oracle® solaris 11.2 での openstack のインストール … no: e56871-03 2015 年 4 月...

Part No: E56871-032015 4

Oracle Solaris 11.2 OpenStack

Part No: E56871-03

Copyright 2014, 2015, Oracle and/or its affiliates. All rights reserved.

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware,and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal AcquisitionRegulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, includingany operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and licenserestrictions applicable to the programs. No other rights are granted to the U.S. Government.

()(redundancy)Oracle Corporation

OracleJava

IntelIntel XeonIntel CorporationSPARCSPARC International, Inc.AMDOpteronAMDAMD OpteronAdvanced Micro Devices, Inc.UNIXThe Open Group

Oracle CorporationOracle CorporationOracle CorporationOracle Corporation

Oracle Accessibility ProgramWeb (http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc)

Oracle Support

My Oracle Support(http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info) http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs)

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacchttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=infohttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs

5

......................................................................................... 9

1 Oracle Solaris 11.2 OpenStack ...................................................... 11Oracle Solaris 11.2 .................................................................... 11Oracle Solaris OpenStack .............................................. 11............................................................................... 14OpenStack ..................................................................... 16

2 ....................................................................................19OpenStack ................................................................ 19

................................................................ 20................................................................... 21Elastic Virtual Switch ............................................................ 27

Juno OpenStack ........................................................27 Juno OpenStack .............................................................................28

OpenStack .................................................................. 29 OpenStack ................................... 29............................................................................ 30VM ............................................................. 34

3 Havana OpenStack ..... 413 ....................................................................... 41................................................................................. 45

....................................................... 46Network Time Protocol ................................................ 47MySQL ......................................................................... 48Keystone ...................................................................... 49Heat .................................................................... 51Cinder .......................................................................... 52

6 Oracle Solaris 11.2 OpenStack 2015 4

Glance ..........................................................................57 Neutron ................................ 58Nova ............................................................................ 59 Horizon ................................................................ 60

................................................................................. 61 ....................................................... 62

................................................................................. 63 ........................................................65Neutron L3 ........................................................... 67

4 Juno OpenStack ......... 793 ....................................................................... 79................................................................................. 83

......................................................................................... 84Network Time Protocol ................................................ 85MySQL ......................................................................... 86Keystone ...................................................................... 88Glance ..........................................................................89Nova ............................................................................ 92Horizon ........................................................................ 93Cinder .......................................................................... 94Neutron .............................................................. 98Heat .................................................................. 101

............................................................................... 102 ..................................................... 102

................................................................................. 104 ............................................. 105

OpenStack .......................................................106 ...................................................... 106

OpenStack ............................................. 107 OpenStack ............................. 108 IP ................................................................................................. 112 L3 ................................................114

5 ......................................................................... 115........................................................................................... 115

................................................................ 116............................................................................ 117

7

........................................................................................... 118................................................................ 118................................................................................... 120..........................................................120

VM .............................................................................. 121 VM ... 122

6 OpenStack ............................................................... 125........................................................................................ 125.....................................................................................127............................................................................... 129

OpenStack ........................................................ 130VM ................................................... 130

................................................................................................................. 135

9

Oracle Solaris 11.2 OpenStack OpenStack

Solaris OpenStack

http://www.oracle.com/pls/topic/lookup?ctx=E56342

http://www.oracle.com/goto/docfeedback

http://www.oracle.com/pls/topic/lookup?ctx=E56342http://www.oracle.com/pls/topic/lookup?ctx=E56342http://www.oracle.com/goto/docfeedback

1 Oracle Solaris 11.2 OpenStack 11

1 1 Oracle Solaris 11.2 OpenStack

Oracle Solaris 11.2 OpenStack Oracle Solaris

11 Oracle Solaris 11.2 11 Oracle Solaris OpenStack 14 16 OpenStack

Oracle Solaris 11.2

Oracle Solaris 11.2 SRU 10 Juno OpenStack Havana Juno OpenStack

3 Havana OpenStack 4 Juno OpenStack

Oracle Solaris OpenStack

Oracle Solaris 11.2 Oracle Solaris 11 OpenStack Oracle Solaris 11.2 OpenStack IaaS (Infrastructure as a Service) Web



OpenStack Oracle Solaris 11.2

1-1 Oracle Solaris OpenStack

Oracle Solaris 11.2 OpenStack

Nova

Nova Solaris (VM) VM

Oracle Solaris Oracle Solaris 11.2 Library

Neutron

Neutron OpenStack OpenStack VM Solaris

http://www.oracle.com/pls/topic/lookup?ctx=solaris11



Elastic Virtual Switch (EVS) EVS Neutron API Nova VM VNIC

Elastic Virtual Switch Oracle Solaris 11.2 5

Cinder

Cinder OpenStack Cinder VM Solaris Cinder ZFS iSCSI ZFS Cinder ZFS Storage Appliance

ZFS Oracle Solaris 11.2 ZFS ZFS Storage Appliance https://docs.oracle.com/en/storage/

Swift

Swift OpenStack Swift ZFS RESTful API

Glance

Glance VM Solaris Glance OpenStack Swift Glance RESTful API

Automated Installer (AI)

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=ZFSADMINhttps://docs.oracle.com/en/storage/https://docs.oracle.com/en/storage/


Oracle Solaris 11.2 AI AI Oracle Solaris 11.2 5

Horizon

Horizon VM OpenStack OpenStack Web 29 OpenStack

Keystone

Keystone OpenStack

Heat OpenStack

OpenStack 1 (SMF) 3-1 SMF SMF SMF OpenStack

Image Packaging System (IPS) OpenStack (BE) OpenStack OpenStack IPS OpenStack OpenStack OpenStack RBAC

Solaris OpenStackSolaris Solaris

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=CUARChttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1


2OpenStack Solaris

3 Havana OpenStack OpenStack 3 Solaris ()

5VM Solaris Solaris

Oracle Solaris OpenStack OpenStack OpenStack

OpenStack (OpenStack )

Solaris Oracle Solaris 11.2 Solaris OpenStack OpenStack for Oracle Solaris 11

OpenStack VM OpenStack OpenStack

OpenStack (Nova Compute )

SMF Solaris svc:/application/openstack/nova/nova-compute:default )SMF

http://docs.openstack.org/havanahttp://docs.oracle.com/cd/E36784_01/index.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.html

OpenStack


OpenStack KeystoneGlance Horizon

Oracle Solaris OpenStack VM

VM VM VM VM

Oracle Solaris Oracle Solaris OpenStack

OpenStack http://docs.openstack.org/glossary/content/glossary.html

OpenStack

OpenStack Solaris

OpenStack Oracle Solaris 11.2 Oracle Solaris 11.2 Oracle Solaris11.2 Oracle Solaris 11.2 Oracle Solaris11 Oracle Solaris 11.2 OracleSolaris 11.2 Oracle Solaris 11.2 4 Oracle Solaris

Oracle Solaris 11.2 Oracle Solaris 11.2 Oracle Solaris 11.2 Oracle Solaris 11.2 OpenStack OpenStack 5G VM CPU

http://docs.openstack.org/glossary/content/glossary.htmlhttp://docs.openstack.org/glossary/content/glossary.htmlhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIhttp://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.htmlhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUPhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUPhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=AUOSSpkgupdatehttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=AUOSSpkgupdatehttp://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-2-sys-reqs-2191085.pdfhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=SERNSglmuuhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=SERNSglmuu

OpenStack


VM VM100 200G ZFS

OpenStack VM

virtinfo

# virtinfo

NAME CLASS

non-global-zone supported

kernel-zone supported

8G RAM ZFS Adaptive Replacement Cache

(ARC) Oracle Solaris ZFS ARC

- Oracle VM Server for x86 Oracle VM VirtualBox

Oracle Solaris Oracle Solaris

Oracle Solaris 11.2 OpenStack OracleSolaris 11.2 OpenStack README

OpenStack 125

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoxhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoxhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoihttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoihttp://www.oracle.com/technetwork/server-storage/solaris11/downloads/unified-archives-2245488.html

2 19

2 2

OpenStack Oracle Solaris OpenStack OpenStack Oracle Solaris Havana Juno

OpenStack 3 HavanaOpenStack 4 JunoOpenStack

VM

19 OpenStack 29 OpenStack

- Havana Juno

OpenStack

Unified Archives Oracle Solaris OpenStack Oracle Solaris

OpenStack Oracle Solaris 11 Oracle Solaris OpenStack OpenStack

http://www.oracle.com/technetwork/server-storage/solaris11/downloads/unified-archives-2245488.html



OpenStack

Solaris 2 Glance

OpenStack 21

Oracle Solaris OS OpenStack

1.

2.

3.

.uar zoneadm install

.uar AI AI AI

.uar AI

http://www.oracle.com/technetwork/server-storage/solaris11/downloads/unified-archives-2245488.html

USB

2 21

USB usb

4. MD5 digest

$ digest -a md5 file

OpenStack 3 4

21 USB 23 AI

24 AI

25 Havana

USB

USB Oracle Solaris OpenStack AI

1. USB 20

2. USB USB

usbcopy

USB


Oracle Solaris 11.2 usbcopy usbcopy(1M)

Oracle Solaris 11.2 usbcopy Solaris usbcopy

dd

Oracle Solaris 11.2 dd

dd ()

Oracle Solaris 11 :

a HAL

# svcadm disable -t hal

b

# rmformat

c

# dd if=/path/image.usb of=/dev/rdsk/device bs=16k

d HAL

# svcadm enable hal

Linux :

a

# dmesg | tail

b

# dd if=/path/image.usb of=/dev/diskN bs=16k

MacOSX :

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=REFMAN1Musbcopy-1m

AI

2 23

a /dev/diskNN )

# diskutil list

# diskutil unmountDisk /dev/diskN

b

# dd if=/path/image.usb of=/dev/diskN bs=16k

3. USB

(SCI) SCI Enter Ctrl+L

AI

AI Oracle Solaris OpenStack

1.

20

2. AI

Oracle Solaris AI AI /usr/share/auto_install/manifest/default_archive.xml ARCHIVE software .uar

3. AI

AI AI Oracle Solaris 11.2 III

4.

ok boot net -install

5.

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIuseaiparthttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIuseaipart

AI


SCI SCI Enter Ctrl+L

AI

AI Oracle Solaris 11.2 OpenStack USB Oracle Solaris 11.2 5

1. 20

2. AI USB

# archiveadm create-media -s http://pkg.oracle.com/solaris/release \

-f usb -o workdir/usb-filename \

workdir/uar-file

workdir AI USB

3. USB USB

Oracle Solaris 11.2 USB usbcopy

Oracle Solaris OS Oracle Solaris 11.2 USB dd

1. HAL

# svcadm disable -t hal

2.

# rmformat

3.

# dd if=/path/image.usb of=/dev/rdsk/device bs=16k

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1

Havana

2 25

4. HAL

# svcadm enable hal

4. AI

5. USB USB

AI


Havana

Oracle Solaris 11.2 Havana OpenStack

16 OpenStack

1.

20

2.

# zonecfg -z OpenStackKZ create -t SYSsolaris-kz

3.

CPURAM MAC MAC

Havana


8 CPU 8G MAC zonecfg(1M)

# zonecfg -z OpenStackKZ

zonecfg:OpenStackKZ> add virtual-cpu

zonecfg:OpenStackKZ:virtual-cpu> set ncpus=8

zonecfg:OpenStackKZ:virtual-cpu> end

zonecfg:OpenStackKZ> select capped-memory

zonecfg:OpenStackKZ:capped-memory> set physical=8g

zonecfg:OpenStackKZ:capped-memory> end

zonecfg:OpenStackKZ> select anet id=0

zonecfg:OpenStackKZ:anet> add mac

zonecfg:OpenStackKZ:anet:mac> set mac-address=auto

zonecfg:OpenStackKZ:anet:mac> end

zonecfg:OpenStackKZ:anet> end

zonecfg:OpenStackKZ> exit

4.

# zonecfg -z OpenStackKZ info

5. .uar x86

# zoneadm -z OpenStackKZ install -a path/uar-file

uar-file Havana OpenStack Oracle Solaris 11.2

6.

# zoneadm -z OpenStackKZ boot

7.

# zlogin -C OpenStackKZ


8. IP DHCP IP DHCP MAC SCI MAC DHCP IPv4

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=REFMAN1Mzonecfg-1m

Juno OpenStack

2 27

IP IP IPS

Elastic Virtual Switch

Elastic Virtual Switch (EVS) EVS EVS EVS VM EVSOracle Solaris 11.2 5

EVS

# /usr/demo/openstack/configure_evs.py

rootevsuserneutron UNIX ) Secure Shell(SSH) evsuser /var/user/evsuser/.ssh/authorized_keys

EVS neutron-server:default neutron-dhcp-agent:default SMF

LAN (VLAN VXLAN) ID

Juno OpenStack

Juno OpenStack Oracle Solaris11.2 SRU 10 Oracle Solaris11.2 Juno

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgr

Juno OpenStack


Juno OpenStack

16 OpenStack OpenStack 20

1.

# zonecfg -z kzone-name create -t SYSsolaris-kz

SYSsolaris-kz Oracle Solaris

2. 8 CPU 12G zonecfg(1M)

# zonecfg -z kzone-namezonecfg:OpenStackKZ> add virtual-cpu

zonecfg:OpenStackKZ:virtual-cpu> set ncpus=8

zonecfg:OpenStackKZ:virtual-cpu> end

zonecfg:OpenStackKZ> select capped-memory

zonecfg:OpenStackKZ:capped-memory> set physical=12g

zonecfg:OpenStackKZ:capped-memory> end

zonecfg:OpenStackKZ> verify

zonecfg:OpenStackKZ> exit

3. ()

# zonecfg -z kzone-name info

4. 50G VM

# zoneadm -z kzone-name install -a archive-path -x install-size=50g

archive-path Juno OpenStack

5.

# zoneadm -z kzone-name boot

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=REFMAN1Mzonecfg-1m

OpenStack

2 29

6.

# zlogin -C kzone-name


OpenStack

OpenStack OpenStack VM

OpenStack 1. OpenStack

2.

a. JavaScript

b. Cookie

3.

http://system/horizon/

system OpenStack Apache Web Horizon OpenStack OpenStack IP

OpenStack system IP

4.

: admin : secrete

OpenStack


()

2

Nova Cinder VM

CPU Solaris : solaris

solaris-kz

OpenStack

2 31

2-1 OpenStack

21 OpenStack OpenStack

2 : Solaris Solaris 2 : demo service

10

OpenStack


2-2 OpenStack

()

demo demo admin)

service service Neutron OpenStackservice OpenStack admin service

OpenStack

2 33

2-3 OpenStack

116

VM


2-4 OpenStack

VM

VM

VM SSH 39 SSH

67 Neutron L3

1.

OpenStack admin demo

VM

2 35

2.

3.

VM

2-5

VM


4. VM

5.

OpenStack

6.

solaris solaris-kz OpenStack

VM

2 37

2-6

7.

VM SSH

8.

VM


VM

9.

VM

OpenStack VM

10. IP VM

VM VM VM IP

a. Floating IP

Floating IP

b. IP

IP IP + 40 IP

c.

VM IP

d.

Cinder

Glance

SSH

2 39

VM 7 10 IP root

# ssh root@floating-ip-address

SSH

1.

2.

3.

4.

5.

6.

1.

2.

3.

4.

5.

IP


6.

IP 1.

2.

3. Floating IP

4. Floating IP

Floating IP

5. IP

6. IP

3 Havana OpenStack 41

3 3 Havana OpenStack

OpenStack 1 1 1

- Havana OpenStack Juno OpenStack Oracle Solaris 11.2 SRU10

Oracle Solaris 11.2 SRU10 Havana Juno Havana Juno OpenStack

Oracle Solaris 11.2 SRU10 Juno 4 Juno OpenStack

Oracle SPARC OVM Server for SPARC (LDoms) OpenStack SPARC Solaris 11.2 OpenStack

3

3

https://community.oracle.com/docs/DOC-910993https://community.oracle.com/docs/DOC-910993https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2

3


OpenStack APINova Neutron

Neutron Layer 3 DHCP Nova

VM (Nova ) VM Cinder iSCSI

3 net0 net1

3


3-1 3

OpenStack SMF svcadm SMF SMF

3


3-1 SMF

mysql

rabbitmq

keystone

cinder-api

cinder-db

cinder-db

cinder-scheduler

cinder-volume:default

cinder-volume:setup

glance-api

glance-db

glance-registry

glance-scrubber

neutron-server

evs

nova-api-ec2

nova-api-osapi-compute

nova-cert

nova-conductor

nova-objectstore

nova-scheduler

http

ntp

heat-api

heat-db

neutron-dhcp-agent

neutron-l3-agent

evs-controller

ntp

nova-compute

ntp


heat-api-cfn

heat-api-cloudwatch

heat-engine

Swift SwiftOpenStack OpenStack OpenStack Swift Solaris OpenStack OpenStack forOracle Solaris 11

Oracle Solaris OpenStack OpenStack Oracle Solaris 11.2 OpenStack OpenStack

3 OpenStack

IP IP IP ()

3 controllernetwork compute1

1 1 1 MySQLRabbitMQ

Oracle Solaris 11 ZFS usr_reserve_hint_pct

# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve# reboot

http://docs.openstack.org/icehouse/config-reference/content/ch_configuring-object-storage.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.htmlhttp://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.html


site

OpenStack

https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1

OpenStack Advanced Message Queuing Protocol (AMQP) Solaris AMQP RabbitMQ RabbitMQ 1 RabbitMQ RabbitMQ

1. () NTP

47 Network Time Protocol

2. () MySQL 48 MySQL

3. RabbitMQ

a. RabbitMQ

controller# pkg install rabbitmq

b. RabbitMQ SMF

controller# svcadm enable rabbitmq

4. Keystone 49 Keystone

5. Cinder 52 Cinder

6. Glance 57 Glance

https://support.oracle.com

Network Time Protocol


7. Neutron 58 Neutron

8. Nova 59 Nova

9. Horizon 60 Horizon


Network Time Protocol (NTP) NTP

NTP NTP

IP IP IPNTP

IP IP NTP

Network Time Protocol 1. NTP

controller# pkg install ntp

2.

controller# cp /etc/inet/ntp.client /etc/inet/ntp.conf

3. NTP IP

IP

MySQL


IP NTP IP

a. /etc/inet/ntp.conf multicastclient # multicastclient 224.0.1.1

b. /etc/inet/ntp.conf 1

server ntp_server_1 iburstserver ntp_server_2 iburst

4. NTP SMF controller# svcadm enable ntp

MySQL

OpenStack SQLite MySQL

MySQL 1.

IP

controller# getent hosts controller-IPcontroller-IP controller-name

2. MySQL controller# pkg install mysql-55

3. MySQL controller# pkg install mysql-55/client

Keystone


4. MySQL SMF

controller# svcadm enable mysql:version_55

5. MySQL root

controller# mysqladmin u root password MySQL-root-password

6. MySQL OpenStack getenthosts controller-name

controller# mysql u root p

Enter password: MySQL-root-passwordmysql> create database cinder;

mysql> grant all privileges on cinder.*

-> to 'cinder'@'controller-name' -> identified by 'cinder';

mysql> create database glance;

mysql> grant all privileges on glance.*

-> to 'glance'@controller-name -> identified by 'glance';

mysql> create database keystone;

mysql> grant all privileges on keystone.*

-> to 'keystone'@controller-name -> identified by 'keystone';

mysql> create database nova;

mysql> grant all privileges on nova.*

-> to 'nova'@controller-name -> identified by 'nova';

mysql> flush privileges;

mysql> quit

7. MySQL Python

controller# pkg install python-mysql

Keystone

Keystone

Keystone 1. Keystone

Keystone


controller# pkg install keystone

2. Keystone

/etc/keystone/keystone.conf 2

a. admin_token

admin_token Keystone OpenStack 1 OpenSSL

controller# openssl rand -hex 10

random_string

/etc/keystone/keystone.conf admin_token

admin_token = random_string

b. connection

connection Keystone URI

getent hosts controller-name /etc/keystone/keystone.conf connection

connection = mysql://keystone:keystone@controller-name/keystone

3. (PKI)

controller# su - keystone -c "keystone-manage pki_setup"

4. Keystone SMF

controller# svcadm enable keystone

5. Keystone

sample_data.sh getent hosts controller-name

controller# su - keystone -c "env

Heat


CONTROLLER_ADMIN_ADDRESS=controller-name CONTROLLER_INTERNAL_ADDRESS=controller-name CONTROLLER_PUBLIC_ADDRESS=controller-name /usr/demo/openstack/keystone/sample_data.sh"

sample_data.sh API Keystone service nova nova

Heat

Heat OpenStack Heat Keystone

Heat Keystone

Keystone

1. Heat

controller# pkg install heat

2. Heat

# /usr/demo/openstack/keystone/heat-keystone-setup

3. /etc/heat/api-past.ini

# Auth middleware that validates token against keystone

[filter:authtoken]

paste.filter_factory = heat.common.auth_token:filter_factory

auth_uri = http://controller-IP:5000/v2.0 identity_uri = http://controller-IP:35357 admin_tenant_name = keystone

admin_user = heat

admin_password = heat-password

4. Heat

# svcadm enable -rs heat-api heat-db heat-engine heat-api-cfn heat-api-cloudwatch

Cinder


Cinder

Cinder

Keystone

Cinder

1. Cinder

controller# pkg install cinder

2.

/etc/cinder/api-paste.ini Keystone API Cinder

auth_uri = http://controller-name:5000/v2.0identity_uri = http://controller-name:35357admin_tenant_name = service

admin_user = cinder

admin_password = cinder-password

3. Cinder

/etc/cinder/cinder.conf volume_driver 4

ZFSVolumeDriver

Cinder Nova

ZFSISCSIDriver

Nova iSCSI

ZFSFCDriver

Nova LUN

Cinder


ZFSSAISCSIDriver

Nova Oracle ZFS StorageAppliance iSCSI /etc/cinder/cinder.conf

Nova iSCSI ZFSVolumeDriver ZFSISCSIDriver

# Driver to use for volume creation (string value)

# The local ZFS driver provides direct access to ZFS volumes that it

# creates. The other listed drivers provide access to ZFS volumes via

# iSCSI or Fibre Channel and are suitable for cases where block storage

# for Nova compute instances is shared.

#volume_driver=cinder.volume.drivers.solaris.zfs.ZFSVolumeDriver

volume_driver=cinder.volume.drivers.solaris.zfs.ZFSISCSIDriver

#volume_driver=cinder.volume.drivers.solaris.zfs.ZFSFCDriver

#volume_driver=cinder.volume.drivers.zfssa.zfssaiscsi.ZFSSAISCSIDriver

4.

/etc/cinder/cinder.conf Glance API Cinder RabbitMQ

glance_host=controller-namesql_connection=mysql://cinder:cinder@controller-name/cinderrabbit_host=controller-namevolume_driver=cinder.volume.drivers.solaris.zfs.ZFSISCSIDriver

5. iSCSI SMF

controller# svcadm enable iscsi/target stmf

6. Cinder SMF

controller# svcadm enable cinder-db

controller# svcadm enable cinder-api cinder-scheduler

controller# svcadm enable cinder-volume:default cinder-volume:setup

ZFS OpenStack Block Storage

http://www.oracle.com/technetwork/articles/servers-storage-admin/howto-build-openstack-zfs-2248817.html

ZFS Storage Appliance iSCSI Cinder



Oracle ZFS Storage Appliance iSCSI Cinder Oracle ZFS StorageAppliance (ZFSSA) Cinder Nova Cinder iSCSI cloud/openstack/cinder ZFSSA 2013.1.2.0

Oracle ZFS Storage Appliance

1. cinder.akwf

Cinder

cinder.akwf

Cinder RESTful

(CLI) (BUI)

CLI

zfssa:maintenance workflows> download

zfssa:maintenance workflows download (uncommitted)> show

Properties:

url = (unset)

user = (unset)

password = (unset)

zfssa:maintenance workflows download (uncommitted)> set url="url to the cinder.akwf file"

url = "url to the cinder.akwf file"

zfssa:maintenance workflows download (uncommitted)> commit

Transferred 2.64K of 2.64K (100%) ... done

zfssa:maintenance workflows> ls

Properties:

showhidden = false

Workflows:



WORKFLOW NAME OWNER SETID ORIGIN

VERSION

workflow-000 Clear locks root false Oracle Corporation

1.0.0

workflow-001 Configuration for OpenStack Cinder Driver root false Oracle Corporation

1.0.0

zfssa:maintenance workflows> select workflow-001

zfssa:maintenance workflow-001 execute (uncommitted)> set name=openstack

name = openstack

zfssa:maintenance workflow-001 execute (uncommitted)> set password=openstack-password password = ********

zfssa:maintenance workflow-001 execute (uncommitted)> commit

User openstack created.

BUI

a. ->

b. cinder.akwf

c.

d. BUI Cinder

zfssa_auth_user zfssa_auth_password cinder.conf

2. cinder.conf

cinder.conf

volume_driver - cinder.volume.drivers.zfssa.zfssaiscsi.ZFSSAISCSIDriver 3

zfssa_host ZFSSA IP

zfssa_auth_user ZFSSA Cinder

zfssa_auth_password ZFSSA Cinder



zfssa_pool

zfssa_target_portal ZFSSA iSCSI data-ip:port) 3260

zfssa_project ZFSSA () () ZFSSA

zfssa_initiator_group default default default default

zfssa_target_interfaces ZFSSA iSCSI

zfssa:configuration net interfaces> show

Interfaces:

INTERFACE STATE CLASS LINKS ADDRS LABEL

e1000g0 up ip e1000g0 1.10.20.30/24 Untitled Interface

connection connection sql_connection

connection=mysql://cinder:cinder...

sql_connection=mysql://cinder:cinder...

3. ZFSSA iSCSI

ZFSSA iSCSI BUI CLI CLI

zfssa:> configuration services iscsi

zfssa:configuration services iscsi> enable

zfssa:configuration services iscsi> show

Glance


Properties:

= online

...

4. Cinder SMF


Glance

Cinder Glance MySQL RabbitMQ

Glance 1. Glance

controller# pkg install glance

2. Glance

/etc/glance/glance-api.conf

/etc/glance/glance-cache.conf

/etc/glance/glance-registry.conf

/etc/glance/glance-scrubber.conf


admin_user = glance-passwordadmin_password = glance

3. MySQL URI /etc/glance/glance-api.conf /etc/glance/glance-registry.conf MySQL URI

connection=mysql://glance:glance@controller-name/glance

4. RabbitMQ /etc/glance/glance-api.conf RabbitMQ

Neutron


rabbit_host = controller-name

5. Glance SMF

controller# svcadm enable glance-db

controller# svcadm enable glance-api glance-registry glance-scrubber

Neutron

Neutron API EVS Neutron SSH evsuser authorized_keys

Neutron 1. Neutron

controller# pkg install neutron

2. neutron SSH

Neutron API EVS

neutron ssh-keygen neutron

controller# su - neutron

-c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"

3. EVS SSH /var/lib/neutron/.ssh/id_rsa.pub) EVS EVS

4. Neutron Keystone RabbitMQ /etc/neutron/neutron.conf

rabbit_host = controller-name

auth_uri = http://controller-name:5000/v2.0

Nova


identity_uri = http://controller-name:35357admin_tenant_name = service

admin_user = neutron

admin_password = neutron-password

5. EVS

a. EVS

getent hosts IP

network# getent hosts network-IPnetwork-IP network-name

b. EVS

/etc/neutron/plugins/evs/evs_plugin.ini getent hosts EVS

evs_controller = ssh://evsuser@network-namesql_connection = path-to-database

6. Neutron

controller# svcadm enable neutron-server

Nova

Nova

Nova 1. Nova

controller# pkg install nova

2.

/etc/nova/api-paste.ini Keystone API Nova

Horizon



admin_user = nova

admin_password = nova-password

3. /etc/nova/nova.conf Keystone Glance API NeutronAPI RabbitMQ Nova URI

keystone_ec2_url=http://controller-name:5000/v2.0/ec2tokensglance_host=controller-nameneutron_url=http://controller-name:9696neutron_admin_username=neutron

neutron_admin_password=neutron-passwordneutron_admin_tenant_name=service

neutron_admin_auth_url=http://controller-name:5000/v2.0rabbit_host=controller-nameconnection=mysql://nova:nova@controller-name/nova

4. Nova SMF

controller# svcadm enable nova-conductor

controller# svcadm enable nova-api-ec2 nova-api-osapi-compute

nova-cert nova-conductor nova-objectstore nova-scheduler

Horizon 1. Horizon

horizon# pkg install horizon

2. Horizon Horizon OpenStack Apache SSL/TLS FAQ

controller# DASHBOARD=/etc/openstack_dashboard

controller# openssl req -new -x509 -nodes

-out horizon.crt -keyout horizon.key

controller# mv horizon.crt horizon.key ${DASHBOARD}

controller# chmod 0600 ${DASHBOARD}/horizon.*

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html


controller# sed

-e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:"

-e "/SSLCACertificateFile/d"

-e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:"

< /etc/apache2/2.2/samples-conf.d/openstack-dashboard-tls.conf

> /etc/apache2/2.2/conf.d/openstack-dashboard-tls.conf

3. ~/conf.d/openstack-dashboard-tls.conf Horizon

RedirectPermanent=site-addressServerName=server-name

- 3 2

4.

Apache

controller# svcadm enable apache22

Apache

controller# svcs apache22

STATE STIME FMRI

online Jul_07 svc:/network/http:apache22

controller# svcadm restart apache22

VM



site

OpenStack



1. () NTP


2. Nova

compute1# pkg install nova

3. Remote Access Daemon (RAD) Nova RAD Oracle Solaris

compute1# svcadm restart rad:local

4. /etc/nova/api-paste.ini Keystone API Nova


admin_user = nova

admin_password = nova-password

5. /etc/nova/nova.conf Keystone Glance API NeutronAPI RabbitMQ Nova URI

keystone_ec2_url=http://controller-name:5000/v2.0/ec2tokensglance_host=controller-nameneutron_url=http://controller-name:9696neutron_admin_username=neutron

neutron_admin_password=neutron-passwordneutron_admin_tenant_name=service

neutron_admin_auth_url=http://controller-name:5000/v2.0rabbit_host=controller-name



connection=mysql://nova:nova@controller-name/nova

6. EVS

# pkg install evs

7. root SSH

Solaris EVS

root ssh-keygen root

compute1# su - root -c "ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa"

8. EVS

SSH /root/.ssh/id_rsa.pub EVS () EVS

Glance 120 120

9. Nova

compute1# svcadm enable nova-compute

Elastic Virtual Switch (EVS) Neutron DHCP Neutron Layer (L3)

EVS OpenStack VLAN VXLAN VM VM EVS Oracle Solaris 11.2 5

evsuser SSH evsuser authorized_keys

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgr


SSH

3-2 EVS SSH


# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve


# reboot

site

OpenStack


1. () NTP


2. Neutron

network# pkg install neutron

3. neutron evsuser SSH

network# su - neutron \


network# su - neutron \


4. EVS

SSH 2 evsuser

network# cat \

path-to-neutron@controller/id_rsa.pub \

path-to-root@compute1/id_rsa.pub \/var/lib/neutron/.ssh/id_rsa.pub \

/var/user/evsuser/.ssh/id_rsa.pub \

>> /var/user/evsuser/.ssh/authorized_keys

5. evsuser SSH /var/user/evsuser/.ssh/id_rsa.pub) evsuser authorized_keys



evsuser SSH 3-2EVS SSH

6. SSH

ssh EVS yesOpenStack

controller# su - neutron -c "ssh evsuser@network-name whoami"compute1# su - root -c "ssh evsuser@network-name whoami"network# su - neutron -c "ssh evsuser@network-name whoami"network# su - root -c "ssh evsuser@network-name whoami"

7. EVS

network# pkg install rad-evs-controller

8. RAD

network# svcadm restart rad:local

9. EVS

Nova VLAN VXLAN VLAN

ID 13 VLAN 1000 2000 VLAN ID EVS

network# evsadm set-prop -p controller=ssh://evsuser@network-namenetwork# evsadm

network# evsadm set-controlprop -p l2-type=vlan

network# evsadm set-controlprop -p uplink-port=net1

network# evsadm set-controlprop -p vlan-range=13,1000-2000

10. RabbitMQ

/etc/neutron/neutron.conf Keystone Glance API Neutron API RabbitMQ Neutron URI

[keystone_authtoken]

signing_dir = /var/lib/neutron/keystone-signing

auth_host = 127.0.0.1

auth_port = 35357


auth_protocol = http

auth_uri = http://controller-IP:5000/v2.0admin_tenant_name = service

admin_user = neutron

admin_password = neutron-passwordidentity_uri = http://controller-IP:35357.

[DEFAULT]

core_plugin = neutron.plugins.evs.plugin.EVSNeutronPluginV2

allow_overlapping_ips = False

quotas]

quota_driver = neutron.plugins.evs.db.quotas_db.EVSDbQuotaDriver

11. Neutron DHCP

/etc/neutron/dhcp_agent.ini EVS

evs_controller = ssh://evsuser@network-name

12. () Nova DNS

/etc/neutron/dhcp_agent.ini dhcp_domain Nova DNS

13. DHCP

network# svcadm enable neutron-dhcp-agent

14. Neutron L3

Neutron L3

DHCP IP IP Nova VM NeutronL3 Nova IP 1 1 NAT


OpenStack Neutron Oracle Solaris 11.2 7 OpenStack Neutron 1 IP

VM VM /etc/neutron/l3_agent.ini allow_forwarding_between_networks True neutron-l3-agent SMF

VM NAT IP IP ( IP) IP VM

Oracle Solaris 11.2 Neutron

http://docs.openstack.org/training-guides/content/operator-network-node.htmlhttp://docs.openstack.org/training-guides/content/operator-network-node.html


3-3

2 2 VM

192.168.100.0/24 192.168.100.1 HR

192.168.101.0/24 192.168.101.1 ENG

192.168.100.3 IP HR VM1 192.168.101.3 IP ENG

VM2

192.168.102.0/24 192.168.102.1 IT

192.168.103.0/24 192.168.103.1 ACCT

192.168.102.3 IP IT VM3 192.168.103.3 IP ACCT

VM4


NAT

IP IP

192.168.100.3 10.134.13.40

192.168.101.3 10.134.13.9

neutron-l3-agent SMF Neutron neutron-l3-agent 1

10.134.13.0/24 24 IP VM VM1 VM2 IP10.134.13.40 10.134.13.9 VM1 VM2 IP

2


3-4 Neutron L3

Neutron L3


VNIC

l3e... NAT (e) VNIC L3

l3i... IP (i) VNIC L3

IP

10.134.13.1

10.134.13.2 - 10.134.13.7OpenStackAPI (NovaCinderGlance ) IP

10.134.13.9 - 10.134.13.254 VM IP

Neutron L3

service

OpenStack 1

3-4Neutron L3

1. Solaris IP

network# svcadm enable ipfilter

2. IP

network# ipadm set-prop -p forwarding=on ipv4

network# ipadm set-prop -p forwarding=on ipv6

3. EVS VLAN ID

Neutron L3


VLAN ID 9 EVS

network# evsadm show-controlprop -p vlan-range,l2-type

PROPERTYPERM VALUE DEFAULTHOST

l2-typerw vlan vlan--

vlan-rangerw 13,1000-2000----

4. service

network# keystone tenant-list

5.

service OpenStack neutron

UUID id)

network# export OS_USERNAME=neutron

network# export OS_PASSWORD=neutron-passwordnetwork# export OS_TENANT_NAME=service

network# export OS_AUTH_URL=http://controller-name:5000/v2.0network# neutron router-create provider_router

Created a new router:

+-----------------------+--------------------------------------+

| Field | Value |

+-----------------------+--------------------------------------+

| admin_state_up | True |

| external_gateway_info | |

| id | 181543df-40d1-4514-ea77-fddd78c389ff |

| name | provider_router |

| status | ACTIVE |

| tenant_id | f164220cb02465db929ce520869895fa |

+-----------------------+--------------------------------------+

6. L3

UUID id) /etc/neutron/l3_agent.ini router_id

router_id = 181543df-40d1-4514-ea77-fddd78c389ff

7. neutron-l3-agent SMF

network# svcadm enable neutron-l3-agent

8.

service OpenStack neutron

network# neutron net-create --provider:network_type=vlan

Neutron L3


--provider:segmentation_id=13 --router:external=true external_network

Created a new network:

+--------------------------+--------------------------------------+

| Field | Value |

+--------------------------+--------------------------------------+


| id | f67f0d72-0ddf-11e4-9d95-e1f29f417e2f |

| name | external_network |

| provider:network_type | vlan |

| provider:segmentation_id | 13 |

| router:external | True |

| shared | False |

| status | ACTIVE |

| subnets | |


+--------------------------+--------------------------------------+

9.

DHCP IP IP VLAN ID13

network# neutron subnet-create --enable-dhcp=False \

--allocation-pool start=10.134.13.8,end=10.134.13.254 \

--name external_subnet external_network 10.134.13.0/24

Created a new subnet:

+------------------+--------------------------------------------------+

| Field | Value |

+------------------+--------------------------------------------------+

| allocation_pools | {"start": "10.134.13.8", "end": "10.134.13.254"} |

| cidr | 10.134.13.0/24 |

| dns_nameservers | |

| enable_dhcp | False |

| gateway_ip | 10.134.13.1 |

| host_routes | |

| id | 5d9c8958-0de0-11e4-9d96-e1f29f417e2f |

| ip_version | 4 |

| name | external_subnet |

| network_id | f67f0d72-0ddf-11e4-9d95-e1f29f417e2f |


+------------------+--------------------------------------------------+

10.

UUID provider_router UUID 2 UUID external_network UUID

network# neutron router-gateway-set

181543df-40d1-4514-ea77-fddd78c389ff

Neutron L3


f67f0d72-0ddf-11e4-9d95-e1f29f417e2f

Set gateway for router 181543df-40d1-4514-ea77-fddd78c389ff

network# neutron router-list -c name -c external_gateway_info

+-----------------+--------------------------------------------------------+

| name | external_gateway_info |

+-----------------+--------------------------------------------------------+

| provider_router | {"network_id": "f67f0d72-0ddf-11e4-9d95-e1f29f417e2f"} |

+-----------------+--------------------------------------------------------+

11.

neutron net-list

network# keystone tenant-list

+----------------------------------+---------+---------+

| id | name | enabled |

+----------------------------------+---------+---------+

| 511d4cb9ef6c40beadc3a664c20dc354 | demo | True |

| f164220cb02465db929ce520869895fa | service | True |

+----------------------------------+---------+---------+

network# neutron net-list --tenant-id=511d4cb9ef6c40beadc3a664c20dc354

+-------------------------------+------+------------------------------+

| id | name | subnets |

+-------------------------------+------+------------------------------+

| c0c15e0a-0def-11e4-9d9f- | HR | c0c53066-0def-11e4-9da0- |

| e1f29f417e2f | | e1f29f417e2f 192.168.100.0/24|

| ce64b430-0def-11e4-9da2- | ENG | ce693ac8-0def-11e4-9da3- |

| e1f29f417e2f | | e1f29f417e2f 192.168.101.0/24|

+-------------------------------+------+------------------------------+

UUID provider_router UUID 2 UUID HR UUID

network# neutron router-interface-add

181543df-40d1-4514-ea77-fddd78c389ff

c0c53066-0def-11e4-9da0-e1f29f417e2f (HR subnet UUID)

Added interface 7843841e-0e08-11e4-9da5-e1f29f417e2f to router 181543df-40d1-4514-ea77-

fddd78c389ff.

UUID provider_router UUID 2 UUID ENG UUID

network# neutron router-interface-add

181543df-40d1-4514-ea77-fddd78c389ff

ce693ac8-0def-11e4-9da3-e1f29f417e2f

Added interface 89289b8e-0e08-11e4-9da6-e1f29f417e2f to router 181543df-40d1-4514-ea77-

fddd78c389ff.

77 L3 125

IP


IP

OpenStack Horizon

1. OpenStack 29 OpenStack

2. -> -> Floating IP

3. external_network

4. IP Floating IP IP 10.134.13.9

5.

6. VM -> IP VM

VM (SSH ) SSH VM root authorized_keys

7. VM

global# ssh [email protected]

Last login: Fri Jul 18 00:37:39 2014 from 10.132.146.13

Oracle Corporation SunOS 5.11 11.2 June 2014

root@host-192-168-101-3:~# uname -a

SunOS host-192-168-101-3 5.11 11.2 i86pc i386 i86pc

root@host-192-168-101-3:~# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

2 instance-00000001 running / solaris excl

root@host-192-168-101-3:~# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

lo0 loopback ok -- --

lo0/v4 static ok -- 127.0.0.1/8

lo0/v6 static ok -- ::1/128

net0 ip ok -- --

L3


net0/dhcp inherited ok -- 192.168.101.3/24

L3

ipfippool ipnat IP dladm ipadm neturon-l3-agent

1. neutron-l3-agent VNIC

network# dladm show-vnic

LINK OVER SPEED MACADDRESS MACADDRTYPE VIDS

l3i7843841e_0_0 net1 1000 2:8:20:42:ed:22 fixed 200

l3i89289b8e_0_0 net1 1000 2:8:20:7d:87:12 fixed 201

l3ed527f842_0_0 net0 100 2:8:20:9:98:3e fixed

2. neutron-l3-agent IP

network# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

l3ed527f842_0_0 ip ok -- --

l3ed527f842_0_0/v4 static ok -- 10.134.13.8/24

l3ed527f842_0_0/v4a static ok -- 10.134.13.9/32

l3i7843841e_0_0 ip ok -- --

l3i7843841e_0_0/v4 static ok -- 192.168.100.1/24

l3i89289b8e_0_0 ip ok -- --

l3i89289b8e_0_0/v4 static ok -- 192.168.101.1/24

3. IP

network# ipfstat -io

empty list for ipfilter(out)

block in quick on l3i7843841e_0_0 from 192.168.100.0/24 to pool/4386082

block in quick on l3i89289b8e_0_0 from 192.168.101.0/24 to pool/8226578

network# ippool -l

table role = ipf type = tree number = 8226578

{ 192.168.100.0/24; };

table role = ipf type = tree number = 4386082

{ 192.168.101.0/24; };

4. IP NAT

network# ipnat -l

List of active MAP/Redirect filters:

bimap l3ed527f842_0_0 192.168.101.3/32 -> 10.134.13.9/32

List of active sessions:

BIMAP 192.168.101.3 22 10.134.13.9 22 [10.132.146.13 36405]

4 Juno OpenStack 79

4 4 Juno OpenStack

OpenStack 2

79 3 83 102 104

- Oracle Solaris 11.2 SRU10 Juno OpenStack

Oracle Solaris 11.2 SRU10 Havana Juno Havana Juno OpenStack

Oracle Solaris 11.2 SRU10 Havana 3 Havana OpenStack

3

OpenStack OpenStack

https://community.oracle.com/docs/DOC-910993https://community.oracle.com/docs/DOC-910993

3


1 1 1

OpenStack APINova Neutron

VM (Nova ) VM

3

- Oracle SPARC OVM Server for SPARC(LDoms) OpenStack SPARC Solaris 11.2 OpenStack Havana OpenStack

https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2

3

4 Juno OpenStack 81

4-1 3

Swift SwiftOpenStack OpenStack Oracle Solaris Swift Oracle Solaris OpenStack OpenStack for Oracle Solaris 11

http://docs.openstack.org/icehouse/config-reference/content/ch_configuring-object-storage.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.html

3


Oracle Solaris Elastic Virtual Switch (EVS) OpenStack EVS VLAN VXLAN VM VM EVS Oracle Solaris 11.2 5

evsuserneutron root SSH evsuser authorized_keys SSH

Oracle Solaris OpenStack OpenStack http://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.html OpenStack

http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.htmlhttp://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.html

4 Juno OpenStack 83

4-2 EVS SSH

1 1 1 MySQLRabbitMQ

84 85 Network Time Protocol 86 MySQL 88 Keystone


89 Glance 92 Nova 93 Horizon 94 Cinder 98 Neutron 101 Heat

OpenStack

OpenStack

OpenStack API (OpenStack ) L3 () () host-onhost-tnhost-en

IP /etc/hosts DNS

OpenStack

$CONTROLLER_ADMIN_NODE - OpenStack IP

$CONTROLLER_ADMIN_NODE_IP - OpenStack IP

$COMPUTE_ADMIN_NODE_IP - OpenStack IP

$VOLUME_IP -




4 Juno OpenStack 85

site

OpenStack



Network Time Protocol (NTP) NTP

NTP NTP

IP IP IPNTP

IP IP NTP

Network Time Protocol NTP NTP

1. NTP

controller# pkg install ntp

2.

controller# cp /etc/inet/ntp.client /etc/inet/ntp.conf

3. () /etc/inet/ntp.conf

a. multicastclient

b. 1 NTP IP


MySQL


# multicastclient 224.0.1.1

...

server system1.example.com iburst

server system2.example.com iburst

# server server_name3 iburst

4. NTP SMF

controller# svcadm enable ntp

MySQL

OpenStack SQLite MySQL

OpenStack Advanced Message Queuing Protocol (AMQP)Oracle Solaris AMQP RabbitMQ RabbitMQ 1 RabbitMQ RabbitMQ

MySQL

1. MySQL

controller# pkg install mysql-55 mysql-55/client python-mysql \

rabbitmq markupsafe rad-evs-controller

2. RabbitMQ

controller# svcadm enable rabbitmq

controller# svcadm restart rad:local

3. () API IP /etc/mysql/5.5/my.cnf

MySQL

4 Juno OpenStack 87

bind-address=$CONTROLLER_ADMIN_NODE_IP

4. MySQL

controller# svcadm enable mysql

5. MySQL root

controller# mysqladmin -u root password MySQL-root-password

6. MySQL

OpenStack

controller# mysql -u root -p

Enter password: MySQL-root-passwordmysql> drop database if exists nova;

mysql> drop database if exists cinder;

mysql> drop database if exists glance;

mysql> drop database if exists keystone;

mysql> drop database if exists neutron;

mysql> drop database if exists heat;

mysql> create database cinder;

mysql> default character set utf8

mysql> default collate utf8_general_ci;

mysql> grant all privileges on cinder.* to 'cinder'@'$CONTROLLER_ADMIN_NODE' \

identified by service-password';mysql> grant all privileges on cinder.* to 'cinder'@'$VOLUME_IP' \

identified by service-password';mysql> create database glance;



mysql> grant all privileges on glance.* to 'glance'@'$CONTROLLER_ADMIN_NODE' \

identified by service-password';mysql> create database keystone;



mysql> grant all privileges on keystone.* to 'keystone'@'$CONTROLLER_ADMIN_NODE' \

identified by service-password';mysql> create database nova;



mysql> grant all privileges on nova.* to 'nova'@'$CONTROLLER_ADMIN_NODE' \

identified by service-password';mysql> create database neutron;



mysql> grant all privileges on neutron.* to 'neutron'@'$CONTROLLER_ADMIN_NODE' \

identified by service-password';mysql> create database heat

Keystone




mysql> grant all privileges on heat.* to 'heat'@'$CONTROLLER_ADMIN_NODE' \

mysql> identified by service-password';mysql> flush privileges;

mysql> quit

Keystone

Keystone

Keystone

Keystone /usr/demo/openstack/keystone/sample_data.sh

service: OpenStack Keystone demo: admin

API service Nova nova nova

Keystone

1. Keystone

controller# pkg install keystone

2. Keystone OpenStack

Glance

4 Juno OpenStack 89

controller# openssl rand -hex 10

token-string

3.

controller# export SERVICE_TOKEN=token-string

4. /etc/keystone/keystone.conf

[DEFAULT]

admin_token = token-stringqpid_hostname=$CONTROLLER_ADMIN_NODE

rabbit_host=$CONTROLLER_ADMIN_NODE

...

[database]

connection = mysql://keystone:service-password@$CONTROLLER_ADMIN_NODE/keystone

5. Keystone SMF

controller# svcadm enable keystone

6. (PKI)

controller# su - keystone -c "keystone-manage pki_setup"

7. Keystone

controller# CONTROLLER_PUBLIC_ADDRESS=$CONTROLLER_ADMIN_NODE \

CONTROLLER_ADMIN_ADDRESS=$CONTROLLER_ADMIN_NODE \

CONTROLLER_INTERNAL_ADDRESS=$CONTROLLER_ADMIN_NODE \

SERVICE_TOKEN=token-string \/usr/demo/openstack/keystone/sample_data.sh

Glance

Glance MySQL RabbitMQ

Glance 1. Glance

Glance


controller# pkg install glance

2. Glance

/etc/glance/glance-api.conf

[DEFAULT]

registry_host = $CONTROLLER_ADM_NODE

admin_user =glance

admin_password = service-password

admin_tenant_name = tenantauth_url =http://$CONTROLLER_ADM_NODE:5000/v2.0

auth_strategy = keystone

default_publisher_id =image.$CONTROLLER_ADM_NODE

rabbit_host = $CONTROLLER_ADM_NODE

qpid_hostname =$CONTROLLER_ADM_NODE

[database]

connection = mysql://glance:service-password@$CONTROLLER_ADM_NODE/glance


auth_uri= http://$CONTROLLER_ADM_NODE:5000/v2.0

identity_uri = http://$CONTROLLER_ADM_NODE:35357

admin_tenant_name = tenantadmin_user = glance


/etc/glance/glance-cache.conf

[DEFAULT]

auth_url = http://$CONTROLLER_ADM_NODE:5000/v2.0/




/etc/glance/glance-registry.conf

[DEFAULT]

default_publisher_id = image.$CONTROLLER_ADM_NODE

Glance

4 Juno OpenStack 91

rabbit_host = $CONTROLLER_ADM_NODE

qpid_hostname = $CONTROLLER_ADM_NODE

[database]

connection = mysql://glance:glance@$CONTROLLER_ADM_NODE/glance


auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0




/etc/glance/glance-api-paste.ini

[filter:authtoken]

auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0/




/etc/glance/glance-registry-paste.ini

[filter:authtoken]





/etc/glance/glance-scrubber.conf

[DEFAULT]

auth_url = http://$CONTROLLER_ADM_NODE:5000/v2.0/




Nova


[database]

connection=mysql://glance:glance@$CONTROLLER_ADM_NODE/glance

3. Glance SMF

controller# svcadm enable -rs glance-api glance-db glance-registry glance-scrubber

Nova

Nova Nova

Nova 1. Nova

controller# pkg install nova

2. /etc/nova/nova.conf Nova

[DEFAULT]

qpid_hostname=$CONTROLLER_ADM_NODE

rabbit_host=$CONTROLLER_ADM_NODE

my_ip=$CONTROLLER_ADMIN_NODE_IP

host=$CONTROLLER_ADMIN_NODE

firewall_driver=nova.virt.firewall.NoopFirewallDriver

[database]

connection = mysql://nova:nova@$CONTROLLER_ADM_NODE/nova

[glance]

host=$CONTROLLER_ADM_NODE


auth_uri=http:/$CONTROLLER_ADM_NODE:5000/v2.0/

identity_uri=http://$CONTROLLER_ADM_NODE:35357/

admin_user=nova

admin_password=service-passwordadmin_tenant_name=tenant

[neutron]

url=http://$CONTROLLER_ADM_NODE:9696

admin_username=neutron

admin_password=service-password

Horizon

4 Juno OpenStack 93

admin_tenant_name=tenantadmin_auth_url=http://$CONTROLLER_ADM_NODE:5000/v2.0

3. Nova SMF

controller# svcadm enable -rs nova-conductor

controller# svcadm enable -rs nova-api-osapi-compute

nova-cert nova-scheduler

Horizon Horizon OpenStack Web SSL/TLS Horizon HTTP

Horizon

1. Horizon

controller# pkg install horizon

2.

HTTP

1. /etc/openstack_dashboard/local_settings.py

controller# gsed -i -e s@SECURE_PROXY_SSL_HEADER@#SECURE_PROXY_SSL_HEADER@ \

-e s@CSRF_COOKIE_SECURE@#CSRF_COOKIE_SECURE@ \

-e s@SESSION_COOKIE_SECURE@#SESSION_COOKIE_SECURE@ \

/etc/openstack_dashboard/local_settings.py

2. OpenStack HTTP http.conf

controller# cp /etc/apache2/2.2/samples-conf.d/openstack-dashboard-http.conf \

/etc/apache24/2.2/conf.d/

SSL/TLS

1. Horizon

Horizon OpenStack Apache SSL/TLS FAQ

http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html

Cinder


controller# export DASHBOARD=/etc/openstack_dashboard

controller# openssl req -new -x509 -nodes \

-out horizon.crt -keyout horizon.key

controller# mv horizon.crt horizon.key ${DASHBOARD}

controller# chmod 0600 ${DASHBOARD}/horizon.*

controller# sed \

-e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:" \

-e "/SSLCACertificateFile/d" \

-e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:" \

< /etc/apache2/2.2/samples-conf.d/openstack-dashboard-tls.conf \

> /etc/apache2/2.2/conf.d/openstack-dashboard-tls.conf

2. ~/conf.d/openstack-dashboard-tls.conf Horizon

RedirectPermanent=controller-IP

ServerName=controller-name

3. Apache

controller# svcadm enable apache22

Cinder

Cinder

Keystone

Cinder

Cinder Cinder

1. Cinder

controller# pkg install cinder


4 Juno OpenStack 95

2. /etc/cinder/cinder.conf Cinder

[DEFAULT]

qpid_hostname=$CONTROLLER_ADM_NODE


my_ip=$CONTROLLER_ADM_NODE

[database]

connection = mysql://cinder:cinder@$CONTROLLER_ADM_NODE/cinder

[keystone_authtoken



admin_tenant_name = tenantadmin_user = cinder


3. Cinder SMF

controller# svcadm enable -rs cinder-db

controller# svcadm enable -rs cinder-api cinder-scheduler

ZFS OpenStack Block Storage


Oracle ZFS Storage Appliance iSCSI Cinder Oracle ZFS StorageAppliance (ZFSSA) Cinder Nova Cinder iSCSI cloud/openstack/cinder ZFSSA 2013.1.2.0

Oracle ZFS Storage Appliance

1. cinder.akwf

Cinder

cinder.akwf

http://www.oracle.com/technetwork/articles/servers-storage-admin/howto-build-openstack-zfs-2248817.html



Cinder RESTful

(CLI) (BUI)

CLI

zfssa:maintenance workflows> download

zfssa:maintenance workflows download (uncommitted)> show

Properties:

url = (unset)

user = (unset)

password = (unset)

zfssa:maintenance workflows download (uncommitted)> set url="url to the cinder.akwf file"

url = "url to the cinder.akwf file"

zfssa:maintenance workflows download (uncommitted)> commit

Transferred 2.64K of 2.64K (100%) ... done

zfssa:maintenance workflows> ls

Properties:

showhidden = false

Workflows:

WORKFLOW NAME OWNER SETID ORIGIN

VERSION

workflow-000 Clear locks root false Oracle Corporation

1.0.0

workflow-001 Configuration for OpenStack Cinder Driver root false Oracle Corporation

1.0.0

zfssa:maintenance workflows> select workflow-001

zfssa:maintenance workflow-001 execute (uncommitted)> set name=openstack

name = openstack

zfssa:maintenance workflow-001 execute (uncommitted)> set password=openstack-password password = ********

zfssa:maintenance workflow-001 execute (uncommitted)> commit

User openstack created.

BUI

a. ->


4 Juno OpenStack 97

b. cinder.akwf

c.

d. BUI Cinder

san_login san_password cinder.conf

2. /etc/cinder/cinder.conf

cinder.conf

volume_driver - cinder.volume.drivers.zfssa.zfssaiscsi.ZFSSAISCSIDriver 3

san_ip ZFSSA IP

san_login ZFSSA Cinder

san_password ZFSSA Cinder

zfssa_pool

zfssa_target_portal ZFSSA iSCSI data-ip:port) 3260

zfssa_project ZFSSA () () ZFSSA

zfssa_initiator_group default default default default

Neutron


zfssa_target_interfaces ZFSSA iSCSI

zfssa:configuration net interfaces> show

Interfaces:

INTERFACE STATE CLASS LINKS ADDRS LABEL

e1000g0 up ip e1000g0 1.10.20.30/24 Untitled Interface

connection

connection=mysql://cinder:service-password@controller-fqdn/cinder

3. ZFSSA iSCSI ZFSSA iSCSI BUI CLI CLI

zfssa:> configuration services iscsi

zfssa:configuration services iscsi> enable

zfssa:configuration services iscsi> show

Properties:

= online

...

4. Cinder SMF


Neutron

Neutron API

Neutron 1. Neutron

controller# pkg install neutron

2. Neutron

/etc/neutron/neutron.conf

Neutron

4 Juno OpenStack 99

qpid_hostname=/$CONTROLLER_ADM_NODE

rabbit_host=/$CONTROLLER_ADM_NODE

# Host to locate redis. (string value)

# host=127.0.0.1





admin_tenant_name = tenantadmin_user = neutron


[database]

connection = mysql://neutron:neutron@$CONTROLLER_ADM_NODE/neutron

/etc/neutron/plugins/evs/evs_plugin.ini

[EVS]

evs_controller = ssh://evsuser@$CONTROLLER_ADM_NODE

/etc/neutron/dhcp_agent.ini

[DEFAULT]

evs_controller = ssh://evsuser@$CONTROLLER_ADM_NODE

3. Elastic Virtual Switch (EVS)

a. EVS EVS

controller# evsadm set-prop -p controller=ssh://evsuser@$CONTROLLER_ADM_NODE

b. evsuserneutron root SSH

controller# su - evsuser -c "ssh-keygen -N '' \

-f /var/user/evsuser/.ssh/id_rsa -t rsa"

controller# su - neutron -c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"

controller# ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa

Neutron


c. evsuser authorized_keys evsuserneutron root SSH

controller# cat /var/user/evsuser/.ssh/id_rsa.pub \

/var/lib/neutron/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub >> \

/var/user/evsuser/.ssh/authorized_keys

d. known_host SSH

Yes

controller# su - evsuser -c "ssh evsuser@$CONTROLLER_ADM_NODE true"

controller# su - neutron -c "ssh evsuser@$CONTROLLER_ADM_NODE true"

controller# ssh evsuser@$CONTROLLER_ADM_NODE true

e. .ssh

controller# chown -R evsuser:evsgroup /var/user/evsuser/.sshcontroller

controller# chown -R neutron:neutron /var/lib/neutron/.ssh

f. EVS l2-typeuplink-port vlan-range

controller# evsadm set-controlprop -p property=value

EVS

controller# evsadm set-controlprop -p l2-type=vlan

controller# evsadm set-controlprop -p vlan-range=1,200-300

controller# evsadm set-controlprop -p uplink-port=net0

controller# evsadm show-controlprop -o all

4. IP

controller# ipadm set-prop -p forwarding=on ipv4

5. IP

controller# svcadm enable -rs ipfilter

6. Neutron

controller# svcadm enable -rs neutron-server neutron-dhcp-agent

Heat

4 Juno OpenStack 101

Heat

Heat OpenStack Heat Keystone

Heat Keystone

Keystone

1. Heat

controller# pkg install heat

2. Heat

controller# OS_SERVICE_ENDPOINT=http://$CONTROLLER_ADM_NODE \

SERVICE_HOST=$CONTROLLER_ADM_NODE \

OS_AUTH_URL=http://$CONTROLLER_ADM_NODE:5000/v2.0 \

OS_USERNAME=admin OS_PASSWORD=secrete OS_TENANT_NAME=demo \

/usr/demo/openstack/keystone/heat-keystone-setup

3. Heat

/etc/heat/heat.conf

[database]

connection = mysql://heat:heat@$CONTROLLER_ADM_NODE/heat




admin_tenant_name = tenantadmin_user = heat


/etc/heat/api-paste.ini

[filter:authtoken]




admin_tenant_name = tenantadmin_user = heat


4. Heat

controller# svcadm enable -rs heat-api heat-db heat-engine \

heat-api-cfn heat-api-cloudwatch

VM nova-compute VM Web



site

OpenStack


1. () NTP


2. Nova



compute1# pkg install nova

3. Remote Access Daemon (RAD)

Nova RAD Oracle Solaris

compute1# svcadm restart rad:local

4. /etc/nova/nova.conf Nova

[DEFAULT]


my_ip=$COMPUTE_ADMIN_NODE_IP

host=$COMPUTE_ADMIN_NODE_X

firewall_driver=nova.virt.firewall.NoopFirewallDriver

keystone_ec2_url=http:/$CONTROLLER_ADM_NODE:5000/v2.0/ec2tokens

[database]

connection = mysql://nova:nova@$CONTROLLER_ADM_NODE/nova

[glance]



auth_uri=http://$CONTROLLER_ADM_NODE:5000/v2.0/

identity_uri=http://$CONTROLLER_ADM_NODE:35357/

admin_usr=nova

admin_password=service-passwordadmin_tenant_name=tenant

[neutron]

url=http://$CONTROLLER_ADM_NODE:9696

admin_username=neutron

admin_password=service-passwordadmin_tenant_name=tenantadmin_auth_url=http://$CONTROLLER_ADM_NODE:5000/v2.0

5. EVS

a. EVS

compute1# pkg install evs

b. EVS EVS

compute1# evsadm set-prop -p controller=ssh://evsuser@$CONTROLLER_ADM_NODE

6.


a. root SSH

compute1# su - root -c "ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa"

b. () SSH

compute1# cat /root/.ssh/id_rsa.pub

c. SSH /root/.ssh/id_rsa.pub

d. evsuser authorized_keys SSH

controller# cat location/id_rsa.pub >> /var/user/evsuser/.ssh/authorized_keys

e. () SSH authorized_keys

controller# cat /var/user/evsuser/.ssh/authorized_keys

6.b SSH

f. SSH known_host

Yes

compute1# ssh evsuser@$CONTROLLER_ADM_NODE true

7. Nova

compute1# svcadm enable nova-compute

OpenStack




site

OpenStack


1.

storage# pkg install cinder python-mysql mysql-55/client

2. /etc/cinder/cinder.conf Cinder

[DEFAULT]

san_is_local=true

my_ip=storage-IPrabbit_host=controller-fqdnglance_host=controller-IPzfs_volume_base=cinder/cinder

[database]

connection = mysql://cinder:service-password@controller-fqdn/cinder

[DEFAULT]

san_is_local=true

my_ip=$VOLUME_IP


glance_host=$CONTROLLER_ADM_NODE

zfs_volume_base=cinder/cinder

[database]

connection = mysql://cinder:cinder@$CONTROLLER_ADM_NODE/cinder




admin_user = cinder

admin_password = service-passwordadmin_tenant_name = tenant

3. Cinder


OpenStack


storage# svcadm enable -rs cinder-db cinder-volume:default cinder-volume:setup

storage# svcadm enable -rs iscsi/target

OpenStack VM

- 107 OpenStack

Neutron ()

1. controller# keystone tenant-list

ID ID

2.

controller# neutron net-create --tenant-id tenant-ID network-name

tenant-ID

3.

controller# neutron subnet-create --name subnet-name \--tenant-id tenant-ID network-name subnet-IP

4-1

88 Keystone Keystone demo

controller# keystone tenant-list

OpenStack


IP

Neutron L3 Neutron L3Nova IP 1 1 NAT L3 /etc/neutron/l3_agent.ini allow_forwarding_between_networks True neutron-l3-agent SMF

VM NAT IP IP ( IP) IP VM

OpenStack 3-3

OpenStack

DHCP IP IP Nova VM

Neutron

106

Elastic Virtual Switch l2-type vlan-range 9

controller# evsadm show-controlprop -p l2-type -p vlan-range

OpenStack


PROPERTY PERM VALUE DEFAULT HOST

l2-type rw vlan vlan --

vlan-range rw 1,200-300 -- --

keystone tenant-list

1. Solaris IP controller# svcadm enable ipfilter

2. IP controller# ipadm set-prop -p forwarding=on ipv4

3. controller# export OS_USERNAME=neutron

controller# export OS_PASSWORD=service-passwordcontroller# export OS_TENANT_NAME=service-namecontroller# export OS_AUTH_URL=http://controller-name:5000/v2.0

4.

controller# neutron router-create router-name

ID ID

5. L3 /etc/neutron/l3_agent.ini router_id UUID

router_id = router-ID

6. neutron-l3-agent SMF

controller# svcadm enable neutron-l3-agent

7. controller# neutron net-create --provider:network_type=vlan \

--provider:segmentation_id=VLAN-nbr \--router:external=true network-name

segmentation_id VLAN

OpenStack


8.

DHCP IP

controller# neutron subnet-create --enable-dhcp=false --name subnet-name \--allocation-pool start=start-IP, end=end-IP network-name subnet-IP

9.

controller# neutron router-gateway-set router-ID network-ID \

- /etc/neutron/l3_agent.ini router-ID neutron net-list network-ID

10.

ID ID

a. ID ID ID

# keystone tenant-list

# neutron net-list --tenant-id tenant-ID

b.

controller# neutron router-interface-add router-ID subnet-ID

4-2 service

3-3 A 2 VM 2 HR ENG 2 VM 2 Neutron

controller# svcadm enable ipfilter

controller# ipadm set-prop -p forwarding=on ipv4

oracle® solaris 11.2 での openstack のインストール … no: e56871-03 2015 年 4 月...

Documents