Migrating ganeti virtual machines to OpenStack (part 1 / 2)

A ganeti cluster hosts GNU/Linux based para-virtualized virtual machines. The disk is extracted with kpartx(8) and uploaded to the glance OpenStack image service with glance add … disk_format=ami…. It is associated with a kernel image compatible with both OpenStack and the existing file system with glance update … kernel_id=0dfff976-1f55-4184-954c-a111f4a28eef ramdisk_id=aa87c84c-d3be-41d0-a272-0b4a85801a34 ….

exposing the disk

The ganeti cluster contains Xen virtual machines, each with a single disk. The disk contains a single partition with the root file system. The virtual machine is shutdown with:

# gnt-instance shutdown the.dachary.vm.gnt

The DRBD disk is activated with

# gnt-instance activate-disks the.dachary.vm.gnt

It is then mapped with

# kpartx -av /dev/drbd9
add map drbd9p1 (253:38): 0 4192964 linear /dev/drbd9 1

uploading to glance

Assuming bm0001.the.re is a machine with glance installed, the following command can be run on the host where the disk of the virtual machine resides ( hosting8 in the example above ):

dd if=/dev/mapper/drbd9p1 | ssh bm0001.the.re glance \
  --os_password=pass \
  --os_tenant_name=tenant \
  --os_username=user \
  --os_auth_url=http://os.the.re:5000/v2.0/ \
  add name='there' disk_format=ami container_format=ami
Added new image with ID: 7542f336-6128-4f88-8059-c044ce6c07a2

Instead of relying on the kernel and initrd files used by Xen for para-virtualisation, the ami that was just uploaded is associated to a kernel and initrd pair known to be compatible with the OpenStack environment.

# glance --limit=400 index  | grep redmine
7542f336-6128-4f88-8059-c044ce6c07a2 redmine-12.0                   ami                  ami                      1158807552
05835406-9958-467a-8aa6-ae037793e83c redmine-12.0-kernel            aki                  aki                         2428032
36e17436-8818-4e1a-bb7a-e5e044d85e94 redmine-12.0-initrd            ari                  ari                         9539757

The ami is updated as follows:

# glance update 7542f336-6128-4f88-8059-c044ce6c07a2 \
   disk_format=ami container_format=ami \
   kernel_id=05835406-9958-467a-8aa6-ae037793e83c \

Adding an entry in the reverse proxy

When the virtual image is only exposed to the internet thru its web interface, there is no need to assign it a public IP. Instead, the reverse proxy available on each bare metal of the OpenStack cluster can be configured to re-route the packets to the private IP of the virtual machine created from the image that was just uploaded. Once the IP address of the web site is changed to one of the entry points of the OpenStack cluster, a nginx virtual host is defined

server {
       server_name the.re www.the.re;
       location / {
                proxy_pass http://the;

It will be deployed on each bare metal via puppet. The the hostname is declared on the /etc/hosts file of each bare metal machine, broadcasted by puppet from /etc/puppet/files/hosts