Howto openstack kolla 2024: Difference between revisions
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
Line 649: | Line 649: | ||
KOLLADIR=/etc/kolla/certificates | KOLLADIR=/etc/kolla/certificates | ||
CERTDIR=/root/certificates | CERTDIR=/root/certificates | ||
CRT_NAME=server.crt | CRT_NAME=server.crt | ||
KEY_NAME=server.key | KEY_NAME=server.key | ||
ROOT_CA=ca.pem | ROOT_CA=ca.pem | ||
if [ -d $KOLLADIR ]; then | if [ -d $KOLLADIR ]; then | ||
echo "directory exist" | echo "directory exist" |
Revision as of 22:11, 12 September 2024
setup host
enable nested kvm edit /etc/modprobe.d/kvm.conf:
# For Intel options kvm_intel nested=1 # # For AMD #options kvm_amd nested=1
if using rhel9 as host install the following repo:
dnf copr enable ligenix/enterprise-qemu-spice
then install libvirt and qemu-kvm:
yum install -y libvirt qemu-kvm guestfs-tools nbd
enable and start libvirtd daemon:
systemctl enable libvirtd && systemctl start libvirtd
create the following directory under /var/lib/libvirt/images:
mkdir /var/lib/libvirt/images/openstack cd /var/lib/libvirt/images/openstack
configure debian image
download debian bullseye:
wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
for baremetal download the iso:
http://mirrors.ocf.berkeley.edu/debian-cd/12.7.0/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso
resize cloud image:
cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2 qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G
expand image partition:
virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
set root password for image:
virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2 kpartx -a /dev/nbd0 mkdir /mnt/cloudimg mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
disable and remove systemd-networkd:
systemctl disable systemd-networkd.socket systemd-networkd \ systemd-networkd-wait-online
install legacy networking:
apt install -y ifupdown
remove netplan.io:
apt -y purge --auto-remove netplan.io
remove systemd-resolved:
apt -y purge --auto-remove systemd-resolved
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
update system:
apt update && apt upgrade -y
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
create nodes images
create storage images for openstack nodes:
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2
create storage images for ceph cluster:
qemu-img create -f qcow2 ceph_storage_server1_1.img 100G qemu-img create -f qcow2 ceph_storage_server1_2.img 100G qemu-img create -f qcow2 ceph_storage_server1_3.img 100G qemu-img create -f qcow2 ceph_storage_server1_4.img 100G qemu-img create -f qcow2 ceph_storage_server2_1.img 100G qemu-img create -f qcow2 ceph_storage_server2_2.img 100G qemu-img create -f qcow2 ceph_storage_server2_3.img 100G qemu-img create -f qcow2 ceph_storage_server2_4.img 100G qemu-img create -f qcow2 ceph_storage_server3_1.img 100G qemu-img create -f qcow2 ceph_storage_server3_2.img 100G qemu-img create -f qcow2 ceph_storage_server3_3.img 100G qemu-img create -f qcow2 ceph_storage_server3_4.img 100G
download virtual machines xml:
wget https://img.vidalinux.com/files/openstack/XML/openstack-node1-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node2-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node3-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node4-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-node5-debian10-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/openstack-dns-debian10-2023-05-16.xml
import virtual machines:
virsh define openstack-node1-debian10-2023-05-16.xml virsh define openstack-node2-debian10-2023-05-16.xml virsh define openstack-node3-debian10-2023-05-16.xml virsh define openstack-node4-debian10-2023-05-16.xml virsh define openstack-node5-debian10-2023-05-16.xml virsh define openstack-dns-debian10-2023-05-16.xml
download virtual networks xml:
wget https://img.vidalinux.com/files/openstack/XML/oscpiso-net-2023-05-16.xml wget https://img.vidalinux.com/files/openstack/XML/publiciso-net-2023-05-16.xml
import virtual networks:
virsh net-define oscpiso-net-2023-05-16.xml virsh net-define publiciso-net-2023-05-16.xml
start virtual networks:
virsh net-start oscpiso virsh net-start publiciso
download iptables rules:
wget https://img.vidalinux.com/files/openstack/iptables-default-isolate-libvirt-openstack.sh
fix permissions and execute script:
chmod +x iptables-default-isolate-libvirt-openstack.sh ./iptables-default-isolate-libvirt-openstack.sh
configure dns node
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.64/24 gateway 192.168.88.1 dns-nameservers 4.2.2.1 dns-nameservers 4.2.2.2 # eth2 iface eth2 inet static address 10.10.88.64/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
virsh start openstack-dns-debian10
connect to node1 using ssh:
ssh root@192.168.88.64
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 4.2.2.1 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpdns
set timezone:
timedatectl set-timezone America/Puerto_Rico
install dnsmasq:
apt-get update apt-get install dnsmasq net-tools dnsutils -y
configure dnsmasq:
cat > /etc/dnsmasq.conf << EOF listen-address=127.0.0.1,192.168.88.64 interface=eth1 expand-hosts domain=ovox.io server=4.2.2.1 server=4.2.2.2 address=/oscpnode1/10.10.88.58 address=/oscpnode2/10.10.88.57 address=/oscpnode3/10.10.88.56 address=/oscpnode4/10.10.88.55 address=/oscpnode5/10.10.88.54 address=/oscpdns/10.10.88.64 address=/openstack-int/10.10.88.244 address=/openstack/192.168.88.244 EOF
configure /etc/hosts:
cat > /etc/hosts << EOF 127.0.0.1 localhost 192.168.88.58 oscpnode1 192.168.88.57 oscpnode2 192.168.88.56 oscpnode3 192.168.88.55 oscpnode4 192.168.88.54 oscpnode5 192.168.88.64 oscpdns registry 192.168.88.244 openstack 10.10.88.244 openstack-int EOF
enable and restart dnsmasq:
systemctl enable dnsmasq systemctl restart dnsmasq
local registry
install podman packages:
apt-get -y install podman podman-compose
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF" [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] EOF
create registry directory:
mkdir ~/podman-registry cd ~/podman-registry
compose file to create registry:
cat > podman-compose.yml << EOF version: '3' services: registry: restart: always image: registry:2 container_name: registry ports: - "5000:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data TZ: America/Puerto_Rico volumes: - ~/podman-registry/auth:/auth - ~/podman-registry/data:/data EOF
create password file:
mkdir ~/podman-registry/auth podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd
run the registry by executing:
podman-compose up -d
as root user edit /etc/containers/registries.conf:
cat >> /etc/containers/registries.conf << "EOF" [registries.insecure] registries = ['registry.ovox.io'] EOF
log in to a private registry:
podman login registry.ovox.io:5000 -u registry -p livinglavidalinux
configure node1
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.58/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.58/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
virsh start openstack-node1-debian10
connect to node1 using ssh:
ssh root@192.168.88.58
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode1
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node2
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node2:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.57/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.57/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node2 virtual machine:
virsh start openstack-node2-debian10
connect to node2 using ssh:
ssh root@192.168.88.57
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode2
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node3
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node3:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.56/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.56/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node3 virtual machine:
virsh start openstack-node3-debian10
connect to node3 using ssh:
ssh root@192.168.88.56
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode3
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node4
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node4:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.55/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.55/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node4 virtual machine:
virsh start openstack-node4-debian10
connect to node1 using ssh:
ssh root@192.168.88.55
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode4
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node5
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node5:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.54/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.54/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node5 virtual machine:
virsh start openstack-node5-debian10
connect to node1 using ssh:
ssh root@192.168.88.54
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode5
set timezone:
timedatectl set-timezone America/Puerto_Rico
create ssl certificates
create directory for certificates:
mkdir /root/certificates && cd /root/certificates
create your own ssl certs:
openssl genrsa -out server.key 3072
create certificate csr:
openssl req -new -key server.key -out server.csr
fill the following blanks:
Country Name (2 letter code) []: US State or Province Name (full name) []: Puerto Rico Locality Name (eg, city) []: San Juan Organization Name (eg, company) []: OVOX LLC Organizational Unit Name (eg, section) []: Cloud Consulting Common Name (eg, your name or your server's hostname) []: openstack.ovox.io Email Address []: email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: just press enter An optional company name []: just press enter
create the certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
create root certificate:
openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem
fill the following blanks:
Country Name (2 letter code) []: US State or Province Name (full name) []: Puerto Rico Locality Name (eg, city) []: San Juan Organization Name (eg, company) []: OVOX LLC. Organizational Unit Name (eg, section) []: Cloud Consulting Common Name (eg, your name or your server's hostname) []: openstack.ovox.io Email Address []: email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: just press enter An optional company name []: just press enter
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF" TMPDIR=/tmp KOLLADIR=/etc/kolla/certificates CERTDIR=/root/certificates CRT_NAME=server.crt KEY_NAME=server.key ROOT_CA=ca.pem if [ -d $KOLLADIR ]; then echo "directory exist" else echo "directory doesn't exist creating.." mkdir $KOLLADIR fi cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem if [ ! -f $KOLLADIR/haproxy-ca.crt ]; then ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt fi fi EOF
fix permissions and execute the script:
bash /root/certificates/merge
configure kolla-ansible
on physical host copy and pasted the following on your shell:
cat > /usr/local/bin/openstack << "EOF" #!/bin/bash VMS="openstack-node1-debian10 openstack-node2-debian10 openstack-node3-debian10 openstack-node4-debian10 openstack-node5-debian10 openstack-dns-debian10" if [ $1 = start ]; then for u in ${VMS}; do virsh start $u; done fi if [ $1 = destroy ]; then for u in ${VMS}; do virsh destroy $u; done fi if [ $1 = shutdown ]; then for u in ${VMS}; do virsh shutdown $u; done fi EOF
fix permissions:
chmod +x /usr/local/bin/openstack
start virtual machines using the script:
openstack start
connect to node1:
ssh root@192.168.88.58
download ovoxcloud-kolla script:
wget https://img.vidalinux.com/files/openstack/2024/ovoxcloud-kolla-2024.1 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
chmod +x ovoxcloud-kolla
run initial-setup:
./ovoxcloud-kolla initial-setup
edit ovoxcloud-kolla and change the following:
REGISTRY="registry.ovox.io" REGISTRY_PORT="5000" REGISTRY_USER="registry" REGISTRY_PASS="livinglavidalinux"
edit ansible host file /root/debian-kolla-2024.1/multinode
[control] oscpnode1 oscpnode2 oscpnode3 [network] oscpnode1 oscpnode2 oscpnode3 [compute] oscpnode4 oscpnode5 [monitoring] oscpnode1 oscpnode2 oscpnode3 [storage] oscpnode1 oscpnode2 oscpnode3
copy ssh key to hosts:
./ovoxcloud-kolla copy-ssh-key
test ssh connection to nodes:
./ovoxcloud-kolla ping
setup disk partitions for ceph deployment:
./ovoxcloud-kolla ceph-disk-reset
deploy ceph cluster:
./ovoxcloud-kolla ceph-deploy
create ceph pools for openstack:
./ovoxcloud-kolla ceph-pool-openstack
configure ceph for openstack:
./ovoxcloud-kolla ceph-openstack
build openstack docker images:
./ovoxcloud-kolla build-images
edit /etc/default/docker and add the following:
DOCKER_OPTS="--config-file=/etc/docker/daemon.json"
add the following to docker daemon:
cat > /etc/docker/daemon.json << "EOF" { "insecure-registries":["http://registry.ovox.io:5000"] } EOF
then restart docker service:
systemctl restart docker
and add the following to /etc/kolla/globals.yml:
docker_registry_insecure: yes
push images to local registry:
./ovoxcloud-kolla push-images
fix docker-registry repository name:
ssh root@oscpdns cd /root/podman-registry/data/docker/registry/v2/repositories ln -s kolla openstack.kolla
deploy openstack cluster:
./ovoxcloud-kolla openstack-deploy
run post deploy openstack:
./ovoxcloud-kolla openstack-post-deploy
openstack operation
create the following script to upload images to glance:
cat > /usr/local/bin/upload-image << "EOF" #!/bin/bash if [ $# -eq 0 ] then echo "usage:" echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64" echo ""; exit fi if [ ! -f $1 ]; then echo "file doesn't exist please try again.." && exit 1 fi if [ -z "$2" ]; then echo "please specify name for image" && exit 1 fi source /root/admin-openrc.sh glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1 exit 0 EOF
fix script permissions:
chmod +x /usr/local/bin/upload-image
download cirros image:
wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img
convert image from qcow2 to raw:
qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw
upload image to glance using script:
upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64
create the following script for creating flavors:
cat > /usr/local/bin/openstack-create-flavors << EOF #!/bin/bash openstack flavor create --id 1 --ram 1024 --swap 512 --disk 1 --vcpus 1 ovox.tiny openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium EOF
fix script permissions:
chmod +x /usr/local/bin/openstack-create-flavors
create openstack flavors using script:
openstack-create-flavors
create openstack networks:
./ovoxcloud-kolla openstack-netcreate