One of the great things about OpenStack is all the options you have for deploying it. A recent blog mentioned various deployment models – and the flowchart below may help as you decide which model is best for you. For example, if you need a highly customized OpenStack deployment, then DIY may be the way to go. Then, there’s the question of which tool to use. In a previous blog we discussed how to install OpenStack using RDO Packstack. This blog will give an overview of the steps required to install OpenStack using OpenStack-Ansible (OSA).
Ansible is one of the top choices to deploy OpenStack. OpenStack-Ansible deploys a production-capable OpenStack environment using Ansible and LXC containers. This approach isolates the various OpenStack services into their own containers and make it easier to install and update OpenStack.
What is OpenStack-Ansible Deployment (OSAD)
OSAD is a source based installation of OpenStack, deployed via Ansible playbooks. It deploys OpenStack services on LXC containers for complete isolation between components and services hosted on a node. OSAD is well suited for deploying Production Environments. Ansible requires only SSH and Python to be available on the target host, no client or agents are installed. This makes it very easy to run Ansible playbooks to manage environments of any size or type. There are a large number of existing Ansible modules for overall Linux management and OpenStack-Ansible playbooks can be written against the OpenStack API’s or Python CLI’s.
The host which will run OSA needs at least 16GB of RAM and 80GB of disk space. The host must have Ubuntu 14.04 or newer. It is recommended that the all nodes hosting the Nova compute service have multi-core processors with hardware-assisted virtualization extensions. All other infrastructure nodes should have multi-core processors for best performance.
- Deployment hosts – 10GB of disk space for the OpenStack-Ansible repository content and other software
- Compute hosts – At least 100GB of disk space available. Disks with higher throughput, lower latency
- Storage hosts – At least 1TB of disk space. Disks with highest I/O throughput with the lowest latency
- Infrastructure hosts – At least 100GB of disk space for the services in the OpenStack control plane
- Logging hosts – At least 50GB disk space for storing logs on logging hosts, with enough storage performance to keep up with the log traffic
- Hosts that provide Block Storage (cinder) volumes must have logical volume manager (LVM) support and a volume group named cinder-volumes.
- Bonded network interfaces– Increases performance and reliability
- VLAN offloading– Increases performance by adding and removing VLAN tags in hardware
- 1Gb or 10Gb Ethernet– Supports higher network speeds, may also improve storage performance for Cinder
- Jumbo frames– Increase network performance by allowing more data to be sent in each packet.
- Ubuntu 14.04 LTS or newer
- Linux kernel > v3.13.0-34-generic
- Secure Shell (SSH) client and server
- NTP client for time synchronization
- Python 2.7 or later
Once these pre-requisites are met, we can proceed to the actual steps in the installation. At a high level, the steps required are
- Prepare deployment host
- Prepare target hosts
- Configure deployment
- Run foundation playbooks
- Run infrastructure playbooks
- Run OpenStack playbooks
Let’s look at each step in detail below.
Prepare Deployment Host
The deployment host contains Ansible and orchestrates the installation on the target hosts.It requires Ubuntu Server 14.04 LTS 64-bit. At least one network interface must be configured to access the Internet or suitable local repositories.
- Install the required utilities as shown below.
$ apt-get install aptitude build-essential git ntp ntpdate openssh-server python-dev sudo
- Configure NTP to synchronize with a suitable time source.
- Configure the network so that deployment host is on the same network designated for container management.
- Clone OSA repository and bootstrap Ansible.
- Configure SSH Keys
$ git clone -b VERSION https://github.com/openstack/openstack-ansible.git /opt/openstack-ansible $ scripts/bootstrap-ansible.sh
Prepare Target Hosts
OSA recommends at least five target hosts to contain the OpenStack environment and supporting infrastructure for the installation process. On each target host, perform the tasks below
- Name target hosts
- Install the operating system
- Generate and setup security measures
- Update the operating system and install additional software packages
- Create LVM volume groups
- Configure networking devices
Ansible configuration files have to be updated to define target environment attributes before running the Ansible playbooks. Perform the following tasks:
- Configure Target host networking to define bridge interfaces and networks
- Configure a list of target hosts on which to install the software
- Configure virtual and physical network relationships for OpenStack Networking (neutron)
- Optionally, configure hypervisor and Cinder service
- Configure passwords for all services
Run Foundation Playbooks
This step will prepare target hosts for infrastructure and OpenStack services by doing the following-
- Perform deployment host initial setup
- Build containers on target hosts
- Restart containers on target hosts
- Install common components into containers on target hosts
- cd to /opt/openstack-ansible/playbook
$ openstack-ansible setup-hosts.yml
- deploy HAProxy
$ openstack-ansible haproxy-install.yml
Run Infrastructure Playbooks
The main Ansible infrastructure playbook installs infrastructure services and performs the following operations:
- Installs Memcached and the repository server
- Installs Galera and RabbitMQ
- Installs and configure Rsyslog
- cd to /opt/openstack-ansible/playbooks
$ openstack-ansible setup-infrastructure.yml
- Confirm success with zero items unreachable or failed:
PLAY RECAP ********************************************************* deployment_host : ok=XX changed=0 unreachable=0 failed=0
Run OpenStack playbook
Finally, this step installs the OpenStack services as configured, in this order- Keystone, Glance, Cinder, Nova, Heat, Horizon, Ceilometer, Aodh, Swift, Ironic
- cd to /opt/openstack-ansible/playbooks
$ openstack-ansible setup-openstack.yml
Verify the Install
Since OpenStack can be consumed by either APIs or the UI, we need to verify both after the install steps above complete successfully.
Verify OpenStack APIs
The utility container provides a CLI environment for additional configuration and testing.
- Determine the utility container name:
$ lxc-ls | grep utility XX_utility_container_YY
- Access the utility container:
$ lxc-attach -n XX_utility_container_YY
- Source the admin tenant credentials:
$ source /root/opener
- Run an OpenStack command that uses one or more APIs. For example:
$ openstack user list +----------------------------------+--------------------+ | ID | Name | +----------------------------------+--------------------+
Verify UI Dashboard
- With a web browser, access the dashboard using the external load balancer IP address defined by the external_lb_vip_address option in the /etc/openstack_deploy/openstack_user_config.yml file.
- Authenticate with admin username and password defined by the keystone_auth_admin_password option in file /etc/openstack_deploy/user_variables.yml
Benefits of OpenStack-Ansible Deployment
- No dependency conflicts among services due to container based architecture. Updating a services with new dependencies doesn’t affect other services
- Deploy redundant services even on a single-node install. Galera, Rabbitmq, and Keystone are deployed with redundancy, and HAProxy is installed in the host
- Easy to do local updates or repairs to an existing installation. Ansible can destroy a container and regenerate one with a newer version of the service
- Mix and match services by using development packages on some, while keeping the rest configured for production use.
Things to Consider
OSAD is easy to install on a single node for PoC. Yet, it is robust enough for a production install. Due to the containerized architecture, it is easy to upgrade individual or all services. Compared to Puppet, ansible playbooks are easier to customize for any requirements. Despite all this ease, it is still non-trivial to investigate deployment errors due to the volume of logs.
Check out these other resources below for more information on OpenStack Deployments.