-
Notifications
You must be signed in to change notification settings - Fork 4
/
02-flight.txt
320 lines (269 loc) · 11.8 KB
/
02-flight.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
#1. Download and install Kolla and Kolla Ansible
sudo yum install -y wget tar vim python3-wheel git
sudo pip3 install git+https://github.com/openstack/kolla@stable/yoga
sudo pip3 install git+https://github.com/openstack/kolla-ansible@stable/yoga
pip3 list --format=columns
#2. Create the /etc/kolla directory
sudo mkdir -p /etc/kolla
sudo chown karno:karno /etc/kolla
#3. Copy the Kolla Ansible configuration files to /etc/kolla directory
cp -r /usr/local/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
#4. Copy the all-in-one inventory files to the current directory
cp /usr/local/share/kolla-ansible/ansible/inventory/all-in-one .
#5. Check whether the configuration of inventory is correct or not
ansible -i all-in-one all -m ping
#6. Install Ansible Galaxy requirements¶
kolla-ansible install-deps
#7. Generate Kolla passwords
kolla-genpwd
#8. Edit the main configuration file of Kolla Ansible
tee -a /etc/kolla/globals.yml <<EOF
kolla_internal_vip_address: "10.11.11.10"
kolla_internal_fqdn: "osint.stratus.ok"
kolla_external_vip_address: "10.10.10.10"
kolla_external_fqdn: "osext.stratus.ok"
docker_registry: "quay.io"
docker_namespace: "openstack.kolla"
network_interface: "dummy11"
kolla_external_vip_interface: "dummy10"
api_interface: "dummy11"
storage_interface: "dummy12"
tunnel_interface: "dummy13"
#octavia_network_interface: "o-hm0"
neutron_external_interface: "dummy14"
neutron_plugin_agent: "ovn"
kolla_enable_tls_internal: "yes"
kolla_enable_tls_external: "yes"
kolla_admin_openrc_cacert: "{{ kolla_certificates_dir }}/ca/root.crt"
kolla_copy_ca_into_containers: "yes"
kolla_enable_tls_backend: "yes"
kolla_verify_tls_backend: "yes"
openstack_cacert: "/etc/pki/ca-trust/source/anchors/kolla-customca-root.crt"
enable_aodh: "yes"
enable_barbican: "yes"
enable_ceilometer: "yes"
enable_cinder: "yes"
enable_cinder_backup: "yes"
enable_cinder_backend_nfs: "yes"
enable_designate: "yes"
enable_etcd: "yes"
enable_fluentd: "no"
enable_gnocchi: "yes"
enable_gnocchi_statsd: "yes"
enable_kuryr: "yes"
enable_magnum: "yes"
enable_neutron_vpnaas: "yes"
enable_neutron_dvr: "yes"
enable_neutron_qos: "yes"
enable_neutron_provider_networks: "yes"
enable_neutron_segments: "yes"
enable_neutron_sfc: "yes"
enable_neutron_trunk: "yes"
enable_neutron_port_forwarding: "yes"
enable_octavia: "yes"
enable_prometheus: "no"
enable_redis: "yes"
enable_swift : "yes"
enable_swift_s3api: "yes"
enable_trove: "yes"
glance_backend_swift: "yes"
gnocchi_backend_storage: "swift"
gnocchi_incoming_storage: "redis"
cinder_coordination_backend: "redis"
cinder_backup_driver: "nfs"
cinder_backup_share: "10.12.12.11:/nfs_shares/cinder_backup"
designate_ns_record: "ns.stratus.ok"
neutron_ovn_distributed_fip: "yes"
neutron_ovn_dhcp_agent: "yes"
octavia_certs_country: "ID"
octavia_certs_state: "Jabar"
octavia_certs_organization: "Stratus"
octavia_certs_organizational_unit: "Octavia"
EOF
#9. Modify generate-root.yml task of certificates role
sudo vim /usr/local/share/kolla-ansible/ansible/roles/certificates/tasks/generate-root.yml
.....
-subj "/CN=StratusCA/"
.....
#10. Modify openssl-kolla.cnf jinja2 template of certificates role
sudo vim /usr/local/share/kolla-ansible/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
.....
[req_distinguished_name]
countryName = ID
stateOrProvinceName = Jabar
localityName = Bogor
organizationalUnitName = Stratus
commonName = {{ kolla_external_fqdn }}
.....
#11. Modify openssl-kolla-internal.cnf jinja2 template of certificates role
sudo vim /usr/local/share/kolla-ansible/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
.....
[req_distinguished_name]
countryName = ID
stateOrProvinceName = Jabar
localityName = Bogor
organizationalUnitName = Stratus
commonName = {{ kolla_internal_fqdn }}
.....
#12. Modify openssl-kolla-backend.cnf jinja2 template of certificates role
sudo vim /usr/local/share/kolla-ansible/ansible/roles/certificates/templates/openssl-kolla-backend.cnf.j2
.....
[req_distinguished_name]
countryName = ID
stateOrProvinceName = Jabar
localityName = Bogor
organizationalUnitName = Stratus
commonName = {{ ansible_dummy11.ipv4.address }}
.....
#13. Generate self-sign certificates
kolla-ansible -i all-in-one certificates
openssl x509 -req -extfile <(printf "subjectAltName=DNS:osext.stratus.ok") -days 1024 -in /etc/kolla/certificates/private/external/external.csr -CA /etc/kolla/certificates/private/root/root.crt -CAkey /etc/kolla/certificates/private/root/root.key -CAcreateserial -out /etc/kolla/certificates/private/external/external.crt
openssl x509 -req -extfile <(printf "subjectAltName=DNS:osint.stratus.ok") -days 1024 -in /etc/kolla/certificates/private/internal/internal.csr -CA /etc/kolla/certificates/private/root/root.crt -CAkey /etc/kolla/certificates/private/root/root.key -CAcreateserial -out /etc/kolla/certificates/private/internal/internal.crt
cat /etc/kolla/certificates/private/external/external.crt /etc/kolla/certificates/private/external/external.key > /etc/kolla/certificates/haproxy.pem
cat /etc/kolla/certificates/private/internal/internal.crt /etc/kolla/certificates/private/internal/internal.key > /etc/kolla/certificates/haproxy-internal.pem
openssl x509 -in /etc/kolla/certificates/ca/root.crt -text
openssl x509 -in /etc/kolla/certificates/haproxy.pem -text
openssl x509 -in /etc/kolla/certificates/haproxy-internal.pem -text
openssl x509 -in /etc/kolla/certificates/backend-cert.pem -text
sudo cp /etc/kolla/certificates/ca/root.crt /etc/pki/ca-trust/source/anchors/stratus-root-ca.crt
sudo update-ca-trust
#14. Generate certificates for octavia deployment
kolla-ansible -i all-in-one octavia-certificates
#15. Neutron custom configuration
tee /etc/kolla/config/neutron.conf <<EOF
[DEFAULT]
global_physnet_mtu = 1558
EOF
#16. MTU configuration
mkdir /etc/kolla/config/neutron
tee /etc/kolla/config/neutron/ml2_conf.ini <<EOF
[ml2]
path_mtu = 1558
physical_network_mtus = physnet1:1500
EOF
#17. Magnum custom configuration
tee /etc/kolla/config/magnum.conf <<EOF
[drivers]
openstack_ca_file = /etc/pki/ca-trust/source/anchors/kolla-customca-root.crt
[trust]
cluster_user_trust = true
EOF
#18. Define NFS shares for Cinder backend
tee /etc/kolla/config/nfs_shares <<EOF
10.12.12.11:/nfs_shares/cinder
EOF
#19. Prepare Swift disks by add a special partition name and filesystem labels
index=0
for p in {4..6}
do
sudo parted -s /dev/sda name $p KOLLA_SWIFT_DATA
sudo mkfs.xfs -f -L part${index} /dev/sda${p}
(( index++ ))
done
#20. Install Docker
sudo yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io
sudo systemctl enable docker --now
sudo systemctl status docker
sudo usermod -aG docker karno
#21. Prepare for Swift rings generating
mkdir -p /etc/kolla/config/swift/
KOLLA_SWIFT_BASE_IMAGE="kolla/centos-source-swift-base:yoga"
NODE=10.12.12.11
#22. Generate Swift object ring
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/object.builder create 10 3 1
for i in {0..2}
do
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/object.builder add r1z1-${NODE}:6000/part${i} 1
done
#23. Generate Swift account ring
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/account.builder create 10 3 1
for i in {0..2}
do
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/account.builder add r1z1-${NODE}:6001/part${i} 1
done
#24. Generate Swift container ring
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/container.builder create 10 3 1
for i in {0..2}
do
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/container.builder add r1z1-${NODE}:6002/part${i} 1
done
#25. Rebalance the ring files
for ring in object account container
do
docker run --rm -v /etc/kolla/config/swift/:/etc/kolla/config/swift/ $KOLLA_SWIFT_BASE_IMAGE swift-ring-builder /etc/kolla/config/swift/${ring}.builder rebalance;
done
#26. Deploy the OpenStack
sudo yum install -y screen
screen -R 0
kolla-ansible -i all-in-one bootstrap-servers
kolla-ansible -i all-in-one prechecks
kolla-ansible -i all-in-one deploy
#Ctrl+A,D
sudo nmcli con mod dummy-dummy10 +ipv4.addresses "10.10.10.11/24,10.10.10.10/24"
sudo nmcli con down dummy-dummy10
sudo nmcli con up dummy-dummy10
sudo nmcli con mod dummy-dummy11 +ipv4.addresses "10.11.11.11/24,10.11.11.10/24"
sudo nmcli con down dummy-dummy11
sudo nmcli con up dummy-dummy11
screen -r 0
kolla-ansible -i all-in-one post-deploy
kolla-ansible -i all-in-one check
#Ctrl+A,D
#26. Activate br-ex interface
sudo ip add add 10.14.14.11/24 dev br-ex
ip add show dev br-ex
#27. Install OpenStack client packages
sudo yum install -y python3-openstackclient python3-barbicanclient python3-heatclient python3-magnumclient python3-octaviaclient python3-troveclient python3-muranoclient python3-swiftclient
#28. Verify OpenStack status
cp /etc/kolla/admin-openrc.sh .
source admin-openrc.sh
openstack endpoint list
#29. Create Amphora Image
sudo yum install -y diskimage-builder debootstrap
git clone https://github.com/openstack/octavia.git -b stable/yoga
screen -r 0
./octavia/diskimage-create/diskimage-create.sh
#Ctrl+A,D
#30. Register Amphora Image to Glance
cp /etc/kolla/octavia-openrc.sh octavia-openrc.sh
grep OS_CACERT /etc/kolla/admin-openrc.sh >> octavia-openrc.sh
source octavia-openrc.sh
openstack image create amphora-x64-haproxy --disk-format qcow2 --private --tag amphora --file amphora-x64-haproxy.qcow2
openstack image list
#31. Configure Octavia health manager interface and bridge
source octavia-openrc.sh
OCTAVIA_MGMT_PORT_IP=10.1.0.11
SUBNET_ID=$(openstack subnet show lb-mgmt-subnet -f value -c id)
PORT_FIXED_IP="--fixed-ip subnet=$SUBNET_ID,ip-address=$OCTAVIA_MGMT_PORT_IP"
MGMT_PORT_ID=$(openstack port create --security-group lb-mgmt-sec-grp --device-owner Octavia:health-mgr --host=$(hostname) -c id -f value --network lb-mgmt-net $PORT_FIXED_IP octavia-health-manager-listen-port)
MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
NETID=$(openstack network show lb-mgmt-net -c id -f value)
docker exec openvswitch_vswitchd ovs-vsctl show
docker exec openvswitch_vswitchd ovs-vsctl -- --may-exist add-port br-int o-hm0 -- set Interface o-hm0 type=internal -- set Interface o-hm0 external-ids:iface-status=active -- set Interface o-hm0 external-ids:attached-mac=$MGMT_PORT_MAC -- set Interface o-hm0 external-ids:iface-id=$MGMT_PORT_ID
docker exec openvswitch_vswitchd ovs-vsctl show
sudo ip link set o-hm0 up
sudo ip link set dev o-hm0 address $MGMT_PORT_MAC
sudo ip add add dev o-hm0 ${OCTAVIA_MGMT_PORT_IP}/24
ip add show dev o-hm0
ping -c 3 10.1.0.1
#32. Add rule to allow port 5555/UDP on lb-mgmt-sec-grp security group
source octavia-openrc.sh
openstack security group rule create --protocol udp --dst-port 5555 lb-mgmt-sec-grp
openstack security group rule list lb-mgmt-sec-grp
#33. Reconfigure Octavia
sudo sed -i '/^#.*octavia_network_interface\:\ \"o-hm0\"/s/^#//' /etc/kolla/globals.yml
screen -r 0
kolla-ansible -i all-in-one reconfigure -t octavia
#Ctrl+A,D
#34. Set role load-balancer_admin to admin user on admin project
source admin-openrc.sh
openstack role list
openstack role add --user admin --project admin load-balancer_admin
openstack role assignment list --names --user admin
#35. Set DNS nameserver to lb-mgmt-subnet subnet
source admin-openrc.sh
openstack subnet set --dns-nameserver 192.168.18.1 lb-mgmt-subnet
openstack subnet show lb-mgmt-subnet