在有代理的环境下,使用kolla-ansible尝试创建OpenStack的All-in-One机器
首先
本文概述了在Proxy环境下使用kolla-ansible创建OpenStack的All-in-One机器时需要注意的事项。
使用kolla-ansibe创建OpenStack的方法可以在Google上找到很多,但它们似乎都是以无代理环境为基础构建的。在代理环境中创建非常困难,可能会出现令人费解的错误,让很多人放弃了。这次我虽然遇到了许多困难,但还是在代理环境中成功创建了,所以我想把这些信息保存下来作为备忘录。
Given the requirement.
请注意,我们在这里创建的 All-in-One 机器是为了测试和验证的目的而创建的,并不适用于生产环境。因此,请将其仅作为参考步骤使用,不要在实际生产环境中使用。
很简单,下面是创建环境的详细资料:
– 服务器(虚拟机):12个vCPU / 16GB内存 / 900GB硬盘 / 2个虚拟网卡(在6台VMware ESXi上创建)
– 操作系统:ubuntu 20.4 LTS(没有分支号,未使用20.4.x版本)
– kolla-ansible:12.3.1.dev46
– OpenStack版本:wallaby
(2022年2月12日更新)已确认OpenStack Xena版本的操作步骤与此相同。
步骤
我們將只列舉在代理環境下構建的重要要點。
建立的基本方法可參考Kolla Ansible在Ubuntu 20.04上部署OpenStack Wallaby。
1. 设置Proxy到ubuntu操作系统
首先,在Ubuntu的初始安装过程中可以进行代理设置,您可以在那里设置代理。这样做可以确保apt可以连接。当然,如果使用代理服务器的域名进行设置,则还需要在界面的IP地址注册页面上注册DNS服务器的IP地址。
[http or https]://[ユーザー名]:[パスワード]@[Proxyサーバのドメイン名 or IPアドレス]:[ポート番号]
【サンプル】
http://proxy.sample.com:8080
※ユーザー名、パスワード、ポート番号は利用環境毎にあったりなかったりだと思います。
2. 对于pip的代理设置
接下来,在执行Kolla Ansible部署在Ubuntu 20.04上的OpenStack Wallaby -创建Python虚拟环境的步骤之前,创建/etc/pip.conf文件并写入以下代理设置。
[global]
proxy = [http or https]://[ユーザー名]:[パスワード]@[proxyサーバのドメイン名 or IPアドレス]:[ポート番号]
※ユーザー名、パスワード、ポート番号は利用環境毎にあったりなかったりだと思います。
(可以) 对于git的代理设置
执行`pip install kolla-ansible`命令可以安装最新的kolla-ansible版本。如果想要安装除最新版本之外的其他版本,可以使用类似于`pip install git+https://opendev.org/openstack/kolla-ansible@stable/[branch_name]`的命令,并执行下面的命令来设置git代理。
$git config --global http.proxy [http or https]://[ユーザー名]:[パスワード]@[proxyサーバのドメイン名 or IPアドレス]:[ポート番号]
$git config --global https.proxy [http or https]://[ユーザー名]:[パスワード]@[proxyサーバのドメイン名 or IPアドレス]:[ポート番号]
※ユーザー名、パスワード、ポート番号は利用環境毎にあったりなかったりだと思います。
3. 将代理设置添加到pre-install.yml文件中
在执行Kolla Ansible在Ubuntu 20.04上部署OpenStack Wallaby之前,需要在Ansible Playbook中添加以下带有「★」标记的行。如果按照基本创建步骤创建,目标文件将位于~/wallaby/share/kolla-ansible/ansible/roles/baremetal/tasks/pre-install.yml中。
110 - name: Install docker apt gpg key
111 environment: ★
112 http_proxy: [http or https]://[ユーザー名]:[パスワード]@[proxyサーバのドメイン名 or IPアドレス]:[ポート番号] ★
113 https_proxy: [http or https]://[ユーザー名]:[パスワード]@[proxyサーバのドメイン名 or IPアドレス]:[ポート番号] ★
114 apt_key:
115 url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}"
116 id: "{{ docker_apt_key_id }}"
117 state: present
118 become: True
如果不做這個,執行 kolla-ansible -i /etc/kolla/all-in-one bootstrap-servers 時會出現以下錯誤。
TASK [baremetal : Install docker apt gpg key] **********************************************************************************************************************************************************
[0;31mfatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to download key at https://download.docker.com/linux/ubuntu/gpg: Request failed: <urlopen error timed out>"} [0m
4. Docker的代理设置
在 Ubuntu 20.04 上,使用 Kolla Ansible 部署 OpenStack Wallaby – 在执行 deploy命令之前,在 kolla-ansible -i /etc/kolla/all-in-one deploy 的步骤中,将会进行对 Docker 进行代理设置。可以参考 “在 Ubuntu 20.04.1 上使用代理环境使用 Docker” 的步骤。
如果不做这个,kolla-ansible -i /etc/kolla/all-in-one deploy在执行时会出现以下错误。
(直到意识到这是代理的问题,花费了很长时间……)
TASK [common : Ensure fluentd image is present for label check] ****************************************************************************************************************************************
[1;30mtask path: /home/xxxxx/wallaby/share/kolla-ansible/ansible/roles/common/tasks/config.yml:26[0m
[0;34mUsing module file /home/xxxxx/wallaby/share/kolla-ansible/ansible/library/kolla_docker.py[0m
[0;34mPipelining is enabled.[0m
[0;34m<localhost> ESTABLISH LOCAL CONNECTION FOR USER: xxxxx[0m
[0;34m<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-bawiyztivrzsmtncvhvtgpoohrmozoga ; /usr/bin/python3'"'"' && sleep 0'[0m
[0;31mThe full traceback is:[0m
[0;31m File "/tmp/ansible_kolla_docker_payload_b9_nm8n4/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 1241, in main[0m
[0;31m File "/tmp/ansible_kolla_docker_payload_b9_nm8n4/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 1116, in ensure_image[0m
[0;31m File "/tmp/ansible_kolla_docker_payload_b9_nm8n4/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 691, in pull_image[0m
[0;31m File "/usr/local/lib/python3.8/dist-packages/docker/api/image.py", line 430, in pull[0m
[0;31m self._raise_for_status(response)[0m
[0;31m File "/usr/local/lib/python3.8/dist-packages/docker/api/client.py", line 270, in _raise_for_status[0m
[0;31m raise create_api_error_from_http_exception(e)[0m
[0;31m File "/usr/local/lib/python3.8/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception[0m
[0;31m raise cls(e, response=response, explanation=explanation)[0m
[0;31mfatal: [localhost]: FAILED! => {[0m
[0;31m "changed": true,[0m
[0;31m "invocation": {[0m
[0;31m "module_args": {[0m
[0;31m "action": "ensure_image",[0m
[0;31m "api_version": "auto",[0m
[0;31m "auth_email": null,[0m
[0;31m "auth_password": null,[0m
[0;31m "auth_registry": null,[0m
[0;31m "auth_username": null,[0m
[0;31m "cap_add": [],[0m
[0;31m "cgroupns_mode": null,[0m
[0;31m "client_timeout": 120,[0m
[0;31m "command": null,[0m
[0;31m "detach": true,[0m
[0;31m "dimensions": {},[0m
[0;31m "environment": {[0m
[0;31m "KOLLA_CONFIG_STRATEGY": "COPY_ALWAYS"[0m
[0;31m },[0m
[0;31m "graceful_timeout": 10,[0m
[0;31m "healthcheck": null,[0m
[0;31m "ignore_missing": false,[0m
[0;31m "image": "kolla/ubuntu-source-fluentd:wallaby",[0m
[0;31m "labels": {},[0m
[0;31m "name": null,[0m
[0;31m "privileged": false,[0m
[0;31m "remove_on_exit": true,[0m
[0;31m "restart_policy": "unless-stopped",[0m
[0;31m "restart_retries": 10,[0m
[0;31m "security_opt": [],[0m
[0;31m "state": "running",[0m
[0;31m "tls_cacert": null,[0m
[0;31m "tls_cert": null,[0m
[0;31m "tls_key": null,[0m
[0;31m "tls_verify": false,[0m
[0;31m "tmpfs": null,[0m
[0;31m "tty": false,[0m
[0;31m "volumes": null,[0m
[0;31m "volumes_from": null[0m
[0;31m }[0m
[0;31m },[0m
[0;31m "msg": "'Traceback (most recent call last):\\n File \"/usr/local/lib/python3.8/dist-packages/docker/api/client.py\", line 268, in _raise_for_status\\n response.raise_for_status()\\n File \"/usr/lib/python3/dist-packages/requests/models.py\", line 940, in raise_for_status\\n raise HTTPError(http_error_msg, response=self)\\nrequests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: http+docker://localhost/v1.41/images/create?tag=wallaby&fromImage=kolla%2Fubuntu-source-fluentd\\n\\nDuring handling of the above exception, another exception occurred:\\n\\nTraceback (most recent call last):\\n File \"/tmp/ansible_kolla_docker_payload_b9_nm8n4/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py\", line 1241, in main\\n File \"/tmp/ansible_kolla_docker_payload_b9_nm8n4/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py\", line 1116, in ensure_image\\n File \"/tmp/ansible_kolla_docker_payload_b9_nm8n4/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py\", line 691, in pull_image\\n File \"/usr/local/lib/python3.8/dist-packages/docker/api/image.py\", line 430, in pull\\n self._raise_for_status(response)\\n File \"/usr/local/lib/python3.8/dist-packages/docker/api/client.py\", line 270, in _raise_for_status\\n raise create_api_error_from_http_exception(e)\\n File \"/usr/local/lib/python3.8/dist-packages/docker/errors.py\", line 31, in create_api_error_from_http_exception\\n raise cls(e, response=response, explanation=explanation)\\ndocker.errors.APIError: 500 Server Error for http+docker://localhost/v1.41/images/create?tag=wallaby&fromImage=kolla%2Fubuntu-source-fluentd: Internal Server Error (\"Get \"https://registry-1.docker.io/v2/\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)\")\\n'"[0m
[0;31m}[0m
5. 避免 Docker Hub 的速率限制
必要的代理設置到此為止,但由於Docker Hub的速率限制,仍然會出現錯誤。
在執行Kolla Ansible在Ubuntu 20.04上部署OpenStack Wallaby的Deployment步驟中,使用”kolla-ansible -i /etc/kolla/all-in-one deploy”指令之前,請訪問Docker官網並建立用戶帳戶。然後,在Ubuntu上執行以下指令,確保Ubuntu主機已登入到Docker Hub。
sudo docker login --username=[Docker Hubで作成したユーザー名]
Password: [Docker Hubで作成したユーザー名のパスワード]
如果您尚未登录Docker Hub,则会出现以下错误。
TASK [common : Ensure fluentd image is present for label check] ****************************************************************************************************************************************
[1;30mtask path: /home/xxxxx/wallaby/share/kolla-ansible/ansible/roles/common/tasks/config.yml:26[0m
[0;34mUsing module file /home/xxxxx/wallaby/share/kolla-ansible/ansible/library/kolla_docker.py[0m
[0;34mPipelining is enabled.[0m
[0;34m<localhost> ESTABLISH LOCAL CONNECTION FOR USER: xxxxx[0m
[0;34m<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-zdsnyhuhqeakfohywfvxwnzxzjqfcgtm ; http_proxy=http://proxy.sample.com:8080 https_proxy=http://proxy.sample.com:8080 /usr/bin/python3'"'"' && sleep 0'[0m
[0;31mThe full traceback is:[0m
[0;31m File "/tmp/ansible_kolla_docker_payload_qcyrnm88/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 1241, in main[0m
[0;31m File "/tmp/ansible_kolla_docker_payload_qcyrnm88/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 1116, in ensure_image[0m
[0;31m File "/tmp/ansible_kolla_docker_payload_qcyrnm88/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py", line 691, in pull_image[0m
[0;31m File "/usr/local/lib/python3.8/dist-packages/docker/api/image.py", line 430, in pull[0m
[0;31m self._raise_for_status(response)[0m
[0;31m File "/usr/local/lib/python3.8/dist-packages/docker/api/client.py", line 270, in _raise_for_status[0m
[0;31m raise create_api_error_from_http_exception(e)[0m
[0;31m File "/usr/local/lib/python3.8/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception[0m
[0;31m raise cls(e, response=response, explanation=explanation)[0m
[0;31mfatal: [localhost]: FAILED! => {[0m
[0;31m "changed": true,[0m
[0;31m "invocation": {[0m
[0;31m "module_args": {[0m
[0;31m "action": "ensure_image",[0m
[0;31m "api_version": "auto",[0m
[0;31m "auth_email": null,[0m
[0;31m "auth_password": null,[0m
[0;31m "auth_registry": null,[0m
[0;31m "auth_username": null,[0m
[0;31m "cap_add": [],[0m
[0;31m "cgroupns_mode": null,[0m
[0;31m "client_timeout": 120,[0m
[0;31m "command": null,[0m
[0;31m "detach": true,[0m
[0;31m "dimensions": {},[0m
[0;31m "environment": {[0m
[0;31m "KOLLA_CONFIG_STRATEGY": "COPY_ALWAYS"[0m
[0;31m },[0m
[0;31m "graceful_timeout": 10,[0m
[0;31m "healthcheck": null,[0m
[0;31m "ignore_missing": false,[0m
[0;31m "image": "kolla/ubuntu-source-fluentd:wallaby",[0m
[0;31m "labels": {},[0m
[0;31m "name": null,[0m
[0;31m "privileged": false,[0m
[0;31m "remove_on_exit": true,[0m
[0;31m "restart_policy": "unless-stopped",[0m
[0;31m "restart_retries": 10,[0m
[0;31m "security_opt": [],[0m
[0;31m "state": "running",[0m
[0;31m "tls_cacert": null,[0m
[0;31m "tls_cert": null,[0m
[0;31m "tls_key": null,[0m
[0;31m "tls_verify": false,[0m
[0;31m "tmpfs": null,[0m
[0;31m "tty": false,[0m
[0;31m "volumes": null,[0m
[0;31m "volumes_from": null[0m
[0;31m }[0m
[0;31m },[0m
[0;31m "msg": "'Traceback (most recent call last):\\n File \"/usr/local/lib/python3.8/dist-packages/docker/api/client.py\", line 268, in _raise_for_status\\n response.raise_for_status()\\n File \"/usr/lib/python3/dist-packages/requests/models.py\", line 940, in raise_for_status\\n raise HTTPError(http_error_msg, response=self)\\nrequests.exceptions.HTTPError: 500 Server Error: Internal Server Error for url: http+docker://localhost/v1.41/images/create?tag=wallaby&fromImage=kolla%2Fubuntu-source-fluentd\\n\\nDuring handling of the above exception, another exception occurred:\\n\\nTraceback (most recent call last):\\n File \"/tmp/ansible_kolla_docker_payload_qcyrnm88/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py\", line 1241, in main\\n File \"/tmp/ansible_kolla_docker_payload_qcyrnm88/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py\", line 1116, in ensure_image\\n File \"/tmp/ansible_kolla_docker_payload_qcyrnm88/ansible_kolla_docker_payload.zip/ansible/modules/kolla_docker.py\", line 691, in pull_image\\n File \"/usr/local/lib/python3.8/dist-packages/docker/api/image.py\", line 430, in pull\\n self._raise_for_status(response)\\n File \"/usr/local/lib/python3.8/dist-packages/docker/api/client.py\", line 270, in _raise_for_status\\n raise create_api_error_from_http_exception(e)\\n File \"/usr/local/lib/python3.8/dist-packages/docker/errors.py\", line 31, in create_api_error_from_http_exception\\n raise cls(e, response=response, explanation=explanation)\\ndocker.errors.APIError: 500 Server Error for http+docker://localhost/v1.41/images/create?tag=wallaby&fromImage=kolla%2Fubuntu-source-fluentd: Internal Server Error (\"toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit\")\\n'"[0m
[0;31m}[0m
如果执行以上所有操作,我认为kolla-ansible可以在Proxy环境下正常运行。
最终
此外,我还遇到了在kolla-ansible执行playbook期间出现“你需要使用sudo才能运行该命令”的错误。但是,在我的情况下,再次执行playbook可以成功地完成处理而不会产生错误的情况出现了大约两次。如果遇到类似的错误,可能可以通过重新执行相应的playbook来避免。(为什么会暂时出现这样的错误还不清楚…)
(02/23/2022更新) 如果处理时间过长,可能会触发sudo的超时,导致出现上述错误。可以事先在/etc/sudoers中添加”Defaults timestamp_timeout=<超时时间(分钟)>”来避免此问题。
因为Ansible的幂等性,能够多次执行相同的playbook让我感到非常安心。
希望这篇文章能够帮助到有相同困扰的人解决问题。
