kolla/doc/quickstart.rst
2016-05-06 10:20:45 +00:00

668 lines
21 KiB
ReStructuredText

Deployment of Kolla on Bare Metal or Virtual Machine
====================================================
Evaluation and Developer Environments
-------------------------------------
Two virtualized development environment options are available for Kolla.
These options permit the development of Kolla without disrupting the host
operating system.
If developing Kolla on an OpenStack cloud environment that supports Heat,
follow the :doc:`Heat developer environment guide <heat-dev-env>`.
If developing Kolla on a system that provides VirtualBox or Libvirt in
addition to Vagrant, use the Vagrant virtual environment documented in
:doc:`Vagrant developer environment guide <vagrant-dev-env>`.
Currently the Heat development environment is entirely non-functional.
The Kolla core reviewers have debated removing it from the repository
but have resisted to provide an opportunity for contributors to make Heat
usable for Kolla development. THe Kolla core reviewers believe Heat
would offer a great way to develop Kolla in addition to Vagrant,
bare metal, or a manually setup virtual machine.
For more information refer to
`_bug 1562334 <https://bugs.launchpad.net/kolla/+bug/1562334>`__.
If evaluating Kolla, the community strongly recommends using bare metal or a
virtual machine during the evaluation period. Follow the instructions in this
document to get started with deploying OpenStack on bare metal or a virtual
machine with Kolla.
Host machine requirements
-------------------------
The recommended deployment target requirements:
- 2 (or more) network interfaces.
- At least 8gb main memory
- At least 40gb disk space.
.. NOTE:: Some commands below may require root permissions (e.g. pip, apt-get).
Installing Dependencies
-----------------------
Kolla is tested on CentOS, Oracle Linux, RHEL and Ubuntu as both container
OS platforms and bare metal deployment targets.
Fedora: Kolla will not run on Fedora 22 and later as a bare metal deployment
target. These distributions compress kernel modules with the .xz compressed
format. The guestfs system in the CentOS family of containers cannot read
these images because a dependent package supermin in CentOS needs to be
updated to add .xz compressed format support.
Ubuntu: For Ubuntu based systems where Docker is used it is recommended to use
the latest available LTS kernel. The latest LTS kernel available is the wily
kernel (version 4.2). While all kernels should work for Docker, some older
kernels may have issues with some of the different Docker backends such as AUFS
and OverlayFS. In order to update kernel in Ubuntu 14.04 LTS to 4.2, run:
::
apt-get install linux-image-generic-lts-wily
.. NOTE:: Install is *very* sensitive about version of components. Please
review carefully because default Operating System repos are likely out of
date.
===================== =========== =========== =========================
Component Min Version Max Version Comment
===================== =========== =========== =========================
Ansible 1.9.4 < 2.0.0 On deployment host
Docker 1.10.0 none On target nodes
Docker Python 1.6.0 none On target nodes
Python Jinja2 2.8.0 none On deployment host
===================== =========== =========== =========================
Make sure the "pip" package manager is installed before proceeding:
::
# CentOS 7
yum install epel-release
yum install python-pip
# Ubuntu 14.04 LTS
apt-get install python-pip
Since Docker is required to build images as well as be present on all deployed
targets, the Kolla community recommends installing the official Docker, Inc.
packaged version of Docker for maximum stability and compatibility with the
following command:
::
curl -sSL https://get.docker.io | bash
This command will install the most recent stable version of Docker, but please
note that Kolla releases are not in sync with docker in any way, so some things
could stop working with new version. The latest release of Kolla is tested to
work with docker-engine >= 1.10.0. To check your docker version run this
command:
::
docker --version
When running with systemd, setup docker-engine with the appropriate
information in the Docker daemon to launch with. This means setting up the
following information in the docker.service file. If you do not set the
MountFlags option correctly then Kolla-Ansible will fail to deploy the
neutron-dhcp-agent container and throws APIError/HTTPError. After adding the
drop-in unit file as follows, reload and restart the docker service:
::
# Create the drop-in unit directory for docker.service
mkdir -p /etc/systemd/system/docker.service.d
# Create the drop-in unit file
tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
[Service]
MountFlags=shared
EOF
# Run these commands to reload the daemon
systemctl daemon-reload
systemctl restart docker
For Ubuntu 14.04 which uses upstart instead of systemd, run the following:
::
mount --make-shared /run
On the target hosts you also need an updated version of the Docker python
libraries. CentOS currently ships with an older version. Using pip it is
easy to install a newer version:
::
pip install -U docker-py
On the system where the OpenStack CLI/Python code is run, the Kolla community
recommends installing the OpenStack python clients if they are not installed.
This could be a completely different machine then the deployment host or
deployment targets. Before installing the OpenStack python client, the
following requirements are needed to build the client code:
::
# Ubuntu
apt-get install -y python-dev libffi-dev libssl-dev gcc git
# CentOS 7
yum -y install python-devel libffi-devel openssl-devel gcc git
To install these clients use:
::
pip install -U python-openstackclient
To clone the Kolla repo:
::
git clone https://git.openstack.org/openstack/kolla
To install Kolla tools and Python dependencies use:
::
pip install kolla/
Copy Kolla configuration to /etc:
::
cd kolla
cp -r etc/kolla /etc/
Optionally, you can install tox and generate the build configuration using
following steps.
::
pip install tox
tox -e genconfig
The location of the generated configuration file is ``etc/kolla/kolla-build.conf``,
You can also copy it to ``/etc/kolla``. The default location is one of
``/etc/kolla/kolla-build.conf`` or ``etc/kolla/kolla-build.conf``.
OpenStack, RabbitMQ, and Ceph require all hosts to have matching times to ensure
proper message delivery. In the case of Ceph, it will complain if the hosts
differ by more than 0.05 seconds. Some OpenStack services have timers as low as
2 seconds by default. For these reasons it is highly recommended to setup an NTP
service of some kind. While `ntpd` will achieve more accurate time for the
deployment if the NTP servers are running in the local deployment environment,
`chrony <http://chrony.tuxfamily.org>`_ is more accurate when syncing the time
across a WAN connection. When running Ceph it is recommended to setup `ntpd` to
sync time locally due to the tight time constraints.
To install, start, and enable ntp on CentOS execute the following:
::
# CentOS 7
yum -y install ntp
systemctl enable ntpd.service
systemctl start ntpd.service
To install and start on Debian based systems execute the following:
::
apt-get install ntp
Libvirt is started by default on many operating systems. Please disable libvirt
on any machines that will be deployment targets. Only one copy of libvirt may
be running at a time.
::
# CentOS 7
systemctl stop libvirtd.service
systemctl disable libvirtd.service
# Ubuntu
service libvirt-bin stop
update-rc.d libvirt-bin disable
On Ubuntu, apparmor will sometimes prevent libvirt from working.
::
/usr/sbin/libvirtd: error while loading shared libraries: libvirt-admin.so.0: cannot open shared object file: Permission denied
If you are seeing the libvirt container fail with the error above, disable
the libvirt profile.
::
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
Kolla deploys OpenStack using
`Ansible <http://www.ansible.com>`__. Install Ansible from distribution
packaging if the distro packaging has recommended version available.
Some implemented distro versions of Ansible are too old to use distro
packaging. Currently, CentOS and RHEL package Ansible 1.9.4 which is
suitable for use with Kolla. As Ansible 2.0 is also available, version 1.9
must be specified. Note that you will need to enable access
to the EPEL repository to install via yum -- to do so, take a look at
Fedora's EPEL `docs <https://fedoraproject.org/wiki/EPEL>`__ and
`FAQ <https://fedoraproject.org/wiki/EPEL/FAQ>`__.
On CentOS or RHEL systems, this can be done using:
::
yum -y install ansible1.9
Many DEB based systems do not meet Kolla's Ansible version requirements.
It is recommended to use pip to install Ansible 1.9.4.
Some ansible dependencies, like pycrypto, may need gcc installed on the build
system. Install it using system packaging tools if it's not installed already:
::
# CentOS 7
yum -y install gcc
# Ubuntu
apt-get install gcc
Finally Ansible 1.9.4 may be installed using:
::
pip install -U ansible==1.9.4
If DEB based systems include a version of Ansible that meets Kolla's
version requirements it can be installed by:
::
apt-get install ansible
Deploy a registry (required for multinode)
------------------------------------------
A Docker registry is a locally hosted registry that replaces the need
to pull from the Docker Hub to get images. Kolla can function with
or without a local registry, however for a multinode deployment a registry
is required.
The Docker registry prior to version 2.3 has extremely bad performance
because all container data is pushed for every image rather than taking
advantage of Docker layering to optimize push operations. For more
information reference
`pokey registry <https://github.com/docker/docker/issues/14018>`__.
The Kolla community recommends using registry 2.3 or later. To deploy
registry 2.3 do the following:
::
docker run -d -p 4000:5000 --restart=always --name registry registry:2
Note: Kolla looks for the Docker registry to use port 4000. (Docker default
is port 5000)
After enabling the registry, it is necessary to instruct Docker that it will
be communicating with an insecure registry. To enable insecure registry
communication on CentOS, modify the "/etc/sysconfig/docker" file to contain
the following where 192.168.1.100 is the IP address of the machine where the
registry is currently running:
::
other_args="--insecure-registry 192.168.1.100:4000"
Docker Inc's packaged version of docker-engine for CentOS is defective and
does not read the other_args configuration options from
"/etc/sysconfig/docker". To rectify this problem, ensure the
following lines appear in the drop-in unit file at
"/etc/systemd/system/docker.service.d/kolla.conf":
::
[Service]
EnvironmentFile=/etc/sysconfig/docker
# It's necessary to clear ExecStart before attempting to override it
# or systemd will complain that it is defined more than once.
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// $other_args
And restart docker by executing the following commands:
::
# CentOS
systemctl daemon-reload
systemctl stop docker
systemctl start docker
Building Container Images
-------------------------
The Kolla community does not currently generate new images for each commit
to the repository. The push time for a full image build to the docker registry
is about 5 hours on 100mbit Internet, so there are technical limitations to
using the Docker Hub registry with the current OpenStack CI/CD systems.
The Kolla community builds and pushes tested images for each tagged release of
Kolla, but if running from master, it is recommended to build images locally.
Before running the below instructions, ensure the docker daemon is running
or the build process will fail. To build images using default parameters run:
::
kolla-build
By default kolla-build will build all containers using CentOS as the base
image and binary installation as base installation method. To change this
behavior, please use the following parameters with kolla-build:
::
--base [ubuntu|centos|fedora|oraclelinux]
--type [binary|source]
If pushing to a local registry (recommended) use the flags:
::
kolla-build --registry registry_ip_address:registry_ip_port --push
Note --base and --type can be added to the above kolla-build command if
different distributions or types are desired.
A docker build of all containers on Xeon hardware with NVME SSDs and
100mbit network takes roughly 30 minutes to a v1 Docker registry. The CentOS
mirrors are flakey and the RDO delorean repository is not mirrored at all. As
a result occasionally some containers fail to build. To rectify build
problems, the build tool will automatically attempt three retries of a build
operation if the first one fails.
It is also possible to build individual containers. As an example, if the
glance containers failed to build, all glance related containers can be
rebuilt as follows:
::
kolla-build glance
In order to see all available parameters, run:
::
kolla-build -h
Deploying Kolla
---------------
The Kolla community provides two example methods of Kolla
deploy: *all-in-one* and *multinode*. The "all-in-one" deploy is similar
to `devstack <http://docs.openstack.org/developer/devstack/>`__ deploy which
installs all OpenStack services on a single host. In the "multinode" deploy,
OpenStack services can be run on specific hosts. This documentation only
describes deploying *all-in-one* method as most simple one.
Each method is represented as an Ansible inventory file. More information on
the Ansible inventory file can be found in the Ansible `inventory introduction
<https://docs.ansible.com/intro_inventory.html>`__.
All variables for the environment can be specified in the files:
"/etc/kolla/globals.yml" and "/etc/kolla/passwords.yml"
Generate passwords for /etc/kolla/passwords.yml using the provided
kolla-genpwd tool. The tool will populate all empty fields in the
"/etc/kolla/passwords.yml" file using randomly generated values to secure the
deployment. Optionally, the passwords may be populate in the file by hand.
::
kolla-genpwd
Start by editing /etc/kolla/globals.yml. Check and edit, if needed, these
parameters: kolla_base_distro, kolla_install_type. These parameters should
match what you used in the "kolla-build" command line. The default for
kolla_base_distro is "centos" and for kolla_install_type is "binary". If
you want to use ubuntu with source type, then you should make sure globals.yml
has the following entries
::
kolla_base_distro: "ubuntu"
kolla_install_type: "source"
Please specify an unused IP address in the network to act as a VIP for
kolla\_internal\_vip\_address. The VIP will be used with keepalived and
added to the "api\_interface" as specified in the globals.yml
::
kolla_internal_vip_address: "10.10.10.254"
The "network\_interface" variable is the interface to which Kolla binds API
services. For example, when starting up Mariadb it will bind to the
IP on the interface list in the "network\_interface" variable.
::
network_interface: "eth0"
The "neutron\_external\_interface" variable is the interface that will
be used for the external bridge in Neutron. Without this bridge the deployment
instance traffic will be unable to access the rest of the Internet. In
the case of a single interface on a machine, a veth pair may be used where
one end of the veth pair is listed here and the other end is in a bridge on
the system.
::
neutron_external_interface: "eth1"
If using a local docker registry, set the docker\_registry information where
the local registry is operating on IP address 192.168.1.100 and the port 4000.
::
docker_registry: "192.168.1.100:4000"
For "all-in-one" deploys, the following commands can be run. These will
setup all of the containers on the localhost. These commands will be
wrapped in the kolla-script in the future. Note even for all-in-one installs
it is possible to use the docker registry for deployment, although not
strictly required.
First, check that the deployment targets are in a state where Kolla may deploy
to them:
::
kolla-ansible prechecks
Run the deployment:
::
kolla-ansible deploy
If APIError/HTTPError is received from the neutron-dhcp-agent container,
remove the container and recreate it:
::
docker rm -v -f neutron_dhcp_agent
kolla-ansible deploy
In order to see all available parameters, run:
::
kolla-ansible -h
.. NOTE:: In case of deploying using the _nested_ environment (*eg*.
Using Virtualbox VM's, KVM VM's), if your compute node supports
hardware acceleration for virtual machines.
For this, run the follow command in **compute node**:
::
$ egrep -c '(vmx|svm)' /proc/cpuinfo
If this command returns a value of **zero**, your compute node does not
support hardware acceleration and you **must** configure libvirt to use
**QEMU** instead of KVM.
For this, change the **virt_type** option in the `[libvirt]` section
of **nova-compute.conf** file inside the **/etc/kolla/config/** directory.
::
[libvirt]
virt_type=qemu
A bare metal system with Ceph takes 18 minutes to deploy. A virtual machine
deployment takes 25 minutes. These are estimates; different hardware may be
faster or slower but should be near these results.
After successful deployment of OpenStack, the Horizon dashboard will be
available by entering IP address or hostname from kolla\_external\_fqdn, or
kolla\_internal\_fqdn. If these variables were not set during deploy they
default to kolla\_internal\_vip\_address.
Useful tools
-------------
After successful deployment of OpenStack, run the following command can create
an openrc file \/etc\/kolla\/admin-openrc.sh on the deploy node. Or view
tools/openrc-example for an example of an openrc that may be used with the
environment.
::
kolla-ansible post-deploy
After the openrc file is created, use the following command to initialize an
environment with a glance image and neutron networks:
::
source /etc/kolla/admin-openrc.sh
kolla/tools/init-runonce
Failures
--------
Nearly always when Kolla fails, it is caused by a CTRL-C during the
deployment process or a problem in the globals.yml configuration.
To correct the problem where Operators have a misconfigured
environment, the Kolla developers have added a precheck feature which
ensures the deployment targets are in a state where Kolla may deploy
to them. To run the prechecks, execute:
::
kolla-ansible prechecks
If a failure during deployment occurs it nearly always occurs during
evaluation of the software. Once the Operator learns the few
configuration options required, it is highly unlikely they will experience
a failure in deployment.
Deployment may be run as many times as desired, but if a failure in a
bootstrap task occurs, a further deploy action will not correct the problem.
In this scenario, Kolla's behavior is undefined.
The fastest way during evaluation to recover from a deployment failure is to
remove the failed deployment:
On each node where OpenStack is deployed run:
::
tools/cleanup-containers
tools/cleanup-host
The Operator will have to copy via scp or some other means the cleanup
scripts to the various nodes where the failed containers are located.
Any time the tags of a release change, it is possible that the container
implementation from older versions won't match the Ansible playbooks in
a new version. If running multinode from a registry, each node's Docker
image cache must be refreshed with the latest images before a new deployment
can occur. To refresh the docker cache from the local Docker registry:
::
kolla-ansible pull
Debugging Kolla
---------------
The container's status can be determined on the deployment targets by
executing:
::
docker ps -a
If any of the containers exited, this indicates a bug in the container. Please
seek help by filing a bug or contacting the developers via IRC.
The logs can be examined by executing:
::
docker exec -it heka bash
The logs from all services in all containers may be read from
/var/log/kolla/SERVICE_NAME
If the stdout logs are needed, please run:
::
docker logs <container-name>
Note that most of the containers don't log to stdout so the above command will
provide no information.
To learn more about Docker command line operation please refer to `Docker
documentation <https://docs.docker.com/reference/commandline/cli/>`__.
When ``enable_central_logging`` is enabled, to view the logs in a web browser
using Kibana, go to:
::
http://<kolla_internal_vip_address>:<kibana_server_port>
or http://<kolla_external_vip_address>:<kibana_server_port>
and authenticate using ``<kibana_user>`` and ``<kibana_password>``.
The values ``<kolla_internal_vip_address>``, ``<kolla_external_vip_address>``
``<kibana_server_port>`` and ``<kibana_user>`` can be found in
``<kolla_install_path>/kolla/ansible/group_vars/all.yml`` or if the default
values are overridden, in ``/etc/kolla/globals.yml``. The value of
``<kibana_password>`` can be found in ``/etc/kolla/passwords.yml``.
Note: When you log in to Kibana web interface for the first time, you are
prompted to create an index. Please create an index using the name ``log-*``.
This step is necessary until the default Kibana dashboard is implemented in
Kolla.