Howto openstack kolla 2025: Difference between revisions
Jump to navigation
Jump to search
Mandulete1 (talk | contribs) |
Mandulete1 (talk | contribs) |
||
| Line 220: | Line 220: | ||
cat > /etc/hosts << EOF | cat > /etc/hosts << EOF | ||
127.0.0.1 localhost | 127.0.0.1 localhost | ||
10.10.88.58 oscpnode1 | |||
10.10.88.57 oscpnode2 | |||
10.10.88.56 oscpnode3 | |||
10.10.88.55 oscpnode4 | |||
10.10.88.54 oscpnode5 | |||
10.10.88.64 oscpdns registry | |||
192.168.88.244 openstack | 192.168.88.244 openstack | ||
10.10.88.244 openstack-int | 10.10.88.244 openstack-int | ||
Latest revision as of 08:09, 5 February 2025
setup host
enable nested kvm edit /etc/modprobe.d/kvm.conf:
# For Intel options kvm_intel nested=1 # # For AMD #options kvm_amd nested=1
if using rhel9 as host install the following repo:
dnf copr enable ligenix/enterprise-qemu-spice
then install libvirt and qemu-kvm:
yum install -y libvirt qemu-kvm guestfs-tools nbd
enable and start libvirtd daemon:
systemctl enable libvirtd && systemctl start libvirtd
create the following directory under /var/lib/libvirt/images:
mkdir /var/lib/libvirt/images/openstack cd /var/lib/libvirt/images/openstack
configure debian image
download debian bullseye:
wget http://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
for baremetal download the iso:
http://mirrors.ocf.berkeley.edu/debian-cd/12.9.0/amd64/iso-cd/debian-12.9.0-amd64-netinst.iso
resize cloud image:
cp debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2 qemu-img resize debian-12-generic-amd64_100G.qcow2 +98G
expand image partition:
virt-resize --expand /dev/sda1 debian-12-generic-amd64.qcow2 debian-12-generic-amd64_100G.qcow2
set root password for image:
virt-sysprep -a debian-12-generic-amd64_100G.qcow2 -q --root-password password:livinglavidalinux
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 debian-12-generic-amd64_100G.qcow2 kpartx -a /dev/nbd0 mkdir /mnt/cloudimg mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
add this parameters to grub configuration /etc/default/grub:
GRUB_CMDLINE_LINUX="biosdevname=0 net.ifnames=0"
update grub configuration:
update-grub
disable and remove systemd-networkd:
systemctl disable systemd-networkd.socket systemd-networkd \ systemd-networkd-wait-online
install legacy networking:
apt update && apt install -y ifupdown
remove netplan.io:
apt -y purge --auto-remove netplan.io
remove systemd-resolved:
apt -y purge --auto-remove systemd-resolved
setup ssh-server configuration:
dpkg-reconfigure openssh-server
change sshd config to allow root user and password connection:
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
update system:
apt update && apt upgrade -y
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
create nodes images
create storage images for openstack nodes:
cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node1.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node2.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node3.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node4.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-node5.qcow2 cp debian-12-generic-amd64_100G.qcow2 debian-12_openstack-dns.qcow2
create storage images for ceph cluster:
qemu-img create -f qcow2 ceph_storage_server1_1.img 100G qemu-img create -f qcow2 ceph_storage_server1_2.img 100G qemu-img create -f qcow2 ceph_storage_server1_3.img 100G qemu-img create -f qcow2 ceph_storage_server1_4.img 100G qemu-img create -f qcow2 ceph_storage_server2_1.img 100G qemu-img create -f qcow2 ceph_storage_server2_2.img 100G qemu-img create -f qcow2 ceph_storage_server2_3.img 100G qemu-img create -f qcow2 ceph_storage_server2_4.img 100G qemu-img create -f qcow2 ceph_storage_server3_1.img 100G qemu-img create -f qcow2 ceph_storage_server3_2.img 100G qemu-img create -f qcow2 ceph_storage_server3_3.img 100G qemu-img create -f qcow2 ceph_storage_server3_4.img 100G
download virtual machines xml:
wget https://img.vidalinux.com/files/openstack/2025/XML/openstack-node1-debian12-2025.1.xml wget https://img.vidalinux.com/files/openstack/2025/XML/openstack-node2-debian12-2025.1.xml wget https://img.vidalinux.com/files/openstack/2025/XML/openstack-node3-debian12-2025.1.xml wget https://img.vidalinux.com/files/openstack/2025/XML/openstack-node4-debian12-2025.1.xml wget https://img.vidalinux.com/files/openstack/2025/XML/openstack-node5-debian12-2025.1.xml wget https://img.vidalinux.com/files/openstack/2025/XML/openstack-dns-debian12-2025.1.xml
import virtual machines:
virsh define openstack-node1-debian12-2025.1.xml virsh define openstack-node2-debian12-2025.1.xml virsh define openstack-node3-debian12-2025.1.xml virsh define openstack-node4-debian12-2025.1.xml virsh define openstack-node5-debian12-2025.1.xml virsh define openstack-dns-debian12-2025.1.xml
download virtual networks xml:
wget https://img.vidalinux.com/files/openstack/2025/XML/oscpiso-net-2025.1.xml wget https://img.vidalinux.com/files/openstack/2025/XML/publiciso-net-2025.1.xml
import virtual networks:
virsh net-define oscpiso-net-2025.1.xml virsh net-define publiciso-net-2025.1.xml
start virtual networks:
virsh net-start oscpiso virsh net-start publiciso
download iptables rules:
wget https://img.vidalinux.com/files/openstack/2025/iptables-default-isolate-libvirt-openstack.sh
fix permissions and execute script:
chmod +x iptables-default-isolate-libvirt-openstack.sh ./iptables-default-isolate-libvirt-openstack.sh
configure dns node
mount cloud image to pre-configure network:
modprobe nbd qemu-nbd -c /dev/nbd0 debian-12_openstack-dns.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.64/24 gateway 192.168.88.1 dns-nameservers 4.2.2.1 dns-nameservers 4.2.2.2 # eth2 iface eth2 inet static address 10.10.88.64/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
virsh start openstack-dns-debian12
connect to node1 using ssh:
ssh root@192.168.88.64
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 4.2.2.1 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpdns
set timezone:
timedatectl set-timezone America/Puerto_Rico
install dnsmasq:
apt-get update apt-get install dnsmasq net-tools dnsutils -y
configure dnsmasq:
cat > /etc/dnsmasq.conf << EOF listen-address=127.0.0.1,192.168.88.64 interface=eth1 expand-hosts domain=ovox.io server=4.2.2.1 server=4.2.2.2 address=/oscpnode1/10.10.88.58 address=/oscpnode2/10.10.88.57 address=/oscpnode3/10.10.88.56 address=/oscpnode4/10.10.88.55 address=/oscpnode5/10.10.88.54 address=/oscpdns/10.10.88.64 address=/openstack-int/10.10.88.244 address=/openstack/192.168.88.244 EOF
configure /etc/hosts:
cat > /etc/hosts << EOF 127.0.0.1 localhost 10.10.88.58 oscpnode1 10.10.88.57 oscpnode2 10.10.88.56 oscpnode3 10.10.88.55 oscpnode4 10.10.88.54 oscpnode5 10.10.88.64 oscpdns registry 192.168.88.244 openstack 10.10.88.244 openstack-int EOF
enable and restart dnsmasq:
systemctl enable dnsmasq systemctl restart dnsmasq
local registry
install podman packages:
apt-get -y install podman podman-compose
add the following registries to /etc/containers/registries.conf
cat >> /etc/containers/registries.conf << "EOF" [registries.search] registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] EOF
create registry directory:
mkdir ~/podman-registry cd ~/podman-registry
compose file to create registry:
cat > podman-compose.yml << EOF
version: '3'
services:
registry:
restart: always
image: registry:2
container_name: registry
ports:
- "5000:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
TZ: America/Puerto_Rico
volumes:
- ~/podman-registry/auth:/auth
- ~/podman-registry/data:/data
EOF
create password file:
mkdir ~/podman-registry/auth podman run --rm --entrypoint htpasswd httpd:2 -Bbn registry livinglavidalinux > ~/podman-registry/auth/htpasswd
run the registry by executing:
podman-compose up -d
as root user edit /etc/containers/registries.conf:
cat >> /etc/containers/registries.conf << "EOF" [registries.insecure] registries = ['registry.ovox.io'] EOF
log in to a private registry:
podman login registry.ovox.io:5000 -u registry -p livinglavidalinux
configure node1
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node1.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node1:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.58/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.58/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node1 virtual machine:
virsh start openstack-node1-debian12
connect to node1 using ssh:
ssh root@192.168.88.58
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode1
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node2
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node2.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node2:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.57/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.57/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node2 virtual machine:
virsh start openstack-node2-debian12
connect to node2 using ssh:
ssh root@192.168.88.57
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode2
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node3
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node3.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node3:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.56/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.56/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node3 virtual machine:
virsh start openstack-node3-debian12
connect to node3 using ssh:
ssh root@192.168.88.56
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode3
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node4
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node4.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node4:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.55/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.55/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node4 virtual machine:
virsh start openstack-node4-debian12
connect to node1 using ssh:
ssh root@192.168.88.55
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode4
set timezone:
timedatectl set-timezone America/Puerto_Rico
configure node5
mount cloud image to pre-configure network:
qemu-nbd -c /dev/nbd0 debian-12_openstack-node5.qcow2 kpartx -a /dev/nbd0 mount /dev/mapper/nbd0p3 /mnt/cloudimg mount -t proc none /mnt/cloudimg/proc mount -t sysfs none /mnt/cloudimg/sys mount -o bind /dev /mnt/cloudimg/dev mount -o bind /dev/pts /mnt/cloudimg/dev/pts mount -o bind /run /mnt/cloudimg/run/ mount --bind /etc/resolv.conf /mnt/cloudimg/etc/resolv.conf
enter debian node environment using chroot:
chroot /mnt/cloudimg
inside debian environment load the following profile:
source /etc/profile export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
configure network on node5:
cat > /etc/network/interfaces << EOF auto lo eth0 eth1 eth2 eth3 iface lo inet loopback # eth0 iface eth0 inet manual up ip link set dev eth0 up down ip link set dev eth0 down # eth1 iface eth1 inet static address 192.168.88.54/24 gateway 192.168.88.1 dns-nameservers 192.168.88.64 # eth2 iface eth2 inet static address 10.10.88.54/24 # eth3 iface eth3 inet manual up ip link set dev eth3 up down ip link set dev eth3 down EOF
exit chroot:
exit
umount image when finish configuration:
umount /mnt/cloudimg/etc/resolv.conf umount /mnt/cloudimg/proc umount /mnt/cloudimg/dev/pts umount /mnt/cloudimg/dev umount /mnt/cloudimg/run umount /mnt/cloudimg/sys umount /mnt/cloudimg nbd-client -d /dev/nbd0 dmsetup remove /dev/mapper/nbd0p1 dmsetup remove /dev/mapper/nbd0p2 dmsetup remove /dev/mapper/nbd0p3
start node5 virtual machine:
virsh start openstack-node5-debian12
connect to node1 using ssh:
ssh root@192.168.88.54
remove /etc/resolv.conf file:
rm /etc/resolv.conf
set nameservers:
cat > /etc/resolv.conf << EOF nameserver 192.168.88.64 nameserver 4.2.2.2 EOF
set hostname:
hostnamectl set-hostname oscpnode5
set timezone:
timedatectl set-timezone America/Puerto_Rico
create ssl certificates
create directory for certificates:
mkdir /root/certificates && cd /root/certificates
create your own ssl certs:
openssl genrsa -out server.key 3072
create certificate csr:
openssl req -new -key server.key -out server.csr
fill the following blanks:
Country Name (2 letter code) []: US State or Province Name (full name) []: Puerto Rico Locality Name (eg, city) []: San Juan Organization Name (eg, company) []: OVOX LLC Organizational Unit Name (eg, section) []: Cloud Consulting Common Name (eg, your name or your server's hostname) []: openstack.ovox.io Email Address []: email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: just press enter An optional company name []: just press enter
create the certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
create root certificate:
openssl req -x509 -new -nodes -key server.key -sha256 -out ca.pem
fill the following blanks:
Country Name (2 letter code) []: US State or Province Name (full name) []: Puerto Rico Locality Name (eg, city) []: San Juan Organization Name (eg, company) []: OVOX LLC. Organizational Unit Name (eg, section) []: Cloud Consulting Common Name (eg, your name or your server's hostname) []: openstack.ovox.io Email Address []: email@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: just press enter An optional company name []: just press enter
use the following script to merge root certificates and then copy to kolla config:
cat > /root/certificates/merge << "EOF" TMPDIR=/tmp KOLLADIR=/etc/kolla/certificates CERTDIR=/root/certificates CRT_NAME=server.crt KEY_NAME=server.key ROOT_CA=ca.pem if [ ! -d $KOLLADIR ]; then mkdir $KOLLADIR -p fi cat $CERTDIR/$KEY_NAME $CERTDIR/$CRT_NAME > $KOLLADIR/haproxy.pem if [ ! -f $KOLLADIR/haproxy-ca.crt ]; then ln -s $KOLLADIR/haproxy.pem $KOLLADIR/haproxy-ca.crt fi EOF
execute the script:
bash /root/certificates/merge
configure kolla-ansible
on physical host copy and pasted the following on your shell:
cat > /usr/local/bin/openstack << "EOF"
#!/bin/bash
VMS="openstack-node1-debian10
openstack-node2-debian10
openstack-node3-debian10
openstack-node4-debian10
openstack-node5-debian10
openstack-dns-debian10"
if [ $1 = start ];
then
for u in ${VMS}; do virsh start $u; done
fi
if [ $1 = destroy ];
then
for u in ${VMS}; do virsh destroy $u; done
fi
if [ $1 = shutdown ];
then
for u in ${VMS}; do virsh shutdown $u; done
fi
EOF
fix permissions:
chmod +x /usr/local/bin/openstack
start virtual machines using the script:
openstack start
connect to node1:
ssh root@192.168.88.58
download ovoxcloud-kolla script:
wget https://img.vidalinux.com/files/openstack/2025/ovoxcloud-kolla-2025.1 -O ./ovoxcloud-kolla --no-check-certificate
set file permissions:
chmod +x ovoxcloud-kolla
run ceph-initial-setup:
./ovoxcloud-kolla ceph-initial-setup
run kolla-initial-setup:
./ovoxcloud-kolla kolla-initial-setup
edit ovoxcloud-kolla and change the following:
REGISTRY="registry.ovox.io" REGISTRY_PORT="5000" REGISTRY_USER="registry" REGISTRY_PASS="livinglavidalinux"
edit ansible host file /root/debian-kolla-2024.2/multinode
[control] oscpnode1 oscpnode2 oscpnode3 [network] oscpnode1 oscpnode2 oscpnode3 [compute] oscpnode4 oscpnode5 [monitoring] oscpnode1 oscpnode2 oscpnode3 [storage] oscpnode1 oscpnode2 oscpnode3
copy ssh key to hosts:
./ovoxcloud-kolla copy-ssh-key
test ssh connection to nodes:
./ovoxcloud-kolla ping
setup disk partitions for ceph deployment:
./ovoxcloud-kolla ceph-disk-reset
deploy ceph cluster:
./ovoxcloud-kolla ceph-deploy
create ceph pools for openstack:
./ovoxcloud-kolla ceph-pool-openstack
configure ceph for openstack:
./ovoxcloud-kolla ceph-openstack
build openstack docker images:
./ovoxcloud-kolla build-images
add local registry to insecure registries:
cat > /etc/docker/daemon.json << 'EOF'
{ "insecure-registries":["registry.ovox.io:5000"] }
EOF
add daemon.json to docker opts:
cat >> /etc/default/docker << 'EOF' DOCKER_OPTS="--config-file=/etc/docker/daemon.json" EOF
restart docker daemon:
systemctl restart docker
login to docker registry:
docker login registry.ovox.io:5000 -u registry -p livinglavidalinux
push images to local registry:
./ovoxcloud-kolla push-images
deploy openstack cluster:
./ovoxcloud-kolla openstack-deploy
run post deploy openstack:
./ovoxcloud-kolla openstack-post-deploy
openstack operation
create the following script to upload images to glance:
cat > /usr/local/bin/upload-image << "EOF"
#!/bin/bash
if [ $# -eq 0 ]
then
echo "usage:"
echo "upload-image /home/pedro/bionic-server-cloudimg-amd64.img ubuntu-20.04-x86_64"
echo ""; exit
fi
if [ ! -f $1 ];
then
echo "file doesn't exist please try again.." && exit 1
fi
if [ -z "$2" ];
then
echo "please specify name for image" && exit 1
fi
source /root/admin-openrc.sh
glance image-create --name="$2" --visibility public --disk-format raw --container-format bare --progress --file $1
exit 0
EOF
fix script permissions:
chmod +x /usr/local/bin/upload-image
download cirros image:
wget https://github.com/cirros-dev/cirros/releases/download/0.6.1/cirros-0.6.1-x86_64-disk.img
convert image from qcow2 to raw:
qemu-img convert -f qcow2 -O raw -p cirros-0.6.1-x86_64-disk.img cirros-0.6.1-x86_64-disk.raw
upload image to glance using script:
upload-image /root/cirros-0.6.1-x86_64-disk.raw cirros-0.6.1-x86_64
create the following script for creating flavors:
cat > /usr/local/bin/openstack-create-flavors << EOF #!/bin/bash openstack flavor create --id 1 --ram 1024 --swap 512 --disk 1 --vcpus 1 ovox.tiny openstack flavor create --id 2 --ram 2048 --swap 1024 --disk 10 --vcpus 1 ovox.small openstack flavor create --id 3 --ram 4096 --swap 2048 --disk 50 --vcpus 2 ovox.medium openstack flavor create --id 4 --ram 8192 --swap 4096 --disk 100 --vcpus 4 ovox.large openstack flavor create --id 5 --ram 16384 --swap 8192 --disk 200 --vcpus 8 ovox.xlarge openstack flavor create --id 8 --ram 4096 --disk 35 --vcpus 2 windows.small openstack flavor create --id 9 --ram 8192 --disk 50 --vcpus 2 windows.medium EOF
fix script permissions:
chmod +x /usr/local/bin/openstack-create-flavors
enable openstack variable and python enviroment:
active-kolla-ansible source /root/admin-openrc.sh
create openstack flavors using script:
openstack-create-flavors
create openstack networks:
./ovoxcloud-kolla openstack-netcreate
commands
list images in pool
rbd -p images ls
remove image
rbd rm images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap
list snapshots
rbd -p images snap ls 71b60aee-143c-44a7-8a49-d51e21ea3c70
unprotect snapshot
rbd snap unprotect images/71b60aee-143c-44a7-8a49-d51e21ea3c70@snap
purge snapshot
rbd snap purge images/71b60aee-143c-44a7-8a49-d51e21ea3c70
remove glance image script:
cat > /usr/local/bin/remove-glance-image << "EOF"
#!/bin/bash
docker exec -it ceph-mgr-oscpnode1 rbd snap unprotect images/${1}@snap
docker exec -it ceph-mgr-oscpnode1 rbd snap purge images/${1}
openstack image delete ${1}
EOF
references
- https://docs.openstack.org/kolla-ansible/2024.1
- https://docs.openstack.org/kolla-ansible/2024.1/user/virtual-environments.html
- https://docs.openstack.org/kolla-ansible/2024.1/reference/storage/external-ceph-guide.html
- https://jamesbenson.weebly.com/blog/deploying-openstack-kolla-with-ceph-and-swift
- https://hackmd.io/@yujungcheng/Hyu623GKi
- https://github.com/Dineshk1205/openstackmultinode/blob/main/openstackmultinodeprep.sh
- https://docs.openstack.org/skyline-console/latest