Howto openstack kolla: Difference between revisions
Mandulete1 (talk | contribs) |
|||
(72 intermediate revisions by 2 users not shown) | |||
Line 64: | Line 64: | ||
virsh net-define oscpiso-net-2023-05-16.xml | virsh net-define oscpiso-net-2023-05-16.xml | ||
virsh net-define publiciso-net-2023-05-16.xml | virsh net-define publiciso-net-2023-05-16.xml | ||
start virtual networks: | |||
virsh net-start oscpiso | |||
virsh net-start publiciso | |||
download iptables rules: | |||
wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh | |||
fix permissions and execute script: | |||
openstack- | chmod +x iptables-default-isolate-libvirt-openstack.sh | ||
./iptables-default-isolate-libvirt-openstack.sh | |||
fix permissions: | |||
chmod +x | |||
openstack | |||
= configure dns node = | = configure dns node = | ||
Line 106: | Line 84: | ||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | |||
source /etc/profile | |||
add this parameters to grub configuration /etc/default/grub: | add this parameters to grub configuration /etc/default/grub: | ||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | ||
Line 183: | Line 163: | ||
192.168.88.55 oscpnode4 | 192.168.88.55 oscpnode4 | ||
192.168.88.54 oscpnode5 | 192.168.88.54 oscpnode5 | ||
192.168.88.64 oscpdns | 192.168.88.64 oscpdns registry | ||
192.168.88.244 openstack | 192.168.88.244 openstack | ||
10.10.88.244 openstack-int | 10.10.88.244 openstack-int | ||
Line 190: | Line 170: | ||
systemctl enable dnsmasq | systemctl enable dnsmasq | ||
systemctl restart dnsmasq | systemctl restart dnsmasq | ||
= local registry = | |||
install podman packages: | |||
apt-get -y install podman | |||
install pip: | |||
apt-get -y install pip | |||
install podman-compose: | |||
pip3 install 'podman-compose<1.0' | |||
fix permissions and symlink: | |||
chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py | |||
ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose | |||
add the following registries to /etc/containers/registries.conf | |||
cat >> /etc/containers/registries.conf << "EOF" | |||
[registries.search] | |||
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] | |||
EOF | |||
create registry directory: | |||
mkdir ~/podman-registry | |||
cd ~/podman-registry | |||
create self sign certificates: | |||
mkdir ~/podman-registry/certs | |||
openssl genrsa -out ~/podman-registry/certs/server.key 4096 | |||
openssl req -new -x509 -text -key ~/podman-registry/certs/server.key -out ~/podman-registry/certs/server.cert | |||
compose file to create registry: | |||
cat > podman-compose.yml << EOF | |||
version: '3' | |||
services: | |||
registry: | |||
restart: always | |||
image: registry:2 | |||
container_name: registry | |||
ports: | |||
- "5000:5000" | |||
environment: | |||
REGISTRY_AUTH: htpasswd | |||
REGISTRY_AUTH_HTPASSWD_REALM: Registry | |||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd | |||
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data | |||
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.cert | |||
REGISTRY_HTTP_TLS_KEY: /certs/server.key | |||
TZ: America/Puerto_Rico | |||
volumes: | |||
- ~/podman-registry/auth:/auth | |||
- ~/podman-registry/data:/data | |||
- ~/podman-registry/certs:/certs | |||
EOF | |||
create password file: | |||
mkdir ~/podman-registry/auth | |||
podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd | |||
run the registry by executing: | |||
podman-compose up -d | |||
as root user edit /etc/containers/registries.conf: | |||
cat >> /etc/containers/registries.conf << "EOF" | |||
[registries.insecure] | |||
registries = ['registry.ovox.io'] | |||
EOF | |||
log in to a private registry: | |||
podman login registry.ovox.io:5000 -u registry -p livinglavidalinux | |||
= configure node1 = | = configure node1 = | ||
Line 200: | Line 239: | ||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | |||
source /etc/profile | |||
add this parameters to grub configuration /etc/default/grub: | add this parameters to grub configuration /etc/default/grub: | ||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | ||
Line 258: | Line 299: | ||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | |||
source /etc/profile | |||
add this parameters to grub configuration /etc/default/grub: | add this parameters to grub configuration /etc/default/grub: | ||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | ||
Line 316: | Line 359: | ||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | |||
source /etc/profile | |||
add this parameters to grub configuration /etc/default/grub: | add this parameters to grub configuration /etc/default/grub: | ||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | ||
Line 374: | Line 419: | ||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | |||
source /etc/profile | |||
add this parameters to grub configuration /etc/default/grub: | add this parameters to grub configuration /etc/default/grub: | ||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | ||
Line 432: | Line 479: | ||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | |||
source /etc/profile | |||
add this parameters to grub configuration /etc/default/grub: | add this parameters to grub configuration /etc/default/grub: | ||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | ||
Line 480: | Line 529: | ||
set timezone: | set timezone: | ||
timedatectl set-timezone America/Puerto_Rico | timedatectl set-timezone America/Puerto_Rico | ||
= configure kolla-ansible = | = configure kolla-ansible = | ||
on physical host copy and pasted the following on your shell: | |||
cat > /usr/local/bin/openstack << "EOF" | |||
#!/bin/bash | |||
VMS="openstack-node1-debian10 | |||
openstack-node2-debian10 | |||
openstack-node3-debian10 | |||
openstack-node4-debian10 | |||
openstack-node5-debian10 | |||
openstack-dns-debian10" | |||
if [ $1 = start ]; | |||
then | |||
for u in ${VMS}; do virsh start $u; done | |||
fi | |||
if [ $1 = destroy ]; | |||
then | |||
for u in ${VMS}; do virsh destroy $u; done | |||
fi | |||
if [ $1 = shutdown ]; | |||
then | |||
for u in ${VMS}; do virsh shutdown $u; done | |||
fi | |||
EOF | |||
fix permissions: | |||
chmod +x /usr/local/bin/openstack | |||
start virtual machines using the script: | |||
openstack start | |||
connect to node1: | connect to node1: | ||
ssh root@192.168.88.58 | ssh root@192.168.88.58 | ||
download ovoxcloud-kolla script: | download ovoxcloud-kolla script: | ||
wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05- | wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate | ||
set file permissions: | set file permissions: | ||
chmod +x ovoxcloud-kolla | chmod +x ovoxcloud-kolla | ||
run initial-setup: | run initial-setup: | ||
./ovoxcloud-kolla initial-setup | ./ovoxcloud-kolla initial-setup | ||
edit ovoxcloud-kolla and change the following: | edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD: | ||
BUILD=debian-zed-2023-05- | BUILD=debian-zed-2023-05-23 | ||
edit ansible host file /root/debian-zed-2023-05- | REGISTRY="registry.ovox.io" | ||
REGISTRY_PORT="5000" | |||
REGISTRY_USER="registry" | |||
REGISTRY_PASS="livinglavidalinux" | |||
edit ansible host file /root/debian-zed-2023-05-19/multinode | |||
[control] | [control] | ||
oscpnode1 | oscpnode1 | ||
Line 519: | Line 603: | ||
test ssh connection to nodes: | test ssh connection to nodes: | ||
./ovoxcloud-kolla ping | ./ovoxcloud-kolla ping | ||
setup disk partitions for ceph deployment: | |||
./ovoxcloud-kolla ceph-disk-reset | |||
deploy ceph cluster: | deploy ceph cluster: | ||
./ovoxcloud-kolla ceph-deploy | ./ovoxcloud-kolla ceph-deploy | ||
Line 525: | Line 611: | ||
configure ceph for openstack: | configure ceph for openstack: | ||
./ovoxcloud-kolla ceph-openstack | ./ovoxcloud-kolla ceph-openstack | ||
build openstack docker images: | |||
./ovoxcloud-kolla build-images | |||
because we have non geniune ssl cert we need to add the following config to docker: | |||
cat > /etc/docker/daemon.json << "EOF" | |||
{ | |||
"insecure-registries" : ["https://registry.ovox.io:5000"] | |||
} | |||
EOF | |||
then restart docker service: | |||
systemctl restart docker | |||
and add the following to /etc/kolla/globals.yml: | |||
docker_registry_insecure: yes | |||
push images to local registry: | |||
./ovoxcloud-kolla push-images | |||
fix docker-registry repository name: | |||
ssh root@oscpdns | |||
cd /root/podman-registry/data/docker/registry/v2/repositories | |||
ln -s kolla openstack.kolla | |||
use genuine ssl certificate: | |||
mkdir /root/certificates | |||
use the following script to merge root certificates and then copy to kolla config: | |||
cat > /root/certificates/merge << "EOF" | |||
TMPDIR=/tmp | |||
OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2) | |||
KOLLADIR=/etc/kolla/certificates | |||
CERTDIR=/root/certificates | |||
DOMAIN=ovox.io | |||
CRT_NAME=$DOMAIN.crt | |||
KEY_NAME=$DOMAIN.key | |||
ROOT_CA=root.ca | |||
GLOBAL_CA=global.pem | |||
if [ -d $KOLLADIR ]; then | |||
echo "directory exist" | |||
else | |||
echo "directory doesn't exist creating.." | |||
mkdir $KOLLADIR | |||
fi | |||
if [ $OS_TYPE = centos ]; | |||
then | |||
cat $CERTDIR/$GLOBAL_CA $CERTDIR/$ROOT_CA > $TMPDIR/ca.pem | |||
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $TMPDIR/haproxy.pem | |||
cat $TMPDIR/haproxy.pem $TMPDIR/ca.pem > $KOLLADIR/haproxy.pem | |||
if [ ! -f $KOLLADIR/haproxy-ca.crt ]; | |||
then | |||
ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt | |||
fi | |||
fi | |||
if [ $OS_TYPE = debian ]; | |||
then | |||
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem | |||
if [ ! -f $KOLLADIR/haproxy-ca.crt ]; | |||
then | |||
ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt | |||
fi | |||
fi | |||
EOF | |||
fix permissions and execute the script: | |||
chmod +x /root/certificates/merge | |||
/root/certificates/merge | |||
change docker registry certificates: | |||
scp -r /root/certificates root@oscpdns:~/ | |||
ssh root@oscpdns | |||
cd ~/podman-registry | |||
podman-compose down | |||
cp ~/certificates/ovox.io* ~/podman-registry/certs/ | |||
change the podman-compose.yml | |||
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ovox.io.crt | |||
REGISTRY_HTTP_TLS_KEY: /certs/ovox.io.key | |||
start podman container: | |||
cd ~/podman-registry | |||
podman-compose up -d | |||
trust this geniune ssl cert on nodes: | |||
./ovoxcloud-kolla trust-cert-docker | |||
deploy openstack cluster: | |||
./ovoxcloud-kolla openstack-deploy | |||
run post deploy openstack: | |||
./ovoxcloud-kolla openstack-post-deploy | |||
= openstack operation = | |||
create the following script to upload images to glance: | |||
cat > /usr/local/bin/upload-image << "EOF" | |||
#!/bin/bash | |||
if [ $# -eq 0 ] | |||
then | |||
echo "usage:" | |||
echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64" | |||
echo ""; exit | |||
fi | |||
if [ ! -f $1 ]; | |||
then | |||
echo "file doesn't exist please try again.." && exit 1 | |||
fi | |||
if [ -z "$2" ]; | |||
then | |||
echo "please specify name for image" && exit 1 | |||
fi | |||
source /root/admin-openrc.sh | |||
echo "upload begin at $(date +%F-%H:%M:%S)" | |||
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1 | |||
echo "upload finish at $(date +%F-%H:%M:%S)" | |||
exit 0 | |||
EOF | |||
fix script permissions: | |||
chmod +x /usr/local/bin/upload-image | |||
download cirros image: | |||
wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img | |||
convert image from qcow2 to raw: | |||
qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw | |||
upload image to glance using script: | |||
upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64 | |||
create the following script for creating flavors: | |||
cat > /usr/local/bin/openstack-create-flavors << EOF | |||
#!/bin/bash | |||
openstack flavor create --id 1 --ram 1024 --swap 512 --disk 1 --vcpus 1 ovox.tiny | |||
openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small | |||
openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium | |||
openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large | |||
openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge | |||
openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small | |||
openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium | |||
EOF | |||
fix script permissions: | |||
chmod +x /usr/local/bin/openstack-create-flavors | |||
create openstack flavors using script: | |||
openstack-create-flavors | |||
create openstack networks: | |||
./ovoxcloud-kolla openstack-netcreate | |||
= references = | = references = | ||
* https://docs.openstack.org/kolla-ansible/latest | |||
* https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html | * https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html |
Latest revision as of 03:29, 10 October 2024
setup host
enable nested kvm edit /etc/modprobe.d/kvm.conf:
# For Intel options kvm_intel nested=1 # # For AMD #options kvm_amd nested=1
if using rhel9 as host install the following repo:
dnf copr enable ligenix/enterprise-qemu-spice
then install libvirt and qemu-kvm:
yum install -y libvirt qemu-kvm guestfs-tools nbd
enable and start libvirtd daemon:
systemctl enable libvirtd && systemctl start libvirtd
create the following directory under /var/lib/libvirt/images:
mkdir /var/lib/libvirt/images/openstack cd /var/lib/libvirt/images/openstack
download debian bullseye:
wget https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
for baremetal download the iso:
http://mirrors.ocf.berkeley.edu/debian-cd/11.7.0/amd64/iso-cd/debian-11.7.0-amd64-netinst.iso
resize cloud image:
cp debian-11-generic-amd64.qcow2 debian-11-generic-amd64_100G.qcow2 qemu-img resize debian-11-generic-amd64_100G.qcow2 +98G
set root password for image:
virt-sysprep -a debian-11-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux
create storage images for openstack nodes:
cp debian-11-generic-amd64_100G.qcow2 openstack-node1.qcow2 cp debian-11-generic-amd64_100G.qcow2 openstack-node2.qcow2 cp debian-11-generic-amd64_100G.qcow2 openstack-node3.qcow2 cp debian-11-generic-amd64_100G.qcow2 openstack-node4.qcow2 cp debian-11-generic-amd64_100G.qcow2 openstack-node5.qcow2 cp debian-11-generic-amd64_100G.qcow2 openstack-dns.qcow2
create storage images for ceph cluster:
qemu-img create -f qcow2 ceph_storage_server1_1.img 100G qemu-img create -f qcow2 ceph_storage_server1_2.img 100G qemu-img create -f qcow2 ceph_storage_server1_3.img 100G qemu-img create -f qcow2 ceph_storage_server1_4.img 100G qemu-img create -f qcow2 ceph_storage_server2_1.img 100G qemu-img create -f qcow2 ceph_storage_server2_2.img 100G qemu-img create -f qcow2 ceph_storage_server2_3.img 100G qemu-img create -f qcow2 ceph_storage_server2_4.img 100G qemu-img create -f qcow2 ceph_storage_server3_1.img 100G qemu-img create -f qcow2 ceph_storage_server3_2.img 100G qemu-img create -f qcow2 ceph_storage_server3_3.img 100G qemu-img create -f qcow2 ceph_storage_server3_4.img 100G
download virtual machines xml:
wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml
import virtual machines:
virsh define openstack-node1-debian10-2023-05-16.xml virsh define openstack-node2-debian10-2023-05-16.xml virsh define openstack-node3-debian10-2023-05-16.xml virsh define openstack-node4-debian10-2023-05-16.xml virsh define openstack-node5-debian10-2023-05-16.xml virsh define openstack-dns-debian10-2023-05-16.xml
download virtual networks xml:
wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml
import virtual networks:
virsh net-define oscpiso-net-2023-05-16.xml virsh net-define publiciso-net-2023-05-16.xml
start virtual networks:
virsh net-start oscpiso virsh net-start publiciso
download iptables rules:
wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh
fix permissions and execute script:
chmod +x iptables-default-isolate-libvirt-openstack.sh ./iptables-default-isolate-libvirt-openstack.sh
configure dns node
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 openstack-dns.qcow2 kpartx -a /dev/nbd0 mkdir /mnt/cloudimg mount /dev/mapper/nbd0p1 /mnt/cloudimg mount -o bind /dev /mnt/cloudimg/dev mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.64/24 gateway 192.168.88.1 dns-nameservers 4.2.2.1 dns-nameservers 4.2.2.2 # eth2 iface eth2 inet static address 10.10.88.64/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p14 dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-dns-debian10
connect to node1 using ssh:
ssh root@192.168.88.64
set hostname:
hostnamectl set-hostname oscpdns
set timezone:
timedatectl set-timezone America/Puerto_Rico
install dnsmasq:
apt-get update apt-get install dnsmasq -y
configure dnsmasq:
cat > /etc/dnsmasq.conf << EOF listen-address=127.0.0.1,192.168.88.64 interface=eth1 expand-hosts domain=ovox.io server=4.2.2.1 server=4.2.2.2 address=/oscpnode1/10.10.88.58 address=/oscpnode2/10.10.88.57 address=/oscpnode3/10.10.88.56 address=/oscpnode4/10.10.88.55 address=/oscpnode5/10.10.88.54 address=/oscpdns/10.10.88.64 address=/openstack-int/10.10.88.244 address=/openstack/192.168.88.244 EOF
configure /etc/hosts:
cat > /etc/hosts << EOF 127.0.0.1 localhost 192.168.88.58 oscpnode1 192.168.88.57 oscpnode2 192.168.88.56 oscpnode3 192.168.88.55 oscpnode4 192.168.88.54 oscpnode5 192.168.88.64 oscpdns registry 192.168.88.244 openstack 10.10.88.244 openstack-int EOF
enable and restart dnsmasq:
systemctl enable dnsmasq systemctl restart dnsmasq
local registry
install podman packages:
apt-get -y install podman
install pip:
apt-get -y install pip
install podman-compose:
pip3 install 'podman-compose<1.0'
fix permissions and symlink:
chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF" [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] EOF
create registry directory:
mkdir ~/podman-registry cd ~/podman-registry
create self sign certificates:
mkdir ~/podman-registry/certs openssl genrsa -out ~/podman-registry/certs/server.key 4096 openssl req -new -x509 -text -key ~/podman-registry/certs/server.key -out ~/podman-registry/certs/server.cert
compose file to create registry:
cat > podman-compose.yml << EOF version: '3' services: registry: restart: always image: registry:2 container_name: registry ports: - "5000:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.cert REGISTRY_HTTP_TLS_KEY: /certs/server.key TZ: America/Puerto_Rico volumes: - ~/podman-registry/auth:/auth - ~/podman-registry/data:/data - ~/podman-registry/certs:/certs EOF
create password file:
mkdir ~/podman-registry/auth podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd
run the registry by executing:
podman-compose up -d
as root user edit /etc/containers/registries.conf:
cat >> /etc/containers/registries.conf << "EOF" [registries.insecure] registries = ['registry.ovox.io'] EOF
log in to a private registry:
podman login registry.ovox.io:5000 -u registry -p livinglavidalinux
configure node1
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node1.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p1 /mnt/cloudimg mount -o bind /dev /mnt/cloudimg/dev mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.58/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.58/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p14 dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node1-debian10
connect to node1 using ssh:
ssh root@192.168.88.58
set hostname:
hostnamectl set-hostname oscpnode1
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node2
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node2.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p1 /mnt/cloudimg mount -o bind /dev /mnt/cloudimg/dev mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.57/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.57/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p14 dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node2-debian10
connect to node1 using ssh:
ssh root@192.168.88.57
set hostname:
hostnamectl set-hostname oscpnode2
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node3
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node3.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p1 /mnt/cloudimg mount -o bind /dev /mnt/cloudimg/dev mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.56/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.56/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p14 dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node3-debian10
connect to node1 using ssh:
ssh root@192.168.88.56
set hostname:
hostnamectl set-hostname oscpnode3
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node4
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node4.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p1 /mnt/cloudimg mount -o bind /dev /mnt/cloudimg/dev mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.55/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.55/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p14 dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node4-debian10
connect to node1 using ssh:
ssh root@192.168.88.55
set hostname:
hostnamectl set-hostname oscpnode4
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node5
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 openstack-node5.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p1 /mnt/cloudimg mount -o bind /dev /mnt/cloudimg/dev mount -o bind /proc /mnt/cloudimg/proc
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.54/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.54/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p14 dmsetup remove /dev/mapper/nbd0p15
start node1 virtual machine:
virsh start openstack-node5-debian10
connect to node1 using ssh:
ssh root@192.168.88.54
set hostname:
hostnamectl set-hostname oscpnode5
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure kolla-ansible
on physical host copy and pasted the following on your shell:
cat > /usr/local/bin/openstack << "EOF" #!/bin/bash VMS="openstack-node1-debian10 openstack-node2-debian10 openstack-node3-debian10 openstack-node4-debian10 openstack-node5-debian10 openstack-dns-debian10" if [ $1 = start ]; then for u in ${VMS}; do virsh start $u; done fi if [ $1 = destroy ]; then for u in ${VMS}; do virsh destroy $u; done fi if [ $1 = shutdown ]; then for u in ${VMS}; do virsh shutdown $u; done fi EOF
fix permissions:
chmod +x /usr/local/bin/openstack
start virtual machines using the script:
openstack start
connect to node1:
ssh root@192.168.88.58
download ovoxcloud-kolla script:
wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
chmod +x ovoxcloud-kolla
run initial-setup:
./ovoxcloud-kolla initial-setup
edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:
BUILD=debian-zed-2023-05-23 REGISTRY="registry.ovox.io" REGISTRY_PORT="5000" REGISTRY_USER="registry" REGISTRY_PASS="livinglavidalinux"
edit ansible host file /root/debian-zed-2023-05-19/multinode
[control] oscpnode1 oscpnode2 oscpnode3 [network] oscpnode1 oscpnode2 oscpnode3 [compute] oscpnode4 oscpnode5 [monitoring] oscpnode1 oscpnode2 oscpnode3 [storage] oscpnode1 oscpnode2 oscpnode3
copy ssh key to hosts:
./ovoxcloud-kolla copy-ssh-key
test ssh connection to nodes:
./ovoxcloud-kolla ping
setup disk partitions for ceph deployment:
./ovoxcloud-kolla ceph-disk-reset
deploy ceph cluster:
./ovoxcloud-kolla ceph-deploy
create ceph pools for openstack:
./ovoxcloud-kolla ceph-pool-openstack
configure ceph for openstack:
./ovoxcloud-kolla ceph-openstack
build openstack docker images:
./ovoxcloud-kolla build-images
because we have non geniune ssl cert we need to add the following config to docker:
cat > /etc/docker/daemon.json << "EOF" { "insecure-registries" : ["https://registry.ovox.io:5000"] } EOF
then restart docker service:
systemctl restart docker
and add the following to /etc/kolla/globals.yml:
docker_registry_insecure: yes
push images to local registry:
./ovoxcloud-kolla push-images
fix docker-registry repository name:
ssh root@oscpdns cd /root/podman-registry/data/docker/registry/v2/repositories ln -s kolla openstack.kolla
use genuine ssl certificate:
mkdir /root/certificates
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF" TMPDIR=/tmp OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2) KOLLADIR=/etc/kolla/certificates CERTDIR=/root/certificates DOMAIN=ovox.io CRT_NAME=$DOMAIN.crt KEY_NAME=$DOMAIN.key ROOT_CA=root.ca GLOBAL_CA=global.pem if [ -d $KOLLADIR ]; then echo "directory exist" else echo "directory doesn't exist creating.." mkdir $KOLLADIR fi if [ $OS_TYPE = centos ]; then cat $CERTDIR/$GLOBAL_CA $CERTDIR/$ROOT_CA > $TMPDIR/ca.pem cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $TMPDIR/haproxy.pem cat $TMPDIR/haproxy.pem $TMPDIR/ca.pem > $KOLLADIR/haproxy.pem if [ ! -f $KOLLADIR/haproxy-ca.crt ]; then ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt fi fi if [ $OS_TYPE = debian ]; then cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem if [ ! -f $KOLLADIR/haproxy-ca.crt ]; then ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt fi fi EOF
fix permissions and execute the script:
chmod +x /root/certificates/merge /root/certificates/merge
change docker registry certificates:
scp -r /root/certificates root@oscpdns:~/ ssh root@oscpdns cd ~/podman-registry podman-compose down cp ~/certificates/ovox.io* ~/podman-registry/certs/
change the podman-compose.yml
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ovox.io.crt REGISTRY_HTTP_TLS_KEY: /certs/ovox.io.key
start podman container:
cd ~/podman-registry podman-compose up -d
trust this geniune ssl cert on nodes:
./ovoxcloud-kolla trust-cert-docker
deploy openstack cluster:
./ovoxcloud-kolla openstack-deploy
run post deploy openstack:
./ovoxcloud-kolla openstack-post-deploy
openstack operation
create the following script to upload images to glance:
cat > /usr/local/bin/upload-image << "EOF" #!/bin/bash if [ $# -eq 0 ] then echo "usage:" echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64" echo ""; exit fi if [ ! -f $1 ]; then echo "file doesn't exist please try again.." && exit 1 fi if [ -z "$2" ]; then echo "please specify name for image" && exit 1 fi source /root/admin-openrc.sh echo "upload begin at $(date +%F-%H:%M:%S)" glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1 echo "upload finish at $(date +%F-%H:%M:%S)" exit 0 EOF
fix script permissions:
chmod +x /usr/local/bin/upload-image
download cirros image:
wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img
convert image from qcow2 to raw:
qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw
upload image to glance using script:
upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64
create the following script for creating flavors:
cat > /usr/local/bin/openstack-create-flavors << EOF #!/bin/bash openstack flavor create --id 1 --ram 1024 --swap 512 --disk 1 --vcpus 1 ovox.tiny openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium EOF
fix script permissions:
chmod +x /usr/local/bin/openstack-create-flavors
create openstack flavors using script:
openstack-create-flavors
create openstack networks:
./ovoxcloud-kolla openstack-netcreate