案例准备
1. 规划节点
Ansible服务的节点规划,见表2。
表1 规划节点
| IP | 主机名 | 节点 |
| 192.168.110.11 | ansible | Ansible节点 |
| 192.168.110.10 | controller | Controller控制节点 |
| 192.168.110.20 | compute | Compute计算节点 |
2. 基础准备
使用提供的centos_2009镜像创建三个虚拟机,Ansible节点使用2核/2G内存/100G硬盘;Controller节点使用2核/6G内存/100G硬盘;Compute节点使用2核/6G内存/100G硬盘+30G临时磁盘(用于cinder、swift、placement三个服务的分区,各6G)。节点规划表中的IP地址为作者的IP地址,在进行实操案例的时候,按照自己的环境规划网络与IP地址(虚拟机需要使用两块网卡)。Ansible节点安装好Ansible服务。然后做好Ansible节点对Controller和Compute节点的无秘钥访问操作。
案例实施
1. 环境准备
该实战案例为使用Ansible工具部署一个单控制单计算的OpenStack平台。
(1)配置IP并连接
修改主机名分别为ansible、controller、compute。修改完成后修改ip并连接CRT。
#ansilble
[root@localhost ~]# hostnamectl set-hostname ansible
[root@localhost ~]# bash
[root@ansible ~]
#controller
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# bash
[root@controller ~]#
#compute
[root@localhost ~]# hostnamectl set-hostname compute
[root@localhost ~]# bash
[root@compute ~]#为compute节点添加一个30G的硬盘,需要使用fdisk /dev/sdb命令在第compute节点进行分区,三个大小为10G的分区。
#扫描磁盘接口使添加的硬盘生效
[root@compute ~]# echo "- - -">/sys/class/scsi_host/host0/scan
[root@compute ~]# echo "- - -">/sys/class/scsi_host/host1/scan
[root@compute ~]# echo "- - -">/sys/class/scsi_host/host2/scan
查看:
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 2G 0 part
│ └─centos-swap 253:0 0 2G 0 lvm [SWAP]
└─sda3 8:3 0 93G 0 part /
sdb 8:16 0 30G 0 disk
sr0 11:0 1 4.4G 0 rom
[root@compute ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x934ffdc7.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-62914559, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-62914559, default 62914559): +10G
Partition 1 of type Linux and of size 10 GiB is set
Command (m for help): n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): p
Partition number (2-4, default 2): 2
First sector (20973568-62914559, default 20973568):
Using default value 20973568
Last sector, +sectors or +size{K,M,G} (20973568-62914559, default 62914559): +10G
Partition 2 of type Linux and of size 10 GiB is set
Command (m for help): n
Partition type:
p primary (2 primary, 0 extended, 2 free)
e extended
Select (default p): p
Partition number (3,4, default 3): 3
First sector (41945088-62914559, default 41945088):
Using default value 41945088
Last sector, +sectors or +size{K,M,G} (41945088-62914559, default 62914559):
Using default value 62914559
Partition 3 of type Linux and of size 10 GiB is set
Command (m for help): p
Disk /dev/sdb: 32.2 GB, 32212254720 bytes, 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x934ffdc7
Device Boot Start End Blocks Id System
/dev/sdb1 2048 20973567 10485760 83 Linux
/dev/sdb2 20973568 41945087 10485760 83 Linux
/dev/sdb3 41945088 62914559 10484736 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 2G 0 part
│ └─centos-swap 253:0 0 2G 0 lvm [SWAP]
└─sda3 8:3 0 93G 0 part /
sdb 8:16 0 30G 0 disk
├─sdb1 8:17 0 10G 0 part
├─sdb2 8:18 0 10G 0 part
└─sdb3 8:19 0 10G 0 part
sr0 11:0 1 4.4G 0 rom(2)三个节点分别关闭防火墙
(3)Ansible安装FTP、Ansible服务
在Ansible节点上传CentOS-7-x86_64-DVD-2009.iso、chinaskills_cloud_iaas_v2.0.1.iso、openstack_ansible_train.tar.gz、ansible.tar.gz软件包,配置本地镜像源,安装Ansible服务。把Ansible节点的防火墙和SELinux关闭。
[root@ansible ~]# mkdir /opt/{centos,iaas}
[root@ansible ~]# mount -o loop CentOS-7-x86_64-DVD-2009.iso /opt/centos/
[root@ansible ~]# mount -o loop chinaskills_cloud_iaas_v2.0.1.iso /opt/iaas/
[root@ansible ~]# tar -zxvf ansible.tar.gz -C /opt/
[root@ansible ~]# mv /etc/yum.repos.d/* /home/
[root@ansible ~]# vi /etc/yum.repos.d/ansible.repo
[ansible]
name=ansible
baseurl=file:///opt/ansible
gpgcheck=0
enabled=1
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[root@ansible ~]# yum install vsftpd
[root@ansible ~]# echo "anon_root=/opt" >> /etc/vsftpd/vsftpd.conf
[root@ansible ~]# systemctl restart vsftpd
[root@ansible ~]# setenforce 0
[root@ansible ~]# yum install ansible
(4)配置无秘钥登录
配置Ansible节点无秘钥登录Controller和Compute节点。配置完无秘钥登录后,使用Ansible节点SSH连接测试。(若云主机已是无秘钥访问的,则不用配置无秘钥)
[root@ansible ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:zOl0NDjrN697yRTmHmLXYpj2n4ijS+yxHUS3OhRG3ew root@ansible
The key's randomart image is:
+---[RSA 2048]----+
| .. o |
| o . o |
| o * .. |
| o B +o.E |
| S +=.o |
| = +*.B . |
| *o*O + |
| o =.**. . |
| =o==o.o |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id root@192.168.110.10 //输入密码000000
[root@ansible ~]# ssh-copy-id root@192.168.110.20 //输入密码0000002. 目录结构
(1)项目目录
首先在/opt目录下创建一个项目目录openstack_ansible,命令如下:
[root@ansible ~]# mkdir /opt/openstack_ansible(2)创建角色
在创建roles角色目录之前,考虑将OpenStack云平台的安装步骤拆分为多个roles执行,这样的话,Playbook易于编写和读懂。
安装私有云平台,使用init(基础环境)、mariadb(数据库)、keystone(认证服务)、glance(镜像服务)、placement(资源管理监控)、nova-controller(计算服务)、nova-compute(计算服务)、neutron-controller(网络服务)、neutron-compute(网络服务)、dashboard(界面服务)、cinder-controller(块存储服务)、cinder-compute(块存储服务)、swift-controller(对象存储服务)、swift-compute(对象存储服务)、heat(编排服务)这些roles来完成。下面创建这些roles和相应的项目目录,具体命令如下:
[root@ansible ~]# mkdir -p /opt/openstack_ansible/roles/{init,mariadb,keystone,glance,nova-controller,nova-compute,neutron-controller,neutron-compute,dashboard,cinder-controller,cinder-compute,swift-controller,swift-compute,heat}/{tasks,files,templates,meta,handlers,vars}在每个角色目录下面都有一样的目录,这些目录中的task目录一般是一定会用到的,其他的目录视情况而定来使用。
(可以安装tree来查看目录结构)
(3)创建group_vars目录
在项目目录/opt/openstack_ansible下创建group_vars目录,并在该目录下创建all文件,该目录用来存放变量声明文件all。命令如下:
[root@ansible ~]# cd /opt/openstack_ansible/
[root@ansible openstack_ansible]# mkdir group_vars
[root@ansible openstack_ansible]# cd group_vars/
[root@ansible group_vars]# touch all(4)创建安装入口文件
进入/opt/openstack_ansible目录,创建“install_openstack.yaml”文件,该文件是安装动作的入口文件。命令如下:
[root@ansible openstack_ansible]#cd /opt/openstack_ansible
[root@ansible openstack_ansible]# touch install_openstack.yaml
[root@ansible openstack_ansible]# ll
total 0
drwxr-xr-x. 2 root root 17 Aug 26 21:31 group_vars
-rw-r--r--. 1 root root 0 Aug 26 21:33 install_openstack.yaml
drwxr-xr-x. 10 root root 114 Aug 26 21:18 roles到目前为止,ansible的目录结构与文件创建完毕。接下来对每一个role角色进行剧本的编写。
3. 编写Playbook剧本
配置完成后,如图9所示:
图9 配置完成结果
(1)init角色
该角色执行的任务是用来部署Controller节点和Compute的基础环境,包括配置Yum源,安装iaas-xiandian脚本,安装iaas-pre-host脚本。在roles/init/tasks目录下,创建main.yaml文件,按“i”建进入编辑模式进行配置,按ESC键输入:wq保存退出,文件的内容如下:
[root@ansible ~]# vi /opt/openstack_ansible/roles/init/tasks/main.yaml
- name: move repos
shell: mv /etc/yum.repos.d/* /media
- name: create local.repo
copy: src=local.repo dest=/etc/yum.repos.d/
- name: install openstack-iaas
yum: name=openstack-iaas state=present
- name: openrc.sh
template: src=openrc.sh.j2 dest=/etc/openstack/openrc.sh
- name: install pre-host
shell: iaas-pre-host.sh该剧本用到了copy和template模块,copy模块使用的文件及镜像包,放入tasks同级目录的files目录下;template模块使用的Jinja2文件,放入tasks同级目录的templates目录下。
在该init角色剧本中,创建local.repo文件到init/files目录下,创建openrc.sh.j2文件至init/templates目录下。下面贴出local.repo和host.j2的文件内容:
local.repo内容:
[root@ansible opt]# vi /opt/openstack_ansible/roles/init/files/local.repo
[centos]
name=centos
baseurl=ftp://192.168.110.11/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://192.168.110.11/iaas/iaas-repo
gpgcheck=0
enabled=1openrc.sh.j2内容如下:
[root@ansible opt]# vi /opt/openstack_ansible/roles/init/templates/openrc.sh.j2
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP={{controller_ip}}
#Controller HOST Password. example:000000
HOST_PASS={{PASSWD}}
#Controller Server hostname. example:controller
HOST_NAME={{controller_name}}
#Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE={{compute_ip}}
#Compute HOST Password. example:000000
HOST_PASS_NODE={{PASSWD}}
#Compute Node hostname. example:compute
HOST_NAME_NODE={{compute_name}}
#--------------------Chrony Config-------------------##
#Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24)
network_segment_IP={{network_segment_IP}}/24
#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack
#Password for rabbit user .example:000000
RABBIT_PASS={{PASSWD}}
#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS={{PASSWD}}
#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo
ADMIN_PASS={{PASSWD}}
DEMO_PASS={{PASSWD}}
#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS={{PASSWD}}
#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS={{PASSWD}}
#Password for Keystore glance user. exmaple:000000
GLANCE_PASS={{PASSWD}}
#--------------------Placement Config----------------------##
#Password for Mysql placement user. exmaple:000000
PLACEMENT_DBPASS={{PASSWD}}
#Password for Keystore placement user. exmaple:000000
PLACEMENT_PASS={{PASSWD}}
#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS={{PASSWD}}
#Password for Keystore nova user. exmaple:000000
NOVA_PASS={{PASSWD}}
#--------------------Neutron Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS={{PASSWD}}
#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS={{PASSWD}}
#metadata secret for neutron. exmaple:000000
METADATA_SECRET={{PASSWD}}
#External Network Interface. example:eth1
INTERFACE_NAME={{External_Network}}
#External Network The Physical Adapter. example:provider
Physical_NAME={{Physical_NAME}}
#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
minvlan=1
#Last Vlan ID in VLAN RANGE for VLAN Network. example:200
maxvlan=1000
#--------------------Cinder Config--------------------##
#Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS={{PASSWD}}
#Password for Keystore cinder user. exmaple:000000
CINDER_PASS={{PASSWD}}
#Cinder Block Disk. example:md126p3
BLOCK_DISK={{cinder_disk}}
#--------------------Swift Config---------------------##
#Password for Keystore swift user. exmaple:000000
SWIFT_PASS={{PASSWD}}
#The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK={{swift_disk}}
#The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP={{STORAGE_LOCAL_NET_IP}}
#--------------------Trove Config----------------------##
#Password for Mysql trove user. exmaple:000000
TROVE_DBPASS={{PASSWD}}
#Password for Keystore trove user. exmaple:000000
TROVE_PASS={{PASSWD}}
#--------------------Heat Config----------------------##
#Password for Mysql heat user. exmaple:000000
HEAT_DBPASS={{PASSWD}}
#Password for Keystore heat user. exmaple:000000
HEAT_PASS={{PASSWD}}
#--------------------Ceilometer Config----------------##
#Password for Gnocchi ceilometer user. exmaple:000000
CEILOMETER_DBPASS={{PASSWD}}
#Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS={{PASSWD}}
#--------------------AODH Config----------------##
#Password for Mysql AODH user. exmaple:000000
AODH_DBPASS={{PASSWD}}
#Password for Keystore AODH user. exmaple:000000
AODH_PASS={{PASSWD}}
#--------------------ZUN Config----------------##
#Password for Mysql ZUN user. exmaple:000000
ZUN_DBPASS={{PASSWD}}
#Password for Keystore ZUN user. exmaple:000000
ZUN_PASS={{PASSWD}}
#Password for Keystore KURYR user. exmaple:000000
KURYR_PASS={{PASSWD}}
#--------------------OCTAVIA Config----------------##
#Password for Mysql OCTAVIA user. exmaple:000000
OCTAVIA_DBPASS={{PASSWD}}
#Password for Keystore OCTAVIA user. exmaple:000000
OCTAVIA_PASS={{PASSWD}}
#--------------------Manila Config----------------##
#Password for Mysql Manila user. exmaple:000000
MANILA_DBPASS={{PASSWD}}
#Password for Keystore Manila user. exmaple:000000
MANILA_PASS={{PASSWD}}
#The NODE Object Disk for Manila. example:md126p5.
SHARE_DISK={{manila_disk}}
#--------------------Cloudkitty Config----------------##
#Password for Mysql Cloudkitty user. exmaple:000000
CLOUDKITTY_DBPASS={{PASSWD}}
#Password for Keystore Cloudkitty user. exmaple:000000
CLOUDKITTY_PASS={{PASSWD}}
#--------------------Barbican Config----------------##
#Password for Mysql Barbican user. exmaple:000000
BARBICAN_DBPASS={{PASSWD}}
#Password for Keystore Barbican user. exmaple:000000
BARBICAN_PASS={{PASSWD}}
############################################################
####在vi编辑器中执行:%s/^.\{1\}// 删除每行前1个字符(#号)#####
############################################################因为设置的变量,所以需要在/opt/openstack_ansible/group_vars/all中声明变量,all文件内容如下:
[root@ansible opt]# vi /opt/openstack_ansible/group_vars/all
controller_ip: 172.128.11.21
controller_name: controller
compute_ip: 172.128.11.20
compute_name: compute
PASSWD: 'Abc@1234'
cinder_disk: vdb1
swift_disk: vdb2
manila_disk: vdb3
network_segment_IP: 172.128.11.0
External_Network: eth1
Physical_NAME: provider
STORAGE_LOCAL_NET_IP: 172.128.11.20至此,init角色剧本编写完成。
(2)其他角色
其他角色的作用是执行安装OpenStack的脚本,可以自行参考提供的案例文档,其他main.yaml文件可使用提供的软件包openstack_ansible_train.tar.gz,替换之后需要更改以下文件:
[root@ansible openstack_ansible]# tar -zxvf /root/openstack_ansible_train.tar.gz -C /root/
[root@ansible openstack_ansible]# cp -rvf /root/openstack_ansible_train/* /opt/openstack_ansible/
[root@ansible opt]# vi /opt/openstack_ansible/group_vars/all
controller_ip: 192.168.110.10
controller_name: controller
compute_ip: 192.168.110.20
compute_name: compute
PASSWD: '000000'
cinder_disk: sdb1
swift_disk: sdb2
manila_disk: sdb3
network_segment_IP: 192.168.110.0/24
External_Network: ens34
Physical_NAME: provider
STORAGE_LOCAL_NET_IP: 192.168.110.204. 执行Playbook
在执行剧本之前,还有一些工作需要完成,具体任务如下:
(1)修改hosts文件
此处需要修改的hosts文件并不只是/etc/hosts,还有一个/etc/ansible/hosts文件,编辑/etc/ansible/hosts,在文件的最后添加需要执行剧本的目标主机组,添加的内容如下:
[root@ansible ~]# vi /etc/ansible/hosts
## db-[99:101]-node.example.com
[controller]
192.168.110.10
[compute]
192.168.110.20
编辑/etc/hosts文件,添加IP与主机名的映射,如下所示:
[root@ansible ~]# vi /etc/hosts
192.168.110.10 controller
192.168.110.20 compute(2)编辑剧本入口文件
install_openstack.yaml文件为执行剧本的入口文件,需要将调用roles的顺序及哪些主机调用哪些roles在这个文件中体现出来,install_openstack.yaml文件的具体内容如下(如果以选择替换软件包里的内容无需修改一下内容):
[root@ansible ~]# vi /opt/openstack_ansible/install_openstack.yaml
┅ \\三短横请手打
- hosts: controller
remote_user: root
roles:
- init
- mariadb
- keystone
- glance
- nova-controller
- neutron-controller
- dashboard
- cinder-controller
- swift-controller
- heat
- hosts: compute
remote_user: root
roles:
- init
- nova-compute
- neutron-compute
- cinder-compute
- swift-compute(3)执行剧本
当所有准备工作都完成之后,使用ansible-playbook命令执行剧本,首先使用–syntax-check参数检测脚本的语法,命令如下:
[root@ansible opestack_ansible]# ansible-playbook install_openstack.yaml --syntax-check
playbook: install_openstack.yaml直接返回文件名,表示脚本没有语法错误。执行剧本,命令如下(注意需要写完所有main.yaml文件才会完整安装):
[root@ansible openstack_ansible]# ansible-playbook install_openstack.yaml
PLAY RECAP ****************************************************************************************************************************************
172.128.11.21 : ok=10 changed=9 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.128.11.39 : ok=16 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
...
...在等待一段时间之后,剧本执行完毕,若没有报错,访问Controller节点的IP地址/dashboard,可以访问OpenStack界面。访问OpenStack界面如图10所示:
图10 OpenStack登录界面
至此,使用Ansible一键部署OpenStack完成。关于更多组件的安装,用户可以自行编写role执行安装。
2230
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
