Packstack คืออะไร
Packstack คือ เครื่องมือที่ใช้สำหรับการติดตั้ง Openstack แบบ Cluster สามารถติดตั้งแบบ all-in-one เพื่อให้เราสามารถเรียนรู้การใช้งาน หรือจะติดตั้งแบบ multinode เพื่อใช้งานได้ด้วยการสร้างและปรับแต่งค่าของ answerfille เบื้องหลังการทำงานจะใช้ config management แบบ Puppet ที่มี puppet module ทำหน้าเป็น template สำหรับการติดตั้ง openstack หลังจากติดตั้งแล้วสามารถดูได้ที่ /usr/share/openstack-puppet/modules/
$ ls /usr/share/openstack-puppet/modules/ aodh elasticsearch java module-data openstacklib ssh uchiwa apache firewall kafka mongodb pacemaker staging vcsrepo cassandra fluentd keepalived mysql packstack stdlib vlan ceilometer git keystone n1k_vsm qpid swift vswitch ceph glance kibana3 nagios rabbitmq sysctl xinetd certmonger gnocchi kmod neutron redis tempest zaqar cinder haproxy manila nova remote timezone zookeeper concat heat memcached nssdb rsync tomcat contrail horizon midonet ntp sahara tripleo corosync inifile mistral opendaylight sensu trove datacat ironic module-collectd openstack_extras snmp tuskar
เตรียม infrastructure
สร้าง directory ชื่อ openstack และภายในมี Vagrantfile ดังนี้
Vagrantfile
# -*- mode: ruby -*- # vi: set ft=ruby : $script = <<SCRIPT echo "run provisioning..." echo 'root:password' | sudo chpasswd sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 yum install -y epel-release yum install -y centos-release-openstack-mitaka yum update -y yum install -y openstack-packstack SCRIPT Vagrant.configure("2") do |config| config.vm.box = "centos/7" config.vm.define :controller do |node| node.vm.network :private_network, :ip => "10.0.0.10" node.vm.network :private_network, :ip => "20.0.0.10" node.vm.provider :libvirt do |domain| domain.uri = 'qemu+unix:///system' domain.driver = 'kvm' domain.host = "server1.example.com" domain.memory = 8192 domain.cpus = 4 domain.nested = true domain.volume_cache = 'none' domain.storage :file, :size => '20G' end node.vm.provision "shell", inline: $script end config.vm.define :compute do |node| node.vm.network :private_network, :ip => "10.0.0.11" node.vm.network :private_network, :ip => "20.0.0.11" node.vm.provider :libvirt do |domain| domain.uri = 'qemu+unix:///system' domain.driver = 'kvm' domain.host = "server2.example.com" domain.memory = 4096 domain.cpus = 2 domain.nested = true domain.volume_cache = 'none' end node.vm.provision "shell", inline: $script end end
$ vagrant up --provider libvirt $ vagrant status Current machine states: controller running (libvirt) compute running (libvirt) $ vagrant halt $ vagrant up $ vagrant ssh controller $ sudo su - $ getenforce Disabled $ sudo systemctl disable firewalld $ sudo systemctl stop firewalld $ sudo systemctl disable NetworkManager $ sudo systemctl stop NetworkManager $ sudo systemctl enable network $ sudo systemctl start network
เตรียม cinder list
Cinder Service กำหนดให้ใช้ disk จาก volume group ที่ชื่อ cinder-volumes และใน config Vagrant ได้มีการเพิ่ม disk ให้แก่ vm 1 ลูก mount อยู่ที่ /dev/vdb
$ sudo su - # fdisk -l | grep vdb # Disk /dev/vdb: 21.5 GB, 21474836480 bytes, 41943040 sectors # pvcreate /dev/vdb # vgcreate cinder-volumes /dev/vdb # vgs VG #PV #LV #SN Attr VSize VFree VolGroup00 1 2 0 wz--n- 39.50g 320.00m cinder-volumes 1 0 0 wz--n- 20.00g 20.00g
สร้างไฟล์ answerfile001.txt จากคำสั่ง packstack
# cd /root # packstack --gen-answer-file answerfile001.txt # ip a s eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:b5:b5:fa brd ff:ff:ff:ff:ff:ff inet 192.168.121.147/24 brd 192.168.121.255 scope global dynamic eth0 valid_lft 1808sec preferred_lft 1808sec inet6 fe80::5054:ff:feb5:b5fa/64 scope link valid_lft forever preferred_lft forever # ip a s eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:7b:64:20 brd ff:ff:ff:ff:ff:ff inet 10.0.0.10/24 brd 10.0.0.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe7b:6420/64 scope link valid_lft forever preferred_lft forever
แก้ ip ของ management network
packstack จะทำการเอาค่า ip จาก eth0 มาเป็นค่าของ management ip ซึ่งคือ 192.168.121.147 ค่า ip จะเป็นค่าที่อยู่ใน answerfile001.txt
# grep HOST answerfile001.txt CONFIG_CONTROLLER_HOST=192.168.121.9 CONFIG_COMPUTE_HOSTS=192.168.121.9 CONFIG_NETWORK_HOSTS=192.168.121.9 CONFIG_VCENTER_HOST= CONFIG_STORAGE_HOST=192.168.121.9 CONFIG_SAHARA_HOST=192.168.121.9 CONFIG_AMQP_HOST=192.168.121.9 CONFIG_MARIADB_HOST=192.168.121.9 ... # eth0_ip=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1) # echo $eth0_ip 192.168.121.9 # eth1_ip=$(ip addr show eth1 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1) # echo $eth1_ip 10.0.0.10 # sed -i.orig "s/$eth0_ip/$eth1_ip/g" answerfile001.txt # grep HOST answerfile001.txt CONFIG_CONTROLLER_HOST=10.0.0.10 CONFIG_COMPUTE_HOSTS=10.0.0.10 CONFIG_NETWORK_HOSTS=10.0.0.10 CONFIG_VCENTER_HOST= CONFIG_STORAGE_HOST=10.0.0.10 CONFIG_SAHARA_HOST=10.0.0.10 CONFIG_AMQP_HOST=10.0.0.10 CONFIG_MARIADB_HOST=10.0.0.10 CONFIG_CINDER_NETAPP_HOSTNAME=
ปรับแต่งค่าใน answerfile001.txt
CONFIG_KEYSTONE_ADMIN_PW=password CONFIG_LBAAS_INSTALL=y CONFIG_NEUTRON_METERING_AGENT_INSTALL=y CONFIG_NEUTRON_FWAAS=y CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vlan,vxlan,gre,flat,local CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=local,vlan,gre,vxlan CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet2:1:1000 CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet2:br-eth2 CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eth0,br-eth2:eth2 CONFIG_HEAT_INSTALL=y CONFIG_HEAT_CFN_INSTALL=y CONFIG_TROVE_INSTALL=y CONFIG_HORIZON_SSL=y CONFIG_PROVISION_DEMO=n
แก้ไขด้วย crudini
# yum install crudini rubygems -y # answerfile=answerfile001.txt # crudini --set $answerfile general CONFIG_KEYSTONE_ADMIN_PW password # crudini --set $answerfile general CONFIG_LBAAS_INSTALL y # crudini --set $answerfile general CONFIG_NEUTRON_METERING_AGENT_INSTALL y # crudini --set $answerfile general CONFIG_NEUTRON_FWAAS y # crudini --set $answerfile general CONFIG_NEUTRON_ML2_TYPE_DRIVERS vlan,vxlan,gre,flat,local # crudini --set $answerfile general CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES local,vlan,gre,vxlan # crudini --set $answerfile general CONFIG_NEUTRON_ML2_VLAN_RANGES physnet2:1:1000 # crudini --set $answerfile general CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS ext-net:br-ex,physnet2:br-eth2 # crudini --set $answerfile general CONFIG_NEUTRON_OVS_BRIDGE_IFACES br-ex:eth0,br-eth2:eth2 # crudini --set $answerfile general CONFIG_HEAT_INSTALL y # crudini --set $answerfile general CONFIG_TROVE_INSTALL y # crudini --set $answerfile general CONFIG_HEAT_CFN_INSTALL y # crudini --set $answerfile general CONFIG_HORIZON_SSL y # crudini --set $answerfile general CONFIG_PROVISION_DEMO n # crudini --set $answerfile general CONFIG_CINDER_VOLUMES_CREATE n # packstack --answer-file answerfile001.txt Welcome to the Packstack setup utility The installation log file is available at: /var/tmp/packstack/20160823-023836-_wAfqR/openstack-setup.log Installing: Clean Up [ DONE ] Discovering ip protocol version [ DONE ] Setting up ssh keys [ DONE ] Preparing servers [ DONE ] Pre installing Puppet and discovering hosts' details [ DONE ] Adding pre install manifest entries [ DONE ] Setting up CACERT [ DONE ] Adding AMQP manifest entries [ DONE ] Adding MariaDB manifest entries [ DONE ] Adding Apache manifest entries [ DONE ] Fixing Keystone LDAP config parameters to be undef if empty[ DONE ] Adding Keystone manifest entries [ DONE ] Adding Glance Keystone manifest entries [ DONE ] Adding Glance manifest entries [ DONE ] Adding Cinder Keystone manifest entries [ DONE ] Checking if the Cinder server has a cinder-volumes vg[ DONE ] Adding Cinder manifest entries [ DONE ] Adding Nova API manifest entries [ DONE ] Adding Nova Keystone manifest entries [ DONE ] Adding Nova Cert manifest entries [ DONE ] Adding Nova Conductor manifest entries [ DONE ] Creating ssh keys for Nova migration [ DONE ] Gathering ssh host keys for Nova migration [ DONE ] Adding Nova Compute manifest entries [ DONE ] Adding Nova Scheduler manifest entries [ DONE ] Adding Nova VNC Proxy manifest entries [ DONE ] Adding OpenStack Network-related Nova manifest entries[ DONE ] Adding Nova Common manifest entries [ DONE ] Adding Neutron VPNaaS Agent manifest entries [ DONE ] Adding Neutron FWaaS Agent manifest entries [ DONE ] Adding Neutron LBaaS Agent manifest entries [ DONE ] Adding Neutron API manifest entries [ DONE ] Adding Neutron Keystone manifest entries [ DONE ] Adding Neutron L3 manifest entries [ DONE ] Adding Neutron L2 Agent manifest entries [ DONE ] Adding Neutron DHCP Agent manifest entries [ DONE ] Adding Neutron Metering Agent manifest entries [ DONE ] Adding Neutron Metadata Agent manifest entries [ DONE ] Adding Neutron SR-IOV Switch Agent manifest entries [ DONE ] Checking if NetworkManager is enabled and running [ DONE ] Adding OpenStack Client manifest entries [ DONE ] Adding Horizon manifest entries [ DONE ] Adding Swift Keystone manifest entries [ DONE ] Adding Swift builder manifest entries [ DONE ] Adding Swift proxy manifest entries [ DONE ] Adding Swift storage manifest entries [ DONE ] Adding Swift common manifest entries [ DONE ] Adding Heat manifest entries [ DONE ] Adding Heat CloudFormation API manifest entries [ DONE ] Adding Gnocchi manifest entries [ DONE ] Adding Gnocchi Keystone manifest entries [ DONE ] Adding MongoDB manifest entries [ DONE ] Adding Redis manifest entries [ DONE ] Adding Ceilometer manifest entries [ DONE ] Adding Ceilometer Keystone manifest entries [ DONE ] Adding Aodh manifest entries [ DONE ] Adding Aodh Keystone manifest entries [ DONE ] Adding Trove Keystone manifest entries [ DONE ] Adding Trove manifest entries [ DONE ] Adding Nagios server manifest entries [ DONE ] Adding Nagios host manifest entries [ DONE ] Copying Puppet modules and manifests [ DONE ] Applying 10.0.0.10_prescript.pp .... 10.0.0.10_nagios.pp: [ DONE ] 10.0.0.10_nagios_nrpe.pp: [ DONE ] Applying Puppet manifests [ DONE ] Finalizing [ DONE ] **** Installation completed successfully ****** Additional information: * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components. * File /root/keystonerc_admin has been created on OpenStack client host 10.0.0.10. To use the command line tools you need to source the file. * NOTE : A certificate was generated to be used for ssl, You should change the ssl certificate configured in /etc/httpd/conf.d/ssl.conf on 10.0.0.10 to use a CA signed cert. * To access the OpenStack Dashboard browse to https://10.0.0.10/dashboard . Please, find your login credentials stored in the keystonerc_admin in your home directory. * To use Nagios, browse to http://10.0.0.10/nagios username: nagiosadmin, password: 292931d483bb4c13 * The installation log file is available at: /var/tmp/packstack/20160823-024129-glQQuf/openstack-setup.log * The generated manifests are available at: /var/tmp/packstack/20160823-024129-glQQuf/manifests
เปิด browser https://10.0.0.10/dashboard
ssl accept
login ด้วย admin/password
Openvswitch Network
ทดสอบ ดูว่า Openvswitch สร้าง bridge อะไรให้กับระบบบ้าง
# ovs-vsctl show c319424e-43f2-4440-ba92-0f57b4ec3bf3 Bridge "br-eth2" Port "br-eth2" Interface "br-eth2" type: internal Port "phy-br-eth2" Interface "phy-br-eth2" type: patch options: {peer="int-br-eth2"} Port "eth2" Interface "eth2" Bridge br-ex Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex} Port "eth0" Interface "eth0" Port br-ex Interface br-ex type: internal Bridge br-int fail_mode: secure Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port "int-br-eth2" Interface "int-br-eth2" type: patch options: {peer="phy-br-eth2"} Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Bridge br-tun fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal ovs_version: "2.5.0"
ภาพแสดงการเชื่อมต่อภายใน จาก instance vm ออก internet ต้องผ่าน อุปกรณ์ ที่เป็น virtual network device ต่างๆ จำนวน 9 อุปกรณ์ ดังรูป
การเชื่อมต่อ ระหว่าง br-ex และ eth0
การเชื่อมต่อ ระหว่าง eth0 และ br-ex เพื่อให้ openstack สามารถเชื่อม provider network และ network ภายนอก
# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 NAME=eth0 DEVICETYPE=ovs TYPE=OVSPort OVS_BRIDGE=br-ex ONBOOT=yes BOOTPROTO=none # cat /etc/sysconfig/network-scripts/ifcfg-eth1 NM_CONTROLLED=no BOOTPROTO=none ONBOOT=yes IPADDR=10.0.0.10 NETMASK=255.255.255.0 DEVICE=eth1 HWADDR=52:54:00:7b:64:20 PEERDNS=no