(1).Kolla概述
Kolla是OpenStack下用於自動化部署的一個項目,它基於docker和ansible來實現,其中docker主要負責鏡像制作和容器管理,ansible主要負責環境的部署和管理。
Kolla實際上分為兩部分:Kolla部分提供了生產環境級別的鏡像,涵蓋了OpenStack用到的各個服務;Kolla-ansible部分提供了自動化的部署。最開始這兩部分是在一個項目中的(即Kolla),OpenStack從O開頭的版本開始被獨立開來,這才有了用於構建所有服務鏡像的Kolla項目,以及用於執行自動化部署的Kolla-ansible。
(2).Linux系統硬件配置
需要一台高配VMware虛擬機,內存12G,硬盤200G(swap分區4G,boot分區200M,剩下全給根目錄),CPU開啟虛擬化支持,雙網卡橋接模式。
(3).准備工作
如果是最小化安裝,那么按<Tab>鍵是不會自動補全的,所以此時需要安裝bash-completion。另外還需要安裝vim和net-tools工具
[root@Openstack240 ~]# yum -y install bash-completion vim net-tools
關閉SELinux和firewalld
[root@Openstack240 ~]# vi /etc/selinux/config
SELINUX=disabled
[root@Openstack240 ~]# setenforce 0
[root@Openstack240 ~]# getenforce
Permissive
[root@Openstack240 ~]# systemctl disable firewalld && systemctl stop firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@Openstack240 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
11月 23 00:06:05 Openstack systemd[1]: Starting firewalld - dynamic firewal....
11月 23 00:06:07 Openstack systemd[1]: Started firewalld - dynamic firewall....
11月 23 00:38:02 Openstack systemd[1]: Stopping firewalld - dynamic firewal....
11月 23 00:38:04 Openstack systemd[1]: Stopped firewalld - dynamic firewall....
Hint: Some lines were ellipsized, use -l to show in full.
配置/etc/hosts
[root@Openstack240 ~]# vim /etc/hosts 192.168.128.240 OpenStack
下載epel源
[root@Openstack240 ~]# yum -y install epel-release
配置網卡信息
| IP地址 | 網絡類型 | 網卡 | 在OpenStack網絡中的作用 |
| 192.168.128.240 | bridge(橋接) | ens32 | OpenStack內部管理網絡(management network),Horizon web界面訪問就是通過該網卡 |
| 無(不能配置IP地址) | bridge(橋接) | ens33 | 外部網絡(external network),讓neutron(OpenStack中的網絡組件)的br-ex綁定使用,OpenStack中的虛擬機是通過該網卡與外網通信 |
[root@Openstack240 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32 //修改以下幾行,如果不存在則添加 BOOTPROTO=none //將dhcp改為none,使自動獲取改為靜態獲取 ONBOOT=yes //啟動用該網卡 IPADDR=192.168.128.240 //設置IPv4地址 NETMASK=255.255.255.0 //設置子網掩碼 GATEWAY=192.168.128.254 //設置默認網關 DNS1=61.177.7.1 //設置DNS [root@Openstack240 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 //修改以下幾行,並將其移動到文件開頭,如果不存在則添加。 TYPE=Ethernet NAME=ens33 DEVICE=ens33 //如果是開啟虛擬機后添加網卡,需要手動編輯以上三行 BOOTPROTO=none //將dhcp改為none,使自動獲取改為靜態獲取 ONBOOT=yes //啟用該網卡 [root@OpenStack240 ~]# systemctl restart network
安裝基礎包
//安裝基礎包 [root@Openstack240 ~]# yum -y install python-devel libffi-devel gcc openssl-devel git python-pip //配置pip鏡像源,方便快速下載python庫(默認從國外下載) [root@Openstack240 ~]# mkdir .pip [root@Openstack240 ~]# tee .pip/pip.conf << EOF //不知道為什么cat失敗,所以用了tee > [global] > index-url=http://mirrors.aliyun.com/pypi/simple/ > [install] > trusted-host=mirrors.aliyun.com > EOF //升級pip [root@Openstack240 ~]# pip install -U pip
(4).安裝kolla-ansible
1)使用pip安裝ansible,注意不要使用yum安裝,否則會與kolla中的YAML包沖突
[root@Openstack240 ~]# pip install ansible
2)使用pip安裝kolla-ansible
[root@Openstack240 ~]# pip install kolla-ansible
如果出現如下錯誤
//已經存在PyYAML3.10導致不能安裝PyYAML Found existing installation: PyYAML 3.10 Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall. //出現如上錯誤,請執行以下步驟 [root@Openstack240 ~]# pip install PyYAML --ignore-installed PyYAML //忽略已經安裝的PyYAML,安裝PyYAML [root@Openstack240 ~]# pip install kolla-ansible //重新安裝kolla-ansible
3)復制kolla-ansible的相關配置文件
[root@Openstack240 ~]# cp -r /usr/share/kolla-ansible/etc_examples/kolla /etc/ [root@Openstack240 ~]# ls /etc/kolla/ globals.yml passwords.yml [root@Openstack240 ~]# cp /usr/share/kolla-ansible/ansible/inventory/* /etc/kolla/ [root@Openstack240 ~]# ls /etc/kolla/ all-in-one globals.yml multinode passwords.yml
文件說明:all-in-one是安裝單節點OpenStack的ansible自動安裝配置文件;multinode是安裝多節點OpenStack的ansible自動安裝配置文件;globals.yml是OpenStack部署的自定義配置文件;passwords.yml是OpenStack中各個服務的密碼文件。
(5).編輯kolla-ansible的配置文件,用於自定義安裝OpenStack
生成OpenStack各個服務的密碼文件,並修改Web頁面登錄密碼
[root@Openstack240 ~]# kolla-genpwd [root@Openstack240 ~]# vim /etc/kolla/passwords.yml //修改第165行,這是登錄Dashboard(web界面控制台)的密碼。正常情況下也不能太簡單,可以截取一段自動生成的密碼 keystone_admin_password: 123456
編輯/etc/kolla/global.yml自定義OpenStack中的部署事項
[root@Openstack240 ~]# vim /etc/kolla/globals.yml //第14行和第15行,選擇下載的基礎鏡像,5選1 # Valid options are ['centos', 'debian', 'oraclelinux', 'rhel', 'ubuntu'] kolla_base_distro: "centos" //第17行和第18行,選擇的安裝方法,2選1。binary二進制安裝,source源碼安裝 # Valid options are [ binary, source ] kolla_install_type: "source" //第20行和第21行,選擇OpenStack的版本標簽,詳細請看:https://releases.openstack.org/ # Valid option is Docker repository tag openstack_release: "stein" //注意版本必須小寫,后期下載的OpenStack相關的docker鏡像標簽也為stein。我是train版本失敗,才換成stein //第23行和第24行,存放配置文件的位置 # Location of configuration overrides #node_custom_config: "/etc/kolla/config" //默認存放地址 //第31行,OpenStack內部管理網絡地址,通過該IP訪問OpenStack Web頁面進行管理。如果啟用了高可用,需要設置為VIP(漂移IP) kolla_internal_vip_address: "192.168.128.240" //第87行,OpenStack內部管理網絡地址的網卡接口 network_interface: "ens32" //第105行,OpenStack外部(或公共)網絡的網卡接口,可以是vlan模式或flat模式。 //此網卡應該在沒有IP地址的情況下處於活動,如果不是,那么OpenStack雲平台中的雲主機實例將無法訪問外部網絡。(存在IP時br-ex橋接就不成功) neutron_external_interface: "ens33" //第190行,關閉高可用 enable_haproxy: "no" //第213行,關閉cinder(塊存儲) #enable_cinder: "no" //第443行和第444行,指定nova-compute守護進程使用的虛擬化技術。(kvm好像有點問題,大家可以試試,看看你們能不能過nova下載) //nova-compute是一個非常重要的守護進程,負責創建和終止虛擬機實例,即管理虛擬機實例的生命周期 # Valid options are [ qemu, kvm, vmware, xenapi ] nova_compute_virt_type: "qemu"
(6).基於kolla-ansible安裝OpenStack私有雲
生成ssh key,並給自己授權
[root@Openstack240 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:AF8aHj/NlA0doFaR/ZOM6HParDKP0o4YH40rzDoEPnY root@Openstack The key's randomart image is: +---[RSA 2048]----+ | . o . *X.. | | + * *o + | | = = o. + . | |. o .. . = | |.. S. . | | +.E o o . | |..oo. o.. * | | . ++.++.. o | | .o..+oo+o. | +----[SHA256]-----+ [root@Openstack240 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@OpenStack /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'openstack (192.168.128.240)' can't be established. ECDSA key fingerprint is SHA256:bIVBUnAgb1EBEW0igBEyamtibqEMjhkfrwHyjXHjnq4. ECDSA key fingerprint is MD5:86:b5:64:9c:5f:19:23:26:20:56:60:9d:ce:27:f7:33. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@openstack's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@OpenStack'" and check to make sure that only the key(s) you wanted were added.
配置單節點清單文件
[root@Openstack240 ~]# vim /etc/kolla/all-in-one //修改第3行到第19行,將localhost ansible_connection=local改為OpenStack //可以使用替換命令":1,$s/localhost ansible_connection=local/OpenStack/" [control] OpenStack [network] OpenStack [compute] OpenStack [storage] OpenStack [monitoring] OpenStack [deployment] OpenStack
開始部署OpenStack。注意:我在使用阿里雲的epel源時,在安裝bootstrap-server時會卡在TASK [baremetal : Install yum packages]這一步。而系統安裝的epel源只等待了5分鍾左右。
//安裝bootstrap-servers部署OpenStack所需的依賴包。該包由kolla-ansible提供,包含docker。
[root@Openstack240 ~]# kolla-ansible -i /etc/kolla/all-in-one bootstrap-servers
//對當前主機進行預部署(檢測),直接看最后的統計即可。如果檢測報錯,可以查看前面的TASK:[precheck ...]部分,可以快速定位到錯誤
[root@Openstack240 ~]# kolla-ansible -i /etc/kolla/all-in-one prechecks
PLAY RECAP *********************************************************************
OpenStack : ok=66 changed=0 unreachable=0 failed=0 skipped=42 rescued=0 ignored=0
//查看docker volume卷掛載方式
[root@Openstack240 ~]# vim /etc/systemd/system/docker.service.d/kolla.conf
[Service]
MountFlags=shared //添加該行,后期docker宿主機新增分區時,docker服務不用重啟,方便主機增加磁盤。
ExecStart=
ExecStart=/usr/bin/dockerd --log-opt max-file=5 --log-opt max-size=50m
//指定docker加速器,阿里雲免費的申請一下即可
[root@Openstack240 ~]# tee /etc/docker/daemon.json << 'EOF'
> {
> "registry-mirrors": ["https://xxxxxxx.mirror.aliyuncs.com"]
> }
> EOF
[root@Openstack240 ~]# systemctl daemon-reload
[root@Openstack240 ~]# systemctl restart docker
//拉取鏡像,時間有點長
[root@Openstack240 ~]# kolla-ansible -i /etc/kolla/all-in-one pull
//查看拉取下來的鏡像
[root@OpenStack240 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kolla/centos-source-horizon stein 0dadc35b6b9c 44 hours ago 1.04GB
kolla/centos-source-nova-compute stein ea536cdda37b 44 hours ago 1.85GB
kolla/centos-source-neutron-server stein 75c62223bc3a 44 hours ago 1.03GB
kolla/centos-source-neutron-l3-agent stein 3f9175b4f55c 44 hours ago 1.04GB
kolla/centos-source-neutron-dhcp-agent stein 3137270d1bd0 44 hours ago 1GB
kolla/centos-source-neutron-metadata-agent stein bfd4bbeefc3f 44 hours ago 1GB
kolla/centos-source-neutron-openvswitch-agent stein 908cfd43c296 44 hours ago 1GB
kolla/centos-source-nova-api stein 8521127528ce 44 hours ago 1.09GB
kolla/centos-source-nova-ssh stein cbbf57d9ac9c 44 hours ago 1.06GB
kolla/centos-source-glance-api stein 2e0c01c9facc 44 hours ago 910MB
kolla/centos-source-nova-consoleauth stein 85e5522095c9 44 hours ago 1.03GB
kolla/centos-source-nova-conductor stein c35ede1279bc 44 hours ago 1.03GB
kolla/centos-source-nova-scheduler stein 817f1ec1367f 44 hours ago 1.03GB
kolla/centos-source-nova-novncproxy stein ee5441c6a2a1 44 hours ago 1.06GB
kolla/centos-source-keystone-ssh stein 15ea9c492264 44 hours ago 921MB
kolla/centos-source-keystone stein e973f2e7094d 44 hours ago 920MB
kolla/centos-source-keystone-fernet stein f50e58bbf72c 44 hours ago 920MB
kolla/centos-source-placement-api stein 1556e06c1058 44 hours ago 920MB
kolla/centos-source-heat-api stein 21e4e2ba3acf 44 hours ago 894MB
kolla/centos-source-heat-engine stein 720f1fc35901 44 hours ago 894MB
kolla/centos-source-heat-api-cfn stein 91991bd99c45 44 hours ago 894MB
kolla/centos-source-mariadb stein 61ff92627c80 44 hours ago 594MB
kolla/centos-source-nova-libvirt stein 8e3beb6eec8b 44 hours ago 1.2GB
kolla/centos-source-fluentd stein b148a90b28b7 44 hours ago 539MB
kolla/centos-source-openvswitch-vswitchd stein 651b5161a446 44 hours ago 423MB
kolla/centos-source-openvswitch-db-server stein 693789d40516 44 hours ago 423MB
kolla/centos-source-chrony stein e2e4a9fa7f63 44 hours ago 407MB
kolla/centos-source-memcached stein 7af3c04e37b3 44 hours ago 407MB
kolla/centos-source-kolla-toolbox stein d6718bf60842 44 hours ago 687MB
kolla/centos-source-rabbitmq stein 2135cb353c35 44 hours ago 486MB
kolla/centos-source-cron stein 83f979d850d9 44 hours ago 406MB
//部署OpenStack
[root@OpenStack240 ~]# kolla-ansible -i /etc/kolla/all-in-one deploy
PLAY RECAP *****************************************************************************************************
OpenStack : ok=279 changed=168 unreachable=0 failed=0 skipped=116 rescued=0 ignored=0
//驗證部署,並且生成/etc/kolla/admin-openrc.sh
[root@OpenStack240 ~]# kolla-ansible -i /etc/kolla/all-in-one post-deploy
PLAY RECAP *****************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@OpenStack240 ~]# cat /etc/kolla/admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin //在該文件中可以看到OpenStack的Web頁面賬號密碼
export OS_PASSWORD=123456
export OS_AUTH_URL=http://192.168.128.240:35357/v3
export OS_INTERFACE=internal
export OS_IDENTITY_API_VERSION=3
export OS_REGION_NAME=RegionOne
export OS_AUTH_PLUGIN=password
報錯1:拉取鏡像失敗。
首先重復嘗試幾次拉取鏡像操作。如果還是失敗,先檢測/etc/kolla/globals.yml中第21行版本號是否正確。在版本號正確的情況下再次拉取鏡像還是報錯,那么向前退一個版本嘗試拉取鏡像。(我就是train版本無法使用,退回到stein版本)注意清理其他版本的鏡像
報錯2:部署失敗(我沒遇到,有待測試)
如果部署時報以下錯誤:
RUNNING HANDLER [common : Initializing toolbox container using normal user] ****
fatal: [HOSTNAME]: FAILED! => {"changed": false, "cmd": ["docker", "exec", "-t", "kolla_toolbox", "/usr/bin/ansible", "--version"],
"delta": "0:00:01.251727", "end": "2018-08-29 22:52:03.283733", "msg": "non-zero return code", "rc": 126,
"start": "2018-08-29 22:52:02.032006", "stderr": "", "stderr_lines": [],
"stdout": "OCI runtime exec failed: exec failed: container_linux.go:348:
可以嘗試重新部署,會自動解決該問題。
使用內網的Windows測試
(7).重啟服務器后來帶的問題
kolla部署的OpenStack-allinone雲平台自帶開機自啟,就是啟動稍微有點慢。 但是在我重啟過后發現少啟動了一個鏡像,一番查找之下發現缺少了kolla/centos-source-nova-scheduler:stein鏡像(nova-scheduler)。以下為重啟之后的操作,如有不能啟動的鏡像可以照此操作
[root@OpenStack240 ~]# docker ps | grep nova-scheduler [root@OpenStack240 ~]# docker ps -a | grep nova-scheduler a3d73b4b5ac8 kolla/centos-source-nova-scheduler:stein "dumb-init --single-…" 23 hours ago Exited (137) 7 minutes ago nova_scheduler [root@OpenStack240 ~]# docker restart a3d73b
然后再重啟就又可以開機自啟了,不知道為什么。