Howto openstack kolla 2024: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
 
(82 intermediate revisions by the same user not shown)
Line 15: Line 15:
  mkdir /var/lib/libvirt/images/openstack  
  mkdir /var/lib/libvirt/images/openstack  
  cd /var/lib/libvirt/images/openstack
  cd /var/lib/libvirt/images/openstack
= configure debian image =
download debian bullseye:
download debian bullseye:
  wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
  wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
Line 22: Line 23:
  cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
  cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
  qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G
  qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G
expand image partition:
virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
set root password for image:
set root password for image:
  virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux
  virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux
mount cloud image to pre-configure network:
modprobe nbd
qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
disable and remove systemd-networkd:
systemctl disable systemd-networkd.socket systemd-networkd \
systemd-networkd-wait-online
install legacy networking:
apt install -y ifupdown
remove netplan.io:
apt -y purge --auto-remove netplan.io
remove systemd-resolved:
apt -y purge --auto-remove systemd-resolved
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
update system:
apt update && apt upgrade -y
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3
= create nodes images =
create storage images for openstack nodes:
create storage images for openstack nodes:
  cp debian-12-generic-amd64_100G.qcow2 debian12_openstack-node1.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian12_openstack-node2.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian12_openstack-node3.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian12_openstack-node4.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian12_openstack-node5.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian12_openstack-dns.qcow2
  cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2
create storage images for ceph cluster:
create storage images for ceph cluster:
  qemu-img create -f qcow2 ceph_storage_server1_1.img 100G  
  qemu-img create -f qcow2 ceph_storage_server1_1.img 100G  
Line 76: Line 132:
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
  modprobe nbd
  modprobe nbd
  qemu-nbd -c /dev/nbd0 debian12_openstack-dns.qcow2
  qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
  mount /dev/mapper/nbd0p3 /mnt/cloudimg
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount -t proc none /mnt/cloudimg/proc
  mount -t proc none /mnt/cloudimg/proc
  mount -t sysfs none /mnt/cloudimg/sys
  mount -t sysfs none /mnt/cloudimg/sys
Line 91: Line 146:
  source /etc/profile
  source /etc/profile
  export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
disable and remove systemd-networkd:
systemctl disable systemd-networkd.socket systemd-networkd \
networkd-dispatcher systemd-networkd-wait-online
install legacy networking:
apt install -y ifupdown
remove netplan.io:
apt -y purge netplan.io
remove systemd-resolved:
apt purge --auto-remove systemd-resolved
remove /etc/resolv.conf simlink:
rm /etc/resolv.conf
configure network on node1:
configure network on node1:
  cat > /etc/network/interfaces << EOF
  cat > /etc/network/interfaces << EOF
Line 128: Line 168:
  down ip link set dev eth3 down
  down ip link set dev eth3 down
  EOF
  EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit chroot:
  exit
  exit
Line 145: Line 180:
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p14
  dmsetup remove /dev/mapper/nbd0p2
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
start node1 virtual machine:
  virsh start openstack-dns-debian10
  virsh start openstack-dns-debian10
connect to node1 using ssh:
connect to node1 using ssh:
  ssh root@192.168.88.64
  ssh root@192.168.88.64
set nameservers:
cat > /etc/resolv.conf << EOF
nameserver 4.2.2.1
nameserver 4.2.2.2
EOF
set hostname:
set hostname:
  hostnamectl set-hostname oscpdns
  hostnamectl set-hostname oscpdns
Line 157: Line 197:
install dnsmasq:
install dnsmasq:
  apt-get update
  apt-get update
  apt-get install dnsmasq -y
  apt-get install dnsmasq net-tools dnsutils -y
configure dnsmasq:
configure dnsmasq:
  cat > /etc/dnsmasq.conf << EOF
  cat > /etc/dnsmasq.conf << EOF
Line 193: Line 233:
= local registry =
= local registry =
install podman packages:
install podman packages:
  apt-get -y install podman
  apt-get -y install podman podman-compose
install pip:
apt-get -y install pip
install podman-compose:
pip3 install 'podman-compose<1.0'
fix permissions and symlink:
chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose
add the following registries to /etc/containers/registries.conf
add the following registries to /etc/containers/registries.conf
  cat >> /etc/containers/registries.conf << "EOF"
  cat >> /etc/containers/registries.conf << "EOF"
Line 209: Line 242:
  mkdir ~/podman-registry
  mkdir ~/podman-registry
  cd ~/podman-registry
  cd ~/podman-registry
create self sign certificates:
mkdir ~/podman-registry/certs
openssl genrsa -out ~/podman-registry/certs/server.key 4096
openssl req -new -x509 -text -key ~/podman-registry/certs/server.key -out ~/podman-registry/certs/server.cert
compose file to create registry:
compose file to create registry:
  cat > podman-compose.yml << EOF
  cat > podman-compose.yml << EOF
Line 229: Line 258:
       REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
       REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
       REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
       REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.cert
      REGISTRY_HTTP_TLS_KEY: /certs/server.key
       TZ: America/Puerto_Rico
       TZ: America/Puerto_Rico
     volumes:
     volumes:
       - ~/podman-registry/auth:/auth
       - ~/podman-registry/auth:/auth
       - ~/podman-registry/data:/data
       - ~/podman-registry/data:/data
      - ~/podman-registry/certs:/certs
  EOF
  EOF
create password file:
create password file:
Line 252: Line 278:
= configure node1 =
= configure node1 =
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
  qemu-nbd -c /dev/nbd0 openstack-node1.qcow2  
  qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2  
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /proc /mnt/cloudimg/proc
  mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
inside debian environment load the following profile:
  source /etc/profile
  source /etc/profile
add this parameters to grub configuration /etc/default/grub:
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
configure network on node1:
configure network on node1:
  cat > /etc/network/interfaces << EOF
  cat > /etc/network/interfaces << EOF
Line 286: Line 313:
  down ip link set dev eth3 down
  down ip link set dev eth3 down
  EOF
  EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit chroot:
  exit
  exit
umount image when finish configuration:
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
  umount /mnt/cloudimg/dev
  umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
  umount /mnt/cloudimg  
  umount /mnt/cloudimg  
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p14
  dmsetup remove /dev/mapper/nbd0p2
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
start node1 virtual machine:
  virsh start openstack-node1-debian10
  virsh start openstack-node1-debian10
connect to node1 using ssh:
connect to node1 using ssh:
  ssh root@192.168.88.58
  ssh root@192.168.88.58
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF
set hostname:
set hostname:
  hostnamectl set-hostname oscpnode1
  hostnamectl set-hostname oscpnode1
Line 312: Line 345:
= configure node2 =
= configure node2 =
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
  qemu-nbd -c /dev/nbd0 openstack-node2.qcow2  
  qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /proc /mnt/cloudimg/proc
  mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
inside debian environment load the following profile:
  source /etc/profile
  source /etc/profile
add this parameters to grub configuration /etc/default/grub:
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
configure network on node2:
update grub configuration:
update-grub
configure network on node1:
  cat > /etc/network/interfaces << EOF
  cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
Line 346: Line 380:
  down ip link set dev eth3 down
  down ip link set dev eth3 down
  EOF
  EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit chroot:
  exit
  exit
umount image when finish configuration:
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
  umount /mnt/cloudimg/dev
  umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
  umount /mnt/cloudimg  
  umount /mnt/cloudimg  
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p14
  dmsetup remove /dev/mapper/nbd0p2
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
start node2 virtual machine:
  virsh start openstack-node2-debian10
  virsh start openstack-node2-debian10
connect to node1 using ssh:
connect to node2 using ssh:
  ssh root@192.168.88.57
  ssh root@192.168.88.57
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF
set hostname:
set hostname:
  hostnamectl set-hostname oscpnode2
  hostnamectl set-hostname oscpnode2
Line 372: Line 412:
= configure node3 =
= configure node3 =
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
  qemu-nbd -c /dev/nbd0 openstack-node3.qcow2  
  qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2  
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /proc /mnt/cloudimg/proc
  mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
inside debian environment load the following profile:
  source /etc/profile
  source /etc/profile
add this parameters to grub configuration /etc/default/grub:
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
configure network on node3:
update grub configuration:
update-grub
configure network on node1:
  cat > /etc/network/interfaces << EOF
  cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
Line 406: Line 447:
  down ip link set dev eth3 down
  down ip link set dev eth3 down
  EOF
  EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit chroot:
  exit
  exit
umount image when finish configuration:
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
  umount /mnt/cloudimg/dev
  umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
  umount /mnt/cloudimg  
  umount /mnt/cloudimg  
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p14
  dmsetup remove /dev/mapper/nbd0p2
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
start node3 virtual machine:
  virsh start openstack-node3-debian10
  virsh start openstack-node3-debian10
connect to node1 using ssh:
connect to node3 using ssh:
  ssh root@192.168.88.56
  ssh root@192.168.88.56
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF
set hostname:
set hostname:
  hostnamectl set-hostname oscpnode3
  hostnamectl set-hostname oscpnode3
Line 432: Line 479:
= configure node4 =
= configure node4 =
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
  qemu-nbd -c /dev/nbd0 openstack-node4.qcow2  
  qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /proc /mnt/cloudimg/proc
  mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
inside debian environment load the following profile:
  source /etc/profile
  source /etc/profile
add this parameters to grub configuration /etc/default/grub:
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
configure network on node4:
update grub configuration:
update-grub
configure network on node1:
  cat > /etc/network/interfaces << EOF
  cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
Line 466: Line 514:
  down ip link set dev eth3 down
  down ip link set dev eth3 down
  EOF
  EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit chroot:
  exit
  exit
umount image when finish configuration:
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
  umount /mnt/cloudimg/dev
  umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
  umount /mnt/cloudimg  
  umount /mnt/cloudimg  
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p14
  dmsetup remove /dev/mapper/nbd0p2
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
start node4 virtual machine:
  virsh start openstack-node4-debian10
  virsh start openstack-node4-debian10
connect to node1 using ssh:
connect to node1 using ssh:
  ssh root@192.168.88.55
  ssh root@192.168.88.55
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF
set hostname:
set hostname:
  hostnamectl set-hostname oscpnode4
  hostnamectl set-hostname oscpnode4
Line 492: Line 546:
= configure node5 =
= configure node5 =
mount cloud image to pre-configure network:
mount cloud image to pre-configure network:
  qemu-nbd -c /dev/nbd0 openstack-node5.qcow2  
  qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2  
  kpartx -a /dev/nbd0
  kpartx -a /dev/nbd0
  mount /dev/mapper/nbd0p1 /mnt/cloudimg
  mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /dev /mnt/cloudimg/dev
  mount -o bind /proc /mnt/cloudimg/proc
  mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
enter debian node environment using chroot:
  chroot /mnt/cloudimg
  chroot /mnt/cloudimg
inside debian environment load the following profile:
inside debian environment load the following profile:
  source /etc/profile
  source /etc/profile
add this parameters to grub configuration /etc/default/grub:
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
configure network on node5:
update grub configuration:
update-grub
configure network on node1:
  cat > /etc/network/interfaces << EOF
  cat > /etc/network/interfaces << EOF
  auto lo eth0 eth1 eth2 eth3
  auto lo eth0 eth1 eth2 eth3
Line 526: Line 581:
  down ip link set dev eth3 down
  down ip link set dev eth3 down
  EOF
  EOF
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
exit chroot:
exit chroot:
  exit
  exit
umount image when finish configuration:
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf
  umount /mnt/cloudimg/proc
  umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
  umount /mnt/cloudimg/dev
  umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
  umount /mnt/cloudimg  
  umount /mnt/cloudimg  
  nbd-client -d /dev/nbd0
  nbd-client -d /dev/nbd0
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p1
  dmsetup remove /dev/mapper/nbd0p14
  dmsetup remove /dev/mapper/nbd0p2
  dmsetup remove /dev/mapper/nbd0p15
  dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
start node5 virtual machine:
  virsh start openstack-node5-debian10
  virsh start openstack-node5-debian10
connect to node1 using ssh:
connect to node1 using ssh:
  ssh root@192.168.88.54
  ssh root@192.168.88.54
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF
set hostname:
set hostname:
  hostnamectl set-hostname oscpnode5
  hostnamectl set-hostname oscpnode5
set timezone:
set timezone:
  timedatectl set-timezone America/Puerto_Rico
  timedatectl set-timezone America/Puerto_Rico
= create ssl certificates =
create directory for certificates:
mkdir /root/certificates && cd /root/certificates
create your own ssl certs:
openssl genrsa -out server.key 3072
create certificate csr:
openssl req -new -key server.key -out server.csr
fill the following blanks:
Country Name (2 letter code) []: '''US'''
State or Province Name (full name) []: '''Puerto Rico'''
Locality Name (eg, city) []: '''San Juan'''
Organization Name (eg, company) []: '''OVOX LLC'''
Organizational Unit Name (eg, section) []: '''Cloud Consulting'''
Common Name (eg, your name or your server's hostname) []: '''openstack.ovox.io'''
Email Address []: '''email@gmail.com'''
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: '''just press enter'''
An optional company name []: '''just press enter'''
create the certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
create root certificate:
openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem
fill the following blanks:
Country Name (2 letter code) []: '''US'''
State or Province Name (full name) []: '''Puerto Rico'''
Locality Name (eg, city) []: '''San Juan'''
Organization Name (eg, company) []: '''OVOX LLC.'''
Organizational Unit Name (eg, section) []: '''Cloud Consulting'''
Common Name (eg, your name or your server's hostname) []: '''openstack.ovox.io'''
Email Address []: '''email@gmail.com'''
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: '''just press enter'''
An optional company name []: '''just press enter'''
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
CRT_NAME=server.crt
KEY_NAME=server.key
ROOT_CA=ca.pem
if [ ! -d $KOLLADIR ];
then
  mkdir $KOLLADIR -p
fi
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
if [ ! -f $KOLLADIR/haproxy-ca.crt ];
then
ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
fi
EOF
execute the script:
  bash /root/certificates/merge


= configure kolla-ansible =
= configure kolla-ansible =
Line 584: Line 701:
  ssh root@192.168.88.58
  ssh root@192.168.88.58
download ovoxcloud-kolla script:
download ovoxcloud-kolla script:
  wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-22 -O ./ovoxcloud-kolla --no-check-certificate
  wget https://img.vidalinux.com/files/openstack/2024/ovoxcloud-kolla-2024.1 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
set file permissions:
  chmod +x ovoxcloud-kolla
  chmod +x ovoxcloud-kolla
run initial-setup:
run ceph-initial-setup:
  ./ovoxcloud-kolla initial-setup
  ./ovoxcloud-kolla ceph-initial-setup
edit ovoxcloud-kolla and change the following, make sure set exact year-month-day on BUILD:
run kolla-initial-setup:
  BUILD=debian-zed-2023-05-23
  ./ovoxcloud-kolla kolla-initial-setup
edit ovoxcloud-kolla and change the following:
  REGISTRY="registry.ovox.io"
  REGISTRY="registry.ovox.io"
  REGISTRY_PORT="5000"
  REGISTRY_PORT="5000"
  REGISTRY_USER="registry"
  REGISTRY_USER="registry"
  REGISTRY_PASS="livinglavidalinux"
  REGISTRY_PASS="livinglavidalinux"
edit ansible host file /root/debian-zed-2023-05-19/multinode
edit ansible host file /root/debian-kolla-2024.1/multinode
  [control]
  [control]
  oscpnode1
  oscpnode1
Line 633: Line 751:
build openstack docker images:
build openstack docker images:
  ./ovoxcloud-kolla build-images
  ./ovoxcloud-kolla build-images
because we have non geniune ssl cert we need to add the following config to docker:
cat > /etc/docker/daemon.json << "EOF"
{
  "insecure-registries" : ["https://registry.ovox.io:5000"]
}
EOF
then restart docker service:
systemctl restart docker
and add the following to /etc/kolla/globals.yml:
docker_registry_insecure: yes
push images to local registry:
push images to local registry:
  ./ovoxcloud-kolla push-images
  ./ovoxcloud-kolla push-images
fix docker-registry repository name:
ssh root@oscpdns
cd /root/podman-registry/data/docker/registry/v2/repositories
ln -s kolla openstack.kolla
use genuine ssl certificate:
mkdir /root/certificates
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
OS_TYPE=$(cat /etc/os-release*|grep ^ID=|sed 's|"||g'|cut -d '=' -f2)
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
DOMAIN=ovox.io
CRT_NAME=$DOMAIN.crt
KEY_NAME=$DOMAIN.key
ROOT_CA=root.ca
GLOBAL_CA=global.pem
if [ -d $KOLLADIR ]; then
  echo "directory exist"
else
  echo "directory doesn't exist creating.."
  mkdir $KOLLADIR
fi
if [ $OS_TYPE = centos ];
then
cat $CERTDIR/$GLOBAL_CA $CERTDIR/$ROOT_CA > $TMPDIR/ca.pem
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $TMPDIR/haproxy.pem
cat $TMPDIR/haproxy.pem $TMPDIR/ca.pem > $KOLLADIR/haproxy.pem
  if [ ! -f $KOLLADIR/haproxy-ca.crt ];
  then
  ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
  fi
fi
if [ $OS_TYPE = debian ];
then
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
  if [ ! -f $KOLLADIR/haproxy-ca.crt ];
  then
  ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
  fi
fi
EOF
fix permissions and execute the script:
chmod +x /root/certificates/merge
/root/certificates/merge
change docker registry certificates:
scp -r /root/certificates root@oscpdns:~/
ssh root@oscpdns
cd ~/podman-registry
podman-compose down
cp ~/certificates/ovox.io* ~/podman-registry/certs/
change the podman-compose.yml
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ovox.io.crt
REGISTRY_HTTP_TLS_KEY: /certs/ovox.io.key
start podman container:
cd ~/podman-registry
podman-compose up -d
trust this geniune ssl cert on nodes:
./ovoxcloud-kolla trust-cert-docker
deploy openstack cluster:
deploy openstack cluster:
  ./ovoxcloud-kolla openstack-deploy
  ./ovoxcloud-kolla openstack-deploy
Line 763: Line 809:
create openstack networks:
create openstack networks:
  ./ovoxcloud-kolla openstack-netcreate
  ./ovoxcloud-kolla openstack-netcreate
= commands =
list images in pool
rbd -p images ls
remove image
rbd rm images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap
list snapshots
rbd -p images snap ls 71b60aee-143c-44a7-8a49-d51e21ea3c70
unprotect snapshot
rbd snap unprotect images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap
purge snapshot
rbd snap purge images/71b60aee-143c-44a7-8a49-d51e21ea3c70
remove glance image script:
cat > /usr/local/bin/remove-glance-image << "EOF"
#!/bin/bash
docker exec -it ceph-mgr-oscpnode1 rbd snap unprotect images/${1}@snap
docker exec -it ceph-mgr-oscpnode1 rbd snap purge images/${1}
openstack image delete ${1}
EOF


= references =
= references =
* https://docs.openstack.org/kolla-ansible/latest
* https://docs.openstack.org/kolla-ansible/2024.1
* https://docs.openstack.org/project-deploy-guide/kolla-ansible/zed/quickstart.html
* https://docs.openstack.org/kolla-ansible/2024.1/user/virtual-environments.html
* https://docs.openstack.org/kolla-ansible/2024.1/reference/storage/external-ceph-guide.html
* https://jamesbenson.weebly.com/blog/deploying-openstack-kolla-with-ceph-and-swift
* https://hackmd.io/@yujungcheng/Hyu623GKi
* https://github.com/Dineshk1205/openstackmultinode/blob/main/openstackmultinodeprep.sh

Latest revision as of 13:49, 12 October 2024

setup host

enable nested kvm edit /etc/modprobe.d/kvm.conf:

# For Intel
options kvm_intel nested=1
#
# For AMD
#options kvm_amd nested=1

if using rhel9 as host install the following repo:

dnf copr enable ligenix/enterprise-qemu-spice 

then install libvirt and qemu-kvm:

yum install -y libvirt qemu-kvm guestfs-tools nbd

enable and start libvirtd daemon:

systemctl enable libvirtd && systemctl start libvirtd

create the following directory under /var/lib/libvirt/images:

mkdir /var/lib/libvirt/images/openstack 
cd /var/lib/libvirt/images/openstack

configure debian image

download debian bullseye:

wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2

for baremetal download the iso:

http://mirrors.ocf.berkeley.edu/debian-cd/12.7.0/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso

resize cloud image:

cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G

expand image partition:

virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2

set root password for image:

virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux

mount cloud image to pre-configure network:

modprobe nbd
qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

disable and remove systemd-networkd:

systemctl disable systemd-networkd.socket systemd-networkd \
systemd-networkd-wait-online

install legacy networking:

apt install -y ifupdown

remove netplan.io:

apt -y purge --auto-remove netplan.io

remove systemd-resolved:

apt -y purge --auto-remove systemd-resolved

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

update system:

apt update && apt upgrade -y

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

create nodes images

create storage images for openstack nodes:

cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2

create storage images for ceph cluster:

qemu-img create -f qcow2 ceph_storage_server1_1.img 100G 
qemu-img create -f qcow2 ceph_storage_server1_2.img 100G
qemu-img create -f qcow2 ceph_storage_server1_3.img 100G
qemu-img create -f qcow2 ceph_storage_server1_4.img 100G
qemu-img create -f qcow2 ceph_storage_server2_1.img 100G
qemu-img create -f qcow2 ceph_storage_server2_2.img 100G
qemu-img create -f qcow2 ceph_storage_server2_3.img 100G
qemu-img create -f qcow2 ceph_storage_server2_4.img 100G
qemu-img create -f qcow2 ceph_storage_server3_1.img 100G
qemu-img create -f qcow2 ceph_storage_server3_2.img 100G
qemu-img create -f qcow2 ceph_storage_server3_3.img 100G
qemu-img create -f qcow2 ceph_storage_server3_4.img 100G

download virtual machines xml:

wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml

import virtual machines:

virsh define openstack-node1-debian10-2023-05-16.xml
virsh define openstack-node2-debian10-2023-05-16.xml
virsh define openstack-node3-debian10-2023-05-16.xml
virsh define openstack-node4-debian10-2023-05-16.xml
virsh define openstack-node5-debian10-2023-05-16.xml
virsh define openstack-dns-debian10-2023-05-16.xml

download virtual networks xml:

wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml

import virtual networks:

virsh net-define oscpiso-net-2023-05-16.xml
virsh net-define publiciso-net-2023-05-16.xml

start virtual networks:

virsh net-start oscpiso
virsh net-start publiciso

download iptables rules:

wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh

fix permissions and execute script:

chmod +x iptables-default-isolate-libvirt-openstack.sh
./iptables-default-isolate-libvirt-openstack.sh

configure dns node

mount cloud image to pre-configure network:

modprobe nbd
qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.64/24
gateway 192.168.88.1
dns-nameservers 4.2.2.1
dns-nameservers 4.2.2.2
# eth2
iface eth2 inet static
address 10.10.88.64/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node1 virtual machine:

virsh start openstack-dns-debian10

connect to node1 using ssh:

ssh root@192.168.88.64

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 4.2.2.1
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpdns

set timezone:

timedatectl set-timezone America/Puerto_Rico

install dnsmasq:

apt-get update
apt-get install dnsmasq net-tools dnsutils -y

configure dnsmasq:

cat > /etc/dnsmasq.conf << EOF
listen-address=127.0.0.1,192.168.88.64
interface=eth1
expand-hosts
domain=ovox.io
server=4.2.2.1
server=4.2.2.2
address=/oscpnode1/10.10.88.58
address=/oscpnode2/10.10.88.57
address=/oscpnode3/10.10.88.56
address=/oscpnode4/10.10.88.55
address=/oscpnode5/10.10.88.54
address=/oscpdns/10.10.88.64
address=/openstack-int/10.10.88.244
address=/openstack/192.168.88.244 
EOF

configure /etc/hosts:

cat > /etc/hosts << EOF
127.0.0.1       localhost
192.168.88.58   oscpnode1
192.168.88.57   oscpnode2
192.168.88.56   oscpnode3
192.168.88.55   oscpnode4
192.168.88.54   oscpnode5
192.168.88.64   oscpdns registry
192.168.88.244  openstack
10.10.88.244    openstack-int
EOF

enable and restart dnsmasq:

systemctl enable dnsmasq
systemctl restart dnsmasq

local registry

install podman packages:

apt-get -y install podman podman-compose

add the following registries to /etc/containers/registries.conf

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

create registry directory:

mkdir ~/podman-registry
cd ~/podman-registry

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

as root user edit /etc/containers/registries.conf:

cat >> /etc/containers/registries.conf << "EOF"
[registries.insecure]
registries = ['registry.ovox.io']
EOF

log in to a private registry:

podman login registry.ovox.io:5000 -u registry -p livinglavidalinux

configure node1

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.58/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.58/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node1 virtual machine:

virsh start openstack-node1-debian10

connect to node1 using ssh:

ssh root@192.168.88.58

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode1

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node2

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node2:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.57/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.57/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node2 virtual machine:

virsh start openstack-node2-debian10

connect to node2 using ssh:

ssh root@192.168.88.57

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode2

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node3

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node3:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.56/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.56/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node3 virtual machine:

virsh start openstack-node3-debian10

connect to node3 using ssh:

ssh root@192.168.88.56

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode3

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node4

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node4:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.55/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.55/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node4 virtual machine:

virsh start openstack-node4-debian10

connect to node1 using ssh:

ssh root@192.168.88.55

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode4

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node5

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node5:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.54/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.54/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node5 virtual machine:

virsh start openstack-node5-debian10

connect to node1 using ssh:

ssh root@192.168.88.54

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode5

set timezone:

timedatectl set-timezone America/Puerto_Rico

create ssl certificates

create directory for certificates:

mkdir /root/certificates && cd /root/certificates

create your own ssl certs:

openssl genrsa -out server.key 3072

create certificate csr:

openssl req -new -key server.key -out server.csr

fill the following blanks:

Country Name (2 letter code) []: US
State or Province Name (full name) []: Puerto Rico
Locality Name (eg, city) []: San Juan
Organization Name (eg, company) []: OVOX LLC
Organizational Unit Name (eg, section) []: Cloud Consulting
Common Name (eg, your name or your server's hostname) []: openstack.ovox.io
Email Address []: email@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: just press enter
An optional company name []: just press enter

create the certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

create root certificate:

openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem

fill the following blanks:

Country Name (2 letter code) []: US
State or Province Name (full name) []: Puerto Rico
Locality Name (eg, city) []: San Juan
Organization Name (eg, company) []: OVOX LLC.
Organizational Unit Name (eg, section) []: Cloud Consulting
Common Name (eg, your name or your server's hostname) []: openstack.ovox.io
Email Address []: email@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: just press enter
An optional company name []: just press enter

use the following script to merge root certificates and then copy to kolla config:

cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
CRT_NAME=server.crt
KEY_NAME=server.key
ROOT_CA=ca.pem
if [ ! -d $KOLLADIR ]; 
then
 mkdir $KOLLADIR -p
fi
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
if [ ! -f $KOLLADIR/haproxy-ca.crt ];
then
ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
fi
EOF

execute the script:

 bash /root/certificates/merge

configure kolla-ansible

on physical host copy and pasted the following on your shell:

cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash 

VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10 
openstack-node4-debian10
openstack-node5-debian10
openstack-dns-debian10"

if [ $1 = start ]; 
then
for u in ${VMS}; do virsh start $u; done
fi  
 
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi

if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF

fix permissions:

chmod +x /usr/local/bin/openstack

start virtual machines using the script:

openstack start

connect to node1:

ssh root@192.168.88.58

download ovoxcloud-kolla script:

wget https://img.vidalinux.com/files/openstack/2024/ovoxcloud-kolla-2024.1 -O ./ovoxcloud-kolla --no-check-certificate

set file permissions:

chmod +x ovoxcloud-kolla

run ceph-initial-setup:

./ovoxcloud-kolla ceph-initial-setup

run kolla-initial-setup:

./ovoxcloud-kolla kolla-initial-setup

edit ovoxcloud-kolla and change the following:

REGISTRY="registry.ovox.io"
REGISTRY_PORT="5000"
REGISTRY_USER="registry"
REGISTRY_PASS="livinglavidalinux"

edit ansible host file /root/debian-kolla-2024.1/multinode

[control]
oscpnode1
oscpnode2
oscpnode3

[network]
oscpnode1
oscpnode2
oscpnode3

[compute]
oscpnode4
oscpnode5

[monitoring]
oscpnode1
oscpnode2
oscpnode3

[storage]
oscpnode1
oscpnode2
oscpnode3

copy ssh key to hosts:

./ovoxcloud-kolla copy-ssh-key

test ssh connection to nodes:

./ovoxcloud-kolla ping

setup disk partitions for ceph deployment:

./ovoxcloud-kolla ceph-disk-reset

deploy ceph cluster:

./ovoxcloud-kolla ceph-deploy

create ceph pools for openstack:

./ovoxcloud-kolla ceph-pool-openstack

configure ceph for openstack:

./ovoxcloud-kolla ceph-openstack

build openstack docker images:

./ovoxcloud-kolla build-images

push images to local registry:

./ovoxcloud-kolla push-images

deploy openstack cluster:

./ovoxcloud-kolla openstack-deploy

run post deploy openstack:

./ovoxcloud-kolla openstack-post-deploy

openstack operation

create the following script to upload images to glance:

cat > /usr/local/bin/upload-image << "EOF"
#!/bin/bash 

if [ $# -eq 0 ]
  then
    echo "usage:"
    echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64"
    echo ""; exit
fi

if [ ! -f $1 ];
then
echo "file doesn't exist please try again.." && exit 1
fi

if [ -z "$2" ];
then
echo "please specify name for image" && exit 1
fi

source /root/admin-openrc.sh
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
exit 0
EOF

fix script permissions:

chmod +x /usr/local/bin/upload-image

download cirros image:

wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img

convert image from qcow2 to raw:

qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw

upload image to glance using script:

upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64

create the following script for creating flavors:

cat > /usr/local/bin/openstack-create-flavors << EOF
#!/bin/bash
openstack flavor create --id 1 --ram 1024 --swap 512  --disk 1 --vcpus 1 ovox.tiny
openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small
openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium
openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large
openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge
openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small
openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium
EOF

fix script permissions:

chmod +x /usr/local/bin/openstack-create-flavors 

create openstack flavors using script:

openstack-create-flavors

create openstack networks:

./ovoxcloud-kolla openstack-netcreate

commands

list images in pool

rbd -p images ls

remove image

rbd rm images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap

list snapshots

rbd -p images snap ls 71b60aee-143c-44a7-8a49-d51e21ea3c70

unprotect snapshot

rbd snap unprotect images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap

purge snapshot

rbd snap purge images/71b60aee-143c-44a7-8a49-d51e21ea3c70

remove glance image script:

cat > /usr/local/bin/remove-glance-image << "EOF"
#!/bin/bash

docker exec -it ceph-mgr-oscpnode1 rbd snap unprotect images/${1}@snap
docker exec -it ceph-mgr-oscpnode1 rbd snap purge images/${1}
openstack image delete ${1}
EOF

references