openstack-ansible Chapter 4. Deployment configuration

Initial environment configuration

1. Copy the contents of the /opt/openstack-ansible/etc/openstack_deploy directory to the/etc/openstack_deploy directory.
2. Change to the /etc/openstack_deploy directory.
3. Copy the openstack_user_config.yml.example file to/etc/openstack_deploy/openstack_user_config.yml.

shared-infra_hosts有哪些物理机器上可以运行容器来运行openstack服务如databases, memcached, and RabbitMQ，

For details about how the inventory is generated from the environment configuration, seeOpenStack-Ansible Inventory.

Affinity

OpenStack-Ansible 会动态的把容器分布到部署机器上，Using shared-infra_hosts as an example

shared-infra_hosts:
  infra1:
    ip: 172.29.236.101
  infra2:
    ip: 172.29.236.102
  infra3:
    ip: 172.29.236.103

那么，每台机器都会部署a single database container, a single memcached container, and a single RabbitMQ。

如果不需要部署RabbitMQ：

shared-infra_hosts:
  infra1:
    affinity:
      rabbit_mq_container: 0
    ip: 172.29.236.101
  infra2:
    affinity:
      rabbit_mq_container: 0
    ip: 172.29.236.102
  infra3:
    affinity:
      rabbit_mq_container: 0
    ip: 172.29.236.103

Configuring target host networking

在cidr_networks section配置每个网络的IP address ranges

cidr_networks:
# Management (same range as br-mgmt on the target hosts)
container: CONTAINER_MGMT_CIDR
# Tunnel endpoints for VXLAN tenant networks
# (same range as br-vxlan on the target hosts)
tunnel: TUNNEL_CIDR
#Storage (same range as br-storage on the target hosts)
storage: STORAGE_CIDR

比如：203.0.113.0/24

Configure the existing IP addresses in the used_ips section:

used_ips:
  - EXISTING_IP_ADDRESSES

使用过的IP包括前面manually configured on target hosts, internal load balancers, service network bridge, deployment hosts

Configure load balancing in the global_overrides section:

global_overrides:
  # Internal load balancer VIP address
  internal_lb_vip_address: INTERNAL_LB_VIP_ADDRESS
  # External (DMZ) load balancer VIP address
  external_lb_vip_address: EXTERNAL_LB_VIP_ADDRESS
  # Container network bridge device
  management_bridge: "MGMT_BRIDGE"
  # Tunnel network bridge device
  tunnel_bridge: "TUNNEL_BRIDGE"

Configure the management network in the provider_networks subsection:

provider_networks:
  - network:
      group_binds:
        - all_containers
        - hosts
      type: "raw"
      container_bridge: "br-mgmt"
      container_interface: "eth1"
      container_type: "veth"
      ip_from_q: "container"
      is_container_address: true
      is_ssh_address: true

比如要配置可选的storage network：

provider_networks:
  - network:
      group_binds:
        - glance_api
        - cinder_api
        - cinder_volume
        - nova_compute
      type: "raw"
      container_bridge: "br-storage"
      container_type: "veth"
      container_interface: "eth2"
      ip_from_q: "storage"

Configure OpenStack Networking VXLAN tunnel/overlay networks in the provider_networkssubsection:

provider_networks:
  - network:
      group_binds:
        - neutron_linuxbridge_agent
      container_bridge: "br-vxlan"
      container_type: "veth"
      container_interface: "eth10"
      ip_from_q: "tunnel"
      type: "vxlan"
      range: "TUNNEL_ID_RANGE"
      net_name: "vxlan"

Configure OpenStack Networking flat (untagged) and VLAN (tagged) networks in theprovider_networks subsection:

provider_networks:
  - network:
      group_binds:
        - neutron_linuxbridge_agent
      container_bridge: "br-vlan"
      container_type: "veth"
      container_interface: "eth12"
      host_bind_override: "PHYSICAL_NETWORK_INTERFACE"
      type: "flat"
      net_name: "flat"
  - network:
      group_binds:
        - neutron_linuxbridge_agent
      container_bridge: "br-vlan"
      container_type: "veth"
      container_interface: "eth11"
      type: "vlan"
      range: VLAN_ID_RANGE
      net_name: "vlan"

Adding static routes to network interfaces

 可选，每个route都需要a destination network in CIDR notation and a gateway，比如：

provider_networks:
  - network:
      group_binds:
        - glance_api
        - cinder_api
        - cinder_volume
        - nova_compute
      type: "raw"
      container_bridge: "br-storage"
      container_interface: "eth2"
      container_type: "veth"
      ip_from_q: "storage"
      static_routes:
        - cidr: 10.176.0.0/12
          gateway: 172.29.248.1

效果是其在/etc/network/interfaces.d/eth2.cfg增加了

post-up ip route add 10.176.0.0/12 via 172.29.248.1 || true

Setting an MTU on a network interface

对于存储网络很有用：

provider_networks:
  - network:
      group_binds:
        - glance_api
        - cinder_api
        - cinder_volume
        - nova_compute
      type: "raw"
      container_bridge: "br-storage"
      container_interface: "eth2"
      container_type: "veth"
      container_mtu: "9000"
      ip_from_q: "storage"
      static_routes:
        - cidr: 10.176.0.0/12
          gateway: 172.29.248.1

The example above enables jumbo frames by setting the MTU on the storage network to 9000

Configuring target hosts

Configure a list containing at least three infrastructure target hosts in the shared-infra_hostssection:

shared-infra_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02:
    ip: INFRA02_IP_ADDRESS
  infra03:
    ip: INFRA03_IP_ADDRESS
  infra04: ...

Configure a list containing at least two infrastructure target hosts in the os-infra_hostssection (you can reuse previous hosts as long as their name and ip is consistent):

os-infra_hosts:
  infra01:
    ip: INFRA01_IP_ADDRESS
  infra02:
    ip: INFRA02_IP_ADDRESS
  infra03:
    ip: INFRA03_IP_ADDRESS
  infra04: ...

Configure a list of at least one keystone target host in the identity_hosts section:

identity_hosts:
  infra1:
    ip: IDENTITY01_IP_ADDRESS
  infra2: ...

Configure a list containing at least one compute target host in the compute_hosts section:

compute_hosts:
  compute001:
    ip: COMPUTE001_IP_ADDRESS
  compute002: ...

。。。。。。。

Configuring service credentials

Configuring the Compute (nova) service (optional)

Configuring the Image (glance) service

Configuring the Block (cinder) storage service (optional)

Configuring HAProxy (optional)

最好使用硬件HA在配置服务HA

To deploy HAProxy within your OpenStack-Ansible environment, define target hosts to run HAProxy:

haproxy_hosts:
  infra1:
    ip: 172.29.236.101
  infra2:
    ip: 172.29.236.102
  infra3:
    ip: 172.29.236.103

Configuring the Telemetry (ceilometer) service (optional)

Configuring the Identity service (keystone) (optional)

Overriding OpenStack configuration defaults

Overriding .conf files

比如要在nova.conf设置

[DEFAULT]
remove_unused_original_minimum_age_seconds = 43200

[libvirt]
cpu_mode = host-model
disk_cachemodes = file=directsync,block=none

[database]
idle_timeout = 300
max_pool_size = 10

可以在/etc/openstack_deploy/user_variables.yml配置：

nova_nova_conf_overrides:
  DEFAULT:
    remove_unused_original_minimum_age_seconds: 43200
  libvirt:
    cpu_mode: host-model
    disk_cachemodes: file=directsync,block=none
  database:
    idle_timeout: 300
    max_pool_size: 10

如果是对特定的server配置：

compute_hosts:
  900089-compute001:
    ip: 192.0.2.10
    host_vars:
      nova_nova_conf_overrides:
        DEFAULT:
          remove_unused_original_minimum_age_seconds: 43200
        libvirt:
          cpu_mode: host-model
          disk_cachemodes: file=directsync,block=none
        database:
          idle_timeout: 300
          max_pool_size: 10

Overriding .json files

用来adjust the default policies

/etc/openstack_deploy/user_variables.yml:

keystone_policy_overrides:
  identity:foo: "rule:admin_required"
  identity:bar: "rule:admin_required"

Currently available overrides

Galera:
galera_client_my_cnf_overrides
galera_my_cnf_overrides
galera_cluster_cnf_overrides
galera_debian_cnf_overrides
Ceilometer:
ceilometer_policy_overrides
ceilometer_ceilometer_conf_overrides
ceilometer_api_paste_ini_overrides
ceilometer_event_definitions_yaml_overrides
ceilometer_event_pipeline_yaml_overrides
ceilometer_pipeline_yaml_overrides
Cinder:
cinder_policy_overrides
cinder_rootwrap_conf_overrides
cinder_api_paste_ini_overrides
cinder_cinder_conf_overrides
Glance:
glance_glance_api_paste_ini_overrides
glance_glance_api_conf_overrides
glance_glance_cache_conf_overrides
glance_glance_manage_conf_overrides
glance_glance_registry_paste_ini_overrides
glance_glance_registry_conf_overrides
glance_glance_scrubber_conf_overrides
glance_glance_scheme_json_overrides
glance_policy_overrides
Heat:
heat_heat_conf_overrides
heat_api_paste_ini_overrides
heat_default_yaml_overrides
heat_aws_cloudwatch_alarm_yaml_overrides
heat_aws_rds_dbinstance_yaml_overrides
heat_policy_overrides
Keystone:
keystone_keystone_conf_overrides
keystone_keystone_default_conf_overrides
keystone_keystone_paste_ini_overrides
keystone_policy_overrides
Neutron:
neutron_neutron_conf_overrides
neutron_ml2_conf_ini_overrides
neutron_dhcp_agent_ini_overrides
neutron_api_paste_ini_overrides
neutron_rootwrap_conf_overrides
neutron_policy_overrides
neutron_dnsmasq_neutron_conf_overrides
neutron_l3_agent_ini_overrides
neutron_metadata_agent_ini_overrides
neutron_metering_agent_ini_overrides
Nova:
nova_nova_conf_overrides
nova_rootwrap_conf_overrides
nova_api_paste_ini_overrides
nova_policy_overrides
Swift:
swift_swift_conf_overrides
swift_swift_dispersion_conf_overrides
swift_proxy_server_conf_overrides
swift_account_server_conf_overrides
swift_account_server_replicator_conf_overrides
swift_container_server_conf_overrides
swift_container_server_replicator_conf_overrides
swift_object_server_conf_overrides
swift_object_server_replicator_conf_overrides
Tempest:
tempest_tempest_conf_overrides
pip:
pip_global_conf_overrides

Configuring Identity service (keystone) federation (optional)