下ごしらえからKeystoneまでのインストールです。
環境
CentOS6 minimalでインストール Core-i3 mem4G
OSインストールはIPアドレスは手動設定、ファイルシステムはLVM、物理ボリュームを余分に1個作っとく。
インストールが終わったらSSHの設定だけやっとく。
vi /etc/ssh/sshd_config
#PermitRootLogin yes //コメントアウトを外す。
PermitRootLogin yes
service sshd restartここからターミナルでの操作に切り替える。楽なので。コピペできるので。
ホスト名の入力とIPv6を無効に
vi /etc/hosts
127.0.0.1 take localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.24.61 take念のためチェック、けど飛ばしてもいい
ping -c 1 take
PING take (127.0.0.1) 56(84) bytes of data.
64 bytes from take (127.0.0.1): icmp_seq=1 ttl=64 time=0.018 ms
--- take ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.018/0.018/0.018/0.000 msipv6を無効にする
sh -c "echo 'options ipv6 disable=1' >> /etc/modprobe.d/disable-ipv6.conf"
sh -c "echo 'NETWORKING_IPV6=no' >> /etc/sysconfig/network-scripts/ifcfg-eth0"SELINUXを無効にする
vi /etc/selinux/config
SELINUX=enforcingの部分を変更
SELINUX=disabledyum -y updateとりま必要なパッケージをインストール
yum -y install ntp man openssh-clientsntpdを有効にする
service ntpd start
chkconfig ntpd onここでいったんリブートしとく
reboot起動が終わったら。
てかリブート前でもいいんやけど、エディタと後ちょっと必要なやつを入れとくか的な。
yum -y install vim mlocate wgetopenstackのためにepelのリポジトリを追加
rpm -ivh http://ftp.riken.jp/Linux/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpmvi /etc/yum.repos.d/openstack-grizzly.repo
[epel-openstack-grizzly]
name=OpenStack Grizzly Repository for EPEL 6
baseurl=http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/epel-$releasever/
enabled=1
skip_if_unavailable=1
gpgcheck=0そしてアップデート
yum -y updateデータベースの準備
yum -y install mysql-server memcached
service mysqld start
chkconfig mysqld onパスワードは空欄でログインできます
mysql -uroot -p
mysql> set password for root@localhost=password('takeken');
Query OK, 0 rows affected (0.00 sec)
mysql> set password for root@127.0.0.1=password('takeken');
Query OK, 0 rows affected (0.00 sec)
mysql> set password for root@take=password('takeken');
Query OK, 0 rows affected (0.00 sec)
service memcached start
memcached を起動中: [ OK ]
chkconfig memcached on認証なしでapache qpidのインストール
yum -y install qpid-cpp-server
sed -i 's/auth=yes/auth=no/' /etc/qpidd.conf
service qpidd start
chkconfig qpidd on仮想化関連のパッケージインストール
yum install -y iscsi-initiator-utils qemu-kvm \
libvirt bridge-utils libvirt-python avahi
service messagebus start
service avahi-daemon start
service libvirtd start準備は終了でごわす。
ここからOpenstack関連のパッケージインストールがスタート。
openstack-configとかのユーティリティのインストール
yum -y install openstack-utilsKeystoneのインストールです。
これはOpenstackの認証・許可関連を管理しているコンポーネント
yum -y install openstack-keystonコンフィグのバックアップ
cp -a /etc/keystone /etc/keystone_bakコンフィグをセットアップ
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN
openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host 0.0.0.0
openstack-config --set /etc/keystone/keystone.conf DEFAULT public_host 5000
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_port 35357
openstack-config --set /etc/keystone/keystone.conf DEFAULT compute_port 8774
openstack-config --set /etc/keystone/keystone.conf DEFAULT policy_file policy.json
openstack-config --set /etc/keystone/keystone.conf DEFAULT debug True
openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:password@take/keystone
openstack-config --set /etc/keystone/keystone.conf signing token_format UUIDkeystoneのデータベース作成。たまたまでしょうがmysqlコマンドでやってるとうまくいかなかったので、ジンクス的にログインしてやってます。
mysql -uroot -p
mysql> drop database if exists keystone;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> create database keystone character set utf8;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on keystone.* to keystone identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on keystone.* to keystone@localhost identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on keystone.* to keystone@take identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges
mysql> quitkeystone-manage db_syncプロセス起動
chown -R keystone:keystone /var/log/keystone
service openstack-keystone start
chkconfig openstack-keystone on
service openstack-keystone status
keystone (pid 8141) を実行中...サンプルスクリプトを使ってKeystoneにOpenStackで利用するサービス、サービスに対するユーザ、ロールの設定を行います。
※ここはたけけんの理解が足りてないので、ここのコピペは気を付けてくださり。
cd /usr/local/src ; cp -a /usr/share/openstack-keystone/sample_data.sh .ファイルのチェック
ls -l sample_data.sh
-rwxr-xr-x 1 root root 9053 10月 18 03:23 2013 sample_data.s環境変数をエクスポート
export CONTROLLER_HOST=take
export SERVICE_ENDPOINT=http://$CONTROLLER_HOST:35357/v2.0
sed -i "s/localhost/$CONTROLLER_HOST/" /usr/local/src/sample_data.sh
export ENABLE_ENDPOINTS=yesスクリプトを実行。
/usr/local/src/sample_data.sh実行すると
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://take:$(admin_port)s/v2.0 |
| id | 4cd2e487b29c46d1b4b108601f32d640 |
| internalurl | http://take:$(public_port)s/v2.0 |
| publicurl | http://take:$(public_port)s/v2.0 |
| region | RegionOne |
| service_id | e868bba059ce4059a27cc08036d57fc2 |
+-------------+----------------------------------+
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+-------------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------------+
| adminurl | http://take:$(compute_port)s/v1.1/$(tenant_id)s |
| id | 7d071a9e31604d188137e73809b3620e |
| internalurl | http://take:$(compute_port)s/v1.1/$(tenant_id)s |
| publicurl | http://take:$(compute_port)s/v1.1/$(tenant_id)s |
| region | RegionOne |
| service_id | 5abfb5029ae24291a756c22fc38cc78a |
+-------------+-------------------------------------------------+
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+-----------------------------------+
| Property | Value |
+-------------+-----------------------------------+
| adminurl | http://take:8776/v1/$(tenant_id)s |
| id | 4a7a599e33c84a65beeff317f6406491 |
| internalurl | http://take:8776/v1/$(tenant_id)s |
| publicurl | http://take:8776/v1/$(tenant_id)s |
| region | RegionOne |
| service_id | 85f1809e45454a9d8c4508435bcde95b |
+-------------+-----------------------------------+
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://take:9292 |
| id | 0361e2e792f243fa97a0dad5234be03f |
| internalurl | http://take:9292 |
| publicurl | http://take:9292 |
| region | RegionOne |
| service_id | 04970bb075ef4eaf820991a449dfeb22 |
+-------------+----------------------------------+
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://take:8773/services/Admin |
| id | fdd265dc512343a68321586770a6c6ea |
| internalurl | http://take:8773/services/Cloud |
| publicurl | http://take:8773/services/Cloud |
| region | RegionOne |
| service_id | c716562c33ed40e9bbaadbb20fbf8268 |
+-------------+----------------------------------+
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+-------------+----------------------------------------+
| Property | Value |
+-------------+----------------------------------------+
| adminurl | http://take:8888/v1 |
| id | 3cab69ce7b714e2ab67a8199bd12406b |
| internalurl | http://take:8888/v1/AUTH_$(tenant_id)s |
| publicurl | http://take:8888/v1/AUTH_$(tenant_id)s |
| region | RegionOne |
| service_id | 543157fad3b742c2a07c1ed5312510ca |
+-------------+----------------------------------------+うまく表示されたらログインしなおして確認する、まずはエクスポート。
export OS_SERVICE_TOKEN=ADMIN
export OS_SERVICE_ENDPOINT=http://take:35357/v2.0/確認コマンド
keystone tenant-list
keystone user-list
keystone role-list
keystone service-list
keystone endpoint-list確認結果
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 44e077cc353748f2b0230a04b399d9c1 | demo | True |
| 6277f269fdda4051a0eb51336fd9cfc3 | service | True |
+----------------------------------+---------+---------+
+----------------------------------+--------+---------+-------+
| id | name | enabled | email |
+----------------------------------+--------+---------+-------+
| c417e79f10ba4cb3a65b177655c865b2 | admin | True | |
| 9d06fe734fd9450fb7b6154c0d108c8d | ec2 | True | |
| a2ec4feea5cb4fc49b393b687c3ebd51 | glance | True | |
| 695d4b3fb6114584930612978ba6e75a | nova | True | |
| b2f7e5c3a555437983d6c310002a984f | swift | True | |
+----------------------------------+--------+---------+-------+
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 883cd63371544518ac749e3b81a985b9 | admin |
+----------------------------------+----------+
+----------------------------------+----------+--------------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+--------------+---------------------------+
| c716562c33ed40e9bbaadbb20fbf8268 | ec2 | ec2 | EC2 Compatibility Layer |
| 04970bb075ef4eaf820991a449dfeb22 | glance | image | Glance Image Service |
| e868bba059ce4059a27cc08036d57fc2 | keystone | identity | Keystone Identity Service |
| 5abfb5029ae24291a756c22fc38cc78a | nova | compute | Nova Compute Service |
| 543157fad3b742c2a07c1ed5312510ca | swift | object-store | Swift Service |
| 85f1809e45454a9d8c4508435bcde95b | volume | volume | Nova Volume Service |
+----------------------------------+----------+--------------+---------------------------+
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+-------------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+-------------------------------------------------+----------------------------------+
| 0361e2e792f243fa97a0dad5234be03f | RegionOne | http://take:9292 | http://take:9292 | http://take:9292 | 04970bb075ef4eaf820991a449dfeb22 |
| 3cab69ce7b714e2ab67a8199bd12406b | RegionOne | http://take:8888/v1/AUTH_$(tenant_id)s | http://take:8888/v1/AUTH_$(tenant_id)s | http://take:8888/v1 | 543157fad3b742c2a07c1ed5312510ca |
| 4a7a599e33c84a65beeff317f6406491 | RegionOne | http://take:8776/v1/$(tenant_id)s | http://take:8776/v1/$(tenant_id)s | http://take:8776/v1/$(tenant_id)s | 85f1809e45454a9d8c4508435bcde95b |
| 4cd2e487b29c46d1b4b108601f32d640 | RegionOne | http://take:$(public_port)s/v2.0 | http://take:$(public_port)s/v2.0 | http://take:$(admin_port)s/v2.0 | e868bba059ce4059a27cc08036d57fc2 |
| 7d071a9e31604d188137e73809b3620e | RegionOne | http://take:$(compute_port)s/v1.1/$(tenant_id)s | http://take:$(compute_port)s/v1.1/$(tenant_id)s | http://take:$(compute_port)s/v1.1/$(tenant_id)s | 5abfb5029ae24291a756c22fc38cc78a |
| fdd265dc512343a68321586770a6c6ea | RegionOne | http://take:8773/services/Cloud | http://take:8773/services/Cloud | http://take:8773/services/Admin | c716562c33ed40e9bbaadbb20fbf8268 |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+-------------------------------------------------+----------------------------------+問題なければ次いってみよう。