WORKSHOP

OPENSTACK

Ady Saputra
23212346
ady@comlabs.itb.ac.id
15 April 2015

OVERVIEW
Topologi Jaringan & Cloud
Instalasi openstack dengan RDO (packstack)
Predeployment
Instalasi komponen Openstack dengan packstack

Konfigurasi komponen Openstack

Openstack-service
keystone
Neutron
Nova
Glance
Swift
Troubleshoot

TOPOLOGI JARINGAN &

CLOUD
IP virtual server : 192.168.0.5-25
IP Client : 192.168.0.30-50 (dhcp)
Public/floating IP : 192.168.0.51-100
Private/fixed IP : 192.168.1.0/24

peserta
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

IP virtual server
192.168.0.5
192.168.0.6
192.168.0.7
192.168.0.8
192.168.0.9
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
192.168.0.15
192.168.0.16
192.168.0.17
192.168.0.18
192.168.0.19
192.168.0.20
192.168.0.21
192.168.0.22
192.168.0.23
192.168.0.24

alokasi floating IP
192.168.0.51-52
192.168.0.53-54
192.168.0.55-56
192.168.0.57-58
192.168.0.59-60
192.168.0.61-62
192.168.0.63-64
192.168.0.65-66
192.168.0.67-68
192.168.0.69-70
192.168.0.71-72
192.168.0.73-74
192.168.0.75-76
192.168.0.77-78
192.168.0.79-80
192.168.0.81-82
192.168.0.83-84
192.168.0.85-86
192.168.0.87-88
192.168.0.89-90

alokasi fixed IP
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24
192.168.1.0/24

INSTALASI OPENSTACK DENGAN RDO

(PACKSTACK) : PREDEPLOYMENT
Download tools :
Putty (SSH)

Bagi yang ingin menjalankan openstack di laptop

Download file OVA centos :

Bagi yang ingin menjalankan openstack di virtual server

Login ke IP virtual server masing-masing
User root pass centos123

Disable SELINUX
setenforce 0
sed -i "/SELINUX=enforcing/c\SELINUX=disabled" /etc/selinux/config
Setup interface bridge untuk instance/vm di openstack

INSTALASI OPENSTACK DENGAN RDO

(PACKSTACK) : PREDEPLOYMENT
/etc/sysconfig/networkscripts/ifcfg-eth0

etc/sysconfig/networkscripts/ifcfg-br-ex

DEVICE=eth0
TYPE=Ethernet
UUID=05637456-fe02-428f-82c5-602b42cf0ebc
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

DEVICE=br-ex

TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes

DNS2=167.205.23.1

Restart network interface :

/etc/init.d/network restart
ping www.itb.ac.id

DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=10.205.10.100 # ganti dengan IP masing2
NETMASK=255.255.0.0
GATEWAY=10.205.11.11
DNS1=167.205.22.123

ONBOOT=yes

INSTALASI OPENSTACK DENGAN RDO (PACKSTACK) :

INSTALASI KOMPONEN OPENSTACK DENGAN
PACKSTACK
Instalasi paket openstack dengan menggunakan repo RDO packstack
yum install -y http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse4.noarch.rpm
yum update -y
yum install -y openstack-packstack
packstack allinone
**** Installation completed successfully ******
Additional information:
* A new answerfile was created in: /root/packstack-answers-20150414-102350.txt
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might
be problem for some OpenStack components.
* File /root/keystonerc_admin has been created on OpenStack client host 10.205.10.100. To use the command line
tools you need to source the file.
* To access the OpenStack Dashboard browse to http://10.205.10.100/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* To use Nagios, browse to http://10.205.10.100/nagios username: nagiosadmin, password: 1b5750629df84ef2
* The installation log file is available at: /var/tmp/packstack/20150414-102350-n8xSyS/openstack-setup.log

POST-INSTALASI
Ubah virt_type nova (default menggunakan KVM, VM yang
digunakan saat ini hanya support qemu)
sed -i "/ virt_type=kvm/c\virt_type=qemu" /etc/nova/nova.conf
openstack-service restart

Cek status service openstack

openstack-status

Hapus topologi network existing di openstack (via Horizon)

BASIC KEYSTONE
Via Keystone API
keystone
user-create --name $username --pass $passwordnya
role-list
role-create --name $rolename
tenant-list
tenant-create --name $tenantname
user-role-add --role $rolename --tenant $tenantname --user $username
service-create --name $servicename --type $service-type --description "service description"
service-list
endpoint-create --service-id $serviceid --publicurl "http://IP:8080/v1/AUTH_%(tenant_id)s"
--adminurl http://IP:8080/v1/AUTH_%(tenant_id)s" --internalurl "http://IP:8080/v1/AUTH_%(tenant_id)s"
Via Horizon

BASIC NETWORK (NEUTRON)

Neutron
security-group list
create

net list
create

subnet list
create

port list
create

ip netns
list
exec
$netnsID
bash
ip add
ping

NEUTRON : CREATE
NETWORK, SUBNET &
ROUTER
source keystonerc_admin
neutron net-create private
neutron subnet-create private 192.168.1.0/24 --name private_subnet
--enable-dhcp --gateway 192.168.1.1 --dns-nameserver 167.205.22.123
neutron net-create public --router:external=True
neutron subnet-create public 192.168.0.0/24 --name public_subnet --disabledhcp --gateway 192.168.0.1 --allocation_pool
start=192.168.0.51,end=192.168.0.52
neutron router-create router1
neutron router-interface-add router1 private_subnet
neutron router-gateway-set router1 public

NEUTRON : CREATE
SECURITY GROUP
source keystonerc_admin
neutron security-group-rule-create --protocol icmp --direction
ingress `neutron security-group-list | awk '/default/ {print $2}'`
neutron security-group-rule-create --protocol udp --port-range-min 1
--port-range-max 35356 --direction ingress `neutron security-grouplist | awk '/default/ {print $2}'`
neutron security-group-rule-create --protocol tcp --port-range-min 1
--port-range-max 35356 --direction ingress `neutron security-grouplist | awk '/default/ {print $2}'`

NEUTRON : IP NAMESPACE
ip netns list
Cek konfigurasi IP network namespace
ip netns exec $namespaceID ip addr

Ping dari network namespace

ip netns exec $namespaceID ping www.itb.ac.id

Traceroute dari network namespace

ip netns exec $namespaceID ping www.itb.ac.id

Console network namespace

ip netns exec $namespaceID bash

BASIC GLANCE
Glance
image-create
Create a new image.
image-delete
Delete specified image(s).
image-download
Download a specific image.
image-list
List images you can access.

GLANCE : ADD IMAGE

Download cloud image base OS (linux/windows)
source ~/keystonerc_admin
glance image-create --container-format=bare --disk-format=qcow2
--name=centos-6 --is-public=true --file ~/CentOS-6-x86_64GenericCloud-20141129_01.qcow2
glance image-list
#more images @ https://www.rdoproject.org/Image_resources

BASIC NOVA
host-list
hypervisor show
list $hypervisor-host-list

keypair

add
delete
list
show

list

boot
reboot
start
stop
delete

NOVA : ADD KEYPAIR

source keystonerc_admin
nova keypair-add ady-key > ady-key.pem
nova keypair-list
#copy file ady-key.pem ke lokal disk untuk akses remote SSH
instances

NOVA : RUNNING INSTANCES

CLI
nova boot --image $IMAGE
--flavor 2 --key-name ady-key
--nic net-id=`neutron net-list |
awk '/private/ {print $2}'`
$servername

Horizon

NOVA : ACCESS INSTANCES

CONSOLE

NOVA + NEUTRON : ADD

FLOATING IP

CINDER
create
delete
list
rename

Add a new volume.

Remove volume(s).
List all the volumes.
Rename a volume.

CINDER : CREATE
PERSISTENT VOLUME

CINDER : ADD PERSISTENT

VOLUME TO INSTANCE

TROUBLESHOOT
Log
/var/log/
keystone
glance
neutron
cinder
nova

network
enable promiscous mode

nova
no valid host-list

More ...
https://ask.openstack.org/

NEXT ?
Add compute node
Add network node
Add storage node
Ceilometer
Heat

TERIMAKASIH ...