OpenStack com Open vSwitch e SDN - Guia de Instalação

De MediaWiki do Campus São José
Revisão de 14h55min de 13 de março de 2014 por Rafael.ts (discussão | contribs) (Instalação)
(dif) ← Edição anterior | Revisão atual (dif) | Versão posterior → (dif)
Ir para: navegação, pesquisa

Projeto em andamento com o aluno Rafael Turnes da Silveira.



Índice

Instalação

Controlador da nuvem (penny)

Configuração básica

Atualizando o sistema

apt-get update; apt-get upgrade; apt-get dist-upgrade</syntaxhighlight>

Configurando interfaces de rede - /etc/network/interfaces

auto lo iface lo inet loopback

  1. OpenStack - Rede de gerenciamento

auto p5p1 iface p5p1 inet static

       address 192.168.88.251
       netmask 255.255.255.0
  1. OpenStack - Rede de configuração

auto p5p1:0 iface p5p1:0 inet static

       address 192.168.89.251
       netmask 255.255.255.0
  1. OpenStack - IFSC

auto em1 iface em1 inet manual

       up ifconfig $IFACE 0.0.0.0 up
       up ip link set $IFACE promisc on
       up ethtool -s em1 wol g
       down ip link set $IFACE promisc off
       down ifconfig $IFACE down

auto br-ex iface br-ex inet static

      address 172.18.3.251
      netmask 255.255.192.0
      gateway 172.18.0.254
      dns-nameservers 8.8.8.8 8.8.4.4

</syntaxhighlight>

Instalando e configurando NTP server

sudo apt-get install -y ntp sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf service ntp restart </syntaxhighlight>

Instalando e configurando MySQL
Instalando pacotes.

Durante a instalação será pedido para inserir uma senha de root. sudo apt-get install -y python-mysqldb mysql-server</syntaxhighlight>

Mudando bind-address e aplicando a nova configuração

sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf service mysql restart </syntaxhighlight>

Criando banco de dados

mysql -u root -p <<EOF CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '<password>'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '<password>'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '<password>'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '<password>'; CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '<password>'; FLUSH PRIVILEGES; EOF </syntaxhighlight>

Instalando servidor de fila de mensagem

sudo apt-get install rabbitmq-server rabbitmqctl change_password guest NovaSenha </syntaxhighlight>

OpenStack Identity Service (codenome Keystone)

Instalando Keystone

sudo apt-get install -y keystone python-keystone python-keystoneclient sudo rm /var/lib/keystone/keystone.db </syntaxhighlight>

Configurando Keystone

Editar os arquivos /etc/keystone/keystone.conf de acordo com Media:Keystone.zip

Aplicando a nova configuração

cd /etc/init.d/; for i in $( ls keystone-* ); do sudo service $i restart; done keystone-manage db_sync </syntaxhighlight>

Criando tenants, usuários, roles, serviços e endpoints

O código abaixo é um script retirado do site http://docs.openstack.org/ e adaptado.

  1. !/bin/bash
  1. Modify these variables as needed

ADMIN_PASSWORD=${ADMIN_PASSWORD:-<Password>} SERVICE_PASSWORD=${SERVICE_PASSWORD:-<Password>}

  1. DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}

export OS_SERVICE_TOKEN="<tokenstring>" export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0" SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}

MYSQL_USER=keystone MYSQL_DATABASE=keystone MYSQL_HOST=localhost MYSQL_PASSWORD=password

KEYSTONE_REGION=IFSC-SJ-01 KEYSTONE_HOST_EXT=172.18.3.251 KEYSTONE_HOST_INT=192.168.88.251

  1. Shortcut function to get a newly generated ID

function get_field() {

   while read data; do
       if [ "$1" -lt 0 ]; then
           field="(\$(NF$1))"
       else
           field="\$$(($1 + 1))"
       fi
       echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
   done

}

  1. Tenants

ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id " | get_field 2)

  1. DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id " | get_field 2)

SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME | grep " id " | get_field 2)

  1. Users

ADMIN_USER=$(keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=rafael@turnes.com.br | grep " id " | get_field 2)

  1. DEMO_USER=$(keystone user-create --name=demo --pass="$DEMO_PASSWORD" --email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id " | get_field 2)

NOVA_USER=$(keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2) GLANCE_USER=$(keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2) NEUTRON_USER=$(keystone user-create --name=neutron --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2) CINDER_USER=$(keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=rafael@turnes.com.br | grep " id " | get_field 2)

  1. Roles

ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2) MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)

  1. Add Roles to Users in Tenants

keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE

  1. keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER --role-id $MEMBER_ROLE
  1. Create services

COMPUTE_SERVICE=$(keystone service-create --name nova --type compute --description 'OpenStack Compute Service' | grep " id " | get_field 2) VOLUME_SERVICE=$(keystone service-create --name cinder --type volume --description 'OpenStack Volume Service' | grep " id " | get_field 2) IMAGE_SERVICE=$(keystone service-create --name glance --type image --description 'OpenStack Image Service' | grep " id " | get_field 2) IDENTITY_SERVICE=$(keystone service-create --name keystone --type identity --description 'OpenStack Identity' | grep " id " | get_field 2) EC2_SERVICE=$(keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' | grep " id " | get_field 2) NETWORK_SERVICE=$(keystone service-create --name neutron --type network --description 'OpenStack Networking service' | grep " id " | get_field 2)

  1. Create endpoints

keystone endpoint-create --region $KEYSTONE_REGION --service-id $COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8774/v2/$(tenant_id)s' keystone endpoint-create --region $KEYSTONE_REGION --service-id $VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8776/v1/$(tenant_id)s' keystone endpoint-create --region $KEYSTONE_REGION --service-id $IMAGE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9292' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9292' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9292' keystone endpoint-create --region $KEYSTONE_REGION --service-id $IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':5000/v2.0' --adminurl 'http://'"$KEYSTONE_HOST_INT"':35357/v2.0' --internalurl 'http://'"$KEYSTONE_HOST_INT"':5000/v2.0' keystone endpoint-create --region $KEYSTONE_REGION --service-id $EC2_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':8773/services/Cloud' --adminurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Admin' --internalurl 'http://'"$KEYSTONE_HOST_INT"':8773/services/Cloud' keystone endpoint-create --region $KEYSTONE_REGION --service-id $NETWORK_SERVICE --publicurl 'http://'"$KEYSTONE_HOST_EXT"':9696/' --adminurl 'http://'"$KEYSTONE_HOST_INT"':9696/' --internalurl 'http://'"$KEYSTONE_HOST_INT"':9696/' </syntaxhighlight>

Testando Keystone
Criando um arquivo de credênciais

vim os.cred </syntaxhighlight> export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=<senhaAdministrador> export OS_AUTH_URL="http://192.168.88.251:5000/v2.0/" export OS_REGION_NAME=IFSC-SJ-01 </syntaxhighlight> source os.cred </syntaxhighlight>

Listando usuários

root@penny:~# keystone user-list +----------------------------------+---------+---------+--------------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+--------------------------+ | 0bcadb16258d4552839b9c776c89ff64 | admin | True | rafael@turnes.com.br | | 23fd34f439484b73a6eea9913ac580ad | cinder | True | rafael@turnes.com.br | | 54ac7e04ab2540ed9ef428ed11b8fbcd | ederson | True | boidacarapreta@gmail.com | | 27d928bfefb84c0baefc0b13bcdd362a | glance | True | rafael@turnes.com.br | | 773499148c564119b5e7e64d0c71bb3d | marcos | True | mmoecke@gmail.com | | 61d08e2259e6403ba23918d87dea404b | nova | True | rafael@turnes.com.br | | 853266dae4f2409dbc035b1b6cd928c8 | neutron | True | rafael@turnes.com.br | | 45a33dbb899d4c199e961302796cb1a6 | rafael | True | rafael@turnes.com.br | +----------------------------------+---------+---------+--------------------------+ </syntaxhighlight>

Listando serviços

root@penny:~# keystone service-list +----------------------------------+----------+----------+------------------------------+ | id | name | type | description | +----------------------------------+----------+----------+------------------------------+ | c3350aeba89d47f88a1d6761cd74256b | cinder | volume | OpenStack Volume Service | | f451c35c697a45b5b5e6a5bbe280d434 | ec2 | ec2 | OpenStack EC2 service | | 4d467a606ff44050a9d8a687e1311831 | glance | image | OpenStack Image Service | | ce703fa0839e4ad68b3bf1f7b48558c3 | keystone | identity | OpenStack Identity | | 9a662cef4e8b4e5eb46e8678fd4ff8c8 | nova | compute | OpenStack Compute Service | | 82a32e1fab37445c9388dc9b5634088a | neutron | network | OpenStack Networking service | +----------------------------------+----------+----------+------------------------------+ </syntaxhighlight>

Listando roles

root@penny:~# keystone role-list +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | 746be8d87850406f8eb39aa4b5e55fa3 | Member | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | acaf9716ce20467a9b82578bf4baf534 | admin | +----------------------------------+----------+ </syntaxhighlight>

Listando tenants

root@penny:~# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | f6dc2f9266f14b848b6e577b7024854a | IFSC | True | | 4aaa0eb1b84d4405af0384a59053ac45 | admin | True | | 68082d94500045c19e9bd40dd0b1cc7f | service | True | +----------------------------------+---------+---------+ </syntaxhighlight>

OpenStack Imagine Service (codenome Glance)

Instalando Glance

apt-get -y install glance </syntaxhighlight>

Configurando Glance

É necessário editar arquivos /etc/glance/glance-api.conf e /etc/glance/glance-registry.conf de acordo com Media:Glance.zip

rm /var/lib/glance/glance.sqlite service glance-api restart && service glance-registry restart glance-manage db_sync </syntaxhighlight>

Testando Glance
Enviando uma imagem

mkdir /tmp/images cd /tmp/images/ wget "http://uec-images.ubuntu.com/saucy/current/saucy-server-cloudimg-amd64-disk1.img" glance image-create --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu Server 13.10" < saucy-server-cloudimg-amd64-disk1.img </syntaxhighlight>

Listando imagens

root@penny:~# glance image-list +--------------------------------------+---------------------+-------------+------------------+-----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------------------+-------------+------------------+-----------+--------+ | 5b9b1a48-fdd0-4c72-8ab5-0ac073072b39 | Ubuntu Server 13.04 | qcow2 | bare | 236519424 | active | +--------------------------------------+---------------------+-------------+------------------+-----------+--------+ </syntaxhighlight>

OpenStack Block Storage service (codenome Cinder)

Instalando Cinder

apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms python-cinderclient linux-headers-`uname -r` </syntaxhighlight>

Configurando Cinder
Pré-configuração

sed -i 's/false/true/g' /etc/default/iscsitarget service iscsitarget start service open-iscsi start pvcreate /dev/sda5 vgcreate cinder-volumes /dev/sda5 </syntaxhighlight>

Editando arquivos de configuração

Editar os arquivos /etc/cinder/cinder.conf e /etc/cinder/api-paste.ini de acordo com Media:Cinder.zip

Aplicando a nova configuração

cinder-manage db sync cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done </syntaxhighlight>

Testando Cinder
Criando volume

root@penny:~# cinder create --display-description "Primeiro Volume" 1 +---------------------+--------------------------------------+ | Property | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | created_at | 2013-10-21T20:41:58.711368 | | display_description | Primeiro Volume | | display_name | None | | id | be57581f-70eb-4f9a-8884-57ae14d6bc60 | | metadata | {} | | size | 1 | | snapshot_id | None | | source_volid | None | | status | creating | | volume_type | None | +---------------------+--------------------------------------+

</syntaxhighlight>

Listando volume

root@penny:~# cinder list </syntaxhighlight>

Deletando volume

root@penny:~# cinder delete 2da4b600-33f0-4576-b0ff-e3a3e8f95161 </syntaxhighlight>

OpenStack Networking Service (codenome Neutron)

Instalando Neutron

apt-get install -y neutron-server </syntaxhighlight>

Instalando Open vSwitch

apt-get install -y openvswitch-switch openvswitch-datapath-dkms </syntaxhighlight>

Configuração do sistema

Adiconar no arquivo /etc/sysctl.conf net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 </syntaxhighlight> Aplicar a configuração sysctl -p service networking restart </syntaxhighlight>

Configurando Neutron

É necessário editar arquivos /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini, /etc/neutron/api-paste.ini e /etc/neutron/neutron.conf de acordo com Media:Neutron.zip

Aplicando a nova configuração

cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done </syntaxhighlight>

OpenStack Compute Service (codenome Nova)

Instalando Nova

apt-get install nova-novncproxy novnc nova-api nova-ajax-console-proxy nova-cert nova-conductor nova-consoleauth nova-doc nova-scheduler python-novaclient </syntaxhighlight>

Configurando Nova

É necessário editar arquivos /etc/nova/api-paste.ini e /etc/nova/nova.conf. Media:Nova.zip

Aplicando a nova configuração

nova-manage db sync cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done </syntaxhighlight>

Verificando o serviço Nova

nova-manage service list </syntaxhighlight>

OpenStack Dashboard (codenome Horizon)

Instalando Horizon

apt-get install memcached libapache2-mod-wsgi openstack-dashboard </syntaxhighlight> Caso queira remover o tema do ubuntu dpkg --purge openstack-dashboard-ubuntu-theme </syntaxhighlight>

Configurando Horizon

É necessário editar o arquivo /etc/openstack-dashboard/local_settings.py

Aplicando a nova configuração

service apache2 restart service memcached restart </syntaxhighlight>

Nós de computação (Penny e Howard)

Configuração básica

Atualizando o sistema

apt-get update; apt-get upgrade; apt-get dist-upgrade</syntaxhighlight>

Configurando interfaces de rede - /etc/network/interfaces

Penny

  1. This file describes the network interfaces available on your system
  2. and how to activate them. For more information, see interfaces(5).
  1. The loopback network interface

auto lo iface lo inet loopback

  1. IFSC

auto em1 iface em1 inet static

       address 172.18.3.252
       netmask 255.255.192.0
       gateway 172.18.0.254
       dns-nameservers 8.8.8.8 8.8.4.4
       up ethtool -s em1 wol g
  1. OpenStack Management

auto p5p1 iface p5p1 inet static

       address 192.168.88.252
       netmask 255.255.255.0
  1. OpenStack Network

auto p5p1:0 iface p5p1:0 inet static

       address 192.168.89.252
       netmask 255.255.255.0

</syntaxhighlight> Howard

  1. This file describes the network interfaces available on your system
  2. and how to activate them. For more information, see interfaces(5).
  1. The loopback network interface

auto lo iface lo inet loopback

  1. The primary network interface

auto em1 iface em1 inet static

       address 172.18.3.250
       netmask 255.255.192.0
       gateway 172.18.0.254
       dns-nameservers 8.8.8.8 4.4.4.4
       up ethtool -s em1 wol g
  1. OpenStack Management

auto p5p1 iface p5p1 inet static

       address 192.168.88.250
       netmask 255.255.255.0
  1. OpenStack Network

auto p5p1:0 iface p5p1:0 inet static

       address 192.168.89.250
       netmask 255.255.255.0

</syntaxhighlight>

Instalando e configurando NTP server

sudo apt-get install -y ntp sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf service ntp restart </syntaxhighlight>

Instalando o VMM KVM

apt-get install -y cpu-checker apt-get install -y kvm libvirt-bin pm-utils kvm-ok

Editando KVM

/etc/libvirt/qemu.conf cgroup_device_acl = [ "/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc", "/dev/hpet","/dev/net/tun" ] </syntaxhighlight> Deletar a bridge virtual padrão virsh net-destroy default virsh net-undefine default </syntaxhighlight> Habilitar migração em tempo real /etc/libvirt/libvirtd.conf listen_tls = 0 listen_tcp = 1 auth_tcp = "none" </syntaxhighlight> /etc/init/libvirt-bin.conf env libvirtd_opts="-d -l" </syntaxhighlight> /etc/default/libvirt-bin libvirtd_opts="-d -l" </syntaxhighlight> Reiniciar serviços do libvirt service dbus restart && service libvirt-bin restart </syntaxhighlight>

Instalando Open vSwitch

apt-get install -y openvswitch-switch openvswitch-datapath-dkms </syntaxhighlight> Criando uma bridge ovs-vsctl add-br br-int </syntaxhighlight>

Instalando Neutron

apt-get -y install quantum-plugin-openvswitch-agent </syntaxhighlight> Edite os arquivos /etc/neutron/neutron.conf e /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

Reinicie o serviço Neutron cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done </syntaxhighlight>

Instalando Nova

apt-get install -y nova-compute-kvm </syntaxhighlight> Edite os arquivos /etc/nova/api-paste.ini, /etc/nova/nova-compute.conf e/etc/nova/nova.conf Reinicie e liste os serviços Nova cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done nova-manage service list </syntaxhighlight>