LibCloud backend¶
This is an experimental provisioning backend that eventually intends to support several libcloud drivers. At this time only the OpenStack driver is supported.
Prerequisites¶
- An account with an OpenStack provider that supports Nova and Cinder
- A DNS server supporting RFC 2136. We use bind and this ansible role to help configure ours.
- An nsupdate-web instance configured to update DNS records. We use an ansible role for this as well.
- Configuration in teuthology.yaml for this backend itself (see Configuration) and nsupdate-web
- You will also need to choose a maximum number of nodes to be running at once, and create records in your paddles database for each one - making sure to set is_vm to True for each.
Configuration¶
An example configuration using OVH as an OpenStack provider:
libcloud:
providers:
ovh: # This string is the 'machine type' value you will use when locking these nodes
driver: openstack
driver_args: # driver args are passed directly to the libcloud driver
username: 'my_ovh_username'
password: 'my_ovh_password'
ex_force_auth_url: 'https://auth.cloud.ovh.net/v2.0/tokens'
ex_force_auth_version: '2.0_password'
ex_tenant_name: 'my_tenant_name'
ex_force_service_region: 'my_region'
Why nsupdate-web?¶
While we could have supported directly calling nsupdate, we chose not to. There are a few reasons for this:
- To avoid piling on yet another feature of teuthology that could be left up to a separate service
- To avoid teuthology users having to request, obtain and safeguard the private key that nsupdate requires to function
- Because we use one subdomain for all of Sepia’s test nodes, we had to enable dynamic DNS for that whole zone (this is a limitation of bind). However, we do not want users to be able to push DNS updates for the entire zone. Instead, we gave nsupdate-web the ability to accept or reject requests based on whether the hostname matches a configurable regular expression. The private key itself is not shared with non-admin users.
Bugs¶
At this time, only OVH has been tested as a provider. PRs are welcome to support more!