Refference:
http://giuliofidente.com/2013/04/deploy-openstack-heat-on-rhel-and-derivates.html
Steps:
1. Pull the template and image from community heat project:
https://github.com/openstack/heat-templates.git
http://fedorapeople.org/groups/heat/prebuilt-jeos-images/
2. We choose the template "WordPress_2_Instances_With_EBS_EIP.template", which needs the following settings as pre-requisites:
- Needs a router.
- Needs an external network which binded with the router.
- Needs an intra-network which binded with the router.
- Needs a volume group , its better to create one bigger enough.
3. Description of this template:
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template WordPress_Multi_Instance: WordPress is web software you can use to create a beautiful website or blog.
This template installs two instances: one running a WordPress deployment and the other using a local MySQL database to store the data.",
4. The outputs of this template incluing:
- Two instances, one as the wordpress webserver, another as its database to store wordpress's data.
- The database vm attached extra volume, and have a specified security group.
- Both of them are have floatingips.
Let's parse this complicated template first piece by piece.
"Parameters" 是heat 在创建模板时在运行时可以指定的的参数,以下是默认值
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type" : "String"
},
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "m1.small",
"AllowedValues" : [ "m1.tiny", "m1.small", "m1.medium", "m1.large", "m1.xlarge" ],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"VolumeSize" : {
"Description" : "WikiDatabase Volume size",
"Type" : "Number",
"Default" : "1",
"MinValue" : "1",
"MaxValue" : "1024",
"ConstraintDescription" : "must be between 1 and 1024 Gb."
},
"DBName": {
"Default": "wordpress",
"Description" : "The WordPress database name",
"Type": "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters."
},
"DBUsername": {
"Default": "admin",
"NoEcho": "true",
"Description" : "The WordPress database admin account username",
"Type": "String",
"MinLength": "1",
"MaxLength": "16",
"AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters."
},
最重要的就是Resources:
"AWS::EC2::EIP" 对应就是OpenStack的floating ip
AWS::EC2::EIPAssociation
下面列表列出了WikiDatabase和Webserver两个instance映射了floating ip
"Resources" : {
"DatabaseIPAddress" : {
"Type" : "AWS::EC2::EIP"
},
"DatabaseIPAssoc" : {
"Type" : "AWS::EC2::EIPAssociation",
"Properties" : {
"InstanceId" : { "Ref" : "WikiDatabase" },
"EIP" : { "Ref" : "DatabaseIPAddress" }
}
},
"WebServerIPAddress" : {
"Type" : "AWS::EC2::EIP"
},
"WebServerIPAssoc" : {
"Type" : "AWS::EC2::EIPAssociation",
"Properties" : {
"InstanceId" : { "Ref" : "WebServer" },
"EIP" : { "Ref" : "WebServerIPAddress" }
}
},
instance(WikiDatabase)的定义, 开机启动会会自动运行cloud-init脚本
cloud-init脚本根据每个instance的userdata customize
"WikiDatabase": {
"Type": "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"packages" : {
"yum" : {
"mysql" : [],
"mysql-server" : []
}
},
"services" : {
"systemd" : {
"mysqld" : { "enabled" : "true", "ensureRunning" : "true" }
}
}
}
}
},
"Properties": {
"ImageId" : { "Fn::FindInMap" : [ "DistroArch2AMI", { "Ref" : "LinuxDistribution" },
{ "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
"InstanceType" : { "Ref" : "InstanceType" },
"KeyName" : { "Ref" : "KeyName" },
"SubnetId": {"Ref" : "subnet"},
"AvailabilityZone": {"Ref" : "az"},
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"rm -rf /etc/yum.repos.d/*\n",
"echo \"[newFedora]\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"name=everything\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"baseurl=ftp://guest:[email protected]/pub/\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"enabled=1\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"gpgcheck=0\" >> /etc/yum.repos.d/newFedora.repo\n",
"/opt/aws/bin/cfn-init\n",
"# Wait for the volume to appear\n",
"while [ ! -e /dev/vdb ]; do echo Waiting for volume to attach; sleep 1; done\n",
"parted -s /dev/vdb mklabel msdos\n",
"parted -s /dev/vdb mkpart primary ext3 1 1000\n",
"# Format the EBS volume and mount it\n",
"systemctl stop mysqld.service\n",
"sleep 1\n",
"mv /var/lib/mysql /var/lib/mysql.data\n",
"/sbin/mkfs -t ext3 /dev/vdb1\n",
"mkdir /var/lib/mysql\n",
"mount /dev/vdb1 /var/lib/mysql\n",
"chown mysql.mysql /var/lib/mysql\n",
"mv -n /var/lib/mysql.data/* /var/lib/mysql\n",
"systemctl start mysqld.service\n",
"sleep 1\n",
"# Setup MySQL root password and create a user\n",
"mysqladmin -u root password '", { "Ref" : "DBRootPassword" }, "'\n",
"cat << EOF | mysql -u root --password='", { "Ref" : "DBRootPassword" }, "'\n",
"CREATE DATABASE ", { "Ref" : "DBName" }, ";\n",
"GRANT ALL PRIVILEGES ON ", { "Ref" : "DBName" }, ".* TO \"", { "Ref" : "DBUsername" }, "\"@\"", { "Ref" : "WebServerIPAddress" }, "\"\n",
"IDENTIFIED BY \"", { "Ref" : "DBPassword" }, "\";\n",
"FLUSH PRIVILEGES;\n",
"EXIT\n",
"EOF\n"
]]}}
}
},
Volume定义及mount点
"DataVolume" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"Size" : { "Ref" : "VolumeSize" },
"AvailabilityZone" : { "Fn::GetAtt" : [ "WikiDatabase", "AvailabilityZone" ]},
"Tags" : [{ "Key" : "Usage", "Value" : "Wiki Data Volume" }]
}
},
"MountPoint" : {
"Type" : "AWS::EC2::VolumeAttachment",
"Properties" : {
"InstanceId" : { "Ref" : "WikiDatabase" },
"VolumeId" : { "Ref" : "DataVolume" },
"Device" : "/dev/vdb"
}
}
},
5.准备工作
安装配置keystone
[[email protected] heat]# keystone endpoint-list
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+-------------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+-------------------------------------------------+----------------------------------+
| 0a483b9382594ca6be5e4bce7ab04459 | RegionOne | http://9.123.136.218:9292 | http://9.123.136.218:9292 | http://9.123.136.218:9292 | 139546d362d64a29b1a262b3562210b0 |
| 7146068233394953a332ee9b02f6fa2d | RegionOne | http://9.123.136.218:8000/v1 | http://9.123.136.218:8000/v1 | http://9.123.136.218:8000/v1 | 77e323c8264b437b8301493601b653c9 |
| 7f0a5135f836493386e3afa96db3b343 | RegionOne | http://9.123.136.218:9696 | http://9.123.136.218:9696 | http://9.123.136.218:9696 | 8f66c02c84ca4830a743a0fc3f8f65bd |
| 9463ffabca9e4d3c814bd3e56eabdbf2 | RegionOne | http://9.123.136.218:8776/v1/%(tenant_id)s | http://9.123.136.218:8776/v1/%(tenant_id)s | http://9.123.136.218:8776/v1/%(tenant_id)s | 48be268594074217805f12837fb48d71 |
| 9a966127151d4f7c922029da99e343d0 | RegionOne | http://9.123.136.218:8004/v1/%(tenant_id)s | http://9.123.136.218:8004/v1/%(tenant_id)s | http://9.123.136.218:8004/v1/%(tenant_id)s | c6c41cbf44be4290a9faeb846f2e2868 |
| a67ea5ef72c6442585239e800468b07d | RegionOne | http://9.123.136.218:8774/v2/%(tenant_id)s | http://9.123.136.218:8774/v2/%(tenant_id)s | http://9.123.136.218:8774/v2/%(tenant_id)s | 95213b0baaa74b67997cad54a8ccb9c2 |
| bf31b88bc2af484dac4929b515c62b58 | RegionOne | http://9.123.136.218:8776/v1/AUTH_%(tenant_id)s | http://9.123.136.218:8776/v1/AUTH_%(tenant_id)s | http://9.123.136.218:8776/v1/AUTH_%(tenant_id)s | 7eb75e4a460945a7bc0a49ca6e237943 |
| c32f3ce7c89c48168dfe39d20616068f | RegionOne | http://9.123.136.218:5000/v2.0 | http://9.123.136.218:5000/v2.0 | http://9.123.136.218:35357/v2.0 | b5f38be1739b4d50b4a80a0979767731 |
+----------------------------------+-----------+-------------------------------------------------+-------------------------------------------------+-------------------------------------------------+----------------------------------+
安装配置glance, 下载Fedora image并导入到glance
[[email protected] heat]# glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
53181c83-4e24-4888-be88-1f9e7ed4877c F17-x86_64-cfntools qcow2 bare 476704768
76e2ef7a-4f19-4264-8192-0a187a6c7bd1 cirros-img raw bare 9761280
安装配置nova
[[email protected] heat]# nova list
+--------------------------------------+-----------------------------------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-----------------------------------+--------+------------------+
| 2af6f549-c7a0-45c1-ae9c-29d882ea35c0 | test_cirros_2 | ACTIVE | flat-66=66.0.0.2 |
+--------------------------------------+-----------------------------------+--------+------------------+
安装配置neutron
[[email protected] heat]# neutron net-list
+--------------------------------------+---------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+--------------------------------------------------+
| 86c3b59d-902e-45a6-a76e-dd04d89cecd7 | flat-66 | 7add1f89-7726-42ab-a107-d983c238cafa 66.0.0.0/24 |
+--------------------------------------+---------+--------------------------------------------------+
安装配置heat
[[email protected] ~]# heat list
+--------------------------------------+-------------+-----------------+----------------------+
安装配置cinder 并 创建volume group
# Create 50G files for volume group
dd if=/dev/zero of=cinder-volumes-2 bs=1 count=0 seek=50G
losetup /dev/loop3 cinder-volumes-2
pvcreate /dev/loop3
vgcreate cinder-volumes-2 /dev/loop3
vgdisplay
[[email protected] xianghui]# vgdisplay
--- Volume group ---
VG Name cinder-volumes-2
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 50.00 GiB
PE Size 4.00 MiB
Total PE 12799
Alloc PE / Size 0 / 0
Free PE / Size 12799 / 50.00 GiB
VG UUID QvupD3-v40r-uiov-XhGE-KkRo-5Tgl-ZzbiLr
新建个volume测试
[[email protected] xianghui]# cinder create --display-name test 1
+--------------------------------------+-----------+-------------------------------------+------+-------------+----------+--------------------------------------+
| ID | Status | Display Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-------------------------------------+------+-------------+----------+--------------------------------------+
| 61ab0670-e935-43ee-baea-c5985a6d0094 | available | test | 1 | None | False | |
+--------------------------------------+-----------+-------------------------------------+------+-------------+----------+--------------------------------------+
创建虚拟路由器
[[email protected] cfn]# neutron router-create router1
+-----------------------+-----------------------------------------------------------------------------+
| Field | Value |
+-----------------------+-----------------------------------------------------------------------------+
| admin_state_up | True |
| external_gateway_info | {"network_id": "2d72d81b-cf09-459e-87fb-a50fa0e8730a", "enable_snat": true} |
| id | 06d85a01-fc42-4cde-a0f1-377f2f394a64 |
| name | router1 |
| routes | |
| status | ACTIVE |
| tenant_id | b21a96e16c3c438caab4a27a1f58a5b8 |
+-----------------------+-----------------------------------------------------------------------------+
配置neutron-l3-agent
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT router_id 06d85a01-fc42-4cde-a0f1-377f2f394a64
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT use_namespaces False
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-eth0
service neutron-server restart
service neutron-l3-agent restart
创建外部网络
[[email protected] cfn]# neutron net-create ext_net --router:external=True
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 2d72d81b-cf09-459e-87fb-a50fa0e8730a |
| name | ext_net |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1000 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | e1932e73-1e4b-4f87-9ebf-758a757e20ef |
| tenant_id | b21a96e16c3c438caab4a27a1f58a5b8 |
+---------------------------+--------------------------------------+
[[email protected] cfn]# subnet-create ext_net --allocation-pool start=192.168.12.10,end=192.168.12.50 --gateway 192.168.12.1 192.168.12.0/24 --enable_dhcp=False
+------------------+----------------------------------------------------+
| Field | Value |
+------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.12.10", "end": "192.168.12.50"} |
| cidr | 192.168.12.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 192.168.12.1 |
| host_routes | |
| id | e1932e73-1e4b-4f87-9ebf-758a757e20ef |
| ip_version | 4 |
| name | |
| network_id | 2d72d81b-cf09-459e-87fb-a50fa0e8730a |
| tenant_id | b21a96e16c3c438caab4a27a1f58a5b8 |
+------------------+----------------------------------------------------+
创建内部网络
[[email protected] cfn]# neutron net-create vlan-70 --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 16
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 793a95b7-cf1f-4bde-b7b8-5a9a2e552fae |
| name | vlan-70 |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 16 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | f542941d-5d53-45e4-85d0-944e030c2bcc |
| tenant_id | b21a96e16c3c438caab4a27a1f58a5b8 |
+---------------------------+--------------------------------------+
[[email protected] cfn]# neutron subnet-create vlan-70 70.0.0.0/24
+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "70.0.0.2", "end": "70.0.0.254"} |
| cidr | 70.0.0.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 70.0.0.1 |
| host_routes | |
| id | f542941d-5d53-45e4-85d0-944e030c2bcc |
| ip_version | 4 |
| name | |
| network_id | 793a95b7-cf1f-4bde-b7b8-5a9a2e552fae |
| tenant_id | b21a96e16c3c438caab4a27a1f58a5b8 |
+------------------+--------------------------------------------+
现在有了两个网络:
[[email protected] cfn]# neutron net-list
+--------------------------------------+---------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+------------------------------------------------------+
| 2d72d81b-cf09-459e-87fb-a50fa0e8730a | ext_net | e1932e73-1e4b-4f87-9ebf-758a757e20ef 192.168.12.0/24 |
| 793a95b7-cf1f-4bde-b7b8-5a9a2e552fae | vlan-70 | f542941d-5d53-45e4-85d0-944e030c2bcc 70.0.0.0/24 |
+--------------------------------------+---------+------------------------------------------------------+
绑定两个网络到路由器
# neutron router-gateway-set $ROUTER_ID $EXTERNAL_NETWORK_ID
[[email protected] cfn]# neutron router-gateway-set 06d85a01-fc42-4cde-a0f1-377f2f394a64 2d72d81b-cf09-459e-87fb-a50fa0e8730a
# neutron router-interface-add $ROUTER_ID $SUBNET_ID
[[email protected] cfn]# neutron router-interface-add 06d85a01-fc42-4cde-a0f1-377f2f394a64 f542941d-5d53-45e4-85d0-944e030c2bcc
两个网络在路由器都有了接口
[[email protected] cfn]# neutron router-port-list 06d85a01-fc42-4cde-a0f1-377f2f394a64
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 3f5c215e-7561-417b-91cf-7e42c655fc0e | | fa:16:3e:0f:9d:25 | {"subnet_id": "f542941d-5d53-45e4-85d0-944e030c2bcc", "ip_address": "70.0.0.1"} |
| 4acef568-a6dc-4b3e-9f20-6bfc98027424 | | fa:16:3e:64:6c:94 | {"subnet_id": "e1932e73-1e4b-4f87-9ebf-758a757e20ef", "ip_address": "192.168.12.15"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
开通l3 agent所在的主机转发功能
[[email protected] cfn]# sysctl -w net.ipv4.ip_forward=1
[[email protected] cfn]# echo '1' > /proc/sys/net/ipv4/ip_forward
打开nova-api所在的主机的80端口
# open control node(where running nova services except nova-compute) 80 port
[[email protected] cfn]# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
[[email protected] cfn]# service iptables save
[[email protected] cfn]# service iptables restart
[[email protected] cfn]# service httpd start
将发往169.254.169.254的包转发到8775端口,转给nova-api进程
# turn 169.254.169.254:80 to 9.123.136:218:8775
iptables -t nat -A PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 9.123.136:218:8775
测试apache服务已经启动
# verification
[[email protected] cfn]# telnet 9.123.136.218 80
Trying 9.123.136.218...
Connected to 9.123.136.218.
Escape character is 'ˆ]'.
建立FTP server,并将package放到/var/ftp/pub/
yum -y install vsftpd
service vsftpd start
更新instance的yum source到heat template中
"#!/bin/bash -v\n" in the template:
"rm -rf /etc/yum.repos.d/*\n",
"echo \"[newFedora]\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"name=everything\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"baseurl=ftp://9.123.136.218/pub/\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"enabled=1\" >> /etc/yum.repos.d/newFedora.repo\n",
"echo \"gpgcheck=0\" >> /etc/yum.repos.d/newFedora.repo\n",
配置nova默认floating ip pool
set default_floating_pool=<external network name> such as 'ext_net' here in /etc/nova/nova.conf
restart nova services
更新模板,配置创建的网络ID,keyname , securitygroup等
"SubnetId": {"Ref" : "subnet"},
AvailabilityZone": {"Ref" : "az"},
# Add subnet for Webserver instance after "KeyName": { "Ref" : "KeyName" }:
"SubnetId": {"Ref" : "subnet"},
# Add subnet and az in the parameters:
"subnet": {
"Type": "String",
"Default": "f542941d-5d53-45e4-85d0-944e030c2bcc"
},
"az": {
"Type": "String",
"Default": "nova"
}
添加iptables rules:
iptables -I INPUT -i tap+ -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 22,80,5000,5672,8774,8775,8776,9292,9696,35357 -j ACCEPT
iptables -t nat -D neutron-postrouting-bottom -j neutron-l3-agent-snat
iptables -A FORWARD -j ACCEPT
重启l3 agent
service neutron-l3-agent start
# (ALL-IN_ONE环境添加下面这条)
# 56.0.0.0/24 is the subnet created for the fixed ip
# 192.168.18.10 is one port of the external network
# iptables -t nat -D neutron-l3-agent-snat -s 56.0.0.0/24 -j SNAT --to-source 192.168.18.10
6. 设置userkey
ssh-keygen -t rsa
nova keypair-add --pub_key ~/.ssh/id_rsa.pub userkey
7. 运行heat
[[email protected] ~]# heat stack-create $StackName --template-file=$templateFile --parameters="KeyName=userkey"
[[email protected] ~]# heat list
+--------------------------------------+-------------+-----------------+----------------------+
| id | stack_name | stack_status | creation_time |
+--------------------------------------+-------------+-----------------+----------------------+
| 25a18790-69dd-42aa-a5f5-f8b32a6d44fb | wordpress_2 | CREATE_COMPLETE | 2013-10-10T13:39:01Z |
+--------------------------------------+-------------+-----------------+----------------------+
[[email protected] ~]# nova list
+--------------------------------------+---------------------------------------+---------+------------+-------------+---------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------------------------------+---------+------------+-------------+---------------------------------+
| c344daa1-2c1f-44d7-bef4-c8810dff684a | wordpress_2-WebServer-e4agquzowd2k | ACTIVE | None | Running | flat-80=80.0.0.5, 192.168.12.11 |
| 98d533c3-db2f-4ab7-8094-f8813b31a2ea | wordpress_2-WikiDatabase-v6hogla3ax5s | ACTIVE | None | Running | flat-80=80.0.0.4, 192.168.12.12 |
+--------------------------------------+---------------------------------------+---------+------------+-------------+---------------------------------+
8. ping floating ip 192.168.12.11
[[email protected] ~]# ping 192.168.12.11
PING 192.168.12.11 (192.168.12.11) 56(84) bytes of data.
64 bytes from 192.168.12.11: icmp_seq=1 ttl=64 time=0.133 ms
64 bytes from 192.168.12.11: icmp_seq=2 ttl=64 time=0.061 ms
64 bytes from 192.168.12.11: icmp_seq=3 ttl=64 time=0.111 ms
^C
--- 192.168.12.11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2292ms
rtt min/avg/max/mdev = 0.061/0.101/0.133/0.032 ms
![openstack身份管理[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)