Operating Kolla – https://docs.openstack.org/kolla-ansible/latest/user/operating-kolla.html
Advanced Config – https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration.html
Docker Image Repo: Probably deploy one of these because the images are fairly large.
NOTE: firewalld & NetworkManager should be removed. Docker plays nice with selinux and everything works reliably. You CAN use firewalld but you will have to open up ports on the outside manually and is outside the scope of kolla.
Deployment Tools Installation:
Deploying OpenStack via Ansible is the new preferred method. This process is loose and changes every release, so heres what I have so far to deploy Rocky release successfully.
yum install epel-release -y
yum install ansible python-pip python-virtualenv python-devel libffi-devel gcc openssl-devel libselinux-python -y
curl -sSL https://get.docker.io | bash
mkdir -p /etc/systemd/system/docker.service.d
tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
systemctl restart docker
systemctl enable docker
virtualenv --system-site-packages /opt/openstack/
pip install -U pip
#Install kolla-ansible for our release
pip install --upgrade kolla-ansible==7.0.0
pip install decorators python-openstackclient selinux python-ironic-inspector-client
cp -r /opt/openstack/share/kolla-ansible/etc_examples/kolla /etc/
cp -r /opt/openstack/share/kolla-ansible/ansible/inventory/* ~
echo "ansible_python_interpreter: /opt/openstack/bin/python" >> /etc/kolla/globals.yml
As of now kolla only supports config overrides for ini based configs. An operator can change the location where custom config files are read from by editing /etc/kolla/globals.ymland adding the following line.
# The directory to merge custom config files the kolla's config files
Kolla allows the operator to override configuration of services. Kolla will look for a file in /etc/kolla/config/<< service name >>/<< config file >>. This can be done per-project, per-service or per-service-on-specified-host. For example to override scheduler_max_attempts in nova scheduler, the operator needs to create /etc/kolla/config/nova/nova-scheduler.conf with content:
Ironic Kolla Configs:
Ironic needs an initramfs and kernel to boot the install image. Need to build some images with openstack Image Builder. Below is just the centos installer images.. these are not what you need. 🙂
mkdir /etc/kolla/config/ironic/ -p
wget http://mirror.beyondhosting.net/centos/7.5.1804/os/x86_64/isolinux/initrd.img -O /etc/kolla/config/ironic/ironic-agent.initramfs
wget http://mirror.beyondhosting.net/centos/7.5.1804/os/x86_64/isolinux/vmlinuz -O /etc/kolla/config/ironic/ironic-agent.kernel
Openstack Client Configuration:
Grab your keystone admin password from /etc/kolla/passwords.yml
kolla-ansible -i vbstack post-deploy
cat /etc/kolla/passwords.yml | grep keystone_admin_password
The following lines can be omitted
Run ansible to configure your servers. This assumes you already created your ansible host env layout.
Running your deployment
The next steps are to run an actual deployment and create all the containers ect.
Some critical pieces in /etc/kolla/globals.yml:
Redeploy changes for specific services. When you need to make 1 change to a service that will not require the restart of other services, you can specify it directly to reduce the runtime of ansible.
kolla-ansible -i inventory-config -t nova reconfigure
Tips and Tricks¶
Kolla ships with several utilities intended to facilitate ease of operation.
/usr/share/kolla-ansible/tools/cleanup-containers is used to remove deployed containers from the system. This can be useful when you want to do a new clean deployment. It will preserve the registry and the locally built images in the registry, but will remove all running Kolla containers from the local Docker daemon. It also removes the named volumes.
/usr/share/kolla-ansible/tools/cleanup-host is used to remove remnants of network changes triggered on the Docker host when the neutron-agents containers are launched. This can be useful when you want to do a new clean deployment, particularly one changing the network topology.
/usr/share/kolla-ansible/tools/cleanup-images --all is used to remove all Docker images built by Kolla from the local Docker cache.
kolla-ansible -i INVENTORY deploy is used to deploy and start all Kolla containers.
kolla-ansible -i INVENTORY destroy is used to clean up containers and volumes in the cluster.
kolla-ansible -i INVENTORY mariadb_recovery is used to recover a completely stopped mariadb cluster.
kolla-ansible -i INVENTORY prechecks is used to check if all requirements are meet before deploy for each of the OpenStack services.
kolla-ansible -i INVENTORY post-deploy is used to do post deploy on deploy node to get the admin openrc file.
kolla-ansible -i INVENTORY pull is used to pull all images for containers.
kolla-ansible -i INVENTORY reconfigure is used to reconfigure OpenStack service.
kolla-ansible -i INVENTORY upgrade is used to upgrades existing OpenStack Environment.
kolla-ansible -i INVENTORY check is used to do post-deployment smoke t
- List all containers (only IDs) docker ps -aq.
- Stop all running containers. docker stop $(docker ps -aq)
- Remove all containers. docker rm $(docker ps -aq)
- Remove all images. docker rmi $(docker images -q)
ca_01.pem – this refers to your CA certificate pem file. AKA intermediate certificate?
openssl req -newkey rsa:2048 -nodes -keyout client.key -out client.csr
openssl ca -in client.csr -days 1000 -out client-.pem -batch