[TOC]

#openstack kolla 入門

##kolla 使命

To provide production-ready containers and deployment tools for operating OpenStack clouds

##快速開始

[官方文檔all-in-one](https://docs.openstack.org/developer/kolla-ansible/quickstart.html)

[多節(jié)點部署](https://docs.openstack.org/developer/kolla-ansible/multinode.html)

[手動構建容器鏡像](https://docs.openstack.org/developer/kolla/image-building.html)

###基礎環(huán)境

**裸機/虛擬機（ubuntu，centos，oracle linux，container OS platforms）*

**root 用戶操作**

|配置|最低要求|

|:----------|------:|

|網(wǎng)卡|2個|

|內(nèi)存|8G|

|存儲|40G|

###安裝前檢查

>ip addr show

如果第二塊網(wǎng)卡未啟動

ip link set ens*? up

###安裝依賴

**升級內(nèi)核到最新**

>[ubuntu]

>apt-get install linux-image-generic-lts-wily

>[centos]

>N/A

**安裝升級pip**

>[ubuntu]

>apt-get update

apt-get install python-pip

pip install -U pip

>[centos]

>yum install epel-release

yum install python-pip

pip install -U pip

**編譯，pip包管理依賴**

>[ubuntu]

>apt-get install python-dev libffi-dev gcc libssl-dev

>[centos]

>yum install python-devel libffi-devel gcc openssl-devel

###版本要求

**mitaka**

|組件|最低|最高|說明|

|:-----|-----|------|-----:|

|ansible|1.9.4|<2.0.0|部署主機|

|docker|1.10.0|none|目標節(jié)點|

|docker python|1.6.0|none|目標節(jié)點|

|python jinja2|2.6.0|none|部署主機|

**newton**

|組件|最低|最高|說明|

|:-----|-----|------|-----:|

|ansible|2.0.0|<2.0.0|部署主機|

|docker|1.10.0|none|目標節(jié)點|

|docker python|1.6.0|none|目標節(jié)點|

|python jinja2|2.8.0|none|部署主機|

**安裝ansible**

>[CentOS or RHEL systems]

>yum install ansible

>[DEB based systems]

>pip install -U ansible

**安裝配置docker**

>curl -sSL https://get.docker.io | bash

>docker --version

**systemd**

>\# Create the drop-in unit directory for docker.service

>mkdir -p /etc/systemd/system/docker.service.d

>\# Create the drop-in unit file

>tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'

>[Service]

>MountFlags=shared

>EOF

**restart docker server**

\# Run these commands to reload the daemon

systemctl daemon-reload

systemctl restart docker

**升級docker py**

>pip install -U docker-py

**安裝配置NTP**

> yum install ntp

>[centos]

systemctl enable ntpd.service

systemctl start ntpd.service

更新本地時間

ntpdate asia.pool.ntp.org

**關閉libvirt**

>[CentOS 7]

systemctl stop libvirtd.service

systemctl disable libvirtd.service

[ubunut]

service libvirt-bin stop

update-rc.d libvirt-bin disable

##安裝kolla 和kolla-ansible

>pip install kolla-ansible

pip install kolla（官方未給出）

**拷貝配置和資源文件**

[CentOS]

cp -r /usr/share/kolla/etc_examples/kolla /etc/kolla/

[Ubuntu]

cp -r /usr/local/share/kolla/etc_examples/kolla /etc/kolla/

[CentOS]

cp /usr/share/kolla/ansible/inventory/* .

[Ubuntu]

cp /usr/local/share/kolla/ansible/inventory/* .

**為安裝openstack 做準備**

修改全局配置

>/etc/kolla/globals.yml

>network_interface: "ens3"

neutron_external_interface: "ens4"

kolla_base_distro

kolla_install_type

kolla_internal_vip_address：

all-in-one 則修改成第一個網(wǎng)卡的ip(注意)

**關閉HAporxy--官方未說明**

/usr/share/kolla/ansible/group_vars/all.yml

enable_haproxy: "no"

**修改docker 重啟策略--官方未說明**

/usr/share/kolla/ansible/group_vars/all.yml

docker_restart_policy："on-failure"

**自動生成密碼**

kolla-genpwd

**修改登陸頁面密碼**

>keystone_admin_password: password

>快速準備

kolla-ansible -i all-in-one bootstrap

**拉取官方鏡像**

kolla-ansible pull （時間1個小時左右 可能會網(wǎng)絡問題 重新拉取即可）

docker images? 獲取鏡像列表

**使用kolla 部署前端口占用檢查**

kolla-ansible prechecks -i all-in-one

##完成部署

>kolla-ansible deploy -i all-in-one

kolla-ansible post-deploy

**測試部署結果**

>source /etc/kolla/admin-openrc.sh

[centos]

cd /usr/share/kolla

./init-runonce

[ubuntu]

cd /usr/local/share/kolla

./init-runonce

##遇到問題

**單節(jié)點部署問題**

>1.預先安裝的docker軟件包版本同bootstrap的準備配置沖突

解決辦法：刪除沖突的軟件包

rpm -erase pkg

修改/usr/share/kolla/ansible/roles/baremetal/default/main.yml 中對應任務的軟件包版本同本機相同

>2.導入gpg 超時

rpm --import https://yum.dockerproject.org/gpg

可以導入即可繼續(xù)

>3.docker 服務啟動失敗：

/etc/systemd/system/docker.service.d? 配置被修改錯誤

修改模板配置模板 則可以正常啟動

/usr/share/kolla/ansible/roles/baremetal/templates/ docker_systemd_service.j2? 刪除第二行之后所有內(nèi)容

>4.ubuntu 16.04安裝最新docker? 失敗

curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.

沒有安裝 軟件包curl

安裝則解決 docker 失敗問題

**多節(jié)點部署問題**

1.多節(jié)點ansible 管理 ssh沒有權限問題

Failed to connect to the host via ssh: Permission denied (publickey,password

根因：ssh 無密碼登陸沒有 對本機 和其他節(jié)點 配置

解決：

ssh-copy-id? 配置所有節(jié)點對應用戶無密碼輸入 可直接ssh

**docker 重啟策略問題（偶現(xiàn)）**

問題

```fatal: [localhost]: FAILED! => {"changed": true, "failed": true, "msg": "'Traceback (most recent call last):\\n? File \"/tmp/ansible_XIOIpx/ansible_module_kolla_docker.py\", line 742, in main\\n? ? result = bool(getattr(dw, module.params.get(\\'action\\'))())\\n? File \"/tmp/ansible_XIOIpx/ansible_module_kolla_docker.py\", line 567, in start_container\\n? ? self.create_container()\\n? File \"/tmp/ansible_XIOIpx/ansible_module_kolla_docker.py\", line 555, in create_container\\n? ? self.dc.create_container(**options)\\n? File \"/usr/local/lib/python2.7/dist-packages/docker/api/container.py\", line 135, in create_container\\n? ? return self.create_container_from_config(config, name)\\n? File \"/usr/local/lib/python2.7/dist-packages/docker/api/container.py\", line 146, in create_container_from_config\\n? ? return self._result(res, True)\\n? File \"/usr/local/lib/python2.7/dist-packages/docker/client.py\", line 178, in _result\\n? ? self._raise_for_status(response)\\n? File \"/usr/local/lib/python2.7/dist-packages/docker/client.py\", line 174, in _raise_for_status\\n? ? raise errors.APIError(e, response, explanation=explanation)\\nAPIError: 500 Server Error: Internal Server Error (\"{\"message\":\"maximum retry count cannot be used with restart policy \\'unless-stopped\\'\"}\")\\n’"}

```

參考社區(qū)修改

https://review.openstack.org/#/c/424114/2/ansible/library/kolla_docker.py

問題：社區(qū)已經(jīng)修改但實際部署過程并未修改 當前看問題并未解決。

**部署后openstack服務日志存放目錄**

/var/lib/docker/volumes/kolla_logs/_data/

**docker 問題定位**

>docker exec -it heka bash

docker logs container-name

**優(yōu)化**：

配置阿里云 docker 鏡像加速倉庫

1）注冊個帳號

https://dev.aliyun.com/search.html

阿里云會自動為用戶分配一個鏡像加速器的地址，登錄后進入"管理中心"-->"加速器"，里面有分配給你的鏡像加速器的地址以及各個環(huán)境的使用說明。

鏡像加速器地址：https://xxxxx.mirror.aliyuncs.com

2)配置docker

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'

{

"registry-mirrors": ["https://zt13pwpr.mirror.aliyuncs.com"]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

##涉及技術點及成果

[docker 構建鏡像](https://docs.docker.com/engine/getstarted/step_four/)

[kolla-ansible 構建鏡像](https://docs.openstack.org/developer/kolla/image-building.html)

[kolla 鏡像倉庫](https://hub.docker.com/u/kolla/)

[docker 服務配置](https://docs.docker.com/engine/admin/systemd/)

[問題debug](https://docs.openstack.org/developer/kolla-ansible/troubleshooting.html)