openstack-ansible/deploy-guide/source/deploymenthost.rst
Jesse Pretorius ca49f4121e Ensure that RDO/SUSE series repo instructions stay up to date
The deployment host documentation gets out of date really quickly.
This patch makes it self maintaining. Note that due to the fact
that RDO/SUSE do not implement their repositories for a new
release until much, much later in the cycle, we use the previous
release repo for master. This will self-update during our RC
when the stable branch is cut.

Some formatting adjustments have made to prevent the interpretation
of URL's as links by sphinx and to remove the use of multi-line shell
commands.

Closes-Bug: #1759721
Change-Id: Id28540d335390a52e0eb65a734a1d594235265d6
2018-04-04 10:56:24 +01:00

5.9 KiB

Prepare the deployment host

When you install OpenStack in a production environment, we recommend using a separate deployment host that contains Ansible and orchestrates the OpenStack-Ansible (OSA) installation on the target hosts. In a test environment, we recommend using one of the infrastructure target hosts as the deployment host.

To use a target host as a deployment host, follow the steps in :deploy_guide:Prepare the target hosts <targethosts.html> on the deployment host.

Configuring the operating system

Install the operating system

Install one of the following supported operating systems on the deployment hosts:

Configure at least one network interface to access the Internet or suitable local repositories.

Configure Ubuntu

Install additional software packages and configure Network Time Protocol (NTP). Before you begin, we recommend upgrading your system packages and kernel.

  1. Update package source lists:

    # apt-get update
  2. Upgrade the system packages and kernel:

    # apt-get dist-upgrade
  3. Reboot the host.

  4. Install additional software packages if they were not installed during the operating system installation:

    # apt-get install aptitude build-essential git ntp ntpdate openssh-server python-dev sudo
  5. Configure NTP to synchronize with a suitable time source.

Configure CentOS

Install additional software packages and configure Network Time Protocol (NTP). Before you begin, we recommend upgrading your system packages and kernel.

  1. Upgrade the system packages and kernel

    # yum upgrade
  2. Reboot the host.

  3. Install additional software packages if they were not installed during the operating system installation:

    # yum install https://rdoproject.org/repos/openstack-/rdo-release-.rpm # yum install git ntp ntpdate openssh-server python-devel sudo '@Development Tools'

  4. Configure NTP to synchronize with a suitable time source.

  5. The firewalld service is enabled on most CentOS systems by default and its default ruleset prevents OpenStack components from communicating properly. Stop the firewalld service and mask it to prevent it from starting:

    # systemctl stop firewalld
    # systemctl mask firewalld

Note

There is future work planned to create proper firewall rules for OpenStack services in OpenStack-Ansible deployments. Until that work is complete, deployers must maintain their own firewall rulesets or disable the firewall entirely.

Configure openSUSE

Install additional software packages and configure Network Time Protocol (NTP). Before you begin, we recommend upgrading your system packages and kernel.

  1. Upgrade the system packages and kernel

    # zypper up
  2. Reboot the host.

  3. Install additional software packages if they were not installed during the operating system installation:

    # zypper ar http://download.opensuse.org/repositories/Cloud:/OpenStack://openSUSE_Leap_42.3 OBS:Cloud:OpenStack: # zypper install git-core ntp openssh python-devel sudo gcc libffi-devel libopenssl-devel

  4. Configure NTP to synchronize with a suitable time source.

Configure SSH keys

Ansible uses SSH with public key authentication to connect the deployment host and target hosts. To reduce user interaction during Ansible operations, do not include passphrases with key pairs. However, if a passphrase is required, consider using the ssh-agent and ssh-add commands to temporarily store the passphrase before performing Ansible operations.

Configure the network

Ansible deployments fail if the deployment server can't use Secure Shell (SSH) to connect to the containers.

Configure the deployment host (where Ansible is executed) to be on the same layer 2 network as the network designated for container management. By default, this is the br-mgmt network. This configuration reduces the rate of failure caused by connectivity issues.

Select an IP address from the following example range to assign to the deployment host:

Container management: 172.29.236.0/22 (VLAN 10)

Install the source and dependencies

Install the source and dependencies for the deployment host.

Note

If you are installing with limited connectivity, please review :dev_docs:Installing with limited connectivity <user/limited-connectivity/index.html> before proceeding.

  1. Clone the latest stable release of the OpenStack-Ansible Git repository in the /opt/openstack-ansible directory:

    # git clone -b https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible

    If git.openstack.org can not be accessed to run git clone, github.com can be used as an alternative repo:

    # git clone -b https://github.com/openstack/openstack-ansible.git /opt/openstack-ansible

  2. Change to the /opt/openstack-ansible directory, and run the Ansible bootstrap script:

    # scripts/bootstrap-ansible.sh