利用kolla快速搭建openstack-pike多节点

技术分享 Story 66浏览 0评论
摘要

利用kolla快速搭建openstack-pike多节点

准备工作

系统:Centos7

服务器:两台 物理机

配置:内存:188GB | 硬盘: 19T  | CPU: 39 core

部署步骤:

  • 环境准备:

更改主机名,此处有个坑,之前装时设置的域名是:openstack-master1-iuap-idc-yycloud.yonyouiuap.com, 结果导致rabbitmq服务启不来,网上查的是有两个原因,  一个可能是端口被占用, 另一个是主机名设置的问题, 此处设置为短名, openstack1和openstack2:

hostnamectl set-hostname openstack1.yonyouiuap.com

网络配置:

网卡一, 用于openstack自身容器服务及VIP对外服务:

 
HWADDR=6C:92:BF:4A:36:4C
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno1
UUID=951a1ef0-bee5-477f-8f3f-4ada0b1e0a9b
ONBOOT=yes
IPADDR=172.x.x.128
PREFIX=24
GATEWAY=172.x.x.1
DNS1=10.x.x.14
DNS2=10.x.x.15

网卡二, 用于在openstack上跑的云主机对外访问和远程访问云主机, 不用配置IP地址:

HWADDR=6C:92:BF:4A:36:4D
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=no
PEERDNS=yes
PEERROUTES=no
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno2
UUID=1890c055-f6bd-47d0-83ee-dddffdcf544f
ONBOOT=yes

安装NTP服务

CentOS系统

$ yum install -y chrony
配置NTP服务:
$ \cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
$ vim /etc/chrony.conf
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst
#重启NTP服务:
$ systemctl enable chronyd.service
$ systemctl restart chronyd.service

在所有节点配置hosts文件:

[root@openstack1 lokolla]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 
172.20.23.128 openstack1.yonyouiuap.com openstack1
172.20.23.129 openstack2.yonyouiuap.com openstack2
172.20.23.191 openstack3.yonyouiuap.com openstack3
172.20.23.193 openstack4.yonyouiuap.com openstack4
172.20.23.195 openstack5.yonyouiuap.com openstack5
所有节点关闭防火墙
salt "*" cmd.run "systemctl stop firewalld" salt "*" cmd.run "systemctl disable firewalld"
所有节点关闭selinux并重启
[root@master1 yum.repos.d]# cat /etc/selinux/config |grep -v ^#|awk NF SELINUX=disabled  SELINUXTYPE=targeted
所有节点关闭NetworkManager
salt "*" cmd.run "systemctl stop NetworkManager" salt "*" cmd.run "systemctl disable NetworkManager"
所有节点关闭libvirted
salt "*" cmd.run "systemctl stop libvirtd.service" salt "*" cmd.run "systemctl disable libvirtd.service"
所有节点加载rbd模块
salt "*" cmd.run "modprobe rbd" salt "*" cmd.run "lsmod|grep rbd"

在所有节点配置ssh密钥互通:

ssh-keygen
ssh-copy-id root@172.x.x.128
 

安装docker基础配置:

[root@openstack1 ~]# cat /etc/sysconfig/selinux | grep -i '^selinux='
SELINUX=disabled
[root@openstack1 ~]# setenforce 0
[root@openstack1 ~]# systemctl stop firewalld
[root@openstack1 ~]# systemctl disable firewalld
##关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
 
[root@openstack1 ~]# yum install epel-release
##安装系统中常用的必要组件
[root@openstack1 ~]# yum install -y tree net-tools bind-utils tree sysstat vim-en* \
lrzsz NetworkManager-tui ntp ntpdate iftop tcpdump telnet traceroute python-devel \
libffi-devel gcc openssl-devel git python-setuptools
[root@openstack1 ~]# curl -sSL https://get.docker.io | bash //注:这条命令安装的是最新版的docker,会默认下载docker源
# 或者选择yum安装方式:
[root@openstack1 ~]# tee /etc/yum.repos.d/docker.repo << 'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
[root@openstack1 ~]# yum install -y docker-engine
[root@openstack1 ~]# mkdir -p /etc/systemd/system/docker.service.d
[root@openstack1 ~]# tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
[Service]
MountFlags=shared
#EnvironmentFile=/etc/sysconfig/docker
ExecStart=
ExecStart=/usr/bin/dockerd --insecure-registry 0.0.0.0/0
EOF
[root@openstack1 ~]# systemctl daemon-reload
[root@openstack1 ~]# systemctl restart docker
[root@openstack1 ~]# systemctl enable docker.service
[root@openstack1 ~]# pip install --upgrade pip
[root@openstack1 ~]# pip install -U docker #安装Docker Python服务
[root@openstack1 ~]# pip install kolla ##安装kolla
[root@openstack1 ~]# pip install kolla-ansible #安装Kolla Ansible服务
 

拷贝配置文件

 
$ cp -r /usr/share/kolla-ansible/etc_examples/kolla /etc/kolla
$ mkdir -p /openstack/kolla-deploy
$ cp /usr/share/kolla-ansible/ansible/inventory/* /openstack/kolla-deploy/

生成密码

 
##生成密码,更改的配置文件为/etc/kolla/passwords.yml;
$ kolla-genpwd
##自定密码:
$ vim /etc/kolla/passwords.yml
keystone_admin_password: admin

下载build好的镜像,建立私有仓库,这里,下载使用Kolla社区的pike版本镜像(免去在本地环境docker build的过程,

大大加快安装时间)。Ocata版本是4.0.3, pike版本是5.0.1, 事实证明Ocata版本有Bug, 

装完后会导致centos-source-cinder-api和centos-source-fluentd两个容器启动失败。

[root@openstack1 ~]# wget http://tarballs.openstack.org/kolla/images/centos-source-registry-pike.tar.gz
[root@openstack1 ~]# docker load -i centos-source-registry-pike.tar.gz&nbsp;
[root@openstack1 ~]# mkdir /opt/registry
[root@openstack1 ~]# tar -xf centos-source-registry-ocata.tar.gz -C /opt/registry/
[root@openstack1 ~]# docker run -d -v /opt/registry:/var/lib/registry -p 4000:5000 --restart=always --name registry registry:2&nbsp;
## /opt/registry是宿主机的目录,默认docker的registry是使用5000端口,对于OpenStack来说,有端口冲突,所以改成4000
[root@openstack1 ~]# curl http://127.0.0.1:4000/v2/_catalog #可以通过curl来访问验证本地Registry是否正常,检查镜像解压到regisrty是否有效
仓库里面存在的镜像
查看该镜像的 tag
curl - XGET http : //127.0.0.1:4000/v2/kolla/centos-binary-nova-compute/tags/list

如果是在虚拟机里装kolla,希望可以虚拟机中再启动云主机,那么你需要把virt_type=qemu

 
# egrep -c '(vmx|svm)' /proc/cpuinfo
# mkdir -p /etc/kolla/config/nova //服务器默认就是kvm,无需操作该步骤。
cat << EOF > /etc/kolla/config/nova/nova-compute.conf
[libvirt]
virt_type=qemu
cpu_mode = none
EOF

配置Kolla

下面是我的配置,此处要注意,kolla_internal_vip_address是配置的没有使用的IP,如果配置的IP已经被使用的话会报错 :

 
[root@openstack1 ~]# grep -v  ^# /etc/kolla/globals.yml |grep -v ^$
---
kolla_base_distro: "centos"
kolla_install_type: "source"
openstack_release: "5.0.1"
kolla_internal_vip_address: "172.x.x.132"
kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
docker_registry: "172.x.x.128:4000"
docker_namespace: "lokolla"
network_interface: "eno1"
api_interface: "{{ network_interface }}"
storage_interface: "{{ network_interface }}"
cluster_interface: "{{ network_interface }}"
tunnel_interface: "{{ network_interface }}"
neutron_external_interface: "eno2"
keepalived_virtual_router_id: "200"
openstack_logging_debug: "True"
enable_ceilometer: "yes"
enable_central_logging: "yes"
enable_ceph: "yes"
enable_ceph_rgw: "yes"
enable_chrony: "yes"
enable_cinder: "yes"
enable_gnocchi: "yes"
enable_grafana: "yes"
enable_haproxy: "yes"
enable_mongodb: "yes"
enable_neutron_lbaas: "yes"
enable_neutron_fwaas: "yes"
enable_neutron_qos: "yes"
enable_neutron_agent_ha: "yes"
ceph_enable_cache: "yes"
ceph_cache_mode: "writeback"
enable_ceph_rgw_keystone: "yes"
glance_backend_file: "no"
glance_backend_ceph: "yes"
cinder_backend_ceph: "{{ enable_ceph }}"
designate_backend: "bind9"
designate_ns_record: "sample.openstack.org"
nova_backend_ceph: "{{ enable_ceph }}"
tempest_image_id:
tempest_flavor_ref_id:
tempest_public_network_id:
tempest_floating_network_name:

定义节点cat multinode:

 
[control]
openstack1
openstack2
openstack3
 
[network]
openstack1
openstack2
openstack3
 
[compute]
openstack1
openstack2
openstack3
openstack4
openstack5
 
[monitoring]
openstack1
openstack2
openstack3
 
[storage]
openstack1
openstack2
openstack3
openstack4
openstack5
 
 
[deployment]
openstack1       ansible_connection=local

准备ceph磁盘

在2台虚拟机的节点上,除去系统盘还有有其它2块硬盘,sdb、sdc

这里我们将sdb做为osd节点,sdc为日志节点。Kolla对ceph的osd及日志盘的识别是通过卷标来实现的,

如osd的卷标为KOLLA_CEPH_OSD_BOOTSTRAP,

journal的卷标为KOLLA_CEPH_OSD_BOOTSTRAP_J

因为有三块盘,分别是sda, sdb, sdc,sda是系统盘, sdb做osd盘, sdc做journal盘

格式化所有osd的磁盘,这里我们用ansible统一执行

# ansible -i multinode all -m shell -a 'parted /dev/sdb -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP 1 -1'

格式所有journal的盘

# ansible -i multinode all -m shell -a 'parted /dev/sdc -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_J 1 -1'

下面是我用的初始化ceph磁盘的脚本,(openstack1和openstack2有两块磁盘, 分别是sdb和sdc(SSD), 

其它3台openstack[3-5]分别有6块sata盘, 一块SSD盘):

 
#!/bin/bash
 
salt 'openstack[1-2]' cmd.run 'parted /dev/sdb -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDB 1 -1'
salt 'openstack[1-2]' cmd.run 'parted /dev/sdc -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDB_J 1 -1'
 
#data
salt 'openstack[3-5]' cmd.run 'parted /dev/sdc -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDC 1 -1'
 
salt 'openstack[3-5]' cmd.run 'parted /dev/sdd -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDD 1 -1'
 
salt 'openstack[3-5]' cmd.run 'parted /dev/sde -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDE 1 -1'
 
salt 'openstack[3-5]' cmd.run 'parted /dev/sdf -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDF 1 -1'
 
salt 'openstack[3-5]' cmd.run 'parted /dev/sdg -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDG 1 -1'
 
salt 'openstack[3-5]' cmd.run 'parted /dev/sdh -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDH 1 -1'
 
#journal
salt 'openstack[3-5]' cmd.run 'parted /dev/sdb -s mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDC_J 0% 16% \
 
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDD_J 16% 32% \
 
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDE_J 32% 48% \
 
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDF_J 48% 64% \
 
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDG_J 64% 80% \
 
-s mkpart KOLLA_CEPH_OSD_BOOTSTRAP_SDH_J 80% 100%'

新建/etc/kolla/config/ceph.conf,指定ceph的一些参数,如副本数:

[root@openstack1 lokolla]# cat /etc/kolla/config/ceph.conf
[global]
osd pool default size = 3
osd pool default min size = 2

开始安装

kolla自动检查配置基础环境:

kolla-ansible -i /opt/ansible/multinode bootstrap-servers

验证目标节点是否满足部署要求:

$ kolla-ansible prechecks -i /openstack/kolla-deploy/multinode

没有报错直接进行安装:

kolla-ansible deploy -i /openstack/kolla-deploy/multinode -vvvv

 

生成环境变量文件

  • 生成的脚本的路径:/etc/kolla/admin-openrc.sh
$ kolla-ansible post-deploy -i /openstack/kolla-deploy/multinode
文件路径为
/etc/kolla/admin-openrc.sh
 
$ cp /etc/kolla/admin-openrc.sh /root/
$ source /root/admin-openrc.sh

 

文件路径为

/etc/kolla/admin-openrc.sh
cp /etc/kolla/admin-openrc.sh /root/
source /root/admin-openrc.sh

安装OpenStackClient

$ pip install -U python-openstackclient
$ pip install python-neutronclient

 

生成网络, 利用自动生成脚本(一个测试脚本,自动下载镜像,上传,创建网络,创建路由器……):

vim /usr/share/kolla-ansible/init-runonce
按实际修改如下配置, 主要是修改external网络:
IMAGE_URL=http://download.cirros-cloud.net/0.3.5/
IMAGE=cirros-0.3.5-x86_64-disk.img
IMAGE_NAME=cirros
IMAGE_TYPE=linux
EXT_NET_CIDR='172.x.x.0/24'
EXT_NET_RANGE='start=172.x.x.133,end=172.x.x.180'
EXT_NET_GATEWAY='172.x.x.1'

 

Error处理:

1. Docker Py

  • 问题:Error: 'module' object has no attribute 'Client'
  • 解决方法: Docker-Py版本的问题, 从2.0版本开始由Client更新为APIClient
$ pip uninstall docker
$ pip uninstall docker-py
$ pip install -U docker

 

部署技巧:

1)如果,在部署过程中失败了,亦或是变更了配置信息,需要重新部署,则先执行如下命令,清除掉已部署的Docker容器,即OpenStack服务。

kolla-ansible destroy -i /openstack/kolla-deploy/multinode --yes-i-really-really-mean-it

2)除此外,还有一些小工具,在自己需要时,可以使用。

  • kolla-ansible prechecks:在执行部署命令之前,先检查环境是否正确;
  • tools/cleanup-containers:可用于从系统中移除部署的容器;
  • tools/cleanup-host:可用于移除由于网络变化引发的Docker启动的neutron-agents主机;
  • tools/cleanup-images:可用于从本地缓存中移除所有的docker image。

最后,可以使用docker ps –a命令查看到OpenStack 所有服务的容器。

2. No valid host was found. there are not enough hosts available.

创建虚机时报上面的错, 查看Log(nova-placement-api.log),log目录在宿主机/var/lib/docker/volumes/kolla_logs/_data/:

: libvirtError: internal error: qemu unexpectedly closed the monitor: 2017-11-10T14:18:30.341372Z qemu-kvm: -chardev pty,id=charserial0,logfile=/var/lib/nova/instances/80f7f03e-7b9c-47aa-912f-08279c92d41e/console.log,logappend=off: Unable to open logfile /var/lib/nova/instances/80f7f03e-7b9c-47aa-912f-08279c92d41e/console.log: Permission denied

参考这篇文章: https://computingforgeeks.com/permission-denied-while-starting-instance-in-openstack/

配置文件中增加以下内容:

 
cat /etc/kolla/nova-libvirt/qemu.conf
stdio_handler = "file"
user="nova"
group="nova"
dynamic_ownership =1

重启centos-source-nova-libvirt容器, 问题解决.

1. 用kolla安装openstack的N版,如果多节点部署,而且lbaas enble,则出现neutron_server一直是Restarting的状态,

看日志的报错是:ImportError: Plugin ‘neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2’ not found

解决思路:创建的neutorn-server的没有neutron-lbaas代码,neutron-base镜像里面应该也没有neutron-lbaas代码,

解决方法:

pass

2. 进入horizon后不能使用yum,运行yum的任何命令都卡死

解决思路:

yum也是用python写的,自己调试也比较得心应手,所以先调试了一会,发现是不能读取配置,在网上查询说可能是数据库连接不到,

重建数据库就好

解决方法:

rm -rf /var/lib/rpm/__db.00*

rpm -rebuilddb

3. 如果修改kolla部署的docker容器里面的配置文件,如horizon.conf,重启docker后文件还会变回原来的

解决思路:

应该是重启docker容器会从指定位置拷贝配置文件

解决方法:

docker重启会从/etc/kolla重新拷贝,如horizon容器,需要去宿主机的/etc/kolla/horizon里面修改,此目录下有三个文件config.json  horizon.conf  local_settings,其中config.json会指定重启docker都拷贝哪些文件

4.precheck时报错:

ERROR! Unexpected Exception, this is probably a bug: {{ neutron_tenant_network_types.replace(‘ ‘, ”).split(‘,’) | reject(‘equalto’, ”) | list }}: no test named ‘equalto’

分析:是jinja2版本的低问题,如下是版本信息:

[root@openstack1 ~]# pip show jinja2
Name: Jinja2
Version: 2.9.6
Summary: A small but fast and easy to use stand-alone template engine written in pure python.
Home-page: http://jinja.pocoo.org/
Author: Armin Ronacher
Author-email: armin.ronacher@active-4.com
License: BSD
Location: /usr/lib/python2.7/site-packages
Requires: MarkupSafe

 

解决,升级jinja2版本:

pip install https://github.com/pallets/jinja/zipball/master
 
再检查版本:
[root@openstack2 ~]# pip show jinja2
Name: Jinja2
Version: 2.11.dev0
Summary: A small but fast and easy to use stand-alone template engine written in pure python.
Home-page: http://jinja.pocoo.org/
Author: Armin Ronacher
Author-email: armin.ronacher@active-4.com
License: BSD
Location: /usr/lib/python2.7/site-packages
Requires: MarkupSafe

 

错误:No module named ‘requests.packages.urllib3

解决方法:参考http://www.niuhp.com/,

经查阅各种资料发现主要是 requests 和 urllib3 的问题,而 requests 的版本需要为 2.6.0,因此我们需要按照如下方式安装

pip install --upgrade --force-reinstall 'requests==2.6.0' urllib3

 

错误: TASK [ceph : Fetching Ceph keyrings] *******************************************

fatal: [controller01]: FAILED! => {“failed”: true, “msg”: “The conditional check ‘{{ (ceph_files_json.stdout | from_json).changed }}’ failed. The error was: No JSON object could be decoded”

参考:http://wangyaohua.cn/wordpress/?p=805

原因如下:

在我删除容器和镜像,并且清除了相关硬盘后,kolla生成的相关volume是没有删除的。其还存在于/var/lib/docker/volume下,而我之后的kolla-ansible destroy 会删除相关的容器,并根据删除的容器删除相关的卷。但是这些容器已经被我提前删完了,所以这volume是没有删除的。因此当再次构建kolla时,这些已经存在的volume会阻止ceph_mon的启动,会导致上述错误Ceph keyring无法获取而产生的一些错误。因此 删除掉docker volume ls下的卷。再次部署就能够成功的解决问题

删除卷:

docker volume rm $(docker volume ls -f dangling=true -q)

rabbitmq集群报错:

Slogan: Kernel pid terminated (application_controller)
({application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,
{shutdown,{failed_to_start_child,net_kernel,{'EXIT',nodistribution}}}}},{k

 

解决:

修改用户数限制:

vim /etc/security/limits.conf
*              soft     nofile          65536
*              hard     nofile          65536
 
ulimit -n

 

echo "fs.file-max = 10000000" >> /etc/sysctl.conf
sysctl -p

 

虚拟机中测试kolla

需要注意的是如果是在虚拟机中测试kolla需要在宿主机上修改nova-compute的配置文件 为virt_type=qemu不然默认用的是kvm,会造成创建云主机失败。

vim /etc/kolla/nova-compute/nova.conf

新建/etc/kolla/config/nova.conf

[libvirt]

virt_type=qemu

重启这个容器。

docker restart nova_compute

openstack 服务配置的修改

# kolla-ansible -i multinode reconfigure

最终命令执行完,配置修改完毕。

注意。ESXi的虚拟机端口组要把混杂模式和伪传输打开,不然后br-ex的网络出不去

 

修改创建虚机时自动生成的novalocal的主机名为自定义主机名:

编辑/etc/kolla/nova-api/nova.conf, 在[DEFAULT]下添加:

dhcp_domain = yonyouiuap.com

重启nova-api服务

 

修改resolv.conf的默认search域:

编辑/etc/kolla/neutron-dhcp-agent/neutron.conf, 在[DEFAULT]下添加:

dns_domain = yonyouiuap.com.

重启所有centos-source-neutron-dhcp-agent服务

 

参考: http://jqjiang.com/openstack/openstack_kolla/

https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html

http://www.jinkit.com/openstack-dockerized/

 

转载请注明:成长的对话 » 利用kolla快速搭建openstack-pike多节点