环境
api 节点即 controller 控制节点
conductor 节点即 裸金属计算节点
vip 即虚拟IP,或者使用controller节点IP或hostname替换
一、安装软件包
1、在所有节点上安装yum仓库
yum install centos-release-openstack-rocky -y
2、在 api 节点上安装
yum install openstack-ironic-api python-ironicclient -y
执行
systemctl enable openstack-ironic-api
systemctl start openstack-ironic-api
3、在 conductor 节点安装
yum install openstack-ironic-conductor -y
执行
systemctl enable openstack-ironic-conductor
systemctl start openstack-ironic-conductor
4、在 api 节点上安装ironic-ui
yum install openstack-ironic-ui -y
# 然后
cp /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/_2200_ironic.py /usr/share/openstack-dashboard/openstack_dashboard/enabled/
# 然后
systemctl restart httpd
二、创建数据库(API节点)
在第一个api节点上创建ironic数据库
mysql -uroot -p
create database ironic CHARACTER SET utf8;
grant all privileges on ironic.* to 'ironic'@'localhost' identified by '密码';
grant all privileges on ironic.* to 'ironic'@'%' identified by '密码';
很有可能 ironic 用户不能登录 ironic数据库 @vip,我们需要先查看数据库表 mysql.user 中是否有对应的权限
select user,host from mysql.user
上图中,针对每一个节点都有一个ironic user与之对应,这样才是对的
所以,有可能需要添加
grant all privileges on ironic.* to 'ironic'@'single' identified by 'ironicDB密码';
三、创建 endpoint (API节点)
1、创建 Bare Metal service的用户 ironic
openstack user create --domain default --password-prompt ironic
openstack role add --project service --user ironic admin
2、注册 bare metal service 到service
openstack service create --name ironic --description "Ironic baremetal provisioning service" baremetal
3、创建 endpoint
openstack endpoint create --region RegionOne baremetal admin http://$IRONIC_NODE:6385
openstack endpoint create --region RegionOne baremetal public http://$IRONIC_NODE:6385
openstack endpoint create --region RegionOne baremetal internal http://$IRONIC_NODE:6385
# Warning 此处请使用虚拟IP的IP地址 而不是VIP
四、配置API节点(API)
vim /etc/ironic/ironic.conf
[DEFAULT]
transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/
# RPC_USER 即你的rabbitmq 用户
# RPC_HOST 一般使用 VIP
配置 ironic-api 使用Identity service的认证
[DEFAULT]
auth_strategy=keystone
[keystone_authtoken]
auth_type=password
www_authenticate_uri=http://PUBLIC_IDENTITY_IP:5000
auth_url=http://PRIVATE_IDENTITY_IP:5000
username=ironic
password=IRONIC_PASSWORD
project_name=service
project_domain_name=Default
user_domain_name=Default
[database]
connection=mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic?charset=utf8
填充数据库表
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
五、配置 conductor 节点(conductor)
1、配置 my_ip
[DEFAULT]
my_ip = HOST_IP # 若conductor节点有多个IP,这个IP应该设置为与裸金属同一网段的IP
2、配置DB路径
[database]
connection=mysql+pymysql://ironic:IRONIC_DBPASSWORD@DB_IP/ironic?charset=utf8
3、配置rabbitmq
[DEFAULT]
transport_url = rabbit://RPC_USER:RPC_PASSWORD@RPC_HOST:RPC_PORT/
4、配置访问其他 OpenStack服务的凭据
[neutron]
auth_type = password
auth_url = http://vip:5000
username=ironic
password=ironic密码
project_name=service
project_domain_id=default
user_domain_id=default
# PEM encoded Certificate Authority to use when verifying HTTPs connections. (string value)
#cafile=/opt/stack/data/ca-bundle.pem
region_name = RegionOne
valid_interfaces=public
cleaning_network = 外部网络UUID
provisioning_network = 外部网络UUID
[glance]
url = http://vip:9292
auth_url = http://vip:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = ironic
password = ironic密码
[cinder]
region_name = RegionOne
project_domain_id = default
user_domain_id = default
project_name = service
password = ironic密码
username = ironic
auth_url = http://vip:5000
auth_type = password
[service_catalog]
region_name = RegionOne
project_domain_id = default
user_domain_id = default
project_name = service
password = ironic密码
username = ironic
auth_url = http://vip:5000
auth_type = password
5、启用 drivers (hardware types)
[DEFAULT]
...
# driver
enabled_hardware_types = ipmi,redfish
# boot
enabled_boot_interfaces = pxe
# console
#enabled_console_interfaces = ipmitool-socat,no-console
enabled_console_interfaces = ipmitool-shellinabox,no-console
# deploy
enabled_deploy_interfaces = direct,iscsi
# inspect
enabled_inspect_interfaces = inspector
# management
enabled_management_interfaces = ipmitool,redfish
# power
enabled_power_interfaces = ipmitool,redfish
# raid
enabled_raid_interfaces = agent
# vendor
enabled_vendor_interfaces = ipmitool, no-vendor
# storage
enabled_storage_interfaces = cinder, noop
# network
enabled_network_interfaces = flat,neutron
6、配置不自动清理
[conductor]
automated_clean = false
clean_callback_timeout = 1800
rescue_callback_timeout = 1800
soft_power_off_timeout = 600
power_state_change_timeout = 30
power_failure_recovery_interval = 300
六、配置 计算服务(计算节点和控制节点)
1、ironic-conductor 节点 配置 /etc/nova/nova.conf
[default]
compute_driver = ironic.IronicDriver # 计算节点
# firewall driver是使用 nova-network 服务才有的,而Ironic使用neutron,所以设置为 Noop
firewall_driver = nova.virt.firewall.NoopFirewallDriver
# bare metal node不需要预留内存
reserved_host_memory_mb = 0
[filter_scheduler]
track_instance_changes = False
[scheduler] #(控制节点)
# 多长时间尝试去发现新的hosts已经被加入到cell中,若是负数,则不发现
discover_hosts_in_cells_interval = 120
# 若不设置此选项,也可以在新节点enroll注册后 通过 命令行执行 nova-manage cell_v2 discover_hosts --by-service 来手动发现
2、考虑是否要在控制节点上开启如下选项
[filter_scheduler]
#启用这个选项是有益的,因为当基于资源类进行调度时,它可以减少 ironic 节点的重新调度事件,特别是对于host_subset_size = 1的混合管理程序情况。然而,启用它还将使虚拟机监控程序上的vm打包变得更紧凑,即使在完全禁用调度权重的情况下也是如此。
# shuffle_best_same_weighed_hosts = false
# 我暂时就不设置它了
3、仔细考虑如下选项
[compute]
# 如果连续出现一定数量的构建失败,这个选项将造成 nova-compute 设置自己为 disabled 状态
# 这将阻止调度器继续向始终构建失败的计算服务发起构建请求
# 然而,在裸金属供应的情况下,计算服务很少是导出构建失败的原因
# 此外,由被禁用的计算服务管理的裸金属节点将被重新映射到另一个计算服务
# 这可能会导致第二个计算服务也被禁用,以此类推,直到没有活动的计算服务为止
# 如果这不是期望的行为,考虑增加此值,或将其设置为0以完全禁用此行为
consecutive_build_service_disable_threshold = 10
# 我暂时不设置它
4、在conductor节点nova.conf 的 [ironic] 中修改如下选项,替换:
- IRONIC_PASSWORD with ironic user in the identity service
- IRONIC_NODE with the hostname or IP address of the ironic-api node
- IDENTITY_IP with the IP of the Identity server
[ironic]
# Ironic authentication type
auth_type = password
# Keystone API endpoint
auth_url=http://IDENTITY_IP:5000/v3
# Ironic keystone project name
project_name=service
# Ironic keystone admin name
username=ironic
# Ironic keystone admin password
password=IRONIC_PASSWORD
# Ironic keystone project domain or set project_domain_id
project_domain_name=Default
# Ironic keystone user domain or set user_domain_id
user_domain_name=Default
5、重启服务
控制节点 systemctl restart openstack-nova-scheduler
计算节点 systemctl restart openstack-nova-compute
七、配置网络服务
1、安装 networking baremetal ML2 mechanism driver 和 L2 agent(网络节点)
yum install -y python2-networking-baremetal python2-ironic-neutron-agent
2、修改 /etc/neutron/plugins/ml2/ml2_conf.ini(网络节点)
[ml2]
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = openvswitch,baremetal
[ml2_type_flat]
flat_networks = physnet1
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # 这里是不一样的
enable_security_group = True
[ovs]
bridge_mappings = physnet1:br-eth2
# Replace eth2 with the interface on the neutron node which you
# are using to connect to the bare metal server
3、创建 /etc/neutron/plugins/ml2/ironic_neutron_agent.ini 并添加必要配置(网络节点)
[ironic]
project_domain_name = Default
project_name = service
user_domain_name = Default
password = ironic密码
username = ironic
auth_url = http://identity-server.example.com/indentity # 如http://vip:5000/v3
auth_type = password
region_name = RegionOne
4、重启 neutron-server 服务以加载最新的配置(控制节点)
5、开启 ironic-neutron-agent 服务(网络节点)
systemctl enable ironic-neutron-agent
systemctl start ironic-neutron-agent
# 不需要,但也可执行
systemctl restart openvswitch
systemctl restart neutron-openvswitch-agent
6、配置 cleaning 网络(conductor 节点)
在裸金属服务配置文件中 通过 cleaning_network 选项配置 “清理网络”,使用之前创建的外部网络ID
[neutron]
cleaning_network = 外部网络UUID
# 这个前边已经配置过了的,此处不用再配置
重启 ironic-conductor服务
systemctl restart openstack-ironic-conductor
7、配置租户网络(conductor 节点)
[DEFAULT]
...
enabled_network_interfaces = noop,flat,neutron
default_network_interface = flat
# 这个前边已经配置过了的,此处不用再配置
8、配置provisioning network(conductor 节点)
[neutron]
...
provisioning_network = 外部网络UUID
# 这个前边已经配置过了的,此处不用再配置
9、配置DHCP(conductor 节点)
[dhcp]
dhcp_provider = neutron
八、配置 PXE
在 ironic-conductor 节点安装和配置
1、确保 tftp 根目录的存在
mkdir -p /tftpboot
chown -R ironic /tftpboot
2、安装 tftp server
yum -y install tftp-server xinetd
# 用于验证 tftp生效的客户端 可以安装 tftp:yum -y install tftp
3、使用 xinetd 提供的 tftp server 配置,create or edit /etc/xinetd.d/tftp
service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -v -v -v -v -v --map-file /tftpboot/map-file /tftpboot
disable = no
# This is a workaround for Fedora, where TFTP will listen only on
# IPv6 endpoint, if IPv4 flag is not used.
flags = IPv4
}
4、在 tftp 根目录 /tftpboot 下创建一个 map file
echo 're ^(/tftpboot/) /tftpboot/\2' > /tftpboot/map-file
echo 're ^/tftpboot/ /tftpboot/' >> /tftpboot/map-file
echo 're ^(^/) /tftpboot/\1' >> /tftpboot/map-file
echo 're ^([^/]) /tftpboot/\1' >> /tftpboot/map-file
5、UEFI PXE - Grub setup
为了在支持 UEFI 的裸金属节点上部署带有PXE的 instances,在 ironic-conductor节点上执行以下步骤来配置 PXE UEFI 环境
安装 grub2 和 shim 包
yum -y install grub2-efi shim
复制 grub 和 shim
sudo cp /boot/efi/EFI/centos/shim.efi /tftpboot/bootx64.efi
sudo cp /boot/efi/EFI/centos/grubx64.efi /tftpboot/grubx64.efi
创建 master grub.cfg
# 在/tftpboot/EFI/centos下创建grub.cfg
GRUB_DIR=/tftpboot/EFI/centos
sudo mkdir -p $GRUB_DIR
vim $GRUB_DIR/grub.cfg
cat grub.cfg
set default=master
set timeout=5
set hidden_timeout_quiet=false
menuentry "master" {
configfile /tftpboot/$net_default_mac.conf
}
chmod 644 $GRUB_DIR/grub.cfg
6、支持 Legacy BIOS - Syslinux setup
为了支持在 baremetal 上使用 legacy BIOS和PXE来部署 instance,在 Ironic-conductor 节点上执行以下步骤
安装syslinux 包
yum -y install syslinux-tftpboot
复制 PXE 镜像到 /tftpboot
cp /usr/share/syslinux/pxelinux.0 /tftpboot
若是 部署 whole disk image(是的) ,那么
cp /usr/share/syslinux/chain.c32 /tftpboot
若是 syslinux --version > 4.0 我们需要复制所有的 lib 到 /tftpboot
# Ubuntu下是:
sudo cp /usr/lib/syslinux/modules/*/ldlinux.* /tftpboot
# centos7下好像是:
On Fedora/RHEL the syslinux-tftpboot package already installs the library modules and PXE image at /tftpboot. If the TFTP server is configured to listen to a different directory you should copy the contents of /tftpboot to the configured directory
# centos7的可能在 /var/lib/tftpboot下,不用复制也没影响
7、vim /etc/ironic/ironic.conf(conductor节点)
[ipmi]
retry_timeout = 60
[pxe]
ipxe_enabled = False
pxe_append_params = nofb nomodeset vga=normal console=ttyS0 systemd.journald.forward_to_console=yes
tftp_root=/tftpboot
tftp_server={{安装tftpserver的conductor节点IP}}
# On the ironic-conductor node, directory where images are stored on disk. (string value)
#images_path = /var/lib/ironic/images/
images_path = /nfs_share/pxe_images/
# On the ironic-conductor node, directory where master
# instance images are stored on disk. Setting to the empty
# string disables image caching. (string value)
#instance_master_path = /var/lib/ironic/master_images
instance_master_path = /nfs_share/pxe_master_images
# nfs_share是我的一个目录,避免镜像过大占用系统盘空间
8、启动 xinetd
systemctl enable xinetd
systemctl restart xinetd
systemctl status xinetd
9、重启
systemctl restart openstack-ironic-conductor
九、上传镜像和创建 flavor
我们只需要 deploy 镜像,user 镜像就用我们平时的 raw 或 qcow2镜像
1、添加 deploy 镜像到 镜像 仓库
glance image-create --name deploy-vmlinuz --visibility public \
--disk-format aki --container-format aki < coreos_production_pxe.vmlinuz
# 将上述步骤获得的镜像UUID存为 DEPLOY_VMLINUZ_UUID
glance image-create --name deploy-initrd --visibility public \
--disk-format ari --container-format ari < coreos_production_pxe_image-oem.cpio.gz
# 将上述步骤获得的镜像UUID存为 DEPLOY_INITRD_UUID
2、刚刚的nfs_share里保证有相应的路径
mkdir /nfs_share/pxe_master_images
mkdir /nfs_share/pxe_images
cd /nfs_share
chmod 777 -R pxe_master_images
chmod 777 -R pxe_images
3、创建 Flavor
openstack flavor create --ram 裸金属内存MB --vcpus 裸金属CPU核数 --disk 裸金属系统盘大小GB my-baremetal-flavor
# 内存和系统盘可以比实际的稍微小点,向下取整
openstack flavor set --property resources:CUSTOM_BAREMETAL_WITH_GPU=1 my-baremetal-flavor
openstack flavor set --property resources:VCPU=0 my-baremetal-flavor
openstack flavor set --property resources:MEMORY_MB=0 my-baremetal-flavor
openstack flavor set --property resources:DISK_GB=0 my-baremetal-flavor
十、注册 Enrollment Baremetal Node
1、首先查看用到的 IPMI 的所有 Ironic Driver
openstack baremetal driver show ipmi
2、打印出 IPMI 驱动程序的属性清单
openstack baremetal driver property list ipmi
3、创建baremetal node
export IRONIC_API_VERSION=1.11
export OS_BAREMETAL_API_VERSION=1.11
openstack baremetal node create --driver ipmi --name BM01 \
--deploy-interface iscsi \
--raid-interface agent \
--driver-info ipmi_username=IPMI用户 \
--driver-info ipmi_password=IPMI密码 \
--driver-info ipmi_address=IPMI地址 \
--driver-info ipmi_port=623 \
--driver-info deploy_kernel=$DEPLOY_KERNEL_UUID \
--driver-info deploy_ramdisk=$DEPLOY_RAMDISK_UUID \
--driver-info cleaning_network=$CLEANING_NETWORK \
--driver-info provisioning_network=$PRO_NETWORK
4、要是遇到 API 版本不支持错误,就这样
就改为
export IRONIC_API_VERSION=1.46
export OS_BAREMETAL_API_VERSION=1.46
5、若是 UEFI,记得,但是我没执行这个
openstack baremetal node sest $BAREMETAL_NODE_UUID --property capabilities='boot_modes:uefi'
6、更新resource class
openstack --os-baremetal-api-version 1.21 baremetal node set $NODE_UUID --resource-class baremetal.with-GPU
7、创建 baremetal port
openstack baremetal port create 裸金属网卡的MAC地址 --node $NODE_UUID
十一、创建 server
1、验证 baremetal node
openstack baremetal node validate $BAREMETAL_NODE_UUID
# bios, boot, console, deploy, rescue 为 False都无关紧要的
2、纳管
openstack baremetal --os-baremetal-api-version 1.11 node manage $UUID
openstack baremetal node show $UUID |grep provision_state
3、供应
openstack baremetal --os-baremetal-api-version 1.11 node provide $UUID
openstack baremetal node show $UUID |grep provision_state
4、执行部署
openstack server create --flavor $FLAVOR_UUID --nic net-id=$NETWORK_ID --image $CIRROS_ID test_BM01
1944
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
