back to index

virtualbox VM

final setting

install ubuntu

basic setting

/etc/default/locale

LANG="en_US.utf8"
LANGUAGE="en_US:en"

/etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.89.253
netmask 255.255.255.0
gateway 192.168.89.1

auto eth1
iface eth1 inet static
address 192.168.67.253
netmask 255.255.255.0

dns-nameservers 192.168.67.253 8.8.8.8
dns-search icehouse

/etc/hosts

127.0.0.1       localhost
192.168.67.253	controller.icehouse

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/hostname

controller.icehouse

/etc/dhcp/dhclient.conf

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name = gethostname();

supersede domain-search "icehouse";
prepend domain-name-servers 192.168.67.253;

request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers, domain-search, host-name,
	dhcp6.name-servers, dhcp6.domain-search,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes, ntp-servers,
	dhcp6.fqdn, dhcp6.sntp-servers;
  • reboot
  • apt-get -y update
  • apt-get -y upgrade
  • apt-get -y install ntp
  • apt-get -y install ubuntu-cloud-keyring
  • apt-get -y dist-upgrade
  • reboot

/etc/ntp.conf

driftfile /var/lib/ntp/ntp.drift

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server clock.stdtime.gov.tw

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

restrict 127.0.0.1
restrict ::1
restrict 192.168.67.0 mask 255.255.255.0 nomodify notrap
  • service ntp restart

BIND9

  • apt-get -y install bind9

/etc/bind/named.conf.options

options {
	directory "/var/cache/bind";
	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
	listen-on { 192.168.67.253; };
};

/etc/bind/icehouse.zone

$TTL	604800
$ORIGIN	icehouse.
@	IN	SOA	controller.icehouse root (
			1       ; Serial
			604800  ; Refresh
			86400   ; Retry
			2419200 ; Expire
			604800) ; Negative Cache TTL
;
	IN	NS	controller.icehouse.
keystone-api	IN	A	192.168.89.253
controller	IN	A	192.168.67.253
network	IN	A	192.168.67.252
ryu-manager	IN	A	192.168.45.252

/etc/bind/168.192.in-addr.arpa.zone

$TTL	604800
$ORIGIN	168.192.in-addr.arpa.
@	IN	SOA	controller.icehouse root (
			1       ; Serial
			604800  ; Refresh
			86400   ; Retry
			2419200 ; Expire
			604800) ; Negative Cache TTL
;
	IN	NS	controller.icehouse.
253.89	IN	PTR	keystone-api.icehouse.
253.67	IN	PTR	controller.icehouse.
252.67	IN	PTR	network.icehouse.
252.45	IN	PTR     ryu-manager.icehouse.
  • service bind9 restart

MySQL

  • apt-get -y install mysql-server python-mysqldb

/etc/mysql/my.cnf

[client]
port		= 3306
socket		= /var/run/mysqld/mysqld.sock

[mysqld_safe]
socket		= /var/run/mysqld/mysqld.sock
nice		= 0

[mysqld]
user		= mysql
pid-file	= /var/run/mysqld/mysqld.pid
socket		= /var/run/mysqld/mysqld.sock
port		= 3306
basedir		= /usr
datadir		= /var/lib/mysql
tmpdir		= /tmp
lc-messages-dir	= /usr/share/mysql
skip-external-locking
skip-host-cache

bind-address	= 192.168.67.253

key_buffer		= 16M
max_allowed_packet	= 16M
thread_stack		= 192K
thread_cache_size	= 8

myisam-recover		= BACKUP

query_cache_limit	= 1M
query_cache_size	= 16M

log_error	= /var/log/mysql/error.log

expire_logs_days	= 10
max_binlog_size		= 100M

character_set_server	= utf8
collation_server	= utf8_bin
default_storage_engine	= InnoDB
init_connect		= 'SET NAMES UTF8'

[mysqldump]
quick
quote-names
max_allowed_packet	= 16M

[mysql]

[isamchk]
key_buffer		= 16M

!includedir /etc/mysql/conf.d/

~/initDB.sql

DROP DATABASE IF EXISTS keystone; CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystoneUser'@'controller.icehouse' IDENTIFIED BY 'keystonePass';
DROP DATABASE IF EXISTS glance; CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glanceUser'@'controller.icehouse' IDENTIFIED BY 'glancePass';
DROP DATABASE IF EXISTS cinder; CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinderUser'@'controller.icehouse' IDENTIFIED BY 'cinderPass';
DROP DATABASE IF EXISTS nova; CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'novaUser'@'controller.icehouse' IDENTIFIED BY 'novaPass';
DROP DATABASE IF EXISTS heat; CREATE DATABASE heat;
GRANT ALL PRIVILEGES ON heat.* TO 'heatUser'@'controller.icehouse' IDENTIFIED BY 'heatPass';
DROP DATABASE IF EXISTS neutron; CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutronUser'@'network.icehouse' IDENTIFIED BY 'neutronPass';
DROP DATABASE IF EXISTS ryu; CREATE DATABASE ryu;
GRANT ALL PRIVILEGES ON ryu.* TO 'ryuUser'@'network.icehouse' IDENTIFIED BY 'ryuPass';
  • service mysql restart
  • mysql_install_db
  • mysql_secure_installation
  • mysql -u root -p < ~/initDB.sql

RabbitMQ

  • apt-get -y install rabbitmq-server

/etc/rabbitmq/rabbitmq-env.conf

RABBITMQ_NODE_IP_ADDRESS=192.168.67.253
  • service rabbitmq-server restart

Keystone

  • apt-get -y install keystone

/etc/keystone/keystone.conf

[DEFAULT]

admin_token=ADMIN
admin_bind_host=192.168.67.253
admin_port=35357
public_bind_host=192.168.89.253
public_port=5000
rabbit_host=controller.icehouse

[database]

backend=sqlalchemy
connection = mysql://keystoneUser:keystonePass@controller.icehouse/keystone


[extra_headers]
Distribution = Ubuntu

~/init-keystone.sh

#!/bin/bash
# Modify these variables as needed
CONTROLLER_HOST=controller.icehouse
KEYSTONE_API_HOST=keystone-api.icehouse
NEUTRON_HOST=network.icehouse

ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}
export OS_SERVICE_TOKEN="ADMIN"
export OS_IDENTITY_API_VERSION="2.0"
export OS_SERVICE_ENDPOINT="http://controller.icehouse:35357/v${OS_IDENTITY_API_VERSION}"
ADMIN_TENANT_NAME=${ADMIN_TENANT_NAME:-admin}
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}

MYSQL_HOST=$CONTROLLER_HOST
MYSQL_DATABASE=keystone
MYSQL_USER=keystoneUser
MYSQL_PASSWORD=keystonePass

KEYSTONE_REGION=RegionOne

# Shortcut function to get a newly generated ID
function get_field() {
  while read data; do
    if [ "$1" -lt 0 ]; then
      field="(\$(NF$1))"
    else
      field="\$$(($1 + 1))"
    fi
    echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
  done
}

# Tenants
ADMIN_TENANT=$(keystone tenant-create \
  --name $ADMIN_TENANT_NAME | grep " id " | get_field 2)

SERVICE_TENANT=$(keystone tenant-create \
  --name $SERVICE_TENANT_NAME | grep " id " | get_field 2)

# Roles
ADMIN_ROLE=$(keystone role-create --name=admin | grep " id " | get_field 2)
MEMBER_ROLE=$(keystone role-create --name=Member | grep " id " | get_field 2)

# Users
ADMIN_USER=$(keystone user-create \
  --name $ADMIN_TENANT_NAME \
  --pass "$ADMIN_PASSWORD" \
  --email $ADMIN_TENANT_NAME@icehouse | grep " id " | get_field 2)

GLANCE_USER=$(keystone user-create \
  --name glance \
  --pass "$SERVICE_PASSWORD" \
  --tenant-id $SERVICE_TENANT \
  --email glance@icehouse | grep " id " | get_field 2)

CINDER_USER=$(keystone user-create \
  --name cinder \
  --pass "$SERVICE_PASSWORD" \
  --tenant-id $SERVICE_TENANT \
  --email cinder@icehouse | grep " id " | get_field 2)

NOVA_USER=$(keystone user-create \
  --name nova \
  --pass "$SERVICE_PASSWORD" \
  --tenant-id $SERVICE_TENANT \
  --email nova@icehouse | grep " id " | get_field 2)

HEAT_USER=$(keystone user-create \
  --name heat \
  --pass "$SERVICE_PASSWORD" \
  --tenant-id $SERVICE_TENANT \
  --email heat@icehouse | grep " id " | get_field 2)

NEUTRON_USER=$(keystone user-create \
  --name neutron \
  --pass "$SERVICE_PASSWORD" \
  --tenant-id $SERVICE_TENANT \
  --email neutron@icehouse | grep " id " | get_field 2)

# Add Roles to Users in Tenants
keystone user-role-add --tenant-id $ADMIN_TENANT --user-id $ADMIN_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $HEAT_USER --role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE

# Create services
IDENTITY_SERVICE=$(keystone service-create \
  --name keystone \
  --type identity \
  --description 'OpenStack Identity' | grep " id " | get_field 2)

IMAGE_SERVICE=$(keystone service-create \
  --name glance \
  --type image \
  --description 'OpenStack Image Service' | grep " id " | get_field 2)

VOLUME_SERVICE=$(keystone service-create \
  --name cinder \
  --type volume \
  --description 'OpenStack Volume Service' | grep " id " | get_field 2)

VOLUME_V2_SERVICE=$(keystone service-create \
  --name cinderv2 \
  --type volumev2 \
  --description 'OpenStack Volume Service' | grep " id " | get_field 2)


COMPUTE_SERVICE=$(keystone service-create \
  --name nova \
  --type compute \
  --description 'OpenStack Compute Service' | grep " id " | get_field 2)

HEAT_SERVICE=$(keystone service-create \
  --name heat \
  --type orchestration \
  --description 'HEAT Orchestration API' | grep " id " | get_field 2)

NETWORK_SERVICE=$(keystone service-create \
  --name neutron \
  --type network \
  --description 'OpenStack Networking service' | grep " id " | get_field 2)

EC2_SERVICE=$(keystone service-create \
  --name ec2 \
  --type ec2 \
  --description 'OpenStack EC2 service' | grep " id " | get_field 2)

# Create endpoints
keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $IDENTITY_SERVICE \
  --publicurl 'http://'"$KEYSTONE_API_HOST"':5000/v2.0' \
  --adminurl 'http://'"$CONTROLLER_HOST"':35357/v2.0' \
  --internalurl 'http://'"$KEYSTONE_API_HOST"':5000/v2.0'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $IMAGE_SERVICE \
  --publicurl 'http://'"$CONTROLLER_HOST"':9292' \
  --adminurl 'http://'"$CONTROLLER_HOST"':9292' \
  --internalurl 'http://'"$CONTROLLER_HOST"':9292'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $VOLUME_SERVICE \
  --publicurl 'http://'"$CONTROLLER_HOST"':8776/v1/%(tenant_id)s' \
  --adminurl 'http://'"$CONTROLLER_HOST"':8776/v1/%(tenant_id)s' \
  --internalurl 'http://'"$CONTROLLER_HOST"':8776/v1/%(tenant_id)s'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $VOLUME_V2_SERVICE \
  --publicurl 'http://'"$CONTROLLER_HOST"':8776/v2/%(tenant_id)s' \
  --adminurl 'http://'"$CONTROLLER_HOST"':8776/v2/%(tenant_id)s' \
  --internalurl 'http://'"$CONTROLLER_HOST"':8776/v2/%(tenant_id)s'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $COMPUTE_SERVICE \
  --publicurl 'http://'"$CONTROLLER_HOST"':8774/v2/%(tenant_id)s' \
  --adminurl 'http://'"$CONTROLLER_HOST"':8774/v2/%(tenant_id)s' \
  --internalurl 'http://'"$CONTROLLER_HOST"':8774/v2/%(tenant_id)s'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $HEAT_SERVICE \
  --publicurl 'http://'"$CONTROLLER_HOST"':8004/v1/%(tenant_id)s' \
  --adminurl 'http://'"$CONTROLLER_HOST"':8004/v1/%(tenant_id)s' \
  --internalurl 'http://'"$CONTROLLER_HOST"':8004/v1/%(tenant_id)s'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $NETWORK_SERVICE \
  --publicurl 'http://'"$NEUTRON_HOST"':9696' \
  --adminurl 'http://'"$NEUTRON_HOST"':9696' \
  --internalurl 'http://'"$NEUTRON_HOST"':9696'

keystone endpoint-create \
  --region $KEYSTONE_REGION \
  --service-id $EC2_SERVICE \
  --publicurl 'http://'"$CONTROLLER_HOST"':8773/services/Cloud' \
  --adminurl 'http://'"$CONTROLLER_HOST"':8773/services/Admin' \
  --internalurl 'http://'"$CONTROLLER_HOST"':8773/services/Cloud'
  • keystone --os-auth-url="http://controller.icehouse:35357/v2.0" --os-tenant-name=admin --os-username=admin --os-password=admin_pass tenant-list
  • keystone --os-auth-url="http://controller.icehouse:35357/v2.0" --os-tenant-name=admin --os-username=admin --os-password=admin_pass user-list
  • keystone --os-auth-url="http://controller.icehouse:35357/v2.0" --os-tenant-name=admin --os-username=admin --os-password=admin_pass service-list
  • keystone --os-auth-url="http://controller.icehouse:35357/v2.0" --os-tenant-name=admin --os-username=admin --os-password=admin_pass endpoint-list

Glance

  • apt-get -y install glance

/etc/glance/glance-api.conf

[DEFAULT]
default_store = file
bind_host = 192.168.67.253
bind_port = 9292
registry_host = controller.icehouse
registry_port = 9191
registry_client_protocol = http

auth_strategy = keystone
notification_driver = rabbitmq
rabbit_host = controller.icehouse

[database]
backend = sqlalchemy
connection = mysql://glanceUser:glancePass@controller.icehouse/glance

[keystone_authtoken]
auth_uri = http://keystone-api.icehouse:5000/v2.0
#identity_uri = http://controller.icehouse:35357/
auth_protocol = http
auth_host = controller.icehouse
auth_port = 35357
auth_version = 2.0
admin_tenant_name = service
admin_user = glance
admin_password = service_pass

[paste_deploy]
flavor = keystone

/etc/glance/glance-registry.conf

[DEFAULT]
bind_host = 192.168.67.253
bind_port = 9191

[database]
backend = sqlalchemy
connection = mysql://glanceUser:glancePass@controller.icehouse/glance

[keystone_authtoken]
auth_uri = http://keystone-api.icehouse:5000/v2.0
#identity_uri = http://controller.icehouse:35357/
auth_protocol = http
auth_host = controller.icehouse
auth_port = 35357
auth_version = 2.0
admin_tenant_name = service
admin_user = glance
admin_password = service_pass

[paste_deploy]
flavor = keystone
  • glance-manage db_sync
  • service glance-registry restart
  • service glance-api restart
  • glance --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=glance --os-password=service_pass --os-image-api-version=1 image-list
  • glance --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=glance --os-password=service_pass --os-image-api-version=2 image-list

Cinder

  • apt-get -y install cinder-api cinder-scheduler cinder-volume tgt

/etc/cinder/cinder.conf

[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
iscsi_ip_address = controller.icehouse
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes

rabbit_host = controller.icehouse
osapi_volume_listen = 192.168.67.253
osapi_volume_listen_port = 8776

[database]
backend = sqlalchemy
connection = mysql://cinderUser:cinderPass@controller.icehouse/cinder

[keystone_authtoken]
auth_uri = http://keystone-api.icehouse:5000/v2.0
#identity_uri = http://controller.icehouse:35357/
auth_protocol = http
auth_host = controller.icehouse
auth_port = 35357
auth_version = 2.0
admin_tenant_name = service
admin_user = cinder
admin_password = service_pass
  • lsblk
  • parted -l
  • pvcreate /dev/sda2
  • vgcreate cinder-volumes /dev/sda2
  • cinder-manage db sync
  • service cinder-volume restart
  • service cinder-scheduler restart
  • service cinder-api restart
  • rm -f /var/lib/cinder/cinder.sqlite
  • cinder --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=1 list
  • cinder --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=1 service-list
  • cinder --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=1 availability-zone-list
  • cinder --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=2 list
  • cinder --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=2 service-list
  • cinder --os-auth-url="http://keystone-api.icehouse:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=2 availability-zone-list

Nova

  • apt-get -y install nova-api nova-cert nova-consoleauth nova-scheduler nova-conductor nova-spiceproxy

/etc/nova/nova.conf

[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
firewall_driver=nova.virt.firewall.IptablesFirewallDriver
security_group_api=nova

rabbit_host = controller.icehouse
ec2_listen = 192.168.67.253
ec2_listen_port = 8773
osapi_compute_listen = 192.168.67.253
osapi_compute_listen_port = 8774
metadata_listen = 192.168.67.253
metadata_listen_port = 8775

auth_strategy = keystone
glance_host = controller.icehouse
glance_port = 9292

service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = helloOpenStack

network_api_class = nova.network.neutronv2.api.API
neutron_admin_auth_url = http://controller.icehouse:35357/v2.0
neutron_url = http://network.icehouse:9696
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = service_pass

[spice]
enabled = False
agent_enabled = True
html5proxy_host = 192.168.89.253
html5proxy_port = 6082

[database]
backend = sqlalchemy
connection = mysql://novaUser:novaPass@controller.icehouse/nova

[keystone_authtoken]
auth_uri = http://keystone-api.icehouse:5000/v2.0
#identity_uri = http://controller.icehouse:35357/
auth_protocol = http
auth_host = controller.icehouse
auth_port = 35357
auth_version = 2.0
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
  • nova-manage db sync
  • service nova-cert restart
  • service nova-conductor restart
  • service nova-consoleauth restart
  • service nova-spiceproxy restart
  • service nova-scheduler restart
  • service nova-api restart
  • rm -f /var/lib/nova/nova.sqlite

Heat

  • apt-get -y install heat-api heat-api-cfn heat-api-cloudwatch heat-common heat-engine python-heat python-heatclient

/etc/heat/heat.conf

[DEFAULT]
log_dir = /var/log/heat
verbose = true
rabbit_host = controller.icehouse

[heat_api]
bind_host = 192.168.67.253
[heat_api_cfn]
bind_host = 192.168.67.253
[heat_api_cloudwatch]
bind_host = 192.168.67.253

[database]
backend = sqlalchemy
connection = mysql://heatUser:heatPass@controller.icehouse/heat

[keystone_authtoken]
auth_uri = http://keystone-api.icehouse:5000/v2.0
#identity_uri = http://controller.icehouse:35357/
auth_protocol = http
auth_host = controller.icehouse
auth_port = 35357
auth_version = 2.0
admin_tenant_name = service
admin_user = heat
admin_password = service_pass
  • heat-manage db_sync
  • service heat-engine restart
  • service heat-api restart
  • service heat-api-cfn restart
  • service heat-api-cloudwatch restart
  • rm -f /var/lib/heat/heat.sqlite

Horizon

  • apt-get -y install openstack-dashboard memcached

/etc/openstack-dashboard/local_settings.py

OPENSTACK_HOST = "keystone-api.icehouse"
  • service apache2 restart
  • service memcached restart