devtest_overcloud
=================

#. Create your overcloud control plane image.
   
   This is the image the undercloud
   will deploy to become the KVM (or QEMU, Xen, etc.) cloud control plane.
   
   ``$OVERCLOUD_CONTROL_DIB_EXTRA_ARGS`` and ``$OVERCLOUD_COMPUTE_DIB_EXTRA_ARGS`` are
   meant to be used to pass additional build-time specific arguments to
   ``disk-image-create``.
   
   ``$SSL_ELEMENT`` is used when building a cloud with SSL endpoints - it should be
   set to openstack-ssl in that situation.
   ::

        NODE_ARCH=$(os-apply-config -m $TE_DATAFILE --key arch --type raw)

            $TRIPLEO_ROOT/diskimage-builder/bin/disk-image-create $NODE_DIST \
                -a $NODE_ARCH -o $TRIPLEO_ROOT/overcloud-control hosts \
                baremetal boot-stack cinder-api cinder-volume os-collect-config horizon \
                neutron-network-node dhcp-all-interfaces swift-proxy swift-storage \
                $DIB_COMMON_ELEMENTS $OVERCLOUD_CONTROL_DIB_EXTRA_ARGS ${SSL_ELEMENT:-} 2>&1 | \
                tee $TRIPLEO_ROOT/dib-overcloud-control.log

#. Load the image into Glance:
   ::

        OVERCLOUD_CONTROL_ID=$(load-image -d $TRIPLEO_ROOT/overcloud-control.qcow2)

#. Create your overcloud compute image. This is the image the undercloud
   deploys to host KVM (or QEMU, Xen, etc.) instances.
   ::

            $TRIPLEO_ROOT/diskimage-builder/bin/disk-image-create $NODE_DIST \
                -a $NODE_ARCH -o $TRIPLEO_ROOT/overcloud-compute hosts \
                baremetal nova-compute nova-kvm neutron-openvswitch-agent os-collect-config \
                dhcp-all-interfaces $DIB_COMMON_ELEMENTS $OVERCLOUD_COMPUTE_DIB_EXTRA_ARGS 2>&1 | \
                tee $TRIPLEO_ROOT/dib-overcloud-compute.log

#. Load the image into Glance:
   ::

        OVERCLOUD_COMPUTE_ID=$(load-image -d $TRIPLEO_ROOT/overcloud-compute.qcow2)

#. For running an overcloud in VM's. For Physical machines, set to kvm:
   ::

        OVERCLOUD_LIBVIRT_TYPE=${OVERCLOUD_LIBVIRT_TYPE:-"qemu"}

#. Set the public interface of overcloud network node::
   ::

        NeutronPublicInterface=${NeutronPublicInterface:-'eth0'}

#. If you want to permit VM's access to bare metal networks, you need
   to define flat-networks and bridge mappings in Neutron::
   ::

        OVERCLOUD_FLAT_NETWORKS=${OVERCLOUD_FLAT_NETWORKS:-''}
        OVERCLOUD_BRIDGE_MAPPINGS=${OVERCLOUD_BRIDGE_MAPPINGS:-''}
        OVERCLOUD_HYPERVISOR_PHYSICAL_BRIDGE=${OVERCLOUD_HYPERVISOR_PHYSICAL_BRIDGE:-''}
        OVERCLOUD_HYPERVISOR_PUBLIC_INTERFACE=${OVERCLOUD_HYPERVISOR_PUBLIC_INTERFACE:-''}

#. If you are using SSL, your compute nodes will need static mappings to your
   endpoint in ``/etc/hosts`` (because we don't do dynamic undercloud DNS yet).
   set this to the DNS name you're using for your SSL certificate - the heat
   template looks up the controller address within the cloud::

        OVERCLOUD_NAME=${OVERCLOUD_NAME:-''}

#. Choose whether to deploy or update. Use stack-update to update::

        HEAT_OP=stack-create


#. Wait for the BM cloud to register BM nodes with the scheduler::

        expected_nodes=$((1+$OVERCLOUD_COMPUTESCALE))
        wait_for 60 1 [ "\$(nova hypervisor-stats | awk '\$2==\"count\" { print \$4}')" -ge $expected_nodes ]

#. Deploy an overcloud::

        setup-overcloud-passwords
        source tripleo-overcloud-passwords

        make -C $TRIPLEO_ROOT/tripleo-heat-templates overcloud.yaml COMPUTESCALE=$OVERCLOUD_COMPUTESCALE
        heat $HEAT_OP -f $TRIPLEO_ROOT/tripleo-heat-templates/overcloud.yaml \
            -P "AdminToken=${OVERCLOUD_ADMIN_TOKEN}" \
            -P "AdminPassword=${OVERCLOUD_ADMIN_PASSWORD}" \
            -P "CinderPassword=${OVERCLOUD_CINDER_PASSWORD}" \
            -P "CloudName=${OVERCLOUD_NAME}" \
            -P "GlancePassword=${OVERCLOUD_GLANCE_PASSWORD}" \
            -P "HeatPassword=${OVERCLOUD_HEAT_PASSWORD}" \
            -P "HypervisorNeutronPhysicalBridge=${OVERCLOUD_HYPERVISOR_PHYSICAL_BRIDGE}" \
            -P "HypervisorNeutronPublicInterface=${OVERCLOUD_HYPERVISOR_PUBLIC_INTERFACE}" \
            -P "NeutronFlatNetworks=${OVERCLOUD_FLAT_NETWORKS}" \
            -P "NeutronBridgeMappings=${OVERCLOUD_BRIDGE_MAPPINGS}" \
            -P "NeutronPassword=${OVERCLOUD_NEUTRON_PASSWORD}" \
            -P "NovaPassword=${OVERCLOUD_NOVA_PASSWORD}" \
            -P "NeutronPublicInterface=${NeutronPublicInterface}" \
            -P "SwiftPassword=${OVERCLOUD_SWIFT_PASSWORD}" \
            -P "SwiftHashSuffix=${OVERCLOUD_SWIFT_HASH}" \
            -P "NovaComputeLibvirtType=${OVERCLOUD_LIBVIRT_TYPE}" \
            -P "SSLCertificate=${OVERCLOUD_SSL_CERT}" \
            -P "SSLKey=${OVERCLOUD_SSL_KEY}" \
            overcloud


   You can watch the console via ``virsh``/``virt-manager`` to observe the PXE
   boot/deploy process.  After the deploy is complete, the machines will reboot
   and be available.

#. While we wait for the stack to come up, build an end user disk image and
   register it with glance.::

            $TRIPLEO_ROOT/diskimage-builder/bin/disk-image-create $NODE_DIST vm \
                -a $NODE_ARCH -o $TRIPLEO_ROOT/user 2>&1 | tee $TRIPLEO_ROOT/dib-user.log

#. Get the overcloud IP from 'nova list'
   ::

        wait_for_stack_ready 300 10 $STACKNAME
        OVERCLOUD_IP=$(nova list | grep "notCompute0.*ctlplane\|controller.*ctlplane" | sed  -e "s/.*=\\([0-9.]*\\).*/\1/")

#. We don't (yet) preserve ssh keys on rebuilds.
   ::

        ssh-keygen -R $OVERCLOUD_IP

#. Export the overcloud endpoint and credentials to your test environment.
   ::

        OVERCLOUD_ENDPOINT="http://$OVERCLOUD_IP:5000/v2.0"
        NEW_JSON=$(jq '.overcloud.password="'${OVERCLOUD_ADMIN_PASSWORD}'" | .overcloud.endpoint="'${OVERCLOUD_ENDPOINT}'" | .overcloud.endpointhost="'${OVERCLOUD_IP}'"' $TE_DATAFILE)
        echo $NEW_JSON > $TE_DATAFILE

#. Source the overcloud configuration::

        source $TRIPLEO_ROOT/tripleo-incubator/overcloudrc

#. Exclude the overcloud from proxies::

        export no_proxy=$no_proxy,$OVERCLOUD_IP

#. If we updated the cloud we don't need to do admin setup again - skip down to `Wait for Nova Compute`_.


#. Perform admin setup of your overcloud.
   ::

        init-keystone -p $OVERCLOUD_ADMIN_PASSWORD $OVERCLOUD_ADMIN_TOKEN \
            $OVERCLOUD_IP admin@example.com heat-admin@$OVERCLOUD_IP \
            ${SSLBASE:+--ssl $PUBLIC_API_URL}
        setup-endpoints $OVERCLOUD_IP --cinder-password $OVERCLOUD_CINDER_PASSWORD \
            --glance-password $OVERCLOUD_GLANCE_PASSWORD \
            --heat-password $OVERCLOUD_HEAT_PASSWORD \
            --neutron-password $OVERCLOUD_NEUTRON_PASSWORD \
            --nova-password $OVERCLOUD_NOVA_PASSWORD \
            --swift-password $OVERCLOUD_SWIFT_PASSWORD \
            ${SSLBASE:+--ssl $PUBLIC_API_URL}
        keystone role-create --name heat_stack_user
        # Creating these roles to be used by tenants using swift
        keystone role-create --name=swiftoperator
        keystone role-create --name=ResellerAdmin
        user-config
        setup-neutron "" "" 10.0.0.0/8 "" "" "" 192.0.2.45 192.0.2.64 192.0.2.0/24

#. If you want a demo user in your overcloud (probably a good idea).
   ::

        os-adduser -p $OVERCLOUD_DEMO_PASSWORD demo demo@example.com

#. Workaround https://bugs.launchpad.net/diskimage-builder/+bug/1211165.
   ::

        nova flavor-delete m1.tiny
        nova flavor-create m1.tiny 1 512 2 1

#. Register the end user image with glance.
   ::

        glance image-create --name user --public --disk-format qcow2 \
            --container-format bare --file $TRIPLEO_ROOT/user.qcow2


#. _`Wait for Nova Compute`
   ::

        wait_for 30 10 nova service-list --binary nova-compute 2\>/dev/null \| grep 'enabled.*\ up\ '

#. Wait for L2 Agent On Nova Compute
   ::

        wait_for 30 10 neutron agent-list -f csv -c alive -c agent_type -c host \| grep "\":-).*Open vSwitch agent.*overcloud-novacompute\""

#. Log in as a user.
   ::

        source $TRIPLEO_ROOT/tripleo-incubator/overcloudrc-user

#. If you just created the cloud you need to add your keypair to your user.
   ::

        user-config

#. So that you can deploy a VM.
   ::

        nova boot --key-name default --flavor m1.tiny --image user demo

#. Add an external IP for it.
   ::

        wait_for 10 5 neutron port-list -f csv -c id --quote none \| grep id
        PORT=$(neutron port-list -f csv -c id --quote none | tail -n1)
        FLOATINGIP=$(neutron floatingip-create ext-net --port-id "${PORT//[[:space:]]/}" | awk '$2=="floating_ip_address" {print $4}')

#. And allow network access to it.
   ::

        neutron security-group-rule-create default --protocol icmp \
            --direction ingress --port-range-min 8
        neutron security-group-rule-create default --protocol tcp \
            --direction ingress --port-range-min 22 --port-range-max 22


#. After which, you should be able to ping it
   ::

        wait_for 30 10 ping -c 1 $FLOATINGIP

