1. RabbitMQ - 메시징 서비스 설치
$ sudo apt-get install rabbitmq-server
$ sudo rabbitmqctl change_password guest rabbitpass
2. Keystone - Identity 서비스 설치
- 패키지 설치
$ sudo apt-get install keystone python-keystoneclient
- Admin Token을 위한 randome number 생성
$ openssl rand -hex 10
cba5de98ba28e547de77
- keystone.conf 수정
[DEFAULT]
admin_token=cba5de98ba28e547de77
log_dir=/var/log/keystone
[database]
connection = mysql://keystone:keystonedbpass@192.168.0.221/keystone
[signing]
token_format=UUID
- 불필요한 DB 삭제
# sudo rm /var/lib/keystone/keystone.db
- DB 생성
# mysql -u root -p
mysql> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystonedbpass';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystonedbpass';
Query OK, 0 rows affected (0.00 sec)
mysql> exit
- DB Sync 및 서비스 재가동
# sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
# sudo service keystone restart
# export OS_SERVICE_TOKEN=cba5de98ba28e547de77
# export OS_SERVICE_ENDPOINT=http://192.168.0.221:35357/v2.0
- use, tenant, service, endpoint 생성
# keystone user-create --name=admin --pass=adminpass --email=admin@email.com
# keystone role-create --name=admin
# keystone role-create --name=member
# keystone tenant-create --name=admin --description="Admin Tenant"
# keystone user-role-add --user admin --role admin --tenant admin
# keystone user-role-add --user admin --role member --tenant admin
# keystone user-create --name=demo --pass=demopass --email=demo@email.com
# keystone tenant-create --name=demo --description="Demo Tenant"
# keystone user-role-add --user=demo --role=member --tenant=demo
# keystone tenant-create --name=service --description="Service Tenant"
# keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
# keystone endpoint-create --service_id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://192.168.0.221:5000/v2.0 --internalurl=http://192.168.0.221:5000/v2.0 --adminurl=http://192.168.0.221:35357/v2.0
- user, tenant, service, endpoint 확인
# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
# keystone --os-username=admin --os-password=adminpass --os-auth-url=http://192.168.0.221:35357/v2.0 token-get
# keystone --os-username=admin --os-password=adminpass --os-tenant-name=admin --os-auth-url=http://192.168.0.221:35357/v2.0 token-get
# vi admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=adminpass
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.168.0.221:35357/v2.0
# source admin-openrc.sh
# keystone token-get
# keystone user-list
# keystone user-role-list
3. Glance - Image 서비스 설치
- 패키지 설치
# sudo apt-get install glance python-glanceclient
- config 파일 수정
# sudo vi /etc/glance/glance-api.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 192.168.0.221
rabbit_password = rabbitpass
[database]
#sqlite_db = /var/lib/glance/glance.sqlite
connection = mysql://glance:glancedbpass@192.168.0.221/glance
#backend = sqlalchemy
backend = mysql
[keystone_authtoken]
auth_uri = http://192.168.0.221:5000
auth_host = 192.168.0.221
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glancepass
[paste_deploy]
flavor = keystone
# sudo vi /etc/glance/glance-registry.conf
[database]
#sqlite_db = /var/lib/glance/glance.sqlite
connection = mysql://glance:glancedbpass@192.168.0.221/glance
#backend = sqlalchemy
backend = mysql
[keystone_authtoken]
auth_uri = http://192.168.0.221:5000
auth_host = 192.168.0.221
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = glancepass
[paste_deploy]
flavor = keystone
$ sudo rm /var/lib/glance/glance.sqlite
- DB 및 사용자 생성
$ mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glancedbpass';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glancedbpass';
mysql> exit
$ sudo su -s /bin/sh -c "glance-manage db_sync" glance
$ keystone user-create --name=glance --pass=glancepass --email=glance@email.com
$ keystone user-role-add --user=glance --tenant=service --role=admin
- Service 생성 및 서비스 재가동
$ keystone service-create --name=glance --type=image --description="OpenStack Image Service"
$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://192.168.0.221:9292 --internalurl=http://192.168.0.221:9292 --adminurl=http://192.168.0.221:9292
$ sudo service glance-registry restart
$ sudo service glance-api restart
- Image 생성 테스트
# mkdir -p /root/images
# cd /root/images
# wget http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress --file /root/images/cirros-0.3.2-x86_64-disk.img
==> 이미지 실제 위치는 glance-api.conf 의 "filesystem_store_datadir = /var/lib/glance/images/" 파라미터 지정 위치에 저장
# ls -l /var/lib/glance/images
total 12860
-rw-r----- 1 glance glance 13167616 Aug 14 12:44 1a71dcb6-eea7-42e0-b376-745711d18457
# glance image-list
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| 1a71dcb6-eea7-42e0-b376-745711d18457 | cirros-0.3.2-x86_64 | qcow2 | bare | 13167616 | active |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
4. Nova Management 설치
- 패키지 설치
# sudo apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient
- config 설정
$ sudo vi /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 192.168.0.221
rabbit_userid = guest
rabbit_password = rabbitpass
my_ip = 192.168.0.221
vncserver_listen = 192.168.0.221
vncserver_proxyclient_address = 192.168.0.221
auth_strategy = keystone
[database]
connection = mysql://nova:novadbpass@192.168.0.221/nova
[keystone_authtoken]
auth_uri = http://192.168.0.221:5000
auth_host = 192.168.0.221
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = novapass
- DB 및 사용자 생성
$ sudo rm /var/lib/nova/nova.sqlite
$ mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'novadbpass';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'novadbpass';
mysql> exit
$ sudo su -s /bin/sh -c "nova-manage db sync" nova
$ keystone user-create --name=nova --pass=novapass --email=nova@email.com
$ keystone user-role-add --user=nova --tenant=service --role=admin
- Service 및 Endpoint 생성
$ keystone service-create --name=nova --type=compute --description="OpenStack Compute"
$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ compute / {print $2}') --publicurl=http://192.168.0.221:8774/v2/%\(tenant_id\)s --internalurl=http://192.168.0.221:8774/v2/%\(tenant_id\)s --adminurl=http://192.168.0.221:8774/v2/%\(tenant_id\)s
$ sudo service nova-api restart
$ sudo service nova-cert restart
$ sudo service nova-consoleauth restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service nova-novncproxy restart
- 서비스 정상 동작 확인
$ source admin-openrc.sh
$ nova image-list
5. Neutron - Network 서비스 설치
- DB, 사용자, Service 및 Endpoint 생성
$ mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutrondbpass';
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutrondbpass';
mysql> exit
$ keystone user-create --name neutron --pass neutronpass --email neutron@email.com
$ keystone user-role-add --user neutron --tenant service --role admin
$ keystone service-create --name=neutron --type=network --description="OpenStack Networking"
$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ network / {print $2}') --publicurl=http://192.168.0.221:9696 --internalurl=http://192.168.0.221:9696 --adminurl=http://192.168.0.221:9696
- Neutron 패키지 및 Module Layer 2 (ML2) 플러그인 설치
# sudo apt-get install neutron-server neutron-plugin-ml2
- config 수정
# keystone tenant-get service
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 9d337f5193fc49ab80e84bc5ef4eadf1 | <== service tenant의 ID
| name | service |
+-------------+----------------------------------+
# sudo vi /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = 192.168.0.221
rabbit_password = rabbitpass
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.0.221:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = 9d337f5193fc49ab80e84bc5ef4eadf1 <== service tenant의 ID
nova_admin_password = novapass
nova_admin_auth_url = http://192.168.0.221:35357/v2.0
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://192.168.0.221:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = neutronpass
neutron_admin_auth_url = http://192.168.0.221:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = metadatasecret
[database]
connection = mysql://neutron:neutrondbpass@192.168.0.221/neutron
[keystone_authtoken]
auth_uri = http://192.168.0.221:5000
auth_host = 192.168.0.221
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = neutronpass
# sudo vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
- Networking을 사용하는 Compute 서비스 config 구성
# sudo vi /etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://192.168.0.221:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = neutronpass
neutron_admin_auth_url = http://192.168.0.221:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
$ sudo service nova-api restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service neutron-server restart
6. Cinder 서버 설치
- 패키지 설치
$ sudo apt-get install cinder-api cinder-scheduler
- config 수정
$ sudo vi /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend = cinder.openstack.common.rpc.impl_kombu
rabbit_host = 192.168.0.221
rabbit_port = 5672
rabbit_userid = guest
rabbit_password = rabbitpass
[keystone_authtoken]
auth_uri = http://192.168.0.221:5000
auth_host = 192.168.0.221
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = cinderpass
[database]
connection = mysql://cinder:cinderdbpass@192.168.0.221/cinder
- DB 및 사용자 생성
$ mysql -u root -p
mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinderdbpass';
mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinderdbpass';
mysql> exit
$ sudo su -s /bin/sh -c "cinder-manage db sync" cinder
$ source admin-openrc.sh
$ keystone user-create --name=cinder --pass=cinderpass --email=cinder@email.com
$ keystone user-role-add --user=cinder --tenant=service --role=admin
- 서비스 및 endpoint 생성
$ keystone service-create --name=cinder --type=volume --description="OpenStack Block Storage"
$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ volume / {print $2}') --publicurl=http://192.168.0.221:8776/v1/%\(tenant_id\)s --internalurl=http://192.168.0.221:8776/v1/%\(tenant_id\)s --adminurl=http://192.168.0.221:8776/v1/%\(tenant_id\)s
$ keystone service-create --name=cinderv2 --type=volumev2 --description="OpenStack Block Storage v2"
$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ volumev2 / {print $2}') --publicurl=http://192.168.0.221:8776/v2/%\(tenant_id\)s --internalurl=http://192.168.0.221:8776/v2/%\(tenant_id\)s --adminurl=http://192.168.0.221:8776/v2/%\(tenant_id\)s
- 서비스 재가동
$ sudo service cinder-scheduler restart
$ sudo service cinder-api restart
7. Swift Proxy 서버 설치
- 사용자, 서비스 및 endpoint 생성
$ source admin-openrc.sh
$ keystone user-create --name=swift --pass=swiftpass --email=swift@email.com
$ keystone user-role-add --user=swift --tenant=service --role=admin
$ keystone service-create --name=swift --type=object-store --description="OpenStack Object Storage"
$ keystone endpoint-create --service-id=$(keystone service-list | awk '/ object-store / {print $2}') --publicurl='http://192.168.0.221:8080/v1/AUTH_%(tenant_id)s' --internalurl='http://192.168.0.221:8080/v1/AUTH_%(tenant_id)s' --adminurl=http://192.168.0.221:8080
- 사전 준비
$ sudo mkdir -p /etc/swift
$ openssl rand -hex 10
<rand_suffix> <== 145e2e0bde099c923b6d
$ sudo vi /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = <rand_suffix>
# sudo cat /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = 145e2e0bde099c923b6d
*** Storage Node에서 스토리지 부터 구성 후 아래 진행
- 패키지 설치
$ sudo apt-get install swift swift-proxy memcached python-keystoneclient python-swiftclient python-webob
- config 수정
$ sudo vi /etc/memcached.conf
#-l 127.0.0.1
-l 192.168.0.221
$ sudo service memcached restart
$ sudo vi /etc/swift/proxy-server.conf
[DEFAULT]
bind_port = 8080
user = swift
[pipeline:main]
pipeline = healthcheck cache authtoken keystoneauth proxy-server
[app:proxy-server]
use = egg:swift#proxy
allow_account_management = true
account_autocreate = true
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = member,admin,swiftoperator
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = true
# cache directory for signing certificate
signing_dir = /etc/swift/keystone-signing
# auth_* settings refer to the Keystone server
auth_protocol = http
auth_host = 192.168.0.221
auth_port = 35357
# the service tenant and swift username and password created in Keystone
admin_tenant_name = service
admin_user = swift
admin_password = swiftpass
[filter:cache]
use = egg:swift#memcache
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:healthcheck]
use = egg:swift#healthcheck
===== 스토리지 노드 구성 완료 후 수행
$ cd /etc/swift
$ sudo swift-ring-builder account.builder create 18 1 1
$ sudo swift-ring-builder container.builder create 18 1 1
$ sudo swift-ring-builder object.builder create 18 1 1
$ sudo swift-ring-builder account.builder add z1-192.168.0.223:6002/sdb1 100
$ sudo swift-ring-builder container.builder add z1-192.168.0.223:6001/sdb1 100
$ sudo swift-ring-builder object.builder add z1-192.168.0.223:6000/sdb1 100
$ sudo swift-ring-builder account.builder
$ sudo swift-ring-builder container.builder
$ sudo swift-ring-builder object.builder
$ sudo swift-ring-builder account.builder rebalance
$ sudo swift-ring-builder container.builder rebalance
$ sudo swift-ring-builder object.builder rebalance
$ sudo chown -R swift:swift /etc/swift
=====
$ scp /etc/swift/*.ring.gz swift@192.168.0.223:/etc/swift
$ sudo service swift-proxy restart
8. Horizon - Dashboard 설치
- 패키지 설치
$ sudo apt-get install apache2 memcached libapache2-mod-wsgi openstack-dashboard
$ sudo apt-get remove --purge openstack-dashboard-ubuntu-theme
- config 수정
$ sudo vi /etc/memcached.conf
#-l 127.0.0.1
-l 192.168.0.221
$ sudo vi /etc/openstack-dashboard/local_settings.py
------ local_settings.py start
ALLOWED_HOSTS = ['localhost', '192.168.0.221']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : ‘192.168.0.221:11211'
}
}
OPENSTACK_HOST = "192.168.0.221"
------ local_settings.py end
$ sudo service apache2 restart
$ sudo service memcached restart
'IT > openstack' 카테고리의 다른 글
| OpenStack 설치 (5) - Compute 노드 (Cinder, Swift 포함) (0) | 2015.08.19 |
|---|---|
| OpenStack 설치 (4) - Network 노드 (Neutron) (0) | 2015.08.19 |
| OpenStack 설치 (2) - 공통환경 (NTP, MySQL) (0) | 2015.08.19 |
| Openstack 설치 (1) - 사전 작업 (0) | 2015.07.29 |
| Ubuntu 이전 버전의 apt-get 오류 발생 시 (0) | 2015.07.29 |