본문 바로가기

Cloud Native/Install_OpenStack

OpenStack Kilo Single Node install

서버 하나에 OpenStack 설치


OpenStack을 설치하는 방법에는 여러가지가 있다.


대표적으로 Single Node / Multi Node로 나뉠 수 있는데 Single Node는 서버 하나에 모든 OpenStack을 설치하는 것이고 Multi Node는 OpenStack 서비스에 맞게 서버를 나뉘어 설치하는 것이다.


보통 Single Node에 설치하는 경우 DevStack 또는 ContOS에서 PackStack을 사용하곤 한다.

(CentOS 에서 사용하는 PackStack은 매우 매력적이다.)


DevStack을 이용하는 경우 설치 및 실행에는 문제가 없으나 서비스 별 리스타트를 해야하는 경우 꽤 복잡한 절차가 기다리고 있다.


이런 경우에 '그냥 서버 하나에 모두 설치할걸..' 하는 생각을 많이 하곤 한다.


본 포스팅은 서버하나에 OpenStack Kilo 버전을 설치하는 내용이다. (VirtualBox 및 VMware를 사용하지 않는다)



OpenStack Single Node Install (Kilo version)




1. 기본 설정


1-1. IP 설정

    • neutron 인스톨 이후에 br-ex를 사용
    • neutron 인스톨 전에는 eth0에 br-ex에 설정할 IP 내용이 적용되어야 함

$ sudo vi /etc/network/interfaces


# Public Network

auto br-ex

iface br-ex inet static

      address <Public_IP>

      gateway <Public Network GW>

      netmask 255.255.255.0

      dns-nameservers 8.8.8.8 8.8.4.4


auto eth0

iface eth0 inet manual

      up ip link set dev $IFACE up

      down ip link set dev $IFACE down


# Management Network

auto eth1

iface eth1 inet static

      address 10.0.0.5

      netmask 255.255.255.0


# Data Network

auto eth2

iface eth2 inet static

      address 20.0.0.5

      netmask 255.255.255.0


1-2. 업데이트 & 업그레이드 / 필수 프로그램 설치


$ sudo apt-get update

$ sudo apt-get -y upgrade


1-3. OpenStack Kilo Repository 설정


apt-get install ubuntu-cloud-keyring

$ sudo su

$ sudo echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main" > /etc/apt/sources.list.d/cloudarchive-kilo.list

$ exit

$ sudo apt-get update

$ sudo apt-get -y upgrade


$ sudo reboot



2. RabbitMQ Server


2-1. RabbitMQ Server install


sudo apt-get install -y rabbitmq-server


2-2. change user guest password

  • 본 예제에서 guest 사용자에 대한 password는 rabbit으로 교체

sudo rabbitmqctl change_password guest rabbit



3. MYSQL Server


3-1. MySql Server install

  • root password를 설정

sudo apt-get install -y mysql-server python-mysqldb


3-2. MySql 설정


sudo vi /etc/mysql/my.cnf


--------------------------------------------------------------

...

[mysqld]

...

bind-address = 0.0.0.0

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

init-connect = 'SET NAMES utf8'

character-set-server = utf8

...

--------------------------------------------------------------


3-3. MySql Server 재실행


sudo service mysql restart



4. NTP 및 Utility


4-1. ntp/vlan/bridge-utils install


sudo apt-get install -y ntp vlan bridge-utils


4-2. NTP 설정


sudo vi /etc/sysctl.conf


--------------------------------------------------------------

net.ipv4.ip_forward=1

net.ipv4.conf.all.rp_filter=0

net.ipv4.conf.default.rp_filter=0

--------------------------------------------------------------


4-3. NTP 재실행


sudo sysctl -p



5. Keystone


5-1. keystone install


sudo apt-get install -y keystone


5-2. keystone DB 테이블 생성


$ mysql -u root -p


CREATE DATABASE keystone;

# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone_dbpass';

# quit


5-3. keystone 설정


$ sudo vi /etc/keystone/keystone.conf


--------------------------------------------------------------

...

connection = mysql://keystone:keystone_dbpass@<management_ip>/keystone

...

--------------------------------------------------------------


5-4. keystone 재실행 및 DB sync


sudo service keystone restart

$ sudo keystone-manage db_sync


5-5. keystone 사용자 등록


export OS_SERVICE_TOKEN=ADMIN

$ export OS_SERVICE_ENDPOINT=http://<management_ip>:35357/v2.0


$ keystone tenant-create --name=admin --description="Admin Tenant"

$ keystone tenant-create --name=service --description="Service Tenant"

$ keystone user-create --name=admin --pass=admin --email=admin@example.com

$ keystone role-create --name=admin

$ keystone user-role-add --user=admin --tenant=admin --role=admin


5-6. keystone 서비스 및 endpoint 생성


keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

$ keystone endpoint-create --region=testbed01 --service=keystone --publicurl=http://<management_ip>:5000/v2.0 --internalurl=http://<management_ip>:5000/v2.0 --adminurl=http://<management_ip>:35357/v2.0


5-7. export 정보 삭제


unset OS_SERVICE_TOKEN

$ unset OS_SERVICE_ENDPOINT


5-8. keystone admin 계정 파일 생성


$ vi admin_keystone


--------------------------------------------------------------

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_TENANT_NAME=admin

export OS_AUTH_URL=http://<management_ip>:35357/v2.0

--------------------------------------------------------------


5-9. keystone 동작 및 토큰 확인


source admin_keystone


$ keystone token-get

$ keystone user-list



6. Glance


6-1. glance install


sudo apt-get install -y glance


6-2. glance DB 테이블 생성


mysql -u root -p


# CREATE DATABASE glance;

# GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance_dbpass';

# quit


6-3. keystone 사용자 glance 등록


keystone user-create --name=glance --pass=glance_pass --email=glance@example.com

$ keystone user-role-add --user=glance --tenant=service --role=admin

$ keystone service-create --name=glance --type=image --description="Glance Image Service"

$ keystone endpoint-create --region=testbed01 --service=glance --publicurl=http://<management_ip>:9292 --internalurl=http://<management_ip>:9292 --adminurl=http://<management_ip>:9292



6-4. glance 설정


sudo vi /etc/glance/glance-api.conf


--------------------------------------------------------------

...

rabbit_password = rabbit

...

# sqlite_db = /var/lib/glance/glance.sqlite

connection = mysql://glance:glance_dbpass@<management_ip>/glance

...


[keystone_authtoken]

identity_uri = http://<management_ip>:35357

admin_tenant_name = service

admin_user = glance

admin_password = glance_pass

...


[paste_deploy]

flavor = keystone

...

--------------------------------------------------------------


sudo vi /etc/glance/glance-registry.conf


--------------------------------------------------------------

...

rabbit_password = rabbit

...

# sqlite_db = /var/lib/glance/glance.sqlite

connection = mysql://glance:glance_dbpass@<management_ip>/glance


...

[keystone_authtoken]

identity_uri = http://<management_ip>:35357

admin_tenant_name = service

admin_user = glance

admin_password = glance_pass


...

[paste_deploy]

flavor = keystone

...

--------------------------------------------------------------


6-5. glance 재실행


sudo service glance-api restart

$ sudo service glance-registry restart


6-6. glance DB sync 및 이미지 등록/확인


sudo glance-manage db_sync


$ glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img


$ glance image-list



7. NOVA


7-1. nova install


sudo apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-compute nova-console


7-2. nova DB 테이블 생성


mysql -u root -p


# CREATE DATABASE nova;

# GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova_dbpass';

# quit


7-3. keystone 사용자 nova 등록


keystone user-create --name=nova --pass=nova_pass --email=nova@example.com

$ keystone user-role-add --user=nova --tenant=service --role=admin

$ keystone service-create --name=nova --type=compute --description="OpenStack Compute"

$ keystone endpoint-create --region=testbed01 --service=nova --publicurl=http://<management_ip>:8774/v2/%\(tenant_id\)s --internalurl=http://<management_ip>:8774/v2/%\(tenant_id\)s --adminurl=http://<management_ip>:8774/v2/%\(tenant_id\)s


7-4. nova 설정


sudo vi /etc/nova/nova.conf


--------------------------------------------------------------

[DEFAULT]

dhcpbridge_flagfile=/etc/nova/nova.conf

dhcpbridge=/usr/bin/nova-dhcpbridge

logdir=/var/log/nova

state_path=/var/lib/nova

lock_path=/var/lock/nova

force_dhcp_release=True

libvirt_use_virtio_for_bridges=True

verbose=True

ec2_private_dns_show_ip=True

api_paste_config=/etc/nova/api-paste.ini

enabled_apis=ec2,osapi_compute,metadata

rpc_backend = rabbit

auth_strategy = keystone

my_ip = <management_ip>

vnc_enabled = True

vncserver_listen = <management_ip>

vncserver_proxyclient_address = <management_ip>

novncproxy_base_url = http://<public_ip>:6080/vnc_auto.html


network_api_class = nova.network.neutronv2.api.API

security_group_api = neutron

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver

firewall_driver = nova.virt.firewall.NoopFirewallDriver


scheduler_default_filters=AllHostsFilter


[database]

connection = mysql://nova:nova_dbpass@<management_ip>/nova


[oslo_messaging_rabbit]

rabbit_host = 127.0.0.1

rabbit_password = rabbit


[keystone_authtoken]

auth_uri = http://<management_ip>:5000

auth_url = http://<management_ip>:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = nova

password = nova_pass


[glance]

host = <management_ip>


[oslo_concurrency]

lock_path = /var/lock/nova


[neutron]

service_metadata_proxy = True

metadata_proxy_shared_secret = openstack

url = http://<management_ip>:9696

auth_strategy = keystone

admin_auth_url = http://<management_ip>:35357/v2.0

admin_tenant_name = service

admin_username = neutron

admin_password = neutron_pass

--------------------------------------------------------------


sudo vi /etc/nova/nova-compute.conf


[DEFAULT]

compute_driver=libvirt.LibvirtDriver

[libvirt]

virt_type=qemu


7-5. nova DB sync 및 재실행/확인


sudo nova-manage db sync


$ sudo service nova-api restart

$ sudo service nova-cert restart

$ sudo service nova-consoleauth restart

$ sudo service nova-scheduler restart

$ sudo service nova-conductor restart

$ sudo service nova-novncproxy restart

$ sudo service nova-compute restart

$ sudo service nova-console restart


$ sudo nova-manage service list



8. Neutron


8-1. neutron install


sudo apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch


8-2. neutron DB 테이블 생성


mysql -u root -p


# CREATE DATABASE neutron;

# GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron_dbpass';

# quit


8-3. keystone 사용자 neutron 등록


keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com

$ keystone service-create --name=neutron --type=network --description="OpenStack Networking"

$ keystone user-role-add --user=neutron --tenant=service --role=admin

$ keystone endpoint-create --region=testbed01 --service=neutron --publicurl http://<management_ip>:9696 --adminurl http://<management_ip>:9696  --internalurl http://<management_ip>:9696


8-4. neutron 설정


sudo vi /etc/neutron/neutron.conf


--------------------------------------------------------------

[DEFAULT]

......

verbose = True

debug = True

core_plugin = ml2

service_plugins = router

auth_strategy = keystone

allow_overlapping_ips = True

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

nova_url = http://<management_ip>:8774/v2

nova_region_name = testbed01

...

rpc_backend=rabbit


[agent]

......

root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf


[keystone_authtoken]

auth_uri = http://<management_ip>:5000

auth_url = http://<management_ip>:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = neutron

password = neutron_pass


[database]

......

connection = mysql://neutron:neutron_dbpass@<management_ip>/neutron


[nova]

......

auth_url = http://<management_ip>:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

region_name = testbed01

project_name = service

username = nova

password = nova_pass


[oslo_concurrency]

......

lock_path = /var/lock/neutron/


[oslo_messaging_rabbit]

......

rabbit_host = localhost

rabbit_userid = guest

rabbit_password = rabbit

rabbit_virtual_host = /

--------------------------------------------------------------


sudo vi /etc/neutron/plugins/ml2/ml2_conf.ini


--------------------------------------------------------------

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types=vxlan

mechanism_drivers=openvswitch

...


[ml2_type_gre]

tunnel_id_ranges = 1:1000


[ml2_type_vxlan]

vni_ranges = 1001:2000


[securitygroup]

enable_security_group=True

enable_ipset = True

firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


[ovs]

local_ip = <data_ip>

tunnel_type = vxlan

tunnel_bridge = br-tun

integration_bridge = br-int

tunnel_id_ranges=1001:2000

tenant_network_type = vxlan

enable_tunneling = True


[agent]

minimize_polling = True

root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf

tunnel_types = vxlan

vxlan_udp_port = 4789

l2_population = False

--------------------------------------------------------------


sudo vi /etc/neutron/metadata_agent.ini


--------------------------------------------------------------

[DEFAULT]

auth_url = http://<management_ip>:5000/v2.0

auth_region = testbed01

admin_tenant_name = service

admin_user = neutron

admin_password = neutron_pass

metadata_proxy_shared_secret = openstack

--------------------------------------------------------------


sudo vi /etc/neutron/dhcp_agent.ini


--------------------------------------------------------------

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

use_namespaces = True

--------------------------------------------------------------


sudo vim /etc/neutron/l3_agent.ini


--------------------------------------------------------------

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

use_namespaces = True

--------------------------------------------------------------


8-5. ovs 브릿지 생성 및 포트 바인딩

    • 최초 설정한 네트워크(/etc/network/interfaces)의 br-ex 활성화

$ sudo ovs-vsctl add-br br-ex

$ sudo ovs-vsctl add-port br-ex eth0


8-6. neutron DB sync 및 재실행


sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade kilo


$ sudo service neutron-server restart

$ sudo service neutron-plugin-openvswitch-agent restart

$ sudo service neutron-metadata-agent restart

$ sudo service neutron-dhcp-agent restart

$ sudo service neutron-l3-agent restart



9. Horizon


9-1. horizon install


sudo apt-get install -y openstack-dashboard



10. 사용자 UI 접속 및 서비스 사용


horizon url : http://<public_ip>/horizon


user name : admin

password : admin