서버 하나에 OpenStack 설치
OpenStack을 설치하는 방법에는 여러가지가 있다.
대표적으로 Single Node / Multi Node로 나뉠 수 있는데 Single Node는 서버 하나에 모든 OpenStack을 설치하는 것이고 Multi Node는 OpenStack 서비스에 맞게 서버를 나뉘어 설치하는 것이다.
보통 Single Node에 설치하는 경우 DevStack 또는 ContOS에서 PackStack을 사용하곤 한다.
(CentOS 에서 사용하는 PackStack은 매우 매력적이다.)
DevStack을 이용하는 경우 설치 및 실행에는 문제가 없으나 서비스 별 리스타트를 해야하는 경우 꽤 복잡한 절차가 기다리고 있다.
이런 경우에 '그냥 서버 하나에 모두 설치할걸..' 하는 생각을 많이 하곤 한다.
본 포스팅은 서버하나에 OpenStack Kilo 버전을 설치하는 내용이다. (VirtualBox 및 VMware를 사용하지 않는다)
OpenStack Single Node Install (Kilo version)
1. 기본 설정
1-1. IP 설정
- neutron 인스톨 이후에 br-ex를 사용
- neutron 인스톨 전에는 eth0에 br-ex에 설정할 IP 내용이 적용되어야 함
$ sudo vi /etc/network/interfaces
# Public Network
auto br-ex
iface br-ex inet static
address <Public_IP>
gateway <Public Network GW>
netmask 255.255.255.0
dns-nameservers 8.8.8.8 8.8.4.4
auto eth0
iface eth0 inet manual
up ip link set dev $IFACE up
down ip link set dev $IFACE down
# Management Network
auto eth1
iface eth1 inet static
address 10.0.0.5
netmask 255.255.255.0
# Data Network
auto eth2
iface eth2 inet static
address 20.0.0.5
netmask 255.255.255.0
1-2. 업데이트 & 업그레이드 / 필수 프로그램 설치
$ sudo apt-get update
$ sudo apt-get -y upgrade
1-3. OpenStack Kilo Repository 설정
$ apt-get install ubuntu-cloud-keyring
$ sudo su
$ sudo echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main" > /etc/apt/sources.list.d/cloudarchive-kilo.list
$ exit
$ sudo apt-get update
$ sudo apt-get -y upgrade
$ sudo reboot
2. RabbitMQ Server
2-1. RabbitMQ Server install
$ sudo apt-get install -y rabbitmq-server
2-2. change user guest password
- 본 예제에서 guest 사용자에 대한 password는 rabbit으로 교체
$ sudo rabbitmqctl change_password guest rabbit
3. MYSQL Server
3-1. MySql Server install
- root password를 설정
$ sudo apt-get install -y mysql-server python-mysqldb
3-2. MySql 설정
$ sudo vi /etc/mysql/my.cnf
--------------------------------------------------------------
...
[mysqld]
...
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
...
--------------------------------------------------------------
3-3. MySql Server 재실행
$ sudo service mysql restart
4. NTP 및 Utility
4-1. ntp/vlan/bridge-utils install
$ sudo apt-get install -y ntp vlan bridge-utils
4-2. NTP 설정
$ sudo vi /etc/sysctl.conf
--------------------------------------------------------------
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
--------------------------------------------------------------
4-3. NTP 재실행
$ sudo sysctl -p
5. Keystone
5-1. keystone install
$ sudo apt-get install -y keystone
5-2. keystone DB 테이블 생성
$ mysql -u root -p
# CREATE DATABASE keystone;
# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone_dbpass';
# quit
5-3. keystone 설정
$ sudo vi /etc/keystone/keystone.conf
--------------------------------------------------------------
...
connection = mysql://keystone:keystone_dbpass@<management_ip>/keystone
...
--------------------------------------------------------------
5-4. keystone 재실행 및 DB sync
$ sudo service keystone restart
$ sudo keystone-manage db_sync
5-5. keystone 사용자 등록
$ export OS_SERVICE_TOKEN=ADMIN
$ export OS_SERVICE_ENDPOINT=http://<management_ip>:35357/v2.0
$ keystone tenant-create --name=admin --description="Admin Tenant"
$ keystone tenant-create --name=service --description="Service Tenant"
$ keystone user-create --name=admin --pass=admin --email=admin@example.com
$ keystone role-create --name=admin
$ keystone user-role-add --user=admin --tenant=admin --role=admin
5-6. keystone 서비스 및 endpoint 생성
$ keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
$ keystone endpoint-create --region=testbed01 --service=keystone --publicurl=http://<management_ip>:5000/v2.0 --internalurl=http://<management_ip>:5000/v2.0 --adminurl=http://<management_ip>:35357/v2.0
5-7. export 정보 삭제
$ unset OS_SERVICE_TOKEN
$ unset OS_SERVICE_ENDPOINT
5-8. keystone admin 계정 파일 생성
$ vi admin_keystone
--------------------------------------------------------------
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://<management_ip>:35357/v2.0
--------------------------------------------------------------
5-9. keystone 동작 및 토큰 확인
$ source admin_keystone
$ keystone token-get
$ keystone user-list
6. Glance
6-1. glance install
$ sudo apt-get install -y glance
6-2. glance DB 테이블 생성
$ mysql -u root -p
# CREATE DATABASE glance;
# GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance_dbpass';
# quit
6-3. keystone 사용자 glance 등록
$ keystone user-create --name=glance --pass=glance_pass --email=glance@example.com
$ keystone user-role-add --user=glance --tenant=service --role=admin
$ keystone service-create --name=glance --type=image --description="Glance Image Service"
$ keystone endpoint-create --region=testbed01 --service=glance --publicurl=http://<management_ip>:9292 --internalurl=http://<management_ip>:9292 --adminurl=http://<management_ip>:9292
6-4. glance 설정
$ sudo vi /etc/glance/glance-api.conf
--------------------------------------------------------------
...
rabbit_password = rabbit
...
# sqlite_db = /var/lib/glance/glance.sqlite
connection = mysql://glance:glance_dbpass@<management_ip>/glance
...
[keystone_authtoken]
identity_uri = http://<management_ip>:35357
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass
...
[paste_deploy]
flavor = keystone
...
--------------------------------------------------------------
$ sudo vi /etc/glance/glance-registry.conf
--------------------------------------------------------------
...
rabbit_password = rabbit
...
# sqlite_db = /var/lib/glance/glance.sqlite
connection = mysql://glance:glance_dbpass@<management_ip>/glance
...
[keystone_authtoken]
identity_uri = http://<management_ip>:35357
admin_tenant_name = service
admin_user = glance
admin_password = glance_pass
...
[paste_deploy]
flavor = keystone
--------------------------------------------------------------
6-5. glance 재실행
$ sudo service glance-api restart
$ sudo service glance-registry restart
6-6. glance DB sync 및 이미지 등록/확인
$ sudo glance-manage db_sync
$ glance image-create --name Cirros --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
$ glance image-list
7. NOVA
7-1. nova install
$ sudo apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient nova-compute nova-console
7-2. nova DB 테이블 생성
$ mysql -u root -p
# CREATE DATABASE nova;
# GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova_dbpass';
# quit
7-3. keystone 사용자 nova 등록
$ keystone user-create --name=nova --pass=nova_pass --email=nova@example.com
$ keystone user-role-add --user=nova --tenant=service --role=admin
$ keystone service-create --name=nova --type=compute --description="OpenStack Compute"
$ keystone endpoint-create --region=testbed01 --service=nova --publicurl=http://<management_ip>:8774/v2/%\(tenant_id\)s --internalurl=http://<management_ip>:8774/v2/%\(tenant_id\)s --adminurl=http://<management_ip>:8774/v2/%\(tenant_id\)s
7-4. nova 설정
$ sudo vi /etc/nova/nova.conf
--------------------------------------------------------------
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = <management_ip>
vnc_enabled = True
vncserver_listen = <management_ip>
vncserver_proxyclient_address = <management_ip>
novncproxy_base_url = http://<public_ip>:6080/vnc_auto.html
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
scheduler_default_filters=AllHostsFilter
[database]
connection = mysql://nova:nova_dbpass@<management_ip>/nova
[oslo_messaging_rabbit]
rabbit_host = 127.0.0.1
rabbit_password = rabbit
[keystone_authtoken]
auth_uri = http://<management_ip>:5000
auth_url = http://<management_ip>:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova_pass
[glance]
host = <management_ip>
[oslo_concurrency]
lock_path = /var/lock/nova
[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = openstack
url = http://<management_ip>:9696
auth_strategy = keystone
admin_auth_url = http://<management_ip>:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron_pass
--------------------------------------------------------------
$ sudo vi /etc/nova/nova-compute.conf
[DEFAULT]
compute_driver=libvirt.LibvirtDriver
[libvirt]
virt_type=qemu
7-5. nova DB sync 및 재실행/확인
$ sudo nova-manage db sync
$ sudo service nova-api restart
$ sudo service nova-cert restart
$ sudo service nova-consoleauth restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service nova-novncproxy restart
$ sudo service nova-compute restart
$ sudo service nova-console restart
$ sudo nova-manage service list
8. Neutron
8-1. neutron install
$ sudo apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent neutron-common neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch-switch
8-2. neutron DB 테이블 생성
$ mysql -u root -p
# CREATE DATABASE neutron;
# GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron_dbpass';
# quit
8-3. keystone 사용자 neutron 등록
$ keystone user-create --name=neutron --pass=neutron_pass --email=neutron@example.com
$ keystone service-create --name=neutron --type=network --description="OpenStack Networking"
$ keystone user-role-add --user=neutron --tenant=service --role=admin
$ keystone endpoint-create --region=testbed01 --service=neutron --publicurl http://<management_ip>:9696 --adminurl http://<management_ip>:9696 --internalurl http://<management_ip>:9696
8-4. neutron 설정
$ sudo vi /etc/neutron/neutron.conf
--------------------------------------------------------------
[DEFAULT]
......
verbose = True
debug = True
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://<management_ip>:8774/v2
nova_region_name = testbed01
...
rpc_backend=rabbit
[agent]
......
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_uri = http://<management_ip>:5000
auth_url = http://<management_ip>:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron_pass
[database]
......
connection = mysql://neutron:neutron_dbpass@<management_ip>/neutron
[nova]
......
auth_url = http://<management_ip>:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = testbed01
project_name = service
username = nova
password = nova_pass
[oslo_concurrency]
......
lock_path = /var/lock/neutron/
[oslo_messaging_rabbit]
......
rabbit_host = localhost
rabbit_userid = guest
rabbit_password = rabbit
rabbit_virtual_host = /
--------------------------------------------------------------
$ sudo vi /etc/neutron/plugins/ml2/ml2_conf.ini
--------------------------------------------------------------
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types=vxlan
mechanism_drivers=openvswitch
...
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
vni_ranges = 1001:2000
[securitygroup]
enable_security_group=True
enable_ipset = True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
local_ip = <data_ip>
tunnel_type = vxlan
tunnel_bridge = br-tun
integration_bridge = br-int
tunnel_id_ranges=1001:2000
tenant_network_type = vxlan
enable_tunneling = True
[agent]
minimize_polling = True
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
tunnel_types = vxlan
vxlan_udp_port = 4789
l2_population = False
--------------------------------------------------------------
$ sudo vi /etc/neutron/metadata_agent.ini
--------------------------------------------------------------
[DEFAULT]
auth_url = http://<management_ip>:5000/v2.0
auth_region = testbed01
admin_tenant_name = service
admin_user = neutron
admin_password = neutron_pass
metadata_proxy_shared_secret = openstack
--------------------------------------------------------------
$ sudo vi /etc/neutron/dhcp_agent.ini
--------------------------------------------------------------
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
--------------------------------------------------------------
$ sudo vim /etc/neutron/l3_agent.ini
--------------------------------------------------------------
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
--------------------------------------------------------------
8-5. ovs 브릿지 생성 및 포트 바인딩
- 최초 설정한 네트워크(/etc/network/interfaces)의 br-ex 활성화
$ sudo ovs-vsctl add-br br-ex
$ sudo ovs-vsctl add-port br-ex eth0
8-6. neutron DB sync 및 재실행
$ sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade kilo
$ sudo service neutron-server restart
$ sudo service neutron-plugin-openvswitch-agent restart
$ sudo service neutron-metadata-agent restart
$ sudo service neutron-dhcp-agent restart
$ sudo service neutron-l3-agent restart
9. Horizon
9-1. horizon install
$ sudo apt-get install -y openstack-dashboard
10. 사용자 UI 접속 및 서비스 사용
horizon url : http://<public_ip>/horizon
user name : admin
password : admin
'Cloud Native > Install_OpenStack' 카테고리의 다른 글
| DevStack을 활용한 OpenStack Kilo 설치 - DVR (35) | 2015.10.03 |
|---|---|
| OpenStack Kilo Install - Dashboard (10) | 2015.10.01 |
| OpenStack Kilo Install - Network Service (20) | 2015.10.01 |
| OpenStack Kilo Install - Compute Service (6) | 2015.10.01 |
| OpenStack Kilo Install - Image Service (0) | 2015.10.01 |
