Ironic基础环境配置
创建数据库
mysql -u root -p CREATE DATABASE ironic CHARACTER SET utf8;
GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' IDENTIFIED BY '123456';下载ironic相关包
yum install -y centos-release-openstack-rocky
yum install -y openstack-ironic-api openstack-ironic-conductor python-ironicclient启动服务
systemctl enable openstack-ironic-api openstack-ironic-conductor
systemctl start openstack-ironic-api openstack-ironic-conductor修改ironic-api相关配置
vi /etc/ironic/ironic.conf
[database]
connection = mysql+pymysql://ironic:123456@172.27.127.74/ironic?charset=utf8
[DEFAULT]
transport_url = rabbit://openstack:openstack@controller
auth_strategy=keystone
[keystone_authtoken]
auth_type=password
www_authenticate_uri=http://controller:5000
auth_url=http://controller:5000
username=ironic
password=123456
project_name=service
project_domain_name=Default
user_domain_name=Default
创建Bare Metal服务数据库表
ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
重启api服务
systemctl restart openstack-ironic-api修改ironic-conductor相关配置
vi /etc/ironic/ironic.conf
[DEFAULT]
my_ip=172.27.127.74
enabled_inspect_interfaces = no-inspect,inspector
[conductor]
api_url=http://172.27.127.74:6385
automated_clean = true
[deploy]
erase_devices_priority = 0
[glance]
glance_host = 172.27.127.74
auth_url = http://controller:5000
endpoint_override=http://controller:9292
auth_type=password
username=ironic
password=123456
project_name=service
project_domain_id=default
user_domain_id=default
[neutron]
endpoint_override=http://controller:9696
auth_type = password
auth_url=http://controller:5000
username=ironic
password=123456
project_name=service
project_domain_id=default
user_domain_id=default
[service_catalog]
auth_url = http://controller:5000
endpoint_override = http://172.27.127.74:6385
重启服务
systemctl restart openstack-ironic-api
systemctl restart openstack-ironic-conductoropenstack ironic对接其他服务
对接keystone
openstack user create --password 123456 --email ironic@example.com ironic
openstack role add --project service --user ironic admin
openstack service create --name ironic --description "Ironic baremetal provisioning service" baremetal
openstack endpoint create --region RegionOne baremetal admin http://controller:6385
openstack endpoint create --region RegionOne baremetal public http://controller:6385
openstack endpoint create --region RegionOne baremetal internal http://controller:6385
openstack project create baremetal对接nova
vi /etc/nova/nova.conf
[default]
compute_driver=ironic.IronicDriver
reserved_host_memory_mb=0
force_config_drive=true
[filter_scheduler]
track_instance_changes=False
[scheduler]
discover_hosts_in_cells_interval=120
[ironic]
endpoint_override=http://172.27.127.74:6385
auth_type=password
auth_url=http://controller:5000/v3
project_name=service
username=ironic
password=123456
project_domain_name=Default
user_domain_name=Default
nova-manage cell_v2 discover_hosts --by-service
systemctl restart openstack-nova-scheduler
systemctl restart openstack-nova-compute对接neutron
yum -y install epel-release
yum -y install gcc python-devel python2-pip
pip install --no-deps networking-baremetal
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = openvswitch,baremetal
[ml2_type_flat]
flat_networks = physnet1
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
bridge_mappings = physnet1:br-eth2
重启服务
systemctl restart neutron-server
vi /etc/neutron/plugins/ml2/ironic_neutron_agent.ini
[ironic]
project_domain_name = Default
project_name = service
user_domain_name = Default
password = 123456
username = ironic
auth_url = http://172.27.127.74:5000/v3
auth_type = password
region_name = RegionOne
创建ironic-neutron-agent服务
cd /usr/lib/systemd/system
vi ironic-neutron-agent.service
[Unit]
Description=OpenStack Ironic Neutron Agent
After=syslog.target network.target
[Service]
Type=simple
User=neutron
ExecStart=/usr/bin/ironic-neutron-agent --config-dir /etc/neutron --config-file /etc/neutron/plugins/ml2/ironic_neutron_agent.ini --log-file /var/log/neutron/ironic_neutron_agent.log
PrivateTmp=false
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
启动服务
systemctl enable ironic-neutron-agent
systemctl start ironic-neutron-agent配置清洁网络
[root@controller ~]# neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+-----------+----------------------------------+------------------------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+-----------+----------------------------------+------------------------------------------------------+
| 4ad6bed9-e041-4b0b-9982-54f8579380f1 | baremetal | 7548a72042c84c08b29aea0707c0ce13 | e19e3787-2109-4caa-b808-ee442da295fe 172.27.127.0/24 |
+--------------------------------------+-----------+----------------------------------+------------------------------------------------------+
vi /etc/ironic/ironic.conf
[neutron]
cleaning_network = 4ad6bed9-e041-4b0b-9982-54f8579380f1 清洁网络和供应网络可以是一个网络
provisioning_network = 4ad6bed9-e041-4b0b-9982-54f8579380f1
systemctl restart openstack-ironic-api
systemctl restart openstack-ironic-conductor
安装用户镜像和部署镜像
pip install diskimage-builder
用户镜像:
disk-image-create ubuntu baremetal dhcp-all-interfaces grub2 -o my-image
-rw-r--r--. 1 root root 55944401 Apr 23 17:27 my-image.initrd
-rw-r--r--. 1 root root 596901888 Apr 23 17:27 my-image.qcow2
-rw-r--r--. 1 root root 8290040 Apr 23 17:27 my-image.vmlinuz
上传镜像
glance image-create --name my-kernel --visibility public --disk-format aki --container-format aki < my-image.vmlinuz
glance image-create --name my-image.initrd --visibility public --disk-format ari --container-format ari < my-image.initrd
MY_VMLINUZ_UUID=创建镜像后生成的ID
MY_INITRD_UUID=创建镜像后生成的ID
glance image-create --name my-image --visibility public --disk-format qcow2 --container-format bare --property kernel_id=$MY_VMLINUZ_UUID --property ramdisk_id=$MY_INITRD_UUID < my-image.qcow2
部署镜像
disk-image-create ironic-agent centos7 dynamic-login -o ironic-deploy 生成可以自定义密码的镜像
-rw-r--r--. 1 root root 399675094 Apr 23 17:33 ironic-deploy.initramfs
-rwxr-xr-x. 1 root root 6643904 Apr 23 17:33 ironic-deploy.kernel
生成密码
$ openssl passwd
Password:
Verifying - Password:
mNw2hVHmny2Ho
在ironic配置文件里面添加密码,第一次需要用密码登陆,用ssh的话登录不进去
vi /etc/ironic/ironic.conf
[pxe]
pxe_append_params = rootpwd="mNw2hVHmny2Ho"
systemctl restart openstack-ironic-*
上传镜像
openstack image create "deploy-kernel" --file ironic-deploy.kernel --disk-format aki --container-format aki --public
openstack image create "deploy-image.initrd" --file ironic-deploy.initramfs --disk-format ari --container-format ari --public配置PXE
mkdir -p /tftpboot
chown -R ironic /tftpboot
yum -y install tftp-server syslinux-tftpboot xinetd
vi /etc/xinetd.d/tftp
service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -v -v -v -v -v --map-file /tftpboot/map-file /tftpboot
disable = no
# This is a workaround for Fedora, where TFTP will listen only on
# IPv6 endpoint, if IPv4 flag is not used.
flags = IPv4
}
systemctl restart xinetd
cp /usr/share/syslinux/pxelinux.0 /tftpboot
cp /usr/share/syslinux/chain.c32 /tftpboot/
echo 're ^(/tftpboot/) /tftpboot/\2' > /tftpboot/map-file
echo 're ^/tftpboot/ /tftpboot/' >> /tftpboot/map-file
echo 're ^(^/) /tftpboot/\1' >> /tftpboot/map-file
echo 're ^([^/]) /tftpboot/\1' >> /tftpboot/map-file
yum -y install grub2-efi shim
cp /boot/efi/EFI/centos/shim.efi /tftpboot/bootx64.efi
cp /boot/efi/EFI/centos/grubx64.efi /tftpboot/grubx64.efi
GRUB_DIR=/tftpboot/EFI/centos
mkdir -p $GRUB_DIR
cd $GRUB_DIR
vi grub.cfg
set default=master
set timeout=5
set hidden_timeout_quiet=false
menuentry "master" {
configfile /tftpboot/$net_default_mac.conf
}
chmod 644 $GRUB_DIR/grub.cfg
vi /etc/ironic/ironic.conf
[pxe]
pxe_bootfile_name=pxelinux.0
pxe_config_template = $pybasedir/drivers/modules/pxe_config.template
uefi_pxe_bootfile_name=bootx64.efi
uefi_pxe_config_template=$pybasedir/drivers/modules/pxe_grub_config.template
pxe_bootfile_name_by_arch=aarch64:grubaa64.efi,ppc64:bootppc64
pxe_config_template_by_arch=aarch64:pxe_grubaa64_config.template,ppc64:pxe_ppc64_config.template
pxe_append_params = rootpwd="mNw2hVHmny2Ho"
systemctl restart openstack-ironic-api
systemctl restart openstack-ironic-conductorironic inspector
创建数据库
mysql -uroot -p123456
create database ironic_inspector;
grant all on ironic_inspector.* to ironic_inspector@'localhost' identified by '123456';
grant all on ironic_inspector.* to ironic_inspector@'%' identified by '123456';
endpoint创建
openstack user create --domain default --project service --project-domain default --password 123456 --enable ironic-inspector
openstack service create --name ironic-inspector --description 'Bare Metal Introspection Service' --enable baremetal-introspection
openstack role add --user ironic-inspector --project service --project-domain default --user-domain default admin
openstack endpoint create --region RegionOne --enable ironic-inspector admin http://controller:5050
openstack endpoint create --region RegionOne --enable ironic-inspector internal http://controller:5050
openstack endpoint create --region RegionOne --enable ironic-inspector public http://controller:5050
inspector.conf配置
yum install -y openstack-ironic-inspector
vi /etc/ironic-inspector/inspector.conf
[DEFAULT]
debug = false
rootwrap_config = /etc/ironic-inspector/rootwrap.conf
[capabilities]
[cors]
[database]
connection = mysql+pymysql://ironic_inspector:123456@172.27.127.74/ironic_inspector?charset=utf8
[discovery]
[dnsmasq_pxe_filter]
[iptables]
[ironic]
region_name = RegionOne
project_name = service
password = 123456
username = ironic-inspector
auth_url = http://controller:5000/v3
auth_type = password
user_domain_name = default
project_domain_name = default
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/v3
project_name = service
password = 123456
username = ironic-inspector
auth_url = http://controller:5000/v3
auth_type = password
user_domain_name = default
project_domain_name = default
service_token_roles_required = true
[oslo_policy]
[pci_devices]
[processing]
ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk
[pxe_filter]
[swift]
dnsmasq.conf配置
[root@controller ~]# vi /etc/ironic-inspector/dnsmasq.conf
port=0
bind-interfaces
enable-tftp
tftp-root=/tftpboot
dhcp-range=172.27.127.84,172.27.127.89
dhcp-boot=pxelinux.0
dhcp-sequential-ip
vi /etc/sudoers.d/ironic-inspector-rootwrap
Defaults:root !requiretty
root ALL=(root) NOPASSWD: /usr/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf *
更新数据库
ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade
启动服务
systemctl restart openstack-ironic-inspector
systemctl restart openstack-ironic-inspector-dnsmasq
修改ironic.conf
vi /etc/ironic/ironic.conf
[inspector]
enabled = true
auth_type=password
auth_url=http://controller:5000
username=ironic
password=123456
project_name=service
project_domain_name=Default
user_domain_name=Default
systemctl restart openstack-ironic-api
systemctl restart openstack-ironic-conductorpxe相关配置
将部署镜像复制到/tftpboot下,查看文件的权限为644,所属用户为ironic
-rw-r--r--. 1 ironic root 580879599 Apr 23 16:25 ironic-deploy.initramfs
-rw-r--r--. 1 ironic root 8290040 Apr 23 16:25 ironic-deploy.kernel
mkdir /tftpboot/pxelinux.cfg
vi /tftpboot/pxelinux.cfg/default
default introspect
label introspect
kernel ironic-deploy.kernel
append initrd=ironic-deploy.initramfs ipa-inspection-callback-url=http://172.27.127.74:5050/v1/continue ipa-inspection-collectors=default ipa-collect-lldp=1 systemd.journald.forward_to_console=yes selinux=0
ipappend 3
修改/tftpboot权限
chown -R ironic /tftpboot裸机节点Enrollment
openstack baremetal driver list 查看驱动
openstack baremetal driver property list ipmi 查看ipmi配置参数
openstack baremetal node create --driver ipmi 创建裸机
openstack baremetal --os-baremetal-api-version 1.31 node set $NODE_UUID --deploy-interface iscsi
--raid-interface agent 设置裸机接口信息
openstack baremetal node set $NODE_UUID --driver-info ipmi_username=$USER --driver-info ipmi_password=$PASS --driver-info ipmi_address=$ADDRESS 配置裸机ipmi信息
openstack baremetal node set $NODE_UUID --driver-info ipmi_port=$PORT_NUMBER
openstack baremetal node set $NODE_UUID \
--driver-info deploy_kernel=$DEPLOY_VMLINUZ_UUID \
--driver-info deploy_ramdisk=$DEPLOY_INITRD_UUID
openstack baremetal node set $NODE_UUID \
--driver-info cleaning_network=$CLEAN_UUID_OR_NAME \
--driver-info provisioning_network=$PROVISION_UUID_OR_NAME
openstack baremetal port create $MAC_ADDRESS --node $NODE_UUID 创建裸机PXE启动端口
下面两步可以不做
---------------------------------------------------------------------------------------------
openstack --os-baremetal-api-version 1.21 baremetal node set $NODE_UUID \
--resource-class $CLASS_NAME 资源类创建
openstack baremetal node set $NODE_UUID \
--property cpus=$CPU_COUNT \
--property memory_mb=$RAM_MB \
--property local_gb=$DISK_GB
---------------------------------------------------------------------------------------------
openstack baremetal node set $NODE_UUID --inspect-interface=inspector 将自检端口打开
openstack baremetal node validate $NODE_UUID 检查裸机相关配置
把ironic节点信息同步到nova数据库中,同步hypervisor信息
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
systemctl restart openstack-nova-compute
systemctl restart openstack-nova-scheduler
openstack hypervisor list #可以看到hypervisor已经变成了裸机
+----+--------------------------------------+-----------------+---------------+-------+
| ID | Hypervisor Hostname | Hypervisor Type | Host IP | State |
+----+--------------------------------------+-----------------+---------------+-------+
| 2 | ba3b8a62-2ae9-484c-a655-91fe5dfcc260 | ironic | 172.27.127.76 | up |
+----+--------------------------------------+-----------------+---------------+-------+
openstack baremetal --os-baremetal-api-version 1.11 node manage $NODE_UUID
openstack baremetal --os-baremetal-api-version 1.11 node inspect $NODE_UUID
openstack baremetal --os-baremetal-api-version 1.11 node provide $NODE_UUID
ironic node-set-provision-state $NODEUUID abort 清洁状态可以被打断
ironic node-set-provision-state 531bb359-92f4-4753-9a1a-f91f4a1a23c4 deleted
ironic node-set-maintenance $NODEUUID False在inspect阶段过后,裸机会把硬件信息返回给服务器
openstack baremetal node show $NODEUUID
| properties | {u'memory_mb': u'262144', u'cpu_arch': u'x86_64', u'local_gb': u'556', u'cpus': u'48', u'capabilities': u'cpu_hugepages:true,cpu_txt:true,cpu_aes:true,cpu_vt:true,cpu_hugepages_1g:true'}
过一会之后,hypervisor会同步裸机的信息
[root@controller ~]# openstack hypervisor show 4118158d-dd27-44a0-a5a7-a0c2321db54e
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| aggregates | [] |
| cpu_info | |
| current_workload | 0 |
| disk_available_least | 0 |
| free_disk_gb | 0 |
| free_ram_mb | 0 |
| host_ip | 172.27.127.74 |
| hypervisor_hostname | 4118158d-dd27-44a0-a5a7-a0c2321db54e |
| hypervisor_type | ironic |
| hypervisor_version | 1 |
| id | 3 |
| local_gb | 556 |
| local_gb_used | 556 |
| memory_mb | 262144 |
| memory_mb_used | 262144 |
| running_vms | 1 |
| service_host | controller |
| service_id | 7 |
| state | up |
| status | enabled |
| vcpus | 48 |
| vcpus_used | 48 |
+----------------------+--------------------------------------+
当hypervisor同步信息之后,dashboard就可以创建实例了。
扫一扫
2072
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
