Mudanças entre as edições de "OpenStack com Open vSwitch e SDN"

De MediaWiki do Campus São José
Ir para navegação Ir para pesquisar
Linha 160: Linha 160:
 
keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Cloud'
 
keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Cloud'
 
keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9696/' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9696/' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9696/'
 
keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9696/' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9696/' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9696/'
 +
</syntaxhighlight>
 +
===== Testando OpenStack Identity Keystone =====
 +
====== Criando um arquivo de credênciais  ======
 +
<code> vim os.cred </syntaxhighlight>
 +
<code>
 +
export OS_TENANT_NAME=admin
 +
export OS_USERNAME=admin
 +
export OS_PASSWORD=senhaAdministrador
 +
export OS_AUTH_URL="http://192.168.88.251:5000/v2.0/"
 +
export OS_REGION_NAME=IFSC-SJ-01
 +
</syntaxhighlight>
 +
====== Listando usuários ======
 +
<code>
 +
root@penny:~# keystone user-list
 +
+----------------------------------+---------+---------+--------------------------+
 +
|                id                |  name  | enabled |          email          |
 +
+----------------------------------+---------+---------+--------------------------+
 +
| 0bcadb16258d4552839b9c776c89ff64 |  admin  |  True  |  rafael@turnes.com.br  |
 +
| 23fd34f439484b73a6eea9913ac580ad |  cinder |  True  |  rafael@turnes.com.br  |
 +
| 54ac7e04ab2540ed9ef428ed11b8fbcd | ederson |  True  | boidacarapreta@gmail.com |
 +
| 27d928bfefb84c0baefc0b13bcdd362a |  glance |  True  |  rafael@turnes.com.br  |
 +
| 773499148c564119b5e7e64d0c71bb3d |  marcos |  True  |    mmoecke@gmail.com    |
 +
| 61d08e2259e6403ba23918d87dea404b |  nova  |  True  |  rafael@turnes.com.br  |
 +
| 853266dae4f2409dbc035b1b6cd928c8 | quantum |  True  |  rafael@turnes.com.br  |
 +
| 45a33dbb899d4c199e961302796cb1a6 |  rafael |  True  |  rafael@turnes.com.br  |
 +
+----------------------------------+---------+---------+--------------------------+
 +
</syntaxhighlight>
 +
====== Listando serviços ======
 +
<code>
 +
root@penny:~# keystone service-list
 +
+----------------------------------+----------+----------+------------------------------+
 +
|                id                |  name  |  type  |        description          |
 +
+----------------------------------+----------+----------+------------------------------+
 +
| c3350aeba89d47f88a1d6761cd74256b |  cinder  |  volume  |  OpenStack Volume Service  |
 +
| f451c35c697a45b5b5e6a5bbe280d434 |  ec2    |  ec2    |    OpenStack EC2 service    |
 +
| 4d467a606ff44050a9d8a687e1311831 |  glance  |  image  |  OpenStack Image Service    |
 +
| ce703fa0839e4ad68b3bf1f7b48558c3 | keystone | identity |      OpenStack Identity      |
 +
| 9a662cef4e8b4e5eb46e8678fd4ff8c8 |  nova  | compute  |  OpenStack Compute Service  |
 +
| 82a32e1fab37445c9388dc9b5634088a | quantum  | network  | OpenStack Networking service |
 +
+----------------------------------+----------+----------+------------------------------+
 +
</syntaxhighlight>
 +
====== Listando roles ======
 +
<code>
 +
root@penny:~# keystone role-list
 +
+----------------------------------+----------+
 +
|                id                |  name  |
 +
+----------------------------------+----------+
 +
| 746be8d87850406f8eb39aa4b5e55fa3 |  Member  |
 +
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
 +
| acaf9716ce20467a9b82578bf4baf534 |  admin  |
 +
+----------------------------------+----------+
 +
</syntaxhighlight>
 +
====== Listando tenants ======
 +
<code>
 +
root@penny:~# keystone  tenant-list
 +
+----------------------------------+---------+---------+
 +
|                id                |  name  | enabled |
 +
+----------------------------------+---------+---------+
 +
| f6dc2f9266f14b848b6e577b7024854a |  IFSC  |  True  |
 +
| 4aaa0eb1b84d4405af0384a59053ac45 |  admin  |  True  |
 +
| 68082d94500045c19e9bd40dd0b1cc7f | service |  True  |
 +
+----------------------------------+---------+---------+
 +
 
</syntaxhighlight>
 
</syntaxhighlight>

Edição das 15h08min de 21 de outubro de 2013

Projeto em andamento com o aluno Rafael Turnes da Silveira.



Instalação

Controlador da nuvem (penny)

Configuração básica

Atualizando o sistema

apt-get update; apt-get upgrade; apt-get dist-upgrade</syntaxhighlight>

Configurando interfaces de rede - /etc/network/interfaces

auto lo iface lo inet loopback

  1. OpenStack - Rede de gerenciamento

auto p5p1 iface p5p1 inet static 

       address 192.168.88.251
       netmask 255.255.255.0
  1. OpenStack - Rede de configuração

auto p5p1:0 iface p5p1:0 inet static 

       address 192.168.89.251
       netmask 255.255.255.0
  1. OpenStack - IFSC

auto em1 iface em1 inet manual 

       up ifconfig $IFACE 0.0.0.0 up
       up ip link set $IFACE promisc on
       up ethtool -s em1 wol g
       down ip link set $IFACE promisc off
       down ifconfig $IFACE down

auto br-ex iface br-ex inet static 

      address 172.18.3.251
      netmask 255.255.192.0
      gateway 172.18.0.254
      dns-nameservers 8.8.8.8 8.8.4.4

</syntaxhighlight>

Instalando e configurando NTP server

sudo apt-get install -y ntp sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf service ntp restart </syntaxhighlight>

Instalando e configurando MySQL
Instalando pacotes.

Durante a instalação será pedido para inserir uma senha de root. sudo apt-get install -y python-mysqldb mysql-server</syntaxhighlight>

Mudando bind-address e aplicando a nova configuração

sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf service mysql restart </syntaxhighlight>

Criando banco de dados

mysql -u root -p <<EOF CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'novaUser'@'localhost' IDENTIFIED BY 'senha'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinderUser'@'localhost' IDENTIFIED BY 'senha'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glanceUser'@'localhost' IDENTIFIED BY 'senha'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystoneUser'@'localhost' IDENTIFIED BY 'senha'; CREATE DATABASE quantum; GRANT ALL PRIVILEGES ON quantum.* TO 'quantumUser'@'localhost' IDENTIFIED BY 'senha'; FLUSH PRIVILEGES; EOF </syntaxhighlight>

Instalando servidor de fila de mensagem

sudo apt-get install rabbitmq-server rabbitmqctl change_password guest NovaSenha </syntaxhighlight>

OpenStack Identity Service (codenome Keystone)

Instalando Keystone

sudo apt-get install -y keystone python-keystone python-keystoneclient sudo rm /var/lib/keystone/keystone.db </syntaxhighlight>

Configurando Keystone

edit keystone files

Aplicando a nova configuração

service keystone restart keystone-manage db_sync </syntaxhighlight>

Criando tenants, usuários, roles, serviços e endpoints

  1. !/bin/bash
  1. Modify these variables as needed

ADMIN_PASSWORD=${ADMIN_PASSWORD:-senhaAdministrador} SERVICE_PASSWORD=${SERVICE_PASSWORD:-senhaServiço} export OS_SERVICE_TOKEN="C8gqDVqW99pAY7yXewUy" export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0" SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-nomeDoServiço}

MYSQL_USER=keystone MYSQL_DATABASE=keystone MYSQL_HOST=localhost MYSQL_PASSWORD=password

KEYSTONE_REGION=IFSC-SJ-01 KEYSTONE_HOST_EXT=172.18.3.251 KEYSTONE_HOST_INT=192.168.88.251

  1. Shortcut function to get a newly generated ID

function get_field() { 

   while read data; do
       if [ "$1" -lt 0 ]; then
           field="(\$(NF$1))"
       else
           field="\$$(($1 + 1))"
       fi
       echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
   done

}

  1. Tenants

ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2) SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)

  1. Users

ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=rafael@turnes.com.br | grep " id " | get_field 2) NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2) GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2) QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2) CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)

  1. Roles

ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2) MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)

  1. Add Roles to Users in Tenants

keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE

  1. Create services

COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2) VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2) IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2) IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2) EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2) NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)

  1. Create endpoints

keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s' keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s' keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9292' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9292' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9292' keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST_INT"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST_INT"':5000/v2.0' keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Cloud' keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9696/' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9696/' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9696/' </syntaxhighlight>

Testando OpenStack Identity Keystone
Criando um arquivo de credênciais

vim os.cred </syntaxhighlight> export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=senhaAdministrador export OS_AUTH_URL="http://192.168.88.251:5000/v2.0/" export OS_REGION_NAME=IFSC-SJ-01 </syntaxhighlight>

Listando usuários

root@penny:~# keystone user-list +----------------------------------+---------+---------+--------------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+--------------------------+ | 0bcadb16258d4552839b9c776c89ff64 | admin | True | rafael@turnes.com.br | | 23fd34f439484b73a6eea9913ac580ad | cinder | True | rafael@turnes.com.br | | 54ac7e04ab2540ed9ef428ed11b8fbcd | ederson | True | boidacarapreta@gmail.com | | 27d928bfefb84c0baefc0b13bcdd362a | glance | True | rafael@turnes.com.br | | 773499148c564119b5e7e64d0c71bb3d | marcos | True | mmoecke@gmail.com | | 61d08e2259e6403ba23918d87dea404b | nova | True | rafael@turnes.com.br | | 853266dae4f2409dbc035b1b6cd928c8 | quantum | True | rafael@turnes.com.br | | 45a33dbb899d4c199e961302796cb1a6 | rafael | True | rafael@turnes.com.br | +----------------------------------+---------+---------+--------------------------+ </syntaxhighlight>

Listando serviços

root@penny:~# keystone service-list +----------------------------------+----------+----------+------------------------------+ | id | name | type | description | +----------------------------------+----------+----------+------------------------------+ | c3350aeba89d47f88a1d6761cd74256b | cinder | volume | OpenStack Volume Service | | f451c35c697a45b5b5e6a5bbe280d434 | ec2 | ec2 | OpenStack EC2 service | | 4d467a606ff44050a9d8a687e1311831 | glance | image | OpenStack Image Service | | ce703fa0839e4ad68b3bf1f7b48558c3 | keystone | identity | OpenStack Identity | | 9a662cef4e8b4e5eb46e8678fd4ff8c8 | nova | compute | OpenStack Compute Service | | 82a32e1fab37445c9388dc9b5634088a | quantum | network | OpenStack Networking service | +----------------------------------+----------+----------+------------------------------+ </syntaxhighlight>

Listando roles

root@penny:~# keystone role-list +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | 746be8d87850406f8eb39aa4b5e55fa3 | Member | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | acaf9716ce20467a9b82578bf4baf534 | admin | +----------------------------------+----------+ </syntaxhighlight>

Listando tenants

root@penny:~# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | f6dc2f9266f14b848b6e577b7024854a | IFSC | True | | 4aaa0eb1b84d4405af0384a59053ac45 | admin | True | | 68082d94500045c19e9bd40dd0b1cc7f | service | True | +----------------------------------+---------+---------+

</syntaxhighlight>

Disponível em “https://wiki.sj.ifsc.edu.br/index.php?title=OpenStack_com_Open_vSwitch_e_SDN&oldid=61161