Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 4. Installing the Undercloud

The first step to creating your Red Hat OpenStack Platform environment is to install the director on the undercloud system. This involves a few prerequisite steps to enable the necessary subscriptions and repositories.

4.1. Creating a Director Installation User
Link kopieren

The director installation process requires a non-root user to execute commands. Use the following commands to create the user named stack and set a password: 

[root@director ~]# useradd stack
[root@director ~]# passwd stack  # specify a password
Copy to Clipboard Toggle word wrap

Disable password requirements for this user when using sudo: 

[root@director ~]# echo "stack ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/stack
[root@director ~]# chmod 0440 /etc/sudoers.d/stack
Copy to Clipboard Toggle word wrap

Switch to the new stack user: 

[root@director ~]# su - stack
[stack@director ~]$
Copy to Clipboard Toggle word wrap

Continue the director installation as the stack user.

4.2. Creating Directories for Templates and Images
Link kopieren

The director uses system images and Heat templates to create the overcloud environment. To keep these files organized, we recommend creating directories for images and templates: 

[stack@director ~]$ mkdir ~/images
[stack@director ~]$ mkdir ~/templates
Copy to Clipboard Toggle word wrap

Other sections in this guide use these two directories to store certain files.

4.3. Setting the Hostname for the System
Link kopieren

The director requires a fully qualified domain name for its installation and configuration process. This means you may need to set the hostname of your director’s host. Check the hostname of your host: 

[stack@director ~]$ hostname    # Checks the base hostname
[stack@director ~]$ hostname -f # Checks the long hostname (FQDN)
Copy to Clipboard Toggle word wrap

If either commands do not report the correct hostname or report an error, use hostnamectl to set a hostname: 

[stack@director ~]$ sudo hostnamectl set-hostname manager.example.com
[stack@director ~]$ sudo hostnamectl set-hostname --transient manager.example.com
Copy to Clipboard Toggle word wrap

The director also requires an entry for the system’s hostname and base name in /etc/hosts. For example, if the system is named manager.example.com, then /etc/hosts requires an entry like: 

127.0.0.1   manager.example.com manager localhost localhost.localdomain localhost4 localhost4.localdomain4
Copy to Clipboard Toggle word wrap

4.4. Registering your System
Link kopieren

To install the Red Hat OpenStack Platform director, first register the host system using Red Hat Subscription Manager, and subscribe to the required channels.

  1. Register your system with the Content Delivery Network, entering your Customer Portal user name and password when prompted: 

    [stack@director ~]$ sudo subscription-manager register
    Copy to Clipboard Toggle word wrap

  2. Find the entitlement pool ID for Red Hat OpenStack Platform director. For example: 

    [stack@director ~]$ sudo subscription-manager list --available --all --matches="Red Hat OpenStack"
Subscription Name:   Name of SKU
Provides:            Red Hat Single Sign-On
                     Red Hat Enterprise Linux Workstation
                     Red Hat CloudForms
                     Red Hat OpenStack
                     Red Hat Software Collections (for RHEL Workstation)
                     Red Hat Virtualization
SKU:                 SKU-Number
Contract:            Contract-Number
Pool ID:             Valid-Pool-Number-123456
Provides Management: Yes
Available:           1
Suggested:           1
Service Level:       Support-level
Service Type:        Service-Type
Subscription Type:   Sub-type
Ends:                End-date
System Type:         Physical
    Copy to Clipboard Toggle word wrap

  3. Locate the Pool ID value and attach the Red Hat OpenStack Platform 12 entitlement: 

    [stack@director ~]$ sudo subscription-manager attach --pool=Valid-Pool-Number-123456
    Copy to Clipboard Toggle word wrap

  4. Disable all default repositories, and then enable the required Red Hat Enterprise Linux repositories: 

    [stack@director ~]$ sudo subscription-manager repos --disable=*
[stack@director ~]$ sudo subscription-manager repos --enable=rhel-7-server-rpms --enable=rhel-7-server-extras-rpms --enable=rhel-7-server-rh-common-rpms --enable=rhel-ha-for-rhel-7-server-rpms --enable=rhel-7-server-openstack-12-rpms
    Copy to Clipboard Toggle word wrap

These repositories contain packages the director installation requires.

Important

Only enable the repositories listed in Section 2.5, “Repository Requirements”. Additional repositories can cause package and software conflicts. Do not enable any additional repositories.

Perform an update on your system to make sure you have the latest base system packages: 

[stack@director ~]$ sudo yum update -y
[stack@director ~]$ sudo reboot
Copy to Clipboard Toggle word wrap

The system is now ready for the director installation.

4.5. Installing the Director Packages
Link kopieren

Use the following command to install the required command line tools for director installation and configuration: 

[stack@director ~]$ sudo yum install -y python-tripleoclient
Copy to Clipboard Toggle word wrap

This installs all packages required for the director installation.

If you aim to create an overcloud with Ceph Storage nodes, install the additional ceph-ansible package: 

[stack@director ~]$ sudo yum install -y ceph-ansible
Copy to Clipboard Toggle word wrap

4.6. Configuring the Director
Link kopieren

The director installation process requires certain settings to determine your network configurations. The settings are stored in a template located in the stack user’s home directory as undercloud.conf.

Red Hat provides a basic template to help determine the required settings for your installation. Copy this template to the stack user’s home directory: 

[stack@director ~]$ cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf
Copy to Clipboard Toggle word wrap

The undercloud.conf file contains settings to configure your undercloud. If you omit or comment out a parameter, the undercloud installation uses the default value.

The template contains two sections: [DEFAULT] and [auth]. The [DEFAULT] section contains the following parameters:

undercloud_hostname
Defines the fully qualified host name for the undercloud. If set, the undercloud installation configures all system host name settings. If left unset, the undercloud uses the current host name, but the user must configure all system host name settings appropriately.
local_ip
The IP address defined for the director’s Provisioning NIC. This is also the IP address the director uses for its DHCP and PXE boot services. Leave this value as the default 192.168.24.1/24 unless you are using a different subnet for the Provisioning network, for example, if it conflicts with an existing IP address or subnet in your environment.
network_gateway

The gateway for the overcloud instances. This is the undercloud host, which forwards traffic to the External network. Leave this as the default 192.168.24.1 unless you are either using a different IP address for the director or want to directly use an external gateway.

Note

The director’s configuration script also automatically enables IP forwarding using the relevant sysctl kernel parameter.

undercloud_public_host
The IP address defined for the director’s Public API when using SSL/TLS. This is an IP address for accessing the director endpoints externally over SSL/TLS. The director configuration attaches this IP address to its software bridge as a routed IP address, which uses the /32 netmask.
undercloud_admin_host
The IP address defined for the director’s Admin API when using SSL/TLS. This is an IP address for administration endpoint access over SSL/TLS. The director configuration attaches this IP address to its software bridge as a routed IP address, which uses the /32 netmask.
undercloud_nameservers
A list of DNS nameservers to use for the undercloud hostname resolution.
undercloud_ntp_servers
A list of network time protocol servers to help synchronize the undercloud’s date and time.
undercloud_service_certificate
The location and filename of the certificate for OpenStack SSL/TLS communication. Ideally, you obtain this certificate from a trusted certificate authority. Otherwise generate your own self-signed certificate using the guidelines in Appendix A, SSL/TLS Certificate Configuration. These guidelines also contain instructions on setting the SELinux context for your certificate, whether self-signed or from an authority.
generate_service_certificate
Defines whether to generate an SSL/TLS certificate during the undercloud installation, which is used for the undercloud_service_certificate parameter. The undercloud installation saves the resulting certificate /etc/pki/tls/certs/undercloud-[undercloud_public_vip].pem. The CA defined in the certificate_generation_ca parameter signs this certificate.
certificate_generation_ca
The certmonger nickname of the CA that signs the requested certificate. Only use this option if you have set the generate_service_certificate parameter. If you select the local CA, certmonger extracts the local CA certificate to /etc/pki/ca-trust/source/anchors/cm-local-ca.pem and adds it to the trust chain.
service_principal
The Kerberos principal for the service using the certificate. Only use this if your CA requires a Kerberos principal, such as in FreeIPA.
local_interface

The chosen interface for the director’s Provisioning NIC. This is also the device the director uses for its DHCP and PXE boot services. Change this value to your chosen device. To see which device is connected, use the ip addr command. For example, this is the result of an ip addr command: 

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:75:24:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.178/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 3462sec preferred_lft 3462sec
    inet6 fe80::5054:ff:fe75:2409/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state DOWN
    link/ether 42:0b:c2:a5:c1:26 brd ff:ff:ff:ff:ff:ff
Copy to Clipboard Toggle word wrap

In this example, the External NIC uses eth0 and the Provisioning NIC uses eth1, which is currently not configured. In this case, set the local_interface to eth1. The configuration script attaches this interface to a custom bridge defined with the inspection_interface parameter.

local_mtu
MTU to use for the local_interface.
network_cidr
The network that the director uses to manage overcloud instances. This is the Provisioning network, which the undercloud’s neutron service manages. Leave this as the default 192.168.24.0/24 unless you are using a different subnet for the Provisioning network.
masquerade_network
Defines the network that will masquerade for external access. This provides the Provisioning network with a degree of network address translation (NAT) so that it has external access through the director. Leave this as the default (192.168.24.0/24) unless you are using a different subnet for the Provisioning network.
dhcp_start; dhcp_end
The start and end of the DHCP allocation range for overcloud nodes. Ensure this range contains enough IP addresses to allocate your nodes.
hieradata_override
Path to hieradata override file. If set, the undercloud installation copies this file under /etc/puppet/hieradata and sets it as the first file in the hierarchy. Use this to provide custom configuration to services beyond the undercloud.conf parameters.
net_config_override
Path to network configuration override template. If set, the undercloud uses a JSON format template to configure the networking with os-net-config. This ignores the network parameters set in undercloud.conf. See /usr/share/instack-undercloud/templates/net-config.json.template for an example.
inspection_interface
The bridge the director uses for node introspection. This is custom bridge that the director configuration creates. The LOCAL_INTERFACE attaches to this bridge. Leave this as the default br-ctlplane.
inspection_iprange
A range of IP address that the director’s introspection service uses during the PXE boot and provisioning process. Use comma-separated values to define the start and end of this range. For example, 192.168.24.100,192.168.24.120. Make sure this range contains enough IP addresses for your nodes and does not conflict with the range for dhcp_start and dhcp_end.
inspection_extras
Defines whether to enable extra hardware collection during the inspection process. Requires python-hardware or python-hardware-detect package on the introspection image.
inspection_runbench
Runs a set of benchmarks during node introspection. Set to true to enable. This option is necessary if you intend to perform benchmark analysis when inspecting the hardware of registered nodes. See Section 6.2, “Inspecting the Hardware of Nodes” for more details.
inspection_enable_uefi
Defines whether to support introspection of nodes with UEFI-only firmware. For more information, see Appendix D, Alternative Boot Modes.
enable_node_discovery
Automatically enroll any unknown node that PXE-boots the introspection ramdisk. New nodes use the fake_pxe driver as a default but you can set discovery_default_driver to override. You can also use introspection rules to specify driver information for newly enrolled nodes.
discovery_default_driver
Sets the default driver for automatically enrolled nodes. Requires enable_node_discovery enabled and you must include the driver in the enabled_drivers list. See Appendix B, Power Management Drivers for a list of supported drivers.
undercloud_debug
Sets the log level of undercloud services to DEBUG. Set this value to true to enable.
undercloud_update_packages
Defines whether to update packages during the undercloud installation.
enable_tempest
Defines whether to install the validation tools. The default is set to false, but you can can enable using true.
enable_telemetry
Defines whether to install OpenStack Telemetry services (ceilometer, aodh, panko, gnocchi) in the undercloud. In Red Hat OpenStack Platform 12, the metrics backend for telemetry is provided by gnocchi. Setting enable_telemetry parameter to true will install and set up telemetry services automatically. The default value is false, which disables telemetry on the undercloud. This parameter is required if using other products that consume metrics data, such as Red Hat CloudForms.
enable_ui
Defines Whether to install the director’s web UI. This allows you to perform overcloud planning and deployments through a graphical web interface. For more information, see Chapter 7, Configuring a Basic Overcloud with the Web UI. Note that the UI is only available with SSL/TLS enabled using either the undercloud_service_certificate or generate_service_certificate.
enable_validations
Defines whether to install the requirements to run validations.
enable_legacy_ceilometer_api
Defines whether to enable legacy OpenStack Telemetry service (Ceilometer) API in the Undercloud. Note the legacy API is deprecated and will be removed in a future release. Please use the newer components installed with enable_telemetry.
enable_novajoin
Defines whether to install the novajoin metadata service in the Undercloud.
ipa_otp
Defines the one time password to register the Undercloud node to an IPA server. This is required when enable_novajoin is enabled.
ipxe_enabled
Defines whether to use iPXE or standard PXE. The default is true, which enables iPXE. Set to false to set to standard PXE. For more information, see Appendix D, Alternative Boot Modes.
scheduler_max_attempts
Maximum number of times the scheduler attempts to deploy an instance. Keep this greater or equal to the number of bare metal nodes you expect to deploy at once to work around potential race condition when scheduling.
clean_nodes
Defines whether to wipe the hard drive between deployments and after introspection.
enabled_drivers
A list of bare metal drivers to enable for the undercloud. See Appendix B, Power Management Drivers for a list of supported drivers.

The [auth] section contains the following parameters:

undercloud_db_password; undercloud_admin_token; undercloud_admin_password; undercloud_glance_password; etc

The remaining parameters are the access details for all of the director’s services. No change is required for the values. The director’s configuration script automatically generates these values if blank in undercloud.conf. You can retrieve all values after the configuration script completes.

Important

The configuration file examples for these parameters use <None> as a placeholder value. Setting these values to <None> leads to a deployment error.

Modify the values for these parameters to suit your network. When complete, save the file and run the following command: 

[stack@director ~]$ openstack undercloud install
Copy to Clipboard Toggle word wrap

This launches the director’s configuration script. The director installs additional packages and configures its services to suit the settings in the undercloud.conf. This script takes several minutes to complete.

The configuration script generates two files when complete:

  • undercloud-passwords.conf - A list of all passwords for the director’s services.
  • stackrc - A set of initialization variables to help you access the director’s command line tools.

The configuration also starts all OpenStack Platform services automatically. Check the enabled services using the following command: 

[stack@director ~]$ sudo systemctl list-units openstack-*
Copy to Clipboard Toggle word wrap

The installation also adds the stack user to the docker group so the stack user has access to container management commands. Refresh the stack user’s permissions with the following command: 

[stack@director ~]$ exec su -l stack
Copy to Clipboard Toggle word wrap

The command prompts you to log in again. Enter the stack user’s password.

To initialize the stack user to use the command line tools, run the following command: 

[stack@director ~]$ source ~/stackrc
Copy to Clipboard Toggle word wrap

The prompt now indicates OpenStack commands authenticate and execute against the undercloud; 

(undercloud) [stack@director ~]$
Copy to Clipboard Toggle word wrap

You can now use the director’s command line tools.

4.7. Obtaining Images for Overcloud Nodes
Link kopieren

The director requires several disk images for provisioning overcloud nodes. This includes:

  • An introspection kernel and ramdisk - Used for bare metal system introspection over PXE boot.
  • A deployment kernel and ramdisk - Used for system provisioning and deployment.
  • An overcloud kernel, ramdisk, and full image - A base overcloud system that is written to the node’s hard disk.

Obtain these images from the rhosp-director-images and rhosp-director-images-ipa packages: 

(undercloud) [stack@director ~]$ sudo yum install rhosp-director-images rhosp-director-images-ipa
Copy to Clipboard Toggle word wrap

Extract the archives to the images directory on the stack user’s home (/home/stack/images): 

(undercloud) [stack@director ~]$ cd ~/images
(undercloud) [stack@director images]$ for i in /usr/share/rhosp-director-images/overcloud-full-latest-12.0.tar /usr/share/rhosp-director-images/ironic-python-agent-latest-12.0.tar; do tar -xvf $i; done
Copy to Clipboard Toggle word wrap

Import these images into the director: 

(undercloud) [stack@director images]$ openstack overcloud image upload --image-path /home/stack/images/
Copy to Clipboard Toggle word wrap

This uploads the following images into the director: bm-deploy-kernel, bm-deploy-ramdisk, overcloud-full, overcloud-full-initrd, overcloud-full-vmlinuz. These are the images for deployment and the overcloud. The script also installs the introspection images on the director’s PXE server.

View a list of the images in the CLI: 

(undercloud) [stack@director images]$ openstack image list
+--------------------------------------+------------------------+
| ID                                   | Name                   |
+--------------------------------------+------------------------+
| 765a46af-4417-4592-91e5-a300ead3faf6 | bm-deploy-ramdisk      |
| 09b40e3d-0382-4925-a356-3a4b4f36b514 | bm-deploy-kernel       |
| ef793cd0-e65c-456a-a675-63cd57610bd5 | overcloud-full         |
| 9a51a6cb-4670-40de-b64b-b70f4dd44152 | overcloud-full-initrd  |
| 4f7e33f4-d617-47c1-b36f-cbe90f132e5d | overcloud-full-vmlinuz |
+--------------------------------------+------------------------+
Copy to Clipboard Toggle word wrap

This list will not show the introspection PXE images. The director copies these files to /httpboot. 

(undercloud) [stack@director images]$ ls -l /httpboot
total 341460
-rwxr-xr-x. 1 root              root                5153184 Mar 31 06:58 agent.kernel
-rw-r--r--. 1 root              root              344491465 Mar 31 06:59 agent.ramdisk
-rw-r--r--. 1 ironic-inspector  ironic-inspector        337 Mar 31 06:23 inspector.ipxe
Copy to Clipboard Toggle word wrap
Note

The default overcloud-full.qcow2 image is a flat partition image. However, you can also import and use whole disk images. See Appendix C, Whole Disk Images for more information.

4.8. Setting a Nameserver on the Undercloud’s Neutron Subnet
Link kopieren

If you intend for the overcloud to resolve external hostnames, such as cdn.redhat.com, it is recommended to set a nameserver on the overcloud nodes. For a standard overcloud without network isolation, the nameserver is defined using the undercloud’s neutron subnet. Use the following commands to define nameservers for the environment: 

(undercloud) [stack@director images]$ openstack subnet list
(undercloud) [stack@director images]$ openstack subnet set --dns-nameserver [nameserver1-ip] --dns-nameserver [nameserver2-ip] [subnet-uuid]
Copy to Clipboard Toggle word wrap

View the subnet to verify the nameserver: 

(undercloud) [stack@director images]$ openstack subnet show [subnet-uuid]
+-------------------+-----------------------------------------------+
| Field             | Value                                         |
+-------------------+-----------------------------------------------+
| ...               |                                               |
| dns_nameservers   | 8.8.8.8                                       |
| ...               |                                               |
+-------------------+-----------------------------------------------+
Copy to Clipboard Toggle word wrap
Important

If you aim to isolate service traffic onto separate networks, the overcloud nodes use the DnsServer parameter in your network environment files.

4.9. Backing Up the Undercloud
Link kopieren

Red Hat provides a process to back up important data from the undercloud host and the Red Hat OpenStack Platform director. For more information about undercloud backups, see the "Back Up and Restore the Director Undercloud" guide.

4.10. Completing the Undercloud Configuration
Link kopieren

This completes the undercloud configuration. The next chapter explores basic overcloud configuration, including registering nodes, inspecting them, and then tagging them into various node roles.

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat