-
Mark Goddard authored
Docker is now always installed using the community edition (CE) packages. Change-Id: I8c3fe44fd9d2da99b5bb1c0ec3472d7e1b5fb295
Mark Goddard authoredDocker is now always installed using the community edition (CE) packages. Change-Id: I8c3fe44fd9d2da99b5bb1c0ec3472d7e1b5fb295
Bootstrapping Servers
Kolla-ansible provides support for bootstrapping host configuration prior to
deploying containers via the bootstrap-servers subcommand. This includes
support for the following:
- Customisation of
/etc/hosts - Creation of user and group
- Kolla configuration directory
- Package installation and removal
- Docker engine installation and configuration
- Disabling firewalls
- Creation of Python virtual environment
- Configuration of Apparmor
- Configuration of SELinux
- Configuration of NTP daemon
All bootstrapping support is provided by the baremetal Ansible role.
Running the command
The base command to perform a bootstrap is:
kolla-ansible bootstrap-servers -i INVENTORYFurther options may be necessary, as described in the following sections.
Initial bootstrap considerations
The nature of bootstrapping means that the environment that Ansible executes in during the initial bootstrap may look different to that seen after bootstrapping is complete. For example:
- The
kolla_useruser account may not yet have been created. If this is normally used as theansible_userwhen executing Kolla Ansible, a different user account must be used for bootstrapping. - The Python virtual environment may not exist. If a virtualenv is normally
used as the
ansible_python_interpreterwhen executing Kolla Ansible, the system python interpreter must be used for bootstrapping.
Each of these variables may be passed via the -e argument to Kolla Ansible
to override the inventory defaults:
kolla-ansible bootstrap-servers -i INVENTORY -e ansible_user=<bootstrap user> -e ansible_python_interpreter=/usr/bin/pythonSubsequent bootstrap considerations
It is possible to run the bootstrapping process against a cloud that has already been bootstrapped, for example to apply configuration from a newer release of Kolla Ansible. In this case, further considerations should be made.
It is possible that the Docker engine package will be updated. This will cause the Docker engine to restart, in addition to all running containers. There are three main approaches to avoiding all control plane services restarting simultaneously.
The first option is to use the --limit command line argument to apply the
command to hosts in batches, ensuring there is always a quorum for clustered
services (e.g. MariaDB):
kolla-ansible bootstrap-servers -i INVENTORY --limit controller0,compute[0-1]
kolla-ansible bootstrap-servers -i INVENTORY --limit controller1,compute[2-3]
kolla-ansible bootstrap-servers -i INVENTORY --limit controller2,compute[4-5]The second option is to execute individual plays on hosts in batches:
kolla-ansible bootstrap-servers -i INVENTORY -e kolla_serial=30%The last option is to use the Docker live-restore configuration option to
avoid restarting containers when the Docker engine is restarted. There have
been issues reported with using this option however, so use it at your own
risk.
Ensure that any operation that causes the Docker engine to be updated has been tested, particularly when moving from legacy Docker packages to Docker Community Edition. See :ref:`bootstrap-servers-docker-package-repos` for details.
Customisation of /etc/hosts
This is optional, and enabled by customize_etc_hosts, which is true by
default.
- Ensures that
localhostis in/etc/hosts - Adds an entry for the IP of the API interface of each host to
/etc/hosts.
Creation of user and group
This is optional, and enabled by create_kolla_user, which is true by
default.
- Ensures that a group exists with the name defined by the variable
kolla_groupwith defaultkolla. - Ensures that a user exists with the name defined by the variable
kolla_userwith defaultkolla. The user's primary group is defined bykolla_group. The user is added to thesudogroup. - An SSH public key is authorised for
kolla_user. The key is defined by thepublic_keyvalue of thekolla_ssh_keymapping variable, typically defined inpasswords.yml. - If the
create_kolla_user_sudoersvariable is set, a sudoers profile will be configured forkolla_user, which grants passwordless sudo.
Kolla configuration directory
Kolla ansible service configuration is written to hosts in a directory defined
by node_config_directory, which by default is /etc/kolla/. This
directory will be created. If create_kolla_user is set, the owner and group
of the directory will be set to kolla_user and kolla_group
respectively.
Package installation and removal
Lists of packages are defined for installation and removal. On Debian family
systems, these are defined by debian_pkg_install and
ubuntu_pkg_removals respectively. On Red Hat family systems, these are
defined by redhat_pkg_install and redhat_pkg_removals respectively.