </span>--os-endpoint<span class="w"> </span>http://localhost:35357/v2.0/<span class="w"> </span>user-create<span class="w"> </span>--name<span class="w"> </span>admin<span class="w"> </span>--pass<span class="w"> </span>password
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-server<span class="w"> </span>keystone<span class="w"> </span>--os-token<span class="w"> </span><span class="nv">$TOKEN</span><span class="w"> </span>--os-endpoint<span class="w"> </span>http://localhost:35357/v2.0/<span class="w"> </span>role-create<span class="w"> </span>--name<span class="w"> </span>admin
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-server<span class="w"> </span>keystone<span class="w"> </span>--os-token<span class="w"> </span><span class="nv">$TOKEN</span><span class="w"> </span>--os-endpoint<span class="w"> </span>http://localhost:35357/v2.0/<span class="w"> </span>tenant-create<span class="w"> </span>--name<span class="w"> </span>admin
$<span class="w"> </span>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>keystone-server<span class="w"> </span>keystone<span class="w"> </span>--os-token<span class="w"> </span><span class="nv">$TOKEN</span><span class="w"> </span>--os-endpoint<span class="w"> </span>http://localhost:35357/v2.0/<span class="w"> </span>user-role-add<span class="w"> </span>--user<span class="w"> </span>admin<span class="w"> </span>--role<span class="w"> </span>admin<span class="w"> </span>--tenant<span class="w"> </span>admin
</code></pre></div>
<p>More detailed setups are possible, and for this I will refer you to the Keystone
documentation.</p>
<h3>Getting a user token</h3>
<p>To verify Keystone works, we will retrieve a token. First you need to know the
IP address that has been assigned to your container.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>inspect<span class="w"> </span>--format<span class="o">=</span><span class="s2">"{{.NetworkSettings.IPAddress}}"</span><span class="w"> </span>keystone-server
<span class="m">172</span>.17.0.6
</code></pre></div>
<p>This can be helpful to communicate between different containers on the same
Docker network. You could create a new container, or pull my
<a href="https://gitlab.com/gbraad/openstack-client">OpenStack client</a> container.</p>
<h4>Using the OpenStack client</h4>
<p>Using the OpenStack client you can retrieve a token using the following
configuration:</p>
<p><code>keystonerc</code></p>
<div class="highlight"><pre><span></span><code>OS_IDENTITY_API_VERSION=3
OS_AUTH_URL=http://172.17.0.6:5000/v3
OS_USERNAME=admin
OS_PASSWORD=password
OS_PROJECT_NAME=admin
OS_USER_DOMAIN_NAME=Default
OS_PROJECT_DOMAIN_NAME=Default
</code></pre></div>
<p>When you use the following commands you will be given a token:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">source</span><span class="w"> </span>keystonerc
$<span class="w"> </span>openstack<span class="w"> </span>token<span class="w"> </span>issue
</code></pre></div>
<h4>Using cURL</h4>
<p>Since Keystone uses a HTTP interface, you can also retrieve the token using the
cURL command. When using the <code>-i</code> parameter, cURL will return all the headers
from the response. This will include the <code>X-SUBJECT-TOKEN</code> we want.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>curl<span class="w"> </span>-i<span class="w"> </span>-H<span class="w"> </span><span class="s2">"Content-Type: application/json"</span><span class="w"> </span>-d<span class="w"> </span><span class="s1">'</span>
<span class="s1">{ "auth": {</span>
<span class="s1"> "identity": {</span>
<span class="s1"> "methods": ["password"],</span>
<span class="s1"> "password": {</span>
<span class="s1"> "user": {</span>
<span class="s1"> "name": "admin",</span>
<span class="s1"> "domain": { "name": "Default" },</span>
<span class="s1"> "password": "password"</span>
<span class="s1"> }</span>
<span class="s1"> }</span>
<span class="s1"> },</span>
<span class="s1"> "scope": {</span>
<span class="s1"> "project": {</span>
<span class="s1"> "name": "admin",</span>
<span class="s1"> "domain": { "name": "Default" }</span>
<span class="s1"> }</span>
<span class="s1"> }</span>
<span class="s1"> }</span>
<span class="s1">}'</span><span class="w"> </span>http://172.17.0.6:5000/v3/auth/tokens
</code></pre></div>
<p>A response will follow. You need to set the value of <code>X-Subject-Token</code> to
<code>OS_TOKEN</code>, or use in cURL as the <code>X-AUTH-TOKEN</code> header. More about this can
be found in the Keystone documentation: <a href="http://docs.openstack.org/developer/keystone/api_curl_examples.html">API Examples using cURL</a>.</p>
<h3>How this was used for development</h3>
<p>For the <a href="https://github.com/projectatomic/commissaire">Commissaire project</a> I
added Keystone functionality using two methods; using
<a href="https://github.com/projectatomic/commissaire-http/issues/21">password</a> and
<a href="https://github.com/projectatomic/commissaire-http/issues/28">token</a>. The above
described container was used to allow easy deployment and testing.</p>
<p>As I decided not to introduce unnecessary libraries as dependencies, the
communication from Commissaire happens over the HTTP ReST interface. To
authenticate using a basic authorization, using the password method, we only
need to construct a simple JSON object:</p>
<div class="highlight"><pre><span></span><code>{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "name": "Default" },
"password": "password"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "name": "Default" }
}
}
}
}
</code></pre></div>
<p>In code we described this with:</p>
<div class="highlight"><pre><span></span><code> headers = {'Content-Type': 'application/json'}
body = {'auth': {'identity': {}}}
ident = body['auth']['identity']
ident['methods'] = ['password']
ident['password'] = {'user': {
'name': user,
'password': passwd,
'domain': {'name': self.domain}}}
</code></pre></div>
<p>To perform the authentication, we send a request:</p>
<div class="highlight"><pre><span></span><code> response = requests.post(
self.url,
data=json.dumps(body),
headers=headers)
</code></pre></div>
<p>to the endpoint exposed at: <code>http://172.17.0.6:5000/v3/auth/tokens</code>. When the
response includes the header <code>X-Subject-Token</code> the authentication succeeded,
else we failed and send a 403 as status code.</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="s1">'X-Subject-Token'</span><span class="w"> </span><span class="nv">in</span><span class="w"> </span><span class="nv">response</span>.<span class="nv">headers</span>:
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="nv">True</span>
<span class="w"> </span>#<span class="w"> </span><span class="nv">Forbid</span><span class="w"> </span><span class="nv">by</span><span class="w"> </span><span class="nv">default</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="nv">False</span>
</code></pre></div>
<p>The Implementation for authentication using a token is quite similar, instead
we will take the <code>X-Auth-Token</code> from the request we received and verify this
against Keystone using the following request:</p>
<div class="highlight"><pre><span></span><code>{
"auth": {
"identity": {
"methods": [
"token"
],
"token": {
"id": "faa166abf235430e81c9fa12ad248533"
}
}
}
}
</code></pre></div>
<p>Just like in the previous example, the endpoint is:
<code>http://172.17.0.6:5000/v3/auth/tokens</code>. If the authentication is succesful
the response will contain the <code>X-Subject-Token</code> header.</p>
<h2>Conclusion</h2>
<p>Keystone is powerful service to provide authentication for your infrastructure.
As you can see from this example, using a containerized (composed) environment,
it is easy to get a basic setup running. And using the ReST API it is also
very simple to handle authentication outside of your own application. In future
articles more advanced scenarios will be given.</p>
<p>At the moment, password authentication using Keystone and Commissaire is
possible and hopefully soon we will also have integrated the token based
authentication.</p>
<p>If you have comments or suggestions, please leave them below or consider sending
a message to me on <a href="http://twitter.com/gbraad">Twitter</a>: @gbraad.</p>Flatpak; the road to CI/CD for desktop applications?2016-10-22T00:00:00+08:002016-10-22T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-10-22:/flatpak-the-road-to-cicd-for-desktop-applications.html<p>In this presentation I will introduce Flatpak and how it changes the software
distribution model for Linux. In short it will explain the negatives of using
packages, how Flatpak solves this, and how to create your own applications and
distribute them for use with Flatpak. This presentation was given at …</p><p>In this presentation I will introduce Flatpak and how it changes the software
distribution model for Linux. In short it will explain the negatives of using
packages, how Flatpak solves this, and how to create your own applications and
distribute them for use with Flatpak. This presentation was given at the <a href="//www.bjgug.org/events/gnome-3-22-party/">GNOME
3.22 release party</a>, organized by the
Beijing GNOME User Group.</p>
<h2>Presentation</h2>
<iframe src="//gbraad.gitlab.io/presentation-bjgug-flatpak/slides.html" width="1024" height="768">
<p>Your browser does not support iframes.</p>
</iframe>
<h2>Feedback</h2>
<p>If you have any suggestion, please discuss below or send me an email.</p>
<p>Note: the original presentation can be found at: <a href="https://gitlab.com/gbraad/presentation-bjgug-flatpak">GitLab: BJGUG Flatpak</a>.
This is based on an earlier presentation about <a href="/blog/software-distribution-for-a-new-era.html">Software Dsitribution for a new era</a></p>"Task management and Personal Kanban: how I use GitLab Issues"2016-10-09T00:00:00+08:002016-10-09T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-10-09:/task-management-and-personal-kanban-how-i-use-gitlab-issues.html<p>Working on personal and work-related tasks can be overwhelming, especially when
you lose sight of what actually needs to be done. What makes it more difficult
is that you are constantly interrupted. I have tried many different things, and
apps, but nothing really worked. Do not try to make your …</p><p>Working on personal and work-related tasks can be overwhelming, especially when
you lose sight of what actually needs to be done. What makes it more difficult
is that you are constantly interrupted. I have tried many different things, and
apps, but nothing really worked. Do not try to make your process of working to
fit the tool, but make sure you have a tool that fits the way you work.</p>
<h2>Kanban</h2>
<p>Kanban (or 看板) originated as a scheduling system to improving manufacturing
efficiency. The word literally means signboard in Japanese, and in Chinese it
can be read as 'Look board'. It emphasizes on visualization of tasks that need
to be done, are being worked on, and have finished.</p>
<p>In software development you often see people use Trello or other kanban-like
boards to visualize work that is on their 'backlog', 'doing', 'done'. Although
these tools work quite well, it did not fit my workflow or where I do most of
my work.</p>
<h2>GitLab issues</h2>
<p>Quite recently, GitLab released a version of their sourcecode management tool
that allows to visualize issues on a board. And I started to evaluate it, as
GitLab is part of my workflow in general. I host many of my private
repositories there for backup purposes, use it to publish my resume with the
CI runners, etc. And I can tell you, that the issue boards was exactly what I
was looking for.</p>
<p>Below is a screenshot of what it looks like:
<img alt="" src="//cdn.gbraad.nl/images/blog/kanban-gitlab.jpg"></p>
<p>Note: the image shown here is from an early iteration and still has too
many items in 'doing'. This actually made me realize where my time was spent.</p>
<h3>How to set-up</h3>
<p>All you need to do is create a private repository. In my case, I created a
'personal' project. All the issues you create, will only be visible to you.
After you have done this, you can create a board from the Issues. Just start
with the defaults first and customize it along the way... This made it
work best for me.</p>
<h3>Workflow</h3>
<p>When you create an issue, just tag it accordingly. I use it to group
tasks for different topics or things I work on. Now when you open the
board, you will see your issue is on the 'backlog'. From there you can
drag it to a swimlane. I have several that helps to organize tasks,
such as 'blog' and 'urgent'. When you drag, it will assign the label
to the issue according to the name of the swimlane.</p>
<h3>Offline use?</h3>
<p>There is, however, a small issue with the setup. It only allows me to work
online. In the end I noticed this is actually not a big problem.</p>
<h2>Single-tasking</h2>
<p>Kanban helps you to visualize your tasks at hand, but it still requires
discipline to actually make it work. Therefore, you need to understand that
'multi-tasking' does not exist! I recently read 'Singletasking: Get More
Done-One Thing at a Time', and it help me a lot to realize that I was
going the right direction with my personal kanban. However, I was still
trying to do too many things at once. Mostly due to interruptions. This
led me to appreciate the offline problem I have.</p>
<p>If I have an interruption, or some other urgent matter, I would first
record it on my phone in a file called 'reminder', which lives in the same
personal repository. This file is synced using git, so it travels with me
and it allows me to use it as a general reminder/todo record keeping,
and decide later what to do with the entries.</p>
<h2>Tools</h2>
<p>On my desktop I only need to use a browser to keep track of tasks
being worked on. Even the reminder file can be opened from here.</p>
<p>On my phone I use the following apps:
<img alt="" src="//cdn.gbraad.nl/images/blog/kanban-apps-on-phone.jpg"></p>
<p>Writeily Pro, SGit, and Labcoat. Using SGit I sync several important
repositories to my phone, such as my 'personal', 'knowledge-base',
and some private specific projects for training/teaching, etc.</p>
<p>Writeily Pro opens the SGit repos folder as it's document folder:
<code>/sdcard/Android/data/me.sheimi.sgit/files/repo</code> in my case. Writely's
usage was not without problems for me. Especially when dealing with
some 'larger' files.</p>
<p>Using Labcoat I am able to create and change basic information of an
issue, such as closing it and adding comments. But I usually do all
interactions online now, and else use my offline reminder file. I
only use Labcoat only in rare cases. Probably also because the tool
misses some of the more wanted features as labelling and tagging
issues.</p>
<p>I haven't found a good way to use the command line yet. I did start
with a small <a href="https://gitlab.com/gbraad/gitlab-client">client</a>, but so
far it only reads and doesn't filter anything. Hope I can allocate more
time to deal with this at some point. At the moment I do not really
need it.</p>
<h2>Conclusion</h2>
<p>Task management is not something you learn by just reading a book or
keeping a todo-list inside an application. It really is a discipline.
And it depends on you, how you will deal with it. This article does not
go into a lot of detail on my own process, as this is a personal quest.
Just experiment and see what works best for you.</p>
<p>I have read several books, and in the section 'More information' below,
you can find these resources. It involves in keeping your tasks
<em>visualized</em> and <em>limiting</em> the amount you work on at the same time. It
is up to you how to balance private and work.</p>
<p>I also learned that to keep things organized, I started to keep a public
<a href="https://gitlab.com/gbraad/knowledge-base/">knowledge base</a>. This way I
am better able to keep knowledge available and at hand. Before, I would
keep it in an earlier version of a reminder file and this cluttered
everything and actually not made me remember things. I am still working
on writing things done in a more general way, written towards possible
others who will read it. But this is a work-in-progress, as part of my
personal continous improvement.</p>
<p>I will certainly refine my process over time, and might even change it
again completely. As long as it works for me. I'll keep you updated and
might write related articles about time management and knowledge
techniques I have used over the years. One I still love the most is
mind-mapping... and I have applied it to organizing work before. It is
a great way to organize thoughts.</p>
<h2>More information</h2>
<p>I suggest to read more about personal kanban.</p>
<ul>
<li><a href="http://www.personalkanban.com/pk/personal-kanban-101/">Personal Kanban 101</a></li>
<li>Knowledge-base: <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/books/personal-kanban.md">Personal kanban</a></li>
<li>Knowledge-base: <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/books/singletasking.md">Singletasking</a></li>
<li><a href="https://hguemar.fedorapeople.org/personal-kanban/">Presentation</a> of a friend's experience with Personal Kanban</li>
</ul>Dear recruiter2016-10-08T00:00:00+08:002016-10-08T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-10-08:/dear-recruiter.html<p>As an engineer I love to work and talk about software and software development.
Looking for a new opportunity is not an easy task. There is a story behind every
choice people make, and in this article I will explain my vision and situation.
This is certainly not an employer …</p><p>As an engineer I love to work and talk about software and software development.
Looking for a new opportunity is not an easy task. There is a story behind every
choice people make, and in this article I will explain my vision and situation.
This is certainly not an employer review, but rather a reflection on past and
maybe future choices.</p>
<h2>Job-hopping</h2>
<p>Just too often I have to explain why my resume looks like I have been hopping
between jobs. Part of this is true and the other has a story behind it. I love a
challenge and also do not mind when a company hires me for my knowledge, but I
also prefer to be employed for a longer period and be able to work on the stuff
that matters. Work needs to be meaningful and satisfying... </p>
<h2>Netherlands</h2>
<p>In the Netherlands I worked for an employer which provides consultancy. This
often involved on-site work. These clients, and consultants, like to work as
close as possible, as if you are employed by them. However, they keep the
flexibility to end a contract when the project you are assigned on ends or has
no budget. These assignments are usually short-term as they need hands or
knowledge to finish it. If you know 'the Mythical Man-month', you know that
introducing engineers late in a project often does not work as expected.
Although, wome of my assignments have dealt with longer term solutions, such as
software rewrite, knowledge hiring, etc. I loved my work as certainly felt very
appreciated.</p>
<h2>China</h2>
<p>After this, due to circumstances and a 'lost bet' with my wife, we moved to
China. Being employed in a foreign country involves sometimes with work of an
imperfect nature.</p>
<h3>Projects</h3>
<p>One of those is of having project based assignments, but unlike before I would
be directly hired by the employer. Which means that the contract will not last
longer than the allotted budget for the project. These project are challenging
as they often deal with a new technology or a changed environment for the
employer. I have been on at least two projects here in China and have learned a
lot from dealing with an inter-cultural environment and how to assist with
adopting a more 'Western' approach to management (agile methodology).
Re-assignments were discussed, but often involved a big change in work or other
less than ideal propositions. If in that case there is no fit anymore, it is
best to move on. This choice would be in the best of interest of both the
employer and employee.</p>
<h3>Startups</h3>
<p>The other situation is when dealing with startups. Startups often require an
employee that is able to be all-round, as this allows to keep a minimal
headcount. Again, the work is mostly challenging and benefits a lot from
multi-disciplined engineers. I have worked for several startups, and most of
the cases it is very enjoyable work. The experience has led to some good
success stories, although some of them have also disappeared. The work includes
a lot of uncertainty. While some startups might look like they have matured,
they can still hide unpleasant surprises when dealing with management or
decision-making. This can have an affect on how the atmosphere will be at work.
It can be a happy place one-day... and a poisonous one the other day.</p>
<h2>Recruiters</h2>
<p>I understand an assessment of a possible match is difficult. There are probably
many applicants, long resumes to wade through. Automated system exist to deal
with analysing a 'match' based on the resume provided. And often, theese
systems fail to understand what people really meant to say or provide a picture
of the working history. And I understand this is somehow needed.</p>
<p>In my situation, the resume often happens to be sent to the local Chinese
branch. And here, my resume or application, disappears into an abyss; often the
recruiter does not reach out. </p>
<h2>Recommendations</h2>
<p>If you want to be employed into a group you like to work with, get noticed.
Work with them, and show your passion. This is why I work on Open Source
projects. It is what I like most, as it involves technology, but also an
essential soft skill (or perhaps a thick skin). Hopefully this can lead to a
recommendation. As this is still the best way to get hired.</p>
<h2>What I want</h2>
<p>At the moment I am looking for a new opportunity. As you have read, I am a
software engineer, but have worked in several different roles related to it.
Multi-disciplinary and professional. Knows a lot about Linux, Open Source and
China. If you want to know more about me, please have a look at:</p>
<ul>
<li><a href="https://gbraad.nl/resume">Resume</a></li>
<li><a href="https://linkedin.com/in/gbraad">LinkedIn</a> and the recommendations given.</li>
<li><a href="https://gbraad.nl">Homepage</a> and my <a href="http://gbraad.nl/blog/">blog</a></li>
</ul>
<p>What I want is a great and challenging environment. This means that work is
meaningful and provides satisfaction. It should provide growth potential and
understand that people need to focus on continuous improvement. Agile taught
me one thing, we’re never really good enough. And third, and most important is
trust. Trust in colleagues, fairness and respect... without trust you can not
have a great work environment. But you also need trust that people dare to
admit when they are not experts at something yet, but you allow them to develop
themselves.</p>
<p>Hope to hear from you. If you have a comment, please do not hesitate and leave
one below.</p>"Replace scripts with Ansible: package installation"2016-10-03T00:00:00+08:002016-10-03T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-10-03:/replace-scripts-with-ansible-package-installation.html<p>Installing and configuring software on one machine, for instance your own
developer's environment, is an 'easy' task. But how about your team? Or
production? Everything is documented and you only probably install some of the
components manually, or better, you automate this using a set of shell scripts.
The environment …</p><p>Installing and configuring software on one machine, for instance your own
developer's environment, is an 'easy' task. But how about your team? Or
production? Everything is documented and you only probably install some of the
components manually, or better, you automate this using a set of shell scripts.
The environment is now reproducible. Everything is fine.</p>
<p>Running a set of scripts is not a bad idea, but often what lacks is the
maintenance on them or just the magic contained in them. I do not
have to make the case for general configuration management,
'configuration as code' or even #DevOps I hope? In this article I will show why
I use Ansible for almost all my scripts. Even small one of.</p>
<h2>Environment</h2>
<p>Although I have a preference for the operating system and distribution I use, I
have to deal with many different versions and variants. On my workstation I
prefer to use Fedora, but at work we deploy on CentOS. Some of my colleagues
tend to prefer Ubuntu (latest), and customers are stuck on LTS releases. A very
common situation. In one week, I had to deal with: Alpine, CentOS, Fedora,
Ubuntu, (Open)SUSE, Debian, Windows, etc. This is of course an extreme case.</p>
<p>You would prefer to use a single environment for both development and
production. When the production environment is fixed, the solution is easier.
You will likely use a tool like Vagrant to stand up an environment, or some
other virtualization soltuion. But what if you develop for an environment where
both Ubuntu and CentOS are an option? In my case this happens a lot because of
work for OpenStack, or just general Linux tool development.</p>
<h2>Example</h2>
<p>Below I will discuss a small example of dealing with package installation. Let's
consider you have to use Ubuntu and Fedora. This means that you already have to
deal with two different package managers, oh wait, three; <code>apt</code> on Ubuntu and
<code>yum</code> or <code>dnf</code> on Fedora.</p>
<h3>Bash script</h3>
<p>As a crude solution, you could do the following:</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/sh</span>
<span class="nv">APTPKGS</span><span class="o">=</span><span class="s2">"git tmux zsh mc stow python-psutil"</span>
<span class="nv">RPMPKGS</span><span class="o">=</span><span class="s2">"git tmux zsh mc stow python-psutil"</span>
<span class="c1"># Crude multi-os installation option</span>
<span class="k">if</span><span class="w"> </span><span class="o">[</span><span class="w"> </span>-x<span class="w"> </span><span class="s2">"/usr/bin/apt-get"</span><span class="w"> </span><span class="o">]</span>
<span class="k">then</span>
<span class="w"> </span>sudo<span class="w"> </span>apt-get<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span><span class="nv">$APTPKGS</span>
<span class="k">elif</span><span class="w"> </span><span class="o">[</span><span class="w"> </span>-x<span class="w"> </span><span class="s2">"/usr/bin/dnf"</span><span class="w"> </span><span class="o">]</span>
<span class="k">then</span>
<span class="w"> </span>sudo<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span><span class="nv">$RPMPKGS</span>
<span class="k">elif</span><span class="w"> </span><span class="o">[</span><span class="w"> </span>-x<span class="w"> </span><span class="s2">"/usr/bin/yum"</span><span class="w"> </span><span class="o">]</span>
<span class="k">then</span>
<span class="w"> </span>sudo<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span><span class="nv">$RPMPKGS</span>
<span class="k">fi</span>
</code></pre></div>
<p>This basically checks if a certain executable is available, and will use that
with a defined list of packages to install. If both <code>yum</code> and <code>dnf</code> is
installed, it will in this case use <code>dnf</code> as it resolves first. This is likely
what you want, but it is hidden logic. But what if you have installed <code>yum</code> on
Ubuntu? Also, because of this case, <code>apt-get</code> will resolve first. But again,
this is undocumented in this script. But this knowledge should not be needed.</p>
<p>Note: in this case, the packages are the same for both platforms, but this is
not a guarantee. Therefore I use a variable for this.</p>
<h3>Ansible playbook</h3>
<p>Ansible solves this problem by offering a general <code>package</code> module. You can use
<code>yum</code> and <code>apt</code> specific options, but I prefer to use <code>package</code> instead. Below
is a playbook that has the same behaviour as the above mentioned script:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install list of required packages</span>
<span class="w"> </span><span class="nt">package</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name={{ item }} state=installed</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">yes</span>
<span class="w"> </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sudo</span>
<span class="w"> </span><span class="nt">with_items</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">git</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">tmux</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">zsh</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">stow</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">python-psutil</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">mc</span>
</code></pre></div>
<p>Because of the task name, it becomes clear what the intention is of the commands
that follow. In this case, this will use the package manager based on the OS
Family that Ansible will find. This means we do not need to have the knowledge
of what to pick first. There is however a problem. What if the packages have
different names?</p>
<h3>Conditionals</h3>
<p>For this Ansible offers conditionals which you can use with <code>when</code>. Below is
an example that will install the development tools on Ubuntu or Fedora, based
on the <code>ansible_distribution</code>:</p>
<div class="highlight"><pre><span></span><code><span class="c1">#!/usr/bin/env ansible-playbook</span>
<span class="nn">---</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">localhost</span>
<span class="w"> </span><span class="c1">#remote_user: root</span>
<span class="w"> </span><span class="nt">become_method</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">sudo</span>
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install Git</span>
<span class="w"> </span><span class="nt">package</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name=git state=installed</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">yes</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">install the 'Development tools' package group</span>
<span class="w"> </span><span class="nt">package</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name="@Development tools" state=present</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible_distribution == 'CentOS' or</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible_distribution == 'Red Hat Enterprise Linux' or</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible_distribution == 'Fedora'</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">yes</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Install the 'build-essential' meta package</span>
<span class="w"> </span><span class="nt">package</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">name="build-essential" state=present</span>
<span class="w"> </span><span class="nt">when</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible_distribution == 'Debian' or</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ansible_distribution == 'Ubuntu'</span>
<span class="w"> </span><span class="nt">become</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">yes</span>
</code></pre></div>
<p>You can also use <code>ansible_os_family == "RedHat"</code> to be less specific about the
distribution you are on.</p>
<h3>Include</h3>
<p>You can combine conditionals with almost anything in Ansible, for instance to
include or not another playbook. Below is a simple solution of this when you
want to split the install instructions into separate files.</p>
<div class="highlight"><pre><span></span><code><span class="k">-</span> include: install-centos.yml
when: ansible_distribution == "CentOS"
<span class="k">-</span> include: install-ubuntu.yml
when: ansible_distribution == "Ubuntu"
</code></pre></div>
<h3>Conclusion</h3>
<p>With Ansible it is possible to create complex instructions that can be more
maintainable than when using just scripts. Of course, just using Ansible will
not act as a silver bullet. But because a playbook is more readable, the process
of refactoring is easier.</p>
<p>In future articles I will talk about other aspects where the move to Ansible
helped me. However, the bootstrap process remains... I wish there was a way to
<a href="https://github.com/gbraad/automate-everything">Automate everything</a> ;-)</p>
<p>Hope this article has been helpful to you. If so, please consider tweeting about
it. Or leave a comment if you have suggestions...</p>Giving to your favourite content creators2016-09-29T00:00:00+08:002016-09-29T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-29:/giving-to-your-favourite-content-creators.html<p>It is hard to remember the time I really sat down in front of the TV, waiting
for a programme to show up, and really enjoy it. Mostly it was accompanied with
plenty of interruptions. It might have been Star Trek on the public channels
that I enjoyed the most …</p><p>It is hard to remember the time I really sat down in front of the TV, waiting
for a programme to show up, and really enjoy it. Mostly it was accompanied with
plenty of interruptions. It might have been Star Trek on the public channels
that I enjoyed the most. But even Discovery Channel had many interruptions,
some <a href="https://www.youtube.com/watch?v=at_f98qOGY0">were funny</a>, or just
<a href="https://www.youtube.com/watch?v=DP96w7DoH9U">slightly annoying</a>, especially
when you have the TV on as background sound. With the advent of YouTube, and
other User Generated Content websites, or even streaming websites, it is almost
unimaginable there used to be a time without being able to watch your favorites.</p>
<p>Some might not know, but I help(ed) a lot with music remixing and artwork. Too
bad I do not have the time now, but this is so much fun. Content creation is
probably the best people can do as it gives a lot of satisfaction. I consider
the teaching I do as a form of content creation. I produced a lot of documents,
notes, etc, and people enjoy the way I explain stuff. Even writing code is a
creative process:</p>
<div class="highlight"><pre><span></span><code>foreach step in I.take():
step.move(DIRECTION_TOMORROW)
</code></pre></div>
<p>But remixing music, or posting artwork online, does not pay the bills. Unless
of course you are Tiesto, etc. And asking for a donation has not been my thing,
although I have received some. I am very thankful for this!</p>
<p>And this is why I give to the content creators that create good stuff. I love
the cardgame Magic: the Gathering, and especially some of the youtube channels
for this. Patreon is a great idea... and if people create content you read
often, consider giving back. Even 1 USD is already good way to show you care.
It can buy someone a cup of coffee... and the more people who do, the easier
someone can take some time off to create the content you love!</p>
<p>One of the projects I really want to work on again is <a href="https://github.com/gbraad/gauth">Gauth</a>.
it has been in a neglect, but I can't reserve enough time to do a rewrite...
I ask you, consider to become a Patron of my work and hopefully I can
improve by <a href="https://www.patreon.com/posts/future-of-gauth-6738130">giving Gauth a new future</a>,
allow me to create more content on my blog... and maybe in the future even more.</p>
<p><a href="ps://www.patreon.com/gbraad"><img alt="Support my work on Patreon" src="https://www.patreon.com/images/patreon_navigation_logo_mini_orange.png"></a></p>
<p>And thank you to all who have donated in the past!</p>Run an example application on OpenShift2016-09-29T00:00:00+08:002016-09-29T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-29:/run-an-example-application-on-openshift.html<p>In a <a href="./deploy-an-openshift-test-cluster.html" title="Deploy an OpenShift test cluster">previous article</a> I have written
on how easy it is to stand up a test environment of OpenShift. In this article
I will describe an example application from the sourcecode to the created image
and how this gets deployed. The steps are explained using manual steps, and how …</p><p>In a <a href="./deploy-an-openshift-test-cluster.html" title="Deploy an OpenShift test cluster">previous article</a> I have written
on how easy it is to stand up a test environment of OpenShift. In this article
I will describe an example application from the sourcecode to the created image
and how this gets deployed. The steps are explained using manual steps, and how
OpenShift does it all automated. You will notice, at no point do you have to
write a <code>Dockerfile</code>.</p>
<h2>Preparation</h2>
<p>For this article it is not necessary to have a working test environment, however
it does make things clearer. I would suggest you to use OpenShift Origin v1.3 on
CentOS 7. Although my previous article showed how to get it up and running on
Fedora 24, I experienced an issue with deployment not succeeding<a href="https://lists.openshift.redhat.com/openshift-archives/users/2016-September/msg00198.html" title="Deployment of ruby-ex times out">*</a>.
The steps in the deployment article can be performed by replacing <code>dnf</code> with
<code>yum</code>. </p>
<h2>Description of the example</h2>
<p>The OpenShift project publishes several test applications on GitHub, of which
one is a very simple Ruby applica8080. Please, have a look at: <a href="https://github.com/openshift/ruby-ex" title="Ruby example">http://github.com/openshift/ruby-ex</a></p>
<p>You will see it consists of four files:</p>
<ul>
<li><code>Gemfile</code></li>
<li><code>Gemfile.local</code></li>
<li><code>config.ru</code></li>
<li><code>README.md</code></li>
</ul>
<p>The application itself is only described in <code>config.ru</code> and the needed dependencies
are in <code>Gemfile</code>.</p>
<h3>Dependencies</h3>
<p>To make the application work, we first need:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gem<span class="w"> </span>install<span class="w"> </span>bundler
</code></pre></div>
<p>This will install <code>bundler</code> that can install dependencies as described in the
<code>Gemfile</code>. This file describes:</p>
<div class="highlight"><pre><span></span><code>source 'https://rubygems.org'
gem 'rack'
gem 'puma'
</code></pre></div>
<p>The first line says <code>source</code> which points to a gem repository, and each line
starting wih <code>gem</code> are bundled packages containing libraries for use in your
project. To install all of the required gems (dependencies) from the specified
sources:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>bundle<span class="w"> </span>install
</code></pre></div>
<p>The file <code>Gemfile.lock</code> is a snapshot of the Gemfile and is used internally.</p>
<h3>config.ru</h3>
<p>The application is specified in the file called <code>config.ru</code>. If you open the
file you will see it contains route mappings, lines starting with <code>map</code>, for
three urls:</p>
<ul>
<li><code>/health</code></li>
<li><code>/lobster</code></li>
<li><code>/</code></li>
</ul>
<h4><code>/health</code></h4>
<p>This is a commonly used to provide a simple health-check for applications that
are automatically deployed. It allows to quickly test if the application got
deployed. In projects I worked on, we also did quick dependency checks, such as
a configuration file exists, or another needed endpoint is available. In this
application it will respond with a HTTP status code 200 and returns <code>1</code> as
value.</p>
<h4><code>/lobster</code></h4>
<p>This is a test provided by rack. It shows an ASCII-art lobster. By adding a
variable to the URL querystring <code>?flip=left</code> the direction can be changed.</p>
<h4><code>/</code></h4>
<p>This is the mapping to a bare route. It shows a greeting message on how to use
the application using OpenShift to trigger automated builds.</p>
<h3>Rackup</h3>
<p>Rack is an interface for using Ruby and Ruby frameworks with webservers. It
provides an application called <code>rackup</code> to start the application:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>bundle<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>rackup<span class="w"> </span>-p<span class="w"> </span><span class="m">8080</span><span class="w"> </span>config.ru
</code></pre></div>
<p>Using this command the webserver will bind to port 8080, according to the
description in the <code>config.ru</code> file. To see what the mappings do, open:</p>
<ul>
<li><a href="http://localhost:8080/health" title="Example health-check">http://localhost:8080/health</a></li>
<li><a href="http://localhost:8080/lobster" title="Example lobster">http://localhost:8080/lobster</a></li>
<li><a href="http://localhost:8080/" title="Example bare">http://localhost:8080/</a></li>
</ul>
<h2>Use the example with OpenShift</h2>
<p>Deploying an application on OpenShift from source is very simple. A single
command can do this. First have a look</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">oc</span><span class="w"> </span><span class="k">new</span><span class="o">-</span><span class="n">app</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">ruby</span><span class="o">-</span><span class="mi">20</span><span class="o">-</span><span class="n">centos7</span><span class="o">~</span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="o">/[</span><span class="n">username</span><span class="o">]/</span><span class="n">ruby</span><span class="o">-</span><span class="n">ex</span>
</code></pre></div>
<p>But before we do, I will explain what this command does. Oversimplified
OpenShift does two things:</p>
<ol>
<li>Build</li>
<li>Deploy</li>
</ol>
<p>Note: If you want to perform the command, go ahead. Please fork the repository
and change the <code>[username]</code> in this command.</p>
<h3>Build: source to image</h3>
<p>OpenShift runs container images which are in the Docker format. It will run
the <code>CMD</code> instruction for this. So, how does OpenShift know what to run?
Convention. Most frameworks have a standard way of doing things, and this is
as you noticed also the case with the Ruby example. The creation of the image
happens with a tool called source-to-image (S2I).</p>
<p><a href="https://github.com/openshift/source-to-image/" title="Source-to-image">Source-to-Image (S2I)</a> is a toolkit and workflow for building
reproducible Docker images from source code. It uses a base image, and will
layer the application on top, configures the runn command, which then results in
a containter image for use.</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">s2i</span><span class="w"> </span><span class="n">build</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="o">/[</span><span class="n">username</span><span class="o">]/</span><span class="n">ruby</span><span class="o">-</span><span class="n">ex</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">ruby</span><span class="o">-</span><span class="mi">20</span><span class="o">-</span><span class="n">centos7</span><span class="w"> </span><span class="n">ruby</span><span class="o">-</span><span class="n">ex</span>
</code></pre></div>
<h4>base image</h4>
<p>The base image here is <a href="https://hub.docker.com/r/openshift/ruby-20-centos7" title="Ruby base image">openshift/ruby-20-centos7</a>. The source
of this image can be found at the following GitHub repository: <a href="https://github.com/sclorg/s2i-ruby-container/" title="Ruby base image source">s2i-ruby-container</a></p>
<p>If you look at the <code>Dockerfile</code> <a href="https://github.com/sclorg/s2i-ruby-container/blob/master/2.0/Dockerfile" title="Ruby base Dockerfile">source</a>, you will see
<a href="https://www.softwarecollections.org/en/" title="Software Collections">Software Collections</a> is used to install a specific Ruby version.
In this case version 2.0. Software collections solves one of the biggest
complaints of using CentOS (or RHEL) as a basis as part of your delivery. It
allows you to use multiple versions of software on the same system, without
affecting system-wide installed packages.</p>
<p>The image also describes a label <code>io.openshift.expose-services="8080:http"</code>
which inidcate that the application on port 8080 will be exposed as HTTP
traffic. This also means the container does not need root privileges as the port
assignment is above 1024. The application itself will be installed into the
folder: <code>/opt/app-root/src</code>.</p>
<p>Running this container can be done with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>run<span class="w"> </span>-p<span class="w"> </span><span class="m">8080</span>:8080<span class="w"> </span>ruby-ex
</code></pre></div>
<div class="highlight"><pre><span></span><code>[1] Puma starting in cluster mode...
[1] <span class="gs">* Version 3.4.0 (ruby 2.0.0-p645), codename: Owl Bowl Brawl</span>
<span class="gs">[1] *</span> Min threads: 0, max threads: 16
[1] <span class="gs">* Environment: production</span>
<span class="gs">[1] *</span> Process workers: 1
[1] <span class="gs">* Phased restart available</span>
<span class="gs">[1] *</span> Listening on tcp://0.0.0.0:8080
[1] Use Ctrl-C to stop
[1] - Worker 0 (pid: 32) booted, phase: 0
</code></pre></div>
<p>Open the links as previously stated will yield the same results.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>curl<span class="w"> </span>http://localhost:8080/health
</code></pre></div>
<p>The build process can be as simple as a copy for static content, to compiling
Java or C/C++ code. For the purpose of this article I will not explain more
about the S2I process, but this will certainly be explained in future articles.</p>
<h2>New application</h2>
<p>If we now look at the previous command again:</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">oc</span><span class="w"> </span><span class="k">new</span><span class="o">-</span><span class="n">app</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">ruby</span><span class="o">-</span><span class="mi">20</span><span class="o">-</span><span class="n">centos7</span><span class="o">~</span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="o">/[</span><span class="n">username</span><span class="o">]/</span><span class="n">ruby</span><span class="o">-</span><span class="n">ex</span>
</code></pre></div>
<p>you can clear see the structure. The first element <code>openshift/ruby-20-centos7</code>
describes the S2I container image for Ruby as hosted at the Docker hub. The
second part is the source code path pointing to a git repository.</p>
<p>Please try the command now... OpenShift will create containers for each of the
stages used: <code>build</code>, <code>deploy</code> and the final running container. You can check
the containers using the command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>get<span class="w"> </span>pod
</code></pre></div>
<div class="highlight"><pre><span></span><code>NAME READY STATUS RESTARTS AGE
ruby-ex-1-build 0/1 Completed 0 1m
</code></pre></div>
<h3>Build stage</h3>
<p>If you create this new application, a new container named <code>ruby-ex-1-build</code>.
What happened is that the Source-to-image container got pulled which uses the
base image and layers the source code on top.</p>
<p>To see what happened, as with the previous command, you can see the build
configuration:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>logs<span class="w"> </span>bc/ruby-ex
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">Cloning</span><span class="w"> </span><span class="ss">"https://github.com/gbraad/ruby-ex"</span><span class="w"> </span><span class="p">...</span>
<span class="w"> </span><span class="k">Commit</span><span class="err">:</span><span class="w"> </span><span class="n">f63d076b602441ebd65fd0749c5c58ea4bafaf90</span><span class="w"> </span><span class="p">(</span><span class="k">Merge</span><span class="w"> </span><span class="n">pull</span><span class="w"> </span><span class="n">request</span><span class="w"> </span><span class="n">#2</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="n">mfojtik</span><span class="o">/</span><span class="k">add</span><span class="o">-</span><span class="n">puma</span><span class="p">)</span>
<span class="w"> </span><span class="nl">Author</span><span class="p">:</span><span class="w"> </span><span class="n">Michal</span><span class="w"> </span><span class="n">Fojtik</span><span class="w"> </span><span class="o"><</span><span class="n">mi</span><span class="nv">@mifo</span><span class="p">.</span><span class="n">sk</span><span class="o">></span>
<span class="w"> </span><span class="nc">Date</span><span class="err">:</span><span class="w"> </span><span class="n">Thu</span><span class="w"> </span><span class="n">Jun</span><span class="w"> </span><span class="mi">30</span><span class="w"> </span><span class="mi">10</span><span class="err">:</span><span class="mi">47</span><span class="err">:</span><span class="mi">53</span><span class="w"> </span><span class="mi">2016</span><span class="w"> </span><span class="o">+</span><span class="mi">0200</span>
<span class="c1">---> Installing application source ...</span>
<span class="c1">---> Building your Ruby application from source ...</span>
<span class="c1">---> Running 'bundle install --deployment' ...</span>
<span class="n">Fetching</span><span class="w"> </span><span class="n">gem</span><span class="w"> </span><span class="n">metadata</span><span class="w"> </span><span class="k">from</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">rubygems</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="p">...............</span>
<span class="n">Installing</span><span class="w"> </span><span class="n">puma</span><span class="w"> </span><span class="p">(</span><span class="mf">3.4.0</span><span class="p">)</span>
<span class="n">Installing</span><span class="w"> </span><span class="n">rack</span><span class="w"> </span><span class="p">(</span><span class="mf">1.6.4</span><span class="p">)</span>
<span class="k">Using</span><span class="w"> </span><span class="n">bundler</span><span class="w"> </span><span class="p">(</span><span class="mf">1.3.5</span><span class="p">)</span>
<span class="n">Cannot</span><span class="w"> </span><span class="k">write</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">changed</span><span class="w"> </span><span class="n">lockfile</span><span class="w"> </span><span class="k">while</span><span class="w"> </span><span class="n">frozen</span><span class="p">.</span>
<span class="n">Your</span><span class="w"> </span><span class="n">bundle</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">complete</span><span class="err">!</span>
<span class="n">It</span><span class="w"> </span><span class="n">was</span><span class="w"> </span><span class="n">installed</span><span class="w"> </span><span class="k">into</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">bundle</span>
<span class="c1">---> Cleaning up unused ruby gems ...</span>
<span class="n">Pushing</span><span class="w"> </span><span class="nc">image</span><span class="w"> </span><span class="mf">172.30.108.129</span><span class="err">:</span><span class="mi">5000</span><span class="o">/</span><span class="n">myproject</span><span class="o">/</span><span class="n">ruby</span><span class="o">-</span><span class="nl">ex</span><span class="p">:</span><span class="n">latest</span><span class="w"> </span><span class="p">...</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">0</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">10</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">1</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">34</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">2</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">49</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">3</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">50</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">4</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">50</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">5</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">50</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">6</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">61</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">7</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">71</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">8</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">88</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">9</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">99</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Pushed</span><span class="w"> </span><span class="mi">10</span><span class="o">/</span><span class="mi">10</span><span class="w"> </span><span class="n">layers</span><span class="p">,</span><span class="w"> </span><span class="mi">100</span><span class="o">%</span><span class="w"> </span><span class="n">complete</span>
<span class="n">Push</span><span class="w"> </span><span class="n">successful</span>
</code></pre></div>
<p>The difference is that the resulting image will be placed in the <code>myproject</code>
namespace, and pushed to the local repository.</p>
<h3>Deployment stage</h3>
<p>After the image has been composed, OpenShift will run the container image on the
scheduled node. What happens here can be checked with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>get<span class="w"> </span>pod<span class="w"> </span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>NAME READY STATUS RESTARTS AGE
ruby-ex-1-an801 1/1 Running 0 26s
ruby-ex-1-build 0/1 Completed 0 1m
</code></pre></div>
<p>This means that the build succeeded, the image got deployed and now runs in the
a container identified with <code>ruby-ex-1-an801</code>. Note: The container
<code>ruby-ex-1-deploy</code> is not shown here as only the logs are of importance.</p>
<p>The deployment configuration logs can be shown with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>logs<span class="w"> </span>dc/ruby-ex
</code></pre></div>
<div class="highlight"><pre><span></span><code>[1] Puma starting in cluster mode...
[1] <span class="gs">* Version 3.4.0 (ruby 2.0.0-p645), codename: Owl Bowl Brawl</span>
<span class="gs">[1] *</span> Min threads: 0, max threads: 16
[1] <span class="gs">* Environment: production</span>
<span class="gs">[1] *</span> Process workers: 2
[1] <span class="gs">* Phased restart available</span>
<span class="gs">[1] *</span> Listening on tcp://0.0.0.0:8080
[1] Use Ctrl-C to stop
[1] - Worker 0 (pid: 32) booted, phase: 0
[1] - Worker 1 (pid: 35) booted, phase: 0
</code></pre></div>
<h3>Events</h3>
<p>To see the flow of execution, you can have a look at:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>get<span class="w"> </span>events
</code></pre></div>
<p>This can be helpful if an error occured.</p>
<h3>Verify</h3>
<p>Now that the application has been deployed on OpenShift, we need to look up the
IP address that has been assigned. For this we use:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>get<span class="w"> </span>svc
</code></pre></div>
<div class="highlight"><pre><span></span><code>NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ruby-ex 172.30.91.160 <none> 8080/TCP 21h
</code></pre></div>
<p>Now we can open the application as <code>http://172.30.91.160:8080/</code></p>
<h2>Conclusion</h2>
<p>OpenShift allows you to run prebuilt images or applications based on source.
The Source-to-image tooling makes it possible to create reproducible images for
deployment of applications based on source. This tool itself is very helpful
and is certainly something I will be using, even outside the use of OpenShift.
There is no need to create or modify a <code>Dockerfile</code>, which means that the
developer can focus on the development process.</p>
<p>If you want to know more about the automated builds, please have a look at the
README of the <a href="https://github.com/openshift/ruby-ex" title="Ruby example">Ruby example</a>. In future articles more
detailed descriptions about these topics will certainly be given. I hope this
has been helpful. Please consider leaving feedback or tweet this article.</p>Setup Docker storage to use LVM thin pool2016-09-28T00:00:00+08:002016-09-28T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-28:/setup-docker-storage-to-use-lvm-thin-pool.html<p>If you install Docker on a new Fedora or CentOS system, it is very likely that
you use devicemapper. Especially in the case of Fedora cloud images, no special
configuration is done to the image. While Atomic images come pre-configured with
a dedicated pool. Using devicemapper with loopback can lead …</p><p>If you install Docker on a new Fedora or CentOS system, it is very likely that
you use devicemapper. Especially in the case of Fedora cloud images, no special
configuration is done to the image. While Atomic images come pre-configured with
a dedicated pool. Using devicemapper with loopback can lead to unpredictable
behaviour, and while OverlayFS is a nice replacement, you will not be able to
use SELinux at the moment. In this short article I will show how to setup a pool
for storing the Docker images.</p>
<h2>Preparation</h2>
<p>For this article I will be using a Fedora 24 installation on an OpenStack cloud
provider<a href="http://citycloud.com">*</a>. It is a standard Cloud image, which means the
root is configured as 'ext4'. I will be attaching a storage volume to the
instance. Just like using Virtual Manager, the disk will be identified as
<code>/dev/vdb</code>.</p>
<p>First you need to stop the Docker process and remove the existing location. This
means you will loose the images, but if they are important, you can either
export or push them somewhere else.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span>stop<span class="w"> </span>docker
$<span class="w"> </span>rm<span class="w"> </span>-rf<span class="w"> </span>/var/lib/docker
</code></pre></div>
<p>After this we will create a basic LVM setup which will use the whole storage
volume.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>pvcreate<span class="w"> </span>/dev/vdb
$<span class="w"> </span>vgcreate<span class="w"> </span>docker_vol<span class="w"> </span>/dev/vdb
</code></pre></div>
<p>We know have a <code>volumegroup</code> named <code>docker_vol</code>.</p>
<h2>Setup Docker storage</h2>
<p>Fedora comes with a tool that makes it easy to setup the storage for Docker,
called <code>docker-storage-setup</code>. The configuration is done with a file, and in
our case it needs to contain the identification of the volume group to use:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>vi<span class="w"> </span>/etc/sysconfig/docker-storage-setup<span class="w"> </span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>VG="docker_vol"
</code></pre></div>
<p>Now you can run:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker-storage-setup
</code></pre></div>
<p>This will create the filesystem and configures Docker to use the storage pool.
After this successfully finishes, it has configured the pool to use the xfs
filesystem.</p>
<h2>Verify</h2>
<p>To verify these changes, we will start Docker and run a basic image.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>docker
$<span class="w"> </span>docker<span class="w"> </span>info
</code></pre></div>
<div class="highlight"><pre><span></span><code>Storage<span class="w"> </span>Driver:<span class="w"> </span>devicemapper
<span class="w"> </span>Pool<span class="w"> </span>Name:<span class="w"> </span>docker_vol-docker--pool
<span class="w"> </span>Pool<span class="w"> </span>Blocksize:<span class="w"> </span>524.3<span class="w"> </span>kB
<span class="w"> </span>Base<span class="w"> </span>Device<span class="w"> </span>Size:<span class="w"> </span>10.74<span class="w"> </span>GB
<span class="w"> </span>Backing<span class="w"> </span>Filesystem:<span class="w"> </span>xfs
<span class="w"> </span>Data<span class="w"> </span>file:<span class="w"> </span>
<span class="w"> </span>Metadata<span class="w"> </span>file:<span class="w"> </span>
<span class="w"> </span>Data<span class="w"> </span>Space<span class="w"> </span>Used:<span class="w"> </span>37.75<span class="w"> </span>MB
<span class="w"> </span>Data<span class="w"> </span>Space<span class="w"> </span>Total:<span class="w"> </span>21.45<span class="w"> </span>GB
<span class="w"> </span>Data<span class="w"> </span>Space<span class="w"> </span>Available:<span class="w"> </span>21.41<span class="w"> </span>GB
<span class="w"> </span>Metadata<span class="w"> </span>Space<span class="w"> </span>Used:<span class="w"> </span>53.25<span class="w"> </span>kB
<span class="w"> </span>Metadata<span class="w"> </span>Space<span class="w"> </span>Total:<span class="w"> </span>54.53<span class="w"> </span>MB
<span class="w"> </span>Metadata<span class="w"> </span>Space<span class="w"> </span>Available:<span class="w"> </span>54.47<span class="w"> </span>MB
<span class="w"> </span>Udev<span class="w"> </span>Sync<span class="w"> </span>Supported:<span class="w"> </span>true
<span class="w"> </span>Deferred<span class="w"> </span>Removal<span class="w"> </span>Enabled:<span class="w"> </span>true
<span class="w"> </span>Deferred<span class="w"> </span>Deletion<span class="w"> </span>Enabled:<span class="w"> </span>true
<span class="w"> </span>Deferred<span class="w"> </span>Deleted<span class="w"> </span>Device<span class="w"> </span>Count:<span class="w"> </span>0
<span class="w"> </span>Library<span class="w"> </span>Version:<span class="w"> </span>1.02.122<span class="w"> </span>(2016-04-09)
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>pull<span class="w"> </span>busybox
$<span class="w"> </span>docker<span class="w"> </span>run<span class="w"> </span>-it<span class="w"> </span>--rm<span class="w"> </span>busybox
/<span class="w"> </span><span class="c1"># </span>
</code></pre></div>
<h2>Conclusion</h2>
<p>Configuration of storage has been really simplified and shouldn't be a reason
not to do this. However, still to many people are not aware of the issues with
devicemapper and loopback. Having to assign additional software to use Docker
can also be a reason why people do not consider doing this, but even OverlayFS
is not perfect. Using overlay with SELinux will be possible in the future, and
hopefully soon these steps will also not be needed. In any case, the steps
involved are simple and if you use Docker on Fedora, needed!</p>
<h2>More information</h2>
<ul>
<li><a href="http://www.projectatomic.io/blog/2015/06/notes-on-fedora-centos-and-docker-storage-drivers/">Friends Don't Let Friends Run Docker on Loopback in Production</a></li>
<li><a href="http://www.projectatomic.io/docs/docker-storage-recommendation/">Setting up storage</a> for Project Atomic</li>
</ul>Deploy an OpenShift test cluster2016-09-27T00:00:00+08:002016-09-27T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-27:/deploy-an-openshift-test-cluster.html<p>In my previous article I described how I used an Ansible playbook and a few roles
to stand-up a Kubernetes test environment. In that article I mentioned that to
deploy a production-ready environment some work more was required. Luckily, it
is now very easy to stand up a production and …</p><p>In my previous article I described how I used an Ansible playbook and a few roles
to stand-up a Kubernetes test environment. In that article I mentioned that to
deploy a production-ready environment some work more was required. Luckily, it
is now very easy to stand up a production and enterprise-ready container
platform for hosting applications, called <a href="https://www.openshift.com">OpenShift</a>.
Through the years OpenShift has undergone a lot of changes, and the latest
version Origin v1.3 is very different from the original version. OpenShift sets
up a complete Kubernetes environment and with a set of tools it can take care of
the whole application lifecycle, from source to deployment. In this article I
will give an introduction to setting up a test environment for a developer.</p>
<h2>Setup machine</h2>
<p>I will setup the environment on a standard Fedora 24 installation. You can use a
cloud image as all the needed packages will be specified. After installing the
machine, you login as a standard user, which can do a password-less sudo.</p>
<div class="highlight"><pre><span></span><code><span class="n">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">fedora</span><span class="mf">@89.42.141.96</span>
<span class="n">$</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">su</span><span class="w"> </span><span class="o">-</span>
<span class="cp">#</span>
</code></pre></div>
<h3>Install docker and client</h3>
<p>From here all the commands will be run as root, unless otherwise specified.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>docker<span class="w"> </span>curl
</code></pre></div>
<p>This will install the basic packages we need to setup the test cluster. Now from
a browser you open the following page: <a href="https://github.com/openshift/origin/releases/tag/v1.3.0">https://github.com/openshift/origin/releases/tag/v1.3.0</a>.
This shows the current deliverables for the OpenShift Origin v1.3 release. You
need to download the file called like <code>openshift-origin-client-tools-v1.3.0-[...]-linux-64bit.tar.gz</code></p>
<div class="highlight"><pre><span></span><code><span class="o">$</span><span class="w"> </span><span class="n">curl</span><span class="w"> </span><span class="o">-</span><span class="n">sSL</span><span class="w"> </span><span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">/</span><span class="n">releases</span><span class="o">/</span><span class="n">download</span><span class="o">/</span><span class="n">v1</span><span class="o">.</span><span class="mf">3.0</span><span class="o">/</span><span class="n">openshift</span><span class="o">-</span><span class="n">origin</span><span class="o">-</span><span class="n">client</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="n">v1</span><span class="o">.</span><span class="mf">3.0</span><span class="o">-</span><span class="mi">3</span><span class="n">ab7af3d097b57f933eccef684a714f2368804e7</span><span class="o">-</span><span class="n">linux</span><span class="o">-</span><span class="mi">64</span><span class="n">bit</span><span class="o">.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span><span class="w"> </span><span class="o">-</span><span class="n">o</span><span class="w"> </span><span class="n">oc</span><span class="o">-</span><span class="n">client</span><span class="o">.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span>
<span class="o">$</span><span class="w"> </span><span class="n">tar</span><span class="w"> </span><span class="o">-</span><span class="n">zxvf</span><span class="w"> </span><span class="n">oc</span><span class="o">-</span><span class="n">client</span><span class="o">.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span>
<span class="o">$</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">openshift</span><span class="o">/</span><span class="n">client</span>
<span class="o">$</span><span class="w"> </span><span class="n">cp</span><span class="w"> </span><span class="o">./</span><span class="n">openshift</span><span class="o">-</span><span class="n">origin</span><span class="o">-</span><span class="n">client</span><span class="o">-</span><span class="n">tools</span><span class="o">-</span><span class="n">v1</span><span class="o">.</span><span class="mf">3.0</span><span class="o">-</span><span class="mi">3</span><span class="n">ab7af3d097b57f933eccef684a714f2368804e7</span><span class="o">-</span><span class="n">linux</span><span class="o">-</span><span class="mi">64</span><span class="n">bit</span><span class="o">/</span><span class="n">oc</span><span class="w"> </span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">openshift</span><span class="o">/</span><span class="n">client</span><span class="o">/</span><span class="n">oc</span>
</code></pre></div>
<p>Note: I do not install the binary in <code>/usr/bin</code> or <code>/usr/sbin</code> to prevent a
conflict with a packaged version, but also because this makes it easier for me
to work on a different version of the application. E.g. the current packaged
version is v1.2 and does not provide the command we will be using in the next
step.</p>
<h3>Configure docker</h3>
<p>To allow OpenShift to pull and locally cache images, it will deploy a local
docker registry. But before docker would be able to use this, we need to
specify an insecure registry in the configuration. For this you need to add
<code>--insecure-registry 172.30.0.0/16</code> to <code>/etc/sysconfig/docker</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>vi<span class="w"> </span>/etc/sysconfig/docker
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">OPTIONS</span><span class="o">=</span><span class="p">'</span><span class="o">--</span><span class="n">selinux</span><span class="o">-</span><span class="n">enabled</span><span class="w"> </span><span class="o">--</span><span class="n">log</span><span class="o">-</span><span class="n">driver</span><span class="o">=</span><span class="n">journald</span><span class="w"> </span><span class="o">--</span><span class="n">insecure</span><span class="o">-</span><span class="n">registry</span><span class="w"> </span><span class="mf">172.30.0.0</span><span class="o">/</span><span class="mh">16</span><span class="p">'</span>
</code></pre></div>
<p>After this we will setup to allow the standard user to communicate with the
docker daemon over the docker socket. This is not a necessary step, and does not
make the system more secure. It does make it easier not having to move between
user and using sudo all the time.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>groupadd<span class="w"> </span>docker
$<span class="w"> </span>usermod<span class="w"> </span>-a<span class="w"> </span>-G<span class="w"> </span>docker<span class="w"> </span>fedora
$<span class="w"> </span>chgrp<span class="w"> </span>docker<span class="w"> </span>/var/run/docker.sock
</code></pre></div>
<p>Edit: I recently created an <a href="https://github.com/gbraad/ansible-playbooks/blob/master/playbooks/enable-ansible-user-for-docker.yml">Ansible playbook</a>
to perform these steps, as I had to do this on several Atomic hosts. I uses the
current Ansible user and adds it to a group, and changes the socket permissions.</p>
<p>After this you can start docker and move on the actual installation of OpenShift.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>docker
$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>docker
</code></pre></div>
<p>Note: we will be running this environment with devicemapper as Storage Driver.
This is not an ideal situation. If you do further tests, consider changing the
storage with <code>docker-storage-setup</code> to use a dedicated volume.</p>
<h2>Running OpenShift</h2>
<p>Since version 1.3 of OpenShift, the client provides a <code>cluster up</code> commands
which stands up a very simple all-in-one cluster, with a configured registry,
router, image streams, and default templates.</p>
<p>As the fedora user, you can check if you can access docker</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>ps
</code></pre></div>
<div class="highlight"><pre><span></span><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
</code></pre></div>
<p>No containers should be returned. This mean you can communicate with the docker
daemon. Now you are ready to start the test cluster. </p>
<h3><code>cluster up</code></h3>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">export</span><span class="w"> </span><span class="nv">PATH</span><span class="o">=</span><span class="nv">$PATH</span>:/opt/openshift/client/
$<span class="w"> </span>./oc<span class="w"> </span>cluster<span class="w"> </span>up
--<span class="w"> </span>Checking<span class="w"> </span>OpenShift<span class="w"> </span>client<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span>Docker<span class="w"> </span>client<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span>Docker<span class="w"> </span>version<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span><span class="k">for</span><span class="w"> </span>existing<span class="w"> </span>OpenShift<span class="w"> </span>container<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span><span class="k">for</span><span class="w"> </span>openshift/origin:v1.3.0<span class="w"> </span>image<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span>Docker<span class="w"> </span>daemon<span class="w"> </span>configuration<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span><span class="k">for</span><span class="w"> </span>available<span class="w"> </span>ports<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Checking<span class="w"> </span><span class="nb">type</span><span class="w"> </span>of<span class="w"> </span>volume<span class="w"> </span>mount<span class="w"> </span>...<span class="w"> </span>
<span class="w"> </span>Using<span class="w"> </span>nsenter<span class="w"> </span>mounter<span class="w"> </span><span class="k">for</span><span class="w"> </span>OpenShift<span class="w"> </span>volumes
--<span class="w"> </span>Creating<span class="w"> </span>host<span class="w"> </span>directories<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Finding<span class="w"> </span>server<span class="w"> </span>IP<span class="w"> </span>...<span class="w"> </span>
<span class="w"> </span>Using<span class="w"> </span><span class="m">10</span>.5.0.27<span class="w"> </span>as<span class="w"> </span>the<span class="w"> </span>server<span class="w"> </span>IP
--<span class="w"> </span>Starting<span class="w"> </span>OpenShift<span class="w"> </span>container<span class="w"> </span>...<span class="w"> </span>
<span class="w"> </span>Creating<span class="w"> </span>initial<span class="w"> </span>OpenShift<span class="w"> </span>configuration
<span class="w"> </span>Starting<span class="w"> </span>OpenShift<span class="w"> </span>using<span class="w"> </span>container<span class="w"> </span><span class="s1">'origin'</span>
<span class="w"> </span>Waiting<span class="w"> </span><span class="k">for</span><span class="w"> </span>API<span class="w"> </span>server<span class="w"> </span>to<span class="w"> </span>start<span class="w"> </span>listening
<span class="w"> </span>OpenShift<span class="w"> </span>server<span class="w"> </span>started
--<span class="w"> </span>Installing<span class="w"> </span>registry<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Installing<span class="w"> </span>router<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Importing<span class="w"> </span>image<span class="w"> </span>streams<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Importing<span class="w"> </span>templates<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Login<span class="w"> </span>to<span class="w"> </span>server<span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Creating<span class="w"> </span>initial<span class="w"> </span>project<span class="w"> </span><span class="s2">"myproject"</span><span class="w"> </span>...<span class="w"> </span>OK
--<span class="w"> </span>Server<span class="w"> </span>Information<span class="w"> </span>...<span class="w"> </span>
<span class="w"> </span>OpenShift<span class="w"> </span>server<span class="w"> </span>started.
<span class="w"> </span>The<span class="w"> </span>server<span class="w"> </span>is<span class="w"> </span>accessible<span class="w"> </span>via<span class="w"> </span>web<span class="w"> </span>console<span class="w"> </span>at:
<span class="w"> </span>https://10.5.0.27:8443
<span class="w"> </span>You<span class="w"> </span>are<span class="w"> </span>logged<span class="w"> </span><span class="k">in</span><span class="w"> </span>as:
<span class="w"> </span>User:<span class="w"> </span>developer
<span class="w"> </span>Password:<span class="w"> </span>developer
<span class="w"> </span>To<span class="w"> </span>login<span class="w"> </span>as<span class="w"> </span>administrator:
<span class="w"> </span>oc<span class="w"> </span>login<span class="w"> </span>-u<span class="w"> </span>system:admin
</code></pre></div>
<p>And that was it! Now you are running an OpenShift environment. You can check
this as follows:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>docker<span class="w"> </span>ps
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">CONTAINER</span><span class="w"> </span><span class="n">ID</span><span class="w"> </span><span class="n">IMAGE</span><span class="w"> </span><span class="n">COMMAND</span><span class="w"> </span><span class="n">CREATED</span><span class="w"> </span><span class="n">STATUS</span><span class="w"> </span><span class="n">PORTS</span><span class="w"> </span><span class="n">NAMES</span>
<span class="n">cebba70022a6</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">-</span><span class="n">haproxy</span><span class="o">-</span><span class="nl">router:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/usr/bin/openshift-r"</span><span class="w"> </span><span class="mh">16</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">15</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">k8s_router</span><span class="mf">.9426645</span><span class="n">a_router</span><span class="o">-</span><span class="mh">1</span><span class="o">-</span><span class="n">o3454_default_ba2e0814</span><span class="o">-</span><span class="mh">8483</span><span class="o">-</span><span class="mf">11e6</span><span class="o">-</span><span class="mh">924</span><span class="n">a</span><span class="o">-</span><span class="n">fa163e29da46_e9a13a8d</span>
<span class="mh">32</span><span class="n">aa5e84a04d</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">-</span><span class="n">docker</span><span class="o">-</span><span class="nl">registry:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/bin/sh -c 'DOCKER_R"</span><span class="w"> </span><span class="mh">17</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">15</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">k8s_registry</span><span class="p">.</span><span class="n">f0a205a4_docker</span><span class="o">-</span><span class="n">registry</span><span class="o">-</span><span class="mh">1</span><span class="o">-</span><span class="n">v57os_default_b9fc0130</span><span class="o">-</span><span class="mh">8483</span><span class="o">-</span><span class="mf">11e6</span><span class="o">-</span><span class="mh">924</span><span class="n">a</span><span class="o">-</span><span class="n">fa163e29da46_24863324</span>
<span class="mh">03</span><span class="n">ee38d125cb</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">-</span><span class="nl">pod:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/pod"</span><span class="w"> </span><span class="mh">18</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">16</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">k8s_POD</span><span class="mf">.4</span><span class="n">a82dc9f_router</span><span class="o">-</span><span class="mh">1</span><span class="o">-</span><span class="n">o3454_default_ba2e0814</span><span class="o">-</span><span class="mh">8483</span><span class="o">-</span><span class="mf">11e6</span><span class="o">-</span><span class="mh">924</span><span class="n">a</span><span class="o">-</span><span class="n">fa163e29da46_ea6d1d08</span>
<span class="mh">44</span><span class="n">d6f8d2d9d6</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">-</span><span class="nl">pod:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/pod"</span><span class="w"> </span><span class="mh">18</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">16</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">k8s_POD</span><span class="mf">.9f</span><span class="n">a2fe82_docker</span><span class="o">-</span><span class="n">registry</span><span class="o">-</span><span class="mh">1</span><span class="o">-</span><span class="n">v57os_default_b9fc0130</span><span class="o">-</span><span class="mh">8483</span><span class="o">-</span><span class="mf">11e6</span><span class="o">-</span><span class="mh">924</span><span class="n">a</span><span class="o">-</span><span class="n">fa163e29da46_76754271</span>
<span class="mf">60e7</span><span class="n">cc5f4e5d</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">-</span><span class="nl">deployer:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/usr/bin/openshift-d"</span><span class="w"> </span><span class="mh">21</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">19</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">k8s_deployment</span><span class="mf">.59</span><span class="n">c7ba3f_router</span><span class="o">-</span><span class="mh">1</span><span class="o">-</span><span class="n">deploy_default_b3660c7b</span><span class="o">-</span><span class="mh">8483</span><span class="o">-</span><span class="mf">11e6</span><span class="o">-</span><span class="mh">924</span><span class="n">a</span><span class="o">-</span><span class="n">fa163e29da46_8e02f47a</span>
<span class="n">f1fe993ddcac</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="n">origin</span><span class="o">-</span><span class="nl">pod:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/pod"</span><span class="w"> </span><span class="mh">22</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">20</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">k8s_POD</span><span class="mf">.4</span><span class="n">a82dc9f_router</span><span class="o">-</span><span class="mh">1</span><span class="o">-</span><span class="n">deploy_default_b3660c7b</span><span class="o">-</span><span class="mh">8483</span><span class="o">-</span><span class="mf">11e6</span><span class="o">-</span><span class="mh">924</span><span class="n">a</span><span class="o">-</span><span class="n">fa163e29da46_9a38fe5e</span>
<span class="mh">72068</span><span class="n">a244ac8</span><span class="w"> </span><span class="n">openshift</span><span class="o">/</span><span class="nl">origin:</span><span class="n">v1</span><span class="mf">.3.0</span><span class="w"> </span><span class="s">"/usr/bin/openshift s"</span><span class="w"> </span><span class="mh">49</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">ago</span><span class="w"> </span><span class="n">Up</span><span class="w"> </span><span class="mh">48</span><span class="w"> </span><span class="n">seconds</span><span class="w"> </span><span class="n">origin</span>
</code></pre></div>
<h3>Client connection</h3>
<p>After running the command <code>oc cluster up</code> you will be automatically logged in.
For this it writes the login configuration in <code>~/.kube/</code>. If you want to change
you can login using:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>login
</code></pre></div>
<p>The standard user provided is <code>developer</code>.</p>
<h3>Verify</h3>
<p>Now we need to verify if we can deploy a simple application. However, without
changes, OpenShift will not run containers with a root-user process. For example
an nginx container would fail with a <code>permission denied</code> error.</p>
<p>Instead, we will for now run a simple Hello container:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>run<span class="w"> </span>hello-openshift<span class="w"> </span>--image<span class="o">=</span>docker.io/openshift/hello-openshift:latest<span class="w"> </span>--port<span class="o">=</span><span class="m">8080</span><span class="w"> </span>--expose
</code></pre></div>
<div class="highlight"><pre><span></span><code>service "hello-openshift" created
deploymentconfig "hello-openshift" created
</code></pre></div>
<p>This would create the container and schedule it. You can check the progress with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>get<span class="w"> </span>pod
</code></pre></div>
<div class="highlight"><pre><span></span><code>NAME READY STATUS RESTARTS AGE
hello-openshift-1-xi7f0 1/1 Running 0 9m
</code></pre></div>
<p>You will also see a <code>-deploy</code> container. This is not needed for our verification.</p>
<p>To check the application, we need to get the IP address that has been assigned
to the Pod. You can do this as follows:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>get<span class="w"> </span>pod<span class="w"> </span>hello-openshift-1-xi7f0<span class="w"> </span>-o<span class="w"> </span>yaml<span class="w"> </span><span class="p">|</span><span class="w"> </span>grep<span class="w"> </span>podIP
</code></pre></div>
<div class="highlight"><pre><span></span><code> podIP: 172.17.0.7
</code></pre></div>
<p>All you have to do now is open the endpoint:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>curl<span class="w"> </span><span class="m">172</span>.17.0.7:8080
</code></pre></div>
<div class="highlight"><pre><span></span><code>Hello OpenShift!
</code></pre></div>
<p>And that is it, you have a working OpenShift test cluster.</p>
<h3>Teardown</h3>
<p>If you are down with this, you simply do a:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>oc<span class="w"> </span>cluster<span class="w"> </span>down
</code></pre></div>
<p>and all the containers used in the deployment will be torn down.</p>
<h2>Conclusion</h2>
<p>Using OpenShift's <code>cluster up</code> command you can easily setup an environment for
developers to run and test their applications. The current of OpenShift
provided with Fedora 24 does not offer this command, as the packaged version is
v1.2. However, this change is in Rawhide and is therefore expected to be
released as part of Fedora 25.</p>
<p>In future articles I will detail more about how to create applications for the
OpenShift container platform, and how to check and maintain the life cycle of
the deployed application. For now, take a look at the other source of
information below.</p>
<h2>More information</h2>
<ul>
<li>OpenShift <a href="https://www.openshift.com/">Homepage</a></li>
<li><a href="https://github.com/openshift/origin">OpenShift Origin</a> at GitHub</li>
<li>Knowledge-base article about <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/openshift.md">OpenShift</a></li>
</ul>Deploying Kubernetes using Ansible2016-09-26T00:00:00+08:002016-09-26T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-26:/deploying-kubernetes-using-ansible.html<p>Recently I did a lot of tests with Atomic, such as a <a href="./deployment-of-ceph-using-custom-atomic-images.html">creating custom images</a> for <a href="./tag/ceph.html">Ceph</a>, and ways to provide an immutable infrastructure. However, Atomic is meant to be a host platform for a container platform using Kubernetes. Their <a href="http://www.projectatomic.io/docs/gettingstarted/">Getting Started guide</a> describes how to setup a basic environment …</p><p>Recently I did a lot of tests with Atomic, such as a <a href="./deployment-of-ceph-using-custom-atomic-images.html">creating custom images</a> for <a href="./tag/ceph.html">Ceph</a>, and ways to provide an immutable infrastructure. However, Atomic is meant to be a host platform for a container platform using Kubernetes. Their <a href="http://www.projectatomic.io/docs/gettingstarted/">Getting Started guide</a> describes how to setup a basic environment to host containerized applications. However, this is a manual approach and with the help of Vincent<a href="https://blog.vanderkussen.org/deploy-kubernetes-with-ansible-on-atomic.html">*</a> I create a way to deploy this Kubernetes environment on Atomic and a standard CentOS installation using Ansible. In this article I will describe the components and provide instructions on how to deploy this basic environment yourself.</p>
<h2>Requirements</h2>
<p>To deploy the Kubernetes environment you will need either <a href="http://www.projectatomic.io/download/">Atomic Host</a> or a standard <a href="https://www.centos.org/download/">CentOS</a> installation. If you are using this for testing purposes, a cloud image on an OpenStack provider will do. The described Ansible scripts will work properly on both Atomic Host and CentOS cloud images. Although it has not been tested on Fedora, it should be able to make this work with minimal changes. If you do, please contribute these changes back.</p>
<p>You will need at least 2 (virtual) machines. One will be configured as the Kubernetes master and the remaining node(s) can be configured as minions or deployment nodes. I have used at least 4 nodes; a general controller node to perform the deployment from (also configured to install the Kubernetes client), a master node and at least two deployment nodes. Take note that this deployment does not handle <code>docker-storage-setup</code> and High Availability.</p>
<h2>Setup for deployment</h2>
<p>Almost all the deployments I perform are initiated from a short-lived controller node. This is a machine that allows
incoming and outgoing traffic, and mostly gets configured with an external Floating IP. This host can be seen as a jumphost. I will configure it with a dedicated set of SSH keys for communication with the other machines. You do not have to do this, and if you have limited resources, consider this host to be the same as the Kubernetes master node.</p>
<p>On this machine do the following:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>ansible<span class="w"> </span>git
$<span class="w"> </span>git<span class="w"> </span>clone<span class="w"> </span>https://gitlab.com/gbraad/ansible-playbook-kubernetes.git
$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>ansible-playbook-kubernetes
$<span class="w"> </span>ansible-galaxy<span class="w"> </span>install<span class="w"> </span>-r<span class="w"> </span>roles.txt
</code></pre></div>
<p>This will install the Ansible playbook and the required roles:</p>
<div class="highlight"><pre><span></span><code><span class="n">gbraad</span><span class="p">.</span><span class="n">docker</span>
<span class="n">gbraad</span><span class="p">.</span><span class="n">docker</span><span class="o">-</span><span class="n">registry</span>
<span class="n">gbraad</span><span class="p">.</span><span class="n">kubernetes</span><span class="o">-</span><span class="n">master</span>
<span class="n">gbraad</span><span class="p">.</span><span class="n">kubernetes</span><span class="o">-</span><span class="n">node</span>
<span class="n">gbraad</span><span class="p">.</span><span class="n">kubernetes</span><span class="o">-</span><span class="n">client</span>
</code></pre></div>
<p>Each of the roles take care of the installation and/or configuration of the environment. Do take note that the Docker and Kubernetes roles do not install packages on the Atomic hosts as these already come with the needed software.</p>
<h2>Configure the deployment</h2>
<p>If you look at the files <code>deploy-kubernetes.yml</code> you will see three tasks for a different group of hosts. As mentioned before, they will each take care of the installation when needed.</p>
<div class="highlight"><pre><span></span><code><span class="k">-</span> name: Deploy kubernetes Master
hosts: k8s-master
remote_user: centos
become: true
roles:
<span class="k">-</span> gbraad.docker
<span class="k">-</span> gbraad.kubernetes-master
<span class="k">-</span> name: Deploy kubernetes Nodes
hosts: k8s-nodes
remote_user: centos
become: true
roles:
<span class="k">-</span> gbraad.docker
<span class="k">-</span> gbraad.kubernetes-node
<span class="k">-</span> name: Install kubernetes client
hosts: k8s-client
remote_user: centos
become: true
roles:
<span class="k">-</span> gbraad.kubernetes-client
</code></pre></div>
<p>Take notice of the setting of <code>remote_user</code>. On an Atomic host this is a passwordless sudo user, which can also login with SSH using a passwordless key-based authentication. If you use CentOS, please configure a user and allow add an entry with <code>echo "username ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/username</code>.</p>
<h3>Change the inventory</h3>
<p>Ansible targets a playbook against a single or group of nodes that you specify in an inventory file. This file is named <code>hosts</code> in this playbook repository. When you open it you will see the same set of names as specified above in the <code>hosts</code> entry in the <code>deploy-kubernetes.yml</code> playbook. For our purposes you will always have to deploy a master and a node. If you do not specify the master node, the installation will fail as some of the deployment variables will be used for configuration of the nodes.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>vi<span class="w"> </span>hosts
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="k">[k8s-master]</span>
<span class="na">atomic-01 ansible_ssh_host</span><span class="o">=</span><span class="s">10.5.0.11</span>
<span class="k">[k8s-nodes]</span>
<span class="na">atomic-02 ansible_ssh_host</span><span class="o">=</span><span class="s">10.5.0.14</span>
<span class="na">atomic-03 ansible_ssh_host</span><span class="o">=</span><span class="s">10.5.0.13</span>
<span class="na">atomic-04 ansible_ssh_host</span><span class="o">=</span><span class="s">10.5.0.12</span>
</code></pre></div>
<h3>Group variables</h3>
<p>At the moment the roles are not very configurable as they are mainly targeting a simple test environment. Inside the folder <code>group_vars</code> you will find the configration for the Kubernetes nodes. These are as follows</p>
<div class="highlight"><pre><span></span><code><span class="n">skydns_enable</span><span class="o">:</span><span class="w"> </span><span class="kc">true</span>
<span class="n">dns_server</span><span class="o">:</span><span class="w"> </span><span class="mf">10.254</span><span class="o">.</span><span class="mf">0.10</span>
<span class="n">dns_domain</span><span class="o">:</span><span class="w"> </span><span class="n">kubernetes</span><span class="o">.</span><span class="na">local</span>
</code></pre></div>
<h2>Perform the deployment</h2>
<p>After changing the variables in the <code>hosts</code> inventory file and the group variables, you are actually all set to perform the deployment. We will start with the following.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ansible-playbook<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>deploy-docker-registry.yml
</code></pre></div>
<p>This first step will install Docker on the master node and pull the Docker Registry container. This is needed to provide a local cache of container images that you have pulled.</p>
<p>After this we can install the Kubernetes environment with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ansible-playbook<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>deploy-kubernetes.yml
</code></pre></div>
<p>Below I will describe what each part of the playbook does and some information about the functionality.</p>
<h2>Playbook and role description</h2>
<p>Below I will give a short description of what each part of the playbook and role does.</p>
<h3>Role <code>gbraad.docker</code></h3>
<p>Each node in the playbook will be targeted with the following role: <code>gbraad.docker</code>. This role determines if the node is an Atomic Host or not. This check is performed in the <code>tasks/main.yml</code> file. It the node is not an Atomic Host, it will include <code>install.yml</code> to perform additional installation tasks. At the moment this is a simple package installation for <code>docker</code>. After this step, the role will set state <code>started</code> and <code>enabled</code> for the services; <code>docker</code>.</p>
<p><a href="https://github.com/gbraad/ansible-role-docker">Source</a></p>
<h3>Role: <code>gbraad.kubernetes-master</code></h3>
<p>As part of the playbook, first we will configure the master node. For this, the role <code>gbraad.kubernetes-master</code> is used. Just like in the previous role, file <code>tasks/main.yml</code> will perform a simple check to determine if an Atomic Host is used or not. If not, some packages will be installed:</p>
<ul>
<li><code>kubernetes-master</code></li>
<li><code>flannel</code></li>
<li><code>etcd</code></li>
</ul>
<p><a href="https://github.com/gbraad/ansible-role-kubernetes-master">Source</a></p>
<h4>Configure Kubernetes</h4>
<p>After this step Kubernetes will be configured on this hosts. Tasks are described in the file <code>tasks/configure_k8s.yml</code>, <a href="https://github.com/gbraad/ansible-role-kubernetes-master/blob/master/tasks/configure_k8s.yml">source</a>.</p>
<p><a href="https://galaxy.ansible.com/gbraad/kubernetes-master">Role</a></p>
<h5>Congfigure Kubernetes: etcd</h5>
<p>This role will create a single 'etcd' server on the master. For simplicty all IP address will be allowed by using <code>0.0.0.0</code> as the endpoint. The port used for etcd clients is 2379, but since 4001 is also widely used we will also configure to use this.</p>
<p>Tasks:</p>
<ul>
<li>Configure etcd LISTEN CLIENTS</li>
<li>Configure etcd ADVERTISE CLIENTS</li>
</ul>
<h5>Configure Kubernetes: common services</h5>
<p>After this the role will set an entry in the file <code>/etc/kubernetes/config</code>. This is a general configuration file used by all the services. It sets the local IP address, identified as <code>default_ipv4_address</code> as etcd server and the kubernetes master nodes.</p>
<p>Tasks:</p>
<ul>
<li>Configure k8s common services</li>
</ul>
<h5>Configure Kubernetes: apiserver</h5>
<p>For the apiserer the file <code>/etc/kubernetes/apiserver</code> is used. We will configure it to listen on all IP address. An admission control plug-in is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object. For this role we removed <code>ServiceAccount</code> which is normally used to limit the creation requests of Pods based on the service account.</p>
<h5>Restart services</h5>
<p>After this the services of the master node are <code>started</code> and <code>enabled</code>. These are:</p>
<ul>
<li><code>etcd</code></li>
<li><code>kube-apiserver</code></li>
<li><code>kube-controller-manager</code></li>
<li><code>kube-scheduler</code></li>
</ul>
<h4>Configure flannel</h4>
<p>For this environment we will use flannel to provide an overlay network. An overlay network exists on top of another network to provide a virtual path between nodes who use this overlay network. The steps for this are specified in <code>tasks/configure_flannel.yml</code> <a href="https://github.com/gbraad/ansible-role-kubernetes-master/blob/master/tasks/configure_flannel.yml">source</a>.</p>
<p>The configuration of flannel is controller by etcd. We will copy a file to the master node containing:</p>
<div class="highlight"><pre><span></span><code>{
"Network": "172.16.0.0/12",
"SubnetLen": 24,
"Backend": {
"Type": "vxlan"
}
}
</code></pre></div>
<p>This file is located in the role as <code>files/flanneld-conf.json</code>. Using <code>curl</code> we will post this file to etcd on the master.</p>
<p>Tasks:</p>
<ul>
<li>Copy json with network config</li>
<li>Configure subnet</li>
</ul>
<p>After these steps the Kubernetes master is configured.</p>
<h3>Role: <code>gbraad.kubernetes-node</code></h3>
<p>For the configuration of a Kubernetes node we use the role <code>gbraad.kubernetes-node</code>. Just like in the previous roles we determine in <code>tasks/main.yml</code> to install packages or not. For all the nodes we will configure:</p>
<ul>
<li>SELinux</li>
<li>flannel</li>
<li>kubernetes specific settings</li>
</ul>
<p><a href="https://github.com/gbraad/ansible-role-kubernetes-node">Source</a>, <a href="https://galaxy.ansible.com/gbraad/kubernetes-node/">Role</a></p>
<h4>Configure SELinux</h4>
<p>Because I use persistent storage using NFS with Docker, I configure SELinux to set the boolean <code>virt_use_nfs</code>.</p>
<h4>Configure flannel</h4>
<p>In the tasks:</p>
<ul>
<li>Overlay | configure etcd url</li>
<li>Overlay | configure etcd config key</li>
<li>Flannel systemd | create service.d</li>
<li>Flannel systemd | deploy unit file</li>
</ul>
<p>We configure all the nodes to use the etcd instance on <code>k8s-master</code> as the endpoint for flannel configuration. These tasks configure the networking to use the flanneld provided bridge IP and MTU settings. Using the last two tasks we configure systemd to start the service.</p>
<p>After this change we will restart the <code>flanneld</code> service.</p>
<h4>Configure Kubernetes</h4>
<p>In the file <code>tasks/configure_k8s.yml</code> we do final configuration of the Kubernetes node to point it to the master node.</p>
<p>In the tasks:</p>
<ul>
<li>k8s client configuration</li>
<li>k8s client configuration | KUBELET_HOSTNAME</li>
<li>k8s client configuration | KUBELET_ARGS</li>
</ul>
<p>we configure how the node is identified.</p>
<p>In the tasks:</p>
<ul>
<li>k8s client configuration | KUBELET_API_SERVER</li>
<li>Configure k8s master on client | KUBE_MASTER</li>
</ul>
<p>we set the location of the API server and the master node. Both of these will point to the IP address of the <code>k8s-master</code>.</p>
<p>After this change we will restart the <code>kubelet</code> and <code>kube-proxy</code> service.</p>
<h3>After deployment</h3>
<p>If all these tasks succeeded, you should have a working Kubernetes deployment. In the next steps we will perform some simple commands to verify if the environment works.</p>
<h2>Deploy client and verify environment</h2>
<p>As you have noticed from the <code>hosts</code> inventory file, there is a possibility to specify a client host:</p>
<div class="highlight"><pre><span></span><code><span class="k">[k8s-client]</span>
<span class="na">controller ansible_ssh_host</span><span class="o">=</span><span class="s">10.5.0.3</span>
</code></pre></div>
<p>You do not have to deploy a kubernetes client using this playbook. It will install a single package, but you could also just use the statically compiled Go binary that is provided from the Kubernetes releases:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>wget<span class="w"> </span>http://storage.googleapis.com/kubernetes-release/release/v1.3.4/bin/linux/amd64/kubectl
$<span class="w"> </span>chmod<span class="w"> </span>+x<span class="w"> </span>kubectl
</code></pre></div>
<h3>Verify nodes</h3>
<p>Oncae all the nodes have been deployed using the playbook, you canb verify communication. From a client node you can perform the following command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>kubectl<span class="w"> </span>--server<span class="o">=</span><span class="m">10</span>.5.0.11:8080<span class="w"> </span>get<span class="w"> </span>node<span class="sb">`</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>NAME LABELS STATUS
10.5.0.12 <none> Ready
10.5.0.13 <none> Ready
10.5.0.14 <none> Ready
</code></pre></div>
<h3>Schedule workload</h3>
<p>If all looks good, you can schedule a workload on the environment. The following commands will create a simple <code>nginx</code> instance.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>vi<span class="w"> </span>kube-nginx.yml
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">apiVersion</span><span class="o">:</span><span class="w"> </span><span class="n">v1</span>
<span class="n">kind</span><span class="o">:</span><span class="w"> </span><span class="n">Pod</span>
<span class="n">metadata</span><span class="o">:</span>
<span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="n">www</span>
<span class="n">spec</span><span class="o">:</span>
<span class="w"> </span><span class="n">containers</span><span class="o">:</span>
<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">name</span><span class="o">:</span><span class="w"> </span><span class="n">nginx</span>
<span class="w"> </span><span class="n">image</span><span class="o">:</span><span class="w"> </span><span class="n">nginx</span>
<span class="w"> </span><span class="n">ports</span><span class="o">:</span>
<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">containerPort</span><span class="o">:</span><span class="w"> </span><span class="mi">80</span>
<span class="w"> </span><span class="n">hostPort</span><span class="o">:</span><span class="w"> </span><span class="mi">8080</span>
</code></pre></div>
<p>This file described a Pod with a container called <code>nginx</code> using the 'nginx' image. To schedule it, do:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>kubectl<span class="w"> </span>--server<span class="o">=</span><span class="m">10</span>.5.0.11:8080<span class="w"> </span>create<span class="w"> </span>-f<span class="w"> </span>kube-nginx.yml
</code></pre></div>
<div class="highlight"><pre><span></span><code>pods/www
</code></pre></div>
<p>Using the following command you can check the status:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>kubectl<span class="w"> </span>--server<span class="o">=</span><span class="m">192</span>.168.124.40:8080<span class="w"> </span>get<span class="w"> </span>pods
</code></pre></div>
<div class="highlight"><pre><span></span><code>POD IP CONTAINER(S) IMAGE(S) HOST LABELS STATUS CREATED MESSAGE
www 172.16.59.2 10.5.0.12/10.5.0.12 <none> Running 52 seconds
nginx nginx Running 24 seconds
</code></pre></div>
<p>If you now open a browser pointing to the node Kubernetes used to create it (<a href="http://10.5.0.12:8080/">http://10.5.0.12:8080/</a>), you will see an nginx welcome page.</p>
<h2>Conclusion</h2>
<p>Setting up Kubernetes can be a daunting task as there are many different components involved. Kelsey Hightower has a very good guide, called <a href="https://github.com/kelseyhightower/kubernetes-the-hard-way">Kubernetes The Hard Way</a> that will teach you how to deploy kubernetes manually on different cloud providers, such as AWS and the Google Compute Engine. After gaining some experience, it is advised to look at automation to deploy an environment, such as the the Ansible scripts that can be found in the <a href="https://github.com/kubernetes/contrib">contrib</a> repository of Kubernetes. this allows you to stand up an environment with High Availability. The scripts described in this article should only serve as an introduction to gain understanding what is needed for a Kubernetes environment.</p>
<p>If you want a production-ready environment, please have a look at OpenShift. OpenShift deals with setting up a cluster of kubernetes nodes, scheduling workload and most important, how to set up images for deployment. This is done using what is called 'source to image'. This and OpenShift itself will be the topic of future articles.</p>
<h2>More information</h2>
<ul>
<li>Knowledge-base article about <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/atomic.md#kubernetes-on-atomic">Kubernetes on Atomic</a></li>
<li>Knowledge-base article about <a href="https://gitlab.com/gbraad/knowledge-base/tree/master/technology/kubernetes">Kubernestes</a></li>
<li>Hands-on-Lab: <a href="http://gbraad.gitlab.io/kubernetes-handsonlabs/deploying-Kubernetes-on-OpenStack.html">Kubernetes on OpenStack</a> (Not all material published yet)</li>
<li>Deploying Kubernetes <a href="https://blog.vanderkussen.org/deploy-kubernetes-with-ansible-on-atomic.html">on Atomic hosts</a></li>
</ul>Mentors and recommended books2016-09-23T00:00:00+08:002016-09-23T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-23:/mentors-and-recommended-books.html<p>As a consultant, an engineer, or just any employee, you are responsible to provide solutions to challenges and issues you face on the workfloor. No no, let me say it this way, you are responsible to come up with ideas to improve a situation, make it more efficient. Or, in …</p><p>As a consultant, an engineer, or just any employee, you are responsible to provide solutions to challenges and issues you face on the workfloor. No no, let me say it this way, you are responsible to come up with ideas to improve a situation, make it more efficient. Or, in other words, you have to have a lot of knowledge and a certain way of thinking, being analytical. Simple. But knowledge is something you can develop. And one thing you always have to have on mind. You are responsible for your own personal development...</p>
<p>I have been employed by two companies that were very strong on this; <a href="http://sogyo.nl">Sogyo</a> and <a href="http://thoughtworks.com">ThoughtWorks</a>. Both are solution providers, mostly focussed on the software. They both used agile methodologies, development practices, like pair programming, cod reviews, etc. All to ensure the delivery of excellence. Especially this, the delivery of quality and outstanding results, expected that engineers keep themselves up-to-date. They reserved time for this and organized meetups, for personnel and the software development community. I have learned a lot from this, but one thing that both of them did was allowing you a mentor (or sponsor). </p>
<p>This is not a coach that helps you to find your way around the company in the first few weeks or months, but a person that helps you with career development. It is not that he or she defines targets, but sits down with you and discuss about issues you face, knowledge gaps you might have, etc. My mentor at Sogyo, <a href="https://www.linkedin.com/in/edwinvandillen">Edwin van Dillen</a>, has been very inspirational. It made me want to mentor other people... and this what I do now for new contributors to Open Source, and software communities in general. Always, when you can, look for a mentor. Someone who can help you along the way to improve yourself. But improvement is also something you can do yourself. Never stop learning. We call this Continuous Improvement.</p>
<p>So, one of the things I often get is the question of 'what should I read'? I generally do not promote books that much, as a lot of technology books are dated by the time they are printed. I'd rather refer to a good blog post or living content that gets updated regularly. However, there is always this list of books that are timeless. They have been inspirational or defining in the knowledgd they provide. And this is something I want to start adding to my blog, a review or discussion of a book that helped me in my career. Books that I even bought again either as ePub or PDF after I moved to the other side of the world. I started to compile a list on my <a href="https://gitlab.com/gbraad/knowledge-base/tree/master/books">Knowledge Base</a><a href="https://github.com/gbraad/knowledge-base/tree/master/books">*</a> repository as a reference to others, but thought I would be a better idea to post them here with a short intro. So, look for the next post in the category 'Books'.</p>Object Design2016-09-23T00:00:00+08:002016-09-23T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-23:/object-design.html<p>One of the books I got recommended early in my career was <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/books/object-design.md" title="Object Design">Object Design</a>: Roles, Responsibilities, and Collaborations by Rebecca Wirfs-Brock and Alan McKean. The topic of this book is OOD (Object-Oriented Design). It is a wordy book, which could certainly could have been shorter, but the content makes certainly …</p><p>One of the books I got recommended early in my career was <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/books/object-design.md" title="Object Design">Object Design</a>: Roles, Responsibilities, and Collaborations by Rebecca Wirfs-Brock and Alan McKean. The topic of this book is OOD (Object-Oriented Design). It is a wordy book, which could certainly could have been shorter, but the content makes certainly up for this issue. This write-up is based on reading this book many years ago, so bear with me if things are not completely in line with the book. Although, the knowledge in this book certainly has contributed to this point-of-view. I currently own a copy of this book as reference in a digital format. </p>
<p><img alt="Object Design" src="https://d2arxad8u2l0g7.cloudfront.net/books/1372040740l/179204.jpg"></p>
<p>The author, Rebecca Wirfs-Brock, is a software engineer and consultant in Object-Oriented Design, and as the title suggests the book details about the design of your object model and how it interacts with other objects. </p>
<p>One of the things you will learn when creating software, is that design of the interactions and relations between objects and classes probably is one of the most important and hardest things. Luckily, software design and development is an evolutionary process. You will not get it right he first time and you also shouldn't aim for this. What can be modeled today as a variable on an object today, might become a class itself in the future. If you would design this from day one, you probably over-design the software and implement functionality that might never be needed.</p>
<p>What I learned from this book is how this interaction and collaboration between objects happen. Where do I keep the state? who can make a change? If the object can encapsulate it, this is probably where it should live. Ask yourself, why would another object need to know about the information, and whose responsibility is it? The book details as far as I remember CRC-cards (Class Reponsibility Rollaboration) and shows a method to get this clear. In my work I have never created the actual cards, but the concept behind it is very valuable. Get this book and browse through it, keep a copy as a reference. It is well worth it.</p>
<p>More information about this book can be found in my Knowledge Base <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/books/object-design.md" title="Object Design">entry</a>.</p>Document generation using Markdown and Pandoc2016-09-13T00:00:00+08:002016-09-13T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-13:/document-generation-using-markdown-and-pandoc.html<p>Maintaining documentation can be an involved process, especially when different versions and output formats are needed. One of the documents I, and probably you also, have to maintain is your work history or resume/CV. Some while back I changed this document from an OpenOffice document to plain text and …</p><p>Maintaining documentation can be an involved process, especially when different versions and output formats are needed. One of the documents I, and probably you also, have to maintain is your work history or resume/CV. Some while back I changed this document from an OpenOffice document to plain text and ever since, this workflow has influenced how I deal with other documentation.</p>
<h2>Requirement and timeline</h2>
<p>If I remember correctly the original version of my resume was written in Microsoft Word. As you can imagine, this limits the usage to Windows as the platform. Small corrections became unnecessarily difficult and painful. Of course I could use CrossOver Office or Wine and install Office 2003. But, this is never a long-term solution. So, I moved to OpenOffice as the <code>.odt</code> format looked promising. It was easy to use to generate the needed PDF output, but still... the workflow was far from ideal.</p>
<p>I wanted a workflow in which I can use just plaintext, which could be converted into the final format. Text is easy to index and to story under version management. This lead me to using XML directly and the use of FO (Formatting Objects), and Apache FOP. This was painful, but the results were decent to even very acceptable. It allowed me to describe elements with metadata, such as 'suffix', 'employment-type', etc. And all could be validated and transformed using XSLT. Although the conclusion was that the workflow was slow as there was no preview and transforming just took long. Also, describing elements was not useful as no-one would use the source material directly. Most recruiter use analysis tools that rely on extracting keywords and generate a profile based on this information. This can lead to incorrect results, but since they analyse hundreds of resumes this seems one of the best methods, besides being introduced by a reference.</p>
<p>I moved to a simpler approach which allows me to change the document and have a partial, and acceptable preview. By this time Markdown got more popular and I tried to convert my resume and it seemed like an acceptable approach. Using a standard parser the documents looked OK, but it missed the oomph. Then <code>pandoc</code> arrived and it changed everything.</p>
<h2>Markdown</h2>
<p>Using Markdown I would be able to write the following</p>
<div class="highlight"><pre><span></span><code><span class="cp"># _**Gerard Braad**_</span>
<span class="cp">## Personal information</span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">Chinese</span><span class="w"> </span><span class="n">name</span>
<span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">吉拉德</span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">Date</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">Birth</span>
<span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="n">February</span><span class="p">,</span><span class="w"> </span><span class="mi">1981</span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">Nationality</span>
<span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">Dutch</span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">Email</span>
<span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">[</span><span class="n">me</span><span class="p">@</span><span class="n">gbraad</span><span class="p">.</span><span class="n">nl</span><span class="p">][</span><span class="n">personal</span><span class="w"> </span><span class="n">email</span><span class="p">]</span>
</code></pre></div>
<p>It will get rendered as follows:</p>
<p><img alt="" src="//cdn.gbraad.nl/images/blog/docugen-resume-basic.png"></p>
<p>This source is humanly readable, and can be parsed by something like the Webinterface of GitHub into a <a href="https://github.com/gbraad/resume/blob/master/resume.md">decent representation</a>. And when using <a href="https://github.com/revolunet/sublimetext-markdown-preview">Markdown Preview</a> for Sublime Text, even editing this became a pleasure.</p>
<h2>Pandoc</h2>
<p>Now for introducing <a href="http://pandoc.org/">Pandoc</a>. This tool is like a Swiss knife for handling documents. It can convert between different formats and allows you to specify a template for specific formats, such as HTML. This tool allows me to use:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>pandoc<span class="w"> </span>-o<span class="w"> </span>resume.html<span class="w"> </span>resume.md
</code></pre></div>
<p>This will generate a standard HTML output from <code>resume.md</code> as input. Headings are converted to <code>h6</code>, <code>h5</code>, etc. and links become <code>a</code>, etc.</p>
<h2>Styling and layout</h2>
<p>But the beauty shows when a template is used:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>pandoc<span class="w"> </span>--template<span class="w"> </span>resume-template.html<span class="w"> </span>-o<span class="w"> </span>resume.html<span class="w"> </span>resume.md
</code></pre></div>
<p>This will generate a similar output, however the template refers to a stylesheet to style the look of the output. Using a template and stylesheet I am able to format the document to my liking. And since the output of markdown auto-generates names for elements in a consistent way, it is easy to style and format the document.</p>
<p>Take for instance the photo. Although I personally do not like photos on a resume, it is often requested. Placing it inline with the text does not look very nice.</p>
<p><img alt="" src="//cdn.gbraad.nl/images/blog/docugen-photo-inline.png"></p>
<p>Using CSS it is possible to convert the following:</p>
<div class="highlight"><pre><span></span><code><span class="cp"># _**Gerard Braad**_</span>
<span class="cp">## Personal information</span>
<span class="o">!</span><span class="p">[</span><span class="n">Photo</span><span class="p">][</span><span class="n">personal</span><span class="w"> </span><span class="n">photo</span><span class="p">]</span>
<span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="n">Chinese</span><span class="w"> </span><span class="n">name</span>
<span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">吉拉德</span>
</code></pre></div>
<p>With the styling:</p>
<div class="highlight"><pre><span></span><code><span class="nt">figure</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">float</span><span class="p">:</span><span class="w"> </span><span class="kc">right</span><span class="p">;</span>
<span class="w"> </span><span class="k">margin</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="kt">px</span><span class="p">;</span>
<span class="w"> </span><span class="k">border</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="kt">px</span><span class="w"> </span><span class="kc">solid</span><span class="w"> </span><span class="mh">#eee</span><span class="p">;</span>
<span class="p">}</span>
</code></pre></div>
<p>The output of this will look as follows:</p>
<p><img alt="" src="//cdn.gbraad.nl/images/blog/docugen-photo-float.png"></p>
<h2>Containerizing pandoc (software distribution)</h2>
<p>Pandoc itself is written in Haskell. Although a nice language, it has a different style of programming. This means that few people can contribute, and a distribution like Fedora or Ubuntu can not always provide the latest version. This can be due to possible dependency issues, but also the effort a packager has to put into it. The developer of this tool only provides a .deb package. Since I mostly work on Fedora and CentOS, I had to find an alternative solution to install this tool.</p>
<p>This is a great use-case for a container, as it consolidates the dependencies of the tool, and will allow me to use the tool as packaged by the developer, on a distribution that would else not be supported. Because I use the provided package I can also file issues against a known version, which can aid in reproducibility.</p>
<p>This lead to me creating a container called <code>docugen</code>. It uses <code>pandoc</code>, <code>jekyll</code> and <code>pandoc-ruby</code> to integrate <a href="http://jekyllrb.com/">Jekyll</a> with pandoc.</p>
<p>By setting an alias I can call <code>pandoc</code> as it is a local command, which actually calls the container:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">alias</span><span class="w"> </span><span class="nv">pandoc</span><span class="o">=</span><span class="s1">'docker run -it --rm -v $PWD:/workspace gbraad/docugen pandoc'</span>
$<span class="w"> </span>pandoc<span class="w"> </span>-o<span class="w"> </span>resume.html<span class="w"> </span>resume.md
</code></pre></div>
<p>You can find more information about it <a href="https://hub.docker.com/r/gbraad/docugen/">here</a>. </p>
<h2>Automated generation</h2>
<p>Since creating the containerized version of Pandoc, it was easy to setup an automated process for generation of the resume output. Because I use GitLab for almost all of my projects I only needed to add a CI runner definition to my repository. Below is a snippet of the generation, which publishes to GitLab pages.</p>
<p><code>.gitlab-ci.yml</code></p>
<div class="highlight"><pre><span></span><code><span class="n">pages</span><span class="o">:</span>
<span class="w"> </span><span class="n">image</span><span class="o">:</span><span class="w"> </span><span class="n">gbraad</span><span class="o">/</span><span class="n">docugen</span><span class="o">:</span><span class="n">latest</span>
<span class="w"> </span><span class="n">script</span><span class="o">:</span>
<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="kd">public</span>
<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">pandoc</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">html5</span><span class="w"> </span><span class="o">-</span><span class="n">o</span><span class="w"> </span><span class="kd">public</span><span class="o">/</span><span class="n">index</span><span class="o">.</span><span class="na">html</span><span class="w"> </span><span class="n">resume</span><span class="o">.</span><span class="na">md</span>
<span class="w"> </span><span class="n">artifacts</span><span class="o">:</span>
<span class="w"> </span><span class="n">paths</span><span class="o">:</span>
<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="kd">public</span>
</code></pre></div>
<p>The result of my resume gets published on GitLab at <a href="http://gbraad.gitlab.io/resume/">http://gbraad.gitlab.io/resume/</a> and syncs to GitHub, which hosts it at <a href="https://gbraad.nl/resume">https://gbraad.nl/resume</a>.</p>
<h2>PDF generation using Pandoc -> LaTeX</h2>
<p>Pandoc can create nice looking PDF documents by using LaTeX. The handout of my <a href="http://gbraad.gitlab.io/openstack-handsonlabs/">OpenStack Hands-on-Lab</a> was produced with this.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>pandoc<span class="w"> </span>-V<span class="w"> </span>geometry:margin<span class="o">=</span>1in<span class="w"> </span>-o<span class="w"> </span>deploying-OpenStack.pdf<span class="w"> </span>deploying-openstack.md
</code></pre></div>
<p>Although the results look really good, I had several issues with it:</p>
<ul>
<li>increased the size of the docugen container by more than a gigabyte.</li>
<li>issues with properly rendering Chinese<ul>
<li>needed additional installation of modules and fonts</li>
</ul>
</li>
<li>would not respect width and margins for pre-formatted blocks</li>
</ul>
<p>Likely, all of them could be solved with some smart hacks, but I didn't have the time and interest to learn LaTeX. This felt to me like learning how to use XSLT to transform XML into something meaningful. I still have the packages installed in the container as some documents still use <code>xelatex</code> for the PDF generation.</p>
<h2>PDF generation using PhantomJS</h2>
<p>To solve the issues mentioned above, I now use <code>phantomjs</code>. <a href="http://phantomjs.org/">PhantomJS</a> is a headless browser based on the WebKit rendering engine, and is scriptable with JavaScript. By using this approach I am able to use a single stylesheet to produce the same output on screen as on paper.</p>
<div class="highlight"><pre><span></span><code><span class="k">var</span><span class="w"> </span><span class="n">page</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">require</span><span class="p">(</span><span class="s1">'webpage'</span><span class="p">)</span><span class="o">.</span><span class="n">create</span><span class="p">(),</span><span class="w"> </span><span class="n">system</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">require</span><span class="p">(</span><span class="s1">'system'</span><span class="p">),</span>
<span class="w"> </span><span class="n">address</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">system</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span><span class="w"> </span><span class="n">output</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">system</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="mi">2</span><span class="p">];</span>
<span class="n">page</span><span class="o">.</span><span class="n">viewportSize</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">width</span><span class="p">:</span><span class="w"> </span><span class="mi">600</span><span class="p">,</span><span class="w"> </span><span class="n">height</span><span class="p">:</span><span class="w"> </span><span class="mi">600</span><span class="w"> </span><span class="p">};</span>
<span class="n">page</span><span class="o">.</span><span class="n">paperSize</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">format</span><span class="p">:</span><span class="w"> </span><span class="s2">"A4"</span><span class="p">,</span><span class="w"> </span><span class="n">orientation</span><span class="p">:</span><span class="w"> </span><span class="s1">'portrait'</span><span class="p">,</span><span class="w"> </span><span class="n">margin</span><span class="p">:</span><span class="w"> </span><span class="s1">'1cm'</span><span class="w"> </span><span class="p">};</span>
<span class="k">if</span><span class="p">(</span><span class="n">system</span><span class="o">.</span><span class="n">args</span><span class="o">.</span><span class="n">length</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="mi">3</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="n">page</span><span class="o">.</span><span class="n">zoomFactor</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">system</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="mi">3</span><span class="p">];</span><span class="w"> </span><span class="p">}</span>
<span class="n">page</span><span class="o">.</span><span class="n">open</span><span class="p">(</span><span class="n">address</span><span class="p">,</span><span class="w"> </span><span class="n">function</span><span class="w"> </span><span class="p">(</span><span class="n">status</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">page</span><span class="o">.</span><span class="n">render</span><span class="p">(</span><span class="n">output</span><span class="p">);</span>
<span class="w"> </span><span class="n">phantom</span><span class="o">.</span><span class="n">exit</span><span class="p">();</span>
<span class="p">});</span>
</code></pre></div>
<p>To generate a PDF, I call:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>phantomjs<span class="w"> </span>topdf.js<span class="w"> </span>resume.html<span class="w"> </span>resume.pdf
</code></pre></div>
<h2>Page breaks</h2>
<p>To produce a nicer result, I have also added the following to my stylesheet:</p>
<div class="highlight"><pre><span></span><code><span class="nt">h1</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">page-break-before</span><span class="p">:</span><span class="w"> </span><span class="kc">always</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">#</span><span class="nn">gerard-braad</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">text-align</span><span class="p">:</span><span class="w"> </span><span class="kc">center</span><span class="p">;</span>
<span class="w"> </span><span class="k">page-break-before</span><span class="p">:</span><span class="w"> </span><span class="kc">avoid</span><span class="p">;</span>
<span class="p">}</span>
</code></pre></div>
<p>When printed this inserts a page break before the header starts. So when a new topic starts, but avoids it for the start of the document.</p>
<h2>Conclusion</h2>
<p>Generating a document from plaintext using Markdown can be beneficial. The source will never suffer from issues with 'being unreadable' or 'deprecated software', and it can easily be indexed. Tracking changes and even publishing a change is not as easy as opening the file on my mobile phone, and commiting it using git. Automatically the result will be published.</p>
<p>I have moved all my documentation over to plaintext, from the handsonlabs, training and teaching material, schedules, etc. I am still tweaking some of the processes, but the convenience is that a single source material can be used for different outputs. For instance, I publish my articles of this <a href="//gbraad.nl/blog/">blog</a> in <a href="https://gitlab.com/gbraad/blog-content/blob/master/SUMMARY.md">Markdown</a>, as generated <a href="http://gbraad.gitlab.io/blog-content/">documents</a>, and as a <a href="https://gbraad.gitbooks.io/blog-articles/content/">GitBook</a>.</p>
<p>Do not settle for a solution forever. Over time requirements can change and new insights can be utilized to produce a better solution.</p>
<h2>Links</h2>
<ul>
<li>Source of my resume: <a href="https://gitlab.com/gbraad/resume/">GitLab</a>, <a href="https://github.com/gbraad/resume/">GitHub</a></li>
<li><a href="https://gbraad.nl/resume/">Published</a> version</li>
</ul>
<h2>Endnotes</h2>
<p>I looked for some of the older formats and output, but was unable to track them down. I do remember my businesscard was used as a reference for '<a href="http://microformats.org/wiki/selected-test-cases-from-the-web">microformats</a>'. And someone tried to introduce an XML standard for resume, called xmlresume if I recall correctly. From experience I could conclude this would not work; no applicant will provide XML and converting it in a tool seems pointless.</p>
<p>At the moment I am still looking for a nice tool on Android to edit the documents. I use <a href="https://github.com/sheimi/SGit">SGit</a> with <a href="http://writeily.me/">Writeily Pro</a>, but I am a little disappointed in both tools. Opening a file for viewing in sgit will modify the file, and it does not deal well with resetting this. And Writeily Pro becomes slow over time when editing a file. Closing it and re-opening solves this, but it breaks the writing streak. Sometimes I rather use <a href="http://www.droidedit.com/">DroidEdit</a>, as it is just a text editor and does not suffer from this issue. Tools on the iPad, like <a href="http://daedalusapp.com/">Daedalus Touch</a> and <a href="https://textasticapp.com/">Textastic</a> feel more productive. Suggestions are welcome...</p>Highly Available storage using GlusterFS2016-09-12T00:00:00+08:002016-09-12T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-12:/highly-available-storage-using-glusterfs.html<p>In this article I will describe how you can setup a webserver environment with
Highly Available (HA) storage, provided by GlusterFS. We will be setting up a
simple environment in which storage between two webservers needs to be replicated.</p>
<p>GlusterFS is a scalable network filesystem suitable for data-intensive tasks. It …</p><p>In this article I will describe how you can setup a webserver environment with
Highly Available (HA) storage, provided by GlusterFS. We will be setting up a
simple environment in which storage between two webservers needs to be replicated.</p>
<p>GlusterFS is a scalable network filesystem suitable for data-intensive tasks. It
is free and open source software and can utilize common off-the-shelf hardware.
To learn more, please see the Gluster project <a href="http://www.gluster.org/">home page</a>.</p>
<h2>Prerequisites</h2>
<p>You will need two servers available, each with a dedicated disk for storage,
such as <code>/dev/vdb</code> or <code>/dev/sdb</code>. I will be using Fedora 24, which of writing
is the latest version.</p>
<p>The following needs to be installed on both servers:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>glusterfs-server<span class="w"> </span>xfsprogs
</code></pre></div>
<p>This includes the server component for the distributed filesystem, and the tools
needed to format the disk we will use to store the files. Gluster recommends to
use XFS as the filesystem.</p>
<p>We will assume for this article, that the machines will be running Apache. If
this is not installed already, you can do the following:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>httpd
</code></pre></div>
<h2>Hostnames</h2>
<p>Make sure the hostnames and IP addresses of the servers are known to each other.
For this, check the content of <code>/etc/hosts</code></p>
<p><code>/etc/hosts</code></p>
<div class="highlight"><pre><span></span><code><span class="mf">37.153.173.244</span><span class="w"> </span><span class="n">server01</span><span class="o">-</span><span class="n">public</span>
<span class="mf">37.153.173.245</span><span class="w"> </span><span class="n">server01</span><span class="o">-</span><span class="n">public</span>
<span class="mf">10.3.0.44</span><span class="w"> </span><span class="n">server01</span><span class="o">-</span><span class="n">private</span>
<span class="mf">10.3.0.45</span><span class="w"> </span><span class="n">server02</span><span class="o">-</span><span class="n">private</span>
</code></pre></div>
<p>Note: these servers have two interfaces, Although this is not necessary, it is
strongly recommended to separate the traffic from the web and what you use for
the storage network. In our case, the web-facing IP addresses have not been
load-balanced yet. This is a topic for future articles.</p>
<h2>Prepare disks</h2>
<p>Since Gluster relies on extended file attributes (xattr), we will need to increase
the inode size when formatting the disks.</p>
<p>Perform on the following on both the servers</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkfs.xfs<span class="w"> </span>-i<span class="w"> </span><span class="nv">size</span><span class="o">=</span><span class="m">512</span><span class="w"> </span>/dev/vdb
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">meta</span><span class="o">-</span><span class="nx">data</span><span class="p">=</span><span class="o">/</span><span class="nx">dev</span><span class="o">/</span><span class="nx">vdb</span><span class="w"> </span><span class="nx">isize</span><span class="p">=</span><span class="mi">512</span><span class="w"> </span><span class="nx">agcount</span><span class="p">=</span><span class="mi">4</span><span class="p">,</span><span class="w"> </span><span class="nx">agsize</span><span class="p">=</span><span class="mi">3276800</span><span class="w"> </span><span class="nx">blks</span>
<span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">sectsz</span><span class="p">=</span><span class="mi">512</span><span class="w"> </span><span class="nx">attr</span><span class="p">=</span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nx">projid32bit</span><span class="p">=</span><span class="mi">1</span>
<span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">crc</span><span class="p">=</span><span class="mi">1</span><span class="w"> </span><span class="nx">finobt</span><span class="p">=</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nx">sparse</span><span class="p">=</span><span class="mi">0</span>
<span class="nx">data</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">bsize</span><span class="p">=</span><span class="mi">4096</span><span class="w"> </span><span class="nx">blocks</span><span class="p">=</span><span class="mi">13107200</span><span class="p">,</span><span class="w"> </span><span class="nx">imaxpct</span><span class="p">=</span><span class="mi">25</span>
<span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">sunit</span><span class="p">=</span><span class="mi">0</span><span class="w"> </span><span class="nx">swidth</span><span class="p">=</span><span class="mi">0</span><span class="w"> </span><span class="nx">blks</span>
<span class="nx">naming</span><span class="w"> </span><span class="p">=</span><span class="nx">version</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="nx">bsize</span><span class="p">=</span><span class="mi">4096</span><span class="w"> </span><span class="nx">ascii</span><span class="o">-</span><span class="nx">ci</span><span class="p">=</span><span class="mi">0</span><span class="w"> </span><span class="nx">ftype</span><span class="p">=</span><span class="mi">1</span>
<span class="nx">log</span><span class="w"> </span><span class="p">=</span><span class="nx">internal</span><span class="w"> </span><span class="nx">log</span><span class="w"> </span><span class="nx">bsize</span><span class="p">=</span><span class="mi">4096</span><span class="w"> </span><span class="nx">blocks</span><span class="p">=</span><span class="mi">6400</span><span class="p">,</span><span class="w"> </span><span class="nx">version</span><span class="p">=</span><span class="mi">2</span>
<span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">sectsz</span><span class="p">=</span><span class="mi">512</span><span class="w"> </span><span class="nx">sunit</span><span class="p">=</span><span class="mi">0</span><span class="w"> </span><span class="nx">blks</span><span class="p">,</span><span class="w"> </span><span class="nx">lazy</span><span class="o">-</span><span class="nx">count</span><span class="p">=</span><span class="mi">1</span>
<span class="nx">realtime</span><span class="w"> </span><span class="p">=</span><span class="nx">none</span><span class="w"> </span><span class="nx">extsz</span><span class="p">=</span><span class="mi">4096</span><span class="w"> </span><span class="nx">blocks</span><span class="p">=</span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="nx">rtextents</span><span class="p">=</span><span class="mi">0</span>
</code></pre></div>
<p>Now we need to create a mountpoint for the filesystem. We will use
<code>/data/var-www/brick01</code> on <code>server01</code>:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkdir<span class="w"> </span>-p<span class="w"> </span>/data/var-www/brick01
$<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s1">'/dev/vdb /data/var-www/brick01 xfs defaults 1 2'</span><span class="w"> </span>>><span class="w"> </span>/etc/fstab
$<span class="w"> </span>mount<span class="w"> </span>-a<span class="w"> </span>
</code></pre></div>
<p>and <code>/data/var-www/brick02</code> on <code>server02</code>:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkdir<span class="w"> </span>-p<span class="w"> </span>/data/var-www/brick02
$<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s1">'/dev/vdb /data/var-www/brick02 xfs defaults 1 2'</span><span class="w"> </span>>><span class="w"> </span>/etc/fstab
$<span class="w"> </span>mount<span class="w"> </span>-a<span class="w"> </span>
</code></pre></div>
<h2>Setup Gluster</h2>
<p>You will now create a cluster of Gluster servers, which means that we will create
a trust between the two nodes. But before we can do this, we need to make sure
the Gluster daemon is running on the nodes. Perform the following commands on
both of the nodes:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>glusterd
$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>glusterd
$<span class="w"> </span>systemctl<span class="w"> </span>status<span class="w"> </span>glusterd
</code></pre></div>
<p>Now we need to create the trusted connection. The following commands will only
need to be used on one of the nodes. In my case, this will be <code>server01</code>:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gluster<span class="w"> </span>peer<span class="w"> </span>probe<span class="w"> </span>server02-private
</code></pre></div>
<div class="highlight"><pre><span></span><code>peer probe: success.
</code></pre></div>
<p>Note: the hostname here refers to the private IP address. This is not the same
range as the public network. For security purposes you will likely separate the
traffic.</p>
<p>You can verify is the trust exists by running:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gluster<span class="w"> </span>peer<span class="w"> </span>status
</code></pre></div>
<div class="highlight"><pre><span></span><code>Number of Peers: 1
Hostname: server02-private
Uuid: af523e9b-4257-485d-aa45-ebd24f115c42
State: Peer in Cluster (Connected)
</code></pre></div>
<p>If you would run this command also on <code>server02</code>, you would get a similar result:</p>
<div class="highlight"><pre><span></span><code>Number of Peers: 1
Hostname: server01-private
Uuid: 74c77082-b62c-4cc4-b33f-02de36083990
State: Peer in Cluster (Connected)
</code></pre></div>
<h2>Create Gluster volume</h2>
<p>In case of a failure, we do not want our data to be unavailable. Therefore we
need to have two copies of our data, and we do this by creating a replicated
volume.</p>
<p>This command will only need to be run on one node, as Gluster will take care of
the related nodes.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gluster<span class="w"> </span>volume<span class="w"> </span>create<span class="w"> </span>var-www<span class="w"> </span>replica<span class="w"> </span><span class="m">2</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>server01-private:/data/var-www/brick01/volume<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>server02-private:/data/var-www/brick02/volume
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">volume</span><span class="w"> </span><span class="n">create</span><span class="p">:</span><span class="w"> </span><span class="k">var</span><span class="o">-</span><span class="n">www</span><span class="p">:</span><span class="w"> </span><span class="n">success</span><span class="p">:</span><span class="w"> </span><span class="n">please</span><span class="w"> </span><span class="n">start</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">volume</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">access</span><span class="w"> </span><span class="n">data</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gluster<span class="w"> </span>volume<span class="w"> </span>start<span class="w"> </span>var-www
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">volume</span><span class="w"> </span><span class="n">start</span><span class="p">:</span><span class="w"> </span><span class="k">var</span><span class="o">-</span><span class="n">www</span><span class="p">:</span><span class="w"> </span><span class="n">success</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>gluster<span class="w"> </span>volume<span class="w"> </span>info
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Volume</span><span class="w"> </span><span class="nx">Name</span><span class="p">:</span><span class="w"> </span><span class="kd">var</span><span class="o">-</span><span class="nx">www</span>
<span class="nx">Type</span><span class="p">:</span><span class="w"> </span><span class="nx">Replicate</span>
<span class="nx">Volume</span><span class="w"> </span><span class="nx">ID</span><span class="p">:</span><span class="w"> </span><span class="nx">e91014ca</span><span class="o">-</span><span class="nx">f98c</span><span class="o">-</span><span class="mi">42</span><span class="nx">e5</span><span class="o">-</span><span class="mi">8</span><span class="nx">e75</span><span class="o">-</span><span class="nx">de4d2e65f569</span>
<span class="nx">Status</span><span class="p">:</span><span class="w"> </span><span class="nx">Started</span>
<span class="nx">Number</span><span class="w"> </span><span class="nx">of</span><span class="w"> </span><span class="nx">Bricks</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="nx">x</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="mi">2</span>
<span class="nx">Transport</span><span class="o">-</span><span class="k">type</span><span class="p">:</span><span class="w"> </span><span class="nx">tcp</span>
<span class="nx">Bricks</span><span class="p">:</span>
<span class="nx">Brick1</span><span class="p">:</span><span class="w"> </span><span class="nx">server01</span><span class="o">-</span><span class="k">private</span><span class="p">:</span><span class="o">/</span><span class="nx">data</span><span class="o">/</span><span class="kd">var</span><span class="o">-</span><span class="nx">www</span><span class="o">/</span><span class="nx">brick01</span><span class="o">/</span><span class="nx">volume</span>
<span class="nx">Brick2</span><span class="p">:</span><span class="w"> </span><span class="nx">server02</span><span class="o">-</span><span class="k">private</span><span class="p">:</span><span class="o">/</span><span class="nx">data</span><span class="o">/</span><span class="kd">var</span><span class="o">-</span><span class="nx">www</span><span class="o">/</span><span class="nx">brick02</span><span class="o">/</span><span class="nx">volume</span>
<span class="nx">Options</span><span class="w"> </span><span class="nx">Reconfigured</span><span class="p">:</span>
<span class="nx">transport</span><span class="p">.</span><span class="nx">address</span><span class="o">-</span><span class="nx">family</span><span class="p">:</span><span class="w"> </span><span class="nx">inet</span>
<span class="nx">performance</span><span class="p">.</span><span class="nx">readdir</span><span class="o">-</span><span class="nx">ahead</span><span class="p">:</span><span class="w"> </span><span class="nx">on</span>
<span class="nx">nfs</span><span class="p">.</span><span class="nx">disable</span><span class="p">:</span><span class="w"> </span><span class="nx">on</span>
</code></pre></div>
<h2>Mount Gluster volume</h2>
<p>Before you can mount the volume on <code>/var/www</code> to share the webpages, we need to
move the original <code>/var/www</code> out of the way and create a new directory to mount.
Perform the following commands on both the servers:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span>stop<span class="w"> </span>httpd
$<span class="w"> </span>mv<span class="w"> </span>/var/www<span class="o">{</span>,.orig<span class="o">}</span>
$<span class="w"> </span>mkdir<span class="w"> </span>/var/www
</code></pre></div>
<p>Now that we have the mountpoint, we can add an entry to <code>fstab</code> to deal with
mounting of our volume. On <code>server01</code> you need to do the following:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s1">'server01-private:/var-www /var/www glusterfs defaults,_netdev,fetch-attempts=3 0 0'</span><span class="w"> </span>>><span class="w"> </span>/etc/fstab
$<span class="w"> </span>mount<span class="w"> </span>-a
</code></pre></div>
<p>And on <code>server02</code>:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s1">'server02-private:/var-www /var/www glusterfs defaults,_netdev,fetch-attempts=3 0 0'</span><span class="w"> </span>>><span class="w"> </span>/etc/fstab
$<span class="w"> </span>mount<span class="w"> </span>-a
</code></pre></div>
<p>Now the volume has been mounted and replication is available. We use <code>_netdev</code>
because network needs to be up before we can use this filesystem, and <code>fetch_attempts</code>
will deal with the volume information in case of a failure. Since we have multiple
IP address, this is a suggested setting.</p>
<h2>Test replication</h2>
<p>On <code>server01</code> you can do the following:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkdir<span class="w"> </span>-p<span class="w"> </span>/var/www/html
$<span class="w"> </span><span class="nb">echo</span><span class="w"> </span><span class="s1">'Hello, World!'</span><span class="w"> </span>><span class="w"> </span>/var/www/html/index.html
$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>httpd
</code></pre></div>
<p>If you would now open the web facing IP address, you should see the message:
<code>Hello, World!</code>.</p>
<p>Note: if you have issues opening the page, or the default Fedora test page gets
returned, you might have SELinux enabled. In this case, you need to turn on the
following boolean:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>setsebool<span class="w"> </span>-P<span class="w"> </span>httpd_use_fusefs<span class="w"> </span><span class="m">1</span>
</code></pre></div>
<p>which will allow Apache to use the FUSE filesystem mount as used by GlusterFS.</p>
<p>Now, on <code>server02</code> you can check the content of the folder:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ls<span class="w"> </span>/var/www/html
</code></pre></div>
<p>and you would see an <code>index.html</code> file. Now start Apache and you will see that
the content is also served from this server.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>httpd
</code></pre></div>
<h2>Conclusion</h2>
<p>Using GlusterFS it is easy to setup an environment that can handle issues with
storage availability. You now have a replicate volume that is available on two
servers. Actions we take on each of these servers, will be replicated to the
other server.</p>
<p>In this case we have setup the servers to handle both the storage and act as a
client to read these files. More advanced are available and are described in the
<a href="http://gluster.readthedocs.io/en/latest/">documentation</a>.</p>
<h2>Next step</h2>
<p>Now that we have implemented replicated storage for our webservers, we need to
provide a HA solution to deal with the traffic on the webfacing IP addresses.
In an OpenStack environment you could use Neutron to setup a loadbalancer and
health monitor for the two servers. How to set this up in described in the
<a href="./building-a-multi-tier-application-using-openstack-packstack.html">following article</a>.
However, you can also do so with HAProxy and a failover mechanism, which will be
the topic of a future article.</p>
<p>If you have questions please let me know on Twitter at <a href="http://twitter.com/gbraad">@gbraad</a> or by email.</p>Highlighting of Code and Text2016-09-09T00:00:00+08:002016-09-09T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-09:/highlighting-of-code-and-text.html<p>Code is read more often than it is written. Nothing is truer than this statement. This means that when writing code it is important to have a good idea of what you are doing. Write clean code, which is simple or easy to reason about. Since if you can't explain …</p><p>Code is read more often than it is written. Nothing is truer than this statement. This means that when writing code it is important to have a good idea of what you are doing. Write clean code, which is simple or easy to reason about. Since if you can't explain it, how could others even understand it well. Syntax highlighting of code can help. With this, certain keywords or structure get emphasized by using a color. I do not think it is an ideal solution, but subconsciously it seems I focus more on the code. Likely, the colors themselves are pleasing to look at.</p>
<h2>Pleasant to the eyes</h2>
<p>Perhaps because of this last, I tend to always implement or set the <a href="https://github.com/chriskempson/tomorrow-theme">Tomorrow Theme</a> for my color scheme, and specifically the <a href="https://github.com/chriskempson/tomorrow-theme#tomorrow-night-bright">Night Bright</a> variant. Below you can find an example, as I also enabled it on my blog by implementing a Pygments style.</p>
<h2>Example</h2>
<p><code>server.js</code></p>
<div class="highlight"><pre><span></span><code><span class="s1">'use strict'</span><span class="p">;</span>
<span class="c1">// get port from environment settings for deployment on Heroku</span>
<span class="kd">var</span><span class="w"> </span><span class="nx">EXPRESS_PORT</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">OPENSHIFT_NODEJS_PORT</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="mf">4000</span><span class="p">;</span>
<span class="kd">var</span><span class="w"> </span><span class="nx">EXPRESS_IPADDR</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">OPENSHIFT_NODEJS_IP</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">IPADDR</span><span class="w"> </span><span class="o">||</span><span class="w"> </span><span class="s1">'127.0.0.1'</span><span class="p">;</span>
<span class="kd">var</span><span class="w"> </span><span class="nx">EXPRESS_ROOT</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">__dirname</span><span class="p">;</span>
<span class="kd">function</span><span class="w"> </span><span class="nx">startExpress</span><span class="p">(</span><span class="nx">root</span><span class="p">,</span><span class="w"> </span><span class="nx">port</span><span class="p">,</span><span class="w"> </span><span class="nx">ipaddr</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">var</span><span class="w"> </span><span class="nx">express</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">require</span><span class="p">(</span><span class="s1">'express'</span><span class="p">);</span>
<span class="w"> </span><span class="kd">var</span><span class="w"> </span><span class="nx">app</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nx">express</span><span class="p">();</span>
<span class="w"> </span><span class="nx">app</span><span class="p">.</span><span class="nx">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="k">static</span><span class="p">(</span><span class="nx">root</span><span class="p">));</span>
<span class="w"> </span><span class="nx">app</span><span class="p">.</span><span class="nx">listen</span><span class="p">(</span><span class="nx">port</span><span class="p">,</span><span class="w"> </span><span class="nx">ipaddr</span><span class="p">,</span><span class="w"> </span><span class="kd">function</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s1">'Listening on %s:%d'</span><span class="p">,</span>
<span class="w"> </span><span class="nx">ipaddr</span><span class="p">,</span><span class="w"> </span><span class="nx">port</span><span class="p">);</span>
<span class="w"> </span><span class="p">});</span>
<span class="p">}</span>
<span class="nx">startExpress</span><span class="p">(</span><span class="nx">EXPRESS_ROOT</span><span class="p">,</span><span class="w"> </span><span class="nx">EXPRESS_PORT</span><span class="p">,</span><span class="w"> </span><span class="nx">EXPRESS_IPADDR</span><span class="p">);</span>
</code></pre></div>
<p><img alt="" src="http://cdn.gbraad.nl/images/blog/javascript-syntax-highlighting.png"></p>
<h2>Implementations</h2>
<p>Chris Kempson now has a new color scheme called 'base16`and it has a '<a href="https://chriskempson.github.io/base16/#tomorrow">Tomorrow</a>' variant. It must be the name as I always install 'Tomorrow' first. Here are some of the Night Bright variants I have made over the years:</p>
<ul>
<li><a href="https://github.com/gbraad/pygments-style-tomorrownightbright">Pygments</a></li>
<li><a href="https://github.com/gbraad/chrome-devtools-tomorrow-night-bright-theme">Chrome DevTools</a></li>
<li><a href="https://github.com/gbraad/brackets-themes-TomorrowNightBright">Brackets</a></li>
<li><a href="https://github.com/codemirror/CodeMirror/blob/master/theme/tomorrow-night-bright.css">CodeMirror</a></li>
<li>...</li>
</ul>
<h2>How about language</h2>
<p>Since my wife and I are very involved in teaching, I have also experimented with the idea of using word or word-class highlighting for English. The results are that it can actually help. Words that need to be stressed, or emphasized, can be highlighted in a different color. Think of words like 'very', 'never', etc. Some of this can be automated, as can be seen in the following examples:</p>
<ul>
<li><a href="http://nlp-compromise.github.io/website/">NLP-compromise</a>, Text Parsing</li>
<li><a href="http://evanhahn.github.io/English-text-highlighting/">English-text-highlighting</a></li>
<li><a href="https://english.edward.io/">English syntax highlighter</a></li>
<li><a href="https://github.com/loadfive/Knwl.js">Knwl.js</a></li>
</ul>
<p>These implementations range from simple hard-coded word matching, to actual Natural Language Processing.</p>
<h2>Example</h2>
<p>Take for instance the following example of <code>Alice In Wonderland - Down the Rabbit Hole</code>.</p>
<p><strong>"</strong>There was nothing so very remarkable in that; nor did Alice think it so very much out of the way to hear the Rabbit say to itself, <em>'Oh dear! Oh dear! I shall be late!'</em> (when she thought it over afterwards, it occurred to her that she ought to have wondered at this, but at the time it all seemed quite natural); but when the Rabbit actually took a watch out of its waistcoat-pocket, and looked at it, and then hurried on, Alice started to her feet, for it flashed across her mind that she had never before seen a rabbit with either a waistcoat-pocket, or a watch to take out of it, and burning with curiosity, she ran across the field after it, and fortunately was just in time to see it pop down a large rabbit-hole under the hedge.<strong>"</strong></p>
<p>When <code>adverb</code>, <code>verb</code>, <code>conjunction</code>, etc. are highlighted, the text will look as follows:</p>
<p><img alt="" src="http://cdn.gbraad.nl/images/blog/english-text-highlighting.png"></p>
<p>Note: this is taken from <a href="https://english.edward.io/">English syntax highlighter</a>. Try and see for yourself if it can help.</p>
<h2>Chinese</h2>
<p>Highlighting does not only work well for English. Chinese for instance is a tonal language. Which means that a pronounciation of a character can have a different tone for a different meaning. When not proprerly mastered, this can lead to a lot of confusion or embarrassment. For learner's of Chinese it is actually common to highlight the tones. An example of this is shown here:</p>
<div class="highlight"><pre><span></span><code>welcome
v.t.
欢迎 huānyíng; 迎接 yíngjiē
Welcome home again!
欢迎你又回家了!
Huānyíng nǐ yòu huíjiā le!
</code></pre></div>
<p><img alt="" src="http://cdn.gbraad.nl/images/blog/chinese-tone-highlighting.png"></p>
<h2>Conclusion</h2>
<p>Highlighting can serve different purposes. I can not recall that highlighting actually helped me to write clean or correct code, or that it even prevented me from making a mistake or typo. However, it can certainly provide a plesant feeling, in which you can 'feel good' about your code in another way. For languages, such as English and Chinese, it can assist with the learning process.</p>non-root user inside a Docker container2016-09-08T00:00:00+08:002016-09-08T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-08:/non-root-user-inside-a-docker-container.html<p>One of the things that you notice when using Docker, is that all commands you run from the <code>Dockerfile</code> with <code>RUN</code> or <code>CMD</code> are performed as the <code>root</code> user. This is not only a bad security practice for running internet facing services, it might even prevent certain applications from working …</p><p>One of the things that you notice when using Docker, is that all commands you run from the <code>Dockerfile</code> with <code>RUN</code> or <code>CMD</code> are performed as the <code>root</code> user. This is not only a bad security practice for running internet facing services, it might even prevent certain applications from working properly. So, how do you run commands as a non-root user? For people using Red Hat-based systems, such as Fedora or CentOS I will explain how you can do this.</p>
<h2>Let's begin</h2>
<p>Let's say you have a <code>Dockerfile</code> using Fedora as a base:</p>
<div class="highlight"><pre><span></span><code>FROM fedora:24
</code></pre></div>
<h2>Create user</h2>
<p>Before we can use a different user, we need to create one:</p>
<div class="highlight"><pre><span></span><code>RUN adduser user
</code></pre></div>
<h2>Run as user</h2>
<p>Now you can run commands as this user by doing:</p>
<div class="highlight"><pre><span></span><code>RUN su - user -c "touch me"
</code></pre></div>
<p>The container start process can be changed to:</p>
<div class="highlight"><pre><span></span><code>CMD ["su", "-", "user", "-c", "/bin/bash"]
</code></pre></div>
<p>This way, a <code>bash</code> shell will open as the user.</p>
<h2>Allow <code>sudo</code> usage</h2>
<p>Since you are running a normal user, it might be handy to install the following package inside the container:</p>
<div class="highlight"><pre><span></span><code>RUN dnf install -y sudo
</code></pre></div>
<p>This will allow you to use <code>sudo</code> to perform actions as the root user:</p>
<div class="highlight"><pre><span></span><code>RUN echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
chmod 0440 /etc/sudoers.d/user
</code></pre></div>
<h2>Final <code>Dockerfile</code></h2>
<p>To combine all of this, your <code>Dockerfile</code> would look as follows:</p>
<p><code>Dockerfile</code></p>
<div class="highlight"><pre><span></span><code>FROM fedora:24
RUN dnf install -y sudo && \
adduser user && \
echo "user ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/user && \
chmod 0440 /etc/sudoers.d/user
RUN su - user -c "touch mine"
CMD ["su", "-", "user", "-c", "/bin/bash"]
</code></pre></div>
<h2>Result</h2>
<p>Building this container is simple:</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">docker</span><span class="w"> </span><span class="kr">build</span><span class="w"> </span><span class="o">-</span><span class="n">t</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="p">.</span>
<span class="n">Step</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">FROM</span><span class="w"> </span><span class="n">fedora</span><span class="o">:</span><span class="mi">24</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="n">f9873d530588</span>
<span class="n">Step</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">RUN</span><span class="w"> </span><span class="n">dnf</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">y</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">adduser</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="s">"user ALL=(root) NOPASSWD:ALL"</span><span class="w"> </span><span class="o">></span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sudoers</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">user</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mo">0440</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sudoers</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">user</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="n">Using</span><span class="w"> </span><span class="n">cache</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="mo">05</span><span class="n">c3f3c7e9fc</span>
<span class="n">Step</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">RUN</span><span class="w"> </span><span class="n">su</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="s">"touch me"</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="mi">584</span><span class="n">ab0ad025b</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="mi">66</span><span class="n">ea558b9855</span>
<span class="n">Removing</span><span class="w"> </span><span class="n">intermediate</span><span class="w"> </span><span class="n">container</span><span class="w"> </span><span class="mi">584</span><span class="n">ab0ad025b</span>
<span class="n">Step</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="n">CMD</span><span class="w"> </span><span class="n">su</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="o">/</span><span class="n">bin</span><span class="o">/</span><span class="n">bash</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="n">Running</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="mf">780e0</span><span class="n">ccd5f61</span>
<span class="w"> </span><span class="o">---></span><span class="w"> </span><span class="n">b19a10012b28</span>
<span class="n">Removing</span><span class="w"> </span><span class="n">intermediate</span><span class="w"> </span><span class="n">container</span><span class="w"> </span><span class="mf">780e0</span><span class="n">ccd5f61</span>
<span class="n">Successfully</span><span class="w"> </span><span class="n">built</span><span class="w"> </span><span class="n">b19a10012b28</span>
</code></pre></div>
<p>Running it will produce the following result:</p>
<div class="highlight"><pre><span></span><code><span class="n">$</span><span class="w"> </span><span class="n">docker</span><span class="w"> </span><span class="n">run</span><span class="w"> </span><span class="o">-</span><span class="n">it</span><span class="w"> </span><span class="o">--</span><span class="n">rm</span><span class="w"> </span><span class="n">user</span>
<span class="p">[</span><span class="n">user</span><span class="mi">@48</span><span class="n">add6313ab6</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="n">$</span><span class="w"> </span><span class="n">ls</span><span class="w"> </span><span class="o">-</span><span class="n">al</span>
<span class="n">total</span><span class="w"> </span><span class="mi">20</span>
<span class="n">drwx</span><span class="o">------</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="mi">08</span><span class="o">:</span><span class="mi">51</span><span class="w"> </span><span class="p">.</span>
<span class="n">drwxr</span><span class="o">-</span><span class="n">xr</span><span class="o">-</span><span class="n">x</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="n">root</span><span class="w"> </span><span class="mi">4096</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="mi">08</span><span class="o">:</span><span class="mi">46</span><span class="w"> </span><span class="p">..</span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="mi">18</span><span class="w"> </span><span class="n">May</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="mi">14</span><span class="o">:</span><span class="mi">22</span><span class="w"> </span><span class="p">.</span><span class="n">bash_logout</span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="mi">193</span><span class="w"> </span><span class="n">May</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="mi">14</span><span class="o">:</span><span class="mi">22</span><span class="w"> </span><span class="p">.</span><span class="n">bash_profile</span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="mi">231</span><span class="w"> </span><span class="n">May</span><span class="w"> </span><span class="mi">17</span><span class="w"> </span><span class="mi">14</span><span class="o">:</span><span class="mi">22</span><span class="w"> </span><span class="p">.</span><span class="n">bashrc</span>
<span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">rw</span><span class="o">-</span><span class="n">r</span><span class="o">--</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="n">user</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="n">Sep</span><span class="w"> </span><span class="mi">8</span><span class="w"> </span><span class="mi">08</span><span class="o">:</span><span class="mi">51</span><span class="w"> </span><span class="n">me</span>
<span class="p">[</span><span class="n">user</span><span class="mi">@48</span><span class="n">add6313ab6</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="n">$</span><span class="w"> </span><span class="n">pwd</span>
<span class="o">/</span><span class="n">home</span><span class="o">/</span><span class="n">user</span>
<span class="p">[</span><span class="n">user</span><span class="mi">@48</span><span class="n">add6313ab6</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="n">$</span><span class="w"> </span>
</code></pre></div>
<h2>Base images</h2>
<p>If you are setting up base images for re-use, it can be handy to use the <code>USER</code> keyword. This will run all the following commqnds as a particalur. Lets say, you want to use a service, which is Node.JS based, you can create the following <code>Dockerfile</code></p>
<div class="highlight"><pre><span></span><code><span class="k">FROM</span><span class="w"> </span><span class="nl">centos</span><span class="p">:</span><span class="mi">7</span>
<span class="n">MAINTAINER</span><span class="w"> </span><span class="n">Gerard</span><span class="w"> </span><span class="n">Braad</span><span class="w"> </span><span class="o"><</span><span class="n">me</span><span class="nv">@gbraad</span><span class="p">.</span><span class="n">nl</span><span class="o">></span>
<span class="err">#</span><span class="w"> </span><span class="n">Run</span><span class="w"> </span><span class="k">update</span><span class="w"> </span><span class="ow">and</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="n">dependencies</span>
<span class="n">RUN</span><span class="w"> </span><span class="n">yum</span><span class="w"> </span><span class="k">update</span><span class="w"> </span><span class="o">-</span><span class="n">y</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">yum</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">y</span><span class="w"> </span><span class="n">nodejs</span><span class="w"> </span><span class="n">npm</span>
<span class="err">#</span><span class="w"> </span><span class="k">Add</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="nl">UID</span><span class="p">:</span><span class="mi">1000</span><span class="p">,</span><span class="w"> </span><span class="nl">GID</span><span class="p">:</span><span class="mi">1000</span><span class="p">,</span><span class="w"> </span><span class="n">home</span><span class="w"> </span><span class="k">at</span><span class="w"> </span><span class="o">/</span><span class="n">app</span>
<span class="n">RUN</span><span class="w"> </span><span class="n">groupadd</span><span class="w"> </span><span class="o">-</span><span class="n">r</span><span class="w"> </span><span class="n">app</span><span class="w"> </span><span class="o">-</span><span class="n">g</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="n">useradd</span><span class="w"> </span><span class="o">-</span><span class="n">u</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="o">-</span><span class="n">r</span><span class="w"> </span><span class="o">-</span><span class="n">g</span><span class="w"> </span><span class="n">app</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="o">/</span><span class="n">app</span><span class="w"> </span><span class="o">-</span><span class="n">s</span><span class="w"> </span><span class="o">/</span><span class="n">sbin</span><span class="o">/</span><span class="n">nologin</span><span class="w"> </span><span class="o">-</span><span class="n">c</span><span class="w"> </span><span class="ss">"App user"</span><span class="w"> </span><span class="n">app</span><span class="w"> </span><span class="o">&&</span><span class="w"> </span><span class="err">\</span>
<span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="mi">755</span><span class="w"> </span><span class="o">/</span><span class="n">app</span>
<span class="err">#</span><span class="w"> </span><span class="k">Set</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">working</span><span class="w"> </span><span class="n">directory</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="n">app</span><span class="w"> </span><span class="n">home</span><span class="w"> </span><span class="n">directory</span>
<span class="n">WORKDIR</span><span class="w"> </span><span class="o">/</span><span class="n">app</span>
<span class="err">#</span><span class="w"> </span><span class="n">Specify</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="k">user</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">execute</span><span class="w"> </span><span class="ow">all</span><span class="w"> </span><span class="n">commands</span><span class="w"> </span><span class="n">below</span>
<span class="k">USER</span><span class="w"> </span><span class="n">app</span>
</code></pre></div>
<p>You can then use this container as a base for NodeJS based applications. You copy the application to <code>/app</code> and when commands are run, they will use the user named <code>user</code>.</p>
<p>I hope this has been of some help to you. You can <a href="https://twitter.com/gbraad">follow me</a> on Twitter or leave a comment below.</p>Deployment of Ceph using custom Atomic images2016-09-07T00:00:00+08:002016-09-07T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-07:/deployment-of-ceph-using-custom-atomic-images.html<p>As part of providing a scalable infrastructure, many components in the datacenter are now moving towards software-based solutions, such as SDN (for networking) and SDS (for storage). Ceph one of these projects to provide a scalable, software-based software solution. It is often used in conjuction with OpenStack for storing disk …</p><p>As part of providing a scalable infrastructure, many components in the datacenter are now moving towards software-based solutions, such as SDN (for networking) and SDS (for storage). Ceph one of these projects to provide a scalable, software-based software solution. It is often used in conjuction with OpenStack for storing disk images and block access for volumes. Setting up an environment usually involves installing a base operating system and configuring the machine to join a storage cluster. In this article I will setup a Atomic based image that allows for fast deployment of Ceph cluster. This is not a recommended solution, but an exercise that shows how to cutomize Atomic Host and using Ansible to standup a Ceph cluster.</p>
<h2>Components</h2>
<p><a href="http://www.projectatomic.io/">Atomic</a><a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/atomic.md">*</a> Host is a new generation of Operating Systems that used to create an immutable infrastructure to deploy and scale containerized applications. For this, it uses a technology called <a href="https://ostree.readthedocs.io/en/latest/">OSTree</a><a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/ostree.md">*</a> which is a git-like model for dealing with filesystem trees. It allows different filesystems to exist alongside of each other. If a filesystem is not booting properly, it is possible to move back to the previous state.</p>
<p><a href="http://ceph.com/">Ceph</a><a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/ceph.md">*</a> is a distributed storage solution which provides Object Storage, Block Storage and FIlesystem access. Ceph comes with several software components which provides a role in the cluster, such as a monitor or storage daemon.</p>
<p><a href="https://www.ansible.com/">Ansible</a><a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/ansible.md">*</a> is a configuration and system management tool which for example can do multi-node deployment of software or execution of commands</p>
<p>Although Atomic Hosts are primarily used to deploy Docker and Kubernetes environments, or even containerized versions of the Ceph daemons, I will show how it is possible to use ostree to deploy the Ceph software on nodes, with minimal effort. Ansible is used to send commands to these nodes and finalize the configuration.</p>
<h2>Preparation</h2>
<p>For this setup we will use about 7 machines. To simplify testing, I have performed these actions on an OpenStack environment, such as <a href="https://www.dreamhost.com/cloud/computing/">DreamCompute</a>.</p>
<ul>
<li>1 controller and compose node, running Fedora 24 with IP address 10.3.0.2</li>
<li>3 Ceph monitors, running CentOS Atomic with IP addresses 10.3.0.3-5</li>
<li>3 Ceph storage nodes, running CentOS Atomic with IP addresses 10.3.0.6-8 and attached storage volume at <code>/dev/vdb</code>.</li>
</ul>
<p>To deploy you can start with setting up the Fedora node.</p>
<h3>Install controller</h3>
<p>To deploy our environment we setup a controller node which can access the other nodes in the network using SSH. In our case we will use Fedora 24. After installing the operating system, perform the following commands:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>dnf<span class="w"> </span>update<span class="w"> </span>-y
$<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>ansible<span class="w"> </span>rpm-ostree<span class="w"> </span>git<span class="w"> </span>python
$<span class="w"> </span>ssh-keygen
$<span class="w"> </span>cat<span class="w"> </span>~/.ssh/id_rsa.pub
</code></pre></div>
<p>The last two commands generate an SSH authentication key and will show the result on the command line.</p>
<h3>Atomic nodes</h3>
<p>The installation media for Atomic can be found at the main project page. It comes in two different distribution types, CentOS or Fedora. For this article I used CentOS, and downloaded it from the following location:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>wget<span class="w"> </span>http://http://cloud.centos.org/centos/7/atomic/images/CentOS-Atomic-Host-7-GenericCloud.qcow2
</code></pre></div>
<p>and uploaded it to my OpenStack environment with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>image<span class="w"> </span>create<span class="w"> </span><span class="s2">"CentOS7 Atomic"</span><span class="w"> </span>--progress<span class="w"> </span>--file<span class="w"> </span>CentOS-Atomic-Host-7-GenericCloud.qcow2<span class="w"> </span>--disk-format<span class="w"> </span>qcow2<span class="w"> </span>--container-format<span class="w"> </span>bare<span class="w"> </span>--property<span class="w"> </span><span class="nv">os_distro</span><span class="o">=</span>centos
</code></pre></div>
<p>After this, I created six identical machines, with provisioning a predefined SSH key with cloud-init which we made on the controller node. If you are not using OpenStack, you have to use a cloud-init configdrive to configure the node with the SSH key. This process is described <a href="http://www.projectatomic.io/docs/quickstart/">here</a>.</p>
<p>The storage nodes need to have to configured with a dedicated volume for use with the <code>osd</code> storage daemon of Ceph. By creating a volume and attaching them to the node, these will be identified as <code>/dev/vdb</code>. There is no need to prepapre a filesystem on them. This will be handles by the deployment scripts.</p>
<p>Note: if you want to upload disk images to DreamCompute or other Ceph-backed OpenStack image services, you have to convert the disk image to raw format first. An example of this can be found in <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/openstack/client.md#examples">an example</a> for use of the OpenStack client.</p>
<h2>Compose tree</h2>
<p>On the controller node we will create an ostree that will be used to setup the Ceph software on the Atomic host nodes. This process involves creating a definition for a filesystem tree that uses the base defintion of CentOS Atomic with the additional packages from the CentOS-specific Ceph packages.</p>
<h3>Atomic definition</h3>
<p>We will clone the git repositiory containing the base definition:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkdir<span class="w"> </span>-p<span class="w"> </span>/workspace
$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>/workspace
$<span class="w"> </span>git<span class="w"> </span>clone<span class="w"> </span>https://github.com/CentOS/sig-atomic-buildscripts.git<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-b<span class="w"> </span>downstream<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--depth<span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>ceph-atomic
</code></pre></div>
<p>Inside this folder you can add a RPM repository file where the Ceph packages are located:</p>
<p><code>ceph-atomic/centos-ceph-jewel.repo</code></p>
<div class="highlight"><pre><span></span><code><span class="k">[centos-ceph-jewel]</span>
<span class="na">name</span><span class="o">=</span><span class="s">CentOS-7 - Ceph Jewel</span>
<span class="na">baseurl</span><span class="o">=</span><span class="s">http://buildlogs.centos.org/centos/7/storage/x86_64/ceph-jewel/</span>
<span class="na">gpgcheck</span><span class="o">=</span><span class="s">0</span>
</code></pre></div>
<p>And then we will define an Atomic host for Ceph-Jewel and specify which additional repositories and packages are used:</p>
<p><code>ceph-atomic/ceph-atomic-host.json</code></p>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="w"> </span><span class="s">"include"</span><span class="p">:</span><span class="w"> </span><span class="s">"centos-atomic-host.json"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"ref"</span><span class="p">:</span><span class="w"> </span><span class="s">"centos-atomic-host/7/x86_64/ceph-jewel"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"automatic_version_prefix"</span><span class="p">:</span><span class="w"> </span><span class="s">"2016.0"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"repos"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s">"centos-ceph-jewel"</span><span class="p">,</span><span class="w"> </span><span class="s">"epel"</span><span class="p">],</span>
<span class="w"> </span><span class="s">"packages"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s">"ceph"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"ntp"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"ntpdate"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"hdparm"</span><span class="p">,</span>
<span class="w"> </span><span class="s">"autogen-libopts"</span>
<span class="w"> </span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p>Note: with <code>include</code> we base our image off an existing definition. In our case this will simplify the process, but it also means we will end up with an image with unneeded components. For our test this is not an issue.</p>
<p>After this, the defintion for the Ceph-specific Atomic host is finished. Before we can compose the ostree, we have to create and initialize the repository directory:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkdir<span class="w"> </span>-p<span class="w"> </span>/srv/repo
$<span class="w"> </span>ostree<span class="w"> </span>--repo<span class="o">=</span>/srv/repo<span class="w"> </span>init<span class="w"> </span>--mode<span class="o">=</span>archive-z2
</code></pre></div>
<p>When you perform the following command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>rpm-ostree<span class="w"> </span>compose<span class="w"> </span>tree<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--repo<span class="o">=</span>/srv/repo<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>./ceph-atomic/ceph-atomic-host.json
</code></pre></div>
<p>packages will be fetched and committed to an ostree in <code>/srv/repo</code>. After this, you will have a filesystem tree which can be served from a webserver, to be used by Atomic hosts.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>/srv/repo
$<span class="w"> </span>python<span class="w"> </span>-m<span class="w"> </span>SimpleHTTPServer
</code></pre></div>
<p>This will serve the content from <code>/srv/repo</code> on the endpoint <code>http://10.3.0.2:8000/</code>.</p>
<h2>Deployment</h2>
<p>To get the Atomic hosts to use the tree, the following commands will have to be used to provision the Ceph-based filesystem tree:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>su<span class="w"> </span>-
$<span class="w"> </span>setenforce<span class="w"> </span><span class="m">0</span>
$<span class="w"> </span>ostree<span class="w"> </span>remote<span class="w"> </span>add<span class="w"> </span>--set<span class="o">=</span>gpg-verify<span class="o">=</span><span class="nb">false</span><span class="w"> </span>atomic-ceph<span class="w"> </span>http://10.3.0.2:8000/
$<span class="w"> </span>rpm-ostree<span class="w"> </span>rebase<span class="w"> </span>atomic-ceph:centos-atomic-host/7/x86_64/ceph-jewel
$<span class="w"> </span>systemctl<span class="w"> </span>reboot
</code></pre></div>
<p>This is however very cumbersome as we have to do this on six nodes. To optimize this process, we will use Ansible.</p>
<p>Note: <code>setenforce 0</code> is used to prevent issue with SELinux label during the rebase action.</p>
<h3>OSTree provisioning using Ansible</h3>
<p>Create a file called <code>hosts</code> in your home directory with the following content:</p>
<p><code>~/hosts</code></p>
<div class="highlight"><pre><span></span><code><span class="k">[mons]</span>
<span class="na">atomic-01 ansible_ssh_host</span><span class="o">=</span><span class="s">10.3.0.3</span>
<span class="na">atomic-02 ansible_ssh_host</span><span class="o">=</span><span class="s">10.3.0.4</span>
<span class="na">atomic-03 ansible_ssh_host</span><span class="o">=</span><span class="s">10.3.0.5</span>
<span class="k">[osds]</span>
<span class="na">atomic-04 ansible_ssh_host</span><span class="o">=</span><span class="s">10.3.0.6</span>
<span class="na">atomic-05 ansible_ssh_host</span><span class="o">=</span><span class="s">10.3.0.7</span>
<span class="na">atomic-06 ansible_ssh_host</span><span class="o">=</span><span class="s">10.3.0.8</span>
</code></pre></div>
<p>To test if the nodes are reachable, use the following command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ansible<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>all<span class="w"> </span>-u<span class="w"> </span>centos<span class="w"> </span>-s<span class="w"> </span>-m<span class="w"> </span>ping
</code></pre></div>
<p>If no error occurs, you are all set.</p>
<p>Using Ansible and the hosts file we can perform these commands on all the nodes.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ansible<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>all<span class="w"> </span>-u<span class="w"> </span>centos<span class="w"> </span>-s<span class="w"> </span>-m<span class="w"> </span>shell<span class="w"> </span>-a<span class="w"> </span><span class="s2">"setenforce 0"</span>
$<span class="w"> </span>ansible<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>all<span class="w"> </span>-u<span class="w"> </span>centos<span class="w"> </span>-s<span class="w"> </span>-m<span class="w"> </span>shell<span class="w"> </span>-a<span class="w"> </span><span class="s2">"ostree remote add --set=gpg-verify=false atomic-ceph http://10.3.0.2:8000/"</span>
$<span class="w"> </span>ansible<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>all<span class="w"> </span>-u<span class="w"> </span>centos<span class="w"> </span>-s<span class="w"> </span>-m<span class="w"> </span>shell<span class="w"> </span>-a<span class="w"> </span><span class="s2">"rpm-ostree rebase atomic-ceph:centos-atomic-host/7/x86_64/ceph-jewel"</span>
$<span class="w"> </span>ansible<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>all<span class="w"> </span>-u<span class="w"> </span>centos<span class="w"> </span>-s<span class="w"> </span>-m<span class="w"> </span>shell<span class="w"> </span>-a<span class="w"> </span><span class="s2">"systemctl disable docker"</span>
$<span class="w"> </span>ansible<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>all<span class="w"> </span>-u<span class="w"> </span>centos<span class="w"> </span>-s<span class="w"> </span>-m<span class="w"> </span>shell<span class="w"> </span>-a<span class="w"> </span><span class="s2">"systemctl reboot"</span>
</code></pre></div>
<p>The last command will throw errors, but this is expected as the connection to the node is dropped. To check if the nodes are up again, you can perform the previous ping test again.</p>
<p>Note: since we based on the original CentOS Atomic host image, it will have Docker installed. For this article we do not use it, so it is best to disable it.</p>
<h2>Deployment using <code>ceph-ansible</code></h2>
<p>If the previous step succeeded you would have six atomic hosts that are ready to be configured to form a small Ceph cluster; 3 nodes will serve the role of monitor, while the other nodes will be storage nodes with an attached volume at <code>/dev/vdb</code>. For the deployment we will use <code>ceph-ansible</code>. This is a collection of playbooks to help with common scenarios for a Ceph storage cluster.</p>
<p>From your home folder perform the following command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>clone<span class="w"> </span>https://github.com/ceph/ceph-ansible.git<span class="w"> </span>--depth<span class="w"> </span><span class="m">1</span>
</code></pre></div>
<p>This will clone the latest version of the playbooks. But before we can use them, we will need to configure it for our setup. But before we do, we initialize it with the base configuration. Take note that we will re-use our previosuly used <code>~/hosts</code> file for Ansible.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>ceph-ansible
$<span class="w"> </span>cp<span class="w"> </span>site.yml.sample<span class="w"> </span>site.yml
$<span class="w"> </span>cp<span class="w"> </span>group_vars/all.sample<span class="w"> </span>group_vars/all
$<span class="w"> </span>cp<span class="w"> </span>group_vars/mons.sample<span class="w"> </span>group_vars/mons
$<span class="w"> </span>cp<span class="w"> </span>group_vars/osds.sample<span class="w"> </span>group_vars/osds
$<span class="w"> </span>ln<span class="w"> </span>-s<span class="w"> </span>~/hosts<span class="w"> </span>hosts
</code></pre></div>
<p>We will now customize the configuration by changing the following files and add the shows content to the top of the file:</p>
<p><code>group_vars/all</code></p>
<div class="highlight"><pre><span></span><code><span class="n">cluster_network</span><span class="o">:</span><span class="w"> </span><span class="mf">10.3</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">24</span>
<span class="n">generate_fsid</span><span class="o">:</span><span class="w"> </span><span class="s1">'true'</span>
<span class="n">ceph_origin</span><span class="o">:</span><span class="w"> </span><span class="n">distro</span>
<span class="n">monitor_interface</span><span class="o">:</span><span class="w"> </span><span class="n">eth0</span>
<span class="n">public_network</span><span class="o">:</span><span class="w"> </span><span class="mf">10.3</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">24</span>
<span class="n">journal_size</span><span class="o">:</span><span class="w"> </span><span class="mi">5120</span>
<span class="n">group_vars</span><span class="o">/</span><span class="n">mons</span>
<span class="n">cephx</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span>
</code></pre></div>
<p><code>group_vars/mons</code></p>
<div class="highlight"><pre><span></span><code><span class="n">cephx</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span>
</code></pre></div>
<p><code>group_vars/osds</code></p>
<div class="highlight"><pre><span></span><code><span class="n">journal_collocation</span><span class="o">:</span><span class="w"> </span><span class="kc">true</span>
<span class="n">cephx</span><span class="o">:</span><span class="w"> </span><span class="kc">false</span>
<span class="n">devices</span><span class="o">:</span>
<span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="sr">/dev/</span><span class="n">vdb</span>
</code></pre></div>
<p>After these changes are made, you have setup to use Ceph packages as provided by the distribution, and to deploy as a storage cluster on 10.3.0.0/24.</p>
<p>To deploy the storage cluster, all we need to do now is to run the playbook named <code>site.yml</code> and skipping the tags named <code>with_pkg</code> and <code>package-install</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ansible-playbook<span class="w"> </span>-i<span class="w"> </span>hosts<span class="w"> </span>site.yml<span class="w"> </span>--skip-tags<span class="w"> </span>with_pkg,package-install
</code></pre></div>
<p>After this finishes a storage cluster should be available.</p>
<h2>Conclusion</h2>
<p>This article showed how it is possible to customize an Atomic host image for a specific use-case and use this for deployment of a simple Ceph cluster. Using ostree it is possible to move between different trees, allowing a collection of packages to be upgraded in an atomic fashion. And when there is a failure for some reason, it is possible to rollback to the previous tree and allow the node to function in the former state.</p>
<p>This is part of the setup I usefor automated builds of Ceph packages and deployment tests. If you have questions about specific parts, please let me know on Twitter at <a href="https://twitter.com/gbraad">@gbraad</a> or by email. Input is appreciated as this can help with writing of future articles.</p>
<h2>Links</h2>
<p>Some information that can help with customizing your own images:</p>
<ul>
<li><a href="https://github.com/jasonbrooks/byo-atomic">Build your own Atomic</a>, and my <a href="http://gitlab.com/gbraad/byo-atomic">automated build</a></li>
<li><a href="https://gitlab.com/gbraad/ceph-atomic/">Tree definition</a></li>
<li><a href="https://gbraad.gitlab.io/byo-atomic-ceph/">Remote location</a></li>
<li><a href="https://gitlab.com/gbraad/byo-atomic-ceph/builds">Automated build</a></li>
</ul>Setting up a powerful self-hosted IDE in the cloud2016-09-06T00:00:00+08:002016-09-06T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-09-06:/setting-up-a-powerful-self-hosted-ide-in-the-cloud.html<p>Setting up infrastructure should be as simple as playing with LEGO. With the advent of Docker, IT has underwent a dramatic change. For instance, it became easy to setup throw-away development environments. These could then be used to create clean environments to perform builds in. And eventually, containers are starting …</p><p>Setting up infrastructure should be as simple as playing with LEGO. With the advent of Docker, IT has underwent a dramatic change. For instance, it became easy to setup throw-away development environments. These could then be used to create clean environments to perform builds in. And eventually, containers are starting to move into the general infrastructure . This is a transaction that is currently still happening, helped by tools as Docker Swarm and Kubernetes. In this short article I will show how these ideas can help in setting up a composable infrastructure, providing you with a powerful IDE in the cloud, full with Let's Encrypt certificate generation.</p>
<h2>Cloud9</h2>
<p>We will be deploying C9, or Cloud9 IDE, is a full IDE which can be accessed from your browser. For convenience of use, I created a containerized version of this some while back and have ever since been using it. Although,, C9 also has a hosted environment, I grew worried after Amazon acquired the company. Support has since been slower to respond and this made me look into other ways to provide an alternative approach. After some testing with Docker Cloud it seemed like a good idea to deploy a self-hosted alternative.</p>
<p>But first about one of the main components. The <a href="https://hub.docker.com/r/gbraad/c9ide/">container</a> I created exposes port 8181, which is an unsecured endpoint. It allows you to simply setup a local instance with:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">alias</span><span class="w"> </span><span class="nv">c9ide</span><span class="o">=</span><span class="s1">'docker run -it --rm -v $PWD:/workspace gbraad/c9ide:u1604'</span>
$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>~/Projects/gauth
$<span class="w"> </span>c9ide
</code></pre></div>
<p>This would however work for a local environment and does not provide a secure solution. More was needed... such as secure solution and preferably automated. For this Nginx and Let's Encrypt is used. More information about Cloud9 can be found in my Knowledge Base <a href="https://github.com/gbraad/knowledge-base/blob/master/technology/c9ide.md">article</a><a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/c9ide.md">*</a>.</p>
<h2>Preparation</h2>
<p>To deploy the environment I used <a href="http://fedoraproject.org">Fedora</a> 24. Most cloud providers provide this as an image. In my case, <a href="https://www.citycloud.com">CityCloud</a> provided the latest version after placing a simple request. You can consider any size, but the more storage and memory, the better the performance will be. I set up a 4G and 2 cores instance, with 50G of storage. After logging in, perform the following commands</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>sudo<span class="w"> </span>su<span class="w"> </span>-
$<span class="w"> </span>dnf<span class="w"> </span>update<span class="w"> </span>-y
$<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>docker
$<span class="w"> </span>setenforce<span class="w"> </span><span class="m">0</span>
$<span class="w"> </span>sed<span class="w"> </span><span class="s1">'s/SELINUX=targeted/SELINUX=permisssive/g'</span><span class="w"> </span>/etc/selinux/config
$<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>docker
$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>docker
</code></pre></div>
<p>Note: SELinux is disabled because we will have a volume attached to the IDE container where the workspace will be located. We can however fix this, but this is something for a future blog post.</p>
<h3>Setup DNS</h3>
<p>After this, you host machine should be ready to host containers to will make up our environment. before we continue, we need to be sure we have DNS configured that can point to the running containers that host the C9 IDE. I used <a href="https://www.cloudflare.com">CloudFlare</a> and setup the following wildcard for my environment. </p>
<p><img alt="" src="https://cdn.gbraad.nl/images/blog/c9ide-dns.png"></p>
<p>With this each hostname, such as <code>ubuntu.c9ide.spotsnel.net</code> would point to the same machine that hosts our development containers.</p>
<h3>Deploy Nginx</h3>
<p>To allow a hostname to be resolved to a 'local' end-point a reverse proxy is needed. Jason Wilder created a container for this purpose called <code>nginx-proxy</code>. It needs access to the <code>docker.sock</code> to be notified of changes and it will accordingly create an endpoint in the hosted Nginx. For more information about this, please read <a href="https://hub.docker.com/r/jwilder/nginx-proxy/">nginx-proxy</a>'s description on Docker hub.</p>
<div class="highlight"><pre><span></span><code><span class="c1"># docker run -d -p 80:80 -p 443:443 \</span>
<span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="w"> </span><span class="n">nginx</span><span class="o">-</span><span class="n">proxy</span><span class="w"> </span>\
<span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">/</span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">certs</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">certs</span><span class="p">:</span><span class="n">ro</span><span class="w"> </span>\
<span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">vhost</span><span class="o">.</span><span class="n">d</span><span class="w"> </span>\
<span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="w"> </span>\
<span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">docker</span><span class="o">.</span><span class="n">sock</span><span class="p">:</span><span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">docker</span><span class="o">.</span><span class="n">sock</span><span class="p">:</span><span class="n">ro</span><span class="w"> </span>\
<span class="w"> </span><span class="n">jwilder</span><span class="o">/</span><span class="n">nginx</span><span class="o">-</span><span class="n">proxy</span>
</code></pre></div>
<p>Opening any address pointing to this host would know result in a 503 error. This means that Nginx is listening and can not forward the request. We will deal with this later.</p>
<h2>Deploy Let's Encrypt companion</h2>
<p>Setting up a secure connection involves certificates which can be quite a hassle to obtain, and if trust of security is concerned, even very expensive. Luckily, initiatives exist that believe security should be available to all and <a href="https://letsencrypt.org">Let's Encrypt</a> provides a fully automated solution. Using the <code>letsencrypt-nginx-proxy-companion</code> container created by Yves Blusseau, it is possible allow the proxy container to be provisioned with the needed certificates. More information about <a href="https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion/">this container</a> can be found at Docker hub.</p>
<div class="highlight"><pre><span></span><code><span class="c1"># docker run -d \</span>
<span class="w"> </span><span class="o">--</span><span class="n">name</span><span class="w"> </span><span class="n">nginx</span><span class="o">-</span><span class="n">proxy</span><span class="o">-</span><span class="n">letsencrypt</span><span class="w"> </span>\
<span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">/</span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">certs</span><span class="p">:</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">certs</span><span class="p">:</span><span class="n">rw</span><span class="w"> </span>\
<span class="w"> </span><span class="o">--</span><span class="n">volumes</span><span class="o">-</span><span class="n">from</span><span class="w"> </span><span class="n">nginx</span><span class="o">-</span><span class="n">proxy</span><span class="w"> </span>\
<span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">docker</span><span class="o">.</span><span class="n">sock</span><span class="p">:</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">docker</span><span class="o">.</span><span class="n">sock</span><span class="p">:</span><span class="n">ro</span><span class="w"> </span>\
<span class="w"> </span><span class="n">jrcs</span><span class="o">/</span><span class="n">letsencrypt</span><span class="o">-</span><span class="n">nginx</span><span class="o">-</span><span class="n">proxy</span><span class="o">-</span><span class="n">companion</span>
</code></pre></div>
<p>Unfortunately we do not have a way to really test this. But if the container starts correctly and does not terminate, it is likely working correctly, waiting for notifications of newly created containers.</p>
<h2>Explanation</h2>
<p>Containers that provide metadata in the form of environment variables, indicate to these service containers what the endpoint will be.</p>
<p>The <code>nginx-proxy</code> service uses <code>VIRTUAL_HOST</code> to know what the hostname endpoint will be. While the Let's Encrypt companion service uses <code>LETSENCRYPT_HOST</code> for this. In the rest of this article the endpoints will be the same. With <code>LETSENCRYPT_EMAIL</code> we indicate to who the certificate will be addressed.</p>
<h2>C9 IDE</h2>
<p>The container hosting C9 is available in different flavors. I have created them based on CentOS 7, Fedora 24 and Ubuntu Xenail (16.04). To prepare, it is a good idea to pull the images locally:</p>
<div class="highlight"><pre><span></span><code># docker pull gbraad/c9ide:c7
# docker pull gbraad/c9ide:f24
# docker pull gbraad/c9ide:u1604
</code></pre></div>
<p>To setup the containers as endpoints, I created the following helper script. It will deal with setting up the host and email for login to the container.</p>
<p><code>./create.sh [name] [host] [email] [password] [flavor] [volume]</code></p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/bin/sh -x</span>
<span class="nb">set</span><span class="w"> </span>-e
<span class="nv">NAME</span><span class="o">=</span><span class="si">${</span><span class="nv">1</span><span class="k">:-</span><span class="s2">"test"</span><span class="si">}</span>
<span class="nv">HOST</span><span class="o">=</span><span class="si">${</span><span class="nv">2</span><span class="k">:-</span><span class="si">${</span><span class="nv">NAME</span><span class="si">}</span><span class="s2">".local"</span><span class="si">}</span>
<span class="nv">USER</span><span class="o">=</span><span class="si">${</span><span class="nv">3</span><span class="k">:-</span><span class="s2">"nobody@local"</span><span class="si">}</span>
<span class="nv">PASS</span><span class="o">=</span><span class="si">${</span><span class="nv">4</span><span class="k">:-</span><span class="s2">"secrete"</span><span class="si">}</span>
<span class="nv">FLAVOR</span><span class="o">=</span><span class="si">${</span><span class="nv">5</span><span class="k">:-</span><span class="s2">"u1604"</span><span class="si">}</span><span class="w"> </span><span class="c1"># c7, f24, u1604</span>
<span class="nv">VOLUME</span><span class="o">=</span><span class="si">${</span><span class="nv">6</span><span class="k">:-</span><span class="s2">"/workspaces/c9ide-"</span><span class="si">${</span><span class="nv">NAME</span><span class="si">}}</span>
mkdir<span class="w"> </span>-p<span class="w"> </span><span class="si">${</span><span class="nv">VOLUME</span><span class="si">}</span>
docker<span class="w"> </span>run<span class="w"> </span>-d<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>--name<span class="w"> </span><span class="si">${</span><span class="nv">NAME</span><span class="si">}</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-v<span class="w"> </span><span class="si">${</span><span class="nv">VOLUME</span><span class="si">}</span>:/workspace:rw<span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="s2">"VIRTUAL_HOST=</span><span class="si">${</span><span class="nv">HOST</span><span class="si">}</span><span class="s2">"</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="s2">"LETSENCRYPT_HOST=</span><span class="si">${</span><span class="nv">HOST</span><span class="si">}</span><span class="s2">"</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="s2">"LETSENCRYPT_EMAIL=</span><span class="si">${</span><span class="nv">USER</span><span class="si">}</span><span class="s2">"</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="s2">"USERNAME=</span><span class="si">${</span><span class="nv">USER</span><span class="si">}</span><span class="s2">"</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>-e<span class="w"> </span><span class="s2">"PASSWORD=</span><span class="si">${</span><span class="nv">PASS</span><span class="si">}</span><span class="s2">"</span><span class="w"> </span><span class="se">\</span>
<span class="w"> </span>gbraad/c9ide:<span class="si">${</span><span class="nv">FLAVOR</span><span class="si">}</span>
</code></pre></div>
<p>The <code>USERNAME</code> and <code>PASSWORD</code> are used to perform basic authentication. As you can see, the email address used for the certificates is also used for the username for login. This can of course customized.
After this, </p>
<div class="highlight"><pre><span></span><code><span class="err">#</span><span class="w"> </span><span class="n">chmod</span><span class="w"> </span><span class="o">+</span><span class="n">x</span><span class="w"> </span><span class="k">create</span><span class="p">.</span><span class="n">sh</span>
<span class="err">#</span><span class="w"> </span><span class="n">mkdir</span><span class="w"> </span><span class="o">/</span><span class="n">workspaces</span>
<span class="err">#</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="k">create</span><span class="p">.</span><span class="n">sh</span><span class="w"> </span><span class="n">ubuntu</span><span class="w"> </span><span class="n">ubuntu</span><span class="p">.</span><span class="n">c9ide</span><span class="p">.</span><span class="n">spotsnel</span><span class="p">.</span><span class="n">net</span><span class="w"> </span><span class="n">me</span><span class="nv">@gbraad</span><span class="p">.</span><span class="n">nl</span><span class="w"> </span><span class="n">verysecrete</span>
<span class="err">#</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="k">create</span><span class="p">.</span><span class="n">sh</span><span class="w"> </span><span class="n">centos</span><span class="w"> </span><span class="n">quentin</span><span class="p">.</span><span class="n">c9ide</span><span class="p">.</span><span class="n">spotsnel</span><span class="p">.</span><span class="n">net</span><span class="w"> </span><span class="n">me</span><span class="nv">@quentinyong</span><span class="p">.</span><span class="n">nl</span><span class="w"> </span><span class="n">verysecrete</span><span class="w"> </span><span class="n">c7</span>
</code></pre></div>
<p>will create two containers, hosted at <code>ubuntu.c9ide.spotsnel.net</code> and <code>quentin.c9ide.spotsnel.net</code>. Notice that I used <code>/workspaces</code> to provide the storage location for all the host containers. Make sure this is hosted on a separate mountpoint for instance. </p>
<p>Now open your IDE by opening <a href="https://ubuntu.c9ide.spotsnel.net">https://ubuntu.c9ide.spotsnel.net</a> in your browser. If all goes well, you will be created by a login prompt. The username is <code>me@gbraad.nl</code> and the password <code>verysecrete</code>.</p>
<p><img alt="" src="https://cdn.gbraad.nl/images/blog/c9ide-final.png"></p>
<p>In future articles I will detail more about the composability of infrastructure. if you enjoyed this article, consider tweeting about it. If you have comments, please find me online at <a href="http://twitter.com/gbraad">@gbraad</a>.</p>Hello, Internet!2016-08-08T00:00:00+08:002016-08-08T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-08-08:/hello-internet.html<p>Today I decided to pick up blogging again and asked the question; what to use? I had a simple requirement; 'it has to support Markdown-formatted documents'. The reasoning behind this is simple; I want to be able to use <code>Pandoc</code> to generate other kinds of output if needed. Plus GitBook …</p><p>Today I decided to pick up blogging again and asked the question; what to use? I had a simple requirement; 'it has to support Markdown-formatted documents'. The reasoning behind this is simple; I want to be able to use <code>Pandoc</code> to generate other kinds of output if needed. Plus GitBook has an online editor which allows me to write the articles as if they are chapters in a book.</p>
<p>Chris Smart, who is the creator of the Korora project, suggested me to have a look at Pelican. So I did, and this resulted in the blog you are reading at the moment.</p>
<p>Publication is all automated using GitLab CI runners. The project for this is available at <a href="https://gitlab.com/gbraad/blog">blog</a>. For the moment it is still a test and I will try to theme it over the coming days. Anyways, progress can be tracked here...</p>Software Distribution for a new era2016-07-30T00:00:00+08:002016-09-10T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-07-30:/software-distribution-for-a-new-era.html<p>In this presentation I will introduce Software Distribution for a new era. In
short it will explain the negatives of using packages, how 'containers' improved
on this, but now how to make this available for use on servers and desktops. </p>
<p>In short it will talk about the following topics:</p>
<ul>
<li>container …</li></ul><p>In this presentation I will introduce Software Distribution for a new era. In
short it will explain the negatives of using packages, how 'containers' improved
on this, but now how to make this available for use on servers and desktops. </p>
<p>In short it will talk about the following topics:</p>
<ul>
<li>container and Docker</li>
<li>FlatPak</li>
<li>OSTree</li>
<li>Project Atomic (Fedora, CentOS)</li>
</ul>
<h2>Presentation</h2>
<iframe src="http://gbraad.gitlab.io/software-distribution-for-a-new-era/slides.html" width="1024" height="768">
<p>Your browser does not support iframes.</p>
</iframe>
<h2>Feedback</h2>
<p>If you have any suggestion, please discuss below or send me an email.</p>
<p>Note: the original presentation can be found at: <a href="https://gitlab.com/gbraad/software-distribution-for-a-new-era">Software Distribution for a new era</a></p>Deploying OpenStack using TripleO2016-05-18T00:00:00+08:002016-09-10T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2016-05-18:/deploying-openstack-using-tripleo.html<p>In this article we will deploy an OpenStack environment using TripleO using
the <code>tripleo-quickstart</code> scripts. It will create a virtualized environment
which consists of 1 Undercloud node and in total 9 nodes in the Overcloud;
3 controller nodes (High Availability), 3 compute nodes and 3 Ceph storage
nodes.</p>
<h2>What is …</h2><p>In this article we will deploy an OpenStack environment using TripleO using
the <code>tripleo-quickstart</code> scripts. It will create a virtualized environment
which consists of 1 Undercloud node and in total 9 nodes in the Overcloud;
3 controller nodes (High Availability), 3 compute nodes and 3 Ceph storage
nodes.</p>
<h2>What is TripleO, <em>undercloud</em> and <em>overcloud</em>?</h2>
<p><a href="https://wiki.openstack.org/wiki/TripleO">TripleO</a> is a deployment method in
which a dedicated OpenStack management environment is used to deploy another
OpenStack environment which is used for the workload. The management environment
is contained in a single machine, called the <em>undercloud</em>. This OpenStack
environment takes care of the monitoring and management of what is known as the
<em>overcloud</em>. The <em>overcloud</em> is the actual OpenStack environment that will run
the workload.</p>
<h2>Prerequisites</h2>
<p>It is preferred to use a dedicated server for the following instructions.
Consider using 32G of memory and have enough diskspace available in <code>/home</code>.
This target node has to be using CentOS 7 (or RHEL7).</p>
<h2>Prepare for deployment</h2>
<p>The deployment can be done from a workstation targeting a server, or from the
server itself. Whatever your preferred method is, you will need the
<a href="https://github.com/openstack/tripleo-quickstart">tripleo-quickstart</a> scripts.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>curl<span class="w"> </span>-O<span class="w"> </span>https://raw.githubusercontent.com/openstack/tripleo-quickstart/master/quickstart.sh
$<span class="w"> </span>chmod<span class="w"> </span>u+x<span class="w"> </span>quickstart.sh
$<span class="w"> </span>./quickstart.sh<span class="w"> </span>--install-deps
</code></pre></div>
<p>This will install the dependencies used by the <code>quickstart.sh</code> script. Now you
need to prepare the target node. Make sure you can login to this server without
a password.</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">export</span><span class="w"> </span><span class="n">VIRTHOST</span><span class="o">=[</span><span class="n">target</span><span class="o">]</span>
<span class="err">$</span><span class="w"> </span><span class="n">ssh</span><span class="o">-</span><span class="n">copy</span><span class="o">-</span><span class="n">id</span><span class="w"> </span><span class="n">root</span><span class="err">@$</span><span class="n">VIRTHOST</span>
<span class="err">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">root</span><span class="err">@$</span><span class="n">VIRTHOST</span><span class="w"> </span><span class="n">uname</span><span class="w"> </span><span class="o">-</span><span class="n">a</span>
</code></pre></div>
<p>This article witll not describe the setup of passwordless or key-based
authentication with SSH. If issues occur, please verify you have a generated
keyset. If not, generate one with <code>ssh-keygen</code>. For further information please
consult the <code>man</code> page or verify online.</p>
<h2>Cache deployment images locally</h2>
<p>Although this step is not necessary, you can pre-download the images and cache
them locally. This can be helpful if you want to perform the deployment using
different images and/or suffer from bad connectivity.</p>
<p>The location if the images is currently at <code>http://artifacts.ci.centos.org/rdo/images/{{release}}/delorean/stable/undercloud.qcow2</code>.</p>
<p>To download the <em>mitaka</em> image, you can do this with</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>mkdir<span class="w"> </span>/var/lib/oooq-images
$<span class="w"> </span>curl<span class="w"> </span>http://artifacts.ci.centos.org/rdo/images/mitaka/delorean/stable/undercloud.qcow2<span class="w"> </span>-o<span class="w"> </span>/var/lib/oooq-images/undercloud-mitaka.qcow2
</code></pre></div>
<h2>Deployment configuration file</h2>
<p>We will create a virtual environment for out TripleO deployment. This will
provide you with the knowledge you need to perform a bare-metal installation.</p>
<p>You can define the node deployment inside a configuration file, eg. called
<code>deploy-config.yml</code>. This will contain the following:</p>
<div class="highlight"><pre><span></span><code>overcloud_nodes:
<span class="k">-</span> name: control_0
flavor: control
<span class="k">-</span> name: control_1
flavor: control
<span class="k">-</span> name: control_2
flavor: control
<span class="k">-</span> name: compute_0
flavor: compute
<span class="k">-</span> name: compute_1
flavor: compute
<span class="k">-</span> name: compute_2
flavor: compute
<span class="k">-</span> name: storage_0
flavor: ceph
<span class="k">-</span> name: storage_1
flavor: ceph
<span class="k">-</span> name: storage_2
flavor: ceph
extra_args: "--control-scale 3 --ceph-storage-scale 3 -e /usr/share/openstack-tripleo-heat-templates/environments/puppet-pacemaker.yaml --ntp-server pool.ntp.org"
</code></pre></div>
<p>Nodes can be assigned a role by setting the flavor:</p>
<ul>
<li><code>control</code> sets up a controller node, which also handles the network.</li>
<li><code>compute</code> sets up a Nova compute node.</li>
<li><code>ceph</code> sets up a node for Ceph storage.</li>
</ul>
<p>The extra arguments allow you to modify the deployment that is performed.</p>
<ul>
<li><code>--control-scale 3</code> instructs the deployment to assign 3 nodes with the
controller role.</li>
<li><code>--ceph-storage-scale 3</code> instructs the deployment to assign 3 nodes to
be used for the Ceph storage backend.</li>
<li><code>-e puppet-pacemaker.yaml</code> will setup pacemaker HA for the controller
nodes</li>
<li><code>--ntp-server pool.ntp.org</code> will sync time on the nodes using NTP.</li>
</ul>
<p>Note: if you want to use all compute nodes at once, include <code>--compute-scale 3</code>. But in this article I am using these additional nodes for scale out.</p>
<h2>Perform deployment</h2>
<p>Now you can perform the <em>undercloud</em> deployment using:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>./quickstart.sh<span class="w"> </span>--config<span class="w"> </span>deploy-config.yml<span class="w"> </span>--undercloud-image-url<span class="w"> </span>file:///var/lib/oooq-images/undercloud-mitaka.qcow2<span class="w"> </span><span class="nv">$VIRTHOST</span>
</code></pre></div>
<p>But before you do, please continue reading about the <code>Deployment scripts</code>.</p>
<p>The previous command will target the node as specified with the <code>$VIRTHOST</code>
environment variable, and according to the <code>deploy-config.yml</code> which we defined
earlier.</p>
<p>It will login to this node and create a <code>stack</code> user which will be running the
virtual machines. Later we will inspect this. After creating the virtual
machines it will prepare the <code>undercloud</code> machine. After this, you still need to
start the actual deployment. </p>
<h2>Deployment scripts</h2>
<p>To login to the undercloud:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ssh<span class="w"> </span>-F<span class="w"> </span><span class="nv">$OPT_WORKDIR</span>/ssh.config.ansible<span class="w"> </span>undercloud
</code></pre></div>
<p>The undercloud is not fully prepared, you would have to do so with the following
scripts.</p>
<p>Undercloud (management)</p>
<ul>
<li><code>undercloud-install.sh</code> will run the undercloud install and execute
diskimage elements.</li>
<li><code>undercloud-post-install.sh</code> will perform all pre-deploy steps, such as
uploading the images to <em>glance</em></li>
</ul>
<p>Overcloud (workload)</p>
<ul>
<li><code>overcloud-deploy.sh</code> will deploy the overcloud, creating a <em>heat</em> stack
and will use the nodes as defined in <code>instack-env.json</code> and the extra
arguments given in the deployment configuration.</li>
<li><code>overcloud-deploy-post.sh</code> will do any post-deploy configuration
such as writing a local <code>/etc/hosts</code> file.</li>
<li><code>overcloud-validate.sh</code> will run post-deploy validation, like a
<em>pingtest</em> and possible <em>tempest</em></li>
</ul>
<p>You can run these scripts one by one... or install the whole <em>undercloud</em> and
<em>overcloud</em> using the command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>./quickstart.sh<span class="w"> </span>--tags<span class="w"> </span>all<span class="w"> </span>--config<span class="w"> </span>deploy-config.yml<span class="w"> </span>--undercloud-image-url<span class="w"> </span>file:///var/lib/oooq-images/undercloud-mitaka.qcow2<span class="w"> </span><span class="nv">$VIRTHOST</span>
</code></pre></div>
<p>Using <code>--tags all</code> will instruct ansible to perform all the steps and scripts
as previously described. I suggest you to run the steps first each one by one
and look into the scripts itself to understand how they interact with
<code>python-tripleoclient</code> (eg. <code>openstack undercloud</code> and <code>openstack overcloud</code>).</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">undercloud</span><span class="o">-</span><span class="n">install</span><span class="p">.</span><span class="n">sh</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">undercloud</span><span class="o">-</span><span class="n">post</span><span class="o">-</span><span class="n">install</span><span class="p">.</span><span class="n">sh</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">overcloud</span><span class="o">-</span><span class="n">deploy</span><span class="p">.</span><span class="n">sh</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">overcloud</span><span class="o">-</span><span class="n">deploy</span><span class="o">-</span><span class="n">post</span><span class="p">.</span><span class="n">sh</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">overcloud</span><span class="o">-</span><span class="n">validate</span><span class="p">.</span><span class="n">sh</span>
</code></pre></div>
<h2>Undercloud node</h2>
<p>After running these commands, you will have a fully deployed environment.
You can verify this from the <em>undercloud</em> node.</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="w"> </span><span class="n">stackrc</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">ironic</span><span class="w"> </span><span class="n">node</span><span class="o">-</span><span class="n">list</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+-----------+--------------------------------------+-------------+--------------------+-------------+</span>
<span class="c">| UUID | Name | Instance UUID | Power State | Provisioning State | Maintenance |</span>
<span class="nb">+--------------------------------------+-----------+--------------------------------------+-------------+--------------------+-------------+</span>
<span class="c">| 5c4f1ad5</span><span class="nb">-</span><span class="c">3cea</span><span class="nb">-</span><span class="c">41c2</span><span class="nb">-</span><span class="c">8fa8</span><span class="nb">-</span><span class="c">f3468e660447 | control</span><span class="nb">-</span><span class="c">0 | aea0add0</span><span class="nb">-</span><span class="c">f638</span><span class="nb">-</span><span class="c">4a41</span><span class="nb">-</span><span class="c">97ca</span><span class="nb">-</span><span class="c">a2a64ac083a5 | None | active | True |</span>
<span class="c">| 0a0bf5e8</span><span class="nb">-</span><span class="c">e903</span><span class="nb">-</span><span class="c">4f77</span><span class="nb">-</span><span class="c">be35</span><span class="nb">-</span><span class="c">0a49f4da5109 | control</span><span class="nb">-</span><span class="c">1 | 75778a5e</span><span class="nb">-</span><span class="c">5e65</span><span class="nb">-</span><span class="c">48bc</span><span class="nb">-</span><span class="c">9934</span><span class="nb">-</span><span class="c">d4cb203fad86 | None | active | True |</span>
<span class="c">| 12aa12d2</span><span class="nb">-</span><span class="c">0023</span><span class="nb">-</span><span class="c">48ac</span><span class="nb">-</span><span class="c">89d2</span><span class="nb">-</span><span class="c">4e138f6eef08 | control</span><span class="nb">-</span><span class="c">2 | f74b2b00</span><span class="nb">-</span><span class="c">0c01</span><span class="nb">-</span><span class="c">44a5</span><span class="nb">-</span><span class="c">917e</span><span class="nb">-</span><span class="c">45fff058f2fa | None | active | True |</span>
<span class="c">| 6a0533a2</span><span class="nb">-</span><span class="c">d91f</span><span class="nb">-</span><span class="c">4f45</span><span class="nb">-</span><span class="c">acbb</span><span class="nb">-</span><span class="c">5f5f231c8986 | compute</span><span class="nb">-</span><span class="c">0 | None | None | available | True |</span>
<span class="c">| e8663954</span><span class="nb">-</span><span class="c">4da8</span><span class="nb">-</span><span class="c">4027</span><span class="nb">-</span><span class="c">9226</span><span class="nb">-</span><span class="c">f9f053f269d9 | compute</span><span class="nb">-</span><span class="c">1 | 113afdbd</span><span class="nb">-</span><span class="c">0afa</span><span class="nb">-</span><span class="c">481c</span><span class="nb">-</span><span class="c">a744</span><span class="nb">-</span><span class="c">90276907b8e2 | None | active | True |</span>
<span class="c">| 06679c73</span><span class="nb">-</span><span class="c">97a2</span><span class="nb">-</span><span class="c">4de0</span><span class="nb">-</span><span class="c">b676</span><span class="nb">-</span><span class="c">193a3e182fcf | compute</span><span class="nb">-</span><span class="c">2 | None | None | available | True |</span>
<span class="c">| a6ef4bce</span><span class="nb">-</span><span class="c">941c</span><span class="nb">-</span><span class="c">407d</span><span class="nb">-</span><span class="c">966e</span><span class="nb">-</span><span class="c">85df2af3f6e1 | storage</span><span class="nb">-</span><span class="c">0 | bbba571f</span><span class="nb">-</span><span class="c">f2a9</span><span class="nb">-</span><span class="c">46f3</span><span class="nb">-</span><span class="c">a270</span><span class="nb">-</span><span class="c">f154e045c5a8 | None | active | True |</span>
<span class="c">| 6174dbb7</span><span class="nb">-</span><span class="c">28e7</span><span class="nb">-</span><span class="c">425e</span><span class="nb">-</span><span class="c">b675</span><span class="nb">-</span><span class="c">f1653f0b731c | storage</span><span class="nb">-</span><span class="c">1 | d3afc0e8</span><span class="nb">-</span><span class="c">70a0</span><span class="nb">-</span><span class="c">43c4</span><span class="nb">-</span><span class="c">b35a</span><span class="nb">-</span><span class="c">693a7e4e5fa5 | None | active | True |</span>
<span class="c">| 32e8122b</span><span class="nb">-</span><span class="c">3a5f</span><span class="nb">-</span><span class="c">45fb</span><span class="nb">-</span><span class="c">8a5a</span><span class="nb">-</span><span class="c">60dc4f82325f | storage</span><span class="nb">-</span><span class="c">2 | 53ea0799</span><span class="nb">-</span><span class="c">1bcd</span><span class="nb">-</span><span class="c">4f55</span><span class="nb">-</span><span class="c">8671</span><span class="nb">-</span><span class="c">e6a7f7f46054 | None | active | True |</span>
<span class="nb">+--------------------------------------+-----------+--------------------------------------+-------------+--------------------+-------------+</span>
</code></pre></div>
<p>This will show a list of nodes that are available in the environment. This information </p>
<h2>Login to the overcloud</h2>
<p>From the undercloud node you can source the stack resource file and use the
<em>openstack clients</em> as usual.</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="w"> </span><span class="n">overcloudrc</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">cat</span><span class="w"> </span><span class="n">overcloudrc</span>
<span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">nova</span><span class="w"> </span><span class="n">list</span>
</code></pre></div>
<p>In the previous output you also see the <code>OS_AUTH_URL</code> and the credentials
needed to login from the Horizon dashboard.</p>
<p>Either using ssh portforwaring, or the dynamic proxy option, you can open the
dashboard.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ssh<span class="w"> </span>-F<span class="w"> </span>~/.quickstart/ssh.config.ansible<span class="w"> </span>undercloud<span class="w"> </span>-D<span class="w"> </span><span class="m">8080</span>
</code></pre></div>
<p>Either using Firefox (with the FoxyProxy extension) or Chrome/Vivaldi (with the
SwitchySharp extension) you can set a SOCKS proxy at <code>127.0.0.1</code> and port
<code>8080</code>.</p>
<h2>Login to overcloud nodes</h2>
<p>If you need to inspect a node in the overcloud (workload), you can login to these nodes from the undercloud using the following command:</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="o">[</span><span class="n">hostname/nodeip</span><span class="o">]</span>
</code></pre></div>
<p>Note: you can find the hostnames and IP addresses on the <em>undercloud</em> in the
<code>/etc/hosts</code> file. It will use 'heat-admin' as user to login.</p>
<h2>Scale out</h2>
<p>After deployment, you might have noticed that <code>ironic node-list</code> returned a
list of baremetal nodes that are in <em>Provisioning state</em> 'available' and do not
have an <em>Instance UUID</em>. These nodes have not been deployed to, as
<code>--compute-scale</code> had not been set.</p>
<p>To scale out to these nodes, you first need to change the <code>Maintenance</code> status
to false. You can do this for all available at once with:</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="ow">in</span><span class="w"> </span><span class="err">$</span><span class="p">(</span><span class="n">ironic</span><span class="w"> </span><span class="n">node</span><span class="o">-</span><span class="n">list</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="n">available</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">grep</span><span class="w"> </span><span class="o">-</span><span class="n">v</span><span class="w"> </span><span class="n">UUID</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">awk</span><span class="w"> </span><span class="s1">' { print $2 } '</span><span class="p">);</span><span class="w"> </span><span class="n">do</span>
<span class="o">></span><span class="w"> </span><span class="n">ironic</span><span class="w"> </span><span class="n">node</span><span class="o">-</span><span class="k">set</span><span class="o">-</span><span class="n">maintenance</span><span class="w"> </span><span class="err">$</span><span class="n">i</span><span class="w"> </span><span class="k">false</span><span class="p">;</span>
<span class="o">></span><span class="w"> </span><span class="n">done</span>
</code></pre></div>
<p>You can verify the status with <code>ironic node-list</code>.</p>
<p>After this you can scale out using</p>
<div class="highlight"><pre><span></span><code><span class="p">[</span><span class="nx">stack</span><span class="err">@</span><span class="nx">undercloud</span><span class="w"> </span><span class="o">~</span><span class="p">]</span><span class="err">$</span><span class="w"> </span><span class="nx">openstack</span><span class="w"> </span><span class="nx">overcloud</span><span class="w"> </span><span class="nx">deploy</span><span class="w"> </span><span class="o">--</span><span class="nx">templates</span><span class="w"> </span><span class="o">--</span><span class="nx">libvirt</span><span class="o">-</span><span class="k">type</span><span class="w"> </span><span class="nx">qemu</span><span class="w"> </span><span class="o">--</span><span class="nx">control</span><span class="o">-</span><span class="nx">flavor</span><span class="w"> </span><span class="nx">oooq_control</span><span class="w"> </span><span class="o">--</span><span class="nx">compute</span><span class="o">-</span><span class="nx">flavor</span><span class="w"> </span><span class="nx">oooq_compute</span><span class="w"> </span><span class="o">--</span><span class="nx">ceph</span><span class="o">-</span><span class="nx">storage</span><span class="o">-</span><span class="nx">flavor</span><span class="w"> </span><span class="nx">oooq_ceph</span><span class="w"> </span><span class="o">--</span><span class="nx">timeout</span><span class="w"> </span><span class="mi">60</span><span class="w"> </span><span class="o">--</span><span class="nx">ntp</span><span class="o">-</span><span class="nx">server</span><span class="w"> </span><span class="nx">pool</span><span class="p">.</span><span class="nx">ntp</span><span class="p">.</span><span class="nx">org</span><span class="w"> </span><span class="o">--</span><span class="nx">compute</span><span class="o">-</span><span class="nx">scale</span><span class="w"> </span><span class="mi">3</span>
</code></pre></div>
<p>This will change the current <em>overcloud</em> heat deployment and provision the
remaining nodes.</p>
<p>Eventually the command will return with:</p>
<div class="highlight"><pre><span></span><code>...
Stack overcloud UPDATE_COMPLETE
Overcloud Endpoint: http://192.0.2.6:5000/v2.0
Overcloud Deployed
</code></pre></div>
<p>after which the new nodes have been added to the <em>overcloud</em>. To update the
hosts entries in <code>/etc/hosts</code> you can rerun:</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span><span class="n">stack@undercloud ~</span><span class="o">]</span><span class="err">$</span><span class="w"> </span><span class="p">.</span><span class="o">/</span><span class="n">overcloud</span><span class="o">-</span><span class="n">deploy</span><span class="o">-</span><span class="n">post</span><span class="p">.</span><span class="n">sh</span>
</code></pre></div>
<h2>Diskimage building</h2>
<p>The <em>undercloud</em> images can be created using <a href="https://github.com/redhat-openstack/ansible-role-tripleo-image-build">ansible-role-tripleo-image-build</a>.
Using the following commands it will generate the images:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>git<span class="w"> </span>clone<span class="w"> </span>https://github.com/redhat-openstack/ansible-role-tripleo-image-build.git
$<span class="w"> </span><span class="nb">cd</span><span class="w"> </span>ansible-role-tripleo-image-build/tests/pip
$<span class="w"> </span>sudo<span class="w"> </span>./build.sh<span class="w"> </span>-i
$<span class="w"> </span>./build.sh<span class="w"> </span><span class="nv">$VIRTHOST</span>
</code></pre></div>
<p>After the command finishes succesfully, the images can be found in
<code>/var/lib/oooq-images</code>.</p>
<p>Note: The content of <code>/var/lib/oooq-images</code> will be cleaned on run. After this
it will download a base image from
<code>http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2</code> of
about 800M. You can download this image and specify the location in a
configuration file to prevent it from having to be downloaded each time.</p>
<p>A create a file called: <code>override.yml</code></p>
<div class="highlight"><pre><span></span><code><span class="n">artib_minimal_base_image_url</span><span class="o">:</span><span class="w"> </span><span class="n">file</span><span class="o">:///</span><span class="n">var</span><span class="sr">/lib/oooq-base-images/</span><span class="n">CentOS</span><span class="o">-</span><span class="mi">7</span><span class="o">-</span><span class="n">x86_64</span><span class="o">-</span><span class="n">GenericCloud</span><span class="o">.</span><span class="na">qcow2</span>
</code></pre></div>
<p>And pass this to the build command:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>./build.sh<span class="w"> </span>-e<span class="w"> </span>override.yml<span class="w"> </span><span class="nv">$VIRTHOST</span><span class="w"> </span>
</code></pre></div>
<h2>Conclusion</h2>
<p>Since the introduction of TripleO Quickstart, standing up a multi-node OpenStack
environment is very easy. In my knowledge-base article I describe also how you
can do a baremetal deployment using the Quickstart.</p>
<p>If you have any suggestion, please discuss below or send me an email.</p>
<p>Note: the original publication can be found at: <a href="https://gitlab.com/gbraad/openstack-handsonlabs">OpenStack hands-on-labs</a></p>
<h2>More information</h2>
<ul>
<li>Deployment <a href="https://github.com/openstack/tripleo-quickstart/blob/master/docs/configuring.md">configuration options</a></li>
<li>Knowledge-Base for <a href="https://gitlab.com/gbraad/knowledge-base/blob/master/technology/openstack/tripleo.md">development/architecture notes</a> on TripleO </li>
<li>Openstack deployment <a href="https://remote-lab.net/rdo-manager-ha-openstack-deployment">using RDO-Manager</a></li>
</ul>Building a multi-tier application using OpenStack (PackStack)2016-03-05T00:00:00+08:002016-09-10T00:00:00+08:00Gerard Braadtag:blog.gbraad.nl,2016-03-05:/building-a-multi-tier-application-using-openstack-packstack.html<p>This is a publication of an article/training class I gave related to setting up
an environment using OpenStack, to host a multi-tier applicatiom.</p>
<h2>Introduction</h2>
<p>In this hands-on-labs you will learn how to set-up an OpenStack environment to
host a multi-tier application; front-end, back-end and the related network
settings to …</p><p>This is a publication of an article/training class I gave related to setting up
an environment using OpenStack, to host a multi-tier applicatiom.</p>
<h2>Introduction</h2>
<p>In this hands-on-labs you will learn how to set-up an OpenStack environment to
host a multi-tier application; front-end, back-end and the related network
settings to prevent access to back-end servers, etc.</p>
<p>To setup the environment quickly, we will be using PackStack. PackStack is an
installation utility to quickly deploy an OpenStack cloud. In our case we will
use the all-in-one solutiion which allows a single node environment to
test deploying our multi-tier application.</p>
<h2>Setup packstack environment</h2>
<p>Use a RHEL or CentOS 7 installation.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>systemctl<span class="w"> </span>disable<span class="w"> </span>NetworkManager
$<span class="w"> </span>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>network
$<span class="w"> </span>systemctl<span class="w"> </span>stop<span class="w"> </span>NetworkManager.service
$<span class="w"> </span>systemctl<span class="w"> </span>start<span class="w"> </span>network.service
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>https://www.rdoproject.org/repos/rdo-release.rpm
$<span class="w"> </span>sudo<span class="w"> </span>yum<span class="w"> </span>update<span class="w"> </span>-y
$<span class="w"> </span>sudo<span class="w"> </span>yum<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>openstack-packstack
$<span class="w"> </span>packstack<span class="w"> </span>--allinone<span class="w"> </span>--os-neutron-lbaas-install<span class="o">=</span>y
</code></pre></div>
<h2>Check environment</h2>
<p>In order to start using <em>OpenStack</em>, you’ll need to authenticate as a tenant. To
do this, run the following command in order to put the demo user’s credentials
in your environment.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="nb">source</span><span class="w"> </span>~/keystonerc_admin
</code></pre></div>
<p>The installation automatically creates two networks for you <em>‘private’</em> and
<em>‘public’</em>. The <em>‘public’</em> network we’ll use to allocate floating ips out of
later. Running <code>openstack network list</code> will show this.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>network<span class="w"> </span>list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+---------+--------------------------------------+</span>
<span class="c">| ID | Name | Subnets |</span>
<span class="nb">+--------------------------------------+---------+--------------------------------------+</span>
<span class="c">| 84aff6b0</span><span class="nb">-</span><span class="c">2291</span><span class="nb">-</span><span class="c">41b5</span><span class="nb">-</span><span class="c">9871</span><span class="nb">-</span><span class="c">d3d24906e358 | private | 92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b |</span>
<span class="c">| 427becab</span><span class="nb">-</span><span class="c">54af</span><span class="nb">-</span><span class="c">4b43</span><span class="nb">-</span><span class="c">a5d2</span><span class="nb">-</span><span class="c">e292b13b6a86 | public | 78eff45a</span><span class="nb">-</span><span class="c">25f2</span><span class="nb">-</span><span class="c">4904</span><span class="nb">-</span><span class="c">bab8</span><span class="nb">-</span><span class="c">a8795d9a7f9b |</span>
<span class="nb">+--------------------------------------+---------+--------------------------------------+</span>
</code></pre></div>
<h2>Setup security groups</h2>
<p>First we’ll create the three security groups we’ll need to contain the members:
web, database and ssh.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>security<span class="w"> </span>group<span class="w"> </span>create<span class="w"> </span>web
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+-------------+--------------------------------------+</span>
<span class="c">| Field | Value |</span>
<span class="nb">+-------------+--------------------------------------+</span>
<span class="c">| description | web |</span>
<span class="c">| id | a98fcd2f</span><span class="nb">-</span><span class="c">a828</span><span class="nb">-</span><span class="c">4a88</span><span class="nb">-</span><span class="c">92aa</span><span class="nb">-</span><span class="c">36e3c1223a92 |</span>
<span class="c">| name | web |</span>
<span class="c">| rules | </span><span class="k">[]</span><span class="c"> |</span>
<span class="c">| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |</span>
<span class="nb">+-------------+--------------------------------------+</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>security<span class="w"> </span>group<span class="w"> </span>create<span class="w"> </span>database
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+-------------+--------------------------------------+</span>
<span class="c">| Field | Value |</span>
<span class="nb">+-------------+--------------------------------------+</span>
<span class="c">| description | database |</span>
<span class="c">| id | cf6c0380</span><span class="nb">-</span><span class="c">e255</span><span class="nb">-</span><span class="c">4ba8</span><span class="nb">-</span><span class="c">9258</span><span class="nb">-</span><span class="c">bb8e9c062fa7 |</span>
<span class="c">| name | database |</span>
<span class="c">| rules | </span><span class="k">[]</span><span class="c"> |</span>
<span class="c">| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |</span>
<span class="nb">+-------------+--------------------------------------+</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>security<span class="w"> </span>group<span class="w"> </span>create<span class="w"> </span>ssh
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+-------------+--------------------------------------+</span>
<span class="c">| Field | Value |</span>
<span class="nb">+-------------+--------------------------------------+</span>
<span class="c">| description | ssh |</span>
<span class="c">| id | 141ed0d0</span><span class="nb">-</span><span class="c">c004</span><span class="nb">-</span><span class="c">457d</span><span class="nb">-</span><span class="c">8efa</span><span class="nb">-</span><span class="c">45e0fd2dc986 |</span>
<span class="c">| name | ssh |</span>
<span class="c">| rules | </span><span class="k">[]</span><span class="c"> |</span>
<span class="c">| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |</span>
<span class="nb">+-------------+--------------------------------------+</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>security<span class="w"> </span>group<span class="w"> </span>list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+----------+------------------------+</span>
<span class="c">| ID | Name | Description |</span>
<span class="nb">+--------------------------------------+----------+------------------------+</span>
<span class="c">| cf6c0380</span><span class="nb">-</span><span class="c">e255</span><span class="nb">-</span><span class="c">4ba8</span><span class="nb">-</span><span class="c">9258</span><span class="nb">-</span><span class="c">bb8e9c062fa7 | database | database |</span>
<span class="c">| 379b58b2</span><span class="nb">-</span><span class="c">7ca3</span><span class="nb">-</span><span class="c">431e</span><span class="nb">-</span><span class="c">ae1f</span><span class="nb">-</span><span class="c">cd6a627a9b30 | default | Default security group |</span>
<span class="c">| 141ed0d0</span><span class="nb">-</span><span class="c">c004</span><span class="nb">-</span><span class="c">457d</span><span class="nb">-</span><span class="c">8efa</span><span class="nb">-</span><span class="c">45e0fd2dc986 | ssh | ssh |</span>
<span class="c">| a98fcd2f</span><span class="nb">-</span><span class="c">a828</span><span class="nb">-</span><span class="c">4a88</span><span class="nb">-</span><span class="c">92aa</span><span class="nb">-</span><span class="c">36e3c1223a92 | web | web |</span>
<span class="nb">+--------------------------------------+----------+------------------------+</span>
</code></pre></div>
<p>Now we’ll add rules into these security groups for their desired functionality.</p>
<p>Allow all HTTP traffic on port 80 to the <code>web</code> security group:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>security-group-rule-create<span class="w"> </span>--direction<span class="w"> </span>ingress<span class="w"> </span>--protocol<span class="w"> </span>TCP<span class="w"> </span><span class="se">\ </span>
><span class="w"> </span>--port-range-min<span class="w"> </span><span class="m">80</span><span class="w"> </span>--port-range-max<span class="w"> </span><span class="m">80</span><span class="w"> </span>web
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">security_group_rule</span><span class="p">:</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">direction</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ingress</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">ethertype</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">IPv4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">b293d93a</span><span class="o">-</span><span class="mi">30</span><span class="nx">c2</span><span class="o">-</span><span class="mi">4854</span><span class="o">-</span><span class="nx">a890</span><span class="o">-</span><span class="mi">5</span><span class="nx">ce65639f870</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_max</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_min</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_ip_prefix</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">security_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">a98fcd2f</span><span class="o">-</span><span class="nx">a828</span><span class="o">-</span><span class="mi">4</span><span class="nx">a88</span><span class="o">-</span><span class="mi">92</span><span class="nx">aa</span><span class="o">-</span><span class="mi">36</span><span class="nx">e3c1223a92</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
</code></pre></div>
<p>Allow database servers to be accessed from the web servers:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>security-group-rule-create<span class="w"> </span>--direction<span class="w"> </span>ingress<span class="w"> </span>--protocol<span class="w"> </span>TCP<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--port-range-min<span class="w"> </span><span class="m">3306</span><span class="w"> </span>--port-range-max<span class="w"> </span><span class="m">3306</span><span class="w"> </span>--remote-group-id<span class="w"> </span>web<span class="w"> </span>database
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">security_group_rule</span><span class="p">:</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">direction</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ingress</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">ethertype</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">IPv4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">dfc77fb6</span><span class="o">-</span><span class="mi">48</span><span class="nx">a0</span><span class="o">-</span><span class="mi">41</span><span class="nx">ca</span><span class="o">-</span><span class="mi">9230</span><span class="o">-</span><span class="mi">50</span><span class="nx">c2cda27c63</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_max</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3306</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_min</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3306</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">a98fcd2f</span><span class="o">-</span><span class="nx">a828</span><span class="o">-</span><span class="mi">4</span><span class="nx">a88</span><span class="o">-</span><span class="mi">92</span><span class="nx">aa</span><span class="o">-</span><span class="mi">36</span><span class="nx">e3c1223a92</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_ip_prefix</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">security_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">cf6c0380</span><span class="o">-</span><span class="nx">e255</span><span class="o">-</span><span class="mi">4</span><span class="nx">ba8</span><span class="o">-</span><span class="mi">9258</span><span class="o">-</span><span class="nx">bb8e9c062fa7</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
</code></pre></div>
<p>Allow the jump host to <code>ssh</code> into both the database servers and webservers</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>security-group-rule-create<span class="w"> </span>--direction<span class="w"> </span>ingress<span class="w"> </span>--protocol<span class="w"> </span>TCP<span class="w"> </span><span class="se">\ </span>
><span class="w"> </span>--port-range-min<span class="w"> </span><span class="m">22</span><span class="w"> </span>--port-range-max<span class="w"> </span><span class="m">22</span><span class="w"> </span>--remote-group-id<span class="w"> </span>ssh<span class="w"> </span>database
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">security_group_rule</span><span class="p">:</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">direction</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ingress</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">ethertype</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">IPv4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">0</span><span class="nx">c686a2c</span><span class="o">-</span><span class="mi">304</span><span class="nx">f</span><span class="o">-</span><span class="mi">42</span><span class="nx">be</span><span class="o">-</span><span class="mi">9936</span><span class="o">-</span><span class="nx">cdce46963d46</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_max</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_min</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">141</span><span class="nx">ed0d0</span><span class="o">-</span><span class="nx">c004</span><span class="o">-</span><span class="mi">457</span><span class="nx">d</span><span class="o">-</span><span class="mi">8</span><span class="nx">efa</span><span class="o">-</span><span class="mi">45</span><span class="nx">e0fd2dc986</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_ip_prefix</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">security_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">cf6c0380</span><span class="o">-</span><span class="nx">e255</span><span class="o">-</span><span class="mi">4</span><span class="nx">ba8</span><span class="o">-</span><span class="mi">9258</span><span class="o">-</span><span class="nx">bb8e9c062fa7</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>security-group-rule-create<span class="w"> </span>--direction<span class="w"> </span>ingress<span class="w"> </span>--protocol<span class="w"> </span>TCP<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--port-range-min<span class="w"> </span><span class="m">22</span><span class="w"> </span>--port-range-max<span class="w"> </span><span class="m">22</span><span class="w"> </span>--remote-group-id<span class="w"> </span>ssh<span class="w"> </span>web
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">security_group_rule</span><span class="p">:</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">direction</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ingress</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">ethertype</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">IPv4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">919</span><span class="nx">a6ede</span><span class="o">-</span><span class="mi">8</span><span class="nx">dfd</span><span class="o">-</span><span class="mi">4184</span><span class="o">-</span><span class="nx">bf2a</span><span class="o">-</span><span class="nx">f07c0527d5bf</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_max</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_min</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">141</span><span class="nx">ed0d0</span><span class="o">-</span><span class="nx">c004</span><span class="o">-</span><span class="mi">457</span><span class="nx">d</span><span class="o">-</span><span class="mi">8</span><span class="nx">efa</span><span class="o">-</span><span class="mi">45</span><span class="nx">e0fd2dc986</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_ip_prefix</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">security_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">a98fcd2f</span><span class="o">-</span><span class="nx">a828</span><span class="o">-</span><span class="mi">4</span><span class="nx">a88</span><span class="o">-</span><span class="mi">92</span><span class="nx">aa</span><span class="o">-</span><span class="mi">36</span><span class="nx">e3c1223a92</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
</code></pre></div>
<p>Allow the outside world to be able to <code>ssh</code> into the jump host on port 22:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>security-group-rule-create<span class="w"> </span>--direction<span class="w"> </span>ingress<span class="w"> </span>--protocol<span class="w"> </span>tcp<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--port-range-min<span class="w"> </span><span class="m">22</span><span class="w"> </span>--port-range-max<span class="w"> </span><span class="m">22</span><span class="w"> </span>ssh
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">security_group_rule</span><span class="p">:</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">direction</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ingress</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">ethertype</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">IPv4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fb8dcbe6</span><span class="o">-</span><span class="nx">e553</span><span class="o">-</span><span class="mi">4</span><span class="nx">a92</span><span class="o">-</span><span class="nx">aed4</span><span class="o">-</span><span class="nx">aca7f086dca4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_max</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_range_min</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">22</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">remote_ip_prefix</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">security_group_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">141</span><span class="nx">ed0d0</span><span class="o">-</span><span class="nx">c004</span><span class="o">-</span><span class="mi">457</span><span class="nx">d</span><span class="o">-</span><span class="mi">8</span><span class="nx">efa</span><span class="o">-</span><span class="mi">45</span><span class="nx">e0fd2dc986</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+-------------------+--------------------------------------+</span>
</code></pre></div>
<h2>Setup virtual machines</h2>
<p>Now we can boot some virtual machines that will make use of these security
groups. Run <code>openstack net work list</code> to obtain the private network <code>uuid</code> that
we are going to be using:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>network<span class="w"> </span>list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+---------+--------------------------------------+</span>
<span class="c">| ID | Name | Subnets |</span>
<span class="nb">+--------------------------------------+---------+--------------------------------------+</span>
<span class="c">| 427becab</span><span class="nb">-</span><span class="c">54af</span><span class="nb">-</span><span class="c">4b43</span><span class="nb">-</span><span class="c">a5d2</span><span class="nb">-</span><span class="c">e292b13b6a86 | public | 78eff45a</span><span class="nb">-</span><span class="c">25f2</span><span class="nb">-</span><span class="c">4904</span><span class="nb">-</span><span class="c">bab8</span><span class="nb">-</span><span class="c">a8795d9a7f9b |</span>
<span class="c">| 84aff6b0</span><span class="nb">-</span><span class="c">2291</span><span class="nb">-</span><span class="c">41b5</span><span class="nb">-</span><span class="c">9871</span><span class="nb">-</span><span class="c">d3d24906e358 | private | 92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b |</span>
<span class="nb">+--------------------------------------+---------+--------------------------------------+</span>
</code></pre></div>
<p>Then, we’ll run <code>openstack image list</code> to determine the images available to boot
our instances with. Since we’re using <em>packstack</em>, the script automatically
uploaded an image to <em>glance</em> for us to use.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>image<span class="w"> </span>list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+--------+</span>
<span class="c">| ID | Name |</span>
<span class="nb">+--------------------------------------+--------+</span>
<span class="c">| eea0e326</span><span class="nb">-</span><span class="c">8e2e</span><span class="nb">-</span><span class="c">41db</span><span class="nb">-</span><span class="c">80a0</span><span class="nb">-</span><span class="c">1138a4bdd5a6 | cirros |</span>
<span class="nb">+--------------------------------------+--------+</span>
</code></pre></div>
<h4>Overview</h4>
<p>In the next steps we will boot four instances:</p>
<ul>
<li>2 web servers</li>
<li>1 database server</li>
<li>1 ssh jump host</li>
</ul>
<p>We will be creating instances using the smallest flavor available.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>flavor<span class="w"> </span>list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+----+-----------+-------+------+-----------+-------+-----------+</span>
<span class="c">| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |</span>
<span class="nb">+----+-----------+-------+------+-----------+-------+-----------+</span>
<span class="c">| 1 | m1</span><span class="nt">.</span><span class="c">tiny | 512 | 1 | 0 | 1 | True |</span>
<span class="c">| 2 | m1</span><span class="nt">.</span><span class="c">small | 2048 | 20 | 0 | 1 | True |</span>
<span class="c">| 3 | m1</span><span class="nt">.</span><span class="c">medium | 4096 | 40 | 0 | 2 | True |</span>
<span class="c">| 4 | m1</span><span class="nt">.</span><span class="c">large | 8192 | 80 | 0 | 4 | True |</span>
<span class="c">| 5 | m1</span><span class="nt">.</span><span class="c">xlarge | 16384 | 160 | 0 | 8 | True |</span>
<span class="nb">+----+-----------+-------+------+-----------+-------+-----------+</span>
</code></pre></div>
<p>So we will be using flavor 1, which means instances are created with 512MB of
memory and a disk of 1G.</p>
<p>Note:<br>
We also have to make sure that each instances has an IP address on the private
network. For this we are including the <code>--nic net-id=</code> option specifying the
network ID of the private network.</p>
<h3>Setup web servers</h3>
<p>Boot two instances named <code>web_server1</code> and <code>web_server2</code> on the private network
using the <code>cirros</code> image and part of the web security group:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nova<span class="w"> </span>boot<span class="w"> </span>--image<span class="w"> </span>cirros<span class="w"> </span>--nic<span class="w"> </span>net-id<span class="o">=</span>84aff6b0-2291-41b5-9871-d3d24906e358<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--security_groups<span class="w"> </span>web<span class="w"> </span>--flavor<span class="w"> </span><span class="m">1</span><span class="w"> </span>web_server1
</code></pre></div>
<div class="highlight"><pre><span></span><code>+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | rijM8RvVKXhd |
| config_drive | |
| created | 2016-02-25T08:21:23Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | be6ec624-07cd-45c1-8260-211f1f2fd786 |
| image | cirros (eea0e326-8e2e-41db-80a0-1138a4bdd5a6) |
| key_name | - |
| metadata | {} |
| name | web_server1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | web |
| status | BUILD |
| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |
| updated | 2016-02-25T08:21:24Z |
| user_id | a72ce317d35c47e8b8274995d0a2af92 |
+--------------------------------------+-----------------------------------------------+
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nova<span class="w"> </span>boot<span class="w"> </span>--image<span class="w"> </span>cirros<span class="w"> </span>--nic<span class="w"> </span>net-id<span class="o">=</span>84aff6b0-2291-41b5-9871-d3d24906e358<span class="w"> </span><span class="se">\ </span>
><span class="w"> </span>--security_groups<span class="w"> </span>web<span class="w"> </span>--flavor<span class="w"> </span><span class="m">1</span><span class="w"> </span>web_server2
</code></pre></div>
<div class="highlight"><pre><span></span><code>+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000002 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | vyT4575gsqth |
| config_drive | |
| created | 2016-02-25T08:22:53Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 146056ad-e8dc-4ad3-8765-97b753f3d040 |
| image | cirros (eea0e326-8e2e-41db-80a0-1138a4bdd5a6) |
| key_name | - |
| metadata | {} |
| name | web_server2 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | web |
| status | BUILD |
| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |
| updated | 2016-02-25T08:22:53Z |
| user_id | a72ce317d35c47e8b8274995d0a2af92 |
+--------------------------------------+-----------------------------------------------+
</code></pre></div>
<h3>Setup database server</h3>
<p>Boot database server</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nova<span class="w"> </span>boot<span class="w"> </span>--image<span class="w"> </span>cirros<span class="w"> </span>--nic<span class="w"> </span>net-id<span class="o">=</span>84aff6b0-2291-41b5-9871-d3d24906e358<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--security_groups<span class="w"> </span>database<span class="w"> </span>--flavor<span class="w"> </span><span class="m">1</span><span class="w"> </span>database_server
</code></pre></div>
<div class="highlight"><pre><span></span><code>+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000003 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | 9GJgxdvz3eFQ |
| config_drive | |
| created | 2016-02-25T08:23:22Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | d66ced0e-3aaf-4c14-8921-229ac6307ecd |
| image | cirros (eea0e326-8e2e-41db-80a0-1138a4bdd5a6) |
| key_name | - |
| metadata | {} |
| name | database_server |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | database |
| status | BUILD |
| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |
| updated | 2016-02-25T08:23:22Z |
| user_id | a72ce317d35c47e8b8274995d0a2af92 |
+--------------------------------------+-----------------------------------------------+
</code></pre></div>
<h3>Setup jumphost server</h3>
<p>Boot ssh jump host</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nova<span class="w"> </span>boot<span class="w"> </span>--image<span class="w"> </span>cirros<span class="w"> </span>--nic<span class="w"> </span>net-id<span class="o">=</span>84aff6b0-2291-41b5-9871-d3d24906e358<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--security_groups<span class="w"> </span>ssh<span class="w"> </span>--flavor<span class="w"> </span><span class="m">1</span><span class="w"> </span>jumphost
</code></pre></div>
<div class="highlight"><pre><span></span><code>+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000004 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | jwbUXkmfEK7Y |
| config_drive | |
| created | 2016-02-25T08:23:54Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | e540896e-e148-414a-9588-3b83d3f2b059 |
| image | cirros (eea0e326-8e2e-41db-80a0-1138a4bdd5a6) |
| key_name | - |
| metadata | {} |
| name | jumphost |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | ssh |
| status | BUILD |
| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |
| updated | 2016-02-25T08:23:54Z |
| user_id | a72ce317d35c47e8b8274995d0a2af92 |
+--------------------------------------+-----------------------------------------------+
</code></pre></div>
<h3>Client</h3>
<p>We will also create a client instance that we will use to access the web servers
from.</p>
<p>Note: Since we did not specify a security group this instance will be part of a
<code>default</code> security group which allows the instance to make outgoing connections
to anyone but only accept incoming connections from members of this same
security group.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>nova<span class="w"> </span>boot<span class="w"> </span>--image<span class="w"> </span>cirros<span class="w"> </span>--nic<span class="w"> </span>net-id<span class="o">=</span>84aff6b0-2291-41b5-9871-d3d24906e358<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--flavor<span class="w"> </span><span class="m">1</span><span class="w"> </span>client
</code></pre></div>
<div class="highlight"><pre><span></span><code>+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000005 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | c63QG7iE3PrY |
| config_drive | |
| created | 2016-02-25T08:24:27Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 8e0179a3-6bf8-4c07-8035-f8916ca3183d |
| image | cirros (eea0e326-8e2e-41db-80a0-1138a4bdd5a6) |
| key_name | - |
| metadata | {} |
| name | client |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |
| updated | 2016-02-25T08:24:27Z |
| user_id | a72ce317d35c47e8b8274995d0a2af92 |
+--------------------------------------+-----------------------------------------------+
</code></pre></div>
<h3>Check virtual machines</h3>
<p>Running <code>openstack server list</code> will display the status of the instances. After
a few seconds all of the instances should go to an ACTIVE status.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>server<span class="w"> </span>list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+-----------------+--------+------------------+</span>
<span class="c">| ID | Name | Status | Networks |</span>
<span class="nb">+--------------------------------------+-----------------+--------+------------------+</span>
<span class="c">| 8e0179a3</span><span class="nb">-</span><span class="c">6bf8</span><span class="nb">-</span><span class="c">4c07</span><span class="nb">-</span><span class="c">8035</span><span class="nb">-</span><span class="c">f8916ca3183d | client | ACTIVE | private=10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">7 |</span>
<span class="c">| e540896e</span><span class="nb">-</span><span class="c">e148</span><span class="nb">-</span><span class="c">414a</span><span class="nb">-</span><span class="c">9588</span><span class="nb">-</span><span class="c">3b83d3f2b059 | jumphost | ACTIVE | private=10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">6 |</span>
<span class="c">| d66ced0e</span><span class="nb">-</span><span class="c">3aaf</span><span class="nb">-</span><span class="c">4c14</span><span class="nb">-</span><span class="c">8921</span><span class="nb">-</span><span class="c">229ac6307ecd | database_server | ACTIVE | private=10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">5 |</span>
<span class="c">| 146056ad</span><span class="nb">-</span><span class="c">e8dc</span><span class="nb">-</span><span class="c">4ad3</span><span class="nb">-</span><span class="c">8765</span><span class="nb">-</span><span class="c">97b753f3d040 | web_server2 | ACTIVE | private=10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">4 |</span>
<span class="c">| be6ec624</span><span class="nb">-</span><span class="c">07cd</span><span class="nb">-</span><span class="c">45c1</span><span class="nb">-</span><span class="c">8260</span><span class="nb">-</span><span class="c">211f1f2fd786 | web_server1 | ACTIVE | private=10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">3 |</span>
<span class="nb">+--------------------------------------+-----------------+--------+------------------+</span>
</code></pre></div>
<h3>Setup public IP address for SSH</h3>
<p>To make the jumphost publicly accessible on the internet we’ll need to assign a
floating IP to it. To do this first create a floating IP via:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>floatingip-create<span class="w"> </span>public
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">floatingip</span><span class="p">:</span>
<span class="o">+---------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+---------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">fixed_ip_address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">floating_ip_address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="m m-Double">172.24.4.228</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">floating_network_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">427</span><span class="nx">becab</span><span class="o">-</span><span class="mi">54</span><span class="nx">af</span><span class="o">-</span><span class="mi">4</span><span class="nx">b43</span><span class="o">-</span><span class="nx">a5d2</span><span class="o">-</span><span class="nx">e292b13b6a86</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ce6efd31</span><span class="o">-</span><span class="mi">97</span><span class="nx">e9</span><span class="o">-</span><span class="mi">428</span><span class="nx">b</span><span class="o">-</span><span class="nx">a3ac</span><span class="o">-</span><span class="nx">b5a14e77a305</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">router_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">DOWN</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+---------------------+--------------------------------------+</span>
</code></pre></div>
<p>Next, we need to determine the port id of the jumpbox:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>port-list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+</span>
<span class="c">| id | name | mac_address | fixed_ips |</span>
<span class="nb">+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+</span>
<span class="c">| 551cf7bc</span><span class="nb">-</span><span class="c">802f</span><span class="nb">-</span><span class="c">4b02</span><span class="nb">-</span><span class="c">bd3e</span><span class="nb">-</span><span class="c">c44473ffb1ff | | fa:16:3e:48:a4:d1 | {"subnet_id": "78eff45a</span><span class="nb">-</span><span class="c">25f2</span><span class="nb">-</span><span class="c">4904</span><span class="nb">-</span><span class="c">bab8</span><span class="nb">-</span><span class="c">a8795d9a7f9b"</span><span class="nt">,</span><span class="c"> "ip_address": "172</span><span class="nt">.</span><span class="c">24</span><span class="nt">.</span><span class="c">4</span><span class="nt">.</span><span class="c">226"} |</span>
<span class="c">| 5d98aa79</span><span class="nb">-</span><span class="c">8bc0</span><span class="nb">-</span><span class="c">4512</span><span class="nb">-</span><span class="c">a128</span><span class="nb">-</span><span class="c">078281aae2bc | | fa:16:3e:0d:4b:55 | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">6"} |</span>
<span class="c">| 6aab05f6</span><span class="nb">-</span><span class="c">9176</span><span class="nb">-</span><span class="c">48b4</span><span class="nb">-</span><span class="c">9b0f</span><span class="nb">-</span><span class="c">113593945593 | | fa:16:3e:2d:b6:a4 | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">1"} |</span>
<span class="c">| 8941a204</span><span class="nb">-</span><span class="c">08e7</span><span class="nb">-</span><span class="c">4547</span><span class="nb">-</span><span class="c">b720</span><span class="nb">-</span><span class="c">f9840358929b | | fa:16:3e:5b:a3:c7 | {"subnet_id": "78eff45a</span><span class="nb">-</span><span class="c">25f2</span><span class="nb">-</span><span class="c">4904</span><span class="nb">-</span><span class="c">bab8</span><span class="nb">-</span><span class="c">a8795d9a7f9b"</span><span class="nt">,</span><span class="c"> "ip_address": "172</span><span class="nt">.</span><span class="c">24</span><span class="nt">.</span><span class="c">4</span><span class="nt">.</span><span class="c">228"} |</span>
<span class="c">| 9bd695dc</span><span class="nb">-</span><span class="c">4e6c</span><span class="nb">-</span><span class="c">40c5</span><span class="nb">-</span><span class="c">952d</span><span class="nb">-</span><span class="c">44269711bd6c | | fa:16:3e:9e:36:8f | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">3"} |</span>
<span class="c">| afd18b4f</span><span class="nb">-</span><span class="c">c19f</span><span class="nb">-</span><span class="c">4c03</span><span class="nb">-</span><span class="c">a049</span><span class="nb">-</span><span class="c">fe8aeae7da49 | | fa:16:3e:ac:94:5e | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">5"} |</span>
<span class="c">| e63d8edb</span><span class="nb">-</span><span class="c">f10c</span><span class="nb">-</span><span class="c">4776</span><span class="nb">-</span><span class="c">a10e</span><span class="nb">-</span><span class="c">cba9ec3f3d56 | | fa:16:3e:d4:9c:57 | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">4"} |</span>
<span class="c">| f0d35941</span><span class="nb">-</span><span class="c">989c</span><span class="nb">-</span><span class="c">4f2b</span><span class="nb">-</span><span class="c">b187</span><span class="nb">-</span><span class="c">872445b0b653 | | fa:16:3e:0c:7f:d5 | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">7"} |</span>
<span class="c">| f9e097b4</span><span class="nb">-</span><span class="c">4227</span><span class="nb">-</span><span class="c">49ee</span><span class="nb">-</span><span class="c">9442</span><span class="nb">-</span><span class="c">643c4186e587 | | fa:16:3e:a5:36:2c | {"subnet_id": "92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b"</span><span class="nt">,</span><span class="c"> "ip_address": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">2"} |</span>
<span class="nb">+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+</span>
</code></pre></div>
<p>and find the <em>id</em> that matches the IP address of the jumphost (10.0.0.6) and
associate it via:</p>
<div class="highlight"><pre><span></span><code><span class="cp"># neutron floatingip-associate [floating_ip id] [port-list id]</span>
<span class="n">$</span><span class="w"> </span><span class="n">neutron</span><span class="w"> </span><span class="n">floatingip</span><span class="o">-</span><span class="n">associate</span><span class="w"> </span><span class="n">ce6efd31</span><span class="mf">-97e9</span><span class="mi">-428</span><span class="n">b</span><span class="o">-</span><span class="n">a3ac</span><span class="o">-</span><span class="n">b5a14e77a305</span><span class="w"> </span>\
<span class="o">></span><span class="w"> </span><span class="mi">5</span><span class="n">d98aa79</span><span class="mi">-8</span><span class="n">bc0</span><span class="mi">-4512</span><span class="o">-</span><span class="n">a128</span><span class="mo">-07</span><span class="mi">8281</span><span class="n">aae2bc</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>Associated floating IP ce6efd31-97e9-428b-a3ac-b5a14e77a305
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>floatingip-list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+------------------+---------------------+--------------------------------------+</span>
<span class="c">| id | fixed_ip_address | floating_ip_address | port_id |</span>
<span class="nb">+--------------------------------------+------------------+---------------------+--------------------------------------+</span>
<span class="c">| ce6efd31</span><span class="nb">-</span><span class="c">97e9</span><span class="nb">-</span><span class="c">428b</span><span class="nb">-</span><span class="c">a3ac</span><span class="nb">-</span><span class="c">b5a14e77a305 | 10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">6 | 172</span><span class="nt">.</span><span class="c">24</span><span class="nt">.</span><span class="c">4</span><span class="nt">.</span><span class="c">228 | 5d98aa79</span><span class="nb">-</span><span class="c">8bc0</span><span class="nb">-</span><span class="c">4512</span><span class="nb">-</span><span class="c">a128</span><span class="nb">-</span><span class="c">078281aae2bc |</span>
<span class="nb">+--------------------------------------+------------------+---------------------+--------------------------------------+</span>
</code></pre></div>
<h3>Verify SSH connectivity</h3>
<p>Now you should be able to ssh to the jumbox via with password <code>cubswin:)</code> :</p>
<div class="highlight"><pre><span></span><code><span class="n">$</span><span class="w"> </span><span class="n">ssh</span><span class="w"> </span><span class="n">cirros</span><span class="mf">@172.24.4.228</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">The</span><span class="w"> </span><span class="n">authenticity</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">host</span><span class="w"> </span><span class="err">'</span><span class="mf">172.24.4.3</span><span class="w"> </span><span class="p">(</span><span class="mf">172.24.4.3</span><span class="p">)</span><span class="err">'</span><span class="w"> </span><span class="n">can</span><span class="err">'</span><span class="n">t</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">established</span><span class="p">.</span>
<span class="n">RSA</span><span class="w"> </span><span class="n">key</span><span class="w"> </span><span class="n">fingerprint</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="mi">8</span><span class="n">b</span><span class="o">:</span><span class="mi">90</span><span class="o">:</span><span class="n">ae</span><span class="o">:</span><span class="mi">9</span><span class="n">c</span><span class="o">:</span><span class="n">eb</span><span class="o">:</span><span class="n">be</span><span class="o">:</span><span class="mi">83</span><span class="o">:</span><span class="n">ae</span><span class="o">:</span><span class="mi">3</span><span class="n">c</span><span class="o">:</span><span class="mi">33</span><span class="o">:</span><span class="n">fe</span><span class="o">:</span><span class="mi">84</span><span class="o">:</span><span class="mi">7</span><span class="n">a</span><span class="o">:</span><span class="mi">88</span><span class="o">:</span><span class="mi">12</span><span class="o">:</span><span class="n">d1</span><span class="p">.</span>
<span class="n">Are</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">sure</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="k">continue</span><span class="w"> </span><span class="n">connecting</span><span class="w"> </span><span class="p">(</span><span class="n">yes</span><span class="o">/</span><span class="n">no</span><span class="p">)</span><span class="o">?</span><span class="w"> </span><span class="n">yes</span>
<span class="nl">Warning</span><span class="p">:</span><span class="w"> </span><span class="n">Permanently</span><span class="w"> </span><span class="n">added</span><span class="w"> </span><span class="err">'</span><span class="mf">172.24.4.3</span><span class="err">'</span><span class="w"> </span><span class="p">(</span><span class="n">RSA</span><span class="p">)</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">list</span><span class="w"> </span><span class="n">of</span><span class="w"> </span><span class="n">known</span><span class="w"> </span><span class="n">hosts</span><span class="p">.</span>
<span class="n">cirros</span><span class="mf">@172.24.4.3</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="n">password</span><span class="o">:</span>
<span class="n">$</span>
</code></pre></div>
<p>After logging into the jumpbox you’ll be able to ssh into your <em>webserver1</em>,
<em>webserver2</em>, and <em>database server</em> via:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ssh<span class="w"> </span><span class="m">10</span>.0.0.3
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">Host</span><span class="w"> </span><span class="err">'</span><span class="mf">10.0.0.3</span><span class="err">'</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="n">the</span><span class="w"> </span><span class="n">trusted</span><span class="w"> </span><span class="n">hosts</span><span class="w"> </span><span class="n">file</span><span class="p">.</span>
<span class="p">(</span><span class="n">fingerprint</span><span class="w"> </span><span class="n">md5</span><span class="w"> </span><span class="n">e7</span><span class="o">:</span><span class="n">c3</span><span class="o">:</span><span class="n">d2</span><span class="o">:</span><span class="mi">93</span><span class="o">:</span><span class="mi">0</span><span class="n">b</span><span class="o">:</span><span class="n">eb</span><span class="o">:</span><span class="mi">65</span><span class="o">:</span><span class="mi">6</span><span class="n">d</span><span class="o">:</span><span class="n">e6</span><span class="o">:</span><span class="mo">01</span><span class="o">:</span><span class="mi">2</span><span class="n">e</span><span class="o">:</span><span class="n">b3</span><span class="o">:</span><span class="n">e6</span><span class="o">:</span><span class="mi">72</span><span class="o">:</span><span class="n">fd</span><span class="o">:</span><span class="n">c0</span><span class="p">)</span>
<span class="n">Do</span><span class="w"> </span><span class="n">you</span><span class="w"> </span><span class="n">want</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="k">continue</span><span class="w"> </span><span class="n">connecting</span><span class="o">?</span><span class="w"> </span><span class="p">(</span><span class="n">y</span><span class="o">/</span><span class="n">n</span><span class="p">)</span><span class="w"> </span><span class="n">y</span>
<span class="n">cirros</span><span class="mf">@10.0.0.3</span><span class="err">'</span><span class="n">s</span><span class="w"> </span><span class="n">password</span><span class="o">:</span>
<span class="n">$</span><span class="w"> </span><span class="n">exit</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ssh<span class="w"> </span><span class="m">10</span>.0.0.4
</code></pre></div>
<div class="highlight"><pre><span></span><code>...
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>ssh<span class="w"> </span><span class="m">10</span>.0.0.5
</code></pre></div>
<div class="highlight"><pre><span></span><code>...
</code></pre></div>
<p>None of those instances will be able to ssh to each other. The point of this
instance is so that you do not need to have all of your other instances publicly
addressable and directly accessible via the internet.</p>
<h3>Simulate web server</h3>
<p>Now let’s log in to <code>web_server1</code> and <code>web_server2</code> (via ssh or via horizon) and
setup a simple web server to handle requests and reply with who they are:</p>
<div class="highlight"><pre><span></span><code><span class="c1"># On web_server 1 (10.0.0.3)</span>
<span class="n">$</span><span class="w"> </span><span class="k">while</span><span class="w"> </span><span class="no">true</span><span class="p">;</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'HTTP/1.0 200 OK</span><span class="se">\r\n\r\n</span><span class="s1">'</span><span class="n n-Quoted">`hostname`</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">nc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="n">done</span><span class="w"> </span><span class="o">&</span>
<span class="n">$</span><span class="w"> </span><span class="k">exit</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="c1"># on web_server 2 (10.0.0.4)</span>
<span class="n">$</span><span class="w"> </span><span class="k">while</span><span class="w"> </span><span class="no">true</span><span class="p">;</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'HTTP/1.0 200 OK</span><span class="se">\r\n\r\n</span><span class="s1">'</span><span class="n n-Quoted">`hostname`</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">nc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="n">done</span><span class="w"> </span><span class="o">&</span>
<span class="n">$</span><span class="w"> </span><span class="k">exit</span>
</code></pre></div>
<h3>Simulate HTTP request</h3>
<p>Now, log in to your <em>client</em> virtual machine (from the web console). From there
if you run:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>wget<span class="w"> </span>-O<span class="w"> </span>-<span class="w"> </span>http://10.0.0.3/
</code></pre></div>
<div class="highlight"><pre><span></span><code>Connecting to 10.0.0.3 (10.0.0.3:80)
web-server1
100% |************************************| 12 0:00:00 ETA
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>wget<span class="w"> </span>-O<span class="w"> </span>-<span class="w"> </span>http://10.0.0.4/
</code></pre></div>
<div class="highlight"><pre><span></span><code>Connecting to 10.0.0.4 (10.0.0.4:80)
web-server2
100% |************************************| 12 0:00:00 ETA
</code></pre></div>
<p>This demonstrates that our simple web server is working on our two web server
instances.</p>
<h3>Optional check</h3>
<p>We can demonstrate that the web security group is working correctly by killing
our simple web server and changing the port number. (Note: to kill the web
server you may need to hold control + c for a second in order for it to break
out of the while loop before another instance of nc is created.)</p>
<div class="highlight"><pre><span></span><code><span class="c1"># On web_server 1 </span>
<span class="n">$</span><span class="w"> </span><span class="k">while</span><span class="w"> </span><span class="no">true</span><span class="p">;</span><span class="w"> </span><span class="k">do</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="o">-</span><span class="n">e</span><span class="w"> </span><span class="s1">'HTTP/1.0 200 OK</span><span class="se">\r\n\r\n</span><span class="s1">'</span><span class="n n-Quoted">`hostname`</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">sudo</span><span class="w"> </span><span class="n">nc</span><span class="w"> </span><span class="o">-</span><span class="n">l</span><span class="w"> </span><span class="o">-</span><span class="n">p</span><span class="w"> </span><span class="mi">81</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="n">done</span><span class="w"> </span><span class="o">&</span>
</code></pre></div>
<p>Now on the client run:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>wget<span class="w"> </span>-O<span class="w"> </span>-<span class="w"> </span>http://10.0.0.3:81
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nv">Connecting</span><span class="w"> </span><span class="nv">to</span><span class="w"> </span><span class="mi">10</span>.<span class="mi">0</span>.<span class="mi">0</span>.<span class="mi">3</span><span class="w"> </span><span class="ss">(</span><span class="mi">10</span>.<span class="mi">0</span>.<span class="mi">0</span>.<span class="mi">3</span>:<span class="mi">81</span><span class="ss">)</span>
<span class="nv">wget</span>:<span class="w"> </span><span class="nv">can</span><span class="err">'t connect to remote host (10.0.0.3): Connection timed out</span>
</code></pre></div>
<p>As you can see the request is never answered as expected because our web
security group does not allow port 81 ingress. Now let’s set the web server to
run on port 80 again.</p>
<h3>Provision loadbalancer</h3>
<p>At this point were going to provision loadbalancer via neutron in order to load
balance requests between our two web server instances.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>subnet-list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+----------------+-----------------+--------------------------------------------------+</span>
<span class="c">| id | name | cidr | allocation_pools |</span>
<span class="nb">+--------------------------------------+----------------+-----------------+--------------------------------------------------+</span>
<span class="c">| 78eff45a</span><span class="nb">-</span><span class="c">25f2</span><span class="nb">-</span><span class="c">4904</span><span class="nb">-</span><span class="c">bab8</span><span class="nb">-</span><span class="c">a8795d9a7f9b | public_subnet | 172</span><span class="nt">.</span><span class="c">24</span><span class="nt">.</span><span class="c">4</span><span class="nt">.</span><span class="c">224/28 | {"start": "172</span><span class="nt">.</span><span class="c">24</span><span class="nt">.</span><span class="c">4</span><span class="nt">.</span><span class="c">226"</span><span class="nt">,</span><span class="c"> "end": "172</span><span class="nt">.</span><span class="c">24</span><span class="nt">.</span><span class="c">4</span><span class="nt">.</span><span class="c">238"} |</span>
<span class="c">| 92432fb8</span><span class="nb">-</span><span class="c">8c29</span><span class="nb">-</span><span class="c">4abe</span><span class="nb">-</span><span class="c">98d8</span><span class="nb">-</span><span class="c">de8bf161a18b | private_subnet | 10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0/24 | {"start": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">2"</span><span class="nt">,</span><span class="c"> "end": "10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">254"} |</span>
<span class="nb">+--------------------------------------+----------------+-----------------+--------------------------------------------------+</span>
</code></pre></div>
<p>Create a loadbalancer pool:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-pool-create<span class="w"> </span>--name<span class="w"> </span>http-pool<span class="w"> </span>--lb-method<span class="w"> </span>ROUND_ROBIN<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--protocol<span class="w"> </span>HTTP<span class="w"> </span>--subnet-id<span class="w"> </span>92432fb8-8c29-4abe-98d8-de8bf161a18b
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="n">Created</span> <span class="n">a</span> <span class="n">new</span> <span class="n">pool</span><span class="p">:</span>
<span class="o">+------------------------+--------------------------------------+</span>
<span class="p">|</span> <span class="n">Field</span> <span class="p">|</span> <span class="n">Value</span> <span class="p">|</span>
<span class="o">+------------------------+--------------------------------------+</span>
<span class="p">|</span> <span class="n">admin_state_up</span> <span class="p">|</span> <span class="n">True</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">description</span> <span class="p">|</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">health_monitors</span> <span class="p">|</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">health_monitors_status</span> <span class="p">|</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">id</span> <span class="p">|</span> <span class="mi">51</span><span class="n">ca1962</span><span class="o">-</span><span class="n">a24a</span><span class="o">-</span><span class="mi">4</span><span class="n">f43</span><span class="o">-</span><span class="mi">920</span><span class="n">f</span><span class="o">-</span><span class="mi">162</span><span class="n">a03a45c51</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">lb_method</span> <span class="p">|</span> <span class="n">ROUND_ROBIN</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">members</span> <span class="p">|</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">name</span> <span class="p">|</span> <span class="n">http</span><span class="o">-</span><span class="n">pool</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">protocol</span> <span class="p">|</span> <span class="n">HTTP</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">provider</span> <span class="p">|</span> <span class="n">haproxy</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">status</span> <span class="p">|</span> <span class="n">PENDING_CREATE</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">status_description</span> <span class="p">|</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">subnet_id</span> <span class="p">|</span> <span class="mi">92432</span><span class="n">fb8</span><span class="o">-</span><span class="mi">8</span><span class="n">c29</span><span class="o">-</span><span class="mi">4</span><span class="n">abe</span><span class="o">-</span><span class="mi">98</span><span class="n">d8</span><span class="o">-</span><span class="n">de8bf161a18b</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">tenant_id</span> <span class="p">|</span> <span class="mi">3</span><span class="n">d44af649a1c42fcaa102ed11e3f010f</span> <span class="p">|</span>
<span class="p">|</span> <span class="n">vip_id</span> <span class="p">|</span> <span class="p">|</span>
<span class="o">+------------------------+--------------------------------------+</span>
</code></pre></div>
<p>You can verify the creation of the <em>http-pool</em> with the <code>neutron lb-pool-list</code>
and <code>neutron lb-pool-show http-pool</code> command.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-pool-list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+-----------+----------+-------------+----------+----------------+--------+</span>
<span class="c">| id | name | provider | lb_method | protocol | admin_state_up | status |</span>
<span class="nb">+--------------------------------------+-----------+----------+-------------+----------+----------------+--------+</span>
<span class="c">| 51ca1962</span><span class="nb">-</span><span class="c">a24a</span><span class="nb">-</span><span class="c">4f43</span><span class="nb">-</span><span class="c">920f</span><span class="nb">-</span><span class="c">162a03a45c51 | http</span><span class="nb">-</span><span class="c">pool | haproxy | ROUND_ROBIN | HTTP | True | ACTIVE |</span>
<span class="nb">+--------------------------------------+-----------+----------+-------------+----------+----------------+--------+</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-pool-show<span class="w"> </span>http-pool
</code></pre></div>
<div class="highlight"><pre><span></span><code>+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| health_monitors | |
| health_monitors_status | |
| id | 51ca1962-a24a-4f43-920f-162a03a45c51 |
| lb_method | ROUND_ROBIN |
| members | |
| name | http-pool |
| protocol | HTTP |
| provider | haproxy |
| status | ACTIVE |
| status_description | |
| subnet_id | 92432fb8-8c29-4abe-98d8-de8bf161a18b |
| tenant_id | 3d44af649a1c42fcaa102ed11e3f010f |
| vip_id | |
+------------------------+--------------------------------------+
</code></pre></div>
<p>Now, let’s create a health monitor, which checks to make sure our instances are
still running and associate that with the pool:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lbaas-healthmonitor-create<span class="w"> </span>--delay<span class="w"> </span><span class="m">3</span><span class="w"> </span>--type<span class="w"> </span>HTTP<span class="w"> </span>--max-retries<span class="w"> </span><span class="m">3</span><span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--timeout<span class="w"> </span><span class="m">3</span><span class="w"> </span>--pool<span class="w"> </span>webserver-pool
</code></pre></div>
<h3>Adding loadbalancer members</h3>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-member-create<span class="w"> </span>--address<span class="w"> </span><span class="m">10</span>.0.0.3<span class="w"> </span>--protocol-port<span class="w"> </span><span class="m">80</span><span class="w"> </span>http-pool
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">member</span><span class="p">:</span>
<span class="o">+--------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+--------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="m m-Double">10.0.0.3</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">admin_state_up</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">True</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">36</span><span class="nx">b01f84</span><span class="o">-</span><span class="nx">a273</span><span class="o">-</span><span class="mi">417</span><span class="nx">f</span><span class="o">-</span><span class="mi">9588</span><span class="o">-</span><span class="mi">15</span><span class="nx">cceea18868</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">pool_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">51</span><span class="nx">ca1962</span><span class="o">-</span><span class="nx">a24a</span><span class="o">-</span><span class="mi">4</span><span class="nx">f43</span><span class="o">-</span><span class="mi">920</span><span class="nx">f</span><span class="o">-</span><span class="mi">162</span><span class="nx">a03a45c51</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol_port</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">PENDING_CREATE</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status_description</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">weight</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span>
<span class="o">+--------------------+--------------------------------------+</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-member-create<span class="w"> </span>--address<span class="w"> </span><span class="m">10</span>.0.0.4<span class="w"> </span>--protocol-port<span class="w"> </span><span class="m">80</span><span class="w"> </span>http-pool
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">member</span><span class="p">:</span>
<span class="o">+--------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+--------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="m m-Double">10.0.0.4</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">admin_state_up</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">True</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">5</span><span class="nx">d68b992</span><span class="o">-</span><span class="nx">d09f</span><span class="o">-</span><span class="mi">408</span><span class="nx">b</span><span class="o">-</span><span class="mi">8049</span><span class="o">-</span><span class="mi">353</span><span class="nx">e702cc990</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">pool_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">51</span><span class="nx">ca1962</span><span class="o">-</span><span class="nx">a24a</span><span class="o">-</span><span class="mi">4</span><span class="nx">f43</span><span class="o">-</span><span class="mi">920</span><span class="nx">f</span><span class="o">-</span><span class="mi">162</span><span class="nx">a03a45c51</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol_port</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">PENDING_CREATE</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status_description</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">weight</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span>
<span class="o">+--------------------+--------------------------------------+</span>
</code></pre></div>
<p>After this you can verify the nodes have been added to the loadbalancer pool.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-member-list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nb">+--------------------------------------+----------+---------------+--------+----------------+--------+</span>
<span class="c">| id | address | protocol_port | weight | admin_state_up | status |</span>
<span class="nb">+--------------------------------------+----------+---------------+--------+----------------+--------+</span>
<span class="c">| 36b01f84</span><span class="nb">-</span><span class="c">a273</span><span class="nb">-</span><span class="c">417f</span><span class="nb">-</span><span class="c">9588</span><span class="nb">-</span><span class="c">15cceea18868 | 10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">3 | 80 | 1 | True | ACTIVE |</span>
<span class="c">| 5d68b992</span><span class="nb">-</span><span class="c">d09f</span><span class="nb">-</span><span class="c">408b</span><span class="nb">-</span><span class="c">8049</span><span class="nb">-</span><span class="c">353e702cc990 | 10</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">0</span><span class="nt">.</span><span class="c">4 | 80 | 1 | True | ACTIVE |</span>
<span class="nb">+--------------------------------------+----------+---------------+--------+----------------+--------+</span>
</code></pre></div>
<h3>Add healthmonitor</h3>
<p>We need to create a health monitor, which will check our instances to make sure they are still running</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-healthmonitor-create<span class="w"> </span>--delay<span class="w"> </span><span class="m">3</span><span class="w"> </span>--type<span class="w"> </span>HTTP<span class="w"> </span>--max-retries<span class="w"> </span><span class="m">3</span><span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--timeout<span class="w"> </span><span class="m">3</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">health_monitor</span><span class="p">:</span>
<span class="o">+----------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+----------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">admin_state_up</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">True</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">delay</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">expected_codes</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">http_method</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">GET</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">05</span><span class="nx">cbf7f9</span><span class="o">-</span><span class="nx">d01b</span><span class="o">-</span><span class="mi">483</span><span class="nx">b</span><span class="o">-</span><span class="mi">934</span><span class="nx">e</span><span class="o">-</span><span class="mi">8955</span><span class="nx">b14a1653</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">max_retries</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">pools</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">timeout</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">HTTP</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">url_path</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">/</span><span class="w"> </span><span class="o">|</span>
<span class="o">+----------------+--------------------------------------+</span>
</code></pre></div>
<p>Now we have to associate the health monitor to the previously created
loadbalancer pool.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-healthmonitor-associate<span class="w"> </span>05cbf7f9-d01b-483b-934e-8955b14a1653<span class="w"> </span>http-pool
</code></pre></div>
<div class="highlight"><pre><span></span><code>Associated health monitor 05cbf7f9-d01b-483b-934e-8955b14a1653
</code></pre></div>
<p>To make the loadbalancer and associated health monitor available, we need to
assign it a Virual IP. The address will be allocated from the private subnet.
This address will redirect the request to either instance within the pool to
handle the request.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>lb-vip-create<span class="w"> </span>--name<span class="w"> </span>webserver-vip<span class="w"> </span>--protocol-port<span class="w"> </span><span class="m">80</span><span class="w"> </span><span class="se">\</span>
><span class="w"> </span>--protocol<span class="w"> </span>HTTP<span class="w"> </span>--subnet-id<span class="w"> </span>92432fb8-8c29-4abe-98d8-de8bf161a18b<span class="w"> </span>http-pool
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">vip</span><span class="p">:</span>
<span class="o">+---------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+---------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="m m-Double">10.0.0.8</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">admin_state_up</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">True</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">connection_limit</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">-</span><span class="mi">1</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">description</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">b9ca33b0</span><span class="o">-</span><span class="nx">b09c</span><span class="o">-</span><span class="mi">4</span><span class="nx">e7d</span><span class="o">-</span><span class="mi">8</span><span class="nx">ab7</span><span class="o">-</span><span class="mi">77</span><span class="nx">fe5207add6</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">webserver</span><span class="o">-</span><span class="nx">vip</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">pool_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">51</span><span class="nx">ca1962</span><span class="o">-</span><span class="nx">a24a</span><span class="o">-</span><span class="mi">4</span><span class="nx">f43</span><span class="o">-</span><span class="mi">920</span><span class="nx">f</span><span class="o">-</span><span class="mi">162</span><span class="nx">a03a45c51</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">ecbadc53</span><span class="o">-</span><span class="mi">5266</span><span class="o">-</span><span class="mi">4146</span><span class="o">-</span><span class="nx">bbb3</span><span class="o">-</span><span class="nx">d1b6d383be10</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">HTTP</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">protocol_port</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">80</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">session_persistence</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">PENDING_CREATE</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status_description</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">subnet_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">92432</span><span class="nx">fb8</span><span class="o">-</span><span class="mi">8</span><span class="nx">c29</span><span class="o">-</span><span class="mi">4</span><span class="nx">abe</span><span class="o">-</span><span class="mi">98</span><span class="nx">d8</span><span class="o">-</span><span class="nx">de8bf161a18b</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+---------------------+--------------------------------------+</span>
</code></pre></div>
<h3>Verify loadbalancer</h3>
<p>Finally, let’s test out the loadbalancer. From the client instance we should be
able to run wget at 10.0.0.8 and see that it loadbalancers our requests.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="k">for</span><span class="w"> </span>i<span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="k">$(</span>seq<span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="m">4</span><span class="k">)</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">do</span><span class="w"> </span>wget<span class="w"> </span>-O<span class="w"> </span>-<span class="w"> </span>http://10.0.0.8/<span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">done</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>Connecting to 10.0.0.8 (10.0.0.8:80)
web-server1
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 10.0.0.8 (10.0.0.8:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 10.0.0.8 (10.0.0.8:80)
web-server1
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 10.0.0.8 (10.0.0.8:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
</code></pre></div>
<p>From the output above you can see that the the requests are being handled by
<code>web_server1</code> then <code>web_server2</code> in an alternating fashion according to the
round robin method.</p>
<h3>Setup public IP address for web traffic</h3>
<p>Now to make our VIP publicly accessible via the internet we need to create
another floating IP:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>floatingip-create<span class="w"> </span>public
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="nx">Created</span><span class="w"> </span><span class="nx">a</span><span class="w"> </span><span class="nx">new</span><span class="w"> </span><span class="nx">floatingip</span><span class="p">:</span>
<span class="o">+---------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">Field</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">Value</span><span class="w"> </span><span class="o">|</span>
<span class="o">+---------------------+--------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">fixed_ip_address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">floating_ip_address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="m m-Double">172.24.4.229</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">floating_network_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">427</span><span class="nx">becab</span><span class="o">-</span><span class="mi">54</span><span class="nx">af</span><span class="o">-</span><span class="mi">4</span><span class="nx">b43</span><span class="o">-</span><span class="nx">a5d2</span><span class="o">-</span><span class="nx">e292b13b6a86</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">c15f8a4</span><span class="o">-</span><span class="nx">bdc6</span><span class="o">-</span><span class="mi">4154</span><span class="o">-</span><span class="mi">8</span><span class="nx">bfa</span><span class="o">-</span><span class="nx">e8b0674079ca</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">port_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">router_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">DOWN</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">tenant_id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="mi">3</span><span class="nx">d44af649a1c42fcaa102ed11e3f010f</span><span class="w"> </span><span class="o">|</span>
<span class="o">+---------------------+--------------------------------------+</span>
</code></pre></div>
<p>Determine the port_id for the Virtual IP we created earlier:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>port-list
</code></pre></div>
<div class="highlight"><pre><span></span><code><span class="o">+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="nx">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">mac_address</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fixed_ips</span><span class="w"> </span><span class="o">|</span>
<span class="o">+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+</span>
<span class="o">|</span><span class="w"> </span><span class="mi">54</span><span class="nx">b17392</span><span class="o">-</span><span class="nx">dce7</span><span class="o">-</span><span class="mi">4</span><span class="nx">d6a</span><span class="o">-</span><span class="mi">8</span><span class="nx">cce</span><span class="o">-</span><span class="mi">153</span><span class="nx">fccb5d441</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="nx">f0</span><span class="p">:</span><span class="nx">c7</span><span class="p">:</span><span class="nx">cf</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"78eff45a-25f2-4904-bab8-a8795d9a7f9b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"172.24.4.229"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="mi">551</span><span class="nx">cf7bc</span><span class="o">-</span><span class="mi">802</span><span class="nx">f</span><span class="o">-</span><span class="mi">4</span><span class="nx">b02</span><span class="o">-</span><span class="nx">bd3e</span><span class="o">-</span><span class="nx">c44473ffb1ff</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">48</span><span class="p">:</span><span class="nx">a4</span><span class="p">:</span><span class="nx">d1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"78eff45a-25f2-4904-bab8-a8795d9a7f9b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"172.24.4.226"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="mi">5</span><span class="nx">d98aa79</span><span class="o">-</span><span class="mi">8</span><span class="nx">bc0</span><span class="o">-</span><span class="mi">4512</span><span class="o">-</span><span class="nx">a128</span><span class="o">-</span><span class="mi">078281</span><span class="nx">aae2bc</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">0</span><span class="nx">d</span><span class="p">:</span><span class="mi">4</span><span class="nx">b</span><span class="p">:</span><span class="mi">55</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.6"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="mi">6</span><span class="nx">aab05f6</span><span class="o">-</span><span class="mi">9176</span><span class="o">-</span><span class="mi">48</span><span class="nx">b4</span><span class="o">-</span><span class="mi">9</span><span class="nx">b0f</span><span class="o">-</span><span class="mi">113593945593</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">2</span><span class="nx">d</span><span class="p">:</span><span class="nx">b6</span><span class="p">:</span><span class="nx">a4</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.1"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="mi">8941</span><span class="nx">a204</span><span class="o">-</span><span class="mi">08</span><span class="nx">e7</span><span class="o">-</span><span class="mi">4547</span><span class="o">-</span><span class="nx">b720</span><span class="o">-</span><span class="nx">f9840358929b</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">5</span><span class="nx">b</span><span class="p">:</span><span class="nx">a3</span><span class="p">:</span><span class="nx">c7</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"78eff45a-25f2-4904-bab8-a8795d9a7f9b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"172.24.4.228"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="mi">9</span><span class="nx">bd695dc</span><span class="o">-</span><span class="mi">4</span><span class="nx">e6c</span><span class="o">-</span><span class="mi">40</span><span class="nx">c5</span><span class="o">-</span><span class="mi">952</span><span class="nx">d</span><span class="o">-</span><span class="mi">44269711</span><span class="nx">bd6c</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">9</span><span class="nx">e</span><span class="p">:</span><span class="mi">36</span><span class="p">:</span><span class="mi">8</span><span class="nx">f</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.3"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">afd18b4f</span><span class="o">-</span><span class="nx">c19f</span><span class="o">-</span><span class="mi">4</span><span class="nx">c03</span><span class="o">-</span><span class="nx">a049</span><span class="o">-</span><span class="nx">fe8aeae7da49</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="nx">ac</span><span class="p">:</span><span class="mi">94</span><span class="p">:</span><span class="mi">5</span><span class="nx">e</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.5"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">e63d8edb</span><span class="o">-</span><span class="nx">f10c</span><span class="o">-</span><span class="mi">4776</span><span class="o">-</span><span class="nx">a10e</span><span class="o">-</span><span class="nx">cba9ec3f3d56</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="nx">d4</span><span class="p">:</span><span class="mi">9</span><span class="nx">c</span><span class="p">:</span><span class="mi">57</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.4"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">ecbadc53</span><span class="o">-</span><span class="mi">5266</span><span class="o">-</span><span class="mi">4146</span><span class="o">-</span><span class="nx">bbb3</span><span class="o">-</span><span class="nx">d1b6d383be10</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">vip</span><span class="o">-</span><span class="nx">b9ca33b0</span><span class="o">-</span><span class="nx">b09c</span><span class="o">-</span><span class="mi">4</span><span class="nx">e7d</span><span class="o">-</span><span class="mi">8</span><span class="nx">ab7</span><span class="o">-</span><span class="mi">77</span><span class="nx">fe5207add6</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">41</span><span class="p">:</span><span class="mi">1</span><span class="nx">a</span><span class="p">:</span><span class="nx">eb</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.8"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">f0d35941</span><span class="o">-</span><span class="mi">989</span><span class="nx">c</span><span class="o">-</span><span class="mi">4</span><span class="nx">f2b</span><span class="o">-</span><span class="nx">b187</span><span class="o">-</span><span class="mi">872445</span><span class="nx">b0b653</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="mi">0</span><span class="nx">c</span><span class="p">:</span><span class="mi">7</span><span class="nx">f</span><span class="p">:</span><span class="nx">d5</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.7"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">|</span><span class="w"> </span><span class="nx">f9e097b4</span><span class="o">-</span><span class="mi">4227</span><span class="o">-</span><span class="mi">49</span><span class="nx">ee</span><span class="o">-</span><span class="mi">9442</span><span class="o">-</span><span class="mi">643</span><span class="nx">c4186e587</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nx">fa</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">3</span><span class="nx">e</span><span class="p">:</span><span class="nx">a5</span><span class="p">:</span><span class="mi">36</span><span class="p">:</span><span class="mi">2</span><span class="nx">c</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="p">{</span><span class="s">"subnet_id"</span><span class="p">:</span><span class="w"> </span><span class="s">"92432fb8-8c29-4abe-98d8-de8bf161a18b"</span><span class="p">,</span><span class="w"> </span><span class="s">"ip_address"</span><span class="p">:</span><span class="w"> </span><span class="s">"10.0.0.2"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span>
<span class="o">+--------------------------------------+------------------------------------------+-------------------+-------------------------------------------------------------------------------------+</span>
</code></pre></div>
<p>Associate VIP port with floating IP:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>floatingip-associate<span class="w"> </span>3c15f8a4-bdc6-4154-8bfa-e8b0674079ca<span class="w"> </span><span class="se">\</span>
><span class="w"> </span>ecbadc53-5266-4146-bbb3-d1b6d383be10
</code></pre></div>
<div class="highlight"><pre><span></span><code>Associated floating IP 3c15f8a4-bdc6-4154-8bfa-e8b0674079ca
</code></pre></div>
<p>At this point the Virtual IP is a member of the <em>default</em> security group which
does not allow ingress traffic unless you are also part of a security group
which allows incoming traffic. We need to update the VIP to be a member of the
<em>web</em> security group so that requests from the internet are allowed to pass
(not just from our client instance).</p>
<p>Get the web security group uuid:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>security-group-list
</code></pre></div>
<div class="highlight"><pre><span></span><code>+--------------------------------------+----------+--------------------------------------------------------------------------------+
| id | name | security_group_rules |
+--------------------------------------+----------+--------------------------------------------------------------------------------+
| 141ed0d0-c004-457d-8efa-45e0fd2dc986 | ssh | egress, IPv4 |
| | | egress, IPv6 |
| | | ingress, IPv4, 22/tcp |
| 379b58b2-7ca3-431e-ae1f-cd6a627a9b30 | default | egress, IPv4 |
| | | egress, IPv6 |
| | | ingress, IPv4, remote_group_id: 379b58b2-7ca3-431e-ae1f-cd6a627a9b30 |
| | | ingress, IPv6, remote_group_id: 379b58b2-7ca3-431e-ae1f-cd6a627a9b30 |
| 5e0d0d57-2df6-4fbc-ad18-5908aacdf799 | default | egress, IPv4 |
| | | egress, IPv6 |
| | | ingress, IPv4, remote_group_id: 5e0d0d57-2df6-4fbc-ad18-5908aacdf799 |
| | | ingress, IPv6, remote_group_id: 5e0d0d57-2df6-4fbc-ad18-5908aacdf799 |
| a98fcd2f-a828-4a88-92aa-36e3c1223a92 | web | egress, IPv4 |
| | | egress, IPv6 |
| | | ingress, IPv4, 22/tcp, remote_group_id: 141ed0d0-c004-457d-8efa-45e0fd2dc986 |
| | | ingress, IPv4, 80/tcp |
| b2c914cb-3bc1-4ee6-9f30-66c459af5f4c | default | egress, IPv4 |
| | | egress, IPv6 |
| | | ingress, IPv4, remote_group_id: b2c914cb-3bc1-4ee6-9f30-66c459af5f4c |
| | | ingress, IPv6, remote_group_id: b2c914cb-3bc1-4ee6-9f30-66c459af5f4c |
| cf6c0380-e255-4ba8-9258-bb8e9c062fa7 | database | egress, IPv4 |
| | | egress, IPv6 |
| | | ingress, IPv4, 22/tcp, remote_group_id: 141ed0d0-c004-457d-8efa-45e0fd2dc986 |
| | | ingress, IPv4, 3306/tcp, remote_group_id: a98fcd2f-a828-4a88-92aa-36e3c1223a92 |
+--------------------------------------+----------+--------------------------------------------------------------------------------+
</code></pre></div>
<p>Update VIP port to be a member of the <em>web</em> security group:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>neutron<span class="w"> </span>port-update<span class="w"> </span>ecbadc53-5266-4146-bbb3-d1b6d383be10<span class="w"> </span>--security_groups<span class="w"> </span><span class="se">\</span>
><span class="w"> </span><span class="nv">list</span><span class="o">=</span><span class="nb">true</span><span class="w"> </span>a98fcd2f-a828-4a88-92aa-36e3c1223a92
</code></pre></div>
<div class="highlight"><pre><span></span><code>Updated port: ecbadc53-5266-4146-bbb3-d1b6d383be10
</code></pre></div>
<h3>Verify loadbalancer</h3>
<p>At this point your VIP is publicly addressable:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="k">for</span><span class="w"> </span>i<span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="k">$(</span>seq<span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="m">4</span><span class="k">)</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">do</span><span class="w"> </span>wget<span class="w"> </span>-O<span class="w"> </span>-<span class="w"> </span>http://172.24.4.229/<span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">done</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>Connecting to 172.24.4.229 (172.24.4.229:80)
web-server1
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 172.24.4.229 (172.24.4.229:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 172.24.4.229 (172.24.4.229:80)
web-server1
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 172.24.4.229 (172.24.4.229:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
</code></pre></div>
<p>To demonstration high availability, we’ll go and delete our <code>web_server1</code>
instance to simulate a failure.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>openstack<span class="w"> </span>server<span class="w"> </span>delete<span class="w"> </span>web_server1
</code></pre></div>
<p>After the health monitor detects the host is not responding it will stop sending
requests to <code>web_server1</code>. Now <code>web_server2</code> is handling all the requests.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span><span class="k">for</span><span class="w"> </span>i<span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="k">$(</span>seq<span class="w"> </span><span class="m">1</span><span class="w"> </span><span class="m">4</span><span class="k">)</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">do</span><span class="w"> </span>wget<span class="w"> </span>-O<span class="w"> </span>-<span class="w"> </span>http://172.24.4.229/<span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">done</span>
</code></pre></div>
<div class="highlight"><pre><span></span><code>Connecting to 172.24.4.229 (172.24.4.229:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 172.24.4.229 (172.24.4.229:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 172.24.4.229 (172.24.4.229:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
Connecting to 172.24.4.229 (172.24.4.229:80)
web-server2
<span class="k">-</span> 100% |************************************| 12 0:00:00 ETA
</code></pre></div>
<p>Note: the first request might take longer to handle. This is because of the
timeout before it notices the host is not responding.</p>
<h2>Conclusion</h2>
<p>As described in this article, it is easy to set up an environment with OpenStack
in which you can securely host website, and deny access to your database servers.</p>
<p>In future articles I will talk about High Availability and automation of setting
up an environment; for instance with HAProxy, GlusterFS and OpenStack Heat.</p>
<p>If you have any suggestion, please discuss below or send me an email.</p>
<p>Note: the original publication can be found at: <a href="https://gitlab.com/gbraad/openstack-handsonlabs">OpenStack hands-on-labs</a></p>JavaScript Loaders2014-11-04T00:00:00+08:002014-11-04T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2014-11-04:/javascript-loaders.html<p>Overview of JavaScript loaders</p>
<ul>
<li><a href="http://requirejs.org/docs/commonjs.html#autoconversion">http://requirejs.org/docs/commonjs.html#autoconversion</a></li>
<li><a href="http://blog.millermedeiros.com/amd-is-better-for-the-web-than-commonjs-modules/">http://blog.millermedeiros.com/amd-is-better-for-the-web-than-commonjs-modules/</a></li>
<li><a href="http://addyosmani.com/writing-modular-js/">http://addyosmani.com/writing-modular-js/</a></li>
<li><a href="http://msdn.microsoft.com/en-us/magazine/hh227261.aspx">http://msdn.microsoft.com/en-us/magazine/hh227261.aspx</a></li>
</ul>Trigger PhoneGap Build from GitHub2014-11-04T00:00:00+08:002014-11-04T00:00:00+08:00Gerard Braad <me@gbraad.nl>tag:blog.gbraad.nl,2014-11-04:/trigger-phonegap-build-from-github.html<p>You can remotely trigger a build by using the <a href="https://build.phonegap.com/docs/api">API</a></p>
<p>First you need to get your auth token:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>curl<span class="w"> </span>-u<span class="w"> </span>me@gbraad.nl-X<span class="w"> </span>POST<span class="w"> </span>-d<span class="w"> </span><span class="s2">""</span><span class="w"> </span>https://build.phonegap.com/token
</code></pre></div>
<p>Test it and retrieve your appid using the following command:</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">curl</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">build</span><span class="p">.</span><span class="n">phonegap</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">api</span><span class="o">/</span><span class="n">v1</span><span class="o">/</span><span class="n">me</span><span class="vm">?</span><span class="n">auth_token</span><span class="o">=[</span><span class="n">token …</span></code></pre></div><p>You can remotely trigger a build by using the <a href="https://build.phonegap.com/docs/api">API</a></p>
<p>First you need to get your auth token:</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>curl<span class="w"> </span>-u<span class="w"> </span>me@gbraad.nl-X<span class="w"> </span>POST<span class="w"> </span>-d<span class="w"> </span><span class="s2">""</span><span class="w"> </span>https://build.phonegap.com/token
</code></pre></div>
<p>Test it and retrieve your appid using the following command:</p>
<div class="highlight"><pre><span></span><code><span class="err">$</span><span class="w"> </span><span class="n">curl</span><span class="w"> </span><span class="nl">https</span><span class="p">:</span><span class="o">//</span><span class="n">build</span><span class="p">.</span><span class="n">phonegap</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">api</span><span class="o">/</span><span class="n">v1</span><span class="o">/</span><span class="n">me</span><span class="vm">?</span><span class="n">auth_token</span><span class="o">=[</span><span class="n">token</span><span class="o">]</span>
</code></pre></div>
<p>After this go to your Github repo, open the admin and go to 'Service hooks'. Add a new WebHook URL (first option) and add yours
<code>https://build.phonegap.com/apps/[appid]/build/?auth_token=[token]</code></p>
<p>Save this and trigger it with 'Test hook'. When you would open: <code>https://build.phonegap.com/apps/[appid]/builds</code> you will probably see a new build.</p>