<div dir="ltr"><div>Hello Mark,</div><div>let me to verify if I understood your method.</div><div><br></div><div>You have old controllers,haproxy,mariadb and nova computes.</div><div>You installed three new controllers but kolla.ansible inventory contains old mariadb and old rabbit servers.</div><div>You are deployng single service on new controllers staring with glance.</div><div>When you deploy glance on new controllers, it changes the glance endpoint on old mariadb db ?</div><div>Regards</div><div>Ignazio<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno gio 27 giu 2019 alle ore 10:52 Mark Goddard <<a href="mailto:mark@stackhpc.com">mark@stackhpc.com</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, 26 Jun 2019 at 19:34, Ignazio Cassano <<a href="mailto:ignaziocassano@gmail.com" target="_blank">ignaziocassano@gmail.com</a>> wrote:<br>
><br>
> Hello,<br>
> Anyone have tried to migrate an existing openstack installation to kolla containers?<br>
<br>
Hi,<br>
<br>
I'm aware of two people currently working on that. Gregory Orange and<br>
one of my colleagues, Pierre Riteau. Pierre is away currently, so I<br>
hope he doesn't mind me quoting him from an email to Gregory.<br>
<br>
Mark<br>
<br>
"I am indeed working on a similar migration using Kolla Ansible with<br>
Kayobe, starting from a non-containerised OpenStack deployment based<br>
on CentOS RPMs.<br>
Existing OpenStack services are deployed across several controller<br>
nodes and all sit behind HAProxy, including for internal endpoints.<br>
We have additional controller nodes that we use to deploy<br>
containerised services. If you don't have the luxury of additional<br>
nodes, it will be more difficult as you will need to avoid processes<br>
clashing when listening on the same port.<br>
<br>
The method I am using resembles your second suggestion, however I am<br>
deploying only one containerised service at a time, in order to<br>
validate each of them independently.<br>
I use the --tags option of kolla-ansible to restrict Ansible to<br>
specific roles, and when I am happy with the resulting configuration I<br>
update HAProxy to point to the new controllers.<br>
<br>
As long as the configuration matches, this should be completely<br>
transparent for purely HTTP-based services like Glance. You need to be<br>
more careful with services that include components listening for RPC,<br>
such as Nova: if the new nova.conf is incorrect and you've deployed a<br>
nova-conductor that uses it, you could get failed instances launches.<br>
Some roles depend on others: if you are deploying the<br>
neutron-openvswitch-agent, you need to run the openvswitch role as<br>
well.<br>
<br>
I suggest starting with migrating Glance as it doesn't have any<br>
internal services and is easy to validate. Note that properly<br>
migrating Keystone requires keeping existing Fernet keys around, so<br>
any token stays valid until the time it is expected to stop working<br>
(which is fairly complex, see<br>
<a href="https://bugs.launchpad.net/kolla-ansible/+bug/1809469" rel="noreferrer" target="_blank">https://bugs.launchpad.net/kolla-ansible/+bug/1809469</a>).<br>
<br>
While initially I was using an approach similar to your first<br>
suggestion, it can have side effects since Kolla Ansible uses these<br>
variables when templating configuration. As an example, most services<br>
will only have notifications enabled if enable_ceilometer is true.<br>
<br>
I've added existing control plane nodes to the Kolla Ansible inventory<br>
as separate groups, which allows me to use the existing database and<br>
RabbitMQ for the containerised services.<br>
For example, instead of:<br>
<br>
[mariadb:children]<br>
control<br>
<br>
you may have:<br>
<br>
[mariadb:children]<br>
oldcontrol_db<br>
<br>
I still have to perform the migration of these underlying services to<br>
the new control plane, I will let you know if there is any hurdle.<br>
<br>
A few random things to note:<br>
<br>
- if run on existing control plane hosts, the baremetal role removes<br>
some packages listed in `redhat_pkg_removals` which can trigger the<br>
removal of OpenStack dependencies using them! I've changed this<br>
variable to an empty list.<br>
- compare your existing deployment with a Kolla Ansible one to check<br>
for differences in endpoints, configuration files, database users,<br>
service users, etc. For Heat, Kolla uses the domain heat_user_domain,<br>
while your existing deployment may use another one (and this is<br>
hardcoded in the Kolla Heat image). Kolla Ansible uses the "service"<br>
project while a couple of deployments I worked with were using<br>
"services". This shouldn't matter, except there was a bug in Kolla<br>
which prevented it from setting the roles correctly:<br>
<a href="https://bugs.launchpad.net/kolla/+bug/1791896" rel="noreferrer" target="_blank">https://bugs.launchpad.net/kolla/+bug/1791896</a> (now fixed in latest<br>
Rocky and Queens images)<br>
- the ml2_conf.ini generated for Neutron generates physical network<br>
names like physnet1, physnet2… you may want to override<br>
bridge_mappings completely.<br>
- although sometimes it could be easier to change your existing<br>
deployment to match Kolla Ansible settings, rather than configure<br>
Kolla Ansible to match your deployment."<br>
<br>
> Thanks<br>
> Ignazio<br>
><br>
</blockquote></div>