Matthias Hinrichs
214 lines
6.3 KiB
Markdown
214 lines
6.3 KiB
Markdown
# OpenStack Homelab
|
|
|
|
OpenStack Homelab is a collection of scripts and configurations to deploy OpenStack on a single server or a small cluster of servers. It is designed to be easy to use and customize, and to provide a good starting point for anyone interested in deploying OpenStack.
|
|
|
|
## Hardware Setup
|
|
|
|
My Homelab consists of the following components:
|
|
|
|
- 3 x Control/Compute Nodes
|
|
- 1 Unifi USW 8-Port Switch
|
|
- 1 Synology DiskStation DS920+
|
|
|
|
## VLANs
|
|
- VLAN100: Management Network
|
|
- VLAN111-113: ExternalCompute Network
|
|
- VLAN114-116: Storage Network
|
|
|
|
## Initial Setup
|
|
|
|
### Host Preparation
|
|
|
|
First install Ubuntu Server 24.04 LTS on each host. Just a minimal Base installation. During setup ensure to configure VLAN100 as the only DHCP interface.
|
|
Hostname and IP are defined by DHCP on the Unifi Gateway.
|
|
|
|
Add optional: true to enp2s0 to speed up boot time. Otherwise Ubuntu will wait for a DHCP response before booting.
|
|
|
|
```
|
|
network:
|
|
version: 2
|
|
ethernets:
|
|
enp2s0f0:
|
|
mtu: 9000
|
|
optional: true
|
|
enp2s0f1:
|
|
mtu: 9000
|
|
optional: true
|
|
vlans:
|
|
enp2s0f0.100:
|
|
mtu: 9000
|
|
dhcp4: true
|
|
id: 100
|
|
link: "enp2s0f0"
|
|
enp2s0f0.105:
|
|
mtu: 9000
|
|
dhcp4: true
|
|
id: 105
|
|
link: "enp2s0f0"
|
|
dhcp4-overrides:
|
|
use-routes: false
|
|
```
|
|
|
|
Enable login with SSH-Key based authentication and configure sudo access for the user without password.
|
|
|
|
|
|
# Installation
|
|
|
|
## Create credentials:
|
|
|
|
run
|
|
```
|
|
./kolla.sh genpwd
|
|
```
|
|
|
|
## Bootstrap Servers
|
|
This will install everything needed to run OpenStack on the host servers.
|
|
|
|
```
|
|
./kolla.sh bootstrap-servers
|
|
```
|
|
|
|
## Prechecks
|
|
Checking if the configuration is correct.
|
|
|
|
```
|
|
./kolla.sh prechecks
|
|
```
|
|
|
|
## Deployment
|
|
|
|
```
|
|
./kolla.sh deploy
|
|
```
|
|
|
|
# Post-Deployment Tasks
|
|
|
|
After the deployment is complete, you can copy the admin-openrc.sh and other credential files file to your kolla directory.
|
|
This is only needed after the initial deployment and installation of some services like octavia.
|
|
|
|
|
|
```
|
|
./kolla.sh post-deploy
|
|
```
|
|
|
|
## Create Networks
|
|
|
|
```
|
|
openstack network create --share --external \
|
|
--provider-physical-network physnet1 \
|
|
--provider-segment 113 \
|
|
--provider-network-type vlan \
|
|
extnet-vlan113
|
|
|
|
openstack subnet create \
|
|
--allocation-pool start=192.168.113.10,end=192.168.113.200 \
|
|
--network extnet-vlan113 \
|
|
--subnet-range 192.168.113.0/24 \
|
|
--gateway 192.168.113.1 \
|
|
extnet-vlan113-subnet
|
|
|
|
openstack network set --external extnet-vlan113
|
|
|
|
openstack network create selfservice1
|
|
|
|
openstack subnet create --subnet-range 10.0.2.0/24 \
|
|
--network selfservice1 --dns-nameserver 8.8.4.4 selfservice1-v4
|
|
|
|
openstack router create router1
|
|
openstack router add subnet router1 selfservice1-v4
|
|
|
|
openstack router set --external-gateway extnet-vlan113 router1
|
|
|
|
|
|
openstack security group rule create --protocol icmp default
|
|
|
|
```
|
|
|
|
## Some Flavors
|
|
|
|
```
|
|
openstack flavor create --ram 512 --disk 5 --vcpus 1 m1.tiny
|
|
openstack flavor create --ram 1024 --disk 10 --vcpus 1 m1.small
|
|
openstack flavor create --ram 2048 --disk 20 --vcpus 1 m1.medium
|
|
openstack flavor create --ram 4096 --disk 30 --vcpus 1 m1.large
|
|
openstack flavor create --ram 8192 --disk 50 --vcpus 1 m1.x-large
|
|
|
|
openstack flavor create --ram 1024 --disk 25 --vcpus 2 c2.tiny
|
|
openstack flavor create --ram 2048 --disk 50 --vcpus 2 c2.small
|
|
openstack flavor create --ram 4096 --disk 75 --vcpus 2 c2.medium
|
|
openstack flavor create --ram 8192 --disk 100 --vcpus 2 ko
|
|
openstack flavor create --ram 8192 --disk 150 --vcpus 2 c2.x-large
|
|
|
|
```
|
|
|
|
## Some Images
|
|
|
|
```
|
|
wget https://files.hnrx.net/OS-Images/cirros-0.6.3-x86_64-disk.img && \
|
|
openstack image create --disk-format qcow2 --container-format bare --public --file ./cirros-0.6.3-x86_64-disk.img cirros-0.6.3 --progress && \
|
|
rm cirros-0.6.3-x86_64-disk.img
|
|
|
|
wget https://download.opensuse.org/repositories/Cloud:/Images:/Leap_15.6/images/openSUSE-Leap-15.6.x86_64-NoCloud.qcow2
|
|
openstack image create --disk-format qcow2 --container-format bare --public --file ./openSUSE-Leap-15.6.x86_64-NoCloud.qcow2 openSUSE-Leap-15.6 --progress
|
|
|
|
wget https://files.hnrx.net/OS-Images/Fedora-Cloud-Base-Generic-41-1.4.x86_64.qcow2 && \
|
|
openstack image create --disk-format qcow2 --container-format bare --public --file ./Fedora-Cloud-Base-Generic-41-1.4.x86_64.qcow2 Fedora-Cloud-Base-Generic-41-1.4.x86_64 --progress && \
|
|
rm Fedora-Cloud-Base-Generic-41-1.4.x86_64.qcow2
|
|
|
|
wget https://files.hnrx.net/OS-Images/rhel-10-hnrx.qcow2 && \
|
|
openstack image create --disk-format qcow2 --container-format bare --public --file ./rhel-10-hnrx.qcow2 rhel-10-hnrx --progress && \
|
|
rm rhel-10-hnrx.qcow2
|
|
|
|
wget https://files.hnrx.net/OS-Images/ubuntu-24.0am4-lts-noble-server-cloudimg-amd64.img && \
|
|
openstack image create --disk-format qcow2 --container-format bare --public --file ./ubuntu-24.04-lts-noble-server-cloudimg-amd64.img ubuntu-24.04-lts-noble-server-cloudimg-amd64 --progress && \
|
|
rm ubuntu-24.04-lts-noble-server-cloudimg-amd64.img
|
|
|
|
wget https://files.hnrx.net/OS-Images/talos-1.10.2-openstack-amd64.raw && \
|
|
openstack image create --disk-format raw --container-format bare --public --file ./talos-1.10.2-openstack-amd64.raw talos --progress && \
|
|
rm talos-1.10.2-openstack-amd64.raw
|
|
|
|
|
|
|
|
|
|
|
|
|
|
openstack image create amphora-x64-haproxy.qcow2 --container-format bare --disk-format qcow2 --private --tag amphora --file amphora-x64-haproxy.qcow2 --property hw_architecture='x86_64' --property hw_rng_model=virtio --progress
|
|
|
|
|
|
|
|
```
|
|
|
|
## create a security group
|
|
|
|
```
|
|
openstack security group create --description "Allow SSH and ICMP" hnrx-default
|
|
openstack security group rule create --protocol tcp --dst-port 22:22 hnrx-default
|
|
openstack security group rule create --protocol icmp hnrx-default
|
|
|
|
openstack default security group rule create --protocol tcp --dst-port 22:22
|
|
openstack default security group rule create --protocol icmp
|
|
|
|
```
|
|
|
|
## Prepare separate project
|
|
|
|
```
|
|
openstack project create --description 'the hnrx homelab test project' hnrx-test \
|
|
--domain default
|
|
|
|
openstack project create --description 'the hnrx homelab prod project' hnrx-prod \
|
|
--domain default
|
|
|
|
|
|
openstack user create --project hnrx-test --password start123 hnrx
|
|
openstack role add --user hnrx --project hnrx-test admin
|
|
openstack role add --user hnrx --project hnrx-prod admin
|
|
```
|
|
|
|
## Configure Designate
|
|
as admin User:
|
|
openstack service list; openstack endpoint list --service designate
|
|
|
|
openstack zone create --email admin@hnrx.net hnrx.cloud.
|
|
|