Howto openstack kolla: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
 
(116 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= setup hosts =
= setup host =
enable nested kvm edit /etc/modprobe.d/kvm.conf:
enable nested kvm edit /etc/modprobe.d/kvm.conf:
  # For Intel
  # For Intel
Line 30: Line 30:
  cp debian-11-generic-amd64_100G.qcow2 openstack-node4.qcow2
  cp debian-11-generic-amd64_100G.qcow2 openstack-node4.qcow2
  cp debian-11-generic-amd64_100G.qcow2 openstack-node5.qcow2
  cp debian-11-generic-amd64_100G.qcow2 openstack-node5.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-dns.qcow2
create storage images for ceph cluster:
create storage images for ceph cluster:
  qemu-img create -f qcow2 ceph_storage_server1_1.img 100G  
  qemu-img create -f qcow2 ceph_storage_server1_1.img 100G  
Line 49: Line 50:
  wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
  wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
  wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
  wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml
import virtual machines:
import virtual machines:
  virsh define openstack-node1-debian10-2023-05-16.xml
  virsh define openstack-node1-debian10-2023-05-16.xml
Line 55: Line 57:
  virsh define openstack-node4-debian10-2023-05-16.xml
  virsh define openstack-node4-debian10-2023-05-16.xml
  virsh define openstack-node5-debian10-2023-05-16.xml
  virsh define openstack-node5-debian10-2023-05-16.xml
virsh define openstack-dns-debian10-2023-05-16.xml
download virtual networks xml:
download virtual networks xml:
  wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
  wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
Line 61: Line 64:
  virsh net-define oscpiso-net-2023-05-16.xml
  virsh net-define oscpiso-net-2023-05-16.xml
  virsh net-define publiciso-net-2023-05-16.xml
  virsh net-define publiciso-net-2023-05-16.xml
copy and pasted the following on your shell:
start virtual networks:
  cat > /usr/local/bin/openstack << "EOF"
virsh net-start oscpiso
  #!/bin/bash
virsh net-start publiciso
   
download iptables rules:
  VMS="openstack-node1-debian10
wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh
  openstack-node2-debian10
fix permissions and execute script:
  openstack-node3-debian10
chmod +x iptables-default-isolate-libvirt-openstack.sh
  openstack-node4-debian10
./iptables-default-isolate-libvirt-openstack.sh
  openstack-node5-debian10"
 
= configure dns node =
mount cloud image to pre-configure network:
modprobe nbd
qemu-nbd -c /dev/nbd0 openstack-dns.qcow2
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
  cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.64/24
gateway 192.168.88.1
dns-nameservers 4.2.2.1
dns-nameservers 4.2.2.2
# eth2
iface eth2 inet static
address 10.10.88.64/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-dns-debian10
connect to node1 using ssh:
ssh root@192.168.88.64
set hostname:
hostnamectl set-hostname oscpdns
set timezone:
timedatectl set-timezone America/Puerto_Rico
install dnsmasq:
apt-get update
apt-get install dnsmasq -y
configure dnsmasq:
cat > /etc/dnsmasq.conf << EOF
  listen-address=127.0.0.1,192.168.88.64
interface=eth1
expand-hosts
domain=ovox.io
server=4.2.2.1
server=4.2.2.2
address=/oscpnode1/10.10.88.58
address=/oscpnode2/10.10.88.57
address=/oscpnode3/10.10.88.56
address=/oscpnode4/10.10.88.55
address=/oscpnode5/10.10.88.54
  address=/oscpdns/10.10.88.64
  address=/openstack-int/10.10.88.244
address=/openstack/192.168.88.244
EOF
configure /etc/hosts:
cat > /etc/hosts << EOF
127.0.0.1      localhost
192.168.88.58  oscpnode1
192.168.88.57  oscpnode2
192.168.88.56  oscpnode3
192.168.88.55  oscpnode4
192.168.88.54  oscpnode5
192.168.88.64  oscpdns registry
192.168.88.244  openstack
10.10.88.244    openstack-int
EOF
enable and restart dnsmasq:
systemctl enable dnsmasq
systemctl restart dnsmasq
 
= local registry =
install podman packages:
  apt-get -y install podman
install pip:
  apt-get -y install pip
install podman-compose:
  pip3 install 'podman-compose<1.0'
fix permissions and symlink:
chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
  ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF
create registry directory:
mkdir ~/podman-registry
cd ~/podman-registry
create self sign certificates:
mkdir ~/podman-registry/certs
openssl genrsa -out ~/podman-registry/certs/server.key 4096
openssl req -new -x509 -text -key ~/podman-registry/certs/server.key -out ~/podman-registry/certs/server.cert
compose file to create registry:
cat > podman-compose.yml << EOF
version: '3'
   
   
  if [ $1 = start ];
  services:
then
  registry:
for u in ${VMS}; do virsh start $u; done
    restart: always
fi 
    image: registry:2
 
    container_name: registry
if [ $1 = destroy ];
    ports:
then
    - "5000:5000"
for u in ${VMS}; do virsh destroy $u; done
    environment:
fi
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.cert
      REGISTRY_HTTP_TLS_KEY: /certs/server.key
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
      - ~/podman-registry/certs:/certs
  EOF
  EOF
   
create password file:
  if [ $1 = shutdown ];
mkdir ~/podman-registry/auth
  then
  podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd
  for u in ${VMS}; do virsh shutdown $u; done
run the registry by executing:
  fi
  podman-compose up -d
as root user edit /etc/containers/registries.conf:
  cat >> /etc/containers/registries.conf << "EOF"
  [registries.insecure]
  registries = ['registry.ovox.io']
  EOF
  EOF
fix permissions:
log in to a private registry:
  chmod +x /usr/local/bin/openstack
  podman login registry.ovox.io:5000 -u registry -p livinglavidalinux
start virtual machines using the script:
openstack start


= configure node1 =
= configure node1 =
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
modprobe nbd
  qemu-nbd -c /dev/nbd0 openstack-node1.qcow2  
  qemu-nbd -c /dev/nbd0 openstack-node1.qcow2  
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /dev /mnt/cloudimg/dev
Line 103: Line 239:
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
add this parameters to grub configuration /mnt/cloudimg/etc/default/grub:
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update grub configuration:
Line 133: Line 271:
  sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
  sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
  sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
  sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount image when finish configuration:
umount /mnt/cloudimg
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/dev
  umount /mnt/cloudimg/dev
umount /mnt/cloudimg
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
Line 142: Line 282:
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
start node1 virtual machine:
  virsh start openstack-node1-debian
  virsh start openstack-node1-debian10
connect to node1 using ssh:
connect to node1 using ssh:
  ssh root@192.168.88.58
  ssh root@192.168.88.58
Line 151: Line 291:


= configure node2 =
= configure node2 =
configure networking on node2 edit /etc/network/interfaces:
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node2.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
  iface lo inet loopback
  iface lo inet loopback
Line 170: Line 325:
  up ip link set dev eth3 up
  up ip link set dev eth3 up
  down ip link set dev eth3 down
  down ip link set dev eth3 down
configure networking on node3 edit /etc/network/interfaces:
EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node2-debian10
connect to node1 using ssh:
ssh root@192.168.88.57
set hostname:
hostnamectl set-hostname oscpnode2
set timezone:
timedatectl set-timezone America/Puerto_Rico
 
= configure node3 =
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node3.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
  iface lo inet loopback
  iface lo inet loopback
Line 189: Line 385:
  up ip link set dev eth3 up
  up ip link set dev eth3 up
  down ip link set dev eth3 down
  down ip link set dev eth3 down
configure networking on node4 edit /etc/network/interfaces:
EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node3-debian10
connect to node1 using ssh:
ssh root@192.168.88.56
set hostname:
hostnamectl set-hostname oscpnode3
set timezone:
timedatectl set-timezone America/Puerto_Rico
 
= configure node4 =
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node4.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
  iface lo inet loopback
  iface lo inet loopback
Line 208: Line 445:
  up ip link set dev eth3 up
  up ip link set dev eth3 up
  down ip link set dev eth3 down
  down ip link set dev eth3 down
configure networking on node5 edit /etc/network/interfaces:
EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node4-debian10
connect to node1 using ssh:
ssh root@192.168.88.55
set hostname:
hostnamectl set-hostname oscpnode4
set timezone:
timedatectl set-timezone America/Puerto_Rico
 
= configure node5 =
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node5.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
  iface lo inet loopback
  iface lo inet loopback
Line 227: Line 505:
  up ip link set dev eth3 up
  up ip link set dev eth3 up
  down ip link set dev eth3 down
  down ip link set dev eth3 down
EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node5-debian10
connect to node1 using ssh:
ssh root@192.168.88.54
set hostname:
hostnamectl set-hostname oscpnode5
set timezone:
timedatectl set-timezone America/Puerto_Rico
= configure kolla-ansible =
on physical host copy and pasted the following on your shell:
cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash
VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10
openstack-node4-debian10
openstack-node5-debian10
openstack-dns-debian10"
if [ $1 = start ];
then
for u in ${VMS}; do virsh start $u; done
fi 
 
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi
if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF
fix permissions:
chmod +x /usr/local/bin/openstack
start virtual machines using the script:
openstack start
connect to node1:
ssh root@192.168.88.58
download ovoxcloud-kolla script:
wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
chmod +x ovoxcloud-kolla
run initial-setup:
./ovoxcloud-kolla initial-setup
edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:
BUILD=debian-zed-2023-05-23
REGISTRY="registry.ovox.io"
REGISTRY_PORT="5000"
REGISTRY_USER="registry"
REGISTRY_PASS="livinglavidalinux"
edit ansible host file /root/debian-zed-2023-05-19/multinode
[control]
oscpnode1
oscpnode2
oscpnode3
[network]
oscpnode1
oscpnode2
oscpnode3
[compute]
oscpnode4
oscpnode5
[monitoring]
oscpnode1
oscpnode2
oscpnode3
[storage]
oscpnode1
oscpnode2
oscpnode3
copy ssh key to hosts:
./ovoxcloud-kolla copy-ssh-key
test ssh connection to nodes:
./ovoxcloud-kolla ping
setup disk partitions for ceph deployment:
./ovoxcloud-kolla ceph-disk-reset
deploy ceph cluster:
./ovoxcloud-kolla ceph-deploy
create ceph pools for openstack:
./ovoxcloud-kolla ceph-pool-openstack
configure ceph for openstack:
./ovoxcloud-kolla ceph-openstack
build openstack docker images:
./ovoxcloud-kolla build-images
because we have non geniune ssl cert we need to add the following config to docker:
cat > /etc/docker/daemon.json << "EOF"
{
  "insecure-registries" : ["https://registry.ovox.io:5000"]
}
EOF
then restart docker service:
systemctl restart docker
and add the following to /etc/kolla/globals.yml:
docker_registry_insecure: yes
push images to local registry:
./ovoxcloud-kolla push-images
fix docker-registry repository name:
ssh root@oscpdns
cd /root/podman-registry/data/docker/registry/v2/repositories
ln -s kolla openstack.kolla
use genuine ssl certificate:
mkdir /root/certificates
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2)
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
DOMAIN=ovox.io
CRT_NAME=$DOMAIN.crt
KEY_NAME=$DOMAIN.key
ROOT_CA=root.ca
GLOBAL_CA=global.pem
if [ -d $KOLLADIR ]; then
  echo "directory exist"
else
  echo "directory doesn't exist creating.."
  mkdir $KOLLADIR
fi
if [ $OS_TYPE = centos ];
then
cat $CERTDIR/$GLOBAL_CA $CERTDIR/$ROOT_CA > $TMPDIR/ca.pem
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $TMPDIR/haproxy.pem
cat $TMPDIR/haproxy.pem $TMPDIR/ca.pem > $KOLLADIR/haproxy.pem
  if [ ! -f $KOLLADIR/haproxy-ca.crt ];
  then
  ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
  fi
fi
if [ $OS_TYPE = debian ];
then
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
  if [ ! -f $KOLLADIR/haproxy-ca.crt ];
  then
  ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
  fi
fi
EOF
fix permissions and execute the script:
chmod +x /root/certificates/merge
/root/certificates/merge
change docker registry certificates:
scp -r /root/certificates root@oscpdns:~/
ssh root@oscpdns
cd ~/podman-registry
podman-compose down
cp ~/certificates/ovox.io* ~/podman-registry/certs/
change the podman-compose.yml
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ovox.io.crt
REGISTRY_HTTP_TLS_KEY: /certs/ovox.io.key
start podman container:
cd ~/podman-registry
podman-compose up -d
trust this geniune ssl cert on nodes:
./ovoxcloud-kolla trust-cert-docker
deploy openstack cluster:
./ovoxcloud-kolla openstack-deploy
run post deploy openstack:
./ovoxcloud-kolla openstack-post-deploy
= openstack operation =
create the following script to upload images to glance:
cat > /usr/local/bin/upload-image << "EOF"
#!/bin/bash
if [ $# -eq 0 ]
  then
    echo "usage:"
    echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64"
    echo ""; exit
fi
if [ ! -f $1 ];
then
echo "file doesn't exist please try again.." && exit 1
fi
if [ -z "$2" ];
then
echo "please specify name for image" && exit 1
fi
source /root/admin-openrc.sh
echo "upload begin at $(date +%F-%H:%M:%S)"
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
echo "upload finish at $(date +%F-%H:%M:%S)"
exit 0
EOF
fix script permissions:
chmod +x /usr/local/bin/upload-image
download cirros image:
wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img
convert image from qcow2 to raw:
qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw
upload image to glance using script:
upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64
create the following script for creating flavors:
cat > /usr/local/bin/openstack-create-flavors << EOF
#!/bin/bash
openstack flavor create --id 1 --ram 1024 --swap 512  --disk 1 --vcpus 1 ovox.tiny
openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small
openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium
openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large
openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge
openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small
openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium
EOF
fix script permissions:
chmod +x /usr/local/bin/openstack-create-flavors
create openstack flavors using script:
openstack-create-flavors
create openstack networks:
./ovoxcloud-kolla openstack-netcreate


= references =
= references =
* https://docs.openstack.org/kolla-ansible/latest
* https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html
* https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html

Latest revision as of 03:29, 10 October 2024

setup host

enable nested kvm edit /etc/modprobe.d/kvm.conf:

# For Intel
options kvm_intel nested=1
#
# For AMD
#options kvm_amd nested=1

if using rhel9 as host install the following repo:

dnf copr enable ligenix/enterprise-qemu-spice 

then install libvirt and qemu-kvm:

yum install -y libvirt qemu-kvm guestfs-tools nbd

enable and start libvirtd daemon:

systemctl enable libvirtd && systemctl start libvirtd

create the following directory under /var/lib/libvirt/images:

mkdir /var/lib/libvirt/images/openstack 
cd /var/lib/libvirt/images/openstack

download debian bullseye:

wget https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2

for baremetal download the iso:

http://mirrors.ocf.berkeley.edu/debian-cd/11.7.0/amd64/iso-cd/debian-11.7.0-amd64-netinst.iso

resize cloud image:

cp debian-11-generic-amd64.qcow2 debian-11-generic-amd64_100G.qcow2
qemu-img resize debian-11-generic-amd64_100G.qcow2 +98G

set root password for image:

virt-sysprep -a debian-11-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux

create storage images for openstack nodes:

cp debian-11-generic-amd64_100G.qcow2 openstack-node1.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node2.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node3.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node4.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node5.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-dns.qcow2

create storage images for ceph cluster:

qemu-img create -f qcow2 ceph_storage_server1_1.img 100G 
qemu-img create -f qcow2 ceph_storage_server1_2.img 100G
qemu-img create -f qcow2 ceph_storage_server1_3.img 100G
qemu-img create -f qcow2 ceph_storage_server1_4.img 100G
qemu-img create -f qcow2 ceph_storage_server2_1.img 100G
qemu-img create -f qcow2 ceph_storage_server2_2.img 100G
qemu-img create -f qcow2 ceph_storage_server2_3.img 100G
qemu-img create -f qcow2 ceph_storage_server2_4.img 100G
qemu-img create -f qcow2 ceph_storage_server3_1.img 100G
qemu-img create -f qcow2 ceph_storage_server3_2.img 100G
qemu-img create -f qcow2 ceph_storage_server3_3.img 100G
qemu-img create -f qcow2 ceph_storage_server3_4.img 100G

download virtual machines xml:

wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml

import virtual machines:

virsh define openstack-node1-debian10-2023-05-16.xml
virsh define openstack-node2-debian10-2023-05-16.xml
virsh define openstack-node3-debian10-2023-05-16.xml
virsh define openstack-node4-debian10-2023-05-16.xml
virsh define openstack-node5-debian10-2023-05-16.xml
virsh define openstack-dns-debian10-2023-05-16.xml

download virtual networks xml:

wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml

import virtual networks:

virsh net-define oscpiso-net-2023-05-16.xml
virsh net-define publiciso-net-2023-05-16.xml

start virtual networks:

virsh net-start oscpiso
virsh net-start publiciso

download iptables rules:

wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh

fix permissions and execute script:

chmod +x iptables-default-isolate-libvirt-openstack.sh
./iptables-default-isolate-libvirt-openstack.sh

configure dns node

mount cloud image to pre-configure network:

modprobe nbd
qemu-nbd -c /dev/nbd0 openstack-dns.qcow2 
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.64/24
gateway 192.168.88.1
dns-nameservers 4.2.2.1
dns-nameservers 4.2.2.2
# eth2
iface eth2 inet static
address 10.10.88.64/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-dns-debian10

connect to node1 using ssh:

ssh root@192.168.88.64

set hostname:

hostnamectl set-hostname oscpdns

set timezone:

timedatectl set-timezone America/Puerto_Rico

install dnsmasq:

apt-get update
apt-get install dnsmasq -y

configure dnsmasq:

cat > /etc/dnsmasq.conf << EOF
listen-address=127.0.0.1,192.168.88.64
interface=eth1
expand-hosts
domain=ovox.io
server=4.2.2.1
server=4.2.2.2
address=/oscpnode1/10.10.88.58
address=/oscpnode2/10.10.88.57
address=/oscpnode3/10.10.88.56
address=/oscpnode4/10.10.88.55
address=/oscpnode5/10.10.88.54
address=/oscpdns/10.10.88.64
address=/openstack-int/10.10.88.244
address=/openstack/192.168.88.244 
EOF

configure /etc/hosts:

cat > /etc/hosts << EOF
127.0.0.1       localhost
192.168.88.58   oscpnode1
192.168.88.57   oscpnode2
192.168.88.56   oscpnode3
192.168.88.55   oscpnode4
192.168.88.54   oscpnode5
192.168.88.64   oscpdns registry
192.168.88.244  openstack
10.10.88.244    openstack-int
EOF

enable and restart dnsmasq:

systemctl enable dnsmasq
systemctl restart dnsmasq

local registry

install podman packages:

apt-get -y install podman

install pip:

apt-get -y install pip

install podman-compose:

pip3 install 'podman-compose<1.0'

fix permissions and symlink:

chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose

add the following registries to /etc/containers/registries.conf

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

create registry directory:

mkdir ~/podman-registry
cd ~/podman-registry

create self sign certificates:

mkdir ~/podman-registry/certs
openssl genrsa -out ~/podman-registry/certs/server.key 4096
openssl req -new -x509 -text -key ~/podman-registry/certs/server.key -out ~/podman-registry/certs/server.cert

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.cert
      REGISTRY_HTTP_TLS_KEY: /certs/server.key
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
      - ~/podman-registry/certs:/certs
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

as root user edit /etc/containers/registries.conf:

cat >> /etc/containers/registries.conf << "EOF"
[registries.insecure]
registries = ['registry.ovox.io']
EOF

log in to a private registry:

podman login registry.ovox.io:5000 -u registry -p livinglavidalinux

configure node1

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node1.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.58/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.58/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node1-debian10

connect to node1 using ssh:

ssh root@192.168.88.58

set hostname:

hostnamectl set-hostname oscpnode1

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node2

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node2.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.57/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.57/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node2-debian10

connect to node1 using ssh:

ssh root@192.168.88.57

set hostname:

hostnamectl set-hostname oscpnode2

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node3

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node3.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.56/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.56/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node3-debian10

connect to node1 using ssh:

ssh root@192.168.88.56

set hostname:

hostnamectl set-hostname oscpnode3

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node4

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node4.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.55/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.55/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node4-debian10

connect to node1 using ssh:

ssh root@192.168.88.55

set hostname:

hostnamectl set-hostname oscpnode4

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node5

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node5.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.54/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.54/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node5-debian10

connect to node1 using ssh:

ssh root@192.168.88.54

set hostname:

hostnamectl set-hostname oscpnode5

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure kolla-ansible

on physical host copy and pasted the following on your shell:

cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash 

VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10 
openstack-node4-debian10
openstack-node5-debian10
openstack-dns-debian10"

if [ $1 = start ]; 
then
for u in ${VMS}; do virsh start $u; done
fi  
 
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi

if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF

fix permissions:

chmod +x /usr/local/bin/openstack

start virtual machines using the script:

openstack start

connect to node1:

ssh root@192.168.88.58

download ovoxcloud-kolla script:

wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate

set file permissions:

chmod +x ovoxcloud-kolla

run initial-setup:

./ovoxcloud-kolla initial-setup

edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:

BUILD=debian-zed-2023-05-23
REGISTRY="registry.ovox.io"
REGISTRY_PORT="5000"
REGISTRY_USER="registry"
REGISTRY_PASS="livinglavidalinux"

edit ansible host file /root/debian-zed-2023-05-19/multinode

[control]
oscpnode1
oscpnode2
oscpnode3

[network]
oscpnode1
oscpnode2
oscpnode3

[compute]
oscpnode4
oscpnode5

[monitoring]
oscpnode1
oscpnode2
oscpnode3

[storage]
oscpnode1
oscpnode2
oscpnode3

copy ssh key to hosts:

./ovoxcloud-kolla copy-ssh-key

test ssh connection to nodes:

./ovoxcloud-kolla ping

setup disk partitions for ceph deployment:

./ovoxcloud-kolla ceph-disk-reset

deploy ceph cluster:

./ovoxcloud-kolla ceph-deploy

create ceph pools for openstack:

./ovoxcloud-kolla ceph-pool-openstack

configure ceph for openstack:

./ovoxcloud-kolla ceph-openstack

build openstack docker images:

./ovoxcloud-kolla build-images

because we have non geniune ssl cert we need to add the following config to docker:

cat > /etc/docker/daemon.json << "EOF"
{
  "insecure-registries" : ["https://registry.ovox.io:5000"]
}
EOF

then restart docker service:

systemctl restart docker

and add the following to /etc/kolla/globals.yml:

docker_registry_insecure: yes

push images to local registry:

./ovoxcloud-kolla push-images

fix docker-registry repository name:

ssh root@oscpdns
cd /root/podman-registry/data/docker/registry/v2/repositories
ln -s kolla openstack.kolla

use genuine ssl certificate:

mkdir /root/certificates

use the following script to merge root certificates and then copy to kolla config:

cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2)
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
DOMAIN=ovox.io
CRT_NAME=$DOMAIN.crt
KEY_NAME=$DOMAIN.key
ROOT_CA=root.ca
GLOBAL_CA=global.pem

if [ -d $KOLLADIR ]; then
 echo "directory exist"
else
 echo "directory doesn't exist creating.."
 mkdir $KOLLADIR
fi

if [ $OS_TYPE = centos ];
then
cat $CERTDIR/$GLOBAL_CA $CERTDIR/$ROOT_CA > $TMPDIR/ca.pem
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $TMPDIR/haproxy.pem
cat $TMPDIR/haproxy.pem $TMPDIR/ca.pem > $KOLLADIR/haproxy.pem
 if [ ! -f $KOLLADIR/haproxy-ca.crt ];
 then
 ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
 fi
fi 

if [ $OS_TYPE = debian ];
then
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
 if [ ! -f $KOLLADIR/haproxy-ca.crt ];
 then
 ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
 fi
fi 
EOF

fix permissions and execute the script:

chmod +x /root/certificates/merge
/root/certificates/merge

change docker registry certificates:

scp -r /root/certificates root@oscpdns:~/
ssh root@oscpdns
cd ~/podman-registry
podman-compose down
cp ~/certificates/ovox.io* ~/podman-registry/certs/ 

change the podman-compose.yml

REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ovox.io.crt
REGISTRY_HTTP_TLS_KEY: /certs/ovox.io.key

start podman container:

cd ~/podman-registry
podman-compose up -d

trust this geniune ssl cert on nodes:

./ovoxcloud-kolla trust-cert-docker

deploy openstack cluster:

./ovoxcloud-kolla openstack-deploy

run post deploy openstack:

./ovoxcloud-kolla openstack-post-deploy

openstack operation

create the following script to upload images to glance:

cat > /usr/local/bin/upload-image << "EOF"
#!/bin/bash 

if [ $# -eq 0 ]
  then
    echo "usage:"
    echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64"
    echo ""; exit
fi

if [ ! -f $1 ];
then
echo "file doesn't exist please try again.." && exit 1
fi

if [ -z "$2" ];
then
echo "please specify name for image" && exit 1
fi

source /root/admin-openrc.sh
echo "upload begin at $(date +%F-%H:%M:%S)"
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
echo "upload finish at $(date +%F-%H:%M:%S)"
exit 0
EOF

fix script permissions:

chmod +x /usr/local/bin/upload-image

download cirros image:

wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img

convert image from qcow2 to raw:

qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw

upload image to glance using script:

upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64

create the following script for creating flavors:

cat > /usr/local/bin/openstack-create-flavors << EOF
#!/bin/bash
openstack flavor create --id 1 --ram 1024 --swap 512  --disk 1 --vcpus 1 ovox.tiny
openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small
openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium
openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large
openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge
openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small
openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium
EOF

fix script permissions:

chmod +x /usr/local/bin/openstack-create-flavors 

create openstack flavors using script:

openstack-create-flavors

create openstack networks:

./ovoxcloud-kolla openstack-netcreate

references