476 lines
16 KiB
ReStructuredText
476 lines
16 KiB
ReStructuredText
=====
|
|
Usage
|
|
=====
|
|
|
|
This section describes usage of Kayobe to install an OpenStack cloud onto a set
|
|
of bare metal servers. We assume access is available to a node which will act
|
|
as the hypervisor hosting the seed node in a VM. We also assume that this seed
|
|
hypervisor has access to the bare metal nodes that will form the OpenStack
|
|
control plane. Finally, we assume that the control plane nodes have access to
|
|
the bare metal nodes that will form the workload node pool.
|
|
|
|
Configuration
|
|
=============
|
|
|
|
As an Ansible-based project, Kayobe is for the most part configured using YAML
|
|
files.
|
|
|
|
Configuration Location
|
|
----------------------
|
|
|
|
Kayobe configuration is by default located in ``/etc/kayobe`` on the Ansible
|
|
control host. This location can be overridden to a different location to avoid
|
|
touching the system configuration directory by setting the environment variable
|
|
``KAYOBE_CONFIG_PATH``. Similarly, kolla configuration on the Ansible control
|
|
host will by default be located in ``/etc/kolla`` and can be overridden via
|
|
``KOLLA_CONFIG_PATH``.
|
|
|
|
Configuration Directory Layout
|
|
------------------------------
|
|
|
|
The Kayobe configuration directory contains Ansible ``extra-vars`` files and
|
|
the Ansible inventory. An example of the directory structure is as follows::
|
|
|
|
extra-vars1.yml
|
|
extra-vars2.yml
|
|
inventory/
|
|
group_vars/
|
|
group1-vars
|
|
group2-vars
|
|
groups
|
|
host_vars/
|
|
host1-vars
|
|
host2-vars
|
|
hosts
|
|
|
|
Configuration Patterns
|
|
----------------------
|
|
|
|
Ansible's variable precedence rules are `fairly well documented
|
|
<http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable>`_
|
|
and provide a mechanism we can use for providing site localisation and
|
|
customisation of OpenStack in combination with some reasonable default values.
|
|
For global configuration options, Kayobe typically uses the following patterns:
|
|
|
|
- Playbook group variables for the *all* group in
|
|
``<kayobe repo>/ansible/group_vars/all/*`` set **global defaults**. These
|
|
files should not be modified.
|
|
- Playbook group variables for other groups in
|
|
``<kayobe repo>/ansible/group_vars/<group>/*`` set **defaults for some subsets
|
|
of hosts**. These files should not be modified.
|
|
- Extra-vars files in ``${KAYOBE_CONFIG_PATH}/*.yml`` set **custom values
|
|
for global variables** and should be used to apply global site localisation
|
|
and customisation. By default these variables are commented out.
|
|
|
|
Additionally, variables can be set on a per-host basis using inventory host
|
|
variables files in ``${KAYOBE_CONFIG_PATH}/inventory/host_vars/*``. It should
|
|
be noted that variables set in extra-vars files take precedence over per-host
|
|
variables.
|
|
|
|
Configuring Kayobe
|
|
------------------
|
|
|
|
From a checkout of the Kayobe repository, the baseline Kayobe configuration
|
|
should be copied to the Kayobe configuration path::
|
|
|
|
$ cp -r etc/ ${KAYOBE_CONFIG_PATH:-/etc/kayobe}
|
|
|
|
Once in place, each of the YAML and inventory files should be manually
|
|
inspected and configured as required.
|
|
|
|
Inventory
|
|
^^^^^^^^^
|
|
|
|
The inventory should contain the following hosts:
|
|
|
|
Control host
|
|
This should be localhost and should be a member of the ``config-mgmt``
|
|
group.
|
|
Seed hypervisor
|
|
If provisioning a seed VM, a host should exist for the hypervisor that
|
|
will run the VM, and should be a member of the ``seed-hypervisor`` group.
|
|
Seed
|
|
The seed host, whether provisioned as a VM by Kayobe or externally managed,
|
|
should exist in the ``seed`` group.
|
|
|
|
Cloud hosts and bare metal compute hosts are not required to exist in the
|
|
inventory.
|
|
|
|
Site Localisation and Customisation
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Site localisation and customisation is applied using Ansible extra-vars files
|
|
in ``${KAYOBE_CONFIG_PATH}/*.yml``.
|
|
|
|
Encryption of Secrets
|
|
^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
Kayobe supports the use of `Ansible vault
|
|
<http://docs.ansible.com/ansible/playbooks_vault.html>`_ to encrypt sensitive
|
|
information in its configuration. The ``ansible-vault`` tool should be used to
|
|
manage individual files for which encryption is required. Any of the
|
|
configuration files may be encrypted. Since encryption can make working with
|
|
Kayobe difficult, it is recommended to follow `best practice
|
|
<http://docs.ansible.com/ansible/playbooks_best_practices.html#best-practices-for-variables-and-vaults>`_,
|
|
adding a layer of indirection and using encryption only where necessary.
|
|
|
|
Command Line Interface
|
|
======================
|
|
|
|
.. note::
|
|
|
|
Where a prompt starts with ``(kayobe-venv)`` it is implied that the user has
|
|
activated the Kayobe virtualenv. This can be done as follows::
|
|
|
|
$ source kayobe-venv/bin/activate
|
|
|
|
To deactivate the virtualenv::
|
|
|
|
(kayobe-venv) $ deactivate
|
|
|
|
To see information on how to use the ``kayobe`` CLI and the commands it
|
|
provides::
|
|
|
|
(kayobe-venv) $ kayobe help
|
|
|
|
As the ``kayobe`` CLI is based on the ``cliff`` package (as used by the
|
|
``openstack`` client), it supports tab auto-completion of subcommands. This
|
|
can be activated by generating and then sourcing the bash completion script::
|
|
|
|
(kayobe-venv) $ kayobe complete > kayobe-complete
|
|
(kayobe-venv) $ source kayobe-complete
|
|
|
|
Working with Ansible Vault
|
|
--------------------------
|
|
|
|
If Ansible vault has been used to encrypt Kayobe configuration files, it will
|
|
be necessary to provide the ``kayobe`` command with access to vault password.
|
|
There are three options for doing this:
|
|
|
|
Prompt
|
|
Use ``kayobe --ask-vault-pass`` to prompt for the password.
|
|
File
|
|
Use ``kayobe --vault-password-file <file>`` to read the password from a
|
|
(plain text) file.
|
|
Environment variable
|
|
Export the environment variable ``KAYOBE_VAULT_PASSWORD`` to read the
|
|
password from the environment.
|
|
|
|
Ansible Control Host
|
|
====================
|
|
|
|
Before starting deployment we must bootstrap the Ansible control host. Tasks
|
|
performed here include:
|
|
|
|
- Install Ansible and role dependencies from Ansible Galaxy.
|
|
- Generate an SSH key if necessary and add it to the current user's authorised
|
|
keys.
|
|
- Configure kolla and kolla-ansible.
|
|
|
|
To bootstrap the Ansible control host::
|
|
|
|
(kayobe-venv) $ kayobe control host bootstrap
|
|
|
|
Physical Network
|
|
================
|
|
|
|
The physical network can be managed by Kayobe, which uses Ansible's network
|
|
modules. Currently Dell Network OS 6 and Dell Network OS 9 switches are
|
|
supported but this could easily be extended. To provision the physical
|
|
network::
|
|
|
|
(kayobe-venv) $ kayobe physical network configure --group <group> [--enable-discovery]
|
|
|
|
The ``--group`` argument is used to specify an Ansible group containing
|
|
the switches to be configured.
|
|
|
|
The ``--enable-discovery`` argument enables a one-time configuration of ports
|
|
attached to baremetal compute nodes to support hardware discovery via ironic
|
|
inspector.
|
|
|
|
Seed
|
|
====
|
|
|
|
VM Provisioning
|
|
---------------
|
|
|
|
.. note::
|
|
|
|
It is not necesary to run the seed services in a VM. To use an existing
|
|
bare metal host or a VM provisioned outside of Kayobe, this step may be
|
|
skipped. Ensure that the Ansible inventory contains a host for the seed.
|
|
|
|
The seed hypervisor should have CentOS and ``libvirt`` installed. It should
|
|
have ``libvirt`` networks configured for all networks that the seed VM needs
|
|
access to and a ``libvirt`` storage pool available for the seed VM's volumes.
|
|
To provision the seed VM::
|
|
|
|
(kayobe-venv) $ kayobe seed vm provision
|
|
|
|
When this command has completed the seed VM should be active and accessible via
|
|
SSH. Kayobe will update the Ansible inventory with the IP address of the VM.
|
|
|
|
Host Configuration
|
|
------------------
|
|
|
|
To configure the seed host OS::
|
|
|
|
(kayobe-venv) $ kayobe seed host configure
|
|
|
|
.. note::
|
|
|
|
If the seed host uses disks that have been in use in a previous
|
|
installation, it may be necessary to wipe partition and LVM data from those
|
|
disks. To wipe all disks that are not mounted during host configuration::
|
|
|
|
(kayobe-venv) $ kayobe seed host configure --wipe-disks
|
|
|
|
Building Container Images
|
|
-------------------------
|
|
|
|
.. note::
|
|
|
|
It is possible to use prebuilt container images from an image registry such
|
|
as Dockerhub. In this case, this step can be skipped.
|
|
|
|
It is possible to use prebuilt container images from an image registry such as
|
|
Dockerhub. In some cases it may be necessary to build images locally either to
|
|
apply local image customisation or to use a downstream version of kolla. To
|
|
build images locally::
|
|
|
|
(kayobe-venv) $ kayobe seed container image build
|
|
|
|
Deploying Containerised Services
|
|
--------------------------------
|
|
|
|
At this point the seed services need to be deployed on the seed VM. These
|
|
services are deployed in the ``bifrost_deploy`` container. This command will
|
|
also build the Operating System image that will be used to deploy the overcloud
|
|
nodes using Disk Image Builder (DIB).
|
|
|
|
To deploy the seed services in containers::
|
|
|
|
(kayobe-venv) $ kayobe seed service deploy
|
|
|
|
After this command has completed the seed services will be active.
|
|
|
|
Accessing the Seed via SSH (Optional)
|
|
-------------------------------------
|
|
|
|
For SSH access to the seed, first determine the seed's IP address. We can
|
|
use the ``kayobe configuration dump`` command to inspect the seed's IP
|
|
address::
|
|
|
|
(kayobe-venv) $ kayobe configuration dump --host seed --var-name ansible_host
|
|
|
|
The ``kayobe_ansible_user`` variable determines which user account will be used
|
|
by Kayobe when accessing the machine via SSH. By default this is ``stack``.
|
|
Use this user to access the seed::
|
|
|
|
$ ssh <kayobe ansible user>@<seed VM IP>
|
|
|
|
To see the active Docker containers::
|
|
|
|
$ docker ps
|
|
|
|
Leave the seed VM and return to the shell on the control host::
|
|
|
|
$ exit
|
|
|
|
Overcloud
|
|
=========
|
|
|
|
Discovery
|
|
---------
|
|
|
|
.. note::
|
|
|
|
If discovery of the overcloud is not possible, a static inventory of servers
|
|
using the bifrost ``servers.yml`` file format may be configured using the
|
|
``kolla_bifrost_servers`` variable in ``${KAYOBE_CONFIG_PATH}/bifrost.yml``.
|
|
|
|
Discovery of the overcloud is supported by the ironic inspector service running
|
|
in the ``bifrost_deploy`` container on the seed. The service is configured to
|
|
PXE boot unrecognised MAC addresses with an IPA ramdisk for introspection. If
|
|
an introspected node does not exist in the ironic inventory, ironic inspector
|
|
will create a new entry for it.
|
|
|
|
Discovery of the overcloud is triggered by causing the nodes to PXE boot using
|
|
a NIC attached to the overcloud provisioning network. For many servers this
|
|
will be the factory default and can be performed by powering them on.
|
|
|
|
On completion of the discovery process, the overcloud nodes should be
|
|
registered with the ironic service running in the seed host's
|
|
``bifrost_deploy`` container. The node inventory can be viewed by executing
|
|
the following on the seed::
|
|
|
|
$ docker exec -it bifrost_deploy bash
|
|
(bifrost_deploy) $ source env-vars
|
|
(bifrost_deploy) $ ironic node-list
|
|
|
|
In order to interact with these nodes using Kayobe, run the following command
|
|
to add them to the Kayobe and bifrost Ansible inventories::
|
|
|
|
(kayobe-venv) $ kayobe overcloud inventory discover
|
|
|
|
BIOS and RAID Configuration
|
|
---------------------------
|
|
|
|
.. note::
|
|
|
|
BIOS and RAID configuration may require one or more power cycles of the
|
|
hardware to complete the operation. These will be performed automatically.
|
|
|
|
Configuration of BIOS settings and RAID volumes is currently performed out of
|
|
band as a separate task from hardware provisioning. To configure the BIOS and
|
|
RAID::
|
|
|
|
(kayobe-venv) $ kayobe overcloud bios raid configure
|
|
|
|
After configuring the nodes' RAID volumes it may be necessary to perform
|
|
hardware inspection of the nodes to reconfigure the ironic nodes' scheduling
|
|
properties and root device hints. To perform manual hardware inspection::
|
|
|
|
(kayobe-venv) $ kayobe overcloud hardware inspect
|
|
|
|
Provisioning
|
|
------------
|
|
|
|
Provisioning of the overcloud is performed by the ironic service running in the
|
|
bifrost container on the seed. To provision the overcloud nodes::
|
|
|
|
(kayobe-venv) $ kayobe overcloud provision
|
|
|
|
After this command has completed the overcloud nodes should have been
|
|
provisioned with an OS image. The command will wait for the nodes to become
|
|
``active`` in ironic and accessible via SSH.
|
|
|
|
Host Configuration
|
|
------------------
|
|
|
|
To configure the overcloud hosts' OS::
|
|
|
|
(kayobe-venv) $ kayobe overcloud host configure
|
|
|
|
.. note::
|
|
|
|
If the controller hosts use disks that have been in use in a previous
|
|
installation, it may be necessary to wipe partition and LVM data from those
|
|
disks. To wipe all disks that are not mounted during host configuration::
|
|
|
|
(kayobe-venv) $ kayobe overcloud host configure --wipe-disks
|
|
|
|
Building Container Images
|
|
-------------------------
|
|
|
|
.. note::
|
|
|
|
It is possible to use prebuilt container images from an image registry such
|
|
as Dockerhub. In this case, this step can be skipped.
|
|
|
|
In some cases it may be necessary to build images locally either to apply local
|
|
image customisation or to use a downstream version of kolla. To build images
|
|
locally::
|
|
|
|
(kayobe-venv) $ kayobe overcloud container image build
|
|
|
|
Pulling Container Images
|
|
------------------------
|
|
|
|
.. note::
|
|
|
|
It is possible to build container images locally avoiding the need for an
|
|
image registry such as Dockerhub. In this case, this step can be skipped.
|
|
|
|
In most cases suitable prebuilt kolla images will be available on Dockerhub.
|
|
The `stackhpc account <https://hub.docker.com/r/stackhpc/>`_ provides image
|
|
repositories suitable for use with kayobe and will be used by default. To
|
|
pull images from the configured image registry::
|
|
|
|
(kayobe-venv) $ kayobe overcloud container image pull
|
|
|
|
Deploying Containerised Services
|
|
--------------------------------
|
|
|
|
To deploy the overcloud services in containers::
|
|
|
|
(kayobe-venv) $ kayobe overcloud service deploy
|
|
|
|
Once this command has completed the overcloud nodes should have OpenStack
|
|
services running in Docker containers.
|
|
|
|
Interacting with the Control Plane
|
|
----------------------------------
|
|
|
|
Kolla-ansible writes out an environment file that can be used to access the
|
|
OpenStack admin endpoints as the admin user::
|
|
|
|
$ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/admin-openrc.sh
|
|
|
|
Kayobe also generates an environment file that can be used to access the
|
|
OpenStack public endpoints as the admin user which may be required if the
|
|
admin endpoints are not available from the control host::
|
|
|
|
$ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/public-openrc.sh
|
|
|
|
Performing Post-deployment Configuration
|
|
----------------------------------------
|
|
|
|
To perform post deployment configuration of the overcloud services::
|
|
|
|
(kayobe-venv) $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/admin-openrc.sh
|
|
(kayobe-venv) $ kayobe overcloud post configure
|
|
|
|
This will perform the following tasks:
|
|
|
|
- Register Ironic Python Agent (IPA) images with glance
|
|
- Register introspection rules with ironic inspector
|
|
- Register a provisioning network and subnet with neutron
|
|
|
|
Other Useful Commands
|
|
=====================
|
|
|
|
Deprovisioning
|
|
--------------
|
|
|
|
.. note::
|
|
|
|
This step will power down the overcloud hosts and delete their nodes'
|
|
instance state from the seed's ironic service.
|
|
|
|
To deprovision the overcloud::
|
|
|
|
(kayobe-venv) $ kayobe overcloud deprovision
|
|
|
|
Running Kayobe Playbooks on Demand
|
|
----------------------------------
|
|
|
|
In some situations it may be necessary to run an individual Kayobe playbook.
|
|
Playbooks are stored in ``<kayobe repo>/ansible/*.yml``. To run an arbitrary
|
|
Kayobe playbook::
|
|
|
|
(kayobe-venv) $ kayobe playbook run <playbook> [<playbook>]
|
|
|
|
Running Kolla-ansible Commands
|
|
------------------------------
|
|
|
|
To execute a kolla-ansible command::
|
|
|
|
(kayobe-venv) $ kayobe kolla ansible run <command>
|
|
|
|
Dumping Kayobe Configuration
|
|
----------------------------
|
|
|
|
The Ansible configuration space is quite large, and it can be hard to determine
|
|
the final values of Ansible variables. We can use Kayobe's
|
|
``configuration dump`` command to view individual variables or the variables
|
|
for one or more hosts. To dump Kayobe configuration for one or more hosts::
|
|
|
|
(kayobe-venv) $ kayobe configuration dump
|
|
|
|
The output is a JSON-formatted object mapping hosts to their hostvars.
|
|
|
|
We can use the ``--var-name`` argument to inspect a particular variable or the
|
|
``--host`` or ``--hosts`` arguments to view a variable or variables for a
|
|
specific host or set of hosts.
|