Skip to content →

Category: Yolanda’s Posts

Automated TripleO upgrades

Upgrading TripleO can be a hard task. While there are instructions on how to do it manually, having a set of playbooks that automate this task can help.With this purpose, I’ve created the TripleO upgrade automation playbooks (https://github.com/redhat-nfvpe/tripleo-upgrade-automation).Those are a set of playbooks that allow to upgrade an existing TripleO deployment, specially focused on versions from 8 to 10, and integrated with local mirrors (https://github.com/redhat-nfvpe/rhel-local-mirrors) In case you want to know more, please visit the tripleo-upgrade-automation project on github, and you’ll get instructions on how to properly use this repo to automate your upgrades.

Leave a Comment

Security hardened images with volumes

Starting to apply since Queens This article is a continuation of http://teknoarticles.blogspot.com.es/2017/07/build-and-use-security-hardened-images.html How to build the security hardened image with volumes Starting since Queens, security hardened images can be built using volumes. This will have the advantage of more flexibility when resizing the different filesystems. The process of building the security hardened image is the same as in the previous blogpost. But there have been a change in how the partitions, volumes and filesystems are defined. Now there is a pre-defined partition of 20G, and then volumes are created under it. Volume sizes are created on percentages, not in absolute…

Leave a Comment

Customize OpenStack images for booting from ISCSI

When working with OpenStack Ironic and Tripleo, and using the boot from ISCSI feature, you may need to add some kernel parameters into the deployment image for that to work.When using some specific hardware, you may need that the deployment image contains some specific kernel parameters on boot. For example, when trying to boot from ISCSI with IBFT nics, you need to add following kernel parameters: rd.iscsi.ibft=1 rd.iscsi.firmware=1   The TripleO image that is generated by default doesn’t contain those parameters, because they are very specific depending on the hardware you need. It is not also possible right now to send…

Leave a Comment

Deploying and upgrading TripleO with local mirrors

Continued from http://teknoarticles.blogspot.com.es/2017/08/automating-local-mirrors-creation-in.html In the previous blogpost, I explained how to automate the RHEL mirror creation using https://github.com/redhat-nfvpe/rhel-local-mirrors. Now we are going to learn how to deploy and upgrade TripleO using those. Deploying TripleO Undercloud To use local mirrors in the undercloud, you simply need to get the generated osp<version>.repo that you generated with the rhel-local-mirrors playbook, and copy it to /etc/yum.repos.d/ , in the undercloud host: sudo curl http://<local_mirror_ip>/osp<version>_repo/osp<version>.repo \-o /etc/yum.repos.d/osp.repo Then proceed with the standard instructions for deploy. Overcloud Each node from the overcloud (controllers, computes, etc…) needs to have a copy of the repository file from our…

Comments closed

Automating local mirrors creation in RHEL

Sometimes there is a need to consume RHEL mirrors locally, not using the Red Hat content delivery network. It may be needed to speed up some deployment, or due to network constraints. I create an ansible playbook, rhel-local-mirrors (https://github.com/redhat-nfvpe/rhel-local-mirrors), that can help with that. What does rhel-local-mirrors do? It is basically a tool that connects to the Red Hat CDN, and syncs the repositories locally, allowing to populate the desired mirrors, that can be accessed by other systems via HTTP. The playbook is performing several tasks, that can be run together or independently: register a system on the Red Hat…

Comments closed

Build and use security hardened images with TripleO

Starting to apply since Pike Concept of security hardened images Normally the images used for overcloud deployment in TripleO are not security hardened. It means, the images lack all the extra security measures needed to accomplish with ANSSI requirements. These extra measures are needed to deploy TripleO in environments where security is an important feature.The following recommendations are given to accomplish with security guidelines: ensure that /tmp is mounted on a separate volume or partition, and that it is mounted with rw,nosuid,nodev,noexec,relatime flags ensure that /var, /var/log and /var/log/audit are mounted on separates volumes or partitions, and that are mounted…

Comments closed

TripleO Quickstart deployments on baremetal using TOAD

This article is going to cover how to deploy TripleO Quickstart on baremetal. The undercloud will still be virtualized, but controller and compute will be deployed on baremetal.This post belongs to a serie. In order to get more knowledge about TOAD and tripleo-quickstart, please read http://teknoarticles.blogspot.com/2017/02/automated-osp-deployments-with-tripleo.html and http://teknoarticles.blogspot.com/2017/02/describing-cira-continuous-integration.html Requirements Hardware A baremetal server is needed to act as Jenkins slave + contain virtualized undercloud. A multi-core CPU, 16GB of RAM and 60GB of disk is the recommended setup. One server for each controller/compute that needs to be deployed. They need to have at least 8GB of RAM. Network IPMI access…

Comments closed

Automated OSP deployments with Tripleo Quickstart

In this article I’m going to show a method for automating OSP (RedHat OpenStack platform) deployments. These automated deployments can be very useful for CI, or simply to experiment and test with the system. Components involved ansible-cira: set of playbooks to deploy Jenkins, jenkins-job-builder and an optional ELK stack. This will install a ready to use system with all the preconfigured jobs (including OSP10 deployments and image building). ansible-cira jenkins-jobs: A set of job templates and macros, using jenkins-job-builder syntax, that get converted into Jenkins jobs for building the OSP base images and for deploying the system. ansible-cira job-configs: A…

Comments closed

Describing CIRA – Continuous Integration Rapid Automation

An overview of the CIRA framework and the advantages What is CIRA? Fully automated deployment using Ansible (single command spin up) Main goal: to automate OSP deployments for continuous integration (CI) and development purposes CIRA is a CI framework using off-the-shelf components that many partners are familiar with: Jenkins Jenkins Job Builder (JJB): http://docs.openstack.org/infra/jenkins-job-builder/  TripleO Quickstart (oooq): https://www.rdoproject.org/tripleo/  Optional ELK Stack (ElasticSearch, Logstash, Kibana)  Its core component is TripleO Quickstart, used for TripleO upstream testing Fully customizable with oooq settings; can be extended Deploy environments with one click; trash after finished  Of course itโ€™s open source! ๐Ÿ™‚ https://github.com/redhat-nfvpe/ansible-cira  https://github.com/redhat-nfvpe/jenkins-jobs  https://github.com/redhat-nfvpe/job-configs…

Comments closed

Describing TOAD – Continuous Integration Rapid Automation

An overview of the TOAD framework and the advantages What is TOAD? Fully automated deployment using Ansible (single command spin up) Main goal: to automate OSP deployments for continuous integration (CI) and development purposes TOAD is a CI framework using off-the-shelf components that many partners are familiar with: Jenkins Jenkins Job Builder (JJB): http://docs.openstack.org/infra/jenkins-job-builder/  TripleO Quickstart (oooq): https://www.rdoproject.org/tripleo/  Optional ELK Stack (ElasticSearch, Logstash, Kibana)  Its core component is TripleO Quickstart, used for TripleO upstream testing Fully customizable with oooq settings; can be extended Deploy environments with one click; trash after finished  Of course itโ€™s open source! ๐Ÿ™‚ https://github.com/redhat-nfvpe/toad https://github.com/redhat-nfvpe/jenkins-jobs  https://github.com/redhat-nfvpe/job-configs…

Comments closed