kolla-ansible 部署OpenStack queens版本（转）

一. 实验环境：

• 3台主机安装CentOS7 minimal系统64G内存，800G+1T * 3硬盘（其中1T盘为后期ceph部署做准备），4个千兆网卡：

  用途	网口	ip地址段
  控制网络	enp2s0f0	192.168.118.0/24
  openstack external	enp2s0f1	无ip
  neutron vxlan tunnel	enp2s0f2	10.0.1.0/24
  ceph集群后端	enp2s0f3	10.0.0.0/24

• 主机网络规划：

  host	IP address	remark
  controller203	192.168.118.203	1
  compute204	192.168.118.204	2
  compute205	192.168.118.205	3
  kolla	192.168.118.212
  virtulal IP	192.168.118.209
  虚拟地址池	192.168.118.216-220

  

二. 控制以及计算节点初始化操作：

• 使用以下脚本对每个计算机进行初始化配置（kolla为0）执行 sh initnode.sh n(n代表第几台主机)

  # /usr/bin/bash
  
  if  !( test -f nodes )
  then
  	exit 1
  fi
  	
  systemctl stop firewalld && systemctl disable firewalld
  yum update -y
  yum install -y wget vim net-tools
  wget -P /etc/yum.repos.d/ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  yum install -y docker-ce
  mkdir -pv /etc/docker
  systemctl restart docker && systemctl status docker
  
  #set hostanme
  kolla=`sed '/^kolla=/!d;s/.*=//' /opentack/nodes`
  if [ $1 -eq 0 ] ; then
  	echo "\n$kolla\tkolla" > /etc/hostname
  	`hostname kolla`
  else if [ $1 -lt 3 ] ; then
  		`hostname controller0${
        1}`
  		echo "controller0${1}" > /etc/hostname
  else
  		name=${
       printf "%03s" $1}
  		`hostname conmpute${
        name}`
  		echo "compute${name}" > /etc/hostname	
  fi
  #set hosts
  nodes=`sed '/^nodes=/!d;s/.*=//' /openstack/nodes`
  array=(${nodes//,/ }) 
  i=1
  for var in ${array[@]}
  do
  	if [ $i -lt 4 ]; then
  		echo -e "\n$var\tcontroller0$i"  >>  /etc/hosts
  	else
  		name=${
       printf "%03s" $i}
  		echo -e "\n$var\tcomppute$name"  >>  /etc/hosts
  	fi
  	$i=$i+1
  done
  
  reboot
  

• 各节点主机初始化内容：

  • 配置网卡信息
  • 关闭防火墙
  • 安装docker
  • 修改hostname以及添加hosts信息

三. kolla主机配置

设置各节点主机之间免密登录

生成并存储秘钥

ssh-keygen
pub_key=`cat ~/.ssh/id_rsa.pub`
echo "$pub_key root@kolla" >> ~/.ssh/authorized_keys
echo "$pub_key root@controller01" >> ~/.ssh/authorized_keys
echo "$pub_key root@controller02" >> ~/.ssh/authorized_keys
echo "$pub_key root@controller03" >> ~/.ssh/authorized_keys
#echo "$pub_key root@compute001" >> ~/.ssh/authorized_keys
#echo "$pub_key root@compute002" >> ~/.ssh/authorized_keys

将authorized_key文件发放到各主机的~/.ssh/目录

scp  ~/.ssh/authorized_keys  root@controller01:~/.ssh/
scp  ~/.ssh/authorized_keys  root@controller02:~/.ssh/
scp  ~/.ssh/authorized_keys  root@controller03:~/.ssh/
#scp  ~/.ssh/authorized_keys  root@compute001:~/.ssh/
#scp  ~/.ssh/authorized_keys  root@compute002:~/.ssh/

配置docker仓库：

配置国内镜像：

[root@kolla ~]# mkdir -p /etc/docker
[root@kolla ~]# vim /etc/docker/daemon.json
{
   
	"registry-mirrors": [
    "https://registry.docker-cn.com",
    "https://docker.mirrors.ustc.edu.cn",
    "http://hub-mirror.c.163.com",
    "https://cr.console.aliyun.com/",
    "http://f2d6cb40.m.daocloud.io"
   	 ]
}

启动docker

[root@kolla ~]# systemctl daemon-reload && systemctl enable	docker && systemctl restart docker

检查镜像站点配置是否正确

[root@kolla ~]# docker pull hello-world

安装依赖软件

安装pip并更新

[root@kolla ~]# yum insatll epel-release -y
[root@kolla ~]# yum insatll python-pip -y
[root@kolla ~]# pip install -U pip

修改pip源

[root@kolla ~]# mkdir ~/.pip
[root@kolla ~]# vim ~/.pip/pip.conf
[global]
trusted-host = pypi.douban.com
index-url = http://pypi.douban.com/simple

安装其他依赖包

[root@kolla ~]# yum install python-devel libffi-devel gcc openssl-devel libselinux-python -y

安装配置ansible：

先使用pip安装再使用yum安装，防止某些py包版本太低

[root@kolla ~]# pip install ansible
[root@kolla ~]# yum install ansible -y

在/etc/ansible/ansible.cfg配置文件中添加以下内容：

[defaults]
host_key_checking=False
pipelining=True
forks=100

安装配置kolla-ansible：

使用pip安装kolla-ansible：

pip install kolla-ansible

复制global.yml和password.yml文件到/etc/kolla目录:

cp -r /usr/share/kolla-ansible/etc_examples/kolla /etc/kolla/

复制all-in-one 和multinode 文件到当前操作目录：

cp /usr/share/kolla-ansible/ansible/inventory/*` .
	 ```
#### 修改global.yml文件
[global.yml](http://paste.ubuntu.org.cn/4360073)
```bash
---
# You can use this file to override _any_ variable throughout Kolla.
# Additional options can be found in the
# 'kolla-ansible/ansible/group_vars/all.yml' file. Default value of all the
# commented parameters are shown here, To override the default value uncomment
# the parameter and change its value.
 
###############
# Kolla options
###############
# Valid options are [ COPY_ONCE, COPY_ALWAYS ]
#config_strategy: "COPY_ALWAYS"
 
# Valid options are ['centos', 'debian', 'oraclelinux', 'rhel', 'ubuntu']
kolla_base_distro: "centos"
 
# Valid options are [ binary, source ]
kolla_install_type: "source"
 
# Valid option is Docker repository tag
openstack_release: "queens"
 
# Location of configuration overrides
#node_custom_config: "/etc/kolla/config"
 
# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availability. If you want to run an
# All-In-One without haproxy and keepalived, you can set enable_haproxy to no
# in "OpenStack options" section, and set this value to the IP of your
# 'network_interface' as set in the Networking section below.
kolla_internal_vip_address: "192.168.118.209"
 
# This is the DNS name that maps to the kolla_internal_vip_address VIP. By
# default it is the same as kolla_internal_vip_address.
#kolla_internal_fqdn: "{
   { kolla_internal_vip_address }}"
 
# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availability. It defaults to the
# kolla_internal_vip_address, allowing internal and external communication to
# share the same address.  Specify a kolla_external_vip_address to separate
# internal and external requests between two VIPs.
#kolla_external_vip_address: "{
   { kolla_internal_vip_address }}"
 
# The Public address used to communicate with OpenStack as set in the public_url
# for the endpoints that will be created. This DNS name should map to
# kolla_external_vip_address.
#kolla_external_fqdn: "{
   { kolla_external_vip_address }}"
 
################
# Docker options
################
# Below is an example of a private repository with authentication. Note the
# Docker registry password can also be set in the passwords.yml file.
 
docker_registry: "192.168.118.212:4000"
#docker_namespace: "companyname"
#docker_registry_username: "sam"
#docker_registry_password: "correcthorsebatterystaple"
 
###################
# Messaging options
###################
# Below is an example of an separate backend that provides brokerless
# messaging for oslo.messaging RPC communications
 
#om_rpc_transport: "amqp"
#om_rpc_user: "{
   { qdrouterd_user }}"
#om_rpc_password: "{
   { qdrouterd_password }}"
#om_rpc_port: "{
   { qdrouterd_port }}"
#om_rpc_group: "qdrouterd"
 
 
##############################
# Neutron - Networking Options
##############################
# This interface is what all your api services will be bound to by default.
# Additionally, all vxlan/tunnel and storage network traffic will go over this
# interface by default. This interface must contain an IPv4 address.
# It is possible for hosts to have non-matching names of interfaces - these can
# be set in an inventory file per host or per group or stored separately, see
#     http://docs.ansible.com/ansible/intro_inventory.html
# Yet another way to workaround the naming problem is to create a bond for the
# interface on all hosts and give the bond name here. Similar strategy can be
# followed for other types of interfaces.
network_interface: "enp0s31f6"
 
# These can be adjusted for even more customization. The default is the same as
# the 'network_interface'. These interfaces must contain an IPv4 address.
#kolla_external_vip_interface: "{
   { network_interface }}"
#api_interface: "{
   { network_interface }}"
#storage_interface: "{
   { network_interface }}"
#cluster_interface: "{
   { network_interface }}"
#tunnel_interface: "{
   { network_interface }}"
#dns_interface: "{
   { network_interface }}"
 
# This is the raw interface given to neutron as its external network port. Even
# though an IP address can exist on this interface, it will be unusable in most
# configurations. It is recommended this interface not be configured with any IP
# addresses for that reason.
#neutron_external_interface: "eth1"
 
# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ]
#neutron_plugin_agent: "openvswitch"
 
 
####################
# keepalived options
####################
# Arbitrary unique number from 0..255
#keepalived_virtual_router_id: "51"
 
 
#############
# TLS options
#############
# To provide encryption and authentication on the kolla_external_vip_interface,
# TLS can be enabled.  When TLS is enabled, certificates must be provided to
# allow clients to perform authentication.
#kolla_enable_tls_external: "no"
#kolla_external_fqdn_cert: "{
   { node_config_directory }}/certificates/haproxy.pem"
 
 
##############
# OpenDaylight
##############
#enable_opendaylight_qos: "no"
#enable_opendaylight_l3: "yes"
 
###################
# OpenStack options
###################
# Use these options to set the various log levels across all OpenStack projects
# Valid options are [ True, False ]