环境准备

OpenStack-Ansible (OSA) 环境中的主机需要满足以下最低要求

  • Debian
    • Debian 10 (buster)
    • 内核 4.9.0-0-amd64 及以后
  • Ubuntu
    • Ubuntu 18.04 LTS
    • Ubuntu 20.04 LTS
    • 内核 4.15.0-0-generic 及以后
  • CentOS
    • CentOS 8
    • 内核 3.10.0 及以后
  • Secure Shell (SSH)
  • 网络时间协议(Network Time Protocol, NTP)客户端,例如 ntpd 或 chronyd
  • Python 3.6.*x* 或 3.7.*x*
  • 区域设置为 en_US.UTF-8

All-in-one (AIO) 单机部署的最低配置

  • CPU:8 Cores
  • 内存:8 GB
  • 硬盘:50 GB

鉴于我 VirtualBox 没装上 CentOS 8 ,本实验继续使用 Ubuntu 18.04 LTS 进行,配置了一块 NAT 模式的网卡。以下配置镜像源的流程同 OpenStack 单机部署 —— DevStack

更换 pip 源

在用户根目录创建文件夹 .pip ,添加配置文件 pip.conf

1
2
3
4
5
# 创建文件夹
cd && mkdir .pip && cd .pip

# 创建并编辑配置文件
sudo vim pip.conf

pip 源配置如下

1
2
3
4
[global]
timeout = 6000
index-url = http://mirrors.aliyun.com/pypi/simple/
trusted-host = mirrors.aliyun.com

更换 Ubuntu 源

备份源文件,再替换成清华的镜像源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 备份
sudo mv /etc/apt/sources.list /etc/apt/sources.list.bk

# 设置镜像源
sudo vim /etc/apt/sources.list

# 更新源
sudo apt update

# 升级
sudo apt dist-upgrade -y

# 重启
sudo reboot

镜像源设置如下

1
2
3
4
5
6
7
8
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

OpenStack-Ansible All-in-one 部署

下载 OpenStack-Ansible 仓库

使用 -b 指定下载的版本,这里选择下载 Ussuri 版本

1
2
3
4
5
6
7
# 下载 playbook
# git clone https://opendev.org/openstack/openstack-ansible -b stable/ussuri /opt/openstack-ansible
# git clone https://github.com/openstack/openstack-ansible.git -b stable/ussuri /opt/openstack-ansible
sudo git clone https://github.com.cnpmjs.org/openstack/openstack-ansible.git -b stable/ussuri /opt/openstack-ansible

# 进入文件夹
cd /opt/openstack-ansible

安装依赖

由于执行 git clone https://opendev.org/openstack/xxx 非常慢,所以先将配置文件进行修改,换一个下载源(github.com.cnpmjs.org

1
2
3
4
5
6
7
8
9
10
11
# 查看原文件
cat *.yml | grep opendev

# 修改下载路径
sudo sed -i "s/opendev/github\.com\.cnpmjs/" *.yml

# 观察到有从 github.com 下载的
cat *.yml | grep github

# 改为 github.com.cnpmjs.org
sudo sed -i "s/github\.com\//github\.com\.cnpmjs\.org\//" *.yml

执行目录下的脚本开始自动安装必要的软件包

1
2
# 执行安装脚本
sudo scripts/bootstrap-ansible.sh

执行完毕后输出的信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
...
PLAY RECAP ****************************************************************************************************************************

localhost : ok=6 changed=2 unreachable=0 failed=0 skipped=7 rescued=0 ignored=0

+ popd
/opt/openstack-ansible
+ unset ANSIBLE_LIBRARY
+ unset ANSIBLE_LOOKUP_PLUGINS
+ unset ANSIBLE_FILTER_PLUGINS
+ unset ANSIBLE_ACTION_PLUGINS
+ unset ANSIBLE_CALLBACK_PLUGINS
+ unset ANSIBLE_CALLBACK_WHITELIST
+ unset ANSIBLE_TEST_PLUGINS
+ unset ANSIBLE_VARS_PLUGINS
+ unset ANSIBLE_STRATEGY_PLUGINS
+ unset ANSIBLE_CONFIG
+ echo 'System is bootstrapped and ready for use.'
System is bootstrapped and ready for use.
jck@ubuntu1804:/opt/openstack-ansible$

准备配置文件

如果要启用待安装的 OpenStack 服务配置,则将文件夹下以 .aio 为后缀的文件改为 .yml

1
2
3
4
5
6
7
8
# 进入目录
cd /opt/openstack-ansible/

# 启用配置文件
cp etc/openstack_deploy/conf.d/{aodh,gnocchi,ceilometer}.yml.aio /etc/openstack_deploy/conf.d/

# 后缀改为 yml
for f in $(ls -1 /etc/openstack_deploy/conf.d/*.aio); do mv -v ${f} ${f%.*}; done

另外,也可以通过环境变量 SCENARIO 控制安装的服务,aio 包括 Glance、Nova、Neutron、Cinder、Horizon

1
2
# export SCENARIO='aio_lxc_barbican_ceph'
export SCENARIO='aio'

准备默认配置

1
2
# 执行脚本
sudo scripts/bootstrap-aio.sh

执行完毕后输出的信息,此时 ssh 连接被改为不允许用密码登录,如果重启就无法连上,可以修改 /etc/ssh/sshd_config 再重启服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
...
PLAY RECAP ****************************************************************************************************************************

localhost : ok=126 changed=59 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0



EXIT NOTICE [Playbook execution success] **************************************
===============================================================================
+ popd
/opt/openstack-ansible
+ unset ANSIBLE_INVENTORY
+ unset ANSIBLE_VARS_PLUGINS
+ unset HOST_VARS_PATH
+ unset GROUP_VARS_PATH
jck@ubuntu1804:/opt/openstack-ansible$

安装服务组件

执行 playbook 安装服务,官方给出的预估时间是 45-60 分钟(虚拟机+SSD)

1
2
3
4
5
6
7
8
# 进入目录
cd /opt/openstack-ansible/playbooks

# 执行 playbook
sudo apt install unzip
sudo openstack-ansible setup-hosts.yml
sudo openstack-ansible setup-infrastructure.yml
sudo openstack-ansible setup-openstack.yml

如果遇到下载失败,就换一个 url ,sudo sed -i "s/opendev/github\.com\.cnpmjs/" *.yml,输出比较长就不贴了。

安装完毕后可以测试不同的配置、运行单独的 playbook

1
2
3
4
5
# 进入目录
cd /opt/openstack-ansible/playbooks

# 安装 keystone
openstack-ansible os-keystone-install.yml

其他

重启后需要重新进行初始化

1
2
3
4
5
# 进入目录
cd /opt/openstack-ansible/playbooks

# 重新初始化
openstack-ansible -e galera_ignore_cluster_state=true galera-install.yml

问题解决

执行 scripts/bootstrap-aio.sh 提示空间不足

使用动态分配的虚拟机,需要对磁盘进行扩容

1
2
3
4
5
6
7
8
# 查看磁盘状况
df -h

# 扩容
sudo lvextend -L +20G /dev/mapper/ubuntu--vg-ubuntu--lv

# 刷新
sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv

TASK [lxc_hosts : Wait for base image download] 出错

使用 aria2c 下载镜像,尝试了 240 次之后失败退出,直接改用 wget 下载即可

1
2
3
4
5
# 查看日志
cat /var/log/aria2c-image-prestage.log

# 下载对应版本的镜像
sudo wget http://cdimage.ubuntu.com/ubuntu-base/releases/18.04.5/release/ubuntu-base-18.04.5-base-amd64.tar.gz /tmp/ubuntu-base-18.04.5-base-amd64.tar.gz

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.

Ubuntu 源认证不通过,这里直接把镜像源改成 http

1
2
3
4
5
6
7
8
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

参阅