用意するもの
| ホスト名 | OS | eth0 | eth1 | gw |
|---|---|---|---|---|
| controller | CentOS6.5 | 192.168.1.41 | 192.168.11.41 | 192.168.1.1 |
| compute | CentOS6.5 | 192.168.1.42 | 192.168.11.42 | 192.168.1.1 |
controller には nova-compute以外 すべてインストール
compute には nova-compute をインストールし ハイパーバイザにlxcを利用する
すべてを1台で実装することも可能であるが今回はcomputeだけ独立させる。
compute機にて
shell
echo "192.168.1.41 controller" >> /etc/hosts
echo "192.168.1.42 compute" >> /etc/hosts
sed -i "s/^HOSTNAME=.*/HOSTNAME=compute/g" /etc/sysconfig/network
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
controller機にて
shell
echo "192.168.1.41 controller" >> /etc/hosts
echo "192.168.1.42 compute" >> /etc/hosts
sed -i "s/^HOSTNAME=.*/HOSTNAME=controller/g" /etc/sysconfig/network
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
vi rdo-setup.sh
rdo-setup.sh
# !/bin/bash
# http://theruddyduck.typepad.com/theruddyduck/2014/02/install-and-ccnfigure-openstack-neutron.html
>
# --- RDO
RDO_URL=http://rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm
>
# --- EPEL
EPEL_URL=http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
>
# --- CLOUD IMAGE
CLOUD_IMAGE_URL[0]=https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz
CLOUD_IMAGE_URL[1]=http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-root.tar.gz
>
# --- PUBLIC NETWORK
WAN_IPADDRESS=192.168.1.41
WAN_GATEWAY=192.168.1.1
WAN_NETWORK=192.168.1.0/24
WAN_POOL_START=192.168.1.100
WAN_POOL_END=192.168.1.200
>
# --- PRIVATE NETWORK
LAN_IPADDRESS=192.168.11.41
LAN_GATEWAY=192.168.11.1
LAN_NETWORK=192.168.11.0/24
LAN_POOL_START=192.168.11.100
LAN_POOL_END=192.168.11.200
>
# --- PASSWORD
CONFIG_KEYSTONE_ADMIN_PW=password
CONFIG_KEYSTONE_DEMO_PW=$CONFIG_KEYSTONE_ADMIN_PW
CONFIG_RH_PW=RH_PW
CONFIG_SATELLITE_PW=SATELLITE_PW
CONFIG_SATELLITE_PROXY_PW=SATELLITE_PROXY_PW
CONFIG_AMQP_NSS_CERTDB_PW=AMQP_NSS_CERTDB_PW
CONFIG_MYSQL_PW=MYSQL_PW
CONFIG_KEYSTONE_DB_PW=KEYSTONE_DB_PW
CONFIG_GLANCE_DB_PW=LANCE_DB_PW
CONFIG_GLANCE_KS_PW=GLANCE_KS_PW
CONFIG_CINDER_DB_PW=CINDER_DB_PW
CONFIG_CINDER_KS_PW=CINDER_KS_PW
CONFIG_NOVA_DB_PW=NOVA_DB_PW
CONFIG_NOVA_KS_PW=OVA_KS_PW
CONFIG_NEUTRON_KS_PW=NEUTRON_KS_PW
CONFIG_NEUTRON_DB_PW=NEUTRON_DB_PW
CONFIG_NEUTRON_METADATA_PW=NEUTRON_METADATA_PW
CONFIG_SWIFT_KS_PW=SWIFT_KS_PW
CONFIG_PROVISION_TEMPEST_USER_PW=PROVISION_TEMPEST_USER_PW
CONFIG_HEAT_DB_PW=HEAT_DB_PW
CONFIG_HEAT_KS_PW=HEAT_KS_PW
CONFIG_CEILOMETER_KS_PW=CEILOMETER_KS_PW
CONFIG_NAGIOS_PW=NAGIOS_PW
>
# --- CONTROLLER HOSTS
CONFIG_CONTROLLER_HOST=$LAN_IPADDRESS
CONFIG_NETWORK_HOSTS=$CONFIG_CONTROLLER_HOST
CONFIG_AMQP_HOST=$CONFIG_CONTROLLER_HOST
CONFIG_MYSQL_HOST=$CONFIG_CONTROLLER_HOST
CONFIG_MONGODB_HOST=$CONFIG_CONTROLLER_HOST
>
# --- COMPUTE HOSTS
CONFIG_COMPUTE_HOSTS=192.168.11.42
>
# --- NOVA NETWORK
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=eth1
CONFIG_NOVA_COMPUTE_PRIVIF=eth1
>
# --- OVS
CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
CONFIG_NEUTRON_OVS_VLAN_RANGES=physnet1
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eth0
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex
>
# --- NETWORK TYPE
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=vxlan
>
# --- CINDER
CONFIG_CINDER_VOLUMES_SIZE=50G
>
# --- NTP
NTP_SERVER=ntp.nict.jp
>
# ----------------------------------------------------------
# MAIN
# ----------------------------------------------------------
function main() {
>
#--- SET UP
setup_first
>
#--- INSTALL RDO
packstack --gen-answer-file answer.txt
setup_rdo
packstack --answer-file answer.txt
>
#--- OPENSTACK SETUP
create_glance_image ubuntu1204 ${CLOUD_IMAGE_URL[0]}
create_glance_image ubuntu1404 ${CLOUD_IMAGE_URL[1]}
setup_network
setup_neutron
setup_nova
setup_neutron_demo_net
setup_flavor
setup_secgroup
setup_keypair
>
#--- FIN
. /root/keystonerc_admin
nova list
nova-manage service list
neutron agent-list
neutron net-list
>
}
>
# ----------------------------------------------------------
# SETUP INIT
# ----------------------------------------------------------
function setup_first() {
>
rpm -ivh $EPEL_URL
yum install -y --enablerepo=epel puppet nc wget ntpdate && ntpdate $NTP_SERVER
yum install -y $RDO_URL
yum install -y openstack-packstack
yum update -y
>
#--- SYSCTL
sed -i.org \
-e "s/^net.ipv4.ip_forward.*=.*0/net.ipv4.ip_forward = 1/" \
-e "s/^net.ipv4.conf.all.rp_filter.*=.*1/net.ipv4.conf.all.rp_filter = 0/" \
-e "s/^net.ipv4.conf.default.rp_filter.*=.*1/net.ipv4.conf.default.rp_filter = 0/" \
/etc/sysctl.conf
>
sysctl -p
>
}
>
# ----------------------------------------------------------
# SETUP RDO
# ----------------------------------------------------------
function setup_rdo() {
>
#--- MAIN PASSWORD
sed -i.org \
-e "s/^CONFIG_KEYSTONE_ADMIN_PW=.*/CONFIG_KEYSTONE_ADMIN_PW=$CONFIG_KEYSTONE_ADMIN_PW/" \
-e "s/^CONFIG_KEYSTONE_DEMO_PW=.*/CONFIG_KEYSTONE_DEMO_PW=$CONFIG_KEYSTONE_DEMO_PW/" \
answer.txt
>
#--- OTHER PASSWORD
sed -i \
-e "s/^CONFIG_AMQP_NSS_CERTDB_PW=.*/CONFIG_AMQP_NSS_CERTDB_PW=$CONFIG_AMQP_NSS_CERTDB_PW/" \
-e "s/^CONFIG_MYSQL_PW=.*/CONFIG_MYSQL_PW=$CONFIG_MYSQL_PW/" \
-e "s/^CONFIG_KEYSTONE_DB_PW=.*/CONFIG_KEYSTONE_DB_PW=$CONFIG_KEYSTONE_DB_PW/" \
-e "s/^CONFIG_GLANCE_DB_PW=.*/CONFIG_GLANCE_DB_PW=$CONFIG_GLANCE_DB_PW/" \
-e "s/^CONFIG_GLANCE_KS_PW=.*/CONFIG_GLANCE_KS_PW=$CONFIG_GLANCE_KS_PW/" \
-e "s/^CONFIG_CINDER_DB_PW=.*/CONFIG_CINDER_DB_PW=$CONFIG_CINDER_DB_PW/" \
-e "s/^CONFIG_CINDER_KS_PW=.*/CONFIG_CINDER_KS_PW=$CONFIG_CINDER_KS_PW/" \
-e "s/^CONFIG_NOVA_DB_PW=.*/CONFIG_NOVA_DB_PW=$CONFIG_NOVA_DB_PW/" \
-e "s/^CONFIG_NOVA_KS_PW=.*/CONFIG_NOVA_KS_PW=$CONFIG_NOVA_KS_PW/" \
-e "s/^CONFIG_NEUTRON_KS_PW=.*/CONFIG_NEUTRON_KS_PW=$CONFIG_NEUTRON_KS_PW/" \
-e "s/^CONFIG_NEUTRON_DB_PW=.*/CONFIG_NEUTRON_DB_PW=$CONFIG_NEUTRON_DB_PW/" \
-e "s/^CONFIG_NEUTRON_METADATA_PW=.*/CONFIG_NEUTRON_METADATA_PW=$CONFIG_NEUTRON_METADATA_PW/" \
-e "s/^CONFIG_SWIFT_KS_PW=.*/CONFIG_SWIFT_KS_PW=$CONFIG_SWIFT_KS_PW/" \
-e "s/^CONFIG_PROVISION_TEMPEST_USER_PW=.*/CONFIG_PROVISION_TEMPEST_USER_PW=$CONFIG_PROVISION_TEMPEST_USER_PW/" \
-e "s/^CONFIG_HEAT_DB_PW=.*/CONFIG_HEAT_DB_PW=$CONFIG_HEAT_DB_PW/" \
-e "s/^CONFIG_HEAT_KS_PW=.*/CONFIG_HEAT_KS_PW=$CONFIG_HEAT_KS_PW/" \
-e "s/^CONFIG_CEILOMETER_KS_PW=.*/CONFIG_CEILOMETER_KS_PW=$CONFIG_CEILOMETER_KS_PW/" \
-e "s/^CONFIG_NAGIOS_PW=.*/CONFIG_NAGIOS_PW=$CONFIG_NAGIOS_PW/" \
answer.txt
>
#--- SERVICE HOSTS
sed -i \
-e "s/^CONFIG_CONTROLLER_HOST=.*/CONFIG_CONTROLLER_HOST=$CONFIG_CONTROLLER_HOST/" \
-e "s/^CONFIG_NETWORK_HOSTS=.*/CONFIG_NETWORK_HOSTS=$CONFIG_NETWORK_HOSTS/" \
-e "s/^CONFIG_AMQP_HOST=.*/CONFIG_AMQP_HOST=$CONFIG_AMQP_HOST/" \
-e "s/^CONFIG_MYSQL_HOST=.*/CONFIG_MYSQL_HOST=$CONFIG_MYSQL_HOST/" \
-e "s/^CONFIG_MONGODB_HOST=.*/CONFIG_MONGODB_HOST=$CONFIG_MONGODB_HOST/" \
-e "s/^CONFIG_COMPUTE_HOSTS=.*/CONFIG_COMPUTE_HOSTS=$CONFIG_COMPUTE_HOSTS/" \
answer.txt
>
#--- IFACES
sed -i \
-e "s/^CONFIG_NOVA_COMPUTE_PRIVIF=.*/CONFIG_NOVA_COMPUTE_PRIVIF=$CONFIG_NOVA_COMPUTE_PRIVIF/" \
-e "s/^CONFIG_NOVA_NETWORK_PUBIF=.*/CONFIG_NOVA_NETWORK_PUBIF=$CONFIG_NOVA_NETWORK_PUBIF/" \
-e "s/^CONFIG_NOVA_NETWORK_PRIVIF=.*/CONFIG_NOVA_NETWORK_PRIVIF=$CONFIG_NOVA_NETWORK_PRIVIF/" \
-e "s/^CONFIG_NEUTRON_OVS_BRIDGE_IFACES=.*/CONFIG_NEUTRON_OVS_BRIDGE_IFACES=$CONFIG_NEUTRON_OVS_BRIDGE_IFACES/" \
-e "s/^CONFIG_NEUTRON_OVS_TUNNEL_IF=.*/CONFIG_NEUTRON_OVS_TUNNEL_IF=$CONFIG_NEUTRON_OVS_TUNNEL_IF/" \
answer.txt
>
#--- NEUTRON OVS
sed -i \
-e "s/^CONFIG_NEUTRON_OVS_VLAN_RANGES=.*/CONFIG_NEUTRON_OVS_VLAN_RANGES=$CONFIG_NEUTRON_OVS_VLAN_RANGES/" \
-e "s/^CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=.*/CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=$CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS/" \
answer.txt
>
#--- NETWORK TYPE
sed -i \
-e "s/^CONFIG_NEUTRON_ML2_TYPE_DRIVERS=.*/CONFIG_NEUTRON_ML2_TYPE_DRIVERS=$CONFIG_NEUTRON_ML2_TYPE_DRIVERS/" \
-e "s/^CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=.*/CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=$CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES/" \
-e "s/^CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=.*/CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=$CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE/" \
answer.txt
>
#--- DEMO
sed -i \
-e "s/^CONFIG_PROVISION_DEMO=y/CONFIG_PROVISION_DEMO=n/" \
answer.txt
>
#--- TOKEN FORMAT
sed -i \
-e "s/^CONFIG_KEYSTONE_TOKEN_FORMAT=PKI/CONFIG_KEYSTONE_TOKEN_FORMAT=UUID/" \
answer.txt
>
#--- CINDER
sed -i \
-e "s/^CONFIG_CINDER_VOLUMES_SIZE=20G/CONFIG_CINDER_VOLUMES_SIZE=$CONFIG_CINDER_VOLUMES_SIZE/" \
answer.txt
>
#--- HEAT INSTALL
sed -i \
-e "s/^CONFIG_HEAT_INSTALL=n/CONFIG_HEAT_INSTALL=y/" \
-e "s/^CONFIG_HEAT_CLOUDWATCH_INSTALL=n/CONFIG_HEAT_CLOUDWATCH_INSTALL=y/" \
-e "s/^CONFIG_HEAT_CFN_INSTALL=n/CONFIG_HEAT_CFN_INSTALL=y/" \
answer.txt
>
#-----------------------------------------------------------
# NO INSTALL
#-----------------------------------------------------------
#--- NAGIOS NO INSTALL
sed -i \
-e "s/^CONFIG_NAGIOS_INSTALL=y/CONFIG_NAGIOS_INSTALL=n/" \
answer.txt
>
#--- CINDER NO INSTALL
#sed -i \
# -e "s/^CONFIG_CINDER_INSTALL=.*/CONFIG_CINDER_INSTALL=n/" \
# answer.txt
>
#--- SWIFT NO INSTALL
#sed -i \
# -e "s/^CONFIG_SWIFT_INSTALL=.*/CONFIG_SWIFT_INSTALL=n/" \
# answer.txt
>
#--- CEILOMETER NO INSTALL
#sed -i \
# -e "s/^CONFIG_CEILOMETER_INSTALL=.*/CONFIG_CEILOMETER_INSTALL=n/" \
# answer.txt
}
>
# -----------------------------------------------------------
# NETWORK
# -----------------------------------------------------------
function setup_network() {
>
# ifcfg-eth0
cat << EOT >/etc/sysconfig/network-scripts/ifcfg-eth0 && sed -i 's/^ *//g' /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
EOT
>
# ifcfg-br-ex
cat << EOT > /etc/sysconfig/network-scripts/ifcfg-br-ex && sed -i 's/^ *//g' /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
TYPE=OVSBridge
DEVICETYPE=ovs
BOOTPROTO=static
IPADDR=$WAN_IPADDRESS
NETMASK=255.255.255.0
GATEWAY=$WAN_GATEWAY
ONBOOT=yes
EOT
>
# restart
/etc/init.d/network restart
>
}
>
# -----------------------------------------------------------
# GLANCE
# -----------------------------------------------------------
function create_glance_image() {
>
local CLOUD_IMAGE_NAME=$1
local CLOUD_IMAGE_URL=$2
>
wget $CLOUD_IMAGE_URL -O /dev/shm/$CLOUD_IMAGE_NAME.tar.gz
truncate --size 2GB /dev/shm/$CLOUD_IMAGE_NAME.raw
LOOP_DEV=`losetup -f`
losetup $LOOP_DEV /dev/shm/$CLOUD_IMAGE_NAME.raw
mkfs $LOOP_DEV
mkdir -p /mnt/cloud-image
mount $LOOP_DEV /mnt/cloud-image
tar -xf /dev/shm/$CLOUD_IMAGE_NAME.tar.gz -C /mnt/cloud-image
if [ -f /mnt/cloud-image/etc/rsyslog.conf ]
then
sed -i.org 's/^$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
fi
umount $LOOP_DEV
losetup -d $LOOP_DEV
>
. /root/keystonerc_admin
>
glance image-create \
--name $CLOUD_IMAGE_NAME-lxc \
--is-public True \
--disk-format raw \
--container-format bare \
--property hypervisor_type=lxc \
--progress \
--file /dev/shm/$CLOUD_IMAGE_NAME.raw && \
rm /dev/shm/$CLOUD_IMAGE_NAME.raw && \
rm /dev/shm/$CLOUD_IMAGE_NAME.tar.gz
glance image-list
>
}
>
# -----------------------------------------------------------
# NOVA
# -----------------------------------------------------------
function setup_nova() {
>
sed -i.org \
-e "s/^virt_type=.*/virt_type=lxc/" \
-e "s/^[# ]*use_cow_images=.*/use_cow_images=false/g" \
/etc/nova/nova.conf
>
#--- restart
chkconfig openstack-nova-metadata-api off
chkconfig openstack-nova-api on
>
for SERVICE_NAME in $(ls /etc/init.d/openstack-nova-*)
do
$SERVICE_NAME restart
done
>
}
>
# -----------------------------------------------------------
# NEUTRON
# -----------------------------------------------------------
function setup_neutron() {
>
# /etc/neutron/plugin.ini
echo "[ovs]" >> /etc/neutron/plugin.ini
echo "network_vlan_ranges = physnet1" >> /etc/neutron/plugin.ini
echo "bridge_mappings = physnet1:br-ex" >> /etc/neutron/plugin.ini
>
# /etc/neutron/*.ini
for i in /etc/neutron/*.ini
do
sed -i.org "s/^[# ]*ovs_use_veth.*$/ovs_use_veth = True/g" $i
done
>
# dhcp_agent.ini
sed -i.org \
-e "s/^enable_isolated_metadata.*$/enable_isolated_metadata = True/" \
-e "s/^enable_metadata_network.*$/enable_metadata_network = True/" \
/etc/neutron/dhcp_agent.ini
>
# restart
for SERVICE_NAME in $(ls /etc/init.d/neutron-*)
do
$SERVICE_NAME restart
done
>
}
>
# -----------------------------------------------------------
# NEUTRON DEMO NET
# -----------------------------------------------------------
function setup_neutron_demo_net(){
>
. /root/keystonerc_admin
>
#--- WAN
neutron net-create WAN \
--shared \
--router:external true
>
neutron subnet-create \
--name wan_subnet \
--enable_dhcp=False \
--allocation-pool=start=$WAN_POOL_START,end=$WAN_POOL_END \
--gateway=$WAN_GATEWAY \
WAN \
$WAN_NETWORK
>
#--- LAN
neutron net-create LAN \
--shared
>
neutron subnet-create \
--name lan_subnet \
--enable_dhcp=True \
--allocation-pool=start=$LAN_POOL_START,end=$LAN_POOL_END \
--gateway=$LAN_GATEWAY \
LAN \
$LAN_NETWORK
>
#--- ROUTER
neutron router-create router
neutron router-gateway-set router WAN
neutron router-interface-add router lan_subnet
>
}
>
# -----------------------------------------------------------
# SECGROUP
# -----------------------------------------------------------
function setup_secgroup(){
>
echo "### setup_secgroup ###"
>
. /root/keystonerc_admin
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
>
}
>
# -----------------------------------------------------------
# KEYPAIR
# -----------------------------------------------------------
function setup_keypair() {
>
echo "### setup_keypair ###"
>
. /root/keystonerc_admin
cd && nova keypair-add mykey > mykey && chmod 600 mykey
nova keypair-list
>
}
>
# -----------------------------------------------------------
# FLAVOR
# -----------------------------------------------------------
function setup_flavor() {
>
echo "### setup_flavor ###"
>
. /root/keystonerc_admin
nova flavor-delete 1
# NAME ID RAM DISK VCPUS
nova flavor-create m1.tiny 1 64 3 1
nova flavor-list
>
}
>
main
shell
bash rdo-setup.sh
compute機にて
ハイパーバイザをlxcに変更する
shell
ntpdate ntp.nict.jp
yum --enablerepo=epel install lxc lxc-templates lxc-doc lxc-libs
virsh net-destroy default
virsh net-autostart default --disable
sed -i.org \
-e "s/^virt_type=.*/virt_type=lxc/" \
-e "s/^[# ]*use_cow_images=.*/use_cow_images=false/g" \
/etc/nova/nova.conf
for SERVICE_NAME in $(ls /etc/init.d/openstack-nova-*)
do
$SERVICE_NAME restart
done
mv /selinux /selinux_
まとめ
仮想上の検証OSでopenstackを組むときはハイパーバイザをqemuにするよりlxcのほうがきびきびと動く。
centosにはqemu-ndbがないのでubuntuで実装するよりインスタンスのビルドに時間がかかる。