概要
apt使用本地源,pip使用本地源
網絡環境
物理機環境
| 網絡名 | 網絡地址 | VLAN |
|---|---|---|
| br-ex | 192.168.200.250/24 | 90 |
| br-mgmt | 92.0.0.100/24 | 92 |
ansible控制主機配置
| 主機類型 | 操作系統 | 配置 | 角色 |
|---|---|---|---|
| KVM虛擬機 | ubuntu 16.04 TLS server | 內存:2GB 磁盤:30GB 網卡:ens3(br-ex) ens4(br-mgmt) | deploy |
| 網絡名 | 網絡地址 | VLAN | IP |
| ------------ | ------------ | ------------ |
| 管理網絡 | 172.29.236.0/22 | 10 | 172.29.236.10/22 |
| 內網網絡 | 172.29.248.0/22 | 10 | 172.29.248.10/22 |
| 外網 | 192.168.200.0/24 | - | 192.168.200.13/24 |
- 網絡配置
# vim /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 192.168.200.10
netmask 255.255.255.0
gateway 192.168.200.1
dns-nameserver 114.114.114.114
auto ens4
iface ens4 inet manual
auto ens4.10
iface ens4.10 inet manual
vlan-raw-device ens4
auto br-mgmt
iface br-mgmt inet static
address 172.29.236.10
netmask 255.255.252.0
bridge_ports ens4.10
auto br-vlan
iface br-vlan inet static
address 172.29.248.10
netmask 255.255.252.0
bridge_ports ens4
- 設置阿里源
# vim sources.list
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse
# apt-get install aptitude build-essential git ntp ntpdate openssh-server python python-dev sudo debootstrap bridge-utils vlan lxc
# reboot
- 安裝openstack-ansible
# git clone -b 14.1.0 https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible
# cd /opt/openstack-ansible
### 編輯腳本修改export ANSIBLE_PACKAGE="ansible==2.1.4"
# vim scripts/bootstrap-ansible.sh
# scripts/bootstrap-ansible.sh
# ssh-keygen -t rsa
# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
# chmod 600 /root/.ssh/authorized_keys
- 設置配置文件
# cp -r /opt/openstack-ansible/etc/openstack_deploy/ /etc/
### 生成openstack服務配置文件
# cp /etc/openstack_deploy/openstack_user_config.yml.test.example /etc/openstack_deploy/openstack_user_config.yml
# sed -i -e "s/host_bind_override: \"eth12\"/host_bind_override: \"ens3\"/g" /etc/openstack_deploy/openstack_user_config.yml
# sed -i -e "s/external_lb_vip_address:.*/external_lb_vip_address: 192\.168\.200\.11/g" /etc/openstack_deploy/openstack_user_config.yml
### 用戶自定義配置文件
# vim /etc/openstack_deploy/user_variables.yml
openstack_service_publicuri_proto: http
### 使用apt下載rabbitmq-server軟件包
rabbitmq_install_method: "distro"
### 使用apt下載Perconah和Qpress軟件包
use_percona_upstream: true
galera_server_percona_distro_packages:
- qpress
- percona-xtrabackup-22
### 自動生成密碼配置文件
# python /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
- GIT緩存制作
### 用戶自定義配置文件
# vim /etc/openstack_deploy/user_variables.yml
repo_build_git_cache: /opt/git/openstack/
### 腳本詳見問題處理---"git緩存相關腳本"
### 克隆代碼
# mkdir -p /opt/git/openstack
# python gitclone.py
### 切換分支
# python gitcheckout.py
### 關閉任務- name: Clone git repositories asynchronously的git模塊的update
# vim /etc/ansible/roles/repo_build/tasks/repo_clone_git.yml
update: no
- LXC容器模板制作
### 下載容器模板
# apt install lxc
# /usr/bin/lxc-create --name LXC_NAME --template download --bdev dir -- --dist ubuntu --release xenial --arch amd64 --force-cache --server images.linuxcontainers.org --keyserver hkp://keyserver.ubuntu.com:80
### 在"- name: Stat the prepared LXC cache"和"- include: lxc_cache.yml"任務之間添加如下內容
# vim /etc/ansible/roles/lxc_hosts/tasks/main.yml
- name: Synchronise the contents of the LXC cache to the LXC host
synchronize:
src: "{{ lxc_container_cache_path }}/"
dest: "{{ lxc_container_cache_path }}"
when:
- "{{ not lxc_cache_stat.stat.exists
or (lxc_cache_stat.stat.exists
and lxc_cache_stat.stat.mtime > lxc_cache_timeout) }}"
tags:
- always
- 本地源搭建
將repo服務安裝在ansible主機上
# vim /opt/openstack-ansible/playbooks/inventory/env.d/pkg_repo.yml
component_skel:
pkg_repo:
belongs_to:
- repo_all
container_skel:
repo_container:
belongs_to:
- repo-infra_containers
contains:
- pkg_repo
properties:
service_name: repo
is_metal: true
# vim /etc/openstack_deploy/openstack_user_config.yml
repo-infra_hosts:
repo:
ip: 172.29.236.10
在ansible控制主機上構建本地源
# vim /etc/openstack_deploy/user_variables.yml
repo_pkg_cache_enabled: false
# cd /opt/openstack-ansible/playbooks/
# openstack-ansible repo-install.yml
修改源相關配置文件
### 注釋 - include: repo-install.yml
# vim /opt/openstack-ansible/playbooks/setup-infrastructure.yml
### 設置源地址
# vim /etc/openstack_deploy/user_variables.yml
pip_get_pip_options: "--index-url http://172.29.248.10:{{ repo_server_port }}/pools --trusted-host 172.29.248.10"
pip_install_options: "--no-index --find-links http://172.29.248.10:{{ repo_server_port }}/links --trusted-host 172.29.248.10"
openstack_repo_url: "http://172.29.248.10:{{ repo_server_port }}"
openstack_repo_git_url: "git://172.29.248.10"
### 刪除galera_client的源檢測動作
# sed -i -e "/when: add_repo | changed/d" /etc/ansible/roles/galera_client/tasks/galera_client_install_apt.yml
- 搭建部分軟件APT源鏡像
查詢openstack-ansible需要添加的額外的apt源
# find /etc/ansible/roles -name "ubuntu-16.04.yml" -o -name "debian.yml" | xargs grep -i ".*repo: \"deb "
### 最終找出的需要添加的apt源
# vim /etc/apt/source.list
deb http://download.ceph.com/debian-hammer/ xenial main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu/ xenial-updates/newton main
deb http://mirror.rackspace.com/mariadb/repo/10.0/ubuntu xenial main
deb http://repo.percona.com/apt xenial main ### 去掉,手動下載deb
查詢openstack-ansible需要安裝的deb包
# find /etc/ansible/roles -name "ubuntu-16.04.yml" -o -name "debian.yml" | xargs -i awk '/.*_distro_packages:$/ {while(getline){ if($1 == "-") {print $0} else {break} }}' {} | sort -u -o dists.txt
# sed -i -e 's/#.*$//g' dists.txt
# sed -i -e 's/^[ -]*//g' dists.txt
# sed -i -e 's/"{{ galera_mariadb_apt_server_package }}"/mariadb-galera-server/g' dists.txt
# sed -i -e 's/{{ ansible_kernel }}/4\.4\.0-72-generic/g' dists.txt
# awk '{print $1,$2}' dists.txt | sort -u | grep -v nginx-extra | grep -v pvm-novalink > packages.txt
找一台干凈的ubuntu server 16.04 TLS對應版本容器內安裝debs.txt中的軟件並打包緩存
# apt install ubuntu-cloud-keyring
### 添加以下APT源和APT KEY
# vim /etc/apt/source.list
deb http://download.ceph.com/debian-hammer/ xenial main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu/ xenial-updates/newton main
deb http://mirror.rackspace.com/mariadb/repo/10.0/ubuntu xenial main
deb http://repo.percona.com/apt xenial main
### galera_client_gpg_keys:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8
### ceph_gpg_keys:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv e84ac2c0460f3994
### galera_gpg_keys:
# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9334a25f8507efa5
# apt update
### 方法一(此方式廢棄)
# cat packages.txt | xargs -i apt install -y {}
# cd /var/cache/apt/
# tar -acf dists.tar.gz archives
### 方法二
# mkdir archives
# cd archives
# apt install apt-rdepends
# cat packages.txt | xargs apt-rdepends | grep -v ^\ | xargs apt download
# cd ..
# tar -acf dists.tar.gz archives
拷貝打包文件到ansible控制主機,並解壓到APT源鏡像目錄
# mkdir -p /var/www/ubuntu-repo/
# tar -zxf dists.tar.gz
# find archives/ -name *.deb | xargs -i cp {} /var/www/ubuntu-repo/
### 有些軟件包apt install不會緩存deb,需要自己手動下載(詳見問題處理---"本地APT鏡像源deb包缺失")
配置nginx
# cd /etc/nginx/sites-enabled
# ln -s /etc/nginx/sites-available/default defalut
server {
listen 80;
server_name ubuntu-repo;
access_log /var/log/nginx/openstack-repo.access.log;
error_log /var/log/nginx/openstack-repo.error.log;
location / {
root /var/www/ubuntu-repo/;
autoindex on;
expires 5h;
}
}
# systemctl restart nginx
創建GPG KEY
### 生成隨機數
# apt install rng-tools
# rngd -r /dev/urandom
### 創建密鑰
# gpg --gen-key
gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: nocsys
Email address:
Comment:
You selected this USER-ID:
"nocsys"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
....+++++
.+++++
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 48763DD3 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024R/48763DD3 2017-04-14
Key fingerprint = C12C C3A9 6A9D ABDE FC01 CDA9 857F D33B 4876 3DD3
uid nocsys
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
導出key文件
# cd /var/www/ubuntu-repo
# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 1024R/D4CB6DF1 2017-04-14
uid nocsys
# gpg --output keyFile --armor --export D4CB6DF1
生成Packages.gz、Release、InRelease、Release.gpg文件
### 后期如果需要添加新deb包,將deb包放入/var/www/ubuntu-repo后重新執行下面命令即可
# cd /var/www/ubuntu-repo
# 生成索引文件
# apt-ftparchive packages . > Packages
# gzip -c Packages > Packages.gz
# apt-ftparchive release . > Release
### 輸入前面設置的GPG KEY密碼
# gpg --clearsign -o InRelease Release
# gpg -abs -o Release.gpg Release
- 修改haproxy轉發方式
### 用戶自定義配置文件
# vim /etc/openstack_deploy/user_variables.yml
haproxy_ssl: false
### 將haproxy轉發方式由http全部改成tcp,詳見問題處理---"haproxy tcp轉發配置"
- 軟件包緩存制作
HATop軟件包緩存
### 用戶自定義配置文件
# vim /etc/openstack_deploy/user_variables.yml
haproxy_hatop_download_url: "http://172.29.248.10:{{ repo_server_port }}/extra/hatop-0.7.7.tar.gz"
下載HATop
# mkdir -p /var/www/repo/extra
# cd /var/www/repo/extra
# wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz
- horizon設置
horizon啟用https
### 用戶自定義配置文件
# vim /etc/openstack_deploy/user_variables.yml
horizon_external_ssl: false
托管主機模板制作
| 主機類型 | 操作系統 | 配置 | 主機名 |
|---|---|---|---|
| KVM虛擬機 | ubuntu 16.04 TLS server | 內存:4GB 磁盤:80GB 網卡:ens3(br-mgmt) | ubuntu |
| 網絡名 | 網絡地址 | VLAN | IP |
| ------------ | ------------ | ------------ |
| 管理網絡 | 172.29.236.0/22 | 10 | 172.29.236.254/22 |
| 內網網絡 | 172.29.248.0/22 | 10 | 172.29.248.254/22 |
- 網絡配置
# vim /etc/network/interfaces
auto ens3
iface ens3 inet static
address 172.29.248.254
netmask 255.255.252.0
# reboot
- 設置ssh免密碼登入
# scp root@172.29.248.10:/root/.ssh/id_rsa.pub ./
# cat id_rsa.pub >> ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys
設置軟件源
# wget http://172.29.248.10/keyFile
# apt-key add keyFile
# vim /etc/apt/sources.list
deb http://172.29.248.10/ ./
# apt-get install vlan bridge-utils python
- 重新配置網絡
# vim /etc/network/interfaces
auto ens3
iface ens3 inet manual
auto ens3.10
iface ens3.10 inet manual
vlan-raw-device ens3
auto ens3.20
iface ens3.20 inet manual
vlan-raw-device ens3
auto ens3.30
iface ens3.30 inet manual
vlan-raw-device ens3
auto br-mgmt
iface br-mgmt inet static
address 172.29.236.254
netmask 255.255.252.0
bridge_ports ens3.10
auto br-storage
iface br-storage inet static
address 172.29.244.254
netmask 255.255.252.0
bridge_ports ens3.20
auto br-vxlan
iface br-vxlan inet static
address 172.29.240.254
netmask 255.255.252.0
bridge_ports ens3.30
auto br-vlan
iface br-vlan inet static
address 172.29.248.254
netmask 255.255.252.0
bridge_ports ens3
# reboot
- 備份虛擬機
### 拷貝當前虛擬機qcow2文件
# halt
ansible托管節點環境
| 主機類型 | 操作系統 | 配置 | 主機名 |
|---|---|---|---|
| KVM虛擬機 | ubuntu 16.04 TLS server | 內存:4GB 磁盤:30GB 網卡:ens3(br-mgmt) | infra1 |
| KVM虛擬機 | ubuntu 16.04 TLS server | 內存:4GB 磁盤:30GB 網卡:ens3(br-mgmt) | compute1 |
| KVM虛擬機 | ubuntu 16.04 TLS server | 內存:2GB 磁盤:30GB 網卡:ens3(br-mgmt) | storage1 |
sched節點配置
| 網絡名 | 網絡地址 | VLAN | IP |
| ------------ | ------------ | ------------ |
| 管理網絡 | 172.29.236.0/22 | 10 | 172.29.236.11/22 |
| 存儲網絡 | 172.29.244.0/22 | 20 | 172.29.244.11/22 |
| 隧道網絡VXLAN | 172.29.240.0/22 | 30 | 172.29.240.11/22 |
| 內網網絡 | 172.29.248.0/22 | - | 172.29.248.11/22 |
| 外網網絡 | 192.168.200.0/22 | - | 192.168.200.11/22 |
### 使用托管主機模板創建虛擬機,並修改172.29.*.254 => 172.29.*.11
nova節點配置
| 網絡名 | 網絡地址 | VLAN | IP |
| ------------ | ------------ | ------------ |
| 管理網絡 | 172.29.236.0/22 | 10 | 172.29.236.12/22 |
| 存儲網絡 | 172.29.244.0/22 | 20 | 172.29.244.12/22 |
| 隧道網絡VXLAN | 172.29.240.0/22 | 30 | 172.29.240.12/22 |
| 內網網絡 | 172.29.248.0/22 | - | 172.29.248.12/22 |
### 使用托管主機模板創建虛擬機,並修改172.29.*.254 => 172.29.*.11
storage節點配置
| 網絡名 | 網絡地址 | VLAN | IP |
| ------------ | ------------ | ------------ |
| 管理網絡 | 172.29.236.0/22 | 10 | 172.29.236.13/22 |
| 存儲網絡 | 172.29.244.0/22 | 20 | 172.29.244.13/22 |
| 隧道網絡VXLAN | 172.29.240.0/22 | 30 | 172.29.240.13/22 |
| 內網網絡 | 172.29.248.0/22 | - | 172.29.248.13/22 |
### 使用托管主機模板創建虛擬機,並修改172.29.*.254 => 172.29.*.11
執行openstack-ansible
查詢openstack-ansible添加額外軟件源的任務位置
### 帶文件名
# find /etc/ansible/roles -name "*\.yml"| grep -v "yum" | xargs grep -h -i -e "[a-z|-]*-apt-keys$" -e "[a-z|-]*-repos$" | sort -u
### 不帶文件名
# find /etc/ansible/roles -name "*\.yml"| grep -v "yum" | xargs grep -h -i -e "[a-z|-]*-apt-keys$" -e "[a-z|-]*-repos$" | sort -u
- bird-repos
- ceph-apt-keys
- ceph-repos
- etcd-apt-keys
- etcd-repos
- galera-apt-keys
- galera-client-apt-keys
- galera-client-repos
- galera-repos
- haproxy-apt-keys
- haproxy-repos
- keepalived-apt-keys
- lxc-cache-apt-keys ### 去掉,不可skip
- novalink-apt-keys
- percona-repos
- rabbitmq-apt-keys
- rabbitmq-repos
- repo-clone-repos
- add-repo-keys ### 新增
- add-uca-repo ### 新增
執行安裝
### 使用vnc連入ansible控制主機,斷開網絡連接
# ifdown ens3
# openstack-ansible setup-hosts.yml --skip-tags "add-repo-keys,add-uca-repo"
# openstack-ansible setup-infrastructure.yml --skip-tags "bird-repos,ceph-apt-keys,ceph-repos,etcd-apt-keys,etcd-repos,galera-apt-keys,galera-repos,galera-client-apt-keys,galera-client-repos,haproxy-apt-keys,haproxy-repos,percona-repos,rabbitmq-apt-keys,rabbitmq-repos,repo-clone-repos,add-repo-keys,add-uca-repo"
# openstack-ansible setup-openstack.yml --skip-tags "bird-repos,ceph-apt-keys,ceph-repos,etcd-apt-keys,etcd-repos,galera-apt-keys,galera-repos,galera-client-apt-keys,galera-client-repos,haproxy-apt-keys,haproxy-repos,percona-repos,rabbitmq-apt-keys,rabbitmq-repos,repo-clone-repos,add-repo-keys,add-uca-repo"
驗證安裝
# lxc-attach -n infra1_utility_container-72d28be9
# source openrc
# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
# openstack network create selfservice
# openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 40.0.0.1 --subnet-range 40.0.0.0/24 subnet-selfservice
# openstack network list
# openstack server create --flavor m1.nano --image cirros --nic net-id=5bbf071e-0540-41a3-8318-38903397484b test
# openstack server list
### 直接訪問https://192.168.200.11
問題處理
- apt update告警
W: GPG error: http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5EDB1B62EC4926EA
E: The repository 'http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release' is not signed.
解決辦法
# apt install ubuntu-cloud-keyring
- git緩存相關腳本
### 克隆腳本
# cat gitclone.py
import os,yaml,subprocess,logging
yml_path="/opt/openstack-ansible/playbooks/defaults/repo_packages/"
git_path="/opt/git/openstack/"
def exec_clone(url, path):
if url:
print(yml_path+path)
#if subprocess.call("git clone " + url + " " + git_path + path, shell=True):
# logging.error(url + " git clone failed!")
def analysis_dict(data):
for value in data.values():
if isinstance(value, str):
if value.startswith("https://git"):
exec_clone(value, value[value.rfind("/") + 1:])
def analysis_yml(name):
for datas in yaml.load_all(file(yml_path + name, 'r')):
if isinstance(datas, dict):
analysis_dict(datas)
elif isinstance(datas, list):
for data in datas:
analysis_dict(data)
else:
print(name, " error fomat")
if __name__ == '__main__':
logging.basicConfig(filename='error.log')
for name in os.listdir(yml_path):
if name.endswith(".yml"):
analysis_yml(name)
### 分支切換腳本
# cat gitcheckout.py
import os,logging,subprocess
git_path = "/opt/git/openstack/"
dirs_stable = [
"ceilometer",
"nova-lxd",
"ironic-ui",
"keystone",
"cinder",
"requirements",
"neutron-vpnaas",
"nova-powervm",
"neutron-lbaas",
"ironic",
"magnum-ui",
"glance",
"sahara-dashboard",
"heat",
"horizon",
"aodh",
"sahara",
"neutron-fwaas",
"neutron",
"neutron-dynamic-routing",
"nova",
"swift",
"magnum"]
dirs_master = [
"felix",
"gnocchi",
"neutron-lbaas-dashboard",
"tempest",
"rally",
"networking-calico",
"novnc",
"spice-html5"]
def exec_checkout(name, master):
if master:
if name == 'gnocchi':
print("git checkout stable/3.0 " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout stable/3.0", shell=True):
logging.error(" git checkout stable/3.0 " + name +" failed!")
elif name == 'felix':
print("git checkout 1.4.x-series " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout 1.4.x-series", shell=True):
logging.error(" git checkout 1.4.x-series " + name +" failed!")
else:
print("git checkout master " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout master", shell=True):
logging.error(" git checkout master " + name +" failed!")
else:
print("git checkout stable/newton " + name)
if subprocess.call("cd "+ git_path + name + " && git checkout stable/newton", shell=True):
logging.error(" git checkout stable/newton " + name +" failed!")
if __name__ == '__main__':
logging.basicConfig(filename='error.log')
for name in dirs_master:
exec_checkout(name, True)
for name in dirs_stable:
exec_checkout(name, False)
- 本地APT鏡像源deb包缺失
方法一: 使用命令
apt-get download $(apt-rdepends "${package}" | grep -v ^\ )自動下載,使用軟件名替換"${package}"
方法二: 自己手動wget
- 在Search package directories欄輸入軟件包關鍵字,然后點擊搜索
- 在搜索結果頁面的軟件包 XXX列表選擇對應ubuntu版本
- 在軟件包頁面的下載 XXX欄選擇對應的硬件架構
- 最后就可以知道軟件的下載子目錄,例如 pool/main/g/gdbm/
- 然后找一台空機器apt install XXX下查看系統安裝的軟件版本
### 補充缺失的deb包
# cd /var/www/ubuntu-repo/
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/audit/auditd_2.4.5-1ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/audit/libauparse0_2.4.5-1ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/a/audit/audispd-plugins_2.4.5-1ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libp/libprelude/libprelude2v5_1.0.0-11.7ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/aide/aide_0.16~a2.git20130520-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libl/liblockfile/liblockfile1_1.09-6ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libl/liblockfile/liblockfile-bin_1.09-6ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.37_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/postfix/postfix_3.1.0-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/b/bsd-mailx/bsd-mailx_8.1.2-0.20160123cvs-2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/aide/aide-common_0.16~a2.git20130520-3_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/t/timelimit/timelimit_1.8.1-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libt/libtomcrypt/libtomcrypt0_1.17-7_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/c/chrony/chrony_2.1.1-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libt/libtommath/libtommath0_0.42.0-1.2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libf/libfile-fnmatch-perl/libfile-fnmatch-perl_0.02-2build2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/d/debsums/debsums_2.1.2_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/logrotate/logrotate_3.8.7-2ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/apparmor/apparmor-profiles_2.10.95-0ubuntu2.6_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/u/ubuntu-cloud-keyring/ubuntu-cloud-keyring_2012.08.14_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/python-apt/python-apt-common_1.1.0~beta1build1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/i/iso-codes/iso-codes_3.65-1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/x/xz-utils/xz-utils_5.1.1alpha%2b20120614-2ubuntu2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libe/libevent/libevent-2.0-5_2.0.21-stable-2ubuntu0.16.04.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/perl_5.22.1-9_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/perl-modules-5.22_5.22.1-9_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/libperl5.22_5.22.1-9_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/rename/rename_0.20-4_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gdbm/libgdbm3_1.8.3-13.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/m/mpfr4/libmpfr4_3.1.4-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.18.4ubuntu1.1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/patch/patch_2.7.5-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/readline5/libreadline5_5.2%2bdfsg-3build1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pygobject/python3-gi_3.20.0-0ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gobject-introspection/gir1.2-glib-2.0_1.46.0-3ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus-python/python3-dbus_1.2.0-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/python-apt/python3-apt_1.1.0~beta1build1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gobject-introspection/libgirepository-1.0-1_1.46.0-3ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.48.2-0ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.10.6-1ubuntu3.3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus-glib/libdbus-glib-1-2_0.106-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/psmisc/psmisc_22.21-2.1build1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gawk/gawk_4.1.3%2bdfsg-0.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/lsof/lsof_4.89%2bdfsg-0.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/rsync/rsync_3.1.1-3ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libs/libsigsegv/libsigsegv2_2.10-4_amd64.deb
# wget http://repo.percona.com/apt/pool/main/q/qpress/qpress_11-1.xenial_amd64.deb
# wget http://repo.percona.com/apt/pool/main/p/percona-xtrabackup-22/percona-xtrabackup-22_2.2.13-1.vivid_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/universe/e/erlang/erlang-base-hipe_18.3-dfsg-1ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/e/erlang/erlang-crypto_18.3-dfsg-1ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/e/erlang/erlang-syntax-tools_18.3-dfsg-1ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/lksctp-tools/libsctp1_1.0.16%2bdfsg-3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/c/curl/curl_7.47.0-1ubuntu2.2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/git/git_2.7.4-0ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/git/git-man_2.7.4-0ubuntu1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libe/liberror-perl/liberror-perl_0.17-1.2_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gettext/gettext-base_0.19.7-2ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libx/libxml2/libxml2_2.9.3%2bdfsg1-1ubuntu0.2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/i/icu/libicu55_55.1-7ubuntu0.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gettext/libasprintf0v5_0.19.7-2ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libp/libpipeline/libpipeline1_1.4.1-2_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/b/bsdmainutils/bsdmainutils_9.0.6ubuntu3_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/groff/groff-base_1.22.3-7_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/s/sgml-base/sgml-base_1.26%2bnmu4ubuntu1_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/x/xml-core/xml-core_0.13%2bnmu2_all.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnetfilter-conntrack/libnetfilter-conntrack3_1.0.5-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnl3/libnl-3-200_3.2.27-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnl3/libnl-genl-3-200_3.2.27-1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/n/net-snmp/libsnmp30_5.7.3%2bdfsg-1ubuntu4_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pciutils/libpci3_3.3.1-1.1ubuntu1.1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pycurl/python3-pycurl_7.43.0-1ubuntu1_amd64.deb
# wget http://mirrors.aliyun.com/ubuntu/pool/main/m/man-db/man-db_2.7.5-1_amd64.deb
- haproxy tcp轉發配置
# cat /opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml
haproxy_default_services:
- service:
haproxy_service_name: galera
haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
haproxy_port: 3306
haproxy_balance_type: tcp
haproxy_timeout_client: 5000s
haproxy_timeout_server: 5000s
haproxy_backend_options:
- "mysql-check user {{ galera_monitoring_user }}"
haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}"
- service:
haproxy_service_name: glance_api
haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 9292
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: glance_registry
haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 9191
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}"
- service:
haproxy_service_name: gnocchi
haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}"
haproxy_port: 8041
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: heat_api_cfn
haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
haproxy_port: 8000
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: heat_api_cloudwatch
haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"
haproxy_port: 8003
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: heat_api
haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
haproxy_port: 8004
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: keystone_service
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
haproxy_port: 5000
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: keystone_admin
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
haproxy_port: 35357
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}"
- service:
haproxy_service_name: neutron_server
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
haproxy_port: 9696
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: nova_api_metadata
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
haproxy_port: 8775
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}"
- service:
haproxy_service_name: nova_api_os_compute
haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8774
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: nova_console
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: "{{ nova_console_port }}"
haproxy_balance_type: tcp
haproxy_timeout_client: 60m
haproxy_timeout_server: 60m
haproxy_balance_alg: source
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: cinder_api
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8776
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: horizon
haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 443
haproxy_balance_type: tcp
haproxy_balance_alg: source
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: sahara_api
haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_alg: source
haproxy_port: 8386
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: swift_proxy
haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_balance_alg: source
haproxy_port: 8080
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: ceilometer_api
haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8777
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: aodh_api
haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 8042
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- service:
haproxy_service_name: ironic_api
haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 6385
haproxy_balance_type: tcp
haproxy_backend_options:
- "httpchk GET /"
- service:
haproxy_service_name: rabbitmq_mgmt
haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 15672
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}"
- service:
haproxy_service_name: magnum
haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"
haproxy_ssl: "{{ haproxy_ssl }}"
haproxy_port: 9511
haproxy_balance_type: tcp
haproxy_backend_options:
- tcp-check
- 虛擬機創建失敗
### 提示No valid host was found. There are not enough hosts available.
解決辦法
### 1.openstack的主機名不能相同,要和/etc/openstack_deploy/openstack_user_config.yml里面設置的主機名保持一致,例如infra1、compute1、storage1(感覺可以一樣,待驗證)
# lxc-attach -n infra1-utility-container-9976aa24
### 確保服務和資源都滿足條件,比如內存分配是否充沛
# nova service-list
# nova hypervisor-stats