Ansible Openstack
Document Under Construction
This document is very unfinished and should NOT be followed by anyone for deployment at this time.
Purpose: Deploying OpenStack via Ansible.
Required Hardware/Infrastructure Breakdown¶
Every node in the OpenStack environment (including the deployment node) will be running Rocky Linux 9.5, as OpenStack Ansible only supports CentOS/RHEL/Rocky for its deployment.
| Hostname | IP | Storage | Memory | CPU | Network | Purpose |
|---|---|---|---|---|---|---|
| OPENSTACK-BOOTSTRAPPER | 192.168.3.46 (eth0) | 32GB (OS) | 4GB | 4-Cores | eth0 | OpenStack Ansible Playbook Deployment Node |
| OPENSTACK-NODE-01 | 192.168.3.43 (eth0) | 250GB (OS), 500GB (Ceph Storage) | 32GB | 16-Cores | eth0, eth1 | OpenStack Cluster/Target Node |
| OPENSTACK-NODE-02 | 192.168.3.44 (eth0) | 250GB (OS), 500GB (Ceph Storage) | 32GB | 16-Cores | eth0, eth1 | OpenStack Cluster/Target Node |
| OPENSTACK-NODE-03 | 192.168.3.45 (eth0) | 250GB (OS), 500GB (Ceph Storage) | 32GB | 16-Cores | eth0, eth1 | OpenStack Cluster/Target Node |
Configure Hard-Coded DNS for Cluster Nodes¶
We want to ensure everything works even if the nodes have no internet access. By hardcoding the FQDNs, this protects us against several possible stupid situations.
Run the following script to add the DNS entries.
Run sudo su Separately
When I ran sudo su and the echo commands below as one block of commands, it did not correctly write the changes to the /etc/hosts file. Just run sudo su by itself, then you can copy paste the codeblock below for all of the echo lines for each DNS entry.
# Add the OpenStack node entries to /etc/hosts
echo "192.168.3.43 OPENSTACK-NODE-01.bunny-lab.io OPENSTACK-NODE-01" >> /etc/hosts
echo "192.168.3.44 OPENSTACK-NODE-02.bunny-lab.io OPENSTACK-NODE-02" >> /etc/hosts
echo "192.168.3.45 OPENSTACK-NODE-03.bunny-lab.io OPENSTACK-NODE-03" >> /etc/hosts
Validate DNS Entries Added¶
/etc/hosts Example Contents
When you run cat /etc/hosts, you should see output similar to the following:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.3.43 OPENSTACK-NODE-01.bunny-lab.io OPENSTACK-NODE-01
192.168.3.44 OPENSTACK-NODE-02.bunny-lab.io OPENSTACK-NODE-02
192.168.3.45 OPENSTACK-NODE-03.bunny-lab.io OPENSTACK-NODE-03
OpenStack Deployment Node¶
The "Deployment" node / bootstrapper is responsible for running Ansible playbooks against the cluster nodes that will eventually be running OpenStack. Original Deployment Node Documentation
Install Necessary Software¶
sudo su
dnf upgrade
dnf install -y git chrony openssh-server python3-devel sudo
dnf group install -y "Development Tools"
Configure SSH keys¶
Ansible uses SSH with public key authentication to connect the deployment host and target hosts. Run the following commands to configure this.
Do not run as root
You want to make sure you run these commands as a normal user. (e.g. nicole).
# Generate SSH Keys (Private / Public)
ssh-keygen
# Install Public Key on OpenStack Cluster/Target Nodes
ssh-copy-id -i /home/nicole/.ssh/id_rsa.pub [email protected]
ssh-copy-id -i /home/nicole/.ssh/id_rsa.pub [email protected]
ssh-copy-id -i /home/nicole/.ssh/id_rsa.pub [email protected]
# Validate that SSH Authentication Works Successfully on Each Node
ssh [email protected]
ssh [email protected]
ssh [email protected]
Install the source and dependencies¶
Install the source and dependencies for the deployment host.
sudo su
git clone -b master https://opendev.org/openstack/openstack-ansible /opt/openstack-ansible
cd /opt/openstack-ansible
bash scripts/bootstrap-ansible.sh
Disable Firewalld¶
The firewalld service is enabled on most CentOS systems by default and its default ruleset prevents OpenStack components from communicating properly. Stop the firewalld service and mask it to prevent it from starting.
OpenStack Target Node (⅓)¶
Now we need to get the cluster/target nodes configured so that OpenStack can be deployed into them via the bootstrapper node later. Original Target Node Documentation
Disable SELinux¶
SELinux enabled is not currently supported in OpenStack-Ansible for CentOS/RHEL due to a lack of maintainers for the feature.
Disable Firewalld¶
The firewalld service is enabled on most CentOS systems by default and its default ruleset prevents OpenStack components from communicating properly. Stop the firewalld service and mask it to prevent it from starting.
Install Necessary Software¶
Reduce Kernel Logging¶
Reduce the kernel log level by changing the printk value in your sysctls.
Configure Local Cinder/Ceph Storage (Optional if using iSCSI)¶
At this point, we need to configure /dev/sdb as the local storage for Cinder.
Cannot use /dev/sdb: device is partitioned
You may (in rare cases) see the following error when trying to run pvcreate --metadatasize 2048 /dev/sdb, if that happens, just use lsblk to get the drive of the expected disk. In my example, we want the 500GB disk located at /dev/sda, seen in the example below:
End of Current Documentation
This is the end of where I have currently iterated in my lab and followed-along with the official documentation while generalizing it for my specific lab scenarios. The following link is where I am currently at/stuck and need to revisit at my earliest convenience.