kolla-ansible部署all-in-one单节点openstack
kolla ansible简介
kolla 的使命是为 openstack 云平台提供生产级别的、开箱即用的交付能力。kolla 的基本思想是一切皆容器,将所有服务基于 Docker 运行,并且保证一个容器只跑一个服务(进程),做到最小粒度的运行 docker。
kolla 要实现 openetack 部署总体上分为两步,第一步是制作 docker 镜像,第二步是编排部署。因此,kolla 项目又被分为两个小项目:kolla、kolla-ansible 。
kolla-ansible项目
https://github.com/openstack/kolla-ansible
kolla项目
https://tarballs.opendev.org/openstack/kolla/
dockerhub镜像地址
https://hub.docker.com/u/kolla/
安装环境准备
官方部署文档:
https://docs.openstack.org/kolla-ansible/train/user/quickstart.html
本次部署train版all-in-one单节点,使用一台centos7.8 minimal节点进行部署,该节点同时作为控制节点、计算节点、网络节点和cinder存储节点使用,同时也是kolla ansible的部署节点。
kolla安装节点要求:
- 2 network interfaces
- 8GB main memory
- 40GB disk space
如果是vmware workstation环境,勾选处理器选项的虚拟化引擎相关功能,否则后面需要配置nova_compute_virt_type=qemu参数,这里选择勾选,跳过以下步骤。
# cat /etc/kolla/globals.yml
nova_compute_virt_type: "qemu"
#或者部署完成后手动调整
[root@kolla ~]# cat /etc/kolla/nova-compute/nova.conf |grep virt_type
#virt_type = kvm
virt_type = qemu
[root@kolla ~]# docker restart nova_compute
kolla的安装要求目标机器至少两块网卡,本次安装使用2块网卡对应管理网络和外部网络两个网络平面,在vmware workstation虚拟机新增一块网卡ens37:
- ens33,NAT模式,管理网络,正常配置静态IP即可。租户网络与该网络复用,租户vm网络不单独创建网卡
- ens37,桥接模式,外部网络,无需配置IP地址,这个其实是让neutron的br-ex 绑定使用,虚拟机通过这块网卡访问外网。
ens37网卡配置参考:
https://docs.openstack.org/install-guide/environment-networking-controller.html
cat > /etc/sysconfig/network-scripts/ifcfg-ens37 <<EOF
NAME=ens37
DEVICE=ens37
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
EOF
#重新加载en37网卡设备
nmcli con reload && nmcli con up ens37
如果启用cinder还需要额外添加磁盘,这里以添加一块/dev/sdb磁盘为例,创建为物理卷并加入卷组。
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
注意卷组名称为cinder-volumes,默认与后面的globals.yml中定义一致。
[root@kolla ~]# cat /etc/kolla/globals.yml | grep cinder_volume_group
#cinder_volume_group: "cinder-volumes"
部署kolla ansible
配置主机名,kolla预检查时rabbitmq可能需要能够进行主机名解析
hostnamectl set-hostname kolla
安装依赖
yum install -y python-devel libffi-devel gcc openssl-devel libselinux-python
安装 Ansible,注意版本,默认2.9应该可以满足要求
yum install -y ansible
配置阿里云pip源,否则pip安装时会很慢
mkdir ~/.pip
cat > ~/.pip/pip.conf << EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=https://mirrors.aliyun.com/pypi/simple/
EOF
安装 kolla-ansible
kolla版本与openstack版本对应关系:https://releases.openstack.org/teams/kolla.html
yum install -y epel-release
yum install -y python-pip
pip install -U pip
pip install kolla-ansible==9.1.0 --ignore-installed PyYAML
复制 kolla-ansible配置文件到当前环境
mkdir -p /etc/kolla
chown $USER:$USER /etc/kolla
##Copy globals.yml and passwords.yml
cp -r /usr/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
##Copy all-in-one and multinode inventory files
cp /usr/share/kolla-ansible/ansible/inventory/* .
修改ansible配置文件
cat << EOF | sed -i '/^\[defaults\]$/ r /dev/stdin' /etc/ansible/ansible.cfg
host_key_checking=False
pipelining=True
forks=100
EOF
默认有all-in-one和multinode两个inventory文件,这里使用all-in-one,来规划集群角色,配置默认即可
[root@kolla ~]# cat all-in-one | more
# These initial groups are the only groups required to be modified. The
# additional groups are for more control of the environment.
[control]
localhost ansible_connection=local
[network]
localhost ansible_connection=local
[compute]
localhost ansible_connection=local
[storage]
localhost ansible_connection=local
[monitoring]
localhost ansible_connection=local
[deployment]
localhost ansible_connection=local
...
检查inventory配置是否正确,执行:
ansible -i all-in-one all -m ping
生成openstack组件用到的密码,该操作会填充/etc/kolla/passwords.yml,该文件中默认参数为空。
kolla-genpwd
修改keystone_admin_password,可以修改为自定义的密码方便后续horizon登录,这里改为kolla。
$ sed -i 's#keystone_admin_password:.*#keystone_admin_password: kolla#g' /etc/kolla/passwords.yml
$ cat /etc/kolla/passwords.yml | grep keystone_admin_password
keystone_admin_password: kolla
修改全局配置文件globals.yml,该文件用来控制安装哪些组件,以及如何配置组件,由于全部是注释,这里直接追加进去,也可以逐个找到对应项进行修改。
cp /etc/kolla/globals.yml{,.bak}
cat >> /etc/kolla/globals.yml <<EOF
# Kolla options
kolla_base_distro: "centos"
kolla_install_type: "binary"
openstack_release: "train"
kolla_internal_vip_address: "192.168.93.200"
# Docker options
docker_registry: "registry.cn-shenzhen.aliyuncs.com"
docker_namespace: "kollaimage"
# Neutron - Networking Options
network_interface: "ens33"
neutron_external_interface: "ens37"
neutron_plugin_agent: "openvswitch"
enable_neutron_provider_networks: "yes"
# OpenStack services
enable_cinder: "yes"
enable_cinder_backend_lvm: "yes"
EOF
参数说明:
- kolla_base_distro: kolla镜像基于不同linux发型版构建,主机使用centos这里对应使用centos类型的docker镜像即可。
- kolla_install_type: kolla镜像基于binary二进制和source源码两种类型构建,实际部署使用binary即可。
- openstack_release: openstack版本可自定义,会从dockerhub拉取对应版本的镜像
- kolla_internal_vip_address: 单节点部署kolla也会启用haproxy和keepalived,方便后续扩容为高可用集群,该地址是ens33网卡网络中的一个可用IP。
- docker_registry: 默认从dockerhub拉取镜像,这里使用阿里云镜像仓库,也可以本地搭建仓库,提前推送镜像上去。但该仓库目前只有train和ussuri版本的镜像,如何自己推送镜像参考该博客的其他文章。
- docker_namespace: 阿里云kolla镜像仓库所在的命名空间,dockerhub官网默认是kolla。
- network_interface: 管理网络的网卡
- neutron_external_interface: 外部网络的网卡
- neutron_plugin_agent: 默认启用openvswitch
- enable_neutron_provider_networks: 启用外部网络
- enable_cinder: 启用cinder
- enable_cinder_backend_lvm: 指定cinder后端存储为lvm
修改docker官方yum源为阿里云yum源,另外配置docker镜像加速,指定使用阿里云镜像加速。
sed -i 's/^docker_yum_url/#&/' /usr/share/kolla-ansible/ansible/roles/baremetal/defaults/main.yml
sed -i 's/^docker_custom_config/#&/' /usr/share/kolla-ansible/ansible/roles/baremetal/defaults/main.yml
cat >> /usr/share/kolla-ansible/ansible/roles/baremetal/defaults/main.yml <<EOF
docker_yum_url: "https://mirrors.aliyun.com/docker-ce/linux/{{ ansible_distribution | lower }}"
docker_custom_config: {"registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]}
EOF
部署openstack组件
部署openstack
#预配置,安装docker、docker sdk、关闭防火墙、配置时间同步等
kolla-ansible -i ./all-in-one bootstrap-servers
#部署前环境检查
kolla-ansible -i ./all-in-one prechecks
#拉取镜像,也可省略该步骤,默认会自动拉取
kolla-ansible -i ./all-in-one pull
#执行实际部署,拉取镜像,运行对应组件容器
kolla-ansible -i ./all-in-one deploy
#生成openrc文件
kolla-ansible post-deploy
以上部署没有报错中断说明部署成功,所有openstack组件以容器方式运行,查看容器
[root@kolla ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
325c17a52c79 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-chrony:train "dumb-init --single-…" 36 hours ago Up 25 hours chrony
6218d98755ee registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cron:train "dumb-init --single-…" 36 hours ago Up 25 hours cron
02b6598c1089 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-kolla-toolbox:train "dumb-init --single-…" 36 hours ago Up 25 hours kolla_toolbox
8572e445abad registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-fluentd:train "dumb-init --single-…" 36 hours ago Up 25 hours fluentd
f11a103c5ade registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openstack-base:train "dumb-init --single-…" 44 hours ago Up 25 hours client
5c91def3c963 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-horizon:train "dumb-init --single-…" 44 hours ago Up 25 hours horizon
e024bd4f5dd3 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-engine:train "dumb-init --single-…" 44 hours ago Up 25 hours heat_engine
2d1491bd9e1a registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api-cfn:train "dumb-init --single-…" 44 hours ago Up 25 hours heat_api_cfn
eeefcfb31a61 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api:train "dumb-init --single-…" 44 hours ago Up 25 hours heat_api
9b51b53448fc registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-metadata-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_metadata_agent
9f88a6c0cf31 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-l3-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_l3_agent
a419cb3270a6 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-dhcp-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_dhcp_agent
959f6faba972 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-openvswitch-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_openvswitch_agent
cc1b081cf876 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-server:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_server
eea1a87feb43 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-vswitchd:train "dumb-init --single-…" 44 hours ago Up 25 hours openvswitch_vswitchd
376f81bf75a2 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-db-server:train "dumb-init --single-…" 44 hours ago Up 25 hours openvswitch_db
c68fd9a92d73 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-compute:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_compute
2492e2a32c80 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-libvirt:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_libvirt
3802d199b29f registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-ssh:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_ssh
1281c311ecd4 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-novncproxy:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_novncproxy
2e8c8478116b registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-conductor:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_conductor
950feb59b549 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-api:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_api
49497e664922 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-scheduler:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_scheduler
f5eb37b48f7d registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-placement-api:train "dumb-init --single-…" 44 hours ago Up 25 hours placement_api
54cd0e3be101 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-backup:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_backup
b4efa4449e7f registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-volume:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_volume
159b669d2fd3 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-scheduler:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_scheduler
9fc7e6a4cb25 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-api:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_api
b3f8f711f2b1 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-glance-api:train "dumb-init --single-…" 44 hours ago Up 25 hours glance_api
760e92d698e2 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-fernet:train "dumb-init --single-…" 44 hours ago Up 25 hours keystone_fernet
95f235c4ac10 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-ssh:train "dumb-init --single-…" 44 hours ago Up 25 hours keystone_ssh
03306334ce19 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone:train "dumb-init --single-…" 44 hours ago Up 25 hours keystone
5173d4191567 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-rabbitmq:train "dumb-init --single-…" 44 hours ago Up 25 hours rabbitmq
eb6bca26f6ce registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-tgtd:train "dumb-init --single-…" 44 hours ago Up 25 hours tgtd
79fac2ca1b19 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-iscsid:train "dumb-init --single-…" 44 hours ago Up 25 hours iscsid
4a3fcefc7009 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-memcached:train "dumb-init --single-…" 44 hours ago Up 25 hours memcached
0773eaf446e4 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-mariadb:train "dumb-init -- kolla_…" 44 hours ago Up 25 hours mariadb
77f0beaa28e5 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keepalived:train "dumb-init --single-…" 44 hours ago Up 25 hours keepalived
b02b744d2da3 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-haproxy:train "dumb-init --single-…" 44 hours ago Up 25 hours haproxy
确认没有Exited等异常状态的容器
[root@kolla ~]# docker ps -a | grep -v Up
本次部署运行了39个容器
[root@localhost kolla-env]# docker ps -a | wc -l
39
查看拉取的镜像,发现镜像数量与容器数量是一致的。
[root@kolla ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-glance-api train aec757c5908a 2 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-ssh train 2c95619322ed 2 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-fernet train 918564aa9c01 2 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone train 8d5f3ca2a73c 2 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-api train 500910236e85 2 days ago 1.19GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-volume train f76ebe1e133d 2 days ago 1.14GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-backup train 19342786a92c 2 days ago 1.13GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-scheduler train 920630f0ea6c 2 days ago 1.11GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api train 517f6a0643ee 2 days ago 1.07GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api-cfn train 2d46b91d44ef 2 days ago 1.07GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-engine train ab570c135dbc 2 days ago 1.07GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-horizon train a00ddb359ea5 2 days ago 1.2GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-fluentd train 6a5b7be2551b 2 days ago 697MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cron train 0f784cd532e2 2 days ago 408MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-chrony train 374dabc62868 2 days ago 408MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-iscsid train 575873f9e4b8 2 days ago 413MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-haproxy train 9cf840548535 2 days ago 433MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keepalived train b2a20ccd7d6a 2 days ago 414MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openstack-base train c35001fb182b 3 days ago 920MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-compute train 93be43a73a3e 5 days ago 1.85GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-placement-api train 26f8c88c3c50 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-api train 2a9d3ea95254 5 days ago 1.08GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-novncproxy train e6acfbe47b2b 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-conductor train 836a9f775263 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-ssh train f89a813f3902 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-scheduler train 8061eaa33d21 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-vswitchd train 2b780c8075c6 5 days ago 425MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-db-server train 86168147b086 5 days ago 425MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-rabbitmq train 19cd34b4f503 5 days ago 487MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-mariadb train 882472a192b5 6 days ago 593MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-dhcp-agent train a007b53f0507 7 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-metadata-agent train 8bcff22221bd 7 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-libvirt train 539673da5c25 7 days ago 1.25GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-kolla-toolbox train a18a474c65ea 7 days ago 842MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-tgtd train ad5380187ca9 7 days ago 383MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-memcached train 1fcf18645254 7 days ago 408MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-server train 539cfb7c1fd2 8 days ago 1.08GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-openvswitch-agent train 95113c0f5b8c 8 days ago 1.08GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-l3-agent train fbe9385f49ca 8 days ago 1.08GB
查看cinder使用的卷,自动创建了lvm
[root@kolla ~]# lsblk | grep cinder
├─cinder--volumes-cinder--volumes--pool_tmeta 253:3 0 20M 0 lvm
│ └─cinder--volumes-cinder--volumes--pool 253:5 0 19G 0 lvm
└─cinder--volumes-cinder--volumes--pool_tdata 253:4 0 19G 0 lvm
└─cinder--volumes-cinder--volumes--pool 253:5 0 19G 0 lvm
[root@kolla ~]# lvs | grep cinder
cinder-volumes-pool cinder-volumes twi-a-tz-- 19.00g 0.00 10.55
查看网卡状态
[root@kolla ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:0c:4e:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.93.30/24 brd 192.168.93.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.93.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::7a6c:d06c:ee49:4cd5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
link/ether 00:0c:29:0c:4e:08 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe0c:4e08/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:2a:d9:93:52 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:2aff:fed9:9352/64 scope link
valid_lft forever preferred_lft forever
6: veth0c46c6a@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1a:ce:d7:61:d0:cc brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::18ce:d7ff:fe61:d0cc/64 scope link
valid_lft forever preferred_lft forever
7: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether de:e5:b7:4d:e8:b8 brd ff:ff:ff:ff:ff:ff
11: br-int: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 52:14:05:ba:ce:4c brd ff:ff:ff:ff:ff:ff
13: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether d2:5b:76:f5:01:49 brd ff:ff:ff:ff:ff:ff
14: br-ex: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:0c:4e:08 brd ff:ff:ff:ff:ff:ff
22: qbr2749f64b-1f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether 3a:0d:ad:56:9d:9d brd ff:ff:ff:ff:ff:ff
23: qvo2749f64b-1f@qvb2749f64b-1f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000
link/ether c2:c5:8b:a6:72:8b brd ff:ff:ff:ff:ff:ff
inet6 fe80::c0c5:8bff:fea6:728b/64 scope link
valid_lft forever preferred_lft forever
24: qvb2749f64b-1f@qvo2749f64b-1f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr2749f64b-1f state UP group default qlen 1000
link/ether 3a:0d:ad:56:9d:9d brd ff:ff:ff:ff:ff:ff
inet6 fe80::380d:adff:fe56:9d9d/64 scope link
valid_lft forever preferred_lft forever
25: tap2749f64b-1f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr2749f64b-1f state UNKNOWN group default qlen 1000
link/ether fe:16:3e:94:b5:71 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe94:b571/64 scope link
valid_lft forever preferred_lft forever
26: qbr0a14e63d-2e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether 02:f9:32:c0:f4:b7 brd ff:ff:ff:ff:ff:ff
27: qvo0a14e63d-2e@qvb0a14e63d-2e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000
link/ether 76:86:46:4c:4f:61 brd ff:ff:ff:ff:ff:ff
inet6 fe80::7486:46ff:fe4c:4f61/64 scope link
valid_lft forever preferred_lft forever
28: qvb0a14e63d-2e@qvo0a14e63d-2e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr0a14e63d-2e state UP group default qlen 1000
link/ether 02:f9:32:c0:f4:b7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f9:32ff:fec0:f4b7/64 scope link
valid_lft forever preferred_lft forever
29: tap0a14e63d-2e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr0a14e63d-2e state UNKNOWN group default qlen 1000
link/ether fe:16:3e:ee:08:6b brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:feee:86b/64 scope link
valid_lft forever preferred_lft forever
另外需要注意,不要在该节点安装libvirt等工具,这些工具安装后可能会启用libvirtd和iscsid.sock等服务,kolla已经在容器中运行了这些服务,这些服务会调用节点上的sock文件,如果节点上也启用这些服务去抢占这些文件,会导致容器异常。默认kolla在预配置时也会主动禁用节点上的相关服务。
安装OpenStack客户端
yum安装openstack客户端
#启用openstack存储库
yum install -y centos-release-openstack-train
#安装openstack客户端
yum install -y python-openstackclient
#启用selinux,安装openstack-selinux软件包以自动管理OpenStack服务的安全策略
yum install -y openstack-selinux
#报错处理
pip uninstall urllib3
yum install -y python2-urllib3
kolla ansible提供了一个快速创建cirros demo实例的脚本/usr/share/kolla-ansible/init-runonce。
脚本需要cirros镜像,如果网络较慢可以使用浏览器下载放在/opt/cache/files目录下:
wget https://github.com/cirros-dev/cirros/releases/download/0.4.0/cirros-0.4.0-x86_64-disk.img
mkdir -p /opt/cache/files/
mv cirros-0.4.0-x86_64-disk.img /opt/cache/files/
定义init-runonce示例脚本外部网络配置:
#定义init-runonce示例脚本外部网络配置
export EXT_NET_CIDR='192.168.1.0/24'
export EXT_NET_RANGE='start=192.168.1.200,end=192.168.1.250'
export EXT_NET_GATEWAY='192.168.1.1'
#执行脚本,上传镜像到glance,创建内部网络、外部网络、flavor、ssh key,并运行一个实例
source /etc/kolla/admin-openrc.sh
/usr/share/kolla-ansible/init-runonce
参数说明:
- EXT_NET_CIDR 指定外部网络,由于使用桥接模式,直接桥接到了电脑的无线网卡,所以这里网络就是无线网卡的网段。
- EXT_NET_RANGE 指定从外部网络取出一个地址范围,作为外部网络的地址池
- EXT_NET_GATEWAY 外部网络网关,这里与wifi网络使用的网关一致
根据最终提示运行实例
openstack server create \
--image cirros \
--flavor m1.tiny \
--key-name mykey \
--network demo-net \
demo1
也可以使用docker容器作为客户端
docker run -d --name client \
--restart always \
-v /etc/kolla/admin-openrc.sh:/admin-openrc.sh:ro \
-v /usr/share/kolla-ansible/init-runonce:/init-runonce:rw \
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openstack-base:train sleep infinity
docker exec -it client bash
source /admin-openrc.sh
openstack service list
访问openstack horizon
访问openstack horizon需要使用vip地址,节点上可以看到由keepalived容器生成的vip
[root@kolla ~]# ip a |grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.93.30/24 brd 192.168.93.255 scope global ens33
inet 192.168.93.100/32 scope global ens33
浏览器直接访问该地址即可登录到horizon
http://192.168.93.100
我这里的用户名密码为admin/kolla,信息可以从admin-openrc.sh中获取
[root@kolla ~]# cat /etc/kolla/admin-openrc.sh
# Clear any old environment that may conflict.
for key in $( set | awk '{FS="="} /^OS_/ {print $1}' ); do unset $key ; done
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=kolla
export OS_AUTH_URL=http://192.168.93.100:35357/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
export OS_IDENTITY_API_VERSION=3
export OS_REGION_NAME=RegionOne
export OS_AUTH_PLUGIN=password
默认登录后如下
在horizion查看创建的网络和实例
登录实例控制台,验证实例与外网的连通性,cirros用户密码在初次登录时有提示:
为实例绑定浮动IP地址,方便从外部ssh远程连接到实例
点击+随机分配一个浮动IP
在kolla节点上ssh连接实例浮动IP,cirros镜像默认用户密码为cirros/gocubsgo,该镜像信息官网有介绍:
https://docs.openstack.org/image-guide/obtain-images.html#cirros-test
[root@kolla ~]# ssh [email protected]
[email protected]'s password:
$
$
或者在集群外部使用SecureCRT连接到实例。
运行CentOS实例
centos官方维护有相关cloud image,如果不需要进行定制,可以直接下载来运行实例。
参考:https://docs.openstack.org/image-guide/obtain-images.html
CentOS官方维护的镜像下载地址:
http://cloud.centos.org/centos/7/images/
也可以使用命令直接下载镜像,但是下载可能较慢,建议下载好在进行上传。以centos7.8为例:
wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2003.qcow2c
下载完成后上传镜像到openstack,直接在horizon上传即可。也可以使用命令上传。
注意:默认该镜像运行的实例只能使用ssh key以centos用户身份登录,如果需要使用root远程ssh连接到实例需要在上传前为镜像配置root免密并开启ssh访问。
参考:https://blog.csdn.net/networken/article/details/106713658
另外我们的命令客户端在容器中,所有这里有些不方便,首先要将镜像复制到容器中,然后使用openstack命令上传。
这里复制到client容器的根目录下。
[root@kolla ~]# docker cp CentOS-7-x86_64-GenericCloud-2003.qcow2c client:/
[root@kolla ~]# docker exec -it client bash
()[root@f11a103c5ade /]#
()[root@f11a103c5ade /]# source /admin-openrc.sh
()[root@f11a103c5ade /]# ls | grep CentOS
CentOS-7-x86_64-GenericCloud-2003.qcow2c
执行以下openstack命令上传镜像
openstack image create "CentOS78-image" \
--file CentOS-7-x86_64-GenericCloud-2003.qcow2c \
--disk-format qcow2 --container-format bare \
--public
命令执行结果
()[root@f11a103c5ade ~]# openstack image create "CentOS78-image" \
> --file CentOS-7-x86_64-GenericCloud-2003.qcow2c \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 362d1e07d42bcbc61b839fb4269b173b |
| container_format | bare |
| created_at | 2020-06-13T03:23:16Z |
| disk_format | qcow2 |
| file | /v2/images/2d95d8a0-6fba-4ca8-9dde-8696eb7ebdbf/file |
| id | 2d95d8a0-6fba-4ca8-9dde-8696eb7ebdbf |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS78-image |
| owner | 65850af146fe478ab13f59f7edf838ec |
| properties | os_hash_algo='sha512', os_hash_value='aefa398f69e1746b420c44e5650f0dcf15926fb6f8c75f746bb2f48a04f7b140fdc745090f3d06b68fa0fe711ded7d822150765414e2a23f351efd2e181eb7b9', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 385941504 |
| status | active |
| tags | |
| updated_at | 2020-06-13T03:23:20Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
在horizon中使用该镜像创建实例,其他信息直接使用之前demo创建的资源即可。创建完成后为实例绑定浮动IP。
如果实例创建失败可以查看相关组件报错日志
[root@kolla ~]# tail -100f /var/log/kolla/nova/nova-compute.log
未配置root密码连接实例
如果没有提前定制镜像修改root密码,只能使用centos用户及sshkey登录,由于是在容器中运行的demo示例,ssh私钥也保存在容器的默认目录下,在容器中连接实例浮动IP测试
[root@kolla ~]# docker exec -it client bash
()[root@f11a103c5ade /]# ssh -i /root/.ssh/id_rsa [email protected]
Last login: Sat Jun 13 05:47:49 2020 from 192.168.1.100
[centos@centos78 ~]$
[centos@centos78 ~]$
或者取出该id_rsa私钥,使用SecureCRT登录:
配置root密码连接实例
如果提前修改了镜像配置root密码,直接使用root用户密码登录实例即可,
[root@kolla ~]# ssh [email protected]
[email protected]'s password:
Last login: Sat Jun 13 05:51:53 2020 from 192.168.1.100
[root@centos78 ~]#
[root@centos78 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:94:b5:71 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.193/24 brd 10.0.0.255 scope global dynamic eth0
valid_lft 84215sec preferred_lft 84215sec
inet6 fe80::f816:3eff:fe94:b571/64 scope link
valid_lft forever preferred_lft forever
[root@centos78 ~]#
[root@centos78 ~]# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
运行Ubuntu实例
下载镜像
wget https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img
上传镜像
openstack image create "Ubuntu1804" \
--file bionic-server-cloudimg-amd64.img \
--disk-format qcow2 --container-format bare \
--public
按照正常流程创建实例即可,ubuntu镜像默认用户为ubuntu,首次登陆使用sshkey方式,然后执行以下命令即可直接切换到root用户(centos无法使用该方式)
$ sudo -i
调整集群配置
集群部署完成后需要开启新的组件或者扩容,可以修改/etc/kolla/global.yml调整参数。
或者在/etc/kolla/config目录下创建自定义配置文件,例如
# mkdir -p /etc/kolla/config/nova
# vim /etc/kolla/config/nova/nova.conf
[DEFAULT]
block_device_allocate_retries = 300
block_device_allocate_retries_interval = 3
重新配置openstack,kolla会自动重建配置变动的容器组件。
kolla-ansible -i all-in-one reconfigure -t nova
kolla配置和日志文件
- 各个组件配置文件目录: /etc/kolla/
- 各个组件日志文件目录:/var/log/kolla/
清理kolla ansilbe集群
kolla-ansible destroy --include-images --yes-i-really-really-mean-it
#或者
[root@kolla ~]# cd /usr/share/kolla-ansible/tools/
[root@all tools]# ./cleanup-containers
[root@all tools]# ./cleanup-host
#重置cinder卷,谨慎操作
vgremove cinder-volume