|
|
Cloud in Action: Install OpenStack Ocata from scratch
薛国锋 xueguofeng2011@gmail.com
OpenStack can control and manage large pools of compute, storage, and networking resources throughout a datacenter, througha dashboard or via the OpenStack API, and work with popular enterprises and open source technologies making it ideal for heterogeneous infrastructure. Exercising OpenStack can greatly grow our knowledge and skills on IT/DC and Cloud. Today we are going to install OpenStack from scratch and get some hands-on experiences with some of its key services. Below is the physical and logical network design :
The simplest architecture is deployed here for us to have a fast and overall understanding for OpenStack:
- Adopt Ubuntu Desktop (ubuntu-16.04.3-desktop-amd64.iso) for easy configuration:
https://www.ubuntu.com/download/desktop
- Adopt OpenStack Ocata release and Canonical’s Ubuntu Cloud archive repository for Ubuntu 16.04 (LTS): https://docs.openstack.org/ocata/install-guide-ubuntu/InstallGuide.pdf
- Adopt ‘Nested Virtualization’ to build a minimum OpenStack system and launch instances on top of VMs: 1 controller node(VM) and 2 compute nodes(VM) without block and object storage nodes; networking agents reside on the controller node instead of one or more dedicated network nodes; adopt the Networking Option 1 to provide a DHCP service for launched instances, and bridge VMs and virtual networks to physical networks which actually provide layer-3 routing services; LBaaS and FWassS arenot supported in this option.
- The controller node runs the Identity service, Image service, management portions of Compute, management portion of Networking, various Networking agents, and the Dashboard. It also includes supporting services such as an SQL database, message queue, and NTP.
- The compute node runs the hypervisor portion of Compute that operates instances. By default, Compute uses the KVM hypervisor. The compute node also runs a Networking service agent that connects instances to virtual networks and provides firewalling services to instances via security groups. 2 compute nodes are deployed in this test.
- Two VMnets are created:VMnet1(192.168.100.0/24, No DHCP and IP GW by VMware Workstation) simulates the physical network connecting the lanuched VMs with DC_GW(192.168.100.111/24,10.0.0.111/24), also linked to VMnet8(10.0.0.0/24, IP GW:10.0.0.2, DHCP: 10.0.0.128~ 10.0.0.254) which serves as both the management network and Internet. The IP addr of DNS is 10.0.1.1.
1 Configure GNS3 for DC GW
2 Basic configuration
3 NTP – Chrony
4 OpenStack packages
5 SQL database - MariaDB
6 Message queue – RabbitMQ
7 Memcached
8 Identity service –Keystone
9 Image service – Glance
10 Compute service – Nova
11 Networking service –Neutron
12 Dashboard - Horizon
13 Lanuch instances
Main blockers
1 Configure GNS3 for DC GW
2 Basic configuration
Basic configuration
| controller
| compute1
| compute2
| ///////////////////// Create VMs
| user/pw: gset/ipcc2014
c:\xgf\OpenStack\controller
8.192 GB MEM
4 Processors with Virtualize Intel VT-x/EPT
30GB HD
Network Adapter(eth0): NAT
Network Adapter2(eth1):Host-only
| user/pw: gset/ipcc2014
c:\xgf\OpenStack\compute1
4.096 GB MEM
2 Processors with Virtualize Intel VT-x/EPT
20GB HD
Network Adapter(eth0): NAT
Network Adapter2(eth1):Host-only
| user/pw: gset/ipcc2014
c:\xgf\OpenStack\compute2
4.096 GB MEM
2 Processors with Virtualize Intel VT-x/EPT
20GB HD
Network Adapter(eth0): NAT
Network Adapter2(eth1):Host-only
| System settings/brightness&lock – uncheck ‘Lock’
CTRL+ALT+T / Terminal / Edit / Profile Preferences / Terminal Size: 80 x 40
///////////////////// Upgrade Ubuntu Software
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
///////////////////// Install VMware Tools
sudo mkdir /mnt/cdrom
Reinstall VMware Tools by VMware Workstation
sudo mount /dev/cdrom /mnt/cdrom
cd /mnt/cdrom
sudo cp VMwareTools-10.1.6-5214329.tar.gz /opt
cd /opt
sudo tar -xvzf VMwareTools-10.1.6-5214329.tar.gz
cd vmware-tools-distrib
sudo ./vmware-install.pl
///////////////////// Change interace names to eth0, eth1, eth2….
sudo gedit /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
sudo update-grub
sudo grub-mkconfig -o /boot/grub/grub.cfg
///////////////////// Configure name resolution
sudo gedit /etc/hosts
127.0.0.1 localhost
10.0.0.11 controller
10.0.0.31 compute1
10.0.0.32 compute2
| ///////////////////// Configure interfaces, IP Addr and DNS
| sudo gedit /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.0.0.11
netmask 255.255.255.0
gateway 10.0.0.2
dns-nameserver 10.0.1.1
auto eth1
iface eth1 inet manual
| sudo gedit /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.0.0.31
netmask 255.255.255.0
gateway 10.0.0.2
dns-nameserver 10.0.1.1
auto eth1
iface eth1 inet manual
| sudo gedit /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.0.0.32
netmask 255.255.255.0
gateway 10.0.0.2
dns-nameserver 10.0.1.1
auto eth1
iface eth1 inet manual
| ///////////////////// Configure hostnames
sudo gedit /etc/hostname
| controller
| compute1
| compute2
| ///////////////////// Install openssh & git
sudo apt-get install openssh-server
sudo apt-get install openssh-client
sudo apt-get install sysv-rc-conf
sudo sysv-rc-conf ssh on
sudo sysv-rc-conf --list | grep ssh
netstat -ta | grep ssh
sudo apt-get install git-core
|
3 NTP – Chrony
Network Time Protocl – NTP
| controller
| compute1
| compute2
|
///////////////////// Install Chrony to synchronize services among nodes
| sudo apt-get install chrony
sudo gedit /etc/chrony/chrony.conf
allow 10.0.0.0./24 // put at the first line
sudo service chrony restart
| sudo apt-get install chrony
sudo gedit /etc/chrony/chrony.conf
server controller iburst // put at the first line
# pool 2.debian.pool.ntp.org offline iburst // comment out
sudo service chrony restart
| sudo apt-get install chrony
sudo gedit /etc/chrony/chrony.conf
server controller iburst // put at the first line
# pool 2.debian.pool.ntp.org offline iburst // comment out
sudo service chrony restart
| ///////////////////// Verify operation
|
4 OpenStack packages
OpenStack packages
| controller
| compute1
| compute2
| ///////////////////// For all nodes: controller, compute and block storage….
sudo apt-get install software-properties-common
sudo add-apt-repository cloud-archive:ocata
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install python-openstackclient
|
5 SQL database - MariaDB
SQL database
| controller
| compute1
| compute2
| ///////////////////// Install and Run MySQL
sudo apt-get install mariadb-server python-pymysql
sudo gedit /etc/mysql/mariadb.conf.d/99-openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
sudo service mysql restart
sudo mysqladmin -u root password ipcc2014 // for database root user
sudo mysql_secure_installation
netstat -tnlp | grep 3306
///////////////////// Set password for Linux root user
sudo passwd // set ‘ipcc2014’
su root // enter the root mode
#mysql // the root user no longer uses a password for local access to MySQL server
MariaDB [(none)]>
show databases;
use mysql;
show tables;
|
|
|
6 Message queue – RabbitMQ
Message queue
| Controller
| compute1
| compute2
| ///////////////////// Install RabbitMQ
sudo apt-get install rabbitmq-server
sudo rabbitmqctl add_user openstack ipcc2014
sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"
|
|
|
7 Memcached
Memcached
| Controller
| compute1
| compute2
| ///////////////////// Install Memcached
sudo apt-get install memcached python-memcache
sudo gedit /etc/memcached.conf
-l 10.0.0.11
sudo service memcached restart
|
|
|
8 Identity service –Keystone
Identity service
| controller
| compute1
| compute2
| ///////////////////// Create a database
su root // enter the root mode
#mysql
MariaDB [(none)]>
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'ipcc2014';
///////////////////// Install Keystone
sudo apt-get install keystone
sudo gedit /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:ipcc2014@controller/keystone
[token]
provider = fernet
sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
sudo keystone-manage bootstrap --bootstrap-password ipcc2014 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
sudo gedit /etc/apache2/apache2.conf
ServerName controller // put in the first line
sudo service apache2 restart
sudo rm -f /var/lib/keystone/keystone.db
export OS_USERNAME=admin
export OS_PASSWORD=ipcc2014
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo // ipcc2014
openstack role create user
openstack role add --project demo --user demo user
|
|
| ///////////////////// Verify operation
sudo gedit /etc/keystone/keystone-paste.ini
// remove ‘admin_token_auth’ from the
[pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
gedit admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ipcc2014
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
gedit demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=ipcc2014
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
. admin-openrc
openstack token issue
. demo-openrc
openstack token issue
|
// copy ‘admin-openrc’
// copy ‘demo-openrc’
|
// copy ‘admin-openrc’
// copy ‘demo-openrc’
|
9 Image service – Glance
Image service
| Controller
| compute1
| compute2
| ///////////////////// Create a database
su root // enter the root mode
#mysql
MariaDB [(none)]>
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'ipcc2014';
. admin-openrc
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
///////////////////// Install Glance
sudo apt-get install glance
sudo gedit /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:ipcc2014@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = ipcc2014
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
sudo gedit /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:ipcc2014@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = ipcc2014
[paste_deploy]
flavor = keystone
sudo su -s /bin/sh -c "glance-manage db_sync" glance
sudo service glance-registry restart
sudo service glance-api restart
///////////////////// Verify operation
///////////////////// Download the source image – ‘cirros’
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
///////////////////// Upload to image service using the QCOW2 disk format
. admin-openrc
openstack image create "cirros_0_3_5" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
|
|
|
10 Compute service – Nova
Compute service
| Controller
| compute1
| compute2
| ///////////////////// Create a database
su root // enter the root mode
#mysql
MariaDB [(none)]>
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'ipcc2014';
. admin-openrc
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
///////////////////// Install Nova
sudo apt-get install nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler nova-placement-api
sudo gedit /etc/nova/nova.conf
[api_database]
connection = mysql+pymysql://nova:ipcc2014@controller/nova_api
# connection=sqlite:////var/lib/nova/nova.sqlite // comment out
[database]
connection = mysql+pymysql://nova:ipcc2014@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:ipcc2014@controller
my_ip = 10.0.0.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#log_dir=/var/log/nova // comment out
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = ipcc2014
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
# lock_path=/var/lock/nova // comment out
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = ipcc2014
# os_region_name = openstack // comment out
sudo su -s /bin/sh -c "nova-manage api_db sync" nova
sudo su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
sudo su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
sudo su -s /bin/sh -c "nova-manage db sync" nova
sudo nova-manage cell_v2 list_cells
sudo service nova-api restart
sudo service nova-consoleauth restart
sudo service nova-scheduler restart
sudo service nova-conductor restart
sudo service nova-novncproxy restart
sudo ufw disable // open port 5672 for MQ server
sudo ufw status
sudo su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
sudo su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
|
egrep -c '(vmx|svm)' /proc/cpuinfo
2
///////////////////// Install Nova
sudo apt-get install nova-compute
sudo gedit /etc/nova/nova.conf
[DEFAULT]
transport_url = rabbit://openstack:ipcc2014@controller
my_ip = 10.0.0.31
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#log_dir=/var/log/nova // comment out
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = ipcc2014
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
# lock_path=/var/lock/nova // comment out
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = ipcc2014
# os_region_name = openstack // comment out
[libvirt]
hw_machine_type = "x86_64=pc-i440fx-xenial,i686=pc-i440fx-xenial"
sudo service nova-compute restart
cat /var/log/nova/nova-compute.log
|
egrep -c '(vmx|svm)' /proc/cpuinfo
2
///////////////////// Install Nova
sudo apt-get install nova-compute
sudo gedit /etc/nova/nova.conf
[DEFAULT]
transport_url = rabbit://openstack:ipcc2014@controller
my_ip = 10.0.0.32
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#log_dir=/var/log/nova // comment out
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = ipcc2014
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
# lock_path=/var/lock/nova // comment out
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = ipcc2014
# os_region_name = openstack // comment out
[libvirt]
hw_machine_type = "x86_64=pc-i440fx-xenial,i686=pc-i440fx-xenial"
sudo service nova-compute restart
cat /var/log/nova/nova-compute.log
| ///////////////////// Verify operation
. admin-openrc
openstack hypervisor list
openstack compute service list
openstack catalog list
sudo nova-status upgrade check
|
11 Networking service –Neutron
Networking service
| controller
| compute1
| compute2
| ///////////////////// Create a database
su root // enter the root mode
#mysql
MariaDB [(none)]>
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'IDENTIFIED BY 'ipcc2014';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'IDENTIFIED BY 'ipcc2014';
. admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
///////////////////// Install Neutorn
sudo apt-get install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
sudo gedit /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:ipcc2014@controller/neutron
# connection = sqlite:////var/lib/neutron/neutron.sqlite // comment out
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:ipcc2014@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = ipcc2014
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = ipcc2014
sudo gedit /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
sudo gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sudo gedit /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
sudo gedit /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = ipcc2014
sudo gedit /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = ipcc2014
service_metadata_proxy = true
metadata_proxy_shared_secret = ipcc2014
sudo su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
sudo service nova-api restart
sudo service neutron-server restart
sudo service neutron-linuxbridge-agent restart
sudo service neutron-dhcp-agent restart
sudo service neutron-metadata-agent restart
|
///////////////////// Install Neutorn
sudo apt-get install neutron-linuxbridge-agent
sudo gedit /etc/neutron/neutron.conf
[database]
# connection = sqlite:////var/lib/neutron/neutron.sqlite // comment out
[DEFAULT]
transport_url = rabbit://openstack:ipcc2014@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = ipcc2014
sudo gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sudo gedit /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = ipcc2014
sudo service nova-compute restart
sudo service neutron-linuxbridge-agent restart
|
///////////////////// Install Neutorn
sudo apt-get install neutron-linuxbridge-agent
sudo gedit /etc/neutron/neutron.conf
[database]
# connection = sqlite:////var/lib/neutron/neutron.sqlite // comment out
[DEFAULT]
transport_url = rabbit://openstack:ipcc2014@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = ipcc2014
sudo gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sudo gedit /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = ipcc2014
sudo service nova-compute restart
sudo service neutron-linuxbridge-agent restart
| ///////////////////// Verify operation
. admin-openrc
openstack extension list –network
openstack network agent list
|
12 Dashboard - Horizon
Dashboard
| Controller
| compute1
| compute2
| ///////////////////// Install Horizon
sudo apt-get install openstack-dashboard
sudo gedit /etc/openstack-dashboard/local_settings.py
#OPENSTACK_HOST = "127.0.0.1" // comment out
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ] // at the beginning, not Ubuntu Settings
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' // the memcached session
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
#OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST // comment out
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False // comment out
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' // comment out
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" // comment out
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
# 'enable_router': True,
# 'enable_quotas': True,
# 'enable_ipv6': True,
# 'enable_distributed_router': False,
# 'enable_ha_router': False,
# 'enable_lb': True,
# 'enable_firewall': True,
# 'enable_vpn': True,
# 'enable_fip_topology_check': True, // comment out
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
TIME_ZONE = "UTC"
sudo chown www-data:www-data /var/lib/openstack-dashboard/secret_key
sudo gedit /etc/apache2/conf-available/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
sudo service apache2 reload
///////////////////// Verify operation
http://controller/horizon
default/admin/ipcc2014
default/demo/ipcc2014
|
|
|
13 Lanuch instances
Lanuch an instance
| controller
| compute1
| compute2
| ///////////////////// Create the provider network
. admin-openrc
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
///////////////////// Create a subnet on the provider network
openstack subnet create --network provider --allocation-pool start=192.168.100.200,end=192.168.100.220 --dns-nameserver 10.0.1.1 --gateway 192.168.100.111 --subnet-range 192.168.100.0/24 provider
///////////////////// Create m1.nano flavor
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
///////////////////// Add rules for the default security group
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
|
|
| ///////////////////// Verify operation
. admin-openrc
openstack flavor list
openstack image list
openstack network list
openstack security group list
openstack server list
|
|
|
Main blockers
Following the install guide carefully, I have still been confronted with several heavy blockers during theinstallation:
1) The dashboard gives an “internal server error” .
cat /var/log/apache2/error.log : [Sun Oct 2214:42:41.315045 2017] [wsgi:error] [pid 5472:tid 140055544346368] [remote10.0.0.11:36929] IOError: [Errno 13] Permission denied:'/var/lib/openstack-dashboard/secret_key'.
Solved it in Controller Node by:sudo chown www-data:www-data /var/lib/openstack-dashboard/secret_key
https://bugs.launchpad.net/openstack-manuals/+bug/1683594
https://stackoverflow.com/questions/42632130/cant-launch-openstack-horizon-dashboard-ioerror-errno-13-permission-denied
2) No response from the dashboard.
Solved it in Controller Node by: sudo gedit /etc/apache2/conf-available/openstack-dashboard.conf
WSGIApplicationGroup%{GLOBAL}
https://ask.openstack.org/en/question/91352/openstack-mitaka-can-not-access-dashboard/
3) VMs don’t boot and are stuck at "Booting fromHarddisk GRUB" in the console VNC.
Solved it in Compute Nodes by:sudo gedit /etc/nova/nova.conf
[libvirt]
hw_machine_type= "x86_64=pc-i440fx-xenial,i686=pc-i440fx-xenial"
https://ask.openstack.org/en/question/103598/libvirt-vm-does-not-boot-in-ocata-libvirtxml-missing-wrong-owner-for-consolelog/
https://ask.openstack.org/en/question/107212/ocata-vnc-shows-cirros-instance-stuck-at-grub/
In addtion, please be extremely careful with the configuration files of Nova and Neutron; any minor negligence would make the system fail to work and it is very hard and time-consuming to find the reasons.
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-5-30 12:50:37
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡