用意するもの
| ホスト名 | OS | eth0 | eth1 | gw |
|---|---|---|---|---|
| controller | CentOS6.5 | 192.168.1.41 | 192.168.11.41 | 192.168.1.1 |
| compute | CentOS6.5 | 192.168.1.42 | 192.168.11.42 | 192.168.1.1 |
controller には nova-compute以外 すべてインストール
compute には nova-compute をインストールし ハイパーバイザにlxcを利用する
すべてを1台で実装することも可能であるが今回はcomputeだけ独立させる。
compute機にて
shell
echo "192.168.1.41 controller" >> /etc/hosts
echo "192.168.1.42 compute" >> /etc/hosts
sed -i "s/^HOSTNAME=.*/HOSTNAME=compute/g" /etc/sysconfig/network
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
controller機にて
shell
echo "192.168.1.41 controller" >> /etc/hosts
echo "192.168.1.42 compute" >> /etc/hosts
sed -i "s/^HOSTNAME=.*/HOSTNAME=controller/g" /etc/sysconfig/network
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
vi rdo-setup.sh
rdo-setup.sh#!/bin/bash #http://theruddyduck.typepad.com/theruddyduck/2014/02/install-and-ccnfigure-openstack-neutron.html #--- RDO RDO_URL=http://rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm #--- EPEL EPEL_URL=http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm #--- CLOUD IMAGE CLOUD_IMAGE_URL[0]=https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz CLOUD_IMAGE_URL[1]=http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-root.tar.gz #--- PUBLIC NETWORK WAN_IPADDRESS=192.168.1.41 WAN_GATEWAY=192.168.1.1 WAN_NETWORK=192.168.1.0/24 WAN_POOL_START=192.168.1.100 WAN_POOL_END=192.168.1.200 #--- PRIVATE NETWORK LAN_IPADDRESS=192.168.11.41 LAN_GATEWAY=192.168.11.1 LAN_NETWORK=192.168.11.0/24 LAN_POOL_START=192.168.11.100 LAN_POOL_END=192.168.11.200 #--- PASSWORD CONFIG_KEYSTONE_ADMIN_PW=password CONFIG_KEYSTONE_DEMO_PW=$CONFIG_KEYSTONE_ADMIN_PW CONFIG_RH_PW=RH_PW CONFIG_SATELLITE_PW=SATELLITE_PW CONFIG_SATELLITE_PROXY_PW=SATELLITE_PROXY_PW CONFIG_AMQP_NSS_CERTDB_PW=AMQP_NSS_CERTDB_PW CONFIG_MYSQL_PW=MYSQL_PW CONFIG_KEYSTONE_DB_PW=KEYSTONE_DB_PW CONFIG_GLANCE_DB_PW=LANCE_DB_PW CONFIG_GLANCE_KS_PW=GLANCE_KS_PW CONFIG_CINDER_DB_PW=CINDER_DB_PW CONFIG_CINDER_KS_PW=CINDER_KS_PW CONFIG_NOVA_DB_PW=NOVA_DB_PW CONFIG_NOVA_KS_PW=OVA_KS_PW CONFIG_NEUTRON_KS_PW=NEUTRON_KS_PW CONFIG_NEUTRON_DB_PW=NEUTRON_DB_PW CONFIG_NEUTRON_METADATA_PW=NEUTRON_METADATA_PW CONFIG_SWIFT_KS_PW=SWIFT_KS_PW CONFIG_PROVISION_TEMPEST_USER_PW=PROVISION_TEMPEST_USER_PW CONFIG_HEAT_DB_PW=HEAT_DB_PW CONFIG_HEAT_KS_PW=HEAT_KS_PW CONFIG_CEILOMETER_KS_PW=CEILOMETER_KS_PW CONFIG_NAGIOS_PW=NAGIOS_PW #--- CONTROLLER HOSTS CONFIG_CONTROLLER_HOST=$LAN_IPADDRESS CONFIG_NETWORK_HOSTS=$CONFIG_CONTROLLER_HOST CONFIG_AMQP_HOST=$CONFIG_CONTROLLER_HOST CONFIG_MYSQL_HOST=$CONFIG_CONTROLLER_HOST CONFIG_MONGODB_HOST=$CONFIG_CONTROLLER_HOST #--- COMPUTE HOSTS CONFIG_COMPUTE_HOSTS=192.168.11.42 #--- NOVA NETWORK CONFIG_NOVA_NETWORK_PUBIF=eth0 CONFIG_NOVA_NETWORK_PRIVIF=eth1 CONFIG_NOVA_COMPUTE_PRIVIF=eth1 #--- OVS CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1 CONFIG_NEUTRON_OVS_VLAN_RANGES=physnet1 CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eth0 CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex #--- NETWORK TYPE CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=vxlan #--- CINDER CONFIG_CINDER_VOLUMES_SIZE=50G #--- NTP NTP_SERVER=ntp.nict.jp #---------------------------------------------------------- # MAIN #---------------------------------------------------------- function main() { #--- SET UP setup_first #--- INSTALL RDO packstack --gen-answer-file answer.txt setup_rdo packstack --answer-file answer.txt #--- OPENSTACK SETUP create_glance_image ubuntu1204 ${CLOUD_IMAGE_URL[0]} create_glance_image ubuntu1404 ${CLOUD_IMAGE_URL[1]} setup_network setup_neutron setup_nova setup_neutron_demo_net setup_flavor setup_secgroup setup_keypair #--- FIN . /root/keystonerc_admin nova list nova-manage service list neutron agent-list neutron net-list } #---------------------------------------------------------- # SETUP INIT #---------------------------------------------------------- function setup_first() { rpm -ivh $EPEL_URL yum install -y --enablerepo=epel puppet nc wget ntpdate && ntpdate $NTP_SERVER yum install -y $RDO_URL yum install -y openstack-packstack yum update -y #--- SYSCTL sed -i.org \ -e "s/^net.ipv4.ip_forward.*=.*0/net.ipv4.ip_forward = 1/" \ -e "s/^net.ipv4.conf.all.rp_filter.*=.*1/net.ipv4.conf.all.rp_filter = 0/" \ -e "s/^net.ipv4.conf.default.rp_filter.*=.*1/net.ipv4.conf.default.rp_filter = 0/" \ /etc/sysctl.conf sysctl -p } #---------------------------------------------------------- # SETUP RDO #---------------------------------------------------------- function setup_rdo() { #--- MAIN PASSWORD sed -i.org \ -e "s/^CONFIG_KEYSTONE_ADMIN_PW=.*/CONFIG_KEYSTONE_ADMIN_PW=$CONFIG_KEYSTONE_ADMIN_PW/" \ -e "s/^CONFIG_KEYSTONE_DEMO_PW=.*/CONFIG_KEYSTONE_DEMO_PW=$CONFIG_KEYSTONE_DEMO_PW/" \ answer.txt #--- OTHER PASSWORD sed -i \ -e "s/^CONFIG_AMQP_NSS_CERTDB_PW=.*/CONFIG_AMQP_NSS_CERTDB_PW=$CONFIG_AMQP_NSS_CERTDB_PW/" \ -e "s/^CONFIG_MYSQL_PW=.*/CONFIG_MYSQL_PW=$CONFIG_MYSQL_PW/" \ -e "s/^CONFIG_KEYSTONE_DB_PW=.*/CONFIG_KEYSTONE_DB_PW=$CONFIG_KEYSTONE_DB_PW/" \ -e "s/^CONFIG_GLANCE_DB_PW=.*/CONFIG_GLANCE_DB_PW=$CONFIG_GLANCE_DB_PW/" \ -e "s/^CONFIG_GLANCE_KS_PW=.*/CONFIG_GLANCE_KS_PW=$CONFIG_GLANCE_KS_PW/" \ -e "s/^CONFIG_CINDER_DB_PW=.*/CONFIG_CINDER_DB_PW=$CONFIG_CINDER_DB_PW/" \ -e "s/^CONFIG_CINDER_KS_PW=.*/CONFIG_CINDER_KS_PW=$CONFIG_CINDER_KS_PW/" \ -e "s/^CONFIG_NOVA_DB_PW=.*/CONFIG_NOVA_DB_PW=$CONFIG_NOVA_DB_PW/" \ -e "s/^CONFIG_NOVA_KS_PW=.*/CONFIG_NOVA_KS_PW=$CONFIG_NOVA_KS_PW/" \ -e "s/^CONFIG_NEUTRON_KS_PW=.*/CONFIG_NEUTRON_KS_PW=$CONFIG_NEUTRON_KS_PW/" \ -e "s/^CONFIG_NEUTRON_DB_PW=.*/CONFIG_NEUTRON_DB_PW=$CONFIG_NEUTRON_DB_PW/" \ -e "s/^CONFIG_NEUTRON_METADATA_PW=.*/CONFIG_NEUTRON_METADATA_PW=$CONFIG_NEUTRON_METADATA_PW/" \ -e "s/^CONFIG_SWIFT_KS_PW=.*/CONFIG_SWIFT_KS_PW=$CONFIG_SWIFT_KS_PW/" \ -e "s/^CONFIG_PROVISION_TEMPEST_USER_PW=.*/CONFIG_PROVISION_TEMPEST_USER_PW=$CONFIG_PROVISION_TEMPEST_USER_PW/" \ -e "s/^CONFIG_HEAT_DB_PW=.*/CONFIG_HEAT_DB_PW=$CONFIG_HEAT_DB_PW/" \ -e "s/^CONFIG_HEAT_KS_PW=.*/CONFIG_HEAT_KS_PW=$CONFIG_HEAT_KS_PW/" \ -e "s/^CONFIG_CEILOMETER_KS_PW=.*/CONFIG_CEILOMETER_KS_PW=$CONFIG_CEILOMETER_KS_PW/" \ -e "s/^CONFIG_NAGIOS_PW=.*/CONFIG_NAGIOS_PW=$CONFIG_NAGIOS_PW/" \ answer.txt #--- SERVICE HOSTS sed -i \ -e "s/^CONFIG_CONTROLLER_HOST=.*/CONFIG_CONTROLLER_HOST=$CONFIG_CONTROLLER_HOST/" \ -e "s/^CONFIG_NETWORK_HOSTS=.*/CONFIG_NETWORK_HOSTS=$CONFIG_NETWORK_HOSTS/" \ -e "s/^CONFIG_AMQP_HOST=.*/CONFIG_AMQP_HOST=$CONFIG_AMQP_HOST/" \ -e "s/^CONFIG_MYSQL_HOST=.*/CONFIG_MYSQL_HOST=$CONFIG_MYSQL_HOST/" \ -e "s/^CONFIG_MONGODB_HOST=.*/CONFIG_MONGODB_HOST=$CONFIG_MONGODB_HOST/" \ -e "s/^CONFIG_COMPUTE_HOSTS=.*/CONFIG_COMPUTE_HOSTS=$CONFIG_COMPUTE_HOSTS/" \ answer.txt #--- IFACES sed -i \ -e "s/^CONFIG_NOVA_COMPUTE_PRIVIF=.*/CONFIG_NOVA_COMPUTE_PRIVIF=$CONFIG_NOVA_COMPUTE_PRIVIF/" \ -e "s/^CONFIG_NOVA_NETWORK_PUBIF=.*/CONFIG_NOVA_NETWORK_PUBIF=$CONFIG_NOVA_NETWORK_PUBIF/" \ -e "s/^CONFIG_NOVA_NETWORK_PRIVIF=.*/CONFIG_NOVA_NETWORK_PRIVIF=$CONFIG_NOVA_NETWORK_PRIVIF/" \ -e "s/^CONFIG_NEUTRON_OVS_BRIDGE_IFACES=.*/CONFIG_NEUTRON_OVS_BRIDGE_IFACES=$CONFIG_NEUTRON_OVS_BRIDGE_IFACES/" \ -e "s/^CONFIG_NEUTRON_OVS_TUNNEL_IF=.*/CONFIG_NEUTRON_OVS_TUNNEL_IF=$CONFIG_NEUTRON_OVS_TUNNEL_IF/" \ answer.txt #--- NEUTRON OVS sed -i \ -e "s/^CONFIG_NEUTRON_OVS_VLAN_RANGES=.*/CONFIG_NEUTRON_OVS_VLAN_RANGES=$CONFIG_NEUTRON_OVS_VLAN_RANGES/" \ -e "s/^CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=.*/CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=$CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS/" \ answer.txt #--- NETWORK TYPE sed -i \ -e "s/^CONFIG_NEUTRON_ML2_TYPE_DRIVERS=.*/CONFIG_NEUTRON_ML2_TYPE_DRIVERS=$CONFIG_NEUTRON_ML2_TYPE_DRIVERS/" \ -e "s/^CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=.*/CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=$CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES/" \ -e "s/^CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=.*/CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=$CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE/" \ answer.txt #--- DEMO sed -i \ -e "s/^CONFIG_PROVISION_DEMO=y/CONFIG_PROVISION_DEMO=n/" \ answer.txt #--- TOKEN FORMAT sed -i \ -e "s/^CONFIG_KEYSTONE_TOKEN_FORMAT=PKI/CONFIG_KEYSTONE_TOKEN_FORMAT=UUID/" \ answer.txt #--- CINDER sed -i \ -e "s/^CONFIG_CINDER_VOLUMES_SIZE=20G/CONFIG_CINDER_VOLUMES_SIZE=$CONFIG_CINDER_VOLUMES_SIZE/" \ answer.txt #--- HEAT INSTALL sed -i \ -e "s/^CONFIG_HEAT_INSTALL=n/CONFIG_HEAT_INSTALL=y/" \ -e "s/^CONFIG_HEAT_CLOUDWATCH_INSTALL=n/CONFIG_HEAT_CLOUDWATCH_INSTALL=y/" \ -e "s/^CONFIG_HEAT_CFN_INSTALL=n/CONFIG_HEAT_CFN_INSTALL=y/" \ answer.txt #----------------------------------------------------------- # NO INSTALL #----------------------------------------------------------- #--- NAGIOS NO INSTALL sed -i \ -e "s/^CONFIG_NAGIOS_INSTALL=y/CONFIG_NAGIOS_INSTALL=n/" \ answer.txt #--- CINDER NO INSTALL #sed -i \ # -e "s/^CONFIG_CINDER_INSTALL=.*/CONFIG_CINDER_INSTALL=n/" \ # answer.txt #--- SWIFT NO INSTALL #sed -i \ # -e "s/^CONFIG_SWIFT_INSTALL=.*/CONFIG_SWIFT_INSTALL=n/" \ # answer.txt #--- CEILOMETER NO INSTALL #sed -i \ # -e "s/^CONFIG_CEILOMETER_INSTALL=.*/CONFIG_CEILOMETER_INSTALL=n/" \ # answer.txt } #----------------------------------------------------------- # NETWORK #----------------------------------------------------------- function setup_network() { # ifcfg-eth0 cat << EOT >/etc/sysconfig/network-scripts/ifcfg-eth0 && sed -i 's/^ *//g' /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes TYPE=OVSPort DEVICETYPE=ovs OVS_BRIDGE=br-ex EOT # ifcfg-br-ex cat << EOT > /etc/sysconfig/network-scripts/ifcfg-br-ex && sed -i 's/^ *//g' /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex TYPE=OVSBridge DEVICETYPE=ovs BOOTPROTO=static IPADDR=$WAN_IPADDRESS NETMASK=255.255.255.0 GATEWAY=$WAN_GATEWAY ONBOOT=yes EOT # restart /etc/init.d/network restart } #----------------------------------------------------------- # GLANCE #----------------------------------------------------------- function create_glance_image() { local CLOUD_IMAGE_NAME=$1 local CLOUD_IMAGE_URL=$2 wget $CLOUD_IMAGE_URL -O /dev/shm/$CLOUD_IMAGE_NAME.tar.gz truncate --size 2GB /dev/shm/$CLOUD_IMAGE_NAME.raw LOOP_DEV=`losetup -f` losetup $LOOP_DEV /dev/shm/$CLOUD_IMAGE_NAME.raw mkfs $LOOP_DEV mkdir -p /mnt/cloud-image mount $LOOP_DEV /mnt/cloud-image tar -xf /dev/shm/$CLOUD_IMAGE_NAME.tar.gz -C /mnt/cloud-image if [ -f /mnt/cloud-image/etc/rsyslog.conf ] then sed -i.org 's/^$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf fi umount $LOOP_DEV losetup -d $LOOP_DEV . /root/keystonerc_admin glance image-create \ --name $CLOUD_IMAGE_NAME-lxc \ --is-public True \ --disk-format raw \ --container-format bare \ --property hypervisor_type=lxc \ --progress \ --file /dev/shm/$CLOUD_IMAGE_NAME.raw && \ rm /dev/shm/$CLOUD_IMAGE_NAME.raw && \ rm /dev/shm/$CLOUD_IMAGE_NAME.tar.gz glance image-list } #----------------------------------------------------------- # NOVA #----------------------------------------------------------- function setup_nova() { sed -i.org \ -e "s/^virt_type=.*/virt_type=lxc/" \ -e "s/^[# ]*use_cow_images=.*/use_cow_images=false/g" \ /etc/nova/nova.conf #--- restart chkconfig openstack-nova-metadata-api off chkconfig openstack-nova-api on for SERVICE_NAME in $(ls /etc/init.d/openstack-nova-*) do $SERVICE_NAME restart done } #----------------------------------------------------------- # NEUTRON #----------------------------------------------------------- function setup_neutron() { # /etc/neutron/plugin.ini echo "[ovs]" >> /etc/neutron/plugin.ini echo "network_vlan_ranges = physnet1" >> /etc/neutron/plugin.ini echo "bridge_mappings = physnet1:br-ex" >> /etc/neutron/plugin.ini # /etc/neutron/*.ini for i in /etc/neutron/*.ini do sed -i.org "s/^[# ]*ovs_use_veth.*$/ovs_use_veth = True/g" $i done # dhcp_agent.ini sed -i.org \ -e "s/^enable_isolated_metadata.*$/enable_isolated_metadata = True/" \ -e "s/^enable_metadata_network.*$/enable_metadata_network = True/" \ /etc/neutron/dhcp_agent.ini # restart for SERVICE_NAME in $(ls /etc/init.d/neutron-*) do $SERVICE_NAME restart done } #----------------------------------------------------------- # NEUTRON DEMO NET #----------------------------------------------------------- function setup_neutron_demo_net(){ . /root/keystonerc_admin #--- WAN neutron net-create WAN \ --shared \ --router:external true neutron subnet-create \ --name wan_subnet \ --enable_dhcp=False \ --allocation-pool=start=$WAN_POOL_START,end=$WAN_POOL_END \ --gateway=$WAN_GATEWAY \ WAN \ $WAN_NETWORK #--- LAN neutron net-create LAN \ --shared neutron subnet-create \ --name lan_subnet \ --enable_dhcp=True \ --allocation-pool=start=$LAN_POOL_START,end=$LAN_POOL_END \ --gateway=$LAN_GATEWAY \ LAN \ $LAN_NETWORK #--- ROUTER neutron router-create router neutron router-gateway-set router WAN neutron router-interface-add router lan_subnet } #----------------------------------------------------------- # SECGROUP #----------------------------------------------------------- function setup_secgroup(){ echo "### setup_secgroup ###" . /root/keystonerc_admin nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 } #----------------------------------------------------------- # KEYPAIR #----------------------------------------------------------- function setup_keypair() { echo "### setup_keypair ###" . /root/keystonerc_admin cd && nova keypair-add mykey > mykey && chmod 600 mykey nova keypair-list } #----------------------------------------------------------- # FLAVOR #----------------------------------------------------------- function setup_flavor() { echo "### setup_flavor ###" . /root/keystonerc_admin nova flavor-delete 1 # NAME ID RAM DISK VCPUS nova flavor-create m1.tiny 1 64 3 1 nova flavor-list } main
shell
bash rdo-setup.sh
compute機にて
ハイパーバイザをlxcに変更する
shell
ntpdate ntp.nict.jp
yum --enablerepo=epel install lxc lxc-templates lxc-doc lxc-libs
virsh net-destroy default
virsh net-autostart default --disable
sed -i.org \
-e "s/^virt_type=.*/virt_type=lxc/" \
-e "s/^[# ]*use_cow_images=.*/use_cow_images=false/g" \
/etc/nova/nova.conf
for SERVICE_NAME in $(ls /etc/init.d/openstack-nova-*)
do
$SERVICE_NAME restart
done
mv /selinux /selinux_
まとめ
仮想上の検証OSでopenstackを組むときはハイパーバイザをqemuにするよりlxcのほうがきびきびと動く。
centosにはqemu-ndbがないのでubuntuで実装するよりインスタンスのビルドに時間がかかる。