Vagrant and openstack
Table of Contents
Earlier I wrote a post on using vmware fusion and vagrant.
Now I’m going to use vagrant and the vmware_fusion plugin to create a precise64 virtual machine, in which I will install devstack, and then I will use the vagrant and openstack plugin to boot a cirros vm inside the devstack vm. Meta…inception…whatever you want to call it. :)
NOTE: Make sure your precise64 vm has more than the default memory of 512–I set mine to 2048. A bit more memory might be nice too, if you’ve got it available.
NOTE: Here is a great post to follow on using devstack and grizzly and quantum, much of which I am reusing here.
Why?
There is no spoon.
Install devstack
Devstack is a really useful development environment for openstack. If you want to try out the new features in openstack grizzly, this is an easy way.
#
# Create the vm
#
$ vagrant up --provider=vmware_fusion
Bringing machine 'default' up with 'vmware_fusion' provider...
SNIP!
#
# Login to the vm
#
$ vagrant ssh
Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-virtual x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Thu Apr 11 10:14:43 2013 from 192.168.134.1
vagrant@precise64:~$ sudo apt-get update
Ign http://security.ubuntu.com precise-security InRelease
Ign http://us.archive.ubuntu.com precise InRelease
Ign http://us.archive.ubuntu.com precise-updates InRelease
SNIP!
$ sudo apt-get install git
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
git-man libcurl3-gnutls liberror-perl librtmp0 rsync
SNIP!
$ git clone git://github.com/openstack-dev/devstack.git
Cloning into 'devstack'...
#
# Setup devstack with a localrc file
#
vagrant@precise64:~$ cd devstack
vagrant@precise64:~/devstack$ cat localrc
ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-obj,n-cpu,n-sch,n-cauth, \
horizon,mysql,rabbit,sysstat,cinder,c-api,c-vol,c-sch,n-cond,quantum,q-svc, \
q-agt,q-dhcp,q-l3,q-meta,q-lbaas,n-novnc,n-xvnc,q-lbaas
DATABASE_PASSWORD=password
RABBIT_PASSWORD=password
SERVICE_TOKEN=password
SERVICE_PASSWORD=password
ADMIN_PASSWORD=password
#
# Run stack.sh
#
vagrant@precise64:~/devstack$ ./stack.sh
Traceback (most recent call last):
File "", line 2, in
ImportError: No module named netaddr
Traceback (most recent call last):
File "", line 2, in
ImportError: No module named netaddr
SNIP!
# That error doesn't look good...oh well let's continue...
# hit enter a few times
# Go for a walk, get a coffee, do some vacuuming...
Horizon is now available at http://192.168.134.139/
Keystone is serving at http://192.168.134.139:5000/v2.0/
Examples on using novaclient command line is in exercise.sh
The default users are: admin and demo
The password: ed5cb213364bb0fd15a9
This is your host ip: 192.168.134.139
stack.sh completed in 694 seconds.
</code>
</pre>
Now that devstack seems to have completed the install, check and see if basic openstack commands are working.
#
# Source the user, password file generated by devstack
#
vagrant@precise64:~/devstack$ source openrc
#
# And lets see what's running and is available
#
vagrant@precise64:~/devstack$ nova list
+----+------+--------+----------+
| ID | Name | Status | Networks |
+----+------+--------+----------+
+----+------+--------+----------+
vagrant@precise64:~/devstack$ nova image-list
+--------------------------------------+---------------------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------------------+--------+--------+
| 73f320dd-5769-4ec2-a0e7-e44979070e8c | cirros-0.3.1-x86_64-uec | ACTIVE | |
| 4af449b1-a70b-4857-93ea-9690bc5db779 | cirros-0.3.1-x86_64-uec-kernel | ACTIVE | |
| 017e58df-27bc-4bb4-89d3-f133760a3f0e | cirros-0.3.1-x86_64-uec-ramdisk | ACTIVE | |
+--------------------------------------+---------------------------------+--------+--------+
#
# Oooh, we have quantum too!
#
vagrant@precise64:~$ quantum net-list
+--------------------------------------+---------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+--------------------------------------------------+
| 5a39203e-3d83-4d47-a75e-9ec98f5ed595 | private | dae29b88-1562-42e4-8e30-0ecce7b40f47 10.0.0.0/24 |
| a608d79d-ace8-4335-81c3-3490393d7700 | public | cc058059-b342-41d9-8c68-98d6feedcfbd |
+--------------------------------------+---------+--------------------------------------------------+
vagrant@precise64:~$ quantum subnet-list
+--------------------------------------+------+-------------+--------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+------+-------------+--------------------------------------------+
| dae29b88-1562-42e4-8e30-0ecce7b40f47 | | 10.0.0.0/24 | {"start": "10.0.0.2", "end": "10.0.0.254"} |
+--------------------------------------+------+-------------+--------------------------------------------+
## Using vagrant with openstack
First, get the vagrant-openstack plugin.
$ vagrant plugin install vagrant-openstack
Installing the 'vagrant-openstack' plugin. This can take a few minutes...
Installed the plugin 'vagrant-openstack (0.0.2)'!
$ vagrant plugin list
vagrant-openstack (0.0.2)
vagrant-vmware-fusion (0.4.2)
Before we get too far, let's create a keypair in devstack.
vagrant@precise64:~$ source ~/devstack/openrc
vagrant@precise64:~$ nova keypair-add --pub-key ~/.ssh/authorized_keys vagrant
vagrant@precise64:~$ nova keypair-list
+---------+-------------------------------------------------+
| Name | Fingerprint |
+---------+-------------------------------------------------+
| vagrant | dd:3b:b8:2e:85:04:06:e9:ab:ff:a8:0a:c0:04:6e:d6 |
+---------+-------------------------------------------------+
I'm going to create a new local directory to work with vagrant out of.
$ cd ~/working/vagrant
$ mkdir vagrant-openstack
$ cd vagrant-openstack
$ vagrant init
$ vi Vagrantfile
# Add config information...
We need to insert some information into the vagrantfile for openstack.
First get the image ID. Devstack automatically adds an image, but each time devstack is run the ID will be different.
vagrant@precise64:~$ nova image-list
+--------------------------------------+---------------------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------------------+--------+--------+
| 0cf481ad-482e-441c-b8a6-49e792ae0dfb | cirros-0.3.1-x86_64-uec | ACTIVE | |
| 2630cd9e-c375-49d0-81bd-ffbfc638e752 | cirros-0.3.1-x86_64-uec-kernel | ACTIVE | |
| 7375ddbc-51c7-4492-bd2b-de30f10210db | cirros-0.3.1-x86_64-uec-ramdisk | ACTIVE | |
+--------------------------------------+---------------------------------+--------+--------+
In this example we want the _0cf481ad-482e-441c-b8a6-49e792ae0dfb_ image ID.
Also, we probably want to add a smaller flavor for the cirros image. By default the smallest flavor uses 512MB of ram.
#
# Default flavors
#
vagrant@precise64:~$ nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | extra_specs |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| 1 | m1.tiny | 512 | 0 | 0 | | 1 | 1.0 | True | {} |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | {} |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | {} |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | {} |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True | {} |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
#
# Add a smaller flavor
#
vagrant@precise64:~$ nova-manage flavor create --name=m1.teeny --memory=64 \
--cpu=1 --root_gb=0 --ephemeral_gb=0 --flavor=6 --swap=0 --is_public yes
2013-04-11 11:36:08 DEBUG [nova.openstack.common.lockutils] Got semaphore \
"dbapi_backend" for method "__get_backend"...
m1.teeny created
#
# Now we have a 6th flavor!
#
vagrant@precise64:~$ nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | extra_specs |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
| 1 | m1.tiny | 512 | 0 | 0 | | 1 | 1.0 | True | {} |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | {} |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | {} |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | {} |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True | {} |
| 6 | m1.teeny | 64 | 0 | 0 | | 1 | 1.0 | True | {} |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+-------------+
Flavor 6 is what we'll use.
Next, check the OS vars in devstack to see what to put into the vagrantfile:
vagrant@precise64:~$ env | grep "^OS"
OS_PASSWORD=password
OS_AUTH_URL=http://192.168.134.139:5000/v2.0
OS_USERNAME=demo
OS_TENANT_NAME=demo
OS_CACERT=/opt/stack/data/CA/int-ca/ca-chain.pem
OS_NO_CACHE=1
Now with all that information we can fill out the vagrantfile. Mine looks like this:
$ cat Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Every Vagrant virtual environment requires a box to build off of.
config.vm.box = "base"
config.vm.provider :openstack do |os|
os.url = "http://192.168.134.139:5000/v2.0"
os.tenant = "demo"
os.user = "demo"
os.password = "password"
os.flavor = "6"
os.keypair = "vagrant"
os.image = "0cf481ad-482e-441c-b8a6-49e792ae0dfb"
# Not sure why but I feel like calling this vm whitney
os.name = "whitney"
os.ssh_username = "cirros"
os.ssh_private_key = "~/.ssh/id_dsa.pub"
end
end
Using vagrant, boot the vm.
#
# Boot it
#
$ vagrant up --provider=openstack
Bringing machine 'default' up with 'openstack' provider...
[default] New VM created 419e5940-e068-42a4-bb28-68ad72f85d8a => whitney
#
# Check status
#
$ vagrant status
Current machine states:
default running (openstack)
The nova instance is running. To stop this machine, you can run
`vagrant halt`. To destroy the machine, you can run `vagrant destroy`.
Let's see what's happening in devstack.
#
# What does virsh know?
#
vagrant@precise64:~$ sudo virsh list
Id Name State
----------------------------------
1 instance-00000001 running
#
# And lets ask openstack...
#
vagrant@precise64:~$ source ~/devstack/openrc
vagrant@precise64:~$ nova list
+--------------------------------------+---------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+---------+--------+------------------+
| 419e5940-e068-42a4-bb28-68ad72f85d8a | whitney | ACTIVE | private=10.0.0.3 |
+--------------------------------------+---------+--------+------------------+
vagrant@precise64:~$ nova show 419e5940-e068-42a4-bb28-68ad72f85d8a
+-----------------------------+----------------------------------------------------------------+
| Property | Value |
+-----------------------------+----------------------------------------------------------------+
| status | ACTIVE |
| updated | 2013-04-11T18:40:43Z |
| OS-EXT-STS:task_state | None |
| private network | 10.0.0.3 |
| key_name | vagrant |
| image | cirros-0.3.1-x86_64-uec (0cf481ad-482e-441c-b8a6-49e792ae0dfb) |
| hostId | cbfc5a689eaff0c72de8f66161efb06270322d48baf6d9120f612c42 |
| OS-EXT-STS:vm_state | active |
| flavor | m1.teeny (6) |
| id | 419e5940-e068-42a4-bb28-68ad72f85d8a |
| security_groups | [{u'name': u'default'}] |
| user_id | 26c0f9a23e9c44f6b660557122119171 |
| name | whitney |
| created | 2013-04-11T18:40:31Z |
| tenant_id | bb54c65c4aba482f8f6d363e0730df95 |
| OS-DCF:diskConfig | MANUAL |
| metadata | {} |
| accessIPv4 | |
| accessIPv6 | |
| progress | 0 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-AZ:availability_zone | nova |
| config_drive | |
+-----------------------------+----------------------------------------------------------------+
Nice.
Now, unless we give this vm a "public ip" we won't be able to ssh in without hopping into the devstack host first.
But first...one. More. Step.
By default, with devstack, it seems the default security group is pretty restrictive. So we need to add a couple rules.
#
# Default secgroup rules
#
vagrant@precise64:~$ nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
| | -1 | -1 | | default |
| | -1 | -1 | | default |
+-------------+-----------+---------+----------+--------------+
#
# Add ping
#
vagrant@precise64:~$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
#
# Add ssh
#
vagrant@precise64:~$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
#
# New secgroup rules
#
vagrant@precise64:~$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| | -1 | -1 | | default |
| | -1 | -1 | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
#
# And now we should be able to ping and ssh in to whitney
#
vagrant@precise64:~$ ping -c 1 -w 1 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_req=1 ttl=63 time=72.2 ms
--- 10.0.0.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 72.261/72.261/72.261/0.000 ms
vagrant@precise64:~$ ssh cirros@10.0.0.3
cirros@10.0.0.3's password: # enter "cubswin:)"
$ uname -a
Linux cirros 3.2.0-37-virtual #58-Ubuntu SMP Thu Jan 24 15:48:03 UTC 2013 x86_64 GNU/Linux
_NOTE: I'm skipping the part about using the authorized_keys file cirros sets up for itself based on the keypair specified. But you can ssh into the cirros instance without a password if everything is setup right, ssh -A, ssh-agent, etc._
## Conclusion
And that concludes our brief look at booting a vm inside of vm, using:
- macbook retina
- vagrant
- vmware fusion
- vagrant-openstack
- devstack
- cirros
- openstack grizzly
Everything works!
We can even delete the vm we just created:
$ vagrant destroy
[default] Deleting the instance...
Check in with openstack...
#
# vm gone!
#
vagrant@precise64:~$ nova list
+----+------+--------+----------+
| ID | Name | Status | Networks |
+----+------+--------+----------+
+----+------+--------+----------+