From d1bae6362b45550f9a32b53132bea5930d52c3da Mon Sep 17 00:00:00 2001 From: voidedmain Date: Tue, 15 Apr 2025 15:51:54 +0300 Subject: [PATCH] Refactoring of Testbed doc Signed-off-by: voidedmain --- docs/testbed.mdx | 845 ------------------------------- docs/testbed/appendix.mdx | 164 ++++++ docs/testbed/deployment.mdx | 239 +++++++++ docs/testbed/index.md | 24 + docs/testbed/prerequisites.mdx | 73 +++ docs/testbed/troubleshooting.mdx | 70 +++ docs/testbed/usage.mdx | 305 +++++++++++ 7 files changed, 875 insertions(+), 845 deletions(-) delete mode 100644 docs/testbed.mdx create mode 100644 docs/testbed/appendix.mdx create mode 100644 docs/testbed/deployment.mdx create mode 100644 docs/testbed/index.md create mode 100644 docs/testbed/prerequisites.mdx create mode 100644 docs/testbed/troubleshooting.mdx create mode 100644 docs/testbed/usage.mdx diff --git a/docs/testbed.mdx b/docs/testbed.mdx deleted file mode 100644 index 5bf3f517b3..0000000000 --- a/docs/testbed.mdx +++ /dev/null @@ -1,845 +0,0 @@ ---- -sidebar_label: Testbed -sidebar_position: 80 ---- - -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; - -# Testbed - -With the OSISM Testbed, it is possible to run a full Sovereign Cloud Stack -deployment on an existing OpenStack environment such as Cleura or [REGIO.cloud](https://regio.digital). - -OSISM is the reference implementation for the Infrastructure as a Service (IaaS) layer in the -[Sovereign Cloud Stack](https://www.sovereigncloudstack.org) (SCS) project. The OSISM Testbed is therefore -used in the SCS project to test and work on the Instrastructure as a Service layer. - -The OSISM Testbed is intended as a playground. Further services and integration will -be added over time. A increasing number of best practices and experiences from the productive -deployments will be included here in the future. It will become more production-like -over time. However, at no point does it claim to represent a production setup exactly. - -## Requirements - -### Cloud access - -The usual prerequisite is to have an account on one of the supported OpenStack cloud providers. -As the OSISM Testbed also virtualizes systems itself, the OpenStack cluster should provide -the capabilities for nested virtualization. - -It is not part of this guide to describe the registration with the individual cloud -providers. Please contact the respective cloud provider for this. - -| Product | Provider | Profile name | Note | -|:--------------------|:---------------|:-----------------|:----------------------------------| -| Cleura | Cleura | `cleura` | | -| Fuga Cloud | FUGA | `fuga` | | -| HuaweiCloud | HuaweiCloud | `huaweicloud` | | -| OVH | OVH | `ovh` | | -| OpenTelekomCloud | T-Systems | `otc` | | -| pluscloud open | plusserver | `pluscloudopen` | | -| pluscloud SCS Test | plusserver | `gx-scs` | | -| REGIO.cloud | OSISM | `regiocloud` | | -| REGIO.cloud | OSISM | `regio-fast` | boot from NVMe SSD backed volumes | -| Wavestack | noris network | `wavestack` | | -| CNDS Cloud | artcodix | `artcodix` | | - -For each cloud provider listed in the table, a predefined profile is available in the -`terraform/environments` directory. This profile contains the name of the public -network, which flavors to use, etc. - -Here is an example from the profile for [REGIO.cloud](https://regio.digital). - -```text -flavor_manager = "SCS-4V-16-50" -flavor_node = "SCS-8V-32-50" -volume_type = "ssd" -image = "Ubuntu 22.04" -image_node = "Ubuntu 22.04" -public = "public" -availability_zone = "nova" -volume_availability_zone = "nova" -network_availability_zone = "nova" -``` - -### Cloud resources - -The OSISM Testbed requires at least the following project quota when using the default flavors: - -| Quantity | Resource | Note | -|:---------|:---------------------|:----------------------------------------------| -| 7 | Instances | 52 VCPUs + 208 GByte RAM (6 modes, 1 manager) | -| 18 | Volumes | 360 GByte volume storage | -| 1 | Floating IP | | -| 1 | Keypair | | -| 3 | Security group | | -| 16 | Security group rules | | -| 1 | Network | | -| 1 | Subetwork | | -| 6 | Ports | | -| 1 | Router | | - -### Software - -* `make` must be installed on the system -* Wireguard or `sshuttle` must be installed on your system for VPN access -* Python must be installed, the Python version used must be at least 3.10, otherwise - the current Ansible release cannot be used (details in the - [Ansible support matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix)) -* `python3-venv` must be installed for managing Python dependencies like Ansible - -## Deployment - -This section describes step by step how to deploy the OSISM Testbed. - -1. Request access from the administrator of the respective cloud or get access to an OpenStack cloud. - -2. Clone the [osism/testbed](https://github.com/osism/testbed) repository. - - The repository can also be cloned to any other location. - - ```bash - mkdir -p ~/src/github.com/osism - git clone https://github.com/osism/testbed ~/src/github.com/osism/testbed - cd ~/src/github.com/osism/testbed - ``` - -3. Configure your cloud access profile - - The access data for the cloud provider used is stored in `terraform/clouds.yaml` and (optionally) - in `terraform/secure.yaml` (same structure, if you want to store credentials on a separate place). - - In file [terraform/clouds.yaml.sample](https://github.com/osism/testbed/blob/main/terraform/clouds.yaml.sample) - you will find examples of typical setups. Settings that are identical for all users of a cloud can be defined - centrally via the profiles of the file - [terraform/clouds-public.yaml](https://github.com/osism/testbed/blob/main/terraform/clouds-public.yaml). - You can reference these settings by using the `profile` parameter in cloud-specific - definition in `terraform/clouds.yaml`. - - The user specific settings of the `clouds.yaml` file are provided by the cloud provider. Please check the - documentation of the cloud provider you are using or their support for details. - - [REGIO.cloud](https://regio.digital) is used as an example here. The cloud name in `clouds.yaml` - and the environment name (value of `ENVIRONMENT`) are `regiocloud` in this case. It is important that - the name of the cloud in `clouds.yaml` matches the name of the environment to be used. The names must - be identical. It is currently not possible to name the cloud `regiocloud-123` in `clouds.yaml` if the - environment is `regiocloud`. - - If another cloud is used, replace `regiocloud` with the respective profile name [from the table above](#cloud-access). - - - - The use of application credentials is preferred. This way it is not necessary to store - details like username, project name or sensitive information like the password in the - `clouds.yaml` file. - - The application credentials can be found in Horizon under **Identity**. Use `OSISM Testbed` as - name and click `Create Application Credential`. - - ```yaml title="terraform/clouds.yaml" - clouds: - regiocloud: - profile: regiocloud - auth: - application_credential_id: ID - application_credential_secret: SECRET - auth_type: "v3applicationcredential" - ``` - - If you want to make use of `terraform/secure.yaml` add your application credential secret there - instead of `terraform/clouds.yaml`. - - ```yaml title="terraform/secure.yaml" - clouds: - regiocloud: - auth: - application_credential_secret: SECRET - ``` - - - - - ```yaml title="terraform/clouds.yaml" - clouds: - regiocloud: - profile: regiocloud - auth: - project_name: PROJECT - username: USERNAME - project_domain_name: DOMAIN - user_domain_name: DOMAIN - ``` - - If you want to make use of `terraform/secure.yaml` add your password there instead of `terraform/clouds.yaml`. - - ```yaml title="terraform/secure.yaml" - clouds: - regiocloud: - auth: - password: PASSWORD - ``` - - - - -4. Prepare the deployment. - - The versions of Ansible and [OpenTofu](https://opentofu.org) are managed - automatically and necessary dependencies are cloned. - - ```bash - make prepare - ``` - - If any error occurs during preparation and you want to run the preparation - again, it is important to run `make wipe-local-install` first. Otherwise the - preparation will not be redone completely and necessary parts will be missing - later on. - -5. Create the infrastructure with OpenTofu. - - ```bash - make ENVIRONMENT=regiocloud create - ``` - -6. Deploy the OSISM manager and bootstrap all nodes. - - - - ```bash - make ENVIRONMENT=regiocloud manager - ``` - - - ```bash - make ENVIRONMENT=regiocloud VERSION_MANAGER=8.0.1 manager - ``` - - - Replace the version with the version you prefer. - Check the [OSISM release notes](https://osism.tech/docs/release-notes/) - to find out what's available. - -7. After the bootstrap, you can log in to the manager via SSH. - - ```bash - make ENVIRONMENT=regiocloud login - ``` - - Yo can log in to the nodes of the cluster via the manager. - - ```bash - osism console testbed-node-0 - ``` - -8. Deploy all services. - - - - It is also possible to deploy the services step by step on the - manager. To do this, first log in to the manager with `make ENVIRONMENT=regiocloud login` - and then execute the deploy scripts one after the other. It is recommended to do this - within a screen session. - - Deploying the services takes some time and depends on how much bandwidth is available, - how the instances are equipped, etc. 90-120 minutes is not unusual when Ceph and OpenStack - are fully deployed. - - To speed up the Ansible playbooks, [ARA](https://ara.recordsansible.org) can be disabled. This - is done by executing `/opt/configuration/scripts/disable-ara.sh`. Run this script **before** the deployment scripts. - Afterwards no more logs are available in the ARA web - interface. To re-enable ARA use `/opt/configuration/scripts/enable-ara.sh`. - - There is also the option of pre-population of images with `/opt/configuration/scripts/pull-images.sh` - so that deployments do not have to be lengthy. Run this script **before** the deployment scripts. - - ```bash - /opt/configuration/scripts/deploy/001-helpers.sh - /opt/configuration/scripts/deploy/100-ceph-with-ansible.sh - /opt/configuration/scripts/deploy/200-infrastructure.sh - /opt/configuration/scripts/deploy/300-openstack.sh - /opt/configuration/scripts/deploy/400-monitoring.sh - /opt/configuration/scripts/deploy/500-kubernetes.sh - ``` - - Prepare OpenStack resources like public network, flavors and images by running - `/opt/configuration/scripts/bootstrap.sh`. Run this script **after** the deployment scripts. - - :::info - - If you only want to deploy the monitoring services with `/opt/configuration/scripts/deploy/400-monitoring.sh`, - a few dependencies must be deployed first. You can then use the monitoring services without having to install a - complete OpenStack & Ceph environment. - - ```bash - osism apply common - osism apply loadbalancer - osism apply opensearch - osism apply mariadb - ``` - - ::: - - - In this single step deployment, Ceph, OpenStack and all necessary - infrastructure services (MariaDB, RabbitMQ, ...) are deployed. - Depending on the cloud, the deployment will take some time. Up to two hours is not unusual. - - ```bash - make ENVIRONMENT=regiocloud deploy - ``` - - - -9. If you want to verify the deployment with [refstack](https://opendev.org/openinfra/refstack) run - `/opt/configuration/scripts/check.sh`. This step will take some time and is optional. - -10. The machine images required for the use of Kubernetes Cluster API and the amphora driver of OpenStack Octavia - service are not provided by default to save resources on the OSISM Testbed and improve deployment time. - These can be provisioned if required. - - ```bash - /opt/configuration/scripts/bootstrap/301-openstack-octavia-amhpora-image.sh - /opt/configuration/scripts/bootstrap/302-openstack-k8s-clusterapi-images.sh - ``` - -11. If you want you can create a test project with a test user after login. It also - creates an instance with a volume attached to a network with a router. This step is optional. - - ```bash - osism apply --environment openstack test - ``` - -12. When the OSISM Testbed is no longer needed, it can be deleted. - - ```bash - make ENVIRONMENT=regiocloud clean - ``` - -## Usage - -Deployment must be completed at this point. - -### Custom CA - -The OSISM Testbed deployment currently uses hostnames in the domain `testbed.osism.xyz`. This is a real domain -and we provide the DNS records matching the addresses used in the OSISM Testbed, so that once you connect to your testbed via a direct -link or Wireguard, you can access hosts and servers by their hostname (e.g. `ssh testbed-manager.testbed.osism.xyz`). - -We also provide a wildcard TLS certificate signed by a custom CA for `testbed.osism.xyz` and `*.testbed.osism.xyz`. -This CA is always used for each testbed. The CA is not regenerated and it is not planned to change this for the next 10 years. - -In order for these certificates to be recognized locally as valid, the CA -[environments/kolla/certificates/ca/testbed.crt](https://raw.githubusercontent.com/osism/testbed/main/environments/kolla/certificates/ca/testbed.crt) -must be imported locally. - -### VPN access - -#### Wireguard - -Install wireguard on your workstation, if you have not done this before. For instructions how to do -it on your workstation, please have a look on the documentation of your used distribution. The -wireguard documentation you will find [here](https://www.wireguard.com). - -Start the wireguard tunnel. -(Press CTRL+c to keep the tunnel running forever. The make target also launches a browser tab with references to all services) - -```bash -make vpn-wireguard ENVIRONMENT=regiocloud -``` - -If you want to connect to the OSISM Testbed from multiple clients, change the client IP -address in the downloaded configuration file to be different on each client. - -If you only want to download the Wireguard configuration, you can use the `vpn-wireguard-config` -target. The configuration is then available in the file `wg-testbed-regiocloud.conf`, for example. - -```bash -make vpn-wireguard-config ENVIRONMENT=regiocloud -``` - -#### sshuttle - -If you do not want to use Wireguard you can also work with [sshuttle](https://github.com/sshuttle/sshuttle). - -```bash -make vpn-sshuttle ENVIRONMENT=regiocloud -killall sshuttle -``` - -### Static entries in `/etc/hosts` - -If you are unable to access the following domains, you can customize your local `/etc/hosts` -with the following static entries. This may be necessary, for example, if you use Pi-hole and -all DNS entries from a public DNS with a non-public IP address are filtered. - -```bash -# OSISM Testbed hosts -192.168.16.5 ara.testbed.osism.xyz ara -192.168.16.5 cgit.testbed.osism.xyz cgit -192.168.16.5 flower.testbed.osism.xyz flower -192.168.16.5 homer.testbed.osism.xyz homer -192.168.16.5 netbox.testbed.osism.xyz netbox -192.168.16.5 testbed-manager.testbed.osism.xyz testbed-manager -192.168.16.5 nexus.testbed.osism.xyz nexus -192.168.16.5 phpmyadmin.testbed.osism.xyz phpmyadmin -192.168.16.9 api-int.testbed.osism.xyz api-int -192.168.16.10 testbed-node-0.testbed.osism.xyz testbed-node-0 -192.168.16.11 testbed-node-1.testbed.osism.xyz testbed-node-1 -192.168.16.12 testbed-node-2.testbed.osism.xyz testbed-node-2 -192.168.16.13 testbed-node-3.testbed.osism.xyz testbed-node-3 -192.168.16.14 testbed-node-4.testbed.osism.xyz testbed-node-4 -192.168.16.15 testbed-node-5.testbed.osism.xyz testbed-node-5 -192.168.16.16 testbed-node-6.testbed.osism.xyz testbed-node-6 -192.168.16.17 testbed-node-7.testbed.osism.xyz testbed-node-7 -192.168.16.18 testbed-node-8.testbed.osism.xyz testbed-node-8 -192.168.16.19 testbed-node-9.testbed.osism.xyz testbed-node-9 -192.168.16.100 keycloak.testbed.osism.xyz keycloak -192.168.16.254 api.testbed.osism.xyz api -``` - -### Webinterfaces - -All SSL enabled services within the OSISM Testbed use certs which are signed by the self-signed -[OSISM Testbed CA](https://raw.githubusercontent.com/osism/testbed/main/environments/kolla/certificates/ca/testbed.crt) -(Download the file and import it as certification authority to your browser). - -If you want to access the services please choose the URL from the following table. - -| Name | URL | Username | Password | Note | -|:-------------------------|:-----------------------------------------------|:-------------|:-------------|:----------------| -| ARA | https://ara.testbed.osism.xyz | ara | password | | -| Ceph | https://api-int.testbed.osism.xyz:8140 | admin | password | | -| Flower | https://flower.testbed.osism.xyz | | | | -| Grafana | https://api-int.testbed.osism.xyz:3000 | admin | password | | -| HAProxy (testbed-node-0) | http://testbed-node-0.testbed.osism.xyz:1984 | openstack | password | | -| HAProxy (testbed-node-1) | http://testbed-node-1.testbed.osism.xyz:1984 | openstack | password | | -| HAProxy (testbed-node-2) | http://testbed-node-2.testbed.osism.xyz:1984 | openstack | password | | -| Homer | https://homer.testbed.osism.xyz | | | | -| Horizon (via Keystone) | https://api.testbed.osism.xyz | admin | password | domain: default | -| Horizon (via Keystone) | https://api.testbed.osism.xyz | test | test | domain: test | -| Netbox | https://netbox.testbed.osism.xyz | admin | password | | -| Netdata | http://testbed-manager.testbed.osism.xyz:19999 | | | | -| Nexus | https://nexus.testbed.osism.xyz | admin | password | | -| OpenSearch Dashboards | https://api.testbed.osism.xyz:5601 | opensearch | password | | -| Prometheus | https://api-int.testbed.osism.xyz:9091 | admin | password | | -| RabbitMQ | https://api-int.testbed.osism.xyz:15672 | openstack | password | | -| phpMyAdmin | https://phpmyadmin.testbed.osism.xyz | root | password | | - -#### Usage of the OpenStack CLI - -The `environments/openstack` folder contains the needed files for the openstack client: - -```bash -cd environments/openstack -export OS_CLOUD= # i.e. admin -openstack floating ip list -``` - -## Advanced Usage - -### External API - -It is possible to provide the OpenStack APIs and the OpenStack Dashboard via the manager's public IP address. -This is not enabled by default, with the exception of the OTC profile. To provide the OpenStack APIs and the -OpenStack dashboard via the public IP address of the manager, the following changes are necessary in the -`terraform/environments/regiocloud.tfvars` file. If a cloud other than the REGIO.cloud is used, the profile -of the other cloud is changed accordingly. - -1. Add the customisation `external_api`. This customisation makes sure that the required security group rules - are created for the various OpenStack APIs and the OpenStack dashboard. - - ``` - # customisation:external_api - ``` - -2. Set parameter `external_api` to `true`. This makes sure that all necessary changes are made in the configuration - repository when the manager service is deployed. It is correct that this is added as a comment. - - ``` - external_api = true - ``` - -3. After the deployment of the manager service and the OpenStack services, the OpenStack APIs and the OpenStack - dashboard can be reached via a DNS name. The service [traefik.me](https://traefik.me) is used for the DNS record. - Run the following two commands on the manager node to get the DNS record. - - ``` - $ source /opt/manager-vars.sh - $ echo "api-${MANAGER_PUBLIC_IP_ADDRESS//./-}.traefik.me" - api-80-158-46-219.traefik.me - ``` - -### Change versions - -1. Go to `/opt/configuration` on `testbed-manager` -2. Run `./scripts/set-openstack-version.sh 2024.2` to set the OpenStack version to `2024.2` -3. Run `./scripts/set-ceph-version.sh reef` to set the Ceph version to `reef` -4. Run `osism update manager` to update the manager service - -### Deploy services - -| Script | Description | -|:------------------------------------------------------------------|:----------------------------| -| `/opt/configuration/scripts/deploy/000-manager.sh` | | -| `/opt/configuration/scripts/deploy/001-helpers.sh` | | -| `/opt/configuration/scripts/deploy/100-ceph-with-ansible.sh` | Ceph with Ansible | -| `/opt/configuration/scripts/deploy/100-ceph-with-rook.sh` | Ceph with Rook | -| `/opt/configuration/scripts/deploy/200-infrastructure.sh` | | -| `/opt/configuration/scripts/deploy/300-openstack.sh` | | -| `/opt/configuration/scripts/deploy/310-openstack-extended.sh` | | -| `/opt/configuration/scripts/deploy/400-monitoring.sh` | | -| `/opt/configuration/scripts/deploy/500-kubernetes.sh` | | -| `/opt/configuration/scripts/deploy/510-clusterapi.sh` | | - -### Upgrade services - -| Script | Description | -|:--------------------------------------------------------------------------|:----------------------------| -| `/opt/configuration/scripts/upgrade/100-ceph-with-ansible.sh` | Ceph with Ansible | -| `/opt/configuration/scripts/upgrade/100-ceph-with-rook.sh` | Ceph with Rook | -| `/opt/configuration/scripts/upgrade/200-infrastructure.sh` | | -| `/opt/configuration/scripts/upgrade/300-openstack.sh` | | -| `/opt/configuration/scripts/upgrade/310-openstack-extended.sh` | | -| `/opt/configuration/scripts/upgrade/400-monitoring.sh` | | -| `/opt/configuration/scripts/upgrade/500-kubernetes.sh` | | -| `/opt/configuration/scripts/upgrade/510-clusterapi.sh` | | - -### Add new OSD in Ceph - -In the testbed, three volumes per node are provided for use by Ceph by default. Two of -these devices are used as OSDs during the initial deployment. The third device is intended -for testing the addition of a further OSD to the Ceph cluster. - -1. Add `sdd` to `ceph_osd_devices` in `/opt/configuration/inventory/host_vars/testbed-node-0/ceph-lvm-configuration.yml`. - The following content is an example, the IDs look different everywhere. Do not copy 1:1 - but only add `sdd` to the file. - -```yaml ---- -# -# This is Ceph LVM configuration for testbed-node-0 -# generated by ceph-configure-lvm-volumes playbook. -# -ceph_osd_devices: - sdb: - osd_lvm_uuid: 95a9a2e0-b23f-55b2-a04f-e02ddfc0e82a - sdc: - osd_lvm_uuid: 29899765-42bf-557b-ae9c-5c7c984b2243 - sdd: -lvm_volumes: -- data: osd-block-95a9a2e0-b23f-55b2-a04f-e02ddfc0e82a - data_vg: ceph-95a9a2e0-b23f-55b2-a04f-e02ddfc0e82a -- data: osd-block-29899765-42bf-557b-ae9c-5c7c984b2243 - data_vg: ceph-29899765-42bf-557b-ae9c-5c7c984b2243 -``` - -2. Run `osism apply ceph-configure-lvm-volumes -l testbed-node-0` - -3. Run `cp /tmp/testbed-node-0-ceph-lvm-configuration.yml /opt/configuration/inventory/host_vars/testbed-node-0/ceph-lvm-configuration.yml`. - -4. Run `osism reconciler sync` - -5. Run `osism apply ceph-create-lvm-devices -l testbed-node-0` - -6. Run `osism apply ceph-osds -l testbed-node-0 -e ceph_handler_osds_restart=false` - -7. Check the OSD tree - - ``` - $ ceph osd tree - ID CLASS WEIGHT TYPE NAME STATUS REWEIGHT PRI-AFF - -1 0.13640 root default - -3 0.05846 host testbed-node-0 - 2 hdd 0.01949 osd.2 up 1.00000 1.00000 - 4 hdd 0.01949 osd.4 up 1.00000 1.00000 - 6 hdd 0.01949 osd.6 up 1.00000 1.00000 - -5 0.03897 host testbed-node-1 - 0 hdd 0.01949 osd.0 up 1.00000 1.00000 - 5 hdd 0.01949 osd.5 up 1.00000 1.00000 - -7 0.03897 host testbed-node-2 - 1 hdd 0.01949 osd.1 up 1.00000 1.00000 - 3 hdd 0.01949 osd.3 up 1.00000 1.00000 - ``` - -### Ceph via Rook (technical preview) - -Please have a look at [Deploy Guide - Services - Rook](guides/deploy-guide/services/ceph/rook.md) and [Configuration Guide - Rook](guides/configuration-guide/ceph/rook.md) for details on how to configure Rook. - -To deploy this in the testbed, you can use an environment variable in your make target. - -``` -make CEPH_STACK=rook manager -make CEPH_STACK=rook ceph -``` - -This will make sure `/opt/manager-vars.sh` gets `CEPH_STACK=rook` set which is later being used by: - -``` -/opt/configuration/scripts/deploy-services.sh -/opt/configuration/scripts/deploy-ceph.sh -/opt/configuration/scripts/upgrade/100-ceph-with-rook.sh -``` - -## Using testbed for OpenStack development - -Testbed may be used for doing development on OpenStack services through [`kolla_dev_mode`](https://docs.openstack.org/kolla-ansible/latest/contributor/kolla-for-openstack-development.html). -`kolla_dev_mode` may be activated for all supported service by adding - -``` -kolla_dev_mode: true -``` - -to `environments/kolla/configuration.yml`. This will check out the `git` repositories of all supported and enabled OpenStack services under `/opt/stack` and bind mount them into the appropriate containers. -Since this will fetch a lot of repositories it is advisable to enable this only selectively for the services you are going to work on. You can do so by adding a boolean variable to `environments/kolla/configuration.yml` consisting of the service name and the suffix `_dev_mode`, e.g.: - -``` -cinder_dev_mode: true -``` - -You may customise the used `git` repository by adding `kolla_repos_git` to `environments/kolla/configuration.yml` to specify a common root for the repositories of all services, which will be completed by the service's name, e.g.: - -``` -kolla_repos_git: "https://github.com/openstack" -``` - -will pull services from their `github` mirror. E.g. pull nova from https://github.com/openstack/nova -The complete repository of a single service may be changed by adding a variable consisting of the service name and the suffix `_git_repository`, e.g. - -``` -cinder_git_repository: "https://github.com/myorg/my_custom_cinder_fork" -``` - -You may Specify the `git` reference globally by setting - -``` -kolla_source_version: my_feature_branch -``` - -in `environments/kolla/configuration.yml` or for specific services via service name and suffix `_source_version`, e.g. - -``` -cinder_source_version: my_cinder_feature -``` - -In order to update the `git` repositories on `kolla-ansible` deployments set either - -``` -kolla_dev_repos_pull: true -``` - -or, e.g. - -``` -cinder_dev_repos_pull: true -``` - -in `environments/kolla/configuration.yml` to set the setting for all repositories or a service specific one. - -Thus, as an example for a development workflow: -* Create a `git` mirror of the OpenStack service you want to work on -* In `environments/kolla/configuration.yml` - * Set the corresponding `_dev_mode` variable to `true` - * Set the corresponding `_git_repository` variable to your development mirror created above - * Set the corresponding `_source_version` variable to a branch name you intend to push your changes to - * Set the corresponding `_dev_repos_pull` variable to `true` -* Commit your changes and push them to the specified branch in the specified mirror -* Run `osism apply ` on the manager to checkout the code on every testbed node -* Restart the service containers to actually pick up the new code - -## Troubleshooting - -### Ansible errors - -Ansible errors that have something to do with undefined variables (e.g. `AnsibleUndefined`) are most likely due to cached -facts that are no longer valid. The facts can be updated by running `osism apply facts`. - -### Unsupported locale setting - -```bash -$ make prepare -ansible-playbook -i localhost, ansible/check-local-versions.yml -ERROR: Ansible could not initialize the preferred locale: unsupported locale setting -make: *** [prepare] Error 1 -``` - -To solve the problem you have to modify the `Makefile`. Change the 1st line as follows. - -```bash -export LC_ALL=en_US.UTF-8 -``` - -To find out the locale used on the system `printenv` can be used. - -```bash -$ printenv | grep -i lang|locale -LANG="en_US.UTF-8" -LC_COLLATE="en_US.UTF-8" -LC_CTYPE="UTF-8" -LC_MESSAGES="en_US.UTF-8" -LC_MONETARY="en_US.UTF-8" -LC_NUMERIC="en_US.UTF-8" -LC_TIME="en_US.UTF-8" -LC_ALL= -``` - -## Appendix - -### Configuration - -This section describes how to configure and customise the OSISM Testbed. - -#### Variables - -The defaults for the OpenTofu variables are intended for [REGIO.cloud](https://regio.digital). - -| Variable | Default | Note | -|:--------------------------|:-------------------------|:-----------------------------------------| -| availability_zone | `nova` | | -| ceph_version | `quincy` | | -| cloud_provider | `regiocloud` | | -| configuration_version | `main` | | -| deploy_monitoring | `false` | | -| dns_nameservers | `["8.8.8.8", "9.9.9.9"]` | | -| enable_config_drive | `true` | | -| external_api | `false` | | -| flavor_manager | `SCS-4V-16-50` | | -| flavor_node | `SCS-8V-32-50` | | -| image | `Ubuntu 22.04` | Only Ubuntu 22.04 is currently supported | -| image_node | `Ubuntu 22.04` | Only Ubuntu 22.04 is currently supported | -| keypair | `testbed` | | -| manager_version | `latest` | | -| network_availability_zone | `nova` | | -| number_of_nodes | `3` | | -| number_of_volumes | `3` | | -| openstack_version | `2023.2` | | -| prefix | `testbed` | | -| public | `external` | | -| refstack | `false` | | -| volume_availability_zone | `nova` | | -| volume_size_base | `30` | | -| volume_size_storage | `10` | | -| volume_type | `__DEFAULT__` | | - -#### Overrides - -| Name | Description | -|:-------------------------------------------|:-----------------| -| `manager_boot_from_image` | | -| `manager_boot_from_volume` | | -| `neutron_availability_zone_hints_network` | | -| `neutron_availability_zone_hints_router` | | -| `neutron_router_enable_snat` | | -| `nodes_boot_from_image` | | -| `nodes_boot_from_volume` | | -| `nodes_use_ephemeral_storage` | | - -#### Customisations - -| Name | Description | -|:----------------------|:-----------------| -| `access_floatingip` | | -| `access_ipv4` | | -| `access_ipv6` | | -| `default` | | -| `external_api` | | -| `neutron_floatingip` | | - - -### Notes - -* The configuration is intentionally kept quite static. Please create no PRs to make the configuration more flexible/dynamic. -* The OSISM documentation uses hostnames, examples, addresses etc. from OSISM Testbed. -* The third volume (`/dev/sdd`) is not enabled for Ceph by default. This is to test the scaling of Ceph. -* The manager is used as pull through cache for Docker images and Ubuntu packages. This reduces the amount of traffic consumed. - -### Supported releases - -The following stable Ceph and OpenStack releases are supported. - -The deployment of Ceph is based on [ceph-ansible](https://docs.ceph.com/ceph-ansible/). - -* Ceph Quincy (**default**) -* Ceph Reef -* Ceph Squid - -The deployment of OpenStack is based on [kolla-ansible](https://docs.openstack.org/kolla-ansible/latest/). - -* OpenStack 2023.1 -* OpenStack 2023.2 -* OpenStack 2024.1 (**default**) - -The deployment of Kubernetes is based on [k3s-ansible](https://github.com/techno-tim/k3s-ansible). - -* Kubernetes v1.30 (**default**) - -### Included services - -The following services can currently be used with the OSISM Testbed without further adjustments. - -#### Infrastructure - -* Ceph -* Cluster API Management Cluster -* Fluentd -* Gnocchi -* Grafana -* Haproxy -* Keepalived -* Kubernetes -* Mariadb -* Memcached -* Netbox -* Netdata -* Opensearch -* Openvswitch -* Prometheus exporters -* Rabbitmq -* Redis - -#### OpenStack - -* Barbican -* Ceilometer -* Cinder -* Designate -* Glance -* Horizon -* Ironic -* Keystone -* Magnum -* Manila -* Neutron -* Nova (with Libvirt/KVM) -* Octavia -* Skyline - -### Makefile reference - -```bash -$ make help - -Usage: - make - help Display this help. - clean Destroy infrastructure with OpenTofu. - wipe-local-install Wipe the software dependencies in `venv`. - create Create required infrastructure with OpenTofu. - login Log in on the manager. - vpn-wireguard Establish a wireguard vpn tunnel. - vpn-sshuttle Establish a sshuttle vpn tunnel. - bootstrap Bootstrap everything. - manager Deploy only the manager service. - identity Deploy only identity services. - ceph Deploy only ceph services. - deploy Deploy everything and then check it. - prepare Run local preperations. - deps Install software preconditions to `venv`. - -$ make -``` - -### CI jobs - -You can inspect the [results of the daily zuul jobs](https://zuul.services.betacloud.xyz/t/osism/builds?project=osism%2Ftestbed&skip=0). diff --git a/docs/testbed/appendix.mdx b/docs/testbed/appendix.mdx new file mode 100644 index 0000000000..5b14f2f41a --- /dev/null +++ b/docs/testbed/appendix.mdx @@ -0,0 +1,164 @@ +--- +sidebar_label: Appendix +sidebar_position: 5 +--- + +# Appendix + +## Configuration + +This section describes how to configure and customise the OSISM Testbed. + +### Variables + +The defaults for the OpenTofu variables are intended for [REGIO.cloud](https://regio.digital). + +| Variable | Default | Note | +|:--------------------------|:-------------------------|:-----------------------------------------| +| availability_zone | `nova` | | +| ceph_version | `quincy` | | +| cloud_provider | `regiocloud` | | +| configuration_version | `main` | | +| deploy_monitoring | `false` | | +| dns_nameservers | `["8.8.8.8", "9.9.9.9"]` | | +| enable_config_drive | `true` | | +| external_api | `false` | | +| flavor_manager | `SCS-4V-16-50` | | +| flavor_node | `SCS-8V-32-50` | | +| image | `Ubuntu 22.04` | Only Ubuntu 22.04 is currently supported | +| image_node | `Ubuntu 22.04` | Only Ubuntu 22.04 is currently supported | +| keypair | `testbed` | | +| manager_version | `latest` | | +| network_availability_zone | `nova` | | +| number_of_nodes | `3` | | +| number_of_volumes | `3` | | +| openstack_version | `2023.2` | | +| prefix | `testbed` | | +| public | `external` | | +| refstack | `false` | | +| volume_availability_zone | `nova` | | +| volume_size_base | `30` | | +| volume_size_storage | `10` | | +| volume_type | `__DEFAULT__` | | + +### Overrides + +| Name | Description | +|:-------------------------------------------|:-----------------| +| `manager_boot_from_image` | | +| `manager_boot_from_volume` | | +| `neutron_availability_zone_hints_network` | | +| `neutron_availability_zone_hints_router` | | +| `neutron_router_enable_snat` | | +| `nodes_boot_from_image` | | +| `nodes_boot_from_volume` | | +| `nodes_use_ephemeral_storage` | | + +### Customisations + +| Name | Description | +|:----------------------|:-----------------| +| `access_floatingip` | | +| `access_ipv4` | | +| `access_ipv6` | | +| `default` | | +| `external_api` | | +| `neutron_floatingip` | | + + +## Notes + +* The configuration is intentionally kept quite static. Please create no PRs to make the configuration more flexible/dynamic. +* The OSISM documentation uses hostnames, examples, addresses etc. from OSISM Testbed. +* The third volume (`/dev/sdd`) is not enabled for Ceph by default. This is to test the scaling of Ceph. +* The manager is used as pull through cache for Docker images and Ubuntu packages. This reduces the amount of traffic consumed. + +## Supported releases + +The following stable Ceph and OpenStack releases are supported. + +The deployment of Ceph is based on [ceph-ansible](https://docs.ceph.com/ceph-ansible/). + +* Ceph Quincy (**default**) +* Ceph Reef +* Ceph Squid + +The deployment of OpenStack is based on [kolla-ansible](https://docs.openstack.org/kolla-ansible/latest/). + +* OpenStack 2023.1 +* OpenStack 2023.2 +* OpenStack 2024.1 (**default**) + +The deployment of Kubernetes is based on [k3s-ansible](https://github.com/techno-tim/k3s-ansible). + +* Kubernetes v1.30 (**default**) + +## Included services + +The following services can currently be used with the OSISM Testbed without further adjustments. + +### Infrastructure + +* Ceph +* Cluster API Management Cluster +* Fluentd +* Gnocchi +* Grafana +* Haproxy +* Keepalived +* Kubernetes +* Mariadb +* Memcached +* Netbox +* Netdata +* Opensearch +* Openvswitch +* Prometheus exporters +* Rabbitmq +* Redis + +### OpenStack + +* Barbican +* Ceilometer +* Cinder +* Designate +* Glance +* Horizon +* Ironic +* Keystone +* Magnum +* Manila +* Neutron +* Nova (with Libvirt/KVM) +* Octavia +* Skyline + +## Makefile reference + +```bash +$ make help + +Usage: + make + help Display this help. + clean Destroy infrastructure with OpenTofu. + wipe-local-install Wipe the software dependencies in `venv`. + create Create required infrastructure with OpenTofu. + login Log in on the manager. + vpn-wireguard Establish a wireguard vpn tunnel. + vpn-sshuttle Establish a sshuttle vpn tunnel. + bootstrap Bootstrap everything. + manager Deploy only the manager service. + identity Deploy only identity services. + ceph Deploy only ceph services. + deploy Deploy everything and then check it. + prepare Run local preperations. + deps Install software preconditions to `venv`. + +$ make +``` + +## CI jobs + +You can inspect the [results of the daily zuul jobs](https://zuul.services.betacloud.xyz/t/osism/builds?project=osism%2Ftestbed&skip=0). \ No newline at end of file diff --git a/docs/testbed/deployment.mdx b/docs/testbed/deployment.mdx new file mode 100644 index 0000000000..8e5a5d62f2 --- /dev/null +++ b/docs/testbed/deployment.mdx @@ -0,0 +1,239 @@ +--- +sidebar_label: Deployement +sidebar_position: 2 +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +# Deployment + +This section describes step by step how to deploy the OSISM Testbed. + +## Initializing + +1. Request access from the administrator of the respective cloud or get access to an OpenStack cloud. + +2. Clone the [osism/testbed](https://github.com/osism/testbed) repository. + + The repository can also be cloned to any other location. + + ```bash + mkdir -p ~/src/github.com/osism + git clone https://github.com/osism/testbed ~/src/github.com/osism/testbed + cd ~/src/github.com/osism/testbed + ``` + +3. Configure your cloud access profile + + The access data for the cloud provider used is stored in `terraform/clouds.yaml` and (optionally) in `terraform/secure.yaml` (same structure, if you want to store credentials in a separate place). + + In file [terraform/clouds.yaml.sample](https://github.com/osism/testbed/blob/main/terraform/clouds.yaml.sample) you will find examples of typical setups. Settings that are identical for all users of a cloud can be defined centrally via the profiles of the file [terraform/clouds-public.yaml](https://github.com/osism/testbed/blob/main/terraform/clouds-public.yaml). You can reference these settings by using the `profile` parameter in the cloud-specific definition in `terraform/clouds.yaml`. + + The user-specific settings of the `clouds.yaml` file are provided by the cloud provider. Please check the + documentation of the cloud provider you are using or their support for details. + + [REGIO.cloud](https://regio.digital) is used as an example here. The cloud name in `clouds.yaml` + and the environment name (value of `ENVIRONMENT`) are `regiocloud` in this case. It is important that + the name of the cloud in `clouds.yaml` matches the name of the environment to be used. The names must + be identical. It is currently not possible to name the cloud `regiocloud-123` in `clouds.yaml` if the + environment is `regiocloud`. + + If another cloud is used, replace `regiocloud` with the respective profile name [from the table above](#cloud-access). + + + + The use of application credentials is preferred. This way it is not necessary to store + details like username, project name or sensitive information like the password in the + `clouds.yaml` file. + + The application credentials can be found in Horizon under **Identity**. Use `OSISM Testbed` as + name and click `Create Application Credential`. + + ```yaml title="terraform/clouds.yaml" + clouds: + regiocloud: + profile: regiocloud + auth: + application_credential_id: ID + application_credential_secret: SECRET + auth_type: "v3applicationcredential" + ``` + + If you want to make use of `terraform/secure.yaml` add your application credential secret there + instead of `terraform/clouds.yaml`. + + ```yaml title="terraform/secure.yaml" + clouds: + regiocloud: + auth: + application_credential_secret: SECRET + ``` + + + + + ```yaml title="terraform/clouds.yaml" + clouds: + regiocloud: + profile: regiocloud + auth: + project_name: PROJECT + username: USERNAME + project_domain_name: DOMAIN + user_domain_name: DOMAIN + ``` + + If you want to make use of `terraform/secure.yaml` add your password there instead of `terraform/clouds.yaml`. + + ```yaml title="terraform/secure.yaml" + clouds: + regiocloud: + auth: + password: PASSWORD + ``` + + + + +4. Prepare for the deployment. + + The versions of Ansible and [OpenTofu](https://opentofu.org) are managed + automatically, and necessary dependencies are cloned. + + ```bash + make prepare + ``` + + :::tip + + If any error occurs during preparation, and you want to run the preparation + again, it is important to run `make wipe-local-install` first. Otherwise, the + preparation will not be redone completely, and necessary parts will be missing + later on. + + ::: + +## Start deployement + +1. Create the infrastructure with OpenTofu. + + ```bash + make ENVIRONMENT=regiocloud create + ``` + +2. Deploy the OSISM manager and bootstrap all nodes. + + + + ```bash + make ENVIRONMENT=regiocloud manager + ``` + + + ```bash + make ENVIRONMENT=regiocloud VERSION_MANAGER=8.0.1 manager + ``` + + + Replace the version with the version you prefer. + Check the [OSISM release notes](https://osism.tech/docs/release-notes/) + to find out what's available. + +3. After the bootstrap, you can log in to the manager via SSH. + + ```bash + make ENVIRONMENT=regiocloud login + ``` + + Yo can log in to the nodes of the cluster via the manager. + + ```bash + osism console testbed-node-0 + ``` + +4. Deploy all services. + + + + It is also possible to deploy the services step by step on the + manager. To do this, first log in to the manager with `make ENVIRONMENT=regiocloud login` + and then execute the deployment scripts one after the other. It is recommended to do this + within a screen session. + + Deploying the services takes some time and depends on how much bandwidth is available, + how the instances are equipped, etc. 90–120 minutes is not unusual when Ceph and OpenStack + are fully deployed. + + To speed up the Ansible playbooks, [ARA](https://ara.recordsansible.org) can be disabled. This + is done by executing `/opt/configuration/scripts/disable-ara.sh`. Run this script **before** the deployment scripts. + Afterwards, no more logs are available in the ARA web + interface. To re-enable ARA use `/opt/configuration/scripts/enable-ara.sh`. + + There is also the option of pre-population of images with `/opt/configuration/scripts/pull-images.sh` + so that deployments do not have to be lengthy. Run this script **before** the deployment scripts. + + ```bash + /opt/configuration/scripts/deploy/001-helpers.sh + /opt/configuration/scripts/deploy/100-ceph-with-ansible.sh + /opt/configuration/scripts/deploy/200-infrastructure.sh + /opt/configuration/scripts/deploy/300-openstack.sh + /opt/configuration/scripts/deploy/400-monitoring.sh + /opt/configuration/scripts/deploy/500-kubernetes.sh + ``` + + Prepare OpenStack resources like public network, flavors and images by running + `/opt/configuration/scripts/bootstrap.sh`. Run this script **after** the deployment scripts. + + :::info + + If you only want to deploy the monitoring services with `/opt/configuration/scripts/deploy/400-monitoring.sh`, + a few dependencies must be deployed first. You can then use the monitoring services without having to install a + complete OpenStack & Ceph environment. + + ```bash + osism apply common + osism apply loadbalancer + osism apply opensearch + osism apply mariadb + ``` + + ::: + + + In this single-step deployment, Ceph, OpenStack and all necessary + infrastructure services (MariaDB, RabbitMQ, ...) are deployed. + Depending on the cloud, the deployment will take some time. Up to two hours is not unusual. + + ```bash + make ENVIRONMENT=regiocloud deploy + ``` + + + +## Verify and adjust deployment + +1. If you want to verify the deployment with [refstack](https://opendev.org/openinfra/refstack) run + `/opt/configuration/scripts/check.sh`. This step will take some time and is optional. + +2. The machine images required for the use of Kubernetes Cluster API and the amphora driver of OpenStack Octavia + service are not provided by default to save resources on the OSISM Testbed and improve deployment time. + These can be provisioned if required. + + ```bash + /opt/configuration/scripts/bootstrap/301-openstack-octavia-amhpora-image.sh + /opt/configuration/scripts/bootstrap/302-openstack-k8s-clusterapi-images.sh + ``` + +3. If you want, you can create a test project with a test user after login. It also + creates an instance with a volume attached to a network with a router. This step is optional. + + ```bash + osism apply --environment openstack test + ``` + +4. When the OSISM Testbed is no longer needed, it can be deleted. + + ```bash + make ENVIRONMENT=regiocloud clean + ``` \ No newline at end of file diff --git a/docs/testbed/index.md b/docs/testbed/index.md new file mode 100644 index 0000000000..ac9843b568 --- /dev/null +++ b/docs/testbed/index.md @@ -0,0 +1,24 @@ +--- +sidebar_label: Testbed +sidebar_position: 80 +--- + +# Testbed + +With the OSISM Testbed, it is possible to run a full Sovereign Cloud Stack +deployment on an existing OpenStack environment such as Cleura or [REGIO.cloud](https://regio.digital). + +OSISM is the reference implementation for the Infrastructure as a Service (IaaS) layer in the +[Sovereign Cloud Stack](https://www.sovereigncloudstack.org) (SCS) project. The OSISM Testbed is therefore +used in the SCS project to test and work on the Infrastructure as a Service layer. + +To get started with Testbed we first need to [prepare our environment](prerequisites.mdx). + +:::info + +The OSISM Testbed is intended as a playground. Further services and integration will +be added over time. An increasing number of best practices and experiences from the productive +deployments will be included here in the future. It will become more production-like +over time. However, at no point does it claim to represent a production setup exactly. + +::: \ No newline at end of file diff --git a/docs/testbed/prerequisites.mdx b/docs/testbed/prerequisites.mdx new file mode 100644 index 0000000000..dd64fb726c --- /dev/null +++ b/docs/testbed/prerequisites.mdx @@ -0,0 +1,73 @@ +--- +sidebar_label: Getting started +sidebar_position: 1 +--- + +# Prerequisites + +## Cloud access + +The usual prerequisite is to have an account on one of the supported OpenStack cloud providers. +As the OSISM Testbed also virtualizes systems itself, the OpenStack cluster should provide +the capabilities for nested virtualization. + +It is not part of this guide to describe the registration with the individual cloud +providers. Please contact the respective cloud provider for this. + +| Provider | Product | Profile name | Note | +|:----------------|:--------------------|:-----------------|:-----------------------------------| +| OSISM | REGIO.cloud | `regiocloud` | | +| OSISM | REGIO.cloud | `regio-fast` | boot from NVMe SSD backed volumes | +| Cleura | Cleura | `cleura` | | +| FUGA | Fuga Cloud | `fuga` | | +| HuaweiCloud | HuaweiCloud | `huaweicloud` | | +| OVH | OVH | `ovh` | | +| T-Systems | OpenTelekomCloud | `otc` | | +| plusserver | pluscloud open | `pluscloudopen` | | +| plusserver | pluscloud SCS Test | `gx-scs` | | +| noris network | Wavestack | `wavestack` | | +| artcodix | CNDS Cloud | `artcodix` | | + +For each cloud provider listed in the table, a predefined profile is available in the +`terraform/environments` directory. This profile contains the name of the public +network, which flavors to use, etc. + +Here is an example from the profile for [REGIO.cloud](https://regio.digital). + +```text +flavor_manager = "SCS-4V-16-50" +flavor_node = "SCS-8V-32-50" +volume_type = "ssd" +image = "Ubuntu 22.04" +image_node = "Ubuntu 22.04" +public = "public" +availability_zone = "nova" +volume_availability_zone = "nova" +network_availability_zone = "nova" +``` + +## Cloud resources + +The OSISM Testbed requires at least the following project quota when using the default flavors: + +| Resource | Quantity | Note | +|:----------------------|:----------|:----------------------------------------------| +| Instances | 7 | 52 VCPUs + 208 GByte RAM (6 modes, 1 manager) | +| Volumes | 18 | 360 GByte volume storage | +| Floating IP | 1 | | +| Keypair | 1 | | +| Security group | 3 | | +| Security group rules | 16 | | +| Network | 1 | | +| Subnetwork | 1 | | +| Ports | 6 | | +| Router | 1 | | + +## Software + +* `make` must be installed on the system +* [Wireguard](https://wireguard.com) or [`sshuttle`](https://github.com/sshuttle/sshuttle) must be installed on your system for VPN access +* Python must be installed, the Python version used must be at least 3.10, otherwise + the current Ansible release cannot be used (more details in the + [Ansible support matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix)) +* `python3-venv` must be installed for managing Python dependencies like Ansible \ No newline at end of file diff --git a/docs/testbed/troubleshooting.mdx b/docs/testbed/troubleshooting.mdx new file mode 100644 index 0000000000..02dcec2222 --- /dev/null +++ b/docs/testbed/troubleshooting.mdx @@ -0,0 +1,70 @@ +--- +sidebar_label: Troubleshooting +sidebar_position: 4 +--- + +# Troubleshooting + +## Ansible errors + +Ansible errors that have something to do with undefined variables (e.g. `AnsibleUndefined`) are most likely due to cached facts that are no longer valid. The facts can be updated by running `osism apply facts`. + +## Unsupported locale setting + +```bash +$ make prepare +ansible-playbook -i localhost, ansible/check-local-versions.yml +ERROR: Ansible could not initialize the preferred locale: unsupported locale setting +make: *** [prepare] Error 1 +``` + +To solve the problem you have to modify the `Makefile`. Change the 1st line as follows. + +```bash +export LC_ALL=en_US.UTF-8 +``` + +To find out the locale used on the system `printenv` can be used. + +```bash +$ printenv | grep -i lang|locale +LANG="en_US.UTF-8" +LC_COLLATE="en_US.UTF-8" +LC_CTYPE="UTF-8" +LC_MESSAGES="en_US.UTF-8" +LC_MONETARY="en_US.UTF-8" +LC_NUMERIC="en_US.UTF-8" +LC_TIME="en_US.UTF-8" +LC_ALL= +``` + +## Static entries in `/etc/hosts` + +If you are unable to access the following domains, you can customize your local `/etc/hosts` +with the following static entries. This may be necessary, for example, if you use Pi-hole and +all DNS entries from a public DNS with a non-public IP address are filtered. + +```bash +# OSISM Testbed hosts +192.168.16.5 ara.testbed.osism.xyz ara +192.168.16.5 cgit.testbed.osism.xyz cgit +192.168.16.5 flower.testbed.osism.xyz flower +192.168.16.5 homer.testbed.osism.xyz homer +192.168.16.5 netbox.testbed.osism.xyz netbox +192.168.16.5 testbed-manager.testbed.osism.xyz testbed-manager +192.168.16.5 nexus.testbed.osism.xyz nexus +192.168.16.5 phpmyadmin.testbed.osism.xyz phpmyadmin +192.168.16.9 api-int.testbed.osism.xyz api-int +192.168.16.10 testbed-node-0.testbed.osism.xyz testbed-node-0 +192.168.16.11 testbed-node-1.testbed.osism.xyz testbed-node-1 +192.168.16.12 testbed-node-2.testbed.osism.xyz testbed-node-2 +192.168.16.13 testbed-node-3.testbed.osism.xyz testbed-node-3 +192.168.16.14 testbed-node-4.testbed.osism.xyz testbed-node-4 +192.168.16.15 testbed-node-5.testbed.osism.xyz testbed-node-5 +192.168.16.16 testbed-node-6.testbed.osism.xyz testbed-node-6 +192.168.16.17 testbed-node-7.testbed.osism.xyz testbed-node-7 +192.168.16.18 testbed-node-8.testbed.osism.xyz testbed-node-8 +192.168.16.19 testbed-node-9.testbed.osism.xyz testbed-node-9 +192.168.16.100 keycloak.testbed.osism.xyz keycloak +192.168.16.254 api.testbed.osism.xyz api +``` \ No newline at end of file diff --git a/docs/testbed/usage.mdx b/docs/testbed/usage.mdx new file mode 100644 index 0000000000..b4a3601871 --- /dev/null +++ b/docs/testbed/usage.mdx @@ -0,0 +1,305 @@ +--- +sidebar_label: Usage +sidebar_position: 3 +--- + +# Usage + +Deployment must be completed at this point. + +## Custom CA + +The OSISM Testbed deployment currently uses hostnames in the domain `testbed.osism.xyz`. This is a real domain, and we provide the DNS records matching the addresses used in the OSISM Testbed, so that once you connect to your testbed via a direct link or Wireguard, you can access hosts and servers by their hostname (e.g. `ssh testbed-manager.testbed.osism.xyz`). + +We also provide a wildcard TLS certificate signed by a custom CA for `testbed.osism.xyz` and `*.testbed.osism.xyz`. +This CA is always used for each testbed. The CA is not regenerated, and it is not planned to change this for the next 10 years. + +In order for these certificates to be recognized locally as valid, the CA +[environments/kolla/certificates/ca/testbed.crt](https://raw.githubusercontent.com/osism/testbed/main/environments/kolla/certificates/ca/testbed.crt) +must be imported locally. + +## VPN access + +You can connect to [REGIO.cloud](https://regio.digital) either by using Wireguard, or sshuttle. + +### Wireguard + +Install [Wireguard](https://www.wireguard.com) on your workstation. For instructions on how to do +it on your workstation, please have a look at the documentation of your used distribution. + +Start the wireguard tunnel. (Press `CTRL+C` to keep the tunnel running forever. The `make target` also launches a browser tab with references to all services.) + +```bash +make vpn-wireguard ENVIRONMENT=regiocloud +``` + +If you want to connect to the OSISM Testbed from multiple clients, change the client IP +address in the downloaded configuration file to be different on each client. + +If you only want to download the Wireguard configuration, you can use the `vpn-wireguard-config` +target. The configuration is then available in the file `wg-testbed-regiocloud.conf`, for example. + +```bash +make vpn-wireguard-config ENVIRONMENT=regiocloud +``` + +### sshuttle + +Install [sshuttle](https://github.com/sshuttle/sshuttle) on your workstation, then start the sshuttle tunnel. + +```bash +make vpn-sshuttle ENVIRONMENT=regiocloud +killall sshuttle +``` + +## Webinterfaces + +All SSL-enabled services within the OSISM Testbed use certs which are signed by the self-signed +[OSISM Testbed CA](https://raw.githubusercontent.com/osism/testbed/main/environments/kolla/certificates/ca/testbed.crt) +(Download the file and import it as certification authority to your browser). + +If you want to access the services, please choose the URL from the following table: + +| Name | URL | Username | Password | Note | +|:-------------------------|:-----------------------------------------------|:-------------|:-------------|:----------------| +| ARA | https://ara.testbed.osism.xyz | ara | password | | +| Ceph | https://api-int.testbed.osism.xyz:8140 | admin | password | | +| Flower | https://flower.testbed.osism.xyz | | | | +| Grafana | https://api-int.testbed.osism.xyz:3000 | admin | password | | +| HAProxy (testbed-node-0) | http://testbed-node-0.testbed.osism.xyz:1984 | openstack | password | | +| HAProxy (testbed-node-1) | http://testbed-node-1.testbed.osism.xyz:1984 | openstack | password | | +| HAProxy (testbed-node-2) | http://testbed-node-2.testbed.osism.xyz:1984 | openstack | password | | +| Homer | https://homer.testbed.osism.xyz | | | | +| Horizon (via Keystone) | https://api.testbed.osism.xyz | admin | password | domain: default | +| Horizon (via Keystone) | https://api.testbed.osism.xyz | test | test | domain: test | +| Netbox | https://netbox.testbed.osism.xyz | admin | password | | +| Netdata | http://testbed-manager.testbed.osism.xyz:19999 | | | | +| Nexus | https://nexus.testbed.osism.xyz | admin | password | | +| OpenSearch Dashboards | https://api.testbed.osism.xyz:5601 | opensearch | password | | +| Prometheus | https://api-int.testbed.osism.xyz:9091 | admin | password | | +| RabbitMQ | https://api-int.testbed.osism.xyz:15672 | openstack | password | | +| phpMyAdmin | https://phpmyadmin.testbed.osism.xyz | root | password | | + +### Usage of the OpenStack CLI + +The `environments/openstack` folder contains the needed files for the openstack client: + +```bash +cd environments/openstack +export OS_CLOUD= # i.e. admin +openstack floating ip list +``` + +## Advanced Usage + +### External API + +It is possible to provide the OpenStack APIs and the OpenStack Dashboard via the manager's public IP address. +This is not enabled by default, except for the OTC profile. To provide the OpenStack APIs and the +OpenStack dashboard via the public IP address of the manager, the following changes are necessary in the +`terraform/environments/regiocloud.tfvars` file. If a cloud other than the REGIO.cloud is used, the profile +of the other cloud is changed accordingly. + +1. Add the customization `external_api`. This customization makes sure that the required security group rules + are created for the various OpenStack APIs and the OpenStack dashboard. + + ``` + # customisation:external_api + ``` + +2. Set parameter `external_api` to `true`. This makes sure that all necessary changes are made in the configuration repository when the manager service is deployed. It is correct that this is added as a comment. + + ``` + external_api = true + ``` + +3. After the deployment of the manager service and the OpenStack services, the OpenStack APIs and the OpenStack dashboard can be reached via a DNS name. The service [traefik.me](https://traefik.me) is used for the DNS record. Run the following two commands on the manager node to get the DNS record. + + ``` + $ source /opt/manager-vars.sh + $ echo "api-${MANAGER_PUBLIC_IP_ADDRESS//./-}.traefik.me" + api-80-158-46-219.traefik.me + ``` + +### Change versions + +1. Go to `/opt/configuration` on `testbed-manager` +2. Run `./scripts/set-openstack-version.sh 2024.2` to set the OpenStack version to `2024.2` +3. Run `./scripts/set-ceph-version.sh reef` to set the Ceph version to `reef` +4. Run `osism update manager` to update the manager service + +### Deploy services + +| Script | Description | +|:------------------------------------------------------------------|:----------------------------| +| `/opt/configuration/scripts/deploy/000-manager.sh` | | +| `/opt/configuration/scripts/deploy/001-helpers.sh` | | +| `/opt/configuration/scripts/deploy/100-ceph-with-ansible.sh` | Ceph with Ansible | +| `/opt/configuration/scripts/deploy/100-ceph-with-rook.sh` | Ceph with Rook | +| `/opt/configuration/scripts/deploy/200-infrastructure.sh` | | +| `/opt/configuration/scripts/deploy/300-openstack.sh` | | +| `/opt/configuration/scripts/deploy/310-openstack-extended.sh` | | +| `/opt/configuration/scripts/deploy/400-monitoring.sh` | | +| `/opt/configuration/scripts/deploy/500-kubernetes.sh` | | +| `/opt/configuration/scripts/deploy/510-clusterapi.sh` | | + +### Upgrade services + +| Script | Description | +|:--------------------------------------------------------------------------|:----------------------------| +| `/opt/configuration/scripts/upgrade/100-ceph-with-ansible.sh` | Ceph with Ansible | +| `/opt/configuration/scripts/upgrade/100-ceph-with-rook.sh` | Ceph with Rook | +| `/opt/configuration/scripts/upgrade/200-infrastructure.sh` | | +| `/opt/configuration/scripts/upgrade/300-openstack.sh` | | +| `/opt/configuration/scripts/upgrade/310-openstack-extended.sh` | | +| `/opt/configuration/scripts/upgrade/400-monitoring.sh` | | +| `/opt/configuration/scripts/upgrade/500-kubernetes.sh` | | +| `/opt/configuration/scripts/upgrade/510-clusterapi.sh` | | + +### Add new OSD in Ceph + +In the testbed, three volumes per node are provided for use by Ceph by default. Two of +these devices are used as OSDs during the initial deployment. The third device is intended +for testing the addition of a further OSD to the Ceph cluster. + +1. Add `sdd` to `ceph_osd_devices` in `/opt/configuration/inventory/host_vars/testbed-node-0/ceph-lvm-configuration.yml`. + +:::info + +The following content is an example, the IDs look different everywhere. Do not copy 1:1 but only add `sdd` to the file. + +::: + +```yaml +--- +# +# This is Ceph LVM configuration for testbed-node-0 +# generated by ceph-configure-lvm-volumes playbook. +# +ceph_osd_devices: + sdb: + osd_lvm_uuid: 95a9a2e0-b23f-55b2-a04f-e02ddfc0e82a + sdc: + osd_lvm_uuid: 29899765-42bf-557b-ae9c-5c7c984b2243 + sdd: +lvm_volumes: +- data: osd-block-95a9a2e0-b23f-55b2-a04f-e02ddfc0e82a + data_vg: ceph-95a9a2e0-b23f-55b2-a04f-e02ddfc0e82a +- data: osd-block-29899765-42bf-557b-ae9c-5c7c984b2243 + data_vg: ceph-29899765-42bf-557b-ae9c-5c7c984b2243 +``` + +2. Run `osism apply ceph-configure-lvm-volumes -l testbed-node-0` + +3. Run `cp /tmp/testbed-node-0-ceph-lvm-configuration.yml /opt/configuration/inventory/host_vars/testbed-node-0/ceph-lvm-configuration.yml`. + +4. Run `osism reconciler sync` + +5. Run `osism apply ceph-create-lvm-devices -l testbed-node-0` + +6. Run `osism apply ceph-osds -l testbed-node-0 -e ceph_handler_osds_restart=false` + +7. Check the OSD tree + + ``` + $ ceph osd tree + ID CLASS WEIGHT TYPE NAME STATUS REWEIGHT PRI-AFF + -1 0.13640 root default + -3 0.05846 host testbed-node-0 + 2 hdd 0.01949 osd.2 up 1.00000 1.00000 + 4 hdd 0.01949 osd.4 up 1.00000 1.00000 + 6 hdd 0.01949 osd.6 up 1.00000 1.00000 + -5 0.03897 host testbed-node-1 + 0 hdd 0.01949 osd.0 up 1.00000 1.00000 + 5 hdd 0.01949 osd.5 up 1.00000 1.00000 + -7 0.03897 host testbed-node-2 + 1 hdd 0.01949 osd.1 up 1.00000 1.00000 + 3 hdd 0.01949 osd.3 up 1.00000 1.00000 + ``` + +### Ceph via Rook (technical preview) + +Please have a look at [Deploy Guide - Services - Rook](guides/deploy-guide/services/ceph/rook.md) and [Configuration Guide - Rook](guides/configuration-guide/ceph/rook.md) for details on how to configure Rook. + +To deploy this in the testbed, you can use an environment variable in your make target. + +``` +make CEPH_STACK=rook manager +make CEPH_STACK=rook ceph +``` + +This will make sure `/opt/manager-vars.sh` gets `CEPH_STACK=rook` set which is later being used by: + +``` +/opt/configuration/scripts/deploy-services.sh +/opt/configuration/scripts/deploy-ceph.sh +/opt/configuration/scripts/upgrade/100-ceph-with-rook.sh +``` + +## Using testbed for OpenStack development + +Testbed may be used for doing development on OpenStack services through [`kolla_dev_mode`](https://docs.openstack.org/kolla-ansible/latest/contributor/kolla-for-openstack-development.html). +`kolla_dev_mode` may be activated for all supported service by adding + +``` +kolla_dev_mode: true +``` + +to `environments/kolla/configuration.yml`. This will check out the `git` repositories of all supported and enabled OpenStack services under `/opt/stack`, and bind mount them into the appropriate containers. +Since this will fetch a lot of repositories it is advisable to enable this only selectively for the services you are going to work on. You can do so by adding a boolean variable to `environments/kolla/configuration.yml` consisting of the service name and the suffix `_dev_mode`, e.g.: + +``` +cinder_dev_mode: true +``` + +You may customise the used `git` repository by adding `kolla_repos_git` to `environments/kolla/configuration.yml` to specify a common root for the repositories of all services, which will be completed by the service's name, e.g.: + +``` +kolla_repos_git: "https://github.com/openstack" +``` + +This will pull services from their `github` mirror. E.g. pull nova from https://github.com/openstack/nova +The complete repository of a single service may be changed by adding a variable consisting of the service name and the suffix `_git_repository`, e.g.: + +``` +cinder_git_repository: "https://github.com/myorg/my_custom_cinder_fork" +``` + +You may specify the `git` reference globally by setting + +``` +kolla_source_version: my_feature_branch +``` + +in `environments/kolla/configuration.yml`, or for specific services, via service name and suffix `_source_version`, e.g.: + +``` +cinder_source_version: my_cinder_feature +``` + +In order to update the `git` repositories on `kolla-ansible` deployments set either + +``` +kolla_dev_repos_pull: true +``` + +or + +``` +cinder_dev_repos_pull: true +``` + +in `environments/kolla/configuration.yml` to set the setting for all repositories, or a service specific one. + +### Example workflow + +Thus, as an example for a development workflow: +* Create a `git` mirror of the OpenStack service you want to work on +* In `environments/kolla/configuration.yml`: + * Set the corresponding `_dev_mode` variable to `true` + * Set the corresponding `_git_repository` variable to your development mirror created above + * Set the corresponding `_source_version` variable to a branch name you intend to push your changes to + * Set the corresponding `_dev_repos_pull` variable to `true` +* Commit your changes and push them to the specified branch in the specified mirror +* Run `osism apply ` on the manager to checkout the code on every testbed node +* Restart the service containers to actually pick up the new code \ No newline at end of file