/openstack-ansible-aio-lab

Build and use TalTech HPC2 OpenStack-Ansible AiO (first in KVM and then on bare metal)

Table of Contents

Build and use an OpenStack-Ansible All-in-One lab

Install the KVM virtualized OpenStack-Ansible All-in-One guest on an Ubuntu 16.04 LTS desktop host

Install KVM on an Ubuntu 16.04 LTS desktop

sudo apt install -y qemu-kvm \
  libvirt-bin \
  cloud-utils \
  virtinst

Reserve IP address on a KVM virtualization host for the osaaioubuntu01 KVM VM

virsh net-update default \
  add ip-dhcp-host \
  "<host mac='52:54:00:99:1b:ae' name='osaaioubuntu01' \
  ip='192.168.122.100' />" \
  --live --config

Create the OSA AiO KVM VM on an Ubuntu 16.04 LTS desktop

cloudimgdom='https://cloud-images.ubuntu.com'
release='bionic'
cloudimg='bionic-server-cloudimg-amd64.img'
sudo wget "$cloudimgdom/$release/current/$cloudimg" \
  -O "/var/lib/libvirt/images/$cloudimg"
sudo qemu-img create \
  -f qcow2 \
  -b /var/lib/libvirt/images/$cloudimg \
  /var/lib/libvirt/images/osaaioubuntu01.qcow2 100G
cat << EOF > /tmp/osaaioubuntu01_cidata
#cloud-config
password: password
chpasswd: { expire: False }
ssh_pwauth: True
hostname: osaaioubuntu01
EOF
sudo cloud-localds /var/lib/libvirt/images/cidata_osaaioubuntu01.img /tmp/osaaioubuntu01_cidata
virt-install --import --name osaaioubuntu01 \
  --ram 12000 \
  --vcpus 8 \
  --disk /var/lib/libvirt/images/osaaioubuntu01.qcow2 \
  --disk /var/lib/libvirt/images/cidata_osaaioubuntu01.img,device=cdrom \
  --network bridge=virbr0,mac=52:54:00:99:1b:ae \
  --graphics vnc,listen=127.0.0.1 \
  --noautoconsole \
  --import \
  --hvm

Enable nested virtualization on a KVM virtualization host for the osaaioubuntu01 KVM VM

# change "cpu mode" like follows
# <cpu mode='host-passthrough'/>
$ virsh edit osaaioubuntu01

Install OpenStack-Ansible All-in-One

ssh-copy-id ubuntu@192.168.122.100
ssh ubuntu@192.168.122.100
  sudo apt update -y && sudo apt upgrade -y
    exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_update_and_upgade
virsh start osaaioubuntu01
ssh ubuntu@192.168.122.100
  sudo su -
    git clone https://git.openstack.org/openstack/openstack-ansible \
      /opt/openstack-ansible
    cd /opt/openstack-ansible
    git tag -l
    #Checkout latest stable version
    git checkout 18.1.0
      exit
        exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_osa_latest_stable_checkout
virsh start osaaioubuntu01
ssh ubuntu@192.168.122.100
  sudo su -
    export ANSIBLE_ROLE_FETCH_MODE=git-clone
    cd /opt/openstack-ansible
    ./scripts/bootstrap-ansible.sh
      exit
        exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_bootstrap_ansible
virsh start osaaioubuntu01
ssh ubuntu@192.168.122.100
  sudo su -
    export ANSIBLE_ROLE_FETCH_MODE=git-clone
    cd /opt/openstack-ansible
    ./scripts/bootstrap-aio.sh
      exit
        exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_bootstrap_aio
virsh start osaaioubuntu01
ssh ubuntu@192.168.122.100
  sudo su -
    export ANSIBLE_ROLE_FETCH_MODE=git-clone
    cd /opt/openstack-ansible/playbooks/
    openstack-ansible setup-hosts.yml
      exit
        exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_setup_hosts
virsh start osaaioubuntu01
ssh ubuntu@192.168.122.100
  sudo su -
    export ANSIBLE_ROLE_FETCH_MODE=git-clone
    cd /opt/openstack-ansible/playbooks/
    openstack-ansible setup-infrastructure.yml
      exit
        exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_setup_infrastructure
virsh start osaaioubuntu01
ssh ubuntu@192.168.122.100
  sudo su -
    export ANSIBLE_ROLE_FETCH_MODE=git-clone
    cd /opt/openstack-ansible/playbooks/
    openstack-ansible setup-openstack.yml
      exit
        exit
virsh shutdown osaaioubuntu01
virsh snapshot-create-as osaaioubuntu01 after_setup_openstack

Install OpenStack-Ansible All-in-One on the FUJITSU PRIMERGY RX300 S8 (ABN:K1457-V101-724)

Hardware

Hostname Model CPU cores Memory Disk Network
osa FUJITSY PRIMERGY RX300 S8 12 (< 120 vCore) 128 2 x 558 2 x Gbit/s and 2 x 10 Gbit/s (SFP+)

Network Addresses

Hostname MAC IP
osa 90:1b:0e:0b:75:8b 193.40.248.32/24

Initial FUJITSY PRIMERGY RX300 S8 setup via IPMI console

FUJITSY PRIMERGY RX300 S8 IPMI console requires Java 8 Update 121 (http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html)

sudo su -
  ip addr del 193.40.248.32/24 dev eno1
  ip link set eno1 master br-vlan
  ip addr add 193.40.248.32/24 dev br-vlan
  ip addr del 172.29.248.100/22 dev br-vlan
  ip route add default via 193.40.248.254

Over the SSH

sudo su -
  lxc-attach -n $(sudo lxc-ls aio1_utility_container)
    source /root/openrc
    openstack port \
      list -f yaml
    - Fixed IP Addresses: ip_address='192.168.74.2', subnet_id='67796d68-a687-4e69-9bc2-fef39956b232'
      ID: 015c5a78-4273-4f22-8af2-5658ad612ad9
      MAC Address: fa:16:3e:44:c8:ab
      Name: ''
      Status: ACTIVE
    - Fixed IP Addresses: ip_address='192.168.74.1', subnet_id='67796d68-a687-4e69-9bc2-fef39956b232'
      ID: 67a6bd7a-ab21-4246-870b-210b4e8c55e3
      MAC Address: fa:16:3e:43:46:cf
      Name: ''
      Status: ACTIVE
    - Fixed IP Addresses: ip_address='172.29.249.113', subnet_id='ec7ceb4c-813c-4a45-a9e9-52b87bae99b5'
      ID: a43e8192-9d59-4f17-a8a7-f852df2263f8
      MAC Address: fa:16:3e:45:ab:56
      Name: ''
      Status: ACTIVE
    - Fixed IP Addresses: ip_address='172.29.249.110', subnet_id='ec7ceb4c-813c-4a45-a9e9-52b87bae99b5'
      ID: d00ced03-674f-4653-9a3d-6659d9e7d0fd
      MAC Address: fa:16:3e:52:4a:52
      Name: ''
      Status: ACTIVE
    openstack port \
      delete d00ced03-674f-4653-9a3d-6659d9e7d0fd
    openstack router \
      unset router --external-gateway
    openstack port \
      list -f yaml
    - Fixed IP Addresses: ip_address='192.168.74.2', subnet_id='67796d68-a687-4e69-9bc2-fef39956b232'
      ID: 015c5a78-4273-4f22-8af2-5658ad612ad9
      MAC Address: fa:16:3e:44:c8:ab
      Name: ''
      Status: ACTIVE
    - Fixed IP Addresses: ip_address='172.29.249.110', subnet_id='ec7ceb4c-813c-4a45-a9e9-52b87bae99b5'
      ID: 643cbf44-f402-4d4e-8b9a-4776d08e2589
      MAC Address: fa:16:3e:57:1d:57
      Name: ''
      Status: ACTIVE
    - Fixed IP Addresses: ip_address='192.168.74.1', subnet_id='67796d68-a687-4e69-9bc2-fef39956b232'
      ID: 67a6bd7a-ab21-4246-870b-210b4e8c55e3
      MAC Address: fa:16:3e:43:46:cf
      Name: ''
      Status: ACTIVE
    openstack port \
      delete 643cbf44-f402-4d4e-8b9a-4776d08e2589
    openstack network \
      delete public
    openstack network \
      create --provider-physical-network flat \
        --provider-network-type flat public --project demo --external
    openstack subnet \
      create --network public \
        --subnet-range 193.40.248.32/28 --gateway 193.40.248.254 --no-dhcp public-subnet
    openstack router set router --external-gateway public
    cat << EOF >> /etc/openstack_deploy/user_variables.yml
    
    
    # User-provided certificates for HAProxy
    haproxy_user_ssl_cert: /etc/openstack_deploy/ssl/osa_ttu_ee.crt
    haproxy_user_ssl_key: /etc/openstack_deploy/ssl/osa_ttu_ee.key
    haproxy_user_ssl_ca_cert: /etc/openstack_deploy/ssl/DigiCertCA.crt
    EOF
    cd /opt/openstack-ansible/playbooks/
    openstack-ansible haproxy-install.yml

ETAIS images and flavors setup

http://images.etais.ee

sudo lxc-attach -n $(sudo lxc-ls aio1_utility_container)
  source /root/openrc
  read images_etais_username
  read images_etais_password
    IMAGENAME="centos7-minimal-1711"
      curl -u ${images_etais_username}:${images_etais_password} \
        -O http://images.opnd.org/${IMAGENAME}.qcow2
      openstack image create "CentOS 7 x86_64" \
        --disk-format qcow2 \
        --min-disk 8 --min-ram 256 \
        --file ${IMAGENAME}.qcow2 \
        --public
    IMAGENAME="centos7-docker-1711"
      curl -u ${images_etais_username}:${images_etais_password} \
        -O http://images.opnd.org/${IMAGENAME}.qcow2
      openstack image create "CentOS 7 Docker Host x86_64" \
        --disk-format qcow2 \
        --min-disk 8 --min-ram 512 \
        --file ${IMAGENAME}.qcow2 \
        --public
    IMAGENAME="ubuntu1604-minimal-20171221"
      curl -u ${images_etais_username}:${images_etais_password} \
        -O http://images.opnd.org/${IMAGENAME}.qcow2
      openstack image create "Ubuntu 16.04 x86_64" \
        --disk-format qcow2 \
        --min-disk 8 --min-ram 512 \
        --file ${IMAGENAME}.qcow2 \
        --public
    IMAGENAME="debian8-minimal-20171223"
      curl -u ${images_etais_username}:${images_etais_password} \
        -O http://images.opnd.org/${IMAGENAME}.qcow2
      openstack image create "Debian 8 x86_64" \
        --disk-format qcow2 \
        --min-disk 8 --min-ram 256 \
        --file ${IMAGENAME}.qcow2 \
        --public
    IMAGENAME="debian9-minimal-20171224"
      curl -u ${images_etais_username}:${images_etais_password} \
        -O http://images.opnd.org/${IMAGENAME}.qcow2
      openstack image create "Debian 9 x86_64" \
        --disk-format qcow2 \
        --min-disk 8 --min-ram 256 \
        --file ${IMAGENAME}.qcow2 \
        --public

Verify

openstack image list

Create VM Flavors in OpenStack

Create the script for adding flavors

 cat << 'EOF' > add-flavor
 #!/bin/bash
 FLAVOR_NAME=$1
 RAM_IN_MB=$2
 ROOT_DISK_IN_GB=$3
 NUMBER_OF_VCPUS=$4
 
 openstack flavor create \
   $FLAVOR_NAME --id auto \
     --ram $RAM_IN_MB --disk $ROOT_DISK_IN_GB --vcpus $NUMBER_OF_VCPUS
 exit 0
 EOF
 chmod 700 add-flavor

Create flavors

source /root/openrc
./add-flavor m1.xsmall 1024 10 1
./add-flavor m1.small 2048 20 1
./add-flavor c1.small 2048 20 2
./add-flavor m1.medium 4096 20 2
./add-flavor c1.medium 4096 20 4
./add-flavor m1.large 8192 20 4
./add-flavor c1.large 8192 20 8
./add-flavor m1.xlarge 16384 20 8
./add-flavor c1.xlarge 16384 20 16
./add-flavor m1.xxlarge 32768 20 16

Verify

openstack flavor list

HOWTOs, tips and tricks

Find Horizon admin user password

sudo grep keystone_auth_admin_password /etc/openstack_deploy/user_secrets.yml
keystone_auth_admin_password: 2231d8957a78d1804c827ba9b5d5cffc4f142370c39e649deba26c2c8e1

Use Openstack-Ansible openstack CLI

sudo lxc-attach -n $(sudo lxc-ls aio1_utility_container)
  source /root/openrc

Use network namespaces

sudo lxc-attach -n $(sudo lxc-ls aio1_neutron_agents_container)
root@aio1-neutron-agents-container-32670885:/# ip netns
qrouter-ca9fc9af-c538-4d90-a800-66bc0d560ec1 (id: 3)
qdhcp-ccf975fd-463b-4b27-9949-9abae843e32d (id: 2)
qdhcp-88f7f240-0895-4050-80fb-605e51f98753 (id: 1)
root@aio1-neutron-agents-container-32670885:/# \
  ip netns exec qrouter-ca9fc9af-c538-4d90-a800-66bc0d560ec1 \
  ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=8.16 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=7.87 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=7.86 ms
^C
--- 8.8.8.8 ping statistics ---

Restart OpenStack-Ansible

As the OSA AiO includes all three cluster members of MariaDB/Galera, the cluster has to be re-initialized after the host is rebooted.

sudo su -
  cd /opt/openstack-ansible/playbooks
  openstack-ansible -e galera_ignore_cluster_state=true galera-install.yml

Customize OpenStack-Ansible

sudo su -
  cat << EOF >> /etc/openstack_deploy/user_variables.yml 
  
  # Set  TMOUT in seconds for sessions
  security_rhel7_session_timeout: 28800
  EOF
  cd /opt/openstack-ansible/playbooks/
  openstack-ansible security-hardening.yml 

Set OpenStack-Ansible project scope

sudo lxc-attach -n $(sudo lxc-ls aio1_utility_container)
cp -i /root/openrc /root/openrc_TTUtunniplaan
sed -i 's/export OS_PROJECT_NAME=admin/export OS_PROJECT_NAME=TTUtunniplaan/' \
  /root/openrc_TTUtunniplaan
sed -i 's/export OS_TENANT_NAME=admin/export OS_TENANT_NAME=TTUtunniplaan/' \
  /root/openrc_TTUtunniplaan
source /root/openrc_TTUtunniplaan

Confirm that project is successfully scoped

openstack token issue -f yaml

Set permanent DNS servers on CentOS instance

echo "supersede domain-name-servers 1.1.1.1, 8.8.8.8;" | \
  sudo tee -a /etc/dhcp/dhclient.conf 

and after VM reboot:

cat /etc/resolv.conf 
; generated by /usr/sbin/dhclient-script
search openstacklocal novalocal
nameserver 1.1.1.1
nameserver 8.8.8.8

OpenStack-Ansible documentation