Ironic 安装和配置详解

转自：http://amar266.blogspot.com/2014/12/ironic-installation-and-configuration.html

1.Install Openstack With Neutron

2.Create and delete vm to test the setup

3.Configure existing setup for ironic

3.1.Configure ironic user in keystone

 # keystone user-create --name=ironic --pass=IRONIC_PASSWORD   --email=ironic@example.com
 # keystone user-role-add --user=ironic --tenant=service --role=admin

3.2.Register ironic with keystone

 # keystone service-create --name=ironic --type=baremetal --description="Ironic bare metal provisioning service"
 # keystone endpoint-create  --service-id=the_service_id_above --publicurl=http://IRONIC_NODE:6385 --internalurl=http://IRONIC_NODE:6385 --  adminurl=http://IRONIC_NODE:6385 

3.3.Setup DataBase

 # mysql -u root -p
 mysql> CREATE DATABASE ironic CHARACTER SET utf8;
 mysql> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'localhost' \
 IDENTIFIED BY 'IRONIC_DBPASSWORD';
 mysql> GRANT ALL PRIVILEGES ON ironic.* TO 'ironic'@'%' \
 IDENTIFIED BY 'IRONIC_DBPASSWORD';

3.4.The Bare Metal Service is configured via its configuration file.

This file is typically located at /etc/ironic/ironic.conf.

[DEFAULT]
enabled_drivers = pxe_ipmitool
debug=True
auth_strategy=keystone
log_dir=/var/log/ironic/
rabbit_host=<rabbitmq_server>
[api]
port=
[conductor]
[database]
connection = mysql://ironic:ironic@<database_server>/ironic?charset=utf8
[glance]
glance_host=<glance_server>
glance_port=
glance_protocol=http
glance_num_retries=
auth_strategy=keystone
[ipmi]
[keystone_authtoken]
signing_dir = /var/cache/ironic/api
admin_password = ironic
admin_user = ironic
admin_tenant_name = service
auth_uri = http://<keystone_server>:5000/v2.0
identity_uri = http://<keystone_server>:35357
auth_protocol = http
auth_port =
auth_host = <keystone_server>
admin_token = token123
[matchmaker_redis]
[matchmaker_ring]
[neutron]
url=http://<neutron_server>:9696
[pxe]
[rpc_notifier2]
[seamicro]
[ssh]
[ssl]

3.5.Create the Bare Metal Service database tables:

#ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema 

3.6.Restart the Bare Metal Service:

#service ironic-api restart
#service ironic-conductor restart 

3.7.Configure the compute service

compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
compute_driver=ironic.nova.virt.ironic.IronicDriver
scheduler_host_manager=ironic.nova.scheduler.ironic_host_manager.IronicHostManager
ram_allocation_ratio=1.0
reserved_host_memory_mb=

[ironic]

# Ironic keystone admin name
admin_username=ironic

#Ironic keystone admin password.
admin_password=ironic

# keystone API endpoint
admin_url=http://<keystone_server>:35357/v2.0

# Ironic keystone tenant name.
admin_tenant_name=service

# URL for Ironic API endpoint.
api_endpoint=http://<ironic_api_server>:6385/v1

3.8.Restart Nova services

#service nova-scheduler restart
#service nova-compute restart

3.9.Configure Neutron

3.9.1.Edit /etc/neutron/plugins/ml2/ml2_conf.ini and modify these:

[ml2]
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = physnet1

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

[ovs]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-em2
# Replace eth2 with the interface on the neutron node which you
# are using to connect to the bare metal server 

3.9.2.Add the integration bridge to Open vSwitch:

#ovs-vsctl add-br br-int

3.9.3.Create the br-eth2 network bridge to handle communication between the OpenStack (and Bare Metal services) and the bare metal nodes using eth2. Replace eth2 with the interface on the neutron node which you are using to connect to the Bare Metal Service:

# ovs-vsctl add-br br-em2
# ovs-vsctl add-port br-em2 em2

3.9.4.Restart the Open vSwitch agent:

 

#service neutron-plugin-openvswitch-agent restart
#ovs-vsctl show
            Bridge br-ex
                Port "em1"
                    Interface "em1"
                Port br-ex
                    Interface br-ex
                        type: internal
            Bridge br-int
                Port "int-br-em2"
                    Interface "int-br-em2"
                Port br-int
                    Interface br-int
                        type: internal
            Bridge "br-em2"
                Port "br-em2"
                    Interface "br-em2"
                        type: internal
                Port "phy-br-em2"
                    Interface "phy-br-em2"
                Port "em2"
                    Interface "em2"
            ovs_version: "2.0.1"

     
3.9.5.Create the flat network on which you are going to launch the instances:

#neutron net-create --tenant-id $TENANT_ID sharednet1 --shared --provider:network_type flat --provider:physical_network physnet1

3.9.6.Create subnet

#neutron subnet-create sharednet1 --gateway <GateWay> <Network_CIDR> --name subnet1 

3.10.Bare Metal provisioning requires two sets of images: the deploy images and the user images.

The disk-image-builder can be used to create images required for deployment and the actual OS which the user is going to run.

 

3.10.1.Clone the project and run the subsequent commands from the project directory:

#git clone https://github.com/openstack/diskimage-builder.git
#cd diskimage-builder

3.10.2.Build the image your users will run (Ubuntu image has been taken as an example):

#bin/disk-image-create -u ubuntu -o my-image

The above command creates my-image.qcow2 file. If you want to use Fedora image, replace ubuntu with fedora in the above command.

3.10.3.Extract the kernel & ramdisk:

 

#bin/disk-image-get-kernel -d ./ -o my -i $(pwd)/my-image.qcow2

The above command creates my-vmlinuz and my-initrd files. These images are used while deploying the actual OS the users will run, my-image in our case.

 

3.10.4.Build the deploy image:

#bin/ramdisk-image-create ubuntu deploy-ironic  -o my-deploy-ramdisk

The above command creates my-deploy-ramdisk.kernel and my-deploy-ramdisk.initramfs files which are used initially for preparing the server (creating disk partitions) before the actual OS deploy. If you want to use a Fedora image, replace ubuntu with fedora in the above command.

3.10.5.Add the user images to glance

Load all the images created in the below steps into Glance, and note the glance image UUIDs for each one as it is generated.

3.10.6.Add the kernel and ramdisk images to glance:

#glance image-create --name my-kernel --public  --disk-format aki  < my-vmlinuz

3.10.7.Store the image uuid obtained from the above step as $MY_VMLINUZ_UUID.

#glance image-create --name my-ramdisk --public --disk-format ari  < my-initrd

Store the image UUID obtained from the above step as $MY_INITRD_UUID.

3.10.8.Add the my-image to glance which is going to be the OS that the user is going to run. Also associate the above created images with this OS image.

These two operations can be done by executing the following command:

#glance image-create --name my-image --public --disk-format qcow2 --container-format bare --property kernel_id=$MY_VMLINUZ_UUID --property      ramdisk_id=$MY_INITRD_UUID < my-image

3.10.9.Add the deploy images to glance

Add the my-deploy-ramdisk.kernel and my-deploy-ramdisk.initramfs images to glance:

# glance image-create --name deploy-vmlinuz --public --disk-format aki < my-deploy-ramdisk.kernel

Store the image UUID obtained from the above step as $DEPLOY_VMLINUZ_UUID.

# glance image-create --name deploy-initrd --public --disk-format ari < my-deploy-ramdisk.initramfs

Store the image UUID obtained from the above step as $DEPLOY_INITRD_UUID.

3.11.You’ll need to create a special Bare Metal flavor in Nova.

The flavor is mapped to the bare metal server through the hardware specifications.

Change these to match your hardware

 RAM_MB=
 CPU=
 DISK_GB=
 ARCH={i686|x86_64}

 3.11.1.Create the baremetal flavor by executing the following command:

 #nova flavor-create my-baremetal-flavor auto $RAM_MB $DISK_GB $CPU
 #nova flavor-key my-baremetal-flavor set cpu_arch=$ARCH "baremetal:deploy_kernel_id"=$DEPLOY_VMLINUZ_UUID "baremetal:deploy_ramdisk_id"=$DEPLOY_INITRD_UUID

3.12. Create node in ironic

# ironic node-create -d pxe_ipmitool -i ipmi_address=<ipmi_address> -i ipmi_username=<ipmi_username> -i ipmi_password=<ipmi_password>
# ironic node-update $NODE_UUID add driver_info/pxe_deploy_kernel=$DEPLOY_VMLINUZ_UUID driver_info/pxe_deploy_ramdisk=$DEPLOY_INITRD_UUID
# ironic port-create -n <node_id> -a<mac_id of server> 

3.13.If you will be using PXE, it needs to be set up on the Bare Metal Service node(s) where ironic-conductor is running.

Make sure the tftp root directory exist and can be written to by the user the ironic-conductor is running as. For example:

#sudo mkdir -p /tftpboot
#sudo chown -R ironic -p /tftpboot

Install tftp server and the syslinux package with the PXE boot images:
Ubuntu:

#sudo apt-get install tftpd-hpa syslinux syslinux-common

Fedora/RHEL:

#sudo yum install tftp-server syslinux-tftpboot
#Setup tftp server to serve /tftpboot.

Copy the PXE image to /tftpboot. The PXE image might be found at [1]:
Ubuntu:

#sudo cp /usr/lib/syslinux/pxelinux. /tftpboot
#Go to /etc/defaults/tftp-hpa remove everything and paste following
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="[::]:69"
#TFTP_OPTIONS="--secure"
TFTP_OPTIONS="--map-file /tftpboot/map-file -v -v -v -v"

To be able to access absolute path on tftp do following steps
Create a map file in /tftpboot/map-file

r ^([^/]) /tftpboot/\

tftp service should be running like below

/usr/sbin/in.tftpd --listen --user tftp --address [::]: --map-file /tftpboot/map-file -v -v -v -v /tftpboot

3.14.IPMI support

If using the IPMITool driver, the ipmitool command must be present on the service node(s) where ironic-conductor is running. On most distros, this is provided as part of the ipmitool package. Source code is available at http://ipmitool.sourceforge.net/

Note that certain distros, notably Mac OS X and SLES, install openipmi instead of ipmitool by default. THIS DRIVER IS NOT COMPATIBLE WITH openipmi AS IT RELIES ON ERROR HANDLING OPTIONS NOT PROVIDED BY THIS TOOL.

Check that you can connect to and authenticate with the IPMI controller in your bare metal server by using ipmitool:

ipmitool -I lanplus -H <ip-address> -U <username> -P <password> chassis power status

3.15.Test Setup with nova

nova boot --flavor baremetal --key-name mykey --image my-image  --nic net-id=d3b9b3c5-378e-493b--22c17433c23a   bm1

3.16. Debug commands

3.16.1.Sometimes vm goes in error state and does not got deleted ,for that run following command in ironic

  

 ironic node-update 0d78301c-2d78-42e0-b14d-4a031e5a7cd4 remove instance_uuid

3.16.2.Always Check the node is not in maintenance mode if it is in maintenance mode then remove it
 

  ironic node-update 0d78301c-2d78-42e0-b14d-4a031e5a7cd4 replace maintenance=False