This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
heat-windows [2014/02/04 01:46] admin |
heat-windows [2014/04/14 22:23] (current) admin |
||
---|---|---|---|
Line 5: | Line 5: | ||
Most of the tools involved traditionally in OpenStack guest provisioning and orchestration are Linux specific and need to be ported, integrated or replaced with other alternatives in order to support Windows guests. | Most of the tools involved traditionally in OpenStack guest provisioning and orchestration are Linux specific and need to be ported, integrated or replaced with other alternatives in order to support Windows guests. | ||
- | Furthermore, | + | Furthermore, |
===== Cloudbase-Init ===== | ===== Cloudbase-Init ===== | ||
- | [[https:// | + | [[https:// |
- | The project started as a complete separate implementation, | + | The project started as a complete separate implementation, |
- | The architecture of cloudbase-init is platform independent and beside the stock Windows support, a FreeBSD fork has been recently published by third parties. | + | Cloudbase-Init is platform independent and beside the stock Windows support, a FreeBSD fork has been recently published by third parties. |
A [[http:// | A [[http:// | ||
- | Support for metadata currently includes Nova (HTTP), ConfigDriveV2 and EC2. Features are provided in the form of an extendible plugin framework, including: | + | Support for metadata currently includes Nova (HTTP), ConfigDriveV2 and EC2. Features are provided in the form of an extendible plugin framework, |
* Host name management | * Host name management | ||
Line 23: | Line 23: | ||
* Network configuration | * Network configuration | ||
* SSH public keys deployment | * SSH public keys deployment | ||
- | * Volumes extension | + | * Volumes |
* WinRM server configuration | * WinRM server configuration | ||
* WinRM password-less certificate authentication | * WinRM password-less certificate authentication | ||
* User data scripts (including multi-part support) | * User data scripts (including multi-part support) | ||
- | User data management includes support for executing PowerShell, Command line batches and Bash scripts, along with multipart support, which in turn includes Heat support. | + | User data management includes support for executing PowerShell, Command line batches |
- | Different content types available in multipart user data workloads are handled via an extensible plugin framework, which currently | + | Different content types available in multipart user data workloads are handled via an extensible plugin framework, which currently |
- | On Linux, Heat support is currently managed via a part-handler and a shellscript for Heat user data execution | + | On Linux, Heat support is currently managed via a part-handler and a shellscript for Heat user data execution, not supporting |
- | Heat support can be considered complete in Cloudbase-Init. | + | Heat support can thus be considered complete in Cloudbase-Init. |
+ | |||
+ | Here's an example of Heat user data, showing Linux specific Python code: http:// | ||
+ | |||
+ | ==== Troubleshooting ==== | ||
+ | |||
+ | All the operations executed by Cloudbase-Init are logged to file and can be optionally logged to a serial port. The latter allows to perform troubleshooting by accessing the console log in Horizon or via **nova console-log**. | ||
+ | |||
+ | {{: | ||
===== Windows specific Heat issues ===== | ===== Windows specific Heat issues ===== | ||
Line 48: | Line 56: | ||
This is accomplished by exiting the script with a special value: | This is accomplished by exiting the script with a special value: | ||
- | * 1001: Reboot and don't execute the user data plugin during the next boot | + | |
- | * 1003: Reboot and execute the user data plugin during the next boot | + | |
- | The script can keep track of the current state before a reboot by using custom registry values in order to resume execution at the desired point during the next boot. | + | The user data script can keep track of the current state before a reboot by using custom registry values in order to resume execution at the desired point during the next boot. |
+ | |||
+ | ==== Password-less authentication ==== | ||
+ | |||
+ | Access to Linux instances can be performed via SSH without using a password by employing public key authentication and a keypair deployed via Nova. Windows can use client certificate authentication with WinRM for this objective, as described [[http:// | ||
==== Domain join passwords ==== | ==== Domain join passwords ==== | ||
Line 60: | Line 72: | ||
A partial solution for avoiding the need to specify clear text passwords as template parameters is to deploy a keypair in the instance, use the public key to encrypt the sensitive data and subsequently the private key during user data script execution for decryption. The main security limit of this option is that all instances of a given image will share the same keypair. | A partial solution for avoiding the need to specify clear text passwords as template parameters is to deploy a keypair in the instance, use the public key to encrypt the sensitive data and subsequently the private key during user data script execution for decryption. The main security limit of this option is that all instances of a given image will share the same keypair. | ||
+ | |||
+ | ==== Volumes ==== | ||
+ | |||
+ | New volumes are attached unpartitioned, | ||
+ | A new volume must be set online, initialized and partitioned. New partitions need also to be formatted and if necessary a drive letter can be assigned as well. | ||
+ | |||
+ | The following example performs all the required activities, including assigning the " | ||
+ | |||
+ | <code powershell> | ||
+ | $d = Get-Disk | where {$_.OperationalStatus -eq " | ||
+ | $d | Set-Disk -IsOffline $false | ||
+ | $d | Initialize-Disk -PartitionStyle MBR | ||
+ | $p = $d | New-Partition -UseMaximumSize -DriveLetter " | ||
+ | $p | Format-Volume -FileSystem NTFS -NewFileSystemLabel " | ||
+ | </ | ||
==== Install ISOs ==== | ==== Install ISOs ==== | ||
Line 67: | Line 94: | ||
===== Template examples ===== | ===== Template examples ===== | ||
- | Here's a simple CFN template snippet showing how to use PowerShell to configure the first Active Directory domain controller in a forest: | + | Here's a simple CFN template snippet showing how to use PowerShell to configure the first Active Directory domain controller in a forest |
<code javascript> | <code javascript> | ||
Line 90: | Line 117: | ||
===== CFN Tools ===== | ===== CFN Tools ===== | ||
- | Am OpenStack implementation of the AWS CloudFormation bootstrapping tools is available | + | An OpenStack implementation of the AWS CloudFormation bootstrapping tools is available: |
The heat-cfntools are currently not supported on Windows. Implementing the platform specific features is not a particularly complicated task and would require as a minimum: | The heat-cfntools are currently not supported on Windows. Implementing the platform specific features is not a particularly complicated task and would require as a minimum: |