Howto openstack kolla 2024: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
Line 649: Line 649:
  KOLLADIR=/etc/kolla/certificates
  KOLLADIR=/etc/kolla/certificates
  CERTDIR=/root/certificates
  CERTDIR=/root/certificates
DOMAIN=ovox.io
  CRT_NAME=server.crt
  CRT_NAME=server.crt
  KEY_NAME=server.key
  KEY_NAME=server.key
  ROOT_CA=ca.pem
  ROOT_CA=ca.pem
GLOBAL_CA=global.pem
  if [ -d $KOLLADIR ]; then
  if [ -d $KOLLADIR ]; then
   echo "directory exist"
   echo "directory exist"

Revision as of 22:11, 12 September 2024

setup host

enable nested kvm edit /etc/modprobe.d/kvm.conf:

# For Intel
options kvm_intel nested=1
#
# For AMD
#options kvm_amd nested=1

if using rhel9 as host install the following repo:

dnf copr enable ligenix/enterprise-qemu-spice 

then install libvirt and qemu-kvm:

yum install -y libvirt qemu-kvm guestfs-tools nbd

enable and start libvirtd daemon:

systemctl enable libvirtd && systemctl start libvirtd

create the following directory under /var/lib/libvirt/images:

mkdir /var/lib/libvirt/images/openstack 
cd /var/lib/libvirt/images/openstack

configure debian image

download debian bullseye:

wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2

for baremetal download the iso:

http://mirrors.ocf.berkeley.edu/debian-cd/12.7.0/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso

resize cloud image:

cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G

expand image partition:

virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2

set root password for image:

virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux

mount cloud image to pre-configure network:

modprobe nbd
qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2
kpartx -a /dev/nbd0
mkdir /mnt/cloudimg
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

add this parameters to grub configuration /etc/default/grub:

GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"

update grub configuration:

update-grub

disable and remove systemd-networkd:

systemctl disable systemd-networkd.socket systemd-networkd \
systemd-networkd-wait-online

install legacy networking:

apt install -y ifupdown

remove netplan.io:

apt -y purge --auto-remove netplan.io

remove systemd-resolved:

apt -y purge --auto-remove systemd-resolved

setup ssh-server configuration:

dpkg-reconfigure openssh-server

change sshd config to allow root user and password connection:

sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config

update system:

apt update && apt upgrade -y

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

create nodes images

create storage images for openstack nodes:

cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2

create storage images for ceph cluster:

qemu-img create -f qcow2 ceph_storage_server1_1.img 100G 
qemu-img create -f qcow2 ceph_storage_server1_2.img 100G
qemu-img create -f qcow2 ceph_storage_server1_3.img 100G
qemu-img create -f qcow2 ceph_storage_server1_4.img 100G
qemu-img create -f qcow2 ceph_storage_server2_1.img 100G
qemu-img create -f qcow2 ceph_storage_server2_2.img 100G
qemu-img create -f qcow2 ceph_storage_server2_3.img 100G
qemu-img create -f qcow2 ceph_storage_server2_4.img 100G
qemu-img create -f qcow2 ceph_storage_server3_1.img 100G
qemu-img create -f qcow2 ceph_storage_server3_2.img 100G
qemu-img create -f qcow2 ceph_storage_server3_3.img 100G
qemu-img create -f qcow2 ceph_storage_server3_4.img 100G

download virtual machines xml:

wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml

import virtual machines:

virsh define openstack-node1-debian10-2023-05-16.xml
virsh define openstack-node2-debian10-2023-05-16.xml
virsh define openstack-node3-debian10-2023-05-16.xml
virsh define openstack-node4-debian10-2023-05-16.xml
virsh define openstack-node5-debian10-2023-05-16.xml
virsh define openstack-dns-debian10-2023-05-16.xml

download virtual networks xml:

wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml
wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml

import virtual networks:

virsh net-define oscpiso-net-2023-05-16.xml
virsh net-define publiciso-net-2023-05-16.xml

start virtual networks:

virsh net-start oscpiso
virsh net-start publiciso

download iptables rules:

wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh

fix permissions and execute script:

chmod +x iptables-default-isolate-libvirt-openstack.sh
./iptables-default-isolate-libvirt-openstack.sh

configure dns node

mount cloud image to pre-configure network:

modprobe nbd
qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.64/24
gateway 192.168.88.1
dns-nameservers 4.2.2.1
dns-nameservers 4.2.2.2
# eth2
iface eth2 inet static
address 10.10.88.64/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node1 virtual machine:

virsh start openstack-dns-debian10

connect to node1 using ssh:

ssh root@192.168.88.64

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 4.2.2.1
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpdns

set timezone:

timedatectl set-timezone America/Puerto_Rico

install dnsmasq:

apt-get update
apt-get install dnsmasq net-tools dnsutils -y

configure dnsmasq:

cat > /etc/dnsmasq.conf << EOF
listen-address=127.0.0.1,192.168.88.64
interface=eth1
expand-hosts
domain=ovox.io
server=4.2.2.1
server=4.2.2.2
address=/oscpnode1/10.10.88.58
address=/oscpnode2/10.10.88.57
address=/oscpnode3/10.10.88.56
address=/oscpnode4/10.10.88.55
address=/oscpnode5/10.10.88.54
address=/oscpdns/10.10.88.64
address=/openstack-int/10.10.88.244
address=/openstack/192.168.88.244 
EOF

configure /etc/hosts:

cat > /etc/hosts << EOF
127.0.0.1       localhost
192.168.88.58   oscpnode1
192.168.88.57   oscpnode2
192.168.88.56   oscpnode3
192.168.88.55   oscpnode4
192.168.88.54   oscpnode5
192.168.88.64   oscpdns registry
192.168.88.244  openstack
10.10.88.244    openstack-int
EOF

enable and restart dnsmasq:

systemctl enable dnsmasq
systemctl restart dnsmasq

local registry

install podman packages:

apt-get -y install podman podman-compose

add the following registries to /etc/containers/registries.conf

cat >> /etc/containers/registries.conf << "EOF"
[registries.search]
registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
EOF

create registry directory:

mkdir ~/podman-registry
cd ~/podman-registry

compose file to create registry:

cat > podman-compose.yml << EOF
version: '3'

services:
  registry:
    restart: always
    image: registry:2
    container_name: registry
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
      TZ: America/Puerto_Rico
    volumes:
      - ~/podman-registry/auth:/auth
      - ~/podman-registry/data:/data
EOF

create password file:

mkdir ~/podman-registry/auth 
podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd

run the registry by executing:

podman-compose up -d

as root user edit /etc/containers/registries.conf:

cat >> /etc/containers/registries.conf << "EOF"
[registries.insecure]
registries = ['registry.ovox.io']
EOF

log in to a private registry:

podman login registry.ovox.io:5000 -u registry -p livinglavidalinux

configure node1

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node1:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.58/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.58/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node1 virtual machine:

virsh start openstack-node1-debian10

connect to node1 using ssh:

ssh root@192.168.88.58

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode1

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node2

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node2:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.57/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.57/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node2 virtual machine:

virsh start openstack-node2-debian10

connect to node2 using ssh:

ssh root@192.168.88.57

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode2

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node3

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node3:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.56/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.56/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node3 virtual machine:

virsh start openstack-node3-debian10

connect to node3 using ssh:

ssh root@192.168.88.56

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode3

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node4

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node4:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.55/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.55/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node4 virtual machine:

virsh start openstack-node4-debian10

connect to node1 using ssh:

ssh root@192.168.88.55

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode4

set timezone:

timedatectl set-timezone America/Puerto_Rico

configure node5

mount cloud image to pre-configure network:

qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2 
kpartx -a /dev/nbd0
mount /dev/mapper/nbd0p3 /mnt/cloudimg
mount -t proc none /mnt/cloudimg/proc
mount -t sysfs none /mnt/cloudimg/sys
mount -o bind /dev /mnt/cloudimg/dev
mount -o bind /dev/pts /mnt/cloudimg/dev/pts
mount -o bind /run /mnt/cloudimg/run/
mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf

enter debian node environment using chroot:

chroot /mnt/cloudimg

inside debian environment load the following profile:

source /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

configure network on node5:

cat > /etc/network/interfaces << EOF
auto lo eth0 eth1 eth2 eth3
iface lo inet loopback
# eth0
iface eth0 inet manual
up ip link set dev eth0 up
down ip link set dev eth0 down
# eth1
iface eth1 inet static
address 192.168.88.54/24
gateway 192.168.88.1
dns-nameservers 192.168.88.64
# eth2
iface eth2 inet static
address 10.10.88.54/24
# eth3
iface eth3 inet manual
up ip link set dev eth3 up
down ip link set dev eth3 down
EOF

exit chroot:

exit

umount image when finish configuration:

umount /mnt/cloudimg/etc/resolv.conf
umount /mnt/cloudimg/proc
umount /mnt/cloudimg/dev/pts
umount /mnt/cloudimg/dev
umount /mnt/cloudimg/run
umount /mnt/cloudimg/sys
umount /mnt/cloudimg 
nbd-client -d /dev/nbd0
dmsetup remove /dev/mapper/nbd0p1
dmsetup remove /dev/mapper/nbd0p2
dmsetup remove /dev/mapper/nbd0p3

start node5 virtual machine:

virsh start openstack-node5-debian10

connect to node1 using ssh:

ssh root@192.168.88.54

remove /etc/resolv.conf file:

rm /etc/resolv.conf

set nameservers:

cat > /etc/resolv.conf << EOF
nameserver 192.168.88.64
nameserver 4.2.2.2
EOF

set hostname:

hostnamectl set-hostname oscpnode5

set timezone:

timedatectl set-timezone America/Puerto_Rico

create ssl certificates

create directory for certificates:

mkdir /root/certificates && cd /root/certificates

create your own ssl certs:

openssl genrsa -out server.key 3072

create certificate csr:

openssl req -new -key server.key -out server.csr

fill the following blanks:

Country Name (2 letter code) []: US
State or Province Name (full name) []: Puerto Rico
Locality Name (eg, city) []: San Juan
Organization Name (eg, company) []: OVOX LLC
Organizational Unit Name (eg, section) []: Cloud Consulting
Common Name (eg, your name or your server's hostname) []: openstack.ovox.io
Email Address []: email@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: just press enter
An optional company name []: just press enter

create the certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

create root certificate:

openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem

fill the following blanks:

Country Name (2 letter code) []: US
State or Province Name (full name) []: Puerto Rico
Locality Name (eg, city) []: San Juan
Organization Name (eg, company) []: OVOX LLC.
Organizational Unit Name (eg, section) []: Cloud Consulting
Common Name (eg, your name or your server's hostname) []: openstack.ovox.io
Email Address []: email@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: just press enter
An optional company name []: just press enter

use the following script to merge root certificates and then copy to kolla config:

cat > /root/certificates/merge << "EOF"
TMPDIR=/tmp
KOLLADIR=/etc/kolla/certificates
CERTDIR=/root/certificates
CRT_NAME=server.crt
KEY_NAME=server.key
ROOT_CA=ca.pem
if [ -d $KOLLADIR ]; then
 echo "directory exist"
else
 echo "directory doesn't exist creating.."
 mkdir $KOLLADIR
fi
cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem
 if [ ! -f $KOLLADIR/haproxy-ca.crt ];
 then
 ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt
 fi
fi 
EOF

fix permissions and execute the script:

bash /root/certificates/merge

configure kolla-ansible

on physical host copy and pasted the following on your shell:

cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash 

VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10 
openstack-node4-debian10
openstack-node5-debian10
openstack-dns-debian10"

if [ $1 = start ]; 
then
for u in ${VMS}; do virsh start $u; done
fi  
 
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi

if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF

fix permissions:

chmod +x /usr/local/bin/openstack

start virtual machines using the script:

openstack start

connect to node1:

ssh root@192.168.88.58

download ovoxcloud-kolla script:

wget https://img.vidalinux.com/files/openstack/2024/ovoxcloud-kolla-2024.1 -O ./ovoxcloud-kolla --no-check-certificate

set file permissions:

chmod +x ovoxcloud-kolla

run initial-setup:

./ovoxcloud-kolla initial-setup

edit ovoxcloud-kolla and change the following:

REGISTRY="registry.ovox.io"
REGISTRY_PORT="5000"
REGISTRY_USER="registry"
REGISTRY_PASS="livinglavidalinux"

edit ansible host file /root/debian-kolla-2024.1/multinode

[control]
oscpnode1
oscpnode2
oscpnode3

[network]
oscpnode1
oscpnode2
oscpnode3

[compute]
oscpnode4
oscpnode5

[monitoring]
oscpnode1
oscpnode2
oscpnode3

[storage]
oscpnode1
oscpnode2
oscpnode3

copy ssh key to hosts:

./ovoxcloud-kolla copy-ssh-key

test ssh connection to nodes:

./ovoxcloud-kolla ping

setup disk partitions for ceph deployment:

./ovoxcloud-kolla ceph-disk-reset

deploy ceph cluster:

./ovoxcloud-kolla ceph-deploy

create ceph pools for openstack:

./ovoxcloud-kolla ceph-pool-openstack

configure ceph for openstack:

./ovoxcloud-kolla ceph-openstack

build openstack docker images:

./ovoxcloud-kolla build-images

edit /etc/default/docker and add the following:

DOCKER_OPTS="--config-file=/etc/docker/daemon.json"

add the following to docker daemon:

cat > /etc/docker/daemon.json << "EOF"
{ "insecure-registries":["http://registry.ovox.io:5000"] }
EOF

then restart docker service:

systemctl restart docker

and add the following to /etc/kolla/globals.yml:

docker_registry_insecure: yes

push images to local registry:

./ovoxcloud-kolla push-images

fix docker-registry repository name:

ssh root@oscpdns
cd /root/podman-registry/data/docker/registry/v2/repositories
ln -s kolla openstack.kolla

deploy openstack cluster:

./ovoxcloud-kolla openstack-deploy

run post deploy openstack:

./ovoxcloud-kolla openstack-post-deploy

openstack operation

create the following script to upload images to glance:

cat > /usr/local/bin/upload-image << "EOF"
#!/bin/bash 

if [ $# -eq 0 ]
  then
    echo "usage:"
    echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64"
    echo ""; exit
fi

if [ ! -f $1 ];
then
echo "file doesn't exist please try again.." && exit 1
fi

if [ -z "$2" ];
then
echo "please specify name for image" && exit 1
fi

source /root/admin-openrc.sh
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
exit 0
EOF

fix script permissions:

chmod +x /usr/local/bin/upload-image

download cirros image:

wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img

convert image from qcow2 to raw:

qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw

upload image to glance using script:

upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64

create the following script for creating flavors:

cat > /usr/local/bin/openstack-create-flavors << EOF
#!/bin/bash
openstack flavor create --id 1 --ram 1024 --swap 512  --disk 1 --vcpus 1 ovox.tiny
openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small
openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium
openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large
openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge
openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small
openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium
EOF

fix script permissions:

chmod +x /usr/local/bin/openstack-create-flavors 

create openstack flavors using script:

openstack-create-flavors

create openstack networks:

./ovoxcloud-kolla openstack-netcreate

references