openstack configuration

1.nova-api.conf 

DATABASE
--sql_connection=mysql://nova:password@172.16.123.6/nova

# LOGS/STATE
--verbose
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova

# RABBITMQ
--rabbit_password=guest
--rabbit_port=5672
--rabbit_host=172.16.123.6

# SCHEDULER
--scheduler_driver=nova.scheduler.simple.SimpleScheduler

# NETWORK
--network_manager=nova.network.manager.FlatDHCPManager
--fixed_range=192.168.100.0/24
--flat_network_dhcp_start=192.168.100.2
--public_interface=eth0
--flat_interface=eth0
--flat_network_bridge=br100

# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=172.16.123.6:9292

# COMPUTE
--compute_manager=nova.compute.manager.ComputeManager
--libvirt_type=qemu

# VNCPROXY
--vncproxy_url=http://172.16.123.6:6080
--vncproxy_wwwroot=/var/lib/nova/noVNC

# MISC
--use_deprecated_auth=false
--allow_admin_api=true
--enable_zone_routing=true

# KEYSTONE
--keystone_ec2_url=http://172.16.123.6:5000/v2.0/ec2tokens

2.nova-compute.conf 

--libvirt_type=qemu

3.glance-api.conf 

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True

# Show debugging output in logs (sets DEBUG log level output)
debug = False

# Which backend store should Glance use by default is not specified
# in a request to add a new image to Glance? Default: 'file'
# Available choices are 'file', 'swift', and 's3'
default_store = file

# Address to bind the API server
bind_host = 0.0.0.0

# Port the bind the API server to
bind_port = 9292

# Address to find the registry server
registry_host = 0.0.0.0

# Port the registry server is listening on
registry_port = 9191

# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = /var/log/glance/api.log

# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
use_syslog = False

# ============ Notification System Options =====================

# Notifications can be sent when images are create, updated or deleted.
# There are three methods of sending notifications, logging (via the
# log_file directive), rabbit (via a rabbitmq queue) or noop (no
# notifications sent, the default)
notifier_strategy = noop

# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
rabbit_host = localhost
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /
rabbit_notification_topic = glance_notifications

# ============ Filesystem Store Options ========================

# Directory that the Filesystem backend store
# writes image data to
filesystem_store_datadir = /var/lib/glance/images/

# ============ Swift Store Options =============================

# Address where the Swift authentication service lives
swift_store_auth_address = 127.0.0.1:8080/v1.0/

# User to authenticate against the Swift authentication service
swift_store_user = jdoe

# Auth key for the user authenticating against the
# Swift authentication service
swift_store_key = a86850deb2742ec3cb41518e26aa2d89

# Container within the account that the account should use
# for storing images in Swift
swift_store_container = glance

# Do we create the container if it does not exist?
swift_store_create_container_on_put = False

# What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is
# the maximum object size in Swift, which is 5GB
swift_store_large_object_size = 5120

# When doing a large object manifest, what size, in MB, should
# Glance write chunks to Swift? This amount of data is written
# to a temporary disk buffer during the process of chunking
# the image file, and the default is 200MB
swift_store_large_object_chunk_size = 200

# Whether to use ServiceNET to communicate with the Swift storage servers.
# (If you aren't RACKSPACE, leave this False!)
#
# To use ServiceNET for authentication, prefix hostname of
# `swift_store_auth_address` with 'snet-'.
# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
swift_enable_snet = False

# ============ S3 Store Options =============================

# Address where the S3 authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified,  default to 'http://'
s3_store_host = 127.0.0.1:8080/v1.0/

# User to authenticate against the S3 authentication service
s3_store_access_key = <20-char AWS access key>

# Auth key for the user authenticating against the
# S3 authentication service
s3_store_secret_key = <40-char AWS secret key>

# Container within the account that the account should use
# for storing images in S3. Note that S3 has a flat namespace,
# so you need a unique bucket name for your glance images. An
# easy way to do this is append your AWS access key to "glance".
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
# your AWS access key if you use it in your bucket name below!
s3_store_bucket = glance

# Do we create the bucket if it does not exist?
s3_store_create_bucket_on_put = False

# ============ Image Cache Options ========================

image_cache_enabled = False

# Directory that the Image Cache writes data to
# Make sure this is also set in glance-pruner.conf
image_cache_datadir = /var/lib/glance/image-cache/

# Number of seconds after which we should consider an incomplete image to be
# stalled and eligible for reaping
image_cache_stall_timeout = 86400

# ============ Delayed Delete Options =============================

# Turn on/off delayed delete
delayed_delete = False

[pipeline:glance-api]
#pipeline = versionnegotiation context apiv1app
# NOTE: use the following pipeline for keystone
# pipeline = versionnegotiation authtoken auth-context apiv1app

# To enable Image Cache Management API replace pipeline with below:
# pipeline = versionnegotiation context imagecache apiv1app
# NOTE: use the following pipeline for keystone auth (with caching)
# pipeline = versionnegotiation authtoken auth-context imagecache apiv1app
pipeline = versionnegotiation authtoken auth-context apiv1app


[pipeline:versions]
pipeline = versionsapp

[app:versionsapp]
paste.app_factory = glance.api.versions:app_factory

[app:apiv1app]
paste.app_factory = glance.api.v1:app_factory

[filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory

[filter:imagecache]
paste.filter_factory = glance.api.middleware.image_cache:filter_factory

[filter:context]
paste.filter_factory = glance.common.context:filter_factory

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_token = 11121314151617181920

[filter:auth-context]
##############  修改這個 #####################
context_class = glance.registry.context.RequestContext
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

4.glance-registry.conf 

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True

# Show debugging output in logs (sets DEBUG log level output)
debug = False

# Address to bind the registry server
bind_host = 0.0.0.0

# Port the bind the registry server to
bind_port = 9191

# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = /var/log/glance/registry.log

# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
use_syslog = False

# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
sql_connection = mysql://glance:password@172.16.123.6/glance
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
#
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
# before MySQL can drop the connection.
sql_idle_timeout = 3600

# Limit the api to return `param_limit_max` items in a call to a container. If
# a larger `limit` query param is provided, it will be reduced to this value.
api_limit_max = 1000

# If a `limit` query param is not provided in an api request, it will
# default to `limit_param_default`
limit_param_default = 25

[pipeline:glance-registry]
#pipeline = context registryapp
# NOTE: use the following pipeline for keystone
# pipeline = authtoken auth-context registryapp
pipeline = authtoken auth-context registryapp

[app:registryapp]
paste.app_factory = glance.registry.server:app_factory

[filter:context]
context_class = glance.registry.context.RequestContext
paste.filter_factory = glance.common.context:filter_factory

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_token = 11121314151617181920

[filter:auth-context]
##############  修改這個 #####################
context_class = glance.registry.context.RequestContext
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory

5.glance-scrubber.conf 

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = True

# Show debugging output in logs (sets DEBUG log level output)
debug = False

# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = /var/log/glance/scrubber.log

# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
use_syslog = False

# Delayed delete time in seconds
scrub_time = 43200

# Should we run our own loop or rely on cron/scheduler to run us
daemon = False

# Loop time between checking the db for new items to schedule for delete
wakeup_time = 300

# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
sql_connection = mysql://glance:password@172.16.123.6/glance
# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
#
# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
# idle connections. This can result in 'MySQL Gone Away' exceptions. If you
# notice this, you can lower this value to ensure that SQLAlchemy reconnects
# before MySQL can drop the connection.
sql_idle_timeout = 3600

[app:glance-scrubber]
paste.app_factory = glance.store.scrubber:app_factory

6.keystone.conf 

[DEFAULT]
# Show more verbose log output (sets INFO log level output)
verbose = False

# Show debugging output in logs (sets DEBUG log level output)
debug = False

# Which backend store should Keystone use by default.
# Default: 'sqlite'
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
default_store = sqlite

# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
log_file = keystone.log

# List of backends to be configured
backends = keystone.backends.sqlalchemy
#For LDAP support, add: ,keystone.backends.ldap

# Dictionary Maps every service to a header.Missing services would get header
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
service-header-mappings = {
        'nova' : 'X-Server-Management-Url',
        'swift' : 'X-Storage-Url',
        'cdn' : 'X-CDN-Management-Url'}

# Address to bind the API server
# TODO Properties defined within app not available via pipeline.
service_host = 0.0.0.0

# Port the bind the API server to
service_port = 5000

# Address to bind the Admin API server
admin_host = 0.0.0.0

# Port the bind the Admin API server to
admin_port = 35357

#Role that allows to perform admin operations.
keystone-admin-role = Admin

#Role that allows to perform service admin operations.
keystone-service-admin-role = KeystoneServiceAdmin

#Tells whether password user need to be hashed in the backend
hash-password = True

[keystone.backends.sqlalchemy]
# SQLAlchemy connection string for the reference implementation registry
# server. Any valid SQLAlchemy connection string is fine.
# See: http://bit.ly/ideIpI
#sql_connection = sqlite:////var/lib/keystone/keystone.db
sql_connection = mysql://keystone:password@172.16.123.6/keystone
backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
                    'User', 'Credentials', 'EndpointTemplates', 'Token',
                    'Service']

# Period in seconds after which SQLAlchemy should reestablish its connection
# to the database.
sql_idle_timeout = 30

[pipeline:admin]
pipeline =
    urlrewritefilter
    admin_api

[pipeline:keystone-legacy-auth]
pipeline =
    urlrewritefilter
    legacy_auth
    RAX-KEY-extension
    service_api

[app:service_api]
paste.app_factory = keystone.server:service_app_factory

[app:admin_api]
paste.app_factory = keystone.server:admin_app_factory

[filter:urlrewritefilter]
paste.filter_factory = keystone.middleware.url:filter_factory

[filter:legacy_auth]
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory

[filter:RAX-KEY-extension]
paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory

[filter:debug]
paste.filter_factory = keystone.common.wsgi:debug_filter_factory

7.api-paste.ini 

#######
# EC2 #
#######

[composite:ec2]
use = egg:Paste#urlmap
/: ec2versions
/services/Cloud: ec2cloud
/services/Admin: ec2admin
/latest: ec2metadata
/2007-01-19: ec2metadata
/2007-03-01: ec2metadata
/2007-08-29: ec2metadata
/2007-10-10: ec2metadata
/2007-12-15: ec2metadata
/2008-02-01: ec2metadata
/2008-09-01: ec2metadata
/2009-04-04: ec2metadata
/1.0: ec2metadata

[pipeline:ec2cloud]
# pipeline = logrequest ec2noauth cloudrequest authorizer ec2executor
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = logrequest authenticate cloudrequest authorizer ec2executor
##############  修改這個 #####################
pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor

[pipeline:ec2admin]
# pipeline = logrequest ec2noauth adminrequest authorizer ec2executor
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = logrequest authenticate adminrequest authorizer ec2executor
pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor

[pipeline:ec2metadata]
pipeline = logrequest ec2md

[pipeline:ec2versions]
pipeline = logrequest ec2ver

[filter:logrequest]
paste.filter_factory = nova.api.ec2:RequestLogging.factory

[filter:ec2lockout]
paste.filter_factory = nova.api.ec2:Lockout.factory

##############  修改這個 #####################
[filter:totoken]
paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory

[filter:ec2noauth]
paste.filter_factory = nova.api.ec2:NoAuth.factory

[filter:authenticate]
paste.filter_factory = nova.api.ec2:Authenticate.factory

[filter:cloudrequest]
controller = nova.api.ec2.cloud.CloudController
paste.filter_factory = nova.api.ec2:Requestify.factory
[filter:adminrequest]
controller = nova.api.ec2.admin.AdminController
paste.filter_factory = nova.api.ec2:Requestify.factory

[filter:authorizer]
paste.filter_factory = nova.api.ec2:Authorizer.factory

[app:ec2executor]
paste.app_factory = nova.api.ec2:Executor.factory

[app:ec2ver]
paste.app_factory = nova.api.ec2:Versions.factory

[app:ec2md]
paste.app_factory = nova.api.ec2.metadatarequesthandler:MetadataRequestHandler.factory

#############
# Openstack #
#############

[composite:osapi]
use = egg:Paste#urlmap
/: osversions
/v1.0: openstackapi10
/v1.1: openstackapi11

[pipeline:openstackapi10]
# pipeline = faultwrap noauth ratelimit osapiapp10
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = faultwrap auth ratelimit osapiapp10
##############  修改這個 #####################
pipeline = faultwrap authtoken keystonecontext ratelimit osapiapp10

[pipeline:openstackapi11]
# pipeline = faultwrap noauth ratelimit extensions osapiapp11
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = faultwrap auth ratelimit extensions osapiapp11
##############  修改這個 #####################
pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp11


[filter:faultwrap]
paste.filter_factory = nova.api.openstack:FaultWrapper.factory

[filter:auth]
paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory

[filter:noauth]
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory

[filter:ratelimit]
paste.filter_factory = nova.api.openstack.limits:RateLimitingMiddleware.factory

[filter:extensions]
paste.filter_factory = nova.api.openstack.extensions:ExtensionMiddleware.factory

[app:osapiapp10]
paste.app_factory = nova.api.openstack:APIRouterV10.factory

[app:osapiapp11]
paste.app_factory = nova.api.openstack:APIRouterV11.factory

[pipeline:osversions]
pipeline = faultwrap osversionapp

[app:osversionapp]
paste.app_factory = nova.api.openstack.versions:Versions.factory

##########
# Shared #
##########
##############  修改這個 #####################
[filter:keystonecontext]
paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory

##############  修改這個 #####################
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 172.16.123.6
service_port = 5000
auth_host = 172.16.123.6
auth_port = 35357
auth_protocol = http
auth_uri = http://172.16.123.6:5000/v2.0/
admin_token = 11121314151617181920



########################################### another nova-compute, nova-network ##################################################################

1. First must be install nova-compute, nova-network

2.write nova.conf, nova-compute.conf

[nova.conf]

# DATABASE
--sql_connection=mysql://nova:password@172.16.123.6/nova

# LOGS/STATE
--verbose
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova

# RABBITMQ
--rabbit_password=guest
--rabbit_port=5672
--rabbit_host=172.16.123.6

# SCHEDULER
--scheduler_driver=nova.scheduler.simple.SimpleScheduler

# NETWORK
--network_manager=nova.network.manager.FlatDHCPManager
--fixed_range=192.168.100.0/24
--flat_network_dhcp_start=192.168.100.2
--public_interface=eth0
--flat_interface=eth0
--flat_network_bridge=br100

# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=172.16.123.6:9292

# COMPUTE
--compute_manager=nova.compute.manager.ComputeManager
--libvirt_type=qemu

# VNCPROXY
--vncproxy_url=http://172.16.123.6:6080
--vncproxy_wwwroot=/var/lib/nova/noVNC

# MISC
--use_deprecated_auth=false
--allow_admin_api=true
--enable_zone_routing=true

# KEYSTONE
--keystone_ec2_url=http://172.16.123.6:5000/v2.0/ec2tokens

[nova-compute.conf]

--libvirt_type=qemu

留言

張貼留言

這個網誌中的熱門文章

Json概述以及python對json的相關操作

圖片
什麼是json: JSON(JavaScript Object Notation) 是一種輕量級的數據交換格式。易於人閱讀和編寫。同時也易於機器解析和生成。它基於JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999的一個子集。JSON採用完全獨立於語言的文本格式,但是也使用了類似於C語言家族的習慣(包括C, C++, C#, Java, JavaScript, Perl, Python等)。這些特性使JSON成為理想的數據交換語言。 JSON建構於兩種結構: “名稱/值”對的集合(A collection of name/value pairs)。不同的語言中,它被理解為對象(object),紀錄(record),結構(struct),字典(dictionary),哈希表(hash table),有鍵列表(keyed list),或者關聯數組(associative array)。 值的有序列表(An ordered list of values)。在大部分語言中,它被理解為數組(array)。 這些都是常見的數據結構。事實上大部分現代計算機語言都以某種形式支持它們。這使得一種數據格式在同樣基於這些結構的編程語言之間交換成為可能。 jso官方說 ​​明參見:http://json.org/ Python操作json的標準api庫參考:http://docs.python.org/library/json.html 對簡單數據類型的encoding 和decoding: 使用簡單的json.dumps方法對簡單數據類型進行編碼,例如: import json obj = [[ 1 , 2 , 3 ], 123 , 123.123 , 'abc' ,{ 'key1' :( 1 , 2 , 3 ), 'key2' :( 4 , 5 , 6 )}] encodedjson = json.dumps(obj) print repr (obj) print encodedjson 輸出: [[1, 2, 3], 123, 123.123, 'abc', {'ke
閱讀完整內容

Docker容器日誌查看與清理

1. 問題 docker容器日誌導致主機磁盤空間滿了。 docker logs -f container_name 劈裡啪啦一大堆,很佔用空間,不用的日誌可以清理掉了。  2. 解決方法 2.1 找出Docker容器日誌 在linux上,容器日誌一般存放在 /var/lib/docker/containers/container_id/ 下面,查看各個日誌文件大小的腳本docker_log_size.sh,內容如下: #!/bin/sh echo "======== docker containers logs file size ========" logs=$(find /var/lib/docker/containers/ -name *-json.log) for log in $logs do ls -lh $log done # chmod +x docker_log_size.sh # ./docker_log_size.sh 2.2 清理Docker容器日誌(治標) 如果docker容器正在運行,那麼使用 rm -rf 方式刪除日誌後,通過 df -h 會發現磁盤空間並沒有釋放。 原因是在Linux或者Unix系統中,通過 rm -rf 或者文件管理器刪除文件,將會從文件系統的目錄結構上解除鏈接(unlink)。 如果文件是被打開的(有一個進程正在使用),那麼進程將仍然可以讀取該文件,磁盤空間也一直被佔用。 正確姿勢是 cat /dev/null > *-json.log ,當然你也可以通過 rm -rf 刪除後重啟docker。 接下來,提供一個日誌清理腳本 clean_docker_log.sh ,內容如下: #!/bin/sh echo "======== start clean docker containers logs ========" logs=$(find /var/lib/docker/containers/ -name *-json.log) for log in $logs d
閱讀完整內容

遠程控制管理工具ipmitool

圖片
IPMI(Intelligent Platform Management Interface)即智能平台管理接口是使硬件管理具備“智能化”的新一代通用接口標準。用戶可以利用IPMI 監視服務器的物理特徵,如溫度、電壓、電扇工作狀態、電源供應以及機箱入侵等。Ipmi 最大的優勢在於它是獨立於CPU BIOS 和OS 的,所以用戶無論在開機還是關機的狀態下,只要接通電源就可以實現對服務器的監控。 IPMI 是一種規範的標準,其中最重要的物理部件就是BMC(Baseboard Management Controller),一種嵌入式管理微控制器,它相當於整個平台管理的“大腦”,通過它ipmi 可以監控各個傳感器的數據並記錄各種事件的日誌。 一般大廠的服務器都支持ipmi功能,比如DELL,HP,IBM。 此實驗選擇的硬件平台Dell R410 無idrac6卡,操作系統CentOS 5.6 1 .服務器啟動後,按'Ctrl + E'進入BMC管理工具界面 2 .設置'IPMI Over LAN'為On,啟用通過LAN方式的IPMI。 3 .選擇'IPMI LAN Channel',進入設置IPMI的網絡屬性,IP Address '10.60.30.29', Netmask '255.255.255.0' , Default Gateway '10.60.30.1',與服務器eth0配置一致即可。 4 .選擇'User Configuration',進入設置IPMI的訪問帳號, 'Admin account'保持'root'不變,'Enter Passwd'與'Confirm Passwd'填入'root' ipmitool命令使用 http://ipmitool.sourceforge.net/manpage.html 常用顯示本地網絡信息-I open表示接口本地 # ipmitool -I open lan print 1 Set in Progress : Set Complete Auth Type Suppo
閱讀完整內容