Skip to content

Instantly share code, notes, and snippets.

@johnsage25

johnsage25/01-openstack.md

Forked from meetmatt/01-openstack.md
Created May 5, 2023 21:59
Show Gist options
  • Save johnsage25/ed2dbc8e14741de82a42120bb42bd8d3 to your computer and use it in GitHub Desktop.
Save johnsage25/ed2dbc8e14741de82a42120bb42bd8d3 to your computer and use it in GitHub Desktop.
Download ZIP
Scripted version of the how-to article by Rodrigo Nascimento "OpenStack Single-Node (MicroStack)" https://connection.rnascimento.com/2021/03/08/openstack-single-node-microstack/ Part 2 with Kubernetes can be found here https://gist.github.com/yurgol/92167f8cc61e85346bbb97b4501d8d22
Raw
01-openstack.md

Openstack

OS configuration

Add user to sudoers without password

echo 'user ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/user

Kernel optimizations

echo fs.inotify.max_queued_events=1048576 | sudo tee -a /etc/sysctl.conf
echo fs.inotify.max_user_instances=1048576 | sudo tee -a /etc/sysctl.conf
echo fs.inotify.max_user_watches=1048576 | sudo tee -a /etc/sysctl.conf
echo vm.max_map_count=262144 | sudo tee -a /etc/sysctl.conf
echo vm.swappiness=1 | sudo tee -a /etc/sysctl.conf

Disable ipv6

echo net.ipv6.conf.all.disable_ipv6=1 | sudo tee -a /etc/sysctl.conf
echo net.ipv6.conf.default.disable_ipv6=1 | sudo tee -a /etc/sysctl.conf
echo net.ipv6.conf.lo.disable_ipv6=1 | sudo tee -a /etc/sysctl.conf

Persist to grub:

sudo vim /etc/default/grub
# find these options and replace them with
# speed up boot
GRUB_TIMEOUT=1
# disable IPv6
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
GRUB_CMDLINE_LINUX="ipv6.disable=1"
sudo update-grub
sudo reboot

Remove LXD

sudo snap remove lxd

Microstack installation

Install microstack from snap

sudo snap install microstack --devmode --beta

Add CLI aliases

sudo snap alias microstack.openstack openstack
sudo snap alias microstack.ovs-vsctl ovs-vsctl

Initialize microstack services

sudo microstack init --auto --control

Persist network configuration

Configure Open vSwitch bridge

Move host IP address from the physical interface to Open vSwitch managed bridge.

Save script that restores the IP address and default route

sudo tee /usr/local/bin/microstack-br-workaround > /dev/null << EOL
#!/bin/bash
ovs-vsctl add-port br-ex enp5s0 || :
ip addr flush dev enp5s0 || :
ip address add 192.168.1.100/24 dev br-ex || :
ip link set br-ex up || :
ip route add default via 192.168.1.1 || :
EOL
sudo chmod +x /usr/local/bin/microstack-br-workaround
sudo /usr/local/bin/microstack-br-workaround

Create systemd startup service which runs the script on boot

sudo tee /etc/systemd/system/microstack-br-workaround.service > /dev/null << EOL
[Unit]
Description=Service for adding physical ip to microstack bridge
Requires=snap.microstack.external-bridge.service
After=snap.microstack.external-bridge.service

[Service]
ExecStart=/usr/local/bin/microstack-br-workaround
SyslogIdentifier=microstack-br-workaround
Restart=no
WorkingDirectory=/usr/local/bin
TimeoutStopSec=30
Type=oneshot

[Install]
WantedBy=multi-user.target
EOL

Enable the service

sudo systemctl daemon-reload
sudo systemctl enable microstack-br-workaround.service

Restore dnsmasq ability to forward DNS after network manipulations

sudo tee /etc/systemd/resolved.conf > /dev/null << EOL
[Resolve]
DNS=1.1.1.1
EOL
```shell
Restart the systemd service
```shell
sudo systemctl restart systemd-resolved.service

Reboot to test

sudo reboot

Prepare Openstack

Clean-up default networks and router

Delete default router

openstack router remove subnet test-router test-subnet
openstack router unset --external-gateway test-router
openstack router delete test-router

Delete default networks

openstack subnet  delete test-subnet external-subnet
openstack network delete test        external

Extend quotas

openstack quota set \
    --secgroups -1 \
    --cores 128 \
    --instances 100 \
    --ram 52000 \
    admin

Setup networking

Create a public network

openstack network create \
    --enable \
    --project admin \
    --external \
    --default \
    --provider-network-type flat \
    --provider-physical-network physnet1 \
    public

Subnet without DHCP:

openstack subnet create \
    --project admin \
    --subnet-range 192.168.1.0/24 \
    --no-dhcp \
    --gateway 192.168.1.1 \
    --network public \
    --allocation-pool start=192.168.1.200,end=192.168.1.250 \
    public

Create a private network

openstack network create \
    --enable \
    --project admin \
    --internal \
    private

Subnet with DHCP:

openstack subnet create \
    --project admin \
    --subnet-range 10.10.0.0/24 \
    --dhcp \
    --network private \
    private

Create the router as NAT gateway for private network

openstack router create \
    --disable \
    --project admin \
    router

Attach the router to private network:

openstack router add subnet router private

Set the router gateway through public network and enable SNAT:

openstack router set \
    --enable \
    --enable-snat \
    --external-gateway public \
    router

Pre-allocate floating IPs

for i in $(seq 1 50)
do
    openstack floating ip create public >/dev/null
done

Create keypair

ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ''
openstack keypair create --public-key ~/.ssh/id_rsa.pub default

Replace default security group

Delete default security group:

SEC_GROUP=$(openstack security group list --project admin -c ID -f value)
openstack security group delete $SEC_GROUP

Create allow-all security group:

openstack security group create --project admin allow

Delete default rules:

openstack security group rule list allow -f value -c ID \
    | xargs -n1 -I{} openstack security group rule delete {}

Add allow-all rules.
Ingress:

openstack security group rule create allow \
    --project admin \
    --ethertype IPv4 \
    --ingress

Egress:

openstack security group rule create allow \
    --project admin \
    --ethertype IPv4 \
    --egress

Prepare virtual machine flavors

Delete default flavours

openstack flavor list -c Name -f value \
    | xargs -n1 -I{} openstack flavor delete {}

Create new flavours

1,2,4,8 VCPUs; 1024, 2048, 4096, 8192 RAM; 5, 10, 20 disk.

for i in 1 2 4 8
do
    for j in 1024 2048 4096 8192
    do
        for k in 5 10 20
        do
            openstack flavor create "$i.$j.$k" --vcpus $i --ram $j --disk $k >/dev/null
        done
    done
done
openstack flavor list --sort-column VCPUs --sort-column RAM --sort-column Disk -c Name -c VCPUs -c RAM -c Disk

Import VM OS image

Download the cloud Ubuntu OS image

Redefine the SERIES with another Ubuntu release (e.g. bionic, xenial) if necessary.

SERIES=focal
wget https://cloud-images.ubuntu.com/${SERIES}/current/${SERIES}-server-cloudimg-amd64.img

Create the image to Openstack Glance

openstack image create ubuntu.${SERIES} \
      --public \
      --disk-format=qcow2 \
      --container-format=bare \
      --property os_distro='ubuntu' \
      --file=${SERIES}-server-cloudimg-amd64.img

TODO

Install Openstack Barbican, Barbican Vault, Octavia

https://docs.openstack.org/barbican/ussuri/
https://docs.openstack.org/octavia/ussuri/

Add DNS support

https://docs.openstack.org/designate/latest/intro/index.html

TODO: investigate possibility to use let's encrypt

Test Openstack

Launch instance

openstack server create \
    --image ubuntu.focal \
    --flavor 8.2048.5 \
    --security-group allow \
    --key-name default \
    --network private \
    --wait \
    test

Assign floating IP

FLOAT_IP=$(openstack floating ip list -f value | grep None | head -n1 | awk '{print $2}')
openstack server add floating ip test $FLOAT_IP

SSH

ssh ubuntu@$FLOAT_IP

Kill instance

openstack server delete test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment