CentOS7虚拟机中使用kolla-ansible部署all-in-one模式openstack详细步骤

一、虚拟机中部署openstack

1.1 虚拟机配置和软件版本

1.1.1 虚拟机配置

体系结构：x86 vmware虚拟机

拟机内存大小：8G

磁盘大小：50G

网络：两个网卡，一个NAT模式网卡ens33，一个网桥模式ens37

1.1.2 软件版本

操作系统：CentOS Linux release 7.9.2009 (Core)（最小化安装）

内核：3.10.0-1160.el7.x86_64

python版本：2.7.5

openstack版本：train

ansible版本：2.9.0

kolla-ansible版本：9.3.0

docker版本：20.10.0

pip版本：20.3.4

OpenStack部署模式：all-in-one

1.2 准备工作

1.2.1 修改主机名（非必须）

修改主机名称为op

hostnamectl set-hostname op

1.2.2 设置无密码登录

设置ssh的无密码连接到本地，执行

ssh-keygen

生成密钥，出现的需要填写的位置全部默认回车即可

ssh-copy-id op

选项输入yes，然后输入op的密码，即可实现无密码连接到本地。

1.2.3 关闭selinux

关闭selinux

修改/etc/selinux/config文件中

SELINUX=disabled

并重启虚拟机

此时执行getenforce命令能够看到状态为

disabled

（不修改/etc/selinux/config文件也可以，可以执行setenforce 0来临时关闭selinux，关闭后getenforce的状态是Permissive）

1.2.4 关闭防火墙

关闭防火墙

systemctl stop firewalld

下次重启默认不开启防火墙

systemctl disable firewalld

1.2.5 安装pip

yum install python2-pip

修改pip源（使用国内源替换默认源，加速包的下载。如果没有/root/.pip目录需要自己创建）

vim /root/.pip/pip.conf

[global] index-url = http://mirrors.aliyun.com/pypi/simple/ [install] trusted-host = mirrors.aliyun.com

升级pip

pip install ansible==20.3.4

查看pip版本

pip -V

1.2.6 安装ansible

pip install ansible==2.9.0

查看ansible版本

ansible --version

1.2.7 安装kolla-ansible

pip install kolla-ansible==9.3.0

可能会出现错误：Could not find suitable distribution for Requirement.parse('pbr>=2.0.0')

解决方法可参考下文错误1

可能会出现错误：error in netaddr setup command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers

解决方法可参考下文错误2

可能会出现错误：ERROR: Cannot uninstall 'requests'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

解决方法可参考下文错误3

可能会出现错误：ERROR: Cannot uninstall 'netaddr'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

解决方法可参考下文错误4

可能会出现错误：ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

解决方法可参考下文错误5，后续类似错误均可按照上述解决方法执行

1.2.8 安装docker-ce

可以使用国内阿里云的源来下载docker

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install docker-ce

启动docker服务

systemctl start docker

令docker服务开机自启动

systemctl enable docker

可以通过docker info查看是否已经生效

1.3 部署openstack all-in-one模式

all-in-one模式是单机部署openstack，所有的服务均存在于当前单节点

创建kolla配置目录

mkdir /etc/kolla

拷贝配置文件

cp /usr/share/kolla-ansible/etc_examples/kolla/globals.yml /etc/kolla/

cp /usr/share/kolla-ansible/etc_examples/kolla/passwords.yml /etc/kolla/

修改/etc/kolla/globals.yml文件，配置文件如下（由于我们关闭enable_haproxy，因此kolla_internal_vip_address设置为本机地址，最少需要两个网卡，network_interface和neutron_external_interface必须是不同的网卡，如果需要使用自己搭建的docker registry，可以在globals.yml中添加docker_registry: "192.168.10.158:4000" docker_registry_insecure: "yes"两个字段）

kolla_base_distro:"centos"

kolla_install_type:"binary"

openstack_release:"train"

kolla_internal_vip_address:"192.168.10.158"

network_interface:"ens33"

neutron_external_interface:"ens37"

enable_haproxy:"no"

#如果需要使用自己搭建的registry仓库，可以设置下面两个参数

#docker_registry: 192.168.10.158:4000   #这里的端口要注意，不要使用5000端口，会与keystone冲突

#docker_registry_insecure: yes

拷贝all-in-one文件到当前目录

cp /usr/share/kolla-ansible/ansible/inventory/all-in-one .

生成密码

kolla-genpwd

如果需要修改openstack admin用户的登录密码，可以执行完上述命令后在/etc/kolla/passwords.yml中修改keystone_admin_password字段对应的值

部署检查

kolla-ansible -i all-in-one bootstrap-servers

kolla-ansible -i all-in-one prechecks

检查无错误即可

执行部署操作

kolla-ansible -i all-in-one deploy

可能会出现错误：dial tcp 34.194.164.123:443: i/o timeout")\n'

解决方法参考下文错误6，后续类似错误均可按照上述方法解决

部署完成后可以查看openstack的docker镜像是否都成功运行

docker ps

执行如下命令生成/etc/kolla/admin-openrc.sh文件

kolla-ansible -i all-in-one post-deploy

通过浏览器登录到192.168.10.158页面能够使用admin-openrc.sh文件中提供的密码登录openstack控制台

安装openstack客户端（使用pip安装openstack客户端存在问题）

yum install centos-release-openstack-train.noarch

yum install python2-openstackclient

执行

source /etc/kolla/admin-openrc.sh

即可通过openstack命令进行操作

例如执行查看用户命令

1.4 移除环境

如果需要移除当前的openstack环境，可以执行

kolla-ansible -i all-in-one destroy all --yes-i-really-really-mean-it

执行后所有的docker镜像都会被删除

1.5 报错参考

错误1：Could not find suitable distribution for Requirement.parse('pbr>=2.0.0')

在执行pip install kolla-ansible==9.3.0的时候报错

需要先安装pbr包

pip install pbr

然后再执行

pip install kolla-ansible==9.3.0

错误2：error in netaddr setup command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers

在执行pip install kolla-ansible==9.3.0的时候报错

原因是setuptools包的版本太低了，需要升级setuptools包

然后再执行pip install kolla-ansible==9.3.0

错误3：ERROR: Cannot uninstall 'requests'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

在执行pip install kolla-ansible==9.3.0的时候报错

解决方法是重新安装requests

pip install --ignore-installed requests

错误4：ERROR: Cannot uninstall 'netaddr'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

在执行pip install kolla-ansible==9.3.0的时候报错

解决方法是重新安装netaddr

pip install --ignore-installed netaddr

错误5：ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.

在执行pip install kolla-ansible==9.3.0的时候报错

解决方法是重新安装PyYAML

pip install --ignore-installed PyYAML

错误6：TASK [common : Ensure fluentd image is present for label check] **************************************************************************

fatal: [localhost]: FAILED! => {"changed": true, "msg": "'Traceback (most recent call last):\n File "/tmp/ansible_kolla_docker_payload_gP5Zkt/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 1027, in main\n File "/tmp/ansible_kolla_docker_payload_gP5Zkt/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 906, in ensure_image\n File "/tmp/ansible_kolla_docker_payload_gP5Zkt/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 571, in pull_image\n File "/usr/lib/python2.7/site-packages/docker/api/image.py", line 430, in pull\n self._raise_for_status(response)\n File "/usr/lib/python2.7/site-packages/docker/api/client.py", line 270, in _raise_for_status\n raise create_api_error_from_http_exception(e)\n File "/usr/lib/python2.7/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception\n raise cls(e, response=response, explanation=explanation)\nAPIError: 500 Server Error for http+docker://localhost/v1.43/images/create?tag=train&fromImage=kolla%2Fcentos-binary-fluentd: Internal Server Error ("Head "https://registry-1.docker.io/v2/kolla/centos-binary-fluentd/manifests/train": dial tcp 34.194.164.123:443: i/o timeout")\n'"}

在执行kolla-ansible -i all-in-one deploy时报错

解决方法是手动下载对应的镜像（可能存在网络问题需要多试几次）

docker pull kolla/centos-binary-heat-api:train

需要的镜像包括如下，均可以提前下载准备好

docker pull kolla/centos-binary-heat-api:train

docker pull kolla/centos-binary-heat-engine:train

docker pull kolla/centos-binary-heat-api-cfn:train

docker pull kolla/centos-binary-glance-api:train

docker pull kolla/centos-binary-nova-compute:train

docker pull kolla/centos-binary-keystone-ssh:train

docker pull kolla/centos-binary-keystone-fernet:train

docker pull kolla/centos-binary-keystone:train

docker pull kolla/centos-binary-placement-api:train

docker pull kolla/centos-binary-nova-scheduler:train

docker pull kolla/centos-binary-nova-api:train

docker pull kolla/centos-binary-nova-ssh:train

docker pull kolla/centos-binary-nova-conductor:train

docker pull kolla/centos-binary-nova-novncproxy:train

docker pull kolla/centos-binary-neutron-server:train

docker pull kolla/centos-binary-neutron-openvswitch-agent:train

docker pull kolla/centos-binary-horizon:train

docker pull kolla/centos-binary-neutron-l3-agent:train

docker pull kolla/centos-binary-neutron-dhcp-agent:train

docker pull kolla/centos-binary-neutron-metadata-agent:train

docker pull kolla/centos-binary-openvswitch-db-server:train

docker pull kolla/centos-binary-openvswitch-vswitchd:train

docker pull kolla/centos-binary-kolla-toolbox:train

docker pull kolla/centos-binary-rabbitmq:train

docker pull kolla/centos-binary-nova-libvirt:train

docker pull kolla/centos-binary-keepalived:train

docker pull kolla/centos-binary-mariadb:train

docker pull kolla/centos-binary-fluentd:train

docker pull kolla/centos-binary-cron:train

docker pull kolla/centos-binary-haproxy:train

docker pull kolla/centos-binary-memcached:train

docker pull kolla/centos-binary-chrony:train

错误7："Unable to restart service docker“

在执行kolla-ansible -i all-in-one bootstrap-servers可能会产生如下错误，

这是因为如果采用自定的仓库配置，在/etc/docker/daemon.json文件中添加了

"insecure-registries": [ "192.168.10.158:4000" ],

需要将/usr/lib/systemd/system/docker.service文件中添加的--insecure-registry 192.168.10.158:4000参数去掉

然后重启docker

systemctl daemon-reload

systemctl restart docker