sakananote: openStack CL210課程筆記

20141028

Foreman

Foreman is a deployment management tool. It provides web user interface for managing the installation and configuration of remote systems.

清空昨天建立的虛擬機器

在實體主機

# lab-reset-vm

This will destroy the virtual machine and reset it to the last saved state.

Is this ok [y/N]: y

Waiting for things to settle...

Done.

Lab: 安裝 foreman ( 另外一種安裝 openstack 的方式 )

在實體機器上面

#yum install -y openstack-foreman-installer

取得環境設定變數的檔案

# wget http://instructor.example.com/pub/materials/foreman-params.env

# vi foreman-params.env

將IP設定為虛擬機器的IP(要部署到哪一台)

# OpenStack networking configs.

###############################

# Change X+100 to your value.

# E.g., if your value of X is 7, change X+100 to 107;

# If your value of X is 17, change X+100 to 117.

###############################

export PRIVATE_CONTROLLER_IP=192.168.0.105

export PRIVATE_INTERFACE=eth0

export PRIVATE_NETMASK=192.168.0.0/24

export PUBLIC_CONTROLLER_IP=192.168.0.105

export PUBLIC_INTERFACE=eth0

export PUBLIC_NETMASK=192.168.0.0/24

export FOREMAN_GATEWAY=false

export FOREMAN_PROVISIONING=false

讓變數生效

# source foreman-params.env

驗證變數是否生效

# echo $FOREMAN_GATEWAY

false

# cd /usr/share/openstack-foreman-installer/bin/

執行安裝 script

# sh foreman_server.sh

#################### RED HAT OPENSTACK #####################

Thank you for using the Red Hat OpenStack Foreman Installer!

############################################################

Press [Enter] to continue

Foreman is installed and almost ready for setting up your OpenStack

You'll find Foreman at https://desktop5.example.com

The user name is 'admin' and default password is 'changeme'.

Please change the password at https://desktop5.example.com/users/1-admin/edit

登入 foreman 的web 界面

http://desktop5.example.com

帳號是 admin 密碼是 changeme

會看到以下的畫面

Lab 規劃

虛擬機器安裝 open

先在虛擬機器

# scp root@desktop5:/tmp/foreman_client.sh /root

The authenticity of host 'desktop5 (192.168.0.5)' can't be established.

RSA key fingerprint is d2:e8:38:24:cd:02:74:bc:ea:70:7b:e3:26:87:9c:eb.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'desktop5,192.168.0.5' (RSA) to the list of known hosts.

root@desktop5's password:

foreman_client.sh 100% 577 0.6KB/s 00:00

執行 foreman用戶端 script

#sh /root/foreman_client.sh

在 foreman 界面

點選 More --> Configuration --> Host Group

點選 Controller( Neutron )

點選 Parameters 分頁

點選 admin_password 的 override

將密碼改為 redhat 然後點選 Submit

在 foreman 界面

點選 More --> Configuration --> Host Group

點選 Compute( Neutron )

點選 Parameters 分頁

點選 admin_password 的 override

點選 private_interface 的 override

點選 public_interface 的 override

將密碼改為 redhat

將 interface 改為 br100 然後點選 Submit

點選畫面上方的 Host 進入 Host 頁面

點選 Server5 的 Edit 按鈕

將 Host Group 設定為 Controller ( Neutron )

點選 Submit

這個時候會發現Host Group 已經指定上去

接下來點選 desktop5( 實體主機 ) 的 Edit 按鈕

Host Group 指定為 Compute ( Neutron )

點選 Submit

接下來就會看到兩個 Host Group 都指定上去

接下來分別在虛擬機器以及實體機器執行 puppet 程式安裝該角色要執行的套件

[root@server5 ~]# puppet agent -tv

[root@desktop5 bin]# puppet agent -tv

這邊覺得比較奇怪的是 https:// 沒有啟動

連接 openstack的網頁界面

http://server5.example.com/dashboard/

使用 admin 密碼 redhat 登入

觀察一下 HyperVisor

Lab: Chapter Test

測試是否能夠自我建立 openStack

workbook p31

移除掉所有的VM

在實體主機

(這個練習就是重新安裝一次 openstack-packstack, 參考自己之前的筆記就好)

==== 中午休息 ====

重新安裝實體電腦

重新開機, 選擇 PXE開機, 選取分配的 Desktop 5

** Chapter 3 Implementing the qpid message broker

Lab: Installing and securing the Qpid message broker

workbook p 38

在虛擬機器

[root@server5 ~]# yum update -y

安裝相關套件

[root@server5 ~]# yum install qpid-cpp-server qpid-cpp-server-ssl cyrus-sasl-md5

========================================================================================================

Package Arch Version Repository Size

========================================================================================================

Installing:

cyrus-sasl-md5 x86_64 2.1.23-13.el6_3.1 base 47 k

qpid-cpp-server x86_64 0.14-22.el6_3 base 1.0 M

qpid-cpp-server-ssl x86_64 0.14-22.el6_3 base 60 k

Installing for dependencies:

boost-filesystem x86_64 1.41.0-18.el6 base 45 k

boost-program-options x86_64 1.41.0-18.el6 base 106 k

boost-system x86_64 1.41.0-18.el6 base 24 k

qpid-cpp-client x86_64 0.14-22.el6_3 base 1.0 M

qpid-cpp-client-ssl x86_64 0.14-22.el6_3 base 111 k

Transaction Summary

========================================================================================================

Install 8 Package(s)

Total download size: 2.4 M

Installed size: 8.8 M

Is this ok [y/N]: y

建立 sasl 帳號

[root@server5 ~]# saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID qpidauth

Password:

Again (for verification):

驗證帳號以及使用者

[root@server5 ~]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb

qpidauth@QPID: userPassword

設定 qpidauth.acl

[root@server5 ~]# echo 'acl allow qpidauth@QPID all all' > /etc/qpid/qpidauth.acl

驗證

[root@server5 ~]# cat /etc/qpid/qpidauth.acl

acl allow qpidauth@QPID all all

設定系統 /etc/sysconfig 內的相關設定

[root@server5 ~]# echo "QPIDD_OPTIONS='--acl-file /etc/qpid/qpidauth.acl'" >> /etc/sysconfig/qpidd

驗證

[root@server5 ~]# cat /etc/sysconfig/qpidd

QPIDD_OPTIONS='--acl-file /etc/qpid/qpidauth.acl'

設定權限以及擁有人

[root@server5 ~]# chown qpidd /etc/qpid/qpidauth.acl

[root@server5 ~]# chmod 600 /etc/qpid/qpidauth.acl

[root@server5 ~]# ls -hl /etc/qpid/qpidauth.acl

-rw-------. 1 qpidd root 32 Oct 28 13:46 /etc/qpid/qpidauth.acl

[root@server5 ~]# vi /etc/qpidd.conf

移除 ANONYMOUS

cluster-mechanism=DIGEST-MD5

驗證是否移除

[root@server5 ~]# grep MD5 /etc/qpidd.conf

#cluster-mechanism=DIGEST-MD5 ANONYMOUS

cluster-mechanism=DIGEST-MD5

[root@server5 ~]# mkdir /etc/pki/tls/qpid

[root@server5 ~]# chmod 700 /etc/pki/tls/qpid/

[root@server5 ~]# chown qpidd /etc/pki/tls/qpid/

[root@server5 ~]# echo redhat > /etc/qpid/qpid.pass

# cat /etc/qpid/qpid.pass

redhat

[root@server5 ~]# chmod 600 /etc/qpid/qpid.pass

[root@server5 ~]# chown qpidd /etc/qpid/qpid.pass

[root@server5 ~]# ls -hl /etc/qpid/qpid.pass

-rw-------. 1 qpidd root 7 Oct 28 14:02 /etc/qpid/qpid.pass

[root@server5 ~]# echo $HOSTNAME

server5.example.com

[root@server5 ~]# certutil -N -d /etc/pki/tls/qpid/ -f /etc/qpid/qpid.pass

[root@server5 ~]# certutil -S -d /etc/pki/tls/qpid/ -n $HOSTNAME -s "CN=$HOSTNAME" -t "CT,," -x -f /etc/qpid/qpid.pass -z /usr/bin/certutil

[root@server5 ~]# chown -R qpidd /etc/pki/tls/qpid/

[root@server5 ~]# vi /etc/qpidd.conf

加入下列設定

ssl-cert-db=/etc/pki/tls/qpid/

ssl-cert-name=server5.example.com

ssl-cert-password-file=/etc/qpid/qpid.pass

require-encryption=yes

[root@server5 ~]# service qpidd start

Starting Qpid AMQP daemon: [ OK ]

[root@server5 ~]# tail /var/log/messages

Oct 28 13:31:39 server5 yum[1524]: Installed: cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64

Oct 28 13:32:59 server5 saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found

Oct 28 13:38:50 server5 ntpd[1322]: 0.0.0.0 c612 02 freq_set kernel 7.521 PPM

Oct 28 13:38:50 server5 ntpd[1322]: 0.0.0.0 c615 05 clock_sync

Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Listening on TCP/TCP6 port 5672

Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Listening for SSL connections on TCP port 5671

Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Read ACL file "/etc/qpid/qpidauth.acl"

Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Broker running

[root@server5 ~]# chkconfig qpidd on

[root@server5 ~]# chkconfig qpidd --list

qpidd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

---- class break ----

為了確保後面可以還原

將VM 關機

[root@server5 ~]# poweroff

於實體主機

[student@desktop5 ~]$ cd /var/lib/libvirt/images/

[student@desktop5 images]$ ls -hl

total 632M

-rw-r--r--. 1 qemu qemu 372M Aug 29 06:44 etbase.img

-rw-r--r--. 1 root root 60M Oct 28 14:23 etbase.ovl

-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdb.img

-rw-r--r--. 1 root root 193K Oct 28 13:19 vdb.ovl

-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdc.img

-rw-r--r--. 1 root root 193K Oct 28 13:19 vdc.ovl

[root@desktop5 images]# mkdir Unit3

[root@desktop5 images]# cp -a etbase.ovl Unit3/

[root@desktop5 images]#virsh start server5

* Chapter 4 Implementing the keystone identity service

Lab: Deploying the Keystone identity service

workbook p47

安裝相關套件

[root@server5 ~]# yum install openstack-keystone openstack-selinux openstack-utils

Dependencies Resolved

===================================================================================================

Package Arch Version Repository Size

===================================================================================================

Installing:

openstack-keystone noarch 2013.2.1-1.el6ost OpenStack 33 k

openstack-selinux noarch 0.1.3-2.el6ost OpenStack 47 k

openstack-utils noarch 2013.2-2.el6ost OpenStack 18 k

Installing for dependencies:

進行初始化

[root@server5 ~]# openstack-db --init --service keystone

mysql-server is not installed. Would you like to install it now? (y/n): y

Dependencies Resolved

===================================================================================================

Package Arch Version Repository Size

===================================================================================================

Installing:

mysql-server x86_64 5.1.71-1.el6 base 8.6 M

Installing for dependencies:

mysql x86_64 5.1.71-1.el6 base 893 k

perl-DBD-MySQL x86_64 4.013-3.el6 base 134 k

perl-DBI x86_64 1.609-4.el6 base 707 k

Transaction Summary

===================================================================================================

Install 4 Package(s)

Total download size: 10 M

Installed size: 29 M

Is this ok [y/N]: y

Dependency Installed:

mysql.x86_64 0:5.1.71-1.el6 perl-DBD-MySQL.x86_64 0:4.013-3.el6 perl-DBI.x86_64 0:1.609-4.el6

Complete!

mysqld is not running. Would you like to start it now? (y/n): y

Starting mysqld: [ OK ]

Since this is a fresh installation of MySQL, please set a password for the 'root' mysql user.

Enter new password for 'root' mysql user:

Enter new password again:

Verified connectivity to MySQL.

[root@server5 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

設定相關變數

[root@server5 ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)

[root@server5 ~]# export SERVICE_ENDPOINT=http://server5.example.com:35357/v2.0

[root@server5 ~]# echo $SERVICE_TOKEN

54fd166a9bc6116ade80

[root@server5 ~]# echo $SERVICE_TOKEN > /root/ks_admin_token

設定 admin_token

[root@server5 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN

[root@server5 ~]# grep admin_token /etc/keystone/keystone.conf

admin_token = 54fd166a9bc6116ade80

# admin_token = ADMIN

啟動服務並設定開機啟動

[root@server5 ~]# service openstack-keystone start

Starting keystone: [ OK ]

[root@server5 ~]# chkconfig openstack-keystone on

[root@server5 ~]# chkconfig openstack-keystone --list

openstack-keystone 0:off 1:off 2:on 3:on 4:on 5:on 6:off

觀察是否有在執行

[root@server5 ~]# ps -ef | grep keystone-all

keystone 1882 1 1 15:00 ? 00:00:00 /usr/bin/python /usr/bin/keystone-all --config-file /usr/share/keystone/keystone-dist.conf --config-file /etc/keystone/keystone.conf

root 1924 1467 0 15:01 pts/0 00:00:00 grep keystone-all

觀察是否有錯誤

[root@server5 ~]# grep ERROR /var/log/keystone/keystone.log

憑證存放位置

[root@server5 ~]#ls /etc/keystone/ssl/certs

[root@server5 ~]# keystone service-list

[root@server5 ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

+-------------+----------------------------------+

| Property | Value |

+-------------+----------------------------------+

| description | Keystone Identity Service |

| id | b226b761075c4173a18a414b52aac0a8 |

| name | keystone |

| type | identity |

+-------------+----------------------------------+

[root@server5 ~]# keystone service-list

+----------------------------------+----------+----------+---------------------------+

+----------------------------------+----------+----------+---------------------------+

+----------------------------------+----------+----------+---------------------------+

[root@server5 ~]# keystone endpoint-list

[root@server5 ~]# keystone endpoint-create --service-id b226b761075c4173a18a414b52aac0a8 --publicurl 'http://server5.example.com:5000/v2.0' --adminurl 'http://server5.example.com:35357/v2.0' --internalurl 'http://server5.example.com:5000/v2.0'

+-------------+---------------------------------------+

| Property | Value |

+-------------+---------------------------------------+

| adminurl | http://server5.example.com:35357/v2.0 |

| id | f648baba020e4210a692d6b739db27a8 |

| internalurl | http://server5.example.com:5000/v2.0 |

| publicurl | http://server5.example.com:5000/v2.0 |

| region | regionOne |

| service_id | b226b761075c4173a18a414b52aac0a8 |

+-------------+---------------------------------------+

透過 keystone 指令建立使用者

workbook p53

[root@server5 ~]# keystone user-list

[root@server5 ~]# keystone user-create --name admin --pass redhat

+----------+----------------------------------+

| Property | Value |

+----------+----------------------------------+

| email | |

| enabled | True |

| id | 864fef71904746feaad1c75e0ba3a911 |

| name | admin |

+----------+----------------------------------+

[root@server5 ~]# keystone user-list

+----------------------------------+-------+---------+-------+

+----------------------------------+-------+---------+-------+

+----------------------------------+-------+---------+-------+

[root@server5 ~]# keystone role-list

+----------------------------------+----------+

| id | name |

+----------------------------------+----------+

| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |

+----------------------------------+----------+

[root@server5 ~]# keystone role-create --name admin

+----------+----------------------------------+

| Property | Value |

+----------+----------------------------------+

| id | db5b551d50dc4d97a7bd89cc65edf149 |

| name | admin |

+----------+----------------------------------+

[root@server5 ~]# keystone role-list

+----------------------------------+----------+

| id | name |

+----------------------------------+----------+

| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |

| db5b551d50dc4d97a7bd89cc65edf149 | admin |

+----------------------------------+----------+

[root@server5 ~]# keystone tenant-create --name admin

+-------------+----------------------------------+

| Property | Value |

+-------------+----------------------------------+

| description | |

| enabled | True |

| id | 0fa2ca1bd34c4a4b88ce36272038574d |

| name | admin |

+-------------+----------------------------------+

[root@server5 ~]# keystone user-role-add --user admin --role admin --tenant admin

[root@server5 ~(keystone_admin)]$ keystone user-role-list

+----------------------------------+-------+----------------------------------+----------------------------------+

+----------------------------------+-------+----------------------------------+----------------------------------+

+----------------------------------+-------+----------------------------------+----------------------------------+

指定方式

[root@server5 ~(keystone_admin)]$ keystone user-role-list --user admin --tenant admin

+----------------------------------+-------+----------------------------------+----------------------------------+

+----------------------------------+-------+----------------------------------+----------------------------------+

+----------------------------------+-------+----------------------------------+----------------------------------+

[root@server5 ~]# vi /root/keystonerc_admin

加入以下

export OS_USERNAME=admin

export OS_TENANT_NAME=admin

export OS_PASSWORD=redhat

export OS_AUTH_URL=http://server5.example.com:35357/v2.0/

export PS1='[\u@\h \W(keystone_admin)]\\$ '

[root@server5 ~]# unset SERVICE_TOKEN

[root@server5 ~]# unset SERVICE_ENDPOINT

使用 keystonerc_admin

[root@server5 ~]# source /root/keystonerc_admin

測試是否成功

[root@server5 ~(keystone_admin)]$ keystone user-list

+----------------------------------+-------+---------+-------+

+----------------------------------+-------+---------+-------+

+----------------------------------+-------+---------+-------+

Lab: Chapter Test

Answer in p218

---- Class break ----

將VM 關機, 執行備份再開機

[root@desktop5 ~]# cd /var/lib/libvirt/images/

[root@desktop5 images]# ls -hl

total 1.1G

-rw-r--r--. 1 qemu qemu 372M Aug 29 06:44 etbase.img

-rw-r--r--. 1 root root 487M Oct 28 15:58 etbase.ovl

drwxr-xr-x. 2 root root 4.0K Oct 28 14:33 Unit3

drwxr-xr-x. 2 root root 4.0K Oct 28 15:59 Unit4

-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdb.img

-rw-r--r--. 1 root root 193K Oct 28 13:19 vdb.ovl

-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdc.img

-rw-r--r--. 1 root root 193K Oct 28 13:19 vdc.ovl

[root@desktop5 images]# cp -a etbase.ovl Unit4/

* Chapter 5 Implementing the swift object storage service

Lab: Installing the Swift object storage service

workbook p62

安裝相關套件

[root@server5 ~]# yum install -y openstack-swift-proxy openstack-swift-object openstack-swift-container openstack-swift-account memcached

取得權限

[root@server5 ~]# source /root/keystonerc_admin

[root@server5 ~(keystone_admin)]$ keystone user-create --name swift --pass redhat

+----------+----------------------------------+

| Property | Value |

+----------+----------------------------------+

| email | |

| enabled | True |

| id | 11468bea059d4955b976c4c1753a1fdc |

| name | swift |

+----------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone role-list | grep admin

| db5b551d50dc4d97a7bd89cc65edf149 | admin |

[root@server5 ~(keystone_admin)]$ keystone tenant-list | grep services

[root@server5 ~(keystone_admin)]$ keystone tenant-create --name services

+-------------+----------------------------------+

| Property | Value |

+-------------+----------------------------------+

| description | |

| enabled | True |

| id | 047e809fc22e4ff687cfecbe15e728a0 |

| name | services |

+-------------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone user-role-add --role admin --tenant services --user swift

[root@server5 ~(keystone_admin)]$ keystone service-list

+----------------------------------+----------+----------+---------------------------+

+----------------------------------+----------+----------+---------------------------+

+----------------------------------+----------+----------+---------------------------+

[root@server5 ~(keystone_admin)]$ keystone service-create --name swift --type object-store --description "Swift Storage Service"

+-------------+----------------------------------+

| Property | Value |

+-------------+----------------------------------+

| description | Swift Storage Service |

| id | 2482a3676fd34420ad759d8faf024d6e |

| name | swift |

| type | object-store |

+-------------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone service-list

+----------------------------------+----------+--------------+---------------------------+

+----------------------------------+----------+--------------+---------------------------+

+----------------------------------+----------+--------------+---------------------------+

[root@server5 ~(keystone_admin)]$ keystone endpoint-list

+----------------------------------+-----------+--------------------------------------+--------------------------------------+---------------------------------------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone endpoint-create --service-id 2482a3676fd34420ad759d8faf024d6e --publicurl "http://server5.example.com:8080/v1/AUTH_%(tenant_id)s" --adminurl "http://server5.example.com:8080/v1/AUTH_%(tenant_id)s" --internalurl "http://server5.example.com:8080/v1/AUTH_%(tenant_id)s"

+-------------+-------------------------------------------------------+

| Property | Value |

+-------------+-------------------------------------------------------+

| adminurl | http://server5.example.com:8080/v1/AUTH_%(tenant_id)s |

| id | 3f2d386301a840fea6551f22e7da33fb |

| internalurl | http://server5.example.com:8080/v1/AUTH_%(tenant_id)s |

| publicurl | http://server5.example.com:8080/v1/AUTH_%(tenant_id)s |

| region | regionOne |

| service_id | 2482a3676fd34420ad759d8faf024d6e |

+-------------+-------------------------------------------------------+

Lab: Deploying a Swift storage node

workbook p65

[root@server5 ~(keystone_admin)]$ lab-create-single-partition /dev/vdb

/dev/vdb: block special

Are you sure you want to continue?

This will destroy the partition table and all data on /dev/vdb. (y/N) y

[root@server5 ~(keystone_admin)]$ lab-create-single-partition /dev/vdc

/dev/vdc: block special

Are you sure you want to continue?

This will destroy the partition table and all data on /dev/vdc. (y/N) y

[root@server5 ~(keystone_admin)]$ cat /proc/partitions

major minor #blocks name

252 0 67108864 vda

252 1 262144 vda1

252 2 31457280 vda2

252 3 5242880 vda3

252 4 1 vda4

252 5 2097152 vda5

252 16 102400 vdb

252 17 98304 vdb1

252 32 102400 vdc

252 33 98304 vdc1

253 0 4194304 dm-0

253 1 27230208 dm-1

[root@server5 ~(keystone_admin)]$ mkfs.ext4 /dev/vdb1

[root@server5 ~(keystone_admin)]$ mkfs.ext4 /dev/vdc1

[root@server5 ~(keystone_admin)]$ mkdir -p /srv/node/z{1,2}d1

[root@server5 ~(keystone_admin)]$ cp /etc/fstab /etc/fstab.orig

[root@server5 ~(keystone_admin)]$ echo "/dev/vdb1 /srv/node/z1d1 ext4 acl,user_xattr 0 0" >> /etc/fstab

[root@server5 ~(keystone_admin)]$ echo "/dev/vdc1 /srv/node/z2d1 ext4 acl,user_xattr 0 0" >> /etc/fstab

[root@server5 ~(keystone_admin)]$ tail /etc/fstab

/dev/mapper/vol0-root / ext4 defaults 1 1

UUID=55cec0b3-5bf6-426a-aff6-a273339e26bc /boot ext4 defaults 1 2

/dev/mapper/vol0-var /var ext4 defaults 1 2

UUID=e39b1643-74b9-4dd3-99ec-4c7ba7eb4620 swap swap defaults 0 0

tmpfs /dev/shm tmpfs defaults 0 0

devpts /dev/pts devpts gid=5,mode=620 0 0

sysfs /sys sysfs defaults 0 0

proc /proc proc defaults 0 0

/dev/vdb1 /srv/node/z1d1 ext4 acl,user_xattr 0 0

/dev/vdc1 /srv/node/z2d1 ext4 acl,user_xattr 0 0

[root@server5 ~(keystone_admin)]$ mount

/dev/mapper/vol0-root on / type ext4 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")

/dev/vda1 on /boot type ext4 (rw)

/dev/mapper/vol0-var on /var type ext4 (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

[root@server5 ~(keystone_admin)]$ mount -a

[root@server5 ~(keystone_admin)]$ mount

/dev/mapper/vol0-root on / type ext4 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")

/dev/vda1 on /boot type ext4 (rw)

/dev/mapper/vol0-var on /var type ext4 (rw)

none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

/dev/vdb1 on /srv/node/z1d1 type ext4 (rw,acl,user_xattr)

/dev/vdc1 on /srv/node/z2d1 type ext4 (rw,acl,user_xattr)

[root@server5 ~(keystone_admin)]$ chown -R swift:swift /srv/node

[root@server5 ~(keystone_admin)]$ restorecon -R /srv/

[root@server5 ~(keystone_admin)]$ cp /etc/swift/swift.conf /etc/swift/swift.conf.orig

[root@server5 ~(keystone_admin)]$ cp /etc/swift/account-server.conf /etc/swift/account-server.conf.orig

[root@server5 ~(keystone_admin)]$ cp /etc/swift/container-server.conf /etc/swift/container-server.conf.orig

[root@server5 ~(keystone_admin)]$ cp /etc/swift/object-server.conf /etc/swift/object-server.conf.orig

[root@server5 ~(keystone_admin)]$ cat /etc/swift/swift.conf

[swift-hash]

swift_hash_path_suffix = %SWIFT_HASH_PATH_SUFFIX%

[root@server5 ~(keystone_admin)]$ openstack-config --set /etc/swift/swift.conf swift-hash swift_hash_path_prefix $(openssl rand -hex 10)

[root@server5 ~(keystone_admin)]$ openstack-config --set /etc/swift/swift.conf swift-hash swift_hash_path_suffix $(openssl rand -hex 10)

[root@server5 ~(keystone_admin)]$ cat /etc/swift/swift.conf

[swift-hash]

swift_hash_path_suffix = 310cb0a39469892dc478

swift_hash_path_prefix = 48ae012f23d204e0c2fb

[root@server5 ~(keystone_admin)]$ openstack-config --set /etc/swift/account-server.conf DEFAULT bind_ip 192.168.0.105

[root@server5 ~(keystone_admin)]$ openstack-config --set /etc/swift/container-server.conf DEFAULT bind_ip 192.168.0.105

[root@server5 ~(keystone_admin)]$ openstack-config --set /etc/swift/object-server.conf DEFAULT bind_ip 192.168.0.105

驗證

[root@server5 ~(keystone_admin)]$ grep bind_ip /etc/swift/*.conf

/etc/swift/account-server.conf:bind_ip = 192.168.0.105

/etc/swift/container-server.conf:bind_ip = 192.168.0.105

/etc/swift/object-server.conf:bind_ip = 192.168.0.105

啟動相關服務並驗證

[root@server5 ~(keystone_admin)]$ service openstack-swift-account start

Starting openstack-swift-account: [ OK ]

[root@server5 ~(keystone_admin)]$ service openstack-swift-container start

Starting openstack-swift-container: [ OK ]

[root@server5 ~(keystone_admin)]$ service openstack-swift-object start

Starting openstack-swift-object: [ OK ]

[root@server5 ~(keystone_admin)]$ tail /var/log/messages

Oct 28 16:57:01 server5 kernel: vdc: vdc1

Oct 28 17:02:50 server5 kernel: EXT4-fs (vdb1): mounted filesystem with ordered data mode. Opts:

Oct 28 17:02:50 server5 kernel: EXT4-fs (vdc1): mounted filesystem with ordered data mode. Opts:

Oct 28 17:13:04 server5 account-server Started child 2075

Oct 28 17:13:04 server5 account-server Started child 2076

Oct 28 17:13:14 server5 container-server Started child 2092

Oct 28 17:13:14 server5 container-server Started child 2093

Oct 28 17:13:21 server5 object-server Started child 2109

Oct 28 17:13:21 server5 object-server Started child 2110

Oct 28 17:13:21 server5 object-server Started child 2111

設定開機啟動服務

[root@server5 ~(keystone_admin)]$ chkconfig openstack-swift-account on

[root@server5 ~(keystone_admin)]$ chkconfig openstack-swift-account --list

openstack-swift-account 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@server5 ~(keystone_admin)]$ chkconfig openstack-swift-container on

[root@server5 ~(keystone_admin)]$ chkconfig openstack-swift-container --list

openstack-swift-container 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@server5 ~(keystone_admin)]$ chkconfig openstack-swift-object on

[root@server5 ~(keystone_admin)]$ chkconfig openstack-swift-object --list

openstack-swift-object 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Notes:

qpid acl 參考文件 http://qpid.apache.org/releases/qpid-0.24/java-broker/book/Java-Broker-Security-ACLs.html

SELinux 參考文件 http://www.bulls.idv.tw/?q=node/8 (需要註冊,通知)

sakananote

星期二, 10月 28, 2014

openStack CL210課程筆記 - Day 2

沒有留言: