OpenStack-Ironic源码安装部署方案
- 1 Ironic简介
- 2 Ironic架构图
- 3 Ironic必要组件
- 4 Ironic依赖服务
- 5 硬件配置
- 6 系统优化
- 7 OpenStack环境验证(控制节点)
- 8 部署Ironic(控制节点、Bare Metal)
- 9 部署Ironic Network(控制节点、Bare Metal)
- 10 构建镜像(控制节点)
- 11 配置Bare Metal驱动(Bare Metal)
- 12 注册裸机(控制节点)
- 13 实例部署(控制节点)
- 14 常见问题
- 15 参考文献
OpenStack-Ironic源码安装部署方案
1 Ironic简介
裸金属节点特指没有部署操作系统的物理服务器,相对于虚拟机,裸金属节点具有更强的计算能力、资源独占以及安全隔离等优点。Ironic旨在为用户提供自助式的裸金属管理服务,Ironic既可以独立使用,也可以与 OpenStack集成。Ironic与OpenStack集成提供裸金属管理服务,允许用户像管理虚拟机一样管理裸金属节点,部署裸机就像是部署虚拟机一样简单,为用户提供了多租户网络的裸金属云基础设施。
2 Ironic架构图
3 Ironic必要组件
- Ironic API:提供北向RESTful API
- Ironic Conductor:完成裸机管理服务的绝大部分工作:添加、编辑、删除裸机;开/关裸机电源;提供、部署清理裸机等
- Ironic Python Agent:简称IPA,是一个运行在RAMDisk之上的Python服务,暴露RESTful API接收Ironic Conductor的远程访问,完成裸机的相关操作
4 Ironic依赖服务
- TFTP:TFTP是用来下载远程文件的最简单网络协议,它基于UDP协议而实现
- PXE:PXE是一种引导方式,进行PEX安装的必要条件是在要安装的计算机中必须包含一个PXE支持的网卡,PXE协议可以使计算机通过网络启动
- IPMI:IPMI是智能型平台管理接口,其核心是一个专用芯片BMC,其并不依赖于服务器的处理器、BIOS或操作系统来工作,是一个单独在系统内运行的无代理管理子系统,只要有BMC与IPMI固件便可开始工作,而BMC通常是一个安装在服务器主板上的独立的板卡。用户可以利用IPMI监视服务器的物理健康特征,如温度、电压、风扇工作状态、电源状态等
5 硬件配置
服务器具体配置要求如下:
- 2个千兆网口
- 至少8G内存
- 磁盘至少40G
6 系统优化
主机的优化不单纯只是软硬件的优化,基于操作系统的性能优化也是多方面的,可以从几个方面进行衡量,以更好的提高主机的性能。
6.1 关闭SELinux(控制节点、BareMetal节点)
SELinux不关闭的情况下无法实现,会限制ssh免密码登录。
[root@localhost ~]#setenforce 0
[root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
6.2 关闭防火墙(控制节点、BareMetal节点)
防止安装时出现各个组件的端口不能访问的问题。
[root@localhost ~]#systemctl stop firewalld && systemctl disable firewalld 6.3 时间同步(控制节点、BareMetal节点)
同步时间可以有效解决因时间不同而造成的不同步。
[root@localshot ~]# yum -y install ntp
[root@localhost ~]# ntpdate ntp1.aliyun.com
[root@localhost ~]# timedatectl set-timezone Asia/Shanghai
6.4 修改系统打开文件最大数量(控制节点、BareMetal节点)
放开系统打开文件最大数量,防止因达到上限值而导致的进程终止。
[root@localhost ~]# vi /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
6.5 安装OpenStack国内yum源(BareMetal节点)
安装阿里的OpenStack yum源可以加快各组件的下载速度。
[root@localhost ~]# cat << EOF >> /etc/yum.repos.d/openstack.repo
[openstack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
EOF6.6 降低Swap分区使用率(控制节点、BareMetal节点)
现在服务器的内存一般是上百GB,所以我们可以把这个参数值设置的低一些(如10-30之间),让操作系统尽可能的使用物理内存,降低系统对swap的使用,从而提高宿主机系统和虚拟机的性能。
[root@localhost ~]# cat << EOF >> /etc/yum.repos.d/openstack.repo
[openstack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
EOF
7 OpenStack环境验证(控制节点)
Bare Metal服务是各个组件的集合,这些组件为管理和配置物理机提供支持,在部署Bare Metal之前必须要确保已经设置了Keystone、Image、Nova、Neutron等服务。Bare Metal通常在一个独立的计算节点上运行。
7.1 验证Keystone
[root@controller ~]# source admin-openrc
[root@controller ~ ]# openstack user list
7.2 验证Glance
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
7.3 验证Nova
[root@controller ~]# openstack compute service list
7.4 验证Endpoint
[root@controller ~]# openstack endpoint list
7.5 验证Neutron
[root@controller ~]# openstack network agent list
8 部署Ironic(控制节点、Bare Metal)
8.1 MySQL中创建库和权限(控制节点)
在数据库中创建Ironic库,并且授予用户访问库的权限。
[root@localhost ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE ironic CHARACTER SET utf8;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' identified by 'tera123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' identified by 'tera123';
8.2 添加Ironic用户及其鉴权信息(控制节点)
[root@controller ~]# openstack service create --name ironic \
--description "Ironic baremetal provisioning service" baremetal
[root@controller ~ ]# openstack user create --domain default --password-prompt ironic
[root@controller ~]# openstack role add --project service --user ironic admin
[root@controller ~]# openstack endpoint create --region RegionOne baremetal admin\
http://192.168.5.221:6385
[root@controller ~]#openstack endpoint create –region RegionOne baremetal public \
http://192.168.5.221:6385
[root@controller ~]#openstack endpoint create --region RegionOne baremetal internal \
http://192.168.5.221:6385
8.3 安装软件包(Bare Metal)
[root@bare ~]# yum install openstack-ironic-api openstack-ironic-conductor python-ironicclient -y8.4 配置Ironic配置文件(Bare Metal)
此次Ironic-api和Ironic-conductor同节点部署。
[root@localhost ~]# vi /etc/ironic/ironic.conf
[DEFAULT]
my_ip=192.168.4.221
transport_url = rabbit://openstack:tera123@192.168.4.220
auth_strategy = keystone
[database]
connection=mysql+pymysql://ironic:tera123@192.168.4.220/ironic?charset=utf8
[conductor]
automated_clean = false
clean_callback_timeout = 1800
rescue_callback_timeout = 1800
soft_power_off_timeout = 600
power_state_change_timeout = 30
power_failure_recovery_interval = 300
[glance]
url = http://192.168.4.220:9292
auth_url = http://192.168.4.220:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = glance
password = tera123
[service_catalog]
region_name = RegionOne
project_domain_id = default
user_domain_id = default
project_name = service
password = tera123
username = ironic
auth_url = http://192.168.4.220:5000
auth_type = password
[keystone_authtoken]
auth_type=password
www_authenticate_uri = http://192.168.4.220:5000
auth_url = http://192.168.4.220:5000
username=ironic
password=tera123
project_name=service
project_domain_name=default
user_domain_name=default
[neutron]
auth_type = password
auth_url = http://192.168.4.220:5000
username=ironic
password=tera123
project_name=service
project_domain_id=default
user_domain_id=default
region_name = RegionOne
valid_interfaces=public
8.5 同步Ironic数据库并启动服务(Bare Metal)
[root@bare ~]# ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema
[root@bare ~]# systemctl enable openstack-ironic-api openstack-ironic-conductor
[root@bare ~]# systemctl start openstack-ironic-api openstack-ironic-conductor
8.6 安装Nova Compute(Bare Metal)
[root@bare ~]# yum install openstack-nova-compute -y8.7 配置Nova配置文件(Bare Metal、控制节点)
修改控制节点和Bare Metal的nova.conf配置文件。
Bare Metal:
[DEFAULT]
transport_url = rabbit://openstack:tera123@192.168.5.220
my_ip=192.168.5.221
use_neutron=true
compute_driver=ironic.IronicDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
reserved_host_cpus=0
[filter_scheduler]
track_instance_changes=False
[scheduler]
discover_hosts_in_cells_interval=120
[ironic]
api_retry_interval = 5
api_max_retries = 300
auth_type=password
auth_url=http://192.168.5.220:5000/v3
project_name=service
username=ironic
password=tera123
project_domain_name=default
user_domain_name=default
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.5.220:5000/v3
username = placement
password = tera123
[neutron]
url = http://192.168.5.220:9696
auth_url = http://192.168.5.220:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = tera123
控制节点:
[DEFAULT]
my_ip=192.168.5.220
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
transport_url=rabbit://openstack:tera123@192.168.5.220
compute_driver=ironic.IronicDriver
reserved_host_memory_mb=0
[scheduler]
discover_hosts_in_cells_interval=120
[api]
auth_strategy=keystone
[api_database]
connection=mysql+pymysql://nova:tera123@192.168.5.220/nova_api
[database]
connection= mysql+pymysql://nova:tera123@192.168.5.220/nova
[glance]
api_servers= http://192.168.5.220:9292
[keystone_authtoken]
www_authenticate_uri = http://192.168.5.220:5000
auth_url=http://192.168.5.220:5000/v3
memcached_servers= 192.168.5.220:11211
auth_type=password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = tera123
[placement]
region_name = RegionOne
user_domain_name = Default
auth_type=password
auth_url=http://192.168.5.220:5000/v3
project_name=service
project_domain_name=Default
username=placement
password=tera123
[placement_database]
connection= mysql+pymysql://placement:tera123@192.168.5.220/placement
[scheduler]
discover_hosts_in_cells_interval= 300
[vnc]
enabled=true
server_listen=$my_ip
server_proxyclient_address=$my_ip
[neutron]
url=http://192.168.5.220:9696
auth_type=password
auth_url=http://192.168.5.220:5000
project_name=service
project_domain_name=default
username=neutron
user_domain_name=default
password=tera123
region_name=RegionOne
service_metadata_proxy = true
metadata_proxy_shared_secret = tera123
[ironic]
auth_type=password
auth_url=http://192.168.5.220:5000/v3
project_name=service
username=ironic
password=tera123
project_domain_name=Default
user_domain_name=Default
8.8 注册Cell并启动Nova服务(控制节点、Bare Metal)
[root@controller ~]# nova-manage cell_v2 discover_hosts --by-service
[root@bare ~]# systemctl enable openstack-nova-compute.service
[root@bare ~]# systemctl start openstack-nova-compute.service
[root@controller ~]# systemctl restart openstack-nova-scheduler
8.9 验证Bare Metal节点(控制节点)
[root@bare ~]# openstack compute service list
9 部署Ironic Network(控制节点、Bare Metal)
Ironic由以下三种网络组成:
- Provisioning Network:用来注册并部署裸金属实例的网络,所以要求连通IPMI、DHCP、PXE以及裸金
属服务器,有Flat、VLAN、SDN等多种方案,此次部署采用Flat网络 - Cleaning Netowork:用于初始化裸金属节点,完成抹盘、初始化配置信息等工作。要求连通IPMI以及
裸金属服务器 - Tenant Netowork:常规的Neutron租户网络
9.1 部署Ovs Agent(Bare Metal)
这里已经有一个完善的OpenStack Neutron环境,所以只需配置Bare Metal节点即可。
[root@bare ~]# yum install openstack-neutron-openvswitch ipset -9.2 配置Ovs Agent(Bare Metal)
[root@bare ~]# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
l2_population = true
arp_responder = true
[ovs]
bridge_mappings = provider:br-provider
datapath_type = system
local_ip = 192.168.5.221
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
9.3 启动OpenvSwitch服务(Bare Metal)
[root@bare ~]# systemctl enable neutron-openvswitch-agent
[root@bare ~]# systemctl start neutron-openvswitch-agent
9.4 手动创建网桥绑定网卡(Bare Metal)
因为我们这里选择的是Flat网络模式,所以需要Ovs网桥和物理网卡绑定用来访问外网。
[root@bare ~]# ovs-vsctl add-br br-provider
[root@bare ~]# ovs-vsctl add-port br-provider ens192
9.5 验证Ovs网桥(Bare Metal)
[root@bare ironic]# ovs-vsctl show
7c01fc3a-3aca-4a08-bf0d-76d1b6703f87
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-provider
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port "ens192"
Interface "ens192"
Port br-provider
Interface br-provider
type: internal
Port phy-br-provider
Interface phy-br-provider
type: patch
options: {peer=int-br-provider}
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port int-br-provider
Interface int-br-provider
type: patch
options: {peer=phy-br-provider}
Port br-int
Interface br-int
type: internal
ovs_version: "2.11.0"
9.6 控制节点Neutron配置(控制节点)
控制节点Neutron是提前配置好的,这里检查一下配置文件。
[root@controller ~]# vi /etc/neutron/neutron.conf
[DEFAULT]
state_path = /var/lib/neutron
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:tera123@192.168.5.220
[database]
connection = mysql+pymysql://neutron:tera123@192.168.5.220/neutron
[keystone_authtoken]
www_authenticate_uri = http://192.168.5.220:5000
auth_url = http://192.168.5.220:5000
memcached_servers = 192.168.5.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = tera123
[nova]
auth_url = http://192.168.5.220:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = tera123
[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan,flat
mechanism_drivers = openvswitch,l2population,baremetal
extension_drivers = port_security
[ml2_type_vxlan]
vni_ranges = 1:1000
[ml2_type_flat]
flat_networks = provider
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_ipset = true
enable_security_group = true
[root@controller ~]# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
tunnel_types = vxlan
l2_population = true
arp_responder = true
[ovs]
bridge_mappings = provider:br-provider
datapath_type = system
local_ip = 192.168.5.220
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
9.7 安装Ironic Neutron Agent(控制节点)
[root@controller ~]# yum install -y python2-ironic-neutron-agent
[root@controller ~]# vi /etc/neutron/plugins/ml2/ironic_neutron_agent.ini
[DEFAULT]
debug = true
[agent]
log_agent_heartbeats = true
[ironic]
project_domain_name = default
project_name = service
user_domain_name = default
password = tera123
username = ironic
auth_url = http://192.168.5.220:5000/v3
auth_type = password
9.8 启动Ironic Neutron Agent(控制节点)
[root@controller ~]# systemctl enable ironic-neutron-agent
[root@controller ~]# systemctl start ironic-neutron-agent
9.9 安装Baremetal插件(控制节点)
以往使用Flat网络接口时创建的裸机Port状态会一直处于DOWN,但裸机操作系统的部署依然能够成功且正常工作。而 Networking-baremetal项目正是希望解决裸机Port状态不正常的问题,该项目提供了网络服务和裸机服务深度集成的功能,不仅能完成裸机Port状态变更,还能提供Routed Networks功能。
[root@controller ~]# yum install python2-networking-baremetal -y
[root@controller ~]# systemctl restart neutron-server
9.10 创建Provisioning Network(控制节点)
创建一个 Flat 类型的 Provisioning Network,该网络通过虚拟二层直接与物理二层网络通信,通过物理交换机连通到裸金属服务器,使得裸金属服务器可以借助该网络DHCP服务获取到IP地址和PXE服务器的信息。所以Subnet一定要Enable DHCP。
[root@controller ~]# openstack network create --project admin flat --share --provider-network-type flat --provider-physical-network provider
[root@controller ~]# openstack subnet create subnet \
--network flat --subnet-range 192.168.4.0/24 --ip-version 4 \
--gateway 192.168.4.1 --allocation-pool start=192.168.4.230,end=192.168.4.240 --dhcp
9.11 Ironic使用Neutron Network(Bare Metal)
配置Ironic使用Cleaning Network和Provisioning Network。
[root@controller ~]# openstack network list
[root@controller ~]# openstack security group list
[root@bare ~]# vi /etc/ironic/ironic.conf
[neutron]
cleaning_network=3793d3bd-5a26-4dd2-a637-007b8ed7c2b0
cleaning_network_security_groups=42263b5f-cdff-4374-a04c-506cc22eee70
provisioning_network=3793d3bd-5a26-4dd2-a637-007b8ed7c2b0
provisioning_network_security_groups=42263b5f-cdff-4374-a04c-506cc22eee70
[root@bare ~]# systemctl restart openstack-ironic-conductor openstack-ironic-api
10 构建镜像(控制节点)
Ironic镜像分为Deploy镜像和User镜像两种,Deploy镜像用来给裸机使用,来引导最终的OS,User镜像则是用户最终会使用到的镜像。
10.1 构建Deploy Images
这里我们没有定制镜像的需求,所以直接下载。
[root@controller ~]# wget \
https://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz
[root@controller ~]#wget \
https://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz
10.2 上传Deploy Images
[root@controller ~]# glance image-create --name deploy-vmlinuz --visibility public --disk-format aki --container-format aki < coreos_production_pxe.vmlinuz
[root@controller ~]# glance image-create --name deploy-initrd --visibility public --disk-format ari --container-format ari < coreos_production_pxe_image-oem.cpio.gz
10.3 构建User Images
这里要自定义用户名和密码,需要传递变量,注意镜像的用户不能为root。
[root@controller ~]# export DIB_CLOUD_INIT_DATASOURCES="ConfigDrive, OpenStack"
[root@controller ~]# export DIB_DEV_USER_USERNAME=centos
[root@controller ~]# export DIB_DEV_USER_PWDLESS_SUDO=yes
[root@controller ~]# export DIB_DEV_USER_PASSWORD=tera123
[root@controller~]# disk-image-create my-initrd baremetal dhcp-all-interfaces grub2 install-static devuser -o centos7 cloud-init-datasources
10.4 上传User Images
[root@controller ~]# glance image-create --name my-image.vmlinuz --visibility public --disk-format aki --container-format aki < my-image.vmlinuz
[root@controller ~]# glance image-create --name my-image.initrd --visibility public --disk-format ari --container-format ari < my-image.initrd
[root@controller ~]# export MY_VMLINUZ_UUID=$(openstack image list | awk '/my-image.vmlinuz/ { print $2 }')
[root@controller ~]# export MY_INITRD_UUID=$(openstack image list | awk '/my-image.initrd/ { print $2 }')
[root@controller ~]# glance image-create --name my-image --visibility \
public --disk-format qcow2 --container-format bare --property \
kernel_id=$MY_VMLINUZ_UUID --property ramdisk_id=$MY_INITRD_UUID < my-image.qcow2
11 配置Bare Metal驱动(Bare Metal)
本次部署采用的是PEX+IPMI的驱动来支持,IPMI控制硬件设备,PXE实施部署。需要提前配置好裸机带外管理口IP地址。
11.1 修改Ironic配置文件
[root@bare ~]# vi /etc/ironic/ironic.conf
[DEFAULT]
my_ip=192.168.5.220
transport_url = rabbit://openstack:tera123@192.168.5.220
auth_strategy = keystone
enabled_hardware_types = ipmi
enabled_boot_interfaces = pxe
enabled_console_interfaces = ipmitool-socat,no-console
enabled_deploy_interfaces = iscsi
enabled_inspect_interfaces = inspector
enabled_management_interfaces = ipmitool
enabled_power_interfaces = ipmitool
enabled_raid_interfaces = agent
enabled_vendor_interfaces = ipmitool, no-vendor
enabled_storage_interfaces = cinder, noop
enabled_network_interfaces = flat,neutron
11.2 配置PXE服务器
[root@bare ~]# vi /etc/ironic/ironic.conf
[ipmi]
retry_timeout=60
[pxe]
ipxe_enabled = False
pxe_append_params=nofb nomodeset vga=normal console=ttyS0 systemd.journald.forward_to_console=Yes
tftp_root=/tftpboot
tftp_server=192.168.5.221
11.3 重启服务并验证
[root@bare ~]# systemctl restart openstack-ironic-conductor
[root@bare ~]# openstack baremetal driver list
11.4 安装IPMI Tool并验证
IPMI Tool要确保能够和目标主机带外管理口通信。
[root@bare ~]# yum -y install ipmitool
[root@bare ~]# ipmitool -I lanplus -H 192.168.5.33 -U ADMIN -P tera123 chassis power status
Chassis Power is on
11.5 配置TFTP服务
[root@bare ~]# mkdir /tftpboot
[root@bare ~]# chown -R ironic.ironic /tftpboot
[root@bare ~]# yum -y install tftp-server syslinux-tftpboot xinetd
[root@bare ~]# vi /etc/xinetd.d/tftp
service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -v -v -v -v -v --map-file /tftpboot/map-file /tftpboot
disable = no
flags = IPv4
}
[root@bare ~]# cp /usr/share/syslinux/pxelinux.0 /tftpboot
[root@bare ~]# cp /usr/share/syslinux/chain.c32 /tftpboot
[root@bare ~]# echo 're ^(/tftpboot/) /tftpboot/\2' > /tftpboot/map-file
echo 're ^/tftpboot/ /tftpboot/' >> /tftpboot/map-file
echo 're ^(^/) /tftpboot/\1' >> /tftpboot/map-file
echo 're ^([^/]) /tftpboot/\1' >> /tftpboot/map-file
11.6 启动TFTP并验证
[root@bare ~]# systemctl enable xinetd
[root@bare ~]# systemctl start xinetd
[root@bare ~]# echo 'tftp' > /tftpboot/1
[root@controller ~]# tftp 192.168.5.221 -c get 1
[root@controller ~]# cat 1
Tftp
11.7 安装ISCSI Deploy支持工具
因为使用 iSCSI Deploy 方式的话,Ironic Conductor 节点会作为 iSCSI Client 并执行镜像的注入,所以需要安装 qemu-img 和 iscsiadm 指令行工具。
[root@bare ~]# yum -y install qemu-img iscsi-initiator-utils12 注册裸机(控制节点)
12.1 创建Ironic Node
创建一个执行 IPMI 的 Ironic Node。
[root@controller ~]# export IRONIC_API_VERSION=1.11
[root@controller ~]# export OS_BAREMETAL_API_VERSION=1.11
[root@controller ~]# openstack baremetal node create --driver ipmi --name node1
12.2 设备部署接口类型
设置部署接口类型,现在可支持ISCSI、Direct、Ansible等类型,每种类型都有不同的行为模型,可根据实际情况选择,这里我们选择最简单的、但却在生产环境中并不特别友好(占用 Provisioning Network 的带宽)的 ISCSI类型。
[root@controller ~]# openstack baremetal node list
[root@controller ~]# openstack baremetal --os-baremetal-api-version 1.31 \
node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--deploy-interface iscsi --raid-interface agent
12.3 设置IPMI Info
这里主要配置IPMI的登录账户信息。
[root@controller ~]# openstack baremetal node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--driver-info ipmi_username=ADMIN \
--driver-info ipmi_password=tera123 \
--driver-info ipmi_address=192.168.5.33
12.4 设置Deploy Images
通过RAMDisk的方式启动。
[root@controller ~]# openstack baremetal node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--driver-info deploy_kernel=fcce4694-3955-40c8-be2f-c5ba890071ec \
--driver-info deploy_ramdisk= 0fbd622c-bb9e-4729-8cab-f2aae07a5814
12.5 设置Provisioning/Cleaning Network
[root@controller ~]# openstack baremetal node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--driver-info cleaning_network= 3793d3bd-5a26-4dd2-a637-007b8ed7c2b0 \
--driver-info provisioning_network= 3793d3bd-5a26-4dd2-a637-007b8ed7c2b0
12.6 设置PXE网卡MAC地址
在Provisioning网络中通过这个MAC地址为Node分配IP地址。
[root@controller ~]# openstack baremetal port create ac:1f:6b:da:d9:c0 \
--node c83162c6-748f-4c90-840b-d5e07df83c97
12.7 配置Resource Class
为Ironic node设置Placement筛选候选人的Resource Class类型,Nova-compute for Ironic会自动为其创建Placement Resource Provider。
[root@controller ~]# openstack --os-baremetal-api-version 1.21 baremetal node set c83162c6-748f-4c90-840b-d5e07df83c97 --resource-class BAREMETAL_TEST12.8 设置Ironic Node基础信息
[root@controller ~]# openstack baremetal node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--property cpus=48 --property memory_mb=131072 --property local_gb=1000
[root@controller ~]# openstack baremetal node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--property capabilities='boot_mode:bios'
12.9 验证Ironic Node纳管
[root@controller ~]# openstack baremetal --os-baremetal-api-version 1.11 node manage c83162c6-748f-4c90-840b-d5e07df83c97
[root@controller ~]# openstack baremetal --os-baremetal-api-version 1.11 node provide c83162c6-748f-4c90-840b-d5e07df83c97
[root@controller ~]# openstack baremetal node show c83162c6-748f-4c90-840b-d5e07df83c97\
| grep provision_state
| provision_state | available
12.10 创建实例Flavor
[root@controller ~]# openstack flavor create --ram 131072 --vcpus 48 --disk 100 my-baremetal-flavor
[root@controller ~]# openstack flavor set --property resources:CUSTOM_BAREMETAL_TEST=1 my-
baremetal-flavor
[root@controller ~]# openstack flavor set --property resources:VCPU=0 my-baremetal-flavor
[root@controller ~]# openstack flavor set --property resources:MEMORY_MB=0 my-baremetal-flavor
[root@controller ~]# openstack flavor set --property resources:DISK_GB=0 my-baremetal-flavor
13 实例部署(控制节点)
13.1 执行部署
[root@controller ~]# openstack server create --flavor my-baremetal-flavor \
--nic net-id=3793d3bd-5a26-4dd2-a637-007b8ed7c2b0 \
--image 08e111be-d256-4c43-bb07-ea65a1219f77 test
13.2 验证结果
[root@controller ~]# openstack server list
[root@controller ~]# openstack baremetal port show eb97e31d-5200-4f1a-beef-75a1c91cc1b6
[root@controller ~]# openstack port show baed8d7c-b6fc-48e8-8cc8-b16b7b55d4a2
[root@controller ~]# ssh root@192.168.4.236
14 常见问题
14.1 获取swift_temp_url报错
MissingAuthPlugin: An auth plugin is required to determine endpoint URL。因为我们选择了Direct的部署方式,裸机服务器的IPA会从Swift Object Storage将User Image拉到本地,在裸机端完成镜像注入,但是我们环境中没有部署Swift,所以需要改为ISCSI的部署方式。
[root@controller ~]# openstack baremetal --os-baremetal-api-version 1.31\
node set c83162c6-748f-4c90-840b-d5e07df83c97 \
--deploy-interface iscsi --raid-interface agent
14.2 DHCP报错
PXE-E51: No DHCP or proxyDHCP offers were received。这是在为裸机MAC地址分配IP地址时发生的报错,主要原因是因为DHCP服务器与裸机网络不通,需要确保DHCP服务器与裸机之间可以通信。检查Neutron的配合文件,测试Provisioning网络的可用性。
14.3 TFTP Time out
PXE-E32 TFTP open timeout。
TFTP…这是在裸机分配到IP地址之后,下载Deploy Images时发生的报错,因为已经分配到IP地址,所以provisioning网络是没有问题的,发生这个报错可能是因为TFTP服务没有启动或者是TFTP服务器和裸机两者之间路由不通,本次部署是因为路由不通导致的TFTP超时。
14.4 Unexpected error while running commad
dd: error writing '/dev/disk/by-path/ip-192.168.4.234:3260-iscsi-iqn.2008-10.org.openstack:c83162c6-748f-4c95e07df83c97-lun-1-part1': InstanceDeployFailure: Deploy failed for instance 7837119e-a626-45d9-8233-21ebcb19aa28. Error: Unexpected error while running command.这个报错发生在Deploy的最后一步注入用户镜像,起初以为是裸机硬盘损坏无法注入完整镜像,通过更换物理硬盘没有解决问题。后来发现在注入用户镜像的过程中会发生Bare Metal节点和裸机之间网络不通的问题,因为给裸机注入镜像是通过ISCSI方式连接3260端口挂载裸机硬盘到本地注入,网络不通直接就会导致挂载硬盘失败。此时观察裸机网络发现居然有两个IP,一个是通过部署的DHCP分配的4网段IP也就是我们Provisioning网络的IP与Bare Metal不通,第二个网段IP是其他DHCP分配,但是和Bare Metal之间可以互通,猜测可能是因为两个IP导致4段IP不是主路由IP。拔掉5网段网线,再次部署,注入镜像成功。
14.5 Ping不通裸机
裸机部署完成之后,PING/SSH裸机失败。是因为没有指定安全组,默认安全组没有放行。
[root@bare ~]# vi /etc/ironic/ironic.conf
[neutron]
cleaning_network=3793d3bd-5a26-4dd2-a637-007b8ed7c2b0
cleaning_network_security_groups=42263b5f-cdff-4374-a04c-506cc22eee70
provisioning_network=3793d3bd-5a26-4dd2-a637-007b8ed7c2b0
provisioning_network_security_groups=42263b5f-cdff-4374-a04c-506cc22eee70
14.6 获取Deploy Image报错
ERROR while preparing to deploy to node : MissingAuthPlugin: An auth plugin is required to determine endpoint URL,这是一个Bug。获取Image的时候MissingAuthPlugin是因为没有配置Glance。
[root@bare ~]# vi /etc/ironic/ironic.conf
[glance]
url = http://192.168.5.220:9292
auth_url = http://192.168.5.220:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = glance
password = tera123
15 参考文献
OpenStack官网:https://docs.openstack.org/
6 参考资料
如有其它问题,请填写右侧需求表单联系我们。www.asterfusion.com
