准备工作
系统:Centos7
服务器:两台 物理机
配置:内存:188GB | 硬盘: 19T | CPU: 39 core
部署步骤:
更改主机名,此处有个坑,之前装时设置的域名是:openstack-master1-iuap-idc-yycloud.yonyouiuap.com, 结果导致rabbitmq服务启不来,网上查的是有两个原因, 一个可能是端口被占用, 另一个是主机名设置的问题, 此处设置为短名, openstack1和openstack2:
hostnamectlset-hostnameopenstack1.yonyouiuap.com
网络配置:
网卡一, 用于openstack自身容器服务及VIP对外服务:
HWADDR = 6C : 92 : BF : 4A : 36 : 4C
TYPE = Ethernet
BOOTPROTO = static
DEFROUTE = yes
PEERDNS = yes
PEERROUTES = yes
IPV4_FAILURE_FATAL = no
IPV6INIT = yes
IPV6_AUTOCONF = yes
IPV6_DEFROUTE = yes
IPV6_PEERDNS = yes
IPV6_PEERROUTES = yes
IPV6_FAILURE_FATAL = no
NAME = eno1
UUID = 951a1ef0 - bee5 - 477f - 8f3f - 4ada0b1e0a9b
ONBOOT = yes
IPADDR = 172.x.x.128
PREFIX = 24
GATEWAY = 172.x.x.1
DNS1 = 10.x.x.14
DNS2 = 10.x.x.15
网卡二, 用于在openstack上跑的云主机对外访问和远程访问云主机, 不用配置IP地址:
| HWADDR = 6C : 92 : BF : 4A : 36 : 4D TYPE = Ethernet BOOTPROTO = static DEFROUTE = no PEERDNS = yes PEERROUTES = no IPV4_FAILURE_FATAL = no IPV6INIT = yes IPV6_AUTOCONF = yes IPV6_DEFROUTE = yes IPV6_PEERDNS = yes IPV6_PEERROUTES = yes IPV6_FAILURE_FATAL = no NAME = eno2 UUID = 1890c055 - f6bd - 47d0 - 83ee - dddffdcf544f ONBOOT = yes |
安装NTP服务
CentOS系统
| $ yum install - y chrony 配置 NTP服务: $ \ cp - f / usr / share / zoneinfo / Asia / Shanghai / etc / localtime $ vim / etc / chrony . conf server 0.cn.pool.ntp.org iburst server 1.cn.pool.ntp.org iburst server 2.cn.pool.ntp.org iburst server 3.cn.pool.ntp.org iburst #重启NTP服务: $ systemctl enable chronyd . service $ systemctl restart chronyd . service |
在所有节点配置hosts文件:
[ root @ openstack1 lokolla ] # cat /etc/hosts
127.0.0.1 localhost localhost . localdomain localhost4 localhost4 . localdomain4
:: 1 localhost localhost . localdomain localhost6 localhost6 . localdomain6
172.20.23.128 openstack1 . yonyouiuap . com openstack1
172.20.23.129 openstack2 . yonyouiuap . com openstack2
172.20.23.191 openstack3 . yonyouiuap . com openstack3
172.20.23.193 openstack4 . yonyouiuap . com openstack4
172.20.23.195 openstack5 . yonyouiuap . com openstack5
所有节点关闭防火墙
salt "*" cmd . run "systemctl stop firewalld" salt "*" cmd . run "systemctl disable firewalld"
所有节点关闭 selinux并重启
[ root @ master1 yum . repos . d ] # cat /etc/selinux/config |grep -v ^#|awk NF SELINUX=disabled SELINUXTYPE=targeted
所有节点关闭 NetworkManager
salt "*" cmd . run "systemctl stop NetworkManager" salt "*" cmd . run "systemctl disable NetworkManager"
所有节点关闭 libvirted
salt "*" cmd . run "systemctl stop libvirtd.service" salt "*" cmd . run "systemctl disable libvirtd.service"
所有节点加载 rbd模块
salt "*" cmd . run "modprobe rbd" salt "*" cmd . run "lsmod|grep rbd"
在所有节点配置ssh密钥互通:
ssh - keygen
ssh - copy - id root @ 172.x.x.128
安装docker基础配置:
[ root @ openstack1 ~ ] # cat /etc/sysconfig/selinux | grep -i '^selinux='
SELINUX = disabled
[ root @ openstack1 ~ ] # setenforce 0
[ root @ openstack1 ~ ] # systemctl stop firewalld
[ root @ openstack1 ~ ] # systemctl disable firewalld
##关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
[ root @ openstack1 ~ ] # yum install epel-release
##安装系统中常用的必要组件
[ root @ openstack1 ~ ] # yum install -y tree net-tools bind-utils tree sysstat vim-en* \
lrzsz NetworkManager - tui ntp ntpdate iftop tcpdump telnet traceroute python - devel \
libffi - devel gcc openssl - devel git python - setuptools
[ root @ openstack1 ~ ] # curl -sSL https://get.docker.io | bash //注:这条命令安装的是最新版的docker,会默认下载docker源
# 或者选择yum安装方式:
[ root @ openstack1 ~ ] # tee /etc/yum.repos.d/docker.repo << 'EOF'
[ dockerrepo ]
name = Docker Repository
baseurl = https : //yum.dockerproject.org/repo/main/centos/$releasever/
enabled = 1
gpgcheck = 1
gpgkey = https : //yum.dockerproject.org/gpg
EOF
[ root @ openstack1 ~ ] # yum install -y docker-engine
[ root @ openstack1 ~ ] # mkdir -p /etc/systemd/system/docker.service.d
[ root @ openstack1 ~ ] # tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
[ Service ]
MountFlags = shared
#EnvironmentFile=/etc/sysconfig/docker
ExecStart =
ExecStart = / usr / bin / dockerd -- insecure - registry 0.0.0.0 / 0
EOF
[ root @ openstack1 ~ ] # systemctl daemon-reload
[ root @ openstack1 ~ ] # systemctl restart docker
[ root @ openstack1 ~ ] # systemctl enable docker.service
[ root @ openstack1 ~ ] # pip install --upgrade pip
[ root @ openstack1 ~ ] # pip install -U docker #安装Docker Python服务
[ root @ openstack1 ~ ] # pip install kolla ##安装kolla
[ root @ openstack1 ~ ] # pip install kolla-ansible #安装Kolla Ansible服务
拷贝配置文件
$ cp - r / usr / share / kolla - ansible / etc_examples / kolla / etc / kolla
$ mkdir - p / openstack / kolla - deploy
$ cp / usr / share / kolla - ansible / ansible / inventory / * / openstack / kolla - deploy /
生成密码
##生成密码,更改的配置文件为/etc/kolla/passwords.yml;
$ kolla - genpwd
##自定密码:
$ vim / etc / kolla / passwords . yml
keystone_admin_password : admin
下载build好的镜像,建立私有仓库,这里,下载使用Kolla社区的pike版本镜像(免去在本地环境docker build的过程,
大大加快安装时间)。Ocata版本是4.0.3, pike版本是5.0.1, 事实证明Ocata版本有Bug,
装完后会导致centos-source-cinder-api和centos-source-fluentd两个容器启动失败。
[ root @ openstack1 ~ ] # wget http://tarballs.openstack.org/kolla/images/centos-source-registry-pike.tar.gz
[ root @ openstack1 ~ ] # docker load -i centos-source-registry-pike.tar.gz
[ root @ openstack1 ~ ] # mkdir /opt/registry
[ root @ openstack1 ~ ] # tar -xf centos-source-registry-ocata.tar.gz -C /opt/registry/
[ root @ openstack1 ~ ] # docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2
## /opt/registry是宿主机的目录,默认docker的registry是使用5000端口,对于OpenStack来说,有端口冲突,所以改成4000
[ root @ openstack1 ~ ] # curl http://127.0.0.1:4000/v2/_catalog #可以通过curl来访问验证本地Registry是否正常,检查镜像解压到regisrty是否有效
仓库里面存在的镜像
查看该镜像的 tag
curl - XGET http : //127.0.0.1:4000/v2/kolla/centos-binary-nova-compute/tags/list
如果是在虚拟机里装kolla,希望可以虚拟机中再启动云主机,那么你需要把virt_type=qemu
# egrep -c '(vmx|svm)' /proc/cpuinfo
# mkdir -p /etc/kolla/config/nova //服务器默认就是kvm,无需操作该步骤。
cat << EOF > / etc / kolla / config / nova / nova - compute . conf
[ libvirt ]
virt_type = qemu
cpu_mode = none
EOF
配置Kolla
下面是我的配置,此处要注意,kolla_internal_vip_address是配置的没有使用的IP,如果配置的IP已经被使用的话会报错 :
[ root @ openstack1 ~ ] # grep -v ^# /etc/kolla/globals.yml |grep -v ^$
-- -
kolla_base_distro : "centos"
kolla_install_type : "source"
openstack_release : "5.0.1"
kolla_internal_vip_address : "172.x.x.132"
kolla_external_vip_address : "{{ kolla_internal_vip_address }}"
docker_registry : "172.x.x.128:4000"
docker_namespace : "lokolla"
network_interface : "eno1"
api_interface : "{{ network_interface }}"
storage_interface : "{{ network_interface }}"
cluster_interface : "{{ network_interface }}"
tunnel_interface : "{{ network_interface }}"
neutron_external_interface : "eno2"
keepalived_virtual_router_id : "200"
openstack_logging_debug : "True"
enable_ceilometer : "yes"
enable_central_logging : "yes"
enable_ceph : "yes"
enable_ceph_rgw : "yes"
enable_chrony : "yes"
enable_cinder : "yes"
enable_gnocchi : "yes"
enable_grafana : "yes"
enable_haproxy : "yes"
enable_mongodb : "yes"
enable_neutron_lbaas : "yes"
enable_neutron_fwaas : "yes"
enable_neutron_qos : "yes"
enable_neutron_agent_ha : "yes"
ceph_enable_cache : "yes"
ceph_cache_mode : "writeback"
enable_ceph_rgw_keystone : "yes"
glance_backend_file : "no"
glance_backend_ceph : "yes"
cinder_backend_ceph : "{{ enable_ceph }}"
designate_backend : "bind9"
designate_ns_record : "sample.openstack.org"
nova_backend_ceph : "{{ enable_ceph }}"
tempest_image_id :
tempest_flavor_ref_id :
tempest_public_network_id :
tempest_floating_network_name :
定义节点cat multinode:
[ control ]
openstack1
openstack2
openstack3
[ network ]
openstack1
openstack2
openstack3
[ compute ]
openstack1
openstack2
openstack3
openstack4
openstack5
[ monitoring ]
openstack1
openstack2
openstack3
[ storage ]
openstack1
openstack2
openstack3
openstack4
openstack5
[ deployment ]
openstack1 ansible_connection = local
准备ceph磁盘
在2台虚拟机的节点上,除去系统盘还有有其它2块硬盘,sdb、sdc
这里我们将sdb做为osd节点,sdc为日志节点。Kolla对ceph的osd及日志盘的识别是通过卷标来实现的,
如osd的卷标为KOLLA_CEPH_OSD_BOOTSTRAP,
journal的卷标为KOLLA_CEPH_OSD_BOOTSTRAP_J
因为有三块盘,分别是sda, sdb, sdc,sda是系统盘, sdb做osd盘, sdc做journal盘
格式化所有osd的磁盘,这里我们用ansible统一执行
# ansible -i multinode all -m shell -a 'parted /dev/sdb -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP 1 -1'
格式所有journal的盘
# ansible -i multinode all -m shell -a 'parted /dev/sdc -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_J 1 -1'
下面是我用的初始化ceph磁盘的脚本,(openstack1和openstack2有两块磁盘, 分别是sdb和sdc(SSD),
其它3台openstack[3-5]分别有6块sata盘, 一块SSD盘):
#!/bin/bash
salt 'openstack[1-2]' cmd . run 'parted /dev/sdb -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDB 1 -1'
salt 'openstack[1-2]' cmd . run 'parted /dev/sdc -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDB_J 1 -1'
#data
salt 'openstack[3-5]' cmd . run 'parted /dev/sdc -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDC 1 -1'
salt 'openstack[3-5]' cmd . run 'parted /dev/sdd -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDD 1 -1'
salt 'openstack[3-5]' cmd . run 'parted /dev/sde -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDE 1 -1'
salt 'openstack[3-5]' cmd . run 'parted /dev/sdf -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDF 1 -1'
salt 'openstack[3-5]' cmd . run 'parted /dev/sdg -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDG 1 -1'
salt 'openstack[3-5]' cmd . run 'parted /dev/sdh -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDH 1 -1'
#journal
salt 'openstack[3-5]' cmd . run 'parted /dev/sdb -s mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDC_J 0% 16% \
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDD_J 16% 32% \
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDE_J 32% 48% \
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDF_J 48% 64% \
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDG_J 64% 80% \
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDH_J 80% 100%'
新建/etc/kolla/config/ceph.conf,指定ceph的一些参数,如副本数:
[root@openstack1 lokolla]# cat /etc/kolla/config/ceph.conf
[global]
osd pool default size = 3
osd pool default min size = 2
开始安装
kolla自动检查配置基础环境:
kolla-ansible-i/opt/ansible/multinodebootstrap-servers
验证目标节点是否满足部署要求:
$kolla-ansibleprechecks-i/openstack/kolla-deploy/multinode
没有报错直接进行安装:
kolla-ansibledeploy-i/openstack/kolla-deploy/multinode-vvvv
生成环境变量文件
- 生成的脚本的路径:
/etc/kolla/admin-openrc.sh;
$ kolla - ansible post - deploy - i / openstack / kolla - deploy / multinode
文件路径为
/ etc / kolla / admin - openrc . sh
$ cp / etc / kolla / admin - openrc . sh / root /
$ source / root / admin - openrc . sh
文件路径为
/etc/kolla/admin-openrc.sh
cp /etc/kolla/admin-openrc.sh /root/
source /root/admin-openrc.sh
安装OpenStackClient
$ pip install - U python - openstackclient
$ pip install python - neutronclient
生成网络, 利用自动生成脚本(一个测试脚本,自动下载镜像,上传,创建网络,创建路由器……):
vim / usr / share / kolla - ansible / init - runonce
按实际修改如下配置 , 主要是修改 external网络 :
IMAGE_URL = http : //download.cirros-cloud.net/0.3.5/
IMAGE = cirros - 0.3.5 - x86_64 - disk . img
IMAGE_NAME = cirros
IMAGE_TYPE = linux
EXT_NET_CIDR = '172.x.x.0/24'
EXT_NET_RANGE = 'start=172.x.x.133,end=172.x.x.180'
EXT_NET_GATEWAY = '172.x.x.1'
Error处理:
1. Docker Py
- 问题:
Error: 'module' object has no attribute 'Client'; - 解决方法:
Docker-Py版本的问题, 从2.0版本开始由Client更新为APIClient;
$ pip uninstall docker
$ pip uninstall docker - py
$ pip install - U docker
部署技巧:
1)如果,在部署过程中失败了,亦或是变更了配置信息,需要重新部署,则先执行如下命令,清除掉已部署的Docker容器,即OpenStack服务。
kolla - ansible destroy - i / openstack / kolla - deploy / multinode -- yes - i - really - really - mean - it
2)除此外,还有一些小工具,在自己需要时,可以使用。
- kolla-ansible prechecks:在执行部署命令之前,先检查环境是否正确;
- tools/cleanup-containers:可用于从系统中移除部署的容器;
- tools/cleanup-host:可用于移除由于网络变化引发的Docker启动的neutron-agents主机;
- tools/cleanup-images:可用于从本地缓存中移除所有的docker image。
最后,可以使用docker ps –a命令查看到OpenStack 所有服务的容器。
2. No valid host was found. there are not enough hosts available.
创建虚机时报上面的错, 查看Log(nova-placement-api.log),log目录在宿主机/var/lib/docker/volumes/kolla_logs/_data/:
: libvirtError: internal error: qemu unexpectedly closed the monitor: 2017-11-10T14:18:30.341372Z qemu-kvm: -chardev pty,id=charserial0,logfile=/var/lib/nova/instances/80f7f03e-7b9c-47aa-912f-08279c92d41e/console.log,logappend=off: Unable to open logfile /var/lib/nova/instances/80f7f03e-7b9c-47aa-912f-08279c92d41e/console.log: Permission denied
参考这篇文章: https://computingforgeeks.com/permission-denied-while-starting-instance-in-openstack/
配置文件中增加以下内容:
cat / etc / kolla / nova - libvirt / qemu . conf
stdio_handler = "file"
user = "nova"
group = "nova"
dynamic_ownership = 1
重启centos-source-nova-libvirt容器, 问题解决.
1. 用kolla安装openstack的N版,如果多节点部署,而且lbaas enble,则出现neutron_server一直是Restarting的状态,
看日志的报错是:ImportError: Plugin ‘neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2’ not found
解决思路:创建的neutorn-server的没有neutron-lbaas代码,neutron-base镜像里面应该也没有neutron-lbaas代码,
解决方法:
pass
2. 进入horizon后不能使用yum,运行yum的任何命令都卡死
解决思路:
yum也是用python写的,自己调试也比较得心应手,所以先调试了一会,发现是不能读取配置,在网上查询说可能是数据库连接不到,
重建数据库就好
解决方法:
rm -rf /var/lib/rpm/__db.00*
rpm -rebuilddb
3. 如果修改kolla部署的docker容器里面的配置文件,如horizon.conf,重启docker后文件还会变回原来的
解决思路:
应该是重启docker容器会从指定位置拷贝配置文件
解决方法:
docker重启会从/etc/kolla重新拷贝,如horizon容器,需要去宿主机的/etc/kolla/horizon里面修改,此目录下有三个文件config.json horizon.conf local_settings,其中config.json会指定重启docker都拷贝哪些文件
4.precheck时报错:
ERROR! Unexpected Exception, this is probably a bug: {{ neutron_tenant_network_types.replace(‘ ‘, ”).split(‘,’) | reject(‘equalto’, ”) | list }}: no test named ‘equalto’
分析:是jinja2版本的低问题,如下是版本信息:
[ root @ openstack1 ~ ] # pip show jinja2
Name : Jinja2
Version : 2.9.6
Summary : A small but fast and easy to use stand - alone template engine written in pure python .
Home - page : http : //jinja.pocoo.org/
Author : Armin Ronacher
Author - email : armin . ronacher @ active - 4.com
License : BSD
Location : / usr / lib / python2 . 7 / site - packages
Requires : MarkupSafe
解决,升级jinja2版本:
pip install https : //github.com/pallets/jinja/zipball/master
再检查版本:
[ root @ openstack2 ~ ] # pip show jinja2
Name : Jinja2
Version : 2.11.dev0
Summary : A small but fast and easy to use stand - alone template engine written in pure python .
Home - page : http : //jinja.pocoo.org/
Author : Armin Ronacher
Author - email : armin . ronacher @ active - 4.com
License : BSD
Location : / usr / lib / python2 . 7 / site - packages
Requires : MarkupSafe
错误:No module named ‘requests.packages.urllib3
解决方法:参考http://www.niuhp.com/,
经查阅各种资料发现主要是 requests 和 urllib3 的问题,而 requests 的版本需要为 2.6.0,因此我们需要按照如下方式安装
pipinstall--upgrade--force-reinstall'requests==2.6.0'urllib3
错误: TASK [ceph : Fetching Ceph keyrings] *******************************************
fatal: [controller01]: FAILED! => {“failed”: true, “msg”: “The conditional check ‘{{ (ceph_files_json.stdout | from_json).changed }}’ failed. The error was: No JSON object could be decoded”
参考:http://wangyaohua.cn/wordpress/?p=805
原因如下:
在我删除容器和镜像,并且清除了相关硬盘后,kolla生成的相关volume是没有删除的。其还存在于/var/lib/docker/volume下,而我之后的kolla-ansible destroy 会删除相关的容器,并根据删除的容器删除相关的卷。但是这些容器已经被我提前删完了,所以这volume是没有删除的。因此当再次构建kolla时,这些已经存在的volume会阻止ceph_mon的启动,会导致上述错误Ceph keyring无法获取而产生的一些错误。因此 删除掉docker volume ls下的卷。再次部署就能够成功的解决问题
删除卷:
docker volume rm $(docker volume ls -f dangling=true -q)
rabbitmq集群报错:
Slogan : Kernel pid terminated ( application_controller )
( { application_start_failure , kernel , { { shutdown , { failed_to_start_child , net_sup ,
{ shutdown , { failed_to_start_child , net_kernel , { 'EXIT' , nodistribution } } } } } , { k
解决:
修改用户数限制:
vim / etc / security / limits . conf
* soft nofile 65536
* hard nofile 65536
ulimit - n
echo "fs.file-max = 10000000" >> / etc / sysctl . conf
sysctl - p
虚拟机中测试kolla
需要注意的是如果是在虚拟机中测试kolla需要在宿主机上修改nova-compute的配置文件 为virt_type=qemu不然默认用的是kvm,会造成创建云主机失败。
vim /etc/kolla/nova-compute/nova.conf
新建/etc/kolla/config/nova.conf
[libvirt]
virt_type=qemu
重启这个容器。
docker restart nova_compute
openstack 服务配置的修改
# kolla-ansible -i multinode reconfigure
最终命令执行完,配置修改完毕。
注意。ESXi的虚拟机端口组要把混杂模式和伪传输打开,不然后br-ex的网络出不去
修改创建虚机时自动生成的novalocal的主机名为自定义主机名:
编辑/etc/kolla/nova-api/nova.conf, 在[DEFAULT]下添加:
dhcp_domain = yonyouiuap.com
重启nova-api服务
修改resolv.conf的默认search域:
编辑/etc/kolla/neutron-dhcp-agent/neutron.conf, 在[DEFAULT]下添加:
dns_domain = yonyouiuap.com.
重启所有centos-source-neutron-dhcp-agent服务
参考: http://jqjiang.com/openstack/openstack_kolla/
https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html
http://www.jinkit.com/openstack-dockerized/
