Skip to content

OpenStack:Install:UbuntuSingleNode

단일 Ubuntu 노드 에서 OpenStack 설치 방법

Official Ubuntu Documentation

Single Node using Neutron GRE

## http://wiki.stackinsider.org/index.php/Native_Stack_-_Single_Node_using_Neutron_GRE_-_Icehouse
## Native Stack - Single Node using Neutron GRE - Icehouse
##
## @author your
## @date   2015-07-17

############################################
## Upgrade your system to the latest version
############################################

apt-get update
apt-get install -y python-software-properties
add-apt-repository cloud-archive:icehouse

apt-get update && apt-get dist-upgrade

## If you intend to use OpenStack Networking with Ubuntu 12.04, you should install a
## backported Linux kernel to improve the stability of your system. This installation is not
## needed if you intend to use the legacy networking service.
apt-get install -y linux-image-generic-lts-saucy linux-headers-generic-lts-saucy

## Reboot the system for all changes to take effect
reboot


############################
## Update Host configuration
############################

hostname controller
echo "controller" > /etc/hostname

eth0_address=`/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":" `

cat > /etc/hosts << EOF
127.0.0.1       localhost
127.0.1.1       controller
$eth0_address       controller

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF


########################
## Configure the network
########################

# The current network configuration
ifconfig

# NOTE: The current IP is statically assigned by our system. Please do not change it.

Restart the network service
/etc/init.d/networking restart
Enable IP forwarding
# To permit IP packets pass through different networks, 
# the network card should be configured with routing capability.
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf
sysctl -p


##############
## Install NTP
##############

apt-get update
apt-get install -y ntp

# Here we set ntp.ubuntu.com as the direct source of time.
# You will also find that a local time source 
# is also provided in case of internet time service interruption.
sed -i 's/server ntp.ubuntu.com/ \
server ntp.ubuntu.com \
server 127.127.1.0 \
fudge 127.127.1.0 stratum 10/g' /etc/ntp.conf

service ntp restart

#############################################
## Set the OpenStack installation environment
#############################################

# Create the environment variables
cat > /root/novarc << EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export RABBIT_PASSWORD=password
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' \
       | cut -f2 -d ":" | awk -F "." '{print $1"."$2"."$3}').224/27
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=stackinsider
export MASTER="$(/sbin/ifconfig eth0 \
       | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
export LOCAL_IP="$(/sbin/ifconfig eth1 \
       | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF

# Update the global environment variables.
cat /root/novarc >> /etc/profile
source /etc/profile


###############
## MySQL Server
###############

cat << MYSQL_PRESEED | debconf-set-selections
mysql-server-5.5 mysql-server/root_password password $MYSQL_PASS
mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASS
mysql-server-5.5 mysql-server/start_on_boot boolean true
MYSQL_PRESEED

apt-get -y install mysql-server python-mysqldb curl

# Bind MySQL service to all network interfaces.
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

# set enable InnoDB, UTF-8character set, and UTF-8 collation by default
sed -i "/bind-address/a\default-storage-engine = innodb\n\
collation-server = utf8_general_ci\n\
init-connect = 'SET NAMES utf8'\n\
character-set-server = utf8" /etc/mysql/my.cnf

service mysql restart

mysql_secure_installation
# This command presents a number of options for you to secure your database installation.
# Respond yesto all prompts unless you have a good reason to do otherwise.

mysql -uroot -p$MYSQL_PASS << EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '$MYSQL_PASS';
FLUSH PRIVILEGES;
EOF


#################################
## Message Queue Server: RabbitMQ
#################################

# Install the messaging queue server. Typically it is RabbitMQ.
apt-get -y install rabbitmq-server

rabbitmqctl change_password guest $RABBIT_PASSWORD


######################################
## OpenStack Identity Server: Keystone
######################################

apt-get -y install keystone

sed -i -e " s/#admin_token=ADMIN/admin_token=$SERVICE_TOKEN/g; \
s/#public_bind_host=0.0.0.0/public_bind_host=0.0.0.0/g; \
s/#admin_bind_host=0.0.0.0/admin_bind_host=0.0.0.0/g; \
s/#public_port=5000/public_port=5000/g; \
s/#admin_port=35357/admin_port=35357/g; \
s/#compute_port=8774/compute_port=8774/g; \
s/#verbose=false/verbose=True/g; \
s/#idle_timeout=3600/idle_timeout=3600/g" /etc/keystone/keystone.conf

sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"keystone"':'"$MYSQL_PASS"'@'"$MASTER"'/keystone|g}' /etc/keystone/keystone.conf

service keystone restart
keystone-manage db_sync

wget http://wiki.stackinsider.com/images/6/67/Ksdata_havana.sh_.txt
mv Ksdata_havana.sh_.txt Ksdata_havana.sh
bash Ksdata_havana.sh

wget  http://wiki.stackinsider.com/images/a/ac/Ksendpoints_havana.sh_.txt
mv Ksendpoints_havana.sh_.txt Ksendpoints_havana.sh
bash Ksendpoints_havana.sh


#################################
## OpenStack Image Server: Glance
#################################

apt-get -y install glance python-glanceclient

sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; \
s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; \
" /etc/glance/glance-api.conf  /etc/glance/glance-registry.conf

sed -i '/#connection = <None>/i\connection = mysql://'glance':'"$MYSQL_PASS"'@'"$MASTER"'/glance' \
/etc/glance/glance-registry.conf /etc/glance/glance-api.conf

sed -i 's/#flavor=/flavor=keystone/g' /etc/glance/glance-api.conf /etc/glance/glance-registry.conf

service glance-api restart
service glance-registry restart

glance-manage db_sync

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

glance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare disk_format=qcow2 < cirros-0.3.4-x86_64-disk.img

# Check the image ID to confirm if Glance operates normally.
glance index


##################################
## OpenStack Block Storage: Cinder
##################################

apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget \
open-iscsi iscsitarget-dkms python-cinderclient

fdisk -l
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb

# Update the configuration file of Cinder
cat > /etc/cinder/cinder.conf << EOF
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
rpc_backend = cinder.openstack.common.rpc.impl_kombu
rabbit_host = $MASTER
rabbit_port = 5672
rabbit_userid = guest
rabbit_password = $RABBIT_PASSWORD
glance_host = $MASTER

[database]
connection = mysql://cinder:$MYSQL_PASS@$MASTER/cinder


[keystone_authtoken]
auth_uri = http://$MASTER:5000
auth_host = $MASTER
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = $SERVICE_PASSWORD
EOF

# Synchronize the database of Cinder
cinder-manage db sync

service cinder-api restart
service cinder-scheduler restart
service cinder-volume restart

###############################################
## OpenStack Controller Server: Nova Controller
###############################################

apt-get -y install nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient

cat >/etc/nova/nova.conf <<EOF
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
iscsi_helper=tgtadm
libvirt_use_virtio_for_bridges=True
connection_type=libvirt
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
volumes_path=/var/lib/nova/volumes
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
rabbit_host = $MASTER
rabbit_userid = guest
rabbit_password = $RABBIT_PASSWORD
my_ip = $MASTER
vncserver_listen = $MASTER
vncserver_proxyclient_address = $MASTER
auth_strategy = keystone
novncproxy_base_url = http://$MASTER:6080/vnc_auto.html
glance_host = $MASTER
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://$MASTER:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = $SERVICE_PASSWORD
neutron_admin_auth_url = http://$MASTER:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = $SERVICE_TOKEN


[database]
connection = mysql://nova:$MYSQL_PASS@$MASTER/nova

[keystone_authtoken]
auth_uri = http://$MASTER:5000
auth_host = $MASTER
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = $SERVICE_PASSWORD
EOF

nova-manage db sync

service nova-conductor restart
service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-novncproxy restart


#########################################
## OpenStack Compute Server: Nova Compute
#########################################

apt-get -y install nova-compute-kvm python-guestfs
# When prompted to create a superminappliance, respond "yes"

dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-$(uname -r)

cat > /etc/kernel/postinst.d/statoverride <<EOF
#!/bin/sh
version="\$1"
# passing the kernel version is required
[ -z "\${version}" ] && exit 0
dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-\${version}
EOF

# make the file executable
chmod +x /etc/kernel/postinst.d/statoverride

sed -i 's/kvm/qemu/g' /etc/nova/nova-compute.conf

service nova-compute restart


####################################
## OpenStack Network Server: Neutron
####################################

apt-get -y install neutron-server neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
openvswitch-datapath-dkms neutron-l3-agent neutron-dhcp-agent

sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"neutron"':'"password"'@'"$MASTER"'/neutron|g}' \
        /etc/neutron/neutron.conf

sed -i 's/# auth_strategy = keystone/auth_strategy = keystone/g' \
        /etc/neutron/neutron.conf

sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \
          s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/neutron/neutron.conf

sed -i -e " s/# rpc_backend = neutron.openstack.common.rpc.impl_kombu/rpc_backend = neutron.openstack.common.rpc.impl_kombu/g; \
          s/# rabbit_host = localhost/rabbit_host = $MASTER/g; \
          s/# rabbit_password = guest/rabbit_password = $SERVICE_PASSWORD/g; \
          s/# rabbit_userid = guest/rabbit_userid = guest/g" \
          /etc/neutron/neutron.conf

service_id=`keystone tenant-get service | awk '$2~/^id/{print $4}'`

sed -i -e " s/# notify_nova_on_port_status_changes = True/notify_nova_on_port_status_changes = True/g; \
            s/# notify_nova_on_port_data_changes = True/notify_nova_on_port_data_changes = True/g; \
            s/# nova_url = http:\/\/127.0.0.1:8774/nova_url = http:\/\/$MASTER:8774\/v2/g; \
            s/# nova_admin_username =/nova_admin_username = nova/g; \
            s/# nova_admin_tenant_id =/nova_admin_tenant_id = $service_id/g; \
            s/# nova_admin_password =/nova_admin_password = $SERVICE_PASSWORD/g; \
            s/# nova_admin_auth_url =/nova_admin_auth_url = http:\/\/$MASTER:35357\/v2.0/g" \
            /etc/neutron/neutron.conf

sed -i -e 's/core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin/core_plugin = ml2/g' /etc/neutron/neutron.conf
sed -i -e 's/# service_plugins =/service_plugins = router/g' /etc/neutron/neutron.conf
sed -i -e 's/# allow_overlapping_ips = False/allow_overlapping_ips = True/g' /etc/neutron/neutron.conf

sed -i -e " s/# type_drivers = local,flat,vlan,gre,vxlan/type_drivers = gre/g; \
            s/# tenant_network_types = local/tenant_network_types = gre/g; \
            s/# mechanism_drivers =/mechanism_drivers = openvswitch/g; \
            s/# tunnel_id_ranges =/tunnel_id_ranges = 1:1000/g;
            s/# enable_security_group = True/enable_security_group = True/g" \
            /etc/neutron/plugins/ml2/ml2_conf.ini

cat << EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
EOF

cat << EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ovs]
local_ip = $LOCAL_IP
tunnel_type = gre
enable_tunneling = True
EOF

sed -i -e " s/# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/\
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/g; \
s/# use_namespaces = True/use_namespaces = True/g" \
/etc/neutron/l3_agent.ini

sed -i -e " s/# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/\
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/g; \
s/# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq/\
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq/g; \
s/# use_namespaces = True/use_namespaces = True/g" \
/etc/neutron/dhcp_agent.ini

sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; \
s/%SERVICE_USER%/neutron/g; \
s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; \
s/# nova_metadata_ip = 127.0.0.1/nova_metadata_ip = $MASTER/g;
s/# metadata_proxy_shared_secret =/metadata_proxy_shared_secret = $SERVICE_TOKEN/g" \
/etc/neutron/metadata_agent.ini


###########################################
## Configure the Open vSwitch (OVS) service
###########################################

service openvswitch-switch restart

ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth2

eth2_address=`/sbin/ifconfig eth2 | awk '/inet addr/ {print $2}' | cut -f2 -d ":" `

sed -i '/eth2/,$d'  /etc/network/interfaces 

cat >> /etc/network/interfaces << EOF
auto eth2
iface eth2 inet manual
    up ifconfig \$IFACE 0.0.0.0 up
    up ip link set \$IFACE promisc on
    down ip link set \$IFACE promisc off 
    down ifconfig \$IFACE down

auto br-ex
iface br-ex inet static
    address $eth2_address
    netmask 255.255.255.0
    up ip link set \$IFACE promisc on
    down ip link set \$IFACE promisc off
EOF

/etc/init.d/networking restart

## BUG:
## cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done
## Fix code:
service neutron-server restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart
service neutron-metadata-agent restart
service openvswitch-switch restart


###############################
## OpenStack Dashboard: Horizon
###############################

apt-get -y install apache2 libapache2-mod-wsgi openstack-dashboard memcached python-memcache

## Login Horizon
## URL: http://controller/horizon
## You can login your Horizon use the username and password as below:
## username:admin
## password:password


#########################
## Prepare Tenant Network
#########################

wget http://wiki.stackinsider.com/images/9/97/Prepare_user_network_icehouse_gre.sh.txt
mv Prepare_user_network_icehouse_gre.sh.txt Prepare_user_network_icehouse_gre.sh
bash Prepare_user_network_icehouse_gre.sh

# Enable nova ICMP/TCP/UDP ports
nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
secgroup-add-rule default tcp 1 65535 0.0.0.0/0
nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
secgroup-add-rule default udp 1 65535 0.0.0.0/0
nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
secgroup-add-rule default icmp -1 -1 0.0.0.0/0

# Obtain TenantA's default security group ID
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
security-group-list

# Enable ICMP and TCP ports
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
security-group-rule-create --protocol icmp --direction ingress {TenantA security group ID}
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
security-group-rule-create --protocol icmp --direction egress {TenantA security group ID}
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
security-group-rule-create --protocol tcp --direction egress --port-range-min 1 --port-range-max 65535 {TenantA security group ID}
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 \
security-group-rule-create --protocol tcp --direction ingress --port-range-min 1 --port-range-max 65535 {TenantA security group ID}

# Check the image ID to confirm if Glance operates normally.
glance index

nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image {the cirros ID from Glance} vm001

# Check your VM status
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list


#######################################################
## Access the VM instance using its floating(public) IP
#######################################################

# Obtain the VM's fixed IP
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list
# You can find its fixed IP in the "Networks" section: TenantA-Net={fixed IP}.

# Obtain the virtual port ID from the fixed IP
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 port-list | grep "{fixed IP}"
# The first column shows the virtual port ID.

# Create a floating IP
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net

# Associate the created floating IP to the VM's virtual port
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-associate {floating IP ID} {virtual port ID}

# Check your VM status
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list

# SSH to your VM when your VM is ACTIVE
# The password is cubswin:)
ssh cirros@{put_floating_ip_here}

Favorite site