OpenStack Reboot
And... time passes. Wow. I was getting back into it and noticed that I had left Day 7 as draft. Just clicked the publish button but that's more as a historical reminder for me than anything useful. Time has passed. The age of newton is gone and OpenStack is now (June 2017) all Ocata. I attended OpenStack summit in Boston and there are a lot of great plans for Pike, Queens and Rocky already in motion.I made a lot of undocumented progress on the previous iteration and we are pushing past proof of concept. There are still some unsettled issues but we'll address them as they come. Rather than attempting to upgrade the existing setup I'm going to wipe everything and start clean. I'll be going through the first part pretty fast just noting where the process has changed from Newton and go through the same "day" type setup so it's easy to reference backward and forward. This may be a tad lengthy and I'm not going to be format obsessed... just trying to catch up.
Day 1 - Still going with TripleO
My reasoning is unchanged. Openstack-Ansible is coming along nicely and a lot of good thoughts from using Puppet directly as well. However, in the end I'm sticking with TripleO. So there's also a couple of new goodies in TripleO that I was unaware of (shocking right?). These are:- Composable Roles - Rather than a single monolithic template, each service is encapsulated in a separate template allowing you to easily select which services are deployed/enabled on a particular role. There's a composable roles tutorial available: http://tripleo-docs.readthedocs.io/en/latest/tht_walkthrough/tht_walkthrough.html
- Split Stack (Deployed Server) - The basic idea is to split the configuration into two parts: 1) deploy baremetal nodes and not deploy any software configurations on those nodes; 2) Applying software configuration to deploy openstack on already deployed baremetal nodes (using the deployed-server-templates probably). The upshot of this from my viewpoint is that a lot of the BMC/IPMI issues may be dodgeable because you can manually deploy the baremetal and then let TripleO pick it up at the 2nd half. At least that's the theory. James Slagle did a deep dive on deployed-server: See https://openstack.nimeyo.com/112516/openstack-tripleo-deep-dive-thursday-1400-deployed-server
Day 2 - Deploying the Undercloud
Pretty much the exact same process on the exact same director hardware. Since this will be a more production-ish deploy some of the decisions have changed. Specifically I'll be deploying 3 controllers, 3 compute nodes and 3 ceph OSD nodes.Install CentOS 7 on the hardware. Once again leaving Gigabit 1 (eno1) off in favor of eno2 which will have DHCP client enabled. 'yum update' everything up to the latest and greatest. Unlike with the Newton install the Ocata install had no package conflicts.
sudo yum -y upgrade
sudo shutdown -r now
sudo useradd stack
sudo passwd # specify a password
echo "stack ALL=(root) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/stack
sudo chmod 0440 /etc/sudoers.d/stack
su -l stack # from here out we'll do things as the stack user
sudo hostnamectl set-hostname myhost.mydomain
sudo hostnamectl set-hostname --transient myhost.mydomain
vi /etc/hosts # set hostname on 127.0.0.1
sudo curl -L -o /etc/yum.repos.d/delorean-ocata.repo \
https://trunk.rdoproject.org/centos7-ocata/current/delorean.repo
sudo curl -L -o /etc/yum.repos.d/delorean-deps-ocata.repo \
https://trunk.rdoproject.org/centos7-ocata/delorean-deps.repo
sudo yum -y install --enablerepo=extras centos-release-ceph-jewel
sudo sed -i -e 's%gpgcheck=.*%gpgcheck=0%' /etc/yum.repos.d/CentOS-Ceph-Jewel.repo
sudo yum -y install yum-plugin-priorities
sudo yum install -y python-tripleoclient
cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf
The Ocata docs reference an online configuration wizard for the undercloud.conf. Its available at http://ucw-bnemec.rhcloud.com/ and is pretty sparse but does "generate sane values for a number of the important options". I ended up with this which I pasted into the bottom of my undercloud.conf file.
# Config generated by undercloud wizard
# Use these values in undercloud.conf
[DEFAULT]
undercloud_hostname = ostack-director.mydomain.com
local_interface = eno1
local_mtu = 1500
network_cidr = 192.168.50.0/24
masquerade_network = 192.168.50.0/24
local_ip = 192.168.50.1/24
network_gateway = 192.168.50.1
undercloud_public_host = 192.168.50.78
undercloud_admin_host = 192.168.50.79
undercloud_service_certificate =
generate_service_certificate = False
scheduler_max_attempts = 20
dhcp_start = 192.168.50.100
dhcp_end = 192.168.50.200
inspection_iprange = 192.168.50.80,192.168.50.99
# Deprecated names for compatibility with older releases
discovery_iprange = 192.168.50.80,192.168.50.99
undercloud_public_vip = 192.168.50.78
undercloud_admin_vip = 192.168.50.79
Finally...
$ openstack undercloud install
.
.
#############################################################################
Undercloud install complete.
The file containing this installation's passwords is at
/home/stack/undercloud-passwords.conf.
There is also a stackrc file at /home/stack/stackrc.
These files are needed to interact with the OpenStack services, and should be
secured.
#############################################################################
And a quick peak around at some of the networking...
[stack@ostack-director ~]$ source stackrc
[stack@ostack-director ~]$ openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| fd15b684-de12-4da0-a438-8e9600dace3d | ctlplane | d036ddb7-de9a-46fe-a4c7-e81e6bb08619 |
+--------------------------------------+----------+--------------------------------------+
[stack@ostack-director ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master ovs-system state DOWN qlen 1000
link/ether 00:1e:c9:2c:b9:88 brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1e:c9:2c:b9:8a brd ff:ff:ff:ff:ff:ff
inet 10.92.3.49/18 brd 10.92.63.255 scope global dynamic eno2
valid_lft 1282290sec preferred_lft 1282290sec
inet6 fe80::21e:c9ff:fe2c:b98a/64 scope link
valid_lft forever preferred_lft forever
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether d2:73:a4:4d:3d:dd brd ff:ff:ff:ff:ff:ff
5: br-ctlplane: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether 00:1e:c9:2c:b9:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.1/24 brd 192.168.50.255 scope global br-ctlplane
valid_lft forever preferred_lft forever
inet6 fe80::21e:c9ff:fe2c:b988/64 scope link
valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:d5:da:d2:ff brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
7: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 1a:a7:ef:d9:54:40 brd ff:ff:ff:ff:ff:ff
[stack@ostack-director ~]$ ip netns
qdhcp-fd15b684-de12-4da0-a438-8e9600dace3d
[stack@ostack-director ~]$ sudo ip netns exec qdhcp-fd15b684-de12-4da0-a438-8e9600dace3d ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
8: tap6dde9c03-b9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether fa:16:3e:15:cd:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.100/24 brd 192.168.50.255 scope global tap6dde9c03-b9
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe15:cd64/64 scope link
valid_lft forever preferred_lft forever
Day 6.5 - TripleO UI
Skipping ahead here a bit but it's worth it to get more validation that our install is good so far. So the puppet scripts bind port 3000 to the 192.168.50.1 IP Address we specified in undercloud.conf. Makes sense but not what I want. A quick look at the previous Day 6.5 will show you installing and configuring a proxy on the external/dhcp address. We do that again here. We can't just modify the httpd configuration because it'll want access to keystone on that same IP and that starts us down a path we don't want to follow. Squid will work for testing and later I'll just put in some routing. Either way the goal here is to get to where you can point our browser at http://ostack-director.mydomain.com:3000
Winner. The username and password can be found in the stackrc file:
OS_USERNAME=admin
OS_PASSWORD=${sudo hiera admin_password}
$ sudo hiera admin_password
d9b9e6db075ce13d3f2a2d83bc41e8d11039223e
Day 3 - Creating the Boot Images
export DIB_YUM_REPO_CONF="/etc/yum.repos.d/delorean*"export DIB_YUM_REPO_CONF="$DIB_YUM_REPO_CONF /etc/yum.repos.d/CentOS-Ceph-Jewel.repo"
export STABLE_RELEASE="ocata"
openstack overcloud image build --all
openstack overcloud image upload
Image "overcloud-full-vmlinuz" was uploaded.
Image "overcloud-full-initrd" was uploaded.
Image "overcloud-full" was uploaded.
Image "bm-deploy-kernel" was uploaded.
Image "bm-deploy-ramdisk" was uploaded.
$ openstack image list
| 9fc6c13f-a8a7-4b57-9cb0-5b7bc54d8611 | bm-deploy-kernel | active |
| 0a4af73e-d026-431c-839b-8bac39980113 | bm-deploy-ramdisk | active |
| 19b2546a-d2f2-4962-8c0c-72b68bb75311 | overcloud-full | active |
| 5ca4e749-f0e7-498d-9e6b-c4bbac3492bc | overcloud-full-initrd | active |
| 7342db7a-569d-4927-8f15-b69a90a80b57 | overcloud-full-vmlinuz | active |
And so ends Day 3 and the easy days...
No comments:
Post a Comment