|
OpenStack Icehouse : Configure Cinder#1(Control Node)
2014/06/26 |
|
Install and Configure OpenStack Block Storage (Cinder).
For this example, Install Cinder API Server on Control Node which Keystone/Glance/Nova API are already installed,
and Install Cinder-Volume on Block Storage Service Node. ( it's possible to install on a server as All-in-One, though, if you want )
+------------------+
10.0.0.35| [ Storage Node ] |
+------------------+ +-----+ Cinder-Volume |
| [ Control Node ] | | eth0| |
| Keystone |10.0.0.30 | +------------------+
| Glance |------------+
| Nova API |eth0 | +------------------+
| Cinder API | | eth0| [ Compute Node ] |
+------------------+ +-----+ Nova Compute |
10.0.0.51| |
+------------------+
|
|
Configure Control Node on this section.
|
|
| [1] | Add a User or Endpoint for Cinder to Keystone on Control Node. |
|
# create a Cinder user (set in service tenant) [root@dlp ~(keystone)]# keystone user-create --tenant service --name cinder --pass servicepassword --enabled true +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | b15b794e27394abb9593affdab701a4d | | name | cinder | | tenantId | fc294b687db2410189f7c8bd81efe426 | | username | cinder | +----------+----------------------------------+ # add Cinder user in admin role [root@dlp ~(keystone)]# keystone user-role-add --user cinder --tenant service --role admin
# create a service entry for Cinder [root@dlp ~(keystone)]# keystone service-create --name=cinder --type=volume --description="Cinder Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Cinder Service | | enabled | True | | id | 76dace48fa884efd87cdd07d9f3e9589 | | name | cinder | | type | volume | +-------------+----------------------------------+ # define IP address for Cinder API server [root@dlp ~(keystone)]# export cinder_api=10.0.0.30
# create an endpoint for Cinder [root@dlp ~(keystone)]# keystone endpoint-create --region RegionOne \ --service cinder \ --publicurl "http://$cinder_api:8776/v1/\$(tenant_id)s" \ --internalurl "http://$cinder_api:8776/v1/\$(tenant_id)s" \ --adminurl "http://$cinder_api:8776/v1/\$(tenant_id)s" +-------------+----------------------------------------+ | Property | Value | +-------------+----------------------------------------+ | adminurl | http://10.0.0.30:8776/v1/$(tenant_id)s | | id | 65e9aebbd8984f72beb5ba0a69f8da18 | | internalurl | http://10.0.0.30:8776/v1/$(tenant_id)s | | publicurl | http://10.0.0.30:8776/v1/$(tenant_id)s | | region | RegionOne | | service_id | 76dace48fa884efd87cdd07d9f3e9589 | +-------------+----------------------------------------+ |
| [2] | Add a User and DB for Cinder to MariaDB. |
|
[root@dlp ~(keystone)]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 23 Server version: 5.5.36-MariaDB-wsrep MariaDB Server, wsrep_25.9.r3961 Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. # set any password for 'password' section
mysql>
create database cinder character set utf8; Query OK, 1 row affected (0.00 sec)
mysql>
grant all privileges on cinder.* to cinder@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec)
mysql>
grant all privileges on cinder.* to cinder@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec)
mysql>
mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) exit Bye |
| [3] | Install Cinder service. |
|
[root@dlp ~(keystone)]# yum --enablerepo=openstack-icehouse,epel -y install openstack-cinder
|
| [4] | Configure Cinder. |
|
[root@dlp ~(keystone)]# mv /etc/cinder/cinder.conf /etc/cinder/cinder.conf.org
[root@dlp ~(keystone)]#
vi /etc/cinder/cinder.conf # create new [DEFAULT] state_path=/var/lib/cinder api_paste_config=api-paste.ini enable_v1_api=true rootwrap_config=/etc/cinder/rootwrap.conf auth_strategy=keystone # specify RabbitMQ server rabbit_host=10.0.0.30 rabbit_port=5672 # specify RabbitMQ user for auth rabbit_userid=guest # specify RabbitMQ user's password above rabbit_password=password rpc_backend=rabbit scheduler_driver=cinder.scheduler.filter_scheduler.FilterScheduler volume_manager=cinder.volume.manager.VolumeManager volume_api_class=cinder.volume.api.API volumes_dir=$state_path/volumes # auth info for MariaDB [database] connection=mysql://cinder:password@10.0.0.30/cinder # auth info for Keystone [keystone_authtoken] auth_host=10.0.0.30 auth_port=35357 auth_protocol=http admin_user=cinder admin_password=servicepassword admin_tenant_name=service chmod 640 /etc/cinder/cinder.conf [root@dlp ~(keystone)]# chgrp cinder /etc/cinder/cinder.conf
[root@dlp ~(keystone)]#
cinder-manage db sync [root@dlp ~(keystone)]# for service in api scheduler; do /etc/rc.d/init.d/openstack-cinder-$service start chkconfig openstack-cinder-$service on done Starting openstack-cinder-api: [ OK ] Starting openstack-cinder-scheduler: [ OK ] # show status [root@dlp ~(keystone)]# cinder-manage service list Binary Host Zone Status State Updated At cinder-scheduler dlp nova enabled :-) 2014-06-26 08:32:06 * the vulnerability warnings below is displayed every "cinder-manage" command, it works normally,
though security vulnerability remains.
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability. _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) |