2. 2
•
IT
• IT
OpenStack Day Taiwan Hadoop Conf
SITCON Conf
•
i.m.a.c
NUTCimac
imac-cloud

3. Agenda
3
•
• Keystone
• Glance
• Nova
• Neutron
• Horizon
• Deploy and Management Tools
• SSCloud

4. 4

5. Minimal Hardware Requirements
5

6. Minimal Network Layout
6

7. Minimal Service Layout
7

8. Network Topology
8

9. Network Time Protocol (NTP)
9
NTP
$ sudo apt-get install -y ntp
Controller Server /etc/ntp.conf
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
server 2.tw.pool.ntp.org
server 3.asia.pool.ntp.org
server 0.asia.pool.ntp.org
Controller /etc/ntp.conf
server controller iburst

10. Network Time Protocol (NTP)
10
Controller
$ ntpq -c peers
+123.204.45.116 59.149.185.193 2 u 196 256 353 158.773 70.671 20.943
*186.211.189.118 203.123.48.219 2 u 215 256 377 59.255 -1.832 2.092
+time.iqnet.com 62.201.207.162 2 u 18 256 377 391.601 4.016 3.642
$ ntpq -c peers
*controller 10.0.0.11 3 u 47 64 37 0.308 -0.251 0.079

11. Ubuntu OpenStack
11

12. OpenStack
12
Ubuntu 15.04 Repository
Repository
$ sudo apt-get install -y software-properties-common
$ sudo add-apt-repository -y cloud-archive:liberty
Repository
$ sudo apt-get update && sudo apt-get -y dist-upgrade
P.S.

13. SQL database (1/2)
13
OpenStack SQL
Controller
$ sudo apt-get install -y mariadb-server python-mysqldb
/etc/mysql/conf.d/mysqld_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
P.S. p@ssw0rd

14. SQL database (2/2)
14
...
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
$ sudo service mysql restart
$ sudo mysql_secure_installation
P.S. …

15. Message queue (1/2)
15
OpenStack Message Queue
RabbitMQ Controller
$ sudo apt-get install -y rabbitmq-server
web console
$ sudo rabbitmq-plugins enable rabbitmq_management
$ sudo sh -c "echo '[{rabbit, [{loopback_users, []}]}].' > /etc/rabbitmq/
rabbitmq.config"
$ sudo service rabbitmq-server restart
P.S. http://<ip>:15672 guest/guest

16. Message queue (2/2)
16
User OpenStack
$ sudo rabbitmqctl add_user openstack <password>
Creating user "openstack" ...
…done.
User
$ sudo rabbitmqctl set_permissions openstack ".*" ".*" “.*"
Setting permissions for user "openstack" in vhost "/" ...
...done.
P.S. p@ssw0rd

17. 17
Keystone

18. 18
Amazon AWS IAM

19. 19

20. 20
API

21. (1/2)
21
Identity Controller
Database Keystone
$ mysql -u root -p
# CREATE DATABASE keystone;
# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'
IDENTIFIED BY 'keystone';
# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED
BY 'keystone';

22. (2/2)
22
openssl admin token
$ openssl rand -hex 16
1ed64bdb7ebda9ae6d01d811565d4d64
P.S. token

23. Keystone
23
$ echo "manual" | sudo tee /etc/init/keystone.override
Packaging-Deb apt-get keystone
$ sudo apt-get install keystone python-openstackclient apache2
libapache2-mod-wsgi memcached python-memcache
P.S. Kilo Keystone Eventlet WSGI Server

24. Keystone (1/3)
24
/etc/keystone/keystone.conf ADMIN_TOKEN
[DEFAULT]
admin_token = 1ed64bdb7ebda9ae6d01d811565d4d64
[database]
[database]
connection = mysql://keystone:keystone@10.0.0.11/keystone
P.S. connection MySQL Keystone

25. Keystone (2/3)
25
[memcache]
[memcache]
servers = localhost:11211
[token]
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token

26. Keystone (3/3)
26
[revoke]
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke
$ sudo keystone-manage db_sync
P.S. SQLite

27. Apache2 HTTP (1/3)
27
/etc/apache2/apache2.conf ServerName controller
ServerName controller
/etc/apache2/sites-available/wsgi-keystone.conf
$ sudo vim /etc/apache2/sites-available/wsgi-keystone.conf
Listen 5000
Listen 35357

28. Apache2 HTTP (2/3)
28
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>

29. Apache2 HTTP (3/3)
29
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>

30. WSGI (1/2)
30
$ sudo ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-
enabled
WSGI WSGI
$ sudo mkdir -p /var/www/cgi-bin/keystone
$ sudo curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/
keystone.py?h=stable/liberty | sudo tee /var/www/cgi-bin/keystone/main /var/
www/cgi-bin/keystone/admin

31. WSGI(2/2)
31
chown chmod
$ sudo chown -R keystone:keystone /var/www/cgi-bin/keystone
$ sudo chmod 755 /var/www/cgi-bin/keystone/*
Apache2 SQLite
$ sudo service apache2 restart
$ sudo rm -f /var/lib/keystone/keystone.db

32. 32
export OS_TOKEN admin_token API
URL
$ export OS_TOKEN=1ed64bdb7ebda9ae6d01d811565d4d64
$ export OS_URL=http://10.0.0.11:35357/v2.0
$ openstack service create --name keystone --description "OpenStack
Identity" identity

33. API
33
API
API
$ openstack endpoint create --publicurl http://10.0.0.11:5000/v2.0
--internalurl http://10.0.0.11:5000/v2.0
--adminurl http://10.0.0.11:35357/v2.0
--region RegionOne identity

34. 34
Openstack domains,
projects (tenants), users roles admin Project User
Role
$ openstack project create --description "Admin Project" admin
$ openstack user create --password p@ssw0rd --email admin@example.com
admin
$ openstack role create admin
$ openstack role add --project admin --user admin admin
$ openstack project create --description "Service Project" service
P.S. p@ssw0rd

35. 35
Demo
$ openstack project create --description "Demo Project" demo
$ openstack user create --password demo --email
demo@example.com demo
$ openstack role create user
$ openstack role add --project demo --user demo user
P.S. demo

36. 36
Keystone
OS_TOKEN OS_URL
$ unset OS_TOKEN OS_URL
admin Identity v2.0 token
$ openstack --os-auth-url http://10.0.0.11:35357 --os-project-name admin
--os-username admin --os-auth-type password token issue
P.S. p@ssw0rd

37. admin client
37
admin demo
admin admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=p@ssw0rd
export OS_AUTH_URL=http://10.0.0.11:35357/v3
P.S. p@ssw0rd

38. user client
38
demo demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://10.0.0.11:5000/v3
P.S. demo

39. Client
39
source
$ source admin-openrc.sh
$ openstack token issue

40. 40
Glance

41. 41
Amazon AWS VM
Import Export

42. 42

43. 43
EX: Ubuntu CoreOS…

44. (1/2)
44
Image Service Controller
Database
$ mysql -u root -p
# CREATE DATABASE glance;
# GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'
IDENTIFIED BY 'glance';
# GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY
'glance';
P.S. glance

45. (2/2)
45
Keystone admin
$ openstack user create --password glance --email glance@example.com
glance
$ openstack role add --project service --user glance admin
$ openstack service create --name glance --description "OpenStack Image
service" image
$ openstack endpoint create --publicurl http://10.0.0.11:9292
--internalurl http://10.0.0.11:9292
--adminurl http://10.0.0.11:9292 --region RegionOne image
P.S. glance

46. Glance
46
Packaging-Deb apt-get
Glance
$ sudo apt-get install -y glance python-glanceclient

47. Glance (1/6)
47
/etc/glance/glance-api.conf [DEFAULT]
noop
[DEFAULT]
notification_driver = noop
[database]
[database]
connection = mysql://glance:glance@10.0.0.11/glance
P.S. connection MySQL

48. Glance (2/6)
48
[keystone_authtoken]
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
P.S. glance

49. Glance (3/6)
49
[paste_deploy]
[paste_deploy]
flavor = keystone
[glance_store]
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

50. Glance (4/6)
50
/etc/glance/glance-registry.conf [DEFAULT]
noop
[DEFAULT]
notification_driver = noop
[database]
[database]
connection = mysql://glance:glance@10.0.0.11/glance
P.S. connection MySQL

51. Glance (5/6)
51
[keystone_authtoken]
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
P.S. glance

52. Glance (6/6)
52
[paste_deploy]
[paste_deploy]
flavor = keystone
/etc/glance/glance-api.conf /etc/glance/glance-registry.conf
SQLite
$ sudo glance-manage db_sync
$ sudo service glance-registry restart
$ sudo service glance-api restart
$ sudo rm -f /var/lib/glance/glance.sqlite

53. Glance
53
admin-openrc.sh demo-openrc.sh Glance API
$ echo "export OS_IMAGE_API_VERSION=2" | sudo tee -a admin-openrc.sh demo-
openrc.sh
$ source admin-openrc.sh
Glance
$ wget -P /tmp/images http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-
disk.img
$ glance image-create --name "cirros-0.3.4-x86_64" --file cirros-0.3.4-x86_64-
disk.img --disk-format qcow2 --container-format bare --visibility public --progress

54. 54
Nova

55. 55
Amazon AWS EC2

56. 56
IaaS

57. 57

58. (1/2)
58
Compute Controller
Compute Controller
$ mysql -u root -p
# CREATE DATABASE nova;
# GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY
'nova';
# GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
P.S. nova

59. (2/2)
59
Keystone admin
$ openstack user create --password nova --email nova@example.com nova
$ openstack role add --project service --user nova admin
$ openstack service create --name nova --description "OpenStack Compute" compute
$ openstack endpoint create --publicurl http://10.0.0.11:8774/v2/%(tenant_id)s
--internalurl http://10.0.0.11:8774/v2/%(tenant_id)s
--adminurl http://10.0.0.11:8774/v2/%(tenant_id)s
--region RegionOne compute
P.S. nova

60. Nova
60
Packaging-Deb apt-get
Nova
$ sudo apt-get install nova-api nova-cert nova-conductor nova-
consoleauth nova-novncproxy nova-scheduler python-novaclient

61. Nova (1/4)
61
/etc/nova/nova.conf [DEFAULT]
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11

62. Nova (2/4)
62
[database]
[database]
connection = mysql://nova:nova@10.0.0.11/nova
[oslo_messaging_rabbit]
[oslo_messaging_rabbit]
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = p@ssw0rd
P.S. connection MySQL Rabbit

63. Nova (3/4)
63
[keystone_authtoken]
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
P.S. Keystone nova

64. Nova (4/4)
64
[glance] [oslo_concurrency] Glance Host lock_path
[glance]
host = 10.0.0.11
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
$ sudo nova-manage db sync

65. 65
Nova SQLite
$ sudo service nova-api restart
$ sudo service nova-cert restart
$ sudo service nova-consoleauth restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service nova-novncproxy restart
$ sudo rm -f /var/lib/nova/nova.sqlite

66. 66
Nova

67. 67
Compute

68. 68
PPT

69. 69

70. 70

71. 71
Compute

72. Compute
72
controller compute service
VM instance Compute
$ sudo apt-get install -y nova-compute sysfsutils

73. Nova-Compute (1/5)
73
/etc/nova/nova.conf [DEFAULT]
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
resume_guests_state_on_host_boot = true
my_ip = 10.0.0.31

74. Nova-Compute (2/5)
74
[vnc] VNC Server
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.0.0.31
novncproxy_base_url = http://10.0.0.11:6080/vnc_auto.html

75. Nova-Compute (3/5)
75
[oslo_messaging_rabbit] VNC Server
[oslo_messaging_rabbit]
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = p@ssw0rd
P.S. Rabbit p@ssw0rd

76. Nova-Compute (4/5)
76
[keystone_authtoken] VNC Server
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
P.S. Keystone nova

77. Nova-Compute (5/5)
77
[glance] [oslo_concurrency] Glance Host lock_path
[glance]
host = 10.0.0.11
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
$ sudo nova-manage db sync

78. Compute libvirt
78
Compute
$ kvm-ok
$ egrep -c '(vmx|svm)' /proc/cpuinfo
8
CPU KVM /etc/nova/nova-
compute.conf virt_type QEMU
[libvirt]
virt_type = qemu

79. 79
Nova SQLite
$ sudo service nova-compute restart
$ sudo rm -f /var/lib/nova/nova.sqlite

80. Nova
80
admin-openrc.sh nova client
$ nova service-list
$ nova endpoints
$ nova image-list

81. 81
Neutron

82. 82
Amazon AWS VPC

83. 83
L2 L3

84. 84
Plugin
LBaaS VPNaaS FWaaS

85. (1/2)
85
Networking Controller Network
Compute Controller
$ mysql -u root -p
# CREATE DATABASE neutron;
# GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'
IDENTIFIED BY 'neutron';
# GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY
'neutron';
P.S. neutron

86. (2/2)
86
Keystone admin
$ openstack user create --password neutron --email neutron@example.com neutron
$ openstack role add --project service --user neutron admin
$ openstack service create --name neutron --description "OpenStack Networking"
network
$ openstack endpoint create --publicurl http://10.0.0.11:9696
--adminurl http://10.0.0.11:9696
--internalurl http://10.0.0.11:9696
--region RegionOne network
P.S. neutron

87. Neutron
87
Packaging-Deb apt-get
Neutron
$ sudo apt-get install neutron-server neutron-plugin-ml2 python-
neutronclient

88. Neutron (1/4)
88
/etc/neutron/neutron.conf [DEFAULT]
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.0.0.11:8774/v2

89. Neutron (2/4)
89
[database]
[DEFAULT]
connection = mysql://neutron:neutron@10.0.0.11/neutron
[oslo_messaging_rabbit]
[oslo_messaging_rabbit]
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = p@ssw0rd
P.S. MySQL neutron rabbit p@ssw0rd

90. Neutron (3/4)
90
[keystone_authtoken]
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
P.S. neutron

91. Neutron (4/4)
91
[nova]
[nova]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
P.S. nova

92. Modular Layer 2 (1/2)
92
/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]
GRE OVS
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

93. 93
a
OVS

94. 94
OVS = Open vSwitch

95. 95
Open Source
Open vSwitch

96. 96
GRE

97. 97
GRE = Graduate Record Examinations

98. 98
GRE = Generic Routing Encapsulation

99. 99

100. 100
ML2

101. Modular Layer 2 (2/2)
101
[ml2_type_gre] id
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup] ipset OVS iptables
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

102. Nova Networking(1/2)
102
/etc/nova/nova.conf [DEFAULT] APIs
Drivers
[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

103. Nova Networking(2/2)
103
[neutron]
[neutron]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
P.S. neutron

104. 104
$ sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --
config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade liberty
Compute Networking SQLite
$ sudo service nova-api restart
$ sudo service neutron-server restart
$ sudo rm -f /var/lib/neutron/neutron.sqlite

105. neutron
105
neutron client neutron-server
$ neutron ext-list
P.S. neutron

106. 106
Network

107. (1/2)
107
Network L3 DHCP
/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
$ sudo sysctl -p

108. (2/2)
108
apt-get
$ sudo apt-get install neutron-plugin-ml2 neutron-plugin-
openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-
metadata-agent

109. Neutron (1/3)
109
/etc/neutron/neutron.conf [DEFAULT]
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

110. Neutron (2/3)
110
[database]
[DEFAULT]
# connection = sqlite:////var/lib/neutron/neutron.sqlite
[oslo_messaging_rabbit]
[oslo_messaging_rabbit]
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = p@ssw0rd
P.S. MySQL neutron rabbit p@ssw0rd

111. Neutron (3/3)
111
[keystone_authtoken]
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
P.S. neutron

112. Modular Layer 2 (1/4)
112
/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]
GRE OVS
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

113. Modular Layer 2 (2/4)
113
[ml2_type_flat]
[ml2_type_flat]
flat_networks = external
[ml2_type_gre] id
[ml2_type_gre]
tunnel_id_ranges = 1:1000

114. Modular Layer 2 (3/4)
114
[securitygroup] ipset OVS iptables
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs] IP
[ovs]
local_ip = 10.0.1.21
bridge_mappings = external:br-ex

115. Modular Layer 2 (4/4)
115
[agent] GRE
[agent]
tunnel_types = gre

116. Layer-3 (L3) Proxy
116
/etc/neutron/l3_agent.ini [DEFAULT]
[DEFAULT]
...
verbose = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True

117. DHCP Proxy(1/2)
117
/etc/neutron/dhcp_agent.ini [DEFAULT] DHCP
[DEFAULT]
...
verbose = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

118. DHCP Proxy(2/2)
118
/etc/neutron/dnsmasq-neutron.conf DHCP MTU (26)
1454 bytes
$ echo 'dhcp-option-force=26,1454' | sudo tee /etc/neutron/dnsmasq-
neutron.conf

119. Metadata Proxy(1/2)
119
/etc/neutron/metadata_agent.ini [DEFAULT] metadata
[DEFAULT]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default

120. Metadata Proxy(2/2)
120
/etc/neutron/metadata_agent.ini [DEFAULT]
[DEFAULT]
…
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = 10.0.0.11
metadata_proxy_shared_secret = d88ec459ab1e0bdaf5d8
P.S. Keystone neutron metadata_proxy_shared_secret

121. 121
Controller

122. Nova Metadata Proxy
122
/etc/nova/nova.conf [neutron] Nova metadata proxy
[neutron]
...
service_metadata_proxy = True
metadata_proxy_shared_secret = d88ec459ab1e0bdaf5d8
Controller Compute API
$ sudo service nova-api restart
P.S. metadata_proxy_shared_secret d88ec459ab1e0bdaf5d8

123. 123
Network

124. Open vSwitch (OVS)
124
Open vSwitch
$ sudo service openvswitch-switch restart
$ sudo ovs-vsctl add-br br-ex
$ sudo ovs-vsctl add-port br-ex INTERFACE_NAME
P.S. INTERFACE_NAME Public eth1

125. Networking
125
$ sudo service neutron-plugin-openvswitch-agent restart
$ sudo service neutron-l3-agent restart
$ sudo service neutron-dhcp-agent restart
$ sudo service neutron-metadata-agent restart
Controller Keystone admin
$ neutron agent-list

126. 126
Compute

127. (1/2)
127
Compute /etc/
sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
$ sudo sysctl -p

128. (2/2)
128
apt-get
$ sudo apt-get install neutron-plugin-ml2 neutron-plugin-
openvswitch-agent

129. Neutron (1/3)
129
/etc/neutron/neutron.conf [DEFAULT]
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

130. Neutron (2/3)
130
[database]
[DEFAULT]
# connection = sqlite:////var/lib/neutron/neutron.sqlite
[oslo_messaging_rabbit]
[oslo_messaging_rabbit]
rabbit_host = 10.0.0.11
rabbit_userid = openstack
rabbit_password = p@ssw0rd
P.S. MySQL neutron rabbit p@ssw0rd

131. Neutron (3/3)
131
[keystone_authtoken]
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
P.S. neutron

132. Modular Layer 2 (1/3)
132
/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]
GRE OVS
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

133. Modular Layer 2 (2/3)
133
[ml2_type_gre] id
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup] ipset OVS iptables
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

134. Modular Layer 2 (3/3)
134
[ovs] IP
[ovs]
local_ip = 10.0.1.31
[agent] GRE
[agent]
tunnel_types = gre

135. Compute Networking(1/2)
135
/etc/nova/nova.conf [DEFAULT] APIs Drivers
[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver =
nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

136. Compute Networking(2/2)
136
[neutron] Keystone
[DEFAULT]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
P.S. neutron

137. Compute Networking
137
$ sudo service openvswitch-switch restart
$ sudo service nova-compute restart
$ sudo service neutron-plugin-openvswitch-agent restart
Controller Keystone admin
$ neutron agent-list

138. 138

139. 139

140. External network(1/2)
140
neutron net-create
$ neutron net-create ext-net --router:external --provider:physical_network
external --provider:network_type flat

141. External network(2/2)
141
neutron subnet-create
$ neutron subnet-create ext-net 192.168.20.0/24 --name ext-subnet --
allocation-pool start=192.168.20.101,end=192.168.20.200 --disable-dhcp --
gateway 192.168.20.1

142. 142
Horizon

143. 143
Dashboard

144. Horizon (1/2)
144
Dashboard Controller
OpenStack apt-get dashboard
$ sudo apt-get install openstack-dashboard
Ubuntu openstack-dashboard ubuntu-theme
$ sudo apt-get purge openstack-dashboard-ubuntu-theme

145. Horizon (2/2)
145
/etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = '*'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

146. 146
$ sudo service apache2 reload
$ sudo service apache2 restart
http://10.0.011/horizon

147. 147
Deploy and Management
Tools

148. 148
Mirantis Fuel

149. 149
HP Helion

150. 150
Ubuntu
MAAS + JuJu

151. 151
Kolla

152. 152
Red Hat
OpenStack

153. 153P.S.

154. 154
Ansible

155. 155
Puppet

156. 156
Chef

157. 157

158. 158
SSCloud

159. 159
Dashboard
150
hackathon001 , hackathon002, ... , hackathon150
https://sscloud.unicloud.org.tw/auth/login/

160. 160
OpenStack Hackfest
18-20 March 2016

161. 161