LoginSignup
14
15

More than 5 years have passed since last update.

@bacter1a@github(Takayuki Okawa)

Openstack インストールコマンドメモ

Last updated at Posted at 2013-12-13

OpenStack Install (compat Openstack-havana 2013.2-1.el6)

Openstackの公式ドキュメントから、実際に使用したインストールコマンドをメモに起こしました。
想定環境はCentOS6.4(minimal)にインスタンスボリュームはNFS環境。

1. Local settings

MySQL

Localinstallするのでダウンロードしておくこと。

yum localinstall MySQL-shared-compat-5.6.14-1.linux_glibc2.5.x86_64.rpm
yum localinstall MySQL-server-5.6.14-1.linux_glibc2.5.x86_64.rpm
yum localinstall MySQL-server-5.6.14-1.linux_glibc2.5.x86_64.rpm
yum localinstall MySQL-client-5.6.14-1.linux_glibc2.5.x86_64.rpm

service mysql start
chkconfig mysql on
mysql_secure_installation

Install Repo

yum install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Install Openstack-util,Apache Qpid

yum install openstack-utils
yum -y install qpid-cpp-server memcached

qpid config

vi /etc/qpidd.conf

auth=no

service qpidd start
chkconfig qpidd on

2. Install Keystone

yum install openstack-keystone python-keystoneclient

DB config

openstack-config --set /etc/keystone/keystone.conf \
sql connection mysql://keystone:keystone@localhost/keystone

openstack-db --init --service keystone --password keystone

Create Token

ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT \
admin_token $ADMIN_TOKEN

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log

service openstack-keystone start
chkconfig openstack-keystone on

Define users, tenants, and roles

export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://openstack_host:35357/v2.0

keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"

keystone user-create --name=admin --pass=admin
keystone role-create --name=admin

Create a service entry for the Identity Service.

keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

keystone endpoint-create \
  --service-id=above_display_sid \
  --publicurl=http://openstack_host:5000/v2.0 \
  --internalurl=http://openstack_host:5000/v2.0 \
  --adminurl=http://openstack_host:35357/v2.0

3. Install the Image Service

DB config

openstack-config --set /etc/glance/glance-api.conf \
   DEFAULT sql_connection mysql://glance:glance@localhost/glance
openstack-config --set /etc/glance/glance-registry.conf \
   DEFAULT sql_connection mysql://glance:glance@localhost:/glance
openstack-db --init --service glance --password glance

Create a user entry for the Image Service

keystone user-create --name=glance --pass=glance
keystone user-role-add --user=glance --tenant=service --role=admin

Config authtoken

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
   auth_host openstack_host
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
   admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
   admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
   admin_password glance
openstack-config --set /etc/glance/glance-registry.conf \
  keystone_authtoken auth_host openstack_host
openstack-config --set /etc/glance/glance-registry.conf \
   keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf \
   keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf \
   keystone_authtoken admin_password glance

Config authtoken (glance-api-paste)

cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini

vi /etc/glance/glance-api-paste.ini
vi /etc/glance/glance-registry-paste.ini
  • [filter:authtoken]
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS

Create a service entry for the Identity Service.

keystone service-create --name=glance --type=image \
  --description="Glance Image Service"

keystone endpoint-create \
  --service-id=above_display_sid \
  --publicurl=http://openstack_host:9292 \
  --internalurl=http://openstack_host:9292 \
  --adminurl=http://openstack_host:9292

service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on

Verify

mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img

glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 \
  --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img

4. Install the Compute controller services

yum install openstack-nova python-novaclient

Setting DB

openstack-config --set /etc/nova/nova.conf \
  database connection mysql://nova:nova@localhost/nova

openstack-db --init --service nova --password NOVA_DBPASS

Config

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip nova_ip_address
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen nova_ip_address
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address nova_ip_address

Create a user entry for the Compute Service.

keystone user-create --name=nova --pass=nova
keystone user-role-add --user=nova --tenant=service --role=admin

Config Auth

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT auth_host openstack_host
openstack-config --set /etc/nova/nova.conf DEFAULT admin_user nova
openstack-config --set /etc/nova/nova.conf DEFAULT admin_tenant_name service
openstack-config --set /etc/nova/nova.conf DEFAULT admin_password nova

edit api e.g. https://bugs.launchpad.net/nova/+bug/1237334 

vi /etc/nova/nova.conf

# a list of APIs to enable by default (list value)
#enabled_apis=ec2,osapi_compute,metadata
enabled_apis=ec2,osapi_compute

Create a service entry for the Identity Service.

keystone service-create --name=nova --type=compute \
  --description="Nova Compute service"

keystone endpoint-create \
  --service-id=cb15dabf3b164ddda40e74bc32bcbe85 \
  --publicurl=http://openstack01:8774/v2/%\(tenant_id\)s \
  --internalurl=http://openstack01:8774/v2/%\(tenant_id\)s \
  --adminurl=http://openstack01:8774/v2/%\(tenant_id\)s

Config qpid

openstack-config --set /etc/nova/nova.conf \
  DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname openstack01

service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on

Configure a Compute node

service libvirtd start
service messagebus start
chkconfig libvirtd on
chkconfig messagebus on
service openstack-nova-compute start
chkconfig openstack-nova-compute on

Config network

openstack-config --set /etc/nova/nova.conf DEFAULT \
  network_manager nova.network.manager.FlatDHCPManager
openstack-config --set /etc/nova/nova.conf DEFAULT \
  firewall_driver nova.virt.libvirt.firewall.IptablesFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT network_size 254
openstack-config --set /etc/nova/nova.conf DEFAULT allow_same_net_traffic False
openstack-config --set /etc/nova/nova.conf DEFAULT multi_host True
openstack-config --set /etc/nova/nova.conf DEFAULT send_arp_for_ha True
openstack-config --set /etc/nova/nova.conf DEFAULT share_dhcp_address True
openstack-config --set /etc/nova/nova.conf DEFAULT force_dhcp_release True
openstack-config --set /etc/nova/nova.conf DEFAULT flat_interface eth1
openstack-config --set /etc/nova/nova.conf DEFAULT flat_network_bridge br100
openstack-config --set /etc/nova/nova.conf DEFAULT public_interface eth1

service openstack-nova-metadata-api start
chkconfig openstack-nova-metadata-api on

service openstack-nova-network start
chkconfig openstack-nova-network on

omake

for i in cert compute conductor console consoleauth metadata-api novncproxy network; do
service openstack-nova-$i restart
done

Create nova-network

source keystonerc
nova network-create vmnet --fixed-range-v4=10.0.0.0/24 \
  --bridge-interface=br100 --multi-host=T

# backup iptables (or stop iptables)
iptables-save > iptables-origin

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 35357 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8774 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT

5. Install the dashboard

yum install memcached python-memcached python-pbr mod_wsgi openstack-dashboard

Config dashboard

vi /etc/openstack-dashboard/local_settings
  • Memcache
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211'
}
}
  • Dashboard ACL
ALLOWED_HOSTS = ['localhost', 'my-desktop']
  • Compute Node
OPENSTACK_HOST = "openstack_host"

service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on

6. Install and configure a Block Storage Service controller

yum install openstack-cinder openstack-utils openstack-selinux

Setting DB

openstack-config --set /etc/cinder/cinder.conf \
        database connection mysql://cinder:cinder@localhost/cinder

openstack-db --init --service cinder --password cinder

Create a user entry for the Block storage Service.

keystone user-create --name=cinder --pass=cinder 
keystone user-role-add --user=cinder --tenant=service --role=admin

openstack-config --set /etc/cinder/cinder.conf \
  DEFAULT rpc_backend cinder.openstack.common.rpc.impl_qpid
openstack-config --set /etc/cinder/cinder.conf \
  DEFAULT qpid_hostname openstack01

Create a service entry for the Block storage Service.

keystone service-create --name=cinder --type=volume \
  --description="Cinder Volume Service"

keystone endpoint-create \
  --service-id=above_display_sid \
  --publicurl=http://openstack01:8776/v1/%\(tenant_id\)s \
  --internalurl=http://openstack01:8776/v1/%\(tenant_id\)s \
  --adminurl=http://openstack01:8776/v1/%\(tenant_id\)s

keystone endpoint-create \
  --service-id=above_display_sid \
  --publicurl=http://openstack01:8776/v2/%\(tenant_id\)s \
  --internalurl=http://openstack01:8776/v2/%\(tenant_id\)s \
  --adminurl=http://openstack01:8776/v2/%\(tenant_id\)s

Setting NFS

Driver(nova.conf)

vi /etc/nova/nova.conf

# Libvirt handlers for remote volumes. (list value)
libvirt_volume_drivers=iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver,iser=nova.virt.libvirt.volume.LibvirtISERVolumeDriver,local=nova.virt.libvirt.volume.LibvirtVolumeDriver,fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDriver,rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,sheepdog=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriver,aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDriver,glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsVolumeDriver,fibre_channel=nova.virt.libvirt.volume.LibvirtFibreChannelVolumeDriver,scality=nova.virt.libvirt.volume.LibvirtScalityVolumeDriver

Disk list

vi /etc/cinder/shares

NFS_STORAGE:/openstack

Mount

vi /etc/cinder/cinder.conf
  • Disk list
# File with the list of available nfs shares (string value)
nfs_shares_config=/etc/cinder/shares
  • Mount point
# Base dir containing mount points for nfs shares. (string
# value)
nfs_mount_point_base=/var/lib/cinder/nfs

Create rootwrap.d

mkdir -p /etc/cinder/rootwrap.d
chgrp -R cinder /etc/cinder/rootwrap.d
vi /etc/cinder/rootwrap.d/volume.filters


[Filters]
# cinder/volume/nfs.py
stat: CommandFilter, /usr/bin/stat, root
mount: CommandFilter, /bin/mount, root
df: CommandFilter, /bin/df, root
truncate: CommandFilter, /usr/bin/truncate, root
chmod: CommandFilter, /bin/chmod, root
rm: CommandFilter, /bin/rm, root

service openstack-cinder-api start
service openstack-cinder-scheduler start
chkconfig openstack-cinder-api on
chkconfig openstack-cinder-scheduler on
service openstack-cinder-volume start
chkconfig openstack-cinder-volume on
14
15
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
14
15