OpenStack (1)

wxin

　　
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
apt-get install -y ubuntu-cloud-keyring
　　# one way (older scala version will be installed)
# sudo apt-get install scala
　　#2nd way
sudo apt-get remove scala-library scala
wget http://www.scala-lang.org/files/archive/scala-2.11.4.deb
sudo dpkg -i scala-2.11.4.deb
sudo apt-get update
sudo apt-get install scala
　　# sbt installation
# remove sbt:> sudo apt-get purge sbt.
　　wget http://dl.bintray.com/sbt/debian/sbt-0.13.6.deb
sudo dpkg -i sbt-0.13.6.deb
sudo apt-get update
sudo apt-get install sbt
　　// ---------------Openstack Cookbook----------------
　　pre-requisite tool:
　　sudo apt-get update
sudo apt-get -y install python-software-properties
　　use a particular release of PPA,
　　sudo add-apt-repository ppa:openstack-ubuntu-testing/havana-trunk-testing
　　Installing OpenStack Identity service
　　MYSQL_ROOT_PASS=openstack
MYSQL_HOST=172.16.0.200
　　#enable non-interactive installations of MySQL
　　echo "mysql-server-5.5 mysql-server/root_password password $MYSQL_ROOT_PASS" | sudo debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again password $MYSQL_ROOT_PASS" | sudo debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password seen true" | sudo debconf-set-selections
echo "mysql-server-5.5 mysql-server/root_password_again seen true" | sudo debconf-set-selections
　　export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get -q -y install mysql-server
sudo sed -i "^bind\-address.*/bind-address = ${MYSQL_HOST}/g" /etc/mysql/my.cnf
sudo service mysql restart
　　mysqladmin -uroot password ${MYSQL_ROOT_PASS}
mysql -u root --password=${MYSQL_ROOT_PASS} -h localhost -e "GRANT ALL ON *.* to root@\"localhost\" IDENTIFIED BY \"${MYSQL_ROOT_PASS}\" WITH GRANT OPTION;"
mysql -u root --password=${MYSQL_ROOT_PASS} -h localhost -e "GRANT ALL ON *.* to root@\"${MYSQL_HOST}\" IDENTIFIED BY \"${MYSQL_ROOT_PASS}\" WITH GRANT OPTION;"
　　mysql -u root --password=${MYSQL_ROOT_PASS} -h localhost -e "GRANT ALL ON *.* to root@\"%\" IDENTIFIED BY \"${MYSQL_ROOT_PASS}\" WITH GRANT OPTION;"
　　mysqladmin -uroot -p${MYSQL_ROOT_PASS} flush-privileges
　　vagrant ssh controller
　　1. Installation of OpenStack Identity service is done by specifying the keystone package in Ubuntu, and we do this as follows:
　　sudo apt-get update
sudo apt-get -y install keystone python-keyring
　　2. create the keystone database in MySQL
　　MYSQL_ROOT_PASS=openstack
mysql -uroot -p$MYSQL_ROOT_PASS -e "CREATE DATABASE keystone;"
　　3. create a user specific to OpenStack Identity service
　　MYSQL_ROOT_PASS=openstack
mysql -uroot -p$MYSQL_ROOT_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%';"
mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'keystone'@'%' = PASSWORD('$MYSQL_ROOT_PASS')"
　　4. edit /etc/keystone/keystone.conf to configure OpenStack Identity service to use the database, change the sql_connection line to match the database credentials.
　　MYSQL_HOST=172.16.0.200
sudo sed -i "s#^connection.*#connection = mysql://keystone:openstack@172.16.0.200/keystone#" /etc/keystone/keystone.conf
　　5. let a super-user admin token resides in the /etc/keystone/keystone.conf file.
　　sudo sed -i "s/^# admin_token.*/admin_token = ADMIN" /etc/keystone/keystone.conf
　　6. disable the PKI infrastructure to cryptographically sign the tokens.
　　sudo sed -i "s/^#token_format.*/token_format = UUID" /etc/keystone/keystone.conf
　　7. restart the keystone service
　　sudo stop keystone
sudo start keystone
　　8. populate the keystone database with the required tables
　　sudo keystone-manage db_sync
　　Creating tenants
　　Getting ready
　　install keystoneclient toll on an Ubuntu client, to manage our OpenStack Identity service
　　vagrant ssh controller
　　sudo apt-get update
sudo apt-get -y install python-keystoneclient
　　Ensure that we have our environment set correctly to access our OpenStack environment for administrative purposes:
　　export ENDPOINT=172.16.172.200
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=http://${ENDPOINT}:35357/v2.0
　　1. create a tenant called cookbook
　　keystone tenant-create --name cookbook --description "Default Cookbook Tenant --enable true
　　2. create an admin tenant
　　keystone tenant-create --name cookbooc --description "Admin Tenant" --enabled true
　　Configuring roles
　　1. create the admin role
　　keystone role-create --name admin
　　2. create the member role
　　keystone role-create --name Member
　　Adding users
　　1. get the cookbook tenant ID
　　TENANT_ID=$(keystone tenant-list | awk '/\ cookbook \ / {print $2}')
　　2. create the admin user in the cookbook tenant
　　PASSWORD=openstack
　　keystone user-create --name admin --tenant_id $TENANT_ID --pass $PASSWORD --email root@localhost --enabled true
　　3. get the admin role id
　　ROLE_ID=$(keystone role-list | awk '/\ admin\ / {print $2}')
　　4. get the user id
　　USER_ID=$(keystone user-list | awk '/\ admin\ / {print $2}')
　　5. assign role to uer
　　keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID
　　Defineing service endpoints
　　Each of the services in our cloud environment runs on a particular URL and port-these are the endpoint address of our services. When a client communicates with our OpenStack environment that runs OpenStack Identity service, it is this service that returns the endpoint URLs, which the user can then use in an OpenStack environment. To enable this feature, we must define these endpoints. In a cloud environment though, we can define multiple regions. Regions can be thought of as different datacenters, which would imply that they would have different URLs or IP addresses. Under OpenStack Identiry service, we can define these URL endpoints separately for each region. As we only have a single environment, we will reference this as RegionOne.
　　Getting ready
vagrant ssh controller
　　sudo apt-get update
sudo apt-get -y install python-keystoneclient
　　export ENDPOINT=172.16.0.200
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=http://${ENDPOINT}:35357/v2.0
　　steps:
　　1. define the actual services that OpenStack Identity service needs to know about in our environment
　　# OpenStack Compute Nova API Endpoint
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
　　# OpenStack Compute EC2 API Endpoint
keystone service-create --name ec2 --type ec2 --description 'EC2 Service'
　　# Glance Image Service Endpoint
keystone service-create --name glance --type image --description 'OpenStack Image Service'
　　# Keystone Identity Service Endpoint
keystone service-create --name keystone --type identity --description 'OpenStack Identity Service'
　　# Cinder Block Storage Endpoint
keystone service-create --name volume --type volume --description 'Volume Service'
　　2. add service endpoint URLs services run on.
　　# OpenStack Compute Nova API
　　NOVA_SERVICE_ID=$(keystone service-list | awk '/\ nova\ / {print $2}')
　　PUBLIC="http://$ENDPOINT:8774/v2/\$(tenant_id)s"
ADMIN=$PUBLIC
INTERNAL=$PUBLIC
　　keystone endpoint-create --region RegionOne --service_id $NOVA_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL
　　3. define the rest of our service endpoints
　　# OpenStack Compute EC2 API
　　EC2_SERVICE_ID=$(keystone service-list | awk '/\ ec2\ / {print $2}')
　　PUBLIC="http://$ENDPOINT:8773/services/Cloud"
ADMIN="http://$ENDPOINT:8773/services/Admin"
INTERNAL=$PUBLIC
　　keystone endpoint-create --region RegionOne --service_id $EC2_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL
　　# Glance Image Service
　　GLANCE_SERVICE_ID=$(keystone service-list | awk '/\ glance\ / {print $2}')
　　PUBLIC="http://$ENDPOINT:9292/v1"
ADMIN=$PUBLIC
INTERNAL=$PUBLIC
　　keystone endpoint-create --region RegionOne --service_id $GLANCE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL
　　# Keystone OpenStack Identity Service
　　KEYSTONE_SERVICE_ID=$(keystone service-list | awk '/\ keystone\ / {print $2}')
PUBLIC="http://$ENDPOINT:5000/v2.0"
ADMIN="http://$ENDPOINT:35357/v2.0"
INTERNAL=$PUBLIC
　　keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL
　　#Cinder Block Storage ServiceService
　　CINDER_SERVICE_ID=$(keystone service-list | awk '/\ volume\ / {print $2}')
　　PUBLIC="http://$ENDPOINT:8776/v1/%(tenant_id)s"
ADMIN=$PUBLIC
INTERNAL=$PUBLIC
　　keystone endpoint-create --region RegionOne --service_id $CINDER_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL
　　Creating the service tenant and service users
　　With the service endpoints created, we can now configure them so that our OpenStack services can utilize them. To do this, each service is configured with a username and password within a special service tenant. Configuring each service to have their own username and password allows for greater security, troubleshooting and, auditing within our environment. For each service that uses OpenStack Identity service for authentication and authorization, we then specify these details in their relevant configuration file, when setting up that service. Each service itself has to authenticate with keystone in order for it to be available within OpenStack. Configuration of that service is then done using these credentials. For example, for glance we specify the following in /etc/glance/glance-registry-api.ini, when used with OpenStack Identity service, which matches what we created previously:
　　[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 172.16.0.200
service_port = 5000
auth_host = 172.16.0.200
auth_port = 35357
auth_protocol = http
auth_uri = http://172.16.0.200:5000/
admin_tenant_name = service
admin_user = glance
admin_password = glance
　　Getting ready
　　vagrant ssh controller
　　sudo apt-get update
sudo apt-get -y install python-keystoneclient
　　export ENDPOINT=172.16.0.200
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=http://${ENDPOINT}:35357/v2.0
　　Configure an appropriate service tenant:
　　1. create the tenant service
　　keystone tenant-create --name service --description "Service Tenant" --enabled true
　　2. record the ID of the service tenant
　　SERVICE_TENANT_ID=$(keystone tenant-list | awk '/\ service\ / {print $2}')
　　3. create the user account
　　keystone user-create --name nova --pass nova --tenant_id $SERVICE_TENANT_ID --email nova@localhost --enable true
　　4. create other user accounts
　　keystone user-create --name glance --pass glance --tenant_id $SERVICE_TENANT_ID --email glance@localhost --enable true
keystone user-create --name keystone --pass keystone --tenant_id $SERVICE_TENANT_ID --email keystone@localhost --enable true
keystone user-create --name cinder --pass cinder --tenant_id $SERVICE_TENANT_ID --email cinder@localhost --enable true
　　5. assign users and admin role in the service tenant.
　　NOVA_USER_ID=$(keystone user-list | awk '/\ nova\ / {print $2}')
ADMIN_ROLE_ID=$(keystone role-list | awk '/\ admin\ / {print $2}')
keystone user-role-add --user $NOVA_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID
　　6. repeat step 5 for other service users
　　GLANCE_USER_ID=$(keystone user-list | awk '/\ glance\ / {print $2}')
keystone user-role-add --user $GLANCE_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID
　　KEYSTONE_USER_ID=$(keystone user-list | awk '/\ keystone\ / {print $2}')
keystone user-role-add --user $KEYSTONE_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID
　　CINDER_USER_ID=$(keystone user-list | awk '/\ cinder \ / {print $2}')
keystone user-role-add --user $CINDER_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID