0
点赞
收藏
分享

微信扫一扫

自动化安装openstack

通过ansible自动化安装openstack-victoria

1、准备工作

1.1 实验拓扑

自动化安装openstack_openstack安装

1.2 主机信息

系统版本CentOS8.5

主机名

IP地址1

IP地址2

说明

配置

OpenStack-controller

192.168.0.100

172.16.24.100

控制节点

4核8G

OpenStack-compute1

192.168.0.101

172.16.24.101

计算节点1

4核8G

OpenStack-compute2

192.168.0.102

172.16.24.102

计算节点2

4核8G

OpenStack-compute3

192.168.0.103

172.16.24.103

计算节点3

4核8G

1.3 控制节点准备的软件仓库

控制节点软件仓库设置

[BaseOS]
name=CentOS-$releasever - Base - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/BaseOS/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
 
#released updates 
[AppStream]
name=CentOS-$releasever - AppStream - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/AppStream/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

[PowerTools]
name=CentOS-$releasever - PowerTools - repo.huaweicloud.com
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/PowerTools/$basearch/os/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

[cloud]
name=cloud
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/cloud/$basearch/openstack-victoria/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=cloud&infra=$infra
gpgchecke=1
enbaled=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

[rabbitmq-38]
name=rabbitmq-38
baseurl=https://repo.huaweicloud.com/centos-vault/8.5.2111/messaging/$basearch/rabbitmq-38/
#mirrorlist=https://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=messaging&infra=$infra
gpgchecke=1
enbaled=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

[epel]
name=epel
baseurl=https://repo.huaweicloud.com/epel/8/Everything/$basearch/
gpgchecke=1
enbaled=1
gpgkey=https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official

1.4 hosts文件设置

template/hosts.j2

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.100   controller
192.168.0.101   compute1
192.168.0.102   compute2
192.168.0.103   compute3

1.5 bashrc文件设置

template.bash_temp.j2

# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias ping='ping -c4 -i 0.1'
alias egrep="egrep -v '^#|^$' "
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

export PS1='[\[\033[31m\]\u\[\033[0m\]@\[\033[32m\]\h\[\033[0m\] \[\033[35m\]\w\[\033[0m\]]\$ '

1.6 初始化ansible配置

yum -y install ansible rhel-system-roles
mkdir -p /root/Desktop/ansible/Openstack_ansible
cp -a /usr/share/ansible/roles /root/Desktop/ansible/Openstack_ansible/roles
cd /root/Desktop/ansible/Openstack_ansible
cat > inventory.yml <<END
---
OpenStack-victoria:
  children:
    controller:
      hosts:
        controller:
          ansible_host: 192.168.0.100
          ansible_ssh_password: '1'
          ansible_user: root
          host_name: "OpenStack-controller"
    computes:
      hosts:
        compute1:
          ansible_host: 192.168.0.101
          ansible_ssh_password: '1'
          ansible_user: root
          host_name: "OpenStack-compute1"
        compute2:
          ansible_host: 192.168.0.102
          ansible_ssh_password: '1'
          ansible_user: root
          host_name: "OpenStack-compute2"
        compute3:
          ansible_host: 192.168.0.103
          ansible_ssh_password: '1'
          ansible_user: root
          host_name: "OpenStack-compute3"
END
cat > ansible.cfg <<END
[defaults]
inventory=./inventory.yml
remote_user=root
roles_path=roles
END

1.7 ansible初始化测试

ansible-inventory --graph

@all:
  |--@ungrouped:
  |--@OpenStack-yoga:
  |  |--@controller:
  |  |  |--controller
  |  |--@computes:
  |  |  |--compute1
  |  |  |--compute2
  |  |  |--compute3

ansible-galaxy list

# /root/Desktop/ansible-code/OpenStack-yoga版本自动化安装/roles
- rhel-system-roles.firewall, (unknown version)
- rhel-system-roles.ha_cluster, (unknown version)
- rhel-system-roles.kdump, (unknown version)
- rhel-system-roles.metrics, (unknown version)
- rhel-system-roles.selinux, (unknown version)
- rhel-system-roles.vpn, (unknown version)
- linux-system-roles.metrics, (unknown version)
- linux-system-roles.nbde_client, (unknown version)
- linux-system-roles.nbde_server, (unknown version)
- linux-system-roles.network, (unknown version)
...

1.8 ssh服务初始化(取消指纹)

ssh_auth.yml

---
- name: 初始化配置
  hosts: localhost
  tasks:
    - name: 关闭SSH指纹
      shell: >
        sshpass -p 1 
        ssh -o StrictHostKeyChecking=no root@{{ item }} 
        "sed -i 's/^#.*StrictHostKeyChecking.*/StrictHostKeyChecking no/' /etc/ssh/ssh_config"
      loop:
        - 192.168.0.100
        - 192.168.0.101
        - 192.168.0.102
        - 192.168.0.103

1.9 系统初始化

set_init.yml

---
- name: 初始化配置
  hosts: all
  tasks:
    - name: Set a hostname
      ansible.builtin.hostname:
        name: "{{ host_name }}"

    - name: Remove /etc/yum.repos.d/ file
      ansible.builtin.file:
        path: /etc/yum.repos.d
        state: absent

    - name: Create a directory if it does not exist
      ansible.builtin.file:
        path: /etc/yum.repos.d
        state: directory
        mode: '0755'

    - name: Create a repos file
      ansible.builtin.template:
        src: template/openstack_victoria.repo.j2
        dest: /etc/yum.repos.d/openstack_victoria.repo
        mode: '0644'

    - name: Remove /root/.bashrc file
      ansible.builtin.file:
        path: /root/.bashrc
        state: absent

    - name: set .bashrc
      ansible.builtin.template:
        src: template/bash_temp.j2
        dest: /root/.bashrc
        mode: '0644'

    - name: Remove /etc/hosts
      ansible.builtin.file:
        path: /etc/hosts
        state: absent

    - name: set hosts
      ansible.builtin.template:
        src: template/hosts.j2
        dest: /etc/hosts
        mode: '0644'
    
    - name: 加载rpm key
      rpm_key:
        state: present
        key: https://repo.huaweicloud.com/centos/RPM-GPG-KEY-CentOS-Official
    
    - name: 重新加载yum缓存
      shell: |
        yum makecache

    - name: 安装常用软件
      ansible.builtin.yum:
        name:
          - bash-completion
          - bind-utils
          - net-tools
        state: latest
        
    - name: 安装一个过滤小工具
      ansible.builtin.template:
        src: template/quick_grep.j2
        dest: /usr/local/bin/quick_grep
        setype: bin_t
        mode: 755

模板文件template/quick_grep.j2

# 过滤工具
#!/bin/bash
grep -Ev '^$|^#' $1 > /var/log/temp.txt
cat /var/log/temp.txt > $1

1.10 网络初始化(手动)

192.168.0.0/24这个网段为DHCP自动获取地址,也可以手动设置

nmcli connection modify eth0 ipv4.addresses 192.168.0.100/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yes
nmcli connection modify eth1 ipv4.addresses 172.16.24.100/24 ipv4.method manual connection.autoconnect yes

nmcli connection modify eth0 ipv4.addresses 192.168.0.101/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yes
nmcli connection modify eth1 ipv4.addresses 172.16.24.101/24 ipv4.method manual connection.autoconnect yes

nmcli connection modify eth0 ipv4.addresses 192.168.0.102/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yes
nmcli connection modify eth1 ipv4.addresses 172.16.24.102/24 ipv4.method manual connection.autoconnect yes

nmcli connection modify eth0 ipv4.addresses 192.168.0.103/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yes
nmcli connection modify eth1 ipv4.addresses 172.16.24.103/24 ipv4.method manual connection.autoconnect yes

1.11 网络初始化(ansible)

当存在多块网卡需要配置IP地址的时候,手动方式就显得很蛮烦了,而且一旦数量过多就可能出错,这个时候通过编辑主机变量文件+自动化配置网络role会极大的提高工作效率!

host_vars/controller

---
eth0_ip: 	192.168.0.100/24
eth1_ip: 	172.24.1.100/24

host_vars/node1

---
eth0_ip: 	192.168.0.101/24
eth1_ip: 	172.24.1.101/24

host_vars/node2

---
eth0_ip: 	192.168.0.102/24
eth1_ip: 	172.24.1.102/24

host_vars/node3

---
eth0_ip: 	192.168.0.103/24
eth1_ip: 	172.24.1.103/24

network_init.yml

# 注意:只能指定其他网卡的IP,原因也很简单,如果修改连接网卡IP会导致网络故障,ansible失去连接
---
- name: 设置node1节点eth2单独ip地址
  hosts: all
  vars:
    network_connections:
      - name: eth1
        state: up
        type: ethernet
        interface_name: eth1
        ip:
          dhcp4: no
          auto6: no
          address:
            - "{{ eth1_ip  }}"
  roles:
    - rhel-system-roles.network

1.12 执行ansible

ansible-playbook ssh_auth.yml
ansible-playbook set_init.yml
ansible-playbook network_init.yml

2、OpenStack环境准备

2.1 安全配置

密码变量名

密码

说明

SQL_PASS

49e74247c02bd869eafa

数据库root密码

ADMIN_PASS

6f82d8fe44c25f9cf8ee

admin服务密码

CINDER_DBPASS

df864567e439adea5882

数据库CINDER(块存储)密码

CINDER_PASS

89c966ebcc7d5bfa91e5

CINDER服务密码

DASH_DBPASS

13c2b11fda1b48df489e

Dashboard密码

DEMO_PASS

025e448d0d205969fb24

DEMO服务密码

GLANCE_DBPASS

9686aaab1bc6714fe37f

数据库GLANCE(镜像服务)密码

GLANCE_PASS

4e4fd3eb169ff4eb074c

GLANCE服务密码

KEYSTONE_DBPASS

ff076b3d276f749f54c0

数据库KEYSTONE(认证服务)密码

METADATA_SECRET

762b19300910aea1b774

元数据代理密码

NEUTRON_DBPASS

6f259e345bcf8c0596a1

数据库NEUTRON(网络服务)密码

NEUTRON_PASS

0024c6530c6d010c366b

数据库NEUTRON密码

NOVA_DBPASS

fedeb6d02a53c7aabaff

NOVA(计算服务)服务密码

NOVA_PASS

4a89e97c0967150fafd1

NOVA服务密码(计算服务)

PLACEMENT_PASS

7d2b2d2a08742b8eedb9

Placement服务密码

RABBIT_PASS

4449f6d8a81c7c15c853

RabbitMQ服务密码(消息队列服务)

密码生成方式,以下是一条命令直接复制即可

for i in {SQL_PASS,ADMIN_PASS,CINDER_DBPASS,CINDER_PASS,DASH_DBPASS,DEMO_PASS,GLANCE_DBPASS,GLANCE_PASS,KEYSTONE_DBPASS,METADATA_SECRET,NEUTRON_DBPASS,NEUTRON_PASS,NOVA_DBPASS,NOVA_PASS,PLACEMENT_PASS,RABBIT_PASS}
do echo $i: `openssl rand -hex 10` 
done

2.2 定义密码文件

vars/service_password.yml

---
SQL_PASS: 49e74247c02bd869eafa
ADMIN_PASS: 6f82d8fe44c25f9cf8ee
CINDER_DBPASS: df864567e439adea5882
CINDER_PASS:  89c966ebcc7d5bfa91e5
DASH_DBPASS: 13c2b11fda1b48df489e
DEMO_PASS: 025e448d0d205969fb24
GLANCE_DBPASS: 9686aaab1bc6714fe37f
GLANCE_PASS: 4e4fd3eb169ff4eb074c
KEYSTONE_DBPASS: ff076b3d276f749f54c0
METADATA_SECRET: 762b19300910aea1b774
NEUTRON_DBPASS: 6f259e345bcf8c0596a1
NEUTRON_PASS: 0024c6530c6d010c366b
NOVA_DBPASS: fedeb6d02a53c7aabaff
NOVA_PASS: 4a89e97c0967150fafd1
PLACEMENT_PASS: 7d2b2d2a08742b8eedb9
RABBIT_PASS: 4449f6d8a81c7c15c853

2.3 配置NTP服务器

2.3.1 编辑playbook

要正确地同步节点间的服务,可以安装NTP的实现Chrony服务进行时间同步

# openstack_ntp_controller.yml
---
- name: 控制节点配置NTP服务
  hosts: controller
  tasks:
    - name: 安装软件
      ansible.builtin.yum:
        name:
          - chrony
        state: latest  

    - name: 编辑controller chronyd配置文件
      ansible.builtin.template:
        src: template/chrony.conf_controller.j2
        dest: /etc/chrony.conf
        mode: '0644'

    - name: 开机启动/开启chronyd服务
      ansible.builtin.service:
        name: chronyd
        enabled: yes
        state: started
        
# openstack_ntp_compute.yml
---
- name: 计算节点配置NTP服务
  hosts: computes
  tasks:
    - name: 安装软件
      ansible.builtin.yum:
        name:
          - chrony
        state: latest  

    - name: 编辑compute chronyd配置文件
      ansible.builtin.template:
        src: template/chrony.conf_compute.j2
        dest: /etc/chrony.conf
        mode: '0644'

    - name: 开机启动/开启chronyd服务
      ansible.builtin.service:
        name: chronyd
        enabled: yes
        state: started

2.3.2 准备模板文件

模板文件template/chrony.conf_compute.j2

pool 2.centos.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 0.0.0.0
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony

模板文件template/chrony.conf_controller.j2

pool controller iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 0.0.0.0
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony

2.3.3 执行playbook

ansible-playbook ntp_controller.yml
ansible-playbook ntp_compute.yml

2.3.4 检查NTP是否配置完成

检查命令:chronyc sources

[root@OpenStack-controller ~]# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ ntp7.flashdance.cx            2   6   377    31    -13ms[  -13ms] +/-  187ms
^- time.cloudflare.com           3   6   141    99    +73ms[  +79ms] +/-  174ms
^* localhost                     2   6   377    39  +4831us[  +11ms] +/-   63ms
^- ntp8.flashdance.cx            2   6   277    34  -7506us[-7506us] +/-  186ms
[root@OpenStack-compute1 ~]# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? controller                    0   7     0     -     +0ns[   +0ns] +/-    0ns

2.4 安装openstack软件包

openstack_packages.yml

---
- name: 安装OpenStack软件包
  hosts: all
  tasks:
    - name: 安装软件
      ansible.builtin.yum:
        name:
          - python3-openstackclient
          - openstack-selinux
        state: latest  
        disable_gpg_check: true

2.5 安装数据库

2.5.1 编辑playbook

openstack_mariadb.yml

---
- name: 安装OpenStack软件包
  hosts: controller
  vars_files:
    - vars/service_password.yml
  tasks:
    - name: 安装软件
      ansible.builtin.yum:
        name:
          - mariadb
          - mariadb-server
          # - python2-PyMySQL
          - python3-PyMySQL
        state: latest  
  
    - name: openstack数据库配置文件
      ansible.builtin.template:
        src: template/my.cnf.d/openstack.cnf.j2
        dest: /etc/my.cnf.d/openstack.cnf
        mode: 0644
      vars:
        # bind_address: "{{ ansible_default_ipv4['address'] }}/24"
        # 监听所有IP地址,除非ansible在控制节点上,可以监听一个地址,我ansible在其他主机上……
        bind_address: "*"

    - name: 开机启动/开启mariadb
      ansible.builtin.service:
        name: mariadb
        enabled: yes
        state: started

    - name: 更新mariadb root 密码
      mysql_user:
        name: root
        host_all: yes
        update_password: always
        password: "{{ SQL_PASS }}"

    - name: 身份验证凭据复制到根主目录
      template:
        src: template/my.cnf.d/my.cnf.j2
        dest: /root/.my.cnf
    
    - name: 移除匿名用户登录(anonymous)
      community.mysql.mysql_user:
        login_user: root
        name: ''
        host: localhost
        state: absent

    - name: 移除测试数据库(test)
      mysql_db:
        login_user: root
        name: 'test'
        state: absent

2.5.2 mariadb测试

检查是否存在.my.cnf文件并且能够免密登录mysql

[root@OpenStack-controller ~]# cat .my.cnf 
[client]
user=root
password="49e74247c02bd869eafa"
[root@OpenStack-controller ~]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.28-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> \q
Bye
[root@OpenStack-controller ~]#

2.6 配置消息队列

OpenStack通过消息队列来协调服务之间的操作和状态信息。消息队列服务通常运行在控制节点上。OpenStack支持RabbitMQ、Qpid、ZeroMQ等多种消息队列服务。但是,大多数打包OpenStack的发行版都支持特定的消息队列服务。

openstack_RabbitMQ.yml

---
- name: 配置消息队列
  hosts: controller
  vars_files:
  - vars/service_password.yml
  tasks:
    - name: 安装软件
      ansible.builtin.yum:
        name:
          - rabbitmq-server
        state: latest  
        disable_gpg_check: true

    - name: 开机启动/开启rabbitmq-server
      ansible.builtin.service:
        name: rabbitmq-server
        enabled: yes
        state: started
    
    - name: 添加openstack用户
      shell: |
        rabbitmqctl add_user openstack {{ RABBIT_PASS }};
        rabbitmqctl set_permissions openstack ".*" ".*" ".*"
      ignore_errors: yes

2.7 配置Memcached

服务的身份服务身份验证机制使用Memcached缓存令牌。memcached服务通常运行在控制节点上。

对于生产部署,建议启用防火墙身份验证和加密的组合来保护它。

2.7.1 编辑playbook

openstack_memcache.yml

---
- name: 配置缓存服务
  hosts: controller
  vars_files:
  - vars/service_password.yml
  tasks:
    - name: 安装软件
      ansible.builtin.yum:
        name:
          - memcached
          - python3-memcached
        state: latest  
        disable_gpg_check: true

    - name: 编辑配置文件/etc/sysconfig/memcached 
      ansible.builtin.template:
        src: template/memcached.j2
        dest: /etc/sysconfig/memcached
        mode: 0644

    - name: 开机启动/开启memcached
      ansible.builtin.service:
        name: memcached
        enabled: yes
        state: started

2.7.2 准备模板文件

模板文件template/memcached.j2

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,{{ inventory_hostname }}"

2.8 配置etcd

OpenStack服务可能会使用Etcd,这是一种分布式可靠的key-value存储,用于分布式密钥锁定、存储配置、跟踪服务寿命等场景。

2.8.1 编辑playbook

openstack_etcd.yml

---
- name: 配置etcd服务
  hosts: controller
  vars_files:
  - vars/service_password.yml
  tasks:
  - name: 安装软件
    ansible.builtin.yum:
      name:
        - etcd
      state: latest  
      disable_gpg_check: true
  
  - name: 编辑配置文件/etc/sysconfig/memcached 
    ansible.builtin.template:
      src: template/etcd.conf.j2
      dest: /etc/etcd/etcd.conf
      mode: 0644
    vars:
      controller_ip: "{{ ansible_default_ipv4['address'] }}"

  - name: 开机启动/开启etcd
    ansible.builtin.service:
      name: etcd
      enabled: yes
      state: started

2.8.2 准备模板文件

模板文件template/etcd.conf.j2

#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://{{ controller_ip }}:2380"
ETCD_LISTEN_CLIENT_URLS="http://{{ controller_ip }}:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://{{ controller_ip }}:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://{{ controller_ip }}:2379"
ETCD_INITIAL_CLUSTER="controller=http://{{ controller_ip }}:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

3、安装认证服务

4、安装镜像服务

5、安装计算服务

6、安装网络服务

举报

相关推荐

0 条评论