星期二, 10月 28, 2014

openStack CL210課程筆記 - Day 2

20141028

Foreman
  • Foreman is a deployment management tool.  It provides web user interface for managing the installation and configuration of remote systems.

清空昨天建立的虛擬機器
在實體主機

# lab-reset-vm
This will destroy the virtual machine and reset it to the last saved state.
Is this ok [y/N]: y
Waiting for things to settle...
Done.


Lab: 安裝 foreman ( 另外一種安裝 openstack 的方式 )

在實體機器上面
#yum  install  -y  openstack-foreman-installer

取得環境設定變數的檔案
# wget  http://instructor.example.com/pub/materials/foreman-params.env

# vi  foreman-params.env
將IP設定為虛擬機器的IP(要部署到哪一台)
# OpenStack networking configs.
###############################
# Change X+100 to your value.  
# E.g., if your value of X is 7, change X+100 to 107;
# If your value of X is 17, change X+100 to 117.
###############################
export PRIVATE_CONTROLLER_IP=192.168.0.105
export PRIVATE_INTERFACE=eth0
export PRIVATE_NETMASK=192.168.0.0/24
export PUBLIC_CONTROLLER_IP=192.168.0.105
export PUBLIC_INTERFACE=eth0
export PUBLIC_NETMASK=192.168.0.0/24
export FOREMAN_GATEWAY=false
export FOREMAN_PROVISIONING=false

讓變數生效
# source  foreman-params.env

驗證變數是否生效
# echo $FOREMAN_GATEWAY
false

# cd   /usr/share/openstack-foreman-installer/bin/

執行安裝 script
# sh  foreman_server.sh
#################### RED HAT OPENSTACK #####################
Thank you for using the Red Hat OpenStack Foreman Installer!
############################################################
Press [Enter] to continue


Foreman is installed and almost ready for setting up your OpenStack
You'll find Foreman at https://desktop5.example.com
The user name is 'admin' and default password is 'changeme'.
Please change the password at https://desktop5.example.com/users/1-admin/edit

登入 foreman 的web 界面
帳號是 admin 密碼是 changeme

會看到以下的畫面
Screenshot.png


Lab 規劃
虛擬機器安裝 open

先在虛擬機器
# scp  root@desktop5:/tmp/foreman_client.sh  /root
The authenticity of host 'desktop5 (192.168.0.5)' can't be established.
RSA key fingerprint is d2:e8:38:24:cd:02:74:bc:ea:70:7b:e3:26:87:9c:eb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'desktop5,192.168.0.5' (RSA) to the list of known hosts.
root@desktop5's password:
foreman_client.sh                          100%  577 0.6KB/s   00:00

執行  foreman用戶端 script
#sh   /root/foreman_client.sh

在 foreman 界面
點選 More -->  Configuration  --> Host Group
Screenshot-1.png

點選 Controller( Neutron )
點選 Parameters 分頁
點選 admin_password 的 override
將 密碼改為 redhat 然後點選  Submit

Screenshot-2.png


在 foreman 界面
點選 More -->  Configuration  --> Host Group
Screenshot-1.png

點選 Compute( Neutron )
點選 Parameters 分頁
點選 admin_password 的 override
點選 private_interface 的 override
點選 public_interface 的 override

將 密碼改為 redhat
將 interface 改為  br100 然後點選 Submit
Screenshot-3.png


點選畫面上方的 Host 進入 Host 頁面

Screenshot-6.png
點選  Server5 的 Edit 按鈕
將 Host Group 設定為 Controller ( Neutron )
點選 Submit
Screenshot-5.png

這個時候會發現Host Group 已經指定上去
Screenshot-6.png
接下來點選  desktop5( 實體主機 ) 的 Edit 按鈕
Host Group 指定為 Compute ( Neutron )
點選  Submit

Screenshot-7.png
接下來就會看到兩個 Host Group 都指定上去
Screenshot-8.png

接下來分別在虛擬機器以及實體機器執行  puppet  程式安裝該角色要執行的套件
[root@server5 ~]# puppet  agent  -tv

[root@desktop5 bin]# puppet   agent  -tv

這邊覺得比較奇怪的是 https:// 沒有啟動
連接 openstack的網頁界面

使用 admin 密碼 redhat 登入
觀察一下 HyperVisor
Screenshot-9.png


Lab: Chapter Test
測試是否能夠自我建立 openStack
workbook p31
移除掉所有的VM
在實體主機

(這個練習就是重新安裝一次 openstack-packstack, 參考自己之前的筆記就好)

==== 中午休息 ====

重新安裝 實體電腦
重新開機, 選擇 PXE開機, 選取分配的 Desktop 5

** Chapter 3 Implementing the qpid message broker

Lab:  Installing and securing the Qpid message broker
workbook p 38

在虛擬機器
[root@server5 ~]# yum  update -y

安裝相關套件
[root@server5 ~]# yum  install  qpid-cpp-server  qpid-cpp-server-ssl  cyrus-sasl-md5

========================================================================================================
Package                       Arch           Version                    Repository    Size
========================================================================================================
Installing:
cyrus-sasl-md5                x86_64         2.1.23-13.el6_3.1          base          47 k
qpid-cpp-server               x86_64         0.14-22.el6_3              base         1.0 M
qpid-cpp-server-ssl           x86_64         0.14-22.el6_3              base          60 k
Installing for dependencies:
boost-filesystem              x86_64         1.41.0-18.el6              base          45 k
boost-program-options         x86_64         1.41.0-18.el6              base         106 k
boost-system                  x86_64         1.41.0-18.el6              base          24 k
qpid-cpp-client               x86_64         0.14-22.el6_3              base         1.0 M
qpid-cpp-client-ssl           x86_64         0.14-22.el6_3              base         111 k

Transaction Summary
========================================================================================================
Install    8 Package(s)

Total download size: 2.4 M
Installed size: 8.8 M
Is this ok [y/N]: y

建立 sasl 帳號
[root@server5 ~]# saslpasswd2   -f  /var/lib/qpidd/qpidd.sasldb   -u  QPID  qpidauth
Password:
Again (for verification):

驗證帳號以及使用者
[root@server5 ~]# sasldblistusers2   -f /var/lib/qpidd/qpidd.sasldb
qpidauth@QPID: userPassword

設定 qpidauth.acl
[root@server5 ~]# echo  'acl allow qpidauth@QPID all all'  >  /etc/qpid/qpidauth.acl

驗證
[root@server5 ~]# cat /etc/qpid/qpidauth.acl
acl allow qpidauth@QPID all all

設定系統 /etc/sysconfig 內的相關設定
[root@server5 ~]# echo  "QPIDD_OPTIONS='--acl-file  /etc/qpid/qpidauth.acl'"  >>  /etc/sysconfig/qpidd

驗證
[root@server5 ~]# cat  /etc/sysconfig/qpidd
QPIDD_OPTIONS='--acl-file  /etc/qpid/qpidauth.acl'

設定權限以及擁有人
[root@server5 ~]# chown  qpidd  /etc/qpid/qpidauth.acl
[root@server5 ~]# chmod  600  /etc/qpid/qpidauth.acl
[root@server5 ~]# ls -hl  /etc/qpid/qpidauth.acl
-rw-------. 1 qpidd root 32 Oct 28 13:46 /etc/qpid/qpidauth.acl

[root@server5 ~]# vi  /etc/qpidd.conf
移除 ANONYMOUS
cluster-mechanism=DIGEST-MD5

驗證是否移除
[root@server5 ~]# grep MD5  /etc/qpidd.conf
#cluster-mechanism=DIGEST-MD5 ANONYMOUS
cluster-mechanism=DIGEST-MD5


[root@server5 ~]# mkdir  /etc/pki/tls/qpid

[root@server5 ~]# chmod  700  /etc/pki/tls/qpid/

[root@server5 ~]# chown  qpidd  /etc/pki/tls/qpid/

[root@server5 ~]# echo  redhat  >  /etc/qpid/qpid.pass

# cat /etc/qpid/qpid.pass
redhat

[root@server5 ~]# chmod  600  /etc/qpid/qpid.pass
[root@server5 ~]# chown  qpidd /etc/qpid/qpid.pass
[root@server5 ~]# ls  -hl  /etc/qpid/qpid.pass
-rw-------. 1 qpidd root 7 Oct 28 14:02 /etc/qpid/qpid.pass


[root@server5 ~]# echo  $HOSTNAME
server5.example.com

[root@server5 ~]# certutil  -N  -d  /etc/pki/tls/qpid/  -f  /etc/qpid/qpid.pass

[root@server5 ~]# certutil  -S  -d  /etc/pki/tls/qpid/  -n  $HOSTNAME  -s  "CN=$HOSTNAME" -t "CT,," -x -f /etc/qpid/qpid.pass   -z  /usr/bin/certutil

[root@server5 ~]# chown  -R  qpidd  /etc/pki/tls/qpid/

[root@server5 ~]# vi  /etc/qpidd.conf
加入下列設定
ssl-cert-db=/etc/pki/tls/qpid/
ssl-cert-name=server5.example.com
ssl-cert-password-file=/etc/qpid/qpid.pass
require-encryption=yes

[root@server5 ~]# service   qpidd  start
Starting Qpid AMQP daemon:                              [  OK  ]

[root@server5 ~]# tail  /var/log/messages
Oct 28 13:31:39 server5 yum[1524]: Installed: cyrus-sasl-md5-2.1.23-13.el6_3.1.x86_64
Oct 28 13:32:59 server5 saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found
Oct 28 13:32:59 server5 saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found
Oct 28 13:32:59 server5 saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found
Oct 28 13:38:50 server5 ntpd[1322]: 0.0.0.0 c612 02 freq_set kernel 7.521 PPM
Oct 28 13:38:50 server5 ntpd[1322]: 0.0.0.0 c615 05 clock_sync
Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Listening on TCP/TCP6 port 5672
Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Listening for SSL connections on TCP port 5671
Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Read ACL file "/etc/qpid/qpidauth.acl"
Oct 28 14:10:50 server5 qpidd[1614]: 2014-10-28 14:10:50 notice Broker running



[root@server5 ~]# chkconfig   qpidd  on
[root@server5 ~]# chkconfig   qpidd  --list
qpidd      0:off    1:off    2:on    3:on    4:on    5:on    6:off

---- class break  ----

為了確保後面可以還原
將VM 關機
[root@server5 ~]# poweroff

於實體主機

[student@desktop5 ~]$ cd  /var/lib/libvirt/images/

[student@desktop5 images]$ ls -hl
total 632M
-rw-r--r--. 1 qemu qemu 372M Aug 29 06:44 etbase.img
-rw-r--r--. 1 root root  60M Oct 28 14:23 etbase.ovl
-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdb.img
-rw-r--r--. 1 root root 193K Oct 28 13:19 vdb.ovl
-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdc.img
-rw-r--r--. 1 root root 193K Oct 28 13:19 vdc.ovl


[root@desktop5 images]# mkdir  Unit3

[root@desktop5 images]# cp  -a  etbase.ovl  Unit3/

[root@desktop5 images]#virsh  start  server5


* Chapter 4  Implementing the keystone identity service


Lab:  Deploying the Keystone identity service
workbook p47

安裝相關套件
[root@server5 ~]# yum  install  openstack-keystone  openstack-selinux  openstack-utils

Dependencies Resolved

===================================================================================================
Package                               Arch     Version              Repository   Size
===================================================================================================
Installing:
openstack-keystone                    noarch   2013.2.1-1.el6ost    OpenStack    33 k
openstack-selinux                     noarch   0.1.3-2.el6ost       OpenStack    47 k
openstack-utils                       noarch   2013.2-2.el6ost      OpenStack    18 k
Installing for dependencies:

進行初始化
[root@server5 ~]# openstack-db   --init  --service  keystone

mysql-server is not installed.  Would you like to install it now? (y/n): y

Dependencies Resolved

===================================================================================================
Package                  Arch             Version                Repository      Size
===================================================================================================
Installing:
mysql-server             x86_64           5.1.71-1.el6           base           8.6 M
Installing for dependencies:
mysql                    x86_64           5.1.71-1.el6           base           893 k
perl-DBD-MySQL           x86_64           4.013-3.el6            base           134 k
perl-DBI                 x86_64           1.609-4.el6            base           707 k

Transaction Summary
===================================================================================================
Install    4 Package(s)

Total download size: 10 M
Installed size: 29 M
Is this ok [y/N]: y

Dependency Installed:
 mysql.x86_64 0:5.1.71-1.el6  perl-DBD-MySQL.x86_64 0:4.013-3.el6  perl-DBI.x86_64 0:1.609-4.el6

Complete!
mysqld is not running.  Would you like to start it now? (y/n): y

Starting mysqld:                                        [  OK  ]
Since this is a fresh installation of MySQL, please set a password for the 'root' mysql user.
Enter new password for 'root' mysql user:
Enter new password again:
Verified connectivity to MySQL.

[root@server5 ~]# keystone-manage  pki_setup  --keystone-user  keystone  --keystone-group  keystone

設定相關變數
[root@server5 ~]# export  SERVICE_TOKEN=$(openssl rand -hex 10)
[root@server5 ~]# export  SERVICE_ENDPOINT=http://server5.example.com:35357/v2.0

[root@server5 ~]# echo  $SERVICE_TOKEN
54fd166a9bc6116ade80
[root@server5 ~]# echo  $SERVICE_TOKEN  >  /root/ks_admin_token

設定 admin_token  
[root@server5 ~]# openstack-config  --set  /etc/keystone/keystone.conf  DEFAULT admin_token  $SERVICE_TOKEN

[root@server5 ~]# grep  admin_token  /etc/keystone/keystone.conf
admin_token = 54fd166a9bc6116ade80
# admin_token = ADMIN

啟動服務並設定開機啟動
[root@server5 ~]# service  openstack-keystone  start
Starting keystone:                                      [  OK  ]
[root@server5 ~]# chkconfig  openstack-keystone  on
[root@server5 ~]# chkconfig  openstack-keystone  --list
openstack-keystone    0:off    1:off    2:on    3:on    4:on    5:on    6:off

觀察是否有在執行
[root@server5 ~]# ps  -ef  | grep keystone-all
keystone  1882 1  1 15:00 ?     00:00:00 /usr/bin/python /usr/bin/keystone-all --config-file /usr/share/keystone/keystone-dist.conf --config-file /etc/keystone/keystone.conf
root   1924  1467  0 15:01 pts/0 00:00:00 grep keystone-all

觀察是否有錯誤
[root@server5 ~]# grep  ERROR  /var/log/keystone/keystone.log


憑證存放位置
[root@server5 ~]#ls   /etc/keystone/ssl/certs

[root@server5 ~]# keystone service-list

[root@server5 ~]# keystone service-create  --name=keystone --type=identity  --description="Keystone Identity Service"
+-------------+----------------------------------+
|   Property  |           Value            |
+-------------+----------------------------------+
| description | Keystone Identity Service |
|   id | b226b761075c4173a18a414b52aac0a8 |
| name |          keystone          |
| type |          identity          |
+-------------+----------------------------------+


[root@server5 ~]# keystone service-list
+----------------------------------+----------+----------+---------------------------+
|             id             |   name   |   type   |     description     |
+----------------------------------+----------+----------+---------------------------+
| b226b761075c4173a18a414b52aac0a8 | keystone | identity | Keystone Identity Service |
+----------------------------------+----------+----------+---------------------------+



[root@server5 ~]# keystone endpoint-list

[root@server5 ~]# keystone endpoint-create  --service-id b226b761075c4173a18a414b52aac0a8  --publicurl 'http://server5.example.com:5000/v2.0'  --adminurl  'http://server5.example.com:35357/v2.0'  --internalurl  'http://server5.example.com:5000/v2.0'
+-------------+---------------------------------------+
|   Property  |              Value              |
+-------------+---------------------------------------+
|   adminurl  | http://server5.example.com:35357/v2.0 |
|   id | f648baba020e4210a692d6b739db27a8   |
| internalurl |  http://server5.example.com:5000/v2.0 |
|  publicurl  |  http://server5.example.com:5000/v2.0 |
| region   |            regionOne            |
|  service_id | b226b761075c4173a18a414b52aac0a8   |
+-------------+---------------------------------------+

透過 keystone 指令建立使用者
workbook p53

[root@server5 ~]# keystone  user-list

[root@server5 ~]# keystone user-create  --name  admin --pass  redhat
+----------+----------------------------------+
| Property |           Value            |
+----------+----------------------------------+
|  email   |                               |
| enabled  |            True            |
| id | 864fef71904746feaad1c75e0ba3a911 |
|   name   |           admin            |
+----------+----------------------------------+

[root@server5 ~]# keystone user-list
+----------------------------------+-------+---------+-------+
|             id             |  name | enabled | email |
+----------------------------------+-------+---------+-------+
| 864fef71904746feaad1c75e0ba3a911 | admin |   True  |    |
+----------------------------------+-------+---------+-------+

[root@server5 ~]# keystone  role-list
+----------------------------------+----------+
|             id             |   name   |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+----------+

[root@server5 ~]# keystone  role-create  --name  admin
+----------+----------------------------------+
| Property |           Value            |
+----------+----------------------------------+
| id | db5b551d50dc4d97a7bd89cc65edf149 |
|   name   |           admin            |
+----------+----------------------------------+
[root@server5 ~]# keystone  role-list
+----------------------------------+----------+
|             id             |   name   |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| db5b551d50dc4d97a7bd89cc65edf149 |  admin   |
+----------------------------------+----------+


[root@server5 ~]# keystone  tenant-create  --name  admin
+-------------+----------------------------------+
|   Property  |           Value            |
+-------------+----------------------------------+
| description |                               |
|   enabled   |            True            |
|   id | 0fa2ca1bd34c4a4b88ce36272038574d |
| name |           admin            |
+-------------+----------------------------------+

[root@server5 ~]# keystone  user-role-add  --user admin  --role admin  --tenant admin

[root@server5 ~(keystone_admin)]$ keystone user-role-list
+----------------------------------+-------+----------------------------------+----------------------------------+
|             id             |  name |          user_id           |         tenant_id          |
+----------------------------------+-------+----------------------------------+----------------------------------+
| db5b551d50dc4d97a7bd89cc65edf149 | admin | 864fef71904746feaad1c75e0ba3a911 | 0fa2ca1bd34c4a4b88ce36272038574d |
+----------------------------------+-------+----------------------------------+----------------------------------+

指定方式
[root@server5 ~(keystone_admin)]$ keystone user-role-list --user admin --tenant admin
+----------------------------------+-------+----------------------------------+----------------------------------+
|             id             |  name |          user_id           |         tenant_id          |
+----------------------------------+-------+----------------------------------+----------------------------------+
| db5b551d50dc4d97a7bd89cc65edf149 | admin | 864fef71904746feaad1c75e0ba3a911 | 0fa2ca1bd34c4a4b88ce36272038574d |
+----------------------------------+-------+----------------------------------+----------------------------------+



[root@server5 ~]# vi  /root/keystonerc_admin
加入以下
export  OS_USERNAME=admin
export  OS_TENANT_NAME=admin
export  OS_PASSWORD=redhat
export  OS_AUTH_URL=http://server5.example.com:35357/v2.0/
export  PS1='[\u@\h \W(keystone_admin)]\\$ '

[root@server5 ~]# unset SERVICE_TOKEN
[root@server5 ~]# unset SERVICE_ENDPOINT

使用 keystonerc_admin
[root@server5 ~]# source  /root/keystonerc_admin

測試是否成功
[root@server5 ~(keystone_admin)]$ keystone user-list
+----------------------------------+-------+---------+-------+
|             id             |  name | enabled | email |
+----------------------------------+-------+---------+-------+
| 864fef71904746feaad1c75e0ba3a911 | admin |   True  |    |
+----------------------------------+-------+---------+-------+

Lab: Chapter Test
Answer in p218

---- Class break ----

將VM 關機, 執行備份再開機
[root@desktop5 ~]# cd /var/lib/libvirt/images/

[root@desktop5 images]# ls  -hl
total 1.1G
-rw-r--r--. 1 qemu qemu 372M Aug 29 06:44 etbase.img
-rw-r--r--. 1 root root 487M Oct 28 15:58 etbase.ovl
drwxr-xr-x. 2 root root 4.0K Oct 28 14:33 Unit3
drwxr-xr-x. 2 root root 4.0K Oct 28 15:59 Unit4
-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdb.img
-rw-r--r--. 1 root root 193K Oct 28 13:19 vdb.ovl
-rw-r--r--. 1 qemu qemu 101M Oct 28 13:19 vdc.img
-rw-r--r--. 1 root root 193K Oct 28 13:19 vdc.ovl
[root@desktop5 images]# cp  -a  etbase.ovl   Unit4/


* Chapter 5 Implementing the swift object storage service

Lab:  Installing the Swift object storage service

workbook p62
安裝相關套件
[root@server5 ~]# yum  install  -y  openstack-swift-proxy  openstack-swift-object openstack-swift-container openstack-swift-account  memcached

取得權限
[root@server5 ~]# source /root/keystonerc_admin

[root@server5 ~(keystone_admin)]$ keystone  user-create  --name swift --pass redhat
+----------+----------------------------------+
| Property |           Value            |
+----------+----------------------------------+
|  email   |                               |
| enabled  |            True            |
| id | 11468bea059d4955b976c4c1753a1fdc |
|   name   |           swift            |
+----------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone  role-list  | grep admin
| db5b551d50dc4d97a7bd89cc65edf149 |  admin   |

[root@server5 ~(keystone_admin)]$ keystone tenant-list | grep services

[root@server5 ~(keystone_admin)]$ keystone tenant-create --name services
+-------------+----------------------------------+
|   Property  |           Value            |
+-------------+----------------------------------+
| description |                               |
|   enabled   |            True            |
|   id | 047e809fc22e4ff687cfecbe15e728a0 |
| name |          services          |
+-------------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone  user-role-add --role admin --tenant services --user swift

[root@server5 ~(keystone_admin)]$ keystone service-list
+----------------------------------+----------+----------+---------------------------+
|             id             |   name   |   type   |     description     |
+----------------------------------+----------+----------+---------------------------+
| b226b761075c4173a18a414b52aac0a8 | keystone | identity | Keystone Identity Service |
+----------------------------------+----------+----------+---------------------------+

[root@server5 ~(keystone_admin)]$ keystone service-create  --name swift --type object-store --description "Swift Storage Service"
+-------------+----------------------------------+
|   Property  |           Value            |
+-------------+----------------------------------+
| description |   Swift Storage Service    |
|   id | 2482a3676fd34420ad759d8faf024d6e |
| name |           swift            |
| type |        object-store        |
+-------------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone service-list
+----------------------------------+----------+--------------+---------------------------+
|             id             |   name   | type |     description     |
+----------------------------------+----------+--------------+---------------------------+
| b226b761075c4173a18a414b52aac0a8 | keystone |   identity   | Keystone Identity Service |
| 2482a3676fd34420ad759d8faf024d6e |  swift   | object-store |   Swift Storage Service   |
+----------------------------------+----------+--------------+---------------------------+

[root@server5 ~(keystone_admin)]$ keystone  endpoint-list
+----------------------------------+-----------+--------------------------------------+--------------------------------------+---------------------------------------+----------------------------------+
|             id             |   region  |           publicurl            |          internalurl           |             adminurl            |         service_id         |
+----------------------------------+-----------+--------------------------------------+--------------------------------------+---------------------------------------+----------------------------------+
| f648baba020e4210a692d6b739db27a8 | regionOne | http://server5.example.com:5000/v2.0 | http://server5.example.com:5000/v2.0 | http://server5.example.com:35357/v2.0 | b226b761075c4173a18a414b52aac0a8 |
+----------------------------------+-----------+--------------------------------------+--------------------------------------+---------------------------------------+----------------------------------+

[root@server5 ~(keystone_admin)]$ keystone  endpoint-create --service-id 2482a3676fd34420ad759d8faf024d6e --publicurl "http://server5.example.com:8080/v1/AUTH_%(tenant_id)s"  --adminurl "http://server5.example.com:8080/v1/AUTH_%(tenant_id)s"  --internalurl "http://server5.example.com:8080/v1/AUTH_%(tenant_id)s"
+-------------+-------------------------------------------------------+
|   Property  |                      Value                      |
+-------------+-------------------------------------------------------+
|   adminurl  | http://server5.example.com:8080/v1/AUTH_%(tenant_id)s |
|   id |         3f2d386301a840fea6551f22e7da33fb        |
| internalurl | http://server5.example.com:8080/v1/AUTH_%(tenant_id)s |
|  publicurl  | http://server5.example.com:8080/v1/AUTH_%(tenant_id)s |
| region   |                    regionOne                    |
|  service_id |         2482a3676fd34420ad759d8faf024d6e        |
+-------------+-------------------------------------------------------+



Lab:  Deploying a Swift storage node
workbook p65

[root@server5 ~(keystone_admin)]$ lab-create-single-partition /dev/vdb
/dev/vdb: block special

Are you sure you want to continue?
This will destroy the partition table and all data on /dev/vdb. (y/N)  y


[root@server5 ~(keystone_admin)]$ lab-create-single-partition /dev/vdc
/dev/vdc: block special

Are you sure you want to continue?
This will destroy the partition table and all data on /dev/vdc. (y/N)  y


[root@server5 ~(keystone_admin)]$ cat /proc/partitions
major minor  #blocks  name

252     0   67108864 vda
252     1 262144 vda1
252     2   31457280 vda2
252     3 5242880 vda3
252     4       1 vda4
252     5 2097152 vda5
252    16 102400 vdb
252    17   98304 vdb1
252    32 102400 vdc
252    33   98304 vdc1
253     0 4194304 dm-0
253     1   27230208 dm-1

[root@server5 ~(keystone_admin)]$ mkfs.ext4  /dev/vdb1

[root@server5 ~(keystone_admin)]$ mkfs.ext4  /dev/vdc1

[root@server5 ~(keystone_admin)]$ mkdir  -p  /srv/node/z{1,2}d1

[root@server5 ~(keystone_admin)]$ cp  /etc/fstab  /etc/fstab.orig

[root@server5 ~(keystone_admin)]$ echo  "/dev/vdb1 /srv/node/z1d1 ext4 acl,user_xattr 0 0"  >> /etc/fstab
[root@server5 ~(keystone_admin)]$ echo  "/dev/vdc1 /srv/node/z2d1 ext4 acl,user_xattr 0 0"  >> /etc/fstab
[root@server5 ~(keystone_admin)]$ tail /etc/fstab
/dev/mapper/vol0-root   /                    ext4 defaults     1 1
UUID=55cec0b3-5bf6-426a-aff6-a273339e26bc /boot                ext4 defaults     1 2
/dev/mapper/vol0-var /var                 ext4 defaults     1 2
UUID=e39b1643-74b9-4dd3-99ec-4c7ba7eb4620 swap                 swap defaults     0 0
tmpfs                /dev/shm             tmpfs   defaults     0 0
devpts               /dev/pts             devpts  gid=5,mode=620  0 0
sysfs                /sys                 sysfs   defaults     0 0
proc                 /proc                proc defaults     0 0
/dev/vdb1 /srv/node/z1d1 ext4 acl,user_xattr 0 0
/dev/vdc1 /srv/node/z2d1 ext4 acl,user_xattr 0 0
[root@server5 ~(keystone_admin)]$ mount
/dev/mapper/vol0-root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/vda1 on /boot type ext4 (rw)
/dev/mapper/vol0-var on /var type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

[root@server5 ~(keystone_admin)]$ mount -a
[root@server5 ~(keystone_admin)]$ mount
/dev/mapper/vol0-root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/vda1 on /boot type ext4 (rw)
/dev/mapper/vol0-var on /var type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/vdb1 on /srv/node/z1d1 type ext4 (rw,acl,user_xattr)
/dev/vdc1 on /srv/node/z2d1 type ext4 (rw,acl,user_xattr)

[root@server5 ~(keystone_admin)]$ chown  -R  swift:swift  /srv/node
[root@server5 ~(keystone_admin)]$ restorecon  -R  /srv/


[root@server5 ~(keystone_admin)]$ cp /etc/swift/swift.conf  /etc/swift/swift.conf.orig
[root@server5 ~(keystone_admin)]$ cp /etc/swift/account-server.conf   /etc/swift/account-server.conf.orig
[root@server5 ~(keystone_admin)]$ cp /etc/swift/container-server.conf  /etc/swift/container-server.conf.orig
[root@server5 ~(keystone_admin)]$ cp /etc/swift/object-server.conf   /etc/swift/object-server.conf.orig

[root@server5 ~(keystone_admin)]$ cat  /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = %SWIFT_HASH_PATH_SUFFIX%

[root@server5 ~(keystone_admin)]$ openstack-config  --set /etc/swift/swift.conf swift-hash swift_hash_path_prefix $(openssl rand -hex 10)
[root@server5 ~(keystone_admin)]$ openstack-config  --set /etc/swift/swift.conf swift-hash swift_hash_path_suffix $(openssl rand -hex 10)

[root@server5 ~(keystone_admin)]$ cat  /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = 310cb0a39469892dc478
swift_hash_path_prefix = 48ae012f23d204e0c2fb

[root@server5 ~(keystone_admin)]$ openstack-config  --set /etc/swift/account-server.conf  DEFAULT bind_ip 192.168.0.105
[root@server5 ~(keystone_admin)]$ openstack-config  --set /etc/swift/container-server.conf  DEFAULT bind_ip 192.168.0.105
[root@server5 ~(keystone_admin)]$ openstack-config  --set /etc/swift/object-server.conf  DEFAULT bind_ip 192.168.0.105

驗證
[root@server5 ~(keystone_admin)]$ grep bind_ip /etc/swift/*.conf
/etc/swift/account-server.conf:bind_ip = 192.168.0.105
/etc/swift/container-server.conf:bind_ip = 192.168.0.105
/etc/swift/object-server.conf:bind_ip = 192.168.0.105

啟動相關服務並驗證
[root@server5 ~(keystone_admin)]$ service  openstack-swift-account  start
Starting openstack-swift-account:                       [  OK  ]
[root@server5 ~(keystone_admin)]$ service  openstack-swift-container  start
Starting openstack-swift-container:                     [  OK  ]
[root@server5 ~(keystone_admin)]$ service  openstack-swift-object  start
Starting openstack-swift-object:                        [  OK  ]
[root@server5 ~(keystone_admin)]$ tail /var/log/messages
Oct 28 16:57:01 server5 kernel: vdc: vdc1
Oct 28 17:02:50 server5 kernel: EXT4-fs (vdb1): mounted filesystem with ordered data mode. Opts:
Oct 28 17:02:50 server5 kernel: EXT4-fs (vdc1): mounted filesystem with ordered data mode. Opts:
Oct 28 17:13:04 server5 account-server Started child 2075
Oct 28 17:13:04 server5 account-server Started child 2076
Oct 28 17:13:14 server5 container-server Started child 2092
Oct 28 17:13:14 server5 container-server Started child 2093
Oct 28 17:13:21 server5 object-server Started child 2109
Oct 28 17:13:21 server5 object-server Started child 2110
Oct 28 17:13:21 server5 object-server Started child 2111

設定開機啟動服務
[root@server5 ~(keystone_admin)]$ chkconfig  openstack-swift-account on
[root@server5 ~(keystone_admin)]$ chkconfig  openstack-swift-account --list
openstack-swift-account    0:off    1:off    2:on    3:on    4:on    5:on    6:off
[root@server5 ~(keystone_admin)]$ chkconfig  openstack-swift-container on
[root@server5 ~(keystone_admin)]$ chkconfig  openstack-swift-container --list
openstack-swift-container    0:off    1:off    2:on    3:on    4:on    5:on    6:off
[root@server5 ~(keystone_admin)]$ chkconfig  openstack-swift-object on
[root@server5 ~(keystone_admin)]$ chkconfig  openstack-swift-object --list
openstack-swift-object    0:off    1:off    2:on    3:on    4:on    5:on    6:off






Notes:
SELinux 參考文件 http://www.bulls.idv.tw/?q=node/8 (需要註冊,通知)

沒有留言: