|
|
一、系统环境
, S% {+ d" U5 j% @, K$ p% Mroot@server:~# cat /etc/lsb-release5 b! q0 |6 z! b& }8 c1 E8 r; S
DISTRIB_ID=Ubuntu
$ J, f& f' @" c3 MDISTRIB_RELEASE=22.04" S* N/ Q+ M% s2 o& _# f) R" ]
DISTRIB_CODENAME=jammy" N" b8 r) @' E; B' l* v3 t# w5 T0 i l
DISTRIB_DESCRIPTION="Ubuntu 22.04.5 LTS"& {- b, P' ]5 D( [2 @
; R& ^3 ?. T z. ?* ^! r' Xroot@server:~# python3 --version
# ^' ~ \4 F' T0 _6 i4 I; x% V$ HPython 3.10.12
0 S% \! D; ]+ N+ ^0 j; d* \" t, P- X3 X2 R
root@server:~# pip --version# i7 I: E8 Y# L8 u
pip 22.0.2 from /usr/lib/python3/dist-packages/pip (python 3.10)
7 j; l4 o# A! r7 _& j' R4 o7 k( W# W, W2 J" m! _- o. M! s
root@server:~# pip3 --version U( P _- {7 H& f6 b5 M# U
pip 22.0.2 from /usr/lib/python3/dist-packages/pip (python 3.10)1 n; |5 Y& u) Z; B; p4 l2 x6 v
* H& H9 z# z( Z% k5 I" t3 D
root@server:~# docker --version
! M1 c; e+ W& P' {+ }Docker version 27.2.1, build 9e34c9b
0 D/ y0 N1 _6 ?/ z0 T6 } 最小硬件要求
. | T( w" ^4 h; F& b
b. {" @5 R: S9 k9 C" L2 network interfaces/ V* c- X& [% N7 `, w; g
7 i; K6 K8 l/ m) v% l- V
8GB main memory# ^; i9 l" J; E3 V* \' r
% T* p# n7 A# G: |! l, g+ X40GB disk space
# ]( p& ?0 s2 s; P: ~: y! a k二、openstack版本时间列表' y' E! [4 t. d9 Y, x
请阅览$ U% D( z7 V* P; j/ Q" z9 w
官方文档:OpenStack Releases: OpenStack Releases
. }8 Z1 k. f( b0 l2 ?
9 D, h1 W% m$ u: d5 `8 P三、安装步骤" x# ~6 [: u- n3 A
1、更新安装源. J0 v; i9 I) O& M4 I4 i
sudo apt update+ r- S7 s2 H6 e( n/ P3 Z
2、安装python依赖库 M P, @7 N: E6 T- ^5 G; C0 F
sudo apt install git python3-dev libffi-dev gcc libssl-dev -y4 h3 _: @7 ]8 ]) |- ^' Q) A2 A' t3 b
*在第二步安装完成后,官方文档建议使用python虚拟环境; j" W0 v5 Y" G4 `5 e: T
! \+ N! }7 x! [7 Z8 Ipython3-venv
" d0 W" C9 D( t实际安装中,启用虚拟环境会出现一些文件和依赖库找不到的情况,有科学上网的情况下不使用python虚拟环境更容易成功。
, ~- q! z0 s1 `0 r$ {" ]5 O; O/ z3、更新Pip
0 @+ E5 b/ N; K7 Epip install -U pip
5 z- D Y) j/ F3 a6 k0 a6 V4、安装ansible,*此步有版本兼容要求 ,详细查看官方文档
1 {" A+ r1 }. Y6 Y* ]+ M9 dpip install 'ansible-core>=2.14,<2.16'
( m$ c/ z' t) s z3 u5 g( \3 e& t% K
5、 安装kolla-ansible,*有科学上网速度更快,更易成功。
" U' z( F& F+ O1 S7 q# D$ \pip install git+https://opendev.org/openstack/kolla-ansible@stable/2023.2
6 N$ W0 u% i- X5 Q4 L" Z验证' L. y8 Z% v* T$ Z' p
6 f) G1 {8 @# A" ^4 ?; eroot@server:~# kolla-ansible --version
$ x# D7 l. V/ x1 ` u! T3 q17.5.1& n7 q/ U d) |% F
: y7 N& m0 I6 T) N$ O5 j! J* i6、创建/etc/kolla目录
1 b( u8 F# M% b, R5 D7 @sudo mkdir -p /etc/kolla! V* O) c7 P6 _. J4 |
sudo chown $USER:$USER /etc/kolla: ~& k. @7 L% g' e8 J2 Y. l' Z
7、复制globals.yml和passwords.yml至/etc/kolla目录。% ~6 ^4 o) n+ _ Q/ ?
cp -r /usr/local/share/kolla-ansible/etc_examples/kolla/* /etc/kolla2 O/ f. o' T3 l
7 e1 A9 l( Y/ ~- W% S$ S1 X
8、将存文件all-in-one复制到当前目录
; U5 c* I. N0 r$ L+ ]6 G' ]* ncp /usr/local/share/kolla-ansible/ansible/inventory/all-in-one .; D/ H) t2 }* P% }, ^6 D; k
9、安装 Ansible Galaxy 依赖项
" [' c- }3 `9 K0 S: w C; gkolla-ansible install-deps7 l8 g8 H. y7 ?- I( o
10、准备初始配置0 g2 |7 t& U0 x/ @- s2 Q
kolla-genpwd
9 S) m5 j: u2 C' f5 |9 |* W9 ? 此命令会自动在/etc/kolla/passwords.yml文件中生成需用到的密码,手动改成我们容易记忆的密码
0 c$ D8 i" z! c5 T6 y9 L0 D1 j. v k k0 Y" W; Q
vim /etc/kolla/passwords.yml
$ ]* L0 K4 U5 p5 j# i6 z! | ironic_database_password: OP51scqsHjnnhyrcNP78EgrueWfCZqLsWsAxr6vY
+ U \# s: T$ F4 ]' `ironic_inspector_database_password: wFGxG2AGUObjFfAgjTik6xKyy45u1q82wJaM9Cpa
2 z- |- i8 f! ?: V8 N3 o# d$ k/ Kironic_inspector_keystone_password: 3oO8YGp0C3lLdCWe9po2KlLuLUtZAlbDS5grxAjn
! H% y6 O( w ~" }: l I* Mironic_keystone_password: LnnnShk6HEM8THNgGrng9wqVFzFGtKNSIIzCfYMd% U, K5 E+ ~2 w
keepalived_password: NzQGRdKBrw3WP9FFbAG0cwHpUNpDMEUolzEWn2Dm6 q) b: _2 M3 M* A
keystone_admin_password: 【登入密码】例如:root1234.9 Y$ u2 j- _/ z% i$ L
keystone_database_password: xaYRCMsOtfPBs27upLeeC8Ve2VuZcmhuKEXvxXFE5 T9 G3 B! {/ z g
keystone_federation_openid_crypto_password: U5q5RIrkZawlGtR0sgHWWMYjO36UJtPWBPnC1vx21 o5 x8 p& j+ w% l! n7 M9 e2 i
" Z) i7 q/ Y2 U! t1 i1 g
修改/etc/kolla/globals.yml文件$ Y- B" M, _+ j# C ^
- B3 Y) N! L9 ?. Y: l" ]vim /etc/kolla/globals.yml7 e& A" U5 p% P5 p
网络部分:+ C$ j2 G; f6 b" K! H
/ @: N: V3 S/ H2 L0 R( B7 H#**********
; t3 L) y% Y4 p; j% Fkolla_internal_vip_address: "192.168.8.88"
" p. l& m5 s9 o% A; I# d. k* c6 |& N) M7 r4 G- K7 c
#**************
1 S6 h% V( B6 u+ o9 cnetwork_interface: "ens160"( a' e0 h" A; K6 U5 i: b
?: D+ A; I* a4 |
neutron_external_interface: "ens190"; c/ e2 F6 W* h
*network_interface设备正常连接,并配IP4可正常上网和科学上网,和192.168.8.88在同一网段。 $ }9 x; Y: J: u) E( n* ^- n
. I% Z- X5 H& x4 n2 W*neutron_external_interface 设备为启用,但不连接状态
2 Q* X+ Q ^- p* E, ~+ G" t' @! h7 C/ z( \2 e; y& g, J1 P% X0 [
启用裸金属配置
( Y" p$ b, B6 P# V; v5 M# }% B
! m' t0 [! ^- v' O#enable_influxdb: "{{ enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb' }}"
7 v- H" }7 B: o* r# i! e8 kenable_ironic: "yes"4 n" Y; v; K B* G
#enable_ironic_neutron_agent: "{{ enable_neutron | bool and enable_ironic | bool }}"9 h1 \4 ?* j) P) q- Z
裸金属配置部分
2 {8 M; f+ L5 B. S
- S( ?* A5 U2 p1 Y#############################+ d# p" E$ y5 `" ^ k/ j% A
# Ironic options4 \! I. T" ~! R& ]9 d( L0 m! e
#############################( p" m7 b) Z8 k7 D+ |7 x4 e
# dnsmasq bind interface for Ironic Inspector, by default is network_interface9 t8 S4 l( K- s2 T d3 y
#ironic_dnsmasq_interface: "{{ network_interface }}"
' y0 [" k$ `4 a( u$ w- b! ]3 n" Iironic_cleaning_network: "public1"
E' n8 S( E; q2 M5 S/ b2 G2 f# The following value must be set when enabling ironic, the value format is a+ |2 p2 D# v& X. t8 b: y
# list of ranges - at least one must be configured, for example:* P8 @, u, o" L7 m# {) j1 H- \1 q3 ]( b* K
# - range: 192.168.0.10,192.168.0.100
9 X+ ~, n0 w/ }# M( l; {( @6 P# See Kolla Ansible docs on Ironic for details.
6 [1 O8 T- H: @0 ]6 p6 _- e; K6 p+ S6 p#ironic_dnsmasq_dhcp_ranges:6 h8 Y ?% g0 h9 H
# PXE bootloader file for Ironic Inspector, relative to /var/lib/ironic/tftpboot.9 ]' f/ g& D! m3 P1 V
#ironic_dnsmasq_boot_file: "pxelinux.0"
+ N6 H" b: H/ R8 D
9 P# G+ S# d( j$ G# PXE bootloader file for Ironic Inspector, relative to /tftpboot.
* f1 h$ L0 Q3 ]- f+ v+ v& q0 r; E+ |ironic_dnsmasq_dhcp_ranges:
& J L. h, w1 u) A4 X' F$ g - range: "192.168.6.100,192.168.6.120,255.255.255.0"
, v7 e: B& o& K) Q$ p5 H5 ]% ~ routers: "192.168.6.1"
: Z, P: p9 `( I6 w# # PXE bootloader file for Ironic Inspector, relative to /tftpboot." J P. h2 Y+ w. Q! }. R
ironic_dnsmasq_boot_file: "pxelinux.0"
- A. V, D" x) X( D @; W# nironic_cleaning_network: "public1"
& o3 V. K8 }3 Qironic_dnsmasq_default_gateway: 192.168.6.1
) F* R6 C, v+ x2 j$ z4 g; g11、 带有 kolla 部署依赖项的引导服务检查
8 T Y/ l" _) S# D3 L3 Q) zkolla-ansible -i ./all-in-one bootstrap-servers
# @& a2 R* F, @此过程中,可能遇到的问题* c/ X- `% w6 s5 m
9 Y# J6 I* j% Q7 w7 o* c1、无法下载docker gpg key文件1 z2 ~! a1 w, v: t0 }7 ]( h
+ S* R% `4 P: a; ~' N3 m
TASK [openstack.kolla.docker : Install docker apt gpg key] ******************************************************************************************************************************************************% E& t6 n! G% p) J; B+ m
fatal: [localhost]: FAILED! => {"changed": false, "dest": "/etc/apt/keyrings/docker.asc", "elapsed": 0, "msg": "Request failed: <urlopen error [Errno 104] Connection reset by peer>", "url": "https://download.docker.com/linux/ubuntu/gpg"}
9 L7 H* x5 f% Q: I9 J$ ~+ M
- ~* m' L: j! X) IPLAY RECAP ******************************************************************************************************************************************************************************************************, e% H, _- _8 f; Y: e
localhost : ok=15 changed=4 unreachable=0 failed=1 skipped=4 rescued=0 ignored=0 ' \ X5 l9 \2 K' i) T
kolla-ansible无法安装docker官网的gpg文件,可用科学上网或是代理方法手工导入。例如
. m$ i3 z6 h0 ?8 Q* D: N
P }& o% O6 d0 Z! @$ Wcurl -x http://103.41.117.2:912 -U username:password -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
1 Y. O5 X$ ]8 Z$ K$ W0 Y8 b2 f2、设置apt repository错误! S8 r2 e+ w3 I- c8 L9 r
& R- o: E) U1 @TASK [openstack.kolla.docker : Enable docker apt repository] ****************************************************************************************************************************************************3 L8 O$ G0 |9 Z
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ jammy: /usr/share/keyrings/docker-archive-keyring.gpg != /etc/apt/keyrings/docker.asc, E:The list of sources could not be read.
; l' k& A w- a( |( U. V- Yfatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/root/.ansible/tmp/ansible-tmp-1726959353.5827672-18889-136818767683024/AnsiballZ_apt_repository.py\", line 107, in <module>\n _ansiballz_main()\n File \"/root/.ansible/tmp/ansible-tmp-1726959353.5827672-18889-136818767683024/AnsiballZ_apt_repository.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/root/.ansible/tmp/ansible-tmp-1726959353.5827672-18889-136818767683024/AnsiballZ_apt_repository.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible.modules.apt_repository', init_globals=dict(_module_fqn='ansible.modules.apt_repository', _modlib_path=modlib_path),\n File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_apt_repository_payload_hw0whgee/ansible_apt_repository_payload.zip/ansible/modules/apt_repository.py\", line 765, in <module>\n File \"/tmp/ansible_apt_repository_payload_hw0whgee/ansible_apt_repository_payload.zip/ansible/modules/apt_repository.py\", line 742, in main\n File \"/usr/lib/python3/dist-packages/apt/cache.py\", line 152, in __init__\n self.open(progress)\n File \"/usr/lib/python3/dist-packages/apt/cache.py\", line 214, in open\n self._cache = apt_pkg.Cache(progress)\napt_pkg.Error: E:Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ jammy: /usr/share/keyrings/docker-archive-keyring.gpg != /etc/apt/keyrings/docker.asc, E:The list of sources could not be read.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
/ ?$ w2 P0 [ t+ l9 ^, w/ ~ 科学上网可以解决,或者可以手工导入docker官方源! v- m! t9 A' Z' ^, h$ [, L+ L
; A' c: @" f# T# n8 x
sudo tee /etc/apt/sources.list.d/docker.list <<EOF* Z2 b. Q/ v/ y( P# y
deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable2 g8 d9 x$ |& I" s. G/ ?7 x1 z& c* @+ b
EOF
) [& N* p# h a, u. u12、对主机进行部署前检查* P# r" [9 Q; J0 l/ W( M! S
kolla-ansible -i ./all-in-one prechecks
# s9 A/ o \. W% z/ |5 m 13、实际的OpenStack部署
3 M5 V* @$ D" w; mkolla-ansible -i ./all-in-one deploy* I" g9 w& X& ?
部署成功后,裸金属向导界面为
4 W+ j7 _& F+ C, E' {6 W( _, s- E4 U* R7 ] B/ f% ?* x2 G
( e8 M2 Z _4 C
9 q/ L* C# r! }
注册节点驱动属性增加http下载
- M2 I% B) d' H+ Z: y+ x+ G
- g( ]$ R! O s& O# u9 x9 M" @. M% l/ y) V; q: @3 u
7 H8 M& n/ k! T( g% f
5 c4 t, Q' y" _7 O4 t* `; k: S
2 H. C7 V- s4 l- h0 Y$ w
四、其他问题
A; e6 h2 O- t* a2 a3 F# N) o& ^1、部署出问题时,摧毁所有系统配置。/ j8 H. I% \5 u' N. H# g: \
kolla-ansible destroy -i ./all-in-one --yes-i-really-really-mean-it6 k4 z" I: @( E- U: E% d* [
6 m& D8 P! S2 h) |0 \- r8 Z, C
2、安装CLI客户端( v* P6 D; r5 r! |
pip install python-openstackclient -c https://releases.openstack.org/constraints/upper/2023.2
5 [( {( @6 v$ m" a9 j8 [' ?
8 o: y4 v( g+ D0 \3、生成管理员认证访问凭据文件) O/ O6 r2 K% t0 A, h
kolla-ansible post-deploy
. N J& D! W/ ~* {* L- j$ ?# v# @% w0 q9 c0 y
cp /etc/kolla/admin-openrc.sh .! F* r( a7 z7 A3 w8 J
使用CLI访问时,可先启用, C1 R5 T7 v* n/ {# ^% E8 `+ O
0 _" |0 e, m$ F# b; w$ d: G
. admin-openrc.sh
5 c9 R* _3 G O 运行测试
0 E6 C* Q, m5 T, g9 P5 R& a( e, I" I
root@odoo16e-server:~# . admin-openrc.sh
5 f$ a* D' S4 J5 z2 ` aroot@odoo16e-server:~# openstack compute service list
, _( Q: ~6 x! I3 _+--------------------------------------+----------------+-----------------------+----------+---------+-------+----------------------------+
8 T, V d$ O" [4 S0 f9 }| ID | Binary | Host | Zone | Status | State | Updated At |
+ j- z5 u! [4 b& \ X8 s6 n+--------------------------------------+----------------+-----------------------+----------+---------+-------+----------------------------+
! P$ x! g7 l4 D8 }' ^| 67f25603-5d6e-4327-a9d2-b0fd341876f3 | nova-conductor | odoo16e-server | internal | enabled | up | 2024-09-19T03:31:17.000000 |2 U! w' P5 P4 h, n
| f49326e1-1608-4546-bed0-123dd2e52af8 | nova-compute | odoo16e-server | nova | enabled | up | 2024-09-19T03:31:13.000000 |8 J* I- y+ ]: [! V; ^& x: x
| b26f35c0-bb02-4151-8df4-e30d65eb6e4a | nova-compute | odoo16e-server-ironic | nova | enabled | up | 2024-09-19T03:31:19.000000 |
+ x/ W! E2 s5 U* X. Y* c| 9b988858-bcbf-4fce-8b55-c0c01e30a463 | nova-scheduler | odoo16e-server | internal | enabled | up | 2024-09-19T03:31:19.000000 |! \/ V2 h7 ]2 A4 R" e
+--------------------------------------+----------------+-----------------------+----------+---------+-------+----------------------------+
" |0 \" T1 ~& L0 } M) H# O W/ R- k/ }
* }. |4 y: {; d: x: D$ k
|
|
发表于 2025-3-17 10:00:02