Date post: | 07-Aug-2015 |
Category: |
Technology |
Upload: | colleenmurphy |
View: | 149 times |
Download: | 0 times |
Developing OpenStack Tooling
...without PythonColleen Murphy, HP
The problem
We need to manage OpenStack resources with puppet
Lightning intro to puppet
● resource - something being managed on a system
● type - the interface of the resource● provider - the backend implementation of the
resource
Example: file
file { '/root/example':
ensure => present,
content => 'A file resource managed by puppet',
mode => '0644',
}
Example: mysql_database
mysql_database { 'keystone':
ensure => present,
charset => 'utf8',
collate => 'utf8_general_ci',
}
Example: mysql_database# puppet apply mysql.pp --debug
Debug: Prefetching mysql resources for mysql_database
Debug: Executing '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf
-NBe show databases'
Debug: Executing '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf
-NBe create database if not exists `keystone` character set `utf8`
collate `utf8_general_ci`'
Notice: /Stage[main]/Main/Mysql_database[keystone]/ensure: created
#
Example: keystone_tenant
keystone_tenant { 'services':
ensure => present,
description => 'The services tenant',
enabled => true,
}
Requirements
● features● restrictions
We’re not alone
● terraform● other config mgmt
○ chef○ salt○ ansible
● internal ops tools
Stage 1
Shelling out to the CLIcommands :keystone => "keystone"
def self.auth_keystone(*args)
authenv = {:OS_SERVICE_TOKEN => admin_token}
withenv authenv do
remove_warnings(keystone('--os-endpoint', admin_endpoint, args))
end
end
results = auth_keystone('tenant-create', '--name', resource[:name],
'--enabled', resource[:
enabled])
Shelling out to the CLI# puppet apply keystone.pp --debug
Debug: Prefetching keystone resources for keystone_tenant
Debug: Executing '/usr/local/bin/keystone --os-endpoint http://127.
0.0.1:35357/v2.0/ tenant-list'
Debug: Executing '/usr/local/bin/keystone --os-endpoint http://127.
0.0.1:35357/v2.0/ tenant-create --name services --enabled True --
description The services tenant'
Notice: /Stage[main]/Main/Keystone_tenant[services]/ensure: created
#
What was good
● Idiomatic● Debuggable
What was bad
● Instability● Duplicated code
Why we switched
Instability
Stage 2
curl?curl -H 'Content-Type: application/json' -X POST -d '{
"auth": {
"tenantName": "admin",
"passwordCredentials": {
"username": "admin",
"password": "passw0rd"
}
}
}' http://127.0.0.1:35357/v2.0/tokens
curl - Update a project (v2)curl -H 'X-Auth-Token: 8bc163' -H 'Content-Type: application/json' \
-X POST -d '{
"tenant": {
"description": "new description",
"enabled": true
}
}' http://localhost:35357/v2.0/tenants/28551b
curl - Update a network (v2)curl -H 'X-Auth-Token: 5a072f' -H 'Content-Type: application/json' \
-X PUT -d '{
"network": {
"admin_state_up": true
}
}' http://127.0.0.1:9696/v2.0/networks/ff9cc0
curl - Update an image (v1)
curl -H 'X-Auth-Token: c23ea2d' \
-H 'x-image-meta-disk_format: vhd' \
-X PUT http://localhost:9292/v1/images/7d863c
curl - Update an image (v2)
curl -H 'X-Auth-Token: 7ac5c8' \
-H 'Content-Type:
application/openstack-images-v2.1-json-patch' \
-d '[{
"path": "/disk_format", "value": "vhd", "op": "replace"
}]' \
-X PATCH http://127.0.0.1:9292/v2/images/40de3a
curl?
Let’s not reinvent a framework
An SDK?
“A set of language bindings that provide a language-level API for accessing OpenStack in a manner consistent with language standards.” https://wiki.openstack.org/wiki/SDKs
An SDK?
“Currently, OpenStack's user stories for both command-line and application developer consumers of OpenStack based clouds is confusing, fractured, and inconsistent.”https://wiki.openstack.org/wiki/SDK-Development/PythonOpenStackSDK
fog?
● too big, too general-purpose
aviator
session = ::Aviator::Session.new(:config => configuration)
session.authenticate
response = session.request(:identity,
:create_tenant, options) do |params|
params.name = resource[:name]
params.enabled = resource[:enabled]
params.description = resource[:description]
end
What was good
● OpenStack-focused● responsive maintainer
What was bad
● session management● vendoring the gem● question of sustainability
Why we switched
keystone v3
Stage 3
OpenStackClient (...another CLI)# puppet apply keystone.pp --debug
Debug: Executing '/usr/local/bin/openstack project list --quiet
--format csv --long --os-token sosp-kyl --os-url http://127.
0.0.1:35357/v2.0/'
Debug: Executing '/usr/local/bin/openstack project create --
format shell services --enable --description The services tenant
--os-url http://127.0.0.1:35357/v2.0/'
Notice: /Stage[main]/Main/Keystone_tenant[services]/ensure:
created
#
What was good
● keystone v3 support● distro packages● well-supported● consistency across modules
What was bad
● laggy support from distros● stability is ?
Status
Incomplete