bot11/gist:b5dc7c67fd9348d844b2

## gistfile1.txt
** Proxy configuration at the end of document. Make sure you have it in case if you internet is routed from proxy

Installation of chef server:
---------------------------

1) Install pre-requisites:
   $ apt-get update
   $ apt-get install build-essential
   $ apt-get install ruby1.9.3
   $ apt-get install ruby-dev
1) Download the .deb package required from http://downloads.getchef.com/chef-server/
   $ wget https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/natty/chef-server_11.1.6-1_amd64.deb
2) Install the package
   $ dpkg -i chef-server_11.1.6-1_amd64.deb
3) Configure the chef server:
   $ /usr/bin/chef-server-ctl reconfigure


Install the workstation:
------------------------
**We used the same chef server as workstation here**
1) Install the chef client from
    https://www.chef.io/download-chef-client/
    $ wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.16.4-1_amd64.deb

2) Make sure ruby and the prerequisites mentioned are installed.
3) Install the package as:
    $ dpkg -i chef_11.16.4-1_amd64.deb
4) Copy the chef-validator.pem and admin.pem to the chef client.
    $ cp /etc/chef-server/chef-validator.pem /etc/chef
    $ cp /etc/chef-server/admin.pem /etc/chef
5) Download the chef-repo and put in a directory.Currently chef-repo is in [/opt/openstack-chef-repo]
    $ cd /opt
    $ git clone https://github.com/stackforge/openstack-chef-repo
6) Run the initial knife configuration:
    $ knife configure initial
7) Verify the knife configured properly by checking the command:
    $ knife client list
    chef-validator
    chef-webui

Configure on workstation:
openstack cookbooks, roles, environments and data bags
----------------------------------------------------------------
1) Switch the repo content to the branch required. In this case "stable/icehouse"
   $ cd /opt/openstack-chef-repo
   $ git checkout "stable/icehouse"
2) In the chef-repo directory, run the following command to install the ruby gems needed.
   $ bundle install --path=.bundle
3) Download the cookbooks and dependency cookbooks using the following command:
   $ bundle exec berks install --path=cookbooks
   Note:
      * The berkshelf gem initally copies the cookbooks to the /root/.berkshelf/cookbooks directory. The bundle gem will fetch them to the current path specified, in this case "cookbooks" directory present in your chef-repo directory.
      * In case if you are getting non http proxy is not supported, change the https proxy to point to http proxy itself.
4) Now upload the cookbooks to the chef-server.
   $ knife cookbook upload -a
   In case if you get errors like maintainer_email is incorrect.
Add "maintainer_email  'xxx@gmail.com'" to metadata.rb of :
openstack-network/
openstack-image/
openstack-orchestration/
openstack-object-store/
5) Upload the roles given to the servers
   $ cd /opt/openstack-chef-repo/roles
   $ knife role from file *.json
   Verify the roles using the command:
   $ knife role list
6) Upload the environements required.
   $ knife environment from file vagrant-aio-nova.json
7) Upload the data bags which store the passowrds required for mysql, rabbit mq and other openstack services.
   Before creating databags , create a encrypted secret key. We need to copy this secret key to the node that we bootstrap in the future in order to decrypt.
   $ openssl rand -base64 512 |tr -d '\r\n' > /etc/chef-server/encrypted_data_bag_secret

   We need 4 data bags:
   run the bash snippet given for each of the databags
   1) user_passwords
   user_passwords ITEM example : {"id" : "admin", "admin" : "mypass"}
      bash snipppet:
      for p in admin guest ; do
         knife data bag create user_passw $p --secret-file ~/.chef/openstack_data_bag_secret;
      done

   2) db_passwords
      bash snippet:
      for p in nova horizon keystone glance ceilmeter neutron cinder heat dash ; do
         knife data bag create db_passwords $p --secret-file ~/.chef/openstack_data_bag_secret;
      done
   3) service_passwords
      bash snippet:
      for item in openstack-image openstack-compute openstack-block-storage openstack-orchestration openstack-network rbd ; do
         knife data bag create service_passwords $p --secret-file ~/.chef/openstack_data_bag_secret;
      done
   4) secrets
      bash snippet:
      for item in openstack_identity_bootstrap_token neutron_metadata_secret ; do
         knife data bag create secrets $p --secret-file ~/.chef/openstack_data_bag_secret;
      done

Bootstrap the node:
-------------------
1) Make sure the proxy variables are set as required. [See the proxy section below this document to configure]
2) Make sure node is ssh accesible.
3) Run the bootstrap command from workstation.
   $ knife bootstrap  --run-list "role[allinone-compute]" -N controller2 -x ks --sudo --environment vagrant-aio-nova 172.16.0.10

   Errors encountered while bootstrap running:
   * Mysql Gem installation times out. Manually go and install the mysql gem on the node.
   $ /opt/chef/embedded/bin/gem install mysql -q --no-rdoc --no-ri -v ""

   * Glance doesnot support the proxy, and hence it throws 400 Bad request while uploading an image from the recipe.
      glance --debug --insecure --os-username glance --os-password openstack-image --os-tenant-name service --os-image-url http://127.0.0.1:9292 --os-auth-url http://127.0.0.1:5000/v2.0 image-create --name cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
      Solution: Change the recipe, to support file upload and copy the image to some local directory in the node.
      On the node :
      $ cd /tmp
      $ wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
      On the workstation:
      Edit , /opt/openstack-chef-repo/cookbooks/openstack-image/providers/image.rb and change line 72 as :
         localfile = '/tmp/cirros-0.3.0-x86_64-disk.img'
         command "#{glance_cmd} image-create --name #{name} --is-public true #{c_fmt} #{d_fmt} --file #{localfile}"
      Upload the cookbooks once again to the server. Run
      $ knife cookbook upload -a

[[ proxy configuration ]]
export http_proxy="http://anonymous:password@proxy.com:proxyport"
export https_proxy="https://anonymous:password@proxy.com:proxyport"
export no_proxy="127.0.0.1,localhost,public ip,fqdn,private ip"
export EDITOR=$(which vim)
git config --global url."https://".insteadOf git://

Also change the following configuration in /etc/wgetrc
http_proxy=http://proxy.com:proxyport
https_proxy=https://proxy.com:proxyport
# If you do not want to use proxy at all, set this to off.
use_proxy = on
	** Proxy configuration at the end of document. Make sure you have it in case if you internet is routed from proxy

	Installation of chef server:
	---------------------------

	1) Install pre-requisites:
	$ apt-get update
	$ apt-get install build-essential
	$ apt-get install ruby1.9.3
	$ apt-get install ruby-dev
	1) Download the .deb package required from http://downloads.getchef.com/chef-server/
	$ wget https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/natty/chef-server_11.1.6-1_amd64.deb
	2) Install the package
	$ dpkg -i chef-server_11.1.6-1_amd64.deb
	3) Configure the chef server:
	$ /usr/bin/chef-server-ctl reconfigure


	Install the workstation:
	------------------------
	We used the same chef server as workstation here
	1) Install the chef client from
	https://www.chef.io/download-chef-client/
	$ wget https://opscode-omnibus-packages.s3.amazonaws.com/ubuntu/12.04/x86_64/chef_11.16.4-1_amd64.deb

	2) Make sure ruby and the prerequisites mentioned are installed.
	3) Install the package as:
	$ dpkg -i chef_11.16.4-1_amd64.deb
	4) Copy the chef-validator.pem and admin.pem to the chef client.
	$ cp /etc/chef-server/chef-validator.pem /etc/chef
	$ cp /etc/chef-server/admin.pem /etc/chef
	5) Download the chef-repo and put in a directory.Currently chef-repo is in [/opt/openstack-chef-repo]
	$ cd /opt
	$ git clone https://github.com/stackforge/openstack-chef-repo
	6) Run the initial knife configuration:
	$ knife configure initial
	7) Verify the knife configured properly by checking the command:
	$ knife client list
	chef-validator
	chef-webui

	Configure on workstation:
	openstack cookbooks, roles, environments and data bags
	----------------------------------------------------------------
	1) Switch the repo content to the branch required. In this case "stable/icehouse"
	$ cd /opt/openstack-chef-repo
	$ git checkout "stable/icehouse"
	2) In the chef-repo directory, run the following command to install the ruby gems needed.
	$ bundle install --path=.bundle
	3) Download the cookbooks and dependency cookbooks using the following command:
	$ bundle exec berks install --path=cookbooks
	Note:
	* The berkshelf gem initally copies the cookbooks to the /root/.berkshelf/cookbooks directory. The bundle gem will fetch them to the current path specified, in this case "cookbooks" directory present in your chef-repo directory.
	* In case if you are getting non http proxy is not supported, change the https proxy to point to http proxy itself.
	4) Now upload the cookbooks to the chef-server.
	$ knife cookbook upload -a
	In case if you get errors like maintainer_email is incorrect.
	Add "maintainer_email 'xxx@gmail.com'" to metadata.rb of :
	openstack-network/
	openstack-image/
	openstack-orchestration/
	openstack-object-store/
	5) Upload the roles given to the servers
	$ cd /opt/openstack-chef-repo/roles
	$ knife role from file *.json
	Verify the roles using the command:
	$ knife role list
	6) Upload the environements required.
	$ knife environment from file vagrant-aio-nova.json
	7) Upload the data bags which store the passowrds required for mysql, rabbit mq and other openstack services.
	Before creating databags , create a encrypted secret key. We need to copy this secret key to the node that we bootstrap in the future in order to decrypt.
	$ openssl rand -base64 512 \|tr -d '\r\n' > /etc/chef-server/encrypted_data_bag_secret

	We need 4 data bags:
	run the bash snippet given for each of the databags
	1) user_passwords
	user_passwords ITEM example : {"id" : "admin", "admin" : "mypass"}
	bash snipppet:
	for p in admin guest ; do
	knife data bag create user_passw $p --secret-file ~/.chef/openstack_data_bag_secret;
	done

	2) db_passwords
	bash snippet:
	for p in nova horizon keystone glance ceilmeter neutron cinder heat dash ; do
	knife data bag create db_passwords $p --secret-file ~/.chef/openstack_data_bag_secret;
	done
	3) service_passwords
	bash snippet:
	for item in openstack-image openstack-compute openstack-block-storage openstack-orchestration openstack-network rbd ; do
	knife data bag create service_passwords $p --secret-file ~/.chef/openstack_data_bag_secret;
	done
	4) secrets
	bash snippet:
	for item in openstack_identity_bootstrap_token neutron_metadata_secret ; do
	knife data bag create secrets $p --secret-file ~/.chef/openstack_data_bag_secret;
	done

	Bootstrap the node:
	-------------------
	1) Make sure the proxy variables are set as required. [See the proxy section below this document to configure]
	2) Make sure node is ssh accesible.
	3) Run the bootstrap command from workstation.
	$ knife bootstrap --run-list "role[allinone-compute]" -N controller2 -x ks --sudo --environment vagrant-aio-nova 172.16.0.10

	Errors encountered while bootstrap running:
	* Mysql Gem installation times out. Manually go and install the mysql gem on the node.
	$ /opt/chef/embedded/bin/gem install mysql -q --no-rdoc --no-ri -v ""

	* Glance doesnot support the proxy, and hence it throws 400 Bad request while uploading an image from the recipe.
	glance --debug --insecure --os-username glance --os-password openstack-image --os-tenant-name service --os-image-url http://127.0.0.1:9292 --os-auth-url http://127.0.0.1:5000/v2.0 image-create --name cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
	Solution: Change the recipe, to support file upload and copy the image to some local directory in the node.
	On the node :
	$ cd /tmp
	$ wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
	On the workstation:
	Edit , /opt/openstack-chef-repo/cookbooks/openstack-image/providers/image.rb and change line 72 as :
	localfile = '/tmp/cirros-0.3.0-x86_64-disk.img'
	command "#{glance_cmd} image-create --name #{name} --is-public true #{c_fmt} #{d_fmt} --file #{localfile}"
	Upload the cookbooks once again to the server. Run
	$ knife cookbook upload -a

	[[ proxy configuration ]]
	export http_proxy="http://anonymous:password@proxy.com:proxyport"
	export https_proxy="https://anonymous:password@proxy.com:proxyport"
	export no_proxy="127.0.0.1,localhost,public ip,fqdn,private ip"
	export EDITOR=$(which vim)
	git config --global url."https://".insteadOf git://

	Also change the following configuration in /etc/wgetrc
	http_proxy=http://proxy.com:proxyport
	https_proxy=https://proxy.com:proxyport
	# If you do not want to use proxy at all, set this to off.
	use_proxy = on