Upload
nguyendien
View
215
Download
0
Embed Size (px)
Citation preview
Part No: E56871-032015 4
Oracle Solaris 11.2 OpenStack
Part No: E56871-03
Copyright 2014, 2015, Oracle and/or its affiliates. All rights reserved.
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware,and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal AcquisitionRegulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, includingany operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and licenserestrictions applicable to the programs. No other rights are granted to the U.S. Government.
()(redundancy)Oracle Corporation
OracleJava
IntelIntel XeonIntel CorporationSPARCSPARC International, Inc.AMDOpteronAMDAMD OpteronAdvanced Micro Devices, Inc.UNIXThe Open Group
Oracle CorporationOracle CorporationOracle CorporationOracle Corporation
Oracle Accessibility ProgramWeb (http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc)
Oracle Support
My Oracle Support(http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info) http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs)
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacchttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=infohttp://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs
5
......................................................................................... 9
1 Oracle Solaris 11.2 OpenStack ...................................................... 11Oracle Solaris 11.2 .................................................................... 11Oracle Solaris OpenStack .............................................. 11............................................................................... 14OpenStack ..................................................................... 16
2 ....................................................................................19OpenStack ................................................................ 19
................................................................ 20................................................................... 21Elastic Virtual Switch ............................................................ 27
Juno OpenStack ........................................................27 Juno OpenStack .............................................................................28
OpenStack .................................................................. 29 OpenStack ................................... 29............................................................................ 30VM ............................................................. 34
3 Havana OpenStack ..... 413 ....................................................................... 41................................................................................. 45
....................................................... 46Network Time Protocol ................................................ 47MySQL ......................................................................... 48Keystone ...................................................................... 49Heat .................................................................... 51Cinder .......................................................................... 52
6 Oracle Solaris 11.2 OpenStack 2015 4
Glance ..........................................................................57 Neutron ................................ 58Nova ............................................................................ 59 Horizon ................................................................ 60
................................................................................. 61 ....................................................... 62
................................................................................. 63 ........................................................65Neutron L3 ........................................................... 67
4 Juno OpenStack ......... 793 ....................................................................... 79................................................................................. 83
......................................................................................... 84Network Time Protocol ................................................ 85MySQL ......................................................................... 86Keystone ...................................................................... 88Glance ..........................................................................89Nova ............................................................................ 92Horizon ........................................................................ 93Cinder .......................................................................... 94Neutron .............................................................. 98Heat .................................................................. 101
............................................................................... 102 ..................................................... 102
................................................................................. 104 ............................................. 105
OpenStack .......................................................106 ...................................................... 106
OpenStack ............................................. 107 OpenStack ............................. 108 IP ................................................................................................. 112 L3 ................................................114
5 ......................................................................... 115........................................................................................... 115
................................................................ 116............................................................................ 117
7
........................................................................................... 118................................................................ 118................................................................................... 120..........................................................120
VM .............................................................................. 121 VM ... 122
6 OpenStack ............................................................... 125........................................................................................ 125.....................................................................................127............................................................................... 129
OpenStack ........................................................ 130VM ................................................... 130
................................................................................................................. 135
8 Oracle Solaris 11.2 OpenStack 2015 4
9
Oracle Solaris 11.2 OpenStack OpenStack
Solaris OpenStack
http://www.oracle.com/pls/topic/lookup?ctx=E56342
http://www.oracle.com/goto/docfeedback
http://www.oracle.com/pls/topic/lookup?ctx=E56342http://www.oracle.com/pls/topic/lookup?ctx=E56342http://www.oracle.com/goto/docfeedback
10 Oracle Solaris 11.2 OpenStack 2015 4
1 Oracle Solaris 11.2 OpenStack 11
1 1 Oracle Solaris 11.2 OpenStack
Oracle Solaris 11.2 OpenStack Oracle Solaris
11 Oracle Solaris 11.2 11 Oracle Solaris OpenStack 14 16 OpenStack
Oracle Solaris 11.2
Oracle Solaris 11.2 SRU 10 Juno OpenStack Havana Juno OpenStack
3 Havana OpenStack 4 Juno OpenStack
Oracle Solaris OpenStack
Oracle Solaris 11.2 Oracle Solaris 11 OpenStack Oracle Solaris 11.2 OpenStack IaaS (Infrastructure as a Service) Web
Oracle Solaris OpenStack
12 Oracle Solaris 11.2 OpenStack 2015 4
OpenStack Oracle Solaris 11.2
1-1 Oracle Solaris OpenStack
Oracle Solaris 11.2 OpenStack
Nova
Nova Solaris (VM) VM
Oracle Solaris Oracle Solaris 11.2 Library
Neutron
Neutron OpenStack OpenStack VM Solaris
http://www.oracle.com/pls/topic/lookup?ctx=solaris11
Oracle Solaris OpenStack
1 Oracle Solaris 11.2 OpenStack 13
Elastic Virtual Switch (EVS) EVS Neutron API Nova VM VNIC
Elastic Virtual Switch Oracle Solaris 11.2 5
Cinder
Cinder OpenStack Cinder VM Solaris Cinder ZFS iSCSI ZFS Cinder ZFS Storage Appliance
ZFS Oracle Solaris 11.2 ZFS ZFS Storage Appliance https://docs.oracle.com/en/storage/
Swift
Swift OpenStack Swift ZFS RESTful API
Glance
Glance VM Solaris Glance OpenStack Swift Glance RESTful API
Automated Installer (AI)
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=ZFSADMINhttps://docs.oracle.com/en/storage/https://docs.oracle.com/en/storage/
14 Oracle Solaris 11.2 OpenStack 2015 4
Oracle Solaris 11.2 AI AI Oracle Solaris 11.2 5
Horizon
Horizon VM OpenStack OpenStack Web 29 OpenStack
Keystone
Keystone OpenStack
Heat OpenStack
OpenStack 1 (SMF) 3-1 SMF SMF SMF OpenStack
Image Packaging System (IPS) OpenStack (BE) OpenStack OpenStack IPS OpenStack OpenStack OpenStack RBAC
Solaris OpenStackSolaris Solaris
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=CUARChttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1
1 Oracle Solaris 11.2 OpenStack 15
2OpenStack Solaris
3 Havana OpenStack OpenStack 3 Solaris ()
5VM Solaris Solaris
Oracle Solaris OpenStack OpenStack OpenStack
OpenStack (OpenStack )
Solaris Oracle Solaris 11.2 Solaris OpenStack OpenStack for Oracle Solaris 11
OpenStack VM OpenStack OpenStack
OpenStack (Nova Compute )
SMF Solaris svc:/application/openstack/nova/nova-compute:default )SMF
http://docs.openstack.org/havanahttp://docs.oracle.com/cd/E36784_01/index.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.html
OpenStack
16 Oracle Solaris 11.2 OpenStack 2015 4
OpenStack KeystoneGlance Horizon
Oracle Solaris OpenStack VM
VM VM VM VM
Oracle Solaris Oracle Solaris OpenStack
OpenStack http://docs.openstack.org/glossary/content/glossary.html
OpenStack
OpenStack Solaris
OpenStack Oracle Solaris 11.2 Oracle Solaris 11.2 Oracle Solaris11.2 Oracle Solaris 11.2 Oracle Solaris11 Oracle Solaris 11.2 OracleSolaris 11.2 Oracle Solaris 11.2 4 Oracle Solaris
Oracle Solaris 11.2 Oracle Solaris 11.2 Oracle Solaris 11.2 Oracle Solaris 11.2 OpenStack OpenStack 5G VM CPU
http://docs.openstack.org/glossary/content/glossary.htmlhttp://docs.openstack.org/glossary/content/glossary.htmlhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIhttp://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.htmlhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUPhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUPhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=AUOSSpkgupdatehttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=AUOSSpkgupdatehttp://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-2-sys-reqs-2191085.pdfhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=SERNSglmuuhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=SERNSglmuu
OpenStack
1 Oracle Solaris 11.2 OpenStack 17
VM VM100 200G ZFS
OpenStack VM
virtinfo
# virtinfo
NAME CLASS
non-global-zone supported
kernel-zone supported
8G RAM ZFS Adaptive Replacement Cache
(ARC) Oracle Solaris ZFS ARC
- Oracle VM Server for x86 Oracle VM VirtualBox
Oracle Solaris Oracle Solaris
Oracle Solaris 11.2 OpenStack OracleSolaris 11.2 OpenStack README
OpenStack 125
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoxhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoxhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoihttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=VLZKZgnwoihttp://www.oracle.com/technetwork/server-storage/solaris11/downloads/unified-archives-2245488.html
18 Oracle Solaris 11.2 OpenStack 2015 4
2 19
2 2
OpenStack Oracle Solaris OpenStack OpenStack Oracle Solaris Havana Juno
OpenStack 3 HavanaOpenStack 4 JunoOpenStack
VM
19 OpenStack 29 OpenStack
- Havana Juno
OpenStack
Unified Archives Oracle Solaris OpenStack Oracle Solaris
OpenStack Oracle Solaris 11 Oracle Solaris OpenStack OpenStack
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/unified-archives-2245488.html
20 Oracle Solaris 11.2 OpenStack 2015 4
Oracle Solaris OpenStack
OpenStack
Solaris 2 Glance
OpenStack 21
Oracle Solaris OS OpenStack
1.
2.
3.
.uar zoneadm install
.uar AI AI AI
.uar AI
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/unified-archives-2245488.html
USB
2 21
USB usb
4. MD5 digest
$ digest -a md5 file
OpenStack 3 4
21 USB 23 AI
24 AI
25 Havana
USB
USB Oracle Solaris OpenStack AI
1. USB 20
2. USB USB
usbcopy
USB
22 Oracle Solaris 11.2 OpenStack 2015 4
Oracle Solaris 11.2 usbcopy usbcopy(1M)
Oracle Solaris 11.2 usbcopy Solaris usbcopy
dd
Oracle Solaris 11.2 dd
dd ()
Oracle Solaris 11 :
a HAL
# svcadm disable -t hal
b
# rmformat
c
# dd if=/path/image.usb of=/dev/rdsk/device bs=16k
d HAL
# svcadm enable hal
Linux :
a
# dmesg | tail
b
# dd if=/path/image.usb of=/dev/diskN bs=16k
MacOSX :
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=REFMAN1Musbcopy-1m
AI
2 23
a /dev/diskNN )
# diskutil list
# diskutil unmountDisk /dev/diskN
b
# dd if=/path/image.usb of=/dev/diskN bs=16k
3. USB
(SCI) SCI Enter Ctrl+L
AI
AI Oracle Solaris OpenStack
1.
20
2. AI
Oracle Solaris AI AI /usr/share/auto_install/manifest/default_archive.xml ARCHIVE software .uar
3. AI
AI AI Oracle Solaris 11.2 III
4.
ok boot net -install
5.
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIuseaiparthttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUIuseaipart
AI
24 Oracle Solaris 11.2 OpenStack 2015 4
SCI SCI Enter Ctrl+L
AI
AI Oracle Solaris 11.2 OpenStack USB Oracle Solaris 11.2 5
1. 20
2. AI USB
# archiveadm create-media -s http://pkg.oracle.com/solaris/release \
-f usb -o workdir/usb-filename \
workdir/uar-file
workdir AI USB
3. USB USB
Oracle Solaris 11.2 USB usbcopy
Oracle Solaris OS Oracle Solaris 11.2 USB dd
1. HAL
# svcadm disable -t hal
2.
# rmformat
3.
# dd if=/path/image.usb of=/dev/rdsk/device bs=16k
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=IOSUImedia-1
Havana
2 25
4. HAL
# svcadm enable hal
4. AI
5. USB USB
AI
SCI SCI Enter Ctrl+L
Havana
Oracle Solaris 11.2 Havana OpenStack
16 OpenStack
1.
20
2.
# zonecfg -z OpenStackKZ create -t SYSsolaris-kz
3.
CPURAM MAC MAC
Havana
26 Oracle Solaris 11.2 OpenStack 2015 4
8 CPU 8G MAC zonecfg(1M)
# zonecfg -z OpenStackKZ
zonecfg:OpenStackKZ> add virtual-cpu
zonecfg:OpenStackKZ:virtual-cpu> set ncpus=8
zonecfg:OpenStackKZ:virtual-cpu> end
zonecfg:OpenStackKZ> select capped-memory
zonecfg:OpenStackKZ:capped-memory> set physical=8g
zonecfg:OpenStackKZ:capped-memory> end
zonecfg:OpenStackKZ> select anet id=0
zonecfg:OpenStackKZ:anet> add mac
zonecfg:OpenStackKZ:anet:mac> set mac-address=auto
zonecfg:OpenStackKZ:anet:mac> end
zonecfg:OpenStackKZ:anet> end
zonecfg:OpenStackKZ> exit
4.
# zonecfg -z OpenStackKZ info
5. .uar x86
# zoneadm -z OpenStackKZ install -a path/uar-file
uar-file Havana OpenStack Oracle Solaris 11.2
6.
# zoneadm -z OpenStackKZ boot
7.
# zlogin -C OpenStackKZ
SCI SCI Enter Ctrl+L
8. IP DHCP IP DHCP MAC SCI MAC DHCP IPv4
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=REFMAN1Mzonecfg-1m
Juno OpenStack
2 27
IP IP IPS
Elastic Virtual Switch
Elastic Virtual Switch (EVS) EVS EVS EVS VM EVSOracle Solaris 11.2 5
EVS
# /usr/demo/openstack/configure_evs.py
rootevsuserneutron UNIX ) Secure Shell(SSH) evsuser /var/user/evsuser/.ssh/authorized_keys
EVS neutron-server:default neutron-dhcp-agent:default SMF
LAN (VLAN VXLAN) ID
Juno OpenStack
Juno OpenStack Oracle Solaris11.2 SRU 10 Oracle Solaris11.2 Juno
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgr
Juno OpenStack
28 Oracle Solaris 11.2 OpenStack 2015 4
Juno OpenStack
16 OpenStack OpenStack 20
1.
# zonecfg -z kzone-name create -t SYSsolaris-kz
SYSsolaris-kz Oracle Solaris
2. 8 CPU 12G zonecfg(1M)
# zonecfg -z kzone-namezonecfg:OpenStackKZ> add virtual-cpu
zonecfg:OpenStackKZ:virtual-cpu> set ncpus=8
zonecfg:OpenStackKZ:virtual-cpu> end
zonecfg:OpenStackKZ> select capped-memory
zonecfg:OpenStackKZ:capped-memory> set physical=12g
zonecfg:OpenStackKZ:capped-memory> end
zonecfg:OpenStackKZ> verify
zonecfg:OpenStackKZ> exit
3. ()
# zonecfg -z kzone-name info
4. 50G VM
# zoneadm -z kzone-name install -a archive-path -x install-size=50g
archive-path Juno OpenStack
5.
# zoneadm -z kzone-name boot
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=REFMAN1Mzonecfg-1m
OpenStack
2 29
6.
# zlogin -C kzone-name
SCI SCI Enter Ctrl+L
OpenStack
OpenStack OpenStack VM
OpenStack 1. OpenStack
2.
a. JavaScript
b. Cookie
3.
http://system/horizon/
system OpenStack Apache Web Horizon OpenStack OpenStack IP
OpenStack system IP
4.
: admin : secrete
OpenStack
30 Oracle Solaris 11.2 OpenStack 2015 4
()
2
Nova Cinder VM
CPU Solaris : solaris
solaris-kz
OpenStack
2 31
2-1 OpenStack
21 OpenStack OpenStack
2 : Solaris Solaris 2 : demo service
10
OpenStack
32 Oracle Solaris 11.2 OpenStack 2015 4
2-2 OpenStack
()
demo demo admin)
service service Neutron OpenStackservice OpenStack admin service
OpenStack
2 33
2-3 OpenStack
116
VM
34 Oracle Solaris 11.2 OpenStack 2015 4
2-4 OpenStack
VM
VM
VM SSH 39 SSH
67 Neutron L3
1.
OpenStack admin demo
VM
2 35
2.
3.
VM
2-5
VM
36 Oracle Solaris 11.2 OpenStack 2015 4
4. VM
5.
OpenStack
6.
solaris solaris-kz OpenStack
VM
2 37
2-6
7.
VM SSH
8.
VM
38 Oracle Solaris 11.2 OpenStack 2015 4
VM
9.
VM
OpenStack VM
10. IP VM
VM VM VM IP
a. Floating IP
Floating IP
b. IP
IP IP + 40 IP
c.
VM IP
d.
Cinder
Glance
SSH
2 39
VM 7 10 IP root
# ssh root@floating-ip-address
SSH
1.
2.
3.
4.
5.
6.
1.
2.
3.
4.
5.
IP
40 Oracle Solaris 11.2 OpenStack 2015 4
6.
IP 1.
2.
3. Floating IP
4. Floating IP
Floating IP
5. IP
6. IP
3 Havana OpenStack 41
3 3 Havana OpenStack
OpenStack 1 1 1
- Havana OpenStack Juno OpenStack Oracle Solaris 11.2 SRU10
Oracle Solaris 11.2 SRU10 Havana Juno Havana Juno OpenStack
Oracle Solaris 11.2 SRU10 Juno 4 Juno OpenStack
Oracle SPARC OVM Server for SPARC (LDoms) OpenStack SPARC Solaris 11.2 OpenStack
3
3
https://community.oracle.com/docs/DOC-910993https://community.oracle.com/docs/DOC-910993https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2
3
42 Oracle Solaris 11.2 OpenStack 2015 4
OpenStack APINova Neutron
Neutron Layer 3 DHCP Nova
VM (Nova ) VM Cinder iSCSI
3 net0 net1
3
3 Havana OpenStack 43
3-1 3
OpenStack SMF svcadm SMF SMF
3
44 Oracle Solaris 11.2 OpenStack 2015 4
3-1 SMF
mysql
rabbitmq
keystone
cinder-api
cinder-db
cinder-db
cinder-scheduler
cinder-volume:default
cinder-volume:setup
glance-api
glance-db
glance-registry
glance-scrubber
neutron-server
evs
nova-api-ec2
nova-api-osapi-compute
nova-cert
nova-conductor
nova-objectstore
nova-scheduler
http
ntp
heat-api
heat-db
neutron-dhcp-agent
neutron-l3-agent
evs-controller
ntp
nova-compute
ntp
3 Havana OpenStack 45
heat-api-cfn
heat-api-cloudwatch
heat-engine
Swift SwiftOpenStack OpenStack OpenStack Swift Solaris OpenStack OpenStack forOracle Solaris 11
Oracle Solaris OpenStack OpenStack Oracle Solaris 11.2 OpenStack OpenStack
3 OpenStack
IP IP IP ()
3 controllernetwork compute1
1 1 1 MySQLRabbitMQ
Oracle Solaris 11 ZFS usr_reserve_hint_pct
# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve# reboot
http://docs.openstack.org/icehouse/config-reference/content/ch_configuring-object-storage.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.htmlhttp://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.html
46 Oracle Solaris 11.2 OpenStack 2015 4
site
OpenStack
https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1
OpenStack Advanced Message Queuing Protocol (AMQP) Solaris AMQP RabbitMQ RabbitMQ 1 RabbitMQ RabbitMQ
1. () NTP
47 Network Time Protocol
2. () MySQL 48 MySQL
3. RabbitMQ
a. RabbitMQ
controller# pkg install rabbitmq
b. RabbitMQ SMF
controller# svcadm enable rabbitmq
4. Keystone 49 Keystone
5. Cinder 52 Cinder
6. Glance 57 Glance
https://support.oracle.com
Network Time Protocol
3 Havana OpenStack 47
7. Neutron 58 Neutron
8. Nova 59 Nova
9. Horizon 60 Horizon
Network Time Protocol
Network Time Protocol (NTP) NTP
NTP NTP
IP IP IPNTP
IP IP NTP
Network Time Protocol 1. NTP
controller# pkg install ntp
2.
controller# cp /etc/inet/ntp.client /etc/inet/ntp.conf
3. NTP IP
IP
MySQL
48 Oracle Solaris 11.2 OpenStack 2015 4
IP NTP IP
a. /etc/inet/ntp.conf multicastclient # multicastclient 224.0.1.1
b. /etc/inet/ntp.conf 1
server ntp_server_1 iburstserver ntp_server_2 iburst
4. NTP SMF controller# svcadm enable ntp
MySQL
OpenStack SQLite MySQL
MySQL 1.
IP
controller# getent hosts controller-IPcontroller-IP controller-name
2. MySQL controller# pkg install mysql-55
3. MySQL controller# pkg install mysql-55/client
Keystone
3 Havana OpenStack 49
4. MySQL SMF
controller# svcadm enable mysql:version_55
5. MySQL root
controller# mysqladmin u root password MySQL-root-password
6. MySQL OpenStack getenthosts controller-name
controller# mysql u root p
Enter password: MySQL-root-passwordmysql> create database cinder;
mysql> grant all privileges on cinder.*
-> to 'cinder'@'controller-name' -> identified by 'cinder';
mysql> create database glance;
mysql> grant all privileges on glance.*
-> to 'glance'@controller-name -> identified by 'glance';
mysql> create database keystone;
mysql> grant all privileges on keystone.*
-> to 'keystone'@controller-name -> identified by 'keystone';
mysql> create database nova;
mysql> grant all privileges on nova.*
-> to 'nova'@controller-name -> identified by 'nova';
mysql> flush privileges;
mysql> quit
7. MySQL Python
controller# pkg install python-mysql
Keystone
Keystone
Keystone 1. Keystone
Keystone
50 Oracle Solaris 11.2 OpenStack 2015 4
controller# pkg install keystone
2. Keystone
/etc/keystone/keystone.conf 2
a. admin_token
admin_token Keystone OpenStack 1 OpenSSL
controller# openssl rand -hex 10
random_string
/etc/keystone/keystone.conf admin_token
admin_token = random_string
b. connection
connection Keystone URI
getent hosts controller-name /etc/keystone/keystone.conf connection
connection = mysql://keystone:keystone@controller-name/keystone
3. (PKI)
controller# su - keystone -c "keystone-manage pki_setup"
4. Keystone SMF
controller# svcadm enable keystone
5. Keystone
sample_data.sh getent hosts controller-name
controller# su - keystone -c "env
Heat
3 Havana OpenStack 51
CONTROLLER_ADMIN_ADDRESS=controller-name CONTROLLER_INTERNAL_ADDRESS=controller-name CONTROLLER_PUBLIC_ADDRESS=controller-name /usr/demo/openstack/keystone/sample_data.sh"
sample_data.sh API Keystone service nova nova
Heat
Heat OpenStack Heat Keystone
Heat Keystone
Keystone
1. Heat
controller# pkg install heat
2. Heat
# /usr/demo/openstack/keystone/heat-keystone-setup
3. /etc/heat/api-past.ini
# Auth middleware that validates token against keystone
[filter:authtoken]
paste.filter_factory = heat.common.auth_token:filter_factory
auth_uri = http://controller-IP:5000/v2.0 identity_uri = http://controller-IP:35357 admin_tenant_name = keystone
admin_user = heat
admin_password = heat-password
4. Heat
# svcadm enable -rs heat-api heat-db heat-engine heat-api-cfn heat-api-cloudwatch
Cinder
52 Oracle Solaris 11.2 OpenStack 2015 4
Cinder
Cinder
Keystone
Cinder
1. Cinder
controller# pkg install cinder
2.
/etc/cinder/api-paste.ini Keystone API Cinder
auth_uri = http://controller-name:5000/v2.0identity_uri = http://controller-name:35357admin_tenant_name = service
admin_user = cinder
admin_password = cinder-password
3. Cinder
/etc/cinder/cinder.conf volume_driver 4
ZFSVolumeDriver
Cinder Nova
ZFSISCSIDriver
Nova iSCSI
ZFSFCDriver
Nova LUN
Cinder
3 Havana OpenStack 53
ZFSSAISCSIDriver
Nova Oracle ZFS StorageAppliance iSCSI /etc/cinder/cinder.conf
Nova iSCSI ZFSVolumeDriver ZFSISCSIDriver
# Driver to use for volume creation (string value)
# The local ZFS driver provides direct access to ZFS volumes that it
# creates. The other listed drivers provide access to ZFS volumes via
# iSCSI or Fibre Channel and are suitable for cases where block storage
# for Nova compute instances is shared.
#volume_driver=cinder.volume.drivers.solaris.zfs.ZFSVolumeDriver
volume_driver=cinder.volume.drivers.solaris.zfs.ZFSISCSIDriver
#volume_driver=cinder.volume.drivers.solaris.zfs.ZFSFCDriver
#volume_driver=cinder.volume.drivers.zfssa.zfssaiscsi.ZFSSAISCSIDriver
4.
/etc/cinder/cinder.conf Glance API Cinder RabbitMQ
glance_host=controller-namesql_connection=mysql://cinder:cinder@controller-name/cinderrabbit_host=controller-namevolume_driver=cinder.volume.drivers.solaris.zfs.ZFSISCSIDriver
5. iSCSI SMF
controller# svcadm enable iscsi/target stmf
6. Cinder SMF
controller# svcadm enable cinder-db
controller# svcadm enable cinder-api cinder-scheduler
controller# svcadm enable cinder-volume:default cinder-volume:setup
ZFS OpenStack Block Storage
http://www.oracle.com/technetwork/articles/servers-storage-admin/howto-build-openstack-zfs-2248817.html
ZFS Storage Appliance iSCSI Cinder
54 Oracle Solaris 11.2 OpenStack 2015 4
ZFS Storage Appliance iSCSI Cinder
Oracle ZFS Storage Appliance iSCSI Cinder Oracle ZFS StorageAppliance (ZFSSA) Cinder Nova Cinder iSCSI cloud/openstack/cinder ZFSSA 2013.1.2.0
Oracle ZFS Storage Appliance
1. cinder.akwf
Cinder
cinder.akwf
Cinder RESTful
(CLI) (BUI)
CLI
zfssa:maintenance workflows> download
zfssa:maintenance workflows download (uncommitted)> show
Properties:
url = (unset)
user = (unset)
password = (unset)
zfssa:maintenance workflows download (uncommitted)> set url="url to the cinder.akwf file"
url = "url to the cinder.akwf file"
zfssa:maintenance workflows download (uncommitted)> commit
Transferred 2.64K of 2.64K (100%) ... done
zfssa:maintenance workflows> ls
Properties:
showhidden = false
Workflows:
ZFS Storage Appliance iSCSI Cinder
3 Havana OpenStack 55
WORKFLOW NAME OWNER SETID ORIGIN
VERSION
workflow-000 Clear locks root false Oracle Corporation
1.0.0
workflow-001 Configuration for OpenStack Cinder Driver root false Oracle Corporation
1.0.0
zfssa:maintenance workflows> select workflow-001
zfssa:maintenance workflow-001 execute (uncommitted)> set name=openstack
name = openstack
zfssa:maintenance workflow-001 execute (uncommitted)> set password=openstack-password password = ********
zfssa:maintenance workflow-001 execute (uncommitted)> commit
User openstack created.
BUI
a. ->
b. cinder.akwf
c.
d. BUI Cinder
zfssa_auth_user zfssa_auth_password cinder.conf
2. cinder.conf
cinder.conf
volume_driver - cinder.volume.drivers.zfssa.zfssaiscsi.ZFSSAISCSIDriver 3
zfssa_host ZFSSA IP
zfssa_auth_user ZFSSA Cinder
zfssa_auth_password ZFSSA Cinder
ZFS Storage Appliance iSCSI Cinder
56 Oracle Solaris 11.2 OpenStack 2015 4
zfssa_pool
zfssa_target_portal ZFSSA iSCSI data-ip:port) 3260
zfssa_project ZFSSA () () ZFSSA
zfssa_initiator_group default default default default
zfssa_target_interfaces ZFSSA iSCSI
zfssa:configuration net interfaces> show
Interfaces:
INTERFACE STATE CLASS LINKS ADDRS LABEL
e1000g0 up ip e1000g0 1.10.20.30/24 Untitled Interface
connection connection sql_connection
connection=mysql://cinder:cinder...
sql_connection=mysql://cinder:cinder...
3. ZFSSA iSCSI
ZFSSA iSCSI BUI CLI CLI
zfssa:> configuration services iscsi
zfssa:configuration services iscsi> enable
zfssa:configuration services iscsi> show
Glance
3 Havana OpenStack 57
Properties:
= online
...
4. Cinder SMF
controller# svcadm enable cinder-volume:default cinder-volume:setup
Glance
Cinder Glance MySQL RabbitMQ
Glance 1. Glance
controller# pkg install glance
2. Glance
/etc/glance/glance-api.conf
/etc/glance/glance-cache.conf
/etc/glance/glance-registry.conf
/etc/glance/glance-scrubber.conf
auth_uri = http://controller-name:5000/v2.0identity_uri = http://controller-name:35357admin_tenant_name = service
admin_user = glance-passwordadmin_password = glance
3. MySQL URI /etc/glance/glance-api.conf /etc/glance/glance-registry.conf MySQL URI
connection=mysql://glance:glance@controller-name/glance
4. RabbitMQ /etc/glance/glance-api.conf RabbitMQ
Neutron
58 Oracle Solaris 11.2 OpenStack 2015 4
rabbit_host = controller-name
5. Glance SMF
controller# svcadm enable glance-db
controller# svcadm enable glance-api glance-registry glance-scrubber
Neutron
Neutron API EVS Neutron SSH evsuser authorized_keys
Neutron 1. Neutron
controller# pkg install neutron
2. neutron SSH
Neutron API EVS
neutron ssh-keygen neutron
controller# su - neutron
-c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"
3. EVS SSH /var/lib/neutron/.ssh/id_rsa.pub) EVS EVS
4. Neutron Keystone RabbitMQ /etc/neutron/neutron.conf
rabbit_host = controller-name
auth_uri = http://controller-name:5000/v2.0
Nova
3 Havana OpenStack 59
identity_uri = http://controller-name:35357admin_tenant_name = service
admin_user = neutron
admin_password = neutron-password
5. EVS
a. EVS
getent hosts IP
network# getent hosts network-IPnetwork-IP network-name
b. EVS
/etc/neutron/plugins/evs/evs_plugin.ini getent hosts EVS
evs_controller = ssh://evsuser@network-namesql_connection = path-to-database
6. Neutron
controller# svcadm enable neutron-server
Nova
Nova
Nova 1. Nova
controller# pkg install nova
2.
/etc/nova/api-paste.ini Keystone API Nova
Horizon
60 Oracle Solaris 11.2 OpenStack 2015 4
auth_uri = http://controller-name:5000/v2.0identity_uri = http://controller-name:35357admin_tenant_name = service
admin_user = nova
admin_password = nova-password
3. /etc/nova/nova.conf Keystone Glance API NeutronAPI RabbitMQ Nova URI
keystone_ec2_url=http://controller-name:5000/v2.0/ec2tokensglance_host=controller-nameneutron_url=http://controller-name:9696neutron_admin_username=neutron
neutron_admin_password=neutron-passwordneutron_admin_tenant_name=service
neutron_admin_auth_url=http://controller-name:5000/v2.0rabbit_host=controller-nameconnection=mysql://nova:nova@controller-name/nova
4. Nova SMF
controller# svcadm enable nova-conductor
controller# svcadm enable nova-api-ec2 nova-api-osapi-compute
nova-cert nova-conductor nova-objectstore nova-scheduler
Horizon 1. Horizon
horizon# pkg install horizon
2. Horizon Horizon OpenStack Apache SSL/TLS FAQ
controller# DASHBOARD=/etc/openstack_dashboard
controller# openssl req -new -x509 -nodes
-out horizon.crt -keyout horizon.key
controller# mv horizon.crt horizon.key ${DASHBOARD}
controller# chmod 0600 ${DASHBOARD}/horizon.*
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
3 Havana OpenStack 61
controller# sed
-e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:"
-e "/SSLCACertificateFile/d"
-e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:"
< /etc/apache2/2.2/samples-conf.d/openstack-dashboard-tls.conf
> /etc/apache2/2.2/conf.d/openstack-dashboard-tls.conf
3. ~/conf.d/openstack-dashboard-tls.conf Horizon
RedirectPermanent=site-addressServerName=server-name
- 3 2
4.
Apache
controller# svcadm enable apache22
Apache
controller# svcs apache22
STATE STIME FMRI
online Jul_07 svc:/network/http:apache22
controller# svcadm restart apache22
VM
Oracle Solaris 11 ZFS usr_reserve_hint_pct
# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve# reboot
site
OpenStack
62 Oracle Solaris 11.2 OpenStack 2015 4
https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1
1. () NTP
47 Network Time Protocol
2. Nova
compute1# pkg install nova
3. Remote Access Daemon (RAD) Nova RAD Oracle Solaris
compute1# svcadm restart rad:local
4. /etc/nova/api-paste.ini Keystone API Nova
auth_uri = http://controller-name:5000/v2.0identity_uri = http://controller-name:35357admin_tenant_name = service
admin_user = nova
admin_password = nova-password
5. /etc/nova/nova.conf Keystone Glance API NeutronAPI RabbitMQ Nova URI
keystone_ec2_url=http://controller-name:5000/v2.0/ec2tokensglance_host=controller-nameneutron_url=http://controller-name:9696neutron_admin_username=neutron
neutron_admin_password=neutron-passwordneutron_admin_tenant_name=service
neutron_admin_auth_url=http://controller-name:5000/v2.0rabbit_host=controller-name
https://support.oracle.com
3 Havana OpenStack 63
connection=mysql://nova:nova@controller-name/nova
6. EVS
# pkg install evs
7. root SSH
Solaris EVS
root ssh-keygen root
compute1# su - root -c "ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa"
8. EVS
SSH /root/.ssh/id_rsa.pub EVS () EVS
Glance 120 120
9. Nova
compute1# svcadm enable nova-compute
Elastic Virtual Switch (EVS) Neutron DHCP Neutron Layer (L3)
EVS OpenStack VLAN VXLAN VM VM EVS Oracle Solaris 11.2 5
evsuser SSH evsuser authorized_keys
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgr
64 Oracle Solaris 11.2 OpenStack 2015 4
SSH
3-2 EVS SSH
Oracle Solaris 11 ZFS usr_reserve_hint_pct
# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve
3 Havana OpenStack 65
# reboot
site
OpenStack
https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1
1. () NTP
47 Network Time Protocol
2. Neutron
network# pkg install neutron
3. neutron evsuser SSH
network# su - neutron \
-c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"
network# su - neutron \
-c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"
4. EVS
SSH 2 evsuser
network# cat \
path-to-neutron@controller/id_rsa.pub \
path-to-root@compute1/id_rsa.pub \/var/lib/neutron/.ssh/id_rsa.pub \
/var/user/evsuser/.ssh/id_rsa.pub \
>> /var/user/evsuser/.ssh/authorized_keys
5. evsuser SSH /var/user/evsuser/.ssh/id_rsa.pub) evsuser authorized_keys
https://support.oracle.com
66 Oracle Solaris 11.2 OpenStack 2015 4
evsuser SSH 3-2EVS SSH
6. SSH
ssh EVS yesOpenStack
controller# su - neutron -c "ssh evsuser@network-name whoami"compute1# su - root -c "ssh evsuser@network-name whoami"network# su - neutron -c "ssh evsuser@network-name whoami"network# su - root -c "ssh evsuser@network-name whoami"
7. EVS
network# pkg install rad-evs-controller
8. RAD
network# svcadm restart rad:local
9. EVS
Nova VLAN VXLAN VLAN
ID 13 VLAN 1000 2000 VLAN ID EVS
network# evsadm set-prop -p controller=ssh://evsuser@network-namenetwork# evsadm
network# evsadm set-controlprop -p l2-type=vlan
network# evsadm set-controlprop -p uplink-port=net1
network# evsadm set-controlprop -p vlan-range=13,1000-2000
10. RabbitMQ
/etc/neutron/neutron.conf Keystone Glance API Neutron API RabbitMQ Neutron URI
[keystone_authtoken]
signing_dir = /var/lib/neutron/keystone-signing
auth_host = 127.0.0.1
auth_port = 35357
3 Havana OpenStack 67
auth_protocol = http
auth_uri = http://controller-IP:5000/v2.0admin_tenant_name = service
admin_user = neutron
admin_password = neutron-passwordidentity_uri = http://controller-IP:35357.
[DEFAULT]
core_plugin = neutron.plugins.evs.plugin.EVSNeutronPluginV2
allow_overlapping_ips = False
quotas]
quota_driver = neutron.plugins.evs.db.quotas_db.EVSDbQuotaDriver
11. Neutron DHCP
/etc/neutron/dhcp_agent.ini EVS
evs_controller = ssh://evsuser@network-name
12. () Nova DNS
/etc/neutron/dhcp_agent.ini dhcp_domain Nova DNS
13. DHCP
network# svcadm enable neutron-dhcp-agent
14. Neutron L3
Neutron L3
DHCP IP IP Nova VM NeutronL3 Nova IP 1 1 NAT
68 Oracle Solaris 11.2 OpenStack 2015 4
OpenStack Neutron Oracle Solaris 11.2 7 OpenStack Neutron 1 IP
VM VM /etc/neutron/l3_agent.ini allow_forwarding_between_networks True neutron-l3-agent SMF
VM NAT IP IP ( IP) IP VM
Oracle Solaris 11.2 Neutron
http://docs.openstack.org/training-guides/content/operator-network-node.htmlhttp://docs.openstack.org/training-guides/content/operator-network-node.html
3 Havana OpenStack 69
3-3
2 2 VM
192.168.100.0/24 192.168.100.1 HR
192.168.101.0/24 192.168.101.1 ENG
192.168.100.3 IP HR VM1 192.168.101.3 IP ENG
VM2
192.168.102.0/24 192.168.102.1 IT
192.168.103.0/24 192.168.103.1 ACCT
192.168.102.3 IP IT VM3 192.168.103.3 IP ACCT
VM4
70 Oracle Solaris 11.2 OpenStack 2015 4
NAT
IP IP
192.168.100.3 10.134.13.40
192.168.101.3 10.134.13.9
neutron-l3-agent SMF Neutron neutron-l3-agent 1
10.134.13.0/24 24 IP VM VM1 VM2 IP10.134.13.40 10.134.13.9 VM1 VM2 IP
2
3 Havana OpenStack 71
3-4 Neutron L3
Neutron L3
72 Oracle Solaris 11.2 OpenStack 2015 4
VNIC
l3e... NAT (e) VNIC L3
l3i... IP (i) VNIC L3
IP
10.134.13.1
10.134.13.2 - 10.134.13.7OpenStackAPI (NovaCinderGlance ) IP
10.134.13.9 - 10.134.13.254 VM IP
Neutron L3
service
OpenStack 1
3-4Neutron L3
1. Solaris IP
network# svcadm enable ipfilter
2. IP
network# ipadm set-prop -p forwarding=on ipv4
network# ipadm set-prop -p forwarding=on ipv6
3. EVS VLAN ID
Neutron L3
3 Havana OpenStack 73
VLAN ID 9 EVS
network# evsadm show-controlprop -p vlan-range,l2-type
PROPERTYPERM VALUE DEFAULTHOST
l2-typerw vlan vlan--
vlan-rangerw 13,1000-2000----
4. service
network# keystone tenant-list
5.
service OpenStack neutron
UUID id)
network# export OS_USERNAME=neutron
network# export OS_PASSWORD=neutron-passwordnetwork# export OS_TENANT_NAME=service
network# export OS_AUTH_URL=http://controller-name:5000/v2.0network# neutron router-create provider_router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 181543df-40d1-4514-ea77-fddd78c389ff |
| name | provider_router |
| status | ACTIVE |
| tenant_id | f164220cb02465db929ce520869895fa |
+-----------------------+--------------------------------------+
6. L3
UUID id) /etc/neutron/l3_agent.ini router_id
router_id = 181543df-40d1-4514-ea77-fddd78c389ff
7. neutron-l3-agent SMF
network# svcadm enable neutron-l3-agent
8.
service OpenStack neutron
network# neutron net-create --provider:network_type=vlan
Neutron L3
74 Oracle Solaris 11.2 OpenStack 2015 4
--provider:segmentation_id=13 --router:external=true external_network
Created a new network:
+--------------------------+--------------------------------------+
| Field | Value |
+--------------------------+--------------------------------------+
| admin_state_up | True |
| id | f67f0d72-0ddf-11e4-9d95-e1f29f417e2f |
| name | external_network |
| provider:network_type | vlan |
| provider:segmentation_id | 13 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | f164220cb02465db929ce520869895fa |
+--------------------------+--------------------------------------+
9.
DHCP IP IP VLAN ID13
network# neutron subnet-create --enable-dhcp=False \
--allocation-pool start=10.134.13.8,end=10.134.13.254 \
--name external_subnet external_network 10.134.13.0/24
Created a new subnet:
+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "10.134.13.8", "end": "10.134.13.254"} |
| cidr | 10.134.13.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 10.134.13.1 |
| host_routes | |
| id | 5d9c8958-0de0-11e4-9d96-e1f29f417e2f |
| ip_version | 4 |
| name | external_subnet |
| network_id | f67f0d72-0ddf-11e4-9d95-e1f29f417e2f |
| tenant_id | f164220cb02465db929ce520869895fa |
+------------------+--------------------------------------------------+
10.
UUID provider_router UUID 2 UUID external_network UUID
network# neutron router-gateway-set
181543df-40d1-4514-ea77-fddd78c389ff
Neutron L3
3 Havana OpenStack 75
f67f0d72-0ddf-11e4-9d95-e1f29f417e2f
Set gateway for router 181543df-40d1-4514-ea77-fddd78c389ff
network# neutron router-list -c name -c external_gateway_info
+-----------------+--------------------------------------------------------+
| name | external_gateway_info |
+-----------------+--------------------------------------------------------+
| provider_router | {"network_id": "f67f0d72-0ddf-11e4-9d95-e1f29f417e2f"} |
+-----------------+--------------------------------------------------------+
11.
neutron net-list
network# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 511d4cb9ef6c40beadc3a664c20dc354 | demo | True |
| f164220cb02465db929ce520869895fa | service | True |
+----------------------------------+---------+---------+
network# neutron net-list --tenant-id=511d4cb9ef6c40beadc3a664c20dc354
+-------------------------------+------+------------------------------+
| id | name | subnets |
+-------------------------------+------+------------------------------+
| c0c15e0a-0def-11e4-9d9f- | HR | c0c53066-0def-11e4-9da0- |
| e1f29f417e2f | | e1f29f417e2f 192.168.100.0/24|
| ce64b430-0def-11e4-9da2- | ENG | ce693ac8-0def-11e4-9da3- |
| e1f29f417e2f | | e1f29f417e2f 192.168.101.0/24|
+-------------------------------+------+------------------------------+
UUID provider_router UUID 2 UUID HR UUID
network# neutron router-interface-add
181543df-40d1-4514-ea77-fddd78c389ff
c0c53066-0def-11e4-9da0-e1f29f417e2f (HR subnet UUID)
Added interface 7843841e-0e08-11e4-9da5-e1f29f417e2f to router 181543df-40d1-4514-ea77-
fddd78c389ff.
UUID provider_router UUID 2 UUID ENG UUID
network# neutron router-interface-add
181543df-40d1-4514-ea77-fddd78c389ff
ce693ac8-0def-11e4-9da3-e1f29f417e2f
Added interface 89289b8e-0e08-11e4-9da6-e1f29f417e2f to router 181543df-40d1-4514-ea77-
fddd78c389ff.
77 L3 125
IP
76 Oracle Solaris 11.2 OpenStack 2015 4
IP
OpenStack Horizon
1. OpenStack 29 OpenStack
2. -> -> Floating IP
3. external_network
4. IP Floating IP IP 10.134.13.9
5.
6. VM -> IP VM
VM (SSH ) SSH VM root authorized_keys
7. VM
global# ssh [email protected]
Last login: Fri Jul 18 00:37:39 2014 from 10.132.146.13
Oracle Corporation SunOS 5.11 11.2 June 2014
root@host-192-168-101-3:~# uname -a
SunOS host-192-168-101-3 5.11 11.2 i86pc i386 i86pc
root@host-192-168-101-3:~# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
2 instance-00000001 running / solaris excl
root@host-192-168-101-3:~# ipadm
NAME CLASS/TYPE STATE UNDER ADDR
lo0 loopback ok -- --
lo0/v4 static ok -- 127.0.0.1/8
lo0/v6 static ok -- ::1/128
net0 ip ok -- --
L3
3 Havana OpenStack 77
net0/dhcp inherited ok -- 192.168.101.3/24
L3
ipfippool ipnat IP dladm ipadm neturon-l3-agent
1. neutron-l3-agent VNIC
network# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VIDS
l3i7843841e_0_0 net1 1000 2:8:20:42:ed:22 fixed 200
l3i89289b8e_0_0 net1 1000 2:8:20:7d:87:12 fixed 201
l3ed527f842_0_0 net0 100 2:8:20:9:98:3e fixed
2. neutron-l3-agent IP
network# ipadm
NAME CLASS/TYPE STATE UNDER ADDR
l3ed527f842_0_0 ip ok -- --
l3ed527f842_0_0/v4 static ok -- 10.134.13.8/24
l3ed527f842_0_0/v4a static ok -- 10.134.13.9/32
l3i7843841e_0_0 ip ok -- --
l3i7843841e_0_0/v4 static ok -- 192.168.100.1/24
l3i89289b8e_0_0 ip ok -- --
l3i89289b8e_0_0/v4 static ok -- 192.168.101.1/24
3. IP
network# ipfstat -io
empty list for ipfilter(out)
block in quick on l3i7843841e_0_0 from 192.168.100.0/24 to pool/4386082
block in quick on l3i89289b8e_0_0 from 192.168.101.0/24 to pool/8226578
network# ippool -l
table role = ipf type = tree number = 8226578
{ 192.168.100.0/24; };
table role = ipf type = tree number = 4386082
{ 192.168.101.0/24; };
4. IP NAT
network# ipnat -l
List of active MAP/Redirect filters:
bimap l3ed527f842_0_0 192.168.101.3/32 -> 10.134.13.9/32
List of active sessions:
BIMAP 192.168.101.3 22 10.134.13.9 22 [10.132.146.13 36405]
78 Oracle Solaris 11.2 OpenStack 2015 4
4 Juno OpenStack 79
4 4 Juno OpenStack
OpenStack 2
79 3 83 102 104
- Oracle Solaris 11.2 SRU10 Juno OpenStack
Oracle Solaris 11.2 SRU10 Havana Juno Havana Juno OpenStack
Oracle Solaris 11.2 SRU10 Havana 3 Havana OpenStack
3
OpenStack OpenStack
https://community.oracle.com/docs/DOC-910993https://community.oracle.com/docs/DOC-910993
3
80 Oracle Solaris 11.2 OpenStack 2015 4
1 1 1
OpenStack APINova Neutron
VM (Nova ) VM
3
- Oracle SPARC OVM Server for SPARC(LDoms) OpenStack SPARC Solaris 11.2 OpenStack Havana OpenStack
https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2https://blogs.oracle.com/openstack/entry/multi_node_solaris_11_2
3
4 Juno OpenStack 81
4-1 3
Swift SwiftOpenStack OpenStack Oracle Solaris Swift Oracle Solaris OpenStack OpenStack for Oracle Solaris 11
http://docs.openstack.org/icehouse/config-reference/content/ch_configuring-object-storage.htmlhttp://www.oracle.com/technetwork/server-storage/solaris11/technologies/openstack-2135773.html
3
82 Oracle Solaris 11.2 OpenStack 2015 4
Oracle Solaris Elastic Virtual Switch (EVS) OpenStack EVS VLAN VXLAN VM VM EVS Oracle Solaris 11.2 5
evsuserneutron root SSH evsuser authorized_keys SSH
Oracle Solaris OpenStack OpenStack http://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.html OpenStack
http://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/pls/topic/lookup?ctx=E56342&id=NWVIRgnrgrhttp://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.htmlhttp://www.oracle.com/technetwork/articles/servers-storage-admin/getting-started-openstack-os11-2-2195380.html
4 Juno OpenStack 83
4-2 EVS SSH
1 1 1 MySQLRabbitMQ
84 85 Network Time Protocol 86 MySQL 88 Keystone
84 Oracle Solaris 11.2 OpenStack 2015 4
89 Glance 92 Nova 93 Horizon 94 Cinder 98 Neutron 101 Heat
OpenStack
OpenStack
OpenStack API (OpenStack ) L3 () () host-onhost-tnhost-en
IP /etc/hosts DNS
OpenStack
$CONTROLLER_ADMIN_NODE - OpenStack IP
$CONTROLLER_ADMIN_NODE_IP - OpenStack IP
$COMPUTE_ADMIN_NODE_IP - OpenStack IP
$VOLUME_IP -
Oracle Solaris 11 ZFS usr_reserve_hint_pct
# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve# reboot
Network Time Protocol
4 Juno OpenStack 85
site
OpenStack
https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1
Network Time Protocol
Network Time Protocol (NTP) NTP
NTP NTP
IP IP IPNTP
IP IP NTP
Network Time Protocol NTP NTP
1. NTP
controller# pkg install ntp
2.
controller# cp /etc/inet/ntp.client /etc/inet/ntp.conf
3. () /etc/inet/ntp.conf
a. multicastclient
b. 1 NTP IP
https://support.oracle.com
MySQL
86 Oracle Solaris 11.2 OpenStack 2015 4
# multicastclient 224.0.1.1
...
server system1.example.com iburst
server system2.example.com iburst
# server server_name3 iburst
4. NTP SMF
controller# svcadm enable ntp
MySQL
OpenStack SQLite MySQL
OpenStack Advanced Message Queuing Protocol (AMQP)Oracle Solaris AMQP RabbitMQ RabbitMQ 1 RabbitMQ RabbitMQ
MySQL
1. MySQL
controller# pkg install mysql-55 mysql-55/client python-mysql \
rabbitmq markupsafe rad-evs-controller
2. RabbitMQ
controller# svcadm enable rabbitmq
controller# svcadm restart rad:local
3. () API IP /etc/mysql/5.5/my.cnf
MySQL
4 Juno OpenStack 87
bind-address=$CONTROLLER_ADMIN_NODE_IP
4. MySQL
controller# svcadm enable mysql
5. MySQL root
controller# mysqladmin -u root password MySQL-root-password
6. MySQL
OpenStack
controller# mysql -u root -p
Enter password: MySQL-root-passwordmysql> drop database if exists nova;
mysql> drop database if exists cinder;
mysql> drop database if exists glance;
mysql> drop database if exists keystone;
mysql> drop database if exists neutron;
mysql> drop database if exists heat;
mysql> create database cinder;
mysql> default character set utf8
mysql> default collate utf8_general_ci;
mysql> grant all privileges on cinder.* to 'cinder'@'$CONTROLLER_ADMIN_NODE' \
identified by service-password';mysql> grant all privileges on cinder.* to 'cinder'@'$VOLUME_IP' \
identified by service-password';mysql> create database glance;
mysql> default character set utf8
mysql> default collate utf8_general_ci;
mysql> grant all privileges on glance.* to 'glance'@'$CONTROLLER_ADMIN_NODE' \
identified by service-password';mysql> create database keystone;
mysql> default character set utf8
mysql> default collate utf8_general_ci;
mysql> grant all privileges on keystone.* to 'keystone'@'$CONTROLLER_ADMIN_NODE' \
identified by service-password';mysql> create database nova;
mysql> default character set utf8
mysql> default collate utf8_general_ci;
mysql> grant all privileges on nova.* to 'nova'@'$CONTROLLER_ADMIN_NODE' \
identified by service-password';mysql> create database neutron;
mysql> default character set utf8
mysql> default collate utf8_general_ci;
mysql> grant all privileges on neutron.* to 'neutron'@'$CONTROLLER_ADMIN_NODE' \
identified by service-password';mysql> create database heat
Keystone
88 Oracle Solaris 11.2 OpenStack 2015 4
mysql> default character set utf8
mysql> default collate utf8_general_ci;
mysql> grant all privileges on heat.* to 'heat'@'$CONTROLLER_ADMIN_NODE' \
mysql> identified by service-password';mysql> flush privileges;
mysql> quit
Keystone
Keystone
Keystone
Keystone /usr/demo/openstack/keystone/sample_data.sh
service: OpenStack Keystone demo: admin
API service Nova nova nova
Keystone
1. Keystone
controller# pkg install keystone
2. Keystone OpenStack
Glance
4 Juno OpenStack 89
controller# openssl rand -hex 10
token-string
3.
controller# export SERVICE_TOKEN=token-string
4. /etc/keystone/keystone.conf
[DEFAULT]
admin_token = token-stringqpid_hostname=$CONTROLLER_ADMIN_NODE
rabbit_host=$CONTROLLER_ADMIN_NODE
...
[database]
connection = mysql://keystone:service-password@$CONTROLLER_ADMIN_NODE/keystone
5. Keystone SMF
controller# svcadm enable keystone
6. (PKI)
controller# su - keystone -c "keystone-manage pki_setup"
7. Keystone
controller# CONTROLLER_PUBLIC_ADDRESS=$CONTROLLER_ADMIN_NODE \
CONTROLLER_ADMIN_ADDRESS=$CONTROLLER_ADMIN_NODE \
CONTROLLER_INTERNAL_ADDRESS=$CONTROLLER_ADMIN_NODE \
SERVICE_TOKEN=token-string \/usr/demo/openstack/keystone/sample_data.sh
Glance
Glance MySQL RabbitMQ
Glance 1. Glance
Glance
90 Oracle Solaris 11.2 OpenStack 2015 4
controller# pkg install glance
2. Glance
/etc/glance/glance-api.conf
[DEFAULT]
registry_host = $CONTROLLER_ADM_NODE
admin_user =glance
admin_password = service-password
admin_tenant_name = tenantauth_url =http://$CONTROLLER_ADM_NODE:5000/v2.0
auth_strategy = keystone
default_publisher_id =image.$CONTROLLER_ADM_NODE
rabbit_host = $CONTROLLER_ADM_NODE
qpid_hostname =$CONTROLLER_ADM_NODE
[database]
connection = mysql://glance:service-password@$CONTROLLER_ADM_NODE/glance
[keystone_authtoken]
auth_uri= http://$CONTROLLER_ADM_NODE:5000/v2.0
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = glance
admin_password = service-password
/etc/glance/glance-cache.conf
[DEFAULT]
auth_url = http://$CONTROLLER_ADM_NODE:5000/v2.0/
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = glance
admin_password = service-password
/etc/glance/glance-registry.conf
[DEFAULT]
default_publisher_id = image.$CONTROLLER_ADM_NODE
Glance
4 Juno OpenStack 91
rabbit_host = $CONTROLLER_ADM_NODE
qpid_hostname = $CONTROLLER_ADM_NODE
[database]
connection = mysql://glance:glance@$CONTROLLER_ADM_NODE/glance
[keystone_authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = glance
admin_password = service-password
/etc/glance/glance-api-paste.ini
[filter:authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0/
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = glance
admin_password = service-password
/etc/glance/glance-registry-paste.ini
[filter:authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0/
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = glance
admin_password = service-password
/etc/glance/glance-scrubber.conf
[DEFAULT]
auth_url = http://$CONTROLLER_ADM_NODE:5000/v2.0/
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = glance
admin_password = service-password
Nova
92 Oracle Solaris 11.2 OpenStack 2015 4
[database]
connection=mysql://glance:glance@$CONTROLLER_ADM_NODE/glance
3. Glance SMF
controller# svcadm enable -rs glance-api glance-db glance-registry glance-scrubber
Nova
Nova Nova
Nova 1. Nova
controller# pkg install nova
2. /etc/nova/nova.conf Nova
[DEFAULT]
qpid_hostname=$CONTROLLER_ADM_NODE
rabbit_host=$CONTROLLER_ADM_NODE
my_ip=$CONTROLLER_ADMIN_NODE_IP
host=$CONTROLLER_ADMIN_NODE
firewall_driver=nova.virt.firewall.NoopFirewallDriver
[database]
connection = mysql://nova:nova@$CONTROLLER_ADM_NODE/nova
[glance]
host=$CONTROLLER_ADM_NODE
[keystone_authtoken]
auth_uri=http:/$CONTROLLER_ADM_NODE:5000/v2.0/
identity_uri=http://$CONTROLLER_ADM_NODE:35357/
admin_user=nova
admin_password=service-passwordadmin_tenant_name=tenant
[neutron]
url=http://$CONTROLLER_ADM_NODE:9696
admin_username=neutron
admin_password=service-password
Horizon
4 Juno OpenStack 93
admin_tenant_name=tenantadmin_auth_url=http://$CONTROLLER_ADM_NODE:5000/v2.0
3. Nova SMF
controller# svcadm enable -rs nova-conductor
controller# svcadm enable -rs nova-api-osapi-compute
nova-cert nova-scheduler
Horizon Horizon OpenStack Web SSL/TLS Horizon HTTP
Horizon
1. Horizon
controller# pkg install horizon
2.
HTTP
1. /etc/openstack_dashboard/local_settings.py
controller# gsed -i -e s@SECURE_PROXY_SSL_HEADER@#SECURE_PROXY_SSL_HEADER@ \
-e s@CSRF_COOKIE_SECURE@#CSRF_COOKIE_SECURE@ \
-e s@SESSION_COOKIE_SECURE@#SESSION_COOKIE_SECURE@ \
/etc/openstack_dashboard/local_settings.py
2. OpenStack HTTP http.conf
controller# cp /etc/apache2/2.2/samples-conf.d/openstack-dashboard-http.conf \
/etc/apache24/2.2/conf.d/
SSL/TLS
1. Horizon
Horizon OpenStack Apache SSL/TLS FAQ
http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
Cinder
94 Oracle Solaris 11.2 OpenStack 2015 4
controller# export DASHBOARD=/etc/openstack_dashboard
controller# openssl req -new -x509 -nodes \
-out horizon.crt -keyout horizon.key
controller# mv horizon.crt horizon.key ${DASHBOARD}
controller# chmod 0600 ${DASHBOARD}/horizon.*
controller# sed \
-e "/SSLCertificateFile/s:/path.*:${DASHBOARD}/horizon.crt:" \
-e "/SSLCACertificateFile/d" \
-e "/SSLCertificateKeyFile/s:/path.*:${DASHBOARD}/horizon.key:" \
< /etc/apache2/2.2/samples-conf.d/openstack-dashboard-tls.conf \
> /etc/apache2/2.2/conf.d/openstack-dashboard-tls.conf
2. ~/conf.d/openstack-dashboard-tls.conf Horizon
RedirectPermanent=controller-IP
ServerName=controller-name
3. Apache
controller# svcadm enable apache22
Cinder
Cinder
Keystone
Cinder
Cinder Cinder
1. Cinder
controller# pkg install cinder
ZFS Storage Appliance iSCSI Cinder
4 Juno OpenStack 95
2. /etc/cinder/cinder.conf Cinder
[DEFAULT]
qpid_hostname=$CONTROLLER_ADM_NODE
rabbit_host=$CONTROLLER_ADM_NODE
my_ip=$CONTROLLER_ADM_NODE
[database]
connection = mysql://cinder:cinder@$CONTROLLER_ADM_NODE/cinder
[keystone_authtoken
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = cinder
admin_password = service-password
3. Cinder SMF
controller# svcadm enable -rs cinder-db
controller# svcadm enable -rs cinder-api cinder-scheduler
ZFS OpenStack Block Storage
ZFS Storage Appliance iSCSI Cinder
Oracle ZFS Storage Appliance iSCSI Cinder Oracle ZFS StorageAppliance (ZFSSA) Cinder Nova Cinder iSCSI cloud/openstack/cinder ZFSSA 2013.1.2.0
Oracle ZFS Storage Appliance
1. cinder.akwf
Cinder
cinder.akwf
http://www.oracle.com/technetwork/articles/servers-storage-admin/howto-build-openstack-zfs-2248817.html
ZFS Storage Appliance iSCSI Cinder
96 Oracle Solaris 11.2 OpenStack 2015 4
Cinder RESTful
(CLI) (BUI)
CLI
zfssa:maintenance workflows> download
zfssa:maintenance workflows download (uncommitted)> show
Properties:
url = (unset)
user = (unset)
password = (unset)
zfssa:maintenance workflows download (uncommitted)> set url="url to the cinder.akwf file"
url = "url to the cinder.akwf file"
zfssa:maintenance workflows download (uncommitted)> commit
Transferred 2.64K of 2.64K (100%) ... done
zfssa:maintenance workflows> ls
Properties:
showhidden = false
Workflows:
WORKFLOW NAME OWNER SETID ORIGIN
VERSION
workflow-000 Clear locks root false Oracle Corporation
1.0.0
workflow-001 Configuration for OpenStack Cinder Driver root false Oracle Corporation
1.0.0
zfssa:maintenance workflows> select workflow-001
zfssa:maintenance workflow-001 execute (uncommitted)> set name=openstack
name = openstack
zfssa:maintenance workflow-001 execute (uncommitted)> set password=openstack-password password = ********
zfssa:maintenance workflow-001 execute (uncommitted)> commit
User openstack created.
BUI
a. ->
ZFS Storage Appliance iSCSI Cinder
4 Juno OpenStack 97
b. cinder.akwf
c.
d. BUI Cinder
san_login san_password cinder.conf
2. /etc/cinder/cinder.conf
cinder.conf
volume_driver - cinder.volume.drivers.zfssa.zfssaiscsi.ZFSSAISCSIDriver 3
san_ip ZFSSA IP
san_login ZFSSA Cinder
san_password ZFSSA Cinder
zfssa_pool
zfssa_target_portal ZFSSA iSCSI data-ip:port) 3260
zfssa_project ZFSSA () () ZFSSA
zfssa_initiator_group default default default default
Neutron
98 Oracle Solaris 11.2 OpenStack 2015 4
zfssa_target_interfaces ZFSSA iSCSI
zfssa:configuration net interfaces> show
Interfaces:
INTERFACE STATE CLASS LINKS ADDRS LABEL
e1000g0 up ip e1000g0 1.10.20.30/24 Untitled Interface
connection
connection=mysql://cinder:service-password@controller-fqdn/cinder
3. ZFSSA iSCSI ZFSSA iSCSI BUI CLI CLI
zfssa:> configuration services iscsi
zfssa:configuration services iscsi> enable
zfssa:configuration services iscsi> show
Properties:
= online
...
4. Cinder SMF
controller# svcadm enable cinder-volume:default cinder-volume:setup
Neutron
Neutron API
Neutron 1. Neutron
controller# pkg install neutron
2. Neutron
/etc/neutron/neutron.conf
Neutron
4 Juno OpenStack 99
qpid_hostname=/$CONTROLLER_ADM_NODE
rabbit_host=/$CONTROLLER_ADM_NODE
# Host to locate redis. (string value)
# host=127.0.0.1
host=$CONTROLLER_ADM_NODE
[keystone_authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = neutron
admin_password = service-password
[database]
connection = mysql://neutron:neutron@$CONTROLLER_ADM_NODE/neutron
/etc/neutron/plugins/evs/evs_plugin.ini
[EVS]
evs_controller = ssh://evsuser@$CONTROLLER_ADM_NODE
/etc/neutron/dhcp_agent.ini
[DEFAULT]
evs_controller = ssh://evsuser@$CONTROLLER_ADM_NODE
3. Elastic Virtual Switch (EVS)
a. EVS EVS
controller# evsadm set-prop -p controller=ssh://evsuser@$CONTROLLER_ADM_NODE
b. evsuserneutron root SSH
controller# su - evsuser -c "ssh-keygen -N '' \
-f /var/user/evsuser/.ssh/id_rsa -t rsa"
controller# su - neutron -c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa"
controller# ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa
Neutron
100 Oracle Solaris 11.2 OpenStack 2015 4
c. evsuser authorized_keys evsuserneutron root SSH
controller# cat /var/user/evsuser/.ssh/id_rsa.pub \
/var/lib/neutron/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub >> \
/var/user/evsuser/.ssh/authorized_keys
d. known_host SSH
Yes
controller# su - evsuser -c "ssh evsuser@$CONTROLLER_ADM_NODE true"
controller# su - neutron -c "ssh evsuser@$CONTROLLER_ADM_NODE true"
controller# ssh evsuser@$CONTROLLER_ADM_NODE true
e. .ssh
controller# chown -R evsuser:evsgroup /var/user/evsuser/.sshcontroller
controller# chown -R neutron:neutron /var/lib/neutron/.ssh
f. EVS l2-typeuplink-port vlan-range
controller# evsadm set-controlprop -p property=value
EVS
controller# evsadm set-controlprop -p l2-type=vlan
controller# evsadm set-controlprop -p vlan-range=1,200-300
controller# evsadm set-controlprop -p uplink-port=net0
controller# evsadm show-controlprop -o all
4. IP
controller# ipadm set-prop -p forwarding=on ipv4
5. IP
controller# svcadm enable -rs ipfilter
6. Neutron
controller# svcadm enable -rs neutron-server neutron-dhcp-agent
Heat
4 Juno OpenStack 101
Heat
Heat OpenStack Heat Keystone
Heat Keystone
Keystone
1. Heat
controller# pkg install heat
2. Heat
controller# OS_SERVICE_ENDPOINT=http://$CONTROLLER_ADM_NODE \
SERVICE_HOST=$CONTROLLER_ADM_NODE \
OS_AUTH_URL=http://$CONTROLLER_ADM_NODE:5000/v2.0 \
OS_USERNAME=admin OS_PASSWORD=secrete OS_TENANT_NAME=demo \
/usr/demo/openstack/keystone/heat-keystone-setup
3. Heat
/etc/heat/heat.conf
[database]
connection = mysql://heat:heat@$CONTROLLER_ADM_NODE/heat
[keystone_authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = heat
admin_password = service-password
/etc/heat/api-paste.ini
[filter:authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0/
102 Oracle Solaris 11.2 OpenStack 2015 4
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_tenant_name = tenantadmin_user = heat
admin_password = service-password
4. Heat
controller# svcadm enable -rs heat-api heat-db heat-engine \
heat-api-cfn heat-api-cloudwatch
VM nova-compute VM Web
Oracle Solaris 11 ZFS usr_reserve_hint_pct
# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve# reboot
site
OpenStack
https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1
1. () NTP
47 Network Time Protocol
2. Nova
https://support.oracle.com
4 Juno OpenStack 103
compute1# pkg install nova
3. Remote Access Daemon (RAD)
Nova RAD Oracle Solaris
compute1# svcadm restart rad:local
4. /etc/nova/nova.conf Nova
[DEFAULT]
rabbit_host=$CONTROLLER_ADM_NODE
my_ip=$COMPUTE_ADMIN_NODE_IP
host=$COMPUTE_ADMIN_NODE_X
firewall_driver=nova.virt.firewall.NoopFirewallDriver
keystone_ec2_url=http:/$CONTROLLER_ADM_NODE:5000/v2.0/ec2tokens
[database]
connection = mysql://nova:nova@$CONTROLLER_ADM_NODE/nova
[glance]
host=$CONTROLLER_ADM_NODE
[keystone_authtoken]
auth_uri=http://$CONTROLLER_ADM_NODE:5000/v2.0/
identity_uri=http://$CONTROLLER_ADM_NODE:35357/
admin_usr=nova
admin_password=service-passwordadmin_tenant_name=tenant
[neutron]
url=http://$CONTROLLER_ADM_NODE:9696
admin_username=neutron
admin_password=service-passwordadmin_tenant_name=tenantadmin_auth_url=http://$CONTROLLER_ADM_NODE:5000/v2.0
5. EVS
a. EVS
compute1# pkg install evs
b. EVS EVS
compute1# evsadm set-prop -p controller=ssh://evsuser@$CONTROLLER_ADM_NODE
6.
104 Oracle Solaris 11.2 OpenStack 2015 4
a. root SSH
compute1# su - root -c "ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa"
b. () SSH
compute1# cat /root/.ssh/id_rsa.pub
c. SSH /root/.ssh/id_rsa.pub
d. evsuser authorized_keys SSH
controller# cat location/id_rsa.pub >> /var/user/evsuser/.ssh/authorized_keys
e. () SSH authorized_keys
controller# cat /var/user/evsuser/.ssh/authorized_keys
6.b SSH
f. SSH known_host
Yes
compute1# ssh evsuser@$CONTROLLER_ADM_NODE true
7. Nova
compute1# svcadm enable nova-compute
OpenStack
Oracle Solaris 11 ZFS usr_reserve_hint_pct
4 Juno OpenStack 105
# echo "set user_reserve_hint_pct=80" >>/etc/system.d/site:kernel-zones-reserve# reboot
site
OpenStack
https://support.oracle.com MOS Oracle Solaris 11.2 ZFS 1663862.1
1.
storage# pkg install cinder python-mysql mysql-55/client
2. /etc/cinder/cinder.conf Cinder
[DEFAULT]
san_is_local=true
my_ip=storage-IPrabbit_host=controller-fqdnglance_host=controller-IPzfs_volume_base=cinder/cinder
[database]
connection = mysql://cinder:service-password@controller-fqdn/cinder
[DEFAULT]
san_is_local=true
my_ip=$VOLUME_IP
rabbit_host=$CONTROLLER_ADM_NODE
glance_host=$CONTROLLER_ADM_NODE
zfs_volume_base=cinder/cinder
[database]
connection = mysql://cinder:cinder@$CONTROLLER_ADM_NODE/cinder
[keystone_authtoken]
auth_uri = http://$CONTROLLER_ADM_NODE:5000/v2.0
identity_uri = http://$CONTROLLER_ADM_NODE:35357
admin_user = cinder
admin_password = service-passwordadmin_tenant_name = tenant
3. Cinder
https://support.oracle.com
OpenStack
106 Oracle Solaris 11.2 OpenStack 2015 4
storage# svcadm enable -rs cinder-db cinder-volume:default cinder-volume:setup
storage# svcadm enable -rs iscsi/target
OpenStack VM
- 107 OpenStack
Neutron ()
1. controller# keystone tenant-list
ID ID
2.
controller# neutron net-create --tenant-id tenant-ID network-name
tenant-ID
3.
controller# neutron subnet-create --name subnet-name \--tenant-id tenant-ID network-name subnet-IP
4-1
88 Keystone Keystone demo
controller# keystone tenant-list
OpenStack
4 Juno OpenStack 107
+------------+---------+---------+
| id | name | enabled |
+------------+---------+---------+
| abcde12345 | demo | True |
| fghij67890 | service | True |
+------------+---------+---------+
controller# neutron net-create --tenant-id abcde12345 demo_internal_net
Created a new network:
+--------------------------+-------------------+
| Field | Value |
+--------------------------+-------------------+
| admin_state_up | True |
| id | 9999 |
| name | demo_internal_net |
| provider:network_type | vlan |
| provider:segmentation_id | 300 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | abcde12345 |
+--------------------------+-------------------+
controller# neutron subnet-create --name demo_int_subnet --tenant-id abcde12345 \
demo_internal_net 192.168.1.0/24
Created a new subnet:
+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr | 192.168.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.1.1 |
| host_routes | |
| id | 07f9b37c-ae4e-11e4-8000-db57d0041a2c |
| ip_version | 4 |
| name | demo_int_subnet |
| network_id | 99999| |
| tenant_id | abcde12345 |
+------------------+--------------------------------------------------+
OpenStack
1
OpenStack
108 Oracle Solaris 11.2 OpenStack 2015 4
IP
Neutron L3 Neutron L3Nova IP 1 1 NAT L3 /etc/neutron/l3_agent.ini allow_forwarding_between_networks True neutron-l3-agent SMF
VM NAT IP IP ( IP) IP VM
OpenStack 3-3
OpenStack
DHCP IP IP Nova VM
Neutron
106
Elastic Virtual Switch l2-type vlan-range 9
controller# evsadm show-controlprop -p l2-type -p vlan-range
OpenStack
4 Juno OpenStack 109
PROPERTY PERM VALUE DEFAULT HOST
l2-type rw vlan vlan --
vlan-range rw 1,200-300 -- --
keystone tenant-list
1. Solaris IP controller# svcadm enable ipfilter
2. IP controller# ipadm set-prop -p forwarding=on ipv4
3. controller# export OS_USERNAME=neutron
controller# export OS_PASSWORD=service-passwordcontroller# export OS_TENANT_NAME=service-namecontroller# export OS_AUTH_URL=http://controller-name:5000/v2.0
4.
controller# neutron router-create router-name
ID ID
5. L3 /etc/neutron/l3_agent.ini router_id UUID
router_id = router-ID
6. neutron-l3-agent SMF
controller# svcadm enable neutron-l3-agent
7. controller# neutron net-create --provider:network_type=vlan \
--provider:segmentation_id=VLAN-nbr \--router:external=true network-name
segmentation_id VLAN
OpenStack
110 Oracle Solaris 11.2 OpenStack 2015 4
8.
DHCP IP
controller# neutron subnet-create --enable-dhcp=false --name subnet-name \--allocation-pool start=start-IP, end=end-IP network-name subnet-IP
9.
controller# neutron router-gateway-set router-ID network-ID \
- /etc/neutron/l3_agent.ini router-ID neutron net-list network-ID
10.
ID ID
a. ID ID ID
# keystone tenant-list
# neutron net-list --tenant-id tenant-ID
b.
controller# neutron router-interface-add router-ID subnet-ID
4-2 service
3-3 A 2 VM 2 HR ENG 2 VM 2 Neutron
controller# svcadm enable ipfilter
controller# ipadm set-prop -p forwarding=on ipv4
OpenStack
4 Juno OpenStack 111
controller# export OS_USERNAME=neutron
controller# export OS_PASSWORD=neutron
controller# export OS_TENANT_NAME=TenantA
controller# export OS_AUTH_URL=http://controller-name:5000/v2.0
controller# neutron router-create ext-router
Created a new router:
+-----------------------+-----------------+
| Field | Value |
+-----------------------+-----------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 97ro5-ut3er |
| name | ext-router |
| status | ACTIVE |
| tenant_id | abcde12345 |
+-----------------------+-----------------+
router_ID 97ro5-ut3er /etc/neutron/l3_agent.ini
controller# svcadm enable neutron-l3-agent
controller# neutron net-create --provider:network_type=vlan \
--provider:segmentation_id=1 --router:external=true ext_network
Created a new network:
+--------------------------+-------------------+
| Field | Value |
+--------------------------+-------------------+
| admin_state_up | True |
| id | 555ext-net555 |
| name | ext_network |
| provider:network_type | vlan |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | abcde12345 |
+--------------------------+-------------------+
controller# neutron subnet-create --enable-dhcp=False \
--name ext_subnet --allocation-pool start=10.134.13.8,end=10.134.13.254 \
ext_network 10.134.13.0/24
Created a new subnet:
+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "10.134.13.8", "end": "10.134.13.254"} |
| cidr | 10.134.13.0/24 |
IP
112 Oracle Solaris 11.2 OpenStack 2015 4
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 10.134.13.1 |
| host_routes | |
| id | 444sub-net444 |
| ip_version | 4 |
| name | ext_subnet |
| network_id | 555ext-net555 |
| tenant_id | abcde12345 |
+------------------+--------------------------------------------------+
controller# neutron router-gateway-set 97ro5-ut3er 555ext-net555
Set gateway for router 97ro5-ut3er
controller# keystone tenant-list
+------------+---------+---------+
| id | name | enabled |
+------------+---------+---------+
| 12345abcde | TenantA | True |
| 67890fghij | TenantB | True |
+------------+---------+---------+
controller# neutron net-list --tenant-id 12345abcde
+------------+------+