Setup Multi Region Openstack with Kolla Ansible
Introduction
This section (Research Purposes) describes how to perform a basic multiple region deployment with Kolla. A basic multiple region deployment consists of separate OpenStack installations in two or more regions (RegionOne, RegionTwo, …) with a shared Keystone.
Diagram
System Spesifications
Openstack Region bogor-1
| Column 1 | Column 2 |
|---|---|
| Hostname | op-bogor-aio |
| CPU | 4 vCPU |
| RAM | 12GB |
| DISK1 (system) | 25GB |
| DISK2 (cinder) | 100GB |
| Service | Openstack Zed All in One |
| Internal FQDN | op-bgr-rjhaikal.id |
Openstack Region jakarta-1
| Column 1 | Column 2 |
|---|---|
| Hostname | op-jakarta-aio |
| CPU | 4 vCPU |
| RAM | 12GB |
| DISK1 (system) | 25GB |
| DISK2 (cinder) | 100GB |
| Service | Openstack Zed All in One |
| Internal FQDN | op-jkt-rjhaikal.id |
Middleware Horizon
| Column 1 | Column 2 |
|---|---|
| Hostname | op-horizon |
| CPU | 4 vCPU |
| RAM | 4GB |
| DISK1 (system) | 50GB |
| FQDN | op-horizon-rjhaikal.id |
IP Address
| Node | ens3 | ens4 | VIP |
|---|---|---|---|
| op-bogor-aio | 192.168.1.50 | none | 192.168.1.100 |
| op-jakarta-aio | 172.16.1.50 | none | 172.16.1.100 |
| op-horizon | 10.20.10.200 | - | - |
Deployment of the Bogor-1 Region
- Preparation
# Add Mapping Hosts
vim /etc/hosts
---
192.168.1.50 op-bogor-aio
172.16.1.50 op-jakarta-aio
192.168.1.100 op-bgr-rjhaikal.id
172.16.1.100 op-jkt-rjhaikal.id
---
# Install dependency
apt install python3-dev libffi-dev gcc libssl-dev ca-certificates -y
pip3 install docker
# Create Virtual Environment
mkdir openstack && cd openstack
python3 -m venv os-venv
source os-venv/bin/activate
2. Install Ansible & Kolla-Ansible
# Install pip & ansible in virtual environment
pip install -U pip
pip install 'ansible>=4,<6'
# Install kolla-ansible
pip install git+https://opendev.org/openstack/kolla-ansible@stable/zed
# Install Ansible Galaxy dependencies (Zed release onwards):
kolla-ansible install-deps3. Configure Kolla-Ansible
# Create Kolla Folder
sudo mkdir -p /etc/kolla
sudo chown $USER:$USER /etc/kolla
# Copy inventory & yml file kolla
cp -r os-venv/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
cp os-venv/share/kolla-ansible/ansible/inventory/* .
# Configure ansible
mkdir -p /etc/ansible
nano /etc/ansible/ansible.cfg
---
[defaults]
host_key_checking=False
pipelining=True
forks=100
---
# Generate kolla password
kolla-genpwd
# Configure globals.yml
nano /etc/kolla/globals.yml
globals.yaml
---
## BASE
kolla_base_distro: "ubuntu"
kolla_install_type: "source"
openstack_release: "zed"
## NETWORK
kolla_internal_vip_address: "192.168.1.100"
kolla_internal_fqdn: "op-bgr-rjhaikal.id"
network_interface: "ens3"
neutron_external_interface: "ens4"
neutron_plugin_agent: "ovn"
enable_neutron_provider_networks: "yes"
## SERVICE
nova_compute_virt_type: "qemu"
enable_haproxy: "yes"
enable_cinder: "yes"
enable_cinder_backup: "no"
enable_cinder_backend_lvm: "yes"
cinder_volume_group: "openstack_cinder"
keystone_token_provider: "fernet"
enable_keystone: "yes"
enable_horizon: "yes"
enable_openstack_core: "yes"
enable_mariadb_clustercheck: "yes"
## REGION
openstack_region_name: "bogor-1"
multiple_regions_names:
- "{{ openstack_region_name }}"
- "jakarta-1"
# Create Cinder Volume
pvcreate /dev/vdb
vgcreate openstack_cinder /dev/vdb
4. Deployment
kolla-ansible -i ./all-in-one certificates (for generate self signed cert)
kolla-ansible -i ./all-in-one bootstrap-servers
kolla-ansible -i ./all-in-one prechecks
kolla-ansible -i ./all-in-one deploy
kolla-ansible -i ./all-in-one post-deploy
# Install Openstack Client
pip3 install openstackclient
# Verify Openstack Cluster
cp /etc/kolla/admin-openrc.sh ~/openstack
source ~/openstack/admin-openrc.sh
openstack endpoint listDeployment of the Jakarta-1 Region
- Preparation
# Add Mapping Hosts
vim /etc/hosts
---
192.168.1.50 op-bogor-aio
172.16.1.50 op-jakarta-aio
192.168.1.100 op-bgr-rjhaikal.id
172.16.1.100 op-jkt-rjhaikal.id
---
# Install dependency
apt install python3-dev libffi-dev gcc libssl-dev ca-certificates -y
pip3 install docker
# Create Virtual Environment
mkdir openstack && cd openstack
python3 -m venv os-venv
source os-venv/bin/activate
2. Install Ansible & Kolla-Ansible
# Install pip & ansible in virtual environment
pip install -U pip
pip install 'ansible>=4,<6'
# Install kolla-ansible
pip install git+https://opendev.org/openstack/kolla-ansible@stable/zed
# Install Ansible Galaxy dependencies (Zed release onwards):
kolla-ansible install-deps3. Configure Kolla-Ansible
# Create Kolla Folder
sudo mkdir -p /etc/kolla
sudo chown $USER:$USER /etc/kolla
# Copy inventory & yml file kolla
cp -r os-venv/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
cp os-venv/share/kolla-ansible/ansible/inventory/* .
# Configure ansible
mkdir -p /etc/ansible
nano /etc/ansible/ansible.cfg
---
[defaults]
host_key_checking=False
pipelining=True
forks=100
---
# Copy passwords.yml Generated file from bogor-1
scp root@op-bogor-aio:/etc/kolla/passwords.yml /etc/kolla/passwords.yml
# Configure globals.yml
nano /etc/kolla/globals.yml
globals.yaml
---
## BASE
kolla_base_distro: "ubuntu"
kolla_install_type: "source"
openstack_release: "zed"
## NETWORK
kolla_internal_vip_address: "172.16.1.100"
kolla_internal_fqdn: "op-jkt-rjhaikal.id"
network_interface: "ens3"
neutron_external_interface: "ens4"
neutron_plugin_agent: "ovn"
enable_neutron_provider_networks: "yes"
## SERVICE
nova_compute_virt_type: "qemu"
enable_haproxy: "yes"
enable_cinder: "yes"
enable_cinder_backup: "no"
enable_cinder_backend_lvm: "yes"
cinder_volume_group: "openstack_cinder"
keystone_token_provider: "fernet"
enable_keystone: "no"
enable_horizon: "yes"
## REGION
openstack_region_name: "jakarta-1"
multiple_regions_names:
- "{{ openstack_region_name }}"
- "bogor-1"
kolla_internal_fqdn_r1: "op-bgr-rjhaikal.id"
keystone_admin_user: "admin"
keystone_admin_password: "P7NarU30uwjhxd30uxmyzx2EofCBokX4BbSpLH93"
default_user_domain_name: "Default"
keystone_internal_url: "http://op-bgr-rjhaikal.id:5000"
openstack_auth:
auth_url: "{{ keystone_internal_url }}"
username: "{{ keystone_admin_user }}"
password: "{{ keystone_admin_password }}"
user_domain_name: "{{ default_user_domain_name }}"
system_scope: "all"
# Create Service Custom Config
mkdir -p /etc/kolla/config
cat<< EOF > /etc/kolla/config/global.conf
[keystone_authtoken]
www_authenticate_uri = http://op-bgr-rjhaikal.id:5000
auth_url = http://op-bgr-rjhaikal.id:5000
auth_type = password
EOF
cat<< EOF > /etc/kolla/config/nova.conf
[placement]
auth_url = http://op-bgr-rjhaikal.id:5000
auth_type = password
EOF
cat<< EOF > /etc/kolla/config/heat.conf
[trustee]
www_authenticate_uri = http://op-bgr-rjhaikal.id:5000
auth_url = http://op-bgr-rjhaikal.id:5000
[ec2authtoken]
www_authenticate_uri = http://op-bgr-rjhaikal.id:5000
[clients_keystone]
www_authenticate_uri = http://op-bgr-rjhaikal.id:5000
EOF
cat<< EOF > /etc/kolla/config/ceilometer.conf
[service_credentials]
auth_url = http://op-bgr-rjhaikal.id:5000
EOF# Create Cinder Volume
pvcreate /dev/vdb
vgcreate openstack_cinder /dev/vdb
4. Deployment
kolla-ansible -i ./all-in-one certificates
kolla-ansible -i ./all-in-one bootstrap-servers
kolla-ansible -i ./all-in-one prechecks
kolla-ansible -i ./all-in-one deploy
kolla-ansible -i ./all-in-one post-deploy
# Install Openstack Client
pip3 install openstackclient
# Verify Openstack Cluster
cp /etc/kolla/admin-openrc.sh ~/openstack
source ~/openstack/admin-openrc.sh
openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+
| 027b31457db541e39315555af7007149 | bogor-1 | glance | image | True | internal | http://op-bgr-rjhaikal.id:9292 |
| 03e671ada70743c2ad0d9b3ef33991d8 | jakarta-1 | glance | image | True | public | http://op-jkt-rjhaikal.id:9292 |
| 11e3f3f240884607966afa81a91cfb67 | bogor-1 | keystone | identity | True | internal | http://op-bgr-rjhaikal.id:5000 |
| 219ba0ab7cb0429b9be7189983470b05 | bogor-1 | glance | image | True | public | http://op-bgr-rjhaikal.id:9292 |
| 2805102ae5f1499ab04e04f7d748635c | bogor-1 | placement | placement | True | internal | http://op-bgr-rjhaikal.id:8780 |
| 2be87e9e5dc04a4fa9317ab146c9f8f2 | jakarta-1 | heat-cfn | cloudformation | True | public | http://op-jkt-rjhaikal.id:8000/v1 |
| 30e057451ecf450098aebe5ea3117006 | bogor-1 | placement | placement | True | public | http://op-bgr-rjhaikal.id:8780 |
| 3154bab28b1b4967a19686515b6656a8 | bogor-1 | heat-cfn | cloudformation | True | internal | http://op-bgr-rjhaikal.id:8000/v1 |
| 4e0dd0bf20644a66ae0b619b91fedc85 | jakarta-1 | heat | orchestration | True | public | http://op-jkt-rjhaikal.id:8004/v1/%(tenant_id)s |
| 55a8172691894f70951143be916ae8eb | bogor-1 | neutron | network | True | public | http://op-bgr-rjhaikal.id:9696 |
| 57591f8103d9451b9ccec49fe2df2da3 | jakarta-1 | neutron | network | True | public | http://op-jkt-rjhaikal.id:9696 |
| 5d0f71d971dd4579bd8f047fb85bfb84 | bogor-1 | heat | orchestration | True | internal | http://op-bgr-rjhaikal.id:8004/v1/%(tenant_id)s |
| 752f821360fa42d2a4105a8a22b947c1 | bogor-1 | nova | compute | True | public | http://op-bgr-rjhaikal.id:8774/v2.1 |
| 7a4452620dac4a3091373fbeb49f934b | jakarta-1 | cinderv3 | volumev3 | True | internal | http://op-jkt-rjhaikal.id:8776/v3/%(tenant_id)s |
| 7f5b182d90aa443a959ad8a4b1a11ac5 | bogor-1 | heat | orchestration | True | public | http://op-bgr-rjhaikal.id:8004/v1/%(tenant_id)s |
| 887e08610d3047af9a3a718196dddcb6 | jakarta-1 | placement | placement | True | internal | http://op-jkt-rjhaikal.id:8780 |
| 9ecfe294dcec4010b015e31f5b71c1ef | jakarta-1 | cinderv3 | volumev3 | True | public | http://op-jkt-rjhaikal.id:8776/v3/%(tenant_id)s |
| a65d549a30da47ceb610211879519ace | bogor-1 | neutron | network | True | internal | http://op-bgr-rjhaikal.id:9696 |
| b3841d8b89004999a9f5de3fa3855b75 | jakarta-1 | neutron | network | True | internal | http://op-jkt-rjhaikal.id:9696 |
| be03f190466d407caf515bbf5193dc65 | jakarta-1 | keystone | identity | True | internal | http://op-bgr-rjhaikal.id:5000 |
| bf271058f2204070b6c1986867986390 | bogor-1 | nova | compute | True | internal | http://op-bgr-rjhaikal.id:8774/v2.1 |
| d274c3960d894f5a8d6720c165c44bd6 | jakarta-1 | heat-cfn | cloudformation | True | internal | http://op-jkt-rjhaikal.id:8000/v1 |
| d42c86fbbb0f47349496941adf05ed27 | bogor-1 | cinderv3 | volumev3 | True | internal | http://op-bgr-rjhaikal.id:8776/v3/%(tenant_id)s |
| d47f0499b5ce4ea59210ae2bb2bfb63e | jakarta-1 | heat | orchestration | True | internal | http://op-jkt-rjhaikal.id:8004/v1/%(tenant_id)s |
| da0c4828aeac4cb5b0abdb262cd6e347 | bogor-1 | heat-cfn | cloudformation | True | public | http://op-bgr-rjhaikal.id:8000/v1 |
| e18e9112614d4aa4b71b87bb35ec1547 | jakarta-1 | placement | placement | True | public | http://op-jkt-rjhaikal.id:8780 |
| e2727a1a1de24d4a96afec895ddc46c5 | bogor-1 | keystone | identity | True | public | http://op-bgr-rjhaikal.id:5000 |
| e3fd5c6700f5410e95c96f4c1b7b154e | jakarta-1 | glance | image | True | internal | http://op-jkt-rjhaikal.id:9292 |
| e593ff7fc1184a40987aad41faaedbd9 | jakarta-1 | keystone | identity | True | public | http://op-bgr-rjhaikal.id:5000 |
| f6df440d2bb84bcd94fa978fbaea9573 | bogor-1 | cinderv3 | volumev3 | True | public | http://op-bgr-rjhaikal.id:8776/v3/%(tenant_id)s |
| fcb19de8ac29470c8387ec75ff629098 | jakarta-1 | nova | compute | True | public | http://op-jkt-rjhaikal.id:8774/v2.1 |
| fe86e77780b34ef0b0b6eeadbbfab3c7 | jakarta-1 | nova | compute | True | internal | http://op-jkt-rjhaikal.id:8774/v2.1 |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------+Login Test from Bogor-1 Horizon
Login Test from Jakarta-1 Horizon
Centralized Horizon Deployment
- Install Apache2 Web Server and Openstack Dashboard
vim /etc/hosts
---
10.20.10.200 op-horizon op-horizon-rjhaikal.id
192.168.1.50 op-bogor-aio
172.16.1.50 op-jakarta-aio
192.168.1.100 op-bgr-rjhaikal.id
172.16.1.100 op-jkt-rjhaikal.id
---
apt update
apt install apache2 libapache2-mod-wsgi-py3 openstack-dashboard
2. Edit Openstack Dashboard Settings
vim /etc/openstack-dashboard/local_settings.py
---
DEBUG = False
ALLOWED_HOSTS = ['*']
AVAILABLE_REGIONS = [
('http://op-bgr-rjhaikal.id:5000', 'bogor-1'),
('http://op-bgr-rjhaikal.id:5000', 'jakarta-1'),
]
OPENSTACK_HOST = "op-horizon-rjhaikal.id"
OPENSTACK_KEYSTONE_URL = "http://op-bgr-rjhaikal.id:5000/v3"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
TIME_ZONE = "Asia/Jakarta"
OPENSTACK_API_VERSIONS = {
"identity": 3,
}
---3. Edit Openstack Dashboard Configuration for Apache
nano /etc/apache2/conf-enabled/openstack-dashboard.conf
---
WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py process-group=horizon
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py process-group=horizon
WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 display-name=%{GROUP}
WSGIProcessGroup horizon
WSGIApplicationGroup %{GLOBAL}
Alias /static /var/lib/openstack-dashboard/static/
Alias /horizon/static /var/lib/openstack-dashboard/static/
<Directory /usr/share/openstack-dashboard/openstack_dashboard>
Require all granted
</Directory>
<Directory /var/lib/openstack-dashboard/static>
Require all granted
</Directory>
---4. Edit Horizon Virtual Host
nano /etc/apache2/sites-available/horizon.conf
---
<VirtualHost *:80>
ServerName op-horizon-rjhaikal.id
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/openstack-dashboard/openstack_dashboard/
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
---5. Restart Apache2
a2dissite 000-default.conf
a2ensite horizon.conf
systemctl restart apache26. Verify
Change Theme
Reference
Multiple Regions Deployment with Kolla — kolla-ansible 15.1.0.dev80 documentation
Install and configure for Ubuntu — horizon 23.1.0.dev66 documentation
Member discussion