OpenStack-Quick

# OpenStack-Quick --- # Controller ## 網路設定 ``` $ sudo su $ echo nameserver 8.8.8.8 > /etc/resolv.conf ``` ## 設定檔 ``` $ git clone https://github.com/TitanLi/CloudNative.git ``` ## Network 1. 編輯/etc/network/interfaces The provider network interface ``` auto INTERFACE_NAME(第二張網卡) iface INTERFACE_NAME(第二張網卡) inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down ``` 2. 編輯/etc/hosts ``` 127.0.0.1 localhost 10.0.1.97 controller 10.0.1.98 compute1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ``` ## OpenStack packages OpenStack Queens for Ubuntu 16.04 LTS： ``` $ apt install software-properties-common -y $ add-apt-repository cloud-archive:queens $ apt update && apt dist-upgrade -y $ apt install python-openstackclient -y ``` ## SQL database 1. Install the packages ``` $ apt install mariadb-server python-pymysql -y ``` 2. 新增檔案/etc/mysql/mariadb.conf.d/99-openstack.cnf ``` [mysqld] bind-address = 10.0.1.97 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 ``` 3. 重啟Database服務 ``` $ service mysql restart ``` 4. 安全性設定 ``` $ mysql_secure_installation 1. Enter current password for root (enter for none)：輸入root密碼，第一次設定時預設值是空的，所以直接按Enter即可，接著會詢問是否要設定root密碼，輸入「Ｎ」 2. Remove anonymous users? [Y/n]：是否要移除匿名使用者？輸入「N」 3. Disallow root login remotely? [Y/n]：是否要關閉root遠端登入的功能？依自己需求決定，一般基於安全性考量，輸入「N」 4. Remove test database and access to it? [Y/n]：是否要移除測試的資料庫？建議選擇「Y」來移除 5. Reload privilege tables now? [Y/n]：是否要重新載入表格權限？建議選擇「Y」 ``` ## Message queue ``` $ apt install rabbitmq-server -y $ rabbitmqctl add_user openstack RABBIT_PASS $ rabbitmqctl set_permissions openstack ".*" ".*" ".*" ``` ## Memcached ``` $ apt install memcached python-memcache ``` 編輯/etc/memcached.conf檔案 ``` -l 10.0.1.97 ``` ``` $ service memcached restart ``` ## Etcd(可選擇) ``` $ apt install etcd -y ``` 編輯/etc/default/etcd ``` ETCD_NAME="controller" ETCD_DATA_DIR="/var/lib/etcd" ETCD_INITIAL_CLUSTER_STATE="new" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER="controller=http://10.0.1.97:2380" ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.1.97:2380" ETCD_ADVERTISE_CLIENT_URLS="http://10.0.1.97:2379" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" ETCD_LISTEN_CLIENT_URLS="http://10.0.1.97:2379" ``` > controller node IP ``` $ systemctl enable etcd $ systemctl start etcd ``` ## 建立資料庫 ``` $ mysql MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS'; ``` ## 建立admin-openrc、demo-openrc檔案 ``` $ cp ./CloudNative/OpenStack/keystone/admin-openrc . $ cp ./CloudNative/OpenStack/keystone/demo-openrc . $ . admin-openrc ``` ## keystone安裝 ``` $ apt install keystone apache2 libapache2-mod-wsgi -y $ cp ./CloudNative/OpenStack/keystone/keystone.conf /etc/keystone/keystone.conf $ su -s /bin/sh -c "keystone-manage db_sync" keystone $ keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone $ keystone-manage credential_setup --keystone-user keystone --keystone-group keystone $ keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne $ cp ./CloudNative/OpenStack/keystone/apache2.conf /etc/apache2/apache2.conf $ service apache2 restart $ . admin-openrc $ openstack domain create --description "An Example Domain" example $ openstack project create --domain default \ --description "Service Project" service $ openstack project create --domain default \ --description "Demo Project" demo $ openstack user create --domain default \ --password-prompt demo User Password:DEMO_PASS Repeat User Password:DEMO_PASS $ openstack role create user $ openstack role add --project demo --user demo user ``` ## 建立使用者 ``` $ openstack user create --domain default --password-prompt glance User Password:GLANCE_PASS Repeat User Password:GLANCE_PASS $ openstack user create --domain default --password-prompt nova User Password:NOVA_PASS Repeat User Password:NOVA_PASS $ openstack user create --domain default --password-prompt placement User Password:PLACEMENT_PASS Repeat User Password:PLACEMENT_PASS $ openstack user create --domain default --password-prompt neutron User Password:NEUTRON_PASS Repeat User Password:NEUTRON_PASS ``` ## glance安裝 ``` $ openstack role add --project service --user glance admin $ openstack service create --name glance \ --description "OpenStack Image" image $ openstack endpoint create --region RegionOne \ image public http://controller:9292 $ openstack endpoint create --region RegionOne \ image internal http://controller:9292 $ openstack endpoint create --region RegionOne \ image admin http://controller:9292 $ apt install glance -y $ cp ./CloudNative/OpenStack/glance/glance-api.conf /etc/glance/glance-api.conf $ cp ./CloudNative/OpenStack/glance/glance-registry.conf /etc/glance/glance-registry.conf $ su -s /bin/sh -c "glance-manage db_sync" glance $ service glance-registry restart $ service glance-api restart $ wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img $ openstack image create "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public ``` ## nova（Controller service） ``` $ openstack role add --project service --user nova admin $ openstack service create --name nova \ --description "OpenStack Compute" compute $ openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1 $ openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1 $ openstack role add --project service --user placement admin $ openstack service create --name placement --description "Placement API" placement $ openstack endpoint create --region RegionOne placement public http://controller:8778 $ openstack endpoint create --region RegionOne placement internal http://controller:8778 $ openstack endpoint create --region RegionOne placement admin http://controller:8778 $ apt-get update $ apt install nova-api nova-conductor nova-consoleauth \ nova-novncproxy nova-scheduler nova-placement-api -y $ cp ./CloudNative/OpenStack/nova/controller/nova.conf /etc/nova/nova.conf ``` > 需編輯 > /etc/nova/nova.conf > [DEFAULT] > my_ip = 10.0.1.97 ``` $ su -s /bin/sh -c "nova-manage api_db sync" nova $ su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova $ su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova $ su -s /bin/sh -c "nova-manage db sync" nova $ service nova-api restart $ service nova-consoleauth restart $ service nova-scheduler restart $ service nova-conductor restart $ service nova-novncproxy restart ``` ## neutron(controller node) ``` $ openstack role add --project service --user neutron admin $ openstack service create --name neutron \ --description "OpenStack Networking" network $ openstack endpoint create --region RegionOne \ network public http://controller:9696 $ openstack endpoint create --region RegionOne \ network internal http://controller:9696 $ openstack endpoint create --region RegionOne \ network admin http://controller:9696 $ apt install neutron-server neutron-plugin-ml2 \ neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \ neutron-metadata-agent -y $ cp ./CloudNative/OpenStack/neutron/controller/neutron.conf /etc/neutron/neutron.conf $ cp ./CloudNative/OpenStack/neutron/controller/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini $ cp ./CloudNative/OpenStack/neutron/controller/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini $ cp ./CloudNative/OpenStack/neutron/controller/l3_agent.ini /etc/neutron/l3_agent.ini $ cp ./CloudNative/OpenStack/neutron/controller/dhcp_agent.ini /etc/neutron/dhcp_agent.ini $ cp ./CloudNative/OpenStack/neutron/controller/metadata_agent.ini /etc/neutron/metadata_agent.ini ``` > 需編輯 > /etc/neutron/plugins/ml2/linuxbridge_agent.ini > [linux_bridge] > physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME(第二張網卡) > [vxlan] > enable_vxlan = true > local_ip = OVERLAY_INTERFACE_IP_ADDRESS(實體機IP) > l2_population = true ``` $ su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron $ service nova-api restart $ service neutron-server restart $ service neutron-linuxbridge-agent restart $ service neutron-dhcp-agent restart $ service neutron-metadata-agent restart $ service neutron-l3-agent restart ``` ## horizon(Dashboard) ``` $ apt install openstack-dashboard -y $ cp ./CloudNative/OpenStack/horizon/local_settings.py /etc/openstack-dashboard/local_settings.py $ cp ./CloudNative/OpenStack/horizon/openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf $ service apache2 reload ``` #### Dashboard :[10.0.1.97/horizon](http://10.0.1.97/horizon/auth/login/?next=/horizon/) > Domain : default > User Name : admin > Password : ADMIN_PASS --- # Compute ## 網路設定 ``` $ sudo su $ echo nameserver 8.8.8.8 > /etc/resolv.conf ``` ## 設定檔 ``` $ git clone https://github.com/TitanLi/CloudNative.git ``` ## Network 1. 編輯/etc/network/interfaces The provider network interface ``` auto INTERFACE_NAME(第二張網卡) iface INTERFACE_NAME(第二張網卡) inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down ``` 2. 編輯/etc/hosts ``` 127.0.0.1 localhost 10.0.1.97 controller 10.0.1.98 compute1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ``` ## OpenStack packages OpenStack Queens for Ubuntu 16.04 LTS： ``` $ apt install software-properties-common $ add-apt-repository cloud-archive:queens $ apt update && apt dist-upgrade -y $ apt install python-openstackclient -y ``` ## Message queue(可選擇) ``` $ apt install rabbitmq-server -y $ rabbitmqctl add_user openstack RABBIT_PASS $ rabbitmqctl set_permissions openstack ".*" ".*" ".*" ``` ## Etcd(可選擇) ``` $ apt install etcd -y ``` 編輯/etc/default/etcd ``` ETCD_NAME="controller" ETCD_DATA_DIR="/var/lib/etcd" ETCD_INITIAL_CLUSTER_STATE="new" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER="controller=http://10.0.1.98:2380" ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.1.98:2380" ETCD_ADVERTISE_CLIENT_URLS="http://10.0.1.98:2379" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" ETCD_LISTEN_CLIENT_URLS="http://10.0.1.98:2379" ``` > controller node IP ``` $ systemctl enable etcd $ systemctl start etcd ``` ## nova(Compute service) ``` $ apt install nova-compute -y $ cp ./CloudNative/OpenStack/nova/compute/nova.conf /etc/nova/nova.conf ``` > 需編輯 > /etc/nova/nova.conf > [DEFAULT] > my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS(Compute Node IP) > [vnc] novncproxy_base_url = http://CONTROLLER_NODE_IP:6080/vnc_auto.html ``` $ egrep -c '(vmx|svm)' /proc/cpuinfo $ service nova-compute restart ``` ## neutron(Compute node) ``` $ apt install neutron-linuxbridge-agent -y $ cp ./CloudNative/OpenStack/neutron/compute/neutron.conf /etc/neutron/neutron.conf $ cp ./CloudNative/OpenStack/neutron/compute/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini ``` > 需編輯 > /etc/neutron/plugins/ml2/linuxbridge_agent.ini > [linux_bridge] > physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME > [vxlan] > enable_vxlan = true > local_ip = OVERLAY_INTERFACE_IP_ADDRESS(Compute Node IP) > l2_population = true > OVERLAY_INTERFACE_IP_ADDRESS with the management IP address of the compute node ``` $ service nova-compute restart $ service neutron-linuxbridge-agent restart ``` --- ## 最後步驟發現Compute Node（Controller） ``` $ cp ./CloudNative/OpenStack/keystone/admin-openrc . $ cp ./CloudNative/OpenStack/keystone/demo-openrc . $ . admin-openrc $ openstack compute service list --service nova-compute $ su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova Found 2 cell mappings. ``` ## Verify operation ``` $ . admin-openrc $ openstack compute service list $ openstack catalog list $ openstack image list $ nova-status upgrade check ```