OpenStack com Open vSwitch e SDN
Projeto em andamento com o aluno Rafael Turnes da Silveira.
Instalação
Controlador da nuvem (penny)
Configuração básica
Atualizando o sistema
apt-get update; apt-get upgrade; apt-get dist-upgrade</syntaxhighlight>
Configurando interfaces de rede - /etc/network/interfaces
auto lo
iface lo inet loopback
- OpenStack - Rede de gerenciamento
auto p5p1
iface p5p1 inet static
address 192.168.88.251
netmask 255.255.255.0
- OpenStack - Rede de configuração
auto p5p1:0
iface p5p1:0 inet static
address 192.168.89.251
netmask 255.255.255.0
- OpenStack - IFSC
auto em1
iface em1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
up ethtool -s em1 wol g
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br-ex
iface br-ex inet static
address 172.18.3.251
netmask 255.255.192.0
gateway 172.18.0.254
dns-nameservers 8.8.8.8 8.8.4.4
</syntaxhighlight>
Instalando e configurando NTP server
sudo apt-get install -y ntp
sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
service ntp restart
</syntaxhighlight>
Instalando e configurando MySQL
Instalando pacotes.
Durante a instalação será pedido para inserir uma senha de root.
sudo apt-get install -y python-mysqldb mysql-server</syntaxhighlight>
Mudando bind-address e aplicando a nova configuração
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
</syntaxhighlight>
Criando banco de dados
mysql -u root -p <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'novaUser'@'localhost' IDENTIFIED BY 'senha';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinderUser'@'localhost' IDENTIFIED BY 'senha';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glanceUser'@'localhost' IDENTIFIED BY 'senha';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystoneUser'@'localhost' IDENTIFIED BY 'senha';
CREATE DATABASE quantum;
GRANT ALL PRIVILEGES ON quantum.* TO 'quantumUser'@'localhost' IDENTIFIED BY 'senha';
FLUSH PRIVILEGES;
EOF
</syntaxhighlight>
Instalando servidor de fila de mensagem
sudo apt-get install rabbitmq-server
rabbitmqctl change_password guest NovaSenha
</syntaxhighlight>
OpenStack Identity Service (codenome Keystone)
Instalando Keystone
sudo apt-get install -y keystone python-keystone python-keystoneclient
sudo rm /var/lib/keystone/keystone.db
</syntaxhighlight>
Configurando Keystone
edit keystone files
Aplicando a nova configuração
service keystone restart
keystone-manage db_sync
</syntaxhighlight>
Criando tenants, usuários, roles, serviços e endpoints
- !/bin/bash
- Modify these variables as needed
ADMIN_PASSWORD=${ADMIN_PASSWORD:-senhaAdministrador}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-senhaServiço}
export OS_SERVICE_TOKEN="C8gqDVqW99pAY7yXewUy"
export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-nomeDoServiço}
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=localhost
MYSQL_PASSWORD=password
KEYSTONE_REGION=IFSC-SJ-01
KEYSTONE_HOST_EXT=172.18.3.251
KEYSTONE_HOST_INT=192.168.88.251
- Shortcut function to get a newly generated ID
function get_field() {
while read data; do
if [ "$1" -lt 0 ]; then
field="(\$(NF$1))"
else
field="\$$(($1 + 1))"
fi
echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
done
}
- Tenants
ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)
SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)
- Users
ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=rafael@turnes.com.br | grep " id " | get_field 2)
NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
QUANTUM_USER=$(keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)
- Roles
ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)
- Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
- Create services
COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2)
VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2)
IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2)
IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2)
EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2)
NETWORK_SERVICE=$(keystone service-create --name quantum --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)
- Create endpoints
keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9292' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9292' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9292'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST_INT"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST_INT"':5000/v2.0'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Cloud'
keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9696/' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9696/' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9696/'
</syntaxhighlight>
Testando OpenStack Identity Keystone
Criando um arquivo de credênciais
vim os.cred </syntaxhighlight>
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=senhaAdministrador
export OS_AUTH_URL="http://192.168.88.251:5000/v2.0/"
export OS_REGION_NAME=IFSC-SJ-01
</syntaxhighlight>
Listando usuários
root@penny:~# keystone user-list
+----------------------------------+---------+---------+--------------------------+
| id | name | enabled | email |
+----------------------------------+---------+---------+--------------------------+
| 0bcadb16258d4552839b9c776c89ff64 | admin | True | rafael@turnes.com.br |
| 23fd34f439484b73a6eea9913ac580ad | cinder | True | rafael@turnes.com.br |
| 54ac7e04ab2540ed9ef428ed11b8fbcd | ederson | True | boidacarapreta@gmail.com |
| 27d928bfefb84c0baefc0b13bcdd362a | glance | True | rafael@turnes.com.br |
| 773499148c564119b5e7e64d0c71bb3d | marcos | True | mmoecke@gmail.com |
| 61d08e2259e6403ba23918d87dea404b | nova | True | rafael@turnes.com.br |
| 853266dae4f2409dbc035b1b6cd928c8 | quantum | True | rafael@turnes.com.br |
| 45a33dbb899d4c199e961302796cb1a6 | rafael | True | rafael@turnes.com.br |
+----------------------------------+---------+---------+--------------------------+
</syntaxhighlight>
Listando serviços
root@penny:~# keystone service-list
+----------------------------------+----------+----------+------------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+------------------------------+
| c3350aeba89d47f88a1d6761cd74256b | cinder | volume | OpenStack Volume Service |
| f451c35c697a45b5b5e6a5bbe280d434 | ec2 | ec2 | OpenStack EC2 service |
| 4d467a606ff44050a9d8a687e1311831 | glance | image | OpenStack Image Service |
| ce703fa0839e4ad68b3bf1f7b48558c3 | keystone | identity | OpenStack Identity |
| 9a662cef4e8b4e5eb46e8678fd4ff8c8 | nova | compute | OpenStack Compute Service |
| 82a32e1fab37445c9388dc9b5634088a | quantum | network | OpenStack Networking service |
+----------------------------------+----------+----------+------------------------------+
</syntaxhighlight>
Listando roles
root@penny:~# keystone role-list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 746be8d87850406f8eb39aa4b5e55fa3 | Member |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| acaf9716ce20467a9b82578bf4baf534 | admin |
+----------------------------------+----------+
</syntaxhighlight>
Listando tenants
root@penny:~# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| f6dc2f9266f14b848b6e577b7024854a | IFSC | True |
| 4aaa0eb1b84d4405af0384a59053ac45 | admin | True |
| 68082d94500045c19e9bd40dd0b1cc7f | service | True |
+----------------------------------+---------+---------+
</syntaxhighlight>