new version yoga

iesgn · Oct 8, 2022 · 55d12ca · 55d12ca
1 parent 176795e
commit 55d12ca
Show file tree

Hide file tree

Showing 78 changed files with 51,820 additions and 0 deletions.
diff --git a/LICENSE b/LICENSE
diff --git a/README.md b/README.md
@@ -0,0 +1,178 @@
+# openstack-debian-ansible
+
+
+Playbooks ansible para la instalación de OpenStack Wallaby sobre Debian 11 Bullseye usando los repositorios backports que encontramos en [Openstack Debian wiki](https://wiki.debian.org/OpenStack).
+
+Se ha seguido los pasos de la instalación base que se presenta en: [OpenStack Wallaby Installation Guide](https://docs.openstack.org/wallaby/install/) con algunas modificaciones por el uso de Debian.
+
+La opción de red usada es "Self-service networks" usando linux bridges: [Linux bridge: Self-service networks](https://docs.openstack.org/mitaka/networking-guide/deploy-lb-selfservice.html).
+
+Estos playbook están escritos para usarlos en el despliegue real de Openstack en servidores físicos, pero se pueden usar para desplegar en entornos de prueba con:
+
+* Vagrant using vagrant-libvirt plugin.
+* OpenStack Heat
+* Proxmox
+
+## Software usado:
+
+- Debian GNU/Linux: bullseye (amd64). 
+- Linux kernel: 5.10.0-13-amd64
+- OpenStack: Wallaby
+- Ansible: 2.10.8
+- Vagrant: 2.2.14
+- vagrant-libvirt: 0.3.0
+- qemu-kvm: 1:5.2++dfsg-11+deb11u1
+
+## Componentes de OpenStack incluidos:
+
+Keystone, Glance, Placement, Nova, Neutron, Horizon, Cinder and Heat
+
+## Instalación con vagrant
+
+![schema](img/openstack-debian-ansible.png)
+
+### Configuración inicial
+
+Levantamos el escenario:
+
+	vagrant up
+
+Como el nodo controlador hace también de nodo de red, hemos añadido una interfaz (`eth2`) que siguiendo las instrucciones de la [documentación](https://docs.openstack.org/install-guide/environment-networking-controller.html), vamos a configurar de la siguiente manera:
+
+    vagrant ssh controller
+    nano /etc/network/interfaces
+
+Y configuramos la interfaz `eth2` de la siguiente manera:
+
+```
+auto eth2
+iface eth2 inet manual
+up ip link set dev $IFACE up
+down ip link set dev $IFACE down
+```
+
+Y reiniciamos la interface:
+
+```
+ifdown eth2
+ifup eth2
+```
+
+
+### Configuración de ansible
+
+En el fichero `groups_var/all` se indicanm las variables usadas por el playbook, se pueden modificar para que se adapten a las necesidades. En nuestro caso:
+
+* `controller_fqdn`: Nombre por el que se puede acceder si queremos usar resolución estática.
+* `external_interface: "eth2"`: Interface del controlador que se va a usar cómo entrada (IP flotantes) de las instancias.
+* `cinder_physical_device: vdb`: Dispositivo de bloque que se usa en cinder. En nuestro caso el disco que se ha añadido al nodo controlador.
+
+## Ejecución de ansible
+
+    ansible-playbook site.yml
+
+## Comprobación del funcionamiento
+
+Desde el controlador vamos a subir una imagen de prueba:
+
+```
+source admin_openrc.sh
+wget http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img
+openstack image create --public --container-format=bare --disk-format=qcow2 \
+ --file cirros-0.5.1-x86_64-disk.img "Cirros 0.5.1"
+```
+
+Creamos un "flavor" de prueba:
+
+```
+openstack flavor create m1.tiny --id 1 \
+    --ram 512 --disk 1 --vcpus 1
+```
+
+A continuación vamos a crear la red externa:
+
+```
+openstack network create  --external \
+  --provider-physical-network provider \
+  --provider-network-type flat ext-net
+
+openstack subnet create --network ext-net \
+  --allocation-pool start=192.168.98.200,end=192.168.98.254 \
+  --dns-nameserver 1.1.1.1 --gateway 192.168.98.1 \
+  --subnet-range 192.168.98.0/24 ext-subnet
+```
+
+El usuario demo va a crear su red interna y su router:
+
+```
+source demo_openrc.sh
+openstack network create red_demo
+openstack subnet create --network red_demo --subnet-range 10.0.0.0/24 subred_demo
+
+openstack router create router_demo
+openstack router set router_demo --external-gateway ext-net
+openstack router add subnet router_demo subred_demo
+```
+
+Y va a abrir el puerto 22 en el grupo de seguridad `default`:
+
+```
+openstack security group rule create --protocol tcp --remote-ip 0.0.0.0/0 --dst-port 22 default
+```
+
+Y ya puede crear una instancia:
+
+```
+openstack server create --flavor m1.tiny \
+ --image "Cirros 0.5.1" \
+ --security-group default \
+ --network "red_demo" \
+ instancia_prueba
+ ```
+
+
+Y obtenemos una ip flotante y la asignamos a la instancia:
+
+```
+openstack floating ip create ext-net
+openstack server add floating ip instancia_prueba 192.168.98.203
+```
+
+Y desde nuestro ordenador podemos acceder por ssh:
+
+```
+ssh [email protected]
+The authenticity of host '192.168.98.203 (192.168.98.203)' can't be established.
+ECDSA key fingerprint is SHA256:iNC3IMeMwoNJG3Q+LBQy5AbTNWFym+PfcHTq0mBDttI.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '192.168.98.203' (ECDSA) to the list of known hosts.
+[email protected]'s password: 
+$ 
+```
+
+## Acceso a horizon
+
+Tienes que acceder a la URL `https://192.168.98.101`:
+
+![os1](img/os1.png)
+
+![os1](img/os2.png)
+
+## Volúmenes
+
+El usuario demo crea un volumen y lo asocia a la instancia:
+
+```
+openstack volume create --size 1 mi_disco1
+openstack server add volume --device /dev/sdb instancia_prueba mi_disco1
+```
+
+Desde la instancia comprobamos que se ha asociado:
+
+```
+$ lsblk
+NAME    MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
+...
+vdb     252:16   0    1G  0 disk 
+```
+![os1](img/os3.png)
diff --git a/Vagrantfile b/Vagrantfile
@@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|  
+  config.vm.define :controller do |controller|
+    controller.vm.box = "generic/ubuntu2204"
+    controller.vm.hostname = "controller"
+    controller.vm.network :private_network, ip: "192.168.98.101"
+    controller.vm.network :private_network, ip: "192.168.98.103" 
+    controller.vm.network :private_network, ip: "192.168.99.101"
+    controller.nfs.verify_installed = false
+    controller.vm.synced_folder '.', '/vagrant', disabled: true
+    controller.vm.provider "libvirt" do |libvirt|
+      libvirt.memory = "10240"
+      libvirt.storage :file, :size => '3G', :path => 'disk.img', :allow_existing => true, :shareable => true, :type => 'raw'
+    end
+  end
+  config.vm.define :compute do |compute|
+    compute.vm.box = "generic/ubuntu2204"
+    compute.vm.hostname = "compute1"
+    compute.vm.network :private_network, ip: "192.168.98.102"
+    compute.vm.network :private_network, ip: "192.168.99.102"
+    compute.nfs.verify_installed = false
+    compute.vm.synced_folder '.', '/vagrant', disabled: true
+    compute.vm.provider "libvirt" do |libvirt|
+      libvirt.memory = "2048"
+      libvirt.nested = true
+    end
+  end
+end
diff --git a/ansible-hosts-heat.yml b/ansible-hosts-heat.yml
@@ -0,0 +1,30 @@
+all:
+  children:
+    controller-nodes:
+      hosts:
+        controller:
+          ansible_host: 172.22.200.170
+          ansible_ssh_user: debian
+          external_ip: 192.168.98.101
+          internal_ip: 192.168.99.101
+    storage-nodes:
+      hosts:
+        controller:
+          ansible_host: 172.22.200.170
+          ansible_ssh_user: debian
+          external_ip: 192.168.98.101
+          internal_ip: 192.168.99.101
+    network-nodes:
+      hosts:
+        controller:
+          ansible_host: 172.22.200.170
+          ansible_ssh_user: debian
+          external_ip: 192.168.98.101
+          internal_ip: 192.168.99.101
+    compute-nodes:
+      hosts:
+        compute:
+          ansible_host: 172.22.200.156
+          ansible_ssh_user: debian
+          external_ip: 192.168.98.102
+          internal_ip: 192.168.99.102
diff --git a/ansible-hosts-proxmox.yml b/ansible-hosts-proxmox.yml
@@ -0,0 +1,35 @@
+all:
+  children:
+    controller_nodes:
+      hosts:
+        jupiter:
+          ansible_host: 192.168.121.1
+          ansible_ssh_user: usuario
+          external_ip: 172.22.121.1
+          internal_ip: 192.168.121.1
+    storage_nodes:
+      hosts:
+        saturno:
+          ansible_host: 192.168.121.6
+          ansible_ssh_user: usuario
+          external_ip: 172.22.121.6
+          internal_ip: 192.168.121.6
+    network_nodes:
+      hosts:
+        corot:
+          ansible_host: 192.168.121.2
+          ansible_ssh_user: usuario
+          external_ip: 172.22.121.2
+          internal_ip: 192.168.121.2
+    compute_nodes:
+      hosts:
+        io:
+          ansible_host: 192.168.121.3
+          ansible_ssh_user: usuario
+          external_ip: 172.22.121.3
+          internal_ip: 192.168.121.3
+        europa:
+          ansible_host: 192.168.121.4
+          ansible_ssh_user: usuario
+          external_ip: 172.22.121.4
+          internal_ip: 192.168.121.4
diff --git a/ansible-hosts-vagrant.yml b/ansible-hosts-vagrant.yml
@@ -0,0 +1,34 @@
+all:
+  children:
+    controller_nodes:
+      hosts:
+        controller:
+          ansible_host: 192.168.99.101
+          ansible_ssh_user: vagrant
+          ansible_ssh_private_key_file: .vagrant/machines/controller/libvirt/private_key
+          external_ip: 192.168.98.101
+          internal_ip: 192.168.99.101
+    storage_nodes:
+      hosts:
+        controller:
+          ansible_host: 192.168.99.101
+          ansible_ssh_user: vagrant
+          ansible_ssh_private_key_file: .vagrant/machines/controller/libvirt/private_key
+          external_ip: 192.168.98.101
+          internal_ip: 192.168.99.101
+    network_nodes:
+      hosts:
+        controller:
+          ansible_host: 192.168.99.101
+          ansible_ssh_user: vagrant
+          ansible_ssh_private_key_file: .vagrant/machines/controller/libvirt/private_key
+          external_ip: 192.168.98.101
+          internal_ip: 192.168.99.101
+    compute_nodes:
+      hosts:
+        compute:
+          ansible_host: 192.168.99.102
+          ansible_ssh_user: vagrant
+          ansible_ssh_private_key_file: .vagrant/machines/compute/libvirt/private_key
+          external_ip: 192.168.98.102
+          internal_ip: 192.168.99.102
diff --git a/ansible.cfg b/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = ansible-hosts-vagrant.yml
+host_key_checking = False
diff --git a/group_vars/all b/group_vars/all
@@ -0,0 +1,63 @@
+# Common
+timezone: Europe/Madrid
+
+# Controller 
+controller_fqdn: jupiter
+
+
+# KEYSTONE_3
+k3:
+  OS_USERNAME: admin
+  OS_PASSWORD: asdasd
+  OS_PROJECT_NAME: admin
+  OS_USER_DOMAIN_NAME: Default
+  OS_PROJECT_DOMAIN_NAME: Default
+  OS_AUTH_URL: 'http://192.168.121.1:5000/v3'
+  OS_IDENTITY_API_VERSION: 3 
+
+# Rabbit
+rabbit_user: "openstack"
+rabbit_password: "asdasd"
+
+# # MySQL passwords
+root_db_password: "asdasd" 
+keystone_db_password: "asdasd"
+glance_db_password: "asdasd"
+cinder_db_password: "asdasd"
+manila_db_password: "asdasd"
+placement_db_password: "asdasd"
+nova_db_password: "asdasd"
+neutron_db_password: "asdasd"
+heat_db_password: "asdasd"
+trove_db_password: "asdasd"
+magnum_db_password: "asdasd"
+
+
+# # Keystone identity passwords:
+glance_identity_password: "glance"
+placement_identity_password: "placement"
+nova_identity_password: "nova"
+ec2_identity_password: "ec2"
+neutron_identity_password: "neutron"
+cinder_identity_password: "cinder"
+manila_identity_password: "manila"
+heat_identity_password: "heat"
+heat_domain_admin_identity_password: "heat"
+trove_identity_password: "trove"
+magnum_identity_password: "magnum"
+
+# # OpenStack variables
+region: RegionOne
+admin_pass: "asdasd"
+demo_pass: "asdasd"
+
+# # Log verbosity
+log_debug: False
+# log_verbose: True
+
+# # Neutron
+shared_secret: "asdasd"
+external_interface: "eth0"
+
+# Cinder
+cinder_physical_device: vdb