kolla-ansible all-in-one部署OpenStack

环境：

Rocky9.1 minimal

disk 40GB

cpu 8core

ram 24GB

已有一个可用的ceph集群作为后端存储

安装

基础软件

dnf install git python3-devel gcc openssl-devel python3-libselinux

虚拟环境

python3 -m venv /path/to/venv
source /path/to/venv/bin/activate

配置pip

pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

pip install -U pip
pip install 'ansible>=4,<6'

安装kolla-ansible

 pip install git+https://opendev.org/openstack/kolla-ansible@stable/zed

配置kolla

mkdir -p /etc/kolla
chown $USER:$USER /etc/kolla ---> root就不用

cp -r /path/to/venv/share/kolla-ansible/etc_examples/kolla/* /etc/kolla

cp /path/to/venv/share/kolla-ansible/ansible/inventory/* .

for all-in-one scenario in virtual environment add the following to the very beginning of the inventory

localhost ansible_python_interpreter=python

安装ansible galaxy

kolla-ansible install-deps

配置ansible

(venv) [root@localhost ~]# cat /etc/ansible/ansible.cfg
[defaults]
host_key_checking=False
pipelining=True
forks=100
log_path = /var/log/ansible.log

配置

生成密码到/etc/kolla

kolla-genpwd

配置/etc/kolla/globals.yml

要注意的几个配置项

kolla_base_distro: "rocky"  # 我们要使用的容器的基础镜像是基于rocky还是ubuntu

network_interface: "ens160"  # 表示API网络，当然默认还作为vxlan/gre的租户网络
neutron_external_interface: "ens192"  # 表示外部网络vlan/flat

kolla_internal_vip_address: "localhost"  # 即使是单控制节点，也需要配置 internal vip，否则mariadb连不上

enable_haproxy: "no"  # 单节点关掉
kolla_internal_vip_address: "x.x.x.x"  # 多节点时，开启haproxy和keepalived，VIP地址

docker_registry: "hub.instack.cloud"
docker_registry_insecure: "yes"

opnstack_region_name: "ChengDu"

enable_cinder: "yes"
enable_cinder_backup: "no"
enable_fluentd: "no"
enable_ironic: "yes"
enable_redis: "yes" # for ironic

glance_backend_ceph: "yes"
glance_backend_file: "no"

cinder_backend_ceph: "yes"

nova_compute_virt_type: "qemu" # 针对于宿主机是虚拟机的情况

ceph创建存储池

ceph osd pool create volumes
ceph osd pool create images
ceph osd pool create backups
ceph osd pool create vms


rbd pool init volumes
rbd pool init images
rbd pool init backups
rbd pool init vms

ceph auth get-or-create client.glance mon 'profile rbd' osd 'profile rbd pool=images' mgr 'profile rbd pool=images'
ceph auth get-or-create client.cinder mon 'profile rbd' osd 'profile rbd pool=volumes, profile rbd pool=vms, profile rbd-read-only pool=images' mgr 'profile rbd pool=volumes, profile rbd pool=vms'
ceph auth get-or-create client.cinder-backup mon 'profile rbd' osd 'profile rbd pool=backups' mgr 'profile rbd pool=backups'

复制上边各个client的keyring复制到/etc/kolla/config对应目录下

复制ceph.conf到各个目录下

如ceph.client.cinder-backup.keyring

[client.cinder-backup]
        key = AQBUZ8xkkkSRJxAAx1JHN5iT5ZkL+Z7MBzz4Yw==

(venv) [root@localhost config]# ll cinder/
total 0
lrwxrwxrwx. 1 root root 34 Jun 30 07:08 ceph.conf -> /etc/kolla/config/custom/ceph.conf
drwxr-xr-x. 2 root root 98 Aug  4 02:51 cinder-backup
drwxr-xr-x. 2 root root 57 Aug  4 02:50 cinder-volume
(venv) [root@localhost config]# ll cinder/cinder-backup/
total 8
-rw-r--r--. 1 root root 78 Aug  4 02:51 ceph.client.cinder-backup.keyring
-rw-r--r--. 1 root root 71 Aug  4 02:50 ceph.client.cinder.keyring
lrwxrwxrwx. 1 root root 34 Jun 30 06:58 ceph.conf -> /etc/kolla/config/custom/ceph.conf
(venv) [root@localhost config]# ll cinder/cinder-volume/
total 4
-rw-r--r--. 1 root root 71 Aug  4 02:50 ceph.client.cinder.keyring
lrwxrwxrwx. 1 root root 34 Jun 30 06:58 ceph.conf -> /etc/kolla/config/custom/ceph.conf
(venv) [root@localhost config]# ll glance/
total 4
-rw-r--r--. 1 root root 71 Aug  4 02:51 ceph.client.glance.keyring
lrwxrwxrwx. 1 root root 34 Jun 30 06:55 ceph.conf -> /etc/kolla/config/custom/ceph.conf
(venv) [root@localhost config]# ll nova
total 0
lrwxrwxrwx. 1 root root 65 Jun 30 07:11 ceph.client.cinder.keyring -> /etc/kolla/config/cinder/cinder-volume/ceph.client.cinder.keyring
lrwxrwxrwx. 1 root root 34 Jun 30 06:56 ceph.conf -> /etc/kolla/config/custom/ceph.conf
(venv) [root@localhost config]#
(venv) [root@localhost config]#
(venv) [root@localhost config]# cat cinder/cinder-volume/ceph.client.cinder.keyring
[client.cinder]
        key = AQBSZ8xkcCdYAhAAeaKuFG81/stzldEDnFd/RA==
(venv) [root@localhost config]# AQBSZ8xkcCdYAhAAeaKuFG81/stzldEDnFd/RA

配置nova和Ironic

cat /etc/kolla/config/nova.conf

[DEFAULT]
block_device_allocate_retries = 300
reclaim_instance_interval = 86400

[glance]
num_retries = 300

(venv) [root@localhost config]# ll ironic
total 470012
-rw-r--r--. 1 root root 469082349 Jul 26 02:08 ironic-agent.initramfs
-rwxr-xr-x. 1 root root  12189800 Jul 26 02:08 ironic-agent.kernel
-rwxrwxrwx. 1 root root     10820 Jul  4 02:43 pxelinux.0

部署

kolla-ansible -i all-in-one bootstrap-servers
kolla-ansible -i all-in-one prechecks
kolla-ansible -i all-in-one deploy  # 部署
kolla-ansible -i all-in-one post-deploy

完成后修改~/.bashrc

echo "source /path/to/venv/bin/activate" >> ~/.bashrc
echo "source /etc/kolla/admin-openrc.sh" >> ~/.bashrc
source ~/.bashrc

检查一下各个容器是否正常

docker ps -a

安装配置skyline dashboard

pip install python-openstackclient
openstack user create --domain default --password admin skyline
openstack role add --project service --user skyline admin

# 进入mariadb容器
mysql -uroot -p
CREATE DATABASE IF NOT EXISTS skyline DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON skyline.* TO 'skyline'@'localhost' IDENTIFIED BY 'admin';
GRANT ALL PRIVILEGES ON skyline.* TO 'skyline'@'%'  IDENTIFIED BY 'admin';

# 先运行一个bootstrap，然后删除，skyline.yaml见附录
docker run -d --name skyline_bootstrap -e KOLLA_BOOTSTRAP="" -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml --net=host 99cloud/skyline:latest

# 检查日志输出结尾是否是"exit 0"
docker logs skyline_bootstrap

docker rm skyline_bootstrap

docker run -d --name skyline -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml --net=host 99cloud/skyline:latest

附录

cat /etc/skyline/skyline.yaml

default:
  access_token_expire: 3600
  access_token_renew: 1800
  cors_allow_origins: []
  database_url: mysql://skyline:admin@192.168.1.98:3306/skyline
  debug: false
  log_dir: ./log
  log_file: skyline.log
  prometheus_basic_auth_password: ''
  prometheus_basic_auth_user: ''
  prometheus_enable_basic_auth: false
  prometheus_endpoint: http://192.168.1.98:9091
  secret_key: admin
  session_name: session
  ssl_enabled: true
openstack:
  base_domains:
  - heat_user_domain
  default_region: ChengDu
  enforce_new_defaults: true
  extension_mapping:
    floating-ip-port-forwarding: neutron_port_forwarding
    fwaas_v2: neutron_firewall
    qos: neutron_qos
    vpnaas: neutron_vpn
  interface_type: public
  keystone_url: http://192.168.1.98:5000/v3/
  nginx_prefix: /api/openstack
  reclaim_instance_interval: 604800
  service_mapping:
    baremetal: ironic
    compute: nova
    container: zun
    container-infra: magnum
    database: trove
    identity: keystone
    image: glance
    key-manager: barbican
    load-balancer: octavia
    network: neutron
    object-store: swift
    orchestration: heat
    placement: placement
    sharev2: manilav2
    volumev3: cinder
  sso_enabled: false
  sso_protocols:
  - openid
  sso_region: ChengDu
  system_admin_roles:
  - admin
  - system_admin
  system_project: service
  system_project_domain: Default
  system_reader_roles:
  - system_reader
  system_user_domain: Default
  system_user_name: skyline
  system_user_password: 'admin'
setting:
  base_settings:
  - flavor_families
  - gpu_models
  - usb_models
  flavor_families:
  - architecture: x86_architecture
    categories:
    - name: general_purpose
      properties: []
    - name: compute_optimized
      properties: []
    - name: memory_optimized
      properties: []
    - name: high_clock_speed
      properties: []
  - architecture: heterogeneous_computing
    categories:
    - name: compute_optimized_type_with_gpu
      properties: []
    - name: visualization_compute_optimized_type_with_gpu
      properties: []
  gpu_models:
  - nvidia_t4
  usb_models:
  - usb_c

主要是注意各个IP地址

安装其他CLI

pip install python-ironicclient
pip install python-ironic-inspector-client