Difference: AllInOneInstallation (5 vs. 6)

Revision 62012-11-20 - PaoloVeronesi

Line: 1 to 1
Changed:
<
<

Guida di installazione (in unica pagina) dell'infrastruttura di cloud per il progetto Marche Cloud

>
>

Guida di installazione dell'infrastruttura di cloud per il progetto Marche Cloud

 


Line: 246 to 246
 Creare il volume condiviso tramite il seguente comando:
Changed:
<
<
# gluster volume create volume-glance replica 3 transport tcp hostname2.domain:/mnt/brick-glance hostname3.domain:/mnt/brick-glance hostname4.domain:/mnt/brick-glance
>
>
# gluster volume create volume-glance replica 3 transport tcp \ hostname2.domain:/mnt/brick-glance hostname3.domain:/mnt/brick-glance hostname4.domain:/mnt/brick-glance
 

Far partire il vomune appena creato:

Line: 285 to 288
 Creare il volume condiviso tramite il seguente comando:
Changed:
<
<
# gluster volume create volume-nova replica 2 transport tcp hostname1.domain:/mnt/brick-nova hostname2.domain:/mnt/brick-nova hostname3.domain:/mnt/brick-nova hostname4.domain:/mnt/brick-nova
>
>
# gluster volume create volume-nova replica 2 transport tcp hostname1.domain:/mnt/brick-nova hostname2.domain:/mnt/brick-nova hostname3.domain:/mnt/brick-nova hostname4.domain:/mnt/brick-nova
 

Far partire il vomune appena creato:

Line: 344 to 351
 
  • Inizializzare il parametro admin_token contenuto all'interno del file /etc/keystone/keystone.conf , attraverso il comando:

Changed:
<
<
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $(openssl rand -hex 10)
>
>
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $(openssl rand -hex 10)
 

  • Assicurarsi che il servizio sia attivo al boot ed riavviarlo attraverso i seguenti comandi:
Line: 376 to 384
 
  • Creare il tenant lanciando il comando:

Changed:
<
<
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT tenant-create --name adminTenant --description "Admin Tenant" --enabled true
>
>
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT tenant-create --name adminTenant --description "Admin Tenant" --enabled true
 +-------------+----------------------------------+
Property Value
+-------------+----------------------------------+
Line: 393 to 404
 
  • Creare l'utente lanciando il seguente comando:
Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $ADMIN_TENANT_ID --name $OS_USERNAME --pass $OS_PASSWORD --enabled true
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $ADMIN_TENANT_ID --name $OS_USERNAME --pass $OS_PASSWORD --enabled true
 +----------+-------------------------------------------------------------------------------------------------------------------------+
Property Value
+----------+-------------------------------------------------------------------------------------------------------------------------+
Line: 427 to 440
 

Assegnazione del ruolo "admin" all'utente "AdminUser"

  • Assegnare il ruolo tramite il seguente comando:

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $ADMIN_USER_ID --tenant_id $ADMIN_TENANT_ID --role_id $ADMIN_ROLE_ID
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $ADMIN_USER_ID --tenant_id $ADMIN_TENANT_ID \ --role_id $ADMIN_ROLE_ID
 

Dove <ADMIN_USER_ID> e <ADMIN_TENANT_ID> sono rispettivamente gli ID di user e tenant appena creati. $ADMIN_ROLE_ID è invece l'id del ruolo "admin" esportato nell'istruzione precedente. Nota bene: non viene visualizzato nulla se il comando ha successo.

Line: 438 to 453
 
  • Creare il tenant lanciando il comando:

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT tenant-create --name service --description "Service Tenant" --enabled true
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT tenant-create --name service --description "Service Tenant" --enabled true
 +-------------+----------------------------------+
Property Value
+-------------+----------------------------------+
Line: 458 to 474
 

Creazione ed inserimento dell'utente associato a Glance

  • Creare l'utente tramite il seguente comando:
Changed:
<
<
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $SERVICE_TENANT_ID --name glance --pass --enabled=true
>
>
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $SERVICE_TENANT_ID --name glance --pass --enabled=true
 +----------+-------------------------------------------------------------------------------------------------------------------------+
Property Value
+----------+-------------------------------------------------------------------------------------------------------------------------+
Line: 477 to 495
 
  • Assegnare il ruolo tramite il seguente comando:

Changed:
<
<
keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $GLANCE_USER_ID --tenant_id $SERVICE_TENANT_ID --role_id $ADMIN_ROLE_ID
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $GLANCE_USER_ID --tenant_id $SERVICE_TENANT_ID --role_id $ADMIN_ROLE_ID
 

Nota bene: non viene visualizzato nulla se il comando ha successo.

Line: 485 to 505
 

Creazione ed inserimento dell'utente associato a Nova

  • Creare l'utente tramite il seguente comando:

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $SERVICE_TENANT_ID --name nova --pass --enabled true
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-create --tenant_id $SERVICE_TENANT_ID --name nova --pass --enabled true
 +----------+-------------------------------------------------------------------------------------------------------------------------+
Property Value
+----------+-------------------------------------------------------------------------------------------------------------------------+
Line: 505 to 527
 
  • Assegnare il ruolo tramite il seguente comando:

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $NOVA_USER_ID --tenant_id $SERVICE_TENANT_ID --role_id $ADMIN_ROLE_ID
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT user-role-add --user_id $NOVA_USER_ID --tenant_id $SERVICE_TENANT_ID --role_id $ADMIN_ROLE_ID
 

Nota bene: non viene visualizzato nulla se il comando ha successo.

Line: 523 to 547
 

Definizione del servizio identity (Keystone)

  • Creare il servizio "keystone":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=keystone --type=identity --description="Keystone Identity Service"
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=keystone --type=identity --description="Keystone Identity Service"
 +-------------+----------------------------------+
Property Value
+-------------+----------------------------------+
Line: 539 to 564
 
  • Creare l'endpoint per il servizio "keystone":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$KEYSTONE_SERVICE_ID --publicurl=$KEYSTONE5000 --internalurl=$KEYSTONE5000 --adminurl=$ENDPOINT
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$KEYSTONE_SERVICE_ID --publicurl=$KEYSTONE5000 --internalurl=$KEYSTONE5000 --adminurl=$ENDPOINT
 +-------------+----------------------------------------------+
Property Value
+-------------+----------------------------------------------+
Line: 557 to 585
 
  • Creare il servizio "nova":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=nova --type=compute --description="Nova Compute Service"
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=nova --type=compute --description="Nova Compute Service"
 +-------------+----------------------------------+
Property Value
+-------------+----------------------------------+
Line: 572 to 601
 
  • Creare l'endpoint per il servizio "nova":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$NOVA_SERVICE_ID --publicurl='http://:8774/v2/%(tenant_id)s' --internalurl='http://:8774/v2/%(tenant_id)s' --adminurl='http://:8774/v2/%(tenant_id)s'
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create \ --region RegionOne --service_id=$NOVA_SERVICE_ID --publicurl='http://:8774/v2/%(tenant_id)s' --internalurl='http://:8774/v2/%(tenant_id)s' --adminurl='http://:8774/v2/%(tenant_id)s'
 +-------------+--------------------------------------------------------+
Property Value
+-------------+--------------------------------------------------------+
Line: 591 to 624
 
  • Creare il servizio "volume":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=volume --type=volume --description="Nova Volume Service"
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=volume --type=volume --description="Nova Volume Service"
 +-------------+----------------------------------+
Property Value
+-------------+----------------------------------+
Line: 606 to 640
 
  • Creare l'endpoint per il servizio "volume":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$NOVA_VOLUME_SERVICE_ID --publicurl='http://:8776/v1/%(tenant_id)s' --internalurl='http://:8776/v1/%(tenant_id)s' --adminurl='http://:8776/v1/%(tenant_id)s'
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$NOVA_VOLUME_SERVICE_ID --publicurl='http://:8776/v1/%(tenant_id)s' --internalurl='http://:8776/v1/%(tenant_id)s' --adminurl='http://:8776/v1/%(tenant_id)s'
 +-------------+--------------------------------------------------------+
Property Value
+-------------+--------------------------------------------------------+
Line: 623 to 661
 

Definizione del servizio image (Glance)

  • Creare il servizio "glance":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=glance --type=image --description="Glance Image Service"
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT service-create --name=glance --type=image --description="Glance Image Service"
 +-------------+----------------------------------+
Property Value
+-------------+----------------------------------+
Line: 638 to 677
 
  • Creare l'endpoint per il servizio "glance":

Changed:
<
<
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$GLANCE_IMAGE_SERVICE_ID --publicurl=http://:9292/v1 --internalurl=http://:9292/v1 --adminurl=http://:9292/v1
>
>
# keystone --token $ADMIN_TOKEN --endpoint $ENDPOINT endpoint-create --region RegionOne --service_id=$GLANCE_IMAGE_SERVICE_ID --publicurl=http://:9292/v1 --internalurl=http://:9292/v1 --adminurl=http://:9292/v1
 +-------------+------------------------------------------+
Property Value
+-------------+------------------------------------------+
Line: 844 to 887
  # glance index
Changed:
<
<
# glance add name=cirros-0.3.0-x86_64 disk_format=qcow2 container_format=bare < /stackimages/cirros-0.3.0-x86_64-disk.img
>
>
# glance add name=cirros-0.3.0-x86_64 disk_format=qcow2 \ container_format=bare < /stackimages/cirros-0.3.0-x86_64-disk.img
 Uploading image 'cirros-0.3.0-x86_64' ================================================================================================================================================================================[100%] 23.2M/s, ETA 0h 0m 0s Added new image with ID: a08912a4-3c73-4b17-9d96-bed2d1290d3d
Line: 902 to 946
 

Configurazione dell'Hypervisor (KVM)

  • Installare i pacchetti per la virtualizzazione:

Changed:
<
<
# yum install qemu-kvm qemu-img virt-manager libvirt libvirt-python python-virtinst libvirt-client bridge-utils libguestfs-tools # yum groupinstall Virtualization "Virtualization Client" "Virtualization Platform" "Virtualization Tools" # yum install openstack-utils memcached qpid-cpp-server openstack-compute openstack-network mysql dnsmasq-utils python-keystone-auth-token
>
>
# yum install qemu-kvm qemu-img virt-manager libvirt libvirt-python python-virtinst libvirt-client bridge-utils libguestfs-tools

# yum groupinstall Virtualization "Virtualization Client" "Virtualization Platform" "Virtualization Tools"

 
Added:
>
>
# yum install openstack-utils memcached qpid-cpp-server openstack-compute openstack-network mysql dnsmasq-utils python-keystone-auth-token
 
  • Requisiti di configurazione per RHEL
    • Assicurarsi che nel file /etc/qpidd.conf sia settato auth=no .
Line: 957 to 1006
 
    • Contentuto completo di nova.conf :
      [DEFAULT]
Changed:
<
<
# LOG/STATE
>
>
 logdir = /var/log/nova
Deleted:
<
<
verbose = True
 state_path = /var/lib/nova lock_path = /var/lib/nova/tmp
Added:
>
>
verbose = False
 
Changed:
<
<
# AUTHENTICATION auth_strategy = keystone

# SCHEDULER #compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler

# VOLUMES volume_group = #volume_name_template = volume-%08x iscsi_helper = tgtadm

# DATABASE del Cloud Controller sql_connection = mysql://nova:@openstack-01.cnaf.infn.it/nova

# COMPUTE

>
>
# kvm compute_driver = libvirt.LibvirtDriver
 libvirt_type = kvm
Changed:
<
<
connection_type = libvirt #instance_name_template = instance-%08x #api_paste_config=/etc/nova/api-paste.ini #allow_resize_to_same_host=True

# APIS #osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions #ec2_dmz_host=192.168.206.130 #s3_host=192.168.206.130

>
>
libvirt_nonblocking = True libvirt_inject_partition = -1 libvirt_xml_template = /usr/share/nova/libvirt.xml.template
 
Changed:
<
<
# GLANCE image_service=nova.image.glance.GlanceImageService glance_api_servers=192.168.206.130:9292
>
>
# sql sql_connection = mysql://nova:PASSWORD_UTENTE_DB_NOVA@clstr-09.cnaf.infn.it/nova
 
Changed:
<
<
# NETWORK
>
>
# authentication auth_strategy = keystone

# network manager

 network_manager = nova.network.manager.FlatDHCPManager
Changed:
<
<
force_dhcp_release = True
>
>
force_dhcp_release = False dhcp_lease_time = 120 dhcpbridge = /usr/bin/nova-dhcpbridge
 dhcpbridge_flagfile = /etc/nova/nova.conf firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
Changed:
<
<
# Change my_ip to match each host my_ip =
>
>
my_ip = 131.154.101.140 # fixed_range is eth1 network fixed_range = 192.168.122.0/24
 public_interface = eth0
Deleted:
<
<
#vlan_interface = eth0
 flat_network_bridge = virbr0
Changed:
<
<
flat_interface = eth0 fixed_range = 192.168.122.0/24
>
>
flat_interface = eth1 multi_host = True auto_assign_floating_ip = False injected_network_template = /usr/share/nova/interfaces.template allow_same_net_traffic=true
 
Changed:
<
<
# NOVNC CONSOLE vnc_enabled = true
>
>
# no vnc console vnc_enabled = True
 vncserver_listen = 0.0.0.0
Changed:
<
<
vncserver_proxyclient_address = 131.154.100.111 novncproxy_base_url=http://openstack-01.cnaf.infn.it:6080/vnc_auto.html xvpvncproxy_base_url=http://openstack-01.cnaf.infn.it:6081/console
>
>
vncserver_proxyclient_address = 131.154.101.140 novncproxy_base_url=http://clstr-09.cnaf.infn.it:6080/vnc_auto.html xvpvncproxy_base_url=http://clstr-09.cnaf.infn.it:6081/console
 
Changed:
<
<
# Qpid qpid_hostname = openstack-01.cnaf.infn.it
>
>
# qpid qpid_hostname = clstr-09.cnaf.infn.it
 rpc_backend = nova.rpc.impl_qpid
Changed:
<
<
# OTHER dhcpbridge = /usr/bin/nova-dhcpbridge injected_network_template = /usr/share/nova/interfaces.template libvirt_xml_template = /usr/share/nova/libvirt.xml.template libvirt_nonblocking = True libvirt_inject_partition = -1
>
>
# GLANCE image_service=nova.image.glance.GlanceImageService glance_api_servers=clstr-09.cnaf.infn.it:9292 cache_images=true

# other

 vpn_client_template = /usr/share/nova/client.ovpn.template credentials_template = /usr/share/nova/novarc.template
Changed:
<
<
root_helper = sudo nova-rootwrap
>
>
rootwrap_config = /etc/nova/rootwrap.conf
 remove_unused_base_images = True
Added:
>
>
# quota quota_cores=20 quota_instances=20 max_cores=24

# volumes_dir = /etc/nova/volumes # iscsi_helper = tgtadm # rpc_backend = nova.openstack.common.rpc.impl_qpid

# [keystone_authtoken] # admin_tenant_name = %SERVICE_TENANT_NAME% # admin_user = %SERVICE_USER% # admin_password = %SERVICE_PASSWORD% # auth_host = 127.0.0.1 # auth_port = 35357 # auth_protocol = http # signing_dirname = /tmp/keystone-signing-nova

 

Dove:

Line: 1042 to 1104
  [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory
Added:
>
>
 service_protocol = http
Changed:
<
<
service_host =
>
>
service_host = clstr-09.cnaf.infn.it
 service_port = 5000
Changed:
<
<
auth_host =
>
>
auth_host = clstr-09.cnaf.infn.it
 auth_port = 35357 auth_protocol = http
Changed:
<
<
auth_uri = http://:5000/
>
>
auth_uri = http://clstr-09.cnaf.infn.it:5000/
 admin_tenant_name = service admin_user = nova
Changed:
<
<
admin_password =
>
>
admin_password = PASSWORD_DB_NOVA
  Dove:
      • <KEYSTONE_SERVICE_IP> è l'IP del server che ospita Keystone (nel caso del prototipo è l'IP di openstack-01.cnaf.infn.it)
Line: 1061 to 1125
 
 
  • Per far partire i servizi di Nova ed inizializzare il DB, lanciare i seguenti comandi:

Changed:
<
<
# for svc in api objectstore compute network volume scheduler cert; do echo openstack-nova-$svc; service openstack-nova-$svc stop ; chkconfig openstack-nova-$svc on; done
>
>
# for s in `ls /etc/init.d/openstack-nova-*`; do $s stop ; done

# chkconfig openstack-nova-compute on # chkconfig openstack-nova-network on

 # nova-manage db sync
Changed:
<
<
# for svc in api objectstore compute network volume scheduler cert; do echo openstack-nova-$svc; /etc/init.d/openstack-nova-$svc start ; done
>
>
# /etc/init.d/openstack-nova-compute start

# /etc/init.d/openstack-nova-network start

 

  • Sul Cloud controller verificare lo stato dei servizi Nova compute:
Line: 1108 to 1179
 
# nova-manage network list
Changed:
<
<
# nova-manage network create private --multi_host=T --fixed_range_v4=192.168.122.0/24 --bridge_interface=virbr0 --num_networks=1 --network_size=256
>
>
# nova-manage network create private --multi_host=T --fixed_range_v4=192.168.122.0/24 --bridge_interface=virbr0 --num_networks=1 --network_size=256
  # nova-manage network list id IPv4 IPv6 start address DNS1 DNS2 VlanID project uuid
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback