Installing the UndercloudΒΆ
Log in to your machine (baremetal or VM) where you want to install the undercloud as a non-root user (such as the stack user):
ssh <non-root-user>@<undercloud-machine>
Note
If you don’t have a non-root user created yet, log in as root and create one with following commands:
sudo useradd stack sudo passwd stack # specify a password echo "stack ALL=(root) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/stack sudo chmod 0440 /etc/sudoers.d/stack su - stack
Note
The undercloud is intended to work correctly with SELinux enforcing, and cannot be installed to a system with SELinux disabled. If SELinux enforcement must be turned off for some reason, it should instead be set to permissive.
Note
vlan tagged interfaces must follow the if_name.vlan_id convention, like for example: eth0.vlan100 or bond0.vlan120.
Enable needed repositories:
RHEL
Enable optional repo:
sudo yum install -y yum-utils sudo yum-config-manager --enable rhelosp-rhel-7-server-optEnable epel:
sudo yum -y install epel-release
Enable last known good RDO Trunk Delorean repository for core openstack packages
sudo curl -o /etc/yum.repos.d/delorean.repo http://trunk.rdoproject.org/centos7/current-tripleo/delorean.repoEnable latest RDO Trunk Delorean repository only for the TripleO packages
sudo curl -o /etc/yum.repos.d/delorean-current.repo http://trunk.rdoproject.org/centos7/current/delorean.repo sudo sed -i 's/\[delorean\]/\[delorean-current\]/' /etc/yum.repos.d/delorean-current.repo sudo /bin/bash -c "cat <<EOF>>/etc/yum.repos.d/delorean-current.repo includepkgs=diskimage-builder,instack,instack-undercloud,os-apply-config,os-cloud-config,os-collect-config,os-net-config,os-refresh-config,python-tripleoclient,tripleo-common,openstack-tripleo-heat-templates,openstack-tripleo-image-elements,openstack-tripleo,openstack-tripleo-puppet-elements,openstack-puppet-modules EOF"Enable the Delorean Deps repository
sudo curl -o /etc/yum.repos.d/delorean-deps.repo http://trunk.rdoproject.org/centos7/delorean-deps.repoStable Branch
Skip all repos mentioned above, other than epel-release which is still required.
Enable latest RDO Stable Delorean repository for all packages
sudo curl -o /etc/yum.repos.d/delorean-liberty.repo https://trunk.rdoproject.org/centos7-liberty/current/delorean.repoEnable the Delorean Deps repository
sudo curl -o /etc/yum.repos.d/delorean-deps-liberty.repo http://trunk.rdoproject.org/centos7-liberty/delorean-deps.repo
Install the yum-plugin-priorities package so that the Delorean repository takes precedence over the main RDO repositories:
sudo yum -y install yum-plugin-priorities
Install the TripleO CLI, which will pull in all other necessary packages as dependencies:
sudo yum install -y python-tripleoclient
Run the script to install the undercloud:
Source
Git checkouts of the puppet modules can be used instead of packages. Export the following environment variable:
export DIB_INSTALLTYPE_puppet_modules=sourceIt is also possible to use this functionality to use an in-progress review as part of the undercloud install. See Using an In-Progress Review for details.
SSL
To enable SSL on the undercloud, you must set the
undercloud_service_certificate
option inundercloud.conf
to an appropriate certificate file. Important: The certificate file’s Common Name must be set to the value ofundercloud_public_vip
in undercloud.conf.If you do not have a trusted CA signed certificate file, you can alternatively generate a self-signed certificate file using the following commands:
openssl genrsa -out privkey.pem 2048The next command will prompt for some identification details. Most of these don’t matter, but make sure the
Common Name
entered matches the value ofundercloud_public_vip
in undercloud.conf:openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365Combine the two files into one for HAProxy to use. The order of the files in this command matters, so do not change it:
cat cacert.pem privkey.pem > undercloud.pemMove the file to a more appropriate location and set the SELinux context:
sudo mkdir /etc/pki/instack-certs sudo cp undercloud.pem /etc/pki/instack-certs sudo semanage fcontext -a -t etc_t "/etc/pki/instack-certs(/.*)?" sudo restorecon -R /etc/pki/instack-certs
undercloud_service_certificate
should then be set to/etc/pki/instack-certs/undercloud.pem
.Add the self-signed CA certificate to the undercloud system’s trusted certificate store:
sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/ sudo update-ca-trust extractInstall the undercloud:
openstack undercloud install
Once the install has completed, you should take note of the files stackrc
and
undercloud-passwords.conf
. You can source stackrc
to interact with the
undercloud via the OpenStack command-line client. undercloud-passwords.conf
contains the passwords used for each service in the undercloud. These passwords
will be automatically reused if the undercloud is reinstalled on the same system,
so it is not necessary to copy them to undercloud.conf
.
Note
Any passwords set in undercloud.conf
will take precedence over the ones in
undercloud-passwords.conf
.
Note
openstack undercloud install
can be rerun to reapply changes from
undercloud.conf to the undercloud. Note that this should not be done if an
overcloud has already been deployed or is in progress.