Openstack Installation (ver. liberty)

Learning Objectives
 This chapter examine OpenStack architecture and how to
install OpenStack. By the time you finish this chapter, you
will be able to do the following :
 Describe OpenStack architecture
 Understand OpenStack components
 How to install OpenStack Liberty
2

Outline
 虛擬化技術介紹
 Introduction to OpenStack
 Components of OpenStack
 OpenStack install
3

虛擬化技術
 現今雲端運算上的虛擬化技術，主要是將原本運作在實際伺
服器上的伺服器作業系統，變成在虛擬化的軟體上執行，因
此在硬體故障時，這些伺服器系統便可以很容易地移轉到另
外一台已設置好虛擬化軟體的硬體上，系統不需要重新安裝
與設定，新硬體與舊硬體也不必是相同規格，可以大幅簡化
伺服器的管理。
 開放原始碼上主流的虛擬化技術大致上分兩種:
 硬體虛擬化（Hardware Virtualization）
 作業系統層級的虛擬化技術（Operating System-level Virtualization）
4
參考資料:
http://www.netadmin.com.tw/article_content.aspx?sn=141
2020002

硬體虛擬化技術
 硬體虛擬化的架構是用軟體建立一個模擬真實電腦硬體的
虛擬機器（Virtual Machine），而原本執行在實際電腦硬
體的作業系統，則運作執行在這個虛擬機器上，虛擬機器
內運行的作業系統與實際的電腦硬體之間，會有軟體介面
隔離控制這些虛擬機器對硬體的存取。
 進行硬體虛擬化的系統軟體則被稱作Hypervisor或虛擬機
器管理員（Virtual Machine Manager），Hypervisor因為
主要是在控制虛擬機器的運作，又被稱為虛擬機器監視器
（Virtual Machine Monitor），縮寫為VMM。
 OpenSource:KVM、Xen
5
參考資料:
2020002

虛擬化實現方式
6
 目前主流的虛擬化實現方式有兩種:
 Type1:VMM直接運行在硬體上控制所有硬體並管理使用者
操作系統系統，例如:Xen、VMware ESXi。
 Type2:VMM運行在一個傳統的作業系統裡，例如:KVM、
VirtualBox。

作業系統層級的虛擬化技術
 作業系統層級虛擬化技術的架構，則是藉由讓作業系統核
心可以建立多個隔離的使用者空間運作實體技術來達成，
使用者在這些隔離的使用者空間中運作，感覺就像在實際
獨立的環境內運作一樣，而這些隔離的使用者空間運作實
體又被稱為容器（Containers）、虛擬化引擎（
Virtualization Engines，VE）、虛擬私有伺服器（Virtual
Private Servers，VPS）或叫囚室（jails）。
 作業系統核心同時也提供管理這些運作實體使用資源的機
制，避免單一運作實體使用系統資源過度，而影響到其他
運作實體。
 OpenSource:Docker、OpenVZ
7
參考資料:
2020002

Linux Container
 透過 Container 技術可以讓 DevOps 更容易，省去了不少
時間與資源成本。
 Linux Container技術是一個內建於Linux的新一代虛擬化技
術，不同於虛擬機器是一整臺實體電腦的虛擬化，LXC則
是應用程式的虛擬化。LXC將應用系統打包成一個
Container，裡面只包含了應用程式的程式碼、所需作業系
統核心和函式庫，透過統一的命名空間和共用API來分配
不同應用程式所在Container的可用硬體資源，來創造出應
用程式的獨立沙箱執行環境。因為LXC技術不需要多一個
Hypervisor軟體層，因此， Container容量小且輕量化，可
以在數秒內建立應用程式所需的執行環境，遠快於利用傳
統虛擬化技術需要數分鐘才能建立虛擬機器的時間。
8
參考資料: http://www.ithome.com.tw/news/90440

Docker
 原本Docker是以Linux容器（Linux Container，LXC）技術
為基礎，LXC是一個使用者空間工具（User-space Tools）
，提供一個系統介面以銜接核心空間（Kernel-space）所
提供的作業系統層級虛擬化功能，如控制群組（Control
Groups，cgroups）或核心命名空間（Kernel Namespaces
）。不過，Docker在0.9版開始便自行以Google發展的Go
程式語言開發libcontainer程式庫以取代LXC。
 Docker因為提供了簡易好用的工具及環境，因此成為新崛
起且非常熱門的Linux作業系統層級虛擬化技術，
OpenStack計畫開始將Docker整合進入其雲端平台中。
9
參考資料: http://www.ithome.com.tw/news/90440

雲端界中的Linux-OpenStack
 OpenStack允許讓使用者快速部屬雲端的基礎設施環境
(IaaS)叢集，不同於Hadoop 這類針對特定功能取向的PaaS
，OpenStack提供的是完整的底層資源與環境部屬，能夠
提供商業IaaS的大老：Amazon Elastic Compute
Cloud(Amazon EC2) 的功能。
10

Amazon EC2
 Amazon Elastic Compute Cloud(Amazon EC2) ，由亞馬遜公
司提供的web服務，是一個讓使用者可以租用雲端電腦運
行所需應用的系統。EC2藉由提供web服務的方式讓使用
者可以彈性地運行自己的Amazon機器映像檔，使用者將
可以在這個虛擬機器上運行任何自己想要的軟體或應用程
式。使用者可以隨時創建、執行、終止自己的虛擬伺服
器，使用多少時間算多少錢，也因此這個系統是"彈性"使
用的。
11
參考資料:
https://www.openfoundry.org/tw/resourcecatalog/Cloud-
Computing/Infrastructure-Layer/Computing/Amazon-EC2

OpenStack簡介
 OpenStack 專案已經有五年的時間了，從 2010 年 7 月開
始開發，原先是由 NASA 主導的專案 Nebula。後來 NASA
與雲端服務廠商 Rackspace 合作，演變成現在熟知的雲端
運算平臺 OpenStack。
 由於 OpenStack 採用開放原始碼授權，Apache 授權協議
，相較 GPL 類授權比較寬鬆，因此不少企業選擇
OpenStack 節省成本。OpenStack 也讓擴大服務能量成為
可能，很容易就橫向擴展(Horizontal Scaling)規模。
12

OpenStack Releases
Release Name Release Date Included Components
Austin 21 October 2010 Nova, Swift
Bexar 3 February 2011 Nova, Glance, Swift
Cactus 15 April 2011 Nova, Glance, Swift
Diablo 22 September 2011 Nova, Glance, Swift
Essex 5 April 2012 Nova, Glance, Swift, Horizon, Keystone
Folsom 27 September 2012 Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder
Grizzly 4 April 2013 Nova, Glance, Swift, Horizon, Keystone, Quantum, Cinder
Havana 17 October 2013 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat
Icehouse 17 April 2014 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat, Trove
Juno October 2014 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat, Trove, Sahara
Kilo April 2015 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Ceilometer, Heat, Trove, Sahara, Ironic
*Liberty 16 October 2015
Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer, Trove, Sahara, Ironic,
Zaqar, Manila, Designate, Barbican
13
*為現在Releases最新版本

OpenStack產業界應用(一)
 CERN使用了5千臺運算節點來執行OpenStack環境，4,800
臺執行KVM，而200臺則執行Hyper-V虛擬化平臺，共有16
萬個核心，來執行13萬個VM。目前有2千位研究人員使用
，建立了超過2,300個專案。
14

OpenStack產業界應用(二)
 日本發生地震後，在數十秒內，日本雅虎資料中心的網路
流量瞬間暴增為平時尖峰的3倍，如何事先打造出一套可
以應付這種瞬間爆量的基礎架構，是日本雅虎資料中心面
臨的一大挑戰。
 由於OpenStack軟體上的效能改進，單櫃伺服器所能執行
的虛擬機器，也從400個提高到單櫃2,000個。
 日本雅虎目前部署了超過20個OpenStack叢集，總儲存容
量達20PB(10的15次方byte)，可用性能達到99.996％。
15參考資料: http://www.ithome.com.tw/news/98304

OpenStack users
 PayPal / eBay
 NASA
 Yahoo!
 HP Public Cloud
 Wikimedia Labs
 Cisco WebEx
 more…(http://www.openstack.org/user-stories)
16

OpenStack Overview
 What is OpenStack?
 Open Source Cloud Software
 mostly deployed as an infrastructure-as-a-service (IaaS)
 Combines compute, network and storage resources
 Web portal for cloud admins and self-service users
 Cloud services exposed through APIs
17

Components of OpenStack-Nova
18
Nova – Compute:
It provides virtual servers
upon demand. Nova is the
most complicated and
distributed component of
OpenStack. A large
number of processes
cooperate to turn end
user API requests into
running virtual machines.

Components of OpenStack-Glance
19
Glance – Image Store:
It provides discovery,
registration and delivery
services for disk and
server images. Glance
accepts API requests for
images (or image
metadata) from end users
or Nova components and
can store its disk files in
the object storage service,
Swift or other storage
repository.

Components of OpenStack-Neutron
20
Neutron – Network:
It provides “ network
connectivity as a service ”
between interface devices
(e.g., vNICs) managed by
other OpenStack services
(e.g., nova). The service
works by allowing users
to create their own
networks and then attach
interfaces to them.
Neutron will interact
mainly with Nova, where
it will provide networks
and connectivity for its
instances.

Components of OpenStack-Swift
21
Swift – Object
Storage:
Object store allows you to
store or retrieve files. It
provides a fully
distributed, API-accessible
storage platform that can
be integrated directly into
applications or used for
backup, archiving and
data retention.

Components of OpenStack-Cinder
22
Cinder – Block
Storage:
Cinder is more analogous
to the traditional notion
of a computer being able
to access specific
locations on a disk drive.
This more traditional way
of accessing files might be
important in scenarios in
which data access speed
is the most important
consideration.

Components of OpenStack-Keystone
23
Keystone – Identity:
Keystone is a framework
for authentication and
authorization for all the
OpenStack services. It
handles API requests as
well as providing
configurable catalog,
policy, token and identity
services. It provides the
ability to add users to and
to manage permissions
between users and
groups. Permissions
include the ability to
launch and terminate
instances.

Components of OpenStack-Horizon
24
Horizon – Dashboard:
It provides a modular
web-based user interface
for all the OpenStack
services. With this web
GUI, you can perform
most operations on your
cloud like launching an
instance, assigning IP
addresses and setting
access controls.

Components of OpenStack-Ceilometer
25
Ceilometer –
Telemetry:
Ceilometer was originally
designed to support
billing systems for
OpenStack cloud
resources. This project
only covers the metering
portion of the required
processing for billing. This
service collects
information about the
system and stores it in the
form of samples in order
to provide data about
anything that can be
billed.

Components of OpenStack-Heat
26
Heat – Orchestration:
Heat stacks are defined
with templates, which are
non-procedural
documents that describe
tasks in terms of
resources, parameters,
inputs, constraints, and
dependencies. When the
Orchestration service was
originally introduced, it
worked with AWS
CloudFormation
templates, which are in
the JSON format.

 Sahara - Data Processing
 Trove - Database as a Service
 Ironic - Bare Metal
 Zaqar - Message service
 Barbican - Key management
 Designate DNS - DNS
 Manila - Shared Filesystems
 Magnum - Containers service
 Murano - Application catalog
27
Components of OpenStack-Others

OpenStack Liberty Install
 Environment deployment
 Identity service install
 Image service install
 Compute service install
 Networking service install
 Dashboard install(optional)
28
安裝時，請參考OpenStack官方網站的文件:
http://docs.openstack.org/liberty/install-guide-ubuntu/
OpenStack Liberty官方demo影片:https://www.youtube.com/watch?v=e7r2-p8Mki4

Environment deployment
 Dashboard install(optional)
29
http://docs.openstack.org/liberty/install-guide-ubuntu/environment.html

Environment-虛擬機軟體選擇
30
下載網址:https://www.vmware.com/tw/products/workstation/workstation-evaluation.html

Environment-新增虛擬機
33

Environment-新增虛擬機(Cont.)
34

本範例映像檔使用Ubuntu desktop 64位元 14.04版本
35

第二個虛擬機full name和user name設為compute
36

37

38

39

Environment-Networking(Cont.)
為了能夠讓兩台VM都能有兩個NIC，先將兩個VM關閉，並各別新增一個
VM的Network Adapter(兩台VM都必須新增)，新增的NIC網路連線選擇
LAN segement。
40

另外要將兩台VM的硬體資源做調整
Controller node memory調成4G以上,Compute node memory調成2G以上
Controller/Compute node processors 2顆以上
然後再按Add…
41

42

43

新增兩個LAN segemants for controller node and compute node
44

Controller node 與 Compute node 分別各選一個 LAN segement
45

46
確認第二張未被分配IP的網卡已經加入VM:
# ifconfig

Controller node
# vim /etc/network/interfaces
# vim /etc/hosts
# vim /etc/hostname
ubuntu改成controller
→ reboot your VM
47

Compute node
# vim /etc/network/interfaces
# vim /etc/hosts
# vim /etc/hostname
ubuntu改成compute
→ reboot your VM
48

Verify connectivity
Controller node
# ping compute
Compute node
# ping controller
49

Environment-OpenStack package
All nodes
# apt-get install software-properties-common
# add-apt-repository cloud-archive:liberty
# apt-get update && apt-get dist-upgrade
# apt-get install python-openstackclient
50

Environment-SQL database
Controller node
# apt-get install mariadb-server python-pymysql
→ 設定SQL password
# vim /etc/mysql/conf.d/mysqld_openstack.cnf
# service mysql restart
51
Bind-address設定
controller node的IP
address

Environment-Message queue
Controller node
# apt-get install rabbitmq-server
# rabbitmqctl add_user openstack RABBIT_PASS
Replace RABBIT_PASS with a suitable password.
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
52

Identity service
 dashboard install(optional)
53
http://docs.openstack.org/liberty/install-guide-ubuntu/keystone.html

Identity service(Cont.)
54
Controller node
# mysql –u root -p
> CREATE DATABASE keystone;
> GRANT ALL PRIVILEGES ON keystone.* TO
'keystone'@'localhost'
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'
IDENTIFIED BY 'KEYSTONE_DBPASS';
Replace KEYSTONE_DBPASS with a suitable password.
> exit

55
# openssl rand -hex 10
→ 記下這個random value
# echo "manual" > /etc/init/keystone.override
# apt-get install keystone apache2 libapache2-mod-wsgi
memcached python-memcache
# vim /etc/keystone/keystone.conf
Replace ADMIN_TOKEN with the random value that you
generated in a previous step.
[DEFAULT]
...
admin_token = ADMIN_TOKEN
verbose = True

56
Replace KEYSTONE_DBPASS with the password you chose for
the database.
# su -s /bin/sh -c "keystone-manage db_sync" keystone
[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[memcache]
...
servers = localhost:11211
[token]
...
provider = uuid
driver = memcache
[revoke]
...
driver = sql

# vim /etc/apache2/apache2.conf
# vim /etc/apache2/sites-available/wsgi-keystone.conf
57
...
ServerName controller
...
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone
group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined

58
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone
group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>

# ln -s /etc/apache2/sites-available/wsgi-keystone.conf
/etc/apache2/sites-enabled
# service apache2 restart
# rm -f /var/lib/keystone/keystone.db
59
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>

# export OS_TOKEN=ADMIN_TOKEN
Replace ADMIN_TOKEN with the random value that you
generated from page 56
# export OS_URL=http://controller:35357/v3
# export OS_IDENTITY_API_VERSION=3
# openstack service create --name keystone --description
"OpenStack Identity" identity
60

# openstack endpoint create --region RegionOne identity
public http://controller:5000/v2.0
internal http://controller:5000/v2.0
admin http://controller:35357/v2.0
61
三個endpoint說明請參考:
http://docs.openstack.org/liberty/
install-guide-ubuntu/keystone-
services.html

# openstack project create --domain default --
description "Admin Project" admin
# openstack user create --domain default --password-
prompt admin
62

# openstack role create admin
# openstack role add --project admin --user admin admin
description "Service Project" service
63

description "Demo Project" demo
prompt demo
64

# openstack role create user
# openstack role add --project demo --user demo user
65

Identity service-Verify operation
66
# vim /etc/keystone/keystone-paste.ini
remove admin_token_auth from the [pipeline:public_api],
[pipeline:admin_api], and [pipeline:api_v3] sections.

Identity service-Verify operation(Cont.)
# unset OS_TOKEN OS_URL
# openstack --os-auth-url http://controller:35357/v3 --
os-project-domain-id default --os-user-domain-id default
--os-project-name admin --os-username admin --os-auth-
type password token issue
# openstack --os-auth-url http://controller:5000/v3 --
os-project-domain-id default --os-user-domain-id default
--os-project-name demo --os-username demo --os-auth-type
password token issue
67

→ 建立兩個檔案admin-openrc.sh(上), demo-openrc.sh(下)
Replace ADMIN_PASS/DEMO_PASS with the password you chose
for the demo user in the Identity service.
Create client environment scripts
68
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

Using the scripts
# source admin-openrc.sh
# openstack token issue
69

70
http://docs.openstack.org/liberty/install-guide-ubuntu/glance.html

Image service
71
Controller node
# mysql -u root -p
> CREATE DATABASE glance;
> GRANT ALL PRIVILEGES ON glance.* TO
'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'
IDENTIFIED BY 'GLANCE_DBPASS';
Replace GLANCE_DBPASS with a suitable password.
> exit

Image service(Cont.)
72
prompt glance
# openstack role add --project service --user glance
admin
# openstack service create --name glance --description
"OpenStack Image service" image

Image service (Cont.)
# openstack endpoint create --region RegionOne image
public http://controller:9292
internal http://controller:9292
admin http://controller:9292
73

74
# apt-get install glance python-glanceclient
# vim /etc/glance/glance-api.conf
Replace GLANCE_DBPASS with the password you chose for the
Image service database & Replace GLANCE_PASS with the
password you chose for the glance user in the Identity
service.
[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken] #註解掉[keystone_authtoken] section中其他設定
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = GLANCE_PASS

75
[paste_deploy]
...
flavor = keystone
[glance_store]
...
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
...
notification_driver = noop
verbose = True

76
# vim /etc/glance/glance-registry.conf
Replace GLANCE_DBPASS with the password you chose for the
Image service database & Replace GLANCE_PASS with the
password you chose for the glance user in the Identity
service.
[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
...
username = glance
password = GLANCE_PASS

# su -s /bin/sh -c "glance-manage db_sync" glance
# service glance-registry restart
# service glance-api restart
# rm -f /var/lib/glance/glance.sqlite
77
[paste_deploy]
...
flavor = keystone
[DEFAULT]
...
notification_driver = noop
verbose = True

Image service-Verify operation
# echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-
openrc.sh demo-openrc.sh
# wget http://download.cirros-cloud.net/0.3.4/cirros-
0.3.4-x86_64-disk.img
# glance image-create --name "cirros"
--file cirros-0.3.4-x86_64-disk.img
--disk-format qcow2 --container-format bare
--visibility public --progress
# glance image-list
78

Image service-Verify operation(Cont.)
79

80

Compute service
81
Controller node
# mysql -u root -p
> CREATE DATABASE nova;
> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost'
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'
IDENTIFIED BY 'NOVA_DBPASS';
Replace NOVA_DBPASS with a suitable password.
> exit

Compute service(Cont.)
82
prompt nova
# openstack role add --project service --user nova admin
# openstack service create --name nova --description
"OpenStack Compute" compute
# openstack endpoint create --region RegionOne compute
public http://controller:8774/v2/%(tenant_id)s
internal http://controller:8774/v2/%(tenant_id)s
admin http://controller:8774/v2/%(tenant_id)s

83
# apt-get install nova-api nova-cert nova-conductor nova-
consoleauth nova-novncproxy nova-scheduler python-
novaclient
# vim /etc/nova/nova.conf
CONTROLLER_IP_ADDRESS在本投影片範例應設為192.168.174.143
參考投影片 p.33 網路環境
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
my_ip = CONTROLLER_IP_ADDRESS
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver =
nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
verbose = True

84
Replace NOVA_DBPASS with the password you chose for the
Compute database.
Replace RABBIT_PASS with the password you chose for the
openstack account in RabbitMQ.
[database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

85
Replace NOVA_PASS with the password you chose for the
nova user in the Identity service.
...
username = nova
password = NOVA_PASS
[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

86
# su -s /bin/sh -c "nova-manage db sync" nova
# service nova-api restart
# service nova-cert restart
# service nova-consoleauth restart
# service nova-scheduler restart
# service nova-conductor restart
# service nova-novncproxy restart
# rm -f /var/lib/nova/nova.sqlite
[glance]
...
host = controller
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

87
Compute node
# apt-get install nova-compute sysfsutils
COMPUTE_IP_ADDRESS在本投影片範例應設為192.168.174.144
(參考投影片 p.33 網路環境)
[DEFAULT]
...
my_ip = COMPUTE_IP_ADDRESS
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver =
nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
verbose = True

88
...
...
username = nova

89
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
host = controller
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

# egrep -c '(vmx|svm)' /proc/cpuinfo
→若輸出數值大於等於1則不需做額外設定,若數值等於0:
# vim /etc/nova/nova-compute.conf
kvm改為qemu
# service nova-compute restart
# rm -f /var/lib/nova/nova.sqlite
90
[DEFAULT]
compute_driver=libvirt.LibvirtDriver
[libvirt]
virt_type=kvm

Compute service-Verify operation
Controller node
# nova service-list
# nova endpoints
91

Compute service-Verify operation(Cont.)
92
Ignore any warnings in this output.
# nova image-list

93
OpenStack網路介紹
http://docs.openstack.org/liberty/networking-guide/intro-networking.html

Networking service
94
Controller node
# mysql -u root -p
> CREATE DATABASE neutron;
> GRANT ALL PRIVILEGES ON neutron.* TO
'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'
IDENTIFIED BY 'NEUTRON_DBPASS';
Replace NEUTRON_DBPASS with a suitable password.
> exit

Networking service(Cont.)
95
prompt neutron
# openstack role add --project service --user neutron
admin
# openstack service create --name neutron --description
"OpenStack Networking" network

# openstack endpoint create --region RegionOne network
public http://controller:9696
internal http://controller:9696
admin http://controller:9696
96

Configure networking options
1. Provider networks: deploys the simplest possible
architecture that only supports attaching instances to
public (provider) networks. No self-service networks,
routers, or floating IP addresses. Only the admin or other
privileged user can manage provider networks.
2. Self-service networks: augments option 1 with layer-3
services that support attaching instances to self-service
(private) networks. The demo or other unprivileged user can
manage self-service networks including routers that provide
connectivity between self-service and provider networks.
Additionally, floating IP addresses provide connectivity to
instances using self-service networks from external networks
such as the Internet.
97

98
Controller node
# apt-get install neutron-server neutron-plugin-ml2
neutron-plugin-linuxbridge-agent neutron-l3-agent
neutron-dhcp-agent neutron-metadata-agent python-
neutronclient conntrack
# vim /etc/neutron/neutron.conf
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
verbose = True

99
Replace NEUTRON_PASS with the password you chose for the
neutron user in the Identity service.
...
username = neutron
password = NEUTRON_PASS

100
Replace NEUTRON_DBPASS with the password you chose for
the database.
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[nova]
...
region_name = RegionOne
username = nova

101
...

102
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = public
[securitygroup]
...
enable_ipset = True
[ml2_type_vxlan]
...
vni_ranges = 1:1000

103
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
Replace PUBLIC_INTERFACE_NAME with the name of the
underlying physical public network interface.
PUBLIC_INTERFACE_NAME在本投影片範例應設為 eth0 (參考投影片
p.33 網路環境)
Replace PUBLIC_INTERFACE_IP_ADDRESS with the name of the
PUBLIC_INTERFACE_IP_ADDRESS在本投影片範例應設為
192.168.174.143 (參考投影片 p.33 網路環境)
[linux_bridge]
...
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True

104
[agent]
...
prevent_arp_spoofing = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

105
# vim /etc/neutron/l3_agent.ini
# vim /etc/neutron/dhcp_agent.ini
# vim /etc/neutron/dnsmasq-neutron.conf
[DEFAULT]
...
verbose = True
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
verbose = True
dhcp-option-force=26,1450

106
# vim /etc/neutron/metadata_agent.ini
neutron user in the Identity service & Replace
METADATA_SECRET with a suitable secret for the metadata
proxy.
[DEFAULT]
...
auth_region = RegionOne
username = neutron
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
verbose = True

107
neutron user in the Identity service & Replace
METADATA_SECRET with the secret you chose for the
metadata proxy.
[neutron]
...
url = http://controller:9696
username = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET

108
# su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf --config-file
/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
neutron
# service nova-api restart
# service neutron-server restart
# service neutron-plugin-linuxbridge-agent restart
# service neutron-dhcp-agent restart
# service neutron-metadata-agent restart
# service neutron-l3-agent restart
# rm -f /var/lib/neutron/neutron.sqlite

Networking service
109
Compute node
# apt-get install neutron-plugin-linuxbridge-agent
conntrack
# vim /etc/neutron/neutron.conf
In the [database] section, comment out any connection
options because compute nodes do not directly access the
database.
[DEFAULT]
...
verbose = True

110
openstack account in RabbitMQ & Replace NEUTRON_PASS with
the password you chose for the neutron user in the
Identity service.
...
...
username = neutron

111
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
Replace PUBLIC_INTERFACE_NAME with the name of the
PUBLIC_INTERFACE_NAME在本投影片範例應設為 eth0 (參考投影片
p.33 網路環境)
Replace OVERLAY_INTERFACE_IP_ADDRESS with the name of the
PUBLIC_INTERFACE_IP_ADDRESS在本投影片範例應設為
192.168.174.144 (參考投影片 p.33 網路環境)
[linux_bridge]
...
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True

112
[agent]
...
prevent_arp_spoofing = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

113
neutron user in the Identity service.
# service nova-compute restart
# service neutron-plugin-linuxbridge-agent restart
[neutron]
...
url = http://controller:9696
username = neutron

Networking service-Verify operation
114
Controller Node
# neutron ext-list
# neutron agent-list

Finally!!-Let’s launch an instance
115
Controller node
After you launch an instance, you have to generate a key
pair, add security group rules and create virtual
networks first.
Generate a key pair
# ssh-keygen -q -N ""
# nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
# nova keypair-list

Launch an instance(Cont.)
116
Add security group rules
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

117
Create virtual networks
This section creates the necessary virtual networks to support
launching one more instances. Networking option 1 includes one
public virtual network and one instance that uses it.
Networking option 2 includes one public virtual network, one
private virtual network, and one instance that uses each
network. The instructions in this section use command-line
interface (CLI) tools on the controller node.
Create virtual networks for the networking option that you
chose at Page.98. If you chose option 1(Provider networks),
create only the public virtual network. If you chose option
2(Self-service networks), create the public and private virtual
networks.

118
Create the public network
# neutron net-create public --shared --
provider:physical_network public --provider:network_type
flat

119
Create the public network(Cont.)
# neutron subnet-create public 192.168.174.0/24 --name
public --allocation-pool
start=192.168.174.50,end=192.168.174.100 --dns-nameserver
8.8.4.4 --gateway 192.168.174.2
請參考自己的虛
擬機器軟體NAT的
設定建立subnet

120
本實驗投影片Vmware Workstation NAT的設定
Vmware Workstation NAT
Settings:
Edit →
Virtual Network Editer →
Vmnet8(NAT) →
NAT settings

121
Create the private project network
# neutron net-create private

122
Create the private project network(Cont.)
# neutron subnet-create private 172.16.1.0/24 --name
private --dns-nameserver 8.8.4.4 --gateway 172.16.1.1

123
Create a router
# neutron net-update public --router:external
# neutron router-create router
# neutron router-interface-add router private
# neutron router-gateway-set router public

124
Verify operation
# ip netns
# neutron router-port-list router

125
Launch a public network instance
# nova boot --flavor m1.tiny --image cirros --nic net-
id=PUBLIC_NET_ID --security-group default --key-name
mykey public-instance
Replace PUBLIC_NET_ID with the ID of the public provider
network.(若不知道public netwrok的ID可以下此command查看:#
neutron net-list)

126
Launch a public network instance(Cont.)
# nova list
Access the instance using the virtual console
# nova get-vnc-console public-instance novnc
複製此段網址貼到瀏覽器即可以novnc存取此instance的console

127

128

129
Launch a private network instance
# nova boot --flavor m1.tiny --image cirros --nic net-
id=PRIVATE_NET_ID --security-group default --key-name
mykey private-instance
Replace PRIVATE_NET_ID with the ID of the public provider
network.(若不知道private netwrok的ID可以下此command查看:#
neutron net-list)

130
Launch a private network instance(Cont.)
# nova list
Access the instance using the virtual console
# nova get-vnc-console private-instance novnc
複製此段網址貼到瀏覽器即可以novnc存取此instance的console

131

132

133

Dashboard(optional)
134
Controller node
# apt-get install openstack-dashboard
# vim /etc/openstack-dashboard/local_settings.py
Comment out any other session storage configuration.
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}

Dashboard (Cont.)
135
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"volume": 2,
}
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
If you chose networking option 1, disable support for
layer-3 networking services:
若你安裝的是第二裝網路模式則不用更變上面這段程式碼

Dashboard (Cont.)
136
Replace TIME_ZONE with UTC.
# service apache2 reload
Access the dashboard using a web browser at
http://controller<or type IP address>/horizon.
Authenticate using admin user and default domain
credentials.
Domain:default
User Name:admin or demo
Password:Your admin password
or demo password
TIME_ZONE = "TIME_ZONE"

Resources
 OpenStack Documentation
http://docs.openstack.org/
 OpenStack facebook Taiwan
https://www.facebook.com/groups/openstack.tw/?fref=ts
 Ask.OpenStack
https://ask.openstack.org/en/questions/
140

References
 OpenStack Documentation
http://docs.openstack.org/
 OpenStack GitBook
https://kairen.gitbooks.io/openstack/content/
141

Openstack Installation (ver. liberty)

More Related Content

What's hot

Viewers also liked

Similar to Openstack Installation (ver. liberty)

Recently uploaded

Openstack Installation (ver. liberty)