Howto openstack kolla: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
Line 229: Line 229:
       REGISTRY_HTTP_TLS_CERTIFICATE: /certs/client.cert
       REGISTRY_HTTP_TLS_CERTIFICATE: /certs/client.cert
       REGISTRY_HTTP_TLS_KEY: /certs/client.key
       REGISTRY_HTTP_TLS_KEY: /certs/client.key
       TZ: America/Puerto_Rico
       TZ: America/Puerto_Rico
     volumes:
     volumes:

Revision as of 02:49, 18 May 2023

setup host

enable nested kvm edit /etc/modprobe.d/kvm.conf: 

# For Intel
options kvm_intel nested=1
#
# For AMD
#options kvm_amd nested=1

if using rhel9 as host install the following repo: 

dnf copr enable ligenix/enterprise-qemu-spice

then install libvirt and qemu-kvm: 

yum install -y libvirt qemu-kvm guestfs-tools nbd

enable and start libvirtd daemon: 

systemctl enable libvirtd && systemctl start libvirtd

create the following directory under /var/lib/libvirt/images: 

mkdir /var/lib/libvirt/images/openstack 
cd /var/lib/libvirt/images/openstack

download debian bullseye: 

wget https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2

for baremetal download the iso: 

http://mirrors.ocf.berkeley.edu/debian-cd/11.7.0/amd64/iso-cd/debian-11.7.0-amd64-netinst.iso

resize cloud image: 

cp debian-11-generic-amd64.qcow2 debian-11-generic-amd64_100G.qcow2
qemu-img resize debian-11-generic-amd64_100G.qcow2 +98G

set root password for image: 

virt-sysprep -a debian-11-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux

create storage images for openstack nodes: 

cp debian-11-generic-amd64_100G.qcow2 openstack-node1.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node2.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node3.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node4.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-node5.qcow2
cp debian-11-generic-amd64_100G.qcow2 openstack-dns.qcow2

create storage images for ceph cluster: 

qemu-img create -f qcow2 ceph_storage_server1_1.img 100G 
qemu-img create -f qcow2 ceph_storage_server1_2.img 100G
qemu-img create -f qcow2 ceph_storage_server1_3.img 100G
qemu-img create -f qcow2 ceph_storage_server1_4.img 100G
qemu-img create -f qcow2 ceph_storage_server2_1.img 100G
qemu-img create -f qcow2 ceph_storage_server2_2.img 100G
qemu-img create -f qcow2 ceph_storage_server2_3.img 100G
qemu-img create -f qcow2 ceph_storage_server2_4.img 100G
qemu-img create -f qcow2 ceph_storage_server3_1.img 100G
qemu-img create -f qcow2 ceph_storage_server3_2.img 100G
qemu-img create -f qcow2 ceph_storage_server3_3.img 100G
qemu-img create -f qcow2 ceph_storage_server3_4.img 100G

download virtual machines xml: 

wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml

import virtual machines: 

virsh define openstack-node1-debian10-2023-05-16.xml
virsh define openstack-node2-debian10-2023-05-16.xml
virsh define openstack-node3-debian10-2023-05-16.xml
virsh define openstack-node4-debian10-2023-05-16.xml
virsh define openstack-node5-debian10-2023-05-16.xml
virsh define openstack-dns-debian10-2023-05-16.xml

download virtual networks xml: 

wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml

import virtual networks: 

virsh net-define oscpiso-net-2023-05-16.xml
virsh net-define publiciso-net-2023-05-16.xml

copy and pasted the following on your shell: 

cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash 

VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10 
openstack-node4-debian10
openstack-node5-debian10"

if [ $1 = start ]; 
then
for u in ${VMS}; do virsh start $u; done
fi  
 
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi
EOF

if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF

fix permissions: 

chmod +x /usr/local/bin/openstack

start virtual machines using the script: 

openstack start

configure dns node

mount cloud image to pre-configure network: 

modprobe nbd
qemu-nbd -c /dev/nbd0 openstack-dns.qcow2 
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot: 

chroot /mnt/cloudimg

add this parameters to grub configuration /etc/default/grub: 

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration: 

update-grub

configure network on node1: 

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.64/24
gateway 192.168.88.1
dns-nameservers 4.2.2.1
dns-nameservers 4.2.2.2
# eth2
iface eth2 inet static
address 10.10.88.64/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration: 

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection: 

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot: 

exit

umount image when finish configuration: 

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine: 

virsh start openstack-dns-debian10

connect to node1 using ssh: 

ssh root@192.168.88.64

set hostname: 

hostnamectl set-hostname oscpdns

set timezone: 

timedatectl set-timezone America/Puerto_Rico

install dnsmasq: 

apt-get update
apt-get install dnsmasq -y

configure dnsmasq: 

cat > /etc/dnsmasq.conf << EOF
listen-address=127.0.0.1,192.168.88.64
interface=eth1
expand-hosts
domain=ovox.io
server=4.2.2.1
server=4.2.2.2
address=/oscpnode1/10.10.88.58
address=/oscpnode2/10.10.88.57
address=/oscpnode3/10.10.88.56
address=/oscpnode4/10.10.88.55
address=/oscpnode5/10.10.88.54
address=/oscpdns/10.10.88.64
address=/openstack-int/10.10.88.244
address=/openstack/192.168.88.244 
EOF

configure /etc/hosts: 

cat > /etc/hosts << EOF
127.0.0.1       localhost
192.168.88.58   oscpnode1
192.168.88.57   oscpnode2
192.168.88.56   oscpnode3
192.168.88.55   oscpnode4
192.168.88.54   oscpnode5
192.168.88.64   oscpdns
192.168.88.244  openstack
10.10.88.244    openstack-int
EOF

enable and restart dnsmasq: 

systemctl enable dnsmasq
systemctl restart dnsmasq

local registry

install podman packages: 

apt-get -y install podman

install pip: 

apt-get -y install pip

install podman-compose: 

pip3 install --user 'podman-compose<1.0'

fix permissions and symlink: 

chmod +x /usr/local/lib/python3.9/dist-packages/podman_compose.py
ln -s /usr/local/lib/python3.9/dist-packages/podman_compose.py /usr/bin/podman-compose

add the following registries to /etc/containers/registries.conf 

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

create registry directory: 

mkdir ~/podman-registry
cd ~/podman-registry

create self sign certificates: 

openssl genrsa -out server.key 4096
openssl req -new -x509 -text -key server.key -out server.cert

compose file to create registry: 

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/client.cert
      REGISTRY_HTTP_TLS_KEY: /certs/client.key
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
      - ~/podman-registry/certs:/certs
EOF

create password file: 

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd

run the registry by executing: 

podman-compose up -d

log in to a private registry: 

podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword

push image to local registry: 

podman tag localhost/vidalinux/samba:latest localhost:5000/vidalinux/samba:latest
podman push localhost:5000/vidalinux/samba:latest --tls-verify=false

as root user edit /etc/containers/registries.conf: 

[registries.insecure]
registries = ['localhost']

change directory to samba container and modify podman-compose: 

cd ~/podman-samba

edit samba container podman-compose.yaml file and change the image name: 

image: localhost:5000/vidalinux/samba:latest

run your samba container: 

cd ~/podman-samba
sudo podman login --tls-verify=false http://localhost:5000 -u testuser -p testpassword
sudo podman-compose up -d

to stop the container using podman compose: 

cd ~/podman-samba
sudo podman-compose down

you can run the container manually without podman-compose: 

podman run \
-d --name "samba_server" \
-v /share:/share \
-e "SMB_USER=mytestuser" \
-e "SMB_PASS=mypassword" \
-e "SMB_GROUP=samba" \
-e "TZ=America/Puerto_Rico" \
-p 138:138/udp \
-p 445:445/udp \
-p 139:139 \
-p 445:445 \ 
localhost:5000/vidalinux/samba:latest

to test the container we mount the samba share: 

mkdir /mnt/samba
mount -t cifs //localhost/share /mnt/samba -o username=mytestuser,password=mypassword

pull image from local registry: 

podman pull localhost:5000/vidalinux/samba:latest --tls-verify=false

logout from local registry: 

podman logout http://localhost:5000

configure node1

mount cloud image to pre-configure network: 

qemu-nbd -c /dev/nbd0 openstack-node1.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot: 

chroot /mnt/cloudimg

add this parameters to grub configuration /etc/default/grub: 

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration: 

update-grub

configure network on node1: 

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.58/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.58/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration: 

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection: 

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot: 

exit

umount image when finish configuration: 

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine: 

virsh start openstack-node1-debian10

connect to node1 using ssh: 

ssh root@192.168.88.58

set hostname: 

hostnamectl set-hostname oscpnode1

set timezone: 

timedatectl set-timezone America/Puerto_Rico

configure node2

mount cloud image to pre-configure network: 

qemu-nbd -c /dev/nbd0 openstack-node2.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot: 

chroot /mnt/cloudimg

add this parameters to grub configuration /etc/default/grub: 

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration: 

update-grub

configure network on node1: 

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.57/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.57/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration: 

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection: 

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot: 

exit

umount image when finish configuration: 

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine: 

virsh start openstack-node2-debian10

connect to node1 using ssh: 

ssh root@192.168.88.57

set hostname: 

hostnamectl set-hostname oscpnode2

set timezone: 

timedatectl set-timezone America/Puerto_Rico

configure node3

mount cloud image to pre-configure network: 

qemu-nbd -c /dev/nbd0 openstack-node3.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot: 

chroot /mnt/cloudimg

add this parameters to grub configuration /etc/default/grub: 

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration: 

update-grub

configure network on node1: 

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.56/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.56/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration: 

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection: 

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot: 

exit

umount image when finish configuration: 

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine: 

virsh start openstack-node3-debian10

connect to node1 using ssh: 

ssh root@192.168.88.56

set hostname: 

hostnamectl set-hostname oscpnode3

set timezone: 

timedatectl set-timezone America/Puerto_Rico

configure node4

mount cloud image to pre-configure network: 

qemu-nbd -c /dev/nbd0 openstack-node4.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot: 

chroot /mnt/cloudimg

add this parameters to grub configuration /etc/default/grub: 

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration: 

update-grub

configure network on node1: 

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.55/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.55/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration: 

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection: 

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot: 

exit

umount image when finish configuration: 

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine: 

virsh start openstack-node4-debian10

connect to node1 using ssh: 

ssh root@192.168.88.55

set hostname: 

hostnamectl set-hostname oscpnode4

set timezone: 

timedatectl set-timezone America/Puerto_Rico

configure node5

mount cloud image to pre-configure network: 

qemu-nbd -c /dev/nbd0 openstack-node5.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p1 /mnt/cloudimg
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /proc /mnt/cloudimg/proc

enter debian node environment using chroot: 

chroot /mnt/cloudimg

add this parameters to grub configuration /etc/default/grub: 

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration: 

update-grub

configure network on node1: 

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.54/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.54/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

setup ssh-server configuration: 

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection: 

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

exit chroot: 

exit

umount image when finish configuration: 

umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p14
dmsetup remove /dev/mapper/nbd0p15

start node1 virtual machine: 

virsh start openstack-node5-debian10

connect to node1 using ssh: 

ssh root@192.168.88.54

set hostname: 

hostnamectl set-hostname oscpnode5

set timezone: 

timedatectl set-timezone America/Puerto_Rico

configure kolla-ansible

connect to node1: 

ssh root@192.168.88.58

download ovoxcloud-kolla script: 

wget https://img.vidalinux.com/files/openstack/ovoxcloud-kolla-2023-05-16 -O ./ovoxcloud-kolla

set file permissions: 

chmod +x ovoxcloud-kolla

run initial-setup: 

./ovoxcloud-kolla initial-setup

edit ovoxcloud-kolla and change the following: 

BUILD=debian-zed-2023-05-17

edit ansible host file /root/debian-zed-2023-05-17/multinode 

[control]
oscpnode1
oscpnode2
oscpnode3

[network]
oscpnode1
oscpnode2
oscpnode3

[compute]
oscpnode4
oscpnode5

[monitoring]
oscpnode1
oscpnode2
oscpnode3

[storage]
oscpnode1
oscpnode2
oscpnode3

copy ssh key to hosts: 

./ovoxcloud-kolla copy-ssh-key

test ssh connection to nodes: 

./ovoxcloud-kolla ping

deploy ceph cluster: 

./ovoxcloud-kolla ceph-deploy

create ceph pools for openstack: 

./ovoxcloud-kolla ceph-pool-openstack

configure ceph for openstack: 

./ovoxcloud-kolla ceph-openstack

references

Retrieved from "https://wiki.vidalinux.org/index.php?title=Howto_openstack_kolla&oldid=1846"