2
•
IT
• IT
OpenStack Day Taiwan Hadoop Conf
SITCON Conf
•
i.m.a.cNUTCimac
imac-cloud
Agenda
3
•
• Keystone
• Glance
• Nova
• Neutron
• Horizon
• Deploy and Management Tools
• SSCloud
4
Minimal Hardware Requirements
5
Minimal Network Layout
6
Minimal Service Layout
7
Network Topology
8
Network Time Protocol (NTP)
9
NTP
$ sudo apt-get install -y ntp
Controller Server /etc/ntp.conf
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap server 2.tw.pool.ntp.org server 3.asia.pool.ntp.org server 0.asia.pool.ntp.org
Controller /etc/ntp.conf
server controller iburst
Network Time Protocol (NTP)
10
Controller
$ ntpq -c peers +123.204.45.116 59.149.185.193 2 u 196 256 353 158.773 70.671 20.943 *186.211.189.118 203.123.48.219 2 u 215 256 377 59.255 -1.832 2.092 +time.iqnet.com 62.201.207.162 2 u 18 256 377 391.601 4.016 3.642
$ ntpq -c peers *controller 10.0.0.11 3 u 47 64 37 0.308 -0.251 0.079
Ubuntu OpenStack
11
OpenStack
12
Ubuntu 15.04 Repository
Repository
$ sudo apt-get install -y software-properties-common $ sudo add-apt-repository -y cloud-archive:liberty
Repository
$ sudo apt-get update && sudo apt-get -y dist-upgrade
P.S.
SQL database (1/2)
13
OpenStack SQL
Controller
$ sudo apt-get install -y mariadb-server python-mysqldb
/etc/mysql/conf.d/mysqld_openstack.cnf
[mysqld] bind-address = 10.0.0.11
P.S. p@ssw0rd
SQL database (2/2)
14
... default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8
$ sudo service mysql restart $ sudo mysql_secure_installation
P.S. …
Message queue (1/2)
15
OpenStack Message Queue
RabbitMQ Controller
$ sudo apt-get install -y rabbitmq-server
web console
$ sudo rabbitmq-plugins enable rabbitmq_management $ sudo sh -c "echo '[{rabbit, [{loopback_users, []}]}].' > /etc/rabbitmq/rabbitmq.config" $ sudo service rabbitmq-server restart
P.S. http://<ip>:15672 guest/guest
Message queue (2/2)
16
User OpenStack
$ sudo rabbitmqctl add_user openstack <password> Creating user "openstack" ... …done.
User
$ sudo rabbitmqctl set_permissions openstack ".*" ".*" “.*" Setting permissions for user "openstack" in vhost "/" ... ...done.
P.S. p@ssw0rd
17
Keystone
18
Amazon AWS IAM
19
20
API
(1/2)
21
Identity Controller
Database Keystone
$ mysql -u root -p # CREATE DATABASE keystone; # GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; # GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
(2/2)
22
openssl admin token
$ openssl rand -hex 16 1ed64bdb7ebda9ae6d01d811565d4d64
P.S. token
Keystone
23
$ echo "manual" | sudo tee /etc/init/keystone.override
Packaging-Deb apt-get keystone
$ sudo apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache
P.S. Kilo Keystone Eventlet WSGI Server
Keystone (1/3)
24
/etc/keystone/keystone.conf ADMIN_TOKEN
[DEFAULT] admin_token = 1ed64bdb7ebda9ae6d01d811565d4d64
[database]
[database] connection = mysql://keystone:[email protected]/keystone
P.S. connection MySQL Keystone
Keystone (2/3)
25
[memcache]
[memcache] servers = localhost:11211
[token]
[token] provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.memcache.Token
Keystone (3/3)
26
[revoke]
[revoke] driver = keystone.contrib.revoke.backends.sql.Revoke
$ sudo keystone-manage db_sync
P.S. SQLite
Apache2 HTTP (1/3)
27
/etc/apache2/apache2.conf ServerName controller
ServerName controller
/etc/apache2/sites-available/wsgi-keystone.conf
$ sudo vim /etc/apache2/sites-available/wsgi-keystone.conf Listen 5000 Listen 35357
Apache2 HTTP (2/3)
28
<VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> LogLevel info ErrorLog /var/log/apache2/keystone-error.log CustomLog /var/log/apache2/keystone-access.log combined </VirtualHost>
Apache2 HTTP (3/3)
29
<VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> LogLevel info ErrorLog /var/log/apache2/keystone-error.log CustomLog /var/log/apache2/keystone-access.log combined </VirtualHost>
WSGI (1/2)
30
$ sudo ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
WSGI WSGI
$ sudo mkdir -p /var/www/cgi-bin/keystone $ sudo curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/liberty | sudo tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
WSGI(2/2)
31
chown chmod
$ sudo chown -R keystone:keystone /var/www/cgi-bin/keystone $ sudo chmod 755 /var/www/cgi-bin/keystone/*
Apache2 SQLite
$ sudo service apache2 restart $ sudo rm -f /var/lib/keystone/keystone.db
32
export OS_TOKEN admin_token API
URL
$ export OS_TOKEN=1ed64bdb7ebda9ae6d01d811565d4d64 $ export OS_URL=http://10.0.0.11:35357/v2.0
$ openstack service create --name keystone --description "OpenStack Identity" identity
API
33
API
API
$ openstack endpoint create --publicurl http://10.0.0.11:5000/v2.0 \ --internalurl http://10.0.0.11:5000/v2.0 \ --adminurl http://10.0.0.11:35357/v2.0 \ --region RegionOne identity
34
Openstack domains,
projects (tenants), users roles admin Project User
Role
$ openstack project create --description "Admin Project" admin $ openstack user create --password p@ssw0rd --email [email protected] admin $ openstack role create admin $ openstack role add --project admin --user admin admin $ openstack project create --description "Service Project" service
P.S. p@ssw0rd
35
Demo
$ openstack project create --description "Demo Project" demo $ openstack user create --password demo --email [email protected] demo $ openstack role create user $ openstack role add --project demo --user demo user
P.S. demo
36
Keystone
OS_TOKEN OS_URL
$ unset OS_TOKEN OS_URL
admin Identity v2.0 token
$ openstack --os-auth-url http://10.0.0.11:35357 --os-project-name admin --os-username admin --os-auth-type password token issue
P.S. p@ssw0rd
admin client
37
admin demo
admin admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=p@ssw0rd export OS_AUTH_URL=http://10.0.0.11:35357/v3
P.S. p@ssw0rd
user client
38
demo demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://10.0.0.11:5000/v3
P.S. demo
Client
39
source
$ source admin-openrc.sh $ openstack token issue
40
Glance
41
Amazon AWS VM
Import Export
42
43
EX: Ubuntu CoreOS…
(1/2)
44
Image Service Controller
Database
$ mysql -u root -p # CREATE DATABASE glance; # GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance'; # GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
P.S. glance
(2/2)
45
Keystone admin
$ openstack user create --password glance --email [email protected] glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description "OpenStack Image service" image $ openstack endpoint create --publicurl http://10.0.0.11:9292 \ --internalurl http://10.0.0.11:9292 \ --adminurl http://10.0.0.11:9292 --region RegionOne image
P.S. glance
Glance
46
Packaging-Deb apt-get
Glance
$ sudo apt-get install -y glance python-glanceclient
Glance (1/6)
47
/etc/glance/glance-api.conf [DEFAULT]
noop
[DEFAULT] notification_driver = noop
[database]
[database] connection = mysql://glance:[email protected]/glance
P.S. connection MySQL
Glance (2/6)
48
[keystone_authtoken]
[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance
P.S. glance
Glance (3/6)
49
[paste_deploy]
[paste_deploy] flavor = keystone
[glance_store]
[glance_store] default_store = file filesystem_store_datadir = /var/lib/glance/images/
Glance (4/6)
50
/etc/glance/glance-registry.conf [DEFAULT]
noop
[DEFAULT] notification_driver = noop
[database]
[database] connection = mysql://glance:[email protected]/glance
P.S. connection MySQL
Glance (5/6)
51
[keystone_authtoken]
[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance
P.S. glance
Glance (6/6)
52
[paste_deploy]
[paste_deploy] flavor = keystone
/etc/glance/glance-api.conf /etc/glance/glance-registry.conf
SQLite
$ sudo glance-manage db_sync $ sudo service glance-registry restart $ sudo service glance-api restart $ sudo rm -f /var/lib/glance/glance.sqlite
Glance
53
admin-openrc.sh demo-openrc.sh Glance API
$ echo "export OS_IMAGE_API_VERSION=2" | sudo tee -a admin-openrc.sh demo-openrc.sh $ source admin-openrc.sh
Glance
$ wget -P /tmp/images http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img $ glance image-create --name "cirros-0.3.4-x86_64" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
54
Nova
55
Amazon AWS EC2
56
IaaS
57
(1/2)
58
Compute Controller
Compute Controller
$ mysql -u root -p # CREATE DATABASE nova; # GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; # GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
P.S. nova
(2/2)
59
Keystone admin
$ openstack user create --password nova --email [email protected] nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description "OpenStack Compute" compute
$ openstack endpoint create --publicurl http://10.0.0.11:8774/v2/%\(tenant_id\)s \ --internalurl http://10.0.0.11:8774/v2/%\(tenant_id\)s \ --adminurl http://10.0.0.11:8774/v2/%\(tenant_id\)s \ --region RegionOne compute
P.S. nova
Nova
60
Packaging-Deb apt-get
Nova
$ sudo apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient
Nova (1/4)
61
/etc/nova/nova.conf [DEFAULT]
[DEFAULT] ... rpc_backend = rabbit auth_strategy = keystone my_ip = 10.0.0.11 vncserver_listen = 10.0.0.11 vncserver_proxyclient_address = 10.0.0.11
Nova (2/4)
62
[database]
[database] connection = mysql://nova:[email protected]/nova
[oslo_messaging_rabbit]
[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd
P.S. connection MySQL Rabbit
Nova (3/4)
63
[keystone_authtoken]
[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova
P.S. Keystone nova
Nova (4/4)
64
[glance] [oslo_concurrency] Glance Host lock_path
[glance] host = 10.0.0.11
[oslo_concurrency] lock_path = /var/lib/nova/tmp
$ sudo nova-manage db sync
65
Nova SQLite
$ sudo service nova-api restart $ sudo service nova-cert restart $ sudo service nova-consoleauth restart $ sudo service nova-scheduler restart $ sudo service nova-conductor restart $ sudo service nova-novncproxy restart $ sudo rm -f /var/lib/nova/nova.sqlite
66
Nova
67
Compute
68
PPT
69
70
71
Compute
Compute
72
controller compute service
VM instance Compute
$ sudo apt-get install -y nova-compute sysfsutils
Nova-Compute (1/5)
73
/etc/nova/nova.conf [DEFAULT]
[DEFAULT] ... rpc_backend = rabbit auth_strategy = keystone resume_guests_state_on_host_boot = true my_ip = 10.0.0.31
Nova-Compute (2/5)
74
[vnc] VNC Server
[vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = 10.0.0.31 novncproxy_base_url = http://10.0.0.11:6080/vnc_auto.html
Nova-Compute (3/5)
75
[oslo_messaging_rabbit] VNC Server
[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd
P.S. Rabbit p@ssw0rd
Nova-Compute (4/5)
76
[keystone_authtoken] VNC Server
auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova
P.S. Keystone nova
Nova-Compute (5/5)
77
[glance] [oslo_concurrency] Glance Host lock_path
[glance] host = 10.0.0.11
[oslo_concurrency] lock_path = /var/lib/nova/tmp
$ sudo nova-manage db sync
Compute libvirt
78
Compute
$ kvm-ok $ egrep -c '(vmx|svm)' /proc/cpuinfo 8
CPU KVM /etc/nova/nova-
compute.conf virt_type QEMU
[libvirt] virt_type = qemu
79
Nova SQLite
$ sudo service nova-compute restart $ sudo rm -f /var/lib/nova/nova.sqlite
Nova
80
admin-openrc.sh nova client
$ nova service-list $ nova endpoints $ nova image-list
81
Neutron
82
Amazon AWS VPC
83
L2 L3
84
Plugin
LBaaS VPNaaS FWaaS
(1/2)
85
Networking Controller Network
Compute Controller
$ mysql -u root -p # CREATE DATABASE neutron; # GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; # GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
P.S. neutron
(2/2)
86
Keystone admin
$ openstack user create --password neutron --email [email protected] neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description "OpenStack Networking" network $ openstack endpoint create --publicurl http://10.0.0.11:9696 \ --adminurl http://10.0.0.11:9696 \ --internalurl http://10.0.0.11:9696 \ --region RegionOne network
P.S. neutron
Neutron
87
Packaging-Deb apt-get
Neutron
$ sudo apt-get install neutron-server neutron-plugin-ml2 python-neutronclient
Neutron (1/4)
88
/etc/neutron/neutron.conf [DEFAULT]
[DEFAULT] rpc_backend = rabbit auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://10.0.0.11:8774/v2
Neutron (2/4)
89
[database]
[DEFAULT] connection = mysql://neutron:[email protected]/neutron
[oslo_messaging_rabbit]
[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd
P.S. MySQL neutron rabbit p@ssw0rd
Neutron (3/4)
90
[keystone_authtoken]
[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
P.S. neutron
Neutron (4/4)
91
[nova]
[nova] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova
P.S. nova
Modular Layer 2 (1/2)
92
/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]
GRE OVS
[ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
93
a
OVS
94
OVS = Open vSwitch
95
Open Source
Open vSwitch
96
GRE
97
GRE = Graduate Record Examinations
98
GRE = Generic Routing Encapsulation
99
100
ML2
Modular Layer 2 (2/2)
101
[ml2_type_gre] id
[ml2_type_gre] tunnel_id_ranges = 1:1000
[securitygroup] ipset OVS iptables
enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
Nova Networking(1/2)
102
/etc/nova/nova.conf [DEFAULT] APIs
Drivers
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver
Nova Networking(2/2)
103
[neutron]
[neutron] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
P.S. neutron
104
$ sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade liberty
Compute Networking SQLite
$ sudo service nova-api restart $ sudo service neutron-server restart $ sudo rm -f /var/lib/neutron/neutron.sqlite
neutron
105
neutron client neutron-server
$ neutron ext-list
P.S. neutron
106
Network
(1/2)
107
Network L3 DHCP
/etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0
$ sudo sysctl -p
(2/2)
108
apt-get
$ sudo apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
Neutron (1/3)
109
/etc/neutron/neutron.conf [DEFAULT]
[DEFAULT] rpc_backend = rabbit auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
Neutron (2/3)
110
[database]
[DEFAULT] # connection = sqlite:////var/lib/neutron/neutron.sqlite
[oslo_messaging_rabbit]
[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd
P.S. MySQL neutron rabbit p@ssw0rd
Neutron (3/3)
111
[keystone_authtoken]
[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
P.S. neutron
Modular Layer 2 (1/4)
112
/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]
GRE OVS
[ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
Modular Layer 2 (2/4)
113
[ml2_type_flat]
[ml2_type_flat] flat_networks = external
[ml2_type_gre] id
[ml2_type_gre] tunnel_id_ranges = 1:1000
Modular Layer 2 (3/4)
114
[securitygroup] ipset OVS iptables
enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs] IP
[ovs] local_ip = 10.0.1.21 bridge_mappings = external:br-ex
Modular Layer 2 (4/4)
115
[agent] GRE
[agent] tunnel_types = gre
Layer-3 (L3) Proxy
116
/etc/neutron/l3_agent.ini [DEFAULT]
[DEFAULT] ... verbose = True interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver external_network_bridge = router_delete_namespaces = True
DHCP Proxy(1/2)
117
/etc/neutron/dhcp_agent.ini [DEFAULT] DHCP
[DEFAULT] ... verbose = True interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq dhcp_delete_namespaces = True dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
DHCP Proxy(2/2)
118
/etc/neutron/dnsmasq-neutron.conf DHCP MTU (26)
1454 bytes
$ echo 'dhcp-option-force=26,1454' | sudo tee /etc/neutron/dnsmasq-neutron.conf
Metadata Proxy(1/2)
119
/etc/neutron/metadata_agent.ini [DEFAULT] metadata
[DEFAULT] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default
Metadata Proxy(2/2)
120
/etc/neutron/metadata_agent.ini [DEFAULT]
[DEFAULT] … user_domain_id = default project_name = service username = neutron password = neutron nova_metadata_ip = 10.0.0.11 metadata_proxy_shared_secret = d88ec459ab1e0bdaf5d8
P.S. Keystone neutron metadata_proxy_shared_secret
121
Controller
Nova Metadata Proxy
122
/etc/nova/nova.conf [neutron] Nova metadata proxy
[neutron] ... service_metadata_proxy = True metadata_proxy_shared_secret = d88ec459ab1e0bdaf5d8
Controller Compute API
$ sudo service nova-api restart
P.S. metadata_proxy_shared_secret d88ec459ab1e0bdaf5d8
123
Network
Open vSwitch (OVS)
124
Open vSwitch
$ sudo service openvswitch-switch restart
$ sudo ovs-vsctl add-br br-ex
$ sudo ovs-vsctl add-port br-ex INTERFACE_NAME
P.S. INTERFACE_NAME Public eth1
Networking
125
$ sudo service neutron-plugin-openvswitch-agent restart $ sudo service neutron-l3-agent restart $ sudo service neutron-dhcp-agent restart $ sudo service neutron-metadata-agent restart
Controller Keystone admin
$ neutron agent-list
126
Compute
(1/2)
127
Compute /etc/
sysctl.conf
net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1
$ sudo sysctl -p
(2/2)
128
apt-get
$ sudo apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent
Neutron (1/3)
129
/etc/neutron/neutron.conf [DEFAULT]
[DEFAULT] rpc_backend = rabbit auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
Neutron (2/3)
130
[database]
[DEFAULT] # connection = sqlite:////var/lib/neutron/neutron.sqlite
[oslo_messaging_rabbit]
[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd
P.S. MySQL neutron rabbit p@ssw0rd
Neutron (3/3)
131
[keystone_authtoken]
[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
P.S. neutron
Modular Layer 2 (1/3)
132
/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]
GRE OVS
[ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch
Modular Layer 2 (2/3)
133
[ml2_type_gre] id
[ml2_type_gre] tunnel_id_ranges = 1:1000
[securitygroup] ipset OVS iptables
enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
Modular Layer 2 (3/3)
134
[ovs] IP
[ovs] local_ip = 10.0.1.31
[agent] GRE
[agent] tunnel_types = gre
Compute Networking(1/2)
135
/etc/nova/nova.conf [DEFAULT] APIs Drivers
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver
Compute Networking(2/2)
136
[neutron] Keystone
[DEFAULT] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron
P.S. neutron
Compute Networking
137
$ sudo service openvswitch-switch restart $ sudo service nova-compute restart $ sudo service neutron-plugin-openvswitch-agent restart
Controller Keystone admin
$ neutron agent-list
138
139
External network(1/2)
140
neutron net-create
$ neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat
External network(2/2)
141
neutron subnet-create
$ neutron subnet-create ext-net 192.168.20.0/24 --name ext-subnet --allocation-pool start=192.168.20.101,end=192.168.20.200 --disable-dhcp --gateway 192.168.20.1
142
Horizon
143
Dashboard
Horizon (1/2)
144
Dashboard Controller
OpenStack apt-get dashboard
$ sudo apt-get install openstack-dashboard
Ubuntu openstack-dashboard ubuntu-theme
$ sudo apt-get purge openstack-dashboard-ubuntu-theme
Horizon (2/2)
145
/etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST = "controller" ALLOWED_HOSTS = '*' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
146
$ sudo service apache2 reload $ sudo service apache2 restart
http://10.0.011/horizon
147
Deploy and Management Tools
148
Mirantis Fuel
149
HP Helion
150
Ubuntu MAAS + JuJu
151
Kolla
152
Red Hat OpenStack
153P.S.
154
Ansible
155
Puppet
156
Chef
157
158
SSCloud
159
Dashboard 150
hackathon001 , hackathon002, ... , hackathon150
https://sscloud.unicloud.org.tw/auth/login/
161