This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
heat-windows [2014/02/04 00:58] admin |
heat-windows [2014/04/14 22:23] (current) admin |
||
---|---|---|---|
Line 3: | Line 3: | ||
As OpenStack is gaining traction in the enterprise world, the number of users asking for Microsoft Windows instances support is progressively increasing with a fast pace. | As OpenStack is gaining traction in the enterprise world, the number of users asking for Microsoft Windows instances support is progressively increasing with a fast pace. | ||
- | Most of the tools involved traditionally in OpenStack guest provisioning and orchestration are Linux specific and require to some extent | + | Most of the tools involved traditionally in OpenStack guest provisioning and orchestration are Linux specific and need to be ported, integrated or replaced with other alternatives in order to support Windows guests. |
- | Furthermore, | + | Furthermore, |
===== Cloudbase-Init ===== | ===== Cloudbase-Init ===== | ||
- | [[https:// | + | [[https:// |
- | The project started as a complete separate implementation, | + | The project started as a complete separate implementation, |
- | The architecture of cloudbase-init is platform independent and beside the stock Windows support, a FreeBSD fork has been recently published by third parties. | + | Cloudbase-Init is platform independent and beside the stock Windows support, a FreeBSD fork has been recently published by third parties. |
- | [[http:// | + | A [[http:// |
- | Support for metadata currently includes Nova (HTTP), ConfigDriveV2 and EC2. Features are provided in the form of an extendible plugin framework, including: | + | Support for metadata currently includes Nova (HTTP), ConfigDriveV2 and EC2. Features are provided in the form of an extendible plugin framework, |
* Host name management | * Host name management | ||
Line 23: | Line 23: | ||
* Network configuration | * Network configuration | ||
* SSH public keys deployment | * SSH public keys deployment | ||
- | * Volumes extension | + | * Volumes |
* WinRM server configuration | * WinRM server configuration | ||
* WinRM password-less certificate authentication | * WinRM password-less certificate authentication | ||
* User data scripts (including multi-part support) | * User data scripts (including multi-part support) | ||
- | User data management includes support for executing PowerShell, Command line batches and Bash scripts, along with multipart support, which in turn includes Heat support. | + | User data management includes support for executing PowerShell, Command line batches |
- | Different content types available in multipart user data workloads are handled via an extensible plugin framework, which currently | + | Different content types available in multipart user data workloads are handled via an extensible plugin framework, which currently |
- | On Linux, Heat support is currently managed via a part-handler and a shellscript for Heat user data execution | + | On Linux, Heat support is currently managed via a part-handler and a shellscript for Heat user data execution, not supporting |
- | Heat support can be considered complete in Cloudbase-Init. | + | Heat support can thus be considered complete in Cloudbase-Init. |
+ | |||
+ | Here's an example of Heat user data, showing Linux specific Python code: http:// | ||
+ | |||
+ | ==== Troubleshooting ==== | ||
+ | |||
+ | All the operations executed by Cloudbase-Init are logged to file and can be optionally logged to a serial port. The latter allows to perform troubleshooting by accessing the console log in Horizon or via **nova console-log**. | ||
+ | |||
+ | {{: | ||
===== Windows specific Heat issues ===== | ===== Windows specific Heat issues ===== | ||
Line 48: | Line 56: | ||
This is accomplished by exiting the script with a special value: | This is accomplished by exiting the script with a special value: | ||
- | * 1001: Reboot and don't execute the user data plugin during the next boot | + | |
- | * 1003: Reboot and execute the user data plugin during the next boot | + | |
- | The script can keep track of the current state before a reboot by using custom registry values in order to resume execution at the desired point during the next boot. | + | The user data script can keep track of the current state before a reboot by using custom registry values in order to resume execution at the desired point during the next boot. |
+ | |||
+ | ==== Password-less authentication ==== | ||
+ | |||
+ | Access to Linux instances can be performed via SSH without using a password by employing public key authentication and a keypair deployed via Nova. Windows can use client certificate authentication with WinRM for this objective, as described [[http:// | ||
==== Domain join passwords ==== | ==== Domain join passwords ==== | ||
Line 59: | Line 71: | ||
The same does not apply for example in the case of domain credentials required to join a virtual machine resource to an Active Directory domain. | The same does not apply for example in the case of domain credentials required to join a virtual machine resource to an Active Directory domain. | ||
- | Install ISOs | + | A partial solution for avoiding the need to specify clear text passwords as template parameters is to deploy a keypair in the instance, use the public key to encrypt the sensitive data and subsequently the private key during user data script execution for decryption. The main security limit of this option is that all instances of a given image will share the same keypair. |
- | Template examples | + | ==== Volumes ==== |
- | cfntools | + | New volumes are attached unpartitioned, |
+ | A new volume must be set online, initialized and partitioned. New partitions need also to be formatted and if necessary a drive letter can be assigned as well. | ||
+ | The following example performs all the required activities, including assigning the " | ||
+ | |||
+ | <code powershell> | ||
+ | $d = Get-Disk | where {$_.OperationalStatus -eq " | ||
+ | $d | Set-Disk -IsOffline $false | ||
+ | $d | Initialize-Disk -PartitionStyle MBR | ||
+ | $p = $d | New-Partition -UseMaximumSize -DriveLetter " | ||
+ | $p | Format-Volume -FileSystem NTFS -NewFileSystemLabel " | ||
+ | </ | ||
+ | |||
+ | ==== Install ISOs ==== | ||
+ | |||
+ | Most Microsoft workloads deployments require access to install media (ISO images), for Example Microsoft Exchange Server, SharePoint or SQL Server, which cannot be simply downloaded on the instance due to size and licensing constraints. A solution consists in placing the images on a volume to be attached to the virtual machine resources defined in the template. | ||
+ | |||
+ | ===== Template examples ===== | ||
+ | |||
+ | Here's a simple CFN template snippet showing how to use PowerShell to configure the first Active Directory domain controller in a forest and requesting a reboot once done: | ||
+ | |||
+ | <code javascript> | ||
+ | " | ||
+ | "# | ||
+ | " | ||
+ | " | ||
+ | "$user = [ADSI]' | ||
+ | "# Disable user\n", | ||
+ | "# | ||
+ | "# | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | "exit 1001\n", | ||
+ | ]]}} | ||
+ | </ | ||
+ | |||
+ | More Windows Heat templates examples are available here: https:// | ||
+ | |||
+ | ===== CFN Tools ===== | ||
+ | |||
+ | An OpenStack implementation of the AWS CloudFormation bootstrapping tools is available: | ||
+ | |||
+ | The heat-cfntools are currently not supported on Windows. Implementing the platform specific features is not a particularly complicated task and would require as a minimum: | ||
+ | |||
+ | * Platform specific configuration path (" | ||
+ | * Packaging MSI support | ||
+ | * Windows services configuration | ||
+ | * Windows commands | ||
+ | |||
+ | As an alternative, | ||
http:// | http:// | ||
+ |