Sharing

2012年3月23日 星期五

date 的使用方法


http://www.cyberciti.biz/faq/linux-display-date-and-time/


date

Sample outputs:
Sat Nov 7 22:44:59 IST 2009

You can format the date as follows in dd-mm-yy format:
date +"%d-%m-%y"

Sample outputs:
07-11-09

To print the date of the day before yesterday:
date --date='2 days ago'

To print the day of year of Christmas in the current year:
date --date='25 Dec' +%j

To print the current full month name and the day of the month:
date '+%B %d'

Revert the date to second from 1970
date --date="2013/06/01 00:00:00 UTC" +%s

Transfer the second to date format
date -u -d @1370044800

2012年3月20日 星期二

Network reverse-path filter


今天在公司遇到了一件很怪的事, 狀況是這樣子的
從 C 機器可以 ping 的到 A, 但 A 就是無法 ping 回 C
而且和 C 機器在同一個網段的機器 D 就沒這個問題
仔細請教公司的網路大師後, 才找到為什麼

網路架構如下

172.16.x.x ──── 172.16.x.x
    A                B
    │           192.168.x.x ────── 192.168.x.x
    │                                   C
    │                              172.16.x.x
    │                                   │
    └───────────────────────────────────┘

有三台機器
A eth0 172.16.x.x
B eth0 172.16.x.x
    eth1 192.168.x.x
C eth0 192.168.x.x
    eth1 172.16.x.x

原因就出在第三台機器為了方便, 所以在 eth1 多接了一條網路到直接通到 172.16.x.x 的網段, 從 172.16.x.x ping 192.168.x.x 時, 走的是上面的的路線, 而當 C 要回應時, 則因為有更適合的路, 所以要走下面那段路

但在一些安全性考量之下, 這樣的行為是被擋掉的, 回去的路必須要跟來的路相同, 如果要接受這樣的行為, 則必須要把 reverse-path filter 關掉

pjack@ubuntu:~$ cat /etc/sysctl.conf | grep filter 
# Uncomment the next two lines to enable Spoof protection (reverse-path filter) 
# net.ipv4.conf.default.rp_filter=1 
# 改設成 0 
net.ipv4.conf.default.rp_filter=0 
# net.ipv4.conf.all.rp_filter=1 
# 改設成 0 
net.ipv4.conf.all.rp_filter=0 
 
pjack@ubuntu:~$ sudo sysctl -p 
net.ipv4.conf.default.rp_filter=0 
net.ipv4.conf.all.rp_filter=0  

pjack@ubuntu:~$ sysctl -a | grep rp_filter 
net.ipv4.conf.all.rp_filter = 0 
net.ipv4.conf.all.arp_filter = 0 
net.ipv4.conf.default.rp_filter = 0 
net.ipv4.conf.default.arp_filter = 0 
net.ipv4.conf.br1.rp_filter = 0 
net.ipv4.conf.br1.arp_filter = 0 
net.ipv4.conf.br0.rp_filter = 0 
net.ipv4.conf.br0.arp_filter = 0  

pjack@ubuntu:~$ sudo /etc/init.d/networking restart  


重新設定後果然就通了, 利用 tcpdump 來看封包

# 先看 eth0 進來的封包, 有看到 ICMP  
wistor@wistor-001:~$ sudo tcpdump -i eth0 -n icmp 
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:22:11.379560 IP 172.16.123.1 > 192.168.200.83: ICMP echo request, id 1, seq 334, length 40
11:22:16.006429 IP 172.16.123.1 > 192.168.200.83: ICMP echo request, id 1, seq 335, length 40
11:22:20.507438 IP 172.16.123.1 > 192.168.200.83: ICMP echo request, id 1, seq 336, length 40

# 也看看 eth1 出去的封包, 有看到 ICMP
wistor@wistor-001:~$ sudo tcpdump -i eth1 -n icmp
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:41:33.586354 IP 192.168.200.83 > 172.16.123.1: ICMP echo reply, id 1, seq 573, length 40
11:41:34.589350 IP 192.168.200.83 > 172.16.123.1: ICMP echo reply, id 1, seq 574, length 40
11:41:35.592638 IP 192.168.200.83 > 172.16.123.1: ICMP echo reply, id 1, seq 575, length 40
11:41:36.596761 IP 192.168.200.83 > 172.16.123.1: ICMP echo reply, id 1, seq 576, length 40

tcpdump 使用 example
http://www.rationallyparanoid.com/articles/tcpdump.html

Fabric 1.4 筆記


要安裝最新版的 fabric 建議用以下的方式, Ubuntu 11.10 目前是使用 1.0 版的 Fabric, 有很多好功能還無法使用

sudo apt-get install python-pip
sudo apt-get install python-crypto
sudo pip install fabric


http://docs.fabfile.org/en/1.4.0/index.html

from fabric.api import run, sudo, cd
run(): 跑在 remote 端
sudo(): 用 root 權限跑在 remote 端
cd(): 進入 folder, 只在 remote 端執行

from fabric.api import local, lcd

local(): 在本地執行, 而且會傳回一個物件,包含著執行是否成功的資訊
lcd(): 進入 folder, 只在 local 端執行

from fabric.api import env

可以設定環境變數, 其中有一些很常用
  • user: 登入 remote 端使用的帳號
  • password: 登入 remote 端使用的密碼
  • skip_bad_hosts: 跳過沒有反應的 remote, 而不要中斷
  • hosts: 設定有那些 remote
  • roledefs: 設定有那些角色,以及包含了那一些 host, 不過和上一個屬性建議分開使用
from fabric.api import settings

settings(): 在某一區塊短暫的改變 fabric 執行環境變數,
ex:warn_only -- 不要因為錯誤就中斷

from fabric.contrib.console import confirm

confirm(): 和 User互動,確認 Yes or No


from fabric.api import abort

abort(): 直接中斷


from fabric.api import run, roles

env.roledefs = {
    'db': ['db1', 'db2'],
    'web': ['web1', 'web2', 'web3'],
}

@roles('db')
def migrate():
    # Database stuff here.
    pass

@roles('web')
def update():
    # Code updates here.
    pass

def deploy():
    execute(migrate)
    execute(update)


可以把每台機器分成不同的角色, 並且指定那些功能是那些角色要做的事
在執行時要記得使用 execute, 不然會只在原本的 host list 執行
我覺得用法應該是不用指定 env.hosts, 只要把每台機器的角色設定好後, 就執行 deploy 即可

Warning
This technique works because tasks that themselves have no host list (this includes the global host list settings) only run one time.

def new_user(username, admin='no', comment="No comment provided"):
    log_action("New User (%s): %s" % (username, comment))
    pass

http://docs.fabfile.org/en/1.4.0/usage/fab.html#per-task-arguments

可以針對每個功能下參數
fab new_user:myusername
fab new_user:username=myusername
fab new_user:myusername,yes
fab new_user:myusername,admin=yes


有很多好用的 tag

@parallel(pool_size=5) 指定要平行運作, 但最多一次5台機器, 如果是用 cmd line : -P -z 5
@serial 指定要遁序運作
@hosts 指定那些 hosts 要執行這個 task
@roles 指定那些 roles 要執行這個 task
@task(alias='xxx', default=True) 指定成外部可以用的 task, 並且有一個 alias


http://docs.fabfile.org/en/1.4.0/usage/tasks.html
這邊介紹了如何用 submodule 及 namespacing 來建構工作, 非常實用, 目前的想法是可以把 fabric 檔案放在 source code 的每一層
比方說:一個大專案裡面有三個小專案, 可以在每個專案下建制自己的 deployment 方法, 最後在最上層打一個整合包
.
├── __init__.py
├── fabfile.py
├── module1
│   ├── __init__.py
│   ├── deploy.py
├── module2
│   ├── __init__.py
│   ├── deploy.py
├── module3
│   ├── __init__.py
│   ├── deploy.py

在fabfile.py 內, 就指定那些角色要安裝什麼 module

from fabric.api import *
import module_1
import module_2
import module_3

env.roledefs = {
    'db': ['db1', 'db2'],
    'web': ['web1', 'web2', 'web3'],
}

@task(default=True, alias='deploy')
def deploy_all():
    execute(module_1.deploy, role='db')
    execute(module_2.deploy, role='web')
    execute(module_3.deploy, roles=env.roledefs.keys())




2012年3月13日 星期二

Network 指令收集

KVM Installation

https://help.ubuntu.com/11.10/serverguide/C/virtualization.html
http://bojack.pixnet.net/blog/post/29040863-%E3%80%90linux%E3%80%91%E5%9C%A8-ubuntu-11.04-%E4%B8%8A%E5%AE%89%E8%A3%9D-kvm

wistor@wistor-003:~$ kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used

wistor@wistor-003:~$ lsmod | grep kvm
kvm_intel             137721  3
kvm                   407077  1 kvm_intel

wistor@wistor-003:~$ sudo modprobe -l | grep kvm
kernel/arch/x86/kvm/kvm.ko
kernel/arch/x86/kvm/kvm-intel.ko
kernel/arch/x86/kvm/kvm-amd.ko

wistor@wistor-003:~$ sudo apt-get install kvm libvirt-bin

wistor@wistor-003:~$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto br0
iface br0 inet static
        bridge_ports eth0
        bridge_fd 9
        bridge_hello 2
        bridge_maxage 12
        bridge_stp off
        address 172.16.123.83
        network 172.16.0.0
        netmask 255.255.0.0
        gateway 172.16.1.254

auto br0:1
iface br0:1 inet static
    address 192.168.123.83
    netmask 255.255.255.0

wistor@wistor-003:~$ ifconfig
br0       Link encap:Ethernet  HWaddr 00:26:2d:0a:36:7e
          inet addr:172.16.123.83  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::226:2dff:fe0a:367e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:186911 errors:0 dropped:5837 overruns:0 frame:0
          TX packets:79278 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:136435680 (136.4 MB)  TX bytes:8542559 (8.5 MB)

br0:1     Link encap:Ethernet  HWaddr 00:26:2d:0a:36:7e
          inet addr:192.168.123.83  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 00:26:2d:0a:36:7e
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:278356 errors:0 dropped:10 overruns:0 frame:0
          TX packets:91634 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:176265990 (176.2 MB)  TX bytes:9623004 (9.6 MB)
          Memory:fbea0000-fbec0000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:98 errors:0 dropped:0 overruns:0 frame:0
          TX packets:98 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9439 (9.4 KB)  TX bytes:9439 (9.4 KB)

virbr0    Link encap:Ethernet  HWaddr 52:6b:4e:82:ba:f8
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)



wistor@wistor-003:~$ groups
wistor adm dialout cdrom plugdev lpadmin sambashare admin libvirtd

wistor@wistor-003:~$ virsh -c qemu:///system list
 Id Name                 State
----------------------------------

wistor@wistor-003:~$ sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24


wistor@wistor-003:~$ sudo apt-get install virtinst
wistor@wistor-003:~$ cat build_vm.sh
HOSTNAME=vm3
MEMORY=512
CPUS=1
DISK_SIZE=10000
IP=172.16.123.84


sudo virt-install \
-v \
-n $HOSTNAME \
-r $MEMORY \
--disk path=$HOSTNAME.img,bus=virtio,size=4 \
-c ubuntu-11.10-server-amd64.iso \
--accelerate \
--network bridge=br0 \
--connect=qemu:///system \
--virt-type=kvm \
--graphics vnc,listen=0.0.0.0
wistor@wistor-003:~$ sudo ./build_vm.sh
wistor@wistor-003:~$ virsh vncdisplay vm3
:0






2012/03/14 補: 用一個 image 當作 base, 然後 create 出來其他 image 檔
http://jamyy.dyndns.org/blog/2012/02/3594.html

wistor@wistor-001:~$ sudo qemu-img create -b iscsi-server-base.qcow2 -f qcow2 wistor-004.qcow2
Formatting 'wistor-004.qcow2', fmt=qcow2 size=4294967296 backing_file='iscsi-server-base.qcow2' encryption=off cluster_size=0


2012/03/14 補: 把.img 轉成 qcow2

wistor@wistor-001:~$ sudo qemu-img convert -O qcow2 iscsi-server-base.img iscsi-server-base.qcow2

2012/03/15 補: 如何直接 mount qcow2

wistor@wistor-003:~$ modprobe nbd
wistor@wistor-003:~$ sudo kvm-nbd -c /dev/nbd0 ~/kvm/ubuntu-11.10-3.2-base.qcow2
wistor@wistor-003:~$ sudo mount /dev/nbd0p1 /mnt/kvm
wistor@wistor-003:~$ sudo umount /mnt/kvm
wistor@wistor-003:~$ sudo kvm-nbd -d /dev/nbd0

2012/03/16 補: 如何 boot from network

# 記得要先安裝這個套件
wistor@ubuntu:~/kvm$ sudo apt-get install kvm-pxe
[sudo] password for wistor:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  kvm-pxe
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 128 kB of archives.
After this operation, 201 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe kvm-pxe all 5.4.4-7ubuntu3 [128 kB]
Fetched 128 kB in 2s (58.7 kB/s)
Selecting previously deselected package kvm-pxe.
(Reading database ... 71450 files and directories currently installed.)
Unpacking kvm-pxe (from .../kvm-pxe_5.4.4-7ubuntu3_all.deb) ...
Setting up kvm-pxe (5.4.4-7ubuntu3) ...

# 在  內加上 network 選項, 如果需要 bootmenu 就再加上設定
wistor@ubuntu:~/kvm$ sudo cat /etc/libvirt/qemu/ubuntu-11.10-3.2-base.xml | grep -A 10 os
  
    hvm
    
    
    
  





Reference:
http://www.howtoforge.com/virtualization-with-kvm-on-ubuntu-10.10


Console problem
http://serverfault.com/questions/338770/kvm-on-ubuntu-console-connection-displays-nothing

Kdump on Ubuntu11.10


Reference:
http://www.dedoimedo.com/computers/kdump.html
http://www.mjmwired.net/kernel/Documentation/kdump/

Kdump 的介紹就看上面兩個連結, 基本上如果是在 Ubuntu 上 cpu =1 的狀況下, 可以直接使用原本的 kernel 來當 Crash Kernel, 根據上面的文件來看, 即使 cpu > 1 的狀況下, 應該也可以正常運作, 只要加上 maxcpus=1 即可, 然而實際測試過後卻無法成功, 不太確定是什麼環節出了問題, 所以就使用最傳統的方式, 另外準備一個專門的 Crash Kernel, 至於怎麼 Build Kernel 就參考這篇文章以及上述的連結來做設定

Build Linux Kernel 3.2

Crash Kernel 安裝好之後, 就可以安裝 kdump


wistor@wistor-001:~$ sudo apt-get install kdump-tools

wistor@wistor-001:~$ cat /etc/default/kdump-tools
# 設成 1
USE_KDUMP=1
# 設成安裝進去的 package
KDUMP_KERNEL="/boot/vmlinuz-3.2.0-17-crashdump32"
KDUMP_INITRD="/boot/initrd.img-3.2.0-17-crashdump32"
KDUMP_CMDLINE="BOOT_IMAGE=/boot/vmlinuz-3.2.0-17-crashdump32 root=UUID=b1a569f8-8046-416f-96d6-ef9012d922b0 ro"

# 設定好之後重啟 kdump
wistor@wistor-003:~$ chkconfig kdump on
wistor@wistor-003:~$ sudo service kdump restart
wistor@wistor-003:~$ sudo service kdump-tools restart
 * unloaded kdump kernel
Could not find an installed debug vmlinux image and
DEBUG_KERNEL is not specified in /etc/default/kdump-tools
 * makedumpfile may be limited to -d 1
setup_linux_vesafb: 640x480x32 @ fa000000 +130000
 * loaded kdump kernel
# 有可能看到他會警告你沒有設定 crashkernel, 但不用理他, 重開機後應該就會正確
# 檢查一下 command 有沒有正確, 沒問題的話就重開機一下
wistor@wistor-003:~$ cat /var/crash/kexec_cmd
/sbin/kexec -p --command-line="BOOT_IMAGE=/boot/vmlinuz-3.2.0-17-crashdump32 root=UUID=b1a569f8-8046-416f-96d6-ef9012d922b0 ro irqpoll maxcpus=1 nousb" --initrd=/boot/initrd.img-3.2.0-17-crashdump32 /boot/vmlinuz-3.2.0-17-crashdump32

# 可以利用這個指令來測試
wistor@wistor-003:~$ echo c > /proc/sysrq-trigger

# 理想的狀況下, 應該在 /var/crash 內產生 dump
wistor@wistor-003:/var/crash$ ll
total 32
drwxrwxrwt  7 root root 4096 2012-03-09 13:23 ./
drwxr-xr-x 13 root root 4096 2012-03-09 12:56 ../
drwxr-xr-x  2 root root 4096 2012-03-08 12:01 201203081152/
drwxr-xr-x  2 root root 4096 2012-03-08 17:35 201203081735/
drwxr-xr-x  2 root root 4096 2012-03-09 12:48 201203091241/
drwxr-xr-x  2 root root 4096 2012-03-09 13:15 201203091306/
drwxr-xr-x  2 root root 4096 2012-03-09 13:23 201203091323/
-rwxr-xr-x  1 root root  231 2012-03-09 13:22 kexec_cmd*




Git 容易忘記的指令


============ 當 Conflict when git pull =====================

http://jackdempsey.me/2010/07/01/git-when-branches-diverge.html

如果 git pull 時發現有 Conflict, 但你又明明沒有加入任何 commit,
有可能是因為原來的 branch 已經走到分支出去了,
你可以打入 git status

wistor@wistor-003:~/KernelBuild/kernel-3.2$ git status
# On branch master
# Your branch and 'origin/master' have diverged,
# and have 32 and 83 different commit(s) each, respectively.
#
nothing to commit (working directory clean)



第一個數字 32 代表著你比 origin/master 多了 32 個 patch,
第二個數字 83 代表著你比 origin/master 少了 83 個 patch
如果你很有興趣知道是那一些可以利用 git cherry origin/master 來看

接下來你有幾個方式

1. 像網頁上的方式, 執行 git reset --hard HEAD^ 一直到你可以做 fast-forwarded
這個時候再來執行 git pull

wistor@wistor-003:~/KernelBuild/kernel-3.2$ git status
# On branch master
# Your branch is behind 'origin/master' by 83 commits, and can be fast-forwarded.
#

2. 直接執行 git pull --rebase origin/master

3. 如果你有用 smartgit, 可以打開 log tree, 直接選擇你要的點, 然後按下 reset


常用指令說明
http://blog.longwin.com.tw/2009/05/git-learn-initial-command-2009/



2012年3月10日 星期六

Ubuntu 11.10 中文輸入法倉頡問題


預設是安裝英文版, 但要加入中文輸入法要怎麼辦呢?

Dash Home -> System Setting -> Language Support -> Install / Remove Language -> Chinese (Traditional)

Dash Home -> Keyboard Input Method -> turn on ibus -> 接下來就可以安裝注音或是倉頡輸入法

不過我遇到了很神奇的事, 就是打出來的字都是簡體中文, 網路上找了很久才找到解法

http://www.ubuntu-tw.org/modules/newbb/viewtopic.php?post_id=202508

vi /usr/share/ibus-table/engine/table.py

search get_chinese_mode
search the followings

    def get_chinese_mode (self):
        '''Use LC_CTYPE in your box to determine the _chinese_mode'''
        try:
            if os.environ.has_key('LC_CTYPE'):
                __lc = os.environ['LC_CTYPE'].split('.')[0].lower()
            else:
                __lc = os.environ['LANG'].split('.')[0].lower()

            if __lc.find('zh_') == 0:
                # this is a zh_XX
                __place =__lc.split('_')[1]
                if __place == 'cn':
                    return 0
                else:
                    return 1
            else:
                if self.db._is_chinese:
                    # if IME declare as Chinese IME
                    # 這行改成回傳 1
                    return 1
                else:
                    return -1
        except:
            return -1



2012年3月7日 星期三

Build Linux Kernel 3.2


為了解掉一些問題, 不得不把 kernel 升級到 3.2, 參考了同事的作法及網路上的作法, 下面是我的紀錄
http://blog.avirtualhome.com/2012/01/13/compile-linux-kernel-3-2-for-ubuntu-11-10/

wistor@wistor-003:~/KernelBuild$ sudo apt-get install fakeroot build-essential
wistor@wistor-003:~/KernelBuild$ sudo apt-get install crash kexec-tools makedumpfile kernel-wedge
wistor@wistor-003:~/KernelBuild$ sudo apt-get build-dep linux-image-$(uname -r)
wistor@wistor-003:~/KernelBuild$ sudo apt-get install git libncurses5 libncurses5-dev libnewt-dev
wistor@wistor-003:~/KernelBuild$ sudo apt-get install python-dev
wistor@wistor-003:~/KernelBuild$ git clone git://kernel.ubuntu.com/ubuntu/ubuntu-precise.git kernel-3.2
wistor@wistor-003:~/KernelBuild$ cd kernel-3.2
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git tag | grep Ubu | sort -V
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git checkout Ubuntu-3.2.0-18.28 -b wistor-3.2.0-18.28


需要使用 kdump 及 scst, 所以參考這兩份來打 patch 及做開關 option 的動作

http://www.mjmwired.net/kernel/Documentation/kdump/
http://iscsi-scst.sourceforge.net/SCST_Gentoo_HOWTO.txt

flavour 的名字千萬不要有 "-" 或是 "." 都會造成最後會有 error, 如果看到類似以下的問題, 就是這個原因
dh_installdeb: package linux-image-3.2.0-18-wistor-3.2 is not in control info
dh_installdeb: package linux-image-3.2.0-18-wistor-3.2 is not in control info

wistor@wistor-003:~/KernelBuild/kernel-3.2$ cp debian.master/config/amd64/config.flavour.generic debian.master/config/amd64/config.flavour.wistor32
wistor@wistor-003:~/KernelBuild/kernel-3.2$ patch -p1 < ../../put_page_callback-3.2.patch
patching file include/linux/mm_types.h
patching file include/linux/net.h
patching file include/linux/skbuff.h
patching file net/Kconfig
patching file net/core/skbuff.c
patching file net/ipv4/Makefile
patching file net/ipv4/ip_output.c
patching file net/ipv4/tcp.c
patching file net/ipv4/tcp_zero_copy.c
wistor@wistor-003:~/KernelBuild/kernel-3.2$ patch -p1 < ../../scst_exec_req_fifo-3.2.patch
patching file block/blk-map.c
patching file include/linux/blkdev.h
Hunk #2 succeeded at 721 (offset 3 lines).
patching file include/linux/scatterlist.h
patching file lib/scatterlist.c

wistor@wistor-003:~/KernelBuild/kernel-3.2$ fakeroot debian/rules clean

wistor@wistor-003:~/KernelBuild/kernel-3.2$ debian/rules updateconfigs
# 中間會問一堆是否要新增這個選項, 是  scst 加入的
TCP/IP networking (INET) [Y/n/?] y
  TCP/IP zero-copy transfer completion notification (TCP_ZERO_COPY_TRANSFER_COMPLETION_NOTIFICATION) [N/y/?] (NEW) y
wistor@wistor-003:~/KernelBuild/kernel-3.2$ debian/rules editconfigs
check-config: /tmp/tmp.utIyJbU3V6/CONFIGS/amd64-config.flavour.wistor32: loading config
check-config: /home/wistor/KernelBuild/kernel-3.2/debian.master/config/enforce: loading checks
# 如果 Dependency 沒有問題的話, 應該要有一行這個
check-config: 41/41 checks passed -- exit 0
# 如果要調整 CONFIG Option 就執行這個
wistor@wistor-003:~/KernelBuild/kernel-3.2$ debian/rules editconfigs
Config 做好之後, 把做的東西先備份起來, 然後把 kernel build 的東西都準備好
wistor@wistor-003:~/KernelBuild/kernel-3.2$ cp debian.master/config/amd64/config.flavour.wistor32 ../
wistor@wistor-003:~/KernelBuild/kernel-3.2$ cat ../config.flavour.wistor32
#
# Config options for config.flavour.wistor32 automatically generated by splitconfig.pl
#
CONFIG_DEFAULT_CFQ=y
# CONFIG_DEFAULT_DEADLINE is not set
CONFIG_DEFAULT_IOSCHED="cfq"
CONFIG_INTEL_IDLE=y
# CONFIG_MUTEX_SPIN_ON_OWNER is not set
CONFIG_NR_CPUS=1
# CONFIG_PREEMPT_NONE is not set
CONFIG_PREEMPT_VOLUNTARY=y
# CONFIG_SMP is not set
CONFIG_X86_INTERNODE_CACHE_SHIFT=6

# 這兩個步驟不一定要做, 做了之後記得 patch 又要重打
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git reset --hard
HEAD is now at 26e8d2b UBUNTU: Ubuntu-3.2.0-18.28
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git clean -df
Removing debian.master/config/amd64/config.flavour.wistor32
Removing debian.master/control
Removing debian.master/control.stub
Removing debian.master/d-i/kernel-versions
Removing debian/changelog
Removing debian/control
Removing debian/control.stub
Removing debian/copyright
Removing net/ipv4/tcp_zero_copy.c

wistor@wistor-003:~/KernelBuild/kernel-3.2$ cp debian.master/abi/3.2.0-17.27/amd64/generic debian.master/abi/3.2.0-17.27/amd64/wistor32
wistor@wistor-003:~/KernelBuild/kernel-3.2$ cp debian.master/abi/3.2.0-17.27/amd64/generic.modules debian.master/abi/3.2.0-17.27/amd64/wistor32.modules
wistor@wistor-003:~/KernelBuild/kernel-3.2$ cp ../config.flavour.wistor32 debian.master/config/amd64/
wistor@wistor-003:~/KernelBuild/kernel-3.2$ cat debian.master/etc/getabis
repo_list=(
        "http://archive.ubuntu.com/ubuntu/pool/main/l/linux"
        "http://ports.ubuntu.com/ubuntu-ports/pool/main/l/linux"
        "http://archive.ubuntu.com/ubuntu/pool/universe/l/linux"
        "http://ports.ubuntu.com/ubuntu-ports/pool/universe/l/linux"
)

getall armel omap
getall armhf omap
# 多加一個選項
getall amd64 generic virtual wistor32
getall i386 generic generic-pae virtual

# Ports arches and flavours.
getall powerpc powerpc powerpc-smp powerpc64-smp


wistor@wistor-003:~/KernelBuild/kernel-3.2$ cat debian.master/rules.d/amd64.mk
human_arch      = 64 bit x86
build_arch      = x86_64
header_arch     = $(build_arch)
asm_link        = x86
defconfig       = defconfig
# 多加一個選項
flavours        = generic virtual wistor32
build_image     = bzImage
kernel_file     = arch/$(build_arch)/boot/bzImage
install_file    = vmlinuz
loader          = grub
no_dumpfile     = true

wistor@wistor-003:~/KernelBuild/kernel-3.2$ cp debian.master/control.d/vars.generic debian.master/control.d/vars.wistor32
wistor@wistor-003:~/KernelBuild/kernel-3.2$ cat debian.master/control.d/vars.wistor32
arch="i386 amd64"
supported="Generic"
target="Geared toward desktop and server systems."
desc="Wistron Storage Server"
bootloader="grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub | lilo (>= 19.1)"
provides="kvm-api-4, redhat-cluster-modules, ivtv-modules, ndiswrapper-modules-1.9"
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git add .
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git commit -a -m "wistor32 modification"
[wistor32.0-18.28 719d010] wistor32 modification
 Committer: wistor 
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly:

    git config --global user.name "Your Name"
    git config --global user.email you@example.com

After doing this, you may fix the identity used for this commit with:

    git commit --amend --reset-author

 6 files changed, 15771 insertions(+), 2 deletions(-)
 create mode 100644 debian.master/abi/3.2.0-17.27/amd64/wistor32
 create mode 100644 debian.master/abi/3.2.0-17.27/amd64/wistor32.modules
 create mode 100644 debian.master/config/amd64/config.flavour.wistor32
 create mode 100644 debian.master/control.d/vars.wistor32

一切準備就緒後, 就準備進行 build kernel
wistor@wistor-003:~/KernelBuild/kernel-3.2$ git checkout -b work
Switched to a new branch 'work'
wistor@wistor-003:~/KernelBuild/kernel-3.2$ fakeroot debian/rules clean
wistor@wistor-003:~/KernelBuild/kernel-3.2$ DEB_BUILD_OPTIONS=parallel=4 skipabi=true skipmodule=true fakeroot debian/rules binary-indep
wistor@wistor-003:~/KernelBuild/kernel-3.2$ ll ../
drwxrwxr-x  4 wistor wistor     4096 2012-03-07 15:50 ./
drwxrwxr-x  3 wistor wistor     4096 2012-03-07 11:50 ../
-rw-rw-r--  1 wistor wistor      378 2012-03-07 15:28 config.flavour.wistor32
-rw-r--r--  1 wistor wistor  4567196 2012-03-07 15:50 linux-doc_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor 11732448 2012-03-07 15:50 linux-headers-3.2.0-18_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor    73134 2012-03-07 15:50 linux-source-3.2.0_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor   122972 2012-03-07 15:50 linux-tools-common_3.2.0-18.28_all.deb
wistor@wistor-003:~/KernelBuild/kernel-3.2$ DEB_BUILD_OPTIONS=parallel=4 skipabi=true skipmodule=true fakeroot debian/rules binary-perarch
wistor@wistor-003:~/KernelBuild/kernel-3.2$ ll ../
drwxrwxr-x  4 wistor wistor     4096 2012-03-07 15:51 ./
drwxrwxr-x  3 wistor wistor     4096 2012-03-07 11:50 ../
-rw-rw-r--  1 wistor wistor      378 2012-03-07 15:28 config.flavour.wistor32
-rw-r--r--  1 wistor wistor  4567196 2012-03-07 15:50 linux-doc_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor 11732448 2012-03-07 15:50 linux-headers-3.2.0-18_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor    73134 2012-03-07 15:50 linux-source-3.2.0_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor   382732 2012-03-07 15:51 linux-tools-3.2.0-18_3.2.0-18.28_amd64.deb
-rw-r--r--  1 wistor wistor   122972 2012-03-07 15:50 linux-tools-common_3.2.0-18.28_all.deb
wistor@wistor-003:~/KernelBuild/kernel-3.2$ DEB_BUILD_OPTIONS=parallel=4 skipabi=true skipmodule=true fakeroot debian/rules binary-wistor32
wistor@wistor-003:~/KernelBuild/kernel-3.2$ ll ../
drwxrwxr-x  4 wistor wistor     4096 2012-03-08 09:27 ./
drwxrwxr-x  3 wistor wistor     4096 2012-03-08 10:03 ../
-rw-r--r--  1 wistor wistor      374 2012-03-08 10:07 config.flavour.wistor32
-rw-r--r--  1 wistor wistor  4567250 2012-03-08 10:08 linux-doc_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor 11733116 2012-03-08 10:08 linux-headers-3.2.0-18_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor  1018718 2012-03-08 10:29 linux-headers-3.2.0-18-wistor32_3.2.0-18.28_amd64.deb
-rw-r--r--  1 wistor wistor 38158318 2012-03-08 10:29 linux-image-3.2.0-18-wistor32_3.2.0-18.28_amd64.deb
-rw-r--r--  1 wistor wistor    73134 2012-03-08 10:08 linux-source-3.2.0_3.2.0-18.28_all.deb
-rw-r--r--  1 wistor wistor   402534 2012-03-08 10:09 linux-tools-3.2.0-18_3.2.0-18.28_amd64.deb
-rw-r--r--  1 wistor wistor   122908 2012-03-08 10:08 linux-tools-common_3.2.0-18.28_all.deb

其中我遇到了 compile error, 原因是我把 CONFIG_SMP 關起來 error: struct cpuinfo_x86 has no member named phys_proc_id 但我也很幸運的找到解決的方法, 把某一行 code 用 compile option 包起來即可 https://lkml.org/lkml/2011/12/6/28
wistor@wistor-003:~/KernelBuild/$ sudo dpkg -i linux-tools-common_3.2.0-18.28_all.deb
wistor@wistor-003:~/KernelBuild/$ sudo dpkg -i linux-headers-3.2.0-18_3.2.0-18.28_all.deb
wistor@wistor-003:~/KernelBuild/$ sudo dpkg -i linux-headers-3.2.0-18-wistor32_3.2.0-18.28_amd64.deb linux-image-3.2.0-18-wistor32_3.2.0-18.28_amd64.deb linux-tools-3.2.0-18_3.2.0-18.28_amd64.deb
(Reading database ... 104160 files and directories currently installed.)
Preparing to replace linux-headers-3.2.0-18-wistor32 3.2.0-18.28 (using linux-headers-3.2.0-18-wistor32_3.2.0-18.28_amd64.deb) ...
Unpacking replacement linux-headers-3.2.0-18-wistor32 ...
Selecting previously deselected package linux-image-3.2.0-18-wistor32.
Unpacking linux-image-3.2.0-18-wistor32 (from linux-image-3.2.0-18-wistor32_3.2.0-18.28_amd64.deb) ...
Done.
Preparing to replace linux-tools-3.2.0-18 3.2.0-18.28 (using linux-tools-3.2.0-18_3.2.0-18.28_amd64.deb) ...
Unpacking replacement linux-tools-3.2.0-18 ...
Setting up linux-headers-3.2.0-18-wistor32 (3.2.0-18.28) ...
Setting up linux-image-3.2.0-18-wistor32 (3.2.0-18.28) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.2.0-18-wistor32 /boot/vmlinuz-3.2.0-18-wistor32
update-initramfs: Generating /boot/initrd.img-3.2.0-18-wistor32
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.2.0-18-wistor32 /boot/vmlinuz-3.2.0-18-wistor32
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.2.0-18-wistor32
Found initrd image: /boot/initrd.img-3.2.0-18-wistor32
Found linux image: /boot/vmlinuz-3.0.0-15-wistor
Found initrd image: /boot/initrd.img-3.0.0-15-wistor
Found memtest86+ image: /boot/memtest86+.bin
done
Setting up linux-tools-3.2.0-18 (3.2.0-18.28) ...

wistor@wistor-003:/boot$ ll
total 43520
drwxr-xr-x  3 root root     4096 2012-03-08 11:12 ./
drwxr-xr-x 25 root root     4096 2012-03-08 11:12 ../
-rw-r--r--  1 root root   782586 2012-03-08 10:28 abi-3.2.0-18-wistor32
-rw-r--r--  1 root root   139225 2012-03-08 10:28 config-3.2.0-18-wistor32
drwxr-xr-x  3 root root    12288 2012-03-08 11:12 grub/
-rw-r--r--  1 root root 13708482 2012-03-08 11:12 initrd.img-3.2.0-18-wistor32
-rw-r--r--  1 root root   176764 2011-05-03 07:07 memtest86+.bin
-rw-r--r--  1 root root   178944 2011-05-03 07:07 memtest86+_multiboot.bin
-rw-------  1 root root  2794037 2012-03-08 10:28 System.map-3.2.0-18-wistor32
-rw-------  1 root root  4700432 2012-03-08 10:28 vmlinuz-3.2.0-18-wistor32

Reference for kdump: http://www.dedoimedo.com/computers/kdump.html

3/12 補:
http://www.ubuntuupdates.org/package/core/precise/main/base/linux-source-3.2.0
在 3.2.0-18.28 時 apparmor 有大改動, 其中拿掉了 SECURITY_APPARMOR_COMPAT_24, 這個造成安裝某些軟體時會出現 "Kernel needs AppArmor 2.4 compatibility patch." 這樣的 warning, 由於不知道會有什麼影響, 於是最後決定用 3.2.0-17.27 

2012年3月1日 星期四

Openstack Installation (Diablo Release)


參考這個網頁去安裝

http://docs.openstack.org/diablo/openstack-compute/install/content/index.html

Management Network (RFC1918 IP Range, not publicly routable): This network is utilized for all inter-server communications within the cloud infrastructure. Recommended size: 255 IPs (CIDR /24)

Public Network (Publicly routable IP range): This network is utilized for providing Public IP accessibility to the API endpoints within the cloud infrastructure. Minimum size: 8 IPs (CIDR /29)

VM Network (RFC1918 IP Range, not publicly routable): This network is utilized for providing primary IP addresses to the cloud instances. Recommended size: 1024 IPs (CIDR /22)

Floating IP network (Publicly routable IP Range): This network is utilized for providing Public IP accessibility to selected cloud instances. Minimum size: 16 IPs (CIDR /28)


Diablo Release 中新增加了 Keystone 及 horizon, 但剛 Release 時整合做的沒有很好, 老是會有一些怪怪的問題, 目前這篇的安裝寫的還滿清楚的, 也把一些問題解決了, 下面是我的安裝紀錄, 基本上都和網頁上的差不多, 在安裝之前, 請一定要修改一下 apt-get repository 的設定, 用原來 Ubuntu 提供的 package 可能會永遠裝不起來, 版號也會不相同

wistor@wistor-dev-6:~$ sudo apt-get install python-software-properties
wistor@wistor-dev-6:~$ sudo add-apt-repository -y ppa:managedit/openstack
wistor@wistor-dev-6:~$ sudo apt-get update
wistor@wistor-dev-6:~$ sudo apt-get install -y managedit-openstack-pin

Keystone Installation

wistor@wistor-dev-6:~$ sudo apt-get install keystone
wistor@wistor-dev-6:~$ sudo apt-get install curl
wistor@wistor-dev-6:~$ sudo rm /var/lib/keystone/keystone.db

# 中間會請你輸入  administrator 的密碼, 請記起來
wistor@wistor-dev-6:~$ sudo apt-get install python-mysqldb mysql-server

都安裝好之後, 開始設定 mysql

# 之後這個  database 可能會需要讓其他機器存取, 所以要把 binding ip 改掉
wistor@wistor-dev-6:~$ sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
wistor@wistor-dev-6:~$ cat /etc/mysql/my.cnf | grep 0.0.0.0
bind-address            = 0.0.0.0

wistor@wistor-dev-6:~$ sudo service mysql restart
mysql start/running, process 23775

wistor@wistor-dev-6:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.1.58-1ubuntu1 (Ubuntu)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# 製造一個  keyston 的 database
mysql> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)

# 讓 keystone 可以自由存取這個 database, 並且設定一組密碼
mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye

接下來設定 keystone

# 把設定改一下
wistor@wistor-dev-6:~$ sudo nano /etc/keystone/keystone.conf
wistor@wistor-dev-6:~$ sudo cat /etc/keystone/keystone.conf | grep -A 10 backend
[sudo] password for wistor:
# Which backend store should Keystone use by default.
# Default: 'sqlite'
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
# 這裡看起來怪怪的, 已經改用了 mysql , 但他仍然是設定 sqlite, 先不要理它
default_store = sqlite

--
[keystone.backends.sqlalchemy]
# SQLAlchemy connection string for the reference implementation registry
# server. Any valid SQLAlchemy connection string is fine.
# See: http://bit.ly/ideIpI
# sql_connection = sqlite:////var/lib/keystone/keystone.db
# 這行才是重點, 其中要記得你剛剛在 mysql 內替  keystone 設定的密碼
sql_connection = mysql://keystone:password@172.16.123.6/keystone
backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
                    'User', 'Credentials', 'EndpointTemplates', 'Token',
                    'Service']


# 設定都設好之後, 記得把 configuration 的權限設定好
wistor@wistor-dev-6:~$ sudo chown keystone /etc/keystone/keystone.conf
wistor@wistor-dev-6:~$ sudo chmod 0640 /etc/keystone/keystone.conf
wistor@wistor-dev-6:~$ ll
total 16
drwxr-xr-x   2 root     root 4096 2012-02-23 15:55 ./
drwxr-xr-x 105 root     root 4096 2012-02-23 15:56 ../
-rw-r-----   1 keystone root 2741 2012-02-23 16:11 keystone.conf
-rw-r--r--   1 root     root  913 2012-01-05 20:31 logging.cnf
wistor@wistor-dev-6:~$ sudo service keystone restart
keystone start/running, process 23893

接下來我們要把一些 tenant/user/role/token/service 都加進去

wistor@wistor-dev-6:~$ sudo keystone-manage tenant add openstackDemo
SUCCESS: Tenant openstackDemo created.
wistor@wistor-dev-6:~$ sudo keystone-manage tenant add adminTenant
SUCCESS: Tenant adminTenant created.
wistor@wistor-dev-6:~$ sudo keystone-manage user add adminUser password
SUCCESS: User adminUser created.
wistor@wistor-dev-6:~$ sudo keystone-manage user add demoUser password
SUCCESS: User demoUser created.
wistor@wistor-dev-6:~$ sudo keystone-manage token add 11121314151617181920 adminUser adminTenant 2015-02-05T00:0
SUCCESS: Token 11121314151617181920 created.
wistor@wistor-dev-6:~$ sudo keystone-manage role add Admin
SUCCESS: Role Admin created successfully.
wistor@wistor-dev-6:~$ sudo keystone-manage role add Member
SUCCESS: Role Member created successfully.
wistor@wistor-dev-6:~$ sudo keystone-manage role grant Admin adminUser
SUCCESS: Granted Admin the adminUser role on None.
wistor@wistor-dev-6:~$ sudo keystone-manage role grant Member demoUser
SUCCESS: Granted Member the demoUser role on None.
wistor@wistor-dev-6:~$ sudo keystone-manage role grant Admin adminUser openstackDemo
SUCCESS: Granted Admin the adminUser role on openstackDemo.
wistor@wistor-dev-6:~$ udo keystone-manage role grant Admin adminUser adminTenant
The program 'udo' is currently not installed.  You can install it by typing:
sudo apt-get install udo
wistor@wistor-dev-6:~$ sudo keystone-manage role grant Admin adminUser adminTenant
SUCCESS: Granted Admin the adminUser role on adminTenant.
wistor@wistor-dev-6:~$ sudo keystone-manage role grant Member demoUser openstackDemo
SUCCESS: Granted Member the demoUser role on openstackDemo.
wistor@wistor-dev-6:~$ sudo keystone-manage service add nova compute "Nova Compute Service"
SUCCESS: Service nova created successfully.
wistor@wistor-dev-6:~$ sudo keystone-manage service add glance image "Glance Image Service"
SUCCESS: Service glance created successfully.
wistor@wistor-dev-6:~$ sudo keystone-manage service add keystone identity "Keystone Identity Service"
wistor@wistor-dev-6:~$ sudo keystone-manage endpointTemplates add RegionOne nova http://172.16.123.6:8774/v1.1/%tenant_id% http://172.16.123.6:8774/v1.1/%tenant_id% http://172.16.123.6:8774/v1.1/%tenant_id% 1 1
SUCCESS: Created EndpointTemplates for nova pointing to http://172.16.123.6:8774/v1.1/%tenant_id%.
wistor@wistor-dev-6:~$ sudo keystone-manage endpointTemplates add RegionOne glance http://172.16.123.6:9292/v1 http://172.16.123.6:9292/v1 http://172.16.123.6:9292/v1 1 1
SUCCESS: Created EndpointTemplates for glance pointing to http://172.16.123.6:9292/v1.
wistor@wistor-dev-6:~$ sudo keystone-manage endpointTemplates add RegionOne keystone http://172.16.123.6:5000/v2.0 http://172.16.123.6:35357/v2.0 http://172.16.123.6:5000/v2.0 1 1
SUCCESS: Created EndpointTemplates for keystone pointing to http://172.16.123.6:5000/v2.0.
wistor@wistor-dev-6:~$ sudo keystone-manage credentials add adminUser EC2 'password' adminTenant
SUCCESS: Credentials adminUser created.
wistor@wistor-dev-6:~$ sudo keystone-manage credentials add demoUser EC2 'password' openstackDemo
SUCCESS: Credentials demoUser created.


都加好之後, 我們看一下設定有沒有正確
wistor@wistor-dev-6:~$ keystone-manage --version
keystone-manage 2011.3.1

wistor@wistor-dev-6:~$ sudo keystone-manage tenant list
id      name    enabled
-------------------------------------------------------------------------------
1       openstackDemo   1
2       adminTenant     1

wistor@wistor-dev-6:~$ sudo keystone-manage user list
id      name    enabled tenant
-------------------------------------------------------------------------------
1       adminUser       1       None
2       demoUser        1       None

wistor@wistor-dev-6:~$ sudo keystone-manage role list
id      name
-------------------------------------------------------------------------------
1       Admin
2       Member

wistor@wistor-dev-6:~$ sudo keystone-manage service list
id      name    type
-------------------------------------------------------------------------------
1       nova    compute
2       glance  image
3       keystone        identity

wistor@wistor-dev-6:~$ sudo keystone-manage  endpointTemplates list
All EndpointTemplates
service region  Public URL
-------------------------------------------------------------------------------
nova    RegionOne       http://172.16.123.6:8774/v1.1/%tenant_id%
glance  RegionOne       http://172.16.123.6:9292/v1
keystone        RegionOne       http://172.16.123.6:5000/v2.0

wistor@wistor-dev-6:~$ sudo keystone-manage  token list
token   user    expiration      tenant
-------------------------------------------------------------------------------
11121314151617181920    1       2015-02-05 00:00:00     2


利用 curl 測試一下

wistor@wistor-dev-6:~$ curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "password"}}}' -H "Content-type: application/json" http://172.16.123.6:35357/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1044  100   932  100   112  15248   1832 --:--:-- --:--:-- --:--:-- 15533
{
    "access": {
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:8774/v1.1/2",
                        "internalURL": "http://172.16.123.6:8774/v1.1/2",
                        "publicURL": "http://172.16.123.6:8774/v1.1/2",
                        "region": "RegionOne"
                    }
                ],
                "name": "nova",
                "type": "compute"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:9292/v1",
                        "internalURL": "http://172.16.123.6:9292/v1",
                        "publicURL": "http://172.16.123.6:9292/v1",
                        "region": "RegionOne"
                    }
                ],
                "name": "glance",
                "type": "image"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:35357/v2.0",
                        "internalURL": "http://172.16.123.6:5000/v2.0",
                        "publicURL": "http://172.16.123.6:5000/v2.0",
                        "region": "RegionOne"
                    }
                ],
                "name": "keystone",
                "type": "identity"
            }
        ],
        "token": {
            "expires": "2015-02-05T00:00:00",
            "id": "11121314151617181920",
            "tenant": {
                "id": "2",
                "name": "adminTenant"
            }
        },
        "user": {
            "id": "1",
            "name": "adminUser",
            "roles": [
                {
                    "id": "1",
                    "name": "Admin",
                    "tenantId": "2"
                },
                {
                    "id": "1",
                    "name": "Admin"
                }
            ]
        }
    }
}

wistor@wistor-dev-6:~$ curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "password"}}}' -H "Content-type: application/json" http://172.16.123.6:35357/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1076  100   962  100   114  15747   1866 --:--:-- --:--:-- --:--:-- 16033
{
    "access": {
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:8774/v1.1/1",
                        "internalURL": "http://172.16.123.6:8774/v1.1/1",
                        "publicURL": "http://172.16.123.6:8774/v1.1/1",
                        "region": "RegionOne"
                    }
                ],
                "name": "nova",
                "type": "compute"
            },

            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:9292/v1",
                        "internalURL": "http://172.16.123.6:9292/v1",
                        "publicURL": "http://172.16.123.6:9292/v1",
                        "region": "RegionOne"
                    }
                ],
                "name": "glance",
                "type": "image"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:35357/v2.0",
                        "internalURL": "http://172.16.123.6:5000/v2.0",
                        "publicURL": "http://172.16.123.6:5000/v2.0",
                        "region": "RegionOne"
                    }
                ],
                "name": "keystone",
                "type": "identity"
            }
        ],
        "token": {
            "expires": "2012-02-24T17:16:43.557972",
            "id": "89abab7f-c9ef-47fa-baf3-5bce1bc64037",
            "tenant": {
                "id": "1",
                "name": "openstackDemo"
            }
        },
        "user": {
            "id": "1",
            "name": "adminUser",
            "roles": [
                {
                    "id": "1",
                    "name": "Admin",
                    "tenantId": "1"
                },
                {
                    "id": "1",
                    "name": "Admin"
                }
            ]
        }
    }
}


Glance Installation

安裝 Glance 的 package
wistor@wistor-dev-6:~$ sudo apt-get install glance
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  glance
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/25.6 kB of archives.
After this operation, 229 kB of additional disk space will be used.
Selecting previously deselected package glance.
(Reading database ... 89936 files and directories currently installed.)
Unpacking glance (from .../glance_2011.3.1~20120117~1549-0mit1~22.gbp5e7c88_all.deb) ...
Processing triggers for ureadahead ...
Setting up glance (2011.3.1~20120117~1549-0mit1~22.gbp5e7c88) ...
Adding system user `glance' (UID 108) ...
Adding new user `glance' (UID 108) with group `glance' ...
Not creating home directory `/var/lib/glance'.
glance-api start/running, process 1299
glance-registry start/running, process 1323
wistor@wistor-dev-6:~$ glance --version
glance 2011.3.1-dev

設定一下 glance, 預設一樣是 sqlite, 改成 mysql
wistor@wistor-dev-6:~$ 
sudo rm /var/lib/glance/glance.sqlite
wistor@wistor-dev-6:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 45
Server version: 5.1.58-1ubuntu1 (Ubuntu)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye


再來設定 glance 三個設定檔, 要修改的有 pipeline 及 token id, database 也要改成 mysql
wistor@wistor-dev-6:~$ sudo nano /etc/glance/glance-registry.conf

wistor@wistor-dev-6:~$ sudo less /etc/glance/glance-registry.conf | grep -A 10 pipe
[pipeline:glance-registry]
# pipeline = context registryapp
# NOTE: use the following pipeline for keystone
##############  修改這個 #####################
pipeline = authtoken auth-context registryapp

wistor@wistor-dev-6:~$ sudo less /etc/glance/glance-registry.conf | grep -A 20 filter:authtoken
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
##############  修改這個 #####################
admin_token = 11121314151617181920

[filter:auth-context]
##############  修改這個 #####################
context_class = glance.registry.context.RequestContext
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory


wistor@wistor-dev-6:~$ sudo less /etc/glance/glance-registry.conf | grep sql
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
# sql_connection = sqlite:////var/lib/glance/glance.sqlite
##############  修改這個 #####################
sql_connection = mysql://glance:password@172.16.123.6/glance
sql_idle_timeout = 3600


wistor@wistor-dev-6:~$ sudo nano /etc/glance/glance-api.conf
wistor@wistor-dev-6:~$ sudo less /etc/glance/glance-api.conf | grep -A 10 pipe
[pipeline:glance-api]
# pipeline = versionnegotiation context apiv1app
# NOTE: use the following pipeline for keystone
# pipeline = versionnegotiation authtoken auth-context apiv1app

# To enable Image Cache Management API replace pipeline with below:
# pipeline = versionnegotiation context imagecache apiv1app
# NOTE: use the following pipeline for keystone auth (with caching)
# pipeline = versionnegotiation authtoken auth-context imagecache apiv1app

##############  修改這個 #####################
# 注意: auth-context 這個 tag 要和最後定義的一樣, 網頁上是改成 keystone-shim, 和預設的不一樣
pipeline = versionnegotiation authtoken auth-context apiv1app


wistor@wistor-dev-6:~$ sudo less /etc/glance/glance-api.conf | grep -A 20 filter:authtoken
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 127.0.0.1
service_port = 5000
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
##############  修改這個 #####################
admin_token = 11121314151617181920

[filter:auth-context]
##############  修改這個 #####################
context_class = glance.registry.context.RequestContext
paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory



wistor@wistor-dev-6:~$ sudo nano /etc/glance/glance-scrubber.conf
wistor@wistor-dev-6:~$ sudo less /etc/glance/glance-scrubber.conf | grep -A 10 SQLAlchemy
# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
##############  修改這個 #####################
# sql_connection = sqlite:////var/lib/glance/glance.sqlite
sql_connection = mysql://glance:password@172.16.123.6/glance


wistor@wistor-dev-6:~$ sudo restart glance-registry
glance-registry start/running, process 3874
wistor@wistor-dev-6:~$ sudo restart glance-api
glance-api start/running, process 3878
wistor@wistor-dev-6:~$

設定一些環境變數
wistor@wistor-dev-6:~$ mkdir ~/creds
wistor@wistor-dev-6:~$ sudo nano ~/creds/openrc
wistor@wistor-dev-6:~$ cat ~/creds/openrc
export NOVA_USERNAME=adminUser
export NOVA_PROJECT_ID=openstackDemo
export NOVA_PASSWORD=password
export NOVA_API_KEY=${NOVA_PASSWORD}
export NOVA_URL=http://172.16.123.6:5000/v2.0/
export NOVA_VERSION=1.1
export NOVA_REGION_NAME=RegionOne

export OS_AUTH_USER=${NOVA_USERNAME}
export OS_AUTH_KEY=${NOVA_PASSWORD}
export OS_AUTH_TENANT=${NOVA_PROJECT_ID}
export OS_AUTH_URL=${NOVA_URL}
export OS_AUTH_STRATEGY=keystone

wistor@wistor-dev-6:~$ source ~/creds/openrc
wistor@wistor-dev-6:~$ echo ${OS_AUTH_USER}
adminUser


接下來就是驗証的時間, 我們先和 keystone 拿一個可用的 token , 然後用這個 token 進入 glance 去看它有沒有 image

wistor@wistor-dev-6:~$ curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "password"}}}' -H "Content-type: application/json" http://172.16.123.6:35357/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1069  100   955  100   114  15158   1809 --:--:-- --:--:-- --:--:-- 15403
{
    "access": {
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:8774/v1.1/1",
                        "internalURL": "http://172.16.123.6:8774/v1.1/1",
                        "publicURL": "http://172.16.123.6:8774/v1.1/1",
                        "region": "RegionOne"
                    }
                ],
                "name": "nova",
                "type": "compute"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:9292/v1",
                        "internalURL": "http://172.16.123.6:9292/v1",
                        "publicURL": "http://172.16.123.6:9292/v1",
                        "region": "RegionOne"
                    }
                ],
                "name": "glance",
                "type": "image"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://172.16.123.6:35357/v2.0",
                        "internalURL": "http://172.16.123.6:5000/v2.0",
                        "publicURL": "http://172.16.123.6:5000/v2.0",
                        "region": "RegionOne"
                    }
                ],
                "name": "keystone",
                "type": "identity"
            }
            }
        ],
        "token": {
            "expires": "2012-03-01T15:20:10",
            "id": "ff7984c9-9226-46b4-beb9-029710f69b0d",
            "tenant": {
                "id": "1",
                "name": "openstackDemo"
            }
        },
        "user": {
            "id": "1",
            "name": "adminUser",
            "roles": [
                {
                    "id": "1",
                    "name": "Admin",
                    "tenantId": "1"
                },
                {
                    "id": "1",
                    "name": "Admin"
                }
            ]
        }
    }
}

# 用我們拿到的 token id 
wistor@wistor-dev-6:~$ glance details -A ff7984c9-9226-46b4-beb9-029710f69b0d

# 因為沒有 image, 所以沒有資訊
# 但如果 glance 或是 keystone 沒有設定好的話, 你可能會看到以下訊息
wistor@wistor-dev-6:~$ sudo glance details -A ff7984c9-9226-46b4-beb9-029710f69b0d
Failed to show details. Got error:
Internal Server error: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 113, in __call__
    response = req.get_response(self.application)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/glance/common/wsgi.py", line 110, in __call__
    response = self.process_request(req)
  File "/usr/lib/python2.7/dist-packages/glance/common/context.py", line 104, in process_request
    raise exception.NotAuthorized()
NotAuthorized: None



Nova Installation
  • You need an LVM volume group called "nova-volumes" to provide persistent storage to guest VMs. Either create this during the installation or leave some free space to create it prior to installing nova services.
  • 192.168.100.0/24 as the fixed range for our guest VMs, connected to the host via br100.

先設定一下網路

wistor@wistor-dev-6:~$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 172.16.123.6
    netmask 255.255.0.0
    gateway 172.16.1.254

# Bridge network interface for VM networks
auto br100
iface br100 inet static
address 192.168.100.1
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
wistor@wistor-dev-6:~$ sudo apt-get install bridge-utils
wistor@wistor-dev-6:~$ sudo brctl addbr br100
wistor@wistor-dev-6:~$ sudo /etc/init.d/networking restart


設定一下 mysql

wistor@wistor-dev-6:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 54
Server version: 5.1.58-1ubuntu1 (Ubuntu)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY
    ->         'password';
Query OK, 0 rows affected (0.00 sec)

mysql> quit


其中我們沒有裝 nova-objectstore, 因為要使用 glance
wistor@wistor-dev-6:~$ sudo apt-get install rabbitmq-server
wistor@wistor-dev-6:~$ sudo apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-doc nova-scheduler nova-network
wistor@wistor-dev-6:~$ sudo apt-get install -y unzip
wistor@wistor-dev-6:~$ sudo apt-get install -y euca2ools

nova 可以設定的東西很多, 這個指令可以看到所有的說明
nova-api --help
首先先設定 nova.conf

wistor@wistor-dev-6:~$ sudo cat /etc/nova/nova.conf
[sudo] password for wistor:
# DATABASE
--sql_connection=mysql://nova:password@172.16.123.6/nova

# LOGS/STATE
--verbose
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova

# RABBITMQ
--rabbit_password=guest
--rabbit_port=5672
--rabbit_host=172.16.123.6

# SCHEDULER
--scheduler_driver=nova.scheduler.simple.SimpleScheduler

# NETWORK
--network_manager=nova.network.manager.FlatDHCPManager
--fixed_range=192.168.100.0/24
# 這行經查証後沒有用
--flat_network_dhcp_start=192.168.100.2   
--public_interface=eth0
--flat_interface=eth0
--flat_network_bridge=br100

# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=172.16.123.6:9292

# COMPUTE
--compute_manager=nova.compute.manager.ComputeManager
--libvirt_type=qemu

# VNCPROXY
--vncproxy_url=http://172.16.123.6:6080
--vncproxy_wwwroot=/var/lib/nova/noVNC

# MISC
--use_deprecated_auth=false
--allow_admin_api=true
--enable_zone_routing=true

# KEYSTONE
--keystone_ec2_url=http://172.16.123.6:5000/v2.0/ec2tokens


再來設定 api-paste.ini, 把 authentication 的部份都換成 keystone

wistor@wistor-dev-6:~$ sudo cat /etc/nova/api-paste.ini
#######
# EC2 #
#######

[composite:ec2]
use = egg:Paste#urlmap
/: ec2versions
/services/Cloud: ec2cloud
/services/Admin: ec2admin
/latest: ec2metadata
/2007-01-19: ec2metadata
/2007-03-01: ec2metadata
/2007-08-29: ec2metadata
/2007-10-10: ec2metadata
/2007-12-15: ec2metadata
/2008-02-01: ec2metadata
/2008-09-01: ec2metadata
/2009-04-04: ec2metadata
/1.0: ec2metadata

[pipeline:ec2cloud]
# pipeline = logrequest ec2noauth cloudrequest authorizer ec2executor
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = logrequest authenticate cloudrequest authorizer ec2executor
##############  修改這個 #####################
pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor

[pipeline:ec2admin]
# pipeline = logrequest ec2noauth adminrequest authorizer ec2executor
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = logrequest authenticate adminrequest authorizer ec2executor
pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor

[pipeline:ec2metadata]
pipeline = logrequest ec2md

[pipeline:ec2versions]
pipeline = logrequest ec2ver

[filter:logrequest]
paste.filter_factory = nova.api.ec2:RequestLogging.factory

[filter:ec2lockout]
paste.filter_factory = nova.api.ec2:Lockout.factory

##############  修改這個 #####################
[filter:totoken]
paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory

[filter:ec2noauth]
paste.filter_factory = nova.api.ec2:NoAuth.factory

[filter:authenticate]
paste.filter_factory = nova.api.ec2:Authenticate.factory

[filter:cloudrequest]
controller = nova.api.ec2.cloud.CloudController
paste.filter_factory = nova.api.ec2:Requestify.factory
[filter:adminrequest]
controller = nova.api.ec2.admin.AdminController
paste.filter_factory = nova.api.ec2:Requestify.factory

[filter:authorizer]
paste.filter_factory = nova.api.ec2:Authorizer.factory

[app:ec2executor]
paste.app_factory = nova.api.ec2:Executor.factory

[app:ec2ver]
paste.app_factory = nova.api.ec2:Versions.factory

[app:ec2md]
paste.app_factory = nova.api.ec2.metadatarequesthandler:MetadataRequestHandler.factory

#############
# Openstack #
#############

[composite:osapi]
use = egg:Paste#urlmap
/: osversions
/v1.0: openstackapi10
/v1.1: openstackapi11

[pipeline:openstackapi10]
# pipeline = faultwrap noauth ratelimit osapiapp10
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = faultwrap auth ratelimit osapiapp10
##############  修改這個 #####################
pipeline = faultwrap authtoken keystonecontext ratelimit osapiapp10

[pipeline:openstackapi11]
# pipeline = faultwrap noauth ratelimit extensions osapiapp11
# NOTE(vish): use the following pipeline for deprecated auth
# pipeline = faultwrap auth ratelimit extensions osapiapp11
##############  修改這個 #####################
pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp11


[filter:faultwrap]
paste.filter_factory = nova.api.openstack:FaultWrapper.factory

[filter:auth]
paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory

[filter:noauth]
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory

[filter:ratelimit]
paste.filter_factory = nova.api.openstack.limits:RateLimitingMiddleware.factory

[filter:extensions]
paste.filter_factory = nova.api.openstack.extensions:ExtensionMiddleware.factory

[app:osapiapp10]
paste.app_factory = nova.api.openstack:APIRouterV10.factory

[app:osapiapp11]
paste.app_factory = nova.api.openstack:APIRouterV11.factory

[pipeline:osversions]
pipeline = faultwrap osversionapp

[app:osversionapp]
paste.app_factory = nova.api.openstack.versions:Versions.factory

##########
# Shared #
##########
##############  修改這個 #####################
[filter:keystonecontext]
paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory

##############  修改這個 #####################
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = 172.16.123.6
service_port = 5000
auth_host = 172.16.123.6
auth_port = 35357
auth_protocol = http
auth_uri = http://172.16.123.6:5000/v2.0/
admin_token = 11121314151617181920


設定好了之後, 稍微再確認一下設定檔的權限, 把資料庫建起來, 然後就重啟 nova,
nova 的 restart script 有問題, 所以最好先 stop 再 start , 不然會遇到無法 restart 的狀況
如果有遇到無法啟動的狀況可以看看 /var/log/nova/ 裡面的 log

wistor@wistor-dev-6:~$ sudo groupadd nova
groupadd: group 'nova' already exists
wistor@wistor-dev-6:~$ sudo usermod -g nova nova
usermod: no changes
wistor@wistor-dev-6:~$ sudo chown -R root:nova /etc/nova
wistor@wistor-dev-6:~$ sudo chmod 640 /etc/nova/nova.conf
wistor@wistor-dev-6:~$ sudo nova-manage db sync

sudo stop nova-api
sudo stop nova-compute
sudo stop nova-network
sudo stop nova-scheduler
sudo stop nova-vncproxy
sudo stop libvirt-bin
sudo /etc/init.d/rabbitmq-server stop

sudo start nova-api
sudo start nova-compute
sudo start nova-network
sudo start nova-scheduler
sudo start nova-vncproxy
sudo start libvirt-bin
sudo /etc/init.d/rabbitmq-server start


wistor@wistor-dev-6:~$ sudo nova-manage network create private --multi_host=T --fixed_range_v4=192.168.100.0/24 --num_networks=1 --network_size=256

wistor@wistor-dev-6:~$ sudo nova-manage service list
Binary           Host                                 Zone             Status     State Updated_At
nova-vncproxy    wistor-dev-6                         nova             enabled    :-)   2012-02-29 09:35:16
nova-compute     wistor-dev-6                         nova             enabled    :-)   2012-02-29 09:35:17
nova-scheduler   wistor-dev-6                         nova             enabled    :-)   2012-02-29 09:35:16
nova-network     wistor-dev-6                         nova             enabled    :-)   2012-02-29 09:35:16
wistor@wistor-dev-6:~$ sudo nova-manage version list
2011.3.1 (2011.3.1-LOCALBRANCH:LOCALREVISION)

# 因為 user/project 都和 keystone 取代了, 所以暫時是空的
wistor@wistor-dev-6:~/creds$ sudo nova-manage project list
wistor@wistor-dev-6:~/creds$ sudo nova-manage user list




Image Upload

按照網頁先上傳一個最簡單的 image

wistor@wistor-dev-6:~$ mkdir stackimages
wistor@wistor-dev-6:~$ wget -c http://images.ansolabs.com/tty.tgz -O stackimages/tty.tgz
--2012-02-29 17:46:34--  http://images.ansolabs.com/tty.tgz
Resolving images.ansolabs.com... 173.203.89.94
Connecting to images.ansolabs.com|173.203.89.94|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 23717804 (23M) [text/plain]
Saving to: `stackimages/tty.tgz'

100%[==============================================================================>] 23,717,804  3.51M/s   in 8.4s

2012-02-29 17:46:44 (2.68 MB/s) - `stackimages/tty.tgz' saved [23717804/23717804]

wistor@wistor-dev-6:~$ sudo tar -zxf stackimages/tty.tgz -C stackimages
wistor@wistor-dev-6:~$ cd stackimages/
wistor@wistor-dev-6:~/stackimages$ ls
aki-tty  ami-tty  ari-tty  tty.tgz
wistor@wistor-dev-6:~/stackimages$ ll
total 23184
drwxrwxr-x  5 wistor wistor     4096 2012-02-29 17:46 ./
drwxr-xr-x 14 wistor wistor     4096 2012-02-29 17:46 ../
drwxr-xr-x  2    501 staff      4096 2011-01-12 08:49 aki-tty/
drwxr-xr-x  2    501 staff      4096 2011-02-04 09:48 ami-tty/
drwxr-xr-x  2    501 staff      4096 2011-01-12 08:49 ari-tty/
-rw-rw-r--  1 wistor wistor 23717804 2011-02-04 09:48 tty.tgz

# 先和 keystone 要一個 token
wistor@wistor-dev-6:~$ curl -d '{"auth":{"passwordCredentials":{"username": "adminUser", "password": "password"}}}' -H "Content-type: application/json" http://172.16.123.6:35357/v2.0/tokens | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   275  100   193  100    82   4122   1751 --:--:-- --:--:-- --:--:--  4195
{
    "access": {
        "token": {
            "expires": "2012-03-01T17:47:59.207984",
            "id": "4bf447ea-0a05-494e-b145-a46a0a7bea42"
        },
        "user": {
            "id": "1",
            "name": "adminUser",
            "roles": [
                {
                    "id": "1",
                    "name": "Admin"
                }
            ]
        }
    }
}

# 利用這個  token 來塞進 image
wistor@wistor-dev-6:~$ sudo glance add -A 4bf447ea-0a05-494e-b145-a46a0a7bea42 name="tty-kernel" is_public=true container_format=aki disk_format=aki < stackimages/aki-tty/image
Added new image with ID: 1
wistor@wistor-dev-6:~$ sudo glance add -A 4bf447ea-0a05-494e-b145-a46a0a7bea42 name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < stackimages/ari-tty/image
Added new image with ID: 2

# kernel id 及 ramdisk id 要看前兩個指令傳回的訊息
wistor@wistor-dev-6:~$ sudo glance add -A 4bf447ea-0a05-494e-b145-a46a0a7bea42 name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < stackimages/ami-tty/image
Added new image with ID: 3

# 塞進去後看一下結果
wistor@wistor-dev-6:~$ glance -A ff7984c9-9226-46b4-beb9-029710f69b0d index                                             ID               Name                           Disk Format          Container Format     Size
---------------- ------------------------------ -------------------- -------------------- --------------
3                tty                            ami                  ami                        25165824
2                tty-ramdisk                    ari                  ari                         5882349
1                tty-kernel                     aki                  aki                         4404752

# 事實上我們可以發現這些  image 是存放在 /var/lib/glance/images, 未來如果有和 swift 整合, 應該會換地方
wistor@wistor-dev-6:~$ ll /var/lib/glance/images
total 34636
drwxr-xr-x 2 glance glance     4096 2012-02-29 17:50 ./
drwxr-xr-x 4 glance glance     4096 2012-02-29 15:12 ../
-rw-rw-r-- 1 glance glance  4404752 2012-02-29 17:50 1
-rw-rw-r-- 1 glance glance  5882349 2012-02-29 17:50 2
-rw-rw-r-- 1 glance glance 25165824 2012-02-29 17:50 3


Horizon Installation

其實我有些看不懂為什麼還要裝 git, 可能是因為 Horizon 還在開發中吧~ 所以過程中可能會用 git 抓一些 source 回來

wistor@wistor-dev-6:~$ sudo apt-get install git-core
[sudo] password for wistor:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  git-core
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,384 B of archives.
After this operation, 28.7 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric/main git-core all 1:1.7.5.4-1 [1,384 B]
Fetched 1,384 B in 0s (2,152 B/s)
Selecting previously deselected package git-core.
(Reading database ... 97954 files and directories currently installed.)
Unpacking git-core (from .../git-core_1%3a1.7.5.4-1_all.deb) ...
Setting up git-core (1:1.7.5.4-1) ...
wistor@wistor-dev-6:~$ sudo apt-get install -y libapache2-mod-wsgi
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  libapache2-mod-wsgi
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/133 kB of archives.
After this operation, 426 kB of additional disk space will be used.
Selecting previously deselected package libapache2-mod-wsgi.
(Reading database ... 97860 files and directories currently installed.)
Unpacking libapache2-mod-wsgi (from .../libapache2-mod-wsgi_3.3-2ubuntu3_amd64.deb) ...
Setting up libapache2-mod-wsgi (3.3-2ubuntu3) ...
 * Restarting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 172.16.123.6 for ServerName
apache2: Could not reliably determine the server's fully qualified domain name, using 172.16.123.6 for ServerName
   ...done.
wistor@wistor-dev-6:~$ sudo apt-get install -y openstack-dashboard openstackx python-sqlite
Setting up openstack-dashboard (2011.3+20120121~1341-0mit1~21.gbp510894) ...
INFO:root:Running in debug mode without debug_toolbar.
INFO:root:Running in debug mode without debug_toolbar.
DEBUG:django.db.backends:(0.000)
            SELECT name FROM sqlite_master
            WHERE type='table' AND NOT name='sqlite_sequence'
            ORDER BY name; args=()
Creating tables ...
Creating table django_content_type
DEBUG:django.db.backends:(0.088) CREATE TABLE "django_content_type" (
    "id" integer NOT NULL PRIMARY KEY,
    "name" varchar(100) NOT NULL,
    "app_label" varchar(100) NOT NULL,
    "model" varchar(100) NOT NULL,
    UNIQUE ("app_label", "model")
)
;; args=()
Creating table django_session
DEBUG:django.db.backends:(0.067) CREATE TABLE "django_session" (
    "session_key" varchar(40) NOT NULL PRIMARY KEY,
    "session_data" text NOT NULL,
    "expire_date" datetime NOT NULL
)
;; args=()
Creating table mailer_message
DEBUG:django.db.backends:(0.048) CREATE TABLE "mailer_message" (
    "id" integer NOT NULL PRIMARY KEY,
    "message_data" text NOT NULL,
    "when_added" datetime NOT NULL,
    "priority" varchar(1) NOT NULL
Creating table mailer_dontsendentry
DEBUG:django.db.backends:(0.077) CREATE TABLE "mailer_dontsendentry" (
    "id" integer NOT NULL PRIMARY KEY,
    "to_address" varchar(75) NOT NULL,
    "when_added" datetime NOT NULL
)
;; args=()
Creating table mailer_messagelog
DEBUG:django.db.backends:(0.047) CREATE TABLE "mailer_messagelog" (
    "id" integer NOT NULL PRIMARY KEY,
    "message_data" text NOT NULL,
    "when_added" datetime NOT NULL,
    "priority" varchar(1) NOT NULL,
    "when_attempted" datetime NOT NULL,
    "result" varchar(1) NOT NULL,
    "log_message" text NOT NULL
)
;; args=()
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE "django_content_type"."app_label" = contenttypes  ORDER BY "django_content_type"."name" ASC; args=('contenttypes',)
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE ("django_content_type"."model" = contenttype  AND "django_content_type"."app_label" = contenttypes ); args=('contenttype', 'contenttypes')
DEBUG:django.db.backends:(0.000) INSERT INTO "django_content_type" ("name", "app_label", "model") VALUES (content type, contenttypes, contenttype); args=(u'content type', 'contenttypes', 'contenttype')
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE "django_content_type"."app_label" = sessions  ORDER BY "django_content_type"."name" ASC; args=('sessions',)
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE ("django_content_type"."model" = session  AND "django_content_type"."app_label" = sessions ); args=('session', 'sessions')
DEBUG:django.db.backends:(0.000) INSERT INTO "django_content_type" ("name", "app_label", "model") VALUES (session, sessions, session); args=(u'session', 'sessions', 'session')
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE "django_content_type"."app_label" = messages  ORDER BY "django_content_type"."name" ASC; args=('messages',)
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE "django_content_type"."app_label" = staticfiles  ORDER BY "django_content_type"."name" ASC; args=('staticfiles',)
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE "django_content_type"."app_label" = django_openstack  ORDER BY "django_content_type"."name" ASC; args=('django_openstack',)
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE "django_content_type"."app_label" = mailer  ORDER BY "django_content_type"."name" ASC; args=('mailer',)
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE ("django_content_type"."model" = message  AND "django_content_type"."app_label" = mailer ); args=('message', 'mailer')
DEBUG:django.db.backends:(0.000) INSERT INTO "django_content_type" ("name", "app_label", "model") VALUES (message, mailer, message); args=(u'message', 'mailer', 'message')
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE ("django_content_type"."model" = dontsendentry  AND "django_content_type"."app_label" = mailer ); args=('dontsendentry', 'mailer')
DEBUG:django.db.backends:(0.000) INSERT INTO "django_content_type" ("name", "app_label", "model") VALUES (don't send entry, mailer, dontsendentry); args=(u"don't send entry", 'mailer', 'dontsendentry')
DEBUG:django.db.backends:(0.000) SELECT "django_content_type"."id", "django_content_type"."name", "django_content_type"."app_label", "django_content_type"."model" FROM "django_content_type" WHERE ("django_content_type"."model" = messagelog  AND "django_content_type"."app_label" = mailer ); args=('messagelog', 'mailer')
DEBUG:django.db.backends:(0.000) INSERT INTO "django_content_type" ("name", "app_label", "model") VALUES (message log, mailer, messagelog); args=(u'message log', 'mailer', 'messagelog')
Installing custom SQL ...
Installing indexes ...
DEBUG:django.db.backends:(0.057) CREATE INDEX "django_session_c25c2c28" ON "django_session" ("expire_date");; args=()
No fixtures found.
 * Reloading web server config apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 172.16.123.6 for ServerName
   ...done.
Setting up libsqlite0 (2.8.17-6.1ubuntu1) ...
Setting up openstackx (0.2+20120117~1437-0mit1~25.gbp53fd61) ...
Setting up python-sqlite (1.0.1-8) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for python-support ...

接下來設定 mysql, 新增 database
wistor@wistor-dev-6:~$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 175
Server version: 5.1.58-1ubuntu1 (Ubuntu)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


mysql> CREATE DATABASE dash;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL ON dash.* TO 'dash'@'%' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)


然後修改 /etc/openstack-dashboard/local_settings.py, 經過觀察,
發現修改過設定最後會同步到 /usr/share/openstack-dashboard/local/local_settings.py

root@wistor-dev-6:/# find . | grep local_settings
./etc/openstack-dashboard/local_settings.py
./usr/share/openstack-dashboard/local/local_settings.py
./usr/share/openstack-dashboard/local/local_settings.pyc
./usr/share/openstack-dashboard/local/local_settings.py.example


wistor@wistor-dev-6:~$ sudo less /etc/openstack-dashboard/local_settings.py | grep -A 10 DATABASE
# DATABASES = {
#     'default': {
#         'ENGINE': 'django.db.backends.sqlite3',
#        'NAME': '/var/lib/openstack-dashboard/dashboard_openstack.sqlite',
#    },
# }
# 修改這個 database 設定, 變成 mysql

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'dash',
        'USER': 'dash',
        'PASSWORD': 'password',
        'HOST': 'localhost',
        'default-character-set': 'utf8'
    },
}

wistor@wistor-dev-6:~$ sudo /etc/init.d/apache2 restart
wistor@wistor-dev-6:~$ sudo restart nova-api


接下來只要直接連到 http://172.16.123.6 就會看到畫面, 帳號密碼是之前在 keystone 設定的 adminUser/password 及 demoUser/password