ansible无网络安装openstack(Newton)

概要

apt使用本地源，pip使用本地源

网络环境

物理机环境

网络名	网络地址	VLAN
br-ex	192.168.200.250/24	90
br-mgmt	92.0.0.100/24	92

ansible控制主机配置

主机类型	操作系统	配置	角色
KVM虚拟机	ubuntu 16.04 TLS server	内存：2GB 磁盘：30GB 网卡：ens3(br-ex) ens4(br-mgmt)	deploy

| 网络名 | 网络地址 | VLAN | IP |

| ------------ | ------------ | ------------ |

| 管理网络 | 172.29.236.0/22 | 10 | 172.29.236.10/22 |

| 内网网络 | 172.29.248.0/22 | 10 | 172.29.248.10/22 |

| 外网 | 192.168.200.0/24 | - | 192.168.200.13/24 |

网络配置

# vim /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo

iface lo inet loopback

auto ens3

iface ens3 inet static

address 192.168.200.10

netmask 255.255.255.0

gateway 192.168.200.1

dns-nameserver 114.114.114.114

auto ens4

iface ens4 inet manual

auto ens4.10

iface ens4.10 inet manual

vlan-raw-device ens4

auto br-mgmt

iface br-mgmt inet static

address 172.29.236.10

netmask 255.255.252.0

bridge_ports ens4.10

auto br-vlan

iface br-vlan inet static

address 172.29.248.10

netmask 255.255.252.0

bridge_ports ens4

设置阿里源

# vim sources.list

deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted

deb http://mirrors.aliyun.com/ubuntu/ xenial universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted

deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse

# apt-get install aptitude build-essential git ntp ntpdate openssh-server python python-dev sudo debootstrap bridge-utils vlan lxc

# reboot

安装openstack-ansible

# git clone -b 14.1.0 https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible

# cd /opt/openstack-ansible

### 编辑脚本修改export ANSIBLE_PACKAGE="ansible==2.1.4"

# vim scripts/bootstrap-ansible.sh

# scripts/bootstrap-ansible.sh

# ssh-keygen -t rsa

# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

# chmod 600 /root/.ssh/authorized_keys

设置配置文件

# cp -r /opt/openstack-ansible/etc/openstack_deploy/  /etc/

### 生成openstack服务配置文件

# cp /etc/openstack_deploy/openstack_user_config.yml.test.example /etc/openstack_deploy/openstack_user_config.yml

# sed -i -e "s/host_bind_override: \"eth12\"/host_bind_override: \"ens3\"/g" /etc/openstack_deploy/openstack_user_config.yml

# sed -i -e "s/external_lb_vip_address:.*/external_lb_vip_address: 192\.168\.200\.11/g" /etc/openstack_deploy/openstack_user_config.yml

### 用户自定义配置文件

# vim /etc/openstack_deploy/user_variables.yml

openstack_service_publicuri_proto: http

### 使用apt下载rabbitmq-server软件包

rabbitmq_install_method: "distro"

### 使用apt下载Perconah和Qpress软件包

use_percona_upstream： true

galera_server_percona_distro_packages:

  - qpress

  - percona-xtrabackup-22

### 自动生成密码配置文件

# python /opt/openstack-ansible/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml

GIT缓存制作

### 用户自定义配置文件

# vim /etc/openstack_deploy/user_variables.yml

repo_build_git_cache: /opt/git/openstack/

### 脚本详见问题处理---"git缓存相关脚本"

### 克隆代码

# mkdir -p /opt/git/openstack

# python gitclone.py

### 切换分支

# python gitcheckout.py

### 关闭任务- name: Clone git repositories asynchronously的git模块的update

# vim /etc/ansible/roles/repo_build/tasks/repo_clone_git.yml

    update: no

LXC容器模板制作

### 下载容器模板

# apt install lxc

# /usr/bin/lxc-create --name LXC_NAME --template download --bdev dir -- --dist ubuntu --release xenial --arch amd64 --force-cache --server images.linuxcontainers.org --keyserver hkp://keyserver.ubuntu.com:80

### 在"- name: Stat the prepared LXC cache"和"- include: lxc_cache.yml"任务之间添加如下内容

# vim /etc/ansible/roles/lxc_hosts/tasks/main.yml

- name: Synchronise the contents of the LXC cache to the LXC host

  synchronize:

    src: "{{ lxc_container_cache_path }}/"

    dest: "{{ lxc_container_cache_path }}"

  when:

    - "{{ not lxc_cache_stat.stat.exists

          or (lxc_cache_stat.stat.exists

             and lxc_cache_stat.stat.mtime > lxc_cache_timeout) }}"

  tags:

    - always

本地源搭建

将repo服务安装在ansible主机上

# vim /opt/openstack-ansible/playbooks/inventory/env.d/pkg_repo.yml

component_skel:

  pkg_repo:

    belongs_to:

      - repo_all

container_skel:

  repo_container:

    belongs_to:

      - repo-infra_containers

    contains:

      - pkg_repo

    properties:

      service_name: repo

      is_metal: true

# vim /etc/openstack_deploy/openstack_user_config.yml

repo-infra_hosts:

  repo:

    ip: 172.29.236.10

在ansible控制主机上构建本地源

# vim /etc/openstack_deploy/user_variables.yml

repo_pkg_cache_enabled: false

# cd /opt/openstack-ansible/playbooks/

# openstack-ansible repo-install.yml

修改源相关配置文件

### 注释 - include: repo-install.yml

# vim /opt/openstack-ansible/playbooks/setup-infrastructure.yml

### 设置源地址

# vim /etc/openstack_deploy/user_variables.yml

pip_get_pip_options: "--index-url http://172.29.248.10:{{ repo_server_port }}/pools --trusted-host 172.29.248.10"

pip_install_options: "--no-index --find-links http://172.29.248.10:{{ repo_server_port }}/links --trusted-host 172.29.248.10"

openstack_repo_url: "http://172.29.248.10:{{ repo_server_port }}"

openstack_repo_git_url: "git://172.29.248.10"

### 删除galera_client的源检测动作

# sed -i -e "/when: add_repo | changed/d" /etc/ansible/roles/galera_client/tasks/galera_client_install_apt.yml

搭建部分软件APT源镜像

查询openstack-ansible需要添加的额外的apt源

# find /etc/ansible/roles -name "ubuntu-16.04.yml" -o -name "debian.yml" | xargs grep -i ".*repo: \"deb "

### 最终找出的需要添加的apt源

# vim /etc/apt/source.list

deb http://download.ceph.com/debian-hammer/ xenial main

deb http://ubuntu-cloud.archive.canonical.com/ubuntu/ xenial-updates/newton main

deb http://mirror.rackspace.com/mariadb/repo/10.0/ubuntu xenial main

deb http://repo.percona.com/apt xenial main ### 去掉，手动下载deb

查询openstack-ansible需要安装的deb包

# find /etc/ansible/roles -name "ubuntu-16.04.yml" -o -name "debian.yml" | xargs -i awk '/.*_distro_packages:$/ {while(getline){ if($1 == "-") {print $0} else {break} }}' {} | sort -u -o dists.txt

# sed -i -e 's/#.*$//g' dists.txt

# sed -i -e 's/^[ -]*//g' dists.txt

# sed -i -e 's/"{{ galera_mariadb_apt_server_package }}"/mariadb-galera-server/g' dists.txt

# sed -i -e 's/{{ ansible_kernel }}/4\.4\.0-72-generic/g' dists.txt

# awk '{print $1,$2}' dists.txt | sort -u | grep -v nginx-extra | grep -v pvm-novalink > packages.txt

找一台干净的ubuntu server 16.04 TLS对应版本容器内安装debs.txt中的软件并打包缓存

# apt install ubuntu-cloud-keyring

### 添加以下APT源和APT KEY

# vim /etc/apt/source.list

deb http://download.ceph.com/debian-hammer/ xenial main

deb http://ubuntu-cloud.archive.canonical.com/ubuntu/ xenial-updates/newton main

deb http://mirror.rackspace.com/mariadb/repo/10.0/ubuntu xenial main

deb http://repo.percona.com/apt xenial main

### galera_client_gpg_keys:

# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv F1656F24C74CD1D8

### ceph_gpg_keys:

# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv e84ac2c0460f3994

### galera_gpg_keys:

# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9334a25f8507efa5

# apt update

### 方法一（此方式废弃）

# cat packages.txt | xargs -i apt install -y {}

# cd /var/cache/apt/

# tar -acf dists.tar.gz archives

### 方法二

# mkdir archives

# cd archives

# apt install apt-rdepends

# cat packages.txt | xargs apt-rdepends | grep -v ^\ | xargs apt download

# cd ..

# tar -acf dists.tar.gz archives

拷贝打包文件到ansible控制主机，并解压到APT源镜像目录

# mkdir -p /var/www/ubuntu-repo/

# tar -zxf dists.tar.gz

# find archives/ -name *.deb | xargs -i cp {} /var/www/ubuntu-repo/

### 有些软件包apt install不会缓存deb，需要自己手动下载（详见问题处理---"本地APT镜像源deb包缺失"）

配置nginx

# cd /etc/nginx/sites-enabled

# ln -s /etc/nginx/sites-available/default defalut

server {

        listen 80;

        server_name ubuntu-repo;

        access_log /var/log/nginx/openstack-repo.access.log;

        error_log /var/log/nginx/openstack-repo.error.log;

        location / {

                root /var/www/ubuntu-repo/;

                autoindex on;

                expires 5h;

        }

}

# systemctl restart nginx

创建GPG KEY

### 生成随机数

# apt install rng-tools

# rngd -r /dev/urandom

### 创建密钥

# gpg --gen-key

gpg (GnuPG) 1.4.20; Copyright (C) 2015 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

gpg: directory `/root/.gnupg' created

gpg: new configuration file `/root/.gnupg/gpg.conf' created

gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run

gpg: keyring `/root/.gnupg/secring.gpg' created

gpg: keyring `/root/.gnupg/pubring.gpg' created

Please select what kind of key you want:

   (1) RSA and RSA (default)

   (2) DSA and Elgamal

   (3) DSA (sign only)

   (4) RSA (sign only)

Your selection? 4

RSA keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048) 1024

Requested keysize is 1024 bits

Please specify how long the key should be valid.

         0 = key does not expire

      <n>  = key expires in n days

      <n>w = key expires in n weeks

      <n>m = key expires in n months

      <n>y = key expires in n years

Key is valid for? (0)

Key does not expire at all

Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID

from the Real Name, Comment and Email Address in this form:

    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: nocsys

Email address:

Comment:

You selected this USER-ID:

    "nocsys"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

....+++++

.+++++

gpg: /root/.gnupg/trustdb.gpg: trustdb created

gpg: key 48763DD3 marked as ultimately trusted

public and secret key created and signed.

gpg: checking the trustdb

gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model

gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

pub   1024R/48763DD3 2017-04-14

      Key fingerprint = C12C C3A9 6A9D ABDE FC01  CDA9 857F D33B 4876 3DD3

uid                  nocsys

Note that this key cannot be used for encryption.  You may want to use

the command "--edit-key" to generate a subkey for this purpose.

导出key文件

# cd /var/www/ubuntu-repo

# gpg --list-keys

/root/.gnupg/pubring.gpg

------------------------

pub   1024R/D4CB6DF1 2017-04-14

uid                  nocsys

# gpg --output keyFile --armor --export D4CB6DF1

生成Packages.gz、Release、InRelease、Release.gpg文件

### 后期如果需要添加新deb包，将deb包放入/var/www/ubuntu-repo后重新执行下面命令即可

# cd /var/www/ubuntu-repo

# 生成索引文件

# apt-ftparchive packages . > Packages

# gzip -c Packages > Packages.gz

# apt-ftparchive release . > Release

### 输入前面设置的GPG KEY密码

# gpg --clearsign -o InRelease Release

# gpg -abs -o Release.gpg Release

修改haproxy转发方式

### 用户自定义配置文件

# vim /etc/openstack_deploy/user_variables.yml

haproxy_ssl: false

### 将haproxy转发方式由http全部改成tcp，详见问题处理---"haproxy tcp转发配置"

软件包缓存制作

HATop软件包缓存

### 用户自定义配置文件

# vim /etc/openstack_deploy/user_variables.yml

haproxy_hatop_download_url: "http://172.29.248.10:{{ repo_server_port }}/extra/hatop-0.7.7.tar.gz"

下载HATop

# mkdir -p /var/www/repo/extra

# cd /var/www/repo/extra

# wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz

horizon设置

horizon启用https

### 用户自定义配置文件

# vim /etc/openstack_deploy/user_variables.yml

horizon_external_ssl: false

托管主机模板制作

主机类型	操作系统	配置	主机名
KVM虚拟机	ubuntu 16.04 TLS server	内存：4GB 磁盘：80GB 网卡：ens3(br-mgmt)	ubuntu

| 网络名 | 网络地址 | VLAN | IP |

| ------------ | ------------ | ------------ |

| 管理网络 | 172.29.236.0/22 | 10 | 172.29.236.254/22 |

| 内网网络 | 172.29.248.0/22 | 10 | 172.29.248.254/22 |

网络配置

# vim /etc/network/interfaces

auto ens3

iface ens3 inet static

address 172.29.248.254

netmask 255.255.252.0

# reboot

设置ssh免密码登入

# scp root@172.29.248.10:/root/.ssh/id_rsa.pub ./

# cat id_rsa.pub >> ~/.ssh/authorized_keys

# chmod 600 ~/.ssh/authorized_keys

设置软件源

# wget http://172.29.248.10/keyFile

# apt-key add keyFile

# vim /etc/apt/sources.list

deb http://172.29.248.10/ ./

# apt-get install vlan bridge-utils python

重新配置网络

# vim /etc/network/interfaces

auto ens3

iface ens3 inet manual

auto ens3.10

iface ens3.10 inet manual

vlan-raw-device ens3

auto ens3.20

iface ens3.20 inet manual

vlan-raw-device ens3

auto ens3.30

iface ens3.30 inet manual

vlan-raw-device ens3

auto br-mgmt

iface br-mgmt inet static

address 172.29.236.254

netmask 255.255.252.0

bridge_ports ens3.10

auto br-storage

iface br-storage inet static

address 172.29.244.254

netmask 255.255.252.0

bridge_ports ens3.20

auto br-vxlan

iface br-vxlan inet static

address 172.29.240.254

netmask 255.255.252.0

bridge_ports ens3.30

auto br-vlan

iface br-vlan inet static

address 172.29.248.254

netmask 255.255.252.0

bridge_ports ens3

# reboot

备份虚拟机

### 拷贝当前虚拟机qcow2文件

# halt

ansible托管节点环境

主机类型	操作系统	配置	主机名
KVM虚拟机	ubuntu 16.04 TLS server	内存：4GB 磁盘：30GB 网卡：ens3(br-mgmt)	infra1
KVM虚拟机	ubuntu 16.04 TLS server	内存：4GB 磁盘：30GB 网卡：ens3(br-mgmt)	compute1
KVM虚拟机	ubuntu 16.04 TLS server	内存：2GB 磁盘：30GB 网卡：ens3(br-mgmt)	storage1

sched节点配置

| 网络名 | 网络地址 | VLAN | IP |

| ------------ | ------------ | ------------ |

| 管理网络 | 172.29.236.0/22 | 10 | 172.29.236.11/22 |

| 存储网络 | 172.29.244.0/22 | 20 | 172.29.244.11/22 |

| 隧道网络VXLAN | 172.29.240.0/22 | 30 | 172.29.240.11/22 |

| 内网网络 | 172.29.248.0/22 | - | 172.29.248.11/22 |

| 外网网络 | 192.168.200.0/22 | - | 192.168.200.11/22 |

### 使用托管主机模板创建虚拟机，并修改172.29.*.254 => 172.29.*.11

nova节点配置

| 网络名 | 网络地址 | VLAN | IP |

| ------------ | ------------ | ------------ |

| 管理网络 | 172.29.236.0/22 | 10 | 172.29.236.12/22 |

| 存储网络 | 172.29.244.0/22 | 20 | 172.29.244.12/22 |

| 隧道网络VXLAN | 172.29.240.0/22 | 30 | 172.29.240.12/22 |

| 内网网络 | 172.29.248.0/22 | - | 172.29.248.12/22 |

### 使用托管主机模板创建虚拟机，并修改172.29.*.254 => 172.29.*.11

storage节点配置

| 网络名 | 网络地址 | VLAN | IP |

| ------------ | ------------ | ------------ |

| 管理网络 | 172.29.236.0/22 | 10 | 172.29.236.13/22 |

| 存储网络 | 172.29.244.0/22 | 20 | 172.29.244.13/22 |

| 隧道网络VXLAN | 172.29.240.0/22 | 30 | 172.29.240.13/22 |

| 内网网络 | 172.29.248.0/22 | - | 172.29.248.13/22 |

### 使用托管主机模板创建虚拟机，并修改172.29.*.254 => 172.29.*.11

执行openstack-ansible

查询openstack-ansible添加额外软件源的任务位置

### 带文件名

# find /etc/ansible/roles -name "*\.yml"| grep -v "yum" | xargs grep -h -i -e "[a-z|-]*-apt-keys$" -e "[a-z|-]*-repos$" | sort -u

### 不带文件名

# find /etc/ansible/roles -name "*\.yml"| grep -v "yum" | xargs grep -h -i -e "[a-z|-]*-apt-keys$" -e "[a-z|-]*-repos$" | sort -u

    - bird-repos

    - ceph-apt-keys

    - ceph-repos

    - etcd-apt-keys

    - etcd-repos

    - galera-apt-keys

    - galera-client-apt-keys

    - galera-client-repos

    - galera-repos

    - haproxy-apt-keys

    - haproxy-repos

    - keepalived-apt-keys

    - lxc-cache-apt-keys ### 去掉，不可skip

    - novalink-apt-keys

    - percona-repos

    - rabbitmq-apt-keys

    - rabbitmq-repos

    - repo-clone-repos

    - add-repo-keys ### 新增

    - add-uca-repo ### 新增

执行安装

### 使用vnc连入ansible控制主机，断开网络连接

# ifdown ens3

# openstack-ansible setup-hosts.yml --skip-tags "add-repo-keys,add-uca-repo"

# openstack-ansible setup-infrastructure.yml --skip-tags "bird-repos,ceph-apt-keys,ceph-repos,etcd-apt-keys,etcd-repos,galera-apt-keys,galera-repos,galera-client-apt-keys,galera-client-repos,haproxy-apt-keys,haproxy-repos,percona-repos,rabbitmq-apt-keys,rabbitmq-repos,repo-clone-repos,add-repo-keys,add-uca-repo"

# openstack-ansible setup-openstack.yml --skip-tags "bird-repos,ceph-apt-keys,ceph-repos,etcd-apt-keys,etcd-repos,galera-apt-keys,galera-repos,galera-client-apt-keys,galera-client-repos,haproxy-apt-keys,haproxy-repos,percona-repos,rabbitmq-apt-keys,rabbitmq-repos,repo-clone-repos,add-repo-keys,add-uca-repo"

验证安装

# lxc-attach -n infra1_utility_container-72d28be9

# source openrc

# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public

# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

# openstack network create selfservice

# openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 40.0.0.1 --subnet-range 40.0.0.0/24 subnet-selfservice

# openstack network list

# openstack server create --flavor m1.nano --image cirros --nic net-id=5bbf071e-0540-41a3-8318-38903397484b test

# openstack server list

### 直接访问https://192.168.200.11

问题处理

apt update告警

W: GPG error: http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5EDB1B62EC4926EA

E: The repository 'http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/newton Release' is not signed.

解决办法

# apt install ubuntu-cloud-keyring

git缓存相关脚本

### 克隆脚本

# cat gitclone.py

import os,yaml,subprocess,logging

yml_path="/opt/openstack-ansible/playbooks/defaults/repo_packages/"

git_path="/opt/git/openstack/"

def exec_clone(url, path):

    if url:

        print(yml_path+path)

        #if subprocess.call("git clone " + url + " " +  git_path + path, shell=True):

        #    logging.error(url + " git clone failed!")

def analysis_dict(data):

    for value in data.values():

        if isinstance(value, str):

            if value.startswith("https://git"):

                exec_clone(value, value[value.rfind("/") + 1:])

def analysis_yml(name):

    for datas in yaml.load_all(file(yml_path + name, 'r')):

        if isinstance(datas, dict):

            analysis_dict(datas)

        elif isinstance(datas, list):

            for data in datas:

                analysis_dict(data)

        else:

            print(name, " error fomat")

if __name__ == '__main__':

    logging.basicConfig(filename='error.log')

    for name in os.listdir(yml_path):

        if name.endswith(".yml"):

            analysis_yml(name)

### 分支切换脚本

# cat gitcheckout.py

import os,logging,subprocess

git_path = "/opt/git/openstack/"

dirs_stable = [

"ceilometer",

"nova-lxd",

"ironic-ui",

"keystone",

"cinder",

"requirements",

"neutron-vpnaas",

"nova-powervm",

"neutron-lbaas",

"ironic",

"magnum-ui",

"glance",

"sahara-dashboard",

"heat",

"horizon",

"aodh",

"sahara",

"neutron-fwaas",

"neutron",

"neutron-dynamic-routing",

"nova",

"swift",

"magnum"]

dirs_master = [

"felix",

"gnocchi",

"neutron-lbaas-dashboard",

"tempest",

"rally",

"networking-calico",

"novnc",

"spice-html5"]

def exec_checkout(name, master):

    if master:

        if name == 'gnocchi':

            print("git checkout stable/3.0 " + name)

            if subprocess.call("cd "+ git_path + name + " && git checkout stable/3.0", shell=True):

                logging.error(" git checkout stable/3.0 " + name +" failed!")

        elif name == 'felix':

            print("git checkout 1.4.x-series " + name)

            if subprocess.call("cd "+ git_path + name + " && git checkout 1.4.x-series", shell=True):

                logging.error(" git checkout 1.4.x-series " + name +" failed!")

        else:

            print("git checkout master " + name)

            if subprocess.call("cd "+ git_path + name + " && git checkout master", shell=True):

                logging.error(" git checkout master " + name +" failed!")

    else:

        print("git checkout stable/newton " + name)

        if subprocess.call("cd "+ git_path + name + " && git checkout stable/newton", shell=True):

            logging.error(" git checkout stable/newton " + name +" failed!")

if __name__ == '__main__':

    logging.basicConfig(filename='error.log')

    for name in dirs_master:

        exec_checkout(name, True)

    for name in dirs_stable:

        exec_checkout(name, False)

本地APT镜像源deb包缺失

方法一：使用命令apt-get download $(apt-rdepends "${package}" | grep -v ^\ )自动下载，使用软件名替换"${package}"

方法二：自己手动wget

查询地址

在Search package directories栏输入软件包关键字，然后点击搜索
在搜索结果页面的软件包 XXX列表选择对应ubuntu版本
在软件包页面的下载 XXX栏选择对应的硬件架构
最后就可以知道软件的下载子目录，例如 pool/main/g/gdbm/
然后找一台空机器apt install XXX下查看系统安装的软件版本

### 补充缺失的deb包

# cd /var/www/ubuntu-repo/

# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/audit/auditd_2.4.5-1ubuntu2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/audit/libauparse0_2.4.5-1ubuntu2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/a/audit/audispd-plugins_2.4.5-1ubuntu2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libp/libprelude/libprelude2v5_1.0.0-11.7ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/aide/aide_0.16~a2.git20130520-3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libl/liblockfile/liblockfile1_1.09-6ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libl/liblockfile/liblockfile-bin_1.09-6ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/s/ssl-cert/ssl-cert_1.0.37_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/postfix/postfix_3.1.0-3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/b/bsd-mailx/bsd-mailx_8.1.2-0.20160123cvs-2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/aide/aide-common_0.16~a2.git20130520-3_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/t/timelimit/timelimit_1.8.1-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libt/libtomcrypt/libtomcrypt0_1.17-7_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/c/chrony/chrony_2.1.1-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libt/libtommath/libtommath0_0.42.0-1.2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/libf/libfile-fnmatch-perl/libfile-fnmatch-perl_0.02-2build2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/d/debsums/debsums_2.1.2_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/logrotate/logrotate_3.8.7-2ubuntu2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/a/apparmor/apparmor-profiles_2.10.95-0ubuntu2.6_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/u/ubuntu-cloud-keyring/ubuntu-cloud-keyring_2012.08.14_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/python-apt/python-apt-common_1.1.0~beta1build1_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/i/iso-codes/iso-codes_3.65-1_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/x/xz-utils/xz-utils_5.1.1alpha%2b20120614-2ubuntu2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libe/libevent/libevent-2.0-5_2.0.21-stable-2ubuntu0.16.04.1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/perl_5.22.1-9_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/perl-modules-5.22_5.22.1-9_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/perl/libperl5.22_5.22.1-9_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/rename/rename_0.20-4_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gdbm/libgdbm3_1.8.3-13.1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/m/mpfr4/libmpfr4_3.1.4-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.18.4ubuntu1.1_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/patch/patch_2.7.5-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/readline5/libreadline5_5.2%2bdfsg-3build1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pygobject/python3-gi_3.20.0-0ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gobject-introspection/gir1.2-glib-2.0_1.46.0-3ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus-python/python3-dbus_1.2.0-3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/python-apt/python3-apt_1.1.0~beta1build1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gobject-introspection/libgirepository-1.0-1_1.46.0-3ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/glib2.0/libglib2.0-0_2.48.2-0ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus/libdbus-1-3_1.10.6-1ubuntu3.3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/d/dbus-glib/libdbus-glib-1-2_0.106-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/psmisc/psmisc_22.21-2.1build1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gawk/gawk_4.1.3%2bdfsg-0.1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/lsof/lsof_4.89%2bdfsg-0.1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/r/rsync/rsync_3.1.1-3ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libs/libsigsegv/libsigsegv2_2.10-4_amd64.deb

# wget http://repo.percona.com/apt/pool/main/q/qpress/qpress_11-1.xenial_amd64.deb

# wget http://repo.percona.com/apt/pool/main/p/percona-xtrabackup-22/percona-xtrabackup-22_2.2.13-1.vivid_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/universe/e/erlang/erlang-base-hipe_18.3-dfsg-1ubuntu3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/e/erlang/erlang-crypto_18.3-dfsg-1ubuntu3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/e/erlang/erlang-syntax-tools_18.3-dfsg-1ubuntu3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/l/lksctp-tools/libsctp1_1.0.16%2bdfsg-3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/c/curl/curl_7.47.0-1ubuntu2.2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/git/git_2.7.4-0ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/git/git-man_2.7.4-0ubuntu1_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libe/liberror-perl/liberror-perl_0.17-1.2_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gettext/gettext-base_0.19.7-2ubuntu3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libx/libxml2/libxml2_2.9.3%2bdfsg1-1ubuntu0.2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/i/icu/libicu55_55.1-7ubuntu0.1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/gettext/libasprintf0v5_0.19.7-2ubuntu3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libp/libpipeline/libpipeline1_1.4.1-2_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/b/bsdmainutils/bsdmainutils_9.0.6ubuntu3_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/g/groff/groff-base_1.22.3-7_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/s/sgml-base/sgml-base_1.26%2bnmu4ubuntu1_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/x/xml-core/xml-core_0.13%2bnmu2_all.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnetfilter-conntrack/libnetfilter-conntrack3_1.0.5-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnl3/libnl-3-200_3.2.27-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/libn/libnl3/libnl-genl-3-200_3.2.27-1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/n/net-snmp/libsnmp30_5.7.3%2bdfsg-1ubuntu4_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pciutils/libpci3_3.3.1-1.1ubuntu1.1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/p/pycurl/python3-pycurl_7.43.0-1ubuntu1_amd64.deb

# wget http://mirrors.aliyun.com/ubuntu/pool/main/m/man-db/man-db_2.7.5-1_amd64.deb

haproxy tcp转发配置

# cat /opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml

haproxy_default_services:

  - service:

      haproxy_service_name: galera

      haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}"  # list expected

      haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"

      haproxy_port: 3306

      haproxy_balance_type: tcp

      haproxy_timeout_client: 5000s

      haproxy_timeout_server: 5000s

      haproxy_backend_options:

        - "mysql-check user {{ galera_monitoring_user }}"

      haproxy_whitelist_networks: "{{ haproxy_galera_whitelist_networks }}"

  - service:

      haproxy_service_name: glance_api

      haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 9292

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: glance_registry

      haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 9191

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

      haproxy_whitelist_networks: "{{ haproxy_glance_registry_whitelist_networks }}"

  - service:

      haproxy_service_name: gnocchi

      haproxy_backend_nodes: "{{ groups['gnocchi_all'] | default([]) }}"

      haproxy_port: 8041

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: heat_api_cfn

      haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"

      haproxy_port: 8000

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: heat_api_cloudwatch

      haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"

      haproxy_port: 8003

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: heat_api

      haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"

      haproxy_port: 8004

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: keystone_service

      haproxy_backend_nodes: "{{ groups['keystone_all'] | default([])  }}"

      haproxy_port: 5000

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: keystone_admin

      haproxy_backend_nodes: "{{ groups['keystone_all'] | default([])  }}"

      haproxy_port: 35357

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

      haproxy_whitelist_networks: "{{ haproxy_keystone_admin_whitelist_networks }}"

  - service:

      haproxy_service_name: neutron_server

      haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"

      haproxy_port: 9696

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: nova_api_metadata

      haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"

      haproxy_port: 8775

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

      haproxy_whitelist_networks: "{{ haproxy_nova_metadata_whitelist_networks }}"

  - service:

      haproxy_service_name: nova_api_os_compute

      haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 8774

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: nova_console

      haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: "{{ nova_console_port }}"

      haproxy_balance_type: tcp

      haproxy_timeout_client: 60m

      haproxy_timeout_server: 60m

      haproxy_balance_alg: source

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: cinder_api

      haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 8776

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: horizon

      haproxy_backend_nodes: "{{ groups['horizon_all'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 443

      haproxy_balance_type: tcp

      haproxy_balance_alg: source

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: sahara_api

      haproxy_backend_nodes: "{{ groups['sahara_api'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_alg: source

      haproxy_port: 8386

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: swift_proxy

      haproxy_backend_nodes: "{{ groups['swift_proxy'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_balance_alg: source

      haproxy_port: 8080

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: ceilometer_api

      haproxy_backend_nodes: "{{ groups['ceilometer_api_container'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 8777

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: aodh_api

      haproxy_backend_nodes: "{{ groups['aodh_api'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 8042

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

  - service:

      haproxy_service_name: ironic_api

      haproxy_backend_nodes: "{{ groups['ironic_api'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 6385

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - "httpchk GET /"

  - service:

      haproxy_service_name: rabbitmq_mgmt

      haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 15672

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

      haproxy_whitelist_networks: "{{ haproxy_rabbitmq_management_whitelist_networks }}"

  - service:

      haproxy_service_name: magnum

      haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"

      haproxy_ssl: "{{ haproxy_ssl }}"

      haproxy_port: 9511

      haproxy_balance_type: tcp

      haproxy_backend_options:

        - tcp-check

虚拟机创建失败

### 提示No valid host was found. There are not enough hosts available.

解决办法

### 1.openstack的主机名不能相同，要和/etc/openstack_deploy/openstack_user_config.yml里面设置的主机名保持一致，例如infra1、compute1、storage1（感觉可以一样，待验证）

# lxc-attach -n infra1-utility-container-9976aa24

### 确保服务和资源都满足条件，比如内存分配是否充沛

# nova service-list

# nova hypervisor-stats