2017-6-16 Kolla部署多节点Openstack(一控制节点两计算节点)
===========================================================
2017-6-15 kolla多节点部署Openstack云主机项目实战
一、Kolla节点环境搭建
1、安装docker基础配置:
[root@vm3 opt]# vim /etc/sysconfig/selinux
disabled
[root@vm3 opt]# setenforce 0
[root@vm3 opt]# systemctl stop firewalld
[root@vm3 opt]# systemctl disable firewalld
# yum install epel-release
# yum install -y python-devel libffi-devel gcc openssl-devel git
# curl -sSL https://get.docker.io | bash //注:这条命令安装的是最新版的docker,会默认下载docker源
# tee /etc/yum.repos.d/docker.repo << 'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: inactive (dead)
# mkdir -p /etc/systemd/system/docker.service.d //新建一个docker后台守护进程配置文档增加配置
# tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
[Service]
MountFlags=shared
EOF
保存退出,重新加载配置,重启docker服务
# systemctl daemon-reload
# systemctl restart docker
[root@vm3 ~]# systemctl enable docker.service
# yum install -y python-docker-py
[root@vm3 ~]# pip install --upgrade pip
# pip install -U docker-py
# yum install -y ansible
# git clone https://github.com/openstack/kolla -b stable/ocata
# git clone https://github.com/openstack/kolla-ansible -b stable/ocata
# pip install kolla/ ##安装kolla
# pip install kolla-ansible
2、建立私有仓库
[root@vm3 ~]# docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2
## /opt/registry是宿主机的目录,默认docker的registry是使用5000端口,对于OpenStack来说,有端口冲突,所以改成4000
[root@vm3 network-scripts]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/docker daemon --insecure-registry 172.16.1.5:4000
3、Kolla本地镜像部署 http://www.chenshake.com/kolla-installation/ 陈沙克笔记
kolla镜像源:http://tarballs.openstack.org/kolla/images/
[root@kolla ~]# docker load -i centos-source-registry-ocata.tar.gz
# mkdir /opt/registry
# tar -xf centos-source-registry-ocata.tar.gz -C /opt/registry/
# docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name local_registry registry:latest
# curl http://172.16.1.5:4000/v2/_catalog //可以通过curl来访问验证本地Registry是否正常,检查镜像解压到regisrty是否有效
[root@kolla ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry latest 9d0c4eabab4d 4 weeks ago 33.2MB
[root@kolla ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c9f4499bb0d8 registry:latest "/entrypoint.sh /e..." 2 minutes ago Up 2 minutes 0.0.0.0:4000->5000/tcp local_registry
如果是在虚拟机里装kolla,希望可以虚拟机中再启动云主机,那么你需要把virt_type=qemu
# egrep -c '(vmx|svm)' /proc/cpuinfo
# mkdir -p /etc/kolla/config/nova //服务器默认就是kvm,无需操作该步骤。
cat << EOF > /etc/kolla/config/nova/nova-compute.conf
[libvirt]
virt_type=qemu
cpu_mode = none
EOF
[root@vm3 ~]# cp -r kolla-ansible/etc/kolla/* /etc/kolla/
[root@vm3 ~]# mkdir -p /etc/ansible/inventory
[root@vm3 ~]# cp -r kolla-ansible/ansible/inventory/* /etc/ansible/inventory ##这一步可以不做
[root@vm3 ~]# kolla-genpwd
# vim /etc/kolla/passwords.yml ##或者使用kolla-genpwd产生随机密钥,是登录Dashboard,admin使用的密码
keystone_admin_password: admin ##注意有空格
[root@vm3 ~]# vim /etc/kolla/globals.yml
kolla_base_distro: "centos"
kolla_install_type: "source"
kolla_internal_vip_address: "172.16.1.254" ##跟物理网卡在同一网段
network_interface: "eth0" ##eth0作为管理网络
neutron_external_interface: "eth1" ##eth1不能配置IP,它作为外网网络
docker_registry: "172.16.1.5:4000"
docker_namespace: "lokolla" ##必须是lokolla,否则就会报错。
openstack_release: "auto" ##auto可能出错,改为4.0.2
二、需求规划
vm1:计算节点 eth0:172.16.1.6 /dev/vdb 50GB eth1无IP
vm2:计算节点 172.16.1.8 /dev/vdb 50GB
vm3: kolla的master节点(同样是控制节点 172.16.1.5 必须满足双网卡,至少6GB内存: eth0 172.16.1.0/24管理内部网络 eth1 无IP作为外部网络)
前提:vm3的kolla环境按照前面的文档已经部署成功,三台机器的docker环境具备,最好采用最新版本的docker。
1、docker环境部署,针对控制和计算节点每天均做(#号表示两台机器都敲命令)。
# yum install epel-release
# yum install -y python-devel libffi-devel gcc openssl-devel git
# curl -sSL https://get.docker.io | bash //注:这条命令安装的是最新版的docker,会默认下载docker源
# mkdir -p /etc/systemd/system/docker.service.d //新建一个docker后台守护进程配置文档增加配置
# tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
[Service]
MountFlags=shared
EOF
(1)控制节点和计算节点的docker服务指定镜像仓库为172.16.1.5::4000
# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/docker daemon --insecure-registry 172.16.1.5:4000
# systemctl daemon-reload
# systemctl restart docker
# systemctl stop NetworkManager
# systemctl disable NetworkManager
# vim /etc/hosts
172.16.1.5 vm3
172.16.1.8 vm2
172.16.1.6 vm1
# egrep -c '(vmx|svm)' /proc/cpuinfo
0
(2)如果返回0,那么在kolla节点,需要修改virt_type为qemu,否则不做任何操作
[root@vm3 ~]# mkdir /etc/kolla/config/nova
[root@vm3 ~]# cat << EOF > /etc/kolla/config/nova/nova-compute.conf
[libvirt]
virt_type = qemu
EOF
(3)三台机器均做免密钥登录,vm2、vm3此处不做赘述
[root@vm1 ~]# ssh-keygen
[root@vm1 ~]# ssh-copy-id vm2
[root@vm1 ~]# ssh-copy-id vm3
(4)控制节点和计算节点/dev/vdb作为ceph osd存储。
# fdisk -l /dev/vdb
Disk /dev/vdb: 53.7 GB, 53687091200 bytes, 104857600 sectors
# parted /dev/vdb -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP 1 -1 //标记此块磁盘为ceph OSD盘,两台机器均做
# parted /dev/vdb print
Model: Virtio Block Device (virtblk)
Disk /dev/vdb: 53.7GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 53.7GB 53.7GB KOLLA_CEPH_OSD_BOOTSTRAP
(5)koll节点的ceph.conf配置
[root@vm3 ~]# mkdir /etc/kolla/config
[root@vm3 ~]# vim /etc/kolla/config/ceph.conf
[global]
osd pool default size = 2 ##因为有2个ceph节点,所以是2,如果只有一个ceph节点就写1
osd pool default min size = 2
[root@vm3 ~]# vim /etc/kolla/globals.yml ##不使用swift了,太复杂了,而且和cinder貌似冲突的
enable_ceilometer: "yes"
enable_mongodb: "yes"
enable_ceph: "yes"
enable_ceph_rgw: "yes"
enable_cinder: "yes"
enable_ceph_rgw_keystone: "yes"
glance_backend_ceph: "yes"
enable_freezer: "yes"
enable_neutron_lbaas: "yes"
enable_neutron_fwaas: "yes"
enable_neutron_qos: "yes"
其余都是默认启动的
[root@vm3 ~]# curl http://172.16.1.5:4000/v2/_catalog ##检查kolla节点的镜像是否可用,从而验证kolla环境部署成功
二、编辑ansible的inventory主机清单文件
[root@vm3 ~]# vim /usr/share/kolla-ansible/ansible/inventory/multinode //看来完全没有必要去拷贝到ansible的inventory目录下了。
[control]
localhost ansible_connection=local
[network]
localhost ansible_connection=local
[compute]
vm1
vm2
[monitoring]
localhost ansible_connection=local
[storage]
vm1
vm2
(1)安装openstack CLI相关命令行,控制和计算节点均做
# yum install python-pip -y
# pip install -U python-openstackclient
# pip install -U python-neutronclient
(2)kolla节点初始化环境(可选),运行prechecks检查清单
[root@vm3 ~]# kolla-genpwd
[root@vm3 ~]# kolla-ansible prechecks -i /usr/share/kolla-ansible/ansible/inventory/multinode ##检查清单
[root@vm3 ~]# kolla-ansible deploy -i /usr/share/kolla-ansible/ansible/inventory/multinode
[root@vm3 ~]# cp /etc/kolla/admin-openrc.sh /root
# kolla-ansible post-deploy
# cp /etc/kolla/admin-openrc.sh /root //生成admin-openrc.sh文件,路径为/etc/kolla/admin-openrc.sh
[root@vm3 ~]# source admin-openrc.sh
[root@vm3 ~]# vim /usr/share/kolla-ansible/init-runonce
## 172.16.1.0/24网段是eth1所在的网段,eth1的IP并没有进行配置
EXT_NET_CIDR='172.16.1.0/24'
EXT_NET_RANGE='start=172.16.1.100,end=172.16.1.199'
EXT_NET_GATEWAY='172.16.1.1'
[root@vm3 ~]# /usr/share/kolla-ansible/init-runonce //执行初始化
(3)ceph的镜像格式有qcow2改为raw格式
# yum install qemu-img -y
# qemu-img info cirros-0.3.4-x86_64-disk.img
# qemu-img convert -f qcow2 -O raw cirros-0.3.4-x86_64-disk.img cirros-0.3.4-x86_64-disk.raw
# qemu-img info cirros-0.3.4-x86_64-disk.raw
# openstack image create --disk-format raw --container-format bare --public true --file ./cirros-0.3.4-x86_64-disk.raw
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
三、工作过程报错:
1、TASK [prechecks : Checking docker-py version] *****************
ImportError: No module named docker
解决:两台机器手动安装python-docker-py # yum install python-docker-py
2、TASK [mariadb : Checking free port for MariaDB]
TASK [horizon : Checking free port for Horizon
Timeout when waiting for 172.16.1.6:3306 to stop
解决:初步判断是ansible连接172.16.1.6控制节点数据库超时,应该是密码出错,因为vm1机器曾经作为zabbix,所以MySQL的root密码不为空
[root@vm1 ~]# systemctl stop mariadb.service //看来部署机器必须是裸机才行。
[root@vm1 ~]# systemctl stop httpd
3、在kolla-ansible deploy的时候,报出 TASK [common : Starting fluentd container]
Get https://172.16.1.5:4000/v1/_ping: http: server gave HTTP response to HTTPS client
解决:很明显docker客户端是https服务,而kolla服务端是http服务
在控制节点和计算节点均做:
# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 172.16.1.5:4000
参考文档:http://www.cnblogs.com/52fhy/p/5998747.html
4、TASK [haproxy : Waiting for virtual IP to appear] ***********************************************************************
fatal: [vm1]: FAILED! => {"changed": false, "elapsed": 301, "failed": true, "msg": "Timeout when waiting for 172.16.1.254:3306"}
未解决:从报错的意思来看,是VIP不出现。
[root@vm1 docker]# netstat -tunlp|grep 3306
tcp 0 0 172.16.1.253:3306 0.0.0.0:* LISTEN 5709/haproxy
haproxy监听在3306端口,但是没有这个172.16.1.253的IP地址
在kolla节点查看global.yml,突然想到控制节点只有单网卡,所以再添加一个网卡试试
结果依旧不行,考虑到单控节点,直接把# kolla_internal_vip_address: "172.16.1.254"注释掉,结果vm1不可达,登录到控制台发现
172.16.1.254的虚拟IP已经飘逸到eth1上,但是原有的本身物理IP地址172.16.1.6却消失了。于是它不能注释掉
于是交换network_interface和neutron_external_interface的网卡试试
[root@vm3 ~]# egrep -v "^$|^#" /etc/kolla/globals.yml
network_interface: "eth1"
neutron_external_interface: "eth0"
登录到vm1控制节点:[root@vm1 ~]# ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:56:49:e7 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.6/24 brd 172.16.1.255 scope global dynamic eth0
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:c7:a8:17 brd ff:ff:ff:ff:ff:ff
再次执行:[root@vm3 ]# kolla-ansible deploy -i /usr/share/kolla-ansible/ansible/inventory/multinode
5、TASK [common : Copying over fluentd input config files] *****************************************************************
ok: [vm1] => (item=00-global)
failed: [vm1] (item=01-syslog) => {"failed": true, "item": "01-syslog", "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'ipv4'"}
解决:# vim /etc/kolla/global.yml
奇怪,当我把network_interface: "eth0"和neutron_external_interface: "eth1",顺序复原之后就OK了。
应该是外部网络不能使用带有IP的网卡吧
6、其他机器无法ping通VIP 172.16.1.254?
未解决:这个问题对于单控来说,无所谓,我登录控制节点的物理网卡IP也行,如果是高可用的,应该涉及到pacemaker或者keepalived
四、常用后期命令
[root@vm3 ~]# openstack service list
[root@vm3 ~]# nova service-list
[root@vm3 ~]# cinder service-list
[root@vm3 ~]# glance image-list
[root@vm3 ~]# openstack network agent list
[root@vm3 ~]# nova list --all-tenants ##查看启动云主机
[root@vm3 ~]# openstack image list
[root@vm3 ~]# openstack flavor lis
验证cephL
[root@vm3 ~]# docker ps|grep ceph
b5c33f207c58 172.16.1.5:4000/lokolla/centos-source-ceph-rgw:4.0.2 "kolla_start" 3 hours ago Up About a minute ceph_rgw
05d64b1be164 172.16.1.5:4000/lokolla/centos-source-ceph-mon:4.0.2 "kolla_start" 3 hours ago Up 3 hours
[root@vm3 ~]# docker exec -it ceph_mon ceph -s
[root@vm3 ~]# docker exec -it ceph_mon rbd ls images
