Deployment
This section describes step by step how to deploy the OSISM Testbed.
Initializing
-
Request access from the administrator of the respective cloud or get access to an OpenStack cloud.
-
Clone the osism/testbed repository.
The repository can also be cloned to any other location.
mkdir -p ~/src/github.com/osism
git clone https://github.com/osism/testbed ~/src/github.com/osism/testbed
cd ~/src/github.com/osism/testbed -
Configure your cloud access profile
The access data for the cloud provider used is stored in
terraform/clouds.yaml
and (optionally) interraform/secure.yaml
(same structure, if you want to store credentials in a separate place).In file terraform/clouds.yaml.sample you will find examples of typical setups. Settings that are identical for all users of a cloud can be defined centrally via the profiles of the file terraform/clouds-public.yaml. You can reference these settings by using the
profile
parameter in the cloud-specific definition interraform/clouds.yaml
.The user-specific settings of the
clouds.yaml
file are provided by the cloud provider. Please check the documentation of the cloud provider you are using or their support for details.REGIO.cloud is used as an example here. The cloud name in
clouds.yaml
and the environment name (value ofENVIRONMENT
) areregiocloud
in this case. It is important that the name of the cloud inclouds.yaml
matches the name of the environment to be used. The names must be identical. It is currently not possible to name the cloudregiocloud-123
inclouds.yaml
if the environment isregiocloud
.If another cloud is used, replace
regiocloud
with the respective profile name from the table above.- Application Credentials
- Username/Password
The use of application credentials is preferred. This way it is not necessary to store details like username, project name or sensitive information like the password in the
clouds.yaml
file.The application credentials can be found in Horizon under Identity. Use
OSISM Testbed
as name and clickCreate Application Credential
.terraform/clouds.yamlclouds:
regiocloud:
profile: regiocloud
auth:
application_credential_id: ID
application_credential_secret: SECRET
auth_type: "v3applicationcredential"If you want to make use of
terraform/secure.yaml
add your application credential secret there instead ofterraform/clouds.yaml
.terraform/secure.yamlclouds:
regiocloud:
auth:
application_credential_secret: SECRETterraform/clouds.yamlclouds:
regiocloud:
profile: regiocloud
auth:
project_name: PROJECT
username: USERNAME
project_domain_name: DOMAIN
user_domain_name: DOMAINIf you want to make use of
terraform/secure.yaml
add your password there instead ofterraform/clouds.yaml
.terraform/secure.yamlclouds:
regiocloud:
auth:
password: PASSWORD -
Prepare for the deployment.
The versions of Ansible and OpenTofu are managed automatically, and necessary dependencies are cloned.
make prepare
tipIf any error occurs during preparation, and you want to run the preparation again, it is important to run
make wipe-local-install
first. Otherwise, the preparation will not be redone completely, and necessary parts will be missing later on.
Start deployement
-
Create the infrastructure with OpenTofu.
make ENVIRONMENT=regiocloud create
-
Deploy the OSISM manager and bootstrap all nodes.
- Deploy latest manager version
- Deploy a stable manager version
make ENVIRONMENT=regiocloud manager
make ENVIRONMENT=regiocloud VERSION_MANAGER=8.0.1 manager
Replace the version with the version you prefer. Check the OSISM release notes to find out what's available.
-
After the bootstrap, you can log in to the manager via SSH.
make ENVIRONMENT=regiocloud login
Yo can log in to the nodes of the cluster via the manager.
osism console testbed-node-0
-
Deploy all services.
- Deployment in single steps
- Deployment of all services
It is also possible to deploy the services step by step on the manager. To do this, first log in to the manager with
make ENVIRONMENT=regiocloud login
and then execute the deployment scripts one after the other. It is recommended to do this within a screen session.Deploying the services takes some time and depends on how much bandwidth is available, how the instances are equipped, etc. 90–120 minutes is not unusual when Ceph and OpenStack are fully deployed.
To speed up the Ansible playbooks, ARA can be disabled. This is done by executing
/opt/configuration/scripts/disable-ara.sh
. Run this script before the deployment scripts. Afterwards, no more logs are available in the ARA web interface. To re-enable ARA use/opt/configuration/scripts/enable-ara.sh
.There is also the option of pre-population of images with
/opt/configuration/scripts/pull-images.sh
so that deployments do not have to be lengthy. Run this script before the deployment scripts./opt/configuration/scripts/deploy/001-helpers.sh
/opt/configuration/scripts/deploy/100-ceph-with-ansible.sh
/opt/configuration/scripts/deploy/200-infrastructure.sh
/opt/configuration/scripts/deploy/300-openstack.sh
/opt/configuration/scripts/deploy/400-monitoring.sh
/opt/configuration/scripts/deploy/500-kubernetes.shPrepare OpenStack resources like public network, flavors and images by running
/opt/configuration/scripts/bootstrap.sh
. Run this script after the deployment scripts.infoIf you only want to deploy the monitoring services with
/opt/configuration/scripts/deploy/400-monitoring.sh
, a few dependencies must be deployed first. You can then use the monitoring services without having to install a complete OpenStack & Ceph environment.osism apply common
osism apply loadbalancer
osism apply opensearch
osism apply mariadbIn this single-step deployment, Ceph, OpenStack and all necessary infrastructure services (MariaDB, RabbitMQ, ...) are deployed. Depending on the cloud, the deployment will take some time. Up to two hours is not unusual.
make ENVIRONMENT=regiocloud deploy
Verify and adjust deployment
-
If you want to verify the deployment with refstack run
/opt/configuration/scripts/check.sh
. This step will take some time and is optional. -
The machine images required for the use of Kubernetes Cluster API and the amphora driver of OpenStack Octavia service are not provided by default to save resources on the OSISM Testbed and improve deployment time. These can be provisioned if required.
/opt/configuration/scripts/bootstrap/301-openstack-octavia-amhpora-image.sh
/opt/configuration/scripts/bootstrap/302-openstack-k8s-clusterapi-images.sh -
If you want, you can create a test project with a test user after login. It also creates an instance with a volume attached to a network with a router. This step is optional.
osism apply --environment openstack test
-
When the OSISM Testbed is no longer needed, it can be deleted.
make ENVIRONMENT=regiocloud clean