반응형
OpenStack 발표자료 (From Kubernetes to OpenStack)
반응형
'OpenStack'에 해당되는 글 13건
- 2018.02.25 From Kubernetes to OpenStack in Sydney, 2017
- 2017.07.18 음성인식으로 OpenStack 을 Kubernetes에 배포하기
- 2017.07.18 Kubernetes and OpenStack-Helm
- 2017.03.15 OpenStack Contribution 설정
- 2016.09.13 OpenStack Prompt 사용
- 2014.09.30 Flow chart of iptables
- 2014.06.12 Icehouse package install
- 2014.05.20 OpenStack Live Migrateion 준비 사항
- 2013.10.18 DevStack install (Neutron Network) 1
- 2013.04.16 Grizzly 설치 매뉴얼
반응형
반응형
반응형
## OpenStack Foundation 사용자 등록
## launchpad 에 사용자 등록 (OpenStack Foundation email 과 동일해야 함)
https://launchpad.net/~seungkyua
## review 사이트에 사용자 등록
## review 사이트에서 필요한 정보 등록
1. Profile 메뉴에서 Username 등록
2. Contact Information 에서 아래 처럼 날짜 업데이트 되었는지 확인 (안되어 있으면 정보 입력)
Contact information last updated on May 25, 2015 at 12:51 PM.
3. SSH Public Keys 등록
$ cat ~/.ssh/id_rsa.pub
4. Agreements 서명
[ stackalytics 에 추가 ]
$ mkdir -p ~/Documents/git && cd ~/Documents/git
$ git clone ssh://seungkyu@review.openstack.org:29418/openstack/stackalytics
$ cd stackalytics
## git 및 git-review 설치
$ brew install git git-review
## 환경 설정 (gitreview.username 은 review 사이트의 Profile Username 임)
$ git config --add gitreview.username "seungkyu"
git config --add user.name "Seungkyu Ahn"
git config --add user.email "seungkyua@gmail.com"
## 접속 테스트 및 commit-msg hook 다운로드
$ git review -s
## 개인 추가 (launchpad_id 의 abc 순), end_date: null 은 하나 밖에 못씀
## launchpad_id 만 필수, 나머지 id 는 옵션
$ git checkout -b seungkyua
$ vi etc/default_data.json
{
"launchpad_id": "seungkyua",
"gerrit_id": "seungkyu",
"github_id": "seungkyua",
"companies": [
{
"company_name": "Samsung SDS",
"end_date": "2015-Feb-28"
},
{
"company_name": "OpenStack Korea User Group",
"end_date": "2016-Dec-31"
},
{
"company_name": "SK telecom",
"end_date": null
}
],
"user_name": "Seungkyu Ahn",
"emails": ["ahnsk@sk.com", "seungkyua@gmail.com"]
},
## companies 항목에 회사명이 없을 때는 추가해야 함
25785 {
25786 "domains": ["sktelecom.com"],
25787 "company_name": "SK telecom",
25788 "aliases": ["SKT", "SKTelecom"]
25789 },
$ git commit -a
## commit message 는 아래와 같이
modify personal info about seungkyua
## commit message 작성법
첫번째 라인은 50자 이내로 간단히 요약을 쓴다.
[공백라인]
설명을 적되 라인은 72자가 넘어가면 다음 라인에 쓴다.
## review 올리기
$ git review
## git review 시 Change-Id 세팅 에러가 나면 화면 에러 대로 수행
$ gitdir=$(git rev-parse --git-dir); scp -p -P 29418 seungkyu@review.openstack.org:hooks/commit-msg ${gitdir}/hooks/
$ git commit --amend
$ git review
## 확인
반응형
반응형
## OpenStack CLI 를 사용할 때 현재 어떤 프로젝트와 사용자인지를 알려주는 Prompt 만들기
## 오픈스택 사용자를 위한 프롬프트 설정 (project:user) 로 표시됨
$ vi ~/.bashrc
openstack_user() {
env | grep -E 'OS_USERNAME|OS_PROJECT_NAME' 2> /dev/null | sed -e 's/OS_PROJECT_NAME=\(.*\)/(\1/' -e 's/OS_USERNAME=\(.*\)/\1)/' | paste -sd ":"
}
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]$(openstack_user)\$ '
$ . demo/demo-openrc
(demo:demo)$ openstack server list
반응형
반응형
1. Network A -> Network A
PREROUTING(nat:dnat) -> INPUT(filter) -> OUTPUT(nat:dnat) -> OUTPUT(filter) ->POSTROUTING(nat:snat)
2. Network A -> Network B
PREROUTING(nat:dnat) -> FORWARD(filter) -> POSTROUTING(nat:snat)
3. Nova Instance 생성 후 iptables nat
PREROUTING ACCEPT
nova-network-PREROUTING
-> VM DNAT 변환
nova-compute-PREROUTING
nova-api-metadat-PREROUTING
INPUT ACCEPT
OUTPUT ACCEPT
nova-network-OUTPUT
-> VM DNAT 변환
nova-compute-OUTPUT
nova-api-metadat-OUTPUT
POSTROUTING ACCEPT
nova-network-POSTROUTING
nova-compute-POSTROUTING
nova-api-metadat-POSTROUTING
nova-postrouting-bottom
nova-network-snat
nova-network-float-snat
-> VM SNAT 변환
-> Host SNAT 변환
nova-compute-snat
nova-compute-float-snat
nova-api-metadat-snat
nova-api-metadat-float-snat
4. Nova Instance 생성 후 iptables filter
INPUT ACCEPT
nova-compute-INPUT
nova-network-INPUT
- dhcp 열기 (bridge 단위)
nova-api-metadat-INPUT
- nova metadata api 포트 8775 승인
FORWARD ACCEPT
nova-filter-top
nova-compute-local
- nova-compute-inst-732 (인스턴스별 생성)
nova-compute-provider
- Secutiry rules 입력
nova-compute-sg-fallback
- 모든 패킷 drop
nova-network-local
nova-api-metadat-local
nova-compute-FORWARD
nova-network-FORWARD
- bridge 별 in/out 패킷 승인
nova-api-metadat-FORWARD
OUTPUT ACCEPT
nova-filter-top
nova-compute-local
- nova-compute-inst-732 (인스턴스별 생성)
nova-compute-provider
- Secutiry rules 입력
nova-compute-sg-fallback
- 모든 패킷 drop
nova-network-local
nova-api-metadat-local
nova-compute-OUTPUT
nova-network-OUTPUT
nova-api-metadat-OUTPUT
반응형
반응형
[ Controller Install ]
1. controller node install (nova, mysql, rabbitmq keystone, glance, cinder, horizon)
$ sudo apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient
$ sudo apt-get install mysql-server-5.5
$ sudo apt-get install rabbitmq-server
$ sudo apt-get install keystone python-keystoneclient
$ sudo apt-get install glance python-glanceclient
$ sudo apt-get install cinder-api cinder-scheduler cinder-volume
$ apt-get install apache2 memcached libapache2-mod-wsgi openstack-dashboard
2. database configuration (nova, glance, cinder, keystone)
$ sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
$ sudo vi /etc/mysql/my.cnf
[mysqld]
# 추가
skip-host-cache
skip-name-resolve
$ sudo service mysql restart
$ mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
sudo vi /etc/hosts.allow
ALL:192.168.0.0/255.255.0.0
mysqld:ALL
3. keystone setting
$ sudo rm /var/lib/keystone/keystone.db
$ sudo vi /etc/keystone/keystone.conf
connection = mysql://keystone:KEYSTONE_DBPASS@localhost/keystone
token_format = UUID
$ sudo keystone-manage db_sync
$ sudo service keystone restart
$ vi keystone_basic.sh
#!/bin/sh
#
# Keystone basic configuration
# Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh
# Modified by Bilel Msekni / Institut Telecom
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
HOST_IP=192.168.75.131
ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}
export SERVICE_TOKEN="ADMIN"
export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
# The Member role is used by Horizon and Swift
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
QUANTUM_USER=$(get_id keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
CINDER_USER=$(get_id keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
$ vi keystone_endpoints_basic.sh
#!/bin/sh
#
# Keystone basic Endpoints
# Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh
# Modified by Bilel Msekni / Institut Telecom
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
# Host address
HOST_IP=192.168.75.131
EXT_HOST_IP=192.168.75.131
VOLUME_HOST_IP=192.168.75.131
VOLUME_EXT_HOST_IP=192.168.75.131
NETWORK_HOST_IP=192.168.75.131
NETWORK_EXT_HOST_IP=192.168.75.131
# MySQL definitions
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=$HOST_IP
MYSQL_PASSWORD=KEYSTONE_DBPASS
# Keystone definitions
KEYSTONE_REGION=RegionOne
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"
while getopts "u:D:p:m:K:R:E:T:vh" opt; do
case $opt in
u)
MYSQL_USER=$OPTARG
;;
D)
MYSQL_DATABASE=$OPTARG
;;
p)
MYSQL_PASSWORD=$OPTARG
;;
m)
MYSQL_HOST=$OPTARG
;;
K)
MASTER=$OPTARG
;;
R)
KEYSTONE_REGION=$OPTARG
;;
E)
export SERVICE_ENDPOINT=$OPTARG
;;
T)
export SERVICE_TOKEN=$OPTARG
;;
v)
set -x
;;
h)
cat <<EOF
Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password]
[-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ]
[ -T keystone_token ]
Add -v for verbose mode, -h to display this message.
EOF
exit 0
;;
\?)
echo "Unknown option -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument" >&2
exit 1
;;
esac
done
if [ -z "$KEYSTONE_REGION" ]; then
echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_TOKEN" ]; then
echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_ENDPOINT" ]; then
echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2
missing_args="true"
fi
if [ -z "$MYSQL_PASSWORD" ]; then
echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2
missing_args="true"
fi
if [ -n "$missing_args" ]; then
exit 1
fi
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
keystone service-create --name quantum --type network --description 'OpenStack Networking service'
create_endpoint () {
case $1 in
compute)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s'
;;
volume)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$VOLUME_EXT_HOST_IP"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$VOLUME_HOST_IP"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$VOLUME_HOST_IP"':8776/v1/$(tenant_id)s'
;;
image)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':9292/v2' --adminurl 'http://'"$HOST_IP"':9292/v2' --internalurl 'http://'"$HOST_IP"':9292/v2'
;;
identity)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':5000/v2.0' --adminurl 'http://'"$HOST_IP"':35357/v2.0' --internalurl 'http://'"$HOST_IP"':5000/v2.0'
;;
ec2)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8773/services/Cloud' --adminurl 'http://'"$HOST_IP"':8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud'
;;
network)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$NETWORK_EXT_HOST_IP"':9696/' --adminurl 'http://'"$NETWORK_HOST_IP"':9696/' --internalurl 'http://'"$NETWORK_HOST_IP"':9696/'
;;
esac
}
for i in compute volume image object-store identity ec2 network; do
id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1
create_endpoint $i $id
done
$ vi admin.rc
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
export OS_AUTH_URL="http://192.168.75.131:5000/v2.0/"
$ keystone tenant-create --name DEV --enabled true
$ keystone user-create --name dev_admin --tenant 5e795212d0804ad89234d9a1ac30c8ca --pass adminPass --enabled true
$ keystone user-create --name dev_user01 --tenant 5e795212d0804ad89234d9a1ac30c8ca --pass userPass --enabled true
# Admin role 과 dev_admin 을 연결
$ keystone user-role-add --user c207c127ba7c46d2bf18f6c39ac4ff78 --role 19f87df854914a1a903972f70d7d631a --tenant 5e795212d0804ad89234d9a1ac30c8ca
# Member role 과 dev_user01 을 연결
$ keystone user-role-add --user 908c6c5691374d6a95b64fea0e1615ce --role b13ffb470d1040d298e08cf9f5a6003a --tenant 5e795212d0804ad89234d9a1ac30c8ca
$ vi dev_admin.rc
export OS_USERNAME=dev_admin
export OS_PASSWORD=adminPass
export OS_TENANT_NAME=DEV
export OS_AUTH_URL="http://192.168.75.131:5000/v2.0/"
$ vi dev_user.rc
export OS_USERNAME=dev_user01
export OS_PASSWORD=userPass
export OS_TENANT_NAME=DEV
export OS_AUTH_URL="http://192.168.75.131:5000/v2.0/"
4. nova settting
$ sudo vi /etc/nova/nova.conf
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
debug=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
cinder_catalog_info=volume:cinder:adminURL
use_network_dns_servers=True
metadata_host=192.168.75.131
metadata_listen=0.0.0.0
metadata_listen_port=8775
metadata_manager=nova.api.manager.MetadataManager
metadata_port=8775
vncserver_proxyclient_address=192.168.230.131
vncserver_listen=0.0.0.0
vnc_enabled=true
xvpvncproxy_base_url=http://192.168.230.131:6081/console
novncproxy_base_url=http://192.168.230.131:6080/vnc_auto.html
remove_unused_base_images=False
image_create_to_qcow2 = True
api_rate_limit=True
#rpc setting
rpc_backend = rabbit
rabbit_host = 192.168.230.131
#network setting
network_api_class = nova.network.api.API
security_group_api = nova
# Network settings
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
network_manager=nova.network.manager.VlanManager
network_api_class=nova.network.api.API
dhcp_lease_time=600
vlan_start=1001
fixed_range=10.0.0.0/16
allow_same_net_traffic=False
multi_host=True
send_arp_for_ha=True
#share_dhcp_address=True
force_dhcp_release=True
flat_interface = eth1
public_interface=eth0
#auth setting
use_deprecated_auth = false
auth_strategy = keystone
#image setting
glance_api_services = 192.168.75.131:9292
image_service = nova.image.glance.GlanceImageService
glance_host = 192.168.230.131
[database]
connection = mysql://nova:NOVA_DBPASS@localhost/nova
[keystone_authtoken]
auth_uri = http://192.168.75.131:5000
auth_host = 192.168.75.131
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin_pass
$ sudo nova-manage db sync
$ sudo service nova-api restart
$ sudo service nova-cert restart
$ sudo service nova-consoleauth restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service nova-novncproxy restart
5. glance setting
$ sudo vi /etc/glance/glance-api.conf
# 아래 코멘트 처리
qpid, swift_store, s3_store, sheepdog_store
rabbit_host = 192.168.230.131
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
rabbit_durable_queues = False
[database]
connection = mysql://glance:GLANCE_DBPASS@192.168.230.131/glance
[keystone_authtoken]
auth_uri = http://192.168.75.131:5000
auth_host = 192.168.75.131
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin_pass
[paste_deploy]
flavor=keystone
$ sudo vi /etc/glance/glance-registry.conf
[database]
connection = mysql://glance:GLANCE_DBPASS@192.168.230.131/glance
[keystone_authtoken]
auth_uri = http://192.168.75.131:5000
auth_host = 192.168.75.131
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin_pass
[paste_deploy]
flavor=keystone
$ mysql -u root -p
mysql> use glance;
mysql> alter table migrate_version convert to character set utf8 collate utf8_unicode_ci;
mysql> flush privileges;
$ sudo glance-manage db_sync
$ sudo service glance-api restart
$ sudo service glance-registry restart
$ glance image-create --name ubuntu-14.04-cloudimg --disk-format qcow2 --container-format bare --owner e07a35f02d9e4281b8336d9112faed51 --file ubuntu-14.04-server-cloudimg-amd64-disk1.img --is-public True --progress
$ wget --no-check-certificate https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
$ glance image-create --name cirros-0.3.0 --disk-format qcow2 --container-format bare --owner e07a35f02d9e4281b8336d9112faed51 --file cirros-0.3.0-x86_64-disk.img --is-public True --progress
6. cinder setting
$ sudo cinder-manage db sync
$ sudo vi /etc/cinder/cinder.conf
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-sfpoc-%s
volume_group = cinder-volumes
verbose = True
debug=True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
default_availability_zone=LH_ZONE
storage_availability_zone=LH_ZONE
rpc_backend = cinder.openstack.common.rpc.impl_kombu
rabbit_host = 192.168.75.131
rabbit_port = 5672
glance_host=192.168.230.131
glance_port=9292
glance_api_servers=$glance_host:$glance_port
default_volume_type=LOW_END
# multi backend
enabled_backends=LEFTHAND,SOLIDFIRE
[LEFTHAND]
volume_name_template = volume-sfpoc-%s
volume_group = cinder-volumes
volume_driver=cinder.volume.drivers.san.hp.hp_lefthand_iscsi.HPLeftHandISCSIDriver
volume_backend_name=ISCSI_LH
san_ip=192.168.230.141
san_login=admin
san_password=admin_pass
san_clustername=CLUSTER-LEFTHAND
san_ssh_port=16022
[SOLIDFIRE]
volume_name_template = volume-sfpoc-%s
volume_group = cinder-volumes
verbose = True
volume_driver=cinder.volume.drivers.solidfire.SolidFireDriver
volume_backend_name=ISCSI_SF
san_ip=192.168.230.151
san_login=admin
san_password=admin_pass
[database]
connection=mysql://cinder:cinderPass@192.168.75.131/cinder
[keystone_authtoken]
auth_uri = http://192.168.75.131:5000
auth_host = 192.168.75.131
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin_pass
$ sudo cinder-manage db sync
$ sudo service cinder-api restart
$ sudo service cinder-volume restart
$ sudo service cinder-scheduler restart
7. LeftHand Cluster 정보 보기
$ ssh -p 16022 user@192.168.230.140
CLIQ> getclusterinfo searchdepth=1 verbose=0
CLIQ> getserverinfo servername=ubuntu
CLIQ> getvolumeinfo volumename=volume-sfpoc-9d36737a-d332-4613-bce2-32465904a6fc
8. multi backend 세팅
$ cinder type-create LOW_END
$ cinder type-key LOW_END set volume_backend_name=ISCSI_LH
$ cinder type-create HIGH_END
$ cinder type-key HIGH_END set volume_backend_name=ISCSI_SF
# 1G High-end 볼륨 생성
$ cinder create --display-name high-test-01 --volume-type HIGH_END 1
9. backend qos 세팅
$ cinder type-create IOPS_3000
$ cinder type-key IOPS_3000 set volume_backend_name=ISCSI_SF
$ cinder qos-create QOS_IOPS_3000 consumer="back-end" minIOPS=3000 maxIOPS=3000 burstIOPS=3000
$ cinder qos-associate 1e9694b8-eca4-4ce7-b476-d1637535aaa2 9c241c66-30fd-442b-b7a1-79b4f1892919
$ cinder qos-get-association 1e9694b8-eca4-4ce7-b476-d1637535aaa2
[ Compute Node Install ]
1. compute node install (nova-compute, nova-network, nova-api-metadata)
$ sudo apt-get install nova-compute-kvm nova-network nova-api-metadata
[ 기본 설정 ]
1. network setting
$ nova network-create --fixed-range-v4 10.0.0.0/24 --vlan 1001 --gateway 10.0.0.1 --bridge br1001 --bridge-interface eth0 --multi-host T --dns1 8.8.8.8 --dns2 8.8.4.4 --project-id 5e795212d0804ad89234d9a1ac30c8ca dev_network
2. fixed ip reserve
$ nova fixed-ip-reserve 10.0.0.3
$ nova fixed-ip-reserve 10.0.0.4
$ nova fixed-ip-reserve 10.0.0.5
3. floating ip create
$ nova floating-ip-bulk-create 192.168.75.128/25 --interface eth0
4. secgroup 생성
$ nova secgroup-create connect 'icmp and ssh'
$ nova secgroup-add-rule connect icmp -1 -1 0.0.0.0/0
$ nova secgroup-add-rule connect tcp 22 22 0.0.0.0/0
5. keypair 생성
$ nova keypair-add stephen >> stephen.pem
6. pem 파일을 다른 호스트에 복사
$ scp -P 22 dev_admin.pem stack@192.168.230.132:~/creds/.
$ chmod 600 dev_admin.pem
7. nova.conf 를 다른 멀티호스트에 복사
$ for i in `seq 132 134`; do scp nova.conf stack@192.168.230.$i:~/creds/.; done
8. zone 설정
$ nova aggregate-create POC LH_ZONE
$ nova aggregate-add-host POC ubuntu
9. VM 생성
$ nova boot test01 --flavor 1 --image 4399bba0-17a4-43ef-8fdd-4edd9c2afe74 --key_name dev_admin --security_group connect
# boot on volume 및 attach volume 을 동시에 실행
$ nova boot [name] --flavor [flavorid]
--block-device id=[imageid],source=image,dest=volume,size=10,bootindex=0,shutdown=remove
--block-device id=[volumeid],source=volume,dest=volume,size=100,bootindex=1
10. VM 접속
$ ssh -i dev_admin.pem cirros@10.0.0.6
$ ssh -i dev_admin.pem ubuntu@10.0.0.6
[ VMware 관련 설정 ]
1. cinder.conf
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = %s
volume_group = cinder-volumes
verbose = True
debug=True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
default_availability_zone=VMWARE_ZONE
storage_availability_zone=VMWARE_ZONE
rpc_backend = cinder.openstack.common.rpc.impl_kombu
rabbit_host = 192.168.75.131
rabbit_port = 5672
glance_host=192.168.75.131
glance_port=9292
glance_api_servers=$glance_host:$glance_port
default_volume_type=VMWARE_TYPE
# multi backend
enabled_backends=VMWARE_DRIVER
[VMWARE_DRIVER]
volume_driver = cinder.volume.drivers.vmware.vmdk.VMwareEsxVmdkDriver
volume_backend_name=VMWARE
vmware_host_ip = 192.168.75.131
vmware_host_password = VMWARE_PASSWORD
vmware_host_username = root
[database]
connection=mysql://cinder:cinderPass@192.168.75.131/cinder
[keystone_authtoken]
auth_uri = http://192.168.75.131:5000
auth_host = 192.168.75.131
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin_pass
2. multi backend 세팅
$ cinder type-create VMWARE_TYPE
$ cinder type-key VMWARE_TYPE set volume_backend_name=VMWARE
# 1G High-end 볼륨 생성
$ cinder create --display-name test-01 --volume-type VMWARE_TYPE 1
3. nova.conf
$ sudo vi /etc/nova/nova.conf
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
# libvirt_use_virtio_for_bridges=True
# connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
debug=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
cinder_catalog_info=volume:cinder:adminURL
use_network_dns_servers=True
metadata_host=192.168.75.131
metadata_listen=0.0.0.0
metadata_listen_port=8775
metadata_manager=nova.api.manager.MetadataManager
metadata_port=8775
vncserver_proxyclient_address=192.168.230.131
vncserver_listen=0.0.0.0
vnc_enabled=true
xvpvncproxy_base_url=http://192.168.230.131:6081/console
novncproxy_base_url=http://192.168.230.131:6080/vnc_auto.html
compute_driver = vmwareapi.VMwareVCDriver
remove_unused_base_images=False
image_create_to_qcow2 = True
api_rate_limit=True
#rpc setting
rpc_backend = rabbit
rabbit_host = 192.168.230.131
#network setting
network_api_class = nova.network.api.API
security_group_api = nova
# Network settings
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
network_manager=nova.network.manager.VlanManager
network_api_class=nova.network.api.API
dhcp_lease_time=600
vlan_start=1001
fixed_range=10.0.0.0/16
allow_same_net_traffic=False
multi_host=True
send_arp_for_ha=True
#share_dhcp_address=True
force_dhcp_release=True
flat_interface = eth0
public_interface=eth0
#auth setting
use_deprecated_auth = false
auth_strategy = keystone
#image setting
glance_api_services = 192.168.75.131:9292
image_service = nova.image.glance.GlanceImageService
glance_host = 192.168.230.131
[vmware]
host_ip = 192.168.75.131
host_username = root
host_password = VMWARE_PASSWORD
cluster_name = cluster1
use_linked_clone = False
[database]
connection = mysql://nova:NOVA_DBPASS@localhost/nova
[keystone_authtoken]
auth_uri = http://192.168.75.131:5000
auth_host = 192.168.75.131
auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin_pass
4. nova-compute.conf
#[DEFAULT]
#compute_driver=libvirt.LibvirtDriver
#[libvirt]
#virt_type=kvm
5. zone 설정
$ nova aggregate-create VMWARE VMWARE_ZONE
$ nova aggregate-add-host VMWARE controller
6. image 등록
[ slitaz linux ]
$ wget http://partnerweb.vmware.com/programs/vmdkimage/trend-tinyvm1-flat.vmdk
$ glance image-create --name [vmware]trend-static-thin --file trend-tinyvm1-flat.vmdk --is-public=True --container-format=bare --disk-format=vmdk --property vmware_disktype="thin" --property vmware_adaptertype="ide"
[ slitaz linux 접속 및 dhcp 변경]
vmware / vmware 접속 후 root 권한 획득 root / root
# vi /etc/network.conf
DHCP="yes"
STATIC="no"
[ cirros ]
$ wget http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
$ qemu-img convert -f qcow2 -O vmdk cirros-0.3.3-x86_64-disk.img cirros-0.3.3-x86_64-disk.vmdk
$ glance image-create --name [vmware]cirros-0.3.3 --disk-format vmdk --container-format bare --file cirros-0.3.3-x86_64-disk.vmdk --property vmware-disktype="sparse" --property hw_vif_model="VirtualVmxnet" --property vmware_adaptertype="ide" --is-public True --progress
7. vm -> image 저장
1. ESXi 호스트 접속
2. vm위치로 이동
# cd /vmfs/volumes/datastore1/6c516279-c83f-43ec-a8d4-bec540604280
3. thin copy
# vmkfstools -i 6c516279-c83f-43ec-a8d4-bec540604280.vmdk -d thin .
./vmware_temp/trend-tinyvm1-dhcp-thin.vmdk
4. 다른 host 에서 scp 로 가져옴
$ scp root@192.168.75.182:/vmfs/volumes/542cf526-bef9f829-2f02-000c29fef6ec/vmware_temp/trend-tinyvm1-dhcp-thin-flat.vmdk .
8. nova boot
$ nova hypervisor-list
$ nova boot test01 --flavor 1 --image 6d9745dc-0fc9-4802-b21d-329004353406 --key_name stephen --availability-zone "VMWARE_ZONE::domain-c12(cluster1)"
반응형
반응형
1. compute host 간의 libvirt 버전이 동일해야 한다.
2. "libvirtd -d -l" 옵션으로 떠 있어야 한다.
# vi /etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
# vi /etc/init/libvirt-bin.conf
env libvirtd_opts="-d -l"
# vi /etc/default/libvirt-bin
libvirtd_opts=" -d -l"
sudo service libvirt-bin restart
3. nova.conf 의 "send_arp_for_ha" flag가 True로 셋팅되어야 함
# vi /etc/nova/nova.conf
send_arp_for_ha=True
#force_config_drive = always
block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE
반응형
반응형
DevStack 으로 neutron 포함 설치시 방법을 공유합니다.
OS 는 Ubuntu Desktop 12.04 LTS 버전입니다.
* 최신 2014 2월 trunk 버전에서는 nova/virt/libvirt/driver.py 에서 python-libvirt 1.0.2+ 이상만 지원하므로 에러가 발생합니다.
Ubuntu 최신 버전을 설치하세요.
네트워크 세팅은 다음과 같습니다.
[ Single Node or Multi Node 의 경우 Controller Node 와 Compute Node 역활을 함 ]
eth0 : NAT type 192.168.75.136 Public Network
eth1 : Host-only type 192.168.230.136 Private Network
[ Multi Node 의 경우 두번째 추가 Compute Node ]
eth0 : NAT type 192.168.75.137 Public Network
eth1 : Host-only type 192.168.230.137 Private Network
[ User 선택 ]
stack 유저로 생성
[ visudo 세팅 ]
stack ALL=(ALL:ALL) NOPASSWD:ALL
[ vi /etc/network/interfaces ]
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.75.136
netmask 255.255.255.0
gateway 192.168.75.2
dns-nameservers 8.8.8.8 8.8.4.4
auto eth1
iface eth1 inet static
address 192.168.230.136
netmask 255.255.255.0
[ network-manager 제거 ]
sudo apt-get purge network-manager
sudo apt-get autoremove
sudo /etc/init.d/networking restart
[ proxy 사용 -> proxy 세팅 ]
sudo vi /etc/apt/apt.conf
Acquire::http::proxy "http://xx.xx.xx.xx:8080/";
Acquire::https::proxy "https://xx.xx.xx.xx:8080/";
sudo vi /etc/environment
http_proxy="http://xx.xx.xx.xx:8080/"
https_proxy="https://xx.xx.xx.xx:8080/"
no_proxy="ubuntu,localhost,127.0.0.1,192.168.75.136,192.168.230.136"
[ python import 오류 해결 ]
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
[ git 설치 및 user 세팅, proxy 사용 -> proxy 세팅 ]
sudo apt-get -y install git git-review
git config --global user.name "Stephen Ahn"
git config --global user.email "skanddh@gmail.com"
git config --global http.proxy http://xx.xx.xx.xx:8080
git config --global https.proxy https://xx.xx.xx.xx:8080
git config --list
[ remove dmidecode ]
sudo apt-get install libvirt-bin
sudo apt-get purge dmidecode
kill -9 [dmidecode process]
sudo apt-get autoremove
[ delete default virtual bridge ]
root 로 로그인하여 실행
virsh net-destroy default
virsh net-undefine default
[ Proxy 사용 -> curl 세팅 ]
curl 사용을 위해 crt 파일을 복사하고 xxx.cert 파일을 선택
cp xxx.crt /usr/share/ca-certificates/extra
dpkg-reconfigure ca-certificates
[ Proxy 사용 -> ~/.pip/pip.conf 세팅 ]
[global]
cert = /usr/share/ca-certificates/extra/xxx.crt
index-url = http://pypi.gocept.com/simple/
[ DevStack clone ]
git clone https://github.com/openstack-dev/devstack.git
[ vi lib/neutron_plugins/ovs_base ]
gre port 나 patch port 가 생성이 안된다는 q-agt 에러가 발생하면 Kernel 3.5.x-xx-generic 과 openvswitch 1.4.0 호환이 안되는 것이므로 다음과 같이 조치
openvswitch-datapath-dkms 대신 openvswitch-datapath-lts-raring-dkms 를 설치
41 install_package make fakeroot dkms openvswitch-switch openvswitch-datapath-lts-raring-dkms linux-headers-$kernel_version
[ vi localrc ]
# Devstack localrc for Quantum all in one
# default
HOST_IP=192.168.230.136
SERVICE_HOST=192.168.230.136
# Compute 을 여러대 설치
MULTI_HOST=True
# Private subnet
FIXED_RANGE=10.0.0.0/24
# Nova-network service
#enable_service n-net
#FIXED_NETWORK_SIZE=256
#FLOATING_RANGE=192.168.75.192/26
#FLAT_INTERFACE=eth1
#PUBLIC_INTERFACE=eth0
# Neutron External subnet
NETWORK_GATEWAY=10.0.0.1
FLOATING_RANGE=192.168.75.0/24
PUBLIC_NETWORK_GATEWAY=192.168.75.2
Q_FLOATING_ALLOCATION_POOL=start=192.168.75.193,end=192.168.75.254
# Neutron configuration
Q_PLUGIN=ml2
Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,gre,vxlan
Q_ML2_TENANT_NETWORK_TYPE=vxlan
Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS=(vni_ranges=1001:2000)
Q_AGENT_EXTRA_AGENT_OPTS=(tunnel_types=vxlan vxlan_udp_port=8472)
Q_AGENT_EXTRA_SRV_OPTS=(local_ip=$HOST_IP)
#Q_AGENT=openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population
Q_USE_NAMESPACE=True
Q_USE_SECGROUP=True
# Nova service
enable_service n-api
enable_service n-crt
enable_service n-obj
enable_service n-cpu
enable_service n-cond
enable_service n-sch
enable_service n-novnc
enable_service n-cauth
# Cinder service
enable_service cinder
enable_service c-api
enable_service c-vol
enable_service c-sch
enable_service c-bak
# Tempest service
enable_service tempest
# Neutron service
disable_service n-net
enable_service neutron
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service q-lbaas
# Controller Node
Q_HOST=$SERVICE_HOST
# vnc
VNCSERVER_LISTEN=0.0.0.0
VNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP
# logs
DEST=/opt/stack
LOGFILE=$DEST/logs/stack.sh.log
SCREEN_LOGDIR=$DEST/logs/screen
# system password
ADMIN_PASSWORD=패스워드
MYSQL_PASSWORD=패스워드
RABBIT_PASSWORD=패스워드
SERVICE_PASSWORD=패스워드
SERVICE_TOKEN=admin
# Cinder configuration
VOLUME_GROUP="cinder-volumes"
VOLUME_NAME_PREFIX="volume-"
# Heat service
enable_service heat
enable_service h-api
enable_service h-api-cfn
enable_service h-api-cw
enable_service h-eng
# Murano service
enable_service murano
enable_service murano-api
enable_service murano-engine
# Ceilometer service
CEILOMETER_BACKEND=mongo
CEILOMETER_NOTIFICATION_TOPICS=notifications,profiler
enable_service ceilometer
enable_service ceilometer-acompute
enable_service ceilometer-acentral
enable_service ceilometer-collector
enable_service ceilometer-api
enable_service ceilometer-alarm-evaluator
enable_service ceilometer-alarm-notifier
# Swift service
enable_service s-proxy
enable_service s-object
enable_service s-container
enable_service s-account
# Trove service
enable_service trove
enable_service tr-api
enable_service tr-tmgr
enable_service tr-cond
# Images
# Use this image when creating test instances
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
# Use this image when working with Orchestration (Heat)
IMAGE_URLS+=",https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2"
KEYSTONE_CATALOG_BACKEND=sql
API_RATE_LIMIT=False
SWIFT_HASH=testing
SWIFT_REPLICAS=1
VOLUME_BACKING_FILE_SIZE=70000M
#scheduler
SCHEDULER=nova.scheduler.filter_scheduler.FilterScheduler
# A clean install every time
#RECLONE=yes
[ Multi Node Compute 세팅 방법 ]
# vi localrc
HOST_IP=192.168.230.137
SERVICE_HOST=192.168.230.136
# Compute 을 여러대 설치
MULTI_HOST=True
# Neutron configuration
Q_PLUGIN=ml2
Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,gre,vxlan
Q_ML2_TENANT_NETWORK_TYPE=vxlan
Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS=(vni_ranges=1001:2000)
Q_AGENT_EXTRA_AGENT_OPTS=(tunnel_types=vxlan vxlan_udp_port=8472)
Q_AGENT_EXTRA_SRV_OPTS=(local_ip=$HOST_IP)
#Q_AGENT=openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population
Q_USE_NAMESPACE=True
Q_USE_SECGROUP=True
# RabbitMQ, Compute
disable_all_services
enable_service rabbit
enable_service n-cpu
enable_service n-novnc
# Nova-network Service
#enable_service n-net
#FIXED_RANGE=10.0.0.0/24
#FIXED_NETWORK_SIZE=256
#FLOATING_RANGE=192.168.75.192/26
#FLAT_INTERFACE=eth0
#PUBLIC_INTERFACE=eth0
# Neutron L2 Service
enable_service neutron
enable_service q-agt
# Cinder service
enable_service cinder
# Cinder configuration
#enable_service c-vol
#VOLUME_GROUP="cinder-volumes"
#VOLUME_NAME_PREFIX="volume-"
# Controller Node
Q_HOST=$SERVICE_HOST
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
# vnc
VNCSERVER_LISTEN=0.0.0.0
VNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP
# logs
DEST=/opt/stack
LOGFILE=$DEST/logs/stack.sh.log
SCREEN_LOGDIR=$DEST/logs/screen
# system password
MYSQL_PASSWORD=패스워드
RABBIT_PASSWORD=패스워드
# A clean install every time
#RECLONE=yes
# vi /etc/nova/nova.conf 수정
neutron_admin_password = 패스워드
sql_connection = mysql://root:패스워드@192.168.230.136/nova?charset=utf8
# vi /etc/cinder/cinder.conf 수정
sql_connection = mysql://root:패스워드@192.168.230.136/cinder?charset=utf8
my_ip = 192.168.230.137
[ Murano 설치 ]
$ git clone git://git.openstack.org/openstack/murano
$ cd murano/contrib/devstack
$ cp lib/murano ${DEVSTACK_DIR}/lib
$ cp lib/murano-dashboard ${DEVSTACK_DIR}/lib
$ cp extras.d/70-murano.sh ${DEVSTACK_DIR}/extras.d
[ Heat OSprofiler enabled ]
$ echo -e "[profiler]\nprofiler_enabled = True\ntrace_sqlalchemy = True\n" >> /etc/heat/heat.conf
$ heat --profile SECRET_KEY stack-list
# it will print <Trace ID>
$ osprofiler trace show --html <Trace ID>
[ vi localrc ]
git 프로토콜로 다운로드가 안될 경우 http 로 변경
GIT_BASE=http://git.openstack.org
[ devstack 설치 ]
./stack.sh
[ tempest 에러 시 해결 ]
$ wget https://pymox.googlecode.com/files/mox-0.5.3.tar.gz
$ tar xvf mox-0.5.3.tar.gz
$ cd mox-0.5.3
$ sudo python setup.py install
$ vi ~/.pydistutils.cfg
[easy_install]
index_url = http://mirror.dfw.rax.openstack.org/pypi/simple
allow_hosts = *.openstack.org
[ public 연결 세팅 - Neutron ]
br-ex 에 gateway 192.168.75.2 가 추가되어 public ip 통신이 안되므로 삭제
VM과 외부 external 을 연결할려면 add-port 를 수행, 단 이렇게 하면 host 에서 외부연결이 안됨
sudo ip link set up br-int
sudo ip link set up br-tun
sudo ip addr del 192.168.75.2/24 dev br-ex
sudo ovs-vsctl add-port br-ex eth0
#ifconfig br-ex promisc up
[ host 와 인터넷 연결 세팅 - Neutron ]
host 에서 인터넷 연결을 할려면 del-port 를 수행
sudo ovs-vsctl del-port eth0
[ public 연결 세팅 - nova-network ]
eth1 의 host-only 네트워크에 대한 dhcp 를 끈다. 이걸 안끄면 vm 생성 시 내부 ip 가 192.168.230.x 대역을 받음
br100 은 eth1 내부 네트워크와만 연결되어야 하므로 br100 과 eth0 연결을 끊는다.
br100 이 eth0 로 부터 가져온 외부 네트워크 ip 는 eth0 에 돌려준다.
sudo brctl show br100
sudo brctl delif br100 eth0
sudo ip addr del 192.168.75.136/24 dev br100
sudo ip addr add 192.168.75.136/24 dev eth0
[ default gateway 수정 - nova-network ]
sudo route del -net 0.0.0.0/0 gw 192.168.208.2 dev br100
sudo route add -net 0.0.0.0/0 gw 192.168.208.2 dev eth0
[ cinder.conf 수정 - 메세지 호출을 위해서 ]
notification_driver=messagingv2
[ cli 호출 ]
. openrc admin demo
[ 서비스 start ]
screen -c stack-screenrc
[ default sec group rule 추가 ]
openstack security group rule create --proto icmp --src-ip 0.0.0.0/0 --dst-port -1 --ingress 5f7fe4ab-7069-490e-b95d-946a0148e523
openstack security group rule create --proto tcp --src-ip 0.0.0.0/0 --dst-port 1:65535 --ingress 5f7fe4ab-7069-490e-b95d-946a0148e523
[ nova boot ]
nova boot --flavor m1.tiny --image 32dc6f3e-83fc-4b18-ba08-c06a28bdac38 --nic net-id=7fa105b5-fcc7-4ce9-abbe-c49b867bb0b3 --key-name magnum-key --security-groups 6b84dbca-3e20-4ce5-9774-9c3128a2eb5f test-01
sudo ip netns
qrouter-0e8971de-9119-4bed-9c70-288a0ed15581
qdhcp-7fa105b5-fcc7-4ce9-abbe-c49b867bb0b3
[ vi stopnova.sh ]
서비스를 내리기 위해서 shell 작성
#!/bin/bash
rm -rf /opt/stack/status/stack/*
cd /usr/local/bin
for i in $( ls nova-* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls cinder-* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls keystone-* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls glance-* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls heat* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls ceilometer* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls trove* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls neutron* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
for i in $( ls ovs* )
do sudo kill -9 `ps aux | grep -v grep | grep $i | awk '{print $2}'`
done
[ devstack 초기화 ]
./unstack.sh
./stopnova.sh
# 컴파일 소스 초기화
cd /opt/stack
find -name "*.pyc" | xargs rm
# VM 초기화
sudo rm -rf /etc/libvirt/qemu/inst*
sudo virsh list | grep inst | awk '{print $1}' | xargs -n1 virsh destroy
# br-tun 삭제
sudo ip link set dev br-tun down
sudo ovs-vsctl del-br br-tun
# vxlan device 삭제
sudo ip link delete dev vxlan_sys_4789
./clean.sh --all (필요시)
sudo apt-get purge mysql-server (필요시)
sudo apt-get autoremove (필요시)
[ 설치된 패키지 지우기 ]
# cd /usr/local/lib/python2.7/dist-packages
find -depth -maxdepth 1 -name "*swift*" | xargs sudo rm -rf
[ swift 가 실행안되는 오류 해결방안 ]
해당 포트로 떠 있는 프로세스를 찾아 죽인다.
netstat -apn | grep 6011
netstat -apn | grep 6012
netstat -apn | grep 6013 swift object server
[ cinder volume 없을 경우 새로 생성 ]
$ cd /opt/stack/data
$ sudo losetup -a
$ file /opt/stack/data/cinder-volumes-lvmdriver-1-backing-file
$ dd if=/dev/zero of=cinder-volumes-lvmdriver-1-backing-file bs=1 count=0 seek=10G ( 원하는 용량)
$ sudo losetup /dev/loop2 cinder-volumes-lvmdriver-1-backing-file
$ sudo fdisk /dev/loop2
#Type in the followings:
n
p
1
ENTER
ENTER
t
8e
w
$ sudo pvcreate /dev/loop2
$ vgcreate cinder-volumes-lvmdriver-1 /dev/loop2
[ br-tun, br-ex, br-int 가 ip a 로 안보일 때 ]
openvswitch restart 시킴
$ sudo service openvswitch-switch restart
[ Glance Image 가 DB 에는 보이나 file 이 Upload 되지 않았을 때 ]
$ sudo losetup -a
/dev/loop0: [2049]:1733858 (/opt/stack/data/swift/drives/images/swift.img)
/dev/loop1: [2049]:1733859 (/opt/stack/data/cinder-volumes-default-backing-file)
/dev/loop2: [2049]:1733860 (/opt/stack/data/cinder-volumes-lvmdriver-1-backing-file)
# swift 스토리지 마운트
$ sudo mount -t xfs -o loop,noatime,nodiratime,nobarrier,logbufs=8 /opt/stack/data/swift/drives/images/swift.img /opt/stack/data/swift/drives/sdb1
$ sudo losetup /dev/loop1 /opt/stack/data/cinder-volumes-default-backing-file
$ sudo losetup /dev/loop2 /opt/stack/data/cinder-volumes-lvmdriver-1-backing-file
# swift 스토리지 생성
$ mkfs.xfs -f -i size=1024 /opt/stack/data/swift/drives/images/swift.img
# image 가 없으면 image 업로드
$ . openrc
$ ./tools/upload_image.sh http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz
[ 서버가 뜰 때 자동으로 cinder-volume, swift 자동으로 연결하기 ]
$ sudo vi /etc/init.d/init-devstack
#! /bin/sh
### BEGIN INIT INFO
# Provides: init-devstack
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Execute bind storage.
# Description:
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
case "$1" in
start)
losetup /dev/loop1 /opt/stack/data/cinder-volumes-backing-file
mount -t xfs -o loop,noatime,nodiratime,nobarrier,logbufs=8 /opt/stack/data/swift/drives/images/swift.img /opt/stack/data/swift/drives/sdb1
;;
restart|reload|force-reload)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
stop)
echo "Error: argument '$1' not supported" >&2
exit 3
;;
*)
echo "Usage: $0 start" >&2
exit 3
;;
esac
$ sudo update-rc.d init-devstack defaults
[ nova-compute LOG 를 파일로 떨어뜨리고 싶을 때 ]
cd /opt/stack/nova && nohup /usr/local/bin/nova-compute > /opt/stack/logs/screen/nova-compute.log 2>&1 &
[ Ubuntu Server 14.04 Image Upload ]
이름 : Ubuntu Server 14.04 64-bit
경로 : http://uec-images.ubuntu.com/releases/14.04.2/14.04.2/ubuntu-14.04-server-cloudimg-amd64-disk1.img
포맷 : QCOW2 - QEMU Emulator
최소 디스크 : 5
최소 RAM : 1024
$ ./tools/upload_image.sh http://uec-images.ubuntu.com/releases/14.04.2/14.04.2/ubuntu-14.04-server-cloudimg-amd64-disk1.img
$ glance image-update --min-disk 5 --min-ram 1024 5f1949a1-60da-475d-83a3-a4f49be35d77
아래 사이트 이미지 참고
http://cloud-images.ubuntu.com/lucid/current/lucid-server-cloudimg-amd64-disk1.img (Ubuntu Server 10.04 64-bit)
https://help.ubuntu.com/community/UEC/Images
http://uec-images.ubuntu.com/releases/
[ Source Contribution 방법 ]
# clone a project
git clone git://github.com/openstack/nova.git
# port 확인 (브라우저에서 확인)
https://review.openstack.org/ssh_info
# Testing Gerrit Connections
ssh -p 29418 StephenAhn@review.openstack.org
# Setting username
git config --global --add gitreview.username "StephenAhn"
# 단축 경로 저장
vi ~/.ssh/config
Host review
Hostname review.openstack.org
Port 29418
User StephenAhn
# gerrit remote 확인
git review -s
# gerrit remote 확인 시 에러나면 remote 추가
git remote add gerrit ssh://StephenAhn@review.openstack.org:29418/openstack/nova.git
# 최신 소스로 다운받기
git remote update
git checkout master
git pull --ff-only origin master
# blueprint 채널 생성
git checkout -b bp/local-storage-volume-scheduling
# .mailmap 에 본인 email 추가
vi .mailmap
<skanddh@gmail.com> <seungkyu.ahn@samsung.com>
# commit message 입력
git commit --amend
첫번째 라인은 50자 이내로 간단히 요약을 쓴다.
[공백라인]
설명을 적되 라인은 72자가 넘어가면 다음 라인에 쓴다.
.....
Implements: blueprint local-storage-volume-scheduling
Change-Id 는 자동으로 지정되므로 적지 않는다.
# git review 등록 (샘플 이외에 셋 중 아무거나 쓰면 됨)
# 샘플 양식
git push ssh://StephenAhn@review.openstack.org:29418/<Project Name> HEAD:refs/for/<Branch Name>
git push ssh://StephenAhn@review.openstack.org:29418/openstack/cinder HEAD:refs/for/bp/local-storage-volume-scheduling
git push review:openstack/cinder HEAD:refs/for/bp/local-storage-volume-scheduling
git review
# 아래 두 명령어가 같은 내용임
ssh -p 29418 review.openstack.org gerrit ls-projects
ssh review gerrit ls-projects
[ unittest 수행 ]
sudo apt-get install python-dev libssl-dev python-pip git-core libmysqlclient-dev libpq-dev
sudo apt-get install libxml2-dev libxslt-dev libvirt-dev
sudo apt-get install python-virtualenv testrepository
[ nova unit test ]
cd /opt/stack/nova
./run_tests.sh
# pep8 코딩 표준 테스트
./run_tests.sh -p
# netaddr>=0.7.6 에서 에러 발생 시
$ source .venv/bin/activate
$ wget https://github.com/downloads/drkjam/netaddr/netaddr-0.7.9.zip
$ unzip netaddr-0.7.9.zip
$ cd netaddr-0.7.9
$ python setup.py install
# ubuntu 12.04 에서 libvirt-python 1.2.5 설치 시 에러
ubuntu 12.04 에서는 libvirt 0.9.8 이 기본이므로 libvirt 1.2.0 으로 업그레이드 해야함
$ sudo apt-get update
$ sudo apt-get -y install \
gcc \
make \
pkg-config \
libxml2-dev \
libgnutls-dev \
libdevmapper-dev \
libcurl4-gnutls-dev \
python-dev \
libpciaccess-dev \
libxen-dev \
libyajl-dev \
libnl-dev
$ sudo mkdir -p /opt/libvirt
$ sudo chmod 00755 /opt/libvirt
$ sudo chown root:root /opt/libvirt
$ sudo chmod a+w /opt/libvirt
$ cd /opt/libvirt
$ wget http://libvirt.org/sources/libvirt-1.2.0.tar.gz
$ tar xzvf libvirt-1.2.0.tar.gz
$ mv libvirt-1.2.0 libvirt
$ cd libvirt
$ ./configure \
--prefix=/usr \
--localstatedir=/var \
--sysconfdir=/etc \
--with-esx=yes \
--with-xen=yes
$ make -j
$ sudo make install
$ ./run_tests.sh
[ 단위 모듈로 테스트 하기 ]
To run the tests in the cinder/tests/scheduler directory:
$ ./run_tests.sh scheduler
To run the tests in the cinder/tests/test_libvirt.py file:
$ ./run_tests.sh test_libvirt
To run the tests in the HostStateTestCase class in cinder/tests/test_libvirt.py:
$ ./run_tests.sh test_libvirt.HostStateTestCase
To run the ToPrimitiveTestCase.test_dict test method in cinder/tests/test_utils.py:
$ ./run_tests.sh test_utils.ToPrimitiveTestCase.test_dict
[ tempest 테스트 ]
# 옛날 방식
$ cd /opt/stack/tempest
$ nosetests tempest/scenario/test_network_basic_ops.py
# 최신 방식
$ cd /opt/stack/tempest
$ ostestr 혹은 testr
$ git clone https://github.com/openstack/tempest/
$ pip install tempest/
$ cd tempest
$ tempest init cloud-01
$ cd cloud-01
$ cp -r /opt/stack/tempest/etc/ .
$ ../run_tempest.sh -C etc/tempest.conf
# tempest.conf
[DEFAULT]
debug = True
log_file = tempest.log
use_stderr = False
use_syslog = False
[oslo_concurrency]
lock_path = /opt/stack/data/tempest
[compute]
fixed_network_name = private
ssh_connect_method = floating
flavor_ref_alt = 84
flavor_ref = 42
image_alt_ssh_user = cirros
image_ref_alt = 8bbeeb3d-fea4-43ee-8c27-5b1015693590
image_ref = 8bbeeb3d-fea4-43ee-8c27-5b1015693590
ssh_user = cirros
build_timeout = 196
[volume]
build_timeout = 196
[identity]
auth_version = v2
uri_v3 = http://192.168.230.161:5000/v3
uri = http://192.168.230.161:5000/v2.0/
[auth]
use_dynamic_credentials = True
tempest_roles = Member
admin_domain_name = Default
admin_tenant_id = b96b0deb693842b2a09a0d91832e41ea
admin_tenant_name = admin
admin_password = imsi00
admin_username = admin
[image-feature-enabled]
deactivate_image = True
[validation]
network_for_ssh = private
image_ssh_user = cirros
ssh_timeout = 196
ip_version_for_ssh = 4
run_validation = False
connect_method = floating
[compute-feature-enabled]
allow_duplicate_networks = True
attach_encrypted_volume = True
live_migrate_paused_instances = True
preserve_ports = True
api_extensions = all
block_migration_for_live_migration = False
change_password = False
live_migration = False
resize = True
max_microversion = latest
[network]
default_network = 10.0.0.0/24
public_router_id =
public_network_id = 9353aab8-5f65-4daa-8c30-d90b588ec36d
tenant_networks_reachable = false
api_version = 2.0
[network-feature-enabled]
api_extensions = all
ipv6_subnet_attributes = True
ipv6 = True
[orchestration]
stack_owner_role = _member_
build_timeout = 900
instance_type = m1.heat
[scenario]
large_ops_number = 0
img_file = cirros-0.3.4-x86_64-disk.img
aki_img_file = cirros-0.3.4-x86_64-vmlinuz
ari_img_file = cirros-0.3.4-x86_64-initrd
ami_img_file = cirros-0.3.4-x86_64-blank.img
img_dir = /home/stack/Documents/github/devstack/files/images/cirros-0.3.4-x86_64-uec
[telemetry-feature-enabled]
events = True
[object-storage-feature-enabled]
discoverable_apis = all
[volume-feature-enabled]
api_extensions = all
volume_services = True
incremental_backup_force = True
[dashboard]
dashboard_url = http://192.168.230.161/
[cli]
cli_dir = /usr/local/bin
[service_available]
trove = True
ironic = False
sahara = False
horizon = True
ceilometer = True
heat = True
swift = True
cinder = True
neutron = True
nova = True
glance = True
key = True
[ 최신 버전으로 설치 ]
# devstack 최신소스 다운로드
$ cd Git/devstack
$ git pull --ff-only origin master
# OpenStack 최신소스 다운로드
$ vi git_update.sh
#! /bin/bash
cd /opt/stack/ceilometer/
git checkout master
git pull origin master
cd /opt/stack/cinder/
git checkout master
git pull origin master
cd /opt/stack/cliff/
git checkout master
git pull origin master
cd /opt/stack/data/
git checkout master
git pull origin master
cd /opt/stack/glance/
git checkout master
git pull origin master
cd /opt/stack/heat/
git checkout master
git pull origin master
cd /opt/stack/horizon/
git checkout master
git pull origin master
cd /opt/stack/keystone/
git checkout master
git pull origin master
cd /opt/stack/logs/
git checkout master
git pull origin master
cd /opt/stack/neutron/
git checkout master
git pull origin master
cd /opt/stack/nova/
git checkout master
git pull origin master
cd /opt/stack/noVNC/
git checkout master
git pull origin master
cd /opt/stack/oslo.config/
git checkout master
git pull origin master
cd /opt/stack/oslo.messaging/
git checkout master
git pull origin master
cd /opt/stack/oslo.rootwrap/
git checkout master
git pull origin master
cd /opt/stack/oslo.vmware/
git checkout master
git pull origin master
cd /opt/stack/pbr/
git checkout master
git pull origin master
cd /opt/stack/pycadf/
git checkout master
git pull origin master
cd /opt/stack/python-ceilometerclient/
git checkout master
git pull origin master
cd /opt/stack/python-cinderclient/
git checkout master
git pull origin master
cd /opt/stack/python-glanceclient/
git checkout master
git pull origin master
cd /opt/stack/python-heatclient/
git checkout master
git pull origin master
cd /opt/stack/python-keystoneclient/
git checkout master
git pull origin master
cd /opt/stack/python-neutronclient/
git checkout master
git pull origin master
cd /opt/stack/python-novaclient/
git checkout master
git pull origin master
cd /opt/stack/python-openstackclient/
git checkout master
git pull origin master
cd /opt/stack/python-swiftclient/
git checkout master
git pull origin master
cd /opt/stack/requirements/
git checkout master
git pull origin master
cd /opt/stack/stevedore/
git checkout master
git pull origin master
cd /opt/stack/swift/
git checkout master
git pull origin master
cd /opt/stack/taskflow/
git checkout master
git pull origin master
cd /opt/stack/tempest/
git checkout master
git pull origin master
# devstack 재설치
$ ./stack.sh
[ 이전 Package 제거 ]
$ vi clean_package.sh
#! /bin/bash
cd /usr/local/lib/python2.7/dist-packages
find -depth -maxdepth 1 -name "*nova*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*ceilometer*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*cinder*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*glance*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*keystone*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*horizon*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*neutron*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*oslo*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*heat*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*pbr*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*pycadf*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*openstackclient*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*swift*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*stevedore*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*taskflow*" | xargs sudo rm -rf
find -depth -maxdepth 1 -name "*tempest*" | xargs sudo rm -rf
[ Volume Attach 시에 VM 안에서 Volume 을 인식 못할 때 ]
아래 명령을 수행한 후 /dev/vdb 가 보이는지 확인
# echo 1 > /sys/bus/pci/rescan
[ root를 EBS Boot on Volume 으로 생성하면서 Volume Attach 를 할 경우 ]
# nova boot [name] --flavor [flavorid] --block-device id=[imageid],source=image,dest=volume,size=10,bootindex=0,shutdown=remove
--block-device id=[volumeid],source=volume,dest=volume,size=100,bootindex=1
[ pip 패키지를 캐시에 다운로드만 하려고 할 때 (설치는 하지 않음) ]
# sudo pip install python-openstackclient --download=/var/cache/pip
[ cpu, memory overcommit 설정 ]
$ vi /etc/nova/nova.conf
scheduler_default_filters = RetryFilter,AvailabilityZoneFilter,CoreFilter,RamFilter,ComputeFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
cpu_allocation_ratio = 16.0
ram_allocation_ratio = 100.0
disk_allocation_ratio = 100.0
[ vm 이 DNS를 찾는지 확인 ]
$ sudo tcpdump -i tap2404d0f1-25 -n -v udp port 53
[ vm 에 할당되는 DNS 변경 ]
$ neutron subnet-list
$ neutron subnet-update <subnet> --dns_nameservers list=true 8.8.8.8 8.8.4.4
[ Horizon 접속 시 no such table: django_session 에러가 날 때 ]
아래 명령으로 db 테이블을 생성해야 함
$ cd /opt/stack/horizon
$ python manage.py syncdb
[ Murano WordPress Package Import ]
$ export MURANO_REPO_URL=http://storage.apps.openstack.org
$ murano package-import io.murano.apps.WordPress
wordpress 접속
http://192.168.75.209/wordpress
[ OpenStack Source virtualenv pip install ]
$ mkdir -p ~/.pip
$ vi ~/.pip/pip.conf
[global]
#index-url=https://pypi.python.org/pypi/
#index-url=http://pypi.gocept.com/simple/
index-url=https://pypi.python.org/simple/
$ cd ~Documents/github/Virtualenvs
$ virtualenv mitaka
$ cd mitaka
$ . bin/activate
$ pip install -r requirements.txt --trusted-host pypi.python.org
반응형
반응형
[ Mac vmware 에 설치한 Ubuntu 에 vt-x 활성화하기 위해 vmx 파일 수정]
vhv.enable = "TRUE"
[ ssh server 설치 ]
sudo apt-get install -y openssh-server
[ 구조 설명 ]
Cloud Controller
- hostname : controller
- eth0 : 192.168.75.131
- eth1 : 192.168.230.131
- 설치 모듈 : mysql, rabbitMQ, keystone, glance, nova-api,
cinder-api, cinder-scheduler, cinder-volume, open-iscsi, iscsitarget
quantum-server
Network
- hostname : network
- eth0 : 192.168.75.132
- eth1 : 192.168.230.132
- eth2 :
- eth3 : 192.168.75.133
- 설치 모듈 : openvswitch-switch openvswitch-datapath-dkms
quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent
Compute
- hostname : compute
- eth0 : 192.168.75.134
- eth1 : 192.168.230.134
- eth2 :
- 설치 모듈 : openvswitch-switch openvswitch-datapath-dkms
quantum-plugin-openvswitch-agent, nova-compute-kvm, open-iscsi, iscsitarget
[ network 설정 ]
eth0 : public 망 (NAT) 192.168.75.0/24
eth1 : private host 망 Custom(VMnet2) 192.168.230.0/24
eth2 : vm private 망 10.0.0.0/24
eth3 : vm Quantum public 망(NAT) 192.168.75.0/26
[ hostname 변경 ]
vi /etc/hosts
192.168.230.131 controller
192.168.230.132 network
192.168.230.134 compute
vi /etc/hostname
controller
hostname -F /etc/hostname
새로운 터미널로 확인
[ eth0 eth1 설정 ]
vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# Host Public 망
auto eth0
iface eth0 inet static
address 192.168.75.131
netmask 255.255.255.0
gateway 192.168.75.2
dns-nameservers 8.8.8.8 8.8.4.4
# Host Private 망
auto eth1
iface eth1 inet static
address 192.168.230.131
netmask 255.255.255.0
service networking restart
[ vmware 에 설치한 Ubuntu 에서 가상화를 지원하는지 확인 ]
egrep '(vmx|svm)' --color=always /proc/cpuinfo
[ nova 설치 매뉴얼 ]
https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/master/OpenStack_Grizzly_Install_Guide.rst
[ nova 소스 위치 ]
nova link source = /usr/lib/python2.7/dist-packages/nova
nova original source = /usr/share/pyshared/nova
################## 모든 node 공통 설치하기 #####################
[ root 패스워드 세팅 ]
sudo su -
passwd
[ repository upgrade ]
apt-get install -y ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
apt-get update
apt-get upgrade
apt-get dist-upgrade
[ screen vim 설치 ]
sudo apt-get install -y screen vim
[ .screenrc ]
vbell off
autodetach on
startup_message off
defscrollback 1000
attrcolor b ".I"
termcap xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
defbce "on"
#term screen-256color
## apps I want to auto-launch
#screen -t irssi irssi
#screen -t mutt mutt
## statusline, customized. (should be one-line)
hardstatus alwayslastline '%{gk}[ %{G}%H %{g}][%= %{wk}%?%-Lw%?%{=b kR}[%{W}%n%f %t%?(%u)%?%{=b kR}]%{= kw}%?%+Lw%?%?%= %{g}][%{Y}%l%{g}]%{=b C}[ %D %m/%d %C%a ]%{W}'
[ .vimrc ]
syntax on
set nocompatible
set number
set backspace=indent,eol,start
set tabstop=4
set shiftwidth=4
set autoindent
set visualbell
set laststatus=2
set statusline=%h%F%m%r%=[%l:%c(%p%%)]
set hlsearch
set background=dark
set expandtab
set tags=./tags,./TAGS,tags,TAGS,/usr/share/pyshared/nova/tags
set et
" Removes trailing spaces
function! TrimWhiteSpace()
%s/\s\+$//e
endfunction
nnoremap <silent> <Leader>rts :call TrimWhiteSpace()<CR>
autocmd FileWritePre * :call TrimWhiteSpace()
autocmd FileAppendPre * :call TrimWhiteSpace()
autocmd FilterWritePre * :call TrimWhiteSpace()
autocmd BufWritePre * :call TrimWhiteSpace()
[ remove dmidecode ]
apt-get purge dmidecode
apt-get autoremove
kill -9 [dmidecode process]
[ root 일 때 nova 계정이 없을 경우 유저 및 권한 설정 ]
adduser nova
visudo
nova ALL=(ALL:ALL) NOPASSWD:ALL
[ ntp 설치 ]
apt-get install -y ntp
vi /etc/ntp.conf
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
server time.bora.net
service ntp restart
# 한국 시간 세팅 및 최초 시간 맞추기
ntpdate -u time.bora.net
ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime
[ mysql client 설치 ]
apt-get install -y python-mysqldb mysql-client-5.5
[ KVM 설치 및 확인 ]
apt-get install -y cpu-checker
apt-get install -y kvm libvirt-bin pm-utils
kvm-ok
# kvm 이 load 되어 있는지 확인하기
lsmod | grep kvm
# 서버 reboot 시에 kvm 자동 load 추가
vi /etc/modules
kvm
kvm_intel
vi /etc/libvirt/qemu.conf
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun"
]
# delete default virtual bridge
virsh net-destroy default
virsh net-undefine default
# enable live migration
vi /etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
vi /etc/init/libvirt-bin.conf
env libvirtd_opts="-d -l"
vi /etc/default/libvirt-bin
libvirtd_opts="-d -l"
service dbus restart
service libvirt-bin restart
[ bridge 설치 ]
apt-get install -y vlan bridge-utils
[ IP_Forwarding 설정 ]
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sysctl net.ipv4.ip_forward=1
################## Cloud Controller 설치하기 #####################
[ ntp 세팅 ]
vi /etc/ntp.conf
server time.bora.net
service ntp restart
[ network 세팅 ]
vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# Host Public 망
auto eth0
iface eth0 inet static
address 192.168.75.131
netmask 255.255.255.0
gateway 192.168.75.2
dns-nameservers 8.8.8.8 8.8.4.4
# Host Private 망
auto eth1
iface eth1 inet static
address 192.168.230.131
netmask 255.255.255.0
service networking restart
[ hostname 변경 ]
vi /etc/hosts
192.168.230.131 controller
192.168.230.132 network
192.168.230.134 compute
vi /etc/hostname
controller
hostname -F /etc/hostname
[ mysql db 설치 ]
apt-get install -y python-mysqldb mysql-server password : 임시 패스워드
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
[ rabbitmq server install ]
apt-get install -y rabbitmq-server
# user 변환
sudo su - nova
[ Database 세팅 ]
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '임시 패스워드';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '임시 패스워드';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '임시 패스워드';
CREATE DATABASE quantum;
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'%' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'localhost' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'controller' IDENTIFIED BY '임시 패스워드';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '임시 패스워드';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY '임시 패스워드';
# grant 가 안될 때
use mysql;
UPDATE user SET
Select_priv = 'Y',
Insert_priv = 'Y',
Update_priv = 'Y',
Delete_priv = 'Y',
Create_priv = 'Y',
Drop_priv = 'Y',
Reload_priv = 'Y',
Shutdown_priv = 'Y',
Process_priv = 'Y',
File_priv = 'Y',
Grant_priv = 'Y',
References_priv = 'Y',
Index_priv = 'Y',
Alter_priv = 'Y',
Show_db_priv = 'Y',
Super_priv = 'Y',
Create_tmp_table_priv = 'Y',
Lock_tables_priv = 'Y',
Execute_priv = 'Y',
Repl_slave_priv = 'Y',
Repl_client_priv = 'Y',
Create_view_priv = 'Y',
Show_view_priv = 'Y',
Create_routine_priv = 'Y',
Alter_routine_priv = 'Y',
Create_user_priv = 'Y',
Event_priv = 'Y',
Trigger_priv = 'Y',
Create_tablespace_priv = 'Y'
WHERE user IN ('keystone', 'glance', 'nova', 'quantum', 'cinder');
[ keystone 설치 ]
sudo apt-get install -y keystone
sudo service keystone status
sudo rm /var/lib/keystone/keystone.db
sudo vi /etc/keystone/keystone.conf
connection = mysql://keystone:임시 패스워드@controller/keystone
token_format = UUID
sudo service keystone restart
sudo keystone-manage db_sync
[ keystone 세팅 ]
vi keystone_basic.sh
#!/bin/sh
#
# Keystone basic configuration
# Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh
# Modified by Bilel Msekni / Institut Telecom
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
HOST_IP=192.168.230.131
ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}
export SERVICE_TOKEN="ADMIN"
export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
# The Member role is used by Horizon and Swift
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
QUANTUM_USER=$(get_id keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=quantum@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
CINDER_USER=$(get_id keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
vi keystone_endpoints_basic.sh
#!/bin/sh
#
# Keystone basic Endpoints
# Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh
# Modified by Bilel Msekni / Institut Telecom
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
# Host address
HOST_IP=192.168.230.131
EXT_HOST_IP=192.168.75.131
VOLUME_HOST_IP=192.168.230.131
VOLUME_EXT_HOST_IP=192.168.75.131
NETWORK_HOST_IP=192.168.230.132
NETWORK_EXT_HOST_IP=192.168.75.133
# MySQL definitions
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=$HOST_IP
MYSQL_PASSWORD=임시 패스워드
# Keystone definitions
KEYSTONE_REGION=RegionOne
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"
while getopts "u:D:p:m:K:R:E:T:vh" opt; do
case $opt in
u)
MYSQL_USER=$OPTARG
;;
D)
MYSQL_DATABASE=$OPTARG
;;
p)
MYSQL_PASSWORD=$OPTARG
;;
m)
MYSQL_HOST=$OPTARG
;;
K)
MASTER=$OPTARG
;;
R)
KEYSTONE_REGION=$OPTARG
;;
E)
export SERVICE_ENDPOINT=$OPTARG
;;
T)
export SERVICE_TOKEN=$OPTARG
;;
v)
set -x
;;
h)
cat <<EOF
Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password]
[-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ]
[ -T keystone_token ]
Add -v for verbose mode, -h to display this message.
EOF
exit 0
;;
\?)
echo "Unknown option -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument" >&2
exit 1
;;
esac
done
if [ -z "$KEYSTONE_REGION" ]; then
echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_TOKEN" ]; then
echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_ENDPOINT" ]; then
echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2
missing_args="true"
fi
if [ -z "$MYSQL_PASSWORD" ]; then
echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2
missing_args="true"
fi
if [ -n "$missing_args" ]; then
exit 1
fi
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
keystone service-create --name quantum --type network --description 'OpenStack Networking service'
create_endpoint () {
case $1 in
compute)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s'
;;
volume)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$VOLUME_EXT_HOST_IP"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$VOLUME_HOST_IP"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$VOLUME_HOST_IP"':8776/v1/$(tenant_id)s'
;;
image)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':9292/v2' --adminurl 'http://'"$HOST_IP"':9292/v2' --internalurl 'http://'"$HOST_IP"':9292/v2'
;;
identity)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':5000/v2.0' --adminurl 'http://'"$HOST_IP"':35357/v2.0' --internalurl 'http://'"$HOST_IP"':5000/v2.0'
;;
ec2)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8773/services/Cloud' --adminurl 'http://'"$HOST_IP"':8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud'
;;
network)
keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$NETWORK_EXT_HOST_IP"':9696/' --adminurl 'http://'"$NETWORK_HOST_IP"':9696/' --internalurl 'http://'"$NETWORK_HOST_IP"':9696/'
;;
esac
}
for i in compute volume image object-store identity ec2 network; do
id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1
create_endpoint $i $id
done
# keystone 접근 어드민
vi creds
unset http_proxy
unset https_proxy
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
export OS_AUTH_URL="http://controller:5000/v2.0/"
source creds
keystone user-list
[ Glance 설치 ]
sudo apt-get install -y glance
sudo rm /var/lib/glance/glance.sqlite
sudo service glance-api status
sudo service glance-registry status
sudo vi /etc/glance/glance-api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
sudo vi /etc/glance/glance-registry-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
sudo vi /etc/glance/glance-api.conf
sql_connection = mysql://glance:임시 패스워드@192.168.230.141/glance
enable_v1_api = True
enable_v2_api = True
[paste_deploy]
flavor=keystone
sudo vi /etc/glance/glance-registry.conf
sql_connection = mysql://glance:임시 패스워드@192.168.230.141/glance
[paste_deploy]
flavor=keystone
sudo glance-manage db_sync
sudo service glance-registry restart
sudo service glance-api restart
[ Image 등록 ]
mkdir images
cd images
wget --no-check-certificate https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
glance image-create --name cirros --is-public true --container-format bare --disk-format qcow2 < cirros-0.3.0-x86_64-disk.img
glance image-list
[ Nova-api, scheduler 설치 ]
sudo apt-get install -y nova-api nova-scheduler nova-cert novnc nova-consoleauth nova-novncproxy nova-doc nova-conductor
mysql -uroot -p임시 패스워드 -e 'CREATE DATABASE nova;'
mysql -uroot -p임시 패스워드 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '임시 패스워드';"
mysql -uroot -p임시 패스워드 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '임시 패스워드';"
sudo vi /etc/nova/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dir = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
sudo vi /etc/nova/nova.conf
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=192.168.230.141
nova_url=http://192.168.230.141:8774/v1.1/
sql_connection=mysql://nova:imsi00@192.168.230.141/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging service
glance_api_servers=192.168.230.141:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://192.168.75.141:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=192.168.230.141
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://192.168.230.143:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://192.168.230.141:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
metadata_host = 192.168.230.141
metadata_listen = 127.0.0.1
metadata_listen_port = 8775
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
sudo nova-manage db sync
# restart nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
# check nova services
nova-manage service list
[ Horizon 설치 ]
sudo apt-get install -y openstack-dashboard memcached
# ubuntu 테마 삭제
sudo apt-get purge openstack-dashboard-ubuntu-them
# apache and mecached reload
sudo service apache2 restart
sudo service memcached restart
# browser 접속 url
http://192.168.75.141/horizon/
################## Cinder 설치하기 #####################
[ ntp 세팅 ]
sudo vi /etc/ntp.conf
server 192.168.230.141
sudo service ntp restart
[ network 세팅 ]
[ hostname 변경 ]
[ Cinder 설치 ]
sudo apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms
sudo sed -i 's/false/true/g' /etc/default/iscsitarget
sudo vi /etc/iscsi/iscsid.conf
node.startup = automatic
sudo service iscsitarget start
sudo service open-iscsi start
mysql -uroot -p임시 패스워드 -e 'CREATE DATABASE cinder;'
mysql -uroot -p임시 패스워드 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '임시 패스워드';"
mysql -uroot -p임시 패스워드 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '임시 패스워드';"
sudo vi /etc/cinder/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 192.168.75.141
service_port = 5000
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = service_pass
sudo vi /etc/cinder/cinder.conf
[DEFAULT]
rootwrap_config=/etc/cinder/rootwrap.conf
sql_connection = mysql://cinder:임시 패스워드@192.168.230.141/cinder
api_paste_config = /etc/cinder/api-paste.ini
iscsi_helper=ietadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
rabbit_host = 192.168.230.141
sudo cinder-manage db sync
[ cinder volume 생성 ]
dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=10G
sudo losetup /dev/loop2 cinder-volumes
sudo fdisk /dev/loop2
1. sudo fdisk -l
2. sudo fdisk /dev/sdb
3. Press ‘n' to create a new disk partition,
4. Press 'p' to create a primary disk partition,
5. Press '1' to denote it as 1st disk partition,
6. Either press ENTER twice to accept the default of 1st and last cylinder – to convert the remainder of hard disk to a single disk partition
-OR- press ENTER once to accept the default of the 1st, and then choose how big you want the partition to be by specifying +size{K,M,G}
e.g. +5G or +6700M.
7. Press 't', then select the new partition you made.
8. Press '8e' change your new partition to 8e, i.e. Linux LVM partition type.
9. Press ‘p' to display the hard disk partition setup. Please take note that the first partition is denoted as /dev/sda1 in Linux.
10. Press 'w' to write the partition table and exit fdisk upon completion.
sudo pvcreate /dev/loop2
sudo vgcreate cinder-volumes /dev/loop2
# 서버 reboot 시에도 자동으로 설정
sudo vi /etc/init.d/cinder-setup-backing-file
losetup /dev/loop2 /home/nova/cinder-volumes
exit 0
sudo chmod 755 /etc/init.d/cinder-setup-backing-file
sudo ln -s /etc/init.d/cinder-setup-backing-file /etc/rc2.d/S10cinder-setup-backing-file
# restart cinder services
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
# verify cinder services
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done
################## Quantum Server 설치하기 #####################
[ ntp 세팅 ]
sudo vi /etc/ntp.conf
server 192.168.230.141
sudo service ntp restart
[ network 세팅 ]
[ hostname 변경 ]
[ quantum server 설치 ]
sudo apt-get install -y quantum-server
sudo rm -rf /var/lib/quantum/ovs.sqlite
mysql -uroot -p임시 패스워드 -e 'CREATE DATABASE quantum;'
mysql -uroot -p임시 패스워드 -e "GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'%' IDENTIFIED BY '임시 패스워드';"
mysql -uroot -p임시 패스워드 -e "GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'localhost' IDENTIFIED BY '임시 패스워드';"
sudo vi /etc/quantum/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
sudo vi /etc/quantum/quantum.conf
rabbit_host = 192.168.230.141
sudo service quantum-server restart
sudo service quantum-server status
################## Quantum Network 설치하기 #####################
[ ntp 세팅 ]
sudo vi /etc/ntp.conf
server 192.168.230.141
sudo service ntp restart
[ eth2 vm 용 public 망 추가 - Quantum public network 로 사용 ]
sudo vi /etc/network/interfaces
auto lo
iface lo inet loopback
# host public 망
auto eth0
iface eth0 inet static
address 192.168.75.144
netmask 255.255.255.0
gateway 192.168.75.2
dns-nameservers 8.8.8.8, 8.8.4.4
# vm private 망, host private 망
auto eth1
iface eth1 inet static
address 192.168.230.144
netmask 255.255.255.0
# vm public 망
auto eth2
iface eth2 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
sudo service networking restart
[ hostname 변경 ]
[ openVSwitch 설치 ]
sudo apt-get install -y openvswitch-switch openvswitch-datapath-dkms
# bridge 생성
sudo ovs-vsctl add-br br-int
sudo ovs-vsctl add-br br-ex
[ Quantum openVSwitch agent, dnsmasq, dhcp agent, L3 agent, metadata agent 설치 ]
sudo apt-get install -y quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent quantum-metadata-agent
sudo vi /etc/quantum/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
sudo vi /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
[DATABASE]
sql_connection = mysql://quantum:임시 패스워드@192.168.230.141/quantum
[OVS]
tenant_network_type = gre
enable_tunneling = True
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.230.144
sudo vi /etc/quantum/l3_agent.ini
# 맨 아랫줄에 추가
auth_url = http://192.168.230.141:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
sudo vi /etc/quantum/metadata_agent.ini
auth_url = http://192.168.230.141:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
nova_metadata_ip = 192.168.230.141
nova_metadata_port = 8775
metadata_proxy_shared_secret = helloOpenStack
sudo vi /etc/quantum/quantum.conf
rabbit_host = 192.168.230.141
# restart Quantum services
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
# br-ex 와 public 망과 연결
sudo ovs-vsctl add-port br-ex eth2
################## Compute 설치하기 #####################
[ ntp 세팅 ]
sudo vi /etc/ntp.conf
server 192.168.230.141
sudo service ntp restart
[ network 세팅 ]
[ hostname 변경 ]
[ openVSwitch 설치 ]
sudo apt-get install -y openvswitch-switch openvswitch-datapath-dkms
# bridge 생성
sudo ovs-vsctl add-br br-int
[ Quantum openVSwitch agent 설치 ]
sudo apt-get install -y quantum-plugin-openvswitch-agent
sudo vi /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
[DATABASE]
sql_connection = mysql://quantum:imsi00@192.168.230.141/quantum
[OVS]
tenant_network_type = gre
enable_tunneling = True
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.230.145
sudo vi /etc/quantum/quantum.conf
rabbit_host = 192.168.230.141
[keystone_authtoken] ----> ? 필요한 세팅인가?
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing
# quantum openVSwitch agent restart
sudo service quantum-plugin-openvswitch-agent restart
[ Nova 설치 ]
sudo apt-get install -y nova-compute-kvm open-iscsi
sudo vi /etc/nova/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 192.168.230.141
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dir = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
sudo vi /etc/nova/nova-compute.conf
[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
sudo vi /etc/nova/nova.conf
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=192.168.230.141
nova_url=http://192.168.230.141:8774/v1.1/
sql_connection=mysql://nova:imsi00@192.168.230.141/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging service
glance_api_servers=192.168.230.141:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://192.168.75.141:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=192.168.230.141
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://192.168.230.141:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://192.168.230.141:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
metadata_host = 192.168.230.141
metadata_listen = 127.0.0.1
metadata_listen_port = 8775
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
# restart nova service
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
# nova service status
nova-manage service list
[ Nova 명령어 실행 ]
# admin 권한으로 실행
source creds
# tenant, user 생성
keystone tenant-create --name myproject
keystone role-list
keystone user-create --name=myuser --pass=임시 패스워드 --tenant-id d8eca2f95bbf4ddc8bda878fe9669661 --email=myuser@domain.com
keystone user-role-add --tenant-id d8eca2f95bbf4ddc8bda878fe9669661 --user-id 29736a14d7d4471fa50ca04da38d89b1 --role-id 022cd675521b45ffb94693e7cab07db7
# Network 생성
quantum net-create --tenant-id d8eca2f95bbf4ddc8bda878fe9669661 net_myproject
quantum net-list
# Network 에 internal private subnet 생성
quantum subnet-create --tenant-id d8eca2f95bbf4ddc8bda878fe9669661 --name net_myproject_internal net_myproject 10.0.0.0/24
# Router 생성
quantum router-create --tenant-id d8eca2f95bbf4ddc8bda878fe9669661 net_myproject_router
# L3 agent 를 Router 와 연결
quantum l3-agent-router-add 829f424b-0879-4fee-a373-84c0f0bcbb9b net_myproject_router
# Router 를 Subnet 에 연결
quantum router-interface-add f3e2c02e-2146-4388-b415-c95d45f4f3a3 99189c7b-50cd-4353-9358-2dd74efbb762
# restart quantum services
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
# 환경설정파일 생성
vi myproject
export OS_TENANT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=임시 패스워드
export OS_AUTH_URL="http://192.168.230.141:5000/v2.0/"
# project 권한으로 진행
source myproject
nova image-list
nova secgroup-list
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
ssh-keygen
nova keypair-add --pub_key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova flavor-list
nova boot test01 --flavor 1 --image 5c4c2339-55bd-4e9b-86cb-23694e3b9b17 --key_name mykey --security_group default
nova floating-ip-list
nova floating-ip-create
nova add-floating-ip 80eb7545-258e-4f26-a842-c1993cb03ae5 192.168.75.225
nova remove-floating-ip 80eb7545-258e-4f26-a842-c1993cb03ae5 192.168.75.225
nova floating-ip-delete 192.168.75.225
nova volume-list
nova volume-create --display_name ebs01 1
nova volume-attach 80eb7545-258e-4f26-a842-c1993cb03ae5 c209e2f1-5ff7-496c-8928-d57487d86c6f /dev/vdb
nova volume-detach 80eb7545-258e-4f26-a842-c1993cb03ae5 a078f20a-62c6-432c-8fa2-7cfd9950a64f
nova volume-delete a078f20a-62c6-432c-8fa2-7cfd9950a64f
# 접속 후 ext4 로 format 및 mount
mke2fs -t ext4 /dev/vdb
mount /dev/vdb /test
[ vnc console 접속 ]
nova get-vnc-console 80eb7545-258e-4f26-a842-c1993cb03ae5 novnc
반응형
