Pietro Abate

batch instance creation with ganeti

Now that my infrastructure is up and running I’d love to have a command to create a small cluster of VM for a specific purpose. Up until now to create my VMs I’ve used a simple script calling the following command line.

gnt-instance add -t plain --disk 0:size=10G --disk 1:size=1G -B memory=1024 -o debootstrap+unstable --no-ip-check --no-name-check --iallocator hail cbse4

Then reading the gnt-instance I discovered the batch-create command.

After writing the script I realized I’ve done all this just to satisfy my need of using a json snippet. But I guess my script is not longer and less understandable then before… Ah well. This is a bit from the Dpt of useless optimizations… Anyway there you go.

The gnt-instance man page is a bit low on details about the syntax to use. Looking at the queue directory (/var/lib/ganeti/queue) you can have a look at the json generated by the command line above. From there it’s easy to figure out the various options you can use.

# cat cbse.json 
{
  "cbse1": {
    "template": "plain",
    "iallocator": "hail",
    "os": "debootstrap+unstable",
    "disk_size": ["10G","1G"],
    "backend": {"memory": 1024},
    "ip_check" : false,
    "name_check": false
  }
}

Once you got this bit, we can easily script the creation of multiple instance :

#!/bin/bash

set -x 
name=$1
start=$2
end=$3

tmpfile=`tempfile`

echo "{" > $tmpfile
for i in $(eval echo {$start..$end}); do

cat >> $tmpfile <<EOF
  "$name$i": {
    "template": "plain",
    "iallocator": "hail",
    "os": "debootstrap+unstable",
    "disk_size": ["10G","1G"],
    "backend": {"memory": 1024},
    "ip_check" : false,
    "name_check": false
  }
EOF

if [ $i != $end ]; then
    echo "," >> $tmpfile
fi

done
echo "}" >> $tmpfile

cat $tmpfile
gnt-instance batch-create $tmpfile

Consider that the json snippet above can include a number of other parameters specific to the hypervisor you are using. In my setup, I’ve configured the hypervisor once for all with the following options:

gnt-cluster modify --hypervisor-parameter xen-pvm:root_path='/dev/xvda1'
gnt-cluster modify --hypervisor-parameter xen-pvm:initrd_path='/boot/initrd-2.6-xenU'

bootstrap puppet with ganeti

Third post about ganeti.

Ganet-debootstrap-instance contains a nice set of scripts to create a debian (or derivatives) image using debootstrap. Images can be configured and customized by writing simple hooks script to modify various aspects of the default installation. However writing these script is not really fun and pushing it too far can lead to long messy scripts, loosing the overall benefit of automatic configuration.

Puppet is my configuration management tool of choice, but installing puppet on a new machine requires few magic incantations that the user should perform manually, or in a semi automatic mode (autosign=true) to make it work. My goal is to install puppet automatically on the newly created instance so it will run and configure the new instance at the first boot. From that moment on I’ll forget about ganeti and configure all remaining services of my new VM using puppet.

In order to do so, we need to install puppet (and apt-get update/upgrade…), create the ssl certificates for the client and enabling the puppet daemon on the client. We add another hook in /etc/ganeti/instance-debootstrap/hooks/ :

if [ -z "$TARGET" -o ! -d "$TARGET" ]; then
  echo "Missing target directory"
  exit 1
fi

LANG=C
chroot "$TARGET" apt-get -y --force-yes update
chroot "$TARGET" apt-get -y --force-yes upgrade

# install puppet on the client
chroot "$TARGET" apt-get -y --force-yes install puppet

DOMAIN=localnet.org
instance=$INSTANCE_NAME.$DOMAIN

echo "Installing puppet certificates for $instance"
puppetca clean $instance
puppetca -g $instance

mkdir -p $TARGET/etc/puppet
mkdir -p $TARGET/var/lib/puppet/ssl/private_keys/
mkdir -p $TARGET/var/lib/puppet/ssl/certs/

cp /var/lib/puppet/ssl/private_keys/$instance.pem $TARGET/var/lib/puppet/ssl/private_keys/
rm -f $TARGET/var/lib/puppet/ssl/public_keys/$instance.pem

cp /var/lib/puppet/ssl/certs/$instance.pem $TARGET/var/lib/puppet/ssl/certs/
cp /var/lib/puppet/ssl/certs/ca.pem $TARGET/var/lib/puppet/ssl/certs/

chown root. $TARGET/var/lib/puppet/ssl/private_keys/$instance.pem
chmod 0400 $TARGET/var/lib/puppet/ssl/private_keys/$instance.pem

chown root. $TARGET/var/lib/puppet/ssl/certs/$instance.pem
chmod 0640 $TARGET/var/lib/puppet/ssl/certs/$instance.pem

chown root. $TARGET/var/lib/puppet/ssl/certs/ca.pem
chmod 0641 $TARGET/var/lib/puppet/ssl/certs/ca.pem

#echo "server=puppet" >> /etc/puppet/puppet.conf

echo "START=yes" > $TARGET/etc/default/puppet
echo "DAEMON_OPTS=\"\"" >> $TARGET/etc/default/puppet

This script uses puppetca to create on the puppet (and ganeti) server the client key, sign it, and then copy it to the target machine. Notice that we create the certificate for a fqnd name $INSTANCE_NAME.$DOMAIN or otherwise puppet will complain loudly. This is not strictly needed, but if you want to do otherwise, you’ll need to fiddle with the puppet configuration a bit more. The procedure to create a puppet certificate server-side is well documented on the puppet website, so if you are curious about the details duck-duck-it .

add swap hook for ganeti-deboostrap-instance

Second post about ganeti. This time I’ll talk about adding a swap partition to an image added with ganeti-deboostrap-instance. Browsing the web, it seems that an old version of the ganeti debostrap script allowed for the creation of a swap partition from the command line. The actual version in sid does not, so, if you want to add a swap partition, you need to write a small hook in /etc/ganeti/instance-debootstrap/hooks/.

Part of the code below is taken from the instance-debootstrap script.

if [ $DISK_COUNT -lt 2 -o -z "$DISK_1_PATH" ]; then
    log_error "Skip swap creation"
    exit 0
fi

swapdev=$DISK_1_PATH

# Make sure we're not working on the root directory
if [ -z "$TARGET" -o "$TARGET" = "/" ]; then
    echo "Invalid target directory '$TARGET', aborting." 1>&2
    exit 1
fi

if [ "$(mountpoint -d /)" = "$(mountpoint -d "$TARGET")" ]; then
    echo "The target directory seems to be the root dir, aborting."  1>&2
    exit 1
fi

if [ -f /sbin/blkid -a -x /sbin/blkid ]; then
  VOL_ID="/sbin/blkid -o value -s UUID"
  VOL_TYPE="/sbin/blkid -o value -s TYPE"
else
  for dir in /lib/udev /sbin; do
    if [ -f $dir/vol_id -a -x $dir/vol_id ]; then
      VOL_ID="$dir/vol_id -u"
      VOL_TYPE="$dir/vol_id -t"
    fi
  done
fi

if [ -z "$VOL_ID" ]; then
  log_error "vol_id or blkid not found, please install udev or util-linux"
  exit 1
fi

if [ -n "$swapdev" ]; then
  mkswap $swapdev
  swap_uuid=$($VOL_ID $swapdev || true )
fi

[ -n "$swapdev" -a -n "$swap_uuid" ] && cat >> $TARGET/etc/fstab <<EOF
UUID=$swap_uuid   swap            swap    defaults        0       0
EOF

This script does two things: first it checks if the user passed a second disk argument to the gnt-instance add call. I decided arbitrarily that the second disk is going to be used a swap disk. Second it figures out the vol-id of this disk, create the swap partition and write an entry in the fstab. All in all it’s a straightforward procedure, but I love when I can cut and paste easy scripts :)

The call to create the instance is as follows, using a disk of 5G for the system and a disk of 1G for the swap.

gnt-instance add -t plain --disk 0:size=5G --disk 1:size=1G -B memory=1024 -o debootstrap+unstable --no-ip-check --no-name-check node1 ```


            
            
                how to create VMs with ganeti / xen and dnsmasq
                    

    Date
    
         Sat 19 May 2012
    





Tags
	debian
        /
	ganeti
        /
	xen
    
                    
                I’ll start here a small series of posts about ganeti, xen and puppet.
For my work I run few servers sitting on xen and it has always been a
bit of a pain to create a new instance and keep it up to date. Up to
now I’ve used the excellent xen-create-image tool to create my VMs,
but I wanted to try something new and more sexy… Last week I finally
found some time to learn (and a spare box to run my experiments) how
to use ganeti. Ganeti is the only
tool I tried out, but it seems to fit the bill for my use and it seems
polished and mature project to me… Moreover I’ve seen a presentation
about it in every FLOSS conference I’ve attended in the last few years
and I thought it was time to give it a try.
Installing and configuring ganeti is fairly easy, there is a lot of
documentation available and this post is not going to be about
installing it, but rather how to create a new bare instance with
ganeti-deboostrap-instance. There is also a way to create a new
instance from an image, but I didn’t go that way yet.
This first post is about the first problem I’ve encountered, that is,
how to automatically assign a network address and a name to each new
instance created by gnt-instance add. Since all my instances should
be able to communicate together on the same subnet, I’ve decided to
configure xen to create a NATted private network and add each new
instance to this network.
The first step is to create an interface in /etc/network/interfaces .
auto xen-br0
iface xen-br0 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    bridge_stp off
    bridge_fd 0
    bridge_ports none



This is the standard debian way but since xen uses a different naming
convention (here I’m using ganeti naming convention xenbr0 vs
xen-br0), I need to convince tell xen what I intend to do by adding
these lines in /etc/xen/xend.config :
(network-script 'network-virtual bridgeip="10.0.0.1/24" brnet="10.0.0.0/24" bridge="xen-br0"')
(vif-script     vif-bridge)



Next I have  to connect my real network interface to the private
network using few iptables rules in /etc/rc.local (probably there is
a better place to do this…):
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o xen-br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i xen-br0 -o eth0 -j ACCEPT



The xen setup is complete and every new image should have a vif
connected to the subbet 10.0.0.0. The xen setup corresponds to the
physical wiring of the network. The next step is to configure each
instance so to allow them to communicate on this subnet. Since I build
my VMs using ganeti-debootstrap-instance, and by default
debootstrap does not configure the network, we need to add a new hook
in the directory /etc/ganeti/instance-debootstrap/hooks.
#!/bin/bash
if [ -z "$TARGET" -o ! -d "$TARGET" ]; then
  echo "Missing target directory"
  exit 1
fi

if [ ! -d "$TARGET/etc/network" ]; then
  echo "Missing target network directory"
  exit 1
fi

if [ -z "$NIC_COUNT" ]; then
  echo "Missing NIC COUNT"
  exit 1
fi

if [ "$NIC_COUNT" -gt 0 ]; then

  cat > $TARGET/etc/network/interfaces <<EOF
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

EOF

fi

DAEMON_PID_FILES="/var/run/dnsmasq.pid /var/run/dnsmasq/dnsmasq.pid"

instance=$INSTANCE_NAME
[ -n "$instance" ] || exit 1
nic_count=$((NIC_COUNT - 1))
mac_var="NIC_${nic_count}_MAC"
echo $mac_var
echo $nic_count
mac=${!mac_var}
echo $mac
echo "dhcp-host=$mac,$instance" > /etc/dnsmasq.d/$instance.conf



This hook will do two things. First it will configure the interfaces
of the new instance to get configured using dhcp, second, it will add
an entry to the dnsmasq configuration file to make this instance known
to the world. This basically boils down to add a file in
/etc/dnsmasq.d/ with the mac address of the new instance and its
designated name. Dnsmasq will then provide an ip address for this
instance and add it to the dns.
dhcp-host=aa:00:00:24:6c:8a,node1
Configuring dnsmasq is pretty easy as well. First I want it to answer
dhcp queries only on the internal network, second I want to configure
my clients passing 10.0.0.1 as nameserver and gataway. You can just
add the following lines in /etc/dnsmasq.d/general to get it going.
interface=xen-br0
interface=lo
dhcp-range=10.0.0.128,10.0.0.250
domain=localnet.org,10.0.0.128,10.0.0.250
dhcp-option=3,10.0.0.1
bogus-priv
#expand-hosts
local=/localnet.org/



To create your new instance you can just run the following command :
gnt-instance add -t plain -s 5g -B memory=1024 -o  debootstrap+unstable --no-ip-check --no-name-check node1



If you are running your dom0 on debian squeeze before running this
command you should configure ganeti to pass the right xen parameters
to the newly created instance :
gnt-cluster modify --hypervisor-parameter xen-pvm:root_path='/dev/xvda1'
gnt-cluster modify --hypervisor-parameter xen-pvm:initrd_path='/boot/initrd-2.6-xenU'



I use —no-ip-check and  —no-name-check to skip ip and dns
check performed by ganeti and to avoid a sort of chicken-egg problem,
where the name and address of this new instance is yet unknown to
dnsmasq and that node1 is the name that will be used by the hook to
add an entry in the dnsmasq configuration. debootstrap+unstable is a
variant of the default configuration and you need to add it to the
list of variants used by ganeti-deboostrap-instance.
That should be it. The new instance should come up with a dynamically
assigned ip address, able to talk to the outside world and
automatically known by all the other machine on the subnet via dns.
Next post will be about how to add a swap hook for ganete-debootstrap-istance.