centos8使用kolla部署openstack ussuri问题

1.mariadb问题:wait for MariaDB to be available via HAProxy

 all-in-one环境需要在globals.yml中将kolla_internal_vip_address: "ip设置为本机的ip"

2.修改docker官方yum源为阿里云yum源,另外配置docker镜像加速,指定使用阿里云镜像加速。

$ vim /usr/share/kolla-ansible/ansible/roles/baremetal/defaults/main.yaml

docker_yum_url: "https://mirrors.aliyun.com/docker-ce/linux/{{ ansible_distribution | lower }}"

docker_custom_config: {"registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]}

3. 安装 kolla-ansible时版本需要与openstack的版本进行匹配

 kolla版本与openstack版本对应关系:https://releases.openstack.org/teams/kolla.html

4.依赖以及配置更改完成后执行kolla-ansible -i ./all-in-one deploy

5.post deploy

kolla-ansible -i ./all-in-one deploy

pip install python-openstackclient python-glanceclient python-neutronclient

6.如果启用cinder还需要额外添加磁盘,这里添加一块sdb盘并创建为pv和vg,使用lvm作为cinder的后端存储:

pvcreate /dev/sdb

vgcreate cinder-volumes /dev/sdb

7.配置主机名,kolla预检查时rabbitmq可能需要能够进行主机名解析

hostnamectlset-hostname kolla  

all-in-one配置文件修改主机名

sed -i 's#localhost ansible_connection=local#kolla#g' all-in-one

配置主机名解析,实际在环境预配置时kolla会自动添加解析到/etc/hosts

cat >> /etc/hosts <<EOF

192.168.93.30 kolla

EOF

配置ssh免密

ssh-keygen

ssh-copy-id root@kolla

8.为octavia创建证书

此部分可参考https://docs.openstack.org/octavia/latest/admin/guides/certificates.html

 mkdir certs

  chmod 700 certs

  cd certs/

  mkdir client_ca

  mkdir server_ca

 cd server_ca/

 mkdir certs crl newcerts private

 chmod 700 private

 touch index.txt

echo 1000 > serial

openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096

openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:1024

openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pesage2020 rsa_keygen_bits:4096

  openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096

  chmod 400 private/ca.key.pem

openssl req -config /root/octavia/etc/certificates/openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem

cd ../client_ca

mkdir certs crl csr newcerts private

chmod 700 private

touch index.txt

  echo 1000 > serial

openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096

   chmod 400 private/ca.key.pem

   openssl req -config /root/octavia/etc/certificates/openssl.cnf -key private/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem

openssl genpkey -algorithm RSA -out private/client.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:2048

openssl req -config /root/octavia/etc/certificates/openssl.cnf -new -sha256 -key private/client.key.pem -out csr/client.csr.pem

 openssl ca -config /root/octavia/etc/certificates/openssl.cnf -extensions usr_cert -days 7300 -notext -md sha256 -in csr/client.csr.pem -out certs/client.cert.pem

   openssl rsa -in private/client.key.pem -out private/client.cert-and-key.pem

  chmod 700 /etc/kolla/config/octavia/

cp server_ca/private/ca.key.pem /etc/kolla/config/octavia/server_ca.key.pem

chmod 700 /etc/kolla/config/octavia/server_ca.key.pem

cp server_ca/certs/ca.cert.pem /etc/kolla/config/octavia/server_ca.cert.pem

chmod 700 /etc/kolla/config/octavia/server_ca.cert.pem

 cp client_ca/certs/ca.cert.pem /etc/kolla/config/octavia/client_ca.cert.pem

 cp client_ca/private/client.cert-and-key.pem /etc/kolla/config/octavia/client.cert-and-key.pem

chmod 700 /etc/kolla/config/octavia/client.cert-and-key.pem

mkdir -p /etc/octavia/certs

chmod 700 /etc/octavia/certs/

cp /etc/kolla/config/octavia/* /etc/octavia/certs/

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容