2

•

IT

• IT

OpenStack Day Taiwan Hadoop Conf

SITCON Conf

•

i.m.a.cNUTCimac

imac-cloud

Agenda

3

•

• Keystone

• Glance

• Nova

• Neutron

• Horizon

• Deploy and Management Tools

• SSCloud

4

Minimal Hardware Requirements

5

Minimal Network Layout

6

Minimal Service Layout

7

Network Topology

8

Network Time Protocol (NTP)

9

NTP

$ sudo apt-get install -y ntp

Controller Server /etc/ntp.conf

restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap server 2.tw.pool.ntp.org server 3.asia.pool.ntp.org server 0.asia.pool.ntp.org

Controller /etc/ntp.conf

server controller iburst

Network Time Protocol (NTP)

10

Controller

$ ntpq -c peers +123.204.45.116 59.149.185.193 2 u 196 256 353 158.773 70.671 20.943 *186.211.189.118 203.123.48.219 2 u 215 256 377 59.255 -1.832 2.092 +time.iqnet.com 62.201.207.162 2 u 18 256 377 391.601 4.016 3.642

$ ntpq -c peers *controller 10.0.0.11 3 u 47 64 37 0.308 -0.251 0.079

Ubuntu OpenStack

11

OpenStack

12

Ubuntu 15.04 Repository

Repository

$ sudo apt-get install -y software-properties-common $ sudo add-apt-repository -y cloud-archive:liberty

Repository

$ sudo apt-get update && sudo apt-get -y dist-upgrade

P.S.

SQL database (1/2)

13

OpenStack SQL

Controller

$ sudo apt-get install -y mariadb-server python-mysqldb

/etc/mysql/conf.d/mysqld_openstack.cnf

[mysqld] bind-address = 10.0.0.11

P.S. p@ssw0rd

SQL database (2/2)

14

... default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8

$ sudo service mysql restart $ sudo mysql_secure_installation

P.S. …

Message queue (1/2)

15

OpenStack Message Queue

RabbitMQ Controller

$ sudo apt-get install -y rabbitmq-server

web console

$ sudo rabbitmq-plugins enable rabbitmq_management $ sudo sh -c "echo '[{rabbit, [{loopback_users, []}]}].' > /etc/rabbitmq/rabbitmq.config" $ sudo service rabbitmq-server restart

P.S. http://<ip>:15672 guest/guest

Message queue (2/2)

16

User OpenStack

$ sudo rabbitmqctl add_user openstack <password> Creating user "openstack" ... …done.

User

$ sudo rabbitmqctl set_permissions openstack ".*" ".*" “.*" Setting permissions for user "openstack" in vhost "/" ... ...done.

P.S. p@ssw0rd

17

Keystone

18

Amazon AWS IAM

19

20

API

(1/2)

21

Identity Controller

Database Keystone

$ mysql -u root -p # CREATE DATABASE keystone; # GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; # GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

(2/2)

22

openssl admin token

$ openssl rand -hex 16 1ed64bdb7ebda9ae6d01d811565d4d64

P.S. token

Keystone

23

$ echo "manual" | sudo tee /etc/init/keystone.override

Packaging-Deb apt-get keystone

$ sudo apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache

P.S. Kilo Keystone Eventlet WSGI Server

Keystone (1/3)

24

/etc/keystone/keystone.conf ADMIN_TOKEN

[DEFAULT] admin_token = 1ed64bdb7ebda9ae6d01d811565d4d64

[database]

[database] connection = mysql://keystone:keystone@10.0.0.11/keystone

P.S. connection MySQL Keystone

Keystone (2/3)

25

[memcache]

[memcache] servers = localhost:11211

[token]

[token] provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.memcache.Token

Keystone (3/3)

26

[revoke]

[revoke] driver = keystone.contrib.revoke.backends.sql.Revoke

$ sudo keystone-manage db_sync

P.S. SQLite

Apache2 HTTP (1/3)

27

/etc/apache2/apache2.conf ServerName controller

ServerName controller

/etc/apache2/sites-available/wsgi-keystone.conf

$ sudo vim /etc/apache2/sites-available/wsgi-keystone.conf Listen 5000 Listen 35357

Apache2 HTTP (2/3)

28

<VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> LogLevel info ErrorLog /var/log/apache2/keystone-error.log CustomLog /var/log/apache2/keystone-access.log combined </VirtualHost>

Apache2 HTTP (3/3)

29

<VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> LogLevel info ErrorLog /var/log/apache2/keystone-error.log CustomLog /var/log/apache2/keystone-access.log combined </VirtualHost>

WSGI (1/2)

30

$ sudo ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled

WSGI WSGI

$ sudo mkdir -p /var/www/cgi-bin/keystone $ sudo curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/liberty | sudo tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

WSGI(2/2)

31

chown chmod

$ sudo chown -R keystone:keystone /var/www/cgi-bin/keystone $ sudo chmod 755 /var/www/cgi-bin/keystone/*

Apache2 SQLite

$ sudo service apache2 restart $ sudo rm -f /var/lib/keystone/keystone.db

32

export OS_TOKEN admin_token API

URL

$ export OS_TOKEN=1ed64bdb7ebda9ae6d01d811565d4d64 $ export OS_URL=http://10.0.0.11:35357/v2.0

$ openstack service create --name keystone --description "OpenStack Identity" identity

API

33

API

API

$ openstack endpoint create --publicurl http://10.0.0.11:5000/v2.0 \ --internalurl http://10.0.0.11:5000/v2.0 \ --adminurl http://10.0.0.11:35357/v2.0 \ --region RegionOne identity

34

Openstack domains,

projects (tenants), users roles admin Project User

Role

$ openstack project create --description "Admin Project" admin $ openstack user create --password p@ssw0rd --email admin@example.com admin $ openstack role create admin $ openstack role add --project admin --user admin admin $ openstack project create --description "Service Project" service

P.S. p@ssw0rd

35

Demo

$ openstack project create --description "Demo Project" demo $ openstack user create --password demo --email demo@example.com demo $ openstack role create user $ openstack role add --project demo --user demo user

P.S. demo

36

Keystone

OS_TOKEN OS_URL

$ unset OS_TOKEN OS_URL

admin Identity v2.0 token

$ openstack --os-auth-url http://10.0.0.11:35357 --os-project-name admin --os-username admin --os-auth-type password token issue

P.S. p@ssw0rd

admin client

37

admin demo

admin admin-openrc.sh

export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=p@ssw0rd export OS_AUTH_URL=http://10.0.0.11:35357/v3

P.S. p@ssw0rd

user client

38

demo demo-openrc.sh

export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://10.0.0.11:5000/v3

P.S. demo

Client

39

source

$ source admin-openrc.sh $ openstack token issue

40

Glance

41

Amazon AWS VM

Import Export

42

43

EX: Ubuntu CoreOS…

(1/2)

44

Image Service Controller

Database

$ mysql -u root -p # CREATE DATABASE glance; # GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance'; # GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

P.S. glance

(2/2)

45

Keystone admin

$ openstack user create --password glance --email glance@example.com glance $ openstack role add --project service --user glance admin $ openstack service create --name glance --description "OpenStack Image service" image $ openstack endpoint create --publicurl http://10.0.0.11:9292 \ --internalurl http://10.0.0.11:9292 \ --adminurl http://10.0.0.11:9292 --region RegionOne image

P.S. glance

Glance

46

Packaging-Deb apt-get

Glance

$ sudo apt-get install -y glance python-glanceclient

Glance (1/6)

47

/etc/glance/glance-api.conf [DEFAULT]

noop

[DEFAULT] notification_driver = noop

[database]

[database] connection = mysql://glance:glance@10.0.0.11/glance

P.S. connection MySQL

Glance (2/6)

48

[keystone_authtoken]

[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance

P.S. glance

Glance (3/6)

49

[paste_deploy]

[paste_deploy] flavor = keystone

[glance_store]

[glance_store] default_store = file filesystem_store_datadir = /var/lib/glance/images/

Glance (4/6)

50

/etc/glance/glance-registry.conf [DEFAULT]

noop

[DEFAULT] notification_driver = noop

[database]

[database] connection = mysql://glance:glance@10.0.0.11/glance

P.S. connection MySQL

Glance (5/6)

51

[keystone_authtoken]

[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = glance password = glance

P.S. glance

Glance (6/6)

52

[paste_deploy]

[paste_deploy] flavor = keystone

/etc/glance/glance-api.conf /etc/glance/glance-registry.conf

SQLite

$ sudo glance-manage db_sync $ sudo service glance-registry restart $ sudo service glance-api restart $ sudo rm -f /var/lib/glance/glance.sqlite

Glance

53

admin-openrc.sh demo-openrc.sh Glance API

$ echo "export OS_IMAGE_API_VERSION=2" | sudo tee -a admin-openrc.sh demo-openrc.sh $ source admin-openrc.sh

Glance

$ wget -P /tmp/images http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img $ glance image-create --name "cirros-0.3.4-x86_64" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress

54

Nova

55

Amazon AWS EC2

56

IaaS

57

(1/2)

58

Compute Controller

Compute Controller

$ mysql -u root -p # CREATE DATABASE nova; # GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; # GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

P.S. nova

(2/2)

59

Keystone admin

$ openstack user create --password nova --email nova@example.com nova $ openstack role add --project service --user nova admin $ openstack service create --name nova --description "OpenStack Compute" compute

$ openstack endpoint create --publicurl http://10.0.0.11:8774/v2/%\(tenant_id\)s \ --internalurl http://10.0.0.11:8774/v2/%\(tenant_id\)s \ --adminurl http://10.0.0.11:8774/v2/%\(tenant_id\)s \ --region RegionOne compute

P.S. nova

Nova

60

Packaging-Deb apt-get

Nova

$ sudo apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient

Nova (1/4)

61

/etc/nova/nova.conf [DEFAULT]

[DEFAULT] ... rpc_backend = rabbit auth_strategy = keystone my_ip = 10.0.0.11 vncserver_listen = 10.0.0.11 vncserver_proxyclient_address = 10.0.0.11

Nova (2/4)

62

[database]

[database] connection = mysql://nova:nova@10.0.0.11/nova

[oslo_messaging_rabbit]

[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd

P.S. connection MySQL Rabbit

Nova (3/4)

63

[keystone_authtoken]

[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova

P.S. Keystone nova

Nova (4/4)

64

[glance] [oslo_concurrency] Glance Host lock_path

[glance] host = 10.0.0.11

[oslo_concurrency] lock_path = /var/lib/nova/tmp

$ sudo nova-manage db sync

65

Nova SQLite

$ sudo service nova-api restart $ sudo service nova-cert restart $ sudo service nova-consoleauth restart $ sudo service nova-scheduler restart $ sudo service nova-conductor restart $ sudo service nova-novncproxy restart $ sudo rm -f /var/lib/nova/nova.sqlite

66

Nova

67

Compute

68

PPT

69

70

71

Compute

Compute

72

controller compute service

VM instance Compute

$ sudo apt-get install -y nova-compute sysfsutils

Nova-Compute (1/5)

73

/etc/nova/nova.conf [DEFAULT]

[DEFAULT] ... rpc_backend = rabbit auth_strategy = keystone resume_guests_state_on_host_boot = true my_ip = 10.0.0.31

Nova-Compute (2/5)

74

[vnc] VNC Server

[vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = 10.0.0.31 novncproxy_base_url = http://10.0.0.11:6080/vnc_auto.html

Nova-Compute (3/5)

75

[oslo_messaging_rabbit] VNC Server

[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd

P.S. Rabbit p@ssw0rd

Nova-Compute (4/5)

76

[keystone_authtoken] VNC Server

auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova

P.S. Keystone nova

Nova-Compute (5/5)

77

[glance] [oslo_concurrency] Glance Host lock_path

[glance] host = 10.0.0.11

[oslo_concurrency] lock_path = /var/lib/nova/tmp

$ sudo nova-manage db sync

Compute libvirt

78

Compute

$ kvm-ok $ egrep -c '(vmx|svm)' /proc/cpuinfo 8

CPU KVM /etc/nova/nova-

compute.conf virt_type QEMU

[libvirt] virt_type = qemu

79

Nova SQLite

$ sudo service nova-compute restart $ sudo rm -f /var/lib/nova/nova.sqlite

Nova

80

admin-openrc.sh nova client

$ nova service-list $ nova endpoints $ nova image-list

81

Neutron

82

Amazon AWS VPC

83

L2 L3

84

Plugin

LBaaS VPNaaS FWaaS

(1/2)

85

Networking Controller Network

Compute Controller

$ mysql -u root -p # CREATE DATABASE neutron; # GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; # GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

P.S. neutron

(2/2)

86

Keystone admin

$ openstack user create --password neutron --email neutron@example.com neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron --description "OpenStack Networking" network $ openstack endpoint create --publicurl http://10.0.0.11:9696 \ --adminurl http://10.0.0.11:9696 \ --internalurl http://10.0.0.11:9696 \ --region RegionOne network

P.S. neutron

Neutron

87

Packaging-Deb apt-get

Neutron

$ sudo apt-get install neutron-server neutron-plugin-ml2 python-neutronclient

Neutron (1/4)

88

/etc/neutron/neutron.conf [DEFAULT]

[DEFAULT] rpc_backend = rabbit auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://10.0.0.11:8774/v2

Neutron (2/4)

89

[database]

[DEFAULT] connection = mysql://neutron:neutron@10.0.0.11/neutron

[oslo_messaging_rabbit]

[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd

P.S. MySQL neutron rabbit p@ssw0rd

Neutron (3/4)

90

[keystone_authtoken]

[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron

P.S. neutron

Neutron (4/4)

91

[nova]

[nova] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = nova password = nova

P.S. nova

Modular Layer 2 (1/2)

92

/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]

GRE OVS

[ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch

93

a

OVS

94

OVS = Open vSwitch

95

Open Source

Open vSwitch

96

GRE

97

GRE = Graduate Record Examinations

98

GRE = Generic Routing Encapsulation

99

100

ML2

Modular Layer 2 (2/2)

101

[ml2_type_gre] id

[ml2_type_gre] tunnel_id_ranges = 1:1000

[securitygroup] ipset OVS iptables

enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Nova Networking(1/2)

102

/etc/nova/nova.conf [DEFAULT] APIs

Drivers

[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver

Nova Networking(2/2)

103

[neutron]

[neutron] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron

P.S. neutron

104

$ sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade liberty

Compute Networking SQLite

$ sudo service nova-api restart $ sudo service neutron-server restart $ sudo rm -f /var/lib/neutron/neutron.sqlite

neutron

105

neutron client neutron-server

$ neutron ext-list

P.S. neutron

106

Network

(1/2)

107

Network L3 DHCP

/etc/sysctl.conf

net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

$ sudo sysctl -p

(2/2)

108

apt-get

$ sudo apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent

Neutron (1/3)

109

/etc/neutron/neutron.conf [DEFAULT]

[DEFAULT] rpc_backend = rabbit auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True

Neutron (2/3)

110

[database]

[DEFAULT] # connection = sqlite:////var/lib/neutron/neutron.sqlite

[oslo_messaging_rabbit]

[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd

P.S. MySQL neutron rabbit p@ssw0rd

Neutron (3/3)

111

[keystone_authtoken]

[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron

P.S. neutron

Modular Layer 2 (1/4)

112

/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]

GRE OVS

[ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch

Modular Layer 2 (2/4)

113

[ml2_type_flat]

[ml2_type_flat] flat_networks = external

[ml2_type_gre] id

[ml2_type_gre] tunnel_id_ranges = 1:1000

Modular Layer 2 (3/4)

114

[securitygroup] ipset OVS iptables

enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs] IP

[ovs] local_ip = 10.0.1.21 bridge_mappings = external:br-ex

Modular Layer 2 (4/4)

115

[agent] GRE

[agent] tunnel_types = gre

Layer-3 (L3) Proxy

116

/etc/neutron/l3_agent.ini [DEFAULT]

[DEFAULT] ... verbose = True interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver external_network_bridge = router_delete_namespaces = True

DHCP Proxy(1/2)

117

/etc/neutron/dhcp_agent.ini [DEFAULT] DHCP

[DEFAULT] ... verbose = True interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq dhcp_delete_namespaces = True dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

DHCP Proxy(2/2)

118

/etc/neutron/dnsmasq-neutron.conf DHCP MTU (26)

1454 bytes

$ echo 'dhcp-option-force=26,1454' | sudo tee /etc/neutron/dnsmasq-neutron.conf

Metadata Proxy(1/2)

119

/etc/neutron/metadata_agent.ini [DEFAULT] metadata

[DEFAULT] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_region = RegionOne auth_plugin = password project_domain_id = default

Metadata Proxy(2/2)

120

/etc/neutron/metadata_agent.ini [DEFAULT]

[DEFAULT] … user_domain_id = default project_name = service username = neutron password = neutron nova_metadata_ip = 10.0.0.11 metadata_proxy_shared_secret = d88ec459ab1e0bdaf5d8

P.S. Keystone neutron metadata_proxy_shared_secret

121

Controller

Nova Metadata Proxy

122

/etc/nova/nova.conf [neutron] Nova metadata proxy

[neutron] ... service_metadata_proxy = True metadata_proxy_shared_secret = d88ec459ab1e0bdaf5d8

Controller Compute API

$ sudo service nova-api restart

P.S. metadata_proxy_shared_secret d88ec459ab1e0bdaf5d8

123

Network

Open vSwitch (OVS)

124

Open vSwitch

$ sudo service openvswitch-switch restart

$ sudo ovs-vsctl add-br br-ex

$ sudo ovs-vsctl add-port br-ex INTERFACE_NAME

P.S. INTERFACE_NAME Public eth1

Networking

125

$ sudo service neutron-plugin-openvswitch-agent restart $ sudo service neutron-l3-agent restart $ sudo service neutron-dhcp-agent restart $ sudo service neutron-metadata-agent restart

Controller Keystone admin

$ neutron agent-list

126

Compute

(1/2)

127

Compute /etc/

sysctl.conf

net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1

$ sudo sysctl -p

(2/2)

128

apt-get

$ sudo apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent

Neutron (1/3)

129

/etc/neutron/neutron.conf [DEFAULT]

[DEFAULT] rpc_backend = rabbit auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True

Neutron (2/3)

130

[database]

[DEFAULT] # connection = sqlite:////var/lib/neutron/neutron.sqlite

[oslo_messaging_rabbit]

[oslo_messaging_rabbit] rabbit_host = 10.0.0.11 rabbit_userid = openstack rabbit_password = p@ssw0rd

P.S. MySQL neutron rabbit p@ssw0rd

Neutron (3/3)

131

[keystone_authtoken]

[keystone_authtoken] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron

P.S. neutron

Modular Layer 2 (1/3)

132

/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]

GRE OVS

[ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch

Modular Layer 2 (2/3)

133

[ml2_type_gre] id

[ml2_type_gre] tunnel_id_ranges = 1:1000

[securitygroup] ipset OVS iptables

enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Modular Layer 2 (3/3)

134

[ovs] IP

[ovs] local_ip = 10.0.1.31

[agent] GRE

[agent] tunnel_types = gre

Compute Networking(1/2)

135

/etc/nova/nova.conf [DEFAULT] APIs Drivers

[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver

Compute Networking(2/2)

136

[neutron] Keystone

[DEFAULT] auth_uri = http://10.0.0.11:5000 auth_url = http://10.0.0.11:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutron

P.S. neutron

Compute Networking

137

$ sudo service openvswitch-switch restart $ sudo service nova-compute restart $ sudo service neutron-plugin-openvswitch-agent restart

Controller Keystone admin

$ neutron agent-list

138

139

External network(1/2)

140

neutron net-create

$ neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat

External network(2/2)

141

neutron subnet-create

$ neutron subnet-create ext-net 192.168.20.0/24 --name ext-subnet --allocation-pool start=192.168.20.101,end=192.168.20.200 --disable-dhcp --gateway 192.168.20.1

142

Horizon

143

Dashboard

Horizon (1/2)

144

Dashboard Controller

OpenStack apt-get dashboard

$ sudo apt-get install openstack-dashboard

Ubuntu openstack-dashboard ubuntu-theme

$ sudo apt-get purge openstack-dashboard-ubuntu-theme

Horizon (2/2)

145

/etc/openstack-dashboard/local_settings.py

OPENSTACK_HOST = "controller" ALLOWED_HOSTS = '*' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } } OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

146

$ sudo service apache2 reload $ sudo service apache2 restart

http://10.0.011/horizon

147

Deploy and Management Tools

148

Mirantis Fuel

149

HP Helion

150

Ubuntu MAAS + JuJu

151

Kolla

152

Red Hat OpenStack

153P.S.

154

Ansible

155

Puppet

156

Chef

157

158

SSCloud

159

Dashboard 150

hackathon001 , hackathon002, ... , hackathon150

https://sscloud.unicloud.org.tw/auth/login/

160

OpenStack Hackfest 18-20 March 2016

161