(DEPRECATED) Installing the Undercloud

Note

Instack-undercloud is deprecated in Rocky cycle. Containerized undercloud should be installed instead. See Containers based Undercloud Deployment for backward compatibility related information.

Note

Please ensure all your nodes (undercloud, compute, controllers, etc) have their internal clock set to UTC in order to prevent any issue with possible file future-dated timestamp if hwclock is synced before any timezone offset is applied.

  1. Log in to your machine (baremetal or VM) where you want to install the undercloud as a non-root user (such as the stack user):

    ssh <non-root-user>@<undercloud-machine>
    

    Note

    If you don’t have a non-root user created yet, log in as root and create one with following commands:

    sudo useradd stack
    sudo passwd stack  # specify a password
    
    echo "stack ALL=(root) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/stack
    sudo chmod 0440 /etc/sudoers.d/stack
    
    su - stack
    

    Note

    The undercloud is intended to work correctly with SELinux enforcing. Installations with the permissive/disabled SELinux are not recommended. The undercloud_enable_selinux config option controls that setting.

    Note

    vlan tagged interfaces must follow the if_name.vlan_id convention, like for example: eth0.vlan100 or bond0.vlan120.

    Baremetal

    Ensure that there is a FQDN hostname set and that the $HOSTNAME environment variable matches that value. The easiest way to do this is to set the undercloud_hostname option in undercloud.conf before running the install. This will allow the installer to configure all of the hostname- related settings appropriately.

    Alternatively the hostname settings can be configured manually, but this is strongly discouraged. The manual steps are as follows:

    sudo hostnamectl set-hostname myhost.mydomain
    sudo hostnamectl set-hostname --transient myhost.mydomain
    

    An entry for the system’s FQDN hostname is also needed in /etc/hosts. For example, if the system is named myhost.mydomain, /etc/hosts should have an entry like:

    127.0.0.1   myhost.mydomain myhost
    
  2. Enable needed repositories:

    RHEL

    Enable optional repo:

    sudo yum install -y yum-utils
    sudo yum-config-manager --enable rhelosp-rhel-7-server-opt
    

    Note

    Python3 is required for current releases of OpenStack which is supported on CentOS Stream 8.

    1. Download and install the python-tripleo-repos RPM from the appropriate RDO repository

      CentOS Strem 8

      Current Centos 8 RDO repository.

      sudo dnf install -y https://trunk.rdoproject.org/centos8/component/tripleo/current/python3-tripleo-repos-<version>.el8.noarch.rpm
      

      Note

      tripleo-repos removes any repositories that it manages before each run. This means all repositories must be specified in a single tripleo-repos call. As an example, the correct way to install the current and ceph repos is to run tripleo-repos current ceph, not two separate calls.

    1. Run tripleo-repos to install the appropriate repositories. The option below will enable the latest master TripleO packages, the latest promoted packages for all other OpenStack services and dependencies and the latest stable Ceph packages. There are other repository configurations available in tripleo-repos, see its --help output for details.

      sudo -E tripleo-repos current-tripleo-dev ceph
      
  3. Install the TripleO CLI, which will pull in all other necessary packages as dependencies:

    sudo yum install -y python-tripleoclient
    

    Ceph

    If you intend to deploy Ceph in the overcloud, or configure the overcloud to use an external Ceph cluster, and are running Pike or newer, then install ceph-ansible on the undercloud:

    sudo yum install -y ceph-ansible
    
  4. Prepare the configuration file:

    cp /usr/share/python-tripleoclient/undercloud.conf.sample ~/undercloud.conf
    

    It is backwards compatible with non-containerized instack underclouds.

    Stable Branch

    For a non-containerized undercloud, copy in the sample configuration file and edit it to reflect your environment:

    cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf
    

    Note

    There is a tool available that can help with writing a basic undercloud.conf: Undercloud Configuration Wizard It takes some basic information about the intended overcloud environment and generates sane values for a number of the important options.

  5. (OPTIONAL) Generate configuration for preparing container images

    As part of the undercloud install, an image registry is configured on port 8787. This is used to increase reliability of overcloud image pulls, and minimise overall network transfers. The undercloud registry will be populated with images required by the undercloud by generating the following containers-prepare-parameter.yaml file and including it in undercloud.conf: container_images_file=$HOME/containers-prepare-parameter.yaml:

    openstack tripleo container image prepare default \
      --local-push-destination \
      --output-env-file ~/containers-prepare-parameter.yaml
    

    Note

    This command is available since Rocky.

    See Container Image Preparation for details on using containers-prepare-parameter.yaml to control what can be done during the container images prepare phase of an undercloud install.

    Additionally, docker_insecure_registries and docker_registry_mirror parameters allow to customize container registries via the undercloud.conf file.

  6. (OPTIONAL) Override heat parameters and environment files used for undercloud deployment.

    Similarly to overcloud deployments, see Overriding specific templates with local versions and Using a custom location for all templates, the undercloud.conf: custom_env_files and undercloud.conf: templates configuration parameters allow to use a custom heat templates location and override or specify additional information for Heat resources used for undercloud deployment.

    Additionally, the undercloud.conf: roles_file parameter brings in the ultimate flexibility of Deploying with Custom Roles and Deploying with Composable Services. This allows you to deploy an undercloud composed of highly customized containerized services, with the same workflow that TripleO uses for overcloud deployments.

    Note

    The CLI and configuration interface used to deploy a containerized undercloud is the same as that used by ‘legacy’ non-containerized underclouds. As noted above however mechanism by which the undercloud is actually deployed is completely changed and what is more, for the first time aligns with the overcloud deployment. See the command openstack tripleo deploy --standalone help for details. That interface extension for standalone clouds is experimental for Rocky. It is normally should not be used directly for undercloud installations.

  7. Run the command to install the undercloud:

    SSL

    To deploy an undercloud with SSL, see Deploying with SSL.

    Validations

    Validations guide will be installed and configured during undercloud installation. You can set enable_validations = false in undercloud.conf to prevent that.

    To deploy an undercloud:

    openstack undercloud install
    

Note

The undercloud is containerized by default as of Rocky.

Note

It’s possible to enable verbose logging with --verbose option.

Since Rocky, we run all the OpenStack services in a moby container runtime unless the default settings are overwritten. This command requires 2 services to be running at all times. The first one is a basic keystone service, which is currently executed by tripleoclient itself, the second one is heat-all which executes the templates and installs the services. The latter can be run on baremetal or in a container (tripleoclient will run it in a container by default).

Once the install has completed, you should take note of the files stackrc and undercloud-passwords.conf. You can source stackrc to interact with the undercloud via the OpenStack command-line client. The undercloud-passwords.conf file contains the passwords used for each service in the undercloud. These passwords will be automatically reused if the undercloud is reinstalled on the same system, so it is not necessary to copy them to undercloud.conf.

Note

Heat installer configuration, logs and state is ephemeral for undercloud deployments. Generated artifacts for consequent deployments get overwritten or removed (when undercloud.conf: cleanup = true). Although, you can still find them stored in compressed files.

Miscellaneous undercloud deployment artifacts, like processed heat templates and compressed files, can be found in undercloud.conf: output_dir locations like ~/tripleo-heat-installer-templates.

There is also a compressed file created and placed into the output dir, named as undercloud-install-<TS>.tar.bzip2, where TS represents a timestamp.

Downloaded ansible playbooks and inventory files (see TripleO config-download User’s Guide: Deploying with Ansible) used for undercloud deployment are stored in the tempdir ~/undercloud-ansible-<XXXX> by default.

Note

Any passwords set in undercloud.conf will take precedence over the ones in undercloud-passwords.conf.

Note

The used undercloud installation command can be rerun to reapply changes from undercloud.conf to the undercloud. Note that this should not be done if an overcloud has already been deployed or is in progress.

Note

If running docker commands as a stack user after an undercloud install fail with a permission error, log out and log in again. The stack user does get added to the docker group during install, but that change gets reflected only after a new login.