User:Vitola
OpenStack - Folsom - Single Node
Folsom Proj01 Single Node
Contents
- 1 Ambiente
- 2 Pacotes adicionais
- 3 configuração de repositório
- 4 Atualizar os pacotes
- 5 Configurar o arquivo /etc/hosts
- 6 Habilitar o ip_forward
- 7 Instalar o ntp
- 8 Configurar a interface de rede
- 9 Criar a bridge
- 10 Instalação do mysql
- 11 Instalação do rabbitmq
- 12 Instalação do keystone
- 13 Configurar o arquivo /etc/keystone/keystone.conf
- 14 Reiniciar o serviço e criar as tabelas no banco
- 15 Criar os scripts de configuração dos usuários, permissões e endpoint
- 16 Dados de acesso ~/.creds
- 17 Incluir as informações nas variáveis de ambiente do usuário
- 18 Testar o acesso usando o curl
- 19 Instalação do glance
- 20 Configurar o arquivo /etc/glance/glance-api-paste.ini
- 21 Configurar o arquivo /etc/glance/glance-registry-paste.ini
- 22 Configurar o arquivo /etc/glance/glance-api.conf
- 23 Configurar o arquivo /etc/glance/glance-registry.conf
- 24 Reiniciar os serviços e criar as tabelas no banco
- 25 Inclusão de imagens no glance
- 26 Instalação do cinder
- 27 Configurar o arquivo /etc/cinder/api-paste.ini
- 28 Configurar o arquivo /etc/cinder/cinder.conf
- 29 Configurar a partição LVM
- 30 Criar as tabelas no banco de dados e reiniciar os serviços
- 31 Nova
Ambiente
Dell Vostro 200 Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Pacotes adicionais
apt-get install bridge-utils vlan
configuração de repositório
apt-get install ubuntu-cloud-keyring echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main" \ > /etc/apt/sources.list.d/cloud-archive.list
Atualizar os pacotes
apt-get update ; apt-get upgrade ; apt-get dist-upgrade
Configurar o arquivo /etc/hosts
192.168.0.100 folsom-proj01 folsom-proj01.vitola.net.br
Habilitar o ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
Instalar o ntp
apt-get install ntp service ntp restart
Configurar a interface de rede
auto br100 iface br100 inet static address 192.168.0.100 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4 bridge_ports eth0 bridge_stp off bridge_maxwait 0 bridge_fd 0
Criar a bridge
brctl addbr br100; service networking restart brctl show bridge name bridge id STP enabled interfaces br100 8000.52540044858a no eth0
Instalação do mysql
apt-get install mysql-server python-mysqldb sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf service mysql restart
mysql -u root -p
use mysql; delete from user where user <> 'root'; delete from user where host <> 'localhost'; update user set host = '%' where user ='root'; CREATE DATABASE keystone; CREATE DATABASE glance; CREATE DATABASE nova; CREATE DATABASE cinder; DROP DATABASE test;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass'; GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass'; GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass'; GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass'; flush privileges;
Instalação do rabbitmq
apt-get install rabbitmq-server
Instalação do keystone
apt-get install keystone
Configurar o arquivo /etc/keystone/keystone.conf
[sql] connection = mysql://keystoneUser:keystonePass@folsom-proj01.vitola.net.br/keystone
Reiniciar o serviço e criar as tabelas no banco
service keystone restart keystone-manage db_sync
Criar os scripts de configuração dos usuários, permissões e endpoint
keystone_basic.sh https://raw.github.com/vitola/folsom-proj01/master/scripts/keystone_basic.sh
# Modified by Bilel Msekni / Institut Telecom # # Support: openstack@lists.launchpad.net # License: Apache Software License (ASL) 2.0 # HOST_IP=folsom-proj01.vitola.net.br ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass} SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass} export SERVICE_TOKEN="ADMIN" export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0" SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} get_id () { echo `$@ | awk '/ id / { print $4 }'` } # Tenants ADMIN_TENANT=$(get_id keystone tenant-create --name=admin) SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME) # Users ADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@vitola.net.br) # Roles ADMIN_ROLE=$(get_id keystone role-create --name=admin) KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin) KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) # Add Roles to Users in Tenants keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT # The Member role is used by Horizon and Swift MEMBER_ROLE=$(get_id keystone role-create --name=Member) # Configure service users/roles NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@vitola.net.br) keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@vitola.net.br) keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE CINDER_USER=$(get_id keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@vitola.net.br) keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
keystone_endpoints_basic.sh https://raw.github.com/vitola/folsom-proj01/master/scripts/keystone_endpoints_basic.sh
#!/bin/sh # # Keystone basic Endpoints # Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh # Modified by Bilel Msekni / Institut Telecom # # Support: openstack@lists.launchpad.net # License: Apache Software License (ASL) 2.0 # # Host address HOST_IP=folsom-proj01.vitola.net.br EXT_HOST_IP=folsom-proj01.vitola.net.br # MySQL definitions MYSQL_USER=keystoneUser MYSQL_DATABASE=keystone MYSQL_HOST=$HOST_IP MYSQL_PASSWORD=keystonePass # Keystone definitions KEYSTONE_REGION=F1 export SERVICE_TOKEN=ADMIN export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0" while getopts "u:D:p:m:K:R:E:T:vh" opt; do case $opt in u) MYSQL_USER=$OPTARG ;; D) MYSQL_DATABASE=$OPTARG ;; p) MYSQL_PASSWORD=$OPTARG ;; m) MYSQL_HOST=$OPTARG ;; K) MASTER=$OPTARG ;; R) KEYSTONE_REGION=$OPTARG ;; E) export SERVICE_ENDPOINT=$OPTARG ;; T) export SERVICE_TOKEN=$OPTARG ;; v) set -x ;; h) cat <<EOF Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password] [-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ] [ -T keystone_token ] Add -v for verbose mode, -h to display this message. EOF exit 0 ;; \?) echo "Unknown option -$OPTARG" >&2 exit 1 ;; :) echo "Option -$OPTARG requires an argument" >&2 exit 1 ;; esac done
if [ -z "$KEYSTONE_REGION" ]; then echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2 missing_args="true" fi
if [ -z "$SERVICE_TOKEN" ]; then echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2 missing_args="true" fi if [ -z "$SERVICE_ENDPOINT" ]; then echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2 missing_args="true" fi if [ -z "$MYSQL_PASSWORD" ]; then echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2 missing_args="true" fi if [ -n "$missing_args" ]; then exit 1 fi keystone service-create --name nova --type compute --description 'OpenStack Compute Service' keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' keystone service-create --name glance --type image --description 'OpenStack Image Service' keystone service-create --name keystone --type identity --description 'OpenStack Identity' keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' create_endpoint () { case $1 in compute) keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' ;; volume) keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s' ;; image) keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':9292/v2' --adminurl 'http://'"$HOST_IP"':9292/v2' --internalurl 'http://'"$HOST_IP"':9292/v2' ;; identity) keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':5000/v2.0' --adminurl 'http://'"$HOST_IP"':35357/v2.0' --internalurl 'http://'"$HOST_IP"':5000/v2.0' ;; ec2) keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8773/services/Cloud' --adminurl 'http://'"$HOST_IP"':8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud' ;; esac } for i in compute volume image object-store identity ec2; do id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1 create_endpoint $i $id done
chmod +x keystone_basic.sh chmod +x keystone_endpoints_basic.sh
./keystone_basic.sh ./keystone_endpoints_basic.sh
Dados de acesso ~/.creds
export OS_NO_CACHE=1 export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin_pass export OS_AUTH_URL="http://folsom-proj01.vitola.net.br:5000/v2.0/"
Incluir as informações nas variáveis de ambiente do usuário
source ~/.creds echo " source ~/.creds" >> ~/.bash_profile
Testar o acesso usando o curl
curl http://folsom-proj01.vitola.net.br:35357/v2.0/endpoints -H 'x-auth-token: ADMIN' | python -m json.tool
Instalação do glance
apt-get install glance
Configurar o arquivo /etc/glance/glance-api-paste.ini
[filter:authtoken] delay_auth_decision = true paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = folsom-proj01.vitola.net.br service_port = 5000 auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http auth_uri = http://folsom-proj01.vitola.net.br:5000/ admin_tenant_name = service admin_user = glance admin_password = service_pass
Configurar o arquivo /etc/glance/glance-registry-paste.ini
[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_host = folsom-proj01.vitola.net.br service_port = 5000 auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http auth_uri = http://folsom-proj01.vitola.net.br:5000/ admin_tenant_name = service admin_user = glance admin_password = service_pass
Configurar o arquivo /etc/glance/glance-api.conf
sql_connection = mysql://glanceUser:glancePass@folsom-proj01.vitola.net.br/glance [keystone_authtoken] auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = service_pass [paste_deploy] flavor = keystone
Configurar o arquivo /etc/glance/glance-registry.conf
sql_connection = mysql://glanceUser:glancePass@folsom-proj01.vitola.net.br/glance [keystone_authtoken] auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = service_pass [paste_deploy] flavor = keystone
Reiniciar os serviços e criar as tabelas no banco
cd /etc/init.d/; for i in $(ls glance-*); do service $i restart; done glance-manage db_sync
Inclusão de imagens no glance
Foi feito o download por http do servidor local, mas pode ser feito direto do repositório da distribuição glance image-create \ --name="ubuntu-12.04.2-server-amd64.iso" \ --public \ --container-format=bare \ --disk-format=iso \ --copy-from="http://folsom-proj01.vitola.net.br/ubuntu-12.04.2-server-amd64.iso" glance image-create \ --name="Cirros64Bits" \ --public \ --container-format bare \ --disk-format qcow2 \ --copy-from="http://folsom-proj01.vitola.net.br/cirros-0.3.0-x86_64-disk.img" glance image-create \ --name="CentOS-6.4-x86_64-minimal.iso" \ --public \ --container-format bare \ --disk-format iso \ --copy-from="http://folsom-proj01.vitola.net.br/CentOS-6.4-x86_64-minimal.iso"
As imagens são salvas neste diretório /var/lib/glance/images/
Instalação do cinder
apt-get install cinder-volume cinder-api cinder-scheduler cinder-volume
Configurar o arquivo /etc/cinder/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = folsom-proj01.vitola.net.br service_port = 5000 auth_host = folsom-proj01.vitola.net.br auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = cinder admin_password = service_pass
Configurar o arquivo /etc/cinder/cinder.conf
sql_connection = mysql://cinderUser:cinderPass@folsom-proj01.vitola.net.br/cinder
Configurar a partição LVM
fdisk /dev/sdc fdisk> n fdisk> p fdisk> 1 fdisk> ENTER fdisk> ENTER fdisk> t fdisk> 8e fdisk> w
pvcreate /dev/sdc1 vgcreate cinder-volumes /dev/sdc1
Criar as tabelas no banco de dados e reiniciar os serviços
cinder-manage db sync cd /etc/init.d/; for i in $(ls cinder-*); do service $i restart; done
Nova
Instalação
apt-get install nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-network nova-compute-kvm nova-api
Configuração
/etc/nova/api-paste.ini
[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_host = folsom-proj01 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = service_pass signing_dir = /tmp/keystone-signing-nova
/etc/nova/nova.conf
[DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True iscsi_helper=tgtadm libvirt_use_virtio_for_bridges=True connection_type=libvirt root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf verbose=True ec2_private_dns_show_ip=True api_paste_config=/etc/nova/api-paste.ini volumes_path=/var/lib/nova/volumes scheduler_driver=nova.scheduler.simple.SimpleScheduler s3_host=192.168.0.100 ec2_host=192.168.0.100 ec2_dmz_host=192.168.0.100 rabbit_host=192.168.0.100 cc_host=192.168.0.100 metadata_host=192.168.0.100 metadata_listen=0.0.0.0 nova_url=http://folsom-proj01.vitola.net.br:8774/v1.1/ sql_connection=mysql://novaUser:novaPass@folsom-proj01.vitola.net.br/nova ec2_url=http://folsom-proj01.vitola.net.br:8773/services/Cloud rootwrap_config=/etc/nova/rootwrap.conf log-config=/etc/nova/logging.conf verbose = True debug = True use_syslog = False syslog_log_facility = LOG_LOCAL0 # Auth use_deprecated_auth=false auth_strategy=keystone keystone_ec2_url=http://folsom-proj01.vitola.net.br:5000/v2.0/ec2tokens # Imaging service glance_api_servers=folsom-proj01.vitola.net.br:9292 image_service=nova.image.glance.GlanceImageService # Vnc configuration novnc_enabled=true novncproxy_base_url=http://folsom-proj01.vitola.net.br:6080/vnc_auto.html novncproxy_port=6080 vncserver_proxyclient_address=folsom-proj01.vitola.net.br vncserver_listen=0.0.0.0 # NETWORK network_manager=nova.network.manager.FlatDHCPManager force_dhcp_release=True dhcpbridge_flagfile=/etc/nova/nova.conf #firewall_driver=nova.virt.firewall.IptablesFirewallDriver my_ip=192.168.0.100 public_interface=br100 vlan_interface=eth1 flat_network_bridge=br100 flat_interface=eth1 flat_injected=True fixed_range=192.168.100.0/24 compute_driver=libvirt.LibvirtDriver # Cinder # volume_api_class=nova.volume.cinder.API osapi_volume_listen_port=5900
/etc/nova/nova-compute.conf
[DEFAULT] libvirt_type=kvm
Criar as tabelas no banco de dados e reiniciar os serviços
nova-manage db sync cd /etc/init.d/; for i in $(ls nova-*); do service $i restart; done