Test-kitchen with openstack using cloud-init

chef-dev
#1

I have been trying to use test-kitchen with openstack to spin up a windows box, I am attempting to use the user_data section of the openstack driver to pass powershell commands to openstack to run on boot. but it fails to run the code I provide for user_data, and it doesn’t throw any errors until I tries to connect to the vm via winrm.

-----> Creating <default-WindowsServer2012R2>...
       OpenStack instance with ID of <xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx> is ready.
       Attaching floating IP from <ext_vlan1768_net> pool
       Attaching floating IP <10.63.xxx.xx>
       Waiting for server to be ready...
       Waiting for WinRM service on http://10.63.xxx.xx:5985/wsman, retrying in 3 seconds
       Waiting for WinRM service on http://10.63.xxx.xx:5985/wsman, retrying in 3 seconds
       Waiting for WinRM service on http://10.63.xxx.xx:5985/wsman, retrying in 3 seconds
       Waiting for WinRM service on http://10.63.xxx.xx:5985/wsman, retrying in 3 seconds
       Waiting for WinRM service on http://10.63.xxx.xx:5985/wsman, retrying in 3 seconds
       Waiting for WinRM service on http://10.63.xxx.xx:5985/wsman, retrying in 3 seconds

Here is my kitchen.yml

---
# Open Stack Config
#Jjp6WbrIf5Bzvy

driver:
  name: openstack
  key_name: "id_rsa_pub"
  driver_config:
      user_data: userdata.txt
  # All the following top level driver options can be set in your
  # ~/.kitchen/config.yml to suit your personal needs

  # The following driver options depend upon values set from an OpenStack
  # RC file.  See OpenStack -> Access & Security -> API Access for the
  # download OpenStack RC File button.
  openstack_username: <%= ENV['OS_USERNAME'] %>
  openstack_api_key: <%= ENV['OS_PASSWORD'] %>
  openstack_auth_url: <%= ENV['OS_AUTH_URL'] %>/tokens
  openstack_tenant: <%= ENV['OS_TENANT_NAME'] %>


  # This driver option is the Target standard value to use for an IP addr.
  # It must match the external network your OS network is connected with.
  # floating_ip_pool: ext_vlan1722_net
  # network_ref: the ID of the network created for your project
  floating_ip_pool: ext_vlan1768_net
  network_ref: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

provisioner:
  name: chef_zero_scheduled_task
  chef_metadata_url: http://www.chef.io/chef/metadata?p=windows&m=x86_64&pv=2012r2&v=12.5.1

platforms:
- name: WindowsServer2012R2
  driver:
    name: openstack
    flavor_ref: mmem-2vcpu
    image_ref: "Windows-Server-2012-std-fast"
    username: 
    private_key_path: <%= ENV['HOME'] %>/.ssh/id_rsa
    public_key_path: <%= ENV['HOME'] %>/.ssh/id_rsa_pub.pub

suites:
  - name: default
    run_list:
    - recipe[settings_ost::default]

Here is what I have in my userdata.txt

mkdir 'c:\test'
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}' 

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow 

net stop winrm
sc.exe config winrm start=auto
net start winrm
mkdir 'c:\test2'

Does anyone have any advice, or tips on what I am missing? I have searched all over the internet and I haven’t found any examples. I found the idea from the kitchen-openstack gem documentation on GitHub. https://github.com/test-kitchen/kitchen-openstack#user_data

#2

Can you confirm the version of kitchen-openstack?

If you are running over version 2.x.x you need transport in your kitchen.yml

#3

What should the name under transport be for Windows?

transport:
username: ???

#4

Looking here you can use both the password and username in the transport. It defaults to administrator, but i’d hardcode it to verify.

There is also a challenge with winrm, it can accept connections before the OS is up and running which can cause exceptions thrown in kitchen. We added this as a temporary fix, and this is the PR that we are trying to figure out a good long term solution.

#5

With our VM we have to use a key to retrieve the password after it is created, so I don’t know the password at that time. Do we need to have a user with a known password already on the image, or is there a way to create the password on creation of the vm?

#6

That depends on the VM image you have. It’s probably administrator but you’ll have to talk to your OpenStack cloud administrators about how the image was created.

With the cloudbase image it’s set to administrator, though I know I did make monifications to it to get WinRM working on boot. :smile:

#8

Can you set the administrator password in the kitchen or heat template?

Unfortunately, that depends on how your OpenStack cloud and Glance images are administered. kitchen-openstack is just a driver to call fog to request machines and then run test-kitchen against it. It’s not designed to administer your OpenStack cloud.

#9

I think i will have to build a new base image with a few settings updated and get a user with a known password. I will keep playing with the kitchen-openstack gem to see if there is a way to use the certs to retrieve the password that is created, it is general functionality with open stack so it might not be that hard?