설치환경
Intel_32Core
32G memory
OS Ubuntu_16.04
의 환경에 서버 3대
openstack Version : ocata
network - ( 기본 문서에는 network 장치 2개를 이용해서 사용하는거 같은데 일단은 공인 IP만 eth0 장치로 설정하고 사용하고
추후 사설 IP가 필요하면 eth1을 추가해서 설정 하겠습니다.)
보안상의 이유로 공인 IP를 사용하였지만 192.168.5.0/24 대역을 사용한것 처럼 적었습니다.
eth0 : 192.168.5.0/24
eth1 : 10.0.0.0/24 - 추 후 할당 예정
host
# /etc/hosts
192.168.5.209 controller controller.test.com
192.168.5.206 compute compute.test.com
192.168.5.207 network network.test.com
* 본 문서는 Queens 가 나온 시점에서 작성 되었으며 작성자가 Queens를 구축하기에 앞서
안정화 버전인 Ocata 버전을 설치 및 구축하면서 기록으로 남겨 놓기 위한 문서 입니다.
혹시나 최신버전으로 구축을 원하시는 분은 참고만 하시거나 다른 문서를 찾으시길 바랍니다.
즉 ocata 버전을 설치할 예정 임.
UBT 16.04 -> ocata 설치 후
CentOS_7.3 or UBT 18.04 -> Queens 설치
=====================================================================================
#vi /etc/apt/sources.list -> daum.kakao 수정.
%s/kr.archive.ubuntu.com/ftp.daumkakao.com
apt-get update
=====================================================================================
#apt-get update && apt-get upgrade
#apt-get dist-upgrade -> 패키지 최신버전으로 업그레이드
=====================================================================================
cp: cannot stat '/etc/iscsi/initiatorname.iscsi': No such file or directory
Errors were encountered while processing:
open-iscsi
ubuntu-server
중간에 위와 같은 error 가 걸려서 iscsi 데몬 삭제 해줬습니다.
데몬은 설치 되어 있는데 /etc/iscsi 디렉토리가 없어서 던진거 같은데 어차피 나머지 버전 업그레이드는 잘 설치 되었지만
아직 필요없는 데몬이고 이따가 ocata 릴리즈 apt 저장소 받아올때 문제가 있으니 삭제 해버렸습니다.
#apt-get remove open-iscsi
=========================================================================================
#apt-get install chrony -y -> 타임서버 (NTP 데몬 설치)
#vi /etc/chrony/chrony.conf
#pool 2.debian.pool.ntp.org offline iburst -> 주석처리
server kr.pool.ntp.org -> 3줄 추가
server time.bora.net
server time.kornet.net
systemctl restart chrony
echo "192.168.5.209 controller controller.test.com
192.168.5.206 compute compute.test.com
192.168.5.207 network network.test.com" >> /etc/hosts
여기까지 3대 공통 사항
각 host 마다 위 hosts 내용대로 hostname 수정.
ex)
#echo controller > /etc/hostname
#echo compute > /etc/hostname
#echo network > /etc/hostname
#init 6
=====================================================================================
이하 Controller 에서 진행.
#1_MariaDB 10.0 설치
#apt install software-properties-common -y
#add-apt-repository cloud-archive:ocata
#apt update
#apt install mariadb-server python-pymysql
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libllvm4.0 libqmi-glib1
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient20 libterm-readkey-perl mariadb-client-10.0 mariadb-client-core-10.0 mariadb-common mariadb-server-10.0 mariadb-server-core-10.0
mysql-common
Suggested packages:
libmldbm-perl libnet-daemon-perl libsql-statement-perl libipc-sharedcache-perl mailx mariadb-test tinyca python-pymysql-doc
The following NEW packages will be installed:
libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient20 libterm-readkey-perl mariadb-client-10.0 mariadb-client-core-10.0 mariadb-common mariadb-server mariadb-server-10.0
mariadb-server-core-10.0 mysql-common python-pymysql
0 upgraded, 14 newly installed, 0 to remove and 12 not upgraded.
Need to get 16.3 MB of archives.
After this operation, 146 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up libhtml-template-perl (2.95-2) ...
Setting up mariadb-server (10.0.38-0ubuntu0.16.04.1) ...
Setting up python-pymysql (0.7.9-2~cloud0) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.15) ...
Processing triggers for ureadahead (0.100.0-19) ...
#dpkg -l | grep mariad
ii mariadb-client-10.0 10.0.38-0ubuntu0.16.04.1 amd64 MariaDB database client binaries
ii mariadb-client-core-10.0 10.0.38-0ubuntu0.16.04.1 amd64 MariaDB database core client binaries
ii mariadb-common 10.0.38-0ubuntu0.16.04.1 all MariaDB common metapackage
ii mariadb-server 10.0.38-0ubuntu0.16.04.1 all MariaDB database server (metapackage depending on the latest version)
ii mariadb-server-10.0 10.0.38-0ubuntu0.16.04.1 amd64 MariaDB database server binaries
ii mariadb-server-core-10.0 10.0.38-0ubuntu0.16.04.1 amd64 MariaDB database core server files
#vi /etc/mysql/mariadb.conf.d/50-server.cnf
bind-address = 192.168.5.207 로 변경
#systemctl restart mysql
#systemctl enable mysql
#mysql_secure_installation -> mysql 초기 패스워드 변경
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
#2_RabbitMQ 설치
apt install rabbitmq-server python-pymysql -y
dpkg -l grep rabbitmq
ii rabbitmq-server 3.5.7-1ubuntu0.16.04.2 all AMQP server written in Erlang
#3_Memcached 설치
# apt-get install memcached -y
Reading package lists... Done
libcache-memcached-perl libmemcached libanyevent-perl libyaml-perl
...
...
Processing triggers for systemd (229-4ubuntu21.15) ...
Processing triggers for ureadahead (0.100.0-19) ...
#dpkg -l | grep memcached
ii memcached 1.4.25-2ubuntu1.4 amd64 high-performance memory object caching system
* Feb 13 23:56:09 controller2 systemd[1]: Started memcached daemon.
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: perl: warning: Setting locale failed.
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: perl: warning: Please check that your locale settings:
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: LANGUAGE = "ko_KR:ko",
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: LC_ALL = (unset),
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: LANG = "ko.KR.utf8"
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: are supported and installed on your system.
Feb 13 23:56:09 controller2 systemd-memcached-wrapper[30079]: perl: warning: Falling back to the standard locale ("C").
4-2 keystone 서비스 설치 및 설정
# apt-get install software-properties-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
software-properties-common is already the newest version (0.96.20.8).
The following packages were automatically installed and are no longer required:
libllvm4.0 libqmi-glib1
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded. -> 이미 앞에서 설치가 되었음
# root@controller2:~# add-apt-repository cloud-archive:ocata
Ubuntu Cloud Archive for OpenStack Ocata
More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive
Press [ENTER] to continue or ctrl-c to cancel adding it
Reading package lists...
Building dependency tree...
Reading state information...
ubuntu-cloud-keyring is already the newest version (2012.08.14).
The following packages were automatically installed and are no longer required:
libllvm4.0 libqmi-glib1
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.
root@controller2:~# apt update
Hit:1 http://mirror.kakao.com/ubuntu xenial InRelease
Get:2 http://mirror.kakao.com/ubuntu xenial-updates InRelease [109 kB]
Get:3 http://mirror.kakao.com/ubuntu xenial-backports InRelease [107 kB]
Get:4 http://mirror.kakao.com/ubuntu xenial-security InRelease [109 kB]
Ign:5 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata InRelease
Get:6 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata Release [7,882 B]
Get:7 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata Release.gpg [543 B]
Fetched 334 kB in 4s (83.3 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
12 packages can be upgraded. Run 'apt list --upgradable' to see them. -> 역시 이미 앞에서 진행 했음
#root@controller2:~# apt-get install -y keystone python-openstackclient apache2 libapache2-mod-wsgi python-oauth2client
#dpkg -l | grep keystone
ii keystone 2:11.0.4-0ubuntu1~cloud0 all OpenStack identity service - Daemons
ii python-keystone 2:11.0.4-0ubuntu1~cloud0 all OpenStack identity service - Python library
ii python-keystoneauth1 2.18.0-0ubuntu2~cloud0 all authentication library for OpenStack Identity - Python 2.7
ii python-keystoneclient 1:3.10.0-0ubuntu1~cloud0 all client library for the OpenStack Keystone API - Python 2.x
ii python-keystonemiddleware 4.14.0-0ubuntu1.2~cloud0 all Middleware for OpenStack Identity (Keystone) - Python 2.x
4-2 keystone_project-user-role 생성
# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 56bf82ae35a24f579020d3e857c0fbb5 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
root@controller2:~#
root@controller2:~#
root@controller2:~# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 56bf82ae35a24f579020d3e857c0fbb5 | service |
| 9c6cec981893411b90c991adda41350e | admin |
+----------------------------------+---------+
root@controller2:~# openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
root@controller2:~# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | becd01785dff4c2d9ed91e83cc9ef5a5 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
root@controller2:~# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| becd01785dff4c2d9ed91e83cc9ef5a5 | demo |
| f10bf42001ec4c4d9870031ab3a92c71 | admin |
+----------------------------------+-------+
root@controller2:~#
root@controller2:~# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 71aa8df8c3154c8ba1ff56204ff6ea74 |
| name | user |
+-----------+----------------------------------+
root@controller2:~# openstack role list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 0fe19fb2f54d41f08c764bf3c798b656 | admin |
| 71aa8df8c3154c8ba1ff56204ff6ea74 | user |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+----------+
# openstack role add --project service --user demo user
# openstack role list --user demo --project service
Listing assignments using role list is deprecated. Use role assignment list --user <user-name> --project <project-name> --names instead.
+----------------------------------+------+---------+------+
| ID | Name | Project | User |
+----------------------------------+------+---------+------+
| 71aa8df8c3154c8ba1ff56204ff6ea74 | user | service | demo |
+----------------------------------+------+---------+------+
controller 서버에서 keystone 구성까지를 1장으로 마무리 하고
2장을 만들어서 glance 부터 다시 이어 가겠습니다.
아 빡세네 ...