OpenStack 설치 - Ubuntu

Ubuntu Server 13.04 환경에서 OpenStack Grizzle를 설치 합니다.

요구 사항

• 지원 OS

• CentOS, RHEL, Ubuntu
• Debian, Fedora, openSUSE, SLE

• Node별 Hardware recommend

Server	Service	Recommend
Controller node	Administrative Web-Interface (Horizon) Apache HTTP Server Django-based application memcache novnc (Web-based VNC client) Identity Service (Keystone) Compute Infrastructure (Nova) API Server (nova-api) Message Queue (rabbit-mq server) Network Controller (nova-network) Volume Worker (nova-volume) Scheduler (nova-scheduler) Imaging Service (Glance) Networking (Quantum) Quantum Server I3 Agent DHCP Agent openVSwitch plugin	장비 사양 Processor: 64-bits x86 4 core / 12 GB Memory / 30 GB Disk Volume : 2 TB (SATA) * 2 NIC : 1 Gbps * 1 Web Server : Apache HTTP Server, Nginx Session cache : memcache 등
Compute node	Compute Infrastructure (Nova) Compute Worker (nova-compute) Networking (Quantum) OpenVSwitch agent KVM (libirt) or Xen (XCP or XenServer)	장비 사양 Processor: 64-bits x86 AMD-V or Inter VT ? core / 32 GB Memory / 30 GB Disk Volume : 2 TB (SATA) * 2 NIC : 1 Gbps * 2 Virtual machine Network options : flat, DHCP, VLAN / 2 NICs Virtualization xapi : XCP (Xen Cloud Platform), XenServer livirt : KVM, QEMU, LXC, VMWare
volume controller	OpenStack Block Storage (Cinder)	LVM (Logical Volume Manager)
network controller	Compute Infrastructure (Nova) Network Controller (nova-network)	방화벽 : iptables dnsmasq Linux VLANs apt-get install vlan bridge-utils Linux bridging
messaging server	RabbitMQ	Message queue : RabbitMQ, Qpid, ZeroMQ(0MQ)
database server	MySQL	Database : MySQL, PostgreSQL, SQLite

• Network recommend

Type	Comment
Management network	255 IPs (CIDR/24), 사설 IP 내부 서버간 통신
Public network	8 IPs 이상 (CIDR/29), 공인 IP API endpoints
VM network	1024 IPs (CIDR/22), 사설 IP cloud instance에 할당되는 사설 IP
Floating IP network	16 IPs 이상 (CIDR/28), 공인 IP cloud instance에 접속하기 위해 사용되는 공인 IP

설치 환경

• Virtual Box 4.2.12 설치

• Ubuntu Server 13.04 64 bits 설치

• VirtualBox의 가상 이미지 설정에서 "호스트 전용 어댑터" 네트워크 추가 후 Ubuntu Server 설치
• Ubuntu Server Network 설정

vi /etc/network/interfaces
    auto eth1
    iface eth1 inet static
            address 192.168.56.111
            netmask 255.255.255.0
            network 192.168.56.0
            broadcast 192.168.56.255
            gateway 192.168.56.1
            dns-nameservers 210.220.163.82 219.250.36.130
/etc/init.d/networking restart
vi /etc/hosts
    192.168.56.111    ucloud001.cloudserver.com    ucloud001

• Add Cloud Archive repository

vi /etc/apt/sources.list.d/grizzly.list
    deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main
apt-get install ubuntu-cloud-keyring

• Ubuntu Server를 최신 버전으로 upgrade

apt-get update
apt-get upgrade

• OpenSSH 설치

apt-get install ssh
/etc/init.d/ssh restart

Network Time Protocol (NTP) 설치

apt-get install -y ntp

• NTP Server in Controller node

vi /etc/ntp.conf
    server ntp.ubuntu.com                   //--- 이 라인 아래에 다음 2줄 추가
    server 127.127.1.0
    fudge 127.127.1.0 stratum 10
service  ntp  restart

• NTP Client

vi /etc/cron.daily/ntpdate
    mtpdate  $NTP_Server_IP
chown 755 /etc/cron.daily/ntpdate

MySQL 설치

• MySQL Server 5.5를 설치 합니다.

apt-get install python-mysqldb mysql-server

• vi /etc/mysql/my.cnf

### bind-address            = 127.0.0.1
bind-address            = 0.0.0.0

• MySQL에서 UTF-8 설정

service mysql restart

Messaging Server 설치

• RabbitMQ, Qpid, ZeroMQ(0MQ) 지원

• RabbitMQ 설치

apt-get install rabbitmq-server

keystone 설치

• keystone 설치

apt-get install keystone

• keystone용 MySQL Database 생성

mysql -uroot -p mysql
    create database keystone;
    insert into user (Host, User, Password)
           values ('localhost', 'keystone', password('~'));
    insert into db
           values ('localhost', 'keystone', 'keystone',
               'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
               'Y','Y','Y','Y','Y','Y','Y','Y','Y');
    commit;
    flush privileges;
    grant all privileges on keystone.* to keystone@localhost identified by '~';
    flush privileges;
    exit

• vi /etc/keystone/keystone.conf

admin_token = 012345SECRET99TOKEN012345

### connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:~@192.168.56.111/keystone

• keystone용 ssl encryption 생성

keystone-manage pki_setup
chown -R keystone:keystone /etc/keystone/*

• keystone과 database 초기화

rm /var/lib/keystone/keystone.db
service keystone restart
keystone-manage db_sync

• keystone용 환경 설정

vi ~/keystonerc01
### keystone --token 012345SECRET99TOKEN012345 --endpoint http://192.168.56.111:35357/v2.0 명령 인자
OS_SERVICE_TOKEN=012345SECRET99TOKEN012345 
OS_SERVICE_ENDPOINT=http://192.168.56.111:35357/v2.0

• tenant/role/user 설정

Tenant	Role	User
demo	admin	admin
service	admin	glance
service	admin	nova
service	admin	ec2
service	admin	swift

• demo/admin/admin 생성

keystone tenant-create --name demo --description "Default Tenant"
keystone tenant-list

keystone role-create --name admin
keystone role-list

keystone user-create --name=admin  --pass=~ --email=~
keystone user-role-add --user-id b76105241058494d95826fa888ca3082 --tenant-id 68291205399547a5ae968832d7e43690 --role-id 899e1e9f83264b2c9341cfddf183d1f1
keystone user-list

• service/admin/glance 생성

keystone tenant-create --name service --description "Service Tenant"
keystone user-create --name=glance --pass=~ --email=~
keystone user-role-add --user-id b8150b5941bb4531976d07549f33e79d --tenant-id 764424ad593a4484a53bd3119b103e34 --role-id 899e1e9f83264b2c9341cfddf183d1f1

• service/admin/nova 생성

keystone user-create --name=nova --pass=~ --email=~
keystone user-role-add --user-id 2cec4a4dd3ee4d1db9ae6067251fbd05 --tenant-id 764424ad593a4484a53bd3119b103e34 --role-id 899e1e9f83264b2c9341cfddf183d1f1

• service/admin/ec2 생성

keystone user-create --name=nova --pass=~ --email=~
keystone user-role-add --user-id d40df1a3840a41279b26a2d03ce2314b --tenant-id 764424ad593a4484a53bd3119b103e34 --role-id 899e1e9f83264b2c9341cfddf183d1f1

• service/admin/swift 생성

keystone user-create --name=swift --pass=~ --email=~
keystone user-role-add --user-id 5a0f6d1ea6d14bd9acf63b57e9030fa1 --tenant-id 764424ad593a4484a53bd3119b103e34 --role-id 899e1e9f83264b2c9341cfddf183d1f1

• service/endpoint 설정

region	service	publicurl	internalurl	adminurl
RegionOne	keystone	http://192.168.56.111:5000/v2.0	http://192.168.56.111:5000/v2.0	http://192.168.56.111:35357/v2.0
RegionOne	nova	http://192.168.56.111:8774/v2/%(tenant_id)s	http://192.168.56.111:8774/v2/%(tenant_id)s	http://192.168.56.111:8774/v2/%(tenant_id)s
RegionOne	volume	http://192.168.56.111:8776/v1/%(tenant_id)s	http://192.168.56.111:8776/v1/%(tenant_id)s	http://192.168.56.111:8776/v1/%(tenant_id)s
RegionOne	glance	http://192.168.56.111:9292	http://192.168.56.111:9292	http://192.168.56.111:9292
RegionOne	ec2	http://192.168.56.111:8773/services/Cloud	http://192.168.56.111:8773/services/Cloud	http://192.168.56.111:8773/services/Admin
RegionOne	swift	http://192.168.56.111:8888/v1/AUTH_%(tenant_id)s	http://192.168.56.111:8888/v1/AUTH_%(tenant_id)s	http://192.168.56.111:8888/v1/AUTH_%(tenant_id)s

• keystone(identity) 생성

keystone service-create --name=keystone --type=identity --description="Identity Service"
keystone service-list

keystone endpoint-create --region RegionOne --service-id=9f53cf77226248f691734378bd4a788c --publicurl=http://192.168.56.111:5000/v2.0 --internalurl=http://192.168.56.111:5000/v2.0 --adminurl=http://192.168.56.111:35357/v2.0
keystone endpoint-list

• nova(compute) 생성

keystone service-create --name=nova --type=compute --description="Compute Service"
keystone endpoint-create --region RegionOne --service-id=0ee45d97bd0a48fe92649bdd93084636 --publicurl='http://192.168.56.111:8774/v2/%(tenant_id)s' --internalurl='http://192.168.56.111:8774/v2/%(tenant_id)s' --adminurl='http://192.168.56.111:8774/v2/%(tenant_id)s'

• volume(volume) 생성

keystone service-create --name=volume --type=volume --description="Volume Service"
keystone endpoint-create --region RegionOne --service-id=2effffdef36247cd9ba5403eb5f603bb --publicurl='http://192.168.56.111:8776/v1/%(tenant_id)s' --internalurl='http://192.168.56.111:8776/v1/%(tenant_id)s' --adminurl='http://192.168.56.111:8776/v1/%(tenant_id)s'

• glance(image) 생성

keystone service-create --name=glance --type=image --description="Image Service"
keystone endpoint-create --region RegionOne --service-id=2096a0c8cd88411aac06a1c011cee3e4 --publicurl='http://192.168.56.111:9292' --internalurl='http://192.168.56.111:9292' --adminurl='http://192.168.56.111:9292'

• ec2(ec2) 생성

keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer"
keystone endpoint-create --region RegionOne --service-id=00f0ef589b11465b8f60f8f1ad530f47 --publicurl='http://192.168.56.111:8773/services/Cloud' --internalurl='http://192.168.56.111:8773/services/Cloud' --adminurl='http://192.168.56.111:8773/services/Admin'

• swift(object-store) 생성

keystone service-create --name=swift --type=object-store --description="Object Storage Service"
keystone endpoint-create --region RegionOne --service-id=44234ad3daf640f5b9bca60c4fef6268 --publicurl='http://192.168.56.111:8888/v1/AUTH_%(tenant_id)s' --internalurl='http://192.168.56.111:8888/v1' --adminurl='http://192.168.56.111:8888/v1/AUTH_%(tenant_id)s'

• keystone 서비스 확인

vi ~/keystonerc02
    export OS_USERNAME=admin
    export OS_PASSWORD=~
    export OS_TENANT_NAME=demo
    export OS_AUTH_URL=http://192.168.56.111:35357/v2.0

keystone --os-username=admin --os-password=~ --os-auth-url=http://192.168.56.111:35357/v2.0 token-get
keystone --os-username=admin --os-password=~ --os-tenant-name=demo --os-auth-url=http://192.168.56.111:35357/v2.0 token-get

glance 설치

• glance를 설치 합니다.

apt-get install glance
apt-get install python-keystone
#rm /var/lib/glance.sqlite

• MySQL에 glance user를 생성 합니다.

mysql -uroot -p mysql

   create database glance;
   insert into user (Host, User, Password)
          values ('localhost', 'glance', password('~'));
   insert into db
          values ('localhost', 'glance', 'glance',
              'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y',
              'Y','Y','Y','Y','Y','Y','Y','Y','Y');
   commit;
   flush privileges;
   grant all privileges on glance.* to glance@localhost identified by '~';
   flush privileges;
   exit

• vi /etc/glance/glance-api.conf

enable_v1_api = True
enable_v2_api = True

sql_connection = mysql://glance:~@192.168.56.111/glance

#--- 맨 마지막 라인에 다음을 추가하여 keystone을 통해 인증을 받도록 합니다.
flavor=keystone

• 서비스 재기동

service glance-api restart

• vi /etc/glance/glance-registry.conf

config_file = /etc/glance/glance-registry-paste.ini

sql_connection = mysql://glance:~@192.168.56.111/glance

#--- 맨 마지막 라인에 다음을 추가하여 keystone을 통해 인증을 받도록 합니다.
flavor=keystone

• vi /etc/glance/glance-registry-paste.ini

[pipeline:glance-registry-keystone]
pipeline = authtoken context registryapp

• 서비스 재기동

service glance-registry restart

• glance Database 초기화

glance-manage version_control 0
glance-manage db_sync

service glance-registry restart
service glance-api restart

• glance service 확인

• vi ~/glancerc

export OS_USERNAME=admin
export OS_PASSWORD=~
export OS_TENANT_NAME=service
export OS_AUTH_URL=http://192.168.56.111:35357/v2.0
export OS_REGION_NAME=RegionOne

• 테스트용 이미지 다운로드

mkdir /tmp/images
cd /tmp/images
wget http://www.jopenbusiness.com/images/ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz
tar -zxvf ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz
    //--- 아래의 5개의 파일이 생김
    ttylinux-uec-amd64-12.1_2.6.35-22_1-floppy
    ttylinux-uec-amd64-12.1_2.6.35-22_1.img
    ttylinux-uec-amd64-12.1_2.6.35-22_1-initrd
    ttylinux-uec-amd64-12.1_2.6.35-22_1-loader
    ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz

glance image-create --name="tty-linux-kernel" --disk-format=aki --container-format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
glance image-create --name="tty-linux-ramdisk" --disk-format=ari --container-format=ari < ttylinux-uec-amd64-12.1_2.6.35-22_1-loader
glance image-create --name="tty-linux" --disk-format=ami --container-format=ami < ttylinux-uec-amd64-12.1_2.6.35-22_1.img
glance image-list

Hypervisor 설치

Hypervisor 지원 여부 확인

• QEMU, KVM

• /lib/udev/rules.d/45-qemu-kvm.rules
• /dev/kvm
• vi /etc/nova/nova.conf

compute_driver=livirt.LibvirtDriver
libvirt_type=kvm

• KVM과 QEMU가 지원하는 virtual machine image format

• Raw, QEMU Copy-on-write (qcow2), VMWare virtual machine disk format (vmdk)

KVM

• VT (Virtualization Technology) 지원 여부 확인

apt-get install cpu
kvm-ok

egrep '(vmx|svm)' --color=always /proc/cpuinfo
//--- 필요한 경우 BIOS에서 VT support options을 켜세요.

lsmod | grep kvm
//--- kvm-intel, kvm-amd

• kvm-intel일 경우

modprobe kvm
modprobe kvm-intel

vi /etc/modules
   kvm
   kvm-intel

• kvm-amd일 경우

modprobe kvm
modprobe kvm-amd

vi /etc/modules
   kvm
   kbm-amd

• cpu model for kvm guest

• vi /usr/share/libvirt/cpu_map.xml
• vi /etc/nova/nova.conf

libvirt_cpu_mode = none, host-passthrough, hot-model, custom
libvirt_cpu_modle = pentium2          //--- libvirt_cpu_mode가 custom일 경우에만 사용

• /var/log/nova/nova_compute.log
• ls -l /dev/kvm의 group이 kvm이 아니면 udevadm trigger 명령 실행

QEMU

• vi /etc/nova/nova.conf

compute_driver=libvirt_LibvirtDriver
libvirt_type=qemu

• apt-get install questmount

XEN

• vi /etc/nova/nova.conf

compute_driver=xenapi.XenAPIDriver
xenapi_connection_url = http://
xenapi_connection_username = root
xenapi_connection_password = ~

• XenAPI가 지원하는 이미지 포맷 : Raw, VHD (image gzipped tarball)

• Xen Tools

• Xen Cloud Platform (XCP), GPL v2
• Citrix Xen Server

• XenAPI (xapi)

• PV (Paravirtualized)
• HVM (Hardware Virtualized)

• Tenant Network : Flat, FlatDHCP, VLAN

nova 설치

참고 문헌