目錄表

Openstack multi-node network architecture:Controller

0x00 Basic Installation

LANG="en_US.utf8"


GRUB_DEFAULT=0

GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=2
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 biosdevname=0"
GRUB_CMDLINE_LINUX=""



# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
	address 192.168.10.1
	netmask 255.255.255.0

auto eth1
iface eth1 inet static
	address 192.168.1.1
	netmask 255.255.255.0
	gateway 192.168.1.253

dns-nameserver 8.8.8.8
dns-search mitaka.openstack



# update-grub
# reboot

127.0.0.1       localhost
192.168.10.1    ctrl.mitaka.openstack ctrl
192.168.1.1     public.mitaka.openstack public

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


ctrl


# apt-get update
# apt-get upgrade
# apt-get install ubuntu-cloud-keyring
# apt-get -y dist-upgrade
# reboot
# apt-get -y autoremove --purge

0x01 NTP

# apt-get -y install ntp

...

#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst

#pool ntp.ubuntu.com
pool clock.stdtime.gov.tw

interface ignore wildcard
interface listen 192.168.1.1
interface listen 192.168.10.1

...

restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap

...


# service ntp restart
# ntpq -p

0x02 NAT

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

or 

# sed -i '/^#net\.ipv4\.ip_forward/ s/^.//' /etc/sysctl.conf
# apt-get -y install iptables-persistent

*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT

*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -s 140.113.216.224/27 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
COMMIT


# service netfilter-persistent reload

0x03 BIND

# apt-get -y install bind9

options {
	directory "/var/cache/bind";

	forwarders {
	        8.8.8.8;
	};

	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on { 192.168.10.1; };
	allow-recursion { 192.168.10.0/24; };
};


zone "mitaka.openstack." {
	type master;
	file "/etc/bind/mitaka.openstack.zone";
};

zone "168.192.in-addr.arpa." {
	type master;
	file "/etc/bind/168.192.in-addr.arpa.zone";
};


$TTL	604800
$ORIGIN	mitaka.openstack.
@	IN	SOA	ctrl.mitaka.openstack root (
			1       ; Serial
			604800  ; Refresh
			86400   ; Retry
			2419200 ; Expire
			604800) ; Negative Cache TTL
;
	        IN	NS	ctrl.mitaka.openstack.
ctrl		IN	A	192.168.10.1
public		IN	A	192.168.1.1
network		IN	A	192.168.10.2
compute-1	IN	A	192.168.10.11
compute-2	IN	A	192.168.10.12
compute-3	IN	A	192.168.10.13


$TTL	604800
$ORIGIN	168.192.in-addr.arpa.
@	IN	SOA	ctrl.mitaka.openstack root (
			1       ; Serial
			604800  ; Refresh
			86400   ; Retry
			2419200 ; Expire
			604800) ; Negative Cache TTL
;
        IN      NS      ctrl.mitaka.openstack.
1.10    IN      PTR     ctrl.mitaka.openstack.
1.1     IN      PTR     public.mitaka.openstack.
2.10    IN      PTR     network.mitaka.openstack.
11.10   IN      PTR     compute-1.mitaka.openstack.
12.10   IN      PTR     compute-2.mitaka.openstack.
13.10   IN      PTR     compute-3.mitaka.openstack.


# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcpstatic
	address 192.168.10.1
	netmask 255.255.255.0

auto eth1
iface eth1 inet static
	address 192.168.1.1
	netmask 255.255.255.0
	gateway 192.168.1.253

dns-nameserver 192.168.10.1
dns-search mitaka.openstack



# reboot
host ctrl.mitaka.openstack

0x04 MySQL

# apt-get -y install mysql-server python-mysqldb

[mysqld_safe]
socket          = /var/run/mysqld/mysqld.sock
nice            = 0

[mysqld]
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
skip-host-cache

bind-address            = 192.168.10.1

key_buffer_size         = 16M
max_allowed_packet      = 16M
thread_stack            = 192K
thread_cache_size       = 8

myisam-recover         = BACKUP

query_cache_limit       = 1M
query_cache_size        = 16M

log_error = /var/log/mysql/error.log

expire_logs_days        = 10
max_binlog_size   = 100M

character_set_server    = utf8
collation_server        = utf8_bin
default_storage_engine  = InnoDB
init_connect            = 'SET NAMES UTF8'


DROP DATABASE IF EXISTS keystone; CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystoneUser'@'ctrl.mitaka.openstack' IDENTIFIED BY 'keystonePass';
DROP DATABASE IF EXISTS glance; CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glanceUser'@'ctrl.mitaka.openstack' IDENTIFIED BY 'glancePass';
DROP DATABASE IF EXISTS cinder; CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinderUser'@'ctrl.mitaka.openstack' IDENTIFIED BY 'cinderPass';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinderUser'@'compute-%.mitaka.openstack' IDENTIFIED BY 'cinderPass';
DROP DATABASE IF EXISTS nova; CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'novaUser'@'ctrl.mitaka.openstack' IDENTIFIED BY 'novaPass';
DROP DATABASE IF EXISTS `nova-api`; CREATE DATABASE `nova-api`;
GRANT ALL PRIVILEGES ON `nova-api`.* TO 'novaUser'@'ctrl.mitaka.openstack' IDENTIFIED BY 'novaPass';
DROP DATABASE IF EXISTS heat; CREATE DATABASE heat;
GRANT ALL PRIVILEGES ON heat.* TO 'heatUser'@'ctrl.mitaka.openstack' IDENTIFIED BY 'heatPass';
DROP DATABASE IF EXISTS neutron; CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutronUser'@'network.mitaka.openstack' IDENTIFIED BY 'neutronPass';


# service mysql stop
# mysqld --user=mysql --initialize-insecure
# service mysql start
# mysql_secure_installation
# mysql -u root -p < ~/init-database.sql
mysqlshow -u root -p
echo "SELECT user,host FROM user WHERE host LIKE '%.mitaka.openstack';" | mysql -u root -p -t mysql

0x05 RabbitMQ

# apt-get -y install rabbitmq-server

#NODE_NAME=rabbit
NODE_NAME=rabbit@localhost
#NODE_IP_ADDRESS=127.0.0.1
NODE_IP_ADDRESS=192.168.67.94
NODE_PORT=5672


[
  {kernel, [
    {inet_dist_use_interface, {127,0,0,1}}
  ]}
].


# service rabbitmq-server restart
# rabbitmqctl add_user turtle slowly
# rabbitmqctl set_permissions -p / turtle ".*" ".*" ".*"
# epmd -names
# rabbitmqctl status
# rabbitmqctl list_user_permissions turtle

0x06 Horizon

# apt-get -y install openstack-dashboard memcached

...

OPENSTACK_HOST = "public.mitaka.openstack"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"

...

OPENSTACK_API_VERSIONS = {
#    "data-processing": 1.1,
    "identity": 3,
#    "volume": 2,
#    "compute": 2,
}

# Set this to True if running on multi-domain model. When this is enabled, it
# will require user to enter the Domain name in addition to username for login.
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

or 

# sed -i '/^OPENSTACK_HOST =/ s/127\.0\.0\.1/public\.mitaka\.openstack/' /etc/openstack-dashboard/local_settings.py
# sed -i '/^OPENSTACK_KEYSTONE_URL =/ s/v2\.0/v3/' /etc/openstack-dashboard/local_settings.py
# sed -i '/^#OPENSTACK_API_VERSIONS =/,/^#}$/ {/OPENSTACK_API_VERSIONS =/s/^#//; /identity/s/^#//; /}$/s/^#//}' /etc/openstack-dashboard/local_settings.py
# sed -i '/^#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT/ {s/False$/True/; s/^#//}' /etc/openstack-dashboard/local_settings.py
grep OPENSTACK_HOST /etc/openstack-dashboard/local_settings.py
grep -A 5 'OPENSTACK_API_VERSIONS =' /etc/openstack-dashboard/local_settings.py
grep OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT /etc/openstack-dashboard/local_settings.py

Listen 192.168.1.1:80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>



# service apache2 restart
# service memcached restart
netstat -nlpt | grep ":80"

0x07 Keystone

# apt-get -y install keystone

[DEFAULT]
...

rpc_backend = rabbit

...

[assignment]
#driver = <None>
driver = sql

...

[catalog]
driver = sql

...

[database]
backend = sqlalchemy
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystoneUser:keystonePass@ctrl.mitaka.openstack/keystone

...

[eventlet_server]
#public_bind_host = 0.0.0.0
#public_port = 5000
#admin_bind_host = 0.0.0.0
#admin_port = 35357

...

[identity]
default_domain_id = default

driver = sql

...

[memcache]
servers = localhost:11211

...

[oslo_messaging_rabbit]
#rabbit_host = localhost
rabbit_host = ctrl.mitaka.openstack
rabbit_port = 5672
#rabbit_userid = guest
rabbit_userid = turtle
#rabbit_password = guest
rabbit_password = slowly
rabbit_login_method = AMQPLAIN
rabbit_virtual_host = /

...

[revoke]
driver = sql

...

[token]
#provider = uuid
provider = fernet
#driver = sql
driver = memcache


<VirtualHost 192.168.1.1:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    LogLevel info
    ErrorLog /var/log/apache2/keystone-error.log
    CustomLog /var/log/apache2/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost 192.168.10.1:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    LogLevel info
    ErrorLog /var/log/apache2/keystone-error.log
    CustomLog /var/log/apache2/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>


Listen 192.168.1.1:80
Listen 192.168.1.1:5000
Listen 192.168.10.1:35357

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>


#!/bin/bash
# Modify these variables as needed
CONTROLLER_HOST=controller.mitaka.openstack
KEYSTONE_API_HOST=public.mitaka.openstack
NEUTRON_HOST=network.mitaka.openstack

export OS_IDENTITY_API_VERSION=3
export OS_AUTH_URL="http://${CONTROLLER_HOST}:35357/v${OS_IDENTITY_API_VERSION}"
ADMIN_PROJECT_NAME=${ADMIN_PROJECT_NAME:-admin}
export OS_PROJECT_NAME=${ADMIN_PROJECT_NAME}
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}

KEYSTONE_REGION=${KEYSTONE_REGION:-RegionOne}
DEFAULT_DOMAIN=${DEFAULT_DOMAIN:-default}
ADMIN_ROLE=${ADMIN_ROLE:-admin}

# Services
openstack service create --name glance --description "OpenStack Image service" image
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name nova --description "OpenStack Compute" compute
openstack service create --name heat --description "Orchestration" orchestration
openstack service create --name heat-cfn --description "Orchestration" cloudformation
openstack service create --name neutron --description "OpenStack Networking" network

# Endpoints
openstack endpoint create --region $KEYSTONE_REGION image public \
        'http://'"$CONTROLLER_HOST"':9292'
openstack endpoint create --region $KEYSTONE_REGION image internal \
        'http://'"$CONTROLLER_HOST"':9292'
openstack endpoint create --region $KEYSTONE_REGION image admin \
        'http://'"$CONTROLLER_HOST"':9292'

openstack endpoint create --region $KEYSTONE_REGION volumev2 public \
        'http://'"$CONTROLLER_HOST"':8776/v2/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION volumev2 internal \
        'http://'"$CONTROLLER_HOST"':8776/v2/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION volumev2 admin \
        'http://'"$CONTROLLER_HOST"':8776/v2/%(tenant_id)s'

openstack endpoint create --region $KEYSTONE_REGION compute public \
        'http://'"$CONTROLLER_HOST"':8774/v2/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION compute internal \
        'http://'"$CONTROLLER_HOST"':8774/v2/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION compute admin \
        'http://'"$CONTROLLER_HOST"':8774/v2/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION orchestration public \
        'http://'"$CONTROLLER_HOST"':8004/v1/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION orchestration internal \
        'http://'"$CONTROLLER_HOST"':8004/v1/%(tenant_id)s'
openstack endpoint create --region $KEYSTONE_REGION orchestration admin \
        'http://'"$CONTROLLER_HOST"':8004/v1/%(tenant_id)s'

openstack endpoint create --region $KEYSTONE_REGION cloudformation public \
        'http://'"$CONTROLLER_HOST"':8000/v1'
openstack endpoint create --region $KEYSTONE_REGION cloudformation internal \
        'http://'"$CONTROLLER_HOST"':8000/v1'
openstack endpoint create --region $KEYSTONE_REGIONcloudformation admin \
        'http://'"$CONTROLLER_HOST"':8000/v1'

openstack endpoint create --region $KEYSTONE_REGION network public \
        'http://'"$NEUTRON_HOST"':9696'
openstack endpoint create --region $KEYSTONE_REGION network internal \
        'http://'"$NEUTRON_HOST"':9696'
openstack endpoint create --region $KEYSTONE_REGION network admin \
        'http://'"$NEUTRON_HOST"':9696'

# Roles
openstack role create _member_
openstack role create heat_stack_owner
openstack role create heat_stack_user

# Projects
openstack project create --domain $DEFAULT_DOMAIN \
        --description "Service Project" $SERVICE_PROJECT_NAME

# Users
openstack user create --domain $DEFAULT_DOMAIN --password $SERVICE_PASSWORD glance
openstack user create --domain $DEFAULT_DOMAIN --password $SERVICE_PASSWORD cinder
openstack user create --domain $DEFAULT_DOMAIN --password $SERVICE_PASSWORD nova
openstack user create --domain $DEFAULT_DOMAIN --password $SERVICE_PASSWORD heat
openstack user create --domain $DEFAULT_DOMAIN --password $SERVICE_PASSWORD neutron

# Add Role
openstack role add --project $ADMIN_PROJECT_NAME --user $ADMIN_PROJECT_NAME $ADMIN_ROLE
openstack role add --project $ADMIN_PROJECT_NAME --user $ADMIN_PROJECT_NAME heat_stack_owner
openstack role add --project $SERVICE_PROJECT_NAME --user glance $ADMIN_ROLE
openstack role add --project $SERVICE_PROJECT_NAME --user cinder $ADMIN_ROLE
openstack role add --project $SERVICE_PROJECT_NAME --user nova $ADMIN_ROLE
openstack role add --project $SERVICE_PROJECT_NAME --user heat $ADMIN_ROLE
openstack role add --project $SERVICE_PROJECT_NAME --user neutron $ADMIN_ROLE


# service keystone stop
# systemctl disable keystone
# keystone-manage db_sync
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage bootstrap --bootstrap-admin-url=http://ctrl.mitaka.openstack:35357/v3 --bootstrap-public-url=http://public.mitaka.openstack:5000/v3 --bootstrap-internal-url=http://public.mitaka.openstack:5000/v3 --bootstrap-service-name=keystone --bootstrap-role-name=admin --bootstrap-project-name=admin --bootstrap-username=admin --bootstrap-password=admin_pass
# service apache2 stop
# a2ensite wsgi-keystone
# service apache2 start
netstat -nlpt | grep ":5000"
netstat -nlpt | grep ":35357"
# rm -f /var/lib/keystone/keystone.db
# chmod +x ~/init-keystone.sh
# ~/init-keystone.sh
# openstack --os-auth-url="http://controller.mitaka.openstack:35357/v3" --os-auth-type=v3password --os-project-name=admin --os-project- domain-name=Default --os-username=admin --os-user-domain-name=Default --os-password=admin_pass --os-identity-api-version=3 domain list
# openstack --os-auth-url="http://controller.mitaka.openstack:35357/v3" --os-auth-type=v3password --os-project-name=admin --os-project-domain-name=Default --os-username=admin --os-user-domain-name=Default --os-password=admin_pass --os-identity-api-version=3 project list
# openstack --os-auth-url="http://controller.mitaka.openstack:35357/v3" --os-auth-type=v3password --os-project-name=admin --os-project-domain-name=Default --os-username=admin --os-user-domain-name=Default --os-password=admin_pass --os-identity-api-version=3 role list
# openstack --os-auth-url="http://controller.mitaka.openstack:35357/v3" --os-auth-type=v3password --os-project-name=admin --os-project-domain-name=Default --os-username=admin --os-user-domain-name=Default --os-password=admin_pass --os-identity-api-version=3 user list
# openstack --os-auth-url="http://controller.mitaka.openstack:35357/v3" --os-auth-type=v3password --os-project-name=admin --os-project-domain-name=Default --os-username=admin --os-user-domain-name=Default --os-password=admin_pass --os-identity-api-version=3 service list
# openstack --os-auth-url="http://controller.mitaka.openstack:35357/v3" --os-auth-type=v3password --os-project-name=admin --os-project-domain-name=Default --os-username=admin --os-user-domain-name=Default --os-password=admin_pass --os-identity-api-version=3 endpoint list

0x08 Glance

# apt-get -y install glance

[DEFAULT]
...

owner_is_tenant = true

...

enable_v1_registry = true

...

enable_v2_registry = true

...

#bind_host = 0.0.0.0
bind_host = 192.168.67.94

#bind_port = <None>
bind_port = 9191

...

#log_file = <None>
log_file = /var/log/glance/registry.log

...

[database]
#sqlite_db = /var/lib/glance/glance.sqlite
backend = sqlalchemy
#connection = <None>
connection = mysql://glanceUser:glancePass@ctrl.mitaka.openstack/glance

...

[keystone_authtoken]
#auth_uri = <None>
#identity_uri = <None>
#admin_user = <None>
#admin_password = <None>
#admin_tenant_name = admin

[oslo_messaging_rabbit]
#rabbit_host = localhost
#rabbit_port = 5672
#rabbit_use_ssl = false
#rabbit_userid = guest
#rabbit_password = guest
#rabbit_virtual_host = /


[DEFAULT]
owner_is_tenant = true
enable_v1_api = true
enable_v2_api = true

#bind_host = 0.0.0.0
bind_host = 192.168.10.1

#bind_port = <None>
bind_port = 9292

#registry_host = 0.0.0.0
registry_host = ctrl.mitaka.openstack

registry_port = 9191

#auth_strategy = noauth
auth_strategy = keystone

registry_client_protocol = http

#log_file = <None>
log_file = /var/log/glance/api.log

[database]
#sqlite_db = /var/lib/glance/glance.sqlite
backend = sqlalchemy
#connection = <None>
connection = mysql://glanceUser:glancePass@ctrl.mitaka.openstack/glance

[glance_store]
stores = file,http

default_store = file

#filesystem_store_datadir = <None>
filesystem_store_datadir = /var/lib/glance/images/

#filesystem_store_file_perm = 0
filesystem_store_file_perm = 644

[image_format]
disk_formats = ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,root-tar

[keystone_authtoken]
#auth_uri = <None>
#auth_version = <None>
#memcached_servers = <None>

#auth_type = <None>
auth_type = v3password
auth_url = http://public.mitaka.openstack:5000/v3
project_name = service
project_domain_name = Default
username = glance
user_domain_name = Default
password = service_pass

[oslo_concurrency]
#lock_path = <None>
lock_path = /var/lock/glance

[oslo_messaging_rabbit]
#rabbit_host = localhost
#rabbit_port = 5672
#rabbit_use_ssl = false
#rabbit_userid = guest
#rabbit_password = guest
#rabbit_virtual_host = /

[paste_deploy]
#flavor =  <None>
flavor = keystone


# glance-manage db_sync
# service glance-registry restart
# service glance-api restart
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=glance --os-user-domain-name=Default --os-password=service_pass --os-image-api-version=1 image list
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=glance --os-user-domain-name=Default --os-password=service_pass --os-image-api-version=2 image list

0x09 Cinder

# apt-get -y install cinder-api cinder-scheduler

[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
#iscsi_helper = tgtadm
#volume_name_template = volume-%s
#volume_group = cinder-volumes
#verbose = True
#auth_strategy = keystone
state_path = /var/lib/cinder
#lock_path = /var/lock/cinder
#volumes_dir = /var/lib/cinder/volumes

enable_v1_api = false
enable_v2_api = true

rpc_backend = rabbit
osapi_volume_listen = 192.168.10.1
osapi_volume_listen_port = 8776

[oslo_concurrency]
lock_path = /var/lock/cinder

[oslo_messaging_rabbit]
rabbit_host = ctrl.mitaka.openstack
rabbit_port = 5672
rabbit_userid = turtle
rabbit_password = slowly
rabbit_login_method = AMQPLAIN
rabbit_virtual_host = /

[database]
backend = sqlalchemy
connection = mysql://cinderUser:cinderPass@ctrl.mitaka.openstack/cinder

[keystone_authtoken]
auth_type = v3password
auth_url = http://public.mitaka.openstack:5000/v3
project_name = service
project_domain_name = Default
username = cinder
user_domain_name = Default
password = service_pass

[keymgr]
encryption_auth_url = http://public.mitaka.openstack:5000/v3


# cinder-manage db sync
# service cinder-scheduler restart
# service cinder-api restart
# rm -f /var/lib/cinder/cinder.sqlite
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=cinder --os-user-domain-name=Default --os-password=service_pass --os-volume-api-version=2 volume list
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=cinder --os-user-domain-name=Default --os-password=service_pass --os-volume-api-version=2 backup list
# cinder --os-auth-url="http://public.mitaka.openstack:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=2 list
# cinder --os-auth-url="http://public.mitaka.openstack:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=2 service-list
# cinder --os-auth-url="http://public.mitaka.openstack:5000/v2.0" --os-tenant-name=service --os-username=cinder --os-password=service_pass --os-volume-api-version=2 availability-zone-list

0x0a Nova

# apt-get -y install nova-api nova-cert nova-consoleauth nova-scheduler nova-conductor nova-spiceproxy

[DEFAULT]
#dhcpbridge_flagfile=/etc/nova/nova.conf
#dhcpbridge=/usr/bin/nova-dhcpbridge
logdir = /var/log/nova
state_path = /var/lib/nova
#lock_path=/var/lock/nova
#force_dhcp_release=True
force_dhcp_release = true
#libvirt_use_virtio_for_bridges=True
#verbose=True
#ec2_private_dns_show_ip=True
#api_paste_config=/etc/nova/api-paste.ini
#enabled_apis=ec2,osapi_compute,metadata
enabled_apis = osapi_compute,metadata


network_manager = nova.network.manager.VlanManager

osapi_compute_listen = 192.168.10.1
osapi_compute_listen_port = 8774
metadata_listen = 192.168.10.1
metadata_listen_port = 8775

use_neutron = true
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = ctrl.mitaka.openstack
rabbit_port = 5672
rabbit_userid = turtle
rabbit_password = slowly
rabbit_login_method = AMQPLAIN
rabbit_virtual_host = /

[oslo_concurrency]
lock_path = /var/lock/nova

[spice]
agent_enabled = true
enabled = false
html5proxy_host = 192.168.1.1
html5proxy_port = 6082

[neutron]
service_metadata_proxy = true
metadata_proxy_shared_secret = helloOpenStack
url = http://network.mitaka.openstack:9696
auth_type = v3password
auth_url = http://public.mitaka.openstack:5000/v3
project_name = service
project_domain_name = Default
username = neutron
user_domain_name = Default
password = service_pass

[glance]
api_servers = http://ctrl.mitaka.openstack:9292

[api_database]
connection = mysql://novaUser:novaPass@ctrl.mitaka.openstack/nova-api

[database]
backend = sqlalchemy
connection = mysql://novaUser:novaPass@ctrl.mitaka.openstack/nova

[keystone_authtoken]
auth_type = v3password
auth_url = http://public.mitaka.openstack:5000/v3
project_name = service
project_domain_name = Default
username = nova
user_domain_name = Default
password = service_pass


# nova-manage db sync
# nova-manage api_db sync
# service nova-cert restart
# service nova-conductor restart
# service nova-consoleauth restart
# service nova-spiceproxy restart
# service nova-scheduler restart
# service nova-api restart
# rm -f /var/lib/nova/nova.sqlite
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=nova --os-user-domain-name=Default --os-password=service_pass --os-compute-api-version=2 flavor list
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=nova --os-user-domain-name=Default --os-password=service_pass --os-compute-api-version=2 availability zone list
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=nova --os-user-domain-name=Default --os-password=service_pass --os-compute-api-version=2 host list
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=nova --os-user-domain-name=Default --os-password=service_pass --os-compute-api-version=2 compute service list
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=nova --os-user-domain-name=Default --os-password=service_pass --os-compute-api-version=2 hypervisor list

0x0b Heat

# apt-get -y install heat-api heat-api-cfn heat-api-cloudwatch heat-engine

[DEFAULT]
log_dir = /var/log/heat

rpc_backend = rabbit

[database]
backend = sqlalchemy

#connection = <None>
connection = mysql://heatUser:heatPass@controller.mitaka.openstack/heat

[keystone_authtoken]
#auth_uri = <None>
#identity_uri = <None>
#admin_user = <None>
#admin_password = <None>
#admin_tenant_name = admin
#auth_type = <None>
auth_type = v3password
auth_url = http://public.mitaka.openstack:5000/v3
project_name = service
project_domain_name = Default
username = heat
user_domain_name = Default
password = service_pass

[oslo_messaging_rabbit]
#rabbit_host = localhost
rabbit_host = controller.mitaka.openstack

rabbit_port = 5672

#rabbit_userid = guest
rabbit_userid = turtle

#rabbit_password = guest
rabbit_password = slowly

rabbit_login_method = AMQPLAIN

rabbit_virtual_host = /

[heat_api]
bind_host = 192.168.10.1
bind_port = 8004

[heat_api_cfn]
bind_host = 192.168.10.1
bind_port = 8000

[heat_api_cloudwatch]
bind_host = 192.168.10.1
bind_port = 8003



# heat-manage db_sync
# service heat-engine restart
# service heat-api restart
# service heat-api-cfn restart
# service heat-api-cloudwatch restart
# rm -f /var/lib/heat/heat.sqlite
# openstack --os-auth-url="http://public.mitaka.openstack:5000/v3" --os-auth-type=v3password --os-project-name=service --os-project-domain-name=Default --os-username=heat --os-user-domain-name=Default --os-password=service_pass --os-orchestration-api-version=1 stack list
# heat --os-auth-url="http://public.mitaka.openstack:5000/v2.0" --os-tenant-name=service --os-username=heat --os-password=service_pass --heat-api-version=1 service-list

0x0c 參考資料