Setting up OpenStack Ansible All-in-one behind a proxy

Datetime:2016-08-23 03:29:53         Topic: OpenStack          Share        Original >>
Here to See The Original Article!!!

Setting up OpenStack Ansible (OSA) All-in-one (AIO) behind a proxy requires a couple of settings, but it should work fine (we’ll also configure the wider system). There are two types of git repos that we should configure for (unless you’re an OpenStack developer), those that use http (or https) and those that use the git protocol.

Firstly, this assumes an Ubuntu 14.04 server install (with at least 60GB of free space on / partition).

All commands are run as the root user, so switch to root first.

sudo -i

Export variables for ease of setup

Setting these variables here means that you can copy and paste the relevant commands from the rest of this blog post.

Note:Make sure that your proxy is fully resolvable and then replace the settings below with your actual proxy details (leave out user:password if you don’t use one).

export PROXY_PROTO="http"

export PROXY_HOST="user:password@proxy"

export PROXY_PORT="3128"


First, install some essentials (reboot after upgrade if you like).

echo "Acquire::http::Proxy \"${PROXY}\";" \

> /etc/apt/apt.conf.d/90proxy

apt-get update && apt-get upgrade

apt-get install git openssh-server rsync socat vim

Configure global proxies

For any http:// or https:// repositories we can just set a shell environment variable. We’ll set this in /etc/environment so that all future shells have it automatically.

cat >> /etc/environment << EOF

export http_proxy="${PROXY}"

export https_proxy="${PROXY}"

export HTTP_PROXY="${PROXY}"


export ftp_proxy="${PROXY}"

export FTP_PROXY="${PROXY}"

export no_proxy=localhost

export NO_PROXY=localhost


Source this to set the proxy variables in your current shell.

source /etc/environment

Tell sudo to keep these environment variables

echo 'Defaults env_keep = "http_proxy https_proxy ftp_proxy \


> /etc/sudoers.d/01_proxy

Configure Git

For any git:// repositories we need to make a script that uses socat (you could use netcat) and tell Git to use this as the proxy.

cat > /usr/local/bin/ << EOF


# \$1 = hostname, \$2 = port

exec socat STDIO PROXY:${PROXY_HOST}:\${1}:\${2},proxyport=${PROXY_PORT}


Make it executable.

chmod a+x /usr/local/bin/

Tell Git to proxy connections through this script.

git config --global core.gitProxy /usr/local/bin/

Clone OpenStack Ansible

OK, let’s clone the OpenStack Ansible repository! We’re living on the edge and so will build from master, however feel free to check out a tagged stable release if you prefer (e.g. git checkout -b tag-13.2.0 13.2.0 ).

git clone git:// \


cd /opt/openstack-ansible/

Bootstrap Ansible

Now we can kick off the ansible bootstrap. This prepares the system with all of the Ansible roles that make up an OpenStack environment.


Upon success, you should see:

System is bootstrapped and ready for use.

Bootstrap OpenStack Ansible All In One

Now let’s bootstrap the all in one system. This configures the host with appropriate disks and network configuration, etc ready to run the OpenStack environment in containers.


Run the Ansible playbooks

The final task is to run the playbooks, which sets up all of the OpenStack components on the host and containers. Before we proceed, however, this requires some additional configuration for the proxy.

The user_variables.yml file under the root filesystem at /etc/openstack_deploy/user_variables.yml is where we configure environment variables for OSA to export and set some other options (again, note the leading / before etc – do not modify the template file at /opt/openstack-ansible/etc/openstack_deploy by mistake).

cat >> /etc/openstack_deploy/user_variables.yml << EOF

proxy_env_url: "\"${PROXY}\""

no_proxy_env: "\"localhost,,

{{ internal_lb_vip_address }},

{{ external_lb_vip_address }},

{% for host in groups['all_containers'] %}

{{ hostvars[host]['container_address'] }}

{% if not loop.last %},

{% endif %}{% endfor %}\""


  HTTP_PROXY: "{{ proxy_env_url }}"

  HTTPS_PROXY: "{{ proxy_env_url }}"

  NO_PROXY: "{{ no_proxy_env }}"

  http_proxy: "{{ proxy_env_url }}"

  https_proxy: "{{ proxy_env_url }}"

  no_proxy: "{{ no_proxy_env }}"


Now run the playbooks!

Note: This will take a long time, perhaps a few hours, so run it in a screen or tmux session.


Verify containers

Once the playbooks complete, you should be able to list your running containers and see their status (there will be a couple of dozen).

lxc-ls -f

Log into OpenStack

Now that the system is complete, we can start using OpenStack!

You should be able to use your web browser to log into Horizon, the OpenStack Dashboard, at your AIO hosts’s IP address.

If you’re not sure what IP that is, you can find out by looking at which address port 443 is running on.

netstat -ltnp |grep 443

The admin user’s password is available in the user_secrets.yml file on the AIO host.

grep keystone_auth_admin_password \


A successful login should reveal the admin dashboard.

Enjoy your OpenStack Ansible All-in-one!


Put your ads here, just $200 per month.