Devstack uses Pip to install packages, which conflict with the RPM versions on my Fedora system. Since I still need to get work done, and want to run tests on Keystone running against a live database, I’ve long wondered if I should go with container based approach. Last week, I took the plunge and started messing around with Docker. I got the MySQL Fedora container to run, then found Lars Keystone container using Sqlite, and was stumped. I poked around for a way to get the two containers talking to each other, and realized that we had a project dedicated to exactly that in OpenStack: Kolla. While it did not work for me right out of a git-clone, several of the Kolla devs worked with me to get it up and running. here are my notes, distilled.
I started by reading the quickstart guide. Which got me oriented (I suggest you start there, too). But found a couple things I needed to learn. First, I needed a patch that has not quite landed, in order to make calls as a local user, instead of as root. I still ended up creating /etc/kolla and chowning it to ayoung. That proved necessary, as the work done in that patch is “necessary but not sufficient.”
I am not super happy about this, but I needed to make docker run without a deliberate sudo. So I added the docker group, added myself to it, and restarted the docker service via systemd. I might end up doing all this as a separate developer user, not as ayoung, so at least I need to su – developer before the docker stuff. I may be paranoid, but that does not mean they are not out to get me.
Created a dir named ~/kolla/ and put in there:
kolla_base_distro: "centos" kolla_install_type: "source" # This is the interface with an ip address you want to bind mariadb and keystone too network_interface: "enp0s25" # Set this to an ip address that currently exists on interface "network_interface" kolla_internal_address: "10.0.0.13" # Easy way to change debug to True, though not required openstack_logging_debug: "True" # For your information, but these default to "yes" and can technically be removed enable_keystone: "yes" enable_mariadb: "yes" # Builtins that are normally yes, but we set to no enable_glance: "no" enable_haproxy: "no" enable_heat: "no" enable_memcached: "no" enable_neutron: "no" enable_nova: "no" enable_rabbitmq: "no" enable_horizon: "no"
I also copied the file ./etc/kolla/passwords.yml from the repo into that directory, as it was needed during the deploy.
To build the images, I wanted to work inside the kolla venv (didn’t want to install pip packages on my system) so I ran the
Which, along with running the unit tests, created a venv. I activated that venv for the build command:
. .tox/py27/bin/activate ./tools/build.py --type source keystone mariadb rsyslog kolla-toolbox
Note that I had first built the binary versions using:
./tools/build.py keystone mariadb rsyslog kolla-toolbox
But then tried to deploy the source version. The source versions are downloaded from tarballs on http://tarballs.openstack.org/ whereas the binary versions are the Delorean RPMS, and the trail the source versions by a little bit (not a lot).
I’ve been told “if you tox gen the config you will get a kolla-build.conf config. You can change that to git instead of url and point it to a repo.” But I have not tried that yet.
I had to downgrade to the pre 2.0 version of Ansible, as I was playing around with 2.0’s support for Keystone V3 API. Kolla needs 1.9
dnf downgrade ansible
There is an SELinux issue. I worked round for now by setting SELInux into permissive mode, but we’ll revisit that shortly. It was only for deploy; once the containers were running, I was able to switch back to enforcing mode.
We will deal with it here.
./tools/kolla-ansible --configdir /home/ayoung/kolla deploy
Once that ran, I wanted to test Keystone. I needed a keystone RC file. To get it:
It put it in /etc/kolla/.
. /etc/kolla/admin-openrc.sh [ayoung@ayoung541 kolla]$ openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2016-02-08T05:51:39.447112Z | | id | 4a4610849e7d45fdbd710613ff0b3138 | | project_id | fdd0b0dcf45e46398b3f9b22d2ec1ab7 | | user_id | 47ba89e103564db399ffe83d8351d5b8 | +------------+----------------------------------+
I have to admin that I removed the warning.
usr/lib/python2.7/site-packages/keyring/backends/Gnome.py:6: PyGIWarning: GnomeKeyring was imported without specifying a version first. Use gi.require_version('GnomeKeyring', '1.0') before import to ensure that the right version gets loaded. from gi.repository import GnomeKeyring
Huge thanks to SamYaple and inc0 (Michal Jastrzebski) for their help in getting me over the learning hump.
I think Kolla is fantastic. It will be central to my development for Keystone moving forward.