Last active
August 19, 2023 00:46
-
-
Save lbragstad/133dc2ddb1e8a8051e25f7cfde893ac7 to your computer and use it in GitHub Desktop.
Deploying OpenStack Queens with OpenStack-Ansible (Manual)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Decide a Range of IP Address Your Router Will Manage, and a Range of IP Address Neutron Will Manage | |
| # Adjust To Accomodate For Any Static Assignments (Such as 192.168.1.1 for Your Router) | |
| # Ensure These IP Address Ranges, and Any Static Assignments Do Not Overlap | |
| # | |
| # For Example: | |
| # | |
| # Home Network Subnet: 192.168.1.0/24 | |
| # Router Static: 192.168.1.1 | |
| # Laptop Static: 192.168.1.2 | |
| # OSA-AIO Static: 192.168.1.3 | |
| # Router DHCP Range: 192.168.1.4-199 | |
| # Neutron Allocation Pool: 192.168.1.200-249 | |
| # | |
| # Re-Configure Router DHCP Range Settings (refer to manufacturers documentation) | |
| # If Something Is Using an IP Address from Neutron Allocation Pool, Release / Renew DHCP or Reboot Device | |
| # An IP Address from Your Router Updated DHCP Range Should Be Assigned | |
| # From OSA-AIO Host, Attach to Utility Container | |
| lxc-attach -n `lxc-ls -1 | grep util` | |
| # Source Admin Credentials | |
| source ~/openrc | |
| # Observe Neutron Resources Created by Tempest | |
| openstack network list | |
| +--------------------------------------+---------+--------------------------------------+ | |
| | ID | Name | Subnets | | |
| +--------------------------------------+---------+--------------------------------------+ | |
| | 8d0d3da7-2dcd-4ddc-9f69-c62e18d9540c | public | da2100a9-bcac-4d67-848b-f451aa1779b3 | | |
| | ec436c94-fc2b-4640-a52a-6e38ee8e728c | private | 3a996849-6b66-4d6e-bf38-40e056331fe6 | | |
| +--------------------------------------+---------+--------------------------------------+ | |
| openstack subnet list | |
| +--------------------------------------+----------------+--------------------------------------+-----------------+ | |
| | ID | Name | Network | Subnet | | |
| +--------------------------------------+----------------+--------------------------------------+-----------------+ | |
| | 3a996849-6b66-4d6e-bf38-40e056331fe6 | private-subnet | ec436c94-fc2b-4640-a52a-6e38ee8e728c | 192.168.74.0/28 | | |
| | da2100a9-bcac-4d67-848b-f451aa1779b3 | public-subnet | 8d0d3da7-2dcd-4ddc-9f69-c62e18d9540c | 172.29.248.0/22 | | |
| +--------------------------------------+----------------+--------------------------------------+-----------------+ | |
| openstack router list | |
| +--------------------------------------+--------+--------+-------+-------------+-------+----------------------------------+ | |
| | ID | Name | Status | State | Distributed | HA | Project | | |
| +--------------------------------------+--------+--------+-------+-------------+-------+----------------------------------+ | |
| | 9dd5445c-aa72-4c4a-b5f8-6c2659a80da5 | router | ACTIVE | UP | False | False | 108ce416d8374beeb3b5dbeb0943710a | | |
| +--------------------------------------+--------+--------+-------+-------------+-------+----------------------------------+ | |
| # Delete Neutron Resouces Created by Tempest | |
| openstack router unset --external-gateway router | |
| openstack router remove subnet router private-subnet | |
| openstack router delete router | |
| openstack network delete public | |
| openstack network delete private | |
| # Exit Back to OSA-AIO Host | |
| exit | |
| # Find primary network interface (eth0, ens3, etc...) | |
| PRIMARY_INTERFACE=`awk '/ -A POSTROUTING -o / { print $8 }' /etc/network/interfaces.d/osa_interfaces.cfg` | |
| echo $PRIMARY_INTERFACE | |
| # Move IP Configuration (Address, Netmask, Gateway, and DNS Name Servers) of $PRIMARY_INTERFACE to br-vlan | |
| # Edit: /etc/network/interfaces (Interfaces File and Primary Interface Name May Differ) | |
| === REPLACE === | |
| auto eth0 | |
| iface eth0 inet manual | |
| address 192.168.1.3 | |
| netmask 255.255.255.0 | |
| gateway 192.168.1.1 | |
| dns-nameservers 192.168.1.1 | |
| === WITH === | |
| auto eth0 | |
| iface eth0 inet manual | |
| === END REPLACE === | |
| # Edit: /etc/network/interfaces.d/osa_interfaces.cfg | |
| === REPLACE === | |
| # Add an additional address to br-vlan | |
| iface br-vlan inet static | |
| address 172.29.248.1 | |
| netmask 255.255.252.0 | |
| === WITH === | |
| # Add an additional address to br-vlan | |
| iface br-vlan inet static | |
| address 192.168.1.3 | |
| netmask 255.255.255.0 | |
| gateway 192.168.1.1 | |
| dns-nameservers 192.168.1.1 | |
| === END REPLACE === | |
| # Add $PRIMARY_INTERFACE to bridge_ports for br-vlan... | |
| # Edit: /etc/network/interfaces.d/osa_interfaces.cfg | |
| === REPLACE === | |
| bridge_ports br-vlan-veth | |
| === WITH === | |
| bridge_ports br-vlan-veth eth0 | |
| === END REPLACE === | |
| # Prevent IPTables Rules Providing NAT and Checksum Filling From Being Created | |
| # Edit: /etc/network/interfaces.d/osa_interfaces.cfg | |
| === DELETE === | |
| # To ensure ssh checksum is correct | |
| up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill | |
| down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill | |
| # To provide internet connectivity to instances | |
| up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| down /sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
| === END DELETE === | |
| # Delete Active IPTables Rules Providing NAT and Checksum Filling | |
| iptables -t nat -D POSTROUTING -o $PRIMARY_INTERFACE -j MASQUERADE | |
| iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill | |
| # Reboot OSA-AIO Host to Apply Newtork Configuration Changes | |
| reboot | |
| # From "Laptop" Ensure OSA-AIO Host is Reachable | |
| ping -c 3 192.168.1.3 | |
| ssh root@192.168.1.3 | |
| # From OSA-AIO Host, Attach to Utility Container | |
| lxc-attach -n `lxc-ls -1 | grep util` | |
| # Source Admin Credentials | |
| source ~/openrc | |
| # Create Neutron Resources | |
| openstack network create --share --provider-network-type flat --provider-physical-network flat home | |
| subnet create --subnet-range 192.168.1.0/24 --allocation-pool start=192.168.1.200,end=192.168.1.249 --dns-nameserver 192.168.1.1 --gateway 192.168.1.1 --no-dhcp --network home home-subnet | |
| # Create Instance with Config Drive (Adjust Security Groups as Necessary to allow SSH and Ping) | |
| openstack server create --image ubuntu --flavor m1.small --network home --config-drive True --key-name keypair instance | |
| openstack server list | |
| +--------------------------------------+----------+--------+--------------------+--------+----------+ | |
| | ID | Name | Status | Networks | Image | Flavor | | |
| +--------------------------------------+----------+--------+--------------------+--------+----------+ | |
| | b3d4f2fc-609d-49f3-9a13-2bd226c00a95 | instance | ACTIVE | home=192.168.1.205 | ubuntu | m1.small | | |
| +--------------------------------------+----------+--------+--------------------+--------+----------+ | |
| # Exit Back to OSA-AIO Host | |
| exit | |
| # From "Laptop" | |
| ping -c 3 192.168.1.205 | |
| ssh -i keypair.pem ubuntu@192.168.1.205 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1-utility-container-9cd95789:~# openstack server create \ | |
| --image Ubuntu-16.04-x86_64 \ | |
| --flavor m1.large \ | |
| --network home \ | |
| --config-drive True \ | |
| --key-name lbragstad \ | |
| devstack |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1:~# git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible | |
| root@aio1:~# cd /opt/openstack-ansible | |
| root@aio1:~# git checkout 17.0.7 | |
| root@aio1:~# scripts/bootstrap-ansible.sh | |
| root@aio1:~# scripts/bootstrap-aio.sh | |
| root@aio1:~# cd /opt/openstack-ansible/playbooks | |
| root@aio1:~# openstack-ansible setup-hosts.yml | |
| root@aio1:~# openstack-ansible setup-infrastructure.yml | |
| root@aio1:~# openstack-ansible setup-openstack.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file describes the network interfaces available on your system | |
| # and how to activate them. For more information, see interfaces(5). | |
| source /etc/network/interfaces.d/* | |
| # The loopback network interface | |
| auto lo | |
| iface lo inet loopback | |
| # The primary network interface | |
| auto eth1 | |
| iface eth1 inet manual |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1-utility-container-9cd95789:~# source openrc | |
| root@aio1-utility-container-9cd95789:~# wget http://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img | |
| root@aio1-utility-container-9cd95789:~# wget http://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img | |
| root@aio1-utility-container-9cd95789:~# openstack image create \ | |
| --container-format bare \ | |
| --disk-format qcow2 \ | |
| --file xenial-server-cloudimg-amd64-disk1.img \ | |
| Ubuntu-16.04-x86_64 | |
| root@aio1-utility-container-9cd95789:~# openstack image create \ | |
| --container-format bare \ | |
| --disk-format qcow2 \ | |
| --file bionic-server-cloudimg-amd64.img \ | |
| Ubuntu-18.04-x86_64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1:~# ip link set eno1 down | |
| root@aio1:~# ip link set eno1 name eth1 | |
| root@aio1:~# ip link set rename3 down | |
| root@aio1:~# ip link set rename3 name eth0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file describes the network interfaces available on your system | |
| # and how to activate them. For more information, see interfaces(5). | |
| source /etc/network/interfaces.d/* | |
| # The loopback network interface | |
| auto lo | |
| iface lo inet loopback | |
| # The primary network interface | |
| auto eth1 | |
| iface eth1 inet manual | |
| address 192.168.1.10 | |
| netmask 255.255.255.0 | |
| gateway 192.168.1.1 | |
| dns-nameservers 192.168.1.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1-utility-container-9cd95789:~# openstack server list --all-projects | |
| +--------------------------------------+----------+--------+--------------------+---------------------+-----------+ | |
| | ID | Name | Status | Networks | Image | Flavor | | |
| +--------------------------------------+----------+--------+--------------------+---------------------+-----------+ | |
| | 4437c978-5183-4389-bc58-a1785b146e49 | devstack | ACTIVE | home=192.168.1.202 | Ubuntu-18.04-x86_64 | m1.xlarge | | |
| +--------------------------------------+----------+--------+--------------------+---------------------+-----------+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1:~# lxc-attach -n `lxc-ls -1 | grep util` | |
| root@aio1-utility-container-9cd95789:~# source ~/openrc | |
| root@aio1-utility-container-9cd95789:~# openstack router unset --external-gateway router | |
| root@aio1-utility-container-9cd95789:~# openstack router remove subnet router private-subnet | |
| root@aio1-utility-container-9cd95789:~# openstack router delete router | |
| root@aio1-utility-container-9cd95789:~# openstack network delete public | |
| root@aio1-utility-container-9cd95789:~# openstack network delete private | |
| root@aio1-utility-container-9cd95789:~# exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1-utility-container-9cd95789:~# source ~/openrc | |
| root@aio1-utility-container-9cd95789:~# openstack network create \ | |
| --share \ | |
| --provider-network-type flat \ | |
| --provider-physical-network flat \ | |
| home | |
| root@aio1-utility-container-9cd95789:~# openstack subnet create \ | |
| --subnet-range 192.168.1.0/24 \ | |
| --allocation-pool start=192.168.1.200,end=192.168.1.249 \ | |
| --dns-nameserver 192.168.1.1 \ | |
| --gateway 192.168.1.1 \ | |
| --no-dhcp \ | |
| --network home \ | |
| home-subnet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## The default networking requires several bridges. These bridges were named to be informative | |
| ## however they can be named what ever you like and is adaptable to any network infrastructure | |
| ## environment. This file serves as an example of how to setup basic networking and was ONLY | |
| ## built for the purpose of being an example and used expressly in the building of an ALL IN | |
| ## ONE development environment. | |
| auto br-mgmt | |
| iface br-mgmt inet static | |
| bridge_stp off | |
| bridge_waitport 0 | |
| bridge_fd 0 | |
| # Notice the bridge port is the vlan tagged interface | |
| bridge_ports none | |
| address 172.29.236.100 | |
| netmask 255.255.252.0 | |
| offload-sg off | |
| auto br-vxlan | |
| iface br-vxlan inet static | |
| bridge_stp off | |
| bridge_waitport 0 | |
| bridge_fd 0 | |
| bridge_ports none | |
| address 172.29.240.100 | |
| netmask 255.255.252.0 | |
| offload-sg off | |
| # To ensure ssh checksum is correct | |
| # up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill | |
| # down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill | |
| # To provide internet connectivity to instances | |
| # up /sbin/iptables -t nat -A POSTROUTING -o br-mgmt -j MASQUERADE | |
| # down /sbin/iptables -t nat -D POSTROUTING -o br-mgmt -j MASQUERADE | |
| auto br-storage | |
| iface br-storage inet static | |
| bridge_stp off | |
| bridge_waitport 0 | |
| bridge_fd 0 | |
| bridge_ports none | |
| address 172.29.244.100 | |
| netmask 255.255.252.0 | |
| offload-sg off | |
| auto br-vlan | |
| iface br-vlan inet static | |
| bridge_stp off | |
| bridge_waitport 0 | |
| bridge_fd 0 | |
| address 192.168.1.10 | |
| gateway 192.168.1.1 | |
| netmask 255.255.252.0 | |
| offload-sg off | |
| # Create veth pair, don't bomb if already exists | |
| pre-up ip link add br-vlan-veth type veth peer name eth12 || true | |
| # Set both ends UP | |
| pre-up ip link set br-vlan-veth up | |
| pre-up ip link set eth12 up | |
| # Delete veth pair on DOWN | |
| post-down ip link del br-vlan-veth || true | |
| bridge_ports br-vlan-veth eth1 | |
| # Add an additional address to br-vlan | |
| iface br-vlan inet static | |
| # Flat network default gateway | |
| # -- This needs to exist somewhere for network reachability | |
| # -- from the router namespace for floating IP paths. | |
| # -- Putting this here is primarily for tempest to work. | |
| address 172.29.248.1 | |
| netmask 255.255.252.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1:~# PRIMARY_INTERFACE=`awk '/ -A POSTROUTING -o / { print $8 }' /etc/network/interfaces.d/osa_interfaces.cfg` | |
| root@aio1:~# echo $PRIMARY_INTERFACE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@aio1:~# iptables -t nat -D POSTROUTING -o $PRIMARY_INTERFACE -j MASQUERADE | |
| root@aio1:~# iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill | |
| root@aio1:~# reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment