This document discusses different approaches for managing OpenStack resources with Puppet, including: 1. Initially shelling out to OpenStack CLI commands directly, which was unstable. 2. Using the cURL command-line tool to make HTTP requests to the OpenStack APIs, avoiding duplicating code. 3. Adopting the Aviator SDK gem, which provided a language-level API but had issues with session management and sustainability. 4. Migrating to use the OpenStackClient CLI, which provided keystone v3 support, consistency across modules, but had laggy distro package support and stability questions. The overall status is described as incomplete, and the author provides contact details for further questions.

1. Developing OpenStack
Tooling
...without Python
Colleen Murphy, HP

2. The problem
We need to manage OpenStack resources with
puppet

3. Lightning intro to puppet
● resource - something being managed on a
system
● type - the interface of the resource
● provider - the backend implementation of the
resource

4. Example: file
file { '/root/example':
ensure => present,
content => 'A file resource managed by puppet',
mode => '0644',
}

5. Example: mysql_database
mysql_database { 'keystone':
ensure => present,
charset => 'utf8',
collate => 'utf8_general_ci',
}

6. Example: mysql_database
# puppet apply mysql.pp --debug
Debug: Prefetching mysql resources for mysql_database
Debug: Executing '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf
-NBe show databases'
Debug: Executing '/usr/bin/mysql --defaults-extra-file=/root/.my.cnf
-NBe create database if not exists `keystone` character set `utf8`
collate `utf8_general_ci`'
Notice: /Stage[main]/Main/Mysql_database[keystone]/ensure: created
#

7. Example: keystone_tenant
keystone_tenant { 'services':
ensure => present,
description => 'The services tenant',
enabled => true,
}

8. Requirements
● features
● restrictions

9. We’re not alone
● terraform
● other config mgmt
○ chef
○ salt
○ ansible
● internal ops tools

10. Stage 1

11. Shelling out to the CLI
commands :keystone => "keystone"
def self.auth_keystone(*args)
authenv = {:OS_SERVICE_TOKEN => admin_token}
withenv authenv do
remove_warnings(keystone('--os-endpoint', admin_endpoint, args))
end
end
results = auth_keystone('tenant-create', '--name', resource[:name],
'--enabled', resource[:
enabled])

12. Shelling out to the CLI
# puppet apply keystone.pp --debug
Debug: Prefetching keystone resources for keystone_tenant
Debug: Executing '/usr/local/bin/keystone --os-endpoint http://127.
0.0.1:35357/v2.0/ tenant-list'
Debug: Executing '/usr/local/bin/keystone --os-endpoint http://127.
0.0.1:35357/v2.0/ tenant-create --name services --enabled True --
description The services tenant'
Notice: /Stage[main]/Main/Keystone_tenant[services]/ensure: created
#

13. What was good
● Idiomatic
● Debuggable

14. What was bad
● Instability
● Duplicated code

15. Why we switched
Instability

16. Stage 2

17. curl?
curl -H 'Content-Type: application/json' -X POST -d '{
"auth": {
"tenantName": "admin",
"passwordCredentials": {
"username": "admin",
"password": "passw0rd"
}
}
}' http://127.0.0.1:35357/v2.0/tokens

18. curl - Update a project (v2)
curl -H 'X-Auth-Token: 8bc163' -H 'Content-Type: application/json'
-X POST -d '{
"tenant": {
"description": "new description",
"enabled": true
}
}' http://localhost:35357/v2.0/tenants/28551b

19. curl - Update a network (v2)
curl -H 'X-Auth-Token: 5a072f' -H 'Content-Type: application/json'
-X PUT -d '{
"network": {
"admin_state_up": true
}
}' http://127.0.0.1:9696/v2.0/networks/ff9cc0

20. curl - Update an image (v1)
curl -H 'X-Auth-Token: c23ea2d'
-H 'x-image-meta-disk_format: vhd'
-X PUT http://localhost:9292/v1/images/7d863c

21. curl - Update an image (v2)
curl -H 'X-Auth-Token: 7ac5c8'
-H 'Content-Type:
application/openstack-images-v2.1-json-patch'
-d '[{
"path": "/disk_format", "value": "vhd", "op": "replace"
}]'
-X PATCH http://127.0.0.1:9292/v2/images/40de3a

22. curl?
Let’s not reinvent a framework

23. An SDK?
“A set of language bindings that provide a
language-level API for accessing OpenStack in
a manner consistent with language standards.”
https://wiki.openstack.org/wiki/SDKs

26. An SDK?
“Currently, OpenStack's user stories for both
command-line and application developer
consumers of OpenStack based clouds is
confusing, fractured, and inconsistent.”
https://wiki.openstack.org/wiki/SDK-Development/PythonOpenStackSDK

27. fog?
● too big, too general-purpose

28. aviator
session = ::Aviator::Session.new(:config => configuration)
session.authenticate
response = session.request(:identity,
:create_tenant, options) do |params|
params.name = resource[:name]
params.enabled = resource[:enabled]
params.description = resource[:description]
end

29. What was good
● OpenStack-focused
● responsive maintainer

30. What was bad
● session management
● vendoring the gem
● question of sustainability

31. Why we switched
keystone v3

32. Stage 3

33. OpenStackClient (...another CLI)
# puppet apply keystone.pp --debug
Debug: Executing '/usr/local/bin/openstack project list --quiet
--format csv --long --os-token sosp-kyl --os-url http://127.
0.0.1:35357/v2.0/'
Debug: Executing '/usr/local/bin/openstack project create --
format shell services --enable --description The services tenant
--os-url http://127.0.0.1:35357/v2.0/'
Notice: /Stage[main]/Main/Keystone_tenant[services]/ensure:
created
#

34. What was good
● keystone v3 support
● distro packages
● well-supported
● consistency across modules

35. What was bad
● laggy support from distros
● stability is ?

36. Status
Incomplete

37. Colleen Murphy
cmurphy@hp.com
freenode: crinkle - #puppet-openstack
twitter: @pdx_krinkle
Questions or comments?