Difference between revisions of "User:Vitola"
| Line 1: | Line 1: | ||
OpenStack - Folsom - Single Node | OpenStack - Folsom - Single Node | ||
| + | |||
| + | Folsom Proj01 Single Node | ||
| + | |||
| + | = Ambiente = | ||
| + | Dell Vostro 200 | ||
| + | Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | ||
| + | = Pacotes adicionais = | ||
| + | apt-get install bridge-utils vlan | ||
| + | = configuração de repositório = | ||
| + | apt-get install ubuntu-cloud-keyring | ||
| + | echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main" \ | ||
| + | > /etc/apt/sources.list.d/cloud-archive.list | ||
| + | = Atualizar os pacotes = | ||
| + | apt-get update ; apt-get upgrade ; apt-get dist-upgrade | ||
| + | = Configurar o arquivo /etc/hosts = | ||
| + | 192.168.0.100 folsom-proj01 folsom-proj01.vitola.net.br | ||
| + | = Habilitar o ip_forward = | ||
| + | echo 1 > /proc/sys/net/ipv4/ip_forward | ||
| + | sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf | ||
| + | = Instalar o ntp = | ||
| + | apt-get install ntp | ||
| + | service ntp restart | ||
| + | = Configurar a interface de rede = | ||
| + | auto br100 | ||
| + | iface br100 inet static | ||
| + | address 192.168.0.100 | ||
| + | netmask 255.255.255.0 | ||
| + | gateway 192.168.0.1 | ||
| + | dns-nameservers 8.8.8.8 8.8.4.4 | ||
| + | bridge_ports eth0 | ||
| + | bridge_stp off | ||
| + | bridge_maxwait 0 | ||
| + | bridge_fd 0 | ||
| + | = Criar a bridge = | ||
| + | brctl addbr br100; service networking restart | ||
| + | brctl show | ||
| + | bridge name bridge id STP enabled interfaces | ||
| + | br100 8000.52540044858a no eth0 | ||
| + | = Instalação do mysql = | ||
| + | apt-get install mysql-server python-mysqldb | ||
| + | sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf | ||
| + | service mysql restart | ||
| + | |||
| + | mysql -u root -p | ||
| + | |||
| + | use mysql; | ||
| + | delete from user where user <> 'root'; | ||
| + | delete from user where host <> 'localhost'; | ||
| + | update user set host = '%' where user ='root'; | ||
| + | CREATE DATABASE keystone; | ||
| + | CREATE DATABASE glance; | ||
| + | CREATE DATABASE nova; | ||
| + | CREATE DATABASE cinder; | ||
| + | DROP DATABASE test; | ||
| + | |||
| + | GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass'; | ||
| + | GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass'; | ||
| + | GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass'; | ||
| + | GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass'; | ||
| + | flush privileges; | ||
| + | = Instalação do rabbitmq = | ||
| + | apt-get install rabbitmq-server | ||
| + | = Instalação do keystone = | ||
| + | apt-get install keystone | ||
| + | = Configurar o arquivo /etc/keystone/keystone.conf = | ||
| + | [sql] | ||
| + | connection = mysql://keystoneUser:keystonePass@folsom-proj01.vitola.net.br/keystone | ||
| + | = Reiniciar o serviço e criar as tabelas no banco = | ||
| + | service keystone restart | ||
| + | keystone-manage db_sync | ||
| + | = Criar os scripts de configuração dos usuários, permissões e endpoint = | ||
| + | |||
| + | keystone_basic.sh | ||
| + | https://raw.github.com/vitola/folsom-proj01/master/scripts/keystone_basic.sh | ||
| + | |||
| + | # Modified by Bilel Msekni / Institut Telecom | ||
| + | # | ||
| + | # Support: openstack@lists.launchpad.net | ||
| + | # License: Apache Software License (ASL) 2.0 | ||
| + | # | ||
| + | |||
| + | HOST_IP=folsom-proj01.vitola.net.br | ||
| + | ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass} | ||
| + | SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass} | ||
| + | export SERVICE_TOKEN="ADMIN" | ||
| + | export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0" | ||
| + | SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} | ||
| + | |||
| + | get_id () { | ||
| + | echo `$@ | awk '/ id / { print $4 }'` | ||
| + | } | ||
| + | |||
| + | # Tenants | ||
| + | ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) | ||
| + | SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME) | ||
| + | |||
| + | # Users | ||
| + | ADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@vitola.net.br) | ||
| + | |||
| + | # Roles | ||
| + | ADMIN_ROLE=$(get_id keystone role-create --name=admin) | ||
| + | KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) | ||
| + | KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) | ||
| + | |||
| + | # Add Roles to Users in Tenants | ||
| + | keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT | ||
| + | keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT | ||
| + | keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT | ||
| + | |||
| + | # The Member role is used by Horizon and Swift | ||
| + | MEMBER_ROLE=$(get_id keystone role-create --name=Member) | ||
| + | |||
| + | # Configure service users/roles | ||
| + | NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@vitola.net.br) | ||
| + | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE | ||
| + | |||
| + | GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@vitola.net.br) | ||
| + | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE | ||
| + | |||
| + | CINDER_USER=$(get_id keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@vitola.net.br) | ||
| + | keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE | ||
| + | |||
| + | keystone_endpoints_basic.sh | ||
| + | https://raw.github.com/vitola/folsom-proj01/master/scripts/keystone_endpoints_basic.sh | ||
| + | |||
| + | #!/bin/sh | ||
| + | # | ||
| + | # Keystone basic Endpoints | ||
| + | # Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh | ||
| + | # Modified by Bilel Msekni / Institut Telecom | ||
| + | # | ||
| + | # Support: openstack@lists.launchpad.net | ||
| + | # License: Apache Software License (ASL) 2.0 | ||
| + | # | ||
| + | |||
| + | # Host address | ||
| + | HOST_IP=folsom-proj01.vitola.net.br | ||
| + | EXT_HOST_IP=folsom-proj01.vitola.net.br | ||
| + | |||
| + | # MySQL definitions | ||
| + | MYSQL_USER=keystoneUser | ||
| + | MYSQL_DATABASE=keystone | ||
| + | MYSQL_HOST=$HOST_IP | ||
| + | MYSQL_PASSWORD=keystonePass | ||
| + | |||
| + | # Keystone definitions | ||
| + | KEYSTONE_REGION=F1 | ||
| + | export SERVICE_TOKEN=ADMIN | ||
| + | export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0" | ||
| + | |||
| + | while getopts "u:D:p:m:K:R:E:T:vh" opt; do | ||
| + | case $opt in | ||
| + | u) | ||
| + | MYSQL_USER=$OPTARG | ||
| + | ;; | ||
| + | D) | ||
| + | MYSQL_DATABASE=$OPTARG | ||
| + | ;; | ||
| + | p) | ||
| + | MYSQL_PASSWORD=$OPTARG | ||
| + | ;; | ||
| + | m) | ||
| + | MYSQL_HOST=$OPTARG | ||
| + | ;; | ||
| + | K) | ||
| + | MASTER=$OPTARG | ||
| + | ;; | ||
| + | R) | ||
| + | KEYSTONE_REGION=$OPTARG | ||
| + | ;; | ||
| + | E) | ||
| + | export SERVICE_ENDPOINT=$OPTARG | ||
| + | ;; | ||
| + | T) | ||
| + | export SERVICE_TOKEN=$OPTARG | ||
| + | ;; | ||
| + | v) | ||
| + | set -x | ||
| + | ;; | ||
| + | h) | ||
| + | cat <<EOF | ||
| + | Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password] | ||
| + | [-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ] | ||
| + | [ -T keystone_token ] | ||
| + | |||
| + | Add -v for verbose mode, -h to display this message. | ||
| + | EOF | ||
| + | exit 0 | ||
| + | ;; | ||
| + | \?) | ||
| + | echo "Unknown option -$OPTARG" >&2 | ||
| + | exit 1 | ||
| + | ;; | ||
| + | :) | ||
| + | echo "Option -$OPTARG requires an argument" >&2 | ||
| + | exit 1 | ||
| + | ;; | ||
| + | esac | ||
| + | done | ||
| + | |||
| + | if [ -z "$KEYSTONE_REGION" ]; then | ||
| + | echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2 | ||
| + | missing_args="true" | ||
| + | fi | ||
| + | |||
| + | if [ -z "$SERVICE_TOKEN" ]; then | ||
| + | echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2 | ||
| + | missing_args="true" | ||
| + | fi | ||
| + | if [ -z "$SERVICE_ENDPOINT" ]; then | ||
| + | echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2 | ||
| + | missing_args="true" | ||
| + | fi | ||
| + | if [ -z "$MYSQL_PASSWORD" ]; then | ||
| + | echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2 | ||
| + | missing_args="true" | ||
| + | fi | ||
| + | if [ -n "$missing_args" ]; then | ||
| + | exit 1 | ||
| + | fi | ||
| + | |||
| + | keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | ||
| + | keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | ||
| + | keystone service-create --name glance --type image --description 'OpenStack Image Service' | ||
| + | keystone service-create --name keystone --type identity --description 'OpenStack Identity' | ||
| + | keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | ||
| + | |||
| + | create_endpoint () { | ||
| + | case $1 in | ||
| + | compute) | ||
| + | keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' | ||
| + | ;; | ||
| + | volume) | ||
| + | keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s' | ||
| + | ;; | ||
| + | image) | ||
| + | keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':9292/v2' --adminurl 'http://'"$HOST_IP"':9292/v2' --internalurl 'http://'"$HOST_IP"':9292/v2' | ||
| + | ;; | ||
| + | identity) | ||
| + | keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':5000/v2.0' --adminurl 'http://'"$HOST_IP"':35357/v2.0' --internalurl 'http://'"$HOST_IP"':5000/v2.0' | ||
| + | ;; | ||
| + | ec2) | ||
| + | keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8773/services/Cloud' --adminurl 'http://'"$HOST_IP"':8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud' | ||
| + | ;; | ||
| + | esac | ||
| + | } | ||
| + | |||
| + | for i in compute volume image object-store identity ec2; do | ||
| + | id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1 | ||
| + | create_endpoint $i $id | ||
| + | done | ||
| + | |||
| + | |||
| + | chmod +x keystone_basic.sh | ||
| + | chmod +x keystone_endpoints_basic.sh | ||
| + | |||
| + | ./keystone_basic.sh | ||
| + | ./keystone_endpoints_basic.sh | ||
| + | = Dados de acesso ~/.creds = | ||
| + | export OS_NO_CACHE=1 | ||
| + | export OS_TENANT_NAME=admin | ||
| + | export OS_USERNAME=admin | ||
| + | export OS_PASSWORD=admin_pass | ||
| + | export OS_AUTH_URL="http://folsom-proj01.vitola.net.br:5000/v2.0/" | ||
| + | = Incluir as informações nas variáveis de ambiente do usuário = | ||
| + | source ~/.creds | ||
| + | echo " source ~/.creds" >> ~/.bash_profile | ||
| + | = Testar o acesso usando o curl = | ||
| + | curl http://folsom-proj01.vitola.net.br:35357/v2.0/endpoints -H 'x-auth-token: ADMIN' | python -m json.tool | ||
| + | = Instalação do glance = | ||
| + | apt-get install glance | ||
| + | = Configurar o arquivo /etc/glance/glance-api-paste.ini = | ||
| + | [filter:authtoken] | ||
| + | delay_auth_decision = true | ||
| + | paste.filter_factory = keystone.middleware.auth_token:filter_factory | ||
| + | service_protocol = http | ||
| + | service_host = folsom-proj01.vitola.net.br | ||
| + | service_port = 5000 | ||
| + | auth_host = folsom-proj01.vitola.net.br | ||
| + | auth_port = 35357 | ||
| + | auth_protocol = http | ||
| + | auth_uri = http://folsom-proj01.vitola.net.br:5000/ | ||
| + | admin_tenant_name = service | ||
| + | admin_user = glance | ||
| + | admin_password = service_pass | ||
| + | = Configurar o arquivo /etc/glance/glance-registry-paste.ini = | ||
| + | [filter:authtoken] | ||
| + | paste.filter_factory = keystone.middleware.auth_token:filter_factory | ||
| + | service_host = folsom-proj01.vitola.net.br | ||
| + | service_port = 5000 | ||
| + | auth_host = folsom-proj01.vitola.net.br | ||
| + | auth_port = 35357 | ||
| + | auth_protocol = http | ||
| + | auth_uri = http://folsom-proj01.vitola.net.br:5000/ | ||
| + | admin_tenant_name = service | ||
| + | admin_user = glance | ||
| + | admin_password = service_pass | ||
| + | = Configurar o arquivo /etc/glance/glance-api.conf = | ||
| + | sql_connection = mysql://glanceUser:glancePass@folsom-proj01.vitola.net.br/glance | ||
| + | [keystone_authtoken] | ||
| + | auth_host = folsom-proj01.vitola.net.br | ||
| + | auth_port = 35357 | ||
| + | auth_protocol = http | ||
| + | admin_tenant_name = service | ||
| + | admin_user = glance | ||
| + | admin_password = service_pass | ||
| + | [paste_deploy] | ||
| + | flavor = keystone | ||
| + | = Configurar o arquivo /etc/glance/glance-registry.conf = | ||
| + | sql_connection = mysql://glanceUser:glancePass@folsom-proj01.vitola.net.br/glance | ||
| + | [keystone_authtoken] | ||
| + | auth_host = folsom-proj01.vitola.net.br | ||
| + | auth_port = 35357 | ||
| + | auth_protocol = http | ||
| + | admin_tenant_name = service | ||
| + | admin_user = glance | ||
| + | admin_password = service_pass | ||
| + | [paste_deploy] | ||
| + | flavor = keystone | ||
| + | = Reiniciar os serviços e criar as tabelas no banco = | ||
| + | cd /etc/init.d/; for i in $(ls glance-*); do service $i restart; done | ||
| + | glance-manage db_sync | ||
| + | = Inclusão de imagens no glance = | ||
| + | Foi feito o download por http do servidor local, mas pode ser feito direto do repositório da distribuição | ||
| + | glance image-create \ | ||
| + | --name="ubuntu-12.04.2-server-amd64.iso" \ | ||
| + | --public \ | ||
| + | --container-format=bare \ | ||
| + | --disk-format=iso \ | ||
| + | --copy-from="http://folsom-proj01.vitola.net.br/ubuntu-12.04.2-server-amd64.iso" | ||
| + | glance image-create \ | ||
| + | --name="Cirros64Bits" \ | ||
| + | --public \ | ||
| + | --container-format bare \ | ||
| + | --disk-format qcow2 \ | ||
| + | --copy-from="http://folsom-proj01.vitola.net.br/cirros-0.3.0-x86_64-disk.img" | ||
| + | glance image-create \ | ||
| + | --name="CentOS-6.4-x86_64-minimal.iso" \ | ||
| + | --public \ | ||
| + | --container-format bare \ | ||
| + | --disk-format iso \ | ||
| + | --copy-from="http://folsom-proj01.vitola.net.br/CentOS-6.4-x86_64-minimal.iso" | ||
| + | |||
| + | As imagens são salvas neste diretório /var/lib/glance/images/ | ||
| + | |||
| + | = Instalação do cinder = | ||
| + | apt-get install cinder-volume cinder-api cinder-scheduler cinder-volume | ||
| + | = Configurar o arquivo /etc/cinder/api-paste.ini = | ||
| + | [filter:authtoken] | ||
| + | paste.filter_factory = keystone.middleware.auth_token:filter_factory | ||
| + | service_protocol = http | ||
| + | service_host = folsom-proj01.vitola.net.br | ||
| + | service_port = 5000 | ||
| + | auth_host = folsom-proj01.vitola.net.br | ||
| + | auth_port = 35357 | ||
| + | auth_protocol = http | ||
| + | admin_tenant_name = service | ||
| + | admin_user = cinder | ||
| + | admin_password = service_pass | ||
| + | = Configurar o arquivo /etc/cinder/cinder.conf = | ||
| + | sql_connection = mysql://cinderUser:cinderPass@folsom-proj01.vitola.net.br/cinder | ||
| + | = Configurar a partição LVM = | ||
| + | |||
| + | fdisk /dev/sdc | ||
| + | fdisk> n | ||
| + | fdisk> p | ||
| + | fdisk> 1 | ||
| + | fdisk> ENTER | ||
| + | fdisk> ENTER | ||
| + | fdisk> t | ||
| + | fdisk> 8e | ||
| + | fdisk> w | ||
| + | |||
| + | pvcreate /dev/sdc1 | ||
| + | vgcreate cinder-volumes /dev/sdc1 | ||
| + | = Criar as tabelas no banco de dados e reiniciar os serviços = | ||
| + | cinder-manage db sync | ||
| + | cd /etc/init.d/; for i in $(ls cinder-*); do service $i restart; done | ||
| + | = Nova = | ||
| + | == Instalação == | ||
| + | apt-get install nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-network nova-compute-kvm nova-api | ||
| + | == Configuração == | ||
| + | === /etc/nova/api-paste.ini === | ||
| + | [filter:authtoken] | ||
| + | paste.filter_factory = keystone.middleware.auth_token:filter_factory | ||
| + | auth_host = folsom-proj01 | ||
| + | auth_port = 35357 | ||
| + | auth_protocol = http | ||
| + | admin_tenant_name = service | ||
| + | admin_user = nova | ||
| + | admin_password = service_pass | ||
| + | signing_dir = /tmp/keystone-signing-nova | ||
| + | === /etc/nova/nova.conf === | ||
| + | [DEFAULT] | ||
| + | dhcpbridge_flagfile=/etc/nova/nova.conf | ||
| + | dhcpbridge=/usr/bin/nova-dhcpbridge | ||
| + | logdir=/var/log/nova | ||
| + | state_path=/var/lib/nova | ||
| + | lock_path=/var/lock/nova | ||
| + | force_dhcp_release=True | ||
| + | iscsi_helper=tgtadm | ||
| + | libvirt_use_virtio_for_bridges=True | ||
| + | connection_type=libvirt | ||
| + | root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf | ||
| + | verbose=True | ||
| + | ec2_private_dns_show_ip=True | ||
| + | api_paste_config=/etc/nova/api-paste.ini | ||
| + | volumes_path=/var/lib/nova/volumes | ||
| + | |||
| + | scheduler_driver=nova.scheduler.simple.SimpleScheduler | ||
| + | s3_host=192.168.0.100 | ||
| + | ec2_host=192.168.0.100 | ||
| + | ec2_dmz_host=192.168.0.100 | ||
| + | rabbit_host=192.168.0.100 | ||
| + | cc_host=192.168.0.100 | ||
| + | metadata_host=192.168.0.100 | ||
| + | metadata_listen=0.0.0.0 | ||
| + | nova_url=http://folsom-proj01.vitola.net.br:8774/v1.1/ | ||
| + | sql_connection=mysql://novaUser:novaPass@folsom-proj01.vitola.net.br/nova | ||
| + | ec2_url=http://folsom-proj01.vitola.net.br:8773/services/Cloud | ||
| + | rootwrap_config=/etc/nova/rootwrap.conf | ||
| + | |||
| + | log-config=/etc/nova/logging.conf | ||
| + | verbose = True | ||
| + | debug = True | ||
| + | use_syslog = False | ||
| + | syslog_log_facility = LOG_LOCAL0 | ||
| + | |||
| + | # Auth | ||
| + | use_deprecated_auth=false | ||
| + | auth_strategy=keystone | ||
| + | keystone_ec2_url=http://folsom-proj01.vitola.net.br:5000/v2.0/ec2tokens | ||
| + | |||
| + | # Imaging service | ||
| + | glance_api_servers=folsom-proj01.vitola.net.br:9292 | ||
| + | image_service=nova.image.glance.GlanceImageService | ||
| + | |||
| + | # Vnc configuration | ||
| + | novnc_enabled=true | ||
| + | novncproxy_base_url=http://folsom-proj01.vitola.net.br:6080/vnc_auto.html | ||
| + | novncproxy_port=6080 | ||
| + | vncserver_proxyclient_address=folsom-proj01.vitola.net.br | ||
| + | vncserver_listen=0.0.0.0 | ||
| + | |||
| + | # NETWORK | ||
| + | network_manager=nova.network.manager.FlatDHCPManager | ||
| + | force_dhcp_release=True | ||
| + | dhcpbridge_flagfile=/etc/nova/nova.conf | ||
| + | #firewall_driver=nova.virt.firewall.IptablesFirewallDriver | ||
| + | my_ip=192.168.0.100 | ||
| + | public_interface=br100 | ||
| + | vlan_interface=eth1 | ||
| + | flat_network_bridge=br100 | ||
| + | flat_interface=eth1 | ||
| + | flat_injected=True | ||
| + | fixed_range=192.168.100.0/24 | ||
| + | compute_driver=libvirt.LibvirtDriver | ||
| + | |||
| + | # Cinder # | ||
| + | volume_api_class=nova.volume.cinder.API | ||
| + | osapi_volume_listen_port=5900 | ||
| + | === /etc/nova/nova-compute.conf === | ||
| + | [DEFAULT] | ||
| + | libvirt_type=kvm | ||
| + | == Criar as tabelas no banco de dados e reiniciar os serviços == | ||
| + | nova-manage db sync | ||
| + | cd /etc/init.d/; for i in $(ls nova-*); do service $i restart; done | ||
Revision as of 01:25, 3 August 2013
OpenStack - Folsom - Single Node
Folsom Proj01 Single Node
Contents
- 1 Ambiente
- 2 Pacotes adicionais
- 3 configuração de repositório
- 4 Atualizar os pacotes
- 5 Configurar o arquivo /etc/hosts
- 6 Habilitar o ip_forward
- 7 Instalar o ntp
- 8 Configurar a interface de rede
- 9 Criar a bridge
- 10 Instalação do mysql
- 11 Instalação do rabbitmq
- 12 Instalação do keystone
- 13 Configurar o arquivo /etc/keystone/keystone.conf
- 14 Reiniciar o serviço e criar as tabelas no banco
- 15 Criar os scripts de configuração dos usuários, permissões e endpoint
- 16 Dados de acesso ~/.creds
- 17 Incluir as informações nas variáveis de ambiente do usuário
- 18 Testar o acesso usando o curl
- 19 Instalação do glance
- 20 Configurar o arquivo /etc/glance/glance-api-paste.ini
- 21 Configurar o arquivo /etc/glance/glance-registry-paste.ini
- 22 Configurar o arquivo /etc/glance/glance-api.conf
- 23 Configurar o arquivo /etc/glance/glance-registry.conf
- 24 Reiniciar os serviços e criar as tabelas no banco
- 25 Inclusão de imagens no glance
- 26 Instalação do cinder
- 27 Configurar o arquivo /etc/cinder/api-paste.ini
- 28 Configurar o arquivo /etc/cinder/cinder.conf
- 29 Configurar a partição LVM
- 30 Criar as tabelas no banco de dados e reiniciar os serviços
- 31 Nova
Ambiente
Dell Vostro 200 Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Pacotes adicionais
apt-get install bridge-utils vlan
configuração de repositório
apt-get install ubuntu-cloud-keyring echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main" \ > /etc/apt/sources.list.d/cloud-archive.list
Atualizar os pacotes
apt-get update ; apt-get upgrade ; apt-get dist-upgrade
Configurar o arquivo /etc/hosts
192.168.0.100 folsom-proj01 folsom-proj01.vitola.net.br
Habilitar o ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
Instalar o ntp
apt-get install ntp service ntp restart
Configurar a interface de rede
auto br100
iface br100 inet static
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 8.8.8.8 8.8.4.4
bridge_ports eth0
bridge_stp off
bridge_maxwait 0
bridge_fd 0
Criar a bridge
brctl addbr br100; service networking restart brctl show bridge name bridge id STP enabled interfaces br100 8000.52540044858a no eth0
Instalação do mysql
apt-get install mysql-server python-mysqldb sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf service mysql restart
mysql -u root -p
use mysql;
delete from user where user <> 'root';
delete from user where host <> 'localhost';
update user set host = '%' where user ='root';
CREATE DATABASE keystone;
CREATE DATABASE glance;
CREATE DATABASE nova;
CREATE DATABASE cinder;
DROP DATABASE test;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass';
flush privileges;
Instalação do rabbitmq
apt-get install rabbitmq-server
Instalação do keystone
apt-get install keystone
Configurar o arquivo /etc/keystone/keystone.conf
[sql] connection = mysql://keystoneUser:keystonePass@folsom-proj01.vitola.net.br/keystone
Reiniciar o serviço e criar as tabelas no banco
service keystone restart keystone-manage db_sync
Criar os scripts de configuração dos usuários, permissões e endpoint
keystone_basic.sh https://raw.github.com/vitola/folsom-proj01/master/scripts/keystone_basic.sh
# Modified by Bilel Msekni / Institut Telecom
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
HOST_IP=folsom-proj01.vitola.net.br
ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}
export SERVICE_TOKEN="ADMIN"
export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@vitola.net.br)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
# The Member role is used by Horizon and Swift
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@vitola.net.br)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@vitola.net.br)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
CINDER_USER=$(get_id keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@vitola.net.br)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
keystone_endpoints_basic.sh https://raw.github.com/vitola/folsom-proj01/master/scripts/keystone_endpoints_basic.sh
#!/bin/sh # # Keystone basic Endpoints # Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh # Modified by Bilel Msekni / Institut Telecom # # Support: openstack@lists.launchpad.net # License: Apache Software License (ASL) 2.0 # # Host address HOST_IP=folsom-proj01.vitola.net.br EXT_HOST_IP=folsom-proj01.vitola.net.br # MySQL definitions MYSQL_USER=keystoneUser MYSQL_DATABASE=keystone MYSQL_HOST=$HOST_IP MYSQL_PASSWORD=keystonePass # Keystone definitions KEYSTONE_REGION=F1 export SERVICE_TOKEN=ADMIN export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0" while getopts "u:D:p:m:K:R:E:T:vh" opt; do case $opt in u) MYSQL_USER=$OPTARG ;; D) MYSQL_DATABASE=$OPTARG ;; p) MYSQL_PASSWORD=$OPTARG ;; m) MYSQL_HOST=$OPTARG ;; K) MASTER=$OPTARG ;; R) KEYSTONE_REGION=$OPTARG ;; E) export SERVICE_ENDPOINT=$OPTARG ;; T) export SERVICE_TOKEN=$OPTARG ;; v) set -x ;; h) cat <<EOF Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password] [-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ] [ -T keystone_token ] Add -v for verbose mode, -h to display this message. EOF exit 0 ;; \?) echo "Unknown option -$OPTARG" >&2 exit 1 ;; :) echo "Option -$OPTARG requires an argument" >&2 exit 1 ;; esac done
if [ -z "$KEYSTONE_REGION" ]; then echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2 missing_args="true" fi
if [ -z "$SERVICE_TOKEN" ]; then
echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_ENDPOINT" ]; then
echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2
missing_args="true"
fi
if [ -z "$MYSQL_PASSWORD" ]; then
echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2
missing_args="true"
fi
if [ -n "$missing_args" ]; then
exit 1
fi
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
create_endpoint () {
case $1 in
compute)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s'
;;
volume)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s'
;;
image)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':9292/v2' --adminurl 'http://'"$HOST_IP"':9292/v2' --internalurl 'http://'"$HOST_IP"':9292/v2'
;;
identity)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':5000/v2.0' --adminurl 'http://'"$HOST_IP"':35357/v2.0' --internalurl 'http://'"$HOST_IP"':5000/v2.0'
;;
ec2)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8773/services/Cloud' --adminurl 'http://'"$HOST_IP"':8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud'
;;
esac
}
for i in compute volume image object-store identity ec2; do
id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1
create_endpoint $i $id
done
chmod +x keystone_basic.sh chmod +x keystone_endpoints_basic.sh
./keystone_basic.sh ./keystone_endpoints_basic.sh
Dados de acesso ~/.creds
export OS_NO_CACHE=1 export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin_pass export OS_AUTH_URL="http://folsom-proj01.vitola.net.br:5000/v2.0/"
Incluir as informações nas variáveis de ambiente do usuário
source ~/.creds echo " source ~/.creds" >> ~/.bash_profile
Testar o acesso usando o curl
curl http://folsom-proj01.vitola.net.br:35357/v2.0/endpoints -H 'x-auth-token: ADMIN' | python -m json.tool
Instalação do glance
apt-get install glance
Configurar o arquivo /etc/glance/glance-api-paste.ini
[filter:authtoken] delay_auth_decision = true paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = folsom-proj01.vitola.net.br service_port = 5000 auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http auth_uri = http://folsom-proj01.vitola.net.br:5000/ admin_tenant_name = service admin_user = glance admin_password = service_pass
Configurar o arquivo /etc/glance/glance-registry-paste.ini
[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_host = folsom-proj01.vitola.net.br service_port = 5000 auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http auth_uri = http://folsom-proj01.vitola.net.br:5000/ admin_tenant_name = service admin_user = glance admin_password = service_pass
Configurar o arquivo /etc/glance/glance-api.conf
sql_connection = mysql://glanceUser:glancePass@folsom-proj01.vitola.net.br/glance [keystone_authtoken] auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = service_pass [paste_deploy] flavor = keystone
Configurar o arquivo /etc/glance/glance-registry.conf
sql_connection = mysql://glanceUser:glancePass@folsom-proj01.vitola.net.br/glance [keystone_authtoken] auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = service_pass [paste_deploy] flavor = keystone
Reiniciar os serviços e criar as tabelas no banco
cd /etc/init.d/; for i in $(ls glance-*); do service $i restart; done glance-manage db_sync
Inclusão de imagens no glance
Foi feito o download por http do servidor local, mas pode ser feito direto do repositório da distribuição glance image-create \ --name="ubuntu-12.04.2-server-amd64.iso" \ --public \ --container-format=bare \ --disk-format=iso \ --copy-from="http://folsom-proj01.vitola.net.br/ubuntu-12.04.2-server-amd64.iso" glance image-create \ --name="Cirros64Bits" \ --public \ --container-format bare \ --disk-format qcow2 \ --copy-from="http://folsom-proj01.vitola.net.br/cirros-0.3.0-x86_64-disk.img" glance image-create \ --name="CentOS-6.4-x86_64-minimal.iso" \ --public \ --container-format bare \ --disk-format iso \ --copy-from="http://folsom-proj01.vitola.net.br/CentOS-6.4-x86_64-minimal.iso"
As imagens são salvas neste diretório /var/lib/glance/images/
Instalação do cinder
apt-get install cinder-volume cinder-api cinder-scheduler cinder-volume
Configurar o arquivo /etc/cinder/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = folsom-proj01.vitola.net.br service_port = 5000 auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = cinder admin_password = service_pass
Configurar o arquivo /etc/cinder/cinder.conf
sql_connection = mysql://cinderUser:cinderPass@folsom-proj01.vitola.net.br/cinder
Configurar a partição LVM
fdisk /dev/sdc fdisk> n fdisk> p fdisk> 1 fdisk> ENTER fdisk> ENTER fdisk> t fdisk> 8e fdisk> w
pvcreate /dev/sdc1 vgcreate cinder-volumes /dev/sdc1
Criar as tabelas no banco de dados e reiniciar os serviços
cinder-manage db sync cd /etc/init.d/; for i in $(ls cinder-*); do service $i restart; done
Nova
Instalação
apt-get install nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-network nova-compute-kvm nova-api
Configuração
/etc/nova/api-paste.ini
[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_host = folsom-proj01 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = service_pass signing_dir = /tmp/keystone-signing-nova
/etc/nova/nova.conf
[DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True iscsi_helper=tgtadm libvirt_use_virtio_for_bridges=True connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf verbose=True ec2_private_dns_show_ip=True api_paste_config=/etc/nova/api-paste.ini volumes_path=/var/lib/nova/volumes scheduler_driver=nova.scheduler.simple.SimpleScheduler s3_host=192.168.0.100 ec2_host=192.168.0.100 ec2_dmz_host=192.168.0.100 rabbit_host=192.168.0.100 cc_host=192.168.0.100 metadata_host=192.168.0.100 metadata_listen=0.0.0.0 nova_url=http://folsom-proj01.vitola.net.br:8774/v1.1/ sql_connection=mysql://novaUser:novaPass@folsom-proj01.vitola.net.br/nova ec2_url=http://folsom-proj01.vitola.net.br:8773/services/Cloud rootwrap_config=/etc/nova/rootwrap.conf log-config=/etc/nova/logging.conf verbose = True debug = True use_syslog = False syslog_log_facility = LOG_LOCAL0 # Auth use_deprecated_auth=false auth_strategy=keystone keystone_ec2_url=http://folsom-proj01.vitola.net.br:5000/v2.0/ec2tokens # Imaging service glance_api_servers=folsom-proj01.vitola.net.br:9292 image_service=nova.image.glance.GlanceImageService # Vnc configuration novnc_enabled=true novncproxy_base_url=http://folsom-proj01.vitola.net.br:6080/vnc_auto.html novncproxy_port=6080 vncserver_proxyclient_address=folsom-proj01.vitola.net.br vncserver_listen=0.0.0.0 # NETWORK network_manager=nova.network.manager.FlatDHCPManager force_dhcp_release=True dhcpbridge_flagfile=/etc/nova/nova.conf #firewall_driver=nova.virt.firewall.IptablesFirewallDriver my_ip=192.168.0.100 public_interface=br100 vlan_interface=eth1 flat_network_bridge=br100 flat_interface=eth1 flat_injected=True fixed_range=192.168.100.0/24 compute_driver=libvirt.LibvirtDriver # Cinder # volume_api_class=nova.volume.cinder.API osapi_volume_listen_port=5900
/etc/nova/nova-compute.conf
[DEFAULT] libvirt_type=kvm
Criar as tabelas no banco de dados e reiniciar os serviços
nova-manage db sync cd /etc/init.d/; for i in $(ls nova-*); do service $i restart; done
