OpenStack(二)——使用Kolla部署OpenStack-allinone云平台
(1).Kolla概述
Kolla是OpenStack下用于自动化部署的一个项目,它基于docker和ansible来实现,其中docker主要负责镜像制作和容器管理,ansible主要负责环境的部署和管理。
Kolla实际上分为两部分:Kolla部分提供了生产环境级别的镜像,涵盖了OpenStack用到的各个服务;Kolla-ansible部分提供了自动化的部署。最开始这两部分是在一个项目中的(即Kolla),OpenStack从O开头的版本开始被独立开来,这才有了用于构建所有服务镜像的Kolla项目,以及用于执行自动化部署的Kolla-ansible。
(2).Linux系统硬件配置
需要一台高配VMware虚拟机,内存12G,硬盘200G(swap分区4G,boot分区200M,剩下全给根目录),CPU开启虚拟化支持,双网卡桥接模式。
(3).准备工作
如果是最小化安装,那么按<Tab>键是不会自动补全的,所以此时需要安装bash-completion。另外还需要安装vim和net-tools工具
[root@Openstack240 ~]# yum -y install bash-completion vim net-tools
关闭SELinux和firewalld
[root@Openstack240 ~]# vi /etc/selinux/config SELINUX=disabled [root@Openstack240 ~]# setenforce 0 [root@Openstack240 ~]# getenforce Permissive [root@Openstack240 ~]# systemctl disable firewalld && systemctl stop firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@Openstack240 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) 11月 23 00:06:05 Openstack systemd[1]: Starting firewalld - dynamic firewal.... 11月 23 00:06:07 Openstack systemd[1]: Started firewalld - dynamic firewall.... 11月 23 00:38:02 Openstack systemd[1]: Stopping firewalld - dynamic firewal.... 11月 23 00:38:04 Openstack systemd[1]: Stopped firewalld - dynamic firewall.... Hint: Some lines were ellipsized, use -l to show in full.
配置/etc/hosts
[root@Openstack240 ~]# vim /etc/hosts 192.168.128.240 OpenStack
下载epel源
[root@Openstack240 ~]# yum -y install epel-release
配置网卡信息
IP地址 | 网络类型 | 网卡 | 在OpenStack网络中的作用 |
192.168.128.240 | bridge(桥接) | ens32 |
OpenStack内部管理网络(management network),Horizon web界面访问就是通过该网卡 |
无(不能配置IP地址) | bridge(桥接) | ens33 | 外部网络(external network),让neutron(OpenStack中的网络组件)的br-ex绑定使用,OpenStack中的虚拟机是通过该网卡与外网通信 |
[root@Openstack240 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32 //修改以下几行,如果不存在则添加 BOOTPROTO=none //将dhcp改为none,使自动获取改为静态获取 ONBOOT=yes //启动用该网卡 IPADDR=192.168.128.240 //设置IPv4地址 NETMASK=255.255.255.0 //设置子网掩码 GATEWAY=192.168.128.254 //设置默认网关 DNS1=61.177.7.1 //设置DNS [root@Openstack240 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 //修改以下几行,并将其移动到文件开头,如果不存在则添加。 TYPE=Ethernet NAME=ens33 DEVICE=ens33 //如果是开启虚拟机后添加网卡,需要手动编辑以上三行 BOOTPROTO=none //将dhcp改为none,使自动获取改为静态获取 ONBOOT=yes //启用该网卡 [root@OpenStack240 ~]# systemctl restart network
安装基础包
//安装基础包 [root@Openstack240 ~]# yum -y install python-devel libffi-devel gcc openssl-devel git python-pip //配置pip镜像源,方便快速下载python库(默认从国外下载) [root@Openstack240 ~]# mkdir .pip [root@Openstack240 ~]# tee .pip/pip.conf << EOF //不知道为什么cat失败,所以用了tee > [global] > index-url=http://mirrors.aliyun.com/pypi/simple/ > [install] > trusted-host=mirrors.aliyun.com > EOF //升级pip [root@Openstack240 ~]# pip install -U pip
(4).安装kolla-ansible
1)使用pip安装ansible,注意不要使用yum安装,否则会与kolla中的YAML包冲突
[root@Openstack240 ~]# pip install ansible
2)使用pip安装kolla-ansible
[root@Openstack240 ~]# pip install kolla-ansible
如果出现如下错误
//已经存在PyYAML3.10导致不能安装PyYAML Found existing installation: PyYAML 3.10 Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall. //出现如上错误,请执行以下步骤 [root@Openstack240 ~]# pip install PyYAML --ignore-installed PyYAML //忽略已经安装的PyYAML,安装PyYAML [root@Openstack240 ~]# pip install kolla-ansible //重新安装kolla-ansible
3)复制kolla-ansible的相关配置文件
[root@Openstack240 ~]# cp -r /usr/share/kolla-ansible/etc_examples/kolla /etc/ [root@Openstack240 ~]# ls /etc/kolla/ globals.yml passwords.yml [root@Openstack240 ~]# cp /usr/share/kolla-ansible/ansible/inventory/* /etc/kolla/ [root@Openstack240 ~]# ls /etc/kolla/ all-in-one globals.yml multinode passwords.yml
文件说明:all-in-one是安装单节点OpenStack的ansible自动安装配置文件;multinode是安装多节点OpenStack的ansible自动安装配置文件;globals.yml是OpenStack部署的自定义配置文件;passwords.yml是OpenStack中各个服务的密码文件。
(5).编辑kolla-ansible的配置文件,用于自定义安装OpenStack
生成OpenStack各个服务的密码文件,并修改Web页面登录密码
[root@Openstack240 ~]# kolla-genpwd [root@Openstack240 ~]# vim /etc/kolla/passwords.yml //修改第165行,这是登录Dashboard(web界面控制台)的密码。正常情况下也不能太简单,可以截取一段自动生成的密码 keystone_admin_password: 123456
编辑/etc/kolla/global.yml自定义OpenStack中的部署事项
[root@Openstack240 ~]# vim /etc/kolla/globals.yml //第14行和第15行,选择下载的基础镜像,5选1 # Valid options are ['centos', 'debian', 'oraclelinux', 'rhel', 'ubuntu'] kolla_base_distro: "centos" //第17行和第18行,选择的安装方法,2选1。binary二进制安装,source源码安装 # Valid options are [ binary, source ] kolla_install_type: "source" //第20行和第21行,选择OpenStack的版本标签,详细请看:https://releases.openstack.org/ # Valid option is Docker repository tag openstack_release: "stein" //注意版本必须小写,后期下载的OpenStack相关的docker镜像标签也为stein。我是train版本失败,才换成stein //第23行和第24行,存放配置文件的位置 # Location of configuration overrides #node_custom_config: "/etc/kolla/config" //默认存放地址 //第31行,OpenStack内部管理网络地址,通过该IP访问OpenStack Web页面进行管理。如果启用了高可用,需要设置为VIP(漂移IP) kolla_internal_vip_address: "192.168.128.240" //第87行,OpenStack内部管理网络地址的网卡接口 network_interface: "ens32" //第105行,OpenStack外部(或公共)网络的网卡接口,可以是vlan模式或flat模式。 //此网卡应该在没有IP地址的情况下处于活动,如果不是,那么OpenStack云平台中的云主机实例将无法访问外部网络。(存在IP时br-ex桥接就不成功) neutron_external_interface: "ens33" //第190行,关闭高可用 enable_haproxy: "no" //第213行,关闭cinder(块存储) #enable_cinder: "no" //第443行和第444行,指定nova-compute守护进程使用的虚拟化技术。(kvm好像有点问题,大家可以试试,看看你们能不能过nova下载) //nova-compute是一个非常重要的守护进程,负责创建和终止虚拟机实例,即管理虚拟机实例的生命周期 # Valid options are [ qemu, kvm, vmware, xenapi ] nova_compute_virt_type: "qemu"
(6).基于kolla-ansible安装OpenStack私有云
生成ssh key,并给自己授权
[root@Openstack240 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:AF8aHj/NlA0doFaR/ZOM6HParDKP0o4YH40rzDoEPnY root@Openstack The key's randomart image is: +---[RSA 2048]----+ | . o . *X.. | | + * *o + | | = = o. + . | |. o .. . = | |.. S. . | | +.E o o . | |..oo. o.. * | | . ++.++.. o | | .o..+oo+o. | +----[SHA256]-----+ [root@Openstack240 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@OpenStack /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'openstack (192.168.128.240)' can't be established. ECDSA key fingerprint is SHA256:bIVBUnAgb1EBEW0igBEyamtibqEMjhkfrwHyjXHjnq4. ECDSA key fingerprint is MD5:86:b5:64:9c:5f:19:23:26:20:56:60:9d:ce:27:f7:33. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@openstack's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@OpenStack'" and check to make sure that only the key(s) you wanted were added.
配置单节点清单文件
[root@Openstack240 ~]# vim /etc/kolla/all-in-one //修改第3行到第19行,将localhost ansible_connection=local改为OpenStack //可以使用替换命令":1,$s/localhost ansible_connection=local/OpenStack/" [control] OpenStack [network] OpenStack [compute] OpenStack [storage] OpenStack [monitoring] OpenStack [deployment] OpenStack
开始部署OpenStack。注意:我在使用阿里云的epel源时,在安装bootstrap-server时会卡在TASK [baremetal : Install yum packages]这一步。而系统安装的epel源只等待了5分钟左右。
//安装bootstrap-servers部署OpenStack所需的依赖包。该包由kolla-ansible提供,包含docker。 [root@Openstack240 ~]# kolla-ansible -i /etc/kolla/all-in-one bootstrap-servers //对当前主机进行预部署(检测),直接看最后的统计即可。如果检测报错,可以查看前面的TASK:[precheck ...]部分,可以快速定位到错误 [root@Openstack240 ~]# kolla-ansible -i /etc/kolla/all-in-one prechecks PLAY RECAP ********************************************************************* OpenStack : ok=66 changed=0 unreachable=0 failed=0 skipped=42 rescued=0 ignored=0 //查看docker volume卷挂载方式 [root@Openstack240 ~]# vim /etc/systemd/system/docker.service.d/kolla.conf [Service] MountFlags=shared //添加该行,后期docker宿主机新增分区时,docker服务不用重启,方便主机增加磁盘。 ExecStart= ExecStart=/usr/bin/dockerd --log-opt max-file=5 --log-opt max-size=50m //指定docker加速器,阿里云免费的申请一下即可 [root@Openstack240 ~]# tee /etc/docker/daemon.json << 'EOF' > { > "registry-mirrors": ["https://xxxxxxx.mirror.aliyuncs.com"] > } > EOF [root@Openstack240 ~]# systemctl daemon-reload [root@Openstack240 ~]# systemctl restart docker //拉取镜像,时间有点长 [root@Openstack240 ~]# kolla-ansible -i /etc/kolla/all-in-one pull //查看拉取下来的镜像 [root@OpenStack240 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE kolla/centos-source-horizon stein 0dadc35b6b9c 44 hours ago 1.04GB kolla/centos-source-nova-compute stein ea536cdda37b 44 hours ago 1.85GB kolla/centos-source-neutron-server stein 75c62223bc3a 44 hours ago 1.03GB kolla/centos-source-neutron-l3-agent stein 3f9175b4f55c 44 hours ago 1.04GB kolla/centos-source-neutron-dhcp-agent stein 3137270d1bd0 44 hours ago 1GB kolla/centos-source-neutron-metadata-agent stein bfd4bbeefc3f 44 hours ago 1GB kolla/centos-source-neutron-openvswitch-agent stein 908cfd43c296 44 hours ago 1GB kolla/centos-source-nova-api stein 8521127528ce 44 hours ago 1.09GB kolla/centos-source-nova-ssh stein cbbf57d9ac9c 44 hours ago 1.06GB kolla/centos-source-glance-api stein 2e0c01c9facc 44 hours ago 910MB kolla/centos-source-nova-consoleauth stein 85e5522095c9 44 hours ago 1.03GB kolla/centos-source-nova-conductor stein c35ede1279bc 44 hours ago 1.03GB kolla/centos-source-nova-scheduler stein 817f1ec1367f 44 hours ago 1.03GB kolla/centos-source-nova-novncproxy stein ee5441c6a2a1 44 hours ago 1.06GB kolla/centos-source-keystone-ssh stein 15ea9c492264 44 hours ago 921MB kolla/centos-source-keystone stein e973f2e7094d 44 hours ago 920MB kolla/centos-source-keystone-fernet stein f50e58bbf72c 44 hours ago 920MB kolla/centos-source-placement-api stein 1556e06c1058 44 hours ago 920MB kolla/centos-source-heat-api stein 21e4e2ba3acf 44 hours ago 894MB kolla/centos-source-heat-engine stein 720f1fc35901 44 hours ago 894MB kolla/centos-source-heat-api-cfn stein 91991bd99c45 44 hours ago 894MB kolla/centos-source-mariadb stein 61ff92627c80 44 hours ago 594MB kolla/centos-source-nova-libvirt stein 8e3beb6eec8b 44 hours ago 1.2GB kolla/centos-source-fluentd stein b148a90b28b7 44 hours ago 539MB kolla/centos-source-openvswitch-vswitchd stein 651b5161a446 44 hours ago 423MB kolla/centos-source-openvswitch-db-server stein 693789d40516 44 hours ago 423MB kolla/centos-source-chrony stein e2e4a9fa7f63 44 hours ago 407MB kolla/centos-source-memcached stein 7af3c04e37b3 44 hours ago 407MB kolla/centos-source-kolla-toolbox stein d6718bf60842 44 hours ago 687MB kolla/centos-source-rabbitmq stein 2135cb353c35 44 hours ago 486MB kolla/centos-source-cron stein 83f979d850d9 44 hours ago 406MB //部署OpenStack [root@OpenStack240 ~]# kolla-ansible -i /etc/kolla/all-in-one deploy PLAY RECAP ***************************************************************************************************** OpenStack : ok=279 changed=168 unreachable=0 failed=0 skipped=116 rescued=0 ignored=0 //验证部署,并且生成/etc/kolla/admin-openrc.sh [root@OpenStack240 ~]# kolla-ansible -i /etc/kolla/all-in-one post-deploy PLAY RECAP ***************************************************************************************************** localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@OpenStack240 ~]# cat /etc/kolla/admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin //在该文件中可以看到OpenStack的Web页面账号密码 export OS_PASSWORD=123456 export OS_AUTH_URL=http://192.168.128.240:35357/v3 export OS_INTERFACE=internal export OS_IDENTITY_API_VERSION=3 export OS_REGION_NAME=RegionOne export OS_AUTH_PLUGIN=password
报错1:拉取镜像失败。
首先重复尝试几次拉取镜像操作。如果还是失败,先检测/etc/kolla/globals.yml中第21行版本号是否正确。在版本号正确的情况下再次拉取镜像还是报错,那么向前退一个版本尝试拉取镜像。(我就是train版本无法使用,退回到stein版本)注意清理其他版本的镜像
报错2:部署失败(我没遇到,有待测试)
如果部署时报以下错误:
RUNNING HANDLER [common : Initializing toolbox container using normal user] **** fatal: [HOSTNAME]: FAILED! => {"changed": false, "cmd": ["docker", "exec", "-t", "kolla_toolbox", "/usr/bin/ansible", "--version"], "delta": "0:00:01.251727", "end": "2018-08-29 22:52:03.283733", "msg": "non-zero return code", "rc": 126, "start": "2018-08-29 22:52:02.032006", "stderr": "", "stderr_lines": [], "stdout": "OCI runtime exec failed: exec failed: container_linux.go:348:
可以尝试重新部署,会自动解决该问题。
使用内网的Windows测试
(7).重启服务器后来带的问题
kolla部署的OpenStack-allinone云平台自带开机自启,就是启动稍微有点慢。 但是在我重启过后发现少启动了一个镜像,一番查找之下发现缺少了kolla/centos-source-nova-scheduler:stein镜像(nova-scheduler)。以下为重启之后的操作,如有不能启动的镜像可以照此操作
[root@OpenStack240 ~]# docker ps | grep nova-scheduler [root@OpenStack240 ~]# docker ps -a | grep nova-scheduler a3d73b4b5ac8 kolla/centos-source-nova-scheduler:stein "dumb-init --single-…" 23 hours ago Exited (137) 7 minutes ago nova_scheduler [root@OpenStack240 ~]# docker restart a3d73b
然后再重启就又可以开机自启了,不知道为什么。