dcode/_kolla-build.sh Secret

## _kolla-build.sh
export KOLLA_DEPLOY_REGISTRY=192.168.4.210

################## Docker Hosts #######################

# Set selinux in permissive mode for now (docker hosts)
## TODO: (high priority) Create selinux policies
sudo setenforce 0
sed -i -e 's/SELINUX=.*/SELINUX=permissive/' /etc/selinux/config

# Disable firewall for now (docker hosts)
## TODO: (high priority) Create selinux policies
sudo systemctl stop iptables ip6tables
sudo systemctl disable iptables ip6tables

# Install docker from upstream
curl -sSL https://get.docker.io | bash
sudo systemctl restart docker.service

# Disable libvirt (just in case, not on minimal install)
sudo systemctl stop libvirtd.service
sudo systemctl disable libvirtd.service

# Enable insecure registry for docker
sudo sed -i "s/other_args=.*/other_args=\"--insecure-registry ${KOLLA_DEPLOY_REGISTRY}:4000\"/" /etc/sysconfig/docker ||
cat << EOF | sudo tee /etc/sysconfig/docker
other_args="--insecure-registry ${KOLLA_DEPLOY_REGISTRY}:4000"
EOF

# Modify docker service to include $other_args and change mount flags
cat << EOF | sudo tee /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket

[Service]
EnvironmentFile=/etc/sysconfig/docker
Type=notify
ExecStart=/usr/bin/docker daemon -H fd:// \$other_args
MountFlags=shared
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity

[Install]
WantedBy=multi-user.target
EOF

# Restart docker
sudo systemctl daemon-reload
sudo systemctl stop docker
sudo systemctl start docker


# Enable IP forwarding (this may not be needed, but I ran into it)
cat << EOF | sudo tee /etc/sysctl.d/50-ip_forward.conf
# This is needed for docker networking
net.ipv4.ip_forward=1
EOF
sysctl --system

#### Install docker python module
# Install setuptools so we can install pip
sudo yum install -y python-setuptools
# Install pip
sudo easy_install pip
# Install docker-py
sudo pip install docker-py>=1.4.0

################## Deployment Host #######################

# Install setuptool & EPEL
sudo yum install -y python-setuptools epel-release

# Install ansible, git
sudo yum install -y ansible git

# Install pip
sudo easy_install pip

# Install python openstack clients
sudo yum install -y python-devel libffi-devel openssl-devel gcc
sudo pip install -U python-openstackclient
sudo pip install -U python-neutronclient

# Pull down Kolla git and install prereqs
git clone https://git.openstack.org/openstack/kolla
pip install -U kolla/

## Follow steps for docker hosts before proceeding if running registry on deployment host
# Deploy docker registry to deployment host
sudo docker run -d -p 4000:5000 --restart=always --name registry registry:2.3

# Build images
kolla-build --base centos --type binary --registry ${KOLLA_DEPLOY_REGISTRY}:4000 --push --tag=2.0.0

# Configure deployment model
cp -R kolla/etc/kolla /etc/

# Modify globals.yml and passwords.yml in /etc/kolla as needed
echo "Ensure your /etc/kolla/globals.yml is configured for your deployment."
# Configure the inventory as needed /root/kolla/ansible/inventory/multinode (or allinone)
echo "Ensure your inventory is configured for your deployment."

# Run prechecks
kolla-ansible -i /root/kolla/ansible/inventory/multinode prechecks

# Run the deployment
kolla-ansible -i /root/kolla/ansible/inventory/multinode deploy

# Run the post-deployment
kolla-ansible -i /root/kolla/ansible/inventory/multinode post-deploy

# Run the init-runonce
source /etc/kolla/admin-openrc.sh
/root/kolla/tools/init-runonce

## allinone-globals.yml
---
# You can use this file to override _any_ variable throughout Kolla.
# Additional options can be found in the 'kolla/group_vars/all.yml' file.

###################
# Kolla options
###################
# Valid options are [ COPY_ONCE, COPY_ALWAYS ]
#config_strategy: "COPY_ONCE"

# Valid options are [ centos, fedora, oraclelinux, ubuntu ]
kolla_base_distro: "centos"

# Valid options are [ binary, source ]
kolla_install_type: "binary"

# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availibility. When running an All-In-One
# without haproxy and keepalived, this should be the first IP on your
# 'network_interface' as set in the Networking section below.
kolla_internal_address: "192.168.4.200"

# The Public address used to communicate with Openstack as set in the public_url
# for the endpoints that will be created. It defaults to kolla_internal_address
# but can be overridden in your globals.yml to a public address. It is up to the
# deployer to ensure that that public address maps to the environment correctly.
# It is recommended to use a DNS name as well, but not required.
#kolla_external_address: "{{ kolla_internal_address }}"


####################
# Docker options
####################
### Example: Private repository with authentication
#
docker_registry: "192.168.4.210:4000"
# docker_namespace: "companyname"
# docker_registry_username: "sam"
# docker_registry_password: "correcthorsebatterystaple"


####################
# Networking options
####################
# This interface is what all your api services will be bound to by default.
# Additionally, all vxlan/tunnel and storage network traffic will go over this
# interface by default. This interface must contain an IPv4 address.
network_interface: "eno1"

# These can be adjusted for even more customization. The default is the same as
# the 'network_interface'. These interfaces must container an IPv4 address.
#api_interface: "{{ network_interface }}"
#storage_interface: "{{ network_interface }}"
#tunnel_interface: "{{ network_interface }}"

# This is the raw interface given to neutron as its external network port. Even
# though an IP address can exist on this interface, it will be unusable in most
# configurations. It is recommended this interface not be configured with any IP
# addresses for that reason.
neutron_external_interface: "eno3"

# Valid options are [ openvswitch, linuxbridge ]
#neutron_plugin_agent: "openvswitch"


####################
# OpenStack options
####################
# This option is used to specify the tag to use when pulling the Docker images
openstack_release: "2.0.0"

# Use these options to set the various log levels across all OpenStack projects
#openstack_logging_debug: "False"

# Valid options are [ novnc, spice ]
#nova_console: "novnc"

# OpenStack services can be enabled or disabled with these options
#enable_cinder: "yes"
#enable_heat: "no"
#enable_magnum: "no"


###################
# Ceph options
###################
# Ceph can be setup with a caching to improve performance. To use the cache you
# must provide separate disks than those for the OSDs
# ceph_use_cache: "no"
# Valid options are [ forward, none, writeback ]
# ceph_cache_mode: "writeback"

# A requirement for using the erasure-coded pools is you must setup a cache tier
# Valid options are [ erasure, replicated ]
# ceph_pool_type: "replicated"

# Disable HAProxy
#enable_haproxy: "no"
	export KOLLA_DEPLOY_REGISTRY=192.168.4.210

	################## Docker Hosts #######################

	# Set selinux in permissive mode for now (docker hosts)
	## TODO: (high priority) Create selinux policies
	sudo setenforce 0
	sed -i -e 's/SELINUX=.*/SELINUX=permissive/' /etc/selinux/config

	# Disable firewall for now (docker hosts)
	## TODO: (high priority) Create selinux policies
	sudo systemctl stop iptables ip6tables
	sudo systemctl disable iptables ip6tables

	# Install docker from upstream
	curl -sSL https://get.docker.io \| bash
	sudo systemctl restart docker.service

	# Disable libvirt (just in case, not on minimal install)
	sudo systemctl stop libvirtd.service
	sudo systemctl disable libvirtd.service

	# Enable insecure registry for docker
	sudo sed -i "s/other_args=.*/other_args=\"--insecure-registry ${KOLLA_DEPLOY_REGISTRY}:4000\"/" /etc/sysconfig/docker \|\|
	cat << EOF \| sudo tee /etc/sysconfig/docker
	other_args="--insecure-registry ${KOLLA_DEPLOY_REGISTRY}:4000"
	EOF

	# Modify docker service to include $other_args and change mount flags
	cat << EOF \| sudo tee /etc/systemd/system/docker.service
	[Unit]
	Description=Docker Application Container Engine
	Documentation=https://docs.docker.com
	After=network.target docker.socket
	Requires=docker.socket

	[Service]
	EnvironmentFile=/etc/sysconfig/docker
	Type=notify
	ExecStart=/usr/bin/docker daemon -H fd:// \$other_args
	MountFlags=shared
	LimitNOFILE=1048576
	LimitNPROC=1048576
	LimitCORE=infinity

	[Install]
	WantedBy=multi-user.target
	EOF

	# Restart docker
	sudo systemctl daemon-reload
	sudo systemctl stop docker
	sudo systemctl start docker


	# Enable IP forwarding (this may not be needed, but I ran into it)
	cat << EOF \| sudo tee /etc/sysctl.d/50-ip_forward.conf
	# This is needed for docker networking
	net.ipv4.ip_forward=1
	EOF
	sysctl --system

	#### Install docker python module
	# Install setuptools so we can install pip
	sudo yum install -y python-setuptools
	# Install pip
	sudo easy_install pip
	# Install docker-py
	sudo pip install docker-py>=1.4.0

	################## Deployment Host #######################

	# Install setuptool & EPEL
	sudo yum install -y python-setuptools epel-release

	# Install ansible, git
	sudo yum install -y ansible git

	# Install pip
	sudo easy_install pip

	# Install python openstack clients
	sudo yum install -y python-devel libffi-devel openssl-devel gcc
	sudo pip install -U python-openstackclient
	sudo pip install -U python-neutronclient

	# Pull down Kolla git and install prereqs
	git clone https://git.openstack.org/openstack/kolla
	pip install -U kolla/

	## Follow steps for docker hosts before proceeding if running registry on deployment host
	# Deploy docker registry to deployment host
	sudo docker run -d -p 4000:5000 --restart=always --name registry registry:2.3

	# Build images
	kolla-build --base centos --type binary --registry ${KOLLA_DEPLOY_REGISTRY}:4000 --push --tag=2.0.0

	# Configure deployment model
	cp -R kolla/etc/kolla /etc/

	# Modify globals.yml and passwords.yml in /etc/kolla as needed
	echo "Ensure your /etc/kolla/globals.yml is configured for your deployment."
	# Configure the inventory as needed /root/kolla/ansible/inventory/multinode (or allinone)
	echo "Ensure your inventory is configured for your deployment."

	# Run prechecks
	kolla-ansible -i /root/kolla/ansible/inventory/multinode prechecks

	# Run the deployment
	kolla-ansible -i /root/kolla/ansible/inventory/multinode deploy

	# Run the post-deployment
	kolla-ansible -i /root/kolla/ansible/inventory/multinode post-deploy

	# Run the init-runonce
	source /etc/kolla/admin-openrc.sh
	/root/kolla/tools/init-runonce
	---
	# You can use this file to override _any_ variable throughout Kolla.
	# Additional options can be found in the 'kolla/group_vars/all.yml' file.

	###################
	# Kolla options
	###################
	# Valid options are [ COPY_ONCE, COPY_ALWAYS ]
	#config_strategy: "COPY_ONCE"

	# Valid options are [ centos, fedora, oraclelinux, ubuntu ]
	kolla_base_distro: "centos"

	# Valid options are [ binary, source ]
	kolla_install_type: "binary"

	# This should be a VIP, an unused IP on your network that will float between
	# the hosts running keepalived for high-availibility. When running an All-In-One
	# without haproxy and keepalived, this should be the first IP on your
	# 'network_interface' as set in the Networking section below.
	kolla_internal_address: "192.168.4.200"

	# The Public address used to communicate with Openstack as set in the public_url
	# for the endpoints that will be created. It defaults to kolla_internal_address
	# but can be overridden in your globals.yml to a public address. It is up to the
	# deployer to ensure that that public address maps to the environment correctly.
	# It is recommended to use a DNS name as well, but not required.
	#kolla_external_address: "{{ kolla_internal_address }}"


	####################
	# Docker options
	####################
	### Example: Private repository with authentication
	#
	docker_registry: "192.168.4.210:4000"
	# docker_namespace: "companyname"
	# docker_registry_username: "sam"
	# docker_registry_password: "correcthorsebatterystaple"


	####################
	# Networking options
	####################
	# This interface is what all your api services will be bound to by default.
	# Additionally, all vxlan/tunnel and storage network traffic will go over this
	# interface by default. This interface must contain an IPv4 address.
	network_interface: "eno1"

	# These can be adjusted for even more customization. The default is the same as
	# the 'network_interface'. These interfaces must container an IPv4 address.
	#api_interface: "{{ network_interface }}"
	#storage_interface: "{{ network_interface }}"
	#tunnel_interface: "{{ network_interface }}"

	# This is the raw interface given to neutron as its external network port. Even
	# though an IP address can exist on this interface, it will be unusable in most
	# configurations. It is recommended this interface not be configured with any IP
	# addresses for that reason.
	neutron_external_interface: "eno3"

	# Valid options are [ openvswitch, linuxbridge ]
	#neutron_plugin_agent: "openvswitch"


	####################
	# OpenStack options
	####################
	# This option is used to specify the tag to use when pulling the Docker images
	openstack_release: "2.0.0"

	# Use these options to set the various log levels across all OpenStack projects
	#openstack_logging_debug: "False"

	# Valid options are [ novnc, spice ]
	#nova_console: "novnc"

	# OpenStack services can be enabled or disabled with these options
	#enable_cinder: "yes"
	#enable_heat: "no"
	#enable_magnum: "no"


	###################
	# Ceph options
	###################
	# Ceph can be setup with a caching to improve performance. To use the cache you
	# must provide separate disks than those for the OSDs
	# ceph_use_cache: "no"
	# Valid options are [ forward, none, writeback ]
	# ceph_cache_mode: "writeback"

	# A requirement for using the erasure-coded pools is you must setup a cache tier
	# Valid options are [ erasure, replicated ]
	# ceph_pool_type: "replicated"

	# Disable HAProxy
	#enable_haproxy: "no"