일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- k8s
- kolla
- yum
- archlinux
- Octavia
- ubuntu
- Linux
- i3
- grafana-loki
- cloud-init
- libvirt
- terraform
- Kubeflow
- KVM
- Arch
- ceph
- nfs-provisioner
- Kubernetes
- port open
- pacman
- HTML
- golang
- repository
- Docker
- kolla-ansible
- Ansible
- ceph-ansible
- awx
- OpenStack
- cephadm
- Today
- Total
YJWANG
[ OpenStack / CentOS 7.X ] Minimal Openstack components (Train) 본문
[ OpenStack / CentOS 7.X ] Minimal Openstack components (Train)
왕영주 2021. 2. 26. 18:18[ OpenStack / CentOS 7.X ] Openstack components (Train)
Components
- Identity service – keystone installation for Train
- Image service – glance installation for Train
- Placement service – placement installation for Train
- Compute service – nova installation for Train
- Networking service – neutron installation for Train
We advise to also install the following components after you have installed the minimal deployment services:
- Dashboard – horizon installation for Train
- Block Storage service – cinder installation for Train
Identity service (Keystone)
https://docs.openstack.org/keystone/train/install/index-rdo.html
controller node
이전 포스팅에서 root 암호는 testtest로 설정함
[root@yjwang0-stack-01 ~]# mysql -u root -p
create database and grant all permission for keystone suer (password : testtest)
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
install keystone components
[root@yjwang0-stack-01 ~]# yum -y install openstack-keystone httpd mod_wsgi
Edit keystone config
[root@yjwang0-stack-01 ~]# grep -Ev '^#|^$' /etc/keystone/keystone.conf
...
[database]
connection = mysql+pymysql://keystone:testtest@controller/keystone
...
[token]
provider = fernet
...
Populate the Identity service database:
[root@yjwang0-stack-01 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
Initialize Fernet key repositories:
[root@yjwang0-stack-01 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@yjwang0-stack-01 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Bootstrap the Identity service:
keystone-manage bootstrap --bootstrap-password testtest \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
configure HTTP server
[root@yjwang0-stack-01 ~]# grep -i 'servername' /etc/httpd/conf/httpd.conf
# ServerName gives the name and port that the server uses to identify itself.
ServerName controller
Create symbolic links
[root@yjwang0-stack-01 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
enable / start httpd service
[root@yjwang0-stack-01 ~]# systemctl enable httpd.service --now
Create Environment file
https://docs.openstack.org/keystone/train/install/keystone-openrc-rdo.html
[root@yjwang0-stack-01 ~]# cat admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=testtest
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
Set env
[root@yjwang0-stack-01 ~]# . ./admin-openrc
[root@yjwang0-stack-01 ~]# env |grep OS_AUTH_URL
OS_AUTH_URL=http://controller:5000/v3
[option] create example domain
[root@yjwang0-stack-01 ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 833b24d0dd954a73be1d2148ae1729f0 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
create demo project
[root@yjwang0-stack-01 ~]# openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 0ed1a76dc21543789601706706ccbb8a |
| is_domain | False |
| name | myproject |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
create service project
[root@yjwang0-stack-01 ~]# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | daf56d4d9ed84703871a972ef44302d5 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
create user
[root@yjwang0-stack-01 ~]# openstack user create --domain default \
--password-prompt myuser
User Password: testtest
Repeat User Password: testtest
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c5826d72a0dc4b5c8d9423942520a192 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
create role
[root@yjwang0-stack-01 ~]# openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | e4f871daeed64ed7b87d7f7010ac2845 |
| name | myrole |
| options | {} |
+-------------+----------------------------------+
Add myrole to myproject and myuser
에러 발생하지 않으면 아무것도 뜨지 않음
[root@yjwang0-stack-01 ~]# openstack role add --project myproject --user myuser myrole
Verify operation
unset env
[root@yjwang0-stack-01 ~]# unset OS_AUTH_URL OS_PASSWORD
token request as admin user
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password: testtest
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-02-26T03:31:38+0000 |
| id | gAAAAABgOF2KBq3Vkkw1yConMtp9zHzkNLsN3z0OqDUCxziC9blb9jptX7XXxfhbph574Uut9MhgxJUZE7cHE78cvhK4RnZ2FJ_VK1aH2jRdhYY-zw9ivI-xY6A6-tb5WwTZDJM19es3gNTSNv7_9_FKn4HhX0wzws3TZW5FZXLAZCA_rOsEwnM |
| project_id | 8726932c588c4370898ec0c01d7e0f43 |
| user_id | 8198fd8e05d245b888ccdef7d802a8ae |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Client environment script
https://docs.openstack.org/keystone/train/install/keystone-openrc-rdo.html
Image service (Glance)
https://docs.openstack.org/glance/train/install/install-rdo.html
[root@yjwang0-stack-01 ~]# mysql -u root -p
Create glance database
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
verify operation
MariaDB [(none)]> SHOW GRANTS FOR 'glance'@'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for glance@localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'glance'@'localhost' IDENTIFIED BY PASSWORD '*1BF3116A5372A85B80F3769F62A5162B482C00EE' |
| GRANT ALL PRIVILEGES ON `glance`.* TO 'glance'@'localhost' |
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
MariaDB [(none)]> SHOW GRANTS FOR 'glance'@'%';
+-------------------------------------------------------------------------------------------------------+
| Grants for glance@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'glance'@'%' IDENTIFIED BY PASSWORD '*1BF3116A5372A85B80F3769F62A5162B482C00EE' |
| GRANT ALL PRIVILEGES ON `glance`.* TO 'glance'@'%' |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
Create glance user
[root@yjwang0-stack-01 ~]# openstack user create --domain default --password-prompt glance
User Password: testtest
Repeat User Password: testtest
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 058c7b9afeac4bdfaede9d4f3f3bedc4 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Add admin role to glance user and service project
[root@yjwang0-stack-01 ~]# openstack role add --project service --user glance admin
Create glance service entity
[root@yjwang0-stack-01 ~]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 993024e1fb0243bfae09da63c9cb2f8e |
| name | glance |
| type | image |
+-------------+----------------------------------+
Create endpoint for glance
[root@yjwang0-stack-01 ~]# openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0b343c39645c46bc9db10a070675d260 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 993024e1fb0243bfae09da63c9cb2f8e |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@yjwang0-stack-01 ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5187cf64b6834beb85d04b4c463eefbf |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 993024e1fb0243bfae09da63c9cb2f8e |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@yjwang0-stack-01 ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e8477c098dac4328aabff7d1b3767f0c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 993024e1fb0243bfae09da63c9cb2f8e |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
Install glance
[root@yjwang0-stack-01 ~]# yum -y install openstack-glance
configure config file
[root@yjwang0-stack-01 ~]# grep -Ev '^$|^#' /etc/glance/glance-api.conf
...
[database]
connection = mysql+pymysql://glance:testtest@controller/glance
...
[glance_store]
tores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
...
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = testtest
...
[paste_deploy]
flavor = keystone
...
Populate the Image service database:
[root@yjwang0-stack-01 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
enable / start
[root@yjwang0-stack-01 ~]# systemctl enable openstack-glance-api.service --now
verify operation
. admin-openrc
Download test image
[root@yjwang0-stack-01 ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
Upload image to glance
glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public
+------------------+----------------------------------------------------------------------------------+
| Property | Value |
+------------------+----------------------------------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2021-02-26T02:49:06Z |
| disk_format | qcow2 |
| id | bcd7ef49-6526-4aa1-bca0-8dc85ab46175 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| os_hash_algo | sha512 |
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
| os_hidden | False |
| owner | 8726932c588c4370898ec0c01d7e0f43 |
| protected | False |
| size | 12716032 |
| status | active |
| tags | [] |
| updated_at | 2021-02-26T02:49:07Z |
| virtual_size | Not available |
| visibility | public |
+------------------+----------------------------------------------------------------------------------+
Check image uploaded
[root@yjwang0-stack-01 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| bcd7ef49-6526-4aa1-bca0-8dc85ab46175 | cirros | active |
+--------------------------------------+--------+--------+
[root@yjwang0-stack-01 ~]# ls -l /var/lib/glance/images/
total 12420
-rw-r-----. 1 glance glance 12716032 Feb 26 02:49 bcd7ef49-6526-4aa1-bca0-8dc85ab46175
Placement service (Placement)
https://docs.openstack.org/placement/train/install/install-rdo.html
controller node
[root@yjwang0-stack-01 ~]# mysql -u root -p
create placement database
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
Grant palcement user to placemenet DB
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
set env
[root@yjwang0-stack-01 ~]# . admin-openrc
Create openstack user
[root@yjwang0-stack-01 ~]# openstack user create --domain default --password-prompt placement
User Password: testtest
Repeat User Password: testtest
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 37621f4a280941f4ab00ad8d9acf3d48 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Add placement user to service project with admin role
[root@yjwang0-stack-01 ~]# openstack role add --project service --user placement admin
Add placemenet service entiry
[root@yjwang0-stack-01 ~]# openstack service create --name placement \
> --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 3e8aab7fa25e48f78af5e96862cd671e |
| name | placement |
| type | placement |
+-------------+----------------------------------+
Create endporints
[root@yjwang0-stack-01 ~]# openstack endpoint create --region RegionOne \
> placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5000bc26c3ae467eae3a107a0f3e4064 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3e8aab7fa25e48f78af5e96862cd671e |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@yjwang0-stack-01 ~]# openstack endpoint create --region RegionOne \
> placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4b80d5c349a843d0a7dcad53c12c8c75 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3e8aab7fa25e48f78af5e96862cd671e |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@yjwang0-stack-01 ~]# openstack endpoint create --region RegionOne \
> placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 04555578efae4811b691cff98c448a9a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3e8aab7fa25e48f78af5e96862cd671e |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
Install component packages
[root@yjwang0-stack-01 ~]# yum -y install openstack-placement-api
config
[root@yjwang0-stack-01 ~]# grep -Ev '^$|^#' /etc/placement/placement.conf
...
[api]
auth_strategy = keystone
...
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = testtest
...
[placement_database]
connection = mysql+pymysql://placement:testtest@controller/placement
...
Populate the placement
database:
Error 메시지는 무시합니다.
[root@yjwang0-stack-01 ~]# su -s /bin/sh -c "placement-manage db sync" placement
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
restart httpd
systemctl restart httpd
verify operation
[root@yjwang0-stack-01 ~]# . admin-openrc
[root@yjwang0-stack-01 ~]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
Compute service (NOVA)
https://docs.openstack.org/nova/train/install/
controller node
[root@yjwang0-stack-01 ~]# mysql -u root -p
Create DB
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.001 sec)
Grant nova user
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
Create nova user
[root@yjwang0-stack-03 ~]# openstack user create --domain default --password-prompt nova
User Password: testtest
Repeat User Password: testtest
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3c9b775e8ad34141b5c40f282690d49d |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Add admin role to nova user
[root@yjwang0-stack-03 ~]# openstack role add --project service --user nova admin
Create nova service entiry
[root@yjwang0-stack-03 ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 3384e74697a64a28bd65ffc2b31cd1d9 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
Create nova endpoint
[root@yjwang0-stack-03 ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f44afcffacaf44ceb69a27a626b66eb9 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3384e74697a64a28bd65ffc2b31cd1d9 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@yjwang0-stack-03 ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2159dda409a440d8bd1d300cb6b7cf7e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3384e74697a64a28bd65ffc2b31cd1d9 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@yjwang0-stack-03 ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 89df3a0c8ba74f1e828c8396ff6670d4 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3384e74697a64a28bd65ffc2b31cd1d9 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
Install component
[root@yjwang0-stack-03 ~]# yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-novncproxy openstack-nova-scheduler
config nova config
[root@yjwang0-stack-03 ~]# grep -Ev '^$|^#' /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:testtest@controller:5672/
my_ip = 10.99.99.22
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:testtest@controller/nova_api
[database]
connection = mysql+pymysql://nova:testtest@controller/nova
[glance]
api_servers = http://controller:9292
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = testtest
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = testtest
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
populate nova-api db
[root@yjwang0-stack-03 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
Register cell0 db
[root@yjwang0-stack-03 ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
Create cell1 cell
[root@yjwang0-stack-03 ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
Populate nova db
[root@yjwang0-stack-03 ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
Verify nova cell0 and cell1 are registered correctly:
[root@yjwang0-stack-03 ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 9ec1412a-fcbd-4e70-9036-b9db5513ccf9 | rabbit://openstack:****@controller:5672/ | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
enable/start
[root@yjwang0-stack-03 ~]# systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service --now
compute node
[root@yjwang0-stack-04 ~]# yum -y install openstack-nova-compute
config nova.conf
아래 command 결과가 0이라면 virtualizing 설정을 bios에서 해주거나 guest vm 이라면 nested vm을 host에서 먼저 설정해야 합니다.
egrep -c '(vmx|svm)' /proc/cpuinfo
[root@yjwang0-stack-04 ~]# grep -Ev '^$|^#' /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:testtest@controller
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
my_ip = 10.99.99.23
[api]
auth_strategy = keystone
[glance]
api_servers = http://controller:9292
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = testtest
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = testtest
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[libvirt]
virt_type = qemu
enable/start
[root@yjwang0-stack-04 ~]# systemctl enable libvirtd.service openstack-nova-compute.service --now
controller node
[root@yjwang0-stack-03 ~]# openstack compute service list --service nova-compute
+----+--------------+------------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+------------------+------+---------+-------+----------------------------+
| 5 | nova-compute | yjwang0-stack-04 | nova | enabled | up | 2021-02-26T06:30:09.000000 |
+----+--------------+------------------+------+---------+-------+----------------------------+
Discover compute node
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
or
nova.conf에서 discover interval 바꿀 수 있음 (on controller node)
[scheduler]
discover_hosts_in_cells_interval = 300
verify operation
[root@yjwang0-stack-03 ~]# openstack compute service list
+----+----------------+------------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | yjwang0-stack-03 | internal | enabled | up | 2021-02-26T06:32:04.000000 |
| 2 | nova-scheduler | yjwang0-stack-03 | internal | enabled | up | 2021-02-26T06:32:05.000000 |
| 5 | nova-compute | yjwang0-stack-04 | nova | enabled | up | 2021-02-26T06:31:59.000000 |
+----+----------------+------------------+----------+---------+-------+----------------------------+
Networking service (Neutron)
https://docs.openstack.org/neutron/train/install/
CentOS : https://docs.openstack.org/neutron/train/install/install-rdo.html
controller node
[root@yjwang0-stack-03 ~]# mysql -u root -p
create neutron db and grant neutron user to neutron db
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
-> IDENTIFIED BY 'testtest';
Query OK, 0 rows affected (0.001 sec)
neutron user create
[root@yjwang0-stack-03 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 088dc0b55d5f499a96c22aadc14a64e5 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Add the admin
role to the neutron
user:
[root@yjwang0-stack-03 ~]# openstack role add --project service --user neutron admin
Create neutron service entity
[root@yjwang0-stack-03 ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 57216141e94943a596214dd73b4abe9a |
| name | neutron |
| type | network |
+-------------+----------------------------------+
Create neutron endpoint
[root@yjwang0-stack-03 ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bded1880736841c09eefbe1c2b9e243e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 57216141e94943a596214dd73b4abe9a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@yjwang0-stack-03 ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9a82c32b7bc44207b3cb1cb762ff128a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 57216141e94943a596214dd73b4abe9a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@yjwang0-stack-03 ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2c81255fb2ad4cd38842daf5289370a5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 57216141e94943a596214dd73b4abe9a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
Use Only Provider Networks
install component
[root@yjwang0-stack-03 ~]# yum -y install openstack-neutron openstack-neutron-ml2 \
> openstack-neutron-linuxbridge ebtables
config neutron.conf
[root@yjwang0-stack-03 ~]# grep -Ev '^$|^#' /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:testtest@controller
uth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = testtest
[database]
connection = mysql+pymysql://neutron:testtest@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = testtest
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
Configure Modular Layer2 plug-in (ML2)
[root@yjwang0-stack-03 ~]# grep -Ev '^$|^#' /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
enable_ipset = true
Configure Linux bridge agent
[root@yjwang0-stack-03 ~]# grep -Ev '^$|^#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Ensure sysctl value is 1
[root@yjwang0-stack-03 ~]# modprobe br_netfilter
[root@yjwang0-stack-03 ~]# sysctl net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 1
[root@yjwang0-stack-03 ~]# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 1
DHCP agent config
[root@yjwang0-stack-03 ~]# grep -Ev '^$|^#' /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
Configure metadata agent
[root@yjwang0-stack-03 ~]# grep -Ev '^$|^#' /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
Configure Compute service to use the Networking service
[root@yjwang0-stack-03 ~]# grep '\[neutron\]' /etc/nova/nova.conf -A 10|grep -vE '^#|^$'
--
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = testtest
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
make symbolic link
[root@yjwang0-stack-03 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
populate database
[root@yjwang0-stack-03 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Restart compute api service
[root@yjwang0-stack-03 ~]# systemctl restart openstack-nova-api.service
enable /start
[root@yjwang0-stack-03 ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service --now
[option] If you use self-service network run below command also (But not me.)
systemctl enable neutron-l3-agent.service --now
compute node
[root@yjwang0-stack-04 ~]# yum -y install openstack-neutron-linuxbridge ebtables ipset
config components
[root@yjwang0-stack-04 ~]# grep -Ev '^$|^#' /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:testtest@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = testtest
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
set bridge agent
[root@yjwang0-stack-04 ~]# grep -Ev '^$|^#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Confirm sysctl value is 1
[root@yjwang0-stack-04 ~]# modprobe br_netfilter
[root@yjwang0-stack-04 ~]# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 1
[root@yjwang0-stack-04 ~]# sysctl net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 1
config nova to use neutron
[root@yjwang0-stack-04 ~]# grep -Ev '^$|^#' /etc/nova/nova.conf |grep '\[neutron\]' -A 8
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = testtest
Restart nova service and enable bridge agent
[root@yjwang0-stack-04 ~]# systemctl restart openstack-nova-compute.service
[root@yjwang0-stack-04 ~]# systemctl enable neutron-linuxbridge-agent.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
controller node
Create provider network
[root@yjwang0-stack-03 ~]# openstack network create --share --external \
> --provider-physical-network provider \
> --provider-network-type flat provider
Create subnet on provider network
openstack subnet create --network provider \
--allocation-pool start=10.99.58.50,end=10.99.58.100 \
--dns-nameserver 8.8.8.8 --gateway 10.99.58.1 \
--subnet-range 10.99.58.0/24 provider
verify provider network
[root@yjwang0-stack-03 ~]# openstack network agent list
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
| 17866c73-f789-4a4a-96c1-5b4cd0b20290 | Linux bridge agent | yjwang0-stack-04 | None | :-) | UP | neutron-linuxbridge-agent |
| b3cb0bbe-5940-4d8c-9962-74618a3c4e02 | DHCP agent | yjwang0-stack-03 | nova | :-) | UP | neutron-dhcp-agent |
| c5f9d7c8-9587-49bf-a356-c6a03e69c623 | Linux bridge agent | yjwang0-stack-03 | None | :-) | UP | neutron-linuxbridge-agent |
| fe7a30b0-20ee-41b7-ba73-4e63b913e88e | Metadata agent | yjwang0-stack-03 | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
Create test VM
controller node
use demo-openrc
[root@yjwang0-stack-03 ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=testtest
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
set env
. ./demo-open
create flavor
[root@yjwang0-stack-03 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
create keypair
[root@yjwang0-stack-03 ~]# ssh-keygen -q -N "" -f /root/.ssh/id_rsa
[root@yjwang0-stack-03 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 85:53:a0:62:f6:35:6a:6e:1a:8e:e6:83:eb:79:ac:88 |
| name | mykey |
| user_id | 3a56c8ab85b14079932a9db9f3ed1117 |
+-------------+-------------------------------------------------+
verify key
[root@yjwang0-stack-03 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 85:53:a0:62:f6:35:6a:6e:1a:8e:e6:83:eb:79:ac:88 |
+-------+-------------------------------------------------+
Add security group rules
permit icmp
[root@yjwang0-stack-03 ~]# openstack security group rule create --proto icmp default
permit ssh/tcp
[root@yjwang0-stack-03 ~]# openstack security group rule create --proto tcp --dst-port 22 default
create VM
openstack server create --flavor m1.nano --image cirros \
--security-group default \
--key-name mykey provider-instance
verify created server
[root@yjwang0-stack-03 ~]# openstack server list
+--------------------------------------+-------------------+--------+----------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+----------+--------+---------+
| bd3613c1-ca54-404a-b65f-9285ccae024b | provider-instance | ERROR | | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------+--------+---------+
아래 [Trouble Shooting](#Trouble Shooting) 참조 후 VM
다시 생성한다.
[root@yjwang0-stack-03 ~]# openstack server delete provider-instance
[root@yjwang0-stack-03 ~]# openstack server create --flavor m1.nano --image cirros \
> --security-group default \
> --key-name mykey provider-instance
[root@yjwang0-stack-03 ~]# openstack server list
+--------------------------------------+-------------------+--------+----------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+----------------------+--------+---------+
| 613c7cf4-1c1a-4081-a68f-d8d863839f39 | provider-instance | ACTIVE | provider=10.99.58.93 | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------------------+--------+---------+
Check Server status
[root@yjwang0-stack-03 ~]# ip netns exec qdhcp-527c0697-e1be-47e5-b2d7-4d6282018667 ping 10.99.58.93
PING 10.99.58.93 (10.99.58.93) 56(84) bytes of data.
64 bytes from 10.99.58.93: icmp_seq=1 ttl=64 time=10.4 ms
Trouble Shooting
ERROR
https://ask.openstack.org/en/question/122313/on-stein-nova-status-upgrade-check-check-failed/
[root@yjwang0-stack-03 ~]# vim /var/log/nova/nova-scheduler.log
2021-02-26 07:37:48.326 10898 WARNING keystoneauth.discover [req-cf7ab244-2e3f-4df6-aad8-17a4c2b46ce2 a24b66d9a4b0419bbba17512e2a2cf7a 3da82705221d443d837ed43d405c2cee - default default] Failed to contact the endpoint at http://controller:8778 for discovery. Fallback to using that endpoint as the base url.: Forbidden: Forbidden (HTTP 403)
config permission
[root@yjwang0-stack-03 ~]# cat /etc/httpd/conf.d/00-placement-api.conf
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess placement-api processes=3 threads=1 user=placement group=placement
WSGIScriptAlias / /usr/bin/placement-api
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/placement/placement-api.log
#SSLEngine On
#SSLCertificateFile ...
#SSLCertificateKeyFile ...
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /placement-api /usr/bin/placement-api
<Location /placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
restart service
systemctl restart httpd
Openstack command completion
[root@yjwang0-stack-03 ~]# yum -y install bash-completion
[root@yjwang0-stack-03 ~]# openstack complete > /etc/bash_completion.d/osc
[재접속]
Addtional Component
Dashboard (Horizon)
https://docs.openstack.org/horizon/train/install/
controller node
[root@yjwang0-stack-03 ~]# yum -y install openstack-dashboard
config dashboard setting
[root@yjwang0-stack-03 ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
...
ALLOWED_HOSTS = ['*']
...
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
...
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
...
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
...
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
...
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
...
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
...
WEBROOT = '/dashboard/'
dashboard httpd conf
[root@yjwang0-stack-03 ~]# cat /etc/httpd/conf.d/openstack-dashboard.conf |grep GLOBAL
WSGIApplicationGroup %{GLOBAL}
restart services
[root@yjwang0-stack-03 ~]# systemctl restart httpd.service memcached.service
verify web admin
http://server-ip.com/dashboard
default / admin / testtest