https://www.cnblogs.com/diantong/p/11911503.html 推荐
https://blog.csdn.net/networken/article/details/106745167 学习
转载:https://blog.csdn.net/networken/article/details/106728002
安装环境准备
官方部署文档:https://docs.openstack.org/kolla-ansible/train/user/quickstart.html
kolla安装节点要求:
2 network interfaces
8GB main memory
40GB disk space
本次部署train版all-in-one单节点,使用一台centos7.8 minimal节点进行部署,该节点同时作为控制节点、计算节点、网络节点和cinder存储节点使用,同时也是kolla ansible的部署节点。
kolla的安装要求目标机器至少两块网卡,本次安装使用2块网卡对应管理网络和外部网络两个网络平面,在vmware workstation虚拟机新增一块网卡ens37:
ens33,NAT模式,管理网络,正常配置静态IP即可。租户网络与该网络复用,租户vm网络不单独创建网卡
ens37,桥接模式,外部网络,无需配置IP地址,这个其实是让neutron的br-ex 绑定使用,虚拟机通过这块网卡访问外网。
网卡配置信息,大部分为默认参数
[root@kolla ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=a41355ae-f475-39d7-9e61-eb5f8f19f881
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.93.30
PREFIX=24
GATEWAY=192.168.93.2
DNS1=114.114.114.114
DNS2=8.8.8.8
IPV6_PRIVACY=no
[root@kolla ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=ens37
UUID=553a2dd0-b53e-417e-98a9-9a7a6a44a53c
DEVICE=ens37
ONBOOT=yes
如果启用cinder还需要额外添加磁盘,这里添加一块sdb盘并创建为pv和vg,使用lvm作为cinder的后端存储:
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
注意卷组名称为cinder-volumes,默认与后面的globals.yml中定义一致。
[root@kolla ~]# cat /etc/kolla/globals.yml | grep cinder_volume_group
#cinder_volume_group: "cinder-volumes"
部署kolla ansible
配置主机名,kolla预检查时rabbitmq可能需要能够进行主机名解析
hostnamectl set-hostname kolla
安装依赖
yum install -y python-devel libffi-devel gcc openssl-devel libselinux-python
安装 Ansible,注意版本,默认2.9应该可以满足要求
yum install -y ansible
配置阿里云pip源,否则pip安装时会很慢
mkdir ~/.pip
cat > ~/.pip/pip.conf << EOF
[global]
trusted-host=mirrors.aliyun.com
index-url=https://mirrors.aliyun.com/pypi/simple/
EOF
安装 kolla-ansible
kolla版本与openstack版本对应关系:https://releases.openstack.org/teams/kolla.html
yum install -y epel-release
yum install -y python-pip
pip install -U pip
pip install kolla-ansible==9.1.0 --ignore-installed PyYAML
复制 kolla-ansible配置文件到当前环境
mkdir -p /etc/kolla
chown $USER:$USER /etc/kolla
##Copy globals.yml and passwords.yml
cp -r /usr/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
##Copy all-in-one and multinode inventory files
cp /usr/share/kolla-ansible/ansible/inventory/* .
修改ansible配置文件
$ vim /etc/ansible/ansible.cfg
[defaults]
host_key_checking=False
pipelining=True
forks=100
默认有all-in-one和multinode两个inventory文件,这里使用all-in-one,来规划集群角色,可以看到所有节点都是同一个节点kolla。
# sed -i 's#localhost ansible_connection=local#kolla#g' all-in-one
#查看修改后的配置,其他默认即可
# cat all-in-one | more
[control]
kolla
[network]
kolla
[compute]
kolla
[storage]
kolla
[monitoring]
kolla
[deployment]
kolla
...
配置主机名解析,实际在环境预配置时kolla会自动添加解析到/etc/hosts
cat >> /etc/hosts <
配置ssh免密
ssh-keygen
ssh-copy-id root@kolla
检查inventory配置是否正确,执行:
ansible -i all-in-one all -m ping
生成openstack组件用到的密码,该操作会填充/etc/kolla/passwords.yml,该文件中默认参数为空。
kolla-genpwd
如果报错执行
pip uninstall cryptography
pip install "cryptography==2.7"
修改keystone_admin_password,可以修改为自定义的密码方便后续horizon登录,这里改为kolla。
$ sed -i 's#keystone_admin_password:.*#keystone_admin_password: kolla#g' /etc/kolla/passwords.yml
$ cat /etc/kolla/passwords.yml | grep keystone_admin_password
keystone_admin_password: kolla
修改全局配置文件globals.yml,该文件用来控制安装哪些组件,以及如何配置组件,由于全部是注释,这里直接追加进去,也可以逐个找到对应项进行修改。
cp /etc/kolla/globals.yml{,.bak}
cat >> /etc/kolla/globals.yml <
参数说明:
kolla_base_distro: kolla镜像基于不同linux发型版构建,主机使用centos这里对应使用centos类型的docker镜像即可。
kolla_install_type: kolla镜像基于binary二进制和source源码两种类型构建,实际部署使用binary即可。
openstack_release: openstack版本可自定义,会从dockerhub拉取对应版本的镜像
kolla_internal_vip_address: 单节点部署kolla也会启用haproxy和keepalived,方便后续扩容为高可用集群,该地址是ens33网卡网络中的一个可用IP。
docker_registry: 默认从dockerhub拉取镜像,这里使用阿里云镜像仓库,也可以本地搭建仓库,提前推送镜像上去。但该仓库目前只有train和ussuri版本的镜像,如何自己推送镜像参考该博客的其他文章。
docker_namespace: 阿里云kolla镜像仓库所在的命名空间,dockerhub官网默认是kolla。
network_interface: 管理网络的网卡
neutron_external_interface: 外部网络的网卡
neutron_plugin_agent: 默认启用openvswitch
enable_neutron_provider_networks: 启用外部网络
enable_cinder: 启用cinder
enable_cinder_backend_lvm: 指定cinder后端存储为lvm
nova_compute_virt_type: 由于使用vmware安装,要改为qemu,否则创建虚拟机失败,生产部署默认使用kvm。
上面部分参数可能有默认配置,也可以不用明确开启,比如neutron_plugin_agent。
有些参数也可以在部署后配置,比如nova_compute_virt_type,找到配置文件修改,并重启对应组件容器即可:
[root@kolla ~]# cat /etc/kolla/nova-compute/nova.conf |grep virt_type
#virt_type = kvm
virt_type = qemu
[root@kolla ~]# docker restart nova_compute
修改docker官方yum源为阿里云yum源,另外配置docker镜像加速,指定使用阿里云镜像加速。
$ vim /usr/share/kolla-ansible/ansible/roles/baremetal/defaults/main.yaml
docker_yum_url: "https://mirrors.aliyun.com/docker-ce/linux/{{ ansible_distribution | lower }}"
docker_custom_config: {"registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]}
部署openstack组件
部署openstack
#预配置,安装docker、docker sdk、关闭防火墙、配置时间同步等
kolla-ansible -i ./all-in-one bootstrap-servers
#部署前环境检查
kolla-ansible -i ./all-in-one prechecks
#拉取镜像,也可省略该步骤,默认会自动拉取
kolla-ansible -i ./all-in-one pull
#执行实际部署,拉取镜像,运行对应组件容器
kolla-ansible -i ./all-in-one deploy
报错
1、no test named 'equalto'
pip install -U Jinja2
pip install Jinja2===2.10.2 (成功)
2、另外关闭systemctl stop NetworkManager
3、计算节点安装neutron组件时验证sysctl值的时候报错
sysctl net.bridge.bridge-nf-call-ip6tables
sysctl net.bridge.bridge-nf-call-iptables
报错sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
用以下命令解决
[root@computer ~]# modprobe br_netfilter
[root@computer ~]# ls /proc/sys/net/bridge/
bridge-nf-call-arptables bridge-nf-call-iptables bridge-nf-filter-vlan-tagged
bridge-nf-call-ip6tables bridge-nf-filter-pppoe-tagged bridge-nf-pass-vlan-input-dev
[root@computer ~]# sysctl -p
[root@computer ~]# sysctl net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 1
[root@computer ~]# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 1
以上部署没有报错中断说明部署成功,所有openstack组件以容器方式运行,查看容器
[root@kolla ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
325c17a52c79 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-chrony:train "dumb-init --single-…" 36 hours ago Up 25 hours chrony
6218d98755ee registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cron:train "dumb-init --single-…" 36 hours ago Up 25 hours cron
02b6598c1089 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-kolla-toolbox:train "dumb-init --single-…" 36 hours ago Up 25 hours kolla_toolbox
8572e445abad registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-fluentd:train "dumb-init --single-…" 36 hours ago Up 25 hours fluentd
f11a103c5ade registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openstack-base:train "dumb-init --single-…" 44 hours ago Up 25 hours client
5c91def3c963 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-horizon:train "dumb-init --single-…" 44 hours ago Up 25 hours horizon
e024bd4f5dd3 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-engine:train "dumb-init --single-…" 44 hours ago Up 25 hours heat_engine
2d1491bd9e1a registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api-cfn:train "dumb-init --single-…" 44 hours ago Up 25 hours heat_api_cfn
eeefcfb31a61 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api:train "dumb-init --single-…" 44 hours ago Up 25 hours heat_api
9b51b53448fc registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-metadata-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_metadata_agent
9f88a6c0cf31 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-l3-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_l3_agent
a419cb3270a6 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-dhcp-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_dhcp_agent
959f6faba972 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-openvswitch-agent:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_openvswitch_agent
cc1b081cf876 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-server:train "dumb-init --single-…" 44 hours ago Up 25 hours neutron_server
eea1a87feb43 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-vswitchd:train "dumb-init --single-…" 44 hours ago Up 25 hours openvswitch_vswitchd
376f81bf75a2 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-db-server:train "dumb-init --single-…" 44 hours ago Up 25 hours openvswitch_db
c68fd9a92d73 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-compute:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_compute
2492e2a32c80 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-libvirt:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_libvirt
3802d199b29f registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-ssh:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_ssh
1281c311ecd4 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-novncproxy:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_novncproxy
2e8c8478116b registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-conductor:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_conductor
950feb59b549 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-api:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_api
49497e664922 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-scheduler:train "dumb-init --single-…" 44 hours ago Up 25 hours nova_scheduler
f5eb37b48f7d registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-placement-api:train "dumb-init --single-…" 44 hours ago Up 25 hours placement_api
54cd0e3be101 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-backup:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_backup
b4efa4449e7f registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-volume:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_volume
159b669d2fd3 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-scheduler:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_scheduler
9fc7e6a4cb25 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-api:train "dumb-init --single-…" 44 hours ago Up 25 hours cinder_api
b3f8f711f2b1 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-glance-api:train "dumb-init --single-…" 44 hours ago Up 25 hours glance_api
760e92d698e2 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-fernet:train "dumb-init --single-…" 44 hours ago Up 25 hours keystone_fernet
95f235c4ac10 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-ssh:train "dumb-init --single-…" 44 hours ago Up 25 hours keystone_ssh
03306334ce19 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone:train "dumb-init --single-…" 44 hours ago Up 25 hours keystone
5173d4191567 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-rabbitmq:train "dumb-init --single-…" 44 hours ago Up 25 hours rabbitmq
eb6bca26f6ce registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-tgtd:train "dumb-init --single-…" 44 hours ago Up 25 hours tgtd
79fac2ca1b19 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-iscsid:train "dumb-init --single-…" 44 hours ago Up 25 hours iscsid
4a3fcefc7009 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-memcached:train "dumb-init --single-…" 44 hours ago Up 25 hours memcached
0773eaf446e4 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-mariadb:train "dumb-init -- kolla_…" 44 hours ago Up 25 hours mariadb
77f0beaa28e5 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keepalived:train "dumb-init --single-…" 44 hours ago Up 25 hours keepalived
b02b744d2da3 registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-haproxy:train "dumb-init --single-…" 44 hours ago Up 25 hours haproxy
确认没有Exited等异常状态的容器
[root@kolla ~]# docker ps -a | grep -v Up
本次部署运行了39个容器
[root@localhost kolla-env]# docker ps -a | wc -l
39
查看拉取的镜像,发现镜像数量与容器数量是一致的。
[root@kolla ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-glance-api train aec757c5908a 2 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-ssh train 2c95619322ed 2 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone-fernet train 918564aa9c01 2 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keystone train 8d5f3ca2a73c 2 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-api train 500910236e85 2 days ago 1.19GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-volume train f76ebe1e133d 2 days ago 1.14GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-backup train 19342786a92c 2 days ago 1.13GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cinder-scheduler train 920630f0ea6c 2 days ago 1.11GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api train 517f6a0643ee 2 days ago 1.07GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-api-cfn train 2d46b91d44ef 2 days ago 1.07GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-heat-engine train ab570c135dbc 2 days ago 1.07GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-horizon train a00ddb359ea5 2 days ago 1.2GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-fluentd train 6a5b7be2551b 2 days ago 697MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-cron train 0f784cd532e2 2 days ago 408MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-chrony train 374dabc62868 2 days ago 408MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-iscsid train 575873f9e4b8 2 days ago 413MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-haproxy train 9cf840548535 2 days ago 433MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-keepalived train b2a20ccd7d6a 2 days ago 414MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openstack-base train c35001fb182b 3 days ago 920MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-compute train 93be43a73a3e 5 days ago 1.85GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-placement-api train 26f8c88c3c50 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-api train 2a9d3ea95254 5 days ago 1.08GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-novncproxy train e6acfbe47b2b 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-conductor train 836a9f775263 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-ssh train f89a813f3902 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-scheduler train 8061eaa33d21 5 days ago 1.05GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-vswitchd train 2b780c8075c6 5 days ago 425MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openvswitch-db-server train 86168147b086 5 days ago 425MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-rabbitmq train 19cd34b4f503 5 days ago 487MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-mariadb train 882472a192b5 6 days ago 593MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-dhcp-agent train a007b53f0507 7 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-metadata-agent train 8bcff22221bd 7 days ago 1.04GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-nova-libvirt train 539673da5c25 7 days ago 1.25GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-kolla-toolbox train a18a474c65ea 7 days ago 842MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-tgtd train ad5380187ca9 7 days ago 383MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-memcached train 1fcf18645254 7 days ago 408MB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-server train 539cfb7c1fd2 8 days ago 1.08GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-openvswitch-agent train 95113c0f5b8c 8 days ago 1.08GB
registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-neutron-l3-agent train fbe9385f49ca 8 days ago 1.08GB
查看cinder使用的卷,自动创建了lvm
[root@kolla ~]# lsblk | grep cinder
├─cinder--volumes-cinder--volumes--pool_tmeta 253:3 0 20M 0 lvm
│ └─cinder--volumes-cinder--volumes--pool 253:5 0 19G 0 lvm
└─cinder--volumes-cinder--volumes--pool_tdata 253:4 0 19G 0 lvm
└─cinder--volumes-cinder--volumes--pool 253:5 0 19G 0 lvm
[root@kolla ~]# lvs | grep cinder
cinder-volumes-pool cinder-volumes twi-a-tz-- 19.00g 0.00 10.55
查看网卡状态
[root@kolla ~]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:0c:4e:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.93.30/24 brd 192.168.93.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.93.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::7a6c:d06c:ee49:4cd5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
link/ether 00:0c:29:0c:4e:08 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe0c:4e08/64 scope link
valid_lft forever preferred_lft forever
4: docker0: mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:2a:d9:93:52 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:2aff:fed9:9352/64 scope link
valid_lft forever preferred_lft forever
6: veth0c46c6a@if5: mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1a:ce:d7:61:d0:cc brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::18ce:d7ff:fe61:d0cc/64 scope link
valid_lft forever preferred_lft forever
7: ovs-system: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether de:e5:b7:4d:e8:b8 brd ff:ff:ff:ff:ff:ff
11: br-int: mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 52:14:05:ba:ce:4c brd ff:ff:ff:ff:ff:ff
13: br-tun: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether d2:5b:76:f5:01:49 brd ff:ff:ff:ff:ff:ff
14: br-ex: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:0c:4e:08 brd ff:ff:ff:ff:ff:ff
22: qbr2749f64b-1f: mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether 3a:0d:ad:56:9d:9d brd ff:ff:ff:ff:ff:ff
23: qvo2749f64b-1f@qvb2749f64b-1f: mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000
link/ether c2:c5:8b:a6:72:8b brd ff:ff:ff:ff:ff:ff
inet6 fe80::c0c5:8bff:fea6:728b/64 scope link
valid_lft forever preferred_lft forever
24: qvb2749f64b-1f@qvo2749f64b-1f: mtu 1450 qdisc noqueue master qbr2749f64b-1f state UP group default qlen 1000
link/ether 3a:0d:ad:56:9d:9d brd ff:ff:ff:ff:ff:ff
inet6 fe80::380d:adff:fe56:9d9d/64 scope link
valid_lft forever preferred_lft forever
25: tap2749f64b-1f: mtu 1450 qdisc pfifo_fast master qbr2749f64b-1f state UNKNOWN group default qlen 1000
link/ether fe:16:3e:94:b5:71 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fe94:b571/64 scope link
valid_lft forever preferred_lft forever
26: qbr0a14e63d-2e: mtu 1450 qdisc noqueue state UP group default qlen 1000
link/ether 02:f9:32:c0:f4:b7 brd ff:ff:ff:ff:ff:ff
27: qvo0a14e63d-2e@qvb0a14e63d-2e: mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000
link/ether 76:86:46:4c:4f:61 brd ff:ff:ff:ff:ff:ff
inet6 fe80::7486:46ff:fe4c:4f61/64 scope link
valid_lft forever preferred_lft forever
28: qvb0a14e63d-2e@qvo0a14e63d-2e: mtu 1450 qdisc noqueue master qbr0a14e63d-2e state UP group default qlen 1000
link/ether 02:f9:32:c0:f4:b7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f9:32ff:fec0:f4b7/64 scope link
valid_lft forever preferred_lft forever
29: tap0a14e63d-2e: mtu 1450 qdisc pfifo_fast master qbr0a14e63d-2e state UNKNOWN group default qlen 1000
link/ether fe:16:3e:ee:08:6b brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:feee:86b/64 scope link
valid_lft forever preferred_lft forever
另外需要注意,不要在该节点安装libvirt等工具,这些工具安装后可能会启用libvirtd和iscsid.sock等服务,kolla已经在容器中运行了这些服务,这些服务会调用节点上的sock文件,如果节点上也启用这些服务去抢占这些文件,会导致容器异常。默认kolla在预配置时也会主动禁用节点上的相关服务。
安装OpenStack客户端
执行openstack相关命令和操作,需要本地安装openstack客户端,但是本次在kolla节点安装客户端报错,所以直接启动一个官方的base容器,该容器默认带有客户端命令,使用时将admin-openrc.sh挂载进容器即可。
安装OpenStack CLI客户端(可能报错,略过该步骤)
pip install python-openstackclient
kolla-ansible post-deploy
cat /etc/kolla/admin-openrc.sh
kolla ansible提供了一个快速创建cirros demo实例的脚本(可能报错,略过该步骤)
source /etc/kolla/admin-openrc.sh
/usr/share/kolla-ansible/init-runonce
访问openstack horizon
访问openstack horizon需要使用vip地址,节点上可以看到由keepalived容器生成的vip
[root@kolla ~]# ip a |grep ens33
2: ens33: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.93.30/24 brd 192.168.93.255 scope global ens33
inet 192.168.93.100/32 scope global ens33
浏览器直接访问该地址即可登录到horizon
http://192.168.93.100
我这里的用户名密码为admin/kolla,信息可以从admin-openrc.sh中获取
[root@kolla ~]# cat /etc/kolla/admin-openrc.sh
# Clear any old environment that may conflict.
for key in $( set | awk '{FS="="} /^OS_/ {print $1}' ); do unset $key ; done
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=kolla
export OS_AUTH_URL=http://192.168.93.100:35357/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
export OS_IDENTITY_API_VERSION=3
export OS_REGION_NAME=RegionOne
export OS_AUTH_PLUGIN=password
容器运行openstack客户端
由于在kolla主机节点没有成功安装openstack客户端,这里在容器里使用客户端
拉取官方镜像地址是kolla/centos-binary-openstack-base:train,这里从阿里云拉取
docker pull registry.cn-shenzhen.aliyuncs.com/kollaimage/centos-binary-openstack-base:train
进入容器就可以正常执行openstack相关命令了
[root@kolla ~]# docker exec -it client bash
()[root@f11a103c5ade /]# source /admin-openrc.sh
()[root@f11a103c5ade /]# openstack service list
+----------------------------------+-------------+----------------+
| ID | Name | Type |
+----------------------------------+-------------+----------------+
| 2aed09dc3dbd450599042edd9badcc17 | nova_legacy | compute_legacy |
| 2c26e8f09c20455bb67e1df58e7f5ab5 | nova | compute |
| 2ec7dd7cd3ce4298931e7272a6e0abd4 | glance | image |
| 47062da43fd644eabaa21ae3ec3189da | keystone | identity |
| 567057b208ae4a3bb2e3e8e3e7b80bd8 | neutron | network |
| 63418bb02ffd449f940c886e640162a1 | heat | orchestration |
| 652da566d85c47eb8d38465fe54c232e | cinderv2 | volumev2 |
| 9c8acd17ecbf457fb8b4f29cfc7859da | heat-cfn | cloudformation |
| d1ef13894f2e44688a1bb117e64d8715 | placement | placement |
| d35e629c03794b4c87c6dc2670f3f00a | cinderv3 | volumev3 |
+----------------------------------+-------------+----------------+
示例demo脚本也被挂载到了容器,修改init-runonce示例脚本外部网络部分的配置,然后执行该shell脚本
()[root@f11a103c5ade /]# cat init-runonce
# This EXT_NET_CIDR is your public network,that you want to connect to the internet via.
ENABLE_EXT_NET=${ENABLE_EXT_NET:-1}
EXT_NET_CIDR=${EXT_NET_CIDR:-'192.168.1.0/24'}
EXT_NET_RANGE=${EXT_NET_RANGE:-'start=192.168.1.200,end=192.168.1.250'}
EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'192.168.1.1'}
$ bash init-runonce
参数说明:
EXT_NET_CIDR 指定外部网络,由于使用桥接模式,直接桥接到了电脑的无线网卡,所以这里网络就是无线网卡的网段。
EXT_NET_RANGE 指定从外部网络取出一个地址范围,作为外部网络的地址池
EXT_NET_GATEWAY 外部网络网关,这里与wifi网络使用的网关一致
脚本会创建一些资源,如下载cirros镜像并上传,创建外部和内部网络等,另外脚本执行过程中会创建ssh key,直接回车即可,默认保存在容器中的/root/.ssh目录下,其中的id_rsa私钥可以用来远程连接实例使用。
该脚本首先会从github下载cirros镜像,如果网络较慢可以提前下载到cache目录
docker exec -it client mkdir -p /opt/cache/files/
wget https://github.com/cirros-dev/cirros/releases/download/0.4.0/cirros-0.4.0-x86_64-disk.img
docker cp cirros-0.4.0-x86_64-disk.img client:/opt/cache/files/
最后根据提示手动运行一个实例
openstack server create \
--image cirros \
--flavor m1.tiny \
--key-name mykey \
--network demo-net \
demo1
在horizion查看创建的网络和实例
登录实例控制台,验证实例与外网的连通性,cirros用户密码在初次登录时有提示:
在kolla节点上ssh连接实例浮动IP,cirros镜像默认用户密码为cirros/gocubsgo,该镜像信息官网有介绍:https://docs.openstack.org/image-guide/obtain-images.html#cirros-test
[root@kolla ~]# ssh [email protected]
[email protected]'s password:
$
$
运行CentOS实例
centos官方维护有相关cloud image,如果不需要进行定制,可以直接下载来运行实例。参考:https://docs.openstack.org/image-guide/obtain-images.html
CentOS官方维护的镜像下载地址:http://cloud.centos.org/centos/7/images/
也可以使用命令直接下载镜像,但是下载可能较慢,建议下载好在进行上传。以centos7.8为例:
wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2003.qcow2c
下载完成后上传镜像到openstack,直接在horizon上传即可。也可以使用命令上传。
注意:默认该镜像运行的实例只能使用ssh key以centos用户身份登录,如果需要使用root远程ssh连接到实例需要在上传前为镜像配置root免密并开启ssh访问。
参考:https://blog.csdn.net/networken/article/details/106713658
另外我们的命令客户端在容器中,所有这里有些不方便,首先要将镜像复制到容器中,然后使用openstack命令上传。
这里复制到client容器的根目录下。
[root@kolla ~]# docker cp CentOS-7-x86_64-GenericCloud-2003.qcow2c client:/
[root@kolla ~]# docker exec -it client bash
()[root@f11a103c5ade /]#
()[root@f11a103c5ade /]# source /admin-openrc.sh
()[root@f11a103c5ade /]# ls | grep CentOS
CentOS-7-x86_64-GenericCloud-2003.qcow2c
执行以下openstack命令上传镜像
openstack image create "CentOS78-image" \
--file CentOS-7-x86_64-GenericCloud-2003.qcow2c \
--disk-format qcow2 --container-format bare \
--public
如果实例创建失败可以查看相关组件报错日志
[root@kolla ~]# tail -100f /var/log/kolla/nova/nova-compute.log
未配置root密码连接实例
如果没有提前定制镜像修改root密码,只能使用centos用户及sshkey登录,由于是在容器中运行的demo示例,ssh私钥也保存在容器的默认目录下,在容器中连接实例浮动IP测试
[root@kolla ~]# docker exec -it client bash
()[root@f11a103c5ade /]# ssh -i /root/.ssh/id_rsa [email protected]
Last login: Sat Jun 13 05:47:49 2020 from 192.168.1.100
[centos@centos78 ~]$
[centos@centos78 ~]$
运行Ubuntu实例
下载镜像
wget https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img
上传镜像
openstack image create "Ubuntu1804" \
--file bionic-server-cloudimg-amd64.img \
--disk-format qcow2 --container-format bare \
--public
按照正常流程创建实例即可,ubuntu镜像默认用户为ubuntu,首次登陆使用sshkey方式,然后执行以下命令即可直接切换到root用户(centos无法使用该方式)
$ sudo -i
kolla配置和日志文件
- 各个组件配置文件目录: /etc/kolla/
- 各个组件日志文件目录:/var/log/kolla/
清理kolla ansilbe集群
kolla-ansible destroy --include-images --yes-i-really-really-mean-it
#重置cinder卷,谨慎操作
vgremove cinder-volume
配置docker阿里云加速
[root@openstack ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://k9e55i4n.mirror.aliyuncs.com"]
}
# systemctl daemon-reload
# systemctl restart docker
查看ip是不是阿里的