Руководство по установке и запуску OpenStack в ALT Linux p8

Материал из ALT Linux Wiki

Инструкция по мотивам установки на Redhat: https://docs.openstack.org/newton/install-guide-rdo/

Инструкция в разработке.

Минимальные требования к оборудованию

  • Процессорных ядер - одно;
  • Оперативная память от 4Gb;
  • Диск 20 Гб.
* На машине с 2Gb RAM - сталкивался с нехваткой памяти и падением процессов. 

Пример установки с сетевым модулем на управляющем узле (controller)

      • Сетевые интерфейсы ***  !!!! переделать с другой структурой сети
  • ens19 -
  • ens20 -


Установка управляющего узла

Добавляем на узле в /etc/hosts (не удаляйте хост 127.0.0.1)

# Управляющий узел
10.0.0.11 controller
# Вычислительный узел
10.0.0.31 compute1

Подготовка к установке

# apt-get update -y
# apt-get dist-upgrade  -y
  1. Удаление firewalld

apt-get remove firewalld

Установка ПО

# apt-get install openstack-nova chrony python-module-memcached python3-module-memcached python-module-pymemcache python3-module-pymemcache mariadb-server python-module-MySQLdb python-module-openstackclient openstack-glance python-module-glance python-module-glance_store python-module-glanceclient  python-module-glanceclient python-module-glance_store  python-module-glance openstack-glance  openstack-nova-api openstack-nova-cells openstack-nova-cert openstack-nova-conductor openstack-nova-console  openstack-nova-scheduler rabbitmq-server  openstack-keystone apache2-mod_wsgi  memcached 


настройка времени

в /etc/chrony.conf добавляем

allow 10.0.0.0/24

Если имеется настроенный свой NTP, заменяем "pool.ntp.org" на свой.

pool pool.ntp.org iburst
#systemctl enable chronyd.service
 Synchronizing state of chronyd.service with SysV service script with /lib/systemd/systemd-sysv-install.
 Executing: /lib/systemd/systemd-sysv-install enable chronyd
#systemctl start chronyd.service


настройка sql сервера =

Комментируем строку "skip-networking" в /etc/my.cnf.d/server.cnf
# cat > /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl enable mariadb
# systemctl start mariadb

задаем пароль администратора sql сервера root и удаляем тестовые таблички

  • пароль по умолчанию пустой "" (после ввода нового пароля, на все вопросы отвечать утвердительно)
# mysql_secure_installation

настройка сервера сообщений rabbitmq

# systemctl enable rabbitmq.service
# systemctl start rabbitmq

Добавляем пользователя:

#rabbitmqctl add_user openstack RABBIT_PASS
#rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Настройка memcached

в файле /etc/sysconfig/memcached заменяем строчку LISTEN="127.0.0.1" на

LISTEN="10.0.0.11"


# systemctl enable memcached
# systemctl start memcached

Настройка Keystone

Создаём базу данных и пользователя с паролем.

# mysql -u root -p
> CREATE DATABASE keystone;
> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

Сохраняем оригинальный конфигурационный файл.

# mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.orig


# cat >  /etc/keystone/keystone.conf 
[DEFAULT]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
[role]
[saml]
[shadow_users]
[signing]
[ssl]
[token]
provider = fernet
[tokenless_auth]
[trust]


Заполняем базу данных keystone

# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone


Пароль пользователя admin - ADMIN_PASS

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
 --bootstrap-admin-url http://controller:35357/v3/ \
 --bootstrap-internal-url http://controller:35357/v3/ \
 --bootstrap-public-url http://controller:5000/v3/ \
 --bootstrap-region-id 

настраиваем apache2 для keystone

у нас apache2 собран без mod_version, поэтому убираем в файле /etc/httpd2/conf/sites-available/openstack-keystone.conf всё строчки

<IfVersion >= 2.4>
</IfVersion>

добавляем в активную конфигурацию keystone

# a2ensite openstack-keystone

Добавляем servername в конфигурацию.

echo ServerName controller >/etc/httpd2/conf/sites-enabled/servername.conf 
systemctl enable httpd2.service
systemctl start httpd2.service


Создание доменов, пользователей и ролей

Для дальнеших работ рекомендуется создать пользователя.

# adduser admin
# su - admin
cat >auth
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

Создаём пользователя demo

# su - admin
. auth
openstack project create --domain default \
 --description "Service Project" 

Укажите пароль для пользователя demo

openstack project create --domain default \
 --description "Demo Project" demo
openstack user create --domain default \
 --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user


Проверка настроек узла управления

# su - admin
$ . auth
unset OS_AUTH_URL OS_PASSWORD

пароль "ADMIN_PASS"

openstack --os-auth-url http://controller:35357/v3 \
 --os-project-domain-name Default --os-user-domain-name Default \
 --os-project-name admin --os-username admin token issue

должно вывести что-то вроде:

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-05-16T15:08:43.854293Z                                                                                                                                                             
|
| id         | gAAAAABZGwfr4_2NvksY-XnVTayUxh0zZEi4vp7Ff4JmdPqbQQy-W3NG2rs6EzImkevuVbvx4RkCtIWwhaxpbsEUoIFhfwaBwRpqE3fmx7d6OruRucHvFEjmtCKpBPHe9htK0s9hm40n7WmaADaYgi9LgnMto6YRNEBG5mzBJhX0b4NoHgeRA0 |
| project_id | d22531fa71e849078c44bb1f00117d87                                                                                                                                                        
|
| user_id    | 7be0608abb9641c5bd8d9f7a3bf519cb                                                                                                                                                        
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

проверка пользователя demo:

openstack --os-auth-url http://controller:5000/v3 \
 --os-project-domain-name Default --os-user-domain-name Default \
 --os-project-name demo --os-username demo token issue
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   
|
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-05-16T15:10:40.979623Z                                                                                                                                                             
|
| id         | gAAAAABZGwhhpQ5BvHvPmM9w6zuXstXZ6JMJDwkbV0zXUBsKLJuJ69CJKux0VoHzxaCKkEuaiOMtIWn2G0u__54HCMQQTvj7f8ddLezXgnlek9KLOPk9FEuoORIg9cahtgqttHgKyLuMKysHzuy331wxrcY-TtsOWWn_yhBJt7NWHtaTN7GEqNg |
| project_id | 19493a015aaf4e5f9983b58b460b3794                                                                                                                                                        
|
| user_id    | 9173af4437f34acd86f5a3d4516c53b6                                                                                                                                                        
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Настройка окружения

su - admin
rm auth
cat > admin-openrc 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
cat > demo-openrc 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

проверка окружения

su - admin
. admin-openrc
openstack token issue

Должно выдать что-то вроде такого:

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-05-16T15:48:13.101936Z                                                                                                                                                             
|
| id         | gAAAAABZGxEtWlJ0eEGve9Y1VvIRk-wQtZN128A92YPFb5iuTJuo2O7G6Gd9IYdnyPZP6xAXDmT2VzIVbuhvOKQi9bItygi2fWRTw7byAZZdKIvR3mAHpsZyLPpS61hM2ydQLsf6g57xhMKy5y1Fw4Z3uXPabK27dZi1aTslIQZB4RA4Q9WZYWM |
| project_id | d22531fa71e849078c44bb1f00117d87                                                                                                                                                        
|
| user_id    | 7be0608abb9641c5bd8d9f7a3bf519cb                                                                                                                                                        
|
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+


Настройка сервиса glance

 mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
 IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
 IDENTIFIED BY 'GLANCE_DBPASS';

su - admin
. admin-openrc

Задаем пароль сервису glance

openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

настраиваем конфиг:

cd /etc/glance/
mv glance-api.conf glance-api.conf_orig
cat >glance-api.conf
[DEFAULT]
use_syslog = true
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]


mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig
cat > /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]