部署架構(gòu)

可用的操作系統(tǒng)：
Debian11（bullseye）
Ubuntu 22.04或20.04
CentOS Stream 9 或 Rocky Linux 9
系統(tǒng)必備的軟件：
支持公鑰訪問的SSH
Python 3.8.x or 3.10.x
系統(tǒng)語言en_US.UTF-8 as the locale
cpu推薦：硬件輔助虛擬化功能，多核心處理器
磁盤大?。好颗_至少100GB
網(wǎng)絡(luò)推薦：1G或10G網(wǎng)卡；聚合網(wǎng)卡；網(wǎng)卡可以劃分VLAN；Jumbo架構(gòu)（網(wǎng)絡(luò)包攜帶更多數(shù)據(jù)）

機器準備
部署節(jié)點：Rocky linux 9，4C8G+100GB，內(nèi)網(wǎng)ip：192.168.0.10
目標節(jié)點：Rocky linux 9，8C16G+100GB+100GB+100GB，內(nèi)網(wǎng)ip：192.168.0.11+12+13

部署節(jié)點準備

安裝Rocky linux 9

配置rocky

配置靜態(tài)ip

dnf config-manager --enable devel
dnf -y update
dnf install -y network-scripts 
systemctl enable network.service --now
# 禁用NetworkManager
systemctl disable NetworkManager --now

# 靜態(tài)ip(如果這個不會，說明底子太薄，還不適合維護openstack)
vim /etc/sysconfig/network-scripts/ifcfg-enp1s0
-----------------------------------------------
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
UUID=75d44a82-e738-48eb-80d7-0c4f1ee32bf7
IPADDR=192.168.0.10
PREFIX=24
GATEWAY=192.168.0.1

# 重啟網(wǎng)卡
systemctl restart network

生成ssh公鑰，實現(xiàn)deployment機器到其他機器的免密登錄

ssh-keygen -t rsa
# 一路回車，最后生成 ~/.ssh/id_rsa.pub

根據(jù)官方文檔的指示，下載必要包

dnf upgrade
reboot
dnf install git chrony openssh-server python3-devel sudo
dnf group install "Development Tools"
systemctl stop firewalld
systemctl mask firewalld

pip加速

# 創(chuàng)建.pip隱藏目錄
mkdir ~/.pip

# 配置文件加入國內(nèi)源
vim ~/.pip/pip.conf
-------------------------------------------
[global]
index-url = https://pypi.mirrors.ustc.edu.cn/simple/
trusted-host=pypi.tuna.tsinghua.edu.cn
timeout = 120

下載openstack-ansible及其依賴

# 兩個倉庫二選一，克隆openstack-ansible源碼
git clone -b 26.1.2 https://opendev.org/openstack/openstack-ansible /opt/openstack-ansible
git clone -b 26.1.2 https://github.com/openstack/openstack-ansible.git /opt/openstack-ansible

# 安裝依賴
cd /opt/openstack-ansible/
scripts/bootstrap-ansible.sh

最終顯示System is bootstrapped and ready for use.表示成功

目標節(jié)點配置

升級系統(tǒng)包

dnf upgrade

關(guān)閉selinux

systemctl disable firewalld --now
setenforce 0
vim /etc/selinux/config
-----------------------------------------
SELINUX=disabled

安裝軟件包

dnf install iputils lsof openssh-server sudo tcpdump python3

降低內(nèi)核日志打印等級并重啟

echo "kernel.printk='4 1 7 4'" >> /etc/sysctl.conf
reboot

復(fù)制deployment的公鑰到控制節(jié)點。在deployment機器上執(zhí)行以下命令

ssh-copy-id -i ~/.ssh/id_rsa.pub  root@192.168.0.11

創(chuàng)建LVM存儲
OpenStack-Ansible automatically configures LVM on the nodes, and overrides any existing LVM configuration. If you had a customized LVM configuration, edit the generated configuration file as needed.
OpenStack-Ansible會自動在節(jié)點上配置LVM，并覆蓋已有的LVM。如果你想保留已有的LVM配置，請自行修改openstack-ansible里的配置文件。
創(chuàng)建一個名叫cinder-volumes的卷組。

pvcreate --metadatasize 2048 /dev/sdb /dev/sdc
vgcreate cinder-volumes /dev/sdb /dev/sdc

網(wǎng)絡(luò)配置

Host network bridges information?

1. LXC internal: lxcbr0
   The lxcbr0 bridge is required for LXC, but OpenStack-Ansible configures it automatically. It provides external (typically Internet) connectivity to containers with dnsmasq (DHCP/DNS) + NAT.
   This bridge does not directly attach to any physical or logical interfaces on the host because iptables handles connectivity. It attaches to eth0 in each container.
   The container network that the bridge attaches to is configurable in the openstack_user_config.yml file in the provider_networks dictionary.
2. Container management: br-mgmt
   The br-mgmt bridge provides management of and communication between the infrastructure and OpenStack services.
   The bridge attaches to a physical or logical interface, typically a bond0 VLAN subinterface. It also attaches to eth1 in each container.
   The container network interface that the bridge attaches to is configurable in the openstack_user_config.yml file.
3. Storage:br-storage
   The br-storage bridge provides segregated access to Block Storage devices between OpenStack services and Block Storage devices.
   The bridge attaches to a physical or logical interface, typically a bond0 VLAN subinterface. It also attaches to eth2 in each associated container.
   The container network interface that the bridge attaches to is configurable in the openstack_user_config.yml file.
4. OpenStack Networking tunnel: br-vxlan
   The br-vxlan interface is required if the environment is configured to allow projects to create virtual networks using VXLAN. It provides the interface for encapsulated virtual (VXLAN) tunnel network traffic.
   Note that br-vxlan is not required to be a bridge at all, a physical interface or a bond VLAN subinterface can be used directly and will be more efficient. The name br-vxlan is maintained here for consistency in the documentation and example configurations.
   The container network interface it attaches to is configurable in the openstack_user_config.yml file.
5. OpenStack Networking provider: br-vlan
   The br-vlan bridge is provides infrastructure for VLAN tagged or flat (no VLAN tag) networks.
   The bridge attaches to a physical or logical interface, typically bond1. It is not assigned an IP address because it handles only layer 2 connectivity.
   The container network interface that the bridge attaches to is configurable in the openstack_user_config.yml file.
   總結(jié)：
   lxcbr0是自動配置的，用于lxc容器，不會綁定到任何物理網(wǎng)卡，但是會和容器里的eth0接通，相當于大家熟悉的docker0。
   br-mgmt用于openstack各個組件服務(wù)通信，需要綁定到一個物理網(wǎng)口，并和容器里的eth1聯(lián)通。
   br-storage用于塊存儲服務(wù)和對象存儲服務(wù)，需要綁定到一個物理網(wǎng)口，并和容器里的eth2聯(lián)通。
   br-vxlan：為openstack提供vxlan虛擬網(wǎng)絡(luò)功能，可以是網(wǎng)橋、物理網(wǎng)口、網(wǎng)口的子口等形式存在。這個網(wǎng)橋與容器網(wǎng)卡的綁定可以通過openstack_user_config.yml配置
   br-vlan：提供vlan和flat網(wǎng)絡(luò)，需要綁定到一個物理網(wǎng)口，并且不需要分配ip，它提供2層交換功能。這個網(wǎng)橋與容器網(wǎng)卡的綁定可以通過openstack_user_config.yml配置。

rocky linux網(wǎng)卡的創(chuàng)建永久網(wǎng)橋的方法：

# 禁用NetworkManager，啟動Networking服務(wù)
dnf config-manager --enable devel
dnf -y update
dnf install -y network-scripts 
systemctl enable network.service --now
# 禁用NetworkManager
systemctl disable NetworkManager --now

# 物理網(wǎng)卡配置，調(diào)成dhcp模式并橋接到
vim /etc/sysconfig/network-scripts/ifcfg-enp1s0
---------------------------------------------
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes # 網(wǎng)卡開機自啟動
BRIDGE=br-mgmt # 網(wǎng)口橋接到網(wǎng)橋上
BRIDGE=br-storage # 網(wǎng)口橋接到網(wǎng)橋上
BRIDGE=br-vxlan # 網(wǎng)口橋接到網(wǎng)橋上


# br-mgmt網(wǎng)橋配置
vim /etc/sysconfig/network-scripts/ifcfg-br-mgmt
----------------------------------------------------
TYPE="Bridge"
DEVICE="br-mgmt" #網(wǎng)橋的名字
ONBOOT="yes"
BOOTPROTO="static"
IPADDR="192.168.0.11" #網(wǎng)橋的ip地址
NETMASK="255.255.255.0" #網(wǎng)橋所在子網(wǎng)的子網(wǎng)掩碼
GATEWAY="192.168.0.1" #網(wǎng)橋所在子網(wǎng)的網(wǎng)關(guān)

# br-storage網(wǎng)橋配置
vim /etc/sysconfig/network-scripts/ifcfg-br-storage
-------------------------------------------
TYPE="Bridge"
DEVICE="br-storage" #網(wǎng)橋的名字
ONBOOT="yes"
BOOTPROTO="static"
IPADDR="192.168.0.12" #網(wǎng)橋的ip地址
NETMASK="255.255.255.0" #網(wǎng)橋所在子網(wǎng)的子網(wǎng)掩碼
GATEWAY="192.168.0.1" #網(wǎng)橋所在子網(wǎng)的網(wǎng)關(guān)

# br-vxlan網(wǎng)橋配置
vim /etc/sysconfig/network-scripts/ifcfg-br-vxlan
-------------------------------------------
TYPE="Bridge"
DEVICE="br-vxlan" #網(wǎng)橋的名字
ONBOOT="yes"
BOOTPROTO="static"
IPADDR="192.168.0.12" #網(wǎng)橋的ip地址
NETMASK="255.255.255.0" #網(wǎng)橋所在子網(wǎng)的子網(wǎng)掩碼
GATEWAY="192.168.0.1" #網(wǎng)橋所在子網(wǎng)的網(wǎng)關(guān)

# br-vlan網(wǎng)橋配置
vim /etc/sysconfig/network-scripts/ifcfg-br-vlan
-------------------------------------------
TYPE="Bridge"
DEVICE="br-vlan" #網(wǎng)橋的名字
ONBOOT="yes"
BOOTPROTO="none"

部署前配置

cp -R /opt/openstack-ansible/etc/openstack_deploy /etc/
cd /etc/openstack_deploy/
cp openstack_user_config.yml.example  /etc/openstack_deploy/openstack_user_config.yml

# 檢查openstack_user_config.yml


# 檢查user_variables.yml，重點關(guān)注install_method變量，source和distro更關(guān)注distro

# 添加額外服務(wù)etc/openstack_deploy/conf.d

生成密碼文件

cd /opt/openstack-ansible
# ./scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml

運行playbook開始部署

setup-hosts.yml，相當于bootstrap server
setup-infrastructure.yml，安裝memcached、rabbitmq、mysql
setup-openstack.yml，安裝ops服務(wù)
執(zhí)行安裝文章來源地址http://www.zghlxwxcb.cn/news/detail-729881.html

cd /etc/openstack-ansible
openstack-ansible setup-infrastructure.yml --syntax-check

到了這里，關(guān)于openstack-ansible部署zed版本all-in-one的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！