Rapid API generation with Ramses

Rapid service prototyping, cloud application prototyping and API prototyping are closely related techniques which share a common goal: To get a first working prototype designed, implemented and placed online quickly, with small effort and with little headache over tooling concerns. The approaches in this area are still emerging and thus often ad-hoc or even immature. Several prototyping frameworks do nevertheless show a potential to become part of serious engineering workflows. In this post, the Ramses framework will be presented and evaluated regarding this goal.

Continue reading

Trust delegation in Openstack using Keystone trusts

In one of our blog posts we presented a basic tool which extends the Openstack Nova client and supports executing API calls at some point in the future. Much has evolved since then: the tool is not just a wrapper around Openstack clients anymore and instead we rebuilt it in the context of the Openstack Mistral project which provides very nice workflow as service capabilities Рthis will be elaborated a bit more in a future blog post. During this process we came across a very interesting feature in Keystone which we were not aware of РTrusts. Trusts is a mechanism in Keystone which enables delegation of roles and even impersonation of users from a trustor to a  trustee; it has many uses but is particularly useful in an Openstack administration context. In this blog post we will cover basic command line instructions to create  and use trusts.

Continue reading

Installing Foreman 1.0.1

Just recently the Foreman project released the latest version, 1.0.1. If you are following our [previous guide to install 0.4.2](http://www.cloudcomp.ch/2012/06/automating-the-icclab-part-one/) then you should also follow this.

# Installing & Configuring Foreman
You should setup your virtual machine exactly as we did in the previous guide, install puppet and checkout the foreman-installer modules from github. There is a small number of issues with the installer but we’ll easily walk you through them!

To check things out quickly, you can [download a VM (OVA) that has Foreman 1.0.1](http://www.cloudcomp.ch/wp-content/uploads/2012/09/Foreman1.01.ova) preconfigured. The username/password is `root` and `root`. This also includes puppet modules to deploy OpenStack compute and controller nodes.

> Side note: the puppetlabs repository has changed. Make sure to:
> `wget http://apt.puppetlabs.com/puppetlabs-release-stable.deb`

Ensure that the foreman-proxy is part of the bind group. If not add the user:

[gist id=3667157]

Configure your `foreman_proxy/manifests/params.pp as` before, ensuring to enable DHCP and DNS and for each of those setting the correct network settings (subnet etc)

Configure you `foreman/manifest/params.pp` as before. For us we disabled SSL. Very important here is that you set the `foreman_url` parameter to include the port number on which foreman listens (port 3000).

[gist id=3667152]

If it is not set then the scripts that tie puppet and foreman together will not work. This is a [known and reported issue](http://theforeman.org/issues/1855), which will be resolved.

Currently there is a bug in `foreman_proxy/manifests/proxydhcp.pp`. For now you need to manually set the DNS `nameserver` and TFTP `nextserver` parameters. This [bug has been reported](https://groups.google.com/d/topic/foreman-users/t1m8JeWVd7U/discussion) and will be resolved soon.

Finally you need to apply [this patch](https://github.com/theforeman/smart-proxy/commit/a402c71290f2d8205e60b876f2a40dfa9fefacda). Puppet in its most recent version changed the value of the return code from operations related to `puppetca`. This causes blocking issues with provisioning and deleting hosts with foreman. You can use this sed command if it suits you:

[gist id=3667151]

Once applied you should restart the foreman-proxy service

[gist id=3667147]

Note, if you start the foreman service and it halts with a stacktrace then you will have to reinitialise the database. This is a one-time operation.

[gist id=3667139]

Once these step have been complete, you can then configure Foreman itself (setting smart proxy, host groups etc).

When configuring these various aspects you should update the ‘Ubuntu default’ disk partition table configuration. Use the following to ensure a complete automatic install:

[gist id=3667133]

One of the issues that we’re dealing with currently is that rather than the puppetmaster’s hostname being placed in the relevant configuration files (e.g. `puppet.conf`), an IP address is inserted. This will not work as it will fail with SSL issues. The current work around is to create a ‘snippet’ in the Provisioning Templates section. With this snippet created then set the content of the config files in Provisioning Templates to (using `puppet.conf` as an examples):

[gist id=3667127]