Howto openstack kolla 2024: Difference between revisions
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
(85 intermediate revisions by the same user not shown) | |||
Line 15: | Line 15: | ||
mkdir /var/lib/libvirt/images/openstack | mkdir /var/lib/libvirt/images/openstack | ||
cd /var/lib/libvirt/images/openstack | cd /var/lib/libvirt/images/openstack | ||
= configure debian image = | |||
download debian bullseye: | download debian bullseye: | ||
wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 | wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 | ||
Line 22: | Line 23: | ||
cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2 | ||
qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G | qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G | ||
expand image partition: | |||
virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2 | |||
set root password for image: | set root password for image: | ||
virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux | virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux | ||
mount cloud image to pre-configure network: | |||
modprobe nbd | |||
qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2 | |||
kpartx -a /dev/nbd0 | |||
mkdir /mnt/cloudimg | |||
mount /dev/mapper/nbd0p3 /mnt/cloudimg | |||
mount -t proc none /mnt/cloudimg/proc | |||
mount -t sysfs none /mnt/cloudimg/sys | |||
mount -o bind /dev /mnt/cloudimg/dev | |||
mount -o bind /dev/pts /mnt/cloudimg/dev/pts | |||
mount -o bind /run /mnt/cloudimg/run/ | |||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | |||
chroot /mnt/cloudimg | |||
inside debian environment load the following profile: | |||
source /etc/profile | |||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |||
add this parameters to grub configuration /etc/default/grub: | |||
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0" | |||
update grub configuration: | |||
update-grub | |||
disable and remove systemd-networkd: | |||
systemctl disable systemd-networkd.socket systemd-networkd \ | |||
systemd-networkd-wait-online | |||
install legacy networking: | |||
apt install -y ifupdown | |||
remove netplan.io: | |||
apt -y purge --auto-remove netplan.io | |||
remove systemd-resolved: | |||
apt -y purge --auto-remove systemd-resolved | |||
setup ssh-server configuration: | |||
dpkg-reconfigure openssh-server | |||
change sshd config to allow root user and password connection: | |||
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config | |||
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config | |||
update system: | |||
apt update && apt upgrade -y | |||
exit chroot: | |||
exit | |||
umount image when finish configuration: | |||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | |||
umount /mnt/cloudimg/dev/pts | |||
umount /mnt/cloudimg/dev | |||
umount /mnt/cloudimg/run | |||
umount /mnt/cloudimg/sys | |||
umount /mnt/cloudimg | |||
nbd-client -d /dev/nbd0 | |||
dmsetup remove /dev/mapper/nbd0p1 | |||
dmsetup remove /dev/mapper/nbd0p2 | |||
dmsetup remove /dev/mapper/nbd0p3 | |||
= create nodes images = | |||
create storage images for openstack nodes: | create storage images for openstack nodes: | ||
cp debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2 | ||
cp debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2 | ||
cp debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2 | ||
cp debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2 | ||
cp debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2 | ||
cp debian-12-generic-amd64_100G.qcow2 | cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2 | ||
create storage images for ceph cluster: | create storage images for ceph cluster: | ||
qemu-img create -f qcow2 ceph_storage_server1_1.img 100G | qemu-img create -f qcow2 ceph_storage_server1_1.img 100G | ||
Line 76: | Line 132: | ||
mount cloud image to pre-configure network: | mount cloud image to pre-configure network: | ||
modprobe nbd | modprobe nbd | ||
qemu-nbd -c /dev/nbd0 | qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2 | ||
kpartx -a /dev/nbd0 | kpartx -a /dev/nbd0 | ||
mount /dev/mapper/nbd0p3 /mnt/cloudimg | |||
mount /dev/mapper/ | |||
mount -t proc none /mnt/cloudimg/proc | mount -t proc none /mnt/cloudimg/proc | ||
mount -t sysfs none /mnt/cloudimg/sys | mount -t sysfs none /mnt/cloudimg/sys | ||
Line 85: | Line 140: | ||
mount -o bind /dev/pts /mnt/cloudimg/dev/pts | mount -o bind /dev/pts /mnt/cloudimg/dev/pts | ||
mount -o bind /run /mnt/cloudimg/run/ | mount -o bind /run /mnt/cloudimg/run/ | ||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
Line 90: | Line 146: | ||
source /etc/profile | source /etc/profile | ||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | ||
configure network on node1: | configure network on node1: | ||
cat > /etc/network/interfaces << EOF | cat > /etc/network/interfaces << EOF | ||
Line 127: | Line 168: | ||
down ip link set dev eth3 down | down ip link set dev eth3 down | ||
EOF | EOF | ||
exit chroot: | exit chroot: | ||
exit | exit | ||
umount image when finish configuration: | umount image when finish configuration: | ||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | umount /mnt/cloudimg/proc | ||
umount /mnt/cloudimg/dev/pts | umount /mnt/cloudimg/dev/pts | ||
Line 143: | Line 180: | ||
nbd-client -d /dev/nbd0 | nbd-client -d /dev/nbd0 | ||
dmsetup remove /dev/mapper/nbd0p1 | dmsetup remove /dev/mapper/nbd0p1 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p2 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p3 | ||
start node1 virtual machine: | start node1 virtual machine: | ||
virsh start openstack-dns-debian10 | virsh start openstack-dns-debian10 | ||
connect to node1 using ssh: | connect to node1 using ssh: | ||
ssh root@192.168.88.64 | ssh root@192.168.88.64 | ||
set nameservers: | |||
cat > /etc/resolv.conf << EOF | |||
nameserver 4.2.2.1 | |||
nameserver 4.2.2.2 | |||
EOF | |||
set hostname: | set hostname: | ||
hostnamectl set-hostname oscpdns | hostnamectl set-hostname oscpdns | ||
Line 155: | Line 197: | ||
install dnsmasq: | install dnsmasq: | ||
apt-get update | apt-get update | ||
apt-get install dnsmasq -y | apt-get install dnsmasq net-tools dnsutils -y | ||
configure dnsmasq: | configure dnsmasq: | ||
cat > /etc/dnsmasq.conf << EOF | cat > /etc/dnsmasq.conf << EOF | ||
Line 191: | Line 233: | ||
= local registry = | = local registry = | ||
install podman packages: | install podman packages: | ||
apt-get -y install podman | apt-get -y install podman podman-compose | ||
add the following registries to /etc/containers/registries.conf | add the following registries to /etc/containers/registries.conf | ||
cat >> /etc/containers/registries.conf << "EOF" | cat >> /etc/containers/registries.conf << "EOF" | ||
Line 207: | Line 242: | ||
mkdir ~/podman-registry | mkdir ~/podman-registry | ||
cd ~/podman-registry | cd ~/podman-registry | ||
compose file to create registry: | compose file to create registry: | ||
cat > podman-compose.yml << EOF | cat > podman-compose.yml << EOF | ||
Line 227: | Line 258: | ||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd | REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd | ||
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data | REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data | ||
TZ: America/Puerto_Rico | TZ: America/Puerto_Rico | ||
volumes: | volumes: | ||
- ~/podman-registry/auth:/auth | - ~/podman-registry/auth:/auth | ||
- ~/podman-registry/data:/data | - ~/podman-registry/data:/data | ||
EOF | EOF | ||
create password file: | create password file: | ||
Line 250: | Line 278: | ||
= configure node1 = | = configure node1 = | ||
mount cloud image to pre-configure network: | mount cloud image to pre-configure network: | ||
qemu-nbd -c /dev/nbd0 | qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2 | ||
kpartx -a /dev/nbd0 | kpartx -a /dev/nbd0 | ||
mount /dev/mapper/ | mount /dev/mapper/nbd0p3 /mnt/cloudimg | ||
mount -t proc none /mnt/cloudimg/proc | |||
mount -t sysfs none /mnt/cloudimg/sys | |||
mount -o bind /dev /mnt/cloudimg/dev | mount -o bind /dev /mnt/cloudimg/dev | ||
mount -o bind / | mount -o bind /dev/pts /mnt/cloudimg/dev/pts | ||
mount -o bind /run /mnt/cloudimg/run/ | |||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | inside debian environment load the following profile: | ||
source /etc/profile | source /etc/profile | ||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |||
configure network on node1: | configure network on node1: | ||
cat > /etc/network/interfaces << EOF | cat > /etc/network/interfaces << EOF | ||
Line 284: | Line 313: | ||
down ip link set dev eth3 down | down ip link set dev eth3 down | ||
EOF | EOF | ||
exit chroot: | exit chroot: | ||
exit | exit | ||
umount image when finish configuration: | umount image when finish configuration: | ||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | umount /mnt/cloudimg/proc | ||
umount /mnt/cloudimg/dev/pts | |||
umount /mnt/cloudimg/dev | umount /mnt/cloudimg/dev | ||
umount /mnt/cloudimg/run | |||
umount /mnt/cloudimg/sys | |||
umount /mnt/cloudimg | umount /mnt/cloudimg | ||
nbd-client -d /dev/nbd0 | nbd-client -d /dev/nbd0 | ||
dmsetup remove /dev/mapper/nbd0p1 | dmsetup remove /dev/mapper/nbd0p1 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p2 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p3 | ||
start node1 virtual machine: | start node1 virtual machine: | ||
virsh start openstack-node1-debian10 | virsh start openstack-node1-debian10 | ||
connect to node1 using ssh: | connect to node1 using ssh: | ||
ssh root@192.168.88.58 | ssh root@192.168.88.58 | ||
remove /etc/resolv.conf file: | |||
rm /etc/resolv.conf | |||
set nameservers: | |||
cat > /etc/resolv.conf << EOF | |||
nameserver 192.168.88.64 | |||
nameserver 4.2.2.2 | |||
EOF | |||
set hostname: | set hostname: | ||
hostnamectl set-hostname oscpnode1 | hostnamectl set-hostname oscpnode1 | ||
Line 310: | Line 345: | ||
= configure node2 = | = configure node2 = | ||
mount cloud image to pre-configure network: | mount cloud image to pre-configure network: | ||
qemu-nbd -c /dev/nbd0 | qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2 | ||
kpartx -a /dev/nbd0 | kpartx -a /dev/nbd0 | ||
mount /dev/mapper/ | mount /dev/mapper/nbd0p3 /mnt/cloudimg | ||
mount -t proc none /mnt/cloudimg/proc | |||
mount -t sysfs none /mnt/cloudimg/sys | |||
mount -o bind /dev /mnt/cloudimg/dev | mount -o bind /dev /mnt/cloudimg/dev | ||
mount -o bind / | mount -o bind /dev/pts /mnt/cloudimg/dev/pts | ||
mount -o bind /run /mnt/cloudimg/run/ | |||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | inside debian environment load the following profile: | ||
source /etc/profile | source /etc/profile | ||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |||
configure network on node2: | |||
configure network on | |||
cat > /etc/network/interfaces << EOF | cat > /etc/network/interfaces << EOF | ||
auto lo eth0 eth1 eth2 eth3 | auto lo eth0 eth1 eth2 eth3 | ||
Line 344: | Line 380: | ||
down ip link set dev eth3 down | down ip link set dev eth3 down | ||
EOF | EOF | ||
exit chroot: | exit chroot: | ||
exit | exit | ||
umount image when finish configuration: | umount image when finish configuration: | ||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | umount /mnt/cloudimg/proc | ||
umount /mnt/cloudimg/dev/pts | |||
umount /mnt/cloudimg/dev | umount /mnt/cloudimg/dev | ||
umount /mnt/cloudimg/run | |||
umount /mnt/cloudimg/sys | |||
umount /mnt/cloudimg | umount /mnt/cloudimg | ||
nbd-client -d /dev/nbd0 | nbd-client -d /dev/nbd0 | ||
dmsetup remove /dev/mapper/nbd0p1 | dmsetup remove /dev/mapper/nbd0p1 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p2 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p3 | ||
start | start node2 virtual machine: | ||
virsh start openstack-node2-debian10 | virsh start openstack-node2-debian10 | ||
connect to | connect to node2 using ssh: | ||
ssh root@192.168.88.57 | ssh root@192.168.88.57 | ||
remove /etc/resolv.conf file: | |||
rm /etc/resolv.conf | |||
set nameservers: | |||
cat > /etc/resolv.conf << EOF | |||
nameserver 192.168.88.64 | |||
nameserver 4.2.2.2 | |||
EOF | |||
set hostname: | set hostname: | ||
hostnamectl set-hostname oscpnode2 | hostnamectl set-hostname oscpnode2 | ||
Line 370: | Line 412: | ||
= configure node3 = | = configure node3 = | ||
mount cloud image to pre-configure network: | mount cloud image to pre-configure network: | ||
qemu-nbd -c /dev/nbd0 | qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2 | ||
kpartx -a /dev/nbd0 | kpartx -a /dev/nbd0 | ||
mount /dev/mapper/ | mount /dev/mapper/nbd0p3 /mnt/cloudimg | ||
mount -t proc none /mnt/cloudimg/proc | |||
mount -t sysfs none /mnt/cloudimg/sys | |||
mount -o bind /dev /mnt/cloudimg/dev | mount -o bind /dev /mnt/cloudimg/dev | ||
mount -o bind / | mount -o bind /dev/pts /mnt/cloudimg/dev/pts | ||
mount -o bind /run /mnt/cloudimg/run/ | |||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | inside debian environment load the following profile: | ||
source /etc/profile | source /etc/profile | ||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |||
configure network on node3: | |||
configure network on | |||
cat > /etc/network/interfaces << EOF | cat > /etc/network/interfaces << EOF | ||
auto lo eth0 eth1 eth2 eth3 | auto lo eth0 eth1 eth2 eth3 | ||
Line 404: | Line 447: | ||
down ip link set dev eth3 down | down ip link set dev eth3 down | ||
EOF | EOF | ||
exit chroot: | exit chroot: | ||
exit | exit | ||
umount image when finish configuration: | umount image when finish configuration: | ||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | umount /mnt/cloudimg/proc | ||
umount /mnt/cloudimg/dev/pts | |||
umount /mnt/cloudimg/dev | umount /mnt/cloudimg/dev | ||
umount /mnt/cloudimg/run | |||
umount /mnt/cloudimg/sys | |||
umount /mnt/cloudimg | umount /mnt/cloudimg | ||
nbd-client -d /dev/nbd0 | nbd-client -d /dev/nbd0 | ||
dmsetup remove /dev/mapper/nbd0p1 | dmsetup remove /dev/mapper/nbd0p1 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p2 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p3 | ||
start | start node3 virtual machine: | ||
virsh start openstack-node3-debian10 | virsh start openstack-node3-debian10 | ||
connect to | connect to node3 using ssh: | ||
ssh root@192.168.88.56 | ssh root@192.168.88.56 | ||
remove /etc/resolv.conf file: | |||
rm /etc/resolv.conf | |||
set nameservers: | |||
cat > /etc/resolv.conf << EOF | |||
nameserver 192.168.88.64 | |||
nameserver 4.2.2.2 | |||
EOF | |||
set hostname: | set hostname: | ||
hostnamectl set-hostname oscpnode3 | hostnamectl set-hostname oscpnode3 | ||
Line 430: | Line 479: | ||
= configure node4 = | = configure node4 = | ||
mount cloud image to pre-configure network: | mount cloud image to pre-configure network: | ||
qemu-nbd -c /dev/nbd0 | qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2 | ||
kpartx -a /dev/nbd0 | kpartx -a /dev/nbd0 | ||
mount /dev/mapper/ | mount /dev/mapper/nbd0p3 /mnt/cloudimg | ||
mount -t proc none /mnt/cloudimg/proc | |||
mount -t sysfs none /mnt/cloudimg/sys | |||
mount -o bind /dev /mnt/cloudimg/dev | mount -o bind /dev /mnt/cloudimg/dev | ||
mount -o bind / | mount -o bind /dev/pts /mnt/cloudimg/dev/pts | ||
mount -o bind /run /mnt/cloudimg/run/ | |||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | inside debian environment load the following profile: | ||
source /etc/profile | source /etc/profile | ||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |||
configure network on node4: | |||
configure network on | |||
cat > /etc/network/interfaces << EOF | cat > /etc/network/interfaces << EOF | ||
auto lo eth0 eth1 eth2 eth3 | auto lo eth0 eth1 eth2 eth3 | ||
Line 464: | Line 514: | ||
down ip link set dev eth3 down | down ip link set dev eth3 down | ||
EOF | EOF | ||
exit chroot: | exit chroot: | ||
exit | exit | ||
umount image when finish configuration: | umount image when finish configuration: | ||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | umount /mnt/cloudimg/proc | ||
umount /mnt/cloudimg/dev/pts | |||
umount /mnt/cloudimg/dev | umount /mnt/cloudimg/dev | ||
umount /mnt/cloudimg/run | |||
umount /mnt/cloudimg/sys | |||
umount /mnt/cloudimg | umount /mnt/cloudimg | ||
nbd-client -d /dev/nbd0 | nbd-client -d /dev/nbd0 | ||
dmsetup remove /dev/mapper/nbd0p1 | dmsetup remove /dev/mapper/nbd0p1 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p2 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p3 | ||
start | start node4 virtual machine: | ||
virsh start openstack-node4-debian10 | virsh start openstack-node4-debian10 | ||
connect to node1 using ssh: | connect to node1 using ssh: | ||
ssh root@192.168.88.55 | ssh root@192.168.88.55 | ||
remove /etc/resolv.conf file: | |||
rm /etc/resolv.conf | |||
set nameservers: | |||
cat > /etc/resolv.conf << EOF | |||
nameserver 192.168.88.64 | |||
nameserver 4.2.2.2 | |||
EOF | |||
set hostname: | set hostname: | ||
hostnamectl set-hostname oscpnode4 | hostnamectl set-hostname oscpnode4 | ||
Line 490: | Line 546: | ||
= configure node5 = | = configure node5 = | ||
mount cloud image to pre-configure network: | mount cloud image to pre-configure network: | ||
qemu-nbd -c /dev/nbd0 | qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2 | ||
kpartx -a /dev/nbd0 | kpartx -a /dev/nbd0 | ||
mount /dev/mapper/ | mount /dev/mapper/nbd0p3 /mnt/cloudimg | ||
mount -t proc none /mnt/cloudimg/proc | |||
mount -t sysfs none /mnt/cloudimg/sys | |||
mount -o bind /dev /mnt/cloudimg/dev | mount -o bind /dev /mnt/cloudimg/dev | ||
mount -o bind / | mount -o bind /dev/pts /mnt/cloudimg/dev/pts | ||
mount -o bind /run /mnt/cloudimg/run/ | |||
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf | |||
enter debian node environment using chroot: | enter debian node environment using chroot: | ||
chroot /mnt/cloudimg | chroot /mnt/cloudimg | ||
inside debian environment load the following profile: | inside debian environment load the following profile: | ||
source /etc/profile | source /etc/profile | ||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |||
configure network on node5: | |||
configure network on | |||
cat > /etc/network/interfaces << EOF | cat > /etc/network/interfaces << EOF | ||
auto lo eth0 eth1 eth2 eth3 | auto lo eth0 eth1 eth2 eth3 | ||
Line 524: | Line 581: | ||
down ip link set dev eth3 down | down ip link set dev eth3 down | ||
EOF | EOF | ||
exit chroot: | exit chroot: | ||
exit | exit | ||
umount image when finish configuration: | umount image when finish configuration: | ||
umount /mnt/cloudimg/etc/resolv.conf | |||
umount /mnt/cloudimg/proc | umount /mnt/cloudimg/proc | ||
umount /mnt/cloudimg/dev/pts | |||
umount /mnt/cloudimg/dev | umount /mnt/cloudimg/dev | ||
umount /mnt/cloudimg/run | |||
umount /mnt/cloudimg/sys | |||
umount /mnt/cloudimg | umount /mnt/cloudimg | ||
nbd-client -d /dev/nbd0 | nbd-client -d /dev/nbd0 | ||
dmsetup remove /dev/mapper/nbd0p1 | dmsetup remove /dev/mapper/nbd0p1 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p2 | ||
dmsetup remove /dev/mapper/ | dmsetup remove /dev/mapper/nbd0p3 | ||
start | start node5 virtual machine: | ||
virsh start openstack-node5-debian10 | virsh start openstack-node5-debian10 | ||
connect to node1 using ssh: | connect to node1 using ssh: | ||
ssh root@192.168.88.54 | ssh root@192.168.88.54 | ||
remove /etc/resolv.conf file: | |||
rm /etc/resolv.conf | |||
set nameservers: | |||
cat > /etc/resolv.conf << EOF | |||
nameserver 192.168.88.64 | |||
nameserver 4.2.2.2 | |||
EOF | |||
set hostname: | set hostname: | ||
hostnamectl set-hostname oscpnode5 | hostnamectl set-hostname oscpnode5 | ||
set timezone: | set timezone: | ||
timedatectl set-timezone America/Puerto_Rico | timedatectl set-timezone America/Puerto_Rico | ||
= create ssl certificates = | |||
create directory for certificates: | |||
mkdir /root/certificates && cd /root/certificates | |||
create your own ssl certs: | |||
openssl genrsa -out server.key 3072 | |||
create certificate csr: | |||
openssl req -new -key server.key -out server.csr | |||
fill the following blanks: | |||
Country Name (2 letter code) []: '''US''' | |||
State or Province Name (full name) []: '''Puerto Rico''' | |||
Locality Name (eg, city) []: '''San Juan''' | |||
Organization Name (eg, company) []: '''OVOX LLC''' | |||
Organizational Unit Name (eg, section) []: '''Cloud Consulting''' | |||
Common Name (eg, your name or your server's hostname) []: '''openstack.ovox.io''' | |||
Email Address []: '''email@gmail.com''' | |||
Please enter the following 'extra' attributes | |||
to be sent with your certificate request | |||
A challenge password []: '''just press enter''' | |||
An optional company name []: '''just press enter''' | |||
create the certificate: | |||
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt | |||
create root certificate: | |||
openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem | |||
fill the following blanks: | |||
Country Name (2 letter code) []: '''US''' | |||
State or Province Name (full name) []: '''Puerto Rico''' | |||
Locality Name (eg, city) []: '''San Juan''' | |||
Organization Name (eg, company) []: '''OVOX LLC.''' | |||
Organizational Unit Name (eg, section) []: '''Cloud Consulting''' | |||
Common Name (eg, your name or your server's hostname) []: '''openstack.ovox.io''' | |||
Email Address []: '''email@gmail.com''' | |||
Please enter the following 'extra' attributes | |||
to be sent with your certificate request | |||
A challenge password []: '''just press enter''' | |||
An optional company name []: '''just press enter''' | |||
use the following script to merge root certificates and then copy to kolla config: | |||
cat > /root/certificates/merge << "EOF" | |||
TMPDIR=/tmp | |||
KOLLADIR=/etc/kolla/certificates | |||
CERTDIR=/root/certificates | |||
CRT_NAME=server.crt | |||
KEY_NAME=server.key | |||
ROOT_CA=ca.pem | |||
if [ ! -d $KOLLADIR ]; | |||
then | |||
mkdir $KOLLADIR -p | |||
fi | |||
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem | |||
if [ ! -f $KOLLADIR/haproxy-ca.crt ]; | |||
then | |||
ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt | |||
fi | |||
EOF | |||
execute the script: | |||
bash /root/certificates/merge | |||
= configure kolla-ansible = | = configure kolla-ansible = | ||
Line 582: | Line 701: | ||
ssh root@192.168.88.58 | ssh root@192.168.88.58 | ||
download ovoxcloud-kolla script: | download ovoxcloud-kolla script: | ||
wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla- | wget https://img.vidalinux.com/files/openstack/2024/ovoxcloud-kolla-2024.1 -O ./ovoxcloud-kolla --no-check-certificate | ||
set file permissions: | set file permissions: | ||
chmod +x ovoxcloud-kolla | chmod +x ovoxcloud-kolla | ||
run initial-setup: | run ceph-initial-setup: | ||
./ovoxcloud-kolla initial-setup | ./ovoxcloud-kolla ceph-initial-setup | ||
run kolla-initial-setup: | |||
./ovoxcloud-kolla kolla-initial-setup | |||
edit ovoxcloud-kolla and change the following: | |||
REGISTRY="registry.ovox.io" | REGISTRY="registry.ovox.io" | ||
REGISTRY_PORT="5000" | REGISTRY_PORT="5000" | ||
REGISTRY_USER="registry" | REGISTRY_USER="registry" | ||
REGISTRY_PASS="livinglavidalinux" | REGISTRY_PASS="livinglavidalinux" | ||
edit ansible host file /root/debian- | edit ansible host file /root/debian-kolla-2024.1/multinode | ||
[control] | [control] | ||
oscpnode1 | oscpnode1 | ||
Line 631: | Line 751: | ||
build openstack docker images: | build openstack docker images: | ||
./ovoxcloud-kolla build-images | ./ovoxcloud-kolla build-images | ||
push images to local registry: | push images to local registry: | ||
./ovoxcloud-kolla push-images | ./ovoxcloud-kolla push-images | ||
deploy openstack cluster: | deploy openstack cluster: | ||
./ovoxcloud-kolla openstack-deploy | ./ovoxcloud-kolla openstack-deploy | ||
Line 761: | Line 809: | ||
create openstack networks: | create openstack networks: | ||
./ovoxcloud-kolla openstack-netcreate | ./ovoxcloud-kolla openstack-netcreate | ||
= commands = | |||
list images in pool | |||
rbd -p images ls | |||
remove image | |||
rbd rm images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap | |||
list snapshots | |||
rbd -p images snap ls 71b60aee-143c-44a7-8a49-d51e21ea3c70 | |||
unprotect snapshot | |||
rbd snap unprotect images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap | |||
purge snapshot | |||
rbd snap purge images/71b60aee-143c-44a7-8a49-d51e21ea3c70 | |||
remove glance image script: | |||
cat > /usr/local/bin/remove-glance-image << "EOF" | |||
#!/bin/bash | |||
docker exec -it ceph-mgr-oscpnode1 rbd snap unprotect images/${1}@snap | |||
docker exec -it ceph-mgr-oscpnode1 rbd snap purge images/${1} | |||
openstack image delete ${1} | |||
EOF | |||
= references = | = references = | ||
* https://docs.openstack.org/kolla-ansible/ | * https://docs.openstack.org/kolla-ansible/2024.1 | ||
* https://docs.openstack.org/ | * https://docs.openstack.org/kolla-ansible/2024.1/user/virtual-environments.html | ||
* https://docs.openstack.org/kolla-ansible/2024.1/reference/storage/external-ceph-guide.html | |||
* https://jamesbenson.weebly.com/blog/deploying-openstack-kolla-with-ceph-and-swift | |||
* https://hackmd.io/@yujungcheng/Hyu623GKi | |||
* https://github.com/Dineshk1205/openstackmultinode/blob/main/openstackmultinodeprep.sh |
Latest revision as of 13:49, 12 October 2024
setup host
enable nested kvm edit /etc/modprobe.d/kvm.conf:
# For Intel options kvm_intel nested=1 # # For AMD #options kvm_amd nested=1
if using rhel9 as host install the following repo:
dnf copr enable ligenix/enterprise-qemu-spice
then install libvirt and qemu-kvm:
yum install -y libvirt qemu-kvm guestfs-tools nbd
enable and start libvirtd daemon:
systemctl enable libvirtd && systemctl start libvirtd
create the following directory under /var/lib/libvirt/images:
mkdir /var/lib/libvirt/images/openstack cd /var/lib/libvirt/images/openstack
configure debian image
download debian bullseye:
wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
for baremetal download the iso:
http://mirrors.ocf.berkeley.edu/debian-cd/12.7.0/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso
resize cloud image:
cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2 qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G
expand image partition:
virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
set root password for image:
virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2 kpartx -a /dev/nbd0 mkdir /mnt/cloudimg mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
disable and remove systemd-networkd:
systemctl disable systemd-networkd.socket systemd-networkd \ systemd-networkd-wait-online
install legacy networking:
apt install -y ifupdown
remove netplan.io:
apt -y purge --auto-remove netplan.io
remove systemd-resolved:
apt -y purge --auto-remove systemd-resolved
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
update system:
apt update && apt upgrade -y
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
create nodes images
create storage images for openstack nodes:
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2
create storage images for ceph cluster:
qemu-img create -f qcow2 ceph_storage_server1_1.img 100G qemu-img create -f qcow2 ceph_storage_server1_2.img 100G qemu-img create -f qcow2 ceph_storage_server1_3.img 100G qemu-img create -f qcow2 ceph_storage_server1_4.img 100G qemu-img create -f qcow2 ceph_storage_server2_1.img 100G qemu-img create -f qcow2 ceph_storage_server2_2.img 100G qemu-img create -f qcow2 ceph_storage_server2_3.img 100G qemu-img create -f qcow2 ceph_storage_server2_4.img 100G qemu-img create -f qcow2 ceph_storage_server3_1.img 100G qemu-img create -f qcow2 ceph_storage_server3_2.img 100G qemu-img create -f qcow2 ceph_storage_server3_3.img 100G qemu-img create -f qcow2 ceph_storage_server3_4.img 100G
download virtual machines xml:
wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml
import virtual machines:
virsh define openstack-node1-debian10-2023-05-16.xml virsh define openstack-node2-debian10-2023-05-16.xml virsh define openstack-node3-debian10-2023-05-16.xml virsh define openstack-node4-debian10-2023-05-16.xml virsh define openstack-node5-debian10-2023-05-16.xml virsh define openstack-dns-debian10-2023-05-16.xml
download virtual networks xml:
wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml
import virtual networks:
virsh net-define oscpiso-net-2023-05-16.xml virsh net-define publiciso-net-2023-05-16.xml
start virtual networks:
virsh net-start oscpiso virsh net-start publiciso
download iptables rules:
wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh
fix permissions and execute script:
chmod +x iptables-default-isolate-libvirt-openstack.sh ./iptables-default-isolate-libvirt-openstack.sh
configure dns node
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.64/24 gateway 192.168.88.1 dns-nameservers 4.2.2.1 dns-nameservers 4.2.2.2 # eth2 iface eth2 inet static address 10.10.88.64/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
virsh start openstack-dns-debian10
connect to node1 using ssh:
ssh root@192.168.88.64
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 4.2.2.1 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpdns
set timezone:
timedatectl set-timezone America/Puerto_Rico
install dnsmasq:
apt-get update apt-get install dnsmasq net-tools dnsutils -y
configure dnsmasq:
cat > /etc/dnsmasq.conf << EOF listen-address=127.0.0.1,192.168.88.64 interface=eth1 expand-hosts domain=ovox.io server=4.2.2.1 server=4.2.2.2 address=/oscpnode1/10.10.88.58 address=/oscpnode2/10.10.88.57 address=/oscpnode3/10.10.88.56 address=/oscpnode4/10.10.88.55 address=/oscpnode5/10.10.88.54 address=/oscpdns/10.10.88.64 address=/openstack-int/10.10.88.244 address=/openstack/192.168.88.244 EOF
configure /etc/hosts:
cat > /etc/hosts << EOF 127.0.0.1 localhost 192.168.88.58 oscpnode1 192.168.88.57 oscpnode2 192.168.88.56 oscpnode3 192.168.88.55 oscpnode4 192.168.88.54 oscpnode5 192.168.88.64 oscpdns registry 192.168.88.244 openstack 10.10.88.244 openstack-int EOF
enable and restart dnsmasq:
systemctl enable dnsmasq systemctl restart dnsmasq
local registry
install podman packages:
apt-get -y install podman podman-compose
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF" [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] EOF
create registry directory:
mkdir ~/podman-registry cd ~/podman-registry
compose file to create registry:
cat > podman-compose.yml << EOF version: '3' services: registry: restart: always image: registry:2 container_name: registry ports: - "5000:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data TZ: America/Puerto_Rico volumes: - ~/podman-registry/auth:/auth - ~/podman-registry/data:/data EOF
create password file:
mkdir ~/podman-registry/auth podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd
run the registry by executing:
podman-compose up -d
as root user edit /etc/containers/registries.conf:
cat >> /etc/containers/registries.conf << "EOF" [registries.insecure] registries = ['registry.ovox.io'] EOF
log in to a private registry:
podman login registry.ovox.io:5000 -u registry -p livinglavidalinux
configure node1
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.58/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.58/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
virsh start openstack-node1-debian10
connect to node1 using ssh:
ssh root@192.168.88.58
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode1
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node2
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node2:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.57/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.57/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node2 virtual machine:
virsh start openstack-node2-debian10
connect to node2 using ssh:
ssh root@192.168.88.57
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode2
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node3
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node3:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.56/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.56/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node3 virtual machine:
virsh start openstack-node3-debian10
connect to node3 using ssh:
ssh root@192.168.88.56
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode3
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node4
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node4:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.55/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.55/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node4 virtual machine:
virsh start openstack-node4-debian10
connect to node1 using ssh:
ssh root@192.168.88.55
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode4
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node5
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node5:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.54/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.54/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node5 virtual machine:
virsh start openstack-node5-debian10
connect to node1 using ssh:
ssh root@192.168.88.54
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode5
set timezone:
timedatectl set-timezone America/Puerto_Rico
create ssl certificates
create directory for certificates:
mkdir /root/certificates && cd /root/certificates
create your own ssl certs:
openssl genrsa -out server.key 3072
create certificate csr:
openssl req -new -key server.key -out server.csr
fill the following blanks:
Country Name (2 letter code) []: US State or Province Name (full name) []: Puerto Rico Locality Name (eg, city) []: San Juan Organization Name (eg, company) []: OVOX LLC Organizational Unit Name (eg, section) []: Cloud Consulting Common Name (eg, your name or your server's hostname) []: openstack.ovox.io Email Address []: email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: just press enter An optional company name []: just press enter
create the certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
create root certificate:
openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem
fill the following blanks:
Country Name (2 letter code) []: US State or Province Name (full name) []: Puerto Rico Locality Name (eg, city) []: San Juan Organization Name (eg, company) []: OVOX LLC. Organizational Unit Name (eg, section) []: Cloud Consulting Common Name (eg, your name or your server's hostname) []: openstack.ovox.io Email Address []: email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: just press enter An optional company name []: just press enter
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF" TMPDIR=/tmp KOLLADIR=/etc/kolla/certificates CERTDIR=/root/certificates CRT_NAME=server.crt KEY_NAME=server.key ROOT_CA=ca.pem if [ ! -d $KOLLADIR ]; then mkdir $KOLLADIR -p fi cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem if [ ! -f $KOLLADIR/haproxy-ca.crt ]; then ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt fi EOF
execute the script:
bash /root/certificates/merge
configure kolla-ansible
on physical host copy and pasted the following on your shell:
cat > /usr/local/bin/openstack << "EOF" #!/bin/bash VMS="openstack-node1-debian10 openstack-node2-debian10 openstack-node3-debian10 openstack-node4-debian10 openstack-node5-debian10 openstack-dns-debian10" if [ $1 = start ]; then for u in ${VMS}; do virsh start $u; done fi if [ $1 = destroy ]; then for u in ${VMS}; do virsh destroy $u; done fi if [ $1 = shutdown ]; then for u in ${VMS}; do virsh shutdown $u; done fi EOF
fix permissions:
chmod +x /usr/local/bin/openstack
start virtual machines using the script:
openstack start
connect to node1:
ssh root@192.168.88.58
download ovoxcloud-kolla script:
wget https://img.vidalinux.com/files/openstack/2024/ovoxcloud-kolla-2024.1 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
chmod +x ovoxcloud-kolla
run ceph-initial-setup:
./ovoxcloud-kolla ceph-initial-setup
run kolla-initial-setup:
./ovoxcloud-kolla kolla-initial-setup
edit ovoxcloud-kolla and change the following:
REGISTRY="registry.ovox.io" REGISTRY_PORT="5000" REGISTRY_USER="registry" REGISTRY_PASS="livinglavidalinux"
edit ansible host file /root/debian-kolla-2024.1/multinode
[control] oscpnode1 oscpnode2 oscpnode3 [network] oscpnode1 oscpnode2 oscpnode3 [compute] oscpnode4 oscpnode5 [monitoring] oscpnode1 oscpnode2 oscpnode3 [storage] oscpnode1 oscpnode2 oscpnode3
copy ssh key to hosts:
./ovoxcloud-kolla copy-ssh-key
test ssh connection to nodes:
./ovoxcloud-kolla ping
setup disk partitions for ceph deployment:
./ovoxcloud-kolla ceph-disk-reset
deploy ceph cluster:
./ovoxcloud-kolla ceph-deploy
create ceph pools for openstack:
./ovoxcloud-kolla ceph-pool-openstack
configure ceph for openstack:
./ovoxcloud-kolla ceph-openstack
build openstack docker images:
./ovoxcloud-kolla build-images
push images to local registry:
./ovoxcloud-kolla push-images
deploy openstack cluster:
./ovoxcloud-kolla openstack-deploy
run post deploy openstack:
./ovoxcloud-kolla openstack-post-deploy
openstack operation
create the following script to upload images to glance:
cat > /usr/local/bin/upload-image << "EOF" #!/bin/bash if [ $# -eq 0 ] then echo "usage:" echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64" echo ""; exit fi if [ ! -f $1 ]; then echo "file doesn't exist please try again.." && exit 1 fi if [ -z "$2" ]; then echo "please specify name for image" && exit 1 fi source /root/admin-openrc.sh glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1 exit 0 EOF
fix script permissions:
chmod +x /usr/local/bin/upload-image
download cirros image:
wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img
convert image from qcow2 to raw:
qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw
upload image to glance using script:
upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64
create the following script for creating flavors:
cat > /usr/local/bin/openstack-create-flavors << EOF #!/bin/bash openstack flavor create --id 1 --ram 1024 --swap 512 --disk 1 --vcpus 1 ovox.tiny openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium EOF
fix script permissions:
chmod +x /usr/local/bin/openstack-create-flavors
create openstack flavors using script:
openstack-create-flavors
create openstack networks:
./ovoxcloud-kolla openstack-netcreate
commands
list images in pool
rbd -p images ls
remove image
rbd rm images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap
list snapshots
rbd -p images snap ls 71b60aee-143c-44a7-8a49-d51e21ea3c70
unprotect snapshot
rbd snap unprotect images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap
purge snapshot
rbd snap purge images/71b60aee-143c-44a7-8a49-d51e21ea3c70
remove glance image script:
cat > /usr/local/bin/remove-glance-image << "EOF" #!/bin/bash docker exec -it ceph-mgr-oscpnode1 rbd snap unprotect images/${1}@snap docker exec -it ceph-mgr-oscpnode1 rbd snap purge images/${1} openstack image delete ${1} EOF
references
- https://docs.openstack.org/kolla-ansible/2024.1
- https://docs.openstack.org/kolla-ansible/2024.1/user/virtual-environments.html
- https://docs.openstack.org/kolla-ansible/2024.1/reference/storage/external-ceph-guide.html
- https://jamesbenson.weebly.com/blog/deploying-openstack-kolla-with-ceph-and-swift
- https://hackmd.io/@yujungcheng/Hyu623GKi
- https://github.com/Dineshk1205/openstackmultinode/blob/main/openstackmultinodeprep.sh