OpenStack Install(Feature. Mitaka)
- Helion OpenStack의 기본 바탕이 되는 Version이 Mitaka로 되어 있기 때문에 설치 및 테스트 진행
1. Controller Node
Request Minimum Spec
- CPU 2+
- RAM 8GB
- Storage 100G
- NIC 2+
riiidhfjahfdlk
Step1 Before OpenStack Controller Node Install, Needed Base PKG
: Openstack 설치하기 전 필요한 PKG 및 서비스 실행 및 중지
# hostname controller1
NetworkManager/Firwalld 서비스 중지 및 disable
# systemctl stop NetworkManager
# systemctl stop firewalld
# systemctl disable NetworkManager
# systemctl disable firewalld
Node별 Service Sync을 맞추기 위한 NTP 구성
# yum -y install ntp
# vi /etc/ntp.conf
server 127.127.1.0 localhost
server 0.time.bora.net ibrust
exit
# systemctl enable ntpd
# systemctl start ntpd
# ntpq -p
Selinux disabled 설정 변경
# vi /etc/selinux/config
SELINUX=disabled
exit
# systemctl stop iptables.service
# iptables -L
# iptables -F
CentOS version Mitaka Repository 설정
# cat << EOF >> /etc/yum.repos.d/CentOS-OpenStack-mitaka.repo
[centos-openstack-mitaka]
name=CentOS-7 - OpenStack mitaka
baseurl=https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-mitaka/
EOF
# yum clean all
# yum repolist
OpenStack에 필요한 PKG 설치
# yum -y --nogpgcheck install wget
# wget https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-mitaka/centos-release-openstack-mitaka-1-3.el7.noarch.rpm
# yum -y install centos-release-ceph
# yum -y install centos-release-qemu-ev
# rpm -Uvh centos-release-openstack-mitaka-1-3.el7.noarch.rpm
# yum -y update
# yum -y --nogpgcheck install python-openstackclient openstack-selinux
Step1-1 Mariadb Install
:OpenStack Service Information을 저장하기 위한 DB
# yum -y --nogpgcheck install mariadb mariadb-server python2-PyMySQL
# cat << EOF >> /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.198.138
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
# cat /etc/my.cnf.d/openstack.cnf
# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
# systemctl start mariadb.service
# mysql_secure_installation
Enter current password for root (enter for none):
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Step1-2 Rabbitmq-Server Install
:OpenStack Service별 통신하기 위한 Message Queue
# yum -y --nogpgcheck install rabbitmq-server
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
# rabbitmqctl add_user openstack stack
Creating user "openstack" ...
Rabbitmq User : openstack Password : stack
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
Step1-3 memcached Install
# yum -y --nogpgcheck install memcached python-memcached
# systemctl enable memcached.service
# systemctl start memcached.service
Step 2 Keystone Install(Identity)
:OpenStack에서 인증 서비스를 제공하는 서비스
# su - stack
stack 계정이 없다면 계정 생성
stack 계정으로 datebase를 생성하면, keystone service 생성 시 http 500 Error 발생함.
# useradd -G wheel stack
# su - stack
Mariadb에서 keystone DATABASE 생성
# mysql -u root
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'stack';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'stack';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> show GRANTS for keystone@localhost;
+-----------------------------------------------------------------------------------------------------------------+
| Grants for keystone@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'localhost' IDENTIFIED BY PASSWORD '*BAC89B69B31316D0E8B2146A25F0BD290E9801FA' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'localhost' |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> show GRANTS for keystone@;
+---------------------------------------------------------------------------------------------------------+
| Grants for keystone@% |
+---------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*BAC89B69B31316D0E8B2146A25F0BD290E9801FA' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%' |
+---------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
# exit
root계정으로 복귀
Generate a random value to use as the administration token
# openssl rand -hex 10
f9cffc847ae4843e9e09
keystoen 및 httpd, mod_wsgi PKG 설치
# yum -y --nogpgcheck install openstack-keystone httpd mod_wsgi
Keystone 설정파일 설정
# vi /etc/keystone/keystone.conf
[DEAFAULT]
admin_token = f9cffc847ae4843e9e09
...
[database]
connection = mysql+pymysql://keystone:stack@controller1/keystone
...
[token]
provider = fernet
#
keystone 설정 값 확인
keystone설정을 DATABASE에 적용
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# vi /etc/httpd/conf/httpd.conf
...
ServerName controller1
...
# cat << EOF >> /etc/httpd/conf.d/wsgi-keyston.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
EOF
# systemctl enable httpd
# systemctl start httpd
# systemctl status httpd
# su - stack
OpenStack에서 필요한 환경변수 설정
# export OS_IDENTITY_API_VERSION=3
# export OS_TOKEN=f9cffc847ae4843e9e09
# export OS_URL=http://controller1:35357/v3
# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 44f1237ef0194f2c819d421fb76cdb00 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
# openstack endpoint create --region RegionOne identity public http://controller1:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3f258498130a41fdbeaa5aed32092beb |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2609b981974749168fee478d6c748899 |
| service_name | keystone |
| service_type | identity |
| url | http://controller1:5000/v3 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne identity internal http://controller1:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 199c778bbce944c7860a8f4ef29ee1e6 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2609b981974749168fee478d6c748899 |
| service_name | keystone |
| service_type | identity |
| url | http://controller1:5000/v3 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne identity admin http://controller1:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 68fa4e3671fc4065b45c5b698d146b57 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2609b981974749168fee478d6c748899 |
| service_name | keystone |
| service_type | identity |
| url | http://controller1:5000/v3 |
+--------------+----------------------------------+
# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | dcea1dae40024fc7abfd47423dded8b2 |
| name | default |
+-------------+----------------------------------+
# openstack user create --domain default --password-prompt demo
User Password: stack
Repeat User Password: stack
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | a89825b00fe44f88a89ee55d3e12a2d4 |
| enabled | True |
| id | ee1e55f289e7458aa24b646af18ca728 |
| name | demo |
+-----------+----------------------------------+
# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 00066ee02a014f0887e83436729f21ea |
| name | user |
+-----------+----------------------------------+
# openstack role add --project demo --user demo user
exit root 권한으로 복귀 후
# vi /etc/keystone/keystone-paste.ini
...
[pipeline:public_api]
pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension public_service
(수정) pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
[pipeline:admin_api]
pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension s3_extension admin_service
(수정) pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
[pipeline:api_v3]
pipeline = cors sizelimit url_normalize request_id admin_token_auth build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
(수정) pipeline = cors sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
...
# su - stack
# unset OS_TOKEN OS_URL
# openstack --os-auth-url http://controller1:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password: stack
+------------+------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------+
| expires | 2019-03-22T06:48:43.000000Z |
| id | gAAAAABclHc713NKw8pHq3XrG4avraSS3VckWgM6L5jCpuxC9XzQLdWOD6tS4TvLHhwXusx__rKwUepiJhU4tRgHrLw4tF |
| | VZSzWtPzh5tLIwmHTyZO0lDUAYG5qFDBvw9YJD-LRLX7qW0e_VWsNDNXSHNElFKsgLEECJWNdME4bYrOlpSeFk1x8 |
| project_id | f081058a396b45159f621fdeb87a0d1f |
| user_id | 0636307fda5c4c718aa772810c72eec1 |
+------------+------------------------------------------------------------------------------------------------+
# openstack --os-auth-url http://controller1:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:
+------------+------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------+
| expires | 2019-03-22T06:49:56.000000Z |
| id | gAAAAABclHeEhlQt-YkuEyIYb6fQPIDrn5dL1xQuum0FtrlqYS1U-LCk4L-QnzJDV5oUTwUSD3hfXd1ME7bdycXoqPyQ1m |
| | Ydy3ewbOg_bPcO5TGdy4pLgpeKe3VPI_i0rMW3ZSJcgOztMVsKNMl_Rjo70J_G4kdVDs01u5Z45uxG-ARouiivlmc |
| project_id | 7bf25b7d8a55464ebde7883b79149094 |
| user_id | ee1e55f289e7458aa24b646af18ca728 |
+------------+------------------------------------------------------------------------------------------------+
Create Script
Create client environment scripts for the admin and demo projects and users. Future portions of this guide reference these scripts to load appropriate credentials for client operations.
# cat << EOF >> ./admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=stack
export OS_AUTH_URL=http://controller1:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
# cat << EOF >> ./demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=stack
export OS_AUTH_URL=http://controller1:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
[stack@controller1 ~]# source admin-openrc
[stack@controller1 ~]# openstack token issue
+------------+------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------------------------------+
| expires | 2019-03-22T06:53:38.000000Z |
| id | gAAAAABclHhiRAjpGrGrK-n60bOF6cnDva1aRF5wKKibLd1XAZUbJ94GlrfScYLkX5ydokXjO- |
| | STAMJwe80RFkaCAEXkDUlZvGnc9VbzS06ZgO7cijOJCSNq- |
| | BONzjyKeXdVihvgSGA_MyZnnBfvYQ8YBDTz07COtBrOLdn2gpID8yD81RbbCZE |
| project_id | f081058a396b45159f621fdeb87a0d1f |
| user_id | 0636307fda5c4c718aa772810c72eec1 |
+------------+------------------------------------------------------------------------------------------------+
Step3 Glance Install(OS Image)
[stack@controller1 ~]# mysql -u root
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'stack';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'stack';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | a89825b00fe44f88a89ee55d3e12a2d4 |
| enabled | True |
| id | b851a2527fd64b6f96f46765a2850a01 |
| name | glance |
+-----------+----------------------------------+
# openstack role add --project service --user glance admin
# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 3aeb955240c546f986ed3cfb2398244b |
| name | glance |
| type | image |
+-------------+----------------------------------+
# openstack endpoint create --region RegionOne image public http://controller1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5aacad61ec264dca85d16e1ca54dc1db |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3cc4178179c9454a878cc8dd3b718cb9 |
| service_name | glance |
| service_type | image |
| url | http://controller1:9292 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne image internal http://controller1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 472aae149f6b42818b09e49f440fa3fc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3aeb955240c546f986ed3cfb2398244b |
| service_name | glance |
| service_type | image |
| url | http://controller1:9292 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne image admin http://controller1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3572feec352b410ba55a36dd0fb0c6fd |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3aeb955240c546f986ed3cfb2398244b |
| service_name | glance |
| service_type | image |
| url | http://controller1:9292 |
+--------------+----------------------------------+
# exit
root 권한으로 복귀
[root@controller1 ~]# yum -y --nogpgcheck install openstack-glance
# vi /etc/glance/glance-api.conf
[database]
..
connection = mysql+pymysql://glance:stack@controller1/glance
[keystone_authtoken]
..
auth_uri = http://controller1:5000
auth_url = http://controller1:35357
memcached_servers = controller1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = stack
[paste_deploy]
...
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
...
...
exit
# grep ^[^#] /etc/glance/glance-api.conf
# vi /etc/glance/glance-registry.conf
[database]
. . . .
connection = mysql+pymysql://glance:stack@controller1/glance
[keystone_authtoken]
..
auth_uri = http://controller1:5000
auth_url = http://controller1:35357
memcached_servers = controller1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = stack
[paste_deploy]
..
flavor = keystone
...
exit
# su -s /bin/sh -c "glance-manage db_sync" glance
OpenStack notice "Ignore any deprecation messages in this output."
# systemctl enable openstack-glance-api.service openstack-glance-registry.service
# systemctl start openstack-glance-api.service openstack-glance-registry.service
# systemctl restart openstack-glance-api.service openstack-glance-registry.service
# cd /var/lib/glance/images/
stack 계정으로 switch
# su - stack
[stack@controller1 ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-03-22T06:57:21Z |
| disk_format | qcow2 |
| file | /v2/images/0faf87c5-bc25-4662-9c07-e53fb333e9a0/file |
| id | 0faf87c5-bc25-4662-9c07-e53fb333e9a0 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | f081058a396b45159f621fdeb87a0d1f |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-03-22T06:57:21Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
# openstack image list
[root@controller1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 0faf87c5-bc25-4662-9c07-e53fb333e9a0 | cirros | active |
+--------------------------------------+--------+--------+
# glance image-list
[root@controller1 ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| 0faf87c5-bc25-4662-9c07-e53fb333e9a0 | cirros |
+--------------------------------------+--------+
'CloudSystem(Iaas)' 카테고리의 다른 글
| [OpenStack] Nova Componet OverView (0) | 2019.03.27 |
|---|---|
| [OpenStack] OpenStack Mitaka Install Controller Node - Nova/Neutron Service (0) | 2019.03.27 |
| [OpenStack]Helion OpenStack Install Comfirm (0) | 2019.03.21 |
