hewlettpackard / docker-machine-oneview Goto Github PK
View Code? Open in Web Editor NEWHPE OneView plugin for docker machine (Not currently being maintained)
License: Apache License 2.0
HPE OneView plugin for docker machine (Not currently being maintained)
License: Apache License 2.0
In OS Build plans we have an option in the API's called ?force=true
which allows us to ignore errors on build plans.
I came across this option when trouble shooting a network customization bug that was solved by applying an ICsp 7.5 fix where ICsp could not reach OneView. Sometimes it might become necessary for us to support the force option and allowing us to customize when the force option is used for build plans. Lets add support for that. Here is a quick snipet of what it takes in the rest calls to make the call for force work:
q map[string]interface{}
q = make(map[string]interface{})
q["force"] = "true"
c.SetQueryString(q)
Hey, when running the docker-machine create command i get a Status 500 from ICSP. Looking at Debug i see the following.
(swarm-node-04) DBG | RestAPICall POST - https://icsp.test.local/rest/os-deployment-servers
(swarm-node-04) DBG | *** url => https://icsp.test.local/rest/os-deployment-servers
(swarm-node-04) DBG | *** method => �
(swarm-node-04) DBG | *** options => {"port":443,"username":"Administrator","password":"password"}
(swarm-node-04) DBG | Headers -> auth -> KkaOdY4fJlX1n21asQk9KiVFEbA3Jkor
(swarm-node-04) DBG |
(swarm-node-04) DBG | Headers -> Content-Type -> application/json; charset=utf-8
(swarm-node-04) DBG |
(swarm-node-04) DBG | Headers -> X-API-Version -> 108
(swarm-node-04) DBG |
(swarm-node-04) DBG | REQ --> &{Method:POST URL:https://icsp.test.local/rest/os-deployment-servers Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Content-Type:[application/json; charset=utf-8] X-Api-Version:[108] Auth:[KkaOdY4fJlX1n21asQk9KiVFEbA3Jkor]] Body:{Reader:} ContentLength:61 TransferEncoding:[] Close:false Host:icsp.twlon.com Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr: RequestURI: TLS:<nil> Cancel:<nil>}
(swarm-node-04) DBG |
(swarm-node-04) DBG | RESP --> &{Status:500 Server Error StatusCode:500 Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Cache-Control:[no-cache] Date:[Mon, 22 Aug 2016 15:00:49 GMT] Content-Type:[application/json;charset=UTF-8] Via:[1.1 icsp.test.local] Vary:[Accept-Encoding]] Body:0xc8201ed640 ContentLength:-1 TransferEncoding:[chunked] Close:true Trailer:map[] Request:0xc82014e380 TLS:0xc8203926e0}
i think this is because it is not passing the IP address of the iLO to ICSP. Looking higher up the output i see.
(swarm-node-04) DBG | GetCurrentPowerState() blade -> {ServerHardwarev200:{IntelligentProvisioningVersion:2.20.219 MpHostInfo:0xc8204a1d10 MpState:OK PortMap:0xc8204f7f60 ServerSettings:0xc820510e80 Signature:0xc820510ea0} AssetTag:[Unknown] Category:server-hardware Created:2016-03-15T10:05:25.671Z Description: ETAG:1471803258698 FormFactor:HalfHeight LicensingIntent:OneView LocationURI:/rest/enclosures/09CZ35293RS1 MemoryMb:163840 Model:ProLiant BL460c Gen9 Modified:2016-08-21T18:14:18.698Z MpFirwareVersion:2.40 Dec 02 2015 MpModel:iLO4 Name:C7000-Rack8, bay 5 PartNumber:727021-B21 Position:5 PowerLock:false PowerState:Off ProcessorCoreCount:6 ProcessorCount:2 ProcessorSpeedMhz:1900 ProcessorType:Intel(R) Xeon(R) CPU E5-2609 v3 @ 1.90GHz RefreshState:NotRefreshing RomVersion:I36 12/28/2015 SerialNumber:CZ35210RS3 ServerGroupURI:/rest/enclosure-groups/8aa07098-ece1-4568-ae9a-bbf9fcde48c9 ServerHardwareTypeURI:/rest/server-hardware-types/B40A6425-B4D2-4467-99BB-059263311F2E ServerProfileURI:/rest/server-profiles/eea9e3f9-6821-4f12-8ee5-66ff1eb5f5aa ShortModel:BL460c Gen9 State:ProfileApplied StateReason:NotApplicable Status:OK Type:server-hardware-4 URI:/rest/server-hardware/30373237-3132-5A43-3335-323933525333 UUID:30373237-3132-5A43-3335-323933525333 VirtualSerialNumber:VCGND6V04K VirtualUUID:eea9e3f9-6821-4f12-8ee5-66ff1eb5f5aa MpDnsName: MpIpAddress: Client:%!v(PANIC=runtime error: index out of range)}
The bit of interest there is MpIpAddress: Client:%!v(PANIC=runtime error: index out of range)}.
If it helps i am running OV version 2.00.07-0250853, and ICSP version 7.5.0-0209204, Aug 3, 2015.
Does anybody know why? Is it API versions?
It might be possible for us to make the ilo user / password options optional, using SSO interfaces from OneView to access ILO API's here:
API: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=c04423967
and data model: http://h22208.www2.hpe.com/eginfolib/servers/docs/HPRestfultool/iLo4/data_model_reference.html
Once we have the api to access ILO, we can then semi implement access by setting up a docker-machine user and secret password that has it's password temporarily set by using the answer to the SSO key. Only 1 docker-machine create + 1 iLO request should be running at any given time, so it's fairley save to know that the current user is authenticated for a given machine run. Subsequent runs should check for the users existence and re-set the password given any new SSO key. The user name can be static, or based on the ilo-user name option, when not provided by an option, we will use docker-machine.
Other helpful information.
How to get the iLO SSO key:
GET https://oneview/rest/server-hardware//remoteConsoleUrl
{"remoteConsoleUrl":"hplocons://addr=127.0.0.1&sessionkey=123abckey"}
Parse query string for sessionkey
Example call usage in iLO api:
https://iloip/rest/v1/Chassis/1/PowerMetrics
Content-Type: application/json
Accept: application/json
X-Auth-Token: 123abckey
Content-Type: application/json
{"PowerLimit": {"LimitInWatts": 250}}
-- response --
200 OK
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 113
Content-Type: application/json
Date: Thu, 28 May 2015 13:56:34 GMT
Etag: W/"12345"
Server: HP-iLO-Server/1.30
X_HP-CHRP-Service-Version: 1.0.3
{"Messages":[{"MessageID":"Base.0.0.Success"}],"Name":"Extended Error Information","Type":"ExtendedError.0.9.5"}
We can now power force off when when the -f flag is specfied
blade selection based on enclosure:
be able to select the blade that is physically bound to the specified enclosure.
use case: have a dedicated enclosure for specific work loads.
When selecting available servers, allow for multiple template profiles to pick from different enclosure groups and hardware types. It would be nice if template profiles also confirmed to regex patterns for selection.
Lets not just ignore tls, lets honor it when a proper ca root is configured. Provide options to configure or setup ca root.
We should update the package manager with something like
sudo yum -y update
or
sudo apt-get install update
If provisioner doesn't find a package it fails...during docker provisioning.
Alternatively we could recommend using --engine-install-url "https://get.docker.com"
The profile template should have a relationship back to the profile. See Don's comments:
There is a serverProfileTemplateUri that should be part of the body. If you look at the Don-Test-Bay6 profile that is what a profile created from a template look like. I think you are using the body from the template to create the profile.
Hi Everybody!
I need feedback regarding the "Setup ICsp boot image". What do you mean with: "The script contents for this step should appear as the following: get script from : drivers/oneview/scripts/docker_os_build_plan.sh"
The technical whitepaper describes that i should add the script from : github.com/HewlettPackard/docker-machine-oneview/blob/master/scripts/docker_os_build_plan.sh but there is a "do not need this anymore"-note.
Please help me!
Add documentation to describe how to use --oneview-public-slotid
Fix the way we get public ip to work around the issue for how we where parsing it from the logs. We should now provision the server with an additional template to execute as the last os build template that sets up the ip. Provide a flag for future use that skips the template setup, ie; --oneview-skip-publicip-template (boolean flag)
Team reports the following missing libs for docker 1.10.1 support
libcgroup (just a package missing. The one present in the RHEL7.1 kit is good enough), libcgroup rpm package
libdevmapper (required 1.02.97 vs 1.02.92 in the RHEL7.1 kit), device-mapper-libs rpm package
libsystemd (required 209 vs 208 in the RHEL7.1 kit), systemd-libs rpm package
When running docker-machine to provide passwords, the passwords we provide should be encrypted. Provide some option to encrypt the password and provide a mechanisum to secure the passwords on disk, so that docker-machine inspect should only provide passwords when we have the correct creds.
In the docker-machine create command (for oneview with docker) how do you specify which blade to use in the oneview infrastructure, for the docker host provision? I would like to provision host on specific blade but in the example command set below..there is no option to specify target blade. Also how to use the docker with oneview plugin...there is no clear document defining all the steps. if you can answer this question ..I am almost done with creating one document for everyone.
--engine-env HTTP_PROXY=""
--engine-env HTTPS_PROXY=""
--engine-env NO_PROXY=""
--driver oneview
--oneview-os-plan "RHEL71_DOCKER_18"
--oneview-server-template "SP_template"
--oneview-ov-user=Administrator
--oneview-ov-password=
--oneview-ov-domain=
--oneview-ov-endpoint=https://15.xx.xx.xx/
--oneview-icsp-user=administrator
--oneview-icsp-password=
--oneview-icsp-endpoint=15.215.xx.xx
--oneview-ssh-user=administrator \
--oneview-ilo-user=administrator
--oneview-ilo-password=
docker-ip-node-01
Also what does this mean:
Name: "oneview-ilo-user",
Usage: "ILO User id that is used during ICSP server creation.",
I do not remember using any ilo when creating ICSP vm and then its template.
I am following the steps mentioned in document below(that is rather vague in actual steps)
https://h20195.www2.hp.com/V2/getpdf.aspx/4AA6-2595ENW.pdf
plugin needs to check expired HPE OneView access tokens
It is possible there are old/stale tokens in the host's config.json file. The code needs to
verify the token and refresh (if needed).
Lets add a way to display the driver version
We need to improve how we select the interface to be the last interface first when we don't provide this option
https://github.com/HewlettPackard/docker-machine-oneview/blob/master/oneview/oneview.go#L163
If slotid is provided then we should interpret this as interconnectPort where
"interconnectPort The interconnect port to which the connection will be (or currently is) deployed
integer
Minimum 1 Maximum 16
"
Lets update this area to deal with that: https://github.com/HewlettPackard/docker-machine-oneview/blob/master/oneview/oneview.go#L332
godep: WARNING: Go version (go1.6) & $GO15VENDOREXPERIMENT= wants to enable the vendor experiment, but disabling because a Godep workspace (Godeps/_workspace) exists
�
We should document the fact that we remove Network personilization from the os build plan. Testing should be done with & without this, and determine if we can move the docker build step to the last step instead.
Lets support the ability to configure labels on hardware to select available servers.
Clear up the arguments that are optional vs required. We should have a column that specifies that.
When powering off a server to do a create, if normal power off fails, we should retry with press and hold.
If the user is the root user, the script should still work:
https://github.com/HewlettPackard/docker-machine-oneview/blob/master/scripts/docker_os_build_plan.sh
Try testing with SSH_USER=root, this causes the script to fail.
Just found that we are starting to add SAN support on other plugins: HewlettPackard/chef-provisioning-oneview#30
Our driver should have SAN support options.
Add two new command line options:
After a successful completion of Insight Control Server Provisioning build plan, the command docker-machine create --driver oneview ..., fails "Waiting for SSH to be available...":
(docker01) Job, OS Build Plan completed successfully, completed
(docker01) Saving server attributes for localhost.
(docker01) oneview, Completed all create steps, docker provisioning will continue.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Error creating machine: Error detecting OS: Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded
Any idea on how to troubleshot this problem?
Environment:
docker-machine version 0.8.1, build 41b3b25
HP OneView 2.00.07-0250853
HP Insight Control Server Provisioning 7.5.1-0243931
docker_os_build_plan.sh 4181ff3 on Apr 25 (invoked as step 25 of the build plan and passing parameters as: @docker_user@ '@public_key@' @docker_hostname@ '@proxy_config@' '@proxy_enable@'
Thanks in advance for any answer.
docker-machine has no option to set timeout value for
stateTimeoutDuration
This has been reported here: docker/machine#2534
Workaround for now is to compile a new exe with higher timeout, but we should work to get list to work in under 10 sec.
When we remove a machine with docker-machine rm, there should be an option to avoid removing the profile from OneView. This is to avoid issues with recreation of profiles manually.
docker-machine is now using 1.6, please update to make sure we keep up with golang versions
Lets add support for new auth property:
"loginMsgAck":"true"
Be able to select a blade based on Hardware type criteria:
name, descrption, and model
After upgrading OneView from 2.0 to 3.0, docker-machine create --driver oneview command fails with the following error message:
Error removing host "docker02.bc.local": Attempting to get machine profile information, unable to find machine in oneview: docker02.bc.local
Any idea what is happening?
Thanks,
Angel.
When we post the release notes, they are providing bad download locations. Correct this to read
if [[ ! -d "$HOME/bin" ]]; then mkdir -p "$HOME/bin"; fi && \
curl -Ls https://github.com/HewlettPackard/docker-machine-oneview/releases/download/v0.5.5/docker-machine-driver-oneview_windows-amd64.exe > "$HOME/bin/docker-machine-driver-oneview.exe" && \
chmod +x "$HOME/bin/docker-machine-driver-oneview.exe"
rest package calls should have a proper timeout setup.
Lets make the default 3minutes, and add a configuration option to provide for longer timeouts
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.