OpenStack com Open vSwitch e SDN - Guia de Instalação
Projeto em andamento com o aluno Rafael Turnes da Silveira.
Instalação
Controlador da nuvem (penny)
Configuração básica
Atualizando o sistema
apt-get update; apt-get upgrade; apt-get dist-upgrade</syntaxhighlight>
Configurando interfaces de rede - /etc/network/interfaces
auto lo
iface lo inet loopback
- OpenStack - Rede de gerenciamento
auto p5p1
iface p5p1 inet static
address 192.168.88.251
netmask 255.255.255.0
- OpenStack - Rede de configuração
auto p5p1:0
iface p5p1:0 inet static
address 192.168.89.251
netmask 255.255.255.0
- OpenStack - IFSC
auto em1
iface em1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
up ethtool -s em1 wol g
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br-ex
iface br-ex inet static
address 172.18.3.251
netmask 255.255.192.0
gateway 172.18.0.254
dns-nameservers 8.8.8.8 8.8.4.4
</syntaxhighlight>
Instalando e configurando NTP server
sudo apt-get install -y ntp
sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
service ntp restart
</syntaxhighlight>
Instalando e configurando MySQL
Instalando pacotes.
Durante a instalação será pedido para inserir uma senha de root.
sudo apt-get install -y python-mysqldb mysql-server</syntaxhighlight>
Mudando bind-address e aplicando a nova configuração
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
</syntaxhighlight>
Criando banco de dados
mysql -u root -p <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '<password>';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '<password>';
FLUSH PRIVILEGES;
EOF
</syntaxhighlight>
Instalando servidor de fila de mensagem
sudo apt-get install rabbitmq-server
rabbitmqctl change_password guest NovaSenha
</syntaxhighlight>
OpenStack Identity Service (codenome Keystone)
Instalando Keystone
sudo apt-get install -y keystone python-keystone python-keystoneclient
sudo rm /var/lib/keystone/keystone.db
</syntaxhighlight>
Configurando Keystone
Editar os arquivos /etc/keystone/keystone.conf de acordo com Media:Keystone.zip
Aplicando a nova configuração
cd /etc/init.d/; for i in $( ls keystone-* ); do sudo service $i restart; done
keystone-manage db_sync
</syntaxhighlight>
Criando tenants, usuários, roles, serviços e endpoints
O código abaixo é um script retirado do site http://docs.openstack.org/ e adaptado.
- !/bin/bash
- Modify these variables as needed
ADMIN_PASSWORD=${ADMIN_PASSWORD:-<Password>}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-<Password>}
- DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
export OS_SERVICE_TOKEN="<tokenstring>"
export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=localhost
MYSQL_PASSWORD=password
KEYSTONE_REGION=IFSC-SJ-01
KEYSTONE_HOST_EXT=172.18.3.251
KEYSTONE_HOST_INT=192.168.88.251
- Shortcut function to get a newly generated ID
function get_field() {
while read data; do
if [ "$1" -lt 0 ]; then
field="(\$(NF$1))"
else
field="\$$(($1 + 1))"
fi
echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
done
}
- Tenants
ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)
- DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2)
SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)
- Users
ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=rafael@turnes.com.br | grep " id " | get_field 2)
- DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2)
NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
NEUTRON_USER=$(keystone user-create --name=neutron --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
- Roles
ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
- Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
- keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
- Create services
COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2)
VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2)
IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2)
IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2)
EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2)
NETWORK_SERVICE=$(keystone service-create --name neutron --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)
- Create endpoints
keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9292' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9292' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9292'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST_INT"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST_INT"':5000/v2.0'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Cloud'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9696/' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9696/' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9696/'
</syntaxhighlight>
Testando Keystone
Criando um arquivo de credênciais
vim os.cred </syntaxhighlight>
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=<senhaAdministrador>
export OS_AUTH_URL="http://192.168.88.251:5000/v2.0/"
export OS_REGION_NAME=IFSC-SJ-01
</syntaxhighlight>
source os.cred </syntaxhighlight>
Listando usuários
root@penny:~# keystone user-list
+----------------------------------+---------+---------+--------------------------+
| id | name | enabled | email |
+----------------------------------+---------+---------+--------------------------+
| 0bcadb16258d4552839b9c776c89ff64 | admin | True | rafael@turnes.com.br |
| 23fd34f439484b73a6eea9913ac580ad | cinder | True | rafael@turnes.com.br |
| 54ac7e04ab2540ed9ef428ed11b8fbcd | ederson | True | boidacarapreta@gmail.com |
| 27d928bfefb84c0baefc0b13bcdd362a | glance | True | rafael@turnes.com.br |
| 773499148c564119b5e7e64d0c71bb3d | marcos | True | mmoecke@gmail.com |
| 61d08e2259e6403ba23918d87dea404b | nova | True | rafael@turnes.com.br |
| 853266dae4f2409dbc035b1b6cd928c8 | neutron | True | rafael@turnes.com.br |
| 45a33dbb899d4c199e961302796cb1a6 | rafael | True | rafael@turnes.com.br |
+----------------------------------+---------+---------+--------------------------+
</syntaxhighlight>
Listando serviços
root@penny:~# keystone service-list
+----------------------------------+----------+----------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+------------------------------+
| c3350aeba89d47f88a1d6761cd74256b | cinder | volume | OpenStack Volume Service |
| f451c35c697a45b5b5e6a5bbe280d434 | ec2 | ec2 | OpenStack EC2 service |
| 4d467a606ff44050a9d8a687e1311831 | glance | image | OpenStack Image Service |
| ce703fa0839e4ad68b3bf1f7b48558c3 | keystone | identity | OpenStack Identity |
| 9a662cef4e8b4e5eb46e8678fd4ff8c8 | nova | compute | OpenStack Compute Service |
| 82a32e1fab37445c9388dc9b5634088a | neutron | network | OpenStack Networking service |
+----------------------------------+----------+----------+------------------------------+
</syntaxhighlight>
Listando roles
root@penny:~# keystone role-list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 746be8d87850406f8eb39aa4b5e55fa3 | Member |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| acaf9716ce20467a9b82578bf4baf534 | admin |
+----------------------------------+----------+
</syntaxhighlight>
Listando tenants
root@penny:~# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| f6dc2f9266f14b848b6e577b7024854a | IFSC | True |
| 4aaa0eb1b84d4405af0384a59053ac45 | admin | True |
| 68082d94500045c19e9bd40dd0b1cc7f | service | True |
+----------------------------------+---------+---------+
</syntaxhighlight>
OpenStack Imagine Service (codenome Glance)
Instalando Glance
apt-get -y install glance
</syntaxhighlight>
Configurando Glance
É necessário editar arquivos /etc/glance/glance-api.conf e /etc/glance/glance-registry.conf de acordo com Media:Glance.zip
rm /var/lib/glance/glance.sqlite
service glance-api restart && service glance-registry restart
glance-manage db_sync
</syntaxhighlight>
Testando Glance
Enviando uma imagem
mkdir /tmp/images
cd /tmp/images/
wget "http://uec-images.ubuntu.com/saucy/current/saucy-server-cloudimg-amd64-disk1.img"
glance image-create --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu Server 13.10" < saucy-server-cloudimg-amd64-disk1.img
</syntaxhighlight>
Listando imagens
root@penny:~# glance image-list
+--------------------------------------+---------------------+-------------+------------------+-----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------+-------------+------------------+-----------+--------+
| 5b9b1a48-fdd0-4c72-8ab5-0ac073072b39 | Ubuntu Server 13.04 | qcow2 | bare | 236519424 | active |
+--------------------------------------+---------------------+-------------+------------------+-----------+--------+
</syntaxhighlight>
OpenStack Block Storage service (codenome Cinder)
Instalando Cinder
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms python-cinderclient linux-headers-`uname -r`
</syntaxhighlight>
Configurando Cinder
Pré-configuração
sed -i 's/false/true/g' /etc/default/iscsitarget
service iscsitarget start
service open-iscsi start
pvcreate /dev/sda5
vgcreate cinder-volumes /dev/sda5
</syntaxhighlight>
Editando arquivos de configuração
Editar os arquivos /etc/cinder/cinder.conf e /etc/cinder/api-paste.ini de acordo com Media:Cinder.zip
Aplicando a nova configuração
cinder-manage db sync
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
</syntaxhighlight>
Testando Cinder
Criando volume
root@penny:~# cinder create --display-description "Primeiro Volume" 1
+---------------------+--------------------------------------+
| Property | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| created_at | 2013-10-21T20:41:58.711368 |
| display_description | Primeiro Volume |
| display_name | None |
| id | be57581f-70eb-4f9a-8884-57ae14d6bc60 |
| metadata | {} |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| volume_type | None |
+---------------------+--------------------------------------+
</syntaxhighlight>
Listando volume
root@penny:~# cinder list
</syntaxhighlight>
Deletando volume
root@penny:~# cinder delete 2da4b600-33f0-4576-b0ff-e3a3e8f95161
</syntaxhighlight>
OpenStack Networking Service (codenome Neutron)
Instalando Neutron
apt-get install -y neutron-server
</syntaxhighlight>
Instalando Open vSwitch
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
</syntaxhighlight>
Configuração do sistema
Adiconar no arquivo /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
</syntaxhighlight>
Aplicar a configuração
sysctl -p
service networking restart
</syntaxhighlight>
Configurando Neutron
É necessário editar arquivos /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini, /etc/neutron/api-paste.ini e /etc/neutron/neutron.conf de acordo com Media:Neutron.zip
Aplicando a nova configuração
cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done
</syntaxhighlight>
OpenStack Compute Service (codenome Nova)
Instalando Nova
apt-get install nova-novncproxy novnc nova-api nova-ajax-console-proxy nova-cert nova-conductor nova-consoleauth nova-doc nova-scheduler python-novaclient
</syntaxhighlight>
Configurando Nova
É necessário editar arquivos /etc/nova/api-paste.ini e /etc/nova/nova.conf. Media:Nova.zip
Aplicando a nova configuração
nova-manage db sync
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
</syntaxhighlight>
Verificando o serviço Nova
nova-manage service list
</syntaxhighlight>
OpenStack Dashboard (codenome Horizon)
Instalando Horizon
apt-get install memcached libapache2-mod-wsgi openstack-dashboard
</syntaxhighlight>
Caso queira remover o tema do ubuntu
dpkg --purge openstack-dashboard-ubuntu-theme
</syntaxhighlight>
Configurando Horizon
É necessário editar o arquivo /etc/openstack-dashboard/local_settings.py
Aplicando a nova configuração
service apache2 restart
service memcached restart
</syntaxhighlight>
Nós de computação (Penny e Howard)
Configuração básica
Atualizando o sistema
apt-get update; apt-get upgrade; apt-get dist-upgrade</syntaxhighlight>
Configurando interfaces de rede - /etc/network/interfaces
Penny
- This file describes the network interfaces available on your system
- and how to activate them. For more information, see interfaces(5).
- The loopback network interface
auto lo
iface lo inet loopback
- IFSC
auto em1
iface em1 inet static
address 172.18.3.252
netmask 255.255.192.0
gateway 172.18.0.254
dns-nameservers 8.8.8.8 8.8.4.4
up ethtool -s em1 wol g
- OpenStack Management
auto p5p1
iface p5p1 inet static
address 192.168.88.252
netmask 255.255.255.0
- OpenStack Network
auto p5p1:0
iface p5p1:0 inet static
address 192.168.89.252
netmask 255.255.255.0
</syntaxhighlight>
Howard
- This file describes the network interfaces available on your system
- and how to activate them. For more information, see interfaces(5).
- The loopback network interface
auto lo
iface lo inet loopback
- The primary network interface
auto em1
iface em1 inet static
address 172.18.3.250
netmask 255.255.192.0
gateway 172.18.0.254
dns-nameservers 8.8.8.8 4.4.4.4
up ethtool -s em1 wol g
- OpenStack Management
auto p5p1
iface p5p1 inet static
address 192.168.88.250
netmask 255.255.255.0
- OpenStack Network
auto p5p1:0
iface p5p1:0 inet static
address 192.168.89.250
netmask 255.255.255.0
</syntaxhighlight>
Instalando e configurando NTP server
sudo apt-get install -y ntp
sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
service ntp restart
</syntaxhighlight>
Instalando o VMM KVM
apt-get install -y cpu-checker
apt-get install -y kvm libvirt-bin pm-utils
kvm-ok
Editando KVM
/etc/libvirt/qemu.conf
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun"
]
</syntaxhighlight>
Deletar a bridge virtual padrão
virsh net-destroy default
virsh net-undefine default
</syntaxhighlight>
Habilitar migração em tempo real
/etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
</syntaxhighlight>
/etc/init/libvirt-bin.conf
env libvirtd_opts="-d -l"
</syntaxhighlight>
/etc/default/libvirt-bin
libvirtd_opts="-d -l"
</syntaxhighlight>
Reiniciar serviços do libvirt
service dbus restart && service libvirt-bin restart
</syntaxhighlight>
Instalando Open vSwitch
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
</syntaxhighlight>
Criando uma bridge
ovs-vsctl add-br br-int
</syntaxhighlight>
Instalando Neutron
apt-get -y install quantum-plugin-openvswitch-agent
</syntaxhighlight>
Edite os arquivos /etc/neutron/neutron.conf e /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
Reinicie o serviço Neutron
cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done
</syntaxhighlight>
Instalando Nova
apt-get install -y nova-compute-kvm
</syntaxhighlight>
Edite os arquivos /etc/nova/api-paste.ini, /etc/nova/nova-compute.conf e/etc/nova/nova.conf
Reinicie e liste os serviços Nova
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
nova-manage service list
</syntaxhighlight>