ansible 脚本搭建国基北盛openstack 1.openstack搭建基础信息主机名外网IP内网IPcontroller172.16.1.12110.10.10.121compute172.16.1.12210.10.10.122ansible172.16.1.123无搭建方式一使用提供的用户名密码，登录提供的OpenStack私有云平台，自行使用CentOS7.5镜像创建两台云主机，flavor使用4v_8G_100G_50G的配置，第一张网卡使用提供的网络，第二张网卡使用的网络自行创建（网段为10.10.X.0/24，X为工位号）。创建完云主机后确保网络正常通信，然后按以下要求配置服务器：设置控制节点主机名为controller，设置计算节点主机名为compute；controller[root@localhost ~]# hostnamectl set-hostname controller [root@localhost ~]# bash [root@controller ~]#- compute [root@localhost ~]# hostnamectl set-hostname compute [root@localhost ~]# bash [root@compute ~]# 修改hosts文件将IP地址映射为主机名controller[root@controller ~]# echo 172.16.1.121 controller >> /etc/hosts [root@controller ~]# echo 172.16.1.122 compute >> /etc/hosts [root@controller ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.121 controller 172.16.1.122 compute- compute [root@compute ~]# echo 172.16.1.121 controller >> /etc/hosts [root@compute ~]# echo 172.16.1.122 compute >> /etc/hosts [root@compute ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.121 controller 172.16.1.122 compute使用提供的用户名密码，登录提供的OpenStack私有云平台，自行使用CentOS7.5镜像创建一台云主机，flavor使用2v_4G_50G的配置，使用单网卡。启动后使用提供的ansible.tar.gz软件包在这个节点上安装ansible服务并配置ansible节点与controller、compute节点的hosts主机名映射。修改主机名ansible[root@localhost ~]# hostnamectl set-hostname ansible [root@localhost ~]# bash [root@ansible ~]#配置hosts主机名映射ansible[root@ansible ~]# echo 172.16.1.121 controller >> /etc/hosts [root@ansible ~]# echo 172.16.1.122 compute >> /etc/hosts [root@ansible ~]# echo 172.16.1.123 ansible >> /etc/hosts [root@ansible ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.121 controller 172.16.1.122 compute 172.16.1.123 ansible- controller [root@controller ~]# echo 172.16.1.123 ansible >> /etc/hosts [root@controller ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.121 controller 172.16.1.122 compute 172.16.1.123 ansible- compute [root@compute ~]# echo 172.16.1.123 ansible >> /etc/hosts [root@compute ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.1.121 controller 172.16.1.122 compute 172.16.1.123 ansible使用ansible.tar.gz软件包安装ansibleansible[root@ansible opt]# ls -al | grep ansible.tar.gz -rw-r--r--. 1 root root 20569762 Dec 1 08:41 ansible.tar.gz [root@ansible opt]# tar -xzvf ansible.tar.gz [root@ansible opt]# cd ansible [root@ansible ansible]# ls packages repodata #文件内容为yum内容，所以配置yum源进行安装 #如果为tar包安装，则解压后，用python setup.py install安装 [root@ansible ansible]# mv /etc/yum.repos.d/CentOS-* /home/ [root@ansible ansible]# cat << EOF >> /etc/yum.repos.d/http.repo > [ansible] > name=ansible > baseurl=file:///opt/ansible > gpgcheck=0 > enable=1 > EOF [root@ansible ansible]# cat /etc/yum.repos.d/http.repo [ansible] name=ansible baseurl=file:///opt/ansible gpgcheck=0 enable=1 [root@ansible ansible]# yum clean all Loaded plugins: fastestmirror Cleaning repos: ansible Cleaning up everything Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos Cleaning up list of fastest mirrors [root@ansible ansible]# yum repolist Loaded plugins: fastestmirror Determining fastest mirrors ansible | 2.9 kB 00:00:00 ansible/primary_db | 13 kB 00:00:00 …… repolist: 22 [root@ansible ansible]# yum install -y ansible [root@ansible ~]# ansible --version ansible 2.9.10 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]配置ansible节点无秘钥连接controller节点和compute节点，配置完成后并完成ssh连接两个节点的hostname进行测试。配置ansible密钥ansible[root@ansible ~]# ssh-keygen #一路回车 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:tdFAPC6wy10HEKzH5ObUPgVEkPrqjdFXkc/s1Pf+dSw root@ansible The key's randomart image is: +---[RSA 2048]----+ | .+X= | | . + =o . | | O oo++ | | + B.+oo= . | | . OS+.o. = o| | o.+ o. o .o| | ... .. E =| | .+ . oo| | .o . +| +----[SHA256]-----+配置无密钥连接ansible[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub controller /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'controller (172.16.1.121)' can't be established. ECDSA key fingerprint is SHA256:AeSm2G5M7LRpROfAHLBKE3tgheRyzXnppsEZ9MmnYNc. ECDSA key fingerprint is MD5:05:54:c3:4d:f7:67:19:44:3d:13:49:90:e4:7d:0d:e1. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@controller's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'controller'" and check to make sure that only the key(s) you wanted were added. [root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub compute /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'compute (172.16.1.122)' can't be established. ECDSA key fingerprint is SHA256:SpaLUh/Px8EEyBULW0ts3jNP87XfAFIjn2ehzbUxUvk. ECDSA key fingerprint is MD5:23:9a:c7:71:53:25:bc:41:07:25:b5:d7:ee:78:40:40. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@compute's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'compute'" and check to make sure that only the key(s) you wanted were added. #测试连接controller [root@ansible ~]# ssh controller Last login: Mon Dec 6 16:48:15 2021 from 172.16.1.101 [root@controller ~]# #测试连接compute [root@ansible ~]# ssh compute Last login: Mon Dec 6 16:32:03 2021 from 172.16.1.101 [root@compute ~]# 在ansible节点配置ansible的hosts文件，要求创建两个组分别为controller和compute，controller组下主机节点为controller节点；compute组下主机节点为compute。ansible#备份hosts文件 [root@ansible ansible]# ls ansible.cfg hosts roles [root@ansible ansible]# cp hosts hosts.backup [root@ansible ansible]# ls ansible.cfg hosts hosts.backup roles #修改hosts文件 [root@ansible ansible]# echo [controller] >> /etc/ansible/hosts [root@ansible ansible]# echo controller >> /etc/ansible/hosts [root@ansible ansible]# echo [compute] >> /etc/ansible/hosts [root@ansible ansible]# echo compute >> /etc/ansible/hosts [root@ansible ansible]# ansible all -m ping -o [WARNING]: Found both group and host with same name: controller [WARNING]: Found both group and host with same name: compute compute | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"} controller | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}在compute节点上利用空白分区划分2个20G分区compute[root@compute ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT fd0 2:0 1 4K 0 disk sr0 11:0 1 4.2G 0 rom vda 252:0 0 100G 0 disk ├─vda1 252:1 0 1G 0 part /boot └─vda2 252:2 0 99G 0 part ├─centos-root 253:0 0 93G 0 lvm / ├─centos-swap 253:1 0 1G 0 lvm [SWAP] └─centos-home 253:2 0 5G 0 lvm /home vdb 252:16 0 200G 0 disk [root@compute ~]# parted /dev/vdb GNU Parted 3.1 Using /dev/vdb Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) mklabel gpt (parted) mkpart swift File system type? [ext2]? Start? 0Gib End? 100Gib Warning: You requested a partition from 0.00B to 107GB (sectors 0..209715199). The closest location we can manage is 17.4kB to 107GB (sectors 34..209715199). Is this still acceptable to you? Yes/No? yes Warning: The resulting partition is not properly aligned for best performance. Ignore/Cancel? i (parted) mkpart cinder File system type? [ext2]? Start? 100Gib End? 199Gib (parted) p Model: Virtio Block Device (virtblk) Disk /dev/vdb: 215GB Sector size (logical/physical): 512B/512B Partition Table: gpt Disk Flags: Number Start End Size File system Name Flags 1 17.4kB 107GB 107GB swift 2 107GB 214GB 106GB cinder (parted) q Information: You may need to update /etc/fstab. [root@compute ~]# mkfs.xfs /dev/vdb1 meta-data=/dev/vdb1 isize=512 agcount=4, agsize=6553599 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=26214395, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=12799, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 [root@compute ~]# mkfs.xfs /dev/vdb2 meta-data=/dev/vdb2 isize=512 agcount=4, agsize=6488064 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=25952256, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=12672, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0使用提供的openstack_ansible.tar.gz项目包解压至ansible节点的/opt目录下，然后编辑roles目录下init/tasks中的main.yaml；编辑group_vars目录下的all文件（openstack中的密码都设置为000000）；编辑install_openstack.yaml文件，要求执行install_openstack.yaml文件可以在controller节点和compute节点执行init这个role来安装iaas-pre-host。（考试系统会进入你的ansible节点来执行install_openstack.yaml，请确保你的环境处于正确的可执行状态）。ansible#新建并配置ansible的yum源文件 [root@ansible ansible]# vi /opt/http.repo [centos] name=centos baseurl=ftp://172.16.1.101/centos/ gpgcheck=0 enable=1 [iaas] name=iaas baseurl=ftp://172.16.1.101/iaas/iaas-repo/ gpgcheck=0 enable=1 [paas] name=paas baseurl=ftp://172.16.1.101/paas/kubernetes-repo/ gpgcheck=0 enable=1 #删除所有被控节点的yum源文件 [root@ansible ansible]# ansible all -m shell -a "rm -rf /etc/yum.repos.d/*" [WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.16.1.122 | CHANGED | rc=0 >> 172.16.1.121 | CHANGED | rc=0 >> #将ansible的yum源文件使用copy模块拷贝到各节点 #使用ansible-doc查看模块参数 [root@ansible ansible]# ansible-doc -s copy [root@ansible ansible]# ansible all -m copy -a "src=/opt/http.repo dest=/etc/yum.repos.d/http.repo" 172.16.1.121 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "2d511284516642e4246fba1aadb183cdb9c32034", "dest": "/etc/yum.repos.d/http.repo", "gid": 0, "group": "root", "md5sum": "1e525cb10b2c07b82415fd11aaba9636", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:system_conf_t:s0", "size": 244, "src": "/root/.ansible/tmp/ansible-tmp-1638788844.33-1860-220661655967063/source", "state": "file", "uid": 0 } 172.16.1.122 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "2d511284516642e4246fba1aadb183cdb9c32034", "dest": "/etc/yum.repos.d/http.repo", "gid": 0, "group": "root", "md5sum": "1e525cb10b2c07b82415fd11aaba9636", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:system_conf_t:s0", "size": 244, "src": "/root/.ansible/tmp/ansible-tmp-1638788844.32-1858-252113756740654/source", "state": "file", "uid": 0 } # 清除yum源缓存，查看是否配置成功 [root@ansible ansible]# ansible all -m shell -a "yum clean all && yum repolist" # 编写