Howto openstack kolla: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
 
(25 intermediate revisions by the same user not shown)
Line 84: Line 84:
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
Line 175: Line 177:
  apt-get -y install pip
  apt-get -y install pip
install podman-compose:
install podman-compose:
  pip3 install --user 'podman-compose<1.0'
  pip3 install 'podman-compose<1.0'
fix permissions and symlink:
fix permissions and symlink:
  chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
  chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
Line 236: Line 238:
  mount -o bind /proc /mnt/cloudimg/proc
  mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg && source /etc/profile
  chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
Line 295: Line 299:
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
Line 353: Line 359:
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
Line 411: Line 419:
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
Line 469: Line 479:
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
add this parameters to grub configuration /etc/default/grub:
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
  GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
Line 517: Line 529:
set timezone:
set timezone:
  timedatectl set-timezone America/Puerto_Rico
  timedatectl set-timezone America/Puerto_Rico
= configure kolla-ansible =
= configure kolla-ansible =
copy and pasted the following on your shell:
on physical host copy and pasted the following on your shell:
  cat > /usr/local/bin/openstack << "EOF"
  cat > /usr/local/bin/openstack << "EOF"
  #!/bin/bash  
  #!/bin/bash  
Line 538: Line 551:
  for u in ${VMS}; do virsh destroy $u; done
  for u in ${VMS}; do virsh destroy $u; done
  fi
  fi
EOF
   
   
  if [ $1 = shutdown ];
  if [ $1 = shutdown ];
Line 552: Line 564:
  ssh root@192.168.88.58
  ssh root@192.168.88.58
download ovoxcloud-kolla script:
download ovoxcloud-kolla script:
  wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-19 -O ./ovoxcloud-kolla
  wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
set file permissions:
  chmod +x ovoxcloud-kolla
  chmod +x ovoxcloud-kolla
Line 558: Line 570:
  ./ovoxcloud-kolla initial-setup
  ./ovoxcloud-kolla initial-setup
edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:
edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:
  BUILD=debian-zed-2023-05-19
  BUILD=debian-zed-2023-05-23
  REGISTRY="registry.ovox.io"
  REGISTRY="registry.ovox.io"
  REGISTRY_PORT="5000"
  REGISTRY_PORT="5000"
Line 591: Line 603:
test ssh connection to nodes:
test ssh connection to nodes:
  ./ovoxcloud-kolla ping
  ./ovoxcloud-kolla ping
setup disk partitions for ceph deployment:
./ovoxcloud-kolla ceph-disk-reset
deploy ceph cluster:
deploy ceph cluster:
  ./ovoxcloud-kolla ceph-deploy
  ./ovoxcloud-kolla ceph-deploy
Line 599: Line 613:
build openstack docker images:
build openstack docker images:
  ./ovoxcloud-kolla build-images
  ./ovoxcloud-kolla build-images
because we have non geniune ssl cert we need to add the following config to docker:
cat > /etc/docker/daemon.json << "EOF"
{
  "insecure-registries" : ["https://registry.ovox.io:5000"]
}
EOF
then restart docker service:
systemctl restart docker
and add the following to /etc/kolla/globals.yml:
docker_registry_insecure: yes
push images to local registry:
push images to local registry:
  ./ovoxcloud-kolla push-images
  ./ovoxcloud-kolla push-images
Line 608: Line 632:
  mkdir /root/certificates
  mkdir /root/certificates
use the following script to merge root certificates and then copy to kolla config:
use the following script to merge root certificates and then copy to kolla config:
  cat > /root/certificates/merge << EOF
  cat > /root/certificates/merge << "EOF"
  TMPDIR=/tmp
  TMPDIR=/tmp
  OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2)
  OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2)
Line 650: Line 674:
  /root/certificates/merge
  /root/certificates/merge
change docker registry certificates:
change docker registry certificates:
  scp -r /root/certificates root@oscpdns
  scp -r /root/certificates root@oscpdns:~/
  ssh root@oscpdns
  ssh root@oscpdns
  cd ~/podman-registry
  cd ~/podman-registry
Line 691: Line 715:
   
   
  source /root/admin-openrc.sh
  source /root/admin-openrc.sh
echo "upload begin at $(date +%F-%H:%M:%S)"
  glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
  glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
echo "upload finish at $(date +%F-%H:%M:%S)"
  exit 0
  exit 0
  EOF
  EOF
Line 717: Line 743:
create openstack flavors using script:
create openstack flavors using script:
  openstack-create-flavors
  openstack-create-flavors
create openstack networks:
./ovoxcloud-kolla openstack-netcreate


= references =
= references =
* https://docs.openstack.org/kolla-ansible/latest
* https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html
* https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html

Latest revision as of 03:29, 10 October 2024

setup host

enable nested kvm edit /etc/modprobe.d/kvm.conf:

# For Intel
options kvm_intel nested=1
#
# For AMD
#options kvm_amd nested=1

if using rhel9 as host install the following repo:

dnf copr enable ligenix/enterprise-qemu-spice 

then install libvirt and qemu-kvm:

yum install -y libvirt qemu-kvm guestfs-tools nbd

enable and start libvirtd daemon:

systemctl enable libvirtd && systemctl start libvirtd

create the following directory under /var/lib/libvirt/images:

mkdir /var/lib/libvirt/images/openstack 
cd /var/lib/libvirt/images/openstack

download debian bullseye:

wget https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2

for baremetal download the iso:

http://mirrors.ocf.berkeley.edu/debian-cd/11.7.0/amd64/iso-cd/debian-11.7.0-amd64-netinst.iso

resize cloud image:

cp debian-11-generic-amd64.qcow2 debian-11-generic-amd64_100G.qcow2
qemu-img resize debian-11-generic-amd64_100G.qcow2 +98G

set root password for image:

virt-sysprep -a debian-11-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux

create storage images for openstack nodes:

cp debian-11-generic-amd64_100G.qcow2 openstack-node1.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node2.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node3.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node4.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node5.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-dns.qcow2

create storage images for ceph cluster:

qemu-img create -f qcow2 ceph_storage_server1_1.img 100G 
qemu-img create -f qcow2 ceph_storage_server1_2.img 100G
qemu-img create -f qcow2 ceph_storage_server1_3.img 100G
qemu-img create -f qcow2 ceph_storage_server1_4.img 100G
qemu-img create -f qcow2 ceph_storage_server2_1.img 100G
qemu-img create -f qcow2 ceph_storage_server2_2.img 100G
qemu-img create -f qcow2 ceph_storage_server2_3.img 100G
qemu-img create -f qcow2 ceph_storage_server2_4.img 100G
qemu-img create -f qcow2 ceph_storage_server3_1.img 100G
qemu-img create -f qcow2 ceph_storage_server3_2.img 100G
qemu-img create -f qcow2 ceph_storage_server3_3.img 100G
qemu-img create -f qcow2 ceph_storage_server3_4.img 100G

download virtual machines xml:

wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml

import virtual machines:

virsh define openstack-node1-debian10-2023-05-16.xml
virsh define openstack-node2-debian10-2023-05-16.xml
virsh define openstack-node3-debian10-2023-05-16.xml
virsh define openstack-node4-debian10-2023-05-16.xml
virsh define openstack-node5-debian10-2023-05-16.xml
virsh define openstack-dns-debian10-2023-05-16.xml

download virtual networks xml:

wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml

import virtual networks:

virsh net-define oscpiso-net-2023-05-16.xml
virsh net-define publiciso-net-2023-05-16.xml

start virtual networks:

virsh net-start oscpiso
virsh net-start publiciso

download iptables rules:

wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh

fix permissions and execute script:

chmod +x iptables-default-isolate-libvirt-openstack.sh
./iptables-default-isolate-libvirt-openstack.sh

configure dns node

mount cloud image to pre-configure network:

modprobe nbd
qemu-nbd -c /dev/nbd0 openstack-dns.qcow2 
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.64/24
gateway 192.168.88.1
dns-nameservers 4.2.2.1
dns-nameservers 4.2.2.2
# eth2
iface eth2 inet static
address 10.10.88.64/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-dns-debian10

connect to node1 using ssh:

ssh root@192.168.88.64

set hostname:

hostnamectl set-hostname oscpdns

set timezone:

timedatectl set-timezone America/Puerto_Rico

install dnsmasq:

apt-get update
apt-get install dnsmasq -y

configure dnsmasq:

cat > /etc/dnsmasq.conf << EOF
listen-address=127.0.0.1,192.168.88.64
interface=eth1
expand-hosts
domain=ovox.io
server=4.2.2.1
server=4.2.2.2
address=/oscpnode1/10.10.88.58
address=/oscpnode2/10.10.88.57
address=/oscpnode3/10.10.88.56
address=/oscpnode4/10.10.88.55
address=/oscpnode5/10.10.88.54
address=/oscpdns/10.10.88.64
address=/openstack-int/10.10.88.244
address=/openstack/192.168.88.244 
EOF

configure /etc/hosts:

cat > /etc/hosts << EOF
127.0.0.1       localhost
192.168.88.58   oscpnode1
192.168.88.57   oscpnode2
192.168.88.56   oscpnode3
192.168.88.55   oscpnode4
192.168.88.54   oscpnode5
192.168.88.64   oscpdns registry
192.168.88.244  openstack
10.10.88.244    openstack-int
EOF

enable and restart dnsmasq:

systemctl enable dnsmasq
systemctl restart dnsmasq

local registry

install podman packages:

apt-get -y install podman

install pip:

apt-get -y install pip

install podman-compose:

pip3 install 'podman-compose<1.0'

fix permissions and symlink:

chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose

add the following registries to /etc/containers/registries.conf

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

create registry directory:

mkdir ~/podman-registry
cd ~/podman-registry

create self sign certificates:

mkdir ~/podman-registry/certs
openssl genrsa -out ~/podman-registry/certs/server.key 4096
openssl req -new -x509 -text -key ~/podman-registry/certs/server.key -out ~/podman-registry/certs/server.cert

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.cert
      REGISTRY_HTTP_TLS_KEY: /certs/server.key
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
      - ~/podman-registry/certs:/certs
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

as root user edit /etc/containers/registries.conf:

cat >> /etc/containers/registries.conf << "EOF"
[registries.insecure]
registries = ['registry.ovox.io']
EOF

log in to a private registry:

podman login registry.ovox.io:5000 -u registry -p livinglavidalinux

configure node1

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node1.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.58/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.58/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node1-debian10

connect to node1 using ssh:

ssh root@192.168.88.58

set hostname:

hostnamectl set-hostname oscpnode1

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node2

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node2.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.57/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.57/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node2-debian10

connect to node1 using ssh:

ssh root@192.168.88.57

set hostname:

hostnamectl set-hostname oscpnode2

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node3

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node3.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.56/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.56/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node3-debian10

connect to node1 using ssh:

ssh root@192.168.88.56

set hostname:

hostnamectl set-hostname oscpnode3

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node4

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node4.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.55/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.55/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node4-debian10

connect to node1 using ssh:

ssh root@192.168.88.55

set hostname:

hostnamectl set-hostname oscpnode4

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node5

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 openstack-node5.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.54/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.54/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine:

virsh start openstack-node5-debian10

connect to node1 using ssh:

ssh root@192.168.88.54

set hostname:

hostnamectl set-hostname oscpnode5

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure kolla-ansible

on physical host copy and pasted the following on your shell:

cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash 

VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10 
openstack-node4-debian10
openstack-node5-debian10
openstack-dns-debian10"

if [ $1 = start ]; 
then
for u in ${VMS}; do virsh start $u; done
fi  
 
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi

if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF

fix permissions:

chmod +x /usr/local/bin/openstack

start virtual machines using the script:

openstack start

connect to node1:

ssh root@192.168.88.58

download ovoxcloud-kolla script:

wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate

set file permissions:

chmod +x ovoxcloud-kolla

run initial-setup:

./ovoxcloud-kolla initial-setup

edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:

BUILD=debian-zed-2023-05-23
REGISTRY="registry.ovox.io"
REGISTRY_PORT="5000"
REGISTRY_USER="registry"
REGISTRY_PASS="livinglavidalinux"

edit ansible host file /root/debian-zed-2023-05-19/multinode

[control]
oscpnode1
oscpnode2
oscpnode3

[network]
oscpnode1
oscpnode2
oscpnode3

[compute]
oscpnode4
oscpnode5

[monitoring]
oscpnode1
oscpnode2
oscpnode3

[storage]
oscpnode1
oscpnode2
oscpnode3

copy ssh key to hosts:

./ovoxcloud-kolla copy-ssh-key

test ssh connection to nodes:

./ovoxcloud-kolla ping

setup disk partitions for ceph deployment:

./ovoxcloud-kolla ceph-disk-reset

deploy ceph cluster:

./ovoxcloud-kolla ceph-deploy

create ceph pools for openstack:

./ovoxcloud-kolla ceph-pool-openstack

configure ceph for openstack:

./ovoxcloud-kolla ceph-openstack

build openstack docker images:

./ovoxcloud-kolla build-images

because we have non geniune ssl cert we need to add the following config to docker:

cat > /etc/docker/daemon.json << "EOF"
{
  "insecure-registries" : ["https://registry.ovox.io:5000"]
}
EOF

then restart docker service:

systemctl restart docker

and add the following to /etc/kolla/globals.yml:

docker_registry_insecure: yes

push images to local registry:

./ovoxcloud-kolla push-images

fix docker-registry repository name:

ssh root@oscpdns
cd /root/podman-registry/data/docker/registry/v2/repositories
ln -s kolla openstack.kolla

use genuine ssl certificate:

mkdir /root/certificates

use the following script to merge root certificates and then copy to kolla config:

cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2)
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
DOMAIN=ovox.io
CRT_NAME=$DOMAIN.crt
KEY_NAME=$DOMAIN.key
ROOT_CA=root.ca
GLOBAL_CA=global.pem

if [ -d $KOLLADIR ]; then
 echo "directory exist"
else
 echo "directory doesn't exist creating.."
 mkdir $KOLLADIR
fi

if [ $OS_TYPE = centos ];
then
cat $CERTDIR/$GLOBAL_CA $CERTDIR/$ROOT_CA > $TMPDIR/ca.pem
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $TMPDIR/haproxy.pem
cat $TMPDIR/haproxy.pem $TMPDIR/ca.pem > $KOLLADIR/haproxy.pem
 if [ ! -f $KOLLADIR/haproxy-ca.crt ];
 then
 ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
 fi
fi 

if [ $OS_TYPE = debian ];
then
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
 if [ ! -f $KOLLADIR/haproxy-ca.crt ];
 then
 ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
 fi
fi 
EOF

fix permissions and execute the script:

chmod +x /root/certificates/merge
/root/certificates/merge

change docker registry certificates:

scp -r /root/certificates root@oscpdns:~/
ssh root@oscpdns
cd ~/podman-registry
podman-compose down
cp ~/certificates/ovox.io* ~/podman-registry/certs/ 

change the podman-compose.yml

REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ovox.io.crt
REGISTRY_HTTP_TLS_KEY: /certs/ovox.io.key

start podman container:

cd ~/podman-registry
podman-compose up -d

trust this geniune ssl cert on nodes:

./ovoxcloud-kolla trust-cert-docker

deploy openstack cluster:

./ovoxcloud-kolla openstack-deploy

run post deploy openstack:

./ovoxcloud-kolla openstack-post-deploy

openstack operation

create the following script to upload images to glance:

cat > /usr/local/bin/upload-image << "EOF"
#!/bin/bash 

if [ $# -eq 0 ]
  then
    echo "usage:"
    echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64"
    echo ""; exit
fi

if [ ! -f $1 ];
then
echo "file doesn't exist please try again.." && exit 1
fi

if [ -z "$2" ];
then
echo "please specify name for image" && exit 1
fi

source /root/admin-openrc.sh
echo "upload begin at $(date +%F-%H:%M:%S)"
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
echo "upload finish at $(date +%F-%H:%M:%S)"
exit 0
EOF

fix script permissions:

chmod +x /usr/local/bin/upload-image

download cirros image:

wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img

convert image from qcow2 to raw:

qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw

upload image to glance using script:

upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64

create the following script for creating flavors:

cat > /usr/local/bin/openstack-create-flavors << EOF
#!/bin/bash
openstack flavor create --id 1 --ram 1024 --swap 512  --disk 1 --vcpus 1 ovox.tiny
openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small
openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium
openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large
openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge
openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small
openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium
EOF

fix script permissions:

chmod +x /usr/local/bin/openstack-create-flavors 

create openstack flavors using script:

openstack-create-flavors

create openstack networks:

./ovoxcloud-kolla openstack-netcreate

references