openstack-ansible/deploy-guide/source/deploymenthost.rst

Prepare the deployment host

When you install OpenStack in a production environment, we recommend using a separate deployment host that contains Ansible and orchestrates the OpenStack-Ansible (OSA) installation on the target hosts. In a test environment, we recommend using one of the infrastructure target hosts as the deployment host.

To use a target host as a deployment host, follow the steps in :deploy_guide:Prepare the target hosts <targethosts.html> on the deployment host.

Configuring the operating system

Install the operating system

Install one of the following supported operating systems on the deployment hosts:

• Ubuntu server 18.04 (Bionic Beaver) LTS 64-bit
• Ubuntu server 20.04 (Focal Fossa) LTS 64-bit
• Debian 10 (Buster) LTS 64-bit
• Debian 11 (Bullseye) LTS 64-bit
• Centos 8 64-bit
• Centos 8 Stream 64-bit

Configure at least one network interface to access the Internet or suitable local repositories.

Configure Ubuntu

Install additional software packages and configure Network Time Protocol (NTP). Before you begin, we recommend upgrading your system packages and kernel.

1. Update package source lists:

   # apt update

2. Upgrade the system packages and kernel:

   # apt dist-upgrade

3. Reboot the host.

4. Install additional software packages if they were not installed during the operating system installation:

   # apt install build-essential git chrony openssh-server python3-dev sudo

5. Configure NTP to synchronize with a suitable time source.

Configure CentOS

Install additional software packages and configure Network Time Protocol (NTP). Before you begin, we recommend upgrading your system packages and kernel.

1. Upgrade the system packages and kernel

   # dnf upgrade

2. Reboot the host.

3. Install additional software packages if they were not installed during the operating system installation:

   # dnf install https://repos.fedorapeople.org/repos/openstack/openstack-/rdo-release-.el8.rpm # dnf install git chrony openssh-server python3-devel sudo # dnf group install "Development Tools"

4. Configure NTP to synchronize with a suitable time source.

5. The firewalld service is enabled on most CentOS systems by default and its default ruleset prevents OpenStack components from communicating properly. Stop the firewalld service and mask it to prevent it from starting:

   # systemctl stop firewalld
   # systemctl mask firewalld

Note

There is future work planned to create proper firewall rules for OpenStack services in OpenStack-Ansible deployments. Until that work is complete, deployers must maintain their own firewall rulesets or disable the firewall entirely.

Configure SSH keys

Ansible uses SSH with public key authentication to connect the deployment host and target hosts. To reduce user interaction during Ansible operations, do not include passphrases with key pairs. However, if a passphrase is required, consider using the ssh-agent and ssh-add commands to temporarily store the passphrase before performing Ansible operations.

Configure the network

Ansible deployments fail if the deployment server can't use Secure Shell (SSH) to connect to the containers.

Configure the deployment host (where Ansible is executed) to be on the same layer 2 network as the network designated for container management. By default, this is the br-mgmt network. This configuration reduces the rate of failure caused by connectivity issues.

Select an IP address from the following example range to assign to the deployment host:

Container management: 172.29.236.0/22 (VLAN 10)

Install the source and dependencies

Install the source and dependencies for the deployment host.

Note

If you are installing with limited connectivity, please review :dev_docs:Installing with limited connectivity <user/limited-connectivity/index.html> before proceeding.

1. Clone the latest stable release of the OpenStack-Ansible Git repository in the /opt/openstack-ansible directory:

   # git clone -b https://opendev.org/openstack/openstack-ansible /opt/openstack-ansible

   If opendev.org can not be accessed to run git clone, github.com can be used as an alternative repo:

   # git clone -b https://github.com/openstack/openstack-ansible.git /opt/openstack-ansible

2. Change to the /opt/openstack-ansible directory, and run the Ansible bootstrap script:

   # scripts/bootstrap-ansible.sh

Configure Docker with Alpine

It is an alternative realization of deploy host configuration which includes usage of the Docker container as the deploy host.

This is also neither supported nor tested in CI, so you should use it at your own risk.

Before you begin, we recommend upgrading your Docker host system packages and kernel.

1. Prepare your OpenStack Ansible Dockerfile

   FROM alpine RUN apk add --no-cache bash build-base git python3-dev openssh-client openssh-keygen sudo py3-virtualenv iptables libffi-dev openssl-dev linux-headers coreutils curl RUN git clone -b https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible WORKDIR /opt/openstack-ansible RUN /opt/openstack-ansible/scripts/bootstrap-ansible.sh ENTRYPOINT ["bash"]

2. Build and run your deploy host container

   # docker build . -t openstack-ansible: # docker run -dit --name osa-deploy openstack-ansible: # docker exec -it osa-deploy bash

3. Configure NTP to synchronize with a suitable time source on the Docker host.