Openstack 설치 전 사전 작업
먼저 우분투 20.04 버전으로 한 대는 compute(클라이언트) 한대는 controller(서버)로 설치하겠다.
본 실습에서는 아래와 같이 설정해 주었다. vmware pro, 윈도우 10pro로 실습하였다.
>> controller #서버
cpu 4/1 M8G/ H100G single / vmnet8[nat],vmnet10 / vt-x(가상화)
vmnet10:192.168.1.10 vmnet8:192.168.2.5
>> compute #클라이언트
cpu 2/1 M4G / H50G single / vmnet8[nat], vmnet10 / vt-x(가상화)
vmnet10:192.168.1.11 vmnet8>192.168.2.6
win10 vmnet10 192.168.1.1/24
win10 vmnet8 192.168.2.1/24 --> range 192.168.2.10-200 // gw 192.168.2.2
#ip설정
nano /etc/netplan/0누르고 tab
network:
version: 2
ethernets:
ens32:
dhcp4: true
addresses: [192.168.2.5/24] --> 2.6
nameservers:
addresses: [8.8.8.8,8.8.4.4]
ens33:
dhcp4: no
addresses: [192.168.1.10/24] --> 1.11
nameservers:
addresses: [8.8.8.8,8.8.4.4]
ufw disable
sleep mode disable
apt-get update -y && apt-get dist-upgrade -y
apt-get -y install python3-pip && apt-get -y install openssh-server && apt-get -y install apache2
nano /etc/hosts
192.168.1.10 controller
192.168.1.11 compute
서로 ping통신확인
본격적인 실습에 앞서 Openstack을 명령어로 설치하기 위해서는 사전작업을 해야 한다.
chrony를 통해 시간동기화를 하여 모든 서버 및 controller, compute 노드들의 시간 동기화를 진행하고, MariaDB를 설치해야한다.
RabbitMQ를 설치해 메시지 큐를 가능하게 한다. 이는 openstack 각 서비스 간의 상호 통신을 위해 필요하며 controller node에만 설치해야한다.
Memcached 서버를 설치하여 openstack 서비스들이 사용하는 인증 정보를 메모리의 캐시에 저장할 수 있도록 해야한다.
Etcd를 설치하여 사용되는 분산 키-값 저장소로, 설정 및 상태 정보를 안정적으로 저장하고 관리하는 역할을 한다.
시간 동기화(Crony)
https://docs.openstack.org/install-guide/environment-ntp-controller.html
Controller node — Installation Guide documentation
Controller node Perform these steps on the controller node. Install and configure components Install the packages: For Ubuntu: For RHEL or CentOS: For SUSE: Edit the chrony.conf file and add, change, or remove the following keys as necessary for your envir
docs.openstack.org
>> controller
chrony설치 & 서비스 설정
apt-get -y install chrony
systemctl restart/enable chrony>> compute
chrony설치
apt-get install cronyconf파일 수정
nano /etc/chrony/chrony.conf아래의 명령어는 controller를 서버로 받아오게 해준다는 의미이다.
chrony 서비스 재시작, 재부팅 설정을 해준다.
systemctl restart chrony
systemctl enable chronymariadb설치
https://docs.openstack.org/install-guide/environment-sql-database-ubuntu.html
SQL database for Ubuntu — Installation Guide documentation
SQL database for Ubuntu Most OpenStack services use an SQL database to store information. The database typically runs on the controller node. The procedures in this guide use MariaDB or MySQL depending on the distribution. OpenStack services also support o
docs.openstack.org
>> controller
mariadb를 설치해 준다.
apt -y install mariadb-server python3-pymysql
ls -l /etc/mysql/mariadb.conf.d/설정파일에 무엇이 있는지 확인해준다.
root@controller:~# ls -l /etc/mysql/mariadb.conf.d/
합계 16
-rw-r--r-- 1 root root 733 2월 10 2023 50-client.cnf
-rw-r--r-- 1 root root 336 2월 10 2023 50-mysql-clients.cnf
-rw-r--r-- 1 root root 1032 2월 10 2023 50-mysqld_safe.cnf
-rw-r--r-- 1 root root 3940 2월 10 2023 50-server.cnfnano 창을 열고 다음과 같이 편집해 준다.
nano /etc/mysql/mariadb.conf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
nano /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address = 0.0.0.0
collation-server = utf8_general_ci
character-set-server = utf8
nano /etc/mysql/mariadb.conf.d/50-client.cnf
default-character-set = utf8
nano /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf
default-character-set = utf8서비스 재시작과 재부팅 설정과 mysql 초기화를 진행해 준다.
systemctl restart/enable mysql
mysql_secure_installation ---> 비번 openstackCompute에 적용하기 위해 버전을 확인해 준다. 10.3인 것을 확인 할 수 있다.
dpkg -l | grep mariadb
>> compute
apt-get -y install mariadb-client-10.3 mariadb-client-core-10.3메시지큐(rabbitmq)
Message queue for Ubuntu — Installation Guide documentation
Message queue for Ubuntu OpenStack uses a message queue to coordinate operations and status information among services. The message queue service typically runs on the controller node. OpenStack supports several message queue services including RabbitMQ, Q
docs.openstack.org
>> controller
#사용자 추가
root@controller:~# rabbitmqctl add_user admin openstack
Adding user "admin" ...
#admin에게 쓰기, 읽기 설정
root@controller:~# rabbitmqctl set_permissions admin ".*" ".*" ".*"
Setting permissions for user "admin" in vhost "/" ...
root@controller:~# rabbitmqctl set_user_tags admin administrator
Setting tags for user "admin" to [administrator] ...
root@controller:~# systemctl restart rabbitmq-server.service
root@controller:~# systemctl enable rabbitmq-server.serviceconf파일 수정
root@controller:~# nano /etc/rabbitmq/rabbitmq-env.conf
rabbitmq 서버 확인
rabbitmq-plugins enable rabbitmq_management
memcached 분산메모리 캐싱 시스템
https://docs.openstack.org/install-guide/environment-memcached-ubuntu.html
Memcached for Ubuntu — Installation Guide documentation
Memcached for Ubuntu The Identity service authentication mechanism for services uses Memcached to cache tokens. The memcached service typically runs on the controller node. For production deployments, we recommend enabling a combination of firewalling, aut
docs.openstack.org
>> controller
mecached 패키지 설치
apt install memcached python3-memcache -y
dpkg -l | grep memcachedconf파일 수정
nano /etc/memcached.conf
# -l 127.0.0.1 ---> -l 0.0.0.0서비스 설정
systemctl restart/enable/status memcachedEtcd
https://docs.openstack.org/ko_KR/install-guide/environment-etcd-ubuntu.html
Ubuntu를 위한 Etcd — Installation Guide 문서
Ubuntu를 위한 Etcd OpenStack 서비스들은 분산 키 잠금 관리, 구성 저장, 서비스가 살아있는지 및 다른 시나리오에 대한 지속적인 추적을 위한 안정적인 분산 키-값 저장소인 Etcd를 사용할 수 있습니
docs.openstack.org
etcd 설치
apt install etcdetcd 설정 편집
nano /etc/default/etcd
ETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://192.168.1.10:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.1.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.10:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.1.10:2379"Openstack 서비스 설치
Openstack명령어를 위한 설치
apt install software-properties-common
add-apt-repository cloud-archive:victoria
apt update -y && apt dist-upgrade -y
reboot
apt install python3-openstackclient -y
openstack --version
#openstack 5.4.0주요 참고 사이트
https://yumserv.tistory.com/296
[Victoria] Keystone 설치
* Keystone을 설치하기 전, 사전 설치 작업을 먼저 진행 후, 아래내용을 진행해야 합니다. [Openstack 설치 글] [CLOUD/OpenStack] - Openstack-Victoria설치(사전작업) [CLOUD/OpenStack] - [Victoria] Keystone 설치 [CLOUD/OpenS
yumserv.tistory.com
https://www.server-world.info/en/note?os=Ubuntu_20.04&p=openstack_victoria&f=1
Ubuntu 20.04 LTS : OpenStack Victoria : Overview : Server World
This is the Example of building Cloud Computing infrastracture by OpenStack Victoria. Learn short description about OpenStack below before building. (1) Main Components of OpenStack Service Code Name Description Identity Service Keystone User Management
www.server-world.info
오픈스택을 다루는 기술
더북(TheBook): (주)도서출판 길벗에서 제공하는 IT 도서 열람 서비스입니다.
thebook.io
오픈 스택 공부를 위한 전자 책
openstack 공식 사이트
https://docs.openstack.org/install-guide/
OpenStack Installation Guide — Installation Guide documentation
OpenStack Installation Guide
docs.openstack.org
keystone [인증서버]
https://docs.openstack.org/keystone/victoria/install/
OpenStack Docs: Keystone Installation Tutorial
Keystone Installation Tutorial The OpenStack system consists of several key services that are separately installed. These services work together depending on your cloud needs and include the Compute, Identity, Networking, Image, Block Storage, Object Stora
docs.openstack.org
OpenStack 클라우드 플랫폼에서 사용자 인증, 인가 및 식별 관리를 담당하는 중요한 구성 요소
glance [이미지 관리]
https://docs.openstack.org/glance/victoria/install/
OpenStack Docs: Glance Installation
this page last updated: 2019-07-03 17:14:20
docs.openstack.org
placement
https://docs.openstack.org/placement/victoria/install/install-ubuntu.html
OpenStack Docs: Install and configure Placement for Ubuntu
Install and configure Placement for Ubuntu This section describes how to install and configure the placement service when using Ubuntu packages. Prerequisites Before you install and configure the placement service, you must create a database, service crede
docs.openstack.org
OpenStack에서 컴퓨팅 리소스를 효율적으로 관리하고 스케줄링하는 데 사용
nova [컴퓨팅 서비스]
https://docs.openstack.org/nova/victoria/install/
OpenStack Docs: Compute service
this page last updated: 2019-10-08 11:20:05
docs.openstack.org
controller node
https://docs.openstack.org/nova/victoria/install/controller-install-ubuntu.html
OpenStack Docs: Install and configure controller node for Ubuntu
Install and configure controller node for Ubuntu This section describes how to install and configure the Compute service, code-named nova, on the controller node. Prerequisites Before you install and configure the Compute service, you must create databases
docs.openstack.org
compute node
https://docs.openstack.org/nova/victoria/install/compute-install-ubuntu.html
OpenStack Docs: Install and configure a compute node for Ubuntu
Install and configure a compute node for Ubuntu This section describes how to install and configure the Compute service on a compute node. The service supports several hypervisors to deploy instances or virtual machines (VMs). For simplicity, this configur
docs.openstack.org
neutron [네트워크]
https://docs.openstack.org/neutron/victoria/install/install-ubuntu.html
horizon [대시보드]
https://docs.openstack.org/horizon/victoria/install/
cinder [스토리지]
https://docs.openstack.org/cinder/victoria/install/
Keystone
DB등록 & Keystone 권한 설정
mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstack';
flush privileges;
use mysql
select user, host from user;keystone설치
apt -y install keystone libapache2-mod-wsgi-py3 python3-oauth2clientconf파일 수정
cp -a /etc/keystone/keystone.conf /etc/keystone/keystone.conf_org
nano /etc/keystone/keystone.conf
DB초기화 및 설정
su -s /bin/sh -c "keystone-manage db_sync" keystoneFernet 키 저장소를 초기화
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystoneexport controller=192.168.1.10Identity 서비스를 부트스트랩
Identity 서비스를 부트스트랩한다는 것은 해당 서비스를 초기 설정하고 구성하는 프로세스를 의미한다.
부트스트랩은 Identity 서비스를 운영 준비 상태로 만들고 클라우드 환경에서 인증 및 권한 부여를 관리하기 위한 기본 구성을 제공하고, 보안 및 인증을 관리하는 데 핵심 역할을 한다.
keystone-manage bootstrap \
--bootstrap-password openstack \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOneApache HTTP 서버 구성
/etc/apache2/apache2.conf
서비스 재시작 & 환경 변수 설정을 통한 관리 계정을 구성
admin계정도 demo계정도 각각 설정할 수 있다.
systemctl restart/enable apache2
cat <<EOF>> /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
. admin-openrc
cat <<EOF>> /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
. demo-openrc.admin-openrc 상태에서 아래와 같이 진행하면 token을 받을 수 있다.
root@controller:~ # openstack token issue
+------------+---------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------------------------+
| Expires | 2023-09-06T08:32:07+0000 |
| ID | gAAAAABk-Cr30vb4tTs46Xo0eiTp-me_QWGm0f5TchP_XVpHeh0jYISbG4g72TMjSPkylVOuwtH_Gdzoz0m26s6bSSC39ANOY4p2Oh7gXL8pJduPsYzTJKmITIvvL7ECZCyUwEHR6VwxXWH2 PfU1FVA9GS6CynZUjdjrvNqOSbuzsGe-m7f_gXU |
| Project ID | bd460578fc5742c5b1570704d91f7089
| User ID | e40f636851e64816adcfd075ab3a99e3 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+#trobuleshooting
identity서비스를 부트스트랩할 때 password를 openstack으로 하지 않으면 오류가 난다.
root@controller:~# openstack token issue
The request you have made requires authentication. (HTTP 401) (Request-ID: req-02516592-d547-4d96-af44-397333475c33)
keystone-manage bootstrap --bootstrap-password ADMIN_PASS
--bootstrap-admin-url http://controller:5000/v3/
--bootstrap-internal-url http://controller:5000/v3/
--bootstrap-public-url http://controller:5000/v3/
--bootstrap-region-id RegionOne
#여기서 --bootstrap-password를 openstack으로 하지 않으면 오류가 난다.따라서 아래와 같이 고쳐준다.
keystone-manage bootstrap \
--bootstrap-password openstack \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOnekeystone 사용을 위해 도메인 생성
root@controller:~ # openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| Description | Service project |
| Domain ID | default |
| Enabled | True |
| ID | fac524ab5c864313a2a078aef337fab6 |
| is_domain | False |
| Name | service |
| Options | {} |
| Parent ID | default |
| Tags | [] |
+-------------+----------------------------------+
root@controller:~ # openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| Description | Demo project |
| Domain ID | default |
| Enabled | True |
| ID | 1a99de59ec194ab0bd62f042b46dfe9c |
| is_domain | False |
| Name | demo |
| Options | {} |
| Parent ID | default |
| Tags | [] |
+-------------+----------------------------------+
root@controller:~ # openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 1a99de59ec194ab0bd62f042b46dfe9c | demo |
| bd460578fc5742c5b1570704d91f7089 | admin |
| fac524ab5c864313a2a078aef337fab6 | service |
+----------------------------------+---------+keystone을 위한 사용자 생성
root@controller:~ # openstack user create --domain default --password-prompt demo
Password: openstack
Repeat Password: openstack
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| Domain ID | default |
| Enabled | True |
| ID | 846928a4e1af44cb82e5227ff7707fee |
| Name | demo |
| Options | {} |
| Password Expires At | None |
+---------------------+----------------------------------+keystone을 위한 역할 생성
root@controller:~ # openstack role create user
+-------------+-------+
| Field | Value |
+-------------+-------+
| Description | None |
| Domain ID | None |
| ID | 0a4beef2e02d4d558eab572d2b9c7d50 |
| Name | user |
| Options | {} |
+-------------+-------+
openstack role add --project demo --user demo user
root@controller:~ # openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0a4beef2e02d4d558eab572d2b9c7d50 | user |
| 986d87dce4394c688720adf4fd763979 | reader|
| c74ac35c768e432bad5deab45e1f4761 | member|
| c7d8e1bc033940f08a4fd174679bd621 | admin |
+----------------------------------+-------+주의점
demo-openrc로 접속하면 권한이 없어서 출력에 제한이 있다.
root@controller:~ # . demo-openrc
root@controller:~ # openstack project list
+----------------------------------+------+
| ID | Name |
+----------------------------------+------+
| 1a99de59ec194ab0bd62f042b46dfe9c | demo |
+----------------------------------+------+
root@controller:~ # openstack role list
You are not authorized to perform the requested action: Identity:list_roles. (HTTP 403) (Request ID: req-c45ebabc-5e1c-4678-b16e-b7ef28e217e6)사용자 별로 token 발행하기
사용자별로 지정해서 token을 발행받을 수 있다. 아래의 것은 admin의 것이다.
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin[demo] --os-username admin[demo] token issuedemo로 바꾸면 demo의 아이디도 받을 수 있다.
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issueglance 이미지 생성
https://docs.openstack.org/glance/victoria/install/install-ubuntu.html
OpenStack Docs: Install and configure (Ubuntu)
Install and configure (Ubuntu) This section describes how to install and configure the Image service, code-named glance, on the controller node. For simplicity, this configuration stores images on the local file system. Prerequisites Before you install and
docs.openstack.org
>> controller
터미널 창에서 확인 후 실행
cat admin-openrc
. admin-openrcmysql로 들어가서 DB생성 및 권한 설정
mysql -uroot -popenstack
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'openstack';mysql 로그 아웃 후 계정 생성
openstack user create --domain default --project service --password-prompt glance
password : openstack
password: openstack
list 확인
root@controller:~# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 0a4beef2e02d4d558eab572d2b9c7d50 | user |
| 986d87dce4394c688720adf4fd763979 | reader |
| c74ac35c768e432bad5deab45e1f4761 | member |
| c7d8e1bc033940f08a4fd174679bd621 | admin |
+----------------------------------+--------+
root@controller:~# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| e40f636851e64816adcfd075ab3a99e3 | admin |
| 846928a4e1af44cb82e5227ff7707fee | demo |
| cd16006fef2f4ca18af19d43597c4084 | glance |
+----------------------------------+--------+
root@controller:~# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 1a99de59ec194ab0bd62f042b46dfe9c | demo |
| bd460578fc5742c5b1570704d91f7089 | admin |
| fac524ab5c864313a2a078aef337fab6 | service |
+----------------------------------+---------+생성한 glance계정에 admin권한 부여
openstack role add --project service --user glance admin
openstack role add --project service --user glance admin
glance 서비스 생성
root@controller:~# openstack service create --name glance --description "Openstack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Image |
| enabled | True |
| id | 684bfd4f3b0144a4af395f39d1463262 |
| name | glance |
| type | image |
+-------------+----------------------------------+
endpoint 생성
root@controller:~# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6fbe645eb93412b9e61dca2be0c16c0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 684bfd4f3b0144a4af395f39d1463262 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
root@controller:~# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d10a92fd1ba64a9188ba41a3de0d552f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 684bfd4f3b0144a4af395f39d1463262 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
root@controller:~# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b5a85353de234fab86b1b3049295d1b1 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 684bfd4f3b0144a4af395f39d1463262 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+오류가 날 경우는 확인(중복 등록)
root@controller:~# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 684bfd4f3b0144a4af395f39d1463262 | glance | image |
| ae42755060714863b42ecd91a6e4c9d5 | keystone | identity |
+----------------------------------+----------+----------+
#glance가 두번 등록되면 오류가 날 수 있다.
root@controller:~# openstack serviec delete [ID]
#지우고 다시 시도한다.glance 서비스 설치
apt-get -y install glance python3-glance clientglance 환경 설정
https://docs.openstack.org/image-guide/obtain-images.html
Get images — Virtual Machine Image Guide documentation
Get images The simplest way to obtain a virtual machine image that works with OpenStack is to download one that someone else has already created. Most of the images contain the cloud-init package to support the SSH key pair and user data injection. Because
docs.openstack.org
nano /etc/glance/glance-api.conf[database]
# connection = sqlite:////var/lib/glance/glance.sqlite
# backend = sqlalchemy
connection = mysql+pymysql://glance:openstack@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = openstack
[paste_deploy]
flavor = keystonesu -s /bin/bash glance -c "glance-manage db_sync"
systemctl restart(enable/status)glance-apiwget http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.imgopenstack image create "cirros" \
--file cirros-0.5.1-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--publicroot@controller:~# glance --version
root@controller:~# openstack image list = glance image list
root@controller:~# glance image-show f2f7163a-c452-495f-abe1-cf65aec8c4c5nova
참고 사이트
https://docs.openstack.org/nova/victoria/install/controller-install-ubuntu.html
OpenStack Docs: Install and configure controller node for Ubuntu
Install and configure controller node for Ubuntu This section describes how to install and configure the Compute service, code-named nova, on the controller node. Prerequisites Before you install and configure the Compute service, you must create databases
docs.openstack.org
오픈스택 컴퓨트 노바 (OpenStack Compute Nova) - schoolofweb.net
안녕하세요. 스쿨오브웹의 이상희입니다. 원문: OpenStack Compute (nova) Nova란? Nova는 오픈 스택 프로젝트 중 하나이며, 컴퓨트 인스턴스(가상 서버) 프로비져닝 서비스를 제공합니다. Nova는 기본적으
schoolofweb.net
- nova-api : Nova의 REST API 서버를 담당합니다.
- nova-cert: X509 인증서 서비스를 제공하는 서버 데몬입니다.
- nova-conductor: 코디네이션과 데이터베이스 쿼리를 지원하는 서버 데몬입니다.
- nova-novncproxy : novnc~console과 호환되는 웹 소켓 프록시입니다.
- nova-scheduler: VM 인스턴스를 실행할 컴퓨트 노드를 선택하는 역할을 합니다.
- nova-novaclient: Nova REST API를 사용하는 클라이언트 프로그램입니다.
그리고 컴퓨트 노드에는 다음 몇 개만 설치합니다. - python-guestfs :파일 생성 기능을 지원히는 Python 라이브러리입니다.
- qemu-kvm : KVM 하이퍼바이저입니다.
- nova-compute-kvm : 인스턴스(가상 머신)와 관련된 모든 프로세스를 처리합니다.
>>controller
mysql에서 database 생성 및 권한 부여
mysql
CREATE DATABASE nova;
CREATE DATABASE nova_api;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'openstack';
flush privileges;nova 유저생성
openstack user create --domain default --project service --password-prompt novanova 역할 생성
openstack role add --project service --user nova adminopenstack user list
admin 권한 추가, admin role 추가, project service에 nova 포함시킴
openstack service create --name nova --description "OpenStack Compute" compute
root@controller:~# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 3b811c5c31444212b1452a593efd4e47 | glance | image |
| 9139313f1638428884e201403e088840 | nova | compute |
| ae42755060714863b42ecd91a6e4c9d5 | keystone | identity |
+----------------------------------+----------+----------+endpoint 생성
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1openstack endpoint listnova package설치
apt -y install nova-api nova-conductor nova-novncproxy nova-scheduler python3-novaclientnova conf파일 수정
/etc/nova/nova.conf 수정
[DEFAULT]
my_ip = 192.168.1.10 [메뉴얼에 있던 내용]
# log_dir = /var/log/nova
Due to a packaging bug, remove the log_dir option from the [DEFAULT] section.
lock_path = /var/lock/nova
state_path = /var/lib/nova
auth_strategy = keystone
transport_url = rabbit://openstack:openstack@controller
use_neutron = True [neutron 사용허가]
firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron 사용 드라이버 정의]
enabled_apis = osapi_compute,metadata [사용가능한 api 지정]
[api_database] --> 기존에 있던 거 지우고
connection = mysql+pymysql://nova:openstack@controller/nova_api
[database] # 기존에 있던거 지우고 넣을 것
connection = mysql+pymysql://nova:openstack@controller/nova
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = openstack
[api]
auth_strategy = keystone
여기까지가 추가 내용
[vnc]
enable = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = openstackNova DB 초기화
root@controller:~# su -s /bin/sh -c "nova-manage api_db sync" nova
root@controller:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
root@controller:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
root@controller:~# su -s /bin/sh -c "nova-manage db sync" nova
root@controller:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 73e5edc8-2109-4e9f-acad-b341c3bbbbcc | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+systemctl restart/ enable /status nova-api / nova-scheduler /nova-conductor / nova-novncproxynova-scheduler랑 nova-conductor는 placement 올리기 전까지는 비활성화 될 수 있으니 placement까지 올리고 확인해보자.
>>compute
https://docs.openstack.org/nova/victoria/install/compute-install-ubuntu.html
OpenStack Docs: Install and configure a compute node for Ubuntu
Install and configure a compute node for Ubuntu This section describes how to install and configure the Compute service on a compute node. The service supports several hypervisors to deploy instances or virtual machines (VMs). For simplicity, this configur
docs.openstack.org
nova설치
apt install nova-computenova conf파일 수정
[DEFAULT]
my_ip = 192.168.1.11
lock_path = /var/lock/nova
state_path = /var/lib/nova
auth_strategy = keystone
transport_url = rabbit://openstack:openstack@controller
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis = osapi_compute,metadata
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = openstack
[api]
auth_strategy = keystone
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = openstack
[libvirt]
virt_type = kvm가상화 패키지 설치
apt install -y qemu-kvm virtinst bridge-utils nova-compute-kvm서비스 설정
systemctl restart/enable/status nova-compute>>controller
서비스 확인
openstack compute service list
openstack catalog list
openstack image list
nova-status upgrade check
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
서비스 확인은 아마 안될 것이다. neutron을 깔고 다시 한번 확인해보자.
placement
https://docs.openstack.org/placement/victoria/install/install-ubuntu.html
컴퓨터 노드, 공유 스토리지 풀과 ip할당 풀처럼 인스턴스에 자원을 제공하는 서비스의 전체 자원과 사용량을
추적하기 위해 사용하는 서비스. placement의 경우, 인스턴스 생성에 필요한 자원과 나머지 자원 그리고 전체 사용량에 대한 정보를 저장하기 위해 사용한다.
OpenStack Docs: Install and configure Placement for Ubuntu
Install and configure Placement for Ubuntu This section describes how to install and configure the placement service when using Ubuntu packages. Prerequisites Before you install and configure the placement service, you must create a database, service crede
docs.openstack.org
데이터베이스 설치 & 권한 설정
mysql
CREATE DATABASE placement;
grant all privileges on placement.* to placement@'localhost' identified by 'openstack';
grant all privileges on placement.* to placement@'%' identified by 'openstack';
flush privileges;admin role이 있는 서비스 프로젝트에 placement 사용자를 추가한다.
openstack user create --domain default --project service --password-prompt placement
openstack role add --project service --user placement adminendpoint 설치
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778conf파일 수정
nano /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:openstack@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = openstackdb를 초기화 한다.
su -s /bin/sh -c "placement-manage db sync" placement서비스를 위해 apache를 재시작한다.
service apache2 restartNeurtron
>>controller
DB생성 및 권한 설정
root@controller:~# mysql
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'openstack';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by 'openstack';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)사용자 생성 및 역할 부여
root@controller:~# . admin-openrc ##관리자 모드
root@controller:~# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 43b75b3c204e40ad8f588d2fc041d920 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
root@controller:~# openstack role add --project service --user neutron admin
root@controller:~# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | e58d1d879a3440c7ad6f94c94425131c |
| name | neutron |
| type | network |
+-------------+----------------------------------+Endpoint 생성
root@controller:~# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e38e058d60e3403782884af1f300be16 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e58d1d879a3440c7ad6f94c94425131c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
root@controller:~# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 87693ab5c3a1484e8c08ecf95219f376 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e58d1d879a3440c7ad6f94c94425131c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
root@controller:~# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0e44ec89abb6406797c9cde6cf306912 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e58d1d879a3440c7ad6f94c94425131c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+neutron package 설치
network 옵션 1 provider network L2 (o) #본 실습에서는 L2선택
network 옵션 2 self-service network
root@controller:~# apt install neutron-server neutron-plugin-ml2 \
> neutron-linuxbridge-agent neutron-l3-agent(안쓰면 l2가 됨)
> neutron-dhcp-agent neutron-metadata-agentconf 설정
nano /etc/neutron/neutron.conf[database]
connection = mysql+pymysql://neutron:openstack@controller/neutron
[DEFAULT]
core_plugin = ml2 [ml2 플러그인 활성화]
service_plugins = [router 비활성화] [빈칸으로 남겨둠]
transport_url = rabbit://openstack:openstack@controller [rabbitmq 엑세스 설정]
auth_strategy = keystone
notify_nova_on_port_status_changes = True nova에게 네트워크 변경 알리기
notify_nova_on_port_data_changes = True
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = openstack
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = openstack
[oslo_concurrency]
lock_path = /var/lib/neutron/tmpnano /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = Truenano /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]
physical_interface_mappings = provider:ens33 ****** 192.168.1.10
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false브릿지 설정
modprobe br_netfilter
/usr/sbin/modprobe br_netfilter
nano /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1conf파일 수정
nano /etc/neutron/dhcp_agent.ini[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = Truesu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron다 되면 ok이라고 뜬다.
INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
OK서비스 설정
systemctl restart/enable/status nova-api neutron-server neutron-metadata-agent neutron-dhcp-agent neutron-linuxbridge-agent
