Openstack lab document
A, Base node
1.1 Network Configuration
vim /etc/sysconfig/network-scripts/ifcfg-eth0
1.2 turn off the firewall and selinux
systemctl stop firewalld
systemctl disabled firewalld
vim / etc / sysconfig / selinux --------------------------- the enforcing to disabled
1.3 Time Synchronization Server build
vim /etc/chrony.conf
server ip address ## server address
local stratum 10 ## uncommented
allow the network address of the network segment to allow ##
systemctl restart chronyd ## to restart the service
systemctl enable chronyd ## from Kai Services
1.4 build DNS service
yum -y install bind ## to install the software
vim /etc/named.conf ## to modify the configuration file
options {
listen-on port 53 { any; };
directory "/var/named";
allow-query { any; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "xiaoai.edu" IN {
type master;
file "xiaoai.db";
};
zone "16.172.in-addr.arpa" IN {
type master;
file "db.xiaoai";
vim /var/named/xiaoai.db ## positive solution to edit the configuration file
$TTL 3H
@ IN SOA dns1.xiaoai.edu. root.blue.edu. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xiaoai.edu.
dns1 IN A 172.16.4.100
base IN A 172.16.4.100
ctrl IN A 172.16.4.101
com1 IN A 172.16.4.102
com2 IN A 172.16.4.103
cin1 IN A 172.16.4.104
cin2 IN A 172.16.4.105
swift1 IN A 172.16.4.106
swift2 IN A 172.16.4.107
vim /var/named/db.xiaoai ## anti-edit solution profiles
$TTL 3H
@ IN SOA dns1.xiaoai.edu. root.xiaoai.edu. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xiaoai.edu.
100.4 IN PTR dns1.xiaoai.edu.
100.4 IN PTR base.xiaoai.edu.
101.4 IN PTR ctrl.xiaoai.edu.
102.4 IN PTR com1.xiaoai.edu.
103.4 IN PTR com2.xiaoai.edu.
104.4 IN PTR cin1.xiaoai.edu.
105.4 IN PTR cin2.xiaoai.edu.
106.4 IN PTR swift1.xiaoai.edu.
107.4 IN PTR swift2.xiaoai.edu.
systemctl enable named ## from Kai Services
systemctl restart named ## to restart the service
nslookuo base.xiaoai.edu ## resolved under
1.5 Database
yum -y install mariadb mariadb-server python2-PyMySQL
systemctl restart mariadb.service
systemctl enable mariadb.service
mysql_secure_installation ## to initialize the database
mysql -uroot -p123 ## landing database
select user,host from mysql.user;
vim /etc/my.cnf.d/openstack.cnf ## to modify the environment
[mysqld]
bind-address = 172.16.3.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
1.6rabbitmq build
yum install rabbitmq-server -y
systemctl start rabbitmq-server
systemctl enable rabbitmq-server
netstat -lantu | grep 5672
rabbitmqctl change_password guest guest ## Change Password
rabbitmq-plugins enable rabbitmq_management ## from Kai Services
systemctl restart rabbitmq-server ## to restart the service
netstat -lantu | grep 15672
Log ip: 15672 verification (guest guest)
1.7memcached build
yum install memcached python-memcached -y
vim /etc/sysconfig/memcached
OPTIONS = "- l 127.0.0.1, :: 1, controller" ## content
systemctl enable memcached.service
systemctl start memcached.service
keystone database creation
mysql -uroot -p123
CREATE DATABASE keystone; ## create Keystone database
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
## Create a keystone user, password KEYSTONE_DBPASS, and unauthorized access keystone database
Glance Database Creation
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
Nova Database Creation
CREATE DATABASE nova_api;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;
Cinder database creation
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
SHOW DATABASES;
Two, Ctrl node
2.1 software installation necessary
yum -y install python-openstackclient ## python package installation
yum -y install openstack-selinux ## python module mounting
yum -y install openstack-keystone httpd mod_wsgi
2.2 and associated databases do
vim /etc/keystone/keystone.conf ## through the password to access the database of the base node keystone , make the connection to the database component keystone, token encryption method employed fernet
[database]
Connection = mysql+pymysql://keystone:[email protected]/keystone
[token]
provider = fernet
su -s / bin / sh -c "keystone-manage db_sync" keystone ## sync data
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
## to be encrypted keystone user and group resides
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
## to keystone user profile credentials
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://ctrl.blue.edu:35357/v3/ \
--bootstrap-internal-url http://ctrl.blue.edu:5000/v3/ \
--bootstrap-public-url http://ctrl.blue.edu:5000/v3/ \
--bootstrap-region-id RegionOne
## to the keystone statement channel access point settings , password ADMIN_PASS
2.3 to keystone provide http service
vim /etc/httpd/conf/httpd.conf
serverName ctrl.xiaoai.edu
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
## soft connection is established, when each of the components certified to do registration, the default token + URL access to the HTTP service form
2.4 Statement environment variable
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://ctrl.blue.edu:35357/v3
export OS_IDENTITY_API_VERSION=3
2.5openstack environment settings
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user
## Create a user password, create roles, to the user under the demo project gives user roles; create a service project non-administrator task application projects and non-privileged user in the default domain. Demo project created in defalut domain creation demo user password DEMO_PASS; create user roles User roles will be added to the demo project and demo users
2.6 openstack edit the configuration file
cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.ds.bak
vim /etc/keystone/keystone-paste.ini
[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
## Delete multiple functional modules : admin_token_auth
2.7 Cancellation way password login environment variables
unset OS_AUTH_URL OS_PASSWORD
## changed the way token
2.8 get the token admin
openstack --os-auth-url http://ctrl.blue.edu:35357/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name admin \
--os-username admin token issue
ADMIN_PASS
2.9 acquire demo of token
openstack --os-auth-url http://ctrl.blue.edu:5000/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name demo \
--os-username demo token issue
DEMO_PASS
2.10 administrator for token generation script
vim ~/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://ctrl.blue.edu:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.11 ordinary users access token script
Vim ~/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://ctrl.blue.edu:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.12 executes the script get token
.admin-openrc
openstack token issue
.demo-openrc
openstack token issue
crtl node glance Configuration
3.1 execute scripts
.admin-openrc
3.2 Creating
openstack user create --domain default --password GLANCE_PASS glance
openstackc rloe add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://ctrl.blue.edu:9292
openstack endpoint create --region RegionOne image internal http://ctrl.blue.edu:9292
openstack endpoint create --region RegionOne image admin http://ctrl.blue.edu:9292
## Create a user password GLANCE GLANCE_PASS; grant glance admin privileges; create glance service; service-based registered three kinds of channel endpoint
3.3 Installation Services glance
yum -y install openstack-glance
3.4 Profile Editor
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
## api: configure a connection to the database; keystone authentication and set the IP route administrator user admin user uri component url
Use password authentication; authentication GLance username and password; configuration user name and password; pate_deploy; flavor: Examples of types keystone; glance_store: setting storage, the storage path
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste-deploy]
flavor= keystone
## configure a connection to the database ; and keystone authentication, IP path provided administrator user admin uri groups among users url
Use password authentication ; authentication GLance Username Password; configure the user name and password ; type setting examples
3.5 Database Synchronization
su -s /bin/sh -c "glance-manage db_sync" glance
3.6 Start Service
systemctl restart openstack-glance-api.service
systemctl enalbe openstack-glance-api.service
systemctl restart openstack-glance-registry.server
systemctl enalbe openstack-glance-registry.server
3.6 startup environment
. admin-openrc
3.7 Download Mirror
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86-disk.img
3.8 Upload Mirror
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
3.9 View Mirror
openstack image list
C TRL node N OVA node structures
4.1 Environment Variables
. admin-openrc
Set 4.2
openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://ctrl.blue.edu:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://ctrl.blue.edu:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://ctrl.blue.edu:8774/v2.1
openstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://ctrl.blue.edu:8778
openstack endpoint create --region RegionOne placement internal http://ctrl.blue.edu:8778
openstack endpoint create --region RegionOne placement admin http://ctrl.blue.edu:8778
4.3 Installing the software
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
4.4 edit the configuration file
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
connection = mysql+pymysql://nova:[email protected]/nova
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 172.16.4.102
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://ctrl.xiaoai.edu:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ctrl.xiaoai.edu:35357/v3
username = placement
password = PLACEMENT_PASS
4.5 Coordination file
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
4.6 generate database table
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
4.7 verification
nova-manage cell_v2 list_cells
4.8 Restart Services
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
Three, C ompute node N OVA-Compute node
5.1 install virtualization software
yum -y install qemu-kvm* virt-* libvirt*
O OpenStack install version 5.2
yum -y install centos-release-openstack-ocata
O install version 5.3 openstack
yum -y install openstack-nova-compute
5.4 nova edit the configuration file
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.blue.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 172.16.3.12
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://ctrl.xiaoai.edu:6080/vnc_auto.html
[glance]
api_servers = http://ctrl.xiaoai.edu:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ctrl.xiaoai.edu:35357/v3
username = placement
password = PLACEMENT_PASS
[libvirt]
virt_type = qemu
5.5 query whether CPU normally open
grep -c '(vmx|svm)' /proc/cpuinfo
5.6 Restart Services
systemctl restart libvirtd
systemctl enable libvirtd
systemctl restart openstack-nova-compute.service
systemctl enable openstack-nova-compute.service
Back ctrl node validation 5.7
. admin-openrc
openstack hypervisor list
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
openstack compute service list
openstack catalog list
openstack image list
## operating environment; see list of virtualization layer; found synchronize to the host database; see a list of computing services; API endpoint lists the Identity (entity) service, and services to verify the connection with Idientity (entities); service to view mirror mirror, the mirror and services to verify the connection
Ctrl node Cinder build
6.1 Operating Environment
. admin-openrc
Set 6.2
openstack user create --domain default --password CINDER_PASS cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Black Storage" volume
openstack service create --name cinderv2 --description "OpenStack Black Storage" volumev2
openstack endpoint create--region RegionOne volume public http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s
openstack endpoint create--region RegionOne volume admin http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s
openstack endpoint create--region RegionOne volume internal http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s
6.3 Installing the software
yum -y install openstack-cinder
6.4 edit the configuration file
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:[email protected]/cinder
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[DEFALUT]
my_ip = 172.16.4.101
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
6.5 synchronous database
su -s /bin/sh -c "cinder-manage db sync" cinder
Table ## Total 34
6.6 edit the configuration file
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
## in nova specify the location of cinder
6.7 Restart nova
systemctl restart openstack-nova-api.service
6.8 Restart cinder
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
6.9 Operating Environment
. admin-openrc
6.10 View Status
cinder service list
openstack volume service list
Four, cinder node cinder build
7.1 hostname
cm-1
7.2 Installing the software
yum -y install lvm2
7.3 Start software
systemctl restart lvm2-lvmetad.service
systemctl enable lvm2-lvmetad.service
7.4 Production lvm disk format
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb
7.5 Change profile
vim /etc/lvm/lvm.conf ## 50 rows
devices {
filter = [ "a/vda/", "a/vdb/", "r/.*/"]
7.6 Installing software
yum -y install openstack-cinder targetcli python-keystone
7.7 edit the configuration file
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:[email protected]/cinder
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[DEFALUT]
my_ip = 172.16.4.104
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[DEFAULT]
enabled_backends = lvm
[DEFAULT]
glance_api_servers = http://ctrl.xiaoai.edu:9292
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
7.8 Restart Services
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service